From owner-freebsd-stable@FreeBSD.ORG Sun Mar 25 15:03:42 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6DED41065670 for ; Sun, 25 Mar 2012 15:03:42 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta14.westchester.pa.mail.comcast.net (qmta14.westchester.pa.mail.comcast.net [76.96.59.212]) by mx1.freebsd.org (Postfix) with ESMTP id 181EC8FC25 for ; Sun, 25 Mar 2012 15:03:41 +0000 (UTC) Received: from omta22.westchester.pa.mail.comcast.net ([76.96.62.73]) by qmta14.westchester.pa.mail.comcast.net with comcast id ppv91i0051ap0As5Er3cQR; Sun, 25 Mar 2012 15:03:36 +0000 Received: from koitsu.dyndns.org ([67.180.84.87]) by omta22.westchester.pa.mail.comcast.net with comcast id pr3b1i00M1t3BNj3ir3bEX; Sun, 25 Mar 2012 15:03:36 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id CA328102C1E; Sun, 25 Mar 2012 08:03:33 -0700 (PDT) Date: Sun, 25 Mar 2012 08:03:33 -0700 From: Jeremy Chadwick To: Alexander Leidinger Message-ID: <20120325150333.GA55108@icarus.home.lan> References: <20120323110847.GA12111@icarus.home.lan> <20120324173230.000045f9@unknown> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120324173230.000045f9@unknown> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-stable@freebsd.org Subject: Re: Debugging periodic scripts X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Mar 2012 15:03:42 -0000 On Sat, Mar 24, 2012 at 05:32:30PM +0100, Alexander Leidinger wrote: > On Fri, 23 Mar 2012 04:08:47 -0700 Jeremy Chadwick > wrote: > > > Editing /etc/periodic/security/510.ipfdenied's hashbang line to use -x > > doesn't change the behaviour either (maybe stderr gets sent to > > /dev/null?), whether I run it by hand as a script or via "periodic > > security". > > Use "set -x" instead of modifying the first line (I assume the script > is already started with the correct shell, so the first line is > ignored). I would also add "env" before and after the sourcing of the > periodic.conf to see what is defined or not. I hadn't considered that -- thanks for the tip Alexander. After briefly checking both systems, it appears that Matthew was correct. (I had no idea he sent a follow-up reply until maybe half an hour ago; I never received a copy of his mail. Not sure if I was CC'd or not; please do keep me CC'd as I'm not subscribed to the lists) The problem script is indeed /etc/periodic/security/610.ipf6denied, which is why I was getting no where poking at 510.ipfdenied. The reason only 2 of our systems have this problem is that these 2 systems were rebuilt (bare-bones OS install) fairly recently (02/16 and 03/03 followed by a world rebuild on 03/09). I can tell this from simply doing ls -l /etc/periodic/security. All our systems have the following (and always have): src.conf: WITHOUT_INET6=true WITHOUT_IPFILTER=true make.conf: WITHOUT_IPV6=true NO_INET6=yes The reason the problem doesn't affect the other machines is that they never had a copy of 610.ipf6denied ever installed -- the base installation was from a much older FreeBSD memstick image (either 8.2-STABLE or 8.1, I forget). That explains where the file came from on the newer 2 systems, but doesn't explain why mergemaster or make delete-old isn't nuking the periodic script. So I began to dig into that: Based on what I can see, the crux of the problem is that src/tools/build/mk/OptionalObsoleteFiles.inc is lacking two OLD_FILES lines under the ".if ${MK_IPFILTER} == no" clause: OLD_FILES+=etc/periodic/security/510.ipfdenied OLD_FILES+=etc/periodic/security/610.ipf6denied Based on what I see in that file (ex. the MK_ZFS==no bits), that looks to be the correct solution. Shall I file a PR for this or is there already one? :-) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB |