From owner-freebsd-small Sun Mar 10 18: 9:41 2002 Delivered-To: freebsd-small@freebsd.org Received: from mail.cruzio.com (dsl3-63-249-70-181.cruzio.com [63.249.70.181]) by hub.freebsd.org (Postfix) with ESMTP id 6AE6937B41B for ; Sun, 10 Mar 2002 18:09:35 -0800 (PST) Received: (from brucem@localhost) by mail.cruzio.com (8.11.3/8.11.3) id g2B3HaF01273 for freebsd-small@freebsd.org; Sun, 10 Mar 2002 19:17:36 -0800 (PST) (envelope-from brucem) Date: Sun, 10 Mar 2002 19:17:36 -0800 (PST) From: "Bruce R. Montague" Message-Id: <200203110317.g2B3HaF01273@mail.cruzio.com> To: freebsd-small@freebsd.org Subject: router config under 5.0-current Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG A quick build of the picobsd "router" config from a 5.0-current cvsuped as of this morning (10-march-2002): 1) File PICOBSD: PCI_QUIET needs to be deleted. 2) File PICOBSD: "device miibus" needs to be added (if the default drivers currently there are used). 3) File tinyware/sps.c references a ki_priority field that no longer exists in struct kinfo_proc in "user.h" (looks like it should display the "ki_pri" struct, a struct of 4 single-byte (that is, a ref to a "struct priority" field). I just changed it to display "priority.pri_level", dont know if this is right. 4) File PICOBSD: Had to increase the size of mfs (3000 worked). ============================== ERROR MSGS ---- PICOBSD-router: unknown option "PCI_QUIET" *** Error code 1 ---- ---- make -V CFILES -V SYSTEM_CFILES -V GEN_CFILES | xargs env MKDEP_CPP="cc -E" CC="cc" mkdep -a -f .newdep -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/dev -I/usr/src/sys/contrib/dev/acpica -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/../include -D_KERNEL -ffreestanding -include opt_global.h -fno-common -elf -mpreferred-stack-boundary=2 /usr/src/sys/dev/fxp/if_fxp.c:81: miibus_if.h: No such file or directory mkdep: compile failed *** Error code 1 ---- ---- /usr/src/release/picobsd/tinyware/sps/sps.c: In function `main': /usr/src/release/picobsd/tinyware/sps/sps.c:112: structure has no member named `ki_priority' *** Error code 1 ---- ============================== DIFFS (the following built, dont know if its really Right): router/PICOBSD ------ 6,7c6,7 < #PicoBSD 820 oinit 3072 32768 < options MD_ROOT_SIZE=820 # same as def_sz --- > #PicoBSD 3000 oinit 3072 32768 > options MD_ROOT_SIZE=3000 # same as def_sz 30d29 < options PCI_QUIET 53a53,54 > > device miibus --------- /usr/src/release/picobsd/tinyare/sps/sps.c ----- 112c112 < ki->ki_priority - 22, --- > ki->ki_pri.pri_level, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Mar 12 11: 9:41 2002 Delivered-To: freebsd-small@freebsd.org Received: from borg.inreach.com (mail.unlimited.net [209.142.2.67]) by hub.freebsd.org (Postfix) with ESMTP id 819CB37B419 for ; Tue, 12 Mar 2002 11:09:37 -0800 (PST) Received: from unlimited.net (209-142-4-28.stk.inreach.net [209.142.4.28]) by borg.inreach.com (Postfix) with ESMTP id 0A7131B6D7 for ; Tue, 12 Mar 2002 11:09:30 -0800 (PST) Message-ID: <3C8E53D6.AB965FAA@unlimited.net> Date: Tue, 12 Mar 2002 11:15:34 -0800 From: John Oram X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 Cc: freebsd-small@freebsd.org Subject: Article: VIA preps very small mobo = less than 7 inches square Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG VIA preps very small mobo By Drew Cullen Posted: 03/11/2002 at 09:03 EST VIA Technologies is expected to launch a very small format motherboard this month. Called the mini-ITX, the fully integrated mobo measures up at 170mm x170mm (yes, it's square - {6.69 inches} ), making 50 per cent smaller than the FlexATX form factor, VIA claims. The Mini-ITX is supplied with an 800MHz Eden x.86 C3 processor (in EBGA packaging), incorporating 128K L1 and 64K L2 cache; integrated AGP2 graphics 2X; PC100/133 SDRAM support etc. You can check out more spec here The board will retail for around $100, and gets its first mainstream outing at CeBIT this week. The Mini ITX is targeted at the embedded market - expect most units to disappear into printer routers and the like; but VIA is also reporting 'grassroots interest' in the product from home PC and commercial system builders. The Mini-ITX may be small, but it is not 40 per cent smaller than any other form factor around, as VIA believes. The Danish firm, maker of the M-Series PC, deploys a 157mm x146mm mobo. ® To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Mar 12 11:29:35 2002 Delivered-To: freebsd-small@freebsd.org Received: from garbo.lodgenet.com (garbo.lodgenet.com [204.124.122.252]) by hub.freebsd.org (Postfix) with ESMTP id 319A537B402 for ; Tue, 12 Mar 2002 11:29:31 -0800 (PST) Received: from hardy.lodgenet.com (hardy.lodgenet.com [10.0.104.235]) by garbo.lodgenet.com (8.11.4/8.11.4) with ESMTP id g2CJTSg01419; Tue, 12 Mar 2002 13:29:28 -0600 (CST) Received: from chaplin.lodgenet.com (not verified[10.0.104.215]) by hardy.lodgenet.com with MailMarshal (4,2,0,0) id ; Tue, 12 Mar 2002 13:23:32 -0600 Received: by chaplin.lodgenet.com with Internet Mail Service (5.5.2653.19) id ; Tue, 12 Mar 2002 13:25:36 -0600 Message-ID: <3EA88113DE92D211807300805FA7994209149BBC@chaplin.lodgenet.com> From: "McKenna, Lee" To: "'John Oram'" Cc: freebsd-small@freebsd.org Subject: RE: Article: VIA preps very small mobo = less than 7 inches squar e Date: Tue, 12 Mar 2002 13:25:35 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I've also found that the Shuttle SV24 barebones, which uses a Shuttle = FV-24 motherboard, is very close to being mini-ITX like the new Eden = reference design. Also, I believe the M-series they make reference to in this = news article is actually made in Tawain by Saintsong - under the name = Capuccino GX1...wickedly small albeit pricey. I have both of these units running FreeBSD 4.5 with X-Windows (no not picobsd, but I'm sure it would work). The FV24 has a damn Savage4 so = it requires the use of a binary linux version of XF86...ugh. --Lee > -----Original Message----- > From: John Oram [mailto:norami@unlimited.net] > Sent: Tuesday, March 12, 2002 1:16 PM > Cc: freebsd-small@FreeBSD.ORG > Subject: Article: VIA preps very small mobo =3D less than 7=20 > inches square >=20 >=20 > > VIA preps very small mobo > By Drew Cullen > Posted: 03/11/2002 at 09:03 EST >=20 > VIA Technologies is expected to launch a very small format = motherboard > this month. Called the mini-ITX, the fully integrated mobo measures = up > at 170mm x170mm (yes, it's square - {6.69 inches} ), making=20 > 50 per cent > smaller than the FlexATX form factor, VIA claims. >=20 > The Mini-ITX is supplied with an 800MHz Eden x.86 C3=20 > processor (in EBGA > packaging), incorporating 128K L1 and 64K L2 cache; integrated AGP2 > graphics 2X; PC100/133 SDRAM support etc. You can check out more spec > here > =20 >=20 > The board will retail for around $100, and gets its first mainstream > outing at CeBIT this week. >=20 > The Mini ITX is targeted at the embedded market - expect most units = to > disappear into printer routers and the like; but VIA is also = reporting > 'grassroots interest' in the product from home PC and=20 > commercial system > builders.=20 >=20 > The Mini-ITX may be small, but it is not 40 per cent smaller than any > other form factor around, as VIA believes. The Danish firm,=20 > maker of the > M-Series PC, deploys a 157mm x146mm mobo. =AE >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-small" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Mar 12 13:12:38 2002 Delivered-To: freebsd-small@freebsd.org Received: from mail.cruzio.com (dsl3-63-249-66-210.cruzio.com [63.249.66.210]) by hub.freebsd.org (Postfix) with ESMTP id 6E0E437B42C for ; Tue, 12 Mar 2002 13:12:08 -0800 (PST) Received: (from brucem@localhost) by mail.cruzio.com (8.11.3/8.11.3) id g2CMKFi00408 for freebsd-small@freebsd.org; Tue, 12 Mar 2002 14:20:15 -0800 (PST) (envelope-from brucem) Date: Tue, 12 Mar 2002 14:20:15 -0800 (PST) From: "Bruce R. Montague" Message-Id: <200203122220.g2CMKFi00408@mail.cruzio.com> To: freebsd-small@freebsd.org Subject: Saintsong Cappuccino, GX1, pricobsd Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG re: > actually made in Tawain by Saintsong - under the name Capuccino > GX1...wickedly small albeit pricey. > I have both of these units running FreeBSD 4.5 with X-Windows (no not > picobsd, but I'm sure it would work). I have run both FreeBSD 4.5 (w/X) and picobsd on the Capuccino. Used as a vanilla "unexpandable miniserver" for NFS/DHCP/X it seems fine (havent really abused it), and it looks pretty too... except for all the connectors and cables... biggest complaint about it seems to be the RealTek nic chip... - bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Mar 12 14:33:41 2002 Delivered-To: freebsd-small@freebsd.org Received: from aurora.regenstrief.org (aurora.regenstrief.org [134.68.31.122]) by hub.freebsd.org (Postfix) with ESMTP id AB25F37B428; Tue, 12 Mar 2002 14:33:21 -0800 (PST) Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38]) by aurora.regenstrief.org (8.11.6/8.9.3) with ESMTP id g2CMWv068917; Tue, 12 Mar 2002 17:32:57 -0500 (EST) (envelope-from gunther@aurora.regenstrief.org) Message-ID: <3C8E822E.7070509@aurora.regenstrief.org> Date: Tue, 12 Mar 2002 17:33:18 -0500 From: Gunther Schadow Organization: Regenstrief Institute for Health Care User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@freebsd.org, PicoBSD List Subject: Smartcard device support? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'm wondering if it isn't time to roll out smart card use a bit more aggressively. The question is: are any smart card devices useable with FreeBSD? Let's say for enabling IPsec associations with racoon (X509 cert on smartcard instead of a file on disk.) Only if smartcard is in the box will the IPsec connection work. Of course my constraint is cost of hardware. So is there any cheap stuff around? thanks for any hint, -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistant Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Mar 12 16: 9: 1 2002 Delivered-To: freebsd-small@freebsd.org Received: from hotmail.com (f69.law9.hotmail.com [64.4.9.69]) by hub.freebsd.org (Postfix) with ESMTP id 7081D37B400 for ; Tue, 12 Mar 2002 16:08:58 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 12 Mar 2002 16:08:58 -0800 Received: from 68.4.57.222 by lw9fd.law9.hotmail.msn.com with HTTP; Wed, 13 Mar 2002 00:08:58 GMT X-Originating-IP: [68.4.57.222] From: "Chuck T." To: freebsd-small@freebsd.org Subject: PPPoE support added to theWall Date: Tue, 12 Mar 2002 16:08:58 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 13 Mar 2002 00:08:58.0328 (UTC) FILETIME=[45971580:01C1CA23] Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG A new version of theWall for the PC is now available that provides support for the PPPoE protocol typically used by DSL providers. The compact flash version of theWall for the net4501 has also been updated to support PPPoE. theWall is a single floppy firewall and NAT box based on PicoBSD/FreeBSD 4.5 release. See http://thewall.sf.net for more details. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Mar 12 18:45:44 2002 Delivered-To: freebsd-small@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 588F537B404; Tue, 12 Mar 2002 18:45:38 -0800 (PST) Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id g2D2jbY28875; Tue, 12 Mar 2002 21:45:37 -0500 (EST) (envelope-from louie@whizzo.transsys.com) Message-Id: <200203130245.g2D2jbY28875@whizzo.transsys.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Gunther Schadow Cc: freebsd-security@FreeBSD.ORG, PicoBSD List X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: Smartcard device support? References: <3C8E822E.7070509@aurora.regenstrief.org> In-reply-to: Your message of "Tue, 12 Mar 2002 17:33:18 EST." <3C8E822E.7070509@aurora.regenstrief.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Mar 2002 21:45:37 -0500 Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Hi, > > I'm wondering if it isn't time to roll out smart card use a bit more > aggressively. The question is: are any smart card devices useable > with FreeBSD? Let's say for enabling IPsec associations with racoon > (X509 cert on smartcard instead of a file on disk.) Only if smartcard > is in the box will the IPsec connection work. Of course my constraint > is cost of hardware. So is there any cheap stuff around? You should take a look at the Dallas Semiconductor Java iButton, which is a small Java smartcard like device in a package about the size of a button-battery. There's also an inexpensive reader dongle you can attach to a serial port to talk with it. The Java iButton can do RSA public key processing; in fact, with a suitably written application (in Java, of course), you can have the device generate a public/private keypair, hand you back the public key, and never expose the private key inside the tamper resistant device. Very cool. See http://www.ibutton.com/ for information. See also /usr/ports/comms/mlan3 for some low-level code used to talk to these types of "one-wire" devices. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Wed Mar 13 1:45:43 2002 Delivered-To: freebsd-small@freebsd.org Received: from mail.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id 9F55637B41A for ; Wed, 13 Mar 2002 01:45:37 -0800 (PST) Received: (qmail 968 invoked by uid 1031); 13 Mar 2002 09:33:44 -0000 Date: Wed, 13 Mar 2002 09:33:43 +0000 From: Bruce M Simpson To: Gunther Schadow Cc: freebsd-security@freebsd.org, PicoBSD List Subject: Re: Smartcard device support? Message-ID: <20020313093343.U10322@spc.org> Mail-Followup-To: Bruce M Simpson , Gunther Schadow , freebsd-security@freebsd.org, PicoBSD List References: <3C8E822E.7070509@aurora.regenstrief.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C8E822E.7070509@aurora.regenstrief.org>; from gunther@aurora.regenstrief.org on Tue, Mar 12, 2002 at 05:33:18PM -0500 Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I looked at IBM's OpenCryptoki briefly, but it only supports Linux. Also, it seems that it requires a drop-in 'STDLL' to be written for each device. It might be possible to do something similar to SSH by hacking ssh-agent to be tied to a removable medium. BMS On Tue, Mar 12, 2002 at 05:33:18PM -0500, Gunther Schadow wrote: > Hi, > > I'm wondering if it isn't time to roll out smart card use a bit more > aggressively. The question is: are any smart card devices useable > with FreeBSD? Let's say for enabling IPsec associations with racoon > (X509 cert on smartcard instead of a file on disk.) Only if smartcard > is in the box will the IPsec connection work. Of course my constraint > is cost of hardware. So is there any cheap stuff around? > > thanks for any hint, > -Gunther To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Wed Mar 13 3:14:30 2002 Delivered-To: freebsd-small@freebsd.org Received: from webweaving.org (adsl-66-124-87-42.dsl.snfc21.pacbell.net [66.124.87.42]) by hub.freebsd.org (Postfix) with ESMTP id 7A00637B404; Wed, 13 Mar 2002 03:14:23 -0800 (PST) Received: from dirkx (helo=localhost) by webweaving.org with local-esmtp (Exim 3.14 #1) id 16l7MP-0007Mr-00; Wed, 13 Mar 2002 11:56:01 +0000 Date: Wed, 13 Mar 2002 11:56:01 +0000 (GMT) From: Dirk-Willem van Gulik X-Sender: dirkx@router.ispra.webweaving.org To: "Louis A. Mamakos" Cc: Gunther Schadow , freebsd-security@FreeBSD.ORG, PicoBSD List Subject: Re: Smartcard device support? In-Reply-To: <200203130245.g2D2jbY28875@whizzo.transsys.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 12 Mar 2002, Louis A. Mamakos wrote: > You should take a look at the Dallas Semiconductor Java iButton, > which is a small Java smartcard like device in a package about the > size of a button-battery. There's also an inexpensive reader > dongle you can attach to a serial port to talk with it. > > The Java iButton can do RSA public key processing; in fact, with > a suitably written application (in Java, of course), you can have > the device generate a public/private keypair, hand you back the > public key, and never expose the private key inside the tamper > resistant device. Very cool. And extremely easy to write/handle. I used it to do the above; have it signed by a CA - and then use the iButton to sign 5 day cert's which go down into a web server. They are not that fast though - i.e. do not expect those nice <1msec touch-and-go you see with the nedap devices. You have to conciously press them against the blue connector for a noticable period of time. I.e. there is a 'rest' moment. > See http://www.ibutton.com/ for information. See also > /usr/ports/comms/mlan3 for some low-level code used to talk > to these types of "one-wire" devices. I found them working just fine. However - the IDE requirers java comm support - which I could not get to work on FreeBSD (a year ago). So I had to do the initial part of the development on Sun Solaris box (PC is fine too). But once you are set up it is 100% java and platform agnostics; and especially if during development you allow the iButton to DHCP network itself in - using one of the adaptor cards and the java SIM - you can use (t)ftp to do all your develpment just fine from any unix. And may only need ot do something special when you are rolling out the ibottons on a PC. DW. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Thu Mar 14 8:18: 8 2002 Delivered-To: freebsd-small@freebsd.org Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by hub.freebsd.org (Postfix) with SMTP id 3E47637B400; Thu, 14 Mar 2002 08:18:05 -0800 (PST) Received: from no.name.available by vulcan.rsasecurity.com via smtpd (for hub.FreeBSD.org [216.136.204.18]) with SMTP; 14 Mar 2002 16:17:31 UT Received: from tuna.rsa.com (tuna.rsa.com [10.80.211.153]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id LAA08886; Thu, 14 Mar 2002 11:17:19 -0500 (EST) Received: from quattro.rsa.com (quattro.rsa.com [10.81.217.239]) by tuna.rsa.com (8.8.8+Sun/8.8.8) with ESMTP id IAA12510; Thu, 14 Mar 2002 08:22:26 -0800 (PST) Received: from rsasecurity.com (localhost.rsa.com [127.0.0.1]) by quattro.rsa.com (8.11.0/8.11.0) with ESMTP id g2EGH2J10681; Thu, 14 Mar 2002 08:17:02 -0800 (PST) (envelope-from davef@rsasecurity.com) Message-Id: <200203141617.g2EGH2J10681@quattro.rsa.com> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Gunther Schadow Cc: freebsd-security@FreeBSD.ORG, PicoBSD List Subject: Re: Smartcard device support? In-reply-to: Your message of "Tue, 12 Mar 2002 17:33:18 EST." <3C8E822E.7070509@aurora.regenstrief.org> From: David Finkelstein Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 14 Mar 2002 08:17:02 -0800 Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gunther Schadow wrote: >Hi, > >I'm wondering if it isn't time to roll out smart card use a bit more >aggressively. The question is: are any smart card devices useable >with FreeBSD? I believe nCipher has drivers for FreeBSD. --- David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Thu Mar 14 11:55:33 2002 Delivered-To: freebsd-small@freebsd.org Received: from mail.cruzio.com (dsl3-63-249-66-210.cruzio.com [63.249.66.210]) by hub.freebsd.org (Postfix) with ESMTP id 51E8D37B42C for ; Thu, 14 Mar 2002 11:55:04 -0800 (PST) Received: (from brucem@localhost) by mail.cruzio.com (8.11.3/8.11.3) id g2EL3JY00352 for freebsd-small@freebsd.org; Thu, 14 Mar 2002 13:03:19 -0800 (PST) (envelope-from brucem) Date: Thu, 14 Mar 2002 13:03:19 -0800 (PST) From: "Bruce R. Montague" Message-Id: <200203142103.g2EL3JY00352@mail.cruzio.com> To: freebsd-small@freebsd.org Subject: pico dial, isp, net configs under 5.0 Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This file contains what I did (with diffs) to make the current dial, isp, and net picobsd reference configurations build under 5.0-Current from 12-March-2002. I haven't yet tested the resulting kernels. ----------------------------------- Changes: =========== dial configuration - File PICOBSD needs "options PCI_QUIET" removed (no such option). With this fixed, dial builds OK but doesn't fit on a 1440 floppy (kernel.gz is 1493601). At "Capacity 89%" it's might not be worth trying to shrink the md. =========== isp configuration - File PICOBSD needs "options PCI_QUIET" removed. - File PICOBSD needs "options NFS" deleted and "options NFS_NOSERVER" deleted. Both these lines are replaced with "options NFSCLIENT", which I presume is the new thing to be done... - File PICOBSD needs "device miibus" added to support the nic drivers. - File PICOBSD needs "options PROCFS" removed. If this is not done, undefined "pfs_*" references to the "pseudo filesystem" (fs/pseudofs) exist. Should the pseudo filesystem be included instead? (PROCFS is commented out in the bridge config, also). - File crunch.conf needs the "srcdirs ...tinyware" line put before the "srcdirs ...usr.bin" so that pico-login is used in preference to usr.bin/login. If this is not done undefined reference to PAM routines result. Elabortation: File crunch.conf contains buildopts -DNOPAM -DRELEASE_CRUNCH -DNOSECURE -DNOCRYPT -DNONETGRAPH -DNOIPSEC The -DNOPAM is a control flag in the Makefile in /usr/src/release/picobsd/tinyware/login which contains: ---- .if !defined(NOPAM) CFLAGS+= -DUSE_PAM ---- However, the crunch is pulling in /usr/src/usr.bin/login/login.c instead of /usr/src/release/picobsd/tinyware/login/pico-login.c The crunch.conf line "srcdirs /usr/src/release/picobsd/tinyware" needs to go before "srcdirs /usr/src/usr.bin" =========== net configuration (fixes are almost same as isp fixes) - File PICOBSD needs "options PCI_QUIET" removed. - File PICOBSD needs "options NFS_NOSERVER" replaced with "options NFSCLIENT" (net did not have "options NFS" set). - File PICOBSD needs "device miibus" added to support the nic drivers. - File crunch.conf needs the "srcdirs ...tinyware" line put before the "srcdirs ...usr.bin" so that pico-login is used in preference to usr.bin/login. If this is not done undefined reference to PAM routines result. ----------------------------------- Sizes of uncompressed kernels (other than bridge conf) built as above are: -rwxr-xr-x 1 root wheel 3418596 Mar 14 12:03 ./build_dir-mrouter/kernel -rwxr-xr-x 1 root wheel 3691684 Mar 14 12:11 ./build_dir-mdial/kernel -rwxr-xr-x 1 root wheel 3971972 Mar 14 12:20 ./build_dir-misp/kernel -rwxr-xr-x 1 root wheel 3892004 Mar 14 12:44 ./build_dir-mnet/kernel ============================================ DIFFS: ================== dial =================== --- /usr/src/release/picobsd/dial/PICOBSD Thu Sep 20 04:30:32 2001 +++ PICOBSD Wed Mar 13 11:12:23 2002 @@ -22,7 +22,6 @@ options EXT2FS options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] #options DEVFS -options PCI_QUIET options NO_SWAPPING options COMPAT_OLDISA #Use ISA shims and glue for old drivers ================= isp ============== ------------------------------------- --- /usr/src/release/picobsd/isp/PICOBSD Thu Sep 20 04:30:35 2001 +++ PICOBSD Wed Mar 13 13:57:56 2002 @@ -18,19 +18,17 @@ options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking options FFS #Berkeley Fast Filesystem -options NFS #Network Filesystem -options NFS_NOSERVER #Network Filesystem +options NFSCLIENT #Network Filesystem #options BOOTP options MD_ROOT #MFS as root options MSDOSFS #MSDOS Filesystem options CD9660 #ISO 9660 Filesystem -options PROCFS #Process filesystem +#options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT #options DEVFS -options PCI_QUIET # Support for bridging and bandwidth limiting options DUMMYNET options HZ=1000 @@ -85,6 +83,7 @@ # # The following Ethernet NICs are all PCI devices. # +device miibus device de device fxp ------------------------------------- --- /usr/src/release/picobsd/isp/crunch.conf Fri Jun 1 05:06:04 2001 +++ crunch.conf Thu Mar 14 10:57:16 2002 @@ -8,6 +8,8 @@ buildopts -DNOPAM -DRELEASE_CRUNCH -DNOSECURE -DNOCRYPT -DNONETGRAPH -DNOIPSEC # other sources +# sources for ns & vm +srcdirs /usr/src/release/picobsd/tinyware srcdirs /usr/src/bin srcdirs /usr/src/sbin/i386 srcdirs /usr/src/sbin @@ -15,8 +17,6 @@ srcdirs /usr/src/gnu/usr.bin srcdirs /usr/src/usr.sbin srcdirs /usr/src/libexec -# sources for ns & vm -srcdirs /usr/src/release/picobsd/tinyware progs sh test echo hostname ln login getty progs inetd telnetd stty w msg kget natd reboot =================== net ====================== ---------------------------------------- --- /usr/src/release/picobsd/net/PICOBSD Thu Sep 20 04:30:36 2001 +++ PICOBSD Wed Mar 13 11:52:39 2002 @@ -18,7 +18,7 @@ options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking options FFS #Berkeley Fast Filesystem -options NFS_NOSERVER #Network Filesystem +options NFSCLIENT #Network Filesystem options MD_ROOT #MFS as root options MSDOSFS #MSDOS Filesystem options CD9660 #ISO 9660 Filesystem @@ -26,7 +26,6 @@ options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT -options PCI_QUIET options COMPAT_OLDISA #Use ISA shims and glue for old drivers #options DEVFS # Support for bridging and bandwidth limiting @@ -65,6 +64,7 @@ # # The following Ethernet NICs are all PCI devices. # +device miibus device de device fxp ------------------------------------- --- /usr/src/release/picobsd/net/crunch.conf Fri Jun 1 05:06:05 2001 +++ crunch.conf Thu Mar 14 12:35:34 2002 @@ -7,6 +7,8 @@ # Default build options. buildopts -DNOPAM -DRELEASE_CRUNCH -DNOSECURE -DNOCRYPT -DNONETGRAPH -DNOIPSEC +# sources for ns & vm +srcdirs /usr/src/release/picobsd/tinyware # other sources srcdirs /usr/src/bin srcdirs /usr/src/sbin/i386 @@ -15,8 +17,6 @@ srcdirs /usr/src/gnu/usr.bin srcdirs /usr/src/usr.sbin srcdirs /usr/src/libexec -# sources for ns & vm -srcdirs /usr/src/release/picobsd/tinyware progs sh test echo hostname ln login getty stty progs inetd telnetd w msg kget reboot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message