Did the recent pbi rebuild build right?
-
Its late so I dont have full details but I did a full firmware update today and noticed 2 of my main packages dont work correctly. Snort and Squid. I've seen these kind of errors before and if i remember correctly, certain options weren't compiled into the binaries.
snort:
barnyard2[17606]: FATAL ERROR: If this build of snort was obtained as a binary distribution (e.g., rpm, or Windows), then check for alternate builds that contains the necessary 'mysql' support. If this build of snort was compiled by you, then re-run the the ./configure script using the '--with-mysql' switch. For non-standard installations of a database, the '--with-mysql=DIR' syntax may need to be used to specify the base directory of the DB install. See the database documentation for cursory details (doc/README.database). and the URL to the most recent database plugin documentation. Dec 19 22:54:32 snort[17544]: FATAL ERROR: Failed to load /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so: Shared object "libmysqlclient.so.18" not found, required by "libsf_ftptelnet_preproc.so" Dec 19 22:54:32 snort[17544]: FATAL ERROR: Failed to load /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so: Shared object "libmysqlclient.so.18" not found, required by "libsf_ftptelnet_preproc.so" Dec 19 22:54:32 snort[17544]: Loading dynamic preprocessor library /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so... Dec 19 22:54:32 snort[17544]: Loading dynamic preprocessor library /usr/local/etc/snort/snort_60770_em3/dynamicpreprocessor/libsf_ftptelnet_preproc.so...
squid:
hp: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was '2012/12/19 22:58:48| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/19 22:58:48| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/19 22:58:48| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/12/19 22:58:48| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/19 22:58:48| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/19 22:58:48| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' squid: ERROR: No running copy'
-
The snort error is probably from the rebuild.
No idea about squid. Unless I somehow missed an option, but squid didn't require any changes like that though, snort did. (If you're using squid3, it did bump up to a higher version, so it's possible that's due to a change in squid.)
-
Snort has been rebuild and uploaded again, looks like it should have the correct options on it this time.
-
thanks Jim, Snort is working again!
For squid.. i'll have to do some more testing but sslcrtd, delay_pool isn't compiled into the options i think
php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '6', the output was '2012/12/20 09:04:33| cache_cf.cc(381) parseOneConfigFile: squid.conf:17 unrecognized: 'sslcrtd_children' 2012/12/20 09:04:33| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/20 09:04:33| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/20 09:04:33| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/12/20 09:04:33| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1' 2012/12/20 09:04:33| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2012/12/20 09:04:33| WARNING: You should probably remove '127.0.0.1' from the ACL named 'ext_manager' 2012/12/20 09:04:33| cache_cf.cc(381) parseOneConfigFile: squid.conf:73 unrecognized: 'delay_pools' 2012/12/20 09:04:33| cache_cf.cc(381) parseOneConfigFile: squid.
-
I rebuild and uploaded squid 2.7.x a few minutes ago. Squid3 is rebuilding now.
-
thanks again… I'll try it out in a couple of hours
-
new squid3 is up now.
-
new squid3 is up now.
we are almost there! dns_v4_first isn't complied. Since its hardcoded in squid.inc and it add an option in squid.conf,.. Its going to be needed….
add option --enable-internal-dns
Dec 20 10:26:36 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was '2012/12/20 10:26:36| cache_cf.cc(381) parseOneConfigFile: squid.conf:6 unrecognized: 'dns_v4_first''
and thanks again!!
-
The squid build options include WITH_SQUID_DNS_HELPER, which in the squid31 Makefile, does this:
.if defined(WITH_SQUID_DNS_HELPER) CONFIGURE_ARGS+= --disable-internal-dns libexec+= dnsserver .endif
I can change that to WITHOUT_SQUID_DNS_HELPER I suppose, but I'm not sure if that will have the intended effect. I don't use squid3 or keep an eye on its development so I'm not sure how good of an idea that is.
-
Looks like squid 2.x uses the WITHOUT_ version of that setting. Not sure why squid3 uses WITH_
-
Looks like marcelloc did that in commit ba47052140bc2e2430ffb2731f70f008baece090 so you'd have to ping him to find out why.
-
There were a couple of reasons but HTTPS was the main reason. http://forum.pfsense.org/index.php/topic,50472.45.html http://forum.pfsense.org/index.php/topic,48347.135.html
compiled options:
http://forum.pfsense.org/index.php/topic,48347.msg288239.html#msg288239I'll ping marcelloc
-
-
the fix on the repo end of things (just change WITH to WITHOUT) is easy, I just don't know if that will have a negative impact on other features that squid3 needs.
-
I've disabled the SQUID_DNS_HELPER to compile dns_v4_first option
-
ok the builders are in the middle of a full run right now but once that finishes I'll do a manual build for squid3 to pick up the change.
-
ok, thanks jimp :)
-
Thanks everyone
-
FYI there should be a new squid3 pbi build up, I ran it last night.
-
thanks jim, –enable-internal-dns wasn't built in this run, its currently has --disable-internal-dns.