* Re: Installing dnscache with runit, without other djb utils
@ 2008-07-19 18:15 lanek
0 siblings, 0 replies; 12+ messages in thread
From: lanek @ 2008-07-19 18:15 UTC (permalink / raw)
To: supervision; +Cc: Charlie Brady
> What more detail are you looking for?
>
> The seed file is only useful if it is attached to standard input of the
> dnscache process, which will read up to 128 bytes to seed its RNG.
[d]nscache reads a seed, up to 128 bytes, from standard input, and passes
the seed to dns_random_init^1
Yes, dnscache reading the seed from _standard input_ details better the
situation:
exec<seed or dnscache <seed
become more intelligible. ("If it's a cow don't call it a bovine," says
Ledgard.)
Thank you _very much_ for the vital correction, I don't know how I have
missed
that ... eventually it has been, if I remember correctly, a mere mapping
operation--from daemontools to runit ... And was thinking you were hinting at
some synchronization problems.
/Roy Lanek
1. Configuration, http://cr.yp.to/djbdns/dnscache.html
--
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS malu bertanya, sesat di jalan
SSSSS . s l a c k w a r e SSSSSS embarrassed to ask will result in
SSSSS +------------ linux SSSSSS getting lost
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
[not found] <49351.125.162.61.255.1216395759.squirrel@novenine.com>
@ 2008-07-19 16:24 ` Charlie Brady
0 siblings, 0 replies; 12+ messages in thread
From: Charlie Brady @ 2008-07-19 16:24 UTC (permalink / raw)
To: lanek; +Cc: supervision
On Fri, 18 Jul 2008, lanek@novenine.com wrote:
>> there's an error here worth highlighting given the "recently discovered"
>> issues with DNS query port randomisation.
>
> Detail the error please.
I did. I said:
There's something important missing here. You need to do:
exec<seed
or
exec chpst -U yyy -e ./env -o 250 -d "$DATALIMIT" \
/usr/bin/dnscache <seed
What more detail are you looking for?
The seed file is only useful if it is attached to standard input of the
dnscache process, which will read up to 128 bytes to seed its RNG.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
@ 2008-07-19 6:02 lanek
0 siblings, 0 replies; 12+ messages in thread
From: lanek @ 2008-07-19 6:02 UTC (permalink / raw)
To: supervision
> there's an error here worth highlighting given the "recently discovered"
> issues with DNS query port randomisation.
Detail the error please.
From my [modified] rc.S:
1)
# -- ** initialize /dev/urandom:
_POOLSIZE=/proc/sys/kernel/random/poolsize
_SEED=/etc/random-seed
_URANDOM=/dev/urandom
if [ -f $_SEED ]; then # -- carry an entropy pool (improve randomness).
yellow "using $_SEED to initialize $_URANDOM ..."
cat $_SEED > $_URANDOM
fi
if [ ! -r $_POOLSIZE ]; then
_BYTES=512
else
_BYTES=`cat $_POOLSIZE`
fi
dd if=$_URANDOM of=$_SEED count=1 bs=$_BYTES 2> /dev/null
chmod 600 $_SEED
(And similarly/complementarily, ditto within rc.6.)
Then from rc.M:
2)
yellow 'starting runit ...' ; # -- runit "stage 2."
csh -cf 'runsvdir-start &'
Cheers,
/Roy
--
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS berat sama dipikul, ringan sama dijinjing
SSSSS . s l a c k w a r e SSSSSS heavy we shoulder together, light
SSSSS +------------ linux SSSSSS we hand-carry together
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
2006-09-28 0:12 Roy Lanek
@ 2008-07-18 14:20 ` Charlie Brady
0 siblings, 0 replies; 12+ messages in thread
From: Charlie Brady @ 2008-07-18 14:20 UTC (permalink / raw)
To: Roy Lanek; +Cc: supervision
On Thu, 28 Sep 2006, Roy Lanek wrote:
> ** Sorry for answering late
And sorry for following up very late - but there's an error here worth
highlighting given the "recently discovered" issues with DNS query port
randomisation.
> #!/bin/sh
> exec 2>&1
> cd '/etc/dnscache' || exit 1
>
> # -- seed:
> umask 077
> /bin/rm -f seed
> /bin/dd if=/dev/urandom bs=128 count=1 > seed 2> /dev/null
> # -- "Linux has a good source of random data, use 128
> # -- bytes of it to pass it to 'dns_random_init' (via
> # -- 'seed')."^1
>
> exec chpst -U yyy -e ./env -o 250 -d "$DATALIMIT" \
> /usr/bin/dnscache
There's something important missing here. You need to do:
exec<seed
or
exec chpst -U yyy -e ./env -o 250 -d "$DATALIMIT" \
/usr/bin/dnscache <seed
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
@ 2006-09-28 0:12 Roy Lanek
2008-07-18 14:20 ` Charlie Brady
0 siblings, 1 reply; 12+ messages in thread
From: Roy Lanek @ 2006-09-28 0:12 UTC (permalink / raw)
** Sorry for answering late
> I'd like to install djb's dnscache to run under my
> existing runit-based system.
** you can (it's working perfectly for me).
> In order to do so, it seems to require me to install
> a number of other djb utilities which have the same
> name as some of the runit-based symlinks: setuidgid,
> pgrphack, etc.
** no. My case:
/etc/dnscache
with the usual inner structure (log, supervise, run) +
/etc/dnscache/env
/etc/dnscache/root
/etc/dnscache/seed
extra
env, root, seed like with the original dnscache
log and supervise like usual
drwxr-sr-x 2 root root 8 Jun 19 02:34 env
drwxr-x--- 3 root xxx 5 Jun 19 02:27 log
drwxr-sr-x 4 root root 4 Jun 19 02:21 root
-rwx------ 1 root root 395 Jun 19 14:51 run
-rw------- 1 root root 128 Sep 28 02:39 seed
drwx------ 2 root root 8 Sep 28 02:39 supervise
xxx is your groupid of choice from the runit family
run is:
#!/bin/sh
exec 2>&1
cd '/etc/dnscache' || exit 1
# -- seed:
umask 077
/bin/rm -f seed
/bin/dd if=/dev/urandom bs=128 count=1 > seed 2> /dev/null
# -- "Linux has a good source of random data, use 128
# -- bytes of it to pass it to 'dns_random_init' (via
# -- 'seed')."^1
exec chpst -U yyy -e ./env -o 250 -d "$DATALIMIT" \
/usr/bin/dnscache
# -- 1. The dnscache-conf program, djbdns' doc.
with yyy = your userid for dnscache (from the passwd)
run in supervise is:
#!/bin/sh
exec chpst -uxxx svlogd -tt main/dnscache
with xxx the same as above
and main as known.
symbolic link to /etc/dnscache as usual
Hope I have given you enough info.
The only exception I know in which I had to really compile
daemontools--just to extract tai64n and tai64nlocal--is
uschedule, which I also use with great satisfaction under
runit. (You need also to set a bit up an environment, a
trivial task).
Cheers,
/Roy
P.S.
After a second thought, maybe it interests others too (I
have answered to the sender directly already).
--
######################## anjing menggonggong, kafilah tetap berlalu
##### . slackware ###### the dogs are barking, the caravan moves on
##### +-----linux ###### [illustrates useless protest, critic, or sarcasm]
########################
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
2006-09-21 1:03 ` Charlie Brady
@ 2006-09-21 1:28 ` Lloyd Zusman
0 siblings, 0 replies; 12+ messages in thread
From: Lloyd Zusman @ 2006-09-21 1:28 UTC (permalink / raw)
Charlie Brady <charlieb-supervision@budge.apana.org.au> writes:
> On Wed, 20 Sep 2006, Lloyd Zusman wrote:
>
>> Rather, I'm talking about the initial installation of djbdns. According
>> to djb's docs, I have to first install his daemontools and ucspi-tcp
>> packages in order to get the djbdns stuff installed, and I don't want to
>> do either of those installations.
>
> You don't need to. djb's docs were written before runit existed. You can
> ignore (as you have discovered) the suggestion that daemontools and
> ucspi-tcp are required.
>
>> I tried to do install djbdns a while ago with only the runit utils in
>> place, and it failed (sadly, I don't have the error log any more).
>
> Without the error log, nobody will be able to tell you what went wrong.
... but it's a moot point now. Did you read the rest of my message?
--
Lloyd Zusman
ljz@asfast.com
God bless you.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
2006-09-21 0:44 ` Lloyd Zusman
@ 2006-09-21 1:03 ` Charlie Brady
2006-09-21 1:28 ` Lloyd Zusman
0 siblings, 1 reply; 12+ messages in thread
From: Charlie Brady @ 2006-09-21 1:03 UTC (permalink / raw)
Cc: supervision
On Wed, 20 Sep 2006, Lloyd Zusman wrote:
> Rather, I'm talking about the initial installation of djbdns. According
> to djb's docs, I have to first install his daemontools and ucspi-tcp
> packages in order to get the djbdns stuff installed, and I don't want to
> do either of those installations.
You don't need to. djb's docs were written before runit existed. You can
ignore (as you have discovered) the suggestion that daemontools and
ucspi-tcp are required.
> I tried to do install djbdns a while ago with only the runit utils in
> place, and it failed (sadly, I don't have the error log any more).
Without the error log, nobody will be able to tell you what went wrong.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
2006-09-21 0:12 ` Charlie Brady
@ 2006-09-21 0:44 ` Lloyd Zusman
2006-09-21 1:03 ` Charlie Brady
0 siblings, 1 reply; 12+ messages in thread
From: Lloyd Zusman @ 2006-09-21 0:44 UTC (permalink / raw)
Charlie Brady <charlieb-supervision@budge.apana.org.au> writes:
> On Wed, 20 Sep 2006, Lloyd Zusman wrote:
>
>> I'd like to install djb's dnscache to run under my existing runit-based
>> system. In order to do so, it seems to require me to install a number
>> of other djb utilities which have the same name as some of the
>> runit-based symlinks: setuidgid, pgrphack, etc.
>>
>> This will cause a conflict or worse (overwriting?) with the
>> corresponding runit-based symlinks, and I want to avoid this.
>
> What makes you think that you need to install the djb utilities? What
> happens if you just use the runit-based symlinks?
Thank you.
Those runit symlinks work just fine at run time. That's not where my
problem lies.
Rather, I'm talking about the initial installation of djbdns. According
to djb's docs, I have to first install his daemontools and ucspi-tcp
packages in order to get the djbdns stuff installed, and I don't want to
do either of those installations.
I tried to do install djbdns a while ago with only the runit utils in
place, and it failed (sadly, I don't have the error log any more).
But now, after having typed the preceding part of this reply, I decided
to try installing djbdns a second time, just in case (again, without any
other djb utils in place ... only runit). And this time, it worked.
Therefore, I must have done something wrong with that earlier install,
which means that my question here is moot.
Thanks to you and also to Vincent Danet and Wayne Marshall for your kind
help.
>> Does anyone know how to install dnscache to run under runit _without_
>> having djb's utilities mess up my runit-based symlinks?
>
> You shouldn't need setuidgid or pgrphack to run dnscache.
>
--
Lloyd Zusman
ljz@asfast.com
God bless you.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
2006-09-20 22:30 Lloyd Zusman
2006-09-20 23:49 ` Wayne Marshall
2006-09-21 0:07 ` Vincent Danen
@ 2006-09-21 0:12 ` Charlie Brady
2006-09-21 0:44 ` Lloyd Zusman
2 siblings, 1 reply; 12+ messages in thread
From: Charlie Brady @ 2006-09-21 0:12 UTC (permalink / raw)
Cc: supervision
On Wed, 20 Sep 2006, Lloyd Zusman wrote:
> I'd like to install djb's dnscache to run under my existing runit-based
> system. In order to do so, it seems to require me to install a number
> of other djb utilities which have the same name as some of the
> runit-based symlinks: setuidgid, pgrphack, etc.
>
> This will cause a conflict or worse (overwriting?) with the
> corresponding runit-based symlinks, and I want to avoid this.
What makes you think that you need to install the djb utilities? What
happens if you just use the runit-based symlinks?
> Does anyone know how to install dnscache to run under runit _without_
> having djb's utilities mess up my runit-based symlinks?
You shouldn't need setuidgid or pgrphack to run dnscache.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
2006-09-20 22:30 Lloyd Zusman
2006-09-20 23:49 ` Wayne Marshall
@ 2006-09-21 0:07 ` Vincent Danen
2006-09-21 0:12 ` Charlie Brady
2 siblings, 0 replies; 12+ messages in thread
From: Vincent Danen @ 2006-09-21 0:07 UTC (permalink / raw)
Cc: supervision
[-- Attachment #1: Type: text/plain, Size: 1047 bytes --]
* Lloyd Zusman <ljz@asfast.com> [2006-09-20 18:30:33 -0400]:
> I'd like to install djb's dnscache to run under my existing runit-based
> system. In order to do so, it seems to require me to install a number
> of other djb utilities which have the same name as some of the
> runit-based symlinks: setuidgid, pgrphack, etc.
>
> This will cause a conflict or worse (overwriting?) with the
> corresponding runit-based symlinks, and I want to avoid this. Does
> anyone know how to install dnscache to run under runit _without_ having
> djb's utilities mess up my runit-based symlinks?
>
> Thanks in advance.
Take a peek here:
http://svn.annvix.org/cgi-bin/viewvc.cgi/djbdns/?root=ports
I've been running djbdns (tinydns, dnscache, etc.) since I moved to
runit years ago and they work great without needing daemontools.
At that url, look at the *.run files (those are the runscripts).
--
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
[-- Attachment #2: Type: application/pgp-signature, Size: 186 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Installing dnscache with runit, without other djb utils
2006-09-20 22:30 Lloyd Zusman
@ 2006-09-20 23:49 ` Wayne Marshall
2006-09-21 0:07 ` Vincent Danen
2006-09-21 0:12 ` Charlie Brady
2 siblings, 0 replies; 12+ messages in thread
From: Wayne Marshall @ 2006-09-20 23:49 UTC (permalink / raw)
Cc: supervision
On Wed, 20 Sep 2006 18:30:33 -0400
Lloyd Zusman <ljz@asfast.com> wrote:
> I'd like to install djb's dnscache to run under my existing
> runit-based system. In order to do so, it seems to require me to
> install a number of other djb utilities which have the same name as
> some of the runit-based symlinks: setuidgid, pgrphack, etc.
>
> This will cause a conflict or worse (overwriting?) with the
> corresponding runit-based symlinks, and I want to avoid this. Does
> anyone know how to install dnscache to run under runit _without_
> having djb's utilities mess up my runit-based symlinks?
>
These run scripts may help:
http://www.slackmatic.org/site.cgi?repoview=guinix&port=runit-djbdns
Wayne
^ permalink raw reply [flat|nested] 12+ messages in thread
* Installing dnscache with runit, without other djb utils
@ 2006-09-20 22:30 Lloyd Zusman
2006-09-20 23:49 ` Wayne Marshall
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Lloyd Zusman @ 2006-09-20 22:30 UTC (permalink / raw)
I'd like to install djb's dnscache to run under my existing runit-based
system. In order to do so, it seems to require me to install a number
of other djb utilities which have the same name as some of the
runit-based symlinks: setuidgid, pgrphack, etc.
This will cause a conflict or worse (overwriting?) with the
corresponding runit-based symlinks, and I want to avoid this. Does
anyone know how to install dnscache to run under runit _without_ having
djb's utilities mess up my runit-based symlinks?
Thanks in advance.
--
Lloyd Zusman
ljz@asfast.com
God bless you.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2008-07-19 18:15 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-07-19 18:15 Installing dnscache with runit, without other djb utils lanek
[not found] <49351.125.162.61.255.1216395759.squirrel@novenine.com>
2008-07-19 16:24 ` Charlie Brady
-- strict thread matches above, loose matches on Subject: below --
2008-07-19 6:02 lanek
2006-09-28 0:12 Roy Lanek
2008-07-18 14:20 ` Charlie Brady
2006-09-20 22:30 Lloyd Zusman
2006-09-20 23:49 ` Wayne Marshall
2006-09-21 0:07 ` Vincent Danen
2006-09-21 0:12 ` Charlie Brady
2006-09-21 0:44 ` Lloyd Zusman
2006-09-21 1:03 ` Charlie Brady
2006-09-21 1:28 ` Lloyd Zusman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).