## November 3, 2003

I upgraded my iBook to Panther this weekend. Once I’ve figured out all the pitfalls, I’ll try upgrading Golem.

I could regale you with tales of Exposé or FastUserSwitching (despite the fact that the wimpy video card on my iBook doesn’t support the cool QuartzExtreme graphics, I have to say the implementation is very nice). Or I could go on about the cool new features of Mail.app or …

But you could read about that kind of stuff countless other places on the web. No, you want to know about how I really spent the weekend. You want to hear the geeky stuff.

#### Tcsh and Terminal

The first thing I discovered after the upgrade was that my carefully-crafted tcsh settings had been disabled.

This was a simple fix: reinstate that /etc/csh.cshrc, /etc/csh.login and  /etc/csh.logout source, respectively, /usr/share/tcsh/examples/rc, /usr/share/tcsh/examples/login and /usr/share/tcsh/examples/logout which provide a nice set of defaults and which, in turn, source my personal setting in ~/Library/init/tcsh/.

Now, the remaining annoyance is that the output of programs like less and vi no longer get recorded to the scrollback buffer of Terminal.app. They occupy precisely the current window. When you exit the program, the window is redrawn, wiping out the content you were viewing/editing. I know this is someone’s idea of how such things are supposed to operate, but I find it massively inconvenient. I want the old behaviour back.

Update (11/3/2003): That one was easy:

defaults write com.apple.Terminal TermCapString nsterm-c

#### Perl

Panther comes with a multi-threaded, dynamically-linked (and prebound1) build of Perl 5.8.1RC3. I’d just gone through the trouble of installing a statically-linked Perl 5.8.1 (11/14/2003: upgraded to 5.8.2) in /usr/local/ and was chagrined to find that all the modules I’d painstakingly installed were not compatible with Apple’s Perl and would have to be rebuilt. Worse, there’s apparently some trouble between DBD::mysql and Apple’s Perl.

# rm /usr/bin/perl
# ln -s /usr/local/bin/perl /usr/bin/perl

#### Sendmail and NETINFO

Yes, I know Panther has replaced Sendmail with Postfix. And, yes, I know that Wietse Venema is God. But I’ve invested a lot of time configuring anti-spam measures2 for Sendmail, setting up SMTP-AUTH, etc. I’m loath to throw that work away too lightly. So I decided to reinstall sendmail.

(Note: I’m no longer running a mail server on my iBook. This was just for practice for when I upgrade Golem.)

The first stumbling block is that the NETINFO header files (/usr/include/netinfo/*.h) are absent from 10.3. Fortunately, the libraries are still there, so it was simply a matter of copying this directory from 10.2.8.

The next problem was more subtle. Apple has updated the resolver libraries in Panther to BIND 9. Very cool, but various bits of sendmail failed to compile until I made the following patch to sendmail/sendmail.h

--- sendmail/sendmail.h.orig    Sun Nov  2 15:50:10 2003
+++ sendmail/sendmail.h Sun Nov  2 15:51:45 2003
@@ -71,7 +71,9 @@
# include <syslog.h>
#endif /* LOG */

-
+# ifdef DARWIN
+# include <arpa/nameser_compat.h>
+# endif /* DARWIN */

# if NETINET || NETINET6 || NETUNIX || NETISO || NETNS || NETX25
#  include <sys/socket.h>

APPENDDEF(confLIBS', -lresolv.9')

to my site.config.m4 file.

Update (11/14/2003): The above patch is unnecessary if you add

APPENDDEF(confENVDEF', -DBIND_8_COMPAT')

to your site.config.m4 file, as described in the comment below.

Oh yeah, and don’t forget to save a copy of your /System/Library/StartupItems/Sendmail directory. Installing Panther will wipe it out and replace it with the corresponding Postfix directory. You’ll need to restore the former and disable the latter if you want to launch Sendmail instead of Postfix at startup.

#### Xinetd

Good:
With Panther, Apple has shifted over entirely from inetd to xinetd.
The installation overwrites your /etc/xinetd.d/, so that everything you had previously set up is broken. Remember to back up that directory.

#### SSH

Speaking of xinetd, for reason only known to a few select Apple engineers, rather than starting sshd at boot time (using a startup item /System/Library/StartupItems/SSH), in Panther, sshd is launched from xinetd. This is terribly inefficient, and strongly recommended-against. So I placed a startup item in /Library/StartupItems/ and nuked /etc/xinetd.d/ssh .

MacOSX has a set of housekeeping scripts, /etc/daily, /etc/weekly and /etc/monthly, which are run as cron jobs at the … ahem! … appropriate intervals. Among the useful tasks that they perform is log rotation. After rotating the log files, they SIGHUP the syslog daemon

if [ -f /var/run/syslog.pid ]; then kill -HUP \$(cat /var/run/syslog.pid | head -1); fi

to get it to log to the new file(s).

You’re not supposed to monkey with these scripts. Instead, Apple provides /etc/daily.local, /etc/weekly.local and /etc/monthly.local in which you can add your own housekeeping tasks. At the end of Apple scripts they run the corresponding *.local script.

And therein lies a small problem: if you want to do any additional log rotation in, say, your weekly.local script, it won’t work unless you either

1. SIGHUP the daemon a second time in your script.
2. Reorder Apple’s script so that the above line occurs after the bit where it runs the weekly.local script.

That’s an old “bug” which is still present in Panther. The new thing they’ve done is add some code to do log rotation of the web server logs in /etc/weekly. Unfortunately, they seem to have really spooged the job. Rotating web server logs is not a trivial operation. The real solution is to use piped logs with a dedicated log rotation program like cronolog. My best advice is to comment-out the broken Apple-supplied log rotation code, download and install cronolog, and switch the logging directives in httpd.conf from something like

ErrorLog "/private/var/log/httpd/error_log"
CustomLog "/private/var/log/httpd/access_log" common

to

ErrorLog "|/usr/local/sbin/cronolog --hardlink=/private/var/log/httpd/error_log /private/var/log/httpd/%Y/%m/error_log"
CustomLog "|/usr/local/sbin/cronolog --hardlink=/private/var/log/httpd/access_log /private/var/log/httpd/%Y/%m/access_log" common

which, in this case, rotates the logs monthly, storing each month’s log a directory of the form /var/log/httpd/2003/11/, with the current month’s logs hard-linked to the corresponding file in /var/log/httpd/.

#### Certificates

Finally, I needed to reinstall my Site Certificate in the System Keychain, so that Kung-Log would work again over an SSL connection and I could blog about all this.

1 When MacOSX first came out, the biggest complaint was the slow application launch times. When a dynamically-linked application launches, the dynamic linker needs to resolve the undefined symbols in the application by mapping them to symbols in the System’s shared libraries and Frameworks. Apple responded to this complaint by allowing dynamically-linked applications to be prebound, avoiding this time-consuming step. Dynamically-linked, but prebound, applications launch as fast as statically-linked ones, but without the bloat of including all that extra library code in the application itself. Prebinding has no effect on the speed of running applications, but does speed up the launch time by 10-30%.

2 One of many things I don’t know how to do in Postfix: some dnsbl’s have multiple possible return codes — say

127.0.0.2
for a single-stage open mail relay
127.0.0.3
for a multi-stage relay
127.0.0.4

and so on. How do I accept mail for some return codes, reject mail for others, and assign a distinct error message to each return code?

Posted by distler at November 3, 2003 12:15 AM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/243

## 1 Comment & 1 Trackback

No need to hack the sendmail include files.

In your devtools/Site/site.config.m4 file, add the following:

APPENDDEF(confENVDEF', -DBIND_8_COMPAT')


That’s it as far as resolving goes.

Also, take out '--traditional-cpp' from confCC and gcc will play nice.

I took out the old NetInfo support, so my confMAPDEF line is shorter.

Posted by: Jubal Kessler on November 14, 2003 10:29 PM | Permalink | Reply to this