tens of thousands of dollars, so we won't discuss it in this book. Still, you might as well know that the capability exists.
/etc/mail/mailer.conf
You can choose from several mail−server programs when using FreeBSD, and the mailer.conf file allows you to control which mailer you will use on your system with a minimum of fuss.
Traditionally, the only mail server program available for any UNIX was sendmail(8). As such, a lot of add−on software expects to find /usr/sbin/sendmail, and expects it to behave in a certain manner. Since programs expected to find sendmail, when replacement mail−server programs were finally created, they generally accepted the same command−line options as the original sendmail, and even were installed as /usr/sbin/sendmail, so that these packages would continue to work.
The only problem with this sendmail compatibility is that an admin on an unfamiliar system has no idea what the /usr/sbin/sendmail program really is! If someone has installed a few different mail servers to experiment with, you'll have to resort to detective work and a bit of luck just to identify your so−called sendmail.
The /etc/mail/mailer.conf file does an end−run around all this mess by eliminating /usr/sbin/sendmail as a mail program. Instead, sendmail is just a little program that checks mailer.conf and redirects the request to the mail−sending program indicated.
Note As yet another piece of legacy fun from the early days of UNIX, sendmail behaved differently depending on which name it was called by. The most common variant names for sendmail are send−mail, mailq, and newaliases.
The mailer.conf file simply contains a list of program names, along with the path to the actual program to be called. For example, the Postfix mail server (described in Chapter 14) installs as /usr/local/sbin/sendmail. An appropriate mailer.conf entry looks like this.
...............................................................................................
sendmail |
/usr/local/sbin/sendmail |
send−mail |
/usr/local/sbin/sendmail |
mailq |
/usr/local/sbin/sendmail |
newaliases |
/usr/local/sbin/sendmail |
...............................................................................................
/etc/make.conf and /etc/defaults/make.conf
To make a program is to build it from source code into machine language, also known as compiling. (We'll discuss that in some detail in Chapter 10.) The make.conf files control how that building process works. Make.conf is one of the more complex and interesting BSD features; the /etc/make.conf file controls how software is built on the local system.
Like a few other FreeBSD configuration files, make.conf is actually two files: /etc/defaults/make.conf and /etc/make.conf. As with all other files in /etc/default, /etc/default/make.conf is not designed to be edited directly. Instead, entries in /etc/make.conf override entries in /etc/defaults/make.conf. This way, an upgrade can safely overwrite /etc/default/make.conf.
202
By default, everything in /etc/default/make.conf is commented out. To set something, copy the relevant line from the default make.conf to /etc/make.conf, and remove the pound sign (#) to uncomment it.
In many cases, the settings in /etc/defaults/make.conf are optimizations that are not set by default, for one reason or another. Some produce bad code in certain situations; others just slow down the build process. Some settings are optional or aren't supported by FreeBSD developers. (In general, the examples given are safe; when investigating options in /etc/defaults/make.conf, be sure to pay careful attention to any notes.)
Many of the options in /etc/defaults/make.conf should only be touched by people very familiar with the FreeBSD build process. Quite a few are generally safe for anyone to use, however, and we'll look at the major safe ones here.
Note While the samples that follow are taken directly from a FreeBSD 4−stable system, check /etc/defaults/make.conf for any change. This is not an area where you want surprises.
CPUTYPE=i686 By default, the compiler builds programs without optimizing for the CPU on the system, though optimizing for a particular CPU can dramatically improve performance. One good example of this is OpenSSL, which FreeBSD uses to handle cryptographic functions for SSH and its related programs.
FreeBSD recognizes the CPU types for the 32−bit X86 systems listed in Table 9−3.
Table 9−3: CPU types recognized in 32−bit X86 systems
CPU Type Description
k7 |
The AMD k7 processor |
k6−2 |
The AMD k6−2 processor |
k6 |
The original AMD k6 processor |
k5 |
The AMD k5 processor |
p3 |
The Pentium 3 |
p2 |
The Pentium 2 |
i686 |
Generic Intel Pentium 2 or better |
i586/mmx Original Pentium with MMX
i586 Original Pentium
i486 486−class CPU
i386 386−class CPU
CFLAGS= −0 −pipe This option specifies optimization settings for building nonkernel programs. The example shown in the defaults file is usable and is supported by the FreeBSD Project. Though people may recommend other settings or things to add to this setting, any options other than those shown in the example are not supported by the FreeBSD Project. If you're familiar with other free versions of UNIX, you might be familiar with some of these more obscure optimizations.
203
In general, FreeBSD code is expected to compile most correctly without any of these additional options, and all you can do by adding optimizations is impair your performance. If you have a problem with a program built with nonstandard flags, revert the flags to the standard form and rebuild the program.
COPTFLAGS= −0 −pipe The COPTFLAGS optimizations are used for building the kernel only. Again, settings other than the defaults presented can build a noworking kernel.
INSTALL=install −C By default, when FreeBSD installs a built program, it copies the new binary on top of the old one. The install −C option makes the installer compare the new program to the existing one, and if they're identical, the new binary is not installed. This can accelerate upgrades and save disk writes. Saving disk writes is not usually that much of an issue, but it's there if you want it.
System Upgrade make.conf Options
The following options might be useful when upgrading from source (explained in Chapter 6). If you're not using the component in question, setting the make options to not build those components will reduce the time you need to build the system. For example, you might choose not to build sendmail because your system doesn't need it.
These options are also useful if you've replaced part of the system. If you're running the latest version of named from the ports collection, for example, you might have replaced /usr/sbin/named with your customized version. You don't want an upgrade to clobber this, so you can tell the system not to build it.
Note When you set these options not to build part of the system, an upgrade will not fix security holes in the affected programs. This means that you will have older, insecure programs on your hard drive, and if you start them, you'll have system security holes. To disable building a program, it's best to dig through the system and remove the corresponding programs.
ENABLE_SUIDPERL=true Suidperl is a special version of Perl(1) that is not installed by default. Use this option if you need to install a setuid version of Perl during an upgrade from source.
PPP_NOSUID=true There's a long−standing consensus that setuid programs are bad, and should be eliminated. However, the ppp program used to connect to the Internet needs to be have the setuid ability to allow multiple users to use it. If only the root user will be dialing onto the Internet, PPP_NOSUID can be set to true.
NO_CVS=true CVS is the Concurrent Versions System used by advanced systems administrators. This option prevents a source upgrade from building or installing it.
NO_BIND=true BIND is the default DNS server (see Chapter 12). If you have a custom nameserver installed, set this option.
NO_FORTRAN=true The Fortran programming language is popular in the scientific community, not so popular in the network services community. Feel free to set this option unless you need Fortran support.
NO_LPR=true LPR is the printing system. If your computer doesn't use a printer, or if you have a custom printing program installed, you can set this option. LPR has had several security holes in the past, however, so be careful.
204
NO_MAILWRAPPER=true The mailwrapper is the mail server selection program that redirects sendmail calls to the appropriate program (see the chapter section "/etc/mail/mailer.conf"). If you're not running a mail server, or if you're using the FreeBSD defaults, you can set this option.
NO_MODULES=true This option prevents the automatic building of kernel modules with the kernel. Do not set this option unless you enjoy watching your system crash on boot, or know exactly what you're doing.
NO_OBJC=true This option prevents the inclusion of support for Objective C. If you and your users don't need Objective C, you can set this option. A (very) few ports will not work properly if you do this.
NO_OPENSSH=true If you have a custom SSH client/server installed, set this option. Otherwise, build OpenSSH.
NO_OPENSSL=true OpenSSL is the encryption package used by OpenSSH and other secure services. If you're not running any encrypted programs, you can set this option. However, it's highly recommended that you don't set this option, because it will prevent OpenSSH from building.
NO_SENDMAIL=true If you have a custom mail program, or if you don't run a mail server, you can set this option. In our example in Chapter 14, we will replace sendmail with postfix. If you set this option, however, you'll have an old and possibly insecure sendmail floating around your system. You're really better off building the whole system.
NO_SHAREDOCS=true FreeBSD includes documentation from the original BSD4.4 release under /usr/share/docs, as well as more recent papers describing new features. If you don't use the documentation on this system, you can save a few seconds of processor and disk time by setting this option.
NO_TCSH=true This option prevents /bin/csh and /bin/tcsh being built during binary upgrades. If you have csh scripts that might be confused by an upgrade, or if you don't use csh/tcsh at all, set this option. (Programming in csh is a bad idea, anyway.)
NOCRYPT=true In addition to the OpenSSL encryption code mentioned previously, FreeBSD includes code for encrypting passwords, hashing files, and so on. If you don't want to build any code for these things, set this option, though it's usually not a good idea unless you know exactly what you're doing and why.
NO_GAMES=true This option prevents the building of programs under /usr/games. They don't change often, so you can probably do without them.
NOINFO=true FreeBSD includes a variety of documents under /usr/share/info that don't change often. You can set this option to avoid processing these documents during an upgrade from source.
NOLIBC_R=true Setting this option prevents an upgrade from source from upgrading the re−entrant version of libc. If you don't know what this is, don't set this option!
NOPERL=true This option controls whether the Perl interpreter and related libraries are built. Setting this option can greatly accelerate the buildworld process, but it can also leave you with an obsolete version of Perl. After all, a FreeBSD upgrade might include a Perl upgrade some time! Some programs, such as adduser(8), are written in Perl, and those scripts might be changed to take advantage of an upgraded Perl. Not upgrading Perl might break these programs. If you're using Perl
205
scripts that are dependent upon features in a particular version of Perl, you can set this option.
NOPROFILE=true This option prevents the building of profiled libraries. Again, if you don't know what profiled libraries are, don't set this.
NOSECURE=true This option eliminates anything under the src/crypto directory being built, including Kerberos, OpenSSH, OpenSSL, and assorted other encryption stuff. Don't set this option if you're running a production Internet server.
NOSHARE=true This option prevents the building of anything under the src/share directory, including all the old papers, all the man pages, all the examples, and documentation in general. You can set this option if you don't care about documentation on this system.
NOUUCP=true UUCP is the UNIX−to−UNIX Copy Protocol, an old standard for transferring data between machines, used before TCP/IP came into widespread use. Part of UUCP is used to handle serial consoles (see Chapter 20).
MODULES_WITH_WORLD=true Whenever you build a kernel, you build the kernel modules by default. This option sets the system to only build the modules once, during upgrades instead of the kernel build. This can save a great deal of time if you experiment with a lot of different kernels between upgrades. It can also cause weird problems. Use with caution.
NOMANCOMPRESS=true The upgrade install process compresses man pages to save space. When you look at a man page, the system must first uncompress the page. If you have plenty of space, and want slightly faster man−page access, you can set this option to install man pages in uncompressed format.
COMPATxx=yes This option allows you to install system libraries for older versions of FreeBSD. Simply replace the xx in COMPATxx to indicate the proper library version (COMPAT1X, COMPAT20, COMPAT21, COMPAT22, COMPAT3X, or COMPAT4X). This is only necessary if you have a binary built for an older FreeBSD version, and you want to continue to use it on your newer system. You can specify multiple COMPATXX entries if desired.
Note The COMPATxx=yes option does not build the libraries from source; rather, uuencoded libraries are simply stored in the source tree. If you've upgraded from source with a compat library enabled once, you can safely remove it.
make.conf ports Options
The following options control the building process of add−on components. Some software will change its behavior drastically depending on these options. For example, certain pieces of add−on software are huge, and you might want to tell your system not to install them under any circumstances. Other times you will want to inform the system that a component is available.
NO_X=true One of the biggest ports in FreeBSD is the X Window System, and many other ports rely upon it. If you set this option to true, these ports will not attempt to build X as part of their dependencies. This means some ports cannot be built at all, but they're useless without X anyway.
Some parts of the base system (particularly doscmd) include hooks to the X Window System by default. If you do not have X on your system, and do not intend to have it, and do not want it installed as a dependency to any other program, set this option.
206