Contributed by
jose
on
from the i-need-to-recompile-it! dept.
zibi
asks:
"This is the proposition to add sources of
sendmail to the install package baseXX.tgz .
It is due to the fact that people often want to
recompile the sendmail with eg. sasl support.
Motivation is that original sources from
sendmail.org doesn't have OpenBSD specific
Makefiles and it is a pain to compile it in
OpenBSD way without all OpenBSD sources.
What do you think about it?"
I doubt this change will be made (it could easily be justified for other large packages, including OpenSSL and Apache), but anyone have anything to say?
I see no reason other than convenience for a few people. if they want it so bad, deal with it. no need to start mucking with the base install just to make it easier.
Comments
By
Anonymous Coward ()
on
Am I missing something?
cd /usr
export CVSROOT="anoncvs@anoncvs1.usa.openbsd.org:/cvs"
cvs co src/gnu/usr.sbin/sendmail
is that so hard? come on...
Comments
By
Anonymous Coward ()
on
oops, sorry, didnt mean to reply to your post, but rather the parent article.
By
Anonymous Coward ()
on
Am I missing something?
cd /usr
export CVSROOT="anoncvs@anoncvs1.usa.openbsd.org:/cvs"
cvs co src/gnu/usr.sbin/sendmail
is that so hard? come on...
Comments
By
Juanjo ()
on
Funny... do you mean you can compile sendmail *only* with that checkout?
I think you can't... You need src/libexec stuff also (that's the first that comes to my mind, but may be others too).
I don't agree with sendmail source being into base, but it's true (again) sometimes I cannot install whole src.tar.gz in order to patch a production system.
By
kko ()
on
fetching the source tree and updating via CVS is not that much of a hassle, besides if you really need it that bad, and you need it often, you could always create your own siteXX.tgz file... More info on that
here
.
By
Anonymous Coward ()
on
One of the first things I do when I install an OpenBSD box is remove sendmail.
90% of the OpenBSD boxes I run are firewalls, so have no call for an MTA - the others I run exim on.
I submitted to ports@ a while back a way of building libmilter. Of course nobody commented other than, "you cn build that from sthe OpenBSD source". We really shouldn't have to down load a 90M source tarball just to get some functionality that the ports/packages mechanism can provide.
By
fo0 ()
on
I see no need to bloat the base install with something non-essential, especially when not everyone uses sendmail.
By
Anonymous Coward ()
on
According to Theo's plan*, He does not source code in the base OS. Source code the base OS could lead to a trojaned system if a threat gains access to the system.
Getting source code through CVS or building your own etcxx.tgz or basexx.tgz is not too difficult to do.
* From what I read please me if I wrong thanks
By
Anonymous Coward ()
on
Why not go the other way: strip base. I use my OBSD box as a firewall, I don't want/need apache for instance, I don't have the comp package, I don't want/need sendmail. There's lots of stuff if base that I can't get rid of because I don't know which files belong to sendmail for instanse. So adding source is a in my opinion a bad thing. What I'd like to see is base being split into serveral packages. I don't think httpd should be on a 'base' system.
me too. iŽd rather include another mailsystem (postfix comes to mind) than ad more of that sendmail stuff that i guess noone uses anyway.
By
Dave ()
on
Sounds like a good idea to me - split off all the daemons like apache, bind and sendmail into another tarball.
By
Anonymous Coward ()
on
I agree with this, I think the default install is still too inclusive, especially given that OpenBSD's stated goal is security, and a minimum install should be considered a key system requirement (it seems that many people do strip down their installs as well).
I'd prefer to see any of these options:
(a) an extra distribution called "tight" that removes a lot of gunk; and possible to then bring in the additional support (e.g. yp, kerberos, etc is actually a package to install on top of the base OS);
(b) at a minimum, a system build option in the source tree to allow more precise building of the system (e.g. options to select "base" - "yp" + "kerberos" - "sendmail" - "inetd" ...), at least then I could just build my own tight install;
Of course, I should really be contributing to the project to make this happen rather than just stating that "it would be nice". :-)
Not only would this lead to a smaller system. It would also mean that if sendmail, for instance, is found defective you could get the binary snapshot and tar x it and there you go. I'd like to avoid having the comp package on my firewall.
if anyone has got any hints, guides, links on stripping the base install I'd really appreciate some.
Henning started the Fugu project awhile ago which did precisely this. I think he gave it up when he got wrapped up in pf with Daniel.
I had a pretty solid script before that would handle most of this. But, my ideas of how it should be done differed from those in the project so I got frustrated and stopped working on it.
Check these links:
http://fugu.bsws.de/
http://www.lucq.org/obsdwall/
This is not for 3.3? Just wanna be sure before I try it. Seems like a very good project though.
Just imagine how easy this would be if you could do pkg_del apache ...
Or for that matter, if you've screwed up your apache you probably don't want do download base33.tgz if you could get apache33.tgz.
Anyway, thanks for the links!
By
Anonymous Coward ()
on
I'd like to see the standard distribution rid of such applications as bind, apache, and sendmail. Then have a series of officially sanctioned ports to supply these.
They say they are in the base install for the best/secure/stable integration available. There is no reason these couldn't be provided by a port.
But alas, we know this won't be happening for sometime.
Comments
By
Anonymous Coward ()
on
How do we know that?
Comments
By
Anonymous Coward ()
on
You haven't been following the mailing lists for enough years :)
oh yeah, and the guys hiding in /sbin too, better yet, completely remove /usr, along with /sbin
By
Daniel Tams ()
on
Good idea. During the installation process there should be an option where you can select the individual "base" packages you want to install, e.g. apache, bind, sendmail.
By
Anonymous Coward ()
on
I like having a basic sendmail there, maybe having the localhost.cf file as default would be better. Adding source is for sure a bad thing.
By
Happy ()
on
A clean base is a happy base ... here here ... lets not muck up the works ... just grab it via CVS ... no need to distribute sources with binaries ... just asking for trouble there
By click46 () click46@genmay.net on mailto:click46@genmay.net
Comments
By Anonymous Coward () on
cd /usr
export CVSROOT="anoncvs@anoncvs1.usa.openbsd.org:/cvs"
cvs co src/gnu/usr.sbin/sendmail
is that so hard? come on...
Comments
By Anonymous Coward () on
By Anonymous Coward () on
cd /usr
export CVSROOT="anoncvs@anoncvs1.usa.openbsd.org:/cvs"
cvs co src/gnu/usr.sbin/sendmail
is that so hard? come on...
Comments
By Juanjo () on
I think you can't... You need src/libexec stuff also (that's the first that comes to my mind, but may be others too).
I don't agree with sendmail source being into base, but it's true (again) sometimes I cannot install whole src.tar.gz in order to patch a production system.
By kko () on
By Anonymous Coward () on
90% of the OpenBSD boxes I run are firewalls, so have no call for an MTA - the others I run exim on.
By Ian MCWilliam () i.mcwilliam@uws.edu.au on mailto:i.mcwilliam@uws.edu.au
I submitted to ports@ a while back a way of building libmilter. Of course nobody commented other than, "you cn build that from sthe OpenBSD source". We really shouldn't have to down load a 90M source tarball just to get some functionality that the ports/packages mechanism can provide.
By fo0 () on
By Anonymous Coward () on
Getting source code through CVS or building your own etcxx.tgz or basexx.tgz is not too difficult to do.
* From what I read please me if I wrong thanks
By Anonymous Coward () on
Just my humble opinion.
Comments
By David Wijnants () on
Comments
By lepole () pf@i-security.at on mailto:pf@i-security.at
By Dave () on
By Anonymous Coward () on
I agree with this, I think the default install is still too inclusive, especially given that OpenBSD's stated goal is security, and a minimum install should be considered a key system requirement (it seems that many people do strip down their installs as well).
I'd prefer to see any of these options:
(a) an extra distribution called "tight" that removes a lot of gunk; and possible to then bring in the additional support (e.g. yp, kerberos, etc is actually a package to install on top of the base OS);
(b) at a minimum, a system build option in the source tree to allow more precise building of the system (e.g. options to select "base" - "yp" + "kerberos" - "sendmail" - "inetd" ...), at least then I could just build my own tight install;
Of course, I should really be contributing to the project to make this happen rather than just stating that "it would be nice". :-)
Comments
By Essarf () essarf@home.se on mailto:essarf@home.se
Not only would this lead to a smaller system. It would also mean that if sendmail, for instance, is found defective you could get the binary snapshot and tar x it and there you go. I'd like to avoid having the comp package on my firewall.
if anyone has got any hints, guides, links on stripping the base install I'd really appreciate some.
Just my humble opinion, again.
Comments
By Jason Stout () jstout@0x4a.com on mailto:jstout@0x4a.com
I had a pretty solid script before that would handle most of this. But, my ideas of how it should be done differed from those in the project so I got frustrated and stopped working on it.
Check these links:
http://fugu.bsws.de/
http://www.lucq.org/obsdwall/
Comments
By Essarf () essarf@home.se on mailto:essarf@home.se
Just imagine how easy this would be if you could do pkg_del apache ...
Or for that matter, if you've screwed up your apache you probably don't want do download base33.tgz if you could get apache33.tgz.
Anyway, thanks for the links!
By Anonymous Coward () on
They say they are in the base install for the best/secure/stable integration available. There is no reason these couldn't be provided by a port.
But alas, we know this won't be happening for sometime.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By zil0g () on
nobody uses them either.
Comments
By zil0g () on
By Daniel Tams () on
By Anonymous Coward () on
By Happy () on