Debugging periodic scripts

Jeremy Chadwick freebsd at jdc.parodius.com
Sun Mar 25 15:03:42 UTC 2012 

On Sat, Mar 24, 2012 at 05:32:30PM +0100, Alexander Leidinger wrote:
> On Fri, 23 Mar 2012 04:08:47 -0700 Jeremy Chadwick
> <freebsd at jdc.parodius.com> wrote:
> 
> > Editing /etc/periodic/security/510.ipfdenied's hashbang line to use -x
> > doesn't change the behaviour either (maybe stderr gets sent to
> > /dev/null?), whether I run it by hand as a script or via "periodic
> > security".
> 
> Use "set -x" instead of modifying the first line (I assume the script
> is already started with the correct shell, so the first line is
> ignored). I would also add "env" before and after the sourcing of the
> periodic.conf to see what is defined or not.

I hadn't considered that -- thanks for the tip Alexander.

After briefly checking both systems, it appears that Matthew was
correct.  (I had no idea he sent a follow-up reply until maybe half an
hour ago; I never received a copy of his mail.  Not sure if I was CC'd
or not; please do keep me CC'd as I'm not subscribed to the lists)

The problem script is indeed /etc/periodic/security/610.ipf6denied,
which is why I was getting no where poking at 510.ipfdenied.

The reason only 2 of our systems have this problem is that these 2
systems were rebuilt (bare-bones OS install) fairly recently (02/16 and
03/03 followed by a world rebuild on 03/09).  I can tell this from
simply doing ls -l /etc/periodic/security.  All our systems have the
following (and always have):

src.conf:
WITHOUT_INET6=true
WITHOUT_IPFILTER=true

make.conf:
WITHOUT_IPV6=true
NO_INET6=yes

The reason the problem doesn't affect the other machines is that they
never had a copy of 610.ipf6denied ever installed -- the base
installation was from a much older FreeBSD memstick image (either
8.2-STABLE or 8.1, I forget).

That explains where the file came from on the newer 2 systems, but
doesn't explain why mergemaster or make delete-old isn't nuking the
periodic script.  So I began to dig into that:

Based on what I can see, the crux of the problem is that
src/tools/build/mk/OptionalObsoleteFiles.inc is lacking two OLD_FILES
lines under the ".if ${MK_IPFILTER} == no" clause:

OLD_FILES+=etc/periodic/security/510.ipfdenied
OLD_FILES+=etc/periodic/security/610.ipf6denied

Based on what I see in that file (ex. the MK_ZFS==no bits), that looks
to be the correct solution.

Shall I file a PR for this or is there already one?  :-)

-- 
| Jeremy Chadwick                              jdc at parodius.com |
| Parodius Networking                     http://www.parodius.com/ |
| UNIX Systems Administrator                 Mountain View, CA, US |
| Making life hard for others since 1977.             PGP 4BD6C0CB |

More information about the freebsd-stable mailing list