Panther Upgrade (I)
I upgraded my iBook to Panther this weekend. Once I’ve figured out all the pitfalls, I’ll try upgrading Golem.
I could regale you with tales of Exposé or FastUserSwitching (despite the fact that the wimpy video card on my iBook doesn’t support the cool QuartzExtreme graphics, I have to say the implementation is very nice). Or I could go on about the cool new features of Mail.app or …
But you could read about that kind of stuff countless other places on the web. No, you want to know about how I really spent the weekend. You want to hear the geeky stuff.
Tcsh and Terminal
The first thing I discovered after the upgrade was that my carefully-crafted tcsh
settings had been disabled.
This was a simple fix: reinstate that /etc/csh.cshrc
, /etc/csh.login
and /etc/csh.logout
source, respectively, /usr/share/tcsh/examples/rc
, /usr/share/tcsh/examples/login
and /usr/share/tcsh/examples/logout
which provide a nice set of defaults and which, in turn, source my personal setting in ~/Library/init/tcsh/
.
Now, the remaining annoyance is that the output of programs like less
and vi
no longer get recorded to the scrollback buffer of Terminal.app. They occupy precisely the current window. When you exit the program, the window is redrawn, wiping out the content you were viewing/editing. I know this is someone’s idea of how such things are supposed to operate, but I find it massively inconvenient. I want the old behaviour back.
Update (11/3/2003): That one was easy:
defaults write com.apple.Terminal TermCapString nsterm-c
Update (11/6/2003): See also this MacOSXHints article.
Perl
Panther comes with a multi-threaded, dynamically-linked (and prebound1) build of Perl 5.8.1RC3. I’d just gone through the trouble of installing a statically-linked Perl 5.8.1 (11/14/2003: upgraded to 5.8.2) in /usr/local/
and was chagrined to find that all the modules I’d painstakingly installed were not compatible with Apple’s Perl and would have to be rebuilt. Worse, there’s apparently some trouble between DBD::mysql
and Apple’s Perl.
To heck with that! I’m running a more recent version of Perl and everything already works.
# rm /usr/bin/perl # ln -s /usr/local/bin/perl /usr/bin/perl
Sendmail and NETINFO
Yes, I know Panther has replaced Sendmail with Postfix. And, yes, I know that Wietse Venema is God. But I’ve invested a lot of time configuring anti-spam measures2 for Sendmail, setting up SMTP-AUTH, etc. I’m loath to throw that work away too lightly. So I decided to reinstall sendmail.
(Note: I’m no longer running a mail server on my iBook. This was just for practice for when I upgrade Golem.)
The first stumbling block is that the NETINFO header files (/usr/include/netinfo/*.h
) are absent from 10.3. Fortunately, the libraries are still there, so it was simply a matter of copying this directory from 10.2.8.
The next problem was more subtle. Apple has updated the resolver libraries in Panther to BIND 9. Very cool, but various bits of sendmail failed to compile until I made the following patch to sendmail/sendmail.h
--- sendmail/sendmail.h.orig Sun Nov 2 15:50:10 2003 +++ sendmail/sendmail.h Sun Nov 2 15:51:45 2003 @@ -71,7 +71,9 @@ # include <syslog.h> #endif /* LOG */ - +# ifdef DARWIN +# include <arpa/nameser_compat.h> +# endif /* DARWIN */ # if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25 # include <sys/socket.h>
and added
APPENDDEF(`confLIBS', `-lresolv.9')
to my site.config.m4
file.
Update (11/14/2003): The above patch is unnecessary if you add
APPENDDEF(`confENVDEF', `-DBIND_8_COMPAT')
to your site.config.m4
file, as described in the comment below.
Oh yeah, and don’t forget to save a copy of your /System/Library/StartupItems/Sendmail
directory. Installing Panther will wipe it out and replace it with the corresponding Postfix
directory. You’ll need to restore the former and disable the latter if you want to launch Sendmail instead of Postfix at startup.
Xinetd
- Good:
- With Panther, Apple has shifted over entirely from
inetd
toxinetd
. - Bad:
- The installation overwrites your
/etc/xinetd.d/
, so that everything you had previously set up is broken. Remember to back up that directory.
SSH
Speaking ofxinetd
, for reason only known to a few select Apple engineers, rather than starting sshd
at boot time (using a startup item /System/Library/StartupItems/SSH
), in Panther, sshd
is launched from xinetd
. This is terribly inefficient, and strongly recommended-against. So I placed a startup item in /Library/StartupItems/
and nuked /etc/xinetd.d/ssh
.
Log Rotation (added 11/4/2003)
MacOSX has a set of housekeeping scripts, /etc/daily
, /etc/weekly
and /etc/monthly
, which are run as cron jobs at the … ahem! … appropriate intervals. Among the useful tasks that they perform is log rotation. After rotating the log files, they SIGHUP the syslog daemon
if [ -f /var/run/syslog.pid ]; then kill -HUP $(cat /var/run/syslog.pid | head -1); fi
to get it to log to the new file(s).
You’re not supposed to monkey with these scripts. Instead, Apple provides /etc/daily.local
, /etc/weekly.local
and /etc/monthly.local
in which you can add your own housekeeping tasks. At the end of Apple scripts they run the corresponding *.local
script.
And therein lies a small problem: if you want to do any additional log rotation in, say, your weekly.local
script, it won’t work unless you either
- SIGHUP the daemon a second time in your script.
- Reorder Apple’s script so that the above line occurs after the bit where it runs the
weekly.local
script.
That’s an old “bug” which is still present in Panther. The new thing they’ve done is add some code to do log rotation of the web server logs in /etc/weekly
. Unfortunately, they seem to have really spooged the job. Rotating web server logs is not a trivial operation. The real solution is to use piped logs with a dedicated log rotation program like cronolog. My best advice is to comment-out the broken Apple-supplied log rotation code, download and install cronolog, and switch the logging directives in httpd.conf from something like
ErrorLog "/private/var/log/httpd/error_log" CustomLog "/private/var/log/httpd/access_log" common
to
ErrorLog "|/usr/local/sbin/cronolog --hardlink=/private/var/log/httpd/error_log /private/var/log/httpd/%Y/%m/error_log" CustomLog "|/usr/local/sbin/cronolog --hardlink=/private/var/log/httpd/access_log /private/var/log/httpd/%Y/%m/access_log" common
which, in this case, rotates the logs monthly, storing each month’s log a directory of the form /var/log/httpd/2003/11/
, with the current month’s logs hard-linked to the corresponding file in /var/log/httpd/
.
Certificates
Finally, I needed to reinstall my Site Certificate in the System Keychain, so that Kung-Log would work again over an SSL connection and I could blog about all this.
1 When MacOSX first came out, the biggest complaint was the slow application launch times. When a dynamically-linked application launches, the dynamic linker needs to resolve the undefined symbols in the application by mapping them to symbols in the System’s shared libraries and Frameworks. Apple responded to this complaint by allowing dynamically-linked applications to be prebound, avoiding this time-consuming step. Dynamically-linked, but prebound, applications launch as fast as statically-linked ones, but without the bloat of including all that extra library code in the application itself. Prebinding has no effect on the speed of running applications, but does speed up the launch time by 10-30%.
2 One of many things I don’t know how to do in Postfix: some dnsbl’s have multiple possible return codes — say
- 127.0.0.2
- for a single-stage open mail relay
- 127.0.0.3
- for a multi-stage relay
- 127.0.0.4
- for a dialup IP address
and so on. How do I accept mail for some return codes, reject mail for others, and assign a distinct error message to each return code?
Re: Panther Upgrade (I)
No need to hack the sendmail include files.
In your
devtools/Site/site.config.m4
file, add the following:That’s it as far as resolving goes.
Also, take out
'--traditional-cpp'
fromconfCC
and gcc will play nice.I took out the old NetInfo support, so my
confMAPDEF
line is shorter.