Did the recent pbi rebuild build right?

Cino

Its late so I dont have full details but I did a full firmware update today and noticed 2 of my main packages dont work correctly. Snort and Squid. I've seen these kind of errors before and if i remember correctly, certain options weren't compiled into the binaries.

snort:

barnyard2[17606]: FATAL ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, or Windows), then check for alternate builds that contains the necessary 'mysql' support. If this build of snort was compiled by you, then re-run the the ./configure script using the '--with-mysql' switch. For non-standard installations of a database, the '--with-mysql=DIR' syntax may need to be used to specify the base directory of the DB install. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation.

Dec 19 22:54:32 	snort[17544]: FATAL ERROR: Failed to load /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so: Shared object "libmysqlclient.so.18" not found, required by "libsf_ftptelnet_preproc.so"
Dec 19 22:54:32 	snort[17544]: FATAL ERROR: Failed to load /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so: Shared object "libmysqlclient.so.18" not found, required by "libsf_ftptelnet_preproc.so"
Dec 19 22:54:32 	snort[17544]: Loading dynamic preprocessor library /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so...
Dec 19 22:54:32 	snort[17544]: Loading dynamic preprocessor library /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so...

squid:

hp: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was '2012/12/19 22:58:48| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/19 22:58:48| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/19 22:58:48| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/12/19 22:58:48| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/19 22:58:48| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/19 22:58:48| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' squid: ERROR: No running copy'

jimp

The snort error is probably from the rebuild.

No idea about squid. Unless I somehow missed an option, but squid didn't require any changes like that though, snort did. (If you're using squid3, it did bump up to a higher version, so it's possible that's due to a change in squid.)

jimp

Snort has been rebuild and uploaded again, looks like it should have the correct options on it this time.

Cino

thanks Jim, Snort is working again!

For squid.. i'll have to do some more testing but sslcrtd, delay_pool isn't compiled into the options i think

php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '6', the output was '2012/12/20 09:04:33| cache_cf.cc(381) parseOneConfigFile: squid.conf:17 unrecognized: 'sslcrtd_children' 2012/12/20 09:04:33| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/20 09:04:33| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/20 09:04:33| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/12/20 09:04:33| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/20 09:04:33| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/20 09:04:33| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/12/20 09:04:33| cache_cf.cc(381) parseOneConfigFile: squid.conf:73 unrecognized: 'delay_pools' 2012/12/20 09:04:33| cache_cf.cc(381) parseOneConfigFile: squid.

jimp

I rebuild and uploaded squid 2.7.x a few minutes ago. Squid3 is rebuilding now.

Cino

thanks again… I'll try it out in a couple of hours

jimp

new squid3 is up now.

Cino

@jimp:

new squid3 is up now.

we are almost there! dns_v4_first isn't complied. Since its hardcoded in squid.inc and it add an option in squid.conf,.. Its going to be needed….

add option --enable-internal-dns

Dec 20 10:26:36 	php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was '2012/12/20 10:26:36| cache_cf.cc(381) parseOneConfigFile: squid.conf:6 unrecognized: 'dns_v4_first''

and thanks again!!

jimp

The squid build options include WITH_SQUID_DNS_HELPER, which in the squid31 Makefile, does this:

.if defined(WITH_SQUID_DNS_HELPER)
CONFIGURE_ARGS+=        --disable-internal-dns
libexec+=       dnsserver
.endif

I can change that to WITHOUT_SQUID_DNS_HELPER I suppose, but I'm not sure if that will have the intended effect. I don't use squid3 or keep an eye on its development so I'm not sure how good of an idea that is.

jimp

Looks like squid 2.x uses the WITHOUT_ version of that setting. Not sure why squid3 uses WITH_

jimp

Looks like marcelloc did that in commit ba47052140bc2e2430ffb2731f70f008baece090 so you'd have to ping him to find out why.

Cino

There were a couple of reasons but HTTPS was the main reason. http://forum.pfsense.org/index.php/topic,50472.45.html http://forum.pfsense.org/index.php/topic,48347.135.html

compiled options:
http://forum.pfsense.org/index.php/topic,48347.msg288239.html#msg288239

I'll ping marcelloc

marcelloc

@Cino:

I'll ping marcelloc

I'm really busy these days but I'll take a look on it.

jimp

the fix on the repo end of things (just change WITH to WITHOUT) is easy, I just don't know if that will have a negative impact on other features that squid3 needs.

marcelloc

I've disabled  the SQUID_DNS_HELPER to compile dns_v4_first option

jimp

ok the builders are in the middle of a full run right now but once that finishes I'll do a manual build for squid3 to pick up the change.

marcelloc

ok, thanks jimp :)

Cino

Thanks everyone

jimp

FYI there should be a new squid3 pbi build up, I ran it last night.

Cino

thanks jim,  –enable-internal-dns wasn't built in this run, its currently has --disable-internal-dns.