Tag Archives: FreeBSD

Scripting bsdinstall in FreeBSD 9.0 for custom installation CD

Posted on by
Reply

Starting with FreeBSD 9.0, the default installer for FreeBSD has changed from sysinstall to bsdinstall. While there has been mixed reactions from old time users, the process of creating a custom install CD for FreeBSD has become a lot easier (although longer). bsdinstall uses a set of shell scripts which can be modified as per requirements.

First step is to install a fresh 9.0 RELEASE, and select the src to be installed along with the base system. Once the system with source is installed (by default /usr/src) execute the following commands

# cd /usr/src
# make buildworld buildkernel

Installation scripts are located at /usr/src/usr.sbin/bsdinstall/scripts/ . First file to run is ‘auto’, which then calls other files. Almost all of them are shell scripts. Remember, you do not need to repeat ‘make buildworld buildkernel’ if you are just making changes to the install script file.

# cd /usr/src/release
# make release

Once the release has been built we now copy the iso / usb image / ftp files to the desired directory

# make install DESTDIR=/usr/freebsd-snapshot clean

This creates the iso file, memory stick image and ftp folder for ftp install. In case you are wondering how to use the memory stick image, see this blog post:
http://koitsu.wordpress.com/2009/11/03/writing-freebsd-memstick-img-to-a-usb-drive-in-windows/

Cheers
Amitabh

Port conflict between p5-Mail-SPF-Query and p5-Mail-SPF while installing Maia port in FreeBSD

Posted on by
Reply

If you are trying to install Maia or any other port which depends upon p5-Mail-SPF-Query, and your server already has p5-Mail-SPF installed, you will not be allowed to do so as both install files at the same location. You would be receiving errors like:

usr/ports/mail/p5-Mail-SPF-Query

===>  p5-Mail-SPF-Query-1.999.1 conflicts with installed package(s):
      p5-Mail-SPF-2.007

According to this post at FreeBSD forums, p5-Mail-SPF should be preferred. An easy way to do is to edit the Makefile of the port (in my case it’s Maia) to replace the dependency line. Edit /usr/ports/security/maia/Makefile (replace path based on your port) in your favorite editor and search for

.if defined(WITH_SPFQUERY)
RUN_DEPENDS+=   ${SITE_PERL}/Mail/SPF/Query.pm:${PORTSDIR}/mail/p5-Mail-SPF-Query
.endif

and replace it with

.if defined(WITH_SPFQUERY)
RUN_DEPENDS+=   ${SITE_PERL}/Mail/SPF/Query.pm:${PORTSDIR}/mail/p5-Mail-SPF
.endif

That should be it unless you have some other conflicts in your package.

Amitabh Kant

Enable SSL with Apache in FreeBSD

Posted on by
Reply

Generate a server key. This would remain same for all domains/ips on this server

# openssl genrsa -des3 -out server.key 1024

Now make sure it does not ask for any password while loading the certificate

# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key

Now create a certificate signing request (CSR) for your domain. Once you execute the command listed below, you will be asked few questions. The most important is “Common Name”, which should be the fully qualified domain name that requires SSL cert

# openssl req -new -key server.key -out domain_name.csr

Once you have the CSR, there are two ways you can get the certificate: (a) generate the certificate yourself, but you and more importantly your users will get a warning every time they access the domain/web page or (b) use the CSR to submit this request to one the browser recognized SSL cert providers. They generally charge for such services. To complete the process here, we would generate the certificate ourselves.

# openssl x509 -req -days 365 -in /root/domain_name.csr -signkey /root/server.key -out /root/domain_name.crt

Now, we need to move the certificate file and the server key from where Apache can read it. make sure you set the correct permissions on both the files

# mkdir /usr/local/etc/apache22/ssl
# chmod 0700 /usr/local/etc/apache22/ssl

# cp ~/server.key /usr/local/etc/apache22/ssl/
# cp ~/domain_name.crt /usr/local/etc/apache22/ssl/
# chmod 0400 /usr/local/etc/apache22/ssl/server.key
# chmod 0400 /usr/local/etc/apache22/ssl/domain_name.crt

If you are running with virtual hosts enabled, make sure the domain entry in the virtual host section is ip based.

<VirtualHost xxx.xxx.xxx.xxx:80>
ServerAdmin webmaster@domain_name.com
DocumentRoot /usr/local/www/apache22/data/domain_name.com/htdocs
ServerName domain_name.com
ErrorLog /usr/local/www/apache22/data/domain_name.com/logs/error_log
CustomLog /usr/local/www/apache22/data/domain_name.com/logs/access_log common
</VirtualHost>

The SSL section will require a the path to the certificate and server key.

<VirtualHost xxx.xxx.xxx.xxx:443>
ServerName domain_name.com
ServerAdmin webmaster@domain_name.com
DocumentRoot /usr/local/www/apache22/data/domain_name.com/htdocs
SSLEngine on
SSLCertificateFile /usr/local/etc/apache22/ssl/domain_name.crt
SSLCertificateKeyFile /usr/local/etc/apache22/ssl/server.key
</VirtualHost>

For FreeBSD, default Apache virtual host file is located at /usr/local/etc/apache22/extra/http-vhosts.conf and SSL configuration file is located at /usr/local/etc/apache22/extra/httpd-ssl.conf. You need to enable both of them in your main httpd.conf file (/usr/local/etc/apache22/httpd.conf).

Also make sure that accf_data_load=”YES” is present in your /boot/loader.conf, otherwise you will receive a warning every time your start Apache.

This guide has been written for FreeBSD 8.0 and Apache 2.2.14 . For other distributions and versions, the file location might have to be adjusted to make it work.