Custom Kernel Config for FreeBSD 8-Stable

For FreeBSD system upgrades, my # make buildkernel is instructed to use a custom kernel config at /usr/src/sys/amd64/conf/CUSTOM64. It includes:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
include GENERIC
machine amd64
cpu HAMMER # aka K8, aka Opteron & Athlon64
nocpu i486_CPU
ident CUSTOM64
nomakeoption DEBUG
## No IPv6
nooptions INET6
nooptions SCTP # Stream Control Transmission Protocol
## No Debugging stuff
nooptions INVARIANTS
nooptions INVARIANT_SUPPORT
nooptions WITNESS
nooptions WITNESS_SKIPSPIN
nodevice eisa
nodevice fdc
## Disable various ATA systems we will never have
nodevice atapicd # ATAPI CDROM drives
nodevice atapifd # ATAPI floppy drives
nodevice atapist # ATAPI tape drives
nooptions MSDOSFS # MSDOS Filesystem
nooptions CD9660 # ISO 9660 Filesystem
device ahci
nodevice urio
nodevice uscanner
nodevice aue
nodevice axe
nodevice cdce
nodevice cue
nodevice kue
nodevice rue
# PCMCIA and cardbus bridge support
nodevice cbb # cardbus (yenta) bridge
nodevice pccard # PC Card (16-bit) bus
nodevice cardbus # CardBus (32-bit) bus
# Parallel port
nodevice ppc
nodevice ppbus # Parallel port bus (required)
nodevice lpt # Printer
nodevice plip # TCP/IP over parallel
nodevice ppi # Parallel port interface device
# FireWire support
nodevice firewire # FireWire bus code
nodevice sbp # SCSI over FireWire (Requires scbus and da)
nodevice fwe # Ethernet over FireWire (non-standard!)
nodevice fwip # IP over FireWire (RFC 2734,3146)
nodevice dcons # Dumb console driver
nodevice dcons_crom # Configuration ROM for dcons

SABnzbd and SICKbeard on FreeBSD

For my own archives, I have reproduced installation instructions for SABnzbd and Sickbeard on FreeBSD from Syah of the FreeBSD forums (titled: FreeBSD +Sabnzbd/Sickbeard/CouchPotato):

1. install sabnzbd+ from ports.

# cd /usr/ports/news/sabnzbdplus; make install clean

2) install some dependencies if they are not already present on your system. Needed to run & acquire python scripts (Sick Beard, Couch Potato, Headphones)

Python # cd /usr/ports/lang/python; make install clean

Cheetah # cd /usr/ports/devel/py-cheetah; make install clean

Git # cd /usr/ports/devel/git; make install clean

3. Fetch most recent builds of the three tools

Sick Beard # cd /usr/local ; git clone git://github.com/midgetspy/Sick-Beard.git sickbeard

4. Configure auto-start for python scripts and sabnzbd+

Sick Beard # cp /usr/local/sickbeard/init.freebsd /usr/local/etc/rc.d/sickbeard

Add the following to /etc/rc.conf:
sabnzbd_enable="YES"
sickbeard_enable="YES"

5. configure all the tools to play nice together.

Totally beyond the scope of a quick & dirty update. You should read the installation instructions and refer to the individual websites for each of these projects to fully leverage this tool set.

Hopefully this gets you a bit further towards your goal.
To keep track of upstream changes to SickBeard:
# cd /usr/local/sickbeard && git pull

A few notes:

  • Step 4. will fail as SickBeard currently only comes with an Ubuntu startup script. Hatchling, from the SickBeard Forums (A FreeBSD rc.d script), kindly published a working copy of a FreeBSD rc script that is available here (and duplicated here.)
    It appears that an init script for FreeBSD is now provided with the latest git pull - unfortunately, it’s not perfect, and needs to be modified for SickBeard to shut down properly.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    diff --git a/init.freebsd b/init.freebsd
    index 8d9ba4b..3f65b31 100755
    --- a/init.freebsd
    +++ b/init.freebsd
    @@ -69,7 +69,7 @@ verify_sickbeard_pid() {
    sickbeard_stop() {
    echo "Stopping $name"
    verify_sickbeard_pid
    - ${WGET} -O - -q --user=${SBUSR} --password=${SBPWD} "http://${HOST}:${PORT}/home/shutdown/" >/dev/null
    + ${WGET} -O - -q --user=${SBUSR} --password=${SBPWD} "http://${HOST}:${PORT}/home/shutdown/?pid=${pid}" >/dev/null
    if [ -n "${pid}" ]; then
    wait_for_pids ${pid}
    echo "Stopped"

Flash and Java for Google Chromium in FreeBSD 8

According to the official FreeBSD handbook (Ch 7.2 Browsers), perform the following steps to have a Java and Flash capable Chromium browser for FreeBSD 8:

As root:

# portmaster www/chromium \ java/openjdk6 \ java/icedtea-web \ www/nspluginwrapper \ www/linux-f10-flashplugin10

Then:

# mkdir -p /usr/local/share/chromium/plugins

# ln -s /usr/local/lib/IcedTeaPlugin.so /usr/local/share/chromium/plugins/

# ln -s /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so \ /usr/local/lib/browser_plugins/

The Linux process file system, linprocfs(5) has to be mounted on /compat/linux/proc:

# mount -t linprocfs linproc /compat/linux/proc

To mount the proc fs at each system boot, in /etc/fstab, have:

1
linproc /compat/linux/proc linprocfs rw 0 0

As a user:

% nspluginwrapper -v -a -i

nVidia in FreeBSD 8

Follow the official FreeBSD documents on how to install the latest nvidia drivers (Installing and using Compiz Fusion - Ch 2 Setting up the FreeBSD nVidia driver).

My /etc/X11/xorg.conf contains:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings: version 285.05.09 (root@localhost) Fri Oct 10 23:03:46 EST 2011
Section "ServerLayout"
Identifier "X.org Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Keyboard0" "CoreKeyboard"
Option "Xinerama" "0"
EndSection
Section "Files"
ModulePath "/usr/local/lib/xorg/modules"
FontPath "/usr/local/lib/X11/fonts/misc/"
FontPath "/usr/local/lib/X11/fonts/TTF/"
FontPath "/usr/local/lib/X11/fonts/OTF"
FontPath "/usr/local/lib/X11/fonts/Type1/"
FontPath "/usr/local/lib/X11/fonts/bitstream-vera/"
FontPath "/usr/local/lib/X11/fonts/terminus-font/"
FontPath "/usr/local/lib/X11/fonts/75dpi/"
FontPath "/usr/local/lib/X11/fonts/100dpi/"
FontPath "/usr/local/lib/X11/fonts/artwiz-fonts/"
FontPath "/usr/local/lib/X11/fonts/dejavu/"
FontPath "/usr/local/lib/X11/fonts/webfonts/"
FontPath "/home/ootput/.fonts/ubuntu/"
EndSection
Section "Module"
Load "extmod"
Load "glx"
Load "dbe"
Load "dri"
Load "dri2"
Load "record"
EndSection
Section "InputDevice"
Identifier "Keyboard0"
Driver "kbd"
EndSection
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/sysmouse"
Option "ZAxisMapping" "4 5 6 7"
EndSection
Section "Monitor"
Identifier "Monitor0"
VendorName "Unknown"
ModelName "Acer GN245HQ"
HorizSync 30.0 - 83.0
VertRefresh 56.0 - 75.0
EndSection
Section "Device"
Identifier "Card0"
Driver "nvidia"
VendorName "nVidia Corporation"
BoardName "GT218 [GeForce 8400 GS]"
BusID "PCI:1:0:0"
EndSection
Section "Device"
Identifier "Device0"
Driver "nvidia"
VendorName "NVIDIA Corporation"
BoardName "GeForce 8400GS"
EndSection
Section "Screen"
Identifier "Screen0"
Device "Device0"
Monitor "Monitor0"
DefaultDepth 24
Option "TwinView" "0"
Option "metamodes" "nvidia-auto-select +0+0; 1920x1080 +0+0"
SubSection "Display"
Depth 24
EndSubSection
EndSection

SASL for WeeChat

You can encrypt your password for NickServ authentication using blowfish and SASL.

To set “dh-blowfish” by default for all servers:

/set irc.server_default.sasl_mechanism dh-blowfish

(Note that this will only work if your WeeChat was built with libgcrypt support - otherwise, use the “plain” mechanism.)

Additionally, per-server username and password settings can be applied - for instance, with Freenode:

/set irc.server.freenode.sasl_username "_username_" /set irc.server.freenode.sasl_password "_password_"

Apply Security Patches to FreeBSD

From FreeBSD Handbook - Ch 26 Updating FreeBSD:

Security patches are stored on a remote machine and may be downloaded and installed using the following command:

# freebsd-update fetch

# freebsd-update install

An entry in /etc/crontab allows freebsd-update to be run as a nightly cron job:

@daily root freebsd-update cron

Here, freebsd-update will only check if updates exist. If patches exist, they will automatically be downloaded to the local disk but not applied; the root user will be sent an email so they may install them manually.

If anything goes wrong, freebsd-update has the ability to roll back the last set of changes with the following command:

# freebsd-update rollback

Once complete, the system should be restarted if the kernel or any kernel modules were modified. This will allow FreeBSD to load the new binaries into memory.

Manage FreeBSD Ports

The FreeBSD Ports and Packages Collection offers a simple way for users and administrators to install applications. There are currently 22776 ports available.

To fetch the FreeBSD Ports tree for the first time, as root:

# portsnap fetch extract

Install portmaster to manage your ports without external databases or languages:

# cd /usr/ports/ports-mgmt/portmaster

# make install clean

To list all outdated and installed packages from the FreeBSD Ports tree:

# pkg_version -l '>'

(Packages that appear on the left of the > sign are outdated, and may be updated from the sources provided online.)

/usr/ports/UPDATING describes various issues and additional steps users may encounter and need to perform when updating a port, including such things as file format changes, changes in locations of configuration files, or other such incompatibilities with previous versions.

# less /usr/ports/UPDATING

Then, to upgrade all packages/ports:

# portmaster -Da

To update your packages in the future:

# portsnap fetch update

# pkg_version -l '>'

# less /usr/ports/UPDATING

# portmaster -Da

portmaster can also remove stale distfiles with the --clean-distfiles option. To clear old distfiles for all ports and automatically confirm their deletion, use the -t and -y flags respectively, i.e.,:

# portmaster -t -y --clean-distfiles

I perform the following set of commands when a significant error gets introduced into the ports tree:

# portmaster -dys --clean-distfiles

# portmaster -vy --check-depends

Also, if I need to rebuild a specific port and all of its dependencies, I use:

# portmaster -fR www/firefox

GnuTLS for WeeChat

WeeChat supports encrypted IRC connections using GnuTLS. For FreeBSD’s port of WeeChat, as root:

# cd /usr/ports/irc/weechat

# make

[select GnuTLS]

# make install

In WeeChat:

/set weechat.network.gnutls_ca_file "/usr/local/share/certs/ca-root-nss.crt"

/set irc.server.freenode.addresses "chat.freenode.net/7000"

/set irc.server.freenode.ssl on

/set irc.server.freenode.ssl_dhkey_size 1024

/connect freenode

NB: WeeChat’s support for GnuTLS is rather flaky, with numerous bug reports recently surfacing on the net (one such example). WeeChat’s FAQ suggests disabling verification of secure connections with:

/set irc.server.freenode.ssl_verify off

CA Certificates in FreeBSD

From CAcert Wiki - Inclusion Status:

The old ca-roots port (which included the CAcert certificate) was removed with the comment “Not supported by FreeBSD Security Officer anymore”. The current certificate package (ca_root_nss) is a copy of the Mozilla certificate package and FreeBSD is therefore dependent on Mozilla inclusion.

Hence: # pkg_add -rv ca_root_nss

Clean FreeBSD Ports Directories

After building and installing software from the ports collection, you should always remember to clean up the temporary work directories. You can sweep the whole ports tree with the following command:

# portsclean -C

The portsclean utility is part of the portupgrade suite.

Alternatively, here’s a shell script:

1
2
3
4
5
6
7
8
9
10
11
12
#!/bin/sh
#
# Search for ports that contain a "work" subdirectory,
# then go into that port directory and perform a
# make clean
for i in `find /usr/ports -name work -type d`
do
cd `echo "$i" | sed 's//[^/]*$///'`
make clean
done