Blog
Projects
Docs, Tips & tricks
Freebsd tips
GNU/Linux tips
November 2024 | ||||||
M | T | W | T | F | S | S |
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 |
Upgrading FreeBSD with openldap backend switch dbd to mdb | Fri, 3 Apr 15 |
As pointed in UPDATING, on August 2014 the bdb backend of openldap24-server has been deprecated and is no longer supported. The new default backend to use should be mdb, and data should be migrated.
In order to migrate the daba, I followed those steps. Stop the service # service slapd stopMake a backup of the database location (the default path is /var/db/openldap-data) # cp -R /var/db/openldap-data /tmp/openldap-data.bdbExport the LDAP database in LDIF format file # slapcat -l ldifUpgrade the openldap server # pkg install openldap24-serverEdit the configuration file # vi /usr/local/etc/openldap/slapd.confComment out bdb and enable mbd [...] moduleload back_mdb #moduleload back_bdb database mdb #database bdb [...]Import the LDIF file # ldapadd -D 'cn=root,dc=example,dc=local' -W -x -f ldifIn case your LDIF file contains structural informations that cannot be edited, you get this error: adding new entry "dc=example,dc=local" ldap_add: Constraint violation (19) additional info: structuralObjectClass: no user modification allowedAs pointed here, you have to filter out the offending lines. Create the filter # cat >slapcat_filter <<EOF /^creatorsName: /d /^createTimestamp: /d /^modifiersName: /d /^modifyTimestamp: /d /^structuralObjectClass: /d /^entryUUID: /d /^entryCSN: /d EOFApply the filter # cat ldif | sed -f slapcat_filter > filtered.ldifImport the filtered LDIF file # ldapadd -D 'cn=root,dc=example,dc=local' -W -x -f filtered.ldifRestart the openldap server daemon #service slapd start |
Setting FreeBSD desktop | Sat, 2 Jun 12 |
Step by step guide to set up a FreeBSD desktop PC with KDE4: How to install and configure a FreeBSD 8 Desktop with Xorg and KDE? |
Grub2 and FreeBSD | Sun, 3 Apr 11 |
The version 2 of GRUB bootloader (present in Ubuntu) has introduced a new way of been configured. You don't have to manually edit a file configuration (the old menu.lst), but it comes with a program (update-grub) that detect partitions and automatically writes the settings. Problem arises when you are using a FreeBSD boot partition, as the update-grub utility doesn't find it. To solve you have from GNU/Linux (ie. Ubuntu) to make some steps:
|
GDM change background image | Sun, 14 Mar 10 |
How to use the same background image in GDM as your wallpaper? Using gconftool to get the file path of the image: # gconftool-2 --get /desktop/gnome/background/picture_filename /usr/local/share/pixmaps/backgrounds/gnome/background-default.jpgThen set the new image file: # gconftool-2 --set --type string --set /desktop/gnome/background/picture_filename /path/to/your/background/image.png |
FreeBSD + HAL fightings | Sun, 31 Jan 10 |
Troubles with HAL and nautilus on FreeBSD? Every time I burn something I have severe problems with this "intelligent" service. But this HAL faq can resolve quite any matters. Also explain how to start a non-aware HAL utility using hal-lock PS: other Gnome 2.28 tips at FreeBSD Upgrading FAQ. |
xorg without display manager | Mon, 18 Jan 10 |
On a low performance computer I wanted to start as quick as possible a graphical interface with FreeBSD. So I was looking for a way to auto-logon the system and start a Xorg program.
The system doesn't have a keyboard, and I doesn't really care about security issue. But keep in mind that this procedure let anyone to launch command as the user logged in. First step, add in /etc/gettytab the auto-login feature for the user someuser adding at the end a line like this: autologin:\ :al=someuser:ht:np:sp#115200:Also modify in /etc/ttys the line for the first console ttyv0 to load autologin configuration: ttyv0 "/usr/libexec/getty autologin" cons25 on secureSecondly, go to the home of the user someuser and add in TCSH starting script (/home/someuser/.cshrc) the startx command: if ( $tty == "ttyv0" ) then startx logout endifAnd add the line to launch somecommand in the Xorg initialization /home/someuser/.xinitrc: exec /usr/local/bin/somecommand |
FreeBSD version | Thu, 22 Jan 09 |
Want to know what is the version of your src tree you have in /usr/src? Type the following command as any user: # awk 'BEGIN{FS="\""} /TYPE=/{a=$2} /REVISION=/{b=$2} /BRANCH=/{print a " " b "-" $2; exit}' < /usr/src/sys/conf/newvers.sh |
geli full encrypted system | Sun, 30 Dec 07 |
Here is a guide I made for myself in trying the freebsd geli encryption layer.
For more info about geli, see
handbook and geli (8).
This howto require a computer (obviously), an usb pendrive (to store keys), and a freesbie licecd (needed for install). At the end of this guide, you'll have a full-encrypted system with AES at 256 bit, swap with blowfish, key for root as passphrase and keys for other slices (/usr, /var...) splitted in keys in root and keys onto pendrive. So without pendrive you can't boot, either without passphrase; obviously you may change at your needs this configuration. start computer with the cdrom; when you reach console, open it as root: # su - and start sysinstall # sysinstall In sysinstall choose "custom install". Options -> modify "Media Type" to point to your nearest ftp server (if you are using dhcp, the network is already set up, if not in second console use ifconfig) Also modify "Install Root" to "/mnt". Partition -> allocate space for one bsd partition (retain the disk name, like 'ad10'), quit and install boot manager (note: my sata drive is called ad10 by the kernel (you will see it in the partitioning process) but the boot loader found it as disk1 (you read it at the booting process)) Label -> create following slice scheme: 100MB / ad10s1a (ignore warning) 400MB /boot ad10s1d 1024MB swap ad10s1b 5120MB /tmp ad10s1e 5120MB /var ad10s1f remaining /usr ad10s1g (the following step is necessary to fool sysinstall as he doesn't allow you to put in slice 'a' anything else than / ) Before continuing you have to change mount points names: / will be /boot, and /boot will be / The final scheme have to be like this: 100MB /boot ad10s1a 400MB / ad10s1d 1024MB swap ad10s1b 5120MB /tmp ad10s1e 5120MB /var ad10s1f remaining /usr ad10s1g (note: set size of swap, /tmp, /var and /usr at your needs. You maybe want a separate /home. If you want one big / , set ad10s1d to be large for entire disk minus the swap space) Finish editing slices if you are sure that /boot is on slice 'a'. Distribution -> select smallest system possible: - select Custom - select base, kernels, man And finally commit. Once he have done, exit sysinstall and return to the console Mount the newly created system in the live system: # mount /dev/ad10s1d /mnt Place booting files in /mnt/mntboot/boot/ and create a link: # cd /mnt/ # rmdir boot # mkdir mntboot # mount /dev/ad10s1a /mnt/mntboot # cd mntboot # mkdir tmp # mv * tmp # mv tmp boot # cd /mnt/ # ln -s mntboot/boot boot Make a backup of our minimal /tmp, /var and /usr: # cd /mnt # mount /dev/ad10s1e tmp # mount /dev/ad10s1f var # mount /dev/ad10s1g usr # tar cf back.tar tmp var usr # umount /mnt/tmp /mnt/var /mnt/usr Plug in usb pendrive for storing key, it should appear as /dev/da0 # mkdir /mnt/etc/geli # newfs_msdos -F32 /dev/da0 # mount_msdosfs /dev/da0 /mnt/mnt Create key-files and initiate encrypted slices for /tmp, /var and /usr # dd if=/dev/random of=/mnt/etc/geli/TAYGETA_tmp.key1 bs=64 count=1 # dd if=/dev/random of=/mnt/mnt/TAYGETA_tmp.key2 bs=64 count=1 # dd if=/dev/random of=/dev/ad10s1e bs=1m # cat /mnt/etc/geli/TAYGETA_tmp.key1 /mnt/mnt/TAYGETA_tmp.key2 | \ geli init -e AES -l 128 -s 4096 -P -K - /dev/ad10s1e # cat /mnt/etc/geli/TAYGETA_tmp.key1 /mnt/mnt/TAYGETA_tmp.key2 | \ geli attach -p -k - /dev/ad10s1e # newfs -O2 -U /dev/ad10s1e.eli # mount /dev/ad10s1e.eli /mnt/tmp # dd if=/dev/random of=/mnt/etc/geli/TAYGETA_var.key1 bs=64 count=1 # dd if=/dev/random of=/mnt/mnt/TAYGETA_var.key2 bs=64 count=1 # dd if=/dev/random of=/dev/ad10s1f bs=1m # cat /mnt/etc/geli/TAYGETA_var.key1 /mnt/mnt/TAYGETA_var.key2 | \ geli init -e AES -l 128 -s 4096 -P -K - /dev/ad10s1f # cat /mnt/etc/geli/TAYGETA_var.key1 /mnt/mnt/TAYGETA_var.key2 | \ geli attach -p -k - /dev/ad10s1f # newfs -O2 -U /dev/ad10s1f.eli # mount /dev/ad10s1f.eli /mnt/var # dd if=/dev/random of=/mnt/etc/geli/TAYGETA_usr.key1 bs=64 count=1 # dd if=/dev/random of=/mnt/mnt/TAYGETA_usr.key2 bs=64 count=1 # dd if=/dev/random of=/dev/ad10s1g bs=1m # cat /mnt/etc/geli/TAYGETA_usr.key1 /mnt/mnt/TAYGETA_usr.key2 | \ geli init -e AES -l 128 -s 4096 -P -K - /dev/ad10s1g # cat /mnt/etc/geli/TAYGETA_usr.key1 /mnt/mnt/TAYGETA_usr.key2 | \ geli attach -p -k - /dev/ad10s1g # newfs -O2 -U /dev/ad10s1g.eli # mount /dev/ad10s1g.eli /mnt/usr Randomize swap slice: # dd if=/dev/random of=/dev/ad10s1b bs=1m Edit file for correct booting process: # ee /mnt/boot/loader.conf currdev="disk1s1a" # current slice containing /boot rootdev="disk1s1d" # slice containing / in a way that loader understand vfs.root.mountfrom="ufs:ad10s1d.eli" # slice containing / in a way that kernel understand geom_eli_load="YES" Populate directories: # cd /mnt # tar xf back.tar # rm back.tar # umount /mnt/tmp /mnt/var /mnt/usr /mnt/mnt /mnt/mntboot Make a backup of the root # cd /mnt # mount /dev/ad10s1e.eli /mnt2 # tar cf /mnt2/back.tar * And encrypt it. Don't forget the passphrase you will be asked for! # cd / # umount /mnt # geli init -e AES -l 128 -s 4096 -b /dev/ad10s1d # geli attach /dev/ad10s1d # newfs -O2 -U /dev/ad10s1d.eli # mount /dev/ad10s1d.eli /mnt # cd /mnt # tar xf /mnt2/back.tar # rm /mnt2/back.tar # umount /mnt2 Finally edit important files to correctly load system: # ee /mnt/etc/fstab /dev/ad10s1a /mntboot ufs ro 1 1 /dev/ad10s1b.eli none swap sw 0 0 /dev/ad10s1d.eli / ufs rw 1 1 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 /dev/ad10s1e.eli /tmp ufs rw 1 1 /dev/ad10s1f.eli /var ufs rw 1 1 /dev/ad10s1g.eli /usr ufs rw 1 1 Edit /mnt/etc/rc.conf # ee /mnt/etc/rc.conf [add the following line] geli_swap_flags="-e Blowfish -l 256 -d" Manually change /etc/rc.d/geli (change "da0" with your pendrive partition) # ee /mnt/etc/rc.d/geli [in "geli_start()" add before "for provider in ${devices}"] while(true); do /sbin/mount_msdosfs /dev/da0 /mnt > /dev/null if [ $? -eq 0 ]; then break; fi echo "Pendrive missing!" sleep 3; done echo "Pendrive found, initializing slices." /bin/cat /etc/geli/TAYGETA_tmp.key1 /mnt/TAYGETA_tmp.key2 | \ /sbin/geli attach -p -k - /dev/ad10s1e /bin/cat /etc/geli/TAYGETA_var.key1 /mnt/TAYGETA_var.key2 | \ /sbin/geli attach -p -k - /dev/ad10s1f /bin/cat /etc/geli/TAYGETA_usr.key1 /mnt/TAYGETA_usr.key2 | \ /sbin/geli attach -p -k - /dev/ad10s1g /sbin/umount /dev/da0 /mnt [and comment out the rest of geli_start() function] # umount /mnt # exitReboot computer and remove freebsd cdrom. And make a pendrive copy to put in safe place, maybe bank or more secure :D |
All contents, where applicable and except otherwise specified, are present under GPLv2 or GFDL licenses.
E. Richiardone (e AT richiardone DOT eu)
page viewed 7237 times and generated in 0.002572 s