diff --git a/en/handbook/advanced-networking/chapter.sgml b/en/handbook/advanced-networking/chapter.sgml
index 99ca9d0f2c..a5ed9584f2 100644
--- a/en/handbook/advanced-networking/chapter.sgml
+++ b/en/handbook/advanced-networking/chapter.sgml
@@ -1,934 +1,934 @@
Advanced NetworkingGateways and RoutesContributed by &a.gryphon;. 6 October
1995.For one machine to be able to find another, there must be a
mechanism in place to describe how to get from one to the other. This is
called Routing. A “route” is a defined pair of addresses: a
“destination” and a “gateway”. The pair
indicates that if you are trying to get to this
destination, send along through this
gateway. There are three types of destinations:
individual hosts, subnets, and “default”. The
“default route” is used if none of the other routes apply.
We will talk a little bit more about default routes later on. There are
also three types of gateways: individual hosts, interfaces (also called
“links”), and ethernet hardware addresses.An exampleTo illustrate different aspects of routing, we will use the
following example which is the output of the command netstat
-r:Destination Gateway Flags Refs Use Netif Expire
default outside-gw UGSc 37 418 ppp0
localhost localhost UH 0 181 lo0
test0 0:e0:b5:36:cf:4f UHLW 5 63288 ed0 77
10.20.30.255 link#1 UHLW 1 2421
foobar.com link#1 UC 0 0
host1 0:e0:a8:37:8:1e UHLW 3 4601 lo0
host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
host2.foobar.com link#1 UC 0 0
224 link#1 UC 0 0The first two lines specify the default route (which we will cover
in the next section) and the localhost route.The interface (Netif column) that it specifies
to use for localhost is
lo0, also known as the loopback device. This
says to keep all traffic for this destination internal, rather than
sending it out over the LAN, since it will only end up back where it
started anyway.The next thing that stands out are the 0:e0:... addresses. These are ethernet hardware
addresses. FreeBSD will automatically identify any hosts
(test0 in the example) on the local ethernet and add
a route for that host, directly to it over the ethernet interface,
ed0. There is also a timeout
(Expire column) associated with this type of route,
which is used if we fail to hear from the host in a specific amount of
time. In this case the route will be automatically deleted. These
hosts are identified using a mechanism known as RIP (Routing
Information Protocol), which figures out routes to local hosts based
upon a shortest path determination.FreeBSD will also add subnet routes for the local subnet (10.20.30.255 is the broadcast address for the
subnet 10.20.30, and foobar.com is the domain name associated
with that subnet). The designation link#1 refers
to the first ethernet card in the machine. You will notice no
additional interface is specified for those.Both of these groups (local network hosts and local subnets) have
their routes automatically configured by a daemon called
routed. If this is not run, then only routes which
are statically defined (ie. entered explicitly) will exist.The host1 line refers to our host, which it
knows by ethernet address. Since we are the sending host, FreeBSD
knows to use the loopback interface (lo0)
rather than sending it out over the ethernet interface.The two host2 lines are an example of what
happens when we use an ifconfig alias (see the section of ethernet for
reasons why we would do this). The => symbol
after the lo0 interface says that not only
are we using the loopback (since this is address also refers to the
local host), but specifically it is an alias. Such routes only show
up on the host that supports the alias; all other hosts on the local
network will simply have a link#1 line for
such.The final line (destination subnet 224) deals
with MultiCasting, which will be covered in a another section.The other column that we should talk about are the
Flags. Each route has different attributes that
are described in the column. Below is a short table of some of these
flags and their meanings:UUp: The route is active.HHost: The route destination is a single host.GGateway: Send anything for this destination on to this
remote system, which will figure out from there where to send
it.SStatic: This route was configured manually, not
automatically generated by the system.CClone: Generates a new route based upon this route for
machines we connect to. This type of route is normally used
for local networks.WWasCloned: Indicated a route that was auto-configured
based upon a local area network (Clone) route.LLink: Route involves references to ethernet
hardware.Default routesWhen the local system needs to make a connection to remote host,
it checks the routing table to determine if a known path exists. If
the remote host falls into a subnet that we know how to reach (Cloned
routes), then the system checks to see if it can connect along that
interface.If all known paths fail, the system has one last option: the
“default” route. This route is a special type of gateway
route (usually the only one present in the system), and is always
marked with a c in the flags field. For hosts on a
local area network, this gateway is set to whatever machine has a
direct connection to the outside world (whether via PPP link, or your
hardware device attached to a dedicated data line).If you are configuring the default route for a machine which
itself is functioning as the gateway to the outside world, then the
default route will be the gateway machine at your Internet Service
Provider's (ISP) site.Let us look at an example of default routes. This is a common
configuration:
[Local2] <--ether--> [Local1] <--PPP--> [ISP-Serv] <--ether--> [T1-GW]
The hosts Local1 and Local2 are
at your site, with the formed being your PPP connection to your ISP's
Terminal Server. Your ISP has a local network at their site, which
has, among other things, the server where you connect and a hardware
device (T1-GW) attached to the ISP's Internet feed.The default routes for each of your machines will be:hostdefault gatewayinterfaceLocal2Local1ethernetLocal1T1-GWPPPA common question is “Why (or how) would we set the T1-GW to
be the default gateway for Local1, rather than the ISP server it is
connected to?”.Remember, since the PPP interface is using an address on the ISP's
local network for your side of the connection, routes for any other
machines on the ISP's local network will be automatically generated.
Hence, you will already know how to reach the T1-GW machine, so there
is no need for the intermediate step of sending traffic to the ISP
server.As a final note, it is common to use the address ...1 as the gateway address for your local
network. So (using the same example), if your local class-C address
space was 10.20.30 and your ISP was
using 10.9.9 then the default routes
would be:
Local2 (10.20.30.2) --> Local1 (10.20.30.1)
Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1)
Dual homed hostsThere is one other type of configuration that we should cover, and
that is a host that sits on two different networks. Technically, any
machine functioning as a gateway (in the example above, using a PPP
connection) counts as a dual-homed host. But the term is really only
used to refer to a machine that sits on two local-area
networks.In one case, the machine as two ethernet cards, each having an
address on the separate subnets. Alternately, the machine may only
have one ethernet card, and be using ifconfig aliasing. The former is
used if two physically separate ethernet networks are in use, the
latter if there is one physical network segment, but two logically
separate subnets.Either way, routing tables are set up so that each subnet knows
that this machine is the defined gateway (inbound route) to the other
subnet. This configuration, with the machine acting as a Bridge
between the two subnets, is often used when we need to implement
packet filtering or firewall security in either or both
directions.Routing propagationWe have already talked about how we define our routes to the
outside world, but not about how the outside world finds us.We already know that routing tables can be set up so that all
traffic for a particular address space (in our examples, a class-C
subnet) can be sent to a particular host on that network, which will
forward the packets inbound.When you get an address space assigned to your site, your service
provider will set up their routing tables so that all traffic for your
subnet will be sent down your PPP link to your site. But how do sites
across the country know to send to your ISP?There is a system (much like the distributed DNS information) that
keeps track of all assigned address-spaces, and defines their point of
connection to the Internet Backbone. The “Backbone” are
the main trunk lines that carry Internet traffic across the country,
and around the world. Each backbone machine has a copy of a master
set of tables, which direct traffic for a particular network to a
specific backbone carrier, and from there down the chain of service
providers until it reaches your network.It is the task of your service provider to advertise to the
backbone sites that they are the point of connection (and thus the
path inward) for your site. This is known as route
propagation.TroubleshootingSometimes, there is a problem with routing propagation, and some
sites are unable to connect to you. Perhaps the most useful command
for trying to figure out where a routing is breaking down is the
&man.traceroute.8; command. It is equally useful if you cannot seem
to make a connection to a remote machine (i.e. &man.ping.8;
fails).The &man.traceroute.8; command is run with the name of the remote
host you are trying to connect to. It will show the gateway hosts
along the path of the attempt, eventually either reaching the target
host, or terminating because of a lack of connection.For more information, see the manual page for
&man.traceroute.8;.NFSContributed by &a.jlind;.Certain Ethernet adapters for ISA PC systems have limitations which
can lead to serious network problems, particularly with NFS. This
difficulty is not specific to FreeBSD, but FreeBSD systems are affected
by it.The problem nearly always occurs when (FreeBSD) PC systems are
networked with high-performance workstations, such as those made by
Silicon Graphics, Inc., and Sun Microsystems, Inc. The NFS mount will
work fine, and some operations may succeed, but suddenly the server will
seem to become unresponsive to the client, even though requests to and
from other systems continue to be processed. This happens to the client
system, whether the client is the FreeBSD system or the workstation. On
many systems, there is no way to shut down the client gracefully once
this problem has manifested itself. The only solution is often to reset
the client, because the NFS situation cannot be resolved.Though the “correct” solution is to get a higher
performance and capacity Ethernet adapter for the FreeBSD system, there
is a simple workaround that will allow satisfactory operation. If the
FreeBSD system is the server, include the option
on the mount from the client. If the FreeBSD
system is the client, then mount the NFS file
system with the option . These options may be
specified using the fourth field of the fstab entry
on the client for automatic mounts, or by using the
parameter of the mount command for manual mounts.It should be noted that there is a different problem, sometimes
mistaken for this one, when the NFS servers and clients are on different
networks. If that is the case, make certain that
your routers are routing the necessary UDP information, or you will not
get anywhere, no matter what else you are doing.In the following examples, fastws is the host
(interface) name of a high-performance workstation, and
freebox is the host (interface) name of a FreeBSD
system with a lower-performance Ethernet adapter. Also,
/sharedfs will be the exported NFS filesystem (see
man exports), and /project will
be the mount point on the client for the exported file system. In all
cases, note that additional options, such as or
and may be desirable in your
application.Examples for the FreeBSD system (freebox) as the
client: in /etc/fstab on freebox:
fastws:/sharedfs /project nfs rw,-r=1024 0 0As a manual mount command on freebox:&prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /projectExamples for the FreeBSD system as the server: in
/etc/fstab on fastws:
freebox:/sharedfs /project nfs rw,-w=1024 0 0As a manual mount command on fastws:&prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /projectNearly any 16-bit Ethernet adapter will allow operation without the
above restrictions on the read or write size.For anyone who cares, here is what happens when the failure occurs,
which also explains why it is unrecoverable. NFS typically works with a
“block” size of 8k (though it may do fragments of smaller
sizes). Since the maximum Ethernet packet is around 1500 bytes, the NFS
“block” gets split into multiple Ethernet packets, even
though it is still a single unit to the upper-level code, and must be
received, assembled, and acknowledged as a unit.
The high-performance workstations can pump out the packets which
comprise the NFS unit one right after the other, just as close together
as the standard allows. On the smaller, lower capacity cards, the later
packets overrun the earlier packets of the same unit before they can be
transferred to the host and the unit as a whole cannot be reconstructed
or acknowledged. As a result, the workstation will time out and try
again, but it will try again with the entire 8K unit, and the process
will be repeated, ad infinitum.By keeping the unit size below the Ethernet packet size limitation,
we ensure that any complete Ethernet packet received can be acknowledged
individually, avoiding the deadlock situation.Overruns may still occur when a high-performance workstations is
slamming data out to a PC system, but with the better cards, such
overruns are not guaranteed on NFS “units”. When an overrun
occurs, the units affected will be retransmitted, and there will be a
fair chance that they will be received, assembled, and
acknowledged.Diskless OperationContributed by &a.martin;.netboot.com/netboot.rom
allow you to boot your FreeBSD machine over the network and run FreeBSD
without having a disk on your client. Under 2.0 it is now possible to
have local swap. Swapping over NFS is also still supported.Supported Ethernet cards include: Western Digital/SMC 8003, 8013,
8216 and compatibles; NE1000/NE2000 and compatibles (requires
recompile)Setup InstructionsFind a machine that will be your server. This machine will
require enough disk space to hold the FreeBSD 2.0 binaries and
have bootp, tftp and NFS services available. Tested
machines:HP9000/8xx running HP-UX 9.04 or later (pre 9.04 doesn't
work)Sun/Solaris 2.3. (you may need to get bootp)Set up a bootp server to provide the client with IP, gateway,
netmask.
diskless:\
:ht=ether:\
:ha=0000c01f848a:\
:sm=255.255.255.0:\
:hn:\
:ds=192.1.2.3:\
:ip=192.1.2.4:\
:gw=192.1.2.5:\
:vm=rfc1048:Set up a TFTP server (on same machine as bootp server) to
provide booting information to client. The name of this file is
cfg.X.X.X.X (or
/tftpboot/cfg.X.X.X.X,
it will try both) where X.X.X.X is the
IP address of the client. The contents of this file can be any
valid netboot commands. Under 2.0, netboot has the following
commands:helpprint help listip
print/set client's IP addressserver
print/set bootp/tftp server addressnetmask
print/set netmaskhostname nameprint/set hostnamekernel
print/set kernel namerootfs
print/set root filesystemswapfs
print/set swap filesystemswapsize
set diskless swapsize in Kbytesdiskbootboot from diskautobootcontinue boot processtrans
|turn transceiver on|offflags
set boot flagsA typical completely diskless cfg file might contain:
rootfs 192.1.2.3:/rootfs/myclient
swapfs 192.1.2.3:/swapfs
swapsize 20000
hostname myclient.mydomainA cfg file for a machine with local swap might contain:
rootfs 192.1.2.3:/rootfs/myclient
hostname myclient.mydomainEnsure that your NFS server has exported the root (and swap if
applicable) filesystems to your client, and that the client has
root access to these filesystems A typical
/etc/exports file on FreeBSD might look
like:
/rootfs/myclient -maproot=0:0 myclient.mydomain
/swapfs -maproot=0:0 myclient.mydomainAnd on HP-UX:
/rootfs/myclient -root=myclient.mydomain
/swapfs -root=myclient.mydomainIf you are swapping over NFS (completely diskless
configuration) create a swap file for your client using
dd. If your swapfs command
has the arguments /swapfs and the size 20000
as in the example above, the swapfile for myclient will be called
/swapfs/swap.X.X.X.X
where X.X.X.X is the client's IP addr,
eg:&prompt.root; dd if=/dev/zero of=/swapfs/swap.192.1.2.4 bs=1k count=20000Also, the client's swap space might contain sensitive
information once swapping starts, so make sure to restrict read
and write access to this file to prevent unauthorized
access:&prompt.root; chmod 0600 /swapfs/swap.192.1.2.4Unpack the root filesystem in the directory the client will
use for its root filesystem (/rootfs/myclient
in the example above).On HP-UX systems: The server should be running HP-UX 9.04
or later for HP9000/800 series machines. Prior versions do not
allow the creation of device files over NFS.When extracting /dev in
/rootfs/myclient, beware that some
systems (HPUX) will not create device files that FreeBSD is
happy with. You may have to go to single user mode on the
first bootup (press control-c during the bootup phase), cd
/dev and do a sh ./MAKEDEV
all from the client to fix this.Run netboot.com on the client or make an
EPROM from the netboot.rom fileUsing Shared / and /usr
filesystemsAt present there isn't an officially sanctioned way of doing this,
although I have been using a shared /usr
filesystem and individual / filesystems for each
client. If anyone has any suggestions on how to do this cleanly,
please let me and/or the &a.core; know.Compiling netboot for specific setupsNetboot can be compiled to support NE1000/2000 cards by changing
the configuration in
/sys/i386/boot/netboot/Makefile. See the
comments at the top of this file.ISDNLast modified by &a.wlloyd;.A good resource for information on ISDN technology and hardware is
Dan Kegel's ISDN
Page.A quick simple roadmap to ISDN follows:If you live in Europe I suggest you investigate the ISDN card
section.If you are planning to use ISDN primarily to connect to the
Internet with an Internet Provider on a dialup non-dedicated basis,
I suggest you look into Terminal Adapters. This will give you the
most flexibility, with the fewest problems, if you change
providers.If you are connecting two lans together, or connecting to the
Internet with a dedicated ISDN connection, I suggest you consider
the stand alone router/bridge option.Cost is a significant factor in determining what solution you will
choose. The following options are listed from least expensive to most
expensive.ISDN CardsContributed by &a.hm;.This section is really only relevant to ISDN users in countries
where the DSS1/Q.931 ISDN standard is supported.Some growing number of PC ISDN cards are supported under FreeBSD
2.2.x and up by the isdn4bsd driver package. It is still under
development but the reports show that it is successfully used all over
Europe.The latest isdn4bsd version is available from ftp://isdn4bsd@ftp.consol.de/pub/,
the main isdn4bsd ftp site (you have to log in as user
isdn4bsd , give your mail address as the password
and change to the pub directory. Anonymous ftp
as user ftp or anonymous
will not give the desired result).Isdn4bsd allows you to connect to other ISDN routers using either
IP over raw HDLC or by using synchronous PPP. A telephone answering
machine application is also available.Many ISDN PC cards are supported, mostly the ones with a Siemens
ISDN chipset (ISAC/HSCX), support for other chipsets (from Motorola,
Cologne Chip Designs) is currently under development. For an
up-to-date list of supported cards, please have a look at the README
file.In case you are interested in adding support for a different ISDN
protocol, a currently unsupported ISDN PC card or otherwise enhancing
isdn4bsd, please get in touch with hm@kts.org.A majordomo maintained mailing list is available. To join the
list, send mail to majordomo@FreeBSD.ORG and
specify:
subscribe freebsd-isdnin the body of your message.ISDN Terminal AdaptersTerminal adapters(TA), are to ISDN what modems are to regular
phone lines.Most TA's use the standard hayes modem AT command set, and can be
used as a drop in replacement for a modem.A TA will operate basically the same as a modem except connection
and throughput speeds will be much faster than your old modem. You
will need to configure PPP exactly the same
as for a modem setup. Make sure you set your serial speed as high as
possible.The main advantage of using a TA to connect to an Internet
Provider is that you can do Dynamic PPP. As IP address space becomes
more and more scarce, most providers are not willing to provide you
with a static IP anymore. Most standalone routers are not able to
accommodate dynamic IP allocation.TA's completely rely on the PPP daemon that you are running for
their features and stability of connection. This allows you to
upgrade easily from using a modem to ISDN on a FreeBSD machine, if you
already have PPP setup. However, at the same time any problems you
experienced with the PPP program and are going to persist.If you want maximum stability, use the kernel PPP option, not the user-land iijPPP.The following TA's are know to work with FreeBSD.Motorola BitSurfer and Bitsurfer ProAdtranMost other TA's will probably work as well, TA vendors try to make
sure their product can accept most of the standard modem AT command
set.The real problem with external TA's is like modems you need a good
serial card in your computer.You should read the serial ports
section in the handbook for a detailed understanding of serial
devices, and the differences between asynchronous and synchronous
serial ports.A TA running off a standard PC serial port (asynchronous) limits
you to 115.2Kbs, even though you have a 128Kbs connection. To fully
utilize the 128Kbs that ISDN is capable of, you must move the TA to a
synchronous serial card.Do not be fooled into buying an internal TA and thinking you have
avoided the synchronous/asynchronous issue. Internal TA's simply have
a standard PC serial port chip built into them. All this will do, is
save you having to buy another serial cable, and find another empty
electrical socket.A synchronous card with a TA is at least as fast as a standalone
router, and with a simple 386 FreeBSD box driving it, probably more
flexible.The choice of sync/TA vs standalone router is largely a religious
issue. There has been some discussion of this in the mailing lists.
I suggest you search the archives for the
+ URL="http://www.FreeBSD.org/search.html">archives for the
complete discussion.Standalone ISDN Bridges/RoutersISDN bridges or routers are not at all specific to FreeBSD or any
other operating system. For a more complete description of routing
and bridging technology, please refer to a Networking reference
book.In the context of this page, I will use router and bridge
interchangeably.As the cost of low end ISDN routers/bridges comes down, it will
likely become a more and more popular choice. An ISDN router is a
small box that plugs directly into your local Ethernet network(or
card), and manages its own connection to the other bridge/router. It
has all the software to do PPP and other protocols built in.A router will allow you much faster throughput that a standard TA,
since it will be using a full synchronous ISDN connection.The main problem with ISDN routers and bridges is that
interoperability between manufacturers can still be a problem. If you
are planning to connect to an Internet provider, I recommend that you
discuss your needs with them.If you are planning to connect two lan segments together, ie: home
lan to the office lan, this is the simplest lowest maintenance
solution. Since you are buying the equipment for both sides of the
connection you can be assured that the link will work.For example to connect a home computer or branch office network to
a head office network the following setup could be used.Branch office or Home networkNetwork is 10 Base T Ethernet. Connect router to network cable
with AUI/10BT transceiver, if necessary.
---Sun workstation
|
---FreeBSD box
|
---Windows 95 (Do not admit to owning it)
|
Standalone router
|
ISDN BRI lineIf your home/branch office is only one computer you can use a
twisted pair crossover cable to connect to the standalone router
directly.Head office or other lanNetwork is Twisted Pair Ethernet.
-------Novell Server
| H |
| ---Sun
| |
| U ---FreeBSD
| |
| ---Windows 95
| B |
|___---Standalone router
|
ISDN BRI lineOne large advantage of most routers/bridges is that they allow you
to have 2 separate independent PPP connections to
2 separate sites at the same time. This is not
supported on most TA's, except for specific(expensive) models that
have two serial ports. Do not confuse this with channel bonding, MPP
etc.This can be very useful feature, for example if you have an
dedicated internet ISDN connection at your office and would like to
tap into it, but don't want to get another ISDN line at work. A router
at the office location can manage a dedicated B channel connection
(64Kbs) to the internet, as well as a use the other B channel for a
separate data connection. The second B channel can be used for
dialin, dialout or dynamically bond(MPP etc.) with the first B channel
for more bandwidth.An Ethernet bridge will also allow you to transmit more than just
IP traffic, you can also send IPX/SPX or whatever other protocols you
use.
diff --git a/en/handbook/bibliography/chapter.sgml b/en/handbook/bibliography/chapter.sgml
index aeeab83424..b11aa28161 100644
--- a/en/handbook/bibliography/chapter.sgml
+++ b/en/handbook/bibliography/chapter.sgml
@@ -1,478 +1,478 @@
BibliographyWhile the manual pages provide the definitive reference for individual
pieces of the FreeBSD operating system, they are notorious for not
illustrating how to put the pieces together to make the whole operating
system run smoothly. For this, there is no substitute for a good book on
UNIX system administration and a good users' manual.Books & Magazines Specific to FreeBSDInternational books &
Magazines:Using
FreeBSD (in Chinese).FreeBSD for PC 98'ers (in Japanese), published by SHUWA System
Co, LTD. ISBN 4-87966-468-5 C3055 P2900E.FreeBSD (in Japanese), published by CUTT. ISBN 4-906391-22-2
C3055 P2400E.Complete Introduction to FreeBSD (in Japanese), published by Shoeisha Co., Ltd. ISBN 4-88135-473-6 P3600E.Personal UNIX Starter Kit FreeBSD (in Japanese), published by ASCII. ISBN 4-7561-1733-3 P3000E.FreeBSD Handbook (Japanese translation), published by ASCII. ISBN 4-7561-1580-2
P3800E.FreeBSD mit Methode (in German), published by Computer und
Literatur Verlag/Vertrieb Hanser, 1998. ISBN 3-932311-31-0.FreeBSD Install and Utilization Manual (in Japanese), published by Mainichi Communications Inc..English language books & Magazines:The
Complete FreeBSD, published by Walnut Creek CDROM.Users' GuidesComputer Systems Research Group, UC Berkeley. 4.4BSD
User's Reference Manual. O'Reilly & Associates,
Inc., 1994. ISBN 1-56592-075-9Computer Systems Research Group, UC Berkeley. 4.4BSD
User's Supplementary Documents. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-076-7UNIX in a Nutshell. O'Reilly &
Associates, Inc., 1990. ISBN 093717520XMui, Linda. What You Need To Know When You Can't Find
Your UNIX System Administrator. O'Reilly &
Associates, Inc., 1995. ISBN 1-56592-104-6Ohio State
University has written a UNIX
Introductory Course which is available online in HTML and
postscript format.Jpman Project, Japan
FreeBSD Users Group. FreeBSD User's
Reference Manual (Japanese translation). Mainichi Communications
Inc., 1998. ISBN4-8399-0088-4 P3800E.Administrators' GuidesAlbitz, Paul and Liu, Cricket. DNS and
BIND, 2nd Ed. O'Reilly & Associates, Inc., 1997.
ISBN 1-56592-236-0Computer Systems Research Group, UC Berkeley. 4.4BSD
System Manager's Manual. O'Reilly & Associates,
Inc., 1994. ISBN 1-56592-080-5Costales, Brian, et al. Sendmail, 2nd Ed.
O'Reilly & Associates, Inc., 1997. ISBN 1-56592-222-0Frisch, Æleen. Essential System
Administration, 2nd Ed. O'Reilly & Associates,
Inc., 1995. ISBN 1-56592-127-5Hunt, Craig. TCP/IP Network
Administration. O'Reilly & Associates, Inc., 1992.
ISBN 0-937175-82-XNemeth, Evi. UNIX System Administration
Handbook. 2nd Ed. Prentice Hall, 1995. ISBN
0131510517Stern, Hal Managing NFS and NIS O'Reilly
& Associates, Inc., 1991. ISBN 0-937175-75-7Jpman Project, Japan
FreeBSD Users Group. FreeBSD System
Administrator's Manual (Japanese translation). Mainichi Communications
Inc., 1998. ISBN4-8399-0109-0 P3300E.Programmers' GuidesAsente, Paul. X Window System Toolkit.
Digital Press. ISBN 1-55558-051-3Computer Systems Research Group, UC Berkeley. 4.4BSD
Programmer's Reference Manual. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-078-3Computer Systems Research Group, UC Berkeley. 4.4BSD
Programmer's Supplementary Documents. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-079-1Harbison, Samuel P. and Steele, Guy L. Jr. C: A
Reference Manual. 4rd ed. Prentice Hall, 1995.
ISBN 0-13-326224-3Kernighan, Brian and Dennis M. Ritchie. The C
Programming Language.. PTR Prentice Hall, 1988.
ISBN 0-13-110362-9Lehey, Greg. Porting UNIX Software.
O'Reilly & Associates, Inc., 1995. ISBN 1-56592-126-7Plauger, P. J. The Standard C Library.
Prentice Hall, 1992. ISBN 0-13-131509-9Stevens, W. Richard. Advanced Programming in the UNIX
Environment. Reading, Mass. : Addison-Wesley, 1992
ISBN 0-201-56317-7Stevens, W. Richard. UNIX Network
Programming. 2nd Ed, PTR Prentice Hall, 1998. ISBN
0-13-490012-XWells, Bill. “Writing Serial Drivers for UNIX”.
Dr. Dobb's Journal. 19(15), December 1994.
pp68-71, 97-99.Operating System InternalsAndleigh, Prabhat K. UNIX System
Architecture. Prentice-Hall, Inc., 1990. ISBN
0-13-949843-5Jolitz, William. “Porting UNIX to the 386”.
Dr. Dobb's Journal. January 1991-July
1992.Leffler, Samuel J., Marshall Kirk McKusick, Michael J Karels and
John Quarterman The Design and Implementation of the
4.3BSD UNIX Operating System. Reading, Mass. :
Addison-Wesley, 1989. ISBN 0-201-06196-1Leffler, Samuel J., Marshall Kirk McKusick, The Design
and Implementation of the 4.3BSD UNIX Operating System: Answer
Book. Reading, Mass. : Addison-Wesley, 1991. ISBN
0-201-54629-9McKusick, Marshall Kirk, Keith Bostic, Michael J Karels, and
John Quarterman. The Design and Implementation of the
4.4BSD Operating System. Reading, Mass. :
Addison-Wesley, 1996. ISBN 0-201-54979-4Stevens, W. Richard. TCP/IP Illustrated, Volume 1:
The Protocols. Reading, Mass. : Addison-Wesley,
1996. ISBN 0-201-63346-9Schimmel, Curt. Unix Systems for Modern
Architectures. Reading, Mass. : Addison-Wesley, 1994.
ISBN 0-201-63338-8Stevens, W. Richard. TCP/IP Illustrated, Volume 3:
TCP for Transactions, HTTP, NNTP and the UNIX Domain
Protocols. Reading, Mass. : Addison-Wesley, 1996.
ISBN 0-201-63495-3Vahalia, Uresh. UNIX Internals -- The New
Frontiers. Prentice Hall, 1996. ISBN
0-13-101908-2Wright, Gary R. and W. Richard Stevens. TCP/IP
Illustrated, Volume 2: The Implementation. Reading,
Mass. : Addison-Wesley, 1995. ISBN 0-201-63354-XSecurity ReferenceCheswick, William R. and Steven M. Bellovin. Firewalls
and Internet Security: Repelling the Wily Hacker.
Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-63357-4Garfinkel, Simson and Gene Spafford. Practical UNIX
Security. 2nd Ed. O'Reilly & Associates, Inc.,
1996. ISBN 1-56592-148-8Garfinkel, Simson. PGP Pretty Good
Privacy O'Reilly & Associates, Inc., 1995. ISBN
1-56592-098-8Hardware ReferenceAnderson, Don and Tom Shanley. Pentium Processor
System Architecture. 2nd Ed. Reading, Mass. :
Addison-Wesley, 1995. ISBN 0-201-40992-5Ferraro, Richard F. Programmer's Guide to the EGA,
VGA, and Super VGA Cards. 3rd ed. Reading, Mass. :
Addison-Wesley, 1995. ISBN 0-201-62490-7Intel Corporation publishes documentation on their CPUs,
chipsets and standards on their developer web site,
usually as PDF files.Shanley, Tom. 80486 System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40994-1Shanley, Tom. ISA System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40996-8Shanley, Tom. PCI System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40993-3Van Gilluwe, Frank. The Undocumented PC.
Reading, Mass: Addison-Wesley Pub. Co., 1994. ISBN
0-201-62277-7UNIX HistoryLion, John Lion's Commentary on UNIX, 6th Ed. With
Source Code. ITP Media Group, 1996. ISBN
1573980137Raymond, Eric S. The New Hacker's Dictonary, 3rd
edition. MIT Press, 1996. ISBN
0-262-68092-0. Also known as the Jargon
FileSalus, Peter H. A quarter century of UNIX.
Addison-Wesley Publishing Company, Inc., 1994. ISBN
0-201-54777-5Simon Garfinkel, Daniel Weise, Steven Strassmann. The
UNIX-HATERS Handbook. IDG Books Worldwide, Inc.,
1994. ISBN 1-56884-203-1Don Libes, Sandy Ressler Life with UNIX
— special edition. Prentice-Hall, Inc., 1989. ISBN
0-13-536657-7The BSD family tree. 1997. ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree or local on a FreeBSD-current machine.
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree">ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree or local on a FreeBSD-current machine.
The BSD Release Announcements collection.
1997. http://www.de.FreeBSD.ORG/de/ftp/releases/Networked Computer Science Technical Reports
Library. http://www.ncstrl.org/Old BSD releases from the Computer Systems Research
group (CSRG). http://www.mckusick.com/csrg/:
The 4CD set covers all BSD versions from 1BSD to 4.4BSD and
4.4BSD-Lite2 (but not 2.11BSD, unfortunately). As well, the last
disk holds the final sources plus the SCCS files.Magazines and JournalsThe C/C++ Users Journal. R&D
Publications Inc. ISSN 1075-2838Sys Admin — The Journal for UNIX System
Administrators Miller Freeman, Inc., ISSN
1061-2688
diff --git a/en/handbook/cutting-edge/chapter.sgml b/en/handbook/cutting-edge/chapter.sgml
index 0656e10e25..d8899c558b 100644
--- a/en/handbook/cutting-edge/chapter.sgml
+++ b/en/handbook/cutting-edge/chapter.sgml
@@ -1,2490 +1,2490 @@
The Cutting Edge: FreeBSD-current and FreeBSD-stableFreeBSD is under constant development between releases. For people
who want to be on the cutting edge, there are several easy mechanisms for
keeping your system in sync with the latest developments. Be warned: the
cutting edge is not for everyone! This chapter will help you decide if you
want to track the development system, or stick with one of the released
versions.Staying Current with FreeBSDContributed by &a.jkh;.What is FreeBSD-current?FreeBSD-current is, quite literally, nothing more than a daily
snapshot of the working sources for FreeBSD. These include work in
progress, experimental changes and transitional mechanisms that may or
may not be present in the next official release of the software.
While many of us compile almost daily from FreeBSD-current sources,
there are periods of time when the sources are literally
un-compilable. These problems are generally resolved as expeditiously
as possible, but whether or not FreeBSD-current sources bring disaster
or greatly desired functionality can literally be a matter of which
part of any given 24 hour period you grabbed them in!Who needs FreeBSD-current?FreeBSD-current is made generally available for 3 primary interest
groups:Members of the FreeBSD group who are actively working on some
part of the source tree and for whom keeping “current”
is an absolute requirement.Members of the FreeBSD group who are active testers, willing
to spend time working through problems in order to ensure that
FreeBSD-current remains as sane as possible. These are also people
who wish to make topical suggestions on changes and the general
direction of FreeBSD.Peripheral members of the FreeBSD (or some other) group who
merely wish to keep an eye on things and use the current sources
for reference purposes (e.g. for reading, not
running). These people also make the occasional comment or
contribute code.What is FreeBSD-current not?A fast-track to getting pre-release bits because you heard
there is some cool new feature in there and you want to be the
first on your block to have it.A quick way of getting bug fixes.In any way “officially supported” by us. We do
our best to help people genuinely in one of the 3
“legitimate” FreeBSD-current categories, but we simply
do not have the time to provide tech support
for it. This is not because we are mean and nasty people who do
not like helping people out (we would not even be doing FreeBSD if
we were), it is literally because we cannot answer 400 messages a
day and actually work on FreeBSD! I am sure
that, if given the choice between having us answer lots of
questions or continuing to improve FreeBSD, most of you would vote
for us improving it.Using FreeBSD-currentJoin the &a.current; and the &a.cvsall; . This is not just a
good idea, it is essential. If you are not
on the FreeBSD-current mailing list, you will
not see the comments that people are making about the current
state of the system and thus will probably end up stumbling over a
lot of problems that others have already found and solved. Even
more importantly, you will miss out on important bulletins which
may be critical to your system's continued health.The cvs-all mailing list will allow you to see
the commit log entry for each change as it is made along with any
pertinent information on possible side-effects.To join these lists, send mail to
&a.majordomo; and specify:
subscribe freebsd-current
subscribe cvs-all
in the body of your message. Optionally, you can also say
help and Majordomo will send you full help on
how to subscribe and unsubscribe to the various other mailing
lists we support.Grab the sources from ftp.FreeBSD.ORG. You can do this in three
ways:Use the CTM facility. Unless
you have a good TCP/IP connection at a flat rate, this is
the way to do it.Use the cvsup program with
this
supfile. This is the second most recommended
method, since it allows you to grab the entire collection
once and then only what has changed from then on. Many people
run cvsup from cron and keep their sources up-to-date
automatically. For a fairly easy interface to this, simply
type:
Use ftp. The source tree for
FreeBSD-current is always “exported” on: ftp://ftp.FreeBSD.ORG/pub/FreeBSD/FreeBSD-current.
We also use wu-ftpd which allows
compressed/tar'd grabbing of whole trees. e.g. you
see:usr.bin/lexYou can do:
ftp>cd usr.binftp>get lex.tar.Z
and it will get the whole directory for you as a compressed
tar file.Essentially, if you need rapid on-demand access to the source
and communications bandwidth is not a consideration, use
cvsup or ftp. Otherwise,
use CTM.If you are grabbing the sources to run, and not just look at,
then grab all of current, not just selected
portions. The reason for this is that various parts of the source
depend on updates elsewhere, and trying to compile just a subset
is almost guaranteed to get you into trouble.Before compiling current, read the Makefile in
/usr/src carefully. You should at least run
a make world the first time
through as part of the upgrading process. Reading the &a.current;
will keep you up-to-date on other bootstrapping procedures that
sometimes become necessary as we move towards the next
release.Be active! If you are running FreeBSD-current, we want to
know what you have to say about it, especially if you have
suggestions for enhancements or bug fixes. Suggestions with
accompanying code are received most enthusiastically!Staying Stable with FreeBSDContributed by &a.jkh;.What is FreeBSD-stable?FreeBSD-stable is our development branch for a more low-key and
conservative set of changes intended for our next mainstream release.
Changes of an experimental or untested nature do not go into this
branch (see FreeBSD-current).Who needs FreeBSD-stable?If you are a commercial user or someone who puts maximum stability
of their FreeBSD system before all other concerns, you should consider
tracking stable. This is especially true if you
have installed the most recent release (&rel.current;-RELEASE
at the time of this writing) since the stable
branch is effectively a bug-fix stream relative to the previous
release.The stable tree endeavors, above all, to be
fully compilable and stable at all times, but we do occasionally
make mistakes (these are still active sources with
quickly-transmitted updates, after all). We also do our best to
thoroughly test fixes in current before
bringing them into stable, but sometimes our
tests fail to catch every case. If something breaks for you in
stable, please let us know
immediately! (see next section).Using FreeBSD-stableJoin the &a.stable;. This will keep you informed of
build-dependencies that may appear in stable
or any other issues requiring special attention. Developers will
also make announcements in this mailing list when they are
contemplating some controversial fix or update, giving the users a
chance to respond if they have any issues to raise concerning the
proposed change.The cvs-all mailing list will allow you to see
the commit log entry for each change as it is made along with any
pertinent information on possible side-effects.To join these lists, send mail to &a.majordomo; and specify:
subscribe freebsd-stable
subscribe cvs-all
in the body of your message. Optionally, you can also say
help and Majordomo will send you full help on
how to subscribe and unsubscribe to the various other mailing
lists we support.If you are installing a new system and want it to be as stable
as possible, you can simply grab the latest dated branch snapshot
from ftp://releng3.FreeBSD.org/pub/FreeBSD/
and install it like any other release.If you are already running a previous release of 2.2 and wish
to upgrade via sources then you can easily do so from ftp.FreeBSD.ORG. This can be done in one
of three ways:Use the CTM facility. Unless
you have a good TCP/IP connection at a flat rate, this is
the way to do it.Use the cvsup program with
this
supfile. This is the second most recommended
method, since it allows you to grab the entire collection
once and then only what has changed from then on. Many people
run cvsup from cron to keep their sources up-to-date
automatically. For a fairly easy interface to this, simply
type;
The FreeBSD mirror
sites database is more accurate than the mirror listing in the
handbook, as it gets its information form the DNS rather than relying on
static lists of hosts.Additionally, FreeBSD is available via anonymous FTP from the
following mirror sites. If you choose to obtain FreeBSD via anonymous
FTP, please try to use a site near you.Argentina,
Australia,
Brazil,
Canada,
Czech Republic,
Denmark,
Estonia,
Finland,
France,
Germany,
Hong Kong,
Ireland,
Israel,
Japan,
Korea,
Netherlands,
New Zealand,
Poland,
Portugal,
Russia,
South Africa,
Spain,
Slovak Republic,
Slovenia,
Sweden,
Taiwan,
Thailand,
UK,
Ukraine,
USA.ArgentinaIn case of problems, please contact the hostmaster
hostmaster@ar.FreeBSD.ORG for this domain.ftp://ftp.ar.FreeBSD.ORG/pub/FreeBSDAustraliaIn case of problems, please contact the hostmaster
hostmaster@au.FreeBSD.ORG for this domain.ftp://ftp.au.FreeBSD.ORG/pub/FreeBSDftp://ftp2.au.FreeBSD.ORG/pub/FreeBSDftp://ftp3.au.FreeBSD.ORG/pub/FreeBSDftp://ftp4.au.FreeBSD.ORG/pub/FreeBSDBrazilIn case of problems, please contact the hostmaster
hostmaster@br.FreeBSD.ORG for this domain.ftp://ftp.br.FreeBSD.ORG/pub/FreeBSDftp://ftp2.br.FreeBSD.ORG/pub/FreeBSDftp://ftp3.br.FreeBSD.ORG/pub/FreeBSDftp://ftp4.br.FreeBSD.ORG/pub/FreeBSDftp://ftp5.br.FreeBSD.ORG/pub/FreeBSDftp://ftp6.br.FreeBSD.ORG/pub/FreeBSDftp://ftp7.br.FreeBSD.ORG/pub/FreeBSDCanadaIn case of problems, please contact the hostmaster
hostmaster@ca.FreeBSD.ORG for this domain.ftp://ftp.ca.FreeBSD.ORG/pub/FreeBSDCzech RepublicIn case of problems, please contact the hostmaster
hostmaster@cz.FreeBSD.ORG for this domain.ftp://ftp.cz.FreeBSD.ORG Contact: calda@dzungle.ms.mff.cuni.czftp://sunsite.mff.cuni.cz/OS/FreeBSD Contact: jj@sunsite.mff.cuni.cz.DenmarkIn case of problems, please contact the hostmaster
hostmaster@dk.FreeBSD.ORG for this domain.ftp://ftp.dk.freeBSD.ORG/pub/FreeBSDEstoniaIn case of problems, please contact the hostmaster
hostmaster@ee.FreeBSD.ORG for this domain.ftp://ftp.ee.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.ee.FreeBSD.org/pub/FreeBSD">ftp://ftp.ee.FreeBSD.org/pub/FreeBSD
FinlandIn case of problems, please contact the hostmaster
hostmaster@fi.FreeBSD.ORG for this domain.ftp://ftp.fi.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.fi.FreeBSD.org/pub/FreeBSD">ftp://ftp.fi.FreeBSD.org/pub/FreeBSD
FranceIn case of problems, please contact the hostmaster
hostmaster@fr.FreeBSD.ORG for this domain.ftp://ftp.fr.FreeBSD.ORG/pub/FreeBSDftp://ftp2.fr.FreeBSD.ORG/pub/FreeBSDftp://ftp3.fr.FreeBSD.ORG/pub/FreeBSDGermanyIn case of problems, please contact the hostmaster
hostmaster@de.FreeBSD.ORG for this domain.ftp://ftp.de.FreeBSD.ORG/pub/FreeBSDftp://ftp2.de.FreeBSD.ORG/pub/FreeBSDftp://ftp3.de.FreeBSD.ORG/pub/FreeBSDftp://ftp4.de.FreeBSD.ORG/pub/FreeBSDftp://ftp5.de.FreeBSD.ORG/pub/FreeBSDftp://ftp6.de.FreeBSD.ORG/pub/FreeBSDftp://ftp7.de.FreeBSD.ORG/pub/FreeBSDHong Kongftp://ftp.hk.super.net/pub/FreeBSD Contact: ftp-admin@HK.Super.NET.IrelandIn case of problems, please contact the hostmaster
hostmaster@ie.FreeBSD.ORG for this domain.ftp://ftp.ie.FreeBSD.ORG/pub/FreeBSDIsraelIn case of problems, please contact the hostmaster
hostmaster@il.FreeBSD.ORG for this domain.ftp://ftp.il.FreeBSD.ORG/pub/FreeBSDftp://ftp2.il.FreeBSD.ORG/pub/FreeBSDJapanIn case of problems, please contact the hostmaster
hostmaster@jp.FreeBSD.ORG for this domain.ftp://ftp.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp2.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp3.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp4.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp5.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp6.jp.FreeBSD.ORG/pub/FreeBSDKoreaIn case of problems, please contact the hostmaster
hostmaster@kr.FreeBSD.ORG for this domain.ftp://ftp.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp2.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp3.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp4.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp5.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp6.kr.FreeBSD.ORG/pub/FreeBSDNetherlandsIn case of problems, please contact the hostmaster
hostmaster@nl.FreeBSD.ORG for this domain.ftp://ftp.nl.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.nl.FreeBSD.org/pub/FreeBSD">ftp://ftp.nl.FreeBSD.org/pub/FreeBSD
New ZealandIn case of problems, please contact the hostmaster
hostmaster@nz.FreeBSD.ORG for this domain.ftp://ftp.nz.FreeBSD.ORG/pub/FreeBSDPolandIn case of problems, please contact the hostmaster
hostmaster@pl.FreeBSD.ORG for this domain.ftp://ftp.pl.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.pl.FreeBSD.org/pub/FreeBSD">ftp://ftp.pl.FreeBSD.org/pub/FreeBSD
PortugalIn case of problems, please contact the hostmaster
hostmaster@pt.FreeBSD.ORG for this domain.ftp://ftp.pt.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp.pt.FreeBSD.org/pub/FreeBSD">ftp://ftp.pt.FreeBSD.org/pub/FreeBSD
ftp://ftp2.pt.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp2.pt.FreeBSD.org/pub/FreeBSD">ftp://ftp2.pt.FreeBSD.org/pub/FreeBSD
RussiaIn case of problems, please contact the hostmaster
hostmaster@ru.FreeBSD.ORG for this domain.ftp://ftp.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp.ru.FreeBSD.org/pub/FreeBSD
ftp://ftp2.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD
ftp://ftp3.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp3.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp3.ru.FreeBSD.org/pub/FreeBSD
- ftp://ftp4.ru.freebsd.org/pub/FreeBSD
+ ftp://ftp4.ru.FreeBSD.org/pub/FreeBSDSouth AfricaIn case of problems, please contact the hostmaster
hostmaster@za.FreeBSD.ORG for this domain.ftp://ftp.za.FreeBSD.ORG/pub/FreeBSDftp://ftp2.za.FreeBSD.ORG/pub/FreeBSDftp://ftp3.za.FreeBSD.ORG/pub/FreeBSDSlovak RepublicIn case of problems, please contact the hostmaster
hostmaster@sk.FreeBSD.ORG for this domain.
- ftp://ftp.sk.freebsd.ORG/pub/FreeBSD
+ ftp://ftp.sk.FreeBSD.org/pub/FreeBSDSloveniaIn case of problems, please contact the hostmaster
- hostmaster@si.FreeBSD.ORG for this domain.
+ hostmaster@si.FreeBSD.org for this domain.
ftp://ftp.si.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.si.FreeBSD.org/pub/FreeBSD">ftp://ftp.si.FreeBSD.org/pub/FreeBSD
SpainIn case of problems, please contact the hostmaster
hostmaster@es.FreeBSD.ORG for this domain.
- ftp://ftp.es.freebsd.ORG/pub/FreeBSD
+ ftp://ftp.es.FreeBSD.org/pub/FreeBSDSwedenIn case of problems, please contact the hostmaster
hostmaster@se.FreeBSD.ORG for this domain.ftp://ftp.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.se.FreeBSD.org/pub/FreeBSD">ftp://ftp.se.FreeBSD.org/pub/FreeBSD
ftp://ftp2.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp2.se.FreeBSD.org/pub/FreeBSD">ftp://ftp2.se.FreeBSD.org/pub/FreeBSD
ftp://ftp3.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp3.se.FreeBSD.org/pub/FreeBSD">ftp://ftp3.se.FreeBSD.org/pub/FreeBSD
TaiwanIn case of problems, please contact the hostmaster
hostmaster@tw.FreeBSD.ORG for this domain.ftp://ftp.tw.FreeBSD.ORG/pub/FreeBSDftp://ftp2.tw.FreeBSD.ORG/pub/FreeBSDftp://ftp3.tw.FreeBSD.ORG/pub/FreeBSDThailandftp://ftp.nectec.or.th/pub/FreeBSD Contact: ftpadmin@ftp.nectec.or.th.Ukraineftp://ftp.ua.FreeBSD.ORG/pub/FreeBSD Contact: freebsd-mnt@lucky.net.UKIn case of problems, please contact the hostmaster
hostmaster@uk.FreeBSD.ORG for this domain.ftp://ftp.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp2.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp3.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp4.uk.FreeBSD.ORG/pub/FreeBSDUSAIn case of problems, please contact the hostmaster
hostmaster@FreeBSD.ORG for this domain.ftp://ftp.FreeBSD.ORG/pub/FreeBSDftp://ftp2.FreeBSD.ORG/pub/FreeBSDftp://ftp3.FreeBSD.ORG/pub/FreeBSDftp://ftp4.FreeBSD.ORG/pub/FreeBSDftp://ftp5.FreeBSD.ORG/pub/FreeBSDftp://ftp6.FreeBSD.ORG/pub/FreeBSDThe latest versions of export-restricted code for FreeBSD (2.0C or
later) (eBones and secure) are being made available at the following
locations. If you are outside the U.S. or Canada, please get secure
(DES) and eBones (Kerberos) from one of the following foreign
distribution sites:South AfricaHostmaster hostmaster@internat.FreeBSD.ORG for
this domain.ftp://ftp.internat.FreeBSD.ORG/pub/FreeBSDftp://ftp2.internat.FreeBSD.ORG/pub/FreeBSDBrazilHostmaster hostmaster@br.FreeBSD.ORG for this
domain.ftp://ftp.br.FreeBSD.ORG/pub/FreeBSDFinlandftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt Contact: count@nic.funet.fi.CTM SitesCTM/FreeBSD is available via anonymous
FTP from the following mirror sites. If you choose to obtain CTM via
anonymous FTP, please try to use a site near you.In case of problems, please contact &a.phk;.California, Bay Area, official sourceftp://ftp.freebsd.org/pub/FreeBSD/development/CTM
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/development/CTM">ftp://ftp.FreeBSD.org/pub/FreeBSD/development/CTM
Germany, Trierftp://ftp.uni-trier.de/pub/unix/systems/BSD/FreeBSD/CTMSouth Africa, backup server for old deltasftp://ftp.internat.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ftp.internat.FreeBSD.org/pub/FreeBSD/CTM">ftp://ftp.internat.FreeBSD.org/pub/FreeBSD/CTM
Taiwan/R.O.C, Chiayiftp://ctm.tw.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ctm.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm.tw.FreeBSD.org/pub/FreeBSD/CTM
ftp://ctm2.tw.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ctm2.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm2.tw.FreeBSD.org/pub/FreeBSD/CTM
ftp://ctm3.tw.freebsd.org/pub/freebsd/CTM
+ URL="ftp://ctm3.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm3.tw.FreeBSD.org/pub/freebsd/CTM
If you did not find a mirror near to you or the mirror is
incomplete, try FTP
search at http://ftpsearch.ntnu.no/ftpsearch.
FTP search is a great free archie server in Trondheim, Norway.CVSup SitesCVSup servers for FreeBSD are running
at the following sites:Argentinacvsup.ar.FreeBSD.ORG (maintainer
msagre@cactus.fi.uba.ar)Australiacvsup.au.FreeBSD.ORG (maintainer
dawes@physics.usyd.edu.au)Brazilcvsup.br.FreeBSD.ORG (maintainer
- cvsup@cvsup.br.freebsd.org)
+ cvsup@cvsup.br.FreeBSD.org)
Canadacvsup.ca.FreeBSD.ORG (maintainer
dm@glbalserve.net)Czech Republiccvsup.cz.FreeBSD.ORG (maintainer
cejkar@dcse.fee.vutbr.cz)Denmarkcvsup.dk.FreeBSD.ORG (maintainer
jesper@skriver.dk)Estoniacvsup.ee.FreeBSD.ORG (maintainer
taavi@uninet.ee)Finlandcvsup.fi.FreeBSD.ORG (maintainer
count@key.sms.fi)Germanycvsup.de.FreeBSD.ORG (maintainer
- wosch@freebsd.org)
+ wosch@FreeBSD.org)
cvsup2.de.FreeBSD.ORG (maintainer
- petzi@freebsd.org)
+ petzi@FreeBSD.org)
cvsup3.de.FreeBSD.ORG (maintainer
ag@leo.org)Icelandcvsup.is.FreeBSD.ORG (maintainer
adam@veda.is)Japancvsup.jp.FreeBSD.ORG (maintainer
simokawa@sat.t.u-tokyo.ac.jp)cvsup2.jp.FreeBSD.ORG (maintainer
max@FreeBSD.ORG)cvsup3.jp.FreeBSD.ORG (maintainer
shige@cin.nihon-u.ac.jp)cvsup4.jp.FreeBSD.ORG (maintainer
cvsup-admin@ftp.media.kyoto-u.ac.jp)cvsup5.jp.FreeBSD.ORG (maintainer
cvsup@imasy.or.jp)Netherlandscvsup.nl.FreeBSD.ORG (maintainer
xaa@xaa.iae.nl)Norwaycvsup.no.FreeBSD.ORG (maintainer
Tor.Egge@idt.ntnu.no)Polandcvsup.pl.FreeBSD.ORG (maintainer
Mariusz@kam.pl)Russiacvsup.ru.FreeBSD.ORG (maintainer
mishania@demos.su)cvsup2.ru.FreeBSD.ORG (maintainer
dv@dv.ru)Spain
- cvsup.es.freebsd.org (maintainer
- jesusr@freebsd.org)
+ cvsup.es.FreeBSD.org (maintainer
+ jesusr@FreeBSD.org)Swedencvsup.se.FreeBSD.ORG (maintainer
pantzer@ludd.luth.se)Slovak Republiccvsup.sk.FreeBSD.ORG (maintainer
tps@tps.sk)cvsup2.sk.FreeBSD.ORG (maintainer
tps@tps.sk)South Africacvsup.za.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)cvsup2.za.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)Taiwancvsup.tw.FreeBSD.ORG (maintainer
jdli@freebsd.csie.nctu.edu.tw)Ukrainecvsup2.ua.FreeBSD.ORG (maintainer
freebsd-mnt@lucky.net)United Kingdomcvsup.uk.FreeBSD.ORG (maintainer
joe@pavilion.net)cvsup2.uk.FreeBSD.ORG (maintainer
brian@FreeBSD.ORG)USAcvsup1.FreeBSD.ORG (maintainer
skynyrd@opus.cts.cwu.edu), Washington
statecvsup2.FreeBSD.ORG (maintainer
jdp@FreeBSD.ORG), Californiacvsup3.FreeBSD.ORG (maintainer
wollman@FreeBSD.ORG), Massachusettscvsup5.FreeBSD.ORG (maintainer
cvsup@adsu.bellsouth.com), GeorgiaThe export-restricted code for FreeBSD (eBones and secure) is
available via CVSup at the following
international repository. Please use this site to get the
export-restricted code, if you are outside the USA or Canada.South Africacvsup.internat.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)The following CVSup site is especially
designed for CTM users. Unlike the other
CVSup mirrors, it is kept up-to-date by CTM.
That means if you CVSupcvs-all with release=cvs from this
site, you get a version of the repository (including the inevitable
.ctm_status file) which is suitable for being
updated using the CTMcvs-cur deltas. This allows users who track the
entire cvs-all tree to go from
CVSup to CTM
without having to rebuild their repository from scratch using a fresh
CTM base delta.This special feature only works for the cvs-all
distribution with cvs as the release tag.
CVSupping any other distribution and/or release will get you the
specified distribution, but it will not be suitable for
CTM updating.Because the current version of CTM does
not preserve the timestamps of files, the timestamps at this mirror
site are not the same as those at other mirror sites. Switching
between this site and other sites is not recommended. It will work
correctly, but will be somewhat inefficient.Germanyctm.FreeBSD.ORG (maintainer
blank@fox.uni-trier.de)AFS SitesAFS servers for FreeBSD are running at the following sites;SwedenThe path to the files are:
/afs/stacken.kth.se/ftp/pub/FreeBSD
stacken.kth.se # Stacken Computer Club, KTH, Sweden
130.237.234.43 #hot.stacken.kth.se
130.237.237.230 #fishburger.stacken.kth.se
130.237.234.3 #milko.stacken.kth.seMaintainer ftp@stacken.kth.se
diff --git a/en/handbook/pgpkeys/chapter.sgml b/en/handbook/pgpkeys/chapter.sgml
index fc3190a506..984b27dd97 100644
--- a/en/handbook/pgpkeys/chapter.sgml
+++ b/en/handbook/pgpkeys/chapter.sgml
@@ -1,624 +1,624 @@
PGP keysIn case you need to verify a signature or send encrypted email to one
of the officers or core team members a number of keys are provided here
for your convenience.OfficersFreeBSD Security Officer
- security-officer@freebsd.org
+ security-officer@FreeBSD.org
FreeBSD Security Officer <security-officer@freebsd.org>
Fingerprint = 41 08 4E BB DB 41 60 71 F9 E5 0E 98 73 AF 3F 11
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCNAzF7MY4AAAEEAK7qBgPuBejER5HQbQlsOldk3ZVWXlRj54raz3IbuAUrDrQL
h3g57T9QY++f3Mot2LAf5lDJbsMfWrtwPrPwCCFRYQd6XH778a+l4ju5axyjrt/L
Ciw9RrOC+WaPv3lIdLuqYge2QRC1LvKACIPNbIcgbnLeRGLovFUuHi5z0oilAAUR
tDdGcmVlQlNEIFNlY3VyaXR5IE9mZmljZXIgPHNlY3VyaXR5LW9mZmljZXJAZnJl
ZWJzZC5vcmc+iQCVAwUQMX6yrOJgpPLZnQjrAQHyowQA1Nv2AY8vJIrdp2ttV6RU
tZBYnI7gTO3sFC2bhIHsCvfVU3JphfqWQ7AnTXcD2yPjGcchUfc/EcL1tSlqW4y7
PMP4GHZp9vHog1NAsgLC9Y1P/1cOeuhZ0pDpZZ5zxTo6TQcCBjQA6KhiBFP4TJql
3olFfPBh3B/Tu3dqmEbSWpuJAJUDBRAxez3C9RVb+45ULV0BAak8A/9JIG/jRJaz
QbKom6wMw852C/Z0qBLJy7KdN30099zMjQYeC9PnlkZ0USjQ4TSpC8UerYv6IfhV
nNY6gyF2Hx4CbEFlopnfA1c4yxtXKti1kSN6wBy/ki3SmqtfDhPQ4Q31p63cSe5A
3aoHcjvWuqPLpW4ba2uHVKGP3g7SSt6AOYkAlQMFEDF8mz0ff6kIA1j8vQEBmZcD
/REaUPDRx6qr1XRQlMs6pfgNKEwnKmcUzQLCvKBnYYGmD5ydPLxCPSFnPcPthaUb
5zVgMTjfjS2fkEiRrua4duGRgqN4xY7VRAsIQeMSITBOZeBZZf2oa9Ntidr5PumS
9uQ9bvdfWMpsemk2MaRG9BSoy5Wvy8VxROYYUwpT8Cf2iQCVAwUQMXsyqWtaZ42B
sqd5AQHKjAQAvolI30Nyu3IyTfNeCb/DvOe9tlOn/o+VUDNJiE/PuBe1s2Y94a/P
BfcohpKC2kza3NiW6lLTp00OWQsuu0QAPc02vYOyseZWy4y3Phnw60pWzLcFdemT
0GiYS5Xm1o9nAhPFciybn9j1q8UadIlIq0wbqWgdInBT8YI/l4f5sf6JAJUDBRAx
ezKXVS4eLnPSiKUBAc5OBACIXTlKqQC3B53qt7bNMV46m81fuw1PhKaJEI033mCD
ovzyEFFQeOyRXeu25Jg9Bq0Sn37ynISucHSmt2tUD5W0+p1MUGyTqnfqejMUWBzO
v4Xhp6a8RtDdUMBOTtro16iulGiRrCKxzVgEl4i+9Z0ZiE6BWlg5AetoF5n3mGk1
lw==
=ipyA
-----END PGP PUBLIC KEY BLOCK-----&a.imp;
Warner Losh <imp@village.org>
aka <imp@freebsd.org>
Fingerprint = D4 31 FD B9 F7 90 17 E8 37 C5 E7 7F CF A6 C1 B9
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzDzTiAAAAEEAK8D7KWEbVFUrmlqhUEnAvphNIqHEbqqT8s+c5f5c2uHtlcH
V4mV2TlUaDSVBN4+/D70oHmZc4IgiQwMPCWRrSezg9z/MaKlWhaslc8YT6Xc1q+o
EP/fAdKUrq49H0QQbkQk6Ks5wKW6v9AOvdmsS6ZJEcet6d9G4dxynu/2qPVhAAUR
tCBNLiBXYXJuZXIgTG9zaCA8aW1wQHZpbGxhZ2Uub3JnPokAlQMFEDM/SK1VLh4u
c9KIpQEBFPsD/1n0YuuUPvD4CismZ9bx9M84y5sxLolgFEfP9Ux196ZSeaPpkA0g
C9YX/IyIy5VHh3372SDWN5iVSDYPwtCmZziwIV2YxzPtZw0nUu82P/Fn8ynlCSWB
5povLZmgrWijTJdnUWI0ApVBUTQoiW5MyrNN51H3HLWXGoXMgQFZXKWYiQCVAwUQ
MzmhkfUVW/uOVC1dAQG3+AP/T1HL/5EYF0ij0yQmNTzt1cLt0b1e3N3zN/wPFFWs
BfrQ+nsv1zw7cEgxLtktk73wBGM9jUIdJu8phgLtl5a0m9UjBq5oxrJaNJr6UTxN
a+sFkapTLT1g84UFUO/+8qRB12v+hZr2WeXMYjHAFUT18mp3xwjW9DUV+2fW1Wag
YDKJAJUDBRAzOYK1s1pi61mfMj0BARBbA/930CHswOF0HIr+4YYUs1ejDnZ2J3zn
icTZhl9uAfEQq++Xor1x476j67Z9fESxyHltUxCmwxsJ1uOJRwzjyEoMlyFrIN4C
dE0C8g8BF+sRTt7VLURLERvlBvFrVZueXSnXvmMoWFnqpSpt3EmN6TNaLe8Cm87a
k6EvQy0dpnkPKokAlQMFEDD9Lorccp7v9qj1YQEBrRUD/3N4cCMWjzsIFp2Vh9y+
RzUrblyF84tJyA7Rr1p+A7dxf7je3Zx5QMEXosWL1WGnS5vC9YH2WZwv6sCU61gU
rSy9z8KHlBEHh+Z6fdRMrjd9byPf+n3cktT0NhS23oXB1ZhNZcB2KKhVPlNctMqO
3gTYx+Nlo6xqjR+J2NnBYU8p
=7fQV
-----END PGP PUBLIC KEY BLOCK-----Core Team members&a.asami;
Satoshi Asami <asami@cs.berkeley.edu>
aka <asami@FreeBSD.ORG>
Fingerprint = EB 3C 68 9E FB 6C EB 3F DB 2E 0F 10 8F CE 79 CA
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzPVyoQAAAEEAL7W+kipxB171Z4SVyyL9skaA7hG3eRsSOWk7lfvfUBLtPog
f3OKwrApoc/jwLf4+Qpdzv5DLEt/6Hd/clskhJ+q1gMNHyZ5ABmUxrTRRNvJMTrb
3fPU3oZj7sL/MyiFaT1zF8EaMP/iS2ZtcFsbYOqGeA8E/58uk4NA0SoeCNiJAAUR
tCVTYXRvc2hpIEFzYW1pIDxhc2FtaUBjcy5iZXJrZWxleS5lZHU+iQCVAwUQM/AT
+EqGN2HYnOMZAQF11QP/eSXb2FuTb1yX5yoo1Im8YnIk1SEgCGbyEbOMMBznVNDy
5g2TAD0ofLxPxy5Vodjg8rf+lfMVtO5amUH6aNcORXRncE83T10JmeM6JEp0T6jw
zOHKz8jRzygYLBayGsNIJ4BGxa4LeaGxJpO1ZEvRlNkPH/YEXK5oQmq9/DlrtYOJ
AEUDBRAz42JT8ng6GBbVvu0BAU8nAYCsJ8PiJpRUGlrz6rxjX8hqM1v3vqFHLcG+
G52nVMBSy+RZBgzsYIPwI5EZtWAKb22JAJUDBRAz4QBWdbtuOHaj97EBAaQPA/46
+NLUp+Wubl90JoonoXocwAg88tvAUVSzsxPXj0lvypAiSI2AJKsmn+5PuQ+/IoQy
lywRsxiQ5GD7C72SZ1yw2WI9DWFeAi+qa4b8n9fcLYrnHpyCY+zxEpu4pam8FJ7H
JocEUZz5HRoKKOLHErzXDiuTkkm72b1glmCqAQvnB4kAlQMFEDPZ3gyDQNEqHgjY
iQEBFfUEALu2C0uo+1Z7C5+xshWRYY5xNCzK20O6bANVJ+CO2fih96KhwsMof3lw
fDso5HJSwgFd8WT/sR+Wwzz6BAE5UtgsQq5GcsdYQuGI1yIlCYUpDp5sgswNm+OA
bX5a+r4F/ZJqrqT1J56Mer0VVsNfe5nIRsjd/rnFAFVfjcQtaQmjiQCVAwUQM9uV
mcdm8Q+/vPRJAQELHgP9GqNiMpLQlZig17fDnCJ73P0e5t/hRLFehZDlmEI2TK7j
Yeqbw078nZgyyuljZ7YsbstRIsWVCxobX5eH1kX+hIxuUqCAkCsWUY4abG89kHJr
XGQn6X1CX7xbZ+b6b9jLK+bJKFcLSfyqR3M2eCyscSiZYkWKQ5l3FYvbUzkeb6K0
IVNhdG9zaGkgQXNhbWkgPGFzYW1pQEZyZWVCU0QuT1JHPg==
=39SC
-----END PGP PUBLIC KEY BLOCK-----&a.jmb;
Jonathan M. Bresler <jmb@FreeBSD.org>
f16 Fingerprint16 = 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAzG2GToAAAEEANI6+4SJAAgBpl53XcfEr1M9wZyBqC0tzpie7Zm4vhv3hO8s
o5BizSbcJheQimQiZAY4OnlrCpPxijMFSaihshs/VMAz1qbisUYAMqwGEO/T4QIB
nWNo0Q/qOniLMxUrxS1RpeW5vbghErHBKUX9GVhxbiVfbwc4wAHbXdKX5jjdAAUR
tCVKb25hdGhhbiBNLiBCcmVzbGVyIDxqbWJARnJlZUJTRC5PUkc+iQCVAwUQNbtI
gAHbXdKX5jjdAQHamQP+OQr10QRknamIPmuHmFYJZ0jU9XPIvTTMuOiUYLcXlTdn
GyTUuzhbEywgtOldW2V5iA8platXThtqC68NsnN/xQfHA5xmFXVbayNKn8H5stDY
2s/4+CZ06mmJfqYmONF1RCbUk/M84rVT3Gn2tydsxFh4Pm32lf4WREZWRiLqmw+J
AJUDBRA0DfF99RVb+45ULV0BAcZ0BACCydiSUG1VR0a5DBcHdtin2iZMPsJUPRqJ
tWvP6VeI8OFpNWQ4LW6ETAvn35HxV2kCcQMyht1kMD+KEJz7r8Vb94TS7KtZnNvk
2D1XUx8Locj6xel5c/Lnzlnnp7Bp1XbJj2u/NzCaZQ0eYBdP/k7RLYBYHQQln5x7
BOuiRJNVU4kAlQMFEDQLcShVLh4uc9KIpQEBJv4D/3mDrD0MM9EYOVuyXik3UGVI
8quYNA9ErVcLdt10NjYc16VI2HOnYVgPRag3Wt7W8wlXShpokfC/vCNt7f5JgRf8
h2a1/MjQxtlD+4/Js8k7GLa53oLon6YQYk32IEKexoLPwIRO4L2BHWa3GzHJJSP2
aTR/Ep90/pLdAOu/oJDUiQCVAwUQMqyL0LNaYutZnzI9AQF25QP9GFXhBrz2tiWz
2+0gWbpcGNnyZbfsVjF6ojGDdmsjJMyWCGw49XR/vPKYIJY9EYo4t49GIajRkISQ
NNiIz22fBAjT2uY9YlvnTJ9NJleMfHr4dybo7oEKYMWWijQzGjqf2m8wf9OaaofE
KwBX6nxcRbKsxm/BVLKczGYl3XtjkcuJAJUDBRA1ol5TZWCprDT5+dUBATzXA/9h
/ZUuhoRKTWViaistGJfWi26FB/Km5nDQBr/Erw3XksQCMwTLyEugg6dahQ1u9Y5E
5tKPxbB69eF+7JXVHE/z3zizR6VL3sdRx74TPacPsdhZRjChEQc0htLLYAPkJrFP
VAzAlSlm7qd+MXf8fJovQs6xPtZJXukQukPNlhqZ94kAPwMFEDSH/kF4tXKgazlt
bxECfk4AoO+VaFVfguUkWX10pPSSfvPyPKqiAJ4xn8RSIe1ttmnqkkDMhLh00mKj
lLQuSm9uYXRoYW4gTS4gQnJlc2xlciA8Sm9uYXRoYW4uQnJlc2xlckBVU2kubmV0
PokAlQMFEDXbdSkB213Sl+Y43QEBV/4D/RLJNTrtAqJ1ATxXWv9g8Cr3/YF0GTmx
5dIrJOpBup7eSSmiM/BL9Is4YMsoVbXCI/8TqA67TMICvq35PZU4wboQB8DqBAr+
gQ8578M7Ekw1OAF6JXY6AF2P8k7hMcVBcVOACELPT/NyPNByG5QRDoNmlsokJaWU
/2ls4QSBZZlb
=zbCw
-----END PGP PUBLIC KEY BLOCK-----&a.ache;
Andrey A. Chernov <ache@FreeBSD.org>
aka <ache@nagual.pp.ru>
Key fingerprint = 33 03 9F 48 33 7B 4A 15 63 48 88 0A C4 97 FD 49
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAiqUMGQAAAEEAPGhcD6A2Buey5LYz0sphDLpVgOZc/bb9UHAbaGKUAGXmafs
Dcb2HnsuYGgX/zrQXuCi/wIGtXcZWB97APtKOhFsZnPinDR5n/dde/mw9FnuhwqD
m+rKSL1HlN0z/Msa5y7g16760wHhSR6NoBSEG5wQAHIMMq7Q0uJgpPLZnQjrAAUT
tCVBbmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucHAucnU+iQCVAwUQM2Ez
u+JgpPLZnQjrAQEyugP8DPnS8ixJ5OeuYgPFQf5sy6l+LrB6hyaS+lgsUPahWjNY
cnaDmfda/q/BV5d4+y5rlQe/pjnYG7/yQuAR3jhlXz8XDrqlBOnW9AtYjDt5rMfJ
aGFTGXAPGZ6k6zQZE0/YurT8ia3qjvuZm3Fw4NJrHRx7ETHRvVJDvxA6Ggsvmr20
JEFuZHJleSBBLiBDaGVybm92IDxhY2hlQEZyZWVCU0Qub3JnPokAlQMFEDR5uVbi
YKTy2Z0I6wEBLgED/2mn+hw4/3peLx0Sb9LNx//NfCCkVefSf2G9Qwhx6dvwbX7h
mFca97h7BQN4GubU1Z5Ffs6TeamSBrotBYGmOCwvJ6S9WigF9YHQIQ3B4LEjskAt
pcjU583y42zM11kkvEuQU2Gde61daIylJyOxsgpjSWpkxq50fgY2kLMfgl/ftCZB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuaWV0enNjaGUubmV0PokAlQMFEDR5svDi
YKTy2Z0I6wEBOTQD/0OTCAXIjuak363mjERvzSkVsNtIH9hA1l0w6Z95+iH0fHrW
xXKT0vBZE0y0Em+S3cotLL0bMmVE3F3D3GyxhBVmgzjyx0NYNoiQjYdi+6g/PV30
Cn4vOO6hBBpSyI6vY6qGNqcsawuRtHNvK/53MpOfKwSlICEBYQimcZhkci+EtCJB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucnU+iQCVAwUQMcm5HeJgpPLZ
nQjrAQHwvQP9GdmAf1gdcuayHEgNkc11macPH11cwWjYjzA2YoecFMGV7iqKK8QY
rr1MjbGXf8DAG8Ubfm0QbI8Lj8iG3NgqIru0c72UuHGSn/APfGGG0AtPX5UK/k7B
gI0Ca2po6NA5nrSp8tDsdEz/4gyea84RXl2prtTf5Jj07hflbRstGXK0MkFuZHJl
eSBBLiBDaGVybm92LCBCbGFjayBNYWdlIDxhY2hlQGFzdHJhbC5tc2suc3U+iQCV
AwUQMCsAo5/rGryoL8h3AQHq1QQAidyNFqA9hvrmMcjpY7csJVFlGvj574Wj4GPa
o3pZeuQaMBmsWqaXLYnWU/Aldb6kTz6+nRcQX50zFH0THSPfApwEW7yybSTI5apJ
mWT3qhKN2vmLNg2yNzhqLTzHLD1lH3i1pfQq8WevrNfjLUco5S/VuekTma/osnzC
Cw7fQzCJAJUDBRAwKvwoa1pnjYGyp3kBARihBACoXr3qfG65hFCyKJISmjOvaoGr
anxUIkeDS0yQdTHzhQ+dwB1OhhK15E0Nwr0MKajLMm90n6+Zdb5y/FIjpPriu8dI
rlHrWZlewa88eEDM+Q/NxT1iYg+HaKDAE171jmLpSpCL0MiJtO0i36L3ekVD7Hv8
vffOZHPSHirIzJOZTYkAlQMFEDAau6zFLUdtDb+QbQEBQX8D/AxwkYeFaYxZYMFO
DHIvSk23hAsjCmUA2Uil1FeWAusb+o8xRfPDc7TnosrIifJqbF5+fcHCG5VSTGlh
Bhd18YWUeabf/h9O2BsQX55yWRuB2x3diJ1xI/VVdG+rxlMCmE4ZR1Tl9x+Mtun9
KqKVpB39VlkCBYQ3hlgNt/TJUY4riQCVAwUQMBHMmyJRltlmbQBRAQFQkwP/YC3a
hs3ZMMoriOlt3ZxGNUUPTF7rIER3j+c7mqGG46dEnDB5sUrkzacpoLX5sj1tGR3b
vz9a4vmk1Av3KFNNvrZZ3/BZFGpq3mCTiAC9zsyNYQ8L0AfGIUO5goCIjqwOTNQI
AOpNsJ5S+nMAkQB4YmmNlI6GTb3D18zfhPZ6uciJAJUCBRAwD0sl4uW74fteFRkB
AWsAA/9NYqBRBKbmltQDpyK4+jBAYjkXBJmARFXKJYTlnTgOHMpZqoVyW96xnaa5
MzxEiu7ZWm5oL10QDIp1krkBP2KcmvfSMMHb5aGCCQc2/P8NlfXAuHtNGzYiI0UA
Iwi8ih/S1liVfvnqF9uV3d3koE7VsQ9OA4Qo0ZL2ggW+/gEaYIkAlQMFEDAOz6qx
/IyHe3rl4QEBIvYD/jIr8Xqo/2I5gncghSeFR01n0vELFIvaF4cHofGzyzBpYsfA
+6pgFI1IM+LUF3kbUkAY/2uSf9U5ECcaMCTWCwVgJVO+oG075SHEM4buhrzutZiM
1dTyTaepaPpTyRMUUx9ZMMYJs7sbqLId1eDwrJxUPhrBNvf/w2W2sYHSY8cdiQCV
AwUQMAzqgHcdkq6JcsfBAQGTxwQAtgeLFi2rhSOdllpDXUwz+SS6bEjFTWgRsWFM
y9QnOcqryw7LyuFmWein4jasjY033JsODfWQPiPVNA3UEnXVg9+n8AvNMPO8JkRv
Cn1eNg0VaJy9J368uArio93agd2Yf/R5r+QEuPjIssVk8hdcy/luEhSiXWf6bLMV
HEA0J+OJAJUDBRAwDUi+4mCk8tmdCOsBAatBBACHB+qtW880seRCDZLjl/bT1b14
5po60U7u6a3PEBkY0NA72tWDQuRPF/Cn/0+VdFNxQUsgkrbwaJWOoi0KQsvlOm3R
rsxKbn9uvEKLxExyKH3pxp76kvz/lEWwEeKvBK+84Pb1lzpG3W7u2XDfi3VQPTi3
5SZMAHc6C0Ct/mjNlYkAlQMFEDAMrPD7wj+NsTMUOQEBJckD/ik4WsZzm2qOx9Fw
erGq7Zwchc+Jq1YeN5PxpzqSf4AG7+7dFIn+oe6X2FcIzgbYY+IfmgJIHEVjDHH5
+uAXyb6l4iKc89eQawO3t88pfHLJWbTzmnvgz2cMrxt94HRvgkHfvcpGEgbyldq6
EB33OunazFcfZFRIcXk1sfyLDvYE
=1ahV
-----END PGP PUBLIC KEY BLOCK-----&a.jkh;
Jordan K. Hubbard <jkh@FreeBSD.org>
Fingerprint = 3C F2 27 7E 4A 6C 09 0A 4B C9 47 CD 4F 4D 0B 20
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzFjX0IAAAEEAML+nm9/kDNPp43ZUZGjYkm2QLtoC1Wxr8JulZXqk7qmhYcQ
jvX+fyoriJ6/7ZlnLe2oG5j9tZOnRLPvMaz0g9CpW6Dz3nkXrNPkmOFV9B8D94Mk
tyFeRJFqnkCuqBj6D+H8FtBwEeeTecSh2tJ0bZZTXnAMhxeOdvUVW/uOVC1dAAUR
tCNKb3JkYW4gSy4gSHViYmFyZCA8amtoQEZyZWVCU0Qub3JnPokBFQMFEDXCTXQM
j46yp4IfPQEBwO8IAIN0J09AXBf86dFUTFGcAMrEQqOF5IL+KGorAjzuYxERhKfD
ZV7jA+sCQqxkWfcVcE20kVyVYqzZIkio9a5zXP6TwA247JkPt54S1PmMDYHNlRIY
laXlNoji+4q3HP2DfHqXRT2859rYpm/fG/v6pWkos5voPKcZ2OFEp9W+Ap88oqw+
5rx4VetZNJq1Epmis4INj6XqNqj85+MOOIYE+f445ohDM6B/Mxazd6cHFGGIR+az
VjZ6lCDMLjzhB5+FqfrDLYuMjqkMTR5z9DL+psUvPlCkYbQ11NEWtEmiIWjUcNJN
GCxGzv5bXk0XPu3ADwbPkFE2usW1cSM7AQFiwuyJAJUDBRAxe+Q9a1pnjYGyp3kB
AV7XA/oCSL/Cc2USpQ2ckwkGpyvIkYBPszIcabSNJAzm2hsU9Qa6WOPxD8olDddB
uJNiW/gznPC4NsQ0N8Zr4IqRX/TTDVf04WhLmd8AN9SOrVv2q0BKgU6fLuk979tJ
utrewH6PR2qBOjAaR0FJNk4pcYAHeT+e7KaKy96YFvWKIyDvc4kAlQMFEDF8ldof
f6kIA1j8vQEBDH4D/0Zm0oNlpXrAE1EOFrmp43HURHbij8n0Gra1w9sbfo4PV+/H
U8ojTdWLy6r0+prH7NODCkgtIQNpqLuqM8PF2pPtUJj9HwTmSqfaT/LMztfPA6PQ
csyT7xxdXl0+4xTDl1avGSJfYsI8XCAy85cTs+PQwuyzugE/iykJO1Bnj/paiQCV
AwUQMXvlBvUVW/uOVC1dAQF2fQP/RfYC6RrpFTZHjo2qsUHSRk0vmsYfwG5NHP5y
oQBMsaQJeSckN4n2JOgR4T75U4vS62aFxgPLJP3lOHkU2Vc7xhAuBvsbGr5RP8c5
LvPOeUEyz6ZArp1KUHrtcM2iK1FBOmY4dOYphWyWMkDgYExabqlrAq7FKZftpq/C
BiMRuaw=
=C/Jw
-----END PGP PUBLIC KEY BLOCK-----&a.phk;
Poul-Henning Kamp <phk@FreeBSD.org>
Fingerprint = A3 F3 88 28 2F 9B 99 A2 49 F4 E2 FA 5A 78 8B 3E
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzAdpMIAAAEEALHDgrFUwhZtb7PbXg3upELoDVEUPFRwnmpJH1rRqyROUGcI
ooVe7u+FQlIs5OsXK8ECs/5Wpe2UrZSzHvjwBYOND5H42YtI5UULZLRCo5bFfTVA
K9Rpo5icfTsYihrzU2nmnycwFMk+jYXyT/ZDYWDP/BM9iLjj0x9/qQgDWPy9AAUR
tCNQb3VsLUhlbm5pbmcgS2FtcCA8cGhrQEZyZWVCU0Qub3JnPokAlQMFEDQQ0aZ1
u244dqP3sQEBu4ID/jXFFeJgs2MdTDNOZM/FbfDhI4qxAbYUsqS3+Ra16yd8Wd/A
jV+IHJE2NomFWl8UrUjCGinXiwzPgK1OfFJrS9Og1wQLvAl0X84BA8MTP9BQr4w7
6I/RbksgUSrVCIO8MJwlydjSPocWGBeXlVjbZxXzyuJk7H+TG+zuI5BuBcNIiQCV
AwUQMwYr2rNaYutZnzI9AQHiIQP/XxtBWFXaBRgVLEhRNpS07YdU+LsZGlLOZehN
9L4UnJFHQQPNOpMey2gF7Y95aBOw5/1xS5vlQpwmRFCntWsm/gqdzK6rulfr1r5A
y94LO5TAC6ucNu396Y4vo1TyD1STnRC466KlvmtQtAtFGgXlORWLL9URLzcRFd1h
D0yXd9aJAJUDBRAxfo19a1pnjYGyp3kBAQqyA/4v64vP3l1F0Sadn6ias761hkz/
SMdTuLzILmofSCC4o4KWMjiWJHs2Soo41QlZi1+xMHzV32JKiwFlGtPHqL+EHyXy
Q4H3vmf9/1KF+0XCaMtgI0wWUMziPSTJK8xXbRRmMDK/0F4TnVVaUhnmf+h5K7O6
XdmejDTa0X/NWcicmIkAlQMFEDF8lef1FVv7jlQtXQEBcnwD/0ro1PpUtlkLmreD
tsGTkNa7MFLegrYRvDDrHOwPZH152W2jPUncY+eArQJakeHiTDmJNpFagLZglhE0
bqJyca+UwCXX+6upAclWHEBMg2byiWMMqyPVEEnpUoHM1sIkgdNWlfQAmipRBfYh
2LyCgWvR8CbtwPYIFvUmGgB3MR87iQCVAwUQMUseXB9/qQgDWPy9AQGPkwP/WEDy
El2Gkvua9COtMAifot2vTwuvWWpNopIEx0Ivey4aVbRLD90gGCJw8OGDEtqFPcNV
8aIiy3fYVKXGZZjvCKd7zRfhNmQn0eLDcymq2OX3aPrMc2rRlkT4Jx425ukR1gsO
qiQAgw91aWhY8dlw/EKzk8ojm52x4VgXaBACMjaJAJUDBRAxOUOg72G56RHVjtUB
AbL4A/9HOn5Qa0lq9tKI/HkSdc5fGQD/66VdCBAb292RbB7CS/EM07MdbcqRRYIa
0+0gwQ3OdsWPdCVgH5RIhp/WiC+UPkR1cY8N9Mg2kTwJfZZfNqN+BgWlgRMPN27C
OhYNl8Q33Nl9CpBLrZWABF44jPeT0EvvTzP/5ZQ7T75EsYKYiYkAlQMFEDDmryQA
8tkJ67sbQQEBPdsEALCj6v1OBuJLLJTlxmmrkqAZPVzt5QdeO3Eqa2tcPWcU0nqP
vHYMzZcZ7oFg58NZsWrhSQQDIB5e+K65Q/h6dC7W/aDskZd64jxtEznX2kt0/MOr
8OdsDis1K2f9KQftrAx81KmVwW4Tqtzl7NWTDXt44fMOtibCwVq8v2DFkTJy
=JKbP
-----END PGP PUBLIC KEY BLOCK-----&a.rich;
Rich Murphey <rich@FreeBSD.org>
fingerprint = AF A0 60 C4 84 D6 0C 73 D1 EF C0 E9 9D 21 DB E4
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy97V+MAAAEEALiNM3FCwm3qrCe81E20UOSlNclOWfZHNAyOyj1ahHeINvo1
FBF2Gd5Lbj0y8SLMno5yJ6P4F4r+x3jwHZrzAIwMs/lxDXRtB0VeVWnlj6a3Rezs
wbfaTeSVyh5JohEcKdoYiMG5wjATOwK/NAwIPthB1RzRjnEeer3HI3ZYNEOpAAUR
tCRSaWNoIE11cnBoZXkgPHJpY2hAbGFtcHJleS51dG1iLmVkdT6JAJUDBRAve15W
vccjdlg0Q6kBAZTZBACcNd/LiVnMFURPrO4pVRn1sVQeokVX7izeWQ7siE31Iy7g
Sb97WRLEYDi686osaGfsuKNA87Rm+q5F+jxeUV4w4szoqp60gGvCbD0KCB2hWraP
/2s2qdVAxhfcoTin/Qp1ZWvXxFF7imGA/IjYIfB42VkaRYu6BwLEm3YAGfGcSw==
=QoiM
-----END PGP PUBLIC KEY BLOCK-----&a.jdp;
John D. Polstra <jdp@polstra.com>
Fingerprint = 54 3A 90 59 6B A4 9D 61 BF 1D 03 09 35 8D F6 0D
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzMElMEAAAEEALizp6ZW9QifQgWoFmG3cXhzQ1+Gt+a4S1adC/TdHdBvw1M/
I6Ok7TC0dKF8blW3VRgeHo4F3XhGn+n9MqIdboh4HJC5Iiy63m98sVLJSwyGO4oM
dkEGyyCLxqP6h/DU/tzNBdqFzetGtYvU4ftt3RO0a506cr2CHcdm8Q+/vPRJAAUR
tCFKb2huIEQuIFBvbHN0cmEgPGpkcEBwb2xzdHJhLmNvbT6JAJUDBRAzBNBE9RVb
+45ULV0BAWgiA/0WWO3+c3qlptPCHJ3DFm6gG/qNKsY94agL/mHOr0fxMP5l2qKX
O6a1bWkvGoYq0EwoKGFfn0QeHiCl6jVi3CdBX+W7bObMcoi+foqZ6zluOWBC1Jdk
WQ5/DeqQGYXqbYjqO8voCScTAPge3XlMwVpMZTv24u+nYxtLkE0ZcwtY9IkAlQMF
EDMEt/DHZvEPv7z0SQEBXh8D/2egM5ckIRpGz9kcFTDClgdWWtlgwC1iI2p9gEhq
aufy+FUJlZS4GSQLWB0BlrTmDC9HuyQ+KZqKFRbVZLyzkH7WFs4zDmwQryLV5wkN
C4BRRBXZfWy8s4+zT2WQD1aPO+ZsgRauYLkJgTvXTPU2JCN62Nsd8R7bJS5tuHEm
7HGmiQCVAwUQMwSvHB9/qQgDWPy9AQFAhAQAgJ1AlbKITrEoJ0+pLIsov3eQ348m
SVHEBGIkU3Xznjr8NzT9aYtq4TIzt8jplqP3QoV1ka1yYpZf0NjvfZ+ffYp/sIaU
wPbEpgtmHnVWJAebMbNs/Ad1w8GDvxEt9IaCbMJGZnHmfnEqOBIxF7VBDPHHoJxM
V31K/PIoYsHAy5w=
=cHFa
-----END PGP PUBLIC KEY BLOCK-----&a.guido;
Guido van Rooij <guido@gvr.win.tue.nl>
Fingerprint = 16 79 09 F3 C0 E4 28 A7 32 62 FA F6 60 31 C0 ED
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzGeO84AAAEEAKKAY91Na//DXwlUusr9GVESSlVwVP6DyH1wcZXhfN1fyZHq
SwhMCEdHYoojQds+VqD1iiZQvv1RLByBgj622PDAPN4+Z49HjGs7YbZsUNuQqPPU
wRPpP6ty69x1hPKq1sQIB5MS4radpCM+4wbZbhxv7l4rP3RWUbNaYutZnzI9AAUR
tCZHdWlkbyB2YW4gUm9vaWogPGd1aWRvQGd2ci53aW4udHVlLm5sPokAlQMFEDMG
Hcgff6kIA1j8vQEBbYgD/jm9xHuUuY+iXDkOzpCXBYACYEZDV913MjtyBAmaVqYo
Rh5HFimkGXe+rCo78Aau0hc57fFMTsJqnuWEqVt3GRq28hSK1FOZ7ni9/XibHcmN
rt2yugl3hYpClijo4nrDL1NxibbamkGW/vFGcljS0jqXz6NDVbGx5Oo7HBByxByz
iQCVAwUQMhmtVjt/x7zOdmsfAQFuVQQApsVUTigT5YWjQA9Nd5Z0+a/oVtZpyw5Z
OljLJP3vqJdMa6TidhfcatjHbFTve5x1dmjFgMX/MQTd8zf/+Xccy/PX4+lnKNpP
eSf1Y4aK+E8KHmBGd6GzX6CIboyGYLS9e3kGnN06F2AQtaLyJFgQ71wRaGuyKmQG
FwTn7jiKb1aJAJUDBRAyEOLXPt3iN6QQUSEBATwQA/9jqu0Nbk154+Pn+9mJX/YT
fYR2UqK/5FKCqgL5Nt/Deg2re0zMD1f8F9Dj6vuAAxq8hnOkIHKlWolMjkRKkzJi
mSPEWl3AuHJ31k948J8it4f8kq/o44usIA2KKVMlI63Q/rmNdfWCyiYQEVGcRbTm
GTdZIHYCOgV5dOo4ebFqgYkAlQMFEDIE1nMEJn15jgpJ0QEBW6kEAKqN8XSgzTqf
CrxFXT07MlHhfdbKUTNUoboxCGCLNW05vf1A8F5fdE5i14LiwkldWIzPxWD+Sa3L
fNPCfCZTaCiyGcLyTzVfBHA18MBAOOX6JiTpdcm22jLGUWBf/aJK3yz/nfbWntd/
LRHysIdVp29lP5BF+J9/Lzbb/9LxP1taiQCVAwUQMgRXZ44CzbsJWQz9AQFf7gP/
Qa2FS5S6RYKG3rYanWADVe/ikFV2lxuM1azlWbsmljXvKVWGe6cV693nS5lGGAjx
lbd2ADwXjlkNhv45HLWFm9PEveO9Jjr6tMuXVt8N2pxiX+1PLUN9CtphTIU7Yfjn
s6ryZZfwGHSfIxNGi5ua2SoXhg0svaYnxHxXmOtH24iJAJUDBRAyAkpV8qaAEa3W
TBkBARfQBAC+S3kbulEAN3SI7/A+A/dtl9DfZezT9C4SRBGsl2clQFMGIXmMQ/7v
7lLXrKQ7U2zVbgNfU8smw5h2vBIL6f1PyexSmc3mz9JY4er8KeZpcf6H0rSkHl+i
d7TF0GvuTdNPFO8hc9En+GG6QHOqbkB4NRZ6cwtfwUMhk2FHXBnjF4kAlQMFEDH5
FFukUJAsCdPmTQEBe74EAMBsxDnbD9cuI5MfF/QeTNEG4BIVUZtAkDme4Eg7zvsP
d3DeJKCGeNjiCWYrRTCGwaCWzMQk+/+MOmdkI6Oml+AIurJLoHceHS9jP1izdP7f
N2jkdeJSBsixunbQWtUElSgOQQ4iF5kqwBhxtOfEP/L9QsoydRMR1yB6WPD75H7V
iQCVAwUQMZ9YNGtaZ42Bsqd5AQH0PAQAhpVlAc3ZM/KOTywBSh8zWKVlSk3q/zGn
k7hJmFThnlhH1723+WmXE8aAPJi+VXOWJUFQgwELJ6R8jSU2qvk2m1VWyYSqRKvc
VRQMqT2wjss0GE1Ngg7tMrkRHT0il7E2xxIb8vMrIwmdkbTfYqBUhhGnsWPHZHq7
MoA1/b+rK7CJAJUDBRAxnvXh3IDyptUyfLkBAYTDA/4mEKlIP/EUX2Zmxgrd/JQB
hqcQlkTrBAaDOnOqe/4oewMKR7yaMpztYhJs97i03Vu3fgoLhDspE55ooEeHj0r4
cOdiWfYDsjSFUYSPNVhW4OSruMA3c29ynMqNHD7hpr3rcCPUi7J2RncocOcCjjK2
BQb/9IAUNeK4C9gPxMEZLokAlQMFEDGeO86zWmLrWZ8yPQEBEEID/2fPEUrSX3Yk
j5TJPFZ9MNX0lEo7AHYjnJgEbNI4pYm6C3PnMlsYfCSQDHuXmRQHAOWSdwOLvCkN
F8eDaF3M6u0urgeVJ+KVUnTz2+LZoZs12XSZKCte0HxjbvPpWMTTrYyimGezH79C
mgDVjsHaYOx3EXF0nnDmtXurGioEmW1J
=mSvM
-----END PGP PUBLIC KEY BLOCK-----&a.peter;
Peter Wemm <peter@FreeBSD.org>
aka <peter@spinner.dialix.com>
aka <peter@haywire.dialix.com>
aka <peter@perth.dialix.oz.au>
Key fingerprint = 47 05 04 CA 4C EE F8 93 F6 DB 02 92 6D F5 58 8A
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAy9/FJwAAAEEALxs9dE9tFd0Ru1TXdq301KfEoe5uYKKuldHRBOacG2Wny6/
W3Ill57hOi2+xmq5X/mHkapywxvy4cyLdt31i4GEKDvxpDvEzAYcy2n9dIup/eg2
kEhRBX9G5k/LKM4NQsRIieaIEGGgCZRm0lINqw495aZYrPpO4EqGN2HYnOMZAAUT
tCVQZXRlciBXZW1tIDxwZXRlckBoYXl3aXJlLmRpYWxpeC5jb20+iQCVAwUQMwWT
cXW7bjh2o/exAQEFkQP+LIx5zKlYp1uR24xGApMFNrNtjh+iDIWnxxb2M2Kb6x4G
9z6OmbUCoDTGrX9SSL2Usm2RD0BZfyv9D9QRWC2TSOPkPRqQgIycc11vgbLolJJN
eixqsxlFeKLGEx9eRQCCbo3dQIUjc2yaOe484QamhsK1nL5xpoNWI1P9zIOpDiGJ
AJUDBRAxsRPqSoY3Ydic4xkBAbWLA/9q1Fdnnk4unpGQsG31Qbtr4AzaQD5m/JHI
4gRmSmbj6luJMgNG3fpO06Gd/Z7uxyCJB8pTst2a8C/ljOYZxWT+5uSzkQXeMi5c
YcI1sZbUpkHtmqPW623hr1PB3ZLA1TIcTbQW+NzJsxQ1Pc6XG9fGkT9WXQW3Xhet
AP+juVTAhLQlUGV0ZXIgV2VtbSA8cGV0ZXJAcGVydGguZGlhbGl4Lm96LmF1PokA
lQMFEDGxFCFKhjdh2JzjGQEB6XkD/2HOwfuFrnQUtdwFPUkgtEqNeSr64jQ3Maz8
xgEtbaw/ym1PbhbCk311UWQq4+izZE2xktHTFClJfaMnxVIfboPyuiSF99KHiWnf
/Gspet0S7m/+RXIwZi1qSqvAanxMiA7kKgFSCmchzas8TQcyyXHtn/gl9v0khJkb
/fv3R20btB5QZXRlciBXZW1tIDxwZXRlckBGcmVlQlNELm9yZz6JAJUDBRAxsRJd
SoY3Ydic4xkBAZJUA/4i/NWHz5LIH/R4IF/3V3LleFyMFr5EPFY0/4mcv2v+ju9g
brOEM/xd4LlPrx1XqPeZ74JQ6K9mHR64RhKR7ZJJ9A+12yr5dVqihe911KyLKab9
4qZUHYi36WQu2VtLGnw/t8Jg44fQSzbBF5q9iTzcfNOYhRkSD3BdDrC3llywO7Ql
UGV0ZXIgV2VtbSA8cGV0ZXJAc3Bpbm5lci5kaWFsaXguY29tPokAlQMFEDGxEi1K
hjdh2JzjGQEBdA4EAKmNFlj8RF9HQsoI3UabnvYqAWN5wCwEB4u+Zf8zq6OHic23
TzoK1SPlmSdBE1dXXQGS6aiDkLT+xOdeewNs7nfUIcH/DBjSuklAOJzKliXPQW7E
kuKNwy4eq5bl+j3HB27i+WBXhn6OaNNQY674LGaR41EGq44Wo5ATcIicig/z
=gv+h
-----END PGP PUBLIC KEY BLOCK-----&a.joerg;
Type Bits/KeyID Date User ID
pub 1024/76A3F7B1 1996/04/27 Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
Key fingerprint = DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E
Joerg Wunsch <joerg_wunsch@interface-business.de>
Joerg Wunsch <j@uriah.heep.sax.de>
Joerg Wunsch <j@interface-business.de>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzGCFeAAAAEEAKmRBU2Nvc7nZy1Ouid61HunA/5hF4O91cXm71/KPaT7dskz
q5sFXvPJPpawwvqHPHfEbAK42ZaywyFp59L1GaYj87Pda+PlAYRJyY2DJl5/7JPe
ziq+7B8MdvbX6D526sdmcR+jPXPbHznASjkx9DPmK+7TgFujyXW7bjh2o/exAAUR
tC1Kb2VyZyBXdW5zY2ggPGpvZXJnX3d1bnNjaEB1cmlhaC5oZWVwLnNheC5kZT6J
AJUDBRA0FFkBs1pi61mfMj0BAfDCA/oCfkjrhvRwRCpSL8klJ1YDoUJdmw+v4nJc
pw3OpYXbwKOPLClsE7K3KCQscHel7auf91nrekAwbrXv9Clp0TegYeAQNjw5vZ9f
L6UZ5l3fH8E2GGA7+kqgNWs1KxAnG5GdUvJ9viyrWm8dqWRGo+loDWlZ12L2OgAD
fp7jVZTI1okAlQMFEDQPrLoff6kIA1j8vQEB2XQEAK/+SsQPCT/X4RB/PBbxUr28
GpGJMn3AafAaA3plYw3nb4ONbqEw9tJtofAn4UeGraiWw8nHYR2DAzoAjR6OzuX3
TtUV+57BIzrTPHcNkb6h8fPuHU+dFzR+LNoPaGJsFeov6w+Ug6qS9wa5FGDAgaRo
LHSyBxcRVoCbOEaS5S5EiQCVAwUQM5BktWVgqaw0+fnVAQGKPwP+OiWho3Zm2GKp
lEjiZ5zx3y8upzb+r1Qutb08jr2Ewja04hLg0fCrt6Ad3DoVqxe4POghIpmHM4O4
tcW92THQil70CLzfCxtfUc6eDzoP3krD1/Gwpm2hGrmYA9b/ez9+r2vKBbnUhPmC
glx5pf1IzHU9R2XyQz9Xu7FI2baOSZqJAJUDBRAyCIWZdbtuOHaj97EBAVMzA/41
VIph36l+yO9WGKkEB+NYbYOz2W/kyi74kXLvLdTXcRYFaCSZORSsQKPGNMrPZUoL
oAKxE25AoCgl5towqr/sCcu0A0MMvJddUvlQ2T+ylSpGmWchqoXCN7FdGyxrZ5zz
xzLIvtcio6kaHd76XxyJpltCASupdD53nEtxnu8sRrQxSm9lcmcgV3Vuc2NoIDxq
b2VyZ193dW5zY2hAaW50ZXJmYWNlLWJ1c2luZXNzLmRlPokAlQMFEDIIhfR1u244
dqP3sQEBWoID/RhBm+qtW+hu2fqAj9d8CVgEKJugrxZIpXuCKFvO+bCgQtogt9EX
+TJh4s8UUdcFkyEIu8CT2C3Rrr1grvckfxvrTgzSzvtYyv1072X3GkVY+SlUMBMA
rdl1qNW23oT7Q558ajnsaL065XJ5m7HacgTTikiofYG8i1s7TrsEeq6PtCJKb2Vy
ZyBXdW5zY2ggPGpAdXJpYWguaGVlcC5zYXguZGU+iQCVAwUQMaS91D4gHQUlG9CZ
AQGYOwQAhPpiobK3d/fz+jWrbQgjkoO+j39glYGXb22+6iuEprFRs/ufKYtjljNT
NK3B4DWSkyIPawcuO4Lotijp6jke2bsjFSSashGWcsJlpnwsv7EeFItT3oWTTTQQ
ItPbtNyLW6M6xB+jLGtaAvJqfOlzgO9BLfHuA2LY+WvbVW447SWJAJUDBRAxqWRs
dbtuOHaj97EBAXDBA/49rzZB5akkTSbt/gNd38OJgC+H8N5da25vV9dD3KoAvXfW
fw7OxIsxvQ/Ab+rJmukrrWxPdsC+1WU1+1rGa4PvJp/VJRDes2awGrn+iO7/cQoS
IVziC27JpcbvjLvLVcBIiy1yT/RvJ+87a3jPRHt3VFGcpFh4KykxxSNiyGygl4kA
lQMFEDGCUB31FVv7jlQtXQEB5KgD/iIJZe5lFkPr2B/Cr7BKMVBot1/JSu05NsHg
JZ3uK15w4mVtNPZcFi/dKbn+qRM6LKDFe/GF0HZD/ZD1FJt8yQjzF2w340B+F2GG
EOwnClqZDtEAqnIBzM/ECQQqH+6Bi8gpkFZrFgg5eON7ikqmusDnOlYStM/CBfgp
SbR8kDmFtCZKb2VyZyBXdW5zY2ggPGpAaW50ZXJmYWNlLWJ1c2luZXNzLmRlPokA
lQMFEDHioSdlYKmsNPn51QEByz8D/10uMrwP7MdaXnptd1XNFhpaAPYTVAOcaKlY
OGI/LLR9PiU3FbqXO+7INhaxFjBxa0Tw/p4au5Lq1+Mx81edHniJZNS8tz3I3goi
jIC3+jn2gnVAWnK5UZUTUVUn/JLVk/oSaIJNIMMDaw4J9xPVVkb+Fh1A+XqtPsVa
YESrNp0+iQCVAwUQMwXkzcdm8Q+/vPRJAQEA4QQAgNNX1HFgXrMetDb+w6yEGQDk
JCDAY9b6mA2HNeKLQAhsoZl4HwA1+iuQaCgo3lyFC+1Sf097OUTs74z5X1vCedqV
oFw9CxI3xuctt3pJCbbN68flOlnq0WdYouWWGlFwLlh5PEy//VtwX9lqgsizlhzi
t+fX6BT4BgKi5baDhrWJAJUDBRAyCKveD9eCJxX4hUkBAebMA/9mRPy6K6i7TX2R
jUKSl2p5oYrXPk12Zsw4ijuktslxzQhOCyMSCGK2UEC4UM9MXp1H1JZQxN/DcfnM
7VaUt+Ve0wZ6DC9gBSHJ1hKVxHe5XTj26mIr4rcXNy2XEDMK9QsnBxIAZnBVTjSO
LdhqqSMp3ULLOpBlRL2RYrqi27IXr4kAlQMFEDGpbnd1u244dqP3sQEBJnQD/RVS
Azgf4uorv3fpbosI0LE3LUufAYGBSJNJnskeKyudZkNkI5zGGDwVneH/cSkKT4OR
ooeqcTBxKeMaMuXPVl30QahgNwWjfuTvl5OZ8orsQGGWIn5FhqYXsKkjEGxIOBOf
vvlVQ0UbcR0N2+5F6Mb5GqrXZpIesn7jFJpkQKPU
=97h7
-----END PGP PUBLIC KEY BLOCK-----Developers&a.wosch;
Type Bits/KeyID Date User ID
pub 1024/2B7181AD 1997/08/09 Wolfram Schneider <wosch@FreeBSD.org>
Key fingerprint = CA 16 91 D9 75 33 F1 07 1B F0 B4 9F 3E 95 B6 09
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzPs+aEAAAEEAJqqMm2I9CxWMuHDvuVO/uh0QT0az5ByOktwYLxGXQmqPG1G
Q3hVuHWYs5Vfm/ARU9CRcVHFyqGQ3LepoRhDHk+JcASHan7ptdFsz7xk1iNNEoe0
vE2rns38HIbiyQ/2OZd4XsyhFOFtExNoBuyDyNoe3HbHVBQT7TmN/mkrcYGtAAUR
tCVXb2xmcmFtIFNjaG5laWRlciA8d29zY2hARnJlZUJTRC5vcmc+iQCVAwUQNxnH
AzmN/mkrcYGtAQF5vgP/SLOiI4AwuPHGwUFkwWPRtRzYSySXqwaPCop5mVak27wk
pCxGdzoJO2UgcE812Jt92Qas91yTT0gsSvOVNATaf0TM3KnKg5ZXT1QIzYevWtuv
2ovAG4au3lwiFPDJstnNAPcgLF3OPni5RCUqBjpZFhb/8YDfWYsMcyn4IEaJKre0
JFdvbGZyYW0gU2NobmVpZGVyIDxzY2huZWlkZXJAemliLmRlPokAlQMFEDcZxu85
jf5pK3GBrQEBCRgD/jPj1Ogx4O769soiguL1XEHcxhqtrpKZkKwxmDLRa0kJFwLp
bBJ3Qz3vwaB7n5gQU0JiL1B2M7IxVeHbiIV5pKp7FD248sm+HZvBg6aSnCg2JPUh
sHd1tK5X4SB5cjFt3Cj0LIN9/c9EUxm3SoML9bovmze60DckErrRNOuTk1IntCJX
b2xmcmFtIFNjaG5laWRlciA8d29zY2hAYXBmZWwuZGU+iQEVAwUQNmfWXAjJLLJO
sC7dAQEASAgAnE4g2fwMmFkQy17ATivljEaDZN/m0GdXHctdZ8CaPrWk/9/PTNK+
U6xCewqIKVwtqxVBMU1VpXUhWXfANWCB7a07D+2GrlB9JwO5NMFJ6g0WI/GCUXjC
xb3NTkNsvppL8Rdgc8wc4f23GG4CXVggdTD2oUjUH5Bl7afgOT4xLPAqePhS7hFB
UnMsbA94OfxPtHe5oqyaXt6cXH/SgphRhzPPZq0yjg0Ef+zfHVamvZ6Xl2aLZmSv
Cc/rb0ShYDYi39ly9OPPiBPGbSVw2Gg804qx3XAKiTFkLsbYQnRt7WuCPsOVjFkf
CbQS31TaclOyzenZdCAezubGIcrJAKZjMIkAlQMFEDPs+aE5jf5pK3GBrQEBlIAD
/3CRq6P0m1fi9fbPxnptuipnoFB/m3yF6IdhM8kSe4XlXcm7tS60gxQKZgBO3bDA
5QANcHdl41Vg95yBAZepPie6iQeAAoylRrONeIy6XShjx3S0WKmA4+C8kBTL+vwa
UqF9YJ1qesZQtsXlkWp/Z7N12RkueVAVQ7wRPwfnz6E3tC5Xb2xmcmFtIFNjaG5l
aWRlciA8d29zY2hAcGFua2UuZGUuZnJlZWJzZC5vcmc+iQCVAwUQNxnEqTmN/mkr
cYGtAQFnpQP9EpRZdG6oYN7d5abvIMN82Z9x71a4QBER+R62mU47wqdRG2b6jMMh
3k07b2oiprVuPhRw/GEPPQevb6RRT6SD9CPYAGfK3MDE8ZkMj4d+7cZDRJQ35sxv
gAzQwuA9l7kS0mt5jFRPcEg5/KpuyehRLckjx8jpEM7cEJDHXhBIuVg=
=3V1R
-----END PGP PUBLIC KEY BLOCK-----&a.brian;
Type Bits/KeyID Date User ID
pub 1024/666A7421 1997/04/30 Brian Somers <brian@awfulhak.org>
Key fingerprint = 2D 91 BD C2 94 2C 46 8F 8F 09 C4 FC AD 12 3B 21
Brian Somers <brian@uk.FreeBSD.org>
Brian Somers <brian@OpenBSD.org>
Brian Somers <brian@FreeBSD.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzNmogUAAAEEALdsjVsV2dzO8UU4EEo7z3nYuvB2Q6YJ8sBUYjB8/vfR5oZ9
7aEQjgY5//pXvS30rHUB9ghk4kIFSljzeMudE0K2zH5n2sxpLbBKWZRDLS7xnrDC
I3j9CNKwQBzMPs0fUT46gp96nf1X8wPiJXkDUEia/c0bRbXlLw7tvOdmanQhAAUR
tCFCcmlhbiBTb21lcnMgPGJyaWFuQGF3ZnVsaGFrLm9yZz6JAJUDBRA3Fjs4H3+p
CANY/L0BAZOxBACTZ1zPdaJzEdT4AfrebQbaU4ytEeodnVXZIkc8Il+LDlDOUAIe
k5PgnHTRM4yiwcZuYQrCDRFgdOofcFfRo0PD7mGFzd22qPGmbvHiDBCYCyhlkPXW
IDeoA1cX77JlU1NFdy0dZwuX7csaMlpjCkOPc7+856mr6pQi48zj7yZtrYkAlQMF
EDcUqZ2dZ0EADG4SFQEBEm0EAL2bBNc4vpxPrg3ATdZ/PekpL6lYj3s9pBf8f7eY
LXq438A/ywiWkrL74gXxcZ2Ey9AHZW+rbJPzUbrfMAgP3uWobeSvDyKRo1wtKnTY
Hy+OEIbBIHDmIUuK3L7KupBf7WAI46Q7fnyz0txvtRruDjvfoyl9/TSRfIKcaw2a
INh7iQCVAwUQNwyWpmdKPfFUsXG5AQEIrAQAmukv2u9ihcnO2Zaak265I+gYozu+
biAngdXNfhTGMeExFzdzQ8Qe7EJugMpIDEkJq2goY35sGitD+ogSVWECjcVbHIAP
M2u9axFGlK7fDOmmkH2ZWDMtwx2I5dZps3q2g9mY2O9Az5Yokp7GW7viSpWXHTRH
xOsuY6aze71U7RWJAHUDBRA3DAEvDuwDH3697LEBAWRHAv9XXkub6mir/DCxzKI2
AE3tek40lRfU6Iukjl/uzT9GXcL3uEjIewiPTwN+k4IL+qcCEdv8WZgv/tO45r59
IZQsicNaSAsKX/6Cxha6Hosg1jw4rjdyz13rgYRi/nreq5mJAJUDBRA2r0CM9p+f
Pnxlu7UBAYObA/40s5SwEpXTrePO78AoUFEa5Z4bgyxkpT7BVbq6m/oQtK509Xe2
M2y0XTLkd86oXpjyKzGzWq8T6ZTKNdF9+5LhS2ylJytdPq1AjDk2BocffWX4+pXn
RPiC6XcNdYGiQL8OTHvZESYQDiHeMfwA8WdMzFK1R80nJMwANYXjJJrLzYkAlQMF
EDNt51zvs7EFZlNtbQEBW0UD/jZB6UDdEFdhS0hxgahv5CxaQDWQbIEpAY9JL1yg
d1RWMKUFGXdRkWZmHEA4NvtwFFeam/HZm4yuGf8yldMyo84loTcVib7lKh4CumGx
FT5Pxeh/F8u9EeQzclRFSMhVl0BA2/HEGyjw0kbkprI/RD3pXD7ewTAUrj2O3XhE
InLgiQCVAwUQM3O9vWyr6JZzEUkFAQF9nAP9Hco0V/3Kl70N5ryPVgh41nUTd7Td
6fUjx8yPoSZLX8vVZ8XMyd8ULFmzsmA+2QG4HcKo/x/4s50O3o8c+o1qSYj0Tp+K
4Z8lneMVlgBNdrRcq4ijEgk0qGqSlsXyLElkVPEXAADBVgzf6yqvipDwXNVzl6e3
GPLE8U2TAnBFZX6JAJUDBRAzZqIFDu2852ZqdCEBATsuBACI3ofP7N3xuHSc7pWL
NsnFYVEc9utBaclcagxjLLzwPKzMBcLjNGyGXIZQNB0d4//UMUJcMS7vwZ8MIton
VubbnJVHuQvENloRRARtarF+LC7OLMCORrGtbt0FtYgvBaqtgXlNcKXD6hRT+ghR
bi3q34akA7Xw8tiFIxdVgSusALQjQnJpYW4gU29tZXJzIDxicmlhbkB1ay5GcmVl
QlNELm9yZz6JAJUDBRA3FLWcnWdBAAxuEhUBAcYYBACos9nKETuaH+z2h0Ws+IIY
mN9FEm8wpPUcQmX5GFhfBUQ+rJbflzv0jJ/f2ac9qJHgIIAlJ3pMkfMpU8UYHEuo
VCe4ZTU5sr4ZdBaF9kpm2OriFgZwIv4QAi7dCMu9ZwGRtZ3+z3DQsVSagucjZTIe
yTUR6K+7E3YXANQjOdqFZYkAlQMFEDcUpeQO7bznZmp0IQEB4HED/Ru3NjwWO1gl
xEiLTzRpU31Rh1Izw1lhVMVJkLAGBw9ieSkjvdIkuhqV1i+W4wKBClT0UOE28Kjp
WbBKPFIASRYzN4ySwpprsG5H45EFQosovYG/HPcMzXU2GMj0iwVTxnMq7I8oH588
ExHqfEN2ARD3ngmB2499ruyGl26pW/BftCBCcmlhbiBTb21lcnMgPGJyaWFuQE9w
ZW5CU0Qub3JnPokAlQMFEDcUtW6dZ0EADG4SFQEBQwsD/j9B/lkltIdnQdjOqR/b
dOBgJCtUf905y6kD+k4kbxeT1YAaA65KJ2o/Zj+i+69F2+BUJ/3kYB7prKwut2h0
ek1ZtncGxoAsQdFJ5JSeMkwUZ5qtGeCmVPb59+KPq3nU6p3RI8Bn77FzK//Qy+IW
/WFVJbf/6NCNCbyRiRjPbGl/iQCVAwUQNxSlyA7tvOdmanQhAQFzMAP/dvtsj3yB
C+seiy6fB/nS+NnKBoff3Ekv57FsZraGt4z9n4sW61eywaiRzuKlhHqrDE17STKa
fBOaV1Ntl7js7og5IFPWNlVh1cK+spDmd655D8pyshziDF6fSAsqGfTn35xl23Xj
O20MMK44j4I5V6rEyUDBDrmX49J56OFkfwa0IEJyaWFuIFNvbWVycyA8YnJpYW5A
RnJlZUJTRC5vcmc+iQCVAwUQNxS1Y51nQQAMbhIVAQHPBQP+IMUlE4DtEvSZFtG4
YK9usfHSkStIafh/F/JzSsqdceLZgwcuifbemw79Rhvqhp0Cyp7kuI2kHO3a19kZ
3ZXlDl3VDg41SV/Z5LzNw9vaZKuF/vtGaktOjac5E5aznWGIA5czwsRgydEOcd8O
VPMUMrdNWRI6XROtnbZaRSwmD8aJAJUDBRA3FKWuDu2852ZqdCEBAWVJA/4x3Mje
QKV+KQoO6mOyoIcD4GK1DjWDvNHGujJbFGBmARjr/PCm2cq42cPzBxnfRhCfyEvN
aesNB0NjLjRU/m7ziyVn92flAzHqqmU36aEdqooXUY2T3vOYzo+bM7VtInarG1iU
qw1G19GgXUwUkPvy9+dNIM/aYoI/e0Iv3P9uug==
=R3k0
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/en/handbook/ports/chapter.sgml b/en/handbook/ports/chapter.sgml
index d5e27dcaa6..367ab8e108 100644
--- a/en/handbook/ports/chapter.sgml
+++ b/en/handbook/ports/chapter.sgml
@@ -1,4610 +1,4610 @@
Installing Applications: The Ports collectionContributed by &a.jraynard;.The FreeBSD Ports collection allows you to compile and install a very
wide range of applications with a minimum of effort.For all the hype about open standards, getting a program to work on
different versions of Unix in the real world can be a tedious and tricky
business, as anyone who has tried it will know. You may be lucky enough
to find that the program you want will compile cleanly on your system,
install itself in all the right places and run flawlessly “out of
the box”, but this is unfortunately rather rare. With most
programs, you will find yourself doing a fair bit of head-scratching, and
there are quite a few programs that will result in premature greying, or
even chronic alopecia...Some software distributions have attacked this problem by providing
configuration scripts. Some of these are very clever, but they have an
unfortunate tendency to triumphantly announce that your system is
something you have never heard of and then ask you lots of questions that
sound like a final exam in system-level Unix programming (Does
your system's gethitlist function return a const pointer to a fromboz or
a pointer to a const fromboz? Do you have Foonix style unacceptable
exception handling? And if not, why not?).Fortunately, with the Ports collection, all the hard work involved has
already been done, and you can just type make install
and get a working program.Why Have a Ports Collection?The base FreeBSD system comes with a very wide range of tools and
system utilities, but a lot of popular programs are not in the base
system, for good reasons:-Programs that some people cannot live without and other people
cannot stand, such as a certain Lisp-based editor.Programs which are too specialised to put in the base system
(CAD, databases).Programs which fall into the “I must have a look at that
when I get a spare minute” category, rather than
system-critical ones (some languages, perhaps).Programs that are far too much fun to be supplied with a serious
operating system like FreeBSD ;-)However many programs you put in the base system, people will
always want more, and a line has to be drawn somewhere (otherwise
FreeBSD distributions would become absolutely enormous).Obviously it would be unreasonable to expect everyone to port their
favourite programs by hand (not to mention a tremendous amount of
duplicated work), so the FreeBSD Project came up with an ingenious way
of using standard tools that would automate the process.Incidentally, this is an excellent illustration of how “the
Unix way” works in practice by combining a set of simple but very
flexible tools into something very powerful.How Does the Ports Collection Work?Programs are typically distributed on the Internet as a tarball consisting of a Makefile and
the source code for the program and usually some instructions (which are
unfortunately not always as instructive as they could be), with perhaps
a configuration script.The standard scenario is that you FTP down the tarball, extract it
somewhere, glance through the instructions, make any changes that seem
necessary, run the configure script to set things up and use the
standard make program to compile and install the
program from the source.FreeBSD ports still use the tarball mechanism, but use a skeleton to hold the
"knowledge" of how to get the program working on FreeBSD,
rather than expecting the user to be able to work it out. They also
supply their own customised Makefile, so that almost every port
can be built in the same way.If you look at a port skeleton (either on your FreeBSD
system or the
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/ports/devel/ElectricFence">the
FTP site) and expect to find all sorts of pointy-headed rocket
science lurking there, you may be disappointed by the one or two rather
unexciting-looking files and directories you find there. (We will
discuss in a minute how to go about Getting a port).“How on earth can this do anything?” I hear you cry.
“There is no source code there!”Fear not, gentle reader, all will become clear (hopefully). Let us
see what happens if we try and install a port. I have chosen
ElectricFence, a useful tool for developers,
as the skeleton is more straightforward than most.If you are trying this at home, you will need to be root.&prompt.root; cd /usr/ports/devel/ElectricFence
&prompt.root; make install
>> Checksum OK for ElectricFence-2.0.5.tar.gz.
===> Extracting for ElectricFence-2.0.5
===> Patching for ElectricFence-2.0.5
===> Applying FreeBSD patches for ElectricFence-2.0.5
===> Configuring for ElectricFence-2.0.5
===> Building for ElectricFence-2.0.5
[lots of compiler output...]
===> Installing for ElectricFence-2.0.5
===> Warning: your umask is "0002". If this is not desired, set it to
an appropriate value and install this port again by ``make reinstall''.
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.a /usr/local/lib
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.3 /usr/local/man/man3
===> Compressing manual pages for ElectricFence-2.0.5
===> Registering installation for ElectricFence-2.0.5To avoid confusing the issue, I have completely removed the build
output.If you tried this yourself, you may well have got something like
this at the start:-&prompt.root; make install
>> ElectricFence-2.0.5.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://ftp.doc.ic.ac.uk/Mirrors/sunsite.unc.edu/pub/Linux/devel/lang/c/.The make program has noticed that you did not
have a local copy of the source code and tried to FTP it down so it
could get the job done. I already had the source handy in my example,
so it did not need to fetch it.Let's go through this and see what the make
program was doing.Locate the source code tarball. If it is not available
locally, try to grab it from an FTP site.Run a checksum test on the
tarball to make sure it has not been tampered with, accidentally
truncated, downloaded in ASCII mode, struck by neutrinos while in
transit, etc.Extract the tarball into a temporary work directory.Apply any patches needed to
get the source to compile and run under FreeBSD.Run any configuration script required by the build process and
correctly answer any questions it asks.(Finally!) Compile the code.Install the program executable and other supporting files, man
pages, etc. under the /usr/local hierarchy
(unless this is an X11 program,
then it will be under /usr/X11R6),
where they will not get mixed up with system programs. This also
makes sure that all the ports you install will go in the same place,
instead of being flung all over your system.Register the installation in a database. This means that, if
you do not like the program, you can cleanly remove all traces of it from your
system.Scroll up to the make output and see if you can
match these steps to it. And if you were not impressed before, you
should be by now!Getting a FreeBSD PortThere are two ways of getting hold of the FreeBSD port for a
program. One requires a FreeBSD CDROM,
the other involves using an Internet
Connection.Compiling ports from CDROMAssuming that your FreeBSD CDROM is in the drive and mounted on
/cdrom (and the mount point
must be /cdrom), you should
then be able to build ports just as you normally do and the port
collection's built in search path should find the tarballs in
/cdrom/ports/distfiles/ (if they exist there)
rather than downloading them over the net.Another way of doing this, if you want to just use the port
skeletons on the CDROM, is to set these variables in
/etc/make.conf:
PORTSDIR= /cdrom/ports
DISTDIR= /tmp/distfiles
WRKDIRPREFIX= /tmpSubstitute /tmp for any place you have enough
free space. Then, just cd to the appropriate
subdirectory under /cdrom/ports and type
make install as usual.
WRKDIRPREFIX will cause the port to be build under
/tmp/cdrom/ports; for instance,
games/oneko will be built under
/tmp/cdrom/ports/games/oneko.There are some ports for which we cannot provide the original
source in the CDROM due to licensing limitations. In that case, you
will need to look at the section on Compiling ports using an Internet
connection.Compiling ports from the InternetIf you do not have a CDROM, or you want to make sure you get the
very latest version of the port you want, you will need to download
the skeleton for the port. Now
this might sound like rather a fiddly job full of pitfalls, but it is
actually very easy.First, if you are running a release version of FreeBSD, make sure
you get the appropriate “upgrade kit” for your release
- from the ports web
+ from the ports web
page. These packages include files that have been updated
since the release that you may need to compile new ports.The key to the skeletons is that the FreeBSD FTP server can create
on-the-fly tarballs for you.
Here is how it works, with the gnats program in the databases
directory as an example (the bits in square brackets are comments. Do
not type them in if you are trying this yourself!):-&prompt.root; cd /usr/ports
&prompt.root; mkdir databases
&prompt.root; cd databases
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/ports/databasesftp>get gnats.tar
[tars up the gnats skeleton for us]
ftp>quit
&prompt.root; tar xf gnats.tar
[extract the gnats skeleton]
&prompt.root; cd gnats
&prompt.root; make install
[build and install gnats]What happened here? We connected to the FTP server in the usual
way and went to its databases sub-directory.
When we gave it the command get gnats.tar, the FTP
server tarred up the gnats
directory for us.We then extracted the gnats skeleton and went into the gnats
directory to build the port. As we explained earlier, the make process noticed we
did not have a copy of the source locally, so it fetched one before
extracting, patching and building it.Let us try something more ambitious now. Instead of getting a
single port skeleton, we will get a whole sub-directory, for example all
the database skeletons in the ports collection. It looks almost the
same:-&prompt.root; cd /usr/ports
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/portsftp>get databases.tar
[tars up the databases directory for us]
ftp>quit
&prompt.root; tar xf databases.tar
[extract all the database skeletons]
&prompt.root; cd databases
&prompt.root; make install
[build and install all the database ports]With half a dozen straightforward commands, we have now got a set
of database programs on our FreeBSD machine! All we did that was
different from getting a single port skeleton and building it was that
we got a whole directory at once, and compiled everything in it at
once. Pretty impressive, no?If you expect to be installing many ports, it is probably worth
downloading all the ports directories.SkeletonsA team of compulsive hackers who have forgotten to eat in a frantic
attempt to make a deadline? Something unpleasant lurking in the FreeBSD
attic? No, a skeleton here is a minimal framework that supplies
everything needed to make the ports magic work.MakefileThe most important component of a skeleton is the Makefile. This
contains various statements that specify how the port should be
compiled and installed. Here is the Makefile for
ElectricFence:-
# New ports collection makefile for: Electric Fence
# Version required: 2.0.5
# Date created: 13 November 1997
# Whom: jraynard
#
# $Id$
#
DISTNAME= ElectricFence-2.0.5
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_SUNSITE}
MASTER_SITE_SUBDIR= devel/lang/c
MAINTAINER= jraynard@freebsd.org
MAN3= libefence.3
do-install:
${INSTALL_DATA} ${WRKSRC}/libefence.a ${PREFIX}/lib
${INSTALL_MAN} ${WRKSRC}/libefence.3 ${PREFIX}/man/man3
.include <bsd.port.mk>The lines beginning with a "#" sign are comments for the
benefit of human readers (as in most Unix script files).DISTNAME specifies the name of the tarball, but without the
extension.CATEGORIES states what kind of program this is.
In this case, a utility for developers. See the categories section of this
handbook for a complete list.MASTER_SITES is the URL(s) of the master FTP
site, which is used to retrieve the tarball if it is not available on the
local system. This is a site which is regarded as reputable, and is
normally the one from which the program is officially distributed (in
so far as any software is "officially" distributed on the
Internet).MAINTAINER is the email address of the person
who is responsible for updating the skeleton if, for example a new
version of the program comes out.Skipping over the next few lines for a minute, the line
.include <bsd.port.mk> says that the other
statements and commands needed for this port are in a standard file
called bsd.port.mk. As these are the same for
all ports, there is no point in duplicating them all over the place,
so they are kept in a single standard file.This is probably not the place to go into a detailed examination
of how Makefiles work; suffice it to say that the line starting with
MAN3 ensures that the ElectricFence man page is
compressed after installation, to help conserve your precious disk
space. The original port did not provide an
install target, so the three lines from
do-install ensure that the files produced by
this port are placed in the correct destination.The files directoryThe file containing the checksum for the port is called
md5, after the MD5 algorithm used for ports
checksums. It lives in a directory with the slightly confusing name
of files.This directory can also contain other miscellaneous files that are
required by the port and do not belong anywhere else.The patches directoryThis directory contains the patches needed to make everything work
properly under FreeBSD.The pkg directoryThis program contains three quite useful files:-COMMENT — a one-line description of
the program.DESCR — a more detailed
description.PLIST — a list of all the files
that will be created when the program is installed.What to do when a port does not work.Oh. You can do one of four (4) things :Fix it yourself. Technical details on how ports work can be
found in Porting applications.Gripe. This is done by e-mail only! Send
such e-mail to the maintainer of the port, first. Type
make maintainer or read the
Makefile to find the maintainer's email
address. Remember to include the name/version of
the port (copy the $Id: line from the
Makefile), and the output leading up-to the
error, inclusive. If you do not get a satisfactory response,
you can try filing a bug report with send-pr.
Forget it. This is the easiest for most — very few of the
programs in ports can be classified as essential!Grab the pre-compiled package from a ftp server. The
“master” package collection is on FreeBSD's FTP server
in the packages
directory, though check your local mirror first, please!
These are more likely to work (on the whole) than trying to compile
from source and a lot faster besides! Use the &man.pkg.add.1;
program to install a package file on your
system.Some Questions and AnswersQ. I thought this was going to be a discussion about
modems??!A. Ah. You must be thinking of the serial ports on the back of
your computer. We are using “port” here to mean the
result of “porting” a program from one version of Unix
to another. (It is an unfortunate bad habit of computer people to
use the same word to refer to several completely different
things).Q. I thought you were supposed to use packages to install extra
programs?A. Yes, that is usually the quickest and easiest way of doing
it.Q. So why bother with ports then?A. Several reasons:-The licensing conditions on some software distributions
require that they be distributed as source code, not
binaries.Some people do not trust binary distributions. At least
with source code you can (in theory) read through it and look
for potential problems yourself.If you have some local patches, you will need the source to
add them yourself.You might have opinions on how a program should be compiled
that differ from the person who did the package — some
people have strong views on what optimisation setting should be
used, whether to build debug versions and then strip them or
not, etc. etc.Some people like having code around, so they can read it if
they get bored, hack around with it, borrow from it (licence
terms permitting, of course!) and so on.If you ain't got the source, it ain't software! ;-) Q. What is a patch?A. A patch is a small (usually) file that specifies how to go
from one version of a file to another. It contains text that says,
in effect, things like “delete line 23”, “add
these two lines after line 468” or “change line 197 to
this”. Also known as a “diff”, since it is
generated by a program of that name. Q. What is all this about
tarballs?A. It is a file ending in .tar or
.tar.gz (with variations like
.tar.Z, or even .tgz if
you are trying to squeeze the names into a DOS filesystem).Basically, it is a directory tree that has been archived into a
single file (.tar) and optionally compressed
(.gz). This technique was originally used for
Tape ARchives (hence the
name tar), but it is a widely used way of
distributing program source code around the Internet.You can see what files are in them, or even extract them
yourself, by using the standard Unix tar program, which comes with
the base FreeBSD system, like this:-&prompt.user; tar tvzf foobar.tar.gz
&prompt.user; tar xzvf foobar.tar.gz
&prompt.user; tar tvf foobar.tar
&prompt.user; tar xvf foobar.tar Q. And a checksum?A. It is a number generated by adding up all the data in the
file you want to check. If any of the characters change, the
checksum will no longer be equal to the total, so a simple
comparison will allow you to spot the difference. (In practice, it
is done in a more complicated way to spot problems like
position-swapping, which will not show up with a simplistic
addition).Q. I did what you said for compiling
ports from a CDROM and it worked great until I tried to
install the kermit port:-&prompt.root; make install
>> cku190.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://kermit.columbia.edu/kermit/archives/.Why can it not be found? Have I got a dud CDROM?A. The licensing terms for kermit do not allow us to put the
tarball for it on the CDROM, so you will have to fetch it by hand
— sorry! The reason why you got all those error messages was
because you were not connected to the Internet at the time. Once
you have downloaded it from any of the sites above, you can re-start
the process (try and choose the nearest site to you, though, to save
your time and the Internet's bandwidth).Q. I did that, but when I tried to put it into
/usr/ports/distfiles I got some error about not
having permission.A. The ports mechanism looks for the tarball in
/usr/ports/distfiles, but you will not be able
to copy anything there because it is sym-linked to the CDROM, which
is read-only. You can tell it to look somewhere else by
doing&prompt.root; make DISTDIR=/where/you/put/it installQ. Does the ports scheme only work if you have everything in
/usr/ports? My system administrator says I must
put everything under
/u/people/guests/wurzburger, but it does not
seem to work.A. You can use the PORTSDIR and
PREFIX variables to tell the ports mechanism to
use different directories. For instance,&prompt.root; make PORTSDIR=/u/people/guests/wurzburger/ports installwill compile the port in
/u/people/guests/wurzburger/ports and install
everything under /usr/local.&prompt.root; make PREFIX=/u/people/guests/wurzburger/local installwill compile it in /usr/ports and install
it in /u/people/guests/wurzburger/local.And of course&prompt.root; make PORTSDIR=.../ports PREFIX=.../local installwill combine the two (it is too long to fit on the page if I
write it in full, but I am sure you get the idea).If you do not fancy typing all that in every time you install a
port (and to be honest, who would?), it is a good idea to put these
variables into your environment.Q. I do not have a FreeBSD CDROM, but I would like to have all
the tarballs handy on my system so I do not have to wait for a
download every time I install a port. Is there an easy way to get
them all at once?A. To get every single tarball for the ports collection,
do&prompt.root; cd /usr/ports
&prompt.root; make fetchFor all the tarballs for a single ports directory, do&prompt.root; cd /usr/ports/directory
&prompt.root; make fetchand for just one port — well, I think you have guessed
already.Q. I know it is probably faster to fetch the tarballs from one
of the FreeBSD mirror sites close by. Is there any way to tell the
port to fetch them from servers other than ones listed in the
MASTER_SITES?A. Yes. If you know, for example, ftp.FreeBSD.ORG is much closer than sites
listed in MASTER_SITES, do as following
example.&prompt.root; cd /usr/ports/directory
&prompt.root; make MASTER_SITE_OVERRIDE=ftp://ftp.FreeBSD.ORG/pub/FreeBSD/ports/distfiles/ fetchQ. I want to know what files make is going to need before it
tries to pull them down.A. make fetch-list will display a list of
the files needed for a port.Q. Is there any way to stop the port from compiling? I want to
do some hacking on the source before I install it, but it is a bit
tiresome having to watch it and hit control-C every time.A. Doing make extract will stop it after it
has fetched and extracted the source code.Q. I am trying to make my own port and I want to be able to
stop it compiling until I have had a chance to see if my patches
worked properly. Is there something like make
extract, but for patches?A. Yep, make patch is what you want. You
will probably find the PATCH_DEBUG option useful
as well. And by the way, thank you for your efforts!Q. I have heard that some compiler options can cause bugs. Is
this true? How can I make sure that I compile ports with the right
settings?A. Yes, with version 2.6.3 of gcc (the
version shipped with FreeBSD 2.1.0 and 2.1.5), the
option could result in buggy code unless you
used the option as well.
(Most of the ports do not use ). You
should be able to specify the compiler options
used by something like&prompt.root; make CFLAGS='-O2 -fno-strength-reduce' installor by editing /etc/make.conf, but
unfortunately not all ports respect this. The surest way is to do
make configure, then go into the source directory
and inspect the Makefiles by hand, but this can get tedious if the
source has lots of sub-directories, each with their own
Makefiles.Q. There are so many ports it is hard to find the one I want.
Is there a list anywhere of what ports are available?A. Look in the INDEX file in
/usr/ports. If you would like to search the
ports collection for a keyword, you can do that too. For example,
you can find ports relevant to the LISP programming language
using:&prompt.user; cd /usr/ports
&prompt.user; make search key=lispQ. I went to install the foo port but the
system suddenly stopped compiling it and starting compiling the
bar port. What is going on?A. The foo port needs something that is
supplied with bar — for instance, if
foo uses graphics, bar might
have a library with useful graphics processing routines. Or
bar might be a tool that is needed to compile the
foo port. Q. I installed the
grizzle program from the ports and frankly it is
a complete waste of disk space. I want to delete it but I do not
know where it put all the files. Any clues?A. No problem, just do&prompt.root; pkg_delete grizzle-6.5Alternatively, you can do&prompt.root; cd /usr/ports/somewhere/grizzle
&prompt.root; make deinstall
Q. Hang on a minute, you have to know the version number to use
that command. You do not seriously expect me to remember that, do
you??A. Not at all, you can find it out by doing&prompt.root; pkg_info -a | grep grizzle
Information for grizzle-6.5:
grizzle-6.5 - the combined piano tutorial, LOGO interpreter and shoot 'em up arcade game.Q. Talking of disk space, the ports directory seems to be
taking up an awful lot of room. Is it safe to go in there and
delete things?A. Yes, if you have installed the program and are fairly
certain you will not need the source again, there is no point in
keeping it hanging around. The best way to do this is&prompt.root; cd /usr/ports
&prompt.root; make cleanwhich will go through all the ports subdirectories and delete
everything except the skeletons for each port.Q. I tried that and it still left all those tarballs or
whatever you called them in the distfiles
directory. Can I delete those as well?A. Yes, if you are sure you have finished with them, those can
go as well.Q. I like having lots and lots of programs to play with. Is
there any way of installing all the ports in one go?A. Just do&prompt.root; cd /usr/ports
&prompt.root; make installQ. OK, I tried that, but I thought it would take a very long
time so I went to bed and left it to get on with it. When I looked
at the computer this morning, it had only done three and a half
ports. Did something go wrong?A. No, the problem is that some of the ports need to ask you
questions that we cannot answer for you (eg “Do you want to
print on A4 or US letter sized paper?”) and they need to have
someone on hand to answer them.Q. I really do not want to spend all day staring at the
monitor. Any better ideas?A. OK, do this before you go to bed/work/the local
park:-&prompt.root cd /usr/ports
&prompt.root; make -DBATCH installThis will install every port that does not
require user input. Then, when you come back, do&prompt.root; cd /usr/ports
&prompt.root; make -DIS_INTERACTIVE installto finish the job.Q. At work, we are using frobble, which is
in your ports collection, but we have altered it quite a bit to get
it to do what we need. Is there any way of making our own packages,
so we can distribute it more easily around our sites?A. No problem, assuming you know how to make patches for your
changes:-&prompt.root; cd /usr/ports/somewhere/frobble
&prompt.root; make extract
&prompt.root; cd work/frobble-2.8
[Apply your patches]
&prompt.root; cd ../..
&prompt.root; make packageQ. This ports stuff is really clever. I am desperate to find
out how you did it. What is the secret?A. Nothing secret about it at all, just look at the
bsd.ports.mk and
bsd.ports.subdir.mk files in your makefiles
directory.Readers with an aversion to intricate shell-scripts are
advised not to follow this link...)Making a port yourselfContributed by &a.jkh;, &a.gpalmer;, &a.asami; &a.obrien;
and &a.hoek;. 28 August 1996.So, now you are interested in making your own port? Great!What follows are some guidelines for creating a new port for
FreeBSD. The bulk of the work is done by
/usr/ports/Mk/bsd.port.mk, which all port Makefiles
include. Please refer to that file for more details on the inner
workings of the ports collection. Even if you do not hack Makefiles
daily, it is well commented, and you will still gain much knowledge from
it.Only a fraction of the overridable variables
(VAR) are mentioned in
this document. Most (if not all) are documented at the start of
bsd.port.mk. This file users a non-standard tab
setting. Emacs and
Vim should recognise the setting on loading
the file. vi or ex can be set
to use the correct value by typing :set tabstop=4
once the file has been loaded.Quick PortingThis section tells you how to do a quick port. In many cases, it
is not enough, but we will see.First, get the original tarball and put it into
DISTDIR, which defaults to
/usr/ports/distfiles.The following assumes that the software compiled out-of-the-box,
i.e., there was absolutely no change required for the port to work
on your FreeBSD box. If you needed to change something, you will
have to refer to the next section too.Writing the MakefileThe minimal Makefile would look something
like this:
# New ports collection makefile for: oneko
# Version required: 1.1b
# Date created: 5 December 1994
# Whom: asami
#
# $Id$
#
DISTNAME= oneko-1.1b
CATEGORIES= games
MASTER_SITES= ftp://ftp.cs.columbia.edu/archives/X11R5/contrib/
MAINTAINER= asami@FreeBSD.ORG
MAN1= oneko.1
MANCOMPRESSED= yes
USE_IMAKE= yes
.include <bsd.port.mk>See if you can figure it out. Do not worry about the contents
of the $Id$ line, it will be filled in
automatically by CVS when the port is imported to our main ports
tree. You can find a more detailed example in the sample Makefile section.Writing the description filesThere are three description files that are required for any
port, whether they actually package or not. They are
COMMENT, DESCR, and
PLIST, and reside in the
pkg subdirectory.COMMENTThis is the one-line description of the port.
Please do not include the package name (or
version number of the software) in the comment. Here is an
example:
A cat chasing a mouse all over the screen.DESCRThis is a longer description of the port. One to a few
paragraphs concisely explaining what the port does is
sufficient.This is not a manual or an in-depth
description on how to use or compile the port! Please
be careful if you are copying from the
README or manpage; too often
they are not a concise description of the port or are in an
awkward format (e.g., manpages have justified spacing). If the
ported software has an official WWW homepage, you should list it
here. Prefix one of the websites with
WWW: so that automated tools will work
correctly.It is recommended that you sign your name at the end of this
file, as in:
This is a port of oneko, in which a cat chases a poor mouse all over
the screen.
:
(etc.)
WWW: http://www.oneko.org/
- Satoshi
asami@cs.berkeley.eduPLISTThis file lists all the files installed by the port. It is
also called the “packing list” because the package is
generated by packing the files listed here. The pathnames are
relative to the installation prefix (usually
/usr/local or
/usr/X11R6). If you are using the
MANn variables (as
you should be), do not list any manpages here.Here is a small example:
bin/oneko
lib/X11/app-defaults/Oneko
lib/X11/oneko/cat1.xpm
lib/X11/oneko/cat2.xpm
lib/X11/oneko/mouse.xpm
@dirrm lib/X11/onekoRefer to the &man.pkg.create.1; man page for details on the
packing list.You should list all the files, but not the name directories,
in the list. Also, if the port creates directories for itself
during installtion, make sure to add @dirrm
lines as necessary to remove them when the port is
deleted.It is recommended that you keep all the filenames in this
file sorted alphabetically. It will make verifying the changes
when you upgrade the port much easier.Creating a packing list manually can be a very tedious
task. If the port installs a large numbers of files, creating the packing list
automatically might save time.Creating the checksum fileJust type make makesum. The ports make rules
will automatically generate the file
files/md5.Testing the portYou should make sure that the port rules do exactly what you
want it to do, including packaging up the port. These are the
important points you need to verify.PLIST does not contain anything not
installed by your portPLIST contains everything that is
installed by your portYour port can be installed multiple times using the
reinstall targetYour port cleans up
after itself upon deinstallRecommended test orderingmake installmake packagemake deinstallpkg_add package-namemake deinstallmake reinstallmake packageMake sure that there are not any warnings issued in any of the
package and
deinstall stages, After step 3, check to
see if all the new directories are correctly deleted. Also, try
using the software after step 4, to ensure that is works correctly
when installed from a package.Checking your port with portlintPlease use portlint to see if your port
conforms to our guidelines. The portlint program
is part of the ports collection. In particular, your may want to
check if the Makefile is in
the right shape and the package is named
appropriately.Submitting the portFirst, make sure you have read the Do's and Dont's section.Now that you are happy with your port, the only thing remaining
is to put it in the main FreeBSD ports tree and make everybody else
happy about it too. We do not need your work
directory or the pkgname.tgz package, so delete
them now. Next, simply include the output of shar `find
port_dir` in a bug report and send it with the
&man.send-pr.1; program (see Bug
Reports and General Commentary for more information about
&man.send-pr.1;. If the uncompressed port is larger than 20KB,
you should compress it into a tarfile and use &man.uuencode.1;
before including it in the bug report (uuencoded tarfiles are
acceptable even if the bug report is smaller than 20KB but are not
preferred). Be sure to classify the bug report as category
ports and class
change-request. (Do not mark the report
confidential!)One more time, do not include the original source
distfile, the work directory, or the package
you built with make package.In the past, we asked you to upload new port submissions in
- our ftp site (ftp.freebsd.org). This
+ our ftp site (ftp.FreeBSD.org). This
is no longer recommended as read access is turned off on that
incoming/ directory of that site due to the
large amount of pirated software showing up there.We will look at your port, get back to you if necessary, and put
it in the tree. Your name will also appear in the list of
“Additional FreeBSD contributors” on the FreeBSD
Handbook and other files. Isn't that great?!? :)Slow PortingOk, so it was not that simple, and the port required some
modifications to get it to work. In this section, we will explain,
step by step, how to modify it to get it to work with the ports
paradigm.How things workFirst, this is the sequence of events which occurs when the user
first types make in your port's directory, and
you may find that having bsd.port.mk in another
window while you read this really helps to understand it.But do not worry if you do not really understand what
bsd.port.mk is doing, not many people do...
:>The fetch target is run. The
fetch target is responsible for making
sure that the tarball exists locally in
DISTDIR. If fetch
cannot find the required files in DISTDIR it
will look up the URL MASTER_SITES, which is
set in the Makefile, as well as our main ftp site at ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/,
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/">ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/,
where we put sanctioned distfiles as backup. It will then
attempt to fetch the named distribution file with
FETCH, assuming that the requesting site has
direct access to the Internet. If that succeeds, it will save
the file in DISTDIR for future use and
proceed.The extract target is run. It
looks for your port's distribution file (typically a gzip'd
tarball) in DISTDIR and unpacks it into a
temporary subdirectory specified by WRKDIR
(defaults to work).The patch target is run. First,
any patches defined in PATCHFILES are
applied. Second, if any patches are found in
PATCHDIR (defaults to the
patches subdirectory), they are applied at
this time in alphabetical order.The configure target is run. This
can do any one of many different things.If it exists, scripts/configure is
run.If HAS_CONFIGURE or
GNU_CONFIGURE is set,
WRKSRC/configure is
run.If USE_IMAKE is set,
XMKMF (default: xmkmf
-a) is run.The build target is run. This is
responsible for descending into the port's private working
directory (WRKSRC) and building it. If
USE_GMAKE is set, GNU make
will be used, otherwise the system make will
be used.The above are the default actions. In addition, you can define
targets
pre-something or
post-something,
or put scripts with those names, in the scripts
subdirectory, and they will be run before or after the default
actions are done.For example, if you have a post-extract
target defined in your Makefile, and a file
pre-build in the scripts
subdirectory, the post-extract target will
be called after the regular extraction actions, and the
pre-build script will be executed before the
default build rules are done. It is recommended that you use
Makefile targets if the actions are simple
enough, because it will be easier for someone to figure out what
kind of non-default action the port requires.The default actions are done by the
bsd.port.mk targets
do-something.
For example, the commands to extract a port are in the target
do-extract. If you are not happy with the
default target, you can fix it by redefining the
do-something
target in your Makefile.The “main” targets (e.g.,
extract,
configure, etc.) do nothing more than
make sure all the stages up to that one are completed and call
the real targets or scripts, and they are not intended to be
changed. If you want to fix the extraction, fix
do-extract, but never ever touch
extract!Now that you understand what goes on when the user types
make, let us go through the recommended steps to
create the perfect port.Getting the original sourcesGet the original sources (normally) as a compressed tarball
(foo.tar.gz or
foo.tar.Z) and copy
it into DISTDIR. Always use
mainstream sources when and where you
can.If you cannot find a ftp/http site that is well-connected to the
net, or can only find sites that have irritatingly non-standard
formats, you might want to put a copy on a reliable ftp or http
server that you control (e.g., your home page). Make sure you set
MASTER_SITES to reflect your choice.If you cannot find somewhere convenient and reliable to put the
distfile (if you are a FreeBSD committer, you can just put it in
your public_html/ directory on
freefall), we can “house” it ourselves
by putting it on
- ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
+ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
as the last resort. Please refer to this location as
MASTER_SITE_LOCAL. Send mail to the &a.ports;if
you are not sure what to do.If your port's distfile changes all the time for no good reason,
consider putting the distfile in your home page and listing it as
the first MASTER_SITES. This will prevent users
from getting checksum mismatch errors, and
also reduce the workload of maintainers of our ftp site. Also, if
there isonly one master site for the port, it is recommended that
you house a backup at your site and list it as the second
MASTER_SITES.If your port requires some additional `patches' that are
available on the Internet, fetch them too and put them in
DISTDIR. Do not worry if they come from a site
other than where you got the main source tarball, we have a way to
handle these situations (see the description of PATCHFILES below).Modifying the portUnpack a copy of the tarball in a private directory and make
whatever changes are necessary to get the port to compile properly
under the current version of FreeBSD. Keep careful
track of everything you do, as you will be automating
the process shortly. Everything, including the deletion, addition
or modification of files should be doable using an automated script
or patch file when your port is finished.If your port requires significant user interaction/customization
to compile or install, you should take a look at one of Larry Wall's
classic Configure scripts and perhaps do
something similar yourself. The goal of the new ports collection is
to make each port as “plug-and-play” as possible for the
end-user while using a minimum of disk space.Unless explicitly stated, patch files, scripts, and other
files you have created and contributed to the FreeBSD ports
collection are assumed to be covered by the standard BSD copyright
conditions.PatchingIn the preparation of the port, files that have been added or
changed can be picked up with a recursive diff for later feeding to
patch. Each set of patches you wish to apply should be collected
into a file named
patch-xx where
xx denotes the sequence in which the
patches will be applied — these are done in
alphabetical order, thus aa
first, ab second and so on. These files should
be stored in PATCHDIR, from where they will be
automatically applied. All patches should be relative to
WRKSRC (generally the directory your port's
tarball unpacks itself into, that being where the build is done).
To make fixes and upgrades easier, you should avoid having more than
one patch fix the same file (e.g., patch-aa and
patch-ab both changing
WRKSRC/foobar.c).ConfiguringInclude any additional customization commands to your
configure script and save it in the
scripts subdirectory. As mentioned above, you
can also do this as Makefile targets and/or
scripts with the name pre-configure or
post-configure.Handling user inputIf your port requires user input to build, configure or install,
then set IS_INTERACTIVE in your Makefile. This
will allow “overnight builds” to skip your port if the
user sets the variable BATCH in his environment (and
if the user sets the variable INTERACTIVE, then
only those ports requiring interaction are
built).It is also recommended that if there are reasonable default
answers to the questions, you check the
PACKAGE_BUILDING variable and turn off the
interactive script when it is set. This will allow us to build the
packages for CD-ROMs and ftp.Configuring the MakefileConfiguring the Makefile is pretty simple, and again we suggest
that you look at existing examples before starting. Also, there is a
sample Makefile in this
handbook, so take a look and please follow the ordering of variables
and sections in that template to make your port easier for others to
read.Now, consider the following problems in sequence as you design
your new Makefile:The original sourceDoes it live in DISTDIR as a standard gzip'd
tarball? If so, you can go on to the next step. If not, you should
look at overriding any of the EXTRACT_CMD,
EXTRACT_BEFORE_ARGS,
EXTRACT_AFTER_ARGS,
EXTRACT_SUFX, or DISTFILES
variables, depending on how alien a format your port's distribution
file is. (The most common case is
EXTRACT_SUFX=.tar.Z, when the tarball is
condensed by regular compress, not gzip.)In the worst case, you can simply create your own
do-extract target to override the default,
though this should be rarely, if ever, necessary.DISTNAMEYou should set DISTNAME to be the base name
of your port. The default rules expect the distribution file list
(DISTFILES) to be named
DISTNAMEEXTRACT_SUFX which, if
it is a normal tarball, is going to be something like
foozolix-1.0.tar.gz for a setting of
DISTNAME=foozolix-1.0.The default rules also expect the tarball(s) to extract into a
subdirectory called
work/DISTNAME, e.g.
work/foozolix-1.0/.All this behavior can be overridden, of course; it simply
represents the most common time-saving defaults. For a port
requiring multiple distribution files, simply set
DISTFILES explicitly. If only a subset of
DISTFILES are actual extractable archives, then
set them up in EXTRACT_ONLY, which will override
the DISTFILES list when it comes to extraction,
and the rest will be just left in DISTDIR for
later use.PKGNAMEIf DISTNAME does not conform to our guidelines for a good package
name, you should set the PKGNAME
variable to something better. See the abovementioned guidelines for
more details.CATEGORIESWhen a package is created, it is put under
/usr/ports/packages/All and links are made from
one or more subdirectories of
/usr/ports/packages. The names of these
subdirectories are specified by the variable
CATEGORIES. It is intended to make life easier
for the user when he is wading through the pile of packages on the
ftp site or the CD-ROM. Please take a look at the existing categories and pick the ones
that are suitable for your port.This list also determines where in the ports tree the port is
imported. If you put more than one category here, it is assumed
that the port files will be put in the subdirectory with the name in
the first category. See the categories section for more
discussion about how to pick the right categories.If you port truly belongs to something that is different from
all the existing ones, you can even create a new category name. In
that case, please send mail to the &a.ports; to propose a new
category.There is no error checking for category names. make
package will happily create a new directory if you
mustype the category name, so be careful!MASTER_SITESRecord the directory part of the ftp/http-URL pointing at the
original tarball in MASTER_SITES. Do not forget
the trailing slash (/)!The make macros will try to use this
specification for grabbing the distribution file with
FETCH if they cannot find it already on the
system.It is recommended that you put multiple sites on this list,
preferably from different continents. This will safeguard against
wide-area network problems, and we are even planning to add support
for automatically determining the closest master site and fetching
from there!If the original tarball is part of one of the following popular
archives: X-contrib, GNU, Perl CPAN, TeX CTAN, or Linux Sunsite, you
refer to those sites in an easy compact form using
MASTER_SITE_XCONTRIB,
MASTER_SITE_GNU,
MASTER_SITE_PERL_CPAN,
MASTER_SITE_TEX_CTAN, and
MASTER_SITE_SUNSITE. Simply set
MASTER_SITE_SUBDIR to the path with in the
archive. Here is an example:
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applicationsThe user can also set the MASTER_SITE_*
variables in /etc/make.conf to override our
choices, and use their favorite mirrors of these popular archives
instead.PATCHFILESIf your port requires some additional patches that are available
by ftp or http, set PATCHFILES to the names of
the files and PATCH_SITES to the URL of the
directory that contains them (the format is the same as
MASTER_SITES).If the patch is not relative to the top of the source tree
(i.e., WKRSRC) because it contains some extra
pathnames, set PATCH_DIST_STRIP accordingly. For
instance, if all the pathnames in the patch have an extra
foozolix-1.0/ in front of the filenames, then set
PATCH_DIST_STRIP=-p1.Do not worry if the patches are compressed, they will be
decompressed automatically if the filenames end with
.gz or .Z.If the patch is distributed with some other files, such as
documentation, in a gzip'd tarball, you cannot just use
PATCHFILES. If that is the case, add the name
and the location of the patch tarball to
DISTFILES and MASTER_SITES.
Then, from the pre-patch target, apply the
patch either by running the patch command from there, or copying the
patch file into the PATCHDIR directory and
calling it
patch-xx.Note the tarball will have been extracted alongside the
regular source by then, so there is no need to explicitly extract
it if it is a regular gzip'd or compress'd tarball. If you do the
latter, take extra care not to overwrite something that already
exists in that directory. Also do not forget to add a command to
remove the copied patch in the pre-clean
target.MAINTAINERSet your mail-address here. Please. :)For detailed description of the responsibility of maintainers,
refer to MAINTAINER on
Makefiles section.DependenciesMany ports depend on other ports. There are five variables that
you can use to ensure that all the required bits will be on the
user's machine. There are also some pre-supported dependency
variables for common cases, plus a few more to control the behaviour
of dependencies.LIB_DEPENDSThis variable specifies the shared libraries this port depends
on. It is a list of
lib:dir:target
tuples where lib is the name of the
shared library, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. For example, LIB_DEPENDS=
jpeg.9:${PORTSDIR}/graphics/jpeg:install
will check for a shared jpeg library with major version 9, and
descend into the graphics/jpeg subdirectory
of your ports tree to build and install it if it is not found.
The target part can be omitted if it is
equal to DEPENDS_TARGET (which defaults to
install).The lib part is an argument given
to ldconfig -r | grep -wF. There shall be no
reqular expressions in this variable.The dependency is checked twice, once from within the
extract target and then from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system.RUN_DEPENDSThis variable specifies executables or files this port depends
on during run-time. It is a list of
path:dir:target
tuples where path is the name of the
executable or file, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. If path starts with a slash
(/), it is treated as a file and its existence
is tested with test -e; otherwise, it is
assumed to be an executable, and which -s is
used to determine if the program exists in the user's search
path.For example,
RUN_DEPENDS= ${PREFIX}/etc/innd:${PORTSDIR}/news/inn \
wish8.0:${PORTSDIR}/x11-toolkits/tk80will check if the file or directory
/usr/local/etc/innd exists, and build and
install it from the news/inn subdirectory of
the ports tree if it is not found. It will also see if an
executable called wish8.0 is in your search
path, and descend into the x11-toolkits/tk80
subdirectory of your ports tree to build and install it if it is
not found.In this case, innd is actually an
executable; if an executable is in a place that is not expected
to be in a normal user's search path, you should use the full
pathname.The dependency is checked from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system. The target
part can be omitted if it is the same
DEPENDS_TARGET.BUILD_DEPENDSThis variable specifies executables or files this port
requires to build. Like RUN_DEPENDS, it is a
list of
path:dir:target
tuples. For example, BUILD_DEPENDS=
unzip:${PORTSDIR}/archivers/unzip will check
for an executable called unzip, and descend
into the archivers/unzip subdirectory of your
ports tree to build and install it if it is not found.“build” here means everything from extracting to
compilation. The dependency is checked from within the
extract target. The
target part can be omitted if it is
the same as DEPENDS_TARGETFETCH_DEPENDSThis variable specifies executables or files this port
requires to fetch. Like the previous two, it is a list of
path:dir:target
tuples. For example, FETCH_DEPENDS=
ncftp2:${PORTSDIR}/net/ncftp2 will check for an
executable called ncftp2, and descend into the
net/ncftp2 subdirectory of your ports tree to
build and install it if it is not found.The dependency is checked from within the
fetch target. The
target part can be omitted if it is the
same as DEPENDS_TARGET.DEPENDSIf there is a dependency that does not fall into either of the
above four categories, or your port requires to have the source of
the other port extracted in addition to having them installed,
then use this variable. This is a list of
dir:target,
as there is nothing to check, unlike the previous four. The
target part can be omitted if it is the
same as DEPENDS_TARGET.Common dependency variablesDefine USE_XLIB=yes if your port requires
the X Window System to be installed (it is implied by
USE_IMAKE). Define
USE_GMAKE=yes if your port requires GNU
make instead of BSD make.
Define USE_AUTOCONF=yes if your port requires
GNU autoconf to be run. Define USE_QT=yes if
your port uses the latest qt toolkit. Use
USE_PERL5=yes if your port requires version 5
of the perl language. (The last is especially important since
some versions of FreeBSD has perl5 as part of the base system
while others do not.)Notes on dependenciesAs mentioned above, the default target to call when a
dependency is required is DEPENDS_TARGET.
It defaults to install. This is a user
variable; is is never defined in a port's
Makefile. If your port needs a special way
to handle a dependency, use the :target part of
the *_DEPENDS variables instead of redefining
DEPENDS_TARGET.When you type make clean, its dependencies
are automatically cleaned too. If you do not wish this to happen,
define the variable NOCLEANDEPENDS in your
environment.To depend on another port unconditionally, it is customary to
use the string nonexistent as the first field
of BUILD_DEPENDS or
RUN_DEPENDS. Use this only when you need to
the to get to the source of the other port. You can often save
compilation time by specifying the target too. For
instance
BUILD_DEPENDS= /nonexistent:${PORTSDIR}/graphics/jpeg:extract
will always descend to the JPEG port and extract it.Do not use DEPENDS unless there is no other
way the behaviour you want can be accomplished. It will cause the
other port to be always build (and installed, by default), and the
dependency will go into the packages as well. If this is really
what you need, I recommend you write it as
BUILD_DEPENDS and
RUN_DEPENDS instead—at least the
intention will be clear.Building mechanismsIf your package uses GNU make, set
USE_GMAKE=yes. If your package uses
configure, set
HAS_CONFIGURE=yes. If your package uses GNU
configure, set
GNU_CONFIGURE=yes (this implies
HAS_CONFIGURE). If you want to give some extra
arguments to configure (the default argument list
--prefix=${PREFIX} for GNU
configure and empty for non-GNU
configure), set those extra arguments in
CONFIGURE_ARGS. If your package uses GNU
autoconf, set
USE_AUTOCONF=yes. This implies
GNU_CONFIGURE, and will cause
autoconf to be run before
configure.If your package is an X application that creates
Makefiles from Imakefiles
using imake, then set
USE_IMAKE=yes. This will cause the configure
stage to automatically do an xmkmf -a. If the
flag is a problem for your port, set
XMKMF=xmkmf. If the port uses
imake but does not understand the
install.man target,
NO_INSTALL_MANPAGES=yes should be set. In
addition, the author of the original port should be shot. :>If your port's source Makefile has
something else than all as the main build
target, set ALL_TARGET accordingly. Same goes
for install and
INSTALL_TARGET.Special considerationsThere are some more things you have to take into account when you
create a port. This section explains the most common of those.ldconfigIf your port installs a shared library, add a
post-install target to your
Makefile that runs ${LDCONFIG}
-m on the directory where the new library is installed
(usually PREFIX/lib) to
register it into the shared library cache.Also, add a matching @exec /sbin/ldconfig -m
and @unexec /sbin/ldconfig -R pair to your
pkg/PLIST file so that a user who installed the
package can start using the shared library immediately and
deinstallation will not cause the system to still believe the
library is there. These lines should immediately follow the line
for the shared library itself, as in:
lib/libtvl80.so.1
@exec /sbin/ldconfig -m %D/lib
@unexec /sbin/ldconfig -RNever, ever, ever add a line that says
ldconfig without any arguments to your
Makefile or pkg/PLIST.
This will reset the shared library cache to the contents of
/usr/lib only, and will royally screw up the
user's machine ("Help, xinit does not run anymore after I install
this port!"). Anybody who does this will be shot and cut in 65,536
pieces by a rusty knife and have is liver chopped out by a bunch of
crows and will eternally rot to death in the deepest bowels of hell
(not necessarily in that order…)ELF supportSince FreeBSD is moving to ELF shortly after 3.0-RELEASE, we need
to convert many ports that build shared libraries to support ELF.
Complicating this task is that a 3.0 system can run as both ELF and
a.out, and we wish to unofficially support the 2.2 as long as
possible. Below are the guidelines on how to convert a.out only ports
to support both a.out and ELF compilation.Some part of this list is only applicable during the conversion,
but will be left here for awhile for reference in case you have come
across some old port you wish to upgrade.Moving a.out libraries out of the wayA.out libraries should be moved out of
/usr/local/lib and similar to an
aout subdirectory. (If you do not move them out
of the way, ELF ports will happily overwrite a.out libraries.) The
move-aout-libs target in the 3.0-CURRENT
src/Makefile (called from
aout-to-elf) will do this for you. It will
only move a.out libs so it is safe to call it on a system with both
ELF and a.out libs in the standard directories.FormatThe ports tree will build packages in the format the machine is
in. This means a.out for 2.2 and a.out or ELF for 3.0 depending on
what `objformat` returns. Also, once users move
a.out libraries to a subdirectory, building a.out libraries will be
unsupported. (I.e., it may still work if you know what you are
doing, but you are on your own.)If a port only works for a.out, set
BROKEN_ELF to a string describing the reason
why. Such ports will be skipped during a build on an ELF
system.PORTOBJFORMATbsd.port.mk will set
PORTOBJFORMAT to aout or
elf and export it in the environments
CONFIGURE_ENV, SCRIPTS_ENV and
MAKE_ENV. (It's always going to be
aout in 2.2-STABLE). It is also passed to
PLIST_SUB as
PORTOBJFORMAT=${PORTOBJFORMAT}. (See comment on
ldconfig lines below.)The variable is set using this line in
bsd.port.mk:
PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aoutPorts' make processes should use this variable to decide what to
do. However, if the port's configure script
already automatically detects an ELF system, it is not necessary to
refer to PORTOBJFORMAT.Building shared librariesThe following are differences in handling shared libraries for
a.out and ELF.Shared library versionsAn ELF shared library should be called
libfoo.so.M
where M is the single version number,
and an a.out library should be called
libfoo.so.M.N
where M is the major version and
N is the the minor version number.
Do not mix those; never install an ELF
shared library called
libfoo.so.N.M
or an a.out shared library (or symlink) called
libfoo.so.N.Linker command linesAssuming cc -shared is used rather than
ld directly, the only difference is that you
need to add
on the command line for ELF.You need to install a symlink from
libfoo.so to
libfoo.so.N to make
ELF linkers happy. Since it should be listed in
PLIST too, and it won't hurt in the a.out case
(some ports even require the link for dynamic loading), you should
just make this link regardless of the setting of
PORTOBJFORMAT.LIB_DEPENDSAll port Makefiles are edited to remove minor numbers from
LIB_DEPENDS, and also to have the regexp support
removed. (E.g., foo\\.1\\.\\(33|40\\) becomes
foo.2.) They will be matched using grep
-wF.PLISTPLIST should contain the short (ELF) shlib
names if the a.out minor number is zero, and the long (a.out) names
otherwise. bsd.port.mk will automatically add
.0 to the end of short shlib lines if
PORTOBJFORMAT equals aout, and
will delete the minor number from long shlib names if
PORTOBJFORMAT equals
elf.In cases where you really need to install shlibs with two
versions on an ELF system or those with one version on an a.out
system (for instance, ports that install compatibility libraries for
other operating systems), define the variable
NO_FILTER_SHLIBS. This will turn off the editing
of PLIST mentioned in the previous
paragraph.ldconfigThe ldconfig line in Makefiles should
read:
${SETENV} OBJFORMAT=${PORTOBJFORMAT} ${LDCONFIG} -m ....In PLIST it should read;
@exec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -m ...
@unexec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -RThis is to ensure that the correct ldconfig
will be called depending on the format of the package, not the
default format of the system.MASTERDIRIf your port needs to build slightly different versions of
packages by having a variable (for instance, resolution, or paper
size) take different values, create one subdirectory per package to
make it easier forusers to see what to do, but try to share as many
files as possible between ports. Typically you only need a very short
Makefile in all but one of the directories if you
use variables cleverly. In the sole Makefiles,
you can use MASTERDIR to specify the directory
where the rest of the files are. Also, use a variable as part of
PKGNAME so
the packages will have different names.This will be best demonstrated by an example. This is part of
japanese/xdvi300/Makefile;
PKGNAME= ja-xdvi${RESOLUTION}-17
:
# default
RESOLUTION?= 300
.if ${RESOLUTION} != 118 && ${RESOLUTION} != 240 && \
${RESOLUTION} != 300 && ${RESOLUTION} != 400
@${ECHO} "Error: invalid value for RESOLUTION: \"${RESOLUTION}\""
@${ECHO} "Possible values are: 118, 240, 300 (default) and 400."
@${FALSE}
.endifjapanese/xdvi300 also has all the regular
patches, package files, etc. If you type make
there, it will take the default value for the resolution (300) and
build the port normally.As for other resolutions, this is the entirexdvi118/Makefile;
RESOLUTION= 118
MASTERDIR= ${.CURDIR}/../xdvi300
.include ${MASTERDIR}/Makefile(xdvi240/Makefile and
xdvi400/Makefile are similar). The
MASTERDIR definition tells
bsd.port.mk that the refulat set of
subdirectories like PATCHDIR and
PKGDIR are to be found under
xdvi300. The RESOLUTION=118
line will override the RESOLUTION=300 line in
xdvi300/Makefile and the port will be built with
resolution set to 118.Shared library versionsFirst, please read our policy on
shared library versioning to understand what to do with
shared library versions in general. Do not blindly assume software
authors know what they are doing; many of them do not. It is very
important that these details are carefully considered, as we have
quite a unique situation where we are trying to have dozens of
potentially incompatible software pairs co-exist. Careless port
imports have caused great trouble regarding shared libraries in the
past (ever wondered why the port jpeg-6b has a
shared library version of 9.0?). If in doubt, send a message to the
&a.ports;. Most of the time, your job ends by determining the right
shared library version and making appropriate patches to implement
it.However, if there is a port which is a different version of the
same software already in the tree, the situation is much more complex.
In short, the FreeBSD implementation does not allow the user to
specify to the linker which version of shared library to link against
(the linker will always pick the highest numbered version). This
means, if there is a libfoo.so.3.2 and
libfoo.so.4.0 in the system, there is no way to
tell the linker to link a particular application to
libfoo.so.3.2. It is essentially completely
overshadowed in terms of compilation-time linkage. In this case, the
only solution is to rename the base part of the
shared library. For instance, change
libfoo.so.4.0 to
libfoo4.so.1.0 so both version 3.2 and 4.0 can be
linked from other ports.ManpagesThe MAN[1-9LN] variables will automatically add
any manpages to pkg/PLIST (this means you must
not list manpages in the
PLIST—see generating PLIST for more). It also
makes the install stage automatically compress or uncompress manpages
depending on the setting of NOMANCOMPRESS in
/etc/make.conf.To specify whether the manpages are compressed upon installation,
use the MANCOMPRESSED variable. This variable can
take three values, yes, no and
maybe. yes means manpages are
already installed compressed, no means they are
not, and maybe means the software already respects
the value of NOMANCOMPRESS so
bsd.port.mk does not have to do anything
special.MANCOMPRESSED is automatically set to
yes if USE_IMAKE is set and
NO_INSTALL_MANPAGES is not set, and to
no otherwise. You do not have to explicitly define
it unless the default is not suitable for your port.If your port anchors its man tree somewhere other than
PREFIX, you can use the
MANPREFIX to set it. Also, if only manpages in
certain sections go in a non-standard place, such as some Perl modules
ports, you can set individual man paths using
MANsectPREFIX (where
sect is one of 1-9,
L or N).If your manpages go to language-specific subdirectories, set the
name of the languages to MANLANG. The value of
this variable defaults to "" (i.e., English
only).Here is an example that puts it all together.
MAN1= foo.1
MAN3= bar.3
MAN4= baz.4
MANLANG= "" ja
MAN3PREFIX= ${PREFIX}/share/foobar
MANCOMPRESSED= yesThis states that six files are installed by this port;
${PREFIX}/man/man1/foo.1.gz
${PREFIX}/man/ja/man1/foo.1.gz
${PREFIX}/share/foobar/man/man3/bar.3.gz
${PREFIX}/share/foobar/man/ja/man3/bar.3.gz
${PREFIX}/man/man4/baz.4.gz
${PREFIX}/man/ja/man4/baz.4.gzPorts that require MotifThere are many programs that require a Motif library (available
from several commercial vendors, while there is a free clone reported
to be able to run many applications in
x11-toolkits/lesstif) to compile. Since it is a
popular toolkit and their licenses usually permit redistribution of
statically linked binaries, we have made special provisions for
handling ports that require Motif in a way that we can easily compile
binaries linked either dynamically (for people who are compiling from
the port) or statically (for people who distribute packages).REQUIRES_MOTIFIf your port requires Motif, define this variable in the
Makefile. This will prevent people who do not own a copy of Motif
from even attempting to build it.MOTIFLIBThis variable will be set by bsd.port.mk to
be the appropriate reference to the Motif library. Please patch the
source to use this wherever the Motif library is referenced in the
Makefile or
Imakefile.There are two common cases:If the port refers to the Motif library as
-lXm in its Makefile or
Imakefile, simply substitute
${MOTIFLIB} for it.If the port uses XmClientLibs in its
Imakefile, change it to
${MOTIFLIB} ${XTOOLLIB}
${XLIB}.Note that MOTIFLIB (usually) expands to
-L/usr/X11R6/lib -lXm or
/usr/X11R6/lib/libXm.a, so there is no need to
add -L or -l in front.X11 fontsIf your port installs fonts for the X Window system, put them in
X11BASE/lib/X11/fonts/local.
This directory is new to XFree86 release 3.3.3. If it does not exist,
please create it, and print out a message urging the user to update
their XFree86 to 3.3.3 or newer, or at least add this directory to the
font path in /etc/XF86Config.Info filesThe new version of texinfo (included in 2.2.2-RELEASE and onwards)
contains a utility called install-info to add and
delete entries to the dir file. If your port
installs any info documents, please follow this instructions so your
port/package will correctly update the user's
PREFIX/info/dir file. (Sorry
for the length of this section, but is it imperative to weave all the
info files together. If done correctly, it will produce a
beautiful listing, so please bear with me!First, this is what you (as a porter) need to know&prompt.user; install-info --help
install-info [OPTION]... [INFO-FILE [DIR-FILE]]
Install INFO-FILE in the Info directory file DIR-FILE.
Options:
--delete Delete existing entries in INFO-FILE;
don't insert any new entries.
:
--entry=TEXT Insert TEXT as an Info directory entry.
:
--section=SEC Put this file's entries in section SEC of the directory. :This program will not actually install info
files; it merely inserts or deletes entries in the
dir file.Here's a seven-step procedure to convert ports to use
install-info. I will use
editors/emacs as an example.Look at the texinfo sources and make a patch to insert
@dircategory and @direntry
statements to files that do not have them. This is part of my
patch:
--- ./man/vip.texi.org Fri Jun 16 15:31:11 1995
+++ ./man/vip.texi Tue May 20 01:28:33 1997
@@ -2,6 +2,10 @@
@setfilename ../info/vip
@settitle VIP
+@dircategory The Emacs editor and associated tools
+@direntry
+* VIP: (vip). A VI-emulation for Emacs.
+@end direntry
@iftex
@finalout
:The format should be self-explanatory. Many authors leave a
dir file in the source tree that contains all
the entries you need, so look around before you try to write your
own. Also, make sure you look into related ports and make the
section names and entry indentations consistent (we recommend that
all entry text start at the 4th tab stop).Note that you can put only one info entry per file because
of a bug in install-info --delete that
deletes only the first entry if you specify multiple entries in
the @direntry section.You can give the dir entries to
install-info as arguments
( and ) instead
of patching the texinfo sources. I do not think this is a good
idea for ports because you need to duplicate the same information
in three places
(Makefile and
@exec/@unexec of
PLIST; see below). However, if you have a
Japanese (or other multibyte encoding) info files, you will have
to use the extra arguments to install-info
because makeinfo cannot handle those texinfo
sources. (See Makefile and
PLIST of japanese/skk
for examples on how to do this).Go back to the port directory and do a make clean;
make and verify that the info files are regenerated
from the texinfo sources. Since the texinfo sources are newer than
the info files, they should be rebuilt when you type
make; but many Makefiles
do not include correct dependencies for info files. In
emacs' case, I had to patch the main
Makefile.in so it will descend into the
man subdirectory to rebuild the info
pages.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Tue Apr 15 00:15:28 1997
@@ -184,7 +184,7 @@
# Subdirectories to make recursively. `lisp' is not included
# because the compiled lisp files are part of the distribution
# and you cannot remake them without installing Emacs first.
-SUBDIR = lib-src src
+SUBDIR = lib-src src man
# The makefiles of the directories in $SUBDIR.
SUBDIR_MAKEFILES = lib-src/Makefile man/Makefile src/Makefile oldXMenu/Makefile lwlib/Makefile
--- ./man/Makefile.in.org Thu Jun 27 15:27:19 1996
+++ ./man/Makefile.in Tue Apr 15 00:29:52 1997
@@ -66,6 +66,7 @@
${srcdir}/gnu1.texi \
${srcdir}/glossary.texi
+all: info
info: $(INFO_TARGETS)
dvi: $(DVI_TARGETS)The second hunk was necessary because the default target in
the man subdir is called
info, while the main
Makefile wants to call
all. I also deleted the installation of
the info info file because we already have
one with the same name in /usr/share/info
(that patch is not shown here).If there is a place in the Makefile that
is installing the dir file, delete it. Your
port may not be doing it. Also, remove any commands that are
otherwise mucking around with the dir
file.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Mon Apr 14 23:38:07 1997
@@ -368,14 +368,8 @@
if [ `(cd ${srcdir}/info && /bin/pwd)` != `(cd ${infodir} && /bin/pwd)` ]; \
then \
(cd ${infodir}; \
- if [ -f dir ]; then \
- if [ ! -f dir.old ]; then mv -f dir dir.old; \
- else mv -f dir dir.bak; fi; \
- fi; \
cd ${srcdir}/info ; \
- (cd $${thisdir}; ${INSTALL_DATA} ${srcdir}/info/dir ${infodir}/dir); \
- (cd $${thisdir}; chmod a+r ${infodir}/dir); \
for f in ccmode* cl* dired-x* ediff* emacs* forms* gnus* info* message* mh-e* sc* vip*; do \
(cd $${thisdir}; \
${INSTALL_DATA} ${srcdir}/info/$$f ${infodir}/$$f; \
chmod a+r ${infodir}/$$f); \(This step is only necessary if you are modifying an existing
port.) Take a look at pkg/PLIST and delete
anything that is trying to patch up info/dir.
They may be in pkg/INSTALL or some other
file, so search extensively.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/04/15 06:32:12
@@ -15,9 +15,6 @@
man/man1/emacs.1.gz
man/man1/etags.1.gz
man/man1/ctags.1.gz
-@unexec cp %D/info/dir %D/info/dir.bak
-info/dir
-@unexec cp %D/info/dir.bak %D/info/dir
info/cl
info/cl-1
info/cl-2Add a post-install target to the
Makefile to create a dir
file if it is not there. Also, call
install-info with the installed info
files.
Index: Makefile
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/Makefile,v
retrieving revision 1.26
diff -u -r1.26 Makefile
--- Makefile 1996/11/19 13:14:40 1.26
+++ Makefile 1997/05/20 10:25:09 1.28
@@ -20,5 +20,11 @@
post-install:
.for file in emacs-19.34 emacsclient etags ctags b2m
strip ${PREFIX}/bin/${file}
.endfor
+ if [ ! -f ${PREFIX}/info/dir ]; then \
+ ${SED} -ne '1,/Menu:/p' /usr/share/info/dir > ${PREFIX}/info/dir; \
+ fi
+.for info in emacs vip viper forms gnus mh-e cl sc dired-x ediff ccmode
+ install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir
+.endfor
.include <bsd.port.mk>Do not use anything other than
/usr/share/info/dir and the above command to
create a new info file. In fact, I would add the first three lines
of the above patch to bsd.port.mk if you (the
porter) would not have to do it in PLIST by
yourself anyway.Edit PLIST and add equivalent
@exec statements and also
@unexec for pkg_delete. You
do not need to delete info/dir with
@unexec.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/05/20 10:25:12 1.17
@@ -16,7 +14,15 @@
man/man1/etags.1.gz
man/man1/ctags.1.gz
+@unexec install-info --delete %D/info/emacs %D/info/dir
:
+@unexec install-info --delete %D/info/ccmode %D/info/dir
info/cl
info/cl-1
@@ -87,6 +94,18 @@
info/viper-3
info/viper-4
+@exec [ -f %D/info/dir ] || sed -ne '1,/Menu:/p' /usr/share/info/dir > %D/info/dir
+@exec install-info %D/info/emacs %D/info/dir
:
+@exec install-info %D/info/ccmode %D/info/dir
libexec/emacs/19.34/i386--freebsd/cvtmail
libexec/emacs/19.34/i386--freebsd/digest-docThe @unexec install-info --delete
commands have to be listed before the info files themselves so
they can read the files. Also, the @exec
install-info commands have to be after the info
files and the @exec command that creates the
the dir file.Test and admire your
work. :). Check the
dir file before and after each step.The pkg/ subdirectoryThere are some tricks we have not mentioned yet about the
pkg/ subdirectory that come in handy
sometimes.MESSAGEIf you need to display a message to the installer, you may place
the message in pkg/MESSAGE. This capability is
often useful to display additional installation steps to be taken
after a pkg_add or to display licensing
information.The pkg/MESSAGE file does not need to be
added to pkg/PLIST. Also, it will not get
automatically printed if the user is using the port, not the
package, so you should probably display it from the
post-install target yourself.INSTALLIf your port needs to execute commands when the binary package
is installed with pkg_add you can do this via the
pkg/INSTALL script. This script will
automatically be added to the package, and will be run twice by
pkg_add. The first time will as INSTALL
${PKGNAME} PRE-INSTALL and the second time as
INSTALL ${PKGNAME} POST-INSTALL.
$2 can be tested to determine which mode
the script is being run in. The PKG_PREFIX
environmental variable will be set to the package installation
directory. See &man.pkg.add.1; for
additional information.This script is not run automatically if you install the port
with make install. If you are depending on it
being run, you will have to explicitly call it from your port's
Makefile.REQIf your port needs to determine if it should install or not, you
can create a pkg/REQ “requirements”
script. It will be invoked automatically at
installation/deinstallation time to determine whether or not
installation/deinstallation should proceed.Changing PLIST based on make
variablesSome ports, particularly the p5- ports, need to change their
PLIST depending on what options they are
configured with (or version of perl, in the case of p5- ports). To
make this easy, any instances in the PLIST of
%%OSREL%%, %%PERL_VER%%, and
%%PERL_VERSION%% will be substituted for
appropriately. The value of %%OSREL%% is the
numeric revision of the operating system (e.g.,
2.2.7). %%PERL_VERSION%% is
the full version number of perl (e.g., 5.00502)
and %%PERL_VER%% is the perl version number minus
the patchlevel (e.g., 5.005).If you need to make other substitutions, you can set the
PLIST_SUB variable with a list of
VAR=VALUE
pairs and instances of
%%VAR%%' will be
substituted with VALUE in the
PLIST.For instance, if you have a port that installs many files in a
version-specific subdirectory, you can put something like
OCTAVE_VERSION= 2.0.13
PLIST_SUB= OCTAVE_VERSION=${OCTAVE_VERSION}
in the Makefile and use
%%OCTAVE_VERSION%% wherever the version shows up
in PLIST. That way, when you upgrade the port,
you will not have to change dozens (or in some cases, hundreds) of
lines in the PLIST.This substitution (as well as addition of any man pages) will be done between
the do-install and
post-install targets, by reading from
PLIST and writing to TMPPLIST
(default:
WRKDIR/.PLIST.mktmp). So if
your port builds PLIST on the fly, do so in or
before do-install. Also, if your port
needs to edit the resulting file, do so in
post-install to a file named
TMPPLIST.Changing the names of files in the
pkg subdirectoryAll the filenames in the pkg subdirectory
are defined using variables so you can change them in your
Makefile if need be. This is especially useful
when you are sharing the same pkg subdirectory
among several ports or have to write to one of the above files (see
writing to places other than
WRKDIR for why it is a bad idea to write
directly in to the pkg subdirectory.Here is a list of variable names and their default
values.VariableDefault valueCOMMENT${PKGDIR}/DESCRDESCR${PKGDIR}/DESCRPLIST${PKGDIR}/PLISTPKGINSTALL${PKGDIR}/PKGINSTALLPKGDEINSTALL${PKGDIR}/PKGDEINSTALLPKGREQ${PKGDIR}/REQPKGMESSAGE${PKGDIR}/MESSAGEPlease change these variables rather than overriding
PKG_ARGS. If you change
PKG_ARGS, those files will not correctly be
installed in /var/db/pkg upon install from a
port.Licensing ProblemsSome software packages have restrictive licenses or can be in
violation to the law (PKP's patent on public key crypto, ITAR (export
of crypto software) to name just two of them). What we can do with
them varies a lot, depending on the exact wordings of the respective
licenses.It is your responsibility as a porter to read the licensing
terms of the software and make sure that the FreeBSD project will
not be held accountable of violating them by redistributing the
source or compiled binaries either via ftp or CD-ROM. If in doubt,
please contact the &a.ports;.There are two variables you can set in the Makefile to handle the
situations that arise frequently:If the port has a “do not sell for profit” type of
license, set the variable NO_CDROM to a string
describing the reason why. We will make sure such ports will not go
into the CD-ROM come release time. The distfile and package will
still be available via ftp.If the resulting package needs to be built uniquely for each
site, or the resulting binary package cannot be distributed due to
licensing; set the variable NO_PACKAGE to a
string describing the reason why. We will make sure such packages
will not go on the ftp site, nor into the CD-ROM come release time.
The distfile will still be included on both however.If the port has legal restrictions on who can use it (e.g.,
crypto stuff) or has a “no commercial use” license,
set the variable RESTRICTED to be the string
describing the reason why. For such ports, the distfiles/packages
will not be available even from our ftp sites.The GNU General Public License (GPL), both version 1 and 2,
should not be a problem for ports.If you are a committer, make sure you update the
ports/LEGAL file too.UpgradingWhen you notice that a port is out of date compared to the latest
version from the original authors, first make sure you have the latest
port. You can find them in the
ports/ports-current directory of the ftp mirror
sites.The next step is to send a mail to the maintainer, if one is
listed in the port's Makefile. That person may
already be working on an upgrade, or have a reason to not upgrade the
port right now (because of, for example, stability problems of the new
version).If the maintainer asks you to do the upgrade or there is not any
such person to begin with, please make the upgrade and send the
recursive diff (either unified or context diff is fine, but port
committers appear to prefer unified diff more) of the new and old
ports directories to us (e.g., if your modified port directory is
called superedit and the original as in our tree
is superedit.bak, then send us the result of
diff -ruN superedit.bak superedit). Please examine
the output to make sure all the changes make sense. The best way to
send us the diff is by including it to &man.send-pr.1; (category
ports). Please mention any added or deleted files
in the message, as they have to be explicitly specified to CVS when
doing a commit. If the diff is more than about 20KB, please compress
and uuencode it; otherwise, just include it in as is in the PR.Once again, please use &man.diff.1; and not &man.shar.1; to send
updates to existing ports.Do's and Dont'sHere is a list of common do's and dont's that you encounter during
the porting process.You should check your own port against this list,
but you can also check ports in the PR database that others have
submitted. Submit any comments on ports you check as described in
Bug Reports and General
Commentary. Checking ports in the PR database will both make
it faster for us to commit them, and prove that you know what you are
doing.Strip BinariesDo strip binaries. If the original source already strips the
binaries, fine; otherwise you should add a
post-install rule to to it yourself. Here is an
example;
post-install:
strip ${PREFIX}/bin/xdlUse the &man.file.1; command on the installed executable to
check whether the binary is stripped or not. If it does not say
not stripped, it is stripped.INSTALL_* macrosDo use the macros provided in bsd.port.mk
to ensure correct modes and ownership of files in your own
*-install targets. They are:INSTALL_PROGRAM is a command to install
binary executables.INSTALL_SCRIPT is a command to install
executable scripts.INSTALL_DATA is a command to install
sharable data.INSTALL_MAN is a command to install
manpages and other documentation (it does not compress
anything).These are basically the install command with
all the appropriate flags. See below for an example on how to use
them.WRKDIRDo not write anything to files outside
WRKDIR. WRKDIR is the only
place that is guaranteed to be writable during the port build (see
compiling ports from CDROM for an
example of building ports from a read-only tree). If you need to
modigy some file in PKGDIR, do so by redefining a variable, not by
writing over it.WRKDIRPREFIXMake sure your port honors WRKDIRPREFIX.
Most ports do not have to worry about this. In particular, if you
are referring to a WRKDIR of another port, note
that the correct location is
WRKDIRPREFIXPORTSDIR/subdir/name/work not PORTSDIR/subdir/name/work or .CURDIR/../../subdir/name/work or some such.Also, if you are defining WRKDIR yourself,
make sure you prepend
${WKRDIRPREFIX}${.CURDIR} in the
front.Differentiating operating systems and OS versionsYou may come across code that needs modifications or conditional
compilation based upon what version of UNIX it is running under. If
you need to make such changes to the code for conditional
compilation, make sure you make the changes as general as possible
so that we can back-port code to FreeBSD 1.x systems and cross-port
to other BSD systems such as 4.4BSD from CSRG, BSD/386, 386BSD,
NetBSD, and OpenBSD.The preferred way to tell 4.3BSD/Reno (1990) and newer versions
of the BSD code apart is by using the BSD macro
defined in <sys/param.h>. Hopefully that
file is already included; if not, add the code:
#if (defined(__unix__) || defined(unix)) && !defined(USG)
#include <sys/param.h>
#endifto the proper place in the .c file. We
believe that every system that defines these two symbols has
sys/param.h. If you find a system that
does not, we would like to know. Please send mail to the
&a.ports;.Another way is to use the GNU Autoconf style of doing
this:
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endifDo not forget to add -DHAVE_SYS_PARAM_H to the
CFLAGS in the Makefile for
this method.Once you have sys/param.h included, you may
use:
#if (defined(BSD) && (BSD >= 199103))to detect if the code is being compiled on a 4.3 Net2 code base
or newer (e.g. FreeBSD 1.x, 4.3/Reno, NetBSD 0.9, 386BSD, BSD/386
1.1 and below).Use:
#if (defined(BSD) && (BSD >= 199306))to detect if the code is being compiled on a 4.4 code base or
newer (e.g. FreeBSD 2.x, 4.4, NetBSD 1.0, BSD/386 2.0 or
above).The value of the BSD macro is
199506 for the 4.4BSD-Lite2 code base. This is
stated for informational purposes only. It should not be used to
distinguish between versions of FreeBSD based only on 4.4-Lite vs.
versions that have merged in changes from 4.4-Lite2. The
__FreeBSD__ macro should be used instead.Use sparingly:__FreeBSD__ is defined in all versions of
FreeBSD. Use it if the change you are making
only affects FreeBSD. Porting gotchas like
the use of sys_errlist[] vs
strerror() are Berkeleyisms, not FreeBSD
changes.In FreeBSD 2.x, __FreeBSD__ is defined to
be 2. In earlier versions, it is
1. Later versions will bump it to match
their major version number.If you need to tell the difference between a FreeBSD 1.x
system and a FreeBSD 2.x or 3.x system, usually the right answer
is to use the BSD macros described above. If
there actually is a FreeBSD specific change (such as special
shared library options when using ld) then it
is OK to use __FreeBSD__ and #if
__FreeBSD__ > 1 to detect a FreeBSD 2.x and later
system. If you need more granularity in detecting FreeBSD
systems since 2.0-RELEASE you can use the following:
#if __FreeBSD__ >= 2
#include <osreldate.h>
# if __FreeBSD_version >= 199504
/* 2.0.5+ release specific code here */
# endif
#endifRelease__FreeBSD_version2.0-RELEASE1194112.1-CURRENTs199501, 1995032.0.5-RELEASE1995042.2-CURRENT before 2.11995082.1.0-RELEASE1995112.2-CURRENT before 2.1.51995122.1.5-RELEASE1996072.2-CURRENT before 2.1.61996082.1.6-RELEASE1996122.1.7-RELEASE1996122.2-RELEASE2200002.2.1-RELEASE220000 (no change)2.2-STABLE after 2.2.1-RELEASE220000 (no change)2.2-STABLE after texinfo-3.92210012.2-STABLE after top2210022.2.2-RELEASE2220002.2-STABLE after 2.2.2-RELEASE2220012.2.5-RELEASE2250002.2-STABLE after 2.2.5-RELEASE2250012.2-STABLE after ldconfig -R merge2250022.2.6-RELEASE2260002.2.7-RELEASE2270002.2-STABLE after 2.2.7-RELEASE2270012.2-STABLE after semctl(2) change2270022.2.8-RELEASE2280002.2-STABLE after 2.2.8-RELEASE2280013.0-CURRENT before mount(2) change3000003.0-CURRENT after mount(2) change3000013.0-CURRENT after semctl(2) change3000023.0-CURRENT after ioctl arg changes3000033.0-CURRENT after ELF conversion3000043.0-RELEASE3000053.0-CURRENT after 3.0-RELEASE3000063.0-STABLE after 3/4 branch3000073.1-RELEASE3100003.1-STABLE after 3.1-RELEASE3100013.1-STABLE after C++ constructor/destructor order change3100023.2-STABLE3200014.0-CURRENT after 3/4 branch4000004.0-CURRENT after change in dynamic linker handling4000014.0-CURRENT after C++ constructor/destructor order change4000024.0-CURRENT after functioning dladdr(3)4000034.0-CURRENT after newbus4000044.0-CURRENT after suser(9) API change4000054.0-CURRENT after cdevsw registration change4000064.0-CURRENT after the addition of so_cred for socket level credentials4000074.0-CURRENT after the addition of a poll syscall wrapper to libc_r400008Note that 2.2-STABLE sometimes identifies itself as
“2.2.5-STABLE” after the 2.2.5-RELEASE. The pattern
used to be year followed by the month, but we decided to change it
to a more straightforward major/minor system starting from 2.2.
This is because the parallel development on several branches made
it infeasible to classify the releases simply by their real
release dates. If you are making a port now, you do not have to
worry about old -CURRENTs; they are listed here just for your
reference.In the hundreds of ports that have been done, there have only
been one or two cases where __FreeBSD__ should
have been used. Just because an earlier port screwed up and used it
in the wrong place does not mean you should do so too.Writing something after
bsd.port.mkDo not write anything after the .include
<bsd.port.mk> line. it usually can be avoided by
including bsd.port.pre.mk somewhere in the
middle of your Makefile and
bsd.port.post.mk at the end.You need to include either the
pre.mk/post.mk pair or
bsd.port.mk only; do not mix these two.bsd.port.pre.mk only defines a few
variables, which can be used in tests in the
Makefile, bsd.port.post.mk
defines the rest.Here are some important variables defined in
bsd.port.pre.mk (this is not the complete list,
please read bsd.port.mk for the complete
list).VariableDescriptionARCHThe architecture as returned by uname
-m (e.g., i386)OPSYSThe operating system type, as returned by
uname -s (e.g.,
FreeBSD)OSRELThe release version of the operating system (e.g.,
2.1.5 or
2.2.7)OSVERSIONThe numeric version of the operating system, same as
__FreeBSD_version.PORTOBJFORMATThe object format of the system
(aout or elfLOCALBASEThe base of the “local” tree (e.g.,
/usr/local/)X11BASEThe base of the “X11” tree (e.g.,
/usr/X11R6)PREFIXWhere the port installs itself (see more on
PREFIX).If you have to define the variables
USE_IMAKE, USE_X_PREFIX, or
MASTERDIR, do so before including
bsd.port.pre.mk.Here are some examples of things you can write after
bsd.port.pre.mk;
# no need to compile lang/perl5 if perl5 is already in system
.if ${OSVERSION} > 300003
BROKEN= perl is in system
.endif
# only one shlib version number for ELF
.if ${PORTOBJFORMAT} == "elf"
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}
.else
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}.${SHLIB_MINOR}
.endif
# software already makes link for ELF, but not for a.out
post-install:
.if ${PORTOBJFORMAT} == "aout"
${LN} -sf liblinpack.so.1.0 ${PREFIX}/lib/liblinpack.so
.endifInstall additional documentationIf your software has some documentation other than the standard
man and info pages that you think is useful for the user, install it
under PREFIX/share/doc.
This can be done, like the previous item, in the
post-install target.Create a new directory for your port. The directory name should
reflect what the port is. This usually means
PKGNAME minus the version part. However, if you
think the user might want different versions of the port to be
installed at the same time, you can use the whole
PKGNAME.Make the installation dependent to the variable
NOPORTDOCS so that users can disable it in
/etc/make.conf, like this:
post-install:
.if !defined(NOPORTDOCS)
${MKDIR}${PREFIX}/share/doc/xv
${INSTALL_MAN} ${WRKSRC}/docs/xvdocs.ps ${PREFIX}/share/doc/xv
.endifDo not forget to add them to pkg/PLIST too!
(Do not worry about NOPORTDOCS here; there is
currently no way for the packages to read variables from
/etc/make.conf.)Also you can use the pkg/MESSAGE file to
display messages upon installation. See the using
pkg/MESSAGE section for
details.MESSAGE does not need to be added to
pkg/PLIST).DIST_SUBDIRDo not let your port clutter
/usr/ports/distfiles. If your port requires a
lot of files to be fetched, or contains a file that has a name that
might conflict with other ports (e.g.,
Makefile), set DIST_SUBDIR
to the name of the port (PKGNAME without the
version part should work fine). This will change
DISTDIR from the default
/usr/ports/distfiles to
/usr/ports/distfiles/DIST_SUBDIR,
and in effect puts everything that is required for your port into
that subdirectory.It will also look at the subdirectory with the same name on the
- backup master site at ftp.freebsd.org.
+ backup master site at ftp.FreeBSD.org.
(Setting DISTDIR explicitly in your
Makefile will not accomplish this, so please use
DIST_SUBDIR.)This does not affect the MASTER_SITES you
define in your Makefile.Package informationDo include package information, i.e.
COMMENT, DESCR, and
PLIST, in pkg.Note that these files are not used only for packaging anymore,
and are mandatory now, even if
NO_PACKAGE is set.RCS stringsDo not put RCS strings in patches. CVS will mangle them when we
put the files into the ports tree, and when we check them out again,
they will come out different and the patch will fail. RCS strings
are surrounded by dollar ($) signs, and
typically start with $Id or
$RCS.Recursive diffUsing the recurse () option to
diff to generate patches is fine, but please take
a look at the resulting patches to make sure you do not have any
unnecessary junk in there. In particular, diffs between two backup
files, Makefiles when the port uses
Imake or GNU configure, etc.,
are unnecessary and should be deleted. If you had to edit
configure.in and run
autoconf to regenerate
configure, do not take the diffs of
configure (it often grows to a few thousand
lines!); define USE_AUTOCONF=yes and take the
diffsof configure.in.Also, if you had to delete a file, then you can do it in the
post-extract target rather than as part of
the patch. Once you are happy with the resulting diff, please split
it up into one source file per patch file.PREFIXDo try to make your port install relative to
PREFIX. (The value of this variable will be set
to LOCALBASE (default
/usr/local), unless
USE_X_PREFIX or USE_IMAKE is
set, in which case it will be X11BASE (default
/usr/X11R6).)Not hard-coding /usr/local or
/usr/X11R6 anywhere in the source will make the
port much more flexible and able to cater to the needs of other
sites. For X ports that use imake, this is
automatic; otherwise, this can often be done by simply replacing the
occurrences of /usr/local (or
/usr/X11R6 for X ports that do not use imake)
in the various scripts/Makefiles in the port to read
PREFIX, as this variable is automatically passed
down to every stage of the build and install processes.Do not set USE_X_PREFIX unless your port
truly require it (i.e., it links against X libs or it needs to
reference files in X11BASE).The variable PREFIX can be reassigned in your
Makefile or in the user's environment.
However, it is strongly discouraged for individual ports to set this
variable explicitly in the Makefiles.Also, refer to programs/files from other ports with the
variables mentioned above, not explicit pathnames. For instance, if
your port requires a macro PAGER to be the full
pathname of less, use the compiler flag:
-DPAGER=\"${PREFIX}/bin/less\"
or
-DPAGER=\"${LOCALBASE}/bin/less\"
if this is an X port, instead of
-DPAGER=\"/usr/local/bin/less\". This way it will
have a better chance of working if the system administrator has
moved the whole `/usr/local' tree somewhere else.SubdirectoriesTry to let the port put things in the right subdirectories of
PREFIX. Some ports lump everything and put it in
the subdirectory with the port's name, which is incorrect. Also,
many ports put everything except binaries, header files and manual
pages in the a subdirectory of lib, which does
not bode well with the BSD paradigm. Many of the files should be
moved to one of the following: etc
(setup/configuration files), libexec
(executables started internally), sbin
(executables for superusers/managers), info
(documentation for info browser) or share
(architecture independent files). See man &man.hier.7; for details,
the rules governing
/usr pretty much apply to
/usr/local too. The exception are ports
dealing with USENET “news”. They may use
PREFIX/news as a destination
for their files.Cleaning up empty directoriesDo make your ports clean up after themselves when they are
deinstalled. This is usually accomplished by adding
@dirrm lines for all directories that are
specifically created by the port. You need to delete subdirectories
before you can delete parent directories.
:
lib/X11/oneko/pixmaps/cat.xpm
lib/X11/oneko/sounds/cat.au
:
@dirrm lib/X11/oneko/pixmals
@dirrm lib/X11/oneko/sounds
@dirrm lib/X11/onekoHowever, sometimes @dirrm will give you
errors because other ports also share the same subdirectory. You
can call rmdir from @unexec to
remove only empty directories without warning.
@unexec rmdir %D/share/doc/gimp 2>/dev/null || trueThis will neither print any error messages nor cause
pkg_delete to exit abnormally even if
PREFIX/share/doc/gimp is not
empty due to other ports installing some files in there.UIDsIf your port requires a certain user to be on the installed
system, let the pkg/INSTALL script call
pw to create it automatically. Look at
net/cvsup-mirror for an example.If your port must use the same user/group ID number when it is
installed a binarypackage as when it was compiled, then you mus
choose a free UID from 50 to 99 and register it below. Look at
japanese/Wnn for an example.Make sure you do not use a UID already used by the system or
other ports. This is the current list of UIDs between 50 and
99.
majordom:*:54:54:Majordomo Pseudo User:/usr/local/majordomo:/nonexistent
cyrus:*:60:60:the cyrus mail server:/nonexistent:/nonexistent
gnats:*:61:1:GNATS database owner:/usr/local/share/gnats/gnats-db:/bin/sh
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent
pop:*:68:6:Post Office Owner (popper):/nonexistent:/nonexistent
wnn:*:69:7:Wnn:/nonexistent:/nonexistent
ifmail:*:70:66:Ifmail user:/nonexistent:/nonexistent
pgsql:*:70:70:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh
ircd:*:72:72:IRCd hybrid:/nonexistent:/nonexistent
alias:*:81:81:QMail user:/var/qmail/alias:/nonexistent
qmaill:*:83:81:QMail user:/var/qmail:/nonexistent
qmaild:*:82:81:QMail user:/var/qmail:/nonexistent
qmailq:*:85:82:QMail user:/var/qmail:/nonexistent
qmails:*:87:82:QMail user:/var/qmail:/nonexistent
qmailp:*:84:81:QMail user:/var/qmail:/nonexistent
qmailr:*:86:82:QMail user:/var/qmail:/nonexistent
msql:*:87:87:mSQL-2 pseudo-user:/var/db/msqldb:/bin/shPlease include a notice when you submit a port (or an upgrade)
that reserves a new UID or GID in this range. This allows us to
keep the list of reserved IDs up to date.Do things rationallyThe Makefile should do things simply and
reasonably. If you can make it a couple of lines shorter or more
readable, then do so. Examples include using a make
.if construct instead of a shell
if construct, not redefining
do-extract if you can redefine
EXTRACT* instead, and using
GNU_CONFIGURE instead of CONFIGURE_ARGS
+= --prefix=${PREFIX}.Respect CFLAGSThe port should respect the CFLAGS variable.
If it does not, please add NO_PACKAGE=ignores
cflags to the Makefile.Configuration filesIf your port requires some configuration files in
PREFIX/etc, do
not just install them and list them in
pkg/PLIST. That will cause
pkg_delete to delete files carefully edited by
the user and a new installation to wipe them out.Instead, install sample files with a suffix
(filename.sample
will work well) and print out a message pointing out that the
user has to copy and edit the file before the software can be made
to work.PortlintDo check your work with portlint
before you submit or commit it.FeedbackDo send applicable changes/patches to the original
author/maintainer for inclusion in next release of the code. This
will only make your job that much easier for the next
release.MiscellaneaThe files pkg/DESCR,
pkg/COMMENT, and pkg/PLIST
should each be double-checked. If you are reviewing a port and feel
they can be worded better, do so.Do not copy more copies of the GNU General Public License into
our system, please.Please be careful to note any legal issues! Do not let us
illegally distribute software!If you are stuck…Do look at existing examples and the
bsd.port.mk file before asking us questions!
;)Do ask us questions if you have any trouble! Do not just beat
your head against a wall! :)A Sample MakefileHere is a sample Makefile that you can use to
create a new port. Make sure you remove all the extra comments (ones
between brackets)!It is recommended that you follow this format (ordering of
variables, empty lines between sections, etc.). This format is
designed so that the most important information is easy to locate. We
recommend that you use portlint to check the
Makefile.
[the header...just to make it easier for us to identify the ports.]
# New ports collection makefile for: xdvi
[the version required header should updated when upgrading a port.]
# Version required: pl18 [things like "1.5alpha" are fine here too]
[this is the date when the first version of this Makefile was created.
Never change this when doing an update of the port.]
# Date created: 26 May 1995
[this is the person who did the original port to FreeBSD, in particular, the
person who wrote the first version of this Makefile. Remember, this should
not be changed when upgrading the port later.]
# Whom: Satoshi Asami <asami@FreeBSD.ORG>
#
# $Id$
[ ^^^^ This will be automatically replaced with RCS ID string by CVS
when it is committed to our repository.]
#
[section to describe the port itself and the master site - DISTNAME
is always first, followed by PKGNAME (if necessary), CATEGORIES,
and then MASTER_SITES, which can be followed by MASTER_SITE_SUBDIR.
After those, one of EXTRACT_SUFX or DISTFILES can be specified too.]
DISTNAME= xdvi
PKGNAME= xdvi-pl18
CATEGORIES= print
[do not forget the trailing slash ("/")!
if you are not using MASTER_SITE_* macros]
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applications
[set this if the source is not in the standard ".tar.gz" form]
EXTRACT_SUFX= .tar.Z
[section for distributed patches -- can be empty]
PATCH_SITES= ftp://ftp.sra.co.jp/pub/X11/japanese/
PATCHFILES= xdvi-18.patch1.gz xdvi-18.patch2.gz
[maintainer; *mandatory*! This is the person (preferably with commit
privileges) who a user can contact for questions and bug reports - this
person should be the porter or someone who can forward questions to the
original porter reasonably promptly. If you really do not want to have
your address here, set it to "ports@FreeBSD.ORG".]
MAINTAINER= asami@FreeBSD.ORG
[dependencies -- can be empty]
RUN_DEPENDS= gs:${PORTSDIR}/print/ghostscript
LIB_DEPENDS= Xpm.5:${PORTSDIR}/graphics/xpm
[this section is for other standard bsd.port.mk variables that do not
belong to any of the above]
[If it asks questions during configure, build, install...]
IS_INTERACTIVE= yes
[If it extracts to a directory other than ${DISTNAME}...]
WRKSRC= ${WRKDIR}/xdvi-new
[If the distributed patches were not made relative to ${WRKSRC}, you
may need to tweak this]
PATCH_DIST_STRIP= -p1
[If it requires a "configure" script generated by GNU autoconf to be run]
GNU_CONFIGURE= yes
[If it requires GNU make, not /usr/bin/make, to build...]
USE_GMAKE= yes
[If it is an X application and requires "xmkmf -a" to be run...]
USE_IMAKE= yes
[et cetera.]
[non-standard variables to be used in the rules below]
MY_FAVORITE_RESPONSE= "yeah, right"
[then the special rules, in the order they are called]
pre-fetch:
i go fetch something, yeah
post-patch:
i need to do something after patch, great
pre-install:
and then some more stuff before installing, wow
[and then the epilogue]
.include <bsd.port.mk>Automated package list creationFirst, make sure your port is almost complete, with only
PLIST missing. Create an empty
PLIST.&prompt.root; touch PLISTNext, create a new set of directories which your port can be
installed, and install any dependencies.&prompt.root; mtree -U -f /etc/mtree/BSD.local.dist -d -e -p /var/tmp/port-name
&prompt.root; make depends PREFIX=/var/tmp/port-nameStore the directory structure in a new file.&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > OLD-DIRSIf your port honours PREFIX (which it should)
you can then install the port and create the package list.&prompt.root; make install PREFIX=/var/tmp
&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > pkg/PLISTYou must also add any newly created directories to the packing
list.&prompt.root; (cd /var/tmp/port-name && find * -type d) | comm -13 OLD-DIRS - | sed -e 's#^#@dirrm#' >> pkg/PLISTFinally, you need to tidy up the packing list by hand. I lied
when I said this was all automated. Manual pages should be listed in
the port's Makefile under
MANn, and not in the
package list. User configuration files should be removed, or
installed as
filename.sample. Any
libraries installed by the port should be listed as specified in the
ldconfig section.Package NamesThe following are the conventions you should follow in naming your
packages. This is to have our package directory easy to scan, as
there are already lots and lots of packages and users are going to
turn away if they hurt their eyes!The package name should look like
language-name-compiled.specifics-version.numbers.If your DISTNAME does not look like that, set
PKGNAME to something in that format.FreeBSD strives to support the native language of its users.
The language- part should be a two
letter abbreviation of the natural language defined by ISO-639 if
the port is specific to a certain language. Examples are
ja for Japanese, ru for
Russian, vi for Vietnamese,
zh for Chinese, ko for
Korean and de for German.The name part should be all lowercases,
except for a really large package (with lots of programs in it).
Things like XFree86 (yes there really is a port of it, check it
out) and ImageMagick fall into this category. Otherwise, convert
the name (or at least the first letter) to lowercase. If the
capital letters are important to the name (for example, with
one-letter names like R or
V) you may use capital letters at your
discretion. There is a tradition of naming Perl 5 modules by
prepending p5- and converting the double-colon
separator to a hyphen; for example, the
Data::Dumper module becomes
p5-Data-Dumper. If the software in question
has numbers, hyphens, or underscores in its name, you may include
them as well (like kinput2).If the port can be built with different hardcoded defaults (usually
part of the directory name in a family of ports), the
-compiled.specifics part should state
the compiled-in defaults (the hyphen is optional). Examples are
papersize and font units.The version string should be a period-separated list of
integers and single lowercase alphabetics. The only exception is
the string pl (meaning `patchlevel'), which can
be used only when there are no major and
minor version numbers in the software.Here are some (real) examples on how to convert a
DISTNAME into a suitable
PKGNAME:Distribution NamePackage NameReasonmule-2.2.2.mule-2.2.2No changes requiredXFree86-3.1.2XFree86-3.1.2No changes requiredEmiClock-1.0.2emiclock-1.0.2No uppercase names for single programsgmod1.4gmod-1.4Need a hyphen before version numbersxmris.4.0.2xmris-4.0.2Need a hyphen before version numbersrdist-1.3alphardist-1.3aNo strings like alpha
allowedes-0.9-beta1es-0.9b1No strings like beta
allowedv3.3beta021.srctiff-3.3What the heck was that anyway?tvtwmtvtwm-pl11Version string always requiredpiewmpiewm-1.0Version string always requiredxvgr-2.10pl1xvgr-2.10.1pl allowed only when no
major/minor version numbersgawk-2.15.6ja-gawk-2.15.6Japanese language versionpsutils-1.13psutils-letter-1.13Papersize hardcoded at package build timepkfontspkfonts300-1.0Package for 300dpi fontsIf there is absolutely no trace of version information in the
original source and it is unlikely that the original author will ever
release another version, just set the version string to
1.0 (like the piewm example above). Otherwise, ask
the original author or use the date string
(yy.mm.dd) as the version.CategoriesAs you already know, ports are classified in several categories.
But for this to wor, it is important that porters and users understand
what each category and how we deicde what to put in each
category.Current list of categoriesFirst, this is the current list of port categories. Those
marked with an asterisk (*) are
virtual categories—those that do not have
a corresponding subdirectory in the ports tree.For non-virtual categories, you will find a one-line
description in the pkg/COMMENT file in that
subdirectory (e.g.,
archivers/pkg/COMMENT).CategoryDescriptionafterstep*Ports to support AfterStep window managerarchiversArchiving tools.astroAstronomical ports.audioSound support.benchmarksBenchmarking utilities.biologyBiology-related software.cadComputer aided design tools.chineseChinese language support.commsCommunication software. Mostly software to talk to
your serial port.convertersCharacter code converters.databasesDatabases.deskutilsThings that used to be on the desktop before
computers were invented.develDevelopment utilities. Do not put libraries here just
because they are libraries—unless they truly do not
belong to anywhere else, they should not be in this
category.editorsGeneral editors. Specialized editors go in the section
for those tools (e.g., a mathematical-formula editor will go
in math).elispEmacs-lisp ports.emulatorsEmulators for other operating systems. Terminal
emulators do not belong
here—X-based ones should go to
x11 and text-based ones to either
comms or misc,
depending on the exact functionality.gamesGames.germanGerman language support.graphicsGraphics utilities.japaneseJapanese language support.kde*Ports that form the K Desktop Environment
(kde).koreanKorean language support.langProgramming languages.mailMail software.mathNumerical computation software and other utilities
for mathematics.mboneMBone applications.miscMiscellaneous utilities—basically things that
does not belong to anywhere else. This is the only category
that should not appear with any other non-virtual category.
If you have misc with something else in
your CATEGORIES line, that means you can
safely delete misc and just put the port
in that other subdirectory!netMiscellaneous networking software.newsUSENET news software.offix*Ports from the OffiX suite.palmSoftware support for the 3Com Palm(tm) series.perl5*Ports that require perl version 5 to run.plan9*Various programs from Plan9.printPrinting software. Desktop publishing tools
(previewers, etc.) belong here too.python*Software written in python.russianRussian language support.securitySecurity utilities.shellsCommand line shells.sysutilsSystem utilities.tcl75*Ports that use tcl version 7.5 to run.tcl76*Ports that use tcl version 7.6 to run.tcl80*Ports that use tcl version 8.0 to run.tcl81*Ports that use tcl version 8.1 to run.textprocText processing utilities. It does not include
desktop publishing tools, which go to print/.tk41*Ports that use tk version 4.1 to run.tk42*Ports that use tk version 4.2 to run.tk80*Ports that use tk version 8.0 to run.tk81*Ports that use tk version 8.1 to run.vietnameseVietnamese language support.windowmaker*Ports to support the WindowMaker window
managerwwwSoftware related to the World Wide Web. HTML language
support belong here too.x11The X window system and friends. This category is only
for software that directly support the window system. Do not
put regular X applications here. If your port is an X
application, define USE_XLIB (implied by
USE_IMAKE) and put it in appropriate
categories. Also, many of them go into other
x11-* categories (see below).x11-clocksX11 clocks.x11-fmX11 file managers.x11-fontsX11 fonts and font utilities.x11-toolkitsX11 toolkits.x11-wmX11 window managers.Choosing the right categoryAs many of the categories overlap, you often have to choose
which of the categories should be the primary category of your port.
There are several rules that govern this usse. Here is the list of
priorities, in decreasing order of precedence.Language specific categories always come first. For
example, if your port installs Japanese X11 fonts, then your
CATEGORIES line would read japanese
x11-fonts.Specific categories win over less-specific ones. For
instance, an HTML editor should be listed as www
editors, not the other way around. Also, you do not
need to list net when the port belongs to
either of mail, mbone,
news, security, or
www.x11 is used as a secondary category only
when the primary category is a natural language. In particular,
you should not put x11 in the category line
for X applications.If your port truly does not belong anywhere else, put it in
misc.If you are not sure about the category, please put a comment to
that effect in your send-pr submission so we can
discuss it before import it. (If you are a committer, send a note
&a.ports; so we can discuss it first—too often new ports are
imported to a wrong category only to be moved right away.)Changes to this document and the ports systemIf you maintain a lot of ports, you should consider following the
&a.ports;. Important changes to the way ports work will be announced
there. You can always find more detailed information on the latest
changes by looking at the
bsd.port.mk CVS log.That is It, Folks!Boy, this sure was a long tutorial, wasn't it? Thanks for
following us to here, really.Well, now that you know how to do a port, let us go at it and
convert everything in the world into ports! That is the easiest way to
start contributing to the FreeBSD Project! :)
diff --git a/en/handbook/ppp-and-slip/chapter.sgml b/en/handbook/ppp-and-slip/chapter.sgml
index 2db526fa62..0e9c4ac148 100644
--- a/en/handbook/ppp-and-slip/chapter.sgml
+++ b/en/handbook/ppp-and-slip/chapter.sgml
@@ -1,2488 +1,2488 @@
PPP and SLIPIf your connection to the Internet is through a modem, or you wish to
provide other people with dialup connections to the Internet using
FreeBSD, you have the option of using PPP or SLIP. Furthermore, two
varieties of PPP are provided: user (sometimes
referred to as iijppp) and
kernel. The procedures for configuring both types of
PPP, and for setting up SLIP are described in this chapter.Setting up User PPPUser PPP was introduced to FreeBSD in release 2.0.5 as an addition
to the existing kernel implementation of PPP. So, what is different
about this new PPP that warrants its addition? To quote from the manual
page:
This is a user process PPP software package. Normally, PPP is
implemented as a part of the kernel (e.g. as managed by
pppd) and it is thus somewhat hard to debug and/or
modify its behavior. However, in this implementation PPP is done as a
user process with the help of the tunnel device driver
(tun).
In essence, this means that rather than running a PPP daemon, the
ppp program can be run as and when desired. No PPP interface needs to
be compiled into the kernel, as the program can use the generic tunnel
device to get data into and out of the kernel.From here on out, user ppp will be referred to simply as ppp unless
a distinction needs to be made between it and any other PPP
client/server software such as pppd. Unless
otherwise stated, all commands in this section should be executed as
root.There are a large number of enhancements in version 2 of ppp. You
can discover what version you have by running ppp with no arguments and
typing show version at the prompt. It is a simple
matter to upgrade to the latest version of ppp (under any version of
FreeBSD) by downloading the latest archive via www.Awfulhak.org.Before you startThis document assumes you are in roughly this position:You have an account with an Internet Service Provider (ISP) which
lets you use PPP. Further, you have a modem (or other device)
connected and configured correctly which allows you to connect to your
ISP.You are going to need the following information to hand:Your ISPs phone number(s).Your login name and password. This can be either a regular
unix style login/password pair, or a PPP PAP or CHAP
login/password pair.The IP addresses of one or more nameservers. Normally, you
will be given two IP numbers. You must have
this information for PPP version 1.x
unless you run your own nameserver. From version 2 onwards,
PPP supports nameserver address
negotiation. If your ISP supports this, then using the command
enable dns in your config file will tell
PPP to set the nameservers for
you.The following information may have been supplied by your ISP, but
is not strictly necessary:The IP address of your ISP's gateway. The gateway is the
machine to which you will connect and will be set up as your
default route. If your ISP hasn't given you
this number, we can make one up and your ISP's PPP server will
tell us the correct value when we connect.This IP number is referred to as HISADDR
by ppp.Your ISP's netmask. If your ISP hasn't given you this
information, you can safely use a netmask of 255.255.255.0.If your ISP allocates you a static IP address and hostname
then you can enter this information. Otherwise, we simply let the
peer assign whatever IP number it sees fit.If you do not have any of the required information, contact your
ISP and make sure they provide it to you.Building a ppp ready kernelAs the description states, ppp uses the kernel
tun device. It is necessary to make sure
that your kernel has support for this device compiled in.To check this, go to your kernel compile directory
(/sys/i386/conf or
/sys/pc98/conf) and examine your kernel
configuration file. It needs to have the line
pseudo-device tun 1
in it somewhere. The stock GENERIC kernel has
this as standard, so if you have not installed a custom kernel or you
do not have a /sys directory, you do not have to
change anything.If your kernel configuration file does not have this line in it,
or you need to configure more than one tun device (for example, if you
are setting up a server and could have 16 dialup ppp connections at
any one time then you will need to use 16 instead
of 1), then you should add the line, re-compile,
re-install and boot the new kernel. Please refer to the Configuring the FreeBSD Kernel section
for more information on kernel configuration.You can check how many tunnel devices your current kernel has by
typing the following:&prompt.root; ifconfig -a
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 200.10.100.1 --> 203.10.100.24 netmask 0xffffffff
tun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 576
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 203.10.100.1 --> 203.10.100.20 netmask 0xffffffff
tun3: flags=8010<POINTOPOINT,MULTICAST> mtu 1500This case shows four tunnel devices, two of which are currently
configured and being used. It should be noted that the
RUNNING flag above indicates that the interface has
been used at some point—it is not an error if your interface
does not show up as RUNNING.If you have a kernel without the tun device, and you can not
rebuild it for some reason, all is not lost. You should be able to
dynamically load the code. Refer to the appropriate
&man.modload.8; and &man.lkm.4; pages for further details.You may also wish to take this opportunity to configure a
firewall. Details can be found in the Firewalls section.Check the tun deviceMost users will only require one tun
device (/dev/tun0). If you have used more (i.e.,
a number other than 1 in the
pseudo-device line in the kernel configuration
file) then alter all references to tun0 below
to reflect whichever device number you are using.The easiest way to make sure that the
tun0 device is configured correctly is to
re-make it. To do this, execute the following commands:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun0If you require 16 tunnel devices in your kernel, you will need to
create more than just tun0:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun15Also, to confirm that the kernel is configured correctly, the
following command should give the indicated output:&prompt.root; ifconfig tun0
tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500The RUNNING flag may not yet be set, in which
case you will see:&prompt.root; ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500Name Resolution ConfigurationThe resolver is the part of the system that turns IP addresses
into hostnames and vice versa. It can be configured to look for maps
that describe IP to hostname mappings in one of two places. The first
is a file called /etc/hosts (man 5
hosts). The second is the Internet Domain Name Service
(DNS), a distributed data base, the discussion of which is beyond the
scope of this document.This section describes briefly how to configure your
resolver.The resolver is a set of system calls that do the name mappings,
but you have to tell them where to find their information. You do
this by first editing the file /etc/host.conf.
Do not call this file
/etc/hosts.conf (note the extra
s) as the results can be confusing.Edit the /etc/host.conf fileThis file should contain the following two lines (in this
order):
hosts
bindThese instructs the resolver to first look in the file
/etc/hosts, and then to consult the DNS if the
name was not found.Edit the /etc/hosts(5) fileThis file should contain the IP addresses and names of machines
on your network. At a bare minimum it should contain entries for
the machine which will be running ppp. Assuming that your machine
is called foo.bar.com with the IP
address 10.0.0.1,
/etc/hosts should contain:
127.0.0.1 localhost
10.0.0.1 foo.bar.com fooThe first line defines the alias localhost as a
synonym for the current machine. Regardless of your own IP address,
the IP address for this line should always be 127.0.0.1. The second line maps the name
foo.bar.com (and the shorthand
foo) to the IP address 10.0.0.1.If your provider allocates you a static IP address and name,
then use these in place of the 10.0.0.1 entry.Edit the /etc/resolv.conf file/etc/resolv.conf tells the resolver how to
behave. If you are running your own DNS, you may leave this file
empty. Normally, you will need to enter the following
line(s):
nameserver x.x.x.x
nameserver y.y.y.y
domain bar.comThe x.x.x.x and
y.y.y.y
addresses are those given to you by your ISP. Add as many
nameserver lines as your ISP provides. The
domain line defaults to your hostname's domain,
and is probably unnecessary. Refer to the
resolv.conf manual page for details of other
possible entries in this file.If you are running PPP version 2 or greater, the enable
dns command will tell PPP to request that your ISP
confirms the nameserver values. If your ISP supplies different
addresses (or if there are no nameserver lines in
/etc/resolv.conf), PPP will rewrite the file
with the ISP-supplied values.ppp ConfigurationBoth user ppp and pppd (the kernel level
implementation of PPP) use configuration files located in the
/etc/ppp directory. The sample configuration
files provided are a good reference for user ppp, so don't delete
them.Configuring ppp requires that you edit a number
of files, depending on your requirements. What you put in them
depends to some extent on whether your ISP allocates IP addresses
statically (i.e., you get given one IP address, and always use that
one) or dynamically (i.e., your IP address can be different for each
PPP session).PPP and Static IP addressesYou will need to create a configuration file called
/etc/ppp/ppp.conf. It should look similar to
the example below.Lines that end in a : start in the first
column, all other lines should be indented as shown using spaces
or tabs.
1 default:
2 set device /dev/cuaa0
3 set speed 115200
4 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\TTIMEOUT 40 CONNECT"
5 provider:
6 set phone "(0123) 456 7890"
7 set login "TIMEOUT 10 \"\" \"\" gin:--gin: foo word: bar col: ppp"
8 set timeout 300
9 set ifaddr x.x.x.xy.y.y.y 255.255.255.0 0.0.0.0
10 add default HISADDR
11 enable dnsDo not include the line numbers, they are just for reference in
this discussion.Line 1:Identifies the default entry. Commands in this entry are
executed automatically when ppp is run.Line 2:Identifies the device to which the modem is connected.
COM1: is
/dev/cuaa0 and
COM2: is
/dev/cuaa1.Line 3:Sets the speed you want to connect at. If 115200 doesn't
work (it should with any reasonably new modem), try 38400
instead.Line 4:The dial string. User PPP uses an expect-send syntax
similar to the &man.chat.8; program. Refer to the
manual page for information on the features of this
language.Line 5:Identifies an entry for a provider called
“provider”.Line 6:Sets the phone number for this provider. Multiple phone
numbers may be specified using the : or
| character as a separator. The difference
between these separators is described in &man.ppp.8;.
To summarize, if you want to rotate through the numbers, use
the :. If you want to always attempt to
dial the first number first and only use the other numbers if
the first number fails, use the |. Always
quote the entire set of phone numbers as shown.Line 7:The login string is of the same chat-like syntax as the
dial string. In this example, the string works for a service
whose login session looks like this:J. Random Provider
login: foo
password: bar
protocol: pppYou will need to alter this script to suit your own needs.
When you write this script for the first time, you should
enable “chat” logging to ensure that the
conversation is going as expected.If you're using PAP or CHAP, there will be no login at
this point, so your login string can be left blank. See PAP and CHAP
authentication for further details.Line 8:Sets the default timeout (in seconds) for the connection.
Here, the connection will be closed automatically after 300
seconds of inactivity. If you never want to timeout, set this
value to zero.Line 9:Sets the interface addresses. The string
x.x.x.x should be replaced by the
IP address that your provider has allocated to you. The
string y.y.y.y should be replaced
by the IP address that your ISP indicated for their gateway
(the machine to which you connect). If your ISP hasn't given
you a gateway address, use 10.0.0.2/0. If you need to use a
“guessed” address, make sure that you create an
entry in /etc/ppp/ppp.linkup as per the
instructions for PPP and
Dynamic IP addresses. If this line is omitted,
ppp cannot run in or
mode.Line 10:Adds a default route to your ISPs gateway. The special
word HISADDR is replaced with the gateway
address specified on line 9. It is important that this line
appears after line 9, otherwise HISADDR
will not yet be initialized.Line 11:This line tells PPP to ask your ISP to confirm that your
nameserver addresses are correct. If your ISP supports this
facility, PPP can then update
/etc/resolv.conf with the correct
nameserver entries.It is not necessary to add an entry to
ppp.linkup when you have a static IP address as
your routing table entries are already correct before you connect.
You may however wish to create an entry to invoke programs after
connection. This is explained later with the sendmail
example.Example configuration files can be found in the
/etc/ppp directory.PPP and Dynamic IP addressesIf your service provider does not assign static IP numbers,
ppp can be configured to negotiate the local and
remote addresses. This is done by “guessing” an IP
number and allowing ppp to set it up correctly
using the IP Configuration Protocol (IPCP) after connecting. The
ppp.conf configuration is the same as PPP and Static IP addresses,
with the following change:
9 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0Again, do not include the line numbers, they are just for
reference in this discussion. Indentation of at least one space is
required.Line 9:The number after the / character is the
number of bits of the address that ppp will insist on. You
may wish to use IP numbers more appropriate to your
circumstances, but the above example will always work.The last argument (0.0.0.0) tells PPP
to negotiate using address 0.0.0.0 rather than 10.0.0.1. Do not use
0.0.0.0 as the first argument to
set ifaddr as it prevents PPP from setting
up an intial route in mode.If you are running version 1.x of PPP, uou will also need to
create an entry in /etc/ppp/ppp.linkup.
ppp.linkup is used after a connection has been
established. At this point, ppp will know what
IP addresses should really be used. The
following entry will delete the existing bogus routes, and create
correct ones:
1 provider:
2 delete ALL
3 add 0 0 HISADDRLine 1:On establishing a connection, ppp will
look for an entry in ppp.linkup according
to the following rules: First, try to match the same label as
we used in ppp.conf. If that fails, look
for an entry for the IP number of our gateway. This entry is
a four-octet IP style label. If we still haven't found an
entry, look for the MYADDR entry.Line 2:This line tells ppp to delete all
existing routes for the acquired tun interface (except the
direct route entry).Line 3:This line tells ppp to add a default
route that points to HISADDR.
HISADDR will be replaced with the IP number
of the gateway as negotiated in the IPCP.See the pmdemand entry in the files
/etc/ppp/ppp.conf.sample and
/etc/ppp/ppp.linkup.sample for a detailed
example.Version 2 of PPP introduces “sticky routes”. Any
add or delete lines that
contain MYADDR or HISADDR will
be remembered, and any time the actual values of
MYADDR or HISADDR change, the
routes will be re-applied. This removes the necessity of repeating
these lines in ppp.linkup.Receiving incoming calls with pppThis section describes setting up ppp in a
server role.When you configure ppp to receive incoming
calls on a machine connected to a LAN, you must decide if you wish
to forward packets to the LAN. If you do, you should allocate the
peer an IP number from your LAN's subet, and use the command
enable proxy
in your ppp.conf file. You should also confirm
that the /etc/rc.conf file (this file used to
be called /etc/sysconfig) contains the
following:
gateway=YESWhich getty?Configuring FreeBSD for Dialup
Services provides a good description on enabling dialup
services using getty.An alternative to getty is mgetty,
a smarter version of getty designed with dialup
lines in mind.The advantages of using mgetty is that it
actively talks to modems, meaning if port is
turned off in /etc/ttys then your modem won't
answer the phone.Later versions of mgetty (from 0.99beta
onwards) also support the automatic detection of PPP streams,
allowing your clients script-less access to your server.Refer to Mgetty and
AutoPPP for more information on
mgetty.PPP permissionsppp must normally be run as user id 0. If
however you wish to allow ppp to run in server
mode as a normal user by executing ppp as
described below, that user must be given permission to run
ppp by adding them to the
network group in
/etc/group.You will also need to give them access to one or more sections
of the configuration file using the allow
command:
allow users fred maryIf this command is used in the default
section, it gives the specified users access to everything.Setting up a PPP shell for dynamic-IP usersCreate a file called /etc/ppp/ppp-shell
containing the following:
#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`
if [ x$IDENT = xdialup ]; then
IDENT=`basename $TTY`
fi
echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENTThis script should be executable. Now make a symbolic link
called ppp-dialup to this script using the
following commands:&prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialupYou should use this script as the shell
for all your dialup ppp users. This is an example from
/etc/password for a dialup PPP user with
username pchilds. (remember don't directly
edit the password file, use vipw)
pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialupCreate a /home/ppp directory that is
world readable containing the following 0 byte files
-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts
which prevents /etc/motd from being
displayed.Setting up a PPP shell for static-IP usersCreate the ppp-shell file as above and
for each account with statically assigned IPs create a symbolic
link to ppp-shell.For example, if you have three dialup customers
fred, sam, and
mary, that you route class C networks for,
you would type the following:&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-maryEach of these users dialup accounts should have their shell
set to the symbolic link created above. (ie.
mary's shell should be
/etc/ppp/ppp-mary).Setting up ppp.conf for dynamic-IP usersThe /etc/ppp/ppp.conf file should contain
something along the lines of
default:
set debug phase lcp chat
set timeout 0
ttyd0:
set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
enable proxy
ttyd1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxyThe indenting is important.The default: section is loaded for each
session. For each dialup line enabled in
/etc/ttys create an entry similar to the one
for ttyd0: above. Each line should get a
unique IP address from your pool of IP addresses for dynamic
users.Setting up ppp.conf for static-IP
usersAlong with the contents of the sample
/etc/ppp/ppp.conf above you should add a
section for each of the statically assigned dialup users. We will
continue with our fred,
sam, and mary
example.
fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
sam:
set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255The file /etc/ppp/ppp.linkup should also
contain routing information for each static IP user if required.
The line below would add a route for the 203.14.101.0 class C via the client's
ppp link.
fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
sam:
add 203.14.102.0 netmask 255.255.255.0 HISADDR
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDRMore on mgetty, AutoPPP, and MS
extensionsmgetty and AutoPPPConfiguring and compiling mgetty with the
AUTO_PPP option enabled allows
mgetty to detect the LCP phase of PPP
connections and automatically spawn off a ppp shell. However,
since the default login/password sequence does not occur it is
necessary to authenticate users using either PAP or CHAP.This section assumes the user has successfully configured,
compiled, and installed a version of mgetty
with the AUTO_PPP option (v0.99beta or
later)Make sure your
/usr/local/etc/mgetty+sendfax/login.config
file has the following in it:
/AutoPPP/ - - /etc/ppp/ppp-pap-dialupThis will tell mgetty to run the
ppp-pap-dialup script for detected PPP
connections.Create a file called
/etc/ppp/ppp-pap-dialup containing the
following (the file should be executable):
#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENTFor each dialup line enabled in
/etc/ttys create a corresponding entry in
/etc/ppp/ppp.conf. This will happily
co-exist with the definitions we created above.
pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxyEach user logging in with this method will need to have a
username/password in /etc/ppp/ppp.secret
file, or alternatively add the
enable passwdauthoption to authenticate users via pap from the
/etc/password file.If you wish to assign some users a static IP number, you can
specify the number as the third argument in
/etc/ppp/ppp.secret. See
/etc/ppp/ppp.secret.sample for
examples.MS extentionsIt is possible to configure PPP to supply DNS and NetBIOS
nameserver addresses on demand.To enable these extensions with PPP version 1.x, the
following lines might be added to the relevant section of
/etc/ppp/ppp.conf.
enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5And for PPP version 2 and above:
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5This will tell the clients the primary and secondary name
server addresses, and a netbios nameserver host.In version 2 and above, if the set dns
line is ommitted, PPP will use the values found in
/etc/resolv.conf.PAP and CHAP authenticationSome ISPs set their system up so that the authentication part of
your connection is done using either of the PAP or CHAP
authentication mechanisms. If this is the case, your ISP will not
give a login: prompt when you connect, but will
start talking PPP immediately.PAP is less secure than CHAP, but security is not normally an
issue here as passwords, although being sent as plain text with PAP,
are being transmitted down a serial line only. There's not much room
for crackers to “eavesdrop”.Referring back to the PPP and
Static IP addresses or PPP and Dynamic IP addresses
sections, the following alterations must be made:
7 set login
…
12 set authname MyUserName
13 set authkey MyPasswordAs always, do not include the line numbers, they are just for
reference in this discussion. Indentation of at least one space is
required.Line 7:Your ISP will not normally require that you log into the
server if you're using PAP or CHAP. You must therefore
disable your "set login" string.Line 12:This line specifies your PAP/CHAP user name. You will
need to insert the correct value for
MyUserName.Line 13:This line specifies your PAP/CHAP password. You will need
to insert the correct value for
MyPassword. You may want to add an
additional line
15 accept PAP
or
15 accept CHAP
to make it obvious that this is the intention, but PAP and
CHAP are both accepted by default.Changing your ppp configuration on the
flyIt is possible to talk to the ppp program
while it is running in the background, but only if a suitable
diagnostic port has been set up. To do this, add the following line
to your configuration:
set server /var/run/ppp-tun%d DiagnosticPassword 0177This will tell PPP to listen to the specified unix-domain
socket, asking clients for the specified password before allowing
access. The %d in the name is replaced with the
tun device number that is in use.Once a socket has been set up, the
&man.pppctl.8; program may be used in scripts that wish to
manipulate the running program.Final system configurationYou now have ppp configured, but there are a
few more things to do before it is ready to work. They all involve
editing the /etc/rc.conf file (was
/etc/sysconfig).Working from the top down in this file, make sure the
hostname= line is set, e.g.:
hostname=foo.bar.comIf your ISP has supplied you with a static IP address and name,
it's probably best that you use this name as your host name.Look for the network_interfaces variable. If
you want to configure your system to dial your ISP on demand, make
sure the tun0 device is added to the list,
otherwise remove it.
network_interfaces="lo0 tun0" ifconfig_tun0=The ifconfig_tun0 variable should be empty,
and a file called /etc/start_if.tun0 should be
created. This file should contain the line
ppp -auto mysystemThis script is executed at network configuration time, starting
your ppp daemon in automatic mode. If you have a LAN for which this
machine is a gateway, you may also wish to use the
switch. Refer to the manual page for
further details.Set the router program to NO with the
line
router_enable=NO (/etc/rc.conf)
router=NO (/etc/sysconfig)It is important that the routed daemon is not
started (it's started by default) as routed tends
to delete the default routing table entries created by
ppp.It is probably worth your while ensuring that the
sendmail_flags line does not include the
option, otherwise sendmail will
attempt to do a network lookup every now and then, possibly causing
your machine to dial out. You may try:
sendmail_flags="-bd"The upshot of this is that you must force
sendmail to re-examine the mail queue whenever the
ppp link is up by typing:&prompt.root; /usr/sbin/sendmail -qYou may wish to use the !bg command in
ppp.linkup to do this automatically:
1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30mIf you don't like this, it is possible to set up a
“dfilter” to block SMTP traffic. Refer to the sample
files for further details.All that is left is to reboot the machine.After rebooting, you can now either type&prompt.root; pppand then dial provider to start the PPP
session, or, if you want ppp to establish sessions
automatically when there is outbound traffic (and you haven't created
the start_if.tun0 script), type&prompt.root; ppp -auto providerSummaryTo recap, the following steps are necessary when setting up ppp
for the first time:Client side:Ensure that the tun device is built
into your kernel.Ensure that the
tunX device file
is available in the /dev directory.Create an entry in /etc/ppp/ppp.conf.
The pmdemand example should suffice for most
ISPs.If you have a dynamic IP address, create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf (or
sysconfig) file.Create a start_if.tun0 script if you
require demand dialing.Server side:Ensure that the tun device is built
into your kernel.Ensure that the
tunX device file
is available in the /dev directory.Create an entry in /etc/passwd (using the
&man.vipw.8; program).Create a profile in this users home directory that runs
ppp -direct direct-server or similar.Create an entry in /etc/ppp/ppp.conf.
The direct-server example should
suffice.Create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf (or
sysconfig) file.AcknowledgmentsThis section of the handbook was last updated on Monday Aug 10,
1998 by &a.brian;Thanks to the following for their input, comments &
suggestions:&a.nik;&a.dirkvangulik;&a.pjc;Setting up Kernel PPPContributed by &a.gena;.Before you start setting up PPP on your machine make sure that
pppd is located in /usr/sbin and
directory /etc/ppp exists.pppd can work in two modes:as a “client”, i.e. you want to connect your machine
to outside world via PPP serial connection or modem line.as a “server”, i.e. your machine is located on the
network and used to connect other computers using PPP.In both cases you will need to set up an options file
(/etc/ppp/options or ~/.ppprc
if you have more then one user on your machine that uses PPP).You also will need some modem/serial software (preferably kermit) so
you can dial and establish connection with remote host.Working as a PPP clientI used the following /etc/ppp/options to
connect to CISCO terminal server PPP line.
crtscts # enable hardware flow control
modem # modem control line
noipdefault # remote PPP server must supply your IP address.
# if the remote host doesn't send your IP during IPCP
# negotiation , remove this option
passive # wait for LCP packets
domain ppp.foo.com # put your domain name here
:<remote_ip> # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be your
# default routerTo connect:Dial to the remote host using kermit (or other modem program)
enter your user name and password (or whatever is needed to enable
PPP on the remote host)Exit kermit (without hanging up the line).enter:&prompt.root; /usr/src/usr.sbin/pppd.new/pppd /dev/tty0119200Use the appropriate speed and device name.Now your computer is connected with PPP. If the connection fails
for some reasons you can add the option to the
/etc/ppp/options file and check messages on the
console to track the problemFollowing /etc/ppp/pppup script will make all
3 stages automatically:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200/etc/ppp/kermit.dial is kermit script that
dials and makes all necessary authorization on the remote host.
(Example of such script is attached to the end of this
document)Use the following /etc/ppp/pppdown script to
disconnect the PPP line:
#!/bin/sh
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill -TERM ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptestCheck if PPP is still running
(/usr/etc/ppp/ppptest):
#!/bin/sh
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'pppd running: PID=' ${pid-NONE}
else
echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0Hangs up modem line
(/etc/ppp/kermit.hup):
set line /dev/tty01 ; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exitHere is an alternate method using chat instead
of kermit.Contributed by &a.rhuff;.The following two files are sufficient to accomplish a pppd
connection./etc/ppp/options:
/dev/cuaa1 115200
crtscts # enable hardware flow control
modem # modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault # remote PPP serve must supply your IP address.
# if the remote host doesn't send your IP during
# IPCP negotiation, remove this option
passive # wait for LCP packets
domain <your.domain> # put your domain name here
: # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be
# your default router/etc/ppp/login.chat.script:(This should actually go into a single line.)
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number>
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id>
TIMEOUT 5 sword: <password>Once these are installed and modified correctly, all you need to
do is&prompt.root; pppdThis sample based primarily on information provided by: Trev
Roydhouse <Trev.Roydhouse@f401.n711.z3.fidonet.org> and used by
permission.Working as a PPP server/etc/ppp/options:
crtscts # Hardware flow control
netmask 255.255.255.0 # netmask ( not required )
192.114.208.20:192.114.208.165 # ip's of local and remote hosts
# local ip must be different from one
# you assigned to the ethernet ( or other )
# interface on your machine.
# remote IP is ip address that will be
# assigned to the remote machine
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem lineFollowing /etc/ppp/pppserv script will enable
ppp server on your machine:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete
# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200Use this /etc/ppp/pppservdown script to stop
ppp server:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noansFollowing kermit script will enable/disable autoanswer mode on
your modem (/etc/ppp/kermit.ans):
set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
; autoanswer mod
inp 5 OK
echo \13
exitThis /etc/ppp/kermit.dial script is used for
dialing and authorizing on remote host. You will need to customize it
for your needs. Put your login and password in this script, also you
will need to change input statement depending on responses from your
modem and remote host.
;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto ; Then SET CARRIER if necessary,
set dial display on ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0 ; login prompt counter
goto slhup
:slcmd ; put the modem in command mode
echo Put the modem in command mode.
clear ; Clear unread characters from input buffer
pause 1
output +++ ; hayes escape sequence
input 1 OK\13\10 ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd ; if modem doesn't answer OK, try again
:slhup ; hang up the phone
clear ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13 ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd ; if no OK answer, put modem in command mode
:sldial ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10 ; put phone number here
assign \%x 0 ; zero the time counter
:look
clear ; Clear unread characters from input buffer
increment \%x ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup
:sllogin ; login
assign \%x 0 ; zero the time counter
pause 1
echo Looking for login prompt.
:slloop
increment \%x ; Count the seconds
clear ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop ; try 10 times to get a login prompt
else goto slhup ; hang up and start again if 10 failures
:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit
:slnodial
echo \7No dialtone. Check the telephone line!\7
exit 1
; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:Setting up a SLIP ClientContributed by &a.asami; 8 Aug 1995.The following is one way to set up a FreeBSD machine for SLIP on a
static host network. For dynamic hostname assignments (i.e., your
address changes each time you dial up), you probably need to do
something much fancier.First, determine which serial port your modem is connected to. I
have a symbolic link to /dev/modem from
/dev/cuaa1, and only use the modem name in my
configuration files. It can become quite cumbersome when you need to
fix a bunch of files in /etc and
.kermrc's all over the system!/dev/cuaa0 is COM1,
cuaa1 is COM2,
etc.Make sure you have
pseudo-device sl 1
in your kernel's config file. It is included in the
GENERIC kernel, so this will not be a problem
unless you deleted it.Things you have to do only onceAdd your home machine, the gateway and nameservers to your
/etc/hosts file. Mine looks like
this:
127.0.0.1 localhost loghost
136.152.64.181 silvia.HIP.Berkeley.EDU silvia.HIP silvia
136.152.64.1 inr-3.Berkeley.EDU inr-3 slip-gateway
128.32.136.9 ns1.Berkeley.edu ns1
128.32.136.12 ns2.Berkeley.edu ns2By the way, silvia is the name of the car that I had when I
was back in Japan (it is called 2?0SX here in U.S.).Make sure you have before
in your /etc/host.conf.
Otherwise, funny things may happen.Edit the file /etc/rc.conf. Note that
you should edit the file /etc/sysconfig
instead if you are running FreeBSD previous to version
2.2.2.Set your hostname by editing the line that says:
hostname=myname.my.domainYou should give it your full Internet hostname.Add sl0 to the list of network interfaces by changing the
line that says:
network_interfaces="lo0"to:
network_interfaces="lo0 sl0"Set the startup flags of sl0 by adding a line:
ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"Designate the default router by changing the line:
defaultrouter=NOto:
defaultrouter=slip-gatewayMake a file /etc/resolv.conf which
contains:
domain HIP.Berkeley.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12As you can see, these set up the nameserver hosts. Of course,
the actual domain names and addresses depend on your
environment.Set the password for root and toor (and any other accounts
that does not have a password). Use passwd, do not edit the
/etc/passwd or
/etc/master.passwd files!Reboot your machine and make sure it comes up with the correct
hostname.Making a SLIP connectionDial up, type slip at the prompt, enter
your machine name and password. The things you need to enter
depends on your environment. I use kermit, with a script like
this:
# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0a(of course, you have to change the hostname and password to
fit yours). Then you can just type slip from
the kermit prompt to get connected.Leaving your password in plain text anywhere in the
filesystem is generally a BAD idea. Do it at your own risk. I
am just too lazy.Leave the kermit there (you can suspend it by
z) and as root, type:&prompt.root; slattach -h -c -s 115200 /dev/modemIf you are able to ping hosts on the other
side of the router, you are connected! If it does not work, you
might want to try instead of
as an argument to slattach.How to shutdown the connectionType
&prompt.root; kill -INT `cat /var/run/slattach.modem.pid`
(as root) to kill slattach. Then go back to kermit
(fg if you suspended it) and exit from it
(q).The slattach man page says you have to use ifconfig sl0
down to mark the interface down, but this does not seem to
make any difference for me. (ifconfig sl0 reports
the same thing.)Some times, your modem might refuse to drop the carrier (mine
often does). In that case, simply start kermit and quit it again. It
usually goes out on the second try.TroubleshootingIf it does not work, feel free to ask me. The things that people
tripped over so far:Not using or in
slattach (I have no idea why this can be fatal, but adding this
flag solved the problem for at least one person)Using instead of
(might be hard to see the difference on some fonts).Try ifconfig sl0 to see your interface
status. I get:&prompt.root; ifconfig sl0
sl0: flags=10<POINTOPOINT>
inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00Also, netstat -r will give the routing
table, in case you get the "no route to host" messages from ping.
Mine looks like:&prompt.root; netstat -r
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
(root node)
(root node)
Route Tree for Protocol Family inet:
(root node) =>
default inr-3.Berkeley.EDU UG 8 224515 sl0 - -
localhost.Berkel localhost.Berkeley UH 5 42127 lo0 - 0.438
inr-3.Berkeley.E silvia.HIP.Berkele UH 1 0 sl0 - -
silvia.HIP.Berke localhost.Berkeley UGH 34 47641234 lo0 - 0.438
(root node)(this is after transferring a bunch of files, your numbers
should be smaller).Setting up a SLIP ServerContributed by &a.ghelmer;. v1.0, 15 May
1995.This document provides suggestions for setting up SLIP Server
services on a FreeBSD system, which typically means configuring your
system to automatically startup connections upon login for remote SLIP
clients. The author has written this document based on his experience;
however, as your system and needs may be different, this document may
not answer all of your questions, and the author cannot be responsible
if you damage your system or lose data due to attempting to follow the
suggestions here.This guide was originally written for SLIP Server services on a
FreeBSD 1.x system. It has been modified to reflect changes in the
pathnames and the removal of the SLIP interface compression flags in
early versions of FreeBSD 2.X, which appear to be the only major changes
between FreeBSD versions. If you do encounter mistakes in this
document, please email the author with enough information to help
correct the problem.PrerequisitesThis document is very technical in nature, so background knowledge
is required. It is assumed that you are familiar with the TCP/IP
network protocol, and in particular, network and node addressing,
network address masks, subnetting, routing, and routing protocols,
such as RIP. Configuring SLIP services on a dial-up server requires a
knowledge of these concepts, and if you are not familiar with them,
please read a copy of either Craig Hunt's TCP/IP Network
Administration published by O'Reilly & Associates,
Inc. (ISBN Number 0-937175-82-X), or Douglas Comer's books on the
TCP/IP protocol.It is further assumed that you have already setup your modem(s)
and configured the appropriate system files to allow logins through
your modems. If you have not prepared your system for this yet,
please see the tutorial for configuring dialup services; if you have a
World-Wide Web browser available, browse the list of tutorials at
- http://www.freebsd.org/;
+ http://www.FreeBSD.org/;
otherwise, check the place where you found this document for a
document named dialup.txt or something similar.
You may also want to check the manual pages for
&man.sio.4; for information on the serial port device driver and
&man.ttys.5;, &man.gettytab.5;, &man.getty.8;, & &man.init.8;
for information relevant to configuring the system to accept logins on
modems, and perhaps &man.stty.1; for information on setting serial
port parameters (such as clocal for
directly-connected serial interfaces).Quick OverviewIn its typical configuration, using FreeBSD as a SLIP server works
as follows: a SLIP user dials up your FreeBSD SLIP Server system and
logs in with a special SLIP login ID that uses
/usr/sbin/sliplogin as the special user's shell.
The sliplogin program browses the file
/etc/sliphome/slip.hosts to find a matching line
for the special user, and if it finds a match, connects the serial
line to an available SLIP interface and then runs the shell script
/etc/sliphome/slip.login to configure the SLIP
interface.An Example of a SLIP Server LoginFor example, if a SLIP user ID were
Shelmerg, Shelmerg's entry
in /etc/master.passwd would look something like
this (except it would be all on one line):
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliploginWhen Shelmerg logs in,
sliplogin will search
/etc/sliphome/slip.hosts for a line that had a
matching user ID; for example, there may be a line in
/etc/sliphome/slip.hosts that reads:
Shelmerg dc-slip sl-helmer 0xfffffc00 autocompsliplogin will find that matching line, hook
the serial line into the next available SLIP interface, and then
execute /etc/sliphome/slip.login like
this:
/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocompIf all goes well, /etc/sliphome/slip.login
will issue an ifconfig for the SLIP interface to
which sliplogin attached itself (slip interface
0, in the above example, which was the first parameter in the list
given to slip.login) to set the local IP
address (dc-slip), remote IP address
(sl-helmer), network mask for the SLIP interface
(0xfffffc00), and any additional
flags (autocomp). If something goes wrong,
sliplogin usually logs good informational
messages via the daemon syslog facility, which
usually goes into /var/log/messages (see the
manual pages for &man.syslogd.8; and
&man.syslog.conf.5, and perhaps check
/etc/syslog.conf to see to which files
syslogd is logging).OK, enough of the examples — let us dive into setting up
the system.Kernel ConfigurationFreeBSD's default kernels usually come with two SLIP interfaces
defined (sl0 and
sl1); you can use netstat
-i to see whether these interfaces are defined in your
kernel.Sample output from netstat -i:Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ed0 1500 <Link>0.0.c0.2c.5f.4a 291311 0 174209 0 133
ed0 1500 138.247.224 ivory 291311 0 174209 0 133
lo0 65535 <Link> 79 0 79 0 0
lo0 65535 loop localhost 79 0 79 0 0
sl0* 296 <Link> 0 0 0 0 0
sl1* 296 <Link> 0 0 0 0 0The sl0 and sl1
interfaces shown in netstat -i's output indicate
that there are two SLIP interfaces built into the kernel. (The
asterisks after the sl0 and sl1
indicate that the interfaces are “down”.)However, FreeBSD's default kernels do not come configured to
forward packets (ie, your FreeBSD machine will not act as a router)
due to Internet RFC requirements for Internet hosts (see RFC's 1009
[Requirements for Internet Gateways], 1122 [Requirements for Internet
Hosts — Communication Layers], and perhaps 1127 [A Perspective
on the Host Requirements RFCs]), so if you want your FreeBSD SLIP
Server to act as a router, you will have to edit the
/etc/rc.conf file (called
/etc/sysconfig in FreeBSD releases prior to
2.2.2) and change the setting of the gateway
variable to . If you have an older system which
predates even the /etc/sysconfig file, then add
the following command:
sysctl -w net.inet.ip.forwarding = 1
to your /etc/rc.local file.You will then need to reboot for the new settings to take
effect.You will notice that near the end of the default kernel
configuration file (/sys/i386/conf/GENERIC) is a
line that reads:
pseudo-device sl 2This is the line that defines the number of SLIP devices available
in the kernel; the number at the end of the line is the maximum number
of SLIP connections that may be operating simultaneously.Please refer to Configuring the
FreeBSD Kernel for help in reconfiguring your kernel.Sliplogin ConfigurationAs mentioned earlier, there are three files in the
/etc/sliphome directory that are part of the
configuration for /usr/sbin/sliplogin (see
&man.sliplogin.8; for the actual manual page for
sliplogin): slip.hosts, which
defines the SLIP users & their associated IP addresses;
slip.login, which usually just configures the
SLIP interface; and (optionally) slip.logout,
which undoes slip.login's effects when the serial
connection is terminated.slip.hosts Configuration/etc/sliphome/slip.hosts contains lines
which have at least four items, separated by whitespace:SLIP user's login IDLocal address (local to the SLIP server) of the SLIP
linkRemote address of the SLIP linkNetwork maskThe local and remote addresses may be host names (resolved to IP
addresses by /etc/hosts or by the domain name
service, depending on your specifications in
/etc/host.conf), and I believe the network mask
may be a name that can be resolved by a lookup into
/etc/networks. On a sample system,
/etc/sliphome/slip.hosts looks like
this:
#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocompAt the end of the line is one or more of the options. — no header compression — compress headers — compress headers if the
remote end allows it — disable ICMP packets (so any
“ping” packets will be dropped instead of using up
your bandwidth)Note that sliplogin under early releases of
FreeBSD 2 ignored the options that FreeBSD 1.x recognized, so the
options , ,
, and had no effect
until support was added in FreeBSD 2.2 (unless your
slip.login script included code to make use of
the flags).Your choice of local and remote addresses for your SLIP links
depends on whether you are going to dedicate a TCP/IP subnet or if
you are going to use “proxy ARP” on your SLIP server (it
is not “true” proxy ARP, but that is the terminology
used in this document to describe it). If you are not sure which
method to select or how to assign IP addresses, please refer to the
TCP/IP books referenced in the slips-prereqs section and/or
consult your IP network manager.If you are going to use a separate subnet for your SLIP clients,
you will need to allocate the subnet number out of your assigned IP
network number and assign each of your SLIP client's IP numbers out
of that subnet. Then, you will probably either need to configure a
static route to the SLIP subnet via your SLIP server on your nearest
IP router, or install gated on your FreeBSD SLIP
server and configure it to talk the appropriate routing protocols to
your other routers to inform them about your SLIP server's route to
the SLIP subnet.Otherwise, if you will use the “proxy ARP” method,
you will need to assign your SLIP client's IP addresses out of your
SLIP server's Ethernet subnet, and you will also need to adjust your
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout scripts to use
&man.arp.8; to manage the proxy-ARP entries in the SLIP server's
ARP table.slip.login ConfigurationThe typical /etc/sliphome/slip.login file
looks like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6This slip.login file merely
ifconfig's the appropriate SLIP interface with
the local and remote addresses and network mask of the SLIP
interface.If you have decided to use the “proxy ARP” method
(instead of using a separate subnet for your SLIP clients), your
/etc/sliphome/slip.login file will need to look
something like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pubThe additional line in this slip.login,
arp -s $5 00:11:22:33:44:55 pub, creates an
ARP entry in the SLIP server's ARP table. This ARP entry causes the
SLIP server to respond with the SLIP server's Ethernet MAC address
whenever a another IP node on the Ethernet asks to speak to the SLIP
client's IP address.When using the example above, be sure to replace the Ethernet
MAC address (00:11:22:33:44:55) with the
MAC address of your system's Ethernet card, or your “proxy
ARP” will definitely not work! You can discover your SLIP
server's Ethernet MAC address by looking at the results of running
netstat -i; the second line of the output should
look something like:ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116This indicates that this particular system's Ethernet MAC
address is 00:02:c1:28:5f:4a — the
periods in the Ethernet MAC address given by netstat
-i must be changed to colons and leading zeros should be
added to each single-digit hexadecimal number to convert the address
into the form that
&man.arp.8; desires; see the manual page on &man.arp.8; for
complete information on usage.When you create /etc/sliphome/slip.login
and /etc/sliphome/slip.logout, the
“execute” bit (ie, chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout)
must be set, or sliplogin will be unable to
execute it.slip.logout Configuration/etc/sliphome/slip.logout is not strictly
needed (unless you are implementing “proxy ARP”), but if
you decide to create it, this is an example of a basic
slip.logout script:
#!/bin/sh -
#
# slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 downIf you are using “proxy ARP”, you will want to have
/etc/sliphome/slip.logout remove the ARP entry
for the SLIP client:
#!/bin/sh -
#
# @(#)slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5The arp -d $5 removes the ARP entry that
the “proxy ARP” slip.login added
when the SLIP client logged in.It bears repeating: make sure
/etc/sliphome/slip.logout has the execute
bit set for after you create it (ie, chmod
755 /etc/sliphome/slip.logout).Routing ConsiderationsIf you are not using the “proxy ARP” method for
routing packets between your SLIP clients and the rest of your network
(and perhaps the Internet), you will probably either have to add
static routes to your closest default router(s) to route your SLIP
client subnet via your SLIP server, or you will probably need to
install and configure gated on your FreeBSD SLIP
server so that it will tell your routers via appropriate routing
protocols about your SLIP subnet.Static RoutesAdding static routes to your nearest default routers can be
troublesome (or impossible, if you do not have authority to do
so...). If you have a multiple-router network in your organization,
some routers, such as Cisco and Proteon, may not only need to be
configured with the static route to the SLIP subnet, but also need
to be told which static routes to tell other routers about, so some
expertise and troubleshooting/tweaking may be necessary to get
static-route-based routing to work.Running gatedAn alternative to the headaches of static routes is to install
gated on your FreeBSD SLIP server and configure
it to use the appropriate routing protocols (RIP/OSPF/BGP/EGP) to
tell other routers about your SLIP subnet. You can use
gated from the ports
collection or retrieve and build it yourself from the
GateD anonymous ftp site; I believe the current version as
of this writing is gated-R3_5Alpha_8.tar.Z,
which includes support for FreeBSD “out-of-the-box”.
Complete information and documentation on gated
is available on the Web starting at the Merit GateD
Consortium. Compile and install it, and then write a
/etc/gated.conf file to configure your gated;
here is a sample, similar to what the author used on a FreeBSD SLIP
server:
#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
rip yes {
interface sl noripout noripin ;
interface ed ripin ripout version 1 ;
traceoptions route ;
} ;
#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
traceoptions remnants request routes info interface ;
} ;
#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#
export proto rip interface ed {
proto direct {
xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
} ;
} ;
#
# Accept routes from RIP via ed Ethernet interfaces
import proto rip interface ed {
all ;
} ;The above sample gated.conf file broadcasts
routing information regarding the SLIP subnet
xxx.xxx.yy via RIP onto the Ethernet; if
you are using a different Ethernet driver than the
ed driver, you will need to change the
references to the ed interface
appropriately. This sample file also sets up tracing to
/var/tmp/gated.output for debugging
gated's activity; you can certainly turn off the
tracing options if gated works OK for you. You
will need to change the xxx.xxx.yy's into
the network address of your own SLIP subnet (be sure to change the
net mask in the proto direct clause as
well).When you get gated built and installed and
create a configuration file for it, you will need to run
gated in place of routed on
your FreeBSD system; change the routed/gated
startup parameters in /etc/netstart as
appropriate for your system. Please see the manual page for
gated for information on
gated's command-line parameters.AcknowledgmentsThanks to these people for comments and advice regarding this
tutorial:&a.wilko;Piero SeriniPiero@Strider.Inet.IT
diff --git a/en/handbook/security/chapter.sgml b/en/handbook/security/chapter.sgml
index 4d972ffb8f..44cce02e76 100644
--- a/en/handbook/security/chapter.sgml
+++ b/en/handbook/security/chapter.sgml
@@ -1,1612 +1,1612 @@
SecurityDES, MD5, and CryptContributed by &a.wollman; 24 September
1995.In order to protect the security of passwords on UN*X systems from
being easily exposed, passwords have traditionally been scrambled in
some way. Starting with Bell Labs' Seventh Edition Unix, passwords were
encrypted using what the security people call a “one-way hash
function”. That is to say, the password is transformed in such a
way that the original password cannot be regained except by brute-force
searching the space of possible passwords. Unfortunately, the only
secure method that was available to the AT&T researchers at the time
was based on DES, the Data Encryption Standard. This causes only
minimal difficulty for commercial vendors, but is a serious problem for
an operating system like FreeBSD where all the source code is freely
available, because national governments in many places like to place
restrictions on cross-border transport of DES and other encryption
software.So, the FreeBSD team was faced with a dilemma: how could we provide
compatibility with all those UNIX systems out there while still not
running afoul of the law? We decided to take a dual-track approach: we
would make distributions which contained only a non-regulated password
scrambler, and then provide as a separate add-on library the DES-based
password hash. The password-scrambling function was moved out of the C
library to a separate library, called libcrypt
because the name of the C function to implement it is
crypt. In FreeBSD 1.x and some pre-release 2.0
snapshots, the non-regulated scrambler uses an insecure function written
by Nate Williams; in subsequent releases this was replaced by a
mechanism using the RSA Data Security, Inc., MD5 one-way hash function.
Because neither of these functions involve encryption, they are believed
to be exportable from the US and importable into many other
countries.Meanwhile, work was also underway on the DES-based password hash
function. First, a version of the crypt function
which was written outside the US was imported, thus synchronizing the US
and non-US code. Then, the library was modified and split into two; the
DES libcrypt contains only the code involved in
performing the one-way password hash, and a separate
libcipher was created with the entry points to
actually perform encryption. The code was partitioned in this way to
make it easier to get an export license for the compiled library.Recognizing your crypt mechanismIt is fairly easy to recognize whether a particular password
string was created using the DES- or MD5-based hash function. MD5
password strings always begin with the characters
$1$. DES password strings do not have any
particular identifying characteristics, but they are shorter than MD5
passwords, and are coded in a 64-character alphabet which does not
include the $ character, so a relatively short
string which doesn't begin with a dollar sign is very likely a DES
password.Determining which library is being used on your system is fairly
easy for most programs, except for those like init
which are statically linked. (For those programs, the only way is to
try them on a known password and see if it works.) Programs which use
crypt are linked against
libcrypt, which for each type of library is a
symbolic link to the appropriate implementation. For example, on a
system using the DES versions:&prompt.user; ls -l /usr/lib/libcrypt*
lrwxr-xr-x 1 root wheel 13 Mar 19 06:56 libcrypt.a -> libdescrypt.a
lrwxr-xr-x 1 root wheel 18 Mar 19 06:56 libcrypt.so.2.0 -> libdescrypt.so.2.0
lrwxr-xr-x 1 root wheel 15 Mar 19 06:56 libcrypt_p.a -> libdescrypt_p.aOn a system using the MD5-based libraries, the same links will be
present, but the target will be libscrypt rather
than libdescrypt.S/KeyContributed by &a.wollman; 25 September
1995.S/Key is a one-time password scheme based on a one-way hash function
(in our version, this is MD4 for compatibility; other versions have used
MD5 and DES-MAC). S/Key has been a standard part of all FreeBSD
distributions since version 1.1.5, and is also implemented on a large
and growing number of other systems. S/Key is a registered trademark of
Bell Communications Research, Inc.There are three different sorts of passwords which we will talk
about in the discussion below. The first is your usual UNIX-style or
Kerberos password; we will call this a “UNIX password”. The
second sort is the one-time password which is generated by the S/Key
key program and accepted by the
keyinit program and the login prompt; we will call
this a “one-time password”. The final sort of password is
the secret password which you give to the key program
(and sometimes the keyinit program) which it uses to
generate one-time passwords; we will call it a “secret
password” or just unqualified “password”.The secret password does not necessarily have anything to do with
your UNIX password (while they can be the same, this is not
recommended). While UNIX passwords are limited to eight characters in
length, your S/Key secret password can be as long as you like; I use
seven-word phrases. In general, the S/Key system operates completely
independently of the UNIX password system.There are in addition two other sorts of data involved in the S/Key
system; one is called the “seed” or (confusingly)
“key”, and consists of two letters and five digits, and the
other is the “iteration count” and is a number between 100
and 1. S/Key constructs a one-time password from these components by
concatenating the seed and the secret password, then applying a one-way
hash (the RSA Data Security, Inc., MD4 secure hash function)
iteration-count times, and turning the result into six short English
words. The login and su programs
keep track of the last one-time password used, and the user is
authenticated if the hash of the user-provided password is equal to the
previous password. Because a one-way hash function is used, it is not
possible to generate future one-time passwords having overheard one
which was successfully used; the iteration count is decremented after
each successful login to keep the user and login program in sync. (When
you get the iteration count down to 1, it is time to reinitialize
S/Key.)There are four programs involved in the S/Key system which we will
discuss below. The key program accepts an iteration
count, a seed, and a secret password, and generates a one-time password.
The keyinit program is used to initialized S/Key, and
to change passwords, iteration counts, or seeds; it takes either a
secret password, or an iteration count, seed, and one-time password.
The keyinfo program examines the
/etc/skeykeys file and prints out the invoking
user's current iteration count and seed. Finally, the
login and su programs contain the
necessary logic to accept S/Key one-time passwords for authentication.
The login program is also capable of disallowing the
use of UNIX passwords on connections coming from specified
addresses.There are four different sorts of operations we will cover. The
first is using the keyinit program over a secure
connection to set up S/Key for the first time, or to change your
password or seed. The second operation is using the
keyinit program over an insecure connection, in
conjunction with the key program over a secure
connection, to do the same. The third is using the
key program to log in over an insecure connection.
The fourth is using the key program to generate a
number of keys which can be written down or printed out to carry with
you when going to some location without secure connections to anywhere
(like at a conference).Secure connection initializationTo initialize S/Key, change your password, or change your seed
while logged in over a secure connection (e.g., on the console of a
machine), use the keyinit command without any
parameters while logged in as yourself:&prompt.user; keyinit
Updating wollman: ) these will not appear if you
Old key: ha73895 ) have not used S/Key before
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: ) I typed my pass phrase here
Again secret password: ) I typed it again ID
wollman s/key is 99 ha73896 ) discussed below SAG
HAS FONT GOUT FATE BOOM )There is a lot of information here. At theEnter secret
password: prompt, you should enter some password or phrase
(I use phrases of minimum seven words) which will be needed to
generate login keys. The line starting `ID' gives the parameters of
your particular S/Key instance: your login name, the iteration count,
and seed. When logging in with S/Key, the system will remember these
parameters and present them back to you so you do not have to remember
them. The last line gives the particular one-time password which
corresponds to those parameters and your secret password; if you were
to re-login immediately, this one-time password is the one you would
use.Insecure connection initializationTo initialize S/Key or change your password or seed over an
insecure connection, you will need to already have a secure connection
to some place where you can run the key program;
this might be in the form of a desk accessory on a Macintosh, or a
shell prompt on a machine you trust (we will show the latter). You
will also need to make up an iteration count (100 is probably a good
value), and you may make up your own seed or use a randomly-generated
one. Over on the insecure connection (to the machine you are
initializing), use the keyinit -s command:&prompt.user; keyinit -s
Updating wollman: Old key: kh94741
Reminder you need the 6 English words from the skey command.
Enter sequence count from 1 to 9999:100 ) I typed this
Enter new key [default kh94742]:
s/key 100 kh94742To accept the default seed (which the keyinit
program confusingly calls a key), press return.
Then move over to your secure connection or S/Key desk accessory, and
give it the same parameters:&prompt.user; key 100 kh94742
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: ) I typed my secret password
HULL NAY YANG TREE TOUT VETONow switch back over to the insecure connection, and copy the
one-time password generated by key over to the
keyinit program:s/key access password:HULL NAY YANG TREE TOUT VETO
ID wollman s/key is 100 kh94742
HULL NAY YANG TREE TOUT VETOThe rest of the description from the previous section applies here
as well.Diversion: a login promptBefore explaining how to generate one-time passwords, we should go
over an S/Key login prompt:&prompt.user; telnet himalia
Trying 18.26.0.186...
Connected to himalia.lcs.mit.edu.
Escape character is '^]'.
s/key 92 hi52030
Password:Note that, before prompting for a password, the login program
prints out the iteration number and seed which you will need in order
to generate the appropriate key. You will also find a useful feature
(not shown here): if you press return at the password prompt, the
login program will turn echo on, so you can see what you are typing.
This can be extremely useful if you are attempting to type in an S/Key
by hand, such as from a printout.If this machine were configured to disallow UNIX passwords over a
connection from my machine, the prompt would have also included the
annotation (s/key required), indicating that only
S/Key one-time passwords will be accepted.Generating a single one-time passwordNow, to generate the one-time password needed to answer this login
prompt, we use a trusted machine and the key
program. (There are versions of the key program
from DOS and Windows machines, and there is an S/Key desk accessory
for Macintosh computers as well.) The command-line
key program takes as its parameters the iteration
count and seed; you can cut-and-paste right from the login prompt
starting at key to the end of the line.
Thus:&prompt.user; key 92 hi52030 ) pasted from previous section
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: ) I typed my secret password
ADEN BED WOLF HAW HOT STUNAnd in the other window:s/key 92 hi52030 ) from previous section
Password:
(turning echo on)
Password:ADEN BED WOLF HAW HOT STUN
Last login: Wed Jun 28 15:31:00 from halloran-eldar.l
[etc.]This is the easiest mechanism if you have a
trusted machine. There is a Java S/Key key applet,
The Java OTP
Calculator, that you can download and run locally on any
Java supporting brower.Generating multiple one-time passwordsSometimes we have to go places where no trusted machines or
connections are available. In this case, it is possible to use the
key command to generate a number of one-time
passwords in the same command; these can then be printed out. For
example:&prompt.user; key -n 25 57 zz99999
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password:
33: WALT THY MALI DARN NIT HEAD
34: ASK RICE BEAU GINA DOUR STAG
…
56: AMOS BOWL LUG FAT CAIN INCH
57: GROW HAYS TUN DISH CAR BALMThe requests twenty-five keys in sequence;
the indicates the ending
iteration number; and the rest is as before. Note that these are
printed out in reverse order of eventual use. If
you are really paranoid, you might want to write the results down by
hand; otherwise you can cut-and-paste into lpr.
Note that each line shows both the iteration count and the one-time
password; you may still find it handy to scratch off passwords as you
use them.Restricting use of UNIX passwordsThe configuration file /etc/skey.access can
be used to configure restrictions on the use of UNIX passwords based
on the host name, user name, terminal port, or IP address of a login
session. The complete format of the file is documented in the
&man.skey.access.5; manual page; there are also some security
cautions there which should be read before depending on this file for
security.If there is no /etc/skey.access file (which
is the default state as FreeBSD is shipped), then all users will be
allowed to use UNIX passwords. If the file exists, however, then all
users will be required to use S/Key unless explicitly permitted to do
otherwise by configuration statements in the
skey.access file. In all cases, UNIX passwords
are permitted on the console.Here is a sample configuration file which illustrates the three
most common sorts of configuration statements:
permit internet 18.26.0.0 255.255.0.0
permit user jrl
permit port ttyd0The first line (permit internet) allows users
whose IP source address (which is vulnerable to spoofing) matches the
specified value and mask, to use UNIX passwords. This should not be
considered a security mechanism, but rather, a means to remind
authorized users that they are using an insecure network and need to
use S/Key for authentication.The second line (permit user) allows the
specified user to use UNIX passwords at any time. Generally speaking,
this should only be used for people who are either unable to use the
key program, like those with dumb terminals, or
those who are uneducable.The third line (permit port) allows all users
logging in on the specified terminal line to use UNIX passwords; this
would be used for dial-ups.KerberosContributed by &a.markm; (based on contribution by
&a.md;).Kerberos is a network add-on system/protocol that allows users to
authenticate themselves through the services of a secure server.
Services such as remote login, remote copy, secure inter-system file
copying and other high-risk tasks are made considerably safer and more
controllable.The following instructions can be used as a guide on how to set up
Kerberos as distributed for FreeBSD. However, you should refer to the
relevant manual pages for a complete description.In FreeBSD, the Kerberos is not that from the original 4.4BSD-Lite,
distribution, but eBones, which had been previously ported to FreeBSD
1.1.5.1, and was sourced from outside the USA/Canada, and is thus
available to system owners outside those countries.For those needing to get a legal foreign distribution of this
software, please do not get it from a USA or Canada
site. You will get that site in big trouble! A
legal copy of this is available from ftp.internat.freebsd.org, which is in South
+ role="fqdn">ftp.internat.FreeBSD.org, which is in South
Africa and an official FreeBSD mirror site.Creating the initial databaseThis is done on the Kerberos server only. First make sure that
you do not have any old Kerberos databases around. You should change
to the directory /etc/kerberosIV and check that
only the following files are present:&prompt.root; cd /etc/kerberosIV
&prompt.root; ls
README krb.conf krb.realmsIf any additional files (such as principal.*
or master_key) exist, then use the
kdb_destroy command to destroy the old Kerberos
database, of if Kerberos is not running, simply delete the extra
files.You should now edit the krb.conf and
krb.realms files to define your Kerberos realm.
In this case the realm will be GRONDAR.ZA and the
server is grunt.grondar.za. We edit or create
the krb.conf file:&prompt.root; cat krb.conf
GRONDAR.ZA
GRONDAR.ZA grunt.grondar.za admin server
CS.BERKELEY.EDU okeeffe.berkeley.edu
ATHENA.MIT.EDU kerberos.mit.edu
ATHENA.MIT.EDU kerberos-1.mit.edu
ATHENA.MIT.EDU kerberos-2.mit.edu
ATHENA.MIT.EDU kerberos-3.mit.edu
LCS.MIT.EDU kerberos.lcs.mit.edu
TELECOM.MIT.EDU bitsy.mit.edu
ARC.NASA.GOV trident.arc.nasa.govIn this case, the other realms do not need to be there. They are
here as an example of how a machine may be made aware of multiple
realms. You may wish to not include them for simplicity.The first line names the realm in which this system works. The
other lines contain realm/host entries. The first item on a line is a
realm, and the second is a host in that realm that is acting as a
“key distribution centre”. The words admin
server following a hosts name means that host also
provides an administrative database server. For further explanation
of these terms, please consult the Kerberos man pages.Now we have to add grunt.grondar.za
to the GRONDAR.ZA realm and also add an entry to
put all hosts in the .grondar.za
domain in the GRONDAR.ZA realm. The
krb.realms file would be updated as
follows:&prompt.root; cat krb.realms
grunt.grondar.za GRONDAR.ZA
.grondar.za GRONDAR.ZA
.berkeley.edu CS.BERKELEY.EDU
.MIT.EDU ATHENA.MIT.EDU
.mit.edu ATHENA.MIT.EDUAgain, the other realms do not need to be there. They are here as
an example of how a machine may be made aware of multiple realms. You
may wish to remove them to simplify things.The first line puts the specific system into
the named realm. The rest of the lines show how to default systems of
a particular subdomain to a named realm.Now we are ready to create the database. This only needs to run
on the Kerberos server (or Key Distribution Centre). Issue the
kdb_init command to do this:&prompt.root; kdb_initRealm name [default ATHENA.MIT.EDU ]:GRONDAR.ZA
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter Kerberos master key:Now we have to save the key so that servers on the local machine
can pick it up. Use the kstash command to do
this.&prompt.root; kstashEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!This saves the encrypted master password in
/etc/kerberosIV/master_key.Making it all runTwo principals need to be added to the database for
each system that will be secured with Kerberos.
Their names are kpasswd and rcmd
These two principals are made for each system, with the instance being
the name of the individual system.These daemons, kpasswd and
rcmd allow other systems to change Kerberos
passwords and run commands like rcp,
rlogin and rsh.Now let's add these entries:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:passwdInstance:grunt
<Not found>, Create [y] ?y
Principal: passwd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?y
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name:rcmdInstance:grunt
<Not found>, Create [y] ?
Principal: rcmd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitCreating the server fileWe now have to extract all the instances which define the services
on each machine. For this we use the ext_srvtab
command. This will create a file which must be copied or moved
by secure means to each Kerberos client's
/etc/kerberosIV directory. This file must be present on each server
and client, and is crucial to the operation of Kerberos.&prompt.root; ext_srvtab gruntEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Generating 'grunt-new-srvtab'....Now, this command only generates a temporary file which must be
renamed to srvtab so that all the server can pick
it up. Use the mv command to move it into place on
the original system:&prompt.root; mv grunt-new-srvtab srvtabIf the file is for a client system, and the network is not deemed
safe, then copy the
client-new-srvtab to
removable media and transport it by secure physical means. Be sure to
rename it to srvtab in the client's
/etc/kerberosIV directory, and make sure it is
mode 600:&prompt.root; mv grumble-new-srvtab srvtab
&prompt.root; chmod 600 srvtabPopulating the databaseWe now have to add some user entries into the database. First
let's create an entry for the user jane. Use the
kdb_edit command to do this:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:
<Not found>, Create [y] ?y
Principal: jane, Instance: , kdc_key_ver: 1
New Password: <---- enter a secure password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitTesting it all outFirst we have to start the Kerberos daemons. NOTE that if you
have correctly edited your /etc/rc.conf then this
will happen automatically when you reboot. This is only necessary on
the Kerberos server. Kerberos clients will automagically get what
they need from the /etc/kerberosIV
directory.&prompt.root; kerberos &
Kerberos server starting
Sleep forever on error
Log file is /var/log/kerberos.log
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Current Kerberos master key version is 1
Local realm: GRONDAR.ZA
&prompt.root; kadmind -n &
KADM Server KADM0.0A initializing
Please do not use 'kill -9' to kill this job, use a
regular kill instead
Current Kerberos master key version is 1.
Master key entered. BEWARE!Now we can try using the kinit command to get a
ticket for the id jane that we created
above:&prompt.user; kinit jane
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane"
Password:Try listing the tokens using klist to see if we
really have them:&prompt.user; klist
Ticket file: /tmp/tkt245
Principal: jane@GRONDAR.ZA
Issued Expires Principal
Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.GRONDAR.ZA@GRONDAR.ZANow try changing the password using passwd to
check if the kpasswd daemon can get authorization to the Kerberos
database:&prompt.user; passwd
realm GRONDAR.ZA
Old password for jane:New Password for jane:
Verifying password
New Password for jane:
Password changed.Adding su privilegesKerberos allows us to give each user who
needs root privileges their own separatesupassword. We could now add an id which is
authorized to su to root.
This is controlled by having an instance of root
associated with a principal. Using kdb_edit we can
create the entry jane.root in the Kerberos
database:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:root
<Not found>, Create [y] ? y
Principal: jane, Instance: root, kdc_key_ver: 1
New Password: <---- enter a SECURE password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?12 <--- Keep this short!
Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitNow try getting tokens for it to make sure it works:&prompt.root; kinit jane.root
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane.root"
Password:Now we need to add the user to root's .klogin
file:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZANow try doing the su:&prompt.user; suPassword:and take a look at what tokens we have:&prompt.root; klist
Ticket file: /tmp/tkt_root_245
Principal: jane.root@GRONDAR.ZA
Issued Expires Principal
May 2 20:43:12 May 3 04:43:12 krbtgt.GRONDAR.ZA@GRONDAR.ZAUsing other commandsIn an earlier example, we created a principal called
jane with an instance root.
This was based on a user with the same name as the principal, and this
is a Kerberos default; that a
<principal>.<instance> of the form
<username>.root will allow
that <username> to su to
root if the necessary entries are in the .klogin
file in root's home directory:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZALikewise, if a user has in their own home directory lines of the
form:&prompt.user; cat ~/.klogin
jane@GRONDAR.ZA
jack@GRONDAR.ZAThis allows anyone in the GRONDAR.ZA realm
who has authenticated themselves to jane or
jack (via kinit, see above)
access to rlogin to jane's
account or files on this system (grunt) via
rlogin, rsh or
rcp.For example, Jane now logs into another system, using
Kerberos:&prompt.user; kinit
MIT Project Athena (grunt.grondar.za)
Password:
%prompt.user; rlogin grunt
Last login: Mon May 1 21:14:47 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995Or Jack logs into Jane's account on the same machine (Jane having
set up the .klogin file as above, and the person
in charge of Kerberos having set up principal
jack with a null instance:&prompt.user; kinit
&prompt.user; rlogin grunt -l jane
MIT Project Athena (grunt.grondar.za)
Password:
Last login: Mon May 1 21:16:55 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995FirewallsContributed by &a.gpalmer; and &a.alex;.Firewalls are an area of increasing interest for people who are
connected to the Internet, and are even finding applications on private
networks to provide enhanced security. This section will hopefully
explain what firewalls are, how to use them, and how to use the
facilities provided in the FreeBSD kernel to implement them.People often think that having a firewall between your companies
internal network and the “Big Bad Internet” will solve all
your security problems.It may help, but a poorly setup firewall system is more of a
security risk than not having one at all. A firewall can only add
another layer of security to your systems, but they will not be able
to stop a really determined cracker from penetrating your internal
network. If you let internal security lapse because you believe your
firewall to be impenetrable, you have just made the crackers job that
bit easier.What is a firewall?There are currently two distinct types of firewalls in common use
on the Internet today. The first type is more properly called a
packet filtering router, where the kernel on a
multi-homed machine chooses whether to forward or block packets based
on a set of rules. The second type, known as proxy
servers, rely on daemons to provide authentication and to
forward packets, possibly on a multi-homed machine which has kernel
packet forwarding disabled.Sometimes sites combine the two types of firewalls, so that only a
certain machine (known as a bastion host) is
allowed to send packets through a packet filtering router onto an
internal network. Proxy services are run on the bastion host, which
are generally more secure than normal authentication
mechanisms.FreeBSD comes with a kernel packet filter (known as
IPFW), which is what the rest of this
section will concentrate on. Proxy servers can be built on FreeBSD
from third party software, but there is such a variety of proxy
servers available that it would be impossible to cover them in this
document.Packet filtering routersA router is a machine which forwards packets between two or more
networks. A packet filtering router has an extra piece of code in
its kernel, which compares each packet to a list of rules before
deciding if it should be forwarded or not. Most modern IP routing
software has packet filtering code in it, which defaults to
forwarding all packets. To enable the filters, you need to define a
set of rules for the filtering code, so that it can decide if the
packet should be allowed to pass or not.To decide if a packet should be passed on or not, the code looks
through its set of rules for a rule which matches the contents of
this packets headers. Once a match is found, the rule action is
obeyed. The rule action could be to drop the packet, to forward the
packet, or even to send an ICMP message back to the originator.
Only the first match counts, as the rules are searched in order.
Hence, the list of rules can be referred to as a “rule
chain”.The packet matching criteria varies depending on the software
used, but typically you can specify rules which depend on the source
IP address of the packet, the destination IP address, the source
port number, the destination port number (for protocols which
support ports), or even the packet type (UDP, TCP, ICMP,
etc).Proxy serversProxy servers are machines which have had the normal system
daemons (telnetd, ftpd, etc) replaced with special servers. These
servers are called proxy servers as they
normally only allow onward connections to be made. This enables you
to run (for example) a proxy telnet server on your firewall host,
and people can telnet in to your firewall from the outside, go
through some authentication mechanism, and then gain access to the
internal network (alternatively, proxy servers can be used for
signals coming from the internal network and heading out).Proxy servers are normally more secure than normal servers, and
often have a wider variety of authentication mechanisms available,
including “one-shot” password systems so that even if
someone manages to discover what password you used, they will not be
able to use it to gain access to your systems as the password
instantly expires. As they do not actually give users access to the
host machine, it becomes a lot more difficult for someone to install
backdoors around your security system.Proxy servers often have ways of restricting access further, so
that only certain hosts can gain access to the servers, and often
they can be set up so that you can limit which users can talk to
which destination machine. Again, what facilities are available
depends largely on what proxy software you choose.What does IPFW allow me to do?IPFW, the software supplied with
FreeBSD, is a packet filtering and accounting system which resides in
the kernel, and has a user-land control utility,
&man.ipfw.8;. Together, they allow you to define and query the
rules currently used by the kernel in its routing decisions.There are two related parts to IPFW.
The firewall section allows you to perform packet filtering. There is
also an IP accounting section which allows you to track usage of your
router, based on similar rules to the firewall section. This allows
you to see (for example) how much traffic your router is getting from
a certain machine, or how much WWW (World Wide Web) traffic it is
forwarding.As a result of the way that IPFW is
designed, you can use IPFW on non-router
machines to perform packet filtering on incoming and outgoing
connections. This is a special case of the more general use of
IPFW, and the same commands and techniques
should be used in this situation.Enabling IPFW on FreeBSDAs the main part of the IPFW system
lives in the kernel, you will need to add one or more options to your
kernel configuration file, depending on what facilities you want, and
recompile your kernel. See reconfiguring
the kernel for more details on how to recompile your
kernel.There are currently three kernel configuration options relevant to
IPFW:options IPFIREWALLCompiles into the kernel the code for packet
filtering.options IPFIREWALL_VERBOSEEnables code to allow logging of packets through
&man.syslogd.8;. Without this option, even if you specify
that packets should be logged in the filter rules, nothing will
happen.options IPFIREWALL_VERBOSE_LIMIT=10Limits the number of packets logged through
&man.syslogd.8; on a per entry basis. You may wish to use
this option in hostile environments in which you want to log
firewall activity, but do not want to be open to a denial of
service attack via syslog flooding.When a chain entry reaches the packet limit specified,
logging is turned off for that particular entry. To resume
logging, you will need to reset the associated counter using the
&man.ipfw.8; utility:&prompt.root; ipfw zero 4500Where 4500 is the chain entry you wish to continue
logging.Previous versions of FreeBSD contained an
IPFIREWALL_ACCT option. This is now obsolete as
the firewall code automatically includes accounting
facilities.Configuring IPFWThe configuration of the IPFW software
is done through the &man.ipfw.8; utility. The syntax for this
command looks quite complicated, but it is relatively simple once you
understand its structure.There are currently four different command categories used by the
utility: addition/deletion, listing, flushing, and clearing.
Addition/deletion is used to build the rules that control how packets
are accepted, rejected, and logged. Listing is used to examine the
contents of your rule set (otherwise known as the chain) and packet
counters (accounting). Flushing is used to remove all entries from
the chain. Clearing is used to zero out one or more accounting
entries.Altering the IPFW rulesThe syntax for this form of the command is:
ipfw-NcommandindexactionlogprotocoladdressesoptionsThere is one valid flag when using this form of the
command:-NResolve addresses and service names in output.The command given can be shortened to the
shortest unique form. The valid commands
are:addAdd an entry to the firewall/accounting rule listdeleteDelete an entry from the firewall/accounting rule
listPrevious versions of IPFW used
separate firewall and accounting entries. The present version
provides packet accounting with each firewall entry.If an index value is supplied, it used to
place the entry at a specific point in the chain. Otherwise, the
entry is placed at the end of the chain at an index 100 greater than
the last chain entry (this does not include the default policy, rule
65535, deny).The log option causes matching rules to be
output to the system console if the kernel was compiled with
IPFIREWALL_VERBOSE.Valid actions are:rejectDrop the packet, and send an ICMP host or port unreachable
(as appropriate) packet to the source.allowPass the packet on as normal. (aliases:
pass and
accept)denyDrop the packet. The source is not notified via an
ICMP message (thus it appears that the packet never
arrived at the destination).countUpdate packet counters but do not allow/deny the packet
based on this rule. The search continues with the next chain
entry.Each action will be recognized by the
shortest unambiguous prefix.The protocols which can be specified
are:allMatches any IP packeticmpMatches ICMP packetstcpMatches TCP packetsudpMatches UDP packetsThe address specification is:fromaddress/maskporttoaddress/markportvia interfaceYou can only specify port in
conjunction with protocols which support ports
(UDP and TCP).The is optional and may specify the IP
address or domain name of a local IP interface, or an interface name
(e.g. ed0) to match only packets coming
through this interface. Interface unit numbers can be specified
with an optional wildcard. For example, ppp*
would match all kernel PPP interfaces.The syntax used to specify an
address/mask is:
address
or
address/mask-bits
or
address:mask-patternA valid hostname may be specified in place of the IP address.
is a decimal
number representing how many bits in the address mask should be set.
e.g. specifying 192.216.222.1/24 will create a
mask which will allow any address in a class C subnet (in this case,
192.216.222) to be matched.
is an IP
address which will be logically AND'ed with the address given. The
keyword any may be used to specify “any IP
address”.The port numbers to be blocked are specified as:
port,port,port…
to specify either a single port or a list of ports, or
port-port
to specify a range of ports. You may also combine a single range
with a list, but the range must always be specified first.The options available are:fragMatches if the packet is not the first fragment of the
datagram.inMatches if the packet is on the way in.outMatches if the packet is on the way out.ipoptions specMatches if the IP header contains the comma separated list
of options specified in spec. The
supported list of IP options are: ssrr
(strict source route), lsrr (loose source
route), rr (record packet route), and
ts (timestamp). The absence of a
particular option may be denoted with a leading
!.establishedMatches if the packet is part of an already established
TCP connection (i.e. it has the RST or ACK bits set). You can
optimize the performance of the firewall by placing
established rules early in the
chain.setupMatches if the packet is an attempt to establish a TCP
connection (the SYN bit set is set but the ACK bit is
not).tcpflags flagsMatches if the TCP header contains the comma separated
list of flags. The supported flags
are fin, syn,
rst, psh,
ack, and urg. The
absence of a particular flag may be indicated by a leading
!.icmptypes typesMatches if the ICMP type is present in the list
types. The list may be specified
as any combination of ranges and/or individual types separated
by commas. Commonly used ICMP types are: 0
echo reply (ping reply), 3 destination
unreachable, 5 redirect,
8 echo request (ping request), and
11 time exceeded (used to indicate TTL
expiration as with &man.traceroute.8;).Listing the IPFW rulesThe syntax for this form of the command is:
ipfw-a-t-NlThere are three valid flags when using this form of the
command:-aWhile listing, show counter values. This option is the
only way to see accounting counters.-tDisplay the last match times for each chain entry. The
time listing is incompatible with the input syntax used by the
&man.ipfw.8; utility.-NAttempt to resolve given addresses and service
names.Flushing the IPFW rulesThe syntax for flushing the chain is:
ipfwflushThis causes all entries in the firewall chain to be removed
except the fixed default policy enforced by the kernel (index
65535). Use caution when flushing rules, the default deny policy
will leave your system cut off from the network until allow entries
are added to the chain.Clearing the IPFW packet countersThe syntax for clearing one or more packet counters is:
ipfwzeroindexWhen used without an index argument,
all packet counters are cleared. If an
index is supplied, the clearing operation
only affects a specific chain entry.Example commands for ipfwThis command will deny all packets from the host evil.crackers.org to the telnet port of the
host nice.people.org by being forwarded
by the router:&prompt.root ipfw add deny tcp from evil.crackers.org to nice.people.org 23The next example denies and logs any TCP traffic from the entire
crackers.org network (a class C) to
the nice.people.org machine (any
port).&prompt.root; ipfw add deny log tcp from evil.crackers.org/24 to nice.people.orgIf you do not want people sending X sessions to your internal
network (a subnet of a class C), the following command will do the
necessary filtering:&prompt.root; ipfw add deny tcp from any to my.org/28 6000 setupTo see the accounting records:
&prompt.root; ipfw -a list
or in the short form
&prompt.root; ipfw -a lYou can also see the last time a chain entry was matched
with:&prompt.root; ipfw -at lBuilding a packet filtering firewallThe following suggestions are just that: suggestions. The
requirements of each firewall are different and I cannot tell you
how to build a firewall to meet your particular requirements.When initially setting up your firewall, unless you have a test
bench setup where you can configure your firewall host in a controlled
environment, I strongly recommend you use the logging version of the
commands and enable logging in the kernel. This will allow you to
quickly identify problem areas and cure them without too much
disruption. Even after the initial setup phase is complete, I
recommend using the logging for of `deny' as it allows tracing of
possible attacks and also modification of the firewall rules if your
requirements alter.If you use the logging versions of the accept
command, it can generate large amounts of log
data as one log line will be generated for every packet that passes
through the firewall, so large ftp/http transfers, etc, will really
slow the system down. It also increases the latencies on those
packets as it requires more work to be done by the kernel before the
packet can be passed on. syslogd with also start using up a lot
more processor time as it logs all the extra data to disk, and it
could quite easily fill the partition /var/log
is located on.You should enable your firewall from
/etc/rc.conf.local or
/etc/rc.conf. The associated manpage explains
which knobs to fiddle and lists some preset firewall configurations.
If you do not use a preset configuration, ipfw list
will output the current ruleset into a file that you can
pass to rc.conf. If you do not use
/etc/rc.conf.local or
/etc/rc.conf to enable your firewall,
it is important to make sure your firewall is enabled before
any IP interfaces are configured.
The next problem is what your firewall should actually
do! This is largely dependent on what access to
your network you want to allow from the outside, and how much access
to the outside world you want to allow from the inside. Some general
rules are:Block all incoming access to ports below 1024 for TCP. This is
where most of the security sensitive services are, like finger,
SMTP (mail) and telnet.Block all incoming UDP traffic. There
are very few useful services that travel over UDP, and what useful
traffic there is is normally a security threat (e.g. Suns RPC and
NFS protocols). This has its disadvantages also, since UDP is a
connectionless protocol, denying incoming UDP traffic also blocks
the replies to outgoing UDP traffic. This can cause a problem for
people (on the inside) using external archie (prospero) servers.
If you want to allow access to archie, you'll have to allow
packets coming from ports 191 and 1525 to any internal UDP port
through the firewall. ntp is another service you may consider
allowing through, which comes from port 123.Block traffic to port 6000 from the outside. Port 6000 is the
port used for access to X11 servers, and can be a security threat
(especially if people are in the habit of doing xhost
+ on their workstations). X11 can actually use a
range of ports starting at 6000, the upper limit being how many X
displays you can run on the machine. The upper limit as defined
by RFC 1700 (Assigned Numbers) is 6063.Check what ports any internal servers use (e.g. SQL servers,
etc). It is probably a good idea to block those as well, as they
normally fall outside the 1-1024 range specified above.Another checklist for firewall configuration is available from
CERT at ftp://ftp.cert.org/pub/tech_tips/packet_filteringAs I said above, these are only guidelines.
You will have to decide what filter rules you want to use on your
firewall yourself. I cannot accept ANY responsibility if someone
breaks into your network, even if you follow the advice given
above.
diff --git a/en/handbook/staff/chapter.sgml b/en/handbook/staff/chapter.sgml
index 31288cb6a8..f906ca12c8 100644
--- a/en/handbook/staff/chapter.sgml
+++ b/en/handbook/staff/chapter.sgml
@@ -1,869 +1,869 @@
FreeBSD Project StaffThe FreeBSD Project is managed and operated by the following groups of
people:The FreeBSD Core TeamThe FreeBSD core team constitutes the project's “Board of
Directors”, responsible for deciding the project's overall goals
and direction as well as managing specific
areas of the FreeBSD project landscape.(in alphabetical order by last name):&a.asami;&a.jmb;&a.ache;&a.bde;&a.gibbs;&a.dg;&a.jkh;&a.phk;&a.rich;&a.gpalmer;&a.jdp;&a.dfr;&a.sos;&a.peter;&a.wollman;&a.joerg;The FreeBSD DevelopersThese are the people who have commit privileges and do the
engineering work on the FreeBSD source tree. All core team members are
also developers.&a.ugen;&a.mbarkah;&a.stb;&a.pb;&a.abial;&a.jb;&a.torstenb;&a.dburr;&a.charnier;&a.luoqi;&a.ejc;&a.kjc;&a.gclarkii;&a.archie;&a.alc;&a.cracauer;&a.adam;&a.dillon;&a.dufault;&a.uhclem;&a.tegge;&a.eivind;&a.julian;&a.rse;&a.ru;&a.se;&a.jasone;&a.sef;&a.green;&a.fenner;&a.jfieber;&a.jfitz;&a.scrappy;&a.lars;&a.dirk;&a.shige;&a.billf;&a.gallatin;&a.tg;&a.brandon;&a.graichen;&a.jgreco;&a.rgrimes;&a.jmg;&a.hanai;&a.mharo;&a.thepish;&a.jhay;&a.sheldonh;&a.helbig;&a.ghelmer;&a.erich;&a.nhibma;&a.flathill;&a.hosokawa;&a.hsu;&a.foxfair;&a.tom;&a.mph;&a.itojun;&a.iwasaki;&a.mjacob;&a.gj;&a.nsj;&a.ljo;&a.kato;&a.andreas;&a.motoyuki;&a.jkoshy;&a.kuriyama;&a.grog;&a.jlemon;&a.truckman;&a.imp;&a.jmacd;&a.smace;&a.mckay;&a.mckusick;&a.ken;&a.hm;&a.tedm;&a.amurai;&a.markm;&a.max;&a.alex;&a.newton;&a.rnordier;&a.davidn;&a.obrien;&a.danny;&a.ljo;&a.fsmp;&a.smpatel;&a.wpaul;&a.wes;&a.cpiazza;&a.steve;&a.mpp;&a.jraynard;&a.darrenr;&a.csgr;&a.martin;&a.paul;&a.roberto;&a.chuckr;&a.guido;&a.dima;&a.sada;&a.nsayer;&a.wosch;&a.ats;&a.dick;&a.jseger;&a.simokawa;&a.vanilla;&a.msmith;&a.des;&a.brian;&a.mks;&a.stark;&a.karl;&a.taoka;&a.dt;&a.cwt;&a.pst;&a.hoek;&a.nectar;&a.swallace;&a.dwhite;&a.nate;&a.yokota;&a.jmz;The FreeBSD Documentation Project
- The FreeBSD
+ The FreeBSD
Documentation Project is responsible for a number of different
services, each service being run by an individual and his
deputies (if any):Documentation Project Manager&a.nik;Webmaster&a.wosch;Handbook & FAQ Editor&a.faq;News Editor&a.nsj;Deputy: &a.john;In the Press Editor&a.jkoshyFreeBSD Really-Quick NewsLetter EditorChris Coleman chrisc@vmunix.comGallery Editor&a.nsj;Deputy: &a.cawimm;Commercial Editor&a.nik;Web Changes Editor-LinuxDoc to DocBook conversion&a.nik;Who Is Responsible for WhatPrincipal Architect&a.dg;Documentation
+ url="http://www.FreeBSD.org/docproj/docproj.html">Documentation
Project Manager&a.nik;Internationalization&a.ache;Networking&a.wollman;Postmaster&a.jmb;Release Coordinator&a.jkh;Public Relations & Corporate Liaison&a.jkh;
- Security
+ Security
Officer&a.imp;
- Source
+ Source
Repository ManagersPrincipal: &a.peter;Assistant: &a.jdp;International (Crypto): &a.markm;
- Ports
+ Ports
Manager&a.asami;XFree86 Project, Inc. Liaison&a.rich;Usenet Support&a.joerg;
- GNATS
+ GNATS
Administrator&a.steve;Webmaster
+ url="http://www.FreeBSD.org/internal/">Webmaster
&a.wosch;
diff --git a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
index 99ca9d0f2c..a5ed9584f2 100644
--- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
@@ -1,934 +1,934 @@
Advanced NetworkingGateways and RoutesContributed by &a.gryphon;. 6 October
1995.For one machine to be able to find another, there must be a
mechanism in place to describe how to get from one to the other. This is
called Routing. A “route” is a defined pair of addresses: a
“destination” and a “gateway”. The pair
indicates that if you are trying to get to this
destination, send along through this
gateway. There are three types of destinations:
individual hosts, subnets, and “default”. The
“default route” is used if none of the other routes apply.
We will talk a little bit more about default routes later on. There are
also three types of gateways: individual hosts, interfaces (also called
“links”), and ethernet hardware addresses.An exampleTo illustrate different aspects of routing, we will use the
following example which is the output of the command netstat
-r:Destination Gateway Flags Refs Use Netif Expire
default outside-gw UGSc 37 418 ppp0
localhost localhost UH 0 181 lo0
test0 0:e0:b5:36:cf:4f UHLW 5 63288 ed0 77
10.20.30.255 link#1 UHLW 1 2421
foobar.com link#1 UC 0 0
host1 0:e0:a8:37:8:1e UHLW 3 4601 lo0
host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
host2.foobar.com link#1 UC 0 0
224 link#1 UC 0 0The first two lines specify the default route (which we will cover
in the next section) and the localhost route.The interface (Netif column) that it specifies
to use for localhost is
lo0, also known as the loopback device. This
says to keep all traffic for this destination internal, rather than
sending it out over the LAN, since it will only end up back where it
started anyway.The next thing that stands out are the 0:e0:... addresses. These are ethernet hardware
addresses. FreeBSD will automatically identify any hosts
(test0 in the example) on the local ethernet and add
a route for that host, directly to it over the ethernet interface,
ed0. There is also a timeout
(Expire column) associated with this type of route,
which is used if we fail to hear from the host in a specific amount of
time. In this case the route will be automatically deleted. These
hosts are identified using a mechanism known as RIP (Routing
Information Protocol), which figures out routes to local hosts based
upon a shortest path determination.FreeBSD will also add subnet routes for the local subnet (10.20.30.255 is the broadcast address for the
subnet 10.20.30, and foobar.com is the domain name associated
with that subnet). The designation link#1 refers
to the first ethernet card in the machine. You will notice no
additional interface is specified for those.Both of these groups (local network hosts and local subnets) have
their routes automatically configured by a daemon called
routed. If this is not run, then only routes which
are statically defined (ie. entered explicitly) will exist.The host1 line refers to our host, which it
knows by ethernet address. Since we are the sending host, FreeBSD
knows to use the loopback interface (lo0)
rather than sending it out over the ethernet interface.The two host2 lines are an example of what
happens when we use an ifconfig alias (see the section of ethernet for
reasons why we would do this). The => symbol
after the lo0 interface says that not only
are we using the loopback (since this is address also refers to the
local host), but specifically it is an alias. Such routes only show
up on the host that supports the alias; all other hosts on the local
network will simply have a link#1 line for
such.The final line (destination subnet 224) deals
with MultiCasting, which will be covered in a another section.The other column that we should talk about are the
Flags. Each route has different attributes that
are described in the column. Below is a short table of some of these
flags and their meanings:UUp: The route is active.HHost: The route destination is a single host.GGateway: Send anything for this destination on to this
remote system, which will figure out from there where to send
it.SStatic: This route was configured manually, not
automatically generated by the system.CClone: Generates a new route based upon this route for
machines we connect to. This type of route is normally used
for local networks.WWasCloned: Indicated a route that was auto-configured
based upon a local area network (Clone) route.LLink: Route involves references to ethernet
hardware.Default routesWhen the local system needs to make a connection to remote host,
it checks the routing table to determine if a known path exists. If
the remote host falls into a subnet that we know how to reach (Cloned
routes), then the system checks to see if it can connect along that
interface.If all known paths fail, the system has one last option: the
“default” route. This route is a special type of gateway
route (usually the only one present in the system), and is always
marked with a c in the flags field. For hosts on a
local area network, this gateway is set to whatever machine has a
direct connection to the outside world (whether via PPP link, or your
hardware device attached to a dedicated data line).If you are configuring the default route for a machine which
itself is functioning as the gateway to the outside world, then the
default route will be the gateway machine at your Internet Service
Provider's (ISP) site.Let us look at an example of default routes. This is a common
configuration:
[Local2] <--ether--> [Local1] <--PPP--> [ISP-Serv] <--ether--> [T1-GW]
The hosts Local1 and Local2 are
at your site, with the formed being your PPP connection to your ISP's
Terminal Server. Your ISP has a local network at their site, which
has, among other things, the server where you connect and a hardware
device (T1-GW) attached to the ISP's Internet feed.The default routes for each of your machines will be:hostdefault gatewayinterfaceLocal2Local1ethernetLocal1T1-GWPPPA common question is “Why (or how) would we set the T1-GW to
be the default gateway for Local1, rather than the ISP server it is
connected to?”.Remember, since the PPP interface is using an address on the ISP's
local network for your side of the connection, routes for any other
machines on the ISP's local network will be automatically generated.
Hence, you will already know how to reach the T1-GW machine, so there
is no need for the intermediate step of sending traffic to the ISP
server.As a final note, it is common to use the address ...1 as the gateway address for your local
network. So (using the same example), if your local class-C address
space was 10.20.30 and your ISP was
using 10.9.9 then the default routes
would be:
Local2 (10.20.30.2) --> Local1 (10.20.30.1)
Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1)
Dual homed hostsThere is one other type of configuration that we should cover, and
that is a host that sits on two different networks. Technically, any
machine functioning as a gateway (in the example above, using a PPP
connection) counts as a dual-homed host. But the term is really only
used to refer to a machine that sits on two local-area
networks.In one case, the machine as two ethernet cards, each having an
address on the separate subnets. Alternately, the machine may only
have one ethernet card, and be using ifconfig aliasing. The former is
used if two physically separate ethernet networks are in use, the
latter if there is one physical network segment, but two logically
separate subnets.Either way, routing tables are set up so that each subnet knows
that this machine is the defined gateway (inbound route) to the other
subnet. This configuration, with the machine acting as a Bridge
between the two subnets, is often used when we need to implement
packet filtering or firewall security in either or both
directions.Routing propagationWe have already talked about how we define our routes to the
outside world, but not about how the outside world finds us.We already know that routing tables can be set up so that all
traffic for a particular address space (in our examples, a class-C
subnet) can be sent to a particular host on that network, which will
forward the packets inbound.When you get an address space assigned to your site, your service
provider will set up their routing tables so that all traffic for your
subnet will be sent down your PPP link to your site. But how do sites
across the country know to send to your ISP?There is a system (much like the distributed DNS information) that
keeps track of all assigned address-spaces, and defines their point of
connection to the Internet Backbone. The “Backbone” are
the main trunk lines that carry Internet traffic across the country,
and around the world. Each backbone machine has a copy of a master
set of tables, which direct traffic for a particular network to a
specific backbone carrier, and from there down the chain of service
providers until it reaches your network.It is the task of your service provider to advertise to the
backbone sites that they are the point of connection (and thus the
path inward) for your site. This is known as route
propagation.TroubleshootingSometimes, there is a problem with routing propagation, and some
sites are unable to connect to you. Perhaps the most useful command
for trying to figure out where a routing is breaking down is the
&man.traceroute.8; command. It is equally useful if you cannot seem
to make a connection to a remote machine (i.e. &man.ping.8;
fails).The &man.traceroute.8; command is run with the name of the remote
host you are trying to connect to. It will show the gateway hosts
along the path of the attempt, eventually either reaching the target
host, or terminating because of a lack of connection.For more information, see the manual page for
&man.traceroute.8;.NFSContributed by &a.jlind;.Certain Ethernet adapters for ISA PC systems have limitations which
can lead to serious network problems, particularly with NFS. This
difficulty is not specific to FreeBSD, but FreeBSD systems are affected
by it.The problem nearly always occurs when (FreeBSD) PC systems are
networked with high-performance workstations, such as those made by
Silicon Graphics, Inc., and Sun Microsystems, Inc. The NFS mount will
work fine, and some operations may succeed, but suddenly the server will
seem to become unresponsive to the client, even though requests to and
from other systems continue to be processed. This happens to the client
system, whether the client is the FreeBSD system or the workstation. On
many systems, there is no way to shut down the client gracefully once
this problem has manifested itself. The only solution is often to reset
the client, because the NFS situation cannot be resolved.Though the “correct” solution is to get a higher
performance and capacity Ethernet adapter for the FreeBSD system, there
is a simple workaround that will allow satisfactory operation. If the
FreeBSD system is the server, include the option
on the mount from the client. If the FreeBSD
system is the client, then mount the NFS file
system with the option . These options may be
specified using the fourth field of the fstab entry
on the client for automatic mounts, or by using the
parameter of the mount command for manual mounts.It should be noted that there is a different problem, sometimes
mistaken for this one, when the NFS servers and clients are on different
networks. If that is the case, make certain that
your routers are routing the necessary UDP information, or you will not
get anywhere, no matter what else you are doing.In the following examples, fastws is the host
(interface) name of a high-performance workstation, and
freebox is the host (interface) name of a FreeBSD
system with a lower-performance Ethernet adapter. Also,
/sharedfs will be the exported NFS filesystem (see
man exports), and /project will
be the mount point on the client for the exported file system. In all
cases, note that additional options, such as or
and may be desirable in your
application.Examples for the FreeBSD system (freebox) as the
client: in /etc/fstab on freebox:
fastws:/sharedfs /project nfs rw,-r=1024 0 0As a manual mount command on freebox:&prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /projectExamples for the FreeBSD system as the server: in
/etc/fstab on fastws:
freebox:/sharedfs /project nfs rw,-w=1024 0 0As a manual mount command on fastws:&prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /projectNearly any 16-bit Ethernet adapter will allow operation without the
above restrictions on the read or write size.For anyone who cares, here is what happens when the failure occurs,
which also explains why it is unrecoverable. NFS typically works with a
“block” size of 8k (though it may do fragments of smaller
sizes). Since the maximum Ethernet packet is around 1500 bytes, the NFS
“block” gets split into multiple Ethernet packets, even
though it is still a single unit to the upper-level code, and must be
received, assembled, and acknowledged as a unit.
The high-performance workstations can pump out the packets which
comprise the NFS unit one right after the other, just as close together
as the standard allows. On the smaller, lower capacity cards, the later
packets overrun the earlier packets of the same unit before they can be
transferred to the host and the unit as a whole cannot be reconstructed
or acknowledged. As a result, the workstation will time out and try
again, but it will try again with the entire 8K unit, and the process
will be repeated, ad infinitum.By keeping the unit size below the Ethernet packet size limitation,
we ensure that any complete Ethernet packet received can be acknowledged
individually, avoiding the deadlock situation.Overruns may still occur when a high-performance workstations is
slamming data out to a PC system, but with the better cards, such
overruns are not guaranteed on NFS “units”. When an overrun
occurs, the units affected will be retransmitted, and there will be a
fair chance that they will be received, assembled, and
acknowledged.Diskless OperationContributed by &a.martin;.netboot.com/netboot.rom
allow you to boot your FreeBSD machine over the network and run FreeBSD
without having a disk on your client. Under 2.0 it is now possible to
have local swap. Swapping over NFS is also still supported.Supported Ethernet cards include: Western Digital/SMC 8003, 8013,
8216 and compatibles; NE1000/NE2000 and compatibles (requires
recompile)Setup InstructionsFind a machine that will be your server. This machine will
require enough disk space to hold the FreeBSD 2.0 binaries and
have bootp, tftp and NFS services available. Tested
machines:HP9000/8xx running HP-UX 9.04 or later (pre 9.04 doesn't
work)Sun/Solaris 2.3. (you may need to get bootp)Set up a bootp server to provide the client with IP, gateway,
netmask.
diskless:\
:ht=ether:\
:ha=0000c01f848a:\
:sm=255.255.255.0:\
:hn:\
:ds=192.1.2.3:\
:ip=192.1.2.4:\
:gw=192.1.2.5:\
:vm=rfc1048:Set up a TFTP server (on same machine as bootp server) to
provide booting information to client. The name of this file is
cfg.X.X.X.X (or
/tftpboot/cfg.X.X.X.X,
it will try both) where X.X.X.X is the
IP address of the client. The contents of this file can be any
valid netboot commands. Under 2.0, netboot has the following
commands:helpprint help listip
print/set client's IP addressserver
print/set bootp/tftp server addressnetmask
print/set netmaskhostname nameprint/set hostnamekernel
print/set kernel namerootfs
print/set root filesystemswapfs
print/set swap filesystemswapsize
set diskless swapsize in Kbytesdiskbootboot from diskautobootcontinue boot processtrans
|turn transceiver on|offflags
set boot flagsA typical completely diskless cfg file might contain:
rootfs 192.1.2.3:/rootfs/myclient
swapfs 192.1.2.3:/swapfs
swapsize 20000
hostname myclient.mydomainA cfg file for a machine with local swap might contain:
rootfs 192.1.2.3:/rootfs/myclient
hostname myclient.mydomainEnsure that your NFS server has exported the root (and swap if
applicable) filesystems to your client, and that the client has
root access to these filesystems A typical
/etc/exports file on FreeBSD might look
like:
/rootfs/myclient -maproot=0:0 myclient.mydomain
/swapfs -maproot=0:0 myclient.mydomainAnd on HP-UX:
/rootfs/myclient -root=myclient.mydomain
/swapfs -root=myclient.mydomainIf you are swapping over NFS (completely diskless
configuration) create a swap file for your client using
dd. If your swapfs command
has the arguments /swapfs and the size 20000
as in the example above, the swapfile for myclient will be called
/swapfs/swap.X.X.X.X
where X.X.X.X is the client's IP addr,
eg:&prompt.root; dd if=/dev/zero of=/swapfs/swap.192.1.2.4 bs=1k count=20000Also, the client's swap space might contain sensitive
information once swapping starts, so make sure to restrict read
and write access to this file to prevent unauthorized
access:&prompt.root; chmod 0600 /swapfs/swap.192.1.2.4Unpack the root filesystem in the directory the client will
use for its root filesystem (/rootfs/myclient
in the example above).On HP-UX systems: The server should be running HP-UX 9.04
or later for HP9000/800 series machines. Prior versions do not
allow the creation of device files over NFS.When extracting /dev in
/rootfs/myclient, beware that some
systems (HPUX) will not create device files that FreeBSD is
happy with. You may have to go to single user mode on the
first bootup (press control-c during the bootup phase), cd
/dev and do a sh ./MAKEDEV
all from the client to fix this.Run netboot.com on the client or make an
EPROM from the netboot.rom fileUsing Shared / and /usr
filesystemsAt present there isn't an officially sanctioned way of doing this,
although I have been using a shared /usr
filesystem and individual / filesystems for each
client. If anyone has any suggestions on how to do this cleanly,
please let me and/or the &a.core; know.Compiling netboot for specific setupsNetboot can be compiled to support NE1000/2000 cards by changing
the configuration in
/sys/i386/boot/netboot/Makefile. See the
comments at the top of this file.ISDNLast modified by &a.wlloyd;.A good resource for information on ISDN technology and hardware is
Dan Kegel's ISDN
Page.A quick simple roadmap to ISDN follows:If you live in Europe I suggest you investigate the ISDN card
section.If you are planning to use ISDN primarily to connect to the
Internet with an Internet Provider on a dialup non-dedicated basis,
I suggest you look into Terminal Adapters. This will give you the
most flexibility, with the fewest problems, if you change
providers.If you are connecting two lans together, or connecting to the
Internet with a dedicated ISDN connection, I suggest you consider
the stand alone router/bridge option.Cost is a significant factor in determining what solution you will
choose. The following options are listed from least expensive to most
expensive.ISDN CardsContributed by &a.hm;.This section is really only relevant to ISDN users in countries
where the DSS1/Q.931 ISDN standard is supported.Some growing number of PC ISDN cards are supported under FreeBSD
2.2.x and up by the isdn4bsd driver package. It is still under
development but the reports show that it is successfully used all over
Europe.The latest isdn4bsd version is available from ftp://isdn4bsd@ftp.consol.de/pub/,
the main isdn4bsd ftp site (you have to log in as user
isdn4bsd , give your mail address as the password
and change to the pub directory. Anonymous ftp
as user ftp or anonymous
will not give the desired result).Isdn4bsd allows you to connect to other ISDN routers using either
IP over raw HDLC or by using synchronous PPP. A telephone answering
machine application is also available.Many ISDN PC cards are supported, mostly the ones with a Siemens
ISDN chipset (ISAC/HSCX), support for other chipsets (from Motorola,
Cologne Chip Designs) is currently under development. For an
up-to-date list of supported cards, please have a look at the README
file.In case you are interested in adding support for a different ISDN
protocol, a currently unsupported ISDN PC card or otherwise enhancing
isdn4bsd, please get in touch with hm@kts.org.A majordomo maintained mailing list is available. To join the
list, send mail to majordomo@FreeBSD.ORG and
specify:
subscribe freebsd-isdnin the body of your message.ISDN Terminal AdaptersTerminal adapters(TA), are to ISDN what modems are to regular
phone lines.Most TA's use the standard hayes modem AT command set, and can be
used as a drop in replacement for a modem.A TA will operate basically the same as a modem except connection
and throughput speeds will be much faster than your old modem. You
will need to configure PPP exactly the same
as for a modem setup. Make sure you set your serial speed as high as
possible.The main advantage of using a TA to connect to an Internet
Provider is that you can do Dynamic PPP. As IP address space becomes
more and more scarce, most providers are not willing to provide you
with a static IP anymore. Most standalone routers are not able to
accommodate dynamic IP allocation.TA's completely rely on the PPP daemon that you are running for
their features and stability of connection. This allows you to
upgrade easily from using a modem to ISDN on a FreeBSD machine, if you
already have PPP setup. However, at the same time any problems you
experienced with the PPP program and are going to persist.If you want maximum stability, use the kernel PPP option, not the user-land iijPPP.The following TA's are know to work with FreeBSD.Motorola BitSurfer and Bitsurfer ProAdtranMost other TA's will probably work as well, TA vendors try to make
sure their product can accept most of the standard modem AT command
set.The real problem with external TA's is like modems you need a good
serial card in your computer.You should read the serial ports
section in the handbook for a detailed understanding of serial
devices, and the differences between asynchronous and synchronous
serial ports.A TA running off a standard PC serial port (asynchronous) limits
you to 115.2Kbs, even though you have a 128Kbs connection. To fully
utilize the 128Kbs that ISDN is capable of, you must move the TA to a
synchronous serial card.Do not be fooled into buying an internal TA and thinking you have
avoided the synchronous/asynchronous issue. Internal TA's simply have
a standard PC serial port chip built into them. All this will do, is
save you having to buy another serial cable, and find another empty
electrical socket.A synchronous card with a TA is at least as fast as a standalone
router, and with a simple 386 FreeBSD box driving it, probably more
flexible.The choice of sync/TA vs standalone router is largely a religious
issue. There has been some discussion of this in the mailing lists.
I suggest you search the archives for the
+ URL="http://www.FreeBSD.org/search.html">archives for the
complete discussion.Standalone ISDN Bridges/RoutersISDN bridges or routers are not at all specific to FreeBSD or any
other operating system. For a more complete description of routing
and bridging technology, please refer to a Networking reference
book.In the context of this page, I will use router and bridge
interchangeably.As the cost of low end ISDN routers/bridges comes down, it will
likely become a more and more popular choice. An ISDN router is a
small box that plugs directly into your local Ethernet network(or
card), and manages its own connection to the other bridge/router. It
has all the software to do PPP and other protocols built in.A router will allow you much faster throughput that a standard TA,
since it will be using a full synchronous ISDN connection.The main problem with ISDN routers and bridges is that
interoperability between manufacturers can still be a problem. If you
are planning to connect to an Internet provider, I recommend that you
discuss your needs with them.If you are planning to connect two lan segments together, ie: home
lan to the office lan, this is the simplest lowest maintenance
solution. Since you are buying the equipment for both sides of the
connection you can be assured that the link will work.For example to connect a home computer or branch office network to
a head office network the following setup could be used.Branch office or Home networkNetwork is 10 Base T Ethernet. Connect router to network cable
with AUI/10BT transceiver, if necessary.
---Sun workstation
|
---FreeBSD box
|
---Windows 95 (Do not admit to owning it)
|
Standalone router
|
ISDN BRI lineIf your home/branch office is only one computer you can use a
twisted pair crossover cable to connect to the standalone router
directly.Head office or other lanNetwork is Twisted Pair Ethernet.
-------Novell Server
| H |
| ---Sun
| |
| U ---FreeBSD
| |
| ---Windows 95
| B |
|___---Standalone router
|
ISDN BRI lineOne large advantage of most routers/bridges is that they allow you
to have 2 separate independent PPP connections to
2 separate sites at the same time. This is not
supported on most TA's, except for specific(expensive) models that
have two serial ports. Do not confuse this with channel bonding, MPP
etc.This can be very useful feature, for example if you have an
dedicated internet ISDN connection at your office and would like to
tap into it, but don't want to get another ISDN line at work. A router
at the office location can manage a dedicated B channel connection
(64Kbs) to the internet, as well as a use the other B channel for a
separate data connection. The second B channel can be used for
dialin, dialout or dynamically bond(MPP etc.) with the first B channel
for more bandwidth.An Ethernet bridge will also allow you to transmit more than just
IP traffic, you can also send IPX/SPX or whatever other protocols you
use.
diff --git a/en_US.ISO8859-1/books/handbook/bibliography/chapter.sgml b/en_US.ISO8859-1/books/handbook/bibliography/chapter.sgml
index aeeab83424..b11aa28161 100644
--- a/en_US.ISO8859-1/books/handbook/bibliography/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/bibliography/chapter.sgml
@@ -1,478 +1,478 @@
BibliographyWhile the manual pages provide the definitive reference for individual
pieces of the FreeBSD operating system, they are notorious for not
illustrating how to put the pieces together to make the whole operating
system run smoothly. For this, there is no substitute for a good book on
UNIX system administration and a good users' manual.Books & Magazines Specific to FreeBSDInternational books &
Magazines:Using
FreeBSD (in Chinese).FreeBSD for PC 98'ers (in Japanese), published by SHUWA System
Co, LTD. ISBN 4-87966-468-5 C3055 P2900E.FreeBSD (in Japanese), published by CUTT. ISBN 4-906391-22-2
C3055 P2400E.Complete Introduction to FreeBSD (in Japanese), published by Shoeisha Co., Ltd. ISBN 4-88135-473-6 P3600E.Personal UNIX Starter Kit FreeBSD (in Japanese), published by ASCII. ISBN 4-7561-1733-3 P3000E.FreeBSD Handbook (Japanese translation), published by ASCII. ISBN 4-7561-1580-2
P3800E.FreeBSD mit Methode (in German), published by Computer und
Literatur Verlag/Vertrieb Hanser, 1998. ISBN 3-932311-31-0.FreeBSD Install and Utilization Manual (in Japanese), published by Mainichi Communications Inc..English language books & Magazines:The
Complete FreeBSD, published by Walnut Creek CDROM.Users' GuidesComputer Systems Research Group, UC Berkeley. 4.4BSD
User's Reference Manual. O'Reilly & Associates,
Inc., 1994. ISBN 1-56592-075-9Computer Systems Research Group, UC Berkeley. 4.4BSD
User's Supplementary Documents. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-076-7UNIX in a Nutshell. O'Reilly &
Associates, Inc., 1990. ISBN 093717520XMui, Linda. What You Need To Know When You Can't Find
Your UNIX System Administrator. O'Reilly &
Associates, Inc., 1995. ISBN 1-56592-104-6Ohio State
University has written a UNIX
Introductory Course which is available online in HTML and
postscript format.Jpman Project, Japan
FreeBSD Users Group. FreeBSD User's
Reference Manual (Japanese translation). Mainichi Communications
Inc., 1998. ISBN4-8399-0088-4 P3800E.Administrators' GuidesAlbitz, Paul and Liu, Cricket. DNS and
BIND, 2nd Ed. O'Reilly & Associates, Inc., 1997.
ISBN 1-56592-236-0Computer Systems Research Group, UC Berkeley. 4.4BSD
System Manager's Manual. O'Reilly & Associates,
Inc., 1994. ISBN 1-56592-080-5Costales, Brian, et al. Sendmail, 2nd Ed.
O'Reilly & Associates, Inc., 1997. ISBN 1-56592-222-0Frisch, Æleen. Essential System
Administration, 2nd Ed. O'Reilly & Associates,
Inc., 1995. ISBN 1-56592-127-5Hunt, Craig. TCP/IP Network
Administration. O'Reilly & Associates, Inc., 1992.
ISBN 0-937175-82-XNemeth, Evi. UNIX System Administration
Handbook. 2nd Ed. Prentice Hall, 1995. ISBN
0131510517Stern, Hal Managing NFS and NIS O'Reilly
& Associates, Inc., 1991. ISBN 0-937175-75-7Jpman Project, Japan
FreeBSD Users Group. FreeBSD System
Administrator's Manual (Japanese translation). Mainichi Communications
Inc., 1998. ISBN4-8399-0109-0 P3300E.Programmers' GuidesAsente, Paul. X Window System Toolkit.
Digital Press. ISBN 1-55558-051-3Computer Systems Research Group, UC Berkeley. 4.4BSD
Programmer's Reference Manual. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-078-3Computer Systems Research Group, UC Berkeley. 4.4BSD
Programmer's Supplementary Documents. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-079-1Harbison, Samuel P. and Steele, Guy L. Jr. C: A
Reference Manual. 4rd ed. Prentice Hall, 1995.
ISBN 0-13-326224-3Kernighan, Brian and Dennis M. Ritchie. The C
Programming Language.. PTR Prentice Hall, 1988.
ISBN 0-13-110362-9Lehey, Greg. Porting UNIX Software.
O'Reilly & Associates, Inc., 1995. ISBN 1-56592-126-7Plauger, P. J. The Standard C Library.
Prentice Hall, 1992. ISBN 0-13-131509-9Stevens, W. Richard. Advanced Programming in the UNIX
Environment. Reading, Mass. : Addison-Wesley, 1992
ISBN 0-201-56317-7Stevens, W. Richard. UNIX Network
Programming. 2nd Ed, PTR Prentice Hall, 1998. ISBN
0-13-490012-XWells, Bill. “Writing Serial Drivers for UNIX”.
Dr. Dobb's Journal. 19(15), December 1994.
pp68-71, 97-99.Operating System InternalsAndleigh, Prabhat K. UNIX System
Architecture. Prentice-Hall, Inc., 1990. ISBN
0-13-949843-5Jolitz, William. “Porting UNIX to the 386”.
Dr. Dobb's Journal. January 1991-July
1992.Leffler, Samuel J., Marshall Kirk McKusick, Michael J Karels and
John Quarterman The Design and Implementation of the
4.3BSD UNIX Operating System. Reading, Mass. :
Addison-Wesley, 1989. ISBN 0-201-06196-1Leffler, Samuel J., Marshall Kirk McKusick, The Design
and Implementation of the 4.3BSD UNIX Operating System: Answer
Book. Reading, Mass. : Addison-Wesley, 1991. ISBN
0-201-54629-9McKusick, Marshall Kirk, Keith Bostic, Michael J Karels, and
John Quarterman. The Design and Implementation of the
4.4BSD Operating System. Reading, Mass. :
Addison-Wesley, 1996. ISBN 0-201-54979-4Stevens, W. Richard. TCP/IP Illustrated, Volume 1:
The Protocols. Reading, Mass. : Addison-Wesley,
1996. ISBN 0-201-63346-9Schimmel, Curt. Unix Systems for Modern
Architectures. Reading, Mass. : Addison-Wesley, 1994.
ISBN 0-201-63338-8Stevens, W. Richard. TCP/IP Illustrated, Volume 3:
TCP for Transactions, HTTP, NNTP and the UNIX Domain
Protocols. Reading, Mass. : Addison-Wesley, 1996.
ISBN 0-201-63495-3Vahalia, Uresh. UNIX Internals -- The New
Frontiers. Prentice Hall, 1996. ISBN
0-13-101908-2Wright, Gary R. and W. Richard Stevens. TCP/IP
Illustrated, Volume 2: The Implementation. Reading,
Mass. : Addison-Wesley, 1995. ISBN 0-201-63354-XSecurity ReferenceCheswick, William R. and Steven M. Bellovin. Firewalls
and Internet Security: Repelling the Wily Hacker.
Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-63357-4Garfinkel, Simson and Gene Spafford. Practical UNIX
Security. 2nd Ed. O'Reilly & Associates, Inc.,
1996. ISBN 1-56592-148-8Garfinkel, Simson. PGP Pretty Good
Privacy O'Reilly & Associates, Inc., 1995. ISBN
1-56592-098-8Hardware ReferenceAnderson, Don and Tom Shanley. Pentium Processor
System Architecture. 2nd Ed. Reading, Mass. :
Addison-Wesley, 1995. ISBN 0-201-40992-5Ferraro, Richard F. Programmer's Guide to the EGA,
VGA, and Super VGA Cards. 3rd ed. Reading, Mass. :
Addison-Wesley, 1995. ISBN 0-201-62490-7Intel Corporation publishes documentation on their CPUs,
chipsets and standards on their developer web site,
usually as PDF files.Shanley, Tom. 80486 System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40994-1Shanley, Tom. ISA System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40996-8Shanley, Tom. PCI System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40993-3Van Gilluwe, Frank. The Undocumented PC.
Reading, Mass: Addison-Wesley Pub. Co., 1994. ISBN
0-201-62277-7UNIX HistoryLion, John Lion's Commentary on UNIX, 6th Ed. With
Source Code. ITP Media Group, 1996. ISBN
1573980137Raymond, Eric S. The New Hacker's Dictonary, 3rd
edition. MIT Press, 1996. ISBN
0-262-68092-0. Also known as the Jargon
FileSalus, Peter H. A quarter century of UNIX.
Addison-Wesley Publishing Company, Inc., 1994. ISBN
0-201-54777-5Simon Garfinkel, Daniel Weise, Steven Strassmann. The
UNIX-HATERS Handbook. IDG Books Worldwide, Inc.,
1994. ISBN 1-56884-203-1Don Libes, Sandy Ressler Life with UNIX
— special edition. Prentice-Hall, Inc., 1989. ISBN
0-13-536657-7The BSD family tree. 1997. ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree or local on a FreeBSD-current machine.
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree">ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree or local on a FreeBSD-current machine.
The BSD Release Announcements collection.
1997. http://www.de.FreeBSD.ORG/de/ftp/releases/Networked Computer Science Technical Reports
Library. http://www.ncstrl.org/Old BSD releases from the Computer Systems Research
group (CSRG). http://www.mckusick.com/csrg/:
The 4CD set covers all BSD versions from 1BSD to 4.4BSD and
4.4BSD-Lite2 (but not 2.11BSD, unfortunately). As well, the last
disk holds the final sources plus the SCCS files.Magazines and JournalsThe C/C++ Users Journal. R&D
Publications Inc. ISSN 1075-2838Sys Admin — The Journal for UNIX System
Administrators Miller Freeman, Inc., ISSN
1061-2688
diff --git a/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.sgml b/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.sgml
index 0656e10e25..d8899c558b 100644
--- a/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/cutting-edge/chapter.sgml
@@ -1,2490 +1,2490 @@
The Cutting Edge: FreeBSD-current and FreeBSD-stableFreeBSD is under constant development between releases. For people
who want to be on the cutting edge, there are several easy mechanisms for
keeping your system in sync with the latest developments. Be warned: the
cutting edge is not for everyone! This chapter will help you decide if you
want to track the development system, or stick with one of the released
versions.Staying Current with FreeBSDContributed by &a.jkh;.What is FreeBSD-current?FreeBSD-current is, quite literally, nothing more than a daily
snapshot of the working sources for FreeBSD. These include work in
progress, experimental changes and transitional mechanisms that may or
may not be present in the next official release of the software.
While many of us compile almost daily from FreeBSD-current sources,
there are periods of time when the sources are literally
un-compilable. These problems are generally resolved as expeditiously
as possible, but whether or not FreeBSD-current sources bring disaster
or greatly desired functionality can literally be a matter of which
part of any given 24 hour period you grabbed them in!Who needs FreeBSD-current?FreeBSD-current is made generally available for 3 primary interest
groups:Members of the FreeBSD group who are actively working on some
part of the source tree and for whom keeping “current”
is an absolute requirement.Members of the FreeBSD group who are active testers, willing
to spend time working through problems in order to ensure that
FreeBSD-current remains as sane as possible. These are also people
who wish to make topical suggestions on changes and the general
direction of FreeBSD.Peripheral members of the FreeBSD (or some other) group who
merely wish to keep an eye on things and use the current sources
for reference purposes (e.g. for reading, not
running). These people also make the occasional comment or
contribute code.What is FreeBSD-current not?A fast-track to getting pre-release bits because you heard
there is some cool new feature in there and you want to be the
first on your block to have it.A quick way of getting bug fixes.In any way “officially supported” by us. We do
our best to help people genuinely in one of the 3
“legitimate” FreeBSD-current categories, but we simply
do not have the time to provide tech support
for it. This is not because we are mean and nasty people who do
not like helping people out (we would not even be doing FreeBSD if
we were), it is literally because we cannot answer 400 messages a
day and actually work on FreeBSD! I am sure
that, if given the choice between having us answer lots of
questions or continuing to improve FreeBSD, most of you would vote
for us improving it.Using FreeBSD-currentJoin the &a.current; and the &a.cvsall; . This is not just a
good idea, it is essential. If you are not
on the FreeBSD-current mailing list, you will
not see the comments that people are making about the current
state of the system and thus will probably end up stumbling over a
lot of problems that others have already found and solved. Even
more importantly, you will miss out on important bulletins which
may be critical to your system's continued health.The cvs-all mailing list will allow you to see
the commit log entry for each change as it is made along with any
pertinent information on possible side-effects.To join these lists, send mail to
&a.majordomo; and specify:
subscribe freebsd-current
subscribe cvs-all
in the body of your message. Optionally, you can also say
help and Majordomo will send you full help on
how to subscribe and unsubscribe to the various other mailing
lists we support.Grab the sources from ftp.FreeBSD.ORG. You can do this in three
ways:Use the CTM facility. Unless
you have a good TCP/IP connection at a flat rate, this is
the way to do it.Use the cvsup program with
this
supfile. This is the second most recommended
method, since it allows you to grab the entire collection
once and then only what has changed from then on. Many people
run cvsup from cron and keep their sources up-to-date
automatically. For a fairly easy interface to this, simply
type:
Use ftp. The source tree for
FreeBSD-current is always “exported” on: ftp://ftp.FreeBSD.ORG/pub/FreeBSD/FreeBSD-current.
We also use wu-ftpd which allows
compressed/tar'd grabbing of whole trees. e.g. you
see:usr.bin/lexYou can do:
ftp>cd usr.binftp>get lex.tar.Z
and it will get the whole directory for you as a compressed
tar file.Essentially, if you need rapid on-demand access to the source
and communications bandwidth is not a consideration, use
cvsup or ftp. Otherwise,
use CTM.If you are grabbing the sources to run, and not just look at,
then grab all of current, not just selected
portions. The reason for this is that various parts of the source
depend on updates elsewhere, and trying to compile just a subset
is almost guaranteed to get you into trouble.Before compiling current, read the Makefile in
/usr/src carefully. You should at least run
a make world the first time
through as part of the upgrading process. Reading the &a.current;
will keep you up-to-date on other bootstrapping procedures that
sometimes become necessary as we move towards the next
release.Be active! If you are running FreeBSD-current, we want to
know what you have to say about it, especially if you have
suggestions for enhancements or bug fixes. Suggestions with
accompanying code are received most enthusiastically!Staying Stable with FreeBSDContributed by &a.jkh;.What is FreeBSD-stable?FreeBSD-stable is our development branch for a more low-key and
conservative set of changes intended for our next mainstream release.
Changes of an experimental or untested nature do not go into this
branch (see FreeBSD-current).Who needs FreeBSD-stable?If you are a commercial user or someone who puts maximum stability
of their FreeBSD system before all other concerns, you should consider
tracking stable. This is especially true if you
have installed the most recent release (&rel.current;-RELEASE
at the time of this writing) since the stable
branch is effectively a bug-fix stream relative to the previous
release.The stable tree endeavors, above all, to be
fully compilable and stable at all times, but we do occasionally
make mistakes (these are still active sources with
quickly-transmitted updates, after all). We also do our best to
thoroughly test fixes in current before
bringing them into stable, but sometimes our
tests fail to catch every case. If something breaks for you in
stable, please let us know
immediately! (see next section).Using FreeBSD-stableJoin the &a.stable;. This will keep you informed of
build-dependencies that may appear in stable
or any other issues requiring special attention. Developers will
also make announcements in this mailing list when they are
contemplating some controversial fix or update, giving the users a
chance to respond if they have any issues to raise concerning the
proposed change.The cvs-all mailing list will allow you to see
the commit log entry for each change as it is made along with any
pertinent information on possible side-effects.To join these lists, send mail to &a.majordomo; and specify:
subscribe freebsd-stable
subscribe cvs-all
in the body of your message. Optionally, you can also say
help and Majordomo will send you full help on
how to subscribe and unsubscribe to the various other mailing
lists we support.If you are installing a new system and want it to be as stable
as possible, you can simply grab the latest dated branch snapshot
from ftp://releng3.FreeBSD.org/pub/FreeBSD/
and install it like any other release.If you are already running a previous release of 2.2 and wish
to upgrade via sources then you can easily do so from ftp.FreeBSD.ORG. This can be done in one
of three ways:Use the CTM facility. Unless
you have a good TCP/IP connection at a flat rate, this is
the way to do it.Use the cvsup program with
this
supfile. This is the second most recommended
method, since it allows you to grab the entire collection
once and then only what has changed from then on. Many people
run cvsup from cron to keep their sources up-to-date
automatically. For a fairly easy interface to this, simply
type;
The FreeBSD mirror
sites database is more accurate than the mirror listing in the
handbook, as it gets its information form the DNS rather than relying on
static lists of hosts.Additionally, FreeBSD is available via anonymous FTP from the
following mirror sites. If you choose to obtain FreeBSD via anonymous
FTP, please try to use a site near you.Argentina,
Australia,
Brazil,
Canada,
Czech Republic,
Denmark,
Estonia,
Finland,
France,
Germany,
Hong Kong,
Ireland,
Israel,
Japan,
Korea,
Netherlands,
New Zealand,
Poland,
Portugal,
Russia,
South Africa,
Spain,
Slovak Republic,
Slovenia,
Sweden,
Taiwan,
Thailand,
UK,
Ukraine,
USA.ArgentinaIn case of problems, please contact the hostmaster
hostmaster@ar.FreeBSD.ORG for this domain.ftp://ftp.ar.FreeBSD.ORG/pub/FreeBSDAustraliaIn case of problems, please contact the hostmaster
hostmaster@au.FreeBSD.ORG for this domain.ftp://ftp.au.FreeBSD.ORG/pub/FreeBSDftp://ftp2.au.FreeBSD.ORG/pub/FreeBSDftp://ftp3.au.FreeBSD.ORG/pub/FreeBSDftp://ftp4.au.FreeBSD.ORG/pub/FreeBSDBrazilIn case of problems, please contact the hostmaster
hostmaster@br.FreeBSD.ORG for this domain.ftp://ftp.br.FreeBSD.ORG/pub/FreeBSDftp://ftp2.br.FreeBSD.ORG/pub/FreeBSDftp://ftp3.br.FreeBSD.ORG/pub/FreeBSDftp://ftp4.br.FreeBSD.ORG/pub/FreeBSDftp://ftp5.br.FreeBSD.ORG/pub/FreeBSDftp://ftp6.br.FreeBSD.ORG/pub/FreeBSDftp://ftp7.br.FreeBSD.ORG/pub/FreeBSDCanadaIn case of problems, please contact the hostmaster
hostmaster@ca.FreeBSD.ORG for this domain.ftp://ftp.ca.FreeBSD.ORG/pub/FreeBSDCzech RepublicIn case of problems, please contact the hostmaster
hostmaster@cz.FreeBSD.ORG for this domain.ftp://ftp.cz.FreeBSD.ORG Contact: calda@dzungle.ms.mff.cuni.czftp://sunsite.mff.cuni.cz/OS/FreeBSD Contact: jj@sunsite.mff.cuni.cz.DenmarkIn case of problems, please contact the hostmaster
hostmaster@dk.FreeBSD.ORG for this domain.ftp://ftp.dk.freeBSD.ORG/pub/FreeBSDEstoniaIn case of problems, please contact the hostmaster
hostmaster@ee.FreeBSD.ORG for this domain.ftp://ftp.ee.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.ee.FreeBSD.org/pub/FreeBSD">ftp://ftp.ee.FreeBSD.org/pub/FreeBSD
FinlandIn case of problems, please contact the hostmaster
hostmaster@fi.FreeBSD.ORG for this domain.ftp://ftp.fi.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.fi.FreeBSD.org/pub/FreeBSD">ftp://ftp.fi.FreeBSD.org/pub/FreeBSD
FranceIn case of problems, please contact the hostmaster
hostmaster@fr.FreeBSD.ORG for this domain.ftp://ftp.fr.FreeBSD.ORG/pub/FreeBSDftp://ftp2.fr.FreeBSD.ORG/pub/FreeBSDftp://ftp3.fr.FreeBSD.ORG/pub/FreeBSDGermanyIn case of problems, please contact the hostmaster
hostmaster@de.FreeBSD.ORG for this domain.ftp://ftp.de.FreeBSD.ORG/pub/FreeBSDftp://ftp2.de.FreeBSD.ORG/pub/FreeBSDftp://ftp3.de.FreeBSD.ORG/pub/FreeBSDftp://ftp4.de.FreeBSD.ORG/pub/FreeBSDftp://ftp5.de.FreeBSD.ORG/pub/FreeBSDftp://ftp6.de.FreeBSD.ORG/pub/FreeBSDftp://ftp7.de.FreeBSD.ORG/pub/FreeBSDHong Kongftp://ftp.hk.super.net/pub/FreeBSD Contact: ftp-admin@HK.Super.NET.IrelandIn case of problems, please contact the hostmaster
hostmaster@ie.FreeBSD.ORG for this domain.ftp://ftp.ie.FreeBSD.ORG/pub/FreeBSDIsraelIn case of problems, please contact the hostmaster
hostmaster@il.FreeBSD.ORG for this domain.ftp://ftp.il.FreeBSD.ORG/pub/FreeBSDftp://ftp2.il.FreeBSD.ORG/pub/FreeBSDJapanIn case of problems, please contact the hostmaster
hostmaster@jp.FreeBSD.ORG for this domain.ftp://ftp.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp2.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp3.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp4.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp5.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp6.jp.FreeBSD.ORG/pub/FreeBSDKoreaIn case of problems, please contact the hostmaster
hostmaster@kr.FreeBSD.ORG for this domain.ftp://ftp.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp2.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp3.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp4.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp5.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp6.kr.FreeBSD.ORG/pub/FreeBSDNetherlandsIn case of problems, please contact the hostmaster
hostmaster@nl.FreeBSD.ORG for this domain.ftp://ftp.nl.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.nl.FreeBSD.org/pub/FreeBSD">ftp://ftp.nl.FreeBSD.org/pub/FreeBSD
New ZealandIn case of problems, please contact the hostmaster
hostmaster@nz.FreeBSD.ORG for this domain.ftp://ftp.nz.FreeBSD.ORG/pub/FreeBSDPolandIn case of problems, please contact the hostmaster
hostmaster@pl.FreeBSD.ORG for this domain.ftp://ftp.pl.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.pl.FreeBSD.org/pub/FreeBSD">ftp://ftp.pl.FreeBSD.org/pub/FreeBSD
PortugalIn case of problems, please contact the hostmaster
hostmaster@pt.FreeBSD.ORG for this domain.ftp://ftp.pt.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp.pt.FreeBSD.org/pub/FreeBSD">ftp://ftp.pt.FreeBSD.org/pub/FreeBSD
ftp://ftp2.pt.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp2.pt.FreeBSD.org/pub/FreeBSD">ftp://ftp2.pt.FreeBSD.org/pub/FreeBSD
RussiaIn case of problems, please contact the hostmaster
hostmaster@ru.FreeBSD.ORG for this domain.ftp://ftp.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp.ru.FreeBSD.org/pub/FreeBSD
ftp://ftp2.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD
ftp://ftp3.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp3.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp3.ru.FreeBSD.org/pub/FreeBSD
- ftp://ftp4.ru.freebsd.org/pub/FreeBSD
+ ftp://ftp4.ru.FreeBSD.org/pub/FreeBSDSouth AfricaIn case of problems, please contact the hostmaster
hostmaster@za.FreeBSD.ORG for this domain.ftp://ftp.za.FreeBSD.ORG/pub/FreeBSDftp://ftp2.za.FreeBSD.ORG/pub/FreeBSDftp://ftp3.za.FreeBSD.ORG/pub/FreeBSDSlovak RepublicIn case of problems, please contact the hostmaster
hostmaster@sk.FreeBSD.ORG for this domain.
- ftp://ftp.sk.freebsd.ORG/pub/FreeBSD
+ ftp://ftp.sk.FreeBSD.org/pub/FreeBSDSloveniaIn case of problems, please contact the hostmaster
- hostmaster@si.FreeBSD.ORG for this domain.
+ hostmaster@si.FreeBSD.org for this domain.
ftp://ftp.si.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.si.FreeBSD.org/pub/FreeBSD">ftp://ftp.si.FreeBSD.org/pub/FreeBSD
SpainIn case of problems, please contact the hostmaster
hostmaster@es.FreeBSD.ORG for this domain.
- ftp://ftp.es.freebsd.ORG/pub/FreeBSD
+ ftp://ftp.es.FreeBSD.org/pub/FreeBSDSwedenIn case of problems, please contact the hostmaster
hostmaster@se.FreeBSD.ORG for this domain.ftp://ftp.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.se.FreeBSD.org/pub/FreeBSD">ftp://ftp.se.FreeBSD.org/pub/FreeBSD
ftp://ftp2.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp2.se.FreeBSD.org/pub/FreeBSD">ftp://ftp2.se.FreeBSD.org/pub/FreeBSD
ftp://ftp3.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp3.se.FreeBSD.org/pub/FreeBSD">ftp://ftp3.se.FreeBSD.org/pub/FreeBSD
TaiwanIn case of problems, please contact the hostmaster
hostmaster@tw.FreeBSD.ORG for this domain.ftp://ftp.tw.FreeBSD.ORG/pub/FreeBSDftp://ftp2.tw.FreeBSD.ORG/pub/FreeBSDftp://ftp3.tw.FreeBSD.ORG/pub/FreeBSDThailandftp://ftp.nectec.or.th/pub/FreeBSD Contact: ftpadmin@ftp.nectec.or.th.Ukraineftp://ftp.ua.FreeBSD.ORG/pub/FreeBSD Contact: freebsd-mnt@lucky.net.UKIn case of problems, please contact the hostmaster
hostmaster@uk.FreeBSD.ORG for this domain.ftp://ftp.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp2.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp3.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp4.uk.FreeBSD.ORG/pub/FreeBSDUSAIn case of problems, please contact the hostmaster
hostmaster@FreeBSD.ORG for this domain.ftp://ftp.FreeBSD.ORG/pub/FreeBSDftp://ftp2.FreeBSD.ORG/pub/FreeBSDftp://ftp3.FreeBSD.ORG/pub/FreeBSDftp://ftp4.FreeBSD.ORG/pub/FreeBSDftp://ftp5.FreeBSD.ORG/pub/FreeBSDftp://ftp6.FreeBSD.ORG/pub/FreeBSDThe latest versions of export-restricted code for FreeBSD (2.0C or
later) (eBones and secure) are being made available at the following
locations. If you are outside the U.S. or Canada, please get secure
(DES) and eBones (Kerberos) from one of the following foreign
distribution sites:South AfricaHostmaster hostmaster@internat.FreeBSD.ORG for
this domain.ftp://ftp.internat.FreeBSD.ORG/pub/FreeBSDftp://ftp2.internat.FreeBSD.ORG/pub/FreeBSDBrazilHostmaster hostmaster@br.FreeBSD.ORG for this
domain.ftp://ftp.br.FreeBSD.ORG/pub/FreeBSDFinlandftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt Contact: count@nic.funet.fi.CTM SitesCTM/FreeBSD is available via anonymous
FTP from the following mirror sites. If you choose to obtain CTM via
anonymous FTP, please try to use a site near you.In case of problems, please contact &a.phk;.California, Bay Area, official sourceftp://ftp.freebsd.org/pub/FreeBSD/development/CTM
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/development/CTM">ftp://ftp.FreeBSD.org/pub/FreeBSD/development/CTM
Germany, Trierftp://ftp.uni-trier.de/pub/unix/systems/BSD/FreeBSD/CTMSouth Africa, backup server for old deltasftp://ftp.internat.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ftp.internat.FreeBSD.org/pub/FreeBSD/CTM">ftp://ftp.internat.FreeBSD.org/pub/FreeBSD/CTM
Taiwan/R.O.C, Chiayiftp://ctm.tw.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ctm.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm.tw.FreeBSD.org/pub/FreeBSD/CTM
ftp://ctm2.tw.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ctm2.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm2.tw.FreeBSD.org/pub/FreeBSD/CTM
ftp://ctm3.tw.freebsd.org/pub/freebsd/CTM
+ URL="ftp://ctm3.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm3.tw.FreeBSD.org/pub/freebsd/CTM
If you did not find a mirror near to you or the mirror is
incomplete, try FTP
search at http://ftpsearch.ntnu.no/ftpsearch.
FTP search is a great free archie server in Trondheim, Norway.CVSup SitesCVSup servers for FreeBSD are running
at the following sites:Argentinacvsup.ar.FreeBSD.ORG (maintainer
msagre@cactus.fi.uba.ar)Australiacvsup.au.FreeBSD.ORG (maintainer
dawes@physics.usyd.edu.au)Brazilcvsup.br.FreeBSD.ORG (maintainer
- cvsup@cvsup.br.freebsd.org)
+ cvsup@cvsup.br.FreeBSD.org)
Canadacvsup.ca.FreeBSD.ORG (maintainer
dm@glbalserve.net)Czech Republiccvsup.cz.FreeBSD.ORG (maintainer
cejkar@dcse.fee.vutbr.cz)Denmarkcvsup.dk.FreeBSD.ORG (maintainer
jesper@skriver.dk)Estoniacvsup.ee.FreeBSD.ORG (maintainer
taavi@uninet.ee)Finlandcvsup.fi.FreeBSD.ORG (maintainer
count@key.sms.fi)Germanycvsup.de.FreeBSD.ORG (maintainer
- wosch@freebsd.org)
+ wosch@FreeBSD.org)
cvsup2.de.FreeBSD.ORG (maintainer
- petzi@freebsd.org)
+ petzi@FreeBSD.org)
cvsup3.de.FreeBSD.ORG (maintainer
ag@leo.org)Icelandcvsup.is.FreeBSD.ORG (maintainer
adam@veda.is)Japancvsup.jp.FreeBSD.ORG (maintainer
simokawa@sat.t.u-tokyo.ac.jp)cvsup2.jp.FreeBSD.ORG (maintainer
max@FreeBSD.ORG)cvsup3.jp.FreeBSD.ORG (maintainer
shige@cin.nihon-u.ac.jp)cvsup4.jp.FreeBSD.ORG (maintainer
cvsup-admin@ftp.media.kyoto-u.ac.jp)cvsup5.jp.FreeBSD.ORG (maintainer
cvsup@imasy.or.jp)Netherlandscvsup.nl.FreeBSD.ORG (maintainer
xaa@xaa.iae.nl)Norwaycvsup.no.FreeBSD.ORG (maintainer
Tor.Egge@idt.ntnu.no)Polandcvsup.pl.FreeBSD.ORG (maintainer
Mariusz@kam.pl)Russiacvsup.ru.FreeBSD.ORG (maintainer
mishania@demos.su)cvsup2.ru.FreeBSD.ORG (maintainer
dv@dv.ru)Spain
- cvsup.es.freebsd.org (maintainer
- jesusr@freebsd.org)
+ cvsup.es.FreeBSD.org (maintainer
+ jesusr@FreeBSD.org)Swedencvsup.se.FreeBSD.ORG (maintainer
pantzer@ludd.luth.se)Slovak Republiccvsup.sk.FreeBSD.ORG (maintainer
tps@tps.sk)cvsup2.sk.FreeBSD.ORG (maintainer
tps@tps.sk)South Africacvsup.za.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)cvsup2.za.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)Taiwancvsup.tw.FreeBSD.ORG (maintainer
jdli@freebsd.csie.nctu.edu.tw)Ukrainecvsup2.ua.FreeBSD.ORG (maintainer
freebsd-mnt@lucky.net)United Kingdomcvsup.uk.FreeBSD.ORG (maintainer
joe@pavilion.net)cvsup2.uk.FreeBSD.ORG (maintainer
brian@FreeBSD.ORG)USAcvsup1.FreeBSD.ORG (maintainer
skynyrd@opus.cts.cwu.edu), Washington
statecvsup2.FreeBSD.ORG (maintainer
jdp@FreeBSD.ORG), Californiacvsup3.FreeBSD.ORG (maintainer
wollman@FreeBSD.ORG), Massachusettscvsup5.FreeBSD.ORG (maintainer
cvsup@adsu.bellsouth.com), GeorgiaThe export-restricted code for FreeBSD (eBones and secure) is
available via CVSup at the following
international repository. Please use this site to get the
export-restricted code, if you are outside the USA or Canada.South Africacvsup.internat.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)The following CVSup site is especially
designed for CTM users. Unlike the other
CVSup mirrors, it is kept up-to-date by CTM.
That means if you CVSupcvs-all with release=cvs from this
site, you get a version of the repository (including the inevitable
.ctm_status file) which is suitable for being
updated using the CTMcvs-cur deltas. This allows users who track the
entire cvs-all tree to go from
CVSup to CTM
without having to rebuild their repository from scratch using a fresh
CTM base delta.This special feature only works for the cvs-all
distribution with cvs as the release tag.
CVSupping any other distribution and/or release will get you the
specified distribution, but it will not be suitable for
CTM updating.Because the current version of CTM does
not preserve the timestamps of files, the timestamps at this mirror
site are not the same as those at other mirror sites. Switching
between this site and other sites is not recommended. It will work
correctly, but will be somewhat inefficient.Germanyctm.FreeBSD.ORG (maintainer
blank@fox.uni-trier.de)AFS SitesAFS servers for FreeBSD are running at the following sites;SwedenThe path to the files are:
/afs/stacken.kth.se/ftp/pub/FreeBSD
stacken.kth.se # Stacken Computer Club, KTH, Sweden
130.237.234.43 #hot.stacken.kth.se
130.237.237.230 #fishburger.stacken.kth.se
130.237.234.3 #milko.stacken.kth.seMaintainer ftp@stacken.kth.se
diff --git a/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml b/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml
index fc3190a506..984b27dd97 100644
--- a/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/pgpkeys/chapter.sgml
@@ -1,624 +1,624 @@
PGP keysIn case you need to verify a signature or send encrypted email to one
of the officers or core team members a number of keys are provided here
for your convenience.OfficersFreeBSD Security Officer
- security-officer@freebsd.org
+ security-officer@FreeBSD.org
FreeBSD Security Officer <security-officer@freebsd.org>
Fingerprint = 41 08 4E BB DB 41 60 71 F9 E5 0E 98 73 AF 3F 11
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCNAzF7MY4AAAEEAK7qBgPuBejER5HQbQlsOldk3ZVWXlRj54raz3IbuAUrDrQL
h3g57T9QY++f3Mot2LAf5lDJbsMfWrtwPrPwCCFRYQd6XH778a+l4ju5axyjrt/L
Ciw9RrOC+WaPv3lIdLuqYge2QRC1LvKACIPNbIcgbnLeRGLovFUuHi5z0oilAAUR
tDdGcmVlQlNEIFNlY3VyaXR5IE9mZmljZXIgPHNlY3VyaXR5LW9mZmljZXJAZnJl
ZWJzZC5vcmc+iQCVAwUQMX6yrOJgpPLZnQjrAQHyowQA1Nv2AY8vJIrdp2ttV6RU
tZBYnI7gTO3sFC2bhIHsCvfVU3JphfqWQ7AnTXcD2yPjGcchUfc/EcL1tSlqW4y7
PMP4GHZp9vHog1NAsgLC9Y1P/1cOeuhZ0pDpZZ5zxTo6TQcCBjQA6KhiBFP4TJql
3olFfPBh3B/Tu3dqmEbSWpuJAJUDBRAxez3C9RVb+45ULV0BAak8A/9JIG/jRJaz
QbKom6wMw852C/Z0qBLJy7KdN30099zMjQYeC9PnlkZ0USjQ4TSpC8UerYv6IfhV
nNY6gyF2Hx4CbEFlopnfA1c4yxtXKti1kSN6wBy/ki3SmqtfDhPQ4Q31p63cSe5A
3aoHcjvWuqPLpW4ba2uHVKGP3g7SSt6AOYkAlQMFEDF8mz0ff6kIA1j8vQEBmZcD
/REaUPDRx6qr1XRQlMs6pfgNKEwnKmcUzQLCvKBnYYGmD5ydPLxCPSFnPcPthaUb
5zVgMTjfjS2fkEiRrua4duGRgqN4xY7VRAsIQeMSITBOZeBZZf2oa9Ntidr5PumS
9uQ9bvdfWMpsemk2MaRG9BSoy5Wvy8VxROYYUwpT8Cf2iQCVAwUQMXsyqWtaZ42B
sqd5AQHKjAQAvolI30Nyu3IyTfNeCb/DvOe9tlOn/o+VUDNJiE/PuBe1s2Y94a/P
BfcohpKC2kza3NiW6lLTp00OWQsuu0QAPc02vYOyseZWy4y3Phnw60pWzLcFdemT
0GiYS5Xm1o9nAhPFciybn9j1q8UadIlIq0wbqWgdInBT8YI/l4f5sf6JAJUDBRAx
ezKXVS4eLnPSiKUBAc5OBACIXTlKqQC3B53qt7bNMV46m81fuw1PhKaJEI033mCD
ovzyEFFQeOyRXeu25Jg9Bq0Sn37ynISucHSmt2tUD5W0+p1MUGyTqnfqejMUWBzO
v4Xhp6a8RtDdUMBOTtro16iulGiRrCKxzVgEl4i+9Z0ZiE6BWlg5AetoF5n3mGk1
lw==
=ipyA
-----END PGP PUBLIC KEY BLOCK-----&a.imp;
Warner Losh <imp@village.org>
aka <imp@freebsd.org>
Fingerprint = D4 31 FD B9 F7 90 17 E8 37 C5 E7 7F CF A6 C1 B9
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzDzTiAAAAEEAK8D7KWEbVFUrmlqhUEnAvphNIqHEbqqT8s+c5f5c2uHtlcH
V4mV2TlUaDSVBN4+/D70oHmZc4IgiQwMPCWRrSezg9z/MaKlWhaslc8YT6Xc1q+o
EP/fAdKUrq49H0QQbkQk6Ks5wKW6v9AOvdmsS6ZJEcet6d9G4dxynu/2qPVhAAUR
tCBNLiBXYXJuZXIgTG9zaCA8aW1wQHZpbGxhZ2Uub3JnPokAlQMFEDM/SK1VLh4u
c9KIpQEBFPsD/1n0YuuUPvD4CismZ9bx9M84y5sxLolgFEfP9Ux196ZSeaPpkA0g
C9YX/IyIy5VHh3372SDWN5iVSDYPwtCmZziwIV2YxzPtZw0nUu82P/Fn8ynlCSWB
5povLZmgrWijTJdnUWI0ApVBUTQoiW5MyrNN51H3HLWXGoXMgQFZXKWYiQCVAwUQ
MzmhkfUVW/uOVC1dAQG3+AP/T1HL/5EYF0ij0yQmNTzt1cLt0b1e3N3zN/wPFFWs
BfrQ+nsv1zw7cEgxLtktk73wBGM9jUIdJu8phgLtl5a0m9UjBq5oxrJaNJr6UTxN
a+sFkapTLT1g84UFUO/+8qRB12v+hZr2WeXMYjHAFUT18mp3xwjW9DUV+2fW1Wag
YDKJAJUDBRAzOYK1s1pi61mfMj0BARBbA/930CHswOF0HIr+4YYUs1ejDnZ2J3zn
icTZhl9uAfEQq++Xor1x476j67Z9fESxyHltUxCmwxsJ1uOJRwzjyEoMlyFrIN4C
dE0C8g8BF+sRTt7VLURLERvlBvFrVZueXSnXvmMoWFnqpSpt3EmN6TNaLe8Cm87a
k6EvQy0dpnkPKokAlQMFEDD9Lorccp7v9qj1YQEBrRUD/3N4cCMWjzsIFp2Vh9y+
RzUrblyF84tJyA7Rr1p+A7dxf7je3Zx5QMEXosWL1WGnS5vC9YH2WZwv6sCU61gU
rSy9z8KHlBEHh+Z6fdRMrjd9byPf+n3cktT0NhS23oXB1ZhNZcB2KKhVPlNctMqO
3gTYx+Nlo6xqjR+J2NnBYU8p
=7fQV
-----END PGP PUBLIC KEY BLOCK-----Core Team members&a.asami;
Satoshi Asami <asami@cs.berkeley.edu>
aka <asami@FreeBSD.ORG>
Fingerprint = EB 3C 68 9E FB 6C EB 3F DB 2E 0F 10 8F CE 79 CA
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzPVyoQAAAEEAL7W+kipxB171Z4SVyyL9skaA7hG3eRsSOWk7lfvfUBLtPog
f3OKwrApoc/jwLf4+Qpdzv5DLEt/6Hd/clskhJ+q1gMNHyZ5ABmUxrTRRNvJMTrb
3fPU3oZj7sL/MyiFaT1zF8EaMP/iS2ZtcFsbYOqGeA8E/58uk4NA0SoeCNiJAAUR
tCVTYXRvc2hpIEFzYW1pIDxhc2FtaUBjcy5iZXJrZWxleS5lZHU+iQCVAwUQM/AT
+EqGN2HYnOMZAQF11QP/eSXb2FuTb1yX5yoo1Im8YnIk1SEgCGbyEbOMMBznVNDy
5g2TAD0ofLxPxy5Vodjg8rf+lfMVtO5amUH6aNcORXRncE83T10JmeM6JEp0T6jw
zOHKz8jRzygYLBayGsNIJ4BGxa4LeaGxJpO1ZEvRlNkPH/YEXK5oQmq9/DlrtYOJ
AEUDBRAz42JT8ng6GBbVvu0BAU8nAYCsJ8PiJpRUGlrz6rxjX8hqM1v3vqFHLcG+
G52nVMBSy+RZBgzsYIPwI5EZtWAKb22JAJUDBRAz4QBWdbtuOHaj97EBAaQPA/46
+NLUp+Wubl90JoonoXocwAg88tvAUVSzsxPXj0lvypAiSI2AJKsmn+5PuQ+/IoQy
lywRsxiQ5GD7C72SZ1yw2WI9DWFeAi+qa4b8n9fcLYrnHpyCY+zxEpu4pam8FJ7H
JocEUZz5HRoKKOLHErzXDiuTkkm72b1glmCqAQvnB4kAlQMFEDPZ3gyDQNEqHgjY
iQEBFfUEALu2C0uo+1Z7C5+xshWRYY5xNCzK20O6bANVJ+CO2fih96KhwsMof3lw
fDso5HJSwgFd8WT/sR+Wwzz6BAE5UtgsQq5GcsdYQuGI1yIlCYUpDp5sgswNm+OA
bX5a+r4F/ZJqrqT1J56Mer0VVsNfe5nIRsjd/rnFAFVfjcQtaQmjiQCVAwUQM9uV
mcdm8Q+/vPRJAQELHgP9GqNiMpLQlZig17fDnCJ73P0e5t/hRLFehZDlmEI2TK7j
Yeqbw078nZgyyuljZ7YsbstRIsWVCxobX5eH1kX+hIxuUqCAkCsWUY4abG89kHJr
XGQn6X1CX7xbZ+b6b9jLK+bJKFcLSfyqR3M2eCyscSiZYkWKQ5l3FYvbUzkeb6K0
IVNhdG9zaGkgQXNhbWkgPGFzYW1pQEZyZWVCU0QuT1JHPg==
=39SC
-----END PGP PUBLIC KEY BLOCK-----&a.jmb;
Jonathan M. Bresler <jmb@FreeBSD.org>
f16 Fingerprint16 = 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAzG2GToAAAEEANI6+4SJAAgBpl53XcfEr1M9wZyBqC0tzpie7Zm4vhv3hO8s
o5BizSbcJheQimQiZAY4OnlrCpPxijMFSaihshs/VMAz1qbisUYAMqwGEO/T4QIB
nWNo0Q/qOniLMxUrxS1RpeW5vbghErHBKUX9GVhxbiVfbwc4wAHbXdKX5jjdAAUR
tCVKb25hdGhhbiBNLiBCcmVzbGVyIDxqbWJARnJlZUJTRC5PUkc+iQCVAwUQNbtI
gAHbXdKX5jjdAQHamQP+OQr10QRknamIPmuHmFYJZ0jU9XPIvTTMuOiUYLcXlTdn
GyTUuzhbEywgtOldW2V5iA8platXThtqC68NsnN/xQfHA5xmFXVbayNKn8H5stDY
2s/4+CZ06mmJfqYmONF1RCbUk/M84rVT3Gn2tydsxFh4Pm32lf4WREZWRiLqmw+J
AJUDBRA0DfF99RVb+45ULV0BAcZ0BACCydiSUG1VR0a5DBcHdtin2iZMPsJUPRqJ
tWvP6VeI8OFpNWQ4LW6ETAvn35HxV2kCcQMyht1kMD+KEJz7r8Vb94TS7KtZnNvk
2D1XUx8Locj6xel5c/Lnzlnnp7Bp1XbJj2u/NzCaZQ0eYBdP/k7RLYBYHQQln5x7
BOuiRJNVU4kAlQMFEDQLcShVLh4uc9KIpQEBJv4D/3mDrD0MM9EYOVuyXik3UGVI
8quYNA9ErVcLdt10NjYc16VI2HOnYVgPRag3Wt7W8wlXShpokfC/vCNt7f5JgRf8
h2a1/MjQxtlD+4/Js8k7GLa53oLon6YQYk32IEKexoLPwIRO4L2BHWa3GzHJJSP2
aTR/Ep90/pLdAOu/oJDUiQCVAwUQMqyL0LNaYutZnzI9AQF25QP9GFXhBrz2tiWz
2+0gWbpcGNnyZbfsVjF6ojGDdmsjJMyWCGw49XR/vPKYIJY9EYo4t49GIajRkISQ
NNiIz22fBAjT2uY9YlvnTJ9NJleMfHr4dybo7oEKYMWWijQzGjqf2m8wf9OaaofE
KwBX6nxcRbKsxm/BVLKczGYl3XtjkcuJAJUDBRA1ol5TZWCprDT5+dUBATzXA/9h
/ZUuhoRKTWViaistGJfWi26FB/Km5nDQBr/Erw3XksQCMwTLyEugg6dahQ1u9Y5E
5tKPxbB69eF+7JXVHE/z3zizR6VL3sdRx74TPacPsdhZRjChEQc0htLLYAPkJrFP
VAzAlSlm7qd+MXf8fJovQs6xPtZJXukQukPNlhqZ94kAPwMFEDSH/kF4tXKgazlt
bxECfk4AoO+VaFVfguUkWX10pPSSfvPyPKqiAJ4xn8RSIe1ttmnqkkDMhLh00mKj
lLQuSm9uYXRoYW4gTS4gQnJlc2xlciA8Sm9uYXRoYW4uQnJlc2xlckBVU2kubmV0
PokAlQMFEDXbdSkB213Sl+Y43QEBV/4D/RLJNTrtAqJ1ATxXWv9g8Cr3/YF0GTmx
5dIrJOpBup7eSSmiM/BL9Is4YMsoVbXCI/8TqA67TMICvq35PZU4wboQB8DqBAr+
gQ8578M7Ekw1OAF6JXY6AF2P8k7hMcVBcVOACELPT/NyPNByG5QRDoNmlsokJaWU
/2ls4QSBZZlb
=zbCw
-----END PGP PUBLIC KEY BLOCK-----&a.ache;
Andrey A. Chernov <ache@FreeBSD.org>
aka <ache@nagual.pp.ru>
Key fingerprint = 33 03 9F 48 33 7B 4A 15 63 48 88 0A C4 97 FD 49
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAiqUMGQAAAEEAPGhcD6A2Buey5LYz0sphDLpVgOZc/bb9UHAbaGKUAGXmafs
Dcb2HnsuYGgX/zrQXuCi/wIGtXcZWB97APtKOhFsZnPinDR5n/dde/mw9FnuhwqD
m+rKSL1HlN0z/Msa5y7g16760wHhSR6NoBSEG5wQAHIMMq7Q0uJgpPLZnQjrAAUT
tCVBbmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucHAucnU+iQCVAwUQM2Ez
u+JgpPLZnQjrAQEyugP8DPnS8ixJ5OeuYgPFQf5sy6l+LrB6hyaS+lgsUPahWjNY
cnaDmfda/q/BV5d4+y5rlQe/pjnYG7/yQuAR3jhlXz8XDrqlBOnW9AtYjDt5rMfJ
aGFTGXAPGZ6k6zQZE0/YurT8ia3qjvuZm3Fw4NJrHRx7ETHRvVJDvxA6Ggsvmr20
JEFuZHJleSBBLiBDaGVybm92IDxhY2hlQEZyZWVCU0Qub3JnPokAlQMFEDR5uVbi
YKTy2Z0I6wEBLgED/2mn+hw4/3peLx0Sb9LNx//NfCCkVefSf2G9Qwhx6dvwbX7h
mFca97h7BQN4GubU1Z5Ffs6TeamSBrotBYGmOCwvJ6S9WigF9YHQIQ3B4LEjskAt
pcjU583y42zM11kkvEuQU2Gde61daIylJyOxsgpjSWpkxq50fgY2kLMfgl/ftCZB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuaWV0enNjaGUubmV0PokAlQMFEDR5svDi
YKTy2Z0I6wEBOTQD/0OTCAXIjuak363mjERvzSkVsNtIH9hA1l0w6Z95+iH0fHrW
xXKT0vBZE0y0Em+S3cotLL0bMmVE3F3D3GyxhBVmgzjyx0NYNoiQjYdi+6g/PV30
Cn4vOO6hBBpSyI6vY6qGNqcsawuRtHNvK/53MpOfKwSlICEBYQimcZhkci+EtCJB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucnU+iQCVAwUQMcm5HeJgpPLZ
nQjrAQHwvQP9GdmAf1gdcuayHEgNkc11macPH11cwWjYjzA2YoecFMGV7iqKK8QY
rr1MjbGXf8DAG8Ubfm0QbI8Lj8iG3NgqIru0c72UuHGSn/APfGGG0AtPX5UK/k7B
gI0Ca2po6NA5nrSp8tDsdEz/4gyea84RXl2prtTf5Jj07hflbRstGXK0MkFuZHJl
eSBBLiBDaGVybm92LCBCbGFjayBNYWdlIDxhY2hlQGFzdHJhbC5tc2suc3U+iQCV
AwUQMCsAo5/rGryoL8h3AQHq1QQAidyNFqA9hvrmMcjpY7csJVFlGvj574Wj4GPa
o3pZeuQaMBmsWqaXLYnWU/Aldb6kTz6+nRcQX50zFH0THSPfApwEW7yybSTI5apJ
mWT3qhKN2vmLNg2yNzhqLTzHLD1lH3i1pfQq8WevrNfjLUco5S/VuekTma/osnzC
Cw7fQzCJAJUDBRAwKvwoa1pnjYGyp3kBARihBACoXr3qfG65hFCyKJISmjOvaoGr
anxUIkeDS0yQdTHzhQ+dwB1OhhK15E0Nwr0MKajLMm90n6+Zdb5y/FIjpPriu8dI
rlHrWZlewa88eEDM+Q/NxT1iYg+HaKDAE171jmLpSpCL0MiJtO0i36L3ekVD7Hv8
vffOZHPSHirIzJOZTYkAlQMFEDAau6zFLUdtDb+QbQEBQX8D/AxwkYeFaYxZYMFO
DHIvSk23hAsjCmUA2Uil1FeWAusb+o8xRfPDc7TnosrIifJqbF5+fcHCG5VSTGlh
Bhd18YWUeabf/h9O2BsQX55yWRuB2x3diJ1xI/VVdG+rxlMCmE4ZR1Tl9x+Mtun9
KqKVpB39VlkCBYQ3hlgNt/TJUY4riQCVAwUQMBHMmyJRltlmbQBRAQFQkwP/YC3a
hs3ZMMoriOlt3ZxGNUUPTF7rIER3j+c7mqGG46dEnDB5sUrkzacpoLX5sj1tGR3b
vz9a4vmk1Av3KFNNvrZZ3/BZFGpq3mCTiAC9zsyNYQ8L0AfGIUO5goCIjqwOTNQI
AOpNsJ5S+nMAkQB4YmmNlI6GTb3D18zfhPZ6uciJAJUCBRAwD0sl4uW74fteFRkB
AWsAA/9NYqBRBKbmltQDpyK4+jBAYjkXBJmARFXKJYTlnTgOHMpZqoVyW96xnaa5
MzxEiu7ZWm5oL10QDIp1krkBP2KcmvfSMMHb5aGCCQc2/P8NlfXAuHtNGzYiI0UA
Iwi8ih/S1liVfvnqF9uV3d3koE7VsQ9OA4Qo0ZL2ggW+/gEaYIkAlQMFEDAOz6qx
/IyHe3rl4QEBIvYD/jIr8Xqo/2I5gncghSeFR01n0vELFIvaF4cHofGzyzBpYsfA
+6pgFI1IM+LUF3kbUkAY/2uSf9U5ECcaMCTWCwVgJVO+oG075SHEM4buhrzutZiM
1dTyTaepaPpTyRMUUx9ZMMYJs7sbqLId1eDwrJxUPhrBNvf/w2W2sYHSY8cdiQCV
AwUQMAzqgHcdkq6JcsfBAQGTxwQAtgeLFi2rhSOdllpDXUwz+SS6bEjFTWgRsWFM
y9QnOcqryw7LyuFmWein4jasjY033JsODfWQPiPVNA3UEnXVg9+n8AvNMPO8JkRv
Cn1eNg0VaJy9J368uArio93agd2Yf/R5r+QEuPjIssVk8hdcy/luEhSiXWf6bLMV
HEA0J+OJAJUDBRAwDUi+4mCk8tmdCOsBAatBBACHB+qtW880seRCDZLjl/bT1b14
5po60U7u6a3PEBkY0NA72tWDQuRPF/Cn/0+VdFNxQUsgkrbwaJWOoi0KQsvlOm3R
rsxKbn9uvEKLxExyKH3pxp76kvz/lEWwEeKvBK+84Pb1lzpG3W7u2XDfi3VQPTi3
5SZMAHc6C0Ct/mjNlYkAlQMFEDAMrPD7wj+NsTMUOQEBJckD/ik4WsZzm2qOx9Fw
erGq7Zwchc+Jq1YeN5PxpzqSf4AG7+7dFIn+oe6X2FcIzgbYY+IfmgJIHEVjDHH5
+uAXyb6l4iKc89eQawO3t88pfHLJWbTzmnvgz2cMrxt94HRvgkHfvcpGEgbyldq6
EB33OunazFcfZFRIcXk1sfyLDvYE
=1ahV
-----END PGP PUBLIC KEY BLOCK-----&a.jkh;
Jordan K. Hubbard <jkh@FreeBSD.org>
Fingerprint = 3C F2 27 7E 4A 6C 09 0A 4B C9 47 CD 4F 4D 0B 20
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzFjX0IAAAEEAML+nm9/kDNPp43ZUZGjYkm2QLtoC1Wxr8JulZXqk7qmhYcQ
jvX+fyoriJ6/7ZlnLe2oG5j9tZOnRLPvMaz0g9CpW6Dz3nkXrNPkmOFV9B8D94Mk
tyFeRJFqnkCuqBj6D+H8FtBwEeeTecSh2tJ0bZZTXnAMhxeOdvUVW/uOVC1dAAUR
tCNKb3JkYW4gSy4gSHViYmFyZCA8amtoQEZyZWVCU0Qub3JnPokBFQMFEDXCTXQM
j46yp4IfPQEBwO8IAIN0J09AXBf86dFUTFGcAMrEQqOF5IL+KGorAjzuYxERhKfD
ZV7jA+sCQqxkWfcVcE20kVyVYqzZIkio9a5zXP6TwA247JkPt54S1PmMDYHNlRIY
laXlNoji+4q3HP2DfHqXRT2859rYpm/fG/v6pWkos5voPKcZ2OFEp9W+Ap88oqw+
5rx4VetZNJq1Epmis4INj6XqNqj85+MOOIYE+f445ohDM6B/Mxazd6cHFGGIR+az
VjZ6lCDMLjzhB5+FqfrDLYuMjqkMTR5z9DL+psUvPlCkYbQ11NEWtEmiIWjUcNJN
GCxGzv5bXk0XPu3ADwbPkFE2usW1cSM7AQFiwuyJAJUDBRAxe+Q9a1pnjYGyp3kB
AV7XA/oCSL/Cc2USpQ2ckwkGpyvIkYBPszIcabSNJAzm2hsU9Qa6WOPxD8olDddB
uJNiW/gznPC4NsQ0N8Zr4IqRX/TTDVf04WhLmd8AN9SOrVv2q0BKgU6fLuk979tJ
utrewH6PR2qBOjAaR0FJNk4pcYAHeT+e7KaKy96YFvWKIyDvc4kAlQMFEDF8ldof
f6kIA1j8vQEBDH4D/0Zm0oNlpXrAE1EOFrmp43HURHbij8n0Gra1w9sbfo4PV+/H
U8ojTdWLy6r0+prH7NODCkgtIQNpqLuqM8PF2pPtUJj9HwTmSqfaT/LMztfPA6PQ
csyT7xxdXl0+4xTDl1avGSJfYsI8XCAy85cTs+PQwuyzugE/iykJO1Bnj/paiQCV
AwUQMXvlBvUVW/uOVC1dAQF2fQP/RfYC6RrpFTZHjo2qsUHSRk0vmsYfwG5NHP5y
oQBMsaQJeSckN4n2JOgR4T75U4vS62aFxgPLJP3lOHkU2Vc7xhAuBvsbGr5RP8c5
LvPOeUEyz6ZArp1KUHrtcM2iK1FBOmY4dOYphWyWMkDgYExabqlrAq7FKZftpq/C
BiMRuaw=
=C/Jw
-----END PGP PUBLIC KEY BLOCK-----&a.phk;
Poul-Henning Kamp <phk@FreeBSD.org>
Fingerprint = A3 F3 88 28 2F 9B 99 A2 49 F4 E2 FA 5A 78 8B 3E
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzAdpMIAAAEEALHDgrFUwhZtb7PbXg3upELoDVEUPFRwnmpJH1rRqyROUGcI
ooVe7u+FQlIs5OsXK8ECs/5Wpe2UrZSzHvjwBYOND5H42YtI5UULZLRCo5bFfTVA
K9Rpo5icfTsYihrzU2nmnycwFMk+jYXyT/ZDYWDP/BM9iLjj0x9/qQgDWPy9AAUR
tCNQb3VsLUhlbm5pbmcgS2FtcCA8cGhrQEZyZWVCU0Qub3JnPokAlQMFEDQQ0aZ1
u244dqP3sQEBu4ID/jXFFeJgs2MdTDNOZM/FbfDhI4qxAbYUsqS3+Ra16yd8Wd/A
jV+IHJE2NomFWl8UrUjCGinXiwzPgK1OfFJrS9Og1wQLvAl0X84BA8MTP9BQr4w7
6I/RbksgUSrVCIO8MJwlydjSPocWGBeXlVjbZxXzyuJk7H+TG+zuI5BuBcNIiQCV
AwUQMwYr2rNaYutZnzI9AQHiIQP/XxtBWFXaBRgVLEhRNpS07YdU+LsZGlLOZehN
9L4UnJFHQQPNOpMey2gF7Y95aBOw5/1xS5vlQpwmRFCntWsm/gqdzK6rulfr1r5A
y94LO5TAC6ucNu396Y4vo1TyD1STnRC466KlvmtQtAtFGgXlORWLL9URLzcRFd1h
D0yXd9aJAJUDBRAxfo19a1pnjYGyp3kBAQqyA/4v64vP3l1F0Sadn6ias761hkz/
SMdTuLzILmofSCC4o4KWMjiWJHs2Soo41QlZi1+xMHzV32JKiwFlGtPHqL+EHyXy
Q4H3vmf9/1KF+0XCaMtgI0wWUMziPSTJK8xXbRRmMDK/0F4TnVVaUhnmf+h5K7O6
XdmejDTa0X/NWcicmIkAlQMFEDF8lef1FVv7jlQtXQEBcnwD/0ro1PpUtlkLmreD
tsGTkNa7MFLegrYRvDDrHOwPZH152W2jPUncY+eArQJakeHiTDmJNpFagLZglhE0
bqJyca+UwCXX+6upAclWHEBMg2byiWMMqyPVEEnpUoHM1sIkgdNWlfQAmipRBfYh
2LyCgWvR8CbtwPYIFvUmGgB3MR87iQCVAwUQMUseXB9/qQgDWPy9AQGPkwP/WEDy
El2Gkvua9COtMAifot2vTwuvWWpNopIEx0Ivey4aVbRLD90gGCJw8OGDEtqFPcNV
8aIiy3fYVKXGZZjvCKd7zRfhNmQn0eLDcymq2OX3aPrMc2rRlkT4Jx425ukR1gsO
qiQAgw91aWhY8dlw/EKzk8ojm52x4VgXaBACMjaJAJUDBRAxOUOg72G56RHVjtUB
AbL4A/9HOn5Qa0lq9tKI/HkSdc5fGQD/66VdCBAb292RbB7CS/EM07MdbcqRRYIa
0+0gwQ3OdsWPdCVgH5RIhp/WiC+UPkR1cY8N9Mg2kTwJfZZfNqN+BgWlgRMPN27C
OhYNl8Q33Nl9CpBLrZWABF44jPeT0EvvTzP/5ZQ7T75EsYKYiYkAlQMFEDDmryQA
8tkJ67sbQQEBPdsEALCj6v1OBuJLLJTlxmmrkqAZPVzt5QdeO3Eqa2tcPWcU0nqP
vHYMzZcZ7oFg58NZsWrhSQQDIB5e+K65Q/h6dC7W/aDskZd64jxtEznX2kt0/MOr
8OdsDis1K2f9KQftrAx81KmVwW4Tqtzl7NWTDXt44fMOtibCwVq8v2DFkTJy
=JKbP
-----END PGP PUBLIC KEY BLOCK-----&a.rich;
Rich Murphey <rich@FreeBSD.org>
fingerprint = AF A0 60 C4 84 D6 0C 73 D1 EF C0 E9 9D 21 DB E4
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy97V+MAAAEEALiNM3FCwm3qrCe81E20UOSlNclOWfZHNAyOyj1ahHeINvo1
FBF2Gd5Lbj0y8SLMno5yJ6P4F4r+x3jwHZrzAIwMs/lxDXRtB0VeVWnlj6a3Rezs
wbfaTeSVyh5JohEcKdoYiMG5wjATOwK/NAwIPthB1RzRjnEeer3HI3ZYNEOpAAUR
tCRSaWNoIE11cnBoZXkgPHJpY2hAbGFtcHJleS51dG1iLmVkdT6JAJUDBRAve15W
vccjdlg0Q6kBAZTZBACcNd/LiVnMFURPrO4pVRn1sVQeokVX7izeWQ7siE31Iy7g
Sb97WRLEYDi686osaGfsuKNA87Rm+q5F+jxeUV4w4szoqp60gGvCbD0KCB2hWraP
/2s2qdVAxhfcoTin/Qp1ZWvXxFF7imGA/IjYIfB42VkaRYu6BwLEm3YAGfGcSw==
=QoiM
-----END PGP PUBLIC KEY BLOCK-----&a.jdp;
John D. Polstra <jdp@polstra.com>
Fingerprint = 54 3A 90 59 6B A4 9D 61 BF 1D 03 09 35 8D F6 0D
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzMElMEAAAEEALizp6ZW9QifQgWoFmG3cXhzQ1+Gt+a4S1adC/TdHdBvw1M/
I6Ok7TC0dKF8blW3VRgeHo4F3XhGn+n9MqIdboh4HJC5Iiy63m98sVLJSwyGO4oM
dkEGyyCLxqP6h/DU/tzNBdqFzetGtYvU4ftt3RO0a506cr2CHcdm8Q+/vPRJAAUR
tCFKb2huIEQuIFBvbHN0cmEgPGpkcEBwb2xzdHJhLmNvbT6JAJUDBRAzBNBE9RVb
+45ULV0BAWgiA/0WWO3+c3qlptPCHJ3DFm6gG/qNKsY94agL/mHOr0fxMP5l2qKX
O6a1bWkvGoYq0EwoKGFfn0QeHiCl6jVi3CdBX+W7bObMcoi+foqZ6zluOWBC1Jdk
WQ5/DeqQGYXqbYjqO8voCScTAPge3XlMwVpMZTv24u+nYxtLkE0ZcwtY9IkAlQMF
EDMEt/DHZvEPv7z0SQEBXh8D/2egM5ckIRpGz9kcFTDClgdWWtlgwC1iI2p9gEhq
aufy+FUJlZS4GSQLWB0BlrTmDC9HuyQ+KZqKFRbVZLyzkH7WFs4zDmwQryLV5wkN
C4BRRBXZfWy8s4+zT2WQD1aPO+ZsgRauYLkJgTvXTPU2JCN62Nsd8R7bJS5tuHEm
7HGmiQCVAwUQMwSvHB9/qQgDWPy9AQFAhAQAgJ1AlbKITrEoJ0+pLIsov3eQ348m
SVHEBGIkU3Xznjr8NzT9aYtq4TIzt8jplqP3QoV1ka1yYpZf0NjvfZ+ffYp/sIaU
wPbEpgtmHnVWJAebMbNs/Ad1w8GDvxEt9IaCbMJGZnHmfnEqOBIxF7VBDPHHoJxM
V31K/PIoYsHAy5w=
=cHFa
-----END PGP PUBLIC KEY BLOCK-----&a.guido;
Guido van Rooij <guido@gvr.win.tue.nl>
Fingerprint = 16 79 09 F3 C0 E4 28 A7 32 62 FA F6 60 31 C0 ED
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzGeO84AAAEEAKKAY91Na//DXwlUusr9GVESSlVwVP6DyH1wcZXhfN1fyZHq
SwhMCEdHYoojQds+VqD1iiZQvv1RLByBgj622PDAPN4+Z49HjGs7YbZsUNuQqPPU
wRPpP6ty69x1hPKq1sQIB5MS4radpCM+4wbZbhxv7l4rP3RWUbNaYutZnzI9AAUR
tCZHdWlkbyB2YW4gUm9vaWogPGd1aWRvQGd2ci53aW4udHVlLm5sPokAlQMFEDMG
Hcgff6kIA1j8vQEBbYgD/jm9xHuUuY+iXDkOzpCXBYACYEZDV913MjtyBAmaVqYo
Rh5HFimkGXe+rCo78Aau0hc57fFMTsJqnuWEqVt3GRq28hSK1FOZ7ni9/XibHcmN
rt2yugl3hYpClijo4nrDL1NxibbamkGW/vFGcljS0jqXz6NDVbGx5Oo7HBByxByz
iQCVAwUQMhmtVjt/x7zOdmsfAQFuVQQApsVUTigT5YWjQA9Nd5Z0+a/oVtZpyw5Z
OljLJP3vqJdMa6TidhfcatjHbFTve5x1dmjFgMX/MQTd8zf/+Xccy/PX4+lnKNpP
eSf1Y4aK+E8KHmBGd6GzX6CIboyGYLS9e3kGnN06F2AQtaLyJFgQ71wRaGuyKmQG
FwTn7jiKb1aJAJUDBRAyEOLXPt3iN6QQUSEBATwQA/9jqu0Nbk154+Pn+9mJX/YT
fYR2UqK/5FKCqgL5Nt/Deg2re0zMD1f8F9Dj6vuAAxq8hnOkIHKlWolMjkRKkzJi
mSPEWl3AuHJ31k948J8it4f8kq/o44usIA2KKVMlI63Q/rmNdfWCyiYQEVGcRbTm
GTdZIHYCOgV5dOo4ebFqgYkAlQMFEDIE1nMEJn15jgpJ0QEBW6kEAKqN8XSgzTqf
CrxFXT07MlHhfdbKUTNUoboxCGCLNW05vf1A8F5fdE5i14LiwkldWIzPxWD+Sa3L
fNPCfCZTaCiyGcLyTzVfBHA18MBAOOX6JiTpdcm22jLGUWBf/aJK3yz/nfbWntd/
LRHysIdVp29lP5BF+J9/Lzbb/9LxP1taiQCVAwUQMgRXZ44CzbsJWQz9AQFf7gP/
Qa2FS5S6RYKG3rYanWADVe/ikFV2lxuM1azlWbsmljXvKVWGe6cV693nS5lGGAjx
lbd2ADwXjlkNhv45HLWFm9PEveO9Jjr6tMuXVt8N2pxiX+1PLUN9CtphTIU7Yfjn
s6ryZZfwGHSfIxNGi5ua2SoXhg0svaYnxHxXmOtH24iJAJUDBRAyAkpV8qaAEa3W
TBkBARfQBAC+S3kbulEAN3SI7/A+A/dtl9DfZezT9C4SRBGsl2clQFMGIXmMQ/7v
7lLXrKQ7U2zVbgNfU8smw5h2vBIL6f1PyexSmc3mz9JY4er8KeZpcf6H0rSkHl+i
d7TF0GvuTdNPFO8hc9En+GG6QHOqbkB4NRZ6cwtfwUMhk2FHXBnjF4kAlQMFEDH5
FFukUJAsCdPmTQEBe74EAMBsxDnbD9cuI5MfF/QeTNEG4BIVUZtAkDme4Eg7zvsP
d3DeJKCGeNjiCWYrRTCGwaCWzMQk+/+MOmdkI6Oml+AIurJLoHceHS9jP1izdP7f
N2jkdeJSBsixunbQWtUElSgOQQ4iF5kqwBhxtOfEP/L9QsoydRMR1yB6WPD75H7V
iQCVAwUQMZ9YNGtaZ42Bsqd5AQH0PAQAhpVlAc3ZM/KOTywBSh8zWKVlSk3q/zGn
k7hJmFThnlhH1723+WmXE8aAPJi+VXOWJUFQgwELJ6R8jSU2qvk2m1VWyYSqRKvc
VRQMqT2wjss0GE1Ngg7tMrkRHT0il7E2xxIb8vMrIwmdkbTfYqBUhhGnsWPHZHq7
MoA1/b+rK7CJAJUDBRAxnvXh3IDyptUyfLkBAYTDA/4mEKlIP/EUX2Zmxgrd/JQB
hqcQlkTrBAaDOnOqe/4oewMKR7yaMpztYhJs97i03Vu3fgoLhDspE55ooEeHj0r4
cOdiWfYDsjSFUYSPNVhW4OSruMA3c29ynMqNHD7hpr3rcCPUi7J2RncocOcCjjK2
BQb/9IAUNeK4C9gPxMEZLokAlQMFEDGeO86zWmLrWZ8yPQEBEEID/2fPEUrSX3Yk
j5TJPFZ9MNX0lEo7AHYjnJgEbNI4pYm6C3PnMlsYfCSQDHuXmRQHAOWSdwOLvCkN
F8eDaF3M6u0urgeVJ+KVUnTz2+LZoZs12XSZKCte0HxjbvPpWMTTrYyimGezH79C
mgDVjsHaYOx3EXF0nnDmtXurGioEmW1J
=mSvM
-----END PGP PUBLIC KEY BLOCK-----&a.peter;
Peter Wemm <peter@FreeBSD.org>
aka <peter@spinner.dialix.com>
aka <peter@haywire.dialix.com>
aka <peter@perth.dialix.oz.au>
Key fingerprint = 47 05 04 CA 4C EE F8 93 F6 DB 02 92 6D F5 58 8A
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAy9/FJwAAAEEALxs9dE9tFd0Ru1TXdq301KfEoe5uYKKuldHRBOacG2Wny6/
W3Ill57hOi2+xmq5X/mHkapywxvy4cyLdt31i4GEKDvxpDvEzAYcy2n9dIup/eg2
kEhRBX9G5k/LKM4NQsRIieaIEGGgCZRm0lINqw495aZYrPpO4EqGN2HYnOMZAAUT
tCVQZXRlciBXZW1tIDxwZXRlckBoYXl3aXJlLmRpYWxpeC5jb20+iQCVAwUQMwWT
cXW7bjh2o/exAQEFkQP+LIx5zKlYp1uR24xGApMFNrNtjh+iDIWnxxb2M2Kb6x4G
9z6OmbUCoDTGrX9SSL2Usm2RD0BZfyv9D9QRWC2TSOPkPRqQgIycc11vgbLolJJN
eixqsxlFeKLGEx9eRQCCbo3dQIUjc2yaOe484QamhsK1nL5xpoNWI1P9zIOpDiGJ
AJUDBRAxsRPqSoY3Ydic4xkBAbWLA/9q1Fdnnk4unpGQsG31Qbtr4AzaQD5m/JHI
4gRmSmbj6luJMgNG3fpO06Gd/Z7uxyCJB8pTst2a8C/ljOYZxWT+5uSzkQXeMi5c
YcI1sZbUpkHtmqPW623hr1PB3ZLA1TIcTbQW+NzJsxQ1Pc6XG9fGkT9WXQW3Xhet
AP+juVTAhLQlUGV0ZXIgV2VtbSA8cGV0ZXJAcGVydGguZGlhbGl4Lm96LmF1PokA
lQMFEDGxFCFKhjdh2JzjGQEB6XkD/2HOwfuFrnQUtdwFPUkgtEqNeSr64jQ3Maz8
xgEtbaw/ym1PbhbCk311UWQq4+izZE2xktHTFClJfaMnxVIfboPyuiSF99KHiWnf
/Gspet0S7m/+RXIwZi1qSqvAanxMiA7kKgFSCmchzas8TQcyyXHtn/gl9v0khJkb
/fv3R20btB5QZXRlciBXZW1tIDxwZXRlckBGcmVlQlNELm9yZz6JAJUDBRAxsRJd
SoY3Ydic4xkBAZJUA/4i/NWHz5LIH/R4IF/3V3LleFyMFr5EPFY0/4mcv2v+ju9g
brOEM/xd4LlPrx1XqPeZ74JQ6K9mHR64RhKR7ZJJ9A+12yr5dVqihe911KyLKab9
4qZUHYi36WQu2VtLGnw/t8Jg44fQSzbBF5q9iTzcfNOYhRkSD3BdDrC3llywO7Ql
UGV0ZXIgV2VtbSA8cGV0ZXJAc3Bpbm5lci5kaWFsaXguY29tPokAlQMFEDGxEi1K
hjdh2JzjGQEBdA4EAKmNFlj8RF9HQsoI3UabnvYqAWN5wCwEB4u+Zf8zq6OHic23
TzoK1SPlmSdBE1dXXQGS6aiDkLT+xOdeewNs7nfUIcH/DBjSuklAOJzKliXPQW7E
kuKNwy4eq5bl+j3HB27i+WBXhn6OaNNQY674LGaR41EGq44Wo5ATcIicig/z
=gv+h
-----END PGP PUBLIC KEY BLOCK-----&a.joerg;
Type Bits/KeyID Date User ID
pub 1024/76A3F7B1 1996/04/27 Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
Key fingerprint = DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E
Joerg Wunsch <joerg_wunsch@interface-business.de>
Joerg Wunsch <j@uriah.heep.sax.de>
Joerg Wunsch <j@interface-business.de>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzGCFeAAAAEEAKmRBU2Nvc7nZy1Ouid61HunA/5hF4O91cXm71/KPaT7dskz
q5sFXvPJPpawwvqHPHfEbAK42ZaywyFp59L1GaYj87Pda+PlAYRJyY2DJl5/7JPe
ziq+7B8MdvbX6D526sdmcR+jPXPbHznASjkx9DPmK+7TgFujyXW7bjh2o/exAAUR
tC1Kb2VyZyBXdW5zY2ggPGpvZXJnX3d1bnNjaEB1cmlhaC5oZWVwLnNheC5kZT6J
AJUDBRA0FFkBs1pi61mfMj0BAfDCA/oCfkjrhvRwRCpSL8klJ1YDoUJdmw+v4nJc
pw3OpYXbwKOPLClsE7K3KCQscHel7auf91nrekAwbrXv9Clp0TegYeAQNjw5vZ9f
L6UZ5l3fH8E2GGA7+kqgNWs1KxAnG5GdUvJ9viyrWm8dqWRGo+loDWlZ12L2OgAD
fp7jVZTI1okAlQMFEDQPrLoff6kIA1j8vQEB2XQEAK/+SsQPCT/X4RB/PBbxUr28
GpGJMn3AafAaA3plYw3nb4ONbqEw9tJtofAn4UeGraiWw8nHYR2DAzoAjR6OzuX3
TtUV+57BIzrTPHcNkb6h8fPuHU+dFzR+LNoPaGJsFeov6w+Ug6qS9wa5FGDAgaRo
LHSyBxcRVoCbOEaS5S5EiQCVAwUQM5BktWVgqaw0+fnVAQGKPwP+OiWho3Zm2GKp
lEjiZ5zx3y8upzb+r1Qutb08jr2Ewja04hLg0fCrt6Ad3DoVqxe4POghIpmHM4O4
tcW92THQil70CLzfCxtfUc6eDzoP3krD1/Gwpm2hGrmYA9b/ez9+r2vKBbnUhPmC
glx5pf1IzHU9R2XyQz9Xu7FI2baOSZqJAJUDBRAyCIWZdbtuOHaj97EBAVMzA/41
VIph36l+yO9WGKkEB+NYbYOz2W/kyi74kXLvLdTXcRYFaCSZORSsQKPGNMrPZUoL
oAKxE25AoCgl5towqr/sCcu0A0MMvJddUvlQ2T+ylSpGmWchqoXCN7FdGyxrZ5zz
xzLIvtcio6kaHd76XxyJpltCASupdD53nEtxnu8sRrQxSm9lcmcgV3Vuc2NoIDxq
b2VyZ193dW5zY2hAaW50ZXJmYWNlLWJ1c2luZXNzLmRlPokAlQMFEDIIhfR1u244
dqP3sQEBWoID/RhBm+qtW+hu2fqAj9d8CVgEKJugrxZIpXuCKFvO+bCgQtogt9EX
+TJh4s8UUdcFkyEIu8CT2C3Rrr1grvckfxvrTgzSzvtYyv1072X3GkVY+SlUMBMA
rdl1qNW23oT7Q558ajnsaL065XJ5m7HacgTTikiofYG8i1s7TrsEeq6PtCJKb2Vy
ZyBXdW5zY2ggPGpAdXJpYWguaGVlcC5zYXguZGU+iQCVAwUQMaS91D4gHQUlG9CZ
AQGYOwQAhPpiobK3d/fz+jWrbQgjkoO+j39glYGXb22+6iuEprFRs/ufKYtjljNT
NK3B4DWSkyIPawcuO4Lotijp6jke2bsjFSSashGWcsJlpnwsv7EeFItT3oWTTTQQ
ItPbtNyLW6M6xB+jLGtaAvJqfOlzgO9BLfHuA2LY+WvbVW447SWJAJUDBRAxqWRs
dbtuOHaj97EBAXDBA/49rzZB5akkTSbt/gNd38OJgC+H8N5da25vV9dD3KoAvXfW
fw7OxIsxvQ/Ab+rJmukrrWxPdsC+1WU1+1rGa4PvJp/VJRDes2awGrn+iO7/cQoS
IVziC27JpcbvjLvLVcBIiy1yT/RvJ+87a3jPRHt3VFGcpFh4KykxxSNiyGygl4kA
lQMFEDGCUB31FVv7jlQtXQEB5KgD/iIJZe5lFkPr2B/Cr7BKMVBot1/JSu05NsHg
JZ3uK15w4mVtNPZcFi/dKbn+qRM6LKDFe/GF0HZD/ZD1FJt8yQjzF2w340B+F2GG
EOwnClqZDtEAqnIBzM/ECQQqH+6Bi8gpkFZrFgg5eON7ikqmusDnOlYStM/CBfgp
SbR8kDmFtCZKb2VyZyBXdW5zY2ggPGpAaW50ZXJmYWNlLWJ1c2luZXNzLmRlPokA
lQMFEDHioSdlYKmsNPn51QEByz8D/10uMrwP7MdaXnptd1XNFhpaAPYTVAOcaKlY
OGI/LLR9PiU3FbqXO+7INhaxFjBxa0Tw/p4au5Lq1+Mx81edHniJZNS8tz3I3goi
jIC3+jn2gnVAWnK5UZUTUVUn/JLVk/oSaIJNIMMDaw4J9xPVVkb+Fh1A+XqtPsVa
YESrNp0+iQCVAwUQMwXkzcdm8Q+/vPRJAQEA4QQAgNNX1HFgXrMetDb+w6yEGQDk
JCDAY9b6mA2HNeKLQAhsoZl4HwA1+iuQaCgo3lyFC+1Sf097OUTs74z5X1vCedqV
oFw9CxI3xuctt3pJCbbN68flOlnq0WdYouWWGlFwLlh5PEy//VtwX9lqgsizlhzi
t+fX6BT4BgKi5baDhrWJAJUDBRAyCKveD9eCJxX4hUkBAebMA/9mRPy6K6i7TX2R
jUKSl2p5oYrXPk12Zsw4ijuktslxzQhOCyMSCGK2UEC4UM9MXp1H1JZQxN/DcfnM
7VaUt+Ve0wZ6DC9gBSHJ1hKVxHe5XTj26mIr4rcXNy2XEDMK9QsnBxIAZnBVTjSO
LdhqqSMp3ULLOpBlRL2RYrqi27IXr4kAlQMFEDGpbnd1u244dqP3sQEBJnQD/RVS
Azgf4uorv3fpbosI0LE3LUufAYGBSJNJnskeKyudZkNkI5zGGDwVneH/cSkKT4OR
ooeqcTBxKeMaMuXPVl30QahgNwWjfuTvl5OZ8orsQGGWIn5FhqYXsKkjEGxIOBOf
vvlVQ0UbcR0N2+5F6Mb5GqrXZpIesn7jFJpkQKPU
=97h7
-----END PGP PUBLIC KEY BLOCK-----Developers&a.wosch;
Type Bits/KeyID Date User ID
pub 1024/2B7181AD 1997/08/09 Wolfram Schneider <wosch@FreeBSD.org>
Key fingerprint = CA 16 91 D9 75 33 F1 07 1B F0 B4 9F 3E 95 B6 09
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzPs+aEAAAEEAJqqMm2I9CxWMuHDvuVO/uh0QT0az5ByOktwYLxGXQmqPG1G
Q3hVuHWYs5Vfm/ARU9CRcVHFyqGQ3LepoRhDHk+JcASHan7ptdFsz7xk1iNNEoe0
vE2rns38HIbiyQ/2OZd4XsyhFOFtExNoBuyDyNoe3HbHVBQT7TmN/mkrcYGtAAUR
tCVXb2xmcmFtIFNjaG5laWRlciA8d29zY2hARnJlZUJTRC5vcmc+iQCVAwUQNxnH
AzmN/mkrcYGtAQF5vgP/SLOiI4AwuPHGwUFkwWPRtRzYSySXqwaPCop5mVak27wk
pCxGdzoJO2UgcE812Jt92Qas91yTT0gsSvOVNATaf0TM3KnKg5ZXT1QIzYevWtuv
2ovAG4au3lwiFPDJstnNAPcgLF3OPni5RCUqBjpZFhb/8YDfWYsMcyn4IEaJKre0
JFdvbGZyYW0gU2NobmVpZGVyIDxzY2huZWlkZXJAemliLmRlPokAlQMFEDcZxu85
jf5pK3GBrQEBCRgD/jPj1Ogx4O769soiguL1XEHcxhqtrpKZkKwxmDLRa0kJFwLp
bBJ3Qz3vwaB7n5gQU0JiL1B2M7IxVeHbiIV5pKp7FD248sm+HZvBg6aSnCg2JPUh
sHd1tK5X4SB5cjFt3Cj0LIN9/c9EUxm3SoML9bovmze60DckErrRNOuTk1IntCJX
b2xmcmFtIFNjaG5laWRlciA8d29zY2hAYXBmZWwuZGU+iQEVAwUQNmfWXAjJLLJO
sC7dAQEASAgAnE4g2fwMmFkQy17ATivljEaDZN/m0GdXHctdZ8CaPrWk/9/PTNK+
U6xCewqIKVwtqxVBMU1VpXUhWXfANWCB7a07D+2GrlB9JwO5NMFJ6g0WI/GCUXjC
xb3NTkNsvppL8Rdgc8wc4f23GG4CXVggdTD2oUjUH5Bl7afgOT4xLPAqePhS7hFB
UnMsbA94OfxPtHe5oqyaXt6cXH/SgphRhzPPZq0yjg0Ef+zfHVamvZ6Xl2aLZmSv
Cc/rb0ShYDYi39ly9OPPiBPGbSVw2Gg804qx3XAKiTFkLsbYQnRt7WuCPsOVjFkf
CbQS31TaclOyzenZdCAezubGIcrJAKZjMIkAlQMFEDPs+aE5jf5pK3GBrQEBlIAD
/3CRq6P0m1fi9fbPxnptuipnoFB/m3yF6IdhM8kSe4XlXcm7tS60gxQKZgBO3bDA
5QANcHdl41Vg95yBAZepPie6iQeAAoylRrONeIy6XShjx3S0WKmA4+C8kBTL+vwa
UqF9YJ1qesZQtsXlkWp/Z7N12RkueVAVQ7wRPwfnz6E3tC5Xb2xmcmFtIFNjaG5l
aWRlciA8d29zY2hAcGFua2UuZGUuZnJlZWJzZC5vcmc+iQCVAwUQNxnEqTmN/mkr
cYGtAQFnpQP9EpRZdG6oYN7d5abvIMN82Z9x71a4QBER+R62mU47wqdRG2b6jMMh
3k07b2oiprVuPhRw/GEPPQevb6RRT6SD9CPYAGfK3MDE8ZkMj4d+7cZDRJQ35sxv
gAzQwuA9l7kS0mt5jFRPcEg5/KpuyehRLckjx8jpEM7cEJDHXhBIuVg=
=3V1R
-----END PGP PUBLIC KEY BLOCK-----&a.brian;
Type Bits/KeyID Date User ID
pub 1024/666A7421 1997/04/30 Brian Somers <brian@awfulhak.org>
Key fingerprint = 2D 91 BD C2 94 2C 46 8F 8F 09 C4 FC AD 12 3B 21
Brian Somers <brian@uk.FreeBSD.org>
Brian Somers <brian@OpenBSD.org>
Brian Somers <brian@FreeBSD.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzNmogUAAAEEALdsjVsV2dzO8UU4EEo7z3nYuvB2Q6YJ8sBUYjB8/vfR5oZ9
7aEQjgY5//pXvS30rHUB9ghk4kIFSljzeMudE0K2zH5n2sxpLbBKWZRDLS7xnrDC
I3j9CNKwQBzMPs0fUT46gp96nf1X8wPiJXkDUEia/c0bRbXlLw7tvOdmanQhAAUR
tCFCcmlhbiBTb21lcnMgPGJyaWFuQGF3ZnVsaGFrLm9yZz6JAJUDBRA3Fjs4H3+p
CANY/L0BAZOxBACTZ1zPdaJzEdT4AfrebQbaU4ytEeodnVXZIkc8Il+LDlDOUAIe
k5PgnHTRM4yiwcZuYQrCDRFgdOofcFfRo0PD7mGFzd22qPGmbvHiDBCYCyhlkPXW
IDeoA1cX77JlU1NFdy0dZwuX7csaMlpjCkOPc7+856mr6pQi48zj7yZtrYkAlQMF
EDcUqZ2dZ0EADG4SFQEBEm0EAL2bBNc4vpxPrg3ATdZ/PekpL6lYj3s9pBf8f7eY
LXq438A/ywiWkrL74gXxcZ2Ey9AHZW+rbJPzUbrfMAgP3uWobeSvDyKRo1wtKnTY
Hy+OEIbBIHDmIUuK3L7KupBf7WAI46Q7fnyz0txvtRruDjvfoyl9/TSRfIKcaw2a
INh7iQCVAwUQNwyWpmdKPfFUsXG5AQEIrAQAmukv2u9ihcnO2Zaak265I+gYozu+
biAngdXNfhTGMeExFzdzQ8Qe7EJugMpIDEkJq2goY35sGitD+ogSVWECjcVbHIAP
M2u9axFGlK7fDOmmkH2ZWDMtwx2I5dZps3q2g9mY2O9Az5Yokp7GW7viSpWXHTRH
xOsuY6aze71U7RWJAHUDBRA3DAEvDuwDH3697LEBAWRHAv9XXkub6mir/DCxzKI2
AE3tek40lRfU6Iukjl/uzT9GXcL3uEjIewiPTwN+k4IL+qcCEdv8WZgv/tO45r59
IZQsicNaSAsKX/6Cxha6Hosg1jw4rjdyz13rgYRi/nreq5mJAJUDBRA2r0CM9p+f
Pnxlu7UBAYObA/40s5SwEpXTrePO78AoUFEa5Z4bgyxkpT7BVbq6m/oQtK509Xe2
M2y0XTLkd86oXpjyKzGzWq8T6ZTKNdF9+5LhS2ylJytdPq1AjDk2BocffWX4+pXn
RPiC6XcNdYGiQL8OTHvZESYQDiHeMfwA8WdMzFK1R80nJMwANYXjJJrLzYkAlQMF
EDNt51zvs7EFZlNtbQEBW0UD/jZB6UDdEFdhS0hxgahv5CxaQDWQbIEpAY9JL1yg
d1RWMKUFGXdRkWZmHEA4NvtwFFeam/HZm4yuGf8yldMyo84loTcVib7lKh4CumGx
FT5Pxeh/F8u9EeQzclRFSMhVl0BA2/HEGyjw0kbkprI/RD3pXD7ewTAUrj2O3XhE
InLgiQCVAwUQM3O9vWyr6JZzEUkFAQF9nAP9Hco0V/3Kl70N5ryPVgh41nUTd7Td
6fUjx8yPoSZLX8vVZ8XMyd8ULFmzsmA+2QG4HcKo/x/4s50O3o8c+o1qSYj0Tp+K
4Z8lneMVlgBNdrRcq4ijEgk0qGqSlsXyLElkVPEXAADBVgzf6yqvipDwXNVzl6e3
GPLE8U2TAnBFZX6JAJUDBRAzZqIFDu2852ZqdCEBATsuBACI3ofP7N3xuHSc7pWL
NsnFYVEc9utBaclcagxjLLzwPKzMBcLjNGyGXIZQNB0d4//UMUJcMS7vwZ8MIton
VubbnJVHuQvENloRRARtarF+LC7OLMCORrGtbt0FtYgvBaqtgXlNcKXD6hRT+ghR
bi3q34akA7Xw8tiFIxdVgSusALQjQnJpYW4gU29tZXJzIDxicmlhbkB1ay5GcmVl
QlNELm9yZz6JAJUDBRA3FLWcnWdBAAxuEhUBAcYYBACos9nKETuaH+z2h0Ws+IIY
mN9FEm8wpPUcQmX5GFhfBUQ+rJbflzv0jJ/f2ac9qJHgIIAlJ3pMkfMpU8UYHEuo
VCe4ZTU5sr4ZdBaF9kpm2OriFgZwIv4QAi7dCMu9ZwGRtZ3+z3DQsVSagucjZTIe
yTUR6K+7E3YXANQjOdqFZYkAlQMFEDcUpeQO7bznZmp0IQEB4HED/Ru3NjwWO1gl
xEiLTzRpU31Rh1Izw1lhVMVJkLAGBw9ieSkjvdIkuhqV1i+W4wKBClT0UOE28Kjp
WbBKPFIASRYzN4ySwpprsG5H45EFQosovYG/HPcMzXU2GMj0iwVTxnMq7I8oH588
ExHqfEN2ARD3ngmB2499ruyGl26pW/BftCBCcmlhbiBTb21lcnMgPGJyaWFuQE9w
ZW5CU0Qub3JnPokAlQMFEDcUtW6dZ0EADG4SFQEBQwsD/j9B/lkltIdnQdjOqR/b
dOBgJCtUf905y6kD+k4kbxeT1YAaA65KJ2o/Zj+i+69F2+BUJ/3kYB7prKwut2h0
ek1ZtncGxoAsQdFJ5JSeMkwUZ5qtGeCmVPb59+KPq3nU6p3RI8Bn77FzK//Qy+IW
/WFVJbf/6NCNCbyRiRjPbGl/iQCVAwUQNxSlyA7tvOdmanQhAQFzMAP/dvtsj3yB
C+seiy6fB/nS+NnKBoff3Ekv57FsZraGt4z9n4sW61eywaiRzuKlhHqrDE17STKa
fBOaV1Ntl7js7og5IFPWNlVh1cK+spDmd655D8pyshziDF6fSAsqGfTn35xl23Xj
O20MMK44j4I5V6rEyUDBDrmX49J56OFkfwa0IEJyaWFuIFNvbWVycyA8YnJpYW5A
RnJlZUJTRC5vcmc+iQCVAwUQNxS1Y51nQQAMbhIVAQHPBQP+IMUlE4DtEvSZFtG4
YK9usfHSkStIafh/F/JzSsqdceLZgwcuifbemw79Rhvqhp0Cyp7kuI2kHO3a19kZ
3ZXlDl3VDg41SV/Z5LzNw9vaZKuF/vtGaktOjac5E5aznWGIA5czwsRgydEOcd8O
VPMUMrdNWRI6XROtnbZaRSwmD8aJAJUDBRA3FKWuDu2852ZqdCEBAWVJA/4x3Mje
QKV+KQoO6mOyoIcD4GK1DjWDvNHGujJbFGBmARjr/PCm2cq42cPzBxnfRhCfyEvN
aesNB0NjLjRU/m7ziyVn92flAzHqqmU36aEdqooXUY2T3vOYzo+bM7VtInarG1iU
qw1G19GgXUwUkPvy9+dNIM/aYoI/e0Iv3P9uug==
=R3k0
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/en_US.ISO8859-1/books/handbook/ports/chapter.sgml b/en_US.ISO8859-1/books/handbook/ports/chapter.sgml
index d5e27dcaa6..367ab8e108 100644
--- a/en_US.ISO8859-1/books/handbook/ports/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/ports/chapter.sgml
@@ -1,4610 +1,4610 @@
Installing Applications: The Ports collectionContributed by &a.jraynard;.The FreeBSD Ports collection allows you to compile and install a very
wide range of applications with a minimum of effort.For all the hype about open standards, getting a program to work on
different versions of Unix in the real world can be a tedious and tricky
business, as anyone who has tried it will know. You may be lucky enough
to find that the program you want will compile cleanly on your system,
install itself in all the right places and run flawlessly “out of
the box”, but this is unfortunately rather rare. With most
programs, you will find yourself doing a fair bit of head-scratching, and
there are quite a few programs that will result in premature greying, or
even chronic alopecia...Some software distributions have attacked this problem by providing
configuration scripts. Some of these are very clever, but they have an
unfortunate tendency to triumphantly announce that your system is
something you have never heard of and then ask you lots of questions that
sound like a final exam in system-level Unix programming (Does
your system's gethitlist function return a const pointer to a fromboz or
a pointer to a const fromboz? Do you have Foonix style unacceptable
exception handling? And if not, why not?).Fortunately, with the Ports collection, all the hard work involved has
already been done, and you can just type make install
and get a working program.Why Have a Ports Collection?The base FreeBSD system comes with a very wide range of tools and
system utilities, but a lot of popular programs are not in the base
system, for good reasons:-Programs that some people cannot live without and other people
cannot stand, such as a certain Lisp-based editor.Programs which are too specialised to put in the base system
(CAD, databases).Programs which fall into the “I must have a look at that
when I get a spare minute” category, rather than
system-critical ones (some languages, perhaps).Programs that are far too much fun to be supplied with a serious
operating system like FreeBSD ;-)However many programs you put in the base system, people will
always want more, and a line has to be drawn somewhere (otherwise
FreeBSD distributions would become absolutely enormous).Obviously it would be unreasonable to expect everyone to port their
favourite programs by hand (not to mention a tremendous amount of
duplicated work), so the FreeBSD Project came up with an ingenious way
of using standard tools that would automate the process.Incidentally, this is an excellent illustration of how “the
Unix way” works in practice by combining a set of simple but very
flexible tools into something very powerful.How Does the Ports Collection Work?Programs are typically distributed on the Internet as a tarball consisting of a Makefile and
the source code for the program and usually some instructions (which are
unfortunately not always as instructive as they could be), with perhaps
a configuration script.The standard scenario is that you FTP down the tarball, extract it
somewhere, glance through the instructions, make any changes that seem
necessary, run the configure script to set things up and use the
standard make program to compile and install the
program from the source.FreeBSD ports still use the tarball mechanism, but use a skeleton to hold the
"knowledge" of how to get the program working on FreeBSD,
rather than expecting the user to be able to work it out. They also
supply their own customised Makefile, so that almost every port
can be built in the same way.If you look at a port skeleton (either on your FreeBSD
system or the
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/ports/devel/ElectricFence">the
FTP site) and expect to find all sorts of pointy-headed rocket
science lurking there, you may be disappointed by the one or two rather
unexciting-looking files and directories you find there. (We will
discuss in a minute how to go about Getting a port).“How on earth can this do anything?” I hear you cry.
“There is no source code there!”Fear not, gentle reader, all will become clear (hopefully). Let us
see what happens if we try and install a port. I have chosen
ElectricFence, a useful tool for developers,
as the skeleton is more straightforward than most.If you are trying this at home, you will need to be root.&prompt.root; cd /usr/ports/devel/ElectricFence
&prompt.root; make install
>> Checksum OK for ElectricFence-2.0.5.tar.gz.
===> Extracting for ElectricFence-2.0.5
===> Patching for ElectricFence-2.0.5
===> Applying FreeBSD patches for ElectricFence-2.0.5
===> Configuring for ElectricFence-2.0.5
===> Building for ElectricFence-2.0.5
[lots of compiler output...]
===> Installing for ElectricFence-2.0.5
===> Warning: your umask is "0002". If this is not desired, set it to
an appropriate value and install this port again by ``make reinstall''.
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.a /usr/local/lib
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.3 /usr/local/man/man3
===> Compressing manual pages for ElectricFence-2.0.5
===> Registering installation for ElectricFence-2.0.5To avoid confusing the issue, I have completely removed the build
output.If you tried this yourself, you may well have got something like
this at the start:-&prompt.root; make install
>> ElectricFence-2.0.5.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://ftp.doc.ic.ac.uk/Mirrors/sunsite.unc.edu/pub/Linux/devel/lang/c/.The make program has noticed that you did not
have a local copy of the source code and tried to FTP it down so it
could get the job done. I already had the source handy in my example,
so it did not need to fetch it.Let's go through this and see what the make
program was doing.Locate the source code tarball. If it is not available
locally, try to grab it from an FTP site.Run a checksum test on the
tarball to make sure it has not been tampered with, accidentally
truncated, downloaded in ASCII mode, struck by neutrinos while in
transit, etc.Extract the tarball into a temporary work directory.Apply any patches needed to
get the source to compile and run under FreeBSD.Run any configuration script required by the build process and
correctly answer any questions it asks.(Finally!) Compile the code.Install the program executable and other supporting files, man
pages, etc. under the /usr/local hierarchy
(unless this is an X11 program,
then it will be under /usr/X11R6),
where they will not get mixed up with system programs. This also
makes sure that all the ports you install will go in the same place,
instead of being flung all over your system.Register the installation in a database. This means that, if
you do not like the program, you can cleanly remove all traces of it from your
system.Scroll up to the make output and see if you can
match these steps to it. And if you were not impressed before, you
should be by now!Getting a FreeBSD PortThere are two ways of getting hold of the FreeBSD port for a
program. One requires a FreeBSD CDROM,
the other involves using an Internet
Connection.Compiling ports from CDROMAssuming that your FreeBSD CDROM is in the drive and mounted on
/cdrom (and the mount point
must be /cdrom), you should
then be able to build ports just as you normally do and the port
collection's built in search path should find the tarballs in
/cdrom/ports/distfiles/ (if they exist there)
rather than downloading them over the net.Another way of doing this, if you want to just use the port
skeletons on the CDROM, is to set these variables in
/etc/make.conf:
PORTSDIR= /cdrom/ports
DISTDIR= /tmp/distfiles
WRKDIRPREFIX= /tmpSubstitute /tmp for any place you have enough
free space. Then, just cd to the appropriate
subdirectory under /cdrom/ports and type
make install as usual.
WRKDIRPREFIX will cause the port to be build under
/tmp/cdrom/ports; for instance,
games/oneko will be built under
/tmp/cdrom/ports/games/oneko.There are some ports for which we cannot provide the original
source in the CDROM due to licensing limitations. In that case, you
will need to look at the section on Compiling ports using an Internet
connection.Compiling ports from the InternetIf you do not have a CDROM, or you want to make sure you get the
very latest version of the port you want, you will need to download
the skeleton for the port. Now
this might sound like rather a fiddly job full of pitfalls, but it is
actually very easy.First, if you are running a release version of FreeBSD, make sure
you get the appropriate “upgrade kit” for your release
- from the ports web
+ from the ports web
page. These packages include files that have been updated
since the release that you may need to compile new ports.The key to the skeletons is that the FreeBSD FTP server can create
on-the-fly tarballs for you.
Here is how it works, with the gnats program in the databases
directory as an example (the bits in square brackets are comments. Do
not type them in if you are trying this yourself!):-&prompt.root; cd /usr/ports
&prompt.root; mkdir databases
&prompt.root; cd databases
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/ports/databasesftp>get gnats.tar
[tars up the gnats skeleton for us]
ftp>quit
&prompt.root; tar xf gnats.tar
[extract the gnats skeleton]
&prompt.root; cd gnats
&prompt.root; make install
[build and install gnats]What happened here? We connected to the FTP server in the usual
way and went to its databases sub-directory.
When we gave it the command get gnats.tar, the FTP
server tarred up the gnats
directory for us.We then extracted the gnats skeleton and went into the gnats
directory to build the port. As we explained earlier, the make process noticed we
did not have a copy of the source locally, so it fetched one before
extracting, patching and building it.Let us try something more ambitious now. Instead of getting a
single port skeleton, we will get a whole sub-directory, for example all
the database skeletons in the ports collection. It looks almost the
same:-&prompt.root; cd /usr/ports
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/portsftp>get databases.tar
[tars up the databases directory for us]
ftp>quit
&prompt.root; tar xf databases.tar
[extract all the database skeletons]
&prompt.root; cd databases
&prompt.root; make install
[build and install all the database ports]With half a dozen straightforward commands, we have now got a set
of database programs on our FreeBSD machine! All we did that was
different from getting a single port skeleton and building it was that
we got a whole directory at once, and compiled everything in it at
once. Pretty impressive, no?If you expect to be installing many ports, it is probably worth
downloading all the ports directories.SkeletonsA team of compulsive hackers who have forgotten to eat in a frantic
attempt to make a deadline? Something unpleasant lurking in the FreeBSD
attic? No, a skeleton here is a minimal framework that supplies
everything needed to make the ports magic work.MakefileThe most important component of a skeleton is the Makefile. This
contains various statements that specify how the port should be
compiled and installed. Here is the Makefile for
ElectricFence:-
# New ports collection makefile for: Electric Fence
# Version required: 2.0.5
# Date created: 13 November 1997
# Whom: jraynard
#
# $Id$
#
DISTNAME= ElectricFence-2.0.5
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_SUNSITE}
MASTER_SITE_SUBDIR= devel/lang/c
MAINTAINER= jraynard@freebsd.org
MAN3= libefence.3
do-install:
${INSTALL_DATA} ${WRKSRC}/libefence.a ${PREFIX}/lib
${INSTALL_MAN} ${WRKSRC}/libefence.3 ${PREFIX}/man/man3
.include <bsd.port.mk>The lines beginning with a "#" sign are comments for the
benefit of human readers (as in most Unix script files).DISTNAME specifies the name of the tarball, but without the
extension.CATEGORIES states what kind of program this is.
In this case, a utility for developers. See the categories section of this
handbook for a complete list.MASTER_SITES is the URL(s) of the master FTP
site, which is used to retrieve the tarball if it is not available on the
local system. This is a site which is regarded as reputable, and is
normally the one from which the program is officially distributed (in
so far as any software is "officially" distributed on the
Internet).MAINTAINER is the email address of the person
who is responsible for updating the skeleton if, for example a new
version of the program comes out.Skipping over the next few lines for a minute, the line
.include <bsd.port.mk> says that the other
statements and commands needed for this port are in a standard file
called bsd.port.mk. As these are the same for
all ports, there is no point in duplicating them all over the place,
so they are kept in a single standard file.This is probably not the place to go into a detailed examination
of how Makefiles work; suffice it to say that the line starting with
MAN3 ensures that the ElectricFence man page is
compressed after installation, to help conserve your precious disk
space. The original port did not provide an
install target, so the three lines from
do-install ensure that the files produced by
this port are placed in the correct destination.The files directoryThe file containing the checksum for the port is called
md5, after the MD5 algorithm used for ports
checksums. It lives in a directory with the slightly confusing name
of files.This directory can also contain other miscellaneous files that are
required by the port and do not belong anywhere else.The patches directoryThis directory contains the patches needed to make everything work
properly under FreeBSD.The pkg directoryThis program contains three quite useful files:-COMMENT — a one-line description of
the program.DESCR — a more detailed
description.PLIST — a list of all the files
that will be created when the program is installed.What to do when a port does not work.Oh. You can do one of four (4) things :Fix it yourself. Technical details on how ports work can be
found in Porting applications.Gripe. This is done by e-mail only! Send
such e-mail to the maintainer of the port, first. Type
make maintainer or read the
Makefile to find the maintainer's email
address. Remember to include the name/version of
the port (copy the $Id: line from the
Makefile), and the output leading up-to the
error, inclusive. If you do not get a satisfactory response,
you can try filing a bug report with send-pr.
Forget it. This is the easiest for most — very few of the
programs in ports can be classified as essential!Grab the pre-compiled package from a ftp server. The
“master” package collection is on FreeBSD's FTP server
in the packages
directory, though check your local mirror first, please!
These are more likely to work (on the whole) than trying to compile
from source and a lot faster besides! Use the &man.pkg.add.1;
program to install a package file on your
system.Some Questions and AnswersQ. I thought this was going to be a discussion about
modems??!A. Ah. You must be thinking of the serial ports on the back of
your computer. We are using “port” here to mean the
result of “porting” a program from one version of Unix
to another. (It is an unfortunate bad habit of computer people to
use the same word to refer to several completely different
things).Q. I thought you were supposed to use packages to install extra
programs?A. Yes, that is usually the quickest and easiest way of doing
it.Q. So why bother with ports then?A. Several reasons:-The licensing conditions on some software distributions
require that they be distributed as source code, not
binaries.Some people do not trust binary distributions. At least
with source code you can (in theory) read through it and look
for potential problems yourself.If you have some local patches, you will need the source to
add them yourself.You might have opinions on how a program should be compiled
that differ from the person who did the package — some
people have strong views on what optimisation setting should be
used, whether to build debug versions and then strip them or
not, etc. etc.Some people like having code around, so they can read it if
they get bored, hack around with it, borrow from it (licence
terms permitting, of course!) and so on.If you ain't got the source, it ain't software! ;-) Q. What is a patch?A. A patch is a small (usually) file that specifies how to go
from one version of a file to another. It contains text that says,
in effect, things like “delete line 23”, “add
these two lines after line 468” or “change line 197 to
this”. Also known as a “diff”, since it is
generated by a program of that name. Q. What is all this about
tarballs?A. It is a file ending in .tar or
.tar.gz (with variations like
.tar.Z, or even .tgz if
you are trying to squeeze the names into a DOS filesystem).Basically, it is a directory tree that has been archived into a
single file (.tar) and optionally compressed
(.gz). This technique was originally used for
Tape ARchives (hence the
name tar), but it is a widely used way of
distributing program source code around the Internet.You can see what files are in them, or even extract them
yourself, by using the standard Unix tar program, which comes with
the base FreeBSD system, like this:-&prompt.user; tar tvzf foobar.tar.gz
&prompt.user; tar xzvf foobar.tar.gz
&prompt.user; tar tvf foobar.tar
&prompt.user; tar xvf foobar.tar Q. And a checksum?A. It is a number generated by adding up all the data in the
file you want to check. If any of the characters change, the
checksum will no longer be equal to the total, so a simple
comparison will allow you to spot the difference. (In practice, it
is done in a more complicated way to spot problems like
position-swapping, which will not show up with a simplistic
addition).Q. I did what you said for compiling
ports from a CDROM and it worked great until I tried to
install the kermit port:-&prompt.root; make install
>> cku190.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://kermit.columbia.edu/kermit/archives/.Why can it not be found? Have I got a dud CDROM?A. The licensing terms for kermit do not allow us to put the
tarball for it on the CDROM, so you will have to fetch it by hand
— sorry! The reason why you got all those error messages was
because you were not connected to the Internet at the time. Once
you have downloaded it from any of the sites above, you can re-start
the process (try and choose the nearest site to you, though, to save
your time and the Internet's bandwidth).Q. I did that, but when I tried to put it into
/usr/ports/distfiles I got some error about not
having permission.A. The ports mechanism looks for the tarball in
/usr/ports/distfiles, but you will not be able
to copy anything there because it is sym-linked to the CDROM, which
is read-only. You can tell it to look somewhere else by
doing&prompt.root; make DISTDIR=/where/you/put/it installQ. Does the ports scheme only work if you have everything in
/usr/ports? My system administrator says I must
put everything under
/u/people/guests/wurzburger, but it does not
seem to work.A. You can use the PORTSDIR and
PREFIX variables to tell the ports mechanism to
use different directories. For instance,&prompt.root; make PORTSDIR=/u/people/guests/wurzburger/ports installwill compile the port in
/u/people/guests/wurzburger/ports and install
everything under /usr/local.&prompt.root; make PREFIX=/u/people/guests/wurzburger/local installwill compile it in /usr/ports and install
it in /u/people/guests/wurzburger/local.And of course&prompt.root; make PORTSDIR=.../ports PREFIX=.../local installwill combine the two (it is too long to fit on the page if I
write it in full, but I am sure you get the idea).If you do not fancy typing all that in every time you install a
port (and to be honest, who would?), it is a good idea to put these
variables into your environment.Q. I do not have a FreeBSD CDROM, but I would like to have all
the tarballs handy on my system so I do not have to wait for a
download every time I install a port. Is there an easy way to get
them all at once?A. To get every single tarball for the ports collection,
do&prompt.root; cd /usr/ports
&prompt.root; make fetchFor all the tarballs for a single ports directory, do&prompt.root; cd /usr/ports/directory
&prompt.root; make fetchand for just one port — well, I think you have guessed
already.Q. I know it is probably faster to fetch the tarballs from one
of the FreeBSD mirror sites close by. Is there any way to tell the
port to fetch them from servers other than ones listed in the
MASTER_SITES?A. Yes. If you know, for example, ftp.FreeBSD.ORG is much closer than sites
listed in MASTER_SITES, do as following
example.&prompt.root; cd /usr/ports/directory
&prompt.root; make MASTER_SITE_OVERRIDE=ftp://ftp.FreeBSD.ORG/pub/FreeBSD/ports/distfiles/ fetchQ. I want to know what files make is going to need before it
tries to pull them down.A. make fetch-list will display a list of
the files needed for a port.Q. Is there any way to stop the port from compiling? I want to
do some hacking on the source before I install it, but it is a bit
tiresome having to watch it and hit control-C every time.A. Doing make extract will stop it after it
has fetched and extracted the source code.Q. I am trying to make my own port and I want to be able to
stop it compiling until I have had a chance to see if my patches
worked properly. Is there something like make
extract, but for patches?A. Yep, make patch is what you want. You
will probably find the PATCH_DEBUG option useful
as well. And by the way, thank you for your efforts!Q. I have heard that some compiler options can cause bugs. Is
this true? How can I make sure that I compile ports with the right
settings?A. Yes, with version 2.6.3 of gcc (the
version shipped with FreeBSD 2.1.0 and 2.1.5), the
option could result in buggy code unless you
used the option as well.
(Most of the ports do not use ). You
should be able to specify the compiler options
used by something like&prompt.root; make CFLAGS='-O2 -fno-strength-reduce' installor by editing /etc/make.conf, but
unfortunately not all ports respect this. The surest way is to do
make configure, then go into the source directory
and inspect the Makefiles by hand, but this can get tedious if the
source has lots of sub-directories, each with their own
Makefiles.Q. There are so many ports it is hard to find the one I want.
Is there a list anywhere of what ports are available?A. Look in the INDEX file in
/usr/ports. If you would like to search the
ports collection for a keyword, you can do that too. For example,
you can find ports relevant to the LISP programming language
using:&prompt.user; cd /usr/ports
&prompt.user; make search key=lispQ. I went to install the foo port but the
system suddenly stopped compiling it and starting compiling the
bar port. What is going on?A. The foo port needs something that is
supplied with bar — for instance, if
foo uses graphics, bar might
have a library with useful graphics processing routines. Or
bar might be a tool that is needed to compile the
foo port. Q. I installed the
grizzle program from the ports and frankly it is
a complete waste of disk space. I want to delete it but I do not
know where it put all the files. Any clues?A. No problem, just do&prompt.root; pkg_delete grizzle-6.5Alternatively, you can do&prompt.root; cd /usr/ports/somewhere/grizzle
&prompt.root; make deinstall
Q. Hang on a minute, you have to know the version number to use
that command. You do not seriously expect me to remember that, do
you??A. Not at all, you can find it out by doing&prompt.root; pkg_info -a | grep grizzle
Information for grizzle-6.5:
grizzle-6.5 - the combined piano tutorial, LOGO interpreter and shoot 'em up arcade game.Q. Talking of disk space, the ports directory seems to be
taking up an awful lot of room. Is it safe to go in there and
delete things?A. Yes, if you have installed the program and are fairly
certain you will not need the source again, there is no point in
keeping it hanging around. The best way to do this is&prompt.root; cd /usr/ports
&prompt.root; make cleanwhich will go through all the ports subdirectories and delete
everything except the skeletons for each port.Q. I tried that and it still left all those tarballs or
whatever you called them in the distfiles
directory. Can I delete those as well?A. Yes, if you are sure you have finished with them, those can
go as well.Q. I like having lots and lots of programs to play with. Is
there any way of installing all the ports in one go?A. Just do&prompt.root; cd /usr/ports
&prompt.root; make installQ. OK, I tried that, but I thought it would take a very long
time so I went to bed and left it to get on with it. When I looked
at the computer this morning, it had only done three and a half
ports. Did something go wrong?A. No, the problem is that some of the ports need to ask you
questions that we cannot answer for you (eg “Do you want to
print on A4 or US letter sized paper?”) and they need to have
someone on hand to answer them.Q. I really do not want to spend all day staring at the
monitor. Any better ideas?A. OK, do this before you go to bed/work/the local
park:-&prompt.root cd /usr/ports
&prompt.root; make -DBATCH installThis will install every port that does not
require user input. Then, when you come back, do&prompt.root; cd /usr/ports
&prompt.root; make -DIS_INTERACTIVE installto finish the job.Q. At work, we are using frobble, which is
in your ports collection, but we have altered it quite a bit to get
it to do what we need. Is there any way of making our own packages,
so we can distribute it more easily around our sites?A. No problem, assuming you know how to make patches for your
changes:-&prompt.root; cd /usr/ports/somewhere/frobble
&prompt.root; make extract
&prompt.root; cd work/frobble-2.8
[Apply your patches]
&prompt.root; cd ../..
&prompt.root; make packageQ. This ports stuff is really clever. I am desperate to find
out how you did it. What is the secret?A. Nothing secret about it at all, just look at the
bsd.ports.mk and
bsd.ports.subdir.mk files in your makefiles
directory.Readers with an aversion to intricate shell-scripts are
advised not to follow this link...)Making a port yourselfContributed by &a.jkh;, &a.gpalmer;, &a.asami; &a.obrien;
and &a.hoek;. 28 August 1996.So, now you are interested in making your own port? Great!What follows are some guidelines for creating a new port for
FreeBSD. The bulk of the work is done by
/usr/ports/Mk/bsd.port.mk, which all port Makefiles
include. Please refer to that file for more details on the inner
workings of the ports collection. Even if you do not hack Makefiles
daily, it is well commented, and you will still gain much knowledge from
it.Only a fraction of the overridable variables
(VAR) are mentioned in
this document. Most (if not all) are documented at the start of
bsd.port.mk. This file users a non-standard tab
setting. Emacs and
Vim should recognise the setting on loading
the file. vi or ex can be set
to use the correct value by typing :set tabstop=4
once the file has been loaded.Quick PortingThis section tells you how to do a quick port. In many cases, it
is not enough, but we will see.First, get the original tarball and put it into
DISTDIR, which defaults to
/usr/ports/distfiles.The following assumes that the software compiled out-of-the-box,
i.e., there was absolutely no change required for the port to work
on your FreeBSD box. If you needed to change something, you will
have to refer to the next section too.Writing the MakefileThe minimal Makefile would look something
like this:
# New ports collection makefile for: oneko
# Version required: 1.1b
# Date created: 5 December 1994
# Whom: asami
#
# $Id$
#
DISTNAME= oneko-1.1b
CATEGORIES= games
MASTER_SITES= ftp://ftp.cs.columbia.edu/archives/X11R5/contrib/
MAINTAINER= asami@FreeBSD.ORG
MAN1= oneko.1
MANCOMPRESSED= yes
USE_IMAKE= yes
.include <bsd.port.mk>See if you can figure it out. Do not worry about the contents
of the $Id$ line, it will be filled in
automatically by CVS when the port is imported to our main ports
tree. You can find a more detailed example in the sample Makefile section.Writing the description filesThere are three description files that are required for any
port, whether they actually package or not. They are
COMMENT, DESCR, and
PLIST, and reside in the
pkg subdirectory.COMMENTThis is the one-line description of the port.
Please do not include the package name (or
version number of the software) in the comment. Here is an
example:
A cat chasing a mouse all over the screen.DESCRThis is a longer description of the port. One to a few
paragraphs concisely explaining what the port does is
sufficient.This is not a manual or an in-depth
description on how to use or compile the port! Please
be careful if you are copying from the
README or manpage; too often
they are not a concise description of the port or are in an
awkward format (e.g., manpages have justified spacing). If the
ported software has an official WWW homepage, you should list it
here. Prefix one of the websites with
WWW: so that automated tools will work
correctly.It is recommended that you sign your name at the end of this
file, as in:
This is a port of oneko, in which a cat chases a poor mouse all over
the screen.
:
(etc.)
WWW: http://www.oneko.org/
- Satoshi
asami@cs.berkeley.eduPLISTThis file lists all the files installed by the port. It is
also called the “packing list” because the package is
generated by packing the files listed here. The pathnames are
relative to the installation prefix (usually
/usr/local or
/usr/X11R6). If you are using the
MANn variables (as
you should be), do not list any manpages here.Here is a small example:
bin/oneko
lib/X11/app-defaults/Oneko
lib/X11/oneko/cat1.xpm
lib/X11/oneko/cat2.xpm
lib/X11/oneko/mouse.xpm
@dirrm lib/X11/onekoRefer to the &man.pkg.create.1; man page for details on the
packing list.You should list all the files, but not the name directories,
in the list. Also, if the port creates directories for itself
during installtion, make sure to add @dirrm
lines as necessary to remove them when the port is
deleted.It is recommended that you keep all the filenames in this
file sorted alphabetically. It will make verifying the changes
when you upgrade the port much easier.Creating a packing list manually can be a very tedious
task. If the port installs a large numbers of files, creating the packing list
automatically might save time.Creating the checksum fileJust type make makesum. The ports make rules
will automatically generate the file
files/md5.Testing the portYou should make sure that the port rules do exactly what you
want it to do, including packaging up the port. These are the
important points you need to verify.PLIST does not contain anything not
installed by your portPLIST contains everything that is
installed by your portYour port can be installed multiple times using the
reinstall targetYour port cleans up
after itself upon deinstallRecommended test orderingmake installmake packagemake deinstallpkg_add package-namemake deinstallmake reinstallmake packageMake sure that there are not any warnings issued in any of the
package and
deinstall stages, After step 3, check to
see if all the new directories are correctly deleted. Also, try
using the software after step 4, to ensure that is works correctly
when installed from a package.Checking your port with portlintPlease use portlint to see if your port
conforms to our guidelines. The portlint program
is part of the ports collection. In particular, your may want to
check if the Makefile is in
the right shape and the package is named
appropriately.Submitting the portFirst, make sure you have read the Do's and Dont's section.Now that you are happy with your port, the only thing remaining
is to put it in the main FreeBSD ports tree and make everybody else
happy about it too. We do not need your work
directory or the pkgname.tgz package, so delete
them now. Next, simply include the output of shar `find
port_dir` in a bug report and send it with the
&man.send-pr.1; program (see Bug
Reports and General Commentary for more information about
&man.send-pr.1;. If the uncompressed port is larger than 20KB,
you should compress it into a tarfile and use &man.uuencode.1;
before including it in the bug report (uuencoded tarfiles are
acceptable even if the bug report is smaller than 20KB but are not
preferred). Be sure to classify the bug report as category
ports and class
change-request. (Do not mark the report
confidential!)One more time, do not include the original source
distfile, the work directory, or the package
you built with make package.In the past, we asked you to upload new port submissions in
- our ftp site (ftp.freebsd.org). This
+ our ftp site (ftp.FreeBSD.org). This
is no longer recommended as read access is turned off on that
incoming/ directory of that site due to the
large amount of pirated software showing up there.We will look at your port, get back to you if necessary, and put
it in the tree. Your name will also appear in the list of
“Additional FreeBSD contributors” on the FreeBSD
Handbook and other files. Isn't that great?!? :)Slow PortingOk, so it was not that simple, and the port required some
modifications to get it to work. In this section, we will explain,
step by step, how to modify it to get it to work with the ports
paradigm.How things workFirst, this is the sequence of events which occurs when the user
first types make in your port's directory, and
you may find that having bsd.port.mk in another
window while you read this really helps to understand it.But do not worry if you do not really understand what
bsd.port.mk is doing, not many people do...
:>The fetch target is run. The
fetch target is responsible for making
sure that the tarball exists locally in
DISTDIR. If fetch
cannot find the required files in DISTDIR it
will look up the URL MASTER_SITES, which is
set in the Makefile, as well as our main ftp site at ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/,
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/">ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/,
where we put sanctioned distfiles as backup. It will then
attempt to fetch the named distribution file with
FETCH, assuming that the requesting site has
direct access to the Internet. If that succeeds, it will save
the file in DISTDIR for future use and
proceed.The extract target is run. It
looks for your port's distribution file (typically a gzip'd
tarball) in DISTDIR and unpacks it into a
temporary subdirectory specified by WRKDIR
(defaults to work).The patch target is run. First,
any patches defined in PATCHFILES are
applied. Second, if any patches are found in
PATCHDIR (defaults to the
patches subdirectory), they are applied at
this time in alphabetical order.The configure target is run. This
can do any one of many different things.If it exists, scripts/configure is
run.If HAS_CONFIGURE or
GNU_CONFIGURE is set,
WRKSRC/configure is
run.If USE_IMAKE is set,
XMKMF (default: xmkmf
-a) is run.The build target is run. This is
responsible for descending into the port's private working
directory (WRKSRC) and building it. If
USE_GMAKE is set, GNU make
will be used, otherwise the system make will
be used.The above are the default actions. In addition, you can define
targets
pre-something or
post-something,
or put scripts with those names, in the scripts
subdirectory, and they will be run before or after the default
actions are done.For example, if you have a post-extract
target defined in your Makefile, and a file
pre-build in the scripts
subdirectory, the post-extract target will
be called after the regular extraction actions, and the
pre-build script will be executed before the
default build rules are done. It is recommended that you use
Makefile targets if the actions are simple
enough, because it will be easier for someone to figure out what
kind of non-default action the port requires.The default actions are done by the
bsd.port.mk targets
do-something.
For example, the commands to extract a port are in the target
do-extract. If you are not happy with the
default target, you can fix it by redefining the
do-something
target in your Makefile.The “main” targets (e.g.,
extract,
configure, etc.) do nothing more than
make sure all the stages up to that one are completed and call
the real targets or scripts, and they are not intended to be
changed. If you want to fix the extraction, fix
do-extract, but never ever touch
extract!Now that you understand what goes on when the user types
make, let us go through the recommended steps to
create the perfect port.Getting the original sourcesGet the original sources (normally) as a compressed tarball
(foo.tar.gz or
foo.tar.Z) and copy
it into DISTDIR. Always use
mainstream sources when and where you
can.If you cannot find a ftp/http site that is well-connected to the
net, or can only find sites that have irritatingly non-standard
formats, you might want to put a copy on a reliable ftp or http
server that you control (e.g., your home page). Make sure you set
MASTER_SITES to reflect your choice.If you cannot find somewhere convenient and reliable to put the
distfile (if you are a FreeBSD committer, you can just put it in
your public_html/ directory on
freefall), we can “house” it ourselves
by putting it on
- ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
+ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
as the last resort. Please refer to this location as
MASTER_SITE_LOCAL. Send mail to the &a.ports;if
you are not sure what to do.If your port's distfile changes all the time for no good reason,
consider putting the distfile in your home page and listing it as
the first MASTER_SITES. This will prevent users
from getting checksum mismatch errors, and
also reduce the workload of maintainers of our ftp site. Also, if
there isonly one master site for the port, it is recommended that
you house a backup at your site and list it as the second
MASTER_SITES.If your port requires some additional `patches' that are
available on the Internet, fetch them too and put them in
DISTDIR. Do not worry if they come from a site
other than where you got the main source tarball, we have a way to
handle these situations (see the description of PATCHFILES below).Modifying the portUnpack a copy of the tarball in a private directory and make
whatever changes are necessary to get the port to compile properly
under the current version of FreeBSD. Keep careful
track of everything you do, as you will be automating
the process shortly. Everything, including the deletion, addition
or modification of files should be doable using an automated script
or patch file when your port is finished.If your port requires significant user interaction/customization
to compile or install, you should take a look at one of Larry Wall's
classic Configure scripts and perhaps do
something similar yourself. The goal of the new ports collection is
to make each port as “plug-and-play” as possible for the
end-user while using a minimum of disk space.Unless explicitly stated, patch files, scripts, and other
files you have created and contributed to the FreeBSD ports
collection are assumed to be covered by the standard BSD copyright
conditions.PatchingIn the preparation of the port, files that have been added or
changed can be picked up with a recursive diff for later feeding to
patch. Each set of patches you wish to apply should be collected
into a file named
patch-xx where
xx denotes the sequence in which the
patches will be applied — these are done in
alphabetical order, thus aa
first, ab second and so on. These files should
be stored in PATCHDIR, from where they will be
automatically applied. All patches should be relative to
WRKSRC (generally the directory your port's
tarball unpacks itself into, that being where the build is done).
To make fixes and upgrades easier, you should avoid having more than
one patch fix the same file (e.g., patch-aa and
patch-ab both changing
WRKSRC/foobar.c).ConfiguringInclude any additional customization commands to your
configure script and save it in the
scripts subdirectory. As mentioned above, you
can also do this as Makefile targets and/or
scripts with the name pre-configure or
post-configure.Handling user inputIf your port requires user input to build, configure or install,
then set IS_INTERACTIVE in your Makefile. This
will allow “overnight builds” to skip your port if the
user sets the variable BATCH in his environment (and
if the user sets the variable INTERACTIVE, then
only those ports requiring interaction are
built).It is also recommended that if there are reasonable default
answers to the questions, you check the
PACKAGE_BUILDING variable and turn off the
interactive script when it is set. This will allow us to build the
packages for CD-ROMs and ftp.Configuring the MakefileConfiguring the Makefile is pretty simple, and again we suggest
that you look at existing examples before starting. Also, there is a
sample Makefile in this
handbook, so take a look and please follow the ordering of variables
and sections in that template to make your port easier for others to
read.Now, consider the following problems in sequence as you design
your new Makefile:The original sourceDoes it live in DISTDIR as a standard gzip'd
tarball? If so, you can go on to the next step. If not, you should
look at overriding any of the EXTRACT_CMD,
EXTRACT_BEFORE_ARGS,
EXTRACT_AFTER_ARGS,
EXTRACT_SUFX, or DISTFILES
variables, depending on how alien a format your port's distribution
file is. (The most common case is
EXTRACT_SUFX=.tar.Z, when the tarball is
condensed by regular compress, not gzip.)In the worst case, you can simply create your own
do-extract target to override the default,
though this should be rarely, if ever, necessary.DISTNAMEYou should set DISTNAME to be the base name
of your port. The default rules expect the distribution file list
(DISTFILES) to be named
DISTNAMEEXTRACT_SUFX which, if
it is a normal tarball, is going to be something like
foozolix-1.0.tar.gz for a setting of
DISTNAME=foozolix-1.0.The default rules also expect the tarball(s) to extract into a
subdirectory called
work/DISTNAME, e.g.
work/foozolix-1.0/.All this behavior can be overridden, of course; it simply
represents the most common time-saving defaults. For a port
requiring multiple distribution files, simply set
DISTFILES explicitly. If only a subset of
DISTFILES are actual extractable archives, then
set them up in EXTRACT_ONLY, which will override
the DISTFILES list when it comes to extraction,
and the rest will be just left in DISTDIR for
later use.PKGNAMEIf DISTNAME does not conform to our guidelines for a good package
name, you should set the PKGNAME
variable to something better. See the abovementioned guidelines for
more details.CATEGORIESWhen a package is created, it is put under
/usr/ports/packages/All and links are made from
one or more subdirectories of
/usr/ports/packages. The names of these
subdirectories are specified by the variable
CATEGORIES. It is intended to make life easier
for the user when he is wading through the pile of packages on the
ftp site or the CD-ROM. Please take a look at the existing categories and pick the ones
that are suitable for your port.This list also determines where in the ports tree the port is
imported. If you put more than one category here, it is assumed
that the port files will be put in the subdirectory with the name in
the first category. See the categories section for more
discussion about how to pick the right categories.If you port truly belongs to something that is different from
all the existing ones, you can even create a new category name. In
that case, please send mail to the &a.ports; to propose a new
category.There is no error checking for category names. make
package will happily create a new directory if you
mustype the category name, so be careful!MASTER_SITESRecord the directory part of the ftp/http-URL pointing at the
original tarball in MASTER_SITES. Do not forget
the trailing slash (/)!The make macros will try to use this
specification for grabbing the distribution file with
FETCH if they cannot find it already on the
system.It is recommended that you put multiple sites on this list,
preferably from different continents. This will safeguard against
wide-area network problems, and we are even planning to add support
for automatically determining the closest master site and fetching
from there!If the original tarball is part of one of the following popular
archives: X-contrib, GNU, Perl CPAN, TeX CTAN, or Linux Sunsite, you
refer to those sites in an easy compact form using
MASTER_SITE_XCONTRIB,
MASTER_SITE_GNU,
MASTER_SITE_PERL_CPAN,
MASTER_SITE_TEX_CTAN, and
MASTER_SITE_SUNSITE. Simply set
MASTER_SITE_SUBDIR to the path with in the
archive. Here is an example:
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applicationsThe user can also set the MASTER_SITE_*
variables in /etc/make.conf to override our
choices, and use their favorite mirrors of these popular archives
instead.PATCHFILESIf your port requires some additional patches that are available
by ftp or http, set PATCHFILES to the names of
the files and PATCH_SITES to the URL of the
directory that contains them (the format is the same as
MASTER_SITES).If the patch is not relative to the top of the source tree
(i.e., WKRSRC) because it contains some extra
pathnames, set PATCH_DIST_STRIP accordingly. For
instance, if all the pathnames in the patch have an extra
foozolix-1.0/ in front of the filenames, then set
PATCH_DIST_STRIP=-p1.Do not worry if the patches are compressed, they will be
decompressed automatically if the filenames end with
.gz or .Z.If the patch is distributed with some other files, such as
documentation, in a gzip'd tarball, you cannot just use
PATCHFILES. If that is the case, add the name
and the location of the patch tarball to
DISTFILES and MASTER_SITES.
Then, from the pre-patch target, apply the
patch either by running the patch command from there, or copying the
patch file into the PATCHDIR directory and
calling it
patch-xx.Note the tarball will have been extracted alongside the
regular source by then, so there is no need to explicitly extract
it if it is a regular gzip'd or compress'd tarball. If you do the
latter, take extra care not to overwrite something that already
exists in that directory. Also do not forget to add a command to
remove the copied patch in the pre-clean
target.MAINTAINERSet your mail-address here. Please. :)For detailed description of the responsibility of maintainers,
refer to MAINTAINER on
Makefiles section.DependenciesMany ports depend on other ports. There are five variables that
you can use to ensure that all the required bits will be on the
user's machine. There are also some pre-supported dependency
variables for common cases, plus a few more to control the behaviour
of dependencies.LIB_DEPENDSThis variable specifies the shared libraries this port depends
on. It is a list of
lib:dir:target
tuples where lib is the name of the
shared library, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. For example, LIB_DEPENDS=
jpeg.9:${PORTSDIR}/graphics/jpeg:install
will check for a shared jpeg library with major version 9, and
descend into the graphics/jpeg subdirectory
of your ports tree to build and install it if it is not found.
The target part can be omitted if it is
equal to DEPENDS_TARGET (which defaults to
install).The lib part is an argument given
to ldconfig -r | grep -wF. There shall be no
reqular expressions in this variable.The dependency is checked twice, once from within the
extract target and then from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system.RUN_DEPENDSThis variable specifies executables or files this port depends
on during run-time. It is a list of
path:dir:target
tuples where path is the name of the
executable or file, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. If path starts with a slash
(/), it is treated as a file and its existence
is tested with test -e; otherwise, it is
assumed to be an executable, and which -s is
used to determine if the program exists in the user's search
path.For example,
RUN_DEPENDS= ${PREFIX}/etc/innd:${PORTSDIR}/news/inn \
wish8.0:${PORTSDIR}/x11-toolkits/tk80will check if the file or directory
/usr/local/etc/innd exists, and build and
install it from the news/inn subdirectory of
the ports tree if it is not found. It will also see if an
executable called wish8.0 is in your search
path, and descend into the x11-toolkits/tk80
subdirectory of your ports tree to build and install it if it is
not found.In this case, innd is actually an
executable; if an executable is in a place that is not expected
to be in a normal user's search path, you should use the full
pathname.The dependency is checked from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system. The target
part can be omitted if it is the same
DEPENDS_TARGET.BUILD_DEPENDSThis variable specifies executables or files this port
requires to build. Like RUN_DEPENDS, it is a
list of
path:dir:target
tuples. For example, BUILD_DEPENDS=
unzip:${PORTSDIR}/archivers/unzip will check
for an executable called unzip, and descend
into the archivers/unzip subdirectory of your
ports tree to build and install it if it is not found.“build” here means everything from extracting to
compilation. The dependency is checked from within the
extract target. The
target part can be omitted if it is
the same as DEPENDS_TARGETFETCH_DEPENDSThis variable specifies executables or files this port
requires to fetch. Like the previous two, it is a list of
path:dir:target
tuples. For example, FETCH_DEPENDS=
ncftp2:${PORTSDIR}/net/ncftp2 will check for an
executable called ncftp2, and descend into the
net/ncftp2 subdirectory of your ports tree to
build and install it if it is not found.The dependency is checked from within the
fetch target. The
target part can be omitted if it is the
same as DEPENDS_TARGET.DEPENDSIf there is a dependency that does not fall into either of the
above four categories, or your port requires to have the source of
the other port extracted in addition to having them installed,
then use this variable. This is a list of
dir:target,
as there is nothing to check, unlike the previous four. The
target part can be omitted if it is the
same as DEPENDS_TARGET.Common dependency variablesDefine USE_XLIB=yes if your port requires
the X Window System to be installed (it is implied by
USE_IMAKE). Define
USE_GMAKE=yes if your port requires GNU
make instead of BSD make.
Define USE_AUTOCONF=yes if your port requires
GNU autoconf to be run. Define USE_QT=yes if
your port uses the latest qt toolkit. Use
USE_PERL5=yes if your port requires version 5
of the perl language. (The last is especially important since
some versions of FreeBSD has perl5 as part of the base system
while others do not.)Notes on dependenciesAs mentioned above, the default target to call when a
dependency is required is DEPENDS_TARGET.
It defaults to install. This is a user
variable; is is never defined in a port's
Makefile. If your port needs a special way
to handle a dependency, use the :target part of
the *_DEPENDS variables instead of redefining
DEPENDS_TARGET.When you type make clean, its dependencies
are automatically cleaned too. If you do not wish this to happen,
define the variable NOCLEANDEPENDS in your
environment.To depend on another port unconditionally, it is customary to
use the string nonexistent as the first field
of BUILD_DEPENDS or
RUN_DEPENDS. Use this only when you need to
the to get to the source of the other port. You can often save
compilation time by specifying the target too. For
instance
BUILD_DEPENDS= /nonexistent:${PORTSDIR}/graphics/jpeg:extract
will always descend to the JPEG port and extract it.Do not use DEPENDS unless there is no other
way the behaviour you want can be accomplished. It will cause the
other port to be always build (and installed, by default), and the
dependency will go into the packages as well. If this is really
what you need, I recommend you write it as
BUILD_DEPENDS and
RUN_DEPENDS instead—at least the
intention will be clear.Building mechanismsIf your package uses GNU make, set
USE_GMAKE=yes. If your package uses
configure, set
HAS_CONFIGURE=yes. If your package uses GNU
configure, set
GNU_CONFIGURE=yes (this implies
HAS_CONFIGURE). If you want to give some extra
arguments to configure (the default argument list
--prefix=${PREFIX} for GNU
configure and empty for non-GNU
configure), set those extra arguments in
CONFIGURE_ARGS. If your package uses GNU
autoconf, set
USE_AUTOCONF=yes. This implies
GNU_CONFIGURE, and will cause
autoconf to be run before
configure.If your package is an X application that creates
Makefiles from Imakefiles
using imake, then set
USE_IMAKE=yes. This will cause the configure
stage to automatically do an xmkmf -a. If the
flag is a problem for your port, set
XMKMF=xmkmf. If the port uses
imake but does not understand the
install.man target,
NO_INSTALL_MANPAGES=yes should be set. In
addition, the author of the original port should be shot. :>If your port's source Makefile has
something else than all as the main build
target, set ALL_TARGET accordingly. Same goes
for install and
INSTALL_TARGET.Special considerationsThere are some more things you have to take into account when you
create a port. This section explains the most common of those.ldconfigIf your port installs a shared library, add a
post-install target to your
Makefile that runs ${LDCONFIG}
-m on the directory where the new library is installed
(usually PREFIX/lib) to
register it into the shared library cache.Also, add a matching @exec /sbin/ldconfig -m
and @unexec /sbin/ldconfig -R pair to your
pkg/PLIST file so that a user who installed the
package can start using the shared library immediately and
deinstallation will not cause the system to still believe the
library is there. These lines should immediately follow the line
for the shared library itself, as in:
lib/libtvl80.so.1
@exec /sbin/ldconfig -m %D/lib
@unexec /sbin/ldconfig -RNever, ever, ever add a line that says
ldconfig without any arguments to your
Makefile or pkg/PLIST.
This will reset the shared library cache to the contents of
/usr/lib only, and will royally screw up the
user's machine ("Help, xinit does not run anymore after I install
this port!"). Anybody who does this will be shot and cut in 65,536
pieces by a rusty knife and have is liver chopped out by a bunch of
crows and will eternally rot to death in the deepest bowels of hell
(not necessarily in that order…)ELF supportSince FreeBSD is moving to ELF shortly after 3.0-RELEASE, we need
to convert many ports that build shared libraries to support ELF.
Complicating this task is that a 3.0 system can run as both ELF and
a.out, and we wish to unofficially support the 2.2 as long as
possible. Below are the guidelines on how to convert a.out only ports
to support both a.out and ELF compilation.Some part of this list is only applicable during the conversion,
but will be left here for awhile for reference in case you have come
across some old port you wish to upgrade.Moving a.out libraries out of the wayA.out libraries should be moved out of
/usr/local/lib and similar to an
aout subdirectory. (If you do not move them out
of the way, ELF ports will happily overwrite a.out libraries.) The
move-aout-libs target in the 3.0-CURRENT
src/Makefile (called from
aout-to-elf) will do this for you. It will
only move a.out libs so it is safe to call it on a system with both
ELF and a.out libs in the standard directories.FormatThe ports tree will build packages in the format the machine is
in. This means a.out for 2.2 and a.out or ELF for 3.0 depending on
what `objformat` returns. Also, once users move
a.out libraries to a subdirectory, building a.out libraries will be
unsupported. (I.e., it may still work if you know what you are
doing, but you are on your own.)If a port only works for a.out, set
BROKEN_ELF to a string describing the reason
why. Such ports will be skipped during a build on an ELF
system.PORTOBJFORMATbsd.port.mk will set
PORTOBJFORMAT to aout or
elf and export it in the environments
CONFIGURE_ENV, SCRIPTS_ENV and
MAKE_ENV. (It's always going to be
aout in 2.2-STABLE). It is also passed to
PLIST_SUB as
PORTOBJFORMAT=${PORTOBJFORMAT}. (See comment on
ldconfig lines below.)The variable is set using this line in
bsd.port.mk:
PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aoutPorts' make processes should use this variable to decide what to
do. However, if the port's configure script
already automatically detects an ELF system, it is not necessary to
refer to PORTOBJFORMAT.Building shared librariesThe following are differences in handling shared libraries for
a.out and ELF.Shared library versionsAn ELF shared library should be called
libfoo.so.M
where M is the single version number,
and an a.out library should be called
libfoo.so.M.N
where M is the major version and
N is the the minor version number.
Do not mix those; never install an ELF
shared library called
libfoo.so.N.M
or an a.out shared library (or symlink) called
libfoo.so.N.Linker command linesAssuming cc -shared is used rather than
ld directly, the only difference is that you
need to add
on the command line for ELF.You need to install a symlink from
libfoo.so to
libfoo.so.N to make
ELF linkers happy. Since it should be listed in
PLIST too, and it won't hurt in the a.out case
(some ports even require the link for dynamic loading), you should
just make this link regardless of the setting of
PORTOBJFORMAT.LIB_DEPENDSAll port Makefiles are edited to remove minor numbers from
LIB_DEPENDS, and also to have the regexp support
removed. (E.g., foo\\.1\\.\\(33|40\\) becomes
foo.2.) They will be matched using grep
-wF.PLISTPLIST should contain the short (ELF) shlib
names if the a.out minor number is zero, and the long (a.out) names
otherwise. bsd.port.mk will automatically add
.0 to the end of short shlib lines if
PORTOBJFORMAT equals aout, and
will delete the minor number from long shlib names if
PORTOBJFORMAT equals
elf.In cases where you really need to install shlibs with two
versions on an ELF system or those with one version on an a.out
system (for instance, ports that install compatibility libraries for
other operating systems), define the variable
NO_FILTER_SHLIBS. This will turn off the editing
of PLIST mentioned in the previous
paragraph.ldconfigThe ldconfig line in Makefiles should
read:
${SETENV} OBJFORMAT=${PORTOBJFORMAT} ${LDCONFIG} -m ....In PLIST it should read;
@exec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -m ...
@unexec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -RThis is to ensure that the correct ldconfig
will be called depending on the format of the package, not the
default format of the system.MASTERDIRIf your port needs to build slightly different versions of
packages by having a variable (for instance, resolution, or paper
size) take different values, create one subdirectory per package to
make it easier forusers to see what to do, but try to share as many
files as possible between ports. Typically you only need a very short
Makefile in all but one of the directories if you
use variables cleverly. In the sole Makefiles,
you can use MASTERDIR to specify the directory
where the rest of the files are. Also, use a variable as part of
PKGNAME so
the packages will have different names.This will be best demonstrated by an example. This is part of
japanese/xdvi300/Makefile;
PKGNAME= ja-xdvi${RESOLUTION}-17
:
# default
RESOLUTION?= 300
.if ${RESOLUTION} != 118 && ${RESOLUTION} != 240 && \
${RESOLUTION} != 300 && ${RESOLUTION} != 400
@${ECHO} "Error: invalid value for RESOLUTION: \"${RESOLUTION}\""
@${ECHO} "Possible values are: 118, 240, 300 (default) and 400."
@${FALSE}
.endifjapanese/xdvi300 also has all the regular
patches, package files, etc. If you type make
there, it will take the default value for the resolution (300) and
build the port normally.As for other resolutions, this is the entirexdvi118/Makefile;
RESOLUTION= 118
MASTERDIR= ${.CURDIR}/../xdvi300
.include ${MASTERDIR}/Makefile(xdvi240/Makefile and
xdvi400/Makefile are similar). The
MASTERDIR definition tells
bsd.port.mk that the refulat set of
subdirectories like PATCHDIR and
PKGDIR are to be found under
xdvi300. The RESOLUTION=118
line will override the RESOLUTION=300 line in
xdvi300/Makefile and the port will be built with
resolution set to 118.Shared library versionsFirst, please read our policy on
shared library versioning to understand what to do with
shared library versions in general. Do not blindly assume software
authors know what they are doing; many of them do not. It is very
important that these details are carefully considered, as we have
quite a unique situation where we are trying to have dozens of
potentially incompatible software pairs co-exist. Careless port
imports have caused great trouble regarding shared libraries in the
past (ever wondered why the port jpeg-6b has a
shared library version of 9.0?). If in doubt, send a message to the
&a.ports;. Most of the time, your job ends by determining the right
shared library version and making appropriate patches to implement
it.However, if there is a port which is a different version of the
same software already in the tree, the situation is much more complex.
In short, the FreeBSD implementation does not allow the user to
specify to the linker which version of shared library to link against
(the linker will always pick the highest numbered version). This
means, if there is a libfoo.so.3.2 and
libfoo.so.4.0 in the system, there is no way to
tell the linker to link a particular application to
libfoo.so.3.2. It is essentially completely
overshadowed in terms of compilation-time linkage. In this case, the
only solution is to rename the base part of the
shared library. For instance, change
libfoo.so.4.0 to
libfoo4.so.1.0 so both version 3.2 and 4.0 can be
linked from other ports.ManpagesThe MAN[1-9LN] variables will automatically add
any manpages to pkg/PLIST (this means you must
not list manpages in the
PLIST—see generating PLIST for more). It also
makes the install stage automatically compress or uncompress manpages
depending on the setting of NOMANCOMPRESS in
/etc/make.conf.To specify whether the manpages are compressed upon installation,
use the MANCOMPRESSED variable. This variable can
take three values, yes, no and
maybe. yes means manpages are
already installed compressed, no means they are
not, and maybe means the software already respects
the value of NOMANCOMPRESS so
bsd.port.mk does not have to do anything
special.MANCOMPRESSED is automatically set to
yes if USE_IMAKE is set and
NO_INSTALL_MANPAGES is not set, and to
no otherwise. You do not have to explicitly define
it unless the default is not suitable for your port.If your port anchors its man tree somewhere other than
PREFIX, you can use the
MANPREFIX to set it. Also, if only manpages in
certain sections go in a non-standard place, such as some Perl modules
ports, you can set individual man paths using
MANsectPREFIX (where
sect is one of 1-9,
L or N).If your manpages go to language-specific subdirectories, set the
name of the languages to MANLANG. The value of
this variable defaults to "" (i.e., English
only).Here is an example that puts it all together.
MAN1= foo.1
MAN3= bar.3
MAN4= baz.4
MANLANG= "" ja
MAN3PREFIX= ${PREFIX}/share/foobar
MANCOMPRESSED= yesThis states that six files are installed by this port;
${PREFIX}/man/man1/foo.1.gz
${PREFIX}/man/ja/man1/foo.1.gz
${PREFIX}/share/foobar/man/man3/bar.3.gz
${PREFIX}/share/foobar/man/ja/man3/bar.3.gz
${PREFIX}/man/man4/baz.4.gz
${PREFIX}/man/ja/man4/baz.4.gzPorts that require MotifThere are many programs that require a Motif library (available
from several commercial vendors, while there is a free clone reported
to be able to run many applications in
x11-toolkits/lesstif) to compile. Since it is a
popular toolkit and their licenses usually permit redistribution of
statically linked binaries, we have made special provisions for
handling ports that require Motif in a way that we can easily compile
binaries linked either dynamically (for people who are compiling from
the port) or statically (for people who distribute packages).REQUIRES_MOTIFIf your port requires Motif, define this variable in the
Makefile. This will prevent people who do not own a copy of Motif
from even attempting to build it.MOTIFLIBThis variable will be set by bsd.port.mk to
be the appropriate reference to the Motif library. Please patch the
source to use this wherever the Motif library is referenced in the
Makefile or
Imakefile.There are two common cases:If the port refers to the Motif library as
-lXm in its Makefile or
Imakefile, simply substitute
${MOTIFLIB} for it.If the port uses XmClientLibs in its
Imakefile, change it to
${MOTIFLIB} ${XTOOLLIB}
${XLIB}.Note that MOTIFLIB (usually) expands to
-L/usr/X11R6/lib -lXm or
/usr/X11R6/lib/libXm.a, so there is no need to
add -L or -l in front.X11 fontsIf your port installs fonts for the X Window system, put them in
X11BASE/lib/X11/fonts/local.
This directory is new to XFree86 release 3.3.3. If it does not exist,
please create it, and print out a message urging the user to update
their XFree86 to 3.3.3 or newer, or at least add this directory to the
font path in /etc/XF86Config.Info filesThe new version of texinfo (included in 2.2.2-RELEASE and onwards)
contains a utility called install-info to add and
delete entries to the dir file. If your port
installs any info documents, please follow this instructions so your
port/package will correctly update the user's
PREFIX/info/dir file. (Sorry
for the length of this section, but is it imperative to weave all the
info files together. If done correctly, it will produce a
beautiful listing, so please bear with me!First, this is what you (as a porter) need to know&prompt.user; install-info --help
install-info [OPTION]... [INFO-FILE [DIR-FILE]]
Install INFO-FILE in the Info directory file DIR-FILE.
Options:
--delete Delete existing entries in INFO-FILE;
don't insert any new entries.
:
--entry=TEXT Insert TEXT as an Info directory entry.
:
--section=SEC Put this file's entries in section SEC of the directory. :This program will not actually install info
files; it merely inserts or deletes entries in the
dir file.Here's a seven-step procedure to convert ports to use
install-info. I will use
editors/emacs as an example.Look at the texinfo sources and make a patch to insert
@dircategory and @direntry
statements to files that do not have them. This is part of my
patch:
--- ./man/vip.texi.org Fri Jun 16 15:31:11 1995
+++ ./man/vip.texi Tue May 20 01:28:33 1997
@@ -2,6 +2,10 @@
@setfilename ../info/vip
@settitle VIP
+@dircategory The Emacs editor and associated tools
+@direntry
+* VIP: (vip). A VI-emulation for Emacs.
+@end direntry
@iftex
@finalout
:The format should be self-explanatory. Many authors leave a
dir file in the source tree that contains all
the entries you need, so look around before you try to write your
own. Also, make sure you look into related ports and make the
section names and entry indentations consistent (we recommend that
all entry text start at the 4th tab stop).Note that you can put only one info entry per file because
of a bug in install-info --delete that
deletes only the first entry if you specify multiple entries in
the @direntry section.You can give the dir entries to
install-info as arguments
( and ) instead
of patching the texinfo sources. I do not think this is a good
idea for ports because you need to duplicate the same information
in three places
(Makefile and
@exec/@unexec of
PLIST; see below). However, if you have a
Japanese (or other multibyte encoding) info files, you will have
to use the extra arguments to install-info
because makeinfo cannot handle those texinfo
sources. (See Makefile and
PLIST of japanese/skk
for examples on how to do this).Go back to the port directory and do a make clean;
make and verify that the info files are regenerated
from the texinfo sources. Since the texinfo sources are newer than
the info files, they should be rebuilt when you type
make; but many Makefiles
do not include correct dependencies for info files. In
emacs' case, I had to patch the main
Makefile.in so it will descend into the
man subdirectory to rebuild the info
pages.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Tue Apr 15 00:15:28 1997
@@ -184,7 +184,7 @@
# Subdirectories to make recursively. `lisp' is not included
# because the compiled lisp files are part of the distribution
# and you cannot remake them without installing Emacs first.
-SUBDIR = lib-src src
+SUBDIR = lib-src src man
# The makefiles of the directories in $SUBDIR.
SUBDIR_MAKEFILES = lib-src/Makefile man/Makefile src/Makefile oldXMenu/Makefile lwlib/Makefile
--- ./man/Makefile.in.org Thu Jun 27 15:27:19 1996
+++ ./man/Makefile.in Tue Apr 15 00:29:52 1997
@@ -66,6 +66,7 @@
${srcdir}/gnu1.texi \
${srcdir}/glossary.texi
+all: info
info: $(INFO_TARGETS)
dvi: $(DVI_TARGETS)The second hunk was necessary because the default target in
the man subdir is called
info, while the main
Makefile wants to call
all. I also deleted the installation of
the info info file because we already have
one with the same name in /usr/share/info
(that patch is not shown here).If there is a place in the Makefile that
is installing the dir file, delete it. Your
port may not be doing it. Also, remove any commands that are
otherwise mucking around with the dir
file.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Mon Apr 14 23:38:07 1997
@@ -368,14 +368,8 @@
if [ `(cd ${srcdir}/info && /bin/pwd)` != `(cd ${infodir} && /bin/pwd)` ]; \
then \
(cd ${infodir}; \
- if [ -f dir ]; then \
- if [ ! -f dir.old ]; then mv -f dir dir.old; \
- else mv -f dir dir.bak; fi; \
- fi; \
cd ${srcdir}/info ; \
- (cd $${thisdir}; ${INSTALL_DATA} ${srcdir}/info/dir ${infodir}/dir); \
- (cd $${thisdir}; chmod a+r ${infodir}/dir); \
for f in ccmode* cl* dired-x* ediff* emacs* forms* gnus* info* message* mh-e* sc* vip*; do \
(cd $${thisdir}; \
${INSTALL_DATA} ${srcdir}/info/$$f ${infodir}/$$f; \
chmod a+r ${infodir}/$$f); \(This step is only necessary if you are modifying an existing
port.) Take a look at pkg/PLIST and delete
anything that is trying to patch up info/dir.
They may be in pkg/INSTALL or some other
file, so search extensively.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/04/15 06:32:12
@@ -15,9 +15,6 @@
man/man1/emacs.1.gz
man/man1/etags.1.gz
man/man1/ctags.1.gz
-@unexec cp %D/info/dir %D/info/dir.bak
-info/dir
-@unexec cp %D/info/dir.bak %D/info/dir
info/cl
info/cl-1
info/cl-2Add a post-install target to the
Makefile to create a dir
file if it is not there. Also, call
install-info with the installed info
files.
Index: Makefile
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/Makefile,v
retrieving revision 1.26
diff -u -r1.26 Makefile
--- Makefile 1996/11/19 13:14:40 1.26
+++ Makefile 1997/05/20 10:25:09 1.28
@@ -20,5 +20,11 @@
post-install:
.for file in emacs-19.34 emacsclient etags ctags b2m
strip ${PREFIX}/bin/${file}
.endfor
+ if [ ! -f ${PREFIX}/info/dir ]; then \
+ ${SED} -ne '1,/Menu:/p' /usr/share/info/dir > ${PREFIX}/info/dir; \
+ fi
+.for info in emacs vip viper forms gnus mh-e cl sc dired-x ediff ccmode
+ install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir
+.endfor
.include <bsd.port.mk>Do not use anything other than
/usr/share/info/dir and the above command to
create a new info file. In fact, I would add the first three lines
of the above patch to bsd.port.mk if you (the
porter) would not have to do it in PLIST by
yourself anyway.Edit PLIST and add equivalent
@exec statements and also
@unexec for pkg_delete. You
do not need to delete info/dir with
@unexec.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/05/20 10:25:12 1.17
@@ -16,7 +14,15 @@
man/man1/etags.1.gz
man/man1/ctags.1.gz
+@unexec install-info --delete %D/info/emacs %D/info/dir
:
+@unexec install-info --delete %D/info/ccmode %D/info/dir
info/cl
info/cl-1
@@ -87,6 +94,18 @@
info/viper-3
info/viper-4
+@exec [ -f %D/info/dir ] || sed -ne '1,/Menu:/p' /usr/share/info/dir > %D/info/dir
+@exec install-info %D/info/emacs %D/info/dir
:
+@exec install-info %D/info/ccmode %D/info/dir
libexec/emacs/19.34/i386--freebsd/cvtmail
libexec/emacs/19.34/i386--freebsd/digest-docThe @unexec install-info --delete
commands have to be listed before the info files themselves so
they can read the files. Also, the @exec
install-info commands have to be after the info
files and the @exec command that creates the
the dir file.Test and admire your
work. :). Check the
dir file before and after each step.The pkg/ subdirectoryThere are some tricks we have not mentioned yet about the
pkg/ subdirectory that come in handy
sometimes.MESSAGEIf you need to display a message to the installer, you may place
the message in pkg/MESSAGE. This capability is
often useful to display additional installation steps to be taken
after a pkg_add or to display licensing
information.The pkg/MESSAGE file does not need to be
added to pkg/PLIST. Also, it will not get
automatically printed if the user is using the port, not the
package, so you should probably display it from the
post-install target yourself.INSTALLIf your port needs to execute commands when the binary package
is installed with pkg_add you can do this via the
pkg/INSTALL script. This script will
automatically be added to the package, and will be run twice by
pkg_add. The first time will as INSTALL
${PKGNAME} PRE-INSTALL and the second time as
INSTALL ${PKGNAME} POST-INSTALL.
$2 can be tested to determine which mode
the script is being run in. The PKG_PREFIX
environmental variable will be set to the package installation
directory. See &man.pkg.add.1; for
additional information.This script is not run automatically if you install the port
with make install. If you are depending on it
being run, you will have to explicitly call it from your port's
Makefile.REQIf your port needs to determine if it should install or not, you
can create a pkg/REQ “requirements”
script. It will be invoked automatically at
installation/deinstallation time to determine whether or not
installation/deinstallation should proceed.Changing PLIST based on make
variablesSome ports, particularly the p5- ports, need to change their
PLIST depending on what options they are
configured with (or version of perl, in the case of p5- ports). To
make this easy, any instances in the PLIST of
%%OSREL%%, %%PERL_VER%%, and
%%PERL_VERSION%% will be substituted for
appropriately. The value of %%OSREL%% is the
numeric revision of the operating system (e.g.,
2.2.7). %%PERL_VERSION%% is
the full version number of perl (e.g., 5.00502)
and %%PERL_VER%% is the perl version number minus
the patchlevel (e.g., 5.005).If you need to make other substitutions, you can set the
PLIST_SUB variable with a list of
VAR=VALUE
pairs and instances of
%%VAR%%' will be
substituted with VALUE in the
PLIST.For instance, if you have a port that installs many files in a
version-specific subdirectory, you can put something like
OCTAVE_VERSION= 2.0.13
PLIST_SUB= OCTAVE_VERSION=${OCTAVE_VERSION}
in the Makefile and use
%%OCTAVE_VERSION%% wherever the version shows up
in PLIST. That way, when you upgrade the port,
you will not have to change dozens (or in some cases, hundreds) of
lines in the PLIST.This substitution (as well as addition of any man pages) will be done between
the do-install and
post-install targets, by reading from
PLIST and writing to TMPPLIST
(default:
WRKDIR/.PLIST.mktmp). So if
your port builds PLIST on the fly, do so in or
before do-install. Also, if your port
needs to edit the resulting file, do so in
post-install to a file named
TMPPLIST.Changing the names of files in the
pkg subdirectoryAll the filenames in the pkg subdirectory
are defined using variables so you can change them in your
Makefile if need be. This is especially useful
when you are sharing the same pkg subdirectory
among several ports or have to write to one of the above files (see
writing to places other than
WRKDIR for why it is a bad idea to write
directly in to the pkg subdirectory.Here is a list of variable names and their default
values.VariableDefault valueCOMMENT${PKGDIR}/DESCRDESCR${PKGDIR}/DESCRPLIST${PKGDIR}/PLISTPKGINSTALL${PKGDIR}/PKGINSTALLPKGDEINSTALL${PKGDIR}/PKGDEINSTALLPKGREQ${PKGDIR}/REQPKGMESSAGE${PKGDIR}/MESSAGEPlease change these variables rather than overriding
PKG_ARGS. If you change
PKG_ARGS, those files will not correctly be
installed in /var/db/pkg upon install from a
port.Licensing ProblemsSome software packages have restrictive licenses or can be in
violation to the law (PKP's patent on public key crypto, ITAR (export
of crypto software) to name just two of them). What we can do with
them varies a lot, depending on the exact wordings of the respective
licenses.It is your responsibility as a porter to read the licensing
terms of the software and make sure that the FreeBSD project will
not be held accountable of violating them by redistributing the
source or compiled binaries either via ftp or CD-ROM. If in doubt,
please contact the &a.ports;.There are two variables you can set in the Makefile to handle the
situations that arise frequently:If the port has a “do not sell for profit” type of
license, set the variable NO_CDROM to a string
describing the reason why. We will make sure such ports will not go
into the CD-ROM come release time. The distfile and package will
still be available via ftp.If the resulting package needs to be built uniquely for each
site, or the resulting binary package cannot be distributed due to
licensing; set the variable NO_PACKAGE to a
string describing the reason why. We will make sure such packages
will not go on the ftp site, nor into the CD-ROM come release time.
The distfile will still be included on both however.If the port has legal restrictions on who can use it (e.g.,
crypto stuff) or has a “no commercial use” license,
set the variable RESTRICTED to be the string
describing the reason why. For such ports, the distfiles/packages
will not be available even from our ftp sites.The GNU General Public License (GPL), both version 1 and 2,
should not be a problem for ports.If you are a committer, make sure you update the
ports/LEGAL file too.UpgradingWhen you notice that a port is out of date compared to the latest
version from the original authors, first make sure you have the latest
port. You can find them in the
ports/ports-current directory of the ftp mirror
sites.The next step is to send a mail to the maintainer, if one is
listed in the port's Makefile. That person may
already be working on an upgrade, or have a reason to not upgrade the
port right now (because of, for example, stability problems of the new
version).If the maintainer asks you to do the upgrade or there is not any
such person to begin with, please make the upgrade and send the
recursive diff (either unified or context diff is fine, but port
committers appear to prefer unified diff more) of the new and old
ports directories to us (e.g., if your modified port directory is
called superedit and the original as in our tree
is superedit.bak, then send us the result of
diff -ruN superedit.bak superedit). Please examine
the output to make sure all the changes make sense. The best way to
send us the diff is by including it to &man.send-pr.1; (category
ports). Please mention any added or deleted files
in the message, as they have to be explicitly specified to CVS when
doing a commit. If the diff is more than about 20KB, please compress
and uuencode it; otherwise, just include it in as is in the PR.Once again, please use &man.diff.1; and not &man.shar.1; to send
updates to existing ports.Do's and Dont'sHere is a list of common do's and dont's that you encounter during
the porting process.You should check your own port against this list,
but you can also check ports in the PR database that others have
submitted. Submit any comments on ports you check as described in
Bug Reports and General
Commentary. Checking ports in the PR database will both make
it faster for us to commit them, and prove that you know what you are
doing.Strip BinariesDo strip binaries. If the original source already strips the
binaries, fine; otherwise you should add a
post-install rule to to it yourself. Here is an
example;
post-install:
strip ${PREFIX}/bin/xdlUse the &man.file.1; command on the installed executable to
check whether the binary is stripped or not. If it does not say
not stripped, it is stripped.INSTALL_* macrosDo use the macros provided in bsd.port.mk
to ensure correct modes and ownership of files in your own
*-install targets. They are:INSTALL_PROGRAM is a command to install
binary executables.INSTALL_SCRIPT is a command to install
executable scripts.INSTALL_DATA is a command to install
sharable data.INSTALL_MAN is a command to install
manpages and other documentation (it does not compress
anything).These are basically the install command with
all the appropriate flags. See below for an example on how to use
them.WRKDIRDo not write anything to files outside
WRKDIR. WRKDIR is the only
place that is guaranteed to be writable during the port build (see
compiling ports from CDROM for an
example of building ports from a read-only tree). If you need to
modigy some file in PKGDIR, do so by redefining a variable, not by
writing over it.WRKDIRPREFIXMake sure your port honors WRKDIRPREFIX.
Most ports do not have to worry about this. In particular, if you
are referring to a WRKDIR of another port, note
that the correct location is
WRKDIRPREFIXPORTSDIR/subdir/name/work not PORTSDIR/subdir/name/work or .CURDIR/../../subdir/name/work or some such.Also, if you are defining WRKDIR yourself,
make sure you prepend
${WKRDIRPREFIX}${.CURDIR} in the
front.Differentiating operating systems and OS versionsYou may come across code that needs modifications or conditional
compilation based upon what version of UNIX it is running under. If
you need to make such changes to the code for conditional
compilation, make sure you make the changes as general as possible
so that we can back-port code to FreeBSD 1.x systems and cross-port
to other BSD systems such as 4.4BSD from CSRG, BSD/386, 386BSD,
NetBSD, and OpenBSD.The preferred way to tell 4.3BSD/Reno (1990) and newer versions
of the BSD code apart is by using the BSD macro
defined in <sys/param.h>. Hopefully that
file is already included; if not, add the code:
#if (defined(__unix__) || defined(unix)) && !defined(USG)
#include <sys/param.h>
#endifto the proper place in the .c file. We
believe that every system that defines these two symbols has
sys/param.h. If you find a system that
does not, we would like to know. Please send mail to the
&a.ports;.Another way is to use the GNU Autoconf style of doing
this:
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endifDo not forget to add -DHAVE_SYS_PARAM_H to the
CFLAGS in the Makefile for
this method.Once you have sys/param.h included, you may
use:
#if (defined(BSD) && (BSD >= 199103))to detect if the code is being compiled on a 4.3 Net2 code base
or newer (e.g. FreeBSD 1.x, 4.3/Reno, NetBSD 0.9, 386BSD, BSD/386
1.1 and below).Use:
#if (defined(BSD) && (BSD >= 199306))to detect if the code is being compiled on a 4.4 code base or
newer (e.g. FreeBSD 2.x, 4.4, NetBSD 1.0, BSD/386 2.0 or
above).The value of the BSD macro is
199506 for the 4.4BSD-Lite2 code base. This is
stated for informational purposes only. It should not be used to
distinguish between versions of FreeBSD based only on 4.4-Lite vs.
versions that have merged in changes from 4.4-Lite2. The
__FreeBSD__ macro should be used instead.Use sparingly:__FreeBSD__ is defined in all versions of
FreeBSD. Use it if the change you are making
only affects FreeBSD. Porting gotchas like
the use of sys_errlist[] vs
strerror() are Berkeleyisms, not FreeBSD
changes.In FreeBSD 2.x, __FreeBSD__ is defined to
be 2. In earlier versions, it is
1. Later versions will bump it to match
their major version number.If you need to tell the difference between a FreeBSD 1.x
system and a FreeBSD 2.x or 3.x system, usually the right answer
is to use the BSD macros described above. If
there actually is a FreeBSD specific change (such as special
shared library options when using ld) then it
is OK to use __FreeBSD__ and #if
__FreeBSD__ > 1 to detect a FreeBSD 2.x and later
system. If you need more granularity in detecting FreeBSD
systems since 2.0-RELEASE you can use the following:
#if __FreeBSD__ >= 2
#include <osreldate.h>
# if __FreeBSD_version >= 199504
/* 2.0.5+ release specific code here */
# endif
#endifRelease__FreeBSD_version2.0-RELEASE1194112.1-CURRENTs199501, 1995032.0.5-RELEASE1995042.2-CURRENT before 2.11995082.1.0-RELEASE1995112.2-CURRENT before 2.1.51995122.1.5-RELEASE1996072.2-CURRENT before 2.1.61996082.1.6-RELEASE1996122.1.7-RELEASE1996122.2-RELEASE2200002.2.1-RELEASE220000 (no change)2.2-STABLE after 2.2.1-RELEASE220000 (no change)2.2-STABLE after texinfo-3.92210012.2-STABLE after top2210022.2.2-RELEASE2220002.2-STABLE after 2.2.2-RELEASE2220012.2.5-RELEASE2250002.2-STABLE after 2.2.5-RELEASE2250012.2-STABLE after ldconfig -R merge2250022.2.6-RELEASE2260002.2.7-RELEASE2270002.2-STABLE after 2.2.7-RELEASE2270012.2-STABLE after semctl(2) change2270022.2.8-RELEASE2280002.2-STABLE after 2.2.8-RELEASE2280013.0-CURRENT before mount(2) change3000003.0-CURRENT after mount(2) change3000013.0-CURRENT after semctl(2) change3000023.0-CURRENT after ioctl arg changes3000033.0-CURRENT after ELF conversion3000043.0-RELEASE3000053.0-CURRENT after 3.0-RELEASE3000063.0-STABLE after 3/4 branch3000073.1-RELEASE3100003.1-STABLE after 3.1-RELEASE3100013.1-STABLE after C++ constructor/destructor order change3100023.2-STABLE3200014.0-CURRENT after 3/4 branch4000004.0-CURRENT after change in dynamic linker handling4000014.0-CURRENT after C++ constructor/destructor order change4000024.0-CURRENT after functioning dladdr(3)4000034.0-CURRENT after newbus4000044.0-CURRENT after suser(9) API change4000054.0-CURRENT after cdevsw registration change4000064.0-CURRENT after the addition of so_cred for socket level credentials4000074.0-CURRENT after the addition of a poll syscall wrapper to libc_r400008Note that 2.2-STABLE sometimes identifies itself as
“2.2.5-STABLE” after the 2.2.5-RELEASE. The pattern
used to be year followed by the month, but we decided to change it
to a more straightforward major/minor system starting from 2.2.
This is because the parallel development on several branches made
it infeasible to classify the releases simply by their real
release dates. If you are making a port now, you do not have to
worry about old -CURRENTs; they are listed here just for your
reference.In the hundreds of ports that have been done, there have only
been one or two cases where __FreeBSD__ should
have been used. Just because an earlier port screwed up and used it
in the wrong place does not mean you should do so too.Writing something after
bsd.port.mkDo not write anything after the .include
<bsd.port.mk> line. it usually can be avoided by
including bsd.port.pre.mk somewhere in the
middle of your Makefile and
bsd.port.post.mk at the end.You need to include either the
pre.mk/post.mk pair or
bsd.port.mk only; do not mix these two.bsd.port.pre.mk only defines a few
variables, which can be used in tests in the
Makefile, bsd.port.post.mk
defines the rest.Here are some important variables defined in
bsd.port.pre.mk (this is not the complete list,
please read bsd.port.mk for the complete
list).VariableDescriptionARCHThe architecture as returned by uname
-m (e.g., i386)OPSYSThe operating system type, as returned by
uname -s (e.g.,
FreeBSD)OSRELThe release version of the operating system (e.g.,
2.1.5 or
2.2.7)OSVERSIONThe numeric version of the operating system, same as
__FreeBSD_version.PORTOBJFORMATThe object format of the system
(aout or elfLOCALBASEThe base of the “local” tree (e.g.,
/usr/local/)X11BASEThe base of the “X11” tree (e.g.,
/usr/X11R6)PREFIXWhere the port installs itself (see more on
PREFIX).If you have to define the variables
USE_IMAKE, USE_X_PREFIX, or
MASTERDIR, do so before including
bsd.port.pre.mk.Here are some examples of things you can write after
bsd.port.pre.mk;
# no need to compile lang/perl5 if perl5 is already in system
.if ${OSVERSION} > 300003
BROKEN= perl is in system
.endif
# only one shlib version number for ELF
.if ${PORTOBJFORMAT} == "elf"
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}
.else
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}.${SHLIB_MINOR}
.endif
# software already makes link for ELF, but not for a.out
post-install:
.if ${PORTOBJFORMAT} == "aout"
${LN} -sf liblinpack.so.1.0 ${PREFIX}/lib/liblinpack.so
.endifInstall additional documentationIf your software has some documentation other than the standard
man and info pages that you think is useful for the user, install it
under PREFIX/share/doc.
This can be done, like the previous item, in the
post-install target.Create a new directory for your port. The directory name should
reflect what the port is. This usually means
PKGNAME minus the version part. However, if you
think the user might want different versions of the port to be
installed at the same time, you can use the whole
PKGNAME.Make the installation dependent to the variable
NOPORTDOCS so that users can disable it in
/etc/make.conf, like this:
post-install:
.if !defined(NOPORTDOCS)
${MKDIR}${PREFIX}/share/doc/xv
${INSTALL_MAN} ${WRKSRC}/docs/xvdocs.ps ${PREFIX}/share/doc/xv
.endifDo not forget to add them to pkg/PLIST too!
(Do not worry about NOPORTDOCS here; there is
currently no way for the packages to read variables from
/etc/make.conf.)Also you can use the pkg/MESSAGE file to
display messages upon installation. See the using
pkg/MESSAGE section for
details.MESSAGE does not need to be added to
pkg/PLIST).DIST_SUBDIRDo not let your port clutter
/usr/ports/distfiles. If your port requires a
lot of files to be fetched, or contains a file that has a name that
might conflict with other ports (e.g.,
Makefile), set DIST_SUBDIR
to the name of the port (PKGNAME without the
version part should work fine). This will change
DISTDIR from the default
/usr/ports/distfiles to
/usr/ports/distfiles/DIST_SUBDIR,
and in effect puts everything that is required for your port into
that subdirectory.It will also look at the subdirectory with the same name on the
- backup master site at ftp.freebsd.org.
+ backup master site at ftp.FreeBSD.org.
(Setting DISTDIR explicitly in your
Makefile will not accomplish this, so please use
DIST_SUBDIR.)This does not affect the MASTER_SITES you
define in your Makefile.Package informationDo include package information, i.e.
COMMENT, DESCR, and
PLIST, in pkg.Note that these files are not used only for packaging anymore,
and are mandatory now, even if
NO_PACKAGE is set.RCS stringsDo not put RCS strings in patches. CVS will mangle them when we
put the files into the ports tree, and when we check them out again,
they will come out different and the patch will fail. RCS strings
are surrounded by dollar ($) signs, and
typically start with $Id or
$RCS.Recursive diffUsing the recurse () option to
diff to generate patches is fine, but please take
a look at the resulting patches to make sure you do not have any
unnecessary junk in there. In particular, diffs between two backup
files, Makefiles when the port uses
Imake or GNU configure, etc.,
are unnecessary and should be deleted. If you had to edit
configure.in and run
autoconf to regenerate
configure, do not take the diffs of
configure (it often grows to a few thousand
lines!); define USE_AUTOCONF=yes and take the
diffsof configure.in.Also, if you had to delete a file, then you can do it in the
post-extract target rather than as part of
the patch. Once you are happy with the resulting diff, please split
it up into one source file per patch file.PREFIXDo try to make your port install relative to
PREFIX. (The value of this variable will be set
to LOCALBASE (default
/usr/local), unless
USE_X_PREFIX or USE_IMAKE is
set, in which case it will be X11BASE (default
/usr/X11R6).)Not hard-coding /usr/local or
/usr/X11R6 anywhere in the source will make the
port much more flexible and able to cater to the needs of other
sites. For X ports that use imake, this is
automatic; otherwise, this can often be done by simply replacing the
occurrences of /usr/local (or
/usr/X11R6 for X ports that do not use imake)
in the various scripts/Makefiles in the port to read
PREFIX, as this variable is automatically passed
down to every stage of the build and install processes.Do not set USE_X_PREFIX unless your port
truly require it (i.e., it links against X libs or it needs to
reference files in X11BASE).The variable PREFIX can be reassigned in your
Makefile or in the user's environment.
However, it is strongly discouraged for individual ports to set this
variable explicitly in the Makefiles.Also, refer to programs/files from other ports with the
variables mentioned above, not explicit pathnames. For instance, if
your port requires a macro PAGER to be the full
pathname of less, use the compiler flag:
-DPAGER=\"${PREFIX}/bin/less\"
or
-DPAGER=\"${LOCALBASE}/bin/less\"
if this is an X port, instead of
-DPAGER=\"/usr/local/bin/less\". This way it will
have a better chance of working if the system administrator has
moved the whole `/usr/local' tree somewhere else.SubdirectoriesTry to let the port put things in the right subdirectories of
PREFIX. Some ports lump everything and put it in
the subdirectory with the port's name, which is incorrect. Also,
many ports put everything except binaries, header files and manual
pages in the a subdirectory of lib, which does
not bode well with the BSD paradigm. Many of the files should be
moved to one of the following: etc
(setup/configuration files), libexec
(executables started internally), sbin
(executables for superusers/managers), info
(documentation for info browser) or share
(architecture independent files). See man &man.hier.7; for details,
the rules governing
/usr pretty much apply to
/usr/local too. The exception are ports
dealing with USENET “news”. They may use
PREFIX/news as a destination
for their files.Cleaning up empty directoriesDo make your ports clean up after themselves when they are
deinstalled. This is usually accomplished by adding
@dirrm lines for all directories that are
specifically created by the port. You need to delete subdirectories
before you can delete parent directories.
:
lib/X11/oneko/pixmaps/cat.xpm
lib/X11/oneko/sounds/cat.au
:
@dirrm lib/X11/oneko/pixmals
@dirrm lib/X11/oneko/sounds
@dirrm lib/X11/onekoHowever, sometimes @dirrm will give you
errors because other ports also share the same subdirectory. You
can call rmdir from @unexec to
remove only empty directories without warning.
@unexec rmdir %D/share/doc/gimp 2>/dev/null || trueThis will neither print any error messages nor cause
pkg_delete to exit abnormally even if
PREFIX/share/doc/gimp is not
empty due to other ports installing some files in there.UIDsIf your port requires a certain user to be on the installed
system, let the pkg/INSTALL script call
pw to create it automatically. Look at
net/cvsup-mirror for an example.If your port must use the same user/group ID number when it is
installed a binarypackage as when it was compiled, then you mus
choose a free UID from 50 to 99 and register it below. Look at
japanese/Wnn for an example.Make sure you do not use a UID already used by the system or
other ports. This is the current list of UIDs between 50 and
99.
majordom:*:54:54:Majordomo Pseudo User:/usr/local/majordomo:/nonexistent
cyrus:*:60:60:the cyrus mail server:/nonexistent:/nonexistent
gnats:*:61:1:GNATS database owner:/usr/local/share/gnats/gnats-db:/bin/sh
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent
pop:*:68:6:Post Office Owner (popper):/nonexistent:/nonexistent
wnn:*:69:7:Wnn:/nonexistent:/nonexistent
ifmail:*:70:66:Ifmail user:/nonexistent:/nonexistent
pgsql:*:70:70:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh
ircd:*:72:72:IRCd hybrid:/nonexistent:/nonexistent
alias:*:81:81:QMail user:/var/qmail/alias:/nonexistent
qmaill:*:83:81:QMail user:/var/qmail:/nonexistent
qmaild:*:82:81:QMail user:/var/qmail:/nonexistent
qmailq:*:85:82:QMail user:/var/qmail:/nonexistent
qmails:*:87:82:QMail user:/var/qmail:/nonexistent
qmailp:*:84:81:QMail user:/var/qmail:/nonexistent
qmailr:*:86:82:QMail user:/var/qmail:/nonexistent
msql:*:87:87:mSQL-2 pseudo-user:/var/db/msqldb:/bin/shPlease include a notice when you submit a port (or an upgrade)
that reserves a new UID or GID in this range. This allows us to
keep the list of reserved IDs up to date.Do things rationallyThe Makefile should do things simply and
reasonably. If you can make it a couple of lines shorter or more
readable, then do so. Examples include using a make
.if construct instead of a shell
if construct, not redefining
do-extract if you can redefine
EXTRACT* instead, and using
GNU_CONFIGURE instead of CONFIGURE_ARGS
+= --prefix=${PREFIX}.Respect CFLAGSThe port should respect the CFLAGS variable.
If it does not, please add NO_PACKAGE=ignores
cflags to the Makefile.Configuration filesIf your port requires some configuration files in
PREFIX/etc, do
not just install them and list them in
pkg/PLIST. That will cause
pkg_delete to delete files carefully edited by
the user and a new installation to wipe them out.Instead, install sample files with a suffix
(filename.sample
will work well) and print out a message pointing out that the
user has to copy and edit the file before the software can be made
to work.PortlintDo check your work with portlint
before you submit or commit it.FeedbackDo send applicable changes/patches to the original
author/maintainer for inclusion in next release of the code. This
will only make your job that much easier for the next
release.MiscellaneaThe files pkg/DESCR,
pkg/COMMENT, and pkg/PLIST
should each be double-checked. If you are reviewing a port and feel
they can be worded better, do so.Do not copy more copies of the GNU General Public License into
our system, please.Please be careful to note any legal issues! Do not let us
illegally distribute software!If you are stuck…Do look at existing examples and the
bsd.port.mk file before asking us questions!
;)Do ask us questions if you have any trouble! Do not just beat
your head against a wall! :)A Sample MakefileHere is a sample Makefile that you can use to
create a new port. Make sure you remove all the extra comments (ones
between brackets)!It is recommended that you follow this format (ordering of
variables, empty lines between sections, etc.). This format is
designed so that the most important information is easy to locate. We
recommend that you use portlint to check the
Makefile.
[the header...just to make it easier for us to identify the ports.]
# New ports collection makefile for: xdvi
[the version required header should updated when upgrading a port.]
# Version required: pl18 [things like "1.5alpha" are fine here too]
[this is the date when the first version of this Makefile was created.
Never change this when doing an update of the port.]
# Date created: 26 May 1995
[this is the person who did the original port to FreeBSD, in particular, the
person who wrote the first version of this Makefile. Remember, this should
not be changed when upgrading the port later.]
# Whom: Satoshi Asami <asami@FreeBSD.ORG>
#
# $Id$
[ ^^^^ This will be automatically replaced with RCS ID string by CVS
when it is committed to our repository.]
#
[section to describe the port itself and the master site - DISTNAME
is always first, followed by PKGNAME (if necessary), CATEGORIES,
and then MASTER_SITES, which can be followed by MASTER_SITE_SUBDIR.
After those, one of EXTRACT_SUFX or DISTFILES can be specified too.]
DISTNAME= xdvi
PKGNAME= xdvi-pl18
CATEGORIES= print
[do not forget the trailing slash ("/")!
if you are not using MASTER_SITE_* macros]
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applications
[set this if the source is not in the standard ".tar.gz" form]
EXTRACT_SUFX= .tar.Z
[section for distributed patches -- can be empty]
PATCH_SITES= ftp://ftp.sra.co.jp/pub/X11/japanese/
PATCHFILES= xdvi-18.patch1.gz xdvi-18.patch2.gz
[maintainer; *mandatory*! This is the person (preferably with commit
privileges) who a user can contact for questions and bug reports - this
person should be the porter or someone who can forward questions to the
original porter reasonably promptly. If you really do not want to have
your address here, set it to "ports@FreeBSD.ORG".]
MAINTAINER= asami@FreeBSD.ORG
[dependencies -- can be empty]
RUN_DEPENDS= gs:${PORTSDIR}/print/ghostscript
LIB_DEPENDS= Xpm.5:${PORTSDIR}/graphics/xpm
[this section is for other standard bsd.port.mk variables that do not
belong to any of the above]
[If it asks questions during configure, build, install...]
IS_INTERACTIVE= yes
[If it extracts to a directory other than ${DISTNAME}...]
WRKSRC= ${WRKDIR}/xdvi-new
[If the distributed patches were not made relative to ${WRKSRC}, you
may need to tweak this]
PATCH_DIST_STRIP= -p1
[If it requires a "configure" script generated by GNU autoconf to be run]
GNU_CONFIGURE= yes
[If it requires GNU make, not /usr/bin/make, to build...]
USE_GMAKE= yes
[If it is an X application and requires "xmkmf -a" to be run...]
USE_IMAKE= yes
[et cetera.]
[non-standard variables to be used in the rules below]
MY_FAVORITE_RESPONSE= "yeah, right"
[then the special rules, in the order they are called]
pre-fetch:
i go fetch something, yeah
post-patch:
i need to do something after patch, great
pre-install:
and then some more stuff before installing, wow
[and then the epilogue]
.include <bsd.port.mk>Automated package list creationFirst, make sure your port is almost complete, with only
PLIST missing. Create an empty
PLIST.&prompt.root; touch PLISTNext, create a new set of directories which your port can be
installed, and install any dependencies.&prompt.root; mtree -U -f /etc/mtree/BSD.local.dist -d -e -p /var/tmp/port-name
&prompt.root; make depends PREFIX=/var/tmp/port-nameStore the directory structure in a new file.&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > OLD-DIRSIf your port honours PREFIX (which it should)
you can then install the port and create the package list.&prompt.root; make install PREFIX=/var/tmp
&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > pkg/PLISTYou must also add any newly created directories to the packing
list.&prompt.root; (cd /var/tmp/port-name && find * -type d) | comm -13 OLD-DIRS - | sed -e 's#^#@dirrm#' >> pkg/PLISTFinally, you need to tidy up the packing list by hand. I lied
when I said this was all automated. Manual pages should be listed in
the port's Makefile under
MANn, and not in the
package list. User configuration files should be removed, or
installed as
filename.sample. Any
libraries installed by the port should be listed as specified in the
ldconfig section.Package NamesThe following are the conventions you should follow in naming your
packages. This is to have our package directory easy to scan, as
there are already lots and lots of packages and users are going to
turn away if they hurt their eyes!The package name should look like
language-name-compiled.specifics-version.numbers.If your DISTNAME does not look like that, set
PKGNAME to something in that format.FreeBSD strives to support the native language of its users.
The language- part should be a two
letter abbreviation of the natural language defined by ISO-639 if
the port is specific to a certain language. Examples are
ja for Japanese, ru for
Russian, vi for Vietnamese,
zh for Chinese, ko for
Korean and de for German.The name part should be all lowercases,
except for a really large package (with lots of programs in it).
Things like XFree86 (yes there really is a port of it, check it
out) and ImageMagick fall into this category. Otherwise, convert
the name (or at least the first letter) to lowercase. If the
capital letters are important to the name (for example, with
one-letter names like R or
V) you may use capital letters at your
discretion. There is a tradition of naming Perl 5 modules by
prepending p5- and converting the double-colon
separator to a hyphen; for example, the
Data::Dumper module becomes
p5-Data-Dumper. If the software in question
has numbers, hyphens, or underscores in its name, you may include
them as well (like kinput2).If the port can be built with different hardcoded defaults (usually
part of the directory name in a family of ports), the
-compiled.specifics part should state
the compiled-in defaults (the hyphen is optional). Examples are
papersize and font units.The version string should be a period-separated list of
integers and single lowercase alphabetics. The only exception is
the string pl (meaning `patchlevel'), which can
be used only when there are no major and
minor version numbers in the software.Here are some (real) examples on how to convert a
DISTNAME into a suitable
PKGNAME:Distribution NamePackage NameReasonmule-2.2.2.mule-2.2.2No changes requiredXFree86-3.1.2XFree86-3.1.2No changes requiredEmiClock-1.0.2emiclock-1.0.2No uppercase names for single programsgmod1.4gmod-1.4Need a hyphen before version numbersxmris.4.0.2xmris-4.0.2Need a hyphen before version numbersrdist-1.3alphardist-1.3aNo strings like alpha
allowedes-0.9-beta1es-0.9b1No strings like beta
allowedv3.3beta021.srctiff-3.3What the heck was that anyway?tvtwmtvtwm-pl11Version string always requiredpiewmpiewm-1.0Version string always requiredxvgr-2.10pl1xvgr-2.10.1pl allowed only when no
major/minor version numbersgawk-2.15.6ja-gawk-2.15.6Japanese language versionpsutils-1.13psutils-letter-1.13Papersize hardcoded at package build timepkfontspkfonts300-1.0Package for 300dpi fontsIf there is absolutely no trace of version information in the
original source and it is unlikely that the original author will ever
release another version, just set the version string to
1.0 (like the piewm example above). Otherwise, ask
the original author or use the date string
(yy.mm.dd) as the version.CategoriesAs you already know, ports are classified in several categories.
But for this to wor, it is important that porters and users understand
what each category and how we deicde what to put in each
category.Current list of categoriesFirst, this is the current list of port categories. Those
marked with an asterisk (*) are
virtual categories—those that do not have
a corresponding subdirectory in the ports tree.For non-virtual categories, you will find a one-line
description in the pkg/COMMENT file in that
subdirectory (e.g.,
archivers/pkg/COMMENT).CategoryDescriptionafterstep*Ports to support AfterStep window managerarchiversArchiving tools.astroAstronomical ports.audioSound support.benchmarksBenchmarking utilities.biologyBiology-related software.cadComputer aided design tools.chineseChinese language support.commsCommunication software. Mostly software to talk to
your serial port.convertersCharacter code converters.databasesDatabases.deskutilsThings that used to be on the desktop before
computers were invented.develDevelopment utilities. Do not put libraries here just
because they are libraries—unless they truly do not
belong to anywhere else, they should not be in this
category.editorsGeneral editors. Specialized editors go in the section
for those tools (e.g., a mathematical-formula editor will go
in math).elispEmacs-lisp ports.emulatorsEmulators for other operating systems. Terminal
emulators do not belong
here—X-based ones should go to
x11 and text-based ones to either
comms or misc,
depending on the exact functionality.gamesGames.germanGerman language support.graphicsGraphics utilities.japaneseJapanese language support.kde*Ports that form the K Desktop Environment
(kde).koreanKorean language support.langProgramming languages.mailMail software.mathNumerical computation software and other utilities
for mathematics.mboneMBone applications.miscMiscellaneous utilities—basically things that
does not belong to anywhere else. This is the only category
that should not appear with any other non-virtual category.
If you have misc with something else in
your CATEGORIES line, that means you can
safely delete misc and just put the port
in that other subdirectory!netMiscellaneous networking software.newsUSENET news software.offix*Ports from the OffiX suite.palmSoftware support for the 3Com Palm(tm) series.perl5*Ports that require perl version 5 to run.plan9*Various programs from Plan9.printPrinting software. Desktop publishing tools
(previewers, etc.) belong here too.python*Software written in python.russianRussian language support.securitySecurity utilities.shellsCommand line shells.sysutilsSystem utilities.tcl75*Ports that use tcl version 7.5 to run.tcl76*Ports that use tcl version 7.6 to run.tcl80*Ports that use tcl version 8.0 to run.tcl81*Ports that use tcl version 8.1 to run.textprocText processing utilities. It does not include
desktop publishing tools, which go to print/.tk41*Ports that use tk version 4.1 to run.tk42*Ports that use tk version 4.2 to run.tk80*Ports that use tk version 8.0 to run.tk81*Ports that use tk version 8.1 to run.vietnameseVietnamese language support.windowmaker*Ports to support the WindowMaker window
managerwwwSoftware related to the World Wide Web. HTML language
support belong here too.x11The X window system and friends. This category is only
for software that directly support the window system. Do not
put regular X applications here. If your port is an X
application, define USE_XLIB (implied by
USE_IMAKE) and put it in appropriate
categories. Also, many of them go into other
x11-* categories (see below).x11-clocksX11 clocks.x11-fmX11 file managers.x11-fontsX11 fonts and font utilities.x11-toolkitsX11 toolkits.x11-wmX11 window managers.Choosing the right categoryAs many of the categories overlap, you often have to choose
which of the categories should be the primary category of your port.
There are several rules that govern this usse. Here is the list of
priorities, in decreasing order of precedence.Language specific categories always come first. For
example, if your port installs Japanese X11 fonts, then your
CATEGORIES line would read japanese
x11-fonts.Specific categories win over less-specific ones. For
instance, an HTML editor should be listed as www
editors, not the other way around. Also, you do not
need to list net when the port belongs to
either of mail, mbone,
news, security, or
www.x11 is used as a secondary category only
when the primary category is a natural language. In particular,
you should not put x11 in the category line
for X applications.If your port truly does not belong anywhere else, put it in
misc.If you are not sure about the category, please put a comment to
that effect in your send-pr submission so we can
discuss it before import it. (If you are a committer, send a note
&a.ports; so we can discuss it first—too often new ports are
imported to a wrong category only to be moved right away.)Changes to this document and the ports systemIf you maintain a lot of ports, you should consider following the
&a.ports;. Important changes to the way ports work will be announced
there. You can always find more detailed information on the latest
changes by looking at the
bsd.port.mk CVS log.That is It, Folks!Boy, this sure was a long tutorial, wasn't it? Thanks for
following us to here, really.Well, now that you know how to do a port, let us go at it and
convert everything in the world into ports! That is the easiest way to
start contributing to the FreeBSD Project! :)
diff --git a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
index 2db526fa62..0e9c4ac148 100644
--- a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
@@ -1,2488 +1,2488 @@
PPP and SLIPIf your connection to the Internet is through a modem, or you wish to
provide other people with dialup connections to the Internet using
FreeBSD, you have the option of using PPP or SLIP. Furthermore, two
varieties of PPP are provided: user (sometimes
referred to as iijppp) and
kernel. The procedures for configuring both types of
PPP, and for setting up SLIP are described in this chapter.Setting up User PPPUser PPP was introduced to FreeBSD in release 2.0.5 as an addition
to the existing kernel implementation of PPP. So, what is different
about this new PPP that warrants its addition? To quote from the manual
page:
This is a user process PPP software package. Normally, PPP is
implemented as a part of the kernel (e.g. as managed by
pppd) and it is thus somewhat hard to debug and/or
modify its behavior. However, in this implementation PPP is done as a
user process with the help of the tunnel device driver
(tun).
In essence, this means that rather than running a PPP daemon, the
ppp program can be run as and when desired. No PPP interface needs to
be compiled into the kernel, as the program can use the generic tunnel
device to get data into and out of the kernel.From here on out, user ppp will be referred to simply as ppp unless
a distinction needs to be made between it and any other PPP
client/server software such as pppd. Unless
otherwise stated, all commands in this section should be executed as
root.There are a large number of enhancements in version 2 of ppp. You
can discover what version you have by running ppp with no arguments and
typing show version at the prompt. It is a simple
matter to upgrade to the latest version of ppp (under any version of
FreeBSD) by downloading the latest archive via www.Awfulhak.org.Before you startThis document assumes you are in roughly this position:You have an account with an Internet Service Provider (ISP) which
lets you use PPP. Further, you have a modem (or other device)
connected and configured correctly which allows you to connect to your
ISP.You are going to need the following information to hand:Your ISPs phone number(s).Your login name and password. This can be either a regular
unix style login/password pair, or a PPP PAP or CHAP
login/password pair.The IP addresses of one or more nameservers. Normally, you
will be given two IP numbers. You must have
this information for PPP version 1.x
unless you run your own nameserver. From version 2 onwards,
PPP supports nameserver address
negotiation. If your ISP supports this, then using the command
enable dns in your config file will tell
PPP to set the nameservers for
you.The following information may have been supplied by your ISP, but
is not strictly necessary:The IP address of your ISP's gateway. The gateway is the
machine to which you will connect and will be set up as your
default route. If your ISP hasn't given you
this number, we can make one up and your ISP's PPP server will
tell us the correct value when we connect.This IP number is referred to as HISADDR
by ppp.Your ISP's netmask. If your ISP hasn't given you this
information, you can safely use a netmask of 255.255.255.0.If your ISP allocates you a static IP address and hostname
then you can enter this information. Otherwise, we simply let the
peer assign whatever IP number it sees fit.If you do not have any of the required information, contact your
ISP and make sure they provide it to you.Building a ppp ready kernelAs the description states, ppp uses the kernel
tun device. It is necessary to make sure
that your kernel has support for this device compiled in.To check this, go to your kernel compile directory
(/sys/i386/conf or
/sys/pc98/conf) and examine your kernel
configuration file. It needs to have the line
pseudo-device tun 1
in it somewhere. The stock GENERIC kernel has
this as standard, so if you have not installed a custom kernel or you
do not have a /sys directory, you do not have to
change anything.If your kernel configuration file does not have this line in it,
or you need to configure more than one tun device (for example, if you
are setting up a server and could have 16 dialup ppp connections at
any one time then you will need to use 16 instead
of 1), then you should add the line, re-compile,
re-install and boot the new kernel. Please refer to the Configuring the FreeBSD Kernel section
for more information on kernel configuration.You can check how many tunnel devices your current kernel has by
typing the following:&prompt.root; ifconfig -a
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 200.10.100.1 --> 203.10.100.24 netmask 0xffffffff
tun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 576
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 203.10.100.1 --> 203.10.100.20 netmask 0xffffffff
tun3: flags=8010<POINTOPOINT,MULTICAST> mtu 1500This case shows four tunnel devices, two of which are currently
configured and being used. It should be noted that the
RUNNING flag above indicates that the interface has
been used at some point—it is not an error if your interface
does not show up as RUNNING.If you have a kernel without the tun device, and you can not
rebuild it for some reason, all is not lost. You should be able to
dynamically load the code. Refer to the appropriate
&man.modload.8; and &man.lkm.4; pages for further details.You may also wish to take this opportunity to configure a
firewall. Details can be found in the Firewalls section.Check the tun deviceMost users will only require one tun
device (/dev/tun0). If you have used more (i.e.,
a number other than 1 in the
pseudo-device line in the kernel configuration
file) then alter all references to tun0 below
to reflect whichever device number you are using.The easiest way to make sure that the
tun0 device is configured correctly is to
re-make it. To do this, execute the following commands:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun0If you require 16 tunnel devices in your kernel, you will need to
create more than just tun0:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun15Also, to confirm that the kernel is configured correctly, the
following command should give the indicated output:&prompt.root; ifconfig tun0
tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500The RUNNING flag may not yet be set, in which
case you will see:&prompt.root; ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500Name Resolution ConfigurationThe resolver is the part of the system that turns IP addresses
into hostnames and vice versa. It can be configured to look for maps
that describe IP to hostname mappings in one of two places. The first
is a file called /etc/hosts (man 5
hosts). The second is the Internet Domain Name Service
(DNS), a distributed data base, the discussion of which is beyond the
scope of this document.This section describes briefly how to configure your
resolver.The resolver is a set of system calls that do the name mappings,
but you have to tell them where to find their information. You do
this by first editing the file /etc/host.conf.
Do not call this file
/etc/hosts.conf (note the extra
s) as the results can be confusing.Edit the /etc/host.conf fileThis file should contain the following two lines (in this
order):
hosts
bindThese instructs the resolver to first look in the file
/etc/hosts, and then to consult the DNS if the
name was not found.Edit the /etc/hosts(5) fileThis file should contain the IP addresses and names of machines
on your network. At a bare minimum it should contain entries for
the machine which will be running ppp. Assuming that your machine
is called foo.bar.com with the IP
address 10.0.0.1,
/etc/hosts should contain:
127.0.0.1 localhost
10.0.0.1 foo.bar.com fooThe first line defines the alias localhost as a
synonym for the current machine. Regardless of your own IP address,
the IP address for this line should always be 127.0.0.1. The second line maps the name
foo.bar.com (and the shorthand
foo) to the IP address 10.0.0.1.If your provider allocates you a static IP address and name,
then use these in place of the 10.0.0.1 entry.Edit the /etc/resolv.conf file/etc/resolv.conf tells the resolver how to
behave. If you are running your own DNS, you may leave this file
empty. Normally, you will need to enter the following
line(s):
nameserver x.x.x.x
nameserver y.y.y.y
domain bar.comThe x.x.x.x and
y.y.y.y
addresses are those given to you by your ISP. Add as many
nameserver lines as your ISP provides. The
domain line defaults to your hostname's domain,
and is probably unnecessary. Refer to the
resolv.conf manual page for details of other
possible entries in this file.If you are running PPP version 2 or greater, the enable
dns command will tell PPP to request that your ISP
confirms the nameserver values. If your ISP supplies different
addresses (or if there are no nameserver lines in
/etc/resolv.conf), PPP will rewrite the file
with the ISP-supplied values.ppp ConfigurationBoth user ppp and pppd (the kernel level
implementation of PPP) use configuration files located in the
/etc/ppp directory. The sample configuration
files provided are a good reference for user ppp, so don't delete
them.Configuring ppp requires that you edit a number
of files, depending on your requirements. What you put in them
depends to some extent on whether your ISP allocates IP addresses
statically (i.e., you get given one IP address, and always use that
one) or dynamically (i.e., your IP address can be different for each
PPP session).PPP and Static IP addressesYou will need to create a configuration file called
/etc/ppp/ppp.conf. It should look similar to
the example below.Lines that end in a : start in the first
column, all other lines should be indented as shown using spaces
or tabs.
1 default:
2 set device /dev/cuaa0
3 set speed 115200
4 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\TTIMEOUT 40 CONNECT"
5 provider:
6 set phone "(0123) 456 7890"
7 set login "TIMEOUT 10 \"\" \"\" gin:--gin: foo word: bar col: ppp"
8 set timeout 300
9 set ifaddr x.x.x.xy.y.y.y 255.255.255.0 0.0.0.0
10 add default HISADDR
11 enable dnsDo not include the line numbers, they are just for reference in
this discussion.Line 1:Identifies the default entry. Commands in this entry are
executed automatically when ppp is run.Line 2:Identifies the device to which the modem is connected.
COM1: is
/dev/cuaa0 and
COM2: is
/dev/cuaa1.Line 3:Sets the speed you want to connect at. If 115200 doesn't
work (it should with any reasonably new modem), try 38400
instead.Line 4:The dial string. User PPP uses an expect-send syntax
similar to the &man.chat.8; program. Refer to the
manual page for information on the features of this
language.Line 5:Identifies an entry for a provider called
“provider”.Line 6:Sets the phone number for this provider. Multiple phone
numbers may be specified using the : or
| character as a separator. The difference
between these separators is described in &man.ppp.8;.
To summarize, if you want to rotate through the numbers, use
the :. If you want to always attempt to
dial the first number first and only use the other numbers if
the first number fails, use the |. Always
quote the entire set of phone numbers as shown.Line 7:The login string is of the same chat-like syntax as the
dial string. In this example, the string works for a service
whose login session looks like this:J. Random Provider
login: foo
password: bar
protocol: pppYou will need to alter this script to suit your own needs.
When you write this script for the first time, you should
enable “chat” logging to ensure that the
conversation is going as expected.If you're using PAP or CHAP, there will be no login at
this point, so your login string can be left blank. See PAP and CHAP
authentication for further details.Line 8:Sets the default timeout (in seconds) for the connection.
Here, the connection will be closed automatically after 300
seconds of inactivity. If you never want to timeout, set this
value to zero.Line 9:Sets the interface addresses. The string
x.x.x.x should be replaced by the
IP address that your provider has allocated to you. The
string y.y.y.y should be replaced
by the IP address that your ISP indicated for their gateway
(the machine to which you connect). If your ISP hasn't given
you a gateway address, use 10.0.0.2/0. If you need to use a
“guessed” address, make sure that you create an
entry in /etc/ppp/ppp.linkup as per the
instructions for PPP and
Dynamic IP addresses. If this line is omitted,
ppp cannot run in or
mode.Line 10:Adds a default route to your ISPs gateway. The special
word HISADDR is replaced with the gateway
address specified on line 9. It is important that this line
appears after line 9, otherwise HISADDR
will not yet be initialized.Line 11:This line tells PPP to ask your ISP to confirm that your
nameserver addresses are correct. If your ISP supports this
facility, PPP can then update
/etc/resolv.conf with the correct
nameserver entries.It is not necessary to add an entry to
ppp.linkup when you have a static IP address as
your routing table entries are already correct before you connect.
You may however wish to create an entry to invoke programs after
connection. This is explained later with the sendmail
example.Example configuration files can be found in the
/etc/ppp directory.PPP and Dynamic IP addressesIf your service provider does not assign static IP numbers,
ppp can be configured to negotiate the local and
remote addresses. This is done by “guessing” an IP
number and allowing ppp to set it up correctly
using the IP Configuration Protocol (IPCP) after connecting. The
ppp.conf configuration is the same as PPP and Static IP addresses,
with the following change:
9 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0Again, do not include the line numbers, they are just for
reference in this discussion. Indentation of at least one space is
required.Line 9:The number after the / character is the
number of bits of the address that ppp will insist on. You
may wish to use IP numbers more appropriate to your
circumstances, but the above example will always work.The last argument (0.0.0.0) tells PPP
to negotiate using address 0.0.0.0 rather than 10.0.0.1. Do not use
0.0.0.0 as the first argument to
set ifaddr as it prevents PPP from setting
up an intial route in mode.If you are running version 1.x of PPP, uou will also need to
create an entry in /etc/ppp/ppp.linkup.
ppp.linkup is used after a connection has been
established. At this point, ppp will know what
IP addresses should really be used. The
following entry will delete the existing bogus routes, and create
correct ones:
1 provider:
2 delete ALL
3 add 0 0 HISADDRLine 1:On establishing a connection, ppp will
look for an entry in ppp.linkup according
to the following rules: First, try to match the same label as
we used in ppp.conf. If that fails, look
for an entry for the IP number of our gateway. This entry is
a four-octet IP style label. If we still haven't found an
entry, look for the MYADDR entry.Line 2:This line tells ppp to delete all
existing routes for the acquired tun interface (except the
direct route entry).Line 3:This line tells ppp to add a default
route that points to HISADDR.
HISADDR will be replaced with the IP number
of the gateway as negotiated in the IPCP.See the pmdemand entry in the files
/etc/ppp/ppp.conf.sample and
/etc/ppp/ppp.linkup.sample for a detailed
example.Version 2 of PPP introduces “sticky routes”. Any
add or delete lines that
contain MYADDR or HISADDR will
be remembered, and any time the actual values of
MYADDR or HISADDR change, the
routes will be re-applied. This removes the necessity of repeating
these lines in ppp.linkup.Receiving incoming calls with pppThis section describes setting up ppp in a
server role.When you configure ppp to receive incoming
calls on a machine connected to a LAN, you must decide if you wish
to forward packets to the LAN. If you do, you should allocate the
peer an IP number from your LAN's subet, and use the command
enable proxy
in your ppp.conf file. You should also confirm
that the /etc/rc.conf file (this file used to
be called /etc/sysconfig) contains the
following:
gateway=YESWhich getty?Configuring FreeBSD for Dialup
Services provides a good description on enabling dialup
services using getty.An alternative to getty is mgetty,
a smarter version of getty designed with dialup
lines in mind.The advantages of using mgetty is that it
actively talks to modems, meaning if port is
turned off in /etc/ttys then your modem won't
answer the phone.Later versions of mgetty (from 0.99beta
onwards) also support the automatic detection of PPP streams,
allowing your clients script-less access to your server.Refer to Mgetty and
AutoPPP for more information on
mgetty.PPP permissionsppp must normally be run as user id 0. If
however you wish to allow ppp to run in server
mode as a normal user by executing ppp as
described below, that user must be given permission to run
ppp by adding them to the
network group in
/etc/group.You will also need to give them access to one or more sections
of the configuration file using the allow
command:
allow users fred maryIf this command is used in the default
section, it gives the specified users access to everything.Setting up a PPP shell for dynamic-IP usersCreate a file called /etc/ppp/ppp-shell
containing the following:
#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`
if [ x$IDENT = xdialup ]; then
IDENT=`basename $TTY`
fi
echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENTThis script should be executable. Now make a symbolic link
called ppp-dialup to this script using the
following commands:&prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialupYou should use this script as the shell
for all your dialup ppp users. This is an example from
/etc/password for a dialup PPP user with
username pchilds. (remember don't directly
edit the password file, use vipw)
pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialupCreate a /home/ppp directory that is
world readable containing the following 0 byte files
-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts
which prevents /etc/motd from being
displayed.Setting up a PPP shell for static-IP usersCreate the ppp-shell file as above and
for each account with statically assigned IPs create a symbolic
link to ppp-shell.For example, if you have three dialup customers
fred, sam, and
mary, that you route class C networks for,
you would type the following:&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-maryEach of these users dialup accounts should have their shell
set to the symbolic link created above. (ie.
mary's shell should be
/etc/ppp/ppp-mary).Setting up ppp.conf for dynamic-IP usersThe /etc/ppp/ppp.conf file should contain
something along the lines of
default:
set debug phase lcp chat
set timeout 0
ttyd0:
set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
enable proxy
ttyd1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxyThe indenting is important.The default: section is loaded for each
session. For each dialup line enabled in
/etc/ttys create an entry similar to the one
for ttyd0: above. Each line should get a
unique IP address from your pool of IP addresses for dynamic
users.Setting up ppp.conf for static-IP
usersAlong with the contents of the sample
/etc/ppp/ppp.conf above you should add a
section for each of the statically assigned dialup users. We will
continue with our fred,
sam, and mary
example.
fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
sam:
set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255The file /etc/ppp/ppp.linkup should also
contain routing information for each static IP user if required.
The line below would add a route for the 203.14.101.0 class C via the client's
ppp link.
fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
sam:
add 203.14.102.0 netmask 255.255.255.0 HISADDR
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDRMore on mgetty, AutoPPP, and MS
extensionsmgetty and AutoPPPConfiguring and compiling mgetty with the
AUTO_PPP option enabled allows
mgetty to detect the LCP phase of PPP
connections and automatically spawn off a ppp shell. However,
since the default login/password sequence does not occur it is
necessary to authenticate users using either PAP or CHAP.This section assumes the user has successfully configured,
compiled, and installed a version of mgetty
with the AUTO_PPP option (v0.99beta or
later)Make sure your
/usr/local/etc/mgetty+sendfax/login.config
file has the following in it:
/AutoPPP/ - - /etc/ppp/ppp-pap-dialupThis will tell mgetty to run the
ppp-pap-dialup script for detected PPP
connections.Create a file called
/etc/ppp/ppp-pap-dialup containing the
following (the file should be executable):
#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENTFor each dialup line enabled in
/etc/ttys create a corresponding entry in
/etc/ppp/ppp.conf. This will happily
co-exist with the definitions we created above.
pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxyEach user logging in with this method will need to have a
username/password in /etc/ppp/ppp.secret
file, or alternatively add the
enable passwdauthoption to authenticate users via pap from the
/etc/password file.If you wish to assign some users a static IP number, you can
specify the number as the third argument in
/etc/ppp/ppp.secret. See
/etc/ppp/ppp.secret.sample for
examples.MS extentionsIt is possible to configure PPP to supply DNS and NetBIOS
nameserver addresses on demand.To enable these extensions with PPP version 1.x, the
following lines might be added to the relevant section of
/etc/ppp/ppp.conf.
enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5And for PPP version 2 and above:
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5This will tell the clients the primary and secondary name
server addresses, and a netbios nameserver host.In version 2 and above, if the set dns
line is ommitted, PPP will use the values found in
/etc/resolv.conf.PAP and CHAP authenticationSome ISPs set their system up so that the authentication part of
your connection is done using either of the PAP or CHAP
authentication mechanisms. If this is the case, your ISP will not
give a login: prompt when you connect, but will
start talking PPP immediately.PAP is less secure than CHAP, but security is not normally an
issue here as passwords, although being sent as plain text with PAP,
are being transmitted down a serial line only. There's not much room
for crackers to “eavesdrop”.Referring back to the PPP and
Static IP addresses or PPP and Dynamic IP addresses
sections, the following alterations must be made:
7 set login
…
12 set authname MyUserName
13 set authkey MyPasswordAs always, do not include the line numbers, they are just for
reference in this discussion. Indentation of at least one space is
required.Line 7:Your ISP will not normally require that you log into the
server if you're using PAP or CHAP. You must therefore
disable your "set login" string.Line 12:This line specifies your PAP/CHAP user name. You will
need to insert the correct value for
MyUserName.Line 13:This line specifies your PAP/CHAP password. You will need
to insert the correct value for
MyPassword. You may want to add an
additional line
15 accept PAP
or
15 accept CHAP
to make it obvious that this is the intention, but PAP and
CHAP are both accepted by default.Changing your ppp configuration on the
flyIt is possible to talk to the ppp program
while it is running in the background, but only if a suitable
diagnostic port has been set up. To do this, add the following line
to your configuration:
set server /var/run/ppp-tun%d DiagnosticPassword 0177This will tell PPP to listen to the specified unix-domain
socket, asking clients for the specified password before allowing
access. The %d in the name is replaced with the
tun device number that is in use.Once a socket has been set up, the
&man.pppctl.8; program may be used in scripts that wish to
manipulate the running program.Final system configurationYou now have ppp configured, but there are a
few more things to do before it is ready to work. They all involve
editing the /etc/rc.conf file (was
/etc/sysconfig).Working from the top down in this file, make sure the
hostname= line is set, e.g.:
hostname=foo.bar.comIf your ISP has supplied you with a static IP address and name,
it's probably best that you use this name as your host name.Look for the network_interfaces variable. If
you want to configure your system to dial your ISP on demand, make
sure the tun0 device is added to the list,
otherwise remove it.
network_interfaces="lo0 tun0" ifconfig_tun0=The ifconfig_tun0 variable should be empty,
and a file called /etc/start_if.tun0 should be
created. This file should contain the line
ppp -auto mysystemThis script is executed at network configuration time, starting
your ppp daemon in automatic mode. If you have a LAN for which this
machine is a gateway, you may also wish to use the
switch. Refer to the manual page for
further details.Set the router program to NO with the
line
router_enable=NO (/etc/rc.conf)
router=NO (/etc/sysconfig)It is important that the routed daemon is not
started (it's started by default) as routed tends
to delete the default routing table entries created by
ppp.It is probably worth your while ensuring that the
sendmail_flags line does not include the
option, otherwise sendmail will
attempt to do a network lookup every now and then, possibly causing
your machine to dial out. You may try:
sendmail_flags="-bd"The upshot of this is that you must force
sendmail to re-examine the mail queue whenever the
ppp link is up by typing:&prompt.root; /usr/sbin/sendmail -qYou may wish to use the !bg command in
ppp.linkup to do this automatically:
1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30mIf you don't like this, it is possible to set up a
“dfilter” to block SMTP traffic. Refer to the sample
files for further details.All that is left is to reboot the machine.After rebooting, you can now either type&prompt.root; pppand then dial provider to start the PPP
session, or, if you want ppp to establish sessions
automatically when there is outbound traffic (and you haven't created
the start_if.tun0 script), type&prompt.root; ppp -auto providerSummaryTo recap, the following steps are necessary when setting up ppp
for the first time:Client side:Ensure that the tun device is built
into your kernel.Ensure that the
tunX device file
is available in the /dev directory.Create an entry in /etc/ppp/ppp.conf.
The pmdemand example should suffice for most
ISPs.If you have a dynamic IP address, create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf (or
sysconfig) file.Create a start_if.tun0 script if you
require demand dialing.Server side:Ensure that the tun device is built
into your kernel.Ensure that the
tunX device file
is available in the /dev directory.Create an entry in /etc/passwd (using the
&man.vipw.8; program).Create a profile in this users home directory that runs
ppp -direct direct-server or similar.Create an entry in /etc/ppp/ppp.conf.
The direct-server example should
suffice.Create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf (or
sysconfig) file.AcknowledgmentsThis section of the handbook was last updated on Monday Aug 10,
1998 by &a.brian;Thanks to the following for their input, comments &
suggestions:&a.nik;&a.dirkvangulik;&a.pjc;Setting up Kernel PPPContributed by &a.gena;.Before you start setting up PPP on your machine make sure that
pppd is located in /usr/sbin and
directory /etc/ppp exists.pppd can work in two modes:as a “client”, i.e. you want to connect your machine
to outside world via PPP serial connection or modem line.as a “server”, i.e. your machine is located on the
network and used to connect other computers using PPP.In both cases you will need to set up an options file
(/etc/ppp/options or ~/.ppprc
if you have more then one user on your machine that uses PPP).You also will need some modem/serial software (preferably kermit) so
you can dial and establish connection with remote host.Working as a PPP clientI used the following /etc/ppp/options to
connect to CISCO terminal server PPP line.
crtscts # enable hardware flow control
modem # modem control line
noipdefault # remote PPP server must supply your IP address.
# if the remote host doesn't send your IP during IPCP
# negotiation , remove this option
passive # wait for LCP packets
domain ppp.foo.com # put your domain name here
:<remote_ip> # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be your
# default routerTo connect:Dial to the remote host using kermit (or other modem program)
enter your user name and password (or whatever is needed to enable
PPP on the remote host)Exit kermit (without hanging up the line).enter:&prompt.root; /usr/src/usr.sbin/pppd.new/pppd /dev/tty0119200Use the appropriate speed and device name.Now your computer is connected with PPP. If the connection fails
for some reasons you can add the option to the
/etc/ppp/options file and check messages on the
console to track the problemFollowing /etc/ppp/pppup script will make all
3 stages automatically:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200/etc/ppp/kermit.dial is kermit script that
dials and makes all necessary authorization on the remote host.
(Example of such script is attached to the end of this
document)Use the following /etc/ppp/pppdown script to
disconnect the PPP line:
#!/bin/sh
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill -TERM ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptestCheck if PPP is still running
(/usr/etc/ppp/ppptest):
#!/bin/sh
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'pppd running: PID=' ${pid-NONE}
else
echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0Hangs up modem line
(/etc/ppp/kermit.hup):
set line /dev/tty01 ; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exitHere is an alternate method using chat instead
of kermit.Contributed by &a.rhuff;.The following two files are sufficient to accomplish a pppd
connection./etc/ppp/options:
/dev/cuaa1 115200
crtscts # enable hardware flow control
modem # modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault # remote PPP serve must supply your IP address.
# if the remote host doesn't send your IP during
# IPCP negotiation, remove this option
passive # wait for LCP packets
domain <your.domain> # put your domain name here
: # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be
# your default router/etc/ppp/login.chat.script:(This should actually go into a single line.)
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number>
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id>
TIMEOUT 5 sword: <password>Once these are installed and modified correctly, all you need to
do is&prompt.root; pppdThis sample based primarily on information provided by: Trev
Roydhouse <Trev.Roydhouse@f401.n711.z3.fidonet.org> and used by
permission.Working as a PPP server/etc/ppp/options:
crtscts # Hardware flow control
netmask 255.255.255.0 # netmask ( not required )
192.114.208.20:192.114.208.165 # ip's of local and remote hosts
# local ip must be different from one
# you assigned to the ethernet ( or other )
# interface on your machine.
# remote IP is ip address that will be
# assigned to the remote machine
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem lineFollowing /etc/ppp/pppserv script will enable
ppp server on your machine:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete
# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200Use this /etc/ppp/pppservdown script to stop
ppp server:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noansFollowing kermit script will enable/disable autoanswer mode on
your modem (/etc/ppp/kermit.ans):
set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
; autoanswer mod
inp 5 OK
echo \13
exitThis /etc/ppp/kermit.dial script is used for
dialing and authorizing on remote host. You will need to customize it
for your needs. Put your login and password in this script, also you
will need to change input statement depending on responses from your
modem and remote host.
;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto ; Then SET CARRIER if necessary,
set dial display on ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0 ; login prompt counter
goto slhup
:slcmd ; put the modem in command mode
echo Put the modem in command mode.
clear ; Clear unread characters from input buffer
pause 1
output +++ ; hayes escape sequence
input 1 OK\13\10 ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd ; if modem doesn't answer OK, try again
:slhup ; hang up the phone
clear ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13 ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd ; if no OK answer, put modem in command mode
:sldial ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10 ; put phone number here
assign \%x 0 ; zero the time counter
:look
clear ; Clear unread characters from input buffer
increment \%x ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup
:sllogin ; login
assign \%x 0 ; zero the time counter
pause 1
echo Looking for login prompt.
:slloop
increment \%x ; Count the seconds
clear ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop ; try 10 times to get a login prompt
else goto slhup ; hang up and start again if 10 failures
:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit
:slnodial
echo \7No dialtone. Check the telephone line!\7
exit 1
; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:Setting up a SLIP ClientContributed by &a.asami; 8 Aug 1995.The following is one way to set up a FreeBSD machine for SLIP on a
static host network. For dynamic hostname assignments (i.e., your
address changes each time you dial up), you probably need to do
something much fancier.First, determine which serial port your modem is connected to. I
have a symbolic link to /dev/modem from
/dev/cuaa1, and only use the modem name in my
configuration files. It can become quite cumbersome when you need to
fix a bunch of files in /etc and
.kermrc's all over the system!/dev/cuaa0 is COM1,
cuaa1 is COM2,
etc.Make sure you have
pseudo-device sl 1
in your kernel's config file. It is included in the
GENERIC kernel, so this will not be a problem
unless you deleted it.Things you have to do only onceAdd your home machine, the gateway and nameservers to your
/etc/hosts file. Mine looks like
this:
127.0.0.1 localhost loghost
136.152.64.181 silvia.HIP.Berkeley.EDU silvia.HIP silvia
136.152.64.1 inr-3.Berkeley.EDU inr-3 slip-gateway
128.32.136.9 ns1.Berkeley.edu ns1
128.32.136.12 ns2.Berkeley.edu ns2By the way, silvia is the name of the car that I had when I
was back in Japan (it is called 2?0SX here in U.S.).Make sure you have before
in your /etc/host.conf.
Otherwise, funny things may happen.Edit the file /etc/rc.conf. Note that
you should edit the file /etc/sysconfig
instead if you are running FreeBSD previous to version
2.2.2.Set your hostname by editing the line that says:
hostname=myname.my.domainYou should give it your full Internet hostname.Add sl0 to the list of network interfaces by changing the
line that says:
network_interfaces="lo0"to:
network_interfaces="lo0 sl0"Set the startup flags of sl0 by adding a line:
ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"Designate the default router by changing the line:
defaultrouter=NOto:
defaultrouter=slip-gatewayMake a file /etc/resolv.conf which
contains:
domain HIP.Berkeley.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12As you can see, these set up the nameserver hosts. Of course,
the actual domain names and addresses depend on your
environment.Set the password for root and toor (and any other accounts
that does not have a password). Use passwd, do not edit the
/etc/passwd or
/etc/master.passwd files!Reboot your machine and make sure it comes up with the correct
hostname.Making a SLIP connectionDial up, type slip at the prompt, enter
your machine name and password. The things you need to enter
depends on your environment. I use kermit, with a script like
this:
# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0a(of course, you have to change the hostname and password to
fit yours). Then you can just type slip from
the kermit prompt to get connected.Leaving your password in plain text anywhere in the
filesystem is generally a BAD idea. Do it at your own risk. I
am just too lazy.Leave the kermit there (you can suspend it by
z) and as root, type:&prompt.root; slattach -h -c -s 115200 /dev/modemIf you are able to ping hosts on the other
side of the router, you are connected! If it does not work, you
might want to try instead of
as an argument to slattach.How to shutdown the connectionType
&prompt.root; kill -INT `cat /var/run/slattach.modem.pid`
(as root) to kill slattach. Then go back to kermit
(fg if you suspended it) and exit from it
(q).The slattach man page says you have to use ifconfig sl0
down to mark the interface down, but this does not seem to
make any difference for me. (ifconfig sl0 reports
the same thing.)Some times, your modem might refuse to drop the carrier (mine
often does). In that case, simply start kermit and quit it again. It
usually goes out on the second try.TroubleshootingIf it does not work, feel free to ask me. The things that people
tripped over so far:Not using or in
slattach (I have no idea why this can be fatal, but adding this
flag solved the problem for at least one person)Using instead of
(might be hard to see the difference on some fonts).Try ifconfig sl0 to see your interface
status. I get:&prompt.root; ifconfig sl0
sl0: flags=10<POINTOPOINT>
inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00Also, netstat -r will give the routing
table, in case you get the "no route to host" messages from ping.
Mine looks like:&prompt.root; netstat -r
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
(root node)
(root node)
Route Tree for Protocol Family inet:
(root node) =>
default inr-3.Berkeley.EDU UG 8 224515 sl0 - -
localhost.Berkel localhost.Berkeley UH 5 42127 lo0 - 0.438
inr-3.Berkeley.E silvia.HIP.Berkele UH 1 0 sl0 - -
silvia.HIP.Berke localhost.Berkeley UGH 34 47641234 lo0 - 0.438
(root node)(this is after transferring a bunch of files, your numbers
should be smaller).Setting up a SLIP ServerContributed by &a.ghelmer;. v1.0, 15 May
1995.This document provides suggestions for setting up SLIP Server
services on a FreeBSD system, which typically means configuring your
system to automatically startup connections upon login for remote SLIP
clients. The author has written this document based on his experience;
however, as your system and needs may be different, this document may
not answer all of your questions, and the author cannot be responsible
if you damage your system or lose data due to attempting to follow the
suggestions here.This guide was originally written for SLIP Server services on a
FreeBSD 1.x system. It has been modified to reflect changes in the
pathnames and the removal of the SLIP interface compression flags in
early versions of FreeBSD 2.X, which appear to be the only major changes
between FreeBSD versions. If you do encounter mistakes in this
document, please email the author with enough information to help
correct the problem.PrerequisitesThis document is very technical in nature, so background knowledge
is required. It is assumed that you are familiar with the TCP/IP
network protocol, and in particular, network and node addressing,
network address masks, subnetting, routing, and routing protocols,
such as RIP. Configuring SLIP services on a dial-up server requires a
knowledge of these concepts, and if you are not familiar with them,
please read a copy of either Craig Hunt's TCP/IP Network
Administration published by O'Reilly & Associates,
Inc. (ISBN Number 0-937175-82-X), or Douglas Comer's books on the
TCP/IP protocol.It is further assumed that you have already setup your modem(s)
and configured the appropriate system files to allow logins through
your modems. If you have not prepared your system for this yet,
please see the tutorial for configuring dialup services; if you have a
World-Wide Web browser available, browse the list of tutorials at
- http://www.freebsd.org/;
+ http://www.FreeBSD.org/;
otherwise, check the place where you found this document for a
document named dialup.txt or something similar.
You may also want to check the manual pages for
&man.sio.4; for information on the serial port device driver and
&man.ttys.5;, &man.gettytab.5;, &man.getty.8;, & &man.init.8;
for information relevant to configuring the system to accept logins on
modems, and perhaps &man.stty.1; for information on setting serial
port parameters (such as clocal for
directly-connected serial interfaces).Quick OverviewIn its typical configuration, using FreeBSD as a SLIP server works
as follows: a SLIP user dials up your FreeBSD SLIP Server system and
logs in with a special SLIP login ID that uses
/usr/sbin/sliplogin as the special user's shell.
The sliplogin program browses the file
/etc/sliphome/slip.hosts to find a matching line
for the special user, and if it finds a match, connects the serial
line to an available SLIP interface and then runs the shell script
/etc/sliphome/slip.login to configure the SLIP
interface.An Example of a SLIP Server LoginFor example, if a SLIP user ID were
Shelmerg, Shelmerg's entry
in /etc/master.passwd would look something like
this (except it would be all on one line):
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliploginWhen Shelmerg logs in,
sliplogin will search
/etc/sliphome/slip.hosts for a line that had a
matching user ID; for example, there may be a line in
/etc/sliphome/slip.hosts that reads:
Shelmerg dc-slip sl-helmer 0xfffffc00 autocompsliplogin will find that matching line, hook
the serial line into the next available SLIP interface, and then
execute /etc/sliphome/slip.login like
this:
/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocompIf all goes well, /etc/sliphome/slip.login
will issue an ifconfig for the SLIP interface to
which sliplogin attached itself (slip interface
0, in the above example, which was the first parameter in the list
given to slip.login) to set the local IP
address (dc-slip), remote IP address
(sl-helmer), network mask for the SLIP interface
(0xfffffc00), and any additional
flags (autocomp). If something goes wrong,
sliplogin usually logs good informational
messages via the daemon syslog facility, which
usually goes into /var/log/messages (see the
manual pages for &man.syslogd.8; and
&man.syslog.conf.5, and perhaps check
/etc/syslog.conf to see to which files
syslogd is logging).OK, enough of the examples — let us dive into setting up
the system.Kernel ConfigurationFreeBSD's default kernels usually come with two SLIP interfaces
defined (sl0 and
sl1); you can use netstat
-i to see whether these interfaces are defined in your
kernel.Sample output from netstat -i:Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ed0 1500 <Link>0.0.c0.2c.5f.4a 291311 0 174209 0 133
ed0 1500 138.247.224 ivory 291311 0 174209 0 133
lo0 65535 <Link> 79 0 79 0 0
lo0 65535 loop localhost 79 0 79 0 0
sl0* 296 <Link> 0 0 0 0 0
sl1* 296 <Link> 0 0 0 0 0The sl0 and sl1
interfaces shown in netstat -i's output indicate
that there are two SLIP interfaces built into the kernel. (The
asterisks after the sl0 and sl1
indicate that the interfaces are “down”.)However, FreeBSD's default kernels do not come configured to
forward packets (ie, your FreeBSD machine will not act as a router)
due to Internet RFC requirements for Internet hosts (see RFC's 1009
[Requirements for Internet Gateways], 1122 [Requirements for Internet
Hosts — Communication Layers], and perhaps 1127 [A Perspective
on the Host Requirements RFCs]), so if you want your FreeBSD SLIP
Server to act as a router, you will have to edit the
/etc/rc.conf file (called
/etc/sysconfig in FreeBSD releases prior to
2.2.2) and change the setting of the gateway
variable to . If you have an older system which
predates even the /etc/sysconfig file, then add
the following command:
sysctl -w net.inet.ip.forwarding = 1
to your /etc/rc.local file.You will then need to reboot for the new settings to take
effect.You will notice that near the end of the default kernel
configuration file (/sys/i386/conf/GENERIC) is a
line that reads:
pseudo-device sl 2This is the line that defines the number of SLIP devices available
in the kernel; the number at the end of the line is the maximum number
of SLIP connections that may be operating simultaneously.Please refer to Configuring the
FreeBSD Kernel for help in reconfiguring your kernel.Sliplogin ConfigurationAs mentioned earlier, there are three files in the
/etc/sliphome directory that are part of the
configuration for /usr/sbin/sliplogin (see
&man.sliplogin.8; for the actual manual page for
sliplogin): slip.hosts, which
defines the SLIP users & their associated IP addresses;
slip.login, which usually just configures the
SLIP interface; and (optionally) slip.logout,
which undoes slip.login's effects when the serial
connection is terminated.slip.hosts Configuration/etc/sliphome/slip.hosts contains lines
which have at least four items, separated by whitespace:SLIP user's login IDLocal address (local to the SLIP server) of the SLIP
linkRemote address of the SLIP linkNetwork maskThe local and remote addresses may be host names (resolved to IP
addresses by /etc/hosts or by the domain name
service, depending on your specifications in
/etc/host.conf), and I believe the network mask
may be a name that can be resolved by a lookup into
/etc/networks. On a sample system,
/etc/sliphome/slip.hosts looks like
this:
#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocompAt the end of the line is one or more of the options. — no header compression — compress headers — compress headers if the
remote end allows it — disable ICMP packets (so any
“ping” packets will be dropped instead of using up
your bandwidth)Note that sliplogin under early releases of
FreeBSD 2 ignored the options that FreeBSD 1.x recognized, so the
options , ,
, and had no effect
until support was added in FreeBSD 2.2 (unless your
slip.login script included code to make use of
the flags).Your choice of local and remote addresses for your SLIP links
depends on whether you are going to dedicate a TCP/IP subnet or if
you are going to use “proxy ARP” on your SLIP server (it
is not “true” proxy ARP, but that is the terminology
used in this document to describe it). If you are not sure which
method to select or how to assign IP addresses, please refer to the
TCP/IP books referenced in the slips-prereqs section and/or
consult your IP network manager.If you are going to use a separate subnet for your SLIP clients,
you will need to allocate the subnet number out of your assigned IP
network number and assign each of your SLIP client's IP numbers out
of that subnet. Then, you will probably either need to configure a
static route to the SLIP subnet via your SLIP server on your nearest
IP router, or install gated on your FreeBSD SLIP
server and configure it to talk the appropriate routing protocols to
your other routers to inform them about your SLIP server's route to
the SLIP subnet.Otherwise, if you will use the “proxy ARP” method,
you will need to assign your SLIP client's IP addresses out of your
SLIP server's Ethernet subnet, and you will also need to adjust your
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout scripts to use
&man.arp.8; to manage the proxy-ARP entries in the SLIP server's
ARP table.slip.login ConfigurationThe typical /etc/sliphome/slip.login file
looks like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6This slip.login file merely
ifconfig's the appropriate SLIP interface with
the local and remote addresses and network mask of the SLIP
interface.If you have decided to use the “proxy ARP” method
(instead of using a separate subnet for your SLIP clients), your
/etc/sliphome/slip.login file will need to look
something like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pubThe additional line in this slip.login,
arp -s $5 00:11:22:33:44:55 pub, creates an
ARP entry in the SLIP server's ARP table. This ARP entry causes the
SLIP server to respond with the SLIP server's Ethernet MAC address
whenever a another IP node on the Ethernet asks to speak to the SLIP
client's IP address.When using the example above, be sure to replace the Ethernet
MAC address (00:11:22:33:44:55) with the
MAC address of your system's Ethernet card, or your “proxy
ARP” will definitely not work! You can discover your SLIP
server's Ethernet MAC address by looking at the results of running
netstat -i; the second line of the output should
look something like:ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116This indicates that this particular system's Ethernet MAC
address is 00:02:c1:28:5f:4a — the
periods in the Ethernet MAC address given by netstat
-i must be changed to colons and leading zeros should be
added to each single-digit hexadecimal number to convert the address
into the form that
&man.arp.8; desires; see the manual page on &man.arp.8; for
complete information on usage.When you create /etc/sliphome/slip.login
and /etc/sliphome/slip.logout, the
“execute” bit (ie, chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout)
must be set, or sliplogin will be unable to
execute it.slip.logout Configuration/etc/sliphome/slip.logout is not strictly
needed (unless you are implementing “proxy ARP”), but if
you decide to create it, this is an example of a basic
slip.logout script:
#!/bin/sh -
#
# slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 downIf you are using “proxy ARP”, you will want to have
/etc/sliphome/slip.logout remove the ARP entry
for the SLIP client:
#!/bin/sh -
#
# @(#)slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5The arp -d $5 removes the ARP entry that
the “proxy ARP” slip.login added
when the SLIP client logged in.It bears repeating: make sure
/etc/sliphome/slip.logout has the execute
bit set for after you create it (ie, chmod
755 /etc/sliphome/slip.logout).Routing ConsiderationsIf you are not using the “proxy ARP” method for
routing packets between your SLIP clients and the rest of your network
(and perhaps the Internet), you will probably either have to add
static routes to your closest default router(s) to route your SLIP
client subnet via your SLIP server, or you will probably need to
install and configure gated on your FreeBSD SLIP
server so that it will tell your routers via appropriate routing
protocols about your SLIP subnet.Static RoutesAdding static routes to your nearest default routers can be
troublesome (or impossible, if you do not have authority to do
so...). If you have a multiple-router network in your organization,
some routers, such as Cisco and Proteon, may not only need to be
configured with the static route to the SLIP subnet, but also need
to be told which static routes to tell other routers about, so some
expertise and troubleshooting/tweaking may be necessary to get
static-route-based routing to work.Running gatedAn alternative to the headaches of static routes is to install
gated on your FreeBSD SLIP server and configure
it to use the appropriate routing protocols (RIP/OSPF/BGP/EGP) to
tell other routers about your SLIP subnet. You can use
gated from the ports
collection or retrieve and build it yourself from the
GateD anonymous ftp site; I believe the current version as
of this writing is gated-R3_5Alpha_8.tar.Z,
which includes support for FreeBSD “out-of-the-box”.
Complete information and documentation on gated
is available on the Web starting at the Merit GateD
Consortium. Compile and install it, and then write a
/etc/gated.conf file to configure your gated;
here is a sample, similar to what the author used on a FreeBSD SLIP
server:
#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
rip yes {
interface sl noripout noripin ;
interface ed ripin ripout version 1 ;
traceoptions route ;
} ;
#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
traceoptions remnants request routes info interface ;
} ;
#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#
export proto rip interface ed {
proto direct {
xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
} ;
} ;
#
# Accept routes from RIP via ed Ethernet interfaces
import proto rip interface ed {
all ;
} ;The above sample gated.conf file broadcasts
routing information regarding the SLIP subnet
xxx.xxx.yy via RIP onto the Ethernet; if
you are using a different Ethernet driver than the
ed driver, you will need to change the
references to the ed interface
appropriately. This sample file also sets up tracing to
/var/tmp/gated.output for debugging
gated's activity; you can certainly turn off the
tracing options if gated works OK for you. You
will need to change the xxx.xxx.yy's into
the network address of your own SLIP subnet (be sure to change the
net mask in the proto direct clause as
well).When you get gated built and installed and
create a configuration file for it, you will need to run
gated in place of routed on
your FreeBSD system; change the routed/gated
startup parameters in /etc/netstart as
appropriate for your system. Please see the manual page for
gated for information on
gated's command-line parameters.AcknowledgmentsThanks to these people for comments and advice regarding this
tutorial:&a.wilko;Piero SeriniPiero@Strider.Inet.IT
diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index 4d972ffb8f..44cce02e76 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -1,1612 +1,1612 @@
SecurityDES, MD5, and CryptContributed by &a.wollman; 24 September
1995.In order to protect the security of passwords on UN*X systems from
being easily exposed, passwords have traditionally been scrambled in
some way. Starting with Bell Labs' Seventh Edition Unix, passwords were
encrypted using what the security people call a “one-way hash
function”. That is to say, the password is transformed in such a
way that the original password cannot be regained except by brute-force
searching the space of possible passwords. Unfortunately, the only
secure method that was available to the AT&T researchers at the time
was based on DES, the Data Encryption Standard. This causes only
minimal difficulty for commercial vendors, but is a serious problem for
an operating system like FreeBSD where all the source code is freely
available, because national governments in many places like to place
restrictions on cross-border transport of DES and other encryption
software.So, the FreeBSD team was faced with a dilemma: how could we provide
compatibility with all those UNIX systems out there while still not
running afoul of the law? We decided to take a dual-track approach: we
would make distributions which contained only a non-regulated password
scrambler, and then provide as a separate add-on library the DES-based
password hash. The password-scrambling function was moved out of the C
library to a separate library, called libcrypt
because the name of the C function to implement it is
crypt. In FreeBSD 1.x and some pre-release 2.0
snapshots, the non-regulated scrambler uses an insecure function written
by Nate Williams; in subsequent releases this was replaced by a
mechanism using the RSA Data Security, Inc., MD5 one-way hash function.
Because neither of these functions involve encryption, they are believed
to be exportable from the US and importable into many other
countries.Meanwhile, work was also underway on the DES-based password hash
function. First, a version of the crypt function
which was written outside the US was imported, thus synchronizing the US
and non-US code. Then, the library was modified and split into two; the
DES libcrypt contains only the code involved in
performing the one-way password hash, and a separate
libcipher was created with the entry points to
actually perform encryption. The code was partitioned in this way to
make it easier to get an export license for the compiled library.Recognizing your crypt mechanismIt is fairly easy to recognize whether a particular password
string was created using the DES- or MD5-based hash function. MD5
password strings always begin with the characters
$1$. DES password strings do not have any
particular identifying characteristics, but they are shorter than MD5
passwords, and are coded in a 64-character alphabet which does not
include the $ character, so a relatively short
string which doesn't begin with a dollar sign is very likely a DES
password.Determining which library is being used on your system is fairly
easy for most programs, except for those like init
which are statically linked. (For those programs, the only way is to
try them on a known password and see if it works.) Programs which use
crypt are linked against
libcrypt, which for each type of library is a
symbolic link to the appropriate implementation. For example, on a
system using the DES versions:&prompt.user; ls -l /usr/lib/libcrypt*
lrwxr-xr-x 1 root wheel 13 Mar 19 06:56 libcrypt.a -> libdescrypt.a
lrwxr-xr-x 1 root wheel 18 Mar 19 06:56 libcrypt.so.2.0 -> libdescrypt.so.2.0
lrwxr-xr-x 1 root wheel 15 Mar 19 06:56 libcrypt_p.a -> libdescrypt_p.aOn a system using the MD5-based libraries, the same links will be
present, but the target will be libscrypt rather
than libdescrypt.S/KeyContributed by &a.wollman; 25 September
1995.S/Key is a one-time password scheme based on a one-way hash function
(in our version, this is MD4 for compatibility; other versions have used
MD5 and DES-MAC). S/Key has been a standard part of all FreeBSD
distributions since version 1.1.5, and is also implemented on a large
and growing number of other systems. S/Key is a registered trademark of
Bell Communications Research, Inc.There are three different sorts of passwords which we will talk
about in the discussion below. The first is your usual UNIX-style or
Kerberos password; we will call this a “UNIX password”. The
second sort is the one-time password which is generated by the S/Key
key program and accepted by the
keyinit program and the login prompt; we will call
this a “one-time password”. The final sort of password is
the secret password which you give to the key program
(and sometimes the keyinit program) which it uses to
generate one-time passwords; we will call it a “secret
password” or just unqualified “password”.The secret password does not necessarily have anything to do with
your UNIX password (while they can be the same, this is not
recommended). While UNIX passwords are limited to eight characters in
length, your S/Key secret password can be as long as you like; I use
seven-word phrases. In general, the S/Key system operates completely
independently of the UNIX password system.There are in addition two other sorts of data involved in the S/Key
system; one is called the “seed” or (confusingly)
“key”, and consists of two letters and five digits, and the
other is the “iteration count” and is a number between 100
and 1. S/Key constructs a one-time password from these components by
concatenating the seed and the secret password, then applying a one-way
hash (the RSA Data Security, Inc., MD4 secure hash function)
iteration-count times, and turning the result into six short English
words. The login and su programs
keep track of the last one-time password used, and the user is
authenticated if the hash of the user-provided password is equal to the
previous password. Because a one-way hash function is used, it is not
possible to generate future one-time passwords having overheard one
which was successfully used; the iteration count is decremented after
each successful login to keep the user and login program in sync. (When
you get the iteration count down to 1, it is time to reinitialize
S/Key.)There are four programs involved in the S/Key system which we will
discuss below. The key program accepts an iteration
count, a seed, and a secret password, and generates a one-time password.
The keyinit program is used to initialized S/Key, and
to change passwords, iteration counts, or seeds; it takes either a
secret password, or an iteration count, seed, and one-time password.
The keyinfo program examines the
/etc/skeykeys file and prints out the invoking
user's current iteration count and seed. Finally, the
login and su programs contain the
necessary logic to accept S/Key one-time passwords for authentication.
The login program is also capable of disallowing the
use of UNIX passwords on connections coming from specified
addresses.There are four different sorts of operations we will cover. The
first is using the keyinit program over a secure
connection to set up S/Key for the first time, or to change your
password or seed. The second operation is using the
keyinit program over an insecure connection, in
conjunction with the key program over a secure
connection, to do the same. The third is using the
key program to log in over an insecure connection.
The fourth is using the key program to generate a
number of keys which can be written down or printed out to carry with
you when going to some location without secure connections to anywhere
(like at a conference).Secure connection initializationTo initialize S/Key, change your password, or change your seed
while logged in over a secure connection (e.g., on the console of a
machine), use the keyinit command without any
parameters while logged in as yourself:&prompt.user; keyinit
Updating wollman: ) these will not appear if you
Old key: ha73895 ) have not used S/Key before
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: ) I typed my pass phrase here
Again secret password: ) I typed it again ID
wollman s/key is 99 ha73896 ) discussed below SAG
HAS FONT GOUT FATE BOOM )There is a lot of information here. At theEnter secret
password: prompt, you should enter some password or phrase
(I use phrases of minimum seven words) which will be needed to
generate login keys. The line starting `ID' gives the parameters of
your particular S/Key instance: your login name, the iteration count,
and seed. When logging in with S/Key, the system will remember these
parameters and present them back to you so you do not have to remember
them. The last line gives the particular one-time password which
corresponds to those parameters and your secret password; if you were
to re-login immediately, this one-time password is the one you would
use.Insecure connection initializationTo initialize S/Key or change your password or seed over an
insecure connection, you will need to already have a secure connection
to some place where you can run the key program;
this might be in the form of a desk accessory on a Macintosh, or a
shell prompt on a machine you trust (we will show the latter). You
will also need to make up an iteration count (100 is probably a good
value), and you may make up your own seed or use a randomly-generated
one. Over on the insecure connection (to the machine you are
initializing), use the keyinit -s command:&prompt.user; keyinit -s
Updating wollman: Old key: kh94741
Reminder you need the 6 English words from the skey command.
Enter sequence count from 1 to 9999:100 ) I typed this
Enter new key [default kh94742]:
s/key 100 kh94742To accept the default seed (which the keyinit
program confusingly calls a key), press return.
Then move over to your secure connection or S/Key desk accessory, and
give it the same parameters:&prompt.user; key 100 kh94742
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: ) I typed my secret password
HULL NAY YANG TREE TOUT VETONow switch back over to the insecure connection, and copy the
one-time password generated by key over to the
keyinit program:s/key access password:HULL NAY YANG TREE TOUT VETO
ID wollman s/key is 100 kh94742
HULL NAY YANG TREE TOUT VETOThe rest of the description from the previous section applies here
as well.Diversion: a login promptBefore explaining how to generate one-time passwords, we should go
over an S/Key login prompt:&prompt.user; telnet himalia
Trying 18.26.0.186...
Connected to himalia.lcs.mit.edu.
Escape character is '^]'.
s/key 92 hi52030
Password:Note that, before prompting for a password, the login program
prints out the iteration number and seed which you will need in order
to generate the appropriate key. You will also find a useful feature
(not shown here): if you press return at the password prompt, the
login program will turn echo on, so you can see what you are typing.
This can be extremely useful if you are attempting to type in an S/Key
by hand, such as from a printout.If this machine were configured to disallow UNIX passwords over a
connection from my machine, the prompt would have also included the
annotation (s/key required), indicating that only
S/Key one-time passwords will be accepted.Generating a single one-time passwordNow, to generate the one-time password needed to answer this login
prompt, we use a trusted machine and the key
program. (There are versions of the key program
from DOS and Windows machines, and there is an S/Key desk accessory
for Macintosh computers as well.) The command-line
key program takes as its parameters the iteration
count and seed; you can cut-and-paste right from the login prompt
starting at key to the end of the line.
Thus:&prompt.user; key 92 hi52030 ) pasted from previous section
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: ) I typed my secret password
ADEN BED WOLF HAW HOT STUNAnd in the other window:s/key 92 hi52030 ) from previous section
Password:
(turning echo on)
Password:ADEN BED WOLF HAW HOT STUN
Last login: Wed Jun 28 15:31:00 from halloran-eldar.l
[etc.]This is the easiest mechanism if you have a
trusted machine. There is a Java S/Key key applet,
The Java OTP
Calculator, that you can download and run locally on any
Java supporting brower.Generating multiple one-time passwordsSometimes we have to go places where no trusted machines or
connections are available. In this case, it is possible to use the
key command to generate a number of one-time
passwords in the same command; these can then be printed out. For
example:&prompt.user; key -n 25 57 zz99999
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password:
33: WALT THY MALI DARN NIT HEAD
34: ASK RICE BEAU GINA DOUR STAG
…
56: AMOS BOWL LUG FAT CAIN INCH
57: GROW HAYS TUN DISH CAR BALMThe requests twenty-five keys in sequence;
the indicates the ending
iteration number; and the rest is as before. Note that these are
printed out in reverse order of eventual use. If
you are really paranoid, you might want to write the results down by
hand; otherwise you can cut-and-paste into lpr.
Note that each line shows both the iteration count and the one-time
password; you may still find it handy to scratch off passwords as you
use them.Restricting use of UNIX passwordsThe configuration file /etc/skey.access can
be used to configure restrictions on the use of UNIX passwords based
on the host name, user name, terminal port, or IP address of a login
session. The complete format of the file is documented in the
&man.skey.access.5; manual page; there are also some security
cautions there which should be read before depending on this file for
security.If there is no /etc/skey.access file (which
is the default state as FreeBSD is shipped), then all users will be
allowed to use UNIX passwords. If the file exists, however, then all
users will be required to use S/Key unless explicitly permitted to do
otherwise by configuration statements in the
skey.access file. In all cases, UNIX passwords
are permitted on the console.Here is a sample configuration file which illustrates the three
most common sorts of configuration statements:
permit internet 18.26.0.0 255.255.0.0
permit user jrl
permit port ttyd0The first line (permit internet) allows users
whose IP source address (which is vulnerable to spoofing) matches the
specified value and mask, to use UNIX passwords. This should not be
considered a security mechanism, but rather, a means to remind
authorized users that they are using an insecure network and need to
use S/Key for authentication.The second line (permit user) allows the
specified user to use UNIX passwords at any time. Generally speaking,
this should only be used for people who are either unable to use the
key program, like those with dumb terminals, or
those who are uneducable.The third line (permit port) allows all users
logging in on the specified terminal line to use UNIX passwords; this
would be used for dial-ups.KerberosContributed by &a.markm; (based on contribution by
&a.md;).Kerberos is a network add-on system/protocol that allows users to
authenticate themselves through the services of a secure server.
Services such as remote login, remote copy, secure inter-system file
copying and other high-risk tasks are made considerably safer and more
controllable.The following instructions can be used as a guide on how to set up
Kerberos as distributed for FreeBSD. However, you should refer to the
relevant manual pages for a complete description.In FreeBSD, the Kerberos is not that from the original 4.4BSD-Lite,
distribution, but eBones, which had been previously ported to FreeBSD
1.1.5.1, and was sourced from outside the USA/Canada, and is thus
available to system owners outside those countries.For those needing to get a legal foreign distribution of this
software, please do not get it from a USA or Canada
site. You will get that site in big trouble! A
legal copy of this is available from ftp.internat.freebsd.org, which is in South
+ role="fqdn">ftp.internat.FreeBSD.org, which is in South
Africa and an official FreeBSD mirror site.Creating the initial databaseThis is done on the Kerberos server only. First make sure that
you do not have any old Kerberos databases around. You should change
to the directory /etc/kerberosIV and check that
only the following files are present:&prompt.root; cd /etc/kerberosIV
&prompt.root; ls
README krb.conf krb.realmsIf any additional files (such as principal.*
or master_key) exist, then use the
kdb_destroy command to destroy the old Kerberos
database, of if Kerberos is not running, simply delete the extra
files.You should now edit the krb.conf and
krb.realms files to define your Kerberos realm.
In this case the realm will be GRONDAR.ZA and the
server is grunt.grondar.za. We edit or create
the krb.conf file:&prompt.root; cat krb.conf
GRONDAR.ZA
GRONDAR.ZA grunt.grondar.za admin server
CS.BERKELEY.EDU okeeffe.berkeley.edu
ATHENA.MIT.EDU kerberos.mit.edu
ATHENA.MIT.EDU kerberos-1.mit.edu
ATHENA.MIT.EDU kerberos-2.mit.edu
ATHENA.MIT.EDU kerberos-3.mit.edu
LCS.MIT.EDU kerberos.lcs.mit.edu
TELECOM.MIT.EDU bitsy.mit.edu
ARC.NASA.GOV trident.arc.nasa.govIn this case, the other realms do not need to be there. They are
here as an example of how a machine may be made aware of multiple
realms. You may wish to not include them for simplicity.The first line names the realm in which this system works. The
other lines contain realm/host entries. The first item on a line is a
realm, and the second is a host in that realm that is acting as a
“key distribution centre”. The words admin
server following a hosts name means that host also
provides an administrative database server. For further explanation
of these terms, please consult the Kerberos man pages.Now we have to add grunt.grondar.za
to the GRONDAR.ZA realm and also add an entry to
put all hosts in the .grondar.za
domain in the GRONDAR.ZA realm. The
krb.realms file would be updated as
follows:&prompt.root; cat krb.realms
grunt.grondar.za GRONDAR.ZA
.grondar.za GRONDAR.ZA
.berkeley.edu CS.BERKELEY.EDU
.MIT.EDU ATHENA.MIT.EDU
.mit.edu ATHENA.MIT.EDUAgain, the other realms do not need to be there. They are here as
an example of how a machine may be made aware of multiple realms. You
may wish to remove them to simplify things.The first line puts the specific system into
the named realm. The rest of the lines show how to default systems of
a particular subdomain to a named realm.Now we are ready to create the database. This only needs to run
on the Kerberos server (or Key Distribution Centre). Issue the
kdb_init command to do this:&prompt.root; kdb_initRealm name [default ATHENA.MIT.EDU ]:GRONDAR.ZA
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter Kerberos master key:Now we have to save the key so that servers on the local machine
can pick it up. Use the kstash command to do
this.&prompt.root; kstashEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!This saves the encrypted master password in
/etc/kerberosIV/master_key.Making it all runTwo principals need to be added to the database for
each system that will be secured with Kerberos.
Their names are kpasswd and rcmd
These two principals are made for each system, with the instance being
the name of the individual system.These daemons, kpasswd and
rcmd allow other systems to change Kerberos
passwords and run commands like rcp,
rlogin and rsh.Now let's add these entries:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:passwdInstance:grunt
<Not found>, Create [y] ?y
Principal: passwd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?y
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name:rcmdInstance:grunt
<Not found>, Create [y] ?
Principal: rcmd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitCreating the server fileWe now have to extract all the instances which define the services
on each machine. For this we use the ext_srvtab
command. This will create a file which must be copied or moved
by secure means to each Kerberos client's
/etc/kerberosIV directory. This file must be present on each server
and client, and is crucial to the operation of Kerberos.&prompt.root; ext_srvtab gruntEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Generating 'grunt-new-srvtab'....Now, this command only generates a temporary file which must be
renamed to srvtab so that all the server can pick
it up. Use the mv command to move it into place on
the original system:&prompt.root; mv grunt-new-srvtab srvtabIf the file is for a client system, and the network is not deemed
safe, then copy the
client-new-srvtab to
removable media and transport it by secure physical means. Be sure to
rename it to srvtab in the client's
/etc/kerberosIV directory, and make sure it is
mode 600:&prompt.root; mv grumble-new-srvtab srvtab
&prompt.root; chmod 600 srvtabPopulating the databaseWe now have to add some user entries into the database. First
let's create an entry for the user jane. Use the
kdb_edit command to do this:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:
<Not found>, Create [y] ?y
Principal: jane, Instance: , kdc_key_ver: 1
New Password: <---- enter a secure password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitTesting it all outFirst we have to start the Kerberos daemons. NOTE that if you
have correctly edited your /etc/rc.conf then this
will happen automatically when you reboot. This is only necessary on
the Kerberos server. Kerberos clients will automagically get what
they need from the /etc/kerberosIV
directory.&prompt.root; kerberos &
Kerberos server starting
Sleep forever on error
Log file is /var/log/kerberos.log
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Current Kerberos master key version is 1
Local realm: GRONDAR.ZA
&prompt.root; kadmind -n &
KADM Server KADM0.0A initializing
Please do not use 'kill -9' to kill this job, use a
regular kill instead
Current Kerberos master key version is 1.
Master key entered. BEWARE!Now we can try using the kinit command to get a
ticket for the id jane that we created
above:&prompt.user; kinit jane
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane"
Password:Try listing the tokens using klist to see if we
really have them:&prompt.user; klist
Ticket file: /tmp/tkt245
Principal: jane@GRONDAR.ZA
Issued Expires Principal
Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.GRONDAR.ZA@GRONDAR.ZANow try changing the password using passwd to
check if the kpasswd daemon can get authorization to the Kerberos
database:&prompt.user; passwd
realm GRONDAR.ZA
Old password for jane:New Password for jane:
Verifying password
New Password for jane:
Password changed.Adding su privilegesKerberos allows us to give each user who
needs root privileges their own separatesupassword. We could now add an id which is
authorized to su to root.
This is controlled by having an instance of root
associated with a principal. Using kdb_edit we can
create the entry jane.root in the Kerberos
database:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:root
<Not found>, Create [y] ? y
Principal: jane, Instance: root, kdc_key_ver: 1
New Password: <---- enter a SECURE password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?12 <--- Keep this short!
Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitNow try getting tokens for it to make sure it works:&prompt.root; kinit jane.root
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane.root"
Password:Now we need to add the user to root's .klogin
file:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZANow try doing the su:&prompt.user; suPassword:and take a look at what tokens we have:&prompt.root; klist
Ticket file: /tmp/tkt_root_245
Principal: jane.root@GRONDAR.ZA
Issued Expires Principal
May 2 20:43:12 May 3 04:43:12 krbtgt.GRONDAR.ZA@GRONDAR.ZAUsing other commandsIn an earlier example, we created a principal called
jane with an instance root.
This was based on a user with the same name as the principal, and this
is a Kerberos default; that a
<principal>.<instance> of the form
<username>.root will allow
that <username> to su to
root if the necessary entries are in the .klogin
file in root's home directory:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZALikewise, if a user has in their own home directory lines of the
form:&prompt.user; cat ~/.klogin
jane@GRONDAR.ZA
jack@GRONDAR.ZAThis allows anyone in the GRONDAR.ZA realm
who has authenticated themselves to jane or
jack (via kinit, see above)
access to rlogin to jane's
account or files on this system (grunt) via
rlogin, rsh or
rcp.For example, Jane now logs into another system, using
Kerberos:&prompt.user; kinit
MIT Project Athena (grunt.grondar.za)
Password:
%prompt.user; rlogin grunt
Last login: Mon May 1 21:14:47 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995Or Jack logs into Jane's account on the same machine (Jane having
set up the .klogin file as above, and the person
in charge of Kerberos having set up principal
jack with a null instance:&prompt.user; kinit
&prompt.user; rlogin grunt -l jane
MIT Project Athena (grunt.grondar.za)
Password:
Last login: Mon May 1 21:16:55 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995FirewallsContributed by &a.gpalmer; and &a.alex;.Firewalls are an area of increasing interest for people who are
connected to the Internet, and are even finding applications on private
networks to provide enhanced security. This section will hopefully
explain what firewalls are, how to use them, and how to use the
facilities provided in the FreeBSD kernel to implement them.People often think that having a firewall between your companies
internal network and the “Big Bad Internet” will solve all
your security problems.It may help, but a poorly setup firewall system is more of a
security risk than not having one at all. A firewall can only add
another layer of security to your systems, but they will not be able
to stop a really determined cracker from penetrating your internal
network. If you let internal security lapse because you believe your
firewall to be impenetrable, you have just made the crackers job that
bit easier.What is a firewall?There are currently two distinct types of firewalls in common use
on the Internet today. The first type is more properly called a
packet filtering router, where the kernel on a
multi-homed machine chooses whether to forward or block packets based
on a set of rules. The second type, known as proxy
servers, rely on daemons to provide authentication and to
forward packets, possibly on a multi-homed machine which has kernel
packet forwarding disabled.Sometimes sites combine the two types of firewalls, so that only a
certain machine (known as a bastion host) is
allowed to send packets through a packet filtering router onto an
internal network. Proxy services are run on the bastion host, which
are generally more secure than normal authentication
mechanisms.FreeBSD comes with a kernel packet filter (known as
IPFW), which is what the rest of this
section will concentrate on. Proxy servers can be built on FreeBSD
from third party software, but there is such a variety of proxy
servers available that it would be impossible to cover them in this
document.Packet filtering routersA router is a machine which forwards packets between two or more
networks. A packet filtering router has an extra piece of code in
its kernel, which compares each packet to a list of rules before
deciding if it should be forwarded or not. Most modern IP routing
software has packet filtering code in it, which defaults to
forwarding all packets. To enable the filters, you need to define a
set of rules for the filtering code, so that it can decide if the
packet should be allowed to pass or not.To decide if a packet should be passed on or not, the code looks
through its set of rules for a rule which matches the contents of
this packets headers. Once a match is found, the rule action is
obeyed. The rule action could be to drop the packet, to forward the
packet, or even to send an ICMP message back to the originator.
Only the first match counts, as the rules are searched in order.
Hence, the list of rules can be referred to as a “rule
chain”.The packet matching criteria varies depending on the software
used, but typically you can specify rules which depend on the source
IP address of the packet, the destination IP address, the source
port number, the destination port number (for protocols which
support ports), or even the packet type (UDP, TCP, ICMP,
etc).Proxy serversProxy servers are machines which have had the normal system
daemons (telnetd, ftpd, etc) replaced with special servers. These
servers are called proxy servers as they
normally only allow onward connections to be made. This enables you
to run (for example) a proxy telnet server on your firewall host,
and people can telnet in to your firewall from the outside, go
through some authentication mechanism, and then gain access to the
internal network (alternatively, proxy servers can be used for
signals coming from the internal network and heading out).Proxy servers are normally more secure than normal servers, and
often have a wider variety of authentication mechanisms available,
including “one-shot” password systems so that even if
someone manages to discover what password you used, they will not be
able to use it to gain access to your systems as the password
instantly expires. As they do not actually give users access to the
host machine, it becomes a lot more difficult for someone to install
backdoors around your security system.Proxy servers often have ways of restricting access further, so
that only certain hosts can gain access to the servers, and often
they can be set up so that you can limit which users can talk to
which destination machine. Again, what facilities are available
depends largely on what proxy software you choose.What does IPFW allow me to do?IPFW, the software supplied with
FreeBSD, is a packet filtering and accounting system which resides in
the kernel, and has a user-land control utility,
&man.ipfw.8;. Together, they allow you to define and query the
rules currently used by the kernel in its routing decisions.There are two related parts to IPFW.
The firewall section allows you to perform packet filtering. There is
also an IP accounting section which allows you to track usage of your
router, based on similar rules to the firewall section. This allows
you to see (for example) how much traffic your router is getting from
a certain machine, or how much WWW (World Wide Web) traffic it is
forwarding.As a result of the way that IPFW is
designed, you can use IPFW on non-router
machines to perform packet filtering on incoming and outgoing
connections. This is a special case of the more general use of
IPFW, and the same commands and techniques
should be used in this situation.Enabling IPFW on FreeBSDAs the main part of the IPFW system
lives in the kernel, you will need to add one or more options to your
kernel configuration file, depending on what facilities you want, and
recompile your kernel. See reconfiguring
the kernel for more details on how to recompile your
kernel.There are currently three kernel configuration options relevant to
IPFW:options IPFIREWALLCompiles into the kernel the code for packet
filtering.options IPFIREWALL_VERBOSEEnables code to allow logging of packets through
&man.syslogd.8;. Without this option, even if you specify
that packets should be logged in the filter rules, nothing will
happen.options IPFIREWALL_VERBOSE_LIMIT=10Limits the number of packets logged through
&man.syslogd.8; on a per entry basis. You may wish to use
this option in hostile environments in which you want to log
firewall activity, but do not want to be open to a denial of
service attack via syslog flooding.When a chain entry reaches the packet limit specified,
logging is turned off for that particular entry. To resume
logging, you will need to reset the associated counter using the
&man.ipfw.8; utility:&prompt.root; ipfw zero 4500Where 4500 is the chain entry you wish to continue
logging.Previous versions of FreeBSD contained an
IPFIREWALL_ACCT option. This is now obsolete as
the firewall code automatically includes accounting
facilities.Configuring IPFWThe configuration of the IPFW software
is done through the &man.ipfw.8; utility. The syntax for this
command looks quite complicated, but it is relatively simple once you
understand its structure.There are currently four different command categories used by the
utility: addition/deletion, listing, flushing, and clearing.
Addition/deletion is used to build the rules that control how packets
are accepted, rejected, and logged. Listing is used to examine the
contents of your rule set (otherwise known as the chain) and packet
counters (accounting). Flushing is used to remove all entries from
the chain. Clearing is used to zero out one or more accounting
entries.Altering the IPFW rulesThe syntax for this form of the command is:
ipfw-NcommandindexactionlogprotocoladdressesoptionsThere is one valid flag when using this form of the
command:-NResolve addresses and service names in output.The command given can be shortened to the
shortest unique form. The valid commands
are:addAdd an entry to the firewall/accounting rule listdeleteDelete an entry from the firewall/accounting rule
listPrevious versions of IPFW used
separate firewall and accounting entries. The present version
provides packet accounting with each firewall entry.If an index value is supplied, it used to
place the entry at a specific point in the chain. Otherwise, the
entry is placed at the end of the chain at an index 100 greater than
the last chain entry (this does not include the default policy, rule
65535, deny).The log option causes matching rules to be
output to the system console if the kernel was compiled with
IPFIREWALL_VERBOSE.Valid actions are:rejectDrop the packet, and send an ICMP host or port unreachable
(as appropriate) packet to the source.allowPass the packet on as normal. (aliases:
pass and
accept)denyDrop the packet. The source is not notified via an
ICMP message (thus it appears that the packet never
arrived at the destination).countUpdate packet counters but do not allow/deny the packet
based on this rule. The search continues with the next chain
entry.Each action will be recognized by the
shortest unambiguous prefix.The protocols which can be specified
are:allMatches any IP packeticmpMatches ICMP packetstcpMatches TCP packetsudpMatches UDP packetsThe address specification is:fromaddress/maskporttoaddress/markportvia interfaceYou can only specify port in
conjunction with protocols which support ports
(UDP and TCP).The is optional and may specify the IP
address or domain name of a local IP interface, or an interface name
(e.g. ed0) to match only packets coming
through this interface. Interface unit numbers can be specified
with an optional wildcard. For example, ppp*
would match all kernel PPP interfaces.The syntax used to specify an
address/mask is:
address
or
address/mask-bits
or
address:mask-patternA valid hostname may be specified in place of the IP address.
is a decimal
number representing how many bits in the address mask should be set.
e.g. specifying 192.216.222.1/24 will create a
mask which will allow any address in a class C subnet (in this case,
192.216.222) to be matched.
is an IP
address which will be logically AND'ed with the address given. The
keyword any may be used to specify “any IP
address”.The port numbers to be blocked are specified as:
port,port,port…
to specify either a single port or a list of ports, or
port-port
to specify a range of ports. You may also combine a single range
with a list, but the range must always be specified first.The options available are:fragMatches if the packet is not the first fragment of the
datagram.inMatches if the packet is on the way in.outMatches if the packet is on the way out.ipoptions specMatches if the IP header contains the comma separated list
of options specified in spec. The
supported list of IP options are: ssrr
(strict source route), lsrr (loose source
route), rr (record packet route), and
ts (timestamp). The absence of a
particular option may be denoted with a leading
!.establishedMatches if the packet is part of an already established
TCP connection (i.e. it has the RST or ACK bits set). You can
optimize the performance of the firewall by placing
established rules early in the
chain.setupMatches if the packet is an attempt to establish a TCP
connection (the SYN bit set is set but the ACK bit is
not).tcpflags flagsMatches if the TCP header contains the comma separated
list of flags. The supported flags
are fin, syn,
rst, psh,
ack, and urg. The
absence of a particular flag may be indicated by a leading
!.icmptypes typesMatches if the ICMP type is present in the list
types. The list may be specified
as any combination of ranges and/or individual types separated
by commas. Commonly used ICMP types are: 0
echo reply (ping reply), 3 destination
unreachable, 5 redirect,
8 echo request (ping request), and
11 time exceeded (used to indicate TTL
expiration as with &man.traceroute.8;).Listing the IPFW rulesThe syntax for this form of the command is:
ipfw-a-t-NlThere are three valid flags when using this form of the
command:-aWhile listing, show counter values. This option is the
only way to see accounting counters.-tDisplay the last match times for each chain entry. The
time listing is incompatible with the input syntax used by the
&man.ipfw.8; utility.-NAttempt to resolve given addresses and service
names.Flushing the IPFW rulesThe syntax for flushing the chain is:
ipfwflushThis causes all entries in the firewall chain to be removed
except the fixed default policy enforced by the kernel (index
65535). Use caution when flushing rules, the default deny policy
will leave your system cut off from the network until allow entries
are added to the chain.Clearing the IPFW packet countersThe syntax for clearing one or more packet counters is:
ipfwzeroindexWhen used without an index argument,
all packet counters are cleared. If an
index is supplied, the clearing operation
only affects a specific chain entry.Example commands for ipfwThis command will deny all packets from the host evil.crackers.org to the telnet port of the
host nice.people.org by being forwarded
by the router:&prompt.root ipfw add deny tcp from evil.crackers.org to nice.people.org 23The next example denies and logs any TCP traffic from the entire
crackers.org network (a class C) to
the nice.people.org machine (any
port).&prompt.root; ipfw add deny log tcp from evil.crackers.org/24 to nice.people.orgIf you do not want people sending X sessions to your internal
network (a subnet of a class C), the following command will do the
necessary filtering:&prompt.root; ipfw add deny tcp from any to my.org/28 6000 setupTo see the accounting records:
&prompt.root; ipfw -a list
or in the short form
&prompt.root; ipfw -a lYou can also see the last time a chain entry was matched
with:&prompt.root; ipfw -at lBuilding a packet filtering firewallThe following suggestions are just that: suggestions. The
requirements of each firewall are different and I cannot tell you
how to build a firewall to meet your particular requirements.When initially setting up your firewall, unless you have a test
bench setup where you can configure your firewall host in a controlled
environment, I strongly recommend you use the logging version of the
commands and enable logging in the kernel. This will allow you to
quickly identify problem areas and cure them without too much
disruption. Even after the initial setup phase is complete, I
recommend using the logging for of `deny' as it allows tracing of
possible attacks and also modification of the firewall rules if your
requirements alter.If you use the logging versions of the accept
command, it can generate large amounts of log
data as one log line will be generated for every packet that passes
through the firewall, so large ftp/http transfers, etc, will really
slow the system down. It also increases the latencies on those
packets as it requires more work to be done by the kernel before the
packet can be passed on. syslogd with also start using up a lot
more processor time as it logs all the extra data to disk, and it
could quite easily fill the partition /var/log
is located on.You should enable your firewall from
/etc/rc.conf.local or
/etc/rc.conf. The associated manpage explains
which knobs to fiddle and lists some preset firewall configurations.
If you do not use a preset configuration, ipfw list
will output the current ruleset into a file that you can
pass to rc.conf. If you do not use
/etc/rc.conf.local or
/etc/rc.conf to enable your firewall,
it is important to make sure your firewall is enabled before
any IP interfaces are configured.
The next problem is what your firewall should actually
do! This is largely dependent on what access to
your network you want to allow from the outside, and how much access
to the outside world you want to allow from the inside. Some general
rules are:Block all incoming access to ports below 1024 for TCP. This is
where most of the security sensitive services are, like finger,
SMTP (mail) and telnet.Block all incoming UDP traffic. There
are very few useful services that travel over UDP, and what useful
traffic there is is normally a security threat (e.g. Suns RPC and
NFS protocols). This has its disadvantages also, since UDP is a
connectionless protocol, denying incoming UDP traffic also blocks
the replies to outgoing UDP traffic. This can cause a problem for
people (on the inside) using external archie (prospero) servers.
If you want to allow access to archie, you'll have to allow
packets coming from ports 191 and 1525 to any internal UDP port
through the firewall. ntp is another service you may consider
allowing through, which comes from port 123.Block traffic to port 6000 from the outside. Port 6000 is the
port used for access to X11 servers, and can be a security threat
(especially if people are in the habit of doing xhost
+ on their workstations). X11 can actually use a
range of ports starting at 6000, the upper limit being how many X
displays you can run on the machine. The upper limit as defined
by RFC 1700 (Assigned Numbers) is 6063.Check what ports any internal servers use (e.g. SQL servers,
etc). It is probably a good idea to block those as well, as they
normally fall outside the 1-1024 range specified above.Another checklist for firewall configuration is available from
CERT at ftp://ftp.cert.org/pub/tech_tips/packet_filteringAs I said above, these are only guidelines.
You will have to decide what filter rules you want to use on your
firewall yourself. I cannot accept ANY responsibility if someone
breaks into your network, even if you follow the advice given
above.
diff --git a/en_US.ISO8859-1/books/handbook/staff/chapter.sgml b/en_US.ISO8859-1/books/handbook/staff/chapter.sgml
index 31288cb6a8..f906ca12c8 100644
--- a/en_US.ISO8859-1/books/handbook/staff/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/staff/chapter.sgml
@@ -1,869 +1,869 @@
FreeBSD Project StaffThe FreeBSD Project is managed and operated by the following groups of
people:The FreeBSD Core TeamThe FreeBSD core team constitutes the project's “Board of
Directors”, responsible for deciding the project's overall goals
and direction as well as managing specific
areas of the FreeBSD project landscape.(in alphabetical order by last name):&a.asami;&a.jmb;&a.ache;&a.bde;&a.gibbs;&a.dg;&a.jkh;&a.phk;&a.rich;&a.gpalmer;&a.jdp;&a.dfr;&a.sos;&a.peter;&a.wollman;&a.joerg;The FreeBSD DevelopersThese are the people who have commit privileges and do the
engineering work on the FreeBSD source tree. All core team members are
also developers.&a.ugen;&a.mbarkah;&a.stb;&a.pb;&a.abial;&a.jb;&a.torstenb;&a.dburr;&a.charnier;&a.luoqi;&a.ejc;&a.kjc;&a.gclarkii;&a.archie;&a.alc;&a.cracauer;&a.adam;&a.dillon;&a.dufault;&a.uhclem;&a.tegge;&a.eivind;&a.julian;&a.rse;&a.ru;&a.se;&a.jasone;&a.sef;&a.green;&a.fenner;&a.jfieber;&a.jfitz;&a.scrappy;&a.lars;&a.dirk;&a.shige;&a.billf;&a.gallatin;&a.tg;&a.brandon;&a.graichen;&a.jgreco;&a.rgrimes;&a.jmg;&a.hanai;&a.mharo;&a.thepish;&a.jhay;&a.sheldonh;&a.helbig;&a.ghelmer;&a.erich;&a.nhibma;&a.flathill;&a.hosokawa;&a.hsu;&a.foxfair;&a.tom;&a.mph;&a.itojun;&a.iwasaki;&a.mjacob;&a.gj;&a.nsj;&a.ljo;&a.kato;&a.andreas;&a.motoyuki;&a.jkoshy;&a.kuriyama;&a.grog;&a.jlemon;&a.truckman;&a.imp;&a.jmacd;&a.smace;&a.mckay;&a.mckusick;&a.ken;&a.hm;&a.tedm;&a.amurai;&a.markm;&a.max;&a.alex;&a.newton;&a.rnordier;&a.davidn;&a.obrien;&a.danny;&a.ljo;&a.fsmp;&a.smpatel;&a.wpaul;&a.wes;&a.cpiazza;&a.steve;&a.mpp;&a.jraynard;&a.darrenr;&a.csgr;&a.martin;&a.paul;&a.roberto;&a.chuckr;&a.guido;&a.dima;&a.sada;&a.nsayer;&a.wosch;&a.ats;&a.dick;&a.jseger;&a.simokawa;&a.vanilla;&a.msmith;&a.des;&a.brian;&a.mks;&a.stark;&a.karl;&a.taoka;&a.dt;&a.cwt;&a.pst;&a.hoek;&a.nectar;&a.swallace;&a.dwhite;&a.nate;&a.yokota;&a.jmz;The FreeBSD Documentation Project
- The FreeBSD
+ The FreeBSD
Documentation Project is responsible for a number of different
services, each service being run by an individual and his
deputies (if any):Documentation Project Manager&a.nik;Webmaster&a.wosch;Handbook & FAQ Editor&a.faq;News Editor&a.nsj;Deputy: &a.john;In the Press Editor&a.jkoshyFreeBSD Really-Quick NewsLetter EditorChris Coleman chrisc@vmunix.comGallery Editor&a.nsj;Deputy: &a.cawimm;Commercial Editor&a.nik;Web Changes Editor-LinuxDoc to DocBook conversion&a.nik;Who Is Responsible for WhatPrincipal Architect&a.dg;Documentation
+ url="http://www.FreeBSD.org/docproj/docproj.html">Documentation
Project Manager&a.nik;Internationalization&a.ache;Networking&a.wollman;Postmaster&a.jmb;Release Coordinator&a.jkh;Public Relations & Corporate Liaison&a.jkh;
- Security
+ Security
Officer&a.imp;
- Source
+ Source
Repository ManagersPrincipal: &a.peter;Assistant: &a.jdp;International (Crypto): &a.markm;
- Ports
+ Ports
Manager&a.asami;XFree86 Project, Inc. Liaison&a.rich;Usenet Support&a.joerg;
- GNATS
+ GNATS
Administrator&a.steve;Webmaster
+ url="http://www.FreeBSD.org/internal/">Webmaster
&a.wosch;
diff --git a/en_US.ISO8859-1/books/porters-handbook/book.sgml b/en_US.ISO8859-1/books/porters-handbook/book.sgml
index a8e0342e5d..0aedc236a2 100644
--- a/en_US.ISO8859-1/books/porters-handbook/book.sgml
+++ b/en_US.ISO8859-1/books/porters-handbook/book.sgml
@@ -1,4610 +1,4610 @@
Installing Applications: The Ports collectionContributed by &a.jraynard;.The FreeBSD Ports collection allows you to compile and install a very
wide range of applications with a minimum of effort.For all the hype about open standards, getting a program to work on
different versions of Unix in the real world can be a tedious and tricky
business, as anyone who has tried it will know. You may be lucky enough
to find that the program you want will compile cleanly on your system,
install itself in all the right places and run flawlessly “out of
the box”, but this is unfortunately rather rare. With most
programs, you will find yourself doing a fair bit of head-scratching, and
there are quite a few programs that will result in premature greying, or
even chronic alopecia...Some software distributions have attacked this problem by providing
configuration scripts. Some of these are very clever, but they have an
unfortunate tendency to triumphantly announce that your system is
something you have never heard of and then ask you lots of questions that
sound like a final exam in system-level Unix programming (Does
your system's gethitlist function return a const pointer to a fromboz or
a pointer to a const fromboz? Do you have Foonix style unacceptable
exception handling? And if not, why not?).Fortunately, with the Ports collection, all the hard work involved has
already been done, and you can just type make install
and get a working program.Why Have a Ports Collection?The base FreeBSD system comes with a very wide range of tools and
system utilities, but a lot of popular programs are not in the base
system, for good reasons:-Programs that some people cannot live without and other people
cannot stand, such as a certain Lisp-based editor.Programs which are too specialised to put in the base system
(CAD, databases).Programs which fall into the “I must have a look at that
when I get a spare minute” category, rather than
system-critical ones (some languages, perhaps).Programs that are far too much fun to be supplied with a serious
operating system like FreeBSD ;-)However many programs you put in the base system, people will
always want more, and a line has to be drawn somewhere (otherwise
FreeBSD distributions would become absolutely enormous).Obviously it would be unreasonable to expect everyone to port their
favourite programs by hand (not to mention a tremendous amount of
duplicated work), so the FreeBSD Project came up with an ingenious way
of using standard tools that would automate the process.Incidentally, this is an excellent illustration of how “the
Unix way” works in practice by combining a set of simple but very
flexible tools into something very powerful.How Does the Ports Collection Work?Programs are typically distributed on the Internet as a tarball consisting of a Makefile and
the source code for the program and usually some instructions (which are
unfortunately not always as instructive as they could be), with perhaps
a configuration script.The standard scenario is that you FTP down the tarball, extract it
somewhere, glance through the instructions, make any changes that seem
necessary, run the configure script to set things up and use the
standard make program to compile and install the
program from the source.FreeBSD ports still use the tarball mechanism, but use a skeleton to hold the
"knowledge" of how to get the program working on FreeBSD,
rather than expecting the user to be able to work it out. They also
supply their own customised Makefile, so that almost every port
can be built in the same way.If you look at a port skeleton (either on your FreeBSD
system or the
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/ports/devel/ElectricFence">the
FTP site) and expect to find all sorts of pointy-headed rocket
science lurking there, you may be disappointed by the one or two rather
unexciting-looking files and directories you find there. (We will
discuss in a minute how to go about Getting a port).“How on earth can this do anything?” I hear you cry.
“There is no source code there!”Fear not, gentle reader, all will become clear (hopefully). Let us
see what happens if we try and install a port. I have chosen
ElectricFence, a useful tool for developers,
as the skeleton is more straightforward than most.If you are trying this at home, you will need to be root.&prompt.root; cd /usr/ports/devel/ElectricFence
&prompt.root; make install
>> Checksum OK for ElectricFence-2.0.5.tar.gz.
===> Extracting for ElectricFence-2.0.5
===> Patching for ElectricFence-2.0.5
===> Applying FreeBSD patches for ElectricFence-2.0.5
===> Configuring for ElectricFence-2.0.5
===> Building for ElectricFence-2.0.5
[lots of compiler output...]
===> Installing for ElectricFence-2.0.5
===> Warning: your umask is "0002". If this is not desired, set it to
an appropriate value and install this port again by ``make reinstall''.
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.a /usr/local/lib
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.3 /usr/local/man/man3
===> Compressing manual pages for ElectricFence-2.0.5
===> Registering installation for ElectricFence-2.0.5To avoid confusing the issue, I have completely removed the build
output.If you tried this yourself, you may well have got something like
this at the start:-&prompt.root; make install
>> ElectricFence-2.0.5.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://ftp.doc.ic.ac.uk/Mirrors/sunsite.unc.edu/pub/Linux/devel/lang/c/.The make program has noticed that you did not
have a local copy of the source code and tried to FTP it down so it
could get the job done. I already had the source handy in my example,
so it did not need to fetch it.Let's go through this and see what the make
program was doing.Locate the source code tarball. If it is not available
locally, try to grab it from an FTP site.Run a checksum test on the
tarball to make sure it has not been tampered with, accidentally
truncated, downloaded in ASCII mode, struck by neutrinos while in
transit, etc.Extract the tarball into a temporary work directory.Apply any patches needed to
get the source to compile and run under FreeBSD.Run any configuration script required by the build process and
correctly answer any questions it asks.(Finally!) Compile the code.Install the program executable and other supporting files, man
pages, etc. under the /usr/local hierarchy
(unless this is an X11 program,
then it will be under /usr/X11R6),
where they will not get mixed up with system programs. This also
makes sure that all the ports you install will go in the same place,
instead of being flung all over your system.Register the installation in a database. This means that, if
you do not like the program, you can cleanly remove all traces of it from your
system.Scroll up to the make output and see if you can
match these steps to it. And if you were not impressed before, you
should be by now!Getting a FreeBSD PortThere are two ways of getting hold of the FreeBSD port for a
program. One requires a FreeBSD CDROM,
the other involves using an Internet
Connection.Compiling ports from CDROMAssuming that your FreeBSD CDROM is in the drive and mounted on
/cdrom (and the mount point
must be /cdrom), you should
then be able to build ports just as you normally do and the port
collection's built in search path should find the tarballs in
/cdrom/ports/distfiles/ (if they exist there)
rather than downloading them over the net.Another way of doing this, if you want to just use the port
skeletons on the CDROM, is to set these variables in
/etc/make.conf:
PORTSDIR= /cdrom/ports
DISTDIR= /tmp/distfiles
WRKDIRPREFIX= /tmpSubstitute /tmp for any place you have enough
free space. Then, just cd to the appropriate
subdirectory under /cdrom/ports and type
make install as usual.
WRKDIRPREFIX will cause the port to be build under
/tmp/cdrom/ports; for instance,
games/oneko will be built under
/tmp/cdrom/ports/games/oneko.There are some ports for which we cannot provide the original
source in the CDROM due to licensing limitations. In that case, you
will need to look at the section on Compiling ports using an Internet
connection.Compiling ports from the InternetIf you do not have a CDROM, or you want to make sure you get the
very latest version of the port you want, you will need to download
the skeleton for the port. Now
this might sound like rather a fiddly job full of pitfalls, but it is
actually very easy.First, if you are running a release version of FreeBSD, make sure
you get the appropriate “upgrade kit” for your release
- from the ports web
+ from the ports web
page. These packages include files that have been updated
since the release that you may need to compile new ports.The key to the skeletons is that the FreeBSD FTP server can create
on-the-fly tarballs for you.
Here is how it works, with the gnats program in the databases
directory as an example (the bits in square brackets are comments. Do
not type them in if you are trying this yourself!):-&prompt.root; cd /usr/ports
&prompt.root; mkdir databases
&prompt.root; cd databases
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/ports/databasesftp>get gnats.tar
[tars up the gnats skeleton for us]
ftp>quit
&prompt.root; tar xf gnats.tar
[extract the gnats skeleton]
&prompt.root; cd gnats
&prompt.root; make install
[build and install gnats]What happened here? We connected to the FTP server in the usual
way and went to its databases sub-directory.
When we gave it the command get gnats.tar, the FTP
server tarred up the gnats
directory for us.We then extracted the gnats skeleton and went into the gnats
directory to build the port. As we explained earlier, the make process noticed we
did not have a copy of the source locally, so it fetched one before
extracting, patching and building it.Let us try something more ambitious now. Instead of getting a
single port skeleton, we will get a whole sub-directory, for example all
the database skeletons in the ports collection. It looks almost the
same:-&prompt.root; cd /usr/ports
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/portsftp>get databases.tar
[tars up the databases directory for us]
ftp>quit
&prompt.root; tar xf databases.tar
[extract all the database skeletons]
&prompt.root; cd databases
&prompt.root; make install
[build and install all the database ports]With half a dozen straightforward commands, we have now got a set
of database programs on our FreeBSD machine! All we did that was
different from getting a single port skeleton and building it was that
we got a whole directory at once, and compiled everything in it at
once. Pretty impressive, no?If you expect to be installing many ports, it is probably worth
downloading all the ports directories.SkeletonsA team of compulsive hackers who have forgotten to eat in a frantic
attempt to make a deadline? Something unpleasant lurking in the FreeBSD
attic? No, a skeleton here is a minimal framework that supplies
everything needed to make the ports magic work.MakefileThe most important component of a skeleton is the Makefile. This
contains various statements that specify how the port should be
compiled and installed. Here is the Makefile for
ElectricFence:-
# New ports collection makefile for: Electric Fence
# Version required: 2.0.5
# Date created: 13 November 1997
# Whom: jraynard
#
# $Id$
#
DISTNAME= ElectricFence-2.0.5
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_SUNSITE}
MASTER_SITE_SUBDIR= devel/lang/c
MAINTAINER= jraynard@freebsd.org
MAN3= libefence.3
do-install:
${INSTALL_DATA} ${WRKSRC}/libefence.a ${PREFIX}/lib
${INSTALL_MAN} ${WRKSRC}/libefence.3 ${PREFIX}/man/man3
.include <bsd.port.mk>The lines beginning with a "#" sign are comments for the
benefit of human readers (as in most Unix script files).DISTNAME specifies the name of the tarball, but without the
extension.CATEGORIES states what kind of program this is.
In this case, a utility for developers. See the categories section of this
handbook for a complete list.MASTER_SITES is the URL(s) of the master FTP
site, which is used to retrieve the tarball if it is not available on the
local system. This is a site which is regarded as reputable, and is
normally the one from which the program is officially distributed (in
so far as any software is "officially" distributed on the
Internet).MAINTAINER is the email address of the person
who is responsible for updating the skeleton if, for example a new
version of the program comes out.Skipping over the next few lines for a minute, the line
.include <bsd.port.mk> says that the other
statements and commands needed for this port are in a standard file
called bsd.port.mk. As these are the same for
all ports, there is no point in duplicating them all over the place,
so they are kept in a single standard file.This is probably not the place to go into a detailed examination
of how Makefiles work; suffice it to say that the line starting with
MAN3 ensures that the ElectricFence man page is
compressed after installation, to help conserve your precious disk
space. The original port did not provide an
install target, so the three lines from
do-install ensure that the files produced by
this port are placed in the correct destination.The files directoryThe file containing the checksum for the port is called
md5, after the MD5 algorithm used for ports
checksums. It lives in a directory with the slightly confusing name
of files.This directory can also contain other miscellaneous files that are
required by the port and do not belong anywhere else.The patches directoryThis directory contains the patches needed to make everything work
properly under FreeBSD.The pkg directoryThis program contains three quite useful files:-COMMENT — a one-line description of
the program.DESCR — a more detailed
description.PLIST — a list of all the files
that will be created when the program is installed.What to do when a port does not work.Oh. You can do one of four (4) things :Fix it yourself. Technical details on how ports work can be
found in Porting applications.Gripe. This is done by e-mail only! Send
such e-mail to the maintainer of the port, first. Type
make maintainer or read the
Makefile to find the maintainer's email
address. Remember to include the name/version of
the port (copy the $Id: line from the
Makefile), and the output leading up-to the
error, inclusive. If you do not get a satisfactory response,
you can try filing a bug report with send-pr.
Forget it. This is the easiest for most — very few of the
programs in ports can be classified as essential!Grab the pre-compiled package from a ftp server. The
“master” package collection is on FreeBSD's FTP server
in the packages
directory, though check your local mirror first, please!
These are more likely to work (on the whole) than trying to compile
from source and a lot faster besides! Use the &man.pkg.add.1;
program to install a package file on your
system.Some Questions and AnswersQ. I thought this was going to be a discussion about
modems??!A. Ah. You must be thinking of the serial ports on the back of
your computer. We are using “port” here to mean the
result of “porting” a program from one version of Unix
to another. (It is an unfortunate bad habit of computer people to
use the same word to refer to several completely different
things).Q. I thought you were supposed to use packages to install extra
programs?A. Yes, that is usually the quickest and easiest way of doing
it.Q. So why bother with ports then?A. Several reasons:-The licensing conditions on some software distributions
require that they be distributed as source code, not
binaries.Some people do not trust binary distributions. At least
with source code you can (in theory) read through it and look
for potential problems yourself.If you have some local patches, you will need the source to
add them yourself.You might have opinions on how a program should be compiled
that differ from the person who did the package — some
people have strong views on what optimisation setting should be
used, whether to build debug versions and then strip them or
not, etc. etc.Some people like having code around, so they can read it if
they get bored, hack around with it, borrow from it (licence
terms permitting, of course!) and so on.If you ain't got the source, it ain't software! ;-) Q. What is a patch?A. A patch is a small (usually) file that specifies how to go
from one version of a file to another. It contains text that says,
in effect, things like “delete line 23”, “add
these two lines after line 468” or “change line 197 to
this”. Also known as a “diff”, since it is
generated by a program of that name. Q. What is all this about
tarballs?A. It is a file ending in .tar or
.tar.gz (with variations like
.tar.Z, or even .tgz if
you are trying to squeeze the names into a DOS filesystem).Basically, it is a directory tree that has been archived into a
single file (.tar) and optionally compressed
(.gz). This technique was originally used for
Tape ARchives (hence the
name tar), but it is a widely used way of
distributing program source code around the Internet.You can see what files are in them, or even extract them
yourself, by using the standard Unix tar program, which comes with
the base FreeBSD system, like this:-&prompt.user; tar tvzf foobar.tar.gz
&prompt.user; tar xzvf foobar.tar.gz
&prompt.user; tar tvf foobar.tar
&prompt.user; tar xvf foobar.tar Q. And a checksum?A. It is a number generated by adding up all the data in the
file you want to check. If any of the characters change, the
checksum will no longer be equal to the total, so a simple
comparison will allow you to spot the difference. (In practice, it
is done in a more complicated way to spot problems like
position-swapping, which will not show up with a simplistic
addition).Q. I did what you said for compiling
ports from a CDROM and it worked great until I tried to
install the kermit port:-&prompt.root; make install
>> cku190.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://kermit.columbia.edu/kermit/archives/.Why can it not be found? Have I got a dud CDROM?A. The licensing terms for kermit do not allow us to put the
tarball for it on the CDROM, so you will have to fetch it by hand
— sorry! The reason why you got all those error messages was
because you were not connected to the Internet at the time. Once
you have downloaded it from any of the sites above, you can re-start
the process (try and choose the nearest site to you, though, to save
your time and the Internet's bandwidth).Q. I did that, but when I tried to put it into
/usr/ports/distfiles I got some error about not
having permission.A. The ports mechanism looks for the tarball in
/usr/ports/distfiles, but you will not be able
to copy anything there because it is sym-linked to the CDROM, which
is read-only. You can tell it to look somewhere else by
doing&prompt.root; make DISTDIR=/where/you/put/it installQ. Does the ports scheme only work if you have everything in
/usr/ports? My system administrator says I must
put everything under
/u/people/guests/wurzburger, but it does not
seem to work.A. You can use the PORTSDIR and
PREFIX variables to tell the ports mechanism to
use different directories. For instance,&prompt.root; make PORTSDIR=/u/people/guests/wurzburger/ports installwill compile the port in
/u/people/guests/wurzburger/ports and install
everything under /usr/local.&prompt.root; make PREFIX=/u/people/guests/wurzburger/local installwill compile it in /usr/ports and install
it in /u/people/guests/wurzburger/local.And of course&prompt.root; make PORTSDIR=.../ports PREFIX=.../local installwill combine the two (it is too long to fit on the page if I
write it in full, but I am sure you get the idea).If you do not fancy typing all that in every time you install a
port (and to be honest, who would?), it is a good idea to put these
variables into your environment.Q. I do not have a FreeBSD CDROM, but I would like to have all
the tarballs handy on my system so I do not have to wait for a
download every time I install a port. Is there an easy way to get
them all at once?A. To get every single tarball for the ports collection,
do&prompt.root; cd /usr/ports
&prompt.root; make fetchFor all the tarballs for a single ports directory, do&prompt.root; cd /usr/ports/directory
&prompt.root; make fetchand for just one port — well, I think you have guessed
already.Q. I know it is probably faster to fetch the tarballs from one
of the FreeBSD mirror sites close by. Is there any way to tell the
port to fetch them from servers other than ones listed in the
MASTER_SITES?A. Yes. If you know, for example, ftp.FreeBSD.ORG is much closer than sites
listed in MASTER_SITES, do as following
example.&prompt.root; cd /usr/ports/directory
&prompt.root; make MASTER_SITE_OVERRIDE=ftp://ftp.FreeBSD.ORG/pub/FreeBSD/ports/distfiles/ fetchQ. I want to know what files make is going to need before it
tries to pull them down.A. make fetch-list will display a list of
the files needed for a port.Q. Is there any way to stop the port from compiling? I want to
do some hacking on the source before I install it, but it is a bit
tiresome having to watch it and hit control-C every time.A. Doing make extract will stop it after it
has fetched and extracted the source code.Q. I am trying to make my own port and I want to be able to
stop it compiling until I have had a chance to see if my patches
worked properly. Is there something like make
extract, but for patches?A. Yep, make patch is what you want. You
will probably find the PATCH_DEBUG option useful
as well. And by the way, thank you for your efforts!Q. I have heard that some compiler options can cause bugs. Is
this true? How can I make sure that I compile ports with the right
settings?A. Yes, with version 2.6.3 of gcc (the
version shipped with FreeBSD 2.1.0 and 2.1.5), the
option could result in buggy code unless you
used the option as well.
(Most of the ports do not use ). You
should be able to specify the compiler options
used by something like&prompt.root; make CFLAGS='-O2 -fno-strength-reduce' installor by editing /etc/make.conf, but
unfortunately not all ports respect this. The surest way is to do
make configure, then go into the source directory
and inspect the Makefiles by hand, but this can get tedious if the
source has lots of sub-directories, each with their own
Makefiles.Q. There are so many ports it is hard to find the one I want.
Is there a list anywhere of what ports are available?A. Look in the INDEX file in
/usr/ports. If you would like to search the
ports collection for a keyword, you can do that too. For example,
you can find ports relevant to the LISP programming language
using:&prompt.user; cd /usr/ports
&prompt.user; make search key=lispQ. I went to install the foo port but the
system suddenly stopped compiling it and starting compiling the
bar port. What is going on?A. The foo port needs something that is
supplied with bar — for instance, if
foo uses graphics, bar might
have a library with useful graphics processing routines. Or
bar might be a tool that is needed to compile the
foo port. Q. I installed the
grizzle program from the ports and frankly it is
a complete waste of disk space. I want to delete it but I do not
know where it put all the files. Any clues?A. No problem, just do&prompt.root; pkg_delete grizzle-6.5Alternatively, you can do&prompt.root; cd /usr/ports/somewhere/grizzle
&prompt.root; make deinstall
Q. Hang on a minute, you have to know the version number to use
that command. You do not seriously expect me to remember that, do
you??A. Not at all, you can find it out by doing&prompt.root; pkg_info -a | grep grizzle
Information for grizzle-6.5:
grizzle-6.5 - the combined piano tutorial, LOGO interpreter and shoot 'em up arcade game.Q. Talking of disk space, the ports directory seems to be
taking up an awful lot of room. Is it safe to go in there and
delete things?A. Yes, if you have installed the program and are fairly
certain you will not need the source again, there is no point in
keeping it hanging around. The best way to do this is&prompt.root; cd /usr/ports
&prompt.root; make cleanwhich will go through all the ports subdirectories and delete
everything except the skeletons for each port.Q. I tried that and it still left all those tarballs or
whatever you called them in the distfiles
directory. Can I delete those as well?A. Yes, if you are sure you have finished with them, those can
go as well.Q. I like having lots and lots of programs to play with. Is
there any way of installing all the ports in one go?A. Just do&prompt.root; cd /usr/ports
&prompt.root; make installQ. OK, I tried that, but I thought it would take a very long
time so I went to bed and left it to get on with it. When I looked
at the computer this morning, it had only done three and a half
ports. Did something go wrong?A. No, the problem is that some of the ports need to ask you
questions that we cannot answer for you (eg “Do you want to
print on A4 or US letter sized paper?”) and they need to have
someone on hand to answer them.Q. I really do not want to spend all day staring at the
monitor. Any better ideas?A. OK, do this before you go to bed/work/the local
park:-&prompt.root cd /usr/ports
&prompt.root; make -DBATCH installThis will install every port that does not
require user input. Then, when you come back, do&prompt.root; cd /usr/ports
&prompt.root; make -DIS_INTERACTIVE installto finish the job.Q. At work, we are using frobble, which is
in your ports collection, but we have altered it quite a bit to get
it to do what we need. Is there any way of making our own packages,
so we can distribute it more easily around our sites?A. No problem, assuming you know how to make patches for your
changes:-&prompt.root; cd /usr/ports/somewhere/frobble
&prompt.root; make extract
&prompt.root; cd work/frobble-2.8
[Apply your patches]
&prompt.root; cd ../..
&prompt.root; make packageQ. This ports stuff is really clever. I am desperate to find
out how you did it. What is the secret?A. Nothing secret about it at all, just look at the
bsd.ports.mk and
bsd.ports.subdir.mk files in your makefiles
directory.Readers with an aversion to intricate shell-scripts are
advised not to follow this link...)Making a port yourselfContributed by &a.jkh;, &a.gpalmer;, &a.asami; &a.obrien;
and &a.hoek;. 28 August 1996.So, now you are interested in making your own port? Great!What follows are some guidelines for creating a new port for
FreeBSD. The bulk of the work is done by
/usr/ports/Mk/bsd.port.mk, which all port Makefiles
include. Please refer to that file for more details on the inner
workings of the ports collection. Even if you do not hack Makefiles
daily, it is well commented, and you will still gain much knowledge from
it.Only a fraction of the overridable variables
(VAR) are mentioned in
this document. Most (if not all) are documented at the start of
bsd.port.mk. This file users a non-standard tab
setting. Emacs and
Vim should recognise the setting on loading
the file. vi or ex can be set
to use the correct value by typing :set tabstop=4
once the file has been loaded.Quick PortingThis section tells you how to do a quick port. In many cases, it
is not enough, but we will see.First, get the original tarball and put it into
DISTDIR, which defaults to
/usr/ports/distfiles.The following assumes that the software compiled out-of-the-box,
i.e., there was absolutely no change required for the port to work
on your FreeBSD box. If you needed to change something, you will
have to refer to the next section too.Writing the MakefileThe minimal Makefile would look something
like this:
# New ports collection makefile for: oneko
# Version required: 1.1b
# Date created: 5 December 1994
# Whom: asami
#
# $Id$
#
DISTNAME= oneko-1.1b
CATEGORIES= games
MASTER_SITES= ftp://ftp.cs.columbia.edu/archives/X11R5/contrib/
MAINTAINER= asami@FreeBSD.ORG
MAN1= oneko.1
MANCOMPRESSED= yes
USE_IMAKE= yes
.include <bsd.port.mk>See if you can figure it out. Do not worry about the contents
of the $Id$ line, it will be filled in
automatically by CVS when the port is imported to our main ports
tree. You can find a more detailed example in the sample Makefile section.Writing the description filesThere are three description files that are required for any
port, whether they actually package or not. They are
COMMENT, DESCR, and
PLIST, and reside in the
pkg subdirectory.COMMENTThis is the one-line description of the port.
Please do not include the package name (or
version number of the software) in the comment. Here is an
example:
A cat chasing a mouse all over the screen.DESCRThis is a longer description of the port. One to a few
paragraphs concisely explaining what the port does is
sufficient.This is not a manual or an in-depth
description on how to use or compile the port! Please
be careful if you are copying from the
README or manpage; too often
they are not a concise description of the port or are in an
awkward format (e.g., manpages have justified spacing). If the
ported software has an official WWW homepage, you should list it
here. Prefix one of the websites with
WWW: so that automated tools will work
correctly.It is recommended that you sign your name at the end of this
file, as in:
This is a port of oneko, in which a cat chases a poor mouse all over
the screen.
:
(etc.)
WWW: http://www.oneko.org/
- Satoshi
asami@cs.berkeley.eduPLISTThis file lists all the files installed by the port. It is
also called the “packing list” because the package is
generated by packing the files listed here. The pathnames are
relative to the installation prefix (usually
/usr/local or
/usr/X11R6). If you are using the
MANn variables (as
you should be), do not list any manpages here.Here is a small example:
bin/oneko
lib/X11/app-defaults/Oneko
lib/X11/oneko/cat1.xpm
lib/X11/oneko/cat2.xpm
lib/X11/oneko/mouse.xpm
@dirrm lib/X11/onekoRefer to the &man.pkg.create.1; man page for details on the
packing list.You should list all the files, but not the name directories,
in the list. Also, if the port creates directories for itself
during installtion, make sure to add @dirrm
lines as necessary to remove them when the port is
deleted.It is recommended that you keep all the filenames in this
file sorted alphabetically. It will make verifying the changes
when you upgrade the port much easier.Creating a packing list manually can be a very tedious
task. If the port installs a large numbers of files, creating the packing list
automatically might save time.Creating the checksum fileJust type make makesum. The ports make rules
will automatically generate the file
files/md5.Testing the portYou should make sure that the port rules do exactly what you
want it to do, including packaging up the port. These are the
important points you need to verify.PLIST does not contain anything not
installed by your portPLIST contains everything that is
installed by your portYour port can be installed multiple times using the
reinstall targetYour port cleans up
after itself upon deinstallRecommended test orderingmake installmake packagemake deinstallpkg_add package-namemake deinstallmake reinstallmake packageMake sure that there are not any warnings issued in any of the
package and
deinstall stages, After step 3, check to
see if all the new directories are correctly deleted. Also, try
using the software after step 4, to ensure that is works correctly
when installed from a package.Checking your port with portlintPlease use portlint to see if your port
conforms to our guidelines. The portlint program
is part of the ports collection. In particular, your may want to
check if the Makefile is in
the right shape and the package is named
appropriately.Submitting the portFirst, make sure you have read the Do's and Dont's section.Now that you are happy with your port, the only thing remaining
is to put it in the main FreeBSD ports tree and make everybody else
happy about it too. We do not need your work
directory or the pkgname.tgz package, so delete
them now. Next, simply include the output of shar `find
port_dir` in a bug report and send it with the
&man.send-pr.1; program (see Bug
Reports and General Commentary for more information about
&man.send-pr.1;. If the uncompressed port is larger than 20KB,
you should compress it into a tarfile and use &man.uuencode.1;
before including it in the bug report (uuencoded tarfiles are
acceptable even if the bug report is smaller than 20KB but are not
preferred). Be sure to classify the bug report as category
ports and class
change-request. (Do not mark the report
confidential!)One more time, do not include the original source
distfile, the work directory, or the package
you built with make package.In the past, we asked you to upload new port submissions in
- our ftp site (ftp.freebsd.org). This
+ our ftp site (ftp.FreeBSD.org). This
is no longer recommended as read access is turned off on that
incoming/ directory of that site due to the
large amount of pirated software showing up there.We will look at your port, get back to you if necessary, and put
it in the tree. Your name will also appear in the list of
“Additional FreeBSD contributors” on the FreeBSD
Handbook and other files. Isn't that great?!? :)Slow PortingOk, so it was not that simple, and the port required some
modifications to get it to work. In this section, we will explain,
step by step, how to modify it to get it to work with the ports
paradigm.How things workFirst, this is the sequence of events which occurs when the user
first types make in your port's directory, and
you may find that having bsd.port.mk in another
window while you read this really helps to understand it.But do not worry if you do not really understand what
bsd.port.mk is doing, not many people do...
:>The fetch target is run. The
fetch target is responsible for making
sure that the tarball exists locally in
DISTDIR. If fetch
cannot find the required files in DISTDIR it
will look up the URL MASTER_SITES, which is
set in the Makefile, as well as our main ftp site at ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/,
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/">ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/,
where we put sanctioned distfiles as backup. It will then
attempt to fetch the named distribution file with
FETCH, assuming that the requesting site has
direct access to the Internet. If that succeeds, it will save
the file in DISTDIR for future use and
proceed.The extract target is run. It
looks for your port's distribution file (typically a gzip'd
tarball) in DISTDIR and unpacks it into a
temporary subdirectory specified by WRKDIR
(defaults to work).The patch target is run. First,
any patches defined in PATCHFILES are
applied. Second, if any patches are found in
PATCHDIR (defaults to the
patches subdirectory), they are applied at
this time in alphabetical order.The configure target is run. This
can do any one of many different things.If it exists, scripts/configure is
run.If HAS_CONFIGURE or
GNU_CONFIGURE is set,
WRKSRC/configure is
run.If USE_IMAKE is set,
XMKMF (default: xmkmf
-a) is run.The build target is run. This is
responsible for descending into the port's private working
directory (WRKSRC) and building it. If
USE_GMAKE is set, GNU make
will be used, otherwise the system make will
be used.The above are the default actions. In addition, you can define
targets
pre-something or
post-something,
or put scripts with those names, in the scripts
subdirectory, and they will be run before or after the default
actions are done.For example, if you have a post-extract
target defined in your Makefile, and a file
pre-build in the scripts
subdirectory, the post-extract target will
be called after the regular extraction actions, and the
pre-build script will be executed before the
default build rules are done. It is recommended that you use
Makefile targets if the actions are simple
enough, because it will be easier for someone to figure out what
kind of non-default action the port requires.The default actions are done by the
bsd.port.mk targets
do-something.
For example, the commands to extract a port are in the target
do-extract. If you are not happy with the
default target, you can fix it by redefining the
do-something
target in your Makefile.The “main” targets (e.g.,
extract,
configure, etc.) do nothing more than
make sure all the stages up to that one are completed and call
the real targets or scripts, and they are not intended to be
changed. If you want to fix the extraction, fix
do-extract, but never ever touch
extract!Now that you understand what goes on when the user types
make, let us go through the recommended steps to
create the perfect port.Getting the original sourcesGet the original sources (normally) as a compressed tarball
(foo.tar.gz or
foo.tar.Z) and copy
it into DISTDIR. Always use
mainstream sources when and where you
can.If you cannot find a ftp/http site that is well-connected to the
net, or can only find sites that have irritatingly non-standard
formats, you might want to put a copy on a reliable ftp or http
server that you control (e.g., your home page). Make sure you set
MASTER_SITES to reflect your choice.If you cannot find somewhere convenient and reliable to put the
distfile (if you are a FreeBSD committer, you can just put it in
your public_html/ directory on
freefall), we can “house” it ourselves
by putting it on
- ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
+ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
as the last resort. Please refer to this location as
MASTER_SITE_LOCAL. Send mail to the &a.ports;if
you are not sure what to do.If your port's distfile changes all the time for no good reason,
consider putting the distfile in your home page and listing it as
the first MASTER_SITES. This will prevent users
from getting checksum mismatch errors, and
also reduce the workload of maintainers of our ftp site. Also, if
there isonly one master site for the port, it is recommended that
you house a backup at your site and list it as the second
MASTER_SITES.If your port requires some additional `patches' that are
available on the Internet, fetch them too and put them in
DISTDIR. Do not worry if they come from a site
other than where you got the main source tarball, we have a way to
handle these situations (see the description of PATCHFILES below).Modifying the portUnpack a copy of the tarball in a private directory and make
whatever changes are necessary to get the port to compile properly
under the current version of FreeBSD. Keep careful
track of everything you do, as you will be automating
the process shortly. Everything, including the deletion, addition
or modification of files should be doable using an automated script
or patch file when your port is finished.If your port requires significant user interaction/customization
to compile or install, you should take a look at one of Larry Wall's
classic Configure scripts and perhaps do
something similar yourself. The goal of the new ports collection is
to make each port as “plug-and-play” as possible for the
end-user while using a minimum of disk space.Unless explicitly stated, patch files, scripts, and other
files you have created and contributed to the FreeBSD ports
collection are assumed to be covered by the standard BSD copyright
conditions.PatchingIn the preparation of the port, files that have been added or
changed can be picked up with a recursive diff for later feeding to
patch. Each set of patches you wish to apply should be collected
into a file named
patch-xx where
xx denotes the sequence in which the
patches will be applied — these are done in
alphabetical order, thus aa
first, ab second and so on. These files should
be stored in PATCHDIR, from where they will be
automatically applied. All patches should be relative to
WRKSRC (generally the directory your port's
tarball unpacks itself into, that being where the build is done).
To make fixes and upgrades easier, you should avoid having more than
one patch fix the same file (e.g., patch-aa and
patch-ab both changing
WRKSRC/foobar.c).ConfiguringInclude any additional customization commands to your
configure script and save it in the
scripts subdirectory. As mentioned above, you
can also do this as Makefile targets and/or
scripts with the name pre-configure or
post-configure.Handling user inputIf your port requires user input to build, configure or install,
then set IS_INTERACTIVE in your Makefile. This
will allow “overnight builds” to skip your port if the
user sets the variable BATCH in his environment (and
if the user sets the variable INTERACTIVE, then
only those ports requiring interaction are
built).It is also recommended that if there are reasonable default
answers to the questions, you check the
PACKAGE_BUILDING variable and turn off the
interactive script when it is set. This will allow us to build the
packages for CD-ROMs and ftp.Configuring the MakefileConfiguring the Makefile is pretty simple, and again we suggest
that you look at existing examples before starting. Also, there is a
sample Makefile in this
handbook, so take a look and please follow the ordering of variables
and sections in that template to make your port easier for others to
read.Now, consider the following problems in sequence as you design
your new Makefile:The original sourceDoes it live in DISTDIR as a standard gzip'd
tarball? If so, you can go on to the next step. If not, you should
look at overriding any of the EXTRACT_CMD,
EXTRACT_BEFORE_ARGS,
EXTRACT_AFTER_ARGS,
EXTRACT_SUFX, or DISTFILES
variables, depending on how alien a format your port's distribution
file is. (The most common case is
EXTRACT_SUFX=.tar.Z, when the tarball is
condensed by regular compress, not gzip.)In the worst case, you can simply create your own
do-extract target to override the default,
though this should be rarely, if ever, necessary.DISTNAMEYou should set DISTNAME to be the base name
of your port. The default rules expect the distribution file list
(DISTFILES) to be named
DISTNAMEEXTRACT_SUFX which, if
it is a normal tarball, is going to be something like
foozolix-1.0.tar.gz for a setting of
DISTNAME=foozolix-1.0.The default rules also expect the tarball(s) to extract into a
subdirectory called
work/DISTNAME, e.g.
work/foozolix-1.0/.All this behavior can be overridden, of course; it simply
represents the most common time-saving defaults. For a port
requiring multiple distribution files, simply set
DISTFILES explicitly. If only a subset of
DISTFILES are actual extractable archives, then
set them up in EXTRACT_ONLY, which will override
the DISTFILES list when it comes to extraction,
and the rest will be just left in DISTDIR for
later use.PKGNAMEIf DISTNAME does not conform to our guidelines for a good package
name, you should set the PKGNAME
variable to something better. See the abovementioned guidelines for
more details.CATEGORIESWhen a package is created, it is put under
/usr/ports/packages/All and links are made from
one or more subdirectories of
/usr/ports/packages. The names of these
subdirectories are specified by the variable
CATEGORIES. It is intended to make life easier
for the user when he is wading through the pile of packages on the
ftp site or the CD-ROM. Please take a look at the existing categories and pick the ones
that are suitable for your port.This list also determines where in the ports tree the port is
imported. If you put more than one category here, it is assumed
that the port files will be put in the subdirectory with the name in
the first category. See the categories section for more
discussion about how to pick the right categories.If you port truly belongs to something that is different from
all the existing ones, you can even create a new category name. In
that case, please send mail to the &a.ports; to propose a new
category.There is no error checking for category names. make
package will happily create a new directory if you
mustype the category name, so be careful!MASTER_SITESRecord the directory part of the ftp/http-URL pointing at the
original tarball in MASTER_SITES. Do not forget
the trailing slash (/)!The make macros will try to use this
specification for grabbing the distribution file with
FETCH if they cannot find it already on the
system.It is recommended that you put multiple sites on this list,
preferably from different continents. This will safeguard against
wide-area network problems, and we are even planning to add support
for automatically determining the closest master site and fetching
from there!If the original tarball is part of one of the following popular
archives: X-contrib, GNU, Perl CPAN, TeX CTAN, or Linux Sunsite, you
refer to those sites in an easy compact form using
MASTER_SITE_XCONTRIB,
MASTER_SITE_GNU,
MASTER_SITE_PERL_CPAN,
MASTER_SITE_TEX_CTAN, and
MASTER_SITE_SUNSITE. Simply set
MASTER_SITE_SUBDIR to the path with in the
archive. Here is an example:
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applicationsThe user can also set the MASTER_SITE_*
variables in /etc/make.conf to override our
choices, and use their favorite mirrors of these popular archives
instead.PATCHFILESIf your port requires some additional patches that are available
by ftp or http, set PATCHFILES to the names of
the files and PATCH_SITES to the URL of the
directory that contains them (the format is the same as
MASTER_SITES).If the patch is not relative to the top of the source tree
(i.e., WKRSRC) because it contains some extra
pathnames, set PATCH_DIST_STRIP accordingly. For
instance, if all the pathnames in the patch have an extra
foozolix-1.0/ in front of the filenames, then set
PATCH_DIST_STRIP=-p1.Do not worry if the patches are compressed, they will be
decompressed automatically if the filenames end with
.gz or .Z.If the patch is distributed with some other files, such as
documentation, in a gzip'd tarball, you cannot just use
PATCHFILES. If that is the case, add the name
and the location of the patch tarball to
DISTFILES and MASTER_SITES.
Then, from the pre-patch target, apply the
patch either by running the patch command from there, or copying the
patch file into the PATCHDIR directory and
calling it
patch-xx.Note the tarball will have been extracted alongside the
regular source by then, so there is no need to explicitly extract
it if it is a regular gzip'd or compress'd tarball. If you do the
latter, take extra care not to overwrite something that already
exists in that directory. Also do not forget to add a command to
remove the copied patch in the pre-clean
target.MAINTAINERSet your mail-address here. Please. :)For detailed description of the responsibility of maintainers,
refer to MAINTAINER on
Makefiles section.DependenciesMany ports depend on other ports. There are five variables that
you can use to ensure that all the required bits will be on the
user's machine. There are also some pre-supported dependency
variables for common cases, plus a few more to control the behaviour
of dependencies.LIB_DEPENDSThis variable specifies the shared libraries this port depends
on. It is a list of
lib:dir:target
tuples where lib is the name of the
shared library, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. For example, LIB_DEPENDS=
jpeg.9:${PORTSDIR}/graphics/jpeg:install
will check for a shared jpeg library with major version 9, and
descend into the graphics/jpeg subdirectory
of your ports tree to build and install it if it is not found.
The target part can be omitted if it is
equal to DEPENDS_TARGET (which defaults to
install).The lib part is an argument given
to ldconfig -r | grep -wF. There shall be no
reqular expressions in this variable.The dependency is checked twice, once from within the
extract target and then from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system.RUN_DEPENDSThis variable specifies executables or files this port depends
on during run-time. It is a list of
path:dir:target
tuples where path is the name of the
executable or file, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. If path starts with a slash
(/), it is treated as a file and its existence
is tested with test -e; otherwise, it is
assumed to be an executable, and which -s is
used to determine if the program exists in the user's search
path.For example,
RUN_DEPENDS= ${PREFIX}/etc/innd:${PORTSDIR}/news/inn \
wish8.0:${PORTSDIR}/x11-toolkits/tk80will check if the file or directory
/usr/local/etc/innd exists, and build and
install it from the news/inn subdirectory of
the ports tree if it is not found. It will also see if an
executable called wish8.0 is in your search
path, and descend into the x11-toolkits/tk80
subdirectory of your ports tree to build and install it if it is
not found.In this case, innd is actually an
executable; if an executable is in a place that is not expected
to be in a normal user's search path, you should use the full
pathname.The dependency is checked from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system. The target
part can be omitted if it is the same
DEPENDS_TARGET.BUILD_DEPENDSThis variable specifies executables or files this port
requires to build. Like RUN_DEPENDS, it is a
list of
path:dir:target
tuples. For example, BUILD_DEPENDS=
unzip:${PORTSDIR}/archivers/unzip will check
for an executable called unzip, and descend
into the archivers/unzip subdirectory of your
ports tree to build and install it if it is not found.“build” here means everything from extracting to
compilation. The dependency is checked from within the
extract target. The
target part can be omitted if it is
the same as DEPENDS_TARGETFETCH_DEPENDSThis variable specifies executables or files this port
requires to fetch. Like the previous two, it is a list of
path:dir:target
tuples. For example, FETCH_DEPENDS=
ncftp2:${PORTSDIR}/net/ncftp2 will check for an
executable called ncftp2, and descend into the
net/ncftp2 subdirectory of your ports tree to
build and install it if it is not found.The dependency is checked from within the
fetch target. The
target part can be omitted if it is the
same as DEPENDS_TARGET.DEPENDSIf there is a dependency that does not fall into either of the
above four categories, or your port requires to have the source of
the other port extracted in addition to having them installed,
then use this variable. This is a list of
dir:target,
as there is nothing to check, unlike the previous four. The
target part can be omitted if it is the
same as DEPENDS_TARGET.Common dependency variablesDefine USE_XLIB=yes if your port requires
the X Window System to be installed (it is implied by
USE_IMAKE). Define
USE_GMAKE=yes if your port requires GNU
make instead of BSD make.
Define USE_AUTOCONF=yes if your port requires
GNU autoconf to be run. Define USE_QT=yes if
your port uses the latest qt toolkit. Use
USE_PERL5=yes if your port requires version 5
of the perl language. (The last is especially important since
some versions of FreeBSD has perl5 as part of the base system
while others do not.)Notes on dependenciesAs mentioned above, the default target to call when a
dependency is required is DEPENDS_TARGET.
It defaults to install. This is a user
variable; is is never defined in a port's
Makefile. If your port needs a special way
to handle a dependency, use the :target part of
the *_DEPENDS variables instead of redefining
DEPENDS_TARGET.When you type make clean, its dependencies
are automatically cleaned too. If you do not wish this to happen,
define the variable NOCLEANDEPENDS in your
environment.To depend on another port unconditionally, it is customary to
use the string nonexistent as the first field
of BUILD_DEPENDS or
RUN_DEPENDS. Use this only when you need to
the to get to the source of the other port. You can often save
compilation time by specifying the target too. For
instance
BUILD_DEPENDS= /nonexistent:${PORTSDIR}/graphics/jpeg:extract
will always descend to the JPEG port and extract it.Do not use DEPENDS unless there is no other
way the behaviour you want can be accomplished. It will cause the
other port to be always build (and installed, by default), and the
dependency will go into the packages as well. If this is really
what you need, I recommend you write it as
BUILD_DEPENDS and
RUN_DEPENDS instead—at least the
intention will be clear.Building mechanismsIf your package uses GNU make, set
USE_GMAKE=yes. If your package uses
configure, set
HAS_CONFIGURE=yes. If your package uses GNU
configure, set
GNU_CONFIGURE=yes (this implies
HAS_CONFIGURE). If you want to give some extra
arguments to configure (the default argument list
--prefix=${PREFIX} for GNU
configure and empty for non-GNU
configure), set those extra arguments in
CONFIGURE_ARGS. If your package uses GNU
autoconf, set
USE_AUTOCONF=yes. This implies
GNU_CONFIGURE, and will cause
autoconf to be run before
configure.If your package is an X application that creates
Makefiles from Imakefiles
using imake, then set
USE_IMAKE=yes. This will cause the configure
stage to automatically do an xmkmf -a. If the
flag is a problem for your port, set
XMKMF=xmkmf. If the port uses
imake but does not understand the
install.man target,
NO_INSTALL_MANPAGES=yes should be set. In
addition, the author of the original port should be shot. :>If your port's source Makefile has
something else than all as the main build
target, set ALL_TARGET accordingly. Same goes
for install and
INSTALL_TARGET.Special considerationsThere are some more things you have to take into account when you
create a port. This section explains the most common of those.ldconfigIf your port installs a shared library, add a
post-install target to your
Makefile that runs ${LDCONFIG}
-m on the directory where the new library is installed
(usually PREFIX/lib) to
register it into the shared library cache.Also, add a matching @exec /sbin/ldconfig -m
and @unexec /sbin/ldconfig -R pair to your
pkg/PLIST file so that a user who installed the
package can start using the shared library immediately and
deinstallation will not cause the system to still believe the
library is there. These lines should immediately follow the line
for the shared library itself, as in:
lib/libtvl80.so.1
@exec /sbin/ldconfig -m %D/lib
@unexec /sbin/ldconfig -RNever, ever, ever add a line that says
ldconfig without any arguments to your
Makefile or pkg/PLIST.
This will reset the shared library cache to the contents of
/usr/lib only, and will royally screw up the
user's machine ("Help, xinit does not run anymore after I install
this port!"). Anybody who does this will be shot and cut in 65,536
pieces by a rusty knife and have is liver chopped out by a bunch of
crows and will eternally rot to death in the deepest bowels of hell
(not necessarily in that order…)ELF supportSince FreeBSD is moving to ELF shortly after 3.0-RELEASE, we need
to convert many ports that build shared libraries to support ELF.
Complicating this task is that a 3.0 system can run as both ELF and
a.out, and we wish to unofficially support the 2.2 as long as
possible. Below are the guidelines on how to convert a.out only ports
to support both a.out and ELF compilation.Some part of this list is only applicable during the conversion,
but will be left here for awhile for reference in case you have come
across some old port you wish to upgrade.Moving a.out libraries out of the wayA.out libraries should be moved out of
/usr/local/lib and similar to an
aout subdirectory. (If you do not move them out
of the way, ELF ports will happily overwrite a.out libraries.) The
move-aout-libs target in the 3.0-CURRENT
src/Makefile (called from
aout-to-elf) will do this for you. It will
only move a.out libs so it is safe to call it on a system with both
ELF and a.out libs in the standard directories.FormatThe ports tree will build packages in the format the machine is
in. This means a.out for 2.2 and a.out or ELF for 3.0 depending on
what `objformat` returns. Also, once users move
a.out libraries to a subdirectory, building a.out libraries will be
unsupported. (I.e., it may still work if you know what you are
doing, but you are on your own.)If a port only works for a.out, set
BROKEN_ELF to a string describing the reason
why. Such ports will be skipped during a build on an ELF
system.PORTOBJFORMATbsd.port.mk will set
PORTOBJFORMAT to aout or
elf and export it in the environments
CONFIGURE_ENV, SCRIPTS_ENV and
MAKE_ENV. (It's always going to be
aout in 2.2-STABLE). It is also passed to
PLIST_SUB as
PORTOBJFORMAT=${PORTOBJFORMAT}. (See comment on
ldconfig lines below.)The variable is set using this line in
bsd.port.mk:
PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aoutPorts' make processes should use this variable to decide what to
do. However, if the port's configure script
already automatically detects an ELF system, it is not necessary to
refer to PORTOBJFORMAT.Building shared librariesThe following are differences in handling shared libraries for
a.out and ELF.Shared library versionsAn ELF shared library should be called
libfoo.so.M
where M is the single version number,
and an a.out library should be called
libfoo.so.M.N
where M is the major version and
N is the the minor version number.
Do not mix those; never install an ELF
shared library called
libfoo.so.N.M
or an a.out shared library (or symlink) called
libfoo.so.N.Linker command linesAssuming cc -shared is used rather than
ld directly, the only difference is that you
need to add
on the command line for ELF.You need to install a symlink from
libfoo.so to
libfoo.so.N to make
ELF linkers happy. Since it should be listed in
PLIST too, and it won't hurt in the a.out case
(some ports even require the link for dynamic loading), you should
just make this link regardless of the setting of
PORTOBJFORMAT.LIB_DEPENDSAll port Makefiles are edited to remove minor numbers from
LIB_DEPENDS, and also to have the regexp support
removed. (E.g., foo\\.1\\.\\(33|40\\) becomes
foo.2.) They will be matched using grep
-wF.PLISTPLIST should contain the short (ELF) shlib
names if the a.out minor number is zero, and the long (a.out) names
otherwise. bsd.port.mk will automatically add
.0 to the end of short shlib lines if
PORTOBJFORMAT equals aout, and
will delete the minor number from long shlib names if
PORTOBJFORMAT equals
elf.In cases where you really need to install shlibs with two
versions on an ELF system or those with one version on an a.out
system (for instance, ports that install compatibility libraries for
other operating systems), define the variable
NO_FILTER_SHLIBS. This will turn off the editing
of PLIST mentioned in the previous
paragraph.ldconfigThe ldconfig line in Makefiles should
read:
${SETENV} OBJFORMAT=${PORTOBJFORMAT} ${LDCONFIG} -m ....In PLIST it should read;
@exec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -m ...
@unexec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -RThis is to ensure that the correct ldconfig
will be called depending on the format of the package, not the
default format of the system.MASTERDIRIf your port needs to build slightly different versions of
packages by having a variable (for instance, resolution, or paper
size) take different values, create one subdirectory per package to
make it easier forusers to see what to do, but try to share as many
files as possible between ports. Typically you only need a very short
Makefile in all but one of the directories if you
use variables cleverly. In the sole Makefiles,
you can use MASTERDIR to specify the directory
where the rest of the files are. Also, use a variable as part of
PKGNAME so
the packages will have different names.This will be best demonstrated by an example. This is part of
japanese/xdvi300/Makefile;
PKGNAME= ja-xdvi${RESOLUTION}-17
:
# default
RESOLUTION?= 300
.if ${RESOLUTION} != 118 && ${RESOLUTION} != 240 && \
${RESOLUTION} != 300 && ${RESOLUTION} != 400
@${ECHO} "Error: invalid value for RESOLUTION: \"${RESOLUTION}\""
@${ECHO} "Possible values are: 118, 240, 300 (default) and 400."
@${FALSE}
.endifjapanese/xdvi300 also has all the regular
patches, package files, etc. If you type make
there, it will take the default value for the resolution (300) and
build the port normally.As for other resolutions, this is the entirexdvi118/Makefile;
RESOLUTION= 118
MASTERDIR= ${.CURDIR}/../xdvi300
.include ${MASTERDIR}/Makefile(xdvi240/Makefile and
xdvi400/Makefile are similar). The
MASTERDIR definition tells
bsd.port.mk that the refulat set of
subdirectories like PATCHDIR and
PKGDIR are to be found under
xdvi300. The RESOLUTION=118
line will override the RESOLUTION=300 line in
xdvi300/Makefile and the port will be built with
resolution set to 118.Shared library versionsFirst, please read our policy on
shared library versioning to understand what to do with
shared library versions in general. Do not blindly assume software
authors know what they are doing; many of them do not. It is very
important that these details are carefully considered, as we have
quite a unique situation where we are trying to have dozens of
potentially incompatible software pairs co-exist. Careless port
imports have caused great trouble regarding shared libraries in the
past (ever wondered why the port jpeg-6b has a
shared library version of 9.0?). If in doubt, send a message to the
&a.ports;. Most of the time, your job ends by determining the right
shared library version and making appropriate patches to implement
it.However, if there is a port which is a different version of the
same software already in the tree, the situation is much more complex.
In short, the FreeBSD implementation does not allow the user to
specify to the linker which version of shared library to link against
(the linker will always pick the highest numbered version). This
means, if there is a libfoo.so.3.2 and
libfoo.so.4.0 in the system, there is no way to
tell the linker to link a particular application to
libfoo.so.3.2. It is essentially completely
overshadowed in terms of compilation-time linkage. In this case, the
only solution is to rename the base part of the
shared library. For instance, change
libfoo.so.4.0 to
libfoo4.so.1.0 so both version 3.2 and 4.0 can be
linked from other ports.ManpagesThe MAN[1-9LN] variables will automatically add
any manpages to pkg/PLIST (this means you must
not list manpages in the
PLIST—see generating PLIST for more). It also
makes the install stage automatically compress or uncompress manpages
depending on the setting of NOMANCOMPRESS in
/etc/make.conf.To specify whether the manpages are compressed upon installation,
use the MANCOMPRESSED variable. This variable can
take three values, yes, no and
maybe. yes means manpages are
already installed compressed, no means they are
not, and maybe means the software already respects
the value of NOMANCOMPRESS so
bsd.port.mk does not have to do anything
special.MANCOMPRESSED is automatically set to
yes if USE_IMAKE is set and
NO_INSTALL_MANPAGES is not set, and to
no otherwise. You do not have to explicitly define
it unless the default is not suitable for your port.If your port anchors its man tree somewhere other than
PREFIX, you can use the
MANPREFIX to set it. Also, if only manpages in
certain sections go in a non-standard place, such as some Perl modules
ports, you can set individual man paths using
MANsectPREFIX (where
sect is one of 1-9,
L or N).If your manpages go to language-specific subdirectories, set the
name of the languages to MANLANG. The value of
this variable defaults to "" (i.e., English
only).Here is an example that puts it all together.
MAN1= foo.1
MAN3= bar.3
MAN4= baz.4
MANLANG= "" ja
MAN3PREFIX= ${PREFIX}/share/foobar
MANCOMPRESSED= yesThis states that six files are installed by this port;
${PREFIX}/man/man1/foo.1.gz
${PREFIX}/man/ja/man1/foo.1.gz
${PREFIX}/share/foobar/man/man3/bar.3.gz
${PREFIX}/share/foobar/man/ja/man3/bar.3.gz
${PREFIX}/man/man4/baz.4.gz
${PREFIX}/man/ja/man4/baz.4.gzPorts that require MotifThere are many programs that require a Motif library (available
from several commercial vendors, while there is a free clone reported
to be able to run many applications in
x11-toolkits/lesstif) to compile. Since it is a
popular toolkit and their licenses usually permit redistribution of
statically linked binaries, we have made special provisions for
handling ports that require Motif in a way that we can easily compile
binaries linked either dynamically (for people who are compiling from
the port) or statically (for people who distribute packages).REQUIRES_MOTIFIf your port requires Motif, define this variable in the
Makefile. This will prevent people who do not own a copy of Motif
from even attempting to build it.MOTIFLIBThis variable will be set by bsd.port.mk to
be the appropriate reference to the Motif library. Please patch the
source to use this wherever the Motif library is referenced in the
Makefile or
Imakefile.There are two common cases:If the port refers to the Motif library as
-lXm in its Makefile or
Imakefile, simply substitute
${MOTIFLIB} for it.If the port uses XmClientLibs in its
Imakefile, change it to
${MOTIFLIB} ${XTOOLLIB}
${XLIB}.Note that MOTIFLIB (usually) expands to
-L/usr/X11R6/lib -lXm or
/usr/X11R6/lib/libXm.a, so there is no need to
add -L or -l in front.X11 fontsIf your port installs fonts for the X Window system, put them in
X11BASE/lib/X11/fonts/local.
This directory is new to XFree86 release 3.3.3. If it does not exist,
please create it, and print out a message urging the user to update
their XFree86 to 3.3.3 or newer, or at least add this directory to the
font path in /etc/XF86Config.Info filesThe new version of texinfo (included in 2.2.2-RELEASE and onwards)
contains a utility called install-info to add and
delete entries to the dir file. If your port
installs any info documents, please follow this instructions so your
port/package will correctly update the user's
PREFIX/info/dir file. (Sorry
for the length of this section, but is it imperative to weave all the
info files together. If done correctly, it will produce a
beautiful listing, so please bear with me!First, this is what you (as a porter) need to know&prompt.user; install-info --help
install-info [OPTION]... [INFO-FILE [DIR-FILE]]
Install INFO-FILE in the Info directory file DIR-FILE.
Options:
--delete Delete existing entries in INFO-FILE;
don't insert any new entries.
:
--entry=TEXT Insert TEXT as an Info directory entry.
:
--section=SEC Put this file's entries in section SEC of the directory. :This program will not actually install info
files; it merely inserts or deletes entries in the
dir file.Here's a seven-step procedure to convert ports to use
install-info. I will use
editors/emacs as an example.Look at the texinfo sources and make a patch to insert
@dircategory and @direntry
statements to files that do not have them. This is part of my
patch:
--- ./man/vip.texi.org Fri Jun 16 15:31:11 1995
+++ ./man/vip.texi Tue May 20 01:28:33 1997
@@ -2,6 +2,10 @@
@setfilename ../info/vip
@settitle VIP
+@dircategory The Emacs editor and associated tools
+@direntry
+* VIP: (vip). A VI-emulation for Emacs.
+@end direntry
@iftex
@finalout
:The format should be self-explanatory. Many authors leave a
dir file in the source tree that contains all
the entries you need, so look around before you try to write your
own. Also, make sure you look into related ports and make the
section names and entry indentations consistent (we recommend that
all entry text start at the 4th tab stop).Note that you can put only one info entry per file because
of a bug in install-info --delete that
deletes only the first entry if you specify multiple entries in
the @direntry section.You can give the dir entries to
install-info as arguments
( and ) instead
of patching the texinfo sources. I do not think this is a good
idea for ports because you need to duplicate the same information
in three places
(Makefile and
@exec/@unexec of
PLIST; see below). However, if you have a
Japanese (or other multibyte encoding) info files, you will have
to use the extra arguments to install-info
because makeinfo cannot handle those texinfo
sources. (See Makefile and
PLIST of japanese/skk
for examples on how to do this).Go back to the port directory and do a make clean;
make and verify that the info files are regenerated
from the texinfo sources. Since the texinfo sources are newer than
the info files, they should be rebuilt when you type
make; but many Makefiles
do not include correct dependencies for info files. In
emacs' case, I had to patch the main
Makefile.in so it will descend into the
man subdirectory to rebuild the info
pages.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Tue Apr 15 00:15:28 1997
@@ -184,7 +184,7 @@
# Subdirectories to make recursively. `lisp' is not included
# because the compiled lisp files are part of the distribution
# and you cannot remake them without installing Emacs first.
-SUBDIR = lib-src src
+SUBDIR = lib-src src man
# The makefiles of the directories in $SUBDIR.
SUBDIR_MAKEFILES = lib-src/Makefile man/Makefile src/Makefile oldXMenu/Makefile lwlib/Makefile
--- ./man/Makefile.in.org Thu Jun 27 15:27:19 1996
+++ ./man/Makefile.in Tue Apr 15 00:29:52 1997
@@ -66,6 +66,7 @@
${srcdir}/gnu1.texi \
${srcdir}/glossary.texi
+all: info
info: $(INFO_TARGETS)
dvi: $(DVI_TARGETS)The second hunk was necessary because the default target in
the man subdir is called
info, while the main
Makefile wants to call
all. I also deleted the installation of
the info info file because we already have
one with the same name in /usr/share/info
(that patch is not shown here).If there is a place in the Makefile that
is installing the dir file, delete it. Your
port may not be doing it. Also, remove any commands that are
otherwise mucking around with the dir
file.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Mon Apr 14 23:38:07 1997
@@ -368,14 +368,8 @@
if [ `(cd ${srcdir}/info && /bin/pwd)` != `(cd ${infodir} && /bin/pwd)` ]; \
then \
(cd ${infodir}; \
- if [ -f dir ]; then \
- if [ ! -f dir.old ]; then mv -f dir dir.old; \
- else mv -f dir dir.bak; fi; \
- fi; \
cd ${srcdir}/info ; \
- (cd $${thisdir}; ${INSTALL_DATA} ${srcdir}/info/dir ${infodir}/dir); \
- (cd $${thisdir}; chmod a+r ${infodir}/dir); \
for f in ccmode* cl* dired-x* ediff* emacs* forms* gnus* info* message* mh-e* sc* vip*; do \
(cd $${thisdir}; \
${INSTALL_DATA} ${srcdir}/info/$$f ${infodir}/$$f; \
chmod a+r ${infodir}/$$f); \(This step is only necessary if you are modifying an existing
port.) Take a look at pkg/PLIST and delete
anything that is trying to patch up info/dir.
They may be in pkg/INSTALL or some other
file, so search extensively.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/04/15 06:32:12
@@ -15,9 +15,6 @@
man/man1/emacs.1.gz
man/man1/etags.1.gz
man/man1/ctags.1.gz
-@unexec cp %D/info/dir %D/info/dir.bak
-info/dir
-@unexec cp %D/info/dir.bak %D/info/dir
info/cl
info/cl-1
info/cl-2Add a post-install target to the
Makefile to create a dir
file if it is not there. Also, call
install-info with the installed info
files.
Index: Makefile
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/Makefile,v
retrieving revision 1.26
diff -u -r1.26 Makefile
--- Makefile 1996/11/19 13:14:40 1.26
+++ Makefile 1997/05/20 10:25:09 1.28
@@ -20,5 +20,11 @@
post-install:
.for file in emacs-19.34 emacsclient etags ctags b2m
strip ${PREFIX}/bin/${file}
.endfor
+ if [ ! -f ${PREFIX}/info/dir ]; then \
+ ${SED} -ne '1,/Menu:/p' /usr/share/info/dir > ${PREFIX}/info/dir; \
+ fi
+.for info in emacs vip viper forms gnus mh-e cl sc dired-x ediff ccmode
+ install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir
+.endfor
.include <bsd.port.mk>Do not use anything other than
/usr/share/info/dir and the above command to
create a new info file. In fact, I would add the first three lines
of the above patch to bsd.port.mk if you (the
porter) would not have to do it in PLIST by
yourself anyway.Edit PLIST and add equivalent
@exec statements and also
@unexec for pkg_delete. You
do not need to delete info/dir with
@unexec.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/05/20 10:25:12 1.17
@@ -16,7 +14,15 @@
man/man1/etags.1.gz
man/man1/ctags.1.gz
+@unexec install-info --delete %D/info/emacs %D/info/dir
:
+@unexec install-info --delete %D/info/ccmode %D/info/dir
info/cl
info/cl-1
@@ -87,6 +94,18 @@
info/viper-3
info/viper-4
+@exec [ -f %D/info/dir ] || sed -ne '1,/Menu:/p' /usr/share/info/dir > %D/info/dir
+@exec install-info %D/info/emacs %D/info/dir
:
+@exec install-info %D/info/ccmode %D/info/dir
libexec/emacs/19.34/i386--freebsd/cvtmail
libexec/emacs/19.34/i386--freebsd/digest-docThe @unexec install-info --delete
commands have to be listed before the info files themselves so
they can read the files. Also, the @exec
install-info commands have to be after the info
files and the @exec command that creates the
the dir file.Test and admire your
work. :). Check the
dir file before and after each step.The pkg/ subdirectoryThere are some tricks we have not mentioned yet about the
pkg/ subdirectory that come in handy
sometimes.MESSAGEIf you need to display a message to the installer, you may place
the message in pkg/MESSAGE. This capability is
often useful to display additional installation steps to be taken
after a pkg_add or to display licensing
information.The pkg/MESSAGE file does not need to be
added to pkg/PLIST. Also, it will not get
automatically printed if the user is using the port, not the
package, so you should probably display it from the
post-install target yourself.INSTALLIf your port needs to execute commands when the binary package
is installed with pkg_add you can do this via the
pkg/INSTALL script. This script will
automatically be added to the package, and will be run twice by
pkg_add. The first time will as INSTALL
${PKGNAME} PRE-INSTALL and the second time as
INSTALL ${PKGNAME} POST-INSTALL.
$2 can be tested to determine which mode
the script is being run in. The PKG_PREFIX
environmental variable will be set to the package installation
directory. See &man.pkg.add.1; for
additional information.This script is not run automatically if you install the port
with make install. If you are depending on it
being run, you will have to explicitly call it from your port's
Makefile.REQIf your port needs to determine if it should install or not, you
can create a pkg/REQ “requirements”
script. It will be invoked automatically at
installation/deinstallation time to determine whether or not
installation/deinstallation should proceed.Changing PLIST based on make
variablesSome ports, particularly the p5- ports, need to change their
PLIST depending on what options they are
configured with (or version of perl, in the case of p5- ports). To
make this easy, any instances in the PLIST of
%%OSREL%%, %%PERL_VER%%, and
%%PERL_VERSION%% will be substituted for
appropriately. The value of %%OSREL%% is the
numeric revision of the operating system (e.g.,
2.2.7). %%PERL_VERSION%% is
the full version number of perl (e.g., 5.00502)
and %%PERL_VER%% is the perl version number minus
the patchlevel (e.g., 5.005).If you need to make other substitutions, you can set the
PLIST_SUB variable with a list of
VAR=VALUE
pairs and instances of
%%VAR%%' will be
substituted with VALUE in the
PLIST.For instance, if you have a port that installs many files in a
version-specific subdirectory, you can put something like
OCTAVE_VERSION= 2.0.13
PLIST_SUB= OCTAVE_VERSION=${OCTAVE_VERSION}
in the Makefile and use
%%OCTAVE_VERSION%% wherever the version shows up
in PLIST. That way, when you upgrade the port,
you will not have to change dozens (or in some cases, hundreds) of
lines in the PLIST.This substitution (as well as addition of any man pages) will be done between
the do-install and
post-install targets, by reading from
PLIST and writing to TMPPLIST
(default:
WRKDIR/.PLIST.mktmp). So if
your port builds PLIST on the fly, do so in or
before do-install. Also, if your port
needs to edit the resulting file, do so in
post-install to a file named
TMPPLIST.Changing the names of files in the
pkg subdirectoryAll the filenames in the pkg subdirectory
are defined using variables so you can change them in your
Makefile if need be. This is especially useful
when you are sharing the same pkg subdirectory
among several ports or have to write to one of the above files (see
writing to places other than
WRKDIR for why it is a bad idea to write
directly in to the pkg subdirectory.Here is a list of variable names and their default
values.VariableDefault valueCOMMENT${PKGDIR}/DESCRDESCR${PKGDIR}/DESCRPLIST${PKGDIR}/PLISTPKGINSTALL${PKGDIR}/PKGINSTALLPKGDEINSTALL${PKGDIR}/PKGDEINSTALLPKGREQ${PKGDIR}/REQPKGMESSAGE${PKGDIR}/MESSAGEPlease change these variables rather than overriding
PKG_ARGS. If you change
PKG_ARGS, those files will not correctly be
installed in /var/db/pkg upon install from a
port.Licensing ProblemsSome software packages have restrictive licenses or can be in
violation to the law (PKP's patent on public key crypto, ITAR (export
of crypto software) to name just two of them). What we can do with
them varies a lot, depending on the exact wordings of the respective
licenses.It is your responsibility as a porter to read the licensing
terms of the software and make sure that the FreeBSD project will
not be held accountable of violating them by redistributing the
source or compiled binaries either via ftp or CD-ROM. If in doubt,
please contact the &a.ports;.There are two variables you can set in the Makefile to handle the
situations that arise frequently:If the port has a “do not sell for profit” type of
license, set the variable NO_CDROM to a string
describing the reason why. We will make sure such ports will not go
into the CD-ROM come release time. The distfile and package will
still be available via ftp.If the resulting package needs to be built uniquely for each
site, or the resulting binary package cannot be distributed due to
licensing; set the variable NO_PACKAGE to a
string describing the reason why. We will make sure such packages
will not go on the ftp site, nor into the CD-ROM come release time.
The distfile will still be included on both however.If the port has legal restrictions on who can use it (e.g.,
crypto stuff) or has a “no commercial use” license,
set the variable RESTRICTED to be the string
describing the reason why. For such ports, the distfiles/packages
will not be available even from our ftp sites.The GNU General Public License (GPL), both version 1 and 2,
should not be a problem for ports.If you are a committer, make sure you update the
ports/LEGAL file too.UpgradingWhen you notice that a port is out of date compared to the latest
version from the original authors, first make sure you have the latest
port. You can find them in the
ports/ports-current directory of the ftp mirror
sites.The next step is to send a mail to the maintainer, if one is
listed in the port's Makefile. That person may
already be working on an upgrade, or have a reason to not upgrade the
port right now (because of, for example, stability problems of the new
version).If the maintainer asks you to do the upgrade or there is not any
such person to begin with, please make the upgrade and send the
recursive diff (either unified or context diff is fine, but port
committers appear to prefer unified diff more) of the new and old
ports directories to us (e.g., if your modified port directory is
called superedit and the original as in our tree
is superedit.bak, then send us the result of
diff -ruN superedit.bak superedit). Please examine
the output to make sure all the changes make sense. The best way to
send us the diff is by including it to &man.send-pr.1; (category
ports). Please mention any added or deleted files
in the message, as they have to be explicitly specified to CVS when
doing a commit. If the diff is more than about 20KB, please compress
and uuencode it; otherwise, just include it in as is in the PR.Once again, please use &man.diff.1; and not &man.shar.1; to send
updates to existing ports.Do's and Dont'sHere is a list of common do's and dont's that you encounter during
the porting process.You should check your own port against this list,
but you can also check ports in the PR database that others have
submitted. Submit any comments on ports you check as described in
Bug Reports and General
Commentary. Checking ports in the PR database will both make
it faster for us to commit them, and prove that you know what you are
doing.Strip BinariesDo strip binaries. If the original source already strips the
binaries, fine; otherwise you should add a
post-install rule to to it yourself. Here is an
example;
post-install:
strip ${PREFIX}/bin/xdlUse the &man.file.1; command on the installed executable to
check whether the binary is stripped or not. If it does not say
not stripped, it is stripped.INSTALL_* macrosDo use the macros provided in bsd.port.mk
to ensure correct modes and ownership of files in your own
*-install targets. They are:INSTALL_PROGRAM is a command to install
binary executables.INSTALL_SCRIPT is a command to install
executable scripts.INSTALL_DATA is a command to install
sharable data.INSTALL_MAN is a command to install
manpages and other documentation (it does not compress
anything).These are basically the install command with
all the appropriate flags. See below for an example on how to use
them.WRKDIRDo not write anything to files outside
WRKDIR. WRKDIR is the only
place that is guaranteed to be writable during the port build (see
compiling ports from CDROM for an
example of building ports from a read-only tree). If you need to
modigy some file in PKGDIR, do so by redefining a variable, not by
writing over it.WRKDIRPREFIXMake sure your port honors WRKDIRPREFIX.
Most ports do not have to worry about this. In particular, if you
are referring to a WRKDIR of another port, note
that the correct location is
WRKDIRPREFIXPORTSDIR/subdir/name/work not PORTSDIR/subdir/name/work or .CURDIR/../../subdir/name/work or some such.Also, if you are defining WRKDIR yourself,
make sure you prepend
${WKRDIRPREFIX}${.CURDIR} in the
front.Differentiating operating systems and OS versionsYou may come across code that needs modifications or conditional
compilation based upon what version of UNIX it is running under. If
you need to make such changes to the code for conditional
compilation, make sure you make the changes as general as possible
so that we can back-port code to FreeBSD 1.x systems and cross-port
to other BSD systems such as 4.4BSD from CSRG, BSD/386, 386BSD,
NetBSD, and OpenBSD.The preferred way to tell 4.3BSD/Reno (1990) and newer versions
of the BSD code apart is by using the BSD macro
defined in <sys/param.h>. Hopefully that
file is already included; if not, add the code:
#if (defined(__unix__) || defined(unix)) && !defined(USG)
#include <sys/param.h>
#endifto the proper place in the .c file. We
believe that every system that defines these two symbols has
sys/param.h. If you find a system that
does not, we would like to know. Please send mail to the
&a.ports;.Another way is to use the GNU Autoconf style of doing
this:
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endifDo not forget to add -DHAVE_SYS_PARAM_H to the
CFLAGS in the Makefile for
this method.Once you have sys/param.h included, you may
use:
#if (defined(BSD) && (BSD >= 199103))to detect if the code is being compiled on a 4.3 Net2 code base
or newer (e.g. FreeBSD 1.x, 4.3/Reno, NetBSD 0.9, 386BSD, BSD/386
1.1 and below).Use:
#if (defined(BSD) && (BSD >= 199306))to detect if the code is being compiled on a 4.4 code base or
newer (e.g. FreeBSD 2.x, 4.4, NetBSD 1.0, BSD/386 2.0 or
above).The value of the BSD macro is
199506 for the 4.4BSD-Lite2 code base. This is
stated for informational purposes only. It should not be used to
distinguish between versions of FreeBSD based only on 4.4-Lite vs.
versions that have merged in changes from 4.4-Lite2. The
__FreeBSD__ macro should be used instead.Use sparingly:__FreeBSD__ is defined in all versions of
FreeBSD. Use it if the change you are making
only affects FreeBSD. Porting gotchas like
the use of sys_errlist[] vs
strerror() are Berkeleyisms, not FreeBSD
changes.In FreeBSD 2.x, __FreeBSD__ is defined to
be 2. In earlier versions, it is
1. Later versions will bump it to match
their major version number.If you need to tell the difference between a FreeBSD 1.x
system and a FreeBSD 2.x or 3.x system, usually the right answer
is to use the BSD macros described above. If
there actually is a FreeBSD specific change (such as special
shared library options when using ld) then it
is OK to use __FreeBSD__ and #if
__FreeBSD__ > 1 to detect a FreeBSD 2.x and later
system. If you need more granularity in detecting FreeBSD
systems since 2.0-RELEASE you can use the following:
#if __FreeBSD__ >= 2
#include <osreldate.h>
# if __FreeBSD_version >= 199504
/* 2.0.5+ release specific code here */
# endif
#endifRelease__FreeBSD_version2.0-RELEASE1194112.1-CURRENTs199501, 1995032.0.5-RELEASE1995042.2-CURRENT before 2.11995082.1.0-RELEASE1995112.2-CURRENT before 2.1.51995122.1.5-RELEASE1996072.2-CURRENT before 2.1.61996082.1.6-RELEASE1996122.1.7-RELEASE1996122.2-RELEASE2200002.2.1-RELEASE220000 (no change)2.2-STABLE after 2.2.1-RELEASE220000 (no change)2.2-STABLE after texinfo-3.92210012.2-STABLE after top2210022.2.2-RELEASE2220002.2-STABLE after 2.2.2-RELEASE2220012.2.5-RELEASE2250002.2-STABLE after 2.2.5-RELEASE2250012.2-STABLE after ldconfig -R merge2250022.2.6-RELEASE2260002.2.7-RELEASE2270002.2-STABLE after 2.2.7-RELEASE2270012.2-STABLE after semctl(2) change2270022.2.8-RELEASE2280002.2-STABLE after 2.2.8-RELEASE2280013.0-CURRENT before mount(2) change3000003.0-CURRENT after mount(2) change3000013.0-CURRENT after semctl(2) change3000023.0-CURRENT after ioctl arg changes3000033.0-CURRENT after ELF conversion3000043.0-RELEASE3000053.0-CURRENT after 3.0-RELEASE3000063.0-STABLE after 3/4 branch3000073.1-RELEASE3100003.1-STABLE after 3.1-RELEASE3100013.1-STABLE after C++ constructor/destructor order change3100023.2-STABLE3200014.0-CURRENT after 3/4 branch4000004.0-CURRENT after change in dynamic linker handling4000014.0-CURRENT after C++ constructor/destructor order change4000024.0-CURRENT after functioning dladdr(3)4000034.0-CURRENT after newbus4000044.0-CURRENT after suser(9) API change4000054.0-CURRENT after cdevsw registration change4000064.0-CURRENT after the addition of so_cred for socket level credentials4000074.0-CURRENT after the addition of a poll syscall wrapper to libc_r400008Note that 2.2-STABLE sometimes identifies itself as
“2.2.5-STABLE” after the 2.2.5-RELEASE. The pattern
used to be year followed by the month, but we decided to change it
to a more straightforward major/minor system starting from 2.2.
This is because the parallel development on several branches made
it infeasible to classify the releases simply by their real
release dates. If you are making a port now, you do not have to
worry about old -CURRENTs; they are listed here just for your
reference.In the hundreds of ports that have been done, there have only
been one or two cases where __FreeBSD__ should
have been used. Just because an earlier port screwed up and used it
in the wrong place does not mean you should do so too.Writing something after
bsd.port.mkDo not write anything after the .include
<bsd.port.mk> line. it usually can be avoided by
including bsd.port.pre.mk somewhere in the
middle of your Makefile and
bsd.port.post.mk at the end.You need to include either the
pre.mk/post.mk pair or
bsd.port.mk only; do not mix these two.bsd.port.pre.mk only defines a few
variables, which can be used in tests in the
Makefile, bsd.port.post.mk
defines the rest.Here are some important variables defined in
bsd.port.pre.mk (this is not the complete list,
please read bsd.port.mk for the complete
list).VariableDescriptionARCHThe architecture as returned by uname
-m (e.g., i386)OPSYSThe operating system type, as returned by
uname -s (e.g.,
FreeBSD)OSRELThe release version of the operating system (e.g.,
2.1.5 or
2.2.7)OSVERSIONThe numeric version of the operating system, same as
__FreeBSD_version.PORTOBJFORMATThe object format of the system
(aout or elfLOCALBASEThe base of the “local” tree (e.g.,
/usr/local/)X11BASEThe base of the “X11” tree (e.g.,
/usr/X11R6)PREFIXWhere the port installs itself (see more on
PREFIX).If you have to define the variables
USE_IMAKE, USE_X_PREFIX, or
MASTERDIR, do so before including
bsd.port.pre.mk.Here are some examples of things you can write after
bsd.port.pre.mk;
# no need to compile lang/perl5 if perl5 is already in system
.if ${OSVERSION} > 300003
BROKEN= perl is in system
.endif
# only one shlib version number for ELF
.if ${PORTOBJFORMAT} == "elf"
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}
.else
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}.${SHLIB_MINOR}
.endif
# software already makes link for ELF, but not for a.out
post-install:
.if ${PORTOBJFORMAT} == "aout"
${LN} -sf liblinpack.so.1.0 ${PREFIX}/lib/liblinpack.so
.endifInstall additional documentationIf your software has some documentation other than the standard
man and info pages that you think is useful for the user, install it
under PREFIX/share/doc.
This can be done, like the previous item, in the
post-install target.Create a new directory for your port. The directory name should
reflect what the port is. This usually means
PKGNAME minus the version part. However, if you
think the user might want different versions of the port to be
installed at the same time, you can use the whole
PKGNAME.Make the installation dependent to the variable
NOPORTDOCS so that users can disable it in
/etc/make.conf, like this:
post-install:
.if !defined(NOPORTDOCS)
${MKDIR}${PREFIX}/share/doc/xv
${INSTALL_MAN} ${WRKSRC}/docs/xvdocs.ps ${PREFIX}/share/doc/xv
.endifDo not forget to add them to pkg/PLIST too!
(Do not worry about NOPORTDOCS here; there is
currently no way for the packages to read variables from
/etc/make.conf.)Also you can use the pkg/MESSAGE file to
display messages upon installation. See the using
pkg/MESSAGE section for
details.MESSAGE does not need to be added to
pkg/PLIST).DIST_SUBDIRDo not let your port clutter
/usr/ports/distfiles. If your port requires a
lot of files to be fetched, or contains a file that has a name that
might conflict with other ports (e.g.,
Makefile), set DIST_SUBDIR
to the name of the port (PKGNAME without the
version part should work fine). This will change
DISTDIR from the default
/usr/ports/distfiles to
/usr/ports/distfiles/DIST_SUBDIR,
and in effect puts everything that is required for your port into
that subdirectory.It will also look at the subdirectory with the same name on the
- backup master site at ftp.freebsd.org.
+ backup master site at ftp.FreeBSD.org.
(Setting DISTDIR explicitly in your
Makefile will not accomplish this, so please use
DIST_SUBDIR.)This does not affect the MASTER_SITES you
define in your Makefile.Package informationDo include package information, i.e.
COMMENT, DESCR, and
PLIST, in pkg.Note that these files are not used only for packaging anymore,
and are mandatory now, even if
NO_PACKAGE is set.RCS stringsDo not put RCS strings in patches. CVS will mangle them when we
put the files into the ports tree, and when we check them out again,
they will come out different and the patch will fail. RCS strings
are surrounded by dollar ($) signs, and
typically start with $Id or
$RCS.Recursive diffUsing the recurse () option to
diff to generate patches is fine, but please take
a look at the resulting patches to make sure you do not have any
unnecessary junk in there. In particular, diffs between two backup
files, Makefiles when the port uses
Imake or GNU configure, etc.,
are unnecessary and should be deleted. If you had to edit
configure.in and run
autoconf to regenerate
configure, do not take the diffs of
configure (it often grows to a few thousand
lines!); define USE_AUTOCONF=yes and take the
diffsof configure.in.Also, if you had to delete a file, then you can do it in the
post-extract target rather than as part of
the patch. Once you are happy with the resulting diff, please split
it up into one source file per patch file.PREFIXDo try to make your port install relative to
PREFIX. (The value of this variable will be set
to LOCALBASE (default
/usr/local), unless
USE_X_PREFIX or USE_IMAKE is
set, in which case it will be X11BASE (default
/usr/X11R6).)Not hard-coding /usr/local or
/usr/X11R6 anywhere in the source will make the
port much more flexible and able to cater to the needs of other
sites. For X ports that use imake, this is
automatic; otherwise, this can often be done by simply replacing the
occurrences of /usr/local (or
/usr/X11R6 for X ports that do not use imake)
in the various scripts/Makefiles in the port to read
PREFIX, as this variable is automatically passed
down to every stage of the build and install processes.Do not set USE_X_PREFIX unless your port
truly require it (i.e., it links against X libs or it needs to
reference files in X11BASE).The variable PREFIX can be reassigned in your
Makefile or in the user's environment.
However, it is strongly discouraged for individual ports to set this
variable explicitly in the Makefiles.Also, refer to programs/files from other ports with the
variables mentioned above, not explicit pathnames. For instance, if
your port requires a macro PAGER to be the full
pathname of less, use the compiler flag:
-DPAGER=\"${PREFIX}/bin/less\"
or
-DPAGER=\"${LOCALBASE}/bin/less\"
if this is an X port, instead of
-DPAGER=\"/usr/local/bin/less\". This way it will
have a better chance of working if the system administrator has
moved the whole `/usr/local' tree somewhere else.SubdirectoriesTry to let the port put things in the right subdirectories of
PREFIX. Some ports lump everything and put it in
the subdirectory with the port's name, which is incorrect. Also,
many ports put everything except binaries, header files and manual
pages in the a subdirectory of lib, which does
not bode well with the BSD paradigm. Many of the files should be
moved to one of the following: etc
(setup/configuration files), libexec
(executables started internally), sbin
(executables for superusers/managers), info
(documentation for info browser) or share
(architecture independent files). See man &man.hier.7; for details,
the rules governing
/usr pretty much apply to
/usr/local too. The exception are ports
dealing with USENET “news”. They may use
PREFIX/news as a destination
for their files.Cleaning up empty directoriesDo make your ports clean up after themselves when they are
deinstalled. This is usually accomplished by adding
@dirrm lines for all directories that are
specifically created by the port. You need to delete subdirectories
before you can delete parent directories.
:
lib/X11/oneko/pixmaps/cat.xpm
lib/X11/oneko/sounds/cat.au
:
@dirrm lib/X11/oneko/pixmals
@dirrm lib/X11/oneko/sounds
@dirrm lib/X11/onekoHowever, sometimes @dirrm will give you
errors because other ports also share the same subdirectory. You
can call rmdir from @unexec to
remove only empty directories without warning.
@unexec rmdir %D/share/doc/gimp 2>/dev/null || trueThis will neither print any error messages nor cause
pkg_delete to exit abnormally even if
PREFIX/share/doc/gimp is not
empty due to other ports installing some files in there.UIDsIf your port requires a certain user to be on the installed
system, let the pkg/INSTALL script call
pw to create it automatically. Look at
net/cvsup-mirror for an example.If your port must use the same user/group ID number when it is
installed a binarypackage as when it was compiled, then you mus
choose a free UID from 50 to 99 and register it below. Look at
japanese/Wnn for an example.Make sure you do not use a UID already used by the system or
other ports. This is the current list of UIDs between 50 and
99.
majordom:*:54:54:Majordomo Pseudo User:/usr/local/majordomo:/nonexistent
cyrus:*:60:60:the cyrus mail server:/nonexistent:/nonexistent
gnats:*:61:1:GNATS database owner:/usr/local/share/gnats/gnats-db:/bin/sh
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent
pop:*:68:6:Post Office Owner (popper):/nonexistent:/nonexistent
wnn:*:69:7:Wnn:/nonexistent:/nonexistent
ifmail:*:70:66:Ifmail user:/nonexistent:/nonexistent
pgsql:*:70:70:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh
ircd:*:72:72:IRCd hybrid:/nonexistent:/nonexistent
alias:*:81:81:QMail user:/var/qmail/alias:/nonexistent
qmaill:*:83:81:QMail user:/var/qmail:/nonexistent
qmaild:*:82:81:QMail user:/var/qmail:/nonexistent
qmailq:*:85:82:QMail user:/var/qmail:/nonexistent
qmails:*:87:82:QMail user:/var/qmail:/nonexistent
qmailp:*:84:81:QMail user:/var/qmail:/nonexistent
qmailr:*:86:82:QMail user:/var/qmail:/nonexistent
msql:*:87:87:mSQL-2 pseudo-user:/var/db/msqldb:/bin/shPlease include a notice when you submit a port (or an upgrade)
that reserves a new UID or GID in this range. This allows us to
keep the list of reserved IDs up to date.Do things rationallyThe Makefile should do things simply and
reasonably. If you can make it a couple of lines shorter or more
readable, then do so. Examples include using a make
.if construct instead of a shell
if construct, not redefining
do-extract if you can redefine
EXTRACT* instead, and using
GNU_CONFIGURE instead of CONFIGURE_ARGS
+= --prefix=${PREFIX}.Respect CFLAGSThe port should respect the CFLAGS variable.
If it does not, please add NO_PACKAGE=ignores
cflags to the Makefile.Configuration filesIf your port requires some configuration files in
PREFIX/etc, do
not just install them and list them in
pkg/PLIST. That will cause
pkg_delete to delete files carefully edited by
the user and a new installation to wipe them out.Instead, install sample files with a suffix
(filename.sample
will work well) and print out a message pointing out that the
user has to copy and edit the file before the software can be made
to work.PortlintDo check your work with portlint
before you submit or commit it.FeedbackDo send applicable changes/patches to the original
author/maintainer for inclusion in next release of the code. This
will only make your job that much easier for the next
release.MiscellaneaThe files pkg/DESCR,
pkg/COMMENT, and pkg/PLIST
should each be double-checked. If you are reviewing a port and feel
they can be worded better, do so.Do not copy more copies of the GNU General Public License into
our system, please.Please be careful to note any legal issues! Do not let us
illegally distribute software!If you are stuck…Do look at existing examples and the
bsd.port.mk file before asking us questions!
;)Do ask us questions if you have any trouble! Do not just beat
your head against a wall! :)A Sample MakefileHere is a sample Makefile that you can use to
create a new port. Make sure you remove all the extra comments (ones
between brackets)!It is recommended that you follow this format (ordering of
variables, empty lines between sections, etc.). This format is
designed so that the most important information is easy to locate. We
recommend that you use portlint to check the
Makefile.
[the header...just to make it easier for us to identify the ports.]
# New ports collection makefile for: xdvi
[the version required header should updated when upgrading a port.]
# Version required: pl18 [things like "1.5alpha" are fine here too]
[this is the date when the first version of this Makefile was created.
Never change this when doing an update of the port.]
# Date created: 26 May 1995
[this is the person who did the original port to FreeBSD, in particular, the
person who wrote the first version of this Makefile. Remember, this should
not be changed when upgrading the port later.]
# Whom: Satoshi Asami <asami@FreeBSD.ORG>
#
# $Id$
[ ^^^^ This will be automatically replaced with RCS ID string by CVS
when it is committed to our repository.]
#
[section to describe the port itself and the master site - DISTNAME
is always first, followed by PKGNAME (if necessary), CATEGORIES,
and then MASTER_SITES, which can be followed by MASTER_SITE_SUBDIR.
After those, one of EXTRACT_SUFX or DISTFILES can be specified too.]
DISTNAME= xdvi
PKGNAME= xdvi-pl18
CATEGORIES= print
[do not forget the trailing slash ("/")!
if you are not using MASTER_SITE_* macros]
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applications
[set this if the source is not in the standard ".tar.gz" form]
EXTRACT_SUFX= .tar.Z
[section for distributed patches -- can be empty]
PATCH_SITES= ftp://ftp.sra.co.jp/pub/X11/japanese/
PATCHFILES= xdvi-18.patch1.gz xdvi-18.patch2.gz
[maintainer; *mandatory*! This is the person (preferably with commit
privileges) who a user can contact for questions and bug reports - this
person should be the porter or someone who can forward questions to the
original porter reasonably promptly. If you really do not want to have
your address here, set it to "ports@FreeBSD.ORG".]
MAINTAINER= asami@FreeBSD.ORG
[dependencies -- can be empty]
RUN_DEPENDS= gs:${PORTSDIR}/print/ghostscript
LIB_DEPENDS= Xpm.5:${PORTSDIR}/graphics/xpm
[this section is for other standard bsd.port.mk variables that do not
belong to any of the above]
[If it asks questions during configure, build, install...]
IS_INTERACTIVE= yes
[If it extracts to a directory other than ${DISTNAME}...]
WRKSRC= ${WRKDIR}/xdvi-new
[If the distributed patches were not made relative to ${WRKSRC}, you
may need to tweak this]
PATCH_DIST_STRIP= -p1
[If it requires a "configure" script generated by GNU autoconf to be run]
GNU_CONFIGURE= yes
[If it requires GNU make, not /usr/bin/make, to build...]
USE_GMAKE= yes
[If it is an X application and requires "xmkmf -a" to be run...]
USE_IMAKE= yes
[et cetera.]
[non-standard variables to be used in the rules below]
MY_FAVORITE_RESPONSE= "yeah, right"
[then the special rules, in the order they are called]
pre-fetch:
i go fetch something, yeah
post-patch:
i need to do something after patch, great
pre-install:
and then some more stuff before installing, wow
[and then the epilogue]
.include <bsd.port.mk>Automated package list creationFirst, make sure your port is almost complete, with only
PLIST missing. Create an empty
PLIST.&prompt.root; touch PLISTNext, create a new set of directories which your port can be
installed, and install any dependencies.&prompt.root; mtree -U -f /etc/mtree/BSD.local.dist -d -e -p /var/tmp/port-name
&prompt.root; make depends PREFIX=/var/tmp/port-nameStore the directory structure in a new file.&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > OLD-DIRSIf your port honours PREFIX (which it should)
you can then install the port and create the package list.&prompt.root; make install PREFIX=/var/tmp
&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > pkg/PLISTYou must also add any newly created directories to the packing
list.&prompt.root; (cd /var/tmp/port-name && find * -type d) | comm -13 OLD-DIRS - | sed -e 's#^#@dirrm#' >> pkg/PLISTFinally, you need to tidy up the packing list by hand. I lied
when I said this was all automated. Manual pages should be listed in
the port's Makefile under
MANn, and not in the
package list. User configuration files should be removed, or
installed as
filename.sample. Any
libraries installed by the port should be listed as specified in the
ldconfig section.Package NamesThe following are the conventions you should follow in naming your
packages. This is to have our package directory easy to scan, as
there are already lots and lots of packages and users are going to
turn away if they hurt their eyes!The package name should look like
language-name-compiled.specifics-version.numbers.If your DISTNAME does not look like that, set
PKGNAME to something in that format.FreeBSD strives to support the native language of its users.
The language- part should be a two
letter abbreviation of the natural language defined by ISO-639 if
the port is specific to a certain language. Examples are
ja for Japanese, ru for
Russian, vi for Vietnamese,
zh for Chinese, ko for
Korean and de for German.The name part should be all lowercases,
except for a really large package (with lots of programs in it).
Things like XFree86 (yes there really is a port of it, check it
out) and ImageMagick fall into this category. Otherwise, convert
the name (or at least the first letter) to lowercase. If the
capital letters are important to the name (for example, with
one-letter names like R or
V) you may use capital letters at your
discretion. There is a tradition of naming Perl 5 modules by
prepending p5- and converting the double-colon
separator to a hyphen; for example, the
Data::Dumper module becomes
p5-Data-Dumper. If the software in question
has numbers, hyphens, or underscores in its name, you may include
them as well (like kinput2).If the port can be built with different hardcoded defaults (usually
part of the directory name in a family of ports), the
-compiled.specifics part should state
the compiled-in defaults (the hyphen is optional). Examples are
papersize and font units.The version string should be a period-separated list of
integers and single lowercase alphabetics. The only exception is
the string pl (meaning `patchlevel'), which can
be used only when there are no major and
minor version numbers in the software.Here are some (real) examples on how to convert a
DISTNAME into a suitable
PKGNAME:Distribution NamePackage NameReasonmule-2.2.2.mule-2.2.2No changes requiredXFree86-3.1.2XFree86-3.1.2No changes requiredEmiClock-1.0.2emiclock-1.0.2No uppercase names for single programsgmod1.4gmod-1.4Need a hyphen before version numbersxmris.4.0.2xmris-4.0.2Need a hyphen before version numbersrdist-1.3alphardist-1.3aNo strings like alpha
allowedes-0.9-beta1es-0.9b1No strings like beta
allowedv3.3beta021.srctiff-3.3What the heck was that anyway?tvtwmtvtwm-pl11Version string always requiredpiewmpiewm-1.0Version string always requiredxvgr-2.10pl1xvgr-2.10.1pl allowed only when no
major/minor version numbersgawk-2.15.6ja-gawk-2.15.6Japanese language versionpsutils-1.13psutils-letter-1.13Papersize hardcoded at package build timepkfontspkfonts300-1.0Package for 300dpi fontsIf there is absolutely no trace of version information in the
original source and it is unlikely that the original author will ever
release another version, just set the version string to
1.0 (like the piewm example above). Otherwise, ask
the original author or use the date string
(yy.mm.dd) as the version.CategoriesAs you already know, ports are classified in several categories.
But for this to wor, it is important that porters and users understand
what each category and how we deicde what to put in each
category.Current list of categoriesFirst, this is the current list of port categories. Those
marked with an asterisk (*) are
virtual categories—those that do not have
a corresponding subdirectory in the ports tree.For non-virtual categories, you will find a one-line
description in the pkg/COMMENT file in that
subdirectory (e.g.,
archivers/pkg/COMMENT).CategoryDescriptionafterstep*Ports to support AfterStep window managerarchiversArchiving tools.astroAstronomical ports.audioSound support.benchmarksBenchmarking utilities.biologyBiology-related software.cadComputer aided design tools.chineseChinese language support.commsCommunication software. Mostly software to talk to
your serial port.convertersCharacter code converters.databasesDatabases.deskutilsThings that used to be on the desktop before
computers were invented.develDevelopment utilities. Do not put libraries here just
because they are libraries—unless they truly do not
belong to anywhere else, they should not be in this
category.editorsGeneral editors. Specialized editors go in the section
for those tools (e.g., a mathematical-formula editor will go
in math).elispEmacs-lisp ports.emulatorsEmulators for other operating systems. Terminal
emulators do not belong
here—X-based ones should go to
x11 and text-based ones to either
comms or misc,
depending on the exact functionality.gamesGames.germanGerman language support.graphicsGraphics utilities.japaneseJapanese language support.kde*Ports that form the K Desktop Environment
(kde).koreanKorean language support.langProgramming languages.mailMail software.mathNumerical computation software and other utilities
for mathematics.mboneMBone applications.miscMiscellaneous utilities—basically things that
does not belong to anywhere else. This is the only category
that should not appear with any other non-virtual category.
If you have misc with something else in
your CATEGORIES line, that means you can
safely delete misc and just put the port
in that other subdirectory!netMiscellaneous networking software.newsUSENET news software.offix*Ports from the OffiX suite.palmSoftware support for the 3Com Palm(tm) series.perl5*Ports that require perl version 5 to run.plan9*Various programs from Plan9.printPrinting software. Desktop publishing tools
(previewers, etc.) belong here too.python*Software written in python.russianRussian language support.securitySecurity utilities.shellsCommand line shells.sysutilsSystem utilities.tcl75*Ports that use tcl version 7.5 to run.tcl76*Ports that use tcl version 7.6 to run.tcl80*Ports that use tcl version 8.0 to run.tcl81*Ports that use tcl version 8.1 to run.textprocText processing utilities. It does not include
desktop publishing tools, which go to print/.tk41*Ports that use tk version 4.1 to run.tk42*Ports that use tk version 4.2 to run.tk80*Ports that use tk version 8.0 to run.tk81*Ports that use tk version 8.1 to run.vietnameseVietnamese language support.windowmaker*Ports to support the WindowMaker window
managerwwwSoftware related to the World Wide Web. HTML language
support belong here too.x11The X window system and friends. This category is only
for software that directly support the window system. Do not
put regular X applications here. If your port is an X
application, define USE_XLIB (implied by
USE_IMAKE) and put it in appropriate
categories. Also, many of them go into other
x11-* categories (see below).x11-clocksX11 clocks.x11-fmX11 file managers.x11-fontsX11 fonts and font utilities.x11-toolkitsX11 toolkits.x11-wmX11 window managers.Choosing the right categoryAs many of the categories overlap, you often have to choose
which of the categories should be the primary category of your port.
There are several rules that govern this usse. Here is the list of
priorities, in decreasing order of precedence.Language specific categories always come first. For
example, if your port installs Japanese X11 fonts, then your
CATEGORIES line would read japanese
x11-fonts.Specific categories win over less-specific ones. For
instance, an HTML editor should be listed as www
editors, not the other way around. Also, you do not
need to list net when the port belongs to
either of mail, mbone,
news, security, or
www.x11 is used as a secondary category only
when the primary category is a natural language. In particular,
you should not put x11 in the category line
for X applications.If your port truly does not belong anywhere else, put it in
misc.If you are not sure about the category, please put a comment to
that effect in your send-pr submission so we can
discuss it before import it. (If you are a committer, send a note
&a.ports; so we can discuss it first—too often new ports are
imported to a wrong category only to be moved right away.)Changes to this document and the ports systemIf you maintain a lot of ports, you should consider following the
&a.ports;. Important changes to the way ports work will be announced
there. You can always find more detailed information on the latest
changes by looking at the
bsd.port.mk CVS log.That is It, Folks!Boy, this sure was a long tutorial, wasn't it? Thanks for
following us to here, really.Well, now that you know how to do a port, let us go at it and
convert everything in the world into ports! That is the easiest way to
start contributing to the FreeBSD Project! :)
diff --git a/en_US.ISO_8859-1/books/handbook/advanced-networking/chapter.sgml b/en_US.ISO_8859-1/books/handbook/advanced-networking/chapter.sgml
index 99ca9d0f2c..a5ed9584f2 100644
--- a/en_US.ISO_8859-1/books/handbook/advanced-networking/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/advanced-networking/chapter.sgml
@@ -1,934 +1,934 @@
Advanced NetworkingGateways and RoutesContributed by &a.gryphon;. 6 October
1995.For one machine to be able to find another, there must be a
mechanism in place to describe how to get from one to the other. This is
called Routing. A “route” is a defined pair of addresses: a
“destination” and a “gateway”. The pair
indicates that if you are trying to get to this
destination, send along through this
gateway. There are three types of destinations:
individual hosts, subnets, and “default”. The
“default route” is used if none of the other routes apply.
We will talk a little bit more about default routes later on. There are
also three types of gateways: individual hosts, interfaces (also called
“links”), and ethernet hardware addresses.An exampleTo illustrate different aspects of routing, we will use the
following example which is the output of the command netstat
-r:Destination Gateway Flags Refs Use Netif Expire
default outside-gw UGSc 37 418 ppp0
localhost localhost UH 0 181 lo0
test0 0:e0:b5:36:cf:4f UHLW 5 63288 ed0 77
10.20.30.255 link#1 UHLW 1 2421
foobar.com link#1 UC 0 0
host1 0:e0:a8:37:8:1e UHLW 3 4601 lo0
host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
host2.foobar.com link#1 UC 0 0
224 link#1 UC 0 0The first two lines specify the default route (which we will cover
in the next section) and the localhost route.The interface (Netif column) that it specifies
to use for localhost is
lo0, also known as the loopback device. This
says to keep all traffic for this destination internal, rather than
sending it out over the LAN, since it will only end up back where it
started anyway.The next thing that stands out are the 0:e0:... addresses. These are ethernet hardware
addresses. FreeBSD will automatically identify any hosts
(test0 in the example) on the local ethernet and add
a route for that host, directly to it over the ethernet interface,
ed0. There is also a timeout
(Expire column) associated with this type of route,
which is used if we fail to hear from the host in a specific amount of
time. In this case the route will be automatically deleted. These
hosts are identified using a mechanism known as RIP (Routing
Information Protocol), which figures out routes to local hosts based
upon a shortest path determination.FreeBSD will also add subnet routes for the local subnet (10.20.30.255 is the broadcast address for the
subnet 10.20.30, and foobar.com is the domain name associated
with that subnet). The designation link#1 refers
to the first ethernet card in the machine. You will notice no
additional interface is specified for those.Both of these groups (local network hosts and local subnets) have
their routes automatically configured by a daemon called
routed. If this is not run, then only routes which
are statically defined (ie. entered explicitly) will exist.The host1 line refers to our host, which it
knows by ethernet address. Since we are the sending host, FreeBSD
knows to use the loopback interface (lo0)
rather than sending it out over the ethernet interface.The two host2 lines are an example of what
happens when we use an ifconfig alias (see the section of ethernet for
reasons why we would do this). The => symbol
after the lo0 interface says that not only
are we using the loopback (since this is address also refers to the
local host), but specifically it is an alias. Such routes only show
up on the host that supports the alias; all other hosts on the local
network will simply have a link#1 line for
such.The final line (destination subnet 224) deals
with MultiCasting, which will be covered in a another section.The other column that we should talk about are the
Flags. Each route has different attributes that
are described in the column. Below is a short table of some of these
flags and their meanings:UUp: The route is active.HHost: The route destination is a single host.GGateway: Send anything for this destination on to this
remote system, which will figure out from there where to send
it.SStatic: This route was configured manually, not
automatically generated by the system.CClone: Generates a new route based upon this route for
machines we connect to. This type of route is normally used
for local networks.WWasCloned: Indicated a route that was auto-configured
based upon a local area network (Clone) route.LLink: Route involves references to ethernet
hardware.Default routesWhen the local system needs to make a connection to remote host,
it checks the routing table to determine if a known path exists. If
the remote host falls into a subnet that we know how to reach (Cloned
routes), then the system checks to see if it can connect along that
interface.If all known paths fail, the system has one last option: the
“default” route. This route is a special type of gateway
route (usually the only one present in the system), and is always
marked with a c in the flags field. For hosts on a
local area network, this gateway is set to whatever machine has a
direct connection to the outside world (whether via PPP link, or your
hardware device attached to a dedicated data line).If you are configuring the default route for a machine which
itself is functioning as the gateway to the outside world, then the
default route will be the gateway machine at your Internet Service
Provider's (ISP) site.Let us look at an example of default routes. This is a common
configuration:
[Local2] <--ether--> [Local1] <--PPP--> [ISP-Serv] <--ether--> [T1-GW]
The hosts Local1 and Local2 are
at your site, with the formed being your PPP connection to your ISP's
Terminal Server. Your ISP has a local network at their site, which
has, among other things, the server where you connect and a hardware
device (T1-GW) attached to the ISP's Internet feed.The default routes for each of your machines will be:hostdefault gatewayinterfaceLocal2Local1ethernetLocal1T1-GWPPPA common question is “Why (or how) would we set the T1-GW to
be the default gateway for Local1, rather than the ISP server it is
connected to?”.Remember, since the PPP interface is using an address on the ISP's
local network for your side of the connection, routes for any other
machines on the ISP's local network will be automatically generated.
Hence, you will already know how to reach the T1-GW machine, so there
is no need for the intermediate step of sending traffic to the ISP
server.As a final note, it is common to use the address ...1 as the gateway address for your local
network. So (using the same example), if your local class-C address
space was 10.20.30 and your ISP was
using 10.9.9 then the default routes
would be:
Local2 (10.20.30.2) --> Local1 (10.20.30.1)
Local1 (10.20.30.1, 10.9.9.30) --> T1-GW (10.9.9.1)
Dual homed hostsThere is one other type of configuration that we should cover, and
that is a host that sits on two different networks. Technically, any
machine functioning as a gateway (in the example above, using a PPP
connection) counts as a dual-homed host. But the term is really only
used to refer to a machine that sits on two local-area
networks.In one case, the machine as two ethernet cards, each having an
address on the separate subnets. Alternately, the machine may only
have one ethernet card, and be using ifconfig aliasing. The former is
used if two physically separate ethernet networks are in use, the
latter if there is one physical network segment, but two logically
separate subnets.Either way, routing tables are set up so that each subnet knows
that this machine is the defined gateway (inbound route) to the other
subnet. This configuration, with the machine acting as a Bridge
between the two subnets, is often used when we need to implement
packet filtering or firewall security in either or both
directions.Routing propagationWe have already talked about how we define our routes to the
outside world, but not about how the outside world finds us.We already know that routing tables can be set up so that all
traffic for a particular address space (in our examples, a class-C
subnet) can be sent to a particular host on that network, which will
forward the packets inbound.When you get an address space assigned to your site, your service
provider will set up their routing tables so that all traffic for your
subnet will be sent down your PPP link to your site. But how do sites
across the country know to send to your ISP?There is a system (much like the distributed DNS information) that
keeps track of all assigned address-spaces, and defines their point of
connection to the Internet Backbone. The “Backbone” are
the main trunk lines that carry Internet traffic across the country,
and around the world. Each backbone machine has a copy of a master
set of tables, which direct traffic for a particular network to a
specific backbone carrier, and from there down the chain of service
providers until it reaches your network.It is the task of your service provider to advertise to the
backbone sites that they are the point of connection (and thus the
path inward) for your site. This is known as route
propagation.TroubleshootingSometimes, there is a problem with routing propagation, and some
sites are unable to connect to you. Perhaps the most useful command
for trying to figure out where a routing is breaking down is the
&man.traceroute.8; command. It is equally useful if you cannot seem
to make a connection to a remote machine (i.e. &man.ping.8;
fails).The &man.traceroute.8; command is run with the name of the remote
host you are trying to connect to. It will show the gateway hosts
along the path of the attempt, eventually either reaching the target
host, or terminating because of a lack of connection.For more information, see the manual page for
&man.traceroute.8;.NFSContributed by &a.jlind;.Certain Ethernet adapters for ISA PC systems have limitations which
can lead to serious network problems, particularly with NFS. This
difficulty is not specific to FreeBSD, but FreeBSD systems are affected
by it.The problem nearly always occurs when (FreeBSD) PC systems are
networked with high-performance workstations, such as those made by
Silicon Graphics, Inc., and Sun Microsystems, Inc. The NFS mount will
work fine, and some operations may succeed, but suddenly the server will
seem to become unresponsive to the client, even though requests to and
from other systems continue to be processed. This happens to the client
system, whether the client is the FreeBSD system or the workstation. On
many systems, there is no way to shut down the client gracefully once
this problem has manifested itself. The only solution is often to reset
the client, because the NFS situation cannot be resolved.Though the “correct” solution is to get a higher
performance and capacity Ethernet adapter for the FreeBSD system, there
is a simple workaround that will allow satisfactory operation. If the
FreeBSD system is the server, include the option
on the mount from the client. If the FreeBSD
system is the client, then mount the NFS file
system with the option . These options may be
specified using the fourth field of the fstab entry
on the client for automatic mounts, or by using the
parameter of the mount command for manual mounts.It should be noted that there is a different problem, sometimes
mistaken for this one, when the NFS servers and clients are on different
networks. If that is the case, make certain that
your routers are routing the necessary UDP information, or you will not
get anywhere, no matter what else you are doing.In the following examples, fastws is the host
(interface) name of a high-performance workstation, and
freebox is the host (interface) name of a FreeBSD
system with a lower-performance Ethernet adapter. Also,
/sharedfs will be the exported NFS filesystem (see
man exports), and /project will
be the mount point on the client for the exported file system. In all
cases, note that additional options, such as or
and may be desirable in your
application.Examples for the FreeBSD system (freebox) as the
client: in /etc/fstab on freebox:
fastws:/sharedfs /project nfs rw,-r=1024 0 0As a manual mount command on freebox:&prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /projectExamples for the FreeBSD system as the server: in
/etc/fstab on fastws:
freebox:/sharedfs /project nfs rw,-w=1024 0 0As a manual mount command on fastws:&prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /projectNearly any 16-bit Ethernet adapter will allow operation without the
above restrictions on the read or write size.For anyone who cares, here is what happens when the failure occurs,
which also explains why it is unrecoverable. NFS typically works with a
“block” size of 8k (though it may do fragments of smaller
sizes). Since the maximum Ethernet packet is around 1500 bytes, the NFS
“block” gets split into multiple Ethernet packets, even
though it is still a single unit to the upper-level code, and must be
received, assembled, and acknowledged as a unit.
The high-performance workstations can pump out the packets which
comprise the NFS unit one right after the other, just as close together
as the standard allows. On the smaller, lower capacity cards, the later
packets overrun the earlier packets of the same unit before they can be
transferred to the host and the unit as a whole cannot be reconstructed
or acknowledged. As a result, the workstation will time out and try
again, but it will try again with the entire 8K unit, and the process
will be repeated, ad infinitum.By keeping the unit size below the Ethernet packet size limitation,
we ensure that any complete Ethernet packet received can be acknowledged
individually, avoiding the deadlock situation.Overruns may still occur when a high-performance workstations is
slamming data out to a PC system, but with the better cards, such
overruns are not guaranteed on NFS “units”. When an overrun
occurs, the units affected will be retransmitted, and there will be a
fair chance that they will be received, assembled, and
acknowledged.Diskless OperationContributed by &a.martin;.netboot.com/netboot.rom
allow you to boot your FreeBSD machine over the network and run FreeBSD
without having a disk on your client. Under 2.0 it is now possible to
have local swap. Swapping over NFS is also still supported.Supported Ethernet cards include: Western Digital/SMC 8003, 8013,
8216 and compatibles; NE1000/NE2000 and compatibles (requires
recompile)Setup InstructionsFind a machine that will be your server. This machine will
require enough disk space to hold the FreeBSD 2.0 binaries and
have bootp, tftp and NFS services available. Tested
machines:HP9000/8xx running HP-UX 9.04 or later (pre 9.04 doesn't
work)Sun/Solaris 2.3. (you may need to get bootp)Set up a bootp server to provide the client with IP, gateway,
netmask.
diskless:\
:ht=ether:\
:ha=0000c01f848a:\
:sm=255.255.255.0:\
:hn:\
:ds=192.1.2.3:\
:ip=192.1.2.4:\
:gw=192.1.2.5:\
:vm=rfc1048:Set up a TFTP server (on same machine as bootp server) to
provide booting information to client. The name of this file is
cfg.X.X.X.X (or
/tftpboot/cfg.X.X.X.X,
it will try both) where X.X.X.X is the
IP address of the client. The contents of this file can be any
valid netboot commands. Under 2.0, netboot has the following
commands:helpprint help listip
print/set client's IP addressserver
print/set bootp/tftp server addressnetmask
print/set netmaskhostname nameprint/set hostnamekernel
print/set kernel namerootfs
print/set root filesystemswapfs
print/set swap filesystemswapsize
set diskless swapsize in Kbytesdiskbootboot from diskautobootcontinue boot processtrans
|turn transceiver on|offflags
set boot flagsA typical completely diskless cfg file might contain:
rootfs 192.1.2.3:/rootfs/myclient
swapfs 192.1.2.3:/swapfs
swapsize 20000
hostname myclient.mydomainA cfg file for a machine with local swap might contain:
rootfs 192.1.2.3:/rootfs/myclient
hostname myclient.mydomainEnsure that your NFS server has exported the root (and swap if
applicable) filesystems to your client, and that the client has
root access to these filesystems A typical
/etc/exports file on FreeBSD might look
like:
/rootfs/myclient -maproot=0:0 myclient.mydomain
/swapfs -maproot=0:0 myclient.mydomainAnd on HP-UX:
/rootfs/myclient -root=myclient.mydomain
/swapfs -root=myclient.mydomainIf you are swapping over NFS (completely diskless
configuration) create a swap file for your client using
dd. If your swapfs command
has the arguments /swapfs and the size 20000
as in the example above, the swapfile for myclient will be called
/swapfs/swap.X.X.X.X
where X.X.X.X is the client's IP addr,
eg:&prompt.root; dd if=/dev/zero of=/swapfs/swap.192.1.2.4 bs=1k count=20000Also, the client's swap space might contain sensitive
information once swapping starts, so make sure to restrict read
and write access to this file to prevent unauthorized
access:&prompt.root; chmod 0600 /swapfs/swap.192.1.2.4Unpack the root filesystem in the directory the client will
use for its root filesystem (/rootfs/myclient
in the example above).On HP-UX systems: The server should be running HP-UX 9.04
or later for HP9000/800 series machines. Prior versions do not
allow the creation of device files over NFS.When extracting /dev in
/rootfs/myclient, beware that some
systems (HPUX) will not create device files that FreeBSD is
happy with. You may have to go to single user mode on the
first bootup (press control-c during the bootup phase), cd
/dev and do a sh ./MAKEDEV
all from the client to fix this.Run netboot.com on the client or make an
EPROM from the netboot.rom fileUsing Shared / and /usr
filesystemsAt present there isn't an officially sanctioned way of doing this,
although I have been using a shared /usr
filesystem and individual / filesystems for each
client. If anyone has any suggestions on how to do this cleanly,
please let me and/or the &a.core; know.Compiling netboot for specific setupsNetboot can be compiled to support NE1000/2000 cards by changing
the configuration in
/sys/i386/boot/netboot/Makefile. See the
comments at the top of this file.ISDNLast modified by &a.wlloyd;.A good resource for information on ISDN technology and hardware is
Dan Kegel's ISDN
Page.A quick simple roadmap to ISDN follows:If you live in Europe I suggest you investigate the ISDN card
section.If you are planning to use ISDN primarily to connect to the
Internet with an Internet Provider on a dialup non-dedicated basis,
I suggest you look into Terminal Adapters. This will give you the
most flexibility, with the fewest problems, if you change
providers.If you are connecting two lans together, or connecting to the
Internet with a dedicated ISDN connection, I suggest you consider
the stand alone router/bridge option.Cost is a significant factor in determining what solution you will
choose. The following options are listed from least expensive to most
expensive.ISDN CardsContributed by &a.hm;.This section is really only relevant to ISDN users in countries
where the DSS1/Q.931 ISDN standard is supported.Some growing number of PC ISDN cards are supported under FreeBSD
2.2.x and up by the isdn4bsd driver package. It is still under
development but the reports show that it is successfully used all over
Europe.The latest isdn4bsd version is available from ftp://isdn4bsd@ftp.consol.de/pub/,
the main isdn4bsd ftp site (you have to log in as user
isdn4bsd , give your mail address as the password
and change to the pub directory. Anonymous ftp
as user ftp or anonymous
will not give the desired result).Isdn4bsd allows you to connect to other ISDN routers using either
IP over raw HDLC or by using synchronous PPP. A telephone answering
machine application is also available.Many ISDN PC cards are supported, mostly the ones with a Siemens
ISDN chipset (ISAC/HSCX), support for other chipsets (from Motorola,
Cologne Chip Designs) is currently under development. For an
up-to-date list of supported cards, please have a look at the README
file.In case you are interested in adding support for a different ISDN
protocol, a currently unsupported ISDN PC card or otherwise enhancing
isdn4bsd, please get in touch with hm@kts.org.A majordomo maintained mailing list is available. To join the
list, send mail to majordomo@FreeBSD.ORG and
specify:
subscribe freebsd-isdnin the body of your message.ISDN Terminal AdaptersTerminal adapters(TA), are to ISDN what modems are to regular
phone lines.Most TA's use the standard hayes modem AT command set, and can be
used as a drop in replacement for a modem.A TA will operate basically the same as a modem except connection
and throughput speeds will be much faster than your old modem. You
will need to configure PPP exactly the same
as for a modem setup. Make sure you set your serial speed as high as
possible.The main advantage of using a TA to connect to an Internet
Provider is that you can do Dynamic PPP. As IP address space becomes
more and more scarce, most providers are not willing to provide you
with a static IP anymore. Most standalone routers are not able to
accommodate dynamic IP allocation.TA's completely rely on the PPP daemon that you are running for
their features and stability of connection. This allows you to
upgrade easily from using a modem to ISDN on a FreeBSD machine, if you
already have PPP setup. However, at the same time any problems you
experienced with the PPP program and are going to persist.If you want maximum stability, use the kernel PPP option, not the user-land iijPPP.The following TA's are know to work with FreeBSD.Motorola BitSurfer and Bitsurfer ProAdtranMost other TA's will probably work as well, TA vendors try to make
sure their product can accept most of the standard modem AT command
set.The real problem with external TA's is like modems you need a good
serial card in your computer.You should read the serial ports
section in the handbook for a detailed understanding of serial
devices, and the differences between asynchronous and synchronous
serial ports.A TA running off a standard PC serial port (asynchronous) limits
you to 115.2Kbs, even though you have a 128Kbs connection. To fully
utilize the 128Kbs that ISDN is capable of, you must move the TA to a
synchronous serial card.Do not be fooled into buying an internal TA and thinking you have
avoided the synchronous/asynchronous issue. Internal TA's simply have
a standard PC serial port chip built into them. All this will do, is
save you having to buy another serial cable, and find another empty
electrical socket.A synchronous card with a TA is at least as fast as a standalone
router, and with a simple 386 FreeBSD box driving it, probably more
flexible.The choice of sync/TA vs standalone router is largely a religious
issue. There has been some discussion of this in the mailing lists.
I suggest you search the archives for the
+ URL="http://www.FreeBSD.org/search.html">archives for the
complete discussion.Standalone ISDN Bridges/RoutersISDN bridges or routers are not at all specific to FreeBSD or any
other operating system. For a more complete description of routing
and bridging technology, please refer to a Networking reference
book.In the context of this page, I will use router and bridge
interchangeably.As the cost of low end ISDN routers/bridges comes down, it will
likely become a more and more popular choice. An ISDN router is a
small box that plugs directly into your local Ethernet network(or
card), and manages its own connection to the other bridge/router. It
has all the software to do PPP and other protocols built in.A router will allow you much faster throughput that a standard TA,
since it will be using a full synchronous ISDN connection.The main problem with ISDN routers and bridges is that
interoperability between manufacturers can still be a problem. If you
are planning to connect to an Internet provider, I recommend that you
discuss your needs with them.If you are planning to connect two lan segments together, ie: home
lan to the office lan, this is the simplest lowest maintenance
solution. Since you are buying the equipment for both sides of the
connection you can be assured that the link will work.For example to connect a home computer or branch office network to
a head office network the following setup could be used.Branch office or Home networkNetwork is 10 Base T Ethernet. Connect router to network cable
with AUI/10BT transceiver, if necessary.
---Sun workstation
|
---FreeBSD box
|
---Windows 95 (Do not admit to owning it)
|
Standalone router
|
ISDN BRI lineIf your home/branch office is only one computer you can use a
twisted pair crossover cable to connect to the standalone router
directly.Head office or other lanNetwork is Twisted Pair Ethernet.
-------Novell Server
| H |
| ---Sun
| |
| U ---FreeBSD
| |
| ---Windows 95
| B |
|___---Standalone router
|
ISDN BRI lineOne large advantage of most routers/bridges is that they allow you
to have 2 separate independent PPP connections to
2 separate sites at the same time. This is not
supported on most TA's, except for specific(expensive) models that
have two serial ports. Do not confuse this with channel bonding, MPP
etc.This can be very useful feature, for example if you have an
dedicated internet ISDN connection at your office and would like to
tap into it, but don't want to get another ISDN line at work. A router
at the office location can manage a dedicated B channel connection
(64Kbs) to the internet, as well as a use the other B channel for a
separate data connection. The second B channel can be used for
dialin, dialout or dynamically bond(MPP etc.) with the first B channel
for more bandwidth.An Ethernet bridge will also allow you to transmit more than just
IP traffic, you can also send IPX/SPX or whatever other protocols you
use.
diff --git a/en_US.ISO_8859-1/books/handbook/bibliography/chapter.sgml b/en_US.ISO_8859-1/books/handbook/bibliography/chapter.sgml
index aeeab83424..b11aa28161 100644
--- a/en_US.ISO_8859-1/books/handbook/bibliography/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/bibliography/chapter.sgml
@@ -1,478 +1,478 @@
BibliographyWhile the manual pages provide the definitive reference for individual
pieces of the FreeBSD operating system, they are notorious for not
illustrating how to put the pieces together to make the whole operating
system run smoothly. For this, there is no substitute for a good book on
UNIX system administration and a good users' manual.Books & Magazines Specific to FreeBSDInternational books &
Magazines:Using
FreeBSD (in Chinese).FreeBSD for PC 98'ers (in Japanese), published by SHUWA System
Co, LTD. ISBN 4-87966-468-5 C3055 P2900E.FreeBSD (in Japanese), published by CUTT. ISBN 4-906391-22-2
C3055 P2400E.Complete Introduction to FreeBSD (in Japanese), published by Shoeisha Co., Ltd. ISBN 4-88135-473-6 P3600E.Personal UNIX Starter Kit FreeBSD (in Japanese), published by ASCII. ISBN 4-7561-1733-3 P3000E.FreeBSD Handbook (Japanese translation), published by ASCII. ISBN 4-7561-1580-2
P3800E.FreeBSD mit Methode (in German), published by Computer und
Literatur Verlag/Vertrieb Hanser, 1998. ISBN 3-932311-31-0.FreeBSD Install and Utilization Manual (in Japanese), published by Mainichi Communications Inc..English language books & Magazines:The
Complete FreeBSD, published by Walnut Creek CDROM.Users' GuidesComputer Systems Research Group, UC Berkeley. 4.4BSD
User's Reference Manual. O'Reilly & Associates,
Inc., 1994. ISBN 1-56592-075-9Computer Systems Research Group, UC Berkeley. 4.4BSD
User's Supplementary Documents. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-076-7UNIX in a Nutshell. O'Reilly &
Associates, Inc., 1990. ISBN 093717520XMui, Linda. What You Need To Know When You Can't Find
Your UNIX System Administrator. O'Reilly &
Associates, Inc., 1995. ISBN 1-56592-104-6Ohio State
University has written a UNIX
Introductory Course which is available online in HTML and
postscript format.Jpman Project, Japan
FreeBSD Users Group. FreeBSD User's
Reference Manual (Japanese translation). Mainichi Communications
Inc., 1998. ISBN4-8399-0088-4 P3800E.Administrators' GuidesAlbitz, Paul and Liu, Cricket. DNS and
BIND, 2nd Ed. O'Reilly & Associates, Inc., 1997.
ISBN 1-56592-236-0Computer Systems Research Group, UC Berkeley. 4.4BSD
System Manager's Manual. O'Reilly & Associates,
Inc., 1994. ISBN 1-56592-080-5Costales, Brian, et al. Sendmail, 2nd Ed.
O'Reilly & Associates, Inc., 1997. ISBN 1-56592-222-0Frisch, Æleen. Essential System
Administration, 2nd Ed. O'Reilly & Associates,
Inc., 1995. ISBN 1-56592-127-5Hunt, Craig. TCP/IP Network
Administration. O'Reilly & Associates, Inc., 1992.
ISBN 0-937175-82-XNemeth, Evi. UNIX System Administration
Handbook. 2nd Ed. Prentice Hall, 1995. ISBN
0131510517Stern, Hal Managing NFS and NIS O'Reilly
& Associates, Inc., 1991. ISBN 0-937175-75-7Jpman Project, Japan
FreeBSD Users Group. FreeBSD System
Administrator's Manual (Japanese translation). Mainichi Communications
Inc., 1998. ISBN4-8399-0109-0 P3300E.Programmers' GuidesAsente, Paul. X Window System Toolkit.
Digital Press. ISBN 1-55558-051-3Computer Systems Research Group, UC Berkeley. 4.4BSD
Programmer's Reference Manual. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-078-3Computer Systems Research Group, UC Berkeley. 4.4BSD
Programmer's Supplementary Documents. O'Reilly &
Associates, Inc., 1994. ISBN 1-56592-079-1Harbison, Samuel P. and Steele, Guy L. Jr. C: A
Reference Manual. 4rd ed. Prentice Hall, 1995.
ISBN 0-13-326224-3Kernighan, Brian and Dennis M. Ritchie. The C
Programming Language.. PTR Prentice Hall, 1988.
ISBN 0-13-110362-9Lehey, Greg. Porting UNIX Software.
O'Reilly & Associates, Inc., 1995. ISBN 1-56592-126-7Plauger, P. J. The Standard C Library.
Prentice Hall, 1992. ISBN 0-13-131509-9Stevens, W. Richard. Advanced Programming in the UNIX
Environment. Reading, Mass. : Addison-Wesley, 1992
ISBN 0-201-56317-7Stevens, W. Richard. UNIX Network
Programming. 2nd Ed, PTR Prentice Hall, 1998. ISBN
0-13-490012-XWells, Bill. “Writing Serial Drivers for UNIX”.
Dr. Dobb's Journal. 19(15), December 1994.
pp68-71, 97-99.Operating System InternalsAndleigh, Prabhat K. UNIX System
Architecture. Prentice-Hall, Inc., 1990. ISBN
0-13-949843-5Jolitz, William. “Porting UNIX to the 386”.
Dr. Dobb's Journal. January 1991-July
1992.Leffler, Samuel J., Marshall Kirk McKusick, Michael J Karels and
John Quarterman The Design and Implementation of the
4.3BSD UNIX Operating System. Reading, Mass. :
Addison-Wesley, 1989. ISBN 0-201-06196-1Leffler, Samuel J., Marshall Kirk McKusick, The Design
and Implementation of the 4.3BSD UNIX Operating System: Answer
Book. Reading, Mass. : Addison-Wesley, 1991. ISBN
0-201-54629-9McKusick, Marshall Kirk, Keith Bostic, Michael J Karels, and
John Quarterman. The Design and Implementation of the
4.4BSD Operating System. Reading, Mass. :
Addison-Wesley, 1996. ISBN 0-201-54979-4Stevens, W. Richard. TCP/IP Illustrated, Volume 1:
The Protocols. Reading, Mass. : Addison-Wesley,
1996. ISBN 0-201-63346-9Schimmel, Curt. Unix Systems for Modern
Architectures. Reading, Mass. : Addison-Wesley, 1994.
ISBN 0-201-63338-8Stevens, W. Richard. TCP/IP Illustrated, Volume 3:
TCP for Transactions, HTTP, NNTP and the UNIX Domain
Protocols. Reading, Mass. : Addison-Wesley, 1996.
ISBN 0-201-63495-3Vahalia, Uresh. UNIX Internals -- The New
Frontiers. Prentice Hall, 1996. ISBN
0-13-101908-2Wright, Gary R. and W. Richard Stevens. TCP/IP
Illustrated, Volume 2: The Implementation. Reading,
Mass. : Addison-Wesley, 1995. ISBN 0-201-63354-XSecurity ReferenceCheswick, William R. and Steven M. Bellovin. Firewalls
and Internet Security: Repelling the Wily Hacker.
Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-63357-4Garfinkel, Simson and Gene Spafford. Practical UNIX
Security. 2nd Ed. O'Reilly & Associates, Inc.,
1996. ISBN 1-56592-148-8Garfinkel, Simson. PGP Pretty Good
Privacy O'Reilly & Associates, Inc., 1995. ISBN
1-56592-098-8Hardware ReferenceAnderson, Don and Tom Shanley. Pentium Processor
System Architecture. 2nd Ed. Reading, Mass. :
Addison-Wesley, 1995. ISBN 0-201-40992-5Ferraro, Richard F. Programmer's Guide to the EGA,
VGA, and Super VGA Cards. 3rd ed. Reading, Mass. :
Addison-Wesley, 1995. ISBN 0-201-62490-7Intel Corporation publishes documentation on their CPUs,
chipsets and standards on their developer web site,
usually as PDF files.Shanley, Tom. 80486 System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40994-1Shanley, Tom. ISA System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40996-8Shanley, Tom. PCI System Architecture.
3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
0-201-40993-3Van Gilluwe, Frank. The Undocumented PC.
Reading, Mass: Addison-Wesley Pub. Co., 1994. ISBN
0-201-62277-7UNIX HistoryLion, John Lion's Commentary on UNIX, 6th Ed. With
Source Code. ITP Media Group, 1996. ISBN
1573980137Raymond, Eric S. The New Hacker's Dictonary, 3rd
edition. MIT Press, 1996. ISBN
0-262-68092-0. Also known as the Jargon
FileSalus, Peter H. A quarter century of UNIX.
Addison-Wesley Publishing Company, Inc., 1994. ISBN
0-201-54777-5Simon Garfinkel, Daniel Weise, Steven Strassmann. The
UNIX-HATERS Handbook. IDG Books Worldwide, Inc.,
1994. ISBN 1-56884-203-1Don Libes, Sandy Ressler Life with UNIX
— special edition. Prentice-Hall, Inc., 1989. ISBN
0-13-536657-7The BSD family tree. 1997. ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree or local on a FreeBSD-current machine.
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree">ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-current/src/share/misc/bsd-family-tree or local on a FreeBSD-current machine.
The BSD Release Announcements collection.
1997. http://www.de.FreeBSD.ORG/de/ftp/releases/Networked Computer Science Technical Reports
Library. http://www.ncstrl.org/Old BSD releases from the Computer Systems Research
group (CSRG). http://www.mckusick.com/csrg/:
The 4CD set covers all BSD versions from 1BSD to 4.4BSD and
4.4BSD-Lite2 (but not 2.11BSD, unfortunately). As well, the last
disk holds the final sources plus the SCCS files.Magazines and JournalsThe C/C++ Users Journal. R&D
Publications Inc. ISSN 1075-2838Sys Admin — The Journal for UNIX System
Administrators Miller Freeman, Inc., ISSN
1061-2688
diff --git a/en_US.ISO_8859-1/books/handbook/cutting-edge/chapter.sgml b/en_US.ISO_8859-1/books/handbook/cutting-edge/chapter.sgml
index 0656e10e25..d8899c558b 100644
--- a/en_US.ISO_8859-1/books/handbook/cutting-edge/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/cutting-edge/chapter.sgml
@@ -1,2490 +1,2490 @@
The Cutting Edge: FreeBSD-current and FreeBSD-stableFreeBSD is under constant development between releases. For people
who want to be on the cutting edge, there are several easy mechanisms for
keeping your system in sync with the latest developments. Be warned: the
cutting edge is not for everyone! This chapter will help you decide if you
want to track the development system, or stick with one of the released
versions.Staying Current with FreeBSDContributed by &a.jkh;.What is FreeBSD-current?FreeBSD-current is, quite literally, nothing more than a daily
snapshot of the working sources for FreeBSD. These include work in
progress, experimental changes and transitional mechanisms that may or
may not be present in the next official release of the software.
While many of us compile almost daily from FreeBSD-current sources,
there are periods of time when the sources are literally
un-compilable. These problems are generally resolved as expeditiously
as possible, but whether or not FreeBSD-current sources bring disaster
or greatly desired functionality can literally be a matter of which
part of any given 24 hour period you grabbed them in!Who needs FreeBSD-current?FreeBSD-current is made generally available for 3 primary interest
groups:Members of the FreeBSD group who are actively working on some
part of the source tree and for whom keeping “current”
is an absolute requirement.Members of the FreeBSD group who are active testers, willing
to spend time working through problems in order to ensure that
FreeBSD-current remains as sane as possible. These are also people
who wish to make topical suggestions on changes and the general
direction of FreeBSD.Peripheral members of the FreeBSD (or some other) group who
merely wish to keep an eye on things and use the current sources
for reference purposes (e.g. for reading, not
running). These people also make the occasional comment or
contribute code.What is FreeBSD-current not?A fast-track to getting pre-release bits because you heard
there is some cool new feature in there and you want to be the
first on your block to have it.A quick way of getting bug fixes.In any way “officially supported” by us. We do
our best to help people genuinely in one of the 3
“legitimate” FreeBSD-current categories, but we simply
do not have the time to provide tech support
for it. This is not because we are mean and nasty people who do
not like helping people out (we would not even be doing FreeBSD if
we were), it is literally because we cannot answer 400 messages a
day and actually work on FreeBSD! I am sure
that, if given the choice between having us answer lots of
questions or continuing to improve FreeBSD, most of you would vote
for us improving it.Using FreeBSD-currentJoin the &a.current; and the &a.cvsall; . This is not just a
good idea, it is essential. If you are not
on the FreeBSD-current mailing list, you will
not see the comments that people are making about the current
state of the system and thus will probably end up stumbling over a
lot of problems that others have already found and solved. Even
more importantly, you will miss out on important bulletins which
may be critical to your system's continued health.The cvs-all mailing list will allow you to see
the commit log entry for each change as it is made along with any
pertinent information on possible side-effects.To join these lists, send mail to
&a.majordomo; and specify:
subscribe freebsd-current
subscribe cvs-all
in the body of your message. Optionally, you can also say
help and Majordomo will send you full help on
how to subscribe and unsubscribe to the various other mailing
lists we support.Grab the sources from ftp.FreeBSD.ORG. You can do this in three
ways:Use the CTM facility. Unless
you have a good TCP/IP connection at a flat rate, this is
the way to do it.Use the cvsup program with
this
supfile. This is the second most recommended
method, since it allows you to grab the entire collection
once and then only what has changed from then on. Many people
run cvsup from cron and keep their sources up-to-date
automatically. For a fairly easy interface to this, simply
type:
Use ftp. The source tree for
FreeBSD-current is always “exported” on: ftp://ftp.FreeBSD.ORG/pub/FreeBSD/FreeBSD-current.
We also use wu-ftpd which allows
compressed/tar'd grabbing of whole trees. e.g. you
see:usr.bin/lexYou can do:
ftp>cd usr.binftp>get lex.tar.Z
and it will get the whole directory for you as a compressed
tar file.Essentially, if you need rapid on-demand access to the source
and communications bandwidth is not a consideration, use
cvsup or ftp. Otherwise,
use CTM.If you are grabbing the sources to run, and not just look at,
then grab all of current, not just selected
portions. The reason for this is that various parts of the source
depend on updates elsewhere, and trying to compile just a subset
is almost guaranteed to get you into trouble.Before compiling current, read the Makefile in
/usr/src carefully. You should at least run
a make world the first time
through as part of the upgrading process. Reading the &a.current;
will keep you up-to-date on other bootstrapping procedures that
sometimes become necessary as we move towards the next
release.Be active! If you are running FreeBSD-current, we want to
know what you have to say about it, especially if you have
suggestions for enhancements or bug fixes. Suggestions with
accompanying code are received most enthusiastically!Staying Stable with FreeBSDContributed by &a.jkh;.What is FreeBSD-stable?FreeBSD-stable is our development branch for a more low-key and
conservative set of changes intended for our next mainstream release.
Changes of an experimental or untested nature do not go into this
branch (see FreeBSD-current).Who needs FreeBSD-stable?If you are a commercial user or someone who puts maximum stability
of their FreeBSD system before all other concerns, you should consider
tracking stable. This is especially true if you
have installed the most recent release (&rel.current;-RELEASE
at the time of this writing) since the stable
branch is effectively a bug-fix stream relative to the previous
release.The stable tree endeavors, above all, to be
fully compilable and stable at all times, but we do occasionally
make mistakes (these are still active sources with
quickly-transmitted updates, after all). We also do our best to
thoroughly test fixes in current before
bringing them into stable, but sometimes our
tests fail to catch every case. If something breaks for you in
stable, please let us know
immediately! (see next section).Using FreeBSD-stableJoin the &a.stable;. This will keep you informed of
build-dependencies that may appear in stable
or any other issues requiring special attention. Developers will
also make announcements in this mailing list when they are
contemplating some controversial fix or update, giving the users a
chance to respond if they have any issues to raise concerning the
proposed change.The cvs-all mailing list will allow you to see
the commit log entry for each change as it is made along with any
pertinent information on possible side-effects.To join these lists, send mail to &a.majordomo; and specify:
subscribe freebsd-stable
subscribe cvs-all
in the body of your message. Optionally, you can also say
help and Majordomo will send you full help on
how to subscribe and unsubscribe to the various other mailing
lists we support.If you are installing a new system and want it to be as stable
as possible, you can simply grab the latest dated branch snapshot
from ftp://releng3.FreeBSD.org/pub/FreeBSD/
and install it like any other release.If you are already running a previous release of 2.2 and wish
to upgrade via sources then you can easily do so from ftp.FreeBSD.ORG. This can be done in one
of three ways:Use the CTM facility. Unless
you have a good TCP/IP connection at a flat rate, this is
the way to do it.Use the cvsup program with
this
supfile. This is the second most recommended
method, since it allows you to grab the entire collection
once and then only what has changed from then on. Many people
run cvsup from cron to keep their sources up-to-date
automatically. For a fairly easy interface to this, simply
type;
The FreeBSD mirror
sites database is more accurate than the mirror listing in the
handbook, as it gets its information form the DNS rather than relying on
static lists of hosts.Additionally, FreeBSD is available via anonymous FTP from the
following mirror sites. If you choose to obtain FreeBSD via anonymous
FTP, please try to use a site near you.Argentina,
Australia,
Brazil,
Canada,
Czech Republic,
Denmark,
Estonia,
Finland,
France,
Germany,
Hong Kong,
Ireland,
Israel,
Japan,
Korea,
Netherlands,
New Zealand,
Poland,
Portugal,
Russia,
South Africa,
Spain,
Slovak Republic,
Slovenia,
Sweden,
Taiwan,
Thailand,
UK,
Ukraine,
USA.ArgentinaIn case of problems, please contact the hostmaster
hostmaster@ar.FreeBSD.ORG for this domain.ftp://ftp.ar.FreeBSD.ORG/pub/FreeBSDAustraliaIn case of problems, please contact the hostmaster
hostmaster@au.FreeBSD.ORG for this domain.ftp://ftp.au.FreeBSD.ORG/pub/FreeBSDftp://ftp2.au.FreeBSD.ORG/pub/FreeBSDftp://ftp3.au.FreeBSD.ORG/pub/FreeBSDftp://ftp4.au.FreeBSD.ORG/pub/FreeBSDBrazilIn case of problems, please contact the hostmaster
hostmaster@br.FreeBSD.ORG for this domain.ftp://ftp.br.FreeBSD.ORG/pub/FreeBSDftp://ftp2.br.FreeBSD.ORG/pub/FreeBSDftp://ftp3.br.FreeBSD.ORG/pub/FreeBSDftp://ftp4.br.FreeBSD.ORG/pub/FreeBSDftp://ftp5.br.FreeBSD.ORG/pub/FreeBSDftp://ftp6.br.FreeBSD.ORG/pub/FreeBSDftp://ftp7.br.FreeBSD.ORG/pub/FreeBSDCanadaIn case of problems, please contact the hostmaster
hostmaster@ca.FreeBSD.ORG for this domain.ftp://ftp.ca.FreeBSD.ORG/pub/FreeBSDCzech RepublicIn case of problems, please contact the hostmaster
hostmaster@cz.FreeBSD.ORG for this domain.ftp://ftp.cz.FreeBSD.ORG Contact: calda@dzungle.ms.mff.cuni.czftp://sunsite.mff.cuni.cz/OS/FreeBSD Contact: jj@sunsite.mff.cuni.cz.DenmarkIn case of problems, please contact the hostmaster
hostmaster@dk.FreeBSD.ORG for this domain.ftp://ftp.dk.freeBSD.ORG/pub/FreeBSDEstoniaIn case of problems, please contact the hostmaster
hostmaster@ee.FreeBSD.ORG for this domain.ftp://ftp.ee.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.ee.FreeBSD.org/pub/FreeBSD">ftp://ftp.ee.FreeBSD.org/pub/FreeBSD
FinlandIn case of problems, please contact the hostmaster
hostmaster@fi.FreeBSD.ORG for this domain.ftp://ftp.fi.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.fi.FreeBSD.org/pub/FreeBSD">ftp://ftp.fi.FreeBSD.org/pub/FreeBSD
FranceIn case of problems, please contact the hostmaster
hostmaster@fr.FreeBSD.ORG for this domain.ftp://ftp.fr.FreeBSD.ORG/pub/FreeBSDftp://ftp2.fr.FreeBSD.ORG/pub/FreeBSDftp://ftp3.fr.FreeBSD.ORG/pub/FreeBSDGermanyIn case of problems, please contact the hostmaster
hostmaster@de.FreeBSD.ORG for this domain.ftp://ftp.de.FreeBSD.ORG/pub/FreeBSDftp://ftp2.de.FreeBSD.ORG/pub/FreeBSDftp://ftp3.de.FreeBSD.ORG/pub/FreeBSDftp://ftp4.de.FreeBSD.ORG/pub/FreeBSDftp://ftp5.de.FreeBSD.ORG/pub/FreeBSDftp://ftp6.de.FreeBSD.ORG/pub/FreeBSDftp://ftp7.de.FreeBSD.ORG/pub/FreeBSDHong Kongftp://ftp.hk.super.net/pub/FreeBSD Contact: ftp-admin@HK.Super.NET.IrelandIn case of problems, please contact the hostmaster
hostmaster@ie.FreeBSD.ORG for this domain.ftp://ftp.ie.FreeBSD.ORG/pub/FreeBSDIsraelIn case of problems, please contact the hostmaster
hostmaster@il.FreeBSD.ORG for this domain.ftp://ftp.il.FreeBSD.ORG/pub/FreeBSDftp://ftp2.il.FreeBSD.ORG/pub/FreeBSDJapanIn case of problems, please contact the hostmaster
hostmaster@jp.FreeBSD.ORG for this domain.ftp://ftp.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp2.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp3.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp4.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp5.jp.FreeBSD.ORG/pub/FreeBSDftp://ftp6.jp.FreeBSD.ORG/pub/FreeBSDKoreaIn case of problems, please contact the hostmaster
hostmaster@kr.FreeBSD.ORG for this domain.ftp://ftp.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp2.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp3.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp4.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp5.kr.FreeBSD.ORG/pub/FreeBSDftp://ftp6.kr.FreeBSD.ORG/pub/FreeBSDNetherlandsIn case of problems, please contact the hostmaster
hostmaster@nl.FreeBSD.ORG for this domain.ftp://ftp.nl.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.nl.FreeBSD.org/pub/FreeBSD">ftp://ftp.nl.FreeBSD.org/pub/FreeBSD
New ZealandIn case of problems, please contact the hostmaster
hostmaster@nz.FreeBSD.ORG for this domain.ftp://ftp.nz.FreeBSD.ORG/pub/FreeBSDPolandIn case of problems, please contact the hostmaster
hostmaster@pl.FreeBSD.ORG for this domain.ftp://ftp.pl.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.pl.FreeBSD.org/pub/FreeBSD">ftp://ftp.pl.FreeBSD.org/pub/FreeBSD
PortugalIn case of problems, please contact the hostmaster
hostmaster@pt.FreeBSD.ORG for this domain.ftp://ftp.pt.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp.pt.FreeBSD.org/pub/FreeBSD">ftp://ftp.pt.FreeBSD.org/pub/FreeBSD
ftp://ftp2.pt.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp2.pt.FreeBSD.org/pub/FreeBSD">ftp://ftp2.pt.FreeBSD.org/pub/FreeBSD
RussiaIn case of problems, please contact the hostmaster
hostmaster@ru.FreeBSD.ORG for this domain.ftp://ftp.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp.ru.FreeBSD.org/pub/FreeBSD
ftp://ftp2.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD
ftp://ftp3.ru.freebsd.org/pub/FreeBSD
+ URL="ftp://ftp3.ru.FreeBSD.org/pub/FreeBSD">ftp://ftp3.ru.FreeBSD.org/pub/FreeBSD
- ftp://ftp4.ru.freebsd.org/pub/FreeBSD
+ ftp://ftp4.ru.FreeBSD.org/pub/FreeBSDSouth AfricaIn case of problems, please contact the hostmaster
hostmaster@za.FreeBSD.ORG for this domain.ftp://ftp.za.FreeBSD.ORG/pub/FreeBSDftp://ftp2.za.FreeBSD.ORG/pub/FreeBSDftp://ftp3.za.FreeBSD.ORG/pub/FreeBSDSlovak RepublicIn case of problems, please contact the hostmaster
hostmaster@sk.FreeBSD.ORG for this domain.
- ftp://ftp.sk.freebsd.ORG/pub/FreeBSD
+ ftp://ftp.sk.FreeBSD.org/pub/FreeBSDSloveniaIn case of problems, please contact the hostmaster
- hostmaster@si.FreeBSD.ORG for this domain.
+ hostmaster@si.FreeBSD.org for this domain.
ftp://ftp.si.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.si.FreeBSD.org/pub/FreeBSD">ftp://ftp.si.FreeBSD.org/pub/FreeBSD
SpainIn case of problems, please contact the hostmaster
hostmaster@es.FreeBSD.ORG for this domain.
- ftp://ftp.es.freebsd.ORG/pub/FreeBSD
+ ftp://ftp.es.FreeBSD.org/pub/FreeBSDSwedenIn case of problems, please contact the hostmaster
hostmaster@se.FreeBSD.ORG for this domain.ftp://ftp.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp.se.FreeBSD.org/pub/FreeBSD">ftp://ftp.se.FreeBSD.org/pub/FreeBSD
ftp://ftp2.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp2.se.FreeBSD.org/pub/FreeBSD">ftp://ftp2.se.FreeBSD.org/pub/FreeBSD
ftp://ftp3.se.freebsd.ORG/pub/FreeBSD
+ URL="ftp://ftp3.se.FreeBSD.org/pub/FreeBSD">ftp://ftp3.se.FreeBSD.org/pub/FreeBSD
TaiwanIn case of problems, please contact the hostmaster
hostmaster@tw.FreeBSD.ORG for this domain.ftp://ftp.tw.FreeBSD.ORG/pub/FreeBSDftp://ftp2.tw.FreeBSD.ORG/pub/FreeBSDftp://ftp3.tw.FreeBSD.ORG/pub/FreeBSDThailandftp://ftp.nectec.or.th/pub/FreeBSD Contact: ftpadmin@ftp.nectec.or.th.Ukraineftp://ftp.ua.FreeBSD.ORG/pub/FreeBSD Contact: freebsd-mnt@lucky.net.UKIn case of problems, please contact the hostmaster
hostmaster@uk.FreeBSD.ORG for this domain.ftp://ftp.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp2.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp3.uk.FreeBSD.ORG/pub/FreeBSDftp://ftp4.uk.FreeBSD.ORG/pub/FreeBSDUSAIn case of problems, please contact the hostmaster
hostmaster@FreeBSD.ORG for this domain.ftp://ftp.FreeBSD.ORG/pub/FreeBSDftp://ftp2.FreeBSD.ORG/pub/FreeBSDftp://ftp3.FreeBSD.ORG/pub/FreeBSDftp://ftp4.FreeBSD.ORG/pub/FreeBSDftp://ftp5.FreeBSD.ORG/pub/FreeBSDftp://ftp6.FreeBSD.ORG/pub/FreeBSDThe latest versions of export-restricted code for FreeBSD (2.0C or
later) (eBones and secure) are being made available at the following
locations. If you are outside the U.S. or Canada, please get secure
(DES) and eBones (Kerberos) from one of the following foreign
distribution sites:South AfricaHostmaster hostmaster@internat.FreeBSD.ORG for
this domain.ftp://ftp.internat.FreeBSD.ORG/pub/FreeBSDftp://ftp2.internat.FreeBSD.ORG/pub/FreeBSDBrazilHostmaster hostmaster@br.FreeBSD.ORG for this
domain.ftp://ftp.br.FreeBSD.ORG/pub/FreeBSDFinlandftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt Contact: count@nic.funet.fi.CTM SitesCTM/FreeBSD is available via anonymous
FTP from the following mirror sites. If you choose to obtain CTM via
anonymous FTP, please try to use a site near you.In case of problems, please contact &a.phk;.California, Bay Area, official sourceftp://ftp.freebsd.org/pub/FreeBSD/development/CTM
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/development/CTM">ftp://ftp.FreeBSD.org/pub/FreeBSD/development/CTM
Germany, Trierftp://ftp.uni-trier.de/pub/unix/systems/BSD/FreeBSD/CTMSouth Africa, backup server for old deltasftp://ftp.internat.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ftp.internat.FreeBSD.org/pub/FreeBSD/CTM">ftp://ftp.internat.FreeBSD.org/pub/FreeBSD/CTM
Taiwan/R.O.C, Chiayiftp://ctm.tw.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ctm.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm.tw.FreeBSD.org/pub/FreeBSD/CTM
ftp://ctm2.tw.freebsd.org/pub/FreeBSD/CTM
+ URL="ftp://ctm2.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm2.tw.FreeBSD.org/pub/FreeBSD/CTM
ftp://ctm3.tw.freebsd.org/pub/freebsd/CTM
+ URL="ftp://ctm3.tw.FreeBSD.org/pub/FreeBSD/CTM">ftp://ctm3.tw.FreeBSD.org/pub/freebsd/CTM
If you did not find a mirror near to you or the mirror is
incomplete, try FTP
search at http://ftpsearch.ntnu.no/ftpsearch.
FTP search is a great free archie server in Trondheim, Norway.CVSup SitesCVSup servers for FreeBSD are running
at the following sites:Argentinacvsup.ar.FreeBSD.ORG (maintainer
msagre@cactus.fi.uba.ar)Australiacvsup.au.FreeBSD.ORG (maintainer
dawes@physics.usyd.edu.au)Brazilcvsup.br.FreeBSD.ORG (maintainer
- cvsup@cvsup.br.freebsd.org)
+ cvsup@cvsup.br.FreeBSD.org)
Canadacvsup.ca.FreeBSD.ORG (maintainer
dm@glbalserve.net)Czech Republiccvsup.cz.FreeBSD.ORG (maintainer
cejkar@dcse.fee.vutbr.cz)Denmarkcvsup.dk.FreeBSD.ORG (maintainer
jesper@skriver.dk)Estoniacvsup.ee.FreeBSD.ORG (maintainer
taavi@uninet.ee)Finlandcvsup.fi.FreeBSD.ORG (maintainer
count@key.sms.fi)Germanycvsup.de.FreeBSD.ORG (maintainer
- wosch@freebsd.org)
+ wosch@FreeBSD.org)
cvsup2.de.FreeBSD.ORG (maintainer
- petzi@freebsd.org)
+ petzi@FreeBSD.org)
cvsup3.de.FreeBSD.ORG (maintainer
ag@leo.org)Icelandcvsup.is.FreeBSD.ORG (maintainer
adam@veda.is)Japancvsup.jp.FreeBSD.ORG (maintainer
simokawa@sat.t.u-tokyo.ac.jp)cvsup2.jp.FreeBSD.ORG (maintainer
max@FreeBSD.ORG)cvsup3.jp.FreeBSD.ORG (maintainer
shige@cin.nihon-u.ac.jp)cvsup4.jp.FreeBSD.ORG (maintainer
cvsup-admin@ftp.media.kyoto-u.ac.jp)cvsup5.jp.FreeBSD.ORG (maintainer
cvsup@imasy.or.jp)Netherlandscvsup.nl.FreeBSD.ORG (maintainer
xaa@xaa.iae.nl)Norwaycvsup.no.FreeBSD.ORG (maintainer
Tor.Egge@idt.ntnu.no)Polandcvsup.pl.FreeBSD.ORG (maintainer
Mariusz@kam.pl)Russiacvsup.ru.FreeBSD.ORG (maintainer
mishania@demos.su)cvsup2.ru.FreeBSD.ORG (maintainer
dv@dv.ru)Spain
- cvsup.es.freebsd.org (maintainer
- jesusr@freebsd.org)
+ cvsup.es.FreeBSD.org (maintainer
+ jesusr@FreeBSD.org)Swedencvsup.se.FreeBSD.ORG (maintainer
pantzer@ludd.luth.se)Slovak Republiccvsup.sk.FreeBSD.ORG (maintainer
tps@tps.sk)cvsup2.sk.FreeBSD.ORG (maintainer
tps@tps.sk)South Africacvsup.za.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)cvsup2.za.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)Taiwancvsup.tw.FreeBSD.ORG (maintainer
jdli@freebsd.csie.nctu.edu.tw)Ukrainecvsup2.ua.FreeBSD.ORG (maintainer
freebsd-mnt@lucky.net)United Kingdomcvsup.uk.FreeBSD.ORG (maintainer
joe@pavilion.net)cvsup2.uk.FreeBSD.ORG (maintainer
brian@FreeBSD.ORG)USAcvsup1.FreeBSD.ORG (maintainer
skynyrd@opus.cts.cwu.edu), Washington
statecvsup2.FreeBSD.ORG (maintainer
jdp@FreeBSD.ORG), Californiacvsup3.FreeBSD.ORG (maintainer
wollman@FreeBSD.ORG), Massachusettscvsup5.FreeBSD.ORG (maintainer
cvsup@adsu.bellsouth.com), GeorgiaThe export-restricted code for FreeBSD (eBones and secure) is
available via CVSup at the following
international repository. Please use this site to get the
export-restricted code, if you are outside the USA or Canada.South Africacvsup.internat.FreeBSD.ORG (maintainer
markm@FreeBSD.ORG)The following CVSup site is especially
designed for CTM users. Unlike the other
CVSup mirrors, it is kept up-to-date by CTM.
That means if you CVSupcvs-all with release=cvs from this
site, you get a version of the repository (including the inevitable
.ctm_status file) which is suitable for being
updated using the CTMcvs-cur deltas. This allows users who track the
entire cvs-all tree to go from
CVSup to CTM
without having to rebuild their repository from scratch using a fresh
CTM base delta.This special feature only works for the cvs-all
distribution with cvs as the release tag.
CVSupping any other distribution and/or release will get you the
specified distribution, but it will not be suitable for
CTM updating.Because the current version of CTM does
not preserve the timestamps of files, the timestamps at this mirror
site are not the same as those at other mirror sites. Switching
between this site and other sites is not recommended. It will work
correctly, but will be somewhat inefficient.Germanyctm.FreeBSD.ORG (maintainer
blank@fox.uni-trier.de)AFS SitesAFS servers for FreeBSD are running at the following sites;SwedenThe path to the files are:
/afs/stacken.kth.se/ftp/pub/FreeBSD
stacken.kth.se # Stacken Computer Club, KTH, Sweden
130.237.234.43 #hot.stacken.kth.se
130.237.237.230 #fishburger.stacken.kth.se
130.237.234.3 #milko.stacken.kth.seMaintainer ftp@stacken.kth.se
diff --git a/en_US.ISO_8859-1/books/handbook/pgpkeys/chapter.sgml b/en_US.ISO_8859-1/books/handbook/pgpkeys/chapter.sgml
index fc3190a506..984b27dd97 100644
--- a/en_US.ISO_8859-1/books/handbook/pgpkeys/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/pgpkeys/chapter.sgml
@@ -1,624 +1,624 @@
PGP keysIn case you need to verify a signature or send encrypted email to one
of the officers or core team members a number of keys are provided here
for your convenience.OfficersFreeBSD Security Officer
- security-officer@freebsd.org
+ security-officer@FreeBSD.org
FreeBSD Security Officer <security-officer@freebsd.org>
Fingerprint = 41 08 4E BB DB 41 60 71 F9 E5 0E 98 73 AF 3F 11
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCNAzF7MY4AAAEEAK7qBgPuBejER5HQbQlsOldk3ZVWXlRj54raz3IbuAUrDrQL
h3g57T9QY++f3Mot2LAf5lDJbsMfWrtwPrPwCCFRYQd6XH778a+l4ju5axyjrt/L
Ciw9RrOC+WaPv3lIdLuqYge2QRC1LvKACIPNbIcgbnLeRGLovFUuHi5z0oilAAUR
tDdGcmVlQlNEIFNlY3VyaXR5IE9mZmljZXIgPHNlY3VyaXR5LW9mZmljZXJAZnJl
ZWJzZC5vcmc+iQCVAwUQMX6yrOJgpPLZnQjrAQHyowQA1Nv2AY8vJIrdp2ttV6RU
tZBYnI7gTO3sFC2bhIHsCvfVU3JphfqWQ7AnTXcD2yPjGcchUfc/EcL1tSlqW4y7
PMP4GHZp9vHog1NAsgLC9Y1P/1cOeuhZ0pDpZZ5zxTo6TQcCBjQA6KhiBFP4TJql
3olFfPBh3B/Tu3dqmEbSWpuJAJUDBRAxez3C9RVb+45ULV0BAak8A/9JIG/jRJaz
QbKom6wMw852C/Z0qBLJy7KdN30099zMjQYeC9PnlkZ0USjQ4TSpC8UerYv6IfhV
nNY6gyF2Hx4CbEFlopnfA1c4yxtXKti1kSN6wBy/ki3SmqtfDhPQ4Q31p63cSe5A
3aoHcjvWuqPLpW4ba2uHVKGP3g7SSt6AOYkAlQMFEDF8mz0ff6kIA1j8vQEBmZcD
/REaUPDRx6qr1XRQlMs6pfgNKEwnKmcUzQLCvKBnYYGmD5ydPLxCPSFnPcPthaUb
5zVgMTjfjS2fkEiRrua4duGRgqN4xY7VRAsIQeMSITBOZeBZZf2oa9Ntidr5PumS
9uQ9bvdfWMpsemk2MaRG9BSoy5Wvy8VxROYYUwpT8Cf2iQCVAwUQMXsyqWtaZ42B
sqd5AQHKjAQAvolI30Nyu3IyTfNeCb/DvOe9tlOn/o+VUDNJiE/PuBe1s2Y94a/P
BfcohpKC2kza3NiW6lLTp00OWQsuu0QAPc02vYOyseZWy4y3Phnw60pWzLcFdemT
0GiYS5Xm1o9nAhPFciybn9j1q8UadIlIq0wbqWgdInBT8YI/l4f5sf6JAJUDBRAx
ezKXVS4eLnPSiKUBAc5OBACIXTlKqQC3B53qt7bNMV46m81fuw1PhKaJEI033mCD
ovzyEFFQeOyRXeu25Jg9Bq0Sn37ynISucHSmt2tUD5W0+p1MUGyTqnfqejMUWBzO
v4Xhp6a8RtDdUMBOTtro16iulGiRrCKxzVgEl4i+9Z0ZiE6BWlg5AetoF5n3mGk1
lw==
=ipyA
-----END PGP PUBLIC KEY BLOCK-----&a.imp;
Warner Losh <imp@village.org>
aka <imp@freebsd.org>
Fingerprint = D4 31 FD B9 F7 90 17 E8 37 C5 E7 7F CF A6 C1 B9
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzDzTiAAAAEEAK8D7KWEbVFUrmlqhUEnAvphNIqHEbqqT8s+c5f5c2uHtlcH
V4mV2TlUaDSVBN4+/D70oHmZc4IgiQwMPCWRrSezg9z/MaKlWhaslc8YT6Xc1q+o
EP/fAdKUrq49H0QQbkQk6Ks5wKW6v9AOvdmsS6ZJEcet6d9G4dxynu/2qPVhAAUR
tCBNLiBXYXJuZXIgTG9zaCA8aW1wQHZpbGxhZ2Uub3JnPokAlQMFEDM/SK1VLh4u
c9KIpQEBFPsD/1n0YuuUPvD4CismZ9bx9M84y5sxLolgFEfP9Ux196ZSeaPpkA0g
C9YX/IyIy5VHh3372SDWN5iVSDYPwtCmZziwIV2YxzPtZw0nUu82P/Fn8ynlCSWB
5povLZmgrWijTJdnUWI0ApVBUTQoiW5MyrNN51H3HLWXGoXMgQFZXKWYiQCVAwUQ
MzmhkfUVW/uOVC1dAQG3+AP/T1HL/5EYF0ij0yQmNTzt1cLt0b1e3N3zN/wPFFWs
BfrQ+nsv1zw7cEgxLtktk73wBGM9jUIdJu8phgLtl5a0m9UjBq5oxrJaNJr6UTxN
a+sFkapTLT1g84UFUO/+8qRB12v+hZr2WeXMYjHAFUT18mp3xwjW9DUV+2fW1Wag
YDKJAJUDBRAzOYK1s1pi61mfMj0BARBbA/930CHswOF0HIr+4YYUs1ejDnZ2J3zn
icTZhl9uAfEQq++Xor1x476j67Z9fESxyHltUxCmwxsJ1uOJRwzjyEoMlyFrIN4C
dE0C8g8BF+sRTt7VLURLERvlBvFrVZueXSnXvmMoWFnqpSpt3EmN6TNaLe8Cm87a
k6EvQy0dpnkPKokAlQMFEDD9Lorccp7v9qj1YQEBrRUD/3N4cCMWjzsIFp2Vh9y+
RzUrblyF84tJyA7Rr1p+A7dxf7je3Zx5QMEXosWL1WGnS5vC9YH2WZwv6sCU61gU
rSy9z8KHlBEHh+Z6fdRMrjd9byPf+n3cktT0NhS23oXB1ZhNZcB2KKhVPlNctMqO
3gTYx+Nlo6xqjR+J2NnBYU8p
=7fQV
-----END PGP PUBLIC KEY BLOCK-----Core Team members&a.asami;
Satoshi Asami <asami@cs.berkeley.edu>
aka <asami@FreeBSD.ORG>
Fingerprint = EB 3C 68 9E FB 6C EB 3F DB 2E 0F 10 8F CE 79 CA
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzPVyoQAAAEEAL7W+kipxB171Z4SVyyL9skaA7hG3eRsSOWk7lfvfUBLtPog
f3OKwrApoc/jwLf4+Qpdzv5DLEt/6Hd/clskhJ+q1gMNHyZ5ABmUxrTRRNvJMTrb
3fPU3oZj7sL/MyiFaT1zF8EaMP/iS2ZtcFsbYOqGeA8E/58uk4NA0SoeCNiJAAUR
tCVTYXRvc2hpIEFzYW1pIDxhc2FtaUBjcy5iZXJrZWxleS5lZHU+iQCVAwUQM/AT
+EqGN2HYnOMZAQF11QP/eSXb2FuTb1yX5yoo1Im8YnIk1SEgCGbyEbOMMBznVNDy
5g2TAD0ofLxPxy5Vodjg8rf+lfMVtO5amUH6aNcORXRncE83T10JmeM6JEp0T6jw
zOHKz8jRzygYLBayGsNIJ4BGxa4LeaGxJpO1ZEvRlNkPH/YEXK5oQmq9/DlrtYOJ
AEUDBRAz42JT8ng6GBbVvu0BAU8nAYCsJ8PiJpRUGlrz6rxjX8hqM1v3vqFHLcG+
G52nVMBSy+RZBgzsYIPwI5EZtWAKb22JAJUDBRAz4QBWdbtuOHaj97EBAaQPA/46
+NLUp+Wubl90JoonoXocwAg88tvAUVSzsxPXj0lvypAiSI2AJKsmn+5PuQ+/IoQy
lywRsxiQ5GD7C72SZ1yw2WI9DWFeAi+qa4b8n9fcLYrnHpyCY+zxEpu4pam8FJ7H
JocEUZz5HRoKKOLHErzXDiuTkkm72b1glmCqAQvnB4kAlQMFEDPZ3gyDQNEqHgjY
iQEBFfUEALu2C0uo+1Z7C5+xshWRYY5xNCzK20O6bANVJ+CO2fih96KhwsMof3lw
fDso5HJSwgFd8WT/sR+Wwzz6BAE5UtgsQq5GcsdYQuGI1yIlCYUpDp5sgswNm+OA
bX5a+r4F/ZJqrqT1J56Mer0VVsNfe5nIRsjd/rnFAFVfjcQtaQmjiQCVAwUQM9uV
mcdm8Q+/vPRJAQELHgP9GqNiMpLQlZig17fDnCJ73P0e5t/hRLFehZDlmEI2TK7j
Yeqbw078nZgyyuljZ7YsbstRIsWVCxobX5eH1kX+hIxuUqCAkCsWUY4abG89kHJr
XGQn6X1CX7xbZ+b6b9jLK+bJKFcLSfyqR3M2eCyscSiZYkWKQ5l3FYvbUzkeb6K0
IVNhdG9zaGkgQXNhbWkgPGFzYW1pQEZyZWVCU0QuT1JHPg==
=39SC
-----END PGP PUBLIC KEY BLOCK-----&a.jmb;
Jonathan M. Bresler <jmb@FreeBSD.org>
f16 Fingerprint16 = 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAzG2GToAAAEEANI6+4SJAAgBpl53XcfEr1M9wZyBqC0tzpie7Zm4vhv3hO8s
o5BizSbcJheQimQiZAY4OnlrCpPxijMFSaihshs/VMAz1qbisUYAMqwGEO/T4QIB
nWNo0Q/qOniLMxUrxS1RpeW5vbghErHBKUX9GVhxbiVfbwc4wAHbXdKX5jjdAAUR
tCVKb25hdGhhbiBNLiBCcmVzbGVyIDxqbWJARnJlZUJTRC5PUkc+iQCVAwUQNbtI
gAHbXdKX5jjdAQHamQP+OQr10QRknamIPmuHmFYJZ0jU9XPIvTTMuOiUYLcXlTdn
GyTUuzhbEywgtOldW2V5iA8platXThtqC68NsnN/xQfHA5xmFXVbayNKn8H5stDY
2s/4+CZ06mmJfqYmONF1RCbUk/M84rVT3Gn2tydsxFh4Pm32lf4WREZWRiLqmw+J
AJUDBRA0DfF99RVb+45ULV0BAcZ0BACCydiSUG1VR0a5DBcHdtin2iZMPsJUPRqJ
tWvP6VeI8OFpNWQ4LW6ETAvn35HxV2kCcQMyht1kMD+KEJz7r8Vb94TS7KtZnNvk
2D1XUx8Locj6xel5c/Lnzlnnp7Bp1XbJj2u/NzCaZQ0eYBdP/k7RLYBYHQQln5x7
BOuiRJNVU4kAlQMFEDQLcShVLh4uc9KIpQEBJv4D/3mDrD0MM9EYOVuyXik3UGVI
8quYNA9ErVcLdt10NjYc16VI2HOnYVgPRag3Wt7W8wlXShpokfC/vCNt7f5JgRf8
h2a1/MjQxtlD+4/Js8k7GLa53oLon6YQYk32IEKexoLPwIRO4L2BHWa3GzHJJSP2
aTR/Ep90/pLdAOu/oJDUiQCVAwUQMqyL0LNaYutZnzI9AQF25QP9GFXhBrz2tiWz
2+0gWbpcGNnyZbfsVjF6ojGDdmsjJMyWCGw49XR/vPKYIJY9EYo4t49GIajRkISQ
NNiIz22fBAjT2uY9YlvnTJ9NJleMfHr4dybo7oEKYMWWijQzGjqf2m8wf9OaaofE
KwBX6nxcRbKsxm/BVLKczGYl3XtjkcuJAJUDBRA1ol5TZWCprDT5+dUBATzXA/9h
/ZUuhoRKTWViaistGJfWi26FB/Km5nDQBr/Erw3XksQCMwTLyEugg6dahQ1u9Y5E
5tKPxbB69eF+7JXVHE/z3zizR6VL3sdRx74TPacPsdhZRjChEQc0htLLYAPkJrFP
VAzAlSlm7qd+MXf8fJovQs6xPtZJXukQukPNlhqZ94kAPwMFEDSH/kF4tXKgazlt
bxECfk4AoO+VaFVfguUkWX10pPSSfvPyPKqiAJ4xn8RSIe1ttmnqkkDMhLh00mKj
lLQuSm9uYXRoYW4gTS4gQnJlc2xlciA8Sm9uYXRoYW4uQnJlc2xlckBVU2kubmV0
PokAlQMFEDXbdSkB213Sl+Y43QEBV/4D/RLJNTrtAqJ1ATxXWv9g8Cr3/YF0GTmx
5dIrJOpBup7eSSmiM/BL9Is4YMsoVbXCI/8TqA67TMICvq35PZU4wboQB8DqBAr+
gQ8578M7Ekw1OAF6JXY6AF2P8k7hMcVBcVOACELPT/NyPNByG5QRDoNmlsokJaWU
/2ls4QSBZZlb
=zbCw
-----END PGP PUBLIC KEY BLOCK-----&a.ache;
Andrey A. Chernov <ache@FreeBSD.org>
aka <ache@nagual.pp.ru>
Key fingerprint = 33 03 9F 48 33 7B 4A 15 63 48 88 0A C4 97 FD 49
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAiqUMGQAAAEEAPGhcD6A2Buey5LYz0sphDLpVgOZc/bb9UHAbaGKUAGXmafs
Dcb2HnsuYGgX/zrQXuCi/wIGtXcZWB97APtKOhFsZnPinDR5n/dde/mw9FnuhwqD
m+rKSL1HlN0z/Msa5y7g16760wHhSR6NoBSEG5wQAHIMMq7Q0uJgpPLZnQjrAAUT
tCVBbmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucHAucnU+iQCVAwUQM2Ez
u+JgpPLZnQjrAQEyugP8DPnS8ixJ5OeuYgPFQf5sy6l+LrB6hyaS+lgsUPahWjNY
cnaDmfda/q/BV5d4+y5rlQe/pjnYG7/yQuAR3jhlXz8XDrqlBOnW9AtYjDt5rMfJ
aGFTGXAPGZ6k6zQZE0/YurT8ia3qjvuZm3Fw4NJrHRx7ETHRvVJDvxA6Ggsvmr20
JEFuZHJleSBBLiBDaGVybm92IDxhY2hlQEZyZWVCU0Qub3JnPokAlQMFEDR5uVbi
YKTy2Z0I6wEBLgED/2mn+hw4/3peLx0Sb9LNx//NfCCkVefSf2G9Qwhx6dvwbX7h
mFca97h7BQN4GubU1Z5Ffs6TeamSBrotBYGmOCwvJ6S9WigF9YHQIQ3B4LEjskAt
pcjU583y42zM11kkvEuQU2Gde61daIylJyOxsgpjSWpkxq50fgY2kLMfgl/ftCZB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuaWV0enNjaGUubmV0PokAlQMFEDR5svDi
YKTy2Z0I6wEBOTQD/0OTCAXIjuak363mjERvzSkVsNtIH9hA1l0w6Z95+iH0fHrW
xXKT0vBZE0y0Em+S3cotLL0bMmVE3F3D3GyxhBVmgzjyx0NYNoiQjYdi+6g/PV30
Cn4vOO6hBBpSyI6vY6qGNqcsawuRtHNvK/53MpOfKwSlICEBYQimcZhkci+EtCJB
bmRyZXkgQS4gQ2hlcm5vdiA8YWNoZUBuYWd1YWwucnU+iQCVAwUQMcm5HeJgpPLZ
nQjrAQHwvQP9GdmAf1gdcuayHEgNkc11macPH11cwWjYjzA2YoecFMGV7iqKK8QY
rr1MjbGXf8DAG8Ubfm0QbI8Lj8iG3NgqIru0c72UuHGSn/APfGGG0AtPX5UK/k7B
gI0Ca2po6NA5nrSp8tDsdEz/4gyea84RXl2prtTf5Jj07hflbRstGXK0MkFuZHJl
eSBBLiBDaGVybm92LCBCbGFjayBNYWdlIDxhY2hlQGFzdHJhbC5tc2suc3U+iQCV
AwUQMCsAo5/rGryoL8h3AQHq1QQAidyNFqA9hvrmMcjpY7csJVFlGvj574Wj4GPa
o3pZeuQaMBmsWqaXLYnWU/Aldb6kTz6+nRcQX50zFH0THSPfApwEW7yybSTI5apJ
mWT3qhKN2vmLNg2yNzhqLTzHLD1lH3i1pfQq8WevrNfjLUco5S/VuekTma/osnzC
Cw7fQzCJAJUDBRAwKvwoa1pnjYGyp3kBARihBACoXr3qfG65hFCyKJISmjOvaoGr
anxUIkeDS0yQdTHzhQ+dwB1OhhK15E0Nwr0MKajLMm90n6+Zdb5y/FIjpPriu8dI
rlHrWZlewa88eEDM+Q/NxT1iYg+HaKDAE171jmLpSpCL0MiJtO0i36L3ekVD7Hv8
vffOZHPSHirIzJOZTYkAlQMFEDAau6zFLUdtDb+QbQEBQX8D/AxwkYeFaYxZYMFO
DHIvSk23hAsjCmUA2Uil1FeWAusb+o8xRfPDc7TnosrIifJqbF5+fcHCG5VSTGlh
Bhd18YWUeabf/h9O2BsQX55yWRuB2x3diJ1xI/VVdG+rxlMCmE4ZR1Tl9x+Mtun9
KqKVpB39VlkCBYQ3hlgNt/TJUY4riQCVAwUQMBHMmyJRltlmbQBRAQFQkwP/YC3a
hs3ZMMoriOlt3ZxGNUUPTF7rIER3j+c7mqGG46dEnDB5sUrkzacpoLX5sj1tGR3b
vz9a4vmk1Av3KFNNvrZZ3/BZFGpq3mCTiAC9zsyNYQ8L0AfGIUO5goCIjqwOTNQI
AOpNsJ5S+nMAkQB4YmmNlI6GTb3D18zfhPZ6uciJAJUCBRAwD0sl4uW74fteFRkB
AWsAA/9NYqBRBKbmltQDpyK4+jBAYjkXBJmARFXKJYTlnTgOHMpZqoVyW96xnaa5
MzxEiu7ZWm5oL10QDIp1krkBP2KcmvfSMMHb5aGCCQc2/P8NlfXAuHtNGzYiI0UA
Iwi8ih/S1liVfvnqF9uV3d3koE7VsQ9OA4Qo0ZL2ggW+/gEaYIkAlQMFEDAOz6qx
/IyHe3rl4QEBIvYD/jIr8Xqo/2I5gncghSeFR01n0vELFIvaF4cHofGzyzBpYsfA
+6pgFI1IM+LUF3kbUkAY/2uSf9U5ECcaMCTWCwVgJVO+oG075SHEM4buhrzutZiM
1dTyTaepaPpTyRMUUx9ZMMYJs7sbqLId1eDwrJxUPhrBNvf/w2W2sYHSY8cdiQCV
AwUQMAzqgHcdkq6JcsfBAQGTxwQAtgeLFi2rhSOdllpDXUwz+SS6bEjFTWgRsWFM
y9QnOcqryw7LyuFmWein4jasjY033JsODfWQPiPVNA3UEnXVg9+n8AvNMPO8JkRv
Cn1eNg0VaJy9J368uArio93agd2Yf/R5r+QEuPjIssVk8hdcy/luEhSiXWf6bLMV
HEA0J+OJAJUDBRAwDUi+4mCk8tmdCOsBAatBBACHB+qtW880seRCDZLjl/bT1b14
5po60U7u6a3PEBkY0NA72tWDQuRPF/Cn/0+VdFNxQUsgkrbwaJWOoi0KQsvlOm3R
rsxKbn9uvEKLxExyKH3pxp76kvz/lEWwEeKvBK+84Pb1lzpG3W7u2XDfi3VQPTi3
5SZMAHc6C0Ct/mjNlYkAlQMFEDAMrPD7wj+NsTMUOQEBJckD/ik4WsZzm2qOx9Fw
erGq7Zwchc+Jq1YeN5PxpzqSf4AG7+7dFIn+oe6X2FcIzgbYY+IfmgJIHEVjDHH5
+uAXyb6l4iKc89eQawO3t88pfHLJWbTzmnvgz2cMrxt94HRvgkHfvcpGEgbyldq6
EB33OunazFcfZFRIcXk1sfyLDvYE
=1ahV
-----END PGP PUBLIC KEY BLOCK-----&a.jkh;
Jordan K. Hubbard <jkh@FreeBSD.org>
Fingerprint = 3C F2 27 7E 4A 6C 09 0A 4B C9 47 CD 4F 4D 0B 20
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzFjX0IAAAEEAML+nm9/kDNPp43ZUZGjYkm2QLtoC1Wxr8JulZXqk7qmhYcQ
jvX+fyoriJ6/7ZlnLe2oG5j9tZOnRLPvMaz0g9CpW6Dz3nkXrNPkmOFV9B8D94Mk
tyFeRJFqnkCuqBj6D+H8FtBwEeeTecSh2tJ0bZZTXnAMhxeOdvUVW/uOVC1dAAUR
tCNKb3JkYW4gSy4gSHViYmFyZCA8amtoQEZyZWVCU0Qub3JnPokBFQMFEDXCTXQM
j46yp4IfPQEBwO8IAIN0J09AXBf86dFUTFGcAMrEQqOF5IL+KGorAjzuYxERhKfD
ZV7jA+sCQqxkWfcVcE20kVyVYqzZIkio9a5zXP6TwA247JkPt54S1PmMDYHNlRIY
laXlNoji+4q3HP2DfHqXRT2859rYpm/fG/v6pWkos5voPKcZ2OFEp9W+Ap88oqw+
5rx4VetZNJq1Epmis4INj6XqNqj85+MOOIYE+f445ohDM6B/Mxazd6cHFGGIR+az
VjZ6lCDMLjzhB5+FqfrDLYuMjqkMTR5z9DL+psUvPlCkYbQ11NEWtEmiIWjUcNJN
GCxGzv5bXk0XPu3ADwbPkFE2usW1cSM7AQFiwuyJAJUDBRAxe+Q9a1pnjYGyp3kB
AV7XA/oCSL/Cc2USpQ2ckwkGpyvIkYBPszIcabSNJAzm2hsU9Qa6WOPxD8olDddB
uJNiW/gznPC4NsQ0N8Zr4IqRX/TTDVf04WhLmd8AN9SOrVv2q0BKgU6fLuk979tJ
utrewH6PR2qBOjAaR0FJNk4pcYAHeT+e7KaKy96YFvWKIyDvc4kAlQMFEDF8ldof
f6kIA1j8vQEBDH4D/0Zm0oNlpXrAE1EOFrmp43HURHbij8n0Gra1w9sbfo4PV+/H
U8ojTdWLy6r0+prH7NODCkgtIQNpqLuqM8PF2pPtUJj9HwTmSqfaT/LMztfPA6PQ
csyT7xxdXl0+4xTDl1avGSJfYsI8XCAy85cTs+PQwuyzugE/iykJO1Bnj/paiQCV
AwUQMXvlBvUVW/uOVC1dAQF2fQP/RfYC6RrpFTZHjo2qsUHSRk0vmsYfwG5NHP5y
oQBMsaQJeSckN4n2JOgR4T75U4vS62aFxgPLJP3lOHkU2Vc7xhAuBvsbGr5RP8c5
LvPOeUEyz6ZArp1KUHrtcM2iK1FBOmY4dOYphWyWMkDgYExabqlrAq7FKZftpq/C
BiMRuaw=
=C/Jw
-----END PGP PUBLIC KEY BLOCK-----&a.phk;
Poul-Henning Kamp <phk@FreeBSD.org>
Fingerprint = A3 F3 88 28 2F 9B 99 A2 49 F4 E2 FA 5A 78 8B 3E
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzAdpMIAAAEEALHDgrFUwhZtb7PbXg3upELoDVEUPFRwnmpJH1rRqyROUGcI
ooVe7u+FQlIs5OsXK8ECs/5Wpe2UrZSzHvjwBYOND5H42YtI5UULZLRCo5bFfTVA
K9Rpo5icfTsYihrzU2nmnycwFMk+jYXyT/ZDYWDP/BM9iLjj0x9/qQgDWPy9AAUR
tCNQb3VsLUhlbm5pbmcgS2FtcCA8cGhrQEZyZWVCU0Qub3JnPokAlQMFEDQQ0aZ1
u244dqP3sQEBu4ID/jXFFeJgs2MdTDNOZM/FbfDhI4qxAbYUsqS3+Ra16yd8Wd/A
jV+IHJE2NomFWl8UrUjCGinXiwzPgK1OfFJrS9Og1wQLvAl0X84BA8MTP9BQr4w7
6I/RbksgUSrVCIO8MJwlydjSPocWGBeXlVjbZxXzyuJk7H+TG+zuI5BuBcNIiQCV
AwUQMwYr2rNaYutZnzI9AQHiIQP/XxtBWFXaBRgVLEhRNpS07YdU+LsZGlLOZehN
9L4UnJFHQQPNOpMey2gF7Y95aBOw5/1xS5vlQpwmRFCntWsm/gqdzK6rulfr1r5A
y94LO5TAC6ucNu396Y4vo1TyD1STnRC466KlvmtQtAtFGgXlORWLL9URLzcRFd1h
D0yXd9aJAJUDBRAxfo19a1pnjYGyp3kBAQqyA/4v64vP3l1F0Sadn6ias761hkz/
SMdTuLzILmofSCC4o4KWMjiWJHs2Soo41QlZi1+xMHzV32JKiwFlGtPHqL+EHyXy
Q4H3vmf9/1KF+0XCaMtgI0wWUMziPSTJK8xXbRRmMDK/0F4TnVVaUhnmf+h5K7O6
XdmejDTa0X/NWcicmIkAlQMFEDF8lef1FVv7jlQtXQEBcnwD/0ro1PpUtlkLmreD
tsGTkNa7MFLegrYRvDDrHOwPZH152W2jPUncY+eArQJakeHiTDmJNpFagLZglhE0
bqJyca+UwCXX+6upAclWHEBMg2byiWMMqyPVEEnpUoHM1sIkgdNWlfQAmipRBfYh
2LyCgWvR8CbtwPYIFvUmGgB3MR87iQCVAwUQMUseXB9/qQgDWPy9AQGPkwP/WEDy
El2Gkvua9COtMAifot2vTwuvWWpNopIEx0Ivey4aVbRLD90gGCJw8OGDEtqFPcNV
8aIiy3fYVKXGZZjvCKd7zRfhNmQn0eLDcymq2OX3aPrMc2rRlkT4Jx425ukR1gsO
qiQAgw91aWhY8dlw/EKzk8ojm52x4VgXaBACMjaJAJUDBRAxOUOg72G56RHVjtUB
AbL4A/9HOn5Qa0lq9tKI/HkSdc5fGQD/66VdCBAb292RbB7CS/EM07MdbcqRRYIa
0+0gwQ3OdsWPdCVgH5RIhp/WiC+UPkR1cY8N9Mg2kTwJfZZfNqN+BgWlgRMPN27C
OhYNl8Q33Nl9CpBLrZWABF44jPeT0EvvTzP/5ZQ7T75EsYKYiYkAlQMFEDDmryQA
8tkJ67sbQQEBPdsEALCj6v1OBuJLLJTlxmmrkqAZPVzt5QdeO3Eqa2tcPWcU0nqP
vHYMzZcZ7oFg58NZsWrhSQQDIB5e+K65Q/h6dC7W/aDskZd64jxtEznX2kt0/MOr
8OdsDis1K2f9KQftrAx81KmVwW4Tqtzl7NWTDXt44fMOtibCwVq8v2DFkTJy
=JKbP
-----END PGP PUBLIC KEY BLOCK-----&a.rich;
Rich Murphey <rich@FreeBSD.org>
fingerprint = AF A0 60 C4 84 D6 0C 73 D1 EF C0 E9 9D 21 DB E4
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy97V+MAAAEEALiNM3FCwm3qrCe81E20UOSlNclOWfZHNAyOyj1ahHeINvo1
FBF2Gd5Lbj0y8SLMno5yJ6P4F4r+x3jwHZrzAIwMs/lxDXRtB0VeVWnlj6a3Rezs
wbfaTeSVyh5JohEcKdoYiMG5wjATOwK/NAwIPthB1RzRjnEeer3HI3ZYNEOpAAUR
tCRSaWNoIE11cnBoZXkgPHJpY2hAbGFtcHJleS51dG1iLmVkdT6JAJUDBRAve15W
vccjdlg0Q6kBAZTZBACcNd/LiVnMFURPrO4pVRn1sVQeokVX7izeWQ7siE31Iy7g
Sb97WRLEYDi686osaGfsuKNA87Rm+q5F+jxeUV4w4szoqp60gGvCbD0KCB2hWraP
/2s2qdVAxhfcoTin/Qp1ZWvXxFF7imGA/IjYIfB42VkaRYu6BwLEm3YAGfGcSw==
=QoiM
-----END PGP PUBLIC KEY BLOCK-----&a.jdp;
John D. Polstra <jdp@polstra.com>
Fingerprint = 54 3A 90 59 6B A4 9D 61 BF 1D 03 09 35 8D F6 0D
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzMElMEAAAEEALizp6ZW9QifQgWoFmG3cXhzQ1+Gt+a4S1adC/TdHdBvw1M/
I6Ok7TC0dKF8blW3VRgeHo4F3XhGn+n9MqIdboh4HJC5Iiy63m98sVLJSwyGO4oM
dkEGyyCLxqP6h/DU/tzNBdqFzetGtYvU4ftt3RO0a506cr2CHcdm8Q+/vPRJAAUR
tCFKb2huIEQuIFBvbHN0cmEgPGpkcEBwb2xzdHJhLmNvbT6JAJUDBRAzBNBE9RVb
+45ULV0BAWgiA/0WWO3+c3qlptPCHJ3DFm6gG/qNKsY94agL/mHOr0fxMP5l2qKX
O6a1bWkvGoYq0EwoKGFfn0QeHiCl6jVi3CdBX+W7bObMcoi+foqZ6zluOWBC1Jdk
WQ5/DeqQGYXqbYjqO8voCScTAPge3XlMwVpMZTv24u+nYxtLkE0ZcwtY9IkAlQMF
EDMEt/DHZvEPv7z0SQEBXh8D/2egM5ckIRpGz9kcFTDClgdWWtlgwC1iI2p9gEhq
aufy+FUJlZS4GSQLWB0BlrTmDC9HuyQ+KZqKFRbVZLyzkH7WFs4zDmwQryLV5wkN
C4BRRBXZfWy8s4+zT2WQD1aPO+ZsgRauYLkJgTvXTPU2JCN62Nsd8R7bJS5tuHEm
7HGmiQCVAwUQMwSvHB9/qQgDWPy9AQFAhAQAgJ1AlbKITrEoJ0+pLIsov3eQ348m
SVHEBGIkU3Xznjr8NzT9aYtq4TIzt8jplqP3QoV1ka1yYpZf0NjvfZ+ffYp/sIaU
wPbEpgtmHnVWJAebMbNs/Ad1w8GDvxEt9IaCbMJGZnHmfnEqOBIxF7VBDPHHoJxM
V31K/PIoYsHAy5w=
=cHFa
-----END PGP PUBLIC KEY BLOCK-----&a.guido;
Guido van Rooij <guido@gvr.win.tue.nl>
Fingerprint = 16 79 09 F3 C0 E4 28 A7 32 62 FA F6 60 31 C0 ED
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzGeO84AAAEEAKKAY91Na//DXwlUusr9GVESSlVwVP6DyH1wcZXhfN1fyZHq
SwhMCEdHYoojQds+VqD1iiZQvv1RLByBgj622PDAPN4+Z49HjGs7YbZsUNuQqPPU
wRPpP6ty69x1hPKq1sQIB5MS4radpCM+4wbZbhxv7l4rP3RWUbNaYutZnzI9AAUR
tCZHdWlkbyB2YW4gUm9vaWogPGd1aWRvQGd2ci53aW4udHVlLm5sPokAlQMFEDMG
Hcgff6kIA1j8vQEBbYgD/jm9xHuUuY+iXDkOzpCXBYACYEZDV913MjtyBAmaVqYo
Rh5HFimkGXe+rCo78Aau0hc57fFMTsJqnuWEqVt3GRq28hSK1FOZ7ni9/XibHcmN
rt2yugl3hYpClijo4nrDL1NxibbamkGW/vFGcljS0jqXz6NDVbGx5Oo7HBByxByz
iQCVAwUQMhmtVjt/x7zOdmsfAQFuVQQApsVUTigT5YWjQA9Nd5Z0+a/oVtZpyw5Z
OljLJP3vqJdMa6TidhfcatjHbFTve5x1dmjFgMX/MQTd8zf/+Xccy/PX4+lnKNpP
eSf1Y4aK+E8KHmBGd6GzX6CIboyGYLS9e3kGnN06F2AQtaLyJFgQ71wRaGuyKmQG
FwTn7jiKb1aJAJUDBRAyEOLXPt3iN6QQUSEBATwQA/9jqu0Nbk154+Pn+9mJX/YT
fYR2UqK/5FKCqgL5Nt/Deg2re0zMD1f8F9Dj6vuAAxq8hnOkIHKlWolMjkRKkzJi
mSPEWl3AuHJ31k948J8it4f8kq/o44usIA2KKVMlI63Q/rmNdfWCyiYQEVGcRbTm
GTdZIHYCOgV5dOo4ebFqgYkAlQMFEDIE1nMEJn15jgpJ0QEBW6kEAKqN8XSgzTqf
CrxFXT07MlHhfdbKUTNUoboxCGCLNW05vf1A8F5fdE5i14LiwkldWIzPxWD+Sa3L
fNPCfCZTaCiyGcLyTzVfBHA18MBAOOX6JiTpdcm22jLGUWBf/aJK3yz/nfbWntd/
LRHysIdVp29lP5BF+J9/Lzbb/9LxP1taiQCVAwUQMgRXZ44CzbsJWQz9AQFf7gP/
Qa2FS5S6RYKG3rYanWADVe/ikFV2lxuM1azlWbsmljXvKVWGe6cV693nS5lGGAjx
lbd2ADwXjlkNhv45HLWFm9PEveO9Jjr6tMuXVt8N2pxiX+1PLUN9CtphTIU7Yfjn
s6ryZZfwGHSfIxNGi5ua2SoXhg0svaYnxHxXmOtH24iJAJUDBRAyAkpV8qaAEa3W
TBkBARfQBAC+S3kbulEAN3SI7/A+A/dtl9DfZezT9C4SRBGsl2clQFMGIXmMQ/7v
7lLXrKQ7U2zVbgNfU8smw5h2vBIL6f1PyexSmc3mz9JY4er8KeZpcf6H0rSkHl+i
d7TF0GvuTdNPFO8hc9En+GG6QHOqbkB4NRZ6cwtfwUMhk2FHXBnjF4kAlQMFEDH5
FFukUJAsCdPmTQEBe74EAMBsxDnbD9cuI5MfF/QeTNEG4BIVUZtAkDme4Eg7zvsP
d3DeJKCGeNjiCWYrRTCGwaCWzMQk+/+MOmdkI6Oml+AIurJLoHceHS9jP1izdP7f
N2jkdeJSBsixunbQWtUElSgOQQ4iF5kqwBhxtOfEP/L9QsoydRMR1yB6WPD75H7V
iQCVAwUQMZ9YNGtaZ42Bsqd5AQH0PAQAhpVlAc3ZM/KOTywBSh8zWKVlSk3q/zGn
k7hJmFThnlhH1723+WmXE8aAPJi+VXOWJUFQgwELJ6R8jSU2qvk2m1VWyYSqRKvc
VRQMqT2wjss0GE1Ngg7tMrkRHT0il7E2xxIb8vMrIwmdkbTfYqBUhhGnsWPHZHq7
MoA1/b+rK7CJAJUDBRAxnvXh3IDyptUyfLkBAYTDA/4mEKlIP/EUX2Zmxgrd/JQB
hqcQlkTrBAaDOnOqe/4oewMKR7yaMpztYhJs97i03Vu3fgoLhDspE55ooEeHj0r4
cOdiWfYDsjSFUYSPNVhW4OSruMA3c29ynMqNHD7hpr3rcCPUi7J2RncocOcCjjK2
BQb/9IAUNeK4C9gPxMEZLokAlQMFEDGeO86zWmLrWZ8yPQEBEEID/2fPEUrSX3Yk
j5TJPFZ9MNX0lEo7AHYjnJgEbNI4pYm6C3PnMlsYfCSQDHuXmRQHAOWSdwOLvCkN
F8eDaF3M6u0urgeVJ+KVUnTz2+LZoZs12XSZKCte0HxjbvPpWMTTrYyimGezH79C
mgDVjsHaYOx3EXF0nnDmtXurGioEmW1J
=mSvM
-----END PGP PUBLIC KEY BLOCK-----&a.peter;
Peter Wemm <peter@FreeBSD.org>
aka <peter@spinner.dialix.com>
aka <peter@haywire.dialix.com>
aka <peter@perth.dialix.oz.au>
Key fingerprint = 47 05 04 CA 4C EE F8 93 F6 DB 02 92 6D F5 58 8A
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAy9/FJwAAAEEALxs9dE9tFd0Ru1TXdq301KfEoe5uYKKuldHRBOacG2Wny6/
W3Ill57hOi2+xmq5X/mHkapywxvy4cyLdt31i4GEKDvxpDvEzAYcy2n9dIup/eg2
kEhRBX9G5k/LKM4NQsRIieaIEGGgCZRm0lINqw495aZYrPpO4EqGN2HYnOMZAAUT
tCVQZXRlciBXZW1tIDxwZXRlckBoYXl3aXJlLmRpYWxpeC5jb20+iQCVAwUQMwWT
cXW7bjh2o/exAQEFkQP+LIx5zKlYp1uR24xGApMFNrNtjh+iDIWnxxb2M2Kb6x4G
9z6OmbUCoDTGrX9SSL2Usm2RD0BZfyv9D9QRWC2TSOPkPRqQgIycc11vgbLolJJN
eixqsxlFeKLGEx9eRQCCbo3dQIUjc2yaOe484QamhsK1nL5xpoNWI1P9zIOpDiGJ
AJUDBRAxsRPqSoY3Ydic4xkBAbWLA/9q1Fdnnk4unpGQsG31Qbtr4AzaQD5m/JHI
4gRmSmbj6luJMgNG3fpO06Gd/Z7uxyCJB8pTst2a8C/ljOYZxWT+5uSzkQXeMi5c
YcI1sZbUpkHtmqPW623hr1PB3ZLA1TIcTbQW+NzJsxQ1Pc6XG9fGkT9WXQW3Xhet
AP+juVTAhLQlUGV0ZXIgV2VtbSA8cGV0ZXJAcGVydGguZGlhbGl4Lm96LmF1PokA
lQMFEDGxFCFKhjdh2JzjGQEB6XkD/2HOwfuFrnQUtdwFPUkgtEqNeSr64jQ3Maz8
xgEtbaw/ym1PbhbCk311UWQq4+izZE2xktHTFClJfaMnxVIfboPyuiSF99KHiWnf
/Gspet0S7m/+RXIwZi1qSqvAanxMiA7kKgFSCmchzas8TQcyyXHtn/gl9v0khJkb
/fv3R20btB5QZXRlciBXZW1tIDxwZXRlckBGcmVlQlNELm9yZz6JAJUDBRAxsRJd
SoY3Ydic4xkBAZJUA/4i/NWHz5LIH/R4IF/3V3LleFyMFr5EPFY0/4mcv2v+ju9g
brOEM/xd4LlPrx1XqPeZ74JQ6K9mHR64RhKR7ZJJ9A+12yr5dVqihe911KyLKab9
4qZUHYi36WQu2VtLGnw/t8Jg44fQSzbBF5q9iTzcfNOYhRkSD3BdDrC3llywO7Ql
UGV0ZXIgV2VtbSA8cGV0ZXJAc3Bpbm5lci5kaWFsaXguY29tPokAlQMFEDGxEi1K
hjdh2JzjGQEBdA4EAKmNFlj8RF9HQsoI3UabnvYqAWN5wCwEB4u+Zf8zq6OHic23
TzoK1SPlmSdBE1dXXQGS6aiDkLT+xOdeewNs7nfUIcH/DBjSuklAOJzKliXPQW7E
kuKNwy4eq5bl+j3HB27i+WBXhn6OaNNQY674LGaR41EGq44Wo5ATcIicig/z
=gv+h
-----END PGP PUBLIC KEY BLOCK-----&a.joerg;
Type Bits/KeyID Date User ID
pub 1024/76A3F7B1 1996/04/27 Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
Key fingerprint = DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E
Joerg Wunsch <joerg_wunsch@interface-business.de>
Joerg Wunsch <j@uriah.heep.sax.de>
Joerg Wunsch <j@interface-business.de>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzGCFeAAAAEEAKmRBU2Nvc7nZy1Ouid61HunA/5hF4O91cXm71/KPaT7dskz
q5sFXvPJPpawwvqHPHfEbAK42ZaywyFp59L1GaYj87Pda+PlAYRJyY2DJl5/7JPe
ziq+7B8MdvbX6D526sdmcR+jPXPbHznASjkx9DPmK+7TgFujyXW7bjh2o/exAAUR
tC1Kb2VyZyBXdW5zY2ggPGpvZXJnX3d1bnNjaEB1cmlhaC5oZWVwLnNheC5kZT6J
AJUDBRA0FFkBs1pi61mfMj0BAfDCA/oCfkjrhvRwRCpSL8klJ1YDoUJdmw+v4nJc
pw3OpYXbwKOPLClsE7K3KCQscHel7auf91nrekAwbrXv9Clp0TegYeAQNjw5vZ9f
L6UZ5l3fH8E2GGA7+kqgNWs1KxAnG5GdUvJ9viyrWm8dqWRGo+loDWlZ12L2OgAD
fp7jVZTI1okAlQMFEDQPrLoff6kIA1j8vQEB2XQEAK/+SsQPCT/X4RB/PBbxUr28
GpGJMn3AafAaA3plYw3nb4ONbqEw9tJtofAn4UeGraiWw8nHYR2DAzoAjR6OzuX3
TtUV+57BIzrTPHcNkb6h8fPuHU+dFzR+LNoPaGJsFeov6w+Ug6qS9wa5FGDAgaRo
LHSyBxcRVoCbOEaS5S5EiQCVAwUQM5BktWVgqaw0+fnVAQGKPwP+OiWho3Zm2GKp
lEjiZ5zx3y8upzb+r1Qutb08jr2Ewja04hLg0fCrt6Ad3DoVqxe4POghIpmHM4O4
tcW92THQil70CLzfCxtfUc6eDzoP3krD1/Gwpm2hGrmYA9b/ez9+r2vKBbnUhPmC
glx5pf1IzHU9R2XyQz9Xu7FI2baOSZqJAJUDBRAyCIWZdbtuOHaj97EBAVMzA/41
VIph36l+yO9WGKkEB+NYbYOz2W/kyi74kXLvLdTXcRYFaCSZORSsQKPGNMrPZUoL
oAKxE25AoCgl5towqr/sCcu0A0MMvJddUvlQ2T+ylSpGmWchqoXCN7FdGyxrZ5zz
xzLIvtcio6kaHd76XxyJpltCASupdD53nEtxnu8sRrQxSm9lcmcgV3Vuc2NoIDxq
b2VyZ193dW5zY2hAaW50ZXJmYWNlLWJ1c2luZXNzLmRlPokAlQMFEDIIhfR1u244
dqP3sQEBWoID/RhBm+qtW+hu2fqAj9d8CVgEKJugrxZIpXuCKFvO+bCgQtogt9EX
+TJh4s8UUdcFkyEIu8CT2C3Rrr1grvckfxvrTgzSzvtYyv1072X3GkVY+SlUMBMA
rdl1qNW23oT7Q558ajnsaL065XJ5m7HacgTTikiofYG8i1s7TrsEeq6PtCJKb2Vy
ZyBXdW5zY2ggPGpAdXJpYWguaGVlcC5zYXguZGU+iQCVAwUQMaS91D4gHQUlG9CZ
AQGYOwQAhPpiobK3d/fz+jWrbQgjkoO+j39glYGXb22+6iuEprFRs/ufKYtjljNT
NK3B4DWSkyIPawcuO4Lotijp6jke2bsjFSSashGWcsJlpnwsv7EeFItT3oWTTTQQ
ItPbtNyLW6M6xB+jLGtaAvJqfOlzgO9BLfHuA2LY+WvbVW447SWJAJUDBRAxqWRs
dbtuOHaj97EBAXDBA/49rzZB5akkTSbt/gNd38OJgC+H8N5da25vV9dD3KoAvXfW
fw7OxIsxvQ/Ab+rJmukrrWxPdsC+1WU1+1rGa4PvJp/VJRDes2awGrn+iO7/cQoS
IVziC27JpcbvjLvLVcBIiy1yT/RvJ+87a3jPRHt3VFGcpFh4KykxxSNiyGygl4kA
lQMFEDGCUB31FVv7jlQtXQEB5KgD/iIJZe5lFkPr2B/Cr7BKMVBot1/JSu05NsHg
JZ3uK15w4mVtNPZcFi/dKbn+qRM6LKDFe/GF0HZD/ZD1FJt8yQjzF2w340B+F2GG
EOwnClqZDtEAqnIBzM/ECQQqH+6Bi8gpkFZrFgg5eON7ikqmusDnOlYStM/CBfgp
SbR8kDmFtCZKb2VyZyBXdW5zY2ggPGpAaW50ZXJmYWNlLWJ1c2luZXNzLmRlPokA
lQMFEDHioSdlYKmsNPn51QEByz8D/10uMrwP7MdaXnptd1XNFhpaAPYTVAOcaKlY
OGI/LLR9PiU3FbqXO+7INhaxFjBxa0Tw/p4au5Lq1+Mx81edHniJZNS8tz3I3goi
jIC3+jn2gnVAWnK5UZUTUVUn/JLVk/oSaIJNIMMDaw4J9xPVVkb+Fh1A+XqtPsVa
YESrNp0+iQCVAwUQMwXkzcdm8Q+/vPRJAQEA4QQAgNNX1HFgXrMetDb+w6yEGQDk
JCDAY9b6mA2HNeKLQAhsoZl4HwA1+iuQaCgo3lyFC+1Sf097OUTs74z5X1vCedqV
oFw9CxI3xuctt3pJCbbN68flOlnq0WdYouWWGlFwLlh5PEy//VtwX9lqgsizlhzi
t+fX6BT4BgKi5baDhrWJAJUDBRAyCKveD9eCJxX4hUkBAebMA/9mRPy6K6i7TX2R
jUKSl2p5oYrXPk12Zsw4ijuktslxzQhOCyMSCGK2UEC4UM9MXp1H1JZQxN/DcfnM
7VaUt+Ve0wZ6DC9gBSHJ1hKVxHe5XTj26mIr4rcXNy2XEDMK9QsnBxIAZnBVTjSO
LdhqqSMp3ULLOpBlRL2RYrqi27IXr4kAlQMFEDGpbnd1u244dqP3sQEBJnQD/RVS
Azgf4uorv3fpbosI0LE3LUufAYGBSJNJnskeKyudZkNkI5zGGDwVneH/cSkKT4OR
ooeqcTBxKeMaMuXPVl30QahgNwWjfuTvl5OZ8orsQGGWIn5FhqYXsKkjEGxIOBOf
vvlVQ0UbcR0N2+5F6Mb5GqrXZpIesn7jFJpkQKPU
=97h7
-----END PGP PUBLIC KEY BLOCK-----Developers&a.wosch;
Type Bits/KeyID Date User ID
pub 1024/2B7181AD 1997/08/09 Wolfram Schneider <wosch@FreeBSD.org>
Key fingerprint = CA 16 91 D9 75 33 F1 07 1B F0 B4 9F 3E 95 B6 09
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzPs+aEAAAEEAJqqMm2I9CxWMuHDvuVO/uh0QT0az5ByOktwYLxGXQmqPG1G
Q3hVuHWYs5Vfm/ARU9CRcVHFyqGQ3LepoRhDHk+JcASHan7ptdFsz7xk1iNNEoe0
vE2rns38HIbiyQ/2OZd4XsyhFOFtExNoBuyDyNoe3HbHVBQT7TmN/mkrcYGtAAUR
tCVXb2xmcmFtIFNjaG5laWRlciA8d29zY2hARnJlZUJTRC5vcmc+iQCVAwUQNxnH
AzmN/mkrcYGtAQF5vgP/SLOiI4AwuPHGwUFkwWPRtRzYSySXqwaPCop5mVak27wk
pCxGdzoJO2UgcE812Jt92Qas91yTT0gsSvOVNATaf0TM3KnKg5ZXT1QIzYevWtuv
2ovAG4au3lwiFPDJstnNAPcgLF3OPni5RCUqBjpZFhb/8YDfWYsMcyn4IEaJKre0
JFdvbGZyYW0gU2NobmVpZGVyIDxzY2huZWlkZXJAemliLmRlPokAlQMFEDcZxu85
jf5pK3GBrQEBCRgD/jPj1Ogx4O769soiguL1XEHcxhqtrpKZkKwxmDLRa0kJFwLp
bBJ3Qz3vwaB7n5gQU0JiL1B2M7IxVeHbiIV5pKp7FD248sm+HZvBg6aSnCg2JPUh
sHd1tK5X4SB5cjFt3Cj0LIN9/c9EUxm3SoML9bovmze60DckErrRNOuTk1IntCJX
b2xmcmFtIFNjaG5laWRlciA8d29zY2hAYXBmZWwuZGU+iQEVAwUQNmfWXAjJLLJO
sC7dAQEASAgAnE4g2fwMmFkQy17ATivljEaDZN/m0GdXHctdZ8CaPrWk/9/PTNK+
U6xCewqIKVwtqxVBMU1VpXUhWXfANWCB7a07D+2GrlB9JwO5NMFJ6g0WI/GCUXjC
xb3NTkNsvppL8Rdgc8wc4f23GG4CXVggdTD2oUjUH5Bl7afgOT4xLPAqePhS7hFB
UnMsbA94OfxPtHe5oqyaXt6cXH/SgphRhzPPZq0yjg0Ef+zfHVamvZ6Xl2aLZmSv
Cc/rb0ShYDYi39ly9OPPiBPGbSVw2Gg804qx3XAKiTFkLsbYQnRt7WuCPsOVjFkf
CbQS31TaclOyzenZdCAezubGIcrJAKZjMIkAlQMFEDPs+aE5jf5pK3GBrQEBlIAD
/3CRq6P0m1fi9fbPxnptuipnoFB/m3yF6IdhM8kSe4XlXcm7tS60gxQKZgBO3bDA
5QANcHdl41Vg95yBAZepPie6iQeAAoylRrONeIy6XShjx3S0WKmA4+C8kBTL+vwa
UqF9YJ1qesZQtsXlkWp/Z7N12RkueVAVQ7wRPwfnz6E3tC5Xb2xmcmFtIFNjaG5l
aWRlciA8d29zY2hAcGFua2UuZGUuZnJlZWJzZC5vcmc+iQCVAwUQNxnEqTmN/mkr
cYGtAQFnpQP9EpRZdG6oYN7d5abvIMN82Z9x71a4QBER+R62mU47wqdRG2b6jMMh
3k07b2oiprVuPhRw/GEPPQevb6RRT6SD9CPYAGfK3MDE8ZkMj4d+7cZDRJQ35sxv
gAzQwuA9l7kS0mt5jFRPcEg5/KpuyehRLckjx8jpEM7cEJDHXhBIuVg=
=3V1R
-----END PGP PUBLIC KEY BLOCK-----&a.brian;
Type Bits/KeyID Date User ID
pub 1024/666A7421 1997/04/30 Brian Somers <brian@awfulhak.org>
Key fingerprint = 2D 91 BD C2 94 2C 46 8F 8F 09 C4 FC AD 12 3B 21
Brian Somers <brian@uk.FreeBSD.org>
Brian Somers <brian@OpenBSD.org>
Brian Somers <brian@FreeBSD.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzNmogUAAAEEALdsjVsV2dzO8UU4EEo7z3nYuvB2Q6YJ8sBUYjB8/vfR5oZ9
7aEQjgY5//pXvS30rHUB9ghk4kIFSljzeMudE0K2zH5n2sxpLbBKWZRDLS7xnrDC
I3j9CNKwQBzMPs0fUT46gp96nf1X8wPiJXkDUEia/c0bRbXlLw7tvOdmanQhAAUR
tCFCcmlhbiBTb21lcnMgPGJyaWFuQGF3ZnVsaGFrLm9yZz6JAJUDBRA3Fjs4H3+p
CANY/L0BAZOxBACTZ1zPdaJzEdT4AfrebQbaU4ytEeodnVXZIkc8Il+LDlDOUAIe
k5PgnHTRM4yiwcZuYQrCDRFgdOofcFfRo0PD7mGFzd22qPGmbvHiDBCYCyhlkPXW
IDeoA1cX77JlU1NFdy0dZwuX7csaMlpjCkOPc7+856mr6pQi48zj7yZtrYkAlQMF
EDcUqZ2dZ0EADG4SFQEBEm0EAL2bBNc4vpxPrg3ATdZ/PekpL6lYj3s9pBf8f7eY
LXq438A/ywiWkrL74gXxcZ2Ey9AHZW+rbJPzUbrfMAgP3uWobeSvDyKRo1wtKnTY
Hy+OEIbBIHDmIUuK3L7KupBf7WAI46Q7fnyz0txvtRruDjvfoyl9/TSRfIKcaw2a
INh7iQCVAwUQNwyWpmdKPfFUsXG5AQEIrAQAmukv2u9ihcnO2Zaak265I+gYozu+
biAngdXNfhTGMeExFzdzQ8Qe7EJugMpIDEkJq2goY35sGitD+ogSVWECjcVbHIAP
M2u9axFGlK7fDOmmkH2ZWDMtwx2I5dZps3q2g9mY2O9Az5Yokp7GW7viSpWXHTRH
xOsuY6aze71U7RWJAHUDBRA3DAEvDuwDH3697LEBAWRHAv9XXkub6mir/DCxzKI2
AE3tek40lRfU6Iukjl/uzT9GXcL3uEjIewiPTwN+k4IL+qcCEdv8WZgv/tO45r59
IZQsicNaSAsKX/6Cxha6Hosg1jw4rjdyz13rgYRi/nreq5mJAJUDBRA2r0CM9p+f
Pnxlu7UBAYObA/40s5SwEpXTrePO78AoUFEa5Z4bgyxkpT7BVbq6m/oQtK509Xe2
M2y0XTLkd86oXpjyKzGzWq8T6ZTKNdF9+5LhS2ylJytdPq1AjDk2BocffWX4+pXn
RPiC6XcNdYGiQL8OTHvZESYQDiHeMfwA8WdMzFK1R80nJMwANYXjJJrLzYkAlQMF
EDNt51zvs7EFZlNtbQEBW0UD/jZB6UDdEFdhS0hxgahv5CxaQDWQbIEpAY9JL1yg
d1RWMKUFGXdRkWZmHEA4NvtwFFeam/HZm4yuGf8yldMyo84loTcVib7lKh4CumGx
FT5Pxeh/F8u9EeQzclRFSMhVl0BA2/HEGyjw0kbkprI/RD3pXD7ewTAUrj2O3XhE
InLgiQCVAwUQM3O9vWyr6JZzEUkFAQF9nAP9Hco0V/3Kl70N5ryPVgh41nUTd7Td
6fUjx8yPoSZLX8vVZ8XMyd8ULFmzsmA+2QG4HcKo/x/4s50O3o8c+o1qSYj0Tp+K
4Z8lneMVlgBNdrRcq4ijEgk0qGqSlsXyLElkVPEXAADBVgzf6yqvipDwXNVzl6e3
GPLE8U2TAnBFZX6JAJUDBRAzZqIFDu2852ZqdCEBATsuBACI3ofP7N3xuHSc7pWL
NsnFYVEc9utBaclcagxjLLzwPKzMBcLjNGyGXIZQNB0d4//UMUJcMS7vwZ8MIton
VubbnJVHuQvENloRRARtarF+LC7OLMCORrGtbt0FtYgvBaqtgXlNcKXD6hRT+ghR
bi3q34akA7Xw8tiFIxdVgSusALQjQnJpYW4gU29tZXJzIDxicmlhbkB1ay5GcmVl
QlNELm9yZz6JAJUDBRA3FLWcnWdBAAxuEhUBAcYYBACos9nKETuaH+z2h0Ws+IIY
mN9FEm8wpPUcQmX5GFhfBUQ+rJbflzv0jJ/f2ac9qJHgIIAlJ3pMkfMpU8UYHEuo
VCe4ZTU5sr4ZdBaF9kpm2OriFgZwIv4QAi7dCMu9ZwGRtZ3+z3DQsVSagucjZTIe
yTUR6K+7E3YXANQjOdqFZYkAlQMFEDcUpeQO7bznZmp0IQEB4HED/Ru3NjwWO1gl
xEiLTzRpU31Rh1Izw1lhVMVJkLAGBw9ieSkjvdIkuhqV1i+W4wKBClT0UOE28Kjp
WbBKPFIASRYzN4ySwpprsG5H45EFQosovYG/HPcMzXU2GMj0iwVTxnMq7I8oH588
ExHqfEN2ARD3ngmB2499ruyGl26pW/BftCBCcmlhbiBTb21lcnMgPGJyaWFuQE9w
ZW5CU0Qub3JnPokAlQMFEDcUtW6dZ0EADG4SFQEBQwsD/j9B/lkltIdnQdjOqR/b
dOBgJCtUf905y6kD+k4kbxeT1YAaA65KJ2o/Zj+i+69F2+BUJ/3kYB7prKwut2h0
ek1ZtncGxoAsQdFJ5JSeMkwUZ5qtGeCmVPb59+KPq3nU6p3RI8Bn77FzK//Qy+IW
/WFVJbf/6NCNCbyRiRjPbGl/iQCVAwUQNxSlyA7tvOdmanQhAQFzMAP/dvtsj3yB
C+seiy6fB/nS+NnKBoff3Ekv57FsZraGt4z9n4sW61eywaiRzuKlhHqrDE17STKa
fBOaV1Ntl7js7og5IFPWNlVh1cK+spDmd655D8pyshziDF6fSAsqGfTn35xl23Xj
O20MMK44j4I5V6rEyUDBDrmX49J56OFkfwa0IEJyaWFuIFNvbWVycyA8YnJpYW5A
RnJlZUJTRC5vcmc+iQCVAwUQNxS1Y51nQQAMbhIVAQHPBQP+IMUlE4DtEvSZFtG4
YK9usfHSkStIafh/F/JzSsqdceLZgwcuifbemw79Rhvqhp0Cyp7kuI2kHO3a19kZ
3ZXlDl3VDg41SV/Z5LzNw9vaZKuF/vtGaktOjac5E5aznWGIA5czwsRgydEOcd8O
VPMUMrdNWRI6XROtnbZaRSwmD8aJAJUDBRA3FKWuDu2852ZqdCEBAWVJA/4x3Mje
QKV+KQoO6mOyoIcD4GK1DjWDvNHGujJbFGBmARjr/PCm2cq42cPzBxnfRhCfyEvN
aesNB0NjLjRU/m7ziyVn92flAzHqqmU36aEdqooXUY2T3vOYzo+bM7VtInarG1iU
qw1G19GgXUwUkPvy9+dNIM/aYoI/e0Iv3P9uug==
=R3k0
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/en_US.ISO_8859-1/books/handbook/ports/chapter.sgml b/en_US.ISO_8859-1/books/handbook/ports/chapter.sgml
index d5e27dcaa6..367ab8e108 100644
--- a/en_US.ISO_8859-1/books/handbook/ports/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/ports/chapter.sgml
@@ -1,4610 +1,4610 @@
Installing Applications: The Ports collectionContributed by &a.jraynard;.The FreeBSD Ports collection allows you to compile and install a very
wide range of applications with a minimum of effort.For all the hype about open standards, getting a program to work on
different versions of Unix in the real world can be a tedious and tricky
business, as anyone who has tried it will know. You may be lucky enough
to find that the program you want will compile cleanly on your system,
install itself in all the right places and run flawlessly “out of
the box”, but this is unfortunately rather rare. With most
programs, you will find yourself doing a fair bit of head-scratching, and
there are quite a few programs that will result in premature greying, or
even chronic alopecia...Some software distributions have attacked this problem by providing
configuration scripts. Some of these are very clever, but they have an
unfortunate tendency to triumphantly announce that your system is
something you have never heard of and then ask you lots of questions that
sound like a final exam in system-level Unix programming (Does
your system's gethitlist function return a const pointer to a fromboz or
a pointer to a const fromboz? Do you have Foonix style unacceptable
exception handling? And if not, why not?).Fortunately, with the Ports collection, all the hard work involved has
already been done, and you can just type make install
and get a working program.Why Have a Ports Collection?The base FreeBSD system comes with a very wide range of tools and
system utilities, but a lot of popular programs are not in the base
system, for good reasons:-Programs that some people cannot live without and other people
cannot stand, such as a certain Lisp-based editor.Programs which are too specialised to put in the base system
(CAD, databases).Programs which fall into the “I must have a look at that
when I get a spare minute” category, rather than
system-critical ones (some languages, perhaps).Programs that are far too much fun to be supplied with a serious
operating system like FreeBSD ;-)However many programs you put in the base system, people will
always want more, and a line has to be drawn somewhere (otherwise
FreeBSD distributions would become absolutely enormous).Obviously it would be unreasonable to expect everyone to port their
favourite programs by hand (not to mention a tremendous amount of
duplicated work), so the FreeBSD Project came up with an ingenious way
of using standard tools that would automate the process.Incidentally, this is an excellent illustration of how “the
Unix way” works in practice by combining a set of simple but very
flexible tools into something very powerful.How Does the Ports Collection Work?Programs are typically distributed on the Internet as a tarball consisting of a Makefile and
the source code for the program and usually some instructions (which are
unfortunately not always as instructive as they could be), with perhaps
a configuration script.The standard scenario is that you FTP down the tarball, extract it
somewhere, glance through the instructions, make any changes that seem
necessary, run the configure script to set things up and use the
standard make program to compile and install the
program from the source.FreeBSD ports still use the tarball mechanism, but use a skeleton to hold the
"knowledge" of how to get the program working on FreeBSD,
rather than expecting the user to be able to work it out. They also
supply their own customised Makefile, so that almost every port
can be built in the same way.If you look at a port skeleton (either on your FreeBSD
system or the
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/ports/devel/ElectricFence">the
FTP site) and expect to find all sorts of pointy-headed rocket
science lurking there, you may be disappointed by the one or two rather
unexciting-looking files and directories you find there. (We will
discuss in a minute how to go about Getting a port).“How on earth can this do anything?” I hear you cry.
“There is no source code there!”Fear not, gentle reader, all will become clear (hopefully). Let us
see what happens if we try and install a port. I have chosen
ElectricFence, a useful tool for developers,
as the skeleton is more straightforward than most.If you are trying this at home, you will need to be root.&prompt.root; cd /usr/ports/devel/ElectricFence
&prompt.root; make install
>> Checksum OK for ElectricFence-2.0.5.tar.gz.
===> Extracting for ElectricFence-2.0.5
===> Patching for ElectricFence-2.0.5
===> Applying FreeBSD patches for ElectricFence-2.0.5
===> Configuring for ElectricFence-2.0.5
===> Building for ElectricFence-2.0.5
[lots of compiler output...]
===> Installing for ElectricFence-2.0.5
===> Warning: your umask is "0002". If this is not desired, set it to
an appropriate value and install this port again by ``make reinstall''.
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.a /usr/local/lib
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.3 /usr/local/man/man3
===> Compressing manual pages for ElectricFence-2.0.5
===> Registering installation for ElectricFence-2.0.5To avoid confusing the issue, I have completely removed the build
output.If you tried this yourself, you may well have got something like
this at the start:-&prompt.root; make install
>> ElectricFence-2.0.5.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://ftp.doc.ic.ac.uk/Mirrors/sunsite.unc.edu/pub/Linux/devel/lang/c/.The make program has noticed that you did not
have a local copy of the source code and tried to FTP it down so it
could get the job done. I already had the source handy in my example,
so it did not need to fetch it.Let's go through this and see what the make
program was doing.Locate the source code tarball. If it is not available
locally, try to grab it from an FTP site.Run a checksum test on the
tarball to make sure it has not been tampered with, accidentally
truncated, downloaded in ASCII mode, struck by neutrinos while in
transit, etc.Extract the tarball into a temporary work directory.Apply any patches needed to
get the source to compile and run under FreeBSD.Run any configuration script required by the build process and
correctly answer any questions it asks.(Finally!) Compile the code.Install the program executable and other supporting files, man
pages, etc. under the /usr/local hierarchy
(unless this is an X11 program,
then it will be under /usr/X11R6),
where they will not get mixed up with system programs. This also
makes sure that all the ports you install will go in the same place,
instead of being flung all over your system.Register the installation in a database. This means that, if
you do not like the program, you can cleanly remove all traces of it from your
system.Scroll up to the make output and see if you can
match these steps to it. And if you were not impressed before, you
should be by now!Getting a FreeBSD PortThere are two ways of getting hold of the FreeBSD port for a
program. One requires a FreeBSD CDROM,
the other involves using an Internet
Connection.Compiling ports from CDROMAssuming that your FreeBSD CDROM is in the drive and mounted on
/cdrom (and the mount point
must be /cdrom), you should
then be able to build ports just as you normally do and the port
collection's built in search path should find the tarballs in
/cdrom/ports/distfiles/ (if they exist there)
rather than downloading them over the net.Another way of doing this, if you want to just use the port
skeletons on the CDROM, is to set these variables in
/etc/make.conf:
PORTSDIR= /cdrom/ports
DISTDIR= /tmp/distfiles
WRKDIRPREFIX= /tmpSubstitute /tmp for any place you have enough
free space. Then, just cd to the appropriate
subdirectory under /cdrom/ports and type
make install as usual.
WRKDIRPREFIX will cause the port to be build under
/tmp/cdrom/ports; for instance,
games/oneko will be built under
/tmp/cdrom/ports/games/oneko.There are some ports for which we cannot provide the original
source in the CDROM due to licensing limitations. In that case, you
will need to look at the section on Compiling ports using an Internet
connection.Compiling ports from the InternetIf you do not have a CDROM, or you want to make sure you get the
very latest version of the port you want, you will need to download
the skeleton for the port. Now
this might sound like rather a fiddly job full of pitfalls, but it is
actually very easy.First, if you are running a release version of FreeBSD, make sure
you get the appropriate “upgrade kit” for your release
- from the ports web
+ from the ports web
page. These packages include files that have been updated
since the release that you may need to compile new ports.The key to the skeletons is that the FreeBSD FTP server can create
on-the-fly tarballs for you.
Here is how it works, with the gnats program in the databases
directory as an example (the bits in square brackets are comments. Do
not type them in if you are trying this yourself!):-&prompt.root; cd /usr/ports
&prompt.root; mkdir databases
&prompt.root; cd databases
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/ports/databasesftp>get gnats.tar
[tars up the gnats skeleton for us]
ftp>quit
&prompt.root; tar xf gnats.tar
[extract the gnats skeleton]
&prompt.root; cd gnats
&prompt.root; make install
[build and install gnats]What happened here? We connected to the FTP server in the usual
way and went to its databases sub-directory.
When we gave it the command get gnats.tar, the FTP
server tarred up the gnats
directory for us.We then extracted the gnats skeleton and went into the gnats
directory to build the port. As we explained earlier, the make process noticed we
did not have a copy of the source locally, so it fetched one before
extracting, patching and building it.Let us try something more ambitious now. Instead of getting a
single port skeleton, we will get a whole sub-directory, for example all
the database skeletons in the ports collection. It looks almost the
same:-&prompt.root; cd /usr/ports
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/portsftp>get databases.tar
[tars up the databases directory for us]
ftp>quit
&prompt.root; tar xf databases.tar
[extract all the database skeletons]
&prompt.root; cd databases
&prompt.root; make install
[build and install all the database ports]With half a dozen straightforward commands, we have now got a set
of database programs on our FreeBSD machine! All we did that was
different from getting a single port skeleton and building it was that
we got a whole directory at once, and compiled everything in it at
once. Pretty impressive, no?If you expect to be installing many ports, it is probably worth
downloading all the ports directories.SkeletonsA team of compulsive hackers who have forgotten to eat in a frantic
attempt to make a deadline? Something unpleasant lurking in the FreeBSD
attic? No, a skeleton here is a minimal framework that supplies
everything needed to make the ports magic work.MakefileThe most important component of a skeleton is the Makefile. This
contains various statements that specify how the port should be
compiled and installed. Here is the Makefile for
ElectricFence:-
# New ports collection makefile for: Electric Fence
# Version required: 2.0.5
# Date created: 13 November 1997
# Whom: jraynard
#
# $Id$
#
DISTNAME= ElectricFence-2.0.5
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_SUNSITE}
MASTER_SITE_SUBDIR= devel/lang/c
MAINTAINER= jraynard@freebsd.org
MAN3= libefence.3
do-install:
${INSTALL_DATA} ${WRKSRC}/libefence.a ${PREFIX}/lib
${INSTALL_MAN} ${WRKSRC}/libefence.3 ${PREFIX}/man/man3
.include <bsd.port.mk>The lines beginning with a "#" sign are comments for the
benefit of human readers (as in most Unix script files).DISTNAME specifies the name of the tarball, but without the
extension.CATEGORIES states what kind of program this is.
In this case, a utility for developers. See the categories section of this
handbook for a complete list.MASTER_SITES is the URL(s) of the master FTP
site, which is used to retrieve the tarball if it is not available on the
local system. This is a site which is regarded as reputable, and is
normally the one from which the program is officially distributed (in
so far as any software is "officially" distributed on the
Internet).MAINTAINER is the email address of the person
who is responsible for updating the skeleton if, for example a new
version of the program comes out.Skipping over the next few lines for a minute, the line
.include <bsd.port.mk> says that the other
statements and commands needed for this port are in a standard file
called bsd.port.mk. As these are the same for
all ports, there is no point in duplicating them all over the place,
so they are kept in a single standard file.This is probably not the place to go into a detailed examination
of how Makefiles work; suffice it to say that the line starting with
MAN3 ensures that the ElectricFence man page is
compressed after installation, to help conserve your precious disk
space. The original port did not provide an
install target, so the three lines from
do-install ensure that the files produced by
this port are placed in the correct destination.The files directoryThe file containing the checksum for the port is called
md5, after the MD5 algorithm used for ports
checksums. It lives in a directory with the slightly confusing name
of files.This directory can also contain other miscellaneous files that are
required by the port and do not belong anywhere else.The patches directoryThis directory contains the patches needed to make everything work
properly under FreeBSD.The pkg directoryThis program contains three quite useful files:-COMMENT — a one-line description of
the program.DESCR — a more detailed
description.PLIST — a list of all the files
that will be created when the program is installed.What to do when a port does not work.Oh. You can do one of four (4) things :Fix it yourself. Technical details on how ports work can be
found in Porting applications.Gripe. This is done by e-mail only! Send
such e-mail to the maintainer of the port, first. Type
make maintainer or read the
Makefile to find the maintainer's email
address. Remember to include the name/version of
the port (copy the $Id: line from the
Makefile), and the output leading up-to the
error, inclusive. If you do not get a satisfactory response,
you can try filing a bug report with send-pr.
Forget it. This is the easiest for most — very few of the
programs in ports can be classified as essential!Grab the pre-compiled package from a ftp server. The
“master” package collection is on FreeBSD's FTP server
in the packages
directory, though check your local mirror first, please!
These are more likely to work (on the whole) than trying to compile
from source and a lot faster besides! Use the &man.pkg.add.1;
program to install a package file on your
system.Some Questions and AnswersQ. I thought this was going to be a discussion about
modems??!A. Ah. You must be thinking of the serial ports on the back of
your computer. We are using “port” here to mean the
result of “porting” a program from one version of Unix
to another. (It is an unfortunate bad habit of computer people to
use the same word to refer to several completely different
things).Q. I thought you were supposed to use packages to install extra
programs?A. Yes, that is usually the quickest and easiest way of doing
it.Q. So why bother with ports then?A. Several reasons:-The licensing conditions on some software distributions
require that they be distributed as source code, not
binaries.Some people do not trust binary distributions. At least
with source code you can (in theory) read through it and look
for potential problems yourself.If you have some local patches, you will need the source to
add them yourself.You might have opinions on how a program should be compiled
that differ from the person who did the package — some
people have strong views on what optimisation setting should be
used, whether to build debug versions and then strip them or
not, etc. etc.Some people like having code around, so they can read it if
they get bored, hack around with it, borrow from it (licence
terms permitting, of course!) and so on.If you ain't got the source, it ain't software! ;-) Q. What is a patch?A. A patch is a small (usually) file that specifies how to go
from one version of a file to another. It contains text that says,
in effect, things like “delete line 23”, “add
these two lines after line 468” or “change line 197 to
this”. Also known as a “diff”, since it is
generated by a program of that name. Q. What is all this about
tarballs?A. It is a file ending in .tar or
.tar.gz (with variations like
.tar.Z, or even .tgz if
you are trying to squeeze the names into a DOS filesystem).Basically, it is a directory tree that has been archived into a
single file (.tar) and optionally compressed
(.gz). This technique was originally used for
Tape ARchives (hence the
name tar), but it is a widely used way of
distributing program source code around the Internet.You can see what files are in them, or even extract them
yourself, by using the standard Unix tar program, which comes with
the base FreeBSD system, like this:-&prompt.user; tar tvzf foobar.tar.gz
&prompt.user; tar xzvf foobar.tar.gz
&prompt.user; tar tvf foobar.tar
&prompt.user; tar xvf foobar.tar Q. And a checksum?A. It is a number generated by adding up all the data in the
file you want to check. If any of the characters change, the
checksum will no longer be equal to the total, so a simple
comparison will allow you to spot the difference. (In practice, it
is done in a more complicated way to spot problems like
position-swapping, which will not show up with a simplistic
addition).Q. I did what you said for compiling
ports from a CDROM and it worked great until I tried to
install the kermit port:-&prompt.root; make install
>> cku190.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://kermit.columbia.edu/kermit/archives/.Why can it not be found? Have I got a dud CDROM?A. The licensing terms for kermit do not allow us to put the
tarball for it on the CDROM, so you will have to fetch it by hand
— sorry! The reason why you got all those error messages was
because you were not connected to the Internet at the time. Once
you have downloaded it from any of the sites above, you can re-start
the process (try and choose the nearest site to you, though, to save
your time and the Internet's bandwidth).Q. I did that, but when I tried to put it into
/usr/ports/distfiles I got some error about not
having permission.A. The ports mechanism looks for the tarball in
/usr/ports/distfiles, but you will not be able
to copy anything there because it is sym-linked to the CDROM, which
is read-only. You can tell it to look somewhere else by
doing&prompt.root; make DISTDIR=/where/you/put/it installQ. Does the ports scheme only work if you have everything in
/usr/ports? My system administrator says I must
put everything under
/u/people/guests/wurzburger, but it does not
seem to work.A. You can use the PORTSDIR and
PREFIX variables to tell the ports mechanism to
use different directories. For instance,&prompt.root; make PORTSDIR=/u/people/guests/wurzburger/ports installwill compile the port in
/u/people/guests/wurzburger/ports and install
everything under /usr/local.&prompt.root; make PREFIX=/u/people/guests/wurzburger/local installwill compile it in /usr/ports and install
it in /u/people/guests/wurzburger/local.And of course&prompt.root; make PORTSDIR=.../ports PREFIX=.../local installwill combine the two (it is too long to fit on the page if I
write it in full, but I am sure you get the idea).If you do not fancy typing all that in every time you install a
port (and to be honest, who would?), it is a good idea to put these
variables into your environment.Q. I do not have a FreeBSD CDROM, but I would like to have all
the tarballs handy on my system so I do not have to wait for a
download every time I install a port. Is there an easy way to get
them all at once?A. To get every single tarball for the ports collection,
do&prompt.root; cd /usr/ports
&prompt.root; make fetchFor all the tarballs for a single ports directory, do&prompt.root; cd /usr/ports/directory
&prompt.root; make fetchand for just one port — well, I think you have guessed
already.Q. I know it is probably faster to fetch the tarballs from one
of the FreeBSD mirror sites close by. Is there any way to tell the
port to fetch them from servers other than ones listed in the
MASTER_SITES?A. Yes. If you know, for example, ftp.FreeBSD.ORG is much closer than sites
listed in MASTER_SITES, do as following
example.&prompt.root; cd /usr/ports/directory
&prompt.root; make MASTER_SITE_OVERRIDE=ftp://ftp.FreeBSD.ORG/pub/FreeBSD/ports/distfiles/ fetchQ. I want to know what files make is going to need before it
tries to pull them down.A. make fetch-list will display a list of
the files needed for a port.Q. Is there any way to stop the port from compiling? I want to
do some hacking on the source before I install it, but it is a bit
tiresome having to watch it and hit control-C every time.A. Doing make extract will stop it after it
has fetched and extracted the source code.Q. I am trying to make my own port and I want to be able to
stop it compiling until I have had a chance to see if my patches
worked properly. Is there something like make
extract, but for patches?A. Yep, make patch is what you want. You
will probably find the PATCH_DEBUG option useful
as well. And by the way, thank you for your efforts!Q. I have heard that some compiler options can cause bugs. Is
this true? How can I make sure that I compile ports with the right
settings?A. Yes, with version 2.6.3 of gcc (the
version shipped with FreeBSD 2.1.0 and 2.1.5), the
option could result in buggy code unless you
used the option as well.
(Most of the ports do not use ). You
should be able to specify the compiler options
used by something like&prompt.root; make CFLAGS='-O2 -fno-strength-reduce' installor by editing /etc/make.conf, but
unfortunately not all ports respect this. The surest way is to do
make configure, then go into the source directory
and inspect the Makefiles by hand, but this can get tedious if the
source has lots of sub-directories, each with their own
Makefiles.Q. There are so many ports it is hard to find the one I want.
Is there a list anywhere of what ports are available?A. Look in the INDEX file in
/usr/ports. If you would like to search the
ports collection for a keyword, you can do that too. For example,
you can find ports relevant to the LISP programming language
using:&prompt.user; cd /usr/ports
&prompt.user; make search key=lispQ. I went to install the foo port but the
system suddenly stopped compiling it and starting compiling the
bar port. What is going on?A. The foo port needs something that is
supplied with bar — for instance, if
foo uses graphics, bar might
have a library with useful graphics processing routines. Or
bar might be a tool that is needed to compile the
foo port. Q. I installed the
grizzle program from the ports and frankly it is
a complete waste of disk space. I want to delete it but I do not
know where it put all the files. Any clues?A. No problem, just do&prompt.root; pkg_delete grizzle-6.5Alternatively, you can do&prompt.root; cd /usr/ports/somewhere/grizzle
&prompt.root; make deinstall
Q. Hang on a minute, you have to know the version number to use
that command. You do not seriously expect me to remember that, do
you??A. Not at all, you can find it out by doing&prompt.root; pkg_info -a | grep grizzle
Information for grizzle-6.5:
grizzle-6.5 - the combined piano tutorial, LOGO interpreter and shoot 'em up arcade game.Q. Talking of disk space, the ports directory seems to be
taking up an awful lot of room. Is it safe to go in there and
delete things?A. Yes, if you have installed the program and are fairly
certain you will not need the source again, there is no point in
keeping it hanging around. The best way to do this is&prompt.root; cd /usr/ports
&prompt.root; make cleanwhich will go through all the ports subdirectories and delete
everything except the skeletons for each port.Q. I tried that and it still left all those tarballs or
whatever you called them in the distfiles
directory. Can I delete those as well?A. Yes, if you are sure you have finished with them, those can
go as well.Q. I like having lots and lots of programs to play with. Is
there any way of installing all the ports in one go?A. Just do&prompt.root; cd /usr/ports
&prompt.root; make installQ. OK, I tried that, but I thought it would take a very long
time so I went to bed and left it to get on with it. When I looked
at the computer this morning, it had only done three and a half
ports. Did something go wrong?A. No, the problem is that some of the ports need to ask you
questions that we cannot answer for you (eg “Do you want to
print on A4 or US letter sized paper?”) and they need to have
someone on hand to answer them.Q. I really do not want to spend all day staring at the
monitor. Any better ideas?A. OK, do this before you go to bed/work/the local
park:-&prompt.root cd /usr/ports
&prompt.root; make -DBATCH installThis will install every port that does not
require user input. Then, when you come back, do&prompt.root; cd /usr/ports
&prompt.root; make -DIS_INTERACTIVE installto finish the job.Q. At work, we are using frobble, which is
in your ports collection, but we have altered it quite a bit to get
it to do what we need. Is there any way of making our own packages,
so we can distribute it more easily around our sites?A. No problem, assuming you know how to make patches for your
changes:-&prompt.root; cd /usr/ports/somewhere/frobble
&prompt.root; make extract
&prompt.root; cd work/frobble-2.8
[Apply your patches]
&prompt.root; cd ../..
&prompt.root; make packageQ. This ports stuff is really clever. I am desperate to find
out how you did it. What is the secret?A. Nothing secret about it at all, just look at the
bsd.ports.mk and
bsd.ports.subdir.mk files in your makefiles
directory.Readers with an aversion to intricate shell-scripts are
advised not to follow this link...)Making a port yourselfContributed by &a.jkh;, &a.gpalmer;, &a.asami; &a.obrien;
and &a.hoek;. 28 August 1996.So, now you are interested in making your own port? Great!What follows are some guidelines for creating a new port for
FreeBSD. The bulk of the work is done by
/usr/ports/Mk/bsd.port.mk, which all port Makefiles
include. Please refer to that file for more details on the inner
workings of the ports collection. Even if you do not hack Makefiles
daily, it is well commented, and you will still gain much knowledge from
it.Only a fraction of the overridable variables
(VAR) are mentioned in
this document. Most (if not all) are documented at the start of
bsd.port.mk. This file users a non-standard tab
setting. Emacs and
Vim should recognise the setting on loading
the file. vi or ex can be set
to use the correct value by typing :set tabstop=4
once the file has been loaded.Quick PortingThis section tells you how to do a quick port. In many cases, it
is not enough, but we will see.First, get the original tarball and put it into
DISTDIR, which defaults to
/usr/ports/distfiles.The following assumes that the software compiled out-of-the-box,
i.e., there was absolutely no change required for the port to work
on your FreeBSD box. If you needed to change something, you will
have to refer to the next section too.Writing the MakefileThe minimal Makefile would look something
like this:
# New ports collection makefile for: oneko
# Version required: 1.1b
# Date created: 5 December 1994
# Whom: asami
#
# $Id$
#
DISTNAME= oneko-1.1b
CATEGORIES= games
MASTER_SITES= ftp://ftp.cs.columbia.edu/archives/X11R5/contrib/
MAINTAINER= asami@FreeBSD.ORG
MAN1= oneko.1
MANCOMPRESSED= yes
USE_IMAKE= yes
.include <bsd.port.mk>See if you can figure it out. Do not worry about the contents
of the $Id$ line, it will be filled in
automatically by CVS when the port is imported to our main ports
tree. You can find a more detailed example in the sample Makefile section.Writing the description filesThere are three description files that are required for any
port, whether they actually package or not. They are
COMMENT, DESCR, and
PLIST, and reside in the
pkg subdirectory.COMMENTThis is the one-line description of the port.
Please do not include the package name (or
version number of the software) in the comment. Here is an
example:
A cat chasing a mouse all over the screen.DESCRThis is a longer description of the port. One to a few
paragraphs concisely explaining what the port does is
sufficient.This is not a manual or an in-depth
description on how to use or compile the port! Please
be careful if you are copying from the
README or manpage; too often
they are not a concise description of the port or are in an
awkward format (e.g., manpages have justified spacing). If the
ported software has an official WWW homepage, you should list it
here. Prefix one of the websites with
WWW: so that automated tools will work
correctly.It is recommended that you sign your name at the end of this
file, as in:
This is a port of oneko, in which a cat chases a poor mouse all over
the screen.
:
(etc.)
WWW: http://www.oneko.org/
- Satoshi
asami@cs.berkeley.eduPLISTThis file lists all the files installed by the port. It is
also called the “packing list” because the package is
generated by packing the files listed here. The pathnames are
relative to the installation prefix (usually
/usr/local or
/usr/X11R6). If you are using the
MANn variables (as
you should be), do not list any manpages here.Here is a small example:
bin/oneko
lib/X11/app-defaults/Oneko
lib/X11/oneko/cat1.xpm
lib/X11/oneko/cat2.xpm
lib/X11/oneko/mouse.xpm
@dirrm lib/X11/onekoRefer to the &man.pkg.create.1; man page for details on the
packing list.You should list all the files, but not the name directories,
in the list. Also, if the port creates directories for itself
during installtion, make sure to add @dirrm
lines as necessary to remove them when the port is
deleted.It is recommended that you keep all the filenames in this
file sorted alphabetically. It will make verifying the changes
when you upgrade the port much easier.Creating a packing list manually can be a very tedious
task. If the port installs a large numbers of files, creating the packing list
automatically might save time.Creating the checksum fileJust type make makesum. The ports make rules
will automatically generate the file
files/md5.Testing the portYou should make sure that the port rules do exactly what you
want it to do, including packaging up the port. These are the
important points you need to verify.PLIST does not contain anything not
installed by your portPLIST contains everything that is
installed by your portYour port can be installed multiple times using the
reinstall targetYour port cleans up
after itself upon deinstallRecommended test orderingmake installmake packagemake deinstallpkg_add package-namemake deinstallmake reinstallmake packageMake sure that there are not any warnings issued in any of the
package and
deinstall stages, After step 3, check to
see if all the new directories are correctly deleted. Also, try
using the software after step 4, to ensure that is works correctly
when installed from a package.Checking your port with portlintPlease use portlint to see if your port
conforms to our guidelines. The portlint program
is part of the ports collection. In particular, your may want to
check if the Makefile is in
the right shape and the package is named
appropriately.Submitting the portFirst, make sure you have read the Do's and Dont's section.Now that you are happy with your port, the only thing remaining
is to put it in the main FreeBSD ports tree and make everybody else
happy about it too. We do not need your work
directory or the pkgname.tgz package, so delete
them now. Next, simply include the output of shar `find
port_dir` in a bug report and send it with the
&man.send-pr.1; program (see Bug
Reports and General Commentary for more information about
&man.send-pr.1;. If the uncompressed port is larger than 20KB,
you should compress it into a tarfile and use &man.uuencode.1;
before including it in the bug report (uuencoded tarfiles are
acceptable even if the bug report is smaller than 20KB but are not
preferred). Be sure to classify the bug report as category
ports and class
change-request. (Do not mark the report
confidential!)One more time, do not include the original source
distfile, the work directory, or the package
you built with make package.In the past, we asked you to upload new port submissions in
- our ftp site (ftp.freebsd.org). This
+ our ftp site (ftp.FreeBSD.org). This
is no longer recommended as read access is turned off on that
incoming/ directory of that site due to the
large amount of pirated software showing up there.We will look at your port, get back to you if necessary, and put
it in the tree. Your name will also appear in the list of
“Additional FreeBSD contributors” on the FreeBSD
Handbook and other files. Isn't that great?!? :)Slow PortingOk, so it was not that simple, and the port required some
modifications to get it to work. In this section, we will explain,
step by step, how to modify it to get it to work with the ports
paradigm.How things workFirst, this is the sequence of events which occurs when the user
first types make in your port's directory, and
you may find that having bsd.port.mk in another
window while you read this really helps to understand it.But do not worry if you do not really understand what
bsd.port.mk is doing, not many people do...
:>The fetch target is run. The
fetch target is responsible for making
sure that the tarball exists locally in
DISTDIR. If fetch
cannot find the required files in DISTDIR it
will look up the URL MASTER_SITES, which is
set in the Makefile, as well as our main ftp site at ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/,
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/">ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/,
where we put sanctioned distfiles as backup. It will then
attempt to fetch the named distribution file with
FETCH, assuming that the requesting site has
direct access to the Internet. If that succeeds, it will save
the file in DISTDIR for future use and
proceed.The extract target is run. It
looks for your port's distribution file (typically a gzip'd
tarball) in DISTDIR and unpacks it into a
temporary subdirectory specified by WRKDIR
(defaults to work).The patch target is run. First,
any patches defined in PATCHFILES are
applied. Second, if any patches are found in
PATCHDIR (defaults to the
patches subdirectory), they are applied at
this time in alphabetical order.The configure target is run. This
can do any one of many different things.If it exists, scripts/configure is
run.If HAS_CONFIGURE or
GNU_CONFIGURE is set,
WRKSRC/configure is
run.If USE_IMAKE is set,
XMKMF (default: xmkmf
-a) is run.The build target is run. This is
responsible for descending into the port's private working
directory (WRKSRC) and building it. If
USE_GMAKE is set, GNU make
will be used, otherwise the system make will
be used.The above are the default actions. In addition, you can define
targets
pre-something or
post-something,
or put scripts with those names, in the scripts
subdirectory, and they will be run before or after the default
actions are done.For example, if you have a post-extract
target defined in your Makefile, and a file
pre-build in the scripts
subdirectory, the post-extract target will
be called after the regular extraction actions, and the
pre-build script will be executed before the
default build rules are done. It is recommended that you use
Makefile targets if the actions are simple
enough, because it will be easier for someone to figure out what
kind of non-default action the port requires.The default actions are done by the
bsd.port.mk targets
do-something.
For example, the commands to extract a port are in the target
do-extract. If you are not happy with the
default target, you can fix it by redefining the
do-something
target in your Makefile.The “main” targets (e.g.,
extract,
configure, etc.) do nothing more than
make sure all the stages up to that one are completed and call
the real targets or scripts, and they are not intended to be
changed. If you want to fix the extraction, fix
do-extract, but never ever touch
extract!Now that you understand what goes on when the user types
make, let us go through the recommended steps to
create the perfect port.Getting the original sourcesGet the original sources (normally) as a compressed tarball
(foo.tar.gz or
foo.tar.Z) and copy
it into DISTDIR. Always use
mainstream sources when and where you
can.If you cannot find a ftp/http site that is well-connected to the
net, or can only find sites that have irritatingly non-standard
formats, you might want to put a copy on a reliable ftp or http
server that you control (e.g., your home page). Make sure you set
MASTER_SITES to reflect your choice.If you cannot find somewhere convenient and reliable to put the
distfile (if you are a FreeBSD committer, you can just put it in
your public_html/ directory on
freefall), we can “house” it ourselves
by putting it on
- ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
+ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
as the last resort. Please refer to this location as
MASTER_SITE_LOCAL. Send mail to the &a.ports;if
you are not sure what to do.If your port's distfile changes all the time for no good reason,
consider putting the distfile in your home page and listing it as
the first MASTER_SITES. This will prevent users
from getting checksum mismatch errors, and
also reduce the workload of maintainers of our ftp site. Also, if
there isonly one master site for the port, it is recommended that
you house a backup at your site and list it as the second
MASTER_SITES.If your port requires some additional `patches' that are
available on the Internet, fetch them too and put them in
DISTDIR. Do not worry if they come from a site
other than where you got the main source tarball, we have a way to
handle these situations (see the description of PATCHFILES below).Modifying the portUnpack a copy of the tarball in a private directory and make
whatever changes are necessary to get the port to compile properly
under the current version of FreeBSD. Keep careful
track of everything you do, as you will be automating
the process shortly. Everything, including the deletion, addition
or modification of files should be doable using an automated script
or patch file when your port is finished.If your port requires significant user interaction/customization
to compile or install, you should take a look at one of Larry Wall's
classic Configure scripts and perhaps do
something similar yourself. The goal of the new ports collection is
to make each port as “plug-and-play” as possible for the
end-user while using a minimum of disk space.Unless explicitly stated, patch files, scripts, and other
files you have created and contributed to the FreeBSD ports
collection are assumed to be covered by the standard BSD copyright
conditions.PatchingIn the preparation of the port, files that have been added or
changed can be picked up with a recursive diff for later feeding to
patch. Each set of patches you wish to apply should be collected
into a file named
patch-xx where
xx denotes the sequence in which the
patches will be applied — these are done in
alphabetical order, thus aa
first, ab second and so on. These files should
be stored in PATCHDIR, from where they will be
automatically applied. All patches should be relative to
WRKSRC (generally the directory your port's
tarball unpacks itself into, that being where the build is done).
To make fixes and upgrades easier, you should avoid having more than
one patch fix the same file (e.g., patch-aa and
patch-ab both changing
WRKSRC/foobar.c).ConfiguringInclude any additional customization commands to your
configure script and save it in the
scripts subdirectory. As mentioned above, you
can also do this as Makefile targets and/or
scripts with the name pre-configure or
post-configure.Handling user inputIf your port requires user input to build, configure or install,
then set IS_INTERACTIVE in your Makefile. This
will allow “overnight builds” to skip your port if the
user sets the variable BATCH in his environment (and
if the user sets the variable INTERACTIVE, then
only those ports requiring interaction are
built).It is also recommended that if there are reasonable default
answers to the questions, you check the
PACKAGE_BUILDING variable and turn off the
interactive script when it is set. This will allow us to build the
packages for CD-ROMs and ftp.Configuring the MakefileConfiguring the Makefile is pretty simple, and again we suggest
that you look at existing examples before starting. Also, there is a
sample Makefile in this
handbook, so take a look and please follow the ordering of variables
and sections in that template to make your port easier for others to
read.Now, consider the following problems in sequence as you design
your new Makefile:The original sourceDoes it live in DISTDIR as a standard gzip'd
tarball? If so, you can go on to the next step. If not, you should
look at overriding any of the EXTRACT_CMD,
EXTRACT_BEFORE_ARGS,
EXTRACT_AFTER_ARGS,
EXTRACT_SUFX, or DISTFILES
variables, depending on how alien a format your port's distribution
file is. (The most common case is
EXTRACT_SUFX=.tar.Z, when the tarball is
condensed by regular compress, not gzip.)In the worst case, you can simply create your own
do-extract target to override the default,
though this should be rarely, if ever, necessary.DISTNAMEYou should set DISTNAME to be the base name
of your port. The default rules expect the distribution file list
(DISTFILES) to be named
DISTNAMEEXTRACT_SUFX which, if
it is a normal tarball, is going to be something like
foozolix-1.0.tar.gz for a setting of
DISTNAME=foozolix-1.0.The default rules also expect the tarball(s) to extract into a
subdirectory called
work/DISTNAME, e.g.
work/foozolix-1.0/.All this behavior can be overridden, of course; it simply
represents the most common time-saving defaults. For a port
requiring multiple distribution files, simply set
DISTFILES explicitly. If only a subset of
DISTFILES are actual extractable archives, then
set them up in EXTRACT_ONLY, which will override
the DISTFILES list when it comes to extraction,
and the rest will be just left in DISTDIR for
later use.PKGNAMEIf DISTNAME does not conform to our guidelines for a good package
name, you should set the PKGNAME
variable to something better. See the abovementioned guidelines for
more details.CATEGORIESWhen a package is created, it is put under
/usr/ports/packages/All and links are made from
one or more subdirectories of
/usr/ports/packages. The names of these
subdirectories are specified by the variable
CATEGORIES. It is intended to make life easier
for the user when he is wading through the pile of packages on the
ftp site or the CD-ROM. Please take a look at the existing categories and pick the ones
that are suitable for your port.This list also determines where in the ports tree the port is
imported. If you put more than one category here, it is assumed
that the port files will be put in the subdirectory with the name in
the first category. See the categories section for more
discussion about how to pick the right categories.If you port truly belongs to something that is different from
all the existing ones, you can even create a new category name. In
that case, please send mail to the &a.ports; to propose a new
category.There is no error checking for category names. make
package will happily create a new directory if you
mustype the category name, so be careful!MASTER_SITESRecord the directory part of the ftp/http-URL pointing at the
original tarball in MASTER_SITES. Do not forget
the trailing slash (/)!The make macros will try to use this
specification for grabbing the distribution file with
FETCH if they cannot find it already on the
system.It is recommended that you put multiple sites on this list,
preferably from different continents. This will safeguard against
wide-area network problems, and we are even planning to add support
for automatically determining the closest master site and fetching
from there!If the original tarball is part of one of the following popular
archives: X-contrib, GNU, Perl CPAN, TeX CTAN, or Linux Sunsite, you
refer to those sites in an easy compact form using
MASTER_SITE_XCONTRIB,
MASTER_SITE_GNU,
MASTER_SITE_PERL_CPAN,
MASTER_SITE_TEX_CTAN, and
MASTER_SITE_SUNSITE. Simply set
MASTER_SITE_SUBDIR to the path with in the
archive. Here is an example:
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applicationsThe user can also set the MASTER_SITE_*
variables in /etc/make.conf to override our
choices, and use their favorite mirrors of these popular archives
instead.PATCHFILESIf your port requires some additional patches that are available
by ftp or http, set PATCHFILES to the names of
the files and PATCH_SITES to the URL of the
directory that contains them (the format is the same as
MASTER_SITES).If the patch is not relative to the top of the source tree
(i.e., WKRSRC) because it contains some extra
pathnames, set PATCH_DIST_STRIP accordingly. For
instance, if all the pathnames in the patch have an extra
foozolix-1.0/ in front of the filenames, then set
PATCH_DIST_STRIP=-p1.Do not worry if the patches are compressed, they will be
decompressed automatically if the filenames end with
.gz or .Z.If the patch is distributed with some other files, such as
documentation, in a gzip'd tarball, you cannot just use
PATCHFILES. If that is the case, add the name
and the location of the patch tarball to
DISTFILES and MASTER_SITES.
Then, from the pre-patch target, apply the
patch either by running the patch command from there, or copying the
patch file into the PATCHDIR directory and
calling it
patch-xx.Note the tarball will have been extracted alongside the
regular source by then, so there is no need to explicitly extract
it if it is a regular gzip'd or compress'd tarball. If you do the
latter, take extra care not to overwrite something that already
exists in that directory. Also do not forget to add a command to
remove the copied patch in the pre-clean
target.MAINTAINERSet your mail-address here. Please. :)For detailed description of the responsibility of maintainers,
refer to MAINTAINER on
Makefiles section.DependenciesMany ports depend on other ports. There are five variables that
you can use to ensure that all the required bits will be on the
user's machine. There are also some pre-supported dependency
variables for common cases, plus a few more to control the behaviour
of dependencies.LIB_DEPENDSThis variable specifies the shared libraries this port depends
on. It is a list of
lib:dir:target
tuples where lib is the name of the
shared library, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. For example, LIB_DEPENDS=
jpeg.9:${PORTSDIR}/graphics/jpeg:install
will check for a shared jpeg library with major version 9, and
descend into the graphics/jpeg subdirectory
of your ports tree to build and install it if it is not found.
The target part can be omitted if it is
equal to DEPENDS_TARGET (which defaults to
install).The lib part is an argument given
to ldconfig -r | grep -wF. There shall be no
reqular expressions in this variable.The dependency is checked twice, once from within the
extract target and then from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system.RUN_DEPENDSThis variable specifies executables or files this port depends
on during run-time. It is a list of
path:dir:target
tuples where path is the name of the
executable or file, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. If path starts with a slash
(/), it is treated as a file and its existence
is tested with test -e; otherwise, it is
assumed to be an executable, and which -s is
used to determine if the program exists in the user's search
path.For example,
RUN_DEPENDS= ${PREFIX}/etc/innd:${PORTSDIR}/news/inn \
wish8.0:${PORTSDIR}/x11-toolkits/tk80will check if the file or directory
/usr/local/etc/innd exists, and build and
install it from the news/inn subdirectory of
the ports tree if it is not found. It will also see if an
executable called wish8.0 is in your search
path, and descend into the x11-toolkits/tk80
subdirectory of your ports tree to build and install it if it is
not found.In this case, innd is actually an
executable; if an executable is in a place that is not expected
to be in a normal user's search path, you should use the full
pathname.The dependency is checked from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system. The target
part can be omitted if it is the same
DEPENDS_TARGET.BUILD_DEPENDSThis variable specifies executables or files this port
requires to build. Like RUN_DEPENDS, it is a
list of
path:dir:target
tuples. For example, BUILD_DEPENDS=
unzip:${PORTSDIR}/archivers/unzip will check
for an executable called unzip, and descend
into the archivers/unzip subdirectory of your
ports tree to build and install it if it is not found.“build” here means everything from extracting to
compilation. The dependency is checked from within the
extract target. The
target part can be omitted if it is
the same as DEPENDS_TARGETFETCH_DEPENDSThis variable specifies executables or files this port
requires to fetch. Like the previous two, it is a list of
path:dir:target
tuples. For example, FETCH_DEPENDS=
ncftp2:${PORTSDIR}/net/ncftp2 will check for an
executable called ncftp2, and descend into the
net/ncftp2 subdirectory of your ports tree to
build and install it if it is not found.The dependency is checked from within the
fetch target. The
target part can be omitted if it is the
same as DEPENDS_TARGET.DEPENDSIf there is a dependency that does not fall into either of the
above four categories, or your port requires to have the source of
the other port extracted in addition to having them installed,
then use this variable. This is a list of
dir:target,
as there is nothing to check, unlike the previous four. The
target part can be omitted if it is the
same as DEPENDS_TARGET.Common dependency variablesDefine USE_XLIB=yes if your port requires
the X Window System to be installed (it is implied by
USE_IMAKE). Define
USE_GMAKE=yes if your port requires GNU
make instead of BSD make.
Define USE_AUTOCONF=yes if your port requires
GNU autoconf to be run. Define USE_QT=yes if
your port uses the latest qt toolkit. Use
USE_PERL5=yes if your port requires version 5
of the perl language. (The last is especially important since
some versions of FreeBSD has perl5 as part of the base system
while others do not.)Notes on dependenciesAs mentioned above, the default target to call when a
dependency is required is DEPENDS_TARGET.
It defaults to install. This is a user
variable; is is never defined in a port's
Makefile. If your port needs a special way
to handle a dependency, use the :target part of
the *_DEPENDS variables instead of redefining
DEPENDS_TARGET.When you type make clean, its dependencies
are automatically cleaned too. If you do not wish this to happen,
define the variable NOCLEANDEPENDS in your
environment.To depend on another port unconditionally, it is customary to
use the string nonexistent as the first field
of BUILD_DEPENDS or
RUN_DEPENDS. Use this only when you need to
the to get to the source of the other port. You can often save
compilation time by specifying the target too. For
instance
BUILD_DEPENDS= /nonexistent:${PORTSDIR}/graphics/jpeg:extract
will always descend to the JPEG port and extract it.Do not use DEPENDS unless there is no other
way the behaviour you want can be accomplished. It will cause the
other port to be always build (and installed, by default), and the
dependency will go into the packages as well. If this is really
what you need, I recommend you write it as
BUILD_DEPENDS and
RUN_DEPENDS instead—at least the
intention will be clear.Building mechanismsIf your package uses GNU make, set
USE_GMAKE=yes. If your package uses
configure, set
HAS_CONFIGURE=yes. If your package uses GNU
configure, set
GNU_CONFIGURE=yes (this implies
HAS_CONFIGURE). If you want to give some extra
arguments to configure (the default argument list
--prefix=${PREFIX} for GNU
configure and empty for non-GNU
configure), set those extra arguments in
CONFIGURE_ARGS. If your package uses GNU
autoconf, set
USE_AUTOCONF=yes. This implies
GNU_CONFIGURE, and will cause
autoconf to be run before
configure.If your package is an X application that creates
Makefiles from Imakefiles
using imake, then set
USE_IMAKE=yes. This will cause the configure
stage to automatically do an xmkmf -a. If the
flag is a problem for your port, set
XMKMF=xmkmf. If the port uses
imake but does not understand the
install.man target,
NO_INSTALL_MANPAGES=yes should be set. In
addition, the author of the original port should be shot. :>If your port's source Makefile has
something else than all as the main build
target, set ALL_TARGET accordingly. Same goes
for install and
INSTALL_TARGET.Special considerationsThere are some more things you have to take into account when you
create a port. This section explains the most common of those.ldconfigIf your port installs a shared library, add a
post-install target to your
Makefile that runs ${LDCONFIG}
-m on the directory where the new library is installed
(usually PREFIX/lib) to
register it into the shared library cache.Also, add a matching @exec /sbin/ldconfig -m
and @unexec /sbin/ldconfig -R pair to your
pkg/PLIST file so that a user who installed the
package can start using the shared library immediately and
deinstallation will not cause the system to still believe the
library is there. These lines should immediately follow the line
for the shared library itself, as in:
lib/libtvl80.so.1
@exec /sbin/ldconfig -m %D/lib
@unexec /sbin/ldconfig -RNever, ever, ever add a line that says
ldconfig without any arguments to your
Makefile or pkg/PLIST.
This will reset the shared library cache to the contents of
/usr/lib only, and will royally screw up the
user's machine ("Help, xinit does not run anymore after I install
this port!"). Anybody who does this will be shot and cut in 65,536
pieces by a rusty knife and have is liver chopped out by a bunch of
crows and will eternally rot to death in the deepest bowels of hell
(not necessarily in that order…)ELF supportSince FreeBSD is moving to ELF shortly after 3.0-RELEASE, we need
to convert many ports that build shared libraries to support ELF.
Complicating this task is that a 3.0 system can run as both ELF and
a.out, and we wish to unofficially support the 2.2 as long as
possible. Below are the guidelines on how to convert a.out only ports
to support both a.out and ELF compilation.Some part of this list is only applicable during the conversion,
but will be left here for awhile for reference in case you have come
across some old port you wish to upgrade.Moving a.out libraries out of the wayA.out libraries should be moved out of
/usr/local/lib and similar to an
aout subdirectory. (If you do not move them out
of the way, ELF ports will happily overwrite a.out libraries.) The
move-aout-libs target in the 3.0-CURRENT
src/Makefile (called from
aout-to-elf) will do this for you. It will
only move a.out libs so it is safe to call it on a system with both
ELF and a.out libs in the standard directories.FormatThe ports tree will build packages in the format the machine is
in. This means a.out for 2.2 and a.out or ELF for 3.0 depending on
what `objformat` returns. Also, once users move
a.out libraries to a subdirectory, building a.out libraries will be
unsupported. (I.e., it may still work if you know what you are
doing, but you are on your own.)If a port only works for a.out, set
BROKEN_ELF to a string describing the reason
why. Such ports will be skipped during a build on an ELF
system.PORTOBJFORMATbsd.port.mk will set
PORTOBJFORMAT to aout or
elf and export it in the environments
CONFIGURE_ENV, SCRIPTS_ENV and
MAKE_ENV. (It's always going to be
aout in 2.2-STABLE). It is also passed to
PLIST_SUB as
PORTOBJFORMAT=${PORTOBJFORMAT}. (See comment on
ldconfig lines below.)The variable is set using this line in
bsd.port.mk:
PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aoutPorts' make processes should use this variable to decide what to
do. However, if the port's configure script
already automatically detects an ELF system, it is not necessary to
refer to PORTOBJFORMAT.Building shared librariesThe following are differences in handling shared libraries for
a.out and ELF.Shared library versionsAn ELF shared library should be called
libfoo.so.M
where M is the single version number,
and an a.out library should be called
libfoo.so.M.N
where M is the major version and
N is the the minor version number.
Do not mix those; never install an ELF
shared library called
libfoo.so.N.M
or an a.out shared library (or symlink) called
libfoo.so.N.Linker command linesAssuming cc -shared is used rather than
ld directly, the only difference is that you
need to add
on the command line for ELF.You need to install a symlink from
libfoo.so to
libfoo.so.N to make
ELF linkers happy. Since it should be listed in
PLIST too, and it won't hurt in the a.out case
(some ports even require the link for dynamic loading), you should
just make this link regardless of the setting of
PORTOBJFORMAT.LIB_DEPENDSAll port Makefiles are edited to remove minor numbers from
LIB_DEPENDS, and also to have the regexp support
removed. (E.g., foo\\.1\\.\\(33|40\\) becomes
foo.2.) They will be matched using grep
-wF.PLISTPLIST should contain the short (ELF) shlib
names if the a.out minor number is zero, and the long (a.out) names
otherwise. bsd.port.mk will automatically add
.0 to the end of short shlib lines if
PORTOBJFORMAT equals aout, and
will delete the minor number from long shlib names if
PORTOBJFORMAT equals
elf.In cases where you really need to install shlibs with two
versions on an ELF system or those with one version on an a.out
system (for instance, ports that install compatibility libraries for
other operating systems), define the variable
NO_FILTER_SHLIBS. This will turn off the editing
of PLIST mentioned in the previous
paragraph.ldconfigThe ldconfig line in Makefiles should
read:
${SETENV} OBJFORMAT=${PORTOBJFORMAT} ${LDCONFIG} -m ....In PLIST it should read;
@exec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -m ...
@unexec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -RThis is to ensure that the correct ldconfig
will be called depending on the format of the package, not the
default format of the system.MASTERDIRIf your port needs to build slightly different versions of
packages by having a variable (for instance, resolution, or paper
size) take different values, create one subdirectory per package to
make it easier forusers to see what to do, but try to share as many
files as possible between ports. Typically you only need a very short
Makefile in all but one of the directories if you
use variables cleverly. In the sole Makefiles,
you can use MASTERDIR to specify the directory
where the rest of the files are. Also, use a variable as part of
PKGNAME so
the packages will have different names.This will be best demonstrated by an example. This is part of
japanese/xdvi300/Makefile;
PKGNAME= ja-xdvi${RESOLUTION}-17
:
# default
RESOLUTION?= 300
.if ${RESOLUTION} != 118 && ${RESOLUTION} != 240 && \
${RESOLUTION} != 300 && ${RESOLUTION} != 400
@${ECHO} "Error: invalid value for RESOLUTION: \"${RESOLUTION}\""
@${ECHO} "Possible values are: 118, 240, 300 (default) and 400."
@${FALSE}
.endifjapanese/xdvi300 also has all the regular
patches, package files, etc. If you type make
there, it will take the default value for the resolution (300) and
build the port normally.As for other resolutions, this is the entirexdvi118/Makefile;
RESOLUTION= 118
MASTERDIR= ${.CURDIR}/../xdvi300
.include ${MASTERDIR}/Makefile(xdvi240/Makefile and
xdvi400/Makefile are similar). The
MASTERDIR definition tells
bsd.port.mk that the refulat set of
subdirectories like PATCHDIR and
PKGDIR are to be found under
xdvi300. The RESOLUTION=118
line will override the RESOLUTION=300 line in
xdvi300/Makefile and the port will be built with
resolution set to 118.Shared library versionsFirst, please read our policy on
shared library versioning to understand what to do with
shared library versions in general. Do not blindly assume software
authors know what they are doing; many of them do not. It is very
important that these details are carefully considered, as we have
quite a unique situation where we are trying to have dozens of
potentially incompatible software pairs co-exist. Careless port
imports have caused great trouble regarding shared libraries in the
past (ever wondered why the port jpeg-6b has a
shared library version of 9.0?). If in doubt, send a message to the
&a.ports;. Most of the time, your job ends by determining the right
shared library version and making appropriate patches to implement
it.However, if there is a port which is a different version of the
same software already in the tree, the situation is much more complex.
In short, the FreeBSD implementation does not allow the user to
specify to the linker which version of shared library to link against
(the linker will always pick the highest numbered version). This
means, if there is a libfoo.so.3.2 and
libfoo.so.4.0 in the system, there is no way to
tell the linker to link a particular application to
libfoo.so.3.2. It is essentially completely
overshadowed in terms of compilation-time linkage. In this case, the
only solution is to rename the base part of the
shared library. For instance, change
libfoo.so.4.0 to
libfoo4.so.1.0 so both version 3.2 and 4.0 can be
linked from other ports.ManpagesThe MAN[1-9LN] variables will automatically add
any manpages to pkg/PLIST (this means you must
not list manpages in the
PLIST—see generating PLIST for more). It also
makes the install stage automatically compress or uncompress manpages
depending on the setting of NOMANCOMPRESS in
/etc/make.conf.To specify whether the manpages are compressed upon installation,
use the MANCOMPRESSED variable. This variable can
take three values, yes, no and
maybe. yes means manpages are
already installed compressed, no means they are
not, and maybe means the software already respects
the value of NOMANCOMPRESS so
bsd.port.mk does not have to do anything
special.MANCOMPRESSED is automatically set to
yes if USE_IMAKE is set and
NO_INSTALL_MANPAGES is not set, and to
no otherwise. You do not have to explicitly define
it unless the default is not suitable for your port.If your port anchors its man tree somewhere other than
PREFIX, you can use the
MANPREFIX to set it. Also, if only manpages in
certain sections go in a non-standard place, such as some Perl modules
ports, you can set individual man paths using
MANsectPREFIX (where
sect is one of 1-9,
L or N).If your manpages go to language-specific subdirectories, set the
name of the languages to MANLANG. The value of
this variable defaults to "" (i.e., English
only).Here is an example that puts it all together.
MAN1= foo.1
MAN3= bar.3
MAN4= baz.4
MANLANG= "" ja
MAN3PREFIX= ${PREFIX}/share/foobar
MANCOMPRESSED= yesThis states that six files are installed by this port;
${PREFIX}/man/man1/foo.1.gz
${PREFIX}/man/ja/man1/foo.1.gz
${PREFIX}/share/foobar/man/man3/bar.3.gz
${PREFIX}/share/foobar/man/ja/man3/bar.3.gz
${PREFIX}/man/man4/baz.4.gz
${PREFIX}/man/ja/man4/baz.4.gzPorts that require MotifThere are many programs that require a Motif library (available
from several commercial vendors, while there is a free clone reported
to be able to run many applications in
x11-toolkits/lesstif) to compile. Since it is a
popular toolkit and their licenses usually permit redistribution of
statically linked binaries, we have made special provisions for
handling ports that require Motif in a way that we can easily compile
binaries linked either dynamically (for people who are compiling from
the port) or statically (for people who distribute packages).REQUIRES_MOTIFIf your port requires Motif, define this variable in the
Makefile. This will prevent people who do not own a copy of Motif
from even attempting to build it.MOTIFLIBThis variable will be set by bsd.port.mk to
be the appropriate reference to the Motif library. Please patch the
source to use this wherever the Motif library is referenced in the
Makefile or
Imakefile.There are two common cases:If the port refers to the Motif library as
-lXm in its Makefile or
Imakefile, simply substitute
${MOTIFLIB} for it.If the port uses XmClientLibs in its
Imakefile, change it to
${MOTIFLIB} ${XTOOLLIB}
${XLIB}.Note that MOTIFLIB (usually) expands to
-L/usr/X11R6/lib -lXm or
/usr/X11R6/lib/libXm.a, so there is no need to
add -L or -l in front.X11 fontsIf your port installs fonts for the X Window system, put them in
X11BASE/lib/X11/fonts/local.
This directory is new to XFree86 release 3.3.3. If it does not exist,
please create it, and print out a message urging the user to update
their XFree86 to 3.3.3 or newer, or at least add this directory to the
font path in /etc/XF86Config.Info filesThe new version of texinfo (included in 2.2.2-RELEASE and onwards)
contains a utility called install-info to add and
delete entries to the dir file. If your port
installs any info documents, please follow this instructions so your
port/package will correctly update the user's
PREFIX/info/dir file. (Sorry
for the length of this section, but is it imperative to weave all the
info files together. If done correctly, it will produce a
beautiful listing, so please bear with me!First, this is what you (as a porter) need to know&prompt.user; install-info --help
install-info [OPTION]... [INFO-FILE [DIR-FILE]]
Install INFO-FILE in the Info directory file DIR-FILE.
Options:
--delete Delete existing entries in INFO-FILE;
don't insert any new entries.
:
--entry=TEXT Insert TEXT as an Info directory entry.
:
--section=SEC Put this file's entries in section SEC of the directory. :This program will not actually install info
files; it merely inserts or deletes entries in the
dir file.Here's a seven-step procedure to convert ports to use
install-info. I will use
editors/emacs as an example.Look at the texinfo sources and make a patch to insert
@dircategory and @direntry
statements to files that do not have them. This is part of my
patch:
--- ./man/vip.texi.org Fri Jun 16 15:31:11 1995
+++ ./man/vip.texi Tue May 20 01:28:33 1997
@@ -2,6 +2,10 @@
@setfilename ../info/vip
@settitle VIP
+@dircategory The Emacs editor and associated tools
+@direntry
+* VIP: (vip). A VI-emulation for Emacs.
+@end direntry
@iftex
@finalout
:The format should be self-explanatory. Many authors leave a
dir file in the source tree that contains all
the entries you need, so look around before you try to write your
own. Also, make sure you look into related ports and make the
section names and entry indentations consistent (we recommend that
all entry text start at the 4th tab stop).Note that you can put only one info entry per file because
of a bug in install-info --delete that
deletes only the first entry if you specify multiple entries in
the @direntry section.You can give the dir entries to
install-info as arguments
( and ) instead
of patching the texinfo sources. I do not think this is a good
idea for ports because you need to duplicate the same information
in three places
(Makefile and
@exec/@unexec of
PLIST; see below). However, if you have a
Japanese (or other multibyte encoding) info files, you will have
to use the extra arguments to install-info
because makeinfo cannot handle those texinfo
sources. (See Makefile and
PLIST of japanese/skk
for examples on how to do this).Go back to the port directory and do a make clean;
make and verify that the info files are regenerated
from the texinfo sources. Since the texinfo sources are newer than
the info files, they should be rebuilt when you type
make; but many Makefiles
do not include correct dependencies for info files. In
emacs' case, I had to patch the main
Makefile.in so it will descend into the
man subdirectory to rebuild the info
pages.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Tue Apr 15 00:15:28 1997
@@ -184,7 +184,7 @@
# Subdirectories to make recursively. `lisp' is not included
# because the compiled lisp files are part of the distribution
# and you cannot remake them without installing Emacs first.
-SUBDIR = lib-src src
+SUBDIR = lib-src src man
# The makefiles of the directories in $SUBDIR.
SUBDIR_MAKEFILES = lib-src/Makefile man/Makefile src/Makefile oldXMenu/Makefile lwlib/Makefile
--- ./man/Makefile.in.org Thu Jun 27 15:27:19 1996
+++ ./man/Makefile.in Tue Apr 15 00:29:52 1997
@@ -66,6 +66,7 @@
${srcdir}/gnu1.texi \
${srcdir}/glossary.texi
+all: info
info: $(INFO_TARGETS)
dvi: $(DVI_TARGETS)The second hunk was necessary because the default target in
the man subdir is called
info, while the main
Makefile wants to call
all. I also deleted the installation of
the info info file because we already have
one with the same name in /usr/share/info
(that patch is not shown here).If there is a place in the Makefile that
is installing the dir file, delete it. Your
port may not be doing it. Also, remove any commands that are
otherwise mucking around with the dir
file.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Mon Apr 14 23:38:07 1997
@@ -368,14 +368,8 @@
if [ `(cd ${srcdir}/info && /bin/pwd)` != `(cd ${infodir} && /bin/pwd)` ]; \
then \
(cd ${infodir}; \
- if [ -f dir ]; then \
- if [ ! -f dir.old ]; then mv -f dir dir.old; \
- else mv -f dir dir.bak; fi; \
- fi; \
cd ${srcdir}/info ; \
- (cd $${thisdir}; ${INSTALL_DATA} ${srcdir}/info/dir ${infodir}/dir); \
- (cd $${thisdir}; chmod a+r ${infodir}/dir); \
for f in ccmode* cl* dired-x* ediff* emacs* forms* gnus* info* message* mh-e* sc* vip*; do \
(cd $${thisdir}; \
${INSTALL_DATA} ${srcdir}/info/$$f ${infodir}/$$f; \
chmod a+r ${infodir}/$$f); \(This step is only necessary if you are modifying an existing
port.) Take a look at pkg/PLIST and delete
anything that is trying to patch up info/dir.
They may be in pkg/INSTALL or some other
file, so search extensively.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/04/15 06:32:12
@@ -15,9 +15,6 @@
man/man1/emacs.1.gz
man/man1/etags.1.gz
man/man1/ctags.1.gz
-@unexec cp %D/info/dir %D/info/dir.bak
-info/dir
-@unexec cp %D/info/dir.bak %D/info/dir
info/cl
info/cl-1
info/cl-2Add a post-install target to the
Makefile to create a dir
file if it is not there. Also, call
install-info with the installed info
files.
Index: Makefile
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/Makefile,v
retrieving revision 1.26
diff -u -r1.26 Makefile
--- Makefile 1996/11/19 13:14:40 1.26
+++ Makefile 1997/05/20 10:25:09 1.28
@@ -20,5 +20,11 @@
post-install:
.for file in emacs-19.34 emacsclient etags ctags b2m
strip ${PREFIX}/bin/${file}
.endfor
+ if [ ! -f ${PREFIX}/info/dir ]; then \
+ ${SED} -ne '1,/Menu:/p' /usr/share/info/dir > ${PREFIX}/info/dir; \
+ fi
+.for info in emacs vip viper forms gnus mh-e cl sc dired-x ediff ccmode
+ install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir
+.endfor
.include <bsd.port.mk>Do not use anything other than
/usr/share/info/dir and the above command to
create a new info file. In fact, I would add the first three lines
of the above patch to bsd.port.mk if you (the
porter) would not have to do it in PLIST by
yourself anyway.Edit PLIST and add equivalent
@exec statements and also
@unexec for pkg_delete. You
do not need to delete info/dir with
@unexec.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/05/20 10:25:12 1.17
@@ -16,7 +14,15 @@
man/man1/etags.1.gz
man/man1/ctags.1.gz
+@unexec install-info --delete %D/info/emacs %D/info/dir
:
+@unexec install-info --delete %D/info/ccmode %D/info/dir
info/cl
info/cl-1
@@ -87,6 +94,18 @@
info/viper-3
info/viper-4
+@exec [ -f %D/info/dir ] || sed -ne '1,/Menu:/p' /usr/share/info/dir > %D/info/dir
+@exec install-info %D/info/emacs %D/info/dir
:
+@exec install-info %D/info/ccmode %D/info/dir
libexec/emacs/19.34/i386--freebsd/cvtmail
libexec/emacs/19.34/i386--freebsd/digest-docThe @unexec install-info --delete
commands have to be listed before the info files themselves so
they can read the files. Also, the @exec
install-info commands have to be after the info
files and the @exec command that creates the
the dir file.Test and admire your
work. :). Check the
dir file before and after each step.The pkg/ subdirectoryThere are some tricks we have not mentioned yet about the
pkg/ subdirectory that come in handy
sometimes.MESSAGEIf you need to display a message to the installer, you may place
the message in pkg/MESSAGE. This capability is
often useful to display additional installation steps to be taken
after a pkg_add or to display licensing
information.The pkg/MESSAGE file does not need to be
added to pkg/PLIST. Also, it will not get
automatically printed if the user is using the port, not the
package, so you should probably display it from the
post-install target yourself.INSTALLIf your port needs to execute commands when the binary package
is installed with pkg_add you can do this via the
pkg/INSTALL script. This script will
automatically be added to the package, and will be run twice by
pkg_add. The first time will as INSTALL
${PKGNAME} PRE-INSTALL and the second time as
INSTALL ${PKGNAME} POST-INSTALL.
$2 can be tested to determine which mode
the script is being run in. The PKG_PREFIX
environmental variable will be set to the package installation
directory. See &man.pkg.add.1; for
additional information.This script is not run automatically if you install the port
with make install. If you are depending on it
being run, you will have to explicitly call it from your port's
Makefile.REQIf your port needs to determine if it should install or not, you
can create a pkg/REQ “requirements”
script. It will be invoked automatically at
installation/deinstallation time to determine whether or not
installation/deinstallation should proceed.Changing PLIST based on make
variablesSome ports, particularly the p5- ports, need to change their
PLIST depending on what options they are
configured with (or version of perl, in the case of p5- ports). To
make this easy, any instances in the PLIST of
%%OSREL%%, %%PERL_VER%%, and
%%PERL_VERSION%% will be substituted for
appropriately. The value of %%OSREL%% is the
numeric revision of the operating system (e.g.,
2.2.7). %%PERL_VERSION%% is
the full version number of perl (e.g., 5.00502)
and %%PERL_VER%% is the perl version number minus
the patchlevel (e.g., 5.005).If you need to make other substitutions, you can set the
PLIST_SUB variable with a list of
VAR=VALUE
pairs and instances of
%%VAR%%' will be
substituted with VALUE in the
PLIST.For instance, if you have a port that installs many files in a
version-specific subdirectory, you can put something like
OCTAVE_VERSION= 2.0.13
PLIST_SUB= OCTAVE_VERSION=${OCTAVE_VERSION}
in the Makefile and use
%%OCTAVE_VERSION%% wherever the version shows up
in PLIST. That way, when you upgrade the port,
you will not have to change dozens (or in some cases, hundreds) of
lines in the PLIST.This substitution (as well as addition of any man pages) will be done between
the do-install and
post-install targets, by reading from
PLIST and writing to TMPPLIST
(default:
WRKDIR/.PLIST.mktmp). So if
your port builds PLIST on the fly, do so in or
before do-install. Also, if your port
needs to edit the resulting file, do so in
post-install to a file named
TMPPLIST.Changing the names of files in the
pkg subdirectoryAll the filenames in the pkg subdirectory
are defined using variables so you can change them in your
Makefile if need be. This is especially useful
when you are sharing the same pkg subdirectory
among several ports or have to write to one of the above files (see
writing to places other than
WRKDIR for why it is a bad idea to write
directly in to the pkg subdirectory.Here is a list of variable names and their default
values.VariableDefault valueCOMMENT${PKGDIR}/DESCRDESCR${PKGDIR}/DESCRPLIST${PKGDIR}/PLISTPKGINSTALL${PKGDIR}/PKGINSTALLPKGDEINSTALL${PKGDIR}/PKGDEINSTALLPKGREQ${PKGDIR}/REQPKGMESSAGE${PKGDIR}/MESSAGEPlease change these variables rather than overriding
PKG_ARGS. If you change
PKG_ARGS, those files will not correctly be
installed in /var/db/pkg upon install from a
port.Licensing ProblemsSome software packages have restrictive licenses or can be in
violation to the law (PKP's patent on public key crypto, ITAR (export
of crypto software) to name just two of them). What we can do with
them varies a lot, depending on the exact wordings of the respective
licenses.It is your responsibility as a porter to read the licensing
terms of the software and make sure that the FreeBSD project will
not be held accountable of violating them by redistributing the
source or compiled binaries either via ftp or CD-ROM. If in doubt,
please contact the &a.ports;.There are two variables you can set in the Makefile to handle the
situations that arise frequently:If the port has a “do not sell for profit” type of
license, set the variable NO_CDROM to a string
describing the reason why. We will make sure such ports will not go
into the CD-ROM come release time. The distfile and package will
still be available via ftp.If the resulting package needs to be built uniquely for each
site, or the resulting binary package cannot be distributed due to
licensing; set the variable NO_PACKAGE to a
string describing the reason why. We will make sure such packages
will not go on the ftp site, nor into the CD-ROM come release time.
The distfile will still be included on both however.If the port has legal restrictions on who can use it (e.g.,
crypto stuff) or has a “no commercial use” license,
set the variable RESTRICTED to be the string
describing the reason why. For such ports, the distfiles/packages
will not be available even from our ftp sites.The GNU General Public License (GPL), both version 1 and 2,
should not be a problem for ports.If you are a committer, make sure you update the
ports/LEGAL file too.UpgradingWhen you notice that a port is out of date compared to the latest
version from the original authors, first make sure you have the latest
port. You can find them in the
ports/ports-current directory of the ftp mirror
sites.The next step is to send a mail to the maintainer, if one is
listed in the port's Makefile. That person may
already be working on an upgrade, or have a reason to not upgrade the
port right now (because of, for example, stability problems of the new
version).If the maintainer asks you to do the upgrade or there is not any
such person to begin with, please make the upgrade and send the
recursive diff (either unified or context diff is fine, but port
committers appear to prefer unified diff more) of the new and old
ports directories to us (e.g., if your modified port directory is
called superedit and the original as in our tree
is superedit.bak, then send us the result of
diff -ruN superedit.bak superedit). Please examine
the output to make sure all the changes make sense. The best way to
send us the diff is by including it to &man.send-pr.1; (category
ports). Please mention any added or deleted files
in the message, as they have to be explicitly specified to CVS when
doing a commit. If the diff is more than about 20KB, please compress
and uuencode it; otherwise, just include it in as is in the PR.Once again, please use &man.diff.1; and not &man.shar.1; to send
updates to existing ports.Do's and Dont'sHere is a list of common do's and dont's that you encounter during
the porting process.You should check your own port against this list,
but you can also check ports in the PR database that others have
submitted. Submit any comments on ports you check as described in
Bug Reports and General
Commentary. Checking ports in the PR database will both make
it faster for us to commit them, and prove that you know what you are
doing.Strip BinariesDo strip binaries. If the original source already strips the
binaries, fine; otherwise you should add a
post-install rule to to it yourself. Here is an
example;
post-install:
strip ${PREFIX}/bin/xdlUse the &man.file.1; command on the installed executable to
check whether the binary is stripped or not. If it does not say
not stripped, it is stripped.INSTALL_* macrosDo use the macros provided in bsd.port.mk
to ensure correct modes and ownership of files in your own
*-install targets. They are:INSTALL_PROGRAM is a command to install
binary executables.INSTALL_SCRIPT is a command to install
executable scripts.INSTALL_DATA is a command to install
sharable data.INSTALL_MAN is a command to install
manpages and other documentation (it does not compress
anything).These are basically the install command with
all the appropriate flags. See below for an example on how to use
them.WRKDIRDo not write anything to files outside
WRKDIR. WRKDIR is the only
place that is guaranteed to be writable during the port build (see
compiling ports from CDROM for an
example of building ports from a read-only tree). If you need to
modigy some file in PKGDIR, do so by redefining a variable, not by
writing over it.WRKDIRPREFIXMake sure your port honors WRKDIRPREFIX.
Most ports do not have to worry about this. In particular, if you
are referring to a WRKDIR of another port, note
that the correct location is
WRKDIRPREFIXPORTSDIR/subdir/name/work not PORTSDIR/subdir/name/work or .CURDIR/../../subdir/name/work or some such.Also, if you are defining WRKDIR yourself,
make sure you prepend
${WKRDIRPREFIX}${.CURDIR} in the
front.Differentiating operating systems and OS versionsYou may come across code that needs modifications or conditional
compilation based upon what version of UNIX it is running under. If
you need to make such changes to the code for conditional
compilation, make sure you make the changes as general as possible
so that we can back-port code to FreeBSD 1.x systems and cross-port
to other BSD systems such as 4.4BSD from CSRG, BSD/386, 386BSD,
NetBSD, and OpenBSD.The preferred way to tell 4.3BSD/Reno (1990) and newer versions
of the BSD code apart is by using the BSD macro
defined in <sys/param.h>. Hopefully that
file is already included; if not, add the code:
#if (defined(__unix__) || defined(unix)) && !defined(USG)
#include <sys/param.h>
#endifto the proper place in the .c file. We
believe that every system that defines these two symbols has
sys/param.h. If you find a system that
does not, we would like to know. Please send mail to the
&a.ports;.Another way is to use the GNU Autoconf style of doing
this:
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endifDo not forget to add -DHAVE_SYS_PARAM_H to the
CFLAGS in the Makefile for
this method.Once you have sys/param.h included, you may
use:
#if (defined(BSD) && (BSD >= 199103))to detect if the code is being compiled on a 4.3 Net2 code base
or newer (e.g. FreeBSD 1.x, 4.3/Reno, NetBSD 0.9, 386BSD, BSD/386
1.1 and below).Use:
#if (defined(BSD) && (BSD >= 199306))to detect if the code is being compiled on a 4.4 code base or
newer (e.g. FreeBSD 2.x, 4.4, NetBSD 1.0, BSD/386 2.0 or
above).The value of the BSD macro is
199506 for the 4.4BSD-Lite2 code base. This is
stated for informational purposes only. It should not be used to
distinguish between versions of FreeBSD based only on 4.4-Lite vs.
versions that have merged in changes from 4.4-Lite2. The
__FreeBSD__ macro should be used instead.Use sparingly:__FreeBSD__ is defined in all versions of
FreeBSD. Use it if the change you are making
only affects FreeBSD. Porting gotchas like
the use of sys_errlist[] vs
strerror() are Berkeleyisms, not FreeBSD
changes.In FreeBSD 2.x, __FreeBSD__ is defined to
be 2. In earlier versions, it is
1. Later versions will bump it to match
their major version number.If you need to tell the difference between a FreeBSD 1.x
system and a FreeBSD 2.x or 3.x system, usually the right answer
is to use the BSD macros described above. If
there actually is a FreeBSD specific change (such as special
shared library options when using ld) then it
is OK to use __FreeBSD__ and #if
__FreeBSD__ > 1 to detect a FreeBSD 2.x and later
system. If you need more granularity in detecting FreeBSD
systems since 2.0-RELEASE you can use the following:
#if __FreeBSD__ >= 2
#include <osreldate.h>
# if __FreeBSD_version >= 199504
/* 2.0.5+ release specific code here */
# endif
#endifRelease__FreeBSD_version2.0-RELEASE1194112.1-CURRENTs199501, 1995032.0.5-RELEASE1995042.2-CURRENT before 2.11995082.1.0-RELEASE1995112.2-CURRENT before 2.1.51995122.1.5-RELEASE1996072.2-CURRENT before 2.1.61996082.1.6-RELEASE1996122.1.7-RELEASE1996122.2-RELEASE2200002.2.1-RELEASE220000 (no change)2.2-STABLE after 2.2.1-RELEASE220000 (no change)2.2-STABLE after texinfo-3.92210012.2-STABLE after top2210022.2.2-RELEASE2220002.2-STABLE after 2.2.2-RELEASE2220012.2.5-RELEASE2250002.2-STABLE after 2.2.5-RELEASE2250012.2-STABLE after ldconfig -R merge2250022.2.6-RELEASE2260002.2.7-RELEASE2270002.2-STABLE after 2.2.7-RELEASE2270012.2-STABLE after semctl(2) change2270022.2.8-RELEASE2280002.2-STABLE after 2.2.8-RELEASE2280013.0-CURRENT before mount(2) change3000003.0-CURRENT after mount(2) change3000013.0-CURRENT after semctl(2) change3000023.0-CURRENT after ioctl arg changes3000033.0-CURRENT after ELF conversion3000043.0-RELEASE3000053.0-CURRENT after 3.0-RELEASE3000063.0-STABLE after 3/4 branch3000073.1-RELEASE3100003.1-STABLE after 3.1-RELEASE3100013.1-STABLE after C++ constructor/destructor order change3100023.2-STABLE3200014.0-CURRENT after 3/4 branch4000004.0-CURRENT after change in dynamic linker handling4000014.0-CURRENT after C++ constructor/destructor order change4000024.0-CURRENT after functioning dladdr(3)4000034.0-CURRENT after newbus4000044.0-CURRENT after suser(9) API change4000054.0-CURRENT after cdevsw registration change4000064.0-CURRENT after the addition of so_cred for socket level credentials4000074.0-CURRENT after the addition of a poll syscall wrapper to libc_r400008Note that 2.2-STABLE sometimes identifies itself as
“2.2.5-STABLE” after the 2.2.5-RELEASE. The pattern
used to be year followed by the month, but we decided to change it
to a more straightforward major/minor system starting from 2.2.
This is because the parallel development on several branches made
it infeasible to classify the releases simply by their real
release dates. If you are making a port now, you do not have to
worry about old -CURRENTs; they are listed here just for your
reference.In the hundreds of ports that have been done, there have only
been one or two cases where __FreeBSD__ should
have been used. Just because an earlier port screwed up and used it
in the wrong place does not mean you should do so too.Writing something after
bsd.port.mkDo not write anything after the .include
<bsd.port.mk> line. it usually can be avoided by
including bsd.port.pre.mk somewhere in the
middle of your Makefile and
bsd.port.post.mk at the end.You need to include either the
pre.mk/post.mk pair or
bsd.port.mk only; do not mix these two.bsd.port.pre.mk only defines a few
variables, which can be used in tests in the
Makefile, bsd.port.post.mk
defines the rest.Here are some important variables defined in
bsd.port.pre.mk (this is not the complete list,
please read bsd.port.mk for the complete
list).VariableDescriptionARCHThe architecture as returned by uname
-m (e.g., i386)OPSYSThe operating system type, as returned by
uname -s (e.g.,
FreeBSD)OSRELThe release version of the operating system (e.g.,
2.1.5 or
2.2.7)OSVERSIONThe numeric version of the operating system, same as
__FreeBSD_version.PORTOBJFORMATThe object format of the system
(aout or elfLOCALBASEThe base of the “local” tree (e.g.,
/usr/local/)X11BASEThe base of the “X11” tree (e.g.,
/usr/X11R6)PREFIXWhere the port installs itself (see more on
PREFIX).If you have to define the variables
USE_IMAKE, USE_X_PREFIX, or
MASTERDIR, do so before including
bsd.port.pre.mk.Here are some examples of things you can write after
bsd.port.pre.mk;
# no need to compile lang/perl5 if perl5 is already in system
.if ${OSVERSION} > 300003
BROKEN= perl is in system
.endif
# only one shlib version number for ELF
.if ${PORTOBJFORMAT} == "elf"
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}
.else
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}.${SHLIB_MINOR}
.endif
# software already makes link for ELF, but not for a.out
post-install:
.if ${PORTOBJFORMAT} == "aout"
${LN} -sf liblinpack.so.1.0 ${PREFIX}/lib/liblinpack.so
.endifInstall additional documentationIf your software has some documentation other than the standard
man and info pages that you think is useful for the user, install it
under PREFIX/share/doc.
This can be done, like the previous item, in the
post-install target.Create a new directory for your port. The directory name should
reflect what the port is. This usually means
PKGNAME minus the version part. However, if you
think the user might want different versions of the port to be
installed at the same time, you can use the whole
PKGNAME.Make the installation dependent to the variable
NOPORTDOCS so that users can disable it in
/etc/make.conf, like this:
post-install:
.if !defined(NOPORTDOCS)
${MKDIR}${PREFIX}/share/doc/xv
${INSTALL_MAN} ${WRKSRC}/docs/xvdocs.ps ${PREFIX}/share/doc/xv
.endifDo not forget to add them to pkg/PLIST too!
(Do not worry about NOPORTDOCS here; there is
currently no way for the packages to read variables from
/etc/make.conf.)Also you can use the pkg/MESSAGE file to
display messages upon installation. See the using
pkg/MESSAGE section for
details.MESSAGE does not need to be added to
pkg/PLIST).DIST_SUBDIRDo not let your port clutter
/usr/ports/distfiles. If your port requires a
lot of files to be fetched, or contains a file that has a name that
might conflict with other ports (e.g.,
Makefile), set DIST_SUBDIR
to the name of the port (PKGNAME without the
version part should work fine). This will change
DISTDIR from the default
/usr/ports/distfiles to
/usr/ports/distfiles/DIST_SUBDIR,
and in effect puts everything that is required for your port into
that subdirectory.It will also look at the subdirectory with the same name on the
- backup master site at ftp.freebsd.org.
+ backup master site at ftp.FreeBSD.org.
(Setting DISTDIR explicitly in your
Makefile will not accomplish this, so please use
DIST_SUBDIR.)This does not affect the MASTER_SITES you
define in your Makefile.Package informationDo include package information, i.e.
COMMENT, DESCR, and
PLIST, in pkg.Note that these files are not used only for packaging anymore,
and are mandatory now, even if
NO_PACKAGE is set.RCS stringsDo not put RCS strings in patches. CVS will mangle them when we
put the files into the ports tree, and when we check them out again,
they will come out different and the patch will fail. RCS strings
are surrounded by dollar ($) signs, and
typically start with $Id or
$RCS.Recursive diffUsing the recurse () option to
diff to generate patches is fine, but please take
a look at the resulting patches to make sure you do not have any
unnecessary junk in there. In particular, diffs between two backup
files, Makefiles when the port uses
Imake or GNU configure, etc.,
are unnecessary and should be deleted. If you had to edit
configure.in and run
autoconf to regenerate
configure, do not take the diffs of
configure (it often grows to a few thousand
lines!); define USE_AUTOCONF=yes and take the
diffsof configure.in.Also, if you had to delete a file, then you can do it in the
post-extract target rather than as part of
the patch. Once you are happy with the resulting diff, please split
it up into one source file per patch file.PREFIXDo try to make your port install relative to
PREFIX. (The value of this variable will be set
to LOCALBASE (default
/usr/local), unless
USE_X_PREFIX or USE_IMAKE is
set, in which case it will be X11BASE (default
/usr/X11R6).)Not hard-coding /usr/local or
/usr/X11R6 anywhere in the source will make the
port much more flexible and able to cater to the needs of other
sites. For X ports that use imake, this is
automatic; otherwise, this can often be done by simply replacing the
occurrences of /usr/local (or
/usr/X11R6 for X ports that do not use imake)
in the various scripts/Makefiles in the port to read
PREFIX, as this variable is automatically passed
down to every stage of the build and install processes.Do not set USE_X_PREFIX unless your port
truly require it (i.e., it links against X libs or it needs to
reference files in X11BASE).The variable PREFIX can be reassigned in your
Makefile or in the user's environment.
However, it is strongly discouraged for individual ports to set this
variable explicitly in the Makefiles.Also, refer to programs/files from other ports with the
variables mentioned above, not explicit pathnames. For instance, if
your port requires a macro PAGER to be the full
pathname of less, use the compiler flag:
-DPAGER=\"${PREFIX}/bin/less\"
or
-DPAGER=\"${LOCALBASE}/bin/less\"
if this is an X port, instead of
-DPAGER=\"/usr/local/bin/less\". This way it will
have a better chance of working if the system administrator has
moved the whole `/usr/local' tree somewhere else.SubdirectoriesTry to let the port put things in the right subdirectories of
PREFIX. Some ports lump everything and put it in
the subdirectory with the port's name, which is incorrect. Also,
many ports put everything except binaries, header files and manual
pages in the a subdirectory of lib, which does
not bode well with the BSD paradigm. Many of the files should be
moved to one of the following: etc
(setup/configuration files), libexec
(executables started internally), sbin
(executables for superusers/managers), info
(documentation for info browser) or share
(architecture independent files). See man &man.hier.7; for details,
the rules governing
/usr pretty much apply to
/usr/local too. The exception are ports
dealing with USENET “news”. They may use
PREFIX/news as a destination
for their files.Cleaning up empty directoriesDo make your ports clean up after themselves when they are
deinstalled. This is usually accomplished by adding
@dirrm lines for all directories that are
specifically created by the port. You need to delete subdirectories
before you can delete parent directories.
:
lib/X11/oneko/pixmaps/cat.xpm
lib/X11/oneko/sounds/cat.au
:
@dirrm lib/X11/oneko/pixmals
@dirrm lib/X11/oneko/sounds
@dirrm lib/X11/onekoHowever, sometimes @dirrm will give you
errors because other ports also share the same subdirectory. You
can call rmdir from @unexec to
remove only empty directories without warning.
@unexec rmdir %D/share/doc/gimp 2>/dev/null || trueThis will neither print any error messages nor cause
pkg_delete to exit abnormally even if
PREFIX/share/doc/gimp is not
empty due to other ports installing some files in there.UIDsIf your port requires a certain user to be on the installed
system, let the pkg/INSTALL script call
pw to create it automatically. Look at
net/cvsup-mirror for an example.If your port must use the same user/group ID number when it is
installed a binarypackage as when it was compiled, then you mus
choose a free UID from 50 to 99 and register it below. Look at
japanese/Wnn for an example.Make sure you do not use a UID already used by the system or
other ports. This is the current list of UIDs between 50 and
99.
majordom:*:54:54:Majordomo Pseudo User:/usr/local/majordomo:/nonexistent
cyrus:*:60:60:the cyrus mail server:/nonexistent:/nonexistent
gnats:*:61:1:GNATS database owner:/usr/local/share/gnats/gnats-db:/bin/sh
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent
pop:*:68:6:Post Office Owner (popper):/nonexistent:/nonexistent
wnn:*:69:7:Wnn:/nonexistent:/nonexistent
ifmail:*:70:66:Ifmail user:/nonexistent:/nonexistent
pgsql:*:70:70:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh
ircd:*:72:72:IRCd hybrid:/nonexistent:/nonexistent
alias:*:81:81:QMail user:/var/qmail/alias:/nonexistent
qmaill:*:83:81:QMail user:/var/qmail:/nonexistent
qmaild:*:82:81:QMail user:/var/qmail:/nonexistent
qmailq:*:85:82:QMail user:/var/qmail:/nonexistent
qmails:*:87:82:QMail user:/var/qmail:/nonexistent
qmailp:*:84:81:QMail user:/var/qmail:/nonexistent
qmailr:*:86:82:QMail user:/var/qmail:/nonexistent
msql:*:87:87:mSQL-2 pseudo-user:/var/db/msqldb:/bin/shPlease include a notice when you submit a port (or an upgrade)
that reserves a new UID or GID in this range. This allows us to
keep the list of reserved IDs up to date.Do things rationallyThe Makefile should do things simply and
reasonably. If you can make it a couple of lines shorter or more
readable, then do so. Examples include using a make
.if construct instead of a shell
if construct, not redefining
do-extract if you can redefine
EXTRACT* instead, and using
GNU_CONFIGURE instead of CONFIGURE_ARGS
+= --prefix=${PREFIX}.Respect CFLAGSThe port should respect the CFLAGS variable.
If it does not, please add NO_PACKAGE=ignores
cflags to the Makefile.Configuration filesIf your port requires some configuration files in
PREFIX/etc, do
not just install them and list them in
pkg/PLIST. That will cause
pkg_delete to delete files carefully edited by
the user and a new installation to wipe them out.Instead, install sample files with a suffix
(filename.sample
will work well) and print out a message pointing out that the
user has to copy and edit the file before the software can be made
to work.PortlintDo check your work with portlint
before you submit or commit it.FeedbackDo send applicable changes/patches to the original
author/maintainer for inclusion in next release of the code. This
will only make your job that much easier for the next
release.MiscellaneaThe files pkg/DESCR,
pkg/COMMENT, and pkg/PLIST
should each be double-checked. If you are reviewing a port and feel
they can be worded better, do so.Do not copy more copies of the GNU General Public License into
our system, please.Please be careful to note any legal issues! Do not let us
illegally distribute software!If you are stuck…Do look at existing examples and the
bsd.port.mk file before asking us questions!
;)Do ask us questions if you have any trouble! Do not just beat
your head against a wall! :)A Sample MakefileHere is a sample Makefile that you can use to
create a new port. Make sure you remove all the extra comments (ones
between brackets)!It is recommended that you follow this format (ordering of
variables, empty lines between sections, etc.). This format is
designed so that the most important information is easy to locate. We
recommend that you use portlint to check the
Makefile.
[the header...just to make it easier for us to identify the ports.]
# New ports collection makefile for: xdvi
[the version required header should updated when upgrading a port.]
# Version required: pl18 [things like "1.5alpha" are fine here too]
[this is the date when the first version of this Makefile was created.
Never change this when doing an update of the port.]
# Date created: 26 May 1995
[this is the person who did the original port to FreeBSD, in particular, the
person who wrote the first version of this Makefile. Remember, this should
not be changed when upgrading the port later.]
# Whom: Satoshi Asami <asami@FreeBSD.ORG>
#
# $Id$
[ ^^^^ This will be automatically replaced with RCS ID string by CVS
when it is committed to our repository.]
#
[section to describe the port itself and the master site - DISTNAME
is always first, followed by PKGNAME (if necessary), CATEGORIES,
and then MASTER_SITES, which can be followed by MASTER_SITE_SUBDIR.
After those, one of EXTRACT_SUFX or DISTFILES can be specified too.]
DISTNAME= xdvi
PKGNAME= xdvi-pl18
CATEGORIES= print
[do not forget the trailing slash ("/")!
if you are not using MASTER_SITE_* macros]
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applications
[set this if the source is not in the standard ".tar.gz" form]
EXTRACT_SUFX= .tar.Z
[section for distributed patches -- can be empty]
PATCH_SITES= ftp://ftp.sra.co.jp/pub/X11/japanese/
PATCHFILES= xdvi-18.patch1.gz xdvi-18.patch2.gz
[maintainer; *mandatory*! This is the person (preferably with commit
privileges) who a user can contact for questions and bug reports - this
person should be the porter or someone who can forward questions to the
original porter reasonably promptly. If you really do not want to have
your address here, set it to "ports@FreeBSD.ORG".]
MAINTAINER= asami@FreeBSD.ORG
[dependencies -- can be empty]
RUN_DEPENDS= gs:${PORTSDIR}/print/ghostscript
LIB_DEPENDS= Xpm.5:${PORTSDIR}/graphics/xpm
[this section is for other standard bsd.port.mk variables that do not
belong to any of the above]
[If it asks questions during configure, build, install...]
IS_INTERACTIVE= yes
[If it extracts to a directory other than ${DISTNAME}...]
WRKSRC= ${WRKDIR}/xdvi-new
[If the distributed patches were not made relative to ${WRKSRC}, you
may need to tweak this]
PATCH_DIST_STRIP= -p1
[If it requires a "configure" script generated by GNU autoconf to be run]
GNU_CONFIGURE= yes
[If it requires GNU make, not /usr/bin/make, to build...]
USE_GMAKE= yes
[If it is an X application and requires "xmkmf -a" to be run...]
USE_IMAKE= yes
[et cetera.]
[non-standard variables to be used in the rules below]
MY_FAVORITE_RESPONSE= "yeah, right"
[then the special rules, in the order they are called]
pre-fetch:
i go fetch something, yeah
post-patch:
i need to do something after patch, great
pre-install:
and then some more stuff before installing, wow
[and then the epilogue]
.include <bsd.port.mk>Automated package list creationFirst, make sure your port is almost complete, with only
PLIST missing. Create an empty
PLIST.&prompt.root; touch PLISTNext, create a new set of directories which your port can be
installed, and install any dependencies.&prompt.root; mtree -U -f /etc/mtree/BSD.local.dist -d -e -p /var/tmp/port-name
&prompt.root; make depends PREFIX=/var/tmp/port-nameStore the directory structure in a new file.&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > OLD-DIRSIf your port honours PREFIX (which it should)
you can then install the port and create the package list.&prompt.root; make install PREFIX=/var/tmp
&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > pkg/PLISTYou must also add any newly created directories to the packing
list.&prompt.root; (cd /var/tmp/port-name && find * -type d) | comm -13 OLD-DIRS - | sed -e 's#^#@dirrm#' >> pkg/PLISTFinally, you need to tidy up the packing list by hand. I lied
when I said this was all automated. Manual pages should be listed in
the port's Makefile under
MANn, and not in the
package list. User configuration files should be removed, or
installed as
filename.sample. Any
libraries installed by the port should be listed as specified in the
ldconfig section.Package NamesThe following are the conventions you should follow in naming your
packages. This is to have our package directory easy to scan, as
there are already lots and lots of packages and users are going to
turn away if they hurt their eyes!The package name should look like
language-name-compiled.specifics-version.numbers.If your DISTNAME does not look like that, set
PKGNAME to something in that format.FreeBSD strives to support the native language of its users.
The language- part should be a two
letter abbreviation of the natural language defined by ISO-639 if
the port is specific to a certain language. Examples are
ja for Japanese, ru for
Russian, vi for Vietnamese,
zh for Chinese, ko for
Korean and de for German.The name part should be all lowercases,
except for a really large package (with lots of programs in it).
Things like XFree86 (yes there really is a port of it, check it
out) and ImageMagick fall into this category. Otherwise, convert
the name (or at least the first letter) to lowercase. If the
capital letters are important to the name (for example, with
one-letter names like R or
V) you may use capital letters at your
discretion. There is a tradition of naming Perl 5 modules by
prepending p5- and converting the double-colon
separator to a hyphen; for example, the
Data::Dumper module becomes
p5-Data-Dumper. If the software in question
has numbers, hyphens, or underscores in its name, you may include
them as well (like kinput2).If the port can be built with different hardcoded defaults (usually
part of the directory name in a family of ports), the
-compiled.specifics part should state
the compiled-in defaults (the hyphen is optional). Examples are
papersize and font units.The version string should be a period-separated list of
integers and single lowercase alphabetics. The only exception is
the string pl (meaning `patchlevel'), which can
be used only when there are no major and
minor version numbers in the software.Here are some (real) examples on how to convert a
DISTNAME into a suitable
PKGNAME:Distribution NamePackage NameReasonmule-2.2.2.mule-2.2.2No changes requiredXFree86-3.1.2XFree86-3.1.2No changes requiredEmiClock-1.0.2emiclock-1.0.2No uppercase names for single programsgmod1.4gmod-1.4Need a hyphen before version numbersxmris.4.0.2xmris-4.0.2Need a hyphen before version numbersrdist-1.3alphardist-1.3aNo strings like alpha
allowedes-0.9-beta1es-0.9b1No strings like beta
allowedv3.3beta021.srctiff-3.3What the heck was that anyway?tvtwmtvtwm-pl11Version string always requiredpiewmpiewm-1.0Version string always requiredxvgr-2.10pl1xvgr-2.10.1pl allowed only when no
major/minor version numbersgawk-2.15.6ja-gawk-2.15.6Japanese language versionpsutils-1.13psutils-letter-1.13Papersize hardcoded at package build timepkfontspkfonts300-1.0Package for 300dpi fontsIf there is absolutely no trace of version information in the
original source and it is unlikely that the original author will ever
release another version, just set the version string to
1.0 (like the piewm example above). Otherwise, ask
the original author or use the date string
(yy.mm.dd) as the version.CategoriesAs you already know, ports are classified in several categories.
But for this to wor, it is important that porters and users understand
what each category and how we deicde what to put in each
category.Current list of categoriesFirst, this is the current list of port categories. Those
marked with an asterisk (*) are
virtual categories—those that do not have
a corresponding subdirectory in the ports tree.For non-virtual categories, you will find a one-line
description in the pkg/COMMENT file in that
subdirectory (e.g.,
archivers/pkg/COMMENT).CategoryDescriptionafterstep*Ports to support AfterStep window managerarchiversArchiving tools.astroAstronomical ports.audioSound support.benchmarksBenchmarking utilities.biologyBiology-related software.cadComputer aided design tools.chineseChinese language support.commsCommunication software. Mostly software to talk to
your serial port.convertersCharacter code converters.databasesDatabases.deskutilsThings that used to be on the desktop before
computers were invented.develDevelopment utilities. Do not put libraries here just
because they are libraries—unless they truly do not
belong to anywhere else, they should not be in this
category.editorsGeneral editors. Specialized editors go in the section
for those tools (e.g., a mathematical-formula editor will go
in math).elispEmacs-lisp ports.emulatorsEmulators for other operating systems. Terminal
emulators do not belong
here—X-based ones should go to
x11 and text-based ones to either
comms or misc,
depending on the exact functionality.gamesGames.germanGerman language support.graphicsGraphics utilities.japaneseJapanese language support.kde*Ports that form the K Desktop Environment
(kde).koreanKorean language support.langProgramming languages.mailMail software.mathNumerical computation software and other utilities
for mathematics.mboneMBone applications.miscMiscellaneous utilities—basically things that
does not belong to anywhere else. This is the only category
that should not appear with any other non-virtual category.
If you have misc with something else in
your CATEGORIES line, that means you can
safely delete misc and just put the port
in that other subdirectory!netMiscellaneous networking software.newsUSENET news software.offix*Ports from the OffiX suite.palmSoftware support for the 3Com Palm(tm) series.perl5*Ports that require perl version 5 to run.plan9*Various programs from Plan9.printPrinting software. Desktop publishing tools
(previewers, etc.) belong here too.python*Software written in python.russianRussian language support.securitySecurity utilities.shellsCommand line shells.sysutilsSystem utilities.tcl75*Ports that use tcl version 7.5 to run.tcl76*Ports that use tcl version 7.6 to run.tcl80*Ports that use tcl version 8.0 to run.tcl81*Ports that use tcl version 8.1 to run.textprocText processing utilities. It does not include
desktop publishing tools, which go to print/.tk41*Ports that use tk version 4.1 to run.tk42*Ports that use tk version 4.2 to run.tk80*Ports that use tk version 8.0 to run.tk81*Ports that use tk version 8.1 to run.vietnameseVietnamese language support.windowmaker*Ports to support the WindowMaker window
managerwwwSoftware related to the World Wide Web. HTML language
support belong here too.x11The X window system and friends. This category is only
for software that directly support the window system. Do not
put regular X applications here. If your port is an X
application, define USE_XLIB (implied by
USE_IMAKE) and put it in appropriate
categories. Also, many of them go into other
x11-* categories (see below).x11-clocksX11 clocks.x11-fmX11 file managers.x11-fontsX11 fonts and font utilities.x11-toolkitsX11 toolkits.x11-wmX11 window managers.Choosing the right categoryAs many of the categories overlap, you often have to choose
which of the categories should be the primary category of your port.
There are several rules that govern this usse. Here is the list of
priorities, in decreasing order of precedence.Language specific categories always come first. For
example, if your port installs Japanese X11 fonts, then your
CATEGORIES line would read japanese
x11-fonts.Specific categories win over less-specific ones. For
instance, an HTML editor should be listed as www
editors, not the other way around. Also, you do not
need to list net when the port belongs to
either of mail, mbone,
news, security, or
www.x11 is used as a secondary category only
when the primary category is a natural language. In particular,
you should not put x11 in the category line
for X applications.If your port truly does not belong anywhere else, put it in
misc.If you are not sure about the category, please put a comment to
that effect in your send-pr submission so we can
discuss it before import it. (If you are a committer, send a note
&a.ports; so we can discuss it first—too often new ports are
imported to a wrong category only to be moved right away.)Changes to this document and the ports systemIf you maintain a lot of ports, you should consider following the
&a.ports;. Important changes to the way ports work will be announced
there. You can always find more detailed information on the latest
changes by looking at the
bsd.port.mk CVS log.That is It, Folks!Boy, this sure was a long tutorial, wasn't it? Thanks for
following us to here, really.Well, now that you know how to do a port, let us go at it and
convert everything in the world into ports! That is the easiest way to
start contributing to the FreeBSD Project! :)
diff --git a/en_US.ISO_8859-1/books/handbook/ppp-and-slip/chapter.sgml b/en_US.ISO_8859-1/books/handbook/ppp-and-slip/chapter.sgml
index 2db526fa62..0e9c4ac148 100644
--- a/en_US.ISO_8859-1/books/handbook/ppp-and-slip/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/ppp-and-slip/chapter.sgml
@@ -1,2488 +1,2488 @@
PPP and SLIPIf your connection to the Internet is through a modem, or you wish to
provide other people with dialup connections to the Internet using
FreeBSD, you have the option of using PPP or SLIP. Furthermore, two
varieties of PPP are provided: user (sometimes
referred to as iijppp) and
kernel. The procedures for configuring both types of
PPP, and for setting up SLIP are described in this chapter.Setting up User PPPUser PPP was introduced to FreeBSD in release 2.0.5 as an addition
to the existing kernel implementation of PPP. So, what is different
about this new PPP that warrants its addition? To quote from the manual
page:
This is a user process PPP software package. Normally, PPP is
implemented as a part of the kernel (e.g. as managed by
pppd) and it is thus somewhat hard to debug and/or
modify its behavior. However, in this implementation PPP is done as a
user process with the help of the tunnel device driver
(tun).
In essence, this means that rather than running a PPP daemon, the
ppp program can be run as and when desired. No PPP interface needs to
be compiled into the kernel, as the program can use the generic tunnel
device to get data into and out of the kernel.From here on out, user ppp will be referred to simply as ppp unless
a distinction needs to be made between it and any other PPP
client/server software such as pppd. Unless
otherwise stated, all commands in this section should be executed as
root.There are a large number of enhancements in version 2 of ppp. You
can discover what version you have by running ppp with no arguments and
typing show version at the prompt. It is a simple
matter to upgrade to the latest version of ppp (under any version of
FreeBSD) by downloading the latest archive via www.Awfulhak.org.Before you startThis document assumes you are in roughly this position:You have an account with an Internet Service Provider (ISP) which
lets you use PPP. Further, you have a modem (or other device)
connected and configured correctly which allows you to connect to your
ISP.You are going to need the following information to hand:Your ISPs phone number(s).Your login name and password. This can be either a regular
unix style login/password pair, or a PPP PAP or CHAP
login/password pair.The IP addresses of one or more nameservers. Normally, you
will be given two IP numbers. You must have
this information for PPP version 1.x
unless you run your own nameserver. From version 2 onwards,
PPP supports nameserver address
negotiation. If your ISP supports this, then using the command
enable dns in your config file will tell
PPP to set the nameservers for
you.The following information may have been supplied by your ISP, but
is not strictly necessary:The IP address of your ISP's gateway. The gateway is the
machine to which you will connect and will be set up as your
default route. If your ISP hasn't given you
this number, we can make one up and your ISP's PPP server will
tell us the correct value when we connect.This IP number is referred to as HISADDR
by ppp.Your ISP's netmask. If your ISP hasn't given you this
information, you can safely use a netmask of 255.255.255.0.If your ISP allocates you a static IP address and hostname
then you can enter this information. Otherwise, we simply let the
peer assign whatever IP number it sees fit.If you do not have any of the required information, contact your
ISP and make sure they provide it to you.Building a ppp ready kernelAs the description states, ppp uses the kernel
tun device. It is necessary to make sure
that your kernel has support for this device compiled in.To check this, go to your kernel compile directory
(/sys/i386/conf or
/sys/pc98/conf) and examine your kernel
configuration file. It needs to have the line
pseudo-device tun 1
in it somewhere. The stock GENERIC kernel has
this as standard, so if you have not installed a custom kernel or you
do not have a /sys directory, you do not have to
change anything.If your kernel configuration file does not have this line in it,
or you need to configure more than one tun device (for example, if you
are setting up a server and could have 16 dialup ppp connections at
any one time then you will need to use 16 instead
of 1), then you should add the line, re-compile,
re-install and boot the new kernel. Please refer to the Configuring the FreeBSD Kernel section
for more information on kernel configuration.You can check how many tunnel devices your current kernel has by
typing the following:&prompt.root; ifconfig -a
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 200.10.100.1 --> 203.10.100.24 netmask 0xffffffff
tun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 576
tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 203.10.100.1 --> 203.10.100.20 netmask 0xffffffff
tun3: flags=8010<POINTOPOINT,MULTICAST> mtu 1500This case shows four tunnel devices, two of which are currently
configured and being used. It should be noted that the
RUNNING flag above indicates that the interface has
been used at some point—it is not an error if your interface
does not show up as RUNNING.If you have a kernel without the tun device, and you can not
rebuild it for some reason, all is not lost. You should be able to
dynamically load the code. Refer to the appropriate
&man.modload.8; and &man.lkm.4; pages for further details.You may also wish to take this opportunity to configure a
firewall. Details can be found in the Firewalls section.Check the tun deviceMost users will only require one tun
device (/dev/tun0). If you have used more (i.e.,
a number other than 1 in the
pseudo-device line in the kernel configuration
file) then alter all references to tun0 below
to reflect whichever device number you are using.The easiest way to make sure that the
tun0 device is configured correctly is to
re-make it. To do this, execute the following commands:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun0If you require 16 tunnel devices in your kernel, you will need to
create more than just tun0:&prompt.root; cd /dev
&prompt.root; ./MAKEDEV tun15Also, to confirm that the kernel is configured correctly, the
following command should give the indicated output:&prompt.root; ifconfig tun0
tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500The RUNNING flag may not yet be set, in which
case you will see:&prompt.root; ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500Name Resolution ConfigurationThe resolver is the part of the system that turns IP addresses
into hostnames and vice versa. It can be configured to look for maps
that describe IP to hostname mappings in one of two places. The first
is a file called /etc/hosts (man 5
hosts). The second is the Internet Domain Name Service
(DNS), a distributed data base, the discussion of which is beyond the
scope of this document.This section describes briefly how to configure your
resolver.The resolver is a set of system calls that do the name mappings,
but you have to tell them where to find their information. You do
this by first editing the file /etc/host.conf.
Do not call this file
/etc/hosts.conf (note the extra
s) as the results can be confusing.Edit the /etc/host.conf fileThis file should contain the following two lines (in this
order):
hosts
bindThese instructs the resolver to first look in the file
/etc/hosts, and then to consult the DNS if the
name was not found.Edit the /etc/hosts(5) fileThis file should contain the IP addresses and names of machines
on your network. At a bare minimum it should contain entries for
the machine which will be running ppp. Assuming that your machine
is called foo.bar.com with the IP
address 10.0.0.1,
/etc/hosts should contain:
127.0.0.1 localhost
10.0.0.1 foo.bar.com fooThe first line defines the alias localhost as a
synonym for the current machine. Regardless of your own IP address,
the IP address for this line should always be 127.0.0.1. The second line maps the name
foo.bar.com (and the shorthand
foo) to the IP address 10.0.0.1.If your provider allocates you a static IP address and name,
then use these in place of the 10.0.0.1 entry.Edit the /etc/resolv.conf file/etc/resolv.conf tells the resolver how to
behave. If you are running your own DNS, you may leave this file
empty. Normally, you will need to enter the following
line(s):
nameserver x.x.x.x
nameserver y.y.y.y
domain bar.comThe x.x.x.x and
y.y.y.y
addresses are those given to you by your ISP. Add as many
nameserver lines as your ISP provides. The
domain line defaults to your hostname's domain,
and is probably unnecessary. Refer to the
resolv.conf manual page for details of other
possible entries in this file.If you are running PPP version 2 or greater, the enable
dns command will tell PPP to request that your ISP
confirms the nameserver values. If your ISP supplies different
addresses (or if there are no nameserver lines in
/etc/resolv.conf), PPP will rewrite the file
with the ISP-supplied values.ppp ConfigurationBoth user ppp and pppd (the kernel level
implementation of PPP) use configuration files located in the
/etc/ppp directory. The sample configuration
files provided are a good reference for user ppp, so don't delete
them.Configuring ppp requires that you edit a number
of files, depending on your requirements. What you put in them
depends to some extent on whether your ISP allocates IP addresses
statically (i.e., you get given one IP address, and always use that
one) or dynamically (i.e., your IP address can be different for each
PPP session).PPP and Static IP addressesYou will need to create a configuration file called
/etc/ppp/ppp.conf. It should look similar to
the example below.Lines that end in a : start in the first
column, all other lines should be indented as shown using spaces
or tabs.
1 default:
2 set device /dev/cuaa0
3 set speed 115200
4 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\TTIMEOUT 40 CONNECT"
5 provider:
6 set phone "(0123) 456 7890"
7 set login "TIMEOUT 10 \"\" \"\" gin:--gin: foo word: bar col: ppp"
8 set timeout 300
9 set ifaddr x.x.x.xy.y.y.y 255.255.255.0 0.0.0.0
10 add default HISADDR
11 enable dnsDo not include the line numbers, they are just for reference in
this discussion.Line 1:Identifies the default entry. Commands in this entry are
executed automatically when ppp is run.Line 2:Identifies the device to which the modem is connected.
COM1: is
/dev/cuaa0 and
COM2: is
/dev/cuaa1.Line 3:Sets the speed you want to connect at. If 115200 doesn't
work (it should with any reasonably new modem), try 38400
instead.Line 4:The dial string. User PPP uses an expect-send syntax
similar to the &man.chat.8; program. Refer to the
manual page for information on the features of this
language.Line 5:Identifies an entry for a provider called
“provider”.Line 6:Sets the phone number for this provider. Multiple phone
numbers may be specified using the : or
| character as a separator. The difference
between these separators is described in &man.ppp.8;.
To summarize, if you want to rotate through the numbers, use
the :. If you want to always attempt to
dial the first number first and only use the other numbers if
the first number fails, use the |. Always
quote the entire set of phone numbers as shown.Line 7:The login string is of the same chat-like syntax as the
dial string. In this example, the string works for a service
whose login session looks like this:J. Random Provider
login: foo
password: bar
protocol: pppYou will need to alter this script to suit your own needs.
When you write this script for the first time, you should
enable “chat” logging to ensure that the
conversation is going as expected.If you're using PAP or CHAP, there will be no login at
this point, so your login string can be left blank. See PAP and CHAP
authentication for further details.Line 8:Sets the default timeout (in seconds) for the connection.
Here, the connection will be closed automatically after 300
seconds of inactivity. If you never want to timeout, set this
value to zero.Line 9:Sets the interface addresses. The string
x.x.x.x should be replaced by the
IP address that your provider has allocated to you. The
string y.y.y.y should be replaced
by the IP address that your ISP indicated for their gateway
(the machine to which you connect). If your ISP hasn't given
you a gateway address, use 10.0.0.2/0. If you need to use a
“guessed” address, make sure that you create an
entry in /etc/ppp/ppp.linkup as per the
instructions for PPP and
Dynamic IP addresses. If this line is omitted,
ppp cannot run in or
mode.Line 10:Adds a default route to your ISPs gateway. The special
word HISADDR is replaced with the gateway
address specified on line 9. It is important that this line
appears after line 9, otherwise HISADDR
will not yet be initialized.Line 11:This line tells PPP to ask your ISP to confirm that your
nameserver addresses are correct. If your ISP supports this
facility, PPP can then update
/etc/resolv.conf with the correct
nameserver entries.It is not necessary to add an entry to
ppp.linkup when you have a static IP address as
your routing table entries are already correct before you connect.
You may however wish to create an entry to invoke programs after
connection. This is explained later with the sendmail
example.Example configuration files can be found in the
/etc/ppp directory.PPP and Dynamic IP addressesIf your service provider does not assign static IP numbers,
ppp can be configured to negotiate the local and
remote addresses. This is done by “guessing” an IP
number and allowing ppp to set it up correctly
using the IP Configuration Protocol (IPCP) after connecting. The
ppp.conf configuration is the same as PPP and Static IP addresses,
with the following change:
9 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0Again, do not include the line numbers, they are just for
reference in this discussion. Indentation of at least one space is
required.Line 9:The number after the / character is the
number of bits of the address that ppp will insist on. You
may wish to use IP numbers more appropriate to your
circumstances, but the above example will always work.The last argument (0.0.0.0) tells PPP
to negotiate using address 0.0.0.0 rather than 10.0.0.1. Do not use
0.0.0.0 as the first argument to
set ifaddr as it prevents PPP from setting
up an intial route in mode.If you are running version 1.x of PPP, uou will also need to
create an entry in /etc/ppp/ppp.linkup.
ppp.linkup is used after a connection has been
established. At this point, ppp will know what
IP addresses should really be used. The
following entry will delete the existing bogus routes, and create
correct ones:
1 provider:
2 delete ALL
3 add 0 0 HISADDRLine 1:On establishing a connection, ppp will
look for an entry in ppp.linkup according
to the following rules: First, try to match the same label as
we used in ppp.conf. If that fails, look
for an entry for the IP number of our gateway. This entry is
a four-octet IP style label. If we still haven't found an
entry, look for the MYADDR entry.Line 2:This line tells ppp to delete all
existing routes for the acquired tun interface (except the
direct route entry).Line 3:This line tells ppp to add a default
route that points to HISADDR.
HISADDR will be replaced with the IP number
of the gateway as negotiated in the IPCP.See the pmdemand entry in the files
/etc/ppp/ppp.conf.sample and
/etc/ppp/ppp.linkup.sample for a detailed
example.Version 2 of PPP introduces “sticky routes”. Any
add or delete lines that
contain MYADDR or HISADDR will
be remembered, and any time the actual values of
MYADDR or HISADDR change, the
routes will be re-applied. This removes the necessity of repeating
these lines in ppp.linkup.Receiving incoming calls with pppThis section describes setting up ppp in a
server role.When you configure ppp to receive incoming
calls on a machine connected to a LAN, you must decide if you wish
to forward packets to the LAN. If you do, you should allocate the
peer an IP number from your LAN's subet, and use the command
enable proxy
in your ppp.conf file. You should also confirm
that the /etc/rc.conf file (this file used to
be called /etc/sysconfig) contains the
following:
gateway=YESWhich getty?Configuring FreeBSD for Dialup
Services provides a good description on enabling dialup
services using getty.An alternative to getty is mgetty,
a smarter version of getty designed with dialup
lines in mind.The advantages of using mgetty is that it
actively talks to modems, meaning if port is
turned off in /etc/ttys then your modem won't
answer the phone.Later versions of mgetty (from 0.99beta
onwards) also support the automatic detection of PPP streams,
allowing your clients script-less access to your server.Refer to Mgetty and
AutoPPP for more information on
mgetty.PPP permissionsppp must normally be run as user id 0. If
however you wish to allow ppp to run in server
mode as a normal user by executing ppp as
described below, that user must be given permission to run
ppp by adding them to the
network group in
/etc/group.You will also need to give them access to one or more sections
of the configuration file using the allow
command:
allow users fred maryIf this command is used in the default
section, it gives the specified users access to everything.Setting up a PPP shell for dynamic-IP usersCreate a file called /etc/ppp/ppp-shell
containing the following:
#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`
if [ x$IDENT = xdialup ]; then
IDENT=`basename $TTY`
fi
echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENTThis script should be executable. Now make a symbolic link
called ppp-dialup to this script using the
following commands:&prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialupYou should use this script as the shell
for all your dialup ppp users. This is an example from
/etc/password for a dialup PPP user with
username pchilds. (remember don't directly
edit the password file, use vipw)
pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialupCreate a /home/ppp directory that is
world readable containing the following 0 byte files
-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts
which prevents /etc/motd from being
displayed.Setting up a PPP shell for static-IP usersCreate the ppp-shell file as above and
for each account with statically assigned IPs create a symbolic
link to ppp-shell.For example, if you have three dialup customers
fred, sam, and
mary, that you route class C networks for,
you would type the following:&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-maryEach of these users dialup accounts should have their shell
set to the symbolic link created above. (ie.
mary's shell should be
/etc/ppp/ppp-mary).Setting up ppp.conf for dynamic-IP usersThe /etc/ppp/ppp.conf file should contain
something along the lines of
default:
set debug phase lcp chat
set timeout 0
ttyd0:
set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
enable proxy
ttyd1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxyThe indenting is important.The default: section is loaded for each
session. For each dialup line enabled in
/etc/ttys create an entry similar to the one
for ttyd0: above. Each line should get a
unique IP address from your pool of IP addresses for dynamic
users.Setting up ppp.conf for static-IP
usersAlong with the contents of the sample
/etc/ppp/ppp.conf above you should add a
section for each of the statically assigned dialup users. We will
continue with our fred,
sam, and mary
example.
fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
sam:
set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255The file /etc/ppp/ppp.linkup should also
contain routing information for each static IP user if required.
The line below would add a route for the 203.14.101.0 class C via the client's
ppp link.
fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
sam:
add 203.14.102.0 netmask 255.255.255.0 HISADDR
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDRMore on mgetty, AutoPPP, and MS
extensionsmgetty and AutoPPPConfiguring and compiling mgetty with the
AUTO_PPP option enabled allows
mgetty to detect the LCP phase of PPP
connections and automatically spawn off a ppp shell. However,
since the default login/password sequence does not occur it is
necessary to authenticate users using either PAP or CHAP.This section assumes the user has successfully configured,
compiled, and installed a version of mgetty
with the AUTO_PPP option (v0.99beta or
later)Make sure your
/usr/local/etc/mgetty+sendfax/login.config
file has the following in it:
/AutoPPP/ - - /etc/ppp/ppp-pap-dialupThis will tell mgetty to run the
ppp-pap-dialup script for detected PPP
connections.Create a file called
/etc/ppp/ppp-pap-dialup containing the
following (the file should be executable):
#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENTFor each dialup line enabled in
/etc/ttys create a corresponding entry in
/etc/ppp/ppp.conf. This will happily
co-exist with the definitions we created above.
pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxyEach user logging in with this method will need to have a
username/password in /etc/ppp/ppp.secret
file, or alternatively add the
enable passwdauthoption to authenticate users via pap from the
/etc/password file.If you wish to assign some users a static IP number, you can
specify the number as the third argument in
/etc/ppp/ppp.secret. See
/etc/ppp/ppp.secret.sample for
examples.MS extentionsIt is possible to configure PPP to supply DNS and NetBIOS
nameserver addresses on demand.To enable these extensions with PPP version 1.x, the
following lines might be added to the relevant section of
/etc/ppp/ppp.conf.
enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5And for PPP version 2 and above:
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5This will tell the clients the primary and secondary name
server addresses, and a netbios nameserver host.In version 2 and above, if the set dns
line is ommitted, PPP will use the values found in
/etc/resolv.conf.PAP and CHAP authenticationSome ISPs set their system up so that the authentication part of
your connection is done using either of the PAP or CHAP
authentication mechanisms. If this is the case, your ISP will not
give a login: prompt when you connect, but will
start talking PPP immediately.PAP is less secure than CHAP, but security is not normally an
issue here as passwords, although being sent as plain text with PAP,
are being transmitted down a serial line only. There's not much room
for crackers to “eavesdrop”.Referring back to the PPP and
Static IP addresses or PPP and Dynamic IP addresses
sections, the following alterations must be made:
7 set login
…
12 set authname MyUserName
13 set authkey MyPasswordAs always, do not include the line numbers, they are just for
reference in this discussion. Indentation of at least one space is
required.Line 7:Your ISP will not normally require that you log into the
server if you're using PAP or CHAP. You must therefore
disable your "set login" string.Line 12:This line specifies your PAP/CHAP user name. You will
need to insert the correct value for
MyUserName.Line 13:This line specifies your PAP/CHAP password. You will need
to insert the correct value for
MyPassword. You may want to add an
additional line
15 accept PAP
or
15 accept CHAP
to make it obvious that this is the intention, but PAP and
CHAP are both accepted by default.Changing your ppp configuration on the
flyIt is possible to talk to the ppp program
while it is running in the background, but only if a suitable
diagnostic port has been set up. To do this, add the following line
to your configuration:
set server /var/run/ppp-tun%d DiagnosticPassword 0177This will tell PPP to listen to the specified unix-domain
socket, asking clients for the specified password before allowing
access. The %d in the name is replaced with the
tun device number that is in use.Once a socket has been set up, the
&man.pppctl.8; program may be used in scripts that wish to
manipulate the running program.Final system configurationYou now have ppp configured, but there are a
few more things to do before it is ready to work. They all involve
editing the /etc/rc.conf file (was
/etc/sysconfig).Working from the top down in this file, make sure the
hostname= line is set, e.g.:
hostname=foo.bar.comIf your ISP has supplied you with a static IP address and name,
it's probably best that you use this name as your host name.Look for the network_interfaces variable. If
you want to configure your system to dial your ISP on demand, make
sure the tun0 device is added to the list,
otherwise remove it.
network_interfaces="lo0 tun0" ifconfig_tun0=The ifconfig_tun0 variable should be empty,
and a file called /etc/start_if.tun0 should be
created. This file should contain the line
ppp -auto mysystemThis script is executed at network configuration time, starting
your ppp daemon in automatic mode. If you have a LAN for which this
machine is a gateway, you may also wish to use the
switch. Refer to the manual page for
further details.Set the router program to NO with the
line
router_enable=NO (/etc/rc.conf)
router=NO (/etc/sysconfig)It is important that the routed daemon is not
started (it's started by default) as routed tends
to delete the default routing table entries created by
ppp.It is probably worth your while ensuring that the
sendmail_flags line does not include the
option, otherwise sendmail will
attempt to do a network lookup every now and then, possibly causing
your machine to dial out. You may try:
sendmail_flags="-bd"The upshot of this is that you must force
sendmail to re-examine the mail queue whenever the
ppp link is up by typing:&prompt.root; /usr/sbin/sendmail -qYou may wish to use the !bg command in
ppp.linkup to do this automatically:
1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30mIf you don't like this, it is possible to set up a
“dfilter” to block SMTP traffic. Refer to the sample
files for further details.All that is left is to reboot the machine.After rebooting, you can now either type&prompt.root; pppand then dial provider to start the PPP
session, or, if you want ppp to establish sessions
automatically when there is outbound traffic (and you haven't created
the start_if.tun0 script), type&prompt.root; ppp -auto providerSummaryTo recap, the following steps are necessary when setting up ppp
for the first time:Client side:Ensure that the tun device is built
into your kernel.Ensure that the
tunX device file
is available in the /dev directory.Create an entry in /etc/ppp/ppp.conf.
The pmdemand example should suffice for most
ISPs.If you have a dynamic IP address, create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf (or
sysconfig) file.Create a start_if.tun0 script if you
require demand dialing.Server side:Ensure that the tun device is built
into your kernel.Ensure that the
tunX device file
is available in the /dev directory.Create an entry in /etc/passwd (using the
&man.vipw.8; program).Create a profile in this users home directory that runs
ppp -direct direct-server or similar.Create an entry in /etc/ppp/ppp.conf.
The direct-server example should
suffice.Create an entry in
/etc/ppp/ppp.linkup.Update your /etc/rc.conf (or
sysconfig) file.AcknowledgmentsThis section of the handbook was last updated on Monday Aug 10,
1998 by &a.brian;Thanks to the following for their input, comments &
suggestions:&a.nik;&a.dirkvangulik;&a.pjc;Setting up Kernel PPPContributed by &a.gena;.Before you start setting up PPP on your machine make sure that
pppd is located in /usr/sbin and
directory /etc/ppp exists.pppd can work in two modes:as a “client”, i.e. you want to connect your machine
to outside world via PPP serial connection or modem line.as a “server”, i.e. your machine is located on the
network and used to connect other computers using PPP.In both cases you will need to set up an options file
(/etc/ppp/options or ~/.ppprc
if you have more then one user on your machine that uses PPP).You also will need some modem/serial software (preferably kermit) so
you can dial and establish connection with remote host.Working as a PPP clientI used the following /etc/ppp/options to
connect to CISCO terminal server PPP line.
crtscts # enable hardware flow control
modem # modem control line
noipdefault # remote PPP server must supply your IP address.
# if the remote host doesn't send your IP during IPCP
# negotiation , remove this option
passive # wait for LCP packets
domain ppp.foo.com # put your domain name here
:<remote_ip> # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be your
# default routerTo connect:Dial to the remote host using kermit (or other modem program)
enter your user name and password (or whatever is needed to enable
PPP on the remote host)Exit kermit (without hanging up the line).enter:&prompt.root; /usr/src/usr.sbin/pppd.new/pppd /dev/tty0119200Use the appropriate speed and device name.Now your computer is connected with PPP. If the connection fails
for some reasons you can add the option to the
/etc/ppp/options file and check messages on the
console to track the problemFollowing /etc/ppp/pppup script will make all
3 stages automatically:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200/etc/ppp/kermit.dial is kermit script that
dials and makes all necessary authorization on the remote host.
(Example of such script is attached to the end of this
document)Use the following /etc/ppp/pppdown script to
disconnect the PPP line:
#!/bin/sh
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill -TERM ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptestCheck if PPP is still running
(/usr/etc/ppp/ppptest):
#!/bin/sh
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'pppd running: PID=' ${pid-NONE}
else
echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0Hangs up modem line
(/etc/ppp/kermit.hup):
set line /dev/tty01 ; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exitHere is an alternate method using chat instead
of kermit.Contributed by &a.rhuff;.The following two files are sufficient to accomplish a pppd
connection./etc/ppp/options:
/dev/cuaa1 115200
crtscts # enable hardware flow control
modem # modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault # remote PPP serve must supply your IP address.
# if the remote host doesn't send your IP during
# IPCP negotiation, remove this option
passive # wait for LCP packets
domain <your.domain> # put your domain name here
: # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be
# your default router/etc/ppp/login.chat.script:(This should actually go into a single line.)
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number>
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id>
TIMEOUT 5 sword: <password>Once these are installed and modified correctly, all you need to
do is&prompt.root; pppdThis sample based primarily on information provided by: Trev
Roydhouse <Trev.Roydhouse@f401.n711.z3.fidonet.org> and used by
permission.Working as a PPP server/etc/ppp/options:
crtscts # Hardware flow control
netmask 255.255.255.0 # netmask ( not required )
192.114.208.20:192.114.208.165 # ip's of local and remote hosts
# local ip must be different from one
# you assigned to the ethernet ( or other )
# interface on your machine.
# remote IP is ip address that will be
# assigned to the remote machine
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem lineFollowing /etc/ppp/pppserv script will enable
ppp server on your machine:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete
# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200Use this /etc/ppp/pppservdown script to stop
ppp server:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noansFollowing kermit script will enable/disable autoanswer mode on
your modem (/etc/ppp/kermit.ans):
set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
; autoanswer mod
inp 5 OK
echo \13
exitThis /etc/ppp/kermit.dial script is used for
dialing and authorizing on remote host. You will need to customize it
for your needs. Put your login and password in this script, also you
will need to change input statement depending on responses from your
modem and remote host.
;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto ; Then SET CARRIER if necessary,
set dial display on ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0 ; login prompt counter
goto slhup
:slcmd ; put the modem in command mode
echo Put the modem in command mode.
clear ; Clear unread characters from input buffer
pause 1
output +++ ; hayes escape sequence
input 1 OK\13\10 ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd ; if modem doesn't answer OK, try again
:slhup ; hang up the phone
clear ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13 ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd ; if no OK answer, put modem in command mode
:sldial ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10 ; put phone number here
assign \%x 0 ; zero the time counter
:look
clear ; Clear unread characters from input buffer
increment \%x ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup
:sllogin ; login
assign \%x 0 ; zero the time counter
pause 1
echo Looking for login prompt.
:slloop
increment \%x ; Count the seconds
clear ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop ; try 10 times to get a login prompt
else goto slhup ; hang up and start again if 10 failures
:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit
:slnodial
echo \7No dialtone. Check the telephone line!\7
exit 1
; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:Setting up a SLIP ClientContributed by &a.asami; 8 Aug 1995.The following is one way to set up a FreeBSD machine for SLIP on a
static host network. For dynamic hostname assignments (i.e., your
address changes each time you dial up), you probably need to do
something much fancier.First, determine which serial port your modem is connected to. I
have a symbolic link to /dev/modem from
/dev/cuaa1, and only use the modem name in my
configuration files. It can become quite cumbersome when you need to
fix a bunch of files in /etc and
.kermrc's all over the system!/dev/cuaa0 is COM1,
cuaa1 is COM2,
etc.Make sure you have
pseudo-device sl 1
in your kernel's config file. It is included in the
GENERIC kernel, so this will not be a problem
unless you deleted it.Things you have to do only onceAdd your home machine, the gateway and nameservers to your
/etc/hosts file. Mine looks like
this:
127.0.0.1 localhost loghost
136.152.64.181 silvia.HIP.Berkeley.EDU silvia.HIP silvia
136.152.64.1 inr-3.Berkeley.EDU inr-3 slip-gateway
128.32.136.9 ns1.Berkeley.edu ns1
128.32.136.12 ns2.Berkeley.edu ns2By the way, silvia is the name of the car that I had when I
was back in Japan (it is called 2?0SX here in U.S.).Make sure you have before
in your /etc/host.conf.
Otherwise, funny things may happen.Edit the file /etc/rc.conf. Note that
you should edit the file /etc/sysconfig
instead if you are running FreeBSD previous to version
2.2.2.Set your hostname by editing the line that says:
hostname=myname.my.domainYou should give it your full Internet hostname.Add sl0 to the list of network interfaces by changing the
line that says:
network_interfaces="lo0"to:
network_interfaces="lo0 sl0"Set the startup flags of sl0 by adding a line:
ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"Designate the default router by changing the line:
defaultrouter=NOto:
defaultrouter=slip-gatewayMake a file /etc/resolv.conf which
contains:
domain HIP.Berkeley.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12As you can see, these set up the nameserver hosts. Of course,
the actual domain names and addresses depend on your
environment.Set the password for root and toor (and any other accounts
that does not have a password). Use passwd, do not edit the
/etc/passwd or
/etc/master.passwd files!Reboot your machine and make sure it comes up with the correct
hostname.Making a SLIP connectionDial up, type slip at the prompt, enter
your machine name and password. The things you need to enter
depends on your environment. I use kermit, with a script like
this:
# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0a(of course, you have to change the hostname and password to
fit yours). Then you can just type slip from
the kermit prompt to get connected.Leaving your password in plain text anywhere in the
filesystem is generally a BAD idea. Do it at your own risk. I
am just too lazy.Leave the kermit there (you can suspend it by
z) and as root, type:&prompt.root; slattach -h -c -s 115200 /dev/modemIf you are able to ping hosts on the other
side of the router, you are connected! If it does not work, you
might want to try instead of
as an argument to slattach.How to shutdown the connectionType
&prompt.root; kill -INT `cat /var/run/slattach.modem.pid`
(as root) to kill slattach. Then go back to kermit
(fg if you suspended it) and exit from it
(q).The slattach man page says you have to use ifconfig sl0
down to mark the interface down, but this does not seem to
make any difference for me. (ifconfig sl0 reports
the same thing.)Some times, your modem might refuse to drop the carrier (mine
often does). In that case, simply start kermit and quit it again. It
usually goes out on the second try.TroubleshootingIf it does not work, feel free to ask me. The things that people
tripped over so far:Not using or in
slattach (I have no idea why this can be fatal, but adding this
flag solved the problem for at least one person)Using instead of
(might be hard to see the difference on some fonts).Try ifconfig sl0 to see your interface
status. I get:&prompt.root; ifconfig sl0
sl0: flags=10<POINTOPOINT>
inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00Also, netstat -r will give the routing
table, in case you get the "no route to host" messages from ping.
Mine looks like:&prompt.root; netstat -r
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
(root node)
(root node)
Route Tree for Protocol Family inet:
(root node) =>
default inr-3.Berkeley.EDU UG 8 224515 sl0 - -
localhost.Berkel localhost.Berkeley UH 5 42127 lo0 - 0.438
inr-3.Berkeley.E silvia.HIP.Berkele UH 1 0 sl0 - -
silvia.HIP.Berke localhost.Berkeley UGH 34 47641234 lo0 - 0.438
(root node)(this is after transferring a bunch of files, your numbers
should be smaller).Setting up a SLIP ServerContributed by &a.ghelmer;. v1.0, 15 May
1995.This document provides suggestions for setting up SLIP Server
services on a FreeBSD system, which typically means configuring your
system to automatically startup connections upon login for remote SLIP
clients. The author has written this document based on his experience;
however, as your system and needs may be different, this document may
not answer all of your questions, and the author cannot be responsible
if you damage your system or lose data due to attempting to follow the
suggestions here.This guide was originally written for SLIP Server services on a
FreeBSD 1.x system. It has been modified to reflect changes in the
pathnames and the removal of the SLIP interface compression flags in
early versions of FreeBSD 2.X, which appear to be the only major changes
between FreeBSD versions. If you do encounter mistakes in this
document, please email the author with enough information to help
correct the problem.PrerequisitesThis document is very technical in nature, so background knowledge
is required. It is assumed that you are familiar with the TCP/IP
network protocol, and in particular, network and node addressing,
network address masks, subnetting, routing, and routing protocols,
such as RIP. Configuring SLIP services on a dial-up server requires a
knowledge of these concepts, and if you are not familiar with them,
please read a copy of either Craig Hunt's TCP/IP Network
Administration published by O'Reilly & Associates,
Inc. (ISBN Number 0-937175-82-X), or Douglas Comer's books on the
TCP/IP protocol.It is further assumed that you have already setup your modem(s)
and configured the appropriate system files to allow logins through
your modems. If you have not prepared your system for this yet,
please see the tutorial for configuring dialup services; if you have a
World-Wide Web browser available, browse the list of tutorials at
- http://www.freebsd.org/;
+ http://www.FreeBSD.org/;
otherwise, check the place where you found this document for a
document named dialup.txt or something similar.
You may also want to check the manual pages for
&man.sio.4; for information on the serial port device driver and
&man.ttys.5;, &man.gettytab.5;, &man.getty.8;, & &man.init.8;
for information relevant to configuring the system to accept logins on
modems, and perhaps &man.stty.1; for information on setting serial
port parameters (such as clocal for
directly-connected serial interfaces).Quick OverviewIn its typical configuration, using FreeBSD as a SLIP server works
as follows: a SLIP user dials up your FreeBSD SLIP Server system and
logs in with a special SLIP login ID that uses
/usr/sbin/sliplogin as the special user's shell.
The sliplogin program browses the file
/etc/sliphome/slip.hosts to find a matching line
for the special user, and if it finds a match, connects the serial
line to an available SLIP interface and then runs the shell script
/etc/sliphome/slip.login to configure the SLIP
interface.An Example of a SLIP Server LoginFor example, if a SLIP user ID were
Shelmerg, Shelmerg's entry
in /etc/master.passwd would look something like
this (except it would be all on one line):
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliploginWhen Shelmerg logs in,
sliplogin will search
/etc/sliphome/slip.hosts for a line that had a
matching user ID; for example, there may be a line in
/etc/sliphome/slip.hosts that reads:
Shelmerg dc-slip sl-helmer 0xfffffc00 autocompsliplogin will find that matching line, hook
the serial line into the next available SLIP interface, and then
execute /etc/sliphome/slip.login like
this:
/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocompIf all goes well, /etc/sliphome/slip.login
will issue an ifconfig for the SLIP interface to
which sliplogin attached itself (slip interface
0, in the above example, which was the first parameter in the list
given to slip.login) to set the local IP
address (dc-slip), remote IP address
(sl-helmer), network mask for the SLIP interface
(0xfffffc00), and any additional
flags (autocomp). If something goes wrong,
sliplogin usually logs good informational
messages via the daemon syslog facility, which
usually goes into /var/log/messages (see the
manual pages for &man.syslogd.8; and
&man.syslog.conf.5, and perhaps check
/etc/syslog.conf to see to which files
syslogd is logging).OK, enough of the examples — let us dive into setting up
the system.Kernel ConfigurationFreeBSD's default kernels usually come with two SLIP interfaces
defined (sl0 and
sl1); you can use netstat
-i to see whether these interfaces are defined in your
kernel.Sample output from netstat -i:Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ed0 1500 <Link>0.0.c0.2c.5f.4a 291311 0 174209 0 133
ed0 1500 138.247.224 ivory 291311 0 174209 0 133
lo0 65535 <Link> 79 0 79 0 0
lo0 65535 loop localhost 79 0 79 0 0
sl0* 296 <Link> 0 0 0 0 0
sl1* 296 <Link> 0 0 0 0 0The sl0 and sl1
interfaces shown in netstat -i's output indicate
that there are two SLIP interfaces built into the kernel. (The
asterisks after the sl0 and sl1
indicate that the interfaces are “down”.)However, FreeBSD's default kernels do not come configured to
forward packets (ie, your FreeBSD machine will not act as a router)
due to Internet RFC requirements for Internet hosts (see RFC's 1009
[Requirements for Internet Gateways], 1122 [Requirements for Internet
Hosts — Communication Layers], and perhaps 1127 [A Perspective
on the Host Requirements RFCs]), so if you want your FreeBSD SLIP
Server to act as a router, you will have to edit the
/etc/rc.conf file (called
/etc/sysconfig in FreeBSD releases prior to
2.2.2) and change the setting of the gateway
variable to . If you have an older system which
predates even the /etc/sysconfig file, then add
the following command:
sysctl -w net.inet.ip.forwarding = 1
to your /etc/rc.local file.You will then need to reboot for the new settings to take
effect.You will notice that near the end of the default kernel
configuration file (/sys/i386/conf/GENERIC) is a
line that reads:
pseudo-device sl 2This is the line that defines the number of SLIP devices available
in the kernel; the number at the end of the line is the maximum number
of SLIP connections that may be operating simultaneously.Please refer to Configuring the
FreeBSD Kernel for help in reconfiguring your kernel.Sliplogin ConfigurationAs mentioned earlier, there are three files in the
/etc/sliphome directory that are part of the
configuration for /usr/sbin/sliplogin (see
&man.sliplogin.8; for the actual manual page for
sliplogin): slip.hosts, which
defines the SLIP users & their associated IP addresses;
slip.login, which usually just configures the
SLIP interface; and (optionally) slip.logout,
which undoes slip.login's effects when the serial
connection is terminated.slip.hosts Configuration/etc/sliphome/slip.hosts contains lines
which have at least four items, separated by whitespace:SLIP user's login IDLocal address (local to the SLIP server) of the SLIP
linkRemote address of the SLIP linkNetwork maskThe local and remote addresses may be host names (resolved to IP
addresses by /etc/hosts or by the domain name
service, depending on your specifications in
/etc/host.conf), and I believe the network mask
may be a name that can be resolved by a lookup into
/etc/networks. On a sample system,
/etc/sliphome/slip.hosts looks like
this:
#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocompAt the end of the line is one or more of the options. — no header compression — compress headers — compress headers if the
remote end allows it — disable ICMP packets (so any
“ping” packets will be dropped instead of using up
your bandwidth)Note that sliplogin under early releases of
FreeBSD 2 ignored the options that FreeBSD 1.x recognized, so the
options , ,
, and had no effect
until support was added in FreeBSD 2.2 (unless your
slip.login script included code to make use of
the flags).Your choice of local and remote addresses for your SLIP links
depends on whether you are going to dedicate a TCP/IP subnet or if
you are going to use “proxy ARP” on your SLIP server (it
is not “true” proxy ARP, but that is the terminology
used in this document to describe it). If you are not sure which
method to select or how to assign IP addresses, please refer to the
TCP/IP books referenced in the slips-prereqs section and/or
consult your IP network manager.If you are going to use a separate subnet for your SLIP clients,
you will need to allocate the subnet number out of your assigned IP
network number and assign each of your SLIP client's IP numbers out
of that subnet. Then, you will probably either need to configure a
static route to the SLIP subnet via your SLIP server on your nearest
IP router, or install gated on your FreeBSD SLIP
server and configure it to talk the appropriate routing protocols to
your other routers to inform them about your SLIP server's route to
the SLIP subnet.Otherwise, if you will use the “proxy ARP” method,
you will need to assign your SLIP client's IP addresses out of your
SLIP server's Ethernet subnet, and you will also need to adjust your
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout scripts to use
&man.arp.8; to manage the proxy-ARP entries in the SLIP server's
ARP table.slip.login ConfigurationThe typical /etc/sliphome/slip.login file
looks like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6This slip.login file merely
ifconfig's the appropriate SLIP interface with
the local and remote addresses and network mask of the SLIP
interface.If you have decided to use the “proxy ARP” method
(instead of using a separate subnet for your SLIP clients), your
/etc/sliphome/slip.login file will need to look
something like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pubThe additional line in this slip.login,
arp -s $5 00:11:22:33:44:55 pub, creates an
ARP entry in the SLIP server's ARP table. This ARP entry causes the
SLIP server to respond with the SLIP server's Ethernet MAC address
whenever a another IP node on the Ethernet asks to speak to the SLIP
client's IP address.When using the example above, be sure to replace the Ethernet
MAC address (00:11:22:33:44:55) with the
MAC address of your system's Ethernet card, or your “proxy
ARP” will definitely not work! You can discover your SLIP
server's Ethernet MAC address by looking at the results of running
netstat -i; the second line of the output should
look something like:ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116This indicates that this particular system's Ethernet MAC
address is 00:02:c1:28:5f:4a — the
periods in the Ethernet MAC address given by netstat
-i must be changed to colons and leading zeros should be
added to each single-digit hexadecimal number to convert the address
into the form that
&man.arp.8; desires; see the manual page on &man.arp.8; for
complete information on usage.When you create /etc/sliphome/slip.login
and /etc/sliphome/slip.logout, the
“execute” bit (ie, chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout)
must be set, or sliplogin will be unable to
execute it.slip.logout Configuration/etc/sliphome/slip.logout is not strictly
needed (unless you are implementing “proxy ARP”), but if
you decide to create it, this is an example of a basic
slip.logout script:
#!/bin/sh -
#
# slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 downIf you are using “proxy ARP”, you will want to have
/etc/sliphome/slip.logout remove the ARP entry
for the SLIP client:
#!/bin/sh -
#
# @(#)slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5The arp -d $5 removes the ARP entry that
the “proxy ARP” slip.login added
when the SLIP client logged in.It bears repeating: make sure
/etc/sliphome/slip.logout has the execute
bit set for after you create it (ie, chmod
755 /etc/sliphome/slip.logout).Routing ConsiderationsIf you are not using the “proxy ARP” method for
routing packets between your SLIP clients and the rest of your network
(and perhaps the Internet), you will probably either have to add
static routes to your closest default router(s) to route your SLIP
client subnet via your SLIP server, or you will probably need to
install and configure gated on your FreeBSD SLIP
server so that it will tell your routers via appropriate routing
protocols about your SLIP subnet.Static RoutesAdding static routes to your nearest default routers can be
troublesome (or impossible, if you do not have authority to do
so...). If you have a multiple-router network in your organization,
some routers, such as Cisco and Proteon, may not only need to be
configured with the static route to the SLIP subnet, but also need
to be told which static routes to tell other routers about, so some
expertise and troubleshooting/tweaking may be necessary to get
static-route-based routing to work.Running gatedAn alternative to the headaches of static routes is to install
gated on your FreeBSD SLIP server and configure
it to use the appropriate routing protocols (RIP/OSPF/BGP/EGP) to
tell other routers about your SLIP subnet. You can use
gated from the ports
collection or retrieve and build it yourself from the
GateD anonymous ftp site; I believe the current version as
of this writing is gated-R3_5Alpha_8.tar.Z,
which includes support for FreeBSD “out-of-the-box”.
Complete information and documentation on gated
is available on the Web starting at the Merit GateD
Consortium. Compile and install it, and then write a
/etc/gated.conf file to configure your gated;
here is a sample, similar to what the author used on a FreeBSD SLIP
server:
#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
rip yes {
interface sl noripout noripin ;
interface ed ripin ripout version 1 ;
traceoptions route ;
} ;
#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
traceoptions remnants request routes info interface ;
} ;
#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#
export proto rip interface ed {
proto direct {
xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
} ;
} ;
#
# Accept routes from RIP via ed Ethernet interfaces
import proto rip interface ed {
all ;
} ;The above sample gated.conf file broadcasts
routing information regarding the SLIP subnet
xxx.xxx.yy via RIP onto the Ethernet; if
you are using a different Ethernet driver than the
ed driver, you will need to change the
references to the ed interface
appropriately. This sample file also sets up tracing to
/var/tmp/gated.output for debugging
gated's activity; you can certainly turn off the
tracing options if gated works OK for you. You
will need to change the xxx.xxx.yy's into
the network address of your own SLIP subnet (be sure to change the
net mask in the proto direct clause as
well).When you get gated built and installed and
create a configuration file for it, you will need to run
gated in place of routed on
your FreeBSD system; change the routed/gated
startup parameters in /etc/netstart as
appropriate for your system. Please see the manual page for
gated for information on
gated's command-line parameters.AcknowledgmentsThanks to these people for comments and advice regarding this
tutorial:&a.wilko;Piero SeriniPiero@Strider.Inet.IT
diff --git a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml
index 4d972ffb8f..44cce02e76 100644
--- a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml
@@ -1,1612 +1,1612 @@
SecurityDES, MD5, and CryptContributed by &a.wollman; 24 September
1995.In order to protect the security of passwords on UN*X systems from
being easily exposed, passwords have traditionally been scrambled in
some way. Starting with Bell Labs' Seventh Edition Unix, passwords were
encrypted using what the security people call a “one-way hash
function”. That is to say, the password is transformed in such a
way that the original password cannot be regained except by brute-force
searching the space of possible passwords. Unfortunately, the only
secure method that was available to the AT&T researchers at the time
was based on DES, the Data Encryption Standard. This causes only
minimal difficulty for commercial vendors, but is a serious problem for
an operating system like FreeBSD where all the source code is freely
available, because national governments in many places like to place
restrictions on cross-border transport of DES and other encryption
software.So, the FreeBSD team was faced with a dilemma: how could we provide
compatibility with all those UNIX systems out there while still not
running afoul of the law? We decided to take a dual-track approach: we
would make distributions which contained only a non-regulated password
scrambler, and then provide as a separate add-on library the DES-based
password hash. The password-scrambling function was moved out of the C
library to a separate library, called libcrypt
because the name of the C function to implement it is
crypt. In FreeBSD 1.x and some pre-release 2.0
snapshots, the non-regulated scrambler uses an insecure function written
by Nate Williams; in subsequent releases this was replaced by a
mechanism using the RSA Data Security, Inc., MD5 one-way hash function.
Because neither of these functions involve encryption, they are believed
to be exportable from the US and importable into many other
countries.Meanwhile, work was also underway on the DES-based password hash
function. First, a version of the crypt function
which was written outside the US was imported, thus synchronizing the US
and non-US code. Then, the library was modified and split into two; the
DES libcrypt contains only the code involved in
performing the one-way password hash, and a separate
libcipher was created with the entry points to
actually perform encryption. The code was partitioned in this way to
make it easier to get an export license for the compiled library.Recognizing your crypt mechanismIt is fairly easy to recognize whether a particular password
string was created using the DES- or MD5-based hash function. MD5
password strings always begin with the characters
$1$. DES password strings do not have any
particular identifying characteristics, but they are shorter than MD5
passwords, and are coded in a 64-character alphabet which does not
include the $ character, so a relatively short
string which doesn't begin with a dollar sign is very likely a DES
password.Determining which library is being used on your system is fairly
easy for most programs, except for those like init
which are statically linked. (For those programs, the only way is to
try them on a known password and see if it works.) Programs which use
crypt are linked against
libcrypt, which for each type of library is a
symbolic link to the appropriate implementation. For example, on a
system using the DES versions:&prompt.user; ls -l /usr/lib/libcrypt*
lrwxr-xr-x 1 root wheel 13 Mar 19 06:56 libcrypt.a -> libdescrypt.a
lrwxr-xr-x 1 root wheel 18 Mar 19 06:56 libcrypt.so.2.0 -> libdescrypt.so.2.0
lrwxr-xr-x 1 root wheel 15 Mar 19 06:56 libcrypt_p.a -> libdescrypt_p.aOn a system using the MD5-based libraries, the same links will be
present, but the target will be libscrypt rather
than libdescrypt.S/KeyContributed by &a.wollman; 25 September
1995.S/Key is a one-time password scheme based on a one-way hash function
(in our version, this is MD4 for compatibility; other versions have used
MD5 and DES-MAC). S/Key has been a standard part of all FreeBSD
distributions since version 1.1.5, and is also implemented on a large
and growing number of other systems. S/Key is a registered trademark of
Bell Communications Research, Inc.There are three different sorts of passwords which we will talk
about in the discussion below. The first is your usual UNIX-style or
Kerberos password; we will call this a “UNIX password”. The
second sort is the one-time password which is generated by the S/Key
key program and accepted by the
keyinit program and the login prompt; we will call
this a “one-time password”. The final sort of password is
the secret password which you give to the key program
(and sometimes the keyinit program) which it uses to
generate one-time passwords; we will call it a “secret
password” or just unqualified “password”.The secret password does not necessarily have anything to do with
your UNIX password (while they can be the same, this is not
recommended). While UNIX passwords are limited to eight characters in
length, your S/Key secret password can be as long as you like; I use
seven-word phrases. In general, the S/Key system operates completely
independently of the UNIX password system.There are in addition two other sorts of data involved in the S/Key
system; one is called the “seed” or (confusingly)
“key”, and consists of two letters and five digits, and the
other is the “iteration count” and is a number between 100
and 1. S/Key constructs a one-time password from these components by
concatenating the seed and the secret password, then applying a one-way
hash (the RSA Data Security, Inc., MD4 secure hash function)
iteration-count times, and turning the result into six short English
words. The login and su programs
keep track of the last one-time password used, and the user is
authenticated if the hash of the user-provided password is equal to the
previous password. Because a one-way hash function is used, it is not
possible to generate future one-time passwords having overheard one
which was successfully used; the iteration count is decremented after
each successful login to keep the user and login program in sync. (When
you get the iteration count down to 1, it is time to reinitialize
S/Key.)There are four programs involved in the S/Key system which we will
discuss below. The key program accepts an iteration
count, a seed, and a secret password, and generates a one-time password.
The keyinit program is used to initialized S/Key, and
to change passwords, iteration counts, or seeds; it takes either a
secret password, or an iteration count, seed, and one-time password.
The keyinfo program examines the
/etc/skeykeys file and prints out the invoking
user's current iteration count and seed. Finally, the
login and su programs contain the
necessary logic to accept S/Key one-time passwords for authentication.
The login program is also capable of disallowing the
use of UNIX passwords on connections coming from specified
addresses.There are four different sorts of operations we will cover. The
first is using the keyinit program over a secure
connection to set up S/Key for the first time, or to change your
password or seed. The second operation is using the
keyinit program over an insecure connection, in
conjunction with the key program over a secure
connection, to do the same. The third is using the
key program to log in over an insecure connection.
The fourth is using the key program to generate a
number of keys which can be written down or printed out to carry with
you when going to some location without secure connections to anywhere
(like at a conference).Secure connection initializationTo initialize S/Key, change your password, or change your seed
while logged in over a secure connection (e.g., on the console of a
machine), use the keyinit command without any
parameters while logged in as yourself:&prompt.user; keyinit
Updating wollman: ) these will not appear if you
Old key: ha73895 ) have not used S/Key before
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: ) I typed my pass phrase here
Again secret password: ) I typed it again ID
wollman s/key is 99 ha73896 ) discussed below SAG
HAS FONT GOUT FATE BOOM )There is a lot of information here. At theEnter secret
password: prompt, you should enter some password or phrase
(I use phrases of minimum seven words) which will be needed to
generate login keys. The line starting `ID' gives the parameters of
your particular S/Key instance: your login name, the iteration count,
and seed. When logging in with S/Key, the system will remember these
parameters and present them back to you so you do not have to remember
them. The last line gives the particular one-time password which
corresponds to those parameters and your secret password; if you were
to re-login immediately, this one-time password is the one you would
use.Insecure connection initializationTo initialize S/Key or change your password or seed over an
insecure connection, you will need to already have a secure connection
to some place where you can run the key program;
this might be in the form of a desk accessory on a Macintosh, or a
shell prompt on a machine you trust (we will show the latter). You
will also need to make up an iteration count (100 is probably a good
value), and you may make up your own seed or use a randomly-generated
one. Over on the insecure connection (to the machine you are
initializing), use the keyinit -s command:&prompt.user; keyinit -s
Updating wollman: Old key: kh94741
Reminder you need the 6 English words from the skey command.
Enter sequence count from 1 to 9999:100 ) I typed this
Enter new key [default kh94742]:
s/key 100 kh94742To accept the default seed (which the keyinit
program confusingly calls a key), press return.
Then move over to your secure connection or S/Key desk accessory, and
give it the same parameters:&prompt.user; key 100 kh94742
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: ) I typed my secret password
HULL NAY YANG TREE TOUT VETONow switch back over to the insecure connection, and copy the
one-time password generated by key over to the
keyinit program:s/key access password:HULL NAY YANG TREE TOUT VETO
ID wollman s/key is 100 kh94742
HULL NAY YANG TREE TOUT VETOThe rest of the description from the previous section applies here
as well.Diversion: a login promptBefore explaining how to generate one-time passwords, we should go
over an S/Key login prompt:&prompt.user; telnet himalia
Trying 18.26.0.186...
Connected to himalia.lcs.mit.edu.
Escape character is '^]'.
s/key 92 hi52030
Password:Note that, before prompting for a password, the login program
prints out the iteration number and seed which you will need in order
to generate the appropriate key. You will also find a useful feature
(not shown here): if you press return at the password prompt, the
login program will turn echo on, so you can see what you are typing.
This can be extremely useful if you are attempting to type in an S/Key
by hand, such as from a printout.If this machine were configured to disallow UNIX passwords over a
connection from my machine, the prompt would have also included the
annotation (s/key required), indicating that only
S/Key one-time passwords will be accepted.Generating a single one-time passwordNow, to generate the one-time password needed to answer this login
prompt, we use a trusted machine and the key
program. (There are versions of the key program
from DOS and Windows machines, and there is an S/Key desk accessory
for Macintosh computers as well.) The command-line
key program takes as its parameters the iteration
count and seed; you can cut-and-paste right from the login prompt
starting at key to the end of the line.
Thus:&prompt.user; key 92 hi52030 ) pasted from previous section
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: ) I typed my secret password
ADEN BED WOLF HAW HOT STUNAnd in the other window:s/key 92 hi52030 ) from previous section
Password:
(turning echo on)
Password:ADEN BED WOLF HAW HOT STUN
Last login: Wed Jun 28 15:31:00 from halloran-eldar.l
[etc.]This is the easiest mechanism if you have a
trusted machine. There is a Java S/Key key applet,
The Java OTP
Calculator, that you can download and run locally on any
Java supporting brower.Generating multiple one-time passwordsSometimes we have to go places where no trusted machines or
connections are available. In this case, it is possible to use the
key command to generate a number of one-time
passwords in the same command; these can then be printed out. For
example:&prompt.user; key -n 25 57 zz99999
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password:
33: WALT THY MALI DARN NIT HEAD
34: ASK RICE BEAU GINA DOUR STAG
…
56: AMOS BOWL LUG FAT CAIN INCH
57: GROW HAYS TUN DISH CAR BALMThe requests twenty-five keys in sequence;
the indicates the ending
iteration number; and the rest is as before. Note that these are
printed out in reverse order of eventual use. If
you are really paranoid, you might want to write the results down by
hand; otherwise you can cut-and-paste into lpr.
Note that each line shows both the iteration count and the one-time
password; you may still find it handy to scratch off passwords as you
use them.Restricting use of UNIX passwordsThe configuration file /etc/skey.access can
be used to configure restrictions on the use of UNIX passwords based
on the host name, user name, terminal port, or IP address of a login
session. The complete format of the file is documented in the
&man.skey.access.5; manual page; there are also some security
cautions there which should be read before depending on this file for
security.If there is no /etc/skey.access file (which
is the default state as FreeBSD is shipped), then all users will be
allowed to use UNIX passwords. If the file exists, however, then all
users will be required to use S/Key unless explicitly permitted to do
otherwise by configuration statements in the
skey.access file. In all cases, UNIX passwords
are permitted on the console.Here is a sample configuration file which illustrates the three
most common sorts of configuration statements:
permit internet 18.26.0.0 255.255.0.0
permit user jrl
permit port ttyd0The first line (permit internet) allows users
whose IP source address (which is vulnerable to spoofing) matches the
specified value and mask, to use UNIX passwords. This should not be
considered a security mechanism, but rather, a means to remind
authorized users that they are using an insecure network and need to
use S/Key for authentication.The second line (permit user) allows the
specified user to use UNIX passwords at any time. Generally speaking,
this should only be used for people who are either unable to use the
key program, like those with dumb terminals, or
those who are uneducable.The third line (permit port) allows all users
logging in on the specified terminal line to use UNIX passwords; this
would be used for dial-ups.KerberosContributed by &a.markm; (based on contribution by
&a.md;).Kerberos is a network add-on system/protocol that allows users to
authenticate themselves through the services of a secure server.
Services such as remote login, remote copy, secure inter-system file
copying and other high-risk tasks are made considerably safer and more
controllable.The following instructions can be used as a guide on how to set up
Kerberos as distributed for FreeBSD. However, you should refer to the
relevant manual pages for a complete description.In FreeBSD, the Kerberos is not that from the original 4.4BSD-Lite,
distribution, but eBones, which had been previously ported to FreeBSD
1.1.5.1, and was sourced from outside the USA/Canada, and is thus
available to system owners outside those countries.For those needing to get a legal foreign distribution of this
software, please do not get it from a USA or Canada
site. You will get that site in big trouble! A
legal copy of this is available from ftp.internat.freebsd.org, which is in South
+ role="fqdn">ftp.internat.FreeBSD.org, which is in South
Africa and an official FreeBSD mirror site.Creating the initial databaseThis is done on the Kerberos server only. First make sure that
you do not have any old Kerberos databases around. You should change
to the directory /etc/kerberosIV and check that
only the following files are present:&prompt.root; cd /etc/kerberosIV
&prompt.root; ls
README krb.conf krb.realmsIf any additional files (such as principal.*
or master_key) exist, then use the
kdb_destroy command to destroy the old Kerberos
database, of if Kerberos is not running, simply delete the extra
files.You should now edit the krb.conf and
krb.realms files to define your Kerberos realm.
In this case the realm will be GRONDAR.ZA and the
server is grunt.grondar.za. We edit or create
the krb.conf file:&prompt.root; cat krb.conf
GRONDAR.ZA
GRONDAR.ZA grunt.grondar.za admin server
CS.BERKELEY.EDU okeeffe.berkeley.edu
ATHENA.MIT.EDU kerberos.mit.edu
ATHENA.MIT.EDU kerberos-1.mit.edu
ATHENA.MIT.EDU kerberos-2.mit.edu
ATHENA.MIT.EDU kerberos-3.mit.edu
LCS.MIT.EDU kerberos.lcs.mit.edu
TELECOM.MIT.EDU bitsy.mit.edu
ARC.NASA.GOV trident.arc.nasa.govIn this case, the other realms do not need to be there. They are
here as an example of how a machine may be made aware of multiple
realms. You may wish to not include them for simplicity.The first line names the realm in which this system works. The
other lines contain realm/host entries. The first item on a line is a
realm, and the second is a host in that realm that is acting as a
“key distribution centre”. The words admin
server following a hosts name means that host also
provides an administrative database server. For further explanation
of these terms, please consult the Kerberos man pages.Now we have to add grunt.grondar.za
to the GRONDAR.ZA realm and also add an entry to
put all hosts in the .grondar.za
domain in the GRONDAR.ZA realm. The
krb.realms file would be updated as
follows:&prompt.root; cat krb.realms
grunt.grondar.za GRONDAR.ZA
.grondar.za GRONDAR.ZA
.berkeley.edu CS.BERKELEY.EDU
.MIT.EDU ATHENA.MIT.EDU
.mit.edu ATHENA.MIT.EDUAgain, the other realms do not need to be there. They are here as
an example of how a machine may be made aware of multiple realms. You
may wish to remove them to simplify things.The first line puts the specific system into
the named realm. The rest of the lines show how to default systems of
a particular subdomain to a named realm.Now we are ready to create the database. This only needs to run
on the Kerberos server (or Key Distribution Centre). Issue the
kdb_init command to do this:&prompt.root; kdb_initRealm name [default ATHENA.MIT.EDU ]:GRONDAR.ZA
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter Kerberos master key:Now we have to save the key so that servers on the local machine
can pick it up. Use the kstash command to do
this.&prompt.root; kstashEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!This saves the encrypted master password in
/etc/kerberosIV/master_key.Making it all runTwo principals need to be added to the database for
each system that will be secured with Kerberos.
Their names are kpasswd and rcmd
These two principals are made for each system, with the instance being
the name of the individual system.These daemons, kpasswd and
rcmd allow other systems to change Kerberos
passwords and run commands like rcp,
rlogin and rsh.Now let's add these entries:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:passwdInstance:grunt
<Not found>, Create [y] ?y
Principal: passwd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?y
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name:rcmdInstance:grunt
<Not found>, Create [y] ?
Principal: rcmd, Instance: grunt, kdc_key_ver: 1
New Password: <---- enter RANDOM here
Verifying password
New Password: <---- enter RANDOM here
Random password [y] ?
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitCreating the server fileWe now have to extract all the instances which define the services
on each machine. For this we use the ext_srvtab
command. This will create a file which must be copied or moved
by secure means to each Kerberos client's
/etc/kerberosIV directory. This file must be present on each server
and client, and is crucial to the operation of Kerberos.&prompt.root; ext_srvtab gruntEnter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Generating 'grunt-new-srvtab'....Now, this command only generates a temporary file which must be
renamed to srvtab so that all the server can pick
it up. Use the mv command to move it into place on
the original system:&prompt.root; mv grunt-new-srvtab srvtabIf the file is for a client system, and the network is not deemed
safe, then copy the
client-new-srvtab to
removable media and transport it by secure physical means. Be sure to
rename it to srvtab in the client's
/etc/kerberosIV directory, and make sure it is
mode 600:&prompt.root; mv grumble-new-srvtab srvtab
&prompt.root; chmod 600 srvtabPopulating the databaseWe now have to add some user entries into the database. First
let's create an entry for the user jane. Use the
kdb_edit command to do this:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:
<Not found>, Create [y] ?y
Principal: jane, Instance: , kdc_key_ver: 1
New Password: <---- enter a secure password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitTesting it all outFirst we have to start the Kerberos daemons. NOTE that if you
have correctly edited your /etc/rc.conf then this
will happen automatically when you reboot. This is only necessary on
the Kerberos server. Kerberos clients will automagically get what
they need from the /etc/kerberosIV
directory.&prompt.root; kerberos &
Kerberos server starting
Sleep forever on error
Log file is /var/log/kerberos.log
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Current Kerberos master key version is 1
Local realm: GRONDAR.ZA
&prompt.root; kadmind -n &
KADM Server KADM0.0A initializing
Please do not use 'kill -9' to kill this job, use a
regular kill instead
Current Kerberos master key version is 1.
Master key entered. BEWARE!Now we can try using the kinit command to get a
ticket for the id jane that we created
above:&prompt.user; kinit jane
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane"
Password:Try listing the tokens using klist to see if we
really have them:&prompt.user; klist
Ticket file: /tmp/tkt245
Principal: jane@GRONDAR.ZA
Issued Expires Principal
Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.GRONDAR.ZA@GRONDAR.ZANow try changing the password using passwd to
check if the kpasswd daemon can get authorization to the Kerberos
database:&prompt.user; passwd
realm GRONDAR.ZA
Old password for jane:New Password for jane:
Verifying password
New Password for jane:
Password changed.Adding su privilegesKerberos allows us to give each user who
needs root privileges their own separatesupassword. We could now add an id which is
authorized to su to root.
This is controlled by having an instance of root
associated with a principal. Using kdb_edit we can
create the entry jane.root in the Kerberos
database:&prompt.root; kdb_edit
Opening database...
Enter Kerberos master key:
Current Kerberos master key version is 1.
Master key entered. BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.
Principal name:janeInstance:root
<Not found>, Create [y] ? y
Principal: jane, Instance: root, kdc_key_ver: 1
New Password: <---- enter a SECURE password here
Verifying password
New Password: <---- re-enter the password here
Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?Max ticket lifetime (*5 minutes) [ 255 ] ?12 <--- Keep this short!
Attributes [ 0 ] ?
Edit O.K.
Principal name: <---- null entry here will cause an exitNow try getting tokens for it to make sure it works:&prompt.root; kinit jane.root
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane.root"
Password:Now we need to add the user to root's .klogin
file:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZANow try doing the su:&prompt.user; suPassword:and take a look at what tokens we have:&prompt.root; klist
Ticket file: /tmp/tkt_root_245
Principal: jane.root@GRONDAR.ZA
Issued Expires Principal
May 2 20:43:12 May 3 04:43:12 krbtgt.GRONDAR.ZA@GRONDAR.ZAUsing other commandsIn an earlier example, we created a principal called
jane with an instance root.
This was based on a user with the same name as the principal, and this
is a Kerberos default; that a
<principal>.<instance> of the form
<username>.root will allow
that <username> to su to
root if the necessary entries are in the .klogin
file in root's home directory:&prompt.root; cat /root/.klogin
jane.root@GRONDAR.ZALikewise, if a user has in their own home directory lines of the
form:&prompt.user; cat ~/.klogin
jane@GRONDAR.ZA
jack@GRONDAR.ZAThis allows anyone in the GRONDAR.ZA realm
who has authenticated themselves to jane or
jack (via kinit, see above)
access to rlogin to jane's
account or files on this system (grunt) via
rlogin, rsh or
rcp.For example, Jane now logs into another system, using
Kerberos:&prompt.user; kinit
MIT Project Athena (grunt.grondar.za)
Password:
%prompt.user; rlogin grunt
Last login: Mon May 1 21:14:47 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995Or Jack logs into Jane's account on the same machine (Jane having
set up the .klogin file as above, and the person
in charge of Kerberos having set up principal
jack with a null instance:&prompt.user; kinit
&prompt.user; rlogin grunt -l jane
MIT Project Athena (grunt.grondar.za)
Password:
Last login: Mon May 1 21:16:55 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995FirewallsContributed by &a.gpalmer; and &a.alex;.Firewalls are an area of increasing interest for people who are
connected to the Internet, and are even finding applications on private
networks to provide enhanced security. This section will hopefully
explain what firewalls are, how to use them, and how to use the
facilities provided in the FreeBSD kernel to implement them.People often think that having a firewall between your companies
internal network and the “Big Bad Internet” will solve all
your security problems.It may help, but a poorly setup firewall system is more of a
security risk than not having one at all. A firewall can only add
another layer of security to your systems, but they will not be able
to stop a really determined cracker from penetrating your internal
network. If you let internal security lapse because you believe your
firewall to be impenetrable, you have just made the crackers job that
bit easier.What is a firewall?There are currently two distinct types of firewalls in common use
on the Internet today. The first type is more properly called a
packet filtering router, where the kernel on a
multi-homed machine chooses whether to forward or block packets based
on a set of rules. The second type, known as proxy
servers, rely on daemons to provide authentication and to
forward packets, possibly on a multi-homed machine which has kernel
packet forwarding disabled.Sometimes sites combine the two types of firewalls, so that only a
certain machine (known as a bastion host) is
allowed to send packets through a packet filtering router onto an
internal network. Proxy services are run on the bastion host, which
are generally more secure than normal authentication
mechanisms.FreeBSD comes with a kernel packet filter (known as
IPFW), which is what the rest of this
section will concentrate on. Proxy servers can be built on FreeBSD
from third party software, but there is such a variety of proxy
servers available that it would be impossible to cover them in this
document.Packet filtering routersA router is a machine which forwards packets between two or more
networks. A packet filtering router has an extra piece of code in
its kernel, which compares each packet to a list of rules before
deciding if it should be forwarded or not. Most modern IP routing
software has packet filtering code in it, which defaults to
forwarding all packets. To enable the filters, you need to define a
set of rules for the filtering code, so that it can decide if the
packet should be allowed to pass or not.To decide if a packet should be passed on or not, the code looks
through its set of rules for a rule which matches the contents of
this packets headers. Once a match is found, the rule action is
obeyed. The rule action could be to drop the packet, to forward the
packet, or even to send an ICMP message back to the originator.
Only the first match counts, as the rules are searched in order.
Hence, the list of rules can be referred to as a “rule
chain”.The packet matching criteria varies depending on the software
used, but typically you can specify rules which depend on the source
IP address of the packet, the destination IP address, the source
port number, the destination port number (for protocols which
support ports), or even the packet type (UDP, TCP, ICMP,
etc).Proxy serversProxy servers are machines which have had the normal system
daemons (telnetd, ftpd, etc) replaced with special servers. These
servers are called proxy servers as they
normally only allow onward connections to be made. This enables you
to run (for example) a proxy telnet server on your firewall host,
and people can telnet in to your firewall from the outside, go
through some authentication mechanism, and then gain access to the
internal network (alternatively, proxy servers can be used for
signals coming from the internal network and heading out).Proxy servers are normally more secure than normal servers, and
often have a wider variety of authentication mechanisms available,
including “one-shot” password systems so that even if
someone manages to discover what password you used, they will not be
able to use it to gain access to your systems as the password
instantly expires. As they do not actually give users access to the
host machine, it becomes a lot more difficult for someone to install
backdoors around your security system.Proxy servers often have ways of restricting access further, so
that only certain hosts can gain access to the servers, and often
they can be set up so that you can limit which users can talk to
which destination machine. Again, what facilities are available
depends largely on what proxy software you choose.What does IPFW allow me to do?IPFW, the software supplied with
FreeBSD, is a packet filtering and accounting system which resides in
the kernel, and has a user-land control utility,
&man.ipfw.8;. Together, they allow you to define and query the
rules currently used by the kernel in its routing decisions.There are two related parts to IPFW.
The firewall section allows you to perform packet filtering. There is
also an IP accounting section which allows you to track usage of your
router, based on similar rules to the firewall section. This allows
you to see (for example) how much traffic your router is getting from
a certain machine, or how much WWW (World Wide Web) traffic it is
forwarding.As a result of the way that IPFW is
designed, you can use IPFW on non-router
machines to perform packet filtering on incoming and outgoing
connections. This is a special case of the more general use of
IPFW, and the same commands and techniques
should be used in this situation.Enabling IPFW on FreeBSDAs the main part of the IPFW system
lives in the kernel, you will need to add one or more options to your
kernel configuration file, depending on what facilities you want, and
recompile your kernel. See reconfiguring
the kernel for more details on how to recompile your
kernel.There are currently three kernel configuration options relevant to
IPFW:options IPFIREWALLCompiles into the kernel the code for packet
filtering.options IPFIREWALL_VERBOSEEnables code to allow logging of packets through
&man.syslogd.8;. Without this option, even if you specify
that packets should be logged in the filter rules, nothing will
happen.options IPFIREWALL_VERBOSE_LIMIT=10Limits the number of packets logged through
&man.syslogd.8; on a per entry basis. You may wish to use
this option in hostile environments in which you want to log
firewall activity, but do not want to be open to a denial of
service attack via syslog flooding.When a chain entry reaches the packet limit specified,
logging is turned off for that particular entry. To resume
logging, you will need to reset the associated counter using the
&man.ipfw.8; utility:&prompt.root; ipfw zero 4500Where 4500 is the chain entry you wish to continue
logging.Previous versions of FreeBSD contained an
IPFIREWALL_ACCT option. This is now obsolete as
the firewall code automatically includes accounting
facilities.Configuring IPFWThe configuration of the IPFW software
is done through the &man.ipfw.8; utility. The syntax for this
command looks quite complicated, but it is relatively simple once you
understand its structure.There are currently four different command categories used by the
utility: addition/deletion, listing, flushing, and clearing.
Addition/deletion is used to build the rules that control how packets
are accepted, rejected, and logged. Listing is used to examine the
contents of your rule set (otherwise known as the chain) and packet
counters (accounting). Flushing is used to remove all entries from
the chain. Clearing is used to zero out one or more accounting
entries.Altering the IPFW rulesThe syntax for this form of the command is:
ipfw-NcommandindexactionlogprotocoladdressesoptionsThere is one valid flag when using this form of the
command:-NResolve addresses and service names in output.The command given can be shortened to the
shortest unique form. The valid commands
are:addAdd an entry to the firewall/accounting rule listdeleteDelete an entry from the firewall/accounting rule
listPrevious versions of IPFW used
separate firewall and accounting entries. The present version
provides packet accounting with each firewall entry.If an index value is supplied, it used to
place the entry at a specific point in the chain. Otherwise, the
entry is placed at the end of the chain at an index 100 greater than
the last chain entry (this does not include the default policy, rule
65535, deny).The log option causes matching rules to be
output to the system console if the kernel was compiled with
IPFIREWALL_VERBOSE.Valid actions are:rejectDrop the packet, and send an ICMP host or port unreachable
(as appropriate) packet to the source.allowPass the packet on as normal. (aliases:
pass and
accept)denyDrop the packet. The source is not notified via an
ICMP message (thus it appears that the packet never
arrived at the destination).countUpdate packet counters but do not allow/deny the packet
based on this rule. The search continues with the next chain
entry.Each action will be recognized by the
shortest unambiguous prefix.The protocols which can be specified
are:allMatches any IP packeticmpMatches ICMP packetstcpMatches TCP packetsudpMatches UDP packetsThe address specification is:fromaddress/maskporttoaddress/markportvia interfaceYou can only specify port in
conjunction with protocols which support ports
(UDP and TCP).The is optional and may specify the IP
address or domain name of a local IP interface, or an interface name
(e.g. ed0) to match only packets coming
through this interface. Interface unit numbers can be specified
with an optional wildcard. For example, ppp*
would match all kernel PPP interfaces.The syntax used to specify an
address/mask is:
address
or
address/mask-bits
or
address:mask-patternA valid hostname may be specified in place of the IP address.
is a decimal
number representing how many bits in the address mask should be set.
e.g. specifying 192.216.222.1/24 will create a
mask which will allow any address in a class C subnet (in this case,
192.216.222) to be matched.
is an IP
address which will be logically AND'ed with the address given. The
keyword any may be used to specify “any IP
address”.The port numbers to be blocked are specified as:
port,port,port…
to specify either a single port or a list of ports, or
port-port
to specify a range of ports. You may also combine a single range
with a list, but the range must always be specified first.The options available are:fragMatches if the packet is not the first fragment of the
datagram.inMatches if the packet is on the way in.outMatches if the packet is on the way out.ipoptions specMatches if the IP header contains the comma separated list
of options specified in spec. The
supported list of IP options are: ssrr
(strict source route), lsrr (loose source
route), rr (record packet route), and
ts (timestamp). The absence of a
particular option may be denoted with a leading
!.establishedMatches if the packet is part of an already established
TCP connection (i.e. it has the RST or ACK bits set). You can
optimize the performance of the firewall by placing
established rules early in the
chain.setupMatches if the packet is an attempt to establish a TCP
connection (the SYN bit set is set but the ACK bit is
not).tcpflags flagsMatches if the TCP header contains the comma separated
list of flags. The supported flags
are fin, syn,
rst, psh,
ack, and urg. The
absence of a particular flag may be indicated by a leading
!.icmptypes typesMatches if the ICMP type is present in the list
types. The list may be specified
as any combination of ranges and/or individual types separated
by commas. Commonly used ICMP types are: 0
echo reply (ping reply), 3 destination
unreachable, 5 redirect,
8 echo request (ping request), and
11 time exceeded (used to indicate TTL
expiration as with &man.traceroute.8;).Listing the IPFW rulesThe syntax for this form of the command is:
ipfw-a-t-NlThere are three valid flags when using this form of the
command:-aWhile listing, show counter values. This option is the
only way to see accounting counters.-tDisplay the last match times for each chain entry. The
time listing is incompatible with the input syntax used by the
&man.ipfw.8; utility.-NAttempt to resolve given addresses and service
names.Flushing the IPFW rulesThe syntax for flushing the chain is:
ipfwflushThis causes all entries in the firewall chain to be removed
except the fixed default policy enforced by the kernel (index
65535). Use caution when flushing rules, the default deny policy
will leave your system cut off from the network until allow entries
are added to the chain.Clearing the IPFW packet countersThe syntax for clearing one or more packet counters is:
ipfwzeroindexWhen used without an index argument,
all packet counters are cleared. If an
index is supplied, the clearing operation
only affects a specific chain entry.Example commands for ipfwThis command will deny all packets from the host evil.crackers.org to the telnet port of the
host nice.people.org by being forwarded
by the router:&prompt.root ipfw add deny tcp from evil.crackers.org to nice.people.org 23The next example denies and logs any TCP traffic from the entire
crackers.org network (a class C) to
the nice.people.org machine (any
port).&prompt.root; ipfw add deny log tcp from evil.crackers.org/24 to nice.people.orgIf you do not want people sending X sessions to your internal
network (a subnet of a class C), the following command will do the
necessary filtering:&prompt.root; ipfw add deny tcp from any to my.org/28 6000 setupTo see the accounting records:
&prompt.root; ipfw -a list
or in the short form
&prompt.root; ipfw -a lYou can also see the last time a chain entry was matched
with:&prompt.root; ipfw -at lBuilding a packet filtering firewallThe following suggestions are just that: suggestions. The
requirements of each firewall are different and I cannot tell you
how to build a firewall to meet your particular requirements.When initially setting up your firewall, unless you have a test
bench setup where you can configure your firewall host in a controlled
environment, I strongly recommend you use the logging version of the
commands and enable logging in the kernel. This will allow you to
quickly identify problem areas and cure them without too much
disruption. Even after the initial setup phase is complete, I
recommend using the logging for of `deny' as it allows tracing of
possible attacks and also modification of the firewall rules if your
requirements alter.If you use the logging versions of the accept
command, it can generate large amounts of log
data as one log line will be generated for every packet that passes
through the firewall, so large ftp/http transfers, etc, will really
slow the system down. It also increases the latencies on those
packets as it requires more work to be done by the kernel before the
packet can be passed on. syslogd with also start using up a lot
more processor time as it logs all the extra data to disk, and it
could quite easily fill the partition /var/log
is located on.You should enable your firewall from
/etc/rc.conf.local or
/etc/rc.conf. The associated manpage explains
which knobs to fiddle and lists some preset firewall configurations.
If you do not use a preset configuration, ipfw list
will output the current ruleset into a file that you can
pass to rc.conf. If you do not use
/etc/rc.conf.local or
/etc/rc.conf to enable your firewall,
it is important to make sure your firewall is enabled before
any IP interfaces are configured.
The next problem is what your firewall should actually
do! This is largely dependent on what access to
your network you want to allow from the outside, and how much access
to the outside world you want to allow from the inside. Some general
rules are:Block all incoming access to ports below 1024 for TCP. This is
where most of the security sensitive services are, like finger,
SMTP (mail) and telnet.Block all incoming UDP traffic. There
are very few useful services that travel over UDP, and what useful
traffic there is is normally a security threat (e.g. Suns RPC and
NFS protocols). This has its disadvantages also, since UDP is a
connectionless protocol, denying incoming UDP traffic also blocks
the replies to outgoing UDP traffic. This can cause a problem for
people (on the inside) using external archie (prospero) servers.
If you want to allow access to archie, you'll have to allow
packets coming from ports 191 and 1525 to any internal UDP port
through the firewall. ntp is another service you may consider
allowing through, which comes from port 123.Block traffic to port 6000 from the outside. Port 6000 is the
port used for access to X11 servers, and can be a security threat
(especially if people are in the habit of doing xhost
+ on their workstations). X11 can actually use a
range of ports starting at 6000, the upper limit being how many X
displays you can run on the machine. The upper limit as defined
by RFC 1700 (Assigned Numbers) is 6063.Check what ports any internal servers use (e.g. SQL servers,
etc). It is probably a good idea to block those as well, as they
normally fall outside the 1-1024 range specified above.Another checklist for firewall configuration is available from
CERT at ftp://ftp.cert.org/pub/tech_tips/packet_filteringAs I said above, these are only guidelines.
You will have to decide what filter rules you want to use on your
firewall yourself. I cannot accept ANY responsibility if someone
breaks into your network, even if you follow the advice given
above.
diff --git a/en_US.ISO_8859-1/books/handbook/staff/chapter.sgml b/en_US.ISO_8859-1/books/handbook/staff/chapter.sgml
index 31288cb6a8..f906ca12c8 100644
--- a/en_US.ISO_8859-1/books/handbook/staff/chapter.sgml
+++ b/en_US.ISO_8859-1/books/handbook/staff/chapter.sgml
@@ -1,869 +1,869 @@
FreeBSD Project StaffThe FreeBSD Project is managed and operated by the following groups of
people:The FreeBSD Core TeamThe FreeBSD core team constitutes the project's “Board of
Directors”, responsible for deciding the project's overall goals
and direction as well as managing specific
areas of the FreeBSD project landscape.(in alphabetical order by last name):&a.asami;&a.jmb;&a.ache;&a.bde;&a.gibbs;&a.dg;&a.jkh;&a.phk;&a.rich;&a.gpalmer;&a.jdp;&a.dfr;&a.sos;&a.peter;&a.wollman;&a.joerg;The FreeBSD DevelopersThese are the people who have commit privileges and do the
engineering work on the FreeBSD source tree. All core team members are
also developers.&a.ugen;&a.mbarkah;&a.stb;&a.pb;&a.abial;&a.jb;&a.torstenb;&a.dburr;&a.charnier;&a.luoqi;&a.ejc;&a.kjc;&a.gclarkii;&a.archie;&a.alc;&a.cracauer;&a.adam;&a.dillon;&a.dufault;&a.uhclem;&a.tegge;&a.eivind;&a.julian;&a.rse;&a.ru;&a.se;&a.jasone;&a.sef;&a.green;&a.fenner;&a.jfieber;&a.jfitz;&a.scrappy;&a.lars;&a.dirk;&a.shige;&a.billf;&a.gallatin;&a.tg;&a.brandon;&a.graichen;&a.jgreco;&a.rgrimes;&a.jmg;&a.hanai;&a.mharo;&a.thepish;&a.jhay;&a.sheldonh;&a.helbig;&a.ghelmer;&a.erich;&a.nhibma;&a.flathill;&a.hosokawa;&a.hsu;&a.foxfair;&a.tom;&a.mph;&a.itojun;&a.iwasaki;&a.mjacob;&a.gj;&a.nsj;&a.ljo;&a.kato;&a.andreas;&a.motoyuki;&a.jkoshy;&a.kuriyama;&a.grog;&a.jlemon;&a.truckman;&a.imp;&a.jmacd;&a.smace;&a.mckay;&a.mckusick;&a.ken;&a.hm;&a.tedm;&a.amurai;&a.markm;&a.max;&a.alex;&a.newton;&a.rnordier;&a.davidn;&a.obrien;&a.danny;&a.ljo;&a.fsmp;&a.smpatel;&a.wpaul;&a.wes;&a.cpiazza;&a.steve;&a.mpp;&a.jraynard;&a.darrenr;&a.csgr;&a.martin;&a.paul;&a.roberto;&a.chuckr;&a.guido;&a.dima;&a.sada;&a.nsayer;&a.wosch;&a.ats;&a.dick;&a.jseger;&a.simokawa;&a.vanilla;&a.msmith;&a.des;&a.brian;&a.mks;&a.stark;&a.karl;&a.taoka;&a.dt;&a.cwt;&a.pst;&a.hoek;&a.nectar;&a.swallace;&a.dwhite;&a.nate;&a.yokota;&a.jmz;The FreeBSD Documentation Project
- The FreeBSD
+ The FreeBSD
Documentation Project is responsible for a number of different
services, each service being run by an individual and his
deputies (if any):Documentation Project Manager&a.nik;Webmaster&a.wosch;Handbook & FAQ Editor&a.faq;News Editor&a.nsj;Deputy: &a.john;In the Press Editor&a.jkoshyFreeBSD Really-Quick NewsLetter EditorChris Coleman chrisc@vmunix.comGallery Editor&a.nsj;Deputy: &a.cawimm;Commercial Editor&a.nik;Web Changes Editor-LinuxDoc to DocBook conversion&a.nik;Who Is Responsible for WhatPrincipal Architect&a.dg;Documentation
+ url="http://www.FreeBSD.org/docproj/docproj.html">Documentation
Project Manager&a.nik;Internationalization&a.ache;Networking&a.wollman;Postmaster&a.jmb;Release Coordinator&a.jkh;Public Relations & Corporate Liaison&a.jkh;
- Security
+ Security
Officer&a.imp;
- Source
+ Source
Repository ManagersPrincipal: &a.peter;Assistant: &a.jdp;International (Crypto): &a.markm;
- Ports
+ Ports
Manager&a.asami;XFree86 Project, Inc. Liaison&a.rich;Usenet Support&a.joerg;
- GNATS
+ GNATS
Administrator&a.steve;Webmaster
+ url="http://www.FreeBSD.org/internal/">Webmaster
&a.wosch;
diff --git a/en_US.ISO_8859-1/books/porters-handbook/book.sgml b/en_US.ISO_8859-1/books/porters-handbook/book.sgml
index a8e0342e5d..0aedc236a2 100644
--- a/en_US.ISO_8859-1/books/porters-handbook/book.sgml
+++ b/en_US.ISO_8859-1/books/porters-handbook/book.sgml
@@ -1,4610 +1,4610 @@
Installing Applications: The Ports collectionContributed by &a.jraynard;.The FreeBSD Ports collection allows you to compile and install a very
wide range of applications with a minimum of effort.For all the hype about open standards, getting a program to work on
different versions of Unix in the real world can be a tedious and tricky
business, as anyone who has tried it will know. You may be lucky enough
to find that the program you want will compile cleanly on your system,
install itself in all the right places and run flawlessly “out of
the box”, but this is unfortunately rather rare. With most
programs, you will find yourself doing a fair bit of head-scratching, and
there are quite a few programs that will result in premature greying, or
even chronic alopecia...Some software distributions have attacked this problem by providing
configuration scripts. Some of these are very clever, but they have an
unfortunate tendency to triumphantly announce that your system is
something you have never heard of and then ask you lots of questions that
sound like a final exam in system-level Unix programming (Does
your system's gethitlist function return a const pointer to a fromboz or
a pointer to a const fromboz? Do you have Foonix style unacceptable
exception handling? And if not, why not?).Fortunately, with the Ports collection, all the hard work involved has
already been done, and you can just type make install
and get a working program.Why Have a Ports Collection?The base FreeBSD system comes with a very wide range of tools and
system utilities, but a lot of popular programs are not in the base
system, for good reasons:-Programs that some people cannot live without and other people
cannot stand, such as a certain Lisp-based editor.Programs which are too specialised to put in the base system
(CAD, databases).Programs which fall into the “I must have a look at that
when I get a spare minute” category, rather than
system-critical ones (some languages, perhaps).Programs that are far too much fun to be supplied with a serious
operating system like FreeBSD ;-)However many programs you put in the base system, people will
always want more, and a line has to be drawn somewhere (otherwise
FreeBSD distributions would become absolutely enormous).Obviously it would be unreasonable to expect everyone to port their
favourite programs by hand (not to mention a tremendous amount of
duplicated work), so the FreeBSD Project came up with an ingenious way
of using standard tools that would automate the process.Incidentally, this is an excellent illustration of how “the
Unix way” works in practice by combining a set of simple but very
flexible tools into something very powerful.How Does the Ports Collection Work?Programs are typically distributed on the Internet as a tarball consisting of a Makefile and
the source code for the program and usually some instructions (which are
unfortunately not always as instructive as they could be), with perhaps
a configuration script.The standard scenario is that you FTP down the tarball, extract it
somewhere, glance through the instructions, make any changes that seem
necessary, run the configure script to set things up and use the
standard make program to compile and install the
program from the source.FreeBSD ports still use the tarball mechanism, but use a skeleton to hold the
"knowledge" of how to get the program working on FreeBSD,
rather than expecting the user to be able to work it out. They also
supply their own customised Makefile, so that almost every port
can be built in the same way.If you look at a port skeleton (either on your FreeBSD
system or the
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/ports/devel/ElectricFence">the
FTP site) and expect to find all sorts of pointy-headed rocket
science lurking there, you may be disappointed by the one or two rather
unexciting-looking files and directories you find there. (We will
discuss in a minute how to go about Getting a port).“How on earth can this do anything?” I hear you cry.
“There is no source code there!”Fear not, gentle reader, all will become clear (hopefully). Let us
see what happens if we try and install a port. I have chosen
ElectricFence, a useful tool for developers,
as the skeleton is more straightforward than most.If you are trying this at home, you will need to be root.&prompt.root; cd /usr/ports/devel/ElectricFence
&prompt.root; make install
>> Checksum OK for ElectricFence-2.0.5.tar.gz.
===> Extracting for ElectricFence-2.0.5
===> Patching for ElectricFence-2.0.5
===> Applying FreeBSD patches for ElectricFence-2.0.5
===> Configuring for ElectricFence-2.0.5
===> Building for ElectricFence-2.0.5
[lots of compiler output...]
===> Installing for ElectricFence-2.0.5
===> Warning: your umask is "0002". If this is not desired, set it to
an appropriate value and install this port again by ``make reinstall''.
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.a /usr/local/lib
install -c -o root -g wheel -m 444 /usr/ports/devel/ElectricFence/work/ElectricFence-2.0.5/libefence.3 /usr/local/man/man3
===> Compressing manual pages for ElectricFence-2.0.5
===> Registering installation for ElectricFence-2.0.5To avoid confusing the issue, I have completely removed the build
output.If you tried this yourself, you may well have got something like
this at the start:-&prompt.root; make install
>> ElectricFence-2.0.5.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://ftp.doc.ic.ac.uk/Mirrors/sunsite.unc.edu/pub/Linux/devel/lang/c/.The make program has noticed that you did not
have a local copy of the source code and tried to FTP it down so it
could get the job done. I already had the source handy in my example,
so it did not need to fetch it.Let's go through this and see what the make
program was doing.Locate the source code tarball. If it is not available
locally, try to grab it from an FTP site.Run a checksum test on the
tarball to make sure it has not been tampered with, accidentally
truncated, downloaded in ASCII mode, struck by neutrinos while in
transit, etc.Extract the tarball into a temporary work directory.Apply any patches needed to
get the source to compile and run under FreeBSD.Run any configuration script required by the build process and
correctly answer any questions it asks.(Finally!) Compile the code.Install the program executable and other supporting files, man
pages, etc. under the /usr/local hierarchy
(unless this is an X11 program,
then it will be under /usr/X11R6),
where they will not get mixed up with system programs. This also
makes sure that all the ports you install will go in the same place,
instead of being flung all over your system.Register the installation in a database. This means that, if
you do not like the program, you can cleanly remove all traces of it from your
system.Scroll up to the make output and see if you can
match these steps to it. And if you were not impressed before, you
should be by now!Getting a FreeBSD PortThere are two ways of getting hold of the FreeBSD port for a
program. One requires a FreeBSD CDROM,
the other involves using an Internet
Connection.Compiling ports from CDROMAssuming that your FreeBSD CDROM is in the drive and mounted on
/cdrom (and the mount point
must be /cdrom), you should
then be able to build ports just as you normally do and the port
collection's built in search path should find the tarballs in
/cdrom/ports/distfiles/ (if they exist there)
rather than downloading them over the net.Another way of doing this, if you want to just use the port
skeletons on the CDROM, is to set these variables in
/etc/make.conf:
PORTSDIR= /cdrom/ports
DISTDIR= /tmp/distfiles
WRKDIRPREFIX= /tmpSubstitute /tmp for any place you have enough
free space. Then, just cd to the appropriate
subdirectory under /cdrom/ports and type
make install as usual.
WRKDIRPREFIX will cause the port to be build under
/tmp/cdrom/ports; for instance,
games/oneko will be built under
/tmp/cdrom/ports/games/oneko.There are some ports for which we cannot provide the original
source in the CDROM due to licensing limitations. In that case, you
will need to look at the section on Compiling ports using an Internet
connection.Compiling ports from the InternetIf you do not have a CDROM, or you want to make sure you get the
very latest version of the port you want, you will need to download
the skeleton for the port. Now
this might sound like rather a fiddly job full of pitfalls, but it is
actually very easy.First, if you are running a release version of FreeBSD, make sure
you get the appropriate “upgrade kit” for your release
- from the ports web
+ from the ports web
page. These packages include files that have been updated
since the release that you may need to compile new ports.The key to the skeletons is that the FreeBSD FTP server can create
on-the-fly tarballs for you.
Here is how it works, with the gnats program in the databases
directory as an example (the bits in square brackets are comments. Do
not type them in if you are trying this yourself!):-&prompt.root; cd /usr/ports
&prompt.root; mkdir databases
&prompt.root; cd databases
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/ports/databasesftp>get gnats.tar
[tars up the gnats skeleton for us]
ftp>quit
&prompt.root; tar xf gnats.tar
[extract the gnats skeleton]
&prompt.root; cd gnats
&prompt.root; make install
[build and install gnats]What happened here? We connected to the FTP server in the usual
way and went to its databases sub-directory.
When we gave it the command get gnats.tar, the FTP
server tarred up the gnats
directory for us.We then extracted the gnats skeleton and went into the gnats
directory to build the port. As we explained earlier, the make process noticed we
did not have a copy of the source locally, so it fetched one before
extracting, patching and building it.Let us try something more ambitious now. Instead of getting a
single port skeleton, we will get a whole sub-directory, for example all
the database skeletons in the ports collection. It looks almost the
same:-&prompt.root; cd /usr/ports
-&prompt.root; ftp ftp.freebsd.org
+&prompt.root; ftp ftp.FreeBSD.org
[log in as `ftp' and give your email address when asked for a
password. Remember to use binary (also known as image) mode!]
ftp>cd /pub/FreeBSD/ports/portsftp>get databases.tar
[tars up the databases directory for us]
ftp>quit
&prompt.root; tar xf databases.tar
[extract all the database skeletons]
&prompt.root; cd databases
&prompt.root; make install
[build and install all the database ports]With half a dozen straightforward commands, we have now got a set
of database programs on our FreeBSD machine! All we did that was
different from getting a single port skeleton and building it was that
we got a whole directory at once, and compiled everything in it at
once. Pretty impressive, no?If you expect to be installing many ports, it is probably worth
downloading all the ports directories.SkeletonsA team of compulsive hackers who have forgotten to eat in a frantic
attempt to make a deadline? Something unpleasant lurking in the FreeBSD
attic? No, a skeleton here is a minimal framework that supplies
everything needed to make the ports magic work.MakefileThe most important component of a skeleton is the Makefile. This
contains various statements that specify how the port should be
compiled and installed. Here is the Makefile for
ElectricFence:-
# New ports collection makefile for: Electric Fence
# Version required: 2.0.5
# Date created: 13 November 1997
# Whom: jraynard
#
# $Id$
#
DISTNAME= ElectricFence-2.0.5
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_SUNSITE}
MASTER_SITE_SUBDIR= devel/lang/c
MAINTAINER= jraynard@freebsd.org
MAN3= libefence.3
do-install:
${INSTALL_DATA} ${WRKSRC}/libefence.a ${PREFIX}/lib
${INSTALL_MAN} ${WRKSRC}/libefence.3 ${PREFIX}/man/man3
.include <bsd.port.mk>The lines beginning with a "#" sign are comments for the
benefit of human readers (as in most Unix script files).DISTNAME specifies the name of the tarball, but without the
extension.CATEGORIES states what kind of program this is.
In this case, a utility for developers. See the categories section of this
handbook for a complete list.MASTER_SITES is the URL(s) of the master FTP
site, which is used to retrieve the tarball if it is not available on the
local system. This is a site which is regarded as reputable, and is
normally the one from which the program is officially distributed (in
so far as any software is "officially" distributed on the
Internet).MAINTAINER is the email address of the person
who is responsible for updating the skeleton if, for example a new
version of the program comes out.Skipping over the next few lines for a minute, the line
.include <bsd.port.mk> says that the other
statements and commands needed for this port are in a standard file
called bsd.port.mk. As these are the same for
all ports, there is no point in duplicating them all over the place,
so they are kept in a single standard file.This is probably not the place to go into a detailed examination
of how Makefiles work; suffice it to say that the line starting with
MAN3 ensures that the ElectricFence man page is
compressed after installation, to help conserve your precious disk
space. The original port did not provide an
install target, so the three lines from
do-install ensure that the files produced by
this port are placed in the correct destination.The files directoryThe file containing the checksum for the port is called
md5, after the MD5 algorithm used for ports
checksums. It lives in a directory with the slightly confusing name
of files.This directory can also contain other miscellaneous files that are
required by the port and do not belong anywhere else.The patches directoryThis directory contains the patches needed to make everything work
properly under FreeBSD.The pkg directoryThis program contains three quite useful files:-COMMENT — a one-line description of
the program.DESCR — a more detailed
description.PLIST — a list of all the files
that will be created when the program is installed.What to do when a port does not work.Oh. You can do one of four (4) things :Fix it yourself. Technical details on how ports work can be
found in Porting applications.Gripe. This is done by e-mail only! Send
such e-mail to the maintainer of the port, first. Type
make maintainer or read the
Makefile to find the maintainer's email
address. Remember to include the name/version of
the port (copy the $Id: line from the
Makefile), and the output leading up-to the
error, inclusive. If you do not get a satisfactory response,
you can try filing a bug report with send-pr.
Forget it. This is the easiest for most — very few of the
programs in ports can be classified as essential!Grab the pre-compiled package from a ftp server. The
“master” package collection is on FreeBSD's FTP server
in the packages
directory, though check your local mirror first, please!
These are more likely to work (on the whole) than trying to compile
from source and a lot faster besides! Use the &man.pkg.add.1;
program to install a package file on your
system.Some Questions and AnswersQ. I thought this was going to be a discussion about
modems??!A. Ah. You must be thinking of the serial ports on the back of
your computer. We are using “port” here to mean the
result of “porting” a program from one version of Unix
to another. (It is an unfortunate bad habit of computer people to
use the same word to refer to several completely different
things).Q. I thought you were supposed to use packages to install extra
programs?A. Yes, that is usually the quickest and easiest way of doing
it.Q. So why bother with ports then?A. Several reasons:-The licensing conditions on some software distributions
require that they be distributed as source code, not
binaries.Some people do not trust binary distributions. At least
with source code you can (in theory) read through it and look
for potential problems yourself.If you have some local patches, you will need the source to
add them yourself.You might have opinions on how a program should be compiled
that differ from the person who did the package — some
people have strong views on what optimisation setting should be
used, whether to build debug versions and then strip them or
not, etc. etc.Some people like having code around, so they can read it if
they get bored, hack around with it, borrow from it (licence
terms permitting, of course!) and so on.If you ain't got the source, it ain't software! ;-) Q. What is a patch?A. A patch is a small (usually) file that specifies how to go
from one version of a file to another. It contains text that says,
in effect, things like “delete line 23”, “add
these two lines after line 468” or “change line 197 to
this”. Also known as a “diff”, since it is
generated by a program of that name. Q. What is all this about
tarballs?A. It is a file ending in .tar or
.tar.gz (with variations like
.tar.Z, or even .tgz if
you are trying to squeeze the names into a DOS filesystem).Basically, it is a directory tree that has been archived into a
single file (.tar) and optionally compressed
(.gz). This technique was originally used for
Tape ARchives (hence the
name tar), but it is a widely used way of
distributing program source code around the Internet.You can see what files are in them, or even extract them
yourself, by using the standard Unix tar program, which comes with
the base FreeBSD system, like this:-&prompt.user; tar tvzf foobar.tar.gz
&prompt.user; tar xzvf foobar.tar.gz
&prompt.user; tar tvf foobar.tar
&prompt.user; tar xvf foobar.tar Q. And a checksum?A. It is a number generated by adding up all the data in the
file you want to check. If any of the characters change, the
checksum will no longer be equal to the total, so a simple
comparison will allow you to spot the difference. (In practice, it
is done in a more complicated way to spot problems like
position-swapping, which will not show up with a simplistic
addition).Q. I did what you said for compiling
ports from a CDROM and it worked great until I tried to
install the kermit port:-&prompt.root; make install
>> cku190.tar.gz doesn't seem to exist on this system.
>> Attempting to fetch from ftp://kermit.columbia.edu/kermit/archives/.Why can it not be found? Have I got a dud CDROM?A. The licensing terms for kermit do not allow us to put the
tarball for it on the CDROM, so you will have to fetch it by hand
— sorry! The reason why you got all those error messages was
because you were not connected to the Internet at the time. Once
you have downloaded it from any of the sites above, you can re-start
the process (try and choose the nearest site to you, though, to save
your time and the Internet's bandwidth).Q. I did that, but when I tried to put it into
/usr/ports/distfiles I got some error about not
having permission.A. The ports mechanism looks for the tarball in
/usr/ports/distfiles, but you will not be able
to copy anything there because it is sym-linked to the CDROM, which
is read-only. You can tell it to look somewhere else by
doing&prompt.root; make DISTDIR=/where/you/put/it installQ. Does the ports scheme only work if you have everything in
/usr/ports? My system administrator says I must
put everything under
/u/people/guests/wurzburger, but it does not
seem to work.A. You can use the PORTSDIR and
PREFIX variables to tell the ports mechanism to
use different directories. For instance,&prompt.root; make PORTSDIR=/u/people/guests/wurzburger/ports installwill compile the port in
/u/people/guests/wurzburger/ports and install
everything under /usr/local.&prompt.root; make PREFIX=/u/people/guests/wurzburger/local installwill compile it in /usr/ports and install
it in /u/people/guests/wurzburger/local.And of course&prompt.root; make PORTSDIR=.../ports PREFIX=.../local installwill combine the two (it is too long to fit on the page if I
write it in full, but I am sure you get the idea).If you do not fancy typing all that in every time you install a
port (and to be honest, who would?), it is a good idea to put these
variables into your environment.Q. I do not have a FreeBSD CDROM, but I would like to have all
the tarballs handy on my system so I do not have to wait for a
download every time I install a port. Is there an easy way to get
them all at once?A. To get every single tarball for the ports collection,
do&prompt.root; cd /usr/ports
&prompt.root; make fetchFor all the tarballs for a single ports directory, do&prompt.root; cd /usr/ports/directory
&prompt.root; make fetchand for just one port — well, I think you have guessed
already.Q. I know it is probably faster to fetch the tarballs from one
of the FreeBSD mirror sites close by. Is there any way to tell the
port to fetch them from servers other than ones listed in the
MASTER_SITES?A. Yes. If you know, for example, ftp.FreeBSD.ORG is much closer than sites
listed in MASTER_SITES, do as following
example.&prompt.root; cd /usr/ports/directory
&prompt.root; make MASTER_SITE_OVERRIDE=ftp://ftp.FreeBSD.ORG/pub/FreeBSD/ports/distfiles/ fetchQ. I want to know what files make is going to need before it
tries to pull them down.A. make fetch-list will display a list of
the files needed for a port.Q. Is there any way to stop the port from compiling? I want to
do some hacking on the source before I install it, but it is a bit
tiresome having to watch it and hit control-C every time.A. Doing make extract will stop it after it
has fetched and extracted the source code.Q. I am trying to make my own port and I want to be able to
stop it compiling until I have had a chance to see if my patches
worked properly. Is there something like make
extract, but for patches?A. Yep, make patch is what you want. You
will probably find the PATCH_DEBUG option useful
as well. And by the way, thank you for your efforts!Q. I have heard that some compiler options can cause bugs. Is
this true? How can I make sure that I compile ports with the right
settings?A. Yes, with version 2.6.3 of gcc (the
version shipped with FreeBSD 2.1.0 and 2.1.5), the
option could result in buggy code unless you
used the option as well.
(Most of the ports do not use ). You
should be able to specify the compiler options
used by something like&prompt.root; make CFLAGS='-O2 -fno-strength-reduce' installor by editing /etc/make.conf, but
unfortunately not all ports respect this. The surest way is to do
make configure, then go into the source directory
and inspect the Makefiles by hand, but this can get tedious if the
source has lots of sub-directories, each with their own
Makefiles.Q. There are so many ports it is hard to find the one I want.
Is there a list anywhere of what ports are available?A. Look in the INDEX file in
/usr/ports. If you would like to search the
ports collection for a keyword, you can do that too. For example,
you can find ports relevant to the LISP programming language
using:&prompt.user; cd /usr/ports
&prompt.user; make search key=lispQ. I went to install the foo port but the
system suddenly stopped compiling it and starting compiling the
bar port. What is going on?A. The foo port needs something that is
supplied with bar — for instance, if
foo uses graphics, bar might
have a library with useful graphics processing routines. Or
bar might be a tool that is needed to compile the
foo port. Q. I installed the
grizzle program from the ports and frankly it is
a complete waste of disk space. I want to delete it but I do not
know where it put all the files. Any clues?A. No problem, just do&prompt.root; pkg_delete grizzle-6.5Alternatively, you can do&prompt.root; cd /usr/ports/somewhere/grizzle
&prompt.root; make deinstall
Q. Hang on a minute, you have to know the version number to use
that command. You do not seriously expect me to remember that, do
you??A. Not at all, you can find it out by doing&prompt.root; pkg_info -a | grep grizzle
Information for grizzle-6.5:
grizzle-6.5 - the combined piano tutorial, LOGO interpreter and shoot 'em up arcade game.Q. Talking of disk space, the ports directory seems to be
taking up an awful lot of room. Is it safe to go in there and
delete things?A. Yes, if you have installed the program and are fairly
certain you will not need the source again, there is no point in
keeping it hanging around. The best way to do this is&prompt.root; cd /usr/ports
&prompt.root; make cleanwhich will go through all the ports subdirectories and delete
everything except the skeletons for each port.Q. I tried that and it still left all those tarballs or
whatever you called them in the distfiles
directory. Can I delete those as well?A. Yes, if you are sure you have finished with them, those can
go as well.Q. I like having lots and lots of programs to play with. Is
there any way of installing all the ports in one go?A. Just do&prompt.root; cd /usr/ports
&prompt.root; make installQ. OK, I tried that, but I thought it would take a very long
time so I went to bed and left it to get on with it. When I looked
at the computer this morning, it had only done three and a half
ports. Did something go wrong?A. No, the problem is that some of the ports need to ask you
questions that we cannot answer for you (eg “Do you want to
print on A4 or US letter sized paper?”) and they need to have
someone on hand to answer them.Q. I really do not want to spend all day staring at the
monitor. Any better ideas?A. OK, do this before you go to bed/work/the local
park:-&prompt.root cd /usr/ports
&prompt.root; make -DBATCH installThis will install every port that does not
require user input. Then, when you come back, do&prompt.root; cd /usr/ports
&prompt.root; make -DIS_INTERACTIVE installto finish the job.Q. At work, we are using frobble, which is
in your ports collection, but we have altered it quite a bit to get
it to do what we need. Is there any way of making our own packages,
so we can distribute it more easily around our sites?A. No problem, assuming you know how to make patches for your
changes:-&prompt.root; cd /usr/ports/somewhere/frobble
&prompt.root; make extract
&prompt.root; cd work/frobble-2.8
[Apply your patches]
&prompt.root; cd ../..
&prompt.root; make packageQ. This ports stuff is really clever. I am desperate to find
out how you did it. What is the secret?A. Nothing secret about it at all, just look at the
bsd.ports.mk and
bsd.ports.subdir.mk files in your makefiles
directory.Readers with an aversion to intricate shell-scripts are
advised not to follow this link...)Making a port yourselfContributed by &a.jkh;, &a.gpalmer;, &a.asami; &a.obrien;
and &a.hoek;. 28 August 1996.So, now you are interested in making your own port? Great!What follows are some guidelines for creating a new port for
FreeBSD. The bulk of the work is done by
/usr/ports/Mk/bsd.port.mk, which all port Makefiles
include. Please refer to that file for more details on the inner
workings of the ports collection. Even if you do not hack Makefiles
daily, it is well commented, and you will still gain much knowledge from
it.Only a fraction of the overridable variables
(VAR) are mentioned in
this document. Most (if not all) are documented at the start of
bsd.port.mk. This file users a non-standard tab
setting. Emacs and
Vim should recognise the setting on loading
the file. vi or ex can be set
to use the correct value by typing :set tabstop=4
once the file has been loaded.Quick PortingThis section tells you how to do a quick port. In many cases, it
is not enough, but we will see.First, get the original tarball and put it into
DISTDIR, which defaults to
/usr/ports/distfiles.The following assumes that the software compiled out-of-the-box,
i.e., there was absolutely no change required for the port to work
on your FreeBSD box. If you needed to change something, you will
have to refer to the next section too.Writing the MakefileThe minimal Makefile would look something
like this:
# New ports collection makefile for: oneko
# Version required: 1.1b
# Date created: 5 December 1994
# Whom: asami
#
# $Id$
#
DISTNAME= oneko-1.1b
CATEGORIES= games
MASTER_SITES= ftp://ftp.cs.columbia.edu/archives/X11R5/contrib/
MAINTAINER= asami@FreeBSD.ORG
MAN1= oneko.1
MANCOMPRESSED= yes
USE_IMAKE= yes
.include <bsd.port.mk>See if you can figure it out. Do not worry about the contents
of the $Id$ line, it will be filled in
automatically by CVS when the port is imported to our main ports
tree. You can find a more detailed example in the sample Makefile section.Writing the description filesThere are three description files that are required for any
port, whether they actually package or not. They are
COMMENT, DESCR, and
PLIST, and reside in the
pkg subdirectory.COMMENTThis is the one-line description of the port.
Please do not include the package name (or
version number of the software) in the comment. Here is an
example:
A cat chasing a mouse all over the screen.DESCRThis is a longer description of the port. One to a few
paragraphs concisely explaining what the port does is
sufficient.This is not a manual or an in-depth
description on how to use or compile the port! Please
be careful if you are copying from the
README or manpage; too often
they are not a concise description of the port or are in an
awkward format (e.g., manpages have justified spacing). If the
ported software has an official WWW homepage, you should list it
here. Prefix one of the websites with
WWW: so that automated tools will work
correctly.It is recommended that you sign your name at the end of this
file, as in:
This is a port of oneko, in which a cat chases a poor mouse all over
the screen.
:
(etc.)
WWW: http://www.oneko.org/
- Satoshi
asami@cs.berkeley.eduPLISTThis file lists all the files installed by the port. It is
also called the “packing list” because the package is
generated by packing the files listed here. The pathnames are
relative to the installation prefix (usually
/usr/local or
/usr/X11R6). If you are using the
MANn variables (as
you should be), do not list any manpages here.Here is a small example:
bin/oneko
lib/X11/app-defaults/Oneko
lib/X11/oneko/cat1.xpm
lib/X11/oneko/cat2.xpm
lib/X11/oneko/mouse.xpm
@dirrm lib/X11/onekoRefer to the &man.pkg.create.1; man page for details on the
packing list.You should list all the files, but not the name directories,
in the list. Also, if the port creates directories for itself
during installtion, make sure to add @dirrm
lines as necessary to remove them when the port is
deleted.It is recommended that you keep all the filenames in this
file sorted alphabetically. It will make verifying the changes
when you upgrade the port much easier.Creating a packing list manually can be a very tedious
task. If the port installs a large numbers of files, creating the packing list
automatically might save time.Creating the checksum fileJust type make makesum. The ports make rules
will automatically generate the file
files/md5.Testing the portYou should make sure that the port rules do exactly what you
want it to do, including packaging up the port. These are the
important points you need to verify.PLIST does not contain anything not
installed by your portPLIST contains everything that is
installed by your portYour port can be installed multiple times using the
reinstall targetYour port cleans up
after itself upon deinstallRecommended test orderingmake installmake packagemake deinstallpkg_add package-namemake deinstallmake reinstallmake packageMake sure that there are not any warnings issued in any of the
package and
deinstall stages, After step 3, check to
see if all the new directories are correctly deleted. Also, try
using the software after step 4, to ensure that is works correctly
when installed from a package.Checking your port with portlintPlease use portlint to see if your port
conforms to our guidelines. The portlint program
is part of the ports collection. In particular, your may want to
check if the Makefile is in
the right shape and the package is named
appropriately.Submitting the portFirst, make sure you have read the Do's and Dont's section.Now that you are happy with your port, the only thing remaining
is to put it in the main FreeBSD ports tree and make everybody else
happy about it too. We do not need your work
directory or the pkgname.tgz package, so delete
them now. Next, simply include the output of shar `find
port_dir` in a bug report and send it with the
&man.send-pr.1; program (see Bug
Reports and General Commentary for more information about
&man.send-pr.1;. If the uncompressed port is larger than 20KB,
you should compress it into a tarfile and use &man.uuencode.1;
before including it in the bug report (uuencoded tarfiles are
acceptable even if the bug report is smaller than 20KB but are not
preferred). Be sure to classify the bug report as category
ports and class
change-request. (Do not mark the report
confidential!)One more time, do not include the original source
distfile, the work directory, or the package
you built with make package.In the past, we asked you to upload new port submissions in
- our ftp site (ftp.freebsd.org). This
+ our ftp site (ftp.FreeBSD.org). This
is no longer recommended as read access is turned off on that
incoming/ directory of that site due to the
large amount of pirated software showing up there.We will look at your port, get back to you if necessary, and put
it in the tree. Your name will also appear in the list of
“Additional FreeBSD contributors” on the FreeBSD
Handbook and other files. Isn't that great?!? :)Slow PortingOk, so it was not that simple, and the port required some
modifications to get it to work. In this section, we will explain,
step by step, how to modify it to get it to work with the ports
paradigm.How things workFirst, this is the sequence of events which occurs when the user
first types make in your port's directory, and
you may find that having bsd.port.mk in another
window while you read this really helps to understand it.But do not worry if you do not really understand what
bsd.port.mk is doing, not many people do...
:>The fetch target is run. The
fetch target is responsible for making
sure that the tarball exists locally in
DISTDIR. If fetch
cannot find the required files in DISTDIR it
will look up the URL MASTER_SITES, which is
set in the Makefile, as well as our main ftp site at ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/,
+ URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/">ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/,
where we put sanctioned distfiles as backup. It will then
attempt to fetch the named distribution file with
FETCH, assuming that the requesting site has
direct access to the Internet. If that succeeds, it will save
the file in DISTDIR for future use and
proceed.The extract target is run. It
looks for your port's distribution file (typically a gzip'd
tarball) in DISTDIR and unpacks it into a
temporary subdirectory specified by WRKDIR
(defaults to work).The patch target is run. First,
any patches defined in PATCHFILES are
applied. Second, if any patches are found in
PATCHDIR (defaults to the
patches subdirectory), they are applied at
this time in alphabetical order.The configure target is run. This
can do any one of many different things.If it exists, scripts/configure is
run.If HAS_CONFIGURE or
GNU_CONFIGURE is set,
WRKSRC/configure is
run.If USE_IMAKE is set,
XMKMF (default: xmkmf
-a) is run.The build target is run. This is
responsible for descending into the port's private working
directory (WRKSRC) and building it. If
USE_GMAKE is set, GNU make
will be used, otherwise the system make will
be used.The above are the default actions. In addition, you can define
targets
pre-something or
post-something,
or put scripts with those names, in the scripts
subdirectory, and they will be run before or after the default
actions are done.For example, if you have a post-extract
target defined in your Makefile, and a file
pre-build in the scripts
subdirectory, the post-extract target will
be called after the regular extraction actions, and the
pre-build script will be executed before the
default build rules are done. It is recommended that you use
Makefile targets if the actions are simple
enough, because it will be easier for someone to figure out what
kind of non-default action the port requires.The default actions are done by the
bsd.port.mk targets
do-something.
For example, the commands to extract a port are in the target
do-extract. If you are not happy with the
default target, you can fix it by redefining the
do-something
target in your Makefile.The “main” targets (e.g.,
extract,
configure, etc.) do nothing more than
make sure all the stages up to that one are completed and call
the real targets or scripts, and they are not intended to be
changed. If you want to fix the extraction, fix
do-extract, but never ever touch
extract!Now that you understand what goes on when the user types
make, let us go through the recommended steps to
create the perfect port.Getting the original sourcesGet the original sources (normally) as a compressed tarball
(foo.tar.gz or
foo.tar.Z) and copy
it into DISTDIR. Always use
mainstream sources when and where you
can.If you cannot find a ftp/http site that is well-connected to the
net, or can only find sites that have irritatingly non-standard
formats, you might want to put a copy on a reliable ftp or http
server that you control (e.g., your home page). Make sure you set
MASTER_SITES to reflect your choice.If you cannot find somewhere convenient and reliable to put the
distfile (if you are a FreeBSD committer, you can just put it in
your public_html/ directory on
freefall), we can “house” it ourselves
by putting it on
- ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
+ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/LOCAL_PORTS/
as the last resort. Please refer to this location as
MASTER_SITE_LOCAL. Send mail to the &a.ports;if
you are not sure what to do.If your port's distfile changes all the time for no good reason,
consider putting the distfile in your home page and listing it as
the first MASTER_SITES. This will prevent users
from getting checksum mismatch errors, and
also reduce the workload of maintainers of our ftp site. Also, if
there isonly one master site for the port, it is recommended that
you house a backup at your site and list it as the second
MASTER_SITES.If your port requires some additional `patches' that are
available on the Internet, fetch them too and put them in
DISTDIR. Do not worry if they come from a site
other than where you got the main source tarball, we have a way to
handle these situations (see the description of PATCHFILES below).Modifying the portUnpack a copy of the tarball in a private directory and make
whatever changes are necessary to get the port to compile properly
under the current version of FreeBSD. Keep careful
track of everything you do, as you will be automating
the process shortly. Everything, including the deletion, addition
or modification of files should be doable using an automated script
or patch file when your port is finished.If your port requires significant user interaction/customization
to compile or install, you should take a look at one of Larry Wall's
classic Configure scripts and perhaps do
something similar yourself. The goal of the new ports collection is
to make each port as “plug-and-play” as possible for the
end-user while using a minimum of disk space.Unless explicitly stated, patch files, scripts, and other
files you have created and contributed to the FreeBSD ports
collection are assumed to be covered by the standard BSD copyright
conditions.PatchingIn the preparation of the port, files that have been added or
changed can be picked up with a recursive diff for later feeding to
patch. Each set of patches you wish to apply should be collected
into a file named
patch-xx where
xx denotes the sequence in which the
patches will be applied — these are done in
alphabetical order, thus aa
first, ab second and so on. These files should
be stored in PATCHDIR, from where they will be
automatically applied. All patches should be relative to
WRKSRC (generally the directory your port's
tarball unpacks itself into, that being where the build is done).
To make fixes and upgrades easier, you should avoid having more than
one patch fix the same file (e.g., patch-aa and
patch-ab both changing
WRKSRC/foobar.c).ConfiguringInclude any additional customization commands to your
configure script and save it in the
scripts subdirectory. As mentioned above, you
can also do this as Makefile targets and/or
scripts with the name pre-configure or
post-configure.Handling user inputIf your port requires user input to build, configure or install,
then set IS_INTERACTIVE in your Makefile. This
will allow “overnight builds” to skip your port if the
user sets the variable BATCH in his environment (and
if the user sets the variable INTERACTIVE, then
only those ports requiring interaction are
built).It is also recommended that if there are reasonable default
answers to the questions, you check the
PACKAGE_BUILDING variable and turn off the
interactive script when it is set. This will allow us to build the
packages for CD-ROMs and ftp.Configuring the MakefileConfiguring the Makefile is pretty simple, and again we suggest
that you look at existing examples before starting. Also, there is a
sample Makefile in this
handbook, so take a look and please follow the ordering of variables
and sections in that template to make your port easier for others to
read.Now, consider the following problems in sequence as you design
your new Makefile:The original sourceDoes it live in DISTDIR as a standard gzip'd
tarball? If so, you can go on to the next step. If not, you should
look at overriding any of the EXTRACT_CMD,
EXTRACT_BEFORE_ARGS,
EXTRACT_AFTER_ARGS,
EXTRACT_SUFX, or DISTFILES
variables, depending on how alien a format your port's distribution
file is. (The most common case is
EXTRACT_SUFX=.tar.Z, when the tarball is
condensed by regular compress, not gzip.)In the worst case, you can simply create your own
do-extract target to override the default,
though this should be rarely, if ever, necessary.DISTNAMEYou should set DISTNAME to be the base name
of your port. The default rules expect the distribution file list
(DISTFILES) to be named
DISTNAMEEXTRACT_SUFX which, if
it is a normal tarball, is going to be something like
foozolix-1.0.tar.gz for a setting of
DISTNAME=foozolix-1.0.The default rules also expect the tarball(s) to extract into a
subdirectory called
work/DISTNAME, e.g.
work/foozolix-1.0/.All this behavior can be overridden, of course; it simply
represents the most common time-saving defaults. For a port
requiring multiple distribution files, simply set
DISTFILES explicitly. If only a subset of
DISTFILES are actual extractable archives, then
set them up in EXTRACT_ONLY, which will override
the DISTFILES list when it comes to extraction,
and the rest will be just left in DISTDIR for
later use.PKGNAMEIf DISTNAME does not conform to our guidelines for a good package
name, you should set the PKGNAME
variable to something better. See the abovementioned guidelines for
more details.CATEGORIESWhen a package is created, it is put under
/usr/ports/packages/All and links are made from
one or more subdirectories of
/usr/ports/packages. The names of these
subdirectories are specified by the variable
CATEGORIES. It is intended to make life easier
for the user when he is wading through the pile of packages on the
ftp site or the CD-ROM. Please take a look at the existing categories and pick the ones
that are suitable for your port.This list also determines where in the ports tree the port is
imported. If you put more than one category here, it is assumed
that the port files will be put in the subdirectory with the name in
the first category. See the categories section for more
discussion about how to pick the right categories.If you port truly belongs to something that is different from
all the existing ones, you can even create a new category name. In
that case, please send mail to the &a.ports; to propose a new
category.There is no error checking for category names. make
package will happily create a new directory if you
mustype the category name, so be careful!MASTER_SITESRecord the directory part of the ftp/http-URL pointing at the
original tarball in MASTER_SITES. Do not forget
the trailing slash (/)!The make macros will try to use this
specification for grabbing the distribution file with
FETCH if they cannot find it already on the
system.It is recommended that you put multiple sites on this list,
preferably from different continents. This will safeguard against
wide-area network problems, and we are even planning to add support
for automatically determining the closest master site and fetching
from there!If the original tarball is part of one of the following popular
archives: X-contrib, GNU, Perl CPAN, TeX CTAN, or Linux Sunsite, you
refer to those sites in an easy compact form using
MASTER_SITE_XCONTRIB,
MASTER_SITE_GNU,
MASTER_SITE_PERL_CPAN,
MASTER_SITE_TEX_CTAN, and
MASTER_SITE_SUNSITE. Simply set
MASTER_SITE_SUBDIR to the path with in the
archive. Here is an example:
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applicationsThe user can also set the MASTER_SITE_*
variables in /etc/make.conf to override our
choices, and use their favorite mirrors of these popular archives
instead.PATCHFILESIf your port requires some additional patches that are available
by ftp or http, set PATCHFILES to the names of
the files and PATCH_SITES to the URL of the
directory that contains them (the format is the same as
MASTER_SITES).If the patch is not relative to the top of the source tree
(i.e., WKRSRC) because it contains some extra
pathnames, set PATCH_DIST_STRIP accordingly. For
instance, if all the pathnames in the patch have an extra
foozolix-1.0/ in front of the filenames, then set
PATCH_DIST_STRIP=-p1.Do not worry if the patches are compressed, they will be
decompressed automatically if the filenames end with
.gz or .Z.If the patch is distributed with some other files, such as
documentation, in a gzip'd tarball, you cannot just use
PATCHFILES. If that is the case, add the name
and the location of the patch tarball to
DISTFILES and MASTER_SITES.
Then, from the pre-patch target, apply the
patch either by running the patch command from there, or copying the
patch file into the PATCHDIR directory and
calling it
patch-xx.Note the tarball will have been extracted alongside the
regular source by then, so there is no need to explicitly extract
it if it is a regular gzip'd or compress'd tarball. If you do the
latter, take extra care not to overwrite something that already
exists in that directory. Also do not forget to add a command to
remove the copied patch in the pre-clean
target.MAINTAINERSet your mail-address here. Please. :)For detailed description of the responsibility of maintainers,
refer to MAINTAINER on
Makefiles section.DependenciesMany ports depend on other ports. There are five variables that
you can use to ensure that all the required bits will be on the
user's machine. There are also some pre-supported dependency
variables for common cases, plus a few more to control the behaviour
of dependencies.LIB_DEPENDSThis variable specifies the shared libraries this port depends
on. It is a list of
lib:dir:target
tuples where lib is the name of the
shared library, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. For example, LIB_DEPENDS=
jpeg.9:${PORTSDIR}/graphics/jpeg:install
will check for a shared jpeg library with major version 9, and
descend into the graphics/jpeg subdirectory
of your ports tree to build and install it if it is not found.
The target part can be omitted if it is
equal to DEPENDS_TARGET (which defaults to
install).The lib part is an argument given
to ldconfig -r | grep -wF. There shall be no
reqular expressions in this variable.The dependency is checked twice, once from within the
extract target and then from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system.RUN_DEPENDSThis variable specifies executables or files this port depends
on during run-time. It is a list of
path:dir:target
tuples where path is the name of the
executable or file, and dir is the
directory in which to find it in case it is not available, and
target is the target to call in that
directory. If path starts with a slash
(/), it is treated as a file and its existence
is tested with test -e; otherwise, it is
assumed to be an executable, and which -s is
used to determine if the program exists in the user's search
path.For example,
RUN_DEPENDS= ${PREFIX}/etc/innd:${PORTSDIR}/news/inn \
wish8.0:${PORTSDIR}/x11-toolkits/tk80will check if the file or directory
/usr/local/etc/innd exists, and build and
install it from the news/inn subdirectory of
the ports tree if it is not found. It will also see if an
executable called wish8.0 is in your search
path, and descend into the x11-toolkits/tk80
subdirectory of your ports tree to build and install it if it is
not found.In this case, innd is actually an
executable; if an executable is in a place that is not expected
to be in a normal user's search path, you should use the full
pathname.The dependency is checked from within the
install target. Also, the name of the
dependency is put in to the package so that
pkg_add will automatically install it if it is
not on the user's system. The target
part can be omitted if it is the same
DEPENDS_TARGET.BUILD_DEPENDSThis variable specifies executables or files this port
requires to build. Like RUN_DEPENDS, it is a
list of
path:dir:target
tuples. For example, BUILD_DEPENDS=
unzip:${PORTSDIR}/archivers/unzip will check
for an executable called unzip, and descend
into the archivers/unzip subdirectory of your
ports tree to build and install it if it is not found.“build” here means everything from extracting to
compilation. The dependency is checked from within the
extract target. The
target part can be omitted if it is
the same as DEPENDS_TARGETFETCH_DEPENDSThis variable specifies executables or files this port
requires to fetch. Like the previous two, it is a list of
path:dir:target
tuples. For example, FETCH_DEPENDS=
ncftp2:${PORTSDIR}/net/ncftp2 will check for an
executable called ncftp2, and descend into the
net/ncftp2 subdirectory of your ports tree to
build and install it if it is not found.The dependency is checked from within the
fetch target. The
target part can be omitted if it is the
same as DEPENDS_TARGET.DEPENDSIf there is a dependency that does not fall into either of the
above four categories, or your port requires to have the source of
the other port extracted in addition to having them installed,
then use this variable. This is a list of
dir:target,
as there is nothing to check, unlike the previous four. The
target part can be omitted if it is the
same as DEPENDS_TARGET.Common dependency variablesDefine USE_XLIB=yes if your port requires
the X Window System to be installed (it is implied by
USE_IMAKE). Define
USE_GMAKE=yes if your port requires GNU
make instead of BSD make.
Define USE_AUTOCONF=yes if your port requires
GNU autoconf to be run. Define USE_QT=yes if
your port uses the latest qt toolkit. Use
USE_PERL5=yes if your port requires version 5
of the perl language. (The last is especially important since
some versions of FreeBSD has perl5 as part of the base system
while others do not.)Notes on dependenciesAs mentioned above, the default target to call when a
dependency is required is DEPENDS_TARGET.
It defaults to install. This is a user
variable; is is never defined in a port's
Makefile. If your port needs a special way
to handle a dependency, use the :target part of
the *_DEPENDS variables instead of redefining
DEPENDS_TARGET.When you type make clean, its dependencies
are automatically cleaned too. If you do not wish this to happen,
define the variable NOCLEANDEPENDS in your
environment.To depend on another port unconditionally, it is customary to
use the string nonexistent as the first field
of BUILD_DEPENDS or
RUN_DEPENDS. Use this only when you need to
the to get to the source of the other port. You can often save
compilation time by specifying the target too. For
instance
BUILD_DEPENDS= /nonexistent:${PORTSDIR}/graphics/jpeg:extract
will always descend to the JPEG port and extract it.Do not use DEPENDS unless there is no other
way the behaviour you want can be accomplished. It will cause the
other port to be always build (and installed, by default), and the
dependency will go into the packages as well. If this is really
what you need, I recommend you write it as
BUILD_DEPENDS and
RUN_DEPENDS instead—at least the
intention will be clear.Building mechanismsIf your package uses GNU make, set
USE_GMAKE=yes. If your package uses
configure, set
HAS_CONFIGURE=yes. If your package uses GNU
configure, set
GNU_CONFIGURE=yes (this implies
HAS_CONFIGURE). If you want to give some extra
arguments to configure (the default argument list
--prefix=${PREFIX} for GNU
configure and empty for non-GNU
configure), set those extra arguments in
CONFIGURE_ARGS. If your package uses GNU
autoconf, set
USE_AUTOCONF=yes. This implies
GNU_CONFIGURE, and will cause
autoconf to be run before
configure.If your package is an X application that creates
Makefiles from Imakefiles
using imake, then set
USE_IMAKE=yes. This will cause the configure
stage to automatically do an xmkmf -a. If the
flag is a problem for your port, set
XMKMF=xmkmf. If the port uses
imake but does not understand the
install.man target,
NO_INSTALL_MANPAGES=yes should be set. In
addition, the author of the original port should be shot. :>If your port's source Makefile has
something else than all as the main build
target, set ALL_TARGET accordingly. Same goes
for install and
INSTALL_TARGET.Special considerationsThere are some more things you have to take into account when you
create a port. This section explains the most common of those.ldconfigIf your port installs a shared library, add a
post-install target to your
Makefile that runs ${LDCONFIG}
-m on the directory where the new library is installed
(usually PREFIX/lib) to
register it into the shared library cache.Also, add a matching @exec /sbin/ldconfig -m
and @unexec /sbin/ldconfig -R pair to your
pkg/PLIST file so that a user who installed the
package can start using the shared library immediately and
deinstallation will not cause the system to still believe the
library is there. These lines should immediately follow the line
for the shared library itself, as in:
lib/libtvl80.so.1
@exec /sbin/ldconfig -m %D/lib
@unexec /sbin/ldconfig -RNever, ever, ever add a line that says
ldconfig without any arguments to your
Makefile or pkg/PLIST.
This will reset the shared library cache to the contents of
/usr/lib only, and will royally screw up the
user's machine ("Help, xinit does not run anymore after I install
this port!"). Anybody who does this will be shot and cut in 65,536
pieces by a rusty knife and have is liver chopped out by a bunch of
crows and will eternally rot to death in the deepest bowels of hell
(not necessarily in that order…)ELF supportSince FreeBSD is moving to ELF shortly after 3.0-RELEASE, we need
to convert many ports that build shared libraries to support ELF.
Complicating this task is that a 3.0 system can run as both ELF and
a.out, and we wish to unofficially support the 2.2 as long as
possible. Below are the guidelines on how to convert a.out only ports
to support both a.out and ELF compilation.Some part of this list is only applicable during the conversion,
but will be left here for awhile for reference in case you have come
across some old port you wish to upgrade.Moving a.out libraries out of the wayA.out libraries should be moved out of
/usr/local/lib and similar to an
aout subdirectory. (If you do not move them out
of the way, ELF ports will happily overwrite a.out libraries.) The
move-aout-libs target in the 3.0-CURRENT
src/Makefile (called from
aout-to-elf) will do this for you. It will
only move a.out libs so it is safe to call it on a system with both
ELF and a.out libs in the standard directories.FormatThe ports tree will build packages in the format the machine is
in. This means a.out for 2.2 and a.out or ELF for 3.0 depending on
what `objformat` returns. Also, once users move
a.out libraries to a subdirectory, building a.out libraries will be
unsupported. (I.e., it may still work if you know what you are
doing, but you are on your own.)If a port only works for a.out, set
BROKEN_ELF to a string describing the reason
why. Such ports will be skipped during a build on an ELF
system.PORTOBJFORMATbsd.port.mk will set
PORTOBJFORMAT to aout or
elf and export it in the environments
CONFIGURE_ENV, SCRIPTS_ENV and
MAKE_ENV. (It's always going to be
aout in 2.2-STABLE). It is also passed to
PLIST_SUB as
PORTOBJFORMAT=${PORTOBJFORMAT}. (See comment on
ldconfig lines below.)The variable is set using this line in
bsd.port.mk:
PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aoutPorts' make processes should use this variable to decide what to
do. However, if the port's configure script
already automatically detects an ELF system, it is not necessary to
refer to PORTOBJFORMAT.Building shared librariesThe following are differences in handling shared libraries for
a.out and ELF.Shared library versionsAn ELF shared library should be called
libfoo.so.M
where M is the single version number,
and an a.out library should be called
libfoo.so.M.N
where M is the major version and
N is the the minor version number.
Do not mix those; never install an ELF
shared library called
libfoo.so.N.M
or an a.out shared library (or symlink) called
libfoo.so.N.Linker command linesAssuming cc -shared is used rather than
ld directly, the only difference is that you
need to add
on the command line for ELF.You need to install a symlink from
libfoo.so to
libfoo.so.N to make
ELF linkers happy. Since it should be listed in
PLIST too, and it won't hurt in the a.out case
(some ports even require the link for dynamic loading), you should
just make this link regardless of the setting of
PORTOBJFORMAT.LIB_DEPENDSAll port Makefiles are edited to remove minor numbers from
LIB_DEPENDS, and also to have the regexp support
removed. (E.g., foo\\.1\\.\\(33|40\\) becomes
foo.2.) They will be matched using grep
-wF.PLISTPLIST should contain the short (ELF) shlib
names if the a.out minor number is zero, and the long (a.out) names
otherwise. bsd.port.mk will automatically add
.0 to the end of short shlib lines if
PORTOBJFORMAT equals aout, and
will delete the minor number from long shlib names if
PORTOBJFORMAT equals
elf.In cases where you really need to install shlibs with two
versions on an ELF system or those with one version on an a.out
system (for instance, ports that install compatibility libraries for
other operating systems), define the variable
NO_FILTER_SHLIBS. This will turn off the editing
of PLIST mentioned in the previous
paragraph.ldconfigThe ldconfig line in Makefiles should
read:
${SETENV} OBJFORMAT=${PORTOBJFORMAT} ${LDCONFIG} -m ....In PLIST it should read;
@exec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -m ...
@unexec /usr/bin/env OBJFORMAT=%%PORTOBJFORMAT%% /sbin/ldconfig -RThis is to ensure that the correct ldconfig
will be called depending on the format of the package, not the
default format of the system.MASTERDIRIf your port needs to build slightly different versions of
packages by having a variable (for instance, resolution, or paper
size) take different values, create one subdirectory per package to
make it easier forusers to see what to do, but try to share as many
files as possible between ports. Typically you only need a very short
Makefile in all but one of the directories if you
use variables cleverly. In the sole Makefiles,
you can use MASTERDIR to specify the directory
where the rest of the files are. Also, use a variable as part of
PKGNAME so
the packages will have different names.This will be best demonstrated by an example. This is part of
japanese/xdvi300/Makefile;
PKGNAME= ja-xdvi${RESOLUTION}-17
:
# default
RESOLUTION?= 300
.if ${RESOLUTION} != 118 && ${RESOLUTION} != 240 && \
${RESOLUTION} != 300 && ${RESOLUTION} != 400
@${ECHO} "Error: invalid value for RESOLUTION: \"${RESOLUTION}\""
@${ECHO} "Possible values are: 118, 240, 300 (default) and 400."
@${FALSE}
.endifjapanese/xdvi300 also has all the regular
patches, package files, etc. If you type make
there, it will take the default value for the resolution (300) and
build the port normally.As for other resolutions, this is the entirexdvi118/Makefile;
RESOLUTION= 118
MASTERDIR= ${.CURDIR}/../xdvi300
.include ${MASTERDIR}/Makefile(xdvi240/Makefile and
xdvi400/Makefile are similar). The
MASTERDIR definition tells
bsd.port.mk that the refulat set of
subdirectories like PATCHDIR and
PKGDIR are to be found under
xdvi300. The RESOLUTION=118
line will override the RESOLUTION=300 line in
xdvi300/Makefile and the port will be built with
resolution set to 118.Shared library versionsFirst, please read our policy on
shared library versioning to understand what to do with
shared library versions in general. Do not blindly assume software
authors know what they are doing; many of them do not. It is very
important that these details are carefully considered, as we have
quite a unique situation where we are trying to have dozens of
potentially incompatible software pairs co-exist. Careless port
imports have caused great trouble regarding shared libraries in the
past (ever wondered why the port jpeg-6b has a
shared library version of 9.0?). If in doubt, send a message to the
&a.ports;. Most of the time, your job ends by determining the right
shared library version and making appropriate patches to implement
it.However, if there is a port which is a different version of the
same software already in the tree, the situation is much more complex.
In short, the FreeBSD implementation does not allow the user to
specify to the linker which version of shared library to link against
(the linker will always pick the highest numbered version). This
means, if there is a libfoo.so.3.2 and
libfoo.so.4.0 in the system, there is no way to
tell the linker to link a particular application to
libfoo.so.3.2. It is essentially completely
overshadowed in terms of compilation-time linkage. In this case, the
only solution is to rename the base part of the
shared library. For instance, change
libfoo.so.4.0 to
libfoo4.so.1.0 so both version 3.2 and 4.0 can be
linked from other ports.ManpagesThe MAN[1-9LN] variables will automatically add
any manpages to pkg/PLIST (this means you must
not list manpages in the
PLIST—see generating PLIST for more). It also
makes the install stage automatically compress or uncompress manpages
depending on the setting of NOMANCOMPRESS in
/etc/make.conf.To specify whether the manpages are compressed upon installation,
use the MANCOMPRESSED variable. This variable can
take three values, yes, no and
maybe. yes means manpages are
already installed compressed, no means they are
not, and maybe means the software already respects
the value of NOMANCOMPRESS so
bsd.port.mk does not have to do anything
special.MANCOMPRESSED is automatically set to
yes if USE_IMAKE is set and
NO_INSTALL_MANPAGES is not set, and to
no otherwise. You do not have to explicitly define
it unless the default is not suitable for your port.If your port anchors its man tree somewhere other than
PREFIX, you can use the
MANPREFIX to set it. Also, if only manpages in
certain sections go in a non-standard place, such as some Perl modules
ports, you can set individual man paths using
MANsectPREFIX (where
sect is one of 1-9,
L or N).If your manpages go to language-specific subdirectories, set the
name of the languages to MANLANG. The value of
this variable defaults to "" (i.e., English
only).Here is an example that puts it all together.
MAN1= foo.1
MAN3= bar.3
MAN4= baz.4
MANLANG= "" ja
MAN3PREFIX= ${PREFIX}/share/foobar
MANCOMPRESSED= yesThis states that six files are installed by this port;
${PREFIX}/man/man1/foo.1.gz
${PREFIX}/man/ja/man1/foo.1.gz
${PREFIX}/share/foobar/man/man3/bar.3.gz
${PREFIX}/share/foobar/man/ja/man3/bar.3.gz
${PREFIX}/man/man4/baz.4.gz
${PREFIX}/man/ja/man4/baz.4.gzPorts that require MotifThere are many programs that require a Motif library (available
from several commercial vendors, while there is a free clone reported
to be able to run many applications in
x11-toolkits/lesstif) to compile. Since it is a
popular toolkit and their licenses usually permit redistribution of
statically linked binaries, we have made special provisions for
handling ports that require Motif in a way that we can easily compile
binaries linked either dynamically (for people who are compiling from
the port) or statically (for people who distribute packages).REQUIRES_MOTIFIf your port requires Motif, define this variable in the
Makefile. This will prevent people who do not own a copy of Motif
from even attempting to build it.MOTIFLIBThis variable will be set by bsd.port.mk to
be the appropriate reference to the Motif library. Please patch the
source to use this wherever the Motif library is referenced in the
Makefile or
Imakefile.There are two common cases:If the port refers to the Motif library as
-lXm in its Makefile or
Imakefile, simply substitute
${MOTIFLIB} for it.If the port uses XmClientLibs in its
Imakefile, change it to
${MOTIFLIB} ${XTOOLLIB}
${XLIB}.Note that MOTIFLIB (usually) expands to
-L/usr/X11R6/lib -lXm or
/usr/X11R6/lib/libXm.a, so there is no need to
add -L or -l in front.X11 fontsIf your port installs fonts for the X Window system, put them in
X11BASE/lib/X11/fonts/local.
This directory is new to XFree86 release 3.3.3. If it does not exist,
please create it, and print out a message urging the user to update
their XFree86 to 3.3.3 or newer, or at least add this directory to the
font path in /etc/XF86Config.Info filesThe new version of texinfo (included in 2.2.2-RELEASE and onwards)
contains a utility called install-info to add and
delete entries to the dir file. If your port
installs any info documents, please follow this instructions so your
port/package will correctly update the user's
PREFIX/info/dir file. (Sorry
for the length of this section, but is it imperative to weave all the
info files together. If done correctly, it will produce a
beautiful listing, so please bear with me!First, this is what you (as a porter) need to know&prompt.user; install-info --help
install-info [OPTION]... [INFO-FILE [DIR-FILE]]
Install INFO-FILE in the Info directory file DIR-FILE.
Options:
--delete Delete existing entries in INFO-FILE;
don't insert any new entries.
:
--entry=TEXT Insert TEXT as an Info directory entry.
:
--section=SEC Put this file's entries in section SEC of the directory. :This program will not actually install info
files; it merely inserts or deletes entries in the
dir file.Here's a seven-step procedure to convert ports to use
install-info. I will use
editors/emacs as an example.Look at the texinfo sources and make a patch to insert
@dircategory and @direntry
statements to files that do not have them. This is part of my
patch:
--- ./man/vip.texi.org Fri Jun 16 15:31:11 1995
+++ ./man/vip.texi Tue May 20 01:28:33 1997
@@ -2,6 +2,10 @@
@setfilename ../info/vip
@settitle VIP
+@dircategory The Emacs editor and associated tools
+@direntry
+* VIP: (vip). A VI-emulation for Emacs.
+@end direntry
@iftex
@finalout
:The format should be self-explanatory. Many authors leave a
dir file in the source tree that contains all
the entries you need, so look around before you try to write your
own. Also, make sure you look into related ports and make the
section names and entry indentations consistent (we recommend that
all entry text start at the 4th tab stop).Note that you can put only one info entry per file because
of a bug in install-info --delete that
deletes only the first entry if you specify multiple entries in
the @direntry section.You can give the dir entries to
install-info as arguments
( and ) instead
of patching the texinfo sources. I do not think this is a good
idea for ports because you need to duplicate the same information
in three places
(Makefile and
@exec/@unexec of
PLIST; see below). However, if you have a
Japanese (or other multibyte encoding) info files, you will have
to use the extra arguments to install-info
because makeinfo cannot handle those texinfo
sources. (See Makefile and
PLIST of japanese/skk
for examples on how to do this).Go back to the port directory and do a make clean;
make and verify that the info files are regenerated
from the texinfo sources. Since the texinfo sources are newer than
the info files, they should be rebuilt when you type
make; but many Makefiles
do not include correct dependencies for info files. In
emacs' case, I had to patch the main
Makefile.in so it will descend into the
man subdirectory to rebuild the info
pages.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Tue Apr 15 00:15:28 1997
@@ -184,7 +184,7 @@
# Subdirectories to make recursively. `lisp' is not included
# because the compiled lisp files are part of the distribution
# and you cannot remake them without installing Emacs first.
-SUBDIR = lib-src src
+SUBDIR = lib-src src man
# The makefiles of the directories in $SUBDIR.
SUBDIR_MAKEFILES = lib-src/Makefile man/Makefile src/Makefile oldXMenu/Makefile lwlib/Makefile
--- ./man/Makefile.in.org Thu Jun 27 15:27:19 1996
+++ ./man/Makefile.in Tue Apr 15 00:29:52 1997
@@ -66,6 +66,7 @@
${srcdir}/gnu1.texi \
${srcdir}/glossary.texi
+all: info
info: $(INFO_TARGETS)
dvi: $(DVI_TARGETS)The second hunk was necessary because the default target in
the man subdir is called
info, while the main
Makefile wants to call
all. I also deleted the installation of
the info info file because we already have
one with the same name in /usr/share/info
(that patch is not shown here).If there is a place in the Makefile that
is installing the dir file, delete it. Your
port may not be doing it. Also, remove any commands that are
otherwise mucking around with the dir
file.
--- ./Makefile.in.org Mon Aug 19 21:12:19 1996
+++ ./Makefile.in Mon Apr 14 23:38:07 1997
@@ -368,14 +368,8 @@
if [ `(cd ${srcdir}/info && /bin/pwd)` != `(cd ${infodir} && /bin/pwd)` ]; \
then \
(cd ${infodir}; \
- if [ -f dir ]; then \
- if [ ! -f dir.old ]; then mv -f dir dir.old; \
- else mv -f dir dir.bak; fi; \
- fi; \
cd ${srcdir}/info ; \
- (cd $${thisdir}; ${INSTALL_DATA} ${srcdir}/info/dir ${infodir}/dir); \
- (cd $${thisdir}; chmod a+r ${infodir}/dir); \
for f in ccmode* cl* dired-x* ediff* emacs* forms* gnus* info* message* mh-e* sc* vip*; do \
(cd $${thisdir}; \
${INSTALL_DATA} ${srcdir}/info/$$f ${infodir}/$$f; \
chmod a+r ${infodir}/$$f); \(This step is only necessary if you are modifying an existing
port.) Take a look at pkg/PLIST and delete
anything that is trying to patch up info/dir.
They may be in pkg/INSTALL or some other
file, so search extensively.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/04/15 06:32:12
@@ -15,9 +15,6 @@
man/man1/emacs.1.gz
man/man1/etags.1.gz
man/man1/ctags.1.gz
-@unexec cp %D/info/dir %D/info/dir.bak
-info/dir
-@unexec cp %D/info/dir.bak %D/info/dir
info/cl
info/cl-1
info/cl-2Add a post-install target to the
Makefile to create a dir
file if it is not there. Also, call
install-info with the installed info
files.
Index: Makefile
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/Makefile,v
retrieving revision 1.26
diff -u -r1.26 Makefile
--- Makefile 1996/11/19 13:14:40 1.26
+++ Makefile 1997/05/20 10:25:09 1.28
@@ -20,5 +20,11 @@
post-install:
.for file in emacs-19.34 emacsclient etags ctags b2m
strip ${PREFIX}/bin/${file}
.endfor
+ if [ ! -f ${PREFIX}/info/dir ]; then \
+ ${SED} -ne '1,/Menu:/p' /usr/share/info/dir > ${PREFIX}/info/dir; \
+ fi
+.for info in emacs vip viper forms gnus mh-e cl sc dired-x ediff ccmode
+ install-info ${PREFIX}/info/${info} ${PREFIX}/info/dir
+.endfor
.include <bsd.port.mk>Do not use anything other than
/usr/share/info/dir and the above command to
create a new info file. In fact, I would add the first three lines
of the above patch to bsd.port.mk if you (the
porter) would not have to do it in PLIST by
yourself anyway.Edit PLIST and add equivalent
@exec statements and also
@unexec for pkg_delete. You
do not need to delete info/dir with
@unexec.
Index: pkg/PLIST
===================================================================
RCS file: /usr/cvs/ports/editors/emacs/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- PLIST 1997/03/04 08:04:00 1.15
+++ PLIST 1997/05/20 10:25:12 1.17
@@ -16,7 +14,15 @@
man/man1/etags.1.gz
man/man1/ctags.1.gz
+@unexec install-info --delete %D/info/emacs %D/info/dir
:
+@unexec install-info --delete %D/info/ccmode %D/info/dir
info/cl
info/cl-1
@@ -87,6 +94,18 @@
info/viper-3
info/viper-4
+@exec [ -f %D/info/dir ] || sed -ne '1,/Menu:/p' /usr/share/info/dir > %D/info/dir
+@exec install-info %D/info/emacs %D/info/dir
:
+@exec install-info %D/info/ccmode %D/info/dir
libexec/emacs/19.34/i386--freebsd/cvtmail
libexec/emacs/19.34/i386--freebsd/digest-docThe @unexec install-info --delete
commands have to be listed before the info files themselves so
they can read the files. Also, the @exec
install-info commands have to be after the info
files and the @exec command that creates the
the dir file.Test and admire your
work. :). Check the
dir file before and after each step.The pkg/ subdirectoryThere are some tricks we have not mentioned yet about the
pkg/ subdirectory that come in handy
sometimes.MESSAGEIf you need to display a message to the installer, you may place
the message in pkg/MESSAGE. This capability is
often useful to display additional installation steps to be taken
after a pkg_add or to display licensing
information.The pkg/MESSAGE file does not need to be
added to pkg/PLIST. Also, it will not get
automatically printed if the user is using the port, not the
package, so you should probably display it from the
post-install target yourself.INSTALLIf your port needs to execute commands when the binary package
is installed with pkg_add you can do this via the
pkg/INSTALL script. This script will
automatically be added to the package, and will be run twice by
pkg_add. The first time will as INSTALL
${PKGNAME} PRE-INSTALL and the second time as
INSTALL ${PKGNAME} POST-INSTALL.
$2 can be tested to determine which mode
the script is being run in. The PKG_PREFIX
environmental variable will be set to the package installation
directory. See &man.pkg.add.1; for
additional information.This script is not run automatically if you install the port
with make install. If you are depending on it
being run, you will have to explicitly call it from your port's
Makefile.REQIf your port needs to determine if it should install or not, you
can create a pkg/REQ “requirements”
script. It will be invoked automatically at
installation/deinstallation time to determine whether or not
installation/deinstallation should proceed.Changing PLIST based on make
variablesSome ports, particularly the p5- ports, need to change their
PLIST depending on what options they are
configured with (or version of perl, in the case of p5- ports). To
make this easy, any instances in the PLIST of
%%OSREL%%, %%PERL_VER%%, and
%%PERL_VERSION%% will be substituted for
appropriately. The value of %%OSREL%% is the
numeric revision of the operating system (e.g.,
2.2.7). %%PERL_VERSION%% is
the full version number of perl (e.g., 5.00502)
and %%PERL_VER%% is the perl version number minus
the patchlevel (e.g., 5.005).If you need to make other substitutions, you can set the
PLIST_SUB variable with a list of
VAR=VALUE
pairs and instances of
%%VAR%%' will be
substituted with VALUE in the
PLIST.For instance, if you have a port that installs many files in a
version-specific subdirectory, you can put something like
OCTAVE_VERSION= 2.0.13
PLIST_SUB= OCTAVE_VERSION=${OCTAVE_VERSION}
in the Makefile and use
%%OCTAVE_VERSION%% wherever the version shows up
in PLIST. That way, when you upgrade the port,
you will not have to change dozens (or in some cases, hundreds) of
lines in the PLIST.This substitution (as well as addition of any man pages) will be done between
the do-install and
post-install targets, by reading from
PLIST and writing to TMPPLIST
(default:
WRKDIR/.PLIST.mktmp). So if
your port builds PLIST on the fly, do so in or
before do-install. Also, if your port
needs to edit the resulting file, do so in
post-install to a file named
TMPPLIST.Changing the names of files in the
pkg subdirectoryAll the filenames in the pkg subdirectory
are defined using variables so you can change them in your
Makefile if need be. This is especially useful
when you are sharing the same pkg subdirectory
among several ports or have to write to one of the above files (see
writing to places other than
WRKDIR for why it is a bad idea to write
directly in to the pkg subdirectory.Here is a list of variable names and their default
values.VariableDefault valueCOMMENT${PKGDIR}/DESCRDESCR${PKGDIR}/DESCRPLIST${PKGDIR}/PLISTPKGINSTALL${PKGDIR}/PKGINSTALLPKGDEINSTALL${PKGDIR}/PKGDEINSTALLPKGREQ${PKGDIR}/REQPKGMESSAGE${PKGDIR}/MESSAGEPlease change these variables rather than overriding
PKG_ARGS. If you change
PKG_ARGS, those files will not correctly be
installed in /var/db/pkg upon install from a
port.Licensing ProblemsSome software packages have restrictive licenses or can be in
violation to the law (PKP's patent on public key crypto, ITAR (export
of crypto software) to name just two of them). What we can do with
them varies a lot, depending on the exact wordings of the respective
licenses.It is your responsibility as a porter to read the licensing
terms of the software and make sure that the FreeBSD project will
not be held accountable of violating them by redistributing the
source or compiled binaries either via ftp or CD-ROM. If in doubt,
please contact the &a.ports;.There are two variables you can set in the Makefile to handle the
situations that arise frequently:If the port has a “do not sell for profit” type of
license, set the variable NO_CDROM to a string
describing the reason why. We will make sure such ports will not go
into the CD-ROM come release time. The distfile and package will
still be available via ftp.If the resulting package needs to be built uniquely for each
site, or the resulting binary package cannot be distributed due to
licensing; set the variable NO_PACKAGE to a
string describing the reason why. We will make sure such packages
will not go on the ftp site, nor into the CD-ROM come release time.
The distfile will still be included on both however.If the port has legal restrictions on who can use it (e.g.,
crypto stuff) or has a “no commercial use” license,
set the variable RESTRICTED to be the string
describing the reason why. For such ports, the distfiles/packages
will not be available even from our ftp sites.The GNU General Public License (GPL), both version 1 and 2,
should not be a problem for ports.If you are a committer, make sure you update the
ports/LEGAL file too.UpgradingWhen you notice that a port is out of date compared to the latest
version from the original authors, first make sure you have the latest
port. You can find them in the
ports/ports-current directory of the ftp mirror
sites.The next step is to send a mail to the maintainer, if one is
listed in the port's Makefile. That person may
already be working on an upgrade, or have a reason to not upgrade the
port right now (because of, for example, stability problems of the new
version).If the maintainer asks you to do the upgrade or there is not any
such person to begin with, please make the upgrade and send the
recursive diff (either unified or context diff is fine, but port
committers appear to prefer unified diff more) of the new and old
ports directories to us (e.g., if your modified port directory is
called superedit and the original as in our tree
is superedit.bak, then send us the result of
diff -ruN superedit.bak superedit). Please examine
the output to make sure all the changes make sense. The best way to
send us the diff is by including it to &man.send-pr.1; (category
ports). Please mention any added or deleted files
in the message, as they have to be explicitly specified to CVS when
doing a commit. If the diff is more than about 20KB, please compress
and uuencode it; otherwise, just include it in as is in the PR.Once again, please use &man.diff.1; and not &man.shar.1; to send
updates to existing ports.Do's and Dont'sHere is a list of common do's and dont's that you encounter during
the porting process.You should check your own port against this list,
but you can also check ports in the PR database that others have
submitted. Submit any comments on ports you check as described in
Bug Reports and General
Commentary. Checking ports in the PR database will both make
it faster for us to commit them, and prove that you know what you are
doing.Strip BinariesDo strip binaries. If the original source already strips the
binaries, fine; otherwise you should add a
post-install rule to to it yourself. Here is an
example;
post-install:
strip ${PREFIX}/bin/xdlUse the &man.file.1; command on the installed executable to
check whether the binary is stripped or not. If it does not say
not stripped, it is stripped.INSTALL_* macrosDo use the macros provided in bsd.port.mk
to ensure correct modes and ownership of files in your own
*-install targets. They are:INSTALL_PROGRAM is a command to install
binary executables.INSTALL_SCRIPT is a command to install
executable scripts.INSTALL_DATA is a command to install
sharable data.INSTALL_MAN is a command to install
manpages and other documentation (it does not compress
anything).These are basically the install command with
all the appropriate flags. See below for an example on how to use
them.WRKDIRDo not write anything to files outside
WRKDIR. WRKDIR is the only
place that is guaranteed to be writable during the port build (see
compiling ports from CDROM for an
example of building ports from a read-only tree). If you need to
modigy some file in PKGDIR, do so by redefining a variable, not by
writing over it.WRKDIRPREFIXMake sure your port honors WRKDIRPREFIX.
Most ports do not have to worry about this. In particular, if you
are referring to a WRKDIR of another port, note
that the correct location is
WRKDIRPREFIXPORTSDIR/subdir/name/work not PORTSDIR/subdir/name/work or .CURDIR/../../subdir/name/work or some such.Also, if you are defining WRKDIR yourself,
make sure you prepend
${WKRDIRPREFIX}${.CURDIR} in the
front.Differentiating operating systems and OS versionsYou may come across code that needs modifications or conditional
compilation based upon what version of UNIX it is running under. If
you need to make such changes to the code for conditional
compilation, make sure you make the changes as general as possible
so that we can back-port code to FreeBSD 1.x systems and cross-port
to other BSD systems such as 4.4BSD from CSRG, BSD/386, 386BSD,
NetBSD, and OpenBSD.The preferred way to tell 4.3BSD/Reno (1990) and newer versions
of the BSD code apart is by using the BSD macro
defined in <sys/param.h>. Hopefully that
file is already included; if not, add the code:
#if (defined(__unix__) || defined(unix)) && !defined(USG)
#include <sys/param.h>
#endifto the proper place in the .c file. We
believe that every system that defines these two symbols has
sys/param.h. If you find a system that
does not, we would like to know. Please send mail to the
&a.ports;.Another way is to use the GNU Autoconf style of doing
this:
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endifDo not forget to add -DHAVE_SYS_PARAM_H to the
CFLAGS in the Makefile for
this method.Once you have sys/param.h included, you may
use:
#if (defined(BSD) && (BSD >= 199103))to detect if the code is being compiled on a 4.3 Net2 code base
or newer (e.g. FreeBSD 1.x, 4.3/Reno, NetBSD 0.9, 386BSD, BSD/386
1.1 and below).Use:
#if (defined(BSD) && (BSD >= 199306))to detect if the code is being compiled on a 4.4 code base or
newer (e.g. FreeBSD 2.x, 4.4, NetBSD 1.0, BSD/386 2.0 or
above).The value of the BSD macro is
199506 for the 4.4BSD-Lite2 code base. This is
stated for informational purposes only. It should not be used to
distinguish between versions of FreeBSD based only on 4.4-Lite vs.
versions that have merged in changes from 4.4-Lite2. The
__FreeBSD__ macro should be used instead.Use sparingly:__FreeBSD__ is defined in all versions of
FreeBSD. Use it if the change you are making
only affects FreeBSD. Porting gotchas like
the use of sys_errlist[] vs
strerror() are Berkeleyisms, not FreeBSD
changes.In FreeBSD 2.x, __FreeBSD__ is defined to
be 2. In earlier versions, it is
1. Later versions will bump it to match
their major version number.If you need to tell the difference between a FreeBSD 1.x
system and a FreeBSD 2.x or 3.x system, usually the right answer
is to use the BSD macros described above. If
there actually is a FreeBSD specific change (such as special
shared library options when using ld) then it
is OK to use __FreeBSD__ and #if
__FreeBSD__ > 1 to detect a FreeBSD 2.x and later
system. If you need more granularity in detecting FreeBSD
systems since 2.0-RELEASE you can use the following:
#if __FreeBSD__ >= 2
#include <osreldate.h>
# if __FreeBSD_version >= 199504
/* 2.0.5+ release specific code here */
# endif
#endifRelease__FreeBSD_version2.0-RELEASE1194112.1-CURRENTs199501, 1995032.0.5-RELEASE1995042.2-CURRENT before 2.11995082.1.0-RELEASE1995112.2-CURRENT before 2.1.51995122.1.5-RELEASE1996072.2-CURRENT before 2.1.61996082.1.6-RELEASE1996122.1.7-RELEASE1996122.2-RELEASE2200002.2.1-RELEASE220000 (no change)2.2-STABLE after 2.2.1-RELEASE220000 (no change)2.2-STABLE after texinfo-3.92210012.2-STABLE after top2210022.2.2-RELEASE2220002.2-STABLE after 2.2.2-RELEASE2220012.2.5-RELEASE2250002.2-STABLE after 2.2.5-RELEASE2250012.2-STABLE after ldconfig -R merge2250022.2.6-RELEASE2260002.2.7-RELEASE2270002.2-STABLE after 2.2.7-RELEASE2270012.2-STABLE after semctl(2) change2270022.2.8-RELEASE2280002.2-STABLE after 2.2.8-RELEASE2280013.0-CURRENT before mount(2) change3000003.0-CURRENT after mount(2) change3000013.0-CURRENT after semctl(2) change3000023.0-CURRENT after ioctl arg changes3000033.0-CURRENT after ELF conversion3000043.0-RELEASE3000053.0-CURRENT after 3.0-RELEASE3000063.0-STABLE after 3/4 branch3000073.1-RELEASE3100003.1-STABLE after 3.1-RELEASE3100013.1-STABLE after C++ constructor/destructor order change3100023.2-STABLE3200014.0-CURRENT after 3/4 branch4000004.0-CURRENT after change in dynamic linker handling4000014.0-CURRENT after C++ constructor/destructor order change4000024.0-CURRENT after functioning dladdr(3)4000034.0-CURRENT after newbus4000044.0-CURRENT after suser(9) API change4000054.0-CURRENT after cdevsw registration change4000064.0-CURRENT after the addition of so_cred for socket level credentials4000074.0-CURRENT after the addition of a poll syscall wrapper to libc_r400008Note that 2.2-STABLE sometimes identifies itself as
“2.2.5-STABLE” after the 2.2.5-RELEASE. The pattern
used to be year followed by the month, but we decided to change it
to a more straightforward major/minor system starting from 2.2.
This is because the parallel development on several branches made
it infeasible to classify the releases simply by their real
release dates. If you are making a port now, you do not have to
worry about old -CURRENTs; they are listed here just for your
reference.In the hundreds of ports that have been done, there have only
been one or two cases where __FreeBSD__ should
have been used. Just because an earlier port screwed up and used it
in the wrong place does not mean you should do so too.Writing something after
bsd.port.mkDo not write anything after the .include
<bsd.port.mk> line. it usually can be avoided by
including bsd.port.pre.mk somewhere in the
middle of your Makefile and
bsd.port.post.mk at the end.You need to include either the
pre.mk/post.mk pair or
bsd.port.mk only; do not mix these two.bsd.port.pre.mk only defines a few
variables, which can be used in tests in the
Makefile, bsd.port.post.mk
defines the rest.Here are some important variables defined in
bsd.port.pre.mk (this is not the complete list,
please read bsd.port.mk for the complete
list).VariableDescriptionARCHThe architecture as returned by uname
-m (e.g., i386)OPSYSThe operating system type, as returned by
uname -s (e.g.,
FreeBSD)OSRELThe release version of the operating system (e.g.,
2.1.5 or
2.2.7)OSVERSIONThe numeric version of the operating system, same as
__FreeBSD_version.PORTOBJFORMATThe object format of the system
(aout or elfLOCALBASEThe base of the “local” tree (e.g.,
/usr/local/)X11BASEThe base of the “X11” tree (e.g.,
/usr/X11R6)PREFIXWhere the port installs itself (see more on
PREFIX).If you have to define the variables
USE_IMAKE, USE_X_PREFIX, or
MASTERDIR, do so before including
bsd.port.pre.mk.Here are some examples of things you can write after
bsd.port.pre.mk;
# no need to compile lang/perl5 if perl5 is already in system
.if ${OSVERSION} > 300003
BROKEN= perl is in system
.endif
# only one shlib version number for ELF
.if ${PORTOBJFORMAT} == "elf"
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}
.else
TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}.${SHLIB_MINOR}
.endif
# software already makes link for ELF, but not for a.out
post-install:
.if ${PORTOBJFORMAT} == "aout"
${LN} -sf liblinpack.so.1.0 ${PREFIX}/lib/liblinpack.so
.endifInstall additional documentationIf your software has some documentation other than the standard
man and info pages that you think is useful for the user, install it
under PREFIX/share/doc.
This can be done, like the previous item, in the
post-install target.Create a new directory for your port. The directory name should
reflect what the port is. This usually means
PKGNAME minus the version part. However, if you
think the user might want different versions of the port to be
installed at the same time, you can use the whole
PKGNAME.Make the installation dependent to the variable
NOPORTDOCS so that users can disable it in
/etc/make.conf, like this:
post-install:
.if !defined(NOPORTDOCS)
${MKDIR}${PREFIX}/share/doc/xv
${INSTALL_MAN} ${WRKSRC}/docs/xvdocs.ps ${PREFIX}/share/doc/xv
.endifDo not forget to add them to pkg/PLIST too!
(Do not worry about NOPORTDOCS here; there is
currently no way for the packages to read variables from
/etc/make.conf.)Also you can use the pkg/MESSAGE file to
display messages upon installation. See the using
pkg/MESSAGE section for
details.MESSAGE does not need to be added to
pkg/PLIST).DIST_SUBDIRDo not let your port clutter
/usr/ports/distfiles. If your port requires a
lot of files to be fetched, or contains a file that has a name that
might conflict with other ports (e.g.,
Makefile), set DIST_SUBDIR
to the name of the port (PKGNAME without the
version part should work fine). This will change
DISTDIR from the default
/usr/ports/distfiles to
/usr/ports/distfiles/DIST_SUBDIR,
and in effect puts everything that is required for your port into
that subdirectory.It will also look at the subdirectory with the same name on the
- backup master site at ftp.freebsd.org.
+ backup master site at ftp.FreeBSD.org.
(Setting DISTDIR explicitly in your
Makefile will not accomplish this, so please use
DIST_SUBDIR.)This does not affect the MASTER_SITES you
define in your Makefile.Package informationDo include package information, i.e.
COMMENT, DESCR, and
PLIST, in pkg.Note that these files are not used only for packaging anymore,
and are mandatory now, even if
NO_PACKAGE is set.RCS stringsDo not put RCS strings in patches. CVS will mangle them when we
put the files into the ports tree, and when we check them out again,
they will come out different and the patch will fail. RCS strings
are surrounded by dollar ($) signs, and
typically start with $Id or
$RCS.Recursive diffUsing the recurse () option to
diff to generate patches is fine, but please take
a look at the resulting patches to make sure you do not have any
unnecessary junk in there. In particular, diffs between two backup
files, Makefiles when the port uses
Imake or GNU configure, etc.,
are unnecessary and should be deleted. If you had to edit
configure.in and run
autoconf to regenerate
configure, do not take the diffs of
configure (it often grows to a few thousand
lines!); define USE_AUTOCONF=yes and take the
diffsof configure.in.Also, if you had to delete a file, then you can do it in the
post-extract target rather than as part of
the patch. Once you are happy with the resulting diff, please split
it up into one source file per patch file.PREFIXDo try to make your port install relative to
PREFIX. (The value of this variable will be set
to LOCALBASE (default
/usr/local), unless
USE_X_PREFIX or USE_IMAKE is
set, in which case it will be X11BASE (default
/usr/X11R6).)Not hard-coding /usr/local or
/usr/X11R6 anywhere in the source will make the
port much more flexible and able to cater to the needs of other
sites. For X ports that use imake, this is
automatic; otherwise, this can often be done by simply replacing the
occurrences of /usr/local (or
/usr/X11R6 for X ports that do not use imake)
in the various scripts/Makefiles in the port to read
PREFIX, as this variable is automatically passed
down to every stage of the build and install processes.Do not set USE_X_PREFIX unless your port
truly require it (i.e., it links against X libs or it needs to
reference files in X11BASE).The variable PREFIX can be reassigned in your
Makefile or in the user's environment.
However, it is strongly discouraged for individual ports to set this
variable explicitly in the Makefiles.Also, refer to programs/files from other ports with the
variables mentioned above, not explicit pathnames. For instance, if
your port requires a macro PAGER to be the full
pathname of less, use the compiler flag:
-DPAGER=\"${PREFIX}/bin/less\"
or
-DPAGER=\"${LOCALBASE}/bin/less\"
if this is an X port, instead of
-DPAGER=\"/usr/local/bin/less\". This way it will
have a better chance of working if the system administrator has
moved the whole `/usr/local' tree somewhere else.SubdirectoriesTry to let the port put things in the right subdirectories of
PREFIX. Some ports lump everything and put it in
the subdirectory with the port's name, which is incorrect. Also,
many ports put everything except binaries, header files and manual
pages in the a subdirectory of lib, which does
not bode well with the BSD paradigm. Many of the files should be
moved to one of the following: etc
(setup/configuration files), libexec
(executables started internally), sbin
(executables for superusers/managers), info
(documentation for info browser) or share
(architecture independent files). See man &man.hier.7; for details,
the rules governing
/usr pretty much apply to
/usr/local too. The exception are ports
dealing with USENET “news”. They may use
PREFIX/news as a destination
for their files.Cleaning up empty directoriesDo make your ports clean up after themselves when they are
deinstalled. This is usually accomplished by adding
@dirrm lines for all directories that are
specifically created by the port. You need to delete subdirectories
before you can delete parent directories.
:
lib/X11/oneko/pixmaps/cat.xpm
lib/X11/oneko/sounds/cat.au
:
@dirrm lib/X11/oneko/pixmals
@dirrm lib/X11/oneko/sounds
@dirrm lib/X11/onekoHowever, sometimes @dirrm will give you
errors because other ports also share the same subdirectory. You
can call rmdir from @unexec to
remove only empty directories without warning.
@unexec rmdir %D/share/doc/gimp 2>/dev/null || trueThis will neither print any error messages nor cause
pkg_delete to exit abnormally even if
PREFIX/share/doc/gimp is not
empty due to other ports installing some files in there.UIDsIf your port requires a certain user to be on the installed
system, let the pkg/INSTALL script call
pw to create it automatically. Look at
net/cvsup-mirror for an example.If your port must use the same user/group ID number when it is
installed a binarypackage as when it was compiled, then you mus
choose a free UID from 50 to 99 and register it below. Look at
japanese/Wnn for an example.Make sure you do not use a UID already used by the system or
other ports. This is the current list of UIDs between 50 and
99.
majordom:*:54:54:Majordomo Pseudo User:/usr/local/majordomo:/nonexistent
cyrus:*:60:60:the cyrus mail server:/nonexistent:/nonexistent
gnats:*:61:1:GNATS database owner:/usr/local/share/gnats/gnats-db:/bin/sh
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent
pop:*:68:6:Post Office Owner (popper):/nonexistent:/nonexistent
wnn:*:69:7:Wnn:/nonexistent:/nonexistent
ifmail:*:70:66:Ifmail user:/nonexistent:/nonexistent
pgsql:*:70:70:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh
ircd:*:72:72:IRCd hybrid:/nonexistent:/nonexistent
alias:*:81:81:QMail user:/var/qmail/alias:/nonexistent
qmaill:*:83:81:QMail user:/var/qmail:/nonexistent
qmaild:*:82:81:QMail user:/var/qmail:/nonexistent
qmailq:*:85:82:QMail user:/var/qmail:/nonexistent
qmails:*:87:82:QMail user:/var/qmail:/nonexistent
qmailp:*:84:81:QMail user:/var/qmail:/nonexistent
qmailr:*:86:82:QMail user:/var/qmail:/nonexistent
msql:*:87:87:mSQL-2 pseudo-user:/var/db/msqldb:/bin/shPlease include a notice when you submit a port (or an upgrade)
that reserves a new UID or GID in this range. This allows us to
keep the list of reserved IDs up to date.Do things rationallyThe Makefile should do things simply and
reasonably. If you can make it a couple of lines shorter or more
readable, then do so. Examples include using a make
.if construct instead of a shell
if construct, not redefining
do-extract if you can redefine
EXTRACT* instead, and using
GNU_CONFIGURE instead of CONFIGURE_ARGS
+= --prefix=${PREFIX}.Respect CFLAGSThe port should respect the CFLAGS variable.
If it does not, please add NO_PACKAGE=ignores
cflags to the Makefile.Configuration filesIf your port requires some configuration files in
PREFIX/etc, do
not just install them and list them in
pkg/PLIST. That will cause
pkg_delete to delete files carefully edited by
the user and a new installation to wipe them out.Instead, install sample files with a suffix
(filename.sample
will work well) and print out a message pointing out that the
user has to copy and edit the file before the software can be made
to work.PortlintDo check your work with portlint
before you submit or commit it.FeedbackDo send applicable changes/patches to the original
author/maintainer for inclusion in next release of the code. This
will only make your job that much easier for the next
release.MiscellaneaThe files pkg/DESCR,
pkg/COMMENT, and pkg/PLIST
should each be double-checked. If you are reviewing a port and feel
they can be worded better, do so.Do not copy more copies of the GNU General Public License into
our system, please.Please be careful to note any legal issues! Do not let us
illegally distribute software!If you are stuck…Do look at existing examples and the
bsd.port.mk file before asking us questions!
;)Do ask us questions if you have any trouble! Do not just beat
your head against a wall! :)A Sample MakefileHere is a sample Makefile that you can use to
create a new port. Make sure you remove all the extra comments (ones
between brackets)!It is recommended that you follow this format (ordering of
variables, empty lines between sections, etc.). This format is
designed so that the most important information is easy to locate. We
recommend that you use portlint to check the
Makefile.
[the header...just to make it easier for us to identify the ports.]
# New ports collection makefile for: xdvi
[the version required header should updated when upgrading a port.]
# Version required: pl18 [things like "1.5alpha" are fine here too]
[this is the date when the first version of this Makefile was created.
Never change this when doing an update of the port.]
# Date created: 26 May 1995
[this is the person who did the original port to FreeBSD, in particular, the
person who wrote the first version of this Makefile. Remember, this should
not be changed when upgrading the port later.]
# Whom: Satoshi Asami <asami@FreeBSD.ORG>
#
# $Id$
[ ^^^^ This will be automatically replaced with RCS ID string by CVS
when it is committed to our repository.]
#
[section to describe the port itself and the master site - DISTNAME
is always first, followed by PKGNAME (if necessary), CATEGORIES,
and then MASTER_SITES, which can be followed by MASTER_SITE_SUBDIR.
After those, one of EXTRACT_SUFX or DISTFILES can be specified too.]
DISTNAME= xdvi
PKGNAME= xdvi-pl18
CATEGORIES= print
[do not forget the trailing slash ("/")!
if you are not using MASTER_SITE_* macros]
MASTER_SITES= ${MASTER_SITE_XCONTRIB}
MASTER_SITE_SUBDIR= applications
[set this if the source is not in the standard ".tar.gz" form]
EXTRACT_SUFX= .tar.Z
[section for distributed patches -- can be empty]
PATCH_SITES= ftp://ftp.sra.co.jp/pub/X11/japanese/
PATCHFILES= xdvi-18.patch1.gz xdvi-18.patch2.gz
[maintainer; *mandatory*! This is the person (preferably with commit
privileges) who a user can contact for questions and bug reports - this
person should be the porter or someone who can forward questions to the
original porter reasonably promptly. If you really do not want to have
your address here, set it to "ports@FreeBSD.ORG".]
MAINTAINER= asami@FreeBSD.ORG
[dependencies -- can be empty]
RUN_DEPENDS= gs:${PORTSDIR}/print/ghostscript
LIB_DEPENDS= Xpm.5:${PORTSDIR}/graphics/xpm
[this section is for other standard bsd.port.mk variables that do not
belong to any of the above]
[If it asks questions during configure, build, install...]
IS_INTERACTIVE= yes
[If it extracts to a directory other than ${DISTNAME}...]
WRKSRC= ${WRKDIR}/xdvi-new
[If the distributed patches were not made relative to ${WRKSRC}, you
may need to tweak this]
PATCH_DIST_STRIP= -p1
[If it requires a "configure" script generated by GNU autoconf to be run]
GNU_CONFIGURE= yes
[If it requires GNU make, not /usr/bin/make, to build...]
USE_GMAKE= yes
[If it is an X application and requires "xmkmf -a" to be run...]
USE_IMAKE= yes
[et cetera.]
[non-standard variables to be used in the rules below]
MY_FAVORITE_RESPONSE= "yeah, right"
[then the special rules, in the order they are called]
pre-fetch:
i go fetch something, yeah
post-patch:
i need to do something after patch, great
pre-install:
and then some more stuff before installing, wow
[and then the epilogue]
.include <bsd.port.mk>Automated package list creationFirst, make sure your port is almost complete, with only
PLIST missing. Create an empty
PLIST.&prompt.root; touch PLISTNext, create a new set of directories which your port can be
installed, and install any dependencies.&prompt.root; mtree -U -f /etc/mtree/BSD.local.dist -d -e -p /var/tmp/port-name
&prompt.root; make depends PREFIX=/var/tmp/port-nameStore the directory structure in a new file.&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > OLD-DIRSIf your port honours PREFIX (which it should)
you can then install the port and create the package list.&prompt.root; make install PREFIX=/var/tmp
&prompt.root; (cd /var/tmp/port-name && find * \! -type d) > pkg/PLISTYou must also add any newly created directories to the packing
list.&prompt.root; (cd /var/tmp/port-name && find * -type d) | comm -13 OLD-DIRS - | sed -e 's#^#@dirrm#' >> pkg/PLISTFinally, you need to tidy up the packing list by hand. I lied
when I said this was all automated. Manual pages should be listed in
the port's Makefile under
MANn, and not in the
package list. User configuration files should be removed, or
installed as
filename.sample. Any
libraries installed by the port should be listed as specified in the
ldconfig section.Package NamesThe following are the conventions you should follow in naming your
packages. This is to have our package directory easy to scan, as
there are already lots and lots of packages and users are going to
turn away if they hurt their eyes!The package name should look like
language-name-compiled.specifics-version.numbers.If your DISTNAME does not look like that, set
PKGNAME to something in that format.FreeBSD strives to support the native language of its users.
The language- part should be a two
letter abbreviation of the natural language defined by ISO-639 if
the port is specific to a certain language. Examples are
ja for Japanese, ru for
Russian, vi for Vietnamese,
zh for Chinese, ko for
Korean and de for German.The name part should be all lowercases,
except for a really large package (with lots of programs in it).
Things like XFree86 (yes there really is a port of it, check it
out) and ImageMagick fall into this category. Otherwise, convert
the name (or at least the first letter) to lowercase. If the
capital letters are important to the name (for example, with
one-letter names like R or
V) you may use capital letters at your
discretion. There is a tradition of naming Perl 5 modules by
prepending p5- and converting the double-colon
separator to a hyphen; for example, the
Data::Dumper module becomes
p5-Data-Dumper. If the software in question
has numbers, hyphens, or underscores in its name, you may include
them as well (like kinput2).If the port can be built with different hardcoded defaults (usually
part of the directory name in a family of ports), the
-compiled.specifics part should state
the compiled-in defaults (the hyphen is optional). Examples are
papersize and font units.The version string should be a period-separated list of
integers and single lowercase alphabetics. The only exception is
the string pl (meaning `patchlevel'), which can
be used only when there are no major and
minor version numbers in the software.Here are some (real) examples on how to convert a
DISTNAME into a suitable
PKGNAME:Distribution NamePackage NameReasonmule-2.2.2.mule-2.2.2No changes requiredXFree86-3.1.2XFree86-3.1.2No changes requiredEmiClock-1.0.2emiclock-1.0.2No uppercase names for single programsgmod1.4gmod-1.4Need a hyphen before version numbersxmris.4.0.2xmris-4.0.2Need a hyphen before version numbersrdist-1.3alphardist-1.3aNo strings like alpha
allowedes-0.9-beta1es-0.9b1No strings like beta
allowedv3.3beta021.srctiff-3.3What the heck was that anyway?tvtwmtvtwm-pl11Version string always requiredpiewmpiewm-1.0Version string always requiredxvgr-2.10pl1xvgr-2.10.1pl allowed only when no
major/minor version numbersgawk-2.15.6ja-gawk-2.15.6Japanese language versionpsutils-1.13psutils-letter-1.13Papersize hardcoded at package build timepkfontspkfonts300-1.0Package for 300dpi fontsIf there is absolutely no trace of version information in the
original source and it is unlikely that the original author will ever
release another version, just set the version string to
1.0 (like the piewm example above). Otherwise, ask
the original author or use the date string
(yy.mm.dd) as the version.CategoriesAs you already know, ports are classified in several categories.
But for this to wor, it is important that porters and users understand
what each category and how we deicde what to put in each
category.Current list of categoriesFirst, this is the current list of port categories. Those
marked with an asterisk (*) are
virtual categories—those that do not have
a corresponding subdirectory in the ports tree.For non-virtual categories, you will find a one-line
description in the pkg/COMMENT file in that
subdirectory (e.g.,
archivers/pkg/COMMENT).CategoryDescriptionafterstep*Ports to support AfterStep window managerarchiversArchiving tools.astroAstronomical ports.audioSound support.benchmarksBenchmarking utilities.biologyBiology-related software.cadComputer aided design tools.chineseChinese language support.commsCommunication software. Mostly software to talk to
your serial port.convertersCharacter code converters.databasesDatabases.deskutilsThings that used to be on the desktop before
computers were invented.develDevelopment utilities. Do not put libraries here just
because they are libraries—unless they truly do not
belong to anywhere else, they should not be in this
category.editorsGeneral editors. Specialized editors go in the section
for those tools (e.g., a mathematical-formula editor will go
in math).elispEmacs-lisp ports.emulatorsEmulators for other operating systems. Terminal
emulators do not belong
here—X-based ones should go to
x11 and text-based ones to either
comms or misc,
depending on the exact functionality.gamesGames.germanGerman language support.graphicsGraphics utilities.japaneseJapanese language support.kde*Ports that form the K Desktop Environment
(kde).koreanKorean language support.langProgramming languages.mailMail software.mathNumerical computation software and other utilities
for mathematics.mboneMBone applications.miscMiscellaneous utilities—basically things that
does not belong to anywhere else. This is the only category
that should not appear with any other non-virtual category.
If you have misc with something else in
your CATEGORIES line, that means you can
safely delete misc and just put the port
in that other subdirectory!netMiscellaneous networking software.newsUSENET news software.offix*Ports from the OffiX suite.palmSoftware support for the 3Com Palm(tm) series.perl5*Ports that require perl version 5 to run.plan9*Various programs from Plan9.printPrinting software. Desktop publishing tools
(previewers, etc.) belong here too.python*Software written in python.russianRussian language support.securitySecurity utilities.shellsCommand line shells.sysutilsSystem utilities.tcl75*Ports that use tcl version 7.5 to run.tcl76*Ports that use tcl version 7.6 to run.tcl80*Ports that use tcl version 8.0 to run.tcl81*Ports that use tcl version 8.1 to run.textprocText processing utilities. It does not include
desktop publishing tools, which go to print/.tk41*Ports that use tk version 4.1 to run.tk42*Ports that use tk version 4.2 to run.tk80*Ports that use tk version 8.0 to run.tk81*Ports that use tk version 8.1 to run.vietnameseVietnamese language support.windowmaker*Ports to support the WindowMaker window
managerwwwSoftware related to the World Wide Web. HTML language
support belong here too.x11The X window system and friends. This category is only
for software that directly support the window system. Do not
put regular X applications here. If your port is an X
application, define USE_XLIB (implied by
USE_IMAKE) and put it in appropriate
categories. Also, many of them go into other
x11-* categories (see below).x11-clocksX11 clocks.x11-fmX11 file managers.x11-fontsX11 fonts and font utilities.x11-toolkitsX11 toolkits.x11-wmX11 window managers.Choosing the right categoryAs many of the categories overlap, you often have to choose
which of the categories should be the primary category of your port.
There are several rules that govern this usse. Here is the list of
priorities, in decreasing order of precedence.Language specific categories always come first. For
example, if your port installs Japanese X11 fonts, then your
CATEGORIES line would read japanese
x11-fonts.Specific categories win over less-specific ones. For
instance, an HTML editor should be listed as www
editors, not the other way around. Also, you do not
need to list net when the port belongs to
either of mail, mbone,
news, security, or
www.x11 is used as a secondary category only
when the primary category is a natural language. In particular,
you should not put x11 in the category line
for X applications.If your port truly does not belong anywhere else, put it in
misc.If you are not sure about the category, please put a comment to
that effect in your send-pr submission so we can
discuss it before import it. (If you are a committer, send a note
&a.ports; so we can discuss it first—too often new ports are
imported to a wrong category only to be moved right away.)Changes to this document and the ports systemIf you maintain a lot of ports, you should consider following the
&a.ports;. Important changes to the way ports work will be announced
there. You can always find more detailed information on the latest
changes by looking at the
bsd.port.mk CVS log.That is It, Folks!Boy, this sure was a long tutorial, wasn't it? Thanks for
following us to here, really.Well, now that you know how to do a port, let us go at it and
convert everything in the world into ports! That is the easiest way to
start contributing to the FreeBSD Project! :)