OpenBSD Journal

Request for change in baseXX.tgz

Contributed by jose on from the i-need-to-recompile-it! dept.

zibi asks: "This is the proposition to add sources of sendmail to the install package baseXX.tgz . It is due to the fact that people often want to recompile the sendmail with eg. sasl support. Motivation is that original sources from sendmail.org doesn't have OpenBSD specific Makefiles and it is a pain to compile it in OpenBSD way without all OpenBSD sources.

What do you think about it?"

I doubt this change will be made (it could easily be justified for other large packages, including OpenSSL and Apache), but anyone have anything to say?

(Comments are closed)


Comments
  1. By click46 () click46@genmay.net on mailto:click46@genmay.net

    I see no reason other than convenience for a few people. if they want it so bad, deal with it. no need to start mucking with the base install just to make it easier.

    Comments
    1. By Anonymous Coward () on

      Am I missing something?

      cd /usr
      export CVSROOT="anoncvs@anoncvs1.usa.openbsd.org:/cvs"
      cvs co src/gnu/usr.sbin/sendmail

      is that so hard? come on...

      Comments
      1. By Anonymous Coward () on

        oops, sorry, didnt mean to reply to your post, but rather the parent article.

  2. By Anonymous Coward () on

    Am I missing something?

    cd /usr
    export CVSROOT="anoncvs@anoncvs1.usa.openbsd.org:/cvs"
    cvs co src/gnu/usr.sbin/sendmail

    is that so hard? come on...

    Comments
    1. By Juanjo () on

      Funny... do you mean you can compile sendmail *only* with that checkout?

      I think you can't... You need src/libexec stuff also (that's the first that comes to my mind, but may be others too).

      I don't agree with sendmail source being into base, but it's true (again) sometimes I cannot install whole src.tar.gz in order to patch a production system.

  3. By kko () on

    fetching the source tree and updating via CVS is not that much of a hassle, besides if you really need it that bad, and you need it often, you could always create your own siteXX.tgz file... More info on that here .

  4. By Anonymous Coward () on

    One of the first things I do when I install an OpenBSD box is remove sendmail.

    90% of the OpenBSD boxes I run are firewalls, so have no call for an MTA - the others I run exim on.

  5. By Ian MCWilliam () i.mcwilliam@uws.edu.au on mailto:i.mcwilliam@uws.edu.au

    This can be accumplised via ports.

    I submitted to ports@ a while back a way of building libmilter. Of course nobody commented other than, "you cn build that from sthe OpenBSD source". We really shouldn't have to down load a 90M source tarball just to get some functionality that the ports/packages mechanism can provide.

  6. By fo0 () on

    I see no need to bloat the base install with something non-essential, especially when not everyone uses sendmail.

  7. By Anonymous Coward () on

    According to Theo's plan*, He does not source code in the base OS. Source code the base OS could lead to a trojaned system if a threat gains access to the system.

    Getting source code through CVS or building your own etcxx.tgz or basexx.tgz is not too difficult to do.

    * From what I read please me if I wrong thanks

  8. By Anonymous Coward () on

    Why not go the other way: strip base. I use my OBSD box as a firewall, I don't want/need apache for instance, I don't have the comp package, I don't want/need sendmail. There's lots of stuff if base that I can't get rid of because I don't know which files belong to sendmail for instanse. So adding source is a in my opinion a bad thing. What I'd like to see is base being split into serveral packages. I don't think httpd should be on a 'base' system.

    Just my humble opinion.

    Comments
    1. By David Wijnants () on

      I second that!

      Comments
      1. By lepole () pf@i-security.at on mailto:pf@i-security.at

        me too. iŽd rather include another mailsystem (postfix comes to mind) than ad more of that sendmail stuff that i guess noone uses anyway.

    2. By Dave () on

      Sounds like a good idea to me - split off all the daemons like apache, bind and sendmail into another tarball.

    3. By Anonymous Coward () on


      I agree with this, I think the default install is still too inclusive, especially given that OpenBSD's stated goal is security, and a minimum install should be considered a key system requirement (it seems that many people do strip down their installs as well).

      I'd prefer to see any of these options:

      (a) an extra distribution called "tight" that removes a lot of gunk; and possible to then bring in the additional support (e.g. yp, kerberos, etc is actually a package to install on top of the base OS);

      (b) at a minimum, a system build option in the source tree to allow more precise building of the system (e.g. options to select "base" - "yp" + "kerberos" - "sendmail" - "inetd" ...), at least then I could just build my own tight install;

      Of course, I should really be contributing to the project to make this happen rather than just stating that "it would be nice". :-)



      Comments
      1. By Essarf () essarf@home.se on mailto:essarf@home.se

        Sorry for being anon last time...

        Not only would this lead to a smaller system. It would also mean that if sendmail, for instance, is found defective you could get the binary snapshot and tar x it and there you go. I'd like to avoid having the comp package on my firewall.

        if anyone has got any hints, guides, links on stripping the base install I'd really appreciate some.

        Just my humble opinion, again.

        Comments
        1. By Jason Stout () jstout@0x4a.com on mailto:jstout@0x4a.com

          Henning started the Fugu project awhile ago which did precisely this. I think he gave it up when he got wrapped up in pf with Daniel.

          I had a pretty solid script before that would handle most of this. But, my ideas of how it should be done differed from those in the project so I got frustrated and stopped working on it.

          Check these links:
          http://fugu.bsws.de/
          http://www.lucq.org/obsdwall/

          Comments
          1. By Essarf () essarf@home.se on mailto:essarf@home.se

            This is not for 3.3? Just wanna be sure before I try it. Seems like a very good project though.

            Just imagine how easy this would be if you could do pkg_del apache ...

            Or for that matter, if you've screwed up your apache you probably don't want do download base33.tgz if you could get apache33.tgz.

            Anyway, thanks for the links!

      2. By Anonymous Coward () on

        I'd like to see the standard distribution rid of such applications as bind, apache, and sendmail. Then have a series of officially sanctioned ports to supply these.

        They say they are in the base install for the best/secure/stable integration available. There is no reason these couldn't be provided by a port.

        But alas, we know this won't be happening for sometime.

        Comments
        1. By Anonymous Coward () on

          How do we know that?

          Comments
          1. By Anonymous Coward () on

            You haven't been following the mailing lists for enough years :)

        2. By zil0g () on

          don't forget routed, altqd, amd, bootpd, dhcpd, faithd, inetd, lpd, mopd, popa3d, pppd, rarpd, rbootd, route6d, rpc.bootparamd, rpc.lockd, rpc.pcnfsd rpc.yppasswdd, rtadvd, rtsold, rwhod, sshd, syslogd, timed, afsd, fingerd, ftpd, hpropd, identd, kadmind, kauthd, kpasswdd, kpropd, ntalkd, rpc.rquotad, rpc.rstatd, rpc.rwalld, rpc.sprayd, rshd, smtpd, smtpfwdd, spamd, tcpd, uucpd

          nobody uses them either.

          Comments
          1. By zil0g () on

            oh yeah, and the guys hiding in /sbin too, better yet, completely remove /usr, along with /sbin

    4. By Daniel Tams () on

      Good idea. During the installation process there should be an option where you can select the individual "base" packages you want to install, e.g. apache, bind, sendmail.

    5. By Anonymous Coward () on

      I like having a basic sendmail there, maybe having the localhost.cf file as default would be better. Adding source is for sure a bad thing.

  9. By Happy () on

    A clean base is a happy base ... here here ... lets not muck up the works ... just grab it via CVS ... no need to distribute sources with binaries ... just asking for trouble there

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]