Announcing bsdconfig(8) preliminary

[Devin Teske]

On Feb 11, 2012, at 2:06 PM, Devin Teske wrote:

> 
> On Feb 10, 2012, at 7:21 PM, Ron McDowell wrote:
> 
>> On 2/10/12 8:35 PM, Devin Teske wrote:
>>> On Feb 10, 2012, at 5:35 PM, Ron McDowell wrote:
>>> 
>>>> On 2/10/12 7:20 PM, Devin Teske wrote:
>>>>>> -----Original Message-----
>>>>>> From: owner-freebsd-sysinstall at freebsd.org [mailto:owner-freebsd-
>>>>>> sysinstall at freebsd.org] On Behalf Of Ron McDowell
>>>>>> Sent: Thursday, February 09, 2012 11:37 AM
>>>>>> To: freebsd-sysinstall at freebsd.org
>>>>>> Subject: Announcing bsdconfig(8) preliminary
>>>>>> 
>>>>>> http://fuzzwad.org/bsdconfig/ is a long way from finished, but there is
>>>>>> enough of a framework available now, that I'm wanting some feedback on.
>>>>>> Tarballs are out there and I'll guarantee you'll want to look at the
>>>>>> latest, and not the earlier examples.  The manpage in the tarball is a
>>>>>> good place to start.
>>>>>> 
>>>>>> Feel free to talk about it here and ask any questions you want.  The
>>>>>> direction I go with it will depend [I hope!] on where everyone wants it
>>>>>> to go.  Thanks in advance.
>>>>>> 
>>>>> Hi Ron,
>>>>> 
>>>>> Thank you very much for working on this with everyone.
>>>>> 
>>>>> I notice that you've centralized the use of "notimplemented" to
>>>>> /usr/libexec/bsdconfig/notimplemented which makes the per-module files
>>>>> /usr/libexec/bsdconfig/*.*/notimplemented obsolete.
>>>>> 
>>>>> I thinking I should clean things up after installation by executing:
>>>>> 
>>>>> 	cd /usr/libexec/bsdconfig
>>>>> 	sudo rm -f *.*/notimplemented
>>>> Absolutely, thanks for pointing that out.  I just cleaned it up on my copy.
>>>> 
>>>>> Again, thanks for working on this, ... would you mind if I took it and worked on
>>>>> it this weekend and passed it back to you for review?
>>>> Go for it!
>>>> 
>>> How do you feel about implementing "090.time-zone" with my ports addition, sysutils/tzdialog?
>> 
>> tzsetup(8) is already installed in base...I haven't looked at tzdialog, does it do more than tzsetup? If so, then tzdialog needs to be included here like we've done with host-setup in 120.networking.
>> 
>>> Aside, I have a question about the INDEX file...
>>> 
>>> Does the exit status of the program-to-be-executed matter in any way to bsdconfig?
>> 
>> Not yet, but it could and probably should...if nothing else, we should at least pass the exit code back up the line.
>> 
>>> Reason I ask is because tzdialog has a "-e" flag which may be useful if-desired, causing the exit status to be success if-and-only-if both a zonefile is selected and it was installed without error.
>> 
>> -- 
>> Ron McDowell
>> San Antonio TX
> 
> I've put a significant amount of work into this over the last 24 hours and would like to share my contributions.
> 
> http://druidbsd.sourceforge.net/download/bsdconfig/
> 
> http://druidbsd.sourceforge.net/download/bsdconfig/bsdconfig.120211.txz
> 
> Please try:
> 
> bsdconfig networking
> bsdconfig timezone
> bsdconfig networking -h
> bsdconfig timezone -h
> bsdconfig networking -X
> bsdconfig timezone -X
> 

Here's a little trick for testing the X11 interfaces from a Mac or PC (running Windows) using X11 Forwarding over SSH to a FreeBSD 9 box as a non-root user with sudo(8) access.

===

First of three pre-requisites: You have to get your FreeBSD 9.0-RELEASE (or higher) system ready to run Xdialog(1):

	(as root)
	pkg_add -r sudo
	pkg_add -r xauth
	pkg_add -r xorg
	pkg_add -r xdialog
	pkg_add -r xdpyinfo

NOTE: Since we'll be using X11 Forwarding via SSH, you won't actually have to configure or run the X server on the FreeBSD system. However, the packages must still be installed. This works both on real machines and virtual machines (headless or otherwise).

===

Second pre-requisite: You need an X Server installed on your client machine that you're SSH'ing *from*

Free 3rd Party software available for both Mac and Windows.

On Mac, you can install the free Apple X11 software from the below link:

http://www.apple.com/support/downloads/x11formacosx.html

NOTE: On Mac, you don't have to start the Apple X11 Server (X11.app) manually, it just needs to be installed before proceeding (it will launch automatically as-needed).

On Windows, you can install the free Xming software from the below link:

http://www.straightrunning.com/XmingNotes/

NOTE: On Windows, it's recommended you download and install "Xming" from the "Public Domain Releases", version "6.9.0.31" as well as the "Xming-fonts" right above it, version "7.5.0.34". After installing Xming, run it from your Start menu.

On PC, you'll also need the free PuTTY software from Simon Tatham; below link:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

NOTE: On Windows, it's recommended you download "putty.exe".

===

Third pre-requisite (Windows only): Symlink /bin/xauth to /usr/local/bin/xauth on your FreeBSD 9.0-RELEASE (or higher) system

	ln -sf /usr/local/bin/xauth /bin/xauth

Depends on the software you're using, you might have to create additional symlinks. Alternatives also include using "~/.ssh/config" on UNIX-like hosts to specify alternate paths to for XAuthLocation, but on Mac this usually isn't needed where on Windows it's pretty common.

===

Now with pre-requesites satisfied, we can move on with the testing of these X features via SSH as a non-root user.

===

Step 1: Open a terminal

On Mac, you can find "Terminal.app" in "Applications/Utilities" (Cmd+Shift+U while in Finder to open "Utilities" folder or use the "Go" menu in the menubar).

On PC, run "putty.exe".

This is where things diverge a bit for Mac/Windows...

For Mac, use the below command to start an X11 Forwarded session to a FreeBSD 9.0-RELEASE or higher system...

	ssh -X someuser at somehost

NOTE: Make sure to use upper-case "X"

For PC, you'll have to do two things in the PuTTY new-connection dialog window:

A. Enter the hostname of a system running FreeBSD 9.0-RELEASE or higher
B. Find "SSH" on the left and in the SSH options,  enable "X11 Forwarding" (click the checkbox)

NOTE: Xming should be running in the system tray before you connect

===

Step 2: Test your X11 Forwarding first

You'll want to know that your X11 Forwarded SSH session is working before you attempt to use it via sudo(8) (which requires some xauth(1) magic).

	echo $DISPLAY

should produce a non-null response (something like "localhost:10.0" or "some.host.com:10.0" -- depending on sshd_config X11UseLocalHost setting). Also,

	xdpyinfo

Should spew some info about your display (this is info about your Mac's Apple X11 app or on Windows, Xming).

If either of these fail, then X11 Forwarding via SSH is not working for you and you need to diagnose the issue (may be administratively prohibited by the system administrator via sshd_config(5) or xauth(1) wasn't found by your client software).

===

Step 3: Grant "root" the ability to use your X11 session

The default settings in FreeBSD 9 don't allow you to do things like:

	sudo xdpyinfo

The failure becomes:

	X11 connection rejected because of wrong authentication.
	xdpyinfo:  unable to open display "localhost:10.0".
 
The solution is to execute:

	xauth -f ~/.Xauthority extract - ${HOSTNAME:-localhost}{/unix,}:${DISPLAY#*:} | sudo -u root xauth -ivf ~root/.Xauthority merge -

NOTE: If you want to authorize another user other than root, replace "sudo -u root" with "sudo -u USER" and replace "~root/.Xauthority" with "~USER/.Xauthority".

Sample output from the above command is shown below:

	Ignoring locks on authority file /root/.Xauthority
	1 entries read in:  0 new, 1 replacement
	Ignoring locks and writing authority file /root/.Xauthority

Immediately after-which, re-executing the above failed command:

	sudo xdpyinfo

now succeeds.

===

Step 4: Try bsdconfig hostname and timezone elements via X11 as non-root user via sudo(8)

Execute on your FreeBSD-9 (or higher) system (via SSH or otherwise):

	sudo bsdconfig networking -X
	sudo bsdconfig timezone -X

-- 
Devin

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.