Page MenuHomeFreeBSD
Files F85464185

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
This document is not UTF8. It was detected as ISO-8859-1 (Latin 1) and converted to UTF8 for display.
diff --git a/zh_TW.Big5/Makefile b/zh_TW.Big5/Makefile
index 2de6016f91..f4db552dd0 100644
--- a/zh_TW.Big5/Makefile
+++ b/zh_TW.Big5/Makefile
@@ -1,8 +1,9 @@
# $FreeBSD$
-SUBDIR = books
+#SUBDIR = articles
+SUBDIR += books
COMPAT_SYMLINK = zh
DOC_PREFIX = ${.CURDIR}/..
.include "${DOC_PREFIX}/share/mk/doc.project.mk"
diff --git a/zh_TW.Big5/books/Makefile b/zh_TW.Big5/books/Makefile
index 2b396a470c..3372fee4b3 100644
--- a/zh_TW.Big5/books/Makefile
+++ b/zh_TW.Big5/books/Makefile
@@ -1,8 +1,11 @@
# $FreeBSD$
SUBDIR = faq
+#SUBDIR+= handbook
+#SUBDIR+= porters-handbook
+SUBDIR+= zh-tut
ROOT_SYMLINKS = faq
DOC_PREFIX?= ${.CURDIR}/../..
.include "${DOC_PREFIX}/share/mk/doc.project.mk"
diff --git a/zh_TW.Big5/books/faq/book.sgml b/zh_TW.Big5/books/faq/book.sgml
index 336cfb965c..06dfa40db3 100644
--- a/zh_TW.Big5/books/faq/book.sgml
+++ b/zh_TW.Big5/books/faq/book.sgml
@@ -1,11334 +1,11285 @@
<!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
%man;
<!ENTITY % freebsd PUBLIC "-//FreeBSD//ENTITIES DocBook Miscellaneous FreeBSD Entities//EN">
%freebsd;
<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN">
%authors;
<!ENTITY % teams PUBLIC "-//FreeBSD//ENTITIES DocBook Team Entities//EN">
%teams;
<!ENTITY % bookinfo PUBLIC "-//FreeBSD//ENTITIES DocBook BookInfo Entities//EN">
%bookinfo;
<!ENTITY % mailing-lists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN">
%mailing-lists;
<!ENTITY % books.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Books Entity Set//EN">
%books.ent;
<!ENTITY bibliography SYSTEM "../../../share/sgml/bibliography.sgml">
]>
<book>
<bookinfo>
<title>FreeBSD 4.X¡A5.X ¤Î 6.X ±`¨£°Ýµª¶°</title>
<corpauthor>FreeBSD ¤å¥ó­pµe</corpauthor>
<pubdate>$FreeBSD$</pubdate>
<copyright>
<year>1995</year>
<year>1996</year>
<year>1997</year>
<year>1998</year>
<year>1999</year>
<year>2000</year>
<year>2001</year>
<year>2002</year>
<year>2003</year>
<year>2004</year>
<year>2005</year>
<holder>FreeBSD ¤å¥ó­pµe</holder>
</copyright>
&bookinfo.legalnotice;
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.3com;
&tm-attrib.adobe;
&tm-attrib.creative;
&tm-attrib.cvsup;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.iomega;
&tm-attrib.linux;
&tm-attrib.microsoft;
&tm-attrib.mips;
&tm-attrib.netscape;
&tm-attrib.opengroup;
&tm-attrib.oracle;
&tm-attrib.sgi;
&tm-attrib.sparc;
&tm-attrib.sun;
&tm-attrib.usrobotics;
&tm-attrib.xfree86;
&tm-attrib.general;
</legalnotice>
<abstract>
<para>³o¥÷¤å¥ó¬O FreeBSD 4.X¡A5.X ¤Î 6.X ªº±`¨£°Ýµª¶°¡C
- °£«D¦³¯S§O¥[µù¡A§_«h³o¨Ç¶µ¥Ø¥Ø³£¾A¥Î©ó FreeBSD 4.0 ¤Î¥H«áªºª©¥»¡C
+ °£«D¦³¯S§O¥[µù¡A§_«h³o¨Ç¶µ¥Ø³£¾A¥Î©ó FreeBSD 4.0 ¤Î¥H«áªºª©¥»¡C
(¦pªG±ø¥Ø¤º®e¤¤¦³ &lt;XXX&gt; «h¬O©|¥¼§¹¦¨¤¤Ä¶ªº³¡¥÷¡C) ¦pªG±z¹ï¨ó§U¥»­pµe
- ªº¶i¦æ¦³¿³½ìªº¸Ü¡A½Ð±H¤@«Ê¹q¤l¶l¥ó¨ìFreeBSD ¤å¥ó­pµeªº mailing list
- &a.doc;¡C±z¥i¥H±q <ulink URL="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/faq/index.html">
- FreeBSD World Wide Web</ulink> ®³¨ì³o¥÷¤å¥óªº³Ì·sª©¥»¡C
+ ªº¶i¦æ¦³¿³½ìªº¸Ü¡A½Ð±H e-mail ¨ì
+ &a.doc;¡C¦¹¥~¡AÀH®É¥i±q <ulink URL="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/faq/index.html">
+ FreeBSD ºô¯¸</ulink> ®³¨ì³o¥÷¤å¥óªº³Ì·sª©¥»¡C
¤]¥i¥H§Q¥Î HTTP ¨Ó¤U¸ü¤@¥÷Ãe¤jªº <ulink URL="book.html">HTML</ulink>
¤å¥ó¡A©Î¬O¸g¥Ñ <ulink URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">
- FreeBSD FTP ¯¸</ulink> ¤U¸ü¯Â¤å¦r¡Apostscript¡A©Î PDF ª©¥»ªºÀɮסC
+ FreeBSD FTP ¯¸</ulink> ¤U¸ü¯Â¤å¦r¡B&postscript;¡B©Î PDF ª©¥»ªºÀɮסC
±z¤]¥i¥H¦b³o¸Ì¨Ï¥Î
<ulink URL="&url.base;/search/search.html">·j´M¸ê®Æ</ulink>
ªº¥\¯à¡C</para>
</abstract>
</bookinfo>
<chapter id="introduction">
<chapterinfo>
<author>
<firstname>Ying-Chieh</firstname>
<surname>Liao</surname>
<affiliation>
<address><email>ijliao@FreeBSD.org</email></address>
</affiliation>
</author>
</chapterinfo>
<title>«e¨¥</title>
<para>Åwªï¨Ï¥Î FreeBSD 4.X-6.X FAQ!</para>
<para>¸ò¨ä¥L Usenet ¤Wªº FAQ ¤@¼Ë¡A³o¥÷¤å¥ó²[»\¤F¦³Ãö FreeBSD ³o®M§@·~
¨t²Î³Ì±`³Q°Ý¨ìªº°ÝÃD (·íµM¥]¬A¤F¦^µª¡I)¡CÁöµM»¡§Ú­Ì¥»¨Óªº¥Øªº¬O¬°¤F
´î¤Öºô¸ôÀW¼eªº®ö¶O¥H¤ÎÁקK¦P¼Ëªº°ÝÃD¤@¦A¥X²{¡A¦ý¨Æ¹ê¤W FAQ ¤w¸g³Qµø
¬°¬O¤@ºØ­È±o¾\Ūªº¤å¥ó¸ê·½¡C</para>
<para>§Ú­Ì¤w¸g¾¨¥i¯à¦a¨Ï³o¥÷ FAQ §óÂ×´I¤F¡C¦pªG±z¹ï¦p¦ó¨Ï¨ä§ó¶i¨B¦³¥ô
¦ó«Øij¡A½ÐÀH®É±H¹q¤l¶l¥óµ¹ &a.doc;¡C</para>
<qandaset>
<qandaentry>
<question id="what-is-FreeBSD">
<para>¤°»ò¬O FreeBSD¡H</para>
</question>
<answer>
<para>²³æ¦a¨Ó»¡¡AFreeBSD ¬O¤@®M¥i¥H¦b Alpha/AXP, AMD64 ¤Î
&intel; EM64T, &i386; IA-64, PC-98, &ultrasparc; ¤W°õ¦æªº
UN*X-like §@·~¨t²Î¡A¥¦¬O®Ú¾Ú U.C. Berkeley ©Ò¶}µo¥X¨Óªº
<quote>4.4BSD-Lite</quote>¡A¨Ã¥[¤W¤F³\¦h <quote>4.4BSD-Lite2</quote>
ªº¼W±j¥\¯à¡C¥¦¦P®É¤]¶¡±µ¨Ï¥Î¤F U.C. Berkeley ©Ò¶}µo¥X¨Ó¨Ã¥Ñ
William Jolitz ²¾´Ó¨ì i386 ªº <quote>Net/2</quote>¡A¤]´N¬O
<quote>386BSD</quote>¡A¤£¹L²{¦b 386BSD ªºµ{¦¡½X¥u³Ñ¤U·¥¤Ö¼ÆÁÙ¯d
¦s¦b FreeBSD ¤¤¡C±z¥i¥H¦b
<ulink URL="&url.base;/index.html">FreeBSD ­º­¶</ulink>§ä¨ì¦³Ãö
¤°»ò¬O FreeBSD ¥H¤Î¥¦¥i¥HÀ°±z°µ¨Ç¤°»òªº¬ÛÃö¸ê°T¡C</para>
- <para>FreeBSD ¤w³Q¼sªx¦a³Q¥@¬É¦U¦aªº¤½¥q¦æ¸¹¡AISP¡A¬ã¨s¤H­û¡A¹q¸£
- ±M®a¡A¾Ç¥Í¡A¥H¤Î®a®x¥Î¤á©Ò¨Ï¥Î¡A¥Î¦b¤u§@¡A±Ð¨|¡A¥H¤Î®T¼Ö¤W¡C</para>
+ <para>FreeBSD ¤w³Q¼sªx¦a³Q¥@¬É¦U¦aªº¤½¥q¦æ¸¹¡BISP¡B¬ã¨s¤H­û¡B¹q¸£
+ ±M®a¡B¾Ç¥Í¡A¥H¤Î®a®x¥Î¤á©Ò¨Ï¥Î¡A¥Î¦b¤u§@¡B±Ð¨|¥H¤Î®T¼Ö¤W¡C</para>
<para>¦pªG·Q¬ÝÃö©ó FreeBSD §ó²`¤Jªº¸ê®Æ¡A½Ð¬Ý
<ulink URL="&url.books.handbook;/index.html">FreeBSD ¨Ï¥Î¤â¥U</ulink>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="FreeBSD-goals">
<para>µo®i FreeBSD ªº¥Øªº¬O¤°»ò¡H</para>
</question>
<answer>
<para>FreeBSD ­pµeªº¥Øªº¬O´£¨Ñ¥i¥H¥ô·N¨Ï¥Î¥B¨S¦³­­¨îªº³nÅé¡C§Ú­Ì¦b
µ{¦¡½X (¥H¤Î­p±Þ¥»¨­) ¤W¥I¥X¤F¤j¶q¤ß¦å¡A·íµM¤£·|¤¶·N¨ÓÂIª÷¿ú¤Wªº
¦^õX¡A¤£¹L§Ú­Ìµ´¹ï¤£·|¦p¦¹°í«ù¡C§Ú­Ì¬Û«H§Ú­Ì­º­nªº
<quote>¥ô°È</quote> ´N¬O´£¨Ñµ{¦¡½Xµ¹¨C¤@­Ó¨Ï¥ÎªÌ¡A¤£ºÞ¥L­Ì¥´ºâ¥Î
¨Ó·F¹À¡F³o»ò¤@¨Ó¡A³o¨Çµ{¦¡½X¤~¯à³Q¥Î¦b³Ì¦h¦a¤è¡A¤]¤~¯àµo´§¥¦­Ì³Ì
¤jªº§Q¯q¡C§Ú­Ì¬Û«H³o´N¬O¦Û¥Ñ³nÅé³Ì°ò¥»ªº¥Ø¼Ð¤§¤@¡A¦Ó¥B§Ú­Ì·|ºÉ¥þ
¤O¥h¤ä«ù¥¦¡C</para>
<para>¦b§Ú­Ì source tree ¤¤¦³³¡¥÷ªºµ{¦¡½X¬O±Ä¥Î©Ò¿×ªº<ulink
url="http://www.FreeBSD.org/copyright/COPYING">GPL</ulink>©Î¬O
<ulink url="http://www.FreeBSD.org/copyright/COPYING.LIB">LGPL
</ulink>ª©Åv«Å§i¡AÁöµM³o¨Çª©Åv«Å§i¬O¥Î¨Ó«O»Ù¦Ó«D­­¨î¨Ï¥ÎªÌªºÅv
§Q¡A²¦³º¬O¤£¨º»ò¦Û¥Ñ¤F¨Ç¡C¥Ñ©ó³o¨Ç GPL ªº³nÅé¦b°Ó·~¨Ï¥Î¤W·|¤Þ°_
«D±`½ÆÂøªºª©Åv°ÝÃD¡A¦]¦¹¥u­n¦³¾÷·|¡A§Ú­Ì·|ºÉ¶q¥H±Ä¥Î¤ñ¸ûÃPªº
<ulink url="http://www.FreeBSD.org/copyright/freebsd-license.html">
FreeBSD ª©Åv</ulink>ªº³nÅé¨Ó¨ú¥N³o¨Ç GPL ª©Åv«Å§iªº³nÅé¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bsd-license-restrictions">
<para>FreeBSD ª©Åv¦³¥ô¦ó­­¨î¶Ü¡H</para>
</question>
<answer>
<para>¦³ªº¡C¦ý¬O³o¨Ã¤£¬O­­¨î§A«ç»ò¥h¨Ï¥Î³o¨Çµ{¦¡½X¡A¦Ó¬O§A«ç»ò¬Ý«Ý
FreeBSD ³o­Ó­pµe¡C¦pªG§A¦³ª©ÅvµJ¼{¯gªº¸Ü¡A½Ð¾\Ū<ulink
url="http://www.FreeBSD.org/copyright/freebsd-license.html">
ª©Åv¥»¤å</ulink>¡C²³æ¦a¨Ó»¡¡A³o¥÷ª©Åvªº­«ÂI¥i¥H±ø¦C¦p¤U¡C</para>
<itemizedlist>
<listitem>
<para>½Ð¤Å«ÅºÙ¬O±z¼g¤F³o­Óµ{¦¡¡C</para>
</listitem>
<listitem>
<para>¦pªG¥¦¥X°ÝÃD¤F¡A¤£­n±±§i§Ú­Ì¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="replace-current-OS">
<para>FreeBSD ¥i¥H¨ú¥N§Ú²{¦b¦b¥Îªº§@·~¨t²Î¶Ü¡H</para>
</question>
<answer>
<para>¹ï¤j³¡¥÷ªº¤H¨Ó»¡¬O³o¼Ë¨S¿ù¡A¦ý¨Æ¹ê¤W³o°ÝÃD¨Ã¨S¦³³o»ò¦n¦^
榭C</para>
<para>¤j³¡¥÷ªº¤H¨Ã¤£¬O¯u¥¿¦b¨Ï¥Î¤@­Ó§@·~¨t²Î¡C¥L­Ì¨Ï¥Îªº¬OÀ³¥Îµ{¦¡
¡F¦Ó¨º¨ÇÀ³¥Îµ{¦¡¤~¬O¯u¥¿¥Î¨ì§@·~¨t²ÎªºªF¦è¡CFreeBSD ¬O³]­p¥Î¨Ó´£
¨Ñ¤@­Ó±j¶´¥B¥\¯à§¹¾ãªº§@·~Àô¹Òµ¹À³¥Îµ{¦¡¨Ó°õ¦æ¡C¥¦¤ä´©¤F¦hºØÂsÄý
¾¹¡A¿ì¤½«Ç®M¥ó³nÅé¡A¹q¤l¶l¥ó¾\Ū³nÅé¡Aø¹Ïµ{¦¡¡Aµ{¦¡³]­pÀô¹Ò¡Aºô
¸ô¦øªA¾¹³nÅé¡A¥H¤Î´X¥G©Ò¦³§A·Q­nªºªF¦è¡C¤j³¡¥÷ªºµ{¦¡³£¥i¥H¾a<ulink
url="http://www.freebsd.org/ports/">Ports Collection</ulink>¨ÓºÞ
²z¡C</para>
<para>¦ý¬O¦pªG§A·Q­n¨Ï¥ÎªºÀ³¥Îµ{¦¡¥u¯à¦b¬Y­Ó¯S©wªº§@·~¨t²Î¤W­±°õ¦æ
ªº¸Ü¡A§A´N¤£¯à»´©ö¦a§â¥¦´«±¼¡A©ÎªÌ«ü±æ¦b FreeBSD ¤W¦³«Ü¬Û¦üªºÀ³¥Î
µ{¦¡¤~¦³¾÷·|¡C¦pªG§A·Q­nªº¬O¤@­Ó±j°·ªº¿ì¤½«Ç©Î¬Oºô¸ô¦øªA¾¹¡A©Î¬O
¤@³¡Ã­©wªº¤u§@¯¸¡A©Î¬O·Q¦b¤£³Q¤¤Â_ªºÀô¹Ò¤U¤u§@ªº¸Ü¡AFreeBSD µLºÃ
¬O±zªº³Ì¨Î¿ï¾Ü¡C¥@¬É¦U¦a¦³«Ü¦h¨Ï¥ÎªÌ¡A¥]¬Aªì¾Ç©Î¸ê²`ªº &unix; ºÞ²z
¤H­û³£¿ï¥Î FreeBSD ·í¥L­Ì°ß¤@ªº®à¤W§@·~¨t²Î¡C</para>
<para>¦pªG§A¬O±q¨ä¥Lªº &unix; Àô¹ÒÂà´«¨ì FreeBSD ªº¸Ü¡A°ò¥»¤W¬O¤j¦P¤p
²§ªº¡C¦ý¬O¦pªG§A¤§«e¥Îªº¬O¹Ï§Î¬É­±ªº§@·~¨t²Î¡A¨Ò¦p»¡¬O &windows; ©Î¬O
¤ñ¸û¥j¦Ñªº &macos; ªº¸Ü¡A¥i¯à´N­n¦hªá¤@ÂI®É¶¡¨Ó¾Ç²ß«ç»ò¥Î &unix; ªº
¤èªk¨Ó°µ¨Æ¡C§A¥i¥H±q³o¥÷ FAQ ©M <ulink
url="&url.books.handbook;/index.html">FreeBSD ¨Ï¥Î¤â¥U</ulink> ¨Ó¤Jªù¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="why-called-FreeBSD">
<para>¬°¤°»ò­n¥s°µ FreeBSD¡H</para>
</question>
<answer>
<itemizedlist>
<listitem>
<para>±z¥i¥H§K¶O¨Ï¥Î¥¦¡A§Y¨Ï¬O¥Î©ó°Ó·~¥Î³~¡C</para>
</listitem>
<listitem>
<para>¾ã­Ó FreeBSD §@·~¨t²Î§¹¾ãªº­ì©lµ{¦¡³£¥i¥H§K¶O¨ú±o¡A¦Ó¥B¤£
ºÞ¬O¦b¨Ï¥Î¡A´²§G©Î¬O¾ã¦X¶i¨ä¥Lµ{¦¡µ¥¦U¤è­±¤]¥u¨ü¨ì³Ì¤pªº­­
¨î (¤£½×¬O§_¥Î©ó°Ó·~¥Î³~)¡C</para>
</listitem>
<listitem>
<para>¥ô¦ó¤H³£¥i¥H¦Û¥Ñ¦a§â¥L¹ï¨t²Îªº§ï¨}©Î¿ù»~­×¥¿ªºµ{¦¡½X¥[¤J
source tree ¤§¤¤ (·íµM­n²Å¦X´X­Ó¥ý¨M±ø¥ó)¡C</para>
</listitem>
</itemizedlist>
<para>¯S§O­È±oª`·Nªº¬O³o¸Ìªº <quote>free</quote> ¥X²{¤F¨â¦¸¡A¦Ó¥B¥¦­Ì
ªº·N«ä¬O¤£¤@¼Ëªº¡G¤@ºØ¥Nªí <quote>§K¶O</quote>¡A¥t¤@ºØ¥Nªí
<quote>¦Û¥Ñ</quote>¡C±z¥i¥H®³ FreeBSD ¥h°µ¥ô¦ó±z·Q­n°µªº¨Æ¡A°£¤F¤@¨Ç
<emphasis>¨Ò¥~</emphasis>¡A¨Ò¦p±z«ÅºÙ FreeBSD ¬O±z¼gªº¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="differences-to-other-bsds">
<para>FreeBSD ¤Î NetBSD, OpenBSD ¥H¤Î¨ä¥L
open source BSD §@·~¨t²Î¤§¶¡¦³¦ó¤£¦P¤§³B©O¡H</para>
</question>
<answer>
<para>James Howard ¦b <ulink url="http://www.daemonnews.org/">DaemonNews</ulink>
¤W¼g¤F <ulink url="http://ezine.daemonnews.org/200104/bsd_family.html">
The BSD Family Tree</ulink> ªº¤å¥ó¡A¸Ì­±»¡©ú¤F³o¨Ç¾ú¥v²W·½¤Î³o¨Ç *BSD
®a±Ú­pµe¤§¶¡ªº®t²§¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="latest-version">
<para>³Ì·sª©ªº FreeBSD ¬O¨º¤@ª©¡H</para>
</question>
<!--
This answer is a hack to deal with the fact that for now there are
multiple "latest" versions of FreeBSD.
³o­Ó¦³ÂIÃø¥H¦^µª¡A¨Æ¹ê¤W FreeBSD ¦³³\¦hºØÃþªº¡y³Ì·sª©¡z¡C
-->
<answer>
<para>´N FreeBSD ¥Ø«eªºµo®i¦Ó¨¥¡A¦³¥|­Ó¥D­nµo®i¤À¤ä(¨ä¤¤¤T­Ó¤w¦³ RELEASE)¡G
¥Ñ <emphasis>4-STABLE</emphasis> ©Òµo¦æ(release)ªº 4.X ¨t¦C¡B
¥Ñ <emphasis>5-STABLE</emphasis> ©Òµo¦æ(release)ªº 5.X ¨t¦C¡B
¥Ñ <emphasis>6-STABLE</emphasis> ©Òµo¦æ(release)ªº 6.X ¨t¦C¡A
¥H¤Î <emphasis>7-CURRENT</emphasis> ¤À¤ä¡C</para>
<para>¦b 5.3 release ¤§«e¡A4.X ¨t¦C¤´³Qµø¬°¬O <emphasis>-STABLE</emphasis> ¤§¤@¡C
¦Û±q 5.3 ¶}©l¡A5.X ¶}©l³W¹º·sªº <emphasis>-STABLE</emphasis> µo®i­«ÂI¡A
¦Ó 4.X ±N¥uµÛ­«¦b­«¤j°ÝÃD¤W(¤ñ¦p¡Gº|¬}­×¸É¡B¦w¥þºûÅ@)¥H¤Î &quot;extended support&quot;
¡A¤£¦A·|¦³·sªº¬ð¯}©Êµo®i¡C</para>
<!-- note: the entity definitions are out of date -->
<para>©ó &rel.current.date; ©Òµo¦æªº<ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE">&rel.current;</ulink>
ª©¬O¥Ø«e³Ì·sªº <emphasis>6-STABLE</emphasis> ª©¡F
¦Ó©ó &rel2.current.date; ©Òµo¦æªº<ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel2.current;-RELEASE/">&rel2.current;</ulink>
- ª©«h¬O¥Ø«e³Ì·sªº <emphasis> &rel.current.date;</emphasis> ª©¡C</para>
+ ª©«h¬O¥Ø«e³Ì·sªº <emphasis>5-STABLE</emphasis> ª©¡C</para>
<para>²³æªº»¡¡A<emphasis>-STABLE</emphasis> ªº¥D­n¶D¨D¹ï¶H¬O¹ï©ó
í©w©Ê¤Î§CÅܲ§©Êªº»Ý¨D»·³Ó¹L¹ï³Ì·s <emphasis>-CURRENT</emphasis>
snapshot ¤¤¯S§O·s¥\¯àªº»Ý¨D¡A¨Ò¦p ISP ©Î¤½¥q¦æ¸¹ªº¨Ï¥ÎªÌ¡C³o¨â­Ó
branch ³£¦³¥i¯à·|²£¥Í release ª©¡A¦ý¥u¦³·í§A¯à±µ¨ü
<emphasis>-CURRENT</emphasis> »·¤ñ <emphasis>-STABLE</emphasis>
®e©ö§ó°Ê³o¤@ÂI¡A¤~À³¸Ó¥Î <emphasis>-CURRENT</emphasis>¡C</para>
<para>Release ª©<link linkend="release-freq">¨C´X­Ó¤ë</link>¤~·|µo
¦æ¤@¦¸¡CÁöµM¦p¦¹¡A¦³«Ü¦h¤H©M FreeBSD ­ì©l½X¦P¨B§ó·s¡]¸Ô¨£
<link linkend="current">FreeBSD-CURRENT</link> ©M <link
linkend="stable">FreeBSD-STABLE</link> ªº¬ÛÃö°ÝÃD)¡A¦ý¦]¬°­ì©l½X
¬O¤@ª½¤£Â_¦a¦bÅܰʪº¡A©Ò¥H¦pªG­n³o»ò°µªº¸Ü±o­nªá¤W§ó¦hªººë
¤O¡C</para>
<para>¨ä¥L§ó¦h¬ÛÃö FreeBSD µo¦æ±¡³ø¡A¥i¥Ñ FreeBSD ºô¯¸¤Wªº <ulink
url="http://www.FreeBSD.org/releng/index.html"> Release Engineering</ulink> ±oª¾</para>
</answer>
</qandaentry>
<qandaentry>
<question id="current">
<para>¤°»ò¬O FreeBSD-CURRENT¡H</para>
</question>
<answer>
<para><ulink
url="&url.books.handbook;/cutting-edge.html#CURRENT">FreeBSD-CURRENT</ulink>
«üªº¬O¥¿¦bµo®i¤¤ªº§@·~¨t²Îª©¥»¡A¥¦²×±N¦b¾A·íªº®É¾÷¦¨¬°
&os.stable; ¤À¤ä¡C¥¦¹ê¦b¬O¥u¾A¦Xµ¹¨t²Îµo®iªÌ¥H¤Î¦³¼Ý¤Oªº·~¾l·R¦nªÌ¨Ï¥Î
¡C¦pªG·Q­n±o¨ì¦³Ãö¦p¦ó¨Ï¥Î -CURRENT ªº²`¤J¸ê°T¡A½Ð°Ñ¦Ò <ulink
url="&url.books.handbook;/index.html">¨Ï¥Î¤â¥U</ulink> ªº <ulink
url="&url.books.handbook;/cutting-edge.html#CURRENT">¬ÛÃö³¡¥÷</ulink>¡C
</para>
<para>¦pªG±z¹ï§@·~¨t²Î¥»¨­¨Ã¤£¬O«Ü¼ô±x¡A©Î¬O±z¨S¿ìªk¤À¿ë±z¹J¨ìªº°Ý
ÃD¬O¯uªºµo¥Í¤F°ÝÃD¥ç©Î¬O¼È®É©Êªº¤pª¬ªp¡A¨º»ò±z´N¤£À³¸Ó¨Ï¥Î
FreeBSD-CURRENT¡C³o­Ó¤À¤äªºµ{¦¡½X¦³®É­ÔÅܰʱo«Ü§Ö¡A¦Ó¥B¥i¯à·|¦]¦¹
¦Ó¨Ï±z¦³¦n´X¤Ñªº®É¶¡µLªk§ó·s±zªº¨t²Î¡C§Ú­Ì°²³]¨Ï¥Î
FreeBSD-CURRENT ªº¨Ï¥ÎªÌ³£¦³¯à¤O¥h¤ÀªR¥L­Ì©Ò¹J¨ìªº°ÝÃD¨Ã¥B¥u¦^³ø
¯u¥¿ªº°ÝÃD¦Ó«D<quote>¤pª¬ªp</quote>¡C¦pªG±z¦b -CURRENT mailing
list ¤¤´£¨ìÃþ¦ü<quote>make world ³y¦¨¤@¨Ç¦³Ãö groups ªº¿ù
»~</quote>¤§Ãþªº°ÝÃDªº¸Ü¡A¤]³\·|³Q¨ä¥L¤H»´µø¡C</para>
<para>§Ú­Ì¨C¤Ñ³£·|®Ú¾Ú¥Ø«e -CURRENT ©M -STABLE ªºª¬ªp¹ï³o¨â­Ó¤À¤ä¦U
µo¦æ¤@­Ó<ulink URL="&url.base;/releases/snapshots.html">snapshot
</ulink> ª©¡C¦³ªº®É­Ô¬Æ¦ÜÁÙ·|µo¦æ¥i¨Ñ¨ú±oªºª©¥»¡Cµoªí³o¨Ç snapshot
ªº¥Øªº¦b©ó¡G</para>
<itemizedlist>
<listitem>
<para>´ú¸Õ³Ì·sª©ªº¦w¸Ëµ{¦¡¡C</para>
</listitem>
<listitem>
<para>´£¨Ñ¤@­Ó²³æªº¤èªkµ¹¨º¨Ç³ßÅw¨Ï¥Î -CURRENT ©Î¬O -STABLE ¦ý
¬O¨S¦³®É¶¡©MÀW¼e¥h¨C¤Ñª@¯Åªº¨Ï¥ÎªÌ¡C</para>
</listitem>
<listitem>
<para>¬°¤F´À§Ú­Ìµo®i¤¤ªºµ{¦¡«O¯d¤@­Ó©T©wªº°Ñ¦ÒÂI¡A¥H¨¾¤î§Ú­Ì¥¼
¨Ó³y¦¨¤£©¯¡C(ÁöµM¤@¯ë¦Ó¨¥ CVS ¥i¥H¨¾¤îÃþ¦ü³oºØªº¥i©È¨Æ¥ó :)
</para>
</listitem>
<listitem>
<para>¬°¤F½T«O©Ò¦³»Ý­n´ú¸Õªº·s¥\¯à³£¥i¥H±o¨ì³Ì¦hªº´ú¸Õ¡C</para>
</listitem>
</itemizedlist>
<para>§Ú­Ì¤£¹ï -CURRENT snapshot °µ¥ô¦ó§Î¦¡ªº<quote>«~½è«O
ÃÒ</quote>¡C¦pªG§A·Q­nªº¬O¤@­Óí©w¥B¸g¹L¥R¤À´ú¸Õ¹Lªº¨t²Îªº¸Ü¡A
³Ì¦n¿ï¾Ü¨Ï¥Î§¹¾ã release ªºª©¥»¡A©Î¬O¨Ï¥Î -STABLE snapshots¡C</para>
<para>±z¥i¥Hª½±µ±q <ulink
URL="ftp://current.FreeBSD.org/pub/FreeBSD/snapshots/">
ftp://current.FreeBSD.org/pub/FreeBSD/snapshots/</ulink> ¨ú±o -CURRENT ªº
snapshot release</para>
<para>¹ï¨C­Ó¦³¦b¬¡°Êªº¤À¤ä¦Ó¨¥¡A¥­§¡¨C¤Ñ³£·|²£¥Í¤@¦¸ snapshots¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="stable">
<para>¤°»ò¬O FreeBSD-STABLE¡H</para>
</question>
<answer>
<para>¦^·¹¨ì FreeBSD 2.0.5 ­èµoªíªº®É­Ô¡A§Ú­Ì¨M©w§â FreeBSD ªºµo®i
¤À¦¨¨â¤ä¡C¤@¤ä¥s°µ <ulink url="&url.books.handbook;/current-stable.html#STABLE">-STABLE</ulink>
¡A§Ú­Ì¥u¹ï¥¦°µ¿ù»~­×¥¿¤Î¤p´T«×ªº­×§ï (³o¬Oµ¹ ISP ©M°Ó·~¤½¥qµ¥¡A¹ï¹êÅ礤¥\¯à¤£·P¿³½ìªº³æ¦ì©Ò¨Ï¥Îªº)¡C
¥t¥~¤@¤ä¥s°µ <ulink url="&url.books.handbook;/current-stable.html#CURRENT">-CURRENT</ulink>¡A±q
2.0 ª©µo¦æ¥H«á¡A´N¤£Â_¦a´ÂµÛ 6.0-RELEASE (§t«áÄòªºª©¥»)«e¶iµÛ¡C</para>
<para>6-STABLE ¤À¤ä¬O±q 6.0-RELEASE ¶}©l(5-STABLE ¤À¤äºâ¬O 5.3-RELEASE ¤§«á¤~¶}©lªº)¡A
µM«á­ì¥»ªº &os.current; ´N·|¦¨¬° 7-CURRENT¡C
</para>
<para>¤U­±´N¬Oª©¥»ºt¶iªº¥Ü·N¹Ï¡G</para>
<programlisting> 2.0
|
|
| [2.1-STABLE]
*BRANCH* 2.0.5 -&gt; 2.1 -&gt; 2.1.5 -&gt; 2.1.6 -&gt; 2.1.7.1 [2.1-STABLE ends]
| (Mar 1997)
|
|
| [2.2-STABLE]
*BRANCH* 2.2.1 -&gt; 2.2.2-RELEASE -&gt; 2.2.5 -&gt; 2.2.6 -&gt; 2.2.7 -&gt; 2.2.8 [end]
| (Mar 1997) (Oct 97) (Apr 98) (Jul 98) (Dec 98)
|
|
3.0-SNAPs (started Q1 1997)
|
|
3.0-RELEASE (Oct 1998)
|
| [3.0-STABLE]
*BRANCH* 3.1-RELEASE (Feb 1999) -&gt; 3.2 -&gt; 3.3 -&gt; 3.4 -&gt; 3.5 -&gt; 3.5.1
| (May 1999) (Sep 1999) (Dec 1999) (June 2000) (July 2000)
|
| [4.0-STABLE]
*BRANCH* 4.0 (Mar 2000) -&gt; 4.1 -&gt; 4.1.1 -&gt; 4.2 -&gt; 4.3 -&gt; 4.4 -&gt; ... -&gt; 4.11
|
| (July 2000) (Sep 2000) (Nov 2000) (Jan 2005)
|
| [5.0-STABLE]
*BRANCH* 5.0 (2001) -&gt; 5.1 -&gt; 5.2 -&gt; 5.3 -&gt; 5.4 -&gt; ... future 5.x releases...
|
| ( 2001) (Nov 2004) (May 2005)
|
| [6.0-STABLE]
*BRANCH* 6.0 (Nov 2005) ... future 6.x releases...
|
\|/
+
[7.0-CURRENT continues]</programlisting>
<para>2.2-STABLE ³o­Ó¤À¤äÀHµÛ 2.2.8 ªºµoªí¦Ó¥\¦¨¨­°h¡C3-STABLE ³o­Ó
¤À¤ä«h¬Oµ²§ô¦b 3.5.1 µoªí¤§«á¡A¥¦¤]¬O 3.X ªº³Ì«á¤@¦¸µoªí¡C¤§«á°£¤F
¦w¥þ¬ÛÃöªº­×¥¿¤§¥~¡A³o¨â­Ó¤À¤ä´N´X¥G¨S¦³¦A§ó°Ê¹L¡C4-STABLE ¤À¤äªº¤ä´©
·|«ùÄò¨ì 2007/01/31¡A¦ý¥D­nµJÂI¦b©ó¦w¥þ¤è­±ªºº|¬}¡B¯äÂΤΨä¥LÄY­«°ÝÃDªº­×¸É¡C</para>
<para>5-STABLE ¬O¥Ø«e¥¿¦bµo®i¤¤ªº -STABLE ¤À¤ä¡C5-STABLE ªº³Ì·sªº¤@
¦¸µoªí¬O¦b &rel2.current.date; µo¦æªº &rel2.current;-RELEASE¡C</para>
<para>6-STABLE ¬O¥Ø«e¥¿¦bµo®i¤¤ªº -STABLE ¤À¤ä¡C6-STABLE ªº³Ì·sªº¤@
¦¸µoªí¬O¦b &rel.current.date; µo¦æªº &rel.current;-RELEASE¡C</para>
<para>7-CURRENT ³o­Ó¤À¤ä¬O &os; ªº -CURRENT ¤À¤ä¡A¤´µM¤£Â_¦a¦bµo®i·í¤¤¡C
¦pªG·Q­nª¾¹D§ó¦hÃö©ó³o­Ó¤À¤äªº¸ê°Tªº¸Ü¡A½Ð°Ñ¦Ò <link
linkend="current">¤°»ò¬O &os;-CURRENT¡H</link>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="release-freq">
<para>¨C¦¸·sªº FreeBSD ±N©ó¤°»ò®É­Ô±À¥X¡H</para>
</question>
<answer>
<para>¤@¯ë¦Ó¨¥¡A&a.re; ¥­§¡¨C¥|­Ó¤ëµo¦æ¤@¦¸ release¡A¨C¦¸·sª©¥»ªºµoªí®Éµ{³£·|¨Æ¥ý¤½§i¡A
¬ÛÃöªº¶}µo¤H­û´N·|ª¾¹D¡A¤°»ò®É­Ô¸Ó¥ý§â¤âÃ䪺­p¹º§¹¦¨¨Ã¥B´ú¸Õ¹L¡A
¦¹¥~¡A³o¨Ç§ó°Ê³£¤w¸g§¹¾ã¦a´ú¸Õ¹L¡A¥B¤£·|¼vÅT¨t²Îí©w«×¡C
ÁöµM¡Aµ¥³o¨Ç¦nªF¦è¶i¤J -STABLE ªº®É¶¡¥O¤Hµ¥±o¦³¨Ç¤£­@·Ð¡A
¦ý¬O¤j¦h¼Æªº¨Ï¥ÎªÌ³£»{¬°³oºØÂÔ·VªººA«×¬O FreeBSD ³Ì¦nªºÀuÂI¤§¤@¡C</para>
<para>¦³Ãöµo¦æ±¡³øªº§ó¦h²Ó¸`³¡¤À(¥]¬A release ªº¦æµ{ªí¡B¶i«×)¡A³£¥i¦b FreeBSD ºô¯¸¤Wªº
<ulink url="http://www.FreeBSD.org/releng/index.html">µo¦æ±¡³ø</ulink> ¤W­±Àò±o¡C</para>
<para>¬°¤Fº¡¨¬¨º¨Ç»Ý­n (©Î·Q­n) ·sÂA¨ë¿E·Pªº¨Ï¥ÎªÌ¡A
¤W­±(-CURRENTªº³¡¤À)¤w¸g´£¨ì§Ú­Ì¨C¤Ñ³£·|µo¦æ snapshots ª©¥i¨Ñ¨Ï¥Î¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="responsible">
<para>½Ö­t³d FreeBSD ªºµo®i¡H</para>
</question>
<answer>
<para>¦pªG¬O¤@¨Ç¦³Ãö FreeBSD ­pµeªºÃöÁä©Ê¨M©w¡A¹³¬O¾ã­Ó­pµeªº¨«¦V
©Î¬O¨M©w½Ö¥i¥H§ï source tree ¸Ìªºµ{¦¡½X³oÃþªº¨Æ¡A¬O¥Ñ¤@­Ó¥Ñ 9 ­Ó
¤H©Ò²Õ¦¨ªº <ulink
url="&url.articles.contributors;/article.html#STAFF-CORE">core
team</ulink> ¨Ó¨M©w¡C¦Ó¦³¥t¤@¸s¶W¹L 300 ­Ó¤Hªº <ulink
url="&url.articles.contributors;/article.html#STAFF-COMMITTERS">
commiters</ulink> ¦³Åv§Q¥i¥Hª½±µ­×§ï FreeBSD ªº source tree¡C
</para>
<para>µL½×¦p¦ó¡A¤j¦h¼Æªº§ïÅܳ£·|¨Æ«e¦b <link linkend="mailing">
mailing lists</link> ¥ý°Q½×¹L¡A¦Ó¥B¤£¤À¨¤¦â¡A¨C­Ó¤H³£¥i¥H°Ñ»P°Q½×¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="where-get">
<para>§Ú­n¦p¦ó¨ú±o FreeBSD¡H</para>
</question>
<answer>
<para>¨C­Ó FreeBSD ªº­«­nª©¥»³£¥i¥H¸g¥Ñ°Î¦W ftp ±q <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/">FreeBSD FTP ¯¸</ulink>¨ú±o¡G</para>
<itemizedlist>
<listitem>
<para>¦pªG»Ý­n 6-STABLE ªº³Ì·sª©¡A¤]´N¬O &rel.current;-RELEASE¡A½Ð¨ì <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE/">&rel.current;-RELEASE </ulink>³o­Ó¥Ø¿ý</para>
</listitem>
<listitem>
<para><ulink url="ftp://current.FreeBSD.org/pub/FreeBSD/">7-CURRENT Snapshot</ulink>
³q±`¤]¬O¨C¤Ñ³£·|°µ¤@¥÷¡A³o¬O±q <link linkend="current">-CURRENT</link> ¤À¤ä°µ¥X¨Óªº¡A
¥D­n¬O¬°¤F´£¨Ñµ¹¨º¨Ç¼ö¤ßªº´ú¸ÕªÌ©M¶}µo¤H­û¡C</para>
</listitem>
<listitem>
<para>¦pªG»Ý­n 5-STABLE ªº³Ì·sª©¡A¤]´N¬O &rel2.current;-RELEASE¡A½Ð¨ì <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel2.current;-RELEASE/">&rel2.current;-RELEASE </ulink>³o­Ó¥Ø¿ý</para>
</listitem>
<listitem>
<para>¦pªG»Ý­n 4-STABLE ªº³Ì·sª©¡A¤]´N¬O 4.11-RELEASE¡A½Ð¨ì <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/4.11-RELEASE/">4.11-RELEASE </ulink>³o­Ó¥Ø¿ý</para>
</listitem>
<listitem>
<para><ulink
url="ftp://current.FreeBSD.org/pub/FreeBSD/snapshots/">4.X¡B5.X¡B6X snapshots</ulink>
³q±`¨C¤Ñ³£·|°µ¤@¥÷¡C</para>
</listitem>
</itemizedlist>
<para>FreeBSD ªº CD¡BDVD¡AÁÙ¦³¨ä¥L¨ú±o¤è¦¡¥i¥H¦b <ulink url="&url.books.handbook;/mirrors.html">¨Ï¥Î¤â¥U</ulink> ¤¤§ä¨ì¸Ñµª¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="howto-mirror">
<para>«ç»ò«Ø¥ß FreeBSD ªº¬M®g(mirror)¯¸¥x¡H</para>
</question>
<answer>
<para>¦³Ãö¦p¦ó«Ø¥ß FreeBSD ¬M®g¯¸(mirror)ªº¸ê®Æ¡A¥i¥H°Ñ¦Ò <ulink
url="&url.articles.hubs;/">Mirroring FreeBSD</ulink> ¤å³¹</para>
</answer>
</qandaentry>
<qandaentry>
<question id="access-pr">
- <para>§Ú­n¦p¦ó¥h¬d¸ß¡B´£¥æ°ÝÃD¦^³ø(Problem Report)¸ê®Æ®w©O¡H</para>
+ <para>§Ú­n¦p¦ó¥h¬d¸ß¡B´£¥æ°ÝÃD¦^³ø(Problem Report¡A²ºÙPR)¸ê®Æ®w©O¡H</para>
</question>
<answer>
- <para>©Ò¦³¨Ï¥ÎªÌªºÅܧó­n¨D³£¥i¥H¸g¥Ñºô­¶¤¶­±ªº PR
+ <para>©Ò¦³¨Ï¥ÎªÌªºÅܧó­n¨D³£¥i¥H¸g¥Ñºô­¶¤¶­±ªº
<ulink URL="http://www.FreeBSD.org/cgi/query-pr-summary.cgi?query">
- ¬d¸ß¤¶­±</ulink> ¨Ó¹î¬Ý (©Î¬O¦^³ø) §Ú­Ìªº¿ù»~¦^³ø¸ê®Æ®w¡C</para>
+ PR¬d¸ß¤¶­±</ulink> ¨Ó¹î¬Ý (©Î¬O¦^³ø) §Ú­Ìªº¿ù»~¦^³ø¸ê®Æ®w¡C</para>
<para>¤]¥i¥H¨Ï¥Î &man.send-pr.1; ³o­Ó«ü¥O³z¹L¹q¤l¶l¥ó¨Ó¦^³ø°ÝÃD¡B­n¨DÅܧó¡C
©ÎªÌ¬O¸g¥Ñ <ulink url="http://www.FreeBSD.org/send-pr.html">ºô­¶¤¶­±ªº PR</ulink> ¨Ó°e¥X°ÝÃD¦^³ø¡C</para>
<para>µM¦Ó¡A¦b±z¦^³ø°ÝÃD¤§«e¡A½Ð¥ý¾\Ū <ulink
URL="&url.articles.problem-reports;/article.html">¦p¦ó¼¶¼g
FreeBSD ªº°ÝÃD¦^³ø³æ</ulink>¡A³o¬O¤@½g§i¶D§A«ç¼Ë¤~¯à¼g¥X¤@½g¯u¥¿¦³¥Îªº
°ÝÃD¦^³ø³æ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="become-web-mirror">
<para>­n«ç¼Ë¤~¯à¦¨¬° FreeBSD ªººô­¶¬M®g(mirror)¯¸¥x¡H</para>
</question>
<answer>
<para>¦³«Ü¦h¤èªk¥i¥H¬M®g(mirror)§Ú­Ìªººô­¶¡C</para>
<itemizedlist>
<listitem>
<para>±z¥i¥H§Q¥Î <filename role="package">net/cvsup</filename>
±q cvsup.FreeBSD.org ¨ú±o®æ¦¡¤Æ¹LªºÀɮסC
<filename>/usr/share/examples/cvsup/www-supfile</filename>
³oÀÉ´N¬O¤@­Ó±Ð§A«ç¼Ë°µºô­¶¬M®gªº CVSup ³]©w½d¨Ò¡C
</para>
</listitem>
<listitem>
<para>±z¥i¥H§Q¥Î±z³ßÅwªº ftp mirror ¤u¨ã±q FreeBSD ªº FTP ¯¸»O
¤¤¨ú±oºô­¶ªº­ì©l½X¡C¦ý¬O­nª`·Nªº¬O¦b§A¥´ºâ´£¨Ñ¤½¶}ªA°È¤§«e¡A
°O±o­n¥ý§Q¥Î³o¨Ç­ì©l½X§âºô­¶­««Ø°_¨Ó¡C½Ð±q <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-current/www"></ulink> ¶}©l§ì¨ú¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="other-info-sources">
- <para>¦³¨ä¥Lªº¸ê°T¨Ó·½¶Ü¡H</para>
+ <para>ÁÙ¦³¨ä¥L¦³Ãö FreeBSD ªº¸ê°T¶Ü¡H</para>
</question>
<answer>
<para>¸Ô¨£ <ulink
url="http://www.FreeBSD.org">FreeBSD</ulink> ºô¯¸¤Wªº <ulink
url="http://www.FreeBSD.org/docs.html">¤å¥ó</ulink> ¦Cªí¡C</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="support">
<chapterinfo>
<author>
<firstname>Chin-San</firstname>
<surname>Huang</surname>
<affiliation>
<address><email>chinsan.tw@gmail.com</email></address>
</affiliation>
</author>
</chapterinfo>
<title>¤å¥ó»P¤ä´©</title>
<qandaset>
<qandaentry>
<question id="books">
<para>Ãö©ó FreeBSD ¦³­þ¨Ç¦n®Ñ¥i¥H±ÀÂ˾\Ūªº¶Ü¡H</para>
</question>
<answer>
<para>FreeBSD ¤å¥ó­pµe¤w³°Äòµoªí¤F¬Û·í¼sªx½d³òªº¤å¥ó¡A¥i¦b <ulink
url="http://www.FreeBSD.org/docs.html"></ulink> ¨ú±o¡C¥t¥~¡A
FreeBSD ¥»¨­ªº manual(¤@¯ë³qºÙªºman)¡Bdoc¤]¦p¦P®M¥ó³nÅé¤@¼Ë¡A¥i¥H»´ÃP¦a¸Ë¦b±z¨t²Î¤W¡C
</para>
- <para>¦¹¥~¡A¤]«Øij°Ñ¾\¥»¥÷ FAQ ³Ì«á©Ò¦Cªº°Ñ¦Ò®Ñ¥Øªí(Bibliography)»P? FreeBSD ¨Ï¥Î¤â¥U?¡C
+ <para>¦¹¥~¡A¤]«Øij°Ñ¾\¥»¥÷ FAQ ³Ì«á©Ò¦Cªº°Ñ¦Ò®Ñ¥Øªí(Bibliography)»P FreeBSD ¨Ï¥Î¤â¥U¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="doc-formats">
<para>³o¨Ç¤å¥ó¦³¨ä¥L®æ¦¡ªº¶Ü¡H¹³¬O¡G¯Â¤å¦r(ASCII)©Î &postscript; ¤§Ãþªº®æ¦¡¡H</para>
</question>
<answer>
<para>¦³ªº¡C³o¨Ç¤å¥ó³£¤À§O¥H¤£¦P®æ¦¡Àx¦s¥H¤ÎÀ£ÁY³B²z¡A©ñ¦b
FTP ¤W­±¡A¥i¥H±q¦U FreeBSD FTP ¯¸ªº <ulink
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">/pub/FreeBSD/doc/</ulink>
¥Ø¿ý¤º§ä¨ì§A­nªº¡C</para>
<para>¤å¥óªº¤ÀÃþ¤è­±¥D­n¬O¤@¨Ç¤£¦P©Ê½è©Ò²Õ¦¨¡G</para>
<itemizedlist>
<listitem>
<para>¤å¥ó¦WºÙ¡A¤ñ¦p¡G<literal>faq(±`¨£°Ýµª¶°)</literal>©Î¬O
<literal>handbook(FreeBSD ¨Ï¥Î¤â¥U)</literal>µ¥µ¥¡C</para>
</listitem>
<listitem>
<para>¦U°ê½Ķªºªº¤å¥ó¡G³o¥D­n¬O¥Ñ locale ¦WºÙ¨Ó¨M©wªº
(¤£²M·¡ªº¸Ü¡A¥i°Ñ¦Ò±zªº FreeBSD §@·~¨t²Î¤Wªº <filename>/usr/share/locale</filename>)
¥Ø«e¤å¥óÁ`¦@¦³¤U¦C´XºØ»y¨¥(¤Î½s½X)¦³Â½Ä¶¡G</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
<thead>
<row>
<entry>Locale ¦WºÙ</entry>
<entry>»¡©ú(©Ò¥Nªíªº»y¨t¡B½s½X)</entry>
</row>
</thead>
<tbody>
<row>
<entry><literal>en_US.ISO8859-1</literal></entry>
<entry>¬ü¦¡­^¤å(US English)</entry>
</row>
<row>
<entry><literal>de_DE.ISO8859-1</literal></entry>
<entry>¼w¤å(German)</entry>
</row>
<row>
<entry><literal>es_ES.ISO8859-1</literal></entry>
<entry>¦è¯Z¤ú¤å(Spanish)</entry>
</row>
<row>
<entry><literal>fr_FR.ISO8859-1</literal></entry>
<entry>ªk¤å(French)</entry>
</row>
<row>
<entry><literal>it_IT.ISO8859-15</literal></entry>
<entry>¸q¤j§Q¤å(Italian)</entry>
</row>
<row>
<entry><literal>ja_JP.eucJP</literal></entry>
<entry>¤é¤å(Japanese¡A½s½X¤è¦¡¡GEUC)</entry>
</row>
<row>
<entry><literal>ru_RU.KOI8-R</literal></entry>
<entry>«X¤å(Russian¡A½s½X¤è¦¡¡GKOI8-R)</entry>
</row>
<row>
<entry><literal>zh_TW.Big5</literal></entry>
<entry>¥¿Å餤¤å(Chinese¡A½s½X¤è¦¡¡GBig5)</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<note>
<para>¤W¦Cªº¦U°ê½Ķ»y¨t¤å¥ó¤¤¡A¨Ã«D©Ò¦³¤å¥ó³£¦³Â½Ä¶¡C</para>
</note>
</listitem>
<listitem>
<para>¤å¥óªº®æ¦¡¡G¨C¥÷¤å¥ó³£¥H¦UºØ¤£¦P®æ¦¡Àx¦s¡A¨CºØ®æ¦¡³£¦U¦³¦nÃa¡A
¦³¨Ç®æ¦¡¾A¦X½u¤W¾\Ū¡A¦Ó¦³¨Ç«h¾A¦X¦C¦L¥X¬üÆ[ªº¤å¥ó¡C
§Ú­Ì³£´£¨Ñ³o¨Ç¤£¦P®æ¦¡ªº¤å¥ó¡A¨Ó½T«OµL½×¬O¿Ã¹õ¤W¡B¦C¦L¯È¥»¡A¨C­Ó¤H³£¥i¥H¥¿±`¦a¾\Ū¤º®e¡A
¥Ø«e¥i¨Ñ¨Ï¥Îªº®æ¦¡¦p¤U:</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
<thead>
<row>
<entry>®æ¦¡</entry>
<entry>»¡©ú</entry>
</row>
</thead>
<tbody>
<row>
<entry><literal>html-split</literal></entry>
<entry>³¹¸`¼Ò¦¡</entry>
</row>
<row>
<entry><literal>html</literal></entry>
<entry>§¹¾ã¼Ò¦¡</entry>
</row>
<row>
<entry><literal>pdb</literal></entry>
<entry>Palm Pilot ¸ê®Æ®æ¦¡¡A¨Ï¥Î
<ulink url="http://www.iSilo.com/">iSilo</ulink>
µ{¦¡¨Ó¾\Ū</entry>
</row>
<row>
<entry><literal>pdf</literal></entry>
<entry>Adobe's PDF ®æ¦¡</entry>
</row>
<row>
<entry><literal>ps</literal></entry>
<entry>&postscript; ®æ¦¡</entry>
</row>
<row>
<entry><literal>rtf</literal></entry>
<entry>Microsoft's RTF®æ¦¡<footnote>
<para>·í¨Ï¥Î MS Word ¨Ó¶}±Ò RTF ®æ¦¡ªº¸Ü¡A­¶¼ÆÅã¥Ü¨Ã¤£·|¦Û°Ê§ó·s¡C
(¦b¶}±Ò¤å¥ó«á¡A­n«ö <keycombo
action="simul"><keycap>CTRL</keycap><keycap>A</keycap></keycombo>,
<keycombo
action="simul"><keycap>CTRL</keycap><keycap>END</keycap></keycombo>,
<keycap>F9</keycap>¡A³o¼Ë¤l¤~·|§ó·s­¶¼ÆªºÅã¥Ü¡C)</para>
</footnote>
</entry>
</row>
<row>
<entry><literal>txt</literal></entry>
<entry>¯Â¤å¦r(ASCII)</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</listitem>
<listitem>
<para>¤å¥óªºÀ£ÁY¡B¥´¥]¤è¦¡¡G¥Ø«e¦³¤TºØ¤è¦¡¡G</para>
<orderedlist>
<listitem>
<para>·í±Ä¥Î
<literal>³¹¸`¼Ò¦¡(html-split)</literal>¡A³¹¸`¼Ò¦¡©Ò²£¥Íªº¦UÀÉ®×·|¥ý¨Ï¥Î
&man.tar.1; ¨ÓÀ£ÁY¡CÀɦWµ²§À¦³ <filename>.tar</filename> ªºÀÉ®×´N¬O tar ®æ¦¡¡C
±µµÛ¡A·|¦A¥H¤U¦C¤è¦¡¦AÀ£ÁY¡C
</para>
</listitem>
<listitem>
<para>¨ä¥L®æ¦¡ªºÀɮ׳£·|¬O³æ¤@ÀɮסAÀɦW³q±`·|¬O¡G
<filename>book.<replaceable>®æ¦¡</replaceable></filename>
(Á|¨Ò¡G <filename>book.pdb</filename>¡A
<filename>book.html</filename> µ¥µ¥..«á­±³q±`¥[¤W¡y.®æ¦¡¡z).</para>
<para>¦Ó³o¨ÇÀÉ®×·|¤À§O¥H¨âºØÀ£ÁY«¬ºA¶i¦æÀ£ÁY¡A¦Ó¦s¦¨¨âºØÀ£ÁY«¬ºA¡C</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
<thead>
<row>
<entry>®æ¦¡</entry>
<entry>»¡©ú</entry>
</row>
</thead>
<tbody>
<row>
<entry><literal>zip</literal></entry>
<entry>Zip ®æ¦¡¡A­Y­n¦b FreeBSD ¤W¸ÑÀ£ zip ÀÉ¡A«h¥²¶·¥ý¦w¸Ë
<filename role="package">chinese/unzip</filename> ©Î
<filename role="package">archivers/unzip</filename>¡C
</entry>
</row>
<row>
<entry><literal>bz2</literal></entry>
<entry>BZip2 ®æ¦¡¡AÁöµM¤£¦p zip ®æ¦¡ªº¼sªx¨Ï¥Î¡A¦ý¬O¦n³B¦b©ó¥iÀ£ÁY¦¨§ó¤pªºÀɮסC
­n¸ÑÀ£ bz2 ®æ¦¡ªº¸Ü¡A»Ý¥ý¦w¸Ë <filename role="package">archivers/bzip2
</filename>¡C</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>©Ò¥H¹³¬O Handbook ªº &postscript; ª©®æ¦¡¡A·|¥H BZip2 ®æ¦¡À£ÁY¡A
¦s©ñ¦b <filename>handbook/</filename> ¥Ø¿ý¤º¡A
ÀɦW´N¬O<filename>book.ps.bz2</filename>¡C</para>
</listitem>
</orderedlist>
</listitem>
</itemizedlist>
<para>¿ï¾Ü·Q­n¤U¸üªº¤å¥ó®æ¦¡»PÀ£ÁY«¬ºA¤§«á¡A«h­n¨M©w¬O§_¥H FreeBSD <emphasis>®M¥ó(package)</emphasis>
«¬ºA¨Ó¤U¸ü¡C</para>
<para>¤U¸ü¡B¦w¸Ë¡ypackage¡zªº¦n³B¦b©ó¡G¥i¥H³z¹L¤@¯ë FreeBSD
®M¥óºÞ²z¤è¦¡¨Ó¶i¦æºÞ²z¡A¤ñ¦p &man.pkg.add.1; ¤Î
&man.pkg.delete.1;¡C</para>
<para>­Y¨M©w¦n­n¤U¸ü¡B¦w¸Ë¡ypackage¡zªº¸Ü¡A¥²¶·­n½T»{©Ò­n¤U¸üªºÀɦW¡C
¤å¥ó­pµeªº®M¥ó(package)³q±`¬O©ñ¦b¬O <filename>packages</filename> ªº¥Ø¿ý¤º¡A
¨C­Ó¤å¥ó­pµeªº®M¥óÀɦW³q±`¬O¡G
<filename><replaceable>¤å¥ó¦WºÙ</replaceable>.<replaceable>»y¨t</replaceable>.<replaceable>½s½X</replaceable>.<replaceable>®æ¦¡</replaceable>.tgz</filename>
¡C</para>
<para>Á|­Ó¨Ò¤l¡A­^¤åª©ªº FAQ (®æ¦¡¿ï¾Ü PDF)¦b package ´N¥s°µ
<filename>faq.en_US.ISO8859-1.pdf.tgz</filename>¡C</para>
<para>¦AÁ|­Ó¨Ò¤l¡A¤¤¤åª©ªº FAQ (®æ¦¡¿ï¾Ü PDF)¦b package ´N¥s°µ
<filename>faq.zh_TW.Big5.pdf.tgz</filename>¡C</para>
<para>ª¾¹D³oÂI¤§«á¡A´N¥i¥H¥Î¤U­±«ü¥O¨Ó¦w¸Ë¤¤¤åª© FAQ ®M¥ó¡G</para>
<screen>&prompt.root; <userinput>pkg_add ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/packages/faq.zh_TW.Big5.pdf.tgz</userinput></screen>
<para>§¹¦¨¤§«á¡A¥i¥H¥Î &man.pkg.info.1; ¨Ó§ä¥XÀɮ׸˦b­þÃä¡G</para>
<screen>&prompt.root; <userinput>pkg_info -f faq.zh_TW.Big5.pdf</userinput>
Information for faq.zh_TW.Big5.pdf:
Packing list:
Package name: faq.zh_TW.Big5.pdf
CWD to /usr/share/doc/zh_TW.Big5/books/faq
File: book.pdf
CWD to .
File: +COMMENT (ignored)
File: +DESC (ignored)</screen>
<para>¦p¦P±z©Ò¬Ý¨ìªº <filename>book.pdf</filename> ·|³Q¦w¸Ë¨ì
<filename>/usr/share/doc/zh_TW.Big5/books/faq</filename> ¤º¡C</para>
<para>­Y¤£·Q¥Î package ¤è¦¡¦w¸Ë¡A¨º»ò´N»Ý¤â°Ê¤U¸ü¡B¸ÑÀ£ÁY¡B½Æ»s¨ì§A·Q­nÂ\©ñªº¦ì¸m¥h¡C</para>
<para>Á|¨Ò¡A³¹¸`¼Ò¦¡(split HTML)ª©ªº­^¤å FAQ (À£ÁY¬° &man.bzip2.1;)·|©ñ¦b
<filename>doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2</filename>
­n¤U¸ü¡B¸ÑÀ£ªº¸Ü¡A«h­n¥´¡G</para>
<screen>&prompt.root; <userinput>fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2</userinput>
&prompt.root; <userinput>bzip2 -d book.html-split.tar.bz2</userinput>
&prompt.root; <userinput>tar xvf book.html-split.tar</userinput></screen>
<para>³o®É§A·|¬Ý¨ì¤@°ï <filename>.html</filename> ªºÀɮסA
¥D­nªº¥Ø¿ýÀɬ° <filename>index.html</filename>
¤º§t¥D¥Ø¿ý¤Î³sµ²¨ì¨ä¥L¤å¥ó¡C(­Y¦³»Ý­nªº¸Ü¡A¤]¥i¥H½Æ»s©Î·h²¾³o¨ÇÀɮרì¦P¤@¥Ø¿ý¤U)</para>
</answer>
</qandaentry>
<qandaentry>
<question id="mailing">
<para>­þ¸Ì¦³Ãö©ó FreeBSD ªº¶l»¼½×¾Â(mailing lists)©O¡H</para>
</question>
<answer>
- <para>³o­Ó°ÝÃD¡A¥i¥H±q? FreeBSD ¨Ï¥Î¤â¥U?¤W­±ªº <ulink
+ <para>³o­Ó°ÝÃD¡A¥i¥H±q FreeBSD ¨Ï¥Î¤â¥U¤W­±ªº <ulink
url="&url.books.handbook;/eresources.html#ERESOURCES-MAIL">¶l»¼½×¾Â(mailing-lists)</ulink>
³¡¤ÀÀò±oµª®×¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="y2k">
<para>§Ú¸Ó±q­þÃä±o¨ì¦³Ãö FreeBSD ¦b¤dÁHÂÎ(Y2K)¤è­±ªº¸ê®Æ©O?</para>
</question>
<answer>
<para>³oµª®×¥i¥H¦b <ulink
url="&url.base;/y2kbug.html">FreeBSD ¤dÁHÂÎ(Y2K)</ulink>¤W­±Àò±o</para>
</answer>
</qandaentry>
<qandaentry>
<question id="newsgroups">
<para>¦³­þ¨Ç¥i¥H¨Ï¥Îªº FreeBSD ·s»D¸s²Õ(news groups)©O?</para>
</question>
<answer>
- <para>³oµª®×¥i¥H±q? FreeBSD ¨Ï¥Î¤â¥U?¤W­±ªº <ulink
+ <para>³oµª®×¥i¥H±q FreeBSD ¨Ï¥Î¤â¥U¤W­±ªº <ulink
url="&url.books.handbook;/eresources-news.html">·s»D¸s²Õ(newsgroups)</ulink>
³¡¤ÀÀò±oµª®×¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="irc">
<para>¦³­þ¨Ç FreeBSD IRC (Internet Relay Chat)ÀW¹D©O¡H</para>
</question>
<answer>
<para>¦³ªº¡A¤j³¡¤Àªº IRC ¥D¾÷³£¦³ FreeBSD ²á¤ÑÀW¹D¡G</para>
<itemizedlist>
<listitem>
- <para>Channel <literal>#FreeBSD</literal> on
- <ulink url="http://www.efnet.org/index.php">EFNet</ulink>
+ <para><ulink url="http://www.efnet.org/index.php">EFNet</ulink> ªº
+ <literal>#FreeBSD</literal> ÀW¹D
is a FreeBSD forum, but do not go there for tech
support or try to get folks there to help you avoid
the pain of reading manual pages or doing your own research.
It is a chat channel, first and foremost, and topics there
are just as likely to involve sex, sports or nuclear
weapons as they are FreeBSD. You Have Been Warned!
Available at server <hostid>irc.chat.org</hostid>.</para>
</listitem>
<listitem>
<para>Channel <literal>#FreeBSDhelp</literal> on
<ulink url="http://www.efnet.org/index.php">EFNet</ulink>
is a channel dedicated to helping FreeBSD users. They
are much more sympathetic to questions than
<literal>#FreeBSD</literal> is.</para>
</listitem>
<listitem>
<para>Channel <literal>#FreeBSD</literal> on
<ulink url="http://www.dal.net/">DALNET</ulink>
is available at <hostid>irc.dal.net</hostid> in the
US and <hostid>irc.eu.dal.net</hostid> in Europe.</para>
</listitem>
<listitem>
<para>Channel <literal>#FreeBSDHelp</literal> on
<ulink url="http://www.dal.net/">DALNET</ulink>
is available at <hostid>irc.dal.net</hostid> in the
US and <hostid>irc.eu.dal.net</hostid> in Europe.
The channel owners also have a web page with useful
information about the channel and &os;, available at
<ulink url="http://www.freebsdhelp.net/"></ulink>.</para>
</listitem>
<listitem>
<para>Channel <literal>#FreeBSD</literal> on
<ulink url="http://www.undernet.org/">UNDERNET</ulink>
is available at <hostid>us.undernet.org</hostid>
in the US and <hostid>eu.undernet.org</hostid> in Europe.
Since it is a help channel, be prepared to read the
documents you are referred to.</para>
</listitem>
+
+ <listitem>
+ <para>Channel <literal>#FreeBSD</literal> on
+ <ulink url="http://www.rusnet.org.ru/">RUSNET</ulink>
+ is a russian-language oriented channel dedicated
+ to helping &os; users. This is also good place
+ for non-technical discussions.</para>
+ </listitem>
</itemizedlist>
<para>Each of these channels are distinct and are not
connected to each other. Their chat styles also differ,
so you may need to try each to find one suited to your
chat style. As with <emphasis>all</emphasis> types of IRC
traffic, if you are easily offended or cannot deal with
lots of young people (and more than a few older ones)
doing the verbal equivalent of jello wrestling, do not
even bother with it.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="training">
<para>¥i¥H±q­þÃäÀò±o FreeBSD ªº°Ó·~½Òµ{°V½m¤Î§Þ³N¤ä´©©O¡H</para>
</question>
<answer>
<para>DaemonNews ¦³±Mªù´£¨Ñ FreeBSD ªº°Ó·~½Òµ{°V½m¤Î§Þ³N¤ä´©¡C
¸Ô±¡½Ð¨ì <ulink url="http://www.bsdmall.com/">BSD Mall</ulink>
¹î¬Ý¡AÁÂÁ¡C</para>
<para>FreeBSD Mall ¦³´£¨Ñ°Ó·~¤Æªº BSD §Þ³N¤ä´©¡A
¸Ô±¡½Ð¨ì <ulink
url="http://www.freebsdmall.com/">FreeBSD Mall</ulink> ¹î¬Ý¡AÁÂÁ¡C</para>
<para>¨ä¥L¥ô¦ó¦³´£¨Ñ½Òµ{°V½m¤Î§Þ³N¤ä´©ªº²Õ´¡B³æ¦ì¡A­Y¤]·Q¦Cªí©ó¦¹ªº¸Ü¡A
½Ð»P &a.doc; Ápµ¸¡AÁÂÁ¡C</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter
id="install">
<chapterinfo>
<author>
<firstname>Nik</firstname>
<surname>Clayton</surname>
<affiliation>
<address><email>nik@FreeBSD.org</email></address>
</affiliation>
</author>
</chapterinfo>
<title>¦w¸Ë</title>
<qandaset>
<qandaentry>
<question id="floppy-download">
<para>­Y­n¥Î³nºÐ¤ù¶}¾÷¨Ó¦w¸Ë FreeBSD ªº¸Ü¡A­n¤U¸ü­þ¨ÇÀɮשO¡H</para>
</question>
<answer>
<para>&os; 4.X ªº¸Ü¡A»Ý­n¨â­Ó image ÀÉ¡G
<filename>floppies/kernel.flp</filename> ¤Î
<filename>floppies/mfsroot.flp</filename>¡Cimage ÀÉ¥²¶·¥Î¤u¨ã¹³¬O
<command>fdimage</command> ©Î &man.dd.1; ¨Ó¶Ç°e¨ìºÏ¤ù¤W¡C
­Y¬O¦b &os; 5.3 (¤Î¤§«áª©¥»)¦³­«·s³W¹º¶}¾÷¤ù¬[ºc¡A©Ò¥H­n§ìªº¬O
- <filename>floppies/boot.flp</filename> ¥H¤Î <filename>floppies/kern<replaceable>X</replaceable></filename>
- ÀÉ®×(¥Ø«e X ¬° 1 ¸ò 2 ¨â­Ó¡A¥[¤W<filename>floppies/boot.flp</filename>¡AÁ`¦@¬O 3 ­ÓÀÉ®×)¡C</para>
+ <filename>floppies/boot.flp</filename> ¥H¤Î <filename>floppies/kern<replaceable>X</replaceable></filename>
+ ÀÉ®×(¥Ø«e X ¬° 1 ¸ò 2 ¨â­Ó¡A¥[¤W <filename>floppies/boot.flp</filename>¡AÁ`¦@¬O 3 ­ÓÀÉ®×)¡C</para>
<para>­Y·Q¦Û¤v¤U¸ü distributions ªº¸Ü(¤ñ¦p¥H &ms-dos; Àɮרt²Î®æ¦¡¦w¸Ë)¡A
¥H¤U¬O«Øij­n§ìªº distributions ¡G</para>
<itemizedlist>
<listitem>
- <para>base/ (bin/ in 4.X)</para>
+ <para>base/ (4.X ª©¥»«h¬° bin/)</para>
</listitem>
<listitem>
<para>manpages/</para>
</listitem>
<listitem>
<para>compat*/</para>
</listitem>
<listitem>
<para>doc/</para>
</listitem>
<listitem>
<para>src/ssys.*</para>
</listitem>
</itemizedlist>
- <para>§¹¾ã¦w¸Ë¨BÆJ¥H¤Î¤j³¡¤Àªº¦w¸Ë°ÝÃD¡A½Ð°Ñ¾\? FreeBSD ¨Ï¥Î¤â¥U?ªº
+ <para>§¹¾ã¦w¸Ë¨BÆJ¥H¤Î¤j³¡¤Àªº¦w¸Ë°ÝÃD¡A½Ð°Ñ¾\ FreeBSD ¨Ï¥Î¤â¥Uªº
<ulink url="&url.books.handbook;/install.html">¦w¸Ë FreeBSD</ulink> ³¹¸`</para>
</answer>
</qandaentry>
<qandaentry>
<question id="floppy-image-too-large">
<para>­YºÏ¤ù¸Ë¤£¤U image Àɪº¸Ü¡A¸Ó«ç»ò¿ì©O¡H</para>
</question>
<answer>
<para>¤@±i 3.5 ­^¦T(1.44MB) ªººÏºÐ¤ù¬O¥i¥H¸Ë¤W 1474560 bytes ªº¸ê®Æ
¡A¦Ó¶}¾÷¤ùªº image Àɮפj¤p¹ê»Ú¤W¤]¬O 1474560 bytes¡C</para>
<para>¦b»s§@¶}¾÷¤ù®É¡A±`¨£¿ù»~¦³¡G</para>
<itemizedlist>
<listitem>
<para>¨Ï¥Î <acronym>FTP</acronym> ¨Ó¤U¸üÀɮ׮ɡA
¥¼¿ï¾Ü <emphasis>binary</emphasis> ¶Ç¿é¼Ò¦¡¨Ó¤U¸ü¡C</para>
<para>¦³¨Ç FTP clientºÝµ{¦¡¡A¬O¹w³]±N¶Ç¿é¼Ò¦¡³]©w¬°
<emphasis>ascii</emphasis> ¼Ò¦¡¡A¦Ó¥B·|­×§ï±µ¦¬¨ìªºÀɮצæ§À¦r¦ê¬° client ºÝªº§@·~¨t²Î¤è¦¡
¡A¤ñ¦p newline(&unix;®æ¦¡) ¨ì¤F§@·~¨t²Î¬° &windows; ªº client ºÝ·|³Q§ï¬° CR-LF(&ms-dos;®æ¦¡)¡A
³o·|¨Ï±o image ÀÉ¥»¨­¾D¨ì­×§ï¦ÓµLªk¥¿±`¨Ï¥Î¡C¦]¦¹¡A¦pªG¤U¸üªº image
- Àɮפj¤p­Y»P FTP ¥D¾÷¤W­±ªºÀÉ®× <emphasis>¤£¤@­P</emphasis>
+ Àɮפj¤p­Y»P FTP ¥D¾÷¤W­±ªºÀɮסy<emphasis>¤£¤@­P</emphasis>¡z
ªº¸Ü¡A½Ð­«·s¨Ï¥Î binary ¶Ç¿é¼Ò¦¡¤U¸ü§Y¥i¡C</para>
<para>FTP «ü¥O: ¶i¤J FTP ¤§«á¡A¥´ <emphasis>binary</emphasis>
«ü¥O¡A§Y¥i¤Á´«¨ì binary ¶Ç¿é¼Ò¦¡¡AµM«á¦A¤U¸ü¬ÛÃö image ÀɮסC</para>
</listitem>
<listitem>
<para>ª½±µ¥Î &ms-dos; ªº <command>copy</command> «ü¥O(©ÎÃþ¦ü
ªº GUI µ{¦¡¡B©Î¬Oµøµ¡¤Wª½±µ½Æ»s)¨Ó½Æ»s¶}¾÷¥Îªº image ÀɨìºÏ¤ù¤W¡C
</para>
<para>¤£¥i¥H¥Î¹³¬O <command>copy</command> ³oÃþµ{¦¡ª½±µ±N image
Àɽƻs¨ìºÏ¤ù¤W¡A¦]¬° image ÀÉ¥»¨­¥]§t¤F§¹¾ãªººÏ­y¸ê®Æ¡A©Ò¥H¤£¯à³æ¯Â¥Î½Æ»s¤è¦¡¡A
¦Ó¥²¶·¨Ï¥Î§C¶¥¤u¨ãµ{¦¡(¹³¬O <command>fdimage</command> ©Î <command>rawrite</command>)¡A
- ¥H <quote>raw</quote> ¤è¦¡¶Ç°e¨ìºÏ¤ù¤W¡C(³o³¡¤À¥i°Ñ¾\? FreeBSD ¨Ï¥Î¤â¥U?¤Wªº <ulink
+ ¥H <quote>raw</quote> ¤è¦¡¶Ç°e¨ìºÏ¤ù¤W¡C(³o³¡¤À¥i°Ñ¾\ FreeBSD ¨Ï¥Î¤â¥U¤Wªº <ulink
url="&url.books.handbook;/install.html">¦w¸Ë FreeBSD</ulink>)</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="install-instructions-location">
<para>¥i¥H¦b­þÃä§ä¨ì¦w¸Ë FreeBSD ªº¸Ñ»¡¨BÆJ©O¡H</para>
</question>
<answer>
- <para>¦w¸Ë¨BÆJªº¸Ñ»¡¡A½Ð°Ñ¾\? FreeBSD ¨Ï¥Î¤â¥U?¤Wªº
+ <para>¦w¸Ë¨BÆJªº¸Ñ»¡¡A½Ð°Ñ¾\ FreeBSD ¨Ï¥Î¤â¥U¤Wªº
<ulink url="&url.books.handbook;/install.html">¦w¸Ë FreeBSD</ulink> ³¹¸`³¡¤À¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="need-to-run">
<para>­n¶] FreeBSD »Ý­n¤°»òªº°t³Æ©O¡H</para>
</question>
<answer>
- <para>&os; 5.X ¤§«eªºª©¥»¡AµwÅé»Ý¨D¬° 386 ©Î§ó°ª¯Åªº PC
+ <para>&os; 4.X ¤§«eªºª©¥»¡AµwÅé»Ý¨D¬° 386 ©Î§ó°ª¯Åªº PC
¡A°O¾ÐÅé(RAM)¦Ü¤Ö­n 5 MB ©Î§ó¦h¡AµwºÐªÅ¶¡¦Ü¤Ö­n 60 MB ©Î§ó¦h¡C
¤£¹L¡A&os; ¡y¨t²Î¦w¸Ëµ{¦¡¡zªº°O¾ÐÅé(RAM)»Ý¨D¬°¦Ü¤Ö 16 MB¡C</para>
<para>±q &os; 5.X °_¡AµwÅé»Ý¨D¬° 486 ©Î§ó°ª¯Åªº PC
¡A°O¾ÐÅé(RAM)¦Ü¤Ö­n 24 MB ©Î§ó¦h¡AµwºÐªÅ¶¡¦Ü¤Ö­n 150 MB ©Î§ó¦h¡C
</para>
- <para>&os; ªº©Ò¦³ª©¥»³£¥i¥H¥u¥Î§C¶¥ªº MDA ³W®æÅã¥Ü¥d¡A¤£¹L?­n¶] X11R6 µøµ¡ªº¸Ü¡A
+ <para>&os; ªº©Ò¦³ª©¥»³£¥i¥H¥u¥Î§C¶¥ªº MDA ³W®æÅã¥Ü¥d¡A¤£¹L...­n¶] X11R6 µøµ¡ªº¸Ü¡A
ÁÙ¬O¦Ü¤Ö¥Î VGA ©Î§ó¦n³W®æªºÅã¥Ü¥d¨Ó¥Î§a¡C</para>
<para>³o³¡¤À¤]¥i°Ñ¾\ <xref linkend="hardware">¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="four-meg-ram-install">
<para>§Ú¹q¸£ RAM ¥u¦³ 4MB ¦Ó¤w¡A¥i¥H¸Ë FreeBSD ¶Ü¡H</para>
</question>
<answer>
<para>¦w¸Ë &os; 4.X ªº°O¾ÐÅé»Ý¨D¬°¦Ü¤Ö 5 MB ¡A¦Ó
¦w¸Ë &os; 5.X (§t¤§«áª©¥») «h¬O¦Ü¤Ö­n 8 MB ¡C</para>
<para>¦b 5.X ¤§«eªº©Ò¦³ &os; ª©¥»¡A³£¥i¥H¥u¥Î 4 MB ªº°O¾ÐÅé¨Ó
<emphasis>¡y¹B§@¡z</emphasis>¡A¤£¹L¡A«e­±¨º¸`§Ú­Ì»¡¹L¤F¡y¨t²Î¦w¸Ëµ{¦¡¡zªº¸Ü¡A
«hµLªk¥u¥Î 4 MB ªº°O¾ÐÅé¨Ó°õ¦æ¡C¦]¦¹¡A§A¥i¥H¥ý¦b¡y¨t²Î¦w¸Ëµ{¦¡¡z³o¨BÆJ¤§«e¡A
¥ý±N°O¾ÐÅé¥[¨ì 16 MB ¥H¤W¡A¦w¸Ë§¹ FreeBSD ¤§«á¡A´N¥i¥H§â¦h¾lªº°O¾ÐÅ鮳¤U¨Ó¡C
©ÎªÌ¬O¡A¥ý§â­n¦w¸ËªºµwºÐ®³¨ì¦³¨¬°÷°O¾ÐÅ骺¾÷¾¹¤W¥ý¸Ë¦n¡A
µM«á¦A§âµwºÐ©ñ¦^­ì¾÷¾¹¡C</para>
<para>¦¹¥~¡A¥u¥Î 4 MB ªº°O¾ÐÅé¨Ó¹B§@ªº¸Ü¡A¥²¶·­n¦Û»s kernel(®³±¼¤£¥²­nªº¥H¤ÎÄ묹¤@¨ÇªF¦è)¡C
- ¤]¦³¤Hªº &os ¦¨¥\¥u¥Î 2 MB ªº°O¾ÐÅé¨Ó¶}¾÷(ÁöµM³o¼Ëªº¨t²Î´X¥Gµ¥©ó¼o¤F..)</para>
+ ¤]¦³¤H¦¨¥\¥u¥Î 2 MB ªº°O¾ÐÅé¥H &os; ¶}¾÷(ÁöµM³o¼Ëªº¨t²Î´X¥Gµ¥©ó¼o¤F..)</para>
</answer>
</qandaentry>
<qandaentry>
<question id="custom-boot-floppy">
<para>­n«ç¼Ë¤~¯à¦Û¦æ¥´³y±M¥Îªº¶}¾÷¡B¦w¸ËºÏ¤ù©O¡H</para>
</question>
<answer>
<para>¥Ø«e¡AÁÙ¨S¦³¿ìªk<emphasis>¡y¥u¡z</emphasis>¦Û»s±M¥Îªº¶}¾÷¡B¦w¸ËºÏ¤ù¡C
¥²¶·³z¹L¦Û¦æ¥´³y§¹¾ã§@·~¨t²Îªº release(µo¦æ)¡A³o¼Ë¸Ì­±¤~·|¥]¬A¦Û¤vªº¶}¾÷¡B¦w¸ËºÏ¤ù¡C</para>
<para>­Y·Q¦Û¦æ¥´³y¡Bµo¦æ(release)¤@­Ó§¹¾ãªº§@·~¨t²Î¡A½Ð°Ñ¾\³o½g
<ulink url="&url.articles.releng;/article.html">Release Engineering</ulink> ¤å³¹¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="multiboot">
<para>§Ú¹q¸£¤W¥i¥H¦³¦h­«§@·~¨t²Î¶Ü¡H</para>
</question>
<answer>
<para>¥i¥H§r¡A½Ð°Ñ¾\
<ulink url="&url.articles.multi-os;/index.html">
¦h­«§@·~¨t²Î</ulink> ³o½g¤å³¹¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="windows-coexist">
<para>&windows; ¥i¥H»P FreeBSD ¦@¦s©ó¹q¸£¤W¶Ü¡H</para>
</question>
<answer>
<para>¥ý¸Ë &windows; ¦A¸Ë FreeBSD¡C
- ¨º»ò FreeBSD ¶}¾÷ºÞ²z­û(boot manager)´N·|¥X²{¿ï³æÅý§A¿ï¾Ü­n¥H &windows; ©Î
+ ¨º»ò FreeBSD ¦h­«¶}¾÷ºÞ²z­û(boot manager)´N·|¥X²{¿ï³æÅý§A¿ï¾Ü­n¥H &windows; ©Î
FreeBSD ¨Ó¶}¾÷¡C¤£¹L¡A­Y§A¬O¥ý¸Ë FreeBSD ¦A¸Ë &windows; ªº¸Ü¡A
- ¨º»ò &windows; ±N·|¤£°Ý¥ý®_¡A§â FreeBSD ªº¶}¾÷ºÞ²z­û(boot manager)»\±¼¡A
+ ¨º»ò &windows; ±N·|¤£°Ý¥ý®_¡A§â FreeBSD ªº¦h­«¶}¾÷ºÞ²z­û(boot manager)»\±¼¡A
·í§A¹J¤W³oºØ±¡ªp®É¡A½Ð°Ñ¦Ò¤U¤@¸`»¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="win95-damaged-boot-manager">
- <para>¶ã??&windows; §â§Úªº¶}¾÷ºÞ²z­û(boot manager)®³±¼¤F¡I§Ú­n«ç»ò±Ï¦^¨Ó©O¡H</para>
+ <para>¶ã.. &windows; §â§Úªº¦h­«¶}¾÷ºÞ²z­û(boot manager)®³±¼¤F¡I­n«ç»ò±Ï¦^¨Ó©O¡H</para>
</question>
<answer>
- <para>¥i¥H¥Î¥H¤U¤TºØ¤è¦¡¤§¤@¡A¨Ó±Ï¦^§Aªº FreeBSD ¶}¾÷ºÞ²z­û(boot manager)¡G</para>
+ <para>¥i¥H¥Î¥H¤U¤TºØ¤è¦¡¤§¤@¡A¨Ó±Ï¦^§Aªº FreeBSD ¦h­«¶}¾÷ºÞ²z­û(boot manager)¡G</para>
<itemizedlist>
<listitem>
<para>¥i¥H±q¦U FreeBSD FTP ¯¸ªº <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">/pub/FreeBSD/tools/</ulink>
§ä¨ì <filename>bootinst.exe</filename> ¤Î <filename>boot.bin</filename> ³o¨â­ÓÀÉ¡A
¥H binary ¶Ç¿é¼Ò¦¡¤U¸ü«á¡A½Æ»s¨ìºÏ¤ù¤W¡A¦A¥Î DOS ¶}¾÷¤ù¶}¾÷¡A
±µµÛ¥´Ãþ¦ü¤U­±ªº«ü¥O¡G</para>
<screen><prompt>&gt;</prompt> <userinput>bootinst.exe boot.bin</userinput></screen>
- <para>³o¼Ë¶}¾÷ºÞ²z­û(boot manager)´N·|­«¸Ë§¹²¦¤F¡C</para>
+ <para>³o¼Ë¡A¦h­«¶}¾÷ºÞ²z­û(boot manager)´N·|­«¸Ë§¹²¦¤F¡C</para>
</listitem>
<listitem>
<para>¥Î FreeBSD ¶}¾÷¤ù¶}¾÷¡AµM«á¿ï³æ¨ºÃä¿ï Custom installation(¦Û­q¦w¸Ë)¡A
- ¦A¿ï Partition¡A±µµÛ¿ï¾Ü§A­n¸Ë¶}¾÷ºÞ²z­û(boot manager)ªºµwºÐ(³q±`¬O²Ä¤@Áû)¡A
+ ¦A¿ï Partition¡A±µµÛ¿ï¾Ü§A­n¸Ë¦h­«¶}¾÷ºÞ²z­û(boot manager)ªºµwºÐ(³q±`¬O²Ä¤@Áû)¡A
µM«á·|¥X²{ partition editor ªºµe­±¡A³o®É½Ð¤£­n°µ¥ô¦ó­×§ï¡Aª½±µ«ö W Àx¦s¡A
³o®Éµ{¦¡´N·|°Ý¬O§_­n½T©w Write ¡A³Ì«á¥X²{ Boot Manager ¿ï¾Üµe­±¡A
- °O±o­n¿ï <quote>Boot Manager</quote> ¡A³o¼Ë´N·|­«·s±N¶}¾÷ºÞ²z­û(boot manager)
+ °O±o­n¿ï <quote>Boot Manager</quote> ¡A³o¼Ë´N·|­«·s±N¦h­«¶}¾÷ºÞ²z­û(boot manager)
¦w¸Ë¨ìµwºÐ¤W¡C²{¦b¡A´N¤j¥\§i¦¨¥i¥HÂ÷¶}¦w¸Ë¿ï³æ¨Ã­«¶}¾÷¤F¡C</para>
</listitem>
<listitem>
<para>¥Î FreeBSD ¶}¾÷¤ù©Î¬O¶}¾÷¥úºÐ¶}¾÷¡AµM«á¿ï³æ¨ºÃä¿ï <quote>Fixit</quote>
¡A©Î¬O¥H Fixit ¶}¾÷¤ù©Î¬O¥úºÐ¦w¸Ëªº²Ä¤G¤ù(¿ï¾Ü <quote>live</quote> filesystem
¿ï¶µ)µM«á´N·|¶i¤J fixit shell ¤F¡A±µµÛ¥´¤U¦C«ü¥O¡G</para>
<screen><prompt>Fixit#</prompt> <userinput>fdisk -B -b /boot/boot0 <replaceable>bootdevice</replaceable></userinput></screen>
<para>½Ð±N¤W­±ªº <replaceable>bootdevice</replaceable> ­×§ï¬°±z¹ê»Úªº¶}¾÷µwºÐ¥N¸¹
¤ñ¦p <devicename>ad0</devicename> (²Ä¤@Áû IDE µwºÐ)
¡A©Î¬O<devicename>ad4</devicename> (first IDE disk on
auxiliary controller), <devicename>da0</devicename> (²Ä¤@Áû
- SCSI µwºÐ)µ¥µ¥?¡C</para>
+ SCSI µwºÐ)µ¥µ¥¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="boot-on-thinkpad">
- <para>·í¸Ë§¹ FreeBSD ¤§«á­«¶}¾÷¡A§Úªº IBM Thinkpad A¨t¦C¡BT¨t¦C©Î X¨t¦Cªºµ§°O«¬¹q¸£´N­w¤F¡A¸Ó«ç»ò¿ì©O¡H</para>
+ <para>IBM Thinkpad A¨t¦C¡BT¨t¦C©Î X¨t¦Cªºµ§°O«¬¹q¸£¸Ë§¹ FreeBSD ¤§«á­«¶}¾÷¡A´N·í¤F¡A¸Ó«ç»ò¿ì©O¡H</para>
</question>
<answer>
- <para>³o¨Ç IBM ¾÷¾¹¤Wªº BIOS ¦­´Áª©¥»¦³­Ó¯äÂÎ(bug)·|§â FreeBSD ¤À³Î°Ï»~»{¬°
- FAT ®æ¦¡¤À³Î°Ï¡AµM«á·í BIOS ¸ÕµÛ°»´ú FreeBSD ¤À³Î°Ï®É¡A´N·|­w¤F¡C</para>
+ <para>(¥»°ÝÃD¥D­n¬Oµo¥Í¦b 2000 ~ 2001 ¥|¤ë¶¡®É)³o¨Ç IBM ¾÷¾¹¤Wªº BIOS ¦­´Áª©¥»¦³­Ó¯äÂÎ(bug)·|§â
+ FreeBSD ¤À³Î°Ï»~»{¬°¬O FAT ®æ¦¡¤À³Î°Ï¡AµM«á·í BIOS ¸ÕµÛ°»´ú FreeBSD ¤À³Î°Ï®É¡A´N·|·í¤F¡C</para>
<para>®Ú¾Ú IBM ¤è­±ªº»¡ªk<footnote><para>¤@«Ê¨Ó¦Û Keith
Frechette ªº e-mail <email>kfrechet@us.ibm.com</email>¡C</para></footnote>
¡A¥H¤U«¬¸¹/BIOSª©¥»ªº¾÷ºØ¡A¤w¸g³£¦³­×¥¿¡G</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
<thead>
<row>
<entry>«¬¸¹</entry>
<entry>BIOS ª©¥»</entry>
</row>
</thead>
<tbody>
<row>
<entry>T20</entry>
<entry>IYET49WW(§t¤§«á)</entry>
</row>
<row>
<entry>T21</entry>
<entry>KZET22WW(§t¤§«á)</entry>
</row>
<row>
<entry>A20p</entry>
<entry>IVET62WW(§t¤§«á)</entry>
</row>
<row>
<entry>A20m</entry>
<entry>IWET54WW(§t¤§«á)</entry>
</row>
<row>
<entry>A21p</entry>
<entry>KYET27WW(§t¤§«á)</entry>
</row>
<row>
<entry>A21m</entry>
<entry>KXET24WW(§t¤§«á)</entry>
</row>
<row>
<entry>A21e</entry>
<entry>KUET30WW</entry>
</row>
</tbody>
</tgroup>
</informaltable>
- <para>It has been reported that later IBM BIOS revisions may
- have reintroduced the bug. <ulink
- url="http://docs.FreeBSD.org/cgi/mid.cgi?20010427133759.A71732">This
- message</ulink> from Jacques Vidrine to the &a.mobile;
- describes a procedure which may work if your newer IBM
- laptop does not boot FreeBSD properly, and you can upgrade
- or downgrade the BIOS.</para>
+ <para>³o¨Ç«á´Áªº IBM BIOS ­×­qª©¤j¦h¤w¸g­×¥¿¦¹¤@¯äÂΡCJacques Vidrine ¼gµ¹ &a.mobile; ªº
+ <ulink url="http://docs.FreeBSD.org/cgi/mid.cgi?20010427133759.A71732">³o«Ê«H
+ </ulink> ¤W­±»¡©ú¤F­Y§A·sªº IBM µ§°O«¬¹q¸£µLªk¶¶§Q¥H FreeBSD ¶}¾÷ªº¸Ñªk¨BÆJ
+ (°²³]¥i¥H¤É¯Å©Î­°¯Å BIOS ª©¥»ªº¸Ü)¡C
- <para>If you have an earlier BIOS, and upgrading is not an option, a
- workaround is to install FreeBSD, change the partition ID FreeBSD
- uses, and install new boot blocks that can handle the different
- partition ID.</para>
+ <para>¦pªG¾÷¾¹¥Îªº¬O¸û¥j¦­ª©¥»ªº BIOS¡A¦Ó¥B¤£¾A¦X§ó·s BIOS ªº¸Ü¡A¨º»ò¥H¤U§Ú­Ì·|¤¶²Ð¼È®É¸Ñªk¡A
+ ±Ð§A¦p¦ó­×§ï FreeBSD ¤À³Î°Ï©Ò¨Ï¥Îªº ID ¡A¨Ã¦w¸Ë¬ÛÃö­×¸Éµ{¦¡¡C</para>
<para>First, you will need to restore the machine to a state where
it can get through its self-test screen. Doing this requires
powering up the machine without letting it find a FreeBSD
partition on its primary disk. One way is to remove the hard disk
and temporarily move it to an older ThinkPad (such as a ThinkPad
600) or a desktop PC with an appropriate conversion cable. Once
it is there, you can delete the FreeBSD partition and move the hard
disk back. The ThinkPad should now be in a bootable state
again.</para>
<para>With the machine functional again, you can use the workaround
procedure described here to get a working FreeBSD
installation.</para>
<procedure>
<step>
- <para>Download <filename>boot1</filename> and
- <filename>boot2</filename> from <ulink
- url="http://people.FreeBSD.org/~bmah/ThinkPad/"></ulink>.
- Put these files somewhere you will be able to retrieve them
- later.</para>
+ <para>±q <ulink url="http://people.FreeBSD.org/~bmah/ThinkPad/"></ulink>
+ ¨Ó¤U¸ü <filename>boot1</filename> ¤Î <filename>boot2</filename> ³o¨â­ÓÀÉ¡C
+ §â³o¨â­ÓÀɮשñ¦bºÏ¤ù¡B¥úºÐ©Î¨ä¥LµwºÐ¤W¡C</para>
</step>
<step>
- <para>Install FreeBSD as normal on to the ThinkPad.
- <emphasis>Do not</emphasis> use <literal>Dangerously
- Dedicated</literal> mode. <emphasis>Do not</emphasis>
- reboot when the install has finished.</para>
+ <para>¥H¤@¯ë¦w¸Ë FreeBSD ¸Ë¨ì ThinkPad ¤W¡A°O±o
+ <emphasis>¡y¤£­n¥Î¡z</emphasis> <literal>Dangerously
+ Dedicated</literal> ¼Ò¦¡¡C ¦¹¥~¡A<emphasis>¡y¤£­n¡z</emphasis>
+ ¦b§¹¦¨¦w¸Ë¤§«á´N­«¶}¾÷¡C</para>
</step>
<step>
- <para>Either switch to the <quote>Emergency Holographic
- Shell</quote> (<keycombo action="simul"><keycap>ALT</keycap>
- <keycap>F4</keycap></keycombo>) or start a
- <quote>fixit</quote> shell.</para>
+ <para>¶i¤J shell¡G(«ö <keycombo action="simul"><keycap>ALT</keycap><keycap>F4</keycap></keycombo>)
+ ¤Á´«¨ì<quote>Emergency Holographic Shell</quote> ©Î¬O¿ï³æ¤W­±¿ï¾Ü
+ <quote>fixit</quote> shell¡C</para>
</step>
<step>
- <para>Use &man.fdisk.8; to change the FreeBSD partition ID from
- <literal>165</literal> to <literal>166</literal> (this is the
- type used by OpenBSD).</para>
+ <para>¥Î &man.fdisk.8; §â FreeBSD ¤À³Î°Ï ID ¥Ñ <literal>165</literal> §ï¬°
+ <literal>166</literal>(OpenBSD©Ò¨Ï¥ÎªºID)¡C</para>
</step>
<step>
- <para>Bring the <filename>boot1</filename> and
- <filename>boot2</filename> files to the local
- filesystem.</para>
+ <para>§â­è­è´£ªº <filename>boot1</filename> ¸ò
+ <filename>boot2</filename> ³o¨â­ÓÀɮשñ¨ì¥Ø«eªºµwºÐÀɮרt²Î¤W¡C</para>
</step>
<step>
- <para>Use &man.disklabel.8; to write <filename>boot1</filename>
- and <filename>boot2</filename> to your FreeBSD slice.</para>
+ <para>¥H &man.disklabel.8; §â <filename>boot1</filename> ¤Î
+ <filename>boot2</filename> ¦s¨ì§Aªº FreeBSD slice ¤W­±¡C</para>
<screen>&prompt.root; <userinput>disklabel -B -b boot1 -s boot2 ad0s<replaceable>n</replaceable></userinput></screen>
- <para><replaceable>n</replaceable> is the number of the slice
- where you installed FreeBSD.</para>
+ <para><replaceable>¡un¡v</replaceable> ¬O§A¸Ë FreeBSD ªº slice¡A
+ ½Ð±N <replaceable>¡un¡v</replaceable> §ï¬°²Å¦X§A¨t²Î²{ªpªº slice¡C</para>
</step>
<step>
- <para>Reboot. At the boot prompt you will be given the option
- of booting <literal>OpenBSD</literal>. This will actually
- boot FreeBSD.</para>
+ <para>­«¶}¾÷¡A¦b boot prompt ·|¬Ý¨ì¦³ <literal>OpenBSD</literal> ªº¿ï¶µ¡A
+ ¿ï¥¦¡A³o¼Ë´N·|¥H FreeBSD ¶}¾÷¡C</para>
</step>
</procedure>
- <para>Getting this to work in the case where you want to dual boot
- OpenBSD and FreeBSD on the same laptop is left as an exercise for
- the reader.</para>
+ <para>¥t¥~¡A¦Ü©ó¦p¦óÅý OpenBSD ¤Î FreeBSD ¨Ã¦s¦b¦P¤@¥x IBM ThinkPad ¤W...
+ ³o­Ó°ÝÃD´N¥æµ¹¦U¦ì¬Ý­¾­Ì¥h¹Á¸Õ¤F :p</para>
</answer>
</qandaentry>
<qandaentry>
<question id="install-bad-blocks">
<para>¦³Ãa­yªºµwºÐ¥i¥H®³¨Ó¸Ë FreeBSD ¹À¡H</para>
</question>
<answer>
- <para>(¦pªG«Ü°í«ùªº¸Ü)¤]¬O¥i¥H¡A¤£¹L³o·QªkÅãµM¤£¤Ó¦n¡C:(</para>
+ <para>(¦pªG«Ü°í«ùªº¸Ü)¤]¬O¥i¥H¡A¤£¹L³o·QªkÅãµM¤£¤Ó©ú´¼¡C:(</para>
<para>¦pªG¦b¤@¯ë¸û·sªº IDE µwºÐ¤W¬Ý¨ì¦³Ãa­y¡A«Ü¦³¥i¯à¥Nªí¡G³oÁûµwºÐ§Y±N±¾ÂI¤F¡C
(¦]¬°¥Ø«e©Ò¦³¸û·sªº IDE µwºÐ¡A¤º³¡³£¦³¦Û°Ê remapping Ãa­yªº¯à¤O¡C
¦pªG¬Ý¨ì¦³Ãa­y¡A«hªí¥Ü¥¦¤º³¡¦Û°Ê remapping ¥\¯à¥¢®Ä¡AµLªk³B²zÃa­y¡A
¤]´N¬O»¡³oÁûµwºÐ¤w¸g¬OÄY­«·lÃaµ{«×¤F¡C)§Ú­Ì«Øij¶RÁû·sµwºÐ¤ñ¸û°®¯Ü¨Ç­ò¡C</para>
<para>¦pªG¬O SCSI µwºÐ¦³Ãa­yªº¸Ü¡A½Ð¸ÕµÛ°Ñ¦Ò³o­Ó
<link linkend="awre">¸Ñªk</link>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="boot-floppy-strangeness">
<para>¥Î¦w¸ËºÏ¤ù¶}¾÷®É¡A«o¦³¨Ç©Ç²{¶Hµo¥Í¡I³o¬O¤°»ò±¡ªp©O¡H</para>
</question>
<answer>
<para>­Y¬Ý¨ì¤@¨Ç©Ç²§²{¶H¡A¹³¬O¶}¾÷¤ù¶}¾÷¶}¨ì¤@¥b´N·í¤F¡AºÏºÐ¾÷§¹¥þ¨S¥ô¦ó°Ê§@¡B
©Î¬O¤£Â_¤ÏÂЭ«¶}¾÷¡A½Ð¥ýÀˬd¥H¤U´X­Ó½u¯Á¡G</para>
<orderedlist>
<listitem>
<para>½Ð½T©w¬O§_¬°¥þ·s¡B¨S¦³ºÏ­y¿ù»~ªººÏ¤ù¡H
- (³Ì¦n¨Ï¥Î·s¶Rªº¡A¦Ó«DÂø»x¡B®Ñ¥»ªþÃتº¡A¬Æ¦ÜÁÙÂæb§É©³¤U¤T¦~¤F...)</para>
+ (³Ì¦n¨Ï¥Î·s¶Rªº¡A¦Ó«DÂø»x¡B®Ñ¥»ªþÃتº¡A¬Æ¦ÜÁÙ©ñ¦b§É©³¤U¤T¦~¤F...=_="")</para>
</listitem>
<listitem>
<para>½Ð½T©w¬O§_¦³¥Î binary(©Îimage)¶Ç¿é¼Ò¦¡¨Ó¤U¸ü image ÀÉ¡H
(¤£¥Îı±o¤£¦n·N«ä¡A§Y¨Ï¬O§Ú­Ì¤]´¿·N¥~¥H ASCII ¶Ç¿é¼Ò¦¡¨Ó¤U¸ü binary ÀɮסI)</para>
</listitem>
<listitem>
<para>­Y§A¬O &windows; 95/98/ME/NT/2000/XP/2003 ¨Ó¤U¸ü¡B»s§@¶}¾÷ºÏ¤ùªº¸Ü¡A
½Ð½T©w¬O§_¦³¦b DOS ¼Ò¦¡¨Ï¥Î <command>fdimage</command> ©Î
<command>rawrite</command> ³o¨â­Ó¤u¨ãµ{¦¡¡H­èÁ¿ªº³o¨Ç§@·~¨t²Î¡A
³£·|¼vÅTµ{¦¡¥hª½±µ¼g¤JµwÅé¡A¹³¬O»s§@¶}¾÷¤ù¤§Ãþªº°Ê§@¡C
¦³®É­Ô¡A¦b GUI ¤¶­±¤Wªº DOS shell ¤]¥i¯à·|µo¥Í³o¼Ëªº°ÝÃD¡C
</para>
</listitem>
</orderedlist>
<para>¦¹¥~¡Aª½±µ³z¹L &netscape; ÂsÄý¾¹¤U¸ü image Àɪº¸Ü¡A¤]¦³Ãþ¦ü²{¶H¡C
©Ò¥H¡A¦pªG¥i¥Hªº¸Ü¡A½Ð§ï¥Î¨ä¥L¥i¥H½Õ¾ã³]©wªº FTP clientºÝµ{¦¡¨Ó¶i¦æ¤U¸ü¡C
(·íµM¡A­n°O±o½Õ binary ¶Ç¿é¼Ò¦¡)</para>
</answer>
</qandaentry>
<qandaentry>
<question id="no-install-cdrom">
<para>¥Î¥úºÐ¶}¾÷¤ù¨Ó¦w¸Ë¡A¦ý¥úºÐ¶}¾÷«á¡A¦w¸Ëµ{¦¡»¡§ä¤£¨ì¥úºÐ...³o¬O«ç»ò¤F¡H</para>
</question>
<answer>
<para>³q±`°ÝÃD¦b©ó¥úºÐ¾÷³]©w¿ù»~¡C¥Ø«e«Ü¦h¹q¸£ªº¥X¼t¼Ð·Ç°t³Æ³£¦³¥úºÐ¾÷¡A¨Ã¥B
·|¹w¥ý³]©w¬° IDE ³q¹D¤W­± Secondary ªº Slave ³]³Æ¡A¦Ó Secondary ¤W­±ªº
«o¨S¦³ Master ³]³Æ¡C¥H ATAPI ªº³W®æ¦Ó¨¥¡A³o¬O¿ù»~ªº³]©w¡AµM¦Ó &windows; ªº§@ªk
¬O¤£²z·|³o¨Ç³W®æ¤Wªº³]©w°ÝÃD¡A¦Ó¥B¶}¾÷®É BIOS °»´ú¤]·|²¤¹L³oÂI¡C
³o¤]´N¬O¬°¤°»ò BIOS ¥i¥H¬Ý¨ì¥úºÐ¡A¨Ã¥B¥i¥Î¥úºÐ¶}¾÷¡A¦ý FreeBSD
µLªk¥¿±`§ì¨ì¥úºÐ¥H¶¶§Q¶i¦æ¦w¸Ë¡C</para>
<para>¸Ñªk¡G­«·s³]©w¨t²Î¡AÅý¥úºÐ¦¨¬°¥¦©Ò³s±µ¨º±ø IDE ³q¹Dªº Master¡A
©ÎªÌ¥u¦³¤@±ø IDE ³q¹Dªº¸Ü¡A¨º´NÅý¥úºÐ¾÷¦¨¬° Slave
¡A·íµM¸Ó IDE ³q¹D¤W¦Ü¤Ö­n¦³ Master ³]³Æ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="install-PLIP">
<para>§Ú¥i¥H¥Î PLIP(Parallel Line IP)¤è¦¡¨Ó¦w¸Ë FreeBSD ¨ìµ§°O«¬¹q¸£¤W¶Ü¡H</para>
</question>
<answer>
- <para>¥i¥H¡A¥Î¤@±ø´¶³qªº Laplink ½u´N¥i¥HÅo¡C­Y¦³³o¤è­±»Ý¨Dªº¸Ü¡A½Ð°Ñ¾\? FreeBSD ¨Ï¥Î¤â¥U?¤¤ªº
+ <para>¥i¥H¡A¥Î¤@±ø´¶³qªº Laplink ½u´N¥i¥HÅo¡C­Y¦³³o¤è­±»Ý¨Dªº¸Ü¡A½Ð°Ñ¾\ FreeBSD ¨Ï¥Î¤â¥U¤¤ªº
<ulink url="&url.books.handbook;/network-plip.html">PLIP
³¹¸`</ulink> ªº²Ó³¡³]©w</para>
</answer>
</qandaentry>
<qandaentry>
<question id="geometry">
- <para>Which geometry should I use for a disk drive?</para>
+ <para>¸Ó¥Î­þ¤@ºØµwºÐ³]©w°Ñ¼Æ(geometry)©O¡H</para>
</question>
<answer>
<note>
- <para>By the <quote>geometry</quote> of a disk, we mean
- the number of cylinders, heads and sectors/track on a
- disk. We will refer to this as C/H/S for
- convenience. This is how the PC's BIOS works out which
- area on a disk to read/write from.</para>
+ <para>³o¸Ìªº¡yµwºÐ³]©w°Ñ¼Æ(geometry)¡z¡A«üªº¬OµwºÐ¤Wªº
+ ¡ucylinders¡v¡B¡uheads¡v¡B¡usectors/track¡v ³o¤T­Ó³]©w°Ñ¼Æ¡C
+ ±µ¤U¨Óªº¤å³¹¤º¡A¬°¤F¤è«K¤¶²Ð¡A±N²ºÙ¬°¡yC/H/S¡z¡C
+ ³o¨Ç³]©w°Ñ¼Æ¬OÅý PC ¤Wªº BIOS ¯à¶¶§Q¦a¥¿±`§P§OµwºÐ¡A
+ »PµwºÐ¥»¨­Åª¼gªº­«­n¦]¯À¡C</para>
</note>
- <para>This causes a lot of confusion among new system
- administrators. First of all, the
- <emphasis>physical</emphasis> geometry of a SCSI drive is
- totally irrelevant, as FreeBSD works in term of disk
- blocks. In fact, there is no such thing as
- <quote>the</quote> physical geometry, as the sector
- density varies across the disk. What manufacturers claim
- is the <quote>physical geometry</quote> is usually the
- geometry that they have determined wastes the least
- space. For IDE disks, FreeBSD does work in terms of C/H/S,
- but all modern drives internally convert this into block
- references.</para>
-
- <para>All that matters is the <emphasis>logical</emphasis>
- geometry. This is the answer that the BIOS gets when it
- asks the drive <quote>what is your geometry?</quote> It
- then uses this geometry to access the disk. As FreeBSD
- uses the BIOS when booting, it is very important to get
- this right. In particular, if you have more than one
- operating system on a disk, they must all agree on the
- geometry. Otherwise you will have serious problems
- booting!</para>
-
- <para>For SCSI disks, the geometry to use depends on whether
- extended translation support is turned on in your
- controller (this is often referred to as <quote>support for
- DOS disks &gt;1GB</quote> or something similar). If it is
- turned off, then use <replaceable>N</replaceable>
- cylinders, 64 heads and 32 sectors/track, where
- <replaceable>N</replaceable> is the capacity of the disk in
- MB. For example, a 2GB disk should pretend to have 2048
- cylinders, 64 heads and 32 sectors/track.</para>
-
- <para>If it <emphasis>is</emphasis> turned on (it is often
- supplied this way to get around certain limitations in
- &ms-dos;) and the disk capacity is more than 1GB, use M
- cylinders, 63 sectors per track (<emphasis>not</emphasis>
- 64), and 255 heads, where <literal>M</literal> is the disk capacity in MB
- divided by 7.844238 (!). So our example 2GB drive would
- have 261 cylinders, 63 sectors per track and 255
- heads.</para>
-
- <para>If you are not sure about this, or FreeBSD fails to
- detect the geometry correctly during installation, the
- simplest way around this is usually to create a small DOS
- partition on the disk. The BIOS should then detect the
- correct geometry, and you can always remove the DOS
- partition in the partition editor if you do not want to
- keep it. You might want to leave it around for
- programming network cards and the like, however.</para>
-
- <para>Alternatively, there is a freely available utility
- distributed with FreeBSD called
- <filename>pfdisk.exe</filename>. You can find it in the
- <filename>tools</filename> subdirectory on the FreeBSD
- CDROM or on the various FreeBSD FTP sites. This program
- can be used to work out what geometry the other operating
- systems on the disk are using. You can then enter this
- geometry in the partition editor.</para>
+ <para>¹ï­è±µ¤âªº¨t²ÎºÞ²zªÌ·s¤â¦Ó¨¥¡A³o¨Ç³]©w°Ñ¼Æ±`³y¦¨¤@¨Ç§xÂZ¡C
+ ­º¥ý¡ASCSI µwºÐ¤Wªº <emphasis>physical</emphasis> geometry
+ ¸ò FreeBSD ¤Wªº disk blocks ¬O§¹¥þµLÃöªº¡C¨Æ¹ê¤W¡A
+ ´NµwºÐ¤WºÏ°Ï±K«×ªºÅܤƦӨ¥¡A¨Ã¨S¦³©Ò¿×¡yphysical geometry¡z³oºØªF¦è¡C
+ µwºÐ»s³y°Ó©Ò»¡ªº¡yphysical geometry¡z³q±`¬O«ü¡G
+ µwºÐ¤W©Ò¨Ï¥Î³Ì¤pªÅ¶¡¨Ó¦s©ñ¸ê®Æªº³]©w°Ñ¼Æ(geometry)¡C
+ ¥H IDE µwºÐ¦Ó¨¥¡AFreeBSD ¥Î¥H¦s¨úµwºÐ³]©wªº¤è¦¡¬O C/H/S ¡A
+ µM¦Ó¡A¥Ø«e¥«­±¤WªºµwºÐ¦­´N¦b¤º³¡¹B§@®É¡A´N¦Û°ÊÂà´«¬° block ¤è¦¡
+ ¤F¡C</para>
+
+ <para>¯u¥¿ÃöÁ䪺¦a¤è¡A¨ä¹ê¬O¦b©ó ¡y<emphasis>logical</emphasis>
+ geometry¡z¡X ³o¬O BIOS °»´úµwºÐ®É©Ò±o¨ìªº³]©w¡A¨Ã¥B¥Î¨Ó¨M©wµwºÐ¦s¨ú¤è¦¡¡C
+ ¥Ñ©ó FreeBSD ¬O±Ä¥Î BIOS ªº°»´ú³]©w­È¡A©Ò¥H¦p¦ó¨ÓÅý BIOS °»´ú¨ìªº³]©w­È«O«ù¥¿½T¡A
+ ¬O¤Q¤À­«­n¡C¤×¨ä¬O¦P¤@ÁûµwºÐ¤W¦³¦h­Ó§@·~¨t²Îªº±¡ªp¡A
+ ¥¦­Ì³£¥²¶·±Ä¥Î¤@­PªºµwºÐ³]©w°Ñ¼Æ(geometry)¡A
+ §_«h´N·|¦³¶}¾÷¶i¤£¥h§@·~¨t²ÎªºÄY­«°ÝÃD¤F¡C</para>
+
+ <para>¥H SCSI µwºÐ¦Ó¨¥¡AµwºÐ³]©w°Ñ¼Æ(geometry)¬O¥Ñ SCSI ¥d¤Wªº
+ extended translation(³q±`«üªº¬O¦³¼Ð¥Ü <quote>support &gt;1GB</quote>(¤ä´© 1GB ¥H¤W®e¶q¡A©ÎÃþ¦ü¦Wµü)
+ ¤ä´©»P§_¨Ó§@¨M©w¡C
+ ¦pªG¤£¤ä´©¡A¨º»ò´N·|±Ä¥Î <replaceable>N</replaceable> cylinders¡B
+ 64 heads¡B 32 sectors/track §@¬°µwºÐ³]©w°Ñ¼Æ(geometry)¡A³o¸ÌÁ¿ªº¡y<replaceable>N</replaceable>¡z
+ ¬O«üµwºÐªº®e¶q(³æ¦ì¡GMB)¡CÁ|­Ó¨Ò¤l¨Ó»¡¡A¤@Áû 2GB µwºÐÀ³¸Ó¬O
+ 2048 cylinders¡B64 heads¡B32 sectors/track¡C</para>
+
+ <para>¦pªG¸Ó SCSI ¦³¤ä´©¨Ï¥Î extended translation ªº¸Ü¡A
+ (³q±`³o­Ó¤è¦¡¦b &ms-dos; ¨Ï¥Î¤W¦³¬Y¨Ç­­¨î)¡A¨Ã¥BµwºÐ®e¶q¤j©ó 1GB¡A
+ ¨º»òµwºÐ³]©w°Ñ¼Æ(geometry)´N·|¨Ï¥Î¹³¬O¡G
+ M cylinders¡B255 heads¡B¨CºÏ­y 63 sectors(½Ðª`·N¡G¤£¬O¡y64¡z®@)¡A
+ ³o¸ÌÁ¿ªº¡y<literal>M</literal>¡z¬O«üµwºÐªº®e¶q(³æ¦ì¡GMB)¦A°£¥H
+ 7.844238 ©Ò±o¥Xªº¼Æ­È³á¡I©Ò¥H¡A³o­Ó¨Ò¤lªº¸Ü¡A¦P¼Ë¬O 2GB µwºÐÀ³¸Ó¬O
+ 261 cylinders¡B255 heads¡B¨CºÏ­y 63 sectors¡C</para>
+
+ <para>­Y¹ï¤W­±Á¿ªº¤£ÁA¸Ñ¡A©Î¬O FreeBSD ¦b¦w¸Ë®É©Ò°»´ú¨ìªºµwºÐ³]©w°Ñ¼Æ(geometry)
+ ¦³°ÝÃDªº¸Ü¡A³Ì²³æªº¸Ñªk³q±`¬O¦bµwºÐ¤W«Ø¥ß¤@¶ô¤p¤pªº DOS ¤À³Î°Ï(partition)¡C
+ ³o¼Ë¤@¨Ó¡A´N¥i¥H°»´ú¨ì¥¿½TªºµwºÐ³]©w°Ñ¼Æ¤F¡A¦Ó¥B¡A
+ ¦pªG¤£·QÄ~Äò¯dµÛ¨º¤p¶ô DOS ¤À³Î°Ïªº¸Ü¡A¥i¥HÀH®É¥Î partition editor
+ ¨Ó®³±¼¥¦¡C©ÎªÌ§â¥¦¯dµÛ·í§@ºô¸ô¥dÅX°Êµ{¦¡¨Ï¥Î¡A©ÎÀH§A°ª¿³«ç»ò¥Î¥¦¡C</para>
+
+ <para>¦¹¥~©O¡A¦³­Ó§K¶O¦n¥Îªº¤u¨ãµ{¦¡¥s°µ¡y<filename>pfdisk.exe</filename>¡z¡A
+ ³o­Óµ{¦¡©ñ¦b¦U FreeBSD FTP ¯¸©Î¥úºÐªº <filename>tools</filename> ¥Ø¿ý¤U¡A
+ ¥¦¥i¥H¥Î¨Ó§ä¥XµwºÐ¤W¨ä¥L§@·~¨t²Î©Ò¨Ï¥ÎªºµwºÐ³]©w°Ñ¼Æ¡A
+ µM«á´N¥i¥H¦b partition editor ¤º¿é¤J­è­è§ä¨ìªº¨º¨Ç³]©w°Ñ¼Æ´N¥i¥H¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="disk-divide-restrictions">
- <para>Are there any restrictions on how I divide the disk up?</para>
+ <para>¤À³ÎºÏºÐ¾÷®É¦³¥ô¦ó­­¨î¶Ü¡S</para>
</question>
<answer>
- <para>Yes. You must make sure that your root partition is below 1024
- cylinders so the BIOS can boot the kernel from it. (Note that
- this is a limitation in the PC's BIOS, not FreeBSD).</para>
+ <para>¦³¡A§A¥²¶·½T»{§Aªº root ¤À³Î°Ï¬O¦b 1024 cylinders ¤§¤º¡AÅý
+ BIOS ¥i¥H±q¨ä¤¤±Ò°Ê®Ö¤ß¡C(ª`·N¡G³o¬O PC ªº BIOS ¥\¯à­­¨î¡A¦Ó¤£
+ ¬O FreeBSD ªº)</para>
- <para>For a SCSI drive, this will normally imply that the root
- partition will be in the first 1024MB (or in the first 4096MB
- if extended translation is turned on - see previous question).
- For IDE, the corresponding figure is 504MB.</para>
+ <para>¥H SCSI µwºÐ¦Ó¨¥¡A³q±`¬O§â <literal>root</literal> (<filename>/</filename>)
+ ¤À³Î°Ï©ñ¨ìµwºÐ³Ì«e­±ªº 1024MB (¦pªG¦³¤ä´© extended translation ªº¸Ü¡A
+ ¨º»ò¬O³Ì«e­±ªº 4096MB ¡X ³oÂI½Ð°Ñ¦Ò¤W¤@¤p¸`)¡C¦Ó IDE µwºÐªº¸Ü¡A¬Û¹ïÀ³ªº«h¬O 504MB¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="disk-manager">
- <para>Is FreeBSD compatible with any disk managers?</para>
+ <para>¥i¥H¨Ï¥Î­þ¨ÇºÏºÐºÞ²zµ{¦¡(disk managers)©O¡H</para>
</question>
<answer>
- <para>FreeBSD recognizes the Ontrack Disk Manager and makes
- allowances for it. Other disk managers are not supported.</para>
+ <para>FreeBSD ¥i¥H¥Î Ontrack Disk Manager ¨Ã¥B¹B§@¥¿±`¡A
+ ¦Ü©ó¨ä¥Lªº disk manager «h¤£¦b¥¿¦¡¤ä´©¤§¦C¡C</para>
- <para>If you just want to use the disk with FreeBSD you do not
- need a disk manager. Just configure the disk for as much space
- as the BIOS can deal with (usually 504 megabytes), and FreeBSD
- should figure out how much space you really have. If you are
- using an old disk with an MFM controller, you may need to
- explicitly tell FreeBSD how many cylinders to use.</para>
+ <para>­Y¾ãÁûµwºÐ¥u¸Ë FreeBSD ¡A¨º»ò´N¤£¥Î¦A¸Ë disk manager ¤F¡C
+ ¥u­n§âµwºÐ³]©w¬° BIOS ©Ò¯à§ì¨ìªº³Ì¤jªÅ¶¡¡A¨º»ò FreeBSD ´N¥iºâ¥X¹ê»Ú¤W¥i¨Ï¥ÎªºªÅ¶¡¤F¡C
+ ¦pªG¡A¥¿¦b¨Ï¥Îªº¬O¥j¦­ MFM ±±¨î¥dªºÂ¦¡µwºÐ¡A
+ ¨º»ò´N»Ý­n¦b FreeBSD¤º§@ cylinders ¬ÛÃö³]©w¤F¡C</para>
- <para>If you want to use the disk with FreeBSD and another
- operating system, you may be able to do without a disk manager:
- just make sure the FreeBSD boot partition and the slice for
- the other operating system are in the first 1024 cylinders. If
- you are reasonably careful, a 20 megabyte boot partition should
- be plenty.</para>
+ <para>¦pªG·Q¦bºÏºÐ¤W¨Ï¥Î FreeBSD ©M¥t¥~ªº§@·~¨t²Î¡A¤]¥i¥H¤£¸Ë disk manager¡A
+ ¥u­n½T©w FreeBSD ªº±Ò°Ê¤À³Î°Ï¸ò¨ä¥L§@·~¨t²Îªº slice ³£¦ì©ó¶}©lªº 1024 cylinders
+ ¤º´N¥i¥H¤F¡C¦pªG§A¬Û·í¦a°ª©úªº¸Ü¡A¤@­Ó 20MB ªº±Ò°Ê¤À³Î°ÏÀ³¸Ó´N°÷¥Î¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="missing-os">
- <para>When I boot FreeBSD for the first time after install I get <errorname>Missing Operating
- System</errorname>. What is happening?</para>
+ <para>FreeBSD ¦w¸Ë§¹²¦«á­«¶}¾÷¡A¦ý¬O¹q¸£«o»¡ <errorname>Missing Operating
+ System</errorname>³o¬O«ç»ò¤F¡H</para>
</question>
<answer>
- <para>This is classically a case of FreeBSD and DOS or some other
- OS conflicting over their ideas of disk <link
- linkend="geometry">geometry</link>. You will have to reinstall
- FreeBSD, but obeying the instructions given above will almost
- always get you going.</para>
+ <para>³q±`­ì¦]¥X¦b FreeBSD ¤Î DOS ©Î¨ä¥L§@·~¨t²Î¦bµwºÐªº <link
+ linkend="geometry">³]©w°Ñ¼Æ(geometry)</link>¤Wªº³W¹º¦³¬Û½Ä¡C¸Ñªk¬O­«¸Ë¡A¦ý¬O½Ð·Ó
+ ¤W­zªº¬ÛÃö³¹¸`¨BÆJ¨Ó°µ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="stop-at-boot-manager">
- <para>Why can I not get past the boot manager's <prompt>F?</prompt>
- prompt?</para>
+ <para>¬°¤°»ò¾÷¾¹¤W¦h­«¶}¾÷ºÞ²z­û(boot manager)¥X²{¤F <prompt>F?</prompt> ³o­Ó¿ï³æµe­±¡A
+ ¦ý«o¤£·|¦Û°Ê¸õ¹L¦ÓÄ~Äò¶}¾÷©O¡H</para>
</question>
<answer>
- <para>This is another symptom of the problem described in the
- preceding question. Your BIOS geometry and FreeBSD geometry
- settings do not agree! If your controller or BIOS supports
- cylinder translation (often marked as <quote>&gt;1GB drive
- support</quote>), try toggling its setting and reinstalling
- FreeBSD.</para>
+ <para>³o­Ó¯gª¬¬O¥»¤å¤W­±©Ò´£ªº¥t¥~¤@­Ó°ÝÃD¤F¡A­ì¦]¦b©ó BIOS ¤W¸ò FreeBSD
+ ¤W­±¨âÃ䪺µwºÐªº <link linkend="geometry">³]©w°Ñ¼Æ(geometry)</link> ¨Ã¤£¤@­P¡C
+ ­Y§AµwºÐ©Î BIOS ¤ä´© cylinder translation
+ (³q±`·|³Q¼Ð¬° <quote>support &gt;1GB(¤ä´© 1 GB¥H¤W®e¶q)</quote>ªº¸Ü¡A
+ ¸Õ¸Õ¬Ý§ó§ï¬ÛÃö³]©w¡A¨Ã­«¸Ë FreeBSD¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="need-complete-sources">
- <para>Do I need to install the complete sources?</para>
+ <para>¦w¸Ë FreeBSD ®É¡A»Ý­n¦w¸Ë§¹¾ãªº sources ¶Ü¡H</para>
</question>
<answer>
- <para>In general, no. However, we would strongly recommend that
- you install, at a minimum, the <literal>base</literal> source
- kit, which includes several of the files mentioned here, and
- the <literal>sys</literal> (kernel) source kit, which includes
- sources for the kernel. There is nothing in the system which
- requires the presence of the sources to operate, however,
- except for the kernel-configuration program &man.config.8;.
- With the exception of the kernel sources, our build structure
- is set up so that you can read-only mount the sources from
- elsewhere via NFS and still be able to make new binaries
- (due to the kernel-source restriction, we recommend that
- you not mount this on <filename>/usr/src</filename> directly,
- but rather in some other location with appropriate symbolic
- links to duplicate the top-level structure of the source
- tree).</para>
+ <para>¤@¯ë¨Ó»¡¡A³o¬O¥Î¤£µÛªº¡CµM¦Ó¡A§Ú­Ì±j¯P«Øij±zªº source ¦Ü¤Ö­n¸Ë
+ <literal>base</literal>(¥]§t¤F¥»¤å¤¤©Ò´£ªº¤@¨ÇÀÉ®×)¡B¥H¤Î
+ <literal>sys</literal> (kernel ªº source ÀÉ)¡C
+ ÁöµM¡A§@·~¨t²Î¥»¨­¹B¬O¤£»Ý­n¸Ë source ÀÉ¡A¦ý¬O &man.config.8; ³o­Ó kernel³]©wµ{¦¡«h»Ý­n src ¡C
+ ­Y¨S¸Ë kernel ªº source ÀÉ¡A¤´µM¥i¥H¥Î¨ä¥L¦a¤è³z¹L NFS ±¾¸üªº°ßŪÀɮרt²Î¡A
+ ¨Ó½sĶµ{¦¡¡C
+ ¦ý¥Ñ©ó kernel-source ¥»¨­ªº­­¨î¡A§Ú­Ì«Øij¤£­nª½±µ mount ¦b <filename>/usr/src</filename>¡A
+ ³Ì¦n¬O¥Î symbolic link(°Ñ¾\ &man.ln.1;) ±N±¾¸üªº¸ô®|¡A³]©w³sµ²¨ì<filename>/usr/src</filename>
+ ¥Ø¿ý¡C</para>
- <para>Having the sources on-line and knowing how to build a
- system with them will make it much easier for you to upgrade
- to future releases of FreeBSD.</para>
+ <para>¦b¾÷¾¹¤Wª½±µ¸Ë¦³ source ¨Ã¥BÁA¸Ñ¬ÛÃö½sĶ¹Lµ{¡A³o¼Ë¤l¤é«á¤É¯Å
+ FreeBSD ·|¨Ó±o¤è«K¦h¡C</para>
- <para>To actually select a subset of the sources, use the Custom
- menu item when you are in the Distributions menu of the
- system installation tool.</para>
+ <para>­Y§Ñ¤F¸Ë¬ÛÃö source ªº¸Ü¡A¥i¥H¨Æ«á¥Î <command>sysinstalll</command>
+ (&os; 6.X ¤§«e¬° <command>/stand/sysinstall</command>) ¨Ó¸É¸Ë¡A¿ï³æ¡GConfigure ¡÷ Distributions ¡÷ src¡C
+ </para>
</answer>
</qandaentry>
<qandaentry>
<question id="need-kernel">
- <para>Do I need to build a kernel?</para>
+ <para>»Ý­n­«·s build kernel ¶Ü¡H</para>
</question>
<answer>
- <para>Building a new kernel was originally pretty much a required
- step in a FreeBSD installation, but more recent releases have
- benefited from the introduction of much friendlier kernel
- configuration methods. In 4.X and earlier, when at the FreeBSD boot prompt (boot:),
- use the <option>-c</option> flag and you will be dropped into a
- visual configuration screen which allows you to configure the
- kernel's settings for most common ISA cards. In &os; 5.X and later
- this has been replaced by much more flexible "hints" which
- can be set from the loader prompt.</para>
+ <para>¦b«Ü¤[«Ü¤[¥H«e¡A­ì¥»­«·s build kernel ¦b FreeBSD ¦w¸Ë¹Lµ{¤¤¡A
+ ¬Oµ´¹ï¥²»Ýªº¨BÆJ¤§¤@¡C¦ý¥Ø«e¦­´N¤£¥Î³o»ò³Â·Ð¤F¡A
+ ¥Ø«e¥D­n±`¨£ªºª©¥»³£¨Ï¥Î§ó¤Íµ½ªº kernel ³]©w«ü¥O¡C
+ &os; 4.X(§t¤§«eª©¥»)¡A¦b FreeBSD ±Ò°Ê´£¥Ü¸¹(boot:)®É¡A¨Ï¥Î <option>"-c"</option> flag
+ ´N·|¶i¤J³]©wµe­±¡A¨Ó¹ï kernel §@±`¨£ªº ISA ¥d²Ó¸`³]©w¡C
+ ¦Ó &os; 5.X(§t¤§«áª©¥»)ªº¸Ü¡A«h¬O¥H§ó¨ã¼u©Êªº "hints" ³]©w¤è¦¡¡C</para>
- <para>It may still be worthwhile building a new
- kernel containing just the drivers that you need, just to save a
- bit of RAM, but it is no longer necessary for most
- systems.</para>
+ <para>¦pªG·Q§ó¸`¬Ù RAM ªº¨Ï¥Î¡BÁYµu¶}¾÷¬yµ{¡A¨º»ò«Øij¡G·sªº kernel ³]©wÀÉ¥u­n¥]§t§A»Ý­nªºÅX°Êµ{¦¡¡A
+ µM«á­«·s½sĶ¡B¦w¸Ë kernel ¨Ã­«¶}¾÷¡CµM¦Ó©O¡A³oÂI¹ï¤j¦h¼Æªº¨t²Î¨Ó»¡¡A
+ ³o¤£¤@©w¬O¥²­nªº¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="password-encryption">
- <para>Should I use DES, Blowfish, or MD5 passwords and how
- do I specify which form my users receive?</para>
+ <para>±K½X½s½X¸Ó±Ä¥Î DES¡BBlowfish ©Î MD5 ªº­þ¤@ºØ¡H¸Ó«ç»ò³]©w©O¡H</para>
</question>
<answer>
- <para>The default password format on FreeBSD is to use
- <emphasis>MD5</emphasis>-based passwords. These are
- believed to be more secure than the traditional &unix;
- password format, which used a scheme based on the
- <emphasis>DES</emphasis> algorithm. DES passwords are
- still available if you need to share your password file
- with legacy operating systems which still use the less
- secure password format (they are available if you choose
- to install the <quote>crypto</quote> distribution in
- sysinstall, or by installing the crypto sources if
- building from source). Installing the crypto libraries
- will also allow you to use the Blowfish password format,
- which is more secure. Which password format to use for
- new passwords is controlled by the
- <quote>passwd_format</quote> login capability in
- <filename>/etc/login.conf</filename>, which takes values
- of <quote>des</quote>, <quote>blf</quote> (if these are
- available) or <quote>md5</quote>. See the
- &man.login.conf.5; manual page for more information about
- login capabilities.</para>
+ <para>FreeBSD ¹w³]ªº±K½X½s½X¤è¦¡¬O±Ä <emphasis>MD5</emphasis>¡C
+ ´N±K½X½s½X¤è¦¡¦Ó¨¥¡AMD5 ¤è¦¡¤@¯ë³Qµø¬°¤ñ¶Ç²Î &unix; ªº <emphasis>DES</emphasis> ¤è¦¡¸û¬°¦w¥þ¡C
+ µM¦Ó¡A­Y¦³»Ý­n¦b¨Ï¥ÎÂÂÀô¹Ò(¸û¤£¦w¥þªº±K½X½s½X¤è¦¡ªº)¡ADES ±K½X½s½X¤è¦¡¤@¼Ë¥i¥H¨Ï¥Î¡C
+ (­Y¨Ï¥Î sysinstall ®É¦³¿ï¾Ü <quote>crypto</quote> ®M¥ó¡A©Î¬O±q source ¤º½sĶ¦w¸Ë)
+ ¦³¸Ë crypto ªº¸Ü¡Acrypto libraries ¤]¤ä´©§ó¦w¥þªº Blowfish ½s½X¤è¦¡¡C</para>
+
+ <para>±K½X½s½Xªº¤è¦¡¬O¥Ñ <filename>/etc/login.conf</filename> ¤ºªº
+ <quote>passwd_format</quote> Äæ¦ì¨Ó¨M©wªº¡C¸ÓÄæ³]©w­È¡A(­Y¦³¸Ë crypto ªº¸Ü)¥i¥H¬O
+ <quote>des</quote> ©Î <quote>blf</quote> ©Î¬O­ì¥»ªº <quote>md5</quote>¡C
+ ¸Ô±¡½Ð°Ñ¾\ &man.login.conf.5; »¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="boot-floppy-hangs">
- <para>Why does the boot floppy start, but hang at the
- <literal>Probing Devices...</literal> screen?</para>
+ <para>¬°¤°»ò¶}¾÷ºÏ¤ù¶}¨ì¤@¥b¡A´N¥X²{
+ <literal>Probing Devices...</literal> ªºµe­±°T®§¡AµM«á´N°±¦í¤F¡H</para>
</question>
<answer>
- <para>If you have a IDE &iomegazip; or &jaz; drive installed, remove it
- and try again. The boot floppy can get confused by the drives.
- After the system is installed you can reconnect the drive.
- Hopefully this will be fixed in a later release.</para>
+ <para>­Y¾÷¾¹¤W¦³¸Ë IDE ¤¶­±ªº Iomega &iomegazip; ©Î¬O &jaz; ªº¸Ü¡A
+ ¦]¬°³o¨Ç³]³Æ¥i¯à¸ò¶}¾÷¤ù¦³¬Û½Ä¡A½Ð¥ý®³±¼³o¨Ç³]³Æ¦A­«¸Õ¡C
+ ·í¾ã­Ó§@·~¨t²Î¸Ë¦n«á¡A´N¥i¥H§â³o¨Ç³]³Æ±µ¦^¥h¨Ï¥Î¤F¡C
+ §Æ±æ³oÂI¦b¤é«á release ªº FreeBSD ¥i¥HÀò±o¹ý©³¸Ñ¨M¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="panic-on-install-reboot">
- <para>Why do I get a <errorname>panic: can't mount root</errorname>
- error when rebooting the system after installation?</para>
+ <para>¨t²Î¸Ë§¹¨Ã­«¶}¾÷«á¡A¬°¤°»ò«o¥X²{ <errorname>panic: can't mount root</errorname>¡H</para>
</question>
<answer>
- <para>This error comes from confusion between the boot
- block's and the kernel's understanding of the disk
- devices. The error usually manifests on two-disk IDE
- systems, with the hard disks arranged as the master or
- single device on separate IDE controllers, with FreeBSD
- installed on the secondary IDE controller. The boot blocks
- think the system is installed on ad0 (the second BIOS
- disk) while the kernel assigns the first disk on the
- secondary controller device, ad2. After the device
- probing, the kernel tries to mount what the boot blocks
- think is the boot disk, ad0, while it is really ad2, and
- fails.</para>
+ <para>³o­Ó¿ù»~¬O¦]¬°±Ò°ÊºÏ°Ï¸ò kernel ¨âªÌ¹ïºÏºÐ¸Ë¸mªº»{ª¾¤£¬Û¦P¡C
+ ³q±`³o°ÝÃD·|µo¥Í¦b¦³¨âÁû IDE µwºÐªº¨t²Î¡A¤ñ¦p¡GµwºÐ Jumper ³]©w¬° Master¡B
+ ©Î¬O¨â±ø IDE ±Æ½u¦U¥u³s±µ¤@ÁûµwºÐ¡A¦ý¬O¸Ë FreeBSD ¨ºÁû¶}¾÷µwºÐ¡A
+ «o±µ¦b Secondary IDE ±Æ½u¤W¡C
+ ¦p¦¹¤@¨Ó¡A¦b¶}¾÷®É·í kernel «ü©w²Ä¤G­Ó IDE ±±¨î¾¹ªº²Ä¤@­ÓºÏºÐ¾÷ ad2¡A
+ ±Ò°ÊºÏ°Ï«o»{¬°¨t²Î¬O¸Ë¦b ad0(BIOS°»´úªº²Ä¤GÁûµwºÐ)¡I
+ °»´ú§¹¸Ë¸m«á¡Akernel ¸ÕµÛ§â±Ò°ÊºÏ°Ï©Ò»{¬°ªº¶}¾÷µwºÐ(ad0) mount
+ °_¨Ó¡A¨Æ¹ê¤WÀ³¸Ó¬O ad2 ¤~¹ï¡A©Ò¥H´N·|¥X²{¤W­±ªº¿ù»~°T®§¤F¡C</para>
- <para>To fix the problem, do one of the following:</para>
+ <para>¸Ñªk¦p¤U¡A½Ð¿ï¾Ü¨ä¤¤¤@ºØ¤è¦¡´N¦n¡G</para>
<orderedlist>
<listitem>
- <para>Reboot the system and hit <keycap>Enter</keycap>
- at the <literal>Booting kernel in 10 seconds; hit
- [Enter] to interrupt</literal> prompt. This will
- drop you into the boot loader.</para>
+ <para>­«¶}¾÷¨Ã¦b¥X²{¡y<literal>Booting kernel in 10 seconds; hit [Enter] to interrupt</literal>¡z
+ ´£¥Üªº®É­Ô¡A«ö¤U <keycap>Enter</keycap>Áä¡C
+ ³o¼Ë¤l´N·|¶i¤J boot loader µe­±¡G</para>
- <para>Then type
+ <para>½Ð¿é¤J
<literal>
set
root_disk_unit="<replaceable>disk_number</replaceable>"
- </literal>. <replaceable>disk_number</replaceable>
- will be <literal>0</literal> if FreeBSD is installed
- on the master drive on the first IDE controller,
- <literal>1</literal> if it is installed on the slave
- on the first IDE controller, <literal>2</literal> if
- it is installed on the master of the second IDE
- controller, and <literal>3</literal> if it is
- installed on the slave of the second IDE
- controller.</para>
-
- <para>Then type <literal>boot</literal>, and your
- system should boot correctly.</para>
-
- <para>To make this change permanent (ie so you do not
- have to do this every time you reboot or turn on
- your FreeBSD machine), put the line <literal>
- root_disk_unit="<replaceable>disk_number</replaceable>"</literal>
- in <filename>/boot/loader.conf.local
- </filename>.</para>
+ </literal> ³o¸Ìªº¡y<replaceable>disk_number</replaceable>¡z½Ð¨Ì¾Ú±¡ªp´«¦¨¬ÛÃö¥N¸¹¡G
+ ­Y FreeBSD µwºÐ¬O³]©w¸Ë¦b Primary IDE ±µ½uªº Master¡A´N³]¬° 0 ¡F
+ ­Y¬O Primary IDE ±µ½uªº Slave¡A´N³]¬° 1¡F
+ ­Y¬O Secondary IDE ±µ½uªº Master¡A´N³]¬° 2¡F
+ ­Y¬O Secondary IDE ±µ½uªº Slave¡A´N³]¬° 3¡C</para>
+
+ <para>±µµÛ½Ð¦A¿é¤J <literal>boot</literal>¡AµM«á¨t²ÎÀ³¸Ó´N¥i¥H¥¿±`¶}¾÷¤F¡C</para>
+
+ <para>­Y­n¨C¦¸¶}¾÷³£¦Û°Ê³]©w¡A¦Ó¤£¥²¨C¦¸³£¥´¤@¦¸¡A¨º»ò´N¦b <filename>/boot/loader.conf.local</filename>
+ Àɮפº¥[¤W <literal>root_disk_unit="<replaceable>disk_number</replaceable>"</literal>
+ ³o¦æ
+ (·íµM¡A¡y<replaceable>disk_number</replaceable>¡z­n§ï¦¨¬ÛÃö¥N¸¹)</para>
</listitem>
<listitem>
- <para>Move the FreeBSD disk onto the primary IDE
- controller, so the hard disks are
- consecutive.</para>
+ <para>§â FreeBSD µwºÐ§ï±µ¨ì Primary IDE ±µ½u¤W¡A¦p¦¹¤@¨Ó´N¥i¶¶§Q¨Ï¥Î¡C</para>
</listitem>
</orderedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="memory-limits">
- <para>What are the limits for memory?</para>
+ <para>°O¾ÐÅé³Ì¤j­­¨î¬°¦h¤Ö¡H</para>
</question>
<answer>
- <para>The limit is 4 gigabytes on a standard &i386; install.
- Beginning with &os; versions 4.9 and 5.1, more memory can be
- supported through &man.pae.4;. This does require a kernel
- recompile, with an extra option to enable PAE:</para>
+ <para>¤@¯ë &i386; ¾÷¾¹¤W³Ì¦h¥i¤ä´©¨ì 4 GB(gigabytes)¡C
+ ¦Ó¦Û &os; 4.9 ¤Î 5.1 ¥i¥H¶}©l¨Ï¥Î &man.pae.4; ¨Ó¤ä´©§ó¦hªº°O¾ÐÅé¡C
+ ¦³Ãö³oÂI¡A»Ý­n¦b kernel ³]©wÀɤº¥[¤J¤U¦C¤º®e¨Ã­«·s½sĶ kernel¡A¤~¯à¨Ï¥Î PAE¡C</para>
<programlisting>options PAE</programlisting>
- <para>&os;/pc98 has a limit of 4 GB memory, and PAE can not
- be used with it. On &os;/alpha, the limit on memory depends
- on the type of hardware in use - consult the Alpha Hardware
- Release Notes for details. Other architectures
- supported by &os; have much higher theoretical limits on
- maximum memory (many terabytes).</para>
+ <para>&os; ¦b pc98 ¾÷¾¹¤W³Ì¦h«h¥u¤ä´© 4 GB ¡A¦Ó¥B¤£¯à¨Ï¥Î PAE¡C
+ ¦b Alpha ¾÷¾¹¤W¡A°O¾ÐÅé­­¨î¤è­±­nµø©Ò¨Ï¥Îªº«¬¸¹¤ä´©µ{«×¦Ó©w¡A³oÂI½Ð°Ñ¾\
+ ©Ò¨Ï¥Îªº Alpha µwÅé³W®æªí¡C¦Ü©ó¨ä¥L¬[ºcªº &os; ²z½×¤W³Ì¦h¥i¨Ï¥Îªº°O¾ÐÅé¡A¦³¸û¦hªº­­¨î¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ffs-limits">
- <para>What are the limits for ffs filesystems?</para>
+ <para>Àɮרt²Î³Ì¤j­­¨î¬°¦h¤Ö¡H</para>
</question>
<answer>
- <para>For ffs filesystems, the maximum theoretical limit is 8
- terabytes (2G blocks), or 16TB for the default block size of
- 8K. In practice, there is a soft limit of 1 terabyte, but with
- modifications filesystems with 4 terabytes are possible (and
- exist).</para>
+ <para>´NÀɮרt²Î¤è­±¡A²z½×¤Wªº­­¨î¬O³Ì¦h¨ì 8TB(2G blocks)¡A
+ ©Î¬O¨Ï¥Î¤º©w 8K block ¤j¤p®É¡A­­¨î¬O 16TB¡C
+ ¹ê»Ú¤W¡A¥Ø«e³nÅé¨Ï¥Î¤W­­¨î¥u¯à¥Î¨ì 1 TB¡A
+ µM¦Ó¦pªG¬O¦³¥t¦æ§ï³y¹LÀɮרt²Î¡A¨º»ò¹F¨ì 4TB ªº¥Ø¼Ð¬O¥i¦æªº
+ (¤]¦³¤H¦¨¥\¹L)¡C</para>
- <para>The maximum size of a single ffs file is approximately 1G
- blocks, or 4TB with a block size of 4K.</para>
+ <para>³æ¤@Àɮתº¤j¤p¤è­±¡A°²¦p block ¥H 4K §@³W¹ºªº¸Ü¡A
+ «h³Ì¤j¬OÁͪñ 1G blocks(4TB)¡C</para>
<table>
- <title>Maximum file sizes</title>
+ <title>Àɮפj¤pªº³Ì¤j­­¨î</title>
<tgroup cols="3">
<thead>
<row>
- <entry>fs block size</entry>
+ <entry>Àɮרt²Î block ¤j¤p</entry>
<entry>works</entry>
<entry>should work</entry>
</row>
</thead>
<tbody>
<row>
<entry>4K</entry>
<entry>4T-1</entry>
<entry>&gt;4T</entry>
</row>
<row>
<entry>8K</entry>
<entry>&gt;32G</entry>
<entry>32T-1</entry>
</row>
<row>
<entry>16K</entry>
<entry>&gt;128G</entry>
<entry>32T-1</entry>
</row>
<row>
<entry>32K</entry>
<entry>&gt;512G</entry>
<entry>64T-1</entry>
</row>
<row>
<entry>64K</entry>
<entry>&gt;2048G</entry>
<entry>128T-1</entry>
</row>
</tbody>
</tgroup>
</table>
<para>When the fs block size is 4K, triple indirect blocks work
and everything should be limited by the maximum fs block number
that can be represented using triple indirect blocks (approx.
1K^3 + 1K^2 + 1K), but everything is limited by a (wrong) limit
of 1G-1 on fs block numbers. The limit on fs block numbers
should be 2G-1. There are some bugs for fs block numbers near
2G-1, but such block numbers are unreachable when the fs block
size is 4K.</para>
- <para>For block sizes of 8K and larger, everything should be
- limited by the 2G-1 limit on fs block numbers, but is
- actually limited by the 1G-1 limit on fs block numbers.
- Using the correct limit of 2G-1 blocks does cause
- problems.</para>
+ <para>block ¤j¤p¦pªG¬O 8K ©Î§ó¤j¡AÀɮרt²Î block ¼Æ¥Ø·|³Q­­¨î¦b 2G-1
+ ¡A¦ý¹ê»Ú¤WÀ³¸Ó»¡­­¨î¬O 1G-1 ¤~¹ï¡A¦]¬°±Ä¥Î 2G-1 block ªºÀɮרt²Î·|¾É­P¤@¨Ç°ÝÃD¡C
+ </para>
</answer>
</qandaentry>
<qandaentry>
<question id="archsw-readin-failed-error">
- <para>Why do I get an error message,
- <errorname>archsw.readin.failed</errorname> after compiling
- and booting a new kernel?</para>
+ <para>¬°¦ó¦b±Ò°Ê·sªº kernel ®É¡A¬Ý¨ì
+ <errorname>archsw.readin.failed</errorname> ¿ù»~°T®§¡H</para>
</question>
<answer>
- <para>Because your world and kernel are out of synch. This
- is not supported. Be sure you use <command>make
- buildworld</command> and <command>make
- buildkernel</command> to update your kernel.</para>
+ <para>­ì¦]¥X¦b§Aªº world ¥H¤Î kernel ¨Ã¤£¦P¨B¡AÁ|¨Ò¡Gkernel ¥Î 4.11¡A
+ ¦Ó world «o¬O 4.8¡A³o¼Ë¬O·|¦³°ÝÃDªº¡C
+ ½Ð¦A¦¸½T»{¡A¬O§_¦³¥H <command>make buildworld</command> ¤Î
+ <command>make buildkernel</command> ¨Ó¥¿±`§ó·s kernel¡C</para>
- <para>You can boot by specifying the kernel directly at the
- second stage, pressing any key when the | shows up before
- loader is started.</para>
+ <para>¦b±Ò°Ê loader ¤§«e¡A·|¬Ý¨ì "|" ³o­Ó²Å¸¹¦bÂà°Ê¡A³o®É¥i¥H«ö¥ô¦óÁ䤤Â_¡A
+ µM«á¦A«ü©w­n¸ü¤J­þ­Ó kernel ¨Ó¶}¾÷¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="security-profiles">
- <para>What are these <quote>security profiles</quote>?</para>
+ <para><quote>security profiles</quote> ¬O«ü¤°»ò¡H</para>
</question>
<answer>
<para>A <quote>security profile</quote> is a set of configuration
options that attempts to achieve the desired ratio of security
to convenience by enabling and disabling certain programs and
other settings. For full details, see the <ulink
url="&url.books.handbook;/install-post.html#SECURITYPROFILE">Security
Profile</ulink> section of the Handbook's <ulink
url="&url.books.handbook;/install-post.html">post-install
chapter</ulink>.</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question id="boot-acpi">
+ <para>¦b¶}¾÷®É¡A¿ï¾Ü¨Ï¥Î ACPI «h¦b¦w¸Ë¹Lµ{´N±¾¤F¡A¸Ó«ç»ò¿ì¡H</para>
+ </question>
+
+ <answer>
+ <para>¸Õ¸Õ¬ÝÃö³¬ ACPI support¡C ·í¦b¸ü¤J bootloader®É¡A«ö¤UªÅ¥ÕÁä¡C
+ ¨t²Î·|Åã¥Ü <screen>OK</screen> ³o®É¿é¤J
+ <screen><userinput>unset acpi_load</userinput></screen> ±µµÛ¥´
+ <screen><userinput>boot</userinput></screen>
+ ¥HÄ~Äò¶}¾÷¡A³o¼Ë¤lÀ³¸Ó´N¥i¥H¤F¡C</para>
+ </answer>
+ </qandaentry>
+
</qandaset>
</chapter>
<chapter
id="hardware">
- <title>Hardware compatibility</title>
+ <title>µwÅé¤ä´©¤è­±</title>
<sect1 id="compatibility-general">
- <title>General</title>
+ <title>¤@¯ë°ÝÃD</title>
<qandaset>
<qandaentry>
<question id="which-hardware-to-get">
- <para>I want to get a piece of hardware for my FreeBSD
- system. Which model/brand/type is best?</para>
+ <para>§Ú·Q²Õ¸Ë¦Û¤vªº FreeBSD ¾÷¾¹¡A¦³­þ¨Ç«¬¸¹¡B«~µP¡B³W®æ¬O¤ä´©µ{«×³Ì¦nªº©O¡H</para>
</question>
<answer>
- <para>This is discussed continually on the FreeBSD mailing
- lists. Since hardware changes so quickly, however, we
- expect this. We <emphasis>still</emphasis> strongly
- recommend that you read through the Hardware notes for &os;
+ <para>¦³Ãö³oÂI¡A¦b FreeBSD °Q½×°Ï¤W®É±`¦³¤H°Q½×¡CÁöµMµwÅé¨O´«³t«×«Ü§Ö¡A
+ ¥i¯àÀH®É¦³·s³W®æ¡B·s²£«~¥X²{¡AµM¦Ó³o¨Ç³£¦b§Ú­Ì·N®Æ¤§¤¤¡A
+ §Ú­Ì <emphasis>¤´µM</emphasis> ±j¯P«Øij¡G¦b¸ß°Ý¦³Ãö³Ì·s³W®æµwÅ骺¤ä´©°ÝÃD¤§«e¡A
+ ½Ð¥ý°Ñ¾\ &os
<ulink url="&rel.current.hardware;">&rel.current;</ulink>
- or
- <ulink url="&rel2.current.hardware;">&rel2.current;</ulink>
- and search the mailing list
- <ulink url="http://www.FreeBSD.org/search/#mailinglists">
- archives</ulink> before asking about the latest and
- greatest hardware. Chances are a discussion about the
- type of hardware you are looking for took place just last
- week.</para>
+ ©Î
+ <ulink url="&rel2.current.hardware;">&rel2.current;</ulink>ªº¤ä´©µwÅé¦Cªí¡A
+ ©Î¬O·j´M<ulink url="http://www.FreeBSD.org/search/#mailinglists">°Q½×°ÏªºÂ¤峹</ulink>¡A
+ ¤]³\¡A¤W¶g¤~­è«ê¥©¦³¤H°Q½×¹L§A©Ò­n°ÝªºµwÅé¡C</para>
- <para>If you are looking for a laptop, check the
- FreeBSD-mobile mailing list archives. Otherwise, you
- probably want the archives for FreeBSD-questions, or
- possibly a specific mailing list for a particular hardware
- type.</para>
+ <para>¦pªG­n§ä¦³Ãöµ§°O«¬¹q¸£¤è­±¡A½Ð¨ì FreeBSD-mobile µ§°O«¬¹q¸£°Q½×°Ï¡C
+ ¤£µM¡A´N¨ì FreeBSD-questions °Q½×°Ï¡A©Î¬O¯S©wµwÅé³W®æ(¤ñ¦p pc98, Alpha)ªº±MÄÝ°Q½×°Ï§a¡C
+ </para>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 id="compatibility-processors">
- <title>Architectures and processors</title>
+ <title>µwÅé¬[ºc¤Î CPU</title>
<qandaset>
<qandaentry>
<question id="architectures">
- <para>Does FreeBSD support architectures other than the x86?</para>
+ <para>FreeBSD ¦³¤ä´© x86 ¤§¥~ªºµwÅé¬[ºc¥­¥x¶Ü¡H</para>
</question>
<answer>
- <para>Yes. FreeBSD currently runs on the Intel x86 and DEC
- (now Compaq) Alpha architectures. As of FreeBSD 5.0, the
- AMD64 and Intel EM64T, IA-64, and &sparc64; architectures
- are also supported. Upcoming platforms are &mips; and
- &powerpc;, join the &a.ppc; or the &a.mips; respectively
- for more information about ongoing work on these
- platforms. For general discussion on new architectures,
- join the &a.platforms;.</para>
+ <para>¦³ªº¡AFreeBSD ¥Ø«e¥i¥H¦b Intel x86 and DEC
+ (²{¦bªº HP-Compaq) Alpha ¬[ºc¤W­±¹B§@¡C¦Û FreeBSD 5.0 ¤§«áªºª©¥»¡A«h
+ ¥i¤ä´© AMD64 ¤Î Intel EM64T, IA-64 ¥H¤Î &sparc64; ¬[ºc¡C
+ ¥¼¨Ó¥­¥x¤ä´©¤WÁÙ·|¦³ &mips; ¤Î
+ &powerpc;¡A²Ó¸`½Ð¤À§O°Ñ¾\ &a.mips; ©Î &a.ppc;¡C
+ ¤@¯ë¦Ó¨¥¡A·sªºµwÅé¬[ºc¥­¥x¤è­±¡A³£¬O¨ì &a.platforms; °Q½×¡C</para>
- <para>If your machine has a different architecture and you
- need something right now, we suggest you look at <ulink
- url="http://www.netbsd.org/">NetBSD</ulink> or <ulink
- url="http://www.openbsd.org/">OpenBSD</ulink>.</para>
+ <para>­Y§A¾÷¾¹¤£¬O¥H¤W¬[ºc©Î¬O¤ñ¸û©_¯Sªº¡A¦Ó·Q¥ß¨è¸Õ¸Õ¬Ý BSD ªºÅ]¤O¡A
+ §Ú­Ì«Øij§A¥i¥H¦Ò¼{¨Ï¥Î <ulink
+ url="http://www.netbsd.org/">NetBSD</ulink> ©Î <ulink
+ url="http://www.openbsd.org/">OpenBSD</ulink>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="smp-support">
- <para>Does FreeBSD support Symmetric Multiprocessing
- (SMP)?</para>
+ <para>FreeBSD ¤ä´© CPU ¹ïºÙ¦h¤u³B²z(SMP, Symmetric Multiprocessing)¶Ü¡H</para>
</question>
<answer>
- <para>Yes. SMP was enabled by default in the
- <emphasis>GENERIC</emphasis> kernel as of &os; 5.2.</para>
+ <para>¦³ªº¡C SMP ¦b &os; 5.2 ¹w³]ªº kernel(<emphasis>GENERIC</emphasis>)¤w¦³±Ò°Ê¡C
+ </para>
- <para>The intention was also to enable it by default for
- the &os; 5.3 release, but problems running the SMP kernel
- on certain UP machines led to the decision to disable it
- until those problems can be addressed. This is a priority
- for &os; 5.4.</para>
+ <para>¦b &os; 5.3 ­n release ®É¡ASMP¬ÛÃö³]©w¤]¬O¹w³]´N¦³±Ò°Ê¡C
+ µM¦Ó¡A¦b¤@¨Ç¸û·s«¬ªº¾÷¾¹(¹³¬O emt64)¤W«o¤S¦³¨Ç°ÝÃD¡A
+ ©Ò¥HÁÙ¬O¨M©w¦b¬ÛÃö°ÝÃD¡B¦w¥þijÃD¥¼Àò¸Ñ¨M«e¡A¥ýÃö³¬ SMP ªº¬ÛÃö±Ò°Ê¡C
+ ³oÂI¡A¥¿¬O &os; 5.4 ©ÒÀu¥ý¦Ò¼{ªº¤è¦V¡C</para>
- <para>In &os; 4.X, SMP is not enabled in the default kernel,
- so you must recompile your kernel to enable SMP. Take a
- look at <filename>/sys/i386/conf/LINT</filename> to learn
- which options to put in your kernel config file.</para>
+ <para>&os; 4.X ªº¸Ü¡A¹w³]ªº kernel ¨Ã¨S¦³±Ò°Ê SMP¡A
+ ¦]¦¹¡A¥²¶·­n§â options SMP ¥[¤J kernel ³]©wÀɨí«·s½sĶ¤~¯à±Ò°Ê¡C
+ ¦Ü©óÁÙ¦³­þ¨Ç¬ÛÃö³]©w­n©ñ¤J kernel ³]©wÀÉ¡A½Ð°Ñ¾\<filename>/sys/i386/conf/LINT</filename>¡C
+ </para>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 id="compatibility-drives">
- <title>Hard drives, tape drives, and CD and DVD drives</title>
+ <title>µwºÐ¡BºÏ±a¾÷¥H¤Î¥úºÐ¡BDVD¡B¿N¿ý¾÷</title>
<qandaset>
<qandaentry>
<question id="supported-hard-drives">
- <para>What kind of hard drives does FreeBSD support?</para>
+ <para>FreeBSD ¥i¤ä´©­þ¨ÇºØÃþªºµwºÐ©O¡H</para>
</question>
<answer>
- <para>FreeBSD supports EIDE and SCSI drives (with a compatible
- controller; see the next section), and all drives using the
- original <quote>Western Digital</quote> interface (MFM, RLL,
- ESDI, and of course IDE). A few ESDI controllers that use
- proprietary interfaces may not work: stick to WD1002/3/6/7
- interfaces and clones.</para>
+ <para>FreeBSD ³£¤ä´© EIDE ¤Î SCSI ¤¶­±ªºµwºÐ(¥H¤Î SCSI ¥d¡A½Ð¬Ý¤U¤@¸`»¡©ú)
+ ¥H¤Î <quote>Western Digital</quote> ¤¶­±ªºµwºÐ (MFM¡B RLL¡B
+ ESDI¡A·íµM¥]§t IDE)¡A¤£¹L¦³¤@¨Ç¤Ö¼Æªº ESDI ´¹¤ù²Õªº(«¬¸¹¡GWD1002/3/6/7)
+ ¥i¯àµLªk¥¿±`¹B§@¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="supported-scsi-controllers">
- <para>Which SCSI controllers are supported?</para>
+ <para>¤ä´©­þ¨Ç SCSI ¥d¡B³]³Æ©O¡H</para>
</question>
<answer>
- <para>See the complete list in the Hardware Notes for &os;
- <ulink url="&rel.current.hardware;">&rel.current;</ulink> or
- <ulink url="&rel2.current.hardware;">&rel2.current;</ulink>.</para>
+ <para>½Ð°Ñ¾\ &os; ªºµwÅé¤ä´©ªí(
+ <ulink url="&rel.current.hardware;">&rel.current;</ulink> ©Î
+ <ulink url="&rel2.current.hardware;">&rel2.current;</ulink>)</para>
</answer>
</qandaentry>
<qandaentry>
<question id="tape-support">
- <para>What types of tape drives are supported?</para>
+ <para>¤ä´©­þ¨ÇºÏ±a¾÷©O¡H</para>
</question>
<answer>
- <para>FreeBSD supports SCSI and QIC-36 (with a QIC-02 interface).
- This includes 8-mm (aka Exabyte) and DAT drives.</para>
+ <para>FreeBSD ¤ä´© SCSI ¤Î QIC-36 (QIC-02 ¤¶­±) ³W®æªººÏ±a¾÷¡C
+ ¦P®É¥]§t¤F 8-mm (¤]´N¬O Exabyte) ¤Î DAT ºÏ±a¾÷¡C</para>
- <para>Some of the early 8-mm drives are not quite compatible
- with SCSI-2, and may not work well with FreeBSD.</para>
+ <para>¦³¨Ç¦­´Áª©¥»ªº 8-mm ºÏ±a¾÷¨Ã¤£¬O§¹¥þ¬Û®e©ó SCSI-2 ³W®æ¡A
+ ©Ò¥H¥i¯à¦b FreeBSD ¤Wªí²{¤£¬O«Ü¦n¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="tape-changer-support">
- <para>Does FreeBSD support tape changers?</para>
+ <para>FreeBSD ¤ä´©ºÏ±a¦Û°Ê´«±a¾÷¶Ü¡H</para>
</question>
<answer>
- <para>FreeBSD supports SCSI changers using the &man.ch.4;
- device and the &man.chio.1; command. The details of how you
- actually control the changer can be found in the &man.chio.1;
- manual page.</para>
+ <para>FreeBSD ¥i¥H¥Î &man.ch.4; ¤W­±©Ò¦Cªº¾÷ºØ¡A·f°t &man.chio.1; «ü¥O¡A
+ ¨Ó¨Ï¥Î SCSI ºØÃþªº¦Û°Ê´«±a¾÷¡A²Ó¸`³¡¤À½Ð°Ñ¾\ &man.chio.1; »¡©ú¡C</para>
<para>If you are not using <application>AMANDA</application>
or some other product that already understands changers,
remember that they only know how to move a tape from one
point to another, so you need to keep track of which slot a
tape is in, and which slot the tape currently in the drive
needs to go back to.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="supported-cdrom-drives">
- <para>Which CDROM drives are supported by FreeBSD?</para>
+ <para>FreeBSD ¥i¤ä´©­þ¨ÇºØÃþªº¥úºÐ¾÷©O¡H</para>
</question>
<answer>
- <para>Any SCSI drive connected to a supported controller is
- supported.</para>
+ <para>¥u­n¬O¦³¤ä´©ªº SCSI ¥d¤W©Ò±µªº¥ô¤@ SCSI ¥úºÐ¾÷³£¦³¤ä´©¡C</para>
- <para>The following proprietary CDROM interfaces are also
- supported:</para>
+ <para>¦¹¥~¡A¤]¤ä´©¤U¦Cªº¥úºÐ¾÷¡G</para>
<itemizedlist>
<listitem>
- <para>Mitsumi LU002 (8bit), LU005 (16bit) and FX001D
- (16bit 2x Speed).</para>
+ <para>Mitsumi LU002 (8bit), LU005 (16bit) ¤Î FX001D
+ (16bit 2x Speed)</para>
</listitem>
<listitem>
<para>Sony CDU 31/33A</para>
</listitem>
<listitem>
- <para>Sound Blaster Non-SCSI CDROM</para>
+ <para>Sound Blaster «D SCSI ¤¶­±ªº¥úºÐ¾÷</para>
</listitem>
<listitem>
- <para>Matsushita/Panasonic CDROM</para>
+ <para>Matsushita/Panasonic ¥úºÐ¾÷</para>
</listitem>
<listitem>
- <para>ATAPI compatible IDE CDROMs</para>
+ <para>¬Û®e ATAPI ³W®æªº IDE CDROMs</para>
</listitem>
</itemizedlist>
- <para>All non-SCSI cards are known to be extremely slow compared
- to SCSI drives, and some ATAPI CDROMs may not work.</para>
+ <para>¬Û¹ï©ó SCSI ¾÷ºØ¦Ó¨¥¡A¨ä¥L«D SCSI ªº¥úºÐ¾÷³£¬O¤ñ¸ûºC¡A
+ ¦¹¥~¡A¦³¨Ç ATAPI ºØÃþªº¥úºÐ¾÷¥i¯àµLªk¶¶§Q¹B§@</para>
- <para>The official FreeBSD CDROM ISO, and CDROMs from Daemon
- News and FreeBSD Mall, support booting directly from the
- CD.</para>
+ <para>Daemon News ¥H¤Î FreeBSD Mall ©Òµo¦æªº¥¿¦¡ FreeBSD ¥úºÐ¥H¤Î¿N¿ý¥Îªº¼v¹³ÀÉ(ISO)¡A
+ ³£¥i¥Hª½±µ¥Î©ó¶}¾÷¥úºÐ¨Ï¥Î¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="supported-cdrw-drives">
- <para>Which CD-RW drives are supported by FreeBSD?</para>
+ <para>FreeBSD ¤ä´©­þ¨Ç¥úºÐ¿N¿ý¾÷ªºÅX°Êµ{¦¡©O¡H</para>
</question>
<answer>
- <para>FreeBSD supports any ATAPI-compatible IDE CD-R or CD-RW
- drive. See &man.burncd.8; for details.</para>
-
- <para>FreeBSD also supports any SCSI CD-R or CD-RW drives.
- Install and use the <command>cdrecord</command> command from the
- ports or packages system, and make sure that you have the
- <devicename>pass</devicename> device compiled in your
- kernel.</para>
+ <para>FreeBSD ¤ä´©¥ô¦ó¬Û®e ATAPI ¼Ð·Çªº IDE CD-R ©Î CD-RW ¥úºÐ¿N¿ý¾÷¡A
+ ²Ó¸`½Ð°Ñ¾\ &man.burncd.8; »¡©ú¡C</para>
+
+ <para>FreeBSD ¤]¤ä´©¥ô¦ó SCSI CD-R ©Î CD-RW ¥úºÐ¿N¿ý¾÷¡C
+ ½Ð¥Î port ©Î packag ¾÷¨î¨Ó¦w¸Ë¡B¨Ï¥Î <command>cdrecord</command> ¡A
+ ¨Ã½T©w±zªº kernel ¤º¦³±N <devicename>pass</devicename>³]³Æ¤@¨Ö½sĶ¦b¤º¡C
+ (¹w³]ªº kernel.GENERIC ³£·|¦³ device pass ³o¬q)</para>
</answer>
</qandaentry>
<qandaentry>
<question id="zip-support">
- <para>Does FreeBSD support &iomegazip; drives?</para>
+ <para>FreeBSD ¤ä´© Iomega &iomegazip; ¶Ü?</para>
</question>
<answer>
- <para>FreeBSD supports SCSI and ATAPI (IDE) &iomegazip; drives out
- of the box. SCSI ZIP drives can only be set to
- run at SCSI target IDs 5 or 6, but if your SCSI host
- adapter's BIOS supports it you can even boot from it. It
- is not clear which host adapters support booting from
- targets other than 0 or 1, so you will have to consult
- your adapter's documentation if you would like to use this
- feature.</para>
+ <para>FreeBSD ¤ä´©¥~±µ¦¡ªº SCSI ¤Î ATAPI(IDE) ¤¶­±ªº Iomega &iomegazip;¡C
+ ¤£¹L SCSI ZIP ¥u¯à³Q³]¬° SCSI ID 5 ©Î¬O 6 ¤~¥i¥H¹B§@¡A¦ý¦pªG
+ SCSI ¥d¤Wªº BIOS ¤ä´©¥¦¡A§A¬Æ¦Ü¥i¥H¥Î¥¦¨Ó¶}¾÷¡C
+ §Ú­Ì¤£¾å±o­þ¤@¶ô¥d¥i¥H§â¥dªº ID ³]¦b°£¤F 0 ©Î 1 ¥H¥~ªº¦a¤è¦Ó¶}¾÷¦¨¥\¡A
+ ¦]¦¹¡A¦pªG·Q§ï SCSI ID ªº¸Ü¡A½Ð°È¥²°Ñ¾\¸Ó«¬¸¹ªº»¡©ú¤â¥U¡C</para>
- <para>FreeBSD also supports Parallel Port Zip Drives. Check
- that your kernel contains the
- <devicename>scbus0</devicename>,
- <devicename>da0</devicename>,
- <devicename>ppbus0</devicename>, and
- <devicename>vp0</devicename> drivers (the GENERIC kernel
- contains everything except
- <devicename>vp0</devicename>). With all these drivers
- present, the Parallel Port drive should be available as
- <devicename>/dev/da0s4</devicename>. Disks can be mounted
- using <command>mount /dev/da0s4 /mnt</command> OR (for dos
- disks) <command>mount_msdos /dev/da0s4 /mnt</command> as
- appropriate.</para>
+ <para>FreeBSD ¦P®É¤]¤ä´© Parallel Port ZipºÏºÐ¾÷¡C½ÐÀˬd kernel
+ ³]©wÀɬO§_¦³¡G
+ <devicename>scbus0</devicename>¡B
+ <devicename>da0</devicename>¡B
+ <devicename>ppbus0</devicename>¡A¥H¤Î
+ <devicename>vp0</devicename> ³o¨ÇÅX°Êµ{¦¡ (¹w³]ªº GENERIC kernel
+ °£¤F <devicename>vp0</devicename> ¨S¥]¶i¥h¡A¨ä¥L¤TªÌ³£·|¦³)¡C
+ ¥[¤F³o´X­ÓÅX°Êµ{¦¡¤§«á¡AParallel Port Zip ´N·|¦¨¬°
+ <devicename>/dev/da0s4</devicename>¡C</para>
- <para>Also check out <link linkend="media-change">the FAQ on
- removable drives</link> later in this chapter, and <link
- linkend="removable-drives">the note on
- <quote>formatting</quote></link>in the Administration
- chapter.</para>
+ <para>³o®É¡A´N¥i¥H¥Î¹³¬O <command>mount /dev/da0s4 /mnt</command> ©Î
+ (DOS Àɮרt²Î)<command>mount_msdos /dev/da0s4 /mnt</command>
+ ¤§Ãþªº«ü¥O¨Ó±¾¸ü¡BŪ¼g¡C</para>
+
+ <para>¤]¥i¥H°Ñ¾\¤U­±¦³Ãö<link linkend="media-change">ÀH¨­ºÏ¤ù
+ </link>³¡¤À¡A¥H¤Î<link
+ linkend="removable-drives">©â¨úºÐ¡BÀH¨­ºÐªº¡y®æ¦¡¤Æ¡z°Q½×</link>
+ ªº³¡¤À</para>
</answer>
</qandaentry>
<qandaentry>
<question id="jaz-zip-removable-support">
- <para>Does FreeBSD support &jaz;, EZ and other removable
- drives?</para>
+ <para>FreeBSD ¦³¤ä´© &jaz;¡BEZ ¤Î¨ä¥LÃþ¦üªºÀH¨­ºÏ¤ù¶Ü¡H</para>
</question>
<answer>
- <para>They work. Most of these are SCSI devices, so they
- look like SCSI disks to FreeBSD. The IDE EZ looks like an
- IDE drive.</para>
+ <para>¥i¥H°Ú¡A°£¤F IDE ªº EZ drive ¥~¡A¨ä¥LªºÀ³¸Ó³£¬O SCSI ¤¶­±¡A
+ ©Ò¥H¦b FreeBSD ¤W³£·|¥H SCSI µwºÐ¨Ó³B²z¡C</para>
- <para>Make sure that any external units are powered on when
- booting the system.</para>
+ <para>·íµM¡A§A¥²¶·½T©w¦b¶}¾÷®É¡A³o¨Ç³]³Æªº¹q·½¬O¥´¶}ªº¡A
+ ¥H«KÅý FreeBSD ¥i¥H°»´ú¨ì¡C</para>
- <para><anchor id="media-change">To change the media while
- running, check out &man.mount.8;, &man.umount.8;, and
- &man.camcontrol.8; (for SCSI devices) or
- &man.atacontrol.8; (for IDE devices), plus the <link
- linkend="removable-drives">discussion on using removable
- drives</link> later in the FAQ.</para>
+ <para><anchor id="media-change">¦pªG¦bºÏºÐ¹B¤¤ª¬ºA¤¤¡A­n§ó´«ºÏ¤ùªº¸Ü¡A
+ °O±o¥ý¬Ý¤@¤U &man.mount.8;¡B&man.umount.8;¡B
+ ¥H¤Î(SCSIªº¸Ü)&man.camcontrol.8; ©Î &man.atacontrol.8; ÁÙ¦³ FAQ «á­±¦³Ãö
+ <link linkend="removable-drives">¨Ï¥Î©â¨úºÐ¡BÀH¨­ºÐªº°Q½×
+ </link>¡C</para>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 id="compatibility-kbd-mice">
- <title>Keyboards and mice</title>
+ <title>Áä½L¡B·Æ¹«</title>
<qandaset>
<qandaentry>
<question id="usbkbd">
- <para>Does FreeBSD support my USB keyboard?</para>
+ <para>FreeBSD ¦³¤ä´© USB Áä½L¶Ü¡H</para>
</question>
<answer>
- <para>FreeBSD supports USB keyboards
- out-of-the-box. Enable USB support in
+ <para>FreeBSD (¤×¨ä¬O¦³¤ä´© USB keyboards¡C Enable USB support in
<filename>/etc/rc.conf</filename>.</para>
- <para>Once you have USB keyboard support enabled on your
- system, the AT keyboard becomes
- <devicename>/dev/kbd0</devicename> and the USB keyboard
- becomes <devicename>/dev/kbd1</devicename>, if both are
- connected to the system. If there is the USB keyboard
- only, it will be
- <devicename>/dev/ukbd0</devicename>.</para>
+ <para>­Y¦³¶} USB Áä½L¤ä´©¦Ó¥B¦P®É±µ¤W AT ¸ò USB Áä½Lªº¸Ü¡A¨º»ò AT Áä½L·|Åܦ¨
+ <devicename>/dev/kbd0</devicename>¡A¦Ó USB Áä½L«h¬O
+ <devicename>/dev/kbd1</devicename>¡C¦pªG¥u±µ USB Áä½L¡A¨º»ò¥¦´N¬O
+ <devicename>/dev/ukbd0</devicename> Åo¡C</para>
- <para>If you want to use the USB keyboard in the console,
- you have to explicitly tell the console driver to use the
- existing USB keyboard. This can be done by running the
- following command as a part of system
- initialization.</para>
+ <para>¦pªG·Q¦b console ¤W¨Ï¥Î USB Áä½Lªº¸Ü¡A¨º»ò¥²¶·³]©w console «ü©w¥Î USB Áä½L¡C
+ ¥i¥H¦b¨t²Î¶}¾÷µ{§Ç®É¡A¥[¤W¤U¦C«ü¥O¡G</para>
<screen>&prompt.root; <userinput>kbdcontrol -k /dev/kbd1 &lt; /dev/ttyv0 &gt; /dev/null</userinput></screen>
- <para>Note that if the USB keyboard is the only keyboard, it
- is accessed as <devicename>/dev/kbd0</devicename>, thus,
- the command should look like:</para>
+ <para>ª`·N¡G­Y¥u¦³ USB Áä½Lªº¸Ü¡A¤]´N¬O <devicename>/dev/ukbd0</devicename>¡A
+ ¨º»ò½Ð§ï¥Î¤U¦C«ü¥O¡G</para>
- <screen>&prompt.root; <userinput>kbdcontrol -k /dev/kbd0 &lt; /dev/ttyv0 &gt; /dev/null</userinput></screen>
+ <screen>&prompt.root; <userinput>kbdcontrol -k /dev/ukbd0 &lt; /dev/ttyv0 &gt; /dev/null</userinput></screen>
- <para><filename>/etc/rc.i386</filename> is a good place to
- add the above command.</para>
+ <para>«Øij¡G¥i¥H§â¤W­z«ü¥O©ñ¤J <filename>/etc/rc.i386</filename> ¡C</para>
- <para>Once this is done, the USB keyboard should work in the
- X environment as well without any special settings.</para>
+ <para>³]©w¦¨¥\¤§«á¡AUSB Áä½L¤£¥Î§@¥ô¦ó¯S§O³]©w¡A´N¥i¥H¦b X µøµ¡Àô¹Ò¤W¥¿±`¹B§@Åo¡C</para>
- <para>Hot-plugging and unplugging of the USB keyboard may
- not work quite right yet. We recommend connecting the
- keyboard before starting the system and leaving it
- connected until the system is shutdown to avoid
- troubles.</para>
+ <para>USB Áä½Lªº¼ö´¡©Þ(Hot-plugging and unplugging)¦b &os; ¥i¯àÁÙµLªk§¹¥þ¥¿±`¹B§@¡A
+ «Øij¡G¦b¨t²Î¶}¾÷«e´N¥ý±µ¤WÁä½L¡Aª½¨ìÃö¾÷¬°¤î¡A¥HÁקK¤£¥²­nªº§xÂZ¡C</para>
- <para>See the &man.ukbd.4; manual page for more information.</para>
+ <para>¬ÛÃö²Ó¸`½Ð°Ñ¾\ &man.ukbd.4; ªº»¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="busmouse">
- <para>I have an unusual bus mouse. How do I set it
- up?</para>
+ <para>¥j¦­ªº bus ·Æ¹«¡A­n«ç»ò³]©w©O¡H</para>
</question>
<answer>
- <para>FreeBSD supports the bus mouse and the InPort bus
- mouse from such manufacturers as Microsoft, Logitech and
- ATI. The GENERIC kernel does not include the device
- driver. To build a custom kernel with the bus mouse
- driver, add the following line to the kernel config
- file:</para>
+ <para>FreeBSD ¤ä´©¤@¨Ç¼t°Ó(¹³¬O¡GMicrosoft¡BLogitech¡BATI)©Ò°µªº bus ¤Î InPort bus ¤¶­±ªº·Æ¹«¡C
+ µM¦Ó¡A¹w³]ªº kernel(GENERIC)¤w¸g¤£¤º§t¥¦­ÌªºÅX°Êµ{¦¡¡C
+ ¦]¦¹¡A­n¥[¤J¤U¦C¨ì kernel ³]©wÀɨí«·s½sĶ¡B¦w¸Ë¡A¤~¯à±Ò¥Î¡G</para>
<programlisting>device mse0 at isa? port 0x23c irq5</programlisting>
- <para>Bus mice usually come with dedicated interface cards.
- These cards may allow you to set the port address and the
- IRQ number other than shown above. Refer to the manual of
- your mouse and the &man.mse.4; manual page for more
- information.</para>
+ <para>Bus ·Æ¹«³q±`­n·f°t±M¥Îªº¤¶­±¥d¤~¯à¨Ï¥Î¡C
+ ³o¨Ç¥d¥i¥H³]©w port address ¤Î IRQ ­È¡A³o¨Ç²Ó¸`½Ð°Ñ¾\§Aªº·Æ¹«»¡©ú¤â¥U¤Î
+ &man.mse.4; »¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ps2mouse">
- <para>How do I use my PS/2 (<quote>mouse port</quote> or
- <quote>keyboard</quote>) mouse?</para>
+ <para>PS/2 (<quote>mouse port</quote> ©Î
+ <quote>keyboard</quote>)ªº·Æ¹«­n«ç»ò³]©w¤~¦n©O¡H</para>
</question>
<answer>
- <para>The PS/2 mouse is supported out-of-the-box. The
- necessary device driver, <devicename>psm</devicename>, is
- included in the kernel.</para>
+ <para>PS/2 ·Æ¹«³£¦³¤ä´©¡A©Ò»Ý­n¥Î¨ìªºÅX°Êµ{¦¡ <devicename>psm</devicename>
+ ¦b¹w³]ªº kernel(GENERIC)¤w¦³¤º§t¤F¡C</para>
- <para>If your custom kernel does not have this, add the
- following line to your kernel configuration and compile a
- new kernel.</para>
+ <para>­Y§A¦Û­qªº kernel ¤ºº|¤F psm ªº¸Ü¡A¨º»ò´N¦A§â¤U¦C¤º®e¥[¨ì kernel
+ ³]©wÀɨí«·s½sĶ¡B¦w¸Ë¡G</para>
<programlisting>device psm0 at atkbdc? irq 12</programlisting>
- <para>Once the kernel detects <devicename>psm0</devicename>
- correctly at boot time, make sure that an entry for
- <devicename>psm0</devicename> exists in
- <filename>/dev</filename>. You can create this entry by
- typing:</para>
+ <para>·í¶}¾÷®É kernel ¦³¥¿½T°»´ú¨ì <devicename>psm0</devicename>
+ ¡A½Ð°È¥²½T»{¦b <filename>/dev</filename> ¤º¦³
+ <devicename>psm0</devicename> ¡C
+ ¦pªG¨S¦³ªº¸Ü¡A¨º»ò´N¥Î <username>root</username> ¨Ó¥´¤U¦C«ü¥O¨Ó«Ø¥ß§a¡G</para>
<screen>&prompt.root; <userinput>cd /dev; sh MAKEDEV psm0</userinput></screen>
- <para>when logged in as <username>root</username>.</para>
-
<note>
- <para>You can omit this step if you are running FreeBSD
- 5.0-RELEASE or newer with &man.devfs.5; enabled,
- since the proper device nodes will be created automatically
- under <filename>/dev</filename>.</para>
+ <para>¦pªG¬O &os; 5.0-RELEASE(§t¤§«áª©¥»)ªº¸Ü¡A¦]¬°±Ä¥Î &man.devfs.5; ¾÷¨îªº¦]¯À¡A
+ ©Ò¥H·|¦Û°Ê¦b <filename>/dev</filename> ¤U«Ø¥ß¬ÛÃö³]³Æªº¸`ÂI¡A¦]¦¹´N¥i¥H²¤¹L¤W­±³o¤@¨B¡C</para>
</note>
</answer>
</qandaentry>
<qandaentry>
<question id="moused">
- <para>Is it possible to use a mouse in any way outside the X
- Window system?</para>
+ <para>¦pªG¤£¥Î X Window Àô¹Òªº¸Ü¡A¤]¥i¥H¥Î·Æ¹«¶Ü¡H</para>
</question>
<answer>
- <para>If you are using the default console driver,
- &man.syscons.4;, you can use a mouse pointer in text
- consoles to cut &amp; paste text. Run the mouse daemon,
- &man.moused.8;, and turn on the mouse pointer in the
- virtual console:</para>
-
+ <para>­Y¨Ï¥Î console ªº¹w³]ÅX°Êµ{¦¡(¤]´N¬O &man.syscons.4;)¡A
+ ¨º»ò´N¥i¥H¦b¤å¦r¤¶­±ªº console ¤W­±¥Î·Æ¹«¨Ó°Å¶K¤å¦r¤F¡C
+ ¨º»ò­n±Ò°Ê &man.moused.8; ¨Ã¶}±Ò´å¼ÐÅã¥Ü¡A
+ ½Ð¥´¤U¦C«ü¥O¡G</para>
+
<screen>&prompt.root; <userinput>moused -p /dev/<replaceable>xxxx</replaceable> -t <replaceable>yyyy</replaceable></userinput>
&prompt.root; <userinput>vidcontrol -m on</userinput></screen>
- <para>Where <replaceable>xxxx</replaceable> is the mouse
- device name and <replaceable>yyyy</replaceable> is a
- protocol type for the mouse. The mouse daemon can
- automatically determine the protocol type of most
- mice, except old serial mice. Specify the
- <literal>auto</literal> protocol to invoke automatic
- detection. If automatic detection does not work, see the
- &man.moused.8; manual page for a list of supported
- protocol types.</para>
+ <para>¨ä¤¤¡y<replaceable>xxxx</replaceable>¡z¬O·Æ¹«ªº³]³Æ¦WºÙ¡A¦Ó
+ ¡y<replaceable>yyyy</replaceable>¡z«h¬O·Æ¹«©Ò¨Ï¥Îªº protocol ºØÃþ¡C
+ ¥Ø«eªº moused ¥i¥H¦Û°Ê°»´ú(°£¤F¦¡ªº serial
+ ·Æ¹«¤§¥~)¤j¦h¼Æ·Æ¹«©Ò¨Ï¥Îªº protocol ºØÃþ¡A¦Ó¤£¥Î¨è·N¥h«ü©w¡C
+ ¡yprotocol ºØÃþ¡z³]©w¥Î
+ <literal>auto</literal> ´N·|¦Û°Ê°»´ú¤F¡C­Y¦Û°Ê°»´ú¥¢±Ñªº¸Ü¡A½Ð°Ñ¾\ &man.moused.8;
+ ¸Ì­±ªº type ¨º¬q»¡©ú¡C</para>
- <para>If you have a PS/2 mouse, just add
- <literal>moused_enable="YES"</literal> to
- <filename>/etc/rc.conf</filename> to start the mouse
- daemon at boot-time. Additionally, if you would like to
- use the mouse daemon on all virtual terminals instead of
- just the console, add <literal>allscreens_flags="-m
- on"</literal> to <filename>/etc/rc.conf</filename>.</para>
+ <para>¦pªG¥Îªº¬O PS/2 ·Æ¹«¡A¥u­n§â
+ <literal>moused_enable="YES"</literal> ¥[¨ì
+ <filename>/etc/rc.conf</filename> ¡A³o¼Ë¨C¦¸¶}¾÷´N·|¦Û°Ê±Ò°Ê¤F¡C
+ ¦¹¥~¡A¦pªG­n¦b©Ò¦³ virtual terminals ¤W¤]¯à¨Ï¥Î·Æ¹«¡A
+ ¦Ó¤£­­©w¥u¦³ console ªº¸Ü¡A¨º»ò½Ð¦A§â
+ <literal>allscreens_flags="-m on"</literal> ¥[¨ì <filename>/etc/rc.conf</filename> ¸Ì­±§Y¥i¡C</para>
- <para>When the mouse daemon is running, access to the mouse
- must be coordinated between the mouse daemon and other
- programs such as X Windows. Refer to the FAQ <link
- linkend="x-and-moused">Why does my mouse not work with
- X?</link> for more details on this issue.</para>
+ <para>moused ¦b°õ¦æ¤¤ªº®É­Ô¡A¦pªG­n¨Ï¥Î·Æ¹«¬ÛÃö¥\¯à¡A³£¥²¶·³z¹L moused
+ ©Î¨ä¥Lµ{¦¡¹³¬O X µøµ¡¨Ó¶i¦æ¡C½Ð°Ñ¾\ FAQ ¤¤¦³Ãö<link
+ linkend="x-and-moused">¡y¬°¤°»ò¤£¯à¦b X µøµ¡¸Ì¨Ï¥Î·Æ¹«¡H¡z</link>¥HÁA¸Ñ¬ÛÃö²Ó¸`¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="text-mode-cut-paste">
- <para>How do I cut and paste text with a mouse in the text
- console?</para>
+ <para>¦b¤å¦r¼Ò¦¡ªº console Àô¹Ò­n«ç»ò¥Î·Æ¹«¨Ó°Å¶K¤å¦r©O¡H</para>
</question>
<answer>
- <para>Once you get the mouse daemon running (see the <link
- linkend="moused">previous section</link>), hold down the
- button 1 (left button) and move the mouse to select a
- region of text. Then, press the button 2 (middle button)
- to paste it at the text cursor. Pressing button 3 (right
- button) will <quote>extend</quote> the selected region of
- text.</para>
+ <para>·í°õ¦æ moused «á¡A(°Ñ¾\<link linkend="moused">«e¤@¸`</link>)
+ «ö¦í¥ªÁä¡A±µµÛ²¾°Ê·Æ¹«¨Ó¿ï¾Ü¤@­Ó°Ï°ì¤§«á©ñ¶}¡A³o¼Ë´N§¹¦¨¡y½Æ»s¡z¡C
+ ­n¡y¶K¤W¡zªº¸Ü¡A«ö·Æ¹«¤¤Áä´N¥i¥H¤F¡C
+ ­n¡y©µ¦ù¿ï¨ú°Ï¡zªº¸Ü¡A«ö·Æ¹«¥kÁä</para>
- <para>If your mouse does not have a middle button, you may
- wish to emulate one or remap buttons using mouse daemon
- options. See the &man.moused.8; manual page for
- details.</para>
+
+ <para>¦pªG§Aªº·Æ¹«¨S¦³¤¤Áä¡A§A¥i¥H¥Î¼ÒÀÀªº¤è¦¡¡A©Î¬O­«·s©w¸q·Æ¹««öÁ䪺¤è¦¡¡A
+ ¨Ó¹F¦¨¡u©µ¦ù¡vªº¥\¯à¡C¸Ô±¡½Ð°Ñ¾\ &man.moused.8; »¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="mouse-wheel-buttons">
- <para>My mouse has a fancy wheel and buttons. Can I use them in
- FreeBSD?</para>
+ <para>§Ú·Æ¹«¤W­±ªººu½ü¡Bºu½ü«ö¶s¡A¥i¥H¦b console ¤W¨Ï¥Î¶Ü¡H</para>
</question>
<answer>
- <para>The answer is, unfortunately, <quote>It depends</quote>.
- These mice with additional features require specialized driver
- in most cases. Unless the mouse device driver or the user
- program has specific support for the mouse, it will act just
- like a standard two, or three button mouse.</para>
+ <para>³o­Óµª®×¹À...¡A«Ü¤£©¯¦a¡A¦b¤j¦h¼Æªº±¡ªp¤U¤£¦æ¡C
+ ³o¨Ç¦³ºu½üªº·Æ¹«»Ý­n¥Î¯S®íÅX°Êµ{¦¡¤~¦æ¡A
+ °£«D¡A·Æ¹«ÅX°Êµ{¦¡©Î¨Ï¥ÎªÌ¦Û¤vªºÀ³¥Îµ{¦¡¦³¤ä´©¡A
+ ¤£µM¡A³o¨Ç·Æ¹«¥u¯à°÷·í¦¨¬O´¶³qªº¨âÁä©Î¤TÁ䪺·Æ¹«¨Ó¥Î¦Ó¤w¡C
+ </para>
- <para>For the possible usage of wheels in the X Window
- environment, refer to <link linkend="x-and-wheel">that
- section</link>.</para>
+ <para>¦pªG­n¦b X µøµ¡Àô¹Ò¤W¨Ï¥Îºu½üªº¸Ü¡A½Ð°Ñ¾\
+ <link linkend="x-and-wheel"> X µøµ¡¤Wªººu½ü¨Ï¥Î
+ </link>»¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="laptop-mouse-trackball">
- <para>How do I use the mouse/trackball/touchpad on my laptop?</para>
+ <para>­n«ç»ò¦bµ§°O«¬¹q¸£¤W¨Ï¥Î·Æ¹«¡B­y¸ñ²y¡BIJ±±ªO©O¡H</para>
</question>
<answer>
- <para>Please refer to <link linkend="ps2mouse">the answer to
- the previous question</link>.</para>
+ <para>½Ð°Ñ¾\<link linkend="ps2mouse">«e­±ªº PS/2 ·Æ¹«ªº°Ýµª
+ </link>¡C</para>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 id="compatibility-networking">
- <title>Networking and serial devices</title>
+ <title>ºô¸ô¸ò serial ³]³Æ</title>
<qandaset>
<qandaentry>
<question id="network-cards">
- <para>Which network cards does FreeBSD support?</para>
+ <para>FreeBSD ¤ä´©­þ¨Çºô¸ô¥d©O¡H</para>
</question>
<answer>
- <para>See the Hardware Notes supplied with each release of
- FreeBSD for a more
- complete list.</para>
+ <para>½Ð°Ñ¦Ò &os; ¦Uª©¥»ªºµwÅé¤ä´©¦Cªí¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="internal-plugnplay-modem">
- <para>Why is FreeBSD not finding my internal Plug &amp; Play
- modem?</para>
+ <para>¬°¤°»ò FreeBSD §ä¤£¨ì PnP(ÀH´¡ÀH¥Î¡APlug &amp; Play)³W®æªº modem?</para>
</question>
<answer>
- <para>You will need to add the modem's PnP ID to the PnP ID
- list in the serial driver. To enable Plug &amp; Play support,
- compile a new kernel with <literal>controller pnp0</literal> in
- the configuration file, then reboot the system. The kernel will
- print the PnP IDs of all the devices it finds. Copy the PnP ID
- from the modem to the table in
- <filename>/sys/i386/isa/sio.c</filename>, at about line 2777.
- Look for the string <literal>SUP1310</literal> in the structure
- <literal>siopnp_ids[]</literal> to find the table. Build the
- kernel again, install, reboot, and your modem should be
- found.</para>
+ <para>­ì¦]¦b©ó¡G»Ý­n§â modem ªº PnP ID ¥[¨ì serial ÅX°Êµ{¦¡ªº PnP ID ªí¡A§@ªk¦p¤U¡G
+ <orderedlist>
+ <listitem>
+ <para>­º¥ý¡A¦b kernel ³]©wÀɤº¥[¤J <literal>controller pnp0</literal>¡A
+ ¨Ã­«·s½sĶ¡B¦w¸Ë kernel¡A³Ì«á­«¶}¾÷´N·|±Ò°Ê PnP ¤ä´©¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>µM«á¡Akernel ·|§â°»´ú¨ì©Ò¦³³]³Æ¤Wªº PnP ID ³£¦C¥X¡C
+ ³o®É¡A­×§ï <filename>/usr/src/sys/isa/sio.c</filename>(¤j¬ù²Ä752¦æ¥ª¥kªº¦a¤è)¡A
+ ¥i¥H·j´M <literal>SUP1310</literal> ·íÃöÁä¦r(¦ì©ó <literal>sio_ids[]</literal> ªí¤º)¡A
+ ½Ð±N­è¤~ kernel Åã¥Üªº modem ªº PnP ID ½Æ»s¨ì¬ÛÃö¦ì¸m¡C</para>
+ </listitem>
- <para>You may have to manually configure the PnP devices using
- the <literal>pnp</literal> command in the boot-time
- configuration with a command like</para>
+ <listitem>
+ <para>³o®É¡A¦A­«·s½sĶ¡B¦w¸Ë kernel¡A³Ì«á­«¶}¾÷À³¸Ó´N·|¥¿½T°»´ú¨ì modem ¤F¡C</para>
+ </listitem>
+ </orderedlist>
+
+ <para>¦¹¥~¡A¤]¥i¥H¦b¶}¾÷®É¥H <literal>pnp</literal> «ü¥O¨Ó¤â°Ê³]©w PnP ³]³Æ¡A
+ ¨ÓÅý kernel ±o¥H¥¿½T°»´ú¡AÁ|¨Ò¡G</para>
<programlisting>pnp 1 0 enable os irq0 3 drq0 0 port0 0x2f8</programlisting>
- <para>to make the modem show.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="support-winmodem">
- <para>Does FreeBSD support software modems, such as Winmodems?</para>
+ <para>FreeBSD ¤ä´©¹³¬O Winmodems ¤§Ãþªº³nÅé modem ¶Ü¡H</para>
</question>
<answer>
- <para>FreeBSD supports many software modems via add-on
- software. The <filename role="package">comms/ltmdm</filename> port adds
- support for modems based on the very popular Lucent LT
- chipset. The <filename role="package">comms/mwavem</filename> port
- supports the modem in IBM Thinkpad 600 and 700
- laptops.</para>
+ <para>FreeBSD ¥i¥H¦w¸ËÃB¥~ªº³nÅé¨Ó¤ä´©³nÅé modem¡C
+ ¹³¬O <filename role="package">comms/ltmdm</filename> ¥i¤ä´©±`¨£ªº Lucent LT ´¹¤ù¡A
+ <filename role="package">comms/mwavem</filename> «h¥i¤ä´© IBM Thinkpad 600 ¤Î 700
+ µ§°O«¬¹q¸£¤W­±ªº modem¡C</para>
- <para>You cannot install FreeBSD via a software modem; this
- software must be installed after the OS is
- installed.</para>
+ <para>µM¦Ó¡A¨Ã¤£¯à¥Î³nÅé modem ¨Ó¦w¸Ë FreeBSD¡A
+ ¦]¬°¡G³oÃþ³nÅ饲¶·¦b§@·~¨t²Î¦w¸Ë§¹²¦¤§«á¡A¤~¯à¦w¸Ë¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="support-broadcom">
- <para>Is there a native driver for the Broadcom 43xx cards?</para>
+ <para>¦³ Broadcom 43xx µL½uºô¥dªº­ì¥ÍÅX°Êµ{¦¡(Native driver)¶Ü¡H</para>
</question>
<answer>
- <para>No, and there is not likely to be.</para>
-
- <para>Broadcom refuses to publically release programming
- information for their wireless chipsets, most likely because
- they use software controlled radios. In order to get FCC type
- acceptance for their parts, they have to ensure that users
- cannot arbitrarily set things like operating frequencies,
- modulation parameters and power output. But without knowing
- how to program the chipsets, it is nearly impossible to write
- a driver.</para>
+ <para>¨S¦³¡A¦Ó¥B¤]¤£¤Ó¥i¯à·|¦³¡C</para>
+
+ <para>Broadcom ©Úµ´¤½¶}¦³ÃöµL½uºô¥d´¹¤ùªºÅX°Êµ{¦¡¬ÛÃö»¡©ú¡A
+ ¥D¦]¤j·§¬O¥L­Ì¥Î³nÅé¨Ó±±¨îµL½u¶Ç¿é¤è¦¡¡C
+ ¨Æ¹ê¤W¡A¦]¬°­n¯à³q¹L¬ü°êÁp¨¹¹q«H©e­û·|(FCC)À˺Ϧw³Wªº¸Ü¡A
+ ¥²¶·½T«O²£«~¤£¯àÅý¨Ï¥ÎªÌ¤£¯àÀH·N§ó°Ê¬ÛÃö³]©w¡A¤ñ¦p¡G¹qºÏªiÀW²v¡B¬ÛÃö¼Ò²Õ°Ñ¼Æ¡B¿é¥X¹q·½µ¥¡C
+ ¦ý¬O¡A¦pªG§Ú­Ì¤£ª¾¹D¦p¦ó¥h±±¨î´¹¤ùªº¸Ü¡A¨º»ò¼¶¼gÅX°Êµ{¦¡¤§¸ô®£©È¤£¤Ó¥i¦æ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="multiport-serial-support">
- <para>Which multi-port serial cards are supported by
- FreeBSD?</para>
+ <para>FreeBSD ¤ä´©­þ¨Ç multi-port serial¥d©O¡H</para>
</question>
<answer>
- <para>There is a list of these in the <ulink
- url="&url.books.handbook;/install.html#INSTALL-MISC">Miscellaneous
- devices</ulink> section of the handbook.</para>
+ <para>½Ð°Ñ¾\¨Ï¥Î¤â¥U¤Wªº <ulink
+ url="&url.books.handbook;/install.html#INSTALL-MISC">¦w¸Ë½g¡X¨ä¥LµwÅé
+ </ulink> ¦Cªí¡C</para>
- <para>Some unnamed clone cards have also been known to work,
- especially those that claim to be AST compatible.</para>
+ <para>ÁöµM¦³¨Ç¥d¬O¨SµPªº(¤×¨ä¬O¦³¼Ð©ú¡G¬Û®e AST ³W®æ)¦ý¤]¥i¥H¥¿±`¨Ï¥Î¡C</para>
- <para>Check the &man.sio.4; manual page to get more
- information on configuring such cards.</para>
+ <para>¦Ü©ó¥dªº³]©w¤è­±¡A½Ð°Ñ¾\ &man.sio.4; ªº»¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="serial-console-prompt">
- <para>How do I get the boot: prompt to show on the serial
- console?</para>
+ <para>¦b serial console ¤W­n¦p¦ó¤~·|¥X²{ boot: ´£¥Ü©O¡H</para>
</question>
<answer>
<orderedlist>
<listitem>
- <para>Build a kernel with
- <literal>options COMCONSOLE</literal>.</para>
+ <para>kernel ³]©wÀÉ¥[¤J
+ <literal>options COMCONSOLE</literal></para>
</listitem>
<listitem>
- <para>Create /boot.config and place <option>-P</option>
- as the only text in the file.</para>
+ <para>«Ø¥ß /boot.config ÀÉ¡A¨Ã¥B¸ÓÀɸ̭±¤º®e¥u¶ñ¤W <option>-P</option></para>
</listitem>
<listitem>
- <para>Unplug the keyboard from the system.</para>
+ <para>§âÁä½L±q¾÷¾¹¤W©Þ±¼</para>
</listitem>
</orderedlist>
- <para>See
+ <para>²Ó¸`½Ð¬Ý
<filename>/usr/src/sys/i386/boot/biosboot/README.serial</filename>
- for information.</para>
+ </para>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 id="compatibility-sound">
- <title>Sound devices</title>
+ <title>­µ®Ä¥d</title>
<qandaset>
<qandaentry>
<question id="sound-card-support">
- <para>Which sound cards are supported by FreeBSD?</para>
+ <para>FreeBSD ¤ä´©­þ¨Ç­µ®Ä¥d¡H</para>
</question>
<answer>
- <para>&os; supports various sound cards including the &soundblaster;,
- &soundblaster; Pro, &soundblaster; 16, Pro Audio Spectrum 16,
- AdLib, and Gravis UltraSound sound cards (for more details,
- see <ulink url="&url.base;/releases/">&os; Release Information</ulink>
- and the &man.snd.4; manual page).
- There is also limited support for
- MPU-401 and compatible MIDI cards. Cards conforming to the
- &microsoft; Sound System specification are also supported.</para>
+ <para>&os; ¤ä´©¦UºØ­µ®Ä¥d¡A¥]¬A¤F &soundblaster;¡B
+ &soundblaster; Pro¡B&soundblaster; 16¡BPro Audio Spectrum 16¡B
+ AdLib¡B¤Î Gravis UltraSound sound cards (²Ó¸`½Ð°Ñ¾\
+ <ulink url="&url.base;/releases/">&os; µo¦æ±¡³ø</ulink>
+ ¥H¤Î &man.snd.4; ªº»¡©ú)¡C
+ ¦¹¥~¡A¹ï MPU-401 ¤Î MIDI ¬Û®e³W®æªº¤]¦³¤@©wµ{«×ªº¤ä´©¡A¦Ó
+ &microsoft; Sound System ³W®æ¤]¦³¤ä´©¡C</para>
<note>
- <para>This is only for sound! This driver does not support
- CDROMs, SCSI or joysticks on these cards, except for the
- &soundblaster;. The &soundblaster; SCSI interface and some
- non-SCSI CDROMs are supported, but you cannot boot off this
- device.</para>
+ <para>ÅX°Êµ{¦¡¶È¾A¥Î©ó¡y­µ®Ä¡z³¡¤À¡I °£¤F &soundblaster; ¤§¥~¡A
+ ¥Ø«e­µ®ÄÅX°Êµ{¦¡¨Ã¤£¤ä´©³o¨Ç­µ®Ä¥d¤Wªº¥úºÐ¾÷, SCSI³]³Æ©Î·n±ì¡C
+ &soundblaster; ªº SCSI ¤¶­±¤Î¬Y¨Ç«D SCSI ªº¥úºÐ¾÷¬O¦³¤ä´©¡A¦ýµLªk¥Î¨Ó¶}¾÷¡C
+ </para>
</note>
</answer>
</qandaentry>
<qandaentry>
<question id="es1370-silent-pcm">
- <para>Workarounds for no sound from my &man.pcm.4; sound
- card?</para>
+ <para>&man.pcm.4; ©Ò¤ä´©ªº­µ®Ä¥d¨S¦³Án­µ¡A¦³¤°»ò¼È®É¸Ñ¨M¤è¦¡¶Ü¡H</para>
</question>
<answer>
- <para>Some sound cards, such as the es1370, set their output
- volume to 0 at every boot. Run the following command
- every time the machine boots:</para>
+ <para>¦]¬°¦³¨Ç¹³¬O es1370 ´¹¤ùªº­µ®Ä¥d·|¦b¨C¦¸¶}¾÷®É§â­µ¶q½Õ¬°¹s¡C
+ ¼È®É¸Ñªk¬O¦b¨C¦¸¶}¾÷®É°õ¦æ¤U­±«ü¥O¡A©Î¬O¥[¨ì /etc/rc.local ¤º¡G</para>
<screen>&prompt.root; <userinput>mixer pcm 100 vol 100 cd 100</userinput></screen>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 id="compatibility-other">
- <title>Other hardware</title>
+ <title>¨ä¥LµwÅé</title>
<qandaset>
<qandaentry>
<question id="other-device-support">
- <para>What other devices does FreeBSD support?</para>
+ <para>FreeBSD Á٤䴩¨ä¥L­þ¨ÇµwÅé©O¡H</para>
</question>
<answer>
- <para>See the <ulink
- url="&url.books.handbook;/install.html#INSTALL-MISC">Handbook</ulink>
- for the list of other devices supported.</para>
+ <para>½Ð°Ñ¾\¨Ï¥Î¤â¥U¤Wªº <ulink
+ url="&url.books.handbook;/install.html#INSTALL-MISC">¦w¸Ë½g¡X¨ä¥LµwÅé</ulink>
+ ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="power-management-support">
- <para>Does FreeBSD support power management on my
- laptop?</para>
+ <para>FreeBSD ¤ä´©µ§°O«¬¹q¸£ªº¬Ù¹qºÞ²z¥\¯à¶Ü¡H</para>
</question>
<answer>
- <para>FreeBSD 4.X and later support <acronym>APM</acronym>
- on certain machines. Further information can be found in
- &man.apm.4;.</para>
+ <para>FreeBSD 4.X(§t¤§«áª©¥»)¦b¬Y¨Ç¾÷ºØ¤W³£¦³¤ä´© <acronym>APM</acronym>¡C
+ ²Ó¸`½Ð°Ñ¾\ &man.apm.4; ªº»¡©ú¡C</para>
- <para>FreeBSD 5.X and later support the
- <acronym>ACPI</acronym> features found in most modern
- hardware. Further information can be found in
- &man.acpi.4;. If a system supports both
- <acronym>APM</acronym> and <acronym>ACPI</acronym>, either
- can be used. We suggest you try both and choose the one
- that best fits your needs.</para>
+ <para>FreeBSD 5.X(§t¤§«áª©¥»)¤ä´©¦b¥Ø«e¤j³¡¤À¾÷ºØ¤W³£¦³ªº
+ <acronym>ACPI</acronym> ¥\¯à¡C
+ ²Ó¸`½Ð°Ñ¾\ &man.acpi.4; ªº»¡©ú¡C­Y¾÷¾¹¤W¦P®É³£¦³ <acronym>APM</acronym>
+ ¤Î <acronym>ACPI</acronym> ¥\¯àªº¸Ü¡A§Ú­Ì«Øij§A¥i¥H¨âªÌ³£¸Õ¸Õ¬Ý¡A
+ ¬Ý¬Ý­þ¤@ºØ¤ñ¸û²Å¦X§Aªº»Ý¨D¡C</para>
</answer>
</qandaentry>
+ <qandaentry>
+ <question id="disable-acpi">
+ <para>¸Ó¦p¦óÃö³¬ ACPI¡H</para>
+ </question>
+
+ <answer>
+ <para>§â <screen>hint.acpi.0.disabled="1"</screen>
+ ³o¬q¥[¨ì <filename>/boot/device.hints</filename> §Y¥i¡C</para>
+ </answer>
+ </qandaentry>
+
<qandaentry>
<question id="micron-hang-boot">
- <para>Why does my Micron system hang at boot time?</para>
+ <para>Micron ¹q¸£Á`¬O¦b &os; ±Ò°Ê®É´N±¾±¼¡A¸Ó«ç»ò¿ì©O¡H</para>
</question>
<answer>
- <para>Certain Micron motherboards have a non-conforming PCI BIOS
- implementation that causes grief when FreeBSD boots because PCI
- devices do not get configured at their reported addresses.</para>
+ <para>¦³¨Ç Micron ¥D¾÷ªO¤Wªº BIOS ¦b PCI ¤è­±·|¦³°ÝÃD¡A
+ ³o·|¾É­P PCI ³]³Æ·|³Q BIOS °»´ú¬°¤£¥¿½T³]©w¡A¦Ó¶i¤J FreeBSD ´N±¾±¼¡C</para>
- <para>Disable the <quote>Plug and Play Operating System</quote>
- flag in the BIOS to work around this problem.</para>
+ <para>¼È®É¸Ñ¨M¤è¦¡¡GÃö³¬ BIOS ¤º <quote>Plug and Play Operating System</quote>
+ ªº³]©w¡C</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question id="micron-3comnic-failure">
+ <para>&tm.3com; PCI ¤¶­±ºô¸ô¥dµLªk¦b Micron ¹q¸£¤W¨Ï¥Î¡A¸Ó«ç»ò¿ì¡H</para>
+ </question>
+
+ <answer>
+ <para>³o°ÝÃD¸ò«e­±ªº°ÝÃD¦]¯À¤@¼Ë¡AÁ`¤§¡A´N¬OÃö³¬ BIOS ¤¤¦³Ãö OS PnP ªº³]©w¡C</para>
+
+ <para>¼È®É¸Ñ¨M¤è¦¡¡GÃö³¬ BIOS ¤º <quote>Plug and Play Operating System</quote>
+ ªº³]©w¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="asusk7v-boot-failure">
- <para>The boot floppy hangs on a system with an ASUS K7V
- motherboard. How do I fix this?</para>
+ <para>¥D¾÷ªO¬O¥ÎµØºÓ(ASUS) K7V¡A¥i¬O¥Î¶}¾÷¤ù¶}¨ì¤@¥b´N·í¤F¡A«ç»ò¿ì©O¡H</para>
</question>
<answer>
- <para>Go into the BIOS setup and disable the <quote>boot virus
- protection</quote>.</para>
+ <para>¶i¤J BIOS ³]©w¡A¨ÃÃö³¬ <quote>boot virus protection</quote> ³]©w§Y¥i¡C</para>
</answer>
</qandaentry>
<qandaentry>
- <question id="micron-3comnic-failure">
- <para>Why does my &tm.3com; PCI network card not work with my Micron
- computer?</para>
+ <question id="newcard-does-not-work">
+ <para>My PCMCIA card does not work. I have a message:
+ <quote>cbb0: unsupported card type detected.</quote>
+ What can I do?</para>
+ </question>
+
+ <answer>
+ <para>You can try to use the original OLDCARD implementation. Edit
+ your kernel configuration file and remove the following lines:
+ <programlisting>device cbb
+device pccard
+device cardbus</programlisting>
+ Then add:
+ <programlisting>device pcic
+device card 1</programlisting>
+ Rebuild and install the new kernel as described in
+ <ulink url="&url.books.handbook;/kernelconfig.html">Configuring
+ the FreeBSD Kernel</ulink>.</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question id="dell-poweredge-failure">
+ <para>¬°¤°»ò &dell; &poweredge; 2850 ¸Ë§¹ FreeBSD ¤§«á¡A­«¶}¾÷±µµÛÁä½L´N±¾¤F¡H</para>
</question>
<answer>
- <para>Certain Micron motherboards have a non-conforming PCI BIOS
- implementation that does not configure PCI devices at the
- addresses reported. This causes grief when FreeBSD
- boots.</para>
+ <para>(¥»ÃD¥Ñ cdsheen ´£¨Ñ)À|¸Õ¦b &dell; &poweredge; 2850 ¤W­±¦w¸Ë &os; 6.0¡A
+ ¤£¹L¦w¸Ë§¹¦¨¡B¨Ã­«·s¶}¾÷¤§«á¡Aµo²{ console ªºÁä½L¤£¯à°Ê¤F¡A
+ ¦P¼Ëªº±¡ªp¦ü¥G¤]¦s¦b©ó &os; 5.3 ¤Î &os; 5.4¡A
+ ¸g¹L¤@µf·j´M¡Aµoı¬O¦]¬°³o¥x¾÷¾¹¤W­±¦³¤@­Ó <quote>Dell Remote Access Controller (DRAC)</quote>¡A
+ ³o­Ó¸Ë¸m·|³Q¨t²Î¿ëÃѦ¨¤@­Ó USB Keyboard¡A©Ò¥H¾É­P¶}§¹¾÷¤§«á¡A¥¿±`ªº PS/2 Áä½L¤Ï¦Ó¤£¯à°Ê¤F¡I</para>
- <para>To work around this problem, disable the
- <quote>Plug and Play Operating System</quote> flag in the
- BIOS.</para>
+ <para>¼È®É¸Ñ¨M¤è¦¡¦p¤U¡G</para>
+
+ <orderedlist>
+ <listitem>
+ <para>¥ý¥H Single User Mode ¶i¤J¨t²Î</para>
+ </listitem>
+
+ <listitem>
+ <para>¦b©R¥O¦C¼Ò¦¡¤U¡A¥ý°õ¦æ¤U¦C©R¥O¡G</para>
+ <screen>&prompt.root; <userinput>fsck -y <filename>/</filename></userinput></screen>
+ <screen>&prompt.root; <userinput>mount -u <filename>/</filename></userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>µM«á½s¿è <filename>/etc/devd.conf</filename>¡A§â¹ï©ó USB Keyboard ªº¤ä´©¼È®É®³±¼¡A
+ ¤]´N¬O§â¤U­±´X¦æ¶}ÀY¥[¤W #</para>
+ <programlisting>
+# When a USB keyboard arrives, attach it as the console keyboard.
+#attach 100 {
+# device-name "ukbd0";
+# action "kbdcontrol -k /dev/ukbd0 < /dev/console && /etc/rc.d/syscons restart";
+#};
+#detach 100 {
+# device-name "ukbd0";
+# action "kbdcontrol -k /dev/kbd0 < /dev/console";
+#};
+</programlisting>
+ </listitem>
+
+ <listitem>
+ <para>µM«á¿é¤J <command>exit</command>Â÷¶} Single User Mode ¤§«á¡A
+ ´N¥i¥H¶¶§Q¶i¤J¨t²Î¡B¦Ó¥BÁä½L¤]¥i¥H¥¿±`¹B§@¡A¤U¦¸¶}¾÷¤]¤£·|¦³°ÝÃD¡I</para>
+ </listitem>
+ </orderedlist>
+
+ <para>¥t¥~¡A&dell; ªº DRAC/BMC ¬Ý°_¨Ó¦³ÆZ¦h¤£¿ùªº»·ºÝ¦s¨ú¥\¯à¡A¦³¿³½ìªº¤H¥i¥Hª±ª±¬Ý...</para>
</answer>
</qandaentry>
</qandaset>
</sect1>
</chapter>
<chapter id="troubleshoot">
<chapterinfo>
<author>
<firstname>William</firstname>
<surname>Liao</surname>
<affiliation>
<address><email>chliao@tpts4.seed.net.tw</email></address>
</affiliation>
</author>
</chapterinfo>
<title>±`¨£°ÝÃD¸Ñ¨M</title>
<qandaset>
<qandaentry>
<question id="awre">
<para>§ÚªºµwºÐ¦³Ãa­y®É¸Ó«ç»ò¿ì?</para>
</question>
<answer>
<para>­Y¬O SCSI µwºÐªº¸Ü¡A¨º»òºÏºÐ¾÷À³¸Ó¦³¯à¤O¦Û°Ê§@ re-mapping
ªº°Ê§@¡CµM¦Ó¡A¦]¬°¤@¨Ç¥¼ª¾ªº¦]¯À¡A¦b¥X¼t®É¡A«Ü¦hµwºÐªº³o¶µ
¥\¯à¬OÃö³¬ªº...</para>
<para>­n±N¨ä­«·s¶}±Ò¡A±z»Ý­n½s¿è¸Ë¸mªº²Ä¤@­Ó page ¼Ò¦¡
¡]first device page mode¡^¡A¦b FreeBSD ¤W¥i¥H¥Î¤U­±ªº«ü¥O¿ì¨ì
¡]¥H <username>root</username>¨­¤À°õ¦æ¡^</para>
<screen>&prompt.root; <userinput>scsi -f /dev/rsd0c -m 1 -e -P 3</userinput></screen>
<para>µM«á±N AWRE ©M ARRE ªº¼Æ­È±q 0 Åܦ¨ 1:-</para>
<programlisting>AWRE¡]Auto Write Reallocation Enbld¡^¡G 1
ARRE¡]Auto Read Reallocation Enbld¡^¡G 1</programlisting>
<para>¥H¤U³o¬q¬O¥Ñ Ted Mittelstaedt
<email>tedm@toybox.placo.com</email>©Ò´£¨Ñ¡G</para>
<para>­Y¬° IDE µwºÐ¡A¥ô¦óªºÃa­y³q±`³£¬O³Â·Ðªº¹w¥ü¡C¥Ø«e©Ò¦³¸û·sªº
IDE µwºÐ¡A¤º³¡³£¦³¦Û°Ê remapping Ãa­yªº¯à¤O¡C¥Ø«e©Ò¦³ IDE µwºÐ
»s³y°Ó¡A³£´£¨Ñ¤F§ó¤[ªº«OÃÒ¡A¦Ó¥B·|À°±z§ó´«¥X²{Ãa­yªºµwºÐ¡C</para>
<para>¦pªG±z¤´·Q­n­×´_²£¥ÍÃa­yªº IDE µwºÐ¡A±z¤´¥i¥H¸ÕµÛ¥h¤U¸ü IDE
µwºÐ»s³y°Ó©Ò´£¨ÑªºÀË´úµ{¦¡¡A¨Ã¥Î¥¦¨ÓÀˬd±zªºµwºÐ¡C¦³®É³o¨Ç³nÅé¥i
¥H±j­¢­«·sÀˬdµwºÐªºÃa­y¡A¨Ã±N¥¦­Ì¼Ð¥Ü¥X¨Ó¡C</para>
<para>¹ï ESDI¡ARLL ¤Î MFM ªºµwºÐ¨Ó»¡¡A³q±`Ãa­y¬O¥¿±`²{¶H¡A¤]¤£¬O¤°
»ò³Â·Ðªº«e¥ü¡C¦b PC ¤W¡AºÏºÐ±±¨î¥d©M BIOS ­t³d¼Ð¥ÜÃa­yªº¥ô°È¡C³o
¹ï¤@¨Ç¨Ï¥Î BIOS¨Ó¦s¨úºÏºÐªº§@·~Àô¹Ò¡]¦p DOS¡^¬O¨S¦³°ÝÃDªº¡CµM¦Ó¡A
FreeBSD ªººÏºÐÅX°Êµ{¦¡¨Ã¤£¸g¹L BIOS ¨Ó¦s¨úºÏºÐ¡A©Ò¥H¡A¦³­Ó bad144
ªº¾÷¨î¥Î¨Ó¨ú¥N³o¶µ¥\¯à¡Cbad144 ¥u¯à¥Î¦b wd ³o­ÓºÏºÐÅX°Êµ{¦¡¤W¡]³o
­Ó¥Nªí¤F FreeBSD 4.0 ¨Ã¤£¤ä´©¥¦¡^¡A¥¦¤]µLªk¥Î¦b SCSI µwºÐ¤W¡C
bad144ªº¤u§@¤èªk¬O±N©Ò¦³§ä¨ìªºÃa­y¸ê®Æ¦s¨ì¤@­Ó¯S§OªºÀÉ®×ùØ¡C</para>
<para>¨Ï¥Î bad144 ªºÄµ§i - ¦sµÛÃa­y¸ê®Æªº¯S§OÀɮ׬O©ñ¦bµwºÐªº³Ì«á
¤@­y¤W¡C¦]¬°³o­ÓÀÉ®×Àx¦sªºÃa­y¸ê®Æ¤¤¡A¦³¥i¯à¦³¨Ç¸ê®Æ¬O«ü¦VµwºÐ³Ì
«eºÝ©Òµo¥ÍªºÃa­y±¡§Î¡A´N¬O¥i¯àÀx¦s /kernel ³o­ÓÀɪº¦a¤è¡A©Ò¥H¥¦
¤@©w­n¯à³Q¶}¾÷µ{¦¡©ÒŪ¨ú¡A¦Ó¶}¾÷µ{¦¡¬O³z¹L BIOS ¨ÓŪ¨ú kernel
ÀÉ¡C³oªí¥Ü¤F¨Ï¥Î bad144 ªºµwºÐµ´¤£¯à¾Ö¦³¶W¹L 1024 ­Ó cylinder¡A
16 ­Ó head ¤Î 63 ­Ó sector¡C¦Ó³o¨Ï±o±ý¨Ï¥Î bad144 ªºµwºÐªº¤j¤p¤£
¯à¤j©ó 500 MB¡C</para>
<para>­n¨Ï¥Î bad144 «Ü²³æ¡A¥u­n¦b¶}©l¦w¸Ë®É¡A¦b FreeBSD fdisk µe­±
§â<quote>Bad Block</quote> ±½ºË³]¬° ON §Y¥i¡C¦b FreeBSD 2.2.7 ¥H
«á³£¥i¥H¨Ï¥Î¦¹¤èªk¡C¦ý³o­ÓµwºÐªº cylinder ¤@©w­n¦b 1024 ¥H¤U¡C¨Ï
¥Î«e¡A§Ú­Ì«Øij³o­ÓµwºÐ­n¦Ü¤Ö¥ý¨Ï¥Î¥|­Ó¤p®É¡A¥H«K¼ö¿±µÈ»PºÏ­y°¾²¾
¹F¤@¯ëª¬ºA¡C</para>
<para>¦pªG³o­ÓµwºÐ¾Ö¦³¶W¹L 1024 ­Ó cylinder¡]¹³¤j®e¶qªº ESDI µwºÐ¡^
¡AESDI ±±¨î¥d§Q¥Î¤@­Ó¯S§OªºÂà´«¼Ò¦¡¨Ï¥¦¯à¦b DOS ¤U¤u§@¡C¦Ó¦pªG±z
¦b fdisk ùتº <quote>set geometry</quote> ¤¤¿é¤J
<quote>Âà´«¹L</quote> ªº geometry¡Awd ³o­ÓÅX°Êµ{¦¡¯à¤F¸Ñ³o¨ÇÂà´«
¼Ò¦¡¡C±z¤]µ´¹ï¤£¯à¨Ï¥Î dangerously dedicated ¼Ò¦¡¨Ó«Ø¥ß FreeBSD
ªº¤À³Î°Ï¡A¦]¬°¥¦·|©¿²¤ geometry ³o­Ó°Ñ¼Æ¡C¦¹¥~¡A´Nºâ fdisk ¨Ï¥Î
±z©Ò¿é¤Jªº geometry °Ñ¼Æ¡A¥¦¨ÌµM·|¥hŪ¨ú³oµwºÐªº¯u¥¿¸ê®Æ¡A¦Ó·|¹Á
¸Õ¥h«Ø¥ß¤@­Ó¹L¤jªº FreeBSD ¤À³Î°Ï¡C¦pªGºÏºÐªº geometry ¤w¸g³Q
<quote>Âà´«</quote> ¹L¤F¡A¨º»ò ³o­Ó¤À³Î°Ï <quote>¥²¶·</quote>
¥H¤â°Ê¿é¤J block ¼Æ¥Øªº¤èªk¨Ó«Ø¥ß¡C</para>
<para>¤@­Ó§Ö³tªº¤p§Þ¥©¬O§Q¥Î ESDI ±±¨î¥d¨Ó³]©w¤j®e¶qªº ESDI µwºÐ¡A
¥Î DOS ¶}¾÷¤ù¶}¾÷¡A¦A±N¥¦ format ¬° DOS ªº¤À³Î°Ï¡CµM«á­«¶}¾÷¶i¤J
FreeBSD ¦w¸Ëµ{§Ç¡A¦b fdisk µe­±¡A§âDOS ¤À³Î°Ïªº blocksize ©M
block number §Û¤U¨Ó¡CµM«á­«·s³]©w geometry ¨Ï¨ä¸ò DOS ¨Ï¥Îªº¤@¼Ë¡C
§R°£ DOS ¤À³Î°Ï¡AµM«á¨Ï¥Î±z­è­è§Û¤Uªº blocksize ¨Ó«Ø¥ß¤@­Ó
<quote>cooperative</quote> FreeBSD ¤À³Î°Ï¡CµM«á³]©w³o­Ó¤À³Î°Ï¬°¥i
¶}¾÷¡A¦A¥´¶}Ãa­y±½ºË¡C¦b¯u¥¿ªº¦w¸Ë¹Lµ{¤¤¡Abad144 ·|¦b¥ô¦óÀɮרt²Î
³Q«Ø¥ß«e¥ý³Q°õ¦æ¡C¡]±z¥i¥H«ö Alt-F2 ¨ÓºÊ¬Ý³o¤@¤Á¡^¦pªG¦b«Ø¥ßÃa­y¸ê
®ÆÀɮɵo¥Í¤F°ÝÃD¡A±z·|»Ý­n³]©w¤@­Ó¸û¤jªººÏºÐ geometry - ³oªí¥Ü±z
»Ý­n­«¶}¾÷¡AµM«á¥þ³¡¦A­«·s¶}©l¡]¥]¬A­«·s¤À³Î¥H¤Î¦b DOS ¤U­«·s
format¡^¡C</para>
<para>¦pªG remapping ªº¥\¯à¤w¸g±Ò°Ê¤F¡A¦Ó±z¨ÌµM¤@ª½¬Ý¨ìÃa­y²£¥Í¡A
¨º»ò¦Ò¼{´«¤@¥xµwºÐ§a¡CÃa­yªº±¡§Î¥u·|ÀH®É¶¡¼W¥[¦Ó§ó¬°ÄY­«¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bustek742a-eisa-scsi">
<para>¬°¤°»ò FreeBSD §ì¤£¨ì§Úªº Bustek 742a EISA SCSI ¥d¡H</para>
</question>
<answer>
<para>¤U­±ªº¸ê°T¬Oµ¹ 742a ³o±i¥d¥Îªº¡A¦ý¬O¨ä¥L Buslogic ªº¥d©Î³\¤]
¥i¥H¾A¥Î¡C¡]Bustek ´N¬O Buslogic¡^</para>
<para>742a ³o±i¥d¦³¨â­Ó¥D­nªº<quote>ª©¥»</quote>¡C¤@­Ó¬Oª©¥» A-G¡A
¥t¤@­Ó¬Oª©¥» H ¤Î¨ä¥H«á¡Cª©¥»¸ê°T¥i¥H±q¤¶­±¥dÃä½tªº¬y¤ô¸¹³Ì«á­±
±oª¾¡C742a ³o±i¥d¦³¨â­Ó°ßŪ´¹¤ù¦b¥¦¤W­±¡A¤@­Ó¬O BIOS ´¹¤ù¡A¦Ó¥t
¤@­Ó¬O¶´Åé´¹¤ù¡C FreeBSD ¨Ã¤£¦b¥G±z¥d¤Wªº BIOS ª©¥»¡A¦ý¬O¶´Å骺
ª©¥»´N«Ü­«­n¤F¡C¦pªG§A¥´¹q¸Üµ¹¥L­Ì§Þ³N¤ä´©±M½uªº¸Ü¡A¥L­Ì·|±Hµ¹
±z³Ì·sªºª©¥»¨Ñ±z¤É¯Å¡C BIOS ©M¶´Åé´¹¤ù¬O¤@°_°e¨Óªº¡C ±z»Ý­n±N¥d
¤W BIOS ©M¶´Å骩¥»¡A¨Ì±z¥dª©¥»ªº¤£¦P¡A¤É¯Å¨ì³Ì·sªº¤@ª©¡C</para>
<para>ª©¥» A-G ªº¥d³Ì°ª¥u¯à±N BIOS/¶´Åé ¤É¯Å¨ì 2.41/2.21 ª©¡A¦Ó H
¤Î¨ä¤§«áªºª©¥»¡A¥Ø«e BIOS/¶´Å骺³Ì·sª©¥»¬O 4.70/3.37¡C³o¨â­Ó¶´Åé
ª©¥»¶¡ªº®t²§¦b©ó¡A3.37 ³oª©¤ä´© <quote>round robin</quote></para>
<para>Buslogic ªº¥d¤W­±¤]³£¦³§Ç¸¹¡C¦pªG±z¥dªºª©¥»¸û¡A±z¥i¥H¸ÕµÛ¥´
¹q¸Üµ¹ Buslogic ªºRMA ³¡ªù¡AµM«áµ¹¥L­Ì±zªº§Ç¸¹¡A¬Ý¯à¤£¯à¸ò¥L­Ì¥æ
´«¤@±i¸û·sª©¥»ªº¥d¡C¦pªG¨º±i¥d°÷ªº¸Ü¡A¥L­Ì·|´«µ¹§A¡C</para>
<para>FreeBSD 2.1 ¥u¤ä´©¶´Åé 2.21 ª©¥H«áªºª©¥»¡C¦pªG±z¶´Å骩¥»¤ñ³o
­ÓÁÙªº¸Ü¡A¨º»ò±zªº¥d´N¤£¯à³Q¿ëÃÑ¥X¬O Buslogic ªº¥d¡C¥¦¦³¥i¯à·|
³Q¿ëÃѦ¨ Adaptec 1540¡C¸û¦­ªº Buslogic ¥d¤Wªº¶´Å馳¤@­Ó AHA1540
<quote>¼ÒÀÀ</quote> ¼Ò¦¡¡A³o¹ï¤@±i EISA ¥d¨Ó»¡¨Ã¤£¬O¥ó¦n¨Æ¡C</para>
<para>¦pªG±z¦³¤@±i¸ûª©¥»ªº¥d¡A¦Ó±z¨ú±o 2.21 ª©¶´Å骺¸Ü¡A±z»Ý­nÀË
¬d¤@¤U jumper W1 ªº¦ì¸m¡A±N¥¦½Õ¦Ü B-C¡A­ì©l³]©w¬O A-B¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="hpnetserver-scsi-failure">
<para>¬°¤°»ò FreeBSD §ì¤£¨ì§Úªº HP Netserver ªº SCSI ±±¨î¥d¡H</para>
</question>
<answer>
<para>°ò¥»¤W³o­Ó¬O¤@­Ó¤wª¾ªº°ÝÃD¡C¦b HP Netserver ¾÷¾¹¤Wªº on-board
EISA ¤¶­± SCSI ±±¨î¥d¥e¾Ú¤F©w§}¬°²Ä 11 ªº EISA ¼Ñ¡A¦]¦¹©Ò¦³ªº
<quote>¯u¹ê</quote> EISA ¼Ñ³£¦b¥¦¤§«e¡C¥i¬O¡A¦b EISA ©w§}ªÅ¶¡
&gt;= 10 ®É¡A·|»P«ü©wµ¹ PCI ¥Îªº©w§}ªÅ¶¡¬Û½Ä¬ð¡A¥B FreeBSD ªº
auto-configuration µLªk¥¿½Tªº³B²z³o­Ó±¡§Î¡C</para>
<para>¦]¦¹¡A²{¦b§A¯à°µªº³Ì¦n¨Æ±¡´N¬O¦b kernel ùس]©w
<literal>EISA_SLOTS</literal> ³o­Ó¿ï¶µ¬° 12 ¡AµM«á·í§@¨S¦³³o­Ó
°ÝÃD :)¡C½Ð¨Ì·Ó <ulink URL="../../handbook/kernelconfig.html">
Handbook ¤¤¦³Ãö kernel ªº³]©w</ulink> ùØ©Ò»¡ªº¤èªk¨Ó³]©w»P½sĶ
±zªº kernel¡C</para>
<para>·íµM¡A¦b¦w¸Ë FreeBSD ¨ì³oºØ¾÷¾¹¤W®É¡A³o¬O¤@­ÓÂû¥Í³J³J¥ÍÂûªº
°ÝÃD¡C¬°¤F¸Ñ¨M³o­Ó°ÝÃD¡A¦b <emphasis>UserConfig</emphasis> ¤¤¦³
¤@­Ó¯S§Oªº¤èªk¡A¦w¸Ë®É¤£­n¶i¤J <quote>visual</quote> ¤¶­±¡A¬Û¤Ï
ªº¡A¦b©R¥O¦C¼Ò¦¡¤¤¡AÁä¤J</para>
<programlisting>eisa 12
quit</programlisting>
<para>µM«á´N¦p¥H©¹¤@¼Ë¦w¸Ë±zªº¨t²Î¡C¤£¹L§Ú­Ì«Øij±z½sĶ»P¦w¸Ë¤@­Ó
ÄÝ©ó¦Û¤vªº kernel¡A¦ý</para>
<para>§Æ±æ¦b¥¼¨Óªºª©¥»¤¤¯à¹ï³o­Ó°ÝÃD¦³¤@­Ó¦nªº¸Ñ¨M¤èªk¡C</para>
<note>
<para>±zµLªk¦b HP Netserver ¤W¨Ï¥Î
<literal>dangerously dedicated</literal> ºÏºÐ¼Ò¦¡¡C±z¥i¥H°Ñ¦Ò
<link linkend="dedicate">³o¥÷µù¸Ñ</link> ¥HÀò±o§ó¦h¸ê°T¡C</para>
</note>
</answer>
</qandaentry>
<qandaentry>
<question id="cmd640-ide">
<para>CMD640 IDE ±±¨î´¹¤ù¥X¤F¤°»ò°ÝÃD¡H</para>
</question>
<answer>
<para>¥¦ªº°ÝÃD¦b©óµLªk¦P®É³B²z¨â­Ó channel ªº«ü¥O¡C</para>
<para>²{¦b¤w¸g¦³­Ó¸Ñ¨M¤èªk¤F¡A¦Ó¥B¦b±zªº¨t²Î¤¤¦³³o¶ô´¹¤ù®É·|¦Û°Ê
±Ò°Ê¡C¦pªG»Ý­n§ó¸ÔºÉªº¸ê°T¡A½Ð¬d¾\¦³ÃöºÏºÐÅX°Êµ{¦¡ªº»¡©ú
¡]man 4 wd¡^¡C</para>
<para>¦pªG±z¥Ø«e¬O¨Ï¥Î CMD640 IDE ±±¨î´¹¤ù¡A¥[¤W FreeBSD 2.2.1 ©Î
2.2.2¡A¦Ó¥B±z¤S·Q­n¨Ï¥Î¨ì²Ä¤G­Ó channel ®É¡A½Ð¦b±zªº kernel ³]
©w¤¤¥[¤J <literal>options "CMD640"</literal> µM«á­«·s½sĶ¤@­Ó·s
ªº kernel¡C³o­Ó option ¦b 2.2.5 ª©¥H«á¬O¤º©w±Ò°Êªº¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ed1-timeout">
<para>§Ú¤@ª½¬Ý¨ìÃþ¦ü
<errorname>ed1: timeout</errorname> ªº°T®§¡C¥¦­Ì¬O¤°»ò·N«ä©O¡H
</para>
</question>
<answer>
<para>³o­Ó³q±`¬O¥Ñ©ó¤¤Â_½Ä¬ð¡]interrupt conflict¡^©Ò³y¦¨ªº¡]¨Ò¦p¡A
¨â¶ô¥d¨Ï¥Î¨ì¤F¬Û¦Pªº IRQ¡^¡C FreeBSD ¦b 2.0.5 ª©¥H«e³£®e³\³o­Ó
±¡§Î¡A´Nºâ¦³ IRQ ½Ä¬ð±¡§Î¡Aºô¸ô¥d¤]À³¸Ó¤´¥i¥¿±`¹B§@¡CµM¦Ó¡A¦b
2.0.5 ª©¤Î¨ä¥H«á¡A¤w¤£¦A®e³\¦³ IRQ ½Ä¬ðªº±¡§Î¤F¡C½Ð©ó¶}¾÷®É¨Ï
¥Î -c ³o­Ó¿ï¶µ¡AµM«á§ó§ï ed0/de0/..¡Cµ¥ªº³]©w¡A¨Ï¨ä©M±zºô¸ô¥d
¥»¨­ªº³]©w¤@­P¡C</para>
<para>¦pªG±z¬O¨Ï¥Î±zºô¸ô¥d¤Wªº BNC ±µÀY¡A±z©Î³\¤]·|¦]¤£¨}ªº²×ºÝ¹q
ªý³]©w¡A¦Óµo¥Í¸Ë¸m (device) timeout ªº±¡§Î¡C­nÀˬd¬O§_¦³³oºØ±¡
§Î¡A±z¥i¥H¦bºô¸ô¥d¤Wª½±µ±µ¤W²×ºÝ¹qªý¡]¤£­n±µºô¸ô½u¡^¡AµM«á¬Ý¬Ý³o
­Ó¿ù»~°T®§¬O¤£¬O´N®ø¥¢¤F¡C</para>
<para>¦³¨Ç NE2000 ªº¬Û®e¥d¡A¦pªG¥¦ªº UTP °ð¨S¦³±µºô¸ô½u¡A©Î¬O¸Óºô
¸ô½u¨Ã¨S³Q¨Ï¥Îªº¸Ü¡A¤]·|¥X²{³o­Ó¿ù»~°T®§¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bad-3c509">
<para>¬°¤°»ò§Úªº 3COM 3C509 ³o¶ôºô¸ô¥d¦b¨S¦³¥ô¦ó©úÅã­ì¦]¤U°±¤î¤u§@
¤F©O¡H</para>
</question>
<answer>
<para>³o¶ô¥d¦³­Ó¤£¦nªº¦a¤è¦b©ó¥¦±`±`·|¿ò¥¢¥»¨­ªº³]©w¸ê®Æ¡C½Ð¨Ï¥Î¸Ó
¥dªº DOS ¤u¨ã <command>3c5x9.exe</command> ¨Ó§ó·s¥d¤W³]©w¡C
</answer>
</qandaentry>
<qandaentry>
<question id="printer-slow">
<para>§Úªº¥­¦æ°ð¦Lªí³t«×¯}¤Ñ¯îªººC¡C§Ú¸Ó«ç»ò°µ¡H</para>
</question>
<answer>
<para>¦pªG°ß¤@ªº°ÝÃD´N¬O³t«×«ÜºCªº¸Ü¡A¸ÕµÛ§ïÅܱzªº <ulink
url="../handbook/printing-intro-setup.html#PRINTING-PARALLEL-PORT-MODE">
¦Lªí¾÷³s±µ°ð³]©w</ulink> ³o­Ó¦b¤â¥U¤¤ªº
<ulink url="../handbook/printing-intro-setup.html">¦Lªí¾÷³]©w
</ulink> ³o­Ó³¹¸`¦³¥[¥H°Q½×¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="signal11">
<para>§Úªºµ{¦¡¦³®É·|¦]
<errorname>Signal 11</errorname> ³o­Ó¿ù»~¦Ó°±¤î¡H</para>
</question>
<answer>
<para>Signal 11 ³o­Ó¿ù»~¬O¦]¬°§Aªº process ¹Á¸Õ­n¦s¨ú¤@¶ô°O¾ÐÅé¡A
¦Ó§Aªº§@·~¨t²Î¨Ã¤£¤¹³\¥¦°µ³o­Ó°Ê§@¦Óµo¥Íªº¡C¦pªG³oºØ±¡§Î±`±`¤£
©w®Éµo¥Í¡A¨º»ò§AÀ³¸Ó­n¶}©l¬Ý¬Ý¬O¤£¬O­þ¸Ì¥X°ÝÃD¤F¡C</para>
<para>³o¨Ç°ÝÃD¥i¯à¬O»P¤U¦C±¡§Î¦³Ãö¡G</para>
<orderedlist>
<listitem>
<para>¦pªG³o­Ó°ÝÃD¥u¦b¬Y¤@­Ó±z¦Û¤v¼gªº¬Y­Ó¯S©wµ{¦¡µo¥Í¡A¨º
»ò«Ü¦³¥i¯à¬O±zªºµ{¦¡½X¦³°ÝÃD¡C</para>
</listitem>
<listitem>
<para>¦pªG³o­Ó°ÝÃD¬O¦b FreeBSD ªº¬Y¨Ç¨t²ÎÀÉ®×µo¥Í¡A¦³¥i¯à¬O
¦]¬°µ{¦¡¦³°ÝÃD¡A¦ý³q±`¦b§Ú­Ì³o¸sŪ FAQ ªº¨Ï¥ÎªÌ¥h¶]³o¨Ç¦³
°ÝÃDªºµ{¦¡½X«e¡A¥¦­Ì¦­´N´N¤w¸g³Q¸Ñ¨M¤F¡]³o¬O -current ¦b°µ
ªº¨Æ¡^¡C</para>
</listitem>
</orderedlist>
<para>¤×¨ä¦pªG§A¦b½sĶ¤@­Óµ{¦¡¡A¦ý¬O¨C¦¸½sĶ¾¹¶]¥X¨Óªºµ²ªG³£¤£¤@¼Ë
ªº¸Ü¡A³o¬O¤@­ÓµL¸Ñªº°ÝÃD¡A¦Ó<emphasis>¤£¬O</emphasis>
FreeBSD ¯äÂΡC</para>
<para>Á|¨Ò¨Ó»¡¡A°²³]±z¥¿¦b¶] <quote>make buildworld</quote>¡A
¦Ó compiler ¦b±N <filename>ls.c</filename> ½sĶ¦¨
<filename>ls.o</filename> ®Éµo¥Í¿ù»~¡A³o®É½Ð¦A¶]¤@¦¸
<quote>make buildworld</quote>¡A¦pªG compiler ¨ÌµM¦b¦P¼Ëªº¦a¤èµo
¥Í°ÝÃD¡A¨º»ò´N¬Oµ{¦¡½X¦³°ÝÃD¡Ð¡Ð½Ð§ó·s­ì©l½XµM«á¦A¸Õ¸Õ¬Ý¡C¦Ó¦pªG
compiler ¬O¦b¨ä¥Lªº¦a¤èµo¥Í¿ù»~¡A¨º»ò´X¥G¥i¥H½T©w¬OµwÅ骺°ÝÃD¤F¡C
</para>
<para>±z³o®ÉÀ³¸Ó°µ¤°»ò¡G</para>
<para>¦pªG¬O²Ä¤@ºØ±¡§Î¡A¥i¥H¨Ï¥Î¤@¨Ç debugger¡A¦p¡Ggdb¡A¨Ó§ä¥Xµ{¦¡
¬O¦b¨º¨à·|¥h¹Á¸Õ¦s¨ú¿ù»~ªº°O¾ÐÅé¦ì§}¡AµM«á¦A­×¥¿¥¦¡C</para>
<para>¦pªG¬O²Ä¤GºØ±¡§Î¡A´N»Ý­nÀˬd¬Ý¬Ý¬O¤£¬OµwÅ骺°ÝÃD¤F¡C</para>
<para>¤@¨Ç³y¦¨µwÅ餣íªº­ì¦]¥]¬A¡G</para>
<orderedlist>
<listitem>
<para>¥i¯à¬OµwºÐ¹L¼ö¡G½ÐÀˬd¾÷´ß¤ºªº­·®°¬O§_¹B§@¥¿±`¡A¦]¬°±z
ªºµwºÐ¡]©ÎªÌÁÙ¦³¨ä¥LªºµwÅé¸Ë¸m¡^¹L¼ö¤F¡C</para>
</listitem>
<listitem>
<para>³B²z¾¹¹L¼ö¡G³o­Ó¦³¥i¯à¬O¦]¬°¶WÀW¡A©ÎªÌ¬O³B²z¾¹ªº­·®°±¾¤F¡C
¤£½×¬O­þºØ­ì¦]¡A±z³£»Ý­n±N©Ò¦³ªº¤¸¥ó¦^´_¨ì¥¦­Ì­ì¥ý³]©wªº¤u§@ª¬
ºA¡A³o¼Ë¤~¯à¸Ñ¨M³o­Ó°ÝÃD¡CÁ|­Ó¨Ò¤l¨Ó»¡¡G±N³B²z¾¹½Õ¦^­ì¥ýªº¤u§@
ÀW²v¡C</para>
<para>¦pªG±zÁÙ¬O°í«ù­n¶WÀWªº¸Ü¡A½ÐÂÔ°O¡A»P¨ä¿NÃa¦Ó»Ý­n´«·sªº¤@¥x
¥D¾÷¡A¤£¦p±N³t«×½ÕºC¤@ÂI¡I°£¦¹¤§¥~¡A¤£ºÞ§Aı±o¥¦¦w¤£¦w¥þ¡A¤@¯ë
¤H¹ï©ó±z¦]¬°¶WÀW¦Óµo¥Íªº°ÝÃD¡A¬O¤£·|¦³¤°»ò¦P±¡¤ßªº¡C</para>
</listitem>
<listitem>
<para>¤£Ã­©wªº°O¾ÐÅé¡G¦pªG¥D¾÷¤W¦³¦w¸Ë¼Æ®Ú SIMM/DIMM °O¾ÐÅé¡A
¸ÕµÛ§â¥¦­Ì¥þ©î¤U¨Ó¡AµM«á¤@®Ú¤@®Ú´¡¤W¥h°µ´ú¸Õ¡AÂǦ¹ÁY¤p½d³ò¡A
¥H«K§ä¥X¦³°ÝÃDªº¬Y®Ú°O¾ÐÅé©Î¬O¬YºØ°O¾ÐÅé²Õ¦X¡C</para>
</listitem>
<listitem>
<para>³Ì¨Î¤Æ¹LÀYªº¥D¾÷ªO³]©w¡G¦b BIOS ùةάO¦³¨Ç¥D¾÷ªOªº jumper
¤W¡A¦³®É¥i¥H§ó§ï¤@¨Ç timing¡A¦ý¦b¤j¦h¼Æªº±¡§ÎùØ¡A¨Ï¥Î¹w³]­È´N
¤w¸g¨¬°÷¤F¡Cªp¥B¦³®É­Ô§â RAM ªº wait states ³]¤Ó¤p¡A©Î¬O¦b
BIOS ùØ¡A§â <quote>RAM Speed: Turbo</quote> ³o­Ó©Î¬O¨ä¥LÃþ¦ü
ªº¿ï¶µ¥´¶}³£¦³¥i¯à·|³y¦¨¤@¨Ç¤£¥¿±`ªº²{¶H¡C¤@­Ó¸Ñ¨Mªº¤èªk¬O§â
BIOS ³]¦^¹w³]­È¡A¤£¹L¦b³o¤§«e°O±o¥ý°O¤U¥Ø«eªº³]©w¡I</para>
</listitem>
<listitem>
<para>¨Ñµ¹¥D¾÷ªOªº¹q¤O¤£°®²b©Î¬O¤£¨¬¡C¸ÕµÛ§â¨t²Î¤º¨S¦³¥Î¨ìªº
I/O ¥d¡DµwºÐ©Î¬O CDROM ¼È®É©î±¼©Î¬O©Þ±¼¹q·½½u¡A¬Ý¬Ý§Aªº¹q·½
¨ÑÀ³¾¹¬O¤£¬O¯à°÷¦b¤p¤@ÂIªº­t²ü¤U¥¿±`¤u§@¡C¤£µM´N¬O´«¤W¥t¤@
­Ó·sªº¹q·½¨ÑÀ³¾¹¡A³Ì¦n¬O¥Ë¼Æ°ª¤@ÂIªº¡]¥´­Ó¤ñ¤è¨Ó»¡¡A¦pªG­ì
¥ýªº¹q·½¨ÑÀ³¾¹¬O 250 ¥Ëªº¡A¨º»ò´N´«¤W 300 ¥Ëªº¸Õ¸Õ¡^¡C</para>
</listitem>
</orderedlist>
<para>½Ð¶¶«K°Ñ¾\ SIG11 FAQ¡]³sµ²¦b¤U­±¡^¡AÁöµM¥¦¬O¯¸¦b Linux ªº¨¤
«×¼gªº¡A¥i¬O¸Ì­±¹ï³o¨Ç°ÝÃD¦³³\¦h«Ü´Îªº¸Ñ»¡¡C¥¦¸Ì­±¤]¦³°Q½×¬°¤°»ò
¦³°ÝÃDªº°O¾ÐÅé¯à³q¹L³nÅé©ÎµwÅ骺´ú¸Õªº­ì¦]¡C</para>
<para>³Ì«á¡A¦pªG¤W­±³o¨Ç­ì¦]³£±Æ°£¤F¡A¨º»ò¦³¥i¯à¬O¹J¨ì¤F FreeBSD
ùتº¤@°¦¯äÂΡA½Ð°Ñ¾\«ü¥Ü°µ¤@­Ó°ÝÃD¦^³ø¡C</para>
<para>³o¨à¦³¤@­Ó§ó¸Ô²Óªº FAQ ¡Ð <ulink
URL="http://www.bitwizard.nl/sig11/">
the SIG11 problem FAQ</ulink></para>
</answer>
</qandaentry>
<qandaentry>
<question id="trap-12-panic">
<para>§Úªº¨t²Î·í¾÷®É¥X²{¡G<errorname>Fatal
trap 12: page fault in kernel mode</errorname>¡A©Î¬O
<errorname>panic:</errorname>¡A¦A¥[¤W¤@°ï¿ù»~°T®§¡A
§Ú¸Ó«ç»ò¿ì¡H</para>
</question>
<answer>
<para>FreeBSD ªº¶}µoªÌ¹ï©ó³o¨Ç¿ù»~°T®§¬Û·íªº¦³¿³½ì¡A¦ý¬O¥L­Ì»Ý­n
§ó¸Ô²Óªº¤@¨Ç²Ó¸`¡C½Ð§â±zªº·í¾÷ªº°T®§¥þ³¡½Æ»s¤U¨Ó¡A±µµÛ¬d¾\ FAQ
ùØ <link linkend="KERNEL-PANIC-TROUBLESHOOTING">kernel
panics</link> ³o¸`¡A¨Ì»¡©ú½sĶ¤@­Ó§t°£¿ù½Xªº kernel¡A¥H¨ú±o¨ç¦¡
©I¥s¶¶§Ç¡]backtrace¡^¡C³o­ÓÅ¥°_¨Ó«ÜÃø¡A¦ý¹ê»Ú¤W¨Ã¤£»Ý­n¥ô¦óµ{¦¡
³]­pªº¯à¤O¡A±z¥u»Ý­n¨Ì·Ó«ü¥Ü°µ§Y¥i¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="screen-loses-sync">
<para>¬°¤°»ò·í§Ú¶}¾÷®É¡A¿Ã¹õÅܶ¡A¥B¤£°±°{°Ê¡H</para>
</question>
<answer>
<para>³o­Ó°ÝÃD¡A¤wª¾¬O¥Ñ ATI Mach 64 Åã¥Ü¥d©Ò¤Þ°_ªº¡C¦]¬°³o¶ô¥d
¨Ï¥Î¨ì <literal>2e8</literal> ³o­Ó¦ì§}¡A¦Ó³o»P²Ä¥|­Ó§Ç¦C°ð
¡]serial port¡^©Ò¨Ï¥Îªº¦ì§}¬Û¦P¡C¦Ó¦b &man.sio.4; ³o­ÓÅX°Ê
µ{¦¡ùØ¡A¤£ª¾¹D¬O bug ©Î¬O¥\¯à¡]feature¡^¡A´Nºâ±z¨S¦³²Ä¥|­Ó§Ç
¦C°ð¡A©Î¬O¤w¸g±N sio3¡]²Ä¥|­Ó§Ç¦C°ð¡^¨ú®ø¤F¡A¥¦
<emphasis>¨ÌµM</emphasis>·|¥h¹Á¸ÕÅX°Ê¥¦¡C</para>
<para>ª½¨ì³o­Ó°ÝÃD³Q¸Ñ¨M¥H«e¡A±z¥i¥H¨Ï¥Î³o­Ó¤èªk¡G</para>
<orderedlist>
<listitem>
<para>¦b¬Ý¨ì¶}¾÷´£¥Ü®É¿é¤J <option>-c</option>
¡]³o·|Åý kernel ¶i¤J³]©w¼Ò¦¡¡^¡C</para>
</listitem>
<listitem>
<para>¨ú®ø <devicename>sio0</devicename> ¡A
<devicename>sio1</devicename> ¡A
<devicename>sio2</devicename> ©M
<devicename>sio3</devicename>¡]¥þ³¡¡^¡C
³o¥i¥HÅý sio ÅX°Êµ{¦¡¤£°Ê§@ -&gt; ©ó¬O°ÝÃD¸Ñ¨M¡C</para>
</listitem>
<listitem>
<para>¿é¤J exit ¥HÄ~Äò±Ò°Êµ{§Ç¡C</para>
</listitem>
</orderedlist>
<para>¦pªG±z·Q­n¨Ï¥Î±zªº§Ç¦C°ð¡A±z»Ý­n­×§ï
<filename>/usr/src/sys/i386/isa/sio.c</filename>¡A¦b¸ÓÀɤ¤§ä¥X
<literal>0x2e8</literal> ³o­Ó¦r¦ê¡A²¾°£³o­Ó¦r¦ê¤Î¥¦«e­±ªº³r¸¹
¡]«O¯d«á­±ªº¡^¡AµM«á­«·s½sĶ¤@­Ó·sªº kernel¡C</para>
<para>´Nºâ¨Ï¥Î¤F¤W­±³o¨Ç¤èªk¡AX Window ¤´µM¦³¥i¯àµLªk¶¶§Q°õ¦æ¡C
¦pªGµo¥Í¤F³oºØ±¡§Î¡A½Ð½T©w§A¥Îªº XFree86 ªºª©¥»¬O³Ì·sªº XFree86
3.3.3 ©Î¬O¨ä«áªºª©¥»¡C¥¦­Ì¦³¤º«Ø¤ä´© Mach 64 ³o±i¥d¡A¬Æ¦Ü¬°¤F³o
¨Ç¥dÁÙªþ¦³¤@­Ó¯S§Oªº X Server</para>
</answer>
</qandaentry>
<qandaentry>
<question id="reallybigram">
<para>¬°¤°»ò§Úªº¨t²Î¸Ë¦³ 128 MB ªº RAM¡A¦Ó FreeBSD ¥u¥Î¤F¨ä¤¤ªº
64MB¡H</para>
</question>
<answer>
<para>¦]¬° FreeBSD ¬O¨Ï¥Î©I¥s BIOS ¨Ó¨ú±o°O¾ÐÅé¤j¤pªº¤èªk¡A¦]¦¹¥¦
¥u¯à°»´ú¨ì 16 bits ¦ì¤¸ªø«×ªº KByte ¤j¤p¡]65535 KBytes = 64MB¡^
¡]©ÎªÌ§ó¤Ö..¡C¦³¨Ç BIOS ±N³Ì°ª°O¾ÐÅé¤j¤p­­¬°¥u¦³ 16MB¡^
¦pªG±z¾Ö¦³ 64MB ¥H¤Wªº RAM¡AFreeBSD ·|¹Á¸Õ¥h°»´ú¥X¥¦¡A¦ý¬O¦³¥i¯à
·|¥¢±Ñ¡C</para>
<para>­n¸Ñ¨M³o­Ó°ÝÃD¡A±z»Ý­n¨Ï¥Î¤U­±©Ò´£ªº kernel ³]©w¿ï¶µ¡CÁöµM¦³
¤èªk¥i¥H±q BIOS ¤¤¨ú±o°O¾ÐÅ骺§¹¾ã¸ê°T¡A¦ý¬O¥Ø«e§Ú­Ì¦b¶}¾÷°Ï¤¤¨Ã
¨S¦³¦h¾lªºªÅ¶¡¨Ó°µ³o¥ó¨Æ¡C·í¬Y¤Ñ¶}¾÷°ÏªÅ¶¡¤£¨¬ªº±¡§ÎÀò±o¸Ñ¨M®É¡A
§Ú­Ì±N·|¨Ï¥Î BIOS ªº©µ¦ù¥\¯à¨Ó¨ú±o°O¾ÐÅ骺§¹¾ã¸ê°T...¦ý²{¦b§Ú­Ì
±N¥¦©ñ¦b kernel ³]©w¿ï¶µ¤¤¡C</para>
<para><literal>options "MAXMEM=<replaceable>n</replaceable>"</literal></para>
<para><replaceable>n</replaceable> ¬O«ü±zªº°O¾ÐÅé¤j¤p¡A¥H KB
¬°³æ¦ì¡C¥H¤@¥x¦³ 128MB RAM ªº¾÷¾¹¨Ó»¡¡A±z¥i¨Ï¥Î
<literal>131072</literal>³o­Ó¼Æ¦r¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="panic-kmemmap-too-small">
<para>¬°¤°»ò FreeBSD 2.0 ¦]¬°
<errorname>kmem_map too small!</errorname>³o­Ó­ì¦]¦Óµo¥Í
panic ¡H</para>
</question>
<answer>
<note>
<para>³o­Ó°T®§¤]¦³¥i¯à¬O
<literal>mb_map too small!</literal></para>
</note>
<para>³o­Ó panic ªº­ì¦]¬Oªí¥Ü¨t²Î¥Î¥ú¤Fµ¹ºô¸ô½w½Ä°Ïªº©Ò¦³ªºµê
ÀÀ°O¾ÐÅé¡]¯S§O¬O mbuf clusters¡^¡C±z¥i¥H¼W¥[µ¹ mbuf clusters
ªº VM ªº¼Æ¶q¡A¥u­n¥[¤J:</para>
<para><literal>options "NMBCLUSTERS=<replaceable>n</replaceable>"</literal></para>
<para>¦b±zªº kernel ³]©wÀɤ¤¡A<replaceable>n</replaceable>
¬O¤@­Ó¦b 512-4096 ¶¡ªº¼Æ¦r¡A¨Ì±z·Q´£¨Ñ¦h¤Ö¦P®Éªº TCP ³s±µ¼Æ¥Ø
¦h¹è¦Ó©w¡C§Ú·|«Øij¸Õ¸Õ 2048 - ³o¼Æ¦rÀ³¸Ó¥i¥H§¹¥þÁקK³o­Ó panic
¤F¡C±z¥i¥H°õ¦æ: <command>netstat -m</command>
¡]see &man.netstat.1;¡^¨ÓºÊ¬Ý¦³¦h¤Ö mbuf clusters ¦b¨t²Î¤W¥¿³Q
°t¸m/¨Ï¥Î¡CNMBCLUSTERS ªº¼Æ­È¤º©w¬° <literal>512 + MAXUSERS * 16
</literal>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="proc-table-full">
<para>¬°¤°»ò§Ú¤@ª½¬Ý¨ì <errorname>/kernel: proc: table
is full</errorname> ³o­Ó¿ù»~°T®§¡H</para>
</question>
<answer>
<para>FreeBSD ªº kernel ¥u·|¤¹³\¤@©w¼Æ¶qªº process ¦b¦P¤@®É¶¡¸Ì¦P
®É¹B§@¡C¦Ó³o­Ó¼Æ¥Ø¬O®Ú¾Ú kernel ³]©wÀɸ̭±ªº
<literal>MAXUSERS</literal> ­È¨Ó¨M©wªº¡C<literal>MAXUSERS</literal>
³o­Ó­È¤]·|¼vÅT¨ä¥Lªº kernel ¤º©w­È¡A¤ñ¦p»¡ºô¸ô½w½Ä°Ï
¡]½Ð°Ñ¾\<link linkend="panic-kmemmap-too-small">³o­Ó</link>¤§«e°Q
½×¹Lªº°ÝÃD¡^¡C¦pªG¾÷¾¹­t²ü¡]load¡^«Ü­«¡A±z¥i¯à»Ý­n¼W¥[
<literal>MAXUSERS</literal> ³o­Ó­È¡C³o»ò§@·|¤@¨Ö´£°ª¨t²Îªº¨ä¥L¤º
©w­È¡A¥]¬A³Ì¤j¥i¾Ö¦³ªº process ¼Æµ¥¡C</para>
<para>¦b FreeBSD 4.4 ¤§«á¡A<literal>MAXUSERS</literal> ¤w¸gÅܦ¨¥i
¥H¾aµÛ§ó§ï <filename>/boot/loader.conf</filename> ùتº
<varname>kern.maxusers</varname> ³o­Ó­È¦Ó½Õ¾ãªºÅܼƤF¡C¦Ó¦b¤§«e
ªº FreeBSD ª©¥»¤¤¡A³o­Ó­È¥u¯à¦b kernel ³]©wÀÉùؽվã¡C</para>
<para>¦pªG¾÷¾¹­t²ü¨Ã¤£­«¡A¦Ó±z¥u¬O»Ý­n¦P®É¶]«Ü¦h«Ü¦h process¡A
¨º»ò¤]¥i¥Hª½±µ¥Î sysctl ½Õ¾ã <varname>kern.maxproc</varname>
³o­Ó­È¡C°²¦p³o¨Ç process ³£¬OÄÝ©ó¬Y­Ó¨Ï¥ÎªÌªº¡A¨º»ò±zÁٻݭn¥t
¥~½Õ¾ã <varname>kern.maxprocperuid</varname> ³o­Ó­È¡A¨Ï¥¦¤ñ·s
ªº <varname>kern.maxproc</varname> ³o­Ó­È¤Ö¤@¡]¤@©w­n¤Ö¤@¡A
¦]¬° &man.init.8; ³o­Ó¨t²Îµ{¦¡µ´¹ï­n«O«ù¦b¹B§@ª¬ºA¡^¡C</para>
<para>¦pªG·Q¦b¨C¦¸¶}¾÷³£­n§ó§ï sysctl ªº­È¡A¦Ó¥B±zªº FreeBSD ¬O
³Ìªñªºª©¥»ªº¸Ü¡A½Ð¦b <filename>/etc/sysctl.conf</filename> ³o
­ÓÀɤ¤³]©w¡A¦Ó¦pªG¬Oªºª©¥»¡A¥i¥H¦b
<filename>/etc/rc.local</filename> ¤¤§@³]©w¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="cmap-busy-panic">
<para>¬°¤°»ò¥Î·s kernel ¶}¾÷®É¡A¥X²{ <errorname>CMAP
busy</errorname> ³o­Ó¿ù»~°T®§¡H</para>
</question>
<answer>
<para>¥Î¨Ó°»´ú¹L®É
<filename>/var/db/kvm_*.db</filename> Àɮתº¾÷¨î°¸º¸·|
µo¥Í°ÝÃD¡A¦Ó¨Ï¥Î¨ì¤F¤@­Ó¤£¨ó½Õ¡]mismatch¡^ªºÀɮצ³®É´N·|¾É­P
panic¡C</para>
<para>¦pªGµo¥Í¤F³o­Ó°ÝÃD¡A½Ð­«·s¶}¾÷¡A¶i¤J³æ¨Ï¥ÎªÌ¼Ò¦¡¡AµM«á°õ
¦æ¡G</para>
<screen>&prompt.root; <userinput>rm /var/db/kvm_*.db</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="brkadrint-illegal-host-access">
<para>½Ð°Ý³o­Ó°T®§¡G<errorname>ahc0: brkadrint,
Illegal Host Access at seqaddr 0x0</errorname>
¬O¤°»ò·N«ä¡H</para>
</question>
<answer>
<para>³o¬O¤@­Ó©M Ultrastor SCSI ±±¨î¥d¦³Ãöªº½Ä¬ð¡]conflict¡^¡C</para>
<para>¦b¶}¾÷®É¡A¶i¤J kernel ³]©w¿ï³æ¨ú®ø
<devicename>uha0</devicename>¡A¥¦¬O³y¦¨³o­Ó°ÝÃDªº­ì¦]¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="aci0-illegal-cable">
<para>¦b¶}¾÷®É¡A§Ú¬Ý¨ì³o­Ó¿ù»~°T®§
<errorname>ahc0: illegal cable configuration</errorname>¡C
§Úªº±Æ½u½T©w¦³±µ¹ï¡C ¬O¥X¤F¤°»ò°ÝÃD©O¡H</para>
</question>
<answer>
<para>±zªº¥D¾÷ªO¥i¯à¤£¤ä´©¦Û°Ê²×ºÝ¹qªý³]©w¡C½Ð¶i¨ì SCSI ªº BIOS
¸Ì­±¤â°Ê«ü©w¥¿½Tªº²×ºÝ¹qªý¶¶§Ç¡A¦Ó¤£­n¨Ï¥Î¦Û°Ê³]©w¡CAIC7XXX ªº
ÅX°Êµ{¦¡¨ÃµLªkª¾¹D¦³¨S¦³³o¨Ç±Æ½u°»´ú¡]¥H¤Î¦Û°Ê²×ºÝ¹qªý³]©w¡^ªº
¹q¸ô¡]external logic¡^¦s¦b¡C¦pªG EEPROM ¸Ì­±ªº³]©w¬O
"automatic termination" ®É¡A¥¦¥u·|³æ¯Â°²©w³o¨Ç¹q¸ô·íµM¬O¦s¦bªº¡C
­Y¯Ê¤Ö¤F³o­Ó¹q¸ô¡AÅX°Êµ{¦¡¦b³]©w²×ºÝ¹qªý®É´N±`±`¥X°ÝÃD¡C
¦Ó³oºØ°ÝÃD±N¾É­P SCSI ¶×¬y±Æªº¥i¾a©Ê­°§C¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="mail-loopback">
<para>¬°¤°»ò Sendmail ¤@ª½¥X²{
<quote><errorname>mail loops back to myself</errorname></quote>
³o­Ó¿ù»~°T®§¡H</para>
</question>
<answer>
<para>³o­Ó°ÝÃD¦b sendmail ªº FAQ ¤¤¬O³o¼Ë¦^µªªº:-</para>
<literallayout> * §Ú¤@ª½¦¬¨ì¦³Ãö "Local configuration error" ªº«H¥ó¡A¨Ò¦p¡G
553 relay.domain.net config error: mail loops back to myself
554 &lt;user@domain.net&gt;... Local configuration error
§Ú­n¦p¦ó¸Ñ¨M³o­Ó°ÝÃD¡H
±z§Q¥Î MX ³]©w¡AÅý­n±H¨ì¬Y domain¡]¦p: domain.net¡^ªº«H¥ó¡A
±H¨ì±z©Ò«ü©wªº¾÷¾¹¡]¦b³o­Ó¨Ò¤l¤¤¬° relay.domain.net¡^¡A¦ý¬O³o
³¡¾÷¾¹¨Ã¥¼³Q³]©w±µ¨ü domain.net ªº«H¥ó¡C½Ð§â domain.net ¥[¨ì
/etc/sendmail.cw ¤¤¡]¦pªG±z¦³¨Ï¥Î FEATURE(use_cw_file)) ©Î¬O
¦b sendmail.cf ¤¤¥[¤J "Cw domain.net"
</literallayout>
<para>³Ì·sª©¥»ªº <ulink URL="ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq">sendmail
FAQ</ulink> ²{¦b¤w¤£¦AÀHµÛ sendmail <quote>¥X³f</quote>¡C
¥¦¥Ø«e¬O³Q©w´Áªºµoªí¦b <ulink
URL="news:comp.mail.sendmail">comp.mail.sendmail</ulink>¡A
<ulink URL="news:comp.mail.misc">comp.mail.misc</ulink>¡A<ulink
URL="news:comp.mail.smail">comp.mail.smail</ulink>¡A<ulink
URL="news:comp.answers">comp.answers</ulink>¡A©M <ulink
URL="news:news.answers">news.answers</ulink>. ±z¤]¥i¥H±H¤@«Ê
Email ¨ì <email>mail-server@rtfm.mit.edu</email>¡AµM«á¦b«H¥ó¤º¤å
¤¤¼g¤W
<literal>send usenet/news.answers/mail/sendmail-faq</literal>
¥H¨ú±o³o¥÷ FAQ ¤å¥ó¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="remote-fullscreen">
<para>¬°¤°»ò°õ¦æ»·ºÝ¾÷¾¹¡]remote machine¡^ªº¥þ¿Ã¹õªº³nÅé®É¡A
¦³¤£¥¿±`ªº±¡§Î¡H</para>
</question>
<answer>
<para>©Î³\»·ºÝ¾÷¾¹¨Ã«D±N±zªº²×ºÝ¾÷¼Ò¦¡³]¬° FreeBSD console ©Ò¥Îªº
<literal>cons25</literal>¡A¦Ó¬O³]¬°¨ä¥¦¼Ò¦¡¡C</para>
<para>³o¨à¦³´X­Ó¸Ñ¨M³o­Ó°ÝÃDªº¤èªk¡G</para>
<itemizedlist>
<listitem>
<para>¦b logging ¶i»·ºÝ¾÷¾¹«á¡A§ó§ï±zªº shell ÅÜ¼Æ TERM ¬°
<literal>ansi</literal> ©Î¬O <literal>sco</literal>
¡}¦pªG»·ºÝ¾÷¾¹¤ä´©³o¨Ç¼Ò¦¡ªº¸Ü¡^¡C</para>
</listitem>
<listitem>
<para>¨Ï¥Î¤ä´© VT100 ªº¼ÒÀÀ³nÅé¡A¦p FreeBSD console ¤Uªº
<application>screen</application> ³nÅé¡C
<application>screen</application> ´£¨Ñ±z¦b¤@­Ó terminal
ùئP®É¶]¦n´X­Ó session ªº¯à¤O¡A¦Ó¥B¥¦¥»¨­¤]¬O¤@­Ó¬Û·í¦n
ªº³nÅé¡C¨C­Ó <application>screen</application> ³£¹³¬O¤@­Ó
VT100 ªº²×ºÝ¾÷¡A©Ò¥H»·ºÝ¾÷¾¹ªº TERM ÅܼÆÀ³¸Ó³]¬°
<literal>vt100</literal>¡C</para>
</listitem>
<listitem>
<para>¦b»·ºÝ¾÷¾¹ªº²×ºÝ¾÷¸ê®Æ®w¡]terminal database¡^¤¤¥[¤J
<literal>cons25</literal> ªº¸ê®Æ¡C¥[¤Jªº¤èªkµø»·ºÝ¾÷¾¹ªº
§@·~¨t²Î¤£¦P¦Ó¦³©Ò®t²§¡C½Ð°Ñ¾\»·ºÝ¾÷¾¹µ¹¨t²ÎºÞ²z­ûªº»¡©ú
®Ñ¡AÀ³¸Ó·|¦³©ÒÀ°§U¡C</para>
</listitem>
<listitem>
<para>±Ò°Ê FreeBSD ªº X ¦øªA¾¹¡AµM«á¨Ï¥Î¤@¨Ç X Window ¤Uªº
²×ºÝ¾÷¼ÒÀÀ¾¹¨Óµn¤J»·ºÝ¾÷¾¹¡A¨Ò¦p <command>xterm</command>
©Î <command>rxvt</command>¡C¦Ó»·ºÝ¾÷¾¹ªº TERM ÅܼÆÀ³¸Ó­n
³]¬° <literal>xterm</literal> ©Î <literal>vt100</literal>¡C
</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="calcru-negative">
<para>¬°¤°»ò§Úªº¾÷¾¹¤@ª½Åã¥Ü
<errorname>calcru: negative time...</errorname>¡H</para>
</question>
<answer>
<para>¸ò¤¤Â_¡]interrupt¡^¦³Ãöªº¤£¦PµwÅé »P/©Î ³nÅ骺·f°t³£¦³¥i¯à³y¦¨
³o­Ó°ÝÃD¡C³o¦³¥i¯à¬O bug ©Î¬O¬Y­Ó¸Ë¸m¥»¨­ªº°ÝÃD¡C¦b¥­¦æ°ð¤W¨Ï¥Î
¤jªº MTU ¨Ó§@ TCP/IP ¶Ç¿é¥i¥H­«²{³o­Ó°ÝÃD¡C­Y¬O¹Ï§Î¥[³t¥d³y¦¨³o­Ó
°ÝÃDªº¸Ü¡A±zÀ³¸Ó¥ýÀˬd¥dªº¤¤Â_³]©w¡C</para>
<para>³o­Ó°ÝÃDªºÃä»Ú®ÄÀ³¬O·|³y¦¨¦³¨Ç process ¥X²{
<quote>SIGXCPU exceeded cpu time limit</quote> ªº°T®§¡A¦Ó¤£¥¿±`
°±¤î¡C</para>
<para>­Y¬O FreeBSD 3.0 ©Î¬O 1998 ¦~ 11 ¤ë 29 ¤é¥H«á¨ä¥Lª©¥»¡A¸U¤@
³o­Ó°ÝÃD¤@ª½µLªk¥H¨ä¥L¤èªk¸Ñ¨M¡A´N¥u¯à³]©w sysctl ÅܼơG</para>
<screen>&prompt.root; <userinput>sysctl -w kern.timecounter.method=1</userinput></screen>
<para>³o¼Ë·|¹ï®Ä¯à¦³¨Ç¼vÅT¡A¦ý¬O­Y¦Ò¼{¨ì³o­Ó°ÝÃD±a¨Óªº«áªG¡A³o¼Ë°µ
¬O­È±oªº¡C¦pªG³o­Ó°ÝÃDÁÙ¬O¦s¦bªº¸Ü¡AÅý sysctl ¨º­Ó­È¨ÌµM³]¬° 1¡A
µM«á¼W¥[ kernel ³]©wÀɤ¤ <literal>NTIMECOUNTER</literal> ³o­Ó¿ï
¶µªº¼Æ­È¡C¦pªG±z±N <literal>NTIMECOUNTER</literal> ¼W¥[¨ì 20 ¨Ì
µMµLªk¸Ñ¨M³o­Ó°ÝÃD¡A¨º»ò±z¾÷¾¹¤Wªº¤¤Â_¤w¸g¦h¨ìµLªkÅý­p¼Æ¾¹ºû«ù¦b
¥i¾aªºª¬ºA¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="pcm0-not-found">
<para>¥X²{ <errorname>pcm0 not found</errorname> ³o­Ó°T®§¡A©ÎªÌ¬O
§Úªº­µ®Ä¥dÅܦ¨¤F <devicename>pcm1</devicename>¡A¦ý¦b kernel ³]©w
ÀÉùاڬO³] <literal>device pcm0</literal> °Ú¡C³o¬O«ç»ò¦^¨Æ©O¡H
</para>
</question>
<answer>
<para>¦pªG±z¦b FreeBSD 3.x ¤W¨Ï¥Î PCI ­µ®Ä¥d´N·|µo¥Í³oºØ°ÝÃD¡C
¦]¬°<devicename>pcm0</devicename> ³o­Ó device ¬O¤º©w«O¯dµ¹ ISA
ªº­µ®Ä¥dªº¡A©Ò¥H¦pªG±z¦³¤@±i PCI ªº­µ®Ä¥d¡A±z´N·|¹J¨ì³o­Ó°ÝÃD¡A
¦Ó±zªº¥d·|Åܦ¨ <devicename>pcm1</devicename>¡C</para>
<note>
<para>¦pªG±z¥u§â kernel ³]©wÀɤ¤ªº³]©w§ï¦¨
<literal>device pcm1</literal> ¬OµLªk°£¥h³o­Óĵ§i°T®§ªº¡A
³o¼Ë·|³y¦¨ <devicename>pcm1</devicename> ³Q«O¯dµ¹ ISA ­µ®Ä¥d¡A
¦Ó PCI ­µ®Ä¥d«h·|Åܦ¨ <devicename>pcm2</devicename>
¡]¥~¥[ <errorname>pcm1 not found</errorname> ªºÄµ§i°T®§¡^¡C
</para>
</note>
<para>¦pªG±z¦³¤@±i PCI ªº­µ®Ä¥d¡A±z»Ý­n make
<devicename>snd1</devicename> ³o­Ó device¡A¦Ó¤£¬O
<devicename>snd0</devicename>¡G</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>./MAKEDEV snd1</userinput></screen>
<para>³o­Ó°ÝÃD¦b FreeBSD 4.x ¤W¨Ã¤£·|µo¥Í¡A¦]¬°«Ü¦h¤H§ë¤U¤F³\¦h¤ß
¤OÅý¥¦§ó<emphasis>PnP ¾É¦V</emphasis>¡A¦Ó¥B
<devicename>pcm0</devicename> ³o­Ó device ¤]¤£¦A¬O¥u«O¯dµ¹ ISA
ªº­µ®Ä¥d¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="pnp-not-found">
<para>¬°¤°»ò¦b§ó·s¨ì FreeBSD 4.X «á·|§ì¤£¨ì§Úªº PnP ¥d
¡]©ÎªÌ¬O§ì¦¨ <literal>unknown</literal>¡^¡H</para>
</question>
<answer>
<para>FreeBSD 4.X ²{¦b¤w¸g§ó <emphasis>PnP ¾É¦V</emphasis>¤F¡A
¦ÓÃä»Ú®ÄÀ³´N¬O·|µo¥Í¦³¨Ç¦b FreeBSD 3.X ¥i¥H¥Îªº PnP ¸Ë¸m
¡]¦p­µ®Ä¥d©Î¬O¤º´¡¦¡¼Æ¾Ú¾÷¡^Åܦ¨µLªk¨Ï¥Î¡C</para>
<para>³o­Ó­ì¦]¥i¥H¥Î¤@«Ê¥Ñ Peter Wemm µo¨ì freebsd-questions
³o­Ó mailing list ¤Wªº«H¨Ó¸ÑÄÀ¡A¥¦­ì¥»¬O¸ÑÄÀ¬°¤°»ò¦³¤@­Ó¤º
´¡¦¡¼Æ¾Ú¾÷¡A¦b¨t²Î¤É¯Å¨ì FreeBSD 4.x «á¡A´N¨Sªk³Q§ì¨ì¤F
¡]¦b <literal>[]</literal> ùتº¬O¥t¥~¥[ªºµù¸Ñ¡AÅý¤º®e§ó©öÀ´¡^¡C
</para>
<blockquote>
<para>The PNP bios preconfigured it [the modem] and left it
laying around in port space¡Aso [in 3.x] the old-style ISA
probes <quote>found</quote> it there.</para>
<para>Under 4.0¡Athe ISA code is much more PnP-centric. It was
possible [in 3.x] for an ISA probe to find a
<quote>stray</quote> device and then for the PNP device id to
match and then fail due to resource conflicts. So¡Ait
disables the programmable cards first so this double probing
cannot happen. It also means that it needs to know the PnP
id's for supported PnP hardware. Making this more user
tweakable is on the TODO list.</para>
</blockquote>
<para>¦pªG­nÅý¸Ë¸m¯à¦A«×¹B§@¡A§Ú­Ì»Ý­n§ä¥X¥¦ªº PnP id¡AµM«á¦A±N¥¦
¥[¤J¤@¥÷¦b°»´ú ISA ¸Ë¸m®É·|¨Ï¥Îªºªí¤¤¡C¥i¥H°õ¦æ &man.pnpinfo.8;
¨Ó°»´ú³o­Ó¸Ë¸m¡AÁ|¨Ò¨Ó»¡¡A¤U­±¬O &man.pnpinfo.8; §ì¨ìªº¤@­Ó¤º´¡
¦¡¼Æ¾Ú¾÷ªº¸ê®Æ¡G</para>
<screen>&prompt.root; <userinput>pnpinfo</userinput>
Checking for Plug-n-Play devices...
Card assigned CSN #1
Vendor ID PMC2430 (0x3024a341)¡ASerial Number 0xffffffff
PnP Version 1.0¡AVendor Version 0
Device Description: Pace 56 Voice Internal Plug & Play Modem
Logical Device ID: PMC2430 0x3024a341 #0
Device supports I/O Range Check
TAG Start DF
I/O Range 0x3f8 .. 0x3f8¡Aalignment 0x8¡Alen 0x8
[16-bit addr]
IRQ: 4 - only one type (true/edge)</screen>
<para>[more TAG lines elided]</para>
<screen>TAG End DF
End Tag
Successfully got 31 resources¡A1 logical fdevs
-- card select # 0x0001
CSN PMC2430 (0x3024a341)¡ASerial Number 0xffffffff
Logical device #0
IO: 0x03e8 0x03e8 0x03e8 0x03e8 0x03e8 0x03e8 0x03e8 0x03e8
IRQ 5 0
DMA 4 0
IO range check 0x00 activate 0x01</screen>
<para>±z©Ò»Ý­nªº¸ê°T¬O¤@¶}©l¬Ý¨ìªº <quote>Vendor ID</quote>
³o¤@¦æ¡C¬A¸¹¤¤ªº¤Q¤»¦ì¤¸½X¡]³o­Ó¨Ò¤l¤¤¬O 0x3024a341¡^´N¬O
PnP id¡A¦Ó¦b³o¤§«eªº¦r¦ê¡]PMC2430¡^«h¬O¤@­Ó¿W¤@µL¤Gªº ASCII id¡C
¦Ó³o¨Ç¸ê®Æ»Ý­n³Q¥[¨ì <filename>/usr/src/sys/isa/sio.c</filename>
³o­ÓÀÉ®×ùØ¡C</para>
<para>¬°¤F¨¾¤î¥ô¦óªF¦è¥X¿ù¡A±zÀ³¸Ó­n¥ý³Æ¥÷¥Ø«eªº
<filename>sio.c</filename>¡C¦Ó¥B±z­n submit PR ®É¤]»Ý­n³o­Ó
­ì©lÀɮרӰµ¥X patch¡]±zÀ³¸Ó·|±N¥¦ submit PR §a..¡G¡^..¡^¡C
±µµÛ´N½s¿è <filename>sio.c</filename> §ä´M¤U­±³o¦æ</para>
<programlisting>static struct isa_pnp_id sio_ids[] = {</programlisting>
<para>±µµÛ©¹¤U±²°Ê¡A§ä­Ó¥¿½Tªº¦ì¸m¨Ó´¡¤J±zªº¸Ë¸m¸ê°T¡C±z¬Ý¨ìªº´N
¤U­±³o­Ó¼Ë¤l¡A¥¦­Ì¬O·Ó¥kÃäµù¸Ñ¸Ì­±ªº ASCII ³o­Ó Vender ID °µ±Æ
§Çªº¡A©Î¬O &man.pnpinfo.8; ©Ò§ä¨ìªº¤@³¡¤À
<emphasis>¸Ë¸m´y­z</emphasis>¡G</para>
<programlisting>{0x0f804f3f¡ANULL}¡A /* OZO800f - Zoom 2812 (56k Modem) */
{0x39804f3f¡ANULL}¡A /* OZO8039 - Zoom 56k flex */
{0x3024a341¡ANULL}¡A /* PMC2430 - Pace 56 Voice Internal Modem */
{0x1000eb49¡ANULL}¡A /* ROK0010 - Rockwell ? */
{0x5002734a¡ANULL}¡A /* RSS0250 - 5614Jx3(G) Internal Modem */</programlisting>
<para>§â±z³o­Ó¸Ë¸mªº¤Q¤»¶i¦ìªº Vender ID ¥[¨ì¥¿½Tªº¦a¤è¡A¦sÀÉ¡A
µM«á­«·s½s¤@­Ó kernel¡A¦A­«¶}¾÷¡C¤§«á³o­Ó¸Ë¸mÀ³¸Ó´N·|¹³¦b
FreeBSD 3.X ¤U¡A³Q°»´ú¬° <literal>sio</literal> ¸Ë¸m¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="nlist-failed">
<para>¬°¤°»ò§Ú±`±`¦b¶]¤@¨Çµ{¦¡¡]¨Ò¦p <command>top</command> ©Î
<command>systat</command>¡^ªº®É­Ô¥X²{
<errorname>nlist failed</errorname> ³o­Ó¿ù»~°T®§¡H</para>
</question>
<answer>
<para>³o­Ó°ÝÃD¬O¦]¬°±z¶]ªºµ{¦¡»Ý­n¤@­Ó¯S§Oªº kernel symbol¡A¥i¬O
¤£ª¾¹D¤°»ò­ì¦]¦Ó§ä¤£¨ì¡Q¦Ó·|µo¥Í³o­Ó°ÝÃD¥i¯à¬O¦]¬°¤U­±¨â­Ó­ì¦]¡G
</para>
<itemizedlist>
<listitem>
<para>±zªº kernel ©M userland ªºÀɮת©¥»¨Ã¤£¤@­P¡]¨Ò¦p»¡¡A±z
½s¤F¤@­Ó·sªº kernel¡A¦ý¬O¨Ã¨S¦³°õ¦æ¹ïÀ³ªº
<maketarget>installworld</maketarget>¡A©Î¬O¨ä¥LÃþ¦ü±¡§Î¡^¡A
¦]¦¹ symbol table ªº¤º®e´N©MÀ³¥Îµ{¦¡½sĶ®Éªº¤£¤Ó¤@¼Ë¤F¡C¦p
ªG¬O³oºØ±¡§Î¡A½Ð°õ¦æ§¹¾ãªº¤É¯Å¨BÆJ¡]½Ð°Ñ¾\
<filename>/usr/src/UPDATING</filename> ¥H±oª¾¥¿½Tªº¬y
µ{¡^¡C</para>
</listitem>
<listitem>
<para>±z¨S¦³¥Î <command>/boot/loader</command> ¨Ó¸ü¤J±zªº
kernel¡A¦Ó¬Oª½±µ¥Ñ boot2 ¶}¾÷¡]½Ð°Ñ¾\ &man.boot.8;¡^¡C
ÁöµM»¡¸õ¹L <command>/boot/loader</command> ¨Ã¨S¦³¤°»ò¿ù¡A
¦ý¬O¥¦¦b kernel symbols ¸òÀ³¥Îµ{¦¡ªº·¾³q¤è­±¦û¤F«Ü­«ªº¥÷¶q¡C
</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="connection-delay">
<para>¬°¤°»ò§Ú¥Î <command>ssh</command> ©Î <command>telnet</command>
³s¨ì§Úªº¹q¸£®É¡A·|µ¥«Ý«Üªøªº¤@¬q®É¶¡¤~¯à³s¤W¡H</para>
</question>
<answer>
<para>¯gª¬¡GTCP ³s½u«Ø¥ß¤§«á©M¸ß°Ý±K½X¤§«e¡]¦pªG¬O¦b»¡ &man.telnet.1;
ªº¸Ü¡A«h¬O login ´£¥Ü²Å¸¹¸õ¥X¨Ó¤§«e¡^¡A­nµ¥«Ý«Üªøªº¤@¬q®É
¶¡¡C</para>
<para>°ÝÃD©Ò¦b¡G³oºØ©µ¿ð±¡§Î±`±`¬O¦]¬°¦øªA³nÅé¡]server software¡^
¹Á¸Õ­n±N«È¤áºÝ¡]client¡^ªº IP ¦ì§}Âà´«¦¨¥D¾÷¦WºÙ¡C¦]¬°«Ü¦h¦øªA
³nÅé¡A¥]¬A FreeBSD ¤º«Øªº Telnet ©M SSH¡A¬°¤F±N¥D¾÷¦WºÙ¼g¤J¬ö
¿ýÀɤ¤¥H¨ÑºÞ²zªÌ§@°Ñ¦Ò¡A¦Ó·|°µ³o¶µ°Ê§@¡C</para>
<para>¸Ñ¨M¤èªk¡G¦pªG³o­Ó°ÝÃD¦b±z³s±µ¤£¦Pªº¦øªA¾¹®É³£·|µo¥Í¡A¨º»ò
°ÝÃD¬O¦b±z«È¤áºÝ³o¤@¤è¡Q¦P¼Ëªº¡A¦pªG§O¤H¥u¦³¦b³s¨ì±zªº¦øªA¾¹¤W
¤~·|µo¥Í³o­Ó±¡§Î¡A¨º»ò°ÝÃD´N¬O¦b¦øªA¾¹³oÃä¤F¡C</para>
<para>¦pªG¬O«È¤áºÝ³o¤è¦³°ÝÃD¡A°ß¤@ªº¤èªk´N¬O±N DNS ¦øªA¾¹­×¦n¡A
³o¼Ë¹ï¤è¦øªA¾¹¤~¯à¥¿½TªºÂà´«¦WºÙ¡C¦pªG°ÝÃD¬O¦b¤º³¡°Ï°ìºô¸ôµo
¥Íªº¡A³oÀ³¸Ó¬O¦øªA¾¹¦³°ÝÃD¡A½Ð¸Ô²ÓÀˬd¤@¤U¡Q¬Û¤Ïªº¡A¦pªG¬O±z
¦b¤W Internet ®Éµo¥Íªº¡A¨º»ò±z»Ý­n¸ò±zªº ISP Ápµ¸¡A½Ð¥L­Ì¸Ñ¨M
³o­Ó°ÝÃD¡C</para>
<para>¦pªG¬O¦øªA¾¹³oÃ䪺°ÝÃD¡A¦Ó¥B¬Oµo¥Í¦b¤º³¡°Ï°ìºô¸ô¡A¨º»ò±z»Ý
­n³]©w³o­Ó¦øªA¾¹¡A¨Ï¥¦¯à¥¿½T±N¤º³¡ºô¸ôªº IP ¦ì§}Âà´«¬°¥D¾÷¦WºÙ¡C
½Ð°Ñ¾\ &man.hosts.5; ©M &man.named.8; ªº»¡©ú¥HÀò±o§ó¦h¸ê°T¡C¦p
ªG¬O¦b Internet ¤Wªº¦øªA¾¹µo¥Í³o­Ó°ÝÃD¡A¨º»ò¦³¥i¯à¬O±z¦øªA¾¹ªº
Âà´«¥\¯à¥X°ÝÃD¡C±z¥i¥H¸Õ¸Õ¬d¸ß¥t¤@­Ó¥D¾÷¦WºÙ¡A¤ñ¦p¡G
<hostid>www.yahoo.com</hostid>¡C¦pªG¬d¤£¨ì¡A¨º»ò¥i¥H½T©w¬O±z³o
Ãä¥X°ÝÃD¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="stray-irq">
<para><errorname>stray IRQ</errorname> ³o­Ó¿ù»~°T®§¬O¤°»ò·N«ä¡H</para>
</question>
<answer>
<para>Stray IRQs ¬OµwÅé IRQ ¦³ÂI¤p°ÝÃDªº²{¶H¡A¤j¦h¬O¦]¬°µwÅ饻¨­
¦bµo¥X¤¤Â_»Ý¨D«á¡A¤S¨ú®ø¤F¥¦¦Û¤vªº¤¤Â_­n¨D¡C</para>
<para>¦³¤T­Ó¤èªk¥i¥HÀ³¥I³o­Ó°ÝÃD¡G</para>
<itemizedlist>
<listitem>
<para>¤£²z·|³o­Óĵ§i¡C¤Ï¥¿¤@­Ó irq ¥X²{¤­¦¸Äµ§i«á¨t²Î´N¤£·|
¦AÅã¥Ü¤F¡C</para>
</listitem>
<listitem>
<para>§â <function>isa_strayintr()</function> ùتº­È¡A¥Ñ 5
§ï¦¨ 0¡A³o¼Ë©Ò¦³ªºÄµ§i°T®§³£¤£·|¥X²{¡C</para>
</listitem>
<listitem>
<para>¦w¸Ë¨Ï¥Î irq 7 ªº¥­¦æ°ðµwÅé³]³Æ¡A¥H¤Î¥¦ªº PPP ÅX°Êµ{¦¡
¡]³o­Ó¤j³¡¤À¨t²Î³£¦³°µ¡^¡A±µµÛ¦w¸Ë ide µwºÐ©Î¬O¨ä¥L·|¨Ï¥Î
irq 15 ªºµwÅé³]³Æ¥H¤Î¥¦ªºÅX°Êµ{¦¡¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="file-table-full">
<para>¬°¤°»ò <errorname>file: table is full</errorname> ³o­Ó°T®§
¤@ª½¦b dmesg ùØ­«½Æ¥X²{¡H</para>
</question>
<answer>
<para>³o­Ó¿ù»~°T®§¥Nªí¤F±z¨t²Îªº file descriptors ¤w¸g¨Ï¥Î¥ú¤F¡C
½Ð°Ñ¾\¤â¥U¤º <ulink url="../handbook/configtuning-kernel-limits.html">
Tuning Kernel Limits</ulink> ¸Ì­±ªº <ulink
url="../handbook/configtuning-kernel-limits.html#KERN-MAXFILES">
kern.maxfiles</ulink> ³o­Ó³¹¸`¡A¸Ì­±¦³¤@¨Ç°Q½×¤Î¸Ñ¨M¤èªk¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="laptop-clock-skew">
<para>¬°¤°»ò§Úµ§°O«¬¹q¸£¤Wªº®ÉÄÁ¤@ª½Åã¥Ü¿ù»~ªº®É¶¡¡H</para>
</question>
<answer>
<para>±zªºµ§°O«¬¹q¸£¸Ì¦³¨â­Ó¥H¤Wªº®ÉÄÁ¡A¦Ó FreeBSD ¿ï¨ì¤F¿ùªº
¨º­Ó¡C</para>
<para>°õ¦æ &man.dmesg.8;¡AÀˬd¤@¤U¦³ <literal>Timecounter</literal>
¦r¦êªº¨º´X¦æ¡C³Ì«á¤@¦æ¬O FreeBSD ¿ï¥Îªº¡A³q±`¬O
<literal>TSC</literal>¡C</para>
<screen>&prompt.root; <userinput>dmesg | grep Timecounter</userinput>
Timecounter "i8254" frequency 1193182 Hz
Timecounter "TSC" frequency 595573479 Hz</screen>
<para>±z¥i¥H°õ¦æ &man.sysctl.3; ¬Ý¤@¤U
<varname>kern.timecounter.hardware</varname> ³o­Ó­È°µ½T»{¡C</para>
<screen>&prompt.root; <userinput>sysctl kern.timecounter.hardware</userinput>
kern.timecounter.hardware: TSC</screen>
<para>BIOS ¥i¯à¦b¤@¨Ç±¡§Î¤U·|§ó§ï TSC ªº®É¯ß&mdash;¦³®É­Ô¬O¦]¬°
¦b¨Ï¥Î¹q¦À¤u§@®É·|§ó§ï³B²z¾¹ªº³t«×¡A¥t¥~¤]¦³¥i¯à¬O¶i¤J¤F¬Ù¹q¼Ò
¦¡¡A¥i¬O FreeBSD ¨Ã¤£·|¹îı¨ì³o¨Ç½Õ¾ã¡A¦Ó·|µo¥Í®É¶¡¼W¥[©Î¬O´î
¤Öªº±¡§Î¡C</para>
<para>¦b¤W­±ªº¨Ò¤l·í¤¤¡A§Ú­Ì¬Ý¨ìÁÙ¦³ <literal>i8254</literal>
³o­Ó®ÉÄÁ¥i¥H¿ï¾Ü¡A°õ¦æ &man.sysctl.3; ¥Î¤â°Êªº¤è¦¡±N³o­Ó­È¼g¤J
<varname>kern.timecounter.hardware</varname> ¤¤¡C</para>
<screen>&prompt.root; <userinput>sysctl -w kern.timecounter.hardware=i8254</userinput>
kern.timecounter.hardware: TSC -&gt; i8254</screen>
<para>³o¼Ë±zªºµ§°O«¬¹q¸£À³¸Ó´N¥i¥H«O«ù¥¿½Tªº®É¶¡¤F¡C</para>
<para>¦pªG­nÅý³o­Ó§ó§ïªº°Ê§@¦A¨C¦¸¶}¾÷®É¦Û°Ê°õ¦æ¡A¦b
<filename>/etc/sysctl.conf</filename> ùØ¥[¤J¤U­±³o¦æ¡C</para>
<programlisting>kern.timecounter.hardware=i8254</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="null-null">
<para>¬°¤°»ò§Úªºµ§°O«¬¹q¸£µLªk¥¿½Tªº°»´ú¨ì PC card ¡H</para>
</question>
<answer>
<para>³o­Ó°ÝÃD±`±`µo¥Í¦bÄé¤F¦h­Ó§@·~¨t²Îªºµ§°O«¬¹q¸£¤W¡C¦³¨Ç«D
BSD ªº§@·~¨t²Î·|Åý PC card ªºµwÅé¸Ë¸m³B¦b¤@­Ó¤£¤@­Pªºª¬ºA¤U
¡]inconsistent state¡^¡C¨Ï±o <command>pccardd</command> ¦b°»
´ú³o¤ù¥d®É¡AµLªk§ì¨ì¥¿½Tªº«¬¸¹¡A¦Ó¬O
<errorname>"(null)""(null)"</errorname>¡C</para>
<para>±z»Ý­n²¾°£ PC card ´¡¼Ñªº¹q·½¥H­«¸m³o­ÓµwÅé¸Ë¸m¡C¤@­Ó¤èªk¬O
±N±zªºµ§°O«¬¹q¸£Ãö¾÷¡]¤£¬O¥ð¯v¼Ò¦¡¡A¤]¤£¬O«Ý©R¼Ò¦¡¡Q­n§¹¥þªºÃö
¾÷¡^¡Cµ¥­Ó´X¬íÄÁ¦A­«¶}¾÷¡C³o¼Ë±zªº PC card À³¸Ó´N¥¿±`¤F¡C</para>
<para>¦³®É¦³¨Çµ§°O«¬¹q¸£ÁöµM¬Ý°_¨Ó¤w¸gÃö¾÷¤F¡A¦ý¹ê»Ú¤W¨Ã¨S¦³¡C
¦pªG±zµo²{¤W­±¨º­Ó¤èªk¨S¦³¥Î¡A½ÐÃö¾÷¡A²¾°£¹q¦À¡Aµ¥­Ó´X¬íÄÁ¡A
§â¹q¦À¸Ë¤W¥hµM«á­«¶}¾÷¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="boot-read-error">
<para>¬°¤°»ò¦b BIOS µe­±¤§«á¡AFreeBSD ªº boot loader Åã¥Ü
<errorname>Read error</errorname> µM«á´N°±¤î¤£°Ê¤F¡H</para>
</question>
<answer>
<para>³o¬O¦]¬°FreeBSD ªº boot loader µLªk¥¿½Tªº§ä¥XµwºÐªº
geometry¡C³o¼Ëªº¸Ü¡A´N»Ý­n¦b¥Î fdisk ¤À³Î©Î¬O­×§ï FreeBSD
ªº slice ®É¡A¤â°Ê±N¥¿½Tªº­È¿é¤J¶i¥h¤F¡C</para>
<para>¥¿½TªºµwºÐ geometry ­È¦b BIOS ¸Ì­±¥i¥H¬dªº¨ì¡Cª`·N¸ÓµwºÐªº
cylinders¡Aheads ¥H¤Î sectors ³o¨Ç¼Æ­È¡C</para>
<para>¦b°õ¦æ &man.sysinstall.8;ªº fdisk ®É¡A«ö¤U <keycap>G</keycap>
¥H«K¤â°Ê³]©wµwºÐªº geometry¡C</para>
<para>³o®É·|¦³¤@­Ó¹ï¸Ü®Ø¸õ¥X¨Ó¡A¸ß°Ý±z¦³Ãö cylinders¡Aheads ¥H¤Î
sectors ³o¨ÇªF¦èªº­È¡C½Ð±N­è­è¦b BIOS ¬d¨ìªº¼Æ¦r¡A¥H / §@¤À¹j¿é
¤J¶i¥h¡C</para>
<para>Á|¨Ò¨Ó»¡¡A¦pªG¬O 5000 cylinders¡A250 sectors ©M 60 sectors
´N¿é¤J <userinput>5000/250/60</userinput></para>
<para>¿é¤J§¹«á½Ð«ö enter Áä½T»{¡A³Ì«á«ö¤U <keycap>W</keycap> Áä§â
·sªº¤À³Î°Ïªí¼g¤JµwºÐ·í¤¤¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bootmanager-restore">
<para>¥t¤@­Ó§@·~¨t²ÎºR·´¤F§Úªº Boot Manager¡C§Ú­n«ç»ò¼Ë¤~¯à§â¥¦ÁÙ
­ì¦^¨Ó¡H</para>
</question>
<answer>
<para>°õ¦æ &man.sysinstall.8; ±µµÛ¿ï Configure¡AµM«á¿ï Fdisk¡C
¦A¨Ó¥Î<keycap>ªÅ¥Õ</keycap>Áä¿ï¾Ü­ì¥ý Boot Manager ©Ò¦bªºµwºÐ¡C
«ö¤U <keycap>W</keycap> Áä¨Ó§@¼g¤Jªº°Ê§@¡C³o®É·|¸õ¥X¤@­Ó´£¥Ü
°T®§¡A¸ß°Ý±z­n¦w¸Ë­þ¤@­Ó boot loader¡C½Ð¿ï¾Ü Boot Manager¡A
³o¼Ë´N¥i¥H±N¥¦ÁÙ­ì¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="indefinite-wait-buffer">
<para>³o­Ó¿ù»~°T®§¡G<errorname>swap_pager: indefinite
wait buffer:</errorname> ¬O¤°»ò·N«ä©O¡H</para>
</question>
<answer>
<para>³o­Ó°T®§¬O»¡¦³¤@­Ó°õ¦æµ{§Ç¥¿¦b¹Á¸Õ±N¤À­¶°O¾ÐÅé¡]page memory¡^
¼g¤JµwºÐ¤¤¡A¦Ó³o­Ó°Ê§@¹Á¸Õ¤F 20 ¬íÄÁ¤´µMµLªk¦¨¥\¡C³o­Ó¦³¥i¯à¬O¦]¬°
µwºÐ¦³Ãa­y¡B¹q¸ô©Î±Æ½u¦³°ÝÃD¡B¥H¤Î¨ä¥L¸òµwºÐŪ¥X¼g¤J¦³ÃöªºµwÅé³]³Æ¡C
¦pªG¯uªº¬OµwºÐÃa­yªº°ÝÃD¡A±zÀ³¸Ó·|¦b
<filename>/var/log/messages</filename>³o­ÓÀɮפ¤¡A©Î¬O¦b°õ¦æ
<command>dmesg</command>³o­Ó«ü¥O«á¡A¬Ý¨ì¦³ÃöºÏºÐ¿ù»~ªº°T®§¡C
¦pªG¨S¦³¡A¨º»ò½ÐÀˬd±zªº±Æ½uÁÙ¦³±µÀY³s±µ¬O§_¨}¦n¡C</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question id="touch-not-found">
+ <para>Why does buildworld/installworld die with the message
+ <errorname>touch: not found</errorname>?</para>
+ </question>
+
+ <answer>
+ <para>This error does not mean that the &man.touch.1; utility is
+ missing. The error is instead propably due to the dates of the
+ files being set sometime in the future. If your CMOS-clock is
+ set to local time you need to run the command
+ <command>adjkerntz&nbsp;-i</command> to adjust the kernel clock
+ when booting into single user mode.</para>
+ </answer>
+ </qandaentry>
</qandaset>
</chapter>
<chapter id="commercial">
<chapterinfo>
<author>
<firstname>Vanilla</firstname>
<surname>Shu</surname>
<affiliation>
<address><email>vanilla@FreeBSD.org</email></address>
</affiliation>
</author>
</chapterinfo>
<title>°Ó·~³nÅé</title>
<note>
<para>³o¤@¸`ªº¤º®eÁÙ¬O¬Û·í¤Ö¡A¤£¹L§Ú­Ì·íµM§Æ±æ¦U­Ó¤½¥q¯à¬°¥¦¥[
ÂI¤º®e :) FreeBSD ²Õ´©M¦C¦b³o¸Ìªº¥ô¦ó¤@®a¤½¥q³£¨S¦³ª÷¿ú¤Wªº§Q®`
Ãö«Y¡A¦C¥X¨Ó¥u¬O¹ï¤j²³ªº¤½¶}ªA°È¡]¦P®É¤]»{¬°¦b FreeBSD ¤Wªº°Ó·~¿³
½ì¡A·|¹ï FreeBSD ªø¤[¥Í¾÷¦³·¥¥¿­±ªº®Ä¯q¡^¡C§Ú­Ì¹ªÀy°Ó·~³nÅ骺¼t°Ó
§â¥L­Ìªº²£«~¥]¬A¦b¤U­±ªº¦W³æ¤¤¡A¦b
<ulink URL="../../../../commercial/index.html">Vendors page</ulink>
¥i¥H¬Ý¨ì¸ûªø¦Cªí¡C</para>
</note>
<qandaset>
<qandaentry>
<question id="officesuite">
<para>¦b­þÃä§ä¨ìµ¹ FreeBSD ¥Îªº Office ®M¥ó©O¡H</para>
</question>
<answer>
<itemizedlist>
<listitem>
<para><ulink url="http://www.freebsdmall.com/">FreeBSD Mall</ulink>
´£¨Ñ¤F <ulink url="http://www.vistasource.com/">VistaSource</ulink>
ªº ApplixWare 5 ªº FreeBSD ª©¥»¡C</para>
<para>ApplixWare ¬O¤@®M°Ó·~ª©¥»ªº Office ®M¥ó¡A¥L´£¨Ñ¤F
¤å¥ó³B²z¡B¸Õºâªí¡B¦V¶qø¹Ïµ¥¬ÛÃöµ{¦¡¡C</para>
<para>ApplixWare ¦P®É¤]¬O FreeBSD Mall's BSD Desktop Edition
ªº¤@³¡¥÷¡C</para>
</listitem>
<listitem>
<para>Linux ª©¥»ªº <ulink url="http://www.sun.com/staroffice/">StarOffice</ulink>
¥i¥H«Ü¥¿±`ªº¦b FreeBSD ¤U°õ¦æ¡A¥i¥H³z¹L <ulink
url="../handbook/ports.html">FreeBSD Ports collection</ulink>
¨Ó¦w¸Ë Linux ª©¥»ªº StarOffice¡C¦Ó open-source <ulink
url="http://www.openoffice.org/">OpenOffice</ulink> «Ü§Ö±o
¤]¥i¥H¦b FreeBSD ¤W¥¿±`ªº°õ¦æ¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="motif">
<para>¦b­þÃä§ä¨ìµ¹ FreeBSD ¥Îªº Motif¡H</para>
</question>
<answer>
<para>Open Group ÄÀ¥X¤F Motif 2.1.30 ªº­ì©l½X¡A¥i¥H³z¹L
<literal>open-motif</literal> package ¦w¸Ë¡A©Î¬O¥Ñ ports ¦Û¦æ
½sĶ¡C¬ÛÃöªº¸ê°T¡A½Ð°Ñ¦Ò handbook ¤¤ªº <ulink
url="../handbook/ports.html">ports</ulink> ³¹¸`¡C
<note>
<para>Open Motif ¥u¯à¦b¦P¼Ë¤]¬O <ulink
url="http://www.opensource.org/">open source</ulink>
ªº§@·~¨t²Î©Î­p¹º¤¤¨Ï¥Î¡C</para>
</note>
</para>
<para>¥t¥~¡A¤]¬O¦³°Ó·~ª©¥»ªº Motif ¦s¦b¡C¤]³\³oºØª©¥»ªº Motif
¤£¬O§K¶Oªº¡A¦ý¬Oµ´¹ï¤¹³\¥Î¦b closed-source ªºÀô¹Ò¤U¡C
<link linkend="apps2go">Apps2go</link> ´£¨Ñ¤F³Ì«K©yªº FreeBSD
(¥]¬A i386 ¸ò alpha)ª©¥»ªº ELF Motif 2.1.20 ®M¥ó¡C
<anchor id="apps2go"></para>
<para>¥Ø«e´£¨Ñ¨âºØ¤£¦PÀô¹Òªºª©¥»¡A <quote>µo®i¥Îª©¥»</quote> ¤Î
<quote>runtime ª©¥»</quote> ¡C³o¨âºØ®M¥ó³£¥]¬A¡G</para>
<itemizedlist>
<listitem>
<para>OSF/Motif manager, xmbind, panner, wsm.</para>
</listitem>
<listitem>
<para>Development kit with uil, mrm, xm, xmcxx, include
and Imake files.</para>
</listitem>
<listitem>
<para>Static and dynamic ELF libraries (for use with
FreeBSD 3.0 and above).</para>
</listitem>
<listitem>
<para>Demonstration applets.</para>
</listitem>
</itemizedlist>
<para>¦]¬° <emphasis>Apps2go</emphasis> ¤]¦³´£¨Ñ NetBSD ©M OpenBSD
ªºª©¥»¡A©Ò¥H¦b­qÁʮɽЯS§O«ü©w¬O­n FreeBSD ª©¥»ªº Motif¡I
¥L­Ì¥Ø«e¥u´£¨Ñ¥H FTP ªº¤è¦¡¨ú±o³o¥÷®M¥ó¡C</para>
<variablelist>
<varlistentry>
<term>§ó¦h¸ê°T</term>
<listitem>
<para><ulink URL="http://www.apps2go.com/">
Apps2go WWW page</ulink></para>
</listitem>
</varlistentry>
<varlistentry>
<term>©Î</term>
<listitem>
<para>
<email>sales@apps2go.com</email> ©Î
<email>support@apps2go.com</email>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>©Î</term>
<listitem>
<para>phone (817) 431 8775 or +1 817 431-8775</para>
</listitem>
</varlistentry>
</variablelist>
<para>¤]¥i¥HÁpµ¸ <link linkend="metrox">Metro Link</link>
¨ú±oµ¹ FreeBSD ELF©Î a.out ª©¥»ªº Motif 2.1 ®M¥ó¡C</para>
<para>³o¥÷®M¥ó¥]¬A¡G</para>
<itemizedlist>
<listitem>
<para>OSF/Motif manager, xmbind, panner, wsm.</para>
</listitem>
<listitem>
<para>Development kit with uil, mrm, xm, xmcxx, include
and Imake files.</para>
</listitem>
<listitem>
<para>Static and dynamic libraries (specify ELF for use
with FreeBSD 3.0 and later; or a.out for use with FreeBSD
2.2.8 and earlier).</para>
</listitem>
<listitem>
<para>Demonstration applets.</para>
</listitem>
<listitem>
<para>Preformatted man pages.</para>
</listitem>
</itemizedlist>
<para>¥Ñ©ó <emphasis>Metro Link</emphasis> ¤]¦³´£¨Ñ Linux ªºª©¥»¡A
©Ò¥H­qÁʮɭn¯S§O«ü©ú¬O FreeBSD ª©¥»ªº Motif¡I ¥i¥H¥Ñ¥úºÐ©Î±q FTP
¨Ó¨ú±o³o­Ó®M¥ó¡C</para>
<para>Ápµ¸ <link linkend="xig">Xi Graphics</link> ¡A¥L­Ì´£¨Ñ¤F¤@­Ó
FreeBSD a.out ®æ¦¡ªº Motif 2.0 ®M¥ó¡C</para>
<para>¦b³o®M¥ó¤¤¥]¬A¤F¡G</para>
<itemizedlist>
<listitem>
<para>OSF/Motif manager, xmbind, panner, wsm.</para>
</listitem>
<listitem>
<para>Development kit with uil, mrm, xm, xmcxx, include
and Imake files.</para>
</listitem>
<listitem>
<para>Static and dynamic libraries (for use with FreeBSD
2.2.8 and earlier).</para>
</listitem>
<listitem>
<para>Demonstration applets.</para>
</listitem>
<listitem>
<para>Preformatted man pages.</para>
</listitem>
</itemizedlist>
<para>¦b§A¸ò¥L­Ì­qÁÊ Motif ®É¡A½Ð¤@©wµù©ú§A­nªº¬O FreeBSD ªºª©¥»¡I
¦]¬° <emphasis>Xi Graphics</emphasis> ¤]¦P®É´£¨Ñ¤F BSDI ¸ò Linux
ª©¥»ªº Motif¡C¥Ø«eµo¦æªºª©¥»¬O©ñ¦b¥|¶ôºÏ¤ù¤¤¡A±N¨Ó¥L­Ì·|±N©Ò¦³ªº
ªF¦è³£©ñ¨ì¥úºÐ¸Ì¡A´N¹³¥L­Ì©Òµo¦æªº CDE ¤@¼Ë¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="cde">
<para>¦b­þÃä§ä¨ìµ¹ FreeBSD ¥Îªº CDE¡H</para>
</question>
<answer>
<para><link linkend="xig">Xi Graphics</link> ¥H«e¦³½æ FreeBSD ¥Îªº
CDE¡A¤£¹L²{¦b¤w¸g°±¤îµo°â¤F¡C</para>
<para><ulink URL="http://www.kde.org/">KDE</ulink> is an open
source X11 desktop which is similar to CDE in many respects.
You might also like the look and feel of <ulink
URL="http://www.xfce.org/">xfce</ulink>. KDE and xfce are both
in the <ulink URL="../../../../ports/index.html">ports
system</ulink>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="commercial-xserver">
<para>¦³¨S¦³­n¿ú¡A¦ý¬O°ª®Ä²vªº X servers¡H</para>
</question>
<answer>
<para>¦³¡A <ulink URL="http://www.xig.com/">Xi Graphics</ulink>
©M <ulink URL="http://www.metrolink.com/">Metro Link</ulink>
³£¦³´£¨Ñµ¹ FreeBSD¡]©Î¨ä¥L Intel ¥­¥x¤W¡^¥Îªº X µøµ¡¥[³t²£«~¡C
</para>
<para>Metro Link °ª®Ä¯à X Server ¨Ï¥Î¤F FreeBSD ¤º«Øªº package
¥]¸Ë¤è¦¡, ¦]¦¹³]©w¤Q¤À®e©ö¡A¤ä´©¥Ø«e¥«­±¤W¦U¤j¼tµPªºÅã¥Ü¥d¡C
¥Ø«e¥u´£¨Ñ binary ®æ¦¡ÀɮסA¥i¥H±q FTP ¯¸¬Û·í¤è«K¦aª½±µ¤U¸ü¡A
¨Ã¥B Metro Link ³o®M²£«~ªº»ù®æ¬O«D±`¦X²zªº $39¡C
<anchor id="metrox"></para>
<para>Metro Link ¦P®É´£¨Ñ FreeBSD ¤Wªº ELF ©M a.out ®æ¦¡ªº Motif
¡]©¹¤W­±¬Ý¬Ý¡^¡C</para>
<variablelist>
<varlistentry>
<term>§ó¦hªº¸ê°T</term>
<listitem>
<para><ulink URL="http://www.metrolink.com/">
Metro Link WWW page</ulink></para>
</listitem>
</varlistentry>
<varlistentry>
<term>©Î</term>
<listitem>
<para><email>sales@metrolink.com</email>
©Î <email>tech@metrolink.com</email>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>©Î</term>
<listitem>
<para>phone (954) 938-0283 or +1 954 938-0283</para>
</listitem>
</varlistentry>
</variablelist>
<para>Xi Graphics ©Ò´£¨Ñªº°ª®Ä¯à X Server ¦³«D±`²³æªº³]©w¤è¦¡¡A
¨Ã¥B¤ä´©¤F¥Ø«e¥«­±¤W·í¬õªº¦U¤j¼tµPªºÅã¥Ü¥d¡C¥¦¥uµ¹§A Binary ÀɮסA
¬O¥ÎºÏ¤ùªº¤è¦¡µo¦æ¡AFreeBSD ¸ò Linux ª©¥»³£¬Û¦P¡CXi Graphics ¦P®É
¤]´£¨Ñ¤F±Mªùµ¹ laptop ¥Îªº°ª®Ä¯à X Server¡C<anchor id="xig"></para>
<para>5.0 ª©¦³´£¨Ñ§K¶Oªº <quote>compatibility demo</quote> ª©¥»</para>
<para>Xi Graphics ¤]¦³¦b½æ FreeBSD ¥Îªº Motif ¸ò CDE¡]©¹¤W­±¬Ý¬Ý¡^¡C
</para>
<variablelist>
<varlistentry>
<term>§ó¦hªº¸ê°T</term>
<listitem>
<para><ulink URL="http://www.xig.com/">
Xi Graphics WWW page</ulink></para>
</listitem>
</varlistentry>
<varlistentry>
<term>©Î</term>
<listitem>
<para><email>sales@xig.com</email>
©Î <email>support@xig.com</email>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>©Î</term>
<listitem>
<para>phone (800) 946 7433 or +1 303 298-7478.</para>
</listitem>
</varlistentry>
</variablelist>
</answer>
</qandaentry>
<qandaentry>
<question id="database-systems">
<para>¦b FreeBSD ¤W¦³¥ô¦óªº¸ê®Æ®w¶Ü¡H</para>
</question>
<answer>
<para>¦³! ½Ð¬Ý FreeBSD ºô¯¸¤W <ulink
URL="../../../../commercial/software_bycat.html#CATEGORY_DATABASE">
°Ó·~³nÅ餽¥q </ulink> ³o¤@³¡¥÷¡C</para>
<para>ÁÙ¦³½Ð°Ñ¦Ò ports ¤¤ <ulink
URL="../../../../ports/databases.html">
Databases</ulink> ¬ÛÃöªº¦¬¶°¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="oracle-support">
<para>¥i¥H¦b FreeBSD ¤W°õ¦æ Oracle ¶Ü¡H</para>
</question>
<answer>
<para>¥i¥H¡A¤U­±³o­Óºô­¶·|»¡©ú¦p¦ó¦b FreeBSD ¤W°õ¦æ Linux
ª©ªº Oracle¡G</para>
<itemizedlist>
<listitem>
<para><ulink
URL="http://www.scc.nl/~marcel/howto-oracle.html">
http://www.scc.nl/~marcel/howto-oracle.html</ulink></para>
</listitem>
<listitem>
<para><ulink
URL="http://www.lf.net/lf/pi/oracle/install-linux-oracle-on-freebsd">
http://www.lf.net/lf/pi/oracle/install-linux-oracle-on-freebsd</ulink></para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="applications">
<chapterinfo>
<author>
<firstname>Kang-min</firstname>
<surname>Liu</surname>
<affiliation>
<address><email>gugod@gugod.org</email></address>
</affiliation>
</author>
</chapterinfo>
<title>¤@¯ëÀ³¥Îµ{¦¡</title>
<qandaset>
<qandaentry>
<question id="user-apps">
<para>¶â..§Ú­n¦b­þ§ä¨ì§Ú­nªºµ{¦¡©O?</para>
</question>
<answer>
<para>½Ð¬Ý¬Ý <ulink URL="../../../../ports/index.html">ports
¥Ø¿ý</ulink> §a¡C³oÃ䦳¥÷¤w¸g port ¨ì FreeBSD ªº³nÅé¦Cªí¡C
¥Ø«e¦³¶W¹L &os.numports; ­Ó³nÅé¤w¸g³Qport ¨ì FreeBSD ¤W¡A¨Ã¥B¨C¤Ñ
³£¦b¼W¥[¤¤¡C©Ò¥H¦³ªÅ´N¦h¬Ý¬Ý³o¥÷¦Cªí¡A¤£µM§A¤]¥i¥H­q¾\
<literal>freebsd-announce</literal> <link linkend="mailing">
³o¥÷ mailing list</link>¡A·|¦³¤H±N¨C­Ó¬P´Á³Ì·sªº³nÅé¦Cªí¶K¦b
¤W­±¡C</para>
<para>¤j³¡¥÷ªº ports À³¸Ó³£¥i¥H¦b 2.2¡A3.0 ¸ò 4.0 ªº¨t²Î¤W¨Ï
¥Î¡A¨Ã¥BÁÙ¦³³¡¥÷ªº ports ¥i¥H¦b 2.1.x ªº¨t²Î¤W¹B§@¡C¨C¦¸
·í FreeBSD release ®É¡A³£·|¦³¤@¥÷ ports tree ³Q©ñ¦b³o¤@­Ó
release cd ¸Ì­±ªº <filename>ports/</filename> ¥Ø¿ý¸Ì¡C</para>
<para>§Ú­Ì¤]¤ä´©¤@ºØ¥s <quote>package</quote> ªº·§©À¡A°ò¥»¤W
´N¬O gzip À£ÁY¡B¥i¥Î¨Óµo¦æªº binary ÀɮסA¦ý¬O¸Ì­±ÂäF¤@
¨Ç¬Û·í¦³¥Îªº¸ê°T¡A¥i¥Hµ¹¦UºØ¦Û­q¦w¸Ë¨Ó¨Ï¥Î¡C¨Ï¥ÎªÌ¤£¥²ª¾
¹D¬Y­Ó package ¸Ì¨s³º¦³¥]¬A­þ¨ÇÀɮסA´N¥i`¥H«Ü¤è«K¦a­«½Æ±N
¥¦¦w¸Ë/¤Ï¦w¸Ë¡C</para>
<para>§A¥i¥H°õ¦æ <filename>/stand/sysinstall</filename> «á¡A
¦b post-configuration ¿ï³æ¤U¿ï¾Ü package ³o­Ó¦w¸Ë¿ï¶µ¡F©Î
¬O¹ï¬Y­Ó¦³¿³½ìªº package ÀÉ®×°õ¦æ &man.pkg.add.1;
§â¥¦¸Ë°_¨Ó¡CPackage Àɮ׳q±`¥H <filename>.tgz</filename>
§@¬°©µ¦ùÀɦW¡A¤â¤W¦³ FreeBSD CDROM ªº¤H¥i¥H¦b
<filename>packages/All</filename> ³o­Ó¥Ø¿ý¤U§ä¨ì³oÃþÀɮסC
¹ï¤£¦Pªº FreeBSD ª©¥»¡A¤]¥i¥H±q¤U¦C¦ì§}¥Ñºô¸ô¤W¨ú±o¡G</para>
<variablelist>
<varlistentry>
<term>µ¹ 2.2.8-release/2.2.8-stable ¥Îªº</term>
<listitem>
<para><ulink
URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-2.2.8/">
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-2.2.8/</ulink></para>
</listitem>
</varlistentry>
<varlistentry>
<term>µ¹ 3.2-release/3.2-stable ¥Îªº</term>
<listitem>
<para><ulink
URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/">
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/</ulink></para>
</listitem>
</varlistentry>
<varlistentry>
<term>µ¹ 4.X-RELEASE/4-STABLE ¥Îªº</term>
<listitem>
<para><ulink
URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/">
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/</ulink></para>
</listitem>
</varlistentry>
<varlistentry>
<term>µ¹ 5.X-CURRENT ¥Îªº</term>
<listitem>
<para><ulink
URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/">
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current</ulink></para>
</listitem>
</varlistentry>
</variablelist>
<para>©Î¬OÂ÷§A³Ìªñªº mirror ¯¸¡C</para>
<para>­nª`·Nªº¬O¡A¦]¬°·sªº port ¤@ª½¦b¼W¥[¤¤¡A©Ò¥H¨Ã¤£¬O©Ò¦³ port
³£¦³¬Û¹ïÀ³ªº package¡C³Ì¦n©w®ÉÀˬd<ulink
URL="ftp://ftp.FreeBSD.org/pub/FreeBSD/">ftp.FreeBSD.org</ulink>
¡A¬Ý¬Ý¦³­þ¨Ç package ¥i¥H¥Î¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="missing-libcso30">
<para>§Ú¥i¥H¦b­þÃä§ä¨ì libc.so.3.0?</para>
</question>
<answer>
<para>§A¥i¯à¦b¤@¥x 2.1.x ªº¾÷¾¹¤W¡A¶]µÛµ¹ 2.2/3.x/4.0 ªº³nÅé¡C
½Ð¦A©¹¤W­±¤@­Ó³¹¸`¬Ý¡A¥¿½Tªº¨ú±oµ¹§A¾÷¾¹¥Îªº port/package¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="missing-libcso40">
<para>¬°¦ó§Ú±o¨ì¤F³o­Ó°T®§ ?<errorname>Error: can't find
libc.so.4.0</errorname>?</para>
</question>
<answer>
<para>§A¤£¤p¤ß§ì¤Fµ¹ 4.X ¤Î 5.X ¨t²Î¥Îªº package¡A¨Ã¥B¹Á¸ÕµÛ
¥h¸Ë¦b§Aªº 2.X ©Î 3.X ªº¨t²Î¤W­±¡C½Ð¤U¸ü¥¿½Tª©¥»ªº package¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="emul">
<para> ghostscript ¦b§Úªº 386/486SX ¤W¦³ÂI°ÝÃD©O¡I</para>
</question>
<answer>
<para>§A¨S¦³¯BÂI¹Bºâ¾¹¡A¹ï§a¡H§A¥²¶·¦b§Aªº kernel ¤¤¥[¤J¼Æ¾Ç
¹Bºâ¼ÒÀÀ¾¹¡A§A¥i¥H¸òµÛ¤U­±ªº¨BÆJ°µ¡A¨Ã¦b§ó§ï¹L§Aªº kernel ³]©w
ÀÉ«á¡A­«·s½sĶ¹L¤@¦¸¡C</para>
<programlisting>options GPL_MATH_EMULATE</programlisting>
<note>
<para>·í§A¥[¤J¤W¤@¦æªº¦P®É¡A§A¥²¶·±N
<literal>MATH_EMULATE</literal> ²¾°£±¼¡C</para>
</note>
</answer>
</qandaentry>
<qandaentry>
<question id="sco-socksys">
<para>¬°¤°»ò·í§Ú°õ¦æ SCO/iBCS2 ªºµ{¦¡®É¡A¥¦¦b
<errorname>socksys</errorname> ³o­Ó¦a¤è¥X¤F°ÝÃD¡H
(FreeBSD 3.0 ¥H¤Î§ó¦­ªºª©¥»¤~¦³¦¹°ÝÃD¡C)</para></question>
<answer>
<para>§A¥²¶·¥ý­×§ï <filename>/etc/sysconfig</filename> (©Î¬O
<filename>/etc/rc.conf</filename>, ½ÐŪ &man.rc.conf.5;)
³oÀɮ׳̫á¤@­Ó³¹¸`¡A±N¤U­±©ÒÁ¿¨ìªºÅܼƳ]¦¨
<literal>YES</literal>¡G</para>
<programlisting># Set to YES if you want ibcs2 (SCO) emulation
loaded at startup ibcs2=NO</programlisting>
<para>³o·|¦b¶}¾÷®É±N ibcs2 ³o¤@­Ó kernel ¼Ò²Õ¸ü¤J¡C</para>
<para>§AÁÙ­n±N§Aªº /compat/ibcs2/dev §ï¦¨¤U­±³o¼Ë¡G</para>
<screen>lrwxr-xr-x 1 root wheel 9 Oct 15 22:20 X0R@ -&gt; /dev/null
lrwxr-xr-x 1 root wheel 7 Oct 15 22:20 nfsd@ -&gt; socksys
-rw-rw-r-- 1 root wheel 0 Oct 28 12:02 null
lrwxr-xr-x 1 root wheel 9 Oct 15 22:20 socksys@ -&gt; /dev/null
crw-rw-rw- 1 root wheel 41, 1 Oct 15 22:14 spx</screen>
<para>§A¥u»Ý­n±N socksys Âà¦V¨ì <devicename>/dev/null</devicename>
(½ÐŪ &man.null.4;) ¥hÄF¹L open &amp; close ªº°Ê§@¡C¦b -current
¸Ì­±ªº ibcs2 ¬ÛÃöµ{¦¡½X±N·|³B²z¨ä¾lªº³¡¥÷¡A³oºØ§@ªk¤ñ¥H«eªº¤è¦¡
°®²b¤Ó¦h¤F¡C°²¦p§A·Q­n¨Ï¥Î <devicename>spx</devicename> ¤è­±ªº
µ{¦¡¡A¦b§Aªº®Ö¤ß³]©wÀɸ̭± ¥[¤W<literal>SPX_HACK</literal>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="configure-inn">
<para>§Ú­n¦p¦ó¦b§Úªº¾÷¾¹¤W³]©w INN (Internet News)¡H</para>
</question>
<answer>
<para>¦b§A¨Ï¥Î package ©ÎªÌ¬O port ¦w¸Ë§¹ inn ¤§«á¡A<ulink
URL="http://www.cis.ohio-state.edu/~barr/INN.html">Dave Barr's
INN Page</ulink> ¬O­Ó«D±`¦nªº¶}©l¡A§A¥i¥H¦b¨ºÃä§ä¨ìINN ªº FAQ¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ms-frontpage">
<para>§Ú¸Ó¨Ï¥Î¨º­Óª©¥»ªº Microsoft FrontPage¡H</para>
</question>
<answer>
<para>Use the Port, Luke¡I¦b ports tree ¤¤¤w¸g¦³¤@­Ó¥]§t FrontPage
ªº Apache ª©¥»¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="java">
<para>FreeBSD ¤ä´© Java ¶Ü¡H</para>
</question>
<answer>
<para>¦³¡A½Ð¬Ý <ulink URL="../../../../java/index.html">
http://www.FreeBSD.org/java</ulink>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ports-3x">
<para>¬°¤°»ò§ÚµLªk¦b 3.X-STABLE ¾÷¾¹¤W¶¶§Q½s¦n³o­Ó port?</para>
</question>
<answer>
<para>¦pªG§Aªº FreeBSD ª©¥»¬Û¸û -CURRENT ©Î -STABLE ¤§¤U¬O«Ü¥j
¦­ªº¸Ü¡A©Î³\§A·|»Ý­n¤@­Ó¤É¯Å ports ªº¤u¨ã¡A¦b
<ulink URL="../../../../ports/index.html">
http://www.FreeBSD.org/ports/</ulink>¡C¦pªG§A¥H±N¨ä§ó·s«o¤´µL¥Î¡A
¨º»ò¤@©w¬O¬Y¤H§ó°Ê¤§«á³y¦¨ -CURRENT ¤~¯à¥Î¡A-STABLE µLªk¥Îªº±¡ªp¡C
¥Ñ©ó ports ¤º©Ò¦¬¶°ªº³nÅé¦b -CURRENT ©Î¬O -STABLE ¤W³£­n¯à¥Î¡A
©Ò¥H½Ð¾¨³t°e¥XÃö©ó¦¹°ÝÃDªºÂγø§i¡F½Ð¨Ï¥Î &man.send-pr.1; ³o­Ó«ü
¥O¨Ó°eÂγø§i¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="find-ldso">
<para>¨º¸Ì¥i¥H§ä±o¨ì ld.so¡H</para>
</question>
<answer>
<para>¦³¨Ç a.out ®æ¦¡ªºÀ³¥Îµ{¦¡·|»Ý­n a.out ®æ¦¡ªº¨ç¦¡®w¡A
Netscape Navigator ´N¬O¤@­Ó¨Ò¤l¡C¤£¹L¥Î ELF ¨ç¦¡®w½s°_¨Ó
ªº FreeBSD ¹w³]¨Ã¤£·|¦w¸Ëªº a.out ¨ç¦¡®w¡A©Ò¥H±z¥i¯à·|±o
¨ìÃþ¦ü§ä¤£¨ì <filename>/usr/libexec/ld.so</filename> ªº©ê«è°T
®§¡C¦pªG»¡±zªº¨t²Î¦³³o¦w¸Ë a.out ¨ç¦¡®wªº¥²­n¡A³o¨Ç¨ç¦¡®w
(compat22) ¤]¯à°÷§Q¥Î &man.sysinstall.8; ¨Ó¦w¸Ë¡C©ÎªÌ§Q¥Î
FreeBSD ­ì©l½X¨Ó¦w¸Ë¡G</para>
<screen>&prompt.root; <userinput>cd /usr/src/lib/compat/compat22</userinput>&prompt.root; <userinput>make install clean</userinput></screen>
<para>¦pªG§A§Æ±æ¨C¦¸ <command>make world</command> ®É·|¦Û°Ê§ó·s
compat22 ¨ç¦¡®w¡A¨º»ò­×§ï <filename>/etc/make.conf</filename>¡A
¥[¤J <varname>COMPAT22=YES</varname>¡C³o¨Ç¬Û®e©ó¥j¦Ñª©¥»ªº¨ç¦¡®w
¤w¸g¨S¤°»ò¦b§ó·s¤F¡A©Ò¥H¤@¯ë»¡¨Ó¬O¤£»Ý­n³o¼Ëªº¡C</para>
<para>¦P®É¤]½Ð±z¬Ý¤@¤U 3.1-RELEASE ©M 3.2-RELEASE ªº°É»~ªí(ERRATA)¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ports-update">
<para>§Ú§ó·s¤F¨t²Î­ì©l½X¡A²{¦b§Ú­n«ç¼Ë¤É¯Å¬Y­Ó¤w¸g¦w¸Ë¤W
ªº ports ?</para>
</question>
<answer>
<para>FreeBSD ¥»¨­¨Ã¨S¦³¦Û°Ê¤É¯Å ports ªº¤u¨ã¡A¦ý¦³¤@¨Ç¥i¥HÅý¤É¯Å
²¤Æ¤@¨Çªº¤pµ{¦¡¡C§A¤]¥i¥H¦Û¤v¸Ë¤WÃB¥~ªº¤u¨ã¨Ó³B²z¡C</para>
<para>&man.pkg.version.1; «ü¥O¥i¥H¦Û°Ê²£¥Í¥Î¨Ó¹F¨ì¦Û°Ê¤É¯Å¨ì
ports tree ³Ì·sª©¥»ªº script¡C</para>
<screen>&prompt.root; <userinput>pkg_version <option>-c</option> > <replaceable>/tmp/myscript</replaceable></userinput></screen>
<para><emphasis>¤@©w­n</emphasis>¦b¤â°Ê­×§ï¤@¤U²£¥Í¥X¨Óªº script¡C
¥Ø«eªº &man.pkg.version.1; ¦b script ³Ì«e­±¥[¤J &man.exit.1; ±j
­¢§A¥h­×§ï¥¦¡C</para>
<para>§AÀ³±N°õ¦æ script ©Ò²£¥Íªº¿é¥X°O¿ý¤U¨Ó¡A¦]¬°¸Ì­±·|¦³°O¸ü¬Y¨Ç
©|¥¼¤É¯Å¦ý¤w¸g§ó·sªº ports¡C¤£¹L§A¤£¤@©w­n¥h¤É¯Å¥¦­Ì¡C³q±`¬O¦]¬°
¦³¬Y­Ó¦@¥Îªº¨ç¦¡®w¤w¸g§ïÅܪ©¥»¸¹¤F¡A¤~­n¥h­«½s¤@¦¸¨º¨Ç¨Ï¥Î¨ì¸Ó¨ç
¦¡®wªº ports¡C</para>
<para>¦pªG§AªºµwºÐªÅ¶¡«Ü°÷¡A¨º»ò¥i¥H¥Î <command>portupgrade</command>
³o­Ó¤u¨ã¨Ó°µ¥þ¦Û°Ê³B¸Ì¡C<command>portupgrade</command> ¸Ì­±¤]¦³
¤@¨Ç¤pµ{¦¡¨Ó²¤Æ package ¤É¯Å¡A¥¦¦b
<filename role="package">sysutils/portupgrade</filename>¡C
³o­Ó¤u¨ã¬O¥Î Ruby ³o­Ó»y¨¥¼gªº¡A©Ò¥H¨Ã¤£¾A¦X¥[¤J¨ì FreeBSD ªº­ì
©l½X¤¤¡A¤£¹L¨Ã¤£·|¦]¦¹Åý¬Y¨Ç¤H¤£¥Î¥¦¡C</para>
<para>¦pªG§Aªº¨t²Î¤@ª½³£³B©ó¶}¾÷ª¬ºA¡A¥i§Q¥Î &man.periodic.8; ¨t²Î¡A
¨C­Ó¬P´Á²£¥Í¤@±i»Ý­n¤É¯Åªº²M³æ¡C¥u­n¦b
<filename>/etc/periodic.conf</filename> ¥[¤J
<literal>weekly_status_pkg_enable="YES"</literal> ´N¥i¥H¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="minima-sh">
<para>¬°¤°»ò <command>/bin/sh</command>³o»òªº¤p¡H¬°¤°»ò FreeBSD
¤£§ï¥Î <command>bash</command> ©ÎªÌ¬O¨ä¥L¤ñ¸û±j®«ªº shell¡H</para>
</question>
<answer>
<para>¦]¬° POSIX »¡¡A¸Ó­n¦³³o»ò¼Ëªº¤@­Ó shell ¦b¤~¦æ¡C</para>
<para>¤ñ¸ûÁcº¾ªºµª®×¡G³\¦h¤H»Ý­n¼g¥i¥H¸ó«Ü¦h¥­¥xªº shell script ¡C
³o¤]¬O¬°¦ó POSIX ±N shell ¥H¤Î¤u¨ã©RºÙ³£©w¸qªº«D±`¸Ô²Óªº½t¬G¡C
¤j³¡¥÷ªº script ³£¾A¥Î©ó Bourne shell¡A¤S¦]¬°¦³´X­Ó­«­nªº
¼gµ{¦¡©Ò¥Î¨ìªºµ{¦¡©ÎªÌ¨ç¦¡ (&man.make.1; , &man.system.3;,
&man.popen.3;, ÁÙ¦³¦b Perl ©ÎªÌ Tcl ¸Ì­±©I¥s¨t²Îµ{¦¡ªº¦a¤è)
³£«ü©w¥Î Bourne shell ¡C¨º»ò¦]¬° Bourne Shell ¦p¦¹ªº¼sªx±`¥Î¡A
¨º»ò¥¦ªº°õ¦æ®Ä²v«K«Ü­«­n¡A§Ö³t¬O¥¦¨M©w©Êªº­nÂI¤§¤@¡AÁÙ­n¤£¦û¤Ó¦h
°O¾ÐÅé¡C</para>
<para>¥Ø«eªº <command>/bin/sh</command> ¤w¬O§Ú­Ì¹Ã¤ßÃw¦å¤§§@¡A¥¦¤w
¸gºÉ¶q¦a²Å¦X¼Ð·Ç³W©w¡C¬°¤FÅý¥¦«D±`¤p¡A§Ú­Ì®³±¼¤F¤@¨Ç¨ä¥L shell
¦³ªº¤è«K¥\¯à¡C³o¤]¬O¬°¤°»ò ports ¸Ì­±ÁÙ¦³«Ü¦h±j®«ªº shell ¡A¹³¬O
bash, scsh, tcsh ¥H¤Î zsh ¡C (§A¥i¥H¦Û¤v¤ñ¸û¤@¤U³o¨Ç shell °õ¦æ
®É©Ò¦ûªº°O¾ÐÅé¤j¤p¡A¥h¬Ý¬Ý <command>ps -u</command> ¦C¥X¨Óªº
<quote>VSZ</quote> ©M <quote>RSS</quote> ³o¨â­ÓÄæ¦ì´Nª¾¹D¤F¡C)
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="netscape-slow-startup">
<para>¬°¤°»ò Netscape ©M Opera ­nªá¦n¤[ªº®É¶¡¤~¯à±Ò°Ê¡H</para>
</question>
<answer>
<para>³q±`¬O¦]¬°§Aªº DNS ¨S¦³³]©w¦n¡C Netscape ¸ò Opera ¦b±Ò°Êªº®É­Ô
³£·|¥hÀˬd¤@¤U DNS¡Cª½¨ì DNS ¦³¦^À³¡A©ÎªÌ¬OÂ_©wºô¸ô¥Ø«e¬OÂ_½u¤§«á¡A
¥¦­Ì¤~·|Åã¥Üµe­±¥X¨Ó¡C</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="kernelconfig">
<chapterinfo>
<author>
<firstname>Kang-min</firstname>
<surname>Liu</surname>
<affiliation>
<address><email>gugod@gugod.org</email></address>
</affiliation>
</author>
</chapterinfo>
<title>®Ö¤ß³]©w</title>
<qandaset>
<qandaentry>
<question id="make-kernel">
<para>§Ú·Q¦Û­q®Ö¤ßµ{¦¡¡A³o·|«Ü§xÃø¶Ü¡H</para>
</question>
<answer>
<para>¤£·|¡I½Ð¬d¾\ <ulink URL="../../handbook/kernelconfig.html">
¨Ï¥Î¤â¥U¤¤ªº®Ö¤ß³]©w¤@¸`</ulink>¡C</para>
<note>
<para>§Ú·|«Øij§A¦b§AÅý®Ö¤ß¯à¥¿±`¤u§@«á¡A°µ¤@­Ó
<filename>kernel.YYMMDD</filename> ¤é´Á§Î¦¡ªº³Æ¥÷¡A¦P®É¤]³Æ¥÷
<filename>/module</filename>³o­Ó¥Ø¿ý¦Ü
<filename>/modules.YYMMDD</filename>¡C³o¼Ë¤U¦¸¦pªG§A«Ü¤£©¯ªºª±
Ãa¤F³]©w¡A¦Ü¤Ö¥i¥H¤£»Ý­n¨Ï¥Î³Ì­ì©lªº
<filename>kernel.GENERIC</filename>¡C¦p§A¥¿±q¤@­Ó GENERIC
kernel ¸Ì­±¤£¤ä´©ªº±±¨î¾¹¸Ì±Ò°Ê®É¡A³o´NÅã±o¯S§O­«­n¡C</para>
</note>
</answer>
</qandaentry>
<qandaentry>
<question id="missing-hw-float">
<para>§Úªº®Ö¤ß¦]¬° <literal>_hw_float</literal>¿ò¥¢¦Ó½sĶ¥¢±Ñ¡C
¸Ó«ç»ò­×¥¿©O¡H</para>
</question>
<answer>
<para>Åý§Ú²q¬Ý¬Ý¡A§A§â <devicename>npx0</devicename>
(¸Ô¨£ &man.npx.4;) ±q§Aªº®Ö¤ß³]©wÀɲ¾°£¤F¡A¦]¬°§A¨S¦³¼Æ¾Ç¹Bºâ¾¹¡A
¹ï¶Ü¡H¿ù¤F¡I:-) ³o­Ó <devicename>npx0</devicename>¬O
<emphasis>¥²¶·­n¦³ªº</emphasis>¡C´Nºâ§A¨S¦³¼Æ¾Ç¹Bºâ¾¹¡A§AÁÙ¬O
<emphasis>¥²¶·</emphasis> ¤Þ¤J <devicename>npx0</devicename> ¸Ë¸m¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="why-kernel-big">
<para>¬°¤°»ò³y¥X¨Óªº kernel ³o»ò¤j (10MB ¥H¤W) ¡H</para>
</question>
<answer>
<para>³o«Ü¦³¥i¯à¬O¦]¬°¡A§A§â kernel ½s¦¨ <emphasis>°»¿ù¼Ò¦¡</emphasis>
¤F¡C°»¿ù¼Ò¦¡¤§¤Uªº kernel ¸Ì­±·|¦sµÛ°»¿ù¥Îªº³\¦h²Å¸¹¡A¦]¦¹·|¤j´T
¼W¥[ kernel ªº¤j¤p¡C¦pªG»¡§Aªº FreeBSD ¬O 3.0 ¥H«áªºª©¥»¡A³o¹ï©ó
®Ä¯à¨Ó»¡¼vÅT¨Ã¤£¤j¡A´X¥G¬O¨S¦³¡C¦Ó¦b¨t²Î·|¦]¬Y¨Ç­ì¦] panic ®É¡A
¦³­Ó°»¿ù¼Ò¦¡ªº kernel ¦b¤]®¼¦³¥Îªº¡C</para>
<para>¤£¹L©O¡A¦pªG§AªººÏºÐªÅ¶¡«Ü¤p¡A©ÎªÌ§A´N¬O¤£·Q¥Î°»¿ù¼Ò¦¡ªº
kernel ªº¸Ü¡A½Ð½T»{¥H¤U¨Æ±¡¡G</para>
<itemizedlist>
<listitem>
<para>kernel ³]©wÀɸ̭±¨S¦³³o¤@¦æ¡G</para>
<programlisting>makeoptions DEBUGS=-g </programlisting>
</listitem>
<listitem>
<para>°õ¦æ &man.config.8; ®É¨S¦³¥[¤W <option>-g</option>
³o­Ó¿ï¶µ¡C</para>
</listitem>
</itemizedlist>
<para>¥H¤W¨â¥ó¨Æ±¡³£·|Åý§A½s¥X¤@­Ó°»¿ù¼Ò¦¡ªº kernel¡C¦ý¥u­nÁקK¤§¡A
´N¥i¥H½s¥X¤@­Ó¥¿±`ªº kernel¡A¦Ó§A¤]·|ª`·N¨ì¡Akernel ©úÅ㪺Åܤp¤F¡F
¤j³¡¥÷ªº kernel ³£®t¤£¦h¦b 1.5MB ¨ì 2MB ¤§¶¡¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="multiport-serial-interrupts">
<para>¬°¦ó¥X²{¤F multi-port serial code ªº¤¤Â_½Ä¬ð¡H</para>
</question>
<answer>
<para>·í§Ú½sĶ¤@­Ó multi-port serial code ªº®Ö¤ß®É¡A¥¦§i¶D§Ú¥u¦³
²Ä¤@­Ó³Q°»´ú¨ì¡A¨ä¥Lªº«h¦]¤¤Â_½Ä¬ð¦Ó¸õ¹L¤F¡A§Ú¸Ó«ç»ò­×¥¿¥¦¡H</para>
<para>³o­Ó°ÝÃD¬O¦]¬° FreeBSD ¨Ï¥Î¤º«Øµ{¦¡½XÁקK¦]¬°µwÅé©Î³nÅé½Ä¬ð
¾É­P®Ö¤ßµ{¦¡¹L©óªÎ¤j©ÎµL¥Î¡C­n­×¥¿³oºØ±¡§Îªº¤èªk¬O°£¤F¤@­Ó port
¥~§â¨ä¥L©Ò¦³ªº IRQ ³]©w³£°µ«O¯d¡C³o¸Ì¦³¤@­Ó½d¨Ò¡G</para>
<programlisting>#
# Multiport high-speed serial line - 16550 UARTS
#
device sio2 at isa? port 0x2a0 tty irq 5 flags 0x501 vector siointr
device sio3 at isa? port 0x2a8 tty flags 0x501 vector siointr
device sio4 at isa? port 0x2b0 tty flags 0x501 vector siointr
device sio5 at isa? port 0x2b8 tty flags 0x501 vector siointr</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="generic-kernel-build-failure">
<para>¬°¤°»ò§Ú¤@­Ó kernel ³£½s¤£°_¨Ó¡H¬Æ¦Ü GENERIC ¤]¤£¦æ¡H</para>
</question>
<answer>
<para>³o¦³«Ü¦hºØ¥i¯àªº­ì¦]¡G</para>
<itemizedlist>
<listitem>
<para>§A¨S¦³¥Î·sªº <command>make buildkernel</command> »P
<command>make installkernel</command> ³o¨â­Ó¤èªk¨Ó½s¡A¦Ó¥¿¦n
§Aªº¨t²Î­ì©l½Xªºª©¥»©M¥¿¦b°õ¦æªº¨t²Î®Ö¤ßª©¥»¤£¤@¼Ë (¹³¬O¡A
¦b¶] 4.0-RELEASE ªº¨t²Î¤W¹Á¸ÕµÛ½s 4.3-RELEASE)¡C¦pªG»¡§A­n¤É
¯Å¨t²Îªº¸Ü¡A½Ð°È¥²¥h¬Ý¬Ý <filename>/usr/src/UPDATING</filename>
³o­ÓÀɮסA¯S§Oª`·N³Ì«á­±ªº <quote>COMMON ITEMS</quote>
³o­Ó¤p¸`¡C</para>
</listitem>
<listitem>
<para>§A¤w¸g¥Î¤W <command>make buildkernel</command> ¥H¤Î
<command>make installkernel</command> ¤F¡A¦ý¬O¦b
<command>make buildworld</command> ®É¥¢±Ñ¤F¡C¥i±¤ªº¬O¡A
<command>make buildkernel</command> ­n¦¨¥\¡A»Ý­n¨Ì¿à
<command>make buildworld</command> «á³y¥X¨Óªº¤@¨ÇÀɮסC</para>
</listitem>
<listitem>
<para>´Nºâ¬O§A¦b½s <link linkend="stable">FreeBSD-STABLE</link>¡A
ÁÙ¬O¦³¥i¯à§A§ì¨ì¤F¥¿¦b­×§ï¤¤¡A©ÎµÛ¦]¬°¬Y¨Ç½t¬G¦Ó®Ú¥»ÁÙ¨S§ï¦n
ªº­ì©l½X¡FÁöµM»¡ <link linkend="stable">FreeBSD-STABLE</link>
¤j³¡¥÷ªº®É­Ô³£¬O¥i¥H½sªº¡A¦ý¥u¦³ RELEASE ¤~¬O«OÃÒ¥i¥H½sªº¡C¸I
¨ì³o­Ó°ÝÃD®É¡A¦A¦¸§ó·s­ì©l½X¨Ã¥B¦A¸Õ¸Õ¬Ý¡C¤]¦³¥i¯à¬O©ñ­ì©l½Xªº
¦øªA¾¹¥X²{¬Y¨Ç°ÝÃD¡A©Ò¥H§ó·s­ì©l½X®É¤]¸Õ¸Õ±q¤£¦P¦øªA¾¹¨Ó§ó·s¬Ý
¬Ý¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="disks">
<title>Disks, Filesystems, and Boot Loaders</title>
<qandaset>
<qandaentry>
<question id="adding-disks">
<para>How can I add my new hard disk to my FreeBSD system?</para>
</question>
<answer>
<para>See the Disk Formatting Tutorial at <ulink
URL="../../articles/formatting-media/index.html">
www.FreeBSD.org</ulink>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="new-huge-disk">
<para>How do I move my system over to my huge new disk?</para>
</question>
<answer>
<para>The best way is to reinstall the OS on the new
disk, then move the user data over. This is highly
recommended if you have been tracking -stable for more
than one release, or have updated a release instead of
installing a new one. You can install booteasy on both
disks with &man.boot0cfg.8;, and dual boot them until
you are happy with the new configuration. Skip the
next paragraph to find out how to move the data after
doing this.</para>
<para>Should you decide not to do a fresh install, you
need to partition and label the new disk with either
<filename>/stand/sysinstall</filename>, or &man.fdisk.8;
and &man.disklabel.8;. You should also install booteasy
on both disks with &man.boot0cfg.8;, so that you can
dual boot to the old or new system after the copying
is done. See the <ulink
url="../../articles/formatting-media/index.html">
formatting-media article</ulink> for details on this
process.</para>
<para>Now you have the new disk set up, and are ready
to move the data. Unfortunately, you cannot just blindly
copy the data. Things like device files (in
<filename>/dev</filename>), flags, and links tend to
screw that up. You need to use tools that understand
these things, which means &man.dump.8;.
Although it is suggested that you move the data in single user
mode, it is not required.</para>
<para>You should never use anything but &man.dump.8; and
&man.restore.8; to move the root file system. The
&man.tar.1; command may work - then again, it may not.
You should also use &man.dump.8; and &man.restore.8;
if you are moving a single partition to another empty
partition. The sequence of steps to use dump to move
a partitions data to a new partition is:</para>
<procedure>
<step>
<para>newfs the new partition.</para>
</step>
<step>
<para>mount it on a temporary mount point.</para>
</step>
<step>
<para>cd to that directory.</para>
</step>
<step>
<para>dump the old partition, piping output to the
new one.</para>
</step>
</procedure>
<para>For example, if you are going to move root to
<devicename>/dev/ad1s1a</devicename>, with
<filename>/mnt</filename> as the temporary mount point,
it is:</para>
<screen>&prompt.root; <userinput>newfs /dev/ad1s1a</userinput>
&prompt.root; <userinput>mount /dev/ad1s1a /mnt</userinput>
&prompt.root; <userinput>cd /mnt</userinput>
&prompt.root; <userinput>dump 0af - / | restore xf -</userinput></screen>
<para>Rearranging your partitions with dump takes a bit more
work. To merge a partition like <filename>/var</filename>
into its parent, create the new partition large enough
for both, move the parent partition as described above,
then move the child partition into the empty directory
that the first move created:</para>
<screen>&prompt.root; <userinput>newfs /dev/ad1s1a</userinput>
&prompt.root; <userinput>mount /dev/ad1s1a /mnt</userinput>
&prompt.root; <userinput>cd /mnt</userinput>
&prompt.root; <userinput>dump 0af - / | restore xf -</userinput>
&prompt.root; <userinput>cd var</userinput>
&prompt.root; <userinput>dump 0af - /var | restore xf -</userinput></screen>
<para>To split a directory from its parent, say putting
<filename>/var</filename> on its own partition when it was not
before, create both partitions, then mount the child partition
on the appropriate directory in the temporary mount point, then
move the old single partition:</para>
<screen>&prompt.root; <userinput>newfs /dev/ad1s1a</userinput>
&prompt.root; <userinput>newfs /dev/ad1s1d</userinput>
&prompt.root; <userinput>mount /dev/ad1s1a /mnt</userinput>
&prompt.root; <userinput>mkdir /mnt/var</userinput>
&prompt.root; <userinput>mount /dev/ad1s1d /mnt/var</userinput>
&prompt.root; <userinput>cd /mnt</userinput>
&prompt.root; <userinput>dump 0af - / | restore xf -</userinput></screen>
<para>You might prefer &man.cpio.1;, &man.pax.1;,
&man.tar.1; to &man.dump.8; for user data. At the time of
this writing, these are known to lose file flag information,
so use them with caution.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="dangerously-dedicated">
<para>Will a <quote>dangerously dedicated</quote> disk endanger
my health?</para>
</question>
<answer>
<para><anchor id="dedicate">The installation procedure allows
you to chose two different methods in partitioning your
hard disk(s). The default way makes it compatible with other
operating systems on the same machine, by using fdisk table
entries (called <quote>slices</quote> in FreeBSD), with a
FreeBSD slice that employs partitions of its own. Optionally,
one can chose to install a boot-selector to switch between the
possible operating systems on the disk(s). The alternative uses
the entire disk for FreeBSD, and makes no attempt to be
compatible with other operating systems.</para>
<para>So why it is called <quote>dangerous</quote>? A disk in
this mode does not contain what normal PC utilities would
consider a valid fdisk table. Depending on how well they have
been designed, they might complain at you once they are getting
in contact with such a disk, or even worse, they might damage
the BSD bootstrap without even asking or notifying you. In
addition, the <quote>dangerously dedicated</quote> disk's
layout is known to confuse many BIOSes, including those from
AWARD (e.g. as found in HP Netserver and Micronics systems as
well as many others) and Symbios/NCR (for the popular 53C8xx
range of SCSI controllers). This is not a complete list, there
are more. Symptoms of this confusion include the <errorname>read
error</errorname> message printed by the FreeBSD bootstrap when it
cannot find itself, as well as system lockups when
booting.</para>
<para>Why have this mode at all then? It only saves a few kbytes
of disk space, and it can cause real problems for a new
installation. <quote>Dangerously dedicated</quote> mode's
origins lie in a desire to avoid one of the most common
problems plaguing new FreeBSD installers - matching the BIOS
<quote>geometry</quote> numbers for a disk to the disk
itself.</para>
<para><quote>Geometry</quote> is an outdated concept, but one
still at the heart of the PC's BIOS and its interaction with
disks. When the FreeBSD installer creates slices, it has to
record the location of these slices on the disk in a fashion
that corresponds with the way the BIOS expects to find them. If
it gets it wrong, you will not be able to boot.</para>
<para><quote>Dangerously dedicated</quote> mode tries to work
around this by making the problem simpler. In some cases, it
gets it right. But it is meant to be used as a last-ditch
alternative - there are better ways to solve the problem 99
times out of 100.</para>
<para>So, how do you avoid the need for <quote>DD</quote> mode
when you are installing? Start by making a note of the geometry
that your BIOS claims to be using for your disks. You can
arrange to have the kernel print this as it boots by specifying
<option>-v</option> at the <literal>boot:</literal> prompt, or
using <command>boot -v</command> in the loader. Just before the
installer starts, the kernel will print a list of BIOS
geometries. Do not panic - wait for the installer to start and
then use scrollback to read the numbers. Typically the BIOS
disk units will be in the same order that FreeBSD lists your
disks, first IDE, then SCSI.</para>
<para>When you are slicing up your disk, check that the disk
geometry displayed in the FDISK screen is correct (ie. it
matches the BIOS numbers); if it is wrong, use the
<literal>g</literal> key to fix it. You may have to do this if
there is absolutely nothing on the disk, or if the disk has been
moved from another system. Note that this is only an issue with
the disk that you are going to boot from; FreeBSD will sort
itself out just fine with any other disks you may have.</para>
<para>Once you have got the BIOS and FreeBSD agreeing about the
geometry of the disk, your problems are almost guaranteed to be
over, and with no need for <quote>DD</quote> mode at all. If,
however, you are still greeted with the dreaded <errorname>read
error</errorname> message when you try to boot, it is time to cross
your fingers and go for it - there is nothing left to
lose.</para>
<para>To return a <quote>dangerously dedicated</quote> disk
for normal PC use, there are basically two options. The first
is, you write enough NULL bytes over the MBR to make any
subsequent installation believe this to be a blank disk. You
can do this for example with</para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/rda0 count=15</userinput></screen>
<para>Alternatively, the undocumented DOS
<quote>feature</quote></para>
<screen><prompt>C:\&gt;</prompt> <userinput>fdisk /mbr</userinput></screen>
<para>will to install a new master boot record as well, thus
clobbering the BSD bootstrap.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="safe-softupdates">
<para>Which partitions can safely use softupdates? I have
heard that softupdates on <filename>/</filename> can cause
problems.</para>
</question>
<answer>
<para>Short answer: you can usually use softupdates safely
on all partitions.</para>
<para>Long answer: There used to be some concern over using
softupdates on the root partition. Softupdates has two
characteristics that caused this. First, a softupdates
partition has a small chance of losing data during a
system crash. (The partition will not be corrupted; the
data will simply be lost.) Also, softupdates can cause
temporary space shortages.</para>
<para>When using softupdates, the kernel can take up to
thirty seconds to actually write changes to the physical
disk. If you delete a large file, the file still resides
on disk until the kernel actually performs the deletion.
This can cause a very simple race condition. Suppose you
delete one large file and immediately create another large
file. The first large file is not yet actually removed
from the physical disk, so the disk might not have enough
room for the second large file. You get an error that the
partition does not have enough space, although you know
perfectly well that you just released a large chunk of
space! When you try again mere seconds later, the file
creation works as you expect. This has left more than one
user scratching his head and doubting his sanity, the
FreeBSD filesystem, or both.</para>
<para>If a system should crash after the kernel accepts a
chunk of data for writing to disk, but before that data is
actually written out, data could be lost or corrupted.
This risk is extremely small, but generally manageable.
Use of IDE write caching greatly increases this risk; it
is strongly recommended that you disable IDE write caching
when using softupdates.</para>
<para>These issues affect all partitions using softupdates.
So, what does this mean for the root partition?</para>
<para>Vital information on the root partition changes very
rarely. Files such as <filename>/kernel</filename> and
the contents of <filename>/etc</filename> only change
during system maintenance, or when users change their
passwords. If the system crashed during the
thirty-second window after such a change is made, it is
possible that data could be lost. This risk is negligible
for most applications, but you should be aware that it
exists. If your system cannot tolerate this much risk,
do not use softupdates on the root filesystem!</para>
<para><filename>/</filename> is traditionally one of the
smallest partitions. By default, FreeBSD puts the
<filename>/tmp</filename> directory on
<filename>/</filename>. If you have a busy
<filename>/tmp</filename>, you might see intermittent
space problems. Symlinking <filename>/tmp</filename> to
<filename>/var/tmp</filename> will solve this
problem.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="inappropriate-ccd">
<para>What is inappropriate about my ccd?</para>
</question>
<answer>
<para>The symptom of this is:</para>
<screen>&prompt.root; <userinput>ccdconfig -C</userinput>
ccdconfig: ioctl (CCDIOCSET): /dev/ccd0c: Inappropriate file type or format</screen>
<para>This usually happens when you are trying to concatenate
the <literal>c</literal> partitions, which default to type
<literal>unused</literal>. The ccd driver requires the
underlying partition type to be FS_BSDFFS. Edit the disklabel
of the disks you are trying to concatenate and change the types
of partitions to <literal>4.2BSD</literal>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ccd-disklabel">
<para>Why can I not edit the disklabel on my ccd?</para>
</question>
<answer>
<para>The symptom of this is:</para>
<screen>&prompt.root; <userinput>disklabel ccd0</userinput>
(it prints something sensible here, so let us try to edit it)
&prompt.root; <userinput>disklabel -e ccd0</userinput>
(edit, save, quit)
disklabel: ioctl DIOCWDINFO: No disk label on disk;
use "disklabel -r" to install initial label</screen>
<para>This is because the disklabel returned by ccd is actually
a <quote>fake</quote> one that is not really on the disk.
You can solve this problem by writing it back explicitly,
as in:</para>
<screen>&prompt.root; <userinput>disklabel ccd0 &gt; /tmp/disklabel.tmp</userinput>
&prompt.root; <userinput>disklabel -Rr ccd0 /tmp/disklabel.tmp</userinput>
&prompt.root; <userinput>disklabel -e ccd0</userinput>
(this will work now)</screen>
</answer>
</qandaentry>
<qandaentry>
<question id="mount-foreign-fs">
<para>Can I mount other foreign filesystems under FreeBSD?</para>
</question>
<answer>
<variablelist>
<varlistentry>
<term>Digital UNIX</term>
<listitem>
<para>UFS CDROMs can be mounted directly on FreeBSD.
Mounting disk partitions from Digital UNIX and other
systems that support UFS may be more complex, depending
on the details of the disk partitioning for the operating
system in question.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Linux</term>
<listitem>
<para>As of 2.2, FreeBSD supports <literal>ext2fs</literal>
partitions. See &man.mount.ext2fs.8; for more
information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>NT</term>
<listitem>
<para>A read-only NTFS driver exists for FreeBSD. For more
information, see this tutorial by Mark Ovens at <ulink
URL="http://ukug.uk.FreeBSD.org/~mark/ntfs_install.html">
http://ukug.uk.FreeBSD.org/~mark/ntfs_install.html</ulink>.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>Any other information on this subject would be
appreciated.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="mount-dos">
<para>How do I mount a secondary DOS partition?</para>
</question>
<answer>
<para>The secondary DOS partitions are found after ALL the primary
partitions. For example, if you have an <quote>E</quote>
partition as the second DOS partition on the second SCSI drive,
you need to create the special files for <quote>slice 5</quote>
in /dev, then mount /dev/da1s5:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV da1s5</userinput>
&prompt.root; <userinput>mount -t msdos /dev/da1s5 /dos/e</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="crypto-filesystem">
<para>Is there a cryptographic filesystem for &os;?</para>
</question>
<answer>
<para>Yes; see the <filename role="package">security/cfs</filename> port.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="nt-bootloader">
<para>How can I use the NT loader to boot FreeBSD?</para>
</question>
<answer>
<para>This procedure is slightly different for 2.2.x and 3.x
(with the 3-stage boot) systems.</para>
<para>The general idea is that you copy the first sector of your
native root FreeBSD partition into a file in the DOS/NT
partition. Assuming you name that file something like
<filename>c:\bootsect.bsd</filename> (inspired by
<filename>c:\bootsect.dos</filename>), you can then edit the
<filename>c:\boot.ini</filename> file to come up with something
like this:</para>
<programlisting>[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows NT"
C:\BOOTSECT.BSD="FreeBSD"
C:\="DOS"</programlisting>
<para>For 2.2.x systems this procedure assumes that DOS, NT,
FreeBSD, or whatever have been installed into their respective
fdisk partitions on the <emphasis>same</emphasis>
disk. This example was tested on a system where DOS &amp; NT
were on the first fdisk partition, and FreeBSD on the second.
FreeBSD was also set up to boot from its native partition, not
the disk's MBR.</para>
<para>Mount a DOS-formatted floppy (if you have converted to NTFS)
or the FAT partition, under, say,
<filename>/mnt</filename>.</para>
<screen>&prompt.root; <userinput>dd if=/dev/rda0a of=/mnt/bootsect.bsd bs=512 count=1</userinput></screen>
<para>Reboot into DOS or NT. NTFS users copy the
<filename>bootsect.bsd</filename> and/or the
<filename>bootsect.lnx</filename> file from the floppy to
<filename>C:\</filename>. Modify the attributes (permissions)
on <filename>boot.ini</filename> with:</para>
<screen><prompt>C:\&gt;</prompt> <userinput>attrib -s -r c:\boot.ini</userinput></screen>
<para>Edit to add the appropriate entries from the example
<filename>boot.ini</filename> above, and restore the
attributes:</para>
<screen><prompt>C:\&gt;</prompt> <userinput>attrib +s +r c:\boot.ini</userinput></screen>
<para>If FreeBSD is booting from the MBR, restore it with the DOS
<command>fdisk</command> command after you reconfigure them to
boot from their native partitions.</para>
<para>For FreeBSD 3.x systems the procedure is somewhat
simpler.</para>
<para>If FreeBSD is installed on the same disk as the NT boot
partition simply copy <filename>/boot/boot1</filename> to
<filename>C:\BOOTSECT.BSD</filename> However, if FreeBSD is
installed on a different disk <filename>/boot/boot1</filename>
will not work, <filename>/boot/boot0</filename> is needed.
<warning>
<para>DO NOT SIMPLY COPY <filename>/boot/boot0</filename>
INSTEAD OF <filename>/boot/boot1</filename>, YOU WILL
OVERWRITE YOUR PARTITION TABLE AND RENDER YOUR COMPUTER
UN-BOOTABLE!</para>
</warning>
<filename>/boot/boot0</filename> needs to be installed using
sysinstall by selecting the FreeBSD boot manager on the
screen which asks if you wish to use a boot manager. This is
because <filename>/boot/boot0</filename> has the partition
table area filled with NULL characters but sysinstall copies
the partition table before copying
<filename>/boot/boot0</filename> to the MBR.</para>
<para>When the FreeBSD boot manager runs it records the last
OS booted by setting the active flag on the partition table
entry for that OS and then writes the whole 512-bytes of itself
back to the MBR so if you just copy
<filename>/boot/boot0</filename> to
<filename>C:\BOOTSECT.BSD</filename> then it writes an empty
partition table, with the active flag set on one entry, to the
MBR.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="lilo-bootloader">
<para>How do I boot FreeBSD and Linux from LILO?</para>
</question>
<answer>
<para>If you have FreeBSD and Linux on the same disk, just follow
LILO's installation instructions for booting a non-Linux
operating system. Very briefly, these are:</para>
<para>Boot Linux, and add the following lines to
<filename>/etc/lilo.conf</filename>:</para>
<programlisting>other=/dev/hda2
table=/dev/hda
label=FreeBSD</programlisting>
<para>(the above assumes that your FreeBSD slice is known to Linux
as <devicename>/dev/hda2</devicename>; tailor to suit your setup).
Then, run <command>lilo</command> as <username>root</username> and you should be
done.</para>
<para>If FreeBSD resides on another disk, you need to add
<literal>loader=/boot/chain.b</literal> to the LILO entry.
For example:</para>
<programlisting>other=/dev/dab4
table=/dev/dab
loader=/boot/chain.b
label=FreeBSD</programlisting>
<para>In some cases you may need to specify the BIOS drive number
to the FreeBSD boot loader to successfully boot off the second
disk. For example, if your FreeBSD SCSI disk is probed by BIOS
as BIOS disk 1, at the FreeBSD boot loader prompt you need to
specify:</para>
<screen>Boot: <userinput>1:da(0,a)/kernel</userinput></screen>
<para>On FreeBSD 2.2.5 and later, you can configure
&man.boot.8;
to automatically do this for you at boot time.</para>
<para>The <ulink
URL="http://sunsite.unc.edu/LDP/HOWTO/mini/Linux+FreeBSD.html">
Linux+FreeBSD mini-HOWTO</ulink> is a good reference for
FreeBSD and Linux interoperability issues.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="booteasy-loader">
<para>How do I boot FreeBSD and Linux using BootEasy?</para>
</question>
<answer>
<para>Install LILO at the start of your Linux boot partition
instead of in the Master Boot Record. You can then boot LILO
from BootEasy.</para>
<para>If you are running Windows-95 and Linux this is recommended
anyway, to make it simpler to get Linux booting again if you
should need to reinstall Windows95 (which is a Jealous
Operating System, and will bear no other Operating Systems in
the Master Boot Record).</para>
</answer>
</qandaentry>
<qandaentry>
<question id="changing-bootprompt">
<para>How do I change the boot prompt from <literal>???</literal> to
something more meaningful?</para>
</question>
<answer>
<para>You can not do that with the standard boot manager without
rewriting it. There are a number of other boot managers
in the <filename>sysutils</filename> ports category that
provide this functionality.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="removable-drives">
<para>I have a new removable drive, how do I use it?</para>
</question>
<answer>
<para>Whether it is a removable drive like a ZIP or an EZ drive
(or even a floppy, if you want to use it that way), or a new
hard disk, once it is installed and recognized by the system,
and you have your cartridge/floppy/whatever slotted in, things
are pretty much the same for all devices.</para>
<para><anchor id="disklabel">(this section is based on <ulink
URL="http://www.vmunix.com/mark/FreeBSD/ZIP-FAQ.html">
Mark Mayo's ZIP FAQ</ulink>)</para>
<para>If it is a ZIP drive or a floppy, you have already got a DOS
filesystem on it, you can use a command like this:</para>
<screen>&prompt.root; <userinput>mount -t msdos /dev/fd0c /floppy</userinput></screen>
<para>if it is a floppy, or this:</para>
<screen>&prompt.root; <userinput>mount -t msdos /dev/da2s4 /zip</userinput></screen>
<para>for a ZIP disk with the factory configuration.</para>
<para>For other disks, see how they are laid out using
&man.fdisk.8; or
&man.sysinstall.8;.</para>
<para>The rest of the examples will be for a ZIP drive on da2,
the third SCSI disk.</para>
<para>Unless it is a floppy, or a removable you plan on sharing
with other people, it is probably a better idea to stick a BSD
file system on it. You will get long filename support, at least a
2X improvement in performance, and a lot more stability. First,
you need to redo the DOS-level partitions/filesystems. You can
either use &man.fdisk.8; or
<filename>/stand/sysinstall</filename>, or for a small drive
that you do not want to bother with multiple operating system
support on, just blow away the whole FAT partition table
(slices) and just use the BSD partitioning:</para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/rda2 count=2</userinput>
&prompt.root; <userinput>disklabel -Brw da2 auto</userinput></screen>
<para>You can use disklabel or
<filename>/stand/sysinstall</filename> to create multiple BSD
partitions. You will certainly want to do this if you are adding
swap space on a fixed disk, but it is probably irrelevant on a
removable drive like a ZIP.</para>
<para>Finally, create a new file system, this one is on our ZIP
drive using the whole disk:</para>
<screen>&prompt.root; <userinput>newfs /dev/rda2c</userinput></screen>
<para>and mount it:</para>
<screen>&prompt.root; <userinput>mount /dev/da2c /zip</userinput></screen>
<para>and it is probably a good idea to add a line like this to
<filename>/etc/fstab</filename> (see &man.fstab.5;) so you can just type
<command>mount /zip</command> in the future:</para>
<programlisting>/dev/da2c /zip ffs rw,noauto 0 0</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="mount-cd-superblock">
<para>Why do I get <errorname>Incorrect super block</errorname> when
mounting a CDROM?</para>
</question>
<answer>
<para>You have to tell &man.mount.8; the type of the device
that you want to mount. This is described in the <ulink
URL="../handbook/creating-cds.html"> Handbook section on
optical media</ulink>, specifically the section <ulink
URL="../handbook/creating-cds.html#MOUNTING-CD">Using Data
CDs</ulink>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="cdrom-not-configured">
<para>Why do I get <errorname>Device not configured</errorname> when
mounting a CDROM?</para>
</question>
<answer>
<para>This generally means that there is no CDROM in the
CDROM drive, or the drive is not visible on the
bus. Please see the <ulink
URL="../handbook/creating-cds.html#MOUNTING-CD">Using Data
CDs</ulink> section of the Handbook for a detailed
discussion of this issue.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="cdrom-unicode-filenames">
<para>Why do all non-English characters in filenames show up as
<quote>?</quote> on my CDs when mounted in FreeBSD?</para>
</question>
<answer>
<para>Your CDROM probably uses the <quote>Joliet</quote>
extension for storing information about files and
directories. This is discussed in the Handbook chapter on
<ulink URL="../handbook/creating-cds.html">creating and
using CDROMs</ulink>, specifically the section on <ulink
URL="../handbook/creating-cds.html#MOUNTING-CD">Using Data
CDROMs</ulink>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="burncd-isofs">
<para>I burned a CD under FreeBSD and now I can not read it
under any other operating system. Why?</para>
</question>
<answer>
<para>You most likely burned a raw file to your CD, rather
than creating an ISO 9660 filesystem. Take a look at the
<ulink URL="../handbook/creating-cds.html">Handbook
chapter on creating CDROMs</ulink>, particularly the
section on <ulink
URL="../handbook/creating-cds.html#RAWDATA-CD">burning raw
data CDs</ulink>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="copy-cd">
<para>How can I create an image of a data CD?</para>
</question>
<answer>
<para>This is discussed in the Handbook section on <ulink
url="../handbook/creating-cds.html#IMAGING-CD">duplicating
data CDs</ulink>. For more on working with CDROMs, see the
<ulink url="../handbook/creating-cds.html">Creating CDs
Section</ulink> in the Storage chapter in the
Handbook.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="mount-audio-CD">
<para>Why can I not <command>mount</command> an audio
CD?</para>
</question>
<answer>
<para>If you try to mount an audio CD, you will get an error
like <errorname>cd9660: /dev/acd0c: Invalid
argument</errorname>. This is because
<command>mount</command> only works on filesystems. Audio
CDs do not have filesystems; they just have data. You
need a program that reads audio CDs, such as the
<filename role="package">audio/xmcd</filename> port.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="multi-session-CD">
<para>How do I <command>mount</command> a multi-session CD?</para>
</question>
<answer>
<para>By default, &man.mount.8; will attempt to mount the
last data track (session) of a CD. If you would like to
load an earlier session, you must use the
<option>-s</option> command line argument. Please see
&man.mount.cd9660.8; for specific examples.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="user-floppymount">
<para>How do I let ordinary users mount floppies, CDROMs and
other removable media?</para>
</question>
<answer>
<para>Ordinary users can be permitted to mount devices. Here is
how:</para>
<procedure>
<step>
<para>As <username>root</username> set the sysctl variable
<varname>vfs.usermount</varname> to
<literal>1</literal>.</para>
<screen>&prompt.root; <userinput>sysctl -w vfs.usermount=1</userinput></screen>
</step>
<step>
<para>As <username>root</username> assign the appropriate
permissions to the block device associated with the
removable media.</para>
<para>For example, to allow users to mount the first floppy
drive, use:</para>
<screen>&prompt.root; <userinput>chmod 666 /dev/fd0</userinput></screen>
<para>To allow users in the group
<groupname>operator</groupname> to mount the CDROM drive,
use:</para>
<screen>&prompt.root; <userinput>chgrp operator /dev/cd0c</userinput>
&prompt.root; <userinput>chmod 640 /dev/cd0c</userinput></screen>
</step>
<step>
<para>Finally, add the line
<literal><varname>vfs.usermount</varname>=1</literal> to the file
<filename>/etc/sysctl.conf</filename> so that it is reset
at system boot time.</para>
</step>
</procedure>
<para>All users can now mount the floppy
<devicename>/dev/fd0</devicename> onto a directory that they
own:</para>
<screen>&prompt.user; <userinput>mkdir ~/my-mount-point</userinput>
&prompt.user; <userinput>mount -t msdos /dev/fd0 ~/my-mount-point</userinput></screen>
<para>Users in group <groupname>operator</groupname> can now
mount the CDROM <devicename>/dev/cd0c</devicename> onto a
directory that they own:</para>
<screen>&prompt.user; <userinput>mkdir ~/my-mount-point</userinput>
&prompt.user; <userinput>mount -t msdos /dev/cd0c ~/my-mount-point</userinput></screen>
<para>Unmounting the device is simple:</para>
<screen>&prompt.user; <userinput>umount <filename>~/my-mount-point</filename></userinput></screen>
<para>Enabling <varname>vfs.usermount</varname>, however, has
negative security implications. A better way to access MSDOS
formatted media is to use the <ulink
URL="http://www.FreeBSD.org/cgi/ports.cgi?query=%5Emtools-&amp;stype=name">mtools</ulink> package in the ports collection.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="du-vs-df">
<para>The <command>du</command> and <command>df</command>
commands show different amounts of disk space available.
What is going on?</para>
</question>
<answer>
<para>You need to understand what <command>du</command> and
<command>df</command> really do. <command>du</command>
goes through the directory tree, measures how large each
file is, and presents the totals. <command>df</command>
just asks the filesystem how much space it has left. They
seem to be the same thing, but a file without a directory
entry will affect <command>df</command> but not
<command>du</command>.</para>
<para>When a program is using a file, and you delete the
file, the file is not really removed from the filesystem
until the program stops using it. The file is immediately
deleted from the directory listing, however. You can see
this easily enough with a program such as
<command>more</command>. Assume you have a file large
enough that its presence affects the output of
<command>du</command> and <command>df</command>. (Since
disks can be so large today, this might be a
<emphasis>very</emphasis> large file!) If you delete this
file while using <command>more</command> on it,
<command>more</command> does not immediately choke and
complain that it cannot view the file. The entry is
simply removed from the directory so no other program or
user can access it. <command>du</command> shows that it
is gone &mdash; it has walked the directory tree and the file
is not listed. <command>df</command> shows that it is
still there, as the filesystem knows that
<command>more</command> is still using that space. Once
you end the <command>more</command> session,
<command>du</command> and <command>df</command> will
agree.</para>
<para>Note that softupdates can delay the freeing of disk
space; you might need to wait up to 30 seconds for the
change to be visible!</para>
<para>This situation is common on web servers. Many people
set up a FreeBSD web server and forget to rotate the log
files. The access log fills up <filename>/var</filename>.
The new administrator deletes the file, but the system
still complains that the partition is full. Stopping and
restarting the web server program would free the file,
allowing the system to release the disk space. To prevent
this from happening, set up &man.newsyslog.8;.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="add-swap-space">
<para>How can I add more swap space?</para>
</question>
<answer>
<para>In the <ulink
url="../handbook/config-tuning.html">Configuration and
Tuning</ulink> section of the Handbook, you will find a
<ulink
url="../handbook/adding-swap-space.html">section</ulink>
describing how to do this.</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="admin">
<chapterinfo>
<author>
<firstname>Wei-Hon</firstname>
<surname>Chen</surname>
<affiliation>
<address><email>plasmaball@pchome.com.tw</email></address>
</affiliation>
</author>
</chapterinfo>
<title>¨t²ÎºÞ²z</title>
<qandaset>
<qandaentry>
<question id="startup-config-files">
<para>¨t²Î°_©l³]©wÀɦb­þ¡H</para>
</question>
<answer>
<para>±q 2.0.5R ¨ì 2.2.1R¡A¥D­nªº³]©wÀɬO
<filename>/etc/sysconfig</filename>¡C©Ò¦³ªº¿ï¶µ³£³Q«ü©w¦b³o­ÓÀÉ¡A
¦Ó¨ä¥L¹³ <filename>/etc/rc</filename> (°Ñ¨£ &man.rc.8;)
©M <filename>/etc/netstart</filename> ¥u¬O¤Þ¥Î¥¦¡C</para>
<para>Æ[¹î <filename>/etc/sysconfig</filename> ³o­ÓÀɨíץ¿¨ä­È¥H
¾A¦X§Aªº¨t²Î¡C³o­ÓÀɥεù¸Ñ¶ñº¡¥Hªí¥Ü¦ó³B¸Ó©ñ¸m¤°»ò³]©w¡C</para>
<para>¦b post-2.2.1 ¥H«á¤Î 3.0¡A<filename>/etc/sysconfig</filename>
¥ç§ó¦W¬°¤@­Ó§ó®e©ö´y­zªºÀɦW¥s &man.rc.conf.5; ¡A¨Ã¥B»yªk²¤Æ¤F¨Ç¡C
<filename>/etc/netstart</filename> ¥ç§ó¦W¬°
<filename>/etc/rc.network</filename> ¦]¦¹©Ò¦³ªºÀɮ׳£¥i¥H¥Î
<command>cp /usr/src/etc/rc* /etc</command> ¨Ó«þ¨©¡C</para>
<para>¦b 3.1 ¥H¤Î¡A<filename>/etc/rc.conf</filename> ³Q²¾¨ì
<filename>/etc/defaults/rc.conf</filename>¡C
<emphasis>¤d¸U¤£­n½s¿è³o­ÓÀÉ¡I</emphasis> ¦pªG
<filename>/etc/defaults/rc.conf</filename> ¤º¦³·Q­n§ó°Êªº¶µ¥Ø¡A
§AÀ³¸Ó±N¨º¤@¦æªº¤º®e«þ¨©¨ì <filename>/etc/rc.conf</filename>¡A
µM«á¦A­×§ï¥¦¡C</para>
<para>¨Ò¦p FreeBSD 3.1 ¤Î¥H«áªºª©¥»¤º¡A¦³¤@­Ó DNS ¦øªA¾¹ named¡A
¦Ó§A·Q­n±Ò°Ê¥¦¡C§A©Ò»Ý­n§@ªº¨Æ´N¬O¡G</para>
<screen>&prompt.root; <userinput>echo named_enable="YES" &gt;&gt; /etc/rc.conf</userinput></screen>
<para>·Q­n¦b FreeBSD 3.1 ¤Î¥H«áªºª©¥»¤¤¡A±Ò°Ê¥»¦aºÝªA°Èªº¸Ü¡A±N
shell script ¸m©ó <filename>/usr/local/etc/rc.d</filename> ¥Ø¿ý
¤U¡C³o¨Ç shell script À³¸Ó³]©w¦¨¥i°õ¦æ¡A¨Ã¥BÀɦW¥H .sh µ²§ô¡C
¦b FreeBSD 3.0 ¤Î§ó¦­ªºª©¥»¤¤¡A§AÀ³¸Óª½±µ½s¿è
<filename>/etc/rc.local</filename> ÀÉ¡C</para>
<para><filename>/etc/rc.serial</filename>¥Î¨Óªì©l¤Æ§Ç¦C°ð
¡]¹³¬OÂê©w°ðªº¯S©Êµ¥¡^¡C</para>
<para><filename>/etc/rc.i386</filename> ¬O Intel ±M¥Î³]©w¡A
¹³¬O iBCS2 ¼ÒÀÀ©Î¬O PC ¨t²Î¥D±±¥x³]©w¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="adding-users">
<para>§Ú¸Ó¦p¦ó²³æ¦a¥[¤J¨Ï¥ÎªÌ¡H</para>
</question>
<answer>
<para>¨Ï¥Î &man.adduser.8; «ü¥O¡C¦pªG»Ý­n§ó½ÆÂøªº¨Ï¥Î¤è¦¡¡A
½Ð¥Î &man.pw.8; ³o­Ó«ü¥O¡C</para>
<para>­n¦A¦¸²¾°£¨Ï¥ÎªÌ¡A¨Ï¥Î &man.rmuser.8; «ü¥O¡CÁÙ¦³¡A
&man.pw.8; ¤]¥i¥H¨Ï¥Î¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="root-not-found-cron-errors">
<para>¦b§Ú½s¿è crontab Àɮפ§«á¡A¬°¤°»ò§Ú¦Ñ¬O¦¬¨ì³o¼Ëªº°T®§¡G
<errorname>root: not found</errorname>¡H</para>
</question>
<answer>
<para>³q±`³£¬O¦]¬°½s¿è¤F¨t²Îªº crontab
(<filename>/etc/crontab</filename>) µM«á´N¥Î &man.crontab.1;
¥h¦w¸Ë¥¦¡G</para>
<screen>&prompt.root; <userinput>crontab /etc/crontab</userinput></screen>
<para>³o¼Ë§@¬O¤£¹ïªº¡C¨t²Îªº crontab ©M &man.crontab.1;
©Ò§ó·sªº¨Ï¥ÎªÌªº crontab ®æ¦¡¨Ã¤£¤@¼Ë (&man.crontab.5;
»¡©ú¤å¥ó°w¹ï®t²§³B¦³¸Ô²Óªº»¡©ú)¡C</para>
<para>¦pªG§A¤w¸g¥Î³oºØ¤èªk¡AÃB¥~¦h¥Xªº crontab ¥u´N¬O
<filename>/etc/crontab</filename> ªº«þ¨©¡A¥u¬O®æ¦¡¬O¿ù»~ªº¡C
¥i¥Î¥H¤Uªº©R¥O§R°£¡G</para>
<screen>&prompt.root; <userinput>crontab -r</userinput></screen>
<para>¤U¦¸§A½s¿è <filename>/etc/crontab</filename> Àɮתº®É­Ô¡A
§A¤£¥Î§@¥ô¦ó°Ê§@¥h³qª¾ &man.cron.8; ¡A¥¦¦Û°Ê·|¥h°»´ú¬O§_¦³§ó°Ê¡C
</para>
<para>¦pªG§A·Q­n¨C¤Ñ¡B¨C¶g¡B©Î¬O¨C¤ë©T©w°õ¦æ¬Y¨Ç°Ê§@¤@¦¸¡A¤]³\¥[­Ó
shell script ¦b <filename>/usr/local/etc/periodic</filename>
¥Ø¿ý¤U·|§ó¦n¡A¨t²Îªº cron ·|©T©w°õ¦æ &man.periodic.8; ©R¥O¡A
¥¦¥i±N§Aªºµ{¦¡©M¨ä¥¦ªº¨t²Î¶g´Á©Ê¤u§@¤@°_°õ¦æ¡C</para>
<para>³o­Ó¿ù»~ªº¯u¥¿­ì¦]¡A¬O¦]¬°¨t²Îªº crontab ¦³¤@­ÓÃB¥~ªºÄæ¦ì¡A
»¡©ú¸Ó©R¥O­n¥H¤°»ò¨Ï¥ÎªÌ¨­¥÷°õ¦æ¡C¦b FreeBSD ªº¹w³]¨t²Î crontab
¤¤¡A©Ò¦³ªº¶µ¥Ø³£¬O <username>root</username>¡C ·í³o­Ó crontab
³Q·í§@¬O <username>root</username> ªº¨Ï¥ÎªÌ crontab (¥¦©M¨t²Îªº
crontab ¬O <emphasis>¤£</emphasis> ¤@¼Ëªº)¡A&man.cron.8; ·|¥H¬°
<literal>root</literal> ¦r¦ê¬O±ý°õ¦æªº©R¥Oªº²Ä¤@­Ó¦r¡A¦ý¬O¹ê»Ú¤W
¨Ã¨S¦³³o¼Ëªº©R¥O¦s¦b¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="su-wheel-group">
<para>¬°¤°»ò§Ú·Q­n¥Î su ¦¨¬° <username>root</username> ®É¡A·|±o¨ì
<errorname>you are not in the correct group to su root</errorname>
ªº¿ù»~°T®§¡H</para>
</question>
<answer>
<para>³o¬O¤@­Ó¦w¥þ¯S©Ê¡C·Q­n§Q¥Î su ¦¨¬° <username>root</username>
(©Î¨ä¥¦¦³ superuser Åv­­ªº±b¸¹)¡A§A¤@©w­n¦b
<groupname>wheel</groupname> ¸s²Õ¤º¡C¦pªG¨S¦³³o­Ó¯S©Êªº¸Ü¡A
¥ô¦ó¤H¥u­n¦b¨t²Î¸Ì¦³±b¸¹¡A¨Ã¥B«ê¥©ª¾¹D <username>root</username>
ªº±K½X¡A´N¥i¥H¨ú±o superuser µ¥¯ÅªºÅv­­¥H¦s¨ú¨t²Î¡C¦³¤F³o­Ó¯S©Ê¡A
³o¼Ëªº±¡ªp´N¤£·|µo¥Í¡F¦pªG¨Ï¥ÎªÌ¤£¦b <groupname>wheel</groupname>
¸s²Õ¤ºªº¸Ü¡A&man.su.1; ·|Åý¥L­Ì³s¸ÕµÛÁä¤J±K½Xªº¾÷·|³£¨S¦³¡C</para>
<para>­nÅý¬Y¤H¥i¥H§Q¥Î su ¦¨¬° <username>root</username> ªº¸Ü¡A
¥u­n§â¥L­Ì©ñ¤J <groupname>wheel</groupname> ¸s²Õ¤º§Y¥i¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="rcconf-readonly">
<para>§Ú¦b <filename>rc.conf</filename> ÁÙ¬O¬Y­Ó°_°ÊÀɮ׸̥ǤF¿ù»~¡A
¦]¬°Àɮרt²ÎÅܦ¨°ßŪªº¡A§ÚµLªk¥h½s¿è¥¦¡C§Ú¸Ó«ç»ò¿ì¡H</para>
</question>
<answer>
<para>·í¹q¸£°Ý§A shell §¹¾ã¸ô®|¦W®É¡A¥u­n«ö <literal>ENTER
</literal>¡AµM«á°õ¦æ <command>mount /</command> ¥HŪ¼g¼Ò¦¡
­«·s±¾¸ü®ÚÀɮרt²Î¡C§A¤]³\»Ý­n°õ¦æ <command>mount -a -t ufs
</command>¡A±N§AºD¥Îªº¤å¦r½s¿è¾¹©Ò¦bªºÀɮרt²Î±¾¸ü¤W¨Ó¡C¦pªG
§AºD¥Îªº¤å¦r½s¿è¾¹¦bºô¸ôÀɮרt²Î¤Wªº¸Ü¡A§A¥²¶·¥ý¤â°Ê±Nºô¸ô³]©w
°_¨Ó¡A¥H«K±Nºô¸ôÀɮרt²Î±¾¸ü¤W¨Ó¡A©Î¬O¨Ï¥Î¥»¦aºÝÀɮרt²Î¤Wªº
½s¿è¾¹¡A¨Ò¦p &man.ed.1;¡C</para>
<para>¦pªG§A·Q­n¨Ï¥Î¹³ &man.vi.1; ©Î¬O &man.emacs.1; µ¥ªº¥þ¿Ã¹õ
¤å¦r½s¿è¾¹ªº¸Ü¡A§A¤]»Ý­n°õ¦æ
<command>export TERM=cons25 </command>¡A¥H«KÅý³o¨Ç½s¿è¾¹¯à°÷±q
&man.termcap.5; ¸ê®Æ®w¸ÌŪ¨ú¥¿½Tªº¸ê®Æ¡C</para>
<para>·í§A¤w¸g§¹¦¨¤F³o¨Ç¨BÆJ«á¡A§A¥i¥H·Ó§A¥­±`­×§ï¤åªk¿ù»~ªº¤è¦¡
¥h½s¿è <filename>/etc/rc.conf</filename> ÀɮסC¦b®Ö¤ß (kernel)
±Ò°Ê®É©ÒÅã¥Üªº¿ù»~°T®§¡A¯à°÷§i¶D§AÀɮפ¤­þ¤@¦æ¦³¿ù»~¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="printer-setup">
<para>¬°¤°»ò§Ú¨S¿ìªk³]©w§Úªº¦Lªí¾÷¡H</para>
</question>
<answer>
<para>½Ð°Ñ¦Ò¤@¤U Handbook ¤¤¡A¦³Ãö¦C¦Lªº³¡¥÷¡C¥¦À³¸Ó¯à°÷¸Ñ¨M
§A¤j³¡¥÷ªº°ÝÃD¡C½Ð°Ñ¦Ò <ulink URL="../handbook/printing.html">
Handbook ¤¤ªº¦C¦L³¡¥÷</ulink>¡C</para>
<para>¦³¨Ç¦Lªí¾÷»Ý­n¥D¾÷¤ä´©ªºÅX°Êµ{¦¡ (host-based driver) ¤~¯à
°õ¦æ¥ô¦ó¦C¦L¥\¯à¡CFreeBSD ¥»¨­¨Ã¤£¤ä´©³o¨Ç©Ò¿×ªº
<quote>WinPrinters</quote>¡C ¦pªG§Aªº¦Lªí¾÷µLªk¦b DOS ©Î
Windows NT 4.0 ¤U°õ¦æ¡A¨º¥¦¤j·§´N¬O¤@¥x WinPrinter¡C§A°ß¤@¯à¨Ï¥Î
³o¼Ëªº¦Lªí¾÷ªº§Æ±æ¡A´N¬O¸Õ¸Õ <filename role="package">
print/pnm2ppa</filename> ¤ä¤£¤ä´©¥¦¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="keyboard-mappings">
<para>§Ú­n«ç»ò¼Ë­×¥¿§Úªº¨t²Î©Ò¨Ï¥ÎªºÁä½L¹ï¬M (keyboard mapping)¡H
</para>
</question>
<answer>
<para>½Ð°Ñ¦Ò Handbook ¤¤ªº <ulink
url="../handbook/using-localization.html">using localization
</ulink> ³¹¸`¡A¤×¨ä¬O <ulink
url="../handbook/using-localization.html#SETTING-CONSOLE">console
setup</ulink> ³¹¸`¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="pnp-resources">
<para>¬°¤°»ò§Ú¦b¨t²Î±Ò°Ê®É¡A±o¨ì <errorname>unknown: &lt;PNP0303&gt;
can't assign resources</errorname> ªº°T®§¡H</para>
</question>
<answer>
<para>¥H¤U¬O±q freebsd-current ³q«H½×¾Âªº¤@½g¤å³¹¤¤¸`¿ý¥X¨Óªº¡C</para>
<blockquote>
<attribution>&a.wollman;, 2001 ¦~¥|¤ë 24 ¤é</attribution>
<para><quote>µLªk«ü¬£¸ê·½ (can't assign resources)</quote> °T®§ªí¥Ü
¨º¨Ç¸Ë¸m¬O¶Ç²Îªº ISA ¸Ë¸m¡A¦Ó®Ö¤ß¤¤¤w¸g½s¤J¤£»{±o PNP ªºÅX°Êµ{
¦¡¡C³o¨Ç¸Ë¸m¥]¬AÁä½L±±¨î¾¹¡A¥iµ{¦¡¤Æ§ÃÂ_±±¨î´¹¤ù¡AÁÙ¦³´X­Ó¼Ð·Ç
³]³Æ¡C¸ê·½µLªk«ü¬£µ¹³o¨Ç¸Ë¸m¡A¬O¦]¬°¦­¤w¦³ÅX°Êµ{¦¡¨Ï¥Î¨º¨Ç¦ì§}
¤F¡C</para>
</blockquote>
</answer>
</qandaentry>
<qandaentry>
<question id="user-quotas">
<para>¬°¤°»ò§ÚµLªkÅý user quotas ¥¿±`¤u§@¡H</para>
</question>
<answer>
<orderedlist>
<listitem>
<para>¤£­n¦b <filename>/</filename> ¥´¶} quotas¡A</para>
</listitem>
<listitem>
<para>§â quotas ÀÉ©ñ¦b¥¦¥²¶·±j­¢¸m¤JªºÀɮרt²Î¤º¡AÁ|¨Ò¡G</para>
<informaltable frame="none">
<tgroup cols="2">
<thead>
<row>
<entry>Àɮרt²Î</entry>
<entry>Quota ÀÉ</entry>
</row>
</thead>
<tbody>
<row>
<entry><filename>/usr</filename></entry>
<entry><filename>/usr/admin/quotas</filename></entry>
</row>
<row>
<entry><filename>/home</filename></entry>
<entry><filename>/home/admin/quotas</filename></entry>
</row>
<row>
<entry>&hellip;</entry>
<entry>&hellip;</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</listitem>
</orderedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="sysv-ipc">
<para>FreeBSD ¤ä´© System V IPC ®æ¦¡«ü¥O¶°¡H</para>
</question>
<answer>
<para>¬Oªº¡AFreeBSD ¤ä´© System V-style IPC¡C³o¥]¬A¦@¨É°O¾ÐÅé¡A
°T®§¸ò«H¸¹¡C§A»Ý­n¦b§Aªº®Ö¤ß³]©wÀɤº¥[¤J¤U¦C´X¦æ¥H±Ò°Ê¥¦­Ì¡C</para>
<programlisting>options SYSVSHM # enable shared memory
options SYSVSEM # enable for semaphores
options SYSVMSG # enable for messaging</programlisting>
<note>
<para>¦b FreeBSD 3.2 ¥H¤Î¤§«áªºª©¥»¡A³o¨Ç¿ï¶µ¤w¸g¬O
<emphasis>GENERIC</emphasis> ®Ö¤ßªº¤@³¡¥÷¡A¤]´N¬O»¡¥¦­Ì¤w
¸g½s¶i¤F§Aªº¨t²Î¤¤¡C</para>
</note>
<para>­«·s½sĶ¨Ã¦w¸Ë¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="uucpmail">
<para>§Ú¸Ó¦p¦óÅý sendmail ³z¹L UUCP ¨Ó»¼°e¶l¥ó¡H</para>
</question>
<answer>
<para>¸òÀH FreeBSD ®M¸Ë¦Ó¨Óªº sendmail ³]©w¬O¾A¦X¨º¨Çª½±µ³s¤Wºô»Úºô¸ô
ªº¯¸¥x¡C·Q³z¹L UUCP ¥æ´«¶l¥óªº¯¸¥x¥²¶·¥t¥~¦w¸Ë sendmail ªº³]©wÀɮסC
</para>
<para>¤â°Ê­×§ï <filename>/etc/sendmail.cf</filename> ¬Oµ´¹ï¥²­nªº¡C
²Ä 8 ª©ªº sendmail ´£¨Ñ¤@­Ó¥þ·sªº¤J¤f¥H³z¹L¤@¨Ç¹³ &man.m4.1;
ªº³B²z´N¯à²£¥Í³]©wÀÉ¡A³o¨Æ¹ê¤W¬O¤@­Ó°ª¼h·§©Àµ¥¯Åªº§Þ¥©©Ê³]©w¡C
§AÀ³¸Ó¥i¥H¦b <filename>/usr/src/usr.sbin/sendmail/cf</filename>
¥H¤U¸Ì¨Ï¥Î¥¦¡G</para>
<para>°²¦p§A¤£¬O¥Î full sources ¤è¦¡¦w¸Ë¨t²Î¡A¨º»ò sendmail
³]©w¶µ¥Ø¥i¯à¤w¸g¤À´²¦¨¦n´X­Ó¨Ó·½¤À¥¬Àɦbµ¥µÛ§A¡A°²³]§A¤w¸g
mount ¥úºÐ¾÷¡A°µ¥H¤U°Ê§@¡G</para>
<screen>&prompt.root; <userinput>cd /cdrom/src</userinput>
&prompt.root; <userinput>cat scontrib.?? | tar xzf - -C /usr/src contrib/sendmail</userinput></screen>
<para>§OÅå·W¡A³o¥u¦³¼Æ¤Q¸U­Ó¦ì¤¸²Õªº¤j¤p¡C¦b <filename>cf</filename>
¥Ø¿ý¸Ìªº <filename>README</filename> ¥i¥H´£¨Ñ¤@­Ó m4 ³]©wªkªº°ò
¥»¤¶²Ð¡C</para>
<para>¥H UUCP »¼°e¨Ó»¡¡A«Øij§A³Ì¦n¨Ï¥Î <literal>mailertable</literal>
¯SÂI¡C«Øºc¤@­Ó¸ê®Æ®wÅý sendmail ¥i¥H¨Ï¥Î¥¦¦Û¤vªº¸ô®|¨Mµ¦¡C</para>
<para>­º¥ý¡A§A¥²¶·«Ø¥ß¦Û¤vªº <filename>.mc</filename> ÀÉ¡C
<filename>/usr/src/usr.sbin/sendmail/cf/cf</filename> ¥Ø¿ý¬O³o¨Ç
Àɮתº®a¡C¬d¬Ý¤@¤U¡A¤w¸g¦³¦n´X­Ó½d¨ÒÀÉ¡A°²³]§A¤w¸g©R¦W¦Û¤vªºÀÉ¥s
<filename>foo.mc</filename>¡A§A­n°µªº¥u¬O§â¥¦Âà´«¦¨¤@­Ó¦³®Äªº
<filename>sendmail.cf</filename>¡G</para>
<screen>&prompt.root; <userinput>cd /usr/src/usr.sbin/sendmail/cf/cf</userinput>
&prompt.root; <userinput>make foo.cf</userinput>
&prompt.root; <userinput>cp foo.cf /etc/mail/sendmail.cf</userinput></screen>
<para>¤@­Ó¨å«¬ªº <filename>.mc</filename> Àɬݰ_¨Ó¥i¯à¹³³o¼Ë¡G</para>
<programlisting>VERSIONID(`<replaceable>Your version number</replaceable>')
OSTYPE(bsd4.4)
FEATURE(accept_unresolvable_domains)
FEATURE(nocanonify)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
define(`UUCP_RELAY', <replaceable>your.uucp.relay</replaceable>)
define(`UUCP_MAX_SIZE', 200000)
define(`confDONT_PROBE_INTERFACES')
MAILER(local)
MAILER(smtp)
MAILER(uucp)
Cw <replaceable>your.alias.host.name</replaceable>
Cw <replaceable>youruucpnodename.UUCP</replaceable></programlisting>
<para><literal>accept_unresolvable_domains</literal>¡A
<literal>nocanonify</literal>¡A ©M
<literal>confDONT_PROBE_INTERFACES</literal> ¯S©Ê±NÁקK¥ô¦ó¦b
»¼°e¶l¥ó®É·|¥Î¨ì DNS ªº¾÷·|¡C<literal>UUCP_RELAY</literal>
¶µ¥Øªº¥X²{²z¥Ñ«Ü©_©Ç¡A´N¤£­n°Ý¬°¦ó¤F¡C²³æªº©ñ¤J¤@­Óºô»Úºô¸ô
¤W¥i¥H³B²z .UUCP µêÀÀºô°ì¦ì§}ªº¥D¾÷¦WºÙ¡F³q±`¡A§A¥u»Ý­n¦b³o
¸Ì¶ñ¤J§A ISP ªº«H¥ó¦^ÂгB (mail replay)¡C</para>
<para>§A¤w¸g°µ¨ì³o¸Ì¤F¡A§AÁٻݭn³o­Ó¥s
<filename>/etc/mail/mailertable</filename>¡C¦pªG§A¥u¦³¤@­Ó¥Î
¨Ó¶Ç»¼©Ò¦³¶l¥óªº¹ï¥~³q¹Dªº¸Ü¡A¥H¤UªºÀÉ®×´N¨¬°÷¤F¡G</para>
<programlisting>#
# makemap hash /etc/mail/mailertable.db &lt; /etc/mail/mailertable
uucp-dom:<replaceable>your.uucp.relay</replaceable></programlisting>
<para>¥t¤@­Ó§ó½ÆÂøªº¨Ò¤l¬Ý°_¨Ó¹³³o¼Ë¡G</para>
<programlisting>#
# makemap hash /etc/mail/mailertable.db &lt; /etc/mail/mailertable
#
horus.interface-business.de uucp-dom:horus
interface-business.de uucp-dom:if-bus
interface-business.de uucp-dom:if-bus
heep.sax.de smtp8:%1
horus.UUCP uucp-dom:horus
if-bus.UUCP uucp-dom:if-bus
uucp-dom:</programlisting>
<para>¦p§A©Ò¨£¡A³o¬O¬Y­Ó¯u¹êÀɮ׸̪º¤@³¡¥÷¡C­º¤T¦æ³B²zºô°ì©w§}«H¥ó
¤£À³¸Ó³Q°e¥X¨ì¤º©w¸ô®|¡A¦Ó¥Ñ¬Y¨Ç UUCP ¾F©~(UUCP neighbor)¨ú¥N
ªº¯S®í±¡§Î¡A³o¬O¬°¤F <quote>ÁYµu</quote>»¼°eªº¸ô®|¡C¤U¤@¦æ³B²z¨ì
¥»¦a¤A¤Óºô¸ôºô°ìªº«H¥óÅý¥¦¥i¥H¨Ï¥Î SMTP ¨Ó»¼°e¡C³Ì«á¡AUUCP ¾F©~´£¨ì
.UUCP µêÀÀºô°ìªº°O¸ü¡A¤¹³\¤@­Ó <literal><replaceable>uucp-neighbor
</replaceable>!<replaceable>recipient</replaceable></literal> ±À½
¤º©w³W«h¡C³Ì«á¤@¦æ«h¥H¤@­Ó³æ¿Wªº¥yÂI°µµ²§ô¡A¥H UUCP »¼°e¨ì´£¨Ñ·í
§A¥þ¥@¬É©Ê¶l¥ó¹hªùªºUUCP ¾F©~¡C©Ò¦³¦b <literal>uucp-dom:</literal>
ÃöÁä¦r¸Ìªº¸`ÂI¦WºÙ¥²¶·³£¬O¦³®Äªº UUCP ¾F©~¡A§A¥i¥H¥Î
<literal>uuname</literal> ©R¥O¥h½T»{¡C
</para>
<para>´£¿ô§A³o­ÓÀɮצb¨Ï¥Î«e¥²¶·³QÂà´«¦¨ DBM ¸ê®Æ®wÀɮסA³Ì¦n¦b
mailertable ³Ì¤W­±¥Îµù¸Ñ¼g¥X©R¥O¦C¨Ó§¹¦¨³o­Ó¤u§@¡C·í§A¨C¦¸§ó´«§A
ªº mailertable «á§AÁ`¬O»Ý­n°õ¦æ³o­Ó©R¥O¡C</para>
<para>³Ì«á´£¥Ü¡G¦pªG§A¤£½T©w¬Y¨Ç¯S©wªº«H¥ó¸ô®|¥i¥Î¡A°O±o§â
<option>-bt</option> ¿ï¶µ¥[¨ì sendmail¡C³o·|±N sendmail ±Ò°Ê¦b
<emphasis>address test mode</emphasis>¡F¥u­n«ö¤U
<literal>0</literal>¡A±µµÛ¿é¤J§A§Æ±æ´ú¸Õªº«H¥ó¸ô®|¦ì§}¡C
³Ì«á¤@¦æ§i¶D§A¨Ï¥Î¤º³¡ªº«H¥ó¥N²zµ{¦¡¡A¥N²zµ{¦¡ªº·|³qª¾¥Øªº¥D¾÷¡A
¥H¤Î(¥i¯àÂà´«ªº)¦ì§}¡C­nÂ÷¶}¦¹¼Ò¦¡½Ð«ö Control-D¡C</para>
<screen>&prompt.user; <userinput>sendmail -bt</userinput>
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter &lt;ruleset&gt; &lt;address&gt;
<prompt>&gt;</prompt> <userinput>3,0 foo@example.com</userinput>
canonify input: foo @ example . com
..
parse returns: $# uucp-dom $@ <replaceable>your.uucp.relay</replaceable> $: foo &lt; @ example . com . &gt;
<prompt>&gt;</prompt> <userinput>^D</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="ispmail">
<para>·í§Ú¥Î¼·±µ³s¤Wºô¸ô®É¸Ó«ç»ò³]©w«H¥ó»¼°e¡H</para>
</question>
<answer>
<para>¦pªG§A¤w¸g¦³¤@­Ó©T©wªº IP ¼Æ¦r¡A§A¤£»Ý­n½Õ¾ã¥ô¦ó¤º©w­È¡C³]¦n
§A­n«ü©wªººô¸ô¦WºÙ¡A¨ä¥Lªº sendmail ³£·|À°§A°µ§¹¡C</para>
<para>¦pªG§A®³¨ìªº¬O°ÊºA°t¸mªº IP ¼Æ¦r¦Ó¨Ï¥Î¼·±µ ppp ³s±µ¨ìºô»Úºô
¸ô¡A§A¥i¯à¤w¸g¦b§Aªº ISP «H¥ó¥D¾÷¤W¦³¤@­Ó«H½c¡C°²³]§Aªº ISP ºô°ì
¬O <hostid role="domainname">example.net</hostid>¡A§Aªº¨Ï¥ÎªÌ¦W
ºÙ¬O <username>user</username>¡C¥ç°²³]§AºÙ¦Û¤vªº¥D¾÷¦WºÙ¬O
<hostid role="fqdn">bsd.home</hostid> ¦Ó§Aªº ISP §i¶D§A¥i¥H¨Ï¥Î
<hostid role="fqdn">relay.example.net</hostid> ·í§@«H¥ó¦^ÂгB¡C
</para>
<para>¬°¤F±q§Aªº«H½c±µ¦¬«H¥ó¡A§A±N»Ý­n¦w¸Ë¨ú«Hµ{¦¡¥H«K±q«H½c¨ú¦^«H¥ó¡C
<application>Fetchmail</application> ¬O¤@­Ó¤£¿ùªº¿ï¾Ü¡A¦]¬°¥¦¤ä
´©³\¦h¤£¦Pªº³q°T¨ó©w¡A³q±`§Aªº ISP ·|´£¨Ñ POP3¡C¦pªG§A¿ï¾Ü¨Ï¥Î
user-ppp¡A§A¥i¥H¦b³s½u¨ìºô¸ô¦¨¥\«á¦Û°Ê§ì¨ú§Aªº«H¥ó¡A¥u­n¦b
<filename>/etc/ppp/ppp.linkup</filename>¸Ì­±³]©w¥H¤U³o¶µ¡G</para>
<programlisting>MYADDR:
!bg su user -c fetchmail</programlisting>
<para>°²¨Ï§A¥¿¨Ï¥Î <application>sendmail</application> (¦p¤U©Ò¥Ü)
¶Ç°e«H¥ó¨ì«D¥»¦a±b¸¹¡A¸m¤J¥H¤U©R¥O¡G</para>
<programlisting> !bg su user -c "sendmail -q"</programlisting>
<para>¦b¤W­±¨º¶µ©R¥O¤§«á¡C³o·|±j­¢ <application>sendmail</application>
¦b³s±µ¤Wºô¸ô«á°¨¤W¶}©l³B²z mailqueue¡C</para>
<para>§Ú°²³]§A¦b <hostid role="fqdn">bsd.home</hostid> ¾÷¾¹¤W¦³¤@­Ó
<username>user</username> ªº±b¸¹¡C¦b <hostid
role="fqdn">bsd.home</hostid> ¾÷¾¹¤W <username>user</username>
ªº®a¥Ø¿ý¸Ì«Ø¥ß¤@­Ó <filename>.fetchmailrc</filename> ªºÀɮסG</para>
<programlisting>poll example.net protocol pop3 fetchall pass MySecret</programlisting>
<para>µL¶·Âب¥¡A³o­ÓÀÉ°£¤F <username>user</username> ¥~¤£À³¸Ó³Q¥ô
¦ó¤HŪ¨ú¡A¦]¬°¥¦¥]§t <literal>MySecret</literal> ³o­Ó±K½X¡C</para>
<para>¬°¤F¦b±H«H®É¦³¥¿½Tªº©ïÀY <literal>from:</literal>¡A§A¥²¶·§i¶D
<application>sendmail</application> ¨Ï¥Î
<literal>user@example.net</literal> ¦Ó«D
<literal>user@bsd.home</literal>¡C§A¥i¯à·|§Æ±æ§i¶D
<application>sendmail</application> ±q
<hostid role="fqdn">relay.example.net</hostid> °e¥X©Ò¦³«H¥ó¡A
¥[§Ö«H¥ó¶Ç°e¡C</para>
<para>¥H¤Uªº <filename>.mc</filename> ÀÉÀ³¯àº¡¨¬§Aªº­n¨D¡G</para>
<programlisting>VERSIONID(`bsd.home.mc version 1.0')
OSTYPE(bsd4.4)dnl
FEATURE(nouucp)dnl
MAILER(local)dnl
MAILER(smtp)dnl
Cwlocalhost
Cwbsd.home
MASQUERADE_AS(`example.net')dnl
FEATURE(allmasquerade)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(nocanonify)dnl
FEATURE(nodns)dnl
define(`SMART_HOST', `relay.example.net')
Dmbsd.home
define(`confDOMAIN_NAME',`bsd.home')dnl
define(`confDELIVERY_MODE',`deferred')dnl</programlisting>
<para>¦p¦óÂà´«³o­Ó <filename>.mc</filename> Àɮרì
<filename>sendmail.cf</filename> Àɪº¸Ô²Ó²Ó¸`¡A½Ð°Ñ¦Ò¤W¤@¸`¡C
¥t¥~¡A¦b§ó·s <filename>sendmail.cf</filename> ¥H«á¤£­n§Ñ°O­«·s±Ò°Ê
<application>sendmail</application>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="sendmail-alternative">
<para>°£¤F Sendmail ¥~¡AÁÙ¦³­þ¨Ç¶l¥ó¦øªA¾¹¥i¥H¨Ï¥Î©O¡H</para>
</question>
<answer>
<para><ulink url="http://www.sendmail.org/">Sendmail</ulink>
¬O FreeBSD ¹w³]¨Ï¥Îªº¶l¥ó¦øªA¾¹¡A¦ý¬O§AÁÙ¬O¥i¥H«Ü®e©ö¦a¥H¨ä¥¦
¶l¥ó¦øªA¾¹ (¨Ò¦p¡A±q port ¦w¸Ëªº¶l¥ó¦øªA¾¹) ¨ú¥N¤§¡C</para>
<para>port ¸Ì¦³«Ü¦h¥i¨Ñ¿ï¾Üªº¶l¥ó¦øªA¾¹¡A¹³
<filename role="package">mail/exim</filename>¡B
<filename role="package">mail/postfix</filename>¡B
<filename role="package">mail/qmail</filename>¡B
<filename role="package">mail/zmailer</filename> 杭A
´N¬O´X­Ó«Ü¨üÅwªïªº¿ï¾Ü¡C</para>
<para>¦h¼Ë¿ï¾Ü¬O¦n¨Æ¡A¦Ó¥B¤j®a¦³³\¦h¶l¥ó¦øªA¾¹¥i¥H¨Ï¥Î¤]³Q»{¬°¬O
¦n¨Æ¡F©Ò¥H½ÐÁקK¦b³q«H½×¾Â¸Ì°Ý¹³ <quote>Sendmail ¦³¤ñ Qmail
¦n¶Ü¡H</quote> ³o¼Ëªº°ÝÃD¡C¦pªG§A¯uªº«Ü·Q°Ýªº¸Ü¡A½Ð¥ý¨ì³q«H½×¾Â
archive ¸Ì§ä¤@¤U¡C¨C¤@­Ó¶l¥ó¦øªA¾¹ªºÀuÂI»P¯ÊÂI¡A¥H«e¤j·§´N¤w¸g
°Q½×¦n´X¦¸¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="forgot-root-pw">
<para>§Ú§Ñ¤F <username>root</username> ±K½X¤F¡I«ç»ò¿ì¡H</para>
</question>
<answer>
<para>¤£­nÅå·W¡I¥u­n­«·s±Ò°Ê¨t²Î¡A¦b¬Ý¨ì Boot: ®É¿é¤J
<userinput>boot -s</userinput> §Y¥i¶i¤J³æ¨Ï¥ÎªÌ¼Ò¦¡
(¦b 3.2-RELEASE ¤§«eªºª©¥»½Ð§ï¥Î <userinput>-s</userinput>)¡C
¦b°Ý­n¨Ï¥Î­þ­Ó shell ®É¡A«ö¤U ENTER¡C§A·|¬Ý¨ì¤@­Ó &prompt.root;
ªº´£¥Ü¸¹¡A¿é¤J <command>mount -u /</command> ¥H­«·s±¾¤W(mount)
§Aªº®ÚÀɮרt²Î¥i¨ÑŪ/¼g¡C°õ¦æ <command>passwd root</command>
¥H§ó´« <username>root</username> ±K½X¡AµM«á°õ¦æ &man.exit.1;
Ä~Äò±Ò°Êµ{§Ç¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="CAD-reboot">
<para>§Ú¸Ó«ç»òÅý Control-Alt-Delete ¤£·|­«·s±Ò°Ê¨t²Î¡H</para>
</question>
<answer>
<para>¦pªG§A¬O¨Ï¥Î FreeBSD 2.2.7-RELEASE ©Î¤§«áª©¥»ªº
syscons(¨t²Î¤º©wªº¥D±±¥xÅX°Êµ{¦¡)¡A§â¤U¦C³o¦æ©ñ¨ì®Ö¤ß³]©wÀɤº¡A
µM«á­«°µ¤@­Ó·sªº®Ö¤ß¡G</para>
<programlisting>options SC_DISABLE_REBOOT</programlisting>
<para>­Y¬O¨Ï¥Î FreeBSD 2.2.5-RELEASE ©Î¤§«áª©¥»ªº PCVT ¥D±±¥xÅX°Ê
µ{¦¡¡A«h¥H¤U¦C¿ï¶µ¥N´À¡G</para>
<programlisting>options PCVT_CTRL_ALT_DEL</programlisting>
<para>¨ä¥L§ó¦­´Áªº FreeBSD ª©¥»¡A½Ð­×§ï§A¥¿¦b¨Ï¥Îªº¥D±±¥xÁä½L¹ïÀ³¡A
¨Ã±N©Ò¦³ <literal>boot</literal> ÃöÁä¦r¥H <literal>nop</literal>
¨ú¥N¡C¤º©wªºÁä½L¹ïÀ³¬O¦b
<filename>/usr/share/syscons/keymaps/us.iso.kbd</filename>¡C
§A¥i¯à»Ý­n©ú¥Õªº§h©J <filename>/etc/rc.conf</filename> ¥hŪ¨ú
³o­ÓÁä½L¹ïÀ³¥H½T«O§ó°Ê¥Í®Ä¡C·íµM¦pªG§A¥¿¦b¥Î¾A¦X§A°êÄyªºÁä½L¹ïÀ³¡A
§AÀ³¸Ó½s¿è¨º¤@­Ó¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="dos-to-unix-txt">
<para>§Ú¸Ó«ç»ò§â DOS ¤å¦rÀÉ®×­«·s®æ¦¡¤Æ¦¨ UNIX ªº¡H</para>
</question>
<answer>
<para>¥u­n¨Ï¥Î³o­Ó perl ©R¥O¡G</para>
<screen>&prompt.user; <userinput>perl -i.bak -npe 's/\r\n/\n/g' file ...</userinput></screen>
<para>file ´N¬O­n³B²zªºÀɮסC³o­Ó­×§ï¬O¦b¤º³¡§¹¦¨¡A­ì©lªºÀÉ®×·|Àx¦s¦¨
°ÆÀɦW¬° .bak ªºÀɮסC</para>
<para>©ÎªÌ§A¥i¥H¨Ï¥Î &man.tr.1; ³o­Ó©R¥O¡G</para>
<screen>&prompt.user; <userinput>tr -d '\r' &lt; <replaceable>dos-text-file</replaceable> &gt; <replaceable>unix-file</replaceable></userinput></screen>
<para><replaceable>dos-text-file</replaceable> ¬O¥]§t DOS ¤å¦rªº
ÀɮסA¦Ó <replaceable>unix-text-file</replaceable> «h¬O¥]§tÂà´«
ªº¿é¥Xµ²ªG¡C³o¤ñ¨Ï¥Î perl ÁÙ­n§Ö¤W¤@ÂIÂI¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="kill-by-name">
<para>§Ú¸Ó«ç»ò¥Î¦WºÙ¬å±¼ process¡H</para>
</question><answer>
<para>¨Ï¥Î &man.killall.1; ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="root-acl">
<para>¬°¦ó¦b su ¤@ª½»¡§Ú¤£¦b <username>root</username> ªº ACL ¸Ì¡H
</para>
</question>
<answer>
<para>³o­Ó¿ù»~¬O¦]¬° Kerberos ¤À´²»{ÃÒ¨t²Î¡C³o­Ó°ÝÃD¨Ã¤£¬O«ÜÄY­«
¦ý¬O¥O¤H¹½·Ð¡C§A¥i¥H¥Î -K ¿ï¶µ¥h°õ¦æ su¡A©Î¬O¹³¤U­Ó°ÝÃD©Ò´y­zªº
²¾°£ Kerberos¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="uninstall-kerberos">
<para>§Ú¸Ó«ç»ò²¾°£ Kerberos¡H</para>
</question>
<answer>
<para>­n±q¨t²Î¸Ì²¾°£ Kerberos¡A­«¸Ë§A¥¿¦b°õ¦æªº release ª©¥»ªº
bin distribution¡C¦pªG§A¦³ CDROM¡A§A¥i¥H mount cd(°²³]¦b /cdrom)
¨Ã°õ¦æ¡G</para>
<screen>&prompt.root; <userinput>cd /cdrom/bin</userinput>
&prompt.root; <userinput>./install.sh</userinput></screen>
<para>©ÎªÌ§A¤]¥i¥H±N <filename>/etc/make.conf</filename> ¸Ìªº
"MAKE_KERBEROS" ¿ï¶µ¥þ³£®³±¼¡AµM«á¦A build world.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="add-pty">
<para>§Ú¸Ó«ç»ò¼W¥[¨t²ÎªºµêÀÀ²×ºÝ¾÷¡H</para>
</question>
<answer>
<para>¦pªG§A¦³³\¦h telnet¡Assh¡AX ©Î¬O screen ¨Ï¥ÎªÌ¡A§A©Î³\·|¥Î§¹
µêÀÀ²×ºÝ¾÷¡A³o¯à±Ð§A«ç»ò¥[§ó¦h¡G</para>
<procedure>
<step>
<para>«Ø¥ß¨Ã¦w¸Ë¤@­Ó·sªº®Ö¤ßµ{¦¡¨Ã¥B§â³o¤@¦æ</para>
<programlisting>pseudo-device pty 256</programlisting>
<para>¥[¤J¨ì³]©wÀɸ̡C</para>
</step>
<step>
<para>°õ¦æ³o­Ó©R¥O¡G</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV pty{1,2,3,4,5,6,7}</userinput></screen>
<para>·|³y¥X 256 ­ÓµêÀÀ²×ºÝ¾÷ªº¸Ë¸m¸`ÂI¡C</para>
</step>
<step>
<para>½s¿è <filename>/etc/ttys</filename> ¨Ã¥[¤J²Å¦X 256
­Ó²×ºÝ¾÷ªº¦æ¼Æ¡C¥¦­ÌÀ³¸Ó²Å¦X¤w¸g¦s¦b³æ¶µªº®æ¦¡¡AÁ|¨Ò¨Ó»¡¡A
¥¦­Ì¬Ý°_¨Ó¹³¡G</para>
<programlisting>ttyqc none network</programlisting>
<para>¦r¥À³]­pªº¶¶§Ç¬O
<literal>tty[pqrsPQRS][0-9a-v]</literal>¡A¨Ï¥Î¥¿³Wªí¥Ü¦¡¡C
</para>
</step>
<step>
<para>¥Î·sªº®Ö¤ßµ{¦¡­«·s±Ò°Ê¹q¸£´N¥i¥H¤F¡C</para>
</step>
</procedure>
</answer>
</qandaentry>
<qandaentry>
<question id="create-snd0">
<para>/dev/snd0 ³o­Ó¸Ë¸m°µ¤£¥X¨Ó¡I</para>
</question>
<answer>
<para>¨Ã¨S <devicename>snd</devicename> ³o­Ó¸Ë¸mªº¦s¦b¡C³o­Ó¦W¦r
¬O¥Î¨Ó·í§@¦U­Ó²Õ¦¨ FreeBSD Án­µÅX°Êµ{¦¡²Õ¡A½Ñ¦p
<devicename>mixer</devicename>¡A
<devicename>sequencer</devicename>¡A¥H¤Î
<devicename>dsp</devicename> ªºÂ²ºÙ¡C</para>
<para>¥i¥H¥Î¥H¤Uªº©R¥O§@¥X³o¨Ç¸Ë¸m¡G</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV snd0</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="reread-rc">
<para>¥i¥H¤£¥Î¶}¾÷¡A­«·sŪ¨ú <filename>/etc/rc.conf</filename>¡B
¦A¦¸±Ò°Ê <filename>/etc/rc</filename> ¶Ü?</para>
</question>
<answer>
<para>¥ý¶i¤J³æ¤H¨Ï¥ÎªÌ¼Ò¦¡¡AµM«á¦A¦^¨ì¦h¨Ï¥ÎªÌ¼Ò¦¡¡C</para>
<para>¦b¥D±±¥x°õ¦æ¡G</para>
<screen>&prompt.root; <userinput>shutdown now</userinput>
(Note: without -r or -h)
&prompt.root; <userinput>return</userinput>
&prompt.root; <userinput>exit</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="sandbox">
<para>¤°»ò¬O sandbox¡H</para>
</question><answer>
<para><quote>Sandbox</quote> ¬O¨t²Î¦w¥þ¥Îªº³N»y¡A¦³¨â­Ó·N¸q¡G</para>
<itemizedlist>
<listitem>
<para>©ñ¦b¬Y¨ÇµêÀÀ¨¾Å@Àð¸Ìªº°õ¦æµ{§Ç¡A³o¨Ç¨¾Å@Àð¬O¥Î¨Óªý¤î
¬Y¨Ç¤H«I¤J³o¹Dµ{§Ç¡A¶i¦Ó¥X¤J©ó§ó¤jªº¨t²Î¤¤¡C</para>
<para>³o¹Dµ{§Ç¥i¥H§¹¥þ¦b¨¾Å@Àð¸Ì <quote>°Ê§@</quote>¡C¤]´N
¬O»¡¡A¥¦©Ò°õ¦æªº¥ô¦óµ{¦¡¤£¥i¯à·|º¯³z¨ìÀ𪺥~­±¡C©Ò¥H¦pªG
±z¹ï¥¦¦³¦w¥þ¤WªºÅU¼{¡A¨Ã¤£»Ý­n¯S§O¥hºÊÅ¥¥¦ªº¤@Á|¤@°Ê¡A¤Ï
¥¿¥¦¥u¯à¦bÀ𤺬¡°Ê¡C</para>
<para>Á|¨Ò¨Ó»¡¡A¥i¥H¥Î userid ¨Ó°µ³o¹D¨¾Å@Àð¡A³o¥¿¬O security
©M named »¡©ú¤å¥ó¤¤ªº©w¸q¡C</para>
<para>²{¦b´N¥Î <literal>ntalk</literal> ³o­ÓªA°È§@»¡©ú¡]¨£
/etc/inetd.conf¡^¡C³o­ÓªA°È¥H«eªº userid ¬O
<username>root</username>¡A²{¦b°õ¦æ®É«h¬O¥Î
<username>tty</username>¡C<username>tty</username>
³o­Ó¨Ï¥ÎªÌ´N¬O¤@­Ó sandbox¡A¦pªG¦³¤H¯à°÷¶¶§Q¥Î ntalk
«I¤J¨t²Î¡A²{¦b¥L´Nºâ¶i±o¨Ó¤]¥u¯à¥Î³o­Ó userid¡C</para>
</listitem>
<listitem>
<para>©ñ¦b¬Y­Ó¼ÒÀÀ¾÷¾¹¸Ìªºµ{¦¡¡A³o¤ñ¤W­z¨Ó±o§óÄY±K¡C°ò¥»¤W
³oªí¥Ü¯à«I¤J¸Óµ{¦¡ªº¤H¬Û«H¥L¯à¦A¶i¤J©ÒÄݪº¾÷¾¹¡A¦ý¨Æ¹ê¤W
¥u·|¶i¤J¼ÒÀÀ¥X¨Óªº¾÷¾¹¡AµLªk¶i¤@¨B­×§ï¥ô¦ó¯u¹êªº¸ê®Æ¡C</para>
<para>¹F¨ì³o­Ó¥Øªº³Ì±`¥Îªº¤èªk¡A´N¬O¦b¬Y­Ó¤l¥Ø¿ý¤U°µ¥X¼ÒÀÀªº
Àô¹Ò¡AµM«á¥Î chroot °õ¦æ¸Óµ{¦¡¡A³o¼Ë¸Óµ{¦¡ªº®Ú¥Ø¿ý«K¬O³o­Ó
¤l¥Ø¿ý¡A¦Ó«D¨t²Î¯u¥¿ªº®Ú¥Ø¿ý¡C</para>
<para>¥t¤@­Ó±`¨£§@ªk¬O±N¬Y­ÓÀɮרt²Î mount ¦¨°ßŪ¡A¦ý¦b¥¦
¤W­±¥t¥~»s³y¥Xµ{¦¡¥H¬°¥i¥H¼g¤JªºÀɮרt²Î¡C³o­Óµ{¦¡·|¬Û«H
¥¦¥i¥H¹ï¨ä¥LÀÉ®×Ū¼g¡A¦ý¥u¦³¥¦¬Ý¤£¨ì³o­Ó°ßŪ®ÄÀ³ - ¨t²Î
°õ¦æªº¤@¯ëµ{¦¡³£¬Ý±o¨ì¡C</para>
<para>§Ú­Ì¸Õ¹Ï±N³oÃþ sandbox ºÉ¶q³z©ú¤Æ¡AÅý¨Ï¥ÎªÌ©Î«I¤JªÌ
µLªk¬Ý¨ì¥L¬O§_¦b¬Y­Ó sandbox ¸Ì­±¡C</para>
</listitem>
</itemizedlist>
<para>UNIX ¹ê§@¨âºØ sandbox¡A¤@­Ó¦bµ{¦¡¼h­±¡A¥t¤@­Ó«h¬O¥Ñ userid
¨Ó¹F¦¨¡C</para>
<para>¨C­Ó UNIX °õ¦æµ{§Ç·|¥Î¨¾¤õÀð±N¥¦©M©Ò¦³¨ä¥Lµ{§Ç¹j¶}¡A¬Y­Óµ{§Ç
¤£¥i¥HÀH·N­×§ï¨ä¥Lµ{§Ç¦ì§}ªº¸ê®Æ¡C³o©M Windows ¤¤¡Aµ{¦¡¥i¥H»´©ö
­×§ï¨ä¥L¦ì§}¸ê®Æ¡Aµ²ªG¾É­P·í¾÷ªº±¡§Î¤j¤£¬Û¦P¡C</para>
<para>¨C­Ó UNIX µ{§Ç³£ÄÝ©ó¬Y­Ó¯S©wªº userid¡C¦pªG¸Ó userid ¤£¬O
<username>root</username>¡A´N·|±N¥¦©M¨ä¥L¨Ï¥ÎªÌªºµ{§Ç¹j¶}¡C
Userid ¦P®É¤]¥Î©óµwºÐ¸ê®Æªº¦s¨úÅv¤W¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="securelevel">
<para>¤°»ò¬O securelevel?</para>
</question>
<answer>
<para>securelevel ¬O®Ö¤ß¤¤©Ò¹ê§@ªº¤@­Ó¦w¥þ¾÷¨î¡C°ò¥»¤W·í
securelevel ¬O¥¿­È®É¡A®Ö¤ß·|­­¨î¬Y¨Ç¤u§@¡F§Y¨Ï¬O superuser
(¤]´N¬O <username>root</username>) ¤]µLªk§¹¦¨¨º¨Ç¤u§@¡C¦b¼¶¼g
¥»¤å®É¡Asecurelevel ¾÷¨î¦b¤@¯ëªº­­¨î¥~¡AÁÙ¯à°÷­­¨î¥H¤Uªº¥\¯à¡G
</para>
<itemizedlist>
<listitem>
<para>²M°£¬Y¨Ç¯S©wªºÀɮ׺X¼Ð¡A¨Ò¦p <literal>schg</literal>
(¨t²Î°ßŪ¼ÐºX, the system immutable flag)</para>
</listitem>
<listitem>
<para>¸g¥Ñ <devicename>/dev/mem</devicename> »P
<devicename>/dev/kmem</devicename>¡A ±N¸ê®Æ¼g¤J¦Ü®Ö¤ß°O¾ÐÅ餤
</para>
</listitem>
<listitem>
<para>¸ü¤J®Ö¤ß¼Ò²Õ</para>
</listitem>
<listitem>
<para>§ó°Ê &man.ipfirewall.4; ³W«h¡C</para>
</listitem>
</itemizedlist>
<para>·Q­nÀˬd¦b¬Y­Ó¹B§@¤¤ªº¨t²Îªº securelevel ª¬ºA¡A¥u­n°õ¦æ¥H¤U
©R¥O§Y¥i¡G</para>
<screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
<para>¿é¥Xªºµ²ªG·|¥]§t¤@­Ó &man.sysctl.8; ÅܼƦWºÙ (¦b³o­Ó¨Ò¤l¤¤¡A
¥¦¬O <varname>kern.securelevel</varname>) ¥H¤Î¤@­Ó¼Æ¦r¡C«áªÌ§Y¬O
¥Ø«eªº securelevel ­È¡C¦pªG¥¦¬O¤@­Ó¥¿­È (¤]´N¬O¤j©ó 0)¡Aªí¥Ü¦Ü¤Ö
¦³¤@¨Ç securelevel ªº«OÅ@¾÷¨î¤w¸g¶}±Ò¤F¡C</para>
<para>§A¨S¦³¿ìªk­°§C¤@­Ó¹B§@¤¤ªº¨t²Îªº securelevel¡F¦pªG¥i¥Hªº¸Ü¡A
´N¥¢¥h¤F³o­Ó¾÷¨îªº·N¸q¤F¡C¦pªG§A­n§@¤@¨Ç»Ý­n securelevel ¬°
«D¥¿­È¤~¥i¥Hªº°Ê§@ªº¸Ü (¨Ò¦p <maketarget>installworld</maketarget>
©Î§ó°Ê¤é´Á)¡A§A»Ý­n­×§ï <filename>/etc/rc.conf</filename> ¤ºªº
securelevel ³]©w (§ä§ä <varname>kern_securelevel</varname> ©M
<varname>kern_securelevel_enable</varname> ÅܼÆ)¡AµM«á­«·s¶}¾÷¡C
</para>
<para>·Q­nª¾¹D§ó¦h¦³Ãö©ó securelevel »P¦U­Ó¤£¦Pµ¥¯Å¼vÅTªº²Ó¸`¡A
½Ð°Ñ¦Ò &man.init.8; »¡©ú¤å¥ó¡C</para>
<warning>
<para>securelevel ¥i¤£¬O¸UÆF¤¦¡F¥¦¦³³\¦h¤wª¾ªº¯Ê³´¡A©¹©¹³y¦¨
¤@ºØ¦w¥þªº°²¶H¡C</para>
<para>¥¦¤@­Ó³Ì¤jªº°ÝÃD¡A´N¬O­nÅý³o­Ó¥\¯à§¹¥þ¦³®Äªº¸Ü¡A¦b
securelevel µo´§§@¥Î«eªº±Ò°Ê¹Lµ{¤¤¡A©Ò¦³¨Ï¥Î¨ìªºÀɮ׳£
¥²¶·³Q«OÅ@°_¨Ó¡C¦pªG¤@­Ó§ðÀ»ªÌ¦b securelevel ¦³®Ä«e (¥Ñ©ó
¦³¨Ç¨t²Î¦b±Ò°Ê¤¤©Ò§@ªº¨Æ±¡¡AµLªk¦b¸û°ªªº securelevel ¤¤
¥¿±`¹B§@¡A©Ò¥H³o·|¦b±Ò°Ê¹Lµ{¤¤«á´Á¤~·|¹B§@)¡A¯àÅý¥L­Ìªºµ{¦¡
³Q°õ¦æªº¸Ü¡Asecurelevel ªº«OÅ@´N§¹¥þµL®Ä¤F¡C«OÅ@±Ò°Êµ{§Ç
¤¤©Ò¦³ªºÀɮצb§Þ³N¤W¬O¥i¦æªº¡A¦ý¬O¦pªG¯uªº³o¼Ë§@ªº¸Ü¡A¨t²Î
ºûÅ@±N·|Åܦ¨¤@³õ¹ÚÆL¡C§Y¨Ï¥u¬O­×§ï¤@­Ó³]©wÀÉ¡A¤]¥²¶·±N¾ã­Ó
¨t²ÎÃö³¬¡A¦Ü¤Ö¤]±o¨ì³æ¤H¼Ò¦¡¡C</para>
<para>°£¤F³oÂI¡AÁÙ¦³³\¦h¨ä¥¦ªºªF¦è³£¦b³q«H½×¾Â¤W°Q½×¡A¤×¨ä¬O
freebsd-security¡C½Ð¨ì <ulink
url="../../../../search/index.html">³o¸Ì</ulink> ·j´M¥H«eªº
°Q½×¡C¦³¨Ç¤H§Æ±æ securelevel ¯à°÷¾¨§Ö®ø¥¢¡A¥Ñ¥t¤@­Ó§óÀu¨qªº
¾÷¨î¨ú¥N¡A¤£¹L¾÷·|¦³ÂI´ù¯í¡C</para>
<para>­·ÀI¦Û¦æ©Ó¾á¡C</para>
</warning>
</answer>
</qandaentry>
<qandaentry>
<question id="release-candidate">
<para>§Ú·Q­n§â§Úªº¨t²Îª@¯Å¨ì³Ì·sªº -STABLE¡A¦ý¬O±o¨ìªº¬O -RC ©Î
-PRERELEASE¡I«ç»ò¤F¡H</para>
</question>
<answer>
<para>²³æ¦a»¡¡G¨º¥u¬O¦W¦r¦Ó¤w¡CRC ªº·N«ä¬O <quote>Release Candiate¡A
µo¦æ­Ô¿ïª©¥»</quote>¡A¥¦ªí¥Ü·sª©¥»§Ö­nµo¦æ¤F¡C¦b FreeBSD ¤¤¡A
-PRERELEASE ³q±`¬Oµo¦æ«eªºµ{¦¡½X­áµ²ªº¥N¦Wµü¡C(¦³¨Çµo¦æª©¥»¤¤¡A
-BETA ¼ÐÅÒ¸ò -PRERELEASE ¬O¬Û¦P·N«äªº¡C)</para>
<para>¸Ô²Ó¦a»¡¡GFreeBSD ±q¨â­Ó¦a¤è¤À¤ä¥X¥¦ªºµo¦æª©¥»¡C¥Dª©¸¹¡B
ÂI¹s¡Brelease (¨Ò¦p 3.0-RELEASE ¤Î 4.0-RELEASE) ªº¡A¬O±qµo®i¹Lµ{
¶}©l®É¤À¤ä¥X¨Óªº¡A³q±`ºÙ¬° <link linkend="current">-CURRENT
</link>¡C¦³°Æª©¸¹ªºª©¥» (¨Ò¦p 3.1-RELEASE ©Î 4.2-RELEASE)¡A¬O
¬¡ÅDªº <link linkend="stable">-STABLE</link> ¤À¤ä¤¤ªºµo¦æª©¥»
§Ö·Ó¡C±q 4.3-RELEASE ¶}©l¡A¨C¤@­Óµo¦æª©¥»¦³¥¦¦Û¤vªº¤À¤ä¡A¥i¬°
°¾¦n·¥«×«O¦uªºµo®i³t«× (³q±`¥u·|§@¦w¥þ¤è­±ªº§ó·s) ªº¤H©Ò¥Î¡C</para>
<para>·Ç³Æ­n»s§@µo¦æª©¥»®É¡A¨ä©Ò¦bªº¤À¤ä·|¸g¹L¤@©wªºµ{§Ç¡C¦³¤@­Ó¬O
µ{¦¡½X­áµ²¡C·íµ{¦¡½X­áµ²¶}©l®É¡A¤À¤ä¦WºÙ·|§ó¦W¡A¥H¤Ï¬M¥¦§Ö­n¦¨¬°
¤@­Óµo¦æª©¥»¤F¡CÁ|­Ó¨Ò¤l¡A¦pªG­ì¨Óªº¤À¤ä¥s 4.5-STABLE¡A¥¦ªº¦W¦r
·|Åܦ¨ 4.6-PRERELEASE ¥Hªí¥Üµ{¦¡½X¤w­áµ²¡A¨Ã¥BÃB¥~ªºµo¦æ«e´ú¸Õ
±N­n¶}©l¤F¡C¯äÂΧ󥿤´¥i¦^³ø¡A¥H¦¨¬°µo¦æª©¥»ªº¤@³¡¥÷¡C·íµ{¦¡½X
¦³¤F¥i¦¨¬°µo¦æª©¥»ªºÂú§Î®É¡A¥¦ªº¦W¦r´N·|Åܦ¨ 4.6-RC¡A¥Hªí¥Üµo¦æ
ª©¥»§Ö¦n¤F¡C¶i¤J RC ¶¥¬q«á¡A¥u¦³§ä¨ìªº³Ì¦³¼vÅTªº¯äÂΤ~·|³Q­×¥¿¡C
·íµo¦æª©¥» (¥»¨Ò¤¤¬° 4.6-RELEASE) ²£¥Í«á¡Aµo¦æª©¥»·|¦³¦Û¤vªº¤À¤ä¡A
­ì¤À¤ä·|³Q§ó¦W¬° 4.6-STABLE¡C</para>
<para>·Q­n±oª¾§ó¦h¦³Ãöª©¥»¸¹½X»P¦U CVS ¤À¤äªº¸ê°T¡A½Ð°Ñ¦Ò
<ulink url="../../articles/releng/article.html">Release
Engineering</ulink> ¤@¤å¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="kernel-chflag-failure">
<para>§Ú¸ÕµÛ­n¦w¸Ë¤@­Ó·sªº®Ö¤ß¡A¦ý¬OµLªk chflags¡C§Ú¸Ó«ç»ò¸Ñ¨M¡H
</para>
</question>
<answer>
<para>²³æ¦a»¡¡G§Aªº securelevel ¥i¯à¤j©ó¹s¡Cª½±µ­«·s¶}¾÷¨ì
³æ¤H¼Ò¦¡¡A¦A¦w¸Ë®Ö¤ß¡C</para>
<para>¸Ô²Ó¦a»¡¡GFreeBSD ¦b securelevel ¤j©ó¹s±¡ªp¤U¡A¤£¤¹³\
Åܧó¨t²ÎºX¼Ð (system flags)¡C§A¥i¥H¥Î³o­Ó«ü¥OÀˬd§Aªº
securelevel¡G</para>
<screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
<para>§A¨S¦³¿ìªk­°§C securelevel¡F§A¥²¶·±Ò°Ê¨t²Î¨ì³æ¤H¼Ò¦¡¥H
¦w¸Ë®Ö¤ß¡A©Î¬O­×§ï <filename>/etc/rc.conf</filename> ¤ºªº
securelevel ¦A­«·s¶}¾÷¡C½Ð°Ñ¦Ò &man.init.8; »¡©ú¤å¥ó¡A¥H¨ú±o
§ó¦h¦³Ãö securelevel ªº¸ê°T¡AÁÙ¦³ <filename>/etc/defaults/rc.conf
</filename> ©M &man.rc.conf.5; »¡©ú¤å¥ó¡A¥H¨ú±o§ó¦h¦³Ãö rc.conf
ªº¸ê°T¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="kernel-securelevel-time">
<para>¦b§Úªº¨t²Î¤W¡A§ÚµLªkÅܧó®É¶¡¶W¹L¤@¬í¥H¤Wªº½d³ò¡I
§Ú¸Ó«ç»ò¿ì¡H</para>
</question>
<answer>
<para>²³æ¦aÁ¿¡G§A¨t²Îªº securelevel ¤]³\¤j©ó 1¡Cª½±µ­«·s¶}¾÷¦Ü
³æ¤H¼Ò¦¡¡AµM«á¦A­×§ï®É¶¡¡C</para>
<para>¸Ô²Ó¦a»¡¡G¦b securelevel ¤j©ó 1 ªº±¡ªp¤U¡AFreeBSD ¤£¤¹³\®É¶¡
Åܰʤj©ó¤@¬í¡C§A¥i¥H¥Î¥H¤Uªº©R¥O¨ÓÀˬd¥Ø«eªº securelevel¡G</para>
<screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
<para>§AµLªk­°§C securelevel¡F§A¥²¶·±Ò°Ê¹q¸£¦Ü³æ¤H¼Ò¦¡¤U¥H­×§ï®É¶¡¡A
©Î¬O­×§ï <filename>/etc/rc.conf</filename> ¦A­«·s¶}¾÷¡C½Ð°Ñ¦Ò
&man.init.8; »¡©ú¤å¥ó¡A¥H¨ú±o§ó¦h¦³Ãö securelevel ªº¸ê°T¡AÁÙ¦³
<filename>/etc/defaults/rc.conf</filename> ©M &man.rc.conf.5;
»¡©ú¤å¥ó¡A¥H¨ú±o§ó¦h¦³Ãö rc.conf ªº¸ê°T¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="statd-mem-leak">
<para>¬°¤°»ò <command>rpc.statd</command> ¥Î¤F 256 megabytes
ªº°O¾ÐÅé¡H</para>
</question>
<answer>
<para>¤£¡A¨º¤£¬O memory leak¡A¦Ó¥B¥¦¤]¤£¬O¯uªº¥Î¤F 256 Mbyte
ªº°O¾ÐÅé¡C¥¦¥u¬O³ßÅw (·N«ä´N¬OÁ`·|³o¼Ë§@) ±N¤@ª¯²¼ªº°O¾ÐÅé
¬MÁ¨쥦¦Û¤vªº¦ì§}ªÅ¶¡¡A¥H¤è«K§@¨Æ¡C´N§Þ³N¦Ó¨¥¡A³o¼Ë¨Ã¨S¦³
¤°»ò¤£¹ï¡F³o¼Ë¥u¬O·|Åý &man.top.1; ©M &man.ps.1; À~¤@¤j¸õ¦Ó¤w¡C
</para>
<para>&man.rpc.statd.8; ·|±N¥¦ªºª¬ºAÀÉ®× (¦ì©ó <filename>/var
</filename>) ¬M®g¦Ü¥¦ªº¦ì§}ªÅ¶¡¸Ì¡F¬°¤F¨¾¤î»Ý­nªº®É­Ô¦A¼W¤j©Ò
¾É­Pªº­«·s¬M®g¡A¥¦¤@¦¸·|¨Ï¥Î¬Û·í¤jªº¤j¤p¡C±qµ{¦¡½X¨Ó¬Ýªº¸Ü´N
§ó©úÅã¤F¡A¥i¥H¬Ý¨ì &man.mmap.2; ªºªø«×°Ñ¼Æ¬° <literal>0x10000000
</literal>¡A¥¦¬O IA32 ¬[ºc¤Wªº¤Q¤»¤À¤§¤@ªº©w§}ªÅ¶¡¡A¤]´N¬O
256MB¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="unsetting-schg">
<para>¬°¤°»ò§Ú¨S¿ìªk¨ú®ø <literal>schg</literal> Àɮ׺X¼Ð¡H</para>
</question>
<answer>
<para>§A¥¿¦b¤@­Ó´£°ª¤F securelevel (¤]´N¬O¤j©ó 0) ªº¨t²Î¹B§@¡C
­°§C securelevel ¦A¸Õ¸Õ¬Ý¡C½Ð°Ñ¦Ò <link linkend="securelevel">
FAQ ¤¤¹ï securelevel ªº»¡©ú</link> ©M &man.init.8; »¡©ú¤å¥ó¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ssh-shosts">
<para>¬°¤°»òªñ¨Óªº·sª© FreeBSD ¹w³]µLªk§Q¥Î <filename>.shosts
</filename> §¹¦¨ SSH »{ÃÒ¡H</para>
</question>
<answer>
<para>¬°¤°»òªñ¨Ó·sª© FreeBSD <filename>.shosts</filename> »{ÃÒ¹w³]
¬°¨ú®øªº­ì¦]¡A¬O¦]¬° &man.ssh.1; ¹w³]¤£¦w¸Ë¬° suid ¦¨ <username>
root</username>¡C­n <quote>­×¥¿</quote> ³oÂI¡A§A¥i¥H§@¤U¦Cªº
¥ô¦ó¤@¥ó¨Æ¡G</para>
<itemizedlist>
<listitem>
<para>­n¤@³Ò¥Ã¶h¸Ñ¨M¡A½Ð±N <filename>/etc/make.conf</filename>
¸Ìªº <makevar>ENABLE_SUID_SSH</makevar> ³]¦¨ <literal>true
</literal>¡AµM«á¦A­«·s build ssh (©Î¬O°õ¦æ <command>make
world</command>)¡C</para>
</listitem>
<listitem>
<para>¥u§@¤@®Éªº­×¥¿ªº¸Ü¡A¥i¥H <username>root</username> ¨­¥÷
°õ¦æ <command>chmod 4755 /usr/bin/ssh</command> ±N
<filename>/usr/bin/ssh</filename> ³]¦¨ <literal>4555
</literal>¡CµM«á±N <makevar>ENABLE_SUID_SSH= true</makevar>
¥[¤J <filename>/etc/make.conf</filename> ¸Ì¡A³o¼Ë¤U¦¸
<command>make world</command> °õ¦æ´N·|¥Í®Ä¤F¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="vnlru">
<para>¤°»ò¬O <literal>vnlru</literal>?</para>
</question>
<answer>
<para>·í¨t²Î¹F¨ì¤W­­ <varname>kern.maxvnodes</varname> ®É¡A
<literal>vnlru</literal> ·|²M°£¨ÃÄÀ©ñ vnode¡C³o­Ó®Ö¤ß
°õ¦æºü¤j³¡¥÷ªº®É¶¡³£¨S¨Æ§@¡A¥u¦³·í§A¦³«Ü¤jªº°O¾ÐÅé¡A¦Ó¥B
¥¿¦b¦s¨ú¤W¸U­Ó¤pÀɮ׮ɡA¤~·|³Q±Ò°Ê¡C</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="x">
<chapterinfo>
<author>
<firstname>Wei-Hon</firstname>
<surname>Chen</surname>
<affiliation>
<address><email>plasmaball@pchome.com.tw</email></address>
</affiliation>
</author>
</chapterinfo>
<title>X Window System ¤Î Virtual Consoles</title>
<qandaset>
<qandaentry>
<question id="running-X">
<para>§Ú·Q­n°õ¦æ X ¡A§Ú¸Ó«ç»ò°µ¡H</para>
</question>
<answer>
<para>³Ì²³æªº¤èªk´N¬O¦b¦w¸Ë¨t²Îªº®É­Ô¤@¨Ö¦w¸Ë¡C</para>
<para>µM«á¬Ý¬Ý <command>xf86config</command> ªº¤å¥ó¡A³o­Óµ{¦¡¥i¥H
À°±z³]©w XFree86(tm) ¨Ï¥¦¯à°÷¨Ï¥Î±zªºÅã¥Ü¥d/·Æ¹«µ¥¶gÃä¡C</para>
<para>±z©Î³\¤]·Q¸Õ¸Õ¬Ý Xaccel server¡C¸Ô±¡½Ð¬Ý <link linkend="xig">
Xi Graphics</link> ©Î¬O <link linkend="metrox">Metro Link</link>
³o¤@¬q¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="running-X-securelevels">
<para>§Ú <emphasis>¸ÕµÛ</emphasis> ­n°õ¦æ X, ¦ý¬O·í§ÚÁä¤J
<command>startx</command> ®É¡A±o¨ì
<errorname>KDENABIO failed (Operation not permitted)</errorname>
¿ù»~¡C§Ú¸Ó«ç»ò¿ì¡H</para>
</question>
<answer>
<para>§Aªº¨t²Î¤@©w´£°ª¤F securelevel¡A¹ï¤£¹ï¡H¦b¤@­Ó´£°ª¤F
securelevel ªº¨t²Î¤W¡A¬Oµ´¹ïµLªk°_°Ê X ªº¡C·Qª¾¹D¬°¤°»ò¡A
½Ð°Ñ¦Ò &man.init.8; »¡©ú¤å¥ó¡C</para>
<para>©Ò¥H³o­Ó°ÝÃDÅܦ¨¡G§AÁÙ¯à«ç»ò¿ì¡C°ò¥»¤W§A¦³¨âºØ¿ï¾Ü¡G
±N§Aªº securelevel ³]¦^¹s (³q±`¦b <filename>/etc/rc.conf
</filename> ¸Ì­±³]©w)¡A©Î¬O¦b±Ò°Ê®É°õ¦æ &man.xdm.1; (¦b
securelevel ³Qª@°ª«e)¡C</para>
<para>½Ð°Ñ¦Ò <xref linkend="xdm-boot"> ¥H¨ú±o§ó¦h¦³Ãö±Ò°Ê®É
°õ¦æ &man.xdm.1; ªº¸ê°T¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="x-and-moused">
<para>¬°¤°»ò§Ú¤£¯à¦b X ¸Ì¨Ï¥Î·Æ¹«¡H</para>
</question>
<answer>
<para>¦pªG±z¥Îªº¬O syscons (¤º©wªº console ÅX°Êµ{¦¡) ªº¸Ü¡A±z¥i¥H
¸g¥Ñ³]©w FreeBSD ¨ÓÅý¥¦¤ä´©¦b¨C­Ó virtual console ¨Ï¥Î·Æ¹«¡C¬°¤F
ÁקK©M X ²£¥Í½Ä¬ð¡Asyscons ¨Ï¥Î¤F¤@­Ó¥s°µ
<devicename>/dev/sysmouse</devicename> ªºµêÀÀ¸Ë¸m¡C©Ò¦³·Æ¹«²£¥Íªº
event ³£·|§Q¥Î moused ¨Ó¼g¨ì sysmouse ³o­Ó¸Ë¸m¡C¦pªG±z§Æ±æ¦b¤@­Ó
©Î¥H¤Wªº virtual console ¤W¨Ï¥Î·Æ¹«¡A<emphasis>¨Ã¥B</emphasis>
¯à°÷¨Ï¥Î X ªº¸Ü¡A½Ð°Ñ¦Ò
<xref linkend="moused" remap="another section"> ¨Ã¥B³]©w¦n
moused¡C</para>
<para>µM«á½s¿è <filename>/etc/XF86Config</filename> ³o­ÓÀɮסA
¨Ã¥B½T»{§A¦³¥H¤U³o´X¦æªº³]©w¡C</para>
<programlisting>Section Pointer
Protocol "SysMouse"
Device "/dev/sysmouse"
....</programlisting>
<para>¥H¤Wªº¨Ò¤l¡A¾A¥Î©ó XFree86 3.3.2 ¤Î¨ä«áªºª©¥»¡C¥Î©ó§ó¦­ªº
ª©¥»ªº¡A¨ä <emphasis>Protocol</emphasis> À³¬°
<emphasis>MouseSystems</emphasis>¡C</para>
<para>¦³¨Ç¤H¤ñ¸û³ßÅw¦b³]©w X ªº®É­Ô¥Î
<devicename>/dev/mouse</devicename> ³o­Ó¸Ë¸m¡C¦pªG±z­nÅý¥¦¯à°÷
¥¿±`¤u§@ªº¸Ü¡A±z´N¥²¶·§â <devicename>/dev/mouse</devicename>
³sµ²¨ì <devicename>/dev/sysmouse</devicename> (½Ð°Ñ¦Ò
&man.sysmouse.4;):</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>rm -f mouse</userinput>
&prompt.root; <userinput>ln -s sysmouse mouse</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="x-and-wheel">
<para>§Úªº·Æ¹«¦³­Ó«Ü¬¯ªººu½ü¡C§Ú¯à¦b X ¸Ì­±¨Ï¥Î¶Ü¡H</para>
</question>
<answer>
<para>¥i¥H¡C¤£¹L§A»Ý­n³]©w X ¥Î¤áºÝµ{¦¡¡C ½Ð°Ñ¦Ò <ulink
URL="http://www.inria.fr/koala/colas/mouse-wheel-scroll/">
Colas Nahaboo ªººô­¶
(http://www.inria.fr/koala/colas/mouse-wheel-scroll/)
</ulink>.</para>
<para>¦pªG§A­n¨Ï¥Î <application>imwheel</application> µ{¦¡¡A
¥u­n¸òµÛ¤U¦C¨BÆJ§@§Y¥i¡C</para>
<orderedlist>
<listitem>
<para>Âà´«ºu½ü event
Translate the Wheel Events</para>
<para><application>imwheel</application> µ{¦¡ªº¹B§@­ì²z¡A
¬O±N·Æ¹«ªº²Ä¥|Áä»P²Ä¤­ÁäÂà´«¦¨«öÁä event¡C¦]¬°¦p¦¹¡A©Ò¥H
§A¥²¶·Åý·Æ¹«ÅX°Êµ{¦¡±N·Æ½ü¨Æ¥óÂà´«¦¨²Ä¥|Áä»P²Ä¤­Áä event¡C
¦³¨âºØ¤èªk¥i¥H¹F¨ì¥Øªº¡A¤@¬OÅý &man.moused.8; §@Âà´«¡A¤G¬O
Åý X ¥»¨­¥h§@ event Âà´«¡C</para>
<orderedlist>
<listitem>
<para>¨Ï¥Î &man.moused.8; ¨ÓÂà´«ºu½ü Event</para>
<para>­nÅý &man.moused.8; ¨Ó§@ event Âà´«¡A¥u­n¦b
°õ¦æ &man.moused.8; ªº©R¥O¦C¤¤¥[¤W <option>-z 4</option>
§Y¥i¡CÁ|­Ó¨Ò¤l¡A¦pªG§A¤@¯ë³£¬O¥H
<command>moused -p /dev/psm0</command> ¨Ó°_°Ê
&man.moused.8; ªº¸Ü¡A¥u­n§ï¦¨ <command>moused -p
/dev/psm0 -z 4</command> §Y¥i¡C¦pªG§A¬O¦b¶}¾÷¹Lµ{¤¤§Q¥Î
<filename>/etc/rc.conf</filename> ¨Ó°_°Ê &man.moused.8;¡A
§A¥i¥H¦b <filename>/etc/rc.conf</filename> ¤¤±N
<varname>moused_flags</varname> ¤W¥[ <option>-z 4
</option> §Y¥i¡C</para>
<para>§A²{¦b»Ý­nÅý X ª¾¹D§Aªº·Æ¹«¦³¤­­Ó«öÁä¡A¥u­n¦b
<filename>/etc/XF86Config</filename> ¤¤ªº
<quote>Pointer</quote> °Ï¶ô¤¤¥[¤W
<literal>Buttons 5</literal> ³o¤@¦æ§Y¥i¡C¨Ò¦p¡A
§A¥i¯à¦b <filename>/etc/XF86Config</filename> ¤¤¦³
¥H¤Uªº <quote>Pointer</quote> °Ï¶ô¡G</para>
<example>
<title>¦b XFree86 3.3.x ¨t¦Cªº XF86Config ³]©wÀɪº
<quote>Pointer</quote> °Ï¶ô¤¤¡A¥H moused §@Âà´«
ªººu½ü¹«ªº³]©w½d¨Ò</title>
<programlisting>Section "Pointer"
Protocol "SysMouse"
Device "/dev/sysmouse"
Buttons 5
EndSection</programlisting>
</example>
<example>
<title>¦b XFree86 4.x ¨t¦Cªº XF86Config ³]©wÀɪº
<quote>InputDevice</quote> °Ï¶ô¤¤¡A¥H X Server §@Âà´«
ªººu½ü¹«ªº³]©w½d¨Ò</title>
<programlisting>Section "InputDevice"
Identifier "Mouse1"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/sysmouse"
Option "Buttons" "5"
EndSection</programlisting>
</example>
<example>
<title>¦b <quote>.emacs</quote> ¤¤¡A³]©wºu½ü¹«ªº­ì¥Í
­¶­±ºu°Ê¤ä´©½d¨Ò</title>
<programlisting>;; wheel mouse
(global-set-key [mouse-4] 'scroll-down)
(global-set-key [mouse-5] 'scroll-up)</programlisting>
</example>
</listitem>
<listitem>
<para>§Q¥Î§Aªº X Server ¨Ó§@ºu½ü Event Âà´«</para>
<para>¦pªG§A¨S¦³°õ¦æ &man.moused.8;¡A©Î¬O§A¤£·Q§Q¥Î
&man.moused.8; ¥h§@ºu½ü event Âà´«¡A§A¥i¥H§ï¥Î
X server ¨Ó§@³o¼Ëªº event Âà´«¡C§A±o¦b <filename>
/etc/XF86Config</filename> Àɮפ¤§@´X­Ó§ó°Ê¡C²Ä¤@¡A
§A­n¬°§Aªº·Æ¹«¿ï¾Ü¾A·íªº³q°T¨ó©w¡C¤j¦h¼Æªººu½ü¹«³£
¨Ï¥Î <quote>IntelliMouse</quote> ¨ó©w¡A¤£¹L XFree86
¤]¤ä´©¨ä¥¦ªº³q°T¨ó©w¡A¨Ò¦pù§Þªº MouseMan+ ·Æ¹«©Ò¥Îªº
<quote>MouseManPlusPS/2</quote>¡C·í§A¿ï¦n¤§«á¡A¥u­n
¥[¶i¤@¦æ <quote>Pointer</quote> °Ï¶ôªº <varname>
Protocol</varname> ÅܼƧY¥i¡C</para>
<para>²Ä¤G¡A§A­n§i¶D X server ±N±²°Ê¨Æ¥ó­«·s¹ï¬M¦Ü·Æ¹«ªº
²Ä¥|©M²Ä¤­Áä¡C³o¥i¥H§Q¥Î <varname>ZAxisMapping</varname>
¿ï¶µ¿ì¨ì¡C</para>
<para>Á|­Ó¨Ò¤l¡A¦pªG§A¨S¦³¨Ï¥Î &man.moused.8;¡A¦Ó§A¦³¤@­Ó
IntelliMouse ¦w¸Ë¦b PS/2 ·Æ¹«°ðªº¸Ü¡A§A¥i¥H¦b
<filename>/etc/XF86Config</filename> ¸Ì¨Ï¥Î¥H¤Uªº³]©w¡C
</para>
<example>
<title>¦b XF86Config ³]©wÀɪº <quote>Pointer</quote>
°Ï¶ô¤¤¡A¥H X Server §@Âà´«ªººu½ü¹«ªº³]©w½d¨Ò</title>
<programlisting>Section "Pointer"
Protocol "IntelliMouse"
Device "/dev/psm0"
ZAxisMapping 4 5
EndSection</programlisting>
</example>
<example>
<title>¦b XFree86 4.x ¨t¦Cªº XF86Config ³]©wÀɪº
<quote>InputDevice</quote> °Ï¶ô¤¤¡A¥H X Server §@Âà´«
ªººu½ü¹«ªº³]©w½d¨Ò</title>
<programlisting>Section "InputDevice"
Identifier "Mouse1"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/psm0"
Option "ZAxisMapping" "4 5"
EndSection</programlisting>
</example>
<example>
<title>¦b <quote>.emacs</quote> ¤¤¡A³]©wºu½ü¹«ªº­ì¥Í
­¶­±ºu°Ê¤ä´©½d¨Ò</title>
<programlisting>;; wheel mouse
(global-set-key [mouse-4] 'scroll-down)
(global-set-key [mouse-5] 'scroll-up)</programlisting>
</example>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>¦w¸Ë <application>imwheel</application></para>
<para>±µ¤U¨Ó¡A±q Ports ¸Ì¦w¸Ë <application>imwheel
</application>¡C¦b x11 Ãþ§O¸Ì¥i¥H§ä¨ì¥¦¡A¥¦¥i¥H±N
ºu½ü event ¹ï¬M¨ìÁä½L event¡CÁ|­Ó¨Ò¤l¡A¥¦¥i¥H¦b§A
±Nºu½ü©¹«e±À®É¡A°e¥X¤@­Ó <keycap>Page Up</keycap>
¨ì§AªºÀ³¥Îµ{¦¡¥h¡C<application>Imwheel</application>
§Q¥Î¤@­Ó³]©wÀÉ¡A¥H«K¹ïÀ³ºu½ü event ¦ÜÁä½L event¡A³o¼Ë
¥¦´N¥i¥H¦b¤£¦PªºÀ³¥Îµ{¦¡¤¤¡A°e¥X¤£¦PªºÁä½L«öÁä¡C¹w³]ªº
<application>imwheel</application> ³]©wÀɬO¦b
<filename>/usr/X11R6/etc/imwheelrc</filename>¡A¦pªG§A·Q
½s¿è¦Û­qªº³]©wÀɪº¸Ü¡A¥i¥H±N¥¦½Æ»s¨ì
<filename>~/.imwheelrc</filename>¡AµM«á¨Ì§Aªº»Ý­n­×§ï¥¦¡C
³]©wÀɪº®æ¦¡¦b &man.imwheel.1; ¸Ì­±¦³¸Ô²Óªº»¡©ú¡C</para>
</listitem>
<listitem>
<para>³]©w <application>Emacs</application> »P
<application>Imwheel</application> ¨ó¦P¤u§@
(<emphasis>¿ï¾Ü©Ê</emphasis>)</para>
<para>¦pªG§A¨Ï¥Î <application>emacs</application> ©Î¬O
<application>Xemacs</application> ªº¸Ü¡A¨º§A»Ý­n¦b§Aªº
<filename>~/.emacs</filename> Àɮ׸̥[¤W¤@¤p¬q³]©w¡C
<application>emacs</application> ½Ð¥[¤W³o¤@¬q¡G</para>
<example>
<title><application>Imwheel</application> ªº
<application>Emacs</application> ³]©w</title>
<programlisting>;;; For imwheel
(setq imwheel-scroll-interval 3)
(defun imwheel-scroll-down-some-lines ()
(interactive)
(scroll-down imwheel-scroll-interval))
(defun imwheel-scroll-up-some-lines ()
(interactive)
(scroll-up imwheel-scroll-interval))
(global-set-key [?\M-\C-\)] 'imwheel-scroll-up-some-lines)
(global-set-key [?\M-\C-\(] 'imwheel-scroll-down-some-lines)
;;; end imwheel section</programlisting>
</example>
<para><application>Xemacs</application> «h¦b
<filename>~/.emacs</filename> Àɸ̥[¤W³o¤@¬q¡G</para>
<example>
<title><application>Imwheel</application> ªº
<application>Xemacs</application> ³]©w</title>
<programlisting>;;; For imwheel
(setq imwheel-scroll-interval 3)
(defun imwheel-scroll-down-some-lines ()
(interactive)
(scroll-down imwheel-scroll-interval))
(defun imwheel-scroll-up-some-lines ()
(interactive)
(scroll-up imwheel-scroll-interval))
(define-key global-map [(control meta \))] 'imwheel-scroll-up-some-lines)
(define-key global-map [(control meta \()] 'imwheel-scroll-down-some-lines)
;;; end imwheel section</programlisting>
</example>
</listitem>
<listitem>
<para>°õ¦æ <application>Imwheel</application></para>
<para>¦w¸Ë¤§«á¡A§A¥i¥Hª½±µ¦b xterm ¸ÌÁä¤J <command>imwheel
</command> ©R¥O¥H°_°Ê¥¦¡C¥¦·|¥H­I´º°õ¦æ¡A¨Ã¥B°¨¤Wµo´§®Ä¥Î¡C
¦pªG§A½T©w­nª½±µ¨Ï¥Î <application>imwheel</application>¡A
¥u­n§â¥¦¥[¶i§A¦Û¤vªº <filename>.xinitrc</filename> ©Î
<filename>.xsession</filename> ¤ºÀɮקY¥i¡C§A¥i¥H¤£ºÞ
<application>imwheel</application> ©Ò°e¥X¨Ó¦³Ãö PID ÀÉ®×
ĵ§i¡C¨º¨Çĵ§i¥u¹ï Linux ª©ªº <application>imwheel
</application> ¦³®Ä¦Ó¤w¡C</para>
</listitem>
</orderedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="window-menu-weird">
<para>¬°¤°»ò X Window ªº¿ï³æ©M¹ï¸Ü®Ø¤£¯à¥¿±`¹B§@¡H</para>
</question>
<answer>
<para>§â Num Lock Ãö±¼¸Õ¸Õ¡C</para>
<para>¦pªG±zªº Num Lock ¦b¶}¾÷®Éªº¹w³]­È¬O¶}µÛªº¸Ü¡A±z¥²¶·§â¤U¦C
³o¦æ©ñ¨ì <filename>XF86Config</filename> ³]©wÀɤ¤ªº
<literal>Keyboard</literal> ³¡¥÷¡C</para>
<programlisting># Let the server do the NumLock processing. This should only be
# required when using pre-R6 clients
ServerNumLock</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="virtual-console">
<para>¤°»ò¬O virtual console¡H§Ú­n«ç»ò°µ¤~¯à¥Î¦h¤@ÂI¡H</para>
</question>
<answer>
<para>²³æ¨Ó»¡¡Avirtual console ´N¬O¥i¥HÅý±z¤£¥²°µ¤Ó¦h½ÆÂøªº³]©w
¦p¨Ï¥Îºô¸ô©Î°õ¦æ X ¡A¦Ó¦b¦P¤@»O¾÷¾¹¤W¦P®É°µ¦n´X¥ó¨Æªº¤èªk¡C</para>
<para>·í±Ò°Ê¨t²Î¨ÃÅã¥Ü§¹©Ò¦³¶}¾÷°T®§¤§«á¡A±z´N·|¦b¿Ã¹õ¤W¬Ý¨ì¤@­Ó
login ªº´£¥Ü²Å¸¹¡C¦b³o­Ó®É­Ô±z´N¥i¥H¿é¤J±zªº login name ¥H¤Î
password ¡AµM«á´N¥i¥H¦b²Ä¤@­Ó virtual console ¤W¶}©l¤u§@¤F
(©ÎªÌ¶}©lª±¡I) ¡C</para>
<para>¦b¬Y¨Ç±¡ªp¤U¡A±z¥i¯à·|·Q­n§@¨ä¥Lªº¤u§@¡A¨Ò¦p»¡¬O¬Ý¬Ý±z¥¿¦b
°õ¦æªºµ{¦¡ªº»¡©ú¤å¥ó¡A©Î¬O·í±z¦b FTP ¶Ç¿éªºµ¥«Ý®É¶¡¤¤¬Ý¬Ý±zªº
¶l¥ó¡C±z¥u»Ý­n«ö Alt-F2 («ö¦í Alt Á䤣©ñ¡A¨Ã«ö¤U F2 Áä) ¡AµM«á
±z´N·|¦b²Ä¤G­Ó <quote>virtual console</quote> ¤W¬Ý¨ì¤@­Ó login
´£¥Ü²Å¸¹¡I·í±z·Q­n¦^¨ì­ì¨Óªº¤u§@®É¡A½Ð«ö Alt-F1¡C</para>
<para>FreeBSD ¦b¦w¸Ë®Éªº¹w³]­È¬O¨Ï¥Î¤T­Ó virtual console
(3.3-RELEASE «á¬°¤K­Ó)¡A±z¥i¥H¥Î Alt-F1¡AAlt-F2¡A¥H¤Î Alt-F3
¦b¥¦­Ì¤§¶¡°µ¤Á´«¡C</para>
<para>¦pªG±z·Q­n¦h¤@ÂI virtual console ªº¸Ü¡A±z¥u»Ý­n½s¿è
<filename>/etc/ttys</filename> ³o­ÓÀÉ (½Ð°Ñ¦Ò &man.ttys.5;)¡A
¦b <quote>Virtual terminals</quote> ³o­Óµù¸Ñ«á­±¥[¤J
<devicename>ttyv4</devicename> ¨ì <devicename>ttyvc</devicename>
ªºÄæ¦ì¡G</para>
<programlisting># Edit the existing entry for ttyv3 in /etc/ttys and change
# "off" to "on".
ttyv3 "/usr/libexec/getty Pc" cons25 on secure
ttyv4 "/usr/libexec/getty Pc" cons25 on secure
ttyv5 "/usr/libexec/getty Pc" cons25 on secure
ttyv6 "/usr/libexec/getty Pc" cons25 on secure
ttyv7 "/usr/libexec/getty Pc" cons25 on secure
ttyv8 "/usr/libexec/getty Pc" cons25 on secure
ttyv9 "/usr/libexec/getty Pc" cons25 on secure
ttyva "/usr/libexec/getty Pc" cons25 on secure
ttyvb "/usr/libexec/getty Pc" cons25 on secure</programlisting>
<para>±z·Q¥Î´X­Ó´N³]´X­Ó¡C±z³]¶V¦h virtual terminal ¡A¥¦­Ì´N¥Î±¼
¶V¦h¨t²Î¸ê·½¡F¦pªG±z¥u¦³¤£¨ì 8MB ªº°O¾ÐÅ骺¸Ü¡A³o¼vÅT´N¤j¤F¡C
±z¥i¯à¤]·|·Q§â <literal>secure</literal> ´«¦¨
<literal>insecure</literal>¡C</para>
<important>
<para>¦pªG±z·Q­n°õ¦æ X ªº¸Ü¡A±z <emphasis>¥²¶·</emphasis>
¬°¥¦«O¯d (©ÎÃö±¼) ¦Ü¤Ö¤@­Ó virtual terminal ¡C³o´N¬O»¡¡A¦pªG
±z·Q¦b«ö¤Q¤G­Ó Alt ¥\¯àÁä®É³£¦³ login ´£¥Ü²Å¸¹¡A¦Ó¥B¤S¦b¦P¤@
³¡¹q¸£¤W¤]·Q°õ¦æ X ªº¸Ü¡A¨º»ò³o¯u¬O¤Ó¤£©¯¤F - ±z¥u¯à¥Î¤Q¤@­Ó¡C
</para>
</important>
<para>¨ú®ø¤@­Ó console ³Ì²³æªº¤èªk´N¬O§â¥¦Ãö±¼¡CÁ|¨Ò¨Ó»¡¡A¦pªG
±z¹³¤W­±Á¿ªº¤@¼Ë³]©w¤F¥þ³¡ªº 12 ­Ó terminal ¨Ã¥B·Q­n°õ¦æ X ¡A
±z¥²»Ý§â virtual terminal 12 ±q¡G</para>
<programlisting>ttyvb "/usr/libexec/getty Pc" cons25 on secure</programlisting>
<para>³]¦¨¡G</para>
<programlisting>ttyvb "/usr/libexec/getty Pc" cons25 off secure</programlisting>
<para>¦pªG±zªºÁä½L¥u¦³ 10 ­Ó¥\¯àÁ䪺¸Ü¡A±z´N­n§ï¦¨³o¼Ë¡G</para>
<programlisting>ttyv9 "/usr/libexec/getty Pc" cons25 off secure
ttyva "/usr/libexec/getty Pc" cons25 off secure
ttyvb "/usr/libexec/getty Pc" cons25 off secure</programlisting>
<para>(±z¤]¥i¥Hª½±µ§â³o´X¦æ¬å±¼¡C)</para>
<para>¤@¥¹±z§ï¤F <filename>/etc/ttys</filename>¡A¤U¤@­Ó¨BÆJ´N¬O­n
½T©w±z¦³¨¬°÷ªº virtual terminal ¸Ë¸m¡C³Ì²³æªº¤èªk´N¬O¡G</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV vty12</userinput></screen>
<para>¦A¹L¨Ó¡A·Q­n±Ò°Ê³o¨Ç virtual console ³Ì²³æ (¤]¬O³Ì°®²b)
ªº°µªk´N¬O­«¶}¾÷¡CµM«á¡A¦pªG±z¤£·Q­«¶}¾÷ªº¸Ü¡A±z¥i¥H§â X Window
Ãö±¼¡AµM«á¥Î <username>root</username> ªº¨­¥÷°õ¦æ¤U¦C«ü¥O¡G</para>
<screen>&prompt.root; <userinput>kill -HUP 1</userinput></screen>
<para>·í±z°õ¦æ³o­Ó©R¥O«e¡A±z¤@©w­n§¹¥þ§â X Window Ãö±¼¡C¦pªG
±z¤£³o»ò°µªº¸Ü¡A±zªº¨t²Î¥i¯à·|¦b±z°õ¦æ kill ©R¥O«á¥X²{·í±¼©Î
Âꦺªº±¡ªp¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="vty-from-x">
<para>§Ú­n«ç»ò±q X ¤Á´«¨ì virtual console¡H</para>
</question>
<answer>
<para>½Ð¥Î <keycombo action="simul">
<keycap>Ctrl</keycap>
<keycap>Alt</keycap>
<keycap>F<replaceable>n</replaceable></keycap>
</keycombo> ¥H¤Á¦^¦Ü virtual console¡C
<keycombo action="simul">
<keycap>Ctrl</keycap>
<keycap>Alt</keycap>
<keycap>F1</keycap>
</keycombo> ¥i¥H¤Á¦^¦Ü²Ä¤@­Ó virtual console¡C</para>
<para>·í§A¤Á¦^¦Ü¤å¦r console «á¡A§A´N¥i¥H¨Ï¥Î¤@¯ë
<keycombo action="simul">
<keycap>Alt</keycap>
<keycap>F<replaceable>n</replaceable></keycap>
</keycombo> «öÁä²Õ¦X¡A¦b¦U console ¤§¶¡¤Á´«¡C</para>
<para>­n¦^¨ì X ªº¸Ü¡A§A¥²¶·¤Á¦^¦Ü°õ¦æ X ªº virtual console¡C
¦pªG§A¬O±q©R¥O¦C¸Ì°_°Ê X ªº¸Ü (¨Ò¦p¨Ï¥Î <command>startx</command>
«ü¥O)¡A¨º»ò X ·|¨Ìªþ¦b¤U¤@­Ó¥¼¨Ï¥Îªº virtual console¡A¦Ó¤£¬O¥¦³Q
°_°Êªº¤å¦r console¡C¦pªG§A¦³¤K­Ó¨Ï¥Î¤¤ªº virtual terminal¡A¨º»ò
X ´N·|¦b²Ä¤E­Ó¤W°õ¦æ¡A§A´N¥i¥H¨Ï¥Î
<keycombo action="simul">
<keycap>Alt</keycap>
<keycap>F9</keycap>
</keycombo> ¥Hªð¦^¦Ü X ¤¤¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="xdm-boot">
<para>§Ú­n«ç»ò°µ¤~¯à¦b¶}¾÷®É±Ò°Ê XDM¡H</para>
</question><answer>
<para>¦³¨âºØ¤èªk¥i¥H±Ò°Ê <ulink
URL="http://www.FreeBSD.org/cgi/man.cgi?manpath=xfree86&amp;query=xdm">
xdm</ulink>¡C¤@ºØ¤èªk¬O±q <filename>/etc/ttys</filename> ¨Ó±Ò°Ê¡A
¥i¥H°Ñ¦Ò &man.ttys.5; »¡©ú¤å¥ó¤¤ªº½d¨Ò¡F¥t¤@ºØ¤èªk¬O¦b
<filename>rc.local</filename> (½Ð°Ñ¦Ò &man.rc.8;) °õ¦æ xdm¡A©Î¬O
¦b <filename>/usr/local/etc/rc.d</filename> ©ñ¤@­Ó
<filename>X.sh</filename>¡C³o¨âºØ¤èªk³£¬O¦Xªkªº¡A¦pªG±z¸Õ¬Y¤@ºØ
¤èªkµL®Äªº¸Ü¡A±z¥i¥H¸Õ¸Õ¥t¥~¤@ºØ¡C³o¨âºØ¤èªkªºµ²ªG¬O¤@¼Ëªº¡GX
·|Åã¥Ü¤@­Ó¹Ï§Î¤Æªº login: ´£¥Ü¡C</para>
<para>¥Î ttys ªº¤èªkªºÀuÂI¡A¦b©ó«ü©ú¤F X ¦b±Ò°Ê®É¨ì©³¬O¥Î¨º­Ó vty¡A
¨Ã¥B±N logout ®É­«·s±Ò°Ê X server ªº³d¥ô¥áµ¹ init¡C rc.local
ªº¤èªk«h¬O¦b·í±Ò°Ê X ¥X¤F°ÝÃD®É¡A¥i¥H«Ü»´ÃP¦a§â xdm ±þ±¼¨Ó¸Ñ¨M
°ÝÃD¡C</para>
<para>¦pªG¬O¥Î rc.local ªº¤èªk¡A¦b°õ¦æ <command>xdm</command>
®É±z¤£¯à¥[¥ô¦ó°Ñ¼Æ¡]¤]´N¬O¶]¦¨ daemon¡^¡C¥²¶·¦b getty °õ¦æ«á
¤~¯à±Ò°Ê xdm¡A§_«h getty ©M xdm ·|¤¬¬Û½Ä¬ð¦ÓÂê¦í console¡C³Ì¦nªº
¤è¦¡¬O¦b script ¤¤¥[­Ó sleep¡AÅý¥¦¼È°± 10 ¬íÄÁ¥ª¥k¡A±µµÛ¤~°õ¦æ
xdm¡C</para>
<para>¦pªG§A¬O±q <filename>/etc/ttys</filename> ±Ò°Ê
<command>xdm</command>¡A<command>xdm</command> »P &man.getty.8;
¤´¦³¾÷·|¤¬¬Û½Ä¬ð¡C¤@­ÓÁקK¥¦ªº¤èªk¡A´N¬O¦b
<filename>/usr/X11R6/lib/X11/xdm/Xservers</filename> Àɮפ¤¥[¤J
<literal>vt</literal> ¼Æ¦r¡C</para>
<programlisting>:0 local /usr/X11R6/bin/X vt4</programlisting>
<para>¤W­±ªº¨Ò¤l¤¤¡A·|«ü¥Ü X server ¦b <devicename>/dev/ttyv3
</devicename> ¤¤°õ¦æ¡C½Ðª`·N¼Æ¦r¬O®t¤@ªº¡CX server ±q¤@¶}©l¼Æ
vty¡A¦Ó FreeBSD ®Ö¤ß«h¬O±q¹s¶}©l¼Æ vty ªº¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="xconsole-failure">
<para>¬°¤°»ò·í§Ú°õ¦æ xconsole ®É¡Aµo¥Í¤F
<errorname>Couldn't open console</errorname> ªº¿ù»~¡H</para>
</question>
<answer>
<para>¦pªG§A¬O¥Î <command>startx</command> ¨Ó±Ò°Ê <command>startx
</command> ªº¸Ü¡A<devicename>/dev/console</devicename> ªºÅv­­¨Ã
<emphasis>¤£·|</emphasis> §ïÅÜ¡Aµ²ªG´N¬O <command>xterm -C
</command> ©M <command>xconsole</command> ³oÃþªºµ{¦¡µLªk
¥¿±`°õ¦æ¡C</para>
<para>³o¤@¤Áªº°ÝÃD¡A³£¬O¦]¬° console ªºÅv­­¬O±Ä¥Î¨t²Î¹w³]­È¡C
¦b¤@­Ó¦h¨Ï¥ÎªÌªº¨t²Î¸Ì¡A§Ú­Ì¤£§Æ±æ¨C­Ó¨Ï¥ÎªÌ³£¥i¥Hª½±µ¼g¤J¨t²Î
console ¡C¦pªG¨Ï¥ÎªÌ¬O±q¾÷¾¹ªº VTY ª½±µ login ªº¸Ü¡A¨º»ò
&man.fbtab.5; ¥i¥H¸Ñ¨M³oÃþªº°ÝÃD¡C</para>
<para>²³æ¦a»¡¡A½Ð½T«O <filename>/etc/fbtab</filename> (½Ð°Ñ¦Ò
&man.fbtab.5;) ³o­ÓÀɮפ¤ªº³o¤@¦æ¨S¦³³Qµù¸Ñ±¼¡G</para>
<programlisting>/dev/ttyv0 0600 /dev/console</programlisting>
<para>³o¤@¦æ³]©wªº¦s¦b¥i¥H½T«O±q <devicename>/dev/ttyv0</devicename>
µn¤Jªº¨Ï¥ÎªÌ¥i¥H±±¨î console¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="xfree86-root">
<para>¥H«e§Ú¥i¥H¥H¤@¯ë¨Ï¥ÎªÌ°õ¦æ XFree86¡A¬°¤°»ò²{¦b¥¦»¡§Ú¤@©w­n
¥H <username>root</username> ¤~¯à°õ¦æ¡H</para>
</question>
<answer>
<para>©Ò¦³ªº X server ³£»Ý­n¥H <username>root</username> ¨Ó°õ¦æ¡A
¤~¯àª½±µ¦s¨ú§Aªºµø°TµwÅé¡Cª©¥»ªº XFree86 (&lt;= 3.3.6) ·|¦Û°Ê
±N©Òªþªº server ¥H§Q¥Î <username>root</username> ¨­¥÷°õ¦æªº¤è¦¡
¦w¸Ë°_¨Ó (setuid ¬° <username>root</username>)¡C¥Ñ©ó X server
³£¬OÅé¿nÃe¤j¤S½ÆÂøªºµ{¦¡¡AÅã¦Ó©ö¨£¦a¡A³o¬O¤@­Ó¦w¥þ¤Wªº¨aÃø¡C
¦]¬°³o­Ó­ì¦]¡A·sª©ªº XFree86 ´N¤£±N³o¨Ç server ¥H setuid ¬°
<username>root</username> ªº¤è¦¡¦w¸Ë¡C
<para>«Ü©úÅã¦a¡A§Ú­Ì§¹¥þµLªk±µ¨ü±N X server ¥H
<username>root</username> ªº¨­¥÷°õ¦æ¡C°_½X´N¦w¥þ¤W¤£¬O­Ó¦n¥D·N¡C
¦³¨âºØ¤èªk¥i¥H¥H¤@¯ë¨Ï¥ÎªÌªº¨­¥÷¨Ï¥Î X¡C²Ä¤@¬O§Q¥Î
<command>xdm</command> ©Î¬O¨ä¥¦ªº display manager (¨Ò¦p
<command>kdm</command>)¡F²Ä¤G¬O§Q¥Î <command>Xwrapper</command>¡C
</para>
<para><command>xdm</command> ¬O¤@­Ó³B²z¹Ï§Î¬É­±µn¤Jªº daemon¡C
¥¦³q±`¦b¶}¾÷®É°õ¦æ°_¨Ó¡A¦Ó¥B­t³d¹ï¨Ï¥ÎªÌ§@¨­¥÷»{ÃÒ¡A¥H¤Î°_°Ê
¨Ï¥ÎªÌªº¤u§@Àô¹Ò¡F¥¦¥i»¡¬O¹Ï§ÎÀô¹Ò¤Uªº &man.getty.8; »P
&man.login.1; ªº¹ïÀ³µ{¦¡¡C·Q±oª¾§ó¦h¦³Ãö <command>xdm</command>
ªº¸ê°T¡A½Ð°Ñ¦Ò <ulink url="http://www.xfree86.org/support.html">
XFree86 ¤å¥ó</ulink>¡A¥H¤Î¨ä <link linkend="xdm-boot">FAQ
¶µ¥Ø</link>¡C</para>
<para><command>Xwrapper</command> ¬O X server ªº¥]¸Ëµ{¦¡¡F¥¦¥i¥H
Åý¤@¯ë¨Ï¥ÎªÌ¥i¥H¤â°Ê°_°Ê X server ªº¤p¤u¨ã¡A¦ÓÁÙ¯àºû«ù¤@©wªº¦w¥þ
Àô¹Ò¡C¥¦·|Àˬd¶Ç¤Jªº©R¥O¦C°Ñ¼Æ¡A¦pªG¨S°ÝÃDªº¸Ü¡A´N°_°Ê¾A·íªº
X server¡C¦pªG§A¦]¬°¬YºØ²z¥Ñ¦Ó¤£·Q°õ¦æ display manager ªº¸Ü¡A
¥¦¬O¬°§A¦Ó³]©wªº¡C¦pªG§A¦w¸Ë¤F§¹¾ãªº ports¡A§A¥i¥H¦b
<filename>/usr/ports/x11/wrapper</filename> ¤¤§ä¨ì¥¦¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ps2-x">
<para>§Úªº PS/2 ·Æ¹«¦b X ¤¤¦³ÂI¤£¥¿±`¡H</para>
</question>
<answer>
<para>±zªº·Æ¹«©M±zªº·Æ¹«ÅX°Êµ{¦¡¥i¯à¦s¦b¦³¤£¦P¨Bªº²{¶H¡C</para>
<para>¦b 2.2.5 ¥H¤Î§ó¦­ªº¨t²Î¸Ì¡A±q X ¤Á¨ì virtual terminal µM«á
¦A¤Á¦^¨Ó´N¥i¥H¨Ï¥¦­Ì­«·s°µ¦P¨Bªº°Ê§@¡C¦pªG³o­Ó°ÝÃD±`±`µo¥Íªº¸Ü¡A
±z¥i¥H¦b±zªº®Ö¤ß³]©wÀɤ¤¥[¤J¤U­±³o­Ó¿ï¶µµM«á­«·s½sĶ¡G</para>
<programlisting>options PSM_CHECKSYNC</programlisting>
<para>¦pªG±z¨S¦³«Ø¥ß®Ö¤ßµ{¦¡ªº¸gÅç¡A½Ð¬Ý
<link linkend="make-kernel">¦Û­q®Ö¤ß</link> ³o¤@¸`¡C</para>
<para>¥[¤W³o­Ó¿ï¶µ¥H«á¡A·Æ¹«©M·Æ¹«ÅX°Êµ{¦¡¶¡ªº¦P¨B°ÝÃDÀ³¸Ó´N¤ñ¸û
¤£·|¥X²{¤F¡C¦pªG³o­Ó°ÝÃD¤´µM¦s¦bªº¸Ü¡A¦b²¾°Ê·Æ¹«®É«ö«ö·Æ¹««öÁä
¥i¥H¨Ï·Æ¹«©M·Æ¹«ÅX°Êµ{¦¡­«·s°µ¦P¨Bªº°Ê§@¡C</para>
<para>¸Óª`·Nªº¬O³o­Ó¿ï¶µ¨Ã¤£¬O¹ï¨C¤@­Ó¨t²Î³£¦³®Ä¡A¥¦¥i¯à·|Åý±µ¦b
PS/2 ·Æ¹«¦ì¸mªº ALPS GlidePoint ¸Ë¸m¥¢¥h <quote>tap</quote>
³o¶µ¥\¯à¡C</para>
<para>¦b 2.2.6 ¤Î¨ä«áªºª©¥»¡A¦P¨Bªº½T»{¤w¸g¦³¤F¸û¦nªº¸Ñ¨M¿ìªk¡A
¦Ó¥B³o¨Ç³£¤w¸g¬O PS/2 ·Æ¹«ÅX°Êµ{¦¡ªº¼Ð·Ç¤F¡C³o­Ó¤èªk¤]¥i¥H¦b
GlidePoint ¤W¥¿±`¤u§@¡C (¦]¬°½T»{ªºµ{¦¡½X¤w¸g¦¨¬°¤@­Ó¼Ð·Ç¥\¯à¡A
©Ò¥H¦b³o¨Çª©¥»¤¤§Ú­Ì¤£¦b´£¨Ñ PSM_CHECKSYNC ªº¿ï¶µ¤F¡C) ¤£¹L¦b
·¥¤Ö¼Æªº®×¨Ò¤¤¡A³o¨ÇÅX°Êµ{¦¡·|»~³ø¦P¨B©Ê¿ù»~¡AµM«á±z´N·|¬Ý¨ì
³o¼Ëªº®Ö¤ß°T®§¡G</para>
<programlisting>psmintr: out of sync (xxxx != yyyy)</programlisting>
<para>µM«á±z´N·|µo²{±zªº·Æ¹«¤£¯à¥¿±`¹B§@¤F¡C</para>
<para>¦pªG±zµo¥Í¤F³o¼Ëªºª¬ªp¡A±z¥²¶·Âǥѧâ PS/2 ·Æ¹«ÅX°Êµ{¦¡ªº flag
³]¦¨ 0x100 ¨Ó§â¦P¨B½T»{ªºµ{¦¡½Xµ¹¨ú®ø±¼¡CµM«á¦b¶}¾÷´£¥Ü²Å¸¹®É¥Î
<option>-c</option> ¿ï¶µ¨Ó¶i¤J <emphasis>UserConfig</emphasis>¡G
</para>
<screen>boot: <userinput>-c</userinput></screen>
<para>µM«á¡A¦b <emphasis>UserConfig</emphasis> ©R¥O¦C¤¤Áä¤J¡G</para>
<screen>UserConfig&gt; <userinput>flags psm0 0x100</userinput>
UserConfig&gt; <userinput>quit</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="ps2-mousesystems">
<para>§Úªº PS/2 ·Æ¹«¤£¯à³z¹L MouseSystem ¨Ó¹B§@¡H</para>
</question>
<answer>
<para>¦³¤@¨Ç³ø§i«ü¥X¬Y¨Ç¼tµPªº PS/2 ·Æ¹«¥u¯à¦b
<quote>°ª¸ÑªR«×</quote> ª¬ºA¤U¤~¯à¹B§@¡C¦pªG¤£¬Oªº¸Ü¡A·Æ¹«´å¼Ð
·|±`±`¶]¨ì¿Ã¹õªº¥ª¤W¨¤¥h¡C</para>
<para>«D±`¤£©¯ªº¡A³o­Ó°ÝÃD¦b 2.0.X ©M 2.1.X ¤U¬OµL¸Ñªº¡C¦b 2.2
¨ì 2.2.5 ª©¡A±z¥i¥H¹ï <filename>/sys/i386/isa/psm.c</filename>
¨Ï¥Î¤U¦C patch µM«á­««Ø±zªº®Ö¤ß¡C¦pªG±z¨S¦³«Ø¥ß®Ö¤ßµ{¦¡ªº¸gÅç¡A
½Ð¬Ý <link linkend="make-kernel">¦Û­q®Ö¤ß</link> ³o¸`¡C</para>
<programlisting>@@ -766,6 +766,8 @@
if (verbose &gt;= 2)
log(LOG_DEBUG, "psm%d: SET_DEFAULTS return code:%04x\n",
unit, i);
+ set_mouse_resolution(sc-&gt;kbdc, PSMD_RES_HIGH);
+
#if 0
set_mouse_scaling(sc-&gt;kbdc); /* 1:1 scaling */
set_mouse_mode(sc-&gt;kbdc); /* stream mode */</programlisting>
<para>¦b 2.2.6 ¤Î¥H«áªºª©¥»¡A¦b PS/2 ·Æ¹«ÅX°Êµ{¦¡¤¤³]©w 0x04 ªº
flag ·|§â·Æ¹«³]¦¨°ª¸ÑªR«×¼Ò¦¡¡C¦b¶}¾÷´£¥Ü²Å¸¹®É¥Î
<option>-c</option> ¿ï¶µ¨Ó¶i¤J <emphasis>UserConfig</emphasis>¡G
</para>
<screen>boot: <userinput>-c</userinput></screen>
<para>µM«á¡A¦b <emphasis>UserConfig</emphasis> ªº©R¥O¦C¤¤Áä¤J¡G
</para>
<screen>UserConfig&gt; <userinput>flags psm0 0x04</userinput>
UserConfig&gt; <userinput>quit</userinput></screen>
<para>«e¤@¸`¦³´£¨ì¥t¤@­Ó¥i¯à¾É­P·Æ¹«°ÝÃDªº­ì¦]¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="imake-tmpl">
<para>·í§Ú«Ø¥ß X µ{¦¡®É¡A<command>imake</command> »¡¥¦§ä¤£¨ì
<filename>Imake.tmpl</filename>¡C¥¦¦b­þ¨à¡H</para>
</question>
<answer>
<para><filename>Imake.tmpl</filename> ¬O Imake ®M¥óªº¤@³¡¥÷¡AImake
¬O¼Ð·Çªº«Ø¥ß X µ{¦¡ªº¤u¨ã¡C <filename>Imake.tmpl</filename>
©M¨ä¥L¼Æ­Ó header file ¤@¼Ë¬O«Ø¥ß X µ{¦¡ªº¥²­nÀɮסA±z¥i¥H¦b
X prog distribution ¤¤§ä¨ì¥¦­Ì¡C±z¥i¥H¥Î sysinstall ¨Ó¦w¸Ë©Î¬O
ª½±µ±q X distribution ¤¤¤â°Ê¦w¸Ë¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="xfree86-version">
<para>§Ú¦b build ¤@­Ó X À³¥Îµ{¦¡¡A¥¦»Ý­n XFree86 3.3.x¡A¦ý¬O
§Ú¤w¸g¦w¸Ë XFree86 4.x ¤F¡C§Ú¸Ó«ç»ò¿ì¡H</para>
</question>
<answer>
<para>­n§i¶D port ¦b½sĶµ{¦¡®É¡A¨Ï¥Î XFree86 4.x ¨ç¦¡®w¡A§A¥i¥H
¦b <filename>/etc/make.conf</filename> ¸Ì (¦pªG§A¨S¦³³o­ÓÀÉ¡A
½Ð«Ø¥ß¥¦) ¥[¤W¤U­±³o¤@¦æ¡G</para>
<programlisting>XFREE86_VERSION= 4</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="mouse-button-reverse">
<para>§Ú­n«ç»ò°µ¤~¯à³]©w¥ªºJ¤l¥Îªº·Æ¹«¡H</para>
</question>
<answer>
<para>¦b±zªº <filename>.xinitrc</filename> ©Î¬O
<filename>.xsession</filename> ¤¤°õ¦æ
<literal>xmodmap -e "pointer = 3 2 1"</literal> ªº«ü¥O¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="install-splash">
<para>­n¦p¦ó¦w¸Ë splash ¹Ï§ÎÅã¥Üµ{¦¡¡H¨º¸Ì¥i¥H§ä±o¨ì©O¡H</para>
</question>
<answer>
<para>´N¦bµo¦æ FreeBSD 3.1 ¤§«e¡A§Ú­Ì¥[¶i¤F¦b¶}¾÷®ÉÅã¥Ü
<quote>splash</quote> ¹Ï§Îªº·s¥\¯à¡C¥Ø«e¥Î¨ÓÅã¥Ü¦b¿Ã¹õ¤WªºÀÉ®×
¥²¶·¬O 256 ¦âªºÂI¯x°}¹Ï§Î (<filename>*.BMP</filename>) ©Î ZSoft
PCX(<filename>*.PCX</filename>) ªº®æ¦¡¡C°£¦¹¤§¥~¡A¸ÑªR«×¤]¥²¶·¦b
320x200 ¥H¤U¡A¤~¯à©M¼Ð·Ç VGA Åã¥Ü¥d·f°t¨Ï¥Î¡C¦pªG±z½sĶ kernel
®É¦³¥[¤J VESA ¤ä´©¡A¨º»ò³Ì¤j¸ÑªR«×¥i¥H¨ì 1024x768¡Cª`·N VESA ªº
¤ä´©»Ý­n¥[¤J <literal>VM86</literal> ³o­Ó kernel ¿ï¶µ¡CVESA
¤ä´©¹ê»Ú¤W¥i¥H¦b½sĶ kernel ®É¥[¤J <literal>VESA</literal> ¿ï¶µ¡B
©Î¸ü¤J VESA ªº kld module ¨Ó¹F¦¨¡C</para>
<para>±z­n­×§ï±±¨î FreeBSD ¶}¾÷¨BÆJªº³]©wÀÉ¡A¤~¯à¨Ï¥Î splash
Åã¥Ü¹Ï§Îªº¥\¯à¡C³]©wÀɦbµo¦æ FreeBSD 3.2 «e¦³¨Ç§ó°Ê¡A©Ò¥H²{¦b
¦³¨â­Ó¤èªk¥i¥H¸ü¤J splash ªº¥\¯à¡G</para>
<itemizedlist>
<listitem>
<para>FreeBSD 3.1</para>
<para>¥ý¿ï¥X¥Î¨ÓÅã¥Ü¦b¿Ã¹õ¤Wªº¹Ï§Î¡A3.1 ª©¥u¤ä´© Windows
ªºÂI¯x°}®æ¦¡¡C¿ï¦n¤F±z­nªº¹ÏÀÉ«á¡A±N¥¦«þ¨ì <filename>
/boot/splash.bmp</filename>¡C±µµÛ§â¤U­±´X¦æ¥[¤J
<filename>/boot/loader.rc</filename> ¤¤¡G</para>
<programlisting>load kernel
load -t splash_image_data /boot/splash.bmp
load splash_bmp
autoboot</programlisting>
</listitem>
<listitem>
<para>FreeBSD 3.2+</para>
<para>°£¤F¥[¤J¹ï PCX Àɮתº¤ä´©¥~¡AFreeBSD 3.2 ¤]§ï¶i¤F
¶}¾÷µ{§Çªº³]©w¤è¦¡¡C¦pªG±zÄ@·Nªº¸Ü¡A¥i¥H¥Î¤W­z FreeBSD 3.1
ªº¤èªk¡A±N <literal>splash_bmp</literal> ´«¦¨
<literal>splash_pcx</literal> ¨Ó¸ü¤J PCX ÀɮקY¥i¡C
¦pªG·Q¥Î·sªº³]©w¤è¦¡¡A±zªº <filename>/boot/loader.rc
</filename> ¥²¶·¥]¬A³o´X¦æ¡G</para>
<programlisting>include /boot/loader.4th
start</programlisting>
<para>Áٻݭn¤@­Ó¥]§t¥H¤U´X¦æªº <filename>/boot/loader.conf
</filename>¡G</para>
<programlisting>splash_bmp_load="YES"
bitmap_load="YES"</programlisting>
<para>³o¬O°²³]±z¥Î <filename>/boot/splash.bmp</filename>
¨Ó·í§@ splash ªº¿Ã¹õÅã¥Ü¡C¦pªG·Q¥Î PCX ªºÀɮסA§â¥¦«þ¦¨
<filename>/boot/splash.pcx</filename>¡A¦p¤W­z°µ¥X
<filename>/boot/loader.rc</filename>¡A¦A±N³o´X¦æ¥[¨ì
<filename>/boot/loader.conf</filename> ¤¤¡G</para>
<programlisting>splash_pcx_load="YES"
bitmap_load="YES"
bitmap_name="/boot/splash.pcx"</programlisting>
</listitem>
</itemizedlist>
<para>²{¦b´N¥u³Ñ¤U splash ¥Î¨ÓÅã¥Üªº¹ÏÀÉ¡A±z¥i¥H¦b
<ulink URL="http://www.baldwin.cx/splash/">http://www.baldwin.cx/splash/</ulink> §ä¨ì¦UºØ¼Ë«~¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="windows-keys">
<para>§Ú¯à¦b X ¸Ì¨Ï¥ÎÁä½L¤Wªº <trademark class="registered">Windows
</trademark> ¶Ü¡H</para>
</question>
<answer>
<para>¥i¥H¡C§A©Ò­n§@ªº¡A´N¬O§Q¥Î &man.xmodmap.1; ¥h©w¸q§A·Q¨Ï¥Î
ªº¥\¯à¡C</para>
<para>°²³]©Ò¦³ªº <quote><trademark class="registered">Windows</trademark></quote> ³£¬O¼Ð·Çªº¡A
¨º¥¦­Ìªº keycode ¤À§O¬°¡G</para>
<itemizedlist>
<listitem>
<para>115 - <trademark class="registered">Windows</trademark> Áä¡A
¦b¥ª¤âªº Ctrl »P Alt Á䤧¶¡</para>
</listitem>
<listitem>
<para>116 - <trademark class="registered">Windows</trademark> Áä¡A
¦b Alt-Gr Áä¥kÃä</para>
</listitem>
<listitem>
<para>117 - ¿ï³æÁä¡A¥k¤âªº Ctrl Á䥪Ãä</para>
</listitem>
</itemizedlist>
<para>­nÅý¥ªÃ䪺 <trademark class="registered">Windows</trademark>
Áä¦L¥X¤@­Ó³rÂI¡A¸Õ¸Õ³o­Ó¡G</para>
<screen>&prompt.root; <userinput>xmodmap -e "keycode 115 = comma"</userinput></screen>
<para>§A¥i¯à­n­«¶]§Aªº windows manager¡A¤~·|¦³°Ê§@¡C</para>
<para>­nÅý <trademark class="registered">Windows</trademark> Áä
ªº¹ï¬M¦b¨C¦¸ X °_°Ê®É¦Û°Ê³]©w¦n¡A§A¥i¥H¦b§Aªº
<filename>~/.xinitrc</filename> ¸Ì¥[¤W <command>xmodmap</command>¡A
©Î¬O³Ì¦n«Ø¥ß¤@­Ó <filename>~/.xmodmaprc</filename> ÀɮסA¸Ì­±
¨C¤@¦æ´N¬O¤@­Ó <command>xmodmap</command> ªº¿ï¶µ¡AµM«á¦b§Aªº
<filename>~/.xinitrc</filename> ¸Ì¥[¤W¡G</para>
<programlisting>xmodmap $HOME/.xmodmaprc</programlisting>
<para>³o¤@¦æ¡C</para>
<para>¨Ò¦p¡A§A·Q­n±N³o¤T­ÓÁä¦U¹ï¬M¨ì F13¡BF14 ©M F15¡C³oÅý§A¯à
¦b§Aªºµ{¦¡©Î¬O window manager ¤º±N¨ä¹ïÀ³¨ì«K§Qªº¥\¯à¤W¡Aµ¥¤@¤U
§Ú­Ì·|¥Ü½d¡C</para>
<para>§â³o¨Ç©ñ¶i <filename>~/.xmodmaprc</filename> ¸Ì¡G</para>
<programlisting>keycode 115 = F13
keycode 116 = F14
keycode 117 = F15</programlisting>
<para>°²¦p§A¥Î <command>fvwm2</command> ªº¸Ü¡A§A¥i¥H§@³o¼Ëªº¹ï¬M¡A
Åý F13 ¯à°÷Åý´å¼Ð©Ò¦bªºµøµ¡ÁY¦¨¤p¹Ï¥Ü (©Î¬O¤Ï¹L¨Ó)¡CF14 Åý´å¼Ð
©Ò¦bªºµøµ¡Åܦ¨³Ì¤W¼hªºµøµ¡¡A©Î¬O°h¨ì¤U¼h¥h (¦pªG¥¦¤w¸g¬O³Ì¤W¼h
¤Fªº¸Ü)¡CF15 «h±N Workplace (application) ¿ï³æ¥s¥X¨Ó¡A§Y¨Ï´å¼Ð
¤£¦b®à­±¤W¡C·í§A¨S¦³¥i¨£ªº®à­±°Ï°ì®É¡A³o­Ó¥\¯à´N¬Û·í¦a¤è«K (¦Ó¥B
«öÁä¤Wªº¹Ï®×©M³o­Ó¥\¯à¬Û§k¦X)¡C</para>
<para>¥H¤Uªº <filename>~/.fvwmrc</filename> ³]©w¥i§@¥X«e­zªº¥\¯à¡C
</para>
<programlisting>Key F13 FTIWS A Iconify
Key F14 FTIWS A RaiseLower
Key F15 A A Menu Workplace Nop</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="x-3d-acceleration">
<para>§Ú­n«ç»ò¼Ë¤~¯à±o¨ì OpenGL ªº 3D µwÅé¥[³t¥\¯à¡H</para>
</question>
<answer>
<para>3D ¥[³t¥\¯àªº¦³µL¡Aµø§A©Ò¨Ï¥Îªº XFree86 ª©¥»»PÅã¥Ü´¹¤ù
ªº«¬¸¹¦Ó©w¡C¦pªG§Aªº¬O NVIDIA ´¹¤ùªº¸Ü¡A½Ð¥h
<ulink url="http://nvidia.netexplorer.org/">FreeBSD NVIDIA
Driver Initiative </ulink> ºô­¶¬Ý¬Ý¡A¨º¸Ì¦³¦b XFree86-4 ¤W¨Ï¥Î
NVIDIA ´¹¤ùªº 3D ¥[³t¥\¯àªº°Q½×¡CXFree86-4 ¤Wªº¨ä¥¦Åã¥Ü¥d¼tµP
µwÅé¥[³t¥\¯àªº¸ê°T¡A ¥]¬A Matrox G200/G400, ATI Rage 128/Radeon,
3dfx Voodoo 3, 4, 5, ¥H¤Î Banshee¡A¥i¦b <ulink
url="http://gladstone.uoregon.edu/~eanholt/dri/">XFree86-4
Direct Rendering on FreeBSD</ulink> ºô­¶¤W§ä¨ì¡CXFree 3.3 ªº
¨Ï¥ÎªÌ¥i¥H¨Ï¥Î Utah-GLX port¡A¥¦¥i¥H¦b
<filename role="package">graphics/utah-glx</filename> §ä¨ì¡C
¨Ï¥Î¥¦¥i¥H¦b Matrox Gx00, ATI Rage Pro, SiS 6326, i810,
Savage, ¥H¤Îªº NVIDIA ¤W±o¨ì¦³­­ªº OpenGL ¥[³t¡C</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="networking">
<chapterinfo>
<author>
<firstname>Biing Jong</firstname>
<surname>Lin</surname>
<affiliation>
<address><email>bjlin@stic.gov.tw</email></address>
</affiliation>
</author>
</chapterinfo>
<title>Networking</title>
<qandaset>
<qandaentry>
<question id="diskless-booting">
<para>§ÚÀ³¸Ó¨ì­þÃä§ä¦³ÃöµLºÏºÐ¶}¾÷
<quote>diskless booting</quote> ªº¸ê®Æ¡H</para>
</question>
<answer>
<para><quote>Diskless booting</quote> ´N¬OÅý FreeBSD ¥D¾÷±qºô¸ô
¤W¶}¾÷¡A¨Ã¥B±qºô¸ô¤Wªº server ¤WŪ¨ú¨ä¥L¥²­nªºÀɮסA¦Ó«D¥Ñ¥D¾÷
ªºµwºÐ¤W¨ú±o³o¨ÇÀɮסC¸Ô²Óªº¸ê®Æ¥i¥H°Ñ¦Ò <ulink
URL="../handbook/diskless.html"> FreeBSD ¤â¥UªºµLºÏºÐ¶}¾÷½g
</ulink>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="router">
<para>FreeBSD ªº¥D¾÷¥i¥H·í§@¬Y­Óºô¸ô¤Wªº¸ô¥Ñ¾¹(router)¶Ü¡H</para>
</question>
<answer>
<para>¬Oªº¡C½Ð°Ñ¦Ò FreeBSD ¤â¥Uªººô¸ô¶i¶¥½g <ulink
url="../handbook/routing.html"> advanced
networking</ulink>¡A¤×¨ä¬O¸ô¥Ñ»P¹h¹D¾¹ <ulink
url="../handbook/routing.html#DEDICATED-ROUTER">routing
and gateways</ulink>ªº³¡¤À¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="win95-connection">
<para>§Ú¥i¥H³z¹L FreeBSD ±N§Úªº Win95 ¾÷¾¹³s¤W Internet ¶Ü¡H</para>
</question>
<answer>
<para>°ò¥»¤W¡A·|°Ý³oºØ°ÝÃDªº¤H¦b®a¸Ì¦Ü¤Ö¦³¨â¥x¹q¸£¡A¤@¥x¶] FreeBSD
¥t¥~¤@¥x¶] Win95¡F³o­Ó·Qªk¬O±N FreeBSD ¥D¾÷³s¤W Internet¡AµM«á³z
¹L³o¥x FreeBSD ¥D¾÷¡AÅý¶] Win95 ªº¹q¸£¯à°÷¤Wºô¡C³o­Ó°ÝÃDºâ¬O«e¤@
­Ó°ÝÃDªº¤@­Ó¯S¨Ò</para> <para>... µª®×¬O¡G¥i¥Hªº¡I¦b FreeBSD 3.x
ª©¤¤¡A¨Ï¥ÎªÌ¼Ò¦¡(user-mode)ªº &man.ppp.8; ¥]§t¤F
<option>-nat</option> ¿ï¶µ¡C¦pªG§A¦b
<filename>/etc/rc.conf</filename> ¨Ï¥Î<option>-nat</option>¿ï¶µ¨Ã
³]©w <literal>gateway_enable</literal> ¬° <emphasis>YES</emphasis>
¡A¥H³oºØ³]©w±Ò°Ê &man.ppp.8; ¡A¨Ã¥B¥¿½Tªº³]©w§Aªº Windows ¥D¾÷ªº
¸Ü¡A³o­Ó°µªkÀ³¸Ó¬O¥i¥H¥¿±`¨Ï¥Îªº¡C
<para>Ãö©ó¥»¥DÃD§ó¸Ô²Óªº¸ê®Æ¥i¥H°Ñ¦Ò Steve Sims ©Ò¼¶¼gªº <ulink
URL="../ppp-primer/index.html"> Pedantic PPP Primer</ulink> ¤@¤å¡C
</para>
<para>¦pªG§A¨Ï¥Îªº¬O®Ö¤ß¼Ò¦¡ (kernel-mode) PPP¡A©ÎªÌ§A¦³°Ï°ì³s½u
(Ethernet connection) ¥i³q¹F Internet ªº¸Ü¡A§A±N»Ý­n¨Ï¥Î
&man.natd.8;¡C½Ð¬d¾\ FAQ ¤¤Ãö©ó <link linkend="natd">natd</link>
ªº³¡¤À¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="slip-ppp-support">
<para>FreeBSD ¤ä´© SLIP ©M PPP ¶Ü¡H</para>
</question>
<answer>
<para>¬Oªº¡C§A¥i¥H¬d¬d man pages ¤¤Ãö©ó &man.slattach.8;¡A
&man.sliplogin.8;¡A&man.ppp.8;¡A¥H¤Î &man.pppd.8; ªº³¡¤À¡C
&man.ppp.8; ¤Î &man.pppd.8; ´£¨Ñ¶i¥XÂù¦V³s½uªº¤ä´©¡A¥t¥~
&man.sliplogin.8; ±Mªù´£¨Ñ¶i¤J³s½uªº¤ä´©¡A¦Ó &man.slattach.8;
±Mªù´£¨Ñ¦V¥~³s½uªº¤ä´©¡C</para>
<para>¦pªG§A»Ý­n§ó¶i¤@¨Bªº¸ê®Æªº¸Ü,½Ð¬d¾\ <ulink
url="../handbook/ppp-and-slip.html">FreeBSD ¤â¥U¤¤Ãö©ó PPP »P SLIP
ªº»¡©ú</ulink>¡C</para>
<para>¦pªG§A¥u¯à°÷¹L <quote>shell account</quote> ³s½u¨ì Internet
ªº¸Ü¡A§A¤]³\¥i¥H¸Õ¸Õ <filename role="package">net/slirp</filename>
³o­Ó®M¥óµ{¦¡¡C³o­Ó®M¥óµ{¦¡¥i¥H´£¨Ñ§Aªº¹q¸£ª½±µ³s¤W¬Y¨Ç(­­©wªº)ªA°È
³s½u¡A¦p ftp ¤Î http µ¥µ¥¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="natd">
<para>FreeBSD ¤ä´© NAT ©Î Masquerading ¶Ü¡H</para>
</question>
<answer>
<para>¦pªG§A¦³¤@­ÓªñºÝªº¤lºô¸ô(¦³¤@¥x¥H¤Wªº¾÷¾¹)¡A¦ý¬O§Aªº
Internet provider «o¥u¤À°t¤@­Ó IP number µ¹§A(©ÎªÌ§A¥u¤À°t¨ì¤@­Ó
°ÊºAªº IP number)¡A§A¥i¥H°Ñ¦Ò &man.natd.8; ³o­Óµ{¦¡¡C &man.natd.8;
Åý§A¥i¥H³z¹L³o¤@­Ó IP number Åý¾ã­Ó¤lºô¸ôªº¹q¸£³£¯à³s¤W internet¡C
</para>
<para>&man.ppp.8; ³o­Óµ{¦¡¤]´£¨ÑÃþ¦üªº¥\¯à¡A¦pªG§A«ü©w
<option>-nat</option> ¿ï¶µ¡Calias library (&man.libalias.3;)
¦b³o¨â­Ó³B²z¤è¦¡¤¤³£·|³Q¨Ï¥Î¨ì¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="parallel-connect">
<para>§Ú¦p¦ó±N¨â¥x FreeBSD ¥D¾÷¥Î¥­¦æ°ð (parallel line) ³z¹L PLIP
³s½u¡H</para>
</question>
<answer>
<para>½Ð°Ñ¦Ò¤â¥U¤¤Ãö©ó <ulink url="../handbook/plip.html">PLIP
section</ulink> ªº³¡¤À¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="create-dev-net">
<para>§Ú¨S¦³¿ìªk«Ø¥ß <filename>/dev/ed0</filename> ³o­Ó device¡A
¬°¤°»ò¡H</para>
</question>
<answer>
<para>¦]¬°¤£»Ý­n¡I¦b Berkeley ºô¸ô¬[ºc¤¤¡A¥u¦³ kernel µ{¦¡½X¥i¥Hª½
±µ¦s¨úºô¸ô¬É­±¥d¡C½Ð°Ñ¦Ò <filename>/etc/rc.network</filename> ³o
­ÓÀɮשM manual pages ¨ú±o»P¨ä¥L¤£¦Pºô¸ôµ{¦¡¡C§ó¶i¤@¨Bªº¸ê°T¡G¦p
ªG§Aı±o§A§¹¥þ·d²V¤Fªº¸Ü¡A±zÀ³¸Ó§ä¤@¥»»P¨ä¥L BSD ¬ÛÃö§@·~¨t²Îºô¸ô
ºÞ²z¦³Ãö®Ñ¨Ó°Ñ¦Ò¡F°£¤F¤Ö¼ÆÅãµÛªº¤£¦P¥~¡AFreeBSD ªººô¸ôºÞ²z°ò¥»¤W©M
SunOS 4.0 ©M Ultrix ¬O¤@¼Ëªº¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ethernet-aliases">
<para>§Ú¦p¦ó«Ø¥ß Ethernet aliases¡H</para>
</question>
<answer>
<para>¦pªG§Aªº alias ¦ì§}¸ò§A¥Ø«eºô¸ô¤¶­±ªº¦ì§}¦b¦P¤@­Ó¤lºô¸ô¤Uªº
¸Ü¡A¥[¤J¤@­Ó <literal>netmask 0xffffffff</literal> ¦b§Aªº
&man.ifconfig.8; command-line¡A½d¨Ò¦p¤U¡G</para>
<screen>&prompt.root; <userinput>ifconfig ed0 alias 192.0.2.2 netmask 0xffffffff</userinput></screen>
<para>¤£µMªº¸Ü¡A´N¦p¦P¥[¤J¤@­Ó·sªººô¸ô¦ì§}¤@¼Ë¿é¤J§Aªººô¸ô¦ì§}»P¤l
ºô¸ô¾B¸n¡G</para>
<screen>&prompt.root; <userinput>ifconfig ed0 alias 172.16.141.5 netmask 0xffffff00</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="port-3c503">
<para>§Ú¦p¦ó«ü©w§Úªº 3C503 ¨Ï¥Î¨ä¥L¤£¦Pªºªº network port¡H</para>
</question>
<answer>
<para>¦pªG±z·Q¨Ï¥Î¨ä¥Lªº port¡A§A¥²¶·¦b &man.ifconfig.8; ªº©R¥O¤¤
«ü©wÃB¥~ªº°Ñ¼Æ¡C¤º©wªº port ¬O <literal>link0</literal>¡C­n¨Ï¥Î
AUI port ¥N´À BNC port ªº¸Ü¡A§ï¥Î <literal>link2</literal>¡C³o¨Ç
flags À³¸Ó§ïÅÜifconfig_* ªºÅܼƨӫü©w¡A §A¥i¥H¦b
<filename>/etc/rc.conf</filename> ³o­ÓÀɮ׸̭±§ä¨ì (½Ð°Ñ¦Ò
&man.rc.conf.5;)¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="nfs">
<para>¬°¤°»ò§Ú¦b¨Ï¥Î FreeBSD ªº NFS ®É¥X²{°ÝÃD¡H</para>
</question>
<answer>
<para>§Ú­Ì¥Î§t»W¤@ÂIªº»¡ªk¡A¬Y¨Ç PC ªººô¸ô¥d¤ñ¨ä¥Lªº¦n¡A³oºØª¬ªp¦b
³y¦¨ NFS ³oºØ¹ïºô¸ô±Ó·Pªºµ{¦¡¦³®É·|¥X²{°ÝÃD¡C</para>
<para>°Ñ¦Ò <ulink URL="../handbook/nfs.html">
the Handbook entry on NFS</ulink> ¥HÀò±o³o­Ó¥DÃDªº§ó¦h¸ê°T¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="nfs-linux">
<para>¬°¤°»ò§Ú¤£¯à NFS-mount Linux ªº¾÷¾¹¡H</para>
</question>
<answer>
<para>¬Y¨Çª©¥»ªº Linux NFS µ{¦¡½X¥u±µ¨ü privileged port ªº
mount request¡F¸Õ¥Î³o¦æ«ü¥O¬Ý¬Ý</para>
<screen>&prompt.root; <userinput>mount -o -P linuxbox:/blah /mnt</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="nfs-sun">
<para>¬°¤°»ò§Ú¤£¯à NFS-mount Sun ªº¾÷¾¹¡H</para>
</question>
<answer>
<para>¶] SunOS 4.X ªº Sun ¤u§@¯¸¥u±µ¨ü¨Ó¦Û privileged port ªº
mount request¡F¸Õ¥Î³o¦æ«ü¥O¬Ý¬Ý</para>
<screen>&prompt.root; <userinput>mount -o -P sunbox:/blah /mnt</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="exports-errors">
<para>¬°¤°»ò <command>mountd</command> ¤@ª½°­¥s»¡
<errorname>can't change attributes</errorname> ¦Ó¥B§Ú¤@ª½¬Ý¨ì
<errorname>bad exports list</errorname> ³o­Ó°T®§¦b§Úªº FreeBSD NFS
¦øªA¾¹¤W¡H</para>
</question>
<answer>
<para>³o­Ó°ÝÃD³Ì±`µo¥Íªº­ì¦]¬O¦b©ó¤£¤F¸Ñ
<filename>/etc/exports</filename> ªº¥¿½T®æ¦¡¡C½Ð¸ÔŪ
&man.exports.5; ¥H¤Î¤â¥U¤¤Ãö©ó <ulink
url="../handbook/nfs.html">NFS</ulink> ªº³¡¤À¡A¯S§O¬O<ulink
url="../handbook/nfs.html#CONFIGURING-NFS">configuring
NFS</ulink>³o¤@¬q¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-nextstep">
<para>¬°¤°»ò§Ú¦b¨Ï¥Î PPP ³s½u¨ì NeXTStep ¾÷¾¹®É¦³°ÝÃD¡H</para>
</question>
<answer>
<para>§â TCP extensions ¨ú®ø¡A³o­Ó³]©w¦b
<filename>/etc/rc.conf</filename> ¸Ì­±(°Ñ¦Ò &man.rc.conf.5;) §â
¥H¤U³o­Ó­È³]¦¨ NO¡G</para>
<programlisting>tcp_extensions=NO</programlisting>
<para>Xylogic ªº Annex ¥D¾÷¤]¦³¬Û¦Pªº°ÝÃD¡A±z­n°µ¬Û¦Pªº­×§ï¤~¯à³s
¤W³o¨Ç¥D¾÷¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ip-multicast">
<para>§Ú­n«ç¼Ë¤~¯à§â IP multicast support ¥´¶}¡H</para>
</question>
<answer>
<para>FreeBSD 2.0 ¥H«áªºª©¥»¤º©w³£¦³ ¤ä´© Multicast host ¾Þ§@¡C¦pªG
±z·Q±N±zªº¥D¾÷³]©w¦¨ multicast router ªº¸Ü¡A±z¥²¶·­«·s compile ±z
ªº kernel¡A¥[¤J <literal>MROUTING</literal> ªº¿ï¶µ¡A¨Ã¥B°õ¦æ
&man.mrouted.8; FreeBSD 2.2 ¤Î¤§«áªºª©¥»·|¦b¶}¾÷®É°õ¦æ
&man.mrouted.8; ¦pªG¦b <filename>/etc/rc.conf</filename> ¤¤
<literal>mrouted_enable</literal> ³]©w¬° <literal>"YES"</literal>
</para>
<para>MBONE ªº¦UºØ¤u¨ã¥i¥H¦b¥L­Ì ports ¤U©ÒÄÝ¥s°µ <ulink
url="http://www.FreeBSD.org/ports/mbone.html">mbone</ulink> ¥Ø¿ý
¤¤§ä¨ì¡C¦pªG±z¦b§äµø°T·|ijªº¤u¨ã¦p <command>vic</command> ¥H¤Î
<command>vat</command>ªº¸Ü¡A¨ì¨ºÃä§ä§ä§a¡I</para>
</answer>
</qandaentry>
<qandaentry>
<question id="dec-pci-chipset">
<para>­þ¨Çºô¸ô¥d¬O¨Ï¥Î DEC PCI chipset¡H</para>
</question><answer>
<para>¥H¤U¬O Glen Foster <email>gfoster@driver.nsta.org</email>
´£¨Ñªº²M³æ¡G</para>
<table>
<title>Network cards based on the DEC PCI chipset</title>
<tgroup cols=2>
<thead>
<row>
<entry>Vendor</entry>
<entry>Model</entry>
</row>
</thead>
<tbody>
<row>
<entry>ASUS</entry>
<entry>PCI-L101-TB</entry>
</row>
<row>
<entry>Accton</entry>
<entry>ENI1203</entry>
</row>
<row>
<entry>Cogent</entry>
<entry>EM960PCI</entry>
</row>
<row>
<entry>Compex</entry>
<entry>ENET32-PCI</entry>
</row>
<row>
<entry>D-Link</entry>
<entry>DE-530</entry>
</row>
<row>
<entry>Dayna</entry>
<entry>DP1203, DP2100</entry>
</row>
<row>
<entry>DEC</entry>
<entry>DE435, DE450</entry>
</row>
<row>
<entry>Danpex</entry>
<entry>EN-9400P3</entry>
</row>
<row>
<entry>JCIS</entry>
<entry>Condor JC1260</entry>
</row>
<row>
<entry>Linksys</entry>
<entry>EtherPCI</entry>
</row>
<row>
<entry>Mylex</entry>
<entry>LNP101</entry>
</row>
<row>
<entry>SMC</entry>
<entry>EtherPower 10/100 (Model 9332)</entry>
</row>
<row>
<entry>SMC</entry>
<entry>EtherPower (Model 8432)</entry>
</row>
<row>
<entry>TopWare</entry>
<entry>TE-3500P</entry>
</row>
<row>
<entry>Znyx (2.2.x)</entry>
<entry>ZX312, ZX314, ZX342, ZX345, ZX346, ZX348</entry>
</row>
<row>
<entry>Znyx (3.x)</entry>
<entry>ZX345Q, ZX346Q, ZX348Q, ZX412Q, ZX414, ZX442, ZX444,
ZX474, ZX478, ZX212, ZX214 (10mbps/hd)</entry>
</row>
</tbody>
</tgroup>
</table>
</answer>
</qandaentry>
<qandaentry>
<question id="fqdn-hosts">
<para>¬°¤°»ò­n¥Î FQDN ¤~¯à³s¨ì¨ä¥L¾÷¾¹¡H</para>
</question>
<answer>
<para>§A¤]³\·|µo²{­n³sªº¾÷¾¹¨ä¹ê¬O¦b¥t¤@­Óºô°ì¡CÁ|­Ó¨Ò¤l¡A°²³]§A¬O¦b
foo.bar.edu ³o­Óºô°ì¤¤¡A·Q­n³s¨ì¦b¤@¥x¥s <hostid>mumble</hostid>
ªº¥D¾÷¡A¥L¦b <hostid role="domainname">example.org</hostid> ºô°ì¤U¡A
§A¥²¶·¥Î Fully-Qualified Domain Name <hostid
role="fqdn">mumble.example.org</hostid>¡A¦Ó¤£¬O¥u¥Î
<hostid>mumble</hostid>¡C</para>
<para>¶Ç²Îªº BSD BIND resolver ¤¹³\¥Î³oºØ¤è¦¡¸Ñ¥X¾÷¾¹ªº¦ì§}¡A¦ý¬O
FreeBSD ¤ºªþ <application>bind</application> (see &man.named.8;)
ª©¥»¤º©w¤è¦¡¡A«h¬O°£¤F§A©Ò¦bªººô°ì¥H¥~¡A¤£¤ä´©¨ä¥L«D FQDN ªºÁY¼g¡C
©Ò¥H¦p <hostid>mumble</hostid> ¥²¶·¦b <hostid
role="fqdn">mumble.foo.example.org</hostid>¡A§_«h´N·|±qºô°ìªº³Ì©³
¼h¶}©l§ä¡C</para>
<para>³o©M¥ý«eªº°µªk¤£¦P¡A¤]´N¬O¤£¥Î
<hostid role="domainname">mumble.example.org</hostid>¡A©M
<hostid role="domainname">mumble.edu</hostid> Ä~Äò·j´M¡C
¬Ý¤@¤U RFC 1535¡A¸Ì­±¦³´£¨ì¬°¤°»ò¤§«eªº°µªk¤£¦n¡A¬Æ¦Üºâ¬O­Ó¦w¥þ
º|¬}¡C</para>
<para>³o¸Ì¦³­Ó¤£¿ùªº¸Ñªk, §A¥i¥H¥[¤J¤@¦æ</para>
<programlisting>search foo.example.org example.org</programlisting>
<para>instead of the previous</para>
<programlisting>domain foo.example.org</programlisting>
<para>¦b§Aªº <filename>/etc/resolv.conf</filename> Àɮפ¤ (½Ð°Ñ¦Ò
&man.resolv.conf.5;)¡C¦ý¬O­n½T©w·j´M¶¶§Ç¤£·|¹H¤Ï RFC 1535 ©Ò¿×ªº
<quote>boundary between local and public administration</quote>¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="network-permission-denied">
<para>¬°¤°»ò§Ú¦b³s½u®É¤@ª½¥X²{
<errorname>Permission denied</errorname> ªº¿ù»~°T®§¡H</para>
</question>
<answer>
<para> ¦pªG¦b½sĶ kernel ®É¥[¤J <literal>IPFIREWALL</literal> ¿ï¶µ¡A
½Ðª`·N 2.1.7R ¤º©w¬O©Úµ´©Ò¦³¥¼¸g®Ö­ãªººô¸ô«Ê¥](¦ý¦b¶}µo
2.1-STABLE ®É§ï±¼¤F)¡C</para>
<para>I¦pªG¤£¤p¤ß§Ë¿ù¤F firewall ªº³]©w¡A§A¥i¥H¥H
<username>root</username> °õ¦æ¥H¤U©R¥Oºô¸ô¥\¯à´N·|«ì´_¥¿±`¡G</para>
<screen>&prompt.root; <userinput>ipfw add 65534 allow all from any to any</userinput></screen>
<para>¤]¥i¥H¦b <filename>/etc/rc.conf</filename> ¥[¤J
<literal>firewall_type="open"</literal> ªº¿ï¶µ¡C</para>
<para>¦pªG·Qª¾¹D¦p¦ó³]©w FreeBSD firewall¡A½Ð°Ñ¦Ò <ulink
URL="../handbook/firewalls.html">¤â¥U¤¤¬ÛÃö³¹¸`</ulink>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ipfw-overhead">
<para>IPFW ·|³y¦¨¦h¤jªººô¸ô©µ¿ð¡H</para>
</question>
<answer>
<para>½Ð°Ñ¦Ò¤â¥U¤¤ <ulink
url="../handbook/firewalls.html">Firewalls</ulink> ³¹¸`¡A¯S§O¬O
<ulink url="../handbook/firewalls.html#IPFW-OVERHEAD">IPFW
Overhead & Optimization</ulink> ³o¤@¬q¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ipfw-fwd">
<para>¬°¤°»ò§Úªº <command>ipfw</command> <quote>fwd</quote>
redirect ³W«h±NªA°ÈÂà¦V¨ä¥L¾÷¾¹®ÉµLªk¥¿±`¹B§@¡H</para>
</question>
<answer>
<para>¥i¯à¬O§A°£¤FÂà°e«Ê¥]¥H¥~ÁÙÃB¥~·Q¶i¦æ¦ì§}ÂàĶ
(network address translation, NAT)¡A<quote>fwd</quote> ³W«h©Ò¶i
¦æªº°Ê§@´N¦p¦P¦r­±©Ò¥Ü¡F¶ÈÂà°e«Ê¥]¡A¥¦¨Ã¤£·|¥h­×§ï«Ê¥]¤¤ªº¸ê®Æ¡C
°²³]§Ú­Ì¦³¦p¤Uªº³W«h¡G</para>
<screen>01000 fwd <replaceable>10.0.0.1</replaceable> from any to <replaceable>foo 21</replaceable></screen>
<para>·í¤@­Ó³q©¹¯S©w¥Ø¼Ð¦ì§} <replaceable>foo</replaceable> ªº«Ê¥]
°e¹F¥D¾÷®É¡A®Ú¾Ú³o±ø³W«h¡A«Ê¥]±N³QÂà°e¦Ü
<replaceable>10.0.0.1</replaceable>¡A¦ý¬O¥¦ªº¥Ø¼Ð¦ì§}«o¤´µM¬O
<replaceable>foo</replaceable>¡I«Ê¥]ªº¥Ø¼Ð¦ì§}¨Ã
<emphasis>¨S¦³</emphasis> §ó§ï¬°
<replaceable>10.0.0.1</replaceable>¡C¤j³¡¤Àªº¥D¾÷·|±N«Ê¥]¥á±ó¡A
¦]¬°¥L­Ì¨Ã¤£¬O³o­Ó¥Ø¼Ð¦ì§}¡C¦]¦¹¡A¨Ï¥Î <quote>fwd</quote> ³W«h
®É©¹©¹¤£¦p¨Ï¥ÎªÌ©Ò¹w´Áªº¨º¯ë¶¶§Q¡C³oºØ¦æ¬°¬O¨t²Î¯S©Ê¡A¦Ó«D¿ù»~¡C
</para>
<para>°Ñ¦Ò <link linkend="service-redirect">Ãö©óªA°ÈÂà¦Vªº±`¨£°Ý
µª¶°</link>¡A &man.natd.8; ¤â¥U¡A©ÎªÌ¬O¨Ï¥Î <ulink
url="../../../../ports/index.html">ports collection</ulink> ¤¤³\
¦hªA°ÈÂà¦Vªº¤u¨ã¨Ó¥¿½Tªº§¹¦¨§A·Q¶i¦æªº¤u§@¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="service-redirect">
<para>­n¦p¦ó§â¹ï¬Y¥x¾÷¾¹ªººô¸ôªA°È­n¨D(service request)Âà¦V¨ì¥t¤@¥x¡H
</para>
</question>
<answer>
<para>¦b ports ¥Ø¿ýªº<quote>sysutils</quote>¤ÀÃþ¤¤¦³­Ó¥s
<literal>socket</literal> ªº®M¥ó¡A¥i¥HÀ°§AÂà¦V FTP ©Î¨ä¥LÃþ¦üªº
ºô¸ôªA°È¡C¥u­n§â¸Óºô¸ôªA°Èªº©R¥O§ï¦¨©I¥s socket §Y¥i¡A¦p¤U©Ò¥Ü¡G
</para>
<programlisting>ftp stream tcp nowait nobody /usr/local/bin/socket socket <replaceable>ftp.example.com</replaceable> <replaceable>ftp</replaceable></programlisting>
<para>¨ä¤¤ <replaceable>ftp.example.com</replaceable> »P
<replaceable>ftp</replaceable> ¤À§O¬O³QÂà¨ìªº¾÷¾¹©M port ¦WºÙ¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bandwidth-mgr-tool">
<para>¨º¸Ì¥i¥H§ä¨ìºÞ²zÀW¼eªº¤u¨ã¡H</para>
</question>
<answer>
<para>FreeBSD ¤W¦³¤T®MÀW¼eºÞ²z¤u¨ã¡G &man.dummynet.4; ¤w¸g¾ã¦X¶i¤J
FreeBSD ¨t²Î(§ó¸Ô²Óªº¥Î³~, &man.ipfw.4;); <ulink
URL="http://www.csl.sony.co.jp/person/kjc/programs.html">ALTQ</ulink>
¥i¥H§K¶O¨Ï¥Î¡A<ulink
URL="http://www.etinc.com/">Emerging Technologies</ulink>
±À¥Xªº Bandwidth Manager «h¬O°Ó¥Î³nÅé¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bpf-not-configured">
<para>«ç»ò·|¶]¥X
<errorname>/dev/bpf0: device not configured</errorname>³o­Ó°T®§¡H
</para>
</question>
<answer>
<para>§A°õ¦æ¤F¤@­Ó»Ý­n¬f§JµÜ«Ê¥]¹LÂo¾¹ (Berkeley Packet Filter) ªº
µ{¦¡ (&man.bpf.4;)¡A¦ý¬O§A¦b kernel ¤¤¨S¦³±Ò°Ê¥¦¡C§â¤U­±³o¤@¦æ¥[
¤J kernel ³]©wÀɤ¤¡A½sĶ¤@­Ó·sªº kernel¡G</para>
<programlisting>pseudo-device bpf # Berkeley Packet Filter</programlisting>
<para>¦b­«·s¶}¾÷¤§«á¡AÁÙ­n°µ¥X device node¡A¦b
<filename>/dev</filename> ¤U°õ¦æ¡G</para>
<screen>&prompt.root; <userinput>sh MAKEDEV bpf0</userinput></screen>
<para>¦pªG·Q­n§ó¶i¤@¨Bª¾¹D¦p¦ó°µ¥X¦UºØ device node¡A½Ð°Ñ¾\ <ulink
URL="../handbook/kernelconfig-nodes.html">Handbook Ãö©ó¶gÃä¸`ÂIªº»¡©ú</ulink>
¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="mount-smb-share">
<para>§Ú­n«ç¼Ë¤~¯à±N Windows ¾÷¾¹¤¤ªººÏºÐ±¾¤J¨t²Î, ´N¹³ Linux ´£¨Ñ
ªº smbmount ¨º¼Ë¡H</para>
</question>
<answer>
<para>¨Ï¥Î <application>SMBFS</application> ¤u¨ã²Õ¡C³o®M¤u¨ã²Õ¤¤
¥]§t¤F¤@¨t¦Cªº kernel ­×§ïÁÙ¦³¨Ï¥ÎªÌªº¤u¨ãµ{¦¡(userland programs)¡C
³o¨Çµ{¦¡©M¸ê°T¦b ports ¦¬Âä¤
<filename role="package">net/smbfs</filename> ¤U¥i¥H§ä¨ì¡C¦b
4.5-RELEASE ¤§«áªºª©¥»«h¬O¨t²Î¤¤¤º«Ø¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="icmp-response-bw-limit">
<para>§Ú¦b¨t²Î¤é»x¤¤µo²{¥H¤U°T®§¡G
<quote>icmp-response bandwidth limit 300/200 pps</quote>¡A³o¬O
½¼¦Ì¸J¿|¡H</para>
</question>
<answer>
<para>³o¬O¨t²Î®Ö¤ß§i¶D§A¦³¬Y¨Ç¬¡°Ê¤Þµo¥¦°e¥X¤ñ¥¦©Ò»{¬°À³¸Ó°e¥X§ó
¦hªº ICMP ©Î TCP ­«¸m°T®§ (RST)¡CICMP ¦^À³°T®§±`±`¬O¦]¬°¦³¤H¹Á
¸Õ³s±µ¥¼³Q¨Ï¥Îªº UDP ³q°T°ð¡CTCP ­«¸m°T®§«h¬O¦³¤H¹Á¸Õ³s±µ¥¼¶}
©ñ TCP ³q°T°ð³y¦¨ªºµ²ªG¡C¥H¤U³o¨Ç¬¡°Ê¥i¯à´N¬O³y¦¨³o¨Ç°T®§ªº­ì¦]¡G
</para>
<itemizedlist>
<listitem>
<para>¼É¤OªkªºªA°È²Õµ´§ðÀ»(DoS)¤è¦¡
(¬Û¸û©ó°w¹ï¯S®í®zÂI¨Ï¥Î³æ¤@«Ê¥]ªº§ðÀ»¤è¦¡)¡C</para>
</listitem>
<listitem>
<para>¤j¶qªº³q°T°ð±½´y(¬Û¸û©ó¶È¹Á¸Õ¤Ö¼Æªº±`¨£ªA°È³q°T°ð)¡C</para>
</listitem>
</itemizedlist>
<para>¥X²{ªº¼Æ¦r¤¤²Ä¤@­Ó¥Nªí®Ú¾Ú³o¨Ç¬y¶q kernel À³¸Ó°e¥Xªº«Ê¥]¼Æ¡A
²Ä¤G­Ó¼Æ¦r«h¬O kernel ¥Ø«e­­¨î³Ì¤jµo°e¼Æ¡C§A¥i¥H§Q¥Î sysctl ­×§ï
<varname>net.inet.icmp.icmplim</varname> ÅܼƭȨӧó§ï³Ì¤j­È¡CÁ|
¨Ò¨Ó»¡,¦pªG§Æ±æ­×§ï­­¨î¬° <literal>300</literal> packets per
second¡G</para>
<screen>&prompt.root; <userinput>sysctl -w net.inet.icmp.icmplim=300</userinput></screen>
<para>¦pªG§A¤£·Q¦b¨t²Î¬ö¿ý¤¤¬Ý¨ì³o¨Ç°T®§¡A¦ý¬O¤´µM§Æ±æ«O«ù¦^À³ªº­­
¨îªº¸Ü¡A§A¥i¥H§Q¥Î sysctl ­×§ï
<varname>net.inet.icmp.icmplim_output</varname> ÅܼƨӨú®ø³o¨Ç°T
®§¡G</para>
<screen>&prompt.root; <userinput>sysctl -w net.inet.icmp.icmplim_output=0</userinput></screen>
<para>³Ì«á¡A¦pªG§A·Q¨ú®ø³o¨Ç­­¨îªº¸Ü¡A§A¥i¥H³]©w
<varname>net.inet.icmp.icmplim</varname> (¦p¤W¨Ò©Ò¥Ü) ¬°
<literal>0</literal>¡C°ò©ó¤W­z²z¥Ñ¡A§Ú­Ì¤£«Øij§A¨ú®ø³o¨Ç­­¨î¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="unknown-hw-addr-format">
<para>³o­Ó¿ù»~°T®§
<errorname>arp: unknown hardware address format</errorname>
¬O¤°»ò·N«ä¡H</para>
</question>
<answer>
<para>³o¥Nªí§Aªº°Ï°ìºô¸ô³s½u¤W¦³¤@¨Ç³]³Æ¨Ï¥Î FreeBSD ¬Ý¤£À´±o MAC
®æ¦¡¡C³o³q±`¬O¥Nªí¦³¤H¦b§Aªº°Ï°ìºô¸ô¤W¶i¦æ¹êÅç¡A³Ì±`¨£ªº´N¬O
cable modem ªº³s½u¡C³o°T®§µL®`¡A¦Ó¥BÀ³¸Ó¤£¦Ü©ó¼vÅT¨ì FreeBSD ¥D
¾÷ªº®Ä¯à¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="cvsup-missing-libs">
<para>§Ú­è­è¸Ë¦n CVSup ®M¥ó¡A¦ý¬O¦b¹Á¸Õ°õ¦æ®Éµo¥Í¤F¿ù»~¡A­n«ç»ò¿ì¡H
</para>
</question>
<answer>
<para>­º¥ý¡A¬Ý¬Ý¿ù»~ªº°T®§¬O§_¦p¤U¡G</para>
<programlisting>/usr/libexec/ld-elf.so.1: Shared object "libXaw.so.6" not found</programlisting>
<para>³oºØ¿ù»~°T®§¥Nªí§A¥D¾÷¤W¦w¸Ëªº
<filename role="package">net/cvsup</filename> ¨S¦³¥]§t
<application>XFree86</application> ®M¥ó¡C¦pªG§A·Q­n¨Ï¥Î
<application>CVSup</application> ¤º«Øªº¹Ï§Î¤¶­±
<acronym>GUI</acronym> ªº¸Ü¡A§A»Ý­n¦w¸Ë
<application>XFree86</application>¡C¦¹¥~¡A¦pªG§A¥u·Q¥H©R¥O¦C¤è
¦¡¨Ï¥Î <application>CVSup</application> ªº¸Ü¡A§AÀ³¸Ó¥ý²¾°£¤§«e
¦w¸Ëªº®M¥ó¡C¨Ã¦w¸Ë
<filename role="package">net/cvsup-without-gui</filename> ³o®M
³nÅé¡C¦b FreeBSD ¤â¥U¤¤ <ulink
url="http://www.freebsd.org/handbook/cvsup.html">CVSup</ulink>
¬q¸¨¤¤¦³§ó¸Ô²Óªº»¡©ú¡C</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="security">
<chapterinfo>
<author>
<firstname>Biing Jong</firstname>
<surname>Lin</surname>
<affiliation>
<address><email>bjlin@stic.gov.tw</email></address>
</affiliation>
</author>
</chapterinfo>
<title>Security</title>
<qandaset>
<qandaentry>
<question id="extra-named-port">
<para>BIND (<command>named</command>) °£¤F¦b³q°T°ð 53 ¥H¥~¤]¦b
¨ä¥L°ª½s¸¹³q°T°ð (high-numbered port) ²âÅ¥ (Listen)¡C
³o¬O«ç»ò¦^¨Æ¡H</para>
</question>
<answer>
<para>FreeBSD 3.0 «áªºª©¥»¨Ï¥Î¤@­Ó¯S®íªº BIND ª©¥»¡A³o­Óª©¥»·|¨Ï
¥ÎÀH¾÷ªº°ª½s¸¹³q°T°ð¨Ó¦^À³¥~³¡ªº¬d¸ß¡C¦pªG§A¦]¬°­n¾A¦X¨¾¤õÀðªº
³]©w©Î¬O³æ¯Âªº·QÅý¦Û¤v¬Ý¨ÓµÎªA¤@ÂI¦Ó·Q¥Î 53 ³q°T°ð¦^À³¥~³¡¬d¸ß¡A
¨º»ò§A¥i¥H¹Á¸Õ§ó§ï¥H¤UÀɮ׬ÛÃö¤º®e
<filename>/etc/namedb/named.conf</filename>¡G</para>
<programlisting>options {
query-source address * port 53;
};</programlisting>
<para>§A¤]¥i¥H±N <literal>*</literal> §ó§ï¬°¯S©w IP address¡A
ÂÇ¥H¥[±j±±¨î±ø¥ó¡C</para>
<para>¶¶«K®¥³ß§A¡C¯à°÷Ū¨ú§A¨t²Î¤Wªº &man.sockstat.1; ³ø§i¨Ã¥Bª`·N
¤£¥¿±`ª¬ªp¬O¤@¥ó¦n¨Æ¡I</para>
</answer>
</qandaentry>
<qandaentry>
<question id="sendmail-port-587">
<para>Sendmail °£¤F¦b¼Ð·Çªº³q°T°ð 25 ¥~¤]¦b³q°T°ð 587 ²âÅ¥¡I³o¬O«ç
»ò¦^¨Æ¡H</para>
</question>
<answer>
<para>¸û·sª©¥»ªº Sendmail ¤ä´© mail submission ³o¶µ¥\¯à¡A¨Ã¥B¨Ï
¥Î³q°T°ð 587¡C³o¶µ¥\¯àÁÙ¨S¦³³Q¼sªx¤ä´©¦ý¬O¤ä´©ªº¼Æ¥Ø¥¿¦b¼Wªø
¤¤¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="toor-account">
<para>§Úµo²{¤F³o­Ó UID 0 <username>toor</username> ±b¸¹¡A³o¬O¤°»ò
¸J¿|¡H§Ú³Q¶Â±¼¤F¶Ü¡H</para>
</question>
<answer>
<para>©ñ¤ß¡C<username>toor</username> ¬O¤@­Ó
<quote>alternative</quote> ºÞ²zªÌ±b¸¹ (toor ¬O root ªºÂà¦V«÷ªk)¡C
¥H©¹¬O¸òÀH &man.bash.1; ¦w¸Ë¦Ó«Ø¨îªº¡A«á¨Ó«h¦¨¬°¨t²Î¤º©w«Ø¨îªº¤@
­Ó±b¸¹¡C³o­Ó±b¸¹±N¦ñÀH¤@­Ó«D¼Ð·Çªº shell ´ú¸Õ¨Ï¥Î¡A Åý§A¤£»Ý­n¥h
§ó§ï¨ì <username>root</username> ªº¤º«Ø shell¡C¦]¬°³o¨Ç¨ä¥Lªº shell
¨Ã¨S¦³¸òÀH¨t²Î¹w³]­È¦w¸Ë (Á|¨Ò¨Ó»¡¡A¬Y¨Ç¥Ñ ports ¦w¸Ëªº
shell package)¡A¦Ó³Q¤º©w¦w¸Ë¦b <filename>/usr/local/bin</filename>
¥Ø¿ý¤U¡A¦³¥i¯à¦s¦b¤£¦PªºÀɮרt²Î¤¤¡C ­Õ­Y <username>root</username>
ªº shell ³Q©ñ¦b <filename>/usr/local/bin</filename>¡A¥B
<filename>/usr</filename> (©Î¬O¨ä¥L¥]§tµÛ
<filename>/usr/local/bin</filename> ³o­Ó¤l¥Ø¿ýªºÀɮרt²Î)
¦]¬°¬Y¨Ç­ì¦]¨Ã¨S¦³³Q¥¿±`ªº mount °_¨Óªº¸Ü¡A<username>root</username>
±NµLªk¥¿±`ªºµn¤J¨t²Î¶i¦æºû­× (ÁöµM»¡§A­«¶}¾÷¦¨³æ¤H¼Ò¦¡´N·|°Ý§A­n
¸ü¤J­þ­Ó shell)¡C</para>
<para>¦³¨Ç¤H¨Ï¥Î <username>toor</username> ±b¸¹¶i¦æ¨C¤éªº
<username>root</username> ºûÅ@¤u§@¡A¦p¦¹¥i¥H¨Ï¥Î«D¼Ð·Çªº
shell¡A¦Ó <username>root</username> ¥i¥H«O¯d¼Ð·Ç shell¡A
¥H¦]À³³æ¤@¨Ï¥ÎªÌ¼Ò¦¡ (single user mode) ©Îºò«æª¬ªp³B²z¡C
¨Ì·Ó¨t²Î¤º©w­È¡A§A±NµLªk¨Ï¥Î <username>toor</username> µn¤J¡A
¦]¬°³o­Ó±b¸¹©|¥¼§ó§ï±K½X³]©w¡C¦]¦¹§A¦pªG§A·Q±Ò°Ê³o­Ó±b¸¹¡A§A»Ý­n
¨Ï¥Î <username>root</username> µn¤J¨t²Î¨Ã¥B­×§ï
<username>toor</username> ªº±K½X¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="suidperl">
<para>¬°¤°»ò <command>suidperl</command> µLªk¥¿±`¹B§@¡H</para>
</question>
<answer>
<para>¦]¬°¬Y¨Ç¦w¥þªº¦Ò¡A<command>suidperl</command> ¤º©wªº¦w¸Ë
¨Ã¨S¦³³]©w suid bit¡C¨t²ÎºÞ²zªÌ¥i¥H¨Ì·Ó¥H¤U©R¥O±Ò°Ê suid ³]©w¡C
</para>
<screen>&prompt.root; <userinput>chmod u+s /usr/bin/suidperl</userinput></screen>
<para>¦pªG§A·Q­n¦b¥Ñ source ¤É¯Å®É <command>suidperl</command> ¤º©w
±Ò°Ê suid ¥\¯àªº¸Ü¡A½s¿è <filename>/etc/make.conf</filename> ¥[¤J
<varname>ENABLE_SUIDPERL=true</varname> µM«á°õ¦æ
<command>make buildworld</command>¡C</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="ppp">
<title>PPP</title>
<qandaset>
<qandaentry>
<question id="userppp">
<para>I cannot make &man.ppp.8; work. What am I doing wrong?</para>
</question>
<answer>
<para>You should first read the
&man.ppp.8;
man page and the <ulink
URL="../handbook/ppp-and-slip.html#USERPPP">
PPP section of the handbook</ulink>. Enable logging with
the command</para>
<programlisting>set log Phase Chat Connect Carrier lcp ipcp ccp command</programlisting>
<para>This command may be typed at the
&man.ppp.8; command prompt or it may be
entered in the <filename>/etc/ppp/ppp.conf</filename>
configuration file (the start of the
<literal>default</literal> section is the best
place to put it). Make sure that
<filename>/etc/syslog.conf</filename> (see &man.syslog.conf.5;) contains the lines</para>
<programlisting>!ppp
*.* /var/log/ppp.log</programlisting>
<para>and that the file <filename>/var/log/ppp.log</filename>
exists. You can now find out a lot about what is going on
from the log file. Do not worry if it does not all make sense.
If you need to get help from someone, it may make sense to
them.</para>
<para>If your version of &man.ppp.8; does not understand the
<command>set log</command> command, you should download the
<ulink URL="http://people.FreeBSD.org/~brian/">
latest version</ulink>. It will build on FreeBSD version
2.1.5 and higher.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-hangs">
<para>Why does &man.ppp.8; hang when I run it?</para>
</question>
<answer>
<para>This is usually because your hostname will not resolve.
The best way to fix this is to make sure that
<filename>/etc/hosts</filename> is consulted by your
resolver first by editing <filename>/etc/host.conf</filename>
and putting the <literal>hosts</literal> line first. Then,
simply put an entry in <filename>/etc/hosts</filename> for
your local machine. If you have no local network, change your
<hostid>localhost</hostid> line:</para>
<programlisting>127.0.0.1 foo.bar.com foo localhost</programlisting>
<para>Otherwise, simply add another entry for your host.
Consult the relevant man pages for more details.</para>
<para>You should be able to successfully
<command>ping -c1 `hostname`</command> when you are done.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-nodial-auto">
<para>Why will &man.ppp.8; not dial in <literal>-auto</literal>
mode?</para>
</question>
<answer>
<para>First, check that you have got a default route. By running
<command>netstat -rn</command> (see &man.netstat.1;), you should see two entries like this:</para>
<programlisting>Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.2 UGSc 0 0 tun0
10.0.0.2 10.0.0.1 UH 0 0 tun0</programlisting>
<para>This is assuming that you have used the addresses from the
handbook, the man page or from the ppp.conf.sample file.
If you do not have a default route, it may be because you are
running an old version of &man.ppp.8;
that does not understand the word <literal>HISADDR</literal>
in the ppp.conf file. If your version of
&man.ppp.8; is from before FreeBSD
2.2.5, change the</para>
<programlisting>add 0 0 HISADDR</programlisting>
<para>line to one saying</para>
<programlisting>add 0 0 10.0.0.2</programlisting>
<para>Another reason for the default route line being missing
is that you have mistakenly set up a default router in your
<filename>/etc/rc.conf</filename> (see &man.rc.conf.5;) file (this file was called
<filename>/etc/sysconfig</filename> prior to release 2.2.2),
and you have omitted the line saying</para>
<programlisting>delete ALL</programlisting>
<para>from <filename>ppp.conf</filename>. If this is the case,
go back to the <ulink
URL="../handbook/ppp-and-slip.html#USERPPP-FINAL">
Final system configuration</ulink> section of the
handbook.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="no-route-to-host">
<para>What does <errorname>No route to host</errorname> mean?</para>
</question>
<answer>
<para>This error is usually due to a missing</para>
<programlisting>MYADDR:
delete ALL
add 0 0 HISADDR</programlisting>
<para>section in your <filename>/etc/ppp/ppp.linkup</filename>
file. This is only necessary if you have a dynamic IP address
or do not know the address of your gateway. If you are using
interactive mode, you can type the following after entering
<literal>packet mode</literal> (packet mode is
indicated by the capitalized <acronym>PPP</acronym> in the
prompt):</para>
<programlisting>delete ALL
add 0 0 HISADDR</programlisting>
<para>Refer to the <ulink
URL="../handbook/ppp-and-slip.html#USERPPP-DYNAMICIP">
PPP and Dynamic IP addresses</ulink> section of the handbook
for further details.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="connection-threeminutedrop">
<para>Why does my connection drop after about 3 minutes?</para>
</question>
<answer>
<para>The default PPP timeout is 3 minutes. This can be
adjusted with the line</para>
<programlisting>set timeout <replaceable>NNN</replaceable></programlisting>
<para>where <replaceable>NNN</replaceable> is the number of
seconds of inactivity before the connection is closed. If
<replaceable>NNN</replaceable> is zero, the connection is never
closed due to a timeout. It is possible to put this command in
the <filename>ppp.conf</filename> file, or to type it at the
prompt in interactive mode. It is also possible to adjust it on
the fly while the line is active by connecting to
<application>ppp</application>s server socket using
&man.telnet.1; or &man.pppctl.8;.
Refer to the
&man.ppp.8; man
page for further details.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-drop-heavy-load">
<para>Why does my connection drop under heavy load?</para>
</question>
<answer>
<para>If you have Link Quality Reporting (LQR) configured,
it is possible that too many LQR packets are lost between
your machine and the peer. Ppp deduces that the line must
therefore be bad, and disconnects. Prior to FreeBSD version
2.2.5, LQR was enabled by default. It is now disabled by
default. LQR can be disabled with the line</para>
<programlisting>disable lqr</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-drop-random">
<para>Why does my connection drop after a random amount of
time?</para>
</question>
<answer>
<para>Sometimes, on a noisy phone line or even on a line with
call waiting enabled, your modem may hang up because it
thinks (incorrectly) that it lost carrier.</para>
<para>There is a setting on most modems for determining how
tolerant it should be to temporary losses of carrier. On a
USR Sportster for example, this is measured by the S10
register in tenths of a second. To make your modem more
forgiving, you could add the following send-expect sequence
to your dial string:</para>
<programlisting>set dial "...... ATS10=10 OK ......"</programlisting>
<para>Refer to your modem manual for details.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-hangs-random">
<para>Why does my connection hang after a random amount of
time?</para>
</question><answer>
<para>Many people experience hung connections with no apparent
explanation. The first thing to establish is which side of
the link is hung.</para>
<para>If you are using an external modem, you can simply try
using &man.ping.8; to see if the
<acronym>TD</acronym> light is flashing when you transmit data.
If it flashes (and the <acronym>RD</acronym> light does not),
the problem is with the remote end. If <acronym>TD</acronym>
does not flash, the problem is local. With an internal modem,
you will need to use the <literal>set server</literal> command in
your <filename>ppp.conf</filename> file. When the hang occurs,
connect to &man.ppp.8; using &man.pppctl.8;. If your network connection
suddenly revives (PPP was revived due to the activity on the
diagnostic socket) or if you cannot connect (assuming the
<literal>set socket</literal> command succeeded at startup
time), the problem is local. If you can connect and things are
still hung, enable local async logging with <literal>set log
local async</literal> and use &man.ping.8; from
another window or terminal to make use of the link. The async
logging will show you the data being transmitted and received
on the link. If data is going out and not coming back, the
problem is remote.</para>
<para>Having established whether the problem is local or remote,
you now have two possibilities:</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-remote-not-responding">
<para>The remote end is not responding. What can I do?</para>
</question>
<answer>
<para>There is very little you can do about this. Most ISPs
will refuse to help if you are not running a Microsoft OS.
You can <literal>enable lqr</literal> in your
<filename>ppp.conf</filename> file, allowing &man.ppp.8; to detect
the remote failure and hang up, but this detection is
relatively slow and therefore not that useful. You may want to
avoid telling your ISP that you are running user-PPP...</para>
<para>First, try disabling all local compression by adding the
following to your configuration:</para>
<programlisting>disable pred1 deflate deflate24 protocomp acfcomp shortseq vj
deny pred1 deflate deflate24 protocomp acfcomp shortseq vj</programlisting>
<para>Then reconnect to ensure that this makes no difference.
If things improve or if the problem is solved completely,
determine which setting makes the difference through trial
and error. This will provide good ammunition when you contact
your ISP (although it may make it apparent that you are not
running a Microsoft product).</para>
<para>Before contacting your ISP, enable async logging locally
and wait until the connection hangs again. This may use up
quite a bit of disk space. The last data read from the port
may be of interest. It is usually ascii data, and may even
describe the problem
(<quote>Memory fault, core dumped</quote>?).</para>
<para>If your ISP is helpful, they should be able to enable
logging on their end, then when the next link drop occurs,
they may be able to tell you why their side is having a
problem. Feel free to send the details to &a.brian;, or
even to ask your ISP to contact me directly.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-hung">
<para>&man.ppp.8; has hung. What can I do?</para>
</question>
<answer>
<para>Your best bet here is to rebuild &man.ppp.8; by adding
<literal>CFLAGS+=-g</literal> and <literal>STRIP=</literal>
to the end of the Makefile, then doing a
<command>make clean &amp;&amp; make &amp;&amp; make
install</command>. When &man.ppp.8; hangs, find the &man.ppp.8; process id
with <command>ps ajxww | fgrep ppp</command> and run
<command>gdb ppp <replaceable>PID</replaceable></command>.
From the gdb prompt, you can then use <command>bt</command>
to get a stack trace.</para>
<para>Send the results to <email>brian@Awfulhak.org</email>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-loginok-thennothing">
<para>Why does nothing happen after the <quote>Login OK!</quote>
message?</para>
</question>
<answer>
<para>Prior to FreeBSD version 2.2.5, once the link was
established, &man.ppp.8;
would wait for the peer to initiate the Line Control Protocol
(LCP). Many ISPs will not initiate negotiations and expect
the client to do so. To force
&man.ppp.8; to initiate the LCP, use the
following line:</para>
<programlisting>set openmode active</programlisting>
<note>
<para>It usually does no
harm if both sides initiate negotiation, so openmode is now
active by default. However, the next section explains when
it <emphasis>does</emphasis> do some harm.</para>
</note>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-same-magic">
<para>I keep seeing errors about magic being the same. What does
it mean?</para>
</question>
<answer>
<para>Occasionally, just after connecting, you may see messages
in the log that say <quote>magic is the same</quote>.
Sometimes, these messages are harmless, and sometimes one side
or the other exits. Most PPP implementations cannot survive
this problem, and even if the link seems to come up, you will see
repeated configure requests and configure acknowledgments in
the log file until &man.ppp.8; eventually gives up and closes the
connection.</para>
<para>This normally happens on server machines with slow disks
that are spawning a getty on the port, and executing &man.ppp.8; from
a login script or program after login. I have also heard reports
of it happening consistently when using slirp. The reason is
that in the time taken between &man.getty.8; exiting and &man.ppp.8; starting,
the client-side &man.ppp.8; starts sending Line Control Protocol (LCP)
packets. Because ECHO is still switched on for the port on
the server, the client &man.ppp.8; sees these packets
<quote>reflect</quote> back.</para>
<para>One part of the LCP negotiation is to establish a magic
number for each side of the link so that
<quote>reflections</quote> can be detected. The protocol says
that when the peer tries to negotiate the same magic number, a
NAK should be sent and a new magic number should be chosen.
During the period that the server port has ECHO turned on, the
client &man.ppp.8; sends LCP packets, sees the same magic in the
reflected packet and NAKs it. It also sees the NAK reflect
(which also means &man.ppp.8; must change its magic). This produces a
potentially enormous number of magic number changes, all of
which are happily piling into the server's tty buffer. As soon
as &man.ppp.8; starts on the server, it is flooded with magic number
changes and almost immediately decides it has tried enough to
negotiate LCP and gives up. Meanwhile, the client, who no
longer sees the reflections, becomes happy just in time to see
a hangup from the server.</para>
<para>This can be avoided by allowing the peer to start
negotiating with the following line in your ppp.conf
file:</para>
<programlisting>set openmode passive</programlisting>
<para>This tells &man.ppp.8; to wait for the server to initiate LCP
negotiations. Some servers however may never initiate
negotiations. If this is the case, you can do something
like:</para>
<programlisting>set openmode active 3</programlisting>
<para>This tells &man.ppp.8; to be passive for 3 seconds, and then to
start sending LCP requests. If the peer starts sending
requests during this period, &man.ppp.8; will immediately respond
rather than waiting for the full 3 second period.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-lcp-constant">
<para>LCP negotiations continue until the connection is
closed. What is wrong?</para>
</question>
<answer>
<para>There is currently an implementation mis-feature in
&man.ppp.8; where it does not associate
LCP, CCP &amp; IPCP responses with their original requests. As
a result, if one PPP
implementation is more than 6 seconds slower than the other
side, the other side will send two additional LCP configuration
requests. This is fatal.</para>
<para>Consider two implementations,
<hostid>A</hostid> and
<hostid>B</hostid>. <hostid>A</hostid> starts
sending LCP requests immediately after connecting and
<hostid>B</hostid> takes 7 seconds to start. When
<hostid>B</hostid> starts, <hostid>A</hostid>
has sent 3 LCP REQs. We are assuming the line has ECHO switched
off, otherwise we would see magic number problems as described in
the previous section. <hostid>B</hostid> sends a
REQ, then an ACK to the first of
<hostid>A</hostid>'s REQs. This results in
<hostid>A</hostid> entering the <acronym>OPENED</acronym>
state and sending and ACK (the first) back to
<hostid>B</hostid>. In the meantime,
<hostid>B</hostid> sends back two more ACKs in response to
the two additional REQs sent by <hostid>A</hostid>
before <hostid>B</hostid> started up.
<hostid>B</hostid> then receives the first ACK from
<hostid>A</hostid> and enters the
<acronym>OPENED</acronym> state.
<hostid>A</hostid> receives the second ACK from
<hostid>B</hostid> and goes back to the
<acronym>REQ-SENT</acronym> state, sending another (forth) REQ
as per the RFC. It then receives the third ACK and enters the
<acronym>OPENED</acronym> state. In the meantime,
<hostid>B</hostid> receives the forth REQ from
<hostid>A</hostid>, resulting in it reverting to the
<acronym>ACK-SENT</acronym> state and sending
another (second) REQ and (forth) ACK as per the RFC.
<hostid>A</hostid> gets the REQ, goes into
<acronym>REQ-SENT</acronym> and sends another REQ. It
immediately receives the following ACK and enters
<acronym>OPENED</acronym>.</para>
<para>This goes on until one side figures out that they are
getting nowhere and gives up.</para>
<para>The best way to avoid this is to configure one side to be
<literal>passive</literal> - that is, make one side
wait for the other to start negotiating. This can be done
with the</para>
<programlisting>set openmode passive</programlisting>
<para>command. Care should be taken with this option. You
should also use the</para>
<programlisting>set stopped N</programlisting>
<para>command to limit the amount of time that
&man.ppp.8; waits for the peer to begin
negotiations. Alternatively, the</para>
<programlisting>set openmode active N</programlisting>
<para>command (where <replaceable>N</replaceable> is the
number of seconds to wait before starting negotiations) can be
used. Check the manual page for details.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-lockups">
<para>Why does &man.ppp.8; lock up shortly after connection?</para>
</question>
<answer>
<para>Prior to version 2.2.5 of FreeBSD, it was possible that
your link was disabled shortly after connection due to
&man.ppp.8; mis-handling Predictor1
compression negotiation. This would only happen if both sides
tried to negotiate different Compression Control Protocols
(CCP). This problem is now corrected, but if you are still
running an old version of &man.ppp.8;
the problem can be circumvented with the line</para>
<programlisting>disable pred1</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-shell-test-lockup">
<para>Why does &man.ppp.8; lock up when I shell out to test it?</para>
</question>
<answer>
<para>When you execute the <command>shell</command> or
<command>!</command> command, &man.ppp.8; executes a
shell (or if you have passed any arguments,
&man.ppp.8; will execute those arguments). Ppp will
wait for the command to complete before continuing. If you
attempt to use the PPP link while running the command, the link
will appear to have frozen. This is because
&man.ppp.8; is waiting for the command to
complete.</para>
<para>If you wish to execute commands like this, use the
<command>!bg</command> command instead. This will execute
the given command in the background, and &man.ppp.8; can continue to
service the link.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-nullmodem">
<para>Why does &man.ppp.8; over a null-modem cable never exit?</para>
</question>
<answer>
<para>There is no way for &man.ppp.8; to
automatically determine that a direct connection has been
dropped. This is due to the lines that are used in a
null-modem serial cable. When using this sort of connection,
LQR should always be enabled with the line</para>
<programlisting>enable lqr</programlisting>
<para>LQR is accepted by default if negotiated by the peer.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-auto-noreasondial">
<para>Why does &man.ppp.8; dial for no reason in -auto mode?</para>
</question><answer>
<para>If &man.ppp.8; is dialing
unexpectedly, you must determine the cause, and set up Dial
filters (dfilters) to prevent such dialing.</para>
<para>To determine the cause, use the following line:</para>
<programlisting>set log +tcp/ip</programlisting>
<para>This will log all traffic through the connection. The
next time the line comes up unexpectedly, you will see the
reason logged with a convenient timestamp next to it.</para>
<para>You can now disable dialing under these circumstances.
Usually, this sort of problem arises due to DNS lookups. To
prevent DNS lookups from establishing a connection (this will
<emphasis>not</emphasis> prevent
&man.ppp.8; from passing the packets
through an established connection), use the following:</para>
<programlisting>set dfilter 1 deny udp src eq 53
set dfilter 2 deny udp dst eq 53
set dfilter 3 permit 0/0 0/0</programlisting>
<para>This is not always suitable, as it will effectively break
your demand-dial capabilities - most programs will need a DNS
lookup before doing any other network related things.</para>
<para>In the DNS case, you should try to determine what is
actually trying to resolve a host name. A lot of the time,
&man.sendmail.8; is the culprit. You should make sure that
you tell sendmail not to do any DNS lookups in its
configuration file. See the section on
<link linkend="ispmail">Mail Configuration</link> for details
on how to create your own configuration file and what should
go into it. You may also want to add the following line to
your <filename>.mc</filename> file:</para>
<programlisting>define(`confDELIVERY_MODE', `d')dnl</programlisting>
<para>This will make sendmail queue everything until the queue
is run (usually, sendmail is invoked with
<option>-bd -q30m</option>, telling it to run the queue every
30 minutes) or until a <command>sendmail -q</command> is done
(perhaps from your ppp.linkup file).</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ccp-errors">
<para>What do these CCP errors mean?</para>
</question>
<answer>
<para>I keep seeing the following errors in my log file:</para>
<programlisting>CCP: CcpSendConfigReq
CCP: Received Terminate Ack (1) state = Req-Sent (6)</programlisting>
<para>This is because &man.ppp.8; is trying to negotiate Predictor1
compression, and the peer does not want to negotiate any
compression at all. The messages are harmless, but if you
wish to remove them, you can disable Predictor1 compression
locally too:</para>
<programlisting>disable pred1</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-lockup-ioerrors">
<para>Why does &man.ppp.8; lock up during file transfers with IO
errors?</para>
</question>
<answer>
<para>Under FreeBSD 2.2.2 and before, there was a bug in the
tun driver that prevents incoming packets of a size larger
than the tun interface's MTU size. Receipt of a packet
greater than the MTU size results in an IO error being logged
via syslogd.</para>
<para>The PPP specification says that an MRU of 1500 should
<emphasis>always</emphasis> be accepted as a minimum,
despite any LCP negotiations, therefore it is possible that
should you decrease the MTU to less than 1500, your ISP will
transmit packets of 1500 regardless, and you will tickle this
non-feature - locking up your link.</para>
<para>The problem can be circumvented by never setting an MTU of
less than 1500 under FreeBSD 2.2.2 or before.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-connectionspeed">
<para>Why does &man.ppp.8; not log my connection speed?</para>
</question>
<answer>
<para>In order to log all lines of your modem
<quote>conversation</quote>, you must enable the
following:</para>
<programlisting>set log +connect</programlisting>
<para>This will make &man.ppp.8; log
everything up until the last requested <quote>expect</quote>
string.</para>
<para>If you wish to see your connect speed and are using PAP
or CHAP (and therefore do not have anything to
<quote>chat</quote> after the CONNECT in the dial script - no
<literal>set login</literal> script), you must make sure that
you instruct &man.ppp.8; to <quote>expect</quote> the whole CONNECT
line, something like this:</para>
<programlisting>set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 4 \
\"\" ATZ OK-ATZ-OK ATDT\\T TIMEOUT 60 CONNECT \\c \\n"</programlisting>
<para>Here, we get our CONNECT, send nothing, then expect a
line-feed, forcing &man.ppp.8; to read
the whole CONNECT response.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-ignores-backslash">
<para>Why does &man.ppp.8; ignore the <literal>\</literal> character
in my chat script?</para>
</question><answer>
<para>Ppp parses each line in your config files so that it can
interpret strings such as
<literal>set phone "123 456 789"</literal> correctly (and
realize that the number is actually only
<emphasis>one</emphasis> argument. In order to specify a
<literal>&quot;</literal> character, you must escape it
using a backslash (<literal>\</literal>).</para>
<para>When the chat interpreter parses each argument, it
re-interprets the argument in order to find any special
escape sequences such as <literal>\P</literal> or
<literal>\T</literal> (see the man page). As a result of this
double-parsing, you must remember to use the correct number of
escapes.</para>
<para>If you wish to actually send a <literal>\</literal>
character to (say) your modem, you would need something
like:</para>
<programlisting>set dial "\"\" ATZ OK-ATZ-OK AT\\\\X OK"</programlisting>
<para>resulting in the following sequence:</para>
<programlisting>ATZ
OK
AT\X
OK</programlisting>
<para>or</para>
<programlisting>set phone 1234567
set dial "\"\" ATZ OK ATDT\\T"</programlisting>
<para>resulting in the following sequence:</para>
<programlisting>ATZ
OK
ATDT1234567</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-segfault-nocore">
<para>Why does &man.ppp.8; get a seg-fault, but I see no
<filename>ppp.core</filename> file?</para>
</question>
<answer>
<para>Ppp (or any other program for that matter) should never
dump core. Because &man.ppp.8; runs with an effective user id of 0,
the operating system will not write &man.ppp.8;'s core image to disk
before terminating it. If, however &man.ppp.8;
is actually terminating due to a
segmentation violation or some other signal that normally
causes core to be dumped, <emphasis>and</emphasis>
you are sure you are using the latest version (see the start of
this section), then you should do the following:</para>
<screen>&prompt.user; <userinput>tar xfz ppp-*.src.tar.gz</userinput>
&prompt.user; <userinput>cd ppp*/ppp</userinput>
&prompt.user; <userinput>echo STRIP= &gt;&gt;Makefile</userinput>
&prompt.user; <userinput>echo CFLAGS+=-g &gt;&gt;Makefile</userinput>
&prompt.user; <userinput>make clean all</userinput>
&prompt.user; <userinput>su</userinput>
&prompt.root; <userinput>make install</userinput>
&prompt.root; <userinput>chmod 555 /usr/sbin/ppp</userinput></screen>
<para>You will now have a debuggable version of &man.ppp.8; installed.
You will have to be <username>root</username> to run &man.ppp.8; as all of its privileges
have been revoked. When you start &man.ppp.8;, take a careful note
of what your current directory was at the time.</para>
<para>Now, if and when &man.ppp.8; receives the segmentation violation,
it will dump a core file called <filename>ppp.core</filename>. You should then do
the following:</para>
<screen>&prompt.user; <userinput>su</userinput>
&prompt.root; <userinput>gdb /usr/sbin/ppp ppp.core</userinput>
<prompt>(gdb)</prompt> <userinput>bt</userinput>
.....
<prompt>(gdb)</prompt> <userinput>f 0</userinput>
....
<prompt>(gdb)</prompt> <userinput>i args</userinput>
....
<prompt>(gdb)</prompt> <userinput>l</userinput>
.....</screen>
<para>All of this information should be given alongside your
question, making it possible to diagnose the problem.</para>
<para>If you are familiar with gdb, you may wish to find out some
other bits and pieces such as what actually caused the dump and
the addresses &amp; values of the relevant variables.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-autodialprocess-noconnect">
<para>Why does the process that forces a dial in auto mode never
connect?</para>
</question>
<answer>
<para>This was a known problem with
&man.ppp.8; set up to negotiate a
dynamic local IP number with the peer in auto mode. It is
fixed in the latest version - search the man page for
<literal>iface</literal>.</para>
<para>The problem was that when that initial program calls
&man.connect.2;, the IP number of the tun interface is assigned
to the socket endpoint. The kernel creates the first outgoing
packet and writes it to the tun device.
&man.ppp.8; then reads the packet and
establishes a connection. If, as a result of
&man.ppp.8;'s dynamic IP assignment, the
interface address is changed, the original socket endpoint will
be invalid. Any subsequent packets sent to the peer will
usually be dropped. Even if they are not, any responses will
not route back to the originating machine as the IP number is
no longer owned by that machine.</para>
<para>There are several theoretical ways to approach this
problem. It would be nicest if the peer would re-assign the
same IP number if possible <literal>:-)</literal>
The current version of &man.ppp.8; does
this, but most other implementations do not.</para>
<para>The easiest method from our side would be to never change
the tun interface IP number, but instead to change all outgoing
packets so that the source IP number is changed from the
interface IP to the negotiated IP on the fly. This is
essentially what the <literal>iface-alias</literal> option in
the latest version of &man.ppp.8; is
doing (with the help of
&man.libalias.3; and &man.ppp.8;'s <option>-nat</option> switch) -
it is maintaining all previous interface addresses and NATing
them to the last negotiated address.</para>
<para>Another alternative (and probably the most reliable) would
be to implement a system call that changes all bound sockets
from one IP to another. &man.ppp.8; would
use this call to modify the sockets of all existing programs
when a new IP number is negotiated. The same system call could
be used by dhcp clients when they are forced to re-bind() their
sockets.</para>
<para>Yet another possibility is to allow an interface to be
brought up without an IP number. Outgoing packets would be
given an IP number of 255.255.255.255 up until the first
SIOCAIFADDR ioctl is done. This would result in fully binding
the socket. It would be up to &man.ppp.8;
to change the source IP number, but only if it is set to
255.255.255.255, and only the IP number and IP checksum would
need to change. This, however is a bit of a hack as the kernel
would be sending bad packets to an improperly configured
interface, on the assumption that some other mechanism is
capable of fixing things retrospectively.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ppp-nat-games">
<para>Why do most games not work with the -nat switch?</para>
</question>
<answer>
<para>The reason games and the like do not work when libalias
is in use is that the machine on the outside will try to open a
connection or send (unsolicited) UDP packets to the machine on
the inside. The NAT software does not know that it should send
these packets to the interior machine.</para>
<para>To make things work, make sure that the only thing
running is the software that you are having problems with, then
either run tcpdump on the tun interface of the gateway or
enable &man.ppp.8; tcp/ip logging (<literal>set log +tcp/ip</literal>)
on the gateway.</para>
<para>When you start the offending software, you should see
packets passing through the gateway machine. When something
comes back from the outside, it will be dropped (that is the
problem). Note the port number of these packets then shut down
the offending software. Do this a few times to see if the port
numbers are consistent. If they are, then the following line in
the relevant section of <filename>/etc/ppp/ppp.conf</filename> will make the
software functional:</para>
<programlisting>nat port <replaceable>proto</replaceable> <replaceable>internalmachine</replaceable>:<replaceable>port</replaceable> <replaceable>port</replaceable></programlisting>
<para>where <replaceable>proto</replaceable> is either
<literal>tcp</literal> or <literal>udp</literal>,
<replaceable>internalmachine</replaceable> is the machine that
you want the packets to be sent to and
<replaceable>port</replaceable> is the destination port number
of the packets.</para>
<para>You will not be able to use the software on other machines
without changing the above command, and running the software
on two internal machines at the same time is out of the question
- after all, the outside world is seeing your entire internal
network as being just a single machine.</para>
<para>If the port numbers are not consistent, there are three
more options:</para>
<orderedlist>
<listitem>
<para>Submit support in
libalias. Examples of <quote>special cases</quote> can be found
in <filename>/usr/src/lib/libalias/alias_*.c</filename>
(<filename>alias_ftp.c</filename> is a good prototype). This
usually involves reading certain recognised outgoing packets,
identifying the instruction that tells the outside machine to
initiate a connection back to the internal machine on a
specific (random) port and setting up a <quote>route</quote> in
the alias table so that the subsequent packets know where to
go.</para>
<para>This is the most difficult solution, but it is the best
and will make the software work with multiple machines.</para>
</listitem>
<listitem>
<para>Use a proxy. The
application may support socks5 for example, or (as in the
<quote>cvsup</quote> case) may have a <quote>passive</quote>
option that avoids ever requesting that the peer open
connections back to the local machine.</para>
</listitem>
<listitem>
<para>Redirect everything to
the internal machine using <literal>nat addr</literal>. This
is the sledge-hammer approach.</para>
</listitem>
</orderedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="useful-port-numbers">
<para>Has anybody made a list of useful port numbers?</para>
</question><answer>
<para>Not yet, but this is intended to grow into such a list
(if any interest is shown). In each example,
<replaceable>internal</replaceable> should be replaced with
the IP number of the machine playing the game.</para>
<itemizedlist>
<listitem>
<para><application>Asheron's Call</application></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>
:65000 65000</literal></para>
<para>Manually change the port number within the game to
65000. If you have got a number of machines that you wish
to play on assign a unique port number for each (i.e.
65001, 65002, etc) and add a <literal>nat port</literal>
line for each one.</para>
</listitem>
<listitem>
<para><application>Half Life</application></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:27005
27015</literal></para>
</listitem>
<listitem>
<para><application>PCAnywhere 8.0</application></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:5632
5632</literal></para>
<para><literal>nat port tcp
<replaceable>internal</replaceable>:5631
5631</literal></para>
</listitem>
<listitem>
<para><application>Quake</application></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:6112
6112</literal></para>
<para>Alternatively, you may want to take a look at <ulink
URL="http://www.battle.net/support/proxy/">
www.battle.net</ulink> for Quake proxy support.</para>
</listitem>
<listitem>
<para><application>Quake 2</application></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:27901
27910</literal></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:60021
60021</literal></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:60040
60040</literal></para>
</listitem>
<listitem>
<para><application>Red Alert</application></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:8675
8675</literal></para>
<para><literal>nat port udp
<replaceable>internal</replaceable>:5009
5009</literal></para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="fcs-errors">
<para>What are FCS errors?</para>
</question>
<answer>
<para>FCS stands for <literal>F</literal>rame
<literal>C</literal>heck
<literal>S</literal>equence. Each PPP packet
has a checksum attached to ensure that the data being
received is the data being sent. If the FCS of an incoming
packet is incorrect, the packet is dropped and the HDLC FCS
count is increased. The HDLC error values can be displayed
using the <literal>show hdlc</literal> command.</para>
<para>If your link is bad (or if your serial driver is dropping
packets), you will see the occasional FCS error. This is not
usually worth worrying about although it does slow down the
compression protocols substantially. If you have an external
modem, make sure your cable is properly shielded from
interference - this may eradicate the problem.</para>
<para>If your link freezes as soon as you have connected and you
see a large number of FCS errors, this may be because your link
is not 8 bit clean. Make sure your modem is not using software
flow control (XON/XOFF). If your datalink
<emphasis>must</emphasis> use software flow control, use the
command <literal>set accmap 0x000a0000</literal> to tell
&man.ppp.8; to escape the <literal>^Q</literal> and
<literal>^S</literal> characters.</para>
<para>Another reason for seeing too many FCS errors may be that
the remote end has stopped talking <acronym>PPP</acronym>. You
may want to enable <literal>async</literal> logging at this
point to determine if the incoming data is actually a login or
shell prompt. If you have a shell prompt at the remote end,
it is possible to terminate &man.ppp.8; without dropping the line by
using the <literal>close lcp</literal> command (a following
<literal>term</literal> command will reconnect you to the shell
on the remote machine.</para>
<para>If nothing in your log file indicates why the link might
have been terminated, you should ask the remote administrator
(your ISP?) why the session was terminated.</para>
</answer>
</qandaentry>
<qandaentry id=PPPoEwithNAT>
<question id="macos-win98-pppoe-freeze">
<para>Why do MacOS and Windows 98 connections freeze when
running PPPoE on the gateway?</para>
</question>
<answer>
<para>Thanks to Michael Wozniak
<email>mwozniak@netcom.ca</email> for figuring this out and
Dan Flemming <email>danflemming@mac.com</email> for the Mac
solution:</para>
<para>This is due to what is called a <quote>Black Hole</quote>
router. MacOS and Windows 98 (and maybe other Microsoft OSs)
send TCP packets with a requested segment size too big to fit
into a PPPoE frame (MTU is 1500 by default for Ethernet)
<emphasis>and</emphasis> have the <quote>do not
fragment</quote> bit set (default of TCP) and the Telco router
is not sending ICMP <quote>must fragment</quote> back to the
www site you are trying to load. (Alternatively, the router is
sending the ICMP packet correctly, but the firewall at the www
site is dropping it.) When the www server is sending
you frames that do not fit into the PPPoE pipe the Telco router
drops them on the floor and your page does not load (some
pages/graphics do as they are smaller than a MSS.) This seems
to be the default of most Telco PPPoE configurations (if only
they knew how to program a router... sigh...)</para>
<para>One fix is to use regedit on your 95/98 boxes to add the
following registry entry...</para>
<programlisting>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans\0000\MaxMTU</programlisting>
<para>It should be a string with a value <quote>1436</quote>, as
some ADSL routers are reported to be unable to deal with packets
larger than this. This registry key has been changed to
<literal>Tcpip\Parameters\Interfaces\<replaceable>ID for adapter</replaceable>\MTU</literal>
in Windows 2000 and becomes a DWORD.</para>
<para>Refer to the Microsoft Knowledge Base documents <ulink
url="http://support.microsoft.com/support/kb/articles/Q158/4/74.asp">Q158474
- Windows TCPIP Registry Entries</ulink> and <ulink
url="http://support.microsoft.com/support/kb/articles/Q120/6/42.asp">Q120642
- TCPIP & NBT Configuration Parameters for Windows
NT</ulink> for more information on changing Windows MTU to
work with a NAT router.</para>
<para>Another regedit possibility under Windows 2000 is to
set the
<literal>Tcpip\Parameters\Interfaces\<replaceable>ID for
adapter</replaceable>\EnablePMTUBHDetect</literal> DWORD
to 1 as mentioned in the Microsoft document 120642
mentioned above.</para>
<para>Unfortunately, MacOS does not provide an interface for
changing TCP/IP settings. However, there is commercial software
available, such as OTAdvancedTuner (OT for OpenTransport, the
MacOS TCP/IP stack) by <ulink
URL="http://www.softworks.com/">Sustainable Softworks</ulink>,
that will allow users to customize TCP/IP settings. MacOS NAT
users should select <literal>ip_interface_MTU</literal> from
the drop-down menu, enter <literal>1450</literal> instead of
<literal>1500</literal> in the box, click the box next to
<literal>Save as Auto Configure</literal>, and click
<literal>Make Active</literal>.</para>
<para>The latest version of &man.ppp.8;
(2.3 or greater) has an <command>enable tcpmssfixup</command>
command that will automatically adjust the MSS to an appropriate
value. This facility is enabled by default. If you are stuck
with an older version of &man.ppp.8;, you
may want to look at the <application>tcpmssd</application>
port.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="desperation">
<para>None of this helps - I am desperate! What can I do?</para>
</question>
<answer>
<para>If all else fails, send as much information as you can,
including your config files, how you are starting
&man.ppp.8;, the relevant parts of your
log file and the output of the <command>netstat -rn</command>
command (before and after connecting) to the &a.questions; or
the <ulink URL="news:comp.unix.bsd.freebsd.misc">
comp.unix.bsd.freebsd.misc</ulink> news group, and someone
should point you in the right direction.</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="serial">
<title>Serial Communications</title>
<para>This section answers common questions about serial
communications with FreeBSD. PPP and SLIP are covered in the
<xref linkend="networking" remap="Networking"> section.</para>
<qandaset>
<qandaentry>
<question id="found-serial">
<para>How do I tell if FreeBSD found my serial ports?</para>
</question>
<answer>
<para>As the FreeBSD kernel boots, it will probe for the serial
ports in your system for which the kernel was configured.
You can either watch your system closely for the messages it
prints or run the command</para>
<screen>&prompt.user; <userinput>dmesg | grep sio</userinput></screen>
<para>after your system is up and running.</para>
<para>Here is some example output from the above command:</para>
<programlisting>sio0 at 0x3f8-0x3ff irq 4 on isa
sio0: type 16550A
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16550A</programlisting>
<para>This shows two serial ports. The first is on irq 4, is
using port address <literal>0x3f8</literal>, and has a
16550A-type UART chip. The second uses the same kind of chip
but is on irq 3 and is at port address <literal>0x2f8</literal>.
Internal modem cards are treated just like serial ports---except
that they always have a modem <quote>attached</quote> to the
port.</para>
<para>The <filename>GENERIC</filename> kernel includes support
for two serial ports using the same irq and port address
settings in the above example. If these settings are not
right for your system, or if you have added modem cards or have
more serial ports than your kernel is configured for, just
reconfigure your kernel. See section
<link linkend="make-kernel">about building a kernel</link> for
more details.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="found-modem">
<para>How do I tell if FreeBSD found my modem cards?</para>
</question>
<answer>
<para>Refer to the answer to the previous question.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="missing-tty0X">
<para>I just upgraded to 2.0.5 and my
<devicename>tty0<replaceable>X</replaceable></devicename>
are missing! How do I solve this problem?</para>
</question>
<answer>
<para>Do not worry, they have been merged with the
<devicename>ttyd<replaceable>X</replaceable></devicename> devices. You will have to change
any old configuration files you have, though.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="access-serial-ports">
<para>How do I access the serial ports on FreeBSD?</para>
</question>
<answer>
<para>The third serial port,
<devicename>sio2</devicename>
(see &man.sio.4;, known as COM3 in DOS), is on <devicename>/dev/cuaa2</devicename>
for dial-out devices, and on <devicename>/dev/ttyd2</devicename>
for dial-in devices. What is the difference between these two
classes of devices?</para>
<para>You use <devicename>ttyd<replaceable>X</replaceable></devicename> for dial-ins. When
opening <devicename>/dev/ttyd<replaceable>X</replaceable></devicename> in blocking mode, a
process will wait for the corresponding
<devicename>cuaa<replaceable>X</replaceable></devicename> device to become inactive, and then
wait for the carrier detect line to go active. When you open
the <devicename>cuaa<replaceable>X</replaceable></devicename> device, it makes sure the serial
port is not already in use by the <devicename>ttyd<replaceable>X</replaceable></devicename>
device. If the port is available, it <quote>steals</quote> it
from the <devicename>ttyd<replaceable>X</replaceable></devicename> device. Also, the
<devicename>cuaa<replaceable>X</replaceable></devicename> device does not care about carrier
detect. With this scheme and an auto-answer modem, you can have
remote users log in and you can still dial out with the same
modem and the system will take care of all the
conflicts.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="enable-multiport-serial">
<para>How do I enable support for a multiport serial
card?</para>
</question>
<answer>
<para>Again, the section on kernel configuration provides
information about configuring your kernel. For a multiport
serial card, place an &man.sio.4; line
for each serial port on the card in the kernel configuration
file. But place the irq and vector specifiers on only one of
the entries. All of the ports on the card should share one irq.
For consistency, use the last serial port to specify the irq.
Also, specify the <literal>COM_MULTIPORT</literal>
option.</para>
<para>The following example is for an AST 4-port serial card on
irq 7:</para>
<programlisting>options "COM_MULTIPORT"
device sio4 at isa? port 0x2a0 tty flags 0x781
device sio5 at isa? port 0x2a8 tty flags 0x781
device sio6 at isa? port 0x2b0 tty flags 0x781
device sio7 at isa? port 0x2b8 tty flags 0x781 irq 7 vector siointr</programlisting>
<para>The flags indicate that the master port has minor number 7
(<literal>0x700</literal>), diagnostics enabled during probe
(<literal>0x080</literal>), and all the ports share an irq
(<literal>0x001</literal>).</para>
</answer>
</qandaentry>
<qandaentry>
<question id="multiport-serial-share-irq">
<para>Can FreeBSD handle multiport serial cards sharing
irqs?</para>
</question>
<answer>
<para>Not yet. You will have to use a different irq for each
card.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="default-serial-params">
<para>Can I set the default serial parameters for a
port?</para>
</question>
<answer>
<para>The <devicename>ttyd<replaceable>X</replaceable></devicename> (or
<devicename>cuaa<replaceable>X</replaceable></devicename>) device is the regular device
you will want to open for your applications. When a process
opens the device, it will have a default set of terminal I/O
settings. You can see these settings with the command</para>
<screen>&prompt.root; <userinput>stty -a -f /dev/ttyd1</userinput></screen>
<para>When you change the settings to this device, the settings
are in effect until the device is closed. When it is reopened,
it goes back to the default set. To make changes to the
default set, you can open and adjust the settings of the
<quote>initial state</quote> device. For example, to turn on
<acronym>CLOCAL</acronym> mode, 8 bits, and
<acronym>XON/XOFF</acronym> flow control by default for
ttyd5, do:</para>
<screen>&prompt.root; <userinput>stty -f /dev/ttyid5 clocal cs8 ixon ixoff</userinput></screen>
<para>A good place to do this is in
<filename>/etc/rc.serial</filename>. Now, an application will
have these settings by default when it opens
<filename>ttyd5</filename>. It can still change these settings
to its liking, though.</para>
<para>You can also prevent certain settings from being changed
by an application by making adjustments to the
<quote>lock state</quote> device. For example, to lock the
speed of <devicename>ttyd5</devicename> to 57600 bps, do</para>
<screen>&prompt.root; <userinput>stty -f /dev/ttyld5 57600</userinput></screen>
<para>Now, an application that opens <devicename>ttyd5</devicename>
and tries to change the speed of the port will be stuck with
57600 bps.</para>
<para>Naturally, you should make the initial state and lock state
devices writable only by <username>root</username>. The
&man.MAKEDEV.8;
script does <emphasis>NOT</emphasis> do this when it creates the
device entries.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="enable-dialup">
<para>How can I enable dialup logins on my modem?</para>
</question>
<answer>
<para>So you want to become an Internet service provider, eh?
First, you will need one or more modems that can auto-answer.
Your modem will need to assert carrier-detect when it detects a
carrier and not assert it all the time. It will need to hang up
the phone and reset itself when the data terminal ready
(<acronym>DTR</acronym>) line goes from on to off. It should
probably use <filename>RTS/CTS</filename> flow control or no
local flow control at all. Finally, it must use a constant
speed between the computer and itself, but (to be nice to your
callers) it should negotiate a speed between itself and the
remote modem.</para>
<para>For many Hayes command-set--compatible modems, this
command will make these settings and store them in
nonvolatile memory:</para>
<programlisting>AT &amp;C1 &amp;D3 &amp;K3 &amp;Q6 S0=1 &amp;W</programlisting>
<para>See the section <link linkend="direct-at">on sending AT
commands</link> below for information on how to make these
settings without resorting to an MS-DOS terminal program.</para>
<para>Next, make an entry in
<filename>/etc/ttys</filename> (see &man.ttys.5;) for the modem. This file lists all the ports
on which the operating system will await logins. Add a line
that looks something like this:</para>
<programlisting>ttyd1 "/usr/libexec/getty std.57600" dialup on insecure</programlisting>
<para>This line indicates that the second serial port
(<devicename>/dev/ttyd1</devicename>) has a modem connected
running at 57600 bps and no parity
(<literal>std.57600</literal>, which comes from the file
<filename>/etc/gettytab</filename>, see &man.gettytab.5;).
The terminal type for this port is <literal>dialup</literal>.
The port is <literal>on</literal> and is
<literal>insecure</literal>---meaning <username>root</username>
logins on the port are not allowed. For dialin ports like this one,
use the <devicename>ttyd<replaceable>X</replaceable></devicename>
entry.</para>
<para>It is common practice to use <literal>dialup</literal> as
the terminal type. Many users set up in their <filename>.profile</filename> or
<filename>.login</filename> files a prompt for the actual terminal type if the
starting type is dialup. The example shows the port as
insecure. To become <username>root</username> on this port, you
have to login as a regular user, then &man.su.1; to become
<username>root</username>. If you use <literal>secure</literal>
then <username>root</username> can login in directly.</para>
<para>After making modifications to
<filename>/etc/ttys</filename>, you need to send a hangup or
<acronym>HUP</acronym> signal to the
&man.init.8; process:</para>
<screen>&prompt.root; <userinput>kill -HUP 1</userinput></screen>
<para>This forces the &man.init.8; process to reread
<filename>/etc/ttys</filename>. The init process will then start getty
processes on all <literal>on</literal> ports. You can find
out if logins are available for your port by typing</para>
<screen>&prompt.user; <userinput>ps -ax | grep '[t]tyd1'</userinput></screen>
<para>You should see something like:</para>
<programlisting>747 ?? I 0:00.04 /usr/libexec/getty std.57600 ttyd1</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="dumb-terminal">
<para>How can I connect a dumb terminal to my FreeBSD
box?</para>
</question>
<answer>
<para>If you are using another computer as a terminal into your
FreeBSD system, get a null modem cable to go between the two
serial ports. If you are using an actual terminal, see its
accompanying instructions.</para>
<para>Then, modify
<filename>/etc/ttys</filename> (see &man.ttys.5;), like above. For example, if you are
hooking up a WYSE-50 terminal to the fifth serial port,
use an entry like this:</para>
<programlisting>ttyd4 "/usr/libexec/getty std.38400" wyse50 on secure</programlisting>
<para>This example shows that the port on
<devicename>/dev/ttyd4</devicename> has a wyse50 terminal
connected at 38400 bps with no parity
(<literal>std.38400</literal> from
<filename>/etc/gettytab</filename>, see &man.gettytab.5;) and <username>root</username> logins are
allowed (<literal>secure</literal>).</para>
</answer>
</qandaentry>
<qandaentry>
<question id="cannot-tip">
<para>Why can I not run <command>tip</command> or
<command>cu</command>?</para>
</question>
<answer>
<para>On your system, the programs &man.tip.1;
and &man.cu.1;
are probably executable only by
<username>uucp</username>
and group <groupname>dialer</groupname>. You can use the group
<groupname>dialer</groupname> to control who has access to your
modem or remote systems. Just add yourself to group
dialer.</para>
<para>Alternatively, you can let everyone on your system
run &man.tip.1; and &man.cu.1; by
typing:</para>
<screen>&prompt.root; <userinput>chmod 4511 /usr/bin/cu</userinput>
&prompt.root; <userinput>chmod 4511 /usr/bin/tip</userinput></screen>
</answer>
</qandaentry>
<qandaentry>
<question id="hayes-unsupported">
<para>My stock Hayes modem is not supported---what
can I do?</para>
</question>
<answer>
<para>Actually, the man page for &man.tip.1; is
out of date. There is a generic Hayes dialer already built in.
Just use <literal>at=hayes</literal> in your
<filename>/etc/remote</filename> (see &man.remote.5;) file.</para>
<para>The Hayes driver is not smart enough to recognize some of
the advanced features of newer modems---messages like
<literal>BUSY</literal>, <literal>NO DIALTONE</literal>, or
<literal>CONNECT 115200</literal> will just confuse it. You
should turn those messages off when you use &man.tip.1;
(using <literal>ATX0&amp;W</literal>).</para>
<para>Also, the dial timeout for &man.tip.1; is 60
seconds. Your modem should use something less, or else tip
will think there is a communication problem. Try
<literal>ATS7=45&amp;W</literal>.</para>
<para>Actually, as shipped &man.tip.1; does not yet
support it fully. The solution is to edit the file
<filename>tipconf.h</filename> in the directory
<filename>/usr/src/usr.bin/tip/tip</filename>. Obviously you
need the source distribution to do this.</para>
<para>Edit the line <literal>#define HAYES 0</literal>
to <literal>#define HAYES 1</literal>. Then
<command>make</command> and <command>make install</command>.
Everything works nicely after that.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="direct-at">
<para>How am I expected to enter these AT commands?</para>
</question>
<answer>
<para>Make what is called a <quote>direct</quote> entry in your
<filename>/etc/remote</filename> file (see &man.remote.5;). For example, if your modem is hooked
up to the first serial port, <devicename>/dev/cuaa0</devicename>,
then put in the following line:</para>
<programlisting>cuaa0:dv=/dev/cuaa0:br#19200:pa=none</programlisting>
<para>Use the highest bps rate your modem supports in the br
capability. Then, type
<command>tip <devicename>cuaa0</devicename></command> (see &man.tip.1;)
and you will be connected to your modem.</para>
<para>If there is no <devicename>/dev/cuaa0</devicename> on your
system, do this:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV cuaa0</userinput></screen>
<para>Or use cu as <username>root</username> with the following command:</para>
<screen>&prompt.root; <userinput>cu -l<replaceable>line</replaceable> -s<replaceable>speed</replaceable></userinput></screen>
<para>with <replaceable>line</replaceable> being the serial port (e.g.
<devicename>/dev/cuaa0</devicename>) and <replaceable>speed</replaceable> being the speed
(e.g.<literal>57600</literal>). When you are done entering
the AT commands hit <literal>~.</literal> to exit.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="gt-failure">
<para>Why does the <literal>&lt;@&gt;</literal> sign for the pn
capability not work?</para></question><answer>
<para>The <literal>&lt;@&gt;</literal> sign in the phone number
capability tells tip to look in
<filename>/etc/phones</filename> for a phone number. But the
<literal>&lt;@&gt;</literal> sign is also a special character
in capability files like <filename>/etc/remote</filename>.
Escape it with a backslash:</para>
<programlisting>pn=\@</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="dial-command-line">
<para>How can I dial a phone number on the command
line?</para>
</question><answer>
<para>Put what is called a <quote>generic</quote> entry in your
<filename>/etc/remote</filename> file (see &man.remote.5;). For example:</para>
<programlisting>tip115200|Dial any phone number at 115200 bps:\
:dv=/dev/cuaa0:br#115200:at=hayes:pa=none:du:
tip57600|Dial any phone number at 57600 bps:\
:dv=/dev/cuaa0:br#57600:at=hayes:pa=none:du:</programlisting>
<para>Then you can do something like <command>tip -115200
5551234</command>. If you prefer &man.cu.1;
over
&man.tip.1;, use a generic cu entry:</para>
<programlisting>cu115200|Use cu to dial any number at 115200bps:\
:dv=/dev/cuaa1:br#57600:at=hayes:pa=none:du:</programlisting>
<para>and type <command>cu 5551234 -s 115200</command>.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="set-bps">
<para>Do I have to type in the bps rate every time I do
that?</para>
</question><answer>
<para>Put in an entry for <literal>tip1200</literal> or
<literal>cu1200</literal>, but go ahead and use whatever bps
rate is appropriate with the br capability.
&man.tip.1;
thinks a good default is 1200 bps which is why it looks for
a <literal>tip1200</literal> entry. You do not have to use 1200
bps, though.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="terminal-server">
<para>How can I more easily access a number of hosts through a
terminal server?</para>
</question>
<answer>
<para>Rather than waiting until you are connected and typing
<literal>CONNECT <replaceable>host</replaceable></literal>
each time, use tip's <literal>cm</literal> capability. For
example, these entries in
<filename>/etc/remote</filename> (see &man.remote.5;):</para>
<programlisting>pain|pain.deep13.com|Forrester's machine:\
:cm=CONNECT pain\n:tc=deep13:
muffin|muffin.deep13.com|Frank's machine:\
:cm=CONNECT muffin\n:tc=deep13:
deep13:Gizmonics Institute terminal server:\
:dv=/dev/cuaa2:br#38400:at=hayes:du:pa=none:pn=5551234:</programlisting>
<para>will let you type <command>tip pain</command> or
<command>tip muffin</command> to connect to the hosts
<hostid>pain</hostid> or <hostid>muffin</hostid>; and
<command>tip deep13</command> to get to the terminal
server.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="tip-multiline">
<para>Can tip try more than one line for each site?</para>
</question>
<answer>
<para>This is often a problem where a university has several
modem lines and several thousand students trying to use
them...</para>
<para>Make an entry for your university in
<filename>/etc/remote</filename> (see &man.remote.5;) and use <literal>&lt;\@&gt;</literal> for
the <literal>pn</literal> capability:</para>
<programlisting>big-university:\
:pn=\@:tc=dialout
dialout:\
:dv=/dev/cuaa3:br#9600:at=courier:du:pa=none:</programlisting>
<para>Then, list the phone numbers for the university in
<filename>/etc/phones</filename> (see &man.phones.5;):</para>
<programlisting>big-university 5551111
big-university 5551112
big-university 5551113
big-university 5551114</programlisting>
<para>&man.tip.1;
will try each one in the listed order, then give
up. If you want to keep retrying, run &man.tip.1;
in a while loop.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="multi-controlp">
<para>Why do I have to hit CTRL+P twice to send CTRL+P
once?</para>
</question>
<answer>
<para>CTRL+P is the default <quote>force</quote> character,
used to tell &man.tip.1;
that the next character is literal data. You can set the
force character to any other character with the
<literal>~s</literal> escape, which means <quote>set a
variable</quote>.</para>
<para>Type <literal>~sforce=<replaceable>single-char
</replaceable></literal> followed by a newline.
<replaceable>single-char</replaceable> is any single character.
If you leave out <replaceable>single-char</replaceable>,
then the force character is the nul character, which you can
get by typing CTRL+2 or CTRL+SPACE. A pretty good value for
<replaceable>single-char</replaceable> is SHIFT+CTRL+6, which
I have seen only used on some terminal servers.</para>
<para>You can have the force character be whatever you want by
specifying the following in your
<filename>$HOME/.tiprc</filename> file:</para>
<programlisting>force=<replaceable>single-char</replaceable></programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="uppercase">
<para>Why is everything I type suddenly in UPPER CASE?</para>
</question>
<answer>
<para>You must have pressed CTRL+A, &man.tip.1;
<quote>raise character</quote>, specially
designed for people with broken caps-lock keys. Use
<literal>~s</literal> as above and set the variable
<quote>raisechar</quote> to something reasonable. In fact,
you can set it to the same as the force character, if you
never expect to use either of these features.</para>
<para>Here is a sample .tiprc file perfect for Emacs users who
need to type CTRL+2 and CTRL+A a lot:</para>
<programlisting>force=^^
raisechar=^^</programlisting>
<para>The ^^ is SHIFT+CTRL+6.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="tip-filetransfer">
<para>How can I do file transfers with
<command>tip</command>?</para>
</question>
<answer>
<para>If you are talking to another Unix system, you can send
and receive files with <literal>~p</literal> (put) and
<literal>~t</literal> (take). These commands run
&man.cat.1; and
&man.echo.1; on the remote system to accept and send files.
The syntax is:</para>
<programlisting>~p &lt;local-file&gt; [&lt;remote-file&gt;]
~t &lt;remote-file&gt; [&lt;local-file&gt;]</programlisting>
<para>There is no error checking, so you probably should use
another protocol, like zmodem.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="zmodem-tip">
<para>How can I run zmodem with
<application>tip</application>?</para>
</question>
<answer>
<para>First, install one of the zmodem programs from the
ports collection (such as one of the two from the comms
category, <application>lrzsz</application> or
<application>rzsz</application>.</para>
<para>To receive files, start the sending program on the
remote end. Then, press enter and type
<literal>~C rz</literal> (or <literal>~C lrz</literal> if you
installed <application>lrzsz</application>) to begin
receiving them locally.</para>
<para>To send files, start the receiving program on the remote
end. Then, press enter and type
<literal>~C sz <replaceable>files</replaceable></literal>
(or <literal>~C lsz <replaceable>files</replaceable></literal>)
to send them to the remote system.</para>
</answer>
</qandaentry>
<qandaentry>
<question id="cannot-find-serial">
<para>Why does FreeBSD not find my serial ports, even
when the settings are correct?</para>
</question>
<answer>
<para>Motherboards and cards with Acer UARTs do not probe
properly under the FreeBSD sio probe. Obtain a patch from
<ulink URL="http://www.lemis.com/serial-port-patch.html">
www.lemis.com</ulink> to fix your problem.</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="misc">
<title>¨ä¥¦¦U¦¡¦U¼Ëªº°ÝÃD</title>
<qandaset>
<qandaentry>
<question id="more-swap">
<para>¬°¬Æ»ò FreeBSD ¥Îªº¸m´«(swap)ªÅ¶¡¤ñ Linux ¦h¡H</para>
</question>
<answer>
<para>FreeBSD¶È¬O¬Ý°_¨Ó¸m´«ªÅ¶¡(swap)¥Îªº¤ñLinux¦h¦Ó¤w¡C¦b¨Æ¹ê¤W¡A
¨Ã¤£µM¡C¥D­nªº®t²§¬O¦b©ó¡AFreeBSD¿n·¥ªº±N¶¢¸mµL¥Îªº¥D°O¾ÐÅ餺®e
±À¤J¸m´«ªÅ¶¡(swap)¤¤¡A¥H¨Ï±o¥D°O¾ÐÅé¥i¥H§ó¬°¦³®Ä²vªº³Q¨Ï¥Î¡C¦Ó
Linuxªºµ¦²¤¬O±N¸m´«ªÅ¶¡(swap)¥Î¨Ó§@¬°¸Ñ¨M°O¾ÐÅé°ÝÃDªº³Ì²×¤â¬q¡C
¸ûÀWÁcªº¨Ï¥Î¸m´«ªÅ¶¡(swap)¡C¬O¤@ºØ§ó¦³®Ä²vªº¨Ï¥Î¥D°O¾ÐÅ骺¤â¬q¡C
</para>
<para>µù¡G·í¤@¤è­±FreeBSD¿n·¥ªº¨Ï¥Î¸m´«ªÅ¶¡(swap)ªº¦P®É¡A§A¥²»Ýª`
·N¨ì¡AFreeBSD¨Ã¤£·|¥ô·Nªº±N©Ò¦³ªºªF¦è³£±À¤J¸m´«ªÅ¶¡(swap)¤¤¡C¦p¦¹¡A
§A¤~¤£·|¦b¤@©]±J¾K°_§É«áµo²{¡A¾ã­Ó¨t²Î³£³Q­Ë¶i¤F¸m´«ªÅ¶¡(swap)¤§¤¤¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="top-freemem">
<para>§Y¨Ï§Ú¥u¦³¹B¦æ¤Ö¼Æµ{¦¡¡A¬°¤°»ò <command>top</command> Åã¥Ü¥X
¨Óªº³Ñ¾l°O¾ÐÅéÁÙ¬O«Ü¤Ö¡H</para>
</question>
<answer>
<para>²³æªºµª®×¬O¡A©Ò¦³¥¼¨Ï¥Î¨ìªº¶¢¸m°O¾ÐÅé³£¬O³Q®ö¶Oªº°O¾ÐÅé¡A
¥ô¦ó¥¼³Q§Aªºµ{¦¡©Ò§Q¥Î¨ìªº°O¾ÐÅé±N³Q®Ö¤ß(kernel)¥Î¨Ó·í
§@ºÏºÐ§Ö¨ú(disk cache)¡C¦Ó³oºØ°O¾ÐÅé³Q &man.top.1; ¼Ð°O¬°
<literal>¶¢¸mªº(Inact)</literal>¡A<literal>§Ö¨ú(Cache)</literal>¡A
¥H¤Î <literal>½w½Ä°Ï(Buf)</literal>¡A¨Ã­t³d¦b¦U­Ó¤£¦Pªº¦ì¸m­t³d
¼È¦s¸ê®Æ¡C³Q¼È¦s(cached)ªº¸ê®Æ¥Nªí¨t²Î¤£»Ý­n¥h¦s¨ú¸ûºCªººÏºÐ¸Ë¸m
´N¥i¥H±o¨ì¸ê®Æ¡A¦p¦¹¡A¥i¥H´£¤É¨t²Îªº®Ä¯à¡CÁ`¦Ó¨¥¤§¡A&man.top.1;
Åã¥Ü¥X¸û¤Öªº <literal>¶¢¸m(Free)</literal> °O¾ÐÅé¬O¦nªº¡A¥u­nÅã¥Ü
¥X¨Óªº­È¤£¬O <literal>«D±`</literal> ªº§C¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="aout-elf">
<para>¬°¬Æ»ò­n¥Î(¬Æ»ò¬O) a.out ©M ELF °õ¦æÀɮ榡¡H</para>
</question>
<answer>
<para>­n¤F¸Ñ¬°¤°»òFreebsd¨Ï¥Î <filename>ELF</filename> ®æ¦¡¡A§A¦³¥²
­n¥ý»{ÃѤ@¤U¤TºØ¦b¥Ø«e Unix ¨t²Î¤¤³Ì³Q¼sªxÀ³¥Î¨ìªº°õ¦æÀɮ榡¡G
</para>
<note>
<para>¦b FreeBSD 3.x ¤§«e¡AFreeBSD ¨Ï¥Î a.out ®æ¦¡¡C</para>
</note>
<itemizedlist>
<listitem>
<para>&man.a.out.5;</para>
<para>³o¬O³Ì¦­¡A¦P¬O¤]¬O <quote>³Ì¨å«¬</quote> ªºUnix¥ØªºÀÉ
®æ¦¡¡C³oºØ®æ¦¡ªºÀɮרϥΤ@ºØµu¥Bºò±KªºÀÉÀY¡A¦P®É¡A¦ñÀHµÛ¤@
­ÓÅ]³N¼Æ¦r¥Î¨Ó¿ëÃѮ榡¡C(°Ñ¦Ò &man.a.out.5; ¦³§ó¦h¸Ô²Óªº»¡
©ú)¡C¥¦¥]§t¦³¤T­Ó¸`°Ï¡G .text .data ¤Î .bss ¥[¤W¤@­Ó²Å¸¹ªí
¤Î¦r¦êªí¡C</para>
</listitem>
<listitem>
<para><acronym>COFF</acronym></para>
<para>SVR3¥ØªºÀɮ榡¡CÀÉÀY¥]§t¤F¤@­Ó¸`°Ïªí¡A©Ò¥H¥i¥H¨ã³Æ¤ñ
.text .data .bss ÁÙ¦hªº¸`°Ï¡C</para>
</listitem>
<listitem>
<para><acronym>ELF</acronym></para>
<para>ELF¬° <acronym>COFF</acronym> ®æ¦¡ªº«áÄ~ªÌ¡A¥D­nªº¯S¼x¬°
¥i¥H¨ã¦³½Æ¼Æ¸`°Ï¬q¡A¨Ã¥i¥H¨Ï¥Î32-bits©Î¬O64-bitsªº¼Æ­È¡C
¥D­nªº¯ÊÂI¬°¡G <acronym>ELF</acronym> ®æ¦¡¬O¦b¨C­Ó¨t²Î¤¤¥u
·|¦³¤@ºØ ABI ªº°²³]¬°«eÃD³Q³]­p¥X¨Óªº¡C¦ý¬O¡A¦b¨Æ¹ê¤W¡A³o­Ó
°²³]¿ùªºÂ÷ÃСC¦]¬°¡AÁa¨Ï¦b°Ó¥Îªº SYSV ¥@¬É¸Ì¡A¤]¦Ü¤Ö¦³ SVR4¡A
Solaris ©M SCO ¤TºØ ABI¡C</para>
<para>Ķµù¡GABI(Application Binary Interface)¡C¦pªG¤@©w­n½Ķ¡A
´N¥s¥¦ <emphasis>À³¥Îµ{¦¡¤G¶i¦ì¤¶­±</emphasis> ¦n¤F¡C ABI³Qµo
®i¥X¨Óªº¥Î·N¡A¬O¬°¤F«P¨Ï¦b¬Û¦PCPU©Òµo®i¥X¨ÓªºÀ³¥Îµ{¦¡¡A¯à°÷
¦b¤£¦Pªº¨t²Î¤W¡A§@¨ì¤G¤¸ÀÉ(Binary Code)¬Û®e¡C¤ñ¤è»¡¡A
<acronym>Sun</acronym> ©Ò´£¥Xªº <acronym>Solaris ABI</acronym>
¡A«OÃÒ°õ¦æÀɯà°÷¦b¬Û¦P CPU ªº Solaris ¨t²Î¤W°õ¦æ¡A¥t¤@­Ó¨Ò¤l¬O
Windows ¨t²Î¡C¦PÄÝ©ó Intel x86 ª©¥»ªº°õ¦æÀɯà°÷¦Û¥Ñªº¦bWindows
9x/me¤ÎWindows NT/2k/XP¤§¶¡°õ¦æ¡C</para>
<para>FreeBSD´£¨Ñ¤@­Ó¤½¥Îµ{¦¡±Nµ{¦¡©Ò»ÝªºABI¸ê°T¯O¤W¡AÂǦ¹¸ÕµÛ
¥h¸Ñ¨M³o­Ó°ÝÃD¡C½Ð°Ñ¦Ò &man.brandelf.1; ¥H¨ú±o§ó¦h¸ê°T¡Ci
</para>
</listitem>
</itemizedlist>
<para>FreeBSD ¨Ó¦Û <quote>¶Ç²Î</quote> ªº°}Àç¡C¦b¶Ç²Î¤W¡AFreeBSD³£
¨Ï¥Î &man.a.out.5; ®æ¦¡¡A³o¼Ëªº§Þ³N¦b¦n´X¥Nªº BSD ³£³QÃÒ©ú¬O¥i¾aªº¡C
ÁöµM¡A¦bFreeBSD¤W¥i¥H«Ø¥ß¥H¤Î¥¿½Tªº°õ¦æ­ì¥Í <acronym>ELF</acronym>
®æ¦¡ÀÉ®×(¥]§t®Ö¤ß)¡CµM¦Ó, FreeBSD¦b¤@¶}©l¤Ï¹ï±N¹w³]®æ¦¡Âà´«¬° ELF¡A
¬°¤°»ò©O¡H·íLinux¶}©lµh­WªºÂà´«¦Ü <acronym>ELF</acronym> ®æ¦¡®É¡A
¨Ã«D¬O¬°¤F­n°kÂ÷ <filename>a.out</filename> ®æ¦¡¡C¬Û¤Ïªº¡A³o¬O¦]
¬°¤§«e Linuxªº¦@¨É¨ç¦¡®w(shared libraries)±Ä¥Î¥H¸õÅDªí®æ
(jump-table)¬°°ò¦ªº§Þ³N¥h³]­p¡C³o¬O¤@ºØÅýµo®iªÌ·P¨ì§xÂZ¡A¥B«D±`
Ãø¥H¨Ï¥Î¡A¤£¨ã¨¬°÷¼u©Êªº¤èªk¡C¬JµM¡A¤w¸g¦s¦bªº
<acronym>ELF</acronym> ¤u¨ã´£¨Ñ¤F¦@¨É¨ç¦¡®w(shared libraries)ªº¸Ñ
¨M¤è®×¡A¦Ó¥B¡A¨º¬Ý°_¨Ó¬O­Ó <quote>«e½Ãªº¤èªk</quote>¡A¦]¦¹¡A©Ò»Ý
ªºÂà´«¥N»ù´N¥i±µ¨ü¦]¦ÓÂà´«¡C</para>
<para>¦bFreeBSDªºª¬ªp¤¤¡A§Ú­Ìªº¦@¨É¨ç¦¡®w(shared libraries)¾÷¨î©M
<application>SunOS</application> ªº«¬¦¡«D±`¬Ûªñ¡A¥B©ö©ó¨Ï¥Î¡CµM¦Ó¡A
±q 3.0 ¶}©l¡AFreeBSD ¥¿¦¡±N <acronym>ELF</acronym> §ï¬°¹w³]®æ¦¡¡C
ÁöµM¡A<filename>a.out</filename> ®æ¦¡¨Ì¦p¥H©¹¯ëªº¦n¡A¦ý¬O¡A§Ú­Ì
½sĶ¤u¨ãªº¼¶¼gªÌ¡AGNU ªº¦¨­û¡A¥L­Ì¤¤¤î¤F¹ï
<filename>a.out</filename> ®æ¦¡ªº¤ä´©»PºûÅ@¡C¦b³oºØª¬ªp¤U¡A­¢¨Ï
§Ú­Ì¥²¶·¦Û¦æºûÅ@¥t¤@¥÷ª©¥»ªº compiler ©M linker¡A¤]¨Ï±o§Ú­ÌµLªk
±q³Ì·sªº GNU µo®i¦¨ªG¤¤Àò±o¦n³B¡C¦¹¥~¡A¹ï ISO-C++ ªº»Ý¨D¡A¤×¨ä¬O
«Øºc¤l(constructors)©M¸Ñºc¤l(destructors)¡A¤]±a°Ê¥¼¨Óª©¥»¤¤¹ï
<acronym>ELF</acronym> ªº­ì¥Í¤ä´©¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="binary-formats">
<para>¬Oªº, ¦ý¬O, ¬°¤°»ò·|¦³³o»ò¦h¤£¦P®æ¦¡ªº°õ¦æÀɦs¦b©O?</para>
</question>
<answer>
<para>¦b¶Â·t¦Ó»»»·ªº¹L¥h¡A¶È¦³Â²­®ªºµwÅé¦s¦b¡C¦Ó¦]¬°µwÅé²­®¡A·íµM¤]
¥u¯à°õ¦æ¤p¦Ó²³æªº¨t²Î¡Ca.out ®æ¦¡¬O°ò©ó¨º­Ó®É¥N©Ò»Ý­n¡A¦Ó³Q³Ð³y
¥X¨Óªº(¨Ò¦p¹³PDP-11)¡C¦b³o¤§«á¡A³\¦h¤H¸ÕµÛ±N Unix ²¾´Ó¨ì¨ä¥L¥­¥x
®É¡A¥L­Ì¤]«O¯d¤F a.out ®æ¦¡ªº°õ¦æÀÉ¡C¦]¬°¡A³o¹ï¦­´Áªº Motorola 68k¡A
VAXen ¤§Ãþªº¨t²Î¤w¸g¨¬°÷¨Ï¥Î¤F¡C</para>
<para>µM¦Ó¡A¤H¨Ã¤£·|º¡¨¬©ó²{ª¬¡C¤@¨ÇÁo©úªºµwÅé¤uµ{®v·Q¨ì¤F¡A¦pªG¯à
Åý³nÅé¦h³B²z¤@¨Ç¨Æ¡A¨º CPU ªº¹q´¹Åé¼Æ´N¯à¤Ö¤@ÂI¡A¨Ã¥B¶]±o§ó§Ö¡C­n
¦b³oºØ·s¦¡ªºµwÅé¤W¤u§@(²{¦bºÙ¬°RISC)¡A<filename>a.out</filename>
³oºØ®æ¦¡´N¤£¦X¾A¤F¡C°ò©ó³o¼Ëªº²{¹ê©Ò»Ý¡A§ó¦hªº°õ¦æÀɮ榡³Qµo®i¥X
¨Ó¡A¥H´£¨Ñ¤ñ²³æ¥B¨ü¨ì³\¦h­­¨îªº <filename>a.out</filename> ®æ¦¡
§ó¦nªº®Ä¯à¡C¤ñ¤è¹³¬O <acronym>COFF</acronym>¡A
<acronym>ECOFF</acronym>¡A¤w¤Î¤@¨Ç¸û¤£¬°¤H©Ò©Pª¾ªº®æ¦¡¯É¯É³Q³Ð³y
¥X¨Ó¡C¦ý¬O¡A³o¨Ç®æ¦¡³£¤w¹F¨ì¦U¦Ûªº·¥­­¡Aª½¨ì¦³¤@¤Ñ
<acronym>ELF</acronym> ªº¥X²{¡C</para>
<para>¦¹¥~¡A·íµ{¦¡ªºÅé¿n¶V¨Ó¶V¤j¡A¦ÓºÏºÐªÅ¶¡©M¥D°O¾ÐÅé¬Û¹ï¨Ó»¡³£¸û
¤p®É¡A¦@¨É¨ç¦¡®w(shared libraries)ªºÆ[©À³Qµo®i¥X¨Ó¤F¡C¦b³o¦P®É¡A
µêÀÀ°O¾ÐÅé¨t²Î(VM System)¤]Åܱo¶V¨Ó¶Vºë¥©¡C·í¨C¤@ºØ¶i¨B³£¦b
<filename>a.out</filename>®æ¦¡¤W³Qµo®i¥X¨Ó®É¡A¥¦ªº¥i¥Î©Ê¤]¦P®ÉÅÜ
±o¶V¨Ó¶V§C¡C¥t¥~¡A¤H­ÌÁ٧Ʊæµ{¦¡¯à¦b°õ¦æ´Á¶¡°ÊºA¸ü¤J¡A©Î¬O±N¤w¸g
°õ¦æ¹L¥B¨S¦³¥Îªºªì©l¤Æµ{¦¡½X¥á±ó¡AÂÇ¥H¸`¬Ù§ó¦hªº°O¾Ð¡Cµ{¦¡»y¨¥¦b
³o­Ó®É´Á¤]«K±o§óºë¥©¡A¤H­Ì¤]§Æ±æ¦b main ¤§«e¦Û°Êªº°õ¦æ§ó¦hªºªF¦è¡C
¦]¦¹¡A³\¦hÁcÂø¥B¥t¤H¹Ä¬°Æ[¤îªº§Þ¥©³Q¥Î¦b <filename>a.out</filename>
®æ¦¡¤W¥h¸Ñ¨M³o¨Ç°ÝÃD¡C¦ý¬O¡A¥Ñ©ó <filename>a.out</filename> ®æ¦¡
¥ý¤Ñªº­­¨î¡A­n¸Ñ¨M³o¨Ç°ÝÃD¥²»Ý¥I¥X§ó¦hªº¥N»ù¤Î®É¶¡¦¨¥»¡A¨ÃÅýµ{¦¡
ªº½ÆÂø«×¤j¬°´£¤É¡C¦Ó <acronym>ELF</acronym> ®æ¦¡¥i¥H¤@Á|¸Ñ¨M³o¤@
¤Á°ÝÃD¡C¦ý¬O¡A­n±N¾ã­Ó¨t²Î±q®Ú¥»Âà´«¹L¥h¡A±N·|¦³¤£µuªº°}µh´Á¡A¦]
¦¹¡A <acronym>ELF</acronym>®æ¦¡±N·|¦³¤@°}¤l»P
<filename>a.out</filename> ¨Ã¦s¡C</para>
<para>µM¦Ó¡AÀHµÛ®É¶¡ªº¹L¥h¡AFreeBSDªº build tools ºt¤Æ¦¨¥­¦æªº¨â­Ó
¤ä½u(¤×¨ä¬O²ÕĶ¾¹©M¸ü¤J¾¹)¡CFreeBSD³o±ø¸ô¥[¶i¤F¦@¨É¨ç¦¡®w
(shared libraries)¨Ã­×¥¿¤F¤@¨Ç¿ù»~¡C¦Ó­ì¨Óµo®i³o¨Çµ{¦¡ªº GNU ¦¨­û
«h¬°¤F¦]À³²{ªp¡A­«¼g¤F³o¨Çµ{¦¡¡A¥H§ó²³æªº¤è¦¡¹ï¸ó¥­¥x½sĶ
(building cross compilers)¡A¥H¤Î¦hºØ®æ¦¡
(plugging in different formats) §@¥X¤F¤ä´©¡C³\¦h¤H·Q§@¥X¥H FreeBSD
¬°¥Øªº¥­¥xªº¸ó¥­¥x½sĶ¾¹¡C¦ý¤£©¯ªº¬O¡AFreeBSD ªº as ©M ld ¤£¯à§@
³o¶µ¤u§@¡C·sªº GNU ¤u¨ãµ{¦¡¥[¤J¤F¸ó¥­¥x½sĶ (Cross Compiler)¡A
<acronym>ELF</acronym>®æ¦¡¤ä´©¡A¦@¨É¨ç¦¡®w(shared libraries)¡A
C++ ªºÂX¥R... µ¥µ¥¡C¦¹¥~¡A³\¦h¼t°Ó¥H <acronym>ELF</acronym> ®æ¦¡
µo¦æ¨ä²£«~¡A¦pªG³o¨ÇªF¦è¯à¦b FreeBSD ¤W°õ¦æªº¸Ü·íµM¬O³Ì¦nªº¡C¬JµM¡A
¯à°÷°õ¦æ <acronym>ELF</acronym> ®æ¦¡ªº°õ¦æÀɤF¡A¬°¤°»òÁÙ¶·­n
<filename>a.out</filename> ©O¡H¥¦¤w¸g¬O¤@¤Ç««««¦Ñ¨oªº°¨¤F¡A¦bºÜ¤O
ºÉ©¾ªº©^Äm³o»ò¦h¦~¤§«á¡A¸Ó¬OÅý¥¦¦bªª³õªÎ¨Uªº¯ó¦a¤W¦n¦n¥ð®§ªº®É­Ô
¤F¡C</para>
<para><acronym>ELF</acronym> ®æ¦¡¤ñ a.out ¨ã¦³§ó¨}¦nªº®i²{¯à¤O¡A¨Ã
¥B¦b©³¼h¨t²Î¤¤¨ã¦³§ó¦hªº¥iÂX®i©Ê¡C<acronym>ELF</acronym> ¤u¨ãµ{¦¡
§ó®e©ö³QºûÅ@¡A¥B´£¨Ñ¸ó¥­¥x½sĶªº¤ä´©¡A³o¤@ÂI¹ï«Ü¦h¤H¨Ó»¡¬O«Ü­«­n
ªº¡C<acronym>ELF</acronym> ®æ¦¡¥i¯à¤ñ a.out ºC¤@ÂI¡A¦ý¬O¨ä®t²§«D
±`Ãø´ú¶q¥X¨Ó¡C³o¨âªÌ¶¡ÁÙ¦³³\¦h²Ó¸`¤Wªº¤£¦P¡A¤ñ¤è»¡¤À­¶¹ïÀ³ªº¤è¦¡¡A
µ{¦¡½Xªì©l¤Æªº¤èªk...µ¥µ¥¡C³o¨Ç¨Ã¤£¬O«Ü­«­n¡A¦ý¬O¡A¨âªÌ´N¬O¤£¦P¡C
¥H«á¡AGENERIC ®Ö¤ß(kernel)±N·|²¾°£¹ï <filename>a.out</filename>
®æ¦¡¡C·í¤£¦b¦³°õ¦æ¶Ç²Î <filename>a.out</filename> µ{¦¡ªº¶·­n®É¡A
±N·|±q®Ö¤ß(kernel)¤¤²¾°£¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="chmod-symlinks">
<para>¬°¬Æ»òchmod¤£·|§ïÅܲŸ¹³sµ²(symlink)ªº¦s¨úÅv­­¡H</para>
</question>
<answer>
<para>Symlinks ¥»¨­¨Ã¨S¦³¦s¨úÅv­­¡A¦P®É¡A¦b¹w³]ªºª¬ªp¤U¡A
&man.chmod.1; ±N¤£·|¸òÀHµÛ symlinks ¥h§ï«K¥Ø¼ÐÀɮתº¦s¨úÅv­­¡C¦]¦¹¡A
¦pªG§A¦³¤@­ÓÀÉ®× <filename>foo</filename>¡A¦P®É¡A¦³¤@­Ó symlink
<filename>bar</filename> «ü¦V³o­ÓÀɮסA¥H¤U³o­Ó©R¥O±N¥Ã»··|¦¨¥\
ªº³Q°õ¦æ¡C</para>
<screen>&prompt.user; <userinput>chmod g-w bar</userinput></screen>
<para>µM¦Ó¡A¦b <filename>foo</filename> ¤Wªº¦s¨úÅv­­±N¤£·|³Q§ï
ÅÜ¡C</para>
<para>§A¥²»Ý¨Ï¥Î <option>-H</option> ©Î¬O±N <option>-L</option>
»P <option>-R</option> ¿ï¶µ¤@°_¨Ï¥Î¡A°Ñ¦Ò &man.chmod.1; ¥H¤Î
&man.symlink.7; ¥H¨ú±o§ó¦hªº¸ê°T¡C</para>
<warning>
<para>¨Ï¥Î¿ï¶µ <option>-R</option> ·|Åý &man.chmod.1; ¥H
<acronym>»¼°j(RECURSIVE)</acronym> ªº¤è¦¡¤u§@¡C·í§A§â
&man.chmod.1; ¥Î¦b¥Ø¿ý©Î¬O³sµ²¨ì¥Ø¿ýªº²Å¸¹³sµ²®É§ó­n¤p¤ß¡C
¦pªG§A­n§ïÅܤ@­Ó²Å¸¹³sµ²°Ñ¦Ò¨ìªº¥Ø¿ý¤§¦s¨úÅv­­ &man.chmod.1; ¡A
¥Bª`·N¤£­n¥[¤W¥ô¦ó¿ï¶µ¡A¨Ã¥B¦b symlink ªºµ²§À¥[¤W±×½u
(<filename>/</filename>)¡CÁ|¨Ò¨Ó»¡¡A¦pªG
<filename>foo</filename> ³sµ²¨ì¥Ø¿ý <filename>bar</filename>¡A
¦Ó§A­n§ó§ï <filename>foo</filename> (¹ê»Ú¤W¬O
<filename>bar</filename>)¡A¨º´N¨Ï¥Î¡G</para>
<screen>&prompt.user; <userinput>chmod 555 foo/</userinput></screen>
<para>µ²§Àªº±×½u·|¨Ï±o &man.chmod.1; §ïÅÜ
<filename>foo</filename> ©Ò«ü¦Vªº¥Ø¿ý <filename>bar</filename>
ªºÅv­­¡C</para>
</warning>
</answer>
</qandaentry>
<qandaentry>
<question id="login-8char">
<para>¬°¤°»ò¦b FreeBSD 2.2.x ¤Î§ó¦­ªºª©¥»¤¤¡Aµn¤J¦WºÙ(login names)
³Q­­¨î¦b¤K­Ó¦r¤¸¥H¤U©O¡H</para>
</question>
<answer>
<para>§A¥i¯à»{¬°­×§ï <literal>UT_NAMESIZE</literal> «á¦b­«·s½sĶ¾ã­Ó
¨t²Î¬O«Ü®e©öªº¨Æ¡C¦Ó¥B¦b³o¤§«á¡A¨C¥ó¨Æ³£¥i¥H¹B§@ªº«Ü¦n¡C¤£©¯ªº¬O¡A
¦³³\¦hªºµ{¦¡©M¤u¨ã(¥]§t¨t²Î¤u¨ã)§â¼Æ¦r¼g¦º¦bµ{¦¡¸ÌÀY(¨Ã«DÁ`¬O
<literal>8</literal> ©Î <literal>9</literal>¡A¦³®É¥i¯à¬O¥j©Çªº
<literal>15</literal> ©Î <literal>20</literal>)¡C³o¤£¶È¶È¬O·|±N
§Aªº¨t²Î°O¿ýÀɧËÃa¦Ó¤w(¨Ó¦Û©óÅܰʪø«×©M©T©wªø«×°O¿ýªº®t²§)¡A¦P®É
¤]·|¯}Ãa Sun ªº NIS Client ªº¹B§@¡C¦P®É¡A©M¨ä¥LªºUnix¨t²Î¤§¶¡¤]
¦³¥i¯à·|²£¥Í¥¼ª¾ªº°ÝÃD¡C</para>
<para>¦bFreeBSD 3.0 ¤Î¤§«áªºª©¥»¡A±b¸¹ªº³Ì¤jªø«×¼W¥[¨ì16­Ó¦r¤¸¡A
¦P®É¡A¨º¨Ç±Nªø«×¼g¦ºªºµ{¦¡¤]³Q§ä¥X¨Ó¨Ã§@¤F¾A·íªº­×¥¿¡C¥¿¦]¬°¼vÅT
¨t²Îªº½d³ò«Ü¼s¡A©Ò¥Hª½¨ì3.0ª©¤§«á¤~ºâ¤j­P­×¥¿§¹¦¨¡C</para>
<para>¦pªG§A¦³¦Û«H¦b¥X°ÝÃDªº®É«á¯à¦Û¦æ¸Ñ¨M¡A§A¥i¥H§Q¥Î¤U­±ªº¤èªkÅý
¸û¦­´Áªºª©¥»¤ä´©¸ûªøªº±b¸¹¡C­º¥ý¡A­×§ï
<filename>/usr/include/utmp.h</filename> ¤¤ªºUT_NAMESIZE¡C
µM«á¡A§A¥²¶·§â <filename>/usr/include/sys/param.h</filename>
¤¤ªº MAXLOGNAME §ï¦¨¸ò UT_NAMESIZE ¬Û¦P¡C³Ì«á¡A¦pªG§A¬O±q­ì©lµ{
¦¡«Ø¥ß¨t²Î, §O§Ñ¤F /usr/include ¨C¦¸³£·|³Q§ó·s¡C
­×§ï /usr/src/.. ¤¤¾A·íªºÀɮסC</para>
</answer>
</qandaentry>
<qandaentry>
<question id="dos-binaries">
<para>§Ú¯à¦bFreeBSD¤U°õ¦æDOSµ{¦¡¶Ü¡H</para>
</question>
<answer>
<para>¬Oªº¡A¦Û3.0ª©°_§A¥i¥H¨Ï¥ÎBSDIªº
<application>doscmd</application> DOS ¼ÒÀÀ¾¹¡A¦pªG§A¹ï³o­ÓªF¦è
¦³¿³½ì¡A©Î¬O·Q¥[¤Jµo®i¦æ¦C¡A½Ð±H¤@«Ê¹q¤l¶l¥ó¨ì &a.emulation; ¡C
</para>
<para>¹ï©ó3.0¤§«eªº¨t²Î¡A¦b ports ¤¤¦³¤@®M³nÅé¥i¥H¼Òèö 8088¡A¨Ã´£
¨Ñ¨¬°÷ªºBIOS¤¤Â_ªA°È¥H°õ¦æDOS¤å¦r¼Ò¦¡ªºµ{¦¡¡A³o®M³nÅé¥s°µ
<application>pcemu</application>¡A¦P®É¡A¹B¦æ¥¦¶·­n
X Windows(¥ÑXFree86´£¨Ñ)¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="translation">
<para>¦pªG­n§âFreeBSD¤å¥ó½Ķ¦¨§Úªº¥À»y¡A§Ú»Ý­n§@¤°»ò¡H</para>
</question>
<answer>
<para>°Ñ¾\FreeBSD¤å¥ó¤¤ªº <ulink
url="../fdp-primer/translations.html">½Ķ±`¨£°Ýµª</ulink>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="freebsd-mail-bounces">
<para>¬°¤°»ò§Ú±H¨ì FreeBSD.org ¬ÛÃö¦a§}ªº¹q¤l¶l¥ó³£³Q°h¦^¤F©O¡H</para>
</question>
<answer>
<para>FreeBSD.org ªº¶l¥ó¨t²Î¹ï©ó¶i¨Óªº¶l¥ó±Ä¨úÄY®æªºÀˬd¡A¨Ã¥B°h¦^
©Ò¦³³]©w¤£¥¿½T¡A©Î¬O¼ç¦bªº©U§£¶l¥ó¡C§Aªº¶l¥ó³Q°h¦^¥i¯à¬O¦]¬°¤U¦C
­ì¦]©Ò¤Þ°_¡G</para>
<itemizedlist>
<listitem>
<para>³o«Ê¹q¤l¶l¥ó¨Ó¦Û¤wª¾ªº©U§£¶l¥ó°Ï°ì©Î¬OIP¤¤¡C</para>
<para>FreeBSD¶l¥ó¦øªA¾¹±N©Úµ´±µ¦¬¤wª¾ªº©U§£¶l¥ó¨Ó·½ªº¹q¤l¶l¥ó¡C
¦pªG´£¨Ñ§Aºô¸ôªA°Èªº¤½¥q©Î¬Oºô°ì¤¤¦³²£¥Í¹L©U§£¶l¥ó©Î¬O¦³©U§£
¶l¥óÂ༽¯¸¡A½Ð§A´«¤@­ÓªA°È´£¨ÑªÌ¡A©Î¬O°®¯Ü©ñ±ó¡C</para>
</listitem>
<listitem>
<para>¹q¤l¶l¥óªº¥»¤å¶È¦³HTML¡C</para>
<para>¶l¥óÀ³¸Ó¤w¯Â¤å¦r®æ¦¡µo°e¡A½Ð³]©w§Aªº¹q¤l¶l¥ó³nÅé°e¥X¯Â¤å
¦r®æ¦¡¡C</para>
</listitem>
<listitem>
<para>FreeBSDªº¶l¥ó³B²zµ{¦¡µLªk¥ÑIP¤Ï¬d°e¥ó¥D¾÷ªºIP¡C</para>
<para>³]¸m DNS ¤Ï¬d¬O±µ¨ü¤@¥x¥D¾÷¶l¥óªº¤@­Ó¼Ð·Ç­n¨D¡A½Ð¬°±zªº¶l¥ó
¥D¾÷³]¸m DNS ¤Ï¬d¡C³\¦h´£¨Ñ®a®xºô¸ôªA°È (DSL¡Acable¡Adialup µ¥)
ªº¤½¥q¨Ã¤£´£¨Ñ³o¼ËªºªA°È¡C¦b³oºØ±¡ªp¤U¡A½Ð³z¹Lºô¸ôªA°È´£¨ÑªÌªº
¶l¥ó¦øªA¾¹°e¥X±zªº¹q¤l¶l¥ó¡C</para>
</listitem>
<listitem>
<para>¦b SMTP ¨Ï¥Î EHLO/HELO ©R¥O®É©Òµ¹¤©ªº hostname µLªk³Q¸ÑªR¨ì
¤@­Ó IP ¦ì¸m¡C</para>
<para>¦b¶l¥ó³Q±µ¨ü¥H«e¡A¤@­Ó¥R¤À¦X®æ¡A¥B¥i³Q¸ÑªRªº¥D¾÷¦WºÙ¦b
SMTP ¨ó©wªº¹ï½Í¤¤¬O¥²­nªº¡C¦pªG§A¨S¦³¦b DNS ¦øªA¾¹¤¤µn°O§A
ªº¥D¾÷¦WºÙ¡A½Ð³z¹Lºô¸ôªA°È´£¨ÑªÌªº¶l¥ó¦øªA¾¹°e¥X±zªº¹q¤l¶l
¥ó¡C</para>
</listitem>
<listitem>
<para>§Aªº°T®§¤¤§¨±aµÛ¤@­Ó message ID ¥H <quote>localhost</quote>
¦r¦êµ²§ô¡C</para>
<para>¬Y¨Ç¶l¥ó³nÅé²£¥Í¬Y¨Ç¤£¥¿½Tªº message ID¡A³o±N¤£³Q±µ¨ü¡C
§A¥²»Ý§ó§ï³]©wÅý§Aªº¶l¥ó³nÅé²£¥Í¥¿½Tªº message ID¡A¦pªG³oµL
ªk¸Ñ¨M¡A¦Ò¼{»¡ªA§Aªº¶l¥ó³nÅé§@ªÌ§ó·sµ{¦¡¥H³B²z³o­Ó°ÝÃD¡C</para>
</listitem>
</itemizedlist>
</answer>
</qandaentry>
<qandaentry>
<question id="free-account">
<para>§Ú¥i¥H¦b­þ¸Ì§ä¨ì¤@­Ó§K¶OªºFreeBSD±b¸¹¡H</para>
</question>
<answer>
<para>FreeBSDªº¦øªA¾¹¥»¨­¤£´£¨Ñ¥ô¦ó¹ï¥~ªºªA°È¡A¨ä¥Lªº³æ¦ì¤¤¡A
¦³¤H´£¨Ñ¶}©ñªº Unix ¨t²ÎªA°È¡C¨ä¤¤¦³¨Ç¥i¯à­n¦¬¨ú¨Ç³\¶O¥Î¡C</para>
<para><ulink URL="http://www.arbornet.org/">Arbornet, Inc</ulink>¡A
¤]³QºÙ¬° M-Net¡A¦Û 1983 ¦~°_´N¶}©l´£¨Ñ Unix ¨t²ÎªA°È¡C¤@¶}©l¡A
¥L­Ì¨Ï¥Î Altos ¨Ã°õ¦æ System III¡C¥L­Ì¦b 1991 ¦~Âà´«¨t²Î¦¨¬°
BSD/OS¡C¦b 2000 ¦~¤»¤ë¡A¥L­Ì¦A«×§ó´«¦¨¬° FreeBSD¡CM-Net ¯àÅý¨Ï
¥ÎªÌ³z¹L SSH ¤Î telnet ³s½u¨ì¥D¾÷¡A¨Ã´£¨Ñ§¹¾ãªº FreeBSD ³nÅé¥H
¨Ñ¨Ï¥Î¡CµM¦Ó¡AM-Net §@¬°¤@­Ó«D¬Õ§Q²Õ´¹B¦æ¡A¦s¨úÅv¥u­­©ó¦¨­û©M
ÃÙ§UªÌ¡AM-Net ¤]´£¨Ñ BBS ¨t²Î©Mºô¸ô²á¤ÑªA°È¡C</para>
<para><ulink URL="http://www.grex.org/">Grex</ulink> ´£¨Ñ¤F«D±`
Ãþ¦ü M-Net ªºªA°È¡A¥]¬A¤F BBS ¨t²Î©Mºô¸ô²á¤Ñ¡CµM¦Ó¡A¾÷¾¹¬O¨Ï¥Î
Sun 4M¡A¨Ã°õ¦æ SunOS¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="sup-define">
<para>¤°»ò¬O <command>sup</command>¡A§Ú¸Ó¦p¦ó¨Ï¥Î¥¦¡H</para>
</question>
<answer>
<para><ulink URL="http://www.FreeBSD.org/cgi/ports.cgi?^sup">
SUP</ulink> ªº·N«ä¬O Software Update Protocol¡A¥Ñ CMU µo®i¡A
¥Î¨Óºû«ù¾ã­Óµo®iªº¦P¨B¡C§Ú­Ì§Q¥Î¥¦«O«ù»·ºÝªº¯¸¥x©M­ì©l¯¸¥x¤§¶¡
ªº¦P¨B¤u§@¡C</para>
<para>µM¦Ó¡ASUP ¦bÀW¼eªº¨Ï¥Î¤W¨Ã¤£¤Ó¤Íµ½¡A¦P®É¡A¥Ø«e¤]¤£¦A¨Ï¥Î¤F¡C
¥Ø«e«Øijºû«ù­ì©l½X¦P¨B§ó·sªº¤èªk¬O
<ulink URL="../handbook/synching.html#CVSUP">CVSup</ulink>¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="daemon-name">
<para>³o­Ó¥i·Rªº¤p¬õ¤Hªº¦W¦r¬O¤°»ò¡H</para>
</question>
<answer>
<para>¦ü¥G¡A¥L¨Ã¨S¦³¤@­Ó¥¿¦¡ªº¦W¦r¡A©h¥B´NºÙ¨ä¬°
<quote>BSD ¤p´cÅ]</quote> §a¡C¦pªG§A°õ·N­n¨Ï¥Î¤@­Ó¦W¦r¡C¨º´N¥s¥L
<quote>¤p°Êª«(beastie)</quote> §a¡Cµù¡G<quote>beastie</quote>
¦bŪ­µ¤W¸ò <quote>BSD</quote> «Ü±µªñ¡C</para>
<para>§A¥i¥H¦bBSD¤p´cÅ]ªº <ulink
url="http://www.mckusick.com/beastie/index.html">¥D­¶</ulink>
¤W¨ú±o§ó¦hªº¸ê°T¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="use-beastie">
<para>§Ú¯à¨Ï¥ÎBSDªº¤p´cÅ]¹Ï®×¶Ü¡H</para>
</question>
<answer>
<para>¤]³\§a¡A§Ú¤]¤£½T©w¡CBSD¤p´cÅ]¹Ï®×ªºª©Åv¬OÄÝ©ó°¨·²º¸Ä¬®æÄõ±Ð·|
(Marshall Kirk McKusick)©Ò¾Ö¦³¡C§A¥i¥H¸ÕµÛ¥h¬d¬Ýºô­¶<ulink
url="http://www.mckusick.com/beastie/mainpage/copyright.html">±Ô­zÃö©óBSD¤p´cÅ]¨v¹³</ulink>
¥H¨ú±o§ó¸Ô²ÓÃö©ó¨Ï¥Î¥Lªº¸ê°T¡C</para>
<para>Á`Âkªº¨Ó»¡¡A¦pªG§A¯Âºé¬°¤F¦Û¤v·Q­nŲ½à¡A¨º»ò¡A§A¥i¥H¦Û¥Ñªº¨Ï
¥Î¨v¹³¡C¦pªG§A¬O­Ó¤H¨Ï¥Î¡A¥u­n±¡ªp¾A·í¡AÀ³¸Ó³£·|³Q³\¥i¡C¦pªG§A·Q
¦b°Ó·~¤W¨Ï¥Î¡A«h§A¥²»ÝÁpôĬ®æÄõ±Ð·|(Kirk McKusick)¥H¨ú±o³\¥i¡C
¦pªG§A»Ý­n§ó¶i¤@¨B¸Ô²Óªº¸ê°T¡A½Ð°Ñ¦Ò <ulink
url="http://www.mckusick.com/beastie/index.html">BSD¤p´cÅ]ªº­º­¶</ulink>¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="daemon-images">
<para>§A¦³¥ô¦óªº BSD ¤p´cÅ]¹Ï®×¥i¥HÅý§Ú¨Ï¥Î¶Ü¡H</para>
</question>
<answer>
<para>§A¥i¥H¦b <filename>/usr/share/examples/BSD_daemon/</filename>
µo²{ eps ¤Î Xfig ¨âºØ®æ¦¡ªº¹ÏÀÉ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="define-MFC">
<para><acronym>MFC</acronym> ¥Nªí¤°»ò·N«ä¡H</para>
</question>
<answer>
<para>MFC ¬O¤@­ÓÁY¼g¡A¥¦¥Nªí¤F <quote>Merged From -CURRENT</quote>¡C
¥¦³Q¨Ï¥Î¦b CVS logs ¤¤¡A¥Hªí¥Ü±q CURRENT ¤¤¾ã¦X¶i STABLE ¤À¤ä
ªº§ïÅÜ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="define-BSD">
<para><acronym>BSD</acronym> ¨s³º¥Nªí¤°»ò·N«ä¡H</para>
</question>
<answer>
<para>¥¦¬O¤@ºØ©Ó¶Ç¦Û¶Â·t®É¥Nªº¥j¦Ñ¯µ±K»y¨¥¡A¶È¶È¦b¤º³¡¦¨­û¤§¤¤¡A
¥H¤f¦Õ¬Û¶Çªº¤è¦¡®¨®¨ªº¬y¶ÇµÛ¡C¥¦¥Î¨Ó¥Nªí¬Y¨Ç¯«¯¦ªºªF¦è¡A¦ý¬O¡A
§Ú­ÌµLªk¹ï³o¨ÇªF¦è¥H½T¹êªº¤å¦r¥[¥H±Ô­z¨Ã¨ã¹³¤Æ¡A¥¦´X¥G¤£§@¥ô¦ó
ªºÂ½Ä¶»P¸ÑÄÀ¡C¦pªGµw¬O­n¥H¤HÃþ²{¦³ªº»y¨¥¥[¥H»¡©ú¡A¥u¯à»¡¥¦ªº·N
«ä¤j·§¤¶©ó <quote>¤@¯Å¤èµ{¦¡Áɨ®(Formula-1 Racing Team)</quote>¡A
<quote>¥øÃZ¬O¬ü¨ýªºÂI¤ß(Penguins are tasty snacks)</quote>¡A¥H¤Î
<quote>§Ú­Ì¤ñLinux§ó¨ã¦³«ÕÀq·P(We have a better sense of humor than Linux)</quote>
³o¤TªÌ¤§¶¡¡C:-)</para>
<para>¦n¤F¡A¤£¸ò§A¶}ª±¯º¤F¡C¥¿½Tªº»¡¡ABSD ¬O
<quote>Berkeley Software Distribution</quote> ªºÁY¼g¡A³o¬O¥Ñ Berkeley
<acronym>CSRG</acronym> (Computer Systems Research Group)
¿ï¨Ó·í§@¥L­Ì©Òµo¦æªº Unix ¦WºÙ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="define-pola">
<para><acronym>POLA</acronym> ¥Nªí¤°»ò·N«ä¡H</para>
</question>
<answer>
<para>³Ì¤ÖÅå³Y­ì«h¡C³o¥Nªí¤F FreeBSD ªºµo®i¹Lµ{¡A¥ô¦óªº§ïÅܨì¤F¨Ï
¥ÎªÌºÝÀ³¸Ó«O«ù¤£Åý¨Ï¥ÎªÌ·P¨ìÅå³Y¡C¤ñ¤è»¡¡A±N
<filename>/etc/defaults/rc.conf</filename> ¤¤ªº¨t²Î±Ò°Ê¶¶§Ç¥ô·N
ªº§ó§ï±N¹H¤Ï³o­Ó­ì«h¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="define-repocopy">
<para>¤°»ò¬O repo-copy¡H</para>
</question>
<answer>
<para>¤@¥÷ repo-copy (¥¦¬O <quote>repository copy</quote> ªºµuªí®æ)
ª½±µ°Ñ¦Ò¨ìCVS­Ü®w¤¤ªºÀɮסC</para>
<para>¨S¦³¤F¤@¥÷ repo-copy¡A¦pªG¤@­ÓÀɮ׶·­n³Q½Æ»s©Î¬O³Q·h²¾¨ì­Ü®w
¤¤ªº¨ä¥L¦a¤è¡A½T»{ªÌ±N·|°õ¦æ <command>cvs add</command> ¥H§âÀÉ®×
©ñ¨ì·sªº¦a¤è¡A¦P®É¡A¹ïÂÂÀÉ®×°õ¦æ <command>cvs rm</command>¡AÂÂÀÉ
®×±N³Q²¾°£¡C</para>
<para>³o­Ó¤èªk¤£§Qªº¦a¤è¬O¡A¾ú¥vÀÉ®×(§Y¦b CVS °O¿ý¤¤)±N¤£·|³Q½Æ»s
¨ì·sªº¦aÂI¡C¦b FreeBSD Project ¤¤¦Ò¼{¨ì¡A³o­Ó¾ú¥v°O¿ý¬O«Ü¦³¥Î³Bªº¡A
¤@­Ó repository copy ¬O¸g±`³Q¥Î¨ìªº¡C³o¬O repository meisters
¤@ª½¨Ï¥Î¨Ó±NÀɮ׽ƻs¶i­Ü®wªº¬yµ{¡A¦Ó«D¨Ï¥Î &man.cvs.1;¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bikeshed-painting">
<para>¬°¤°»ò§Ú¸Ó¦b·N¸}½ñ¨®´×ªºÃC¦â¡H</para>
</question>
<answer>
<para>¤@­Ó³Ìµu³Ìµuªºµª®×¬O¡A§A¤£¸Ó¦b·N¡Cµy·Lªø¤@ÂIªºµª®×¬O¡AÁöµM
§A¦³¯à¤O¦Û¤v¥h«Ø³y¤@®y¸}½ñ¨®´×¡A¦ý¬O¡A³o¤£¥Nªí¦]¬°§A¤£³ßÅw²{¦b³o
­Ó¸}½ñ¨®´×ªºÃC¦â¡A´N¤¤¤î¥Lªº«Ø¿v¡C³o­Ó¤ñ³ëªº·N«ä¬O¡A§A¤£»Ý­n¥hª§½×
¨C¤@­Ó²Ó¶µ¯S¼x¡A¥u¦]¬°§A¦³¿ìªk¥h§@¥¦¡C¬Y¨Ç¤Hªºµû½×¬O¡AÂø­µªº²£¥Í«×
¹ïÅܤƪº½ÆÂø©Ê¬Û¤Ï¦a¤ñ¨Ò¡C</para>
<para>§óªø¥B¸û§¹¾ãªºµª®×¬O¡A¦b¸g¹Lªø®É¶¡ª§½×Ãö©ó¬O§_¸Ó±N &man.sleep.1;
ªº¬í°Ñ¼Æ²¾°£¡A&a.phk;µoªí¤F¤@½gªø½× <quote><ulink
url="http://www.FreeBSD.org/cgi/getmsg.cgi?fetch=506636+517178+/usr/local/www/db/text/1999/freebsd-hackers/19991003.freebsd-hackers">¤@®y¦Û¦æ¨®½´ (¥ô¦óÃC¦âªº)¦b«C¯Üªº¯ó¦a¤W...</ulink></quote>¡C
¨º«h°T®§³Q¾A·íªº³¡¤À³Q¤Þ¥Î¦b¤U­±¡C</para>
<blockquote>
<attribution>&a.phk; on freebsd-hackers, October
2, 1999</attribution>
<para><quote>¤°»ò¬OÃö©ó³o­Ó¸}½ñ¨®´×?</quote> ³¡¤Àªº¤H³o¼Ëªº¸ß
°Ý§Ú¡C</para>
<para>³o¬O¤@­Ó«D±`ªø»·ªº¬G¨Æ¡A§_«h´N¬O¤@­Ó¥j¦Ñªº¬G¨Æ¡C¦ý¬O¨Æ¹ê¤W¡A
³o­Ó¬G¨Æ«D±`ªºµu¡CC. Northcote Parkinson ¦b1960¦~¥Nªì´Á¼g¤F¤@¥»
®Ñ¡A®Ñ¦W¬° <quote>Parkinson's Law</quote>¡A¦b³o¥»®Ñ¤¤¥]§t¤F«Ü¦h
¨ã¦³¨ô¨£ªº°ÊºAºÞ²z¾Ç¡C</para>
<para>[¤Þ­z¤@ÂI¦b³o¥»®Ñ¤Wªºµû½×]</para>
<para>¦b³o­Ó³Q±²¤J¸}½ñ¨®´×®×ªº¯S®í¨Ò¤l¡A¥D­nªº­n¯À¬O®Ö¯àµo¹q³õ¡A
§Ú·Q¡A³o¨¬¥H»¡©ú³o¥»®Ñªº¦~ÄÖ¡C</para>
<para>Parkinson ®i¥Ü¤F§A¸Ó¦p¦ó¦b¸³¨Æ·|¤¤Ä¹±oÃÙ¦P¥h«Ø³y¤@®y¼Æ¦Ê¸U
©Î¬Æ¦Ü¤Q»õ¬ü¤¸ªº®Ö¯àµo¹q³õ¡A¦ý¬O¡A¦pªG§A·Q­n¥h«Ø³y¤@®y¸}½ñ¨®´×¡A
§A±N·|³QªÈÄñ¦bµL½aµLºÉªº°Q½×¤§¤¤¡C</para>
<para>Parkinson ¸ÑÄÀ¡A³o¬O¦]¬°¤@­Ó®Ö¯àµo¹q³õ¬O³o¼Ëªº¼sÁï¡A³o¼Ëªº
©ù¶Q¡A¨Ã¥B³o¼Ëªº½ÆÂø¡A¥H¦Ü©ó¤H­ÌµLªk´x´¤¥¦¡A¦Ó¨Ã«D¹Á¸Õ¡A¥L­Ì«æ
¤Áªº§Æ±æ¦³¤H¯à°÷À°¥L­Ì³B²z¨Ã¸Ñ¨M©Ò¦³º¾¸Hªº²Ó¶µ¡C
Richard P. Feynmann µ¹¤F¤@¨Ç¦³½ì¡A¥B«D±`¤@°w¨£¦åªº½×ÂI¡A¦b¥Lªº
®Ñ´£¨ì¤F Los Alamos ªº¨Ò¤l¡C</para>
<para>¥t¤@¤è­±¡A¥ô¦ó¤H³£¯à¦Û¤v¦b¶g¥½²Õ¸Ë¤@®y¸}½ñ¨®´×¥X¨Ó¡A¨Ã¥B¤´
¦³¶¢²á¥i¥HÆ[½à¹qµø¤Îª±¹CÀ¸¡C¦]¦¹¡AµL½×§A§@¤F¦h»ò§¹µ½ªº·Ç³Æ¡A¤]
¤£ºÞ§A´£¥Xªº¤è®×¬O¦h»òªº¦X©y¡A¬Y¨Ç¤H¤´±N§ì¦í¾÷·|¶]¥X¨Ó§i¶D§A¡A
¥L¥¿¦b§@¦P¼Ëªº¨Æ¡A¥¿¦b¥I¥X§V¤O¡A¥L´N¦b
<emphasis>³o¸Ì</emphasis>¡C</para>
<para>¦b¤¦³Á¡A§Ú­ÌºÙ³o­Ó¥s§@
<quote>ªê¦º¯d¥Ö(setting your fingerprint)</quote>¡C¥¦Ãö«Y¨ì§A
­Ó¤HªºÅº¶Æ©MÁn±æ¡A³oÃö«Y¨ì§A¬O§_¥i¥H«üµÛ¬Y¦a«á¹ïµÛ§O¤H»¡
<quote>³o¸Ì! ³o¬O<emphasis>§Ú</emphasis>§@ªº¡C</quote>
³o¬O¬Fªv¤Hª««Ü­«­nªº¤@­Ó¯S¼x¡C¦ý¬O¡A®É¾÷¬O¤j¦h¼Æ¤H¥Á©Ò½á»Pªº¡C
·Q·Q¨º¨Ç¯d¦b¤ôªd¦a¤Wªº¸}¦L§a¡C</para>
</blockquote>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="funnies">
<chapterinfo>
<author>
<firstname>Edward</firstname>
<surname>Chuang</surname>
<affiliation>
<address><email>edwardc@firebird.org.tw</email></address>
</affiliation>
</author>
</chapterinfo>
<title>The FreeBSD Funnies</title>
<qandaset>
<qandaentry>
<question id="very-very-cool">
<para>How cool is FreeBSD¡H</para>
</question>
<answer>
<para>°Ý¡G¦³¤H°µ¹L FreeBSD °õ¦æ®Éªº·Å«×´ú¸Õ¶Ü¡H §Úª¾¹D Linux
¤ñ DOS ²D¡A¦ý¨SÅ¥¤H´£¹L FreeBSD¡A¦ü¥G«Ü¼ö¡C</para>
<para>µª¡G¨S¦³¡A¦ý¬O¦b¨ýı¤W¦³°µ¹LµL¼Æ¦¸´ú¸Õ¡C§Ú­Ìé¤W¦ÛÄ@¨ü¸ÕªÌªº
²´·ú¡A¨Æ¥ý¦Aµ¹¥L­ÌªA¥Î 250 ²@§Jªº LSD-25 °g¤ÛÃÄ¡C35% ªº¨ü¸ÕªÌ»¡
FreeBSD ¹Á°_¨Ó¹³¾ï¤l¡A¦Ó Linux «h¬Oµµ¦âªººd¾ðªG¹ê¡C¾Ú§Ú©Òª¾¡A¨S
¦³¤@²Õ´£¨ì·Å«×¤W¯S§Oªº®t²§¡C«á¨Óµo²{¡A¦³¤Ó¦h¨ü¸ÕªÌ¦b´ú¸Õ®É¹Ú¹C¨«
¥X©Ð¶¡¼vÅT¨ì¼Æ¾Ú¡A³Ì«á¥u±o©ñ±ó¾ã­Ó½Õ¬d¡C§Ú·Q¤j³¡¥÷ªº¨ü¸ÕªÌ²{¦b¦b
Apple ¤u§@¡AÄ~ Drag and Drop ¤§«á¡A¬ã¨s¥þ·sªº <quote>Scratch and
Sniff</quote> ¹Ï§Î¬É­±¡CIt's a funny old business we're in¡I</para>
<para>¤£¶}ª±¯º¤F¡AFreeBSD ©M Linux ³£¨Ï¥Î <acronym>HLT</acronym>
(halt) «ü¥O¥H¦b¨t²Î¶¢¸m®É­°§C¹q¤Oªº¨Ï¥Î¤]´î¤Ö¤F¼öªº²£¥Í¡C¦pªG¦³
³]©w APM (automatic power management)¡AFreeBSD ¤]¥i¥HÅý CPU ¶i
¤J§C¹q¤O¼Ò¦¡¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="letmeoutofhere">
<para>½Ö¦b§Úªº°O¾ÐÅé´¡¼Ñ¤¤¨F¨F§@ÅT¡H¡H</para>
</question>
<answer>
<para>°Ý¡GFreeBSD ½sĶ®Ö¤ß®É¦³°µ¬Æ»ò <quote>©_¯S</quote> ªº¨Æ
Åý°O¾ÐÅé¨F¨F§@ÅT¶Ü¡H·í½sĶ®É(ÁÙ¦³¶}¾÷®É½T»{³nºÐ«áªºµu¼È®É¶¡)¡A
¤]ºØ¦ü¥G¨Ó¦Û°O¾ÐÅé´¡¼Ñªº©_©ÇÁn­µ¡C</para>
<para>µª¡G¬Oªº¡I¦b BSD ªº¤å¥ó¤¤§A·|±`±`¬Ý¨ì <quote>­I«áÆF</quote>¡A
¤j³¡¥÷ªº¤H³£¤£ª¾¹D¨º¬O¤@ºØ¹ê»Ú¦s¦bªººë¯«Åé --- ´x±±µÛ§Aªº¹q¸£¡C
§AÅ¥¨ìªºÁn­µ¬O³o¨Ç­I«áÆF¥H°ª­µ¤f­ï¦b·¾³q«ç¼Ë°µ³\¦hªº¨t²ÎºÞ²z¤u
§@¡C</para>
<para>¦pªG³o¨ÇÁn­µ«Ü§xÂZ§A¡A¨Ó¦Û DOS ªº
<command>fdisk /mbr</command> ´N¯àÂ\²æ¡A¦ý¦pªG¦³¬Û¤Ïªº®ÄªG
¤]¤£­nÅå³Y¡C¨Æ¹ê¤W¡A¦pªG¦b»ö¦¡¤¤Å¥¨ì Bill Gates ®£©ÆªºÁn­µ±q¤º
«Øªº³â¥z¶Ç¨Ó¡A°¨¤W°k¦Ó¥B¤£­n¦^ÀY¡I ±q BSD ­I«áÆF¤£¥­¿Åªº¼vÅT¤¤
¸Ñ©ñ¡ADOS ©M Windows ­I«áÆF³q±`³£¯à­«·s±±¨î¾ã¥x¾÷¾¹¨Ã¹ï§AªºÆF
»î¶A©G¡C¦pªG¦³¿ï¾Ü¡A§Ú·Q§Ú¹çÄ@²ßºD©_©ÇªºÁn­µ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="changing-lightbulbs">
<para>­n´X­Ó FreeBSD hacker ¤~¯à´«±¼¤@­Ó¹q¿Oªw¡H</para>
</question>
<answer>
<para>¤@¤d¤@¦Ê¤C¤Q¤G­Ó¡G</para>
<para>¤G¤Q¤T­Ó¦b -current ¤W©ê«è¬Ý¤£¨ì¥ú¤F¡F</para>
<para>¥|­Ó«ÅºÙ³o¬O³]©w¤Wªº°ÝÃD¡A©Ò¥H¹³³o¼Ëªº email À³¸Ó©ñ¦b
-questions¡F</para>
<para>¤T­Ó submit PR¡A¨ä¤¤¤@­Ó°e¿ù¨ì doc ¤U¡A¨Ã¥B¤º®e¥u
¦³¡¨³o¸Ì¦n·t¡¨¡F</para>
<para>¤@­Ó commit ©|¥¼´ú¸Õªº¹q¿Oªw¡A³y¦¨¤£¯à buildworld¡A
¤­¤ÀÄÁ«á¥L§â­ì¨Óªº¿Oªw´«¦^¨Ó¡F</para>
<para>¤K­Óº´°_ flame war¡A³d©Ç°e¥X PR ªº¤H¨S¦³¥]¬A patch¡F</para>
<para>¤­­Ó®I«è buildworld Äê±¼¤F¡F</para>
<para>¤T¤Q¤@­Ó»¡ buildworld ¥i¥H¥Î¡A¤£¯à¥Îªº¤H¤@©w¬O cvsup ªº
®É¾÷¤£¹ï¡F</para>
<para>¤@­Ó§â´«¦¨·s¿Oªwªº patch ¥á¨ì -hackers ¤W¡F</para>
<para>¤@­Ó»¡¥L¤T¦~«e´N°µ¥X¤F patch¡A¦ý°e¨ì -current «á«o³Q©¿²¤±¼¡A
©Ò¥H¥L¹ï¾ã­Ó PR ¨t²Î¦³«Ü¤£¦nªº¦L¶H¡C¦¹¥~¡A¥L¤]»{¬°®³¥Xªº·s¿OªwµL
ªk¤Ï¥ú¡F</para>
<para>¤T¤Q¤C­Ó©H­ý»¡¹q¿Oªw¤£ÄÝ©ó°ò¥»¨t²Îªº¤@³¡¥÷¡A©Ò¥H committer
¤£¯à¤£¥ý¿Ô¸ß¾ã­Ó Community ªº·N¨£´N³o¼Ë°µ¤U¥h¡CÁÙ¦³¡A-core
¨ì©³©M³o¥ó¨Æ¦³¤°»òÃö«Y¡H¡I</para>
<para>¨â¦Ê¤H©ê«è´«¿Oªw¤§«á¡A¸}½ñ¨®´×ªºÃC¦âÅܱo¦n©_©Ç¡F</para>
<para>¤T­Ó«ü¥X¡A¥Î¨Ó´«¿Oªwªº patch ¤£²Å¦X &man.style.9; ªº³W©w¡F</para>
<para>¤Q¤C­Ó®I«è®³¥X¨Óªº·s¿Oªw¬°¤°»ò¬O¥Î GPL¡F</para>
<para>¤­¦Ê¤K¤Q¤»¤H³´¤J¤@³õ flame war¡A¦b GPL¡BBSD¡BMIT¡BNPL
¦U­Ó license ©M FSF ¬Y¦ì¤£¨ã¦W³Ð¿ì¤H¤h­Ó¤H½Ã¥Í¤§¶¡¡A¤ñ¸û©¼¦¹
ªºÀu¶Õ¡F</para>
<para>¤C­Ó±N³o¤@¦ê°Q½×ªº¤£¦P³¡¥÷¤À§O²¾¨ì -chat ©M -advocacy¡F</para>
<para>´Nºâ´£¥Xªº·s¿Oªw¤ñªº·t¡AÁÙ¬O¦³¤@­Ó§â¥¦ commit ¶i¨Ó¡F</para>
<para>¨â­Ó´«¦^­ì¥ýªº¿Oªw¡A¨Ã¥B¯d¤U·¥¬°¼««ãªº commit °T®§¡C¥L­Ì»{¬°
»P¨äÅý FreeBSD ¥Î·t¿Oªw¡AÁÙ¤£¦p°®¯Ü«Ý¦b¶Â·t¤¤ºâ¤F¡F</para>
<para>¥|¤Q¤»¤H¹ï¨ú®ø¤£¥Î·t¿Oªw³o¥ó¨Æ¤jÁn¯e©I¡A­n¨D -core
¥ß¨è´£¥X¼á²M¡F</para>
<para>¤Q¤@­Ó­n¨D´«¦¨¤p¤@ÂIªº¹q¿Oªw¡A¥H«K¥¼¨Ó FreeBSD ¦pªG²¾´Ó¨ì
¹q¤lÂû¤W«á·|§ó¬°¤è«K¡F</para>
<para>¤C¤Q¤T¤H©ê«è -hackers ©M -chat ¤Wªº SNR¡AÂÇ unsubscribe
¨Óªí¥Ü§Üij¡F</para>
<para>¤Q¤T­Ó°e¥X¡¨unsubscribe¡¨¡B¡¨§Ú­n¦p¦ó unsubscribe¡¨©Î¡¨«ô°U§â
§Ú±q list ¦W³æ¤¤§R±¼¡¨¡A«Hªº³Ì«á­±«h¬O¤@¯ë¥Ñ majordomo ¥[¤W¥h
ªº footer¡F</para>
<para>·í¨C­Ó¤H¦£©ó©¼¦¹¥s½|®É¡A¦³­Ó³Ã¥ë¶X¨S¤Hª`·N¡A§â¥i¥H¥Îªº¿Oªw°½
°½´«¤W¥h¡F</para>
<para>¤T¤Q¤@­Ó«ü¥X¦pªG¥Î TenDRA ½sĶ·sªº¿Oªw¡A·|¤ñªº¨Ó±o«G
0.364%¡]ÁöµM¿Oªw·|³Q½sĶ¦¨¥¿¤»­±Åé¡^¡A©Ò¥H FreeBSD ¤º©wªº½sĶ¾¹
À³¸Ó¬O TenDRA¡A¦Ó¤£¬O EGCS¡F</para>
<para>¦³­Ó¤H»¡·s¿Oªw¯Ê¥F¬ü·P¡F</para>
<para>¤E­Ó¤H¡]¥]¬A­ì¥ý°e PR ªº¤H¡^°Ý¡¨¤°»ò¬O MFC¡H¡¨¡F</para>
<para>¤­¤Q¤C­Ó©ê«è¦Û±q´«¤F¿Oªw«á¡A¨â­Ó¬P´Á³£¨S¦³¥ú¥X²{¡C</para>
<para><emphasis>&a.nik; ¸Éª`¡G</emphasis></para>
<para><emphasis>­è¬Ý¨ì®É¡A§Ú§Ö¯ºÂ½¤F¡C</emphasis></para>
<para><emphasis>µM«á·Q¨ì¡A¡¨µ¥¤@¤U¡A¤£¬OÀ³¸ÓÁÙ¦³¤@­Ó­n±N³o¨Ç°O¦b
list ¤W¶Ü¡H¡¨</emphasis></para>
<para><emphasis>±µµÛ²×©ó¤F¸Ñ§Úªº¨Ï©R :-)</emphasis></para>
</answer>
</qandaentry>
<qandaentry>
<question id="dev-null">
<para>¼g¤J <filename>/dev/null</filename> ªº¸ê®Æ¶]¨ì­þ¸Ì¥h¤F¡H</para>
</question>
<answer>
<para>¦b CPU ¤¤¦³¤@ºØ¯S§Oªº¸ê®Æ´²¼ö¾¹¡A§Q¥Î±Æ¥X´²¼ö¤ù/­·®°²Õ¦X®É¡A
Âà´«¦¨¼ö¯à¡D³o´N¬O¬°¤°»ò CPU §N«o¤éÁÍ­«­nªº­ì¦]¡F·í¤H­Ì¨Ï¥Î§ó§Ö
ªº³B²z¾¹®É¡A¥L­ÌÅܦ¨¤£¦b¥G¦³¶V¨Ó¶V¦h¥L­Ìªº¸ê®Æ³£°e¶i¤F
<filename>/dev/null</filename> ¡A¦Ó¨Ïªº¥L­Ìªº CPU ¹L¼ö¡D
¦pªG§A§R°£¤F <filename>/dev/null</filename> (¨º±N·|¦³®ÄªºÃö³¬
CPU ªº¸ê®Æ´²¼ö¾¹) §Aªº CPU ¤]³\·|­°§C¤u§@·Å«×¡A¦ý¬O§Aªº¨t²Î±N
·|«Ü§Öªº¹³¬O¿©±w¤F«K¯µ¦ñÀHµÛ©Ò¦³¶W¥Xªº¸ê®Æ¶}©lÅܦ¨¦æ¬°¤£¥¿±`¡C
¦pªG§A¦³§Ö³tªººô¸ô³s½u¡A§A¥i¥H§Q¥ÎŪ¨ú
<filename>/dev/random</filename> ¨Ã±N¥LÀH·N¶Ç°e¦Ü¦U³B¡A
¨Ó­°§C§A CPU ªº·Å«×¡FµM¦Ó§A±N³´¤J¨Ï§Aºô¸ô³s½u©Î
<filename>/</filename> ¦³¹L¼öªº­·ÀI©Î¬O·S´o§Aªº ISP¡A
¤j³¡¤Àªº¸ê®Æ³Ì²×±N·|¦b¥L­Ìªº³]³Æ¤WÂà´«¦¨¼ö¡A¤£¹L¥L­Ì³q±`³£¾Ö¦³
¦nªº´²¼ö¡A©Ò¥H¦pªG§A°µªº¤£¤Ó¹L¤À¡AÀ³¸Ó¬O¨S¤°»ò¤j¤£¤Fªº¡C</para>
<para><emphasis>Paul Robinson ¸É¥R¡G</emphasis></para>
<para>¤¤¤åª© FAQ ª`¡G¥H¤Uµu¤åÄÝ©ó¬ü¦¡«ÕÀq¡A®£Â½Ä¶«á³y¦¨»y²j¤£¸Ô¡A
»y·N¤£³qªº±¡§Î¡A©T«O¯d­ì¥Ä­ì¨ýÅýŪªÌ¦Û¦æ«~À|¡C</para>
<para>There are other methods. As every good sysadmin knows,
it is part of standard practise to send data to the screen
of interesting variety to keep all the pixies that make up
your picture happy. Screen pixies (commonly mis-typed or
re-named as 'pixels') are categorised by the type of hat
they wear (red, green or blue) and will hide or appear
(thereby showing the colour of their hat) whenever they
receive a little piece of food. Video cards turn data into
pixie-food, and then send them to the pixies - the more
expensive the card, the better the food, so the better
behaved the pixies are. They also need constant simulation
- this is why screen savers exist.</para>
<para>To take your suggestions further, you could just throw
the random data to console, thereby letting the pixies
consume it. This causes no heat to be produced at all,
keeps the pixies happy and gets rid of your data quite
quickly, even if it does make things look a bit messy on
your screen.</para>
<para>Incidentally, as an ex-admin of a large ISP who
experienced many problems attempting to maintain a stable
temperature in a server room, I would strongly discourage
people sending the data they do not want out to the
network. The fairies who do the packet switching and
routing get annoyed by it as well.</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="advanced">
<chapterinfo>
<author>
<firstname>En-Ran</firstname>
<surname>Zhou</surname>
<affiliation>
<address><email>zhouer@tfcis.org</email></address>
</affiliation>
</author>
</chapterinfo>
<title>¶i¶¥¥DÃD</title>
<qandaset>
<qandaentry>
<question id="learn-advanced">
<para>¦p¦ó¯à¾Ç²ß§ó¦h¦³Ãö FreeBSD ¤º³¡ªºªF¦è¡H</para>
</question>
<answer>
<para>¥Ø«e¥«­±¤WÁÙ¨S¦³±´°Q§@·~¨t²Î¤º³¡ªº®Ñ¬O±M¬° FreeBSD ¦Ó¼g
ªº¡CµM¦Ó¡A³\¦h¤@¯ëªº UNIX ª¾Ãѳ£¥i¥Hª½±µÀ³¥Î¦b FreeBSD ¤W¡Cªþ
¥[¤@ÂI¡A¤´µM¦³¬ÛÃöªº®Ñ¬O±M¬° BSD ©Ò¼gªº¡C</para>
<para>½Ð°Ñ¦Ò Handbook ªº<ulink
URL="../handbook/bibliography-osinternals.html">§@·~¨t²Î¤º³¡¤§°Ñ¦Ò®Ñ¥Ø</ulink>
¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="how-to-contribute">
<para>¦p¦ó¯à¬° FreeBSD ¥X¤@¥÷¤O¡H</para>
</question>
<answer>
<para>½Ð°Ñ¦Ò³o½g¤å³¹ <ulink
url="../../articles/contributing/article.html">Contributing
to FreeBSD</ulink> ¨Ó´£¨Ñ±zªº«Øij¡C¦pªG±z¯àÀ°¦£¨º´N§óÅwªï¤F¡I</para>
</answer>
</qandaentry>
<qandaentry>
<question id="define-snap-release">
<para>SNAP ©M RELEASE ¬O¤°»ò¡H</para>
</question>
<answer>
<para>¥Ø«e¦³¤T­Ó¬¡ÅD/¥b¬¡ÅDªº¤À¤ä¦b FreeBSD ªº <ulink
URL="http://www.FreeBSD.org/cgi/cvsweb.cgi">CVS Repository</ulink>
(RELENG_2 ¤À¤ä¤@¦~¤j·§§ó°Ê¨â¦¸¡A¥¿¬O¬°¦ó¥u¦³¤T­Ó¬¡ÅDªºµo®i¤¤¤À¤ä)¡G
</para>
<itemizedlist>
<listitem>
<para><literal>RELENG_2_2</literal> §Y
<emphasis>2.2-STABLE</emphasis></para>
</listitem>
<listitem>
<para><literal>RELENG_3</literal> §Y
<emphasis>3.X-STABLE</emphasis></para>
</listitem>
<listitem>
<para><literal>RELENG_4</literal> §Y
<emphasis>4-STABLE</emphasis></para>
</listitem>
<listitem>
<para><literal>HEAD</literal> §Y
<emphasis>-CURRENT</emphasis> §Y
<emphasis>5.0-CURRENT</emphasis></para>
</listitem>
</itemizedlist>
<para>¦p¦P¨ä¥L¨â­Ó¡A<literal>HEAD</literal> ¨Ã¤£¬O¯u¥¿
ªº branch tag¡A¥¦¥u¬O¤@­Ó²Å¸¹±`¼Æ¡A«ü¦V <quote><emphasis>current
(©|¥¼¤À¤äªºµo®i¤¤ª©¥»)</emphasis></quote> ²°O¬°
<quote>-CURRENT</quote>¡C</para>
<para>¥H²{¦b¨Ó»¡¡A<quote>-CURRENT</quote> ´Â¦V 5.0 µo®i¡A¦Ó
<literal>4-STABLE</literal> ¤À¤ä¡A¤]´N¬O
<symbol>RELENG_4</symbol>¡A¦b 2000 ¦~¤T¤ë±q
<quote>-CURRENT</quote> ¤À¤ä¥X¨Ó¡C</para>
<para><literal>2.2-STABLE</literal> ³o­Ó¤À¤ä¡A¤]´N¬O
<symbol>RELENG_2_2</symbol>¡A¦b 1996 ¦~¤Q¤@¤ë±q -CURRENT ¤À¤ä¥X
¨Ó¡A³o­Ó¤À¤ä¥Ø«e¤w¸g§¹¥þ°h¥ð¤F¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="custrel">
<para>­n«ç»ò§@¥X¦Û¤vªº release¡H</para>
</question>
<answer>
<para>½Ð°Ñ·Ó <ulink
url="../../articles/releng/article.html">Release ¤uµ{</ulink>
¤å³¹»¡©ú¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="makeworld-clobbers">
<para>¬°¤°»ò <command>make world</command> §â­ì¨Ó¸Ëªº binary ÀÉ
³£´«±¼¤F¡H</para>
</question>
<answer>
<para>¨S¿ù¡A´N¬O³o¼Ë¤l¡C¦p¦W¦r©Ò¥Ü¡A<command>make world</command>
·|­«·s½sĶ¨t²Î¤º«Øªº¨C­Ó binary ÀÉ¡A³o¼Ë¦bµ²§ô®É´N¥i½T©w¦³­Ó¤@­P
¥B°®²bªºÀô¹Ò(©Ò¥H­nªá¤W¦n¤@¬q®É¶¡)¡C</para>
<para>¦b°õ¦æ <command>make world</command> ©Î
<command>make install</command> ®É¡A¦pªG¦³³]
<literal>DESTDIR</literal> ³o­ÓÀô¹ÒÅܼơA·s²£¥Íªº binary ±N·|¸Ë¦b
<literal>${DESTDIR}</literal> ¤U¦P¼Ëªº¥Ø¿ý¾ð¤¤¡C¦ý¦b¬Y¨Ç­×§ï
shared library ©M­««Ø binary ªºµL¯S©w±¡ªp¤U¡A³o¼Ë°µ¥i¯à·|¨Ï
<command>make world</command> ¥¢±Ñ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="bus-speed-defaulted">
<para>¦b¨t²Î¶}¾÷®É¡A¥X²{ <quote>(bus speed defaulted)</quote>¡C</para>
</question>
<answer>
<para>Adaptec 1542 SCSI ¥d¤¹³\¨Ï¥ÎªÌ¥Î³nÅé½Õ¾ã¶×¬y±Æªº¦s¨ú³t«×¡C
¦­´Áªº 1542 ÅX°Êµ{¦¡¸Õ¹Ï±N¥¦³]¦¨¥i¥Îªº³Ì§Ö³t«×¡A¦ý«á¨Óµo²{¦b¤@
¨Ç¾÷¾¹¤W¤£¯à¥Î¡A©Ò¥H²{¦b­n¦b kernel ³]©w¤¤¥[
<symbol>TUNE_1542</symbol> ³o­Ó¿ï¶µ¨Ó±Ò°Ê³o­Ó¥\¯à¡C¦b¤ä´©ªº¾÷¾¹
¤W¥Î³o­Ó¿ï¶µ·|¨ÏµwºÐ¦s¨ú§ó§Ö¡A¦ý¦b¤£¤ä´©ªº¾÷¾¹¤W¦³¥i¯à·|·´±¼¸ê®Æ¡C
</para>
</answer>
</qandaentry>
<qandaentry>
<question id="ctm">
<para>¦bºô¸ôÀW¼e¦³­­ªº±¡ªp¤U¡A§Ú¤]¥i¥H¸ò¤W current ªºµo®i¶Ü¡H</para>
</question>
<answer>
<para>¬Oªº¡AÂÇµÛ <ulink URL="../handbook/synching.html#CTM">CTM
</ulink> ±z´N¥i¥H<literal>¤£¥Î</literal>¤U¸ü¥þ³¡ªºµ{¦¡½X¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="split-240k">
<para>¬O«ç»ò§âµo¦æª©¥»¤¤ªºÀɮפÁ¦¨¤@­Ó­Ó 240k ªº¤pÀɮתº¡H</para>
</question>
<answer>
<para>¥H BSD ¬°°ò¦ªº¸û·s¨t²Î¦³­Ó <option>-b</option> ¿ï¶µ
¥i¥H§âÀÉ®×¥H¥ô·N¼Æ¥Ø byte ¤Á¶}¡C</para>
<para>³o¸Ì¬O <filename>/usr/src/Makefile</filename> ¤¤ªº¤@­Ó
¨Ò¤l¡G</para>
<programlisting>bin-tarball:
(cd ${DISTDIR}; \
tar cf - . \
gzip --no-name -9 -c | \
split -b 240640 - \
${RELEASEDIR}/tarballs/bindist/bin_tgz.)</programlisting>
</answer>
</qandaentry>
<qandaentry>
<question id="submitting-kernel-extensions">
<para>§Ú¦b kernel ¤¤¥[¤F·s¥\¯à¡A§Ú­n§â¥¦±Hµ¹½Ö¡H</para>
</question>
<answer>
<para>½Ð°Ñ¦Ò <ulink
URL="../../articles/contributing/article.html">Contributing
to FreeBSD</ulink> ¤¤ªº¤å³¹¡A¥H¤F¸Ñ­n¦p¦ó´£¨Ñ±zªºµ{¦¡½X¡C</para>
<para>¦P®É¤]ÁÂÁ±zªºÃö¤ß¡I</para>
</answer>
</qandaentry>
<qandaentry>
<question id="pnp-initialize">
<para>ISA ªºÀH´¡§Y¥Î¥d¬O¦p¦ó°»´ú¤Îªì©l¤Æªº¡H</para>
</question>
<answer>
<para>¥Ñ Frank Durda IV ©Ò¼g¡G
<email>uhclem@nemesis.lonestar.org</email></para>
<para>²³æªº»¡¡A·í¥D¾÷µo¥X¬O§_¦³ PnP ¥dªº¸ß°Ý°T¸¹®É¡A©Ò¦³ªº PnP ¥d
·|¦b´X­Ó©T©wªº I/O port §@¦^À³¡C©Ò¥H·í°»´ú PnP ªºµ{¦¡¶}©l®É¡A¥¦
·|¥ý°Ý¦³¨S¦³ PnP ¥d¦b¡A±µµÛ©Ò¦³ PnP ¥d·|¦b¥¦Åªªº port ¥H¦Û¤vªº
«¬¸¹ # §@¦^µª¡A³o¼Ë°»´úµ{¦¡´N·|±o¨ì¤@­Ó wired-OR <quote>yes</quote>
ªº¼Æ¦r¡A¨ä¤¤¦Ü¤Ö·|¦³¤@­Ó bit ¬O¥´¶}ªº¡CµM«á°»´úµ{¦¡·|­n¨D«¬¸¹
(¥Ñ Microsoft/Intel«ü©w)¤p©ó X ªº¥d<quote>Â÷½u</quote>¡C¦A¥h¬Ý¬O
§_ÁÙ¦³¥d¦^µª¦P¼Ëªº¸ß°Ý¡A¦pªG±o¨ì <literal>0</literal>¡A´Nªí¥Ü¨S
¦³«¬¸¹¤j©ó X ªº¥d¡C ²{¦bµ{¦¡·|°Ý¬O§_¦³«¬¸¹¤p©ó <literal>X</literal>
ªº¥d¡A¦pªG¦³ªº¸Ü¡Aµ{¦¡¦A­n«¬¸¹¤j©ó X-(limit/4) ªº¥dÂ÷½u¡AµM«á­«ÂÐ
¤W­±ªº°Ê§@¡C¥Î­«½Æ³oºØÃþ¦ü semi-binary search ªº¤èªk¡A¦b¬Y½d³ò¤º
§ä­Ó´X¦¸«á¡A´úµ{¦¡³Ì«á·|¦b¾÷¾¹¤¤°Ï¤À¥X©Ò¦³ªº PnP ¥d¡A·j´M¦¸¼Æ¤]
»·§C©ó¤@­Ó­Ó§äªº 2^64 ¦¸¡C</para>
<para>¤@±i¥dªº ID ¥Ñ¨â­Ó 32-bit(©Ò¥H¤W­±¬O 2&circ;64) + 8bit °»¿ù½X
²Õ¦¨¡A²Ä¤@­Ó 32 bits ¬O¥Î¨Ó°Ï¤À¦U®a¼t°Óªº¡C³o¨Ç¼t°Ó±q¨Ó¨S¦³¥X¨Ó¼á
²M¹L¡A¦ý¬Ý¨ÓÀ³°²³]¦P¤@®a¥Xªº¤£¦PºØÃþªº¥dªº¼t°Ó ID ¦³¥i¯à¤£¦P¡C¥Î
32 bits ¥u¨Óªí¥Ü¤£¦P¼t°Óªº·Qªk¹ê¦b¦³ÂI¹LÀY¤F¡C</para>
<para>²Ä¤G­Ó 32 bits «h¬O«¬¸¹ #¡B¤A¤Óºô¸ô¦ì§}¡B©Î¤@¨Ç¨Ï³o±i¥d¿W¯Sªº
¸ê®Æ¡C°£«D²Ä¤@­Ó 32 bits ¤£¦P¡A§_«h¼t°Ó¤£¥i¯à§@¥X²Ä¤G­Ó 32 bit ¬Û
¦Pªº¨â±i¥d¡C©Ò¥H¦b¤@¥x¾÷¾¹¤¤¥i¥H¦³¦P¼Ëªº¦n´X±i¥d¡AµM¦Ó¥L­Ì¾ã­Ó
64 bits ÁÙ¬O·|³£¤£¤@¼Ë¡C</para>
<para>³o¨â­Ó 32 bit µ´¹ï¤£¥i¥H¥þ¬°¹s¡A³o¤~¯à¨Ï±o³Ì¶}©l binary search
¤¤ªº wired-OR ·|±o¨ì¤@­Ó«D¹s¼Æ¦r¡C</para>
<para>¤@¥¹¨t²Î°Ï¤À¥X©Ò¦³¥dªº ID¡A±µµÛ·|¸g¥Ñ¦P¼Ëªº I/O port ¤@­Ó­Ó­«
·s±Ò°Ê¨C±i¥d¡A±µµÛ§ä¥X¤wª¾¤¶­±¥d©Ò»Ýªº¸ê·½¡B¦³­þ¨Ç¤¤Â_¥i¥H¨Ï¥Îµ¥
µ¥¡C©Ò¦³¥d³£·|³Q±½´y¤@¦¸¡A¨Ó¦¬¶°³o¨Ç¸ê®Æ¡C</para>
<para>³o¨Ç¸ê°T±µµÛ©MµwºÐ¤Wªº ECU ÀɮסB©Î MLB BIOS ¸Ìªº¸ê®Æµ²¦X¦b¤@
°_¡A³q±`¬Oºî¦X ECU ©M MLB ¸Ìªº BIOS PnP ¸ê®Æ¡A³o¨Ç¶gÃä¨Ã¤£¤ä´©¯u¥¿
ªº PnP¡AµM¦Ó°»´úµ{¦¡¦bÀˬd BIOS ©M ECU ¸ê®Æ«á¡A¥¦¥i¥HÁקK PnP ¶gÃä
©M¨º¨Ç°»´ú¤£¨ìªº¬Û½Ä¬ð¡C</para>
<para>±µµÛ¦A«×«ô³X³o¨Ç PnP ¶gÃä¡A³o¦¸·|§â¥i¥Îªº I/O¡BDMA¡BIRQ ©M°O¾Ð
Åé¬M®gªº¦ì§}³£«ü©wµ¹¥¦­Ì¡C³o¨Ç¶gÃä´N·|¥X²{¦b©Ò«ü©wªº¦a¤è¡Aª½¨ì¤U¤@
¦¸­«·s¶}¾÷¬°¤î¡A¤£¹L¤]¨S¦³¤H»¡¤£¯à§â¥¦­ÌÀH®É²¾¨Ó²¾¥h¡C</para>
<para>¤W­±¦³¬Û·í¦hªºÂ²¤Æ¡A¦ý§AÀ³¸Ó¤w¸g¤F¸Ñ¤j­Pªº¹Lµ{¡C</para>
<para>Microsoft §âªí¥Ü¦Lªí¾÷ª¬ºAªº´X­Ó¥D­n port ®³¨Ó§@ PnP¡A¥L­Ìªº
ÅÞ¿è¬O¨S¦³¤@±i¥d·|¦b³o¨Ç¦a¤è¸Ñ½X§@¬Û¤Ïªº I/O cycles¡C¦ý¬O§Ú§ä¨ì
¤@´Ú¦­´Á¤´¦bµû¦ô PnP ´£®×®Éªº IBM ­ì¼t printer board¡A¥¦ªº½T¥h¸Ñ
¹ï³o¨Çª¬ºA port ªº¼g¤J¸ê®Æ¡A¦ý¬O MS <quote>»¡¤F´Nºâ</quote>¡C©Ò¥H
¥¦­Ìªº½T¦³¹ï¦Lªí¾÷ª¬ºA port ¼g¤J¡AÁÙ¦³Åª¨ú¸Ó¦ì§} +
<literal>0x800</literal>¡B©M¥t¤@­Ó¦b <literal>0x200</literal> ¤Î
<literal>0x3ff</literal> ¤§¶¡ªº port¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="major-numbers">
<para>§Ú¬°¬Y³]³Æ¼g¤FÅX°Êµ{¦¡¡A¯à¤£¯àµ¹¥¦¤@­Ó major number¡H</para>
</question>
<answer>
<para>³o­n¬Ý§A¬O§_¥´ºâ±N³o­ÓÅX°Êµ{¦¡¤½¶}¨Ï¥Î¡A¦pªG¬Oªº¸Ü¡A½Ð§â¥¦ªº
­ì©l½X°e¤@¥÷µ¹§Ú­Ì¡AÁÙ¦³ <filename>files.i386</filename> ­×§ïªº
³¡¥÷¡Bkernel ³]©wÀɼ˥»¡B¥H¤Î¥Î¨Ó²£¥Í³]³ÆÀɪº &man.MAKEDEV.8;¡C
¦pªG§A¤£¥´ºâ¤½¶}¡B©Î¦]¬°ª©Åv°ÝÃD¦Ó¤£¯à¤½¶}ªº¸Ü¡A§Ú­Ì¦³¯S¦a«O¯d
character major number 32 ©M block major number 8 µ¹³o¤è­±ªº¨Ï¥Î¡A
ª½±µ¥Î³o¨â­Ó´N¦n¤F¡C¤£½×¦p¦ó¡A§Ú­Ì³£·|«Ü·P¿E§A¯à¦b &a.hackers;
µoªíÅX°Êµ{¦¡ªº®ø®§¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="alternate-directory-layout">
<para>Ãö©ó§ó°Ê¥Ø¿ý©ñ¸mªº­ì«h¡H</para>
</question>
<answer>
<para>¦b¦^µªÃö©ó§ó°Ê¥Ø¿ý©ñ¸mªº­ì«h¤è­±¡A§Ú¦b 1983 ¦~¼g¦n¥Ø«eªº§@ªk
«á´N¨S¦³¦A§ïÅܹL¡A³oºØ¤è¦¡¬O°w¹ï­ì¥ýªº FFS Àɮרt²Î¡A«á¨Ó¤]¨S¦³
¹ï¥¦§@¥ô¦ó§ó°Ê¡C¥¦¦bÁקK cylinder group ³Q¶ñº¡³o¤è­±°µ±o¬Û·í¦¨¥\¡A
¦ý¬O´N¹³¦³¨Ç¤H¤w¸gª`·N¨ì¡A¥¦©M find ´N°t¦X±o¤£¤j¦n¡C¤j³¡¥÷ªºÀÉ®×
¨t²Î¬O¥Ñ¨º¨Ç¥Î depth first search(aka ftw) ²£¥Íªº archive »s³y¥X
¨Ó¡A¸Ñ¥X¨Óªº¥Ø¿ý inode ·|¾î¸ó¦n´X­Ó cylinder group¡A¦pªG¥H«á­n°µ
depth first search ªº¸Ü¡A³o¬O³ÌÁV¿|ªº±¡ªp¤§¤@¡C¦pªG§Ú­Ìª¾¹DÁ`¦@
·|²£¥Í¦h¤Ö¥Ø¿ýªº¸Ü¡A¸Ñªk¬O¦b°µ¥ô¦ó¦s¨ú/¼g¤J°Ê§@¤§«e¡A¦b¨C­Ó
cylinder group ¤W¥ý³y¥X(©Ò¦³¥Ø¿ý¼Æ/cylinder greoup ªº¼Æ¥Ø)³o»ò¦h
ªº¥Ø¿ý¡C«Ü©úÅ㪺¡A§Ú­Ì¥²¶·­n¦³®Ú¾Ú¦a¥h²q³o ­Ó¼Æ¦r¡A´Nºâ¤@­Ó¹³ 10
ªº«Ü¤p©T©w¼Æ¥Ø¤]·|¨Ï®Ä²v¥H¯Å¼Æ¦¨ªø¡C°Ï¤À restore (§Y¸Ñ¶}¤W­zªº
archive) ©M¤@¯ëÀÉ®×¾Þ§@ªº¤èªk¥i¥H¬O(²{¦b¥Îªººtºâªk¥i¯à­n§ó±Ó·P)¡G
¦pªG¤@¨Ç¥Ø¿ý(³Ì¦h 10 ­Ó)³£¦b 10 ¬í¤º²£ ¥Íªº¸Ü¡A¨º»ò´N§â³o¨Ç¥Ø¿ý
»E¶°¦b¦P¤@­Ó cylinder group¡C¤£ºÞ«ç¼Ë¡A §Úªº¸gÅç«ü¥X³o¬O¤@­Ó¤w¸g
¥R¥÷¹êÅç¹Lªº³¡¥÷¡C</para>
<para>Kirk McKusick, September 1998</para>
</answer>
</qandaentry>
<qandaentry>
<question id="kernel-panic-troubleshooting">
<para>¦p¦ó¦b kernel panics ®É±o¨ì³Ì¦hªº¸ê°T¡H</para>
</question>
<answer>
<para><emphasis>[³o¸`¬O±q &a.wpaul; ¦b freebsd-current <link
linkend="mailing">mailing list</link> ¤Wµoªíªº«H¤¤¸`¿ý¡A
&a.des; ­×¥¿¤F¥´¦r¿ù»~¡B¦A¥[¤W¬A©·¸Ìªºª`¸Ñ¡C]</emphasis></para>
<programlisting>From: Bill Paul &lt;wpaul@skynet.ctr.columbia.edu&gt;
Subject: Re: the fs fun never stops
To: Ben Rosengart
Date: Sun, 20 Sep 1998 15:22:50 -0400 (EDT)
Cc: current@FreeBSD.org</programlisting>
<para><emphasis>[Ben µoªí¤F¤U­±ªº panic °T®§]</emphasis></para>
<programlisting>&gt; Fatal trap 12: page fault while in kernel mode
&gt; fault virtual address = 0x40
&gt; fault code = supervisor read, page not present
&gt; instruction pointer = 0x8:0xf014a7e5
^^^^^^^^^^
&gt; stack pointer = 0x10:0xf4ed6f24
&gt; frame pointer = 0x10:0xf4ed6f28
&gt; code segment = base 0x0, limit 0xfffff, type 0x1b
&gt; = DPL 0, pres 1, def32 1, gran 1
&gt; processor eflags = interrupt enabled, resume, IOPL = 0
&gt; current process = 80 (mount)
&gt; interrupt mask =
&gt; trap number = 12
&gt; panic: page fault</programlisting>
<para>·í§A¬Ý¨ì¹³³o¼Ëªº°T®§®É¡A¥u§â¥¦«þ¤@¥÷°e¤W¨Ó¬O¤£°÷ªº¡C§Ú¦b¤W­±
¯S¦a¼Ð©úªº instruction pointer ­È¬Û·í­«­n¡A¤£©¯ªº¬O¥¦·|¦]³]©w¦Ó
¤£¦P¡C´«¥y¸Ü»¡¡A³o­Ó­È·|¸ò§A¥Îªº kernel image ÀɦÓÅÜ°Ê¡C¦pªG¬O¥Î
¬Y­Ó snapshot ª©¥»ªº GENERIC kernel¡A¤]³\¨ä¥L¤H¥i¥H°lÂܨì¥X°ÝÃD
ªº¨ç¦¡¡A¦ý¦pªG§A¬O¥Î¦Û­qªº kernel¡A¨º»ò¥u¦³
<emphasis>§A</emphasis>¤~¯à§i¶D§Ú­Ì°ÝÃD¥X¦b¨º¸Ì¡C</para>
<para>­n°µªº¨Æ¥]¬A³o¨Ç¡G</para>
<procedure>
<step>
<para>§â instruction pointer ªº­È°O¤U¨Ó¡Cª`·N¦b«e­±ªº
<literal>0x8:</literal> ¦b³o­Ó±¡ªp¤¤¨Ã¤£­«­n¡A§Ú­Ì­nªº¬O
<literal>0xf0xxxxxx</literal>¡C</para>
</step>
<step>
<para>·í¨t²Î­«·s¶}¾÷«á¡A°õ¦æ³o¹D©R¥O¡G
<screen>&prompt.user; <userinput>nm -n /(³y¦¨ panic ªº kernel ÀÉ®×) | grep f0xxxxxx</userinput></screen>
¨ä¤¤ <literal>f0xxxxxx</literal> ´N¬O°O¤U¨Óªº
instruction pointer ­È¡C¦³¥i¯à¤£·|­è¦n§ä¨ì§¹¾ãªº³o­Ó¦r¦ê¡A
³o¬O¦]¬° kernel symbol table ¸Ìªº¦U­Ó symbol ¥u¬O¨ç¦¡ªº¶i
¤JÂI¡A¦ý instruction pointer ©Ò«üªº¦ì§}¦³¥i¯à¬O¦b¨ç¦¡¤ºªº
¬Y¤@³B¡A¦Ó¤£¤@©w¦b¶}ÀY¡C©Ò¥H¦pªG§ä¤£¨ì¾ã­Ó¦r¦ê¡A¨º»ò§â
instruction pointer ­Èªº³Ì«á¤@­Ó¼Æ¦r®³±¼¡A¦A¸Õ¤@¦¸¡G
<screen>&prompt.user; <userinput>nm -n /(³y¦¨ panic ªº kernel ÀÉ®×) | grep f0xxxxx</userinput></screen>
¦pªG³o¼Ë¤]§ä¤£¨ì¡A¨º´N§â¥t¤@­Ó¼Æ¦r¥h±¼¦A§ä¡A¤@ª½­«½Æ¨ì§ä¨ì
¬°¤î¡A µ²ªG¬O¤@¦ê¥i¯à³y¦¨ panic ªº¨ç¦¡¦Cªí¡C³o¼Ë¤ñª½±µ§ä¨ì
¥X°ÝÃDªº¨ç¦¡¨Ó±o®t¡A¦ý¦Ü¤Ö¦n¹L¤°»ò³£¨S¦³¡C</para>
</step>
</procedure>
<para>§Ú±`±`¬Ý¨ì¤H­ÌÅã¥Ü¤@¤j¤ù panic °T®§¡A¦ý«Ü¤Ö¬Ý¨ì¦³¤Hªá¤@ÂI®É¶¡
§â instruction pointer ©M kernel symbol table ¤¤ªº¨ç¦¡¤ñ¸û¤@¤U¡C
</para>
<para>­n°lÂÜ¥X³y¦¨ panic ­ì¦]ªº³Ì¦n¤èªk¬O¥ý°µ¥X crash dump¡AµM«á¥Î
&man.gdb.1; ¦b¤W­±°µ stack trace¡C</para>
<para>¤£ºÞ¬O¨º¤@ºØ¡A§Ú³q±`¬O¥Î³o­Ó¤èªk¡G</para>
<procedure>
<step>
<para>¼g¦n kernel ³]©wÀÉ¡C¦pªG§A»Ý­n¥Î kernel debugger¡A¦b³]
©wÀɤ¤¥[¤W <literal>options DDB</literal> ³o­Ó¿ï¶µ¡C
(·í§ÚÃhºÃ¦³¥X²{µL½a°j°é®É¡A³q±`·|¥Î³o­Ó¨Ó³]©w¤¤Â_ÂI¡C)
</para>
</step>
<step>
<para>¥Î <command>config -g
<replaceable>KERNELCONFIG</replaceable></command>
°µ¥X¥Î¨Ó½sĶªº¥Ø¿ý¡C</para>
</step>
<step>
<para><command>cd /sys/compile/
<replaceable>KERNELCONFIG</replaceable>; make
</command></para>
</step>
<step>
<para>µ¥«Ý kernel ½sĶµ²§ô¡C</para>
</step>
<step>
<para><command>make install</command></para>
</step>
<step>
<para>­«·s¶}¾÷</para>
</step>
</procedure>
<para>&man.make.1; ±N·|»s³y¥X¨â­Ó kernel¡C<filename>kernel</filename>
ÁÙ¦³ <filename>kernel.debug</filename>¡C
<filename>kernel</filename> ±N·|³Q¦w¸Ë¨ì
<filename>/kernel</filename>¡A¦Ó <filename>kernel.debug</filename>
¥i¥Î¨Óµ¹ &man.gdb.1; ·í§@ debugging symbols ªº¨Ó·½¡C</para>
<para>­n½T©w¯à§ì¨ì crash dump¡A¥ý½s¿è
<filename>/etc/rc.conf</filename> ±N <literal>dumpdev</literal> «ü
¨ì swap ¤À³Î°Ï¡C³o¼Ë &man.rc.8; ·|¥Î &man.dumpon.8; ¨Ó±Ò°Ê
crash dump¡A§A¤]¥i¥H¤â°Ê°õ¦æ &man.dumpon.8; ¦b panic ¤§«á¡A
crash dump ¥i¥H¥Î &man.savecore.8; ¦s°_¨Ó¡F¦pªG
<filename>/etc/rc.conf</filename> ¸Ì¦³³] <literal>dumpdev</literal>
¨º»ò­«·s¶}¾÷«á &man.rc.8; ·|¦Û°Ê°õ¦æ &man.savecore.8; §â
crash dump ¦s¦b <filename>/var/crash</filename>¡C</para>
<note>
<para>FreeBSD ªº crash dump ³q±`©M¾÷¾¹¸Ìªº¹ê»Ú°O¾ÐÅé¤@¼Ë¤j¡A´N
¹³¦pªG¦³ 64MB °O¾ÐÅé¡Acrash dump ¤j¤p´N¬O 64MB¡C©Ò¥H­n½T©w
<filename>/var/crash</filename> ¤U¦³¨¬°÷ªºªÅ¶¡¡A©Î¬O¥i¥H¤â
°Ê°õ¦æ &man.savecore.8; §â crash dump ©ñ¨ì¥t¤@­ÓªÅ¶¡¸û°÷ªº
¥Ø¿ý¤U¡C¥t¤@ºØ¤]³\¥i¥H­­¨î crash dump ªº¤èªk¡A¬O¦b kernel
³]©wÀɤ¤¥Î <literal>options MAXMEM=(foo)</literal>¡A±N kernel
¥i¥Îªº°O¾ÐÅé­­¨î¦b¦X²zªº¤j¤p¡CÁ|¨Ò¨Ó»¡¡A¦pªG§A¦³ 128MB ªº°O¾Ð
Åé¡A¦ý¬O¥i¥H­­¨î kernel ¥u¯à¥Î 16MB ªº°O¾ÐÅé¡A³o¼Ë crash dump
´N¬O 16MB ¦Ó¤£¬O 128MB ¤F¡C</para>
</note>
<para>¤@¥¹µo²{¦³¤F crash dump¡A´N¥i¥H¥Î &man.gdb.1; ¨Ó°µ
stack trace ¡A¦p¤U©Ò¥Ü¡G</para>
<screen>&prompt.user; <userinput>gdb -k /sys/compile/KERNELCONFIG/kernel.debug /var/crash/vmcore.0</userinput>
<prompt>(gdb)</prompt> <userinput>where</userinput></screen>
<para>­nª`·N¥i¯à·|¥X²{¦n´X­Ó¿Ã¹õªº¥i¥Î¸ê°T¡A§A¥i¥H¥Î &man.script.1;
§â©Ò¦³¿é¥X³£¦s°_¨Ó¡C¥Î¥]¬A©Ò¦³ debug symbol ªº kernel ¨Ó°£¿ù¡A³o
¼ËÀ³¸Ó¥i¥Hª½±µÅã¥Ü panic ¬Oµo¥Í¦b¨º¤@¦æ¡C³q±`¬O¥Ñ¤U©¹¤WŪ
stack strace¡A³o¼Ë¤~¯à¤@­Ó­Ó°lÂÜ¥X¦³­þ¨Ç°Ê§@¤Þ¨ì crash¡C¤]¥i¥H¥Î
&man.gdb.1; §â¦UºØÅܼƩε²ºcªº¤º®e¦L¥X¨Ó¡A¥HÀˬd¨t²Î crash ®Éªº
¹ê»Úª¬ºA¡C</para>
<para>¦n°Õ¡A¦pªG§A¦³²Ä¤G¥x¹q¸£¦Ó¥B¦³°÷ºÆ¨g¡A¥i¥H±N &man.gdb.1; ³]©w
¦¨»·ºÝ°£¿ù¡C³o¼Ë§A¥i¥H¦b¤@¥x¾÷¾¹¤¤¥Î &man.gdb.1; ¥h°£¿ù¥t¤@¥x¸Ìªº
kernel¡A¥i¥H°õ¦æªº¥]¬A³]©w¤¤Â_ÂI¡B¦b kernel ­ì©l½X¤¤¤@¨B¨B°õ¦æµ¥
µ¥¡A´N¹³¦b¤@¯ë¨Ï¥ÎªÌµ{¦¡¤W°£¿ù¤@¼Ë¡C¥Ñ©ó¨S¦³¤°»ò¾÷·|¬°°£¿ù¦Ó³]¸m
¨â¥x¨Ã¾F¹q¸£¡A©Ò¥H§ÚÁÙ¨S¦³³o¼Ëª±¹L¡C</para>
<para><emphasis>[Bill ¸É¥R¡G"§Ú§Ñ¤F´£¨ì¤@ÂI¡G¦pªG§A¦³±Ò°Ê DDB ¦Ó
kernel ¤]¤w¸g¶i¤J°£¿ù¾¹¡A¥i¥H¦b DDB ©R¥O¦C¤U¥´ 'panic'¡A±j­¢²£¥Í
panic (ÁÙ¦³ crash dump)¡C¤]¦³¥i¯à¦b panic ¶¥¬q®É¦A¶i¤J°£¿ù¾¹¡A
¦pªG³o¼Ëªº¸Ü¡A¿é¤J 'continue'¡A±µµÛ¥¦´N·|§¹¦¨ crash dump¡C" -ed]
</emphasis></para>
</answer>
</qandaentry>
<qandaentry>
<question id="dlsym-failure">
<para>¬°¤°»ò dlsym() ¤£¯à¾Þ§@ ELF °õ¦æÀÉ¡H</para>
</question>
<answer>
<para>¦b ELF ¤@¨t¦Cªº¤u¨ã¤¤¡A¤º©w¬O¤£·|Åý dynamic linker ¬Ý¨ì°õ¦æ
Àɸ̩w¸q¤F­þ¨Ç symbol¡C©Ò¥H <function>dlsym()</function> ¨S¦³¿ì
ªk¥ÎÂǥѩI¥s <function>dlopen(NULL, flags)</function> ¨ú±oªº
handle¡A¥Î¥¦¥h·j´M¦³¨º¨Ç symbol ¤@©w·|¥¢±Ñ¡C</para>
<para>¦pªG§A·Q­n¥Î <function>dlsym()</function> §ä¥X¬Y­Ó process
ªº¥D°õ¦æÀɤ¤¦³­þ¨Ç symbol¡A«h­n¦b link ®É¹ï ELF linker (&man.ld.1;)
¥[¤W <option>-export-dynamic</option> ³o­Ó°Ñ¼Æ¡C</para>
</answer>
</qandaentry>
<qandaentry>
<question id="change-kernel-address-space">
<para>§Ú­n¦p¦ó¼W¥[©Î´î¤Ö kernel ¯à©w§}ªºªÅ¶¡¡H</para>
</question>
<answer>
<para>¹w³]­È¬O¡AFreeBSD 3.x ªº kernel ¥i¥H©w§}ªºªÅ¶¡¬O 256 MB ¦Ó
FreeBSD 4.x ¥i¥H¨ì 1 GB¡C¦pªG¬Oºô¸ô­t²ü¬Û·í­«ªº¦øªA¾¹
(¨Ò¦p¤j«¬ FTP ©Î HTTP ¦øªA¾¹)¡A§A¤]³\·|µo²{ 256 MB ¥i¯à¤£¤j°÷¡C
</para>
<para>©Ò¥H¡A­n¦p¦ó¼W¥[©w§}ªÅ¶¡©O¡H­n±q¨â¤è­±µÛ¤â¡C­º¥ý­º¥ý§i¶D
kernel ¥»¨­­n«O¯d¸û¤jªÅ¶¡µ¹¦Û¤v¡C¨ä¦¸¡A¬JµM¬O¦b©w§}ªÅ¶¡ªº³Ì¤W
­±¸ü¤J kernel¡A©Ò¥HÁÙ­n½Õ§C¸ü¤Jªº¦ì§}¡A¤~¤£·|©M«e­±©w§}ªº½d³ò
­«Å|¡C</para>
<para>¼W¥[ <filename>src/sys/i386/include/pmap.h</filename> ¸Ìªº
<literal>NKPDE</literal> ´N¥i¥H¹F¦¨²Ä¤@­Ó¥Ø¼Ð¡C1 GB ªº©w§}ªÅ¶¡·|
¹³³o¼Ë¡G</para>
<programlisting>#ifndef NKPDE
#ifdef SMP
#define NKPDE 254 /* addressable number of page tables/pde's */
#else
#define NKPDE 255 /* addressable number of page tables/pde's */
#endif /* SMP */
#endif</programlisting>
<para>­nºâ¥X <literal>NKPDE</literal> ªº¥¿½T­È¡A±N·Q­nªºªÅ¶¡¤j¤p
(¥H megabyte ¬°³æ¦ì)°£¥H 4¡A±µµÛ³æ CPU ¾÷¾¹´î 1¡A
Âù CPU «h¬O´î 2¡C</para>
<para>­n¸Ñ¨M²Ä¤G­Ó°ÝÃD¡A¥²¶·¦Û¦æºâ¥X kernel ³Q¸ü¤Jªº¦ì§}¡G¨D¥X
0x100100000 ´î±¼©w§}ªÅ¶¡¤j¤pªº­È(¥H byte ¬°³æ¦ì)¡A¦p 1 GB ¤j¤p´N¬O
0xc0100000¡C§â<filename>src/sys/i386/conf/Makefile.i386</filename>
¸Ìªº <symbol>LOAD_ADDRESS</symbol> ³]¦¨³o­Ó­È¡Q±µµÛ¦b
<filename>src/sys/i386/conf/kernel.script</filename> ¤¤¡A±N
section ¦Cªí³Ì«e­±ªº location counter ³]¦¨¬Û¦Pªº­È¡A¦p¤U¡G</para>
<programlisting>OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
OUTPUT_ARCH(i386)
ENTRY(btext)
SEARCH_DIR(/usr/lib); SEARCH_DIR(/usr/obj/elf/home/src/tmp/usr/i386-unknown-freebsdelf/lib);
SECTIONS
{
/* Read-only sections, merged into text segment: */
. = 0xc0100000 + SIZEOF_HEADERS;
.interp : { *(.interp) }</programlisting>
<para>µM«á­«·s½sĶ±zªº kernel¡C±z¥i¯à·|¦b°õ¦æ &man.ps.1;¡B&man.top.1;
³oÃþªºµ{¦¡®É¸I¨ì°ÝÃD¡Q<command>make world</command> À³¸Ó´N¥i¥H¸Ñ¨M
(©Î§â§ï¹Lªº <filename>pmap.h</filename> ½Æ»s¨ì
<filename>/usr/include/vm/</filename> ¤U¡A¦A¤â°Ê½sĶ
<filename>libkvm</filename>¡A&man.ps.1; ÁÙ¦³ &man.top.1;)¡C</para>
<para>ª`·N¡Gkernel ©Ò¯à©w§}ªºªÅ¶¡¤j¤p¥²¶·¬O 4 megabytes ªº­¿¼Æ¡C
</para>
<para>[&a.dg; ¸É¥R¡G<emphasis>§Ú»{¬° kernel ©w§}ªÅ¶¡¤j¤pÀ³¸Ó­n¬O 2
ªº­¼¾­¡A¦ý¤£¤j½T©w³o¤@ÂI¡Cªº±Ò°Êµ{¦¡·|°Ê¨ì
high order address bits¡A°O±o¥¦°²³]¦Ü¤Ö¦³ 256 MB¡C]</emphasis>
</para>
</answer>
</qandaentry>
</qandaset>
</chapter>
<chapter id="acknowledgments">
<chapterinfo>
<author>
<firstname>Vanilla</firstname>
<surname>Shu</surname>
<affiliation>
<address><email>vanilla@FreeBSD.org</email></address>
</affiliation>
</author>
</chapterinfo>
<title>·PÁÂ</title>
<blockquote>
<attribution>FreeBSD Core Team</attribution>
<para>°²¦p±z¦b³o¥÷ FAQ ¤¤§ä¨ì¿ù»~ªº¦a¤è¡A©Î¬O±z·Q¼W¥[¨Ç¬Æ»ò¡A
½Ð¼g«Ê«H¨ì &a.faq; ¡C§Ú­Ì«D±`·PÁ±zªº«Øij¡A
¦]¬°±zªº«ØijÅý³o¥÷¤å¥óÅܱo§ó¦n¡I</para>
</blockquote>
<variablelist>
<varlistentry>
<term>&a.jkh;</term>
<listitem>
<para>¤£°±ªº§ó·s¹L®Éªº FAQ</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.dwhite;</term>
<listitem>
<para>¸g±`¦b freebsd-questions ¤W¦^µª°ÝÃD</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.joerg;</term>
<listitem>
<para>¸g±`¦b Usenet ¤W¦^µª°ÝÃD</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.wollman;</term>
<listitem>
<para>Networking and formatting</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Jim Lowe</term>
<listitem>
<para>Multicast information</para>
</listitem>
</varlistentry>
<varlistentry>
<term>&a.pds;</term>
<listitem>
<para>FreeBSD FAQ ³o¥÷¤å¥óªº¥´¦r­W¤u</para>
</listitem>
</varlistentry>
<varlistentry>
<term>The FreeBSD Team</term>
<listitem>
<para>Kvetching, moaning, submitting data</para>
</listitem>
</varlistentry>
</variablelist>
<para>¹ï©ó¨º¨Ç´¿¸g¹ï³o¥÷ FAQ ´£¨ÑÀ°§U¡A¦Ó§Ú­Ì¨S´£¨ìªº¤H­Ì¡A
§Ú­Ì¥Ñ°Jªº·PÁ±z¡I</para>
</chapter>
&bibliography;
</book>
diff --git a/zh_TW.Big5/books/handbook/Makefile b/zh_TW.Big5/books/handbook/Makefile
new file mode 100644
index 0000000000..4aae497e0f
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/Makefile
@@ -0,0 +1,265 @@
+#
+# $FreeBSD$
+#
+# Build the FreeBSD Handbook.
+#
+
+# ------------------------------------------------------------------------
+#
+# Handbook-specific variables
+#
+# WITH_PGPKEYS The print version of the handbook only prints PGP
+# fingerprints by default. If you would like for the
+# entire key to be displayed, then set this variable.
+# This option has no affect on the HTML formats.
+#
+# Handbook-specific targets
+#
+# pgpkeyring This target will read the contents of
+# pgpkeys/chapter.sgml and will extract all of
+# the pgpkeys to standard out. This output can then
+# be redirected into a file and distributed as a
+# public keyring of FreeBSD developers that can
+# easily be imported into PGP/GPG.
+#
+# ------------------------------------------------------------------------
+
+.PATH: ${.CURDIR}/../../share/sgml/glossary
+
+MAINTAINER= doc@FreeBSD.org
+
+DOC?= book
+
+FORMATS?= html-split
+
+HAS_INDEX= true
+
+INSTALL_COMPRESSED?= gz
+INSTALL_ONLY_COMPRESSED?=
+
+IMAGES_EN = advanced-networking/isdn-bus.eps
+IMAGES_EN+= advanced-networking/isdn-twisted-pair.eps
+IMAGES_EN+= advanced-networking/natd.eps
+IMAGES_EN+= advanced-networking/net-routing.pic
+IMAGES_EN+= advanced-networking/static-routes.pic
+IMAGES_EN+= geom/striping.pic
+IMAGES_EN+= install/adduser1.scr
+IMAGES_EN+= install/adduser2.scr
+IMAGES_EN+= install/adduser3.scr
+IMAGES_EN+= install/boot-mgr.scr
+IMAGES_EN+= install/console-saver1.scr
+IMAGES_EN+= install/console-saver2.scr
+IMAGES_EN+= install/console-saver3.scr
+IMAGES_EN+= install/console-saver4.scr
+IMAGES_EN+= install/desktop.scr
+IMAGES_EN+= install/disklabel-auto.scr
+IMAGES_EN+= install/disklabel-ed1.scr
+IMAGES_EN+= install/disklabel-ed2.scr
+IMAGES_EN+= install/disklabel-fs.scr
+IMAGES_EN+= install/disklabel-root1.scr
+IMAGES_EN+= install/disklabel-root2.scr
+IMAGES_EN+= install/disklabel-root3.scr
+IMAGES_EN+= install/disk-layout.eps
+IMAGES_EN+= install/dist-set.scr
+IMAGES_EN+= install/dist-set2.scr
+IMAGES_EN+= install/docmenu1.scr
+IMAGES_EN+= install/ed0-conf.scr
+IMAGES_EN+= install/ed0-conf2.scr
+IMAGES_EN+= install/edit-inetd-conf.scr
+IMAGES_EN+= install/fdisk-drive1.scr
+IMAGES_EN+= install/fdisk-drive2.scr
+IMAGES_EN+= install/fdisk-edit1.scr
+IMAGES_EN+= install/fdisk-edit2.scr
+IMAGES_EN+= install/ftp-anon1.scr
+IMAGES_EN+= install/ftp-anon2.scr
+IMAGES_EN+= install/hdwrconf.scr
+IMAGES_EN+= install/keymap.scr
+IMAGES_EN+= install/main1.scr
+IMAGES_EN+= install/mainexit.scr
+IMAGES_EN+= install/main-std.scr
+IMAGES_EN+= install/main-options.scr
+IMAGES_EN+= install/main-doc.scr
+IMAGES_EN+= install/main-keymap.scr
+IMAGES_EN+= install/media.scr
+IMAGES_EN+= install/mouse1.scr
+IMAGES_EN+= install/mouse2.scr
+IMAGES_EN+= install/mouse3.scr
+IMAGES_EN+= install/mouse4.scr
+IMAGES_EN+= install/mouse5.scr
+IMAGES_EN+= install/mouse6.scr
+IMAGES_EN+= install/mta-main.scr
+IMAGES_EN+= install/net-config-menu1.scr
+IMAGES_EN+= install/net-config-menu2.scr
+IMAGES_EN+= install/nfs-server-edit.scr
+IMAGES_EN+= install/ntp-config.scr
+IMAGES_EN+= install/options.scr
+IMAGES_EN+= install/pkg-cat.scr
+IMAGES_EN+= install/pkg-confirm.scr
+IMAGES_EN+= install/pkg-install.scr
+IMAGES_EN+= install/pkg-sel.scr
+IMAGES_EN+= install/probstart.scr
+IMAGES_EN+= install/routed.scr
+IMAGES_EN+= install/security.scr
+IMAGES_EN+= install/sysinstall-exit.scr
+IMAGES_EN+= install/timezone1.scr
+IMAGES_EN+= install/timezone2.scr
+IMAGES_EN+= install/timezone3.scr
+IMAGES_EN+= install/userconfig.scr
+IMAGES_EN+= install/userconfig2.scr
+IMAGES_EN+= install/xf86setup.scr
+IMAGES_EN+= mail/mutt1.scr
+IMAGES_EN+= mail/mutt2.scr
+IMAGES_EN+= mail/mutt3.scr
+IMAGES_EN+= mail/pine1.scr
+IMAGES_EN+= mail/pine2.scr
+IMAGES_EN+= mail/pine3.scr
+IMAGES_EN+= mail/pine4.scr
+IMAGES_EN+= mail/pine5.scr
+
+IMAGES_EN+= install/example-dir1.eps
+IMAGES_EN+= install/example-dir2.eps
+IMAGES_EN+= install/example-dir3.eps
+IMAGES_EN+= install/example-dir4.eps
+IMAGES_EN+= install/example-dir5.eps
+IMAGES_EN+= security/ipsec-network.pic
+IMAGES_EN+= security/ipsec-crypt-pkt.pic
+IMAGES_EN+= security/ipsec-encap-pkt.pic
+IMAGES_EN+= security/ipsec-out-pkt.pic
+IMAGES_EN+= vinum/vinum-concat.pic
+IMAGES_EN+= vinum/vinum-mirrored-vol.pic
+IMAGES_EN+= vinum/vinum-raid10-vol.pic
+IMAGES_EN+= vinum/vinum-raid5-org.pic
+IMAGES_EN+= vinum/vinum-simple-vol.pic
+IMAGES_EN+= vinum/vinum-striped-vol.pic
+IMAGES_EN+= vinum/vinum-striped.pic
+
+# Images from the cross-document image library
+IMAGES_LIB= callouts/1.png
+IMAGES_LIB+= callouts/2.png
+IMAGES_LIB+= callouts/3.png
+IMAGES_LIB+= callouts/4.png
+IMAGES_LIB+= callouts/5.png
+IMAGES_LIB+= callouts/6.png
+IMAGES_LIB+= callouts/7.png
+IMAGES_LIB+= callouts/8.png
+IMAGES_LIB+= callouts/9.png
+IMAGES_LIB+= callouts/10.png
+
+#
+# SRCS lists the individual SGML files that make up the document. Changes
+# to any of these files will force a rebuild
+#
+
+# SGML content
+SRCS+= audit/chapter.sgml
+SRCS+= book.sgml
+SRCS+= colophon.sgml
+SRCS+= freebsd-glossary.sgml
+SRCS+= advanced-networking/chapter.sgml
+SRCS+= basics/chapter.sgml
+SRCS+= bibliography/chapter.sgml
+SRCS+= boot/chapter.sgml
+SRCS+= config/chapter.sgml
+SRCS+= cutting-edge/chapter.sgml
+SRCS+= desktop/chapter.sgml
+SRCS+= disks/chapter.sgml
+SRCS+= eresources/chapter.sgml
+SRCS+= firewalls/chapter.sgml
+SRCS+= geom/chapter.sgml
+SRCS+= install/chapter.sgml
+SRCS+= introduction/chapter.sgml
+SRCS+= kernelconfig/chapter.sgml
+SRCS+= l10n/chapter.sgml
+SRCS+= linuxemu/chapter.sgml
+SRCS+= mac/chapter.sgml
+SRCS+= mail/chapter.sgml
+SRCS+= mirrors/chapter.sgml
+SRCS+= multimedia/chapter.sgml
+SRCS+= network-servers/chapter.sgml
+SRCS+= pgpkeys/chapter.sgml
+SRCS+= ports/chapter.sgml
+SRCS+= ppp-and-slip/chapter.sgml
+SRCS+= preface/preface.sgml
+SRCS+= printing/chapter.sgml
+SRCS+= security/chapter.sgml
+SRCS+= serialcomms/chapter.sgml
+SRCS+= users/chapter.sgml
+SRCS+= vinum/chapter.sgml
+SRCS+= x11/chapter.sgml
+
+# Entities
+SRCS+= chapters.ent
+
+SYMLINKS= ${DESTDIR} index.html handbook.html
+
+# Turn on all the chapters.
+CHAPTERS?= ${SRCS:M*chapter.sgml}
+
+SGMLFLAGS+= ${CHAPTERS:S/\/chapter.sgml//:S/^/-i chap./}
+SGMLFLAGS+= -i chap.freebsd-glossary
+
+# XXX The Handbook build currently overflows some internal, hardcoded
+# limits in pdftex. Until we split the Handbook up, build the PDF
+# version using ps2pdf instead of pdftex.
+
+PS2PDF?= ${PREFIX}/bin/ps2pdf
+
+book.tex-pdf:
+ ${TOUCH} book.tex-pdf
+
+book.pdf: book.ps
+ ${PS2PDF} book.ps book.pdf
+
+pgpkeyring: pgpkeys/chapter.sgml
+ @${JADE} -V nochunks ${OTHERFLAGS} ${JADEOPTS} -d ${DSLPGP} -t sgml ${MASTERDOC}
+
+#
+# Handbook-specific variables
+#
+.if defined(WITH_PGPKEYS)
+JADEFLAGS+= -V withpgpkeys
+.endif
+
+URL_RELPREFIX?= ../../../..
+DOC_PREFIX?= ${.CURDIR}/../../..
+
+#
+# rules generating lists of mirror site from XML database.
+#
+XMLDOCS= mirrors-ftp:::mirrors.sgml.ftp.inc.tmp \
+ mirrors-cvsup:::mirrors.sgml.cvsup.inc.tmp \
+ eresources:::eresources.sgml.www.inc.tmp
+DEPENDSET.DEFAULT= transtable mirror
+XSLT.DEFAULT= ${XSL_MIRRORS}
+XML.DEFAULT= ${XML_MIRRORS}
+NO_TIDY.DEFAULT= yes
+
+PARAMS.mirrors-ftp+= --param 'type' "'ftp'" \
+ --param 'proto' "'ftp'" \
+ --param 'target' "'handbook/mirrors/chapter.sgml'"
+PARAMS.mirrors-cvsup+= --param 'type' "'cvsup'" \
+ --param 'proto' "'cvsup'" \
+ --param 'target' "'handbook/mirrors/chapter.sgml'"
+PARAMS.eresources+= --param 'type' "'www'" \
+ --param 'proto' "'http'" \
+ --param 'target' "'handbook/eresources/chapter.sgml'"
+
+SRCS+= mirrors.sgml.ftp.inc \
+ mirrors.sgml.cvsup.inc \
+ eresources.sgml.www.inc
+
+CLEANFILES+= mirrors.sgml.ftp.inc mirrors.sgml.ftp.inc.tmp \
+ mirrors.sgml.cvsup.inc mirrors.sgml.cvsup.inc.tmp \
+ eresources.sgml.www.inc eresources.sgml.www.inc.tmp
+
+.include "${DOC_PREFIX}/share/mk/doc.project.mk"
+
+.for p in ftp cvsup
+mirrors.sgml.${p}.inc: mirrors.sgml.${p}.inc.tmp
+ ${SED} -e 's,<\([^ >]*\)\([^>]*\)/>,<\1\2></\1>,;s,</anchor>,,'\
+ < $@.tmp > $@ || (${RM} -f $@ && false)
+.endfor
+
+eresources.sgml.www.inc: eresources.sgml.www.inc.tmp
+ ${SED} -e 's,<\([^ >]*\)\([^>]*\)/>,<\1\2></\1>,;s,</anchor>,,'\
+ < $@.tmp > $@ || (${RM} -f $@ && false)
diff --git a/zh_TW.Big5/books/handbook/advanced-networking/Makefile b/zh_TW.Big5/books/handbook/advanced-networking/Makefile
new file mode 100644
index 0000000000..eb62e4335c
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/advanced-networking/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= advanced-networking/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml b/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml
new file mode 100644
index 0000000000..117697e5e9
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml
@@ -0,0 +1,4233 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+ Original Version: 1.371
+-->
+
+<chapter id="advanced-networking">
+ <title>Advanced Networking</title>
+
+ <sect1 id="advanced-networking-synopsis">
+ <title>Synopsis</title>
+
+ <para>This chapter will cover a number of advanced networking
+ topics.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The basics of gateways and routes.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up IEEE 802.11 and &bluetooth; devices.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to make FreeBSD act as a bridge.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up network booting on a diskless machine.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up network address translation.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to connect two computers via PLIP.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up IPv6 on a FreeBSD machine.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure ATM.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand the basics of the <filename>/etc/rc</filename> scripts.</para>
+ </listitem>
+
+ <listitem>
+ <para>Be familiar with basic network terminology.</para>
+ </listitem>
+
+ <listitem>
+ <para>Know how to configure and install a new FreeBSD kernel
+ (<xref linkend="kernelconfig">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Know how to install additional third-party
+ software (<xref linkend="ports">).</para>
+ </listitem>
+
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="network-routing">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Coranth</firstname>
+ <surname>Gryphon</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Gateways and Routes</title>
+
+ <indexterm><primary>routing</primary></indexterm>
+ <indexterm><primary>gateway</primary></indexterm>
+ <indexterm><primary>subnet</primary></indexterm>
+ <para>For one machine to be able to find another over a network,
+ there must be a mechanism in place to describe how to get from
+ one to the other. This is called
+ <firstterm>routing</firstterm>. A <quote>route</quote> is a
+ defined pair of addresses: a <quote>destination</quote> and a
+ <quote>gateway</quote>. The pair indicates that if you are
+ trying to get to this <emphasis>destination</emphasis>,
+ communicate through this <emphasis>gateway</emphasis>. There
+ are three types of destinations: individual hosts, subnets, and
+ <quote>default</quote>. The <quote>default route</quote> is
+ used if none of the other routes apply. We will talk a little
+ bit more about default routes later on. There are also three
+ types of gateways: individual hosts, interfaces (also called
+ <quote>links</quote>), and Ethernet hardware addresses (MAC
+ addresses).
+ </para>
+
+ <sect2>
+ <title>An Example</title>
+
+ <para>To illustrate different aspects of routing, we will use the
+ following example from <command>netstat</command>:</para>
+
+ <screen>&prompt.user; <userinput>netstat -r</userinput>
+Routing tables
+
+Destination Gateway Flags Refs Use Netif Expire
+
+default outside-gw UGSc 37 418 ppp0
+localhost localhost UH 0 181 lo0
+test0 0:e0:b5:36:cf:4f UHLW 5 63288 ed0 77
+10.20.30.255 link#1 UHLW 1 2421
+example.com link#1 UC 0 0
+host1 0:e0:a8:37:8:1e UHLW 3 4601 lo0
+host2 0:e0:a8:37:8:1e UHLW 0 5 lo0 =>
+host2.example.com link#1 UC 0 0
+224 link#1 UC 0 0</screen>
+
+ <indexterm><primary>default route</primary></indexterm>
+ <para>The first two lines specify the default route (which we
+ will cover in the <link linkend="network-routing-default">next
+ section</link>) and the <hostid>localhost</hostid> route.</para>
+
+ <indexterm><primary>loopback device</primary></indexterm>
+ <para>The interface (<literal>Netif</literal> column) that this
+ routing table specifies to use for
+ <literal>localhost</literal> is <devicename>lo0</devicename>,
+ also known as the loopback device. This says to keep all
+ traffic for this destination internal, rather than sending it
+ out over the LAN, since it will only end up back where it
+ started.</para>
+
+ <indexterm>
+ <primary>Ethernet</primary>
+ <secondary>MAC address</secondary>
+ </indexterm>
+ <para>The next thing that stands out are the addresses beginning
+ with <hostid role="mac">0:e0:</hostid>. These are Ethernet
+ hardware addresses, which are also known as MAC addresses.
+ FreeBSD will automatically identify any hosts
+ (<hostid>test0</hostid> in the example) on the local Ethernet
+ and add a route for that host, directly to it over the
+ Ethernet interface, <devicename>ed0</devicename>. There is
+ also a timeout (<literal>Expire</literal> column) associated
+ with this type of route, which is used if we fail to hear from
+ the host in a specific amount of time. When this happens, the
+ route to this host will be automatically deleted. These hosts
+ are identified using a mechanism known as RIP (Routing
+ Information Protocol), which figures out routes to local hosts
+ based upon a shortest path determination.</para>
+
+ <indexterm><primary>subnet</primary></indexterm>
+ <para>FreeBSD will also add subnet routes for the local subnet (<hostid
+ role="ipaddr">10.20.30.255</hostid> is the broadcast address for the
+ subnet <hostid role="ipaddr">10.20.30</hostid>, and <hostid
+ role="domainname">example.com</hostid> is the domain name associated
+ with that subnet). The designation <literal>link#1</literal> refers
+ to the first Ethernet card in the machine. You will notice no
+ additional interface is specified for those.</para>
+
+ <para>Both of these groups (local network hosts and local subnets) have
+ their routes automatically configured by a daemon called
+ <application>routed</application>. If this is not run, then only
+ routes which are statically defined (i.e. entered explicitly) will
+ exist.</para>
+
+ <para>The <literal>host1</literal> line refers to our host, which it
+ knows by Ethernet address. Since we are the sending host, FreeBSD
+ knows to use the loopback interface (<devicename>lo0</devicename>)
+ rather than sending it out over the Ethernet interface.</para>
+
+ <para>The two <literal>host2</literal> lines are an example of
+ what happens when we use an &man.ifconfig.8; alias (see the
+ section on Ethernet for reasons why we would do this). The
+ <literal>=&gt;</literal> symbol after the
+ <devicename>lo0</devicename> interface says that not only are
+ we using the loopback (since this address also refers to the
+ local host), but specifically it is an alias. Such routes
+ only show up on the host that supports the alias; all other
+ hosts on the local network will simply have a
+ <literal>link#1</literal> line for such routes.</para>
+
+ <para>The final line (destination subnet <hostid role="ipaddr">224</hostid>) deals
+ with multicasting, which will be covered in another section.</para>
+
+ <para>Finally, various attributes of each route can be seen in
+ the <literal>Flags</literal> column. Below is a short table
+ of some of these flags and their meanings:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="4*">
+
+ <tbody>
+ <row>
+ <entry>U</entry>
+ <entry>Up: The route is active.</entry>
+ </row>
+
+ <row>
+ <entry>H</entry>
+ <entry>Host: The route destination is a single host.</entry>
+ </row>
+
+ <row>
+ <entry>G</entry>
+ <entry>Gateway: Send anything for this destination on to this
+ remote system, which will figure out from there where to send
+ it.</entry>
+ </row>
+
+ <row>
+ <entry>S</entry>
+ <entry>Static: This route was configured manually, not
+ automatically generated by the system.</entry>
+ </row>
+
+ <row>
+ <entry>C</entry>
+ <entry>Clone: Generates a new route based upon this route for
+ machines we connect to. This type of route is normally used
+ for local networks.</entry>
+ </row>
+
+ <row>
+ <entry>W</entry>
+ <entry>WasCloned: Indicated a route that was auto-configured
+ based upon a local area network (Clone) route.</entry>
+ </row>
+
+ <row>
+ <entry>L</entry>
+ <entry>Link: Route involves references to Ethernet
+ hardware.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
+ <sect2 id="network-routing-default">
+ <title>Default Routes</title>
+
+ <indexterm><primary>default route</primary></indexterm>
+ <para>When the local system needs to make a connection to a remote host,
+ it checks the routing table to determine if a known path exists. If
+ the remote host falls into a subnet that we know how to reach (Cloned
+ routes), then the system checks to see if it can connect along that
+ interface.</para>
+
+ <para>If all known paths fail, the system has one last option: the
+ <quote>default</quote> route. This route is a special type of gateway
+ route (usually the only one present in the system), and is always
+ marked with a <literal>c</literal> in the flags field. For hosts on a
+ local area network, this gateway is set to whatever machine has a
+ direct connection to the outside world (whether via PPP link,
+ DSL, cable modem, T1, or another network interface).</para>
+
+ <para>If you are configuring the default route for a machine which
+ itself is functioning as the gateway to the outside world, then the
+ default route will be the gateway machine at your Internet Service
+ Provider's (ISP) site.</para>
+
+ <para>Let us look at an example of default routes. This is a common
+ configuration:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="advanced-networking/net-routing">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced">
+[Local2] &lt;--ether--&gt; [Local1] &lt;--PPP--&gt; [ISP-Serv] &lt;--ether--&gt; [T1-GW]
+ </literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>The hosts <hostid>Local1</hostid> and
+ <hostid>Local2</hostid> are at your site.
+ <hostid>Local1</hostid> is connected to an ISP via a dial up
+ PPP connection. This PPP server computer is connected through
+ a local area network to another gateway computer through an
+ external interface to the ISPs Internet feed.</para>
+
+ <para>The default routes for each of your machines will be:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Host</entry>
+ <entry>Default Gateway</entry>
+ <entry>Interface</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>Local2</entry>
+ <entry>Local1</entry>
+ <entry>Ethernet</entry>
+ </row>
+
+ <row>
+ <entry>Local1</entry>
+ <entry>T1-GW</entry>
+ <entry>PPP</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>A common question is <quote>Why (or how) would we set
+ the <hostid>T1-GW</hostid> to be the default gateway for
+ <hostid>Local1</hostid>, rather than the ISP server it is
+ connected to?</quote>.</para>
+
+ <para>Remember, since the PPP interface is using an address on the ISP's
+ local network for your side of the connection, routes for any other
+ machines on the ISP's local network will be automatically generated.
+ Hence, you will already know how to reach the <hostid>T1-GW</hostid>
+ machine, so there is no need for the intermediate step
+ of sending traffic to the ISP server.</para>
+
+ <para>It is common to use the address <hostid
+ role="ipaddr">X.X.X.1</hostid> as the gateway address for your local
+ network. So (using the same example), if your local class-C address
+ space was <hostid role="ipaddr">10.20.30</hostid> and your ISP was
+ using <hostid role="ipaddr">10.9.9</hostid> then the default routes
+ would be:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Host</entry>
+ <entry>Default Route</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Local2 (10.20.30.2)</entry>
+ <entry>Local1 (10.20.30.1)</entry>
+ </row>
+ <row>
+ <entry>Local1 (10.20.30.1, 10.9.9.30)</entry>
+ <entry>T1-GW (10.9.9.1)</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>You can easily define the default route via the
+ <filename>/etc/rc.conf</filename> file. In our example, on the
+ <hostid>Local2</hostid> machine, we added the following line
+ in <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>defaultrouter="10.20.30.1"</programlisting>
+
+ <para>It is also possible to do it directly from the command
+ line with the &man.route.8; command:</para>
+
+ <screen>&prompt.root; <userinput>route add default 10.20.30.1</userinput></screen>
+
+ <para>For more information on manual manipulation of network
+ routing tables, consult &man.route.8; manual page.</para>
+ </sect2>
+
+ <sect2>
+ <title>Dual Homed Hosts</title>
+ <indexterm><primary>dual homed hosts</primary></indexterm>
+ <para>There is one other type of configuration that we should cover, and
+ that is a host that sits on two different networks. Technically, any
+ machine functioning as a gateway (in the example above, using a PPP
+ connection) counts as a dual-homed host. But the term is really only
+ used to refer to a machine that sits on two local-area
+ networks.</para>
+
+ <para>In one case, the machine has two Ethernet cards, each
+ having an address on the separate subnets. Alternately, the
+ machine may only have one Ethernet card, and be using
+ &man.ifconfig.8; aliasing. The former is used if two
+ physically separate Ethernet networks are in use, the latter
+ if there is one physical network segment, but two logically
+ separate subnets.</para>
+
+ <para>Either way, routing tables are set up so that each subnet knows
+ that this machine is the defined gateway (inbound route) to the other
+ subnet. This configuration, with the machine acting as a router
+ between the two subnets, is often used when we need to implement
+ packet filtering or firewall security in either or both
+ directions.</para>
+
+ <para>If you want this machine to actually forward packets
+ between the two interfaces, you need to tell FreeBSD to enable
+ this ability. See the next section for more details on how
+ to do this.</para>
+ </sect2>
+
+ <sect2 id="network-dedicated-router">
+ <title>Building a Router</title>
+
+ <indexterm><primary>router</primary></indexterm>
+
+ <para>A network router is simply a system that forwards packets
+ from one interface to another. Internet standards and good
+ engineering practice prevent the FreeBSD Project from enabling
+ this by default in FreeBSD. You can enable this feature by
+ changing the following variable to <literal>YES</literal> in
+ &man.rc.conf.5;:</para>
+
+ <programlisting>gateway_enable=YES # Set to YES if this host will be a gateway</programlisting>
+
+ <para>This option will set the &man.sysctl.8; variable
+ <varname>net.inet.ip.forwarding</varname> to
+ <literal>1</literal>. If you should need to stop routing
+ temporarily, you can reset this to <literal>0</literal> temporarily.</para>
+
+ <para>Your new router will need routes to know where to send the
+ traffic. If your network is simple enough you can use static
+ routes. FreeBSD also comes with the standard BSD routing
+ daemon &man.routed.8;, which speaks RIP (both version 1 and
+ version 2) and IRDP. Support for BGP v4, OSPF v2, and other
+ sophisticated routing protocols is available with the
+ <filename role="package">net/zebra</filename> package.
+ Commercial products such as <application>&gated;</application> are also available for more
+ complex network routing solutions.</para>
+
+<indexterm><primary>BGP</primary></indexterm>
+<indexterm><primary>RIP</primary></indexterm>
+<indexterm><primary>OSPF</primary></indexterm>
+ </sect2>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Al</firstname>
+ <surname>Hoang</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <!-- Feb 2004 -->
+ <title>Setting Up Static Routes</title>
+
+ <sect3>
+ <title>Manual Configuration</title>
+
+ <para>Let us assume we have a network as follows:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="advanced-networking/static-routes">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced">
+ INTERNET
+ | (10.0.0.1/24) Default Router to Internet
+ |
+ |Interface xl0
+ |10.0.0.10/24
+ +------+
+ | | RouterA
+ | | (FreeBSD gateway)
+ +------+
+ | Interface xl1
+ | 192.168.1.1/24
+ |
+ +--------------------------------+
+ Internal Net 1 | 192.168.1.2/24
+ |
+ +------+
+ | | RouterB
+ | |
+ +------+
+ | 192.168.2.1/24
+ |
+ Internal Net 2
+ </literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>In this scenario, <hostid>RouterA</hostid> is our &os;
+ machine that is acting as a router to the rest of the
+ Internet. It has a default route set to <hostid
+ role="ipaddr">10.0.0.1</hostid> which allows it to connect
+ with the outside world. We will assume that
+ <hostid>RouterB</hostid> is already configured properly and
+ knows how to get wherever it needs to go. (This is simple
+ in this picture. Just add a default route on
+ <hostid>RouterB</hostid> using <hostid
+ role="ipaddr">192.168.1.1</hostid> as the gateway.)</para>
+
+ <para>If we look at the routing table for
+ <hostid>RouterA</hostid> we would see something like the
+ following:</para>
+
+ <screen>&prompt.user; <userinput>netstat -nr</userinput>
+Routing tables
+
+Internet:
+Destination Gateway Flags Refs Use Netif Expire
+default 10.0.0.1 UGS 0 49378 xl0
+127.0.0.1 127.0.0.1 UH 0 6 lo0
+10.0.0/24 link#1 UC 0 0 xl0
+192.168.1/24 link#2 UC 0 0 xl1</screen>
+
+ <para>With the current routing table <hostid>RouterA</hostid>
+ will not be able to reach our Internal Net 2. It does not
+ have a route for <hostid
+ role="ipaddr">192.168.2.0/24</hostid>. One way to alleviate
+ this is to manually add the route. The following command
+ would add the Internal Net 2 network to
+ <hostid>RouterA</hostid>'s routing table using <hostid
+ role="ipaddr">192.168.1.2</hostid> as the next hop:</para>
+
+ <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen>
+
+ <para>Now <hostid>RouterA</hostid> can reach any hosts on the
+ <hostid role="ipaddr">192.168.2.0/24</hostid>
+ network.</para>
+ </sect3>
+
+ <sect3>
+ <title>Persistent Configuration</title>
+
+ <para>The above example is perfect for configuring a static
+ route on a running system. However, one problem is that the
+ routing information will not persist if you reboot your &os;
+ machine. The way to handle the addition of a static route
+ is to put it in your <filename>/etc/rc.conf</filename>
+ file:</para>
+
+ <programlisting># Add Internal Net 2 as a static route
+static_routes="internalnet2"
+route_internalnet2="-net 192.168.2.0/24 192.168.1.2"</programlisting>
+
+ <para>The <literal>static_routes</literal> configuration
+ variable is a list of strings separated by a space. Each
+ string references to a route name. In our above example we
+ only have one string in <literal>static_routes</literal>.
+ This string is <replaceable>internalnet2</replaceable>. We
+ then add a configuration variable called
+ <literal>route_<replaceable>internalnet2</replaceable></literal>
+ where we put all of the configuration parameters we would
+ give to the &man.route.8; command. For our example above we
+ would have used the command:</para>
+
+ <screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen>
+
+ <para>so we need <literal>"-net 192.168.2.0/24 192.168.1.2"</literal>.</para>
+
+ <para>As said above, we can have more than one string in
+ <literal>static_routes</literal>. This allows us to
+ create multiple static routes. The following lines shows
+ an example of adding static routes for the <hostid
+ role="ipaddr">192.168.0.0/24</hostid> and <hostid
+ role="ipaddr">192.168.1.0/24</hostid> networks on an imaginary
+ router:</para>
+
+ <programlisting>static_routes="net1 net2"
+route_net1="-net 192.168.0.0/24 192.168.0.1"
+route_net2="-net 192.168.1.0/24 192.168.1.1"</programlisting>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Routing Propagation</title>
+ <indexterm><primary>routing propagation</primary></indexterm>
+ <para>We have already talked about how we define our routes to the
+ outside world, but not about how the outside world finds us.</para>
+
+ <para>We already know that routing tables can be set up so that all
+ traffic for a particular address space (in our examples, a class-C
+ subnet) can be sent to a particular host on that network, which will
+ forward the packets inbound.</para>
+
+ <para>When you get an address space assigned to your site, your service
+ provider will set up their routing tables so that all traffic for your
+ subnet will be sent down your PPP link to your site. But how do sites
+ across the country know to send to your ISP?</para>
+
+ <para>There is a system (much like the distributed DNS information) that
+ keeps track of all assigned address-spaces, and defines their point of
+ connection to the Internet Backbone. The <quote>Backbone</quote> are
+ the main trunk lines that carry Internet traffic across the country,
+ and around the world. Each backbone machine has a copy of a master
+ set of tables, which direct traffic for a particular network to a
+ specific backbone carrier, and from there down the chain of service
+ providers until it reaches your network.</para>
+
+ <para>It is the task of your service provider to advertise to the
+ backbone sites that they are the point of connection (and thus the
+ path inward) for your site. This is known as route
+ propagation.</para>
+ </sect2>
+
+ <sect2>
+ <title>Troubleshooting</title>
+ <indexterm>
+ <primary><command>traceroute</command></primary>
+ </indexterm>
+ <para>Sometimes, there is a problem with routing propagation, and some
+ sites are unable to connect to you. Perhaps the most useful command
+ for trying to figure out where routing is breaking down is the
+ &man.traceroute.8; command. It is equally useful if you cannot seem
+ to make a connection to a remote machine (i.e. &man.ping.8;
+ fails).</para>
+
+ <para>The &man.traceroute.8; command is run with the name of the remote
+ host you are trying to connect to. It will show the gateway hosts
+ along the path of the attempt, eventually either reaching the target
+ host, or terminating because of a lack of connection.</para>
+
+ <para>For more information, see the manual page for
+ &man.traceroute.8;.</para>
+ </sect2>
+
+ <sect2>
+ <title>Multicast Routing</title>
+ <indexterm>
+ <primary>multicast routing</primary>
+ </indexterm>
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>MROUTING</secondary>
+ </indexterm>
+ <para>FreeBSD supports both multicast applications and multicast
+ routing natively. Multicast applications do not require any
+ special configuration of FreeBSD; applications will generally
+ run out of the box. Multicast routing
+ requires that support be compiled into the kernel:</para>
+
+ <programlisting>options MROUTING</programlisting>
+
+ <para>In addition, the multicast routing daemon, &man.mrouted.8;
+ must be configured to set up tunnels and <acronym>DVMRP</acronym> via
+ <filename>/etc/mrouted.conf</filename>. More details on
+ multicast configuration may be found in the manual page for
+ &man.mrouted.8;.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-wireless">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Eric</firstname>
+ <surname>Anderson</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Wireless Networking</title>
+
+ <indexterm><primary>wireless networking</primary></indexterm>
+ <indexterm>
+ <primary>802.11</primary>
+ <see>wireless networking</see>
+ </indexterm>
+
+ <sect2>
+ <title>Introduction</title>
+ <para>It can be very useful to be able to use a computer without the
+ annoyance of having a network cable attached at all times. FreeBSD can
+ be used as a wireless client, and even as a wireless <quote>access
+ point</quote>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Wireless Modes of Operation</title>
+ <para>There are two different ways to configure 802.11 wireless devices:
+ BSS and IBSS.</para>
+
+ <sect3>
+ <title>BSS Mode</title>
+ <para>BSS mode is the mode that typically is used. BSS mode is
+ also called infrastructure mode. In this mode, a number of
+ wireless access points are connected to a wired network. Each
+ wireless network has its own name. This name is called the
+ SSID of the network.</para>
+
+ <para>Wireless clients connect to these wireless access
+ points. The IEEE 802.11 standard defines the protocol that
+ wireless networks use to connect. A wireless client can be
+ tied to a specific network, when a SSID is set. A wireless
+ client can also attach to any network by not explicitly
+ setting a SSID.</para>
+ </sect3>
+
+ <sect3>
+ <title>IBSS Mode</title>
+ <para>IBSS mode, also called ad-hoc mode, is designed for point
+ to point connections. There are actually two types of ad-hoc
+ mode. One is IBSS mode, also called ad-hoc or IEEE ad-hoc
+ mode. This mode is defined by the IEEE 802.11 standards.
+ The second is called demo ad-hoc mode or Lucent ad-hoc mode
+ (and sometimes, confusingly, ad-hoc mode). This is the old,
+ pre-802.11 ad-hoc mode and should only be used for legacy
+ installations. We will not cover either of the ad-hoc modes
+ further.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Infrastructure Mode</title>
+ <sect3>
+ <title>Access Points</title>
+
+ <para>Access points are wireless networking devices that allow
+ one or more wireless clients to use the device as a central
+ hub. When using an access point, all clients communicate
+ through the access point. Multiple access points are often
+ used to cover a complete area such as a house, business, or
+ park with a wireless network.</para>
+
+ <para>Access points typically have multiple network
+ connections: the wireless card, and one or more wired Ethernet
+ adapters for connection to the rest of the network.
+ </para>
+
+ <para>Access points can either be purchased prebuilt, or you
+ can build your own with FreeBSD and a supported wireless card.
+ Several vendors make wireless access points and wireless cards
+ with various features.</para>
+ </sect3>
+
+ <sect3>
+ <title>Building a FreeBSD Access Point</title>
+ <indexterm><primary>wireless networking</primary>
+ <secondary>access point</secondary>
+ </indexterm>
+
+ <sect4><title>Requirements</title>
+
+ <para>In order to set up a wireless access point with
+ FreeBSD, you need to have a compatible wireless card.
+ Currently, only cards with the Prism chipset are
+ supported. You will also need a wired network card that is
+ supported by FreeBSD (this should not be difficult to find,
+ FreeBSD supports a lot of different devices). For this
+ guide, we will assume you want to &man.bridge.4; all traffic
+ between the wireless device and the network attached to the
+ wired network card.</para>
+
+ <para>The hostap functionality that FreeBSD uses to implement
+ the access point works best with certain versions of
+ firmware. Prism 2 cards should use firmware version 1.3.4
+ or newer. Prism 2.5 and Prism 3 cards should use firmware
+ 1.4.9. Older versions of the firmware way or may not
+ function correctly. At this time, the only way to update
+ cards is with &windows; firmware update utilities available
+ from your card's manufacturer.</para>
+ </sect4>
+
+ <sect4>
+ <title>Setting It Up</title>
+ <para>First, make sure your system can see the wireless card:</para>
+ <screen>&prompt.root; <userinput>ifconfig -a</userinput>
+wi0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
+ inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7
+ inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
+ ether 00:09:2d:2d:c9:50
+ media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps)
+ status: no carrier
+ ssid ""
+ stationname "FreeBSD Wireless node"
+ channel 10 authmode OPEN powersavemode OFF powersavesleep 100
+ wepmode OFF weptxkey 1</screen>
+
+ <para>Do not worry about the details now, just make sure it shows you
+ something to indicate you have a wireless card installed.
+ If you have trouble seeing the wireless interface, and you
+ are using a PC Card, you may want to check out
+ &man.pccardc.8; and &man.pccardd.8; manual pages for more
+ information.</para>
+
+ <para>Next, you will need to load a module in order to get
+ the bridging part of FreeBSD ready for the access point.
+ To load the &man.bridge.4; module, simply run the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>kldload bridge</userinput></screen>
+
+ <para>It should not have produced any errors when loading the
+ module. If it did, you may need to compile the
+ &man.bridge.4; code into your kernel. The <link
+ linkend="network-bridging">Bridging</link> section of this handbook
+ should be able to help you accomplish that task.</para>
+
+ <para>Now that you have the bridging stuff done, we need to
+ tell the FreeBSD kernel which interfaces to bridge together.
+ We do that by using &man.sysctl.8;:</para>
+
+ <screen>&prompt.root; <userinput>sysctl net.link.ether.bridge.enable=1</userinput>
+&prompt.root; <userinput>sysctl net.link.ether.bridge.config="wi0 xl0"</userinput>
+&prompt.root; <userinput>sysctl net.inet.ip.forwarding=1</userinput></screen>
+
+ <para>On &os; versions earlier than 5.2, you
+ need to use the following options instead:</para>
+
+ <screen>&prompt.root; <userinput>sysctl net.link.ether.bridge=1</userinput>
+&prompt.root; <userinput>sysctl net.link.ether.bridge_cfg="wi0,xl0"</userinput>
+&prompt.root; <userinput>sysctl net.inet.ip.forwarding=1</userinput></screen>
+
+ <para>Now it is time for the wireless card setup.
+ The following command will set the card into an access point:</para>
+
+ <screen>
+&prompt.root; <userinput>ifconfig wi0 ssid <replaceable>my_net</replaceable> channel 11 media DS/11Mbps mediaopt hostap up stationname "<replaceable>FreeBSD AP</replaceable>"</userinput>
+ </screen>
+
+ <para>The &man.ifconfig.8; line brings the
+ <devicename>wi0</devicename> interface up, sets its SSID to
+ <replaceable>my_net</replaceable>, and sets the station name to
+ <replaceable>FreeBSD AP</replaceable>. The <option>media
+ DS/11Mbps</option> sets the card into 11Mbps mode and is
+ needed for any <option>mediaopt</option> to take effect.
+ The <option>mediaopt hostap</option> option places the
+ interface into access point mode. The <option>channel
+ 11</option> option sets the 802.11b channel to use. The
+ &man.wicontrol.8; manual page has valid channel options for
+ your regulatory domain.
+ </para>
+
+ <para>Now you should have a complete functioning access point
+ up and running. You are encouraged to read
+ &man.wicontrol.8;, &man.ifconfig.8;, and &man.wi.4; for
+ further information.
+ </para>
+
+ <para>It is also suggested that you read the section on encryption that follows.</para>
+ </sect4>
+
+ <sect4>
+ <title>Status Information</title>
+ <para>Once the access point is configured and operational,
+ operators will want to see the clients that are associated
+ with the access point. At any time, the operator may type:</para>
+
+ <screen>&prompt.root; <userinput>wicontrol -l</userinput>
+1 station:
+00:09:b7:7b:9d:16 asid=04c0, flags=3&lt;ASSOC,AUTH&gt;, caps=1&lt;ESS&gt;, rates=f&lt;1M,2M,5.5M,11M&gt;, sig=38/15
+</screen>
+
+ <para>This shows that there is one station associated, along
+ with its parameters. The signal indicated should be used
+ as a relative indication of strength only. Its
+ translation to dBm or other units varies between different
+ firmware revisions.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Clients</title>
+
+ <para>A wireless client is a system that accesses an access
+ point or another client directly. </para>
+
+ <para>Typically, wireless clients only have one network device,
+ the wireless networking card.</para>
+
+ <para>There are a few different ways to configure a wireless
+ client. These are based on the different wireless modes,
+ generally BSS (infrastructure mode, which requires an access
+ point), and IBSS (ad-hoc, or peer-to-peer mode). In our
+ example, we will use the most popular of the two, BSS mode, to
+ talk to an access point.</para>
+
+ <sect4>
+ <title>Requirements</title>
+ <para>There is only one real requirement for setting up FreeBSD as a wireless client.
+ You will need a wireless card that is supported by FreeBSD.</para>
+ </sect4>
+
+ <sect4>
+ <title>Setting Up a Wireless FreeBSD Client</title>
+
+ <para>You will need to know a few things about the wireless
+ network you are joining before you start. In this example, we
+ are joining a network that has a name of
+ <replaceable>my_net</replaceable>, and encryption turned off.</para>
+
+ <note><para>In this example, we are not using encryption, which
+ is a dangerous situation. In the next section, you will learn
+ how to turn on encryption, why it is important to do so,
+ and why some encryption technologies still do not completely
+ protect you.</para></note>
+
+ <para>Make sure your card is recognized by FreeBSD:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig -a</userinput>
+wi0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
+ inet6 fe80::202:2dff:fe2d:c938%wi0 prefixlen 64 scopeid 0x7
+ inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
+ ether 00:09:2d:2d:c9:50
+ media: IEEE 802.11 Wireless Ethernet autoselect (DS/2Mbps)
+ status: no carrier
+ ssid ""
+ stationname "FreeBSD Wireless node"
+ channel 10 authmode OPEN powersavemode OFF powersavesleep 100
+ wepmode OFF weptxkey 1</screen>
+
+ <para>Now, we can set the card to the correct settings for our
+ network:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig wi0 inet <replaceable>192.168.0.20</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>my_net</replaceable></userinput></screen>
+
+ <para>Replace <hostid role="ipaddr">192.168.0.20</hostid> and
+ <hostid role="netmask">255.255.255.0</hostid> with a valid IP
+ address and netmask on your wired network. Remember, our
+ access point is bridging the data between the wireless
+ network, and the wired network, so it will appear to the other
+ devices on your network that you are on the wired network just
+ as they are.</para>
+
+ <para>Once you have done that, you should be able to ping hosts
+ on the wired network just as if you were connected using a
+ standard wired connection.</para>
+
+ <para>If you are experiencing problems with your wireless
+ connection, check to make sure that you are associated
+ (connected) to the access point:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig wi0</userinput></screen>
+
+ <para>should return some information, and you should see:</para>
+ <screen>status: associated</screen>
+
+ <para>If it does not show <literal>associated</literal>, then you may be out of
+ range of the access point, have encryption on, or
+ possibly have a configuration problem.</para>
+
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Encryption</title>
+ <indexterm>
+ <primary>wireless networking</primary>
+ <secondary>encryption</secondary>
+ </indexterm>
+
+ <para>Encryption on a wireless network is important because you
+ no longer have the ability to keep the network contained in a
+ well protected area. Your wireless data will be broadcast
+ across your entire neighborhood, so anyone who cares to read it
+ can. This is where encryption comes in. By encrypting the
+ data that is sent over the airwaves, you make it much more
+ difficult for any interested party to grab your data right out
+ of the air. </para>
+
+ <para>The two most common ways to encrypt the data between your
+ client and the access point are WEP, and &man.ipsec.4;.</para>
+
+ <sect4>
+ <title>WEP</title>
+ <indexterm><primary>WEP</primary></indexterm>
+
+ <para>WEP is an abbreviation for Wired Equivalency Protocol.
+ WEP is an attempt to make wireless networks as safe and secure
+ as a wired network. Unfortunately, it has been cracked, and is
+ fairly trivial to break. This also means it is not something
+ to rely on when it comes to encrypting sensitive data. </para>
+
+ <para>It is better than nothing, so use the following to turn on
+ WEP on your new FreeBSD access point:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig wi0 inet up ssid <replaceable>my_net</replaceable> wepmode on wepkey <replaceable>0x1234567890</replaceable> media DS/11Mbps mediaopt hostap</userinput></screen>
+
+ <para>And you can turn on WEP on a client with this command:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig wi0 inet <replaceable>192.168.0.20</replaceable> netmask <replaceable>255.255.255.0</replaceable> ssid <replaceable>my_net</replaceable> wepmode on wepkey <replaceable>0x1234567890</replaceable></userinput></screen>
+
+ <para>Note that you should replace the <replaceable>0x1234567890</replaceable> with a more unique key.</para>
+
+ </sect4>
+
+ <sect4>
+ <title>IPsec</title>
+
+ <para>&man.ipsec.4; is a much more robust and powerful tool for
+ encrypting data across a network. This is definitely the
+ preferred way to encrypt data over a wireless network. You can
+ read more about &man.ipsec.4; security and how to implement it
+ in the <link linkend="ipsec">IPsec</link> section of this
+ handbook.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Tools</title>
+
+ <para>There are a small number of tools available for use in
+ debugging and setting up your wireless network, and here we will
+ attempt to describe some of them and what they do.</para>
+
+ <sect4>
+ <title>The <application>bsd-airtools</application> Package</title>
+
+ <para>The <application>bsd-airtools</application> package is a
+ complete toolset that includes wireless auditing tools for WEP
+ key cracking, access point detection, etc.</para>
+
+ <para>The <application>bsd-airtools</application> utilities can be
+ installed from the <filename
+ role="package">net/bsd-airtools</filename> port. Information on
+ installing ports can be found in <xref linkend="ports"> of this
+ handbook.</para>
+
+ <para>The program <command>dstumbler</command> is the packaged
+ tool that allows for access point discovery and signal to noise
+ ratio graphing. If you are having a hard time getting your
+ access point up and running, <command>dstumbler</command> may
+ help you get started.</para>
+
+ <para>To test your wireless network security, you may choose to
+ use <quote>dweputils</quote> (<command>dwepcrack</command>,
+ <command>dwepdump</command> and <command>dwepkeygen</command>)
+ to help you determine if WEP is the right solution to your
+ wireless security needs.</para>
+
+ </sect4>
+
+ <sect4>
+ <title>The <command>wicontrol</command>, <command>ancontrol</command> and <command>raycontrol</command> Utilities</title>
+
+ <para>These are the tools you can use to control how your wireless
+ card behaves on the wireless network. In the examples above, we
+ have chosen to use &man.wicontrol.8;, since our wireless card is
+ a <devicename>wi0</devicename> interface. If you had a Cisco
+ wireless device, it would come up as
+ <devicename>an0</devicename>, and therefore you would use
+ &man.ancontrol.8;.</para>
+
+ </sect4>
+
+ <sect4>
+ <title>The <command>ifconfig</command> Command</title>
+ <indexterm><primary>ifconfig</primary></indexterm>
+
+ <para>The &man.ifconfig.8; command can be used to do many of the same options
+ as &man.wicontrol.8;, however it does lack a few options. Check
+ &man.ifconfig.8; for command line parameters and options.</para>
+
+ </sect4>
+
+ </sect3>
+
+ <sect3>
+ <title>Supported Cards</title>
+ <sect4>
+ <title>Access Points</title>
+
+ <para>The only cards that are currently supported for BSS (as an
+ access point) mode are devices based on the Prism 2, 2.5, or 3
+ chipsets. For a complete list, look at &man.wi.4;.</para>
+
+ </sect4>
+
+ <sect4>
+ <title>802.11b Clients</title>
+
+ <para>Almost all 802.11b wireless cards are currently supported
+ under FreeBSD. Most cards based on Prism, Spectrum24, Hermes,
+ Aironet, and Raylink will work as a wireless network card in
+ IBSS (ad-hoc, peer-to-peer, and BSS) mode.</para>
+
+ </sect4>
+
+ <sect4>
+ <title>802.11a & 802.11g Clients</title>
+
+ <para>The &man.ath.4; device driver supports 802.11a and 802.11g.
+ If your card is based on an Atheros chipset, you may
+ be able to use this driver.</para>
+
+ <para>Unfortunately, there are still many vendors that do not
+ provide schematics for their drivers to the open source
+ community because they regard such information as trade
+ secrets. Consequently, the developers of FreeBSD and other
+ operating systems are left two choices: develop the drivers by
+ a long and pain-staking process of reverse engineering or using
+ the existing driver binaries available for the
+ &microsoft.windows; platforms. Most developers, including those
+ involved with FreeBSD, have taken the latter approach.</para>
+
+ <para>Thanks to the contributions of Bill Paul (wpaul), as of
+ FreeBSD&nbsp;5.3-RELEASE there is <quote>native</quote>
+ support for the Network Driver Interface Specification
+ (NDIS). The FreeBSD NDISulator (otherwise known as Project Evil)
+ takes a &windows; driver binary and basically tricks it into
+ thinking it is running on &windows;. This feature is still
+ relatively new, but most test cases seem to work
+ adequately.</para>
+
+ <indexterm><primary>NDIS</primary></indexterm>
+ <indexterm><primary>NDISulator</primary></indexterm>
+ <indexterm><primary>&windows; drivers</primary></indexterm>
+ <indexterm><primary>Microsoft Windows</primary></indexterm>
+ <indexterm><primary>Microsoft Windows</primary>
+ <secondary>device drivers</secondary></indexterm>
+ <indexterm><primary>KLD (kernel loadable object)</primary></indexterm>
+<!-- We should probably omit the expanded name, and add a <see> entry
+for it. Whatever is done must also be done to the same indexterm in
+linuxemu/chapter.sgml -->
+
+ <para>In order to use the NDISulator, you need three things:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Kernel sources</para>
+ </listitem>
+ <listitem>
+ <para>&windowsxp; driver binary
+ (<filename>.SYS</filename> extension)</para>
+ </listitem>
+ <listitem>
+ <para>&windowsxp; driver configuration file
+ (<filename>.INF</filename> extension)</para>
+ </listitem>
+ </orderedlist>
+
+ <para>You may need to compile the &man.ndis.4; mini port driver
+ wrapper module. As <username>root</username>:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/sys/modules/ndis</userinput>
+&prompt.root; <userinput>make && make install</userinput></screen>
+
+ <para>Locate the files for your specific card. Generally, they can
+ be found on the included CDs or at the vendors' websites. In the
+ following examples, we will use
+ <filename>W32DRIVER.SYS</filename> and
+ <filename>W32DRIVER.INF</filename>.</para>
+
+ <para>The next step is to compile the driver binary into a
+ loadable kernel module. To accomplish this, as
+ <username>root</username>, go into the
+ <filename>if_ndis</filename> module directory and copy the
+ &windows; driver files into it:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/sys/modules/if_ndis</userinput>
+&prompt.root; <userinput>cp <replaceable>/path/to/driver/W32DRIVER.SYS</replaceable> ./</userinput>
+&prompt.root; <userinput>cp <replaceable>/path/to/driver/W32DRIVER.INF</replaceable> ./</userinput></screen>
+
+ <para>We will now use the <command>ndiscvt</command> utility to
+ create the driver definition header
+ <filename>ndis_driver_data.h</filename> to build the
+ module:</para>
+
+ <screen>&prompt.root; <userinput>ndiscvt -i <replaceable>W32DRIVER.INF</replaceable> -s <replaceable>W32DRIVER.SYS</replaceable> -o ndis_driver_data.h</userinput></screen>
+
+ <para>The <option>-i</option> and <option>-s</option> options specify
+ the configuration and binary files, respectively. We use the
+ <option>-o ndis_driver_data.h</option> option because the
+ <filename>Makefile</filename> will be looking for this file when it
+ comes time to build the module. </para>
+
+ <note>
+ <para>Some &windows; drivers require additional files to operate. You
+ may include them with <command>ndiscvt</command> by using the
+ <option>-f</option> option. Consult the &man.ndiscvt.8; manual page
+ for more information.</para>
+ </note>
+
+ <para>Finally, we can build and install the driver module:</para>
+
+ <screen>&prompt.root; <userinput>make && make install</userinput></screen>
+
+ <para>To use the driver, you must load the appropriate modules:</para>
+
+ <screen>&prompt.root; <userinput>kldload ndis</userinput>
+&prompt.root; <userinput>kldload if_ndis</userinput></screen>
+
+ <para>The first command loads the NDIS miniport driver wrapper,
+ the second loads the actual network interface. Check
+ &man.dmesg.8; to see if there were any errors loading. If all
+ went well, you should get output resembling the
+ following:</para>
+
+ <screen>ndis0: &lt;Wireless-G PCI Adapter&gt; mem 0xf4100000-0xf4101fff irq 3 at device 8.0 on pci1
+ndis0: NDIS API version: 5.0
+ndis0: Ethernet address: 0a:b1:2c:d3:4e:f5
+ndis0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
+ndis0: 11g rates: 6Mbps 9Mbps 12Mbps 18Mbps 36Mbps 48Mbps 54Mbps</screen>
+
+ <para>From here you can treat the <devicename>ndis0</devicename> device
+ like any other wireless device (e.g. <devicename>wi0</devicename>) and
+ consult the earlier sections of this chapter.</para>
+
+ </sect4>
+
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-bluetooth">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Pav</firstname>
+ <surname>Lucistnik</surname>
+ <contrib>Written by </contrib>
+ <affiliation>
+ <address><email>pav@FreeBSD.org</email></address>
+ </affiliation>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Bluetooth</title>
+
+ <indexterm><primary>Bluetooth</primary></indexterm>
+ <sect2>
+ <title>Introduction</title>
+ <para>Bluetooth is a wireless technology for creating personal networks
+ operating in the 2.4 GHz unlicensed band, with a range of 10 meters.
+ Networks are usually formed ad-hoc from portable devices such as
+ cellular phones, handhelds and laptops. Unlike the other popular
+ wireless technology, Wi-Fi, Bluetooth offers higher level service
+ profiles, e.g. FTP-like file servers, file pushing, voice transport,
+ serial line emulation, and more.</para>
+
+ <para>The Bluetooth stack in &os; is implemented using the Netgraph
+ framework (see &man.netgraph.4;). A broad variety of Bluetooth USB
+ dongles is supported by the &man.ng.ubt.4; driver. The Broadcom BCM2033
+ chip based Bluetooth devices are supported via the &man.ubtbcmfw.4; and
+ &man.ng.ubt.4; drivers. The 3Com Bluetooth PC Card 3CRWB60-A is
+ supported by the &man.ng.bt3c.4; driver. Serial and UART based
+ Bluetooth devices are supported via &man.sio.4;, &man.ng.h4.4;
+ and &man.hcseriald.8;. This section describes the use of the USB
+ Bluetooth dongle. Bluetooth support is available in &os; 5.0 and newer
+ systems.</para>
+ </sect2>
+
+ <sect2>
+ <title>Plugging in the Device</title>
+ <para>By default Bluetooth device drivers are available as kernel modules.
+ Before attaching a device, you will need to load the driver into the
+ kernel:</para>
+
+ <screen>&prompt.root; <userinput>kldload ng_ubt</userinput></screen>
+
+ <para>If the Bluetooth device is present in the system during system
+ startup, load the module from
+ <filename>/boot/loader.conf</filename>:</para>
+
+ <programlisting>ng_ubt_load="YES"</programlisting>
+
+ <para>Plug in your USB dongle. The output similar to the following will
+ appear on the console (or in syslog):</para>
+
+ <screen>ubt0: vendor 0x0a12 product 0x0001, rev 1.10/5.25, addr 2
+ubt0: Interface 0 endpoints: interrupt=0x81, bulk-in=0x82, bulk-out=0x2
+ubt0: Interface 1 (alt.config 5) endpoints: isoc-in=0x83, isoc-out=0x3,
+ wMaxPacketSize=49, nframes=6, buffer size=294</screen>
+
+ <note>
+ <para>The Bluetooth stack has to be started manually on &os; 6.0, and
+ on &os; 5.X before 5.5. It is done automatically from &man.devd.8;
+ on &os; 5.5, 6.1 and newer.</para>
+
+ <para>Copy
+ <filename>/usr/share/examples/netgraph/bluetooth/rc.bluetooth</filename>
+ into some convenient place, like <filename>/etc/rc.bluetooth</filename>.
+ This script is used to start and stop the Bluetooth stack. It is a good
+ idea to stop the stack before unplugging the device, but it is not
+ (usually) fatal. When starting the stack, you will receive output similar
+ to the following:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.bluetooth start ubt0</userinput>
+BD_ADDR: 00:02:72:00:d4:1a
+Features: 0xff 0xff 0xf 00 00 00 00 00
+&lt;3-Slot&gt; &lt;5-Slot&gt; &lt;Encryption&gt; &lt;Slot offset&gt;
+&lt;Timing accuracy&gt; &lt;Switch&gt; &lt;Hold mode&gt; &lt;Sniff mode&gt;
+&lt;Park mode&gt; &lt;RSSI&gt; &lt;Channel quality&gt; &lt;SCO link&gt;
+&lt;HV2 packets&gt; &lt;HV3 packets&gt; &lt;u-law log&gt; &lt;A-law log&gt; &lt;CVSD&gt;
+&lt;Paging scheme&gt; &lt;Power control&gt; &lt;Transparent SCO data&gt;
+Max. ACL packet size: 192 bytes
+Number of ACL packets: 8
+Max. SCO packet size: 64 bytes
+Number of SCO packets: 8</screen>
+ </note>
+
+ </sect2>
+
+ <indexterm><primary>HCI</primary></indexterm>
+ <sect2>
+ <title>Host Controller Interface (HCI)</title>
+
+ <para>Host Controller Interface (HCI) provides a command interface to the
+ baseband controller and link manager, and access to hardware status and
+ control registers. This interface provides a uniform method of accessing
+ the Bluetooth baseband capabilities. HCI layer on the Host exchanges
+ data and commands with the HCI firmware on the Bluetooth hardware.
+ The Host Controller Transport Layer (i.e. physical bus) driver provides
+ both HCI layers with the ability to exchange information with each
+ other.</para>
+
+ <para>A single Netgraph node of type <emphasis>hci</emphasis> is
+ created for a single Bluetooth device. The HCI node is normally
+ connected to the Bluetooth device driver node (downstream) and
+ the L2CAP node (upstream). All HCI operations must be performed
+ on the HCI node and not on the device driver node. Default name
+ for the HCI node is <quote>devicehci</quote>.
+ For more details refer to the &man.ng.hci.4; manual page.</para>
+
+ <para>One of the most common tasks is discovery of Bluetooth devices in
+ RF proximity. This operation is called <emphasis>inquiry</emphasis>.
+ Inquiry and other HCI related operations are done with the
+ &man.hccontrol.8; utility. The example below shows how to find out
+ which Bluetooth devices are in range. You should receive the list of
+ devices in a few seconds. Note that a remote device will only answer
+ the inquiry if it put into <emphasis>discoverable</emphasis>
+ mode.</para>
+
+ <screen>&prompt.user; <userinput>hccontrol -n ubt0hci inquiry</userinput>
+Inquiry result, num_responses=1
+Inquiry result #0
+ BD_ADDR: 00:80:37:29:19:a4
+ Page Scan Rep. Mode: 0x1
+ Page Scan Period Mode: 00
+ Page Scan Mode: 00
+ Class: 52:02:04
+ Clock offset: 0x78ef
+Inquiry complete. Status: No error [00]</screen>
+
+ <para><literal>BD_ADDR</literal> is unique address of a Bluetooth
+ device, similar to MAC addresses of a network card. This address
+ is needed for further communication with a device. It is possible
+ to assign human readable name to a BD_ADDR.
+ The <filename>/etc/bluetooth/hosts</filename> file contains information
+ regarding the known Bluetooth hosts. The following example shows how
+ to obtain human readable name that was assigned to the remote
+ device:</para>
+
+ <screen>&prompt.user; <userinput>hccontrol -n ubt0hci remote_name_request 00:80:37:29:19:a4</userinput>
+BD_ADDR: 00:80:37:29:19:a4
+Name: Pav's T39</screen>
+
+ <para>If you perform an inquiry on a remote Bluetooth device, it will
+ find your computer as <quote>your.host.name (ubt0)</quote>. The name
+ assigned to the local device can be changed at any time.</para>
+
+ <para>The Bluetooth system provides a point-to-point connection (only two
+ Bluetooth units involved), or a point-to-multipoint connection. In the
+ point-to-multipoint connection the connection is shared among several
+ Bluetooth devices. The following example shows how to obtain the list
+ of active baseband connections for the local device:</para>
+
+ <screen>&prompt.user; <userinput>hccontrol -n ubt0hci read_connection_list</userinput>
+Remote BD_ADDR Handle Type Mode Role Encrypt Pending Queue State
+00:80:37:29:19:a4 41 ACL 0 MAST NONE 0 0 OPEN</screen>
+
+ <para>A <emphasis>connection handle</emphasis> is useful when termination
+ of the baseband connection is required. Note, that it is normally not
+ required to do it by hand. The stack will automatically terminate
+ inactive baseband connections.</para>
+
+ <screen>&prompt.root; <userinput>hccontrol -n ubt0hci disconnect 41</userinput>
+Connection handle: 41
+Reason: Connection terminated by local host [0x16]</screen>
+
+ <para>Refer to <command>hccontrol help</command> for a complete listing
+ of available HCI commands. Most of the HCI commands do not require
+ superuser privileges.</para>
+
+ </sect2>
+
+ <indexterm><primary>L2CAP</primary></indexterm>
+ <sect2>
+ <title>Logical Link Control and Adaptation Protocol (L2CAP)</title>
+
+ <para>Logical Link Control and Adaptation Protocol (L2CAP) provides
+ connection-oriented and connectionless data services to upper layer
+ protocols with protocol multiplexing capability and segmentation and
+ reassembly operation. L2CAP permits higher level protocols and
+ applications to transmit and receive L2CAP data packets up to 64
+ kilobytes in length.</para>
+
+ <para>L2CAP is based around the concept of <emphasis>channels</emphasis>.
+ Channel is a logical connection on top of baseband connection. Each
+ channel is bound to a single protocol in a many-to-one fashion. Multiple
+ channels can be bound to the same protocol, but a channel cannot be
+ bound to multiple protocols. Each L2CAP packet received on a channel is
+ directed to the appropriate higher level protocol. Multiple channels
+ can share the same baseband connection.</para>
+
+ <para>A single Netgraph node of type <emphasis>l2cap</emphasis> is
+ created for a single Bluetooth device. The L2CAP node is normally
+ connected to the Bluetooth HCI node (downstream) and Bluetooth sockets
+ nodes (upstream). Default name for the L2CAP node is
+ <quote>devicel2cap</quote>. For more details refer to the
+ &man.ng.l2cap.4; manual page.</para>
+
+ <para>A useful command is &man.l2ping.8;, which can be used to ping
+ other devices. Some Bluetooth implementations might not return all of
+ the data sent to them, so <literal>0 bytes</literal> in the following
+ example is normal.</para>
+
+ <screen>&prompt.root; <userinput>l2ping -a 00:80:37:29:19:a4</userinput>
+0 bytes from 0:80:37:29:19:a4 seq_no=0 time=48.633 ms result=0
+0 bytes from 0:80:37:29:19:a4 seq_no=1 time=37.551 ms result=0
+0 bytes from 0:80:37:29:19:a4 seq_no=2 time=28.324 ms result=0
+0 bytes from 0:80:37:29:19:a4 seq_no=3 time=46.150 ms result=0</screen>
+
+ <para>The &man.l2control.8; utility is used to perform various operations
+ on L2CAP nodes. This example shows how to obtain the list of logical
+ connections (channels) and the list of baseband connections for the
+ local device:</para>
+
+ <screen>&prompt.user; <userinput>l2control -a 00:02:72:00:d4:1a read_channel_list</userinput>
+L2CAP channels:
+Remote BD_ADDR SCID/ DCID PSM IMTU/ OMTU State
+00:07:e0:00:0b:ca 66/ 64 3 132/ 672 OPEN
+&prompt.user; <userinput>l2control -a 00:02:72:00:d4:1a read_connection_list</userinput>
+L2CAP connections:
+Remote BD_ADDR Handle Flags Pending State
+00:07:e0:00:0b:ca 41 O 0 OPEN</screen>
+
+ <para>Another diagnostic tool is &man.btsockstat.1;. It does a job
+ similar to as &man.netstat.1; does, but for Bluetooth network-related
+ data structures. The example below shows the same logical connection as
+ &man.l2control.8; above.</para>
+
+ <screen>&prompt.user; <userinput>btsockstat</userinput>
+Active L2CAP sockets
+PCB Recv-Q Send-Q Local address/PSM Foreign address CID State
+c2afe900 0 0 00:02:72:00:d4:1a/3 00:07:e0:00:0b:ca 66 OPEN
+Active RFCOMM sessions
+L2PCB PCB Flag MTU Out-Q DLCs State
+c2afe900 c2b53380 1 127 0 Yes OPEN
+Active RFCOMM sockets
+PCB Recv-Q Send-Q Local address Foreign address Chan DLCI State
+c2e8bc80 0 250 00:02:72:00:d4:1a 00:07:e0:00:0b:ca 3 6 OPEN</screen>
+
+ </sect2>
+
+ <indexterm><primary>RFCOMM</primary></indexterm>
+ <sect2>
+ <title>RFCOMM Protocol</title>
+
+ <para>The RFCOMM protocol provides emulation of serial ports over the
+ L2CAP protocol. The protocol is based on the ETSI standard TS 07.10.
+ RFCOMM is a simple transport protocol, with additional provisions for
+ emulating the 9 circuits of RS-232 (EIATIA-232-E) serial ports. The
+ RFCOMM protocol supports up to 60 simultaneous connections (RFCOMM
+ channels) between two Bluetooth devices.</para>
+
+ <para>For the purposes of RFCOMM, a complete communication path involves
+ two applications running on different devices (the communication
+ endpoints) with a communication segment between them. RFCOMM is intended
+ to cover applications that make use of the serial ports of the devices
+ in which they reside. The communication segment is a Bluetooth link from
+ one device to another (direct connect).</para>
+
+ <para>RFCOMM is only concerned with the connection between the devices in
+ the direct connect case, or between the device and a modem in the
+ network case. RFCOMM can support other configurations, such as modules
+ that communicate via Bluetooth wireless technology on one side and
+ provide a wired interface on the other side.</para>
+
+ <para>In &os; the RFCOMM protocol is implemented at the Bluetooth sockets
+ layer.</para>
+ </sect2>
+
+ <indexterm><primary>pairing</primary></indexterm>
+ <sect2>
+ <title>Pairing of Devices</title>
+
+ <para>By default, Bluetooth communication is not authenticated, and any
+ device can talk to any other device. A Bluetooth device (for example,
+ cellular phone) may choose to require authentication to provide a
+ particular service (for example, Dial-Up service). Bluetooth
+ authentication is normally done with <emphasis>PIN codes</emphasis>.
+ A PIN code is an ASCII string up to 16 characters in length. User is
+ required to enter the same PIN code on both devices. Once user has
+ entered the PIN code, both devices will generate a
+ <emphasis>link key</emphasis>. After that the link key can be stored
+ either in the devices themselves or in a persistent storage. Next time
+ both devices will use previously generated link key. The described
+ above procedure is called <emphasis>pairing</emphasis>. Note that if
+ the link key is lost by any device then pairing must be repeated.</para>
+
+ <para>The &man.hcsecd.8; daemon is responsible for handling of all
+ Bluetooth authentication requests. The default configuration file is
+ <filename>/etc/bluetooth/hcsecd.conf</filename>. An example section for
+ a cellular phone with the PIN code arbitrarily set to
+ <quote>1234</quote> is shown below:</para>
+
+ <programlisting>device {
+ bdaddr 00:80:37:29:19:a4;
+ name "Pav's T39";
+ key nokey;
+ pin "1234";
+ }</programlisting>
+
+ <para>There is no limitation on PIN codes (except length). Some devices
+ (for example Bluetooth headsets) may have a fixed PIN code built in.
+ The <option>-d</option> switch forces the &man.hcsecd.8; daemon to stay
+ in the foreground, so it is easy to see what is happening. Set the
+ remote device to receive pairing and initiate the Bluetooth connection
+ to the remote device. The remote device should say that pairing was
+ accepted, and request the PIN code. Enter the same PIN code as you
+ have in <filename>hcsecd.conf</filename>. Now your PC and the remote
+ device are paired. Alternatively, you can initiate pairing on the remote
+ device.</para>
+
+ <para>On &os; 5.5, 6.1 and newer, the following line can be added to the
+ <filename>/etc/rc.conf</filename> file to have
+ <application>hcsecd</application> started automatically on system
+ start:</para>
+
+ <programlisting>hcsecd_enable="YES"</programlisting>
+
+ <para>The following is a sample of the
+ <application>hcsecd</application> daemon output:</para>
+
+<programlisting>hcsecd[16484]: Got Link_Key_Request event from 'ubt0hci', remote bdaddr 0:80:37:29:19:a4
+hcsecd[16484]: Found matching entry, remote bdaddr 0:80:37:29:19:a4, name 'Pav's T39', link key doesn't exist
+hcsecd[16484]: Sending Link_Key_Negative_Reply to 'ubt0hci' for remote bdaddr 0:80:37:29:19:a4
+hcsecd[16484]: Got PIN_Code_Request event from 'ubt0hci', remote bdaddr 0:80:37:29:19:a4
+hcsecd[16484]: Found matching entry, remote bdaddr 0:80:37:29:19:a4, name 'Pav's T39', PIN code exists
+hcsecd[16484]: Sending PIN_Code_Reply to 'ubt0hci' for remote bdaddr 0:80:37:29:19:a4</programlisting>
+
+ </sect2>
+
+ <indexterm><primary>SDP</primary></indexterm>
+ <sect2>
+ <title>Service Discovery Protocol (SDP)</title>
+ <para>The Service Discovery Protocol (SDP) provides the means for client
+ applications to discover the existence of services provided by server
+ applications as well as the attributes of those services. The attributes
+ of a service include the type or class of service offered and the
+ mechanism or protocol information needed to utilize the service.</para>
+
+ <para>SDP involves communication between a SDP server and a SDP client.
+ The server maintains a list of service records that describe the
+ characteristics of services associated with the server. Each service
+ record contains information about a single service. A client may
+ retrieve information from a service record maintained by the SDP server
+ by issuing a SDP request. If the client, or an application associated
+ with the client, decides to use a service, it must open a separate
+ connection to the service provider in order to utilize the service.
+ SDP provides a mechanism for discovering services and their attributes,
+ but it does not provide a mechanism for utilizing those services.</para>
+
+ <para>Normally, a SDP client searches for services based on some desired
+ characteristics of the services. However, there are times when it is
+ desirable to discover which types of services are described by an SDP
+ server's service records without any a priori information about the
+ services. This process of looking for any offered services is called
+ <emphasis>browsing</emphasis>.</para>
+
+ <para>The Bluetooth SDP server &man.sdpd.8; and command line client
+ &man.sdpcontrol.8; are included in the standard &os; installation.
+ The following example shows how to perform a SDP browse query.</para>
+
+ <screen>&prompt.user; <userinput>sdpcontrol -a 00:01:03:fc:6e:ec browse</userinput>
+Record Handle: 00000000
+Service Class ID List:
+ Service Discovery Server (0x1000)
+Protocol Descriptor List:
+ L2CAP (0x0100)
+ Protocol specific parameter #1: u/int/uuid16 1
+ Protocol specific parameter #2: u/int/uuid16 1
+
+Record Handle: 0x00000001
+Service Class ID List:
+ Browse Group Descriptor (0x1001)
+
+Record Handle: 0x00000002
+Service Class ID List:
+ LAN Access Using PPP (0x1102)
+Protocol Descriptor List:
+ L2CAP (0x0100)
+ RFCOMM (0x0003)
+ Protocol specific parameter #1: u/int8/bool 1
+Bluetooth Profile Descriptor List:
+ LAN Access Using PPP (0x1102) ver. 1.0
+</screen>
+
+ <para>... and so on. Note that each service has a list of attributes
+ (RFCOMM channel for example). Depending on the service you might need to
+ make a note of some of the attributes. Some Bluetooth implementations do
+ not support service browsing and may return an empty list. In this case
+ it is possible to search for the specific service. The example below
+ shows how to search for the OBEX Object Push (OPUSH) service:</para>
+
+ <screen>&prompt.user; <userinput>sdpcontrol -a 00:01:03:fc:6e:ec search OPUSH</userinput></screen>
+
+ <para>Offering services on &os; to Bluetooth clients is done with the
+ &man.sdpd.8; server. On &os; 5.5, 6.1 and newer, the following line can
+ be added to the <filename>/etc/rc.conf</filename> file:</para>
+
+ <programlisting>sdpd_enable="YES"</programlisting>
+
+ <para>Then the <application>sdpd</application> daemon can be started with:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/sdpd start</userinput></screen>
+
+ <para>On &os; 6.0, and on &os; 5.X before 5.5,
+ <application>sdpd</application> is not integrated into the system
+ startup scripts. It has to be started manually with:</para>
+
+ <screen>&prompt.root; <userinput>sdpd</userinput></screen>
+
+ <para>The local server application that wants to provide Bluetooth
+ service to the remote clients will register service with the local
+ SDP daemon. The example of such application is &man.rfcomm.pppd.8;.
+ Once started it will register Bluetooth LAN service with the local
+ SDP daemon.</para>
+
+ <para>The list of services registered with the local SDP server can be
+ obtained by issuing SDP browse query via local control channel:</para>
+
+ <screen>&prompt.root; <userinput>sdpcontrol -l browse</userinput></screen>
+
+ </sect2>
+
+ <sect2>
+ <title>Dial-Up Networking (DUN) and Network Access with PPP (LAN)
+ Profiles</title>
+
+ <para>The Dial-Up Networking (DUN) profile is mostly used with modems
+ and cellular phones. The scenarios covered by this profile are the
+ following:</para>
+
+ <itemizedlist>
+ <listitem><para>use of a cellular phone or modem by a computer as
+ a wireless modem for connecting to a dial-up Internet access server,
+ or using other dial-up services;</para></listitem>
+
+ <listitem><para>use of a cellular phone or modem by a computer to
+ receive data calls.</para></listitem>
+ </itemizedlist>
+
+ <para>Network Access with PPP (LAN) profile can be used in the following
+ situations:</para>
+
+ <itemizedlist>
+ <listitem><para>LAN access for a single Bluetooth device;
+ </para></listitem>
+
+ <listitem><para>LAN access for multiple Bluetooth devices;
+ </para></listitem>
+
+ <listitem><para>PC to PC (using PPP networking over serial cable
+ emulation).</para></listitem>
+ </itemizedlist>
+
+ <para>In &os; both profiles are implemented with &man.ppp.8; and
+ &man.rfcomm.pppd.8; - a wrapper that converts RFCOMM Bluetooth
+ connection into something PPP can operate with. Before any profile
+ can be used, a new PPP label in the <filename>/etc/ppp/ppp.conf</filename>
+ must be created. Consult &man.rfcomm.pppd.8; manual page for examples.
+ </para>
+
+ <para>In the following example &man.rfcomm.pppd.8; will be used to open
+ RFCOMM connection to remote device with BD_ADDR 00:80:37:29:19:a4 on
+ DUN RFCOMM channel. The actual RFCOMM channel number will be obtained
+ from the remote device via SDP. It is possible to specify RFCOMM channel
+ by hand, and in this case &man.rfcomm.pppd.8; will not perform SDP
+ query. Use &man.sdpcontrol.8; to find out RFCOMM
+ channel on the remote device.</para>
+
+ <screen>&prompt.root; <userinput>rfcomm_pppd -a 00:80:37:29:19:a4 -c -C dun -l rfcomm-dialup</userinput></screen>
+
+ <para>In order to provide Network Access with PPP (LAN) service the
+ &man.sdpd.8; server must be running. A new entry for LAN clients must
+ be created in the <filename>/etc/ppp/ppp.conf</filename> file. Consult
+ &man.rfcomm.pppd.8; manual page for examples. Finally, start RFCOMM PPP
+ server on valid RFCOMM channel number. The RFCOMM PPP server will
+ automatically register Bluetooth LAN service with the local SDP daemon.
+ The example below shows how to start RFCOMM PPP server.</para>
+
+ <screen>&prompt.root; <userinput>rfcomm_pppd -s -C 7 -l rfcomm-server</userinput></screen>
+
+ </sect2>
+
+ <indexterm><primary>OBEX</primary></indexterm>
+ <sect2>
+ <title>OBEX Object Push (OPUSH) Profile</title>
+ <para>OBEX is a widely used protocol for simple file transfers between
+ mobile devices. Its main use is in infrared communication, where it is
+ used for generic file transfers between notebooks or PDAs,
+ and for sending business cards or calendar entries between cellular
+ phones and other devices with PIM applications.</para>
+
+ <para>The OBEX server and client are implemented as a third-party package
+ <application>obexapp</application>, which is available as
+ <filename role="package">comms/obexapp</filename> port.</para>
+
+ <para>OBEX client is used to push and/or pull objects from the OBEX server.
+ An object can, for example, be a business card or an appointment.
+ The OBEX client can obtain RFCOMM channel number from the remote device
+ via SDP. This can be done by specifying service name instead of RFCOMM
+ channel number. Supported service names are: IrMC, FTRN and OPUSH.
+ It is possible to specify RFCOMM channel as a number. Below is an
+ example of an OBEX session, where device information object is pulled
+ from the cellular phone, and a new object (business card) is pushed
+ into the phone's directory.</para>
+
+ <screen>&prompt.user; <userinput>obexapp -a 00:80:37:29:19:a4 -C IrMC</userinput>
+obex&gt; get telecom/devinfo.txt devinfo-t39.txt
+Success, response: OK, Success (0x20)
+obex&gt; put new.vcf
+Success, response: OK, Success (0x20)
+obex&gt; di
+Success, response: OK, Success (0x20)</screen>
+
+ <para>In order to provide OBEX Object Push service,
+ &man.sdpd.8; server must be running. A root folder, where all incoming
+ objects will be stored, must be created. The default path to the root
+ folder is <filename>/var/spool/obex</filename>. Finally, start OBEX
+ server on valid RFCOMM channel number. The OBEX server will
+ automatically register OBEX Object Push service with the local SDP
+ daemon. The example below shows how to start OBEX server.</para>
+
+ <screen>&prompt.root; <userinput>obexapp -s -C 10</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Serial Port Profile (SPP)</title>
+ <para>The Serial Port Profile (SPP) allows Bluetooth devices to perform
+ RS232 (or similar) serial cable emulation. The scenario covered by this
+ profile deals with legacy applications using Bluetooth as a cable
+ replacement, through a virtual serial port abstraction.</para>
+
+ <para>The &man.rfcomm.sppd.1; utility implements the Serial Port profile.
+ A pseudo tty is used as a virtual serial port abstraction. The example
+ below shows how to connect to a remote device Serial Port service.
+ Note that you do not have to specify a RFCOMM channel -
+ &man.rfcomm.sppd.1; can obtain it from the remote device via SDP.
+ If you would like to override this, specify a RFCOMM channel on the
+ command line.</para>
+
+ <screen>&prompt.root; <userinput>rfcomm_sppd -a 00:07:E0:00:0B:CA -t /dev/ttyp6</userinput>
+rfcomm_sppd[94692]: Starting on /dev/ttyp6...</screen>
+
+ <para>Once connected, the pseudo tty can be used as serial port:</para>
+
+ <screen>&prompt.root; <userinput>cu -l ttyp6</userinput></screen>
+
+ </sect2>
+
+ <sect2>
+ <title>Troubleshooting</title>
+
+ <sect3>
+ <title>A remote device cannot connect</title>
+ <para>Some older Bluetooth devices do not support role switching.
+ By default, when &os; is accepting a new connection, it tries to
+ perform a role switch and become master. Devices, which do not
+ support this will not be able to connect. Note that role switching is
+ performed when a new connection is being established, so it is not
+ possible to ask the remote device if it does support role switching.
+ There is a HCI option to disable role switching on the local
+ side:</para>
+
+ <screen>&prompt.root; <userinput>hccontrol -n ubt0hci write_node_role_switch 0</userinput></screen>
+
+ </sect3>
+
+ <sect3>
+ <title>Something is going wrong, can I see what exactly is happening?</title>
+ <para>Yes, you can. Use the third-party package
+ <application>hcidump</application>, which is available as
+ <filename role="package">comms/hcidump</filename> port.
+ The <application>hcidump</application> utility is similar to
+ &man.tcpdump.1;. It can be used to display the content of the Bluetooth
+ packets on the terminal and to dump the Bluetooth packets to a
+ file.</para>
+ </sect3>
+
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="network-bridging">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Steve</firstname>
+ <surname>Peterson</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Bridging</title>
+
+ <sect2>
+ <title>Introduction</title>
+ <indexterm><primary>IP subnet</primary></indexterm>
+ <indexterm><primary>bridge</primary></indexterm>
+ <para>It is sometimes useful to divide one physical network
+ (such as an Ethernet segment) into two separate network
+ segments without having to create IP subnets and use a router
+ to connect the segments together. A device that connects two
+ networks together in this fashion is called a
+ <quote>bridge</quote>. A FreeBSD system with two network
+ interface cards can act as a bridge.</para>
+
+ <para>The bridge works by learning the MAC layer addresses
+ (Ethernet addresses) of the devices on each of its network interfaces.
+ It forwards traffic between two networks only when its source and
+ destination are on different networks.</para>
+
+ <para>In many respects, a bridge is like an Ethernet switch with very
+ few ports.</para>
+ </sect2>
+
+ <sect2>
+ <title>Situations Where Bridging Is Appropriate</title>
+
+ <para>There are two common situations in which a bridge is used
+ today.</para>
+
+ <sect3>
+ <title>High Traffic on a Segment</title>
+
+ <para>Situation one is where your physical network segment is
+ overloaded with traffic, but you do not want for whatever reason to
+ subnet the network and interconnect the subnets with a
+ router.</para>
+
+ <para>Let us consider an example of a newspaper where the Editorial and
+ Production departments are on the same subnetwork. The Editorial
+ users all use server <hostid>A</hostid> for file service, and the Production users
+ are on server <hostid>B</hostid>. An Ethernet network is used to connect all users together,
+ and high loads on the network are slowing things down.</para>
+
+ <para>If the Editorial users could be segregated on one
+ network segment and the Production users on another, the two
+ network segments could be connected with a bridge. Only the
+ network traffic destined for interfaces on the
+ <quote>other</quote> side of the bridge would be sent to the
+ other network, reducing congestion on each network
+ segment.</para>
+ </sect3>
+
+ <sect3>
+ <title>Filtering/Traffic Shaping Firewall</title>
+ <indexterm><primary>firewall</primary></indexterm>
+ <indexterm><primary>NAT</primary></indexterm>
+
+ <para>The second common situation is where firewall functionality is
+ needed without network address translation (NAT).</para>
+
+ <para>An example is a small company that is connected via DSL
+ or ISDN to their ISP. They have a 13 globally-accessible IP
+ addresses from their ISP and have 10 PCs on their network.
+ In this situation, using a router-based firewall is
+ difficult because of subnetting issues.</para>
+
+ <indexterm><primary>router</primary></indexterm>
+ <indexterm><primary>DSL</primary></indexterm>
+ <indexterm><primary>ISDN</primary></indexterm>
+ <para>A bridge-based firewall can be configured and dropped into the
+ path just downstream of their DSL/ISDN router without any IP
+ numbering issues.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Configuring a Bridge</title>
+
+ <sect3>
+ <title>Network Interface Card Selection</title>
+
+ <para>A bridge requires at least two network cards to function.
+ Unfortunately, not all network interface cards as of FreeBSD&nbsp;4.0
+ support bridging. Read &man.bridge.4; for details on the cards that
+ are supported.</para>
+
+ <para>Install and test the two network cards before continuing.</para>
+ </sect3>
+
+ <sect3>
+ <title>Kernel Configuration Changes</title>
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>BRIDGE</secondary>
+ </indexterm>
+
+ <para>To enable kernel support for bridging, add the:</para>
+
+ <programlisting>options BRIDGE</programlisting>
+
+ <para>statement to your kernel configuration file, and rebuild your
+ kernel.</para>
+ </sect3>
+
+ <sect3>
+ <title>Firewall Support</title>
+ <indexterm><primary>firewall</primary></indexterm>
+ <para>If you are planning to use the bridge as a firewall, you
+ will need to add the <literal>IPFIREWALL</literal> option as
+ well. Read <xref linkend="firewalls"> for general
+ information on configuring the bridge as a firewall.</para>
+
+ <para>If you need to allow non-IP packets (such as ARP) to flow
+ through the bridge, there is a firewall option that
+ must be set. This option is
+ <literal>IPFIREWALL_DEFAULT_TO_ACCEPT</literal>. Note that this
+ changes the default rule for the firewall to accept any packet.
+ Make sure you know how this changes the meaning of your ruleset
+ before you set it.</para>
+ </sect3>
+
+ <sect3>
+ <title>Traffic Shaping Support</title>
+
+ <para>If you want to use the bridge as a traffic shaper, you will need
+ to add the <literal>DUMMYNET</literal> option to your kernel
+ configuration. Read &man.dummynet.4; for further
+ information.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Enabling the Bridge</title>
+
+ <para>Add the line:</para>
+
+ <programlisting>net.link.ether.bridge.enable=1</programlisting>
+
+ <para>to <filename>/etc/sysctl.conf</filename> to enable the bridge at
+ runtime, and the line:</para>
+
+ <programlisting>net.link.ether.bridge.config=<replaceable>if1</replaceable>,<replaceable>if2</replaceable></programlisting>
+
+ <para>to enable bridging on the specified interfaces (replace
+ <replaceable>if1</replaceable> and
+ <replaceable>if2</replaceable> with the names of your two
+ network interfaces). If you want the bridged packets to be
+ filtered by &man.ipfw.8;, you should add:</para>
+
+ <programlisting>net.link.ether.bridge.ipfw=1</programlisting>
+
+ <para>as well.</para>
+
+ <para>For versions prior to &os;&nbsp;5.2-RELEASE, use instead the following
+ lines:</para>
+
+ <programlisting>net.link.ether.bridge=1
+net.link.ether.bridge_cfg=<replaceable>if1</replaceable>,<replaceable>if2</replaceable>
+net.link.ether.bridge_ipfw=1</programlisting>
+
+ </sect2>
+
+ <sect2>
+ <title>Other Information</title>
+
+ <para>If you want to be able to &man.ssh.1; into the bridge from the network,
+ it is correct to assign one of the network cards an IP address. The
+ consensus is that assigning both cards an address is a bad
+ idea.</para>
+
+ <para>If you have multiple bridges on your network, there cannot be more
+ than one path between any two workstations. Technically, this means
+ that there is no support for spanning tree link management.</para>
+
+ <para>A bridge can add latency to your &man.ping.8; times, especially for
+ traffic from one segment to another.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-diskless">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Jean-Fran&ccedil;ois</firstname>
+ <surname>Dock&egrave;s</surname>
+ <contrib>Updated by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Alex</firstname>
+ <surname>Dupre</surname>
+ <contrib>Reorganized and enhanced by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Diskless Operation</title>
+
+ <indexterm><primary>diskless workstation</primary></indexterm>
+ <indexterm><primary>diskless operation</primary></indexterm>
+
+ <para>A FreeBSD machine can boot over the network and operate without a
+ local disk, using file systems mounted from an <acronym>NFS</acronym> server. No system
+ modification is necessary, beyond standard configuration files.
+ Such a system is relatively easy to set up because all the necessary elements
+ are readily available:</para>
+ <itemizedlist>
+ <listitem>
+ <para>There are at least two possible methods to load the kernel over
+ the network:</para>
+ <itemizedlist>
+ <listitem>
+ <para><acronym>PXE</acronym>: The &intel; Preboot eXecution
+ Environment system is a form of smart boot ROM built into some
+ networking cards or motherboards. See &man.pxeboot.8; for more
+ details.</para>
+ </listitem>
+ <listitem>
+ <para>The <application>Etherboot</application>
+ port (<filename
+ role="package">net/etherboot</filename>) produces
+ ROM-able code to boot kernels over the network. The
+ code can be either burnt into a boot PROM on a network
+ card, or loaded from a local floppy (or hard) disk
+ drive, or from a running &ms-dos; system. Many network
+ cards are supported.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>A sample script
+ (<filename>/usr/share/examples/diskless/clone_root</filename>) eases
+ the creation and maintenance of the workstation's root file system
+ on the server. The script will probably require a little
+ customization but it will get you started very quickly.</para>
+ </listitem>
+
+ <listitem>
+ <para>Standard system startup files exist in <filename>/etc</filename>
+ to detect and support a diskless system startup.</para>
+ </listitem>
+
+ <listitem>
+ <para>Swapping, if needed, can be done either to an <acronym>NFS</acronym> file or to
+ a local disk.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>There are many ways to set up diskless workstations. Many
+ elements are involved, and most can be customized to suit local
+ taste. The following will describe variations on the setup of a complete system,
+ emphasizing simplicity and compatibility with the
+ standard FreeBSD startup scripts. The system described has the
+ following characteristics:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The diskless workstations use a shared
+ read-only <filename>/</filename> file system, and a shared
+ read-only <filename>/usr</filename>.</para>
+ <para>The root file system is a copy of a
+ standard FreeBSD root (typically the server's), with some
+ configuration files overridden by ones specific to diskless
+ operation or, possibly, to the workstation they belong to.</para>
+ <para>The parts of the root which have to be
+ writable are overlaid with &man.mfs.8; (&os;&nbsp;4.X) or &man.md.4; (&os;&nbsp;5.X) file systems. Any changes
+ will be lost when the system reboots.</para>
+ </listitem>
+ <listitem>
+ <para>The kernel is transferred and loaded either with
+ <application>Etherboot</application> or <acronym>PXE</acronym>
+ as some situations may mandate the use of either method.</para>
+ </listitem>
+ </itemizedlist>
+
+ <caution><para>As described, this system is insecure. It should
+ live in a protected area of a network, and be untrusted by
+ other hosts.</para>
+ </caution>
+
+ <para>All the information in this section has been tested
+ using &os; releases 4.9-RELEASE and 5.2.1-RELEASE. The text is
+ primarily structured for 4.X usage. Notes have been inserted where
+ appropriate to indicate 5.X changes.</para>
+
+ <sect2>
+ <title>Background Information</title>
+
+ <para>Setting up diskless workstations is both relatively
+ straightforward and prone to errors. These are sometimes
+ difficult to diagnose for a number of reasons. For example:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Compile time options may determine different behaviors at
+ runtime.</para>
+ </listitem>
+
+ <listitem>
+ <para>Error messages are often cryptic or totally absent.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>In this context, having some knowledge of the background
+ mechanisms involved is very useful to solve the problems that
+ may arise.</para>
+
+ <para>Several operations need to be performed for a successful
+ bootstrap:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The machine needs to obtain initial parameters such as its IP
+ address, executable filename, server name, root path. This is
+ done using the <acronym>DHCP</acronym> or BOOTP protocols.
+ <acronym>DHCP</acronym> is a compatible extension of BOOTP, and
+ uses the same port numbers and basic packet format.</para>
+
+ <para>It is possible to configure a system to use only BOOTP.
+ The &man.bootpd.8; server program is included in the base &os;
+ system.</para>
+
+ <para>However, <acronym>DHCP</acronym> has a number of advantages
+ over BOOTP (nicer configuration files, possibility of using
+ <acronym>PXE</acronym>, plus many others not directly related to
+ diskless operation), and we will describe mainly a
+ <acronym>DHCP</acronym> configuration, with equivalent examples
+ using &man.bootpd.8; when possible. The sample configuration will
+ use the <application>ISC DHCP</application> software package
+ (release 3.0.1.r12 was installed on the test server).</para>
+ </listitem>
+
+ <listitem>
+ <para>The machine needs to transfer one or several programs to local
+ memory. Either <acronym>TFTP</acronym> or <acronym>NFS</acronym>
+ are used. The choice between <acronym>TFTP</acronym> and
+ <acronym>NFS</acronym> is a compile time option in several places.
+ A common source of error is to specify filenames for the wrong
+ protocol: <acronym>TFTP</acronym> typically transfers all files from
+ a single directory on the server, and would expect filenames
+ relative to this directory. <acronym>NFS</acronym> needs absolute
+ file paths.</para>
+ </listitem>
+
+ <listitem>
+ <para>The possible intermediate bootstrap programs and the kernel
+ need to be initialized and executed. There are several important
+ variations in this area:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><acronym>PXE</acronym> will load &man.pxeboot.8;, which is
+ a modified version of the &os; third stage loader. The
+ &man.loader.8; will obtain most parameters necessary to system
+ startup, and leave them in the kernel environment before
+ transferring control. It is possible to use a
+ <filename>GENERIC</filename> kernel in this case.</para>
+ </listitem>
+
+ <listitem>
+ <para><application>Etherboot</application>, will directly
+ load the kernel, with less preparation. You will need to
+ build a kernel with specific options.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><acronym>PXE</acronym> and <application>Etherboot</application>
+ work equally well with 4.X systems. Because 5.X kernels
+ normally let the &man.loader.8; do more work for them,
+ <acronym>PXE</acronym> is preferred for 5.X systems.</para>
+
+ <para>If your <acronym>BIOS</acronym> and network cards support
+ <acronym>PXE</acronym>, you should probably use it. However,
+ it is still possible to start a 5.X system with
+ <application>Etherboot</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Finally, the machine needs to access its file systems.
+ <acronym>NFS</acronym> is used in all cases.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>See also &man.diskless.8; manual page.</para>
+ </sect2>
+
+ <sect2>
+ <title>Setup Instructions</title>
+
+ <sect3>
+ <title>Configuration Using <application>ISC DHCP</application></title>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>diskless operation</secondary>
+ </indexterm>
+
+ <para>The <application>ISC DHCP</application> server can answer
+ both BOOTP and <acronym>DHCP</acronym> requests.</para>
+
+ <para>As of release 4.9, <application>ISC DHCP
+ 3.0</application> is not part of the base
+ system. You will first need to install the
+ <filename role="package">net/isc-dhcp3-server</filename> port or the
+ corresponding package.</para>
+
+ <para>Once <application>ISC DHCP</application> is installed, it
+ needs a configuration file to run, (normally named
+ <filename>/usr/local/etc/dhcpd.conf</filename>). Here follows
+ a commented example, where host <hostid>margaux</hostid>
+ uses <application>Etherboot</application> and host
+ <hostid>corbieres</hostid> uses <acronym>PXE</acronym>:</para>
+
+ <programlisting>
+default-lease-time 600;
+max-lease-time 7200;
+authoritative;
+
+option domain-name "example.com";
+option domain-name-servers 192.168.4.1;
+option routers 192.168.4.1;
+
+subnet 192.168.4.0 netmask 255.255.255.0 {
+ use-host-decl-names on; <co id="co-dhcp-host-name">
+ option subnet-mask 255.255.255.0;
+ option broadcast-address 192.168.4.255;
+
+ host margaux {
+ hardware ethernet 01:23:45:67:89:ab;
+ fixed-address margaux.example.com;
+ next-server 192.168.4.4; <co id="co-dhcp-next-server">
+ filename "/data/misc/kernel.diskless"; <co id="co-dhcp-filename">
+ option root-path "192.168.4.4:/data/misc/diskless"; <co id="co-dhcp-root-path">
+ }
+ host corbieres {
+ hardware ethernet 00:02:b3:27:62:df;
+ fixed-address corbieres.example.com;
+ next-server 192.168.4.4;
+ filename "pxeboot";
+ option root-path "192.168.4.4:/data/misc/diskless";
+ }
+}
+ </programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-dhcp-host-name"><para>This option tells
+ <application>dhcpd</application> to send the value in the
+ <literal>host</literal> declarations as the hostname for the
+ diskless host. An alternate way would be to add an
+ <literal>option host-name
+ <replaceable>margaux</replaceable></literal> inside the
+ <literal>host</literal> declarations.</para>
+ </callout>
+
+ <callout arearefs="co-dhcp-next-server"><para>The
+ <literal>next-server</literal> directive designates
+ the <acronym>TFTP</acronym> or <acronym>NFS</acronym> server to
+ use for loading loader or kernel file (the default is to use
+ the same host as the
+ <acronym>DHCP</acronym> server).</para>
+ </callout>
+
+ <callout arearefs="co-dhcp-filename"><para>The
+ <literal>filename</literal> directive defines the file that
+ <application>Etherboot</application> or <acronym>PXE</acronym>
+ will load for the next execution step. It must be specified
+ according to the transfer method used.
+ <application>Etherboot</application> can be compiled to use
+ <acronym>NFS</acronym> or <acronym>TFTP</acronym>. The &os;
+ port configures <acronym>NFS</acronym> by default.
+ <acronym>PXE</acronym> uses <acronym>TFTP</acronym>, which is
+ why a relative filename is used here (this may depend on the
+ <acronym>TFTP</acronym> server configuration, but would be
+ fairly typical). Also, <acronym>PXE</acronym> loads
+ <filename>pxeboot</filename>, not the kernel. There are other
+ interesting possibilities, like loading
+ <filename>pxeboot</filename> from a &os; CD-ROM
+ <filename role="directory">/boot</filename> directory (as
+ &man.pxeboot.8; can load a <filename>GENERIC</filename> kernel,
+ this makes it possible to use <acronym>PXE</acronym> to boot
+ from a remote CD-ROM).</para>
+ </callout>
+
+ <callout arearefs="co-dhcp-root-path"><para>The
+ <literal>root-path</literal> option defines the path to
+ the root file system, in usual <acronym>NFS</acronym> notation.
+ When using <acronym>PXE</acronym>, it is possible to leave off
+ the host's IP as long as you do not enable the kernel option
+ BOOTP. The <acronym>NFS</acronym> server will then be
+ the same as the <acronym>TFTP</acronym> one.</para>
+ </callout>
+ </calloutlist>
+
+ </sect3>
+ <sect3>
+ <title>Configuration Using BOOTP</title>
+ <indexterm>
+ <primary>BOOTP</primary>
+ <secondary>diskless operation</secondary>
+ </indexterm>
+
+ <para>Here follows an equivalent <application>bootpd</application>
+ configuration (reduced to one client). This would be found in
+ <filename>/etc/bootptab</filename>.</para>
+
+ <para>Please note that <application>Etherboot</application>
+ must be compiled with the non-default option
+ <literal>NO_DHCP_SUPPORT</literal> in order to use BOOTP,
+ and that <acronym>PXE</acronym> <emphasis>needs</emphasis> <acronym>DHCP</acronym>. The only
+ obvious advantage of <application>bootpd</application> is
+ that it exists in the base system.</para>
+
+ <programlisting>
+.def100:\
+ :hn:ht=1:sa=192.168.4.4:vm=rfc1048:\
+ :sm=255.255.255.0:\
+ :ds=192.168.4.1:\
+ :gw=192.168.4.1:\
+ :hd="/tftpboot":\
+ :bf="/kernel.diskless":\
+ :rp="192.168.4.4:/data/misc/diskless":
+
+margaux:ha=0123456789ab:tc=.def100
+ </programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Preparing a Boot Program with
+ <application>Etherboot</application></title>
+
+ <indexterm>
+ <primary>Etherboot</primary>
+ </indexterm>
+
+ <para><ulink url="http://etherboot.sourceforge.net">Etherboot's Web
+ site</ulink> contains
+ <ulink url="http://etherboot.sourceforge.net/doc/html/userman/t1.html">
+ extensive documentation</ulink> mainly intended for Linux
+ systems, but nonetheless containing useful information. The
+ following will just outline how you would use
+ <application>Etherboot</application> on a FreeBSD
+ system.</para>
+
+ <para>You must first install the <filename
+ role="package">net/etherboot</filename> package or port.</para>
+
+ <para>You can change the <application>Etherboot</application>
+ configuration (i.e. to use <acronym>TFTP</acronym> instead of
+ <acronym>NFS</acronym>) by editing the <filename>Config</filename>
+ file in the <application>Etherboot</application> source
+ directory.</para>
+
+ <para>For our setup, we shall use a boot floppy. For other methods
+ (PROM, or &ms-dos; program), please refer to the
+ <application>Etherboot</application> documentation.</para>
+
+ <para>To make a boot floppy, insert a floppy in the drive on the
+ machine where you installed <application>Etherboot</application>,
+ then change your current directory to the <filename>src</filename>
+ directory in the <application>Etherboot</application> tree and
+ type:</para>
+
+ <screen>
+&prompt.root; <userinput>gmake bin32/<replaceable>devicetype</replaceable>.fd0</userinput>
+ </screen>
+
+ <para><replaceable>devicetype</replaceable> depends on the type of
+ the Ethernet card in the diskless workstation. Refer to the
+ <filename>NIC</filename> file in the same directory to determine the
+ right <replaceable>devicetype</replaceable>.</para>
+
+ </sect3>
+
+ <sect3>
+ <title>Booting with <acronym>PXE</acronym></title>
+
+ <para>By default, the &man.pxeboot.8; loader loads the kernel via
+ <acronym>NFS</acronym>. It can be compiled to use
+ <acronym>TFTP</acronym> instead by specifying the
+ <literal>LOADER_TFTP_SUPPORT</literal> option in
+ <filename>/etc/make.conf</filename>. See the comments in
+ <filename>/etc/defaults/make.conf</filename> (or
+ <filename>/usr/share/examples/etc/make.conf</filename> for 5.X
+ systems) for instructions.</para>
+
+ <para>There are two other undocumented <filename>make.conf</filename>
+ options which may be useful for setting up a serial console diskless
+ machine: <literal>BOOT_PXELDR_PROBE_KEYBOARD</literal>, and
+ <literal>BOOT_PXELDR_ALWAYS_SERIAL</literal> (the latter only exists
+ on &os;&nbsp;5.X).</para>
+
+ <para>To use <acronym>PXE</acronym> when the machine starts, you will
+ usually need to select the <literal>Boot from network</literal>
+ option in your <acronym>BIOS</acronym> setup, or type a function key
+ during the PC initialization.</para>
+ </sect3>
+
+ <sect3>
+ <title>Configuring the <acronym>TFTP</acronym> and <acronym>NFS</acronym> Servers</title>
+
+ <indexterm>
+ <primary>TFTP</primary>
+ <secondary>diskless operation</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>NFS</primary>
+ <secondary>diskless operation</secondary>
+ </indexterm>
+
+ <para>If you are using <acronym>PXE</acronym> or
+ <application>Etherboot</application> configured to use
+ <acronym>TFTP</acronym>, you need to enable
+ <application>tftpd</application> on the file server:</para>
+ <procedure>
+ <step>
+ <para>Create a directory from which <application>tftpd</application>
+ will serve the files, e.g. <filename>/tftpboot</filename>.</para>
+ </step>
+
+ <step>
+ <para>Add this line to your
+ <filename>/etc/inetd.conf</filename>:</para>
+
+ <programlisting>tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot</programlisting>
+
+ <note><para>It appears that at least some <acronym>PXE</acronym> versions want
+ the <acronym>TCP</acronym> version of <acronym>TFTP</acronym>. In this case, add a second line,
+ replacing <literal>dgram udp</literal> with <literal>stream
+ tcp</literal>.</para>
+ </note>
+ </step>
+ <step>
+ <para>Tell <application>inetd</application> to reread its configuration
+ file:</para>
+ <screen>&prompt.root; <userinput>kill -HUP `cat /var/run/inetd.pid`</userinput></screen>
+ </step>
+ </procedure>
+
+ <para>You can place the <filename>tftpboot</filename>
+ directory anywhere on the server. Make sure that the
+ location is set in both <filename>inetd.conf</filename> and
+ <filename>dhcpd.conf</filename>.</para>
+
+ <para>In all cases, you also need to enable <acronym>NFS</acronym> and export the
+ appropriate file system on the <acronym>NFS</acronym> server.</para>
+
+ <procedure>
+ <step>
+ <para>Add this to <filename>/etc/rc.conf</filename>:</para>
+ <programlisting>nfs_server_enable="YES"</programlisting>
+ </step>
+
+ <step>
+ <para>Export the file system where the diskless root directory
+ is located by adding the following to
+ <filename>/etc/exports</filename> (adjust the volume mount
+ point and replace <replaceable>margaux corbieres</replaceable>
+ with the names of the diskless workstations):</para>
+
+ <programlisting><replaceable>/data/misc</replaceable> -alldirs -ro <replaceable>margaux corbieres</replaceable></programlisting>
+ </step>
+ <step>
+ <para>Tell <application>mountd</application> to reread its configuration
+ file. If you actually needed to enable <acronym>NFS</acronym> in
+ <filename>/etc/rc.conf</filename>
+ at the first step, you probably want to reboot instead.</para>
+ <screen>&prompt.root; <userinput>kill -HUP `cat /var/run/mountd.pid`</userinput></screen>
+ </step>
+ </procedure>
+
+ </sect3>
+
+ <sect3>
+ <title>Building a Diskless Kernel</title>
+
+ <indexterm>
+ <primary>diskless operation</primary>
+ <secondary>kernel configuration</secondary>
+ </indexterm>
+
+ <para>If using <application>Etherboot</application>, you need to
+ create a kernel configuration file for the diskless client
+ with the following options (in addition to the usual ones):</para>
+
+ <programlisting>
+options BOOTP # Use BOOTP to obtain IP address/hostname
+options BOOTP_NFSROOT # NFS mount root file system using BOOTP info
+ </programlisting>
+
+ <para>You may also want to use <literal>BOOTP_NFSV3</literal>,
+ <literal>BOOT_COMPAT</literal> and <literal>BOOTP_WIRED_TO</literal>
+ (refer to <filename>LINT</filename> in 4.X or
+ <filename>NOTES</filename> on 5.X).</para>
+
+ <para>These option names are historical and slightly misleading as
+ they actually enable indifferent use of <acronym>DHCP</acronym> and
+ BOOTP inside the kernel (it is also possible to force strict BOOTP
+ or <acronym>DHCP</acronym> use).</para>
+
+ <para>Build the kernel (see <xref linkend="kernelconfig">),
+ and copy it to the place specified
+ in <filename>dhcpd.conf</filename>.</para>
+
+ <note>
+ <para>When using <acronym>PXE</acronym>, building a kernel with the
+ above options is not strictly necessary (though suggested).
+ Enabling them will cause more <acronym>DHCP</acronym> requests to be
+ issued during kernel startup, with a small risk of inconsistency
+ between the new values and those retrieved by &man.pxeboot.8; in some
+ special cases. The advantage of using them is that the host name
+ will be set as a side effect. Otherwise you will need to set the
+ host name by another method, for example in a client-specific
+ <filename>rc.conf</filename> file.</para>
+ </note>
+
+ <note>
+ <para>In order to be loadable with
+ <application>Etherboot</application>, a 5.X kernel needs to have
+ the device hints compiled in. You would typically set the
+ following option in the configuration file (see the
+ <filename>NOTES</filename> configuration comments file):</para>
+
+ <programlisting>hints "GENERIC.hints"</programlisting>
+ </note>
+
+ </sect3>
+
+ <sect3>
+ <title>Preparing the Root Filesystem</title>
+
+ <indexterm>
+ <primary>root file system</primary>
+ <secondary>diskless operation</secondary>
+ </indexterm>
+
+ <para>You need to create a root file system for the diskless
+ workstations, in the location listed as
+ <literal>root-path</literal> in
+ <filename>dhcpd.conf</filename>. The following sections describe
+ two ways to do it.</para>
+
+ <sect4>
+ <title>Using the <filename>clone_root</filename> Script</title>
+
+ <para>This is the quickest way to create a root file system, but
+ currently it is only supported on &os;&nbsp;4.X. This shell script
+ is located at
+ <filename>/usr/share/examples/diskless/clone_root</filename>
+ and needs customization, at least to adjust
+ the place where the file system will be created (the
+ <literal>DEST</literal> variable).</para>
+
+ <para>Refer to the comments at the top of the script for
+ instructions. They explain how the base file system is built,
+ and how files may be selectively overridden by versions specific
+ to diskless operation, to a subnetwork, or to an individual
+ workstation. They also give examples for the diskless
+ <filename>/etc/fstab</filename> and <filename>
+ /etc/rc.conf</filename> files.</para>
+
+ <para>The <filename>README</filename> files in
+ <filename>/usr/share/examples/diskless</filename> contain a lot
+ of interesting background information, but, together with the
+ other examples in the <filename>diskless</filename> directory,
+ they actually document a configuration method which is distinct
+ from the one used by <filename>clone_root</filename> and
+ the system startup scripts in
+ <filename role="directory">/etc</filename>, which is a little
+ confusing. Use them for reference only, except if you prefer
+ the method that they describe, in which case you will need
+ customized <filename>rc</filename> scripts.</para>
+ </sect4>
+
+ <sect4>
+ <title>Using the Standard <command>make world</command>
+ Procedure</title>
+
+ <para>This method can be applied to either &os;&nbsp;4.X or 5.X and
+ will install a complete virgin system (not only the root file system)
+ into <envar>DESTDIR</envar>.
+ All you have to do is simply execute the following script:</para>
+
+ <programlisting>#!/bin/sh
+export DESTDIR=/data/misc/diskless
+mkdir -p ${DESTDIR}
+cd /usr/src; make world && make kernel
+cd /usr/src/etc; make distribution</programlisting>
+
+ <para>Once done, you may need to customize your
+ <filename>/etc/rc.conf</filename> and
+ <filename>/etc/fstab</filename> placed into
+ <envar>DESTDIR</envar> according to your needs.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Configuring Swap</title>
+
+ <para>If needed, a swap file located on the server can be
+ accessed via <acronym>NFS</acronym>. One of the methods commonly
+ used to do this has been discontinued in release 5.X.</para>
+
+ <sect4>
+ <title><acronym>NFS</acronym> Swap with &os;&nbsp;4.X</title>
+
+ <para>The swap file location and size can be specified with
+ BOOTP/<acronym>DHCP</acronym> &os;-specific options 128 and 129.
+ Examples of configuration files for
+ <application>ISC DHCP 3.0</application> or
+ <application>bootpd</application> follow:</para>
+
+ <procedure>
+ <step><para>Add the following lines to
+ <filename>dhcpd.conf</filename>:</para>
+ <programlisting>
+# Global section
+option swap-path code 128 = string;
+option swap-size code 129 = integer 32;
+
+host margaux {
+ ... # Standard lines, see above
+ option swap-path <replaceable>"192.168.4.4:/netswapvolume/netswap"</replaceable>;
+ option swap-size <replaceable>64000</replaceable>;
+}
+ </programlisting>
+
+ <para><literal>swap-path</literal> is the path to a directory
+ where swap files will be located. Each file will be named
+ <filename>swap.<replaceable>client-ip</replaceable></filename>.</para>
+
+ <para>Older versions of <application>dhcpd</application> used a syntax of
+ <literal>option option-128 "...</literal>, which is no
+ longer supported.</para>
+ <para><filename>/etc/bootptab</filename> would use the
+ following syntax instead:</para>
+
+ <programlisting>T128="192.168.4.4:/netswapvolume/netswap":T129=0000fa00</programlisting>
+
+ <note><para>In <filename>/etc/bootptab</filename>, the swap
+ size must be expressed in hexadecimal format.</para></note>
+ </step>
+
+ <step>
+ <para>On the <acronym>NFS</acronym> swap file server, create the swap
+ file(s):</para>
+ <screen>
+&prompt.root; <userinput>mkdir <replaceable>/netswapvolume/netswap</replaceable></userinput>
+&prompt.root; <userinput>cd <replaceable>/netswapvolume/netswap</replaceable></userinput>
+&prompt.root; <userinput>dd if=/dev/zero bs=1024 count=<replaceable>64000</replaceable> of=swap.<replaceable>192.168.4.6</replaceable></userinput>
+&prompt.root; <userinput>chmod 0600 swap.<replaceable>192.168.4.6</replaceable></userinput>
+ </screen>
+ <para><replaceable>192.168.4.6</replaceable> is the IP address
+ for the diskless client.</para>
+ </step>
+
+ <step>
+ <para>On the <acronym>NFS</acronym> swap file server, add the following line to
+ <filename>/etc/exports</filename>:</para>
+ <programlisting>
+<replaceable>/netswapvolume</replaceable> -maproot=0:10 -alldirs <replaceable>margaux corbieres</replaceable>
+ </programlisting>
+ <para>Then tell <application>mountd</application> to reread the
+ <filename>exports</filename> file, as above.</para>
+ </step>
+ </procedure>
+ </sect4>
+
+ <sect4>
+ <title><acronym>NFS</acronym> Swap with &os&nbsp;5.X</title>
+
+ <para>The kernel does not support enabling <acronym>NFS</acronym>
+ swap at boot time. Swap must be enabled by the startup scripts,
+ by mounting a writeable file system and creating and enabling a
+ swap file. To create a swap file of appropriate size, you can do
+ like this:</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>/path/to/swapfile</replaceable> bs=1k count=1 oseek=<replaceable>100000</replaceable></userinput></screen>
+
+ <para>To enable it you have to add the following line to your
+ <filename>rc.conf</filename>:</para>
+
+ <programlisting>swapfile=<replaceable>/path/to/swapfile</replaceable></programlisting>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Miscellaneous Issues</title>
+
+
+ <sect4>
+ <title>Running with a Read-only <filename>/usr</filename></title>
+
+ <indexterm>
+ <primary>diskless operation</primary>
+ <secondary>/usr read-only</secondary>
+ </indexterm>
+
+ <para>If the diskless workstation is configured to run X, you
+ will have to adjust the <application>XDM</application> configuration file, which puts
+ the error log on <filename>/usr</filename> by default.</para>
+ </sect4>
+ <sect4>
+ <title>Using a Non-FreeBSD Server</title>
+
+ <para>When the server for the root file system is not running FreeBSD,
+ you will have to create the root file system on a
+ FreeBSD machine, then copy it to its destination, using
+ <command>tar</command> or <command>cpio</command>.</para>
+ <para>In this situation, there are sometimes
+ problems with the special files in <filename>/dev</filename>,
+ due to differing major/minor integer sizes. A solution to this
+ problem is to export a directory from the non-FreeBSD server,
+ mount this directory onto a FreeBSD machine, and run
+ <command>MAKEDEV</command> on the FreeBSD machine
+ to create the correct device entries (FreeBSD 5.0 and later
+ use &man.devfs.5; to allocate device nodes transparently for
+ the user, running <command>MAKEDEV</command> on these
+ versions is pointless).</para>
+
+ </sect4>
+
+ </sect3>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-isdn">
+ <title>ISDN</title>
+
+ <indexterm>
+ <primary>ISDN</primary>
+ </indexterm>
+
+ <para>A good resource for information on ISDN technology and hardware is
+ <ulink url="http://www.alumni.caltech.edu/~dank/isdn/">Dan Kegel's ISDN
+ Page</ulink>.</para>
+
+ <para>A quick simple road map to ISDN follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>If you live in Europe you might want to investigate the ISDN card
+ section.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you are planning to use ISDN primarily to connect to the
+ Internet with an Internet Provider on a dial-up non-dedicated basis,
+ you might look into Terminal Adapters. This will give you the
+ most flexibility, with the fewest problems, if you change
+ providers.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you are connecting two LANs together, or connecting to the
+ Internet with a dedicated ISDN connection, you might consider
+ the stand alone router/bridge option.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Cost is a significant factor in determining what solution you will
+ choose. The following options are listed from least expensive to most
+ expensive.</para>
+
+ <sect2 id="network-isdn-cards">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Hellmuth</firstname>
+ <surname>Michaelis</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>ISDN Cards</title>
+
+ <indexterm>
+ <primary>ISDN</primary>
+ <secondary>cards</secondary>
+ </indexterm>
+
+ <para>FreeBSD's ISDN implementation supports only the DSS1/Q.931
+ (or Euro-ISDN) standard using passive cards. Starting with
+ FreeBSD&nbsp;4.4, some active cards are supported where the firmware
+ also supports other signaling protocols; this also includes the
+ first supported Primary Rate (PRI) ISDN card.</para>
+
+ <para>The <application>isdn4bsd</application> software allows you to connect
+ to other ISDN routers using either IP over raw HDLC or by using
+ synchronous PPP: either by using kernel PPP with <literal>isppp</literal>, a
+ modified &man.sppp.4; driver, or by using userland &man.ppp.8;. By using
+ userland &man.ppp.8;, channel bonding of two or more ISDN
+ B-channels is possible. A telephone answering machine
+ application is also available as well as many utilities such as
+ a software 300 Baud modem.</para>
+
+ <para>Some growing number of PC ISDN cards are supported under
+ FreeBSD and the reports show that it is successfully used all
+ over Europe and in many other parts of the world.</para>
+
+ <para>The passive ISDN cards supported are mostly the ones with
+ the Infineon (formerly Siemens) ISAC/HSCX/IPAC ISDN chipsets,
+ but also ISDN cards with chips from Cologne Chip (ISA bus only),
+ PCI cards with Winbond W6692 chips, some cards with the
+ Tiger300/320/ISAC chipset combinations and some vendor specific
+ chipset based cards such as the AVM Fritz!Card PCI V.1.0 and the
+ AVM Fritz!Card PnP.</para>
+
+ <para>Currently the active supported ISDN cards are the AVM B1
+ (ISA and PCI) BRI cards and the AVM T1 PCI PRI cards.</para>
+
+ <para>For documentation on <application>isdn4bsd</application>,
+ have a look at <filename>/usr/share/examples/isdn/</filename>
+ directory on your FreeBSD system or at the <ulink
+ url="http://www.freebsd-support.de/i4b/">homepage of
+ isdn4bsd</ulink> which also has pointers to hints, erratas and
+ much more documentation such as the <ulink
+ url="http://people.FreeBSD.org/~hm/">isdn4bsd
+ handbook</ulink>.</para>
+
+ <para>In case you are interested in adding support for a
+ different ISDN protocol, a currently unsupported ISDN PC card or
+ otherwise enhancing <application>isdn4bsd</application>, please
+ get in touch with &a.hm;.</para>
+
+ <para>For questions regarding the installation, configuration
+ and troubleshooting <application>isdn4bsd</application>, a
+ &a.isdn.name; mailing list is available.</para>
+ </sect2>
+
+ <sect2>
+ <title>ISDN Terminal Adapters</title>
+
+ <para>Terminal adapters (TA), are to ISDN what modems are to regular
+ phone lines.</para>
+ <indexterm><primary>modem</primary></indexterm>
+ <para>Most TA's use the standard Hayes modem AT command set, and can be
+ used as a drop in replacement for a modem.</para>
+
+ <para>A TA will operate basically the same as a modem except connection
+ and throughput speeds will be much faster than your old modem. You
+ will need to configure <link linkend="ppp">PPP</link> exactly the same
+ as for a modem setup. Make sure you set your serial speed as high as
+ possible.</para>
+ <indexterm><primary>PPP</primary></indexterm>
+ <para>The main advantage of using a TA to connect to an Internet
+ Provider is that you can do Dynamic PPP. As IP address space becomes
+ more and more scarce, most providers are not willing to provide you
+ with a static IP anymore. Most stand-alone routers are not able to
+ accommodate dynamic IP allocation.</para>
+
+ <para>TA's completely rely on the PPP daemon that you are running for
+ their features and stability of connection. This allows you to
+ upgrade easily from using a modem to ISDN on a FreeBSD machine, if you
+ already have PPP set up. However, at the same time any problems you
+ experienced with the PPP program and are going to persist.</para>
+
+ <para>If you want maximum stability, use the kernel <link
+ linkend="ppp">PPP</link> option, not the <link
+ linkend="userppp">userland PPP</link>.</para>
+
+ <para>The following TA's are known to work with FreeBSD:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Motorola BitSurfer and Bitsurfer Pro</para>
+ </listitem>
+
+ <listitem>
+ <para>Adtran</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Most other TA's will probably work as well, TA vendors try to make
+ sure their product can accept most of the standard modem AT command
+ set.</para>
+
+ <para>The real problem with external TA's is that, like modems,
+ you need a good serial card in your computer.</para>
+
+ <para>You should read the <ulink
+ url="&url.articles.serial-uart;/index.html">FreeBSD Serial
+ Hardware</ulink> tutorial for a detailed understanding of
+ serial devices, and the differences between asynchronous and
+ synchronous serial ports.</para>
+
+ <para>A TA running off a standard PC serial port (asynchronous) limits
+ you to 115.2&nbsp;Kbs, even though you have a 128&nbsp;Kbs connection.
+ To fully utilize the 128&nbsp;Kbs that ISDN is capable of,
+ you must move the TA to a synchronous serial card.</para>
+
+ <para>Do not be fooled into buying an internal TA and thinking you have
+ avoided the synchronous/asynchronous issue. Internal TA's simply have
+ a standard PC serial port chip built into them. All this will do is
+ save you having to buy another serial cable and find another empty
+ electrical socket.</para>
+
+ <para>A synchronous card with a TA is at least as fast as a stand-alone
+ router, and with a simple 386 FreeBSD box driving it, probably more
+ flexible.</para>
+
+ <para>The choice of synchronous card/TA v.s. stand-alone router is largely a
+ religious issue. There has been some discussion of this in
+ the mailing lists. We suggest you search the <ulink
+ url="&url.base;/search/index.html">archives</ulink> for
+ the complete discussion.</para>
+ </sect2>
+
+ <sect2>
+ <title>Stand-alone ISDN Bridges/Routers</title>
+ <indexterm>
+ <primary>ISDN</primary>
+ <secondary>stand-alone bridges/routers</secondary>
+ </indexterm>
+ <para>ISDN bridges or routers are not at all specific to FreeBSD
+ or any other operating system. For a more complete
+ description of routing and bridging technology, please refer
+ to a networking reference book.</para>
+
+ <para>In the context of this section, the terms router and bridge will
+ be used interchangeably.</para>
+
+ <para>As the cost of low end ISDN routers/bridges comes down, it
+ will likely become a more and more popular choice. An ISDN
+ router is a small box that plugs directly into your local
+ Ethernet network, and manages its own connection to the other
+ bridge/router. It has built in software to communicate via
+ PPP and other popular protocols.</para>
+
+ <para>A router will allow you much faster throughput than a
+ standard TA, since it will be using a full synchronous ISDN
+ connection.</para>
+
+ <para>The main problem with ISDN routers and bridges is that
+ interoperability between manufacturers can still be a problem.
+ If you are planning to connect to an Internet provider, you
+ should discuss your needs with them.</para>
+
+ <para>If you are planning to connect two LAN segments together,
+ such as your home LAN to the office LAN, this is the simplest
+ lowest
+ maintenance solution. Since you are buying the equipment for
+ both sides of the connection you can be assured that the link
+ will work.</para>
+
+ <para>For example to connect a home computer or branch office
+ network to a head office network the following setup could be
+ used:</para>
+
+ <example>
+ <title>Branch Office or Home Network</title>
+
+ <indexterm><primary>10 base 2</primary></indexterm>
+ <para>Network uses a bus based topology with 10 base 2
+ Ethernet (<quote>thinnet</quote>). Connect router to network cable with
+ AUI/10BT transceiver, if necessary.</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="advanced-networking/isdn-bus">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced">---Sun workstation
+|
+---FreeBSD box
+|
+---Windows 95
+|
+Stand-alone router
+ |
+ISDN BRI line</literallayout>
+ </textobject>
+
+ <textobject>
+ <phrase>10 Base 2 Ethernet</phrase>
+ </textobject>
+ </mediaobject>
+
+ <para>If your home/branch office is only one computer you can use a
+ twisted pair crossover cable to connect to the stand-alone router
+ directly.</para>
+ </example>
+
+ <example>
+ <title>Head Office or Other LAN</title>
+
+ <indexterm><primary>10 base T</primary></indexterm>
+ <para>Network uses a star topology with 10 base T Ethernet
+ (<quote>Twisted Pair</quote>).</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="advanced-networking/isdn-twisted-pair">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced"> -------Novell Server
+ | H |
+ | ---Sun
+ | |
+ | U ---FreeBSD
+ | |
+ | ---Windows 95
+ | B |
+ |___---Stand-alone router
+ |
+ ISDN BRI line</literallayout>
+ </textobject>
+
+ <textobject>
+ <phrase>ISDN Network Diagram</phrase>
+ </textobject>
+ </mediaobject>
+ </example>
+
+ <para>One large advantage of most routers/bridges is that they allow you
+ to have 2 <emphasis>separate independent</emphasis> PPP connections to
+ 2 separate sites at the <emphasis>same</emphasis> time. This is not
+ supported on most TA's, except for specific (usually expensive) models
+ that
+ have two serial ports. Do not confuse this with channel bonding, MPP,
+ etc.</para>
+
+ <para>This can be a very useful feature if, for example, you
+ have an dedicated ISDN connection at your office and would
+ like to tap into it, but do not want to get another ISDN line
+ at work. A router at the office location can manage a
+ dedicated B channel connection (64&nbsp;Kbps) to the Internet
+ and use the other B channel for a separate data connection.
+ The second B channel can be used for dial-in, dial-out or
+ dynamically bonding (MPP, etc.) with the first B channel for
+ more bandwidth.</para>
+
+ <indexterm><primary>IPX/SPX</primary></indexterm>
+ <para>An Ethernet bridge will also allow you to transmit more than just
+ IP traffic. You can also send IPX/SPX or whatever other protocols you
+ use.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-natd">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Network Address Translation</title>
+
+ <sect2 id="network-natoverview">
+ <title>Overview</title>
+ <indexterm>
+ <primary><application>natd</application></primary>
+ </indexterm>
+ <para>FreeBSD's Network Address Translation daemon, commonly known as
+ &man.natd.8; is a daemon that accepts incoming raw IP packets,
+ changes the source to the local machine and re-injects these packets
+ back into the outgoing IP packet stream. &man.natd.8; does this by changing
+ the source IP address and port such that when data is received back,
+ it is able to determine the original location of the data and forward
+ it back to its original requester.</para>
+ <indexterm><primary>Internet connection sharing</primary></indexterm>
+ <indexterm><primary>NAT</primary></indexterm>
+ <para>The most common use of NAT is to perform what is commonly known as
+ Internet Connection Sharing.</para>
+ </sect2>
+
+ <sect2 id="network-natsetup">
+ <title>Setup</title>
+ <para>Due to the diminishing IP space in IPv4, and the increased number
+ of users on high-speed consumer lines such as cable or DSL, people are
+ increasingly in need of an Internet Connection Sharing solution. The
+ ability to connect several computers online through one connection and
+ IP address makes &man.natd.8; a reasonable choice.</para>
+
+ <para>Most commonly, a user has a machine connected to a cable or DSL
+ line with one IP address and wishes to use this one connected computer to
+ provide Internet access to several more over a LAN.</para>
+
+ <para>To do this, the FreeBSD machine on the Internet must act as a
+ gateway. This gateway machine must have two NICs&mdash;one for connecting
+ to the Internet router, the other connecting to a LAN. All the
+ machines on the LAN are connected through a hub or switch.</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="advanced-networking/natd">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced"> _______ __________ ________
+ | | | | | |
+ | Hub |-----| Client B |-----| Router |----- Internet
+ |_______| |__________| |________|
+ |
+ ____|_____
+| |
+| Client A |
+|__________|</literallayout>
+ </textobject>
+
+ <textobject>
+ <phrase>Network Layout</phrase>
+ </textobject>
+ </mediaobject>
+
+ <para>A setup like this is commonly used to share an Internet
+ connection. One of the <acronym>LAN</acronym> machines is
+ connected to the Internet. The rest of the machines access
+ the Internet through that <quote>gateway</quote>
+ machine.</para>
+ </sect2>
+
+ <sect2 id="network-natdkernconfiguration">
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+ <title>Configuration</title>
+ <para>The following options must be in the kernel configuration
+ file:</para>
+ <programlisting>options IPFIREWALL
+options IPDIVERT</programlisting>
+
+ <para>Additionally, at choice, the following may also be suitable:</para>
+ <programlisting>options IPFIREWALL_DEFAULT_TO_ACCEPT
+options IPFIREWALL_VERBOSE</programlisting>
+
+ <para>The following must be in <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>gateway_enable="YES" <co id="co-natd-gateway-enable">
+firewall_enable="YES" <co id="co-natd-firewall-enable">
+firewall_type="OPEN" <co id="co-natd-firewall-type">
+natd_enable="YES"
+natd_interface="<replaceable>fxp0</replaceable>" <co id="co-natd-natd-interface">
+natd_flags="" <co id="co-natd-natd-flags"></programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-natd-gateway-enable">
+ <para>Sets up the machine to act as a gateway. Running
+ <command>sysctl net.inet.ip.forwarding=1</command> would
+ have the same effect.</para>
+ </callout>
+
+ <callout arearefs="co-natd-firewall-enable">
+ <para>Enables the firewall rules in
+ <filename>/etc/rc.firewall</filename> at boot.</para>
+ </callout>
+
+ <callout arearefs="co-natd-firewall-type">
+ <para>This specifies a predefined firewall ruleset that
+ allows anything in. See
+ <filename>/etc/rc.firewall</filename> for additional
+ types.</para>
+ </callout>
+
+ <callout arearefs="co-natd-natd-interface">
+ <para>Indicates which interface to forward packets through
+ (the interface connected to the Internet).</para>
+ </callout>
+
+ <callout arearefs="co-natd-natd-flags">
+ <para>Any additional configuration options passed to
+ &man.natd.8; on boot.</para>
+ </callout>
+ </calloutlist>
+
+ <para>Having the previous options defined in
+ <filename>/etc/rc.conf</filename> would run
+ <command>natd -interface fxp0</command> at boot. This can also
+ be run manually.</para>
+
+ <note>
+ <para>It is also possible to use a configuration file for
+ &man.natd.8; when there are too many options to pass. In this
+ case, the configuration file must be defined by adding the
+ following line to <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>natd_flags="-f /etc/natd.conf"</programlisting>
+
+ <para>The <filename>/etc/natd.conf</filename> file will
+ contain a list of configuration options, one per line. For
+ example the next section case would use the following
+ file:</para>
+
+ <programlisting>redirect_port tcp 192.168.0.2:6667 6667
+redirect_port tcp 192.168.0.3:80 80</programlisting>
+
+ <para>For more information about the configuration file,
+ consult the &man.natd.8; manual page about the
+ <option>-f</option> option.</para>
+ </note>
+
+ <para>Each machine and interface behind the LAN should be
+ assigned IP address numbers in the private network space as
+ defined by <ulink
+ url="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC 1918</ulink>
+ and have a default gateway of the <application>natd</application> machine's internal IP
+ address.</para>
+
+ <para>For example, client <hostid>A</hostid> and
+ <hostid>B</hostid> behind the LAN have IP addresses of <hostid
+ role="ipaddr">192.168.0.2</hostid> and <hostid
+ role="ipaddr">192.168.0.3</hostid>, while the natd machine's
+ LAN interface has an IP address of <hostid
+ role="ipaddr">192.168.0.1</hostid>. Client <hostid>A</hostid>
+ and <hostid>B</hostid>'s default gateway must be set to that
+ of the <application>natd</application> machine, <hostid
+ role="ipaddr">192.168.0.1</hostid>. The <application>natd</application> machine's
+ external, or Internet interface does not require any special
+ modification for &man.natd.8; to work.</para>
+ </sect2>
+
+ <sect2 id="network-natdport-redirection">
+ <title>Port Redirection</title>
+
+ <para>The drawback with &man.natd.8; is that the LAN clients are not accessible
+ from the Internet. Clients on the LAN can make outgoing connections to
+ the world but cannot receive incoming ones. This presents a problem
+ if trying to run Internet services on one of the LAN client machines.
+ A simple way around this is to redirect selected Internet ports on the
+ <application>natd</application> machine to a LAN client.
+ </para>
+
+ <para>For example, an IRC server runs on client <hostid>A</hostid>, and a web server runs
+ on client <hostid>B</hostid>. For this to work properly, connections received on ports
+ 6667 (IRC) and 80 (web) must be redirected to the respective machines.
+ </para>
+
+ <para>The <option>-redirect_port</option> must be passed to
+ &man.natd.8; with the proper options. The syntax is as follows:</para>
+ <programlisting> -redirect_port proto targetIP:targetPORT[-targetPORT]
+ [aliasIP:]aliasPORT[-aliasPORT]
+ [remoteIP[:remotePORT[-remotePORT]]]</programlisting>
+
+ <para>In the above example, the argument should be:</para>
+
+ <programlisting> -redirect_port tcp 192.168.0.2:6667 6667
+ -redirect_port tcp 192.168.0.3:80 80</programlisting>
+
+ <para>
+ This will redirect the proper <emphasis>tcp</emphasis> ports to the
+ LAN client machines.
+ </para>
+
+ <para>The <option>-redirect_port</option> argument can be used to indicate port
+ ranges over individual ports. For example, <replaceable>tcp
+ 192.168.0.2:2000-3000 2000-3000</replaceable> would redirect
+ all connections received on ports 2000 to 3000 to ports 2000
+ to 3000 on client <hostid>A</hostid>.</para>
+
+ <para>These options can be used when directly running
+ &man.natd.8;, placed within the
+ <literal>natd_flags=""</literal> option in
+ <filename>/etc/rc.conf</filename>,
+ or passed via a configuration file.</para>
+
+ <para>For further configuration options, consult &man.natd.8;</para>
+ </sect2>
+
+ <sect2 id="network-natdaddress-redirection">
+ <title>Address Redirection</title>
+ <indexterm><primary>address redirection</primary></indexterm>
+ <para>Address redirection is useful if several IP addresses are
+ available, yet they must be on one machine. With this,
+ &man.natd.8; can assign each LAN client its own external IP address.
+ &man.natd.8; then rewrites outgoing packets from the LAN clients
+ with the proper external IP address and redirects
+ all traffic incoming on that particular IP address back to
+ the specific LAN client. This is also known as static NAT.
+ For example, the IP addresses <hostid role="ipaddr">128.1.1.1</hostid>,
+ <hostid role="ipaddr">128.1.1.2</hostid>, and
+ <hostid role="ipaddr">128.1.1.3</hostid> belong to the <application>natd</application> gateway
+ machine. <hostid role="ipaddr">128.1.1.1</hostid> can be used
+ as the <application>natd</application> gateway machine's external IP address, while
+ <hostid role="ipaddr">128.1.1.2</hostid> and
+ <hostid role="ipaddr">128.1.1.3</hostid> are forwarded back to LAN
+ clients <hostid>A</hostid> and <hostid>B</hostid>.</para>
+
+ <para>The <option>-redirect_address</option> syntax is as follows:</para>
+
+ <programlisting>-redirect_address localIP publicIP</programlisting>
+
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <tbody>
+ <row>
+ <entry>localIP</entry>
+ <entry>The internal IP address of the LAN client.</entry>
+ </row>
+ <row>
+ <entry>publicIP</entry>
+ <entry>The external IP address corresponding to the LAN client.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>In the example, this argument would read:</para>
+
+ <programlisting>-redirect_address 192.168.0.2 128.1.1.2
+-redirect_address 192.168.0.3 128.1.1.3</programlisting>
+
+ <para>Like <option>-redirect_port</option>, these arguments are also placed within
+ the <literal>natd_flags=""</literal> option of <filename>/etc/rc.conf</filename>, or passed via a configuration file. With address
+ redirection, there is no need for port redirection since all data
+ received on a particular IP address is redirected.</para>
+
+ <para>The external IP addresses on the <application>natd</application> machine must be active and aliased
+ to the external interface. Look at &man.rc.conf.5; to do so.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-plip">
+ <title>Parallel Line IP (PLIP)</title>
+
+ <indexterm><primary>PLIP</primary></indexterm>
+ <indexterm>
+ <primary>Parallel Line IP</primary>
+ <see>PLIP</see>
+ </indexterm>
+
+ <para>PLIP lets us run TCP/IP between parallel ports. It is
+ useful on machines without network cards, or to install on
+ laptops. In this section, we will discuss:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Creating a parallel (laplink) cable.</para>
+ </listitem>
+
+ <listitem>
+ <para>Connecting two computers with PLIP.</para>
+ </listitem>
+ </itemizedlist>
+
+ <sect2 id="network-create-parallel-cable">
+ <title>Creating a Parallel Cable</title>
+
+ <para>You can purchase a parallel cable at most computer supply
+ stores. If you cannot do that, or you just want to know how
+ it is done, the following table shows how to make one out of a normal parallel
+ printer cable.</para>
+
+ <table frame="none">
+ <title>Wiring a Parallel Cable for Networking</title>
+
+ <tgroup cols="5">
+ <thead>
+ <row>
+ <entry>A-name</entry>
+
+ <entry>A-End</entry>
+
+ <entry>B-End</entry>
+
+ <entry>Descr.</entry>
+
+ <entry>Post/Bit</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literallayout>DATA0
+-ERROR</literallayout></entry>
+
+ <entry><literallayout>2
+15</literallayout></entry>
+
+ <entry><literallayout>15
+2</literallayout></entry>
+
+ <entry>Data</entry>
+
+ <entry><literallayout>0/0x01
+1/0x08</literallayout></entry>
+ </row>
+
+ <row>
+ <entry><literallayout>DATA1
++SLCT</literallayout></entry>
+
+ <entry><literallayout>3
+13</literallayout></entry>
+
+ <entry><literallayout>13
+3</literallayout></entry>
+
+ <entry>Data</entry>
+
+ <entry><literallayout>0/0x02
+1/0x10</literallayout></entry>
+ </row>
+
+ <row>
+ <entry><literallayout>DATA2
++PE</literallayout></entry>
+
+ <entry><literallayout>4
+12</literallayout></entry>
+
+ <entry><literallayout>12
+4</literallayout></entry>
+
+ <entry>Data</entry>
+
+ <entry><literallayout>0/0x04
+1/0x20</literallayout></entry>
+ </row>
+
+ <row>
+ <entry><literallayout>DATA3
+-ACK</literallayout></entry>
+
+ <entry><literallayout>5
+10</literallayout></entry>
+
+ <entry><literallayout>10
+5</literallayout></entry>
+
+ <entry>Strobe</entry>
+
+ <entry><literallayout>0/0x08
+1/0x40</literallayout></entry>
+ </row>
+
+ <row>
+ <entry><literallayout>DATA4
+BUSY</literallayout></entry>
+
+ <entry><literallayout>6
+11</literallayout></entry>
+
+ <entry><literallayout>11
+6</literallayout></entry>
+
+ <entry>Data</entry>
+
+ <entry><literallayout>0/0x10
+1/0x80</literallayout></entry>
+ </row>
+
+ <row>
+ <entry>GND</entry>
+
+ <entry>18-25</entry>
+
+ <entry>18-25</entry>
+
+ <entry>GND</entry>
+
+ <entry>-</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect2>
+
+ <sect2 id="network-plip-setup">
+ <title>Setting Up PLIP</title>
+
+ <para>First, you have to get a laplink cable.
+ Then, confirm that both computers have a kernel with &man.lpt.4; driver
+ support:</para>
+
+ <screen>&prompt.root; <userinput>grep lp /var/run/dmesg.boot</userinput>
+lpt0: &lt;Printer&gt; on ppbus0
+lpt0: Interrupt-driven port</screen>
+
+ <para>The parallel port must be an interrupt driven port, under
+ &os;&nbsp;4.X, you should have a line similar to the
+ following in your kernel configuration file:</para>
+
+ <programlisting>device ppc0 at isa? irq 7</programlisting>
+
+ <para>Under &os;&nbsp;5.X, the
+ <filename>/boot/device.hints</filename> file should contain the
+ following lines:</para>
+
+ <programlisting>hint.ppc.0.at="isa"
+hint.ppc.0.irq="7"</programlisting>
+
+ <para>Then check if the kernel configuration file has a
+ <literal>device plip</literal> line or if the
+ <filename>plip.ko</filename> kernel module is loaded. In both
+ cases the parallel networking interface should appear when you
+ directly use the &man.ifconfig.8; command. Under
+ &os;&nbsp;4.X like this:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig lp0</userinput>
+lp0: flags=8810&lt;POINTOPOINT,SIMPLEX,MULTICAST&gt; mtu 1500</screen>
+
+ <para>and for &os;&nbsp;5.X:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig plip0</userinput>
+plip0: flags=8810&lt;POINTOPOINT,SIMPLEX,MULTICAST&gt; mtu 1500</screen>
+
+ <note><para>The device name used for parallel interface is
+ different between &os;&nbsp;4.X
+ (<devicename>lp<replaceable>X</replaceable></devicename>)
+ and &os;&nbsp;5.X
+ (<devicename>plip<replaceable>X</replaceable></devicename>).</para></note>
+
+ <para>Plug in the laplink cable into the parallel interface on
+ both computers.</para>
+
+ <para>Configure the network interface parameters on both
+ sites as <username>root</username>. For example, if you want connect
+ the host <hostid>host1</hostid> running &os;&nbsp;4.X with <hostid>host2</hostid> running &os;&nbsp;5.X:</para>
+
+ <programlisting> host1 &lt;-----&gt; host2
+IP Address 10.0.0.1 10.0.0.2</programlisting>
+
+ <para>Configure the interface on <hostid>host1</hostid> by doing:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig lp0 10.0.0.1 10.0.0.2</userinput></screen>
+
+ <para>Configure the interface on <hostid>host2</hostid> by doing:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig plip0 10.0.0.2 10.0.0.1</userinput></screen>
+
+
+ <para>You now should have a working connection. Please read the
+ manual pages &man.lp.4; and &man.lpt.4; for more details.</para>
+
+ <para>You should also add both hosts to
+ <filename>/etc/hosts</filename>:</para>
+
+ <programlisting>127.0.0.1 localhost.my.domain localhost
+10.0.0.1 host1.my.domain host1
+10.0.0.2 host2.my.domain</programlisting>
+
+ <para>To confirm the connection works, go to each host and ping
+ the other. For example, on <hostid>host1</hostid>:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig lp0</userinput>
+lp0: flags=8851&lt;UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
+ inet 10.0.0.1 --&gt; 10.0.0.2 netmask 0xff000000
+&prompt.root; <userinput>netstat -r</userinput>
+Routing tables
+
+Internet:
+Destination Gateway Flags Refs Use Netif Expire
+host2 host1 UH 0 0 lp0
+&prompt.root; <userinput>ping -c 4 host2</userinput>
+PING host2 (10.0.0.2): 56 data bytes
+64 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=2.774 ms
+64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=2.530 ms
+64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=2.556 ms
+64 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=2.714 ms
+
+--- host2 ping statistics ---
+4 packets transmitted, 4 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 2.530/2.643/2.774/0.103 ms</screen>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-ipv6">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Aaron</firstname>
+ <surname>Kaplan</surname>
+ <contrib>Originally Written by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Restructured and Added by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Brad</firstname>
+ <surname>Davis</surname>
+ <contrib>Extended by </contrib>
+ </author>
+ </authorgroup>
+
+ </sect1info>
+
+ <title>IPv6</title>
+ <para>IPv6 (also know as IPng <quote>IP next generation</quote>) is
+ the new version of the well known IP protocol (also know as
+ <acronym>IPv4</acronym>). Like the other current *BSD systems,
+ FreeBSD includes the KAME IPv6 reference implementation.
+ So your FreeBSD system comes with all you will need to experiment with IPv6.
+ This section focuses on getting IPv6 configured and running.</para>
+
+ <para>In the early 1990s, people became aware of the rapidly
+ diminishing address space of IPv4. Given the expansion rate of the
+ Internet there were two major concerns:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Running out of addresses. Today this is not so much of a concern
+ anymore since private address spaces
+ (<hostid role="ipaddr">10.0.0.0/8</hostid>,
+ <hostid role="ipaddr">192.168.0.0/24</hostid>,
+ etc.) and Network Address Translation (<acronym>NAT</acronym>) are
+ being employed.</para>
+ </listitem>
+
+ <listitem>
+ <para>Router table entries were getting too large. This is
+ still a concern today.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>IPv6 deals with these and many other issues:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>128 bit address space. In other words theoretically there are
+ 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
+ available. This means there are approximately
+ 6.67 * 10^27 IPv6 addresses per square meter on our planet.</para>
+ </listitem>
+
+ <listitem>
+ <para>Routers will only store network aggregation addresses in their routing
+ tables thus reducing the average space of a routing table to 8192
+ entries.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>There are also lots of other useful features of IPv6 such as:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Address autoconfiguration (<ulink
+ url="http://www.ietf.org/rfc/rfc2462.txt">RFC2462</ulink>)</para>
+ </listitem>
+
+ <listitem>
+ <para>Anycast addresses (<quote>one-out-of many</quote>)</para>
+ </listitem>
+
+ <listitem>
+ <para>Mandatory multicast addresses</para>
+ </listitem>
+
+ <listitem>
+ <para>IPsec (IP security)</para>
+ </listitem>
+
+ <listitem>
+ <para>Simplified header structure</para>
+ </listitem>
+
+ <listitem>
+ <para>Mobile <acronym>IP</acronym></para>
+ </listitem>
+
+ <listitem>
+ <para>IPv6-to-IPv4 transition mechanisms</para>
+ </listitem>
+ </itemizedlist>
+
+
+ <para>For more information see:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>IPv6 overview at <ulink url="http://playground.sun.com/pub/ipng/html/ipng-main.html">playground.sun.com</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.kame.net">KAME.net</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.6bone.net">6bone.net</ulink></para>
+ </listitem>
+ </itemizedlist>
+
+ <sect2>
+ <title>Background on IPv6 Addresses</title>
+ <para>There are different types of IPv6 addresses: Unicast, Anycast and
+ Multicast.</para>
+
+ <para>Unicast addresses are the well known addresses. A packet sent
+ to a unicast address arrives exactly at the interface belonging to
+ the address.</para>
+
+ <para>Anycast addresses are syntactically indistinguishable from unicast
+ addresses but they address a group of interfaces. The packet destined for
+ an anycast address will arrive at the nearest (in router metric)
+ interface. Anycast addresses may only be used by routers.</para>
+
+ <para>Multicast addresses identify a group of interfaces. A packet destined
+ for a multicast address will arrive at all interfaces belonging to the
+ multicast group.</para>
+
+ <note><para>The IPv4 broadcast address (usually <hostid role="ipaddr">xxx.xxx.xxx.255</hostid>) is expressed
+ by multicast addresses in IPv6.</para></note>
+
+ <table frame="none">
+ <title>Reserved IPv6 addresses</title>
+
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>IPv6 address</entry>
+ <entry>Prefixlength (Bits)</entry>
+ <entry>Description</entry>
+ <entry>Notes</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><hostid role="ip6addr">::</hostid></entry>
+ <entry>128 bits</entry>
+ <entry>unspecified</entry>
+ <entry>cf. <hostid role="ipaddr">0.0.0.0</hostid> in
+ IPv4</entry>
+ </row>
+
+ <row>
+ <entry><hostid role="ip6addr">::1</hostid></entry>
+ <entry>128 bits</entry>
+ <entry>loopback address</entry>
+ <entry>cf. <hostid role="ipaddr">127.0.0.1</hostid> in
+ IPv4</entry>
+ </row>
+
+ <row>
+ <entry><hostid
+ role="ip6addr">::00:xx:xx:xx:xx</hostid></entry>
+ <entry>96 bits</entry>
+ <entry>embedded IPv4</entry>
+ <entry>The lower 32 bits are the IPv4 address. Also
+ called <quote>IPv4 compatible IPv6
+ address</quote></entry>
+ </row>
+
+ <row>
+ <entry><hostid
+ role="ip6addr">::ff:xx:xx:xx:xx</hostid></entry>
+ <entry>96 bits</entry>
+ <entry>IPv4 mapped IPv6 address</entry>
+ <entry>The lower 32 bits are the IPv4 address.
+ For hosts which do not support IPv6.</entry>
+ </row>
+
+ <row>
+ <entry><hostid role="ip6addr">fe80::</hostid> - <hostid
+ role="ip6addr">feb::</hostid></entry>
+ <entry>10 bits</entry>
+ <entry>link-local</entry>
+ <entry>cf. loopback address in IPv4</entry>
+ </row>
+
+ <row>
+ <entry><hostid role="ip6addr">fec0::</hostid> - <hostid
+ role="ip6addr">fef::</hostid></entry>
+ <entry>10 bits</entry>
+ <entry>site-local</entry>
+ <entry>&nbsp;</entry>
+ </row>
+
+ <row>
+ <entry><hostid role="ip6addr">ff::</hostid></entry>
+ <entry>8 bits</entry>
+ <entry>multicast</entry>
+ <entry>&nbsp;</entry>
+ </row>
+
+ <row>
+ <entry><hostid role="ip6addr">001</hostid> (base
+ 2)</entry>
+ <entry>3 bits</entry>
+ <entry>global unicast</entry>
+ <entry>All global unicast addresses are assigned from
+ this pool. The first 3 bits are
+ <quote>001</quote>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect2>
+
+ <sect2>
+ <title>Reading IPv6 Addresses</title>
+ <para>The canonical form is represented as: <hostid role="ip6addr">x:x:x:x:x:x:x:x</hostid>, each
+ <quote>x</quote> being a 16 Bit hex value. For example
+ <hostid role="ip6addr">FEBC:A574:382B:23C1:AA49:4592:4EFE:9982</hostid></para>
+
+ <para>Often an address will have long substrings of all zeros
+ therefore one such substring per address can be abbreviated by <quote>::</quote>.
+ Also up to three leading <quote>0</quote>s per hexquad can be omitted.
+ For example <hostid role="ip6addr">fe80::1</hostid>
+ corresponds to the canonical form
+ <hostid role="ip6addr">fe80:0000:0000:0000:0000:0000:0000:0001</hostid>.</para>
+
+ <para>A third form is to write the last 32 Bit part in the
+ well known (decimal) IPv4 style with dots <quote>.</quote>
+ as separators. For example
+ <hostid role="ip6addr">2002::10.0.0.1</hostid>
+ corresponds to the (hexadecimal) canonical representation
+ <hostid role="ip6addr">2002:0000:0000:0000:0000:0000:0a00:0001</hostid>
+ which in turn is equivalent to
+ writing <hostid role="ip6addr">2002::a00:1</hostid>.</para>
+
+ <para>By now the reader should be able to understand the following:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig</userinput></screen>
+
+ <programlisting>rl0: flags=8943&lt;UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST&gt; mtu 1500
+ inet 10.0.0.10 netmask 0xffffff00 broadcast 10.0.0.255
+ inet6 fe80::200:21ff:fe03:8e1%rl0 prefixlen 64 scopeid 0x1
+ ether 00:00:21:03:08:e1
+ media: Ethernet autoselect (100baseTX )
+ status: active</programlisting>
+
+ <para><hostid role="ip6addr">fe80::200:21ff:fe03:8e1%rl0</hostid>
+ is an auto configured link-local address. It is generated from the MAC
+ address as part of the auto configuration.</para>
+
+ <para>For further information on the structure of IPv6 addresses
+ see <ulink
+ url="http://www.ietf.org/rfc/rfc3513.txt">RFC3513</ulink>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Getting Connected</title>
+
+ <para>Currently there are four ways to connect to other IPv6 hosts and networks:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Join the experimental 6bone</para>
+ </listitem>
+
+ <listitem>
+ <para>Getting an IPv6 network from your upstream provider. Talk to your
+ Internet provider for instructions.</para>
+ </listitem>
+
+ <listitem>
+ <para>Tunnel via 6-to-4 (<ulink
+ url="http://www.ietf.org/rfc/rfc3068.txt">RFC3068</ulink>)</para>
+ </listitem>
+
+ <listitem>
+ <para>Use the <filename role="package">net/freenet6</filename> port if you are on a dial-up connection.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Here we will talk on how to connect to the 6bone since it currently seems
+ to be the most popular way.</para>
+
+ <para>First take a look at the <ulink url="http://www.6bone.net/">6bone</ulink> site and find a 6bone connection nearest to
+ you. Write to the responsible person and with a little bit of luck you
+ will be given instructions on how to set up your connection. Usually this
+ involves setting up a GRE (gif) tunnel.</para>
+
+ <para>Here is a typical example on setting up a &man.gif.4; tunnel:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig gif0 create</userinput>
+&prompt.root; <userinput>ifconfig gif0</userinput>
+gif0: flags=8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1280
+&prompt.root; <userinput>ifconfig gif0 tunnel <replaceable>MY_IPv4_ADDR</replaceable> <replaceable>HIS_IPv4_ADDR</replaceable></userinput>
+&prompt.root; <userinput>ifconfig gif0 inet6 alias <replaceable>MY_ASSIGNED_IPv6_TUNNEL_ENDPOINT_ADDR</replaceable></userinput></screen>
+
+ <para>Replace the capitalized words by the information you received from the
+ upstream 6bone node.</para>
+
+ <para>This establishes the tunnel. Check if the tunnel is working by &man.ping6.8;
+ 'ing <hostid role="ip6addr">ff02::1%gif0</hostid>. You should receive two ping replies.</para>
+
+ <note><para>In case you are intrigued by the address <hostid role="ip6addr">ff02:1%gif0</hostid>, this is a
+ multicast address. <literal>%gif0</literal> states that the multicast address at network
+ interface <devicename>gif0</devicename> is to be used. Since we <command>ping</command> a multicast address the
+ other endpoint of the tunnel should reply as well.</para></note>
+
+ <para>By now setting up a route to your 6bone uplink should be rather
+ straightforward:</para>
+
+ <screen>&prompt.root; <userinput>route add -inet6 default -interface gif0</userinput>
+&prompt.root; <userinput>ping6 -n <replaceable>MY_UPLINK</replaceable></userinput></screen>
+
+ <screen>&prompt.root; <userinput>traceroute6 www.jp.FreeBSD.org</userinput>
+(3ffe:505:2008:1:2a0:24ff:fe57:e561) from 3ffe:8060:100::40:2, 30 hops max, 12 byte packets
+ 1 atnet-meta6 14.147 ms 15.499 ms 24.319 ms
+ 2 6bone-gw2-ATNET-NT.ipv6.tilab.com 103.408 ms 95.072 ms *
+ 3 3ffe:1831:0:ffff::4 138.645 ms 134.437 ms 144.257 ms
+ 4 3ffe:1810:0:6:290:27ff:fe79:7677 282.975 ms 278.666 ms 292.811 ms
+ 5 3ffe:1800:0:ff00::4 400.131 ms 396.324 ms 394.769 ms
+ 6 3ffe:1800:0:3:290:27ff:fe14:cdee 394.712 ms 397.19 ms 394.102 ms</screen>
+
+ <para>This output will differ from machine to machine. By now you should be
+ able to reach the IPv6 site <ulink url="http://www.kame.net">www.kame.net</ulink>
+ and see the dancing tortoise &mdash; that is if you have a IPv6 enabled browser such as
+ <filename role="package">www/mozilla</filename>, <application>Konqueror</application>,
+ which is part of <filename role="package">x11/kdebase3</filename>,
+ or <filename role="package">www/epiphany</filename>.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>DNS in the IPv6 World</title>
+
+ <para>There used to be two types of DNS records for IPv6. The IETF
+ has declared A6 records obsolete. AAAA records are the standard
+ now.</para>
+
+ <para>Using AAAA records is straightforward. Assign your hostname to the new
+ IPv6 address you just received by adding:</para>
+
+ <programlisting>MYHOSTNAME AAAA MYIPv6ADDR</programlisting>
+
+ <para>To your primary zone DNS file. In case you do not serve your own
+ <acronym>DNS</acronym> zones ask your <acronym>DNS</acronym> provider.
+ Current versions of <application>bind</application> (version 8.3 and 9)
+ and <filename role="package">dns/djbdns</filename> (with the IPv6 patch)
+ support AAAA records.</para>
+ </sect2>
+
+ <sect2>
+ <title>Applying the needed changes to <filename>/etc/rc.conf</filename></title>
+
+ <sect3>
+ <title>IPv6 Client Settings</title>
+
+ <para>These settings will help you configure a machine that will be on
+ your LAN and act as a client, not a router. To have &man.rtsol.8;
+ autoconfigure your interface on boot all you need to add is:</para>
+
+ <programlisting>ipv6_enable="YES"</programlisting>
+
+ <para>To statically assign an IP address such as <hostid role="ip6addr">
+ 2001:471:1f11:251:290:27ff:fee0:2093</hostid>, to your
+ <devicename>fxp0</devicename> interface, add:</para>
+
+ <programlisting>ipv6_ifconfig_fxp0="2001:471:1f11:251:290:27ff:fee0:2093"</programlisting>
+
+ <para>To assign a default router of
+ <hostid role="ip6addr">2001:471:1f11:251::1</hostid>
+ add the following to <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>ipv6_defaultrouter="2001:471:1f11:251::1"</programlisting>
+
+ </sect3>
+
+ <sect3>
+ <title>IPv6 Router/Gateway Settings</title>
+
+ <para>This will help you take the directions that your tunnel provider,
+ such as the <ulink url="http://www.6bone.net/">6bone</ulink>, has
+ given you and convert it into settings that will persist through reboots.
+ To restore your tunnel on startup use something like the following in
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <para>List the Generic Tunneling interfaces that will be configured, for
+ example <devicename>gif0</devicename>:</para>
+
+ <programlisting>gif_interfaces="gif0"</programlisting>
+
+ <para>To configure the interface with a local endpoint of
+ <replaceable>MY_IPv4_ADDR</replaceable> to a remote endpoint of
+ <replaceable>REMOTE_IPv4_ADDR</replaceable>:</para>
+
+ <programlisting>gifconfig_gif0="<replaceable>MY_IPv4_ADDR REMOTE_IPv4_ADDR</replaceable>"</programlisting>
+
+ <para>To apply the IPv6 address you have been assigned for use as your
+ IPv6 tunnel endpoint, add:</para>
+
+ <programlisting>ipv6_ifconfig_gif0="<replaceable>MY_ASSIGNED_IPv6_TUNNEL_ENDPOINT_ADDR</replaceable>"</programlisting>
+
+ <para>Then all you have to do is set the default route for IPv6. This is
+ the other side of the IPv6 tunnel:</para>
+
+ <programlisting>ipv6_defaultrouter="<replaceable>MY_IPv6_REMOTE_TUNNEL_ENDPOINT_ADDR</replaceable>"</programlisting>
+
+ </sect3>
+
+ <sect3>
+ <title>IPv6 Tunnel Settings</title>
+
+ <para>If the server is to route IPv6 between the rest of your network
+ and the world, the following <filename>/etc/rc.conf</filename>
+ setting will also be needed:</para>
+
+ <programlisting>ipv6_gateway_enable="YES"</programlisting>
+
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Router Advertisement and Host Auto Configuration</title>
+
+ <para>This section will help you setup &man.rtadvd.8; to advertise the
+ IPv6 default route.</para>
+
+ <para>To enable &man.rtadvd.8; you will need the following in your
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>rtadvd_enable="YES"</programlisting>
+
+ <para>It is important that you specify the interface on which to do
+ IPv6 router solicitation. For example to tell &man.rtadvd.8; to use
+ <devicename>fxp0</devicename>:</para>
+
+ <programlisting>rtadvd_interfaces="fxp0"</programlisting>
+
+ <para>Now we must create the configuration file,
+ <filename>/etc/rtadvd.conf</filename>. Here is an example:</para>
+
+ <programlisting>fxp0:\
+ :addrs#1:addr="2001:471:1f11:246::":prefixlen#64:tc=ether:</programlisting>
+
+ <para>Replace <devicename>fxp0</devicename> with the interface you
+ are going to be using.</para>
+
+ <para>Next, replace <hostid role="ip6addr">2001:471:1f11:246::</hostid>
+ with the prefix of your allocation.</para>
+
+ <para>If you are dedicated a <hostid role="netmask">/64</hostid> subnet
+ you will not need to change anything else. Otherwise, you will need to
+ change the <literal>prefixlen#</literal> to the correct value.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-atm">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Harti</firstname>
+ <surname>Brandt</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Asynchronous Transfer Mode (ATM)</title>
+
+ <sect2>
+ <title>Configuring classical IP over ATM (PVCs)</title>
+
+ <para>Classical IP over ATM (<acronym>CLIP</acronym>) is the
+ simplest method to use Asynchronous Transfer Mode (ATM)
+ with IP. It can be used with
+ switched connections (SVCs) and with permanent connections
+ (PVCs). This section describes how to set up a network based
+ on PVCs.</para>
+
+ <sect3>
+ <title>Fully meshed configurations</title>
+
+ <para>The first method to set up a <acronym>CLIP</acronym> with
+ PVCs is to connect each machine to each other machine in the
+ network via a dedicated PVC. While this is simple to
+ configure it tends to become impractical for a larger number
+ of machines. The example supposes that we have four
+ machines in the network, each connected to the <acronym role="Asynchronous Transfer Mode">ATM</acronym> network
+ with an <acronym role="Asynchronous Transfer Mode">ATM</acronym> adapter card. The first step is the planning of
+ the IP addresses and the <acronym role="Asynchronous
+ Transfer Mode">ATM</acronym> connections between the
+ machines. We use the following:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="1*">
+ <thead>
+ <row>
+ <entry>Host</entry>
+ <entry>IP Address</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><hostid>hostA</hostid></entry>
+ <entry><hostid role="ipaddr">192.168.173.1</hostid></entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostB</hostid></entry>
+ <entry><hostid role="ipaddr">192.168.173.2</hostid></entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostC</hostid></entry>
+ <entry><hostid role="ipaddr">192.168.173.3</hostid></entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostD</hostid></entry>
+ <entry><hostid role="ipaddr">192.168.173.4</hostid></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>To build a fully meshed net we need one ATM connection
+ between each pair of machines:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="1*">
+ <thead>
+ <row>
+ <entry>Machines</entry>
+ <entry>VPI.VCI couple</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><hostid>hostA</hostid> - <hostid>hostB</hostid></entry>
+ <entry>0.100</entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostA</hostid> - <hostid>hostC</hostid></entry>
+ <entry>0.101</entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostA</hostid> - <hostid>hostD</hostid></entry>
+ <entry>0.102</entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostB</hostid> - <hostid>hostC</hostid></entry>
+ <entry>0.103</entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostB</hostid> - <hostid>hostD</hostid></entry>
+ <entry>0.104</entry>
+ </row>
+
+ <row>
+ <entry><hostid>hostC</hostid> - <hostid>hostD</hostid></entry>
+ <entry>0.105</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>The VPI and VCI values at each end of the connection may
+ of course differ, but for simplicity we assume that they are
+ the same. Next we need to configure the ATM interfaces on
+ each host:</para>
+
+ <screen>hostA&prompt.root; <userinput>ifconfig hatm0 192.168.173.1 up</userinput>
+hostB&prompt.root; <userinput>ifconfig hatm0 192.168.173.2 up</userinput>
+hostC&prompt.root; <userinput>ifconfig hatm0 192.168.173.3 up</userinput>
+hostD&prompt.root; <userinput>ifconfig hatm0 192.168.173.4 up</userinput></screen>
+
+ <para>assuming that the ATM interface is
+ <devicename>hatm0</devicename> on all hosts. Now the PVCs
+ need to be configured on <hostid>hostA</hostid> (we assume that
+ they are already configured on the ATM switches, you need to
+ consult the manual for the switch on how to do this).</para>
+
+ <screen>hostA&prompt.root; <userinput>atmconfig natm add 192.168.173.2 hatm0 0 100 llc/snap ubr</userinput>
+hostA&prompt.root; <userinput>atmconfig natm add 192.168.173.3 hatm0 0 101 llc/snap ubr</userinput>
+hostA&prompt.root; <userinput>atmconfig natm add 192.168.173.4 hatm0 0 102 llc/snap ubr</userinput>
+
+hostB&prompt.root; <userinput>atmconfig natm add 192.168.173.1 hatm0 0 100 llc/snap ubr</userinput>
+hostB&prompt.root; <userinput>atmconfig natm add 192.168.173.3 hatm0 0 103 llc/snap ubr</userinput>
+hostB&prompt.root; <userinput>atmconfig natm add 192.168.173.4 hatm0 0 104 llc/snap ubr</userinput>
+
+hostC&prompt.root; <userinput>atmconfig natm add 192.168.173.1 hatm0 0 101 llc/snap ubr</userinput>
+hostC&prompt.root; <userinput>atmconfig natm add 192.168.173.2 hatm0 0 103 llc/snap ubr</userinput>
+hostC&prompt.root; <userinput>atmconfig natm add 192.168.173.4 hatm0 0 105 llc/snap ubr</userinput>
+
+hostD&prompt.root; <userinput>atmconfig natm add 192.168.173.1 hatm0 0 102 llc/snap ubr</userinput>
+hostD&prompt.root; <userinput>atmconfig natm add 192.168.173.2 hatm0 0 104 llc/snap ubr</userinput>
+hostD&prompt.root; <userinput>atmconfig natm add 192.168.173.3 hatm0 0 105 llc/snap ubr</userinput></screen>
+
+ <para>Of course other traffic contracts than UBR can be used
+ given the ATM adapter supports those. In this case the name
+ of the traffic contract is followed by the parameters of the
+ traffic. Help for the &man.atmconfig.8; tool can be
+ obtained with:</para>
+
+ <screen>&prompt.root; <userinput>atmconfig help natm add</userinput></screen>
+
+ <para>or in the &man.atmconfig.8; manual page.</para>
+
+ <para>The same configuration can also be done via
+ <filename>/etc/rc.conf</filename>.
+ For <hostid>hostA</hostid> this would look like:</para>
+
+<programlisting>network_interfaces="lo0 hatm0"
+ifconfig_hatm0="inet 192.168.173.1 up"
+natm_static_routes="hostB hostC hostD"
+route_hostB="192.168.173.2 hatm0 0 100 llc/snap ubr"
+route_hostC="192.168.173.3 hatm0 0 101 llc/snap ubr"
+route_hostD="192.168.173.4 hatm0 0 102 llc/snap ubr"</programlisting>
+
+ <para>The current state of all <acronym>CLIP</acronym> routes
+ can be obtained with:</para>
+
+ <screen>hostA&prompt.root; <userinput>atmconfig natm show</userinput></screen>
+ </sect3>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+<!-- LocalWords: config mnt www -->
diff --git a/zh_TW.Big5/books/handbook/appendix.decl b/zh_TW.Big5/books/handbook/appendix.decl
new file mode 100644
index 0000000000..ddd974539b
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/appendix.decl
@@ -0,0 +1,2 @@
+<!-- $FreeBSD$ -->
+<!DOCTYPE appendix PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN">
diff --git a/zh_TW.Big5/books/handbook/audit/Makefile b/zh_TW.Big5/books/handbook/audit/Makefile
new file mode 100644
index 0000000000..84cb9b04ee
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/audit/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= audit/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/audit/chapter.sgml b/zh_TW.Big5/books/handbook/audit/chapter.sgml
new file mode 100644
index 0000000000..14916991cf
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/audit/chapter.sgml
@@ -0,0 +1,530 @@
+<!--
+ The FreeBSD Documentation Project
+ $FreeBSD$
+-->
+
+<!--
+This version of the document assumes that the Audit system needs to be
+installed as part of the trustedbsd/audit project. When/if audit becomes
+part of FreeBSD proper, then these sections should be removed, or at least
+reworded. The sections in question are marked with 'PROTOTYPE' labels in
+commentary.
+-->
+
+<!-- Need more documenation on praudit, audtreduce, etc. Plus more info
+on the triggers from the kernel (log rotation, out of space, etc).
+And the /dev/audit special file if we choose to support that. Could use
+some coverage of integrating MAC with Event auditing and perhaps discussion
+on how some companies or organizations handle auditing and auditing
+requirements. -->
+
+<chapter id="audit">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Kernel Event Auditing</title>
+
+ <sect1 id="audit-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm><primary>AUDIT</primary></indexterm>
+ <indexterm>
+ <primary>Kernel Event Auditing</primary>
+ <see>MAC</see>
+ </indexterm>
+
+ <para>The &os;&nbsp;6.0 operating system release has included
+ support for Event Auditing based on the &posix;.1e draft and
+ the &sun; <acronym>BSM</acronym> implementation. Event auditing
+ permits the selective logging of security-relevant system events
+ for the purposes of system analysis, system monitoring, and
+ security evaluation.</para>
+
+ <para>This chapter will focus mainly on the installation and
+ configuration of Event Auditing. Explanation of audit policies,
+ and an example configuration will be provided for the
+ convenience of the reader.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>What Event Auditing is and how it works.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure Event Auditing on &os; for users
+ and processes.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand &unix; and &os; basics
+ (<xref linkend="basics">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Be familiar with the basics of kernel
+ configuration/compilation
+ (<xref linkend="kernelconfig">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Have some familiarity with security and how it
+ pertains to &os; (<xref linkend="security">).</para>
+ </listitem>
+ </itemizedlist>
+
+ <warning>
+ <para>Event auditing can generate a great deal of log file
+ data, exceeding gigabytes a week in some configurations. An administrator
+ should read this chapter in its entirety to avoid possible
+ self inflicted <acronym>DoS</acronym> attacks due to improper
+ configuration.</para>
+ </warning>
+
+ <para>The implementation of Event Auditing in &os; is similar to
+ that of the &sun; Basic Security Module, or <acronym>BSM</acronym>
+ library. Thus, the configuration is almost completely
+ interchangeable with &solaris; and Darwin operating systems.</para>
+ </sect1>
+
+ <sect1 id="audit-inline-glossary">
+ <title>Key Terms - Words to Know</title>
+
+ <para>Before reading this chapter, a few key terms must be
+ explained. This is intended to clear up any confusion that
+ may occur and to avoid the abrupt introduction of new terms
+ and information.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>class</emphasis>: A class specifies the category
+ different actions the system are placed in. For example,
+ use of &man.login.1; could be placed in a class.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>event</emphasis>: An event could be considered
+ an action taken on the system. Creating a file would be
+ an event.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>record</emphasis>: A record is a log or a note
+ about a specific action.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>prefix</emphasis>: A prefix is considered to
+ be the configuration element used to toggle auditing for
+ success and failed events.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="audit-install">
+ <title>Installing Audit Support</title>
+
+ <para>Support for Event Auditing should have been installed with
+ the normal <maketarget>installworld</maketarget> process. An
+ administrator may confirm this by viewing the contents
+ of <filename role="directory">/etc/security</filename>. Files
+ beginning with the word <emphasis>audit</emphasis> should be present.
+ For example, <filename>audit_event</filename>.</para>
+
+ <para>In-kernel support for the framework must also exist. This
+ may be done by adding the following lines to the local kernel
+ configuration file:</para>
+
+ <programlisting>options AUDIT</programlisting>
+
+ <para>Rebuild and reinstall
+ the kernel via the normal process explained in
+ <xref linkend="kernelconfig">.</para>
+
+ <para>Once completed, enable the audit daemon by adding the
+ following line to &man.rc.conf.5;:</para>
+
+ <programlisting>auditd_enable="YES"</programlisting>
+
+ <para>Functionality not provided by the default may be added
+ here with the <option>auditd_flags</option> option.</para>
+ </sect1>
+
+ <sect1 id="audit-config">
+ <title>Audit Configuration</title>
+
+ <para>By default, all configuration is done within the realm of
+ <filename role="directory">/etc/security</filename> and the
+ files contained within. The following files must be present
+ before the audit daemon is started:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><filename>audit_class</filename> - Contains the
+ definitions of the audit classes.</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>audit_control</filename> - Controls aspects
+ of the audit subsystem, such as default audit classes,
+ minimum disk space to leave on the audit log volume,
+ etc.</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>audit_event</filename> - Defines the kernel
+ audit events. These map, mostly, to system calls.</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>audit_user</filename> - The events to audit
+ for individual users. A user name does not need to appear
+ in here.</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>audit_warn</filename> - A shell script
+ used by auditd to form warning messages.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If these files do not exist, for whatever reason, they can
+ be installed easily by issuing the following commands:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/contrib/bsm/etc &amp;&amp; make install</userinput></screen>
+
+ <sect2>
+ <title>Audit File Syntax</title>
+
+ <para>The configuration file syntax is rather arcane, albeit easy
+ to work with. One thing an administrator must be leery about
+ is overriding system defaults. This could create potential
+ openings for audit data to not be collected properly.</para>
+
+ <para>The audit subsystem will accept both the short name and
+ long name with regards to configuration syntax. A syntax
+ map has been included below.</para>
+
+ <para>The following list contains all supported audit
+ classes:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><option>all</option> - <literal>all</literal> - All
+ audit flags set.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>ad</option> - <literal>administrative</literal>
+ - Administrative actions performed on the system as a
+ whole.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>ap</option> - <literal>application</literal> -
+ Application defined action.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>cl</option> - <literal>file_close</literal> -
+ Audit calls to the <function>close</function> system
+ call.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>ex</option> - <literal>exec</literal> - Audit
+ program or utility execution.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>fa</option> - <literal>file_attr_acc</literal>
+ - Audit the access of object attributes such as
+ &man.stat.1;, &man.pathconf.2; and similar events.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>fc</option> - <literal>file_creation</literal>
+ - Audit events where a file is created as a result.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>fd</option> - <literal>file_deletion</literal>
+ - Audit events where file deletion occurs.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>fm</option> - <literal>file_attr_mod</literal>
+ - Audit events where file attribute modification occurs,
+ such as &man.chown.8;, &man.chflags.1;, &man.flock.2;,
+ etc.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>fr</option> - <literal>file_read</literal>
+ - Audit events in which data is read, files are opened for
+ reading, etc.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>fw</option> - <literal>file_write</literal> -
+ Audit events in which data is written, files are written
+ or modified, etc.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>io</option> - <literal>ioctl</literal> - Audit
+ use of the &man.ioctl.2; system call.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>ip</option> - <literal>ipc</literal> - Audit
+ System V <acronym>IPC</acronym> operations.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>lo</option> - <literal>login_logout</literal> -
+ Audit &man.login.1; and &man.logout.1; events occurring
+ on the system.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>na</option> - <literal>non_attrib</literal> -
+ Audit non-attributable events.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>no</option> - <literal>no_class</literal> -
+ Null class used to disable event auditing.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>nt</option> - <literal>network</literal> -
+ Audit events related to network actions, such as
+ &man.connect.2; and &man.accept.2;.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>ot</option> - <literal>other</literal> -
+ Audit miscellaneous events.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>pc</option> - <literal>process</literal> -
+ Audit process operations, such as &man.exec.3; and
+ &man.exit.3;.</para>
+ </listitem>
+
+ <listitem>
+ <para><option>tf</option> - <literal>tfm</literal> -
+ I HAVE NO CLUE!</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Following is a list of all supported audit prefixes:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>none</literal> - Audit both the success
+ or failure of an event. For example, just listing a
+ class will result in the auditing of both success and
+ failure.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>+</literal> - Audit successful events
+ only.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>-</literal> - Audit failed events
+ only.</para>
+ </listitem>
+ </itemizedlist>
+
+ <warning>
+ <para>Using the <option>all</option> class with either the
+ positive or negative prefix can generate a large amount
+ of data at an extremely rapid rate.</para>
+ </warning>
+
+ <para>Extra prefixes used to modify the default configuration
+ values:</para>
+<!-- XXX: Perhaps a variable listing here. -->
+ <itemizedlist>
+ <listitem>
+ <para>^- - Disable auditing of failed events.</para>
+ </listitem>
+
+ <listitem>
+ <para>^+ - Enable auditing of successful events.</para>
+ </listitem>
+
+ <listitem>
+ <para>^ - Disable auditing of both successful and failed
+ events.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Configuration Files</title>
+
+ <para>Configuration is set in only two files, the first being
+ <filename>audit_control</filename> and
+ <filename>audit_user</filename> being the second. The first
+ is system-wide, controlling every aspect of event auditing
+ in the system. The latter may be used for fine grained user
+ auditing.</para>
+
+ <sect3 id="audit-auditcontrol">
+ <title>The <filename>audit_control</filename> File</title>
+
+ <para>The <filename>audit_control</filename> contains some basic
+ defaults that the administrator may wish to modify. Perhaps
+ even set some new ones. Viewing the contents of this file,
+ we see the following:</para>
+
+ <programlisting>dir:/var/audit
+flags:lo,ad,-all,^-fa,^-fc,^-cl
+minfree:20
+naflags:lo</programlisting>
+
+ <para>The <option>dir</option> is used to set the default
+ directory where audit logs are stored.</para>
+
+ <para>The <option>flags</option> is used to set the system-wide
+ defaults. The current setting,
+ <option>lo,ad,-all,^-fa,^-fc,^-cl</option> audits all system
+ &man.login.1; and &man.logout.1; actions, all administrator
+ actions, all failed events in the system, and finally disable
+ auditing of failed attempts for <option>fa</option>,
+ <option>fc</option>, and <option>cl</option>. Even though
+ the <option>-all</option> turned on the auditing of all
+ failed attempts, the <option>^-</option> prefix will override
+ that for the latter options.</para>
+
+ <para>Notice that the previous paragraph shows the file is
+ read from left to right. As such, values further on the
+ right side may override a previous value specified to
+ its left.</para>
+
+ <para>The <option>minfree</option> option defines the minimum
+ percentage of free space for audit file systems. This
+ relates to the file system where audit logs are stored.
+ For example, if the <option>dir</option> specifies
+ <filename role="directory">/var/audit</filename> and
+ <option>minfree</option> is set to twenty (20), warning
+ messages will be generated when the
+ <filename role="directory">/var</filename> file system grows
+ to eighty (80) percent full.</para>
+
+ <para>The <option>naflags</option> option specifies audit
+ flags to be considered non attributable; i.e.: classes of
+ events which cannot be attributed to a specific user
+ on the system. This can be overridden with the
+ <filename>audit_user</filename> configuration file.</para>
+ </sect3>
+
+ <sect3 id="audit-audituser">
+ <title>The <filename>audit_user</filename> File</title>
+
+ <para>The <filename>audit_user</filename> permits the
+ administrator to map audit specific events to directly
+ to users. This adds a finer-grained control mechanism
+ for all system users.</para>
+
+ <para>The following is the defaults currently placed in
+ the <filename>audit_user</filename> file:</para>
+
+ <programlisting>root:lo:no
+audit:fc:no</programlisting>
+
+ <para>Notice how the default is to audit all cases of
+ <command>login</command>/<command>logout</command>
+ and disable auditing of all other actions for
+ <username>root</username>. This configuration
+ also audits all file creation and disables all
+ other auditing for the <username>audit</username>
+ user. While event auditing does not require a special
+ user exist, some configurations, specifically environments
+ making use of <acronym>MAC</acronym> may require it.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="audit-administration">
+ <title>Event Audit Administration</title>
+
+ <para>Events from the <command>auditd</command> daemon cannot
+ be altered or read in plain text. Data is stored and accessed
+ in a method similar to that of &man.ktrace.1; and &man.kdump.1,
+ that is, they may only be viewed by dumping them using the
+ <command>praudit</command> or <command>auditreduce</command>
+ utilities.</para>
+
+ <para>There are two utilities because of different requirements.
+ For example, the <command>praudit</command> will dump the entire
+ contents of a specified audit log in plain text. To dump an
+ audit log in its entirety, use:</para>
+
+ <screen>&prompt.root; <userinput>praudit /var/audit/AUDITFILE</userinput></screen>
+
+ <para>Where <replaceable>AUDITFILE</replaceable> is the audit log
+ of viewing choice. Since audit logs may contain enormous
+ amounts of data, an administrator may prefer to select records
+ for specific users. This is made possible with the following
+ command, where <username>trhodes</username> is the user of
+ choice:</para>
+
+ <screen>&prompt.root; <userinput>auditreduce -e trhodes /var/audit/AUDITFILE</userinput></screen>
+
+ <para>This will select all audit records produced by the user
+ <username>trhodes</username> stored in the
+ <replaceable>AUDITFILE</replaceable> file.</para>
+
+ <para>There are several other options available for reading audit
+ records, see the aforementioned command's manual pages for
+ a more in depth explanation.</para>
+
+ <sect2>
+ <title>Rotating Audit Log Files</title>
+
+ <para>Manually rotating audit log files will cause great
+ havoc within the system. Therefore, adding a line to
+ &man.newsyslog.conf.5; will provide no usefulness. So how
+ are the logs to be rotated? Sending the appropriate flag
+ to the <command>audit</command> utility will shut down
+ event auditing and safely rotate. The following command
+ should handle everything for an administrator:</para>
+
+ <screen>&prompt.root; <userinput>audit -n</userinput></screen>
+
+ <warning>
+ <para>If the <command>auditd</command> daemon is not currently
+ running, the previous command will fail and an error message
+ will be produced.</para>
+ </warning>
+
+ <para>Adding the following line to
+ <filename>/etc/crontab</filename> will force the rotation
+ every twelve hours from &man.cron.8;:</para>
+
+ <programlisting>* */12 * * * root /usr/sbin/audit -n</programlisting>
+
+ <para>The change will take effect once you have saved the
+ new <filename>/etc/crontab</filename>.</para>
+ </sect2>
+ </sect1>
+</chapter>
diff --git a/zh_TW.Big5/books/handbook/basics/Makefile b/zh_TW.Big5/books/handbook/basics/Makefile
new file mode 100644
index 0000000000..fea6942368
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/basics/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= basics/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/basics/chapter.sgml b/zh_TW.Big5/books/handbook/basics/chapter.sgml
new file mode 100644
index 0000000000..26604db80b
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/basics/chapter.sgml
@@ -0,0 +1,2546 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="basics">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Chris</firstname>
+ <surname>Shumway</surname>
+ <contrib>Rewritten by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 10 Mar 2000 -->
+ </chapterinfo>
+
+ <title>UNIX °ò¦</title>
+
+ <sect1 id="basics-synopsis">
+ <title>·§­z</title>
+
+ <para>±µ¤U¨Óªº³o¤@³¹±N§t»\ FreeBSD §@·~¨t²Îªº°ò¥»«ü¥O¤Î¥\¯à¡C
+ ¤j³¡¥÷ªº¤º®e¦b &unix;-like §@·~¨t²Î¤¤³£¬O¬Û³qªº¡C
+ ¦pªG±z¹ï³o¨Ç¤º®e¼ô±xªº¸Ü¡A¥i¥H©ñ¤ßªº¸õ¹L¡C
+ ¦pªG±z­è±µÄ² FreeBSD ¡A¨º±z¤@©w­n¥J²ÓªºÅª§¹³o³¹¡C</para>
+
+ <para>Ū§¹³o¤@³¹¡A±z±N·|¤F¸Ñ:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>¦p¦ó¨Ï¥Î FreeBSD ªº<quote>virtual consoles</quote>¡C</para>
+ </listitem>
+ <listitem>
+ <para>&unix; ÀÉ®×Åv­­¹B§@ªº¤è¦¡¥H¤Î &os; ¤¤Àɮתº flags¡C</para>
+ </listitem>
+ <listitem>
+ <para>¹w³]ªº &os; Àɮרt²Î°t¸m¡C</para>
+ </listitem>
+ <listitem>
+ <para>&os; ªººÏºÐµ²ºc¡C</para>
+ </listitem>
+ <listitem>
+ <para>¦p¦ó±¾¸ü¤Î¨ø¸üÀɮרt²Î</para>
+ </listitem>
+ <listitem>
+ <para>¤°»ò¬Oprocesses ¡B daemons ¥H¤Î signals ¡C</para>
+ </listitem>
+ <listitem>
+ <para>¤°»ò¬O shell ¡A¥H¤Î¦p¦óÅܧó±z¹w³]ªºµn¤JÀô¹Ò¡C</para>
+ </listitem>
+ <listitem>
+ <para>¦p¦ó¨Ï¥Î°ò¥»ªº¤å¦r½s¿è¾¹¡C</para>
+ </listitem>
+ <listitem>
+ <para>¤°»ò¬O devices ©M device nodes ¡C</para>
+ </listitem>
+ <listitem>
+ <para>&os; ¤U¨Ï¥Îªº¤G¶i¦ì®æ¦¡¡C</para>
+ </listitem>
+ <listitem>
+ <para>¦p¦ó¾\Ū manual pages ¥HÀò±o§ó¦hªº¸ê°T¡C</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="consoles">
+ <title>Virtual Consoles ©M²×ºÝ¾÷</title>
+ <indexterm><primary>virtual consoles</primary></indexterm>
+ <indexterm><primary>terminals</primary></indexterm>
+
+ <para> FreeBSD ªº¨Ï¥Î¤è¦¡¦³«Ü¦hºØ¡A¨ä¤¤¤@ºØ´N¬O¦b¤å¦r²×ºÝ¾÷¤W¥´¦r¡C
+ ¦p¦¹¨Ï¥Î FreeBSD §Y¥i»´©öªºÅé·|¨ì &unix; §@·~¨t²Îªº«Â¤O©M¼u©Ê¡C
+ ³o¤@¸`´y­z¤°»ò¬O<quote>²×ºÝ¾÷</quote>©M<quote>console</quote>¡A¤Î¥H±z¦b FreeBSD ¤¤¥i¥H«ç»ò¨Ï¥Î¥¦­Ì¡C
+
+ <sect2 id="consoles-intro">
+ <title>The Console</title>
+ <indexterm><primary>console</primary></indexterm>
+
+ <para>¦pªG±z¨S¦³±N FreeBSD ³]©w¦¨¶}¾÷®É¦Û°Ê¶i¤J¹Ï§Î¤Æ¼Ò¦¡¡A¨t²Î·|¦b±Ò°Êªº script ¶]§¹¤§«áÅã¥Üµn¤Jªº´£¥Ü²Å¸¹¡C
+ ±z±N·|¬Ý¨ì¹³¬O³o¼ËªºªF¦è¡G</para>
+
+ <screen>Additional ABI support:.
+Local package initialization:.
+Additional TCP options:.
+
+Fri Sep 20 13:01:06 EEST 2002
+
+FreeBSD/i386 (pc3.example.org) (ttyv0)
+
+login:</screen>
+
+ <para>³o­Ó°T®§¦b±zªº¨t²Î¤W·|¦³¨Ç³\ªº¤£¦P¡A¦ý¬OÀ³¸Ó·|¬Ý¨ìÃþ¦üªºªF¦è¡C
+ §Ú­Ì·P¿³½ìªº¬O³Ì«á¨â¦æ¡A³Ì«á¨â¦æ¬O¡G</para>
+
+ <programlisting>FreeBSD/i386 (pc3.example.org) (ttyv0)</programlisting>
+
+ <para>³o¦æ¥]§t¤F­è¶}¾÷§¹¨t²Îªº¸ê°T¡C ±z¬Ý¨ìªº¬O¦b Intel ©Î¬Û®e³B²z¾¹ªº x86
+ ¬[ºc¤W°õ¦æªº<quote>FreeBSD</quote>ªº console<footnote><para>³o´N¬O <literal>i386</literal> ªº·N¸q¡C
+ ª`·N§Y¨Ï±z¤£¬O¦b Intel ªº 386 ³B²z¾¹¤W°õ¦æ FreeBSD ¡A¤@¼Ë¬O<literal>i386</literal>¡C
+ ³o¤£¬O«ü§Aªº³B²z¾¹ªº«¬¸¹¡A³o¸ÌÅã¥Üªº¬O§A³B²z¾¹ªº<quote>¬[ºc</quote>
+ </para></footnote>¡C
+ ³o¥x¾÷¾¹ªº¦W¦r (¨C¥x &unix; ¾÷¾¹³£¦³¤@­Ó¦W¦r) ¬O <hostid>pc3.example.org</hostid>
+ ¡A¦Ó±z²{¦b¬Ý¨ìªº¬O¥¦ªº¨t²Î console&mdash; <devicename>ttyv0</devicename>²×ºÝ¾÷¡C</para>
+
+ <para>³Ì«áªº¤@¦æÀ³¸Ó³£·|¬O¡G</para>
+
+ <programlisting>login:</programlisting>
+
+ <para>³o¬O±zÀ³¸Ó­n¿é¤J±zªº<quote>¨Ï¥ÎªÌ¦WºÙ</quote>ªº¦a¤è¡C
+ ¤U¤@¤p¸`±N´y­z¦p¦óµn¤J FreeBSD¡C
+ </sect2>
+
+ <sect2 id="consoles-login">
+ <title>µn¤J FreeBSD</title>
+
+ <para>FreeBSD ¬O¤@­Ó multiuser ¡B multiprocessing ªº¨t²Î¡C
+ ³o¬O¤@­Ó¥¿¦¡ªº¦WºÙ¡A«üªº¬O¤@­Ó¦b³æ¤@¾÷¾¹¤W¥i¥H¦P®É³Q¤£¦Pªº¤H¨Ï¥Î¡A¦P®É¥i¥H°õ¦æ«Ü¦hµ{¦¡ªº¨t²Î¡C</para>
+
+ <para>¨C¤@ºØ¦h¨Ï¥ÎªÌ¨t²Î³£»Ý­n¥i¥H¤À¿ë¤£¦P<quote>¨Ï¥ÎªÌ</quote>ªº¤èªk¡C
+ ¦b FreeBSD (¥H¤Î©Ò¦³ªº &unix;-like §@·~¨t²Î) ¤¤¡A©Ò¦³ªº¨Ï¥ÎªÌ¦b°õ¦æµ{¦¡¤§«e¥²¶·¥ý<quote>µn¤J</quote>¨t²Î¡C
+ ¨C¤@­Ó¨Ï¥ÎªÌ³£¦³¤@­Ó¿W¯Sªº¦WºÙ (<quote>¨Ï¥ÎªÌ¦WºÙ¡Busername</quote>) ¤Î¥H¤@²Õ­Ó¤Hªº¡B¯µ±KªºÆ_°Í
+ (<quote>±K½X¡Bpassword</quote>)¡C FreeBSD ¦b¤¹³\¨Ï¥ÎªÌ°õ¦æµ{¦¡«e±N·|¥ý°Ý³o¨â­Ó°ÝÃD¡C
+
+ <indexterm><primary>startup scripts</primary></indexterm>
+ <para>¦b FreeBSD ¶}¾÷¨Ã¶]§¹°_°Êªº script ¤§«á
+ <footnote><para>³o¨Ç°_°Êªº script ¬O¦b¶}¾÷ªº®É­Ô FreeBSD ·|¦Û°Ê°õ¦æªºµ{¦¡¡C
+ ¥L­Ì¥D­nªº¥\¯à¬O±N©Ò¦³¸Ó°õ¦æªºªF¦è³]©w¦n¡A¨Ã±N±z³]©w¦¨­I´º°õ¦æªºªA°È±Ò°Ê¡C</para></footnote>
+ ¡A¥¦±N·|¦L¥X´£¥Ü¦r¤¸­n¨D±z¿é¤J¦Xªkªº¨Ï¥ÎªÌ¦WºÙ¡G</para>
+
+ <screen>login:</screen>
+
+ <para>¦b³o­Ó½d¨Ò¸Ì¡A§Ú­Ì°²³]±zªº¦W¤l¬O<username>john</username>¡C
+ ¦b´£¥Ü¦r¤¸³B¿é¤J<literal>john</literal>¨Ã«ö¤U<keycap>Enter</keycap>¡A±zÀ³¸Ó·|¬Ý¨ì¥t¤@­Ó´£¥Ü¦r¤¸­n±z¿é¤J<quote>±K½X</quote>¡G</para>
+
+ <screen>login: <userinput>john</userinput>
+Password:</screen>
+
+ <para>¿é¤J <username>john</username>ªº±K½X, ¦A«ö¤U
+ <keycap>Enter</keycap>¡C ¿é¤Jªº±K½X <emphasis>¤£·|Åã¥Ü¦b¿Ã¹õ¤W</emphasis>¡C
+ ±z¤£»Ý­n¾á¤ß³o­Ó¡A ³o¼Ë°µ¬O¬°¤F¦w¥þ¤Wªº°ÝÃD¡C</para>
+
+ <para>¦pªG±z¿é¤J¤F¥¿½Tªº±K½X¡A±zÀ³¸Ó¤w¸gµn¤J FreeBSD ¡A¥i¥H¹Á¸Õ©Ò¦³¥i¥Îªº«ü¥O¤F¡C</para>
+
+ <para>±zÀ³¸Ó·|¬Ý¨ì<acronym>MOTD</acronym> (§Y¤µ¤é°T®§¡BMessages Of The Day)¡A«á­±±µµÛ©R¥O´£¥Ü¦r¤¸
+ (¤@­Ó <literal>#</literal>,<literal>$</literal>, ©Î¬O <literal>%</literal> ¦r¤¸)¡C
+ ³o´Nªí¥Ü±z¤w¸g¦¨¥\µn¤J FreeBSD ¤F¡C</para>
+ </sect2>
+
+ <sect2 id="consoles-virtual">
+ <title>Multiple Consoles</title>
+
+ <para>Running &unix; commands in one console is fine, but FreeBSD can
+ run many programs at once. Having one console where commands can be
+ typed would be a bit of a waste when an operating system like FreeBSD
+ can run dozens of programs at the same time. This is where
+ <quote>virtual consoles</quote> can be very helpful.</para>
+
+ <para>FreeBSD can be configured to present you with many different
+ virtual consoles. You can switch from one of them to any other
+ virtual console by pressing a couple of keys on your keyboard. Each
+ console has its own different output channel, and FreeBSD takes care
+ of properly redirecting keyboard input and monitor output as you
+ switch from one virtual console to the next.</para>
+
+ <para>Special key combinations have been reserved by FreeBSD for
+ switching consoles<footnote>
+ <para>A fairly technical and accurate description of all the details
+ of the FreeBSD console and keyboard drivers can be found in the
+ manual pages of &man.syscons.4;, &man.atkbd.4;, &man.vidcontrol.1;
+ and &man.kbdcontrol.1;. We will not expand on the details here,
+ but the interested reader can always consult the manual pages for
+ a more detailed and thorough explanation of how things
+ work.</para>
+ </footnote>. You can use
+ <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>,
+ <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>, through
+ <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> to switch
+ to a different virtual console in FreeBSD.</para>
+
+ <para>As you are switching from one console to the next, FreeBSD takes
+ care of saving and restoring the screen output. The result is an
+ <quote>illusion</quote> of having multiple <quote>virtual</quote>
+ screens and keyboards that you can use to type commands for
+ FreeBSD to run. The programs that you launch on one virtual console
+ do not stop running when that console is not visible. They continue
+ running when you have switched to a different virtual console.</para>
+ </sect2>
+
+ <sect2 id="consoles-ttys">
+ <title>The <filename>/etc/ttys</filename> File</title>
+
+ <para>The default configuration of FreeBSD will start up with eight
+ virtual consoles. This is not a hardwired setting though, and
+ you can easily customize your installation to boot with more
+ or fewer virtual consoles. The number and settings of the
+ virtual consoles are configured in the
+ <filename>/etc/ttys</filename> file.</para>
+
+ <para>You can use the <filename>/etc/ttys</filename> file to configure
+ the virtual consoles of FreeBSD. Each uncommented line in this file
+ (lines that do not start with a <literal>#</literal> character) contains
+ settings for a single terminal or virtual console. The default
+ version of this file that ships with FreeBSD configures nine virtual
+ consoles, and enables eight of them. They are the lines that start with
+ <literal>ttyv</literal>:</para>
+
+ <programlisting># name getty type status comments
+#
+ttyv0 "/usr/libexec/getty Pc" cons25 on secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" cons25 on secure
+ttyv2 "/usr/libexec/getty Pc" cons25 on secure
+ttyv3 "/usr/libexec/getty Pc" cons25 on secure
+ttyv4 "/usr/libexec/getty Pc" cons25 on secure
+ttyv5 "/usr/libexec/getty Pc" cons25 on secure
+ttyv6 "/usr/libexec/getty Pc" cons25 on secure
+ttyv7 "/usr/libexec/getty Pc" cons25 on secure
+ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting>
+
+ <para>For a detailed description of every column in this file and all
+ the options you can use to set things up for the virtual consoles,
+ consult the &man.ttys.5; manual page.</para>
+ </sect2>
+
+ <sect2 id="consoles-singleuser">
+ <title>Single User Mode Console</title>
+
+ <para>A detailed description of what <quote>single user mode</quote> is
+ can be found in <xref linkend="boot-singleuser">. It is worth noting
+ that there is only one console when you are running FreeBSD in single
+ user mode. There are no virtual consoles available. The settings of
+ the single user mode console can also be found in the
+ <filename>/etc/ttys</filename> file. Look for the line that starts
+ with <literal>console</literal>:</para>
+
+ <programlisting># name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure</programlisting>
+
+ <note>
+ <para>As the comments above the <literal>console</literal> line
+ indicate, you can edit this line and change <literal>secure</literal> to
+ <literal>insecure</literal>. If you do that, when FreeBSD boots
+ into single user mode, it will still ask for the
+ <username>root</username> password.</para>
+
+ <para><emphasis>Be careful when changing this to
+ <literal>insecure</literal></emphasis>. If you ever forget
+ the <username>root</username> password, booting into single user
+ mode is a bit involved. It is still possible, but it might be a bit
+ hard for someone who is not very comfortable with the FreeBSD
+ booting process and the programs involved.</para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="permissions">
+ <title>Permissions</title>
+ <indexterm><primary>UNIX</primary></indexterm>
+
+ <para>FreeBSD, being a direct descendant of BSD &unix;, is based on
+ several key &unix; concepts. The first and
+ most pronounced is that FreeBSD is a multi-user operating system.
+ The system can handle several users all working simultaneously on
+ completely unrelated tasks. The system is responsible for properly
+ sharing and managing requests for hardware devices, peripherals,
+ memory, and CPU time fairly to each user.</para>
+
+ <para>Because the system is capable of supporting multiple users,
+ everything the system manages has a set of permissions governing who
+ can read, write, and execute the resource. These permissions are
+ stored as three octets broken into three pieces, one for the owner of
+ the file, one for the group that the file belongs to, and one for
+ everyone else. This numerical representation works like
+ this:</para>
+
+ <indexterm><primary>permissions</primary></indexterm>
+ <indexterm>
+ <primary>file permissions</primary>
+ </indexterm>
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Value</entry>
+ <entry>Permission</entry>
+ <entry>Directory Listing</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>0</entry>
+ <entry>No read, no write, no execute</entry>
+ <entry><literal>---</literal></entry>
+ </row>
+
+ <row>
+ <entry>1</entry>
+ <entry>No read, no write, execute</entry>
+ <entry><literal>--x</literal></entry>
+ </row>
+
+ <row>
+ <entry>2</entry>
+ <entry>No read, write, no execute</entry>
+ <entry><literal>-w-</literal></entry>
+ </row>
+
+ <row>
+ <entry>3</entry>
+ <entry>No read, write, execute</entry>
+ <entry><literal>-wx</literal></entry>
+ </row>
+
+ <row>
+ <entry>4</entry>
+ <entry>Read, no write, no execute</entry>
+ <entry><literal>r--</literal></entry>
+ </row>
+
+ <row>
+ <entry>5</entry>
+ <entry>Read, no write, execute</entry>
+ <entry><literal>r-x</literal></entry>
+ </row>
+
+ <row>
+ <entry>6</entry>
+ <entry>Read, write, no execute</entry>
+ <entry><literal>rw-</literal></entry>
+ </row>
+
+ <row>
+ <entry>7</entry>
+ <entry>Read, write, execute</entry>
+ <entry><literal>rwx</literal></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <indexterm>
+ <primary><command>ls</command></primary>
+ </indexterm>
+ <indexterm><primary>directories</primary></indexterm>
+
+ <para>You can use the <option>-l</option> command line
+ argument to &man.ls.1; to view a long directory listing that
+ includes a column with information about a file's permissions
+ for the owner, group, and everyone else. For example, a
+ <command>ls -l</command> in an arbitrary directory may show:</para>
+
+ <screen>&prompt.user; <userinput>ls -l</userinput>
+total 530
+-rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile
+-rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile
+-rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt
+...</screen>
+
+ <para>Here is how the first column of <command>ls -l</command> is
+ broken up:</para>
+
+ <screen>-rw-r--r--</screen>
+
+ <para>The first (leftmost) character
+ tells if this file is a regular file, a directory, a special
+ character device, a socket, or any other special
+ pseudo-file device. In this case, the <literal>-</literal>
+ indicates a regular file. The next three characters,
+ <literal>rw-</literal> in this example, give the permissions for the owner of the
+ file. The next three characters, <literal>r--</literal>, give the
+ permissions for the group that the file belongs to. The final three
+ characters, <literal>r--</literal>, give the permissions for the
+ rest of the world. A dash means that the permission is turned off.
+ In the case of this file, the permissions are set so the owner can
+ read and write to the file, the group can read the file, and the
+ rest of the world can only read the file. According to the table
+ above, the permissions for this file would be
+ <literal>644</literal>, where each digit represents the three parts
+ of the file's permission.</para>
+
+ <para>This is all well and good, but how does the system control
+ permissions on devices? FreeBSD actually treats most hardware
+ devices as a file that programs can open, read, and write data to
+ just like any other file. These special device files are stored on
+ the <filename>/dev</filename> directory.</para>
+
+ <para>Directories are also treated as files. They have read, write,
+ and execute permissions. The executable bit for a directory has a
+ slightly different meaning than that of files. When a directory is
+ marked executable, it means it can be traversed into, that is, it is
+ possible to <quote>cd</quote> (change directory) into it. This also means that
+ within the directory it is possible to access files whose names are
+ known (subject, of course, to the permissions on the files
+ themselves).</para>
+
+ <para>In particular, in order to perform a directory listing,
+ read permission must be set on the directory, whilst to delete a file
+ that one knows the name of, it is necessary to have write
+ <emphasis>and</emphasis> execute permissions to the directory
+ containing the file.</para>
+
+ <para>There are more permission bits, but they are primarily used in
+ special circumstances such as setuid binaries and sticky
+ directories. If you want more information on file permissions and
+ how to set them, be sure to look at the &man.chmod.1; manual
+ page.</para>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Symbolic Permissions</title>
+ <indexterm><primary>permissions</primary><secondary>symbolic</secondary></indexterm>
+
+ <para>Symbolic permissions, sometimes referred to as symbolic expressions,
+ use characters in place of octal values to assign permissions to files
+ or directories. Symbolic expressions use the syntax of (who) (action)
+ (permissions), where the following values are available:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Option</entry>
+ <entry>Letter</entry>
+ <entry>Represents</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>(who)</entry>
+ <entry>u</entry>
+ <entry>User</entry>
+ </row>
+
+ <row>
+ <entry>(who)</entry>
+ <entry>g</entry>
+ <entry>Group owner</entry>
+ </row>
+
+ <row>
+ <entry>(who)</entry>
+ <entry>o</entry>
+ <entry>Other</entry>
+ </row>
+
+ <row>
+ <entry>(who)</entry>
+ <entry>a</entry>
+ <entry>All (<quote>world</quote>)</entry>
+ </row>
+
+ <row>
+ <entry>(action)</entry>
+ <entry>+</entry>
+ <entry>Adding permissions</entry>
+ </row>
+
+ <row>
+ <entry>(action)</entry>
+ <entry>-</entry>
+ <entry>Removing permissions</entry>
+ </row>
+
+ <row>
+ <entry>(action)</entry>
+ <entry>=</entry>
+ <entry>Explicitly set permissions</entry>
+ </row>
+
+ <row>
+ <entry>(permissions)</entry>
+ <entry>r</entry>
+ <entry>Read</entry>
+ </row>
+
+ <row>
+ <entry>(permissions)</entry>
+ <entry>w</entry>
+ <entry>Write</entry>
+ </row>
+
+ <row>
+ <entry>(permissions)</entry>
+ <entry>x</entry>
+ <entry>Execute</entry>
+ </row>
+
+ <row>
+ <entry>(permissions)</entry>
+ <entry>t</entry>
+ <entry>Sticky bit</entry>
+ </row>
+
+ <row>
+ <entry>(permissions)</entry>
+ <entry>s</entry>
+ <entry>Set UID or GID</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>These values are used with the &man.chmod.1; command
+ just like before, but with letters. For an example, you could use
+ the following command to block other users from accessing
+ <replaceable>FILE</replaceable>:</para>
+
+ <screen>&prompt.user; <userinput>chmod go= FILE</userinput></screen>
+
+ <para>A comma separated list can be provided when more than one set
+ of changes to a file must be made. For example the following command
+ will remove the groups and <quote>world</quote> write permission
+ on <replaceable>FILE</replaceable>, then it adds the execute
+ permissions for everyone:</para>
+
+ <screen>&prompt.user; <userinput>chmod go-w,a+x <replaceable>FILE</replaceable></userinput></screen>
+
+<!--
+ <para>Most users will not notice this, but it should be pointed out
+ that using the octal method will only set or assign permissions to
+ a file; it does not add or delete them.</para>
+-->
+ </sect2>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>&os; File Flags</title>
+
+ <para>In addition to file permissions discussed previously, &os;
+ supports the use of <quote>file flags.</quote> These flags
+ add an additional level of security and control over files, but
+ not directories.</para>
+
+ <para>These file flags add an additional level of control over
+ files, helping to ensure that in some cases not even the
+ <username>root</username> can remove or alter files.</para>
+
+ <para>File flags are altered by using the &man.chflags.1; utility,
+ using a simple interface. For example, to enable the system
+ undeletable flag on the file <filename>file1</filename>,
+ issue the following command:</para>
+
+ <screen>&prompt.root; <userinput>chflags sunlink <filename>file1</filename></userinput></screen>
+
+ <para>And to disable the system undeletable flag, simply
+ issue the previous command with <quote>no</quote> in
+ front of the <option>sunlink</option>. Observe:</para>
+
+ <screen>&prompt.root; <userinput>chflags nosunlink <filename>file1</filename></userinput></screen>
+
+ <para>To view the flags of this file, use the &man.ls.1;
+ with the <option>-lo</option> flags:</para>
+
+ <screen>&prompt.root; <userinput>ls -lo <filename>file1</filename>
+ </userinput></screen>
+
+ <para>The output should look like the following:</para>
+
+ <programlisting>-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1</programlisting>
+
+ <para>Several flags may only added or removed to files by the
+ <username>root</username> user. In other cases, the file owner
+ may set these flags. It is recommended an administrator read
+ over the &man.chflags.1; and &man.chflags.2; manual pages for
+ more information.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="dirstructure">
+ <title>Directory Structure</title>
+ <indexterm><primary>directory hierarchy</primary></indexterm>
+
+ <para>The FreeBSD directory hierarchy is fundamental to obtaining
+ an overall understanding of the system. The most important
+ concept to grasp is that of the root directory,
+ <quote>/</quote>. This directory is the first one mounted at
+ boot time and it contains the base system necessary to prepare
+ the operating system for multi-user operation. The root
+ directory also contains mount points for every other file system
+ that you may want to mount.</para>
+
+ <para>A mount point is a directory where additional file systems can
+ be grafted onto the root file system.
+ This is further described in <xref linkend="disk-organization">.
+ Standard mount points include
+ <filename>/usr</filename>, <filename>/var</filename>, <filename>/tmp</filename>,
+ <filename>/mnt</filename>, and <filename>/cdrom</filename>. These
+ directories are usually referenced to entries in the file
+ <filename>/etc/fstab</filename>. <filename>/etc/fstab</filename> is
+ a table of various file systems and mount points for reference by the
+ system. Most of the file systems in <filename>/etc/fstab</filename>
+ are mounted automatically at boot time from the script &man.rc.8;
+ unless they contain the <option>noauto</option> option.
+ Details can be found in <xref linkend="disks-fstab">.</para>
+
+ <para>A complete description of the file system hierarchy is
+ available in &man.hier.7;. For now, a brief overview of the
+ most common directories will suffice.</para>
+
+ <para>
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Directory</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody valign="top">
+ <row>
+ <entry><filename class="directory">/</filename></entry>
+ <entry>Root directory of the file system.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/bin/</filename></entry>
+ <entry>User utilities fundamental to both single-user
+ and multi-user environments.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/boot/</filename></entry>
+ <entry>Programs and configuration files used during
+ operating system bootstrap.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/boot/defaults/</filename></entry>
+ <entry>Default bootstrapping configuration files; see
+ &man.loader.conf.5;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/dev/</filename></entry>
+ <entry>Device nodes; see &man.intro.4;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/etc/</filename></entry>
+ <entry>System configuration files and scripts.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/etc/defaults/</filename></entry>
+ <entry>Default system configuration files; see &man.rc.8;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/etc/mail/</filename></entry>
+ <entry>Configuration files for mail transport agents such
+ as &man.sendmail.8;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/etc/namedb/</filename></entry>
+ <entry><command>named</command> configuration files; see
+ &man.named.8;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/etc/periodic/</filename></entry>
+ <entry>Scripts that are run daily, weekly, and monthly,
+ via &man.cron.8;; see &man.periodic.8;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/etc/ppp/</filename></entry>
+ <entry><command>ppp</command> configuration files; see
+ &man.ppp.8;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/mnt/</filename></entry>
+ <entry>Empty directory commonly used by system administrators as a
+ temporary mount point.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/proc/</filename></entry>
+ <entry>Process file system; see &man.procfs.5;,
+ &man.mount.procfs.8;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/rescue/</filename></entry>
+ <entry>Statically linked programs for emergency recovery; see
+ &man.rescue.8;.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/root/</filename></entry>
+ <entry>Home directory for the <username>root</username>
+ account.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/sbin/</filename></entry>
+ <entry>System programs and administration utilities fundamental to
+ both single-user and multi-user environments.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/stand/</filename></entry>
+ <entry>Programs used in a standalone environment.</entry>
+ </row>
+
+
+ <row>
+ <entry><filename class="directory">/tmp/</filename></entry>
+ <entry>Temporary files. The contents of
+ <filename class="directory">/tmp</filename> are usually NOT
+ preserved across a system reboot. A memory-based file system
+ is often mounted at
+ <filename class="directory">/tmp</filename>.
+ This can be automated using the tmpmfs-related variables of
+ &man.rc.conf.5; (or with an entry in
+ <filename>/etc/fstab</filename>; see &man.mdmfs.8;,
+ or for FreeBSD&nbsp;4.X, &man.mfs.8;).</entry>
+ </row>
+
+
+ <row>
+ <entry><filename class="directory">/usr/</filename></entry>
+ <entry>The majority of user utilities and applications.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/bin/</filename></entry>
+ <entry>Common utilities, programming tools, and applications.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/include/</filename></entry>
+ <entry>Standard C include files.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/lib/</filename></entry>
+ <entry>Archive libraries.</entry>
+ </row>
+
+
+ <row>
+ <entry><filename class="directory">/usr/libdata/</filename></entry>
+ <entry>Miscellaneous utility data files.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/libexec/</filename></entry>
+ <entry>System daemons & system utilities (executed by other
+ programs).</entry>
+ </row>
+
+ <row>
+ <entry><filename
+ class="directory">/usr/local/</filename></entry>
+
+ <entry>Local executables, libraries, etc. Also used as
+ the default destination for the FreeBSD ports
+ framework. Within <filename>/usr/local</filename>,
+ the general layout sketched out by &man.hier.7; for
+ <filename>/usr</filename> should be used. Exceptions
+ are the man directory, which is directly under
+ <filename>/usr/local</filename> rather than under
+ <filename>/usr/local/share</filename>, and the ports
+ documentation is in
+ <filename>share/doc/<replaceable>port</replaceable></filename>.
+ </entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/obj/</filename></entry>
+ <entry>Architecture-specific target tree produced by building
+ the <filename>/usr/src</filename> tree.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/ports</filename></entry>
+ <entry>The FreeBSD Ports Collection (optional).</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/sbin/</filename></entry>
+ <entry>System daemons & system utilities (executed by users).</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/share/</filename></entry>
+ <entry>Architecture-independent files.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/usr/src/</filename></entry>
+ <entry>BSD and/or local source files.</entry>
+ </row>
+
+ <row>
+ <entry><filename
+ class="directory">/usr/X11R6/</filename></entry>
+ <entry>X11R6 distribution executables, libraries, etc
+ (optional).</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/var/</filename></entry>
+ <entry>Multi-purpose log, temporary, transient, and spool files.
+ A memory-based file system is sometimes mounted at
+ <filename class="directory">/var</filename>.
+ This can be automated using the varmfs-related variables of
+ &man.rc.conf.5 (or with an entry in
+ <filename>/etc/fstab</filename>; see &man.mdmfs.8;,
+ or for FreeBSD&nbsp;4.X, &man.mfs.8;).</entry>
+ </row>
+
+
+ <row>
+ <entry><filename class="directory">/var/log/</filename></entry>
+ <entry>Miscellaneous system log files.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/var/mail/</filename></entry>
+ <entry>User mailbox files.</entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/var/spool/</filename></entry>
+ <entry>Miscellaneous printer and mail system spooling directories.
+ </entry>
+ </row>
+
+ <row>
+ <entry><filename class="directory">/var/tmp/</filename></entry>
+ <entry>Temporary files.
+ The files are usually preserved across a system reboot,
+ unless <filename class="directory">/var</filename>
+ is a memory-based file system.</entry>
+ </row>
+
+ <row>
+ <entry><filename>/var/yp</filename></entry>
+ <entry>NIS maps.</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </para>
+
+ </sect1>
+
+ <sect1 id="disk-organization">
+ <title>Disk Organization</title>
+
+ <para>The smallest unit of organization that FreeBSD uses to find files
+ is the filename. Filenames are case-sensitive, which means that
+ <filename>readme.txt</filename> and <filename>README.TXT</filename>
+ are two separate files. FreeBSD does not use the extension
+ (<filename>.txt</filename>) of a file to determine whether the file is
+ a program, or a document, or some other form of data.</para>
+
+ <para>Files are stored in directories. A directory may contain no
+ files, or it may contain many hundreds of files. A directory can also
+ contain other directories, allowing you to build up a hierarchy of
+ directories within one another. This makes it much easier to organize
+ your data.</para>
+
+ <para>Files and directories are referenced by giving the file or
+ directory name, followed by a forward slash, <literal>/</literal>,
+ followed by any other directory names that are necessary. If you have
+ directory <filename>foo</filename>, which contains directory
+ <filename>bar</filename>, which contains the file
+ <filename>readme.txt</filename>, then the full name, or
+ <firstterm>path</firstterm> to the file is
+ <filename>foo/bar/readme.txt</filename>.</para>
+
+ <para>Directories and files are stored in a file system. Each file system
+ contains exactly one directory at the very top level, called the
+ <firstterm>root directory</firstterm> for that file system. This root
+ directory can then contain other directories.</para>
+
+ <para>So far this is probably similar to any other operating system you
+ may have used. There are a few differences; for example, &ms-dos; uses
+ <literal>\</literal> to separate file and directory names, while &macos;
+ uses <literal>:</literal>.</para>
+
+ <para>FreeBSD does not use drive letters, or other drive names in the
+ path. You would not write <filename>c:/foo/bar/readme.txt</filename>
+ on FreeBSD.</para>
+
+ <para>Instead, one file system is designated the <firstterm>root
+ file system</firstterm>. The root file system's root directory is
+ referred to as <literal>/</literal>. Every other file system is then
+ <firstterm>mounted</firstterm> under the root file system. No matter
+ how many disks you have on your FreeBSD system, every directory
+ appears to be part of the same disk.</para>
+
+ <para>Suppose you have three file systems, called <literal>A</literal>,
+ <literal>B</literal>, and <literal>C</literal>. Each file system has
+ one root directory, which contains two other directories, called
+ <literal>A1</literal>, <literal>A2</literal> (and likewise
+ <literal>B1</literal>, <literal>B2</literal> and
+ <literal>C1</literal>, <literal>C2</literal>).</para>
+
+ <para>Call <literal>A</literal> the root file system. If you used the
+ <command>ls</command> command to view the contents of this directory
+ you would see two subdirectories, <literal>A1</literal> and
+ <literal>A2</literal>. The directory tree looks like this:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/example-dir1" format="EPS">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced"> /
+ |
+ +--- A1
+ |
+ `--- A2</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>A file system must be mounted on to a directory in another
+ file system. So now suppose that you mount file system
+ <literal>B</literal> on to the directory <literal>A1</literal>. The
+ root directory of <literal>B</literal> replaces <literal>A1</literal>,
+ and the directories in <literal>B</literal> appear accordingly:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/example-dir2" format="EPS">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced"> /
+ |
+ +--- A1
+ | |
+ | +--- B1
+ | |
+ | `--- B2
+ |
+ `--- A2</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>Any files that are in the <literal>B1</literal> or
+ <literal>B2</literal> directories can be reached with the path
+ <filename>/A1/B1</filename> or <filename>/A1/B2</filename> as
+ necessary. Any files that were in <filename>/A1</filename> have been
+ temporarily hidden. They will reappear if <literal>B</literal> is
+ <firstterm>unmounted</firstterm> from A.</para>
+
+ <para>If <literal>B</literal> had been mounted on <literal>A2</literal>
+ then the diagram would look like this:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/example-dir3" format="EPS">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced"> /
+ |
+ +--- A1
+ |
+ `--- A2
+ |
+ +--- B1
+ |
+ `--- B2</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>and the paths would be <filename>/A2/B1</filename> and
+ <filename>/A2/B2</filename> respectively.</para>
+
+ <para>File systems can be mounted on top of one another. Continuing the
+ last example, the <literal>C</literal> file system could be mounted on
+ top of the <literal>B1</literal> directory in the <literal>B</literal>
+ file system, leading to this arrangement:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/example-dir4" format="EPS">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced"> /
+ |
+ +--- A1
+ |
+ `--- A2
+ |
+ +--- B1
+ | |
+ | +--- C1
+ | |
+ | `--- C2
+ |
+ `--- B2</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>Or <literal>C</literal> could be mounted directly on to the
+ <literal>A</literal> file system, under the <literal>A1</literal>
+ directory:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/example-dir5" format="EPS">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced"> /
+ |
+ +--- A1
+ | |
+ | +--- C1
+ | |
+ | `--- C2
+ |
+ `--- A2
+ |
+ +--- B1
+ |
+ `--- B2</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>If you are familiar with &ms-dos;, this is similar, although not
+ identical, to the <command>join</command> command.</para>
+
+ <para>This is not normally something you need to concern yourself with.
+ Typically you create file systems when installing FreeBSD and decide
+ where to mount them, and then never change them unless you add a new
+ disk.</para>
+
+ <para>It is entirely possible to have one large root file system, and not
+ need to create any others. There are some drawbacks to this approach,
+ and one advantage.</para>
+
+ <itemizedlist>
+ <title>Benefits of Multiple File Systems</title>
+
+ <listitem>
+ <para>Different file systems can have different <firstterm>mount
+ options</firstterm>. For example, with careful planning, the
+ root file system can be mounted read-only, making it impossible for
+ you to inadvertently delete or edit a critical file. Separating
+ user-writable file systems, such as <filename>/home</filename>,
+ from other file systems also allows them to be mounted
+ <firstterm>nosuid</firstterm>; this option prevents the
+ <firstterm>suid</firstterm>/<firstterm>guid</firstterm> bits on
+ executables stored on the file system from taking effect, possibly
+ improving security.</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD automatically optimizes the layout of files on a
+ file system, depending on how the file system is being used. So a
+ file system that contains many small files that are written
+ frequently will have a different optimization to one that contains
+ fewer, larger files. By having one big file system this
+ optimization breaks down.</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD's file systems are very robust should you lose power.
+ However, a power loss at a critical point could still damage the
+ structure of the file system. By splitting your data over multiple
+ file systems it is more likely that the system will still come up,
+ making it easier for you to restore from backup as necessary.</para>
+ </listitem>
+ </itemizedlist>
+
+ <itemizedlist>
+ <title>Benefit of a Single File System</title>
+
+ <listitem>
+ <para>File systems are a fixed size. If you create a file system when
+ you install FreeBSD and give it a specific size, you may later
+ discover that you need to make the partition bigger. This is not
+ easily accomplished without backing up, recreating the file system
+ with the new size, and then restoring the backed up data.</para>
+
+ <important>
+ <para>FreeBSD&nbsp;4.4 and later versions feature the &man.growfs.8;
+ command, which makes it possible to increase the size of
+ file system on the fly, removing this limitation.</para>
+ </important>
+ </listitem>
+ </itemizedlist>
+
+ <para>File systems are contained in partitions. This does not have the
+ same meaning as the common usage of the term partition (for example, &ms-dos;
+ partition), because of &os;'s &unix; heritage. Each partition is
+ identified by a letter from <literal>a</literal> through to
+ <literal>h</literal>. Each partition can contain only one file system,
+ which means that file systems are often described by either their
+ typical mount point in the file system hierarchy, or the letter of the
+ partition they are contained in.</para>
+
+ <para>FreeBSD also uses disk space for <firstterm>swap
+ space</firstterm>. Swap space provides FreeBSD with
+ <firstterm>virtual memory</firstterm>. This allows your computer to
+ behave as though it has much more memory than it actually does. When
+ FreeBSD runs out of memory it moves some of the data that is not
+ currently being used to the swap space, and moves it back in (moving
+ something else out) when it needs it.</para>
+
+ <para>Some partitions have certain conventions associated with
+ them.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="5*">
+
+ <thead>
+ <row>
+ <entry>Partition</entry>
+
+ <entry>Convention</entry>
+ </row>
+ </thead>
+
+ <tbody valign="top">
+ <row>
+ <entry><literal>a</literal></entry>
+
+ <entry>Normally contains the root file system</entry>
+ </row>
+
+ <row>
+ <entry><literal>b</literal></entry>
+
+ <entry>Normally contains swap space</entry>
+ </row>
+
+ <row>
+ <entry><literal>c</literal></entry>
+
+ <entry>Normally the same size as the enclosing slice. This
+ allows utilities that need to work on the entire slice (for
+ example, a bad block scanner) to work on the
+ <literal>c</literal> partition. You would not normally create
+ a file system on this partition.</entry>
+ </row>
+
+ <row>
+ <entry><literal>d</literal></entry>
+
+ <entry>Partition <literal>d</literal> used to have a special
+ meaning associated with it, although that is now gone. To
+ this day, some tools may operate oddly if told to work on
+ partition <literal>d</literal>, so
+ <application>sysinstall</application> will not normally create
+ partition <literal>d</literal>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Each partition-that-contains-a-file-system is stored in what
+ FreeBSD calls a <firstterm>slice</firstterm>. Slice is FreeBSD's term
+ for what the common call partitions, and again, this is because of
+ FreeBSD's &unix; background. Slices are numbered, starting at 1,
+ through to 4.</para>
+
+ <indexterm><primary>slices</primary></indexterm>
+ <indexterm><primary>partitions</primary></indexterm>
+ <indexterm><primary>dangerously dedicated</primary></indexterm>
+
+ <para>Slice numbers follow
+ the device name, prefixed with an <literal>s</literal>,
+ starting at 1. So <quote>da0<emphasis>s1</emphasis></quote>
+ is the first slice on the first SCSI drive. There can only be
+ four physical slices on a disk, but you can have logical
+ slices inside physical slices of the appropriate type. These
+ extended slices are numbered starting at 5, so
+ <quote>ad0<emphasis>s5</emphasis></quote> is the first
+ extended slice on the first IDE disk. These devices are used by file
+ systems that expect to occupy a slice.</para>
+
+ <para>Slices, <quote>dangerously dedicated</quote> physical
+ drives, and other drives contain
+ <firstterm>partitions</firstterm>, which are represented as
+ letters from <literal>a</literal> to <literal>h</literal>.
+ This letter is appended to the device name, so
+ <quote>da0<emphasis>a</emphasis></quote> is the a partition on
+ the first da drive, which is <quote>dangerously dedicated</quote>.
+ <quote>ad1s3<emphasis>e</emphasis></quote> is the fifth partition
+ in the third slice of the second IDE disk drive.</para>
+
+ <para>Finally, each disk on the system is identified. A disk name
+ starts with a code that indicates the type of disk, and then a number,
+ indicating which disk it is. Unlike slices, disk numbering starts at
+ 0. Common codes that you will see are listed in
+ <xref linkend="basics-dev-codes">.</para>
+
+ <para>When referring to a partition FreeBSD requires that you also name
+ the slice and disk that contains the partition, and when referring to
+ a slice you should also refer to the disk name. Do this by listing
+ the disk name, <literal>s</literal>, the slice number, and then the
+ partition letter. Examples are shown in
+ <xref linkend="basics-disk-slice-part">.</para>
+
+ <para><xref linkend="basics-concept-disk-model"> shows a conceptual
+ model of the disk layout that should help make things clearer.</para>
+
+ <para>In order to install FreeBSD you must first configure the disk
+ slices, then create partitions within the slice you will use for
+ FreeBSD, and then create a file system (or swap space) in each
+ partition, and decide where that file system will be mounted.</para>
+
+ <table frame="none" pgwide="1" id="basics-dev-codes">
+ <title>Disk Device Codes</title>
+
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="5*">
+
+ <thead>
+ <row>
+ <entry>Code</entry>
+
+ <entry>Meaning</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><devicename>ad</devicename></entry>
+
+ <entry>ATAPI (IDE) disk</entry>
+ </row>
+
+ <row>
+ <entry><devicename>da</devicename></entry>
+
+ <entry>SCSI direct access disk</entry>
+ </row>
+
+ <row>
+ <entry><devicename>acd</devicename></entry>
+
+ <entry>ATAPI (IDE) CDROM</entry>
+ </row>
+
+ <row>
+ <entry><devicename>cd</devicename></entry>
+
+ <entry>SCSI CDROM</entry>
+ </row>
+
+ <row>
+ <entry><devicename>fd</devicename></entry>
+
+ <entry>Floppy disk</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <example id="basics-disk-slice-part">
+ <title>Sample Disk, Slice, and Partition Names</title>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="5*">
+
+ <thead>
+ <row>
+ <entry>Name</entry>
+
+ <entry>Meaning</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literal>ad0s1a</literal></entry>
+
+ <entry>The first partition (<literal>a</literal>) on the first
+ slice (<literal>s1</literal>) on the first IDE disk
+ (<literal>ad0</literal>).</entry>
+ </row>
+
+ <row>
+ <entry><literal>da1s2e</literal></entry>
+
+ <entry>The fifth partition (<literal>e</literal>) on the
+ second slice (<literal>s2</literal>) on the second SCSI disk
+ (<literal>da1</literal>).</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </example>
+
+ <example id="basics-concept-disk-model">
+ <title>Conceptual Model of a Disk</title>
+
+ <para>This diagram shows FreeBSD's view of the first IDE disk attached
+ to the system. Assume that the disk is 4&nbsp;GB in size, and contains
+ two 2&nbsp;GB slices (&ms-dos; partitions). The first slice contains a &ms-dos;
+ disk, <devicename>C:</devicename>, and the second slice contains a
+ FreeBSD installation. This example FreeBSD installation has three
+ partitions, and a swap partition.</para>
+
+ <para>The three partitions will each hold a file system. Partition
+ <literal>a</literal> will be used for the root file system,
+ <literal>e</literal> for the <filename>/var</filename> directory
+ hierarchy, and <literal>f</literal> for the
+ <filename>/usr</filename> directory hierarchy.</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disk-layout" format="EPS">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced">.-----------------. --.
+| | |
+| DOS / Windows | |
+: : > First slice, ad0s1
+: : |
+| | |
+:=================: ==: --.
+| | | Partition a, mounted as / |
+| | > referred to as ad0s2a |
+| | | |
+:-----------------: ==: |
+| | | Partition b, used as swap |
+| | > referred to as ad0s2b |
+| | | |
+:-----------------: ==: | Partition c, no
+| | | Partition e, used as /var > file system, all
+| | > referred to as ad0s2e | of FreeBSD slice,
+| | | | ad0s2c
+:-----------------: ==: |
+| | | |
+: : | Partition f, used as /usr |
+: : > referred to as ad0s2f |
+: : | |
+| | | |
+| | --' |
+`-----------------' --'</literallayout>
+ </textobject>
+ </mediaobject>
+ </example>
+ </sect1>
+
+
+
+ <sect1 id="mount-unmount">
+ <title>Mounting and Unmounting File Systems</title>
+
+ <para>The file system is best visualized as a tree,
+ rooted, as it were, at <filename>/</filename>.
+ <filename>/dev</filename>, <filename>/usr</filename>, and the
+ other directories in the root directory are branches, which may
+ have their own branches, such as
+ <filename>/usr/local</filename>, and so on.</para>
+
+ <indexterm><primary>root file system</primary></indexterm>
+ <para>There are various reasons to house some of these
+ directories on separate file systems. <filename>/var</filename>
+ contains the directories <filename>log/</filename>,
+ <filename>spool/</filename>,
+ and various types of temporary files, and
+ as such, may get filled up. Filling up the root file system
+ is not a good idea, so splitting <filename>/var</filename> from
+ <filename>/</filename> is often favorable.</para>
+
+ <para>Another common reason to contain certain directory trees on
+ other file systems is if they are to be housed on separate
+ physical disks, or are separate virtual disks, such as <link
+ linkend="network-nfs">Network File System</link> mounts, or CDROM
+ drives.</para>
+
+ <sect2 id="disks-fstab">
+ <title>The <filename>fstab</filename> File</title>
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>mounted with fstab</secondary>
+ </indexterm>
+
+ <para>During the <link linkend="boot">boot process</link>,
+ file systems listed in <filename>/etc/fstab</filename> are
+ automatically mounted (unless they are listed with the
+ <option>noauto</option> option).</para>
+
+ <para>The <filename>/etc/fstab</filename> file contains a list
+ of lines of the following format:</para>
+
+ <programlisting><replaceable>device</replaceable> <replaceable>/mount-point</replaceable> <replaceable>fstype</replaceable> <replaceable>options</replaceable> <replaceable>dumpfreq</replaceable> <replaceable>passno</replaceable></programlisting>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>device</literal></term>
+ <listitem>
+ <para>A device name (which should exist), as explained in
+ <xref linkend="disks-naming">.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>mount-point</literal></term>
+
+ <listitem><para>A directory (which should exist), on which
+ to mount the file system.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>fstype</literal></term>
+
+ <listitem><para>The file system type to pass to
+ &man.mount.8;. The default FreeBSD file system is
+ <literal>ufs</literal>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>options</literal></term>
+
+ <listitem><para>Either <option>rw</option> for read-write
+ file systems, or <option>ro</option> for read-only
+ file systems, followed by any other options that may be
+ needed. A common option is <option>noauto</option> for
+ file systems not normally mounted during the boot sequence.
+ Other options are listed in the &man.mount.8; manual page.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>dumpfreq</literal></term>
+
+ <listitem><para>This is used by &man.dump.8; to determine which
+ file systems require dumping. If the field is missing,
+ a value of zero is assumed.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>passno</literal></term>
+
+ <listitem>
+ <para>This determines the order in which file systems should
+ be checked. File systems that should be skipped should have
+ their <literal>passno</literal> set to zero. The root
+ file system (which needs to be checked before everything
+ else) should have its <literal>passno</literal> set to
+ one, and other file systems' <literal>passno</literal>
+ should be set to values greater than one. If more than one
+ file systems have the same <literal>passno</literal> then
+ &man.fsck.8; will attempt to check file systems in parallel
+ if possible.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Consult the &man.fstab.5; manual page for more information
+ on the format of the <filename>/etc/fstab</filename> file and
+ the options it contains.</para>
+ </sect2>
+
+ <sect2 id="disks-mount">
+ <title>The <command>mount</command> Command</title>
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>mounting</secondary>
+ </indexterm>
+
+ <para>The &man.mount.8; command is what is ultimately used to
+ mount file systems.</para>
+
+ <para>In its most basic form, you use:</para>
+
+ <informalexample>
+ <screen>&prompt.root; <userinput>mount <replaceable>device</replaceable> <replaceable>mountpoint</replaceable></userinput></screen>
+ </informalexample>
+
+ <para>There are plenty of options, as mentioned in the
+ &man.mount.8; manual page, but the most common are:</para>
+
+ <variablelist>
+ <title>Mount Options</title>
+
+ <varlistentry>
+ <term><option>-a</option></term>
+
+ <listitem>
+ <para>Mount all the file systems listed in
+ <filename>/etc/fstab</filename>. Except those
+ marked as <quote>noauto</quote>, excluded by the
+ <option>-t</option> flag, or those that are already
+ mounted.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-d</option></term>
+
+ <listitem>
+ <para>Do everything except for the actual mount system call.
+ This option is useful in conjunction with the
+ <option>-v</option> flag to determine what
+ &man.mount.8; is actually trying to do.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-f</option></term>
+
+ <listitem>
+ <para>Force the mount of an unclean file system
+ (dangerous), or forces the revocation of write access
+ when downgrading a file system's mount status from
+ read-write to read-only.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-r</option></term>
+
+ <listitem>
+ <para>Mount the file system read-only. This is identical
+ to using the <option>ro</option> (<option>rdonly</option>
+ for &os; versions older than 5.2) argument to the
+ <option>-o</option> option.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-t</option>
+ <replaceable>fstype</replaceable></term>
+
+ <listitem>
+ <para>Mount the given file system as the given file system
+ type, or mount only file systems of the given type, if
+ given the <option>-a</option> option.</para>
+
+ <para><quote>ufs</quote> is the default file system
+ type.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-u</option></term>
+
+ <listitem>
+ <para>Update mount options on the file system.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-v</option></term>
+
+ <listitem>
+ <para>Be verbose.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-w</option></term>
+
+ <listitem>
+ <para>Mount the file system read-write.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The <option>-o</option> option takes a comma-separated list of
+ the options, including the following:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>nodev</term>
+
+ <listitem>
+ <para>Do not interpret special devices on the
+ file system. This is a useful security option.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>noexec</term>
+
+ <listitem>
+ <para>Do not allow execution of binaries on this
+ file system. This is also a useful security option.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>nosuid</term>
+
+ <listitem>
+ <para>Do not interpret setuid or setgid flags on the
+ file system. This is also a useful security option.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect2>
+
+ <sect2 id="disks-umount">
+ <title>The <command>umount</command> Command</title>
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>unmounting</secondary>
+ </indexterm>
+
+ <para>The &man.umount.8; command takes, as a parameter, one of a
+ mountpoint, a device name, or the <option>-a</option> or
+ <option>-A</option> option.</para>
+
+ <para>All forms take <option>-f</option> to force unmounting,
+ and <option>-v</option> for verbosity. Be warned that
+ <option>-f</option> is not generally a good idea. Forcibly
+ unmounting file systems might crash the computer or damage data
+ on the file system.</para>
+
+ <para><option>-a</option> and <option>-A</option> are used to
+ unmount all mounted file systems, possibly modified by the
+ file system types listed after <option>-t</option>.
+ <option>-A</option>, however, does not attempt to unmount the
+ root file system.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="basics-processes">
+ <title>Processes</title>
+
+ <para>FreeBSD is a multi-tasking operating system. This means that it
+ seems as though more than one program is running at once. Each program
+ running at any one time is called a <firstterm>process</firstterm>.
+ Every command you run will start at least one new process, and there are
+ a number of system processes that run all the time, keeping the system
+ functional.</para>
+
+ <para>Each process is uniquely identified by a number called a
+ <firstterm>process ID</firstterm>, or <firstterm>PID</firstterm>, and,
+ like files, each process also has one owner and group. The owner and
+ group information is used to determine what files and devices the
+ process can open, using the file permissions discussed earlier. Most
+ processes also have a parent process. The parent process is the process
+ that started them. For example, if you are typing commands to the shell
+ then the shell is a process, and any commands you run are also
+ processes. Each process you run in this way will have your shell as its
+ parent process. The exception to this is a special process called
+ &man.init.8;. <command>init</command> is always the first
+ process, so its PID is always 1. <command>init</command> is started
+ automatically by the kernel when FreeBSD starts.</para>
+
+ <para>Two commands are particularly useful to see the processes on the
+ system, &man.ps.1; and &man.top.1;. The <command>ps</command> command is used to
+ show a static list of the currently running processes, and can show
+ their PID, how much memory they are using, the command line they were
+ started with, and so on. The <command>top</command> command displays all the
+ running processes, and updates the display every few seconds, so that
+ you can interactively see what your computer is doing.</para>
+
+ <para>By default, <command>ps</command> only shows you the commands that are running
+ and are owned by you. For example:</para>
+
+ <screen>&prompt.user; <userinput>ps</userinput>
+ PID TT STAT TIME COMMAND
+ 298 p0 Ss 0:01.10 tcsh
+ 7078 p0 S 2:40.88 xemacs mdoc.xsl (xemacs-21.1.14)
+37393 p0 I 0:03.11 xemacs freebsd.dsl (xemacs-21.1.14)
+48630 p0 S 2:50.89 /usr/local/lib/netscape-linux/navigator-linux-4.77.bi
+48730 p0 IW 0:00.00 (dns helper) (navigator-linux-)
+72210 p0 R+ 0:00.00 ps
+ 390 p1 Is 0:01.14 tcsh
+ 7059 p2 Is+ 1:36.18 /usr/local/bin/mutt -y
+ 6688 p3 IWs 0:00.00 tcsh
+10735 p4 IWs 0:00.00 tcsh
+20256 p5 IWs 0:00.00 tcsh
+ 262 v0 IWs 0:00.00 -tcsh (tcsh)
+ 270 v0 IW+ 0:00.00 /bin/sh /usr/X11R6/bin/startx -- -bpp 16
+ 280 v0 IW+ 0:00.00 xinit /home/nik/.xinitrc -- -bpp 16
+ 284 v0 IW 0:00.00 /bin/sh /home/nik/.xinitrc
+ 285 v0 S 0:38.45 /usr/X11R6/bin/sawfish</screen>
+
+ <para>As you can see in this example, the output from &man.ps.1; is
+ organized into a number of columns. <literal>PID</literal> is the
+ process ID discussed earlier. PIDs are assigned starting from 1, go up
+ to 99999, and wrap around back to the beginning when you run out.
+ The <literal>TT</literal> column shows the tty the program is running on, and can
+ safely be ignored for the moment. <literal>STAT</literal> shows the
+ program's state, and again, can be safely ignored.
+ <literal>TIME</literal> is the amount of time the program has been
+ running on the CPU&mdash;this is usually not the elapsed time since
+ you started the program, as most programs spend a lot of time waiting
+ for things to happen before they need to spend time on the CPU.
+ Finally, <literal>COMMAND</literal> is the command line that was used to
+ run the program.</para>
+
+ <para>&man.ps.1; supports a number of different options to change the
+ information that is displayed. One of the most useful sets is
+ <literal>auxww</literal>. <option>a</option> displays information
+ about all the running processes, not just your own. <option>u</option>
+ displays the username of the process' owner, as well as memory usage.
+ <option>x</option> displays information about daemon processes, and
+ <option>ww</option> causes &man.ps.1; to display the full command line,
+ rather than truncating it once it gets too long to fit on the
+ screen.</para>
+
+ <para>The output from &man.top.1; is similar. A sample session looks like
+ this:</para>
+
+ <screen>&prompt.user; <userinput>top</userinput>
+last pid: 72257; load averages: 0.13, 0.09, 0.03 up 0+13:38:33 22:39:10
+47 processes: 1 running, 46 sleeping
+CPU states: 12.6% user, 0.0% nice, 7.8% system, 0.0% interrupt, 79.7% idle
+Mem: 36M Active, 5256K Inact, 13M Wired, 6312K Cache, 15M Buf, 408K Free
+Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
+
+ PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
+72257 nik 28 0 1960K 1044K RUN 0:00 14.86% 1.42% top
+ 7078 nik 2 0 15280K 10960K select 2:54 0.88% 0.88% xemacs-21.1.14
+ 281 nik 2 0 18636K 7112K select 5:36 0.73% 0.73% XF86_SVGA
+ 296 nik 2 0 3240K 1644K select 0:12 0.05% 0.05% xterm
+48630 nik 2 0 29816K 9148K select 3:18 0.00% 0.00% navigator-linu
+ 175 root 2 0 924K 252K select 1:41 0.00% 0.00% syslogd
+ 7059 nik 2 0 7260K 4644K poll 1:38 0.00% 0.00% mutt
+...</screen>
+
+ <para>The output is split into two sections. The header (the first five
+ lines) shows the PID of the last process to run, the system load averages
+ (which are a measure of how busy the system is), the system uptime (time
+ since the last reboot) and the current time. The other figures in the
+ header relate to how many processes are running (47 in this case), how
+ much memory and swap space has been taken up, and how much time the
+ system is spending in different CPU states.</para>
+
+ <para>Below that are a series of columns containing similar information
+ to the output from &man.ps.1;. As before you can see the PID, the
+ username, the amount of CPU time taken, and the command that was run.
+ &man.top.1; also defaults to showing you the amount of memory space
+ taken by the process. This is split into two columns, one for total
+ size, and one for resident size&mdash;total size is how much memory the
+ application has needed, and the resident size is how much it is actually
+ using at the moment. In this example you can see that <application>&netscape;</application> has
+ required almost 30&nbsp;MB of RAM, but is currently only using 9&nbsp;MB.</para>
+
+ <para>&man.top.1; automatically updates this display every two seconds;
+ this can be changed with the <option>s</option> option.</para>
+ </sect1>
+
+ <sect1 id="basics-daemons">
+ <title>Daemons, Signals, and Killing Processes</title>
+
+ <para>When you run an editor it is easy to control the editor, tell it to
+ load files, and so on. You can do this because the editor provides
+ facilities to do so, and because the editor is attached to a
+ <firstterm>terminal</firstterm>. Some programs are not designed to be
+ run with continuous user input, and so they disconnect from the terminal
+ at the first opportunity. For example, a web server spends all day
+ responding to web requests, it normally does not need any input from
+ you. Programs that transport email from site to site are another
+ example of this class of application.</para>
+
+ <para>We call these programs <firstterm>daemons</firstterm>. Daemons were
+ characters in Greek mythology; neither good or evil, they were little
+ attendant spirits that, by and large, did useful things for mankind.
+ Much like the web servers and mail servers of today do useful things.
+ This is why the BSD mascot has, for a long time, been the cheerful
+ looking daemon with sneakers and a pitchfork.</para>
+
+ <para>There is a convention to name programs that normally run as daemons
+ with a trailing <quote>d</quote>. <application>BIND</application> is the
+ Berkeley Internet Name Daemon (and the actual program that executes is called
+ <command>named</command>), the <application>Apache</application> web
+ server program is called <command>httpd</command>, the line printer
+ spooling daemon is <command>lpd</command> and so on. This is a
+ convention, not a hard and fast rule; for example, the main mail daemon
+ for the <application>Sendmail</application> application is called
+ <command>sendmail</command>, and not <command>maild</command>, as you
+ might imagine.</para>
+
+ <para>Sometimes you will need to communicate with a daemon process. These
+ communications are called <firstterm>signals</firstterm>, and you can
+ communicate with a daemon (or with any other running process) by sending it a
+ signal. There are a number of different signals that you can
+ send&mdash;some of them have a specific meaning, others are interpreted
+ by the application, and the application's documentation will tell you
+ how that application interprets signals. You can only send a signal to
+ a process that you own. If you send a signal to someone else's
+ process with &man.kill.1; or &man.kill.2; permission will be denied.
+ The exception to this is the
+ <username>root</username> user, who can send signals to everyone's
+ processes.</para>
+
+ <para>FreeBSD will also send applications signals in some cases. If an
+ application is badly written, and tries to access memory that it is not
+ supposed to, FreeBSD sends the process the <firstterm>Segmentation
+ Violation</firstterm> signal (<literal>SIGSEGV</literal>). If an
+ application has used the &man.alarm.3; system call to be alerted after a
+ period of time has elapsed then it will be sent the Alarm signal
+ (<literal>SIGALRM</literal>), and so on.</para>
+
+ <para>Two signals can be used to stop a process,
+ <literal>SIGTERM</literal> and <literal>SIGKILL</literal>.
+ <literal>SIGTERM</literal> is the polite way to kill a process; the
+ process can <emphasis>catch</emphasis> the signal, realize that you want
+ it to shut down, close any log files it may have open, and generally
+ finish whatever it is doing at the time before shutting down. In some
+ cases a process may even ignore <literal>SIGTERM</literal> if it is in
+ the middle of some task that can not be interrupted.</para>
+
+ <para><literal>SIGKILL</literal> can not be ignored by a process. This is
+ the <quote>I do not care what you are doing, stop right now</quote>
+ signal. If you send <literal>SIGKILL</literal> to a process then
+ FreeBSD will stop that process there and then<footnote>
+ <para>Not quite true&mdash;there are a few things that can not be
+ interrupted. For example, if the process is trying to read from a
+ file that is on another computer on the network, and the other
+ computer has gone away for some reason (been turned off, or the
+ network has a fault), then the process is said to be
+ <quote>uninterruptible</quote>. Eventually the process will time
+ out, typically after two minutes. As soon as this time out occurs
+ the process will be killed.</para>
+ </footnote>.</para>
+
+ <para>The other signals you might want to use are
+ <literal>SIGHUP</literal>, <literal>SIGUSR1</literal>, and
+ <literal>SIGUSR2</literal>. These are general purpose signals, and
+ different applications will do different things when they are
+ sent.</para>
+
+ <para>Suppose that you have changed your web server's configuration
+ file&mdash;you would like to tell the web server to re-read its
+ configuration. You could stop and restart <command>httpd</command>, but
+ this would result in a brief outage period on your web server, which may
+ be undesirable. Most daemons are written to respond to the
+ <literal>SIGHUP</literal> signal by re-reading their configuration
+ file. So instead of killing and restarting <command>httpd</command> you
+ would send it the <literal>SIGHUP</literal> signal. Because there is no
+ standard way to respond to these signals, different daemons will have
+ different behavior, so be sure and read the documentation for the
+ daemon in question.</para>
+
+ <para>Signals are sent using the &man.kill.1; command, as this example
+ shows.</para>
+
+ <procedure>
+ <title>Sending a Signal to a Process</title>
+
+ <para>This example shows how to send a signal to &man.inetd.8;. The
+ <command>inetd</command> configuration file is
+ <filename>/etc/inetd.conf</filename>, and <command>inetd</command> will re-read
+ this configuration file when it is sent
+ <literal>SIGHUP</literal>.</para>
+
+ <step>
+ <para>Find the process ID of the process you want to send the signal
+ to. Do this using &man.ps.1; and &man.grep.1;. The &man.grep.1;
+ command is used to search through output, looking for the string you
+ specify. This command is run as a normal user, and &man.inetd.8; is
+ run as <username>root</username>, so the <option>ax</option> options
+ must be given to &man.ps.1;.</para>
+
+ <screen>&prompt.user; <userinput>ps -ax | grep inetd</userinput>
+ 198 ?? IWs 0:00.00 inetd -wW</screen>
+
+ <para>So the &man.inetd.8; PID is 198. In some cases the
+ <literal>grep inetd</literal> command might also occur in this
+ output. This is because of the way &man.ps.1; has to find the list
+ of running processes.</para>
+ </step>
+
+ <step>
+ <para>Use &man.kill.1; to send the signal. Because &man.inetd.8; is
+ being run by <username>root</username> you must use &man.su.1; to
+ become <username>root</username> first.</para>
+
+ <screen>&prompt.user; <userinput>su</userinput>
+<prompt>Password:</prompt>
+&prompt.root; <userinput>/bin/kill -s HUP 198</userinput></screen>
+
+ <para>In common with most &unix; commands, &man.kill.1; will not print any
+ output if it is successful. If you send a signal to a
+ process that you do not own then you will see <errorname>kill:
+ <replaceable>PID</replaceable>: Operation not
+ permitted</errorname>. If you mistype the PID you will either
+ send the signal to the wrong process, which could be bad, or, if
+ you are lucky, you will have sent the signal to a PID that is not
+ currently in use, and you will see <errorname>kill:
+ <replaceable>PID</replaceable>: No such process</errorname>.</para>
+
+ <note>
+ <title>Why Use <command>/bin/kill</command>?</title>
+
+ <para>Many shells provide the <command>kill</command> command as a
+ built in command; that is, the shell will send the signal
+ directly, rather than running <filename>/bin/kill</filename>.
+ This can be very useful, but different shells have a different
+ syntax for specifying the name of the signal to send. Rather than
+ try to learn all of them, it can be simpler just to use the
+ <command>/bin/kill <replaceable>...</replaceable></command>
+ command directly.</para>
+ </note>
+ </step>
+ </procedure>
+
+ <para>Sending other signals is very similar, just substitute
+ <literal>TERM</literal> or <literal>KILL</literal> in the command line
+ as necessary.</para>
+
+ <important>
+ <para>Killing random process on the system can be a bad idea. In
+ particular, &man.init.8;, process ID 1, is very special. Running
+ <command>/bin/kill -s KILL 1</command> is a quick way to shutdown your
+ system. <emphasis>Always</emphasis> double check the arguments you
+ run &man.kill.1; with <emphasis>before</emphasis> you press
+ <keycap>Return</keycap>.</para>
+ </important>
+ </sect1>
+
+ <sect1 id="shells">
+ <title>Shells</title>
+ <indexterm><primary>shells</primary></indexterm>
+ <indexterm><primary>command line</primary></indexterm>
+
+ <para>In FreeBSD, a lot of everyday work is done in a command line
+ interface called a shell. A shell's main job is to take commands
+ from the input channel and execute them. A lot of shells also have
+ built in functions to help everyday tasks such as file management,
+ file globbing, command line editing, command macros, and environment
+ variables. FreeBSD comes with a set of shells, such as
+ <command>sh</command>, the Bourne Shell, and <command>tcsh</command>,
+ the improved C-shell. Many other shells are available
+ from the FreeBSD Ports Collection, such as
+ <command>zsh</command> and <command>bash</command>.</para>
+
+ <para>Which shell do you use? It is really a matter of taste. If you
+ are a C programmer you might feel more comfortable with a C-like shell
+ such as <command>tcsh</command>. If you have come from Linux or are new
+ to a &unix; command line interface you might try <command>bash</command>.
+ The point is that each
+ shell has unique properties that may or may not work with your
+ preferred working environment, and that you have a choice of what
+ shell to use.</para>
+
+ <para>One common feature in a shell is filename completion. Given
+ the typing of the first few letters of a command or filename, you
+ can usually have the shell automatically complete the rest of the
+ command or filename by hitting the <keycap>Tab</keycap> key on the keyboard. Here is
+ an example. Suppose you have two files called
+ <filename>foobar</filename> and <filename>foo.bar</filename>. You
+ want to delete <filename>foo.bar</filename>. So what you would type
+ on the keyboard is: <command>rm fo[<keycap>Tab</keycap>].[<keycap>Tab</keycap>]</command>.</para>
+
+ <para>The shell would print out <command>rm
+ foo[BEEP].bar</command>.</para>
+
+ <para>The [BEEP] is the console bell, which is the shell telling me it
+ was unable to totally complete the filename because there is more
+ than one match. Both <filename>foobar</filename> and
+ <filename>foo.bar</filename> start with <literal>fo</literal>, but
+ it was able to complete to <literal>foo</literal>. If you type in
+ <literal>.</literal>, then hit <keycap>Tab</keycap> again, the shell would be able to
+ fill in the rest of the filename for you.</para>
+ <indexterm><primary>environment variables</primary></indexterm>
+
+ <para>Another feature of the shell is the use of environment variables.
+ Environment variables are a variable key pair stored in the shell's
+ environment space. This space can be read by any program invoked by
+ the shell, and thus contains a lot of program configuration. Here
+ is a list of common environment variables and what they mean:</para>
+ <indexterm><primary>environment variables</primary></indexterm>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><envar>USER</envar></entry>
+ <entry>Current logged in user's name.</entry>
+ </row>
+
+ <row>
+ <entry><envar>PATH</envar></entry>
+ <entry>Colon separated list of directories to search for
+ binaries.</entry>
+ </row>
+
+ <row>
+ <entry><envar>DISPLAY</envar></entry>
+ <entry>Network name of the X11 display to connect to, if
+ available.</entry>
+ </row>
+
+ <row>
+ <entry><envar>SHELL</envar></entry>
+ <entry>The current shell.</entry>
+ </row>
+
+ <row>
+ <entry><envar>TERM</envar></entry>
+ <entry>The name of the user's terminal. Used to determine the
+ capabilities of the terminal.</entry>
+ </row>
+
+ <row>
+ <entry><envar>TERMCAP</envar></entry>
+ <entry>Database entry of the terminal escape codes to perform
+ various terminal functions.</entry>
+ </row>
+
+ <row>
+ <entry><envar>OSTYPE</envar></entry>
+ <entry>Type of operating system. e.g., FreeBSD.</entry>
+ </row>
+
+ <row>
+ <entry><envar>MACHTYPE</envar></entry>
+ <entry>The CPU architecture that the system is running
+ on.</entry>
+ </row>
+
+ <row>
+ <entry><envar>EDITOR</envar></entry>
+ <entry>The user's preferred text editor.</entry>
+ </row>
+
+ <row>
+ <entry><envar>PAGER</envar></entry>
+ <entry>The user's preferred text pager.</entry>
+ </row>
+
+ <row>
+ <entry><envar>MANPATH</envar></entry>
+ <entry>Colon separated list of directories to search for
+ manual pages.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <indexterm><primary>Bourne shells</primary></indexterm>
+ <para>Setting an environment variable differs somewhat from
+ shell to shell. For example, in the C-Style shells such as
+ <command>tcsh</command> and <command>csh</command>, you would use
+ <command>setenv</command> to set environment variables.
+ Under Bourne shells such as <command>sh</command> and
+ <command>bash</command>, you would use
+ <command>export</command> to set your current environment
+ variables. For example, to set or modify the
+ <envar>EDITOR</envar> environment variable, under <command>csh</command> or
+ <command>tcsh</command> a
+ command like this would set <envar>EDITOR</envar> to
+ <filename>/usr/local/bin/emacs</filename>:</para>
+
+ <screen>&prompt.user; <userinput>setenv EDITOR /usr/local/bin/emacs</userinput></screen>
+
+ <para>Under Bourne shells:</para>
+
+ <screen>&prompt.user; <userinput>export EDITOR="/usr/local/bin/emacs"</userinput></screen>
+
+ <para>You can also make most shells expand the environment variable by
+ placing a <literal>$</literal> character in front of it on the
+ command line. For example, <command>echo $TERM</command> would
+ print out whatever <envar>$TERM</envar> is set to, because the shell
+ expands <envar>$TERM</envar> and passes it on to <command>echo</command>.</para>
+
+ <para>Shells treat a lot of special characters, called meta-characters
+ as special representations of data. The most common one is the
+ <literal>*</literal> character, which represents any number of
+ characters in a filename. These special meta-characters can be used
+ to do filename globbing. For example, typing in
+ <command>echo *</command> is almost the same as typing in
+ <command>ls</command> because the shell takes all the files that
+ match <literal>*</literal> and puts them on the command line for
+ <command>echo</command> to see.</para>
+
+ <para>To prevent the shell from interpreting these special characters,
+ they can be escaped from the shell by putting a backslash
+ (<literal>\</literal>) character in front of them. <command>echo
+ $TERM</command> prints whatever your terminal is set to.
+ <command>echo \$TERM</command> prints <envar>$TERM</envar> as
+ is.</para>
+
+ <sect2 id="changing-shells">
+ <title>Changing Your Shell</title>
+
+ <para>The easiest way to change your shell is to use the
+ <command>chsh</command> command. Running <command>chsh</command> will
+ place you into the editor that is in your <envar>EDITOR</envar>
+ environment variable; if it is not set, you will be placed in
+ <command>vi</command>. Change the <quote>Shell:</quote> line
+ accordingly.</para>
+
+ <para>You can also give <command>chsh</command> the
+ <option>-s</option> option; this will set your shell for you,
+ without requiring you to enter an editor.
+ For example, if you wanted to
+ change your shell to <command>bash</command>, the following should do the
+ trick:</para>
+
+ <screen>&prompt.user; <userinput>chsh -s /usr/local/bin/bash</userinput></screen>
+
+ <note>
+ <para>The shell that you wish to use <emphasis>must</emphasis> be
+ present in the <filename>/etc/shells</filename> file. If you
+ have installed a shell from the <link linkend="ports">ports
+ collection</link>, then this should have been done for you
+ already. If you installed the shell by hand, you must do
+ this.</para>
+
+ <para>For example, if you installed <command>bash</command> by hand
+ and placed it into <filename>/usr/local/bin</filename>, you would
+ want to:</para>
+
+ <screen>&prompt.root; <userinput>echo &quot;/usr/local/bin/bash&quot; &gt;&gt; /etc/shells</userinput></screen>
+
+ <para>Then rerun <command>chsh</command>.</para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="editors">
+ <title>Text Editors</title>
+ <indexterm><primary>text editors</primary></indexterm>
+ <indexterm><primary>editors</primary></indexterm>
+
+ <para>A lot of configuration in FreeBSD is done by editing text files.
+ Because of this, it would be a good idea to become familiar
+ with a text editor. FreeBSD comes with a few as part of the base
+ system, and many more are available in the Ports Collection.</para>
+
+ <indexterm>
+ <primary><command>ee</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>editors</primary>
+ <secondary><command>ee</command></secondary>
+ </indexterm>
+ <para>The easiest and simplest editor to learn is an editor called
+ <application>ee</application>, which stands for easy editor. To
+ start <application>ee</application>, one would type at the command
+ line <command>ee <replaceable>filename</replaceable></command> where
+ <replaceable>filename</replaceable> is the name of the file to be edited.
+ For example, to edit <filename>/etc/rc.conf</filename>, type in
+ <command>ee /etc/rc.conf</command>. Once inside of
+ <command>ee</command>, all of the
+ commands for manipulating the editor's functions are listed at the
+ top of the display. The caret <literal>^</literal> character represents
+ the <keycap>Ctrl</keycap> key on the keyboard, so <literal>^e</literal> expands to the key combination
+ <keycombo action="simul"><keycap>Ctrl</keycap><keycap>e</keycap></keycombo>. To leave
+ <application>ee</application>, hit the <keycap>Esc</keycap> key, then choose leave
+ editor. The editor will prompt you to save any changes if the file
+ has been modified.</para>
+
+ <indexterm>
+ <primary><command>vi</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>editors</primary>
+ <secondary><command>vi</command></secondary>
+ </indexterm>
+ <indexterm>
+ <primary><command>emacs</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>editors</primary>
+ <secondary><command>emacs</command></secondary>
+ </indexterm>
+ <para>FreeBSD also comes with more powerful text editors such as
+ <application>vi</application> as part of the base system, while other editors, like
+ <application>Emacs</application> and <application>vim</application>,
+ are part of the FreeBSD Ports Collection (<filename role="package">editors/emacs</filename> and <filename role="package">editors/vim</filename>). These editors offer much
+ more functionality and power at the expense of being a little more
+ complicated to learn. However if you plan on doing a lot of text
+ editing, learning a more powerful editor such as
+ <application>vim</application> or <application>Emacs</application>
+ will save you much more time in the long run.</para>
+ </sect1>
+
+ <sect1 id="basics-devices">
+ <title>Devices and Device Nodes</title>
+
+ <para>A device is a term used mostly for hardware-related
+ activities in a system, including disks, printers, graphics
+ cards, and keyboards. When FreeBSD boots, the majority
+ of what FreeBSD displays are devices being detected.
+ You can look through the boot messages again by viewing
+ <filename>/var/run/dmesg.boot</filename>.</para>
+
+ <para>For example, <devicename>acd0</devicename> is the
+ first IDE CDROM drive, while <devicename>kbd0</devicename>
+ represents the keyboard.</para>
+
+ <para>Most of these devices in a &unix; operating system must be
+ accessed through special files called device nodes, which are
+ located in the <filename>/dev</filename> directory.</para>
+
+ <sect2>
+ <title>Creating Device Nodes</title>
+ <para>When adding a new device to your system, or compiling
+ in support for additional devices, you may need to create one or
+ more device nodes for the new devices.</para>
+
+ <sect3>
+ <title>MAKEDEV Script</title>
+ <para>On systems without <literal>DEVFS</literal> (this concerns all FreeBSD versions before 5.0), device nodes are created
+ using the &man.MAKEDEV.8; script as shown below:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>sh MAKEDEV ad1</userinput>
+ </screen>
+
+ <para>This example would make the proper device nodes
+ for the second IDE drive when installed.</para>
+ </sect3>
+
+ <sect3>
+ <title><literal>DEVFS</literal> (DEVice File System)</title>
+
+ <para> The device file system, or <literal>DEVFS</literal>, provides access to
+ kernel's device namespace in the global file system namespace.
+ Instead of having to create and modify device nodes,
+ <literal>DEVFS</literal> maintains this particular file system for you.</para>
+
+ <para>See the &man.devfs.5; manual page for more
+ information.</para>
+
+ <para><literal>DEVFS</literal> is used by default in FreeBSD&nbsp;5.0 and above.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="binary-formats">
+ <title>Binary Formats</title>
+
+ <para>To understand why &os; uses the &man.elf.5;
+ format, you must first know a little about the three currently
+ <quote>dominant</quote> executable formats for &unix;:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>&man.a.out.5;</para>
+
+ <para>The oldest and <quote>classic</quote> &unix; object
+ format. It uses a short and compact header with a magic
+ number at the beginning that is often used to characterize
+ the format (see &man.a.out.5; for more details). It
+ contains three loaded segments: .text, .data, and .bss plus
+ a symbol table and a string table.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>COFF</acronym></para>
+
+ <para>The SVR3 object format. The header now comprises a
+ section table, so you can have more than just .text, .data,
+ and .bss sections.</para>
+ </listitem>
+
+ <listitem>
+ <para>&man.elf.5;</para>
+
+ <para>The successor to <acronym>COFF</acronym>, featuring
+ multiple sections and 32-bit or 64-bit possible values. One
+ major drawback: <acronym>ELF</acronym> was also designed
+ with the assumption that there would be only one ABI per
+ system architecture. That assumption is actually quite
+ incorrect, and not even in the commercial SYSV world (which
+ has at least three ABIs: SVR4, Solaris, SCO) does it hold
+ true.</para>
+
+ <para>FreeBSD tries to work around this problem somewhat by
+ providing a utility for <emphasis>branding</emphasis> a
+ known <acronym>ELF</acronym> executable with information
+ about the ABI it is compliant with. See the manual page for
+ &man.brandelf.1; for more information.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>FreeBSD comes from the <quote>classic</quote> camp and used
+ the &man.a.out.5; format, a technology tried and proven through
+ many generations of BSD releases, until the beginning of the 3.X
+ branch. Though it was possible to build and run native
+ <acronym>ELF</acronym> binaries (and kernels) on a FreeBSD
+ system for some time before that, FreeBSD initially resisted the
+ <quote>push</quote> to switch to <acronym>ELF</acronym> as the
+ default format. Why? Well, when the Linux camp made their
+ painful transition to <acronym>ELF</acronym>, it was not so much
+ to flee the <filename>a.out</filename> executable format as it
+ was their inflexible jump-table based shared library mechanism,
+ which made the construction of shared libraries very difficult
+ for vendors and developers alike. Since the
+ <acronym>ELF</acronym> tools available offered a solution to the
+ shared library problem and were generally seen as <quote>the way
+ forward</quote> anyway, the migration cost was accepted as
+ necessary and the transition made. FreeBSD's shared library
+ mechanism is based more closely on Sun's
+ &sunos; style shared library mechanism
+ and, as such, is very easy to use.</para>
+
+ <para>So, why are there so many different formats?</para>
+
+ <para>Back in the dim, dark past, there was simple hardware. This
+ simple hardware supported a simple, small system. <filename>a.out</filename> was
+ completely adequate for the job of representing binaries on this
+ simple system (a PDP-11). As people ported &unix; from this simple
+ system, they retained the <filename>a.out</filename> format because it was sufficient
+ for the early ports of &unix; to architectures like the Motorola
+ 68k, VAXen, etc.</para>
+
+ <para>Then some bright hardware engineer decided that if he could
+ force software to do some sleazy tricks, then he would be able
+ to shave a few gates off the design and allow his CPU core to
+ run faster. While it was made to work with this new kind of
+ hardware (known these days as <acronym>RISC</acronym>), <filename>a.out</filename>
+ was ill-suited for this hardware, so many formats were developed
+ to get to a better performance from this hardware than the
+ limited, simple <filename>a.out</filename> format could
+ offer. Things like <acronym>COFF</acronym>,
+ <acronym>ECOFF</acronym>, and a few obscure others were invented
+ and their limitations explored before things seemed to settle on
+ <acronym>ELF</acronym>.</para>
+
+ <para>In addition, program sizes were getting huge and disks (and
+ physical memory) were still relatively small so the concept of a
+ shared library was born. The VM system also became more
+ sophisticated. While each one of these advancements was done
+ using the <filename>a.out</filename> format, its usefulness was
+ stretched more and more with each new feature. In addition,
+ people wanted to dynamically load things at run time, or to junk
+ parts of their program after the init code had run to save in
+ core memory and swap space. Languages became more sophisticated
+ and people wanted code called before main automatically. Lots of
+ hacks were done to the <filename>a.out</filename> format to
+ allow all of these things to happen, and they basically worked
+ for a time. In time, <filename>a.out</filename> was not up to
+ handling all these problems without an ever increasing overhead
+ in code and complexity. While <acronym>ELF</acronym> solved many
+ of these problems, it would be painful to switch from the system
+ that basically worked. So <acronym>ELF</acronym> had to wait
+ until it was more painful to remain with
+ <filename>a.out</filename> than it was to migrate to
+ <acronym>ELF</acronym>.</para>
+
+ <para>However, as time passed, the build tools that FreeBSD
+ derived their build tools from (the assembler and loader
+ especially) evolved in two parallel trees. The FreeBSD tree
+ added shared libraries and fixed some bugs. The GNU folks that
+ originally wrote these programs rewrote them and added simpler
+ support for building cross compilers, plugging in different
+ formats at will, and so on. Since many people wanted to build cross
+ compilers targeting FreeBSD, they were out of luck since the
+ older sources that FreeBSD had for <application>as</application> and <application>ld</application> were not up to the
+ task. The new GNU tools chain (<application>binutils</application>) does support cross
+ compiling, <acronym>ELF</acronym>, shared libraries, C++
+ extensions, etc. In addition, many vendors are releasing
+ <acronym>ELF</acronym> binaries, and it is a good thing for
+ FreeBSD to run them.</para>
+
+ <para><acronym>ELF</acronym> is more expressive than <filename>a.out</filename> and
+ allows more extensibility in the base system. The
+ <acronym>ELF</acronym> tools are better maintained, and offer
+ cross compilation support, which is important to many people.
+ <acronym>ELF</acronym> may be a little slower than <filename>a.out</filename>, but
+ trying to measure it can be difficult. There are also numerous
+ details that are different between the two in how they map
+ pages, handle init code, etc. None of these are very important,
+ but they are differences. In time support for
+ <filename>a.out</filename> will be moved out of the <filename>GENERIC</filename>
+ kernel, and eventually removed from the kernel once the need to
+ run legacy <filename>a.out</filename> programs is past.</para>
+ </sect1>
+
+ <sect1 id="basics-more-information">
+ <title>For More Information</title>
+
+ <sect2 id="basics-man">
+ <title>Manual Pages</title>
+ <indexterm><primary>manual pages</primary></indexterm>
+
+ <para>The most comprehensive documentation on FreeBSD is in the form
+ of manual pages. Nearly every program on the system comes with a
+ short reference manual explaining the basic operation and various
+ arguments. These manuals can be viewed with the <command>man</command> command. Use
+ of the <command>man</command> command is simple:</para>
+
+ <screen>&prompt.user; <userinput>man <replaceable>command</replaceable></userinput></screen>
+
+ <para><literal>command</literal> is the name of the command you
+ wish to learn about. For example, to learn more about
+ <command>ls</command> command type:</para>
+
+ <screen>&prompt.user; <userinput>man ls</userinput></screen>
+
+ <para>The online manual is divided up into numbered sections:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>User commands.</para>
+ </listitem>
+
+ <listitem>
+ <para>System calls and error numbers.</para>
+ </listitem>
+
+ <listitem>
+ <para>Functions in the C libraries.</para>
+ </listitem>
+
+ <listitem>
+ <para>Device drivers.</para>
+ </listitem>
+
+ <listitem>
+ <para>File formats.</para>
+ </listitem>
+
+ <listitem>
+ <para>Games and other diversions.</para>
+ </listitem>
+
+ <listitem>
+ <para>Miscellaneous information.</para>
+ </listitem>
+
+ <listitem>
+ <para>System maintenance and operation commands.</para>
+ </listitem>
+
+ <listitem>
+ <para>Kernel developers.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>In some cases, the same topic may appear in more than one
+ section of the online manual. For example, there is a
+ <command>chmod</command> user command and a
+ <function>chmod()</function> system call. In this case, you can
+ tell the <command>man</command> command which one you want by specifying the
+ section:</para>
+
+ <screen>&prompt.user; <userinput>man 1 chmod</userinput></screen>
+
+ <para>This will display the manual page for the user command
+ <command>chmod</command>. References to a particular section of
+ the online manual are traditionally placed in parenthesis in
+ written documentation, so &man.chmod.1; refers to the
+ <command>chmod</command> user command and &man.chmod.2; refers to
+ the system call.</para>
+
+ <para>This is fine if you know the name of the command and simply
+ wish to know how to use it, but what if you cannot recall the
+ command name? You can use <command>man</command> to search for keywords in the
+ command descriptions by using the <option>-k</option>
+ switch:</para>
+
+ <screen>&prompt.user; <userinput>man -k mail</userinput></screen>
+
+ <para>With this command you will be presented with a list of
+ commands that have the keyword <quote>mail</quote> in their
+ descriptions. This is actually functionally equivalent to using
+ the <command>apropos</command> command.</para>
+
+ <para>So, you are looking at all those fancy commands in
+ <filename>/usr/bin</filename> but do not have the faintest idea
+ what most of them actually do? Simply do:</para>
+
+ <screen>&prompt.user; <userinput>cd /usr/bin</userinput>
+&prompt.user; <userinput>man -f *</userinput></screen>
+
+ <para>or</para>
+
+ <screen>&prompt.user; <userinput>cd /usr/bin</userinput>
+&prompt.user; <userinput>whatis *</userinput></screen>
+
+ <para>which does the same thing.</para>
+ </sect2>
+
+ <sect2 id="basics-info">
+ <title>GNU Info Files</title>
+ <indexterm><primary>Free Software Foundation</primary></indexterm>
+
+ <para>FreeBSD includes many applications and utilities produced by
+ the Free Software Foundation (FSF). In addition to manual pages,
+ these programs come with more extensive hypertext documents called
+ <literal>info</literal> files which can be viewed with the
+ <command>info</command> command or, if you installed
+ <application>emacs</application>, the info mode of
+ <application>emacs</application>.</para>
+
+ <para>To use the &man.info.1; command, simply type:</para>
+
+ <screen>&prompt.user; <userinput>info</userinput></screen>
+
+ <para>For a brief introduction, type <literal>h</literal>. For a
+ quick command reference, type <literal>?</literal>.</para>
+ </sect2>
+ </sect1>
+</chapter>
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/basics/example-dir1.dot b/zh_TW.Big5/books/handbook/basics/example-dir1.dot
new file mode 100644
index 0000000000..f259e8377d
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/basics/example-dir1.dot
@@ -0,0 +1,7 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/";
+ root -> "A2/";
+}
diff --git a/zh_TW.Big5/books/handbook/basics/example-dir2.dot b/zh_TW.Big5/books/handbook/basics/example-dir2.dot
new file mode 100644
index 0000000000..b846c82399
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/basics/example-dir2.dot
@@ -0,0 +1,8 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/" -> "B1/";
+ "A1/" -> "B2/";
+ root -> "A2/";
+}
diff --git a/zh_TW.Big5/books/handbook/basics/example-dir3.dot b/zh_TW.Big5/books/handbook/basics/example-dir3.dot
new file mode 100644
index 0000000000..178a3a91bb
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/basics/example-dir3.dot
@@ -0,0 +1,8 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/";
+ root -> "A2/" -> "B1/";
+ "A2/" -> "B2/";
+}
diff --git a/zh_TW.Big5/books/handbook/basics/example-dir4.dot b/zh_TW.Big5/books/handbook/basics/example-dir4.dot
new file mode 100644
index 0000000000..82d12b421a
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/basics/example-dir4.dot
@@ -0,0 +1,9 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/";
+ root -> "A2/" -> "B1/" -> "C1/";
+ "B1/" -> "C2/";
+ "A2/" -> "B2/";
+}
diff --git a/zh_TW.Big5/books/handbook/basics/example-dir5.dot b/zh_TW.Big5/books/handbook/basics/example-dir5.dot
new file mode 100644
index 0000000000..f5aa6e01dc
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/basics/example-dir5.dot
@@ -0,0 +1,9 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/" -> "C1/";
+ "A1/" -> "C2/";
+ root -> "A2/" -> "B1/";
+ "A2/" -> "B2/";
+}
diff --git a/zh_TW.Big5/books/handbook/bibliography/Makefile b/zh_TW.Big5/books/handbook/bibliography/Makefile
new file mode 100644
index 0000000000..f926466a22
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/bibliography/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= bibliography/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/bibliography/chapter.sgml b/zh_TW.Big5/books/handbook/bibliography/chapter.sgml
new file mode 100644
index 0000000000..721d73a383
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/bibliography/chapter.sgml
@@ -0,0 +1,646 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<appendix id="bibliography">
+ <title>Bibliography</title>
+
+ <para>While the manual pages provide the definitive reference for individual
+ pieces of the FreeBSD operating system, they are notorious for not
+ illustrating how to put the pieces together to make the whole operating
+ system run smoothly. For this, there is no substitute for a good book on
+ &unix; system administration and a good users' manual.</para>
+
+ <sect1 id="bibliography-freebsd">
+ <title>Books &amp; Magazines Specific to FreeBSD</title>
+
+ <para><emphasis>International books &amp;
+ Magazines:</emphasis></para>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink
+ url="http://jdli.tw.FreeBSD.org/publication/book/freebsd2/index.htm">Using FreeBSD</ulink> (in Chinese).</para>
+ </listitem>
+
+ <listitem>
+
+ <para>FreeBSD Unleashed (Chinese translation), published by
+ <ulink url="http://www.hzbook.com/">China Machine
+ Press</ulink>. ISBN 7-111-10201-0.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD From Scratch First Edition (in Chinese),
+ published by China Machine Press. ISBN 7-111-07482-3.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD From Scratch Second Edition (in Chinese),
+ published by China Machine Press. ISBN 7-111-10286-X.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD Handbook (Chinese translation), published by
+ <ulink url="http://www.ptpress.com.cn/">Posts &amp; Telecom
+ Press</ulink>. ISBN 7-115-10541-3.
+ </para>
+ </listitem>
+
+ <listitem>
+
+ <para>FreeBSD 3.x Internet (in Chinese), published by
+ <ulink url="http://www.tup.tsinghua.edu.cn/">Tsinghua
+ University Press</ulink>. ISBN 7-900625-66-6.</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD &amp; Windows (in Chinese), ISBN 7-113-03845-X</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD Internet Services HOWTO (in Chinese), ISBN 7-113-03423-3</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD for PC 98'ers (in Japanese), published by SHUWA System
+ Co, LTD. ISBN 4-87966-468-5 C3055 P2900E.</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD (in Japanese), published by CUTT. ISBN 4-906391-22-2
+ C3055 P2400E.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.shoeisha.com/book/Detail.asp?bid=650">Complete Introduction to FreeBSD</ulink> (in Japanese), published by <ulink url="http://www.shoeisha.co.jp/">Shoeisha Co., Ltd</ulink>. ISBN 4-88135-473-6 P3600E.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.ascii.co.jp/pb/book1/shinkan/detail/1322785.html">Personal UNIX Starter Kit FreeBSD</ulink> (in Japanese), published by <ulink url="http://www.ascii.co.jp/">ASCII</ulink>. ISBN 4-7561-1733-3 P3000E.</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD Handbook (Japanese translation), published by <ulink
+ url="http://www.ascii.co.jp/">ASCII</ulink>. ISBN 4-7561-1580-2
+ P3800E.</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD mit Methode (in German), published by <ulink url="http://www.cul.de">Computer und
+ Literatur Verlag</ulink>/Vertrieb Hanser, 1998. ISBN 3-932311-31-0.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.cul.de/freebsd.html">FreeBSD 4 - Installieren, Konfigurieren, Administrieren</ulink>
+ (in German), published by <ulink url="http://www.cul.de">Computer und Literatur Verlag</ulink>, 2001.
+ ISBN 3-932311-88-4.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.cul.de/freebsd.html">FreeBSD 5 - Installieren, Konfigurieren, Administrieren</ulink>
+ (in German), published by <ulink url="http://www.cul.de">Computer und Literatur Verlag</ulink>, 2003.
+ ISBN 3-936546-06-1.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.mitp.de/vmi/mitp/detail/pWert/1343/">
+ FreeBSD de Luxe</ulink> (in German), published by
+ <ulink url="http://www.mitp.de">Verlag Modere Industrie</ulink>,
+ 2003. ISBN 3-8266-1343-0.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.pc.mycom.co.jp/FreeBSD/install-manual.html">FreeBSD Install and Utilization Manual</ulink> (in Japanese), published by <ulink url="http://www.pc.mycom.co.jp/">Mainichi Communications Inc.</ulink>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Onno W Purbo, Dodi Maryanto, Syahrial Hubbany, Widjil Widodo
+ <emphasis><ulink url="http://maxwell.itb.ac.id/">
+ Building Internet Server with
+ FreeBSD</ulink></emphasis> (in Indonesia Language), published
+ by <ulink url="http://www.elexmedia.co.id/">Elex Media Komputindo</ulink>.</para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para><emphasis>English language books &amp; Magazines:</emphasis></para>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink url="http://www.AbsoluteBSD.com/">Absolute
+ BSD: The Ultimate Guide to FreeBSD</ulink>, published by
+ <ulink url="http://www.nostarch.com/">No Starch Press</ulink>, 2002.
+ ISBN: 1886411743</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.freebsdmall.com/cgi-bin/fm/bsdcomp">
+ The Complete FreeBSD</ulink>, published by
+ <ulink url="http://www.oreilly.com/">O'Reilly</ulink>, 2003.
+ ISBN: 0596005164</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.freebsd-corp-net-guide.com/">The
+ FreeBSD Corporate Networker's Guide</ulink>, published by
+ <ulink url="http://www.awl.com/aw/">Addison-Wesley</ulink>, 2000.
+ ISBN: 0201704811</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://andrsn.stanford.edu/FreeBSD/introbook/">
+ FreeBSD: An Open-Source Operating System for Your Personal
+ Computer</ulink>, published by The Bit Tree Press, 2001.
+ ISBN: 0971204500</para>
+ </listitem>
+
+ <listitem>
+ <para>Teach Yourself FreeBSD in 24 Hours, published by
+ <ulink url="http://www.samspublishing.com/">Sams</ulink>, 2002.
+ ISBN: 0672324245</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD unleashed, published by
+ <ulink url="http://www.samspublishing.com/">Sams</ulink>, 2002.
+ ISBN: 0672324563</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD: The Complete Reference, published by
+ <ulink url="http://books.mcgraw-hill.com">McGrawHill</ulink>, 2003.
+ ISBN: 0072224096 </para>
+ </listitem>
+
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-userguides">
+ <title>Users' Guides</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD
+ User's Reference Manual</emphasis>. O'Reilly &amp; Associates,
+ Inc., 1994. ISBN 1-56592-075-9</para>
+ </listitem>
+
+ <listitem>
+ <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD
+ User's Supplementary Documents</emphasis>. O'Reilly &amp;
+ Associates, Inc., 1994. ISBN 1-56592-076-7</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>UNIX in a Nutshell</emphasis>. O'Reilly &amp;
+ Associates, Inc., 1990. ISBN 093717520X</para>
+ </listitem>
+
+ <listitem>
+ <para>Mui, Linda. <emphasis>What You Need To Know When You Can't Find
+ Your UNIX System Administrator</emphasis>. O'Reilly &amp;
+ Associates, Inc., 1995. ISBN 1-56592-104-6</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www-wks.acs.ohio-state.edu/">Ohio State
+ University</ulink> has written a <ulink
+ url="http://www-wks.acs.ohio-state.edu/unix_course/unix.html">UNIX
+ Introductory Course</ulink> which is available online in HTML and
+ PostScript format.</para>
+
+ <para>An Italian <ulink
+ url="&url.doc.base;/it_IT.ISO8859-15/books/unix-introduction/index.html">translation</ulink>
+ of this document is available as part of the FreeBSD Italian
+ Documentation Project.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.jp.FreeBSD.org/">Jpman Project, Japan
+ FreeBSD Users Group</ulink>. <ulink
+ url="http://www.pc.mycom.co.jp/FreeBSD/urm.html">FreeBSD User's
+ Reference Manual</ulink> (Japanese translation). <ulink
+ url="http://www.pc.mycom.co.jp/">Mainichi Communications
+ Inc.</ulink>, 1998. ISBN4-8399-0088-4 P3800E.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.ed.ac.uk/">Edinburgh
+ University</ulink> has written an <ulink
+ url="http://unixhelp.ed.ac.uk/">Online Guide</ulink> for
+ newcomers to the UNIX environment.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-adminguides">
+ <title>Administrators' Guides</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Albitz, Paul and Liu, Cricket. <emphasis>DNS and
+ BIND</emphasis>, 4th Ed. O'Reilly &amp; Associates, Inc., 2001.
+ ISBN 1-59600-158-4</para>
+ </listitem>
+
+ <listitem>
+ <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD
+ System Manager's Manual</emphasis>. O'Reilly &amp; Associates,
+ Inc., 1994. ISBN 1-56592-080-5</para>
+ </listitem>
+
+ <listitem>
+ <para>Costales, Brian, et al. <emphasis>Sendmail</emphasis>, 2nd Ed.
+ O'Reilly &amp; Associates, Inc., 1997. ISBN 1-56592-222-0</para>
+ </listitem>
+
+ <listitem>
+ <para>Frisch, &AElig;leen. <emphasis>Essential System
+ Administration</emphasis>, 2nd Ed. O'Reilly &amp; Associates,
+ Inc., 1995. ISBN 1-56592-127-5</para>
+ </listitem>
+
+ <listitem>
+ <para>Hunt, Craig. <emphasis>TCP/IP Network
+ Administration</emphasis>, 2nd Ed. O'Reilly &amp; Associates, Inc., 1997.
+ ISBN 1-56592-322-7</para>
+ </listitem>
+
+ <listitem>
+ <para>Nemeth, Evi. <emphasis>UNIX System Administration
+ Handbook</emphasis>. 3rd Ed. Prentice Hall, 2000. ISBN
+ 0-13-020601-6</para>
+ </listitem>
+
+ <listitem>
+ <para>Stern, Hal <emphasis>Managing NFS and NIS</emphasis> O'Reilly
+ &amp; Associates, Inc., 1991. ISBN 0-937175-75-7</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.jp.FreeBSD.org/">Jpman Project, Japan
+ FreeBSD Users Group</ulink>. <ulink
+ url="http://www.pc.mycom.co.jp/FreeBSD/sam.html">FreeBSD System
+ Administrator's Manual</ulink> (Japanese translation). <ulink
+ url="http://www.pc.mycom.co.jp/">Mainichi Communications
+ Inc.</ulink>, 1998. ISBN4-8399-0109-0 P3300E.</para>
+ </listitem>
+
+ <listitem>
+ <para>Dreyfus, Emmanuel. <ulink
+ url="http://www.eyrolles.com/Informatique/Livre/9782212114638/">Cahiers
+ de l'Admin: BSD</ulink> 2nd Ed. (in French), Eyrolles, 2004.
+ ISBN 2-212-11463-X</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-programmers">
+ <title>Programmers' Guides</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Asente, Paul, Converse, Diana, and Swick, Ralph.
+ <emphasis>X Window System Toolkit</emphasis>. Digital Press,
+ 1998. ISBN 1-55558-178-1</para>
+ </listitem>
+
+ <listitem>
+ <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD
+ Programmer's Reference Manual</emphasis>. O'Reilly &amp;
+ Associates, Inc., 1994. ISBN 1-56592-078-3</para>
+ </listitem>
+
+ <listitem>
+ <para>Computer Systems Research Group, UC Berkeley. <emphasis>4.4BSD
+ Programmer's Supplementary Documents</emphasis>. O'Reilly &amp;
+ Associates, Inc., 1994. ISBN 1-56592-079-1</para>
+ </listitem>
+
+ <listitem>
+ <para>Harbison, Samuel P. and Steele, Guy L. Jr. <emphasis>C: A
+ Reference Manual</emphasis>. 4th ed. Prentice Hall, 1995.
+ ISBN 0-13-326224-3</para>
+ </listitem>
+
+ <listitem>
+ <para>Kernighan, Brian and Dennis M. Ritchie. <emphasis>The C
+ Programming Language</emphasis>. 2nd Ed. PTR Prentice Hall, 1988.
+ ISBN 0-13-110362-8</para>
+ </listitem>
+
+ <listitem>
+ <para>Lehey, Greg. <emphasis>Porting UNIX Software</emphasis>.
+ O'Reilly &amp; Associates, Inc., 1995. ISBN 1-56592-126-7</para>
+ </listitem>
+
+ <listitem>
+ <para>Plauger, P. J. <emphasis>The Standard C Library</emphasis>.
+ Prentice Hall, 1992. ISBN 0-13-131509-9</para>
+ </listitem>
+
+ <listitem>
+ <para>Spinellis, Diomidis. <ulink
+ url="http://www.spinellis.gr/codereading/"><emphasis>Code
+ Reading: The Open Source Perspective</emphasis></ulink>.
+ Addison-Wesley, 2003. ISBN 0-201-79940-5</para>
+ </listitem>
+
+ <listitem>
+ <para>Stevens, W. Richard. <emphasis>Advanced Programming in the UNIX
+ Environment</emphasis>. Reading, Mass. : Addison-Wesley, 1992.
+ ISBN 0-201-56317-7</para>
+ </listitem>
+
+ <listitem>
+ <para>Stevens, W. Richard. <emphasis>UNIX Network
+ Programming</emphasis>. 2nd Ed, PTR Prentice Hall, 1998. ISBN
+ 0-13-490012-X</para>
+ </listitem>
+
+ <listitem>
+ <para>Wells, Bill. <quote>Writing Serial Drivers for UNIX</quote>.
+ <emphasis>Dr. Dobb's Journal</emphasis>. 19(15), December 1994.
+ pp68-71, 97-99.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-osinternals">
+ <title>Operating System Internals</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Andleigh, Prabhat K. <emphasis>UNIX System
+ Architecture</emphasis>. Prentice-Hall, Inc., 1990. ISBN
+ 0-13-949843-5</para>
+ </listitem>
+
+ <listitem>
+ <para>Jolitz, William. <quote>Porting UNIX to the 386</quote>.
+ <emphasis>Dr. Dobb's Journal</emphasis>. January 1991-July
+ 1992.</para>
+ </listitem>
+
+ <listitem>
+ <para>Leffler, Samuel J., Marshall Kirk McKusick, Michael J Karels and
+ John Quarterman <emphasis>The Design and Implementation of the
+ 4.3BSD UNIX Operating System</emphasis>. Reading, Mass. :
+ Addison-Wesley, 1989. ISBN 0-201-06196-1</para>
+ </listitem>
+
+ <listitem>
+ <para>Leffler, Samuel J., Marshall Kirk McKusick, <emphasis>The Design
+ and Implementation of the 4.3BSD UNIX Operating System: Answer
+ Book</emphasis>. Reading, Mass. : Addison-Wesley, 1991. ISBN
+ 0-201-54629-9</para>
+ </listitem>
+
+ <listitem>
+ <para>McKusick, Marshall Kirk, Keith Bostic, Michael J Karels, and
+ John Quarterman. <emphasis>The Design and Implementation of the
+ 4.4BSD Operating System</emphasis>. Reading, Mass. :
+ Addison-Wesley, 1996. ISBN 0-201-54979-4</para>
+
+ <para>(Chapter 2 of this book is available <ulink
+ url="&url.books.design-44bsd;/book.html">online</ulink> as part of
+ the FreeBSD Documentation Project, and chapter 9 <ulink
+ url="http://www.netapp.com/tech_library/nfsbook.html">
+ here</ulink>.)</para>
+ </listitem>
+
+ <listitem>
+ <para>Marshall Kirk McKusick, George V. Neville-Neil <emphasis>The Design
+ and Implementation of the FreeBSD Operating System</emphasis>.
+ Boston, Mass. : Addison-Wesley, 2004. ISBN 0-201-70245-2</para>
+ </listitem>
+
+ <listitem>
+ <para>Stevens, W. Richard. <emphasis>TCP/IP Illustrated, Volume 1:
+ The Protocols</emphasis>. Reading, Mass. : Addison-Wesley,
+ 1996. ISBN 0-201-63346-9</para>
+ </listitem>
+
+ <listitem>
+ <para>Schimmel, Curt. <emphasis>Unix Systems for Modern
+ Architectures</emphasis>. Reading, Mass. : Addison-Wesley, 1994.
+ ISBN 0-201-63338-8</para>
+ </listitem>
+
+ <listitem>
+ <para>Stevens, W. Richard. <emphasis>TCP/IP Illustrated, Volume 3:
+ TCP for Transactions, HTTP, NNTP and the UNIX Domain
+ Protocols</emphasis>. Reading, Mass. : Addison-Wesley, 1996.
+ ISBN 0-201-63495-3</para>
+ </listitem>
+
+ <listitem>
+ <para>Vahalia, Uresh. <emphasis>UNIX Internals -- The New
+ Frontiers</emphasis>. Prentice Hall, 1996. ISBN
+ 0-13-101908-2</para>
+ </listitem>
+
+ <listitem>
+ <para>Wright, Gary R. and W. Richard Stevens. <emphasis>TCP/IP
+ Illustrated, Volume 2: The Implementation</emphasis>. Reading,
+ Mass. : Addison-Wesley, 1995. ISBN 0-201-63354-X</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-security">
+ <title>Security Reference</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Cheswick, William R. and Steven M. Bellovin. <emphasis>Firewalls
+ and Internet Security: Repelling the Wily Hacker</emphasis>.
+ Reading, Mass. : Addison-Wesley, 1995. ISBN
+ 0-201-63357-4</para>
+ </listitem>
+
+ <listitem>
+ <para>Garfinkel, Simson and Gene Spafford.
+ <emphasis>Practical UNIX &amp; Internet Security</emphasis>.
+ 2nd Ed. O'Reilly &amp; Associates, Inc., 1996. ISBN
+ 1-56592-148-8</para>
+ </listitem>
+
+ <listitem>
+ <para>Garfinkel, Simson. <emphasis>PGP Pretty Good
+ Privacy</emphasis> O'Reilly &amp; Associates, Inc., 1995. ISBN
+ 1-56592-098-8</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-hardware">
+ <title>Hardware Reference</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Anderson, Don and Tom Shanley. <emphasis>Pentium Processor
+ System Architecture</emphasis>. 2nd Ed. Reading, Mass. :
+ Addison-Wesley, 1995. ISBN 0-201-40992-5</para>
+ </listitem>
+
+ <listitem>
+ <para>Ferraro, Richard F. <emphasis>Programmer's Guide to the EGA,
+ VGA, and Super VGA Cards</emphasis>. 3rd ed. Reading, Mass. :
+ Addison-Wesley, 1995. ISBN 0-201-62490-7</para>
+ </listitem>
+
+ <listitem>
+ <para>Intel Corporation publishes documentation on their CPUs,
+ chipsets and standards on their <ulink
+ url="http://developer.intel.com/">developer web site</ulink>,
+ usually as PDF files.</para>
+ </listitem>
+
+ <listitem>
+ <para>Shanley, Tom. <emphasis>80486 System Architecture</emphasis>.
+ 3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
+ 0-201-40994-1</para>
+ </listitem>
+
+ <listitem>
+ <para>Shanley, Tom. <emphasis>ISA System Architecture</emphasis>.
+ 3rd ed. Reading, Mass. : Addison-Wesley, 1995. ISBN
+ 0-201-40996-8</para>
+ </listitem>
+
+ <listitem>
+ <para>Shanley, Tom. <emphasis>PCI System Architecture</emphasis>.
+ 4th ed. Reading, Mass. : Addison-Wesley, 1999. ISBN
+ 0-201-30974-2</para>
+ </listitem>
+
+ <listitem>
+ <para>Van Gilluwe, Frank. <emphasis>The Undocumented PC</emphasis>, 2nd Ed.
+ Reading, Mass: Addison-Wesley Pub. Co., 1996. ISBN
+ 0-201-47950-8</para>
+ </listitem>
+
+ <listitem>
+ <para>Messmer, Hans-Peter. <emphasis>The Indispensable PC Hardware Book</emphasis>, 4th Ed.
+ Reading, Mass: Addison-Wesley Pub. Co., 2002. ISBN
+ 0-201-59616-4</para>
+ </listitem>
+
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-history">
+ <title>&unix; History</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>Lion, John <emphasis>Lion's Commentary on UNIX, 6th Ed. With
+ Source Code</emphasis>. ITP Media Group, 1996. ISBN
+ 1573980137</para>
+ </listitem>
+
+ <listitem>
+ <para>Raymond, Eric S. <emphasis>The New Hacker's Dictionary, 3rd
+ edition</emphasis>. MIT Press, 1996. ISBN
+ 0-262-68092-0. Also known as the <ulink
+ url="http://www.catb.org/~esr/jargon/html/index.html">Jargon
+ File</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para>Salus, Peter H. <emphasis>A quarter century of UNIX</emphasis>.
+ Addison-Wesley Publishing Company, Inc., 1994. ISBN
+ 0-201-54777-5</para>
+ </listitem>
+
+ <listitem>
+ <para>Simon Garfinkel, Daniel Weise, Steven Strassmann. <emphasis>The
+ UNIX-HATERS Handbook</emphasis>. IDG Books Worldwide, Inc.,
+ 1994. ISBN 1-56884-203-1. Out of print, but available <ulink
+ url="http://research.microsoft.com/~daniel/unix-haters.html">
+ online</ulink>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Don Libes, Sandy Ressler <emphasis>Life with UNIX</emphasis>
+ &mdash; special edition. Prentice-Hall, Inc., 1989. ISBN
+ 0-13-536657-7</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>The BSD family tree</emphasis>.
+ <ulink url="http://www.FreeBSD.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree"></ulink>
+ or <ulink type="html" url="file://localhost/usr/share/misc/bsd-family-tree"><filename>/usr/share/misc/bsd-family-tree</filename></ulink>
+ on a FreeBSD machine.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>The BSD Release Announcements collection</emphasis>.
+ 1997. <ulink url="http://www.de.FreeBSD.org/de/ftp/releases/"></ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>Networked Computer Science Technical Reports
+ Library</emphasis>. <ulink url="http://www.ncstrl.org/"></ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>Old BSD releases from the Computer Systems Research
+ group (CSRG)</emphasis>.
+ <ulink url="http://www.mckusick.com/csrg/"></ulink>:
+ The 4CD set covers all BSD versions from 1BSD to 4.4BSD and
+ 4.4BSD-Lite2 (but not 2.11BSD, unfortunately). The last
+ disk also holds the final sources plus the SCCS files.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="bibliography-journals">
+ <title>Magazines and Journals</title>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>The C/C++ Users Journal</emphasis>. R&amp;D
+ Publications Inc. ISSN 1075-2838</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>Sys Admin &mdash; The Journal for UNIX System
+ Administrators</emphasis> Miller Freeman, Inc., ISSN
+ 1061-2688</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>freeX &mdash; Das Magazin f&uuml;r Linux - BSD - UNIX</emphasis>
+ (in German) Computer- und Literaturverlag GmbH, ISSN 1436-7033</para>
+ </listitem>
+
+ </itemizedlist>
+ </sect1>
+</appendix>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../appendix.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "appendix")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/handbook/book.sgml b/zh_TW.Big5/books/handbook/book.sgml
new file mode 100644
index 0000000000..8e11e673be
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/book.sgml
@@ -0,0 +1,315 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
+<!ENTITY % books.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Books Entity Set//EN">
+%books.ent;
+<!ENTITY % chapters SYSTEM "chapters.ent">
+%chapters;
+<!ENTITY % txtfiles SYSTEM "txtfiles.ent">
+%txtfiles;
+
+<!ENTITY % not.published "INCLUDE">
+
+<!ENTITY % chap.introduction "IGNORE">
+<!ENTITY % chap.install "IGNORE">
+<!ENTITY % chap.basics "IGNORE">
+<!ENTITY % chap.ports "IGNORE">
+<!ENTITY % chap.config "IGNORE">
+<!ENTITY % chap.boot "IGNORE">
+<!ENTITY % chap.users "IGNORE">
+<!ENTITY % chap.kernelconfig "IGNORE">
+<!ENTITY % chap.security "IGNORE">
+<!ENTITY % chap.printing "IGNORE">
+<!ENTITY % chap.disks "IGNORE">
+<!ENTITY % chap.geom "IGNORE">
+<!ENTITY % chap.vinum "IGNORE">
+<!ENTITY % chap.x11 "IGNORE">
+<!ENTITY % chap.l10n "IGNORE">
+<!ENTITY % chap.multimedia "IGNORE">
+<!ENTITY % chap.desktop "IGNORE">
+<!ENTITY % chap.serialcomms "IGNORE">
+<!ENTITY % chap.ppp-and-slip "IGNORE">
+<!ENTITY % chap.advanced-networking "IGNORE">
+<!ENTITY % chap.firewalls "IGNORE">
+<!ENTITY % chap.network-servers "IGNORE">
+<!ENTITY % chap.mail "IGNORE">
+<!ENTITY % chap.cutting-edge "IGNORE">
+<!ENTITY % chap.linuxemu "IGNORE">
+<!ENTITY % chap.mirrors "IGNORE">
+<!ENTITY % chap.bibliography "IGNORE">
+<!ENTITY % chap.eresources "IGNORE">
+<!ENTITY % chap.pgpkeys "IGNORE">
+<!ENTITY % chap.index "IGNORE">
+<!ENTITY % chap.freebsd-glossary "IGNORE">
+<!ENTITY % chap.mac "IGNORE">
+
+<!ENTITY % pgpkeys SYSTEM "../../../share/pgpkeys/pgpkeys.ent"> %pgpkeys;
+]>
+
+<book>
+ <bookinfo>
+ <title>FreeBSD ¨Ï¥Î¤â¥U</title>
+
+ <corpauthor>FreeBSD ¤å¥ó­pµe</corpauthor>
+
+ <pubdate>February 1999</pubdate>
+
+ <copyright>
+ <year>1995</year>
+ <year>1996</year>
+ <year>1997</year>
+ <year>1998</year>
+ <year>1999</year>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <year>2004</year>
+ <year>2005</year>
+ <holder>FreeBSD ¤å¥ó­pµe</holder>
+ </copyright>
+
+ &bookinfo.legalnotice;
+
+ <legalnotice id="trademarks" role="trademarks">
+ &tm-attrib.freebsd;
+ &tm-attrib.3com;
+ &tm-attrib.3ware;
+ &tm-attrib.arm;
+ &tm-attrib.adaptec;
+ &tm-attrib.adobe;
+ &tm-attrib.apple;
+ &tm-attrib.corel;
+ &tm-attrib.creative;
+ &tm-attrib.cvsup;
+ &tm-attrib.heidelberger;
+ &tm-attrib.ibm;
+ &tm-attrib.ieee;
+ &tm-attrib.intel;
+ &tm-attrib.intuit;
+ &tm-attrib.linux;
+ &tm-attrib.lsilogic;
+ &tm-attrib.m-systems;
+ &tm-attrib.macromedia;
+ &tm-attrib.microsoft;
+ &tm-attrib.netscape;
+ &tm-attrib.nexthop;
+ &tm-attrib.opengroup;
+ &tm-attrib.oracle;
+ &tm-attrib.powerquest;
+ &tm-attrib.realnetworks;
+ &tm-attrib.redhat;
+ &tm-attrib.sap;
+ &tm-attrib.sun;
+ &tm-attrib.symantec;
+ &tm-attrib.themathworks;
+ &tm-attrib.thomson;
+ &tm-attrib.usrobotics;
+ &tm-attrib.vmware;
+ &tm-attrib.waterloomaple;
+ &tm-attrib.wolframresearch;
+ &tm-attrib.xfree86;
+ &tm-attrib.xiph;
+ &tm-attrib.general;
+ </legalnotice>
+
+ <abstract>
+ <para>Åwªï¨Ï¥ÎFreeBSD¡I ¥»¨Ï¥Î¤â¥U²[»\½d³ò¥]¬A¤F
+ <emphasis>FreeBSD &rel2.current;-RELEASE</emphasis> ©M
+ <emphasis>FreeBSD &rel.current;-RELEASE</emphasis> ªº¦w¸Ë©M¤é±`¨Ï¥Î¡C
+ ³o¥÷¨Ï¥Î¤â¥U¬O«Ü¦h¤Hªº¶°Åé³Ð§@¡A¦Ó¥B¤´µM¡y«ùÄò¤£Â_¡zªº¶i¦æ¤¤¡C
+ ³\¦h³¹¸`¤´¥¼§¹¦¨¡A¤w§¹¦¨ªº³¡¥÷¤]¦³¨Ç»Ý­n§ó·s¡C
+ ¦pªG±z¹ï¨ó§U¥»­pµeªº¶i¦æ¦³¿³½ìªº¸Ü¡A½Ð±H e-mail ¨ì &a.doc;¡C
+ ¦b <ulink url="http://www.FreeBSD.org/">FreeBSD ºô¯¸</ulink>
+ ¥i¥H§ä¨ì³o¥÷¤å¥óªº³Ì·sª©¥»(ª©¤å¥ó¥i±q <ulink
+ url="http://docs.FreeBSD.org/doc/"></ulink> ¨ú±o)¡A¤]¥i¥H±q <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">FreeBSD FTP ¦øªA¾¹</ulink>
+ ©Î¬O²³¦h <link linkend="mirrors-ftp">mirror ¯¸»O</link>
+ ¤U¸ü¤£¦P®æ¦¡¤Î¤£¦PÀ£ÁY¿ï¶µªº¸ê®Æ¡C
+ ¦pªG¤ñ¸û°¾¦n¾Ö¦³¹êÅé®Ñ­±¸ê®Æ¡A¨º¥i¥H¦b
+ <ulink url="http://www.freebsdmall.com/">FreeBSD Mall</ulink> ÁʶR¡C
+ ¦¹¥~¡A¤]¥i¥H¦b <ulink url="&url.base;/search/index.html">¨Ï¥Î¤â¥U</ulink>
+ ¤¤·j´M¸ê®Æ¡C
+ </para>
+ </abstract>
+ </bookinfo>
+
+ &chap.preface;
+
+ <part id="getting-started">
+ <title>¶}©l¨Ï¥Î FreeBSD </title>
+
+ <partintro>
+ <para>³o³¡¥÷¬O´£¨Ñµ¹ªì¦¸¨Ï¥Î FreeBSD ªº¨Ï¥ÎªÌ©M¨t²ÎºÞ²zªÌ¡C
+ ³o¨Ç³¹¸`¥]¬A¡G</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>¤¶²Ð FreeBSD µ¹±z¡C </para>
+ </listitem>
+
+ <listitem>
+ <para>¦b¦w¸Ë¹Lµ{µ¹±z«ü¤Þ¡C </para>
+ </listitem>
+
+ <listitem>
+ <para>±Ð±z &unix; ªº°ò¦¤Î­ì²z¡C </para>
+ </listitem>
+
+ <listitem>
+ <para>®i¥Üµ¹±z¬Ý¦p¦ó¦w¸ËÂ×´Iªº FreeBSD ªºÀ³¥Î³nÅé</para>
+ </listitem>
+
+ <listitem>
+ <para>¦V±z¤¶²Ð X¡A &unix; ªºµøµ¡¨t²Î¥H¤Î¸Ô²Óªº®à­±Àô¹Ò³]©w¡AÅý±z§ó¦³¥Í²£¤O¡C
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>§Ú­Ì¸ÕµÛ¾¨¥i¯àªºÅý³o¬q¤å¦rªº°Ñ¦Ò³sµ²¼Æ¥Ø­°¨ì³Ì§C¡AÅý±z¦bŪ¨Ï¥Î¤â¥Uªº³o³¡¥÷®É¥i¥H¤£¤Ó»Ý­n±`±`«e«á½­¶¡C
+ </para>
+ </partintro>
+
+ <![ %chap.introduction; [ &chap.introduction; ]]>
+ <![ %chap.install; [ &chap.install; ]]>
+ <![ %chap.basics; [ &chap.basics; ]]>
+ <![ %chap.ports; [ &chap.ports; ]]>
+ <![ %chap.x11; [ &chap.x11; ]]>
+ </part>
+
+ <part id="common-tasks">
+ <title>¤@¯ë©Ê¤u§@</title>
+
+ <partintro>
+ <para>¬JµM°ò¦ªº³¡¤À¤w¸g´£¹L¤F¡A±µ¤U¨Óªº³o­Ó³¡¤À±N·|°Q½×¤@¨Ç±`·|¥Î¨ìªº FreeBSD
+ ªº¯S¦â¡A³o¨Ç³¹¸`¥]¬A¡G</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>¤¶²Ðµ¹±z±`¨£¥B¹ê¥Îªº®à­±À³¥Î³nÅé¡Gºô­¶ÂsÄý¾¹¡B¥Í²£¤O¤u¨ã¡B¤å¥óÀ˵øµ{¦¡µ¥¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>¤¶²Ðµ¹±z²³¦h FreeBSD ¤W¥i¥Îªº¦h´CÅé¤u¨ã¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>¸ÑÄÀ¦p¦ó½sĶ¦Û­q FreeBSD ®Ö¤ß¥H¼W¥[ÃB¥~¨t²Î¥\¯àªº¬yµ{¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>¸Ô²Ó´y­z¦C¦L¨t²Î¡A¥]§t®à¤W«¬¦Lªí¾÷¤Îºô¸ô¦Lªí¾÷ªº³]©w¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>®i¥Üµ¹±z¬Ý¦p¦ó¦b±zªº FreeBSD ¨t²Î¤¤°õ¦æ Linux À³¥Î³nÅé¡C</para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>³o¨Ç³¹¸`¤¤¦³¨Ç»Ý­n±z¹w¥ý¾\Ū¨Ç¬ÛÃö¤å¥ó¡A¦b¦U³¹¸`¶}ÀYªº·§­n¤º·|´£¤Î¡C</para>
+
+ </partintro>
+
+ <![ %chap.desktop; [ &chap.desktop; ]]>
+ <![ %chap.multimedia; [ &chap.multimedia; ]]>
+ <![ %chap.kernelconfig; [ &chap.kernelconfig; ]]>
+ <![ %chap.printing; [ &chap.printing; ]]>
+ <![ %chap.linuxemu; [ &chap.linuxemu; ]]>
+ </part>
+
+ <part id="system-administration">
+ <title>¨t²ÎºÞ²z</title>
+
+ <partintro>
+ <para>FreeBSD ¨Ï¥Î¤â¥U³Ñ¤Uªº³o¨Ç³¹¸`²[»\¤F¥þ¤è¦ìªº FreeBSD ¨t²ÎºÞ²z¡C
+ ¨C­Ó³¹¸`ªº¶}ÀY·|¥ý´y­z¦b¸Ó±zŪ§¹¸Ó³¹¸`«á±z·|¾Ç¨ì¤°»ò¡A¤]·|¸Ô­z¦b±z¦b¬Ý³o¨Ç¸ê®Æ®ÉÀ³¸Ó­n¦³ªº¤@¨Ç­I´ºª¾ÃÑ¡C
+ </para>
+
+ <para>³o¨Ç³¹¸`¬OÅý±z¦b»Ý­n¬d¸ê®Æªº®É­Ô½¾\¥Îªº¡C
+ ±z¤£»Ý­n¨Ì·Ó¯S©wªº¶¶§Ç¨ÓŪ¡A¤]¤£»Ý­n±N³o¨Ç³¹¸`¥þ³¡¹LŪ¤§«á¤~¶}©l¥Î FreeBSD¡C
+ </para>
+ </partintro>
+
+ <![ %chap.config; [ &chap.config; ]]>
+ <![ %chap.boot; [ &chap.boot; ]]>
+ <![ %chap.users; [ &chap.users; ]]>
+ <![ %chap.security; [ &chap.security; ]]>
+ <![ %chap.mac; [ &chap.mac; ]]>
+ <![ %chap.disks; [ &chap.disks; ]]>
+ <![ %chap.geom; [ &chap.geom; ]]>
+ <![ %chap.vinum; [ &chap.vinum; ]]>
+ <![ %chap.l10n; [ &chap.l10n; ]]>
+ <![ %chap.cutting-edge; [ &chap.cutting-edge; ]]>
+ </part>
+
+ <part id="network-communication">
+ <title>ºô¸ô³q°T</title>
+
+ <partintro>
+ <para>FreeBSD ¬O¤@ºØ¼sªxªº³Q¨Ï¥Î¦b°ª®Ä¯àªººô¸ô¦øªA¾¹¤¤ªº§@·~¨t²Î¡A³o¨Ç³¹¸`¥]§t¤F¡G</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>§Ç¦C°ð³q°T</para>
+ </listitem>
+
+ <listitem>
+ <para>PPP ©M PPPoE</para>
+ </listitem>
+
+ <listitem>
+ <para>¹q¤l¶l¥ó</para>
+ </listitem>
+
+ <listitem>
+ <para>°õ¦æºô¸ô¦øªAµ{¦¡</para>
+ </listitem>
+
+ <listitem>
+ <para>¨¾¤õÀð</para>
+ </listitem>
+
+ <listitem>
+ <para>¨ä¥Lªº¶i¶¥ºô¸ô¥DÃD</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>³o¨Ç³¹¸`¬OÅý±z¦b»Ý­n¬d¸ê®Æªº®É­Ô½¾\¥Îªº¡C
+ ±z¤£»Ý­n¨Ì·Ó¯S©wªº¶¶§Ç¨ÓŪ¡A¤]¤£»Ý­n±N³o¨Ç³¹¸`¥þ³¡Åª¹L¤§«á¤~±N FreeBSD ¥Î¦bºô¸ôÀô¹Ò¤U¡C</para>
+ </partintro>
+
+ <![ %chap.serialcomms; [ &chap.serialcomms; ]]>
+ <![ %chap.ppp-and-slip; [ &chap.ppp-and-slip; ]]>
+ <![ %chap.mail; [ &chap.mail; ]]>
+ <![ %chap.network-servers; [ &chap.network-servers; ]]>
+ <![ %chap.firewalls; [ &chap.firewalls; ]]>
+ <![ %chap.advanced-networking; [ &chap.advanced-networking; ]]>
+
+ </part>
+
+ <part id="appendices">
+ <title>ªþ¿ý</title>
+
+ <![ %chap.mirrors; [ &chap.mirrors; ]]>
+ <![ %chap.bibliography; [ &chap.bibliography; ]]>
+ <![ %chap.eresources; [ &chap.eresources; ]]>
+ <![ %chap.pgpkeys; [ &chap.pgpkeys; ]]>
+ </part>
+ <![ %chap.freebsd-glossary; [ &bookinfo.freebsd-glossary; ]]>
+ <![ %chap.index; [ &chap.index; ]]>
+ &chap.colophon;
+</book>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/boot/Makefile b/zh_TW.Big5/books/handbook/boot/Makefile
new file mode 100644
index 0000000000..92105efc40
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/boot/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= boot/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/boot/chapter.sgml b/zh_TW.Big5/books/handbook/boot/chapter.sgml
new file mode 100644
index 0000000000..557c013b29
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/boot/chapter.sgml
@@ -0,0 +1,821 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="boot">
+ <title>The FreeBSD Booting Process</title>
+
+ <sect1 id="boot-synopsis">
+ <title>Synopsis</title>
+ <indexterm><primary>booting</primary></indexterm>
+ <indexterm><primary>bootstrap</primary></indexterm>
+
+ <para>The process of starting a computer and loading the operating system
+ is referred to as <quote>the bootstrap process</quote>, or simply
+ <quote>booting</quote>. FreeBSD's boot process provides a great deal of
+ flexibility in customizing what happens when you start the system,
+ allowing you to select from different operating systems installed on the
+ same computer, or even different versions of the same operating system
+ or installed kernel.</para>
+
+ <para>This chapter details the configuration options you can set and how
+ to customize the FreeBSD boot process. This includes everything that
+ happens until the FreeBSD kernel has started, probed for devices, and
+ started &man.init.8;. If you are not quite sure when this happens, it
+ occurs when the text color changes from bright white to grey.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>What the components of the FreeBSD bootstrap system are, and how
+ they interact.</para>
+ </listitem>
+
+ <listitem>
+ <para>The options you can give to the components in the FreeBSD
+ bootstrap to control the boot process.</para>
+ </listitem>
+
+ <listitem>
+ <para>The basics of &man.device.hints.5;.</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <title>x86 Only</title>
+
+ <para>This chapter only describes the boot process for FreeBSD running
+ on Intel x86 systems.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="boot-introduction">
+ <title>The Booting Problem</title>
+
+ <para>Turning on a computer and starting the operating system poses an
+ interesting dilemma. By definition, the computer does not know how to
+ do anything until the operating system is started. This includes
+ running programs from the disk. So if the computer can not run a
+ program from the disk without the operating system, and the operating
+ system programs are on the disk, how is the operating system
+ started?</para>
+
+ <para>This problem parallels one in the book <citetitle>The Adventures of
+ Baron Munchausen</citetitle>. A character had fallen part way down a
+ manhole, and pulled himself out by grabbing his bootstraps, and
+ lifting. In the early days of computing the term
+ <firstterm>bootstrap</firstterm> was applied to the mechanism used to
+ load the operating system, which has become shortened to
+ <quote>booting</quote>.</para>
+
+ <indexterm><primary>BIOS</primary></indexterm>
+
+ <indexterm><primary>Basic Input/Output System</primary><see>BIOS</see></indexterm>
+
+ <para>On x86 hardware the Basic Input/Output System (BIOS) is responsible
+ for loading the operating system. To do this, the BIOS looks on the
+ hard disk for the Master Boot Record (MBR), which must be located on a
+ specific place on the disk. The BIOS has enough knowledge to load and
+ run the MBR, and assumes that the MBR can then carry out the rest of the
+ tasks involved in loading the operating system,
+ possibly with the help of the BIOS.</para>
+
+ <indexterm><primary>Master Boot Record (MBR)</primary></indexterm>
+
+ <indexterm><primary>Boot Manager</primary></indexterm>
+
+ <indexterm><primary>Boot Loader</primary></indexterm>
+
+ <para>The code within the MBR is usually referred to as a <emphasis>boot
+ manager</emphasis>, especially when it interacts with the user. In this case
+ the boot manager usually has more code in the first
+ <emphasis>track</emphasis> of the disk or within some OS's file system. (A
+ boot manager is sometimes also called a <emphasis>boot loader</emphasis>,
+ but FreeBSD uses that term for a later stage of booting.) Popular boot
+ managers include <application>boot0</application> (a.k.a. <application>Boot
+ Easy</application>, the standard &os; boot manager),
+ <application>Grub</application>, <application>GAG</application>, and
+ <application>LILO</application>.
+ (Only <application>boot0</application> fits within the MBR.)</para>
+
+ <para>If you have only one operating system installed on your disks then
+ a standard PC MBR will suffice. This MBR searches for the first bootable
+ (a.k.a. active) slice on the disk, and then runs the code on that slice to
+ load the remainder of the operating system. The MBR installed by
+ &man.fdisk.8;, by default, is such an MBR. It is based on
+ <filename>/boot/mbr</filename>.</para>
+
+ <para>If you have installed multiple operating systems on your disks then
+ you can install a different boot manager, one that can display a list of
+ different operating systems, and allows you to choose the one to boot
+ from. Two of these are discussed in the next subsection.</para>
+
+ <para>The remainder of the FreeBSD bootstrap system is divided into three
+ stages. The first stage is run by the MBR, which knows just enough to
+ get the computer into a specific state and run the second stage. The
+ second stage can do a little bit more, before running the third stage.
+ The third stage finishes the task of loading the operating system. The
+ work is split into these three stages because the PC standards put
+ limits on the size of the programs that can be run at stages one and
+ two. Chaining the tasks together allows FreeBSD to provide a more
+ flexible loader.</para>
+
+ <indexterm><primary>kernel</primary></indexterm>
+ <indexterm><primary><command>init</command></primary></indexterm>
+
+ <para>The kernel is then started and it begins to probe for devices
+ and initialize them for use. Once the kernel boot
+ process is finished, the kernel passes control to the user process
+ &man.init.8;, which then makes sure the disks are in a usable state.
+ &man.init.8; then starts the user-level resource configuration which
+ mounts file systems, sets up network cards to communicate on the
+ network, and generally starts all the processes that usually
+ are run on a FreeBSD system at startup.</para>
+ </sect1>
+
+ <sect1 id="boot-blocks">
+ <title>The Boot Manager and Boot Stages</title>
+
+ <indexterm><primary>Boot Manager</primary></indexterm>
+
+ <sect2 id="boot-boot0">
+ <title>The Boot Manager</title>
+ <indexterm><primary>Master Boot Record (MBR)</primary></indexterm>
+
+ <para>The code in the MBR or boot manager is sometimes referred to as
+ <emphasis>stage zero</emphasis> of the boot process. This subsection
+ discusses two of the boot managers previously mentioned:
+ <application>boot0</application> and <application>LILO</application>.</para>
+
+ <formalpara><title>The <application>boot0</application> Boot Manager:</title>
+ <para>The MBR installed by FreeBSD's installer or &man.boot0cfg.8;, by
+ default, is based on <filename>/boot/boot0</filename>.
+ (The <application>boot0</application> program is very simple, since the
+ program in the <abbrev>MBR</abbrev> can only be 446 bytes long because of the slice
+ table and 0x55AA identifier at the end of the MBR.)
+ If you have installed <application>boot0</application> and
+ multiple operating systems on your hard disks, then you will see a
+ display similar to this one at boot time:</para></formalpara>
+
+ <example id="boot-boot0-example">
+ <title><filename>boot0</filename> Screenshot</title>
+
+ <screen>F1 DOS
+F2 FreeBSD
+F3 Linux
+F4 ??
+F5 Drive 1
+
+Default: F2</screen>
+ </example>
+
+ <para>Other operating systems, in particular &windows;, have been known
+ to overwrite an existing MBR with their own. If this happens to you,
+ or you want to replace your existing MBR with the FreeBSD MBR then use
+ the following command:</para>
+
+ <screen>&prompt.root; <userinput>fdisk -B -b /boot/boot0 <replaceable>device</replaceable></userinput></screen>
+
+ <para>where <replaceable>device</replaceable> is the device that you
+ boot from, such as <devicename>ad0</devicename> for the first IDE
+ disk, <devicename>ad2</devicename> for the first IDE disk on a second
+ IDE controller, <devicename>da0</devicename> for the first SCSI disk,
+ and so on. Or, if you want a custom configuration of the MBR,
+ use &man.boot0cfg.8;.</para>
+
+ <formalpara><title>The LILO Boot Manager:</title>
+
+ <para>To install this boot manager so it will also boot FreeBSD, first
+ start Linux and add the following to your existing
+ <filename>/etc/lilo.conf</filename> configuration file:</para></formalpara>
+
+ <programlisting>other=/dev/hdXY
+table=/dev/hdX
+loader=/boot/chain.b
+label=FreeBSD</programlisting>
+
+ <para>In the above, specify FreeBSD's primary partition and drive using
+ Linux specifiers, replacing <replaceable>X</replaceable> with the Linux
+ drive letter and <replaceable>Y</replaceable> with the Linux primary
+ partition number. If you are using a <acronym>SCSI</acronym> drive, you
+ will need to change <replaceable>/dev/hd</replaceable> to read something
+ similar to <replaceable>/dev/sd</replaceable>. The
+ <option>loader=/boot/chain.b</option> line can be omitted if you have
+ both operating systems on the same drive. Now run
+ <command>/sbin/lilo&nbsp;-v</command> to commit your new changes to the
+ system; this should be verified by checking its screen messages.</para>
+ </sect2>
+
+ <sect2 id="boot-boot1">
+ <title>Stage One, <filename>/boot/boot1</filename>, and Stage Two,
+ <filename>/boot/boot2</filename></title>
+
+ <para>Conceptually the first and second stages are part of the same
+ program, on the same area of the disk. Because of space constraints
+ they have been split into two, but you would always install them
+ together. They are copied from the combined file
+ <filename>/boot/boot</filename> by the installer or
+ <application>disklabel</application> (see below).</para>
+
+ <para>They are located outside file systems, in the first track of
+ the boot slice, starting with the first sector. This is where <link
+ linkend="boot-boot0">boot0</link>, or any other boot manager,
+ expects to find a program to run which will
+ continue the boot process. The number of sectors used is easily
+ determined from the size of <filename>/boot/boot</filename>.</para>
+
+ <para><filename>boot1</filename> is very simple, since it
+ can only be 512 bytes
+ in size, and knows just enough about the FreeBSD
+ <firstterm>disklabel</firstterm>, which stores information
+ about the slice, to find and execute <filename>boot2</filename>.</para>
+
+ <para><filename>boot2</filename> is slightly more sophisticated, and understands
+ the FreeBSD file system enough to find files on it, and can
+ provide a simple interface to choose the kernel or loader to
+ run.</para>
+
+ <para>Since the <link linkend="boot-loader">loader</link> is
+ much more sophisticated, and provides a nice easy-to-use
+ boot configuration, <filename>boot2</filename> usually runs
+ it, but previously it
+ was tasked to run the kernel directly.</para>
+
+ <example id="boot-boot2-example">
+ <title><filename>boot2</filename> Screenshot</title>
+
+ <screen>&gt;&gt; FreeBSD/i386 BOOT
+Default: 0:ad(0,a)/kernel
+boot:</screen>
+ </example>
+
+ <para>If you ever need to replace the installed
+ <filename>boot1</filename> and <filename>boot2</filename> use
+ &man.disklabel.8;:</para>
+
+ <screen>&prompt.root; <userinput>disklabel -B <replaceable>diskslice</replaceable></userinput></screen>
+
+ <para>where <replaceable>diskslice</replaceable> is the disk and slice
+ you boot from, such as <devicename>ad0s1</devicename> for the first
+ slice on the first IDE disk.</para>
+
+ <warning>
+ <title>Dangerously Dedicated Mode</title>
+
+ <para>If you use just the disk name, such as
+ <devicename>ad0</devicename>, in the &man.disklabel.8; command you
+ will create a dangerously dedicated disk, without slices. This is
+ almost certainly not what you want to do, so make sure you double
+ check the &man.disklabel.8; command before you press
+ <keycap>Return</keycap>.</para>
+ </warning>
+ </sect2>
+
+ <sect2 id="boot-loader">
+ <title>Stage Three, <filename>/boot/loader</filename></title>
+
+ <indexterm><primary>boot-loader</primary></indexterm>
+ <para>The loader is the final stage of the three-stage
+ bootstrap, and is located on the file system, usually as
+ <filename>/boot/loader</filename>.</para>
+
+ <para>The loader is intended as a user-friendly method for
+ configuration, using an easy-to-use built-in command set,
+ backed up by a more powerful interpreter, with a more complex
+ command set.</para>
+
+ <sect3 id="boot-loader-flow">
+ <title>Loader Program Flow</title>
+
+ <para>During initialization, the loader will probe for a
+ console and for disks, and figure out what disk it is
+ booting from. It will set variables accordingly, and an
+ interpreter is started where user commands can be passed from
+ a script or interactively.</para>
+ <indexterm><primary>loader</primary></indexterm>
+ <indexterm><primary>loader configuration</primary></indexterm>
+
+ <para>The loader will then read
+ <filename>/boot/loader.rc</filename>, which by default reads
+ in <filename>/boot/defaults/loader.conf</filename> which
+ sets reasonable defaults for variables and reads
+ <filename>/boot/loader.conf</filename> for local changes to
+ those variables. <filename>loader.rc</filename> then acts
+ on these variables, loading whichever modules and kernel are
+ selected.</para>
+
+ <para>Finally, by default, the loader issues a 10 second wait
+ for key presses, and boots the kernel if it is not interrupted.
+ If interrupted, the user is presented with a prompt which
+ understands the easy-to-use command set, where the user may
+ adjust variables, unload all modules, load modules, and then
+ finally boot or reboot.</para>
+
+ </sect3>
+
+ <sect3 id="boot-loader-commands">
+ <title>Loader Built-In Commands</title>
+
+ <para>These are the most commonly used loader commands. For a
+ complete discussion of all available commands, please see
+ &man.loader.8;.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>autoboot <replaceable>seconds</replaceable></term>
+
+ <listitem>
+ <para>Proceeds to boot the kernel if not interrupted
+ within the time span given, in seconds. It displays a
+ countdown, and the default time span is 10
+ seconds.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>boot
+ <optional><replaceable>-options</replaceable></optional>
+ <optional><replaceable>kernelname</replaceable></optional></term>
+
+ <listitem>
+ <para>Immediately proceeds to boot the kernel, with the
+ given options, if any, and with the kernel name given,
+ if it is.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>boot-conf</term>
+
+ <listitem>
+ <para>Goes through the same automatic configuration of
+ modules based on variables as what happens at boot.
+ This only makes sense if you use
+ <command>unload</command> first, and change some
+ variables, most commonly <envar>kernel</envar>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>help
+ <optional><replaceable>topic</replaceable></optional></term>
+
+ <listitem>
+ <para>Shows help messages read from
+ <filename>/boot/loader.help</filename>. If the topic
+ given is <literal>index</literal>, then the list of
+ available topics is given.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>include <replaceable>filename</replaceable>
+ &hellip;</term>
+
+ <listitem>
+ <para>Processes the file with the given filename. The
+ file is read in, and interpreted line by line. An
+ error immediately stops the include command.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>load <optional><option>-t</option>
+ <replaceable>type</replaceable></optional>
+ <replaceable>filename</replaceable></term>
+
+ <listitem>
+ <para>Loads the kernel, kernel module, or file of the
+ type given, with the filename given. Any arguments
+ after filename are passed to the file.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ls <optional><option>-l</option></optional>
+ <optional><replaceable>path</replaceable></optional></term>
+
+ <listitem>
+ <para>Displays a listing of files in the given path, or
+ the root directory, if the path is not specified. If
+ <option>-l</option> is specified, file sizes will be
+ shown too.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>lsdev <optional><option>-v</option></optional></term>
+
+ <listitem>
+ <para>Lists all of the devices from which it may be
+ possible to load modules. If <option>-v</option> is
+ specified, more details are printed.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>lsmod <optional><option>-v</option></optional></term>
+
+ <listitem>
+ <para>Displays loaded modules. If <option>-v</option> is
+ specified, more details are shown.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>more <replaceable>filename</replaceable></term>
+
+ <listitem>
+ <para>Displays the files specified, with a pause at each
+ <varname>LINES</varname> displayed.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>reboot</term>
+
+ <listitem>
+ <para>Immediately reboots the system.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>set <replaceable>variable</replaceable></term>
+ <term>set
+ <replaceable>variable</replaceable>=<replaceable>value</replaceable></term>
+
+ <listitem>
+ <para>Sets the loader's environment variables.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>unload</term>
+
+ <listitem>
+ <para>Removes all loaded modules.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect3>
+
+ <sect3 id="boot-loader-examples">
+ <title>Loader Examples</title>
+
+ <para>Here are some practical examples of loader usage:</para>
+
+ <itemizedlist>
+ <indexterm><primary>single-user mode</primary></indexterm>
+ <listitem>
+ <para>To simply boot your usual kernel, but in single-user
+ mode:</para>
+
+ <screen><userinput>boot -s</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>To unload your usual kernel and modules, and then
+ load just your old (or another) kernel:</para>
+ <indexterm>
+ <primary><filename>kernel.old</filename></primary>
+ </indexterm>
+
+ <screen><userinput>unload</userinput>
+<userinput>load <replaceable>kernel.old</replaceable></userinput></screen>
+
+ <para>You can use <filename>kernel.GENERIC</filename> to
+ refer to the generic kernel that comes on the install
+ disk, or <filename>kernel.old</filename> to refer to
+ your previously installed kernel (when you have upgraded
+ or configured your own kernel, for example).</para>
+
+ <note>
+ <para>Use the following to load your usual modules with
+ another kernel:</para>
+
+ <screen><userinput>unload</userinput>
+<userinput>set kernel="<replaceable>kernel.old</replaceable>"</userinput>
+<userinput>boot-conf</userinput></screen></note>
+ </listitem>
+
+ <listitem>
+ <para>To load a kernel configuration script (an automated
+ script which does the things you would normally do in the
+ kernel boot-time configurator):</para>
+
+ <screen><userinput>load -t userconfig_script <replaceable>/boot/kernel.conf</replaceable></userinput></screen>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="boot-kernel">
+ <title>Kernel Interaction During Boot</title>
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>boot interaction</secondary>
+ </indexterm>
+
+ <para>Once the kernel is loaded by either <link
+ linkend="boot-loader">loader</link> (as usual) or <link
+ linkend="boot-boot1">boot2</link> (bypassing the loader), it
+ examines its boot flags, if any, and adjusts its behavior as
+ necessary.</para>
+
+ <sect2 id="boot-kernel-bootflags">
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>bootflags</secondary>
+ </indexterm>
+ <title>Kernel Boot Flags</title>
+
+ <para>Here are the more common boot flags:</para>
+
+ <variablelist id="boot-kernel-bootflags-list">
+ <varlistentry>
+ <term><option>-a</option></term>
+
+ <listitem>
+ <para>during kernel initialization, ask for the device
+ to mount as the root file system.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-C</option></term>
+
+ <listitem>
+ <para>boot from CDROM.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-c</option></term>
+
+ <listitem>
+ <para>run UserConfig, the boot-time kernel
+ configurator</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-s</option></term>
+
+ <listitem>
+ <para>boot into single-user mode</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-v</option></term>
+
+ <listitem>
+ <para>be more verbose during kernel startup</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <note>
+ <para>There are other boot flags, read &man.boot.8; for more
+ information on them.</para></note>
+ </sect2>
+
+<!-- <sect2 id="boot-kernel-userconfig">
+ <title>UserConfig: the Boot-time Kernel Configurator</title>
+
+ <para> </para>
+ </sect2> -->
+ </sect1>
+
+ <sect1 id="device-hints">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 18 OCT 2002 -->
+ </sect1info>
+ <indexterm>
+ <primary>device.hints</primary>
+ </indexterm>
+ <title>Device Hints</title>
+
+ <note><para>This is a FreeBSD&nbsp;5.0 and later feature which does not
+ exist in earlier versions.</para></note>
+
+ <para>During initial system startup, the boot &man.loader.8; will read the
+ &man.device.hints.5; file. This file stores kernel boot information
+ known as variables, sometimes referred to as <quote>device hints</quote>.
+ These <quote>device hints</quote> are used by device drivers for device
+ configuration.</para>
+
+ <para>Device hints may also be specified at the <link linkend="boot-loader">
+ Stage 3 boot loader</link> prompt. Variables can be added using
+ <command>set</command>, removed with <command>unset</command>, and viewed
+ with the <command>show</command> commands. Variables set in the
+ <filename>/boot/device.hints</filename> file can be overridden here also. Device hints entered at
+ the boot loader are not permanent and will be forgotten on the next
+ reboot.</para>
+
+ <para>Once the system is booted, the &man.kenv.1; command can be used to
+ dump all of the variables.</para>
+
+ <para>The syntax for the <filename>/boot/device.hints</filename> file is one variable per line, using
+ the standard hash <quote>#</quote> as comment markers. Lines are
+ constructed as follows:</para>
+
+ <screen><userinput>hint.driver.unit.keyword="<replaceable>value</replaceable>"</userinput></screen>
+
+ <para>The syntax for the Stage 3 boot loader is:</para>
+ <screen><userinput>set hint.driver.unit.keyword=<replaceable>value</replaceable></userinput></screen>
+
+ <para><literal>driver</literal> is the device driver name, <literal>unit</literal>
+ is the device driver unit number, and <literal>keyword</literal> is the hint
+ keyword. The keyword may consist of the following options:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>at</literal>: specifies the bus which the device is attached to.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>port</literal>: specifies the start address of the <acronym>I/O</acronym>
+ to be used.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>irq</literal>: specifies the interrupt request number to be used.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>drq</literal>: specifies the DMA channel number.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>maddr</literal>: specifies the physical memory address occupied by the
+ device.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>flags</literal>: sets various flag bits for the device.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>disabled</literal>: if set to <literal>1</literal> the device is disabled.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Device drivers may accept (or require) more hints not listed here, viewing
+ their manual page is recommended. For more information, consult the
+ &man.device.hints.5;, &man.kenv.1;, &man.loader.conf.5;, and &man.loader.8;
+ manual pages.</para>
+ </sect1>
+
+ <sect1 id="boot-init">
+ <indexterm>
+ <primary><command>init</command></primary>
+ </indexterm>
+ <title>Init: Process Control Initialization</title>
+
+ <para>Once the kernel has finished booting, it passes control to
+ the user process &man.init.8;, which is located at
+ <filename>/sbin/init</filename>, or the program path specified
+ in the <envar>init_path</envar> variable in
+ <command>loader</command>.</para>
+
+ <sect2 id="boot-autoreboot">
+ <title>Automatic Reboot Sequence</title>
+
+ <para>The automatic reboot sequence makes sure that the
+ file systems available on the system are consistent. If they
+ are not, and &man.fsck.8; cannot fix the
+ inconsistencies, &man.init.8; drops the system
+ into <link linkend="boot-singleuser">single-user mode</link>
+ for the system administrator to take care of the problems
+ directly.</para>
+ </sect2>
+
+ <sect2 id="boot-singleuser">
+ <title>Single-User Mode</title>
+ <indexterm><primary>single-user mode</primary></indexterm>
+ <indexterm><primary>console</primary></indexterm>
+
+ <para>This mode can be reached through the <link
+ linkend="boot-autoreboot">automatic reboot
+ sequence</link>, or by the user booting with the
+ <option>-s</option> option or setting the
+ <envar>boot_single</envar> variable in
+ <command>loader</command>.</para>
+
+ <para>It can also be reached by calling
+ &man.shutdown.8; without the reboot
+ (<option>-r</option>) or halt (<option>-h</option>) options,
+ from <link linkend="boot-multiuser">multi-user
+ mode</link>.</para>
+
+ <para>If the system <literal>console</literal> is set
+ to <literal>insecure</literal> in <filename>/etc/ttys</filename>,
+ then the system prompts for the <username>root</username> password
+ before initiating single-user mode.</para>
+
+ <example id="boot-insecure-console">
+ <title>An Insecure Console in <filename>/etc/ttys</filename></title>
+
+ <programlisting># name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off insecure</programlisting>
+ </example>
+
+ <note>
+ <para>An <literal>insecure</literal> console means that you
+ consider your physical security to the console to be
+ insecure, and want to make sure only someone who knows the
+ <username>root</username> password may use single-user mode, and it
+ does not mean that you want to run your console insecurely. Thus,
+ if you want security, choose <literal>insecure</literal>,
+ not <literal>secure</literal>.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="boot-multiuser">
+ <title>Multi-User Mode</title>
+ <indexterm><primary>multi-user mode</primary></indexterm>
+
+ <para>If &man.init.8; finds your file systems to be
+ in order, or once the user has finished in <link
+ linkend="boot-singleuser">single-user mode</link>, the
+ system enters multi-user mode, in which it starts the
+ resource configuration of the system.</para>
+
+ <sect3 id="boot-rc">
+ <indexterm><primary>rc files</primary></indexterm>
+ <title>Resource Configuration (rc)</title>
+
+ <para>The resource configuration system reads in
+ configuration defaults from
+ <filename>/etc/defaults/rc.conf</filename>, and
+ system-specific details from
+ <filename>/etc/rc.conf</filename>, and then proceeds to
+ mount the system file systems mentioned in
+ <filename>/etc/fstab</filename>, start up networking
+ services, start up miscellaneous system daemons, and
+ finally runs the startup scripts of locally installed
+ packages.</para>
+
+ <para>The &man.rc.8; manual page is a good reference to the resource
+ configuration system, as is examining the scripts
+ themselves.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="boot-shutdown">
+ <title>Shutdown Sequence</title>
+ <indexterm>
+ <primary><command>shutdown</command></primary>
+ </indexterm>
+
+ <para>Upon controlled shutdown, via &man.shutdown.8;,
+ &man.init.8; will attempt to run the script
+ <filename>/etc/rc.shutdown</filename>, and then proceed to send
+ all processes the <literal>TERM</literal> signal, and subsequently
+ the <literal>KILL</literal> signal to any that do not terminate
+ timely.</para>
+
+ <para>To power down a FreeBSD machine on architectures and systems
+ that support power management, simply use the command
+ <command>shutdown -p now</command> to turn the power off
+ immediately. To just reboot a FreeBSD system, just use
+ <command>shutdown -r now</command>. You need to be
+ <username>root</username> or a member of
+ <groupname>operator</groupname> group to run &man.shutdown.8;.
+ The &man.halt.8; and &man.reboot.8; commands can also be used,
+ please refer to their manual pages and to &man.shutdown.8;'s one
+ for more information.</para>
+
+ <note>
+ <para>Power management requires &man.acpi.4; support in the kernel
+ or loaded as module for FreeBSD&nbsp;5.X and &man.apm.4;
+ support for FreeBSD&nbsp;4.X.</para>
+ </note>
+
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/handbook/chapter.decl b/zh_TW.Big5/books/handbook/chapter.decl
new file mode 100644
index 0000000000..3aac7b965b
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/chapter.decl
@@ -0,0 +1,2 @@
+<!-- $FreeBSD$ -->
+<!DOCTYPE chapter PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN">
diff --git a/zh_TW.Big5/books/handbook/chapters.ent b/zh_TW.Big5/books/handbook/chapters.ent
new file mode 100644
index 0000000000..9d94f16bb8
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/chapters.ent
@@ -0,0 +1,58 @@
+<!--
+ Creates entities for each chapter in the FreeBSD Handbook. Each entity
+ is named chap.foo, where foo is the value of the id attribute on that
+ chapter, and corresponds to the name of the directory in which that
+ chapter's .sgml file is stored.
+
+ Chapters should be listed in the order in which they are referenced.
+
+ $FreeBSD$
+-->
+
+<!ENTITY chap.preface SYSTEM "preface/preface.sgml">
+
+<!-- Part one -->
+<!ENTITY chap.introduction SYSTEM "introduction/chapter.sgml">
+<!ENTITY chap.install SYSTEM "install/chapter.sgml">
+<!ENTITY chap.basics SYSTEM "basics/chapter.sgml">
+<!ENTITY chap.ports SYSTEM "ports/chapter.sgml">
+<!ENTITY chap.x11 SYSTEM "x11/chapter.sgml">
+
+<!-- Part two -->
+<!ENTITY chap.desktop SYSTEM "desktop/chapter.sgml">
+<!ENTITY chap.multimedia SYSTEM "multimedia/chapter.sgml">
+<!ENTITY chap.kernelconfig SYSTEM "kernelconfig/chapter.sgml">
+<!ENTITY chap.printing SYSTEM "printing/chapter.sgml">
+<!ENTITY chap.linuxemu SYSTEM "linuxemu/chapter.sgml">
+
+<!-- Part three -->
+<!ENTITY chap.config SYSTEM "config/chapter.sgml">
+<!ENTITY chap.boot SYSTEM "boot/chapter.sgml">
+<!ENTITY chap.users SYSTEM "users/chapter.sgml">
+<!ENTITY chap.security SYSTEM "security/chapter.sgml">
+<!ENTITY chap.mac SYSTEM "mac/chapter.sgml">
+<!ENTITY chap.disks SYSTEM "disks/chapter.sgml">
+<!ENTITY chap.geom SYSTEM "geom/chapter.sgml">
+<!ENTITY chap.vinum SYSTEM "vinum/chapter.sgml">
+<!ENTITY chap.l10n SYSTEM "l10n/chapter.sgml">
+<!ENTITY chap.cutting-edge SYSTEM "cutting-edge/chapter.sgml">
+
+<!-- Part four -->
+<!ENTITY chap.serialcomms SYSTEM "serialcomms/chapter.sgml">
+<!ENTITY chap.ppp-and-slip SYSTEM "ppp-and-slip/chapter.sgml">
+<!ENTITY chap.mail SYSTEM "mail/chapter.sgml">
+<!ENTITY chap.network-servers SYSTEM "network-servers/chapter.sgml">
+<!ENTITY chap.firewalls SYSTEM "firewalls/chapter.sgml">
+<!ENTITY chap.advanced-networking SYSTEM "advanced-networking/chapter.sgml">
+
+<!-- Part five (appendices) -->
+<!ENTITY chap.mirrors SYSTEM "mirrors/chapter.sgml">
+<!ENTITY chap.mirrors.ftp.inc SYSTEM "mirrors.sgml.ftp.inc">
+<!ENTITY chap.mirrors.cvsup.inc SYSTEM "mirrors.sgml.cvsup.inc">
+
+<!ENTITY chap.bibliography SYSTEM "bibliography/chapter.sgml">
+<!ENTITY chap.eresources SYSTEM "eresources/chapter.sgml">
+<!ENTITY chap.eresources.www.inc SYSTEM "eresources.sgml.www.inc">
+<!ENTITY chap.pgpkeys SYSTEM "pgpkeys/chapter.sgml">
+<!ENTITY chap.index SYSTEM "index.sgml">
+<!ENTITY chap.colophon SYSTEM "colophon.sgml">
diff --git a/zh_TW.Big5/books/handbook/colophon.sgml b/zh_TW.Big5/books/handbook/colophon.sgml
new file mode 100644
index 0000000000..30fbc870b0
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/colophon.sgml
@@ -0,0 +1,32 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<colophon id='colophon'>
+ <para>This book is the combined work of hundreds of contributors to
+ <quote>The FreeBSD Documentation Project</quote>. The text is
+ authored in SGML
+ according to the DocBook DTD and is formatted from SGML into many
+ different presentation formats using <application>Jade</application>,
+ an open source DSSSL
+ engine. Norm Walsh's DSSSL stylesheets were used with an
+ additional customization layer to provide the presentation
+ instructions for <application>Jade</application>. The printed
+ version of this document would not be possible without Donald
+ Knuth's <application>&tex;</application> typesetting language,
+ Leslie Lamport's <application>LaTeX</application>, or Sebastian
+ Rahtz's <application>JadeTeX</application> macro package.</para>
+</colophon>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/config/Makefile b/zh_TW.Big5/books/handbook/config/Makefile
new file mode 100644
index 0000000000..40c8e11572
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/config/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= config/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/config/chapter.sgml b/zh_TW.Big5/books/handbook/config/chapter.sgml
new file mode 100644
index 0000000000..f2411afab5
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/config/chapter.sgml
@@ -0,0 +1,3173 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="config-tuning">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Mike</firstname>
+ <surname>Smith</surname>
+ <contrib>Based on a tutorial written by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Matt</firstname>
+ <surname>Dillon</surname>
+ <contrib>Also based on tuning(7) written by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Configuration and Tuning</title>
+
+ <sect1 id="config-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm><primary>system configuration</primary></indexterm>
+ <indexterm><primary>system optimization</primary></indexterm>
+
+ <para>One of the important aspects of &os; is system configuration.
+ Correct system configuration will help prevent headaches during future upgrades.
+ This chapter will explain much of the &os; configuration process,
+ including some of the parameters which
+ can be set to tune a &os; system.
+ </para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to efficiently work with
+ file systems and swap partitions.</para>
+ </listitem>
+ <listitem>
+ <para>The basics of <filename>rc.conf</filename> configuration and
+ <filename>/usr/local/etc/rc.d</filename> startup systems.</para>
+ </listitem>
+ <listitem>
+ <para>How to configure and test a network card.</para>
+ </listitem>
+ <listitem>
+ <para>How to configure virtual hosts on your network devices.</para>
+ </listitem>
+ <listitem>
+ <para>How to use the various configuration files in
+ <filename>/etc</filename>.</para>
+ </listitem>
+ <listitem>
+ <para>How to tune &os; using <command>sysctl</command>
+ variables.</para>
+ </listitem>
+ <listitem>
+ <para>How to tune disk performance and modify kernel
+ limitations.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand &unix; and &os; basics (<xref
+ linkend="basics">).</para>
+ </listitem>
+ <listitem>
+ <para>Be familiar with the basics of kernel configuration/compilation
+ (<xref linkend="kernelconfig">).</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="configtuning-initial">
+ <title>Initial Configuration</title>
+
+ <sect2>
+ <title>Partition Layout</title>
+
+ <indexterm><primary>partition layout</primary></indexterm>
+ <indexterm>
+ <primary><filename>/etc</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/var</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/usr</filename></primary>
+ </indexterm>
+
+ <sect3>
+ <title>Base Partitions</title>
+
+ <para>When laying out file systems with &man.disklabel.8;
+ or &man.sysinstall.8;, remember that hard
+ drives transfer data faster from the outer
+ tracks to the inner.
+ Thus smaller and heavier-accessed file systems
+ should be closer to the outside of the drive, while
+ larger partitions like <filename>/usr</filename> should be placed
+ toward the inner. It is a good idea to create
+ partitions in a similar order to: root, swap,
+ <filename>/var</filename>, <filename>/usr</filename>.</para>
+
+ <para>The size of <filename>/var</filename>
+ reflects the intended machine usage.
+ <filename>/var</filename> is used to hold
+ mailboxes, log files, and printer spools. Mailboxes and log
+ files can grow to unexpected sizes depending
+ on how many users exist and how long log
+ files are kept. Most users would never require a gigabyte,
+ but remember that <filename>/var/tmp</filename>
+ must be large enough to contain packages.
+ </para>
+
+ <para>The <filename>/usr</filename> partition holds much
+ of the files required to support the system, the &man.ports.7;
+ collection (recommended) and the source code (optional). Both
+ of which are optional at install time.
+ At least 2 gigabytes would be recommended for this partition.</para>
+
+ <para>When selecting partition sizes, keep the space
+ requirements in mind. Running out of space in
+ one partition while barely using another can be a
+ hassle.</para>
+
+ <note><para>Some users have found that &man.sysinstall.8;'s
+ <literal>Auto-defaults</literal> partition sizer will
+ sometimes select smaller than adequate <filename>/var</filename>
+ and <filename>/</filename> partitions. Partition wisely and
+ generously.</para></note>
+
+ </sect3>
+
+ <sect3 id="swap-design">
+ <title>Swap Partition</title>
+
+ <indexterm><primary>swap sizing</primary></indexterm>
+ <indexterm><primary>swap partition</primary></indexterm>
+
+ <para>As a rule of thumb, the swap partition should be
+ about double the size of system memory (RAM). For example,
+ if the machine has 128&nbsp;megabytes of memory,
+ the swap file should be 256&nbsp;megabytes. Systems with
+ less memory may perform better with more swap.
+ Less than 256&nbsp;megabytes of swap is not recommended and
+ memory expansion should be considered.
+ The kernel's VM paging algorithms are tuned to
+ perform best when the swap partition is at least two times the
+ size of main memory. Configuring too little swap can lead to
+ inefficiencies in the VM page scanning code and might create
+ issues later if more memory is added.</para>
+
+ <para>On larger systems with multiple SCSI disks (or
+ multiple IDE disks operating on different controllers), it is
+ recommend that a swap is configured on each drive (up
+ to four drives). The swap partitions should be
+ approximately the same size. The kernel can handle arbitrary
+ sizes but internal data structures scale to 4 times the
+ largest swap partition. Keeping the swap partitions near the
+ same size will allow the kernel to optimally stripe swap space
+ across disks.
+ Large swap sizes are fine, even if swap is not
+ used much. It might be easier to recover
+ from a runaway program before being forced to reboot.</para>
+ </sect3>
+
+ <sect3>
+ <title>Why Partition?</title>
+
+ <para>Several users think a single large partition will be fine,
+ but there are several reasons why this is a bad idea.
+ First, each partition has different operational
+ characteristics and separating them allows the file system to
+ tune accordingly. For example, the root
+ and <filename>/usr</filename> partitions are read-mostly, without
+ much writing. While a lot of reading and writing could
+ occur in <filename>/var</filename> and
+ <filename>/var/tmp</filename>.</para>
+
+ <para>By properly partitioning a system, fragmentation
+ introduced in the smaller write heavy partitions
+ will not bleed over into the mostly-read partitions.
+ Keeping the write-loaded partitions closer to
+ the disk's edge,
+ will
+ increase I/O performance in the partitions where it occurs
+ the most. Now while I/O
+ performance in the larger partitions may be needed,
+ shifting them more toward the edge of the disk will not
+ lead to a significant performance improvement over moving
+ <filename>/var</filename> to the edge.
+ Finally, there are safety concerns. A smaller, neater root
+ partition which is mostly read-only has a greater
+ chance of surviving a bad crash.</para>
+ </sect3>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="configtuning-core-configuration">
+ <title>Core Configuration</title>
+
+ <indexterm>
+ <primary>rc files</primary>
+ <secondary><filename>rc.conf</filename></secondary>
+ </indexterm>
+
+ <para>The principal location for system configuration information
+ is within <filename>/etc/rc.conf</filename>. This file
+ contains a wide range of configuration information, principally
+ used at system startup to configure the system. Its name
+ directly implies this; it is configuration information for the
+ <filename>rc*</filename> files.</para>
+
+ <para>An administrator should make entries in the
+ <filename>rc.conf</filename> file to
+ override the default settings from
+ <filename>/etc/defaults/rc.conf</filename>. The defaults file
+ should not be copied verbatim to <filename>/etc</filename> - it
+ contains default values, not examples. All system-specific
+ changes should be made in the <filename>rc.conf</filename>
+ file itself.</para>
+
+ <para>A number of strategies may be applied in clustered
+ applications to separate site-wide configuration from
+ system-specific configuration in order to keep administration
+ overhead down. The recommended approach is to place site-wide
+ configuration into another file,
+ such as <filename>/etc/rc.conf.site</filename>, and then include
+ this file into <filename>/etc/rc.conf</filename>, which will
+ contain only system-specific information.</para>
+
+ <para>As <filename>rc.conf</filename> is read by &man.sh.1; it is
+ trivial to achieve this. For example:</para>
+
+ <itemizedlist>
+ <listitem><para>rc.conf:</para>
+<programlisting> . /etc/rc.conf.site
+ hostname="node15.example.com"
+ network_interfaces="fxp0 lo0"
+ ifconfig_fxp0="inet 10.1.1.1"</programlisting></listitem>
+ <listitem><para>rc.conf.site:</para>
+<programlisting> defaultrouter="10.1.1.254"
+ saver="daemon"
+ blanktime="100"</programlisting></listitem>
+ </itemizedlist>
+
+ <para>The <filename>rc.conf.site</filename> file can then be
+ distributed to every system using <command>rsync</command> or a
+ similar program, while the <filename>rc.conf</filename> file
+ remains unique.</para>
+
+ <para>Upgrading the system using &man.sysinstall.8;
+ or <command>make world</command> will not overwrite the
+ <filename>rc.conf</filename>
+ file, so system configuration information will not be lost.</para>
+
+ </sect1>
+
+ <sect1 id="configtuning-appconfig">
+ <title>Application Configuration</title>
+
+ <para>Typically, installed applications have their own
+ configuration files, with their own syntax, etc. It is
+ important that these files be kept separate from the base
+ system, so that they may be easily located and managed by the
+ package management tools.</para>
+
+ <indexterm><primary>/usr/local/etc</primary></indexterm>
+
+ <para>Typically, these files are installed in
+ <filename>/usr/local/etc</filename>. In the case where an
+ application has a large number of configuration files, a
+ subdirectory will be created to hold them.</para>
+
+ <para>Normally, when a port or package is installed, sample
+ configuration files are also installed. These are usually
+ identified with a <filename>.default</filename> suffix. If there
+ are no existing
+ configuration files for the application, they will be created by
+ copying the <filename>.default</filename> files.</para>
+
+ <para>For example, consider the contents of the directory
+ <filename>/usr/local/etc/apache</filename>:</para>
+
+<literallayout class="monospaced">-rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf
+-rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf.default
+-rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf
+-rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf.default
+-rw-r--r-- 1 root wheel 12205 May 20 1998 magic
+-rw-r--r-- 1 root wheel 12205 May 20 1998 magic.default
+-rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types
+-rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types.default
+-rw-r--r-- 1 root wheel 7980 May 20 1998 srm.conf
+-rw-r--r-- 1 root wheel 7933 May 20 1998 srm.conf.default</literallayout>
+
+ <para>The file sizes show that only the <filename>srm.conf</filename>
+ file has been changed. A later update of the <application>Apache</application> port would not
+ overwrite this changed file.</para>
+
+ </sect1>
+
+ <sect1 id="configtuning-starting-services">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Starting Services</title>
+
+ <indexterm><primary>services</primary></indexterm>
+
+ <para>Many users choose to install third party software on &os;
+ from the Ports Collection. In many of these situations it
+ may be necessary to configure the software in a manner which
+ will allow it to be started upon system initialization. Services,
+ such as <filename role="package">mail/postfix</filename> or
+ <filename role="package">www/apache13</filename> are just two
+ of the many software packages which may be started during system
+ initialization. This section explains the procedures available
+ for starting third party software.</para>
+
+ <para>In &os;, most included services, such as &man.cron.8;, are
+ started through the system start up scripts. These scripts may
+ differ depending on &os; or vendor version; however, the most
+ important aspect to consider is that their start up configuration
+ can be handled through simple startup scripts.</para>
+
+ <para>Before the advent of rcNG, applications would drop a
+ simple start up script into the
+ <filename class="directory">/usr/local/etc/rc.d</filename>
+ directory which would be read by the system initialization
+ scripts. These scripts would then be executed during the latter
+ stages of system start up.</para>
+
+ <para>While many individuals have spent hours trying to merge the
+ old configuration style into the new system, the fact remains
+ that some third party utilities still require a script simply
+ dropped into the aforementioned directory. The subtle differences
+ in the scripts depend whether or not rcNG is being used. Prior
+ to &os;&nbsp;5.1 the old configuration style is used and in
+ almost all cases a new style script would do just fine.</para>
+
+ <para>While every script must meet some minimal requirements, most
+ of the time these requirements are &os; version
+ agnostic. Each script must have a <filename>.sh</filename>
+ extension appended to the end and every script must be
+ executable by the system. The latter may be achieved by using
+ the <command>chmod</command> command and setting the unique permissions
+ of <literal>755</literal>. There should also be, at minimal,
+ an option to <literal>start</literal> the application and an
+ option to <literal>stop</literal> the application.</para>
+
+ <para>The simplest start up script would probably look a little
+ bit like this one:</para>
+
+ <programlisting>#!/bin/sh
+echo -n ' utility'
+
+case "$1" in
+start)
+ /usr/local/bin/utility
+ ;;
+stop)
+ kill -9 `cat /var/run/utility.pid`
+ ;;
+*)
+ echo "Usage: `basename $0` {start|stop}" >&2
+ exit 64
+ ;;
+esac
+
+exit 0</programlisting>
+
+ <para>This script provides for a <literal>stop</literal> and
+ <literal>start</literal> option for
+ the application hereto referred simply as
+ <literal>utility</literal>.</para>
+
+ <para>Could be started manually with:</para>
+
+ <screen>&prompt.root; <userinput><filename>/usr/local/etc/rc.d/utility.sh</filename> start</userinput></screen>
+
+ <para>While not all third party software requires the line in
+ <filename>rc.conf</filename>, almost every day a new port will
+ be modified to accept this configuration. Check the final output
+ of the installation for more information on a specific
+ application. Some third party software will provide start up
+ scripts which permit the application to be used with
+ rcNG; although, this will be discussed in the next section.</para>
+
+ <sect2>
+ <title>Extended Application Configuration</title>
+
+ <para>Now that &os; includes rcNG, configuration of application
+ start up has become more optimal; indeed, it has become a bit
+ more in depth. Using the key words discussed in the
+ <link linkend="configtuning-rcNG">rcNG</link> section,
+ applications may now be set to start after certain other
+ services for example <acronym>DNS</acronym>; may permit extra
+ flags to be passed through <filename>rc.conf</filename> in
+ place of hard coded flags in the start up script, etc. A
+ basic script may look similar to the following:</para>
+
+ <programlisting>#!/bin/sh
+#
+# PROVIDE: utility
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: FreeBSD shutdown
+
+#
+# DO NOT CHANGE THESE DEFAULT VALUES HERE
+# SET THEM IN THE /etc/rc.conf FILE
+#
+utility_enable=${utility_enable-"NO"}
+utility_flags=${utility_flags-""}
+utility_pidfile=${utility_pidfile-"/var/run/utility.pid"}
+
+. /etc/rc.subr
+
+name="utility"
+rcvar=`set_rcvar`
+command="/usr/local/sbin/utility"
+
+load_rc_config $name
+
+pidfile="${utility_pidfile}"
+
+start_cmd="echo \"Starting ${name}.\"; /usr/bin/nice -5 ${command} ${utility_flags} ${command_args}"
+
+run_rc_command "$1"</programlisting>
+
+ <para>This script will ensure that the provided
+ <application>utility</application> will be started before the
+ <literal>login</literal> service but after the
+ <literal>daemon</literal> service. It also provides a method
+ for setting and tracking the <acronym>PID</acronym>, or process
+ <acronym>ID</acronym> file.</para>
+
+ <para>This application could then have the following line placed
+ in <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>utility_enable="YES"</programlisting>
+
+ <para>This new method also allows for easier manipulation of the
+ command line arguments, inclusion of the default functions
+ provided in <filename>/etc/rc.subr</filename>, compatibility
+ with the &man.rcorder.8; utility and provide for easier
+ configuration via the <filename>rc.conf</filename> file. In
+ essence, this script could even be placed in
+ <filename class="directory">/etc/rc.d</filename> directory.
+ Yet, that has the potential to upset the &man.mergemaster.8;
+ utility when used in conjunction with software upgrades.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using Services to Start Services</title>
+
+ <para>Other services, such as <acronym>POP</acronym>3 server
+ daemons, <acronym>IMAP</acronym>, etc. could be started using
+ the &man.inetd.8;. This involves installing the service
+ utility from the Ports Collection with a configuration line
+ appended to the <filename>/etc/inetd.conf</filename> file,
+ or uncommenting one of the current configuration lines. Working
+ with <application>inetd</application> and its configuration is
+ described in depth in the
+ <link linkend="network-inetd">inetd</link> section.</para>
+
+ <para>In some cases, it may be more plausible to use the
+ &man.cron.8; daemon to start system services. This approach
+ has a number of advantages because <command>cron</command> runs
+ these processes as the <filename>crontab</filename>'s file
+ owner. This allows regular users to start and maintain some
+ applications.</para>
+
+ <para>The <command>cron</command> utility provides a unique
+ feature, <literal>@reboot</literal>, which may be used in place
+ of the time specification. This will cause the job to be run
+ when &man.cron.8; is started, normally during system
+ initialization.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="configtuning-cron">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ <!-- 20 May 2003 -->
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Configuring the <command>cron</command> Utility</title>
+
+ <indexterm><primary>cron</primary>
+ <secondary>configuration</secondary></indexterm>
+
+ <para>One of the most useful utilities in &os; is &man.cron.8;. The
+ <command>cron</command> utility runs in the background and constantly
+ checks the <filename>/etc/crontab</filename> file. The <command>cron</command>
+ utility also checks the <filename>/var/cron/tabs</filename> directory, in
+ search of new <filename>crontab</filename> files. These
+ <filename>crontab</filename> files store information about specific
+ functions which <command>cron</command> is supposed to perform at
+ certain times.</para>
+
+ <para>The <command>cron</command> utility uses two different
+ types of configuration files, the system crontab and user crontabs. The
+ only difference between these two formats is the sixth field. In the
+ system crontab, the sixth field is the name of a user for the command
+ to run as. This gives the system crontab the ability to run commands
+ as any user. In a user crontab, the sixth field is the command to run,
+ and all commands run as the user who created the crontab; this is an
+ important security feature.</para>
+
+ <note>
+ <para>User crontabs allow individual users to schedule tasks without the
+ need for <username>root</username> privileges. Commands in a user's crontab run with the
+ permissions of the user who owns the crontab.</para>
+
+ <para>The <username>root</username> user can have a user crontab just like
+ any other user. This one is different from
+ <filename>/etc/crontab</filename> (the system crontab). Because of the
+ system crontab, there is usually no need to create a user crontab
+ for <username>root</username>.</para>
+ </note>
+
+ <para>Let us take a look at the <filename>/etc/crontab</filename> file
+ (the system crontab):</para>
+
+
+ <programlisting># /etc/crontab - root's crontab for &os;
+#
+# &dollar;&os;: src/etc/crontab,v 1.32 2002/11/22 16:13:39 tom Exp &dollar;
+# <co id="co-comments">
+#
+SHELL=/bin/sh
+PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin <co id="co-env">
+HOME=/var/log
+#
+#
+#minute hour mday month wday who command <co id="co-field-descr">
+#
+#
+*/5 * * * * root /usr/libexec/atrun <co id="co-main">
+</programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-comments">
+ <para>Like most &os; configuration files, the <literal>#</literal>
+ character represents a comment. A comment can be placed in
+ the file as a reminder of what and why a desired action is performed.
+ Comments cannot be on the same line as a command or else they will
+ be interpreted as part of the command; they must be on a new line.
+ Blank lines are ignored.</para>
+ </callout>
+
+ <callout arearefs="co-env">
+ <para>First, the environment must be defined. The equals
+ (<literal>=</literal>) character is used to define any environment
+ settings, as with this example where it is used for the <envar>SHELL</envar>,
+ <envar>PATH</envar>, and <envar>HOME</envar> options. If the shell line is
+ omitted, <command>cron</command> will use the default, which is
+ <command>sh</command>. If the <envar>PATH</envar> variable is
+ omitted, no default will be used and file locations will need to
+ be absolute. If <envar>HOME</envar> is omitted, <command>cron</command>
+ will use the invoking users home directory.</para>
+ </callout>
+
+ <callout arearefs="co-field-descr">
+ <para>This line defines a total of seven fields. Listed here are the
+ values <literal>minute</literal>, <literal>hour</literal>,
+ <literal>mday</literal>, <literal>month</literal>, <literal>wday</literal>,
+ <literal>who</literal>, and <literal>command</literal>. These
+ are almost all self explanatory. <literal>minute</literal> is the time in minutes the
+ command will be run. <literal>hour</literal> is similar to the <literal>minute</literal> option, just in
+ hours. <literal>mday</literal> stands for day of the month. <literal>month</literal> is similar to <literal>hour</literal>
+ and <literal>minute</literal>, as it designates the month. The <literal>wday</literal> option stands for
+ day of the week. All these fields must be numeric values, and follow
+ the twenty-four hour clock. The <literal>who</literal> field is special,
+ and only exists in the <filename>/etc/crontab</filename> file.
+ This field specifies which user the command should be run as.
+ When a user installs his or her <filename>crontab</filename> file, they
+ will not have this option. Finally, the <literal>command</literal> option is listed.
+ This is the last field, so naturally it should designate the command
+ to be executed.</para>
+ </callout>
+
+ <callout arearefs="co-main">
+ <para>This last line will define the values discussed above. Notice here
+ we have a <literal>*/5</literal> listing, followed by several more
+ <literal>*</literal> characters. These <literal>*</literal> characters
+ mean <quote>first-last</quote>, and can be interpreted as
+ <emphasis>every</emphasis> time. So, judging by this line,
+ it is apparent that the <command>atrun</command> command is to be invoked by
+ <username>root</username> every five minutes regardless of what
+ day or month it is. For more information on the <command>atrun</command> command,
+ see the &man.atrun.8; manual page.</para>
+
+ <para>Commands can have any number of flags passed to them; however,
+ commands which extend to multiple lines need to be broken with the backslash
+ <quote>\</quote> continuation character.</para>
+ </callout>
+ </calloutlist>
+
+ <para>This is the basic set up for every
+ <filename>crontab</filename> file, although there is one thing
+ different about this one. Field number six, where we specified
+ the username, only exists in the system
+ <filename>/etc/crontab</filename> file. This field should be
+ omitted for individual user <filename>crontab</filename>
+ files.</para>
+
+
+ <sect2 id="configtuning-installcrontab">
+ <title>Installing a Crontab</title>
+
+ <important>
+ <para>You must not use the procedure described here to
+ edit/install the system crontab. Simply use your favorite
+ editor: the <command>cron</command> utility will notice that the file
+ has changed and immediately begin using the updated version.
+ See
+ <ulink url="&url.books.faq;/admin.html#ROOT-NOT-FOUND-CRON-ERRORS">
+ this FAQ entry </ulink> for more information.</para>
+ </important>
+
+ <para>To install a freshly written user
+ <filename>crontab</filename>, first use your favorite editor to create
+ a file in the proper format, and then use the
+ <command>crontab</command> utility. The most common usage
+ is:</para>
+
+ <screen>&prompt.user; <userinput>crontab crontab-file</userinput></screen>
+
+ <para>In this example, <filename>crontab-file</filename> is the filename
+ of a <filename>crontab</filename> that was previously created.</para>
+
+ <para>There is also an option to list installed
+ <filename>crontab</filename> files: just pass the
+ <option>-l</option> option to <command>crontab</command> and look
+ over the output.</para>
+
+ <para>For users who wish to begin their own crontab file from scratch,
+ without the use of a template, the <command>crontab -e</command>
+ option is available. This will invoke the selected editor
+ with an empty file. When the file is saved, it will be
+ automatically installed by the <command>crontab</command> command.
+ </para>
+
+ <para>If you later want to remove your user <filename>crontab</filename>
+ completely, use <command>crontab</command> with the <option>-r</option>
+ option.
+ </para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="configtuning-rcNG">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ <!-- 16 May 2003 -->
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Using rc under &os; 5.X and newer</title>
+
+ <para>&os; has recently integrated the NetBSD
+ <filename>rc.d</filename> system for system initialization.
+ Users should notice the files listed in the
+ <filename>/etc/rc.d</filename> directory. Many of these files
+ are for basic services which can be controlled with the
+ <option>start</option>, <option>stop</option>,
+ and <option>restart</option> options.
+ For instance, &man.sshd.8; can be restarted with the following
+ command:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/sshd restart</userinput></screen>
+
+ <para>This procedure is similar for other services. Of course,
+ services are usually started automatically as specified in
+ &man.rc.conf.5;. For example, enabling the Network Address
+ Translation daemon at startup is as simple as adding the
+ following line to <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>natd_enable="YES"</programlisting>
+
+ <para>If a <option>natd_enable="NO"</option> line is already
+ present, then simply change the <option>NO</option> to
+ <option>YES</option>. The rc scripts will automatically load
+ any other dependent services during the next reboot, as
+ described below.</para>
+
+ <para>Since the <filename>rc.d</filename> system is primarily
+ intended to start/stop services at system startup/shutdown time,
+ the standard <option>start</option>,
+ <option>stop</option> and <option>restart</option> options will only
+ perform their action if the appropriate
+ <filename>/etc/rc.conf</filename> variables are set. For
+ instance the above <command>sshd restart</command> command will
+ only work if <varname>sshd_enable</varname> is set to
+ <option>YES</option> in <filename>/etc/rc.conf</filename>. To
+ <option>start</option>, <option>stop</option> or
+ <option>restart</option> a service regardless of the settings in
+ <filename>/etc/rc.conf</filename>, the commands should be
+ prefixed with <quote>force</quote>. For instance to restart
+ <command>sshd</command> regardless of the current
+ <filename>/etc/rc.conf</filename> setting, execute the following
+ command:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/sshd forcerestart</userinput></screen>
+
+ <para>It is easy to check if a service is enabled in
+ <filename>/etc/rc.conf</filename> by running the appropriate
+ <filename>rc.d</filename> script with the option
+ <option>rcvar</option>. Thus, an administrator can check that
+ <command>sshd</command> is in fact enabled in
+ <filename>/etc/rc.conf</filename> by running:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/sshd rcvar</userinput>
+# sshd
+$sshd_enable=YES</screen>
+
+ <note>
+ <para>The second line (<literal># sshd</literal>) is the output
+ from the <command>sshd</command> command, not a <username>root</username>
+ console.</para>
+ </note>
+
+ <para>To determine if a service is running, a
+ <option>status</option> option is available. For instance to
+ verify that <command>sshd</command> is actually started:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/sshd status</userinput>
+sshd is running as pid 433.</screen>
+
+ <para>It is also possible to <option>reload</option> a service.
+ This will attempt to send a signal to an individual service, forcing the
+ service to reload its configuration files. In most cases this
+ means sending the service a <literal>SIGHUP</literal>
+ signal.</para>
+
+ <para>The <filename>rc.d</filename> system is not only used for network services, it also
+ contributes to most of the system initialization. For
+ instance, consider the <filename>bgfsck</filename> file. When
+ this script is executed, it will print out the following
+ message:</para>
+
+ <screen>Starting background file system checks in 60 seconds.</screen>
+
+ <para>Therefore this file is used for background file system
+ checks, which are done only during system initialization.</para>
+
+ <para>Many system services depend on other services to function
+ properly. For example, NIS and other RPC-based services may
+ fail to start until after the <command>rpcbind</command>
+ (portmapper) service has started. To resolve this issue,
+ information about dependencies and other meta-data is included
+ in the comments at the top of each startup script. The
+ &man.rcorder.8; program is then used to parse these comments
+ during system initialization to determine the order in which
+ system services should be invoked to satisfy the dependencies.
+ The following words may be included at the top of each startup
+ file:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>PROVIDE</literal>: Specifies the services this file provides.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>REQUIRE</literal>: Lists services which are required for this
+ service. This file will run <emphasis>after</emphasis>
+ the specified services.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>BEFORE</literal>: Lists services which depend on this service.
+ This file will run <emphasis>before</emphasis>
+ the specified services.</para>
+ </listitem>
+
+ <listitem>
+ <para>KEYWORD: &os; or NetBSD. This is used for *BSD dependent features.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>By using this method, an administrator can easily control system
+ services without the hassle of <quote>runlevels</quote> like
+ some other &unix; operating systems.</para>
+
+ <para>Additional information about the
+ <filename>rc.d</filename> system can be found in the &man.rc.8;
+ and &man.rc.subr.8; manual pages.</para>
+ </sect1>
+
+ <sect1 id="config-network-setup">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Contributed by </contrib>
+ <!-- 6 October 2002 -->
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Setting Up Network Interface Cards</title>
+
+ <indexterm>
+ <primary>network cards</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+
+ <para>Nowadays we can not think about a computer without thinking
+ about a network connection. Adding and configuring a network
+ card is a common task for any &os; administrator.</para>
+
+ <sect2>
+ <title>Locating the Correct Driver</title>
+
+ <indexterm>
+ <primary>network cards</primary>
+ <secondary>driver</secondary>
+ </indexterm>
+
+ <para>Before you begin, you should know the model of the card
+ you have, the chip it uses, and whether it is a PCI or ISA card.
+ &os; supports a wide variety of both PCI and ISA cards.
+ Check the Hardware Compatibility List for your release to see
+ if your card is supported.</para>
+
+ <para>Once you are sure your card is supported, you need
+ to determine the proper driver for the card.
+ <filename>/usr/src/sys/conf/NOTES</filename> and
+ <filename>/usr/src/sys/<replaceable>arch</replaceable>/conf/NOTES</filename> will give you
+ the list of network interface drivers with some information
+ about the supported chipsets/cards. If you have doubts about
+ which driver is the correct one, read the manual page of the
+ driver. The manual page will give you more information about
+ the supported hardware and even the possible problems that
+ could occur.</para>
+
+ <note>
+ <para><filename>NOTES</filename> does not exist on
+ &os;&nbsp;4.X. Instead, check the <filename>LINT</filename>
+ file for information about various network interfaces. See
+ <xref linkend="kernelconfig-config"> for a more detailed
+ summary of <filename>NOTES</filename> versus
+ <filename>LINT</filename>.</para>
+ </note>
+
+ <para>If you own a common card, most of the time you will not
+ have to look very hard for a driver. Drivers for common
+ network cards are present in the <filename>GENERIC</filename>
+ kernel, so your card should show up during boot, like so:</para>
+
+<screen>dc0: &lt;82c169 PNIC 10/100BaseTX&gt; port 0xa000-0xa0ff mem 0xd3800000-0xd38
+000ff irq 15 at device 11.0 on pci0
+dc0: Ethernet address: 00:a0:cc:da:da:da
+miibus0: &lt;MII bus&gt; on dc0
+ukphy0: &lt;Generic IEEE 802.3u media interface&gt; on miibus0
+ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
+dc1: &lt;82c169 PNIC 10/100BaseTX&gt; port 0x9800-0x98ff mem 0xd3000000-0xd30
+000ff irq 11 at device 12.0 on pci0
+dc1: Ethernet address: 00:a0:cc:da:da:db
+miibus1: &lt;MII bus&gt; on dc1
+ukphy1: &lt;Generic IEEE 802.3u media interface&gt; on miibus1
+ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto</screen>
+
+ <para>In this example, we see that two cards using the &man.dc.4;
+ driver are present on the system.</para>
+
+ <para>If the driver for your NIC is not present in
+ <filename>GENERIC</filename>, you will need to load the proper
+ driver to use your NIC. This may be accomplished in one of
+ two ways:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The easiest way is to simply load a kernel module for
+ your network card with &man.kldload.8;. Not all NIC
+ drivers are available as modules; notable examples of
+ devices for which modules do not exist are ISA cards.</para>
+ </listitem>
+
+ <listitem>
+ <para>Alternatively, you may statically compile the support
+ for your card into your kernel. Check
+ <filename>/usr/src/sys/conf/NOTES</filename>,
+ <filename>/usr/src/sys/<replaceable>arch</replaceable>/conf/NOTES</filename>
+ and the manual page of the driver to know what to add in
+ your kernel configuration file. For more information
+ about recompiling your kernel, please see <xref
+ linkend="kernelconfig">. If your card was detected at
+ boot by your kernel (<filename>GENERIC</filename>) you do
+ not have to build a new kernel.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Configuring the Network Card</title>
+
+ <indexterm>
+ <primary>network cards</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+
+ <para>Once the right driver is loaded for the network card, the
+ card needs to be configured. As with many other things, the
+ network card may have been configured at installation time by
+ <application>sysinstall</application>.</para>
+
+ <para>To display the configuration for the network interfaces on
+ your system, enter the following command:</para>
+
+<screen>&prompt.user; <userinput>ifconfig</userinput>
+dc0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
+ inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
+ ether 00:a0:cc:da:da:da
+ media: Ethernet autoselect (100baseTX &lt;full-duplex&gt;)
+ status: active
+dc1: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
+ inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
+ ether 00:a0:cc:da:da:db
+ media: Ethernet 10baseT/UTP
+ status: no carrier
+lp0: flags=8810&lt;POINTOPOINT,SIMPLEX,MULTICAST&gt; mtu 1500
+lo0: flags=8049&lt;UP,LOOPBACK,RUNNING,MULTICAST&gt; mtu 16384
+ inet 127.0.0.1 netmask 0xff000000
+tun0: flags=8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500</screen>
+
+ <note>
+ <para>Old versions of &os; may require the <option>-a</option>
+ option following &man.ifconfig.8;, for more details about the
+ correct syntax of &man.ifconfig.8;, please refer to the manual
+ page. Note also that entries concerning IPv6
+ (<literal>inet6</literal> etc.) were omitted in this
+ example.</para>
+ </note>
+
+ <para>In this example, the following devices were
+ displayed:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><devicename>dc0</devicename>: The first Ethernet
+ interface</para>
+ </listitem>
+
+ <listitem>
+ <para><devicename>dc1</devicename>: The second Ethernet
+ interface</para>
+ </listitem>
+
+ <listitem>
+ <para><devicename>lp0</devicename>: The parallel port
+ interface</para>
+ </listitem>
+
+ <listitem>
+ <para><devicename>lo0</devicename>: The loopback device</para>
+ </listitem>
+
+ <listitem>
+ <para><devicename>tun0</devicename>: The tunnel device used by
+ <application>ppp</application></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>&os; uses the driver name followed by the order in
+ which one the card is detected at the kernel boot to name the
+ network card. For example <devicename>sis2</devicename> would
+ be the third network card on the system using the &man.sis.4;
+ driver.</para>
+
+ <para>In this example, the <devicename>dc0</devicename> device is
+ up and running. The key indicators are:</para>
+
+ <orderedlist>
+ <listitem>
+ <para><literal>UP</literal> means that the card is configured
+ and ready.</para>
+ </listitem>
+
+ <listitem>
+ <para>The card has an Internet (<literal>inet</literal>)
+ address (in this case
+ <hostid role="ipaddr">192.168.1.3</hostid>).</para>
+ </listitem>
+
+ <listitem>
+ <para>It has a valid subnet mask (<literal>netmask</literal>;
+ <hostid role="netmask">0xffffff00</hostid> is the same as
+ <hostid role="netmask">255.255.255.0</hostid>).</para>
+ </listitem>
+
+ <listitem>
+ <para>It has a valid broadcast address (in this case,
+ <hostid role="ipaddr">192.168.1.255</hostid>).</para>
+ </listitem>
+
+ <listitem>
+ <para>The MAC address of the card (<literal>ether</literal>)
+ is <hostid role="mac">00:a0:cc:da:da:da</hostid></para>
+ </listitem>
+
+ <listitem>
+ <para>The physical media selection is on autoselection mode
+ (<literal>media: Ethernet autoselect (100baseTX
+ &lt;full-duplex&gt;)</literal>). We see that
+ <devicename>dc1</devicename> was configured to run with
+ <literal>10baseT/UTP</literal> media. For more
+ information on available media types for a driver, please
+ refer to its manual page.</para>
+ </listitem>
+
+ <listitem>
+ <para>The status of the link (<literal>status</literal>)
+ is <literal>active</literal>, i.e. the carrier is detected.
+ For <devicename>dc1</devicename>, we see
+ <literal>status: no carrier</literal>. This is normal when
+ an Ethernet cable is not plugged into the card.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>If the &man.ifconfig.8; output had shown something similar
+ to:</para>
+
+<screen>dc0: flags=8843&lt;BROADCAST,SIMPLEX,MULTICAST&gt; mtu 1500
+ ether 00:a0:cc:da:da:da</screen>
+
+ <para>it would indicate the card has not been configured.</para>
+
+ <para>To configure your card, you need <username>root</username>
+ privileges. The network card configuration can be done from the
+ command line with &man.ifconfig.8; but you would have to do it
+ after each reboot of the system. The file
+ <filename>/etc/rc.conf</filename> is where to add the network
+ card's configuration.</para>
+
+ <para>Open <filename>/etc/rc.conf</filename> in your favorite
+ editor. You need to add a line for each network card present on
+ the system, for example in our case, we added these lines:</para>
+
+<programlisting>ifconfig_dc0="inet 192.168.1.3 netmask 255.255.255.0"
+ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP"</programlisting>
+
+ <para>You have to replace <devicename>dc0</devicename>,
+ <devicename>dc1</devicename>, and so on, with
+ the correct device for your cards, and the addresses with the
+ proper ones. You should read the card driver and
+ &man.ifconfig.8; manual pages for more details about the allowed
+ options and also &man.rc.conf.5; manual page for more
+ information on the syntax of
+ <filename>/etc/rc.conf</filename>.</para>
+
+ <para>If you configured the network during installation, some
+ lines about the network card(s) may be already present. Double
+ check <filename>/etc/rc.conf</filename> before adding any
+ lines.</para>
+
+ <para>You will also have to edit the file
+ <filename>/etc/hosts</filename> to add the names and the IP
+ addresses of various machines of the LAN, if they are not already
+ there. For more information please refer to &man.hosts.5;
+ and to <filename>/usr/share/examples/etc/hosts</filename>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Testing and Troubleshooting</title>
+
+ <para>Once you have made the necessary changes in
+ <filename>/etc/rc.conf</filename>, you should reboot your
+ system. This will allow the change(s) to the interface(s) to
+ be applied, and verify that the system restarts without any
+ configuration errors.</para>
+
+ <para>Once the system has been rebooted, you should test the
+ network interfaces.</para>
+
+ <sect3>
+ <title>Testing the Ethernet Card</title>
+
+ <indexterm>
+ <primary>network cards</primary>
+ <secondary>testing</secondary>
+ </indexterm>
+
+ <para>To verify that an Ethernet card is configured correctly,
+ you have to try two things. First, ping the interface itself,
+ and then ping another machine on the LAN.</para>
+
+ <para>First test the local interface:</para>
+
+<screen>&prompt.user; <userinput>ping -c5 192.168.1.3</userinput>
+PING 192.168.1.3 (192.168.1.3): 56 data bytes
+64 bytes from 192.168.1.3: icmp_seq=0 ttl=64 time=0.082 ms
+64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.074 ms
+64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.076 ms
+64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.108 ms
+64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.076 ms
+
+--- 192.168.1.3 ping statistics ---
+5 packets transmitted, 5 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 0.074/0.083/0.108/0.013 ms</screen>
+
+ <para>Now we have to ping another machine on the LAN:</para>
+
+<screen>&prompt.user; <userinput>ping -c5 192.168.1.2</userinput>
+PING 192.168.1.2 (192.168.1.2): 56 data bytes
+64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.726 ms
+64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.766 ms
+64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.700 ms
+64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.747 ms
+64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.704 ms
+
+--- 192.168.1.2 ping statistics ---
+5 packets transmitted, 5 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 0.700/0.729/0.766/0.025 ms</screen>
+
+ <para>You could also use the machine name instead of
+ <hostid role="ipaddr">192.168.1.2</hostid> if you have set up the
+ <filename>/etc/hosts</filename> file.</para>
+ </sect3>
+
+ <sect3>
+ <title>Troubleshooting</title>
+
+ <indexterm>
+ <primary>network cards</primary>
+ <secondary>troubleshooting</secondary>
+ </indexterm>
+
+ <para>Troubleshooting hardware and software configurations is always
+ a pain, and a pain which can be alleviated by checking the simple
+ things first. Is your network cable plugged in? Have you properly
+ configured the network services? Did you configure the firewall
+ correctly? Is the card you are using supported by &os;? Always
+ check the hardware notes before sending off a bug report. Update
+ your version of &os; to the latest STABLE version. Check the
+ mailing list archives, or perhaps search the Internet.</para>
+
+ <para>If the card works, yet performance is poor, it would be
+ worthwhile to read over the &man.tuning.7; manual page. You
+ can also check the network configuration as incorrect network
+ settings can cause slow connections.</para>
+
+ <para>Some users experience one or two <errorname>device
+ timeout</errorname> messages, which is normal for some cards. If they
+ continue, or are bothersome, you may wish to be sure the
+ device is not conflicting with another device. Double check
+ the cable connections. Perhaps you may just need to get
+ another card.</para>
+
+ <para>At times, users see a few <errorname>watchdog timeout</errorname>
+ errors. The first thing to do here is to check your network
+ cable. Many cards require a PCI slot which supports Bus
+ Mastering. On some old motherboards, only one PCI slot allows
+ it (usually slot 0). Check the network card and the
+ motherboard documentation to determine if that may be the
+ problem.</para>
+
+ <para><errorname>No route to host</errorname> messages occur if the
+ system is unable to route a packet to the destination host.
+ This can happen if no default route is specified, or if a
+ cable is unplugged. Check the output of <command>netstat
+ -rn</command> and make sure there is a valid route to the host
+ you are trying to reach. If there is not, read on to <xref
+ linkend="advanced-networking">.</para>
+
+ <para><errorname>ping: sendto: Permission denied</errorname> error
+ messages are often caused by a misconfigured firewall. If
+ <command>ipfw</command> is enabled in the kernel but no rules
+ have been defined, then the default policy is to deny all
+ traffic, even ping requests! Read on to <xref
+ linkend="firewalls"> for more information.</para>
+
+ <para>Sometimes performance of the card is poor, or below average.
+ In these cases it is best to set the media selection mode
+ from <literal>autoselect</literal> to the correct media selection.
+ While this usually works for most hardware, it may not resolve
+ this issue for everyone. Again, check all the network settings,
+ and read over the &man.tuning.7; manual page.</para>
+
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="configtuning-virtual-hosts">
+ <title>Virtual Hosts</title>
+
+ <indexterm><primary>virtual hosts</primary></indexterm>
+ <indexterm><primary>IP aliases</primary></indexterm>
+
+ <para>A very common use of &os; is virtual site hosting, where
+ one server appears to the network as many servers. This is
+ achieved by assigning multiple network addresses to a single
+ interface.</para>
+
+ <para>A given network interface has one <quote>real</quote> address,
+ and may have any number of <quote>alias</quote> addresses.
+ These aliases are
+ normally added by placing alias entries in
+ <filename>/etc/rc.conf</filename>.</para>
+
+ <para>An alias entry for the interface <devicename>fxp0</devicename>
+ looks like:</para>
+
+<programlisting>ifconfig_fxp0_alias0="inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"</programlisting>
+
+ <para>Note that alias entries must start with <literal>alias0</literal> and proceed
+ upwards in order, (for example, <literal>_alias1</literal>, <literal>_alias2</literal>, and so on).
+ The configuration process will stop at the first missing number.
+ </para>
+
+ <para>The calculation of alias netmasks is important, but
+ fortunately quite simple. For a given interface, there must be
+ one address which correctly represents the network's netmask.
+ Any other addresses which fall within this network must have a
+ netmask of all <literal>1</literal>s (expressed as either
+ <hostid role="netmask">255.255.255.255</hostid> or <hostid role="netmask">0xffffffff</hostid>).
+ </para>
+
+ <para>For example, consider the case where the
+ <devicename>fxp0</devicename> interface is
+ connected to two networks, the <hostid role="ipaddr">10.1.1.0</hostid>
+ network with a netmask of <hostid role="netmask">255.255.255.0</hostid>
+ and the <hostid role="ipaddr">202.0.75.16</hostid> network with
+ a netmask of <hostid role="netmask">255.255.255.240</hostid>.
+ We want the system to appear at <hostid role="ipaddr">10.1.1.1</hostid>
+ through <hostid role="ipaddr">10.1.1.5</hostid> and at
+ <hostid role="ipaddr">202.0.75.17</hostid> through
+ <hostid role="ipaddr">202.0.75.20</hostid>. As noted above, only the
+ first address in a given network range (in this case,
+ <hostid role="ipaddr">10.0.1.1</hostid> and
+ <hostid role="ipaddr">202.0.75.17</hostid>) should have a real
+ netmask; all the rest (<hostid role="ipaddr">10.1.1.2</hostid>
+ through <hostid role="ipaddr">10.1.1.5</hostid> and
+ <hostid role="ipaddr">202.0.75.18</hostid> through
+ <hostid role="ipaddr">202.0.75.20</hostid>) must be configured with a
+ netmask of <hostid role="netmask">255.255.255.255</hostid>.</para>
+
+ <para>The following <filename>/etc/rc.conf</filename> entries
+ configure the adapter correctly for this arrangement:</para>
+
+ <programlisting>ifconfig_fxp0="inet 10.1.1.1 netmask 255.255.255.0"
+ifconfig_fxp0_alias0="inet 10.1.1.2 netmask 255.255.255.255"
+ifconfig_fxp0_alias1="inet 10.1.1.3 netmask 255.255.255.255"
+ifconfig_fxp0_alias2="inet 10.1.1.4 netmask 255.255.255.255"
+ifconfig_fxp0_alias3="inet 10.1.1.5 netmask 255.255.255.255"
+ifconfig_fxp0_alias4="inet 202.0.75.17 netmask 255.255.255.240"
+ifconfig_fxp0_alias5="inet 202.0.75.18 netmask 255.255.255.255"
+ifconfig_fxp0_alias6="inet 202.0.75.19 netmask 255.255.255.255"
+ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
+
+ </sect1>
+
+ <sect1 id="configtuning-configfiles">
+ <title>Configuration Files</title>
+
+ <sect2>
+ <title><filename>/etc</filename> Layout</title>
+ <para>There are a number of directories in which configuration
+ information is kept. These include:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="2*">
+
+ <tbody>
+ <row>
+ <entry><filename>/etc</filename></entry>
+ <entry>Generic system configuration information; data here is
+ system-specific.</entry>
+ </row>
+ <row>
+ <entry><filename>/etc/defaults</filename></entry>
+ <entry>Default versions of system configuration files.</entry>
+ </row>
+ <row>
+ <entry><filename>/etc/mail</filename></entry>
+ <entry>Extra &man.sendmail.8; configuration, other
+ MTA configuration files.
+ </entry>
+ </row>
+ <row>
+ <entry><filename>/etc/ppp</filename></entry>
+ <entry>Configuration for both user- and kernel-ppp programs.
+ </entry>
+ </row>
+ <row>
+ <entry><filename>/etc/namedb</filename></entry>
+ <entry>Default location for &man.named.8; data. Normally
+ <filename>named.conf</filename> and zone files are stored
+ here.</entry>
+ </row>
+ <row>
+ <entry><filename>/usr/local/etc</filename></entry>
+ <entry>Configuration files for installed applications.
+ May contain per-application subdirectories.</entry>
+ </row>
+ <row>
+ <entry><filename>/usr/local/etc/rc.d</filename></entry>
+ <entry>Start/stop scripts for installed applications.</entry>
+ </row>
+ <row>
+ <entry><filename>/var/db</filename></entry>
+ <entry>Automatically generated system-specific database files,
+ such as the package database, the locate database, and so
+ on</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
+ <sect2>
+ <title>Hostnames</title>
+
+ <indexterm><primary>hostname</primary></indexterm>
+ <indexterm><primary>DNS</primary></indexterm>
+
+ <sect3>
+ <title><filename>/etc/resolv.conf</filename></title>
+
+ <indexterm>
+ <primary><filename>resolv.conf</filename></primary>
+ </indexterm>
+
+ <para><filename>/etc/resolv.conf</filename> dictates how &os;'s
+ resolver accesses the Internet Domain Name System (DNS).</para>
+
+ <para>The most common entries to <filename>resolv.conf</filename> are:
+ </para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="2*">
+
+ <tbody>
+ <row>
+ <entry><literal>nameserver</literal></entry>
+ <entry>The IP address of a name server the resolver
+ should query. The servers are queried in the order
+ listed with a maximum of three.</entry>
+ </row>
+ <row>
+ <entry><literal>search</literal></entry>
+ <entry>Search list for hostname lookup. This is normally
+ determined by the domain of the local hostname.</entry>
+ </row>
+ <row>
+ <entry><literal>domain</literal></entry>
+ <entry>The local domain name.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>A typical <filename>resolv.conf</filename>:</para>
+
+ <programlisting>search example.com
+nameserver 147.11.1.11
+nameserver 147.11.100.30</programlisting>
+
+ <note><para>Only one of the <literal>search</literal> and
+ <literal>domain</literal> options should be used.</para></note>
+
+ <para>If you are using DHCP, &man.dhclient.8; usually rewrites
+ <filename>resolv.conf</filename> with information received from the
+ DHCP server.</para>
+ </sect3>
+
+ <sect3>
+ <title><filename>/etc/hosts</filename></title>
+
+ <indexterm><primary>hosts</primary></indexterm>
+
+ <para><filename>/etc/hosts</filename> is a simple text
+ database reminiscent of the old Internet. It works in
+ conjunction with DNS and NIS providing name to IP address
+ mappings. Local computers connected via a LAN can be placed
+ in here for simplistic naming purposes instead of setting up
+ a &man.named.8; server. Additionally,
+ <filename>/etc/hosts</filename> can be used to provide a
+ local record of Internet names, reducing the need to query
+ externally for commonly accessed names.</para>
+
+ <programlisting># &dollar;&os;&dollar;
+#
+# Host Database
+# This file should contain the addresses and aliases
+# for local hosts that share this file.
+# In the presence of the domain name service or NIS, this file may
+# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
+#
+#
+::1 localhost localhost.my.domain myname.my.domain
+127.0.0.1 localhost localhost.my.domain myname.my.domain
+
+#
+# Imaginary network.
+#10.0.0.2 myname.my.domain myname
+#10.0.0.3 myfriend.my.domain myfriend
+#
+# According to RFC 1918, you can use the following IP networks for
+# private nets which will never be connected to the Internet:
+#
+# 10.0.0.0 - 10.255.255.255
+# 172.16.0.0 - 172.31.255.255
+# 192.168.0.0 - 192.168.255.255
+#
+# In case you want to be able to connect to the Internet, you need
+# real official assigned numbers. PLEASE PLEASE PLEASE do not try
+# to invent your own network numbers but instead get one from your
+# network provider (if any) or from the Internet Registry (ftp to
+# rs.internic.net, directory `/templates').
+#</programlisting>
+
+ <para><filename>/etc/hosts</filename> takes on the simple format
+ of:</para>
+
+ <programlisting>[Internet address] [official hostname] [alias1] [alias2] ...</programlisting>
+
+ <para>For example:</para>
+
+ <programlisting>10.0.0.1 myRealHostname.example.com myRealHostname foobar1 foobar2</programlisting>
+
+ <para>Consult &man.hosts.5; for more information.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Log File Configuration</title>
+
+ <indexterm><primary>log files</primary></indexterm>
+
+ <sect3>
+ <title><filename>syslog.conf</filename></title>
+
+ <indexterm><primary>syslog.conf</primary></indexterm>
+
+ <para><filename>syslog.conf</filename> is the configuration file
+ for the &man.syslogd.8; program. It indicates which types
+ of <command>syslog</command> messages are logged to particular
+ log files.</para>
+
+ <programlisting># &dollar;&os;&dollar;
+#
+# Spaces ARE valid field separators in this file. However,
+# other *nix-like systems still insist on using tabs as field
+# separators. If you are sharing this file between systems, you
+# may want to use only tabs as field separators here.
+# Consult the syslog.conf(5) manual page.
+*.err;kern.debug;auth.notice;mail.crit /dev/console
+*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
+security.* /var/log/security
+mail.info /var/log/maillog
+lpr.info /var/log/lpd-errs
+cron.* /var/log/cron
+*.err root
+*.notice;news.err root
+*.alert root
+*.emerg *
+# uncomment this to log all writes to /dev/console to /var/log/console.log
+#console.info /var/log/console.log
+# uncomment this to enable logging of all log messages to /var/log/all.log
+#*.* /var/log/all.log
+# uncomment this to enable logging to a remote log host named loghost
+#*.* @loghost
+# uncomment these if you're running inn
+# news.crit /var/log/news/news.crit
+# news.err /var/log/news/news.err
+# news.notice /var/log/news/news.notice
+!startslip
+*.* /var/log/slip.log
+!ppp
+*.* /var/log/ppp.log</programlisting>
+
+ <para>Consult the &man.syslog.conf.5; manual page for more
+ information.</para>
+ </sect3>
+
+ <sect3>
+ <title><filename>newsyslog.conf</filename></title>
+
+ <indexterm><primary>newsyslog.conf</primary></indexterm>
+
+ <para><filename>newsyslog.conf</filename> is the configuration
+ file for &man.newsyslog.8;, a program that is normally scheduled
+ to run by &man.cron.8;. &man.newsyslog.8; determines when log
+ files require archiving or rearranging.
+ <filename>logfile</filename> is moved to
+ <filename>logfile.0</filename>, <filename>logfile.0</filename>
+ is moved to <filename>logfile.1</filename>, and so on.
+ Alternatively, the log files may be archived in &man.gzip.1; format
+ causing them to be named: <filename>logfile.0.gz</filename>,
+ <filename>logfile.1.gz</filename>, and so on.</para>
+
+ <para><filename>newsyslog.conf</filename> indicates which log
+ files are to be managed, how many are to be kept, and when
+ they are to be touched. Log files can be rearranged and/or
+ archived when they have either reached a certain size, or at a
+ certain periodic time/date.</para>
+
+ <programlisting># configuration file for newsyslog
+# &dollar;&os;&dollar;
+#
+# filename [owner:group] mode count size when [ZB] [/pid_file] [sig_num]
+/var/log/cron 600 3 100 * Z
+/var/log/amd.log 644 7 100 * Z
+/var/log/kerberos.log 644 7 100 * Z
+/var/log/lpd-errs 644 7 100 * Z
+/var/log/maillog 644 7 * @T00 Z
+/var/log/sendmail.st 644 10 * 168 B
+/var/log/messages 644 5 100 * Z
+/var/log/all.log 600 7 * @T00 Z
+/var/log/slip.log 600 3 100 * Z
+/var/log/ppp.log 600 3 100 * Z
+/var/log/security 600 10 100 * Z
+/var/log/wtmp 644 3 * @01T05 B
+/var/log/daily.log 640 7 * @T00 Z
+/var/log/weekly.log 640 5 1 $W6D0 Z
+/var/log/monthly.log 640 12 * $M1D0 Z
+/var/log/console.log 640 5 100 * Z</programlisting>
+
+ <para>Consult the &man.newsyslog.8; manual page for more
+ information.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="configtuning-sysctlconf">
+ <title><filename>sysctl.conf</filename></title>
+
+ <indexterm><primary>sysctl.conf</primary></indexterm>
+ <indexterm><primary>sysctl</primary></indexterm>
+
+ <para><filename>sysctl.conf</filename> looks much like
+ <filename>rc.conf</filename>. Values are set in a
+ <literal>variable=value</literal>
+ form. The specified values are set after the system goes into
+ multi-user mode. Not all variables are settable in this mode.</para>
+
+ <para>A sample <filename>sysctl.conf</filename> turning off logging
+ of fatal signal exits and letting Linux programs know they are really
+ running under &os;:</para>
+
+ <programlisting>kern.logsigexit=0 # Do not log fatal signal exits (e.g. sig 11)
+compat.linux.osname=&os;
+compat.linux.osrelease=4.3-STABLE</programlisting>
+ </sect2>
+ </sect1>
+
+ <sect1 id="configtuning-sysctl">
+ <title>Tuning with sysctl</title>
+
+ <indexterm><primary>sysctl</primary></indexterm>
+ <indexterm>
+ <primary>tuning</primary>
+ <secondary>with sysctl</secondary>
+ </indexterm>
+
+ <para>&man.sysctl.8; is an interface that allows you to make changes
+ to a running &os; system. This includes many advanced
+ options of the TCP/IP stack and virtual memory system that can
+ dramatically improve performance for an experienced system
+ administrator. Over five hundred system variables can be read
+ and set using &man.sysctl.8;.</para>
+
+ <para>At its core, &man.sysctl.8; serves two functions: to read and
+ to modify system settings.</para>
+
+ <para>To view all readable variables:</para>
+
+ <screen>&prompt.user; <userinput>sysctl -a</userinput></screen>
+
+ <para>To read a particular variable, for example,
+ <varname>kern.maxproc</varname>:</para>
+
+ <screen>&prompt.user; <userinput>sysctl kern.maxproc</userinput>
+kern.maxproc: 1044</screen>
+
+ <para>To set a particular variable, use the intuitive
+ <replaceable>variable</replaceable>=<replaceable>value</replaceable>
+ syntax:</para>
+
+ <screen>&prompt.root; <userinput>sysctl kern.maxfiles=5000</userinput>
+kern.maxfiles: 2088 -> 5000</screen>
+
+ <para>Settings of sysctl variables are usually either strings,
+ numbers, or booleans (a boolean being <literal>1</literal> for yes
+ or a <literal>0</literal> for no).</para>
+
+ <para>If you want to set automatically some variables each time
+ the machine boots, add them to the
+ <filename>/etc/sysctl.conf</filename> file. For more information
+ see the &man.sysctl.conf.5; manual page and the
+ <xref linkend="configtuning-sysctlconf">.</para>
+
+ <sect2 id="sysctl-readonly">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ <!-- 31 January 2003 -->
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>&man.sysctl.8; Read-only</title>
+
+ <para>In some cases it may be desirable to modify read-only &man.sysctl.8;
+ values. While this is sometimes unavoidable, it can only be done
+ on (re)boot.</para>
+
+ <para>For instance on some laptop models the &man.cardbus.4; device will
+ not probe memory ranges, and fail with errors which look similar to:</para>
+
+ <screen>cbb0: Could not map register memory
+device_probe_and_attach: cbb0 attach returned 12</screen>
+
+ <para>Cases like the one above usually require the modification of some
+ default &man.sysctl.8; settings which are set read only. To overcome
+ these situations a user can put &man.sysctl.8; <quote>OIDs</quote>
+ in their local <filename>/boot/loader.conf</filename>. Default
+ settings are located in the <filename>/boot/defaults/loader.conf</filename>
+ file.</para>
+
+ <para>Fixing the problem mentioned above would require a user to set
+ <option>hw.pci.allow_unsupported_io_range=1</option> in the aforementioned
+ file. Now &man.cardbus.4; will work properly.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="configtuning-disk">
+ <title>Tuning Disks</title>
+
+ <sect2>
+ <title>Sysctl Variables</title>
+
+ <sect3>
+ <title><varname>vfs.vmiodirenable</varname></title>
+
+ <indexterm>
+ <primary><varname>vfs.vmiodirenable</varname></primary>
+ </indexterm>
+
+ <para>The <varname>vfs.vmiodirenable</varname> sysctl variable
+ may be set to either 0 (off) or 1 (on); it is 1 by default.
+ This variable controls how directories are cached by the
+ system. Most directories are small, using just a single
+ fragment (typically 1&nbsp;K) in the file system and less
+ (typically 512&nbsp;bytes) in the buffer cache.
+ With this variable turned off (to 0), the buffer
+ cache will only cache a fixed number of directories even if
+ you have a huge amount of memory. When turned on (to 1), this sysctl
+ allows the buffer cache to use the VM Page Cache to cache the
+ directories, making all the memory available for caching
+ directories. However,
+ the minimum in-core memory used to cache a directory is the
+ physical page size (typically 4&nbsp;K) rather than 512&nbsp;
+ bytes. We recommend keeping this option on if you are running
+ any services which manipulate large numbers of files. Such
+ services can include web caches, large mail systems, and news
+ systems. Keeping this option on will generally not reduce
+ performance even with the wasted memory but you should
+ experiment to find out.</para>
+ </sect3>
+
+ <sect3>
+ <title><varname>vfs.write_behind</varname></title>
+
+ <indexterm>
+ <primary><varname>vfs.write_behind</varname></primary>
+ </indexterm>
+
+ <para>The <varname>vfs.write_behind</varname> sysctl variable
+ defaults to <literal>1</literal> (on). This tells the file system
+ to issue media writes as full clusters are collected, which
+ typically occurs when writing large sequential files. The idea
+ is to avoid saturating the buffer cache with dirty buffers when
+ it would not benefit I/O performance. However, this may stall
+ processes and under certain circumstances you may wish to turn it
+ off.</para>
+ </sect3>
+
+ <sect3>
+ <title><varname>vfs.hirunningspace</varname></title>
+
+ <indexterm>
+ <primary><varname>vfs.hirunningspace</varname></primary>
+ </indexterm>
+
+ <para>The <varname>vfs.hirunningspace</varname> sysctl variable
+ determines how much outstanding write I/O may be queued to disk
+ controllers system-wide at any given instance. The default is
+ usually sufficient but on machines with lots of disks you may
+ want to bump it up to four or five <emphasis>megabytes</emphasis>.
+ Note that setting too high a value (exceeding the buffer cache's
+ write threshold) can lead to extremely bad clustering
+ performance. Do not set this value arbitrarily high! Higher
+ write values may add latency to reads occurring at the same time.
+ </para>
+
+ <para>There are various other buffer-cache and VM page cache
+ related sysctls. We do not recommend modifying these values. As
+ of &os;&nbsp;4.3, the VM system does an extremely good job of
+ automatically tuning itself.</para>
+ </sect3>
+
+ <sect3>
+ <title><varname>vm.swap_idle_enabled</varname></title>
+
+ <indexterm>
+ <primary><varname>vm.swap_idle_enabled</varname></primary>
+ </indexterm>
+
+ <para>The <varname>vm.swap_idle_enabled</varname> sysctl variable
+ is useful in large multi-user systems where you have lots of
+ users entering and leaving the system and lots of idle processes.
+ Such systems tend to generate a great deal of continuous pressure
+ on free memory reserves. Turning this feature on and tweaking
+ the swapout hysteresis (in idle seconds) via
+ <varname>vm.swap_idle_threshold1</varname> and
+ <varname>vm.swap_idle_threshold2</varname> allows you to depress
+ the priority of memory pages associated with idle processes more
+ quickly then the normal pageout algorithm. This gives a helping
+ hand to the pageout daemon. Do not turn this option on unless
+ you need it, because the tradeoff you are making is essentially
+ pre-page memory sooner rather than later; thus eating more swap
+ and disk bandwidth. In a small system this option will have a
+ determinable effect but in a large system that is already doing
+ moderate paging this option allows the VM system to stage whole
+ processes into and out of memory easily.</para>
+ </sect3>
+
+ <sect3>
+ <title><varname>hw.ata.wc</varname></title>
+
+ <indexterm>
+ <primary><varname>hw.ata.wc</varname></primary>
+ </indexterm>
+
+ <para>&os;&nbsp;4.3 flirted with turning off IDE write caching.
+ This reduced write bandwidth to IDE disks but was considered
+ necessary due to serious data consistency issues introduced
+ by hard drive vendors. The problem is that IDE
+ drives lie about when a write completes. With IDE write
+ caching turned on, IDE hard drives not only write data
+ to disk out of order, but will sometimes delay writing some
+ blocks indefinitely when under heavy disk loads. A crash or
+ power failure may cause serious file system corruption.
+ &os;'s default was changed to be safe. Unfortunately, the
+ result was such a huge performance loss that we changed
+ write caching back to on by default after the release. You
+ should check the default on your system by observing the
+ <varname>hw.ata.wc</varname> sysctl variable. If IDE write
+ caching is turned off, you can turn it back on by setting
+ the kernel variable back to 1. This must be done from the
+ boot loader at boot time. Attempting to do it after the
+ kernel boots will have no effect.</para>
+
+ <para>For more information, please see &man.ata.4;.</para>
+ </sect3>
+
+ <sect3>
+ <title><literal>SCSI_DELAY</literal>
+ (<varname>kern.cam.scsi_delay</varname>)</title>
+
+ <indexterm>
+ <primary><varname>kern.cam.scsi_delay</varname></primary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary><literal>SCSI_DELAY</literal></secondary>
+ </indexterm>
+
+ <para>The <literal>SCSI_DELAY</literal> kernel config may be used to
+ reduce system boot times. The defaults are fairly high and can be
+ responsible for <literal>15</literal> seconds of delay in the
+ boot process. Reducing it to <literal>5</literal> seconds usually
+ works (especially with modern drives). Newer versions of &os;
+ (5.0 and higher) should use the <varname>kern.cam.scsi_delay</varname>
+ boot time tunable. The tunable, and kernel config option accept
+ values in terms of <emphasis>milliseconds</emphasis> and
+ <emphasis>not</emphasis> <emphasis>seconds</emphasis>.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="soft-updates">
+ <title>Soft Updates</title>
+
+ <indexterm><primary>Soft Updates</primary></indexterm>
+ <indexterm><primary>tunefs</primary></indexterm>
+
+ <para>The &man.tunefs.8; program can be used to fine-tune a
+ file system. This program has many different options, but for
+ now we are only concerned with toggling Soft Updates on and
+ off, which is done by:</para>
+
+ <screen>&prompt.root; <userinput>tunefs -n enable /filesystem</userinput>
+&prompt.root; <userinput>tunefs -n disable /filesystem</userinput></screen>
+
+ <para>A filesystem cannot be modified with &man.tunefs.8; while
+ it is mounted. A good time to enable Soft Updates is before any
+ partitions have been mounted, in single-user mode.</para>
+
+ <note><para>As of &os;&nbsp;4.5, it is possible to enable Soft Updates
+ at filesystem creation time, through use of the <literal>-U</literal>
+ option to &man.newfs.8;.</para></note>
+
+ <para>Soft Updates drastically improves meta-data performance, mainly
+ file creation and deletion, through the use of a memory cache. We
+ recommend to use Soft Updates on all of your file systems. There
+ are two downsides to Soft Updates that you should be aware of: First,
+ Soft Updates guarantees filesystem consistency in the case of a crash
+ but could very easily be several seconds (even a minute!) behind
+ updating the physical disk. If your system crashes you may lose more
+ work than otherwise. Secondly, Soft Updates delays the freeing of
+ filesystem blocks. If you have a filesystem (such as the root
+ filesystem) which is almost full, performing a major update, such as
+ <command>make installworld</command>, can cause the filesystem to run
+ out of space and the update to fail.</para>
+
+ <sect3>
+ <title>More Details about Soft Updates</title>
+
+ <indexterm>
+ <primary>Soft Updates</primary>
+ <secondary>details</secondary>
+ </indexterm>
+
+ <para>There are two traditional approaches to writing a file
+ systems meta-data back to disk. (Meta-data updates are
+ updates to non-content data like inodes or
+ directories.)</para>
+
+ <para>Historically, the default behavior was to write out
+ meta-data updates synchronously. If a directory had been
+ changed, the system waited until the change was actually
+ written to disk. The file data buffers (file contents) were
+ passed through the buffer cache and backed up
+ to disk later on asynchronously. The advantage of this
+ implementation is that it operates safely. If there is
+ a failure during an update, the meta-data are always in a
+ consistent state. A file is either created completely
+ or not at all. If the data blocks of a file did not find
+ their way out of the buffer cache onto the disk by the time
+ of the crash, &man.fsck.8; is able to recognize this and
+ repair the filesystem by setting the file length to
+ 0. Additionally, the implementation is clear and simple.
+ The disadvantage is that meta-data changes are slow. An
+ <command>rm -r</command>, for instance, touches all the files
+ in a directory sequentially, but each directory
+ change (deletion of a file) will be written synchronously
+ to the disk. This includes updates to the directory itself,
+ to the inode table, and possibly to indirect blocks
+ allocated by the file. Similar considerations apply for
+ unrolling large hierarchies (<command>tar -x</command>).</para>
+
+ <para>The second case is asynchronous meta-data updates. This
+ is the default for Linux/ext2fs and
+ <command>mount -o async</command> for *BSD ufs. All
+ meta-data updates are simply being passed through the buffer
+ cache too, that is, they will be intermixed with the updates
+ of the file content data. The advantage of this
+ implementation is there is no need to wait until each
+ meta-data update has been written to disk, so all operations
+ which cause huge amounts of meta-data updates work much
+ faster than in the synchronous case. Also, the
+ implementation is still clear and simple, so there is a low
+ risk for bugs creeping into the code. The disadvantage is
+ that there is no guarantee at all for a consistent state of
+ the filesystem. If there is a failure during an operation
+ that updated large amounts of meta-data (like a power
+ failure, or someone pressing the reset button),
+ the filesystem
+ will be left in an unpredictable state. There is no opportunity
+ to examine the state of the filesystem when the system
+ comes up again; the data blocks of a file could already have
+ been written to the disk while the updates of the inode
+ table or the associated directory were not. It is actually
+ impossible to implement a <command>fsck</command> which is
+ able to clean up the resulting chaos (because the necessary
+ information is not available on the disk). If the
+ filesystem has been damaged beyond repair, the only choice
+ is to use &man.newfs.8; on it and restore it from backup.
+ </para>
+
+ <para>The usual solution for this problem was to implement
+ <emphasis>dirty region logging</emphasis>, which is also
+ referred to as <emphasis>journaling</emphasis>, although that
+ term is not used consistently and is occasionally applied
+ to other forms of transaction logging as well. Meta-data
+ updates are still written synchronously, but only into a
+ small region of the disk. Later on they will be moved
+ to their proper location. Because the logging
+ area is a small, contiguous region on the disk, there
+ are no long distances for the disk heads to move, even
+ during heavy operations, so these operations are quicker
+ than synchronous updates.
+ Additionally the complexity of the implementation is fairly
+ limited, so the risk of bugs being present is low. A disadvantage
+ is that all meta-data are written twice (once into the
+ logging region and once to the proper location) so for
+ normal work, a performance <quote>pessimization</quote>
+ might result. On the other hand, in case of a crash, all
+ pending meta-data operations can be quickly either rolled-back
+ or completed from the logging area after the system comes
+ up again, resulting in a fast filesystem startup.</para>
+
+ <para>Kirk McKusick, the developer of Berkeley FFS,
+ solved this problem with Soft Updates: all pending
+ meta-data updates are kept in memory and written out to disk
+ in a sorted sequence (<quote>ordered meta-data
+ updates</quote>). This has the effect that, in case of
+ heavy meta-data operations, later updates to an item
+ <quote>catch</quote> the earlier ones if the earlier ones are still in
+ memory and have not already been written to disk. So all
+ operations on, say, a directory are generally performed in
+ memory before the update is written to disk (the data
+ blocks are sorted according to their position so
+ that they will not be on the disk ahead of their meta-data).
+ If the system crashes, this causes an implicit <quote>log
+ rewind</quote>: all operations which did not find their way
+ to the disk appear as if they had never happened. A
+ consistent filesystem state is maintained that appears to
+ be the one of 30 to 60 seconds earlier. The
+ algorithm used guarantees that all resources in use
+ are marked as such in their appropriate bitmaps: blocks and inodes.
+ After a crash, the only resource allocation error
+ that occurs is that resources are
+ marked as <quote>used</quote> which are actually <quote>free</quote>.
+ &man.fsck.8; recognizes this situation,
+ and frees the resources that are no longer used. It is safe to
+ ignore the dirty state of the filesystem after a crash by
+ forcibly mounting it with <command>mount -f</command>. In
+ order to free resources that may be unused, &man.fsck.8;
+ needs to be run at a later time. This is the idea behind
+ the <emphasis>background fsck</emphasis>: at system startup
+ time, only a <emphasis>snapshot</emphasis> of the
+ filesystem is recorded. The <command>fsck</command> can be
+ run later on. All file systems can then be mounted
+ <quote>dirty</quote>, so the system startup proceeds in
+ multiuser mode. Then, background <command>fsck</command>s
+ will be scheduled for all file systems where this is required, to free
+ resources that may be unused. (File systems that do not use
+ Soft Updates still need the usual foreground
+ <command>fsck</command> though.)</para>
+
+ <para>The advantage is that meta-data operations are nearly as
+ fast as asynchronous updates (i.e. faster than with
+ <emphasis>logging</emphasis>, which has to write the
+ meta-data twice). The disadvantages are the complexity of
+ the code (implying a higher risk for bugs in an area that
+ is highly sensitive regarding loss of user data), and a
+ higher memory consumption. Additionally there are some
+ idiosyncrasies one has to get used to.
+ After a crash, the state of the filesystem appears to be
+ somewhat <quote>older</quote>. In situations where
+ the standard synchronous approach would have caused some
+ zero-length files to remain after the
+ <command>fsck</command>, these files do not exist at all
+ with a Soft Updates filesystem because neither the meta-data
+ nor the file contents have ever been written to disk.
+ Disk space is not released until the updates have been
+ written to disk, which may take place some time after
+ running <command>rm</command>. This may cause problems
+ when installing large amounts of data on a filesystem
+ that does not have enough free space to hold all the files
+ twice.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="configtuning-kernel-limits">
+ <title>Tuning Kernel Limits</title>
+
+ <indexterm>
+ <primary>tuning</primary>
+ <secondary>kernel limits</secondary>
+ </indexterm>
+
+ <sect2 id="file-process-limits">
+ <title>File/Process Limits</title>
+
+ <sect3 id="kern-maxfiles">
+ <title><varname>kern.maxfiles</varname></title>
+
+ <indexterm>
+ <primary><varname>kern.maxfiles</varname></primary>
+ </indexterm>
+
+ <para><varname>kern.maxfiles</varname> can be raised or
+ lowered based upon your system requirements. This variable
+ indicates the maximum number of file descriptors on your
+ system. When the file descriptor table is full,
+ <errorname>file: table is full</errorname> will show up repeatedly
+ in the system message buffer, which can be viewed with the
+ <command>dmesg</command> command.</para>
+
+ <para>Each open file, socket, or fifo uses one file
+ descriptor. A large-scale production server may easily
+ require many thousands of file descriptors, depending on the
+ kind and number of services running concurrently.</para>
+
+ <para><varname>kern.maxfile</varname>'s default value is
+ dictated by the <option>maxusers</option> option in your
+ kernel configuration file. <varname>kern.maxfiles</varname> grows
+ proportionally to the value of <option>maxusers</option>. When
+ compiling a custom kernel, it is a good idea to set this kernel
+ configuration option according to the uses of your system. From
+ this number, the kernel is given most of its pre-defined limits.
+ Even though a production machine may not actually have 256 users
+ connected at once, the resources needed may be similar to a
+ high-scale web server.</para>
+
+ <para>Starting with &os;&nbsp;4.5, the system will auto-tune
+ <literal>maxusers</literal> for you if you explicitly set it to
+ <literal>0</literal><footnote>
+ <para>The auto-tuning algorithm sets
+ <literal>maxusers</literal> equal to the amount of memory in the
+ system, with a minimum of 32, and a maximum of 384.</para>
+ </footnote>. In &os;&nbsp;5.X and above, <literal>maxusers</literal>
+ will default to <literal>0</literal> if not specified. If you
+ are using an version of &os; earlier than 4.5, or you want to
+ manage it yourself you will want to set
+ <literal>maxusers</literal> to at least 4, especially if you are
+ using the X Window System or compiling software. The reason is that
+ the most important table set by <literal>maxusers</literal> is the
+ maximum number of processes, which is set to <literal>20 + 16 *
+ maxusers</literal>, so if you set <literal>maxusers</literal> to 1,
+ then you can only have 36 simultaneous processes, including the 18
+ or so that the system starts up at boot time and the 15 or so you
+ will probably create when you start the X Window System. Even a
+ simple task like reading a manual page will start up nine
+ processes to filter, decompress, and view it. Setting
+ <literal>maxusers</literal> to 64 will allow you to have up to 1044
+ simultaneous processes, which should be enough for nearly all uses.
+ If, however, you see the dreaded <errortype>proc table
+ full</errortype> error when trying to start another program, or are
+ running a server with a large number of simultaneous users (like
+ <hostid role="fqdn">ftp.FreeBSD.org</hostid>), you can always
+ increase the number and rebuild.</para>
+
+ <note>
+ <para><literal>maxusers</literal> does <emphasis>not</emphasis>
+ limit the number of users which can log into your machine. It
+ simply sets various table sizes to reasonable values considering
+ the maximum number of users you will likely have on your system
+ and how many processes each of them will be running. One keyword
+ which <emphasis>does</emphasis> limit the number of simultaneous
+ remote logins and X terminal windows is <link
+ linkend="kernelconfig-ptys"><literal>pseudo-device pty
+ 16</literal></link>. With &os;&nbsp;5.X, you do not have to
+ worry about this number since the &man.pty.4; driver is
+ <quote>auto-cloning</quote>; you simply use the line
+ <literal>device pty</literal> in your configuration file.</para>
+ </note>
+
+ </sect3>
+
+ <sect3>
+ <title><varname>kern.ipc.somaxconn</varname></title>
+
+ <indexterm>
+ <primary><varname>kern.ipc.somaxconn</varname></primary>
+ </indexterm>
+
+ <para>The <varname>kern.ipc.somaxconn</varname> sysctl variable
+ limits the size of the listen queue for accepting new TCP
+ connections. The default value of <literal>128</literal> is
+ typically too low for robust handling of new connections in a
+ heavily loaded web server environment. For such environments, it
+ is recommended to increase this value to <literal>1024</literal> or
+ higher. The service daemon may itself limit the listen queue size
+ (e.g. &man.sendmail.8;, or <application>Apache</application>) but
+ will often have a directive in its configuration file to adjust
+ the queue size. Large listen queues also do a better job of
+ avoiding Denial of Service (<abbrev>DoS</abbrev>) attacks.</para>
+ </sect3>
+
+ </sect2>
+ <sect2 id="nmbclusters">
+ <title>Network Limits</title>
+
+ <para>The <literal>NMBCLUSTERS</literal> kernel configuration
+ option dictates the amount of network Mbufs available to the
+ system. A heavily-trafficked server with a low number of Mbufs
+ will hinder &os;'s ability. Each cluster represents
+ approximately 2&nbsp;K of memory, so a value of 1024 represents 2
+ megabytes of kernel memory reserved for network buffers. A
+ simple calculation can be done to figure out how many are
+ needed. If you have a web server which maxes out at 1000
+ simultaneous connections, and each connection eats a 16&nbsp;K receive
+ and 16&nbsp;K send buffer, you need approximately 32&nbsp;MB worth of
+ network buffers to cover the web server. A good rule of thumb is
+ to multiply by 2, so 2x32&nbsp;MB&nbsp;/&nbsp;2&nbsp;KB&nbsp;=
+ 64&nbsp;MB&nbsp;/&nbsp;2&nbsp;kB&nbsp;= 32768. We recommend
+ values between 4096 and 32768 for machines with greater amounts
+ of memory. Under no circumstances should you specify an
+ arbitrarily high value for this parameter as it could lead to a
+ boot time crash. The <option>-m</option> option to
+ &man.netstat.1; may be used to observe network cluster
+ use.</para>
+
+ <para><varname>kern.ipc.nmbclusters</varname> loader tunable should
+ be used to tune this at boot time. Only older versions of &os;
+ will require you to use the <literal>NMBCLUSTERS</literal> kernel
+ &man.config.8; option.</para>
+
+ <para>For busy servers that make extensive use of the
+ &man.sendfile.2; system call, it may be necessary to increase
+ the number of &man.sendfile.2; buffers via the
+ <literal>NSFBUFS</literal> kernel configuration option or by
+ setting its value in <filename>/boot/loader.conf</filename>
+ (see &man.loader.8; for details). A common indicator that
+ this parameter needs to be adjusted is when processes are seen
+ in the <literal>sfbufa</literal> state. The sysctl
+ variable <varname>kern.ipc.nsfbufs</varname> is a read-only
+ glimpse at the kernel configured variable. This parameter
+ nominally scales with <varname>kern.maxusers</varname>,
+ however it may be necessary to tune accordingly.</para>
+
+ <important>
+ <para>Even though a socket has been marked as non-blocking,
+ calling &man.sendfile.2; on the non-blocking socket may
+ result in the &man.sendfile.2; call blocking until enough
+ <literal>struct sf_buf</literal>'s are made
+ available.</para>
+ </important>
+
+ <sect3>
+ <title><varname>net.inet.ip.portrange.*</varname></title>
+
+ <indexterm>
+ <primary>net.inet.ip.portrange.*</primary>
+ </indexterm>
+
+ <para>The <varname>net.inet.ip.portrange.*</varname> sysctl
+ variables control the port number ranges automatically bound to TCP
+ and UDP sockets. There are three ranges: a low range, a default
+ range, and a high range. Most network programs use the default
+ range which is controlled by the
+ <varname>net.inet.ip.portrange.first</varname> and
+ <varname>net.inet.ip.portrange.last</varname>, which default to
+ 1024 and 5000, respectively. Bound port ranges are used for
+ outgoing connections, and it is possible to run the system out of
+ ports under certain circumstances. This most commonly occurs
+ when you are running a heavily loaded web proxy. The port range
+ is not an issue when running servers which handle mainly incoming
+ connections, such as a normal web server, or has a limited number
+ of outgoing connections, such as a mail relay. For situations
+ where you may run yourself out of ports, it is recommended to
+ increase <varname>net.inet.ip.portrange.last</varname> modestly.
+ A value of <literal>10000</literal>, <literal>20000</literal> or
+ <literal>30000</literal> may be reasonable. You should also
+ consider firewall effects when changing the port range. Some
+ firewalls may block large ranges of ports (usually low-numbered
+ ports) and expect systems to use higher ranges of ports for
+ outgoing connections &mdash; for this reason it is not recommended that
+ <varname>net.inet.ip.portrange.first</varname> be lowered.</para>
+ </sect3>
+
+ <sect3>
+ <title>TCP Bandwidth Delay Product</title>
+
+ <indexterm>
+ <primary>TCP Bandwidth Delay Product Limiting</primary>
+ <secondary><varname>net.inet.tcp.inflight.enable</varname></secondary>
+ </indexterm>
+
+ <para>The TCP Bandwidth Delay Product Limiting is similar to
+ TCP/Vegas in NetBSD. It can be
+ enabled by setting <varname>net.inet.tcp.inflight.enable</varname>
+ sysctl variable to <literal>1</literal>. The system will attempt
+ to calculate the bandwidth delay product for each connection and
+ limit the amount of data queued to the network to just the amount
+ required to maintain optimum throughput.</para>
+
+ <para>This feature is useful if you are serving data over modems,
+ Gigabit Ethernet, or even high speed WAN links (or any other link
+ with a high bandwidth delay product), especially if you are also
+ using window scaling or have configured a large send window. If
+ you enable this option, you should also be sure to set
+ <varname>net.inet.tcp.inflight.debug</varname> to
+ <literal>0</literal> (disable debugging), and for production use
+ setting <varname>net.inet.tcp.inflight.min</varname> to at least
+ <literal>6144</literal> may be beneficial. However, note that
+ setting high minimums may effectively disable bandwidth limiting
+ depending on the link. The limiting feature reduces the amount of
+ data built up in intermediate route and switch packet queues as
+ well as reduces the amount of data built up in the local host's
+ interface queue. With fewer packets queued up, interactive
+ connections, especially over slow modems, will also be able to
+ operate with lower <emphasis>Round Trip Times</emphasis>. However,
+ note that this feature only effects data transmission (uploading
+ / server side). It has no effect on data reception (downloading).
+ </para>
+
+ <para>Adjusting <varname>net.inet.tcp.inflight.stab</varname> is
+ <emphasis>not</emphasis> recommended. This parameter defaults to
+ 20, representing 2 maximal packets added to the bandwidth delay
+ product window calculation. The additional window is required to
+ stabilize the algorithm and improve responsiveness to changing
+ conditions, but it can also result in higher ping times over slow
+ links (though still much lower than you would get without the
+ inflight algorithm). In such cases, you may wish to try reducing
+ this parameter to 15, 10, or 5; and may also have to reduce
+ <varname>net.inet.tcp.inflight.min</varname> (for example, to
+ 3500) to get the desired effect. Reducing these parameters
+ should be done as a last resort only.</para>
+
+ <note>
+ <para>In 4.X and earlier releases of &os; the
+ <literal>inflight</literal> sysctl variables are directly under
+ <varname>net.inet.tcp</varname>. Their names were
+ (in alphabetic order):
+ <varname>net.inet.tcp.inflight_debug</varname>,
+ <varname>net.inet.tcp.inflight_enable</varname>,
+ <varname>net.inet.tcp.inflight_max</varname>,
+ <varname>net.inet.tcp.inflight_min</varname>,
+ <varname>net.inet.tcp.inflight_stab</varname>.</para>
+ </note>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Virtual Memory</title>
+
+ <sect3>
+ <title><varname>kern.maxvnodes</varname></title>
+
+ <para>A vnode is the internal representation of a file or
+ directory. So increasing the number of vnodes available to
+ the operating system cuts down on disk I/O. Normally this
+ is handled by the operating system and does not need to be
+ changed. In some cases where disk I/O is a bottleneck and
+ the system is running out of vnodes, this setting will need
+ to be increased. The amount of inactive and free RAM will
+ need to be taken into account.</para>
+
+ <para>To see the current number of vnodes in use:</para>
+
+ <programlisting>&prompt.root; sysctl vfs.numvnodes
+vfs.numvnodes: 91349</programlisting>
+
+ <para>To see the maximum vnodes:</para>
+
+ <programlisting>&prompt.root; sysctl kern.maxvnodes
+kern.maxvnodes: 100000</programlisting>
+
+ <para>If the current vnode usage is near the maximum, increasing
+ <varname>kern.maxvnodes</varname> by a value of 1,000 is
+ probably a good idea. Keep an eye on the number of
+ <varname>vfs.numvnodes</varname>. If it climbs up to the
+ maximum again, <varname>kern.maxvnodes</varname> will need to
+ be increased further. A shift in your memory usage as
+ reported by &man.top.1; should be visible. More memory should
+ be active.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="adding-swap-space">
+ <title>Adding Swap Space</title>
+
+ <para>No matter how well you plan, sometimes a system does not run
+ as you expect. If you find you need more swap space, it is
+ simple enough to add. You have three ways to increase swap
+ space: adding a new hard drive, enabling swap over NFS, and
+ creating a swap file on an existing partition.</para>
+
+ <sect2 id="new-drive-swap">
+ <title>Swap on a New Hard Drive</title>
+
+ <para>The best way to add swap, of course, is to use this as an
+ excuse to add another hard drive. You can always use another
+ hard drive, after all. If you can do this, go reread the
+ discussion of swap space
+ in <xref linkend="configtuning-initial">
+ of the Handbook for some suggestions on how to best
+ arrange your swap.</para>
+ </sect2>
+
+ <sect2 id="nfs-swap">
+ <title>Swapping over NFS</title>
+
+ <para>Swapping over NFS is only recommended if you do not have a
+ local hard disk to swap to. Swapping over NFS is slow and
+ inefficient in versions of &os; prior to 4.X. It is
+ reasonably fast and efficient in 4.0-RELEASE and newer. Even
+ with newer versions of &os;, NFS swapping will be limited
+ by the available network bandwidth and puts an additional
+ burden on the NFS server.</para>
+ </sect2>
+
+ <sect2 id="create-swapfile">
+ <title>Swapfiles</title>
+
+ <para>You can create a file of a specified size to use as a swap
+ file. In our example here we will use a 64MB file called
+ <filename>/usr/swap0</filename>. You can use any name you
+ want, of course.</para>
+
+ <example>
+ <title>Creating a Swapfile on &os; 4.X</title>
+
+ <orderedlist>
+ <listitem>
+ <para>Be certain that your kernel configuration includes
+ the vnode driver. It is <emphasis>not</emphasis> in recent versions of
+ <filename>GENERIC</filename>.</para>
+
+ <programlisting>pseudo-device vn 1 #Vnode driver (turns a file into a device)</programlisting>
+ </listitem>
+
+ <listitem>
+ <para>Create a vn-device:</para>
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>sh MAKEDEV vn0</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>Create a swapfile (<filename>/usr/swap0</filename>):</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/usr/swap0 bs=1024k count=64</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>Set proper permissions on (<filename>/usr/swap0</filename>):</para>
+
+ <screen>&prompt.root; <userinput>chmod 0600 /usr/swap0</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>Enable the swap file in <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>swapfile="/usr/swap0" # Set to name of swapfile if aux swapfile desired.</programlisting>
+ </listitem>
+
+ <listitem>
+
+ <para>Reboot the machine or to enable the swap file immediately,
+ type:</para>
+
+ <screen>&prompt.root; <userinput>vnconfig -e /dev/vn0b /usr/swap0 swap</userinput></screen>
+ </listitem>
+ </orderedlist>
+
+ </example>
+ <example>
+ <title>Creating a Swapfile on &os; 5.X</title>
+
+ <orderedlist>
+ <listitem>
+ <para>Be certain that your kernel configuration includes
+ the memory disk driver (&man.md.4;). It is default in
+ <filename>GENERIC</filename> kernel.</para>
+
+ <programlisting>device md # Memory "disks"</programlisting>
+ </listitem>
+
+ <listitem>
+ <para>Create a swapfile (<filename>/usr/swap0</filename>):</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/usr/swap0 bs=1024k count=64</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>Set proper permissions on (<filename>/usr/swap0</filename>):</para>
+
+ <screen>&prompt.root; <userinput>chmod 0600 /usr/swap0</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>Enable the swap file in <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>swapfile="/usr/swap0" # Set to name of swapfile if aux swapfile desired.</programlisting>
+ </listitem>
+
+ <listitem>
+
+ <para>Reboot the machine or to enable the swap file immediately,
+ type:</para>
+
+ <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /usr/swap0 -u 0 && swapon /dev/md0</userinput></screen>
+ </listitem>
+ </orderedlist>
+
+ </example>
+ </sect2>
+ </sect1>
+
+ <sect1 id="acpi-overview">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Hiten</firstname>
+ <surname>Pandya</surname>
+ <contrib>Written by </contrib>
+ </author>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Power and Resource Management</title>
+
+ <para>It is very important to utilize hardware resources in an
+ efficient manner. Before <acronym>ACPI</acronym> was introduced,
+ it was very difficult and inflexible for operating systems to manage
+ the power usage and thermal properties of a system. The hardware was
+ controlled by some sort of <acronym>BIOS</acronym> embedded
+ interface, such as <emphasis>Plug and Play BIOS (PNPBIOS)</emphasis>, or
+ <emphasis>Advanced Power Management (APM)</emphasis> and so on.
+ Power and Resource Management is one of the key components of a modern
+ operating system. For example, you may want an operating system to
+ monitor system limits (and possibly alert you) in case your system
+ temperature increased unexpectedly.</para>
+
+ <para>In this section of the &os; Handbook, we will provide
+ comprehensive information about <acronym>ACPI</acronym>. References
+ will be provided for further reading at the end. Please be aware
+ that <acronym>ACPI</acronym> is available on &os;&nbsp;5.X and
+ above systems as a default kernel module. For &os;&nbsp;4.9,
+ <acronym>ACPI</acronym> can be enabled by adding the line
+ <literal>device acpica</literal> to a kernel configuration and
+ rebuilding.</para>
+
+ <sect2 id="acpi-intro">
+ <title>What Is ACPI?</title>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ </indexterm>
+
+ <indexterm>
+ <primary>APM</primary>
+ </indexterm>
+
+ <para>Advanced Configuration and Power Interface
+ (<acronym>ACPI</acronym>) is a standard written by
+ an alliance of vendors to provide a standard interface for
+ hardware resources and power management (hence the name).
+ It is a key element in <emphasis>Operating System-directed
+ configuration and Power Management</emphasis>, i.e.: it provides
+ more control and flexibility to the operating system
+ (<acronym>OS</acronym>).
+ Modern systems <quote>stretched</quote> the limits of the
+ current Plug and Play interfaces (such as APM, which is used in
+ &os;&nbsp;4.X), prior to the introduction of
+ <acronym>ACPI</acronym>. <acronym>ACPI</acronym> is the direct
+ successor to <acronym>APM</acronym>
+ (Advanced Power Management).</para>
+ </sect2>
+
+ <sect2 id="acpi-old-spec">
+ <title>Shortcomings of Advanced Power Management (APM)</title>
+
+ <para>The <emphasis>Advanced Power Management (APM)</emphasis>
+ facility controls the power usage of a system based on its
+ activity. The APM BIOS is supplied by the (system) vendor and
+ it is specific to the hardware platform. An APM driver in the
+ OS mediates access to the <emphasis>APM Software Interface</emphasis>,
+ which allows management of power levels.</para>
+
+ <para>There are four major problems in APM. Firstly, power
+ management is done by the (vendor-specific) BIOS, and the OS
+ does not have any knowledge of it. One example of this, is when
+ the user sets idle-time values for a hard drive in the APM BIOS,
+ that when exceeded, it (BIOS) would spin down the hard drive,
+ without the consent of the OS. Secondly, the APM logic is
+ embedded in the BIOS, and it operates outside the scope of the
+ OS. This means users can only fix problems in their APM BIOS by
+ flashing a new one into the ROM; which is a very dangerous
+ procedure with the potential to leave the system in an
+ unrecoverable state if it fails. Thirdly, APM is a vendor-specific
+ technology, which means that there is a lot of parity
+ (duplication of efforts) and bugs found in one vendor's BIOS,
+ may not be solved in others. Last but not the least, the APM
+ BIOS did not have enough room to implement a sophisticated power
+ policy, or one that can adapt very well to the purpose of the
+ machine.</para>
+
+ <para><emphasis>Plug and Play BIOS (PNPBIOS)</emphasis> was
+ unreliable in many situations. PNPBIOS is 16-bit technology,
+ so the OS has to use 16-bit emulation in order to
+ <quote>interface</quote> with PNPBIOS methods.</para>
+
+ <para>The &os; <acronym>APM</acronym> driver is documented in
+ the &man.apm.4; manual page.</para>
+ </sect2>
+
+ <sect2 id="acpi-config">
+ <title>Configuring <acronym>ACPI</acronym></title>
+
+ <para>The <filename>acpi.ko</filename> driver is loaded by default
+ at start up by the &man.loader.8; and should <emphasis>not</emphasis>
+ be compiled into the kernel. The reasoning behind this is that modules
+ are easier to work with, say if switching to another <filename>acpi.ko</filename>
+ without doing a kernel rebuild. This has the advantage of making testing easier.
+ Another reason is that starting <acronym>ACPI</acronym> after a system has been
+ brought up is not too useful, and in some cases can be fatal. In doubt, just
+ disable <acronym>ACPI</acronym> all together. This driver should not and can not
+ be unloaded because the system bus uses it for various hardware interactions.
+ <acronym>ACPI</acronym> can be disabled with the &man.acpiconf.8; utility.
+ In fact most of the interaction with <acronym>ACPI</acronym> can be done via
+ &man.acpiconf.8;. Basically this means, if anything about <acronym>ACPI</acronym>
+ is in the &man.dmesg.8; output, then most likely it is already running.</para>
+
+ <note><para><acronym>ACPI</acronym> and <acronym>APM</acronym> cannot coexist and
+ should be used separately. The last one to load will terminate if the driver
+ notices the other running.</para></note>
+
+ <para>In the simplest form, <acronym>ACPI</acronym> can be used to put the
+ system into a sleep mode with &man.acpiconf.8;, the <option>-s</option>
+ flag, and a <literal>1-5</literal> option. Most users will only need
+ <literal>1</literal>. Option <literal>5</literal> will do a soft-off
+ which is the same action as:</para>
+
+ <screen>&prompt.root; <userinput>halt -p</userinput></screen>
+
+ <para>The other options are available. Check out the &man.acpiconf.8;
+ manual page for more information.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="ACPI-debug">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Nate</firstname>
+ <surname>Lawson</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Peter</firstname>
+ <surname>Schultz</surname>
+ <contrib>With contributions from </contrib>
+ </author>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Using and Debugging &os; <acronym>ACPI</acronym></title>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ <secondary>problems</secondary>
+ </indexterm>
+
+ <para><acronym>ACPI</acronym> is a fundamentally new way of
+ discovering devices, managing power usage, and providing
+ standardized access to various hardware previously managed
+ by the <acronym>BIOS</acronym>. Progress is being made toward
+ <acronym>ACPI</acronym> working on all systems, but bugs in some
+ motherboards' <firstterm><acronym>ACPI</acronym> Machine
+ Language</firstterm> (<acronym>AML</acronym>) bytecode,
+ incompleteness in &os;'s kernel subsystems, and bugs in the &intel;
+ <acronym>ACPI-CA</acronym> interpreter continue to appear.</para>
+
+ <para>This document is intended to help you assist the &os;
+ <acronym>ACPI</acronym> maintainers in identifying the root cause
+ of problems you observe and debugging and developing a solution.
+ Thanks for reading this and we hope we can solve your system's
+ problems.</para>
+
+ <sect2 id="ACPI-submitdebug">
+ <title>Submitting Debugging Information</title>
+
+ <note>
+ <para>Before submitting a problem, be sure you are running the latest
+ <acronym>BIOS</acronym> version and, if available, embedded
+ controller firmware version.</para>
+ </note>
+
+ <para>For those of you that want to submit a problem right away,
+ please send the following information to
+ <ulink url="mailto:freebsd-acpi@FreeBSD.org">
+ freebsd-acpi@FreeBSD.org</ulink>:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Description of the buggy behavior, including system type
+ and model and anything that causes the bug to appear. Also,
+ please note as accurately as possible when the bug began
+ occurring if it is new for you.</para>
+ </listitem>
+
+ <listitem>
+ <para>The &man.dmesg.8; output after <command>boot
+ -v</command>, including any error messages
+ generated by you exercising the bug.</para>
+ </listitem>
+
+ <listitem>
+ <para>The &man.dmesg.8; output from <command>boot
+ -v</command> with <acronym>ACPI</acronym>
+ disabled, if disabling it helps fix the problem.</para>
+ </listitem>
+
+ <listitem>
+ <para>Output from <command>sysctl hw.acpi</command>. This is also
+ a good way of figuring out what features your system
+ offers.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>URL</acronym> where your
+ <firstterm><acronym>ACPI</acronym> Source Language</firstterm>
+ (<acronym>ASL</acronym>)
+ can be found. Do <emphasis>not</emphasis> send the
+ <acronym>ASL</acronym> directly to the list as it can be
+ very large. Generate a copy of your <acronym>ASL</acronym>
+ by running this command:</para>
+
+ <screen>&prompt.root; <userinput>acpidump -t -d &gt; <replaceable>name</replaceable>-<replaceable>system</replaceable>.asl</userinput></screen>
+
+ <para>(Substitute your login name for
+ <replaceable>name</replaceable> and manufacturer/model for
+ <replaceable>system</replaceable>. Example:
+ <filename>njl-FooCo6000.asl</filename>)</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Most of the developers watch the &a.current;
+ but please submit problems to &a.acpi.name; to be sure it is
+ seen. Please be patient, all of us have full-time jobs
+ elsewhere. If your bug is not immediately apparent, we will
+ probably ask you to submit a <acronym>PR</acronym> via
+ &man.send-pr.1;. When entering a <acronym>PR</acronym>, please
+ include the same information as requested above. This will help
+ us track the problem and resolve it. Do not send a
+ <acronym>PR</acronym> without emailing &a.acpi.name; first as we use
+ <acronym>PR</acronym>s as reminders of existing problems, not a
+ reporting mechanism. It is likely that your problem has been
+ reported by someone before.</para>
+ </sect2>
+
+ <sect2 id="ACPI-background">
+ <title>Background</title>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ </indexterm>
+
+ <para><acronym>ACPI</acronym> is present in all modern computers
+ that conform to the ia32 (x86), ia64 (Itanium), and amd64 (AMD)
+ architectures. The full standard has many features including
+ <acronym>CPU</acronym> performance management, power planes
+ control, thermal zones, various battery systems, embedded
+ controllers, and bus enumeration. Most systems implement less
+ than the full standard. For instance, a desktop system usually
+ only implements the bus enumeration parts while a laptop might
+ have cooling and battery management support as well. Laptops
+ also have suspend and resume, with their own associated
+ complexity.</para>
+
+ <para>An <acronym>ACPI</acronym>-compliant system has various
+ components. The <acronym>BIOS</acronym> and chipset vendors
+ provide various fixed tables (e.g., <acronym>FADT</acronym>)
+ in memory that specify things like the <acronym>APIC</acronym>
+ map (used for <acronym>SMP</acronym>), config registers, and
+ simple configuration values. Additionally, a table of bytecode
+ (the <firstterm>Differentiated System Description Table</firstterm>
+ <acronym>DSDT</acronym>) is provided that specifies a
+ tree-like name space of devices and methods.</para>
+
+ <para>The <acronym>ACPI</acronym> driver must parse the fixed
+ tables, implement an interpreter for the bytecode, and modify
+ device drivers and the kernel to accept information from the
+ <acronym>ACPI</acronym> subsystem. For &os;, &intel; has
+ provided an interpreter (<acronym>ACPI-CA</acronym>) that is
+ shared with Linux and NetBSD. The path to the
+ <acronym>ACPI-CA</acronym> source code is
+ <filename class="directory">src/sys/contrib/dev/acpica</filename>.
+ The glue code that allows <acronym>ACPI-CA</acronym> to work on
+ &os; is in
+ <filename>src/sys/dev/acpica/Osd</filename>. Finally, drivers
+ that implement various <acronym>ACPI</acronym> devices are found
+ in
+ <filename class="directory">src/sys/dev/acpica</filename>.</para>
+ </sect2>
+
+ <sect2 id="ACPI-comprob">
+ <title>Common Problems</title>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ <secondary>problems</secondary>
+ </indexterm>
+
+ <para>For <acronym>ACPI</acronym> to work correctly, all the parts
+ have to work correctly. Here are some common problems, in order
+ of frequency of appearance, and some possible workarounds or
+ fixes.</para>
+
+ <sect3>
+ <title>Mouse Issues</title>
+
+ <para>In some cases, resuming from a suspend operation will
+ cause the mouse to fail. A known work around is to add
+ <literal>hint.psm.0.flags="0x3000"</literal> to the
+ <filename>/boot/loader.conf</filename> file. If this
+ does not work then please consider sending a bug report
+ as described above.</para>
+ </sect3>
+
+ <sect3>
+ <title>Suspend/Resume</title>
+
+ <para><acronym>ACPI</acronym> has three suspend to
+ <acronym>RAM</acronym> (<acronym>STR</acronym>) states,
+ <literal>S1</literal>-<literal>S3</literal>, and one suspend
+ to disk state (<literal>STD</literal>), called
+ <literal>S4</literal>. <literal>S5</literal> is
+ <quote>soft off</quote> and is the normal state your system
+ is in when plugged in but not powered up.
+ <literal>S4</literal> can actually be implemented two separate
+ ways. <literal>S4</literal><acronym>BIOS</acronym> is a
+ <acronym>BIOS</acronym>-assisted suspend to disk.
+ <literal>S4</literal><acronym>OS</acronym> is implemented
+ entirely by the operating system.</para>
+
+ <para>Start by checking <command>sysctl hw.acpi</command>
+ for the suspend-related items. Here
+ are the results for a Thinkpad:</para>
+
+ <screen>hw.acpi.supported_sleep_state: S3 S4 S5
+hw.acpi.s4bios: 0</screen>
+
+ <para>This means that we can use <command>acpiconf -s</command>
+ to test <literal>S3</literal>,
+ <literal>S4</literal><acronym>OS</acronym>, and
+ <literal>S5</literal>. If <option>s4bios</option> was one
+ (<literal>1</literal>), we would have
+ <literal>S4</literal><acronym>BIOS</acronym>
+ support instead of <literal>S4</literal>
+ <acronym>OS</acronym>.</para>
+
+ <para>When testing suspend/resume, start with
+ <literal>S1</literal>, if supported. This state is most
+ likely to work since it does not require much driver support.
+ No one has implemented <literal>S2</literal> but if you have
+ it, it is similar to <literal>S1</literal>. The next thing
+ to try is <literal>S3</literal>. This is the deepest
+ <acronym>STR</acronym> state and requires a lot of driver
+ support to properly reinitialize your hardware. If you have
+ problems resuming, feel free to email the &a.acpi.name; list but
+ do not expect the problem to be resolved since there are a lot
+ of drivers/hardware that need more testing and work.</para>
+
+ <para>To help isolate the problem, remove as many drivers from
+ your kernel as possible. If it works, you can narrow down
+ which driver is the problem by loading drivers until it fails
+ again. Typically binary drivers like
+ <filename>nvidia.ko</filename>, X11
+ display drivers, and <acronym>USB</acronym> will have the most
+ problems while Ethernet interfaces usually work fine. If you
+ can properly load/unload the drivers, you can automate this by
+ putting the appropriate commands in
+ <filename>/etc/rc.suspend</filename> and
+ <filename>/etc/rc.resume</filename>. There is a
+ commented-out example for unloading and loading a driver. Try
+ setting <option>hw.acpi.reset_video</option> to zero (<literal>0</literal>) if
+ your display is messed up after resume. Try setting longer or
+ shorter values for <option>hw.acpi.sleep_delay</option> to see
+ if that helps.</para>
+
+ <para>Another thing to try is load a recent Linux distribution
+ with <acronym>ACPI</acronym> support and test their
+ suspend/resume support on the same hardware. If it works
+ on Linux, it is likely a &os; driver problem and narrowing down
+ which driver causes the problems will help us fix the problem.
+ Note that the <acronym>ACPI</acronym> maintainers do not
+ usually maintain other drivers (e.g sound,
+ <acronym>ATA</acronym>, etc.) so any work done on tracking
+ down a driver problem should probably eventually be posted
+ to the &a.current.name; list and mailed to the driver
+ maintainer. If you are feeling adventurous, go ahead and
+ start putting some debugging &man.printf.3;s in a problematic
+ driver to track down where in its resume function it
+ hangs.</para>
+
+ <para>Finally, try disabling <acronym>ACPI</acronym> and
+ enabling <acronym>APM</acronym> instead. If suspend/resume
+ works with <acronym>APM</acronym>, you may be better off
+ sticking with <acronym>APM</acronym>, especially on older
+ hardware (pre-2000). It took vendors a while to get
+ <acronym>ACPI</acronym> support correct and older hardware is
+ more likely to have <acronym>BIOS</acronym> problems with
+ <acronym>ACPI</acronym>.</para>
+ </sect3>
+
+ <sect3>
+ <title>System Hangs (temporary or permanent)</title>
+
+ <para>Most system hangs are a result of lost interrupts or an
+ interrupt storm. Chipsets have a lot of problems based on how
+ the <acronym>BIOS</acronym> configures interrupts before boot,
+ correctness of the <acronym>APIC</acronym>
+ (<acronym>MADT</acronym>) table, and routing of the
+ <firstterm>System Control Interrupt</firstterm>
+ (<acronym>SCI</acronym>).</para>
+
+ <indexterm>
+ <primary>interrupt storms</primary>
+ </indexterm>
+
+ <para>Interrupt storms can be distinguished from lost interrupts
+ by checking the output of <command>vmstat -i</command>
+ and looking at the line that has
+ <literal>acpi0</literal>. If the counter is increasing at more
+ than a couple per second, you have an interrupt storm. If the
+ system appears hung, try breaking to <acronym>DDB</acronym>
+ (<keycombo action="simul"><keycap>CTRL</keycap>
+ <keycap>ALT</keycap><keycap>ESC</keycap></keycombo> on
+ console) and type <literal>show interrupts</literal>.</para>
+
+ <indexterm>
+ <primary>APIC</primary>
+ <secondary>disabling</secondary>
+ </indexterm>
+
+ <para>Your best hope when dealing with interrupt problems is to
+ try disabling <acronym>APIC</acronym> support with
+ <literal>hint.apic.0.disabled="1"</literal> in
+ <filename>loader.conf</filename>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Panics</title>
+
+ <para>Panics are relatively rare for <acronym>ACPI</acronym> and
+ are the top priority to be fixed. The first step is to
+ isolate the steps to reproduce the panic (if possible)
+ and get a backtrace. Follow the advice for enabling
+ <literal>options DDB</literal> and setting up a serial console
+ (see <xref linkend="serialconsole-ddb">)
+ or setting up a &man.dump.8; partition. You can get a
+ backtrace in <acronym>DDB</acronym> with
+ <literal>tr</literal>. If you have to handwrite the
+ backtrace, be sure to at least get the lowest five (5) and top
+ five (5) lines in the trace.</para>
+
+ <para>Then, try to isolate the problem by booting with
+ <acronym>ACPI</acronym> disabled. If that works, you can
+ isolate the <acronym>ACPI</acronym> subsystem by using various
+ values of <option>debug.acpi.disable</option>. See the
+ &man.acpi.4; manual page for some examples.</para>
+ </sect3>
+
+ <sect3>
+ <title>System Powers Up After Suspend or Shutdown</title>
+ <para>First, try setting
+ <literal>hw.acpi.disable_on_poweroff="0"</literal>
+ in &man.loader.conf.5;. This keeps <acronym>ACPI</acronym>
+ from disabling various events during the shutdown process.
+ Some systems need this value set to <literal>1</literal> (the
+ default) for the same reason. This usually fixes
+ the problem of a system powering up spontaneously after a
+ suspend or poweroff.</para>
+ </sect3>
+
+ <sect3>
+ <title>Other Problems</title>
+
+ <para>If you have other problems with <acronym>ACPI</acronym>
+ (working with a docking station, devices not detected, etc.),
+ please email a description to the mailing list as well;
+ however, some of these issues may be related to unfinished
+ parts of the <acronym>ACPI</acronym> subsystem so they might
+ take a while to be implemented. Please be patient and
+ prepared to test patches we may send you.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="ACPI-aslanddump">
+ <title><acronym>ASL</acronym>, <command>acpidump</command>, and
+ <acronym>IASL</acronym></title>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ <secondary>ASL</secondary>
+ </indexterm>
+
+ <para>The most common problem is the <acronym>BIOS</acronym>
+ vendors providing incorrect (or outright buggy!) bytecode. This
+ is usually manifested by kernel console messages like
+ this:</para>
+
+ <screen>ACPI-1287: *** Error: Method execution failed [\\_SB_.PCI0.LPC0.FIGD._STA] \\
+(Node 0xc3f6d160), AE_NOT_FOUND</screen>
+
+ <para>Often, you can resolve these problems by updating your
+ <acronym>BIOS</acronym> to the latest revision. Most console
+ messages are harmless but if you have other problems like
+ battery status not working, they are a good place to start
+ looking for problems in the <acronym>AML</acronym>. The
+ bytecode, known as <acronym>AML</acronym>, is compiled from a
+ source language called <acronym>ASL</acronym>. The
+ <acronym>AML</acronym> is found in the table known as the
+ <acronym>DSDT</acronym>. To get a copy of your
+ <acronym>ASL</acronym>, use &man.acpidump.8;. You should use
+ both the <option>-t</option> (show contents of the fixed tables)
+ and <option>-d</option> (disassemble <acronym>AML</acronym> to
+ <acronym>ASL</acronym>) options. See the
+ <link linkend="ACPI-submitdebug">Submitting Debugging
+ Information</link> section for an example syntax.</para>
+
+ <para>The simplest first check you can do is to recompile your
+ <acronym>ASL</acronym> to check for errors. Warnings can
+ usually be ignored but errors are bugs that will usually prevent
+ <acronym>ACPI</acronym> from working correctly. To recompile
+ your <acronym>ASL</acronym>, issue the following command:</para>
+
+ <screen>&prompt.root; <userinput>iasl your.asl</userinput></screen>
+ </sect2>
+
+ <sect2 id="ACPI-fixasl">
+ <title>Fixing Your <acronym>ASL</acronym></title>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ <secondary>ASL</secondary>
+ </indexterm>
+
+ <para>In the long run, our goal is for almost everyone to have
+ <acronym>ACPI</acronym> work without any user intervention. At
+ this point, however, we are still developing workarounds for
+ common mistakes made by the <acronym>BIOS</acronym> vendors.
+ The &microsoft; interpreter (<filename>acpi.sys</filename> and
+ <filename>acpiec.sys</filename>) does not strictly check for
+ adherence to the standard, and thus many <acronym>BIOS</acronym>
+ vendors who only test <acronym>ACPI</acronym> under &windows;
+ never fix their <acronym>ASL</acronym>. We hope to continue to
+ identify and document exactly what non-standard behavior is
+ allowed by &microsoft;'s interpreter and replicate it so &os; can
+ work without forcing users to fix the <acronym>ASL</acronym>.
+ As a workaround and to help us identify behavior, you can fix
+ the <acronym>ASL</acronym> manually. If this works for you,
+ please send a &man.diff.1; of the old and new
+ <acronym>ASL</acronym> so we can possibly work around the buggy
+ behavior in <acronym>ACPI-CA</acronym> and thus make your fix
+ unnecessary.</para>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ <secondary>error messages</secondary>
+ </indexterm>
+
+ <para>Here is a list of common error messages, their cause, and
+ how to fix them:</para>
+
+ <sect3>
+ <title>_OS dependencies</title>
+
+ <para>Some <acronym>AML</acronym> assumes the world consists of
+ various &windows; versions. You can tell &os; to claim it is
+ any <acronym>OS</acronym> to see if this fixes problems you
+ may have. An easy way to override this is to set
+ <literal>hw.acpi.osname="Windows 2001"</literal>
+ in <filename>/boot/loader.conf</filename> or other similar
+ strings you find in the <acronym>ASL</acronym>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Missing Return statements</title>
+
+ <para>Some methods do not explicitly return a value as the
+ standard requires. While <acronym>ACPI-CA</acronym>
+ does not handle this, &os; has a workaround that allows it to
+ return the value implicitly. You can also add explicit
+ Return statements where required if you know what value should
+ be returned. To force <command>iasl</command> to compile the
+ <acronym>ASL</acronym>, use the <option>-f</option>
+ flag.</para>
+ </sect3>
+
+ <sect3>
+ <title>Overriding the Default <acronym>AML</acronym></title>
+
+ <para>After you customize <filename>your.asl</filename>, you
+ will want to compile it, run:</para>
+
+ <screen>&prompt.root; <userinput>iasl your.asl</userinput></screen>
+
+ <para>You can add the <option>-f</option> flag to force creation
+ of the <acronym>AML</acronym>, even if there are errors during
+ compilation. Remember that some errors (e.g., missing Return
+ statements) are automatically worked around by the
+ interpreter.</para>
+
+ <para><filename>DSDT.aml</filename> is the default output
+ filename for <command>iasl</command>. You can load this
+ instead of your <acronym>BIOS</acronym>'s buggy copy (which
+ is still present in flash memory) by editing
+ <filename>/boot/loader.conf</filename> as
+ follows:</para>
+
+ <programlisting>acpi_dsdt_load="YES"
+acpi_dsdt_name="/boot/DSDT.aml"</programlisting>
+
+ <para>Be sure to copy your <filename>DSDT.aml</filename> to the
+ <filename class="directory">/boot</filename> directory.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="ACPI-debugoutput">
+ <title>Getting Debugging Output From
+ <acronym>ACPI</acronym></title>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ <secondary>problems</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>ACPI</primary>
+ <secondary>debugging</secondary>
+ </indexterm>
+
+ <para>The <acronym>ACPI</acronym> driver has a very flexible
+ debugging facility. It allows you to specify a set of subsystems
+ as well as the level of verbosity. The subsystems you wish to
+ debug are specified as <quote>layers</quote> and are broken down
+ into <acronym>ACPI-CA</acronym> components (ACPI_ALL_COMPONENTS)
+ and <acronym>ACPI</acronym> hardware support (ACPI_ALL_DRIVERS).
+ The verbosity of debugging output is specified as the
+ <quote>level</quote> and ranges from ACPI_LV_ERROR (just report
+ errors) to ACPI_LV_VERBOSE (everything). The
+ <quote>level</quote> is a bitmask so multiple options can be set
+ at once, separated by spaces. In practice, you will want to use
+ a serial console to log the output if it is so long
+ it flushes the console message buffer. A full list of the
+ individual layers and levels is found in the &man.acpi.4; manual
+ page.</para>
+
+ <para>Debugging output is not enabled by default. To enable it,
+ add <literal>options ACPI_DEBUG</literal> to your kernel configuration file
+ if <acronym>ACPI</acronym> is compiled into the kernel. You can
+ add <literal>ACPI_DEBUG=1</literal> to your
+ <filename>/etc/make.conf</filename> to enable it globally. If
+ it is a module, you can recompile just your
+ <filename>acpi.ko</filename> module as follows:</para>
+
+ <screen>&prompt.root; <userinput>cd /sys/modules/acpi/acpi
+&amp;&amp; make clean &amp;&amp;
+make ACPI_DEBUG=1</userinput></screen>
+
+ <para>Install <filename>acpi.ko</filename> in
+ <filename class="directory">/boot/kernel</filename> and add your
+ desired level and layer to <filename>loader.conf</filename>.
+ This example enables debug messages for all
+ <acronym>ACPI-CA</acronym> components and all
+ <acronym>ACPI</acronym> hardware drivers
+ (<acronym>CPU</acronym>, <acronym>LID</acronym>, etc.) It will
+ only output error messages, the least verbose level.</para>
+
+ <programlisting>debug.acpi.layer="ACPI_ALL_COMPONENTS ACPI_ALL_DRIVERS"
+debug.acpi.level="ACPI_LV_ERROR"</programlisting>
+
+ <para>If the information you want is triggered by a specific event
+ (say, a suspend and then resume), you can leave out changes to
+ <filename>loader.conf</filename> and instead use
+ <command>sysctl</command> to specify the layer and level after
+ booting and preparing your system for the specific event. The
+ <command>sysctl</command>s are named the same as the tunables
+ in <filename>loader.conf</filename>.</para>
+ </sect2>
+
+ <sect2 id="ACPI-References">
+ <title>References</title>
+
+ <para>More information about <acronym>ACPI</acronym> may be found
+ in the following locations:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The &a.acpi;</para>
+ </listitem>
+
+ <listitem>
+ <para>The <acronym>ACPI</acronym> Mailing List Archives
+ <ulink url="http://lists.freebsd.org/pipermail/freebsd-acpi/"></ulink></para>
+ </listitem>
+
+ <listitem>
+ <para>The old <acronym>ACPI</acronym> Mailing List Archives
+ <ulink url="http://home.jp.FreeBSD.org/mail-list/acpi-jp/"></ulink></para>
+ </listitem>
+
+ <listitem>
+ <para>The <acronym>ACPI</acronym> 2.0 Specification
+ <ulink url="http://acpi.info/spec.htm"></ulink></para>
+ </listitem>
+
+ <listitem>
+ <para>&os; Manual pages: &man.acpi.4;,
+ &man.acpi.thermal.4;, &man.acpidump.8;, &man.iasl.8;,
+ &man.acpidb.8;</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.cpqlinux.com/acpi-howto.html#fix_broken_dsdt">
+ <acronym>DSDT</acronym> debugging resource</ulink>.
+ (Uses Compaq as an example but generally useful.)</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/cutting-edge/Makefile b/zh_TW.Big5/books/handbook/cutting-edge/Makefile
new file mode 100644
index 0000000000..29da7845dd
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/cutting-edge/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= cutting-edge/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/cutting-edge/chapter.sgml b/zh_TW.Big5/books/handbook/cutting-edge/chapter.sgml
new file mode 100644
index 0000000000..5f28e8f589
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/cutting-edge/chapter.sgml
@@ -0,0 +1,1850 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="cutting-edge">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Restructured, reorganized, and parts updated by </contrib>
+ </author>
+ <!-- Mar 2000 -->
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Jordan</firstname>
+ <surname>Hubbard</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ <author>
+ <firstname>Poul-Henning</firstname>
+ <surname>Kamp</surname>
+ </author>
+ <author>
+ <firstname>John</firstname>
+ <surname>Polstra</surname>
+ </author>
+ <author>
+ <firstname>Nik</firstname>
+ <surname>Clayton</surname>
+ </author>
+ </authorgroup>
+ <!-- with feedback from various others -->
+ </chapterinfo>
+
+ <title>The Cutting Edge</title>
+
+ <sect1 id="cutting-edge-synopsis">
+ <title>Synopsis</title>
+
+ <para>&os; is under constant development between releases. For
+ people who want to be on the cutting edge, there are several easy
+ mechanisms for keeping your system in sync with the latest
+ developments. Be warned&mdash;the cutting edge is not for everyone!
+ This chapter will help you decide if you want to track the
+ development system, or stick with one of the released
+ versions.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem><para>The difference between the two development
+ branches: &os.stable; and &os.current;.</para>
+ </listitem>
+ <listitem><para>How to keep your system up to date with
+ <application>CVSup</application>,
+ <application>CVS</application>, or
+ <application>CTM</application>.</para>
+ </listitem>
+ <listitem><para>How to rebuild and reinstall the entire base
+ system with <command>make buildworld</command> (etc).</para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem><para>Properly set up your network connection (<xref
+ linkend="advanced-networking">).</para>
+ </listitem>
+ <listitem><para>Know how to install additional third-party
+ software (<xref linkend="ports">).</para></listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="current-stable">
+ <title>&os.current; vs. &os.stable;</title>
+ <indexterm><primary>-CURRENT</primary></indexterm>
+ <indexterm><primary>-STABLE</primary></indexterm>
+
+ <para>There are two development branches to FreeBSD: &os.current; and
+ &os.stable;. This section will explain a bit about each and describe
+ how to keep your system up-to-date with each respective tree.
+ &os.current; will be discussed first, then &os.stable;.</para>
+
+ <sect2 id="current">
+ <title>Staying Current with &os;</title>
+
+ <para>As you read this, keep in mind that &os.current; is the
+ <quote>bleeding edge</quote> of &os; development.
+ &os.current; users are expected to have a high degree of
+ technical skill, and should be capable of solving difficult
+ system problems on their own. If you are new to &os;, think
+ twice before installing it. </para>
+
+ <sect3>
+ <title>What Is &os.current;?</title>
+ <indexterm><primary>snapshot</primary></indexterm>
+
+ <para>&os.current; is the latest working sources for &os;.
+ This includes work in progress, experimental changes, and
+ transitional mechanisms that might or might not be present
+ in the next official release of the software. While many
+ &os; developers compile the &os.current; source code daily,
+ there are periods of time when the sources are not
+ buildable. These problems are resolved as expeditiously as
+ possible, but whether or not &os.current; brings disaster or
+ greatly desired functionality can be a matter of which exact
+ moment you grabbed the source code in!</para>
+ </sect3>
+
+ <sect3>
+ <title>Who Needs &os.current;?</title>
+
+ <para>&os.current; is made available for 3 primary
+ interest groups:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Members of the &os; community who are actively working
+ on some part of the source tree and for whom keeping
+ <quote>current</quote> is an absolute
+ requirement.</para>
+ </listitem>
+
+ <listitem>
+ <para>Members of the &os; community who are active testers,
+ willing to spend time solving problems in order to
+ ensure that &os.current; remains as sane as possible.
+ These are also people who wish to make topical
+ suggestions on changes and the general direction of
+ &os;, and submit patches to implement them.</para>
+ </listitem>
+
+ <listitem>
+ <para>Those who merely wish to keep an eye on things, or
+ to use the current sources for reference purposes
+ (e.g. for <emphasis>reading</emphasis>, not running).
+ These people also make the occasional comment or
+ contribute code.</para>
+ </listitem>
+ </orderedlist>
+ </sect3>
+
+ <sect3>
+ <title>What Is &os.current; <emphasis>Not</emphasis>?</title>
+
+ <orderedlist>
+ <listitem>
+ <para>A fast-track to getting pre-release bits because you
+ heard there is some cool new feature in there and you
+ want to be the first on your block to have it. Being
+ the first on the block to get the new feature means that
+ you are the first on the block to get the new
+ bugs.</para>
+ </listitem>
+
+ <listitem>
+ <para>A quick way of getting bug fixes. Any given version
+ of &os.current; is just as likely to introduce new bugs
+ as to fix existing ones.</para>
+ </listitem>
+
+ <listitem>
+ <para>In any way <quote>officially supported</quote>. We
+ do our best to help people genuinely in one of the 3
+ <quote>legitimate</quote> &os.current; groups, but we
+ simply <emphasis>do not have the time</emphasis> to
+ provide tech support. This is not because we are mean
+ and nasty people who do not like helping people out (we
+ would not even be doing &os; if we were). We simply
+ cannot answer hundreds messages a day
+ <emphasis>and</emphasis> work on FreeBSD! Given the
+ choice between improving &os; and answering lots of
+ questions on experimental code, the developers opt for
+ the former.</para>
+ </listitem>
+ </orderedlist>
+ </sect3>
+
+ <sect3>
+ <title>Using &os.current;</title>
+
+ <indexterm>
+ <primary>-CURRENT</primary>
+ <secondary>using</secondary>
+ </indexterm>
+ <orderedlist>
+ <listitem>
+ <para>Join the &a.current.name; and the &a.cvsall.name; lists. This is not
+ just a good idea, it is <emphasis>essential</emphasis>. If
+ you are not on the <emphasis>&a.current.name;</emphasis> list,
+ you will not see the comments that people are
+ making about the current state of the system and thus will
+ probably end up stumbling over a lot of problems that others
+ have already found and solved. Even more importantly, you
+ will miss out on important bulletins which may be critical
+ to your system's continued health.</para>
+
+ <para>The &a.cvsall.name; list will allow you to see the
+ commit log entry for each change as it is made along with
+ any pertinent information on possible side-effects.</para>
+
+ <para>To join these lists, or one of the others available
+ go to &a.mailman.lists.link; and click on the list that
+ you wish to subscribe to. Instructions on the rest of
+ the procedure are available there.</para>
+ </listitem>
+
+ <listitem>
+ <para>Grab the sources from a &os; <link linkend="mirrors">mirror
+ site</link>. You can do this in one of two ways:</para>
+
+ <orderedlist>
+ <indexterm>
+ <primary><command>cvsup</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>cron</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>-CURRENT</primary>
+ <secondary>Syncing with <application>CVSup</application></secondary>
+ </indexterm>
+
+ <listitem>
+ <para>Use the <link linkend="cvsup">cvsup</link> program
+ with the <filename>supfile</filename> named <filename>standard-supfile</filename>
+ available from <filename>/usr/share/examples/cvsup</filename>.
+ This is the most recommended
+ method, since it allows you to grab the entire
+ collection once and then only what has changed from then
+ on. Many people run <command>cvsup</command> from
+ <command>cron</command> and keep their
+ sources up-to-date automatically. You have to
+ customize the sample <filename>supfile</filename> above, and configure
+ <link linkend="cvsup">cvsup</link> for your environment.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>-CURRENT</primary>
+ <secondary>Syncing with CTM</secondary>
+ </indexterm>
+ <listitem>
+ <para>Use the <application><link
+ linkend="ctm">CTM</link></application> facility. If you
+ have very bad connectivity (high price connections or
+ only email access) <application>CTM</application> is an option.
+ However, it is a lot of hassle and can give you broken files.
+ This leads to it being rarely used, which again increases
+ the chance of it not working for fairly long periods of
+ time. We recommend using
+ <application><link linkend="cvsup">CVSup</link></application>
+ for anybody with a 9600&nbsp;bps modem or faster connection.
+ </para>
+ </listitem>
+ </orderedlist>
+ </listitem>
+
+ <listitem>
+ <para>If you are grabbing the sources to run, and not just
+ look at, then grab <emphasis>all</emphasis> of &os.current;, not
+ just selected portions. The reason for this is that various
+ parts of the source depend on updates elsewhere, and trying
+ to compile just a subset is almost guaranteed to get you
+ into trouble.</para>
+
+ <indexterm>
+ <primary>-CURRENT</primary>
+ <secondary>compiling</secondary>
+ </indexterm>
+ <para>Before compiling &os.current;, read the
+ <filename>Makefile</filename> in <filename>/usr/src</filename>
+ carefully. You should at least <link
+ linkend="makeworld">install a new kernel and rebuild the world</link> the first time through
+ as part of the upgrading process. Reading the &a.current;
+ and <filename>/usr/src/UPDATING</filename> will keep you up-to-date on other bootstrapping procedures
+ that sometimes become necessary as we move toward the next
+ release.</para>
+ </listitem>
+
+ <listitem>
+ <para>Be active! If you are running &os.current;, we want
+ to know what you have to say about it, especially if you
+ have suggestions for enhancements or bug fixes. Suggestions
+ with accompanying code are received most
+ enthusiastically!</para>
+ </listitem>
+ </orderedlist>
+ </sect3>
+ </sect2>
+
+ <sect2 id="stable">
+ <title>Staying Stable with &os;</title>
+
+ <sect3>
+ <title>What Is &os.stable;?</title>
+ <indexterm><primary>-STABLE</primary></indexterm>
+
+ <para>&os.stable; is our development branch from which major releases
+ are made. Changes go into this branch at a different pace, and
+ with the general assumption that they have first gone into
+ &os.current; for testing. This is <emphasis>still</emphasis>
+ a development branch, however, and this means that at any given time,
+ the sources for &os.stable; may or may not be suitable for any
+ particular purpose. It is simply another engineering development
+ track, not a resource for end-users.</para>
+ </sect3>
+
+ <sect3>
+ <title>Who Needs &os.stable;?</title>
+
+ <para>If you are interested in tracking or contributing to the
+ FreeBSD development process, especially as it relates to the
+ next <quote>point</quote> release of FreeBSD, then you should
+ consider following &os.stable;.</para>
+
+ <para>While it is true that security fixes also go into the
+ &os.stable; branch, you do not <emphasis>need</emphasis> to
+ track &os.stable; to do this. Every security advisory for
+ FreeBSD explains how to fix the problem for the releases it
+ affects
+ <footnote><para>That is not quite true. We can not continue to
+ support old releases of FreeBSD forever, although we do
+ support them for many years. For a complete description
+ of the current security policy for old releases of
+ FreeBSD, please see <ulink
+ url="&url.base;/security/">http://www.FreeBSD.org/security/</ulink>.</para>
+ </footnote>
+ , and tracking an entire development branch just
+ for security reasons is likely to bring in a lot of unwanted
+ changes as well.</para>
+
+ <para>Although we endeavor to ensure that the &os.stable; branch
+ compiles and runs at all times, this cannot be guaranteed. In
+ addition, while code is developed in &os.current; before including
+ it in &os.stable;, more people run &os.stable; than &os.current;, so
+ it is inevitable that bugs and corner cases will sometimes be found
+ in &os.stable; that were not apparent in &os.current;.</para>
+
+ <para>For these reasons, we do <emphasis>not</emphasis> recommend that
+ you blindly track &os.stable;, and it is particularly important that
+ you do not update any production servers to &os.stable; without
+ first thoroughly testing the code in your development
+ environment.</para>
+
+ <para>If you do not have the resources to do this then we recommend
+ that you run the most recent release of FreeBSD, and use the binary
+ update mechanism to move from release to release.</para>
+ </sect3>
+
+ <sect3>
+ <title>Using &os.stable;</title>
+
+ <indexterm>
+ <primary>-STABLE</primary>
+ <secondary>using</secondary>
+ </indexterm>
+ <orderedlist>
+ <listitem>
+ <para>Join the &a.stable.name; list. This will keep you informed of
+ build-dependencies that may appear in &os.stable;
+ or any other issues requiring
+ special attention. Developers will also make announcements
+ in this mailing list when they are contemplating some
+ controversial fix or update, giving the users a chance to
+ respond if they have any issues to raise concerning the
+ proposed change.</para>
+
+ <para>The &a.cvsall.name; list will allow you to see the
+ commit log entry for each change as it is made along with
+ any pertinent information on possible side-effects.</para>
+
+ <para>To join these lists, or one of the others available
+ go to &a.mailman.lists.link; and click on the list that
+ you wish to subscribe to. Instructions on the rest of
+ the procedure are available there.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you are installing a new system and want it to be as
+ stable as possible, you can simply grab the latest dated
+ branch snapshot from <ulink
+ url="ftp://snapshots.jp.FreeBSD.org/pub/FreeBSD/snapshots/"></ulink>
+ and install it like any other release. Or you can
+ install the most recent &os.stable; release from the
+ <link linkend="mirrors">mirror sites</link> and follow
+ the instructions below to upgrade your system to the
+ most up to date &os.stable; source code.</para>
+
+ <para>If you are already running a previous release of &os;
+ and wish to upgrade via sources then you can easily do so
+ from &os; <link linkend="mirrors">mirror site</link>. This can
+ be done in one of two ways:</para>
+
+ <orderedlist>
+ <indexterm>
+ <primary><command>cvsup</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>cron</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>-STABLE</primary>
+ <secondary>syncing with <application>CVSup</application></secondary>
+ </indexterm>
+ <listitem>
+ <para>Use the <link linkend="cvsup">cvsup</link> program
+ with the <filename>supfile</filename> named <filename>stable-supfile</filename>
+ from the directory
+ <filename>/usr/share/examples/cvsup</filename>.
+ This is the most recommended
+ method, since it allows you to grab the entire
+ collection once and then only what has changed from then
+ on. Many people run <command>cvsup</command> from
+ <command>cron</command> to keep their
+ sources up-to-date automatically. You have to
+ customize the sample <filename>supfile</filename> above,
+ and configure <link linkend="cvsup">cvsup</link> for your
+ environment.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>-STABLE</primary>
+ <secondary>syncing with CTM</secondary>
+ </indexterm>
+ <listitem>
+ <para>Use the <application><link
+ linkend="ctm">CTM</link></application> facility. If
+ you do not have a fast and inexpensive connection to
+ the Internet, this is the method you should consider
+ using.
+ </para>
+ </listitem>
+ </orderedlist>
+ </listitem>
+
+ <listitem>
+ <para>Essentially, if you need rapid on-demand access to the
+ source and communications bandwidth is not a consideration,
+ use <command>cvsup</command> or <command>ftp</command>.
+ Otherwise, use <application>CTM</application>.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>-STABLE</primary>
+ <secondary>compiling</secondary>
+ </indexterm>
+ <listitem>
+ <para>Before compiling &os.stable;, read the
+ <filename>Makefile</filename> in <filename>/usr/src</filename>
+ carefully. You should at least <link
+ linkend="makeworld">install a new kernel and rebuild the world</link> the first time through
+ as part of the upgrading process. Reading the &a.stable; and <filename>/usr/src/UPDATING</filename> will
+ keep you up-to-date on other bootstrapping procedures that
+ sometimes become necessary as we move toward the next
+ release.</para>
+ </listitem>
+ </orderedlist>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="synching">
+ <title>Synchronizing Your Source</title>
+
+ <para>There are various ways of using an Internet (or email)
+ connection to stay up-to-date with any given area of the &os;
+ project sources, or all areas, depending on what interests you. The
+ primary services we offer are <link linkend="anoncvs">Anonymous
+ CVS</link>, <link linkend="cvsup">CVSup</link>, and <link
+ linkend="ctm">CTM</link>.</para>
+
+ <warning>
+ <para>While it is possible to update only parts of your source tree,
+ the only supported update procedure is to update the entire tree
+ and recompile both userland (i.e., all the programs that run in
+ user space, such as those in <filename>/bin</filename> and
+ <filename>/sbin</filename>) and kernel sources. Updating only part
+ of your source tree, only the kernel, or only userland will often
+ result in problems. These problems may range from compile errors
+ to kernel panics or data corruption.</para>
+ </warning>
+
+ <indexterm>
+ <primary>CVS</primary>
+ <secondary>anonymous</secondary>
+ </indexterm>
+
+ <para><application>Anonymous CVS</application> and
+ <application>CVSup</application> use the <emphasis>pull</emphasis>
+ model of updating sources. In the case of
+ <application>CVSup</application> the user (or a
+ <command>cron</command> script) invokes
+ the <command>cvsup</command> program, and it interacts with a
+ <command>cvsupd</command> server somewhere to bring your files
+ up-to-date. The updates you receive are up-to-the-minute and you
+ get them when, and only when, you want them. You can easily
+ restrict your updates to the specific files or directories that are
+ of interest to you. Updates are generated on the fly by the server,
+ according to what you have and what you want to have.
+ <application>Anonymous CVS</application> is quite a bit more
+ simplistic than <application>CVSup</application> in that it is just an extension to
+ <application>CVS</application> which allows it to pull changes
+ directly from a remote CVS repository.
+ <application>CVSup</application> can do this far more efficiently,
+ but <application>Anonymous CVS</application> is easier to
+ use.</para>
+
+ <indexterm>
+ <primary><application>CTM</application></primary>
+ </indexterm>
+ <para><application>CTM</application>, on the other hand, does not
+ interactively compare the sources you have with those on the master
+ archive or otherwise pull them across. Instead, a script which
+ identifies changes in files since its previous run is executed
+ several times a day on the master CTM machine, any detected changes
+ being compressed, stamped with a sequence-number and encoded for
+ transmission over email (in printable ASCII only). Once received,
+ these <quote>CTM deltas</quote> can then be handed to the
+ &man.ctm.rmail.1; utility which will automatically decode, verify
+ and apply the changes to the user's copy of the sources. This
+ process is far more efficient than <application>CVSup</application>,
+ and places less strain on our server resources since it is a
+ <emphasis>push</emphasis> rather than a <emphasis>pull</emphasis>
+ model.</para>
+
+ <para>There are other trade-offs, of course. If you inadvertently
+ wipe out portions of your archive, <application>CVSup</application>
+ will detect and rebuild the damaged portions for you.
+ <application>CTM</application> will not do this, and if you wipe some
+ portion of your source tree out (and do not have it backed up) then
+ you will have to start from scratch (from the most recent CVS
+ <quote>base delta</quote>) and rebuild it all with <application>CTM</application> or, with
+ <application>Anonymous CVS</application>, simply delete the bad bits and resync.</para>
+ </sect1>
+
+ <sect1 id="makeworld">
+ <title>Rebuilding <quote>world</quote></title>
+
+ <indexterm>
+ <primary>Rebuilding <quote>world</quote></primary>
+ </indexterm>
+ <para>Once you have synchronized your local source tree against a
+ particular version of &os; (&os.stable;, &os.current;, and so on)
+ you can then use the source
+ tree to rebuild the system.</para>
+
+ <warning>
+ <title>Take a Backup</title>
+
+ <para>It cannot be stressed enough how important it is to take a
+ backup of your system <emphasis>before</emphasis> you do this.
+ While rebuilding the world is (as long as you follow these
+ instructions) an easy task to do, there will inevitably be times
+ when you make mistakes, or when mistakes made by others in the
+ source tree render your system unbootable.</para>
+
+ <para>Make sure you have taken a backup. And have a fixit floppy or
+ bootable CD at
+ hand. You will probably never have to use it, but it is better to be
+ safe than sorry!</para>
+ </warning>
+
+ <warning>
+ <title>Subscribe to the Right Mailing List</title>
+
+ <indexterm><primary>mailing list</primary></indexterm>
+ <para>The &os.stable; and &os.current; branches are, by their
+ nature, <emphasis>in development</emphasis>. People that
+ contribute to &os; are human, and mistakes occasionally
+ happen.</para>
+
+ <para>Sometimes these mistakes can be quite harmless, just causing
+ your system to print a new diagnostic warning. Or the change may
+ be catastrophic, and render your system unbootable or destroy your
+ file systems (or worse).</para>
+
+ <para>If problems like these occur, a <quote>heads up</quote> is
+ posted to the appropriate mailing list, explaining the nature of
+ the problem and which systems it affects. And an <quote>all
+ clear</quote> announcement is posted when the problem has been
+ solved.</para>
+
+ <para>If you try to track &os.stable; or &os.current; and do
+ not read the &a.stable; or the
+ &a.current; respectively, then you are
+ asking for trouble.</para>
+ </warning>
+
+ <warning>
+ <title>Do not use <command>make world</command></title>
+
+ <para>A lot of older documentation recommends using
+ <command>make world</command> for this. Doing that skips
+ some important steps and should only be used if you are
+ sure of what you are doing. For almost all circumstances
+ <command>make world</command> is the wrong thing to do, and
+ the procedure described here should be used instead.</para>
+ </warning>
+
+ <sect2>
+ <title>The Canonical Way to Update Your System</title>
+
+ <para>To update your system, you should check
+ <filename>/usr/src/UPDATING</filename> for any pre-buildworld steps
+ necessary for your version of the sources and then use the following
+ procedure:</para>
+
+ <screen>&prompt.root; <userinput>make buildworld</userinput>
+&prompt.root; <userinput>make buildkernel</userinput>
+&prompt.root; <userinput>make installkernel</userinput>
+&prompt.root; <userinput>reboot</userinput></screen>
+
+ <note>
+ <para>There are a few rare cases when an extra run of
+ <command>mergemaster -p</command> is needed before the
+ <maketarget>buildworld</maketarget> step. These are
+ described in <filename>UPDATING</filename>. In general,
+ though, you can safely omit this step if you are not
+ updating across one or more major &os; versions.</para>
+ </note>
+
+ <para>After <maketarget>installkernel</maketarget> finishes
+ successfully, you should boot in single user mode
+ (i.e.&nbsp;using <command>boot -s</command> from the loader
+ prompt). Then run:</para>
+
+ <screen>&prompt.root; <userinput>mergemaster -p</userinput>
+&prompt.root; <userinput>make installworld</userinput>
+&prompt.root; <userinput>mergemaster</userinput>
+&prompt.root; <userinput>reboot</userinput></screen>
+
+ <warning>
+ <title>Read Further Explanations</title>
+
+ <para>The sequence described above is only a short resume to
+ help you getting started. You should however read the
+ following sections to clearly understand each step, especially
+ if you want to use a custom kernel configuration.</para>
+ </warning>
+ </sect2>
+
+ <sect2>
+ <title>Read <filename>/usr/src/UPDATING</filename></title>
+
+ <para>Before you do anything else, read
+ <filename>/usr/src/UPDATING</filename> (or the equivalent file
+ wherever you have a copy of the source code). This file should
+ contain important information about problems you might encounter, or
+ specify the order in which you might have to run certain commands.
+ If <filename>UPDATING</filename> contradicts something you read here,
+ <filename>UPDATING</filename> takes precedence.</para>
+
+ <important>
+ <para>Reading <filename>UPDATING</filename> is not an acceptable
+ substitute for subscribing to the correct mailing list, as described
+ previously. The two requirements are complementary, not
+ exclusive.</para>
+ </important>
+ </sect2>
+
+ <sect2>
+ <title>Check <filename>/etc/make.conf</filename></title>
+ <indexterm>
+ <primary><filename>make.conf</filename></primary>
+ </indexterm>
+
+ <para>Examine the files
+ <filename>/usr/share/examples/etc/make.conf</filename>
+ (called <filename>/etc/defaults/make.conf</filename> in &os;&nbsp;4.X) and
+ <filename>/etc/make.conf</filename>. The first contains some
+ default defines &ndash; most of which are commented out. To
+ make use of them when you rebuild your system from source, add
+ them to <filename>/etc/make.conf</filename>. Keep in mind that
+ anything you add to <filename>/etc/make.conf</filename> is also
+ used every time you run <command>make</command>, so it is a good
+ idea to set them to something sensible for your system.</para>
+
+ <para>A typical user will probably want to copy the
+ <makevar>CFLAGS</makevar> and
+ <makevar>NO_PROFILE</makevar> (or <makevar>NOPROFILE</makevar> on
+ &os;&nbsp;5.X and older) lines found in
+ <filename>/usr/share/examples/etc/make.conf</filename>
+ (or in <filename>/etc/defaults/make.conf</filename> on &os;&nbsp;4.X) to
+ <filename>/etc/make.conf</filename> and uncomment them.</para>
+
+ <para>Examine the other definitions (<makevar>COPTFLAGS</makevar>,
+ <makevar>NOPORTDOCS</makevar> and so
+ on) and decide if they are relevant to you.</para>
+ </sect2>
+
+ <sect2>
+ <title>Update the Files in <filename>/etc</filename></title>
+
+ <para>The <filename>/etc</filename> directory contains a large part
+ of your system's configuration information, as well as scripts
+ that are run at system startup. Some of these scripts change from
+ version to version of FreeBSD.</para>
+
+ <para>Some of the configuration files are also used in the day to
+ day running of the system. In particular,
+ <filename>/etc/group</filename>.</para>
+
+ <para>There have been occasions when the installation part of
+ <command>make installworld</command> has expected certain usernames or groups
+ to exist. When performing an upgrade it is likely that these
+ users or groups did not exist. This caused problems when upgrading.
+ In some cases <command>make buildworld</command> will check to see if
+ these users or groups exist.</para>
+
+ <para>A recent example of this is when the
+ <username>smmsp</username> user was added. Users had the
+ installation process fail for them when
+ &man.mtree.8; was trying to create
+ <filename>/var/spool/clientmqueue</filename>.</para>
+
+ <para>The solution is to examine
+ <filename>/usr/src/etc/group</filename> and compare its list of
+ groups with your own. If there are any groups in the new file that
+ are not in your file then copy them over. Similarly, you should
+ rename any groups in <filename>/etc/group</filename> which have
+ the same GID but a different name to those in
+ <filename>/usr/src/etc/group</filename>.</para>
+
+ <para>Since 4.6-RELEASE you can run &man.mergemaster.8; in
+ pre-buildworld mode by providing the <option>-p</option> option.
+ This will compare only those files that are essential for the success
+ of <maketarget>buildworld</maketarget> or
+ <maketarget>installworld</maketarget>. If your old version of
+ <command>mergemaster</command> does not support <option>-p</option>,
+ use the new version in the source tree when running for the first
+ time:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/usr.sbin/mergemaster</userinput>
+&prompt.root; <userinput>./mergemaster.sh -p</userinput></screen>
+
+ <tip>
+ <para>If you are feeling particularly paranoid, you can check your
+ system to see which files are owned by the group you are
+ renaming or deleting:</para>
+
+ <screen>&prompt.root; <userinput>find / -group <replaceable>GID</replaceable> -print</userinput></screen>
+
+ <para>will show all files owned by group
+ <replaceable>GID</replaceable> (which can be either a group name
+ or a numeric group ID).</para>
+ </tip>
+ </sect2>
+
+ <sect2 id="makeworld-singleuser">
+ <title>Drop to Single User Mode</title>
+ <indexterm><primary>single-user mode</primary></indexterm>
+
+ <para>You may want to compile the system in single user mode. Apart
+ from the obvious benefit of making things go slightly faster,
+ reinstalling the system will touch a lot of important system
+ files, all the standard system binaries, libraries, include files
+ and so on. Changing these on a running system (particularly if
+ you have active users on the system at the time) is asking for
+ trouble.</para>
+
+ <indexterm><primary>multi-user mode</primary></indexterm>
+ <para>Another method is to compile the system in multi-user mode, and
+ then drop into single user mode for the installation. If you would
+ like to do it this way, simply hold off on the following steps until
+ the build has completed. You can postpone dropping to single user
+ mode until you have to <maketarget>installkernel</maketarget> or
+ <maketarget>installworld</maketarget>.</para>
+
+ <para>As the superuser, you can execute:</para>
+
+ <screen>&prompt.root; <userinput>shutdown now</userinput></screen>
+
+ <para>from a running system, which will drop it to single user
+ mode.</para>
+
+ <para>Alternatively, reboot the system, and at the boot prompt,
+ enter the <option>-s</option> flag. The system will then boot
+ single user. At the shell prompt you should then run:</para>
+
+ <screen>&prompt.root; <userinput>fsck -p</userinput>
+&prompt.root; <userinput>mount -u /</userinput>
+&prompt.root; <userinput>mount -a -t ufs</userinput>
+&prompt.root; <userinput>swapon -a</userinput></screen>
+
+ <para>This checks the file systems, remounts <filename>/</filename>
+ read/write, mounts all the other UFS file systems referenced in
+ <filename>/etc/fstab</filename> and then turns swapping on.</para>
+
+
+ <note>
+ <para>If your CMOS clock is set to local time and not to GMT
+ (this is true if the output of the &man.date.1; command
+ does not show the correct time and zone),
+ you may also need to run the following command:</para>
+<screen>&prompt.root; <userinput>adjkerntz -i</userinput></screen>
+
+ <para>This will make sure that your local time-zone settings
+ get set up correctly &mdash; without this, you may later run into some
+ problems.
+ </para>
+ </note>
+
+ </sect2>
+
+ <sect2>
+ <title>Remove <filename>/usr/obj</filename></title>
+
+ <para>As parts of the system are rebuilt they are placed in
+ directories which (by default) go under
+ <filename>/usr/obj</filename>. The directories shadow those under
+ <filename>/usr/src</filename>.</para>
+
+ <para>You can speed up the <command>make buildworld</command> process, and
+ possibly save yourself some dependency headaches by removing this
+ directory as well.</para>
+
+ <para>Some files below <filename>/usr/obj</filename> may have the
+ immutable flag set (see &man.chflags.1; for more information)
+ which must be removed first.</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/obj</userinput>
+&prompt.root; <userinput>chflags -R noschg *</userinput>
+&prompt.root; <userinput>rm -rf *</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Recompile the Source</title>
+
+ <sect3>
+ <title>Saving the Output</title>
+
+ <para>It is a good idea to save the output you get from running
+ &man.make.1; to another file. If something goes wrong you will
+ have a copy of the error message. While this might not help you
+ in diagnosing what has gone wrong, it can help others if you post
+ your problem to one of the &os; mailing lists.</para>
+
+ <para>The easiest way to do this is to use the &man.script.1;
+ command, with a parameter that specifies the name of the file to
+ save all output to. You would do this immediately before
+ rebuilding the world, and then type <userinput>exit</userinput>
+ when the process has finished.</para>
+
+ <screen>&prompt.root; <userinput>script /var/tmp/mw.out</userinput>
+Script started, output file is /var/tmp/mw.out
+&prompt.root; <userinput>make TARGET</userinput>
+<emphasis>&hellip; compile, compile, compile &hellip;</emphasis>
+&prompt.root; <userinput>exit</userinput>
+Script done, &hellip;</screen>
+
+ <para>If you do this, <emphasis>do not</emphasis> save the output
+ in <filename>/tmp</filename>. This directory may be cleared
+ next time you reboot. A better place to store it is in
+ <filename>/var/tmp</filename> (as in the previous example) or
+ in <username>root</username>'s home directory.</para>
+ </sect3>
+
+ <sect3 id="make-buildworld">
+ <title>Compile the Base System</title>
+
+ <para>You must be in the <filename>/usr/src</filename>
+ directory:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src</userinput></screen>
+
+ <para>(unless, of course, your source code is elsewhere, in which
+ case change to that directory instead).</para>
+ <indexterm><primary><command>make</command></primary></indexterm>
+
+ <para>To rebuild the world you use the &man.make.1; command. This
+ command reads instructions from the <filename>Makefile</filename>,
+ which describes how the programs that comprise &os; should be
+ rebuilt, the order in which they should be built, and so on.</para>
+
+ <para>The general format of the command line you will type is as
+ follows:</para>
+
+ <screen>&prompt.root; <userinput>make -<replaceable>x</replaceable> -D<replaceable>VARIABLE</replaceable> <replaceable>target</replaceable></userinput></screen>
+
+ <para>In this example, <option>-<replaceable>x</replaceable></option>
+ is an option that you would pass to &man.make.1;. See the
+ &man.make.1; manual page for an example of the options you can
+ pass.</para>
+
+ <para><option>-D<replaceable>VARIABLE</replaceable></option>
+ passes a variable to the <filename>Makefile</filename>. The
+ behavior of the <filename>Makefile</filename> is controlled by
+ these variables. These are the same variables as are set in
+ <filename>/etc/make.conf</filename>, and this provides another
+ way of setting them.</para>
+
+ <screen>&prompt.root; <userinput>make -DNO_PROFILE <replaceable>target</replaceable></userinput></screen>
+
+ <para>is another way of specifying that profiled libraries should
+ not be built, and corresponds with the</para>
+
+ <programlisting>NO_PROFILE= true # Avoid compiling profiled libraries</programlisting>
+
+ <para>line in <filename>/etc/make.conf</filename>.</para>
+
+ <para><replaceable>target</replaceable> tells &man.make.1; what
+ you want to do. Each <filename>Makefile</filename> defines a
+ number of different <quote>targets</quote>, and your choice of
+ target determines what happens.</para>
+
+ <para>Some targets are listed in the
+ <filename>Makefile</filename>, but are not meant for you to run.
+ Instead, they are used by the build process to break out the
+ steps necessary to rebuild the system into a number of
+ sub-steps.</para>
+
+ <para>Most of the time you will not need to pass any parameters to
+ &man.make.1;, and so your command like will look like
+ this:</para>
+
+ <screen>&prompt.root; <userinput>make <replaceable>target</replaceable></userinput></screen>
+
+ <para>Beginning with version 2.2.5 of &os; (actually, it was
+ first created on the &os.current; branch, and then retrofitted to
+ &os.stable; midway between 2.2.2 and 2.2.5) the
+ <maketarget>world</maketarget> target has been split in
+ two: <maketarget>buildworld</maketarget> and
+ <maketarget>installworld</maketarget>. Beginning with version
+ 5.3 of &os; the <maketarget>world</maketarget> target will be changed
+ so it will not work at all by default because it is actually
+ dangerous for most users.</para>
+
+ <para>As the names imply, <maketarget>buildworld</maketarget>
+ builds a complete new tree under <filename>/usr/obj</filename>,
+ and <maketarget>installworld</maketarget> installs this tree on
+ the current machine.</para>
+
+ <para>This is very useful for 2 reasons. First, it allows you
+ to do the build safe in the knowledge that no components of
+ your running system will be affected. The build is
+ <quote>self hosted</quote>. Because of this, you can safely
+ run <maketarget>buildworld</maketarget> on a machine running
+ in multi-user mode with no fear of ill-effects. It is still
+ recommended that you run the
+ <maketarget>installworld</maketarget> part in single user
+ mode, though.</para>
+
+ <para>Secondly, it allows you to use NFS mounts to upgrade
+ multiple machines on your network. If you have three machines,
+ <hostid>A</hostid>, <hostid>B</hostid> and <hostid>C</hostid> that you want to upgrade, run <command>make
+ buildworld</command> and <command>make installworld</command> on
+ <hostid>A</hostid>. <hostid>B</hostid> and <hostid>C</hostid> should then NFS mount <filename>/usr/src</filename>
+ and <filename>/usr/obj</filename> from <hostid>A</hostid>, and you can then run
+ <command>make installworld</command> to install the results of
+ the build on <hostid>B</hostid> and <hostid>C</hostid>.</para>
+
+ <para>Although the <maketarget>world</maketarget> target still exists,
+ you are strongly encouraged not to use it.</para>
+
+ <para>Run</para>
+
+ <screen>&prompt.root; <userinput>make buildworld</userinput></screen>
+
+ <para>It is now possible to specify a <option>-j</option> option to
+ <command>make</command> which will cause it to spawn several
+ simultaneous processes. This is most useful on multi-CPU machines.
+ However, since much of the compiling process is IO bound rather
+ than CPU bound it is also useful on single CPU machines.</para>
+
+ <para>On a typical single-CPU machine you would run:</para>
+
+ <screen>&prompt.root; <userinput>make -j4 buildworld</userinput></screen>
+
+ <para>&man.make.1; will then have up to 4 processes running at any one
+ time. Empirical evidence posted to the mailing lists shows this
+ generally gives the best performance benefit.</para>
+
+ <para>If you have a multi-CPU machine and you are using an SMP
+ configured kernel try values between 6 and 10 and see how they speed
+ things up.</para>
+
+ <para>Be aware that this is still somewhat experimental, and commits
+ to the source tree may occasionally break this feature. If the
+ world fails to compile using this parameter try again without it
+ before you report any problems.</para>
+ </sect3>
+
+ <sect3>
+ <title>Timings</title>
+ <indexterm>
+ <primary>rebuilding <quote>world</quote></primary>
+ <secondary>timings</secondary>
+ </indexterm>
+
+ <para>Many factors influence the build time, but currently a 500&nbsp;MHz
+ &pentium;&nbsp;III with 128&nbsp;MB of RAM takes about 2&nbsp;hours to build
+ the &os.stable; tree, with no tricks or shortcuts used during the
+ process. A &os.current; tree will take somewhat longer.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Compile and Install a New Kernel</title>
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>compiling</secondary>
+ </indexterm>
+
+ <para>To take full advantage of your new system you should recompile the
+ kernel. This is practically a necessity, as certain memory structures
+ may have changed, and programs like &man.ps.1; and &man.top.1; will
+ fail to work until the kernel and source code versions are the
+ same.</para>
+
+ <para>The simplest, safest way to do this is to build and install a
+ kernel based on <filename>GENERIC</filename>. While
+ <filename>GENERIC</filename> may not have all the necessary devices
+ for your system, it should contain everything necessary to boot your
+ system back to single user mode. This is a good test that the new
+ system works properly. After booting from
+ <filename>GENERIC</filename> and verifying that your system works you
+ can then build a new kernel based on your normal kernel configuration
+ file.</para>
+
+ <para>On modern versions of FreeBSD it is important to <link
+ linkend="make-buildworld">build world</link> before building a
+ new kernel.</para>
+
+ <note><para>If you want to build a custom kernel, and already have a configuration
+ file, just use <literal>KERNCONF=<replaceable>MYKERNEL</replaceable></literal>
+ like this:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src</userinput>
+&prompt.root; <userinput>make buildkernel KERNCONF=<replaceable>MYKERNEL</replaceable></userinput>
+&prompt.root; <userinput>make installkernel KERNCONF=<replaceable>MYKERNEL</replaceable></userinput></screen>
+ </note>
+
+ <para>Note that if you have raised <literal>kern.securelevel</literal>
+ above 1 <emphasis>and</emphasis> you have set either the
+ <literal>noschg</literal> or similar flags to your kernel binary, you
+ might find it necessary to drop into single user mode to use
+ <maketarget>installkernel</maketarget>. Otherwise you should be able
+ to run both these commands from multi user mode without
+ problems. See &man.init.8; for details about
+ <literal>kern.securelevel</literal> and &man.chflags.1; for details
+ about the various file flags.</para>
+ </sect2>
+
+ <sect2>
+ <title>Reboot into Single User Mode</title>
+ <indexterm><primary>single-user mode</primary></indexterm>
+
+ <para>You should reboot into single user mode to test the new kernel
+ works. Do this by following the instructions in
+ <xref linkend="makeworld-singleuser">.</para>
+ </sect2>
+
+ <sect2>
+ <title>Install the New System Binaries</title>
+
+ <para>If you were building a version of &os; recent enough to have
+ used <command>make buildworld</command> then you should now use
+ <maketarget>installworld</maketarget> to install the new system
+ binaries.</para>
+
+ <para>Run</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src</userinput>
+&prompt.root; <userinput>make installworld</userinput></screen>
+
+ <note>
+ <para>If you specified variables on the <command>make
+ buildworld</command> command line, you must specify the same
+ variables in the <command>make installworld</command> command
+ line. This does not necessarily hold true for other options;
+ for example, <option>-j</option> must never be used with
+ <maketarget>installworld</maketarget>.</para>
+
+ <para>For example, if you ran:</para>
+
+ <screen>&prompt.root; <userinput>make -DNO_PROFILE buildworld</userinput></screen>
+
+ <para>you must install the results with:</para>
+
+ <screen>&prompt.root; <userinput>make -DNO_PROFILE installworld</userinput></screen>
+
+ <para>otherwise it would try to install profiled libraries that
+ had not been built during the <command>make buildworld</command>
+ phase.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Update Files Not Updated by <command>make installworld</command></title>
+
+ <para>Remaking the world will not update certain directories (in
+ particular, <filename>/etc</filename>, <filename>/var</filename> and
+ <filename>/usr</filename>) with new or changed configuration files.</para>
+
+ <para>The simplest way to update these files is to use
+ &man.mergemaster.8;, though it is possible to do it manually
+ if you would prefer to do that. Regardless of which way you
+ choose, be sure to make a backup of <filename>/etc</filename> in
+ case anything goes wrong.</para>
+
+ <sect3 id="mergemaster">
+ <sect3info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect3info>
+ <title><command>mergemaster</command></title>
+ <indexterm><primary><command>mergemaster</command></primary></indexterm>
+
+ <para>The &man.mergemaster.8; utility is a Bourne script that will
+ aid you in determining the differences between your configuration files
+ in <filename>/etc</filename>, and the configuration files in
+ the source tree <filename>/usr/src/etc</filename>. This is
+ the recommended solution for keeping the system configuration files up to date
+ with those located in the source tree.</para>
+
+ <para>To begin simply type <command>mergemaster</command> at your prompt, and
+ watch it start going. <command>mergemaster</command> will then build a
+ temporary root environment, from <filename>/</filename> down, and populate
+ it with various system configuration files. Those files are then compared
+ to the ones currently installed in your system. At this point, files that
+ differ will be shown in &man.diff.1; format, with the <option>+</option> sign
+ representing added or modified lines, and <option>-</option> representing
+ lines that will be either removed completely, or replaced with a new line.
+ See the &man.diff.1; manual page for more information about the &man.diff.1;
+ syntax and how file differences are shown.</para>
+
+ <para>&man.mergemaster.8; will then show you each file that displays variances,
+ and at this point you will have the option of either deleting the new file (referred
+ to as the temporary file), installing the temporary file in its unmodified state,
+ merging the temporary file with the currently installed file, or viewing the
+ &man.diff.1; results again.</para>
+
+ <para>Choosing to delete the temporary file will tell &man.mergemaster.8; that we
+ wish to keep our current file unchanged, and to delete the new version.
+ This option is not recommended, unless you see no
+ reason to change the current file. You can get help at any time by
+ typing <keycap>?</keycap> at the &man.mergemaster.8; prompt. If the user
+ chooses to skip a file, it will be presented again after all other files
+ have been dealt with.</para>
+
+ <para>Choosing to install the unmodified temporary file will replace the
+ current file with the new one. For most unmodified files, this is the best
+ option.</para>
+
+ <para>Choosing to merge the file will present you with a text editor,
+ and the contents of both files. You can now merge them by
+ reviewing both files side by side on the screen, and choosing parts from
+ both to create a finished product. When the files are compared side by side,
+ the <keycap>l</keycap> key will select the left contents and the
+ <keycap>r</keycap> key will select contents from your right.
+ The final output will be a file consisting of both parts, which can then be
+ installed. This option is customarily used for files where settings have been
+ modified by the user.</para>
+
+ <para>Choosing to view the &man.diff.1; results again will show you the file differences
+ just like &man.mergemaster.8; did before prompting you for an option.</para>
+
+ <para>After &man.mergemaster.8; is done with the system files you will be
+ prompted for other options. &man.mergemaster.8; may ask if you want to rebuild
+ the password file and/or run &man.MAKEDEV.8; if you run a FreeBSD version prior to 5.0, and will finish up with an option to
+ remove left-over temporary files.</para>
+ </sect3>
+
+ <sect3>
+ <title>Manual Update</title>
+
+ <para>If you wish to do the update manually, however,
+ you cannot just copy over the files from
+ <filename>/usr/src/etc</filename> to <filename>/etc</filename> and
+ have it work. Some of these files must be <quote>installed</quote>
+ first. This is because the <filename>/usr/src/etc</filename>
+ directory <emphasis>is not</emphasis> a copy of what your
+ <filename>/etc</filename> directory should look like. In addition,
+ there are files that should be in <filename>/etc</filename> that are
+ not in <filename>/usr/src/etc</filename>.</para>
+
+ <para>If you are using &man.mergemaster.8; (as recommended),
+ you can skip forward to the <link linkend="update-dev">next
+ section</link>.</para>
+
+ <para>The simplest way to do this by hand is to install the
+ files into a new directory, and then work through them looking
+ for differences.</para>
+
+ <warning>
+ <title>Backup Your Existing <filename>/etc</filename></title>
+
+ <para>Although, in theory, nothing is going to touch this directory
+ automatically, it is always better to be sure. So copy your
+ existing <filename>/etc</filename> directory somewhere safe.
+ Something like:</para>
+
+ <screen>&prompt.root; <userinput>cp -Rp /etc /etc.old</userinput></screen>
+
+ <para><option>-R</option> does a recursive copy, <option>-p</option>
+ preserves times, ownerships on files and suchlike.</para>
+ </warning>
+
+ <para>You need to build a dummy set of directories to install the new
+ <filename>/etc</filename> and other files into.
+ <filename>/var/tmp/root</filename> is a reasonable choice, and
+ there are a number of subdirectories required under this as
+ well.</para>
+
+ <screen>&prompt.root; <userinput>mkdir /var/tmp/root</userinput>
+&prompt.root; <userinput>cd /usr/src/etc</userinput>
+&prompt.root; <userinput>make DESTDIR=/var/tmp/root distrib-dirs distribution</userinput></screen>
+
+ <para>This will build the necessary directory structure and install the
+ files. A lot of the subdirectories that have been created under
+ <filename>/var/tmp/root</filename> are empty and should be deleted.
+ The simplest way to do this is to:</para>
+
+ <screen>&prompt.root; <userinput>cd /var/tmp/root</userinput>
+&prompt.root; <userinput>find -d . -type d | xargs rmdir 2&gt;/dev/null</userinput></screen>
+
+ <para>This will remove all empty directories. (Standard error is
+ redirected to <filename>/dev/null</filename> to prevent the warnings
+ about the directories that are not empty.)</para>
+
+ <para><filename>/var/tmp/root</filename> now contains all the files that
+ should be placed in appropriate locations below
+ <filename>/</filename>. You now have to go through each of these
+ files, determining how they differ with your existing files.</para>
+
+ <para>Note that some of the files that will have been installed in
+ <filename>/var/tmp/root</filename> have a leading <quote>.</quote>. At the
+ time of writing the only files like this are shell startup files in
+ <filename>/var/tmp/root/</filename> and
+ <filename>/var/tmp/root/root/</filename>, although there may be others
+ (depending on when you are reading this). Make sure you use
+ <command>ls -a</command> to catch them.</para>
+
+ <para>The simplest way to do this is to use &man.diff.1; to compare the
+ two files:</para>
+
+ <screen>&prompt.root; <userinput>diff /etc/shells /var/tmp/root/etc/shells</userinput></screen>
+
+ <para>This will show you the differences between your
+ <filename>/etc/shells</filename> file and the new
+ <filename>/var/tmp/root/etc/shells</filename> file. Use these to decide whether to
+ merge in changes that you have made or whether to copy over your old
+ file.</para>
+
+ <tip>
+ <title>Name the New Root Directory
+ (<filename>/var/tmp/root</filename>) with a Time Stamp, so You Can
+ Easily Compare Differences Between Versions</title>
+
+ <para>Frequently rebuilding the world means that you have to update
+ <filename>/etc</filename> frequently as well, which can be a bit of
+ a chore.</para>
+
+ <para>You can speed this process up by keeping a copy of the last set
+ of changed files that you merged into <filename>/etc</filename>.
+ The following procedure gives one idea of how to do this.</para>
+
+ <procedure>
+ <step>
+ <para>Make the world as normal. When you want to update
+ <filename>/etc</filename> and the other directories, give the
+ target directory a name based on the current date. If you were
+ doing this on the 14th of February 1998 you could do the
+ following:</para>
+
+ <screen>&prompt.root; <userinput>mkdir /var/tmp/root-19980214</userinput>
+&prompt.root; <userinput>cd /usr/src/etc</userinput>
+&prompt.root; <userinput>make DESTDIR=/var/tmp/root-19980214 \
+ distrib-dirs distribution</userinput></screen>
+ </step>
+
+ <step>
+ <para>Merge in the changes from this directory as outlined
+ above.</para>
+
+ <para><emphasis>Do not</emphasis> remove the
+ <filename>/var/tmp/root-19980214</filename> directory when you
+ have finished.</para>
+ </step>
+
+ <step>
+ <para>When you have downloaded the latest version of the source
+ and remade it, follow step 1. This will give you a new
+ directory, which might be called
+ <filename>/var/tmp/root-19980221</filename> (if you wait a week
+ between doing updates).</para>
+ </step>
+
+ <step>
+ <para>You can now see the differences that have been made in the
+ intervening week using &man.diff.1; to create a recursive diff
+ between the two directories:</para>
+
+ <screen>&prompt.root; <userinput>cd /var/tmp</userinput>
+&prompt.root; <userinput>diff -r root-19980214 root-19980221</userinput></screen>
+
+ <para>Typically, this will be a much smaller set of differences
+ than those between
+ <filename>/var/tmp/root-19980221/etc</filename> and
+ <filename>/etc</filename>. Because the set of differences is
+ smaller, it is easier to migrate those changes across into your
+ <filename>/etc</filename> directory.</para>
+ </step>
+
+ <step>
+ <para>You can now remove the older of the two
+ <filename>/var/tmp/root-*</filename> directories:</para>
+
+ <screen>&prompt.root; <userinput>rm -rf /var/tmp/root-19980214</userinput></screen>
+ </step>
+
+ <step>
+ <para>Repeat this process every time you need to merge in changes
+ to <filename>/etc</filename>.</para>
+ </step>
+ </procedure>
+
+ <para>You can use &man.date.1; to automate the generation of the
+ directory names:</para>
+
+ <screen>&prompt.root; <userinput>mkdir /var/tmp/root-`date "+%Y%m%d"`</userinput></screen>
+ </tip>
+ </sect3>
+ </sect2>
+
+ <sect2 id="update-dev">
+ <title>Update <filename>/dev</filename></title>
+
+ <note>
+ <indexterm><primary>DEVFS</primary></indexterm>
+ <para>If you are running FreeBSD&nbsp;5.0 or later you can safely
+ skip this section. These versions use &man.devfs.5; to
+ allocate device nodes transparently for the user.</para>
+ </note>
+
+ <para>In most cases, the &man.mergemaster.8; tool will realize when
+ it is necessary to update the device nodes, and offer to complete it
+ automatically. These instructions tell how to update the device
+ nodes manually.</para>
+
+ <para>For safety's sake, this is a multi-step process.</para>
+
+ <procedure>
+ <step>
+ <para>Copy <filename>/var/tmp/root/dev/MAKEDEV</filename> to
+ <filename>/dev</filename>:</para>
+
+ <screen>&prompt.root; <userinput>cp /var/tmp/root/dev/MAKEDEV /dev</userinput></screen>
+ <indexterm>
+ <primary><filename>MAKEDEV</filename></primary>
+ </indexterm>
+
+ <para>If you used &man.mergemaster.8; to
+ update <filename>/etc</filename>, then your
+ <filename>MAKEDEV</filename> script should have been updated
+ already, though it cannot hurt to check (with &man.diff.1;)
+ and copy it manually if necessary.</para>
+ </step>
+
+ <step>
+ <para>Now, take a snapshot of your current
+ <filename>/dev</filename>. This snapshot needs to contain the
+ permissions, ownerships, major and minor numbers of each filename,
+ but it should not contain the time stamps. The easiest way to do
+ this is to use &man.awk.1; to strip out some of the
+ information:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>ls -l | awk '{print $1, $2, $3, $4, $5, $6, $NF}' > /var/tmp/dev.out</userinput></screen>
+ </step>
+
+ <step>
+ <para>Remake all the device nodes:</para>
+
+ <screen>&prompt.root; <userinput>sh MAKEDEV all</userinput></screen>
+ </step>
+
+ <step>
+ <para>Write another snapshot of the directory, this time to
+ <filename>/var/tmp/dev2.out</filename>. Now look through these
+ two files for any device node that you missed creating. There should
+ not be any, but it is better to be safe than sorry.</para>
+
+ <screen>&prompt.root; <userinput>diff /var/tmp/dev.out /var/tmp/dev2.out</userinput></screen>
+
+ <para>You are most likely to notice disk slice discrepancies which
+ will involve commands such as:</para>
+
+ <screen>&prompt.root; <userinput>sh MAKEDEV sd0s1</userinput></screen>
+
+ <para>to recreate the slice entries. Your precise circumstances may
+ vary.</para>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2>
+ <title>Update <filename>/stand</filename></title>
+
+ <note>
+ <para>This step is included only for completeness. It can safely be
+ omitted. If you are using FreeBSD&nbsp;5.2 or later, the
+ <filename>/rescue</filename> directory is automatically updated
+ for the user with current, statically compiled binaries during
+ <command>make installworld</command>, thus obsoleting the need
+ to update <filename>/stand</filename> (which does not exist at
+ all on &os;&nbsp;6.0 and later).</para>
+ </note>
+
+ <para>For the sake of completeness, you may want to update the files in
+ <filename>/stand</filename> as well. These files consist of hard
+ links to the <filename>/stand/sysinstall</filename> binary. This
+ binary should be statically linked, so that it can work when no other
+ file systems (and in particular <filename>/usr</filename>) have been
+ mounted.</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/release/sysinstall</userinput>
+&prompt.root; <userinput>make all install</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Rebooting</title>
+
+ <para>You are now done. After you have verified that everything appears
+ to be in the right place you can reboot the system. A simple
+ &man.shutdown.8; should do it:</para>
+
+ <screen>&prompt.root; <userinput>shutdown -r now</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Finished</title>
+
+ <para>You should now have successfully upgraded your &os; system.
+ Congratulations.</para>
+
+ <para>If things went slightly wrong, it is easy to rebuild a particular
+ piece of the system. For example, if you accidentally deleted
+ <filename>/etc/magic</filename> as part of the upgrade or merge of
+ <filename>/etc</filename>, the &man.file.1; command will stop working.
+ In this case, the fix would be to run:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/usr.bin/file</userinput>
+&prompt.root; <userinput>make all install</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Questions</title>
+
+ <qandaset>
+ <qandaentry>
+ <question>
+ <para>Do I need to re-make the world for every change?</para>
+ </question>
+
+ <answer>
+ <para>There is no easy answer to this one, as it depends on the
+ nature of the change. For example, if you just ran <application>CVSup</application>, and
+ it has shown the following files as being updated:</para>
+
+ <screen><filename>src/games/cribbage/instr.c</filename>
+<filename>src/games/sail/pl_main.c</filename>
+<filename>src/release/sysinstall/config.c</filename>
+<filename>src/release/sysinstall/media.c</filename>
+<filename>src/share/mk/bsd.port.mk</filename></screen>
+
+ <para>it probably is not worth rebuilding the entire world.
+ You could just go to the appropriate sub-directories and
+ <command>make all install</command>, and that's about it. But
+ if something major changed, for example
+ <filename>src/lib/libc/stdlib</filename> then you should either
+ re-make the world, or at least those parts of it that are
+ statically linked (as well as anything else you might have added
+ that is statically linked).</para>
+
+ <para>At the end of the day, it is your call. You might be happy
+ re-making the world every fortnight say, and let changes
+ accumulate over that fortnight. Or you might want to re-make
+ just those things that have changed, and be confident you can
+ spot all the dependencies.</para>
+
+ <para>And, of course, this all depends on how often you want to
+ upgrade, and whether you are tracking &os.stable; or
+ &os.current;.</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>My compile failed with lots of signal 11 (or other signal
+ number) errors. What has happened?</para>
+ </question>
+ <indexterm><primary>signal 11</primary></indexterm>
+
+ <answer>
+
+ <para>This is normally indicative of hardware problems.
+ (Re)making the world is an effective way to stress test your
+ hardware, and will frequently throw up memory problems. These
+ normally manifest themselves as the compiler mysteriously dying
+ on receipt of strange signals.</para>
+
+ <para>A sure indicator of this is if you can restart the make and
+ it dies at a different point in the process.</para>
+
+ <para>In this instance there is little you can do except start
+ swapping around the components in your machine to determine
+ which one is failing.</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>Can I remove <filename>/usr/obj</filename> when I have
+ finished?</para>
+ </question>
+
+ <answer>
+ <para>The short answer is yes.</para>
+
+ <para><filename>/usr/obj</filename> contains all the object files
+ that were produced during the compilation phase. Normally, one
+ of the first steps in the <command>make buildworld</command> process is to
+ remove this directory and start afresh. In this case, keeping
+ <filename>/usr/obj</filename> around after you have finished
+ makes little sense, and will free up a large chunk of disk space
+ (currently about 340&nbsp;MB).</para>
+
+ <para>However, if you know what you are doing you can have
+ <command>make buildworld</command> skip this step. This will make subsequent
+ builds run much faster, since most of sources will not need to
+ be recompiled. The flip side of this is that subtle dependency
+ problems can creep in, causing your build to fail in odd ways.
+ This frequently generates noise on the &os; mailing lists,
+ when one person complains that their build has failed, not
+ realizing that it is because they have tried to cut
+ corners.</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>Can interrupted builds be resumed?</para>
+ </question>
+
+ <answer>
+ <para>This depends on how far through the process you got before
+ you found a problem.</para>
+
+ <para><emphasis>In general</emphasis> (and this is not a hard and
+ fast rule) the <command>make buildworld</command> process builds new
+ copies of essential tools (such as &man.gcc.1;, and
+ &man.make.1;) and the system libraries. These tools and
+ libraries are then installed. The new tools and libraries are
+ then used to rebuild themselves, and are installed again. The
+ entire system (now including regular user programs, such as
+ &man.ls.1; or &man.grep.1;) is then rebuilt with the new
+ system files.</para>
+
+ <para>If you are at the last stage, and you know it (because you
+ have looked through the output that you were storing) then you
+ can (fairly safely) do:</para>
+
+ <screen><emphasis>&hellip; fix the problem &hellip;</emphasis>
+&prompt.root; <userinput>cd /usr/src</userinput>
+&prompt.root; <userinput>make -DNO_CLEAN all</userinput></screen>
+
+ <note><para>On &os;&nbsp;5.X and older, use
+ <makevar>-DNOCLEAN</makevar> instead.</para></note>
+
+ <para>This will not undo the work of the previous
+ <command>make buildworld</command>.</para>
+
+ <para>If you see the message:</para>
+
+ <screen>--------------------------------------------------------------
+Building everything..
+--------------------------------------------------------------</screen>
+
+ <para>in the <command>make buildworld</command> output then it is
+ probably fairly safe to do so.</para>
+
+ <para>If you do not see that message, or you are not sure, then it
+ is always better to be safe than sorry, and restart the build
+ from scratch.</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>How can I speed up making the world?</para>
+ </question>
+
+ <answer>
+ <itemizedlist>
+ <listitem>
+ <para>Run in single user mode.</para>
+ </listitem>
+
+ <listitem>
+ <para>Put the <filename>/usr/src</filename> and
+ <filename>/usr/obj</filename> directories on separate
+ file systems held on separate disks. If possible, put these
+ disks on separate disk controllers.</para>
+ </listitem>
+
+ <listitem>
+ <para>Better still, put these file systems across multiple
+ disks using the &man.ccd.4; (concatenated disk
+ driver) device.</para>
+ </listitem>
+
+ <listitem>
+ <para>Turn off profiling (set <quote>NO_PROFILE=true</quote> in
+ <filename>/etc/make.conf</filename>). You almost certainly
+ do not need it.</para>
+ </listitem>
+
+ <listitem>
+ <para>Also in <filename>/etc/make.conf</filename>, set
+ <makevar>CFLAGS</makevar> to something like <option>-O
+ -pipe</option>. The optimization <option>-O2</option> is much
+ slower, and the optimization difference between
+ <option>-O</option> and <option>-O2</option> is normally
+ negligible. <option>-pipe</option> lets the compiler use
+ pipes rather than temporary files for communication, which
+ saves disk access (at the expense of memory).</para>
+ </listitem>
+
+ <listitem>
+ <para>Pass the <option>-j<replaceable>n</replaceable></option> option to &man.make.1; to
+ run multiple processes in parallel. This usually helps
+ regardless of whether you have a single or a multi processor
+ machine.</para>
+ </listitem>
+
+ <listitem><para>The file system holding
+ <filename>/usr/src</filename> can be mounted (or remounted)
+ with the <option>noatime</option> option. This prevents the
+ file system from recording the file access time. You probably
+ do not need this information anyway.</para>
+
+ <screen>&prompt.root; <userinput>mount -u -o noatime /usr/src</userinput></screen>
+
+ <warning>
+ <para>The example assumes <filename>/usr/src</filename> is
+ on its own file system. If it is not (if it is a part of
+ <filename>/usr</filename> for example) then you will
+ need to use that file system mount point, and not
+ <filename>/usr/src</filename>.</para>
+ </warning>
+ </listitem>
+
+ <listitem>
+ <para>The file system holding <filename>/usr/obj</filename> can
+ be mounted (or remounted) with the <option>async</option>
+ option. This causes disk writes to happen asynchronously.
+ In other words, the write completes immediately, and the
+ data is written to the disk a few seconds later. This
+ allows writes to be clustered together, and can be a
+ dramatic performance boost.</para>
+
+ <warning>
+ <para>Keep in mind that this option makes your file system
+ more fragile. With this option there is an increased
+ chance that, should power fail, the file system will be in
+ an unrecoverable state when the machine restarts.</para>
+
+ <para>If <filename>/usr/obj</filename> is the only thing on
+ this file system then it is not a problem. If you have
+ other, valuable data on the same file system then ensure
+ your backups are fresh before you enable this
+ option.</para>
+ </warning>
+
+ <screen>&prompt.root; <userinput>mount -u -o async /usr/obj</userinput></screen>
+
+ <warning>
+ <para>As above, if <filename>/usr/obj</filename> is not on
+ its own file system, replace it in the example with the
+ name of the appropriate mount point.</para>
+ </warning>
+ </listitem>
+ </itemizedlist>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>What do I do if something goes wrong?</para>
+ </question>
+
+ <answer>
+ <para>Make absolutely sure your environment has no
+ extraneous cruft from earlier builds. This is simple
+ enough.</para>
+
+ <screen>&prompt.root; <userinput>chflags -R noschg /usr/obj/usr</userinput>
+&prompt.root; <userinput>rm -rf /usr/obj/usr</userinput>
+&prompt.root; <userinput>cd /usr/src</userinput>
+&prompt.root; <userinput>make cleandir</userinput>
+&prompt.root; <userinput>make cleandir</userinput></screen>
+
+ <para>Yes, <command>make cleandir</command> really should
+ be run twice.</para>
+
+ <para>Then restart the whole process, starting
+ with <command>make buildworld</command>.</para>
+
+ <para>If you still have problems, send the error and the
+ output of <command>uname -a</command> to &a.questions;.
+ Be prepared to answer other questions about your
+ setup!</para>
+ </answer>
+ </qandaentry>
+ </qandaset>
+ </sect2>
+ </sect1>
+
+ <sect1 id="small-lan">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Mike</firstname>
+ <surname>Meyer</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Tracking for Multiple Machines</title>
+ <indexterm>
+ <primary>NFS</primary>
+ <secondary>installing multiple machines</secondary>
+ </indexterm>
+
+ <para>If you have multiple machines that you want to track the
+ same source tree, then having all of them download sources and
+ rebuild everything seems like a waste of resources: disk space,
+ network bandwidth, and CPU cycles. It is, and the solution is
+ to have one machine do most of the work, while the rest of the
+ machines mount that work via NFS. This section outlines a
+ method of doing so.</para>
+
+ <sect2 id="small-lan-preliminaries">
+ <title>Preliminaries</title>
+
+ <para>First, identify a set of machines that is going to run
+ the same set of binaries, which we will call a
+ <emphasis>build set</emphasis>. Each machine can have a
+ custom kernel, but they will be running the same userland
+ binaries. From that set, choose a machine to be the
+ <emphasis>build machine</emphasis>. It is going to be the
+ machine that the world and kernel are built on. Ideally, it
+ should be a fast machine that has sufficient spare CPU to
+ run <command>make buildworld</command> and
+ <command>make buildkernel</command>. You will also want to
+ choose a machine to be the <emphasis>test
+ machine</emphasis>, which will test software updates before they
+ are put into production. This <emphasis>must</emphasis> be a
+ machine that you can afford to have down for an extended
+ period of time. It can be the build machine, but need not be.</para>
+
+ <para>All the machines in this build set need to mount
+ <filename>/usr/obj</filename> and
+ <filename>/usr/src</filename> from the same machine, and at
+ the same point. Ideally, those are on two different drives
+ on the build machine, but they can be NFS mounted on that machine
+ as well. If you have multiple build sets,
+ <filename>/usr/src</filename> should be on one build machine, and
+ NFS mounted on the rest.</para>
+
+ <para>Finally make sure that
+ <filename>/etc/make.conf</filename> on all the machines in
+ the build set agrees with the build machine. That means that
+ the build machine must build all the parts of the base
+ system that any machine in the build set is going to
+ install. Also, each build machine should have its kernel
+ name set with <makevar>KERNCONF</makevar> in
+ <filename>/etc/make.conf</filename>, and the build machine
+ should list them all in <makevar>KERNCONF</makevar>, listing
+ its own kernel first. The build machine must have the kernel
+ configuration files for each machine in
+ <filename>/usr/src/sys/<replaceable>arch</replaceable>/conf</filename>
+ if it is going to build their kernels.</para>
+ </sect2>
+
+ <sect2>
+ <title>The Base System</title>
+
+ <para>Now that all that is done, you are ready to build
+ everything. Build the kernel and world as described in <xref
+ linkend="make-buildworld"> on the build machine,
+ but do not install anything. After the build has finished, go
+ to the test machine, and install the kernel you just
+ built. If this machine mounts <filename>/usr/src</filename>
+ and <filename>/usr/obj</filename> via NFS, when you reboot
+ to single user you will need to enable the network and mount
+ them. The easiest way to do this is to boot to multi-user,
+ then run <command>shutdown now</command> to go to single user
+ mode. Once there, you can install the new kernel and world and run
+ <command>mergemaster</command> just as you normally would. When
+ done, reboot to return to normal multi-user operations for this
+ machine.</para>
+
+ <para>After you are certain that everything on the test
+ machine is working properly, use the same procedure to
+ install the new software on each of the other machines in
+ the build set.</para>
+ </sect2>
+
+ <sect2>
+ <title>Ports</title>
+
+ <para>The same ideas can be used for the ports tree. The first
+ critical step is mounting <filename>/usr/ports</filename> from
+ the same machine to all the machines in the build set. You can
+ then set up <filename>/etc/make.conf</filename> properly to share
+ distfiles. You should set <makevar>DISTDIR</makevar> to a
+ common shared directory that is writable by whichever user
+ <username>root</username> is mapped to by your NFS mounts. Each
+ machine should set <makevar>WRKDIRPREFIX</makevar> to a
+ local build directory. Finally, if you are going to be
+ building and distributing packages, you should set
+ <makevar>PACKAGES</makevar> to a directory similar to
+ <makevar>DISTDIR</makevar>.</para>
+ </sect2>
+ </sect1>
+</chapter>
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/handbook/desktop/Makefile b/zh_TW.Big5/books/handbook/desktop/Makefile
new file mode 100644
index 0000000000..6dd222f080
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/desktop/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= desktop/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/desktop/chapter.sgml b/zh_TW.Big5/books/handbook/desktop/chapter.sgml
new file mode 100644
index 0000000000..9c14ac7352
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/desktop/chapter.sgml
@@ -0,0 +1,1107 @@
+<!--
+ The FreeBSD Documentation Project
+ $FreeBSD$
+-->
+
+<chapter id="desktop">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Christophe</firstname>
+ <surname>Juniet</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Desktop Applications</title>
+
+ <sect1 id="desktop-synopsis">
+ <title>Synopsis</title>
+
+ <para>FreeBSD can run a wide variety of desktop applications, such
+ as browsers and word processors. Most of these are available as
+ packages or can be automatically built from the ports
+ collection. Many new users expect to find these kinds of
+ applications on their desktop. This chapter will show you how
+ to install some popular desktop applications effortlessly,
+ either from their packages or from the Ports Collection.</para>
+
+ <para>Note that when installing programs from the ports, they are
+ compiled from source. This can take a very long time, depending
+ on what you are compiling and the processing power of your
+ machine(s). If building from source takes a prohibitively long
+ amount of time for you, you can install most of the programs of
+ the Ports Collection from pre-built packages.</para>
+
+ <para>As FreeBSD features Linux binary compatibility, many
+ applications originally developed for Linux are available for
+ your desktop. It is strongly recommended that you read
+ <xref linkend="linuxemu"> before installing any of the Linux
+ applications. Many of the ports using the Linux binary
+ compatibility start with <quote>linux-</quote>. Remember this
+ when you search for a particular port, for instance with
+ &man.whereis.1;. In the following text, it is assumed that you
+ have enabled Linux binary compatibility before installing any of
+ the Linux applications.</para>
+
+ <para>Here are the categories covered by this chapter:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Browsers (such as <application>Mozilla</application>,
+ <application>Opera</application>,
+ <application>Firefox</application>,
+ <application>Konqueror</application>)</para>
+ </listitem>
+
+ <listitem>
+ <para>Productivity (such as
+ <application>KOffice</application>,
+ <application>AbiWord</application>,
+ <application>The GIMP</application>,
+ <application>OpenOffice.org</application>)</para>
+ </listitem>
+
+ <listitem>
+ <para>Document Viewers (such as <application>&acrobat.reader;</application>,
+ <application>gv</application>,
+ <application>Xpdf</application>,
+ <application>GQview</application>)</para>
+ </listitem>
+
+ <listitem>
+ <para>Finance (such as
+ <application>GnuCash</application>,
+ <application>Gnumeric</application>,
+ <application>Abacus</application>)</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Know how to install additional third-party software
+ (<xref linkend="ports">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Know how to install additional Linux software
+ (<xref linkend="linuxemu">).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>For information on how to get a multimedia environment, read
+ <xref linkend="multimedia">. If you want to set up and use
+ electronic mail, please refer to <xref linkend="mail">.</para>
+ </sect1>
+
+ <sect1 id="desktop-browsers">
+ <title>Browsers</title>
+
+ <indexterm>
+ <primary>browsers</primary>
+ <secondary>web</secondary>
+ </indexterm>
+
+ <para>FreeBSD does not come with a particular browser
+ pre-installed. Instead, the
+ <ulink url="http://www.FreeBSD.org/ports/www.html">www</ulink>
+ directory of the Ports Collection contains a lot of browsers
+ ready to be installed. If you do not have time to compile
+ everything (this can take a very long time in some cases) many
+ of them are available as packages.</para>
+
+ <para><application>KDE</application> and
+ <application>GNOME</application> already provide HTML browsers.
+ Please refer to <xref linkend="x11-wm"> for more information on
+ how to set up these complete desktops.</para>
+
+ <para>If you are looking for light-weight browsers, you should
+ investigate the Ports Collection for
+ <filename role="package">www/dillo</filename>,
+ <filename role="package">www/links</filename>, or
+ <filename role="package">www/w3m</filename>.</para>
+
+ <para>This section covers these applications:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>Application Name</entry>
+ <entry>Resources Needed</entry>
+ <entry>Installation from Ports</entry>
+ <entry>Major Dependencies</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><application>Mozilla</application></entry>
+ <entry>heavy</entry>
+ <entry>heavy</entry>
+ <entry><application>Gtk+</application></entry>
+ </row>
+
+ <row>
+ <entry><application>Opera</application></entry>
+ <entry>light</entry>
+ <entry>light</entry>
+ <entry>FreeBSD and Linux versions available. The Linux
+ version depends on the Linux Binary Compatibility and
+ <application>linux-openmotif</application>.</entry>
+ </row>
+
+ <row>
+ <entry><application>Firefox</application></entry>
+ <entry>medium</entry>
+ <entry>heavy</entry>
+ <entry><application>Gtk+</application></entry>
+ </row>
+
+ <row>
+ <entry><application>Konqueror</application></entry>
+ <entry>medium</entry>
+ <entry>heavy</entry>
+ <entry><application>KDE</application> Libraries</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <sect2>
+ <title>Mozilla</title>
+ <indexterm>
+ <primary><application>Mozilla</application></primary>
+ </indexterm>
+
+ <para><application>Mozilla</application> is perhaps the most
+ suitable browser for your FreeBSD Desktop. It is modern,
+ stable, and fully ported to FreeBSD. It features a very
+ standards-compliant HTML display engine. It provides a mail
+ and news reader. It even has a HTML composer if you plan to
+ write some web pages yourself. Users of
+ <application>&netscape;</application> will recognize the
+ similarities with <application>Communicator</application>
+ suite, as both browsers shared the same basis.</para>
+
+ <para>On slow machines, with a CPU speed less than 233MHz or
+ with less than 64MB of RAM, <application>Mozilla</application>
+ can be too resource-consuming to be fully usable. You may
+ want to look at the <application>Opera</application> browser
+ instead, described a little later in this chapter.</para>
+
+ <para>If you cannot or do not want to compile
+ <application>Mozilla</application> for any reason, the FreeBSD
+ GNOME team has already done this for you. Just install the
+ package from the network by:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r mozilla</userinput></screen>
+
+ <para>If the package is not available, and you have enough time
+ and disk space, you can get the source for
+ <application>Mozilla</application>, compile it and install it
+ on your system. This is accomplished by:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/www/mozilla</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>The <application>Mozilla</application> port ensures a
+ correct initialization by running the chrome registry setup
+ with <username>root</username> privileges. However, if you
+ want to fetch some add-ons like mouse gestures, you must run
+ <application>Mozilla</application> as
+ <username>root</username> to get them properly
+ installed.</para>
+
+ <para>Once you have completed the installation of
+ <application>Mozilla</application>, you do not need to be
+ <username>root</username> any longer. You can start
+ <application>Mozilla</application> as a browser by typing:</para>
+
+ <screen>&prompt.user; <userinput>mozilla</userinput></screen>
+
+ <para>You can start it directly as a mail and news reader as
+ shown below:</para>
+
+ <screen>&prompt.user; <userinput>mozilla -mail</userinput></screen>
+ </sect2>
+
+ <sect2 id="moz-java-plugin">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Mozilla and &java; plugin</title>
+
+ <para>Installing <application>Mozilla</application> is simple, but
+ unfortunately installing <application>Mozilla</application> with
+ support for add-ons like &java; and
+ &macromedia; &flash;
+ consumes both time and disk
+ space.</para>
+
+ <para>The first thing is to download the files which will be used
+ with <application>Mozilla</application>. Take your current web
+ browser up to
+ <ulink url="http://www.sun.com/software/java2/download.html"></ulink> and
+ create an account on their website. Remember to save the username
+ and password from here as it may be needed in the future. Download
+ the <filename>jdk-1_5_0-bin-scsl.zip</filename> (JDK 5.0
+ SCSL Binaries) and <filename>jdk-1_5_0-src-scsl.zip</filename> (JDK 5.0
+ SCSL Source) files and place them in
+ <filename>/usr/ports/distfiles</filename> as the port will not
+ fetch them automatically. This is due to license restrictions. While
+ we are here, download the <quote>java environment</quote> from
+ <ulink url="http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22&amp;PartDetailId=j2sdk-1.4.2_08-oth-JPR&amp;SiteId=JSC&amp;TransactionId=noreg"></ulink>.
+ The filename is <filename>j2sdk-1_4_2_08-linux-i586.bin</filename>.
+ Like before, this file must be placed into
+ <filename>/usr/ports/distfiles</filename>. Download a copy
+ of the <quote>java patchkit</quote> from
+ <ulink url="http://www.eyesbeyond.com/freebsddom/java/jdk15.html"></ulink>
+ and place it
+ into <filename>/usr/ports/distfiles</filename>. Finally, install the
+ <filename role="package">java/jdk15</filename> port
+ with the standard <command>make install clean</command>.</para>
+
+ <para>Start <application>Mozilla</application> and access the
+ <guimenuitem>About Plug-ins</guimenuitem> option from the
+ <guimenu>Help</guimenu> menu. <application>&java;</application>
+ plugin should be listed there now.</para>
+
+ </sect2>
+
+ <sect2 id="moz-flash-plugin">
+
+ <title>Mozilla and &macromedia; &flash; plugin</title>
+
+ <para>&macromedia; &flash; plugin is not available for &os;. However,
+ a software layer (wrapper) for running the Linux version of the plugin
+ exists. This wrapper also supports &adobe; &acrobat; plugin,
+ RealPlayer plugin and more.</para>
+
+ <para>Install the <filename role="package">www/linuxpluginwrapper</filename>
+ port. This port requires
+ <filename role="package">emulators/linux_base</filename> which is a
+ large port. Follow the instructions displayed by the port to set up
+ your <filename>/etc/libmap.conf</filename> correctly! Example
+ configurations are installed into
+ <filename>/usr/local/share/examples/linuxpluginwrapper/</filename>
+ directory.</para>
+
+ <para>Install the <filename role="package">www/mozilla</filename> port,
+ if <application>Mozilla</application> is not already installed.</para>
+
+ <para>Now just start <application>Mozilla</application> with:</para>
+
+ <screen>&prompt.user; <userinput>mozilla &amp;</userinput></screen>
+
+ <para>And access the <guimenuitem>About Plug-ins</guimenuitem> option from the
+ <guimenu>Help</guimenu> menu. A list should appear with all the currently
+ available plugins.</para>
+
+ <note>
+ <para>The <application>linuxpluginwrapper</application> only works on
+ the &i386; system architecture.</para>
+ </note>
+
+ </sect2>
+
+ <sect2>
+ <title>Opera</title>
+ <indexterm>
+ <primary><application>Opera</application></primary>
+ </indexterm>
+
+ <para><application>Opera</application> is a very fast,
+ full-featured, and standards-compliant browser. It comes in
+ two favors: a <quote>native</quote> FreeBSD version and a
+ version that runs under Linux emulation.</para>
+
+ <para>To browse the Web with the FreeBSD version of <application>Opera</application>,
+ install the package:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r opera</userinput></screen>
+
+ <para>Some FTP sites do not have all the packages, but the same
+ result can be obtained with the Ports Collection by
+ typing:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/www/opera</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>To install the Linux version of
+ <application>Opera</application>, substitute
+ <literal>linux-opera</literal> in place of
+ <literal>opera</literal> in the examples above. The Linux
+ version is useful in situations requiring the use of plug-ins
+ that are only available for Linux, such as <application>Adobe
+ &acrobat.reader;</application>. In all other respects, the
+ FreeBSD and Linux versions appear to be functionally
+ identical.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Firefox</title>
+ <indexterm>
+ <primary><application>Firefox</application></primary>
+ </indexterm>
+
+ <para><application>Firefox</application> is the next-generation
+ browser based on the <application>Mozilla</application>
+ codebase. <application>Mozilla</application> is a complete
+ suite of applications, such as a browser, a mail client, a chat
+ client and much more. <application>Firefox</application> is
+ just a browser, which makes it smaller and faster.</para>
+
+ <para>Install the package by typing:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r firefox</userinput></screen>
+
+ <para>You can also use the Ports Collection if you
+ prefer to compile from source code:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/www/firefox</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+ <sect2>
+ <title>Konqueror</title>
+ <indexterm>
+ <primary><application>Konqueror</application></primary>
+ </indexterm>
+
+ <para><application>Konqueror</application> is part of
+ <application>KDE</application> but it can also be used outside
+ of <application>KDE</application> by installing
+ <filename role="package">x11/kdebase3</filename>.
+ <application>Konqueror</application> is much more than a browser,
+ it is also a file manager and a multimedia viewer.</para>
+
+ <para><application>Konqueror</application> also comes with a set of plugins,
+ available in <filename role="package">misc/konq-plugins</filename>.</para>
+
+ <para><application>Konqueror</application> also supports <application>&flash;</application> and a How To
+ is available at <ulink url="http://freebsd.kde.org/howto.php"></ulink>.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="desktop-productivity">
+ <title>Productivity</title>
+
+ <para>When it comes to productivity, new users often look for a
+ good office suite or a friendly word processor. While some
+ <link linkend="x11-wm">desktop environments</link> like
+ <application>KDE</application> already provide an office suite,
+ there is no default application. FreeBSD provides all that is
+ needed, regardless of your desktop environment.</para>
+
+ <para>This section covers these applications:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>Application Name</entry>
+ <entry>Resources Needed</entry>
+ <entry>Installation from Ports</entry>
+ <entry>Major Dependencies</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><application>KOffice</application></entry>
+ <entry>light</entry>
+ <entry>heavy</entry>
+ <entry><application>KDE</application></entry>
+ </row>
+
+ <row>
+ <entry><application>AbiWord</application></entry>
+ <entry>light</entry>
+ <entry>light</entry>
+ <entry><application>Gtk+</application> or <application>GNOME</application></entry>
+ </row>
+
+ <row>
+ <entry><application>The Gimp</application></entry>
+ <entry>light</entry>
+ <entry>heavy</entry>
+ <entry><application>Gtk+</application></entry>
+ </row>
+
+ <row>
+ <entry><application>OpenOffice.org</application></entry>
+ <entry>heavy</entry>
+ <entry>huge</entry>
+ <entry><application>&jdk; 1.4</application>, <application>Mozilla</application></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <sect2>
+ <title>KOffice</title>
+ <indexterm>
+ <primary><application>KOffice</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary>office suite</primary>
+ <secondary><application>KOffice</application></secondary>
+ </indexterm>
+
+ <para>The KDE community has provided its desktop environment
+ with an office suite which can be used outside
+ <application>KDE</application>. It includes the four standard
+ components that can be found in other office suites.
+ <application>KWord</application> is the word processor,
+ <application>KSpread</application> is the spreadsheet program,
+ <application>KPresenter</application> manages slide
+ presentations, and <application>Kontour</application> lets you
+ draw graphical documents.</para>
+
+ <para>Before installing the latest
+ <application>KOffice</application>, make sure you have an
+ up-to-date version of <application>KDE</application>.</para>
+
+ <para>To install <application>KOffice</application> as a
+ package, issue the following command:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r koffice</userinput></screen>
+
+ <para>If the package is not available, you can use the ports
+ collection. For instance, to install
+ <application>KOffice</application> for
+ <application>KDE3</application>, do:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/editors/koffice-kde3</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>AbiWord</title>
+ <indexterm>
+ <primary><application>AbiWord</application></primary>
+ </indexterm>
+
+ <para><application>AbiWord</application> is a free word
+ processing program similar in look and feel to <application>&microsoft; Word</application>.
+ It is suitable for typing papers, letters, reports, memos, and
+ so forth. It is very fast, contains many features, and is
+ very user-friendly.</para>
+
+ <para><application>AbiWord</application> can import or export
+ many file formats, including some proprietary ones like
+ Microsoft <filename>.doc</filename>.</para>
+
+ <para><application>AbiWord</application> is available as a
+ package. You can install it by:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r abiword</userinput></screen>
+
+ <para>If the package is not available, it can be compiled from
+ the Ports Collection. The Ports Collection should be more
+ up to date. It can be done as follows:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/editors/abiword</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>The GIMP</title>
+ <indexterm>
+ <primary><application>The GIMP</application></primary>
+ </indexterm>
+
+ <para>For image authoring or picture retouching,
+ <application>The GIMP</application> is a very sophisticated
+ image manipulation program. It can be used as a simple paint
+ program or as a quality photo retouching suite. It supports a
+ large number of plug-ins and features a scripting interface.
+ <application>The GIMP</application> can read and write a wide
+ range of file formats. It supports interfaces with scanners
+ and tablets.</para>
+
+ <para>You can install the package by issuing this
+ command:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r gimp</userinput></screen>
+
+ <para>If your FTP site does not have this package, you can use
+ the Ports Collection. The
+ <ulink url="http://www.FreeBSD.org/ports/graphics.html">graphics</ulink>
+ directory of the Ports Collection also contains
+ <application>The Gimp Manual</application>. Here is how to
+ get them installed:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/graphics/gimp</userinput>
+&prompt.root; <userinput>make install clean</userinput>
+&prompt.root; <userinput>cd /usr/ports/graphics/gimp-manual-pdf</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <note>
+ <para>The
+ <ulink url="http://www.FreeBSD.org/ports/graphics.html">graphics</ulink>
+ directory of the Ports Collection holds the development
+ version of <application>The GIMP</application> in
+ <filename role="package">graphics/gimp-devel</filename>.
+ An HTML version of
+ <application>The Gimp Manual</application> is available from
+ <filename role="package">graphics/gimp-manual-html</filename>.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>OpenOffice.org</title>
+ <indexterm>
+ <primary><application>OpenOffice.org</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary>office suite</primary>
+ <secondary><application>OpenOffice.org</application></secondary>
+ </indexterm>
+
+ <para><application>OpenOffice.org</application> includes all of the
+ mandatory applications in a complete office productivity
+ suite: a word processor, a spreadsheet, a presentation manager,
+ and a drawing program. Its user interface is very similar
+ to other office suites, and it can import and export in various
+ popular file formats. It is available in a number of
+ different languages including interfaces, spell checkers, and
+ dictionaries.</para>
+
+ <para>The word processor of
+ <application>OpenOffice.org</application> uses a native XML
+ file format for increased portability and flexibility. The
+ spreadsheet program features a macro language and it can be
+ interfaced with external databases.
+ <application>OpenOffice.org</application> is already stable
+ and runs natively on &windows;, &solaris;, Linux, FreeBSD,
+ and &macos;&nbsp;X. More
+ information about <application>OpenOffice.org</application>
+ can be found on the
+ <ulink url="http://www.openoffice.org/">OpenOffice.org web site</ulink>.
+ For FreeBSD specific information, and to directly
+ download packages use the <ulink
+ url="http://porting.openoffice.org/freebsd/">FreeBSD OpenOffice.org
+ Porting Team</ulink>'s web site.</para>
+
+ <para>To install <application>OpenOffice.org</application>,
+ do:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r openoffice</userinput></screen>
+
+ <note>
+ <para>When running a -RELEASE version of &os;, this should work.
+ Otherwise, you should look on the &os; <application>OpenOffice.org</application> Porting Team's
+ web site to download and install the appropriate package
+ using &man.pkg.add.1;. Both the current release and
+ development version are available for download at this
+ location.</para>
+ </note>
+
+ <para>Once the package is installed, you just have to type the
+ following command to run
+ <application>OpenOffice.org</application>:</para>
+
+ <screen>&prompt.user; <userinput>openoffice.org</userinput></screen>
+
+ <note>
+ <para>During the first launch, you will be asked some
+ questions and a <filename>.openoffice.org2</filename> folder
+ will be created in your home directory.</para>
+ </note>
+
+ <para>If the <application>OpenOffice.org</application> packages
+ are not available, you still have the option to compile the
+ port. However, you must bear in mind that it requires a lot of
+ disk space and a fairly long time to compile.</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/editors/openoffice.org-2.0</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <note>
+ <para>If you want to build a localized version, replace the
+ previous command line with the following:</para>
+
+ <screen>&prompt.root; <userinput>make LOCALIZED_LANG=<replaceable>your_language</replaceable> install clean</userinput></screen>
+
+ <para>You have to replace
+ <replaceable>your_language</replaceable> with the correct
+ language ISO-code. A list of supported language codes is
+ available in the
+ <filename>files/Makefile.localized</filename> file, located
+ in the port directory.</para>
+ </note>
+
+ <para>Once this is done,
+ <application>OpenOffice.org</application> can be launched with
+ the command:</para>
+
+ <screen>&prompt.user; <userinput>openoffice.org</userinput></screen>
+ </sect2>
+ </sect1>
+
+ <sect1 id="desktop-viewers">
+ <title>Document Viewers</title>
+
+ <para>Some new document formats have recently gained popularity.
+ The standard viewers they require may not be available in the
+ base system. We will see how to install them in this
+ section.</para>
+
+ <para>This section covers these applications:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>Application Name</entry>
+ <entry>Resources Needed</entry>
+ <entry>Installation from Ports</entry>
+ <entry>Major Dependencies</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><application>&acrobat.reader;</application></entry>
+ <entry>light</entry>
+ <entry>light</entry>
+ <entry>Linux Binary Compatibility</entry>
+ </row>
+
+ <row>
+ <entry><application>gv</application></entry>
+ <entry>light</entry>
+ <entry>light</entry>
+ <entry><application>Xaw3d</application></entry>
+ </row>
+
+ <row>
+ <entry><application>Xpdf</application></entry>
+ <entry>light</entry>
+ <entry>light</entry>
+ <entry><application>FreeType</application></entry>
+ </row>
+
+ <row>
+ <entry><application>GQview</application></entry>
+ <entry>light</entry>
+ <entry>light</entry>
+ <entry><application>Gtk+</application> or <application>GNOME</application></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <sect2>
+ <title>&acrobat.reader;</title>
+ <indexterm>
+ <primary><application>Acrobat Reader</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary>PDF</primary>
+ <secondary>viewing</secondary>
+ </indexterm>
+
+ <para>Many documents are now distributed as PDF files,
+ which stands for <quote>Portable Document Format</quote>. One
+ of the recommended viewers for these types of files is
+ <application>&acrobat.reader;</application>, released by Adobe
+ for Linux. As FreeBSD can run Linux binaries, it is also
+ available for FreeBSD.</para>
+
+ <para>To install <application>&acrobat.reader; 7</application> from
+ the Ports collection, do:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/print/acroread7</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>A package is not available due to licencing restrictions.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>gv</title>
+ <indexterm>
+ <primary><application>gv</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary>PDF</primary>
+ <secondary>viewing</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>PostScript</primary>
+ <secondary>viewing</secondary>
+ </indexterm>
+
+ <para><application>gv</application> is a &postscript; and PDF
+ viewer. It is originally based on
+ <application>ghostview</application> but it has a nicer look
+ thanks to the <application>Xaw3d</application> library. It is fast and its interface is
+ clean. <application>gv</application> has many features like
+ orientation, paper size, scale, or antialias. Almost any
+ operation can be done either from the keyboard or the
+ mouse.</para>
+
+ <para>To install <application>gv</application> as a package,
+ do:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r gv</userinput></screen>
+
+ <para>If you cannot get the package, you can use the Ports
+ collection:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/print/gv</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Xpdf</title>
+ <indexterm>
+ <primary><application>Xpdf</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary>PDF</primary>
+ <secondary>viewing</secondary>
+ </indexterm>
+
+ <para>If you want a small FreeBSD PDF viewer,
+ <application>Xpdf</application> is a light-weight and
+ efficient viewer. It requires very few resources and is
+ very stable. It uses the standard X fonts and does not
+ require <application>&motif;</application> or any other X toolkit.</para>
+
+ <para>To install the <application>Xpdf</application> package,
+ issue this command:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r xpdf</userinput></screen>
+
+ <para>If the package is not available or you prefer to use the
+ Ports Collection, do:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/graphics/xpdf</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>Once the installation is complete, you can launch
+ <application>Xpdf</application> and use the right mouse button
+ to activate the menu.</para>
+ </sect2>
+
+ <sect2>
+ <title>GQview</title>
+ <indexterm>
+ <primary><application>GQview</application></primary>
+ </indexterm>
+
+ <para><application>GQview</application> is an image manager.
+ You can view a file with a single click, launch an external
+ editor, get thumbnail previews, and much more. It also
+ features a slideshow mode and some basic file operations. You
+ can manage image collections and easily find duplicates.
+ <application>GQview</application> can do full screen viewing
+ and supports internationalization.</para>
+
+ <para>If you want to install the
+ <application>GQview</application> package, do:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r gqview</userinput></screen>
+
+ <para>If the package is not available or you prefer to use the
+ Ports Collection, do:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/graphics/gqview</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+ </sect1>
+
+ <sect1 id="desktop-finance">
+ <title>Finance</title>
+
+ <para>If, for any reason, you would like to manage your personal
+ finances on your FreeBSD Desktop, there are some powerful and
+ easy to use applications ready to be installed. Some of them
+ are compatible with widespread file formats like those of
+ <application><trademark class="registered">Quicken</trademark></application> or <application>Excel</application> documents.</para>
+
+ <para>This section covers these applications:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>Application Name</entry>
+ <entry>Resources Needed</entry>
+ <entry>Installation from Ports</entry>
+ <entry>Major Dependencies</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><application>GnuCash</application></entry>
+ <entry>light</entry>
+ <entry>heavy</entry>
+ <entry><application>GNOME</application></entry>
+ </row>
+
+ <row>
+ <entry><application>Gnumeric</application></entry>
+ <entry>light</entry>
+ <entry>heavy</entry>
+ <entry><application>GNOME</application></entry>
+ </row>
+
+ <row>
+ <entry><application>Abacus</application></entry>
+ <entry>light</entry>
+ <entry>light</entry>
+ <entry><application>Tcl/Tk</application></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <sect2>
+ <title>GnuCash</title>
+ <indexterm>
+ <primary><application>GnuCash</application></primary>
+ </indexterm>
+
+ <para><application>GnuCash</application> is part of the
+ <application>GNOME</application> effort to provide
+ user-friendly yet powerful applications to end-users. With
+ <application>GnuCash</application>, you can keep track of your
+ income and expenses, your bank accounts, or your stocks. It
+ features an intuitive interface while remaining very
+ professional.</para>
+
+ <para><application>GnuCash</application> provides a smart
+ register, a hierarchical system of accounts, many keyboard
+ accelerators and auto-completion methods. It can split a
+ single transaction into several more detailed pieces.
+ <application>GnuCash</application> can import and merge
+ <application>Quicken</application> QIF files. It also handles most international date
+ and currency formats.</para>
+
+ <para>To install <application>GnuCash</application> on your
+ system, do:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r gnucash</userinput></screen>
+
+ <para>If the package is not available, you can use the ports
+ collection:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/finance/gnucash</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Gnumeric</title>
+ <indexterm>
+ <primary><application>Gnumeric</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary>spreadsheet</primary>
+ <secondary><application>Gnumeric</application></secondary>
+ </indexterm>
+
+ <para><application>Gnumeric</application> is a spreadsheet, part
+ of the <application>GNOME</application> desktop environment.
+ It features convenient automatic <quote>guessing</quote> of user
+ input according to the cell format and an autofill system for
+ many sequences. It can import files in a number of popular
+ formats like those of <application>Excel</application>, <application>Lotus 1-2-3</application>, or <application>Quattro Pro</application>.
+ <application>Gnumeric</application> supports graphs through
+ the <filename role="package">math/guppi</filename> graphing
+ program. It has a large number of built-in functions and
+ allows all of the usual cell formats such as number, currency,
+ date, time, and much more.</para>
+
+ <para>To install <application>Gnumeric</application> as a
+ package, type in:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r gnumeric</userinput></screen>
+
+ <para>If the package is not available, you can use the ports
+ collection by doing:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/math/gnumeric</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Abacus</title>
+ <indexterm>
+ <primary><application>Abacus</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary>spreadsheet</primary>
+ <secondary><application>Abacus</application></secondary>
+ </indexterm>
+
+ <para><application>Abacus</application> is a small and easy to
+ use spreadsheet. It includes many built-in functions useful
+ in several domains such as statistics, finances, and
+ mathematics. It can import and export the <application>Excel</application> file format.
+ <application>Abacus</application> can produce &postscript;
+ output.</para>
+
+ <para>To install <application>Abacus</application> from its
+ package, do:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r abacus</userinput></screen>
+
+ <para>If the package is not available, you can use the ports
+ collection by doing:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/deskutils/abacus</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect2>
+ </sect1>
+
+ <sect1 id="desktop-summary">
+ <title>Summary</title>
+
+ <para>While FreeBSD is popular among ISPs for its performance and
+ stability, it is quite ready for day-to-day use as a desktop.
+ With several thousand applications available as
+ <ulink url="http://www.FreeBSD.org/where.html">packages</ulink> or
+ <ulink url="http://www.FreeBSD.org/ports/index.html">ports</ulink>,
+ you can build a perfect desktop that suits all your needs.</para>
+
+ <para>Once you have achieved the installation of your desktop, you
+ may want to go one step further with
+ <filename role="package">misc/instant-workstation</filename>.
+ This <quote>meta-port</quote> allows you to build a typical set
+ of ports for a workstation. You can customize it by editing
+ <filename>/usr/ports/misc/instant-workstation/Makefile</filename>.
+ Follow the syntax used for the default set to add or remove
+ ports, and build it with the usual procedure.
+ Eventually, you will be able to create a big package that
+ corresponds to your very own desktop and install it to your
+ other workstations!</para>
+
+ <para>Here is a quick review of all the desktop applications
+ covered in this chapter:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Application Name</entry>
+ <entry>Package Name</entry>
+ <entry>Ports Name</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><application>Mozilla</application></entry>
+ <entry><literal>mozilla</literal></entry>
+ <entry><filename role="package">www/mozilla</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>Opera</application></entry>
+ <entry><literal>opera</literal></entry>
+ <entry><filename role="package">www/opera</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>Firefox</application></entry>
+ <entry><literal>firefox</literal></entry>
+ <entry><filename role="package">www/firefox</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>KOffice</application></entry>
+ <entry><literal>koffice-kde3</literal></entry>
+ <entry><filename role="package">editors/koffice-kde3</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>AbiWord</application></entry>
+ <entry><literal>abiword</literal></entry>
+ <entry><filename role="package">editors/abiword</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>The GIMP</application></entry>
+ <entry><literal>gimp</literal></entry>
+ <entry><filename role="package">graphics/gimp</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>OpenOffice.org</application></entry>
+ <entry><literal>openoffice</literal></entry>
+ <entry><filename role="package">editors/openoffice-1.1</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>&acrobat.reader;</application></entry>
+ <entry><literal>acroread</literal></entry>
+ <entry><filename role="package">print/acroread7</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>gv</application></entry>
+ <entry><literal>gv</literal></entry>
+ <entry><filename role="package">print/gv</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>Xpdf</application></entry>
+ <entry><literal>xpdf</literal></entry>
+ <entry><filename role="package">graphics/xpdf</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>GQview</application></entry>
+ <entry><literal>gqview</literal></entry>
+ <entry><filename role="package">graphics/gqview</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>GnuCash</application></entry>
+ <entry><literal>gnucash</literal></entry>
+ <entry><filename role="package">finance/gnucash</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>Gnumeric</application></entry>
+ <entry><literal>gnumeric</literal></entry>
+ <entry><filename role="package">math/gnumeric</filename></entry>
+ </row>
+
+ <row>
+ <entry><application>Abacus</application></entry>
+ <entry><literal>abacus</literal></entry>
+ <entry><filename role="package">deskutils/abacus</filename></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/disks/Makefile b/zh_TW.Big5/books/handbook/disks/Makefile
new file mode 100644
index 0000000000..140975c79e
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/disks/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= disks/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/disks/chapter.sgml b/zh_TW.Big5/books/handbook/disks/chapter.sgml
new file mode 100644
index 0000000000..0ee4475317
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/disks/chapter.sgml
@@ -0,0 +1,3904 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="disks">
+ <title>Storage</title>
+
+ <sect1 id="disks-synopsis">
+ <title>Synopsis</title>
+
+
+ <para>This chapter covers the use of disks in FreeBSD. This
+ includes memory-backed disks, network-attached disks,
+ standard SCSI/IDE storage devices, and devices using the USB
+ interface.</para>
+
+ <para>After reading this chapter, you will know:</para>
+ <itemizedlist>
+ <listitem><para>The terminology FreeBSD uses to describe the
+ organization of data on a physical disk (partitions and slices).</para>
+ </listitem>
+ <listitem><para>How to add additional hard disks to your system.</para>
+ </listitem>
+ <listitem>
+ <para>How to configure &os; to use USB storage devices.</para>
+ </listitem>
+ <listitem><para>How to set up virtual file systems, such as memory
+ disks.</para></listitem>
+ <listitem>
+ <para>How to use quotas to limit disk space usage.</para>
+ </listitem>
+ <listitem>
+ <para>How to encrypt disks to secure them against attackers.</para>
+ </listitem>
+ <listitem>
+ <para>How to create and burn CDs and DVDs on FreeBSD.</para>
+ </listitem>
+ <listitem>
+ <para>The various storage media options for backups.</para>
+ </listitem>
+ <listitem>
+ <para>How to use backup programs available under FreeBSD.</para>
+ </listitem>
+ <listitem>
+ <para>How to backup to floppy disks.</para>
+ </listitem>
+ <listitem>
+ <para>What snapshots are and how to use them efficiently.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Know how to configure and install a new FreeBSD kernel
+ (<xref linkend="kernelconfig">).</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="disks-naming">
+ <title>Device Names</title>
+
+ <para>The following is a list of physical storage devices
+ supported in FreeBSD, and the device names associated with
+ them.</para>
+
+ <table id="disk-naming-physical-table" frame="none">
+ <title>Physical Disk Naming Conventions</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Drive type</entry>
+ <entry>Drive device name</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>IDE hard drives</entry>
+ <entry><literal>ad</literal></entry>
+ </row>
+ <row>
+ <entry>IDE CDROM drives</entry>
+ <entry><literal>acd</literal></entry>
+ </row>
+ <row>
+ <entry>SCSI hard drives and USB Mass storage devices</entry>
+ <entry><literal>da</literal></entry>
+ </row>
+ <row>
+ <entry>SCSI CDROM drives</entry>
+ <entry><literal>cd</literal></entry>
+ </row>
+ <row>
+ <entry>Assorted non-standard CDROM drives</entry>
+ <entry><literal>mcd</literal> for Mitsumi CD-ROM,
+ <literal>scd</literal> for Sony CD-ROM,
+ <literal>matcd</literal> for Matsushita/Panasonic CD-ROM
+ <footnote>
+ <para>The &man.matcd.4; driver has been removed
+ in FreeBSD&nbsp;4.X branch since October 5th,
+ 2002 and does not exist in FreeBSD&nbsp;5.0 and
+ later releases.</para>
+ </footnote>
+ </entry>
+ </row>
+ <row>
+ <entry>Floppy drives</entry>
+ <entry><literal>fd</literal></entry>
+ </row>
+ <row>
+ <entry>SCSI tape drives</entry>
+ <entry><literal>sa</literal></entry>
+ </row>
+ <row>
+ <entry>IDE tape drives</entry>
+ <entry><literal>ast</literal></entry>
+ </row>
+ <row>
+ <entry>Flash drives</entry>
+ <entry><literal>fla</literal> for &diskonchip; Flash device</entry>
+ </row>
+ <row>
+ <entry>RAID drives</entry>
+ <entry><literal>aacd</literal> for &adaptec; AdvancedRAID,
+ <literal>mlxd</literal> and <literal>mlyd</literal>
+ for &mylex;,
+ <literal>amrd</literal> for AMI &megaraid;,
+ <literal>idad</literal> for Compaq Smart RAID,
+ <literal>twed</literal> for &tm.3ware; RAID.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect1>
+
+ <sect1 id="disks-adding">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>David</firstname>
+ <surname>O'Brien</surname>
+ <contrib>Originally contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 26 Apr 1998 -->
+ </sect1info>
+
+ <title>Adding Disks</title>
+
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>adding</secondary>
+ </indexterm>
+
+ <para>Lets say we want to add a new SCSI disk to a machine that
+ currently only has a single drive. First turn off the computer
+ and install the drive in the computer following the instructions
+ of the computer, controller, and drive manufacturer. Due to the
+ wide variations of procedures to do this, the details are beyond
+ the scope of this document.</para>
+
+ <para>Login as user <username>root</username>. After you have installed the
+ drive, inspect <filename>/var/run/dmesg.boot</filename> to ensure the new
+ disk was found. Continuing with our example, the newly added drive will
+ be <devicename>da1</devicename> and we want to mount it on
+ <filename>/1</filename> (if you are adding an IDE drive, the device name
+ will be <devicename>wd1</devicename> in pre-4.0 systems, or
+ <devicename>ad1</devicename> in 4.X and 5.X systems).</para>
+
+ <indexterm><primary>partitions</primary></indexterm>
+ <indexterm><primary>slices</primary></indexterm>
+ <indexterm>
+ <primary><command>fdisk</command></primary>
+ </indexterm>
+
+ <para>FreeBSD runs on IBM-PC compatible computers, therefore it must
+ take into account the PC BIOS partitions. These are different
+ from the traditional BSD partitions. A PC disk has up to four
+ BIOS partition entries. If the disk is going to be truly
+ dedicated to FreeBSD, you can use the
+ <emphasis>dedicated</emphasis> mode. Otherwise, FreeBSD will
+ have to live within one of the PC BIOS partitions. FreeBSD
+ calls the PC BIOS partitions <emphasis>slices</emphasis> so as
+ not to confuse them with traditional BSD partitions. You may
+ also use slices on a disk that is dedicated to FreeBSD, but used
+ in a computer that also has another operating system installed.
+ This is a good way to avoid confusing the <command>fdisk</command> utility of
+ other, non-FreeBSD operating systems.</para>
+
+ <para>In the slice case the drive will be added as
+ <filename>/dev/da1s1e</filename>. This is read as: SCSI disk,
+ unit number 1 (second SCSI disk), slice 1 (PC BIOS partition 1),
+ and <filename>e</filename> BSD partition. In the dedicated
+ case, the drive will be added simply as
+ <filename>/dev/da1e</filename>.</para>
+
+ <para>Due to the use of 32-bit integers to store the number of sectors,
+ &man.bsdlabel.8; (called &man.disklabel.8; in &os;&nbsp;4.X) is
+ limited to 2^32-1 sectors per disk or 2TB in most cases. The
+ &man.fdisk.8; format allows a starting sector of no more than
+ 2^32-1 and a length of no more than 2^32-1, limiting partitions to
+ 2TB and disks to 4TB in most cases. The &man.sunlabel.8; format
+ is limited to 2^32-1 sectors per partition and 8 partitions for
+ a total of 16TB. For larger disks, &man.gpt.8; partitions may be
+ used.</para>
+
+ <sect2>
+ <title>Using &man.sysinstall.8;</title>
+ <indexterm>
+ <primary><application>sysinstall</application></primary>
+ <secondary>adding disks</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>su</primary>
+ </indexterm>
+ <procedure>
+ <step>
+ <title>Navigating <application>Sysinstall</application></title>
+
+ <para>You may use <command>sysinstall</command>
+ (<command>/stand/sysinstall</command> in &os; versions older
+ than 5.2) to
+ partition and label a new disk using its easy to use menus.
+ Either login as user <username>root</username> or use the
+ <command>su</command> command. Run
+ <command>sysinstall</command> and enter the
+ <literal>Configure</literal> menu. Within the
+ <literal>FreeBSD Configuration Menu</literal>, scroll down and
+ select the <literal>Fdisk</literal> option.</para>
+ </step>
+
+ <step>
+ <title><application>fdisk</application> Partition Editor</title>
+ <para>Once inside <application>fdisk</application>, typing <userinput>A</userinput> will
+ use the entire disk for FreeBSD. When asked if you want to
+ <quote>remain cooperative with any future possible operating
+ systems</quote>, answer <literal>YES</literal>. Write the
+ changes to the disk using <userinput>W</userinput>. Now exit the
+ FDISK editor by typing <userinput>q</userinput>. Next you will be
+ asked about the <quote>Master Boot Record</quote>. Since you are adding a
+ disk to an already running system, choose
+ <literal>None</literal>.</para>
+ </step>
+
+ <step>
+ <title>Disk Label Editor</title>
+ <indexterm><primary>BSD partitions</primary></indexterm>
+
+ <para>Next, you need to exit <application>sysinstall</application>
+ and start it again. Follow the directions above, although this
+ time choose the <literal>Label</literal> option. This will
+ enter the <literal>Disk Label Editor</literal>. This
+ is where you will create the traditional BSD partitions. A
+ disk can have up to eight partitions, labeled
+ <literal>a-h</literal>.
+ A few of the partition labels have special uses. The
+ <literal>a</literal> partition is used for the root partition
+ (<filename>/</filename>). Thus only your system disk (e.g,
+ the disk you boot from) should have an <literal>a</literal>
+ partition. The <literal>b</literal> partition is used for
+ swap partitions, and you may have many disks with swap
+ partitions. The <literal>c</literal> partition addresses the
+ entire disk in dedicated mode, or the entire FreeBSD slice in
+ slice mode. The other partitions are for general use.</para>
+
+ <para><application>sysinstall</application>'s Label editor
+ favors the <literal>e</literal>
+ partition for non-root, non-swap partitions. Within the
+ Label editor, create a single file system by typing
+ <userinput>C</userinput>. When prompted if this will be a FS
+ (file system) or swap, choose <literal>FS</literal> and type in a
+ mount point (e.g, <filename>/mnt</filename>). When adding a
+ disk in post-install mode, <application>sysinstall</application>
+ will not create entries
+ in <filename>/etc/fstab</filename> for you, so the mount point
+ you specify is not important.</para>
+
+ <para>You are now ready to write the new label to the disk and
+ create a file system on it. Do this by typing
+ <userinput>W</userinput>. Ignore any errors from
+ <application>sysinstall</application> that
+ it could not mount the new partition. Exit the Label Editor
+ and <application>sysinstall</application> completely.</para>
+ </step>
+
+ <step>
+ <title>Finish</title>
+
+ <para>The last step is to edit <filename>/etc/fstab</filename>
+ to add an entry for your new disk.</para>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2>
+ <title>Using Command Line Utilities</title>
+
+ <sect3>
+ <title>Using Slices</title>
+
+ <para>This setup will allow your disk to work correctly with
+ other operating systems that might be installed on your
+ computer and will not confuse other operating systems'
+ <command>fdisk</command> utilities. It is recommended
+ to use this method for new disk installs. Only use
+ <literal>dedicated</literal> mode if you have a good reason
+ to do so!</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
+&prompt.root; <userinput>fdisk -BI da1</userinput> #Initialize your new disk
+&prompt.root; <userinput>disklabel -B -w -r da1s1 auto</userinput> #Label it.
+&prompt.root; <userinput>disklabel -e da1s1</userinput> # Edit the disklabel just created and add any partitions.
+&prompt.root; <userinput>mkdir -p /1</userinput>
+&prompt.root; <userinput>newfs /dev/da1s1e</userinput> # Repeat this for every partition you created.
+&prompt.root; <userinput>mount /dev/da1s1e /1</userinput> # Mount the partition(s)
+&prompt.root; <userinput>vi /etc/fstab</userinput> # Add the appropriate entry/entries to your <filename>/etc/fstab</filename>.</screen>
+
+ <para>If you have an IDE disk, substitute <filename>ad</filename>
+ for <filename>da</filename>. On pre-4.X systems use
+ <filename>wd</filename>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Dedicated</title>
+ <indexterm><primary>OS/2</primary></indexterm>
+
+ <para>If you will not be sharing the new drive with another operating
+ system, you may use the <literal>dedicated</literal> mode. Remember
+ this mode can confuse Microsoft operating systems; however, no damage
+ will be done by them. IBM's &os2; however, will
+ <quote>appropriate</quote> any partition it finds which it does not
+ understand.</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
+&prompt.root; <userinput>disklabel -Brw da1 auto</userinput>
+&prompt.root; <userinput>disklabel -e da1</userinput> # create the `e' partition
+&prompt.root; <userinput>newfs -d0 /dev/da1e</userinput>
+&prompt.root; <userinput>mkdir -p /1</userinput>
+&prompt.root; <userinput>vi /etc/fstab</userinput> # add an entry for /dev/da1e
+&prompt.root; <userinput>mount /1</userinput></screen>
+
+ <para>An alternate method is:</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 count=2</userinput>
+&prompt.root; <userinput>disklabel /dev/da1 | disklabel -BrR da1 /dev/stdin</userinput>
+&prompt.root; <userinput>newfs /dev/da1e</userinput>
+&prompt.root; <userinput>mkdir -p /1</userinput>
+&prompt.root; <userinput>vi /etc/fstab</userinput> # add an entry for /dev/da1e
+&prompt.root; <userinput>mount /1</userinput></screen>
+
+ <note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
+ utility replaces the old &man.disklabel.8; program. With
+ &man.bsdlabel.8; a number of obsolete options and parameters
+ have been retired; in the examples above the option
+ <option>-r</option> should be removed with &man.bsdlabel.8;.
+ For more information, please refer to the &man.bsdlabel.8;
+ manual page.</para></note>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="raid">
+ <title>RAID</title>
+
+ <sect2 id="raid-soft">
+ <title>Software RAID</title>
+
+ <sect3 id="ccd">
+ <sect3info>
+ <authorgroup>
+ <author>
+ <firstname>Christopher</firstname>
+ <surname>Shumway</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Brown</surname>
+ <contrib>Revised by </contrib>
+ </author>
+ </authorgroup>
+ </sect3info>
+
+<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
+<indexterm>
+ <primary>RAID</primary><secondary>CCD</secondary>
+</indexterm>
+
+ <title>Concatenated Disk Driver (CCD) Configuration</title>
+ <para>When choosing a mass storage solution the most important
+ factors to consider are speed, reliability, and cost. It is
+ rare to have all three in balance; normally a fast, reliable mass
+ storage device is expensive, and to cut back on cost either speed
+ or reliability must be sacrificed.</para>
+
+ <para>In designing the system described below, cost was chosen
+ as the most important factor, followed by speed, then reliability.
+ Data transfer speed for this system is ultimately
+ constrained by the network. And while reliability is very important,
+ the CCD drive described below serves online data that is already
+ fully backed up on CD-R's and can easily be replaced.</para>
+
+ <para>Defining your own requirements is the first step
+ in choosing a mass storage solution. If your requirements prefer
+ speed or reliability over cost, your solution will differ from
+ the system described in this section.</para>
+
+
+ <sect4 id="ccd-installhw">
+ <title>Installing the Hardware</title>
+
+ <para>In addition to the IDE system disk, three Western
+ Digital 30GB, 5400 RPM IDE disks form the core
+ of the CCD disk described below providing approximately
+ 90GB of online storage. Ideally,
+ each IDE disk would have its own IDE controller
+ and cable, but to minimize cost, additional
+ IDE controllers were not used. Instead the disks were
+ configured with jumpers so that each IDE controller has
+ one master, and one slave.</para>
+
+ <para>Upon reboot, the system BIOS was configured to
+ automatically detect the disks attached. More importantly,
+ FreeBSD detected them on reboot:</para>
+
+ <programlisting>ad0: 19574MB &lt;WDC WD205BA&gt; [39770/16/63] at ata0-master UDMA33
+ad1: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata0-slave UDMA33
+ad2: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata1-master UDMA33
+ad3: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata1-slave UDMA33</programlisting>
+
+ <note><para>If FreeBSD does not detect all the disks, ensure
+ that you have jumpered them correctly. Most IDE drives
+ also have a <quote>Cable Select</quote> jumper. This is
+ <emphasis>not</emphasis> the jumper for the master/slave
+ relationship. Consult the drive documentation for help in
+ identifying the correct jumper.</para></note>
+
+ <para>Next, consider how to attach them as part of the file
+ system. You should research both &man.vinum.8; (<xref
+ linkend="vinum-vinum">) and &man.ccd.4;. In this
+ particular configuration, &man.ccd.4; was chosen.</para>
+ </sect4>
+
+ <sect4 id="ccd-setup">
+ <title>Setting Up the CCD</title>
+
+ <para>The &man.ccd.4; driver allows you to take
+ several identical disks and concatenate them into one
+ logical file system. In order to use
+ &man.ccd.4;, you need a kernel with
+ &man.ccd.4; support built in.
+ Add this line to your kernel configuration file, rebuild, and
+ reinstall the kernel:</para>
+
+ <programlisting>pseudo-device ccd 4</programlisting>
+
+ <para>On 5.X systems, you have to use instead the following
+ line:</para>
+
+ <programlisting>device ccd</programlisting>
+
+ <note><para>In FreeBSD&nbsp;5.X, it is not necessary to specify
+ a number of &man.ccd.4; devices, as the &man.ccd.4; device driver is now
+ self-cloning &mdash; new device instances will automatically be
+ created on demand.</para></note>
+
+ <para>The &man.ccd.4; support can also be
+ loaded as a kernel loadable module in FreeBSD 3.0 or
+ later.</para>
+
+ <para>To set up &man.ccd.4;, you must first use
+ &man.disklabel.8; to label the disks:</para>
+
+ <programlisting>disklabel -r -w ad1 auto
+disklabel -r -w ad2 auto
+disklabel -r -w ad3 auto</programlisting>
+
+ <para>This creates a disklabel for <devicename>ad1c</devicename>, <devicename>ad2c</devicename> and <devicename>ad3c</devicename> that
+ spans the entire disk.</para>
+
+ <note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
+ utility replaces the old &man.disklabel.8; program. With
+ &man.bsdlabel.8; a number of obsolete options and parameters
+ have been retired; in the examples above the option
+ <option>-r</option> should be removed. For more
+ information, please refer to the &man.bsdlabel.8;
+ manual page.</para></note>
+
+ <para>The next step is to change the disk label type. You
+ can use &man.disklabel.8; to edit the
+ disks:</para>
+
+ <programlisting>disklabel -e ad1
+disklabel -e ad2
+disklabel -e ad3</programlisting>
+
+ <para>This opens up the current disk label on each disk with
+ the editor specified by the <envar>EDITOR</envar>
+ environment variable, typically &man.vi.1;.</para>
+
+ <para>An unmodified disk label will look something like
+ this:</para>
+
+ <programlisting>8 partitions:
+# size offset fstype [fsize bsize bps/cpg]
+ c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)</programlisting>
+
+ <para>Add a new <literal>e</literal> partition for &man.ccd.4; to use. This
+ can usually be copied from the <literal>c</literal> partition,
+ but the <option>fstype</option> <emphasis>must</emphasis>
+ be <userinput>4.2BSD</userinput>. The disk label should
+ now look something like this:</para>
+
+ <programlisting>8 partitions:
+# size offset fstype [fsize bsize bps/cpg]
+ c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)
+ e: 60074784 0 4.2BSD 0 0 0 # (Cyl. 0 - 59597)</programlisting>
+
+ </sect4>
+
+ <sect4 id="ccd-buildingfs">
+ <title>Building the File System</title>
+
+ <para>The device node for
+ <devicename>ccd0c</devicename> may not exist yet, so to
+ create it, perform the following commands:</para>
+
+ <programlisting>cd /dev
+sh MAKEDEV ccd0</programlisting>
+
+ <note><para>In FreeBSD 5.0, &man.devfs.5; will automatically
+ manage device nodes in <filename>/dev</filename>, so use of
+ <command>MAKEDEV</command> is not necessary.</para></note>
+
+ <para>Now that you have all the disks labeled, you must
+ build the &man.ccd.4;. To do that,
+ use &man.ccdconfig.8;, with options similar to the following:</para>
+
+ <programlisting>ccdconfig ccd0<co id="co-ccd-dev"> 32<co id="co-ccd-interleave"> 0<co id="co-ccd-flags"> /dev/ad1e<co id="co-ccd-devs"> /dev/ad2e /dev/ad3e</programlisting>
+
+ <para>The use and meaning of each option is shown below:</para>
+
+ <calloutlist>
+ <callout arearefs="co-ccd-dev">
+ <para>The first argument is the device to configure, in this case,
+ <filename>/dev/ccd0c</filename>. The <filename>/dev/</filename>
+ portion is optional.</para>
+ </callout>
+
+ <callout arearefs="co-ccd-interleave">
+
+ <para>The interleave for the file system. The interleave
+ defines the size of a stripe in disk blocks, each normally 512 bytes.
+ So, an interleave of 32 would be 16,384 bytes.</para>
+ </callout>
+
+ <callout arearefs="co-ccd-flags">
+ <para>Flags for &man.ccdconfig.8;. If you want to enable drive
+ mirroring, you can specify a flag here. This
+ configuration does not provide mirroring for
+ &man.ccd.4;, so it is set at 0 (zero).</para>
+ </callout>
+
+ <callout arearefs="co-ccd-devs">
+ <para>The final arguments to &man.ccdconfig.8;
+ are the devices to place into the array. Use the complete pathname
+ for each device.</para>
+ </callout>
+ </calloutlist>
+
+
+ <para>After running &man.ccdconfig.8; the &man.ccd.4;
+ is configured. A file system can be installed. Refer to &man.newfs.8;
+ for options, or simply run: </para>
+
+ <programlisting>newfs /dev/ccd0c</programlisting>
+
+
+ </sect4>
+
+ <sect4 id="ccd-auto">
+ <title>Making it All Automatic</title>
+
+ <para>Generally, you will want to mount the
+ &man.ccd.4; upon each reboot. To do this, you must
+ configure it first. Write out your current configuration to
+ <filename>/etc/ccd.conf</filename> using the following command:</para>
+
+ <programlisting>ccdconfig -g &gt; /etc/ccd.conf</programlisting>
+
+ <para>During reboot, the script <command>/etc/rc</command>
+ runs <command>ccdconfig -C</command> if <filename>/etc/ccd.conf</filename>
+ exists. This automatically configures the
+ &man.ccd.4; so it can be mounted.</para>
+
+ <note><para>If you are booting into single user mode, before you can
+ &man.mount.8; the &man.ccd.4;, you
+ need to issue the following command to configure the
+ array:</para>
+
+ <programlisting>ccdconfig -C</programlisting>
+ </note>
+
+ <para>To automatically mount the &man.ccd.4;,
+ place an entry for the &man.ccd.4; in
+ <filename>/etc/fstab</filename> so it will be mounted at
+ boot time:</para>
+
+ <programlisting>/dev/ccd0c /media ufs rw 2 2</programlisting>
+ </sect4>
+ </sect3>
+
+ <sect3 id="vinum">
+ <title>The Vinum Volume Manager</title>
+
+<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
+<indexterm>
+ <primary>RAID</primary>
+ <secondary>Vinum</secondary>
+</indexterm>
+
+ <para>The Vinum Volume Manager is a block device driver which
+ implements virtual disk drives. It isolates disk hardware
+ from the block device interface and maps data in ways which
+ result in an increase in flexibility, performance and
+ reliability compared to the traditional slice view of disk
+ storage. &man.vinum.8; implements the RAID-0, RAID-1 and
+ RAID-5 models, both individually and in combination.</para>
+
+ <para>See <xref linkend="vinum-vinum"> for more
+ information about &man.vinum.8;.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="raid-hard">
+ <title>Hardware RAID</title>
+
+ <indexterm>
+ <primary>RAID</primary>
+ <secondary>hardware</secondary>
+ </indexterm>
+
+ <para>FreeBSD also supports a variety of hardware <acronym>RAID</acronym>
+ controllers. These devices control a <acronym>RAID</acronym> subsystem
+ without the need for FreeBSD specific software to manage the
+ array.</para>
+
+ <para>Using an on-card <acronym>BIOS</acronym>, the card controls most of the disk operations
+ itself. The following is a brief setup description using a Promise <acronym>IDE</acronym> <acronym>RAID</acronym>
+ controller. When this card is installed and the system is started up, it
+ displays a prompt requesting information. Follow the instructions
+ to enter the card's setup screen. From here, you have the ability to
+ combine all the attached drives. After doing so, the disk(s) will look like
+ a single drive to FreeBSD. Other <acronym>RAID</acronym> levels can be set up
+ accordingly.
+ </para>
+ </sect2>
+
+ <sect2>
+ <title>Rebuilding ATA RAID1 Arrays</title>
+
+ <para>FreeBSD allows you to hot-replace a failed disk in an array. This requires
+ that you catch it before you reboot.</para>
+
+ <para>You will probably see something like the following in <filename>/var/log/messages</filename> or in the &man.dmesg.8;
+ output:</para>
+
+ <programlisting>ad6 on monster1 suffered a hard error.
+ad6: READ command timeout tag=0 serv=0 - resetting
+ad6: trying fallback to PIO mode
+ata3: resetting devices .. done
+ad6: hard error reading fsbn 1116119 of 0-7 (ad6 bn 1116119; cn 1107 tn 4 sn 11)\\
+status=59 error=40
+ar0: WARNING - mirror lost</programlisting>
+
+ <para>Using &man.atacontrol.8;, check for further information:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol list</userinput>
+ATA channel 0:
+ Master: no device present
+ Slave: acd0 &lt;HL-DT-ST CD-ROM GCR-8520B/1.00&gt; ATA/ATAPI rev 0
+
+ATA channel 1:
+ Master: no device present
+ Slave: no device present
+
+ATA channel 2:
+ Master: ad4 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
+ Slave: no device present
+
+ATA channel 3:
+ Master: ad6 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
+ Slave: no device present
+
+&prompt.root; <userinput>atacontrol status ar0</userinput>
+ar0: ATA RAID1 subdisks: ad4 ad6 status: DEGRADED</screen>
+
+ <procedure>
+ <step>
+ <para>You will first need to detach the ata channel with the failed
+ disk so you can safely remove it:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol detach ata3</userinput></screen>
+ </step>
+
+ <step>
+ <para>Replace the disk.</para>
+ </step>
+
+ <step>
+ <para>Reattach the ata channel:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol attach ata3</userinput>
+Master: ad6 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
+Slave: no device present</screen>
+ </step>
+
+ <step>
+ <para>Add the new disk to the array as a spare:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol addspare ar0 ad6</userinput></screen>
+ </step>
+
+ <step>
+ <para>Rebuild the array:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol rebuild ar0</userinput></screen>
+ </step>
+
+ <step>
+ <para>It is possible to check on the progress by issuing the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>dmesg | tail -10</userinput>
+[output removed]
+ad6: removed from configuration
+ad6: deleted from ar0 disk1
+ad6: inserted into ar0 disk1 as spare
+
+&prompt.root; <userinput>atacontrol status ar0</userinput>
+ar0: ATA RAID1 subdisks: ad4 ad6 status: REBUILDING 0% completed</screen>
+ </step>
+
+ <step>
+ <para>Wait until this operation completes.</para>
+ </step>
+ </procedure>
+ </sect2>
+ </sect1>
+
+ <sect1 id="usb-disks">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- Jul 2004 -->
+ </sect1info>
+
+ <title>USB Storage Devices</title>
+ <indexterm>
+ <primary>USB</primary>
+ <secondary>disks</secondary>
+ </indexterm>
+
+ <para>A lot of external storage solutions, nowadays, use the
+ Universal Serial Bus (USB): hard drives, USB thumbdrives, CD-R
+ burners, etc. &os; provides support for these devices.</para>
+
+ <sect2>
+ <title>Configuration</title>
+
+ <para>The USB mass storage devices driver, &man.umass.4;,
+ provides the support for USB storage devices. If you use the
+ <filename>GENERIC</filename> kernel, you do not have to change
+ anything in your configuration. If you use a custom kernel,
+ be sure that the following lines are present in your kernel
+ configuration file:</para>
+
+ <programlisting>device scbus
+device da
+device pass
+device uhci
+device ohci
+device usb
+device umass</programlisting>
+
+ <para>The &man.umass.4; driver uses the SCSI subsystem to access
+ to the USB storage devices, your USB device will be seen as a
+ SCSI device by the system. Depending on the USB chipset on
+ your motherboard, you only need either <literal>device
+ uhci</literal> or <literal>device ohci</literal>, however
+ having both in the kernel configuration file is harmless. Do
+ not forget to compile and install the new kernel if you added
+ any lines.</para>
+
+ <note>
+ <para>If your USB device is a CD-R or DVD burner, the SCSI CD-ROM
+ driver, &man.cd.4;, must be added to the kernel via the
+ line:</para>
+
+ <programlisting>device cd</programlisting>
+
+ <para>Since the burner is seen as a SCSI drive, the driver
+ &man.atapicam.4; should not be used in the kernel
+ configuration.</para>
+ </note>
+
+ <para>Support for USB 2.0 controllers is provided on
+ &os;&nbsp;5.X, and on the 4.X branch since &os;&nbsp;4.10-RELEASE.
+ You have to add:</para>
+
+ <programlisting>device ehci</programlisting>
+
+ <para>to your configuration file for USB 2.0 support. Note
+ &man.uhci.4; and &man.ohci.4; drivers are still needed if you
+ want USB 1.X support.</para>
+
+ <note>
+ <para>On &os;&nbsp;4.X, the USB daemon (&man.usbd.8;) must be
+ running to be able to see some USB devices. To enable it,
+ add <literal>usbd_enable="YES"</literal> to your
+ <filename>/etc/rc.conf</filename> file and reboot the
+ machine.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Testing the Configuration</title>
+
+ <para>The configuration is ready to be tested: plug in your USB
+ device, and in the system message buffer (&man.dmesg.8;), the
+ drive should appear as something like:</para>
+
+ <screen>umass0: USB Solid state disk, rev 1.10/1.00, addr 2
+GEOM: create disk da0 dp=0xc2d74850
+da0 at umass-sim0 bus 0 target 0 lun 0
+da0: &lt;Generic Traveling Disk 1.11&gt; Removable Direct Access SCSI-2 device
+da0: 1.000MB/s transfers
+da0: 126MB (258048 512 byte sectors: 64H 32S/T 126C)</screen>
+
+ <para>Of course, the brand, the device node
+ (<devicename>da0</devicename>) and other details can differ
+ according to your configuration.</para>
+
+ <para>Since the USB device is seen as a SCSI one, the
+ <command>camcontrol</command> command can be used to list the
+ USB storage devices attached to the system:</para>
+
+ <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
+&lt;Generic Traveling Disk 1.11&gt; at scbus0 target 0 lun 0 (da0,pass0)</screen>
+
+ <para>If the drive comes with a file system, you should be able
+ to mount it. The <xref linkend="disks-adding"> will help you
+ to format and create partitions on the USB drive if
+ needed.</para>
+
+ <para>If you unplug the device (the disk must be unmounted
+ before), you should see, in the system message buffer,
+ something like the following:</para>
+
+ <screen>umass0: at uhub0 port 1 (addr 2) disconnected
+(da0:umass-sim0:0:0:0): lost device
+(da0:umass-sim0:0:0:0): removing device entry
+GEOM: destroy disk da0 dp=0xc2d74850
+umass0: detached</screen>
+ </sect2>
+
+ <sect2>
+ <title>Further Reading</title>
+
+ <para>Beside the <link linkend="disks-adding">Adding
+ Disks</link> and <link linkend="mount-unmount">Mounting and
+ Unmounting File Systems</link> sections, reading various
+ manual pages may be also useful: &man.umass.4;,
+ &man.camcontrol.8;, and &man.usbdevs.8;.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="creating-cds">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Mike</firstname>
+ <surname>Meyer</surname>
+ <contrib>Contributed by </contrib>
+ <!-- mwm@mired.org -->
+ </author>
+ </authorgroup>
+ <!-- Apr 2001 -->
+ </sect1info>
+
+ <title>Creating and Using Optical Media (CDs)</title>
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>creating</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Introduction</title>
+
+ <para>CDs have a number of features that differentiate them from
+ conventional disks. Initially, they were not writable by the
+ user. They are designed so that they can be read continuously without
+ delays to move the head between tracks. They are also much easier
+ to transport between systems than similarly sized media were at the
+ time.</para>
+
+ <para>CDs do have tracks, but this refers to a section of data to
+ be read continuously and not a physical property of the disk. To
+ produce a CD on FreeBSD, you prepare the data files that are going
+ to make up the tracks on the CD, then write the tracks to the
+ CD.</para>
+
+ <indexterm><primary>ISO 9660</primary></indexterm>
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>ISO 9660</secondary>
+ </indexterm>
+ <para>The ISO 9660 file system was designed to deal with these
+ differences. It unfortunately codifies file system limits that were
+ common then. Fortunately, it provides an extension mechanism that
+ allows properly written CDs to exceed those limits while still
+ working with systems that do not support those extensions.</para>
+
+ <indexterm>
+ <primary><filename role="package">sysutils/cdrtools</filename></primary>
+ </indexterm>
+ <para>The <filename role="package">sysutils/cdrtools</filename>
+ port includes &man.mkisofs.8;, a program that you can use to
+ produce a data file containing an ISO 9660 file
+ system. It has options that support various extensions, and is
+ described below.</para>
+
+ <indexterm>
+ <primary>CD burner</primary>
+ <secondary>ATAPI</secondary>
+ </indexterm>
+ <para>Which tool to use to burn the CD depends on whether your CD burner
+ is ATAPI or something else. ATAPI CD burners use the <command><link
+ linkend="burncd">burncd</link></command> program that is part of
+ the base system. SCSI and USB CD burners should use
+ <command><link linkend="cdrecord">cdrecord</link></command> from
+ the <filename role="package">sysutils/cdrtools</filename> port.</para>
+
+ <para><command>burncd</command> has a limited number of
+ supported drives. To find out if a drive is supported, see the
+ <ulink url="http://www.freebsd.dk/ata/">CD-R/RW supported
+ drives</ulink> list.</para>
+
+ <note>
+ <indexterm>
+ <primary>CD burner</primary>
+ <secondary>ATAPI/CAM driver</secondary>
+ </indexterm>
+ <para>If you run &os;&nbsp;5.X, &os;&nbsp;4.8-RELEASE version or
+ higher, it will be possible to use <command><link
+ linkend="cdrecord">cdrecord</link></command> and other tools
+ for SCSI drives on an ATAPI hardware with the <link
+ linkend="atapicam">ATAPI/CAM module</link>.</para>
+ </note>
+
+ <para>If you want a CD burning software with a graphical user
+ interface, you should have a look to
+ <application>X-CD-Roast</application> or
+ <application>K3b</application>. These tools are available as
+ packages or from the <filename
+ role="package">sysutils/xcdroast</filename> and <filename
+ role="package">sysutils/k3b</filename> ports.
+ <application>X-CD-Roast</application> and
+ <application>K3b</application> require the <link
+ linkend="atapicam">ATAPI/CAM module</link> with ATAPI
+ hardware.</para>
+ </sect2>
+
+ <sect2 id="mkisofs">
+ <title>mkisofs</title>
+
+ <para>The &man.mkisofs.8; program, which is part of the
+ <filename role="package">sysutils/cdrtools</filename> port,
+ produces an ISO 9660 file system
+ that is an image of a directory tree in the &unix; file system name
+ space. The simplest usage is:</para>
+
+ <screen>&prompt.root; <userinput>mkisofs -o <replaceable>imagefile.iso</replaceable> <replaceable>/path/to/tree</replaceable></userinput></screen>
+
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>ISO 9660</secondary>
+ </indexterm>
+ <para>This command will create an <replaceable>imagefile.iso</replaceable>
+ containing an ISO 9660 file system that is a copy of the tree at
+ <replaceable>/path/to/tree</replaceable>. In the process, it will
+ map the file names to names that fit the limitations of the
+ standard ISO 9660 file system, and will exclude files that have
+ names uncharacteristic of ISO file systems.</para>
+
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>HFS</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>Joliet</secondary>
+ </indexterm>
+ <para>A number of options are available to overcome those
+ restrictions. In particular, <option>-R</option> enables the
+ Rock Ridge extensions common to &unix; systems, <option>-J</option>
+ enables Joliet extensions used by Microsoft systems, and
+ <option>-hfs</option> can be used to create HFS file systems used
+ by &macos;.</para>
+
+ <para>For CDs that are going to be used only on FreeBSD systems,
+ <option>-U</option> can be used to disable all filename
+ restrictions. When used with <option>-R</option>, it produces a
+ file system image that is identical to the FreeBSD tree you started
+ from, though it may violate the ISO 9660 standard in a number of
+ ways.</para>
+
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>creating bootable</secondary>
+ </indexterm>
+ <para>The last option of general use is <option>-b</option>. This is
+ used to specify the location of the boot image for use in producing an
+ <quote>El Torito</quote> bootable CD. This option takes an
+ argument which is the path to a boot image from the top of the
+ tree being written to the CD. By default, &man.mkisofs.8; creates an
+ ISO image in the so-called <quote>floppy disk emulation</quote> mode,
+ and thus expects the boot image to be exactly 1200, 1440 or
+ 2880&nbsp;KB in size. Some boot loaders, like the one used by the
+ FreeBSD distribution disks, do not use emulation mode; in this case,
+ the <option>-no-emul-boot</option> option should be used. So, if
+ <filename>/tmp/myboot</filename> holds a bootable FreeBSD system
+ with the boot image in
+ <filename>/tmp/myboot/boot/cdboot</filename>, you could produce the
+ image of an ISO 9660 file system in
+ <filename>/tmp/bootable.iso</filename> like so:</para>
+
+ <screen>&prompt.root; <userinput>mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot</userinput></screen>
+
+ <para>Having done that, if you have <devicename>vn</devicename>
+ (FreeBSD&nbsp;4.X), or <devicename>md</devicename>
+ (FreeBSD&nbsp;5.X)
+ configured in your kernel, you can mount the file system with:</para>
+
+ <screen>&prompt.root; <userinput>vnconfig -e vn0c /tmp/bootable.iso</userinput>
+&prompt.root; <userinput>mount -t cd9660 /dev/vn0c /mnt</userinput></screen>
+
+ <para>for FreeBSD&nbsp;4.X, and for FreeBSD&nbsp;5.X:</para>
+
+ <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /tmp/bootable.iso -u 0</userinput>
+&prompt.root; <userinput>mount -t cd9660 /dev/md0 /mnt</userinput></screen>
+
+ <para>At which point you can verify that <filename>/mnt</filename>
+ and <filename>/tmp/myboot</filename> are identical.</para>
+
+ <para>There are many other options you can use with
+ &man.mkisofs.8; to fine-tune its behavior. In particular:
+ modifications to an ISO 9660 layout and the creation of Joliet
+ and HFS discs. See the &man.mkisofs.8; manual page for details.</para>
+ </sect2>
+
+ <sect2 id="burncd">
+ <title>burncd</title>
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>burning</secondary>
+ </indexterm>
+ <para>If you have an ATAPI CD burner, you can use the
+ <command>burncd</command> command to burn an ISO image onto a
+ CD. <command>burncd</command> is part of the base system, installed
+ as <filename>/usr/sbin/burncd</filename>. Usage is very simple, as
+ it has few options:</para>
+
+ <screen>&prompt.root; <userinput>burncd -f <replaceable>cddevice</replaceable> data <replaceable>imagefile.iso</replaceable> fixate</userinput></screen>
+
+ <para>Will burn a copy of <replaceable>imagefile.iso</replaceable> on
+ <replaceable>cddevice</replaceable>. The default device is
+ <filename>/dev/acd0</filename> (or <filename>/dev/acd0c</filename> under &os;&nbsp;4.X). See &man.burncd.8; for options to
+ set the write speed, eject the CD after burning, and write audio
+ data.</para>
+ </sect2>
+
+ <sect2 id="cdrecord">
+ <title>cdrecord</title>
+
+ <para>If you do not have an ATAPI CD burner, you will have to use
+ <command>cdrecord</command> to burn your
+ CDs. <command>cdrecord</command> is not part of the base system;
+ you must install it from either the port at <filename role="package">sysutils/cdrtools</filename>
+ or the appropriate
+ package. Changes to the base system can cause binary versions of
+ this program to fail, possibly resulting in a
+ <quote>coaster</quote>. You should therefore either upgrade the
+ port when you upgrade your system, or if you are <link
+ linkend="stable">tracking -STABLE</link>, upgrade the port when a
+ new version becomes available.</para>
+
+ <para>While <command>cdrecord</command> has many options, basic usage
+ is even simpler than <command>burncd</command>. Burning an ISO 9660
+ image is done with:</para>
+
+ <screen>&prompt.root; <userinput>cdrecord dev=<replaceable>device</replaceable> <replaceable>imagefile.iso</replaceable></userinput></screen>
+
+ <para>The tricky part of using <command>cdrecord</command> is finding
+ the <option>dev</option> to use. To find the proper setting, use
+ the <option>-scanbus</option> flag of <command>cdrecord</command>,
+ which might produce results like this:</para>
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>burning</secondary>
+ </indexterm>
+ <screen>&prompt.root; <userinput>cdrecord -scanbus</userinput>
+Cdrecord 1.9 (i386-unknown-freebsd4.2) Copyright (C) 1995-2000 J&ouml;rg Schilling
+Using libscg version 'schily-0.1'
+scsibus0:
+ 0,0,0 0) 'SEAGATE ' 'ST39236LW ' '0004' Disk
+ 0,1,0 1) 'SEAGATE ' 'ST39173W ' '5958' Disk
+ 0,2,0 2) *
+ 0,3,0 3) 'iomega ' 'jaz 1GB ' 'J.86' Removable Disk
+ 0,4,0 4) 'NEC ' 'CD-ROM DRIVE:466' '1.26' Removable CD-ROM
+ 0,5,0 5) *
+ 0,6,0 6) *
+ 0,7,0 7) *
+scsibus1:
+ 1,0,0 100) *
+ 1,1,0 101) *
+ 1,2,0 102) *
+ 1,3,0 103) *
+ 1,4,0 104) *
+ 1,5,0 105) 'YAMAHA ' 'CRW4260 ' '1.0q' Removable CD-ROM
+ 1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner
+ 1,7,0 107) *</screen>
+
+ <para>This lists the appropriate <option>dev</option> value for the
+ devices on the list. Locate your CD burner, and use the three
+ numbers separated by commas as the value for
+ <option>dev</option>. In this case, the CRW device is 1,5,0, so the
+ appropriate input would be
+ <option>dev=1,5,0</option>. There are easier
+ ways to specify this value; see &man.cdrecord.1; for
+ details. That is also the place to look for information on writing
+ audio tracks, controlling the speed, and other things.</para>
+ </sect2>
+
+ <sect2 id="duplicating-audiocds">
+ <title>Duplicating Audio CDs</title>
+
+ <para>You can duplicate an audio CD by extracting the audio data from
+ the CD to a series of files, and then writing these files to a blank
+ CD. The process is slightly different for ATAPI and SCSI
+ drives.</para>
+
+ <procedure>
+ <title>SCSI Drives</title>
+
+ <step>
+ <para>Use <command>cdda2wav</command> to extract the audio.</para>
+
+ <screen>&prompt.user; <userinput>cdda2wav -v255 -D2,0 -B -Owav</userinput></screen>
+ </step>
+
+ <step>
+ <para>Use <command>cdrecord</command> to write the
+ <filename>.wav</filename> files.</para>
+
+ <screen>&prompt.user; <userinput>cdrecord -v dev=<replaceable>2,0</replaceable> -dao -useinfo *.wav</userinput></screen>
+
+ <para>Make sure that <replaceable>2,0</replaceable> is set
+ appropriately, as described in <xref linkend="cdrecord">.</para>
+ </step>
+ </procedure>
+
+ <procedure>
+ <title>ATAPI Drives</title>
+
+ <step>
+ <para>The ATAPI CD driver makes each track available as
+ <filename>/dev/acd<replaceable>d</replaceable>t<replaceable>nn</replaceable></filename>,
+ where <replaceable>d</replaceable> is the drive number, and
+ <replaceable>nn</replaceable> is the track number written with two
+ decimal digits, prefixed with zero as needed.
+ So the first track on the first disk is
+ <filename>/dev/acd0t01</filename>, the second is
+ <filename>/dev/acd0t02</filename>, the third is
+ <filename>/dev/acd0t03</filename>, and so on.</para>
+
+ <para>Make sure the appropriate files exist in
+ <filename>/dev</filename>.</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>sh MAKEDEV acd0t99</userinput></screen>
+
+ <note><para>In FreeBSD 5.0, &man.devfs.5; will automatically
+ create and manage entries in <filename>/dev</filename>
+ for you, so it is not necessary to use
+ <command>MAKEDEV</command>.</para></note>
+ </step>
+
+ <step>
+ <para>Extract each track using &man.dd.1;. You must also use a
+ specific block size when extracting the files.</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/acd0t01 of=track1.cdr bs=2352</userinput>
+&prompt.root; <userinput>dd if=/dev/acd0t02 of=track2.cdr bs=2352</userinput>
+...
+</screen>
+ </step>
+
+ <step>
+ <para>Burn the extracted files to disk using
+ <command>burncd</command>. You must specify that these are audio
+ files, and that <command>burncd</command> should fixate the disk
+ when finished.</para>
+
+ <screen>&prompt.root; <userinput>burncd -f <replaceable>/dev/acd0</replaceable> audio track1.cdr track2.cdr <replaceable>...</replaceable> fixate</userinput></screen>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2 id="imaging-cd">
+ <title>Duplicating Data CDs</title>
+
+ <para>You can copy a data CD to a image file that is
+ functionally equivalent to the image file created with
+ &man.mkisofs.8;, and you can use it to duplicate
+ any data CD. The example given here assumes that your CDROM
+ device is <devicename>acd0</devicename>. Substitute your
+ correct CDROM device. Under &os;&nbsp;4.X, a <literal>c</literal> must be appended
+ to the end of the device name to indicate the entire partition
+ or, in the case of CDROMs, the entire disc.</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/acd0 of=file.iso bs=2048</userinput></screen>
+
+ <para>Now that you have an image, you can burn it to CD as
+ described above.</para>
+ </sect2>
+
+ <sect2 id="mounting-cd">
+ <title>Using Data CDs</title>
+
+ <para>Now that you have created a standard data CDROM, you
+ probably want to mount it and read the data on it. By
+ default, &man.mount.8; assumes that a file system is of type
+ <literal>ufs</literal>. If you try something like:</para>
+
+ <screen>&prompt.root; <userinput>mount /dev/cd0 /mnt</userinput></screen>
+
+ <para>you will get a complaint about <errorname>Incorrect super
+ block</errorname>, and no mount. The CDROM is not a
+ <literal>UFS</literal> file system, so attempts to mount it
+ as such will fail. You just need to tell &man.mount.8; that
+ the file system is of type <literal>ISO9660</literal>, and
+ everything will work. You do this by specifying the
+ <option>-t cd9660</option> option &man.mount.8;. For
+ example, if you want to mount the CDROM device,
+ <filename>/dev/cd0</filename>, under
+ <filename>/mnt</filename>, you would execute:</para>
+
+ <screen>&prompt.root; <userinput>mount -t cd9660 /dev/cd0 /mnt</userinput></screen>
+
+ <para>Note that your device name
+ (<filename>/dev/cd0</filename> in this example) could be
+ different, depending on the interface your CDROM uses. Also,
+ the <option>-t cd9660</option> option just executes
+ &man.mount.cd9660.8;. The above example could be shortened
+ to:</para>
+
+<screen>&prompt.root; <userinput>mount_cd9660 /dev/cd0 /mnt</userinput></screen>
+
+ <para>You can generally use data CDROMs from any vendor in this
+ way. Disks with certain ISO 9660 extensions might behave
+ oddly, however. For example, Joliet disks store all filenames
+ in two-byte Unicode characters. The FreeBSD kernel does not
+ speak Unicode (yet!), so non-English characters show up as
+ question marks. (If you are running FreeBSD 4.3 or later, the
+ CD9660 driver includes hooks to load an appropriate Unicode
+ conversion table on the fly. Modules for some of the common
+ encodings are available via the
+ <filename role="package">sysutils/cd9660_unicode</filename> port.)</para>
+
+ <para>Occasionally, you might get <errorname>Device not
+ configured</errorname> when trying to mount a CDROM. This
+ usually means that the CDROM drive thinks that there is no
+ disk in the tray, or that the drive is not visible on the bus.
+ It can take a couple of seconds for a CDROM drive to realize
+ that it has been fed, so be patient.</para>
+
+ <para>Sometimes, a SCSI CDROM may be missed because it did not
+ have enough time to answer the bus reset. If you have a SCSI
+ CDROM please add the following option to your kernel
+ configuration and <link linkend="kernelconfig-building">rebuild your kernel</link>.</para>
+
+ <programlisting>options SCSI_DELAY=15000</programlisting>
+
+ <para>This tells your SCSI bus to pause 15 seconds during boot,
+ to give your CDROM drive every possible chance to answer the
+ bus reset.</para>
+ </sect2>
+
+ <sect2 id="rawdata-cd">
+ <title>Burning Raw Data CDs</title>
+
+ <para>You can choose to burn a file directly to CD, without
+ creating an ISO 9660 file system. Some people do this for
+ backup purposes. This runs more quickly than burning a
+ standard CD:</para>
+
+ <screen>&prompt.root; <userinput>burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate</userinput></screen>
+
+ <para>In order to retrieve the data burned to such a CD, you
+ must read data from the raw device node:</para>
+
+ <screen>&prompt.root; <userinput>tar xzvf /dev/acd1</userinput></screen>
+
+ <para>You cannot mount this disk as you would a normal CDROM.
+ Such a CDROM cannot be read under any operating system
+ except FreeBSD. If you want to be able to mount the CD, or
+ share data with another operating system, you must use
+ &man.mkisofs.8; as described above.</para>
+ </sect2>
+
+ <sect2 id="atapicam">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <indexterm>
+ <primary>CD burner</primary>
+ <secondary>ATAPI/CAM driver</secondary>
+ </indexterm>
+ <title>Using the ATAPI/CAM Driver</title>
+
+ <para>This driver allows ATAPI devices (CD-ROM, CD-RW, DVD
+ drives etc...) to be accessed through the SCSI subsystem, and
+ so allows the use of applications like <filename
+ role="package">sysutils/cdrdao</filename> or
+ &man.cdrecord.1;.</para>
+
+ <para>To use this driver, you will need to add the following
+ line to your kernel configuration file:</para>
+
+ <programlisting>device atapicam</programlisting>
+
+ <para>You also need the following lines in your kernel
+ configuration file:</para>
+
+ <programlisting>device ata
+device scbus
+device cd
+device pass</programlisting>
+
+ <para>which should already be present.</para>
+
+ <para>Then rebuild, install your new kernel, and reboot your
+ machine. During the boot process, your burner should show up,
+ like so:</para>
+
+ <screen>acd0: CD-RW &lt;MATSHITA CD-RW/DVD-ROM UJDA740&gt; at ata1-master PIO4
+cd0 at ata1 bus 0 target 0 lun 0
+cd0: &lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; Removable CD-ROM SCSI-0 device
+cd0: 16.000MB/s transfers
+cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed</screen>
+
+ <para>The drive could now be accessed via the
+ <filename>/dev/cd0</filename> device name, for example to
+ mount a CD-ROM on <filename>/mnt</filename>, just type the
+ following:</para>
+
+ <screen>&prompt.root; <userinput>mount -t cd9660 <replaceable>/dev/cd0</replaceable> /mnt</userinput></screen>
+
+ <para>As <username>root</username>, you can run the following
+ command to get the SCSI address of the burner:</para>
+
+ <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
+&lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; at scbus1 target 0 lun 0 (pass0,cd0)</screen>
+
+ <para>So <literal>1,0,0</literal> will be the SCSI address to
+ use with &man.cdrecord.1; and other SCSI application.</para>
+
+ <para>For more information about ATAPI/CAM and SCSI system,
+ refer to the &man.atapicam.4; and &man.cam.4; manual
+ pages.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="creating-dvds">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Andy</firstname>
+ <surname>Polyakov</surname>
+ <contrib>With inputs from </contrib>
+ </author>
+ </authorgroup>
+ <!-- Feb 2004 -->
+ </sect1info>
+
+ <title>Creating and Using Optical Media (DVDs)</title>
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>burning</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Introduction</title>
+
+ <para>Compared to the CD, the DVD is the next generation of
+ optical media storage technology. The DVD can hold more data
+ than any CD and is nowadays the standard for video
+ publishing.</para>
+
+ <para>Five physical recordable formats can be defined for what
+ we will call a recordable DVD:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>DVD-R: This was the first DVD recordable format
+ available. The DVD-R standard is defined by the <ulink
+ url="http://www.dvdforum.com/forum.shtml">DVD Forum</ulink>.
+ This format is write once.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD-RW: This is the rewriteable version of
+ the DVD-R standard. A DVD-RW can be rewritten about 1000
+ times.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD-RAM: This is also a rewriteable format
+ supported by the DVD Forum. A DVD-RAM can be seen as a
+ removable hard drive. However, this media is not
+ compatible with most DVD-ROM drives and DVD-Video players;
+ only a few DVD writers support the DVD-RAM format.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD+RW: This is a rewriteable format defined by
+ the <ulink url="http://www.dvdrw.com/">DVD+RW
+ Alliance</ulink>. A DVD+RW can be rewritten about 1000
+ times.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD+R: This format is the write once variation
+ of the DVD+RW format.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>A single layer recordable DVD can hold up to
+ 4,700,000,000&nbsp;bytes which is actually 4.38&nbsp;GB or
+ 4485&nbsp;MB (1 kilobyte is 1024 bytes).</para>
+
+ <note>
+ <para>A distinction must be made between the physical media and
+ the application. For example, a DVD-Video is a specific
+ file layout that can be written on any recordable DVD
+ physical media: DVD-R, DVD+R, DVD-RW etc. Before choosing
+ the type of media, you must be sure that both the burner and the
+ DVD-Video player (a standalone player or a DVD-ROM drive on
+ a computer) are compatible with the media under consideration.</para></note>
+ </sect2>
+
+ <sect2>
+ <title>Configuration</title>
+
+ <para>The program &man.growisofs.1; will be used to perform DVD
+ recording. This command is part of the
+ <application>dvd+rw-tools</application> utilities (<filename
+ role="package">sysutils/dvd+rw-tools</filename>). The
+ <application>dvd+rw-tools</application> support all DVD media
+ types.</para>
+
+ <para>These tools use the SCSI subsystem to access to the
+ devices, therefore the <link linkend="atapicam">ATAPI/CAM
+ support</link> must be added to your kernel. If your burner
+ uses the USB interface this addition is useless, and you should
+ read the <xref linkend="usb-disks"> for more details on USB
+ devices configuration.</para>
+
+ <para>You also have to enable DMA access for ATAPI devices, this
+ can be done in adding the following line to the
+ <filename>/boot/loader.conf</filename> file:</para>
+
+ <programlisting>hw.ata.atapi_dma="1"</programlisting>
+
+ <para>Before attempting to use the
+ <application>dvd+rw-tools</application> you should consult the
+ <ulink
+ url="http://fy.chalmers.se/~appro/linux/DVD+RW/hcn.html">dvd+rw-tools'
+ hardware compatibility notes</ulink> for any information
+ related to your DVD burner.</para>
+
+ <note>
+ <para>If you want a graphical user interface, you should have
+ a look to <application>K3b</application> (<filename
+ role="package">sysutils/k3b</filename>) which provides a
+ user friendly interface to &man.growisofs.1; and many others
+ burning tools.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Burning Data DVDs</title>
+
+ <para>The &man.growisofs.1; command is a frontend to <link
+ linkend="mkisofs">mkisofs</link>, it will invoke
+ &man.mkisofs.8; to create the file system layout and will
+ perform the write on the DVD. This means you do not need to
+ create an image of the data before the burning process.</para>
+
+ <para>To burn onto a DVD+R or a DVD-R the data from the <filename
+ class="directory">/path/to/data</filename> directory, use the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
+
+ <para>The options <option>-J -R</option> are passed to
+ &man.mkisofs.8; for the file system creation (in this case: an
+ ISO 9660 file system with Joliet and Rock Ridge extensions),
+ consult the &man.mkisofs.8; manual page for more
+ details.</para>
+
+ <para>The option <option>-Z</option> is used for the initial
+ session recording in any case: multiple sessions or not. The
+ DVD device, <replaceable>/dev/cd0</replaceable>, must be
+ changed according to your configuration. The
+ <option>-dvd-compat</option> parameter will close the disk,
+ the recording will be unappendable. In return this should provide better
+ media compatibility with DVD-ROM drives.</para>
+
+ <para>It is also possible to burn a pre-mastered image, for
+ example to burn the image
+ <replaceable>imagefile.iso</replaceable>, we will run:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
+
+ <para>The write speed should be detected and automatically set
+ according to the media and the drive being used. If you want
+ to force the write speed, use the <option>-speed=</option>
+ parameter. For more information, read the &man.growisofs.1;
+ manual page.</para>
+ </sect2>
+
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>DVD-Video</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Burning a DVD-Video</title>
+
+ <para>A DVD-Video is a specific file layout based on ISO 9660
+ and the micro-UDF (M-UDF) specifications. The DVD-Video also
+ presents a specific data structure hierarchy, it is the reason
+ why you need a particular program such as <filename
+ role="package">multimedia/dvdauthor</filename> to author the
+ DVD.</para>
+
+ <para>If you already have an image of the DVD-Video file system,
+ just burn it in the same way as for any image, see the
+ previous section for an example. If you have made the DVD
+ authoring and the result is in, for example, the directory
+ <filename class="directory">/path/to/video</filename>, the
+ following command should be used to burn the DVD-Video:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -dvd-video <replaceable>/path/to/video</replaceable></userinput></screen>
+
+ <para>The <option>-dvd-video</option> option will be passed down to
+ &man.mkisofs.8; and will instruct it to create a DVD-Video file system
+ layout. Beside this, the <option>-dvd-video</option> option
+ implies <option>-dvd-compat</option> &man.growisofs.1;
+ option.</para>
+ </sect2>
+
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>DVD+RW</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Using a DVD+RW</title>
+
+ <para>Unlike CD-RW, a virgin DVD+RW needs to be formatted before
+ first use. The &man.growisofs.1; program will take care of it
+ automatically whenever appropriate, which is the
+ <emphasis>recommended</emphasis> way. However you can use the
+ <command>dvd+rw-format</command> command to format the
+ DVD+RW:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
+
+ <para>You need to perform this operation just once, keep in mind
+ that only virgin DVD+RW medias need to be formatted. Then you
+ can burn the DVD+RW in the way seen in previous
+ sections.</para>
+
+ <para>If you want to burn new data (burn a totally new file
+ system not append some data) onto a DVD+RW, you do not need to
+ blank it, you just have to write over the previous recording
+ (in performing a new initial session), like this:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/newdata</replaceable></userinput></screen>
+
+ <para>DVD+RW format offers the possibility to easily append data
+ to a previous recording. The operation consists in merging a
+ new session to the existing one, it is not multisession
+ writing, &man.growisofs.1; will <emphasis>grow</emphasis> the
+ ISO 9660 file system present on the media.</para>
+
+ <para>For example, if we want to append data to our previous
+ DVD+RW, we have to use the following:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
+
+ <para>The same &man.mkisofs.8; options we used to burn the
+ initial session should be used during next writes.</para>
+
+ <note>
+ <para>You may want to use the <option>-dvd-compat</option>
+ option if you want better media compatibility with DVD-ROM
+ drives. In the DVD+RW case, this will not prevent you from
+ adding data.</para>
+ </note>
+
+ <para>If for any reason you really want to blank the media, do
+ the following:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable>=<replaceable>/dev/zero</replaceable></userinput></screen>
+ </sect2>
+
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>DVD-RW</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Using a DVD-RW</title>
+
+ <para>A DVD-RW accepts two disc formats: the incremental
+ sequential one and the restricted overwrite. By default
+ DVD-RW discs are in sequential format.</para>
+
+ <para>A virgin DVD-RW can be directly written without the need
+ of a formatting operation, however a non-virgin DVD-RW in
+ sequential format needs to be blanked before to be able to
+ write a new initial session.</para>
+
+ <para>To blank a DVD-RW in sequential mode, run:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
+
+ <note>
+ <para>A full blanking (<option>-blank=full</option>) will take
+ about one hour on a 1x media. A fast blanking can be
+ performed using the <option>-blank</option> option if the
+ DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn
+ the DVD-RW in DAO mode, use the command:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -use-the-force-luke=dao -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
+
+ <para>The <option>-use-the-force-luke=dao</option> option
+ should not be required since &man.growisofs.1; attempts to
+ detect minimally (fast blanked) media and engage DAO
+ write.</para>
+
+ <para>In fact one should use restricted overwrite mode with
+ any DVD-RW, this format is more flexible than the default
+ incremental sequential one.</para>
+ </note>
+
+ <para>To write data on a sequential DVD-RW, use the same
+ instructions as for the other DVD formats:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
+
+ <para>If you want to append some data to your previous
+ recording, you will have to use the &man.growisofs.1;
+ <option>-M</option> option. However, if you perform data
+ addition on a DVD-RW in incremental sequential mode, a new
+ session will be created on the disc and the result will be a
+ multi-session disc.</para>
+
+ <para>A DVD-RW in restricted overwrite format does not need to
+ be blanked before a new initial session, you just have to
+ overwrite the disc with the <option>-Z</option> option, this
+ is similar to the DVD+RW case. It is also possible to grow an
+ existing ISO 9660 file system written on the disc in a same
+ way as for a DVD+RW with the <option>-M</option> option. The
+ result will be a one-session DVD.</para>
+
+ <para>To put a DVD-RW in the restricted overwrite format, the
+ following command must be used:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
+
+ <para>To change back to the sequential format use:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Multisession</title>
+
+ <para>Very few DVD-ROM drives support
+ multisession DVDs, they will most of time, hopefully, only read
+ the first session. DVD+R, DVD-R and DVD-RW in sequential
+ format can accept multiple sessions, the notion of multiple
+ sessions does not exist for the DVD+RW and the DVD-RW
+ restricted overwrite formats.</para>
+
+ <para>Using the following command after an initial (non-closed)
+ session on a DVD+R, DVD-R, or DVD-RW in sequential format,
+ will add a new session to the disc:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
+
+ <para>Using this command line with a DVD+RW or a DVD-RW in restricted
+ overwrite mode, will append data in merging the new session to
+ the existing one. The result will be a single-session disc.
+ This is the way used to add data after an initial write on these
+ medias.</para>
+
+ <note>
+ <para>Some space on the media is used between each session for
+ end and start of sessions. Therefore, one should add
+ sessions with large amount of data to optimize media space.
+ The number of sessions is limited to 154 for a DVD+R,
+ about 2000 for a DVD-R, and 127 for a DVD+R Double
+ Layer.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>For More Information</title>
+
+ <para>To obtain more information about a DVD, the
+ <command>dvd+rw-mediainfo
+ <replaceable>/dev/cd0</replaceable></command> command can be
+ ran with the disc in the drive.</para>
+
+ <para>More information about the
+ <application>dvd+rw-tools</application> can be found in
+ the &man.growisofs.1; manual page, on the <ulink
+ url="http://fy.chalmers.se/~appro/linux/DVD+RW/">dvd+rw-tools
+ web site</ulink> and in the <ulink
+ url="http://lists.debian.org/cdwrite/">cdwrite mailing
+ list</ulink> archives.</para>
+
+ <note>
+ <para>The <command>dvd+rw-mediainfo</command> output of the
+ resulting recording or the media with issues is mandatory
+ for any problem report. Without this output, it will be
+ quite impossible to help you.</para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="floppies">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Julio</firstname>
+ <surname>Merino</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 24 Dec 2001 -->
+ <authorgroup>
+ <author>
+ <firstname>Martin</firstname>
+ <surname>Karlsson</surname>
+ <contrib>Rewritten by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 27 Apr 2003 -->
+ </sect1info>
+
+ <title>Creating and Using Floppy Disks</title>
+
+ <para>Storing data on floppy disks is sometimes useful, for
+ example when one does not have any other removable storage media
+ or when one needs to transfer small amounts of data to another
+ computer.</para>
+
+ <para>This section will explain how to use floppy disks in
+ FreeBSD. It will primarily cover formatting and usage of
+ 3.5inch DOS floppies, but the concepts are similar for other
+ floppy disk formats.</para>
+
+ <sect2>
+ <title>Formatting Floppies</title>
+
+ <sect3>
+ <title>The Device</title>
+
+ <para>Floppy disks are accessed through entries in
+ <filename>/dev</filename>, just like other devices. To
+ access the raw floppy disk in 4.X and earlier releases, one
+ uses
+ <filename>/dev/fd<replaceable>N</replaceable></filename>,
+ where <replaceable>N</replaceable> stands for the drive
+ number, usually 0, or
+ <filename>/dev/fd<replaceable>NX</replaceable></filename>,
+ where <replaceable>X</replaceable> stands for a
+ letter.</para>
+
+ <para>In 5.0 or newer releases, simply use
+ <filename>/dev/fd<replaceable>N</replaceable></filename>.</para>
+
+ <sect4>
+ <title>The Disk Size in 4.X and Earlier Releases</title>
+
+ <para>There are also <filename>/dev/fd<replaceable>N</replaceable>.<replaceable>size</replaceable></filename>
+ devices, where <replaceable>size</replaceable> is a floppy disk
+ size in kilobytes. These entries are used at low-level format
+ time to determine the disk size. 1440kB is the size that will be
+ used in the following examples.</para>
+
+ <para>Sometimes the entries under <filename>/dev</filename> will
+ have to be (re)created. To do that, issue:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev && ./MAKEDEV "fd*"</userinput></screen>
+ </sect4>
+
+ <sect4>
+ <title>The Disk Size in 5.0 and Newer Releases</title>
+
+ <para>In 5.0, &man.devfs.5; will automatically
+ manage device nodes in <filename>/dev</filename>, so use of
+ <command>MAKEDEV</command> is not necessary.</para>
+
+ <para>The desired disk size is passed to &man.fdformat.1; through
+ the <option>-f</option> flag. Supported sizes are listed in
+ &man.fdcontrol.8;, but be advised that 1440kB is what works best.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Formatting</title>
+
+ <para>A floppy disk needs to be low-level formated before it
+ can be used. This is usually done by the vendor, but
+ formatting is a good way to check media integrity. Although
+ it is possible to force larger (or smaller) disk sizes,
+ 1440kB is what most floppy disks are designed for.</para>
+
+ <para>To low-level format the floppy disk you need to use
+ &man.fdformat.1;. This utility expects the device name as an
+ argument.</para>
+
+ <para>Make note of any error messages, as these can help
+ determine if the disk is good or bad.</para>
+
+ <sect4>
+ <title>Formatting in 4.X and Earlier Releases</title>
+
+ <para>Use the
+ <filename>/dev/fd<replaceable>N</replaceable>.<replaceable>size</replaceable></filename>
+ devices to format the floppy. Insert a new 3.5inch floppy
+ disk in your drive and issue:</para>
+
+ <screen>&prompt.root; <userinput>/usr/sbin/fdformat /dev/fd0.1440</userinput></screen>
+
+ </sect4>
+
+ <sect4>
+ <title>Formatting in 5.0 and Newer Releases</title>
+
+ <para>Use the
+ <filename>/dev/fd<replaceable>N</replaceable></filename>
+ devices to format the floppy. Insert a new 3.5inch floppy
+ disk in your drive and issue:</para>
+
+ <screen>&prompt.root; <userinput>/usr/sbin/fdformat -f 1440 /dev/fd0</userinput></screen>
+
+ </sect4>
+ </sect3>
+ </sect2>
+
+
+
+ <sect2>
+ <title>The Disk Label</title>
+
+ <para>After low-level formatting the disk, you will need to
+ place a disk label on it. This disk label will be destroyed
+ later, but it is needed by the system to determine the size of
+ the disk and its geometry later.</para>
+
+ <para>The new disk label will take over the whole disk, and will
+ contain all the proper information about the geometry of the
+ floppy. The geometry values for the disk label are listed in
+ <filename>/etc/disktab</filename>.</para>
+
+ <para>You can run now &man.disklabel.8; like so:</para>
+
+ <screen>&prompt.root; <userinput>/sbin/disklabel -B -r -w /dev/fd0 fd1440</userinput></screen>
+
+ <note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
+ utility replaces the old &man.disklabel.8; program. With
+ &man.bsdlabel.8; a number of obsolete options and parameters
+ have been retired; in the example above the option
+ <option>-r</option> should be removed. For more
+ information, please refer to the &man.bsdlabel.8;
+ manual page.</para></note>
+
+ </sect2>
+
+ <sect2>
+ <title>The File System</title>
+
+ <para>Now the floppy is ready to be high-level formated. This
+ will place a new file system on it, which will let FreeBSD read
+ and write to the disk. After creating the new file system, the
+ disk label is destroyed, so if you want to reformat the disk, you
+ will have to recreate the disk label.</para>
+
+ <para>The floppy's file system can be either UFS or FAT.
+ FAT is generally a better choice for floppies.</para>
+
+ <para>To put a new file system on the floppy, issue:</para>
+
+ <screen>&prompt.root; <userinput>/sbin/newfs_msdos /dev/fd0</userinput></screen>
+
+ <para>The disk is now ready for use.</para>
+ </sect2>
+
+
+ <sect2>
+ <title>Using the Floppy</title>
+
+ <para>To use the floppy, mount it with &man.mount.msdos.8; (in
+ 4.X and earlier releases) or &man.mount.msdosfs.8; (in 5.0 or
+ newer releases). One can also use
+ <filename role="package">emulators/mtools</filename> from the ports
+ collection.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="backups-tapebackups">
+ <title>Creating and Using Data Tapes</title>
+
+ <indexterm><primary>tape media</primary></indexterm>
+ <para>The major tape media are the 4mm, 8mm, QIC, mini-cartridge and
+ DLT.</para>
+
+ <sect2 id="backups-tapebackups-4mm">
+ <title>4mm (DDS: Digital Data Storage)</title>
+
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>DDS (4mm) tapes</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>QIC tapes</secondary>
+ </indexterm>
+ <para>4mm tapes are replacing QIC as the workstation backup media of
+ choice. This trend accelerated greatly when Conner purchased Archive,
+ a leading manufacturer of QIC drives, and then stopped production of
+ QIC drives. 4mm drives are small and quiet but do not have the
+ reputation for reliability that is enjoyed by 8mm drives. The
+ cartridges are less expensive and smaller (3 x 2 x 0.5 inches, 76 x 51
+ x 12 mm) than 8mm cartridges. 4mm, like 8mm, has comparatively short
+ head life for the same reason, both use helical scan.</para>
+
+ <para>Data throughput on these drives starts ~150&nbsp;kB/s, peaking at ~500&nbsp;kB/s.
+ Data capacity starts at 1.3&nbsp;GB and ends at 2.0&nbsp;GB. Hardware
+ compression, available with most of these drives, approximately
+ doubles the capacity. Multi-drive tape library units can have 6
+ drives in a single cabinet with automatic tape changing. Library
+ capacities reach 240&nbsp;GB.</para>
+
+ <para>The DDS-3 standard now supports tape capacities up to 12&nbsp;GB (or
+ 24&nbsp;GB compressed).</para>
+
+ <para>4mm drives, like 8mm drives, use helical-scan. All the benefits
+ and drawbacks of helical-scan apply to both 4mm and 8mm drives.</para>
+
+ <para>Tapes should be retired from use after 2,000 passes or 100 full
+ backups.</para>
+ </sect2>
+
+ <sect2 id="backups-tapebackups-8mm">
+ <title>8mm (Exabyte)</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>Exabyte (8mm) tapes</secondary>
+ </indexterm>
+
+ <para>8mm tapes are the most common SCSI tape drives; they are the best
+ choice of exchanging tapes. Nearly every site has an Exabyte 2&nbsp;GB 8mm
+ tape drive. 8mm drives are reliable, convenient and quiet. Cartridges
+ are inexpensive and small (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm).
+ One downside of 8mm tape is relatively short head and tape life due to
+ the high rate of relative motion of the tape across the heads.</para>
+
+ <para>Data throughput ranges from ~250&nbsp;kB/s to ~500&nbsp;kB/s. Data sizes start
+ at 300&nbsp;MB and go up to 7&nbsp;GB. Hardware compression, available with
+ most of these drives, approximately doubles the capacity. These
+ drives are available as single units or multi-drive tape libraries
+ with 6 drives and 120 tapes in a single cabinet. Tapes are changed
+ automatically by the unit. Library capacities reach 840+&nbsp;GB.</para>
+
+ <para>The Exabyte <quote>Mammoth</quote> model supports 12&nbsp;GB on one tape
+ (24&nbsp;GB with compression) and costs approximately twice as much as
+ conventional tape drives.</para>
+
+ <para>Data is recorded onto the tape using helical-scan, the heads are
+ positioned at an angle to the media (approximately 6 degrees). The
+ tape wraps around 270 degrees of the spool that holds the heads. The
+ spool spins while the tape slides over the spool. The result is a
+ high density of data and closely packed tracks that angle across the
+ tape from one edge to the other.</para>
+ </sect2>
+
+ <sect2 id="backups-tapebackups-qic">
+ <title>QIC</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>QIC-150</secondary>
+ </indexterm>
+
+ <para>QIC-150 tapes and drives are, perhaps, the most common tape drive
+ and media around. QIC tape drives are the least expensive <quote>serious</quote>
+ backup drives. The downside is the cost of media. QIC tapes are
+ expensive compared to 8mm or 4mm tapes, up to 5 times the price per GB
+ data storage. But, if your needs can be satisfied with a half-dozen
+ tapes, QIC may be the correct choice. QIC is the
+ <emphasis>most</emphasis> common tape drive. Every site has a QIC
+ drive of some density or another. Therein lies the rub, QIC has a
+ large number of densities on physically similar (sometimes identical)
+ tapes. QIC drives are not quiet. These drives audibly seek before
+ they begin to record data and are clearly audible whenever reading,
+ writing or seeking. QIC tapes measure (6 x 4 x 0.7 inches; 152 x
+ 102 x 17 mm).</para>
+
+ <para>Data throughput ranges from ~150&nbsp;kB/s to ~500&nbsp;kB/s. Data capacity
+ ranges from 40&nbsp;MB to 15&nbsp;GB. Hardware compression is available on many
+ of the newer QIC drives. QIC drives are less frequently installed;
+ they are being supplanted by DAT drives.</para>
+
+ <para>Data is recorded onto the tape in tracks. The tracks run along
+ the long axis of the tape media from one end to the other. The number
+ of tracks, and therefore the width of a track, varies with the tape's
+ capacity. Most if not all newer drives provide backward-compatibility
+ at least for reading (but often also for writing). QIC has a good
+ reputation regarding the safety of the data (the mechanics are simpler
+ and more robust than for helical scan drives).</para>
+
+ <para>Tapes should be retired from use after 5,000 backups.</para>
+ </sect2>
+
+ <sect2 id="backups-tapebackups-dlt">
+ <title>DLT</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>DLT</secondary>
+ </indexterm>
+
+ <para>DLT has the fastest data transfer rate of all the drive types
+ listed here. The 1/2" (12.5mm) tape is contained in a single spool
+ cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). The cartridge has a
+ swinging gate along one entire side of the cartridge. The drive
+ mechanism opens this gate to extract the tape leader. The tape leader
+ has an oval hole in it which the drive uses to <quote>hook</quote> the tape. The
+ take-up spool is located inside the tape drive. All the other tape
+ cartridges listed here (9 track tapes are the only exception) have
+ both the supply and take-up spools located inside the tape cartridge
+ itself.</para>
+
+ <para>Data throughput is approximately 1.5&nbsp;MB/s, three times the throughput of
+ 4mm, 8mm, or QIC tape drives. Data capacities range from 10&nbsp;GB to 20&nbsp;GB
+ for a single drive. Drives are available in both multi-tape changers
+ and multi-tape, multi-drive tape libraries containing from 5 to 900
+ tapes over 1 to 20 drives, providing from 50&nbsp;GB to 9&nbsp;TB of
+ storage.</para>
+
+ <para>With compression, DLT Type IV format supports up to 70&nbsp;GB
+ capacity.</para>
+
+ <para>Data is recorded onto the tape in tracks parallel to the direction
+ of travel (just like QIC tapes). Two tracks are written at once.
+ Read/write head lifetimes are relatively long; once the tape stops
+ moving, there is no relative motion between the heads and the
+ tape.</para>
+ </sect2>
+
+ <sect2>
+ <title id="backups-tapebackups-ait">AIT</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>AIT</secondary>
+ </indexterm>
+
+ <para>AIT is a new format from Sony, and can hold up to 50&nbsp;GB (with
+ compression) per tape. The tapes contain memory chips which retain an
+ index of the tape's contents. This index can be rapidly read by the
+ tape drive to determine the position of files on the tape, instead of
+ the several minutes that would be required for other tapes. Software
+ such as <application>SAMS:Alexandria</application> can operate forty or more AIT tape libraries,
+ communicating directly with the tape's memory chip to display the
+ contents on screen, determine what files were backed up to which
+ tape, locate the correct tape, load it, and restore the data from the
+ tape.</para>
+
+ <para>Libraries like this cost in the region of $20,000, pricing them a
+ little out of the hobbyist market.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using a New Tape for the First Time</title>
+
+ <para>The first time that you try to read or write a new, completely
+ blank tape, the operation will fail. The console messages should be
+ similar to:</para>
+
+ <screen>sa0(ncr1:4:0): NOT READY asc:4,1
+sa0(ncr1:4:0): Logical unit is in process of becoming ready</screen>
+
+ <para>The tape does not contain an Identifier Block (block number 0).
+ All QIC tape drives since the adoption of QIC-525 standard write an
+ Identifier Block to the tape. There are two solutions:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><command>mt fsf 1</command> causes the tape drive to write an
+ Identifier Block to the tape.</para>
+ </listitem>
+
+ <listitem>
+ <para>Use the front panel button to eject the tape.</para>
+
+ <para>Re-insert the tape and <command>dump</command> data to
+ the tape.</para>
+
+ <para><command>dump</command> will report <errorname>DUMP: End of tape
+ detected</errorname> and the console will show: <errorname>HARDWARE
+ FAILURE info:280 asc:80,96</errorname>.</para>
+
+ <para>rewind the tape using: <command>mt rewind</command>.</para>
+
+ <para>Subsequent tape operations are successful.</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="backups-floppybackups">
+ <title>Backups to Floppies</title>
+
+ <sect2 id="floppies-using">
+ <title>Can I Use Floppies for Backing Up My Data?</title>
+ <indexterm><primary>backup floppies</primary></indexterm>
+ <indexterm><primary>floppy disks</primary></indexterm>
+
+ <para>Floppy disks are not really a suitable media for
+ making backups as:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The media is unreliable, especially over long periods of
+ time.</para>
+ </listitem>
+
+ <listitem>
+ <para>Backing up and restoring is very slow.</para>
+ </listitem>
+
+ <listitem>
+ <para>They have a very limited capacity (the days of backing up
+ an entire hard disk onto a dozen or so floppies has long since
+ passed).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>However, if you have no other method of backing up your data then
+ floppy disks are better than no backup at all.</para>
+
+ <para>If you do have to use floppy disks then ensure that you use good
+ quality ones. Floppies that have been lying around the office for a
+ couple of years are a bad choice. Ideally use new ones from a
+ reputable manufacturer.</para>
+ </sect2>
+
+ <sect2 id="floppies-creating">
+ <title>So How Do I Backup My Data to Floppies?</title>
+
+ <para>The best way to backup to floppy disk is to use
+ &man.tar.1; with the <option>-M</option> (multi
+ volume) option, which allows backups to span multiple
+ floppies.</para>
+
+ <para>To backup all the files in the current directory and sub-directory
+ use this (as <username>root</username>):</para>
+
+ <screen>&prompt.root; <userinput>tar Mcvf /dev/fd0 *</userinput></screen>
+
+ <para>When the first floppy is full &man.tar.1; will prompt you to
+ insert the next volume (because &man.tar.1; is media independent it
+ refers to volumes; in this context it means floppy disk).</para>
+
+ <screen>Prepare volume #2 for /dev/fd0 and hit return:</screen>
+
+ <para>This is repeated (with the volume number incrementing) until all
+ the specified files have been archived.</para>
+ </sect2>
+
+ <sect2 id="floppies-compress">
+ <title>Can I Compress My Backups?</title>
+ <indexterm>
+ <primary><command>tar</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>gzip</command></primary>
+ </indexterm>
+ <indexterm><primary>compression</primary></indexterm>
+
+ <para>Unfortunately, &man.tar.1; will not allow the
+ <option>-z</option> option to be used for multi-volume archives.
+ You could, of course, &man.gzip.1; all the files,
+ &man.tar.1; them to the floppies, then
+ &man.gunzip.1; the files again!</para>
+ </sect2>
+
+ <sect2 id="floppies-restoring">
+ <title>How Do I Restore My Backups?</title>
+
+ <para>To restore the entire archive use:</para>
+
+ <screen>&prompt.root; <userinput>tar Mxvf /dev/fd0</userinput></screen>
+
+ <para>There are two ways that you can use to restore only
+ specific files. First, you can start with the first floppy
+ and use:</para>
+
+ <screen>&prompt.root; <userinput>tar Mxvf /dev/fd0 <replaceable>filename</replaceable></userinput></screen>
+
+ <para>The utility &man.tar.1; will prompt you to insert subsequent floppies until it
+ finds the required file.</para>
+
+ <para>Alternatively, if you know which floppy the file is on then you
+ can simply insert that floppy and use the same command as above. Note
+ that if the first file on the floppy is a continuation from the
+ previous one then &man.tar.1; will warn you that it cannot
+ restore it, even if you have not asked it to!</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="backup-strategies">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Lowell</firstname>
+ <surname>Gilbert</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 3 Dec 2005 -->
+ </sect1info>
+
+ <title>Backup Strategies</title>
+
+ <para>The first requirement in devising a backup plan is to make sure that
+ all of the following problems are covered:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Disk failure</para>
+ </listitem>
+ <listitem>
+ <para>Accidental file deletion</para>
+ </listitem>
+ <listitem>
+ <para>Random file corruption</para>
+ </listitem>
+ <listitem>
+ <para>Complete machine destruction (e.g. fire), including destruction
+ of any on-site backups.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>It is perfectly possible that some systems will be best served by
+ having each of these problems covered by a completely different
+ technique. Except for strictly personal systems with very low-value
+ data, it is unlikely that one technique would cover all of them.</para>
+
+ <para>Some of the techniques in the toolbox are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Archives of the whole system, backed up onto permanent media
+ offsite. This actually provides protection against all of the
+ possible problems listed above, but is slow and inconvenient to
+ restore from. You can keep copies of the backups onsite and/or
+ online, but there will still be inconveniences in restoring files,
+ especially for non-privileged users.</para>
+ </listitem>
+
+ <listitem>
+ <para>Filesystem snapshots. This is really only helpful in the
+ accidental file deletion scenario, but it can be
+ <emphasis>very</emphasis> helpful in that case, and is quick and
+ easy to deal with.</para>
+ </listitem>
+
+ <listitem>
+ <para>Copies of whole filesystems and/or disks (e.g. periodic rsync of
+ the whole machine). This is generally most useful in networks with
+ unique requirements. For general protection against disk failure,
+ it is usually inferior to <acronym>RAID</acronym>. For restoring
+ accidentally deleted files, it can be comparable to
+ <acronym>UFS</acronym> snapshots, but that depends on your
+ preferences.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>RAID</acronym>. Minimizes or avoids downtime when a
+ disk fails. At the expense of having to deal with disk failures
+ more often (because you have more disks), albeit at a much lower
+ urgency.</para>
+ </listitem>
+
+ <listitem>
+ <para>Checking fingerprints of files. The &man.mtree.8; utility is
+ very useful for this. Although it is not a backup technique, it
+ helps guarantee that you will notice when you need to resort to your
+ backups. This is particularly important for offline backups, and
+ should be checked periodically.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>It is quite easy to come up with even more techniques, many of them
+ variations on the ones listed above. Specialized requirements will
+ usually lead to specialized techniques (for example, backing up a live
+ database usually requires a method particular to the database software
+ as an intermediate step). The important thing is to know what dangers
+ you want to protect against, and how you will handle each.</para>
+ </sect1>
+
+ <sect1 id="backup-basics">
+ <title>Backup Basics</title>
+
+ <para>The three major backup programs are
+ &man.dump.8;,
+ &man.tar.1;,
+ and
+ &man.cpio.1;.</para>
+
+ <sect2>
+ <title>Dump and Restore</title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary>dump / restore</secondary>
+ </indexterm>
+ <indexterm><primary><command>dump</command></primary></indexterm>
+ <indexterm><primary><command>restore</command></primary></indexterm>
+
+ <para>The traditional &unix; backup programs are
+ <command>dump</command> and <command>restore</command>. They
+ operate on the drive as a collection of disk blocks, below the
+ abstractions of files, links and directories that are created by
+ the file systems. <command>dump</command> backs up an entire
+ file system on a device. It is unable to backup only part of a
+ file system or a directory tree that spans more than one
+ file system. <command>dump</command> does not write files and
+ directories to tape, but rather writes the raw data blocks that
+ comprise files and directories.</para>
+
+ <note><para>If you use <command>dump</command> on your root directory, you
+ would not back up <filename>/home</filename>,
+ <filename>/usr</filename> or many other directories since
+ these are typically mount points for other file systems or
+ symbolic links into those file systems.</para></note>
+
+ <para><command>dump</command> has quirks that remain from its early days in
+ Version 6 of AT&amp;T UNIX (circa 1975). The default
+ parameters are suitable for 9-track tapes (6250 bpi), not the
+ high-density media available today (up to 62,182 ftpi). These
+ defaults must be overridden on the command line to utilize the
+ capacity of current tape drives.</para>
+
+ <indexterm><primary><filename>.rhosts</filename></primary></indexterm>
+ <para>It is also possible to backup data across the network to a
+ tape drive attached to another computer with <command>rdump</command> and
+ <command>rrestore</command>. Both programs rely upon &man.rcmd.3; and
+ &man.ruserok.3; to access the remote tape drive. Therefore,
+ the user performing the backup must be listed in the
+ <filename>.rhosts</filename> file on the remote computer. The
+ arguments to <command>rdump</command> and <command>rrestore</command> must be suitable
+ to use on the remote computer. When
+ <command>rdump</command>ing from a FreeBSD computer to an
+ Exabyte tape drive connected to a Sun called
+ <hostid>komodo</hostid>, use:</para>
+
+ <screen>&prompt.root; <userinput>/sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&amp;1</userinput></screen>
+
+ <para>Beware: there are security implications to
+ allowing <filename>.rhosts</filename> authentication. Evaluate your
+ situation carefully.</para>
+
+ <para>It is also possible to use <command>dump</command> and
+ <command>restore</command> in a more secure fashion over
+ <command>ssh</command>.</para>
+
+ <example>
+ <title>Using <command>dump</command> over <application>ssh</application></title>
+
+ <screen>&prompt.root; <userinput>/sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
+ targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz</userinput></screen>
+
+ </example>
+
+ <para>Or using <command>dump</command>'s built-in method,
+ setting the environment variable <envar>RSH</envar>:</para>
+
+ <example>
+ <title>Using <command>dump</command> over <application>ssh</application> with <envar>RSH</envar> set</title>
+
+ <screen>&prompt.root; <userinput>RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr</userinput></screen>
+
+ </example>
+
+ </sect2>
+
+ <sect2>
+ <title><command>tar</command></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><command>tar</command></secondary>
+ </indexterm>
+
+ <para>&man.tar.1; also dates back to Version 6 of AT&amp;T UNIX
+ (circa 1975). <command>tar</command> operates in cooperation
+ with the file system; it writes files and
+ directories to tape. <command>tar</command> does not support the
+ full range of options that are available from &man.cpio.1;, but
+ it does not require the unusual command
+ pipeline that <command>cpio</command> uses.</para>
+
+ <indexterm><primary><command>tar</command></primary></indexterm>
+
+ <para>On FreeBSD 5.3 and later, both GNU <command>tar</command>
+ and the default <command>bsdtar</command> are available. The
+ GNU version can be invoked with <command>gtar</command>. It
+ supports remote devices using the same syntax as
+ <command>rdump</command>. To <command>tar</command> to an
+ Exabyte tape drive connected to a Sun called
+ <hostid>komodo</hostid>, use:</para>
+
+ <screen>&prompt.root; <userinput>/usr/bin/gtar cf komodo:/dev/nsa8 . 2>&amp;1</userinput></screen>
+
+ <para>The same could be accomplished with
+ <command>bsdtar</command> by using a pipeline and
+ <command>rsh</command> to send the data to a remote tape
+ drive.</para>
+
+ <screen>&prompt.root; <userinput>tar cf - . | rsh <replaceable>hostname</replaceable> dd of=<replaceable>tape-device</replaceable> obs=20b</userinput></screen>
+
+ <para>If you are worried about the security of backing up over a
+ network you should use the <command>ssh</command> command
+ instead of <command>rsh</command>.</para>
+ </sect2>
+
+ <sect2>
+ <title><command>cpio</command></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><command>cpio</command></secondary>
+ </indexterm>
+
+ <para>&man.cpio.1; is the original &unix; file interchange tape
+ program for magnetic media. <command>cpio</command> has options
+ (among many others) to perform byte-swapping, write a number of
+ different archive formats, and pipe the data to other programs.
+ This last feature makes <command>cpio</command> an excellent
+ choice for installation media. <command>cpio</command> does not
+ know how to walk the directory tree and a list of files must be
+ provided through <filename>stdin</filename>.</para>
+ <indexterm><primary><command>cpio</command></primary></indexterm>
+
+ <para><command>cpio</command> does not support backups across
+ the network. You can use a pipeline and <command>rsh</command>
+ to send the data to a remote tape drive.</para>
+
+ <screen>&prompt.root; <userinput>for f in <replaceable>directory_list; do</replaceable></userinput>
+<userinput>find $f >> backup.list</userinput>
+<userinput>done</userinput>
+&prompt.root; <userinput>cpio -v -o --format=newc < backup.list | ssh <replaceable>user</replaceable>@<replaceable>host</replaceable> "cat > <replaceable>backup_device</replaceable>"</userinput></screen>
+
+ <para>Where <replaceable>directory_list</replaceable> is the list of
+ directories you want to back up,
+ <replaceable>user</replaceable>@<replaceable>host</replaceable> is the
+ user/hostname combination that will be performing the backups, and
+ <replaceable>backup_device</replaceable> is where the backups should
+ be written to (e.g., <filename>/dev/nsa0</filename>).</para>
+ </sect2>
+
+ <sect2>
+ <title><command>pax</command></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><command>pax</command></secondary>
+ </indexterm>
+ <indexterm><primary><command>pax</command></primary></indexterm>
+ <indexterm><primary>POSIX</primary></indexterm>
+ <indexterm><primary>IEEE</primary></indexterm>
+
+ <para>&man.pax.1; is IEEE/&posix;'s answer to
+ <command>tar</command> and <command>cpio</command>. Over the
+ years the various versions of <command>tar</command> and
+ <command>cpio</command> have gotten slightly incompatible. So
+ rather than fight it out to fully standardize them, &posix;
+ created a new archive utility. <command>pax</command> attempts
+ to read and write many of the various <command>cpio</command>
+ and <command>tar</command> formats, plus new formats of its own.
+ Its command set more resembles <command>cpio</command> than
+ <command>tar</command>.</para>
+ </sect2>
+
+ <sect2 id="backups-programs-amanda">
+ <title><application>Amanda</application></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><application>Amanda</application></secondary>
+ </indexterm>
+ <indexterm><primary><application>Amanda</application></primary></indexterm>
+
+ <!-- Remove link until <port> tag is available -->
+ <para><application>Amanda</application> (Advanced Maryland
+ Network Disk Archiver) is a client/server backup system,
+ rather than a single program. An <application>Amanda</application> server will backup to
+ a single tape drive any number of computers that have <application>Amanda</application>
+ clients and a network connection to the <application>Amanda</application> server. A
+ common problem at sites with a number of large disks is
+ that the length of time required to backup to data directly to tape
+ exceeds the amount of time available for the task. <application>Amanda</application>
+ solves this problem. <application>Amanda</application> can use a <quote>holding disk</quote> to
+ backup several file systems at the same time. <application>Amanda</application> creates
+ <quote>archive sets</quote>: a group of tapes used over a period of time to
+ create full backups of all the file systems listed in <application>Amanda</application>'s
+ configuration file. The <quote>archive set</quote> also contains nightly
+ incremental (or differential) backups of all the file systems.
+ Restoring a damaged file system requires the most recent full
+ backup and the incremental backups.</para>
+
+ <para>The configuration file provides fine control of backups and the
+ network traffic that <application>Amanda</application> generates. <application>Amanda</application> will use any of the
+ above backup programs to write the data to tape. <application>Amanda</application> is available
+ as either a port or a package, it is not installed by default.</para>
+ </sect2>
+
+ <sect2>
+ <title>Do Nothing</title>
+
+ <para><quote>Do nothing</quote> is not a computer program, but it is the
+ most widely used backup strategy. There are no initial costs. There
+ is no backup schedule to follow. Just say no. If something happens
+ to your data, grin and bear it!</para>
+
+ <para>If your time and your data is worth little to nothing, then
+ <quote>Do nothing</quote> is the most suitable backup program for your
+ computer. But beware, &unix; is a useful tool, you may find that within
+ six months you have a collection of files that are valuable to
+ you.</para>
+
+ <para><quote>Do nothing</quote> is the correct backup method for
+ <filename>/usr/obj</filename> and other directory trees that can be
+ exactly recreated by your computer. An example is the files that
+ comprise the HTML or &postscript; version of this Handbook.
+ These document formats have been created from SGML input
+ files. Creating backups of the HTML or &postscript; files is
+ not necessary. The SGML files are backed up regularly.</para>
+ </sect2>
+
+ <sect2>
+ <title>Which Backup Program Is Best?</title>
+ <indexterm>
+ <primary>LISA</primary>
+ </indexterm>
+
+ <para>&man.dump.8; <emphasis>Period.</emphasis> Elizabeth D. Zwicky
+ torture tested all the backup programs discussed here. The clear
+ choice for preserving all your data and all the peculiarities of &unix;
+ file systems is <command>dump</command>. Elizabeth created file systems containing
+ a large variety of unusual conditions (and some not so unusual ones)
+ and tested each program by doing a backup and restore of those
+ file systems. The peculiarities included: files with holes, files with
+ holes and a block of nulls, files with funny characters in their
+ names, unreadable and unwritable files, devices, files that change
+ size during the backup, files that are created/deleted during the
+ backup and more. She presented the results at LISA V in Oct. 1991.
+ See <ulink
+ url="http://berdmann.dyndns.org/zwicky/testdump.doc.html">torture-testing
+ Backup and Archive Programs</ulink>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Emergency Restore Procedure</title>
+
+ <sect3>
+ <title>Before the Disaster</title>
+
+ <para>There are only four steps that you need to perform in
+ preparation for any disaster that may occur.</para>
+ <indexterm>
+ <primary><command>disklabel</command></primary>
+ </indexterm>
+
+ <para>First, print the disklabel from each of your disks
+ (e.g. <command>disklabel da0 | lpr</command>), your file system table
+ (<filename>/etc/fstab</filename>) and all boot messages,
+ two copies of
+ each.</para>
+
+ <indexterm><primary>fix-it floppies</primary></indexterm>
+ <para>Second, determine that the boot and fix-it floppies
+ (<filename>boot.flp</filename> and <filename>fixit.flp</filename>)
+ have all your devices. The easiest way to check is to reboot your
+ machine with the boot floppy in the floppy drive and check the boot
+ messages. If all your devices are listed and functional, skip on to
+ step three.</para>
+
+ <para>Otherwise, you have to create two custom bootable
+ floppies which have a kernel that can mount all of your disks
+ and access your tape drive. These floppies must contain:
+ <command>fdisk</command>, <command>disklabel</command>,
+ <command>newfs</command>, <command>mount</command>, and
+ whichever backup program you use. These programs must be
+ statically linked. If you use <command>dump</command>, the
+ floppy must contain <command>restore</command>.</para>
+
+ <para>Third, create backup tapes regularly. Any changes that you make
+ after your last backup may be irretrievably lost. Write-protect the
+ backup tapes.</para>
+
+ <para>Fourth, test the floppies (either <filename>boot.flp</filename>
+ and <filename>fixit.flp</filename> or the two custom bootable
+ floppies you made in step two.) and backup tapes. Make notes of the
+ procedure. Store these notes with the bootable floppy, the
+ printouts and the backup tapes. You will be so distraught when
+ restoring that the notes may prevent you from destroying your backup
+ tapes (How? In place of <command>tar xvf /dev/sa0</command>, you
+ might accidentally type <command>tar cvf /dev/sa0</command> and
+ over-write your backup tape).</para>
+
+ <para>For an added measure of security, make bootable floppies and two
+ backup tapes each time. Store one of each at a remote location. A
+ remote location is NOT the basement of the same office building. A
+ number of firms in the World Trade Center learned this lesson the
+ hard way. A remote location should be physically separated from
+ your computers and disk drives by a significant distance.</para>
+
+ <example>
+ <title>A Script for Creating a Bootable Floppy</title>
+
+ <programlisting><![ CDATA [#!/bin/sh
+#
+# create a restore floppy
+#
+# format the floppy
+#
+PATH=/bin:/sbin:/usr/sbin:/usr/bin
+
+fdformat -q fd0
+if [ $? -ne 0 ]
+then
+ echo "Bad floppy, please use a new one"
+ exit 1
+fi
+
+# place boot blocks on the floppy
+#
+disklabel -w -B /dev/fd0c fd1440
+
+#
+# newfs the one and only partition
+#
+newfs -t 2 -u 18 -l 1 -c 40 -i 5120 -m 5 -o space /dev/fd0a
+
+#
+# mount the new floppy
+#
+mount /dev/fd0a /mnt
+
+#
+# create required directories
+#
+mkdir /mnt/dev
+mkdir /mnt/bin
+mkdir /mnt/sbin
+mkdir /mnt/etc
+mkdir /mnt/root
+mkdir /mnt/mnt # for the root partition
+mkdir /mnt/tmp
+mkdir /mnt/var
+
+#
+# populate the directories
+#
+if [ ! -x /sys/compile/MINI/kernel ]
+then
+ cat << EOM
+The MINI kernel does not exist, please create one.
+Here is an example config file:
+#
+# MINI -- A kernel to get FreeBSD onto a disk.
+#
+machine "i386"
+cpu "I486_CPU"
+ident MINI
+maxusers 5
+
+options INET # needed for _tcp _icmpstat _ipstat
+ # _udpstat _tcpstat _udb
+options FFS #Berkeley Fast File System
+options FAT_CURSOR #block cursor in syscons or pccons
+options SCSI_DELAY=15 #Be pessimistic about Joe SCSI device
+options NCONS=2 #1 virtual consoles
+options USERCONFIG #Allow user configuration with -c XXX
+
+config kernel root on da0 swap on da0 and da1 dumps on da0
+
+device isa0
+device pci0
+
+device fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
+device fd0 at fdc0 drive 0
+
+device ncr0
+
+device scbus0
+
+device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr
+device npx0 at isa? port "IO_NPX" irq 13 vector npxintr
+
+device da0
+device da1
+device da2
+
+device sa0
+
+pseudo-device loop # required by INET
+pseudo-device gzip # Exec gzipped a.out's
+EOM
+ exit 1
+fi
+
+cp -f /sys/compile/MINI/kernel /mnt
+
+gzip -c -best /sbin/init > /mnt/sbin/init
+gzip -c -best /sbin/fsck > /mnt/sbin/fsck
+gzip -c -best /sbin/mount > /mnt/sbin/mount
+gzip -c -best /sbin/halt > /mnt/sbin/halt
+gzip -c -best /sbin/restore > /mnt/sbin/restore
+
+gzip -c -best /bin/sh > /mnt/bin/sh
+gzip -c -best /bin/sync > /mnt/bin/sync
+
+cp /root/.profile /mnt/root
+
+cp -f /dev/MAKEDEV /mnt/dev
+chmod 755 /mnt/dev/MAKEDEV
+
+chmod 500 /mnt/sbin/init
+chmod 555 /mnt/sbin/fsck /mnt/sbin/mount /mnt/sbin/halt
+chmod 555 /mnt/bin/sh /mnt/bin/sync
+chmod 6555 /mnt/sbin/restore
+
+#
+# create the devices nodes
+#
+cd /mnt/dev
+./MAKEDEV std
+./MAKEDEV da0
+./MAKEDEV da1
+./MAKEDEV da2
+./MAKEDEV sa0
+./MAKEDEV pty0
+cd /
+
+#
+# create minimum file system table
+#
+cat > /mnt/etc/fstab <<EOM
+/dev/fd0a / ufs rw 1 1
+EOM
+
+#
+# create minimum passwd file
+#
+cat > /mnt/etc/passwd <<EOM
+root:*:0:0:Charlie &:/root:/bin/sh
+EOM
+
+cat > /mnt/etc/master.passwd <<EOM
+root::0:0::0:0:Charlie &:/root:/bin/sh
+EOM
+
+chmod 600 /mnt/etc/master.passwd
+chmod 644 /mnt/etc/passwd
+/usr/sbin/pwd_mkdb -d/mnt/etc /mnt/etc/master.passwd
+
+#
+# umount the floppy and inform the user
+#
+/sbin/umount /mnt
+echo "The floppy has been unmounted and is now ready."]]></programlisting>
+
+ </example>
+
+ </sect3>
+
+ <sect3>
+ <title>After the Disaster</title>
+
+ <para>The key question is: did your hardware survive? You have been
+ doing regular backups so there is no need to worry about the
+ software.</para>
+
+ <para>If the hardware has been damaged, the parts should be replaced
+ before attempting to use the computer.</para>
+
+ <para>If your hardware is okay, check your floppies. If you are using
+ a custom boot floppy, boot single-user (type <literal>-s</literal>
+ at the <prompt>boot:</prompt> prompt). Skip the following
+ paragraph.</para>
+
+ <para>If you are using the <filename>boot.flp</filename> and
+ <filename>fixit.flp</filename> floppies, keep reading. Insert the
+ <filename>boot.flp</filename> floppy in the first floppy drive and
+ boot the computer. The original install menu will be displayed on
+ the screen. Select the <literal>Fixit--Repair mode with CDROM or
+ floppy.</literal> option. Insert the
+ <filename>fixit.flp</filename> when prompted.
+ <command>restore</command> and the other programs that you need are
+ located in <filename class="directory">/mnt2/rescue</filename>
+ (<filename class="directory">/mnt2/stand</filename> for
+ &os; versions older than 5.2).</para>
+
+ <para>Recover each file system separately.</para>
+
+ <indexterm>
+ <primary><command>mount</command></primary>
+ </indexterm>
+ <indexterm><primary>root partition</primary></indexterm>
+ <indexterm>
+ <primary><command>disklabel</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>newfs</command></primary>
+ </indexterm>
+ <para>Try to <command>mount</command> (e.g. <command>mount /dev/da0a
+ /mnt</command>) the root partition of your first disk. If the
+ disklabel was damaged, use <command>disklabel</command> to re-partition and
+ label the disk to match the label that you printed and saved. Use
+ <command>newfs</command> to re-create the file systems. Re-mount the root
+ partition of the floppy read-write (<command>mount -u -o rw
+ /mnt</command>). Use your backup program and backup tapes to
+ recover the data for this file system (e.g. <command>restore vrf
+ /dev/sa0</command>). Unmount the file system (e.g. <command>umount
+ /mnt</command>). Repeat for each file system that was
+ damaged.</para>
+
+ <para>Once your system is running, backup your data onto new tapes.
+ Whatever caused the crash or data loss may strike again. Another
+ hour spent now may save you from further distress later.</para>
+ </sect3>
+
+<![ %not.published; [
+
+ <sect3>
+ <title>* I Did Not Prepare for the Disaster, What Now?</title>
+
+ <para></para>
+ </sect3>
+]]>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="disks-virtual">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Reorganized and enhanced by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Network, Memory, and File-Backed File Systems</title>
+ <indexterm><primary>virtual disks</primary></indexterm>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>virtual</secondary>
+ </indexterm>
+
+ <para>Aside from the disks you physically insert into your computer:
+ floppies, CDs, hard drives, and so forth; other forms of disks
+ are understood by FreeBSD - the <firstterm>virtual
+ disks</firstterm>.</para>
+
+ <indexterm><primary>NFS</primary></indexterm>
+ <indexterm><primary>Coda</primary></indexterm>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>memory</secondary>
+ </indexterm>
+ <para>These include network file systems such as the <link
+ linkend="network-nfs">Network File System</link> and Coda, memory-based
+ file systems and
+ file-backed file systems.</para>
+
+ <para>According to the FreeBSD version you run, you will have to use
+ different tools for creation and use of file-backed and
+ memory-based file systems.</para>
+
+ <note>
+ <para>The FreeBSD&nbsp;4.X users will have to use &man.MAKEDEV.8;
+ to create the required devices. FreeBSD&nbsp;5.0 and later use
+ &man.devfs.5; to allocate device nodes transparently for the
+ user.</para>
+ </note>
+
+ <sect2 id="disks-vnconfig">
+ <title>File-Backed File System under FreeBSD&nbsp;4.X</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>file-backed (4.X)</secondary>
+ </indexterm>
+
+ <para>The utility &man.vnconfig.8; configures and enables vnode pseudo-disk
+ devices. A <firstterm>vnode</firstterm> is a representation
+ of a file, and is the focus of file activity. This means that
+ &man.vnconfig.8; uses files to create and operate a
+ file system. One possible use is the mounting of floppy or CD
+ images kept in files.</para>
+
+ <para>To use &man.vnconfig.8;, you need &man.vn.4; support in your
+ kernel configuration file:</para>
+
+ <programlisting>pseudo-device vn</programlisting>
+
+ <para>To mount an existing file system image:</para>
+
+ <example>
+ <title>Using vnconfig to Mount an Existing File System
+ Image under FreeBSD&nbsp;4.X</title>
+
+ <screen>&prompt.root; <userinput>vnconfig vn<replaceable>0</replaceable> <replaceable>diskimage</replaceable></userinput>
+&prompt.root; <userinput>mount /dev/vn<replaceable>0</replaceable>c <replaceable>/mnt</replaceable></userinput></screen>
+ </example>
+
+ <para>To create a new file system image with &man.vnconfig.8;:</para>
+
+ <example>
+ <title>Creating a New File-Backed Disk with <command>vnconfig</command></title>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
+5120+0 records in
+5120+0 records out
+&prompt.root; <userinput>vnconfig -s labels -c vn<replaceable>0</replaceable> <replaceable>newimage</replaceable></userinput>
+&prompt.root; <userinput>disklabel -r -w vn<replaceable>0</replaceable> auto</userinput>
+&prompt.root; <userinput>newfs vn<replaceable>0</replaceable>c</userinput>
+Warning: 2048 sector(s) in last cylinder unallocated
+/dev/vn0c: 10240 sectors in 3 cylinders of 1 tracks, 4096 sectors
+ 5.0MB in 1 cyl groups (16 c/g, 32.00MB/g, 1280 i/g)
+super-block backups (for fsck -b #) at:
+ 32
+&prompt.root; <userinput>mount /dev/vn<replaceable>0</replaceable>c <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/vn0c 4927 1 4532 0% /mnt</screen>
+ </example>
+ </sect2>
+
+ <sect2 id="disks-mdconfig">
+ <title>File-Backed File System under FreeBSD&nbsp;5.X</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>file-backed (5.X)</secondary>
+ </indexterm>
+
+ <para>The utility &man.mdconfig.8; is used to configure and enable
+ memory disks, &man.md.4;, under FreeBSD&nbsp;5.X. To use
+ &man.mdconfig.8;, you have to load &man.md.4; module or to add
+ the support in your kernel configuration file:</para>
+
+ <programlisting>device md</programlisting>
+
+ <para>The &man.mdconfig.8; command supports three kinds of
+ memory backed virtual disks: memory disks allocated with
+ &man.malloc.9;, memory disks using a file or swap space as
+ backing. One possible use is the mounting of floppy
+ or CD images kept in files.</para>
+
+ <para>To mount an existing file system image:</para>
+
+ <example>
+ <title>Using <command>mdconfig</command> to Mount an Existing File System
+ Image under FreeBSD&nbsp;5.X</title>
+
+ <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>diskimage</replaceable> -u <replaceable>0</replaceable></userinput>
+&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>
+ </example>
+
+ <para>To create a new file system image with &man.mdconfig.8;:</para>
+
+ <example>
+ <title>Creating a New File-Backed Disk with <command>mdconfig</command></title>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
+5120+0 records in
+5120+0 records out
+&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>newimage</replaceable> -u <replaceable>0</replaceable></userinput>
+&prompt.root; <userinput>disklabel -r -w md<replaceable>0</replaceable> auto</userinput>
+&prompt.root; <userinput>newfs md<replaceable>0</replaceable>c</userinput>
+/dev/md0c: 5.0MB (10240 sectors) block size 16384, fragment size 2048
+ using 4 cylinder groups of 1.27MB, 81 blks, 256 inodes.
+super-block backups (for fsck -b #) at:
+ 32, 2624, 5216, 7808
+&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable>c <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md0c 4846 2 4458 0% /mnt</screen>
+ </example>
+
+ <para>If you do not specify the unit number with the
+ <option>-u</option> option, &man.mdconfig.8; will use the
+ &man.md.4; automatic allocation to select an unused device.
+ The name of the allocated unit will be output on stdout like
+ <devicename>md4</devicename>. For more details about
+ &man.mdconfig.8;, please refer to the manual page.</para>
+
+ <note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
+ utility replaces the old &man.disklabel.8; program. With
+ &man.bsdlabel.8; a number of obsolete options and parameters
+ have been retired; in the example above the option
+ <option>-r</option> should be removed. For more
+ information, please refer to the &man.bsdlabel.8;
+ manual page.</para></note>
+
+ <para>The utility &man.mdconfig.8; is very useful, however it
+ asks many command lines to create a file-backed file system.
+ FreeBSD&nbsp;5.0 also comes with a tool called &man.mdmfs.8;,
+ this program configures a &man.md.4; disk using
+ &man.mdconfig.8;, puts a UFS file system on it using
+ &man.newfs.8;, and mounts it using &man.mount.8;. For example,
+ if you want to create and mount the same file system image as
+ above, simply type the following:</para>
+
+ <example>
+ <title>Configure and Mount a File-Backed Disk with <command>mdmfs</command></title>
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
+5120+0 records in
+5120+0 records out
+&prompt.root; <userinput>mdmfs -F <replaceable>newimage</replaceable> -s <replaceable>5</replaceable>m md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md0 4846 2 4458 0% /mnt</screen>
+ </example>
+
+ <para>If you use the option <option>md</option> without unit
+ number, &man.mdmfs.8; will use &man.md.4; auto-unit feature to
+ automatically select an unused device. For more details
+ about &man.mdmfs.8;, please refer to the manual page.</para>
+
+ </sect2>
+
+ <sect2 id="disks-md-freebsd4">
+ <title>Memory-Based File System under FreeBSD&nbsp;4.X</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>memory file system (4.X)</secondary>
+ </indexterm>
+
+ <para>The &man.md.4; driver is a simple, efficient means to create memory
+ file systems under FreeBSD&nbsp;4.X. &man.malloc.9; is used
+ to allocate the memory.</para>
+
+ <para>Simply take a file system you have prepared with, for
+ example, &man.vnconfig.8;, and:</para>
+
+ <example>
+ <title>md Memory Disk under FreeBSD&nbsp;4.X</title>
+
+ <screen>&prompt.root; <userinput>dd if=<replaceable>newimage</replaceable> of=/dev/md<replaceable>0</replaceable></userinput>
+5120+0 records in
+5120+0 records out
+&prompt.root; <userinput>mount /dev/md<replaceable>0c</replaceable> <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md0c 4927 1 4532 0% /mnt</screen>
+ </example>
+
+ <para>For more details, please refer to &man.md.4; manual
+ page.</para>
+ </sect2>
+
+ <sect2 id="disks-md-freebsd5">
+ <title>Memory-Based File System under FreeBSD&nbsp;5.X</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>memory file system (5.X)</secondary>
+ </indexterm>
+
+ <para>The same tools are used for memory-based and file-backed
+ file systems: &man.mdconfig.8; or &man.mdmfs.8;. The storage
+ for memory-based file system is allocated with
+ &man.malloc.9;.</para>
+
+ <example>
+ <title>Creating a New Memory-Based Disk with
+ <command>mdconfig</command></title>
+
+ <screen>&prompt.root; <userinput>mdconfig -a -t malloc -s <replaceable>5</replaceable>m -u <replaceable>1</replaceable></userinput>
+&prompt.root; <userinput>newfs -U md<replaceable>1</replaceable></userinput>
+/dev/md1: 5.0MB (10240 sectors) block size 16384, fragment size 2048
+ using 4 cylinder groups of 1.27MB, 81 blks, 256 inodes.
+ with soft updates
+super-block backups (for fsck -b #) at:
+ 32, 2624, 5216, 7808
+&prompt.root; <userinput>mount /dev/md<replaceable>1</replaceable> <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md1 4846 2 4458 0% /mnt</screen>
+ </example>
+
+ <example>
+ <title>Creating a New Memory-Based Disk with
+ <command>mdmfs</command></title>
+ <screen>&prompt.root; <userinput>mdmfs -M -s <replaceable>5</replaceable>m md<replaceable>2</replaceable> <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md2 4846 2 4458 0% /mnt</screen>
+ </example>
+
+ <para>Instead of using a &man.malloc.9; backed file system, it is
+ possible to use swap, for that just replace
+ <option>malloc</option> with <option>swap</option> in the
+ command line of &man.mdconfig.8;. The &man.mdmfs.8; utility
+ by default (without <option>-M</option>) creates a swap-based
+ disk. For more details, please refer to &man.mdconfig.8;
+ and &man.mdmfs.8; manual pages.</para>
+ </sect2>
+
+ <sect2>
+ <title>Detaching a Memory Disk from the System</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>detaching a memory disk</secondary>
+ </indexterm>
+
+ <para>When a memory-based or file-based file system
+ is not used, you should release all resources to the system.
+ The first thing to do is to unmount the file system, then use
+ &man.mdconfig.8; to detach the disk from the system and release
+ the resources.</para>
+
+ <para>For example to detach and free all resources used by
+ <filename>/dev/md4</filename>:</para>
+
+ <screen>&prompt.root; <userinput>mdconfig -d -u <replaceable>4</replaceable></userinput></screen>
+
+ <para>It is possible to list information about configured
+ &man.md.4; devices in using the command <command>mdconfig
+ -l</command>.</para>
+
+ <para>For FreeBSD&nbsp;4.X, &man.vnconfig.8; is used to detach
+ the device. For example to detach and free all resources
+ used by <filename>/dev/vn4</filename>:</para>
+
+ <screen>&prompt.root; <userinput>vnconfig -u vn<replaceable>4</replaceable></userinput></screen>
+
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="snapshots">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 15 JUL 2002 -->
+ </sect1info>
+
+ <title>File System Snapshots</title>
+
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>snapshots</secondary>
+ </indexterm>
+
+ <para>FreeBSD&nbsp;5.0 offers a new feature in conjunction with
+ <link linkend="soft-updates">Soft Updates</link>: File system snapshots.</para>
+
+ <para>Snapshots allow a user to create images of specified file
+ systems, and treat them as a file.
+ Snapshot files must be created in the file system that the
+ action is performed on, and a user may create no more than 20
+ snapshots per file system. Active snapshots are recorded
+ in the superblock so they are persistent across unmount and
+ remount operations along with system reboots. When a snapshot
+ is no longer required, it can be removed with the standard &man.rm.1;
+ command. Snapshots may be removed in any order,
+ however all the used space may not be acquired because another snapshot will
+ possibly claim some of the released blocks.</para>
+
+ <para>The un-alterable <option>snapshot</option> file flag is set
+ by &man.mksnap.ffs.8; after initial creation of a snapshot file.
+ The &man.unlink.1; command makes an exception for snapshot files
+ since it allows them to be removed.</para>
+
+ <para>Snapshots are created with the &man.mount.8; command. To place
+ a snapshot of <filename>/var</filename> in the file
+ <filename>/var/snapshot/snap</filename> use the following
+ command:</para>
+
+<screen>&prompt.root; <userinput>mount -u -o snapshot /var/snapshot/snap /var</userinput></screen>
+
+ <para>Alternatively, you can use &man.mksnap.ffs.8; to create
+ a snapshot:</para>
+<screen>&prompt.root; <userinput>mksnap_ffs /var /var/snapshot/snap</userinput></screen>
+
+ <para>One can find snapshot files on a file system (e.g. <filename>/var</filename>)
+ by using the &man.find.1; command:</para>
+<screen>&prompt.root; <userinput>find /var -flags snapshot</userinput></screen>
+
+ <para>Once a snapshot has been created, it has several
+ uses:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Some administrators will use a snapshot file for backup purposes,
+ because the snapshot can be transfered to CDs or tape.</para>
+ </listitem>
+
+ <listitem>
+ <para>File integrity, &man.fsck.8; may be ran on the snapshot.
+ Assuming that the file system was clean when it was mounted, you
+ should always get a clean (and unchanging) result.
+ This is essentially what the
+ background &man.fsck.8; process does.</para>
+ </listitem>
+
+ <listitem>
+ <para>Run the &man.dump.8; utility on the snapshot.
+ A dump will be returned that is consistent with the
+ file system and the timestamp of the snapshot. &man.dump.8;
+ can also take a snapshot, create a dump image and then
+ remove the snapshot in one command using the
+ <option>-L</option> flag.</para>
+ </listitem>
+
+ <listitem>
+ <para>&man.mount.8; the snapshot as a frozen image of the file system.
+ To &man.mount.8; the snapshot
+ <filename>/var/snapshot/snap</filename> run:</para>
+
+<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /var/snapshot/snap -u 4</userinput>
+&prompt.root; <userinput>mount -r /dev/md4 /mnt</userinput></screen>
+
+ </listitem>
+ </itemizedlist>
+
+ <para>You can now walk the hierarchy of your frozen <filename>/var</filename>
+ file system mounted at <filename>/mnt</filename>. Everything will
+ initially be in the same state it was during the snapshot creation time.
+ The only exception is that any earlier snapshots will appear
+ as zero length files. When the use of a snapshot has delimited,
+ it can be unmounted with:</para>
+
+<screen>&prompt.root; <userinput>umount /mnt</userinput>
+&prompt.root; <userinput>mdconfig -d -u 4</userinput></screen>
+
+ <para>For more information about <option>softupdates</option> and
+ file system snapshots, including technical papers, you can visit
+ Marshall Kirk McKusick's website at
+ <ulink url="http://www.mckusick.com/"></ulink>.</para>
+ </sect1>
+
+ <sect1 id="quotas">
+ <title>File System Quotas</title>
+ <indexterm>
+ <primary>accounting</primary>
+ <secondary>disk space</secondary>
+ </indexterm>
+ <indexterm><primary>disk quotas</primary></indexterm>
+
+ <para>Quotas are an optional feature of the operating system that
+ allow you to limit the amount of disk space and/or the number of
+ files a user or members of a group may allocate on a per-file
+ system basis. This is used most often on timesharing systems where
+ it is desirable to limit the amount of resources any one user or
+ group of users may allocate. This will prevent one user or group
+ of users from consuming all of the available disk space.</para>
+
+ <sect2>
+ <title>Configuring Your System to Enable Disk Quotas</title>
+
+ <para>Before attempting to use disk quotas, it is necessary to make
+ sure that quotas are configured in your kernel. This is done by
+ adding the following line to your kernel configuration
+ file:</para>
+
+ <programlisting>options QUOTA</programlisting>
+
+ <para>The stock <filename>GENERIC</filename> kernel does not have
+ this enabled by default, so you will have to configure, build and
+ install a custom kernel in order to use disk quotas. Please refer
+ to <xref linkend="kernelconfig"> for more information on kernel
+ configuration.</para>
+
+ <para>Next you will need to enable disk quotas in
+ <filename>/etc/rc.conf</filename>. This is done by adding the
+ line:</para>
+
+ <programlisting>enable_quotas="YES"</programlisting>
+ <indexterm>
+ <primary>disk quotas</primary>
+ <secondary>checking</secondary>
+ </indexterm>
+ <para>For finer control over your quota startup, there is an
+ additional configuration variable available. Normally on bootup,
+ the quota integrity of each file system is checked by the
+ &man.quotacheck.8; program. The
+ &man.quotacheck.8; facility insures that the data in
+ the quota database properly reflects the data on the file system.
+ This is a very time consuming process that will significantly
+ affect the time your system takes to boot. If you would like to
+ skip this step, a variable in <filename>/etc/rc.conf</filename>
+ is made available for the purpose:</para>
+
+ <programlisting>check_quotas="NO"</programlisting>
+
+ <para>Finally you will need to edit <filename>/etc/fstab</filename>
+ to enable disk quotas on a per-file system basis. This is where
+ you can either enable user or group quotas or both for all of your
+ file systems.</para>
+
+ <para>To enable per-user quotas on a file system, add the
+ <option>userquota</option> option to the options field in the
+ <filename>/etc/fstab</filename> entry for the file system you want
+ to enable quotas on. For example:</para>
+
+ <programlisting>/dev/da1s2g /home ufs rw,userquota 1 2</programlisting>
+
+ <para>Similarly, to enable group quotas, use the
+ <option>groupquota</option> option instead of
+ <option>userquota</option>. To enable both user and
+ group quotas, change the entry as follows:</para>
+
+ <programlisting>/dev/da1s2g /home ufs rw,userquota,groupquota 1 2</programlisting>
+
+ <para>By default, the quota files are stored in the root directory of
+ the file system with the names <filename>quota.user</filename> and
+ <filename>quota.group</filename> for user and group quotas
+ respectively. See &man.fstab.5; for more
+ information. Even though the &man.fstab.5; manual page says that
+ you can specify
+ an alternate location for the quota files, this is not recommended
+ because the various quota utilities do not seem to handle this
+ properly.</para>
+
+ <para>At this point you should reboot your system with your new
+ kernel. <filename>/etc/rc</filename> will automatically run the
+ appropriate commands to create the initial quota files for all of
+ the quotas you enabled in <filename>/etc/fstab</filename>, so
+ there is no need to manually create any zero length quota
+ files.</para>
+
+ <para>In the normal course of operations you should not be required
+ to run the &man.quotacheck.8;,
+ &man.quotaon.8;, or &man.quotaoff.8;
+ commands manually. However, you may want to read their manual pages
+ just to be familiar with their operation.</para>
+ </sect2>
+
+ <sect2>
+ <title>Setting Quota Limits</title>
+ <indexterm>
+ <primary>disk quotas</primary>
+ <secondary>limits</secondary>
+ </indexterm>
+
+ <para>Once you have configured your system to enable quotas, verify
+ that they really are enabled. An easy way to do this is to
+ run:</para>
+
+ <screen>&prompt.root; <userinput>quota -v</userinput></screen>
+
+ <para>You should see a one line summary of disk usage and current
+ quota limits for each file system that quotas are enabled
+ on.</para>
+
+ <para>You are now ready to start assigning quota limits with the
+ &man.edquota.8; command.</para>
+
+ <para>You have several options on how to enforce limits on the
+ amount of disk space a user or group may allocate, and how many
+ files they may create. You may limit allocations based on disk
+ space (block quotas) or number of files (inode quotas) or a
+ combination of both. Each of these limits are further broken down
+ into two categories: hard and soft limits.</para>
+
+ <indexterm><primary>hard limit</primary></indexterm>
+ <para>A hard limit may not be exceeded. Once a user reaches his
+ hard limit he may not make any further allocations on the file
+ system in question. For example, if the user has a hard limit of
+ 500 kbytes on a file system and is currently using 490 kbytes, the
+ user can only allocate an additional 10 kbytes. Attempting to
+ allocate an additional 11 kbytes will fail.</para>
+
+ <indexterm><primary>soft limit</primary></indexterm>
+ <para>Soft limits, on the other hand, can be exceeded for a limited
+ amount of time. This period of time is known as the grace period,
+ which is one week by default. If a user stays over his or her
+ soft limit longer than the grace period, the soft limit will
+ turn into a hard limit and no further allocations will be allowed.
+ When the user drops back below the soft limit, the grace period
+ will be reset.</para>
+
+ <para>The following is an example of what you might see when you run
+ the &man.edquota.8; command. When the
+ &man.edquota.8; command is invoked, you are placed into
+ the editor specified by the <envar>EDITOR</envar> environment
+ variable, or in the <application>vi</application> editor if the
+ <envar>EDITOR</envar> variable is not set, to allow you to edit
+ the quota limits.</para>
+
+ <screen>&prompt.root; <userinput>edquota -u test</userinput></screen>
+
+ <programlisting>Quotas for user test:
+/usr: kbytes in use: 65, limits (soft = 50, hard = 75)
+ inodes in use: 7, limits (soft = 50, hard = 60)
+/usr/var: kbytes in use: 0, limits (soft = 50, hard = 75)
+ inodes in use: 0, limits (soft = 50, hard = 60)</programlisting>
+
+ <para>You will normally see two lines for each file system that has
+ quotas enabled. One line for the block limits, and one line for
+ inode limits. Simply change the value you want updated to modify
+ the quota limit. For example, to raise this user's block limit
+ from a soft limit of 50 and a hard limit of 75 to a soft limit of
+ 500 and a hard limit of 600, change:</para>
+
+ <programlisting>/usr: kbytes in use: 65, limits (soft = 50, hard = 75)</programlisting>
+
+ <para>to:</para>
+
+ <programlisting>/usr: kbytes in use: 65, limits (soft = 500, hard = 600)</programlisting>
+
+ <para>The new quota limits will be in place when you exit the
+ editor.</para>
+
+ <para>Sometimes it is desirable to set quota limits on a range of
+ UIDs. This can be done by use of the <option>-p</option> option
+ on the &man.edquota.8; command. First, assign the
+ desired quota limit to a user, and then run
+ <command>edquota -p protouser startuid-enduid</command>. For
+ example, if user <username>test</username> has the desired quota
+ limits, the following command can be used to duplicate those quota
+ limits for UIDs 10,000 through 19,999:</para>
+
+ <screen>&prompt.root; <userinput>edquota -p test 10000-19999</userinput></screen>
+
+ <para>For more information see &man.edquota.8; manual page.</para>
+ </sect2>
+
+ <sect2>
+ <title>Checking Quota Limits and Disk Usage</title>
+ <indexterm>
+ <primary>disk quotas</primary>
+ <secondary>checking</secondary>
+ </indexterm>
+
+ <para>You can use either the &man.quota.1; or the
+ &man.repquota.8; commands to check quota limits and
+ disk usage. The &man.quota.1; command can be used to
+ check individual user or group quotas and disk usage. A user
+ may only examine his own quota, and the quota of a group he
+ is a member of. Only the super-user may view all user and group
+ quotas. The
+ &man.repquota.8; command can be used to get a summary
+ of all quotas and disk usage for file systems with quotas
+ enabled.</para>
+
+ <para>The following is some sample output from the
+ <command>quota -v</command> command for a user that has quota
+ limits on two file systems.</para>
+
+ <programlisting>Disk quotas for user test (uid 1002):
+ Filesystem usage quota limit grace files quota limit grace
+ /usr 65* 50 75 5days 7 50 60
+ /usr/var 0 50 75 0 50 60</programlisting>
+
+ <indexterm><primary>grace period</primary></indexterm>
+ <para>On the <filename>/usr</filename> file system in the above
+ example, this user is currently 15 kbytes over the soft limit of
+ 50 kbytes and has 5 days of the grace period left. Note the
+ asterisk <literal>*</literal> which indicates that the user is
+ currently over his quota limit.</para>
+
+ <para>Normally file systems that the user is not using any disk
+ space on will not show up in the output from the
+ &man.quota.1; command, even if he has a quota limit
+ assigned for that file system. The <option>-v</option> option
+ will display those file systems, such as the
+ <filename>/usr/var</filename> file system in the above
+ example.</para>
+ </sect2>
+
+ <sect2>
+ <title>Quotas over NFS</title>
+ <indexterm><primary>NFS</primary></indexterm>
+
+ <para>Quotas are enforced by the quota subsystem on the NFS server.
+ The &man.rpc.rquotad.8; daemon makes quota information available
+ to the &man.quota.1; command on NFS clients, allowing users on
+ those machines to see their quota statistics.</para>
+
+ <para>Enable <command>rpc.rquotad</command> in
+ <filename>/etc/inetd.conf</filename> like so:</para>
+
+ <programlisting>rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad</programlisting>
+
+ <para>Now restart <command>inetd</command>:</para>
+
+ <screen>&prompt.root; <userinput>kill -HUP `cat /var/run/inetd.pid`</userinput></screen>
+ </sect2>
+ </sect1>
+
+
+ <sect1 id="disks-encrypting">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Lucky</firstname>
+ <surname>Green</surname>
+ <contrib>Contributed by </contrib>
+ <affiliation>
+ <address><email>shamrock@cypherpunks.to</email></address>
+ </affiliation>
+ </author>
+ </authorgroup>
+ <!-- 11 MARCH 2003 -->
+ </sect1info>
+
+ <title>Encrypting Disk Partitions</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>encrypting</secondary></indexterm>
+
+ <para>FreeBSD offers excellent online protections against
+ unauthorized data access. File permissions and Mandatory
+ Access Control (MAC) (see <xref linkend="mac">) help prevent
+ unauthorized third-parties from accessing data while the operating
+ system is active and the computer is powered up. However,
+ the permissions enforced by the operating system are irrelevant if an
+ attacker has physical access to a computer and can simply move
+ the computer's hard drive to another system to copy and analyze
+ the sensitive data.</para>
+
+ <para>Regardless of how an attacker may have come into possession of
+ a hard drive or powered-down computer, <application>GEOM Based Disk
+ Encryption (gbde)</application> can protect the data on the
+ computer's file systems against even highly-motivated attackers
+ with significant resources. Unlike cumbersome encryption methods
+ that encrypt only individual files, <application>gbde</application>
+ transparently encrypts entire file systems. No cleartext ever
+ touches the hard drive's platter.</para>
+
+ <sect2>
+ <title>Enabling gbde in the Kernel</title>
+
+ <procedure>
+ <step>
+ <title>Become <username>root</username></title>
+
+ <para>Configuring <application>gbde</application> requires
+ super-user privileges.</para>
+
+ <screen>&prompt.user; <userinput>su -</userinput>
+Password:</screen>
+ </step>
+
+ <step>
+ <title>Verify the Operating System Version</title>
+
+ <para>&man.gbde.4; requires FreeBSD 5.0 or higher.</para>
+
+ <screen>&prompt.root; <userinput>uname -r</userinput>
+5.0-RELEASE</screen>
+ </step>
+
+ <step>
+ <title>Add &man.gbde.4; Support to the Kernel Configuration File</title>
+
+ <para>Using your favorite text editor, add the following
+ line to your kernel configuration file:</para>
+
+ <para><literal>options GEOM_BDE</literal></para>
+
+ <para>Configure, recompile, and install the FreeBSD kernel.
+ This process is described in <xref
+ linkend="kernelconfig">.</para>
+
+ <para>Reboot into the new kernel.</para>
+ </step>
+ </procedure>
+ </sect2>
+
+
+ <sect2>
+ <title>Preparing the Encrypted Hard Drive</title>
+
+ <para>The following example assumes that you are adding a new hard
+ drive to your system that will hold a single encrypted partition.
+ This partition will be mounted as <filename>/private</filename>.
+ <application>gbde</application> can also be used to encrypt
+ <filename>/home</filename> and <filename>/var/mail</filename>, but
+ this requires more complex instructions which exceed the scope of
+ this introduction.</para>
+
+ <procedure>
+ <step>
+ <title>Add the New Hard Drive</title>
+
+ <para>Install the new drive to the system as explained in <xref
+ linkend="disks-adding">. For the purposes of this example,
+ a new hard drive partition has been added as
+ <filename>/dev/ad4s1c</filename>. The
+ <filename>/dev/ad0s1<replaceable>*</replaceable></filename>
+ devices represent existing standard FreeBSD partitions on
+ the example system.</para>
+
+ <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
+/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
+/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
+/dev/ad0s1a /dev/ad0s1d /dev/ad4</screen>
+ </step>
+
+ <step>
+ <title>Create a Directory to Hold gbde Lock Files</title>
+
+ <screen>&prompt.root; <userinput>mkdir /etc/gbde</userinput></screen>
+
+ <para>The <application>gbde</application> lock file contains
+ information that <application>gbde</application> requires to
+ access encrypted partitions. Without access to the lock file,
+ <application>gbde</application> will not be able to decrypt
+ the data contained in the encrypted partition without
+ significant manual intervention which is not supported by the
+ software. Each encrypted partition uses a separate lock
+ file.</para>
+ </step>
+
+ <step>
+ <title>Initialize the gbde Partition</title>
+
+ <para>A <application>gbde</application> partition must be
+ initialized before it can be used. This initialization needs to
+ be performed only once:</para>
+
+ <screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c</userinput></screen>
+
+ <para>&man.gbde.8; will open your editor, permitting you to set
+ various configuration options in a template. For use with UFS1
+ or UFS2, set the sector_size to 2048:</para>
+
+ <programlisting>$<!-- This is not the space you are looking
+for-->FreeBSD: src/sbin/gbde/template.txt,v 1.1 2002/10/20 11:16:13 phk Exp $
+#
+# Sector size is the smallest unit of data which can be read or written.
+# Making it too small decreases performance and decreases available space.
+# Making it too large may prevent filesystems from working. 512 is the
+# minimum and always safe. For UFS, use the fragment size
+#
+sector_size = 2048
+[...]
+</programlisting>
+
+ <para>&man.gbde.8; will ask you twice to type the passphrase that
+ should be used to secure the data. The passphrase must be the
+ same both times. <application>gbde</application>'s ability to
+ protect your data depends entirely on the quality of the
+ passphrase that you choose.
+ <footnote>
+ <para>For tips on how to select a secure passphrase that is easy
+ to remember, see the <ulink
+ url="http://world.std.com/~reinhold/diceware.html">Diceware
+ Passphrase</ulink> website.</para></footnote></para>
+
+ <para>The <command>gbde init</command> command creates a lock
+ file for your <application>gbde</application> partition that in
+ this example is stored as
+ <filename>/etc/gbde/ad4s1c</filename>.</para>
+
+ <caution>
+ <para><application>gbde</application> lock files
+ <emphasis>must</emphasis> be backed up together with the
+ contents of any encrypted partitions. While deleting a lock
+ file alone cannot prevent a determined attacker from
+ decrypting a <application>gbde</application> partition,
+ without the lock file, the legitimate owner will be unable
+ to access the data on the encrypted partition without a
+ significant amount of work that is totally unsupported by
+ &man.gbde.8; and its designer.</para>
+ </caution>
+ </step>
+
+ <step>
+ <title>Attach the Encrypted Partition to the Kernel</title>
+
+ <screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
+
+ <para> You will be asked to provide the passphrase that you
+ selected during the initialization of the encrypted partition.
+ The new encrypted device will show up in
+ <filename>/dev</filename> as
+ <filename>/dev/device_name.bde</filename>:</para>
+
+ <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
+/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
+/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
+/dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bde</screen>
+ </step>
+
+ <step>
+ <title>Create a File System on the Encrypted Device</title>
+
+ <para>Once the encrypted device has been attached to the kernel,
+ you can create a file system on the device. To create a file
+ system on the encrypted device, use &man.newfs.8;. Since it is
+ much faster to initialize a new UFS2 file system than it is to
+ initialize the old UFS1 file system, using &man.newfs.8; with
+ the <option>-O2</option> option is recommended.</para>
+
+ <note><para>The <option>-O2</option> option is the default
+ with &os;&nbsp;5.1-RELEASE and later.</para></note>
+
+ <screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
+
+ <note>
+ <para>The &man.newfs.8; command must be performed on an
+ attached <application>gbde</application> partition which
+ is identified by a
+ <filename><replaceable>*</replaceable>.bde</filename>
+ extension to the device name.</para>
+ </note>
+ </step>
+
+ <step>
+ <title>Mount the Encrypted Partition</title>
+
+ <para>Create a mount point for the encrypted file system.</para>
+
+ <screen>&prompt.root; <userinput>mkdir /private</userinput></screen>
+
+ <para>Mount the encrypted file system.</para>
+
+ <screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
+ </step>
+
+ <step>
+ <title>Verify That the Encrypted File System is Available</title>
+
+ <para>The encrypted file system should now be visible to
+ &man.df.1; and be available for use.</para>
+
+ <screen>&prompt.user; <userinput>df -H</userinput>
+Filesystem Size Used Avail Capacity Mounted on
+/dev/ad0s1a 1037M 72M 883M 8% /
+/devfs 1.0K 1.0K 0B 100% /dev
+/dev/ad0s1f 8.1G 55K 7.5G 0% /home
+/dev/ad0s1e 1037M 1.1M 953M 0% /tmp
+/dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr
+/dev/ad4s1c.bde 150G 4.1K 138G 0% /private</screen>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2>
+ <title>Mounting Existing Encrypted File Systems</title>
+
+ <para>After each boot, any encrypted file systems must be
+ re-attached to the kernel, checked for errors, and mounted, before
+ the file systems can be used. The required commands must be
+ executed as user <username>root</username>.</para>
+
+ <procedure>
+ <step>
+ <title>Attach the gbde Partition to the Kernel</title>
+
+ <screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
+
+ <para>You will be asked to provide the passphrase that you
+ selected during initialization of the encrypted gbde
+ partition.</para>
+ </step>
+
+ <step>
+ <title>Check the File System for Errors</title>
+
+ <para>Since encrypted file systems cannot yet be listed in
+ <filename>/etc/fstab</filename> for automatic mounting, the
+ file systems must be checked for errors by running &man.fsck.8;
+ manually before mounting.</para>
+
+ <screen>&prompt.root; <userinput>fsck -p -t ffs /dev/ad4s1c.bde</userinput></screen>
+ </step>
+
+ <step>
+ <title>Mount the Encrypted File System</title>
+
+ <screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
+
+ <para>The encrypted file system is now available for use.</para>
+ </step>
+ </procedure>
+
+ <sect3>
+ <title>Automatically Mounting Encrypted Partitions</title>
+
+ <para>It is possible to create a script to automatically attach,
+ check, and mount an encrypted partition, but for security reasons
+ the script should not contain the &man.gbde.8; password. Instead,
+ it is recommended that such scripts be run manually while
+ providing the password via the console or &man.ssh.1;.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Cryptographic Protections Employed by gbde</title>
+
+ <para>&man.gbde.8; encrypts the sector payload using 128-bit AES in
+ CBC mode. Each sector on the disk is encrypted with a different
+ AES key. For more information on <application>gbde</application>'s
+ cryptographic design, including how the sector keys are derived
+ from the user-supplied passphrase, see &man.gbde.4;.</para>
+ </sect2>
+
+ <sect2>
+ <title>Compatibility Issues</title>
+
+ <para>&man.sysinstall.8; is incompatible with
+ <application>gbde</application>-encrypted devices. All
+ <devicename><replaceable>*</replaceable>.bde</devicename> devices must be detached from the
+ kernel before starting &man.sysinstall.8; or it will crash during
+ its initial probing for devices. To detach the encrypted device
+ used in our example, use the following command:</para>
+ <screen>&prompt.root; <userinput>gbde detach /dev/ad4s1c</userinput></screen>
+
+ <para>Also note that, as &man.vinum.4; does not use the
+ &man.geom.4; subsystem, you cannot use
+ <application>gbde</application> with
+ <application>vinum</application> volumes.</para>
+ </sect2>
+
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/eresources/Makefile b/zh_TW.Big5/books/handbook/eresources/Makefile
new file mode 100644
index 0000000000..cb030a0162
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/eresources/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= eresources/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/eresources/chapter.sgml b/zh_TW.Big5/books/handbook/eresources/chapter.sgml
new file mode 100644
index 0000000000..01948bb231
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/eresources/chapter.sgml
@@ -0,0 +1,1750 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<appendix id="eresources">
+ <title>Resources on the Internet</title>
+
+ <para>The rapid pace of FreeBSD progress makes print media impractical as a
+ means of following the latest developments. Electronic resources are the
+ best, if not often the only, way stay informed of the latest advances.
+ Since FreeBSD is a volunteer effort, the user community itself also
+ generally serves as a <quote>technical support department</quote> of sorts,
+ with electronic mail and USENET news being the most effective way of
+ reaching that community.</para>
+
+ <para>The most important points of contact with the FreeBSD user community
+ are outlined below. If you are aware of other resources not mentioned
+ here, please send them to the &a.doc; so that they may also be
+ included.</para>
+
+ <sect1 id="eresources-mail">
+ <title>Mailing Lists</title>
+
+ <para>Though many of the FreeBSD development members read USENET, we
+ cannot always guarantee that we will get to your questions in a timely
+ fashion (or at all) if you post them only to one of the
+ <literal>comp.unix.bsd.freebsd.*</literal> groups. By addressing your
+ questions to the appropriate mailing list you will reach both us and a
+ concentrated FreeBSD audience, invariably assuring a better (or at least
+ faster) response.</para>
+
+ <para>The charters for the various lists are given at the bottom of this
+ document. <emphasis>Please read the charter before joining or sending
+ mail to any list</emphasis>. Most of our list subscribers now receive
+ many hundreds of FreeBSD related messages every day, and by setting down
+ charters and rules for proper use we are striving to keep the
+ signal-to-noise ratio of the lists high. To do less would see the
+ mailing lists ultimately fail as an effective communications medium for
+ the project.</para>
+
+ <para>When in doubt about what list to post a question to, see <ulink
+ url="&url.articles.freebsd-questions;">How to get best results from
+ the FreeBSD-questions mailing list</ulink>.</para>
+
+ <para>Before posting to any list, please learn about how to best use
+ the mailing lists, such as how to help avoid frequently-repeated
+ discussions, by reading the <ulink url="&url.articles.mailing-list-faq;">
+ Mailing List Frequently Asked Questions</ulink> (FAQ) document.</para>
+
+ <para>Archives are kept for all of the mailing lists and can be searched
+ using the <ulink url="&url.base;/search/index.html">FreeBSD World
+ Wide Web server</ulink>. The keyword searchable archive offers an
+ excellent way of finding answers to frequently asked questions and
+ should be consulted before posting a question.</para>
+
+ <sect2 id="eresources-summary">
+ <title>List Summary</title>
+
+ <para><emphasis>General lists:</emphasis> The following are general
+ lists which anyone is free (and encouraged) to join:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>List</entry>
+ <entry>Purpose</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>&a.cvsall.name;</entry>
+ <entry>Changes made to the FreeBSD source tree</entry>
+ </row>
+
+ <row>
+ <entry>&a.advocacy.name;</entry>
+ <entry>FreeBSD Evangelism</entry>
+ </row>
+
+ <row>
+ <entry>&a.announce.name;</entry>
+ <entry>Important events and project milestones</entry>
+ </row>
+
+ <row>
+ <entry>&a.arch.name;</entry>
+ <entry>Architecture and design discussions</entry>
+ </row>
+
+ <row>
+ <entry>&a.bugbusters.name;</entry>
+ <entry>Discussions pertaining to the maintenance of the FreeBSD
+ problem report database and related tools</entry>
+ </row>
+
+ <row>
+ <entry>&a.bugs.name;</entry>
+ <entry>Bug reports</entry>
+ </row>
+
+ <row>
+ <entry>&a.chat.name;</entry>
+ <entry>Non-technical items related to the FreeBSD
+ community</entry>
+ </row>
+
+ <row>
+ <entry>&a.current.name;</entry>
+ <entry>Discussion concerning the use of
+ &os.current;</entry>
+ </row>
+
+ <row>
+ <entry>&a.isp.name;</entry>
+ <entry>Issues for Internet Service Providers using
+ FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.jobs.name;</entry>
+ <entry>FreeBSD employment and consulting
+ opportunities</entry>
+ </row>
+
+ <row>
+ <entry>&a.policy.name;</entry>
+ <entry>FreeBSD Core team policy decisions. Low volume, and
+ read-only</entry>
+ </row>
+
+ <row>
+ <entry>&a.questions.name;</entry>
+ <entry>User questions and technical support</entry>
+ </row>
+
+ <row>
+ <entry>&a.security-notifications.name;</entry>
+ <entry>Security notifications</entry>
+ </row>
+
+ <row>
+ <entry>&a.stable.name;</entry>
+ <entry>Discussion concerning the use of
+ &os.stable;</entry>
+ </row>
+
+ <row>
+ <entry>&a.test.name;</entry>
+ <entry>Where to send your test messages instead of one of
+ the actual lists</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para><emphasis>Technical lists:</emphasis> The following lists are for
+ technical discussion. You should read the charter for each list
+ carefully before joining or sending mail to one as there are firm
+ guidelines for their use and content.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>List</entry>
+ <entry>Purpose</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>&a.acpi.name;</entry>
+ <entry>ACPI and power management development</entry>
+ </row>
+
+ <row>
+ <entry>&a.afs.name;</entry>
+ <entry>Porting AFS to FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.aic7xxx.name;</entry>
+ <entry>Developing drivers for the &adaptec; AIC 7xxx</entry>
+ </row>
+
+ <row>
+ <entry>&a.alpha.name;</entry>
+ <entry>Porting FreeBSD to the Alpha</entry>
+ </row>
+
+ <row>
+ <entry>&a.amd64.name;</entry>
+ <entry>Porting FreeBSD to AMD64 systems</entry>
+ </row>
+
+ <row>
+ <entry>&a.apache.name;</entry>
+ <entry>Discussion about <application>Apache</application> related ports</entry>
+ </row>
+
+ <row>
+ <entry>&a.arm.name;</entry>
+ <entry>Porting FreeBSD to &arm; processors</entry>
+ </row>
+
+ <row>
+ <entry>&a.atm.name;</entry>
+ <entry>Using ATM networking with FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.audit.name;</entry>
+ <entry>Source code audit project</entry>
+ </row>
+
+ <row>
+ <entry>&a.binup.name;</entry>
+ <entry>Design and development of the binary update system</entry>
+ </row>
+
+ <row>
+ <entry>&a.bluetooth.name;</entry>
+ <entry>Using &bluetooth; technology in FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.cluster.name;</entry>
+ <entry>Using FreeBSD in a clustered environment</entry>
+ </row>
+
+ <row>
+ <entry>&a.cvsweb.name;</entry>
+ <entry>CVSweb maintenance</entry>
+ </row>
+
+ <row>
+ <entry>&a.database.name;</entry>
+ <entry>Discussing database use and development under
+ FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.doc.name;</entry>
+ <entry>Creating FreeBSD related documents</entry>
+ </row>
+
+ <row>
+ <entry>&a.drivers.name;</entry>
+ <entry>Writing device drivers for &os;</entry>
+ </row>
+
+ <row>
+ <entry>&a.eclipse.name;</entry>
+ <entry>FreeBSD users of Eclipse IDE, tools, rich client
+ applications and ports.</entry>
+ </row>
+
+ <row>
+ <entry>&a.emulation.name;</entry>
+ <entry>Emulation of other systems such as
+ Linux/&ms-dos;/&windows;</entry>
+ </row>
+
+ <row>
+ <entry>&a.firewire.name;</entry>
+ <entry>FreeBSD &firewire; (iLink, IEEE 1394) technical
+ discussion</entry>
+ </row>
+
+ <row>
+ <entry>&a.fs.name;</entry>
+ <entry>File systems</entry>
+ </row>
+
+ <row>
+ <entry>&a.geom.name;</entry>
+ <entry>GEOM-specific discussions and implementations</entry>
+ </row>
+
+ <row>
+ <entry>&a.gnome.name;</entry>
+ <entry>Porting <application>GNOME</application> and <application>GNOME</application> applications</entry>
+ </row>
+
+ <row>
+ <entry>&a.hackers.name;</entry>
+ <entry>General technical discussion</entry>
+ </row>
+
+ <row>
+ <entry>&a.hardware.name;</entry>
+ <entry>General discussion of hardware for running
+ FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.i18n.name;</entry>
+ <entry>FreeBSD Internationalization</entry>
+ </row>
+
+ <row>
+ <entry>&a.ia32.name;</entry>
+ <entry>FreeBSD on the IA-32 (&intel; x86) platform</entry>
+ </row>
+
+ <row>
+ <entry>&a.ia64.name;</entry>
+ <entry>Porting FreeBSD to &intel;'s upcoming IA64 systems</entry>
+ </row>
+
+ <row>
+ <entry>&a.ipfw.name;</entry>
+ <entry>Technical discussion concerning the redesign of the IP
+ firewall code</entry>
+ </row>
+
+ <row>
+ <entry>&a.isdn.name;</entry>
+ <entry>ISDN developers</entry>
+ </row>
+
+ <row>
+ <entry>&a.java.name;</entry>
+ <entry>&java; developers and people porting &jdk;s to
+ FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.kde.name;</entry>
+ <entry>Porting <application>KDE</application> and <application>KDE</application> applications</entry>
+ </row>
+
+ <row>
+ <entry>&a.lfs.name;</entry>
+ <entry>Porting LFS to FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.libh.name;</entry>
+ <entry>The second generation installation and package
+ system</entry>
+ </row>
+
+ <row>
+ <entry>&a.mips.name;</entry>
+ <entry>Porting FreeBSD to &mips;</entry>
+ </row>
+
+ <row>
+ <entry>&a.mobile.name;</entry>
+ <entry>Discussions about mobile computing</entry>
+ </row>
+
+ <row>
+ <entry>&a.mozilla.name;</entry>
+ <entry>Porting <application>Mozilla</application> to FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.multimedia.name;</entry>
+ <entry>Multimedia applications</entry>
+ </row>
+
+ <row>
+ <entry>&a.newbus.name;</entry>
+ <entry>Technical discussions about bus architecture</entry>
+ </row>
+
+ <row>
+ <entry>&a.net.name;</entry>
+ <entry>Networking discussion and TCP/IP source code</entry>
+ </row>
+
+ <row>
+ <entry>&a.openoffice.name;</entry>
+ <entry>Porting <application>OpenOffice.org</application> and
+ <application>&staroffice;</application> to FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.performance.name;</entry>
+ <entry>Performance tuning questions for high
+ performance/load installations</entry>
+ </row>
+
+ <row>
+ <entry>&a.perl.name;</entry>
+ <entry>Maintenance of a number of
+ Perl-related ports</entry>
+ </row>
+
+ <row>
+ <entry>&a.pf.name;</entry>
+ <entry>Discussion and questions about the packet filter
+ firewall system</entry>
+ </row>
+
+ <row>
+ <entry>&a.platforms.name;</entry>
+ <entry>Concerning ports to non &intel; architecture
+ platforms</entry>
+ </row>
+
+ <row>
+ <entry>&a.ports.name;</entry>
+ <entry>Discussion of the Ports Collection</entry>
+ </row>
+
+ <row>
+ <entry>&a.ports-bugs.name;</entry>
+ <entry>Discussion of the ports bugs/PRs</entry>
+ </row>
+
+ <row>
+ <entry>&a.ppc.name;</entry>
+ <entry>Porting FreeBSD to the &powerpc;</entry>
+ </row>
+
+ <row>
+ <entry>&a.proliant.name;</entry>
+ <entry>Technical discussion of FreeBSD on HP ProLiant server platforms</entry>
+ </row>
+
+ <row>
+ <entry>&a.python.name;</entry>
+ <entry>FreeBSD-specific Python issues</entry>
+ </row>
+
+ <row>
+ <entry>&a.qa.name;</entry>
+ <entry>Discussion of Quality Assurance, usually pending a release</entry>
+ </row>
+
+ <row>
+ <entry>&a.rc.name;</entry>
+ <entry>Discussion related to the <filename>rc.d</filename> system and its development</entry>
+ </row>
+
+ <row>
+ <entry>&a.realtime.name;</entry>
+ <entry>Development of realtime extensions to FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.scsi.name;</entry>
+ <entry>The SCSI subsystem</entry>
+ </row>
+
+ <row>
+ <entry>&a.security.name;</entry>
+ <entry>Security issues affecting FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.small.name;</entry>
+ <entry>Using FreeBSD in embedded applications</entry>
+ </row>
+
+ <row>
+ <entry>&a.smp.name;</entry>
+ <entry>Design discussions for [A]Symmetric
+ MultiProcessing</entry>
+ </row>
+
+ <row>
+ <entry>&a.sparc.name;</entry>
+ <entry>Porting FreeBSD to &sparc; based systems</entry>
+ </row>
+
+ <row>
+ <entry>&a.standards.name;</entry>
+ <entry>FreeBSD's conformance to the C99 and the &posix;
+ standards</entry>
+ </row>
+
+ <row>
+ <entry>&a.threads.name;</entry>
+ <entry>Threading in FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.testing.name;</entry>
+ <entry>FreeBSD Performance and Stability Tests</entry>
+ </row>
+
+ <row>
+ <entry>&a.tokenring.name;</entry>
+ <entry>Support Token Ring in FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>&a.usb.name;</entry>
+ <entry>Discussing &os; support for USB</entry>
+ </row>
+
+ <row>
+ <entry>&a.vuxml.name;</entry>
+ <entry>Discussion on VuXML infrastructure</entry>
+ </row>
+
+ <row>
+ <entry>&a.x11.name;</entry>
+ <entry>Maintenance and support of X11 on FreeBSD</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para><emphasis>Limited lists:</emphasis> The following lists are for
+ more specialized (and demanding) audiences and are probably not of
+ interest to the general public. It is also a good idea to establish a
+ presence in the technical lists before joining one of these limited
+ lists so that you will understand the communications etiquette involved.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>List</entry>
+ <entry>Purpose</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>&a.hubs.name;</entry>
+ <entry>People running mirror sites (infrastructural
+ support)</entry>
+ </row>
+
+ <row>
+ <entry>&a.usergroups.name;</entry>
+ <entry>User group coordination</entry>
+ </row>
+
+ <row>
+ <entry>&a.vendors.name;</entry>
+ <entry>Vendors pre-release coordination</entry>
+ </row>
+
+ <row>
+ <entry>&a.www.name;</entry>
+ <entry>Maintainers of <ulink url="&url.base;/index.html">www.FreeBSD.org</ulink></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para><emphasis>Digest lists:</emphasis> All of the above lists
+ are available in a digest format. Once subscribed to a list,
+ you can change your digest options in your account options
+ section.</para>
+
+ <para><emphasis>CVS lists:</emphasis> The following lists are for people
+ interested in seeing the log messages for changes to various areas of
+ the source tree. They are <emphasis>Read-Only</emphasis> lists and
+ should not have mail sent to them.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>List</entry>
+ <entry>Source area</entry>
+ <entry>Area Description (source for)</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>&a.cvsall.name;</entry>
+ <entry><filename>/usr/(CVSROOT|doc|ports|projects|src)</filename></entry>
+ <entry>All changes to any place in the tree (superset of other CVS commit lists)</entry>
+ </row>
+
+ <row>
+ <entry>&a.cvs-doc.name;</entry>
+ <entry><filename>/usr/(doc|www)</filename></entry>
+ <entry>All changes to the doc and www trees</entry>
+ </row>
+
+ <row>
+ <entry>&a.cvs-ports.name;</entry>
+ <entry><filename>/usr/ports</filename></entry>
+ <entry>All changes to the ports tree</entry>
+ </row>
+
+ <row>
+ <entry>&a.cvs-projects.name;</entry>
+ <entry><filename>/usr/projects</filename></entry>
+ <entry>All changes to the projects tree</entry>
+ </row>
+
+ <row>
+ <entry>&a.cvs-src.name;</entry>
+ <entry><filename>/usr/src</filename></entry>
+ <entry>All changes to the src tree</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
+ <sect2 id="eresources-subscribe">
+ <title>How to Subscribe</title>
+
+ <para>To subscribe to a list, click on the list name above or
+ go to &a.mailman.lists.link;
+ and click on the list that you are interested in. The list
+ page should contain all of the necessary subscription
+ instructions.</para>
+
+ <para>To actually post to a given list you simply send mail to
+ <email><replaceable>listname</replaceable>@FreeBSD.org</email>. It will then
+ be redistributed to mailing list members world-wide.</para>
+
+ <para>To unsubscribe yourself from a list, click on the URL
+ found at the bottom of every email received from the list. It
+ is also possible to send an email to
+ <email><replaceable>listname</replaceable>-unsubscribe@FreeBSD.org</email> to unsubscribe
+ yourself.</para>
+
+ <para>Again, we would like to request that you keep discussion in the
+ technical mailing lists on a technical track. If you are only
+ interested in important announcements then it is suggested that
+ you join the &a.announce;, which is intended only for infrequent
+ traffic.</para>
+ </sect2>
+
+ <sect2 id="eresources-charters">
+ <title>List Charters</title>
+
+ <para><emphasis>All</emphasis> FreeBSD mailing lists have certain basic
+ rules which must be adhered to by anyone using them. Failure to comply
+ with these guidelines will result in two (2) written warnings from the
+ FreeBSD Postmaster <email>postmaster@FreeBSD.org</email>, after which,
+ on a third offense, the poster will removed from all FreeBSD mailing
+ lists and filtered from further posting to them. We regret that such
+ rules and measures are necessary at all, but today's Internet is a
+ pretty harsh environment, it would seem, and many fail to appreciate
+ just how fragile some of its mechanisms are.</para>
+
+ <para>Rules of the road:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The topic of any posting should adhere to the basic charter of
+ the list it is posted to, e.g. if the list is about technical
+ issues then your posting should contain technical discussion.
+ Ongoing irrelevant chatter or flaming only detracts from the value
+ of the mailing list for everyone on it and will not be tolerated.
+ For free-form discussion on no particular topic, the &a.chat;
+ is freely available and should be used instead.</para>
+ </listitem>
+
+ <listitem>
+ <para>No posting should be made to more than 2 mailing lists, and
+ only to 2 when a clear and obvious need to post to both lists
+ exists. For most lists, there is already a great deal of
+ subscriber overlap and except for the most esoteric mixes (say
+ <quote>-stable &amp; -scsi</quote>), there really is no reason to post to more
+ than one list at a time. If a message is sent to you in such a
+ way that multiple mailing lists appear on the
+ <literal>Cc</literal> line then the <literal>Cc</literal>
+ line should also be trimmed before sending it out again.
+ <emphasis>You are still responsible for your
+ own cross-postings, no matter who the originator might have
+ been.</emphasis></para>
+ </listitem>
+
+ <listitem>
+ <para>Personal attacks and profanity (in the context of an argument)
+ are not allowed, and that includes users and developers alike.
+ Gross breaches of netiquette, like excerpting or reposting private
+ mail when permission to do so was not and would not be
+ forthcoming, are frowned upon but not specifically enforced.
+ <emphasis>However</emphasis>, there are also very few cases where
+ such content would fit within the charter of a list and it would
+ therefore probably rate a warning (or ban) on that basis
+ alone.</para>
+ </listitem>
+
+ <listitem>
+ <para>Advertising of non-FreeBSD related products or services is
+ strictly prohibited and will result in an immediate ban if it is
+ clear that the offender is advertising by spam.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><emphasis>Individual list charters:</emphasis></para>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>&a.acpi.name;</term>
+
+ <listitem>
+ <para><emphasis>ACPI and power management
+ development</emphasis></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.afs.name;</term>
+
+ <listitem>
+ <para><emphasis>Andrew File System</emphasis></para>
+
+ <para>This list is for discussion on porting and using AFS from
+ CMU/Transarc</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.announce.name;</term>
+
+ <listitem>
+ <para><emphasis>Important events / milestones</emphasis></para>
+
+ <para>This is the mailing list for people interested only in
+ occasional announcements of significant FreeBSD events. This
+ includes announcements about snapshots and other releases. It
+ contains announcements of new FreeBSD capabilities. It may
+ contain calls for volunteers etc. This is a low volume, strictly
+ moderated mailing list.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.arch.name;</term>
+
+ <listitem>
+ <para><emphasis>Architecture and design
+ discussions</emphasis></para>
+
+ <para>This list is for discussion of the FreeBSD
+ architecture. Messages will mostly be kept strictly
+ technical in nature. Examples of suitable topics
+ are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to re-vamp the build system to have several
+ customized builds running at the same time.</para>
+ </listitem>
+
+ <listitem>
+ <para>What needs to be fixed with VFS to make Heidemann layers
+ work.</para>
+ </listitem>
+
+ <listitem>
+ <para>How do we change the device driver interface to be able
+ to use the same drivers cleanly on many buses and
+ architectures.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to write a network driver.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.audit.name;</term>
+
+ <listitem>
+ <para><emphasis>Source code audit project</emphasis></para>
+
+ <para>This is the mailing list for the FreeBSD source code
+ audit project. Although this was originally intended for
+ security-related changes, its charter has been expanded to
+ review any code changes.</para>
+
+ <para>This list is very heavy on patches, and is probably of no
+ interest to the average FreeBSD user. Security discussions
+ not related to a particular code change are held on
+ freebsd-security. Conversely, all developers are encouraged
+ to send their patches here for review, especially if they
+ touch a part of the system where a bug may adversely affect
+ the integrity of the system.</para>
+
+<!-- I can't actually find a charter for this, but there's this email: http://www.FreeBSD.org/cgi/getmsg.cgi?fetch=223347+225804+/usr/local/www/db/text/2000/cvs-all/20001210.cvs-all -->
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.binup.name;</term>
+
+ <listitem>
+ <para><emphasis>FreeBSD Binary Update Project</emphasis></para>
+
+ <para>This list exists to provide discussion for the binary
+ update system, or <application>binup</application>.
+ Design issues, implementation details,
+ patches, bug reports, status reports, feature requests, commit
+ logs, and all other things related to
+ <application>binup</application> are fair game.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.bluetooth.name;</term>
+
+ <listitem>
+ <para><emphasis>&bluetooth; in FreeBSD</emphasis></para>
+
+ <para>This is the forum where FreeBSD's &bluetooth; users
+ congregate. Design issues, implementation details,
+ patches, bug reports, status reports, feature requests,
+ and all matters related to &bluetooth; are fair
+ game.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.bugbusters.name;</term>
+
+ <listitem>
+ <para><emphasis>Coordination of the Problem Report handling effort</emphasis></para>
+
+ <para>The purpose of this list is to serve as a coordination and
+ discussion forum for the Bugmeister, his Bugbusters, and any other
+ parties who have a genuine interest in the PR database. This list
+ is not for discussions about specific bugs, patches or PRs.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.bugs.name;</term>
+
+ <listitem>
+ <para><emphasis>Bug reports</emphasis></para>
+
+ <para>This is the mailing list for reporting bugs in FreeBSD.
+ Whenever possible, bugs should be submitted using the
+ &man.send-pr.1;
+ command or the <ulink
+ url="&url.base;/send-pr.html">WEB
+ interface</ulink> to it.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.chat.name;</term>
+
+ <listitem>
+ <para><emphasis>Non technical items related to the FreeBSD
+ community</emphasis></para>
+
+ <para>This list contains the overflow from the other lists about
+ non-technical, social information. It includes discussion about
+ whether Jordan looks like a toon ferret or not, whether or not
+ to type in capitals, who is drinking too much coffee, where the
+ best beer is brewed, who is brewing beer in their basement, and
+ so on. Occasional announcements of important events (such as
+ upcoming parties, weddings, births, new jobs, etc) can be made
+ to the technical lists, but the follow ups should be directed to
+ this -chat list.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.core.name;</term>
+
+ <listitem>
+ <para><emphasis>FreeBSD core team</emphasis></para>
+
+ <para>This is an internal mailing list for use by the core
+ members. Messages can be sent to it when a serious
+ FreeBSD-related matter requires arbitration or high-level
+ scrutiny.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.current.name;</term>
+
+ <listitem>
+ <para><emphasis>Discussions about the use of
+ &os.current;</emphasis></para>
+
+ <para>This is the mailing list for users of &os.current;. It
+ includes warnings about new features coming out in -CURRENT that
+ will affect the users, and instructions on steps that must be
+ taken to remain -CURRENT. Anyone running <quote>CURRENT</quote>
+ must subscribe to this list. This is a technical mailing list
+ for which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.cvsweb.name;</term>
+
+ <listitem>
+ <para><emphasis>FreeBSD CVSweb Project</emphasis></para>
+
+ <para>Technical discussions about use, development and maintenance
+ of FreeBSD-CVSweb.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.doc.name;</term>
+
+ <listitem>
+ <para><emphasis>Documentation project</emphasis></para>
+
+ <para>This mailing list is for the discussion of issues and
+ projects related to the creation of documentation for FreeBSD.
+ The members of this mailing list are collectively referred to as
+ <quote>The FreeBSD Documentation Project</quote>. It is an open
+ list; feel free to join and contribute!</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.drivers.name;</term>
+
+ <listitem>
+ <para><emphasis>Writing device drivers for &os;</emphasis></para>
+
+ <para>This is a forum for technical discussions related to
+ device drivers on &os;. It is primarily a place
+ for device driver writers to ask questions about
+ how to write device drivers using the APIs in the
+ &os; kernel.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.eclipse.name;</term>
+
+ <listitem>
+ <para><emphasis>&os; users of Eclipse IDE, tools, rich
+ client applications and ports.</emphasis></para>
+
+ <para>The intention of this list is to provide mutual
+ support for everything to do with choosing, installing,
+ using, developing and maintaining the Eclipse IDE,
+ tools, rich client applications on the &os; platform and
+ assisting with the porting of Eclipse IDE and plugins to
+ the &os; environment.</para>
+
+ <para>The intention is also to facilitate exchange of
+ information between the Eclipse community and the &os;
+ community to the mutual benefit of both.</para>
+
+ <para>Although this list is focused primarily on the needs
+ of Eclipse users it will also provide a forum for those
+ who would like to develop &os; specific applications
+ using the Eclipse framework.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.emulation.name;</term>
+
+ <listitem>
+ <para><emphasis>Emulation of other systems such as
+ Linux/&ms-dos;/&windows;</emphasis></para>
+
+ <para>This is a forum for technical discussions related to
+ running programs written for other operating systems on &os;.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.firewire.name;</term>
+
+ <listitem>
+ <para><emphasis>&firewire; (iLink, IEEE 1394)</emphasis></para>
+
+ <para>This is a mailing list for discussion of the design
+ and implementation of a &firewire; (aka IEEE 1394 aka
+ iLink) subsystem for FreeBSD. Relevant topics
+ specifically include the standards, bus devices and
+ their protocols, adapter boards/cards/chips sets, and
+ the architecture and implementation of code for their
+ proper support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.fs.name;</term>
+
+ <listitem>
+ <para><emphasis>File systems</emphasis></para>
+
+ <para>Discussions concerning FreeBSD file systems. This is a
+ technical mailing list for which strictly technical content is
+ expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.geom.name;</term>
+
+ <listitem>
+ <para><emphasis>GEOM</emphasis></para>
+
+ <para>Discussions specific to GEOM and related implementations.
+ This is a technical mailing list for which strictly technical
+ content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.gnome.name;</term>
+
+ <listitem>
+ <para><emphasis>GNOME</emphasis></para>
+
+ <para>Discussions concerning The <application>GNOME</application> Desktop Environment for
+ FreeBSD systems. This is a technical mailing list for
+ which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.ipfw.name;</term>
+
+ <listitem>
+ <para><emphasis>IP Firewall</emphasis></para>
+
+ <para>This is the forum for technical discussions concerning the
+ redesign of the IP firewall code in FreeBSD. This is a
+ technical mailing list for which strictly technical content is
+ expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.ia64.name;</term>
+
+ <listitem>
+ <para><emphasis>Porting FreeBSD to IA64</emphasis></para>
+
+ <para>This is a technical mailing list for individuals
+ actively working on porting FreeBSD to the IA-64 platform
+ from &intel;, to bring up problems or discuss alternative
+ solutions. Individuals interested in following the
+ technical discussion are also welcome.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.isdn.name;</term>
+
+ <listitem>
+ <para><emphasis>ISDN Communications</emphasis></para>
+
+ <para>This is the mailing list for people discussing the
+ development of ISDN support for FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.java.name;</term>
+
+ <listitem>
+ <para><emphasis>&java; Development</emphasis></para>
+
+ <para>This is the mailing list for people discussing the
+ development of significant &java; applications for FreeBSD and the
+ porting and maintenance of &jdk;s.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="eresources-charters-jobs">
+ <term>&a.jobs.name;</term>
+
+ <listitem>
+ <para><emphasis>Jobs offered and sought</emphasis></para>
+
+ <para>This is a forum for posting employment notices and
+ resumes specifically related to &os;, e.g. if you are
+ seeking &os;-related employment or have a job involving
+ &os; to advertise then this is the right place. This is
+ <emphasis>not</emphasis> a mailing list for general
+ employment issues since adequate forums for that
+ already exist elsewhere.</para>
+
+ <para>Note that this list, like other <hostid role="domainname">FreeBSD.org</hostid> mailing
+ lists, is distributed worldwide. Thus, you need to be
+ clear about location and the extent to which
+ telecommuting or assistance with relocation is
+ available.</para>
+
+ <para>Email should use open formats only &mdash;
+ preferably plain text, but basic Portable Document
+ Format (<acronym>PDF</acronym>), HTML, and a few others
+ are acceptable to many readers. Closed formats such as
+ &microsoft; Word (<filename>.doc</filename>) will be
+ rejected by the mailing list server.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.kde.name;</term>
+
+ <listitem>
+ <para><emphasis>KDE</emphasis></para>
+
+ <para>Discussions concerning <application>KDE</application> on
+ FreeBSD systems. This is a technical mailing list for
+ which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.hackers.name;</term>
+
+ <listitem>
+ <para><emphasis>Technical discussions</emphasis></para>
+
+ <para>This is a forum for technical discussions related to
+ FreeBSD. This is the primary technical mailing list. It is for
+ individuals actively working on FreeBSD, to bring up problems or
+ discuss alternative solutions. Individuals interested in
+ following the technical discussion are also welcome. This is a
+ technical mailing list for which strictly technical content is
+ expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.hardware.name;</term>
+
+ <listitem>
+ <para><emphasis>General discussion of FreeBSD
+ hardware</emphasis></para>
+
+ <para>General discussion about the types of hardware that FreeBSD
+ runs on, various problems and suggestions concerning what to buy
+ or avoid.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.hubs.name;</term>
+
+ <listitem>
+ <para><emphasis>Mirror sites</emphasis></para>
+
+ <para>Announcements and discussion for people who run FreeBSD
+ mirror sites.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.isp.name;</term>
+
+ <listitem>
+ <para><emphasis>Issues for Internet Service
+ Providers</emphasis></para>
+
+ <para>This mailing list is for discussing topics relevant to
+ Internet Service Providers (ISPs) using FreeBSD. This is a
+ technical mailing list for which strictly technical content is
+ expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.openoffice.name;</term>
+
+ <listitem>
+ <para><emphasis>OpenOffice.org</emphasis></para>
+
+ <para>Discussions concerning the porting and maintenance
+ of <application>OpenOffice.org</application> and
+ <application>&staroffice;</application>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.performance.name;</term>
+
+ <listitem>
+ <para><emphasis>Discussions about tuning or speeding up FreeBSD</emphasis></para>
+
+ <para>This mailing list exists to provide a place for
+ hackers, administrators, and/or concerned parties to
+ discuss performance related topics pertaining to
+ FreeBSD. Acceptable topics includes talking about
+ FreeBSD installations that are either under high load,
+ are experiencing performance problems, or are pushing
+ the limits of FreeBSD. Concerned parties that are
+ willing to work toward improving the performance of
+ FreeBSD are highly encouraged to subscribe to this list.
+ This is a highly technical list ideally suited for
+ experienced FreeBSD users, hackers, or administrators
+ interested in keeping FreeBSD fast, robust, and
+ scalable. This list is not a question-and-answer list
+ that replaces reading through documentation, but it is a
+ place to make contributions or inquire about unanswered
+ performance related topics.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.pf.name;</term>
+
+ <listitem>
+ <para><emphasis>Discussion and questions about the packet filter
+ firewall system</emphasis></para>
+
+ <para>Discussion concerning the packet filter (pf) firewall
+ system in terms of FreeBSD. Technical discussion and user
+ questions are both welcome. This list is also a place to
+ discuss the ALTQ QoS framework.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.platforms.name;</term>
+
+ <listitem>
+ <para><emphasis>Porting to Non &intel; platforms</emphasis></para>
+
+ <para>Cross-platform FreeBSD issues, general discussion and
+ proposals for non &intel; FreeBSD ports. This is a technical
+ mailing list for which strictly technical content is
+ expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.policy.name;</term>
+
+ <listitem>
+ <para><emphasis>Core team policy decisions</emphasis></para>
+
+ <para>This is a low volume, read-only mailing list for FreeBSD
+ Core Team Policy decisions.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.ports.name;</term>
+
+ <listitem>
+ <para><emphasis>Discussion of
+ <quote>ports</quote></emphasis></para>
+
+ <para>Discussions concerning FreeBSD's <quote>ports
+ collection</quote> (<filename>/usr/ports</filename>), ports infrastructure, and
+ general ports coordination efforts. This is a technical mailing list
+ for which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.ports-bugs.name;</term>
+
+ <listitem>
+ <para><emphasis>Discussion of
+ <quote>ports</quote> bugs</emphasis></para>
+
+ <para>Discussions concerning problem reports for FreeBSD's <quote>ports
+ collection</quote> (<filename>/usr/ports</filename>), proposed
+ ports, or modifications to ports. This is a technical mailing list
+ for which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.proliant.name;</term>
+
+ <listitem>
+ <para><emphasis>Technical discussion of FreeBSD on HP
+ ProLiant server platforms</emphasis></para>
+
+ <para>This mailing list is to be used for the technical
+ discussion of the usage of FreeBSD on HP ProLiant servers,
+ including the discussion of ProLiant-specific drivers,
+ management software, configuration tools, and BIOS
+ updates. As such, this is the primary place to discuss
+ the hpasmd, hpasmcli, and hpacucli modules.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.python.name;</term>
+
+ <listitem>
+ <para><emphasis>Python on FreeBSD</emphasis></para>
+
+ <para>This is a list for discussions related to improving Python-support
+ on FreeBSD. This is a technical mailing list. It is for individuals
+ working on porting Python, its 3rd party modules and <application>Zope</application> stuff to
+ FreeBSD. Individuals interested in following the technical discussion
+ are also welcome.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.questions.name;</term>
+
+ <listitem>
+ <para><emphasis>User questions</emphasis></para>
+
+ <para>This is the mailing list for questions about FreeBSD. You
+ should not send <quote>how to</quote> questions to the technical
+ lists unless you consider the question to be pretty
+ technical.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.scsi.name;</term>
+
+ <listitem>
+ <para><emphasis>SCSI subsystem</emphasis></para>
+
+ <para>This is the mailing list for people working on the SCSI
+ subsystem for FreeBSD. This is a technical mailing list for
+ which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.security.name;</term>
+
+ <listitem>
+ <para><emphasis>Security issues</emphasis></para>
+
+ <para>FreeBSD computer security issues (DES, Kerberos, known
+ security holes and fixes, etc). This is a technical mailing
+ list for which strictly technical discussion is expected. Note
+ that this is not a question-and-answer list, but that
+ contributions (BOTH question AND answer) to the FAQ are
+ welcome.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.security-notifications.name;</term>
+
+ <listitem>
+ <para><emphasis>Security Notifications</emphasis></para>
+
+ <para>Notifications of FreeBSD security problems and
+ fixes. This is not a discussion list. The discussion
+ list is FreeBSD-security.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.small.name;</term>
+
+ <listitem>
+ <para><emphasis>Using FreeBSD in embedded
+ applications</emphasis></para>
+
+ <para>This list discusses topics related to unusually small and
+ embedded FreeBSD installations. This is a technical mailing
+ list for which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.stable.name;</term>
+
+ <listitem>
+ <para><emphasis>Discussions about the use of
+ &os.stable;</emphasis></para>
+
+ <para>This is the mailing list for users of &os.stable;. It
+ includes warnings about new features coming out in -STABLE that
+ will affect the users, and instructions on steps that must be
+ taken to remain -STABLE. Anyone running <quote>STABLE</quote>
+ should subscribe to this list. This is a technical mailing list
+ for which strictly technical content is expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.standards.name;</term>
+
+ <listitem>
+ <para><emphasis>C99 &amp; POSIX Conformance</emphasis></para>
+
+ <para>This is a forum for technical discussions related to
+ FreeBSD Conformance to the C99 and the POSIX standards.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.usb.name;</term>
+
+ <listitem>
+ <para><emphasis>Discussing &os; support for
+ USB</emphasis></para>
+
+ <para>This is a mailing list for technical discussions
+ related to &os; support for USB.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.usergroups.name;</term>
+
+ <listitem>
+ <para><emphasis>User Group Coordination List</emphasis></para>
+
+ <para>This is the mailing list for the coordinators from each of
+ the local area Users Groups to discuss matters with each other
+ and a designated individual from the Core Team. This mail list
+ should be limited to meeting synopsis and coordination of
+ projects that span User Groups.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&a.vendors.name;</term>
+
+ <listitem>
+ <para><emphasis>Vendors</emphasis></para>
+
+ <para>Coordination discussions between The FreeBSD Project and
+ Vendors of software and hardware for FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </sect2>
+ <sect2 id="eresources-mailfiltering">
+ <title>Filtering on the Mailing Lists</title>
+
+ <para>The &os; mailing lists are filtered in multiple ways to
+ avoid the distribution of spam, viruses, and other unwanted emails.
+ The filtering actions described in this section do not include all
+ those used to protect the mailing lists.</para>
+
+ <para>Only certain types of attachments are allowed on the
+ mailing lists. All attachments with a MIME content type not
+ found in the list below will be stripped before an email is
+ distributed on the mailing lists.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>application/octet-stream</para>
+ </listitem>
+
+ <listitem>
+ <para>application/pdf</para>
+ </listitem>
+
+ <listitem>
+ <para>application/pgp-signature</para>
+ </listitem>
+
+ <listitem>
+ <para>application/x-pkcs7-signature</para>
+ </listitem>
+
+ <listitem>
+ <para>message/rfc822</para>
+ </listitem>
+
+ <listitem>
+ <para>multipart/alternative</para>
+ </listitem>
+
+ <listitem>
+ <para>multipart/related</para>
+ </listitem>
+
+ <listitem>
+ <para>multipart/signed</para>
+ </listitem>
+
+ <listitem>
+ <para>text/html</para>
+ </listitem>
+
+ <listitem>
+ <para>text/plain</para>
+ </listitem>
+
+ <listitem>
+ <para>text/x-diff</para>
+ </listitem>
+
+ <listitem>
+ <para>text/x-patch</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <para>Some of the mailing lists might allow attachments of
+ other MIME content types, but the above list should be
+ applicable for most of the mailing lists.</para>
+ </note>
+
+ <para>If an email contains both an HTML and a plain text version,
+ the HTML version will be removed. If an email contains only an
+ HTML version, it will be converted to plain text.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="eresources-news">
+ <title>Usenet Newsgroups</title>
+
+ <para>In addition to two FreeBSD specific newsgroups, there are many
+ others in which FreeBSD is discussed or are otherwise relevant to
+ FreeBSD users. <ulink
+ url="http://minnie.tuhs.org/BSD-info/bsdnews_search.html">Keyword
+ searchable archives</ulink> are available for some of these newsgroups
+ from courtesy of Warren Toomey <email>wkt@cs.adfa.edu.au</email>.</para>
+
+ <sect2>
+ <title>BSD Specific Newsgroups</title>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.bsd.freebsd.announce">comp.unix.bsd.freebsd.announce</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.bsd.freebsd.misc">comp.unix.bsd.freebsd.misc</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:de.comp.os.unix.bsd">de.comp.os.unix.bsd</ulink> (German)</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:fr.comp.os.bsd">fr.comp.os.bsd</ulink> (French)</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:it.comp.os.freebsd">it.comp.os.freebsd</ulink> (Italian)</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Other &unix; Newsgroups of Interest</title>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink url="news:comp.unix">comp.unix</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.questions">comp.unix.questions</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.admin">comp.unix.admin</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.programmer">comp.unix.programmer</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.shell">comp.unix.shell</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.user-friendly">comp.unix.user-friendly</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.security.unix">comp.security.unix</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.sources.unix">comp.sources.unix</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.advocacy">comp.unix.advocacy</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.misc">comp.unix.misc</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.bugs.4bsd">comp.bugs.4bsd</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.bugs.4bsd.ucb-fixes">comp.bugs.4bsd.ucb-fixes</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.unix.bsd">comp.unix.bsd</ulink></para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>X Window System</title>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink
+ url="news:comp.windows.x.i386unix">comp.windows.x.i386unix</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.windows.x">comp.windows.x</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.windows.x.apps">comp.windows.x.apps</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.windows.x.announce">comp.windows.x.announce</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.windows.x.intrinsics">comp.windows.x.intrinsics</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.windows.x.motif">comp.windows.x.motif</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.windows.x.pex">comp.windows.x.pex</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="news:comp.emulators.ms-windows.wine">comp.emulators.ms-windows.wine</ulink></para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="eresources-web">
+ <title>World Wide Web Servers</title>
+
+ &chap.eresources.www.inc;
+ </sect1>
+
+ <sect1 id="eresources-email">
+ <title>Email Addresses</title>
+
+ <para>The following user groups provide FreeBSD related email addresses
+ for their members. The listed administrator reserves the right to
+ revoke the address if it is abused in any way.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>Domain</entry>
+ <entry>Facilities</entry>
+ <entry>User Group</entry>
+ <entry>Administrator</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>ukug.uk.FreeBSD.org</entry>
+ <entry>Forwarding only</entry>
+ <entry><email>freebsd-users@uk.FreeBSD.org</email></entry>
+ <entry>Lee Johnston
+ <email>lee@uk.FreeBSD.org</email></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect1>
+
+ <sect1 id="eresources-shell">
+ <title>Shell Accounts</title>
+
+ <para>The following user groups provide shell accounts for people who are
+ actively supporting the FreeBSD project. The listed administrator
+ reserves the right to cancel the account if it is abused in any
+ way.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>Host</entry>
+ <entry>Access</entry>
+ <entry>Facilities</entry>
+ <entry>Administrator</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>dogma.freebsd-uk.eu.org</entry>
+ <entry>Telnet/FTP/SSH</entry>
+ <entry>Email, Web space, Anonymous FTP</entry>
+ <entry>Lee Johnston
+ <email>lee@uk.FreeBSD.org</email></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect1>
+</appendix>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../appendix.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "appendix")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/firewalls/Makefile b/zh_TW.Big5/books/handbook/firewalls/Makefile
new file mode 100644
index 0000000000..331f5bf8ec
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/firewalls/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= firewalls/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/firewalls/chapter.sgml b/zh_TW.Big5/books/handbook/firewalls/chapter.sgml
new file mode 100644
index 0000000000..d3f07d269e
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/firewalls/chapter.sgml
@@ -0,0 +1,3342 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="firewalls">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Joseph J.</firstname>
+ <surname>Barbish</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Brad</firstname>
+ <surname>Davis</surname>
+ <contrib>Converted to SGML and updated by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Firewalls</title>
+
+ <indexterm><primary>firewall</primary></indexterm>
+
+ <indexterm>
+ <primary>security</primary>
+
+ <secondary>firewalls</secondary>
+ </indexterm>
+
+ <sect1 id="firewalls-intro">
+ <title>Introduction</title>
+
+ <para>Firewalls make it possible to filter
+ incoming and outgoing traffic that flows through your system.
+ A firewall can use one or more sets of <quote>rules</quote> to
+ inspect the network packets as they come in or go out of your
+ network connections and either allows the traffic through or
+ blocks it. The rules of a firewall can inspect one or more
+ characteristics of the packets, including but not limited to the
+ protocol type, the source or destination host address, and the
+ source or destination port.</para>
+
+ <para>Firewalls can greatly enhance the security of a host or a
+ network. They can be used to do one or more of
+ the following things:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>To protect and insulate the applications, services and
+ machines of your internal network from unwanted traffic
+ coming in from the public Internet.</para>
+ </listitem>
+
+ <listitem>
+ <para>To limit or disable access from hosts of the internal
+ network to services of the public Internet.</para>
+ </listitem>
+
+ <listitem>
+ <para>To support network address translation
+ (<acronym>NAT</acronym>), which allows your internal network
+ to use private <acronym>IP</acronym> addresses and share a
+ single connection to the public Internet (either with a
+ single <acronym>IP</acronym> address or by a shared pool of
+ automatically assigned public addresses).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to properly define packet filtering rules.</para>
+ </listitem>
+
+ <listitem>
+ <para>The differences between the firewalls
+ built into &os;.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use and configure the OpenBSD
+ <application>PF</application> firewall.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use and configure
+ <application>IPFILTER</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use and configure
+ <application>IPFW</application>.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand basic &os; and Internet concepts.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="firewalls-concepts">
+ <title>Firewall Concepts</title>
+
+ <indexterm>
+ <primary>firewall</primary>
+
+ <secondary>rulesets</secondary>
+ </indexterm>
+
+ <para>There are two basic ways to create firewall rulesets:
+ <quote>inclusive</quote> or <quote>exclusive</quote>. An
+ exclusive firewall allows all traffic through except for the
+ traffic matching the ruleset. An inclusive firewall does the
+ reverse. It only allows traffic matching the rules through and
+ blocks everything else.</para>
+
+ <para>Inclusive firewalls are generally safer than exclusive
+ firewalls because they significantly reduce the risk of allowing
+ unwanted traffic to pass through the firewall.</para>
+
+ <para>Security can be tightened further using a <quote>stateful
+ firewall</quote>. With a stateful firewall the firewall keeps
+ track of which connections are opened through the firewall and
+ will only allow traffic through which either matches an existing
+ connection or opens a new one. The disadvantage of a stateful
+ firewall is that it can be vulnerable to Denial of Service
+ (<acronym>DoS</acronym>) attacks if a lot of new connections are
+ opened very fast. With most firewalls it is possible to use a
+ combination of stateful and non-stateful behavior to make an
+ optimal firewall for the site.</para>
+ </sect1>
+
+ <sect1 id="firewalls-apps">
+ <title>Firewall Packages</title>
+
+ <para>&os; has three different firewall packages built
+ into the base system. They are: <emphasis>IPFILTER</emphasis>
+ (also known as <acronym>IPF</acronym>),
+ <emphasis>IPFIREWALL</emphasis> (also known as <acronym>IPFW</acronym>),
+ and <emphasis>OpenBSD's PacketFilter</emphasis> (also known as
+ <acronym>PF</acronym>). &os; also has two built in packages for
+ traffic shaping (basically controlling bandwidth usage):
+ &man.altq.4; and &man.dummynet.4;. Dummynet has traditionally been
+ closely tied with <acronym>IPFW</acronym>, and
+ <acronym>ALTQ</acronym> with
+ <acronym>IPF</acronym>/<acronym>PF</acronym>. IPF,
+ IPFW, and PF all use rules to control the access of packets to and
+ from your system, although they go about it different ways and
+ have different rule syntaxes.</para>
+
+ <para>The reason that &os; has multiple built in firewall packages
+ is that different people have different requirements and
+ preferences. No single firewall package is the best.</para>
+
+ <para>The author prefers IPFILTER because its stateful rules are
+ much less complicated to use in a <acronym>NAT</acronym>
+ environment and it has a built in ftp proxy that simplifies the
+ rules to allow secure outbound FTP usage.</para>
+
+ <para>Since all firewalls are based on inspecting the values of
+ selected packet control fields, the creator of the firewall
+ rulesets must have an understanding of how
+ <acronym>TCP</acronym>/IP works, what the different values in
+ the packet control fields are and how these values are used in a
+ normal session conversation. For a good explanation go to:
+ <ulink
+ url="http://www.ipprimer.com/overview.cfm"></ulink>.</para>
+ </sect1>
+
+ <sect1 id="firewalls-pf">
+ <title>The OpenBSD Packet Filter (PF) and
+ <acronym>ALTQ</acronym></title>
+
+ <indexterm>
+ <primary>firewall</primary>
+
+ <secondary>PF</secondary>
+ </indexterm>
+
+ <para>As of July 2003 the OpenBSD firewall software application
+ known as <acronym>PF</acronym> was ported to &os; and was made
+ available in the &os; Ports Collection; the first release that
+ contained <acronym>PF</acronym> as an integrated part of the
+ base system was &os;&nbsp;5.3 in November 2004.
+ <acronym>PF</acronym> is a complete, fully featured firewall
+ that has optional support for <acronym>ALTQ</acronym> (Alternate
+ Queuing). <acronym>ALTQ</acronym> provides Quality of Service
+ (<acronym>QoS</acronym>) bandwidth shaping that allows
+ guaranteeing bandwidth to different services based on filtering
+ rules. The OpenBSD Project does an outstanding job of
+ maintaining the PF User's Guide that it will not be made part of
+ this handbook firewall section as that would just be duplicated
+ effort.</para>
+
+ <para>The availability of PF for the various &os; releases and
+ versions is summarized below:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>&os; Version</entry>
+
+ <entry>PF Availability</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>Pre-4.X versions</entry>
+
+ <entry>PF is not available for any release of &os; older
+ than the 4.X branch.</entry>
+ </row>
+
+ <row>
+ <entry>All versions of the 4.X branch</entry>
+
+ <entry>PF is available as part of KAME.</entry>
+ </row>
+
+ <row>
+ <entry>5.X releases before 5.3-RELEASE</entry>
+
+ <entry>The <filename role="package">security/pf</filename>
+ port can be used to install PF on these versions of &os;.
+ These releases were targeted to developers and people who
+ wanted a preview of early 5.X versions. Upgrading to
+ 5.3-RELEASE or newer versions of &os; is strongly
+ recommended.</entry>
+ </row>
+
+ <row>
+ <entry>5.3-RELEASE and later versions</entry>
+
+ <entry>PF is part of the base system. Do
+ <emphasis>not</emphasis> use the <filename
+ role="package">security/pf</filename> port on these
+ versions of &os;. It will not work. Use the &man.pf.4;
+ support of the base system instead.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>More info can be found at the PF for &os; web site: <ulink
+ url="http://pf4freebsd.love2party.net/"></ulink>.</para>
+
+ <para>The OpenBSD PF user's guide is here: <ulink
+ url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
+
+ <warning>
+ <para>PF in &os; 5.X is at the level of OpenBSD version 3.5. The
+ port from the &os; Ports Collection is at the level of OpenBSD
+ version 3.4. Keep that in mind when browsing the user's
+ guide.</para>
+ </warning>
+
+ <sect2>
+ <title>Enabling PF</title>
+
+ <para>PF is included in the basic &os; install for versions newer
+ than 5.3 as a separate run time loadable module. The system
+ will dynamically load the PF kernel loadable module when the
+ rc.conf statement <literal>pf_enable="YES"</literal> is used.
+ The loadable module was created with &man.pflog.4; logging
+ enabled.</para>
+
+ <note>
+ <para>The module assumes the presence of <literal>options
+ INET</literal> and <literal>device bpf</literal>. Unless
+ <literal>NOINET6</literal> (for example in &man.make.conf.5;)
+ was defined during the build, it also requires <literal>options
+ INET6</literal>.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Kernel options</title>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>device pf</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>device pflog</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>device pfsync</secondary>
+ </indexterm>
+
+ <para>It is not a mandatory requirement that you enable PF by
+ compiling the following options into the &os; kernel. It is
+ only presented here as background information. Compiling PF
+ into the kernel causes the loadable module to never be
+ used.</para>
+
+ <para>Sample kernel config PF option statements are in the
+ <filename>/usr/src/sys/conf/NOTES</filename> kernel source and
+ are reproduced here:</para>
+
+ <programlisting>device pf
+device pflog
+device pfsync</programlisting>
+
+ <para><literal>device pf</literal> enables support for the
+ <quote>Packet Filter</quote> firewall.</para>
+
+ <para><literal>device pflog</literal> enables the optional
+ &man.pflog.4; pseudo network device which can be used to log
+ traffic to a &man.bpf.4; descriptor. The &man.pflogd.8; daemon
+ can be used to store the logging information to disk.</para>
+
+ <para><literal>device pfsync</literal> enables the optional
+ &man.pfsync.4; pseudo network device that is used to monitor
+ <quote>state changes</quote>. As this is not part of the
+ loadable module one has to build a custom kernel to use
+ it.</para>
+
+ <para>These settings will take effect only after you have built
+ and installed a kernel with them set.</para>
+ </sect2>
+
+ <sect2>
+ <title>Available rc.conf Options</title>
+
+ <para>You need the following statements in
+ <filename>/etc/rc.conf</filename> to activate PF at boot
+ time:</para>
+
+ <programlisting>pf_enable="YES" # Enable PF (load module if required)
+pf_rules="/etc/pf.conf" # rules definition file for pf
+pf_flags="" # additional flags for pfctl startup
+pflog_enable="YES" # start pflogd(8)
+pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
+pflog_flags="" # additional flags for pflogd startup</programlisting>
+
+ <para>If you have a LAN behind this firewall and have to forward
+ packets for the computers in the LAN or want to do NAT, you
+ have to enable the following option as well:</para>
+
+ <programlisting>gateway_enable="YES" # Enable as LAN gateway</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>Enabling <acronym>ALTQ</acronym></title>
+
+ <para><acronym>ALTQ</acronym> is only available by compiling the
+ options into the &os; Kernel. <acronym>ALTQ</acronym> is not
+ supported by all of the available network card drivers. Please
+ see the &man.altq.4; manual page for a list of drivers that are
+ supported in your release of &os;. The following options will
+ enable <acronym>ALTQ</acronym> and add additional
+ functionality.</para>
+
+ <programlisting>options ALTQ
+options ALTQ_CBQ # Class Bases Queuing (CBQ)
+options ALTQ_RED # Random Early Detection (RED)
+options ALTQ_RIO # RED In/Out
+options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
+options ALTQ_PRIQ # Priority Queuing (PRIQ)
+options ALTQ_NOPCC # Required for SMP build</programlisting>
+
+ <para><literal>options ALTQ</literal> enables the
+ <acronym>ALTQ</acronym> framework.</para>
+
+ <para><literal>options ALTQ_CBQ</literal> enables Class Based
+ Queuing (<acronym>CBQ</acronym>). <acronym>CBQ</acronym>
+ allows you to divide a connection's bandwidth into different
+ classes or queues to prioritize traffic based on filter
+ rules.</para>
+
+ <para><literal>options ALTQ_RED</literal> enables Random Early
+ Detection (<acronym>RED</acronym>). <acronym>RED</acronym> is
+ used to avoid network congestion. <acronym>RED</acronym> does
+ this by measuring the length of the queue and comparing it to
+ the minimum and maximum thresholds for the queue. If the
+ queue is over the maximum all new packets will be dropped.
+ True to its name, <acronym>RED</acronym> drops packets from
+ different connections randomly.</para>
+
+ <para><literal>options ALTQ_RIO</literal> enables Random Early
+ Detection In and Out.</para>
+
+ <para><literal>options ALTQ_HFSC</literal> enables the
+ Hierarchical Fair Service Curve Packet Scheduler. For more
+ information about <acronym>HFSC</acronym> see: <ulink
+ url="http://www-2.cs.cmu.edu/~hzhang/HFSC/main.html"></ulink>.</para>
+
+ <para><literal>options ALTQ_PRIQ</literal> enables Priority
+ Queuing (<acronym>PRIQ</acronym>). <acronym>PRIQ</acronym>
+ will always pass traffic that is in a higher queue
+ first.</para>
+
+ <para><literal>options ALTQ_NOPCC</literal> enables
+ <acronym>SMP</acronym> support for <acronym>ALTQ</acronym>.
+ This option is required on <acronym>SMP</acronym>
+ systems.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="firewalls-ipf">
+ <title>The IPFILTER (IPF) Firewall</title>
+
+ <indexterm>
+ <primary>firewall</primary>
+
+ <secondary>IPFILTER</secondary>
+ </indexterm>
+
+ <note>
+ <para>This section is work in progress. The contents might
+ not be accurate at all times.</para>
+ </note>
+
+ <para>The author of IPFILTER is Darren Reed. IPFILTER is not
+ operating system dependent: it is an open source application and
+ has been ported to &os;, NetBSD, OpenBSD, &sunos;, HP/UX, and
+ &solaris; operating systems. IPFILTER is actively being
+ supported and maintained, with updated versions being released
+ regularly.</para>
+
+ <para>IPFILTER is based on a kernel-side firewall and
+ <acronym>NAT</acronym> mechanism that can be controlled and
+ monitored by userland interface programs. The firewall rules can
+ be set or deleted with the &man.ipf.8; utility. The
+ <acronym>NAT</acronym> rules can be set or deleted with the
+ &man.ipnat.1; utility. The &man.ipfstat.8; utility can print
+ run-time statistics for the kernel parts of IPFILTER. The
+ &man.ipmon.8; program can log IPFILTER actions to the system log
+ files.</para>
+
+ <para>IPF was originally written using a rule processing logic of
+ <quote>the last matching rule wins</quote> and used only
+ stateless type of rules. Over time IPF has been enhanced to
+ include a <quote>quick</quote> option and a stateful <quote>keep
+ state</quote> option which drastically modernized the rules
+ processing logic. IPF's official documentation covers the legacy
+ rule coding parameters and the legacy rule file processing
+ logic. The modernized functions are only included as additional
+ options, completely understating their benefits in producing a
+ far superior secure firewall.</para>
+
+ <para>The instructions contained in this section are based on
+ using rules that contain the <quote>quick</quote> option and the
+ stateful <quote>keep state</quote> option. This is the basic
+ framework for coding an inclusive firewall rule set.</para>
+
+ <!-- XXX: something like this already in
+ <xref linkend="firewalls-concepts">
+ AND: the para below is repeated 3 times in this chapter-->
+
+ <para>An inclusive firewall only allows packets matching the rules
+ to pass through. This way you can control what services can
+ originate behind the firewall destined for the public Internet
+ and also control the services which can originate from the
+ public Internet accessing your private network. Everything else
+ is blocked and logged by default design. Inclusive firewalls are
+ much, much more secure than exclusive firewall rule sets and is
+ the only rule set type covered herein.</para>
+
+ <para>For detailed explanation of the legacy rules processing
+ method see: <ulink
+ url="http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1"></ulink>
+ and <ulink
+ url="http://coombs.anu.edu.au/~avalon/ip-filter.html"></ulink>.</para>
+
+ <para>The IPF FAQ is at <ulink
+ url="http://www.phildev.net/ipf/index.html"></ulink>.</para>
+
+ <sect2>
+ <title>Enabling IPF</title>
+
+ <indexterm>
+ <primary>IPFILTER</primary>
+
+ <secondary>enabling</secondary>
+ </indexterm>
+
+ <para>IPF is included in the basic &os; install as a separate run
+ time loadable module. The system will dynamically load the IPF
+ kernel loadable module when the rc.conf statement
+ <literal>ipfilter_enable="YES"</literal> is used. The loadable
+ module was created with logging enabled and the
+ <literal>default pass all</literal> options. You do not need
+ to compile IPF into the &os; kernel just to change the default
+ to <literal>block all</literal>, you can do that by just coding
+ a block all rule at the end of your rule set.</para>
+ </sect2>
+
+ <sect2>
+ <title>Kernel options</title>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPFILTER</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPFILTER_LOG</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPFILTER_DEFAULT_BLOCK</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>IPFILTER</primary>
+
+ <secondary>kernel options</secondary>
+ </indexterm>
+
+ <para>It is not a mandatory requirement that you enable IPF by
+ compiling the following options into the &os; kernel. It is
+ only presented here as background information. Compiling IPF
+ into the kernel causes the loadable module to never be
+ used.</para>
+
+ <para>Sample kernel config IPF option statements are in the
+ <filename>/usr/src/sys/conf/NOTES</filename> kernel source
+ (<filename>/usr/src/sys/<replaceable>arch</replaceable>/conf/LINT</filename>
+ for &os;&nbsp;4.X) and are reproduced here:</para>
+
+ <programlisting>options IPFILTER
+options IPFILTER_LOG
+options IPFILTER_DEFAULT_BLOCK</programlisting>
+
+ <para><literal>options IPFILTER</literal> enables support for the
+ <quote>IPFILTER</quote> firewall.</para>
+
+ <para><literal>options IPFILTER_LOG</literal> enables the option
+ to have IPF log traffic by writing to the
+ <devicename>ipl</devicename> packet logging pseudo&mdash;device
+ for every rule that has the <literal>log</literal>
+ keyword.</para>
+
+ <para><literal>options IPFILTER_DEFAULT_BLOCK</literal> changes
+ the default behavior so any packet not matching a firewall
+ <literal>pass</literal> rule gets blocked.</para>
+
+ <para>These settings will take effect only after you have built
+ and installed a kernel with them set.</para>
+ </sect2>
+
+ <sect2>
+ <title>Available rc.conf Options</title>
+
+ <para>You need the following statements in
+ <filename>/etc/rc.conf</filename> to activate IPF at boot
+ time:</para>
+
+ <programlisting>ipfilter_enable="YES" # Start ipf firewall
+ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
+ipmon_enable="YES" # Start IP monitor log
+ipmon_flags="-Ds" # D = start as daemon
+ # s = log to syslog
+ # v = log tcp window, ack, seq
+ # n = map IP & port to names</programlisting>
+
+ <para>If you have a LAN behind this firewall that uses the
+ reserved private IP address ranges, then you need to add the
+ following to enable <acronym>NAT</acronym>
+ functionality:</para>
+
+ <programlisting>gateway_enable="YES" # Enable as LAN gateway
+ipnat_enable="YES" # Start ipnat function
+ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>IPF</title>
+
+ <indexterm><primary><command>ipf</command></primary></indexterm>
+
+ <para>The ipf command is used to load your rules file. Normally
+ you create a file containing your custom rules and use this
+ command to replace in mass the currently running firewall
+ internal rules:</para>
+
+ <screen>&prompt.root; <userinput>ipf -Fa -f /etc/ipf.rules</userinput></screen>
+
+ <para><option>-Fa</option> means flush all internal rules
+ tables.</para>
+
+ <para><option>-f</option> means this is the file to read for the
+ rules to load.</para>
+
+ <para>This gives you the ability to make changes to your custom
+ rules file, run the above IPF command, and thus update the
+ running firewall with a fresh copy of all the rules without
+ having to reboot the system. This method is very convenient
+ for testing new rules as the procedure can be executed as many
+ times as needed.</para>
+
+ <para>See the &man.ipf.8; manual page for details on the other
+ flags available with this command.</para>
+
+ <para>The &man.ipf.8; command expects the rules file to be a
+ standard text file. It will not accept a rules file written as
+ a script with symbolic substitution.</para>
+
+ <para>There is a way to build IPF rules that utilizes the power
+ of script symbolic substitution. For more information, see
+ <xref linkend="firewalls-ipf-rules-script">.</para>
+ </sect2>
+
+ <sect2>
+ <title>IPFSTAT</title>
+
+ <indexterm><primary><command>ipfstat</command></primary></indexterm>
+
+ <indexterm>
+ <primary>IPFILTER</primary>
+
+ <secondary>statistics</secondary>
+ </indexterm>
+
+ <para>The default behavior of &man.ipfstat.8; is to retrieve and
+ display the totals of the accumulated statistics gathered as a
+ result of applying the user coded rules against packets going
+ in and out of the firewall since it was last started, or since
+ the last time the accumulators were reset to zero by the
+ <command>ipf -Z</command> command.</para>
+
+ <para>See the &man.ipfstat.8; manual page for details.</para>
+
+ <para>The default &man.ipfstat.8; command output will look
+ something like this:</para>
+
+ <screen>input packets: blocked 99286 passed 1255609 nomatch 14686 counted 0
+ output packets: blocked 4200 passed 1284345 nomatch 14687 counted 0
+ input packets logged: blocked 99286 passed 0
+ output packets logged: blocked 0 passed 0
+ packets logged: input 0 output 0
+ log failures: input 3898 output 0
+ fragment state(in): kept 0 lost 0
+ fragment state(out): kept 0 lost 0
+ packet state(in): kept 169364 lost 0
+ packet state(out): kept 431395 lost 0
+ ICMP replies: 0 <acronym>TCP</acronym> RSTs sent: 0
+ Result cache hits(in): 1215208 (out): 1098963
+ IN Pullups succeeded: 2 failed: 0
+ OUT Pullups succeeded: 0 failed: 0
+ Fastroute successes: 0 failures: 0
+ <acronym>TCP</acronym> cksum fails(in): 0 (out): 0
+ Packet log flags set: (0)</screen>
+
+ <para>When supplied with either <option>-i</option> for inbound
+ or <option>-o</option> for outbound, it will retrieve and
+ display the appropriate list of filter rules currently
+ installed and in use by the kernel.</para>
+
+ <para><command>ipfstat -in</command> displays the inbound
+ internal rules table with rule number.</para>
+
+ <para><command>ipfstat -on</command> displays the outbound
+ internal rules table with the rule number.</para>
+
+ <para>The output will look something like this:</para>
+
+ <screen>@1 pass out on xl0 from any to any
+@2 block out on dc0 from any to any
+@3 pass out quick on dc0 proto tcp/udp from any to any keep state</screen>
+
+ <para><command>ipfstat -ih</command> displays the inbound
+ internal rules table, prefixing each rule with a count of how
+ many times the rule was matched.</para>
+
+ <para><command>ipfstat -oh</command> displays the outbound
+ internal rules table, prefixing each rule with a count of how
+ many times the rule was matched.</para>
+
+ <para>The output will look something like this:</para>
+
+ <screen>2451423 pass out on xl0 from any to any
+354727 block out on dc0 from any to any
+430918 pass out quick on dc0 proto tcp/udp from any to any keep state</screen>
+
+ <para>One of the most important functions of the
+ <command>ipfstat</command> command is the <option>-t</option>
+ flag which displays the state table in a way similar to the way
+ &man.top.1; shows the &os; running process table. When your
+ firewall is under attack this function gives you the ability to
+ identify, drill down to, and see the attacking packets. The
+ optional sub-flags give the ability to select the destination
+ or source IP, port, or protocol that you want to monitor in
+ real time. See the &man.ipfstat.8; manual page for
+ details.</para>
+ </sect2>
+
+ <sect2>
+ <title>IPMON</title>
+
+ <indexterm><primary><command>ipmon</command></primary></indexterm>
+
+ <indexterm>
+ <primary>IPFILTER</primary>
+
+ <secondary>logging</secondary>
+ </indexterm>
+
+ <para>In order for <command>ipmon</command> to work properly, the
+ kernel option IPFILTER_LOG must be turned on. This command has
+ two different modes that it can be used in. Native mode is the
+ default mode when you type the command on the command line
+ without the <option>-D</option> flag.</para>
+
+ <para>Daemon mode is for when you want to have a continuous
+ system log file available so that you can review logging of
+ past events. This is how &os; and IPFILTER are configured to
+ work together. &os; has a built in facility to automatically
+ rotate system logs. That is why outputting the log information
+ to syslogd is better than the default of outputting to a
+ regular file. In the default <filename>rc.conf</filename> file
+ you see the ipmon_flags statement uses the <option>-Ds</option>
+ flags:</para>
+
+ <programlisting>ipmon_flags="-Ds" # D = start as daemon
+ # s = log to syslog
+ # v = log tcp window, ack, seq
+ # n = map IP & port to names</programlisting>
+
+ <para>The benefits of logging are obvious. It provides the
+ ability to review, after the fact, information such as which
+ packets had been dropped, what addresses they came from and
+ where they were going. These all give you a significant edge
+ in tracking down attackers.</para>
+
+ <para>Even with the logging facility enabled, IPF will not
+ generate any rule logging on its own. The firewall
+ administrator decides what rules in the rule set he wants to
+ log and adds the log keyword to those rules. Normally only
+ deny rules are logged.</para>
+
+ <para>It is very customary to include a default deny everything
+ rule with the log keyword included as your last rule in the
+ rule set. This way you get to see all the packets that did not
+ match any of the rules in the rule set.</para>
+ </sect2>
+
+ <sect2>
+ <title>IPMON Logging</title>
+
+ <para><application>Syslogd</application> uses its own special
+ method for segregation of log data. It uses special groupings
+ called <quote>facility</quote> and <quote>level</quote>. IPMON
+ in <option>-Ds</option> mode uses <literal>security</literal>
+ (<literal>local0</literal> in 4.X) as the <quote>facility</quote>
+ name. All IPMON logged data goes to <literal>security</literal>
+ (<literal>local0</literal> in 4.X). The following levels can be
+ used to further segregate the logged data if desired:</para>
+
+ <screen>LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block.
+LOG_NOTICE - packets logged which are also passed
+LOG_WARNING - packets logged which are also blocked
+LOG_ERR - packets which have been logged and which can be considered short</screen>
+
+ <!-- XXX: "can be considered short" == "with incomplete header" -->
+
+ <para>To setup IPFILTER to log all data to
+ <filename>/var/log/ipfilter.log</filename>, you will need to
+ create the file. The following command will do that:</para>
+
+ <screen>&prompt.root; <userinput>touch /var/log/ipfilter.log</userinput></screen>
+
+ <para>The syslog function is controlled by definition statements
+ in the <filename>/etc/syslog.conf</filename> file. The
+ <filename>syslog.conf</filename> file offers considerable
+ flexibility in how syslog will deal with system messages issued
+ by software applications like IPF.</para>
+
+ <para>Add the following statement to
+ <filename>/etc/syslog.conf</filename> for &os;&nbsp;5.X and
+ later:</para>
+
+ <programlisting>security.* /var/log/ipfilter.log</programlisting>
+
+ <para>Or add the following statement to
+ <filename>/etc/syslog.conf</filename> for &os;&nbsp;4.X:</para>
+
+ <programlisting>local0.* /var/log/ipfilter.log</programlisting>
+
+ <para>The <literal>security.*</literal> (<literal>local0</literal>
+ for 4.X) means to write all the logged messages to the coded
+ file location.</para>
+
+ <para>To activate the changes to <filename>/etc/syslog.conf
+ </filename> you can reboot or bump the syslog task into
+ re-reading <filename>/etc/syslog.conf</filename> by running
+ <command>/etc/rc.d/syslogd reload</command>
+ (<command>killall -HUP syslogd</command> in &os; 4.X).</para>
+
+ <para>Do not forget to change
+ <filename>/etc/newsyslog.conf</filename> to rotate the new log
+ you just created above.</para>
+ </sect2>
+
+ <sect2>
+ <title>The Format of Logged Messages</title>
+
+ <para>Messages generated by <command>ipmon</command> consist of
+ data fields separated by white space. Fields common to all
+ messages are:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>The date of packet receipt.</para>
+ </listitem>
+
+ <listitem>
+ <para>The time of packet receipt. This is in the form
+ HH:MM:SS.F, for hours, minutes, seconds, and fractions of a
+ second (which can be several digits long).</para>
+ </listitem>
+
+ <listitem>
+ <para>The name of the interface the packet was processed on,
+ e.g. <devicename>dc0</devicename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The group and rule number of the rule, e.g.
+ <literal>@0:17</literal>.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>These can be viewed with <command>ipfstat
+ -in</command>.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>The action: p for passed, b for blocked, S for a short
+ packet, n did not match any rules, L for a log rule. The
+ order of precedence in showing flags is: S, p, b, n, L. A
+ capital P or B means that the packet has been logged due to
+ a global logging setting, not a particular rule.</para>
+ </listitem>
+
+ <listitem>
+ <para>The addresses. This is actually three fields: the
+ source address and port (separated by a comma), the ->
+ symbol, and the destination address and port.
+ 209.53.17.22,80 -> 198.73.220.17,1722.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>PR</literal> followed by the protocol name or
+ number, e.g. PR tcp.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>len</literal> followed by the header length
+ and total length of the packet, e.g. len 20 40.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>If the packet is a <acronym>TCP</acronym> packet, there
+ will be an additional field starting with a hyphen followed by
+ letters corresponding to any flags that were set. See the
+ &man.ipmon.8; manual page for a list of letters and their
+ flags.</para>
+
+ <para>If the packet is an ICMP packet, there will be two fields
+ at the end, the first always being <quote>ICMP</quote>, and the
+ next being the ICMP message and sub-message type, separated by
+ a slash, e.g. ICMP 3/3 for a port unreachable message.</para>
+ </sect2>
+
+ <sect2 id="firewalls-ipf-rules-script">
+ <title>Building the Rule Script with Symbolic
+ Substitution</title>
+
+ <para>Some experienced IPF users create a file containing the
+ rules and code them in a manner compatible with running them as
+ a script with symbolic substitution. The major benefit of
+ doing this is that you only have to change the value associated
+ with the symbolic name and when the script is run all the rules
+ containing the symbolic name will have the value substituted in
+ the rules. Being a script, you can use symbolic substitution
+ to code frequently used values and substitute them in multiple
+ rules. You will see this in the following example.</para>
+
+ <para>The script syntax used here is compatible with the sh, csh,
+ and tcsh shells.</para>
+
+ <para>Symbolic substitution fields are prefixed with a dollar
+ sign: <literal>&dollar;</literal>.</para>
+
+ <para>Symbolic fields do not have the &dollar; prefix.</para>
+
+ <para>The value to populate the symbolic field must be enclosed
+ with double quotes (<literal>"</literal>).</para>
+
+ <para>Start your rule file with something like this:</para>
+
+ <programlisting>############# Start of IPF rules script ########################
+
+oif="dc0" # name of the outbound interface
+odns="192.0.2.11" # ISP's DNS server IP address
+myip="192.0.2.7" # my static IP address from ISP
+ks="keep state"
+fks="flags S keep state"
+
+# You can choose between building /etc/ipf.rules file
+# from this script or running this script "as is".
+#
+# Uncomment only one line and comment out another.
+#
+# 1) This can be used for building /etc/ipf.rules:
+#cat &gt; /etc/ipf.rules &lt;&lt; EOF
+#
+# 2) This can be used to run script "as is":
+/sbin/ipf -Fa -f - &lt;&lt; EOF
+
+# Allow out access to my ISP's Domain name server.
+pass out quick on &dollar;oif proto tcp from any to &dollar;odns port = 53 &dollar;fks
+pass out quick on &dollar;oif proto udp from any to &dollar;odns port = 53 &dollar;ks
+
+# Allow out non-secure standard www function
+pass out quick on &dollar;oif proto tcp from &dollar;myip to any port = 80 &dollar;fks
+
+# Allow out secure www function https over TLS SSL
+pass out quick on &dollar;oif proto tcp from &dollar;myip to any port = 443 &dollar;fks
+EOF
+################## End of IPF rules script ########################</programlisting>
+
+ <para>That is all there is to it. The rules are not important in
+ this example; how the symbolic substitution fields are
+ populated and used are. If the above example was in a file
+ named <filename>/etc/ipf.rules.script</filename>, you could
+ reload these rules by entering the following command:</para>
+
+ <screen>&prompt.root; <userinput>sh /etc/ipf.rules.script</userinput></screen>
+
+ <para>There is one problem with using a rules file with embedded
+ symbolics: IPF does not understand symbolic substitution, and
+ cannot read such scripts directly.</para>
+
+ <para>This script can be used in one of two ways:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Uncomment the line that begins with
+ <literal>cat</literal>, and comment out the line that
+ begins with <literal>/sbin/ipf</literal>. Place
+ <literal>ipfilter_enable="YES"</literal> into
+ <filename>/etc/rc.conf</filename> as usual, and run script
+ once after each modification to create or update
+ <filename>/etc/ipf.rules</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Disable IPFILTER in system startup scripts by adding
+ <literal>ipfilter_enable="NO"</literal> (this is default
+ value) into <filename>/etc/rc.conf</filename> file.</para>
+
+ <para>Add a script like the following to your
+ <filename>/usr/local/etc/rc.d/</filename> startup
+ directory. The script should have an obvious name like
+ <filename>ipf.loadrules.sh</filename>. The
+ <filename>.sh</filename> extension is mandatory.</para>
+
+ <programlisting>#!/bin/sh
+sh /etc/ipf.rules.script</programlisting>
+
+ <para>The permissions on this script file must be read,
+ write, execute for owner <username>root</username>.</para>
+
+ <screen>&prompt.root; <userinput>chmod 700 /usr/local/etc/rc.d/ipf.loadrules.sh</userinput></screen>
+ </listitem>
+ </itemizedlist>
+
+ <para>Now, when your system boots, your IPF rules will be
+ loaded.</para>
+ </sect2>
+
+ <sect2>
+ <title>IPF Rule Sets</title>
+
+ <!-- XXX: looks incorrect (and duplicated 2 times in this chapter):
+ 1. Packet can be processed two times depend of firewall
+ firewall configuration, but "return trip back" is
+ another packet.
+ 2. "Each TCP/IP service ... is predefined by its protocol ..."
+ - this shold be about packet and it's parameters
+ (source/destination address and port). -->
+
+ <para>A rule set is a group of ipf rules coded to pass or block
+ packets based on the values contained in the packet. The
+ bi-directional exchange of packets between hosts comprises a
+ session conversation. The firewall rule set processes the
+ packet two times, once on its arrival from the public Internet
+ host and again as it leaves for its return trip back to the
+ public Internet host. Each TCP/IP service (i.e. telnet, www,
+ mail, etc.) is predefined by its protocol, source and
+ destination IP address, or the source and destination port
+ number. This is the basic selection criteria used to create
+ rules which will pass or block services.</para>
+
+ <indexterm>
+ <primary>IPFILTER</primary>
+
+ <secondary>rule processing order</secondary>
+ </indexterm>
+
+ <para>IPF was originally written using a rules processing logic
+ of <quote>the last matching rule wins</quote> and used only
+ stateless rules. Over time IPF has been enhanced to include a
+ <quote>quick</quote> option and a stateful <quote>keep
+ state</quote> option which drastically modernized the rule
+ processing logic.</para>
+
+ <para>The instructions contained in this section are based on
+ using rules that contain the <quote>quick</quote> option and
+ the stateful <quote>keep state</quote> option. This is the
+ basic framework for coding an inclusive firewall rule
+ set.</para>
+
+ <!-- XXX: something like this already in
+ <xref linkend="firewalls-concepts">
+ AND: the para below is repeated 3 times in this chapter-->
+
+ <para>An inclusive firewall only allows services matching the
+ rules through. This way you can control what services can
+ originate behind the firewall destined for the public Internet
+ and also control the services which can originate from the
+ public Internet accessing your private network. Everything
+ else is blocked and logged by default design. Inclusive
+ firewalls are much, much securer than exclusive firewall rule
+ sets and is the only rule set type covered herein.</para>
+
+ <warning>
+ <para>When working with the firewall rules, be <emphasis>very
+ careful</emphasis>. Some configurations <emphasis>will
+ lock you out</emphasis> of the server. To be on the safe
+ side, you may wish to consider performing the initial
+ firewall configuration from the local console rather than
+ doing it remotely e.g. via
+ <application>ssh</application>.</para>
+ </warning>
+ </sect2>
+
+ <sect2>
+ <title>Rule Syntax</title>
+
+ <indexterm>
+ <primary>IPFILTER</primary>
+
+ <secondary>rule syntax</secondary>
+ </indexterm>
+
+ <para>The rule syntax presented here has been simplified to only
+ address the modern stateful rule context and <quote>first
+ matching rule wins</quote> logic. For the complete legacy rule
+ syntax description see the &man.ipf.8; manual page.</para>
+
+ <para>A <literal>#</literal> character is used to mark the start
+ of a comment and may appear at the end of a rule line or on its
+ own line. Blank lines are ignored.</para>
+
+ <para>Rules contain keywords. These keywords have to be coded in
+ a specific order from left to right on the line. Keywords are
+ identified in bold type. Some keywords have sub-options which
+ may be keywords themselves and also include more sub-options.
+ Each of the headings in the below syntax has a bold section
+ header which expands on the content.</para>
+
+ <!-- This section is probably wrong. See the OpenBSD flag -->
+ <!-- What is the "OpenBSD flag"? Reference please -->
+
+ <para><replaceable>ACTION IN-OUT OPTIONS SELECTION STATEFUL PROTO
+ SRC_ADDR,DST_ADDR OBJECT PORT_NUM TCP_FLAG
+ STATEFUL</replaceable></para>
+
+ <para><replaceable>ACTION</replaceable> = block | pass</para>
+
+ <para><replaceable>IN-OUT</replaceable> = in | out</para>
+
+ <para><replaceable>OPTIONS</replaceable> = log | quick | on
+ interface-name</para>
+
+ <para><replaceable>SELECTION</replaceable> = proto value |
+ source/destination IP | port = number | flags
+ flag-value</para>
+
+ <para><replaceable>PROTO</replaceable> = tcp/udp | udp | tcp |
+ icmp</para>
+
+ <para><replaceable>SRC_ADD,DST_ADDR</replaceable> = all | from
+ object to object</para>
+
+ <para><replaceable>OBJECT</replaceable> = IP address | any</para>
+
+ <para><replaceable>PORT_NUM</replaceable> = port number</para>
+
+ <para><replaceable>TCP_FLAG</replaceable> = S</para>
+
+ <para><replaceable>STATEFUL</replaceable> = keep state</para>
+
+ <sect3>
+ <title>ACTION</title>
+
+ <para>The action indicates what to do with the packet if it
+ matches the rest of the filter rule. Each rule
+ <emphasis>must</emphasis> have a action. The following
+ actions are recognized:</para>
+
+ <para><literal>block</literal> indicates that the packet should
+ be dropped if the selection parameters match the
+ packet.</para>
+
+ <para><literal>pass</literal> indicates that the packet should
+ exit the firewall if the selection parameters match the
+ packet.</para>
+ </sect3>
+
+ <sect3>
+ <title>IN-OUT</title>
+
+ <para>A mandatory requirement is that each filter rule
+ explicitly state which side of the I/O it is to be used on.
+ The next keyword must be either in or out and one or the
+ other has to be coded or the rule will not pass syntax
+ checks.</para>
+
+ <para><literal>in</literal> means this rule is being applied
+ against an inbound packet which has just been received on the
+ interface facing the public Internet.</para>
+
+ <para><literal>out</literal> means this rule is being applied
+ against an outbound packet destined for the interface facing
+ the public Internet.</para>
+ </sect3>
+
+ <sect3>
+ <title>OPTIONS</title>
+
+ <note>
+ <para>These options must be used in the order shown
+ here.</para>
+ </note>
+
+ <para><literal>log</literal> indicates that the packet header
+ will be written to
+
+ <!-- XXX - xref here -->
+
+ the <devicename>ipl</devicename> log (as described in the
+ LOGGING section below) if the selection parameters match the
+ packet.</para>
+
+ <para><literal>quick</literal> indicates that if the selection
+ parameters match the packet, this rule will be the last rule
+ checked, allowing a <quote>short-circuit</quote> path to avoid processing
+ any following rules for this packet. This option is a
+ mandatory requirement for the modernized rules processing
+ logic.</para>
+
+ <para><literal>on</literal> indicates the interface name to be
+ incorporated into the selection parameters. Interface names
+ are as displayed by &man.ifconfig.8;. Using this option, the
+ rule will only match if the packet is going through that
+ interface in the specified direction (in/out). This option
+ is a mandatory requirement for the modernized rules
+ processing logic.</para>
+
+ <para>When a packet is logged, the headers of the packet are
+ written to the IPL packet logging pseudo-device.
+ Immediately following the log keyword, the following
+ qualifiers may be used (in this order):</para>
+
+ <para><literal>body</literal> indicates that the first 128
+ bytes of the packet contents will be logged after the
+ headers.</para>
+
+ <para><literal>first</literal> If the <literal>log</literal>
+ keyword is being used in conjunction with a <quote>keep
+ state</quote> option, it is recommended that this option is
+ also applied so that only the triggering packet is logged and
+ not every packet which thereafter matches the <quote>keep
+ state</quote> information.</para>
+ </sect3>
+
+ <sect3>
+ <title>SELECTION</title>
+
+ <para>The keywords described in this section are used to
+ describe attributes of the packet to be interrogated when
+ determining whether rules match or not. There is a
+ keyword subject, and it has sub-option keywords, one of
+ which has to be selected. The following general-purpose
+ attributes are provided for matching, and must be used in
+ this order:</para>
+ </sect3>
+
+ <sect3>
+ <title>PROTO</title>
+
+ <para><literal>proto</literal> is the subject keyword and must
+ be coded along with one of its corresponding keyword
+ sub-option values. The value allows a specific protocol to
+ be matched against. This option is a mandatory requirement
+ for the modernized rules processing logic.</para>
+
+ <para><literal>tcp/udp | udp | tcp | icmp</literal> or any
+ protocol names found in <filename>/etc/protocols</filename>
+ are recognized and may be used. The special protocol keyword
+ <literal>tcp/udp</literal> may be used to match either a
+ <acronym>TCP</acronym> or a UDP packet, and has been added as
+ a convenience to save duplication of otherwise identical
+ rules.</para>
+ </sect3>
+
+ <sect3>
+ <title>SRC_ADDR/DST_ADDR</title>
+
+ <para>The <literal>all</literal> keyword is essentially a
+ synonym for <quote>from any to any</quote> with no other
+ match parameters.</para>
+
+ <para><literal>from src to dst</literal>: the from and to
+ keywords are used to match against IP addresses. Rules must
+ specify BOTH source and destination parameters.
+ <literal>any</literal> is a special keyword that matches any
+ IP address. Examples of use: <quote>from any to any</quote>
+ or <quote>from 0.0.0.0/0 to any</quote> or <quote>from any to
+ 0.0.0.0/0</quote> or <quote>from 0.0.0.0 to any</quote> or
+ <quote>from any to 0.0.0.0</quote>.</para>
+
+ <!-- XXX: Needs rewording -->
+
+ <para>IP addresses may be specified as a dotted IP address
+ numeric form/mask-length, or as single dotted IP address
+ numeric form.</para>
+
+ <para>There is no way to match ranges of IP addresses which
+ do not express themselves easily as mask-length. See this
+ web page for help on writing mask-length: <ulink
+ url="http://jodies.de/ipcalc"></ulink>.</para>
+ </sect3>
+
+ <sect3>
+ <title>PORT</title>
+
+ <para>If a port match is included, for either or both of source
+ and destination, then it is only applied to
+ <acronym>TCP</acronym> and UDP packets. When composing port
+ comparisons, either the service name from
+ <filename>/etc/services</filename> or an integer port number
+ may be used. When the port appears as part of the from
+ object, it matches the source port number; when it appears
+ as part of the to object, it matches the destination port
+ number. The use of the port option with the
+ <literal>to</literal> object is a mandatory requirement for
+ the modernized rules processing logic. Example of use:
+ <quote>from any to any port = 80</quote></para>
+
+ <!-- XXX: Needs rewriting -->
+
+ <para>Port comparisons may be done in a number of forms, with
+ a number of comparison operators, or port ranges may be
+ specified.</para>
+
+ <para>port "=" | "!=" | "&lt;" | "&gt;" | "&lt;=" | "&gt;=" |
+ "eq" | "ne" | "lt" | "gt" | "le" | "ge".</para>
+
+ <para>To specify port ranges, port "&lt;&gt;" |
+ "&gt;&lt;"</para>
+
+ <warning>
+ <para>Following the source and destination matching
+ parameters, the following two parameters are mandatory
+ requirements for the modernized rules processing
+ logic.</para>
+ </warning>
+ </sect3>
+
+ <sect3>
+ <title><acronym>TCP</acronym>_FLAG</title>
+
+ <para>Flags are only effective for <acronym>TCP</acronym>
+ filtering. The letters represents one of the possible flags
+ that can be interrogated in the <acronym>TCP</acronym> packet
+ header.</para>
+
+ <para>The modernized rules processing logic uses the
+ <literal>flags S</literal> parameter to identify the tcp
+ session start request.</para>
+ </sect3>
+
+ <sect3>
+ <title>STATEFUL</title>
+
+ <para><literal>keep state</literal> indicates that on a pass
+ rule, any packets that match the rules selection parameters
+ should activate the stateful filtering facility.</para>
+
+ <note>
+ <para>This option is a mandatory requirement for the
+ modernized rules processing logic.</para>
+ </note>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Stateful Filtering</title>
+
+ <indexterm>
+ <primary>IPFILTER</primary>
+
+ <secondary>stateful filtering</secondary>
+ </indexterm>
+
+ <!-- XXX: duplicated -->
+
+ <para>Stateful filtering treats traffic as a bi-directional
+ exchange of packets comprising a session conversation. When
+ activated, keep-state dynamically generates internal rules for
+ each anticipated packet being exchanged during the
+ bi-directional session conversation. It has the interrogation
+ abilities to determine if the session conversation between the
+ originating sender and the destination are following the valid
+ procedure of bi-directional packet exchange. Any packets that
+ do not properly fit the session conversation template are
+ automatically rejected as impostors.</para>
+
+ <para>Keep state will also allow ICMP packets related to a
+ <acronym>TCP</acronym> or UDP session through. So if you get
+ ICMP type 3 code 4 in response to some web surfing allowed out
+ by a keep state rule, they will be automatically allowed in.
+ Any packet that IPF can be certain is part of an active
+ session, even if it is a different protocol, will be let
+ in.</para>
+
+ <para>What happens is:</para>
+
+ <para>Packets destined to go out the interface connected to the
+ public Internet are first checked against the dynamic state
+ table, if the packet matches the next expected packet
+ comprising in a active session conversation, then it exits the
+ firewall and the state of the session conversation flow is
+ updated in the dynamic state table, the remaining packets get
+ checked against the outbound rule set.</para>
+
+ <para>Packets coming in to the interface connected to the public
+ Internet are first checked against the dynamic state table, if
+ the packet matches the next expected packet comprising a
+ active session conversation, then it exits the firewall and
+ the state of the session conversation flow is updated in the
+ dynamic state table, the remaining packets get checked against
+ the inbound rule set.</para>
+
+ <para>When the conversation completes it is removed from the
+ dynamic state table.</para>
+
+ <para>Stateful filtering allows you to focus on blocking/passing
+ new sessions. If the new session is passed, all its subsequent
+ packets will be allowed through automatically and any impostors
+ automatically rejected. If a new session is blocked, none of
+ its subsequent packets will be allowed through. Stateful
+ filtering has technically advanced interrogation abilities
+ capable of defending against the flood of different attack
+ methods currently employed by attackers.</para>
+ </sect2>
+
+ <sect2>
+ <!-- XXX: This section needs a rewrite -->
+
+ <title>Inclusive Rule Set Example</title>
+
+ <para>The following rule set is an example of how to code a very
+ secure inclusive type of firewall. An inclusive firewall only
+ allows services matching pass rules through and blocks all
+ other by default. All firewalls have at the minimum two
+ interfaces which have to have rules to allow the firewall to
+ function.</para>
+
+ <para>All &unix; flavored systems including &os; are designed to
+ use interface <devicename>lo0</devicename> and IP address
+ <hostid role="ipaddr">127.0.0.1</hostid> for internal
+ communication within the operating system. The firewall rules
+ must contain rules to allow free unmolested movement of these
+ special internally used packets.</para>
+
+ <para>The interface which faces the public Internet is the one
+ where you place your rules to authorize and control access out
+ to the public Internet and access requests arriving from the
+ public Internet. This can be your user PPP
+ <devicename>tun0</devicename> interface or your NIC that is
+ connected to your DSL or cable modem.</para>
+
+ <para>In cases where one or more NICs are cabled to private LANs
+ behind the firewall, those interfaces must have a rule coded to
+ allow free unmolested movement of packets originating from
+ those LAN interfaces.</para>
+
+ <para>The rules should be first organized into three major
+ sections: all the free unmolested interfaces, the public
+ interface outbound, and the public interface inbound.</para>
+
+ <para>The rules in each of the public interface sections should
+ have the most frequently matched rules placed before less
+ commonly matched rules, with the last rule in the section
+ blocking and logging all packets on that interface and
+ direction.</para>
+
+ <para>The Outbound section in the following rule set only
+ contains 'pass' rules which contain selection values that
+ uniquely identify the service that is authorized for public
+ Internet access. All the rules have the 'quick', 'on',
+ 'proto', 'port', and 'keep state' option coded. The 'proto
+ tcp' rules have the 'flag' option included to identify the
+ session start request as the triggering packet to activate the
+ stateful facility.</para>
+
+ <para>The Inbound section has all the blocking of undesirable
+ packets first, for two different reasons. The first is that
+ these things being blocked may be part of an otherwise valid
+ packet which may be allowed in by the later authorized service
+ rules. The second reason is that by having a rule that
+ explicitly blocks selected packets that I receive on an
+ infrequent basis and that I do not want to see in the log, they
+ will not be caught by the last rule in the section which blocks
+ and logs all packets which have fallen through the rules. The
+ last rule in the section which blocks and logs all packets is
+ how you create the legal evidence needed to prosecute the
+ people who are attacking your system.</para>
+
+ <para>Another thing you should take note of, is there is no
+ response returned for any of the undesirable stuff, their
+ packets just get dropped and vanish. This way the attacker
+ has no knowledge if his packets have reached your system. The
+ less the attackers can learn about your system, the more
+ time they must invest before actually doing something bad.
+ The inbound 'nmap OS fingerprint' attempts rule I log
+
+ <!-- XXX: what? -->
+
+ the first occurrence because this is something a attacker
+ would do.</para>
+
+ <para>Any time you see log messages on a rule with 'log first'.
+ You should do an <command>ipfstat -hio</command> command to see
+ the number of times the rule has been matched so you know if
+ you are being flooded, i.e. under attack.</para>
+
+ <para>When you log packets with port numbers you do not
+ recognize, look it up in <filename>/etc/services</filename> or
+ go to <ulink
+ url="http://www.securitystats.com/tools/portsearch.php"></ulink>
+ and do a port number lookup to find what the purpose of that
+ port number is.</para>
+
+ <para>Check out this link for port numbers used by Trojans <ulink
+ url="http://www.simovits.com/trojans/trojans.html"></ulink>.</para>
+
+ <para>The following rule set is a complete very secure
+ 'inclusive' type of firewall rule set that I have used on my
+ system. You can not go wrong using this rule set for your own.
+ Just comment out any pass rules for services that you do not
+ want to authorize.</para>
+
+ <para>If you see messages in your log that you want to stop
+ seeing just add a block rule in the inbound section.</para>
+
+ <para>You have to change the <devicename>dc0</devicename>
+ interface name in every rule to the interface name of the Nic
+ card that connects your system to the public Internet. For
+ user PPP it would be <devicename>tun0</devicename>.</para>
+
+ <para>Add the following statements to
+ <filename>/etc/ipf.rules</filename>:</para>
+
+ <programlisting>#################################################################
+# No restrictions on Inside LAN Interface for private network
+# Not needed unless you have LAN
+#################################################################
+
+#pass out quick on xl0 all
+#pass in quick on xl0 all
+
+#################################################################
+# No restrictions on Loopback Interface
+#################################################################
+pass in quick on lo0 all
+pass out quick on lo0 all
+
+#################################################################
+# Interface facing Public Internet (Outbound Section)
+# Interrogate session start requests originating from behind the
+# firewall on the private network
+# or from this gateway server destine for the public Internet.
+#################################################################
+
+# Allow out access to my ISP's Domain name server.
+# xxx must be the IP address of your ISP's DNS.
+# Dup these lines if your ISP has more than one DNS server
+# Get the IP addresses from /etc/resolv.conf file
+pass out quick on dc0 proto tcp from any to xxx port = 53 flags S keep state
+pass out quick on dc0 proto udp from any to xxx port = 53 keep state
+
+# Allow out access to my ISP's DHCP server for cable or DSL networks.
+# This rule is not needed for 'user ppp' type connection to the
+# public Internet, so you can delete this whole group.
+# Use the following rule and check log for IP address.
+# Then put IP address in commented out rule & delete first rule
+pass out log quick on dc0 proto udp from any to any port = 67 keep state
+#pass out quick on dc0 proto udp from any to z.z.z.z port = 67 keep state
+
+
+# Allow out non-secure standard www function
+pass out quick on dc0 proto tcp from any to any port = 80 flags S keep state
+
+# Allow out secure www function https over TLS SSL
+pass out quick on dc0 proto tcp from any to any port = 443 flags S keep state
+
+# Allow out send & get email function
+pass out quick on dc0 proto tcp from any to any port = 110 flags S keep state
+pass out quick on dc0 proto tcp from any to any port = 25 flags S keep state
+
+# Allow out Time
+pass out quick on dc0 proto tcp from any to any port = 37 flags S keep state
+
+# Allow out nntp news
+pass out quick on dc0 proto tcp from any to any port = 119 flags S keep state
+
+# Allow out gateway & LAN users non-secure FTP ( both passive & active modes)
+# This function uses the IP<acronym>NAT</acronym> built in FTP proxy function coded in
+# the nat rules file to make this single rule function correctly.
+# If you want to use the pkg_add command to install application packages
+# on your gateway system you need this rule.
+pass out quick on dc0 proto tcp from any to any port = 21 flags S keep state
+
+# Allow out secure FTP, Telnet, and SCP
+# This function is using SSH (secure shell)
+pass out quick on dc0 proto tcp from any to any port = 22 flags S keep state
+
+# Allow out non-secure Telnet
+pass out quick on dc0 proto tcp from any to any port = 23 flags S keep state
+
+# Allow out FBSD CVSUP function
+pass out quick on dc0 proto tcp from any to any port = 5999 flags S keep state
+
+# Allow out ping to public Internet
+pass out quick on dc0 proto icmp from any to any icmp-type 8 keep state
+
+# Allow out whois for LAN PC to public Internet
+pass out quick on dc0 proto tcp from any to any port = 43 flags S keep state
+
+# Block and log only the first occurrence of everything
+# else that's trying to get out.
+# This rule enforces the block all by default logic.
+block out log first quick on dc0 all
+
+#################################################################
+# Interface facing Public Internet (Inbound Section)
+# Interrogate packets originating from the public Internet
+# destine for this gateway server or the private network.
+#################################################################
+
+# Block all inbound traffic from non-routable or reserved address spaces
+block in quick on dc0 from 192.168.0.0/16 to any #RFC 1918 private IP
+block in quick on dc0 from 172.16.0.0/12 to any #RFC 1918 private IP
+block in quick on dc0 from 10.0.0.0/8 to any #RFC 1918 private IP
+block in quick on dc0 from 127.0.0.0/8 to any #loopback
+block in quick on dc0 from 0.0.0.0/8 to any #loopback
+block in quick on dc0 from 169.254.0.0/16 to any #DHCP auto-config
+block in quick on dc0 from 192.0.2.0/24 to any #reserved for docs
+block in quick on dc0 from 204.152.64.0/23 to any #Sun cluster interconnect
+block in quick on dc0 from 224.0.0.0/3 to any #Class D & E multicast
+
+##### Block a bunch of different nasty things. ############
+# That I do not want to see in the log
+
+# Block frags
+block in quick on dc0 all with frags
+
+# Block short tcp packets
+block in quick on dc0 proto tcp all with short
+
+# block source routed packets
+block in quick on dc0 all with opt lsrr
+block in quick on dc0 all with opt ssrr
+
+# Block nmap OS fingerprint attempts
+# Log first occurrence of these so I can get their IP address
+block in log first quick on dc0 proto tcp from any to any flags FUP
+
+# Block anything with special options
+block in quick on dc0 all with ipopts
+
+# Block public pings
+block in quick on dc0 proto icmp all icmp-type 8
+
+# Block ident
+block in quick on dc0 proto tcp from any to any port = 113
+
+# Block all Netbios service. 137=name, 138=datagram, 139=session
+# Netbios is MS/Windows sharing services.
+# Block MS/Windows hosts2 name server requests 81
+block in log first quick on dc0 proto tcp/udp from any to any port = 137
+block in log first quick on dc0 proto tcp/udp from any to any port = 138
+block in log first quick on dc0 proto tcp/udp from any to any port = 139
+block in log first quick on dc0 proto tcp/udp from any to any port = 81
+
+# Allow traffic in from ISP's DHCP server. This rule must contain
+# the IP address of your ISP's DHCP server as it's the only
+# authorized source to send this packet type. Only necessary for
+# cable or DSL configurations. This rule is not needed for
+# 'user ppp' type connection to the public Internet.
+# This is the same IP address you captured and
+# used in the outbound section.
+pass in quick on dc0 proto udp from z.z.z.z to any port = 68 keep state
+
+# Allow in standard www function because I have apache server
+pass in quick on dc0 proto tcp from any to any port = 80 flags S keep state
+
+# Allow in non-secure Telnet session from public Internet
+# labeled non-secure because ID/PW passed over public Internet as clear text.
+# Delete this sample group if you do not have telnet server enabled.
+#pass in quick on dc0 proto tcp from any to any port = 23 flags S keep state
+
+# Allow in secure FTP, Telnet, and SCP from public Internet
+# This function is using SSH (secure shell)
+pass in quick on dc0 proto tcp from any to any port = 22 flags S keep state
+
+# Block and log only first occurrence of all remaining traffic
+# coming into the firewall. The logging of only the first
+# occurrence stops a .denial of service. attack targeted
+# at filling up your log file space.
+# This rule enforces the block all by default logic.
+block in log first quick on dc0 all
+################### End of rules file #####################################</programlisting>
+ </sect2>
+
+ <sect2>
+ <title><acronym>NAT</acronym></title>
+
+ <indexterm><primary>NAT</primary></indexterm>
+
+ <indexterm>
+ <primary>IP masquerading</primary>
+
+ <see>NAT</see>
+ </indexterm>
+
+ <indexterm>
+ <primary>network address translation</primary>
+
+ <see>NAT</see>
+ </indexterm>
+
+ <para><acronym>NAT</acronym> stands for Network Address
+ Translation. To those familiar with &linux;, this concept is
+ called IP Masquerading; <acronym>NAT</acronym> and IP
+ Masquerading are the same thing. One of the many things the
+ IPF <acronym>NAT</acronym> function enables is the ability to
+ have a private Local Area Network (LAN) behind the firewall
+ sharing a single ISP assigned IP address on the public
+ Internet.</para>
+
+ <para>You may ask why would someone want to do this. ISPs
+ normally assign a dynamic IP address to their non-commercial
+ users. Dynamic means that the IP address can be different each
+ time you dial in and log on to your ISP, or for cable and DSL
+ modem users when you power off and then power on your modems
+ you can get assigned a different IP address. This IP address
+ is how you are known to the public Internet.</para>
+
+ <para>Now lets say you have five PCs at home and each one needs
+ Internet access. You would have to pay your ISP for an
+ individual Internet account for each PC and have five phone
+ lines.</para>
+
+ <para>With <acronym>NAT</acronym> you only need a single account
+ with your ISP, then cable your other four PCs to a switch and
+ the switch to the NIC in your &os; system which is going to
+ service your LAN as a gateway. <acronym>NAT</acronym> will
+ automatically translate the private LAN IP address for each
+ separate PC on the LAN to the single public IP address as it
+ exits the firewall bound for the public Internet. It also does
+ the reverse translation for returning packets.</para>
+
+ <para><acronym>NAT</acronym> is most often accomplished without
+ the approval, or knowledge, of your ISP and in most cases is
+ grounds for your ISP terminating your account if found out.
+ Commercial users pay a lot more for their Internet connection
+ and usually get assigned a block of static IP address which
+ never change. The ISP also expects and consents to their
+ Commercial customers using <acronym>NAT</acronym> for their
+ internal private LANs.</para>
+
+ <para>There is a special range of IP addresses reserved for
+ <acronym>NAT</acronym>ed private LAN IP address. According to
+ RFC 1918, you can use the following IP ranges for private nets
+ which will never be routed directly to the public
+ Internet:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+
+ <colspec colwidth="1*">
+
+ <colspec colwidth="1*">
+
+ <tbody>
+ <row>
+ <entry>Start IP <hostid role="ipaddr">10.0.0.0</hostid></entry>
+
+ <entry>-</entry>
+
+ <entry>Ending IP <hostid role="ipaddr">10.255.255.255</hostid></entry>
+ </row>
+
+ <row>
+ <entry>Start IP <hostid role="ipaddr">172.16.0.0</hostid></entry>
+
+ <entry>-</entry>
+
+ <entry>Ending IP <hostid role="ipaddr">172.31.255.255</hostid></entry>
+ </row>
+
+ <row>
+ <entry>Start IP <hostid role="ipaddr">192.168.0.0</hostid></entry>
+
+ <entry>-</entry>
+
+ <entry>Ending IP <hostid role="ipaddr">192.168.255.255</hostid></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
+ <sect2>
+ <title>IP<acronym>NAT</acronym></title>
+
+ <indexterm>
+ <primary>NAT</primary>
+
+ <secondary>and IPFILTER</secondary>
+ </indexterm>
+
+ <indexterm><primary><command>ipnat</command></primary></indexterm>
+
+ <para><acronym>NAT</acronym> rules are loaded by using the
+ <command>ipnat</command> command. Typically the
+ <acronym>NAT</acronym> rules are stored in
+ <filename>/etc/ipnat.rules</filename>. See &man.ipnat.1; for
+ details.</para>
+
+ <para>When changing the <acronym>NAT</acronym> rules after
+ <acronym>NAT</acronym> has been started, make your changes to
+ the file containing the NAT rules, then run ipnat command with
+ the <option>-CF</option> flags to delete the internal in use
+ <acronym>NAT</acronym> rules and flush the contents of the
+ translation table of all active entries.</para>
+
+ <para>To reload the <acronym>NAT</acronym> rules issue a command
+ like this:</para>
+
+ <screen>&prompt.root; <userinput>ipnat -CF -f /etc/ipnat.rules</userinput></screen>
+
+ <para>To display some statistics about your
+ <acronym>NAT</acronym>, use this command:</para>
+
+ <screen>&prompt.root; <userinput>ipnat -s</userinput></screen>
+
+ <para>To list the <acronym>NAT</acronym> table's current
+ mappings, use this command:</para>
+
+ <screen>&prompt.root; <userinput>ipnat -l</userinput></screen>
+
+ <para>To turn verbose mode on, and display information relating
+ to rule processing and active rules/table entries:</para>
+
+ <screen>&prompt.root; <userinput>ipnat -v</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>IP<acronym>NAT</acronym> Rules</title>
+
+ <para><acronym>NAT</acronym> rules are very flexible and can
+ accomplish many different things to fit the needs of commercial
+ and home users.</para>
+
+ <para>The rule syntax presented here has been simplified to what
+ is most commonly used in a non-commercial environment. For a
+ complete rule syntax description see the &man.ipnat.5; manual
+ page.</para>
+
+ <para>The syntax for a <acronym>NAT</acronym> rule looks
+ something like this:</para>
+
+ <programlisting>map <replaceable>IF</replaceable> <replaceable>LAN_IP_RANGE</replaceable> -> <replaceable>PUBLIC_ADDRESS</replaceable></programlisting>
+
+ <para>The keyword <literal>map</literal> starts the rule.</para>
+
+ <para>Replace <replaceable>IF</replaceable> with the external
+ interface.</para>
+
+ <para>The <replaceable>LAN_IP_RANGE</replaceable> is what your
+ internal clients use for IP Addressing, usually this is
+ something like <hostid
+ role="ipaddr">192.168.1.0/24</hostid>.</para>
+
+ <para>The <replaceable>PUBLIC_ADDRESS</replaceable> can either
+ be the external IP address or the special keyword
+ <literal>0/32</literal>, which means to use the IP address
+ assigned to <replaceable>IF</replaceable>.</para>
+ </sect2>
+
+ <sect2>
+ <title>How <acronym>NAT</acronym> works</title>
+
+ <para>A packet arrives at the firewall from the LAN with a public
+ destination. It passes through the outbound filter rules,
+ <acronym>NAT</acronym> gets his turn at the packet and applies
+ its rules top down, first matching rule wins.
+ <acronym>NAT</acronym> tests each of its rules against the
+ packets interface name and source IP address. When a packets
+ interface name matches a <acronym>NAT</acronym> rule then the
+ [source IP address, i.e. private LAN IP address] of the packet
+ is checked to see if it falls within the IP address range
+ specified to the left of the arrow symbol on the
+ <acronym>NAT</acronym> rule. On a match the packet has its
+ source IP address rewritten with the public IP address
+ obtained by the <literal>0/32</literal> keyword.
+ <acronym>NAT</acronym> posts a entry in its internal
+ <acronym>NAT</acronym> table so when the packet returns from
+ the public Internet it can be mapped back to its original
+ private IP address and then passed to the filter rules for
+ processing.</para>
+ </sect2>
+
+ <sect2>
+ <title>Enabling IP<acronym>NAT</acronym></title>
+
+ <para>To enable IP<acronym>NAT</acronym> add these statements to
+ <filename>/etc/rc.conf</filename>.</para>
+
+ <para>To enable your machine to route traffic between
+ interfaces:</para>
+
+ <programlisting>gateway_enable="YES"</programlisting>
+
+ <para>To start IP<acronym>NAT</acronym> automatically each
+ time:</para>
+
+ <programlisting>ipnat_enable="YES"</programlisting>
+
+ <para>To specify where to load the IP<acronym>NAT</acronym> rules
+ from:</para>
+
+ <programlisting>ipnat_rules="/etc/ipnat.rules"</programlisting>
+ </sect2>
+
+ <sect2>
+ <title><acronym>NAT</acronym> for a very large LAN</title>
+
+ <para>For networks that have large numbers of PC's on the LAN or
+ networks with more than a single LAN, the process of funneling
+ all those private IP addresses into a single public IP address
+ becomes a resource problem that may cause problems with the
+ same port numbers being used many times across many
+ <acronym>NAT</acronym>ed LAN PC's, causing collisions. There
+ are two ways to relieve this resource problem.</para>
+
+ <sect3>
+ <title>Assigning Ports to Use</title>
+
+ <!-- What does it mean ? Is there something missing ?-->
+ <!-- XXXBLAH <- Apparently you can't start a sect
+ with a <programlisting> tag ?-->
+
+ <para>A normal NAT rule would look like:</para>
+
+ <programlisting>map dc0 192.168.1.0/24 -> 0/32</programlisting>
+
+ <para>In the above rule the packet's source port is unchanged
+ as the packet passes through IP<acronym>NAT</acronym>. By
+ adding the portmap keyword you can tell
+ IP<acronym>NAT</acronym> to only use source ports in a range.
+ For example the following rule will tell
+ IP<acronym>NAT</acronym> to modify the source port to be
+ within that range:</para>
+
+ <programlisting>map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000</programlisting>
+
+ <para>Additionally we can make things even easier by using the
+ <literal>auto</literal> keyword to tell
+ IP<acronym>NAT</acronym> to determine by itself which ports
+ are available to use:</para>
+
+ <programlisting>map dc0 192.168.1.0/24 -> 0/32 portmap tcp/udp auto</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Using a pool of public addresses</title>
+
+ <para>In very large LANs there comes a point where there are
+ just too many LAN addresses to fit into a single public
+ address. By changing the following rule:</para>
+
+ <programlisting>map dc0 192.168.1.0/24 -> 204.134.75.1</programlisting>
+
+ <para>Currently this rule maps all connections through <hostid
+ role="ipaddr">204.134.75.1</hostid>. This can be changed
+ to specify a range:</para>
+
+ <programlisting>map dc0 192.168.1.0/24 -> 204.134.75.1-10</programlisting>
+
+ <para>Or a subnet using CIDR notation such as:</para>
+
+ <programlisting>map dc0 192.168.1.0/24 -> 204.134.75.0/24</programlisting>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Port Redirection</title>
+
+ <para>A very common practice is to have a web server, email
+ server, database server and DNS server each segregated to a
+ different PC on the LAN. In this case the traffic from these
+ servers still have to be <acronym>NAT</acronym>ed, but there
+ has to be some way to direct the inbound traffic to the
+ correct LAN PCs. IP<acronym>NAT</acronym> has the redirection
+ facilities of <acronym>NAT</acronym> to solve this problem.
+ Lets say you have your web server on LAN address <hostid
+ role="ipaddr">10.0.10.25</hostid> and your single public IP
+ address is <hostid role="ipaddr">20.20.20.5</hostid> you would
+ code the rule like this:</para>
+
+ <programlisting>rdr dc0 20.20.20.5/32 port 80 -> 10.0.10.25 port 80</programlisting>
+
+ <para>or:</para>
+
+ <programlisting>rdr dc0 0/32 port 80 -> 10.0.10.25 port 80</programlisting>
+
+ <para>or for a LAN DNS Server on LAN address of <hostid
+ role="ipaddr">10.0.10.33</hostid> that needs to receive
+ public DNS requests:</para>
+
+ <programlisting>rdr dc0 20.20.20.5/32 port 53 -> 10.0.10.33 port 53 udp</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>FTP and <acronym>NAT</acronym></title>
+
+ <para>FTP is a dinosaur left over from the time before the
+ Internet as it is known today, when research universities were
+ leased lined together and FTP was used to share files among
+ research Scientists. This was a time when data security was
+ not a consideration. Over the years the FTP protocol became
+ buried into the backbone of the emerging Internet and its
+ username and password being sent in clear text was never
+ changed to address new security concerns. FTP has two flavors,
+ it can run in active mode or passive mode. The difference is
+ in how the data channel is acquired. Passive mode is more
+ secure as the data channel is acquired be the ordinal ftp
+ session requester. For a real good explanation of FTP and the
+ different modes see <ulink
+ url="http://www.slacksite.com/other/ftp.html"></ulink>.</para>
+
+ <sect3>
+ <title>IP<acronym>NAT</acronym> Rules</title>
+
+ <para>IP<acronym>NAT</acronym> has a special built in FTP proxy
+ option which can be specified on the <acronym>NAT</acronym>
+ map rule. It can monitor all outbound packet traffic for FTP
+ active or passive start session requests and dynamically
+ create temporary filter rules containing only the port number
+ really in use for the data channel. This eliminates the
+ security risk FTP normally exposes the firewall to from
+ having large ranges of high order port numbers open.</para>
+
+ <para>This rule will handle all the traffic for the internal
+ LAN:</para>
+
+ <programlisting>map dc0 10.0.10.0/29 -> 0/32 proxy port 21 ftp/tcp</programlisting>
+
+ <para>This rule handles the FTP traffic from the
+ gateway:</para>
+
+ <programlisting>map dc0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp</programlisting>
+
+ <para>This rule handles all non-FTP traffic from the internal
+ LAN:</para>
+
+ <programlisting>map dc0 10.0.10.0/29 -> 0/32</programlisting>
+
+ <para>The FTP map rule goes before our regular map rule. All
+ packets are tested against the first rule from the top.
+ Matches on interface name, then private LAN source IP
+ address, and then is it a FTP packet. If all that matches
+ then the special FTP proxy creates temp filter rules to let
+ the FTP session packets pass in and out, in addition to also
+ <acronym>NAT</acronym>ing the FTP packets. All LAN packets
+ that are not FTP do not match the first rule and fall
+ through to the third rule and are tested, matching on
+ interface and source IP, then are
+ <acronym>NAT</acronym>ed.</para>
+ </sect3>
+
+ <sect3>
+ <title>IP<acronym>NAT</acronym> FTP Filter Rules</title>
+
+ <para>Only one filter rule is needed for FTP if the
+ <acronym>NAT</acronym> FTP proxy is used.</para>
+
+ <para>Without the FTP Proxy you will need the following three
+ rules:</para>
+
+ <programlisting># Allow out LAN PC client FTP to public Internet
+# Active and passive modes
+pass out quick on rl0 proto tcp from any to any port = 21 flags S keep state
+
+# Allow out passive mode data channel high order port numbers
+pass out quick on rl0 proto tcp from any to any port > 1024 flags S keep state
+
+# Active mode let data channel in from FTP server
+pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>FTP <acronym>NAT</acronym> Proxy Bug</title>
+
+ <para>As of &os; 4.9 which includes IPFILTER version 3.4.31
+ the FTP proxy works as documented during the FTP session
+ until the session is told to close. When the close happens
+ packets returning from the remote FTP server are blocked and
+ logged coming in on port 21. The <acronym>NAT</acronym>
+ FTP/proxy appears to remove its temp rules prematurely,
+ before receiving the response from the remote FTP server
+ acknowledging the close. A problem report was posted to the
+ IPF mailing list.</para>
+
+ <para>The solution is to add a filter rule to get rid of these
+ unwanted log messages or do nothing and ignore FTP inbound
+ error messages in your log. Most people do not use outbound
+ FTP too often.</para>
+
+ <programlisting>block in quick on rl0 proto tcp from any to any port = 21</programlisting>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="firewalls-ipfw">
+ <title>IPFW</title>
+
+ <indexterm>
+ <primary>firewall</primary>
+
+ <secondary>IPFW</secondary>
+ </indexterm>
+
+ <note>
+ <para>This section is work in progress. The contents might
+ not be accurate at all times.</para>
+ </note>
+
+ <para>The IPFIREWALL (IPFW) is a &os; sponsored firewall software
+ application authored and maintained by &os; volunteer staff
+ members. It uses the legacy stateless rules and a legacy rule
+ coding technique to achieve what is referred to as Simple
+ Stateful logic.</para>
+
+ <para>The IPFW sample rule set (found in
+ <filename>/etc/rc.firewall</filename>) in the standard &os;
+ install is rather simple and it is not expected that it used
+ directly without modifications. The example does not use
+ stateful filtering, which is beneficial in most setups, so it
+ will not be used as base for this section.</para>
+
+ <para>The IPFW stateless rule syntax is empowered with technically
+ sophisticated selection capabilities which far surpasses the
+ knowledge level of the customary firewall installer. IPFW is
+ targeted at the professional user or the advanced technical
+ computer hobbyist who have advanced packet selection
+ requirements. A high degree of detailed knowledge into how
+ different protocols use and create their unique packet header
+ information is necessary before the power of the IPFW rules can
+ be unleashed. Providing that level of explanation is out of the
+ scope of this section of the handbook.</para>
+
+ <para>IPFW is composed of seven components, the primary component
+ is the kernel firewall filter rule processor and its integrated
+ packet accounting facility, the logging facility, the 'divert'
+ rule which triggers the <acronym>NAT</acronym> facility, and the
+ advanced special purpose facilities, the dummynet traffic shaper
+ facilities, the 'fwd rule' forward facility, the bridge
+ facility, and the ipstealth facility.</para>
+
+ <sect2 id="firewalls-ipfw-enable">
+ <title>Enabling IPFW</title>
+
+ <indexterm>
+ <primary>IPFW</primary>
+
+ <secondary>enabling</secondary>
+ </indexterm>
+
+ <para>IPFW is included in the basic &os; install as a separate
+ run time loadable module. The system will dynamically load the
+ kernel module when the <filename>rc.conf</filename> statement
+ <literal>firewall_enable="YES"</literal> is used. You do not
+ need to compile IPFW into the &os; kernel unless you want
+ <acronym>NAT</acronym> function enabled.</para>
+
+ <para>After rebooting your system with
+ <literal>firewall_enable="YES"</literal> in
+ <filename>rc.conf</filename> the following white highlighted
+ message is displayed on the screen as part of the boot
+ process:</para>
+
+ <screen>ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled</screen>
+
+ <para>The loadable module does have logging ability
+ compiled in. To enable logging and set the verbose logging
+ limit, there is a knob you can set in
+ <filename>/etc/sysctl.conf</filename> by adding these
+ statements, logging will be enabled on future reboots:</para>
+
+ <programlisting>net.inet.ip.fw.verbose=1
+net.inet.ip.fw.verbose_limit=5</programlisting>
+ </sect2>
+
+ <sect2 id="firewalls-ipfw-kernel">
+ <title>Kernel Options</title>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPFIREWALL</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPFIREWALL_VERBOSE</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPFIREWALL_VERBOSE_LIMIT</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>IPFW</primary>
+
+ <secondary>kernel options</secondary>
+ </indexterm>
+
+ <para>It is not a mandatory requirement that you enable IPFW by
+ compiling the following options into the &os; kernel unless
+ you need <acronym>NAT</acronym> function. It is presented here
+ as background information.</para>
+
+ <programlisting>options IPFIREWALL</programlisting>
+
+ <para>This option enables IPFW as part of the kernel</para>
+
+ <programlisting>options IPFIREWALL_VERBOSE</programlisting>
+
+ <para>Enables logging of packets that pass through IPFW and have
+ the 'log' keyword specified in the rule set.</para>
+
+ <programlisting>options IPFIREWALL_VERBOSE_LIMIT=5</programlisting>
+
+ <para>Limits the number of packets logged through &man.syslogd.8;
+ on a per entry basis. You may wish to use this option in
+ hostile environments which you want to log firewall activity.
+ This will close a possible denial of service attack via syslog
+ flooding.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPFIREWALL_DEFAULT_TO_ACCEPT</secondary>
+ </indexterm>
+
+ <programlisting>options IPFIREWALL_DEFAULT_TO_ACCEPT</programlisting>
+
+ <para>This option will allow everything to pass through the
+ firewall by default, which is a good idea when you are first
+ setting up your firewall.</para>
+
+ <programlisting>options IPV6FIREWALL
+options IPV6FIREWALL_VERBOSE
+options IPV6FIREWALL_VERBOSE_LIMIT
+options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
+
+ <para>These options are exactly the same as the IPv4 options but
+ they are for IPv6. If you do not use IPv6 you might want to
+ use IPV6FIREWALL without any rules to block all IPv6</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+
+ <secondary>IPDIVERT</secondary>
+ </indexterm>
+
+ <programlisting>options IPDIVERT</programlisting>
+
+ <para>This enables the use of <acronym>NAT</acronym>
+ functionality.</para>
+
+ <note>
+ <para>If you do not include IPFIREWALL_DEFAULT_TO_ACCEPT or set
+ your rules to allow incoming packets you will block all
+ packets going to and from this machine.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="firewalls-ipfw-rc">
+ <title><filename>/etc/rc.conf</filename> Options</title>
+
+ <para>If you do not have IPFW compiled into your kernel you will
+ need to load it with the following statement in your
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>firewall_enable="YES"</programlisting>
+
+ <para>Set the script to run to activate your rules:</para>
+
+ <programlisting>firewall_script="/etc/ipfw.rules"</programlisting>
+
+ <para>Enable logging:</para>
+
+ <programlisting>firewall_logging="YES"</programlisting>
+
+ <warning>
+ <para>The only thing that the
+ <varname>firewall_logging</varname> variable will do is
+ setting the <varname>net.inet.ip.fw.verbose</varname> sysctl
+ variable to the value of <literal>1</literal> (see <xref
+ linkend="firewalls-ipfw-enable">). There is no
+ <filename>rc.conf</filename> variable to set log limitations,
+ but it can be set via sysctl variable, manually or from the
+ <filename>/etc/sysctl.conf</filename> file:</para>
+
+ <programlisting>net.inet.ip.fw.verbose_limit=5</programlisting>
+ </warning>
+
+ <para>If your machine is acting as a gateway, i.e. providing
+ Network Address Translation (NAT) via &man.natd.8;, please
+ refer to <xref linkend="network-natd"> for information
+ regarding the required <filename>/etc/rc.conf</filename>
+ options.</para>
+ </sect2>
+
+ <sect2 id="firewalls-ipfw-cmd">
+ <title>The IPFW Command</title>
+
+ <indexterm><primary><command>ipfw</command></primary></indexterm>
+
+ <para>The ipfw command is the normal vehicle for making manual
+ single rule additions or deletions to the firewall active
+ internal rules while it is running. The problem with using
+ this method is once your system is shutdown or halted all the
+ rules you added or changed or deleted are lost. Writing all
+ your rules in a file and using that file to load the rules at
+ boot time, or to replace in mass the currently running firewall
+ rules with changes you made to the files content is the
+ recommended method used here.</para>
+
+ <para>The ipfw command is still a very useful to display the
+ running firewall rules to the console screen. The IPFW
+ accounting facility dynamically creates a counter for each
+ rule that counts each packet that matches the rule. During the
+ process of testing a rule, listing the rule with its counter
+ is the one of the ways of determining if the rule is
+ functioning.</para>
+
+ <para>To list all the rules in sequence:</para>
+
+ <screen>&prompt.root; <userinput>ipfw list</userinput></screen>
+
+ <para>To list all the rules with a time stamp of when the last
+ time the rule was matched:</para>
+
+ <screen>&prompt.root; <userinput>ipfw -t list</userinput></screen>
+
+ <para>To list the accounting information, packet count for
+ matched rules along with the rules themselves. The first
+ column is the rule number, followed by the number of outgoing
+ matched packets, followed by the number of incoming matched
+ packets, and then the rule itself.</para>
+
+ <screen>&prompt.root; <userinput>ipfw -a list</userinput></screen>
+
+ <para>List the dynamic rules in addition to the static
+ rules:</para>
+
+ <screen>&prompt.root; <userinput>ipfw -d list</userinput></screen>
+
+ <para>Also show the expired dynamic rules:</para>
+
+ <screen>&prompt.root; <userinput>ipfw -d -e list</userinput></screen>
+
+ <para>Zero the counters:</para>
+
+ <screen>&prompt.root; <userinput>ipfw zero</userinput></screen>
+
+ <para>Zero the counters for just rule
+ <replaceable>NUM</replaceable>:</para>
+
+ <screen>&prompt.root; <userinput>ipfw zero NUM</userinput></screen>
+ </sect2>
+
+ <sect2 id="firewalls-ipfw-rules">
+ <title>IPFW Rule Sets</title>
+
+ <!-- XXX: looks incorrect (and duplicated 2 times in this chapter):
+ 1. Packet can be processed two times depend of firewall
+ firewall configuration, but "return trip back" is
+ another packet.
+ 2. "Each TCP/IP service ... is predefined by its protocol ..."
+ - this shold be about packet and it's parameters
+ (source/destination address and port). -->
+
+ <para>A rule set is a group of ipfw rules coded to allow or deny
+ packets based on the values contained in the packet. The
+ bi-directional exchange of packets between hosts comprises a
+ session conversation. The firewall rule set processes the
+ packet twice: once on its arrival from the public Internet host
+ and again as it leaves for its return trip back to the public
+ Internet host. Each tcp/ip service (i.e. telnet, www, mail,
+ etc.) is predefined by its protocol, and port number. This is
+ the basic selection criteria used to create rules which will
+ allow or deny services.</para>
+
+ <indexterm>
+ <primary>IPFW</primary>
+
+ <secondary>rule processing order</secondary>
+ </indexterm>
+
+ <!-- Needs rewording to include note below -->
+
+ <para>When a packet enters the firewall it is compared against
+ the first rule in the rule set and progress one rule at a time
+ moving from top to bottom of the set in ascending rule number
+ sequence order. When the packet matches a rule selection
+ parameters, the rules action field value is executed and the
+ search of the rule set terminates for that packet. This is
+ referred to as <quote>the first match wins</quote> search
+ method. If the packet does not match any of the rules, it gets
+ caught by the mandatory ipfw default rule, number 65535 which
+ denies all packets and discards them without any reply back to
+ the originating destination.</para>
+
+ <note>
+ <para>The search continues after <literal>count</literal>,
+ <literal>skipto</literal> and <literal>tee</literal>
+ rules.</para>
+ </note>
+
+ <para>The instructions contained here are based on using rules
+ that contain the stateful 'keep state', 'limit', 'in'/'out',
+ and via options. This is the basic framework for coding an
+ inclusive type firewall rule set.</para>
+
+ <!-- XXX: something like this already in
+ <xref linkend="firewalls-concepts">
+ AND: the para below is repeated 3 times in this chapter. -->
+
+ <para>An inclusive firewall only allows services matching the
+ rules through. This way you can control what services can
+ originate behind the firewall destine for the public Internet
+ and also control the services which can originate from the
+ public Internet accessing your private network. Everything
+ else is denied by default design. Inclusive firewalls are
+ much, much more secure than exclusive firewall rule sets and
+ is the only rule set type covered here in.</para>
+
+ <warning>
+ <para>When working with the firewall rules be careful, you can
+ end up locking your self out.</para>
+ </warning>
+
+ <sect3 id="firewalls-ipfw-rules-syntax">
+ <title>Rule Syntax</title>
+
+ <indexterm>
+ <primary>IPFW</primary>
+
+ <secondary>rule syntax</secondary>
+ </indexterm>
+
+ <para>The rule syntax presented here has been simplified to
+ what is necessary to create a standard inclusive type
+ firewall rule set. For a complete rule syntax description
+ see the &man.ipfw.8; manual page.</para>
+
+ <para>Rules contain keywords: these keywords have to be coded
+ in a specific order from left to right on the line. Keywords
+ are identified in bold type. Some keywords have sub-options
+ which may be keywords them selves and also include more
+ sub-options.</para>
+
+ <para><literal>#</literal> is used to mark the start of a
+ comment and may appear at the end of a rule line or on its
+ own lines. Blank lines are ignored.</para>
+
+ <para><replaceable>CMD RULE_NUMBER ACTION LOGGING SELECTION
+ STATEFUL</replaceable></para>
+
+ <sect4>
+ <title>CMD</title>
+
+ <para>Each new rule has to be prefixed with
+ <parameter>add</parameter> to add the
+ rule to the internal table.</para>
+ </sect4>
+
+ <sect4>
+ <title>RULE_NUMBER</title>
+
+ <para>Each rule has to have a rule number to go with
+ it.</para>
+ </sect4>
+
+ <sect4>
+ <title>ACTION</title>
+
+ <para>A rule can be associated with one of the following
+ actions, which will be executed when the packet matches
+ the selection criterion of the rule.</para>
+
+ <para><parameter>allow | accept | pass |
+ permit</parameter></para>
+
+ <para>These all mean the same thing which is to allow packets
+ that match the rule to exit the firewall rule processing.
+ The search terminates at this rule.</para>
+
+ <para><parameter>check-state</parameter></para>
+
+ <para>Checks the packet against the dynamic rules table. If
+ a match is found, execute the action associated with the
+ rule which generated this dynamic rule, otherwise move to
+ the next rule. The check-state rule does not have
+ selection criterion. If no check-state rule is present in
+ the rule set, the dynamic rules table is checked at the
+ first keep-state or limit rule.</para>
+
+ <para><parameter>deny | drop</parameter></para>
+
+ <para>Both words mean the same thing which is to discard
+ packets that match this rule. The search
+ terminates.</para>
+ </sect4>
+
+ <sect4>
+ <title>Logging</title>
+
+ <para><parameter>log</parameter> or
+ <parameter>logamount</parameter></para>
+
+ <para>When a packet matches a rule with the log keyword, a
+ message will be logged to syslogd with a facility name of
+ SECURITY. The logging only occurs if the number of
+ packets logged so far for that particular rule does not
+ exceed the logamount parameter. If no logamount is
+ specified, the limit is taken from the sysctl variable
+ net.inet.ip.fw.verbose_limit. In both cases, a value of
+ zero removes the logging limit. Once the limit is
+ reached, logging can be re-enabled by clearing the
+ logging counter or the packet counter for that rule, see
+ the ipfw reset log command.</para>
+
+ <note>
+ <para>Logging is done after
+ all other packet matching conditions have been
+ successfully verified, and before performing the final
+ action (accept, deny) on the packet. It is up to you to
+ decide which rules you want to enable logging on.</para>
+ </note>
+ </sect4>
+
+ <sect4>
+ <title>Selection</title>
+
+ <para>The keywords described in this section are used to
+ describe attributes of the packet to be interrogated when
+ determining whether rules match the packet or not.
+ The following general-purpose attributes are provided for
+ matching, and must be used in this order:</para>
+
+ <para><parameter>udp | tcp | icmp</parameter></para>
+
+ <para>or any protocol names found in
+ <filename>/etc/protocols</filename> are recognized and may
+ be used. The value specified is protocol to be matched
+ against. This is a mandatory requirement.</para>
+
+ <para><parameter>from src to dst</parameter></para>
+
+ <para>The from and to keywords are used to match against IP
+ addresses. Rules must specify BOTH source and destination
+ parameters. <literal>any</literal> is a special keyword
+ that matches any IP address. <literal>me</literal> is a
+ special keyword that matches any IP address configured on
+ an interface in your &os; system to represent the PC the
+ firewall is running on (i.e. this box) as in 'from me to
+ any' or 'from any to me' or 'from 0.0.0.0/0 to any' or
+ 'from any to 0.0.0.0/0' or 'from 0.0.0.0 to any' or 'from
+ any to 0.0.0.0' or 'from me to 0.0.0.0'. IP addresses are
+ specified as a dotted IP address numeric form/mask-length,
+ or as single dotted IP address numeric form. This is a
+ mandatory requirement. See this link for help on writing
+ mask-lengths. <ulink
+ url="http://jodies.de/ipcalc"></ulink></para>
+
+ <para><parameter>port number</parameter></para>
+
+ <para>For protocols which support port numbers (such as
+ <acronym>TCP</acronym> and UDP). It is mandatory that you
+ code the port number of the service you want to match
+ on. Service names (from
+ <filename>/etc/services</filename>) may be used instead of
+ numeric port values.</para>
+
+ <para><parameter>in | out</parameter></para>
+
+ <para>Matches incoming or outgoing packets, respectively.
+ The in and out are keywords and it is mandatory that you
+ code one or the other as part of your rule matching
+ criterion.</para>
+
+ <para><parameter>via IF</parameter></para>
+
+ <para>Matches packets going through the interface specified
+ by exact name. The <literal>via</literal> keyword causes
+ the interface to always be checked as part of the match
+ process.</para>
+
+ <para><parameter>setup</parameter></para>
+
+ <para>This is a mandatory keyword that identifies the session
+ start request for <acronym>TCP</acronym> packets.</para>
+
+ <para><parameter>keep-state</parameter></para>
+
+ <para>This is a mandatory> keyword. Upon a match, the
+ firewall will create a dynamic rule, whose default behavior
+ is to match bidirectional traffic between source and
+ destination IP/port using the same protocol.</para>
+
+ <para><parameter>limit {src-addr | src-port | dst-addr |
+ dst-port}</parameter></para>
+
+ <para>The firewall will only allow
+ <replaceable>N</replaceable> connections with the same set
+ of parameters as specified in the rule. One or more of
+ source and destination addresses and ports can be
+ specified. The 'limit' and 'keep-state' can not be used on
+ same rule. Limit provides the same stateful function as
+ 'keep-state' plus its own functions.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Stateful Rule Option</title>
+
+ <indexterm>
+ <primary>IPFW</primary>
+
+ <secondary>stateful filtering</secondary>
+ </indexterm>
+
+ <!-- XXX: duplicated -->
+
+ <para>Stateful filtering treats traffic as a bi-directional
+ exchange of packets comprising a session conversation. It
+ has the interrogation abilities to determine if the session
+ conversation between the originating sender and the
+ destination are following the valid procedure of
+ bi-directional packet exchange. Any packets that do not
+ properly fit the session conversation template are
+ automatically rejected as impostors.</para>
+
+ <para>'check-state' is used to identify where in the IPFW rules
+ set the packet is to be tested against the dynamic rules
+ facility. On a match the packet exits the firewall to
+ continue on its way and a new rule is dynamic created for
+ the next anticipated packet being exchanged during this
+ bi-directional session conversation. On a no match the
+ packet advances to the next rule in the rule set for
+ testing.</para>
+
+ <para>The dynamic rules facility is vulnerable to resource
+ depletion from a SYN-flood attack which would open a huge
+ number of dynamic rules. To counter this attack, &os;
+ version 4.5 added another new option named limit. This
+ option is used to limit the number of simultaneous session
+ conversations by interrogating the rules source or
+ destinations fields as directed by the limit option and
+ using the packet's IP address found there, in a search of
+ the open dynamic rules counting the number of times this
+ rule and IP address combination occurred, if this count is
+ greater that the value specified on the limit option, the
+ packet is discarded.</para>
+ </sect3>
+
+ <sect3>
+ <title>Logging Firewall Messages</title>
+
+ <indexterm>
+ <primary>IPFW</primary>
+
+ <secondary>logging</secondary>
+ </indexterm>
+
+ <para>The benefits of logging are obvious: it provides the
+ ability to review after the fact the rules you activated
+ logging on which provides information like, what packets had
+ been dropped, what addresses they came from, where they were
+ going, giving you a significant edge in tracking down
+ attackers.</para>
+
+ <para>Even with the logging facility enabled, IPFW will not
+ generate any rule logging on it's own. The firewall
+ administrator decides what rules in the rule set he wants
+ to log and adds the log verb to those rules. Normally only
+ deny rules are logged, like the deny rule for incoming
+ <acronym>ICMP</acronym> pings. It is very customary to
+ duplicate the ipfw default deny everything rule with the
+ log verb included as your last rule in the rule set. This
+ way you get to see all the packets that did not match any
+ of the rules in the rule set.</para>
+
+ <para>Logging is a two edged sword, if you are not careful, you
+ can lose yourself in the over abundance of log data and fill
+ your disk up with growing log files. DoS attacks that fill
+ up disk drives is one of the oldest attacks around. These
+ log message are not only written to syslogd, but also are
+ displayed on the root console screen and soon become very
+ annoying.</para>
+
+ <para>The <literal>IPFIREWALL_VERBOSE_LIMIT=5</literal>
+ kernel option limits the number of consecutive messages
+ sent to the system logger syslogd, concerning the packet
+ matching of a given rule. When this option is enabled in
+ the kernel, the number of consecutive messages concerning
+ a particular rule is capped at the number specified. There
+ is nothing to be gained from 200 log messages saying the
+ same identical thing. For instance, five consecutive
+ messages concerning a particular rule would be logged to
+ syslogd, the remainder identical consecutive messages would
+ be counted and posted to the syslogd with a phrase like
+ this:</para>
+
+ <programlisting>last message repeated 45 times</programlisting>
+
+ <para>All logged packets messages are written by default to
+ <filename>/var/log/security</filename> file, which is defined
+ in the <filename>/etc/syslog.conf</filename> file.</para>
+ </sect3>
+
+ <sect3 id="firewalls-ipfw-rules-script">
+ <title>Building a Rule Script</title>
+
+ <para>Most experienced IPFW users create a file containing the
+ rules and code them in a manner compatible with running them
+ as a script. The major benefit of doing this is the firewall
+ rules can be refreshed in mass without the need of rebooting
+ the system to activate the new rules. This method is very
+ convenient in testing new rules as the procedure can be
+ executed as many times as needed. Being a script, you can
+ use symbolic substitution to code frequent used values and
+ substitution them in multiple rules. You will see this in
+ the following example.</para>
+
+ <para>The script syntax used here is compatible with the 'sh',
+ 'csh', 'tcsh' shells. Symbolic substitution fields are
+ prefixed with a dollar sign &dollar;. Symbolic fields do not
+ have the &dollar; prefix. The value to populate the Symbolic
+ field must be enclosed to "double quotes".</para>
+
+ <para>Start your rules file like this:</para>
+
+ <programlisting>############### start of example ipfw rules script #############
+#
+ipfw -q -f flush # Delete all rules
+# Set defaults
+oif="tun0" # out interface
+odns="192.0.2.11" # ISP's DNS server IP address
+cmd="ipfw -q add " # build rule prefix
+ks="keep-state" # just too lazy to key this each time
+&dollar;cmd 00500 check-state
+&dollar;cmd 00502 deny all from any to any frag
+&dollar;cmd 00501 deny tcp from any to any established
+&dollar;cmd 00600 allow tcp from any to any 80 out via &dollar;oif setup &dollar;ks
+&dollar;cmd 00610 allow tcp from any to &dollar;odns 53 out via &dollar;oif setup &dollar;ks
+&dollar;cmd 00611 allow udp from any to &dollar;odns 53 out via &dollar;oif &dollar;ks
+################### End of example ipfw rules script ############</programlisting>
+
+ <para>That is all there is to it. The rules are not important
+ in this example, how the Symbolic substitution field are
+ populated and used are.</para>
+
+ <para>If the above example was in
+ <filename>/etc/ipfw.rules</filename> file, you could reload
+ these rules by entering on the command line.</para>
+
+ <screen>&prompt.root; <userinput>sh /etc/ipfw.rules</userinput></screen>
+
+ <para>The <filename>/etc/ipfw.rules</filename> file could be
+ located anywhere you want and the file could be named any
+ thing you would like.</para>
+
+ <para>The same thing could also be accomplished by running
+ these commands by hand:</para>
+
+ <screen>&prompt.root; <userinput>ipfw -q -f flush</userinput>
+&prompt.root; <userinput>ipfw -q add check-state</userinput>
+&prompt.root; <userinput>ipfw -q add deny all from any to any frag</userinput>
+&prompt.root; <userinput>ipfw -q add deny tcp from any to any established</userinput>
+&prompt.root; <userinput>ipfw -q add allow tcp from any to any 80 out via tun0 setup keep-state</userinput>
+&prompt.root; <userinput>ipfw -q add allow tcp from any to 192.0.2.11 53 out via tun0 setup keep-state</userinput>
+&prompt.root; <userinput>ipfw -q add 00611 allow udp from any to 192.0.2.11 53 out via tun0 keep-state</userinput></screen>
+ </sect3>
+
+ <sect3>
+ <title>Stateful Ruleset</title>
+
+ <para>The following non-<acronym>NAT</acronym>ed rule set is an
+ example of how to code a very secure 'inclusive' type of
+ firewall. An inclusive firewall only allows services
+ matching pass rules through and blocks all other by default.
+ All firewalls have at the minimum two interfaces which have
+ to have rules to allow the firewall to function.</para>
+
+ <para>All &unix; flavored operating systems, &os; included, are
+ designed to use interface <devicename>lo0</devicename> and IP
+ address <hostid role="ipaddr">127.0.0.1</hostid> for internal
+ communication with in the operating system. The firewall
+ rules must contain rules to allow free unmolested movement of
+ these special internally used packets.</para>
+
+ <para>The interface which faces the public Internet, is the one
+ which you code your rules to authorize and control access out
+ to the public Internet and access requests arriving from the
+ public Internet. This can be your ppp
+ <devicename>tun0</devicename> interface or your NIC that is
+ connected to your DSL or cable modem.</para>
+
+ <para>In cases where one or more than one NIC are connected to
+ a private LANs behind the firewall, those interfaces must
+ have rules coded to allow free unmolested movement of
+ packets originating from those LAN interfaces.</para>
+
+ <para>The rules should be first organized into three major
+ sections, all the free unmolested interfaces, public
+ interface outbound, and the public interface inbound.</para>
+
+ <para>The order of the rules in each of the public interface
+ sections should be in order of the most used rules being
+ placed before less often used rules with the last rule in
+ the section being a block log all packets on that interface
+ and direction.</para>
+
+ <para>The Outbound section in the following rule set only
+ contains 'allow' rules which contain selection values that
+ uniquely identify the service that is authorized for public
+ Internet access. All the rules have the, proto, port,
+ in/out, via and keep state option coded. The 'proto tcp'
+ rules have the 'setup' option included to identify the start
+ session request as the trigger packet to be posted to the
+ keep state stateful table.</para>
+
+ <para>The Inbound section has all the blocking of undesirable
+ packets first for two different reasons. First is these
+ things being blocked may be part of an otherwise valid packet
+ which may be allowed in by the later authorized service
+ rules. Second reason is that by having a rule that
+ explicitly blocks selected packets that I receive on an
+ infrequent bases and do not want to see in the log, this
+ keeps them from being caught by the last rule in the section
+ which blocks and logs all packets which have fallen through
+ the rules. The last rule in the section which blocks and
+ logs all packets is how you create the legal evidence needed
+ to prosecute the people who are attacking your system.</para>
+
+ <para>Another thing you should take note of, is there is no
+ response returned for any of the undesirable stuff, their
+ packets just get dropped and vanish. This way the attackers
+ has no knowledge if his packets have reached your system.
+ The less the attackers can learn about your system the more
+ secure it is. When you log packets with port numbers you do
+ not recognize, look the numbers up in
+ <filename>/etc/services/</filename> or go to <ulink
+ url="http://www.securitystats.com/tools/portsearch.php"></ulink>
+ and do a port number lookup to find what the purpose of that
+ port number is. Check out this link for port numbers used by
+ Trojans: <ulink
+ url="http://www.simovits.com/trojans/trojans.html"></ulink>.</para>
+ </sect3>
+
+ <sect3>
+ <title>An Example Inclusive Ruleset</title>
+
+ <para>The following non-<acronym>NAT</acronym>ed rule set is a
+ complete inclusive type ruleset. You can not go wrong using
+ this rule set for you own. Just comment out any pass rules
+ for services you do not want. If you see messages in your
+ log that you want to stop seeing just add a deny rule in the
+ inbound section. You have to change the 'dc0' interface name
+ in every rule to the interface name of the NIC that connects
+ your system to the public Internet. For user ppp it would be
+ 'tun0'.</para>
+
+ <para>You will see a pattern in the usage of these
+ rules.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>All statements that are a request to start a session
+ to the public Internet use keep-state.</para>
+ </listitem>
+
+ <listitem>
+ <para>All the authorized services that originate from the
+ public Internet have the limit option to stop
+ flooding.</para>
+ </listitem>
+
+ <listitem>
+ <para>All rules use in or out to clarify direction.</para>
+ </listitem>
+
+ <listitem>
+ <para>All rules use via interface name to specify the
+ interface the packet is traveling over.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following rules go into
+ <filename>/etc/ipfw.rules</filename>.</para>
+
+ <programlisting>################ Start of IPFW rules file ###############################
+# Flush out the list before we begin.
+ipfw -q -f flush
+
+# Set rules command prefix
+cmd="ipfw -q add"
+pif="dc0" # public interface name of NIC
+ # facing the public Internet
+
+#################################################################
+# No restrictions on Inside LAN Interface for private network
+# Not needed unless you have LAN.
+# Change xl0 to your LAN NIC interface name
+#################################################################
+#&dollar;cmd 00005 allow all from any to any via xl0
+
+#################################################################
+# No restrictions on Loopback Interface
+#################################################################
+&dollar;cmd 00010 allow all from any to any via lo0
+
+#################################################################
+# Allow the packet through if it has previous been added to the
+# the "dynamic" rules table by a allow keep-state statement.
+#################################################################
+&dollar;cmd 00015 check-state
+
+#################################################################
+# Interface facing Public Internet (Outbound Section)
+# Interrogate session start requests originating from behind the
+# firewall on the private network or from this gateway server
+# destine for the public Internet.
+#################################################################
+
+# Allow out access to my ISP's Domain name server.
+# x.x.x.x must be the IP address of your ISP.s DNS
+# Dup these lines if your ISP has more than one DNS server
+# Get the IP addresses from /etc/resolv.conf file
+&dollar;cmd 00110 allow tcp from any to x.x.x.x 53 out via &dollar;pif setup keep-state
+&dollar;cmd 00111 allow udp from any to x.x.x.x 53 out via &dollar;pif keep-state
+
+# Allow out access to my ISP's DHCP server for cable/DSL configurations.
+# This rule is not needed for .user ppp. connection to the public Internet.
+# so you can delete this whole group.
+# Use the following rule and check log for IP address.
+# Then put IP address in commented out rule & delete first rule
+&dollar;cmd 00120 allow log udp from any to any 67 out via &dollar;pif keep-state
+#&dollar;cmd 00120 allow udp from any to x.x.x.x 67 out via &dollar;pif keep-state
+
+# Allow out non-secure standard www function
+&dollar;cmd 00200 allow tcp from any to any 80 out via &dollar;pif setup keep-state
+
+# Allow out secure www function https over TLS SSL
+&dollar;cmd 00220 allow tcp from any to any 443 out via &dollar;pif setup keep-state
+
+# Allow out send & get email function
+&dollar;cmd 00230 allow tcp from any to any 25 out via &dollar;pif setup keep-state
+&dollar;cmd 00231 allow tcp from any to any 110 out via &dollar;pif setup keep-state
+
+# Allow out FBSD (make install & CVSUP) functions
+# Basically give user root "GOD" privileges.
+&dollar;cmd 00240 allow tcp from me to any out via &dollar;pif setup keep-state uid root
+
+# Allow out ping
+&dollar;cmd 00250 allow icmp from any to any out via &dollar;pif keep-state
+
+# Allow out Time
+&dollar;cmd 00260 allow tcp from any to any 37 out via &dollar;pif setup keep-state
+
+# Allow out nntp news (i.e. news groups)
+&dollar;cmd 00270 allow tcp from any to any 119 out via &dollar;pif setup keep-state
+
+# Allow out secure FTP, Telnet, and SCP
+# This function is using SSH (secure shell)
+&dollar;cmd 00280 allow tcp from any to any 22 out via &dollar;pif setup keep-state
+
+# Allow out whois
+&dollar;cmd 00290 allow tcp from any to any 43 out via &dollar;pif setup keep-state
+
+# deny and log everything else that.s trying to get out.
+# This rule enforces the block all by default logic.
+&dollar;cmd 00299 deny log all from any to any out via &dollar;pif
+
+#################################################################
+# Interface facing Public Internet (Inbound Section)
+# Interrogate packets originating from the public Internet
+# destine for this gateway server or the private network.
+#################################################################
+
+# Deny all inbound traffic from non-routable reserved address spaces
+&dollar;cmd 00300 deny all from 192.168.0.0/16 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 00301 deny all from 172.16.0.0/12 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 00302 deny all from 10.0.0.0/8 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 00303 deny all from 127.0.0.0/8 to any in via &dollar;pif #loopback
+&dollar;cmd 00304 deny all from 0.0.0.0/8 to any in via &dollar;pif #loopback
+&dollar;cmd 00305 deny all from 169.254.0.0/16 to any in via &dollar;pif #DHCP auto-config
+&dollar;cmd 00306 deny all from 192.0.2.0/24 to any in via &dollar;pif #reserved for docs
+&dollar;cmd 00307 deny all from 204.152.64.0/23 to any in via &dollar;pif #Sun cluster interconnect
+&dollar;cmd 00308 deny all from 224.0.0.0/3 to any in via &dollar;pif #Class D & E multicast
+
+# Deny public pings
+&dollar;cmd 00310 deny icmp from any to any in via &dollar;pif
+
+# Deny ident
+&dollar;cmd 00315 deny tcp from any to any 113 in via &dollar;pif
+
+# Deny all Netbios service. 137=name, 138=datagram, 139=session
+# Netbios is MS/Windows sharing services.
+# Block MS/Windows hosts2 name server requests 81
+&dollar;cmd 00320 deny tcp from any to any 137 in via &dollar;pif
+&dollar;cmd 00321 deny tcp from any to any 138 in via &dollar;pif
+&dollar;cmd 00322 deny tcp from any to any 139 in via &dollar;pif
+&dollar;cmd 00323 deny tcp from any to any 81 in via &dollar;pif
+
+# Deny any late arriving packets
+&dollar;cmd 00330 deny all from any to any frag in via &dollar;pif
+
+# Deny ACK packets that did not match the dynamic rule table
+&dollar;cmd 00332 deny tcp from any to any established in via &dollar;pif
+
+# Allow traffic in from ISP's DHCP server. This rule must contain
+# the IP address of your ISP.s DHCP server as it.s the only
+# authorized source to send this packet type.
+# Only necessary for cable or DSL configurations.
+# This rule is not needed for .user ppp. type connection to
+# the public Internet. This is the same IP address you captured
+# and used in the outbound section.
+#&dollar;cmd 00360 allow udp from any to x.x.x.x 67 in via &dollar;pif keep-state
+
+# Allow in standard www function because I have apache server
+&dollar;cmd 00400 allow tcp from any to me 80 in via &dollar;pif setup limit src-addr 2
+
+# Allow in secure FTP, Telnet, and SCP from public Internet
+&dollar;cmd 00410 allow tcp from any to me 22 in via &dollar;pif setup limit src-addr 2
+
+# Allow in non-secure Telnet session from public Internet
+# labeled non-secure because ID & PW are passed over public
+# Internet as clear text.
+# Delete this sample group if you do not have telnet server enabled.
+&dollar;cmd 00420 allow tcp from any to me 23 in via &dollar;pif setup limit src-addr 2
+
+# Reject & Log all incoming connections from the outside
+&dollar;cmd 00499 deny log all from any to any in via &dollar;pif
+
+# Everything else is denied by default
+# deny and log all packets that fell through to see what they are
+&dollar;cmd 00999 deny log all from any to any
+################ End of IPFW rules file ###############################</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>An Example <acronym>NAT</acronym> and Stateful
+ Ruleset</title>
+
+ <indexterm>
+ <primary>NAT</primary>
+
+ <secondary>and IPFW</secondary>
+ </indexterm>
+
+ <para>There are some additional configuration statements that
+ need to be enabled to activate the <acronym>NAT</acronym>
+ function of IPFW. The kernel source needs 'option divert'
+ statement added to the other IPFIREWALL statements compiled
+ into a custom kernel.</para>
+
+ <para>In addition to the normal IPFW options in
+ <filename>/etc/rc.conf</filename>, the following are
+ needed.</para>
+
+ <programlisting>natd_enable="YES" # Enable <acronym>NAT</acronym>D function
+natd_interface="rl0" # interface name of public Internet NIC
+natd_flags="-dynamic -m" # -m = preserve port numbers if possible</programlisting>
+
+ <para>Utilizing stateful rules with divert natd rule (Network
+ Address Translation) greatly complicates the rule set coding
+ logic. The positioning of the check-state, and 'divert natd'
+ rules in the rule set becomes very critical. This is no
+ longer a simple fall-through logic flow. A new action type
+ is used, called 'skipto'. To use the skipto command it is
+ mandatory that you number each rule so you know exactly
+ where the skipto rule number is you are really jumping
+ to.</para>
+
+ <para>The following is an uncommented example of one coding
+ method, selected here to explain the sequence of the packet
+ flow through the rule sets.</para>
+
+ <para>The processing flow starts with the first rule from the
+ top of the rule file and progress one rule at a time deeper
+ into the file until the end is reach or the packet being
+ tested to the selection criteria matches and the packet is
+ released out of the firewall. It is important to take notice
+ of the location of rule numbers 100 101, 450, 500, and 510.
+ These rules control the translation of the outbound and
+ inbound packets so their entries in the keep-state dynamic
+ table always register the private LAN IP address. Next
+ notice that all the allow and deny rules specified the
+ direction the packet is going (IE outbound or inbound) and
+ the interface. Also notice that all the start outbound
+ session requests all skipto rule 500 for the network address
+ translation.</para>
+
+ <para>Lets say a LAN user uses their web browser to get a web
+ page. Web pages use port 80 to communicate over. So the
+ packet enters the firewall, It does not match 100 because it
+ is headed out not in. It passes rule 101 because this is the
+ first packet so it has not been posted to the keep-state
+ dynamic table yet. The packet finally comes to rule 125 a
+ matches. It is outbound through the NIC facing the public
+ Internet. The packet still has it's source IP address as a
+ private LAN IP address. On the match to this rule, two
+ actions take place. The keep-state option will post this
+ rule into the keep-state dynamic rules table and the
+ specified action is executed. The action is part of the info
+ posted to the dynamic table. In this case it is "skipto rule
+ 500". Rule 500 <acronym>NAT</acronym>s the packet IP address
+ and out it goes. Remember this, this is very important.
+ This packet makes its way to the destination and returns and
+ enters the top of the rule set. This time it does match rule
+ 100 and has it destination IP address mapped back to its
+ corresponding LAN IP address. It then is processed by the
+ check-state rule, it's found in the table as an existing
+ session conversation and released to the LAN. It goes to the
+ LAN PC that sent it and a new packet is sent requesting
+ another segment of the data from the remote server. This
+ time it gets checked by the check-state rule and its outbound
+ entry is found, the associated action, 'skipto 500', is
+ executed. The packet jumps to rule 500 gets
+ <acronym>NAT</acronym>ed and released on it's way out.</para>
+
+ <para>On the inbound side, everything coming in that is part
+ of an existing session conversation is being automatically
+ handled by the check-state rule and the properly placed
+ divert natd rules. All we have to address is denying all the
+ bad packets and only allowing in the authorized services.
+ Lets say there is a apache server running on the firewall box
+ and we want people on the public Internet to be able to
+ access the local web site. The new inbound start request
+ packet matches rule 100 and its IP address is mapped to LAN
+ IP for the firewall box. The packet is them matched against
+ all the nasty things we want to check for and finally matches
+ against rule 425. On a match two things occur. The packet
+ rule is posted to the keep-state dynamic table but this time
+ any new session requests originating from that source IP
+ address is limited to 2. This defends against DoS attacks of
+ service running on the specified port number. The action is
+ allow so the packet is released to the LAN. On return the
+ check-state rule recognizes the packet as belonging to an
+ existing session conversation sends it to rule 500 for
+ <acronym>NAT</acronym>ing and released to outbound
+ interface.</para>
+
+ <para>Example Ruleset #1:</para>
+
+ <programlisting>#!/bin/sh
+cmd="ipfw -q add"
+skip="skipto 500"
+pif=rl0
+ks="keep-state"
+good_tcpo="22,25,37,43,53,80,443,110,119"
+
+ipfw -q -f flush
+
+&dollar;cmd 002 allow all from any to any via xl0 # exclude LAN traffic
+&dollar;cmd 003 allow all from any to any via lo0 # exclude loopback traffic
+
+&dollar;cmd 100 divert natd ip from any to any in via &dollar;pif
+&dollar;cmd 101 check-state
+
+# Authorized outbound packets
+&dollar;cmd 120 &dollar;skip udp from any to xx.168.240.2 53 out via &dollar;pif &dollar;ks
+&dollar;cmd 121 &dollar;skip udp from any to xx.168.240.5 53 out via &dollar;pif &dollar;ks
+&dollar;cmd 125 &dollar;skip tcp from any to any &dollar;good_tcpo out via &dollar;pif setup &dollar;ks
+&dollar;cmd 130 &dollar;skip icmp from any to any out via &dollar;pif &dollar;ks
+&dollar;cmd 135 &dollar;skip udp from any to any 123 out via &dollar;pif &dollar;ks
+
+
+# Deny all inbound traffic from non-routable reserved address spaces
+&dollar;cmd 300 deny all from 192.168.0.0/16 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 301 deny all from 172.16.0.0/12 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 302 deny all from 10.0.0.0/8 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 303 deny all from 127.0.0.0/8 to any in via &dollar;pif #loopback
+&dollar;cmd 304 deny all from 0.0.0.0/8 to any in via &dollar;pif #loopback
+&dollar;cmd 305 deny all from 169.254.0.0/16 to any in via &dollar;pif #DHCP auto-config
+&dollar;cmd 306 deny all from 192.0.2.0/24 to any in via &dollar;pif #reserved for docs
+&dollar;cmd 307 deny all from 204.152.64.0/23 to any in via &dollar;pif #Sun cluster
+&dollar;cmd 308 deny all from 224.0.0.0/3 to any in via &dollar;pif #Class D & E multicast
+
+# Authorized inbound packets
+&dollar;cmd 400 allow udp from xx.70.207.54 to any 68 in &dollar;ks
+&dollar;cmd 420 allow tcp from any to me 80 in via &dollar;pif setup limit src-addr 1
+
+
+&dollar;cmd 450 deny log ip from any to any
+
+# This is skipto location for outbound stateful rules
+&dollar;cmd 500 divert natd ip from any to any out via &dollar;pif
+&dollar;cmd 510 allow ip from any to any
+
+######################## end of rules ##################</programlisting>
+
+ <para>The following is pretty much the same as above, but uses
+ a self documenting coding style full of description comments
+ to help the inexperienced IPFW rule writer to better
+ understand what the rules are doing.</para>
+
+ <para>Example Ruleset #2:</para>
+
+ <programlisting>#!/bin/sh
+################ Start of IPFW rules file ###############################
+# Flush out the list before we begin.
+ipfw -q -f flush
+
+# Set rules command prefix
+cmd="ipfw -q add"
+skip="skipto 800"
+pif="rl0" # public interface name of NIC
+ # facing the public Internet
+
+#################################################################
+# No restrictions on Inside LAN Interface for private network
+# Change xl0 to your LAN NIC interface name
+#################################################################
+&dollar;cmd 005 allow all from any to any via xl0
+
+#################################################################
+# No restrictions on Loopback Interface
+#################################################################
+&dollar;cmd 010 allow all from any to any via lo0
+
+#################################################################
+# check if packet is inbound and nat address if it is
+#################################################################
+&dollar;cmd 014 divert natd ip from any to any in via &dollar;pif
+
+#################################################################
+# Allow the packet through if it has previous been added to the
+# the "dynamic" rules table by a allow keep-state statement.
+#################################################################
+&dollar;cmd 015 check-state
+
+#################################################################
+# Interface facing Public Internet (Outbound Section)
+# Interrogate session start requests originating from behind the
+# firewall on the private network or from this gateway server
+# destine for the public Internet.
+#################################################################
+
+# Allow out access to my ISP's Domain name server.
+# x.x.x.x must be the IP address of your ISP's DNS
+# Dup these lines if your ISP has more than one DNS server
+# Get the IP addresses from /etc/resolv.conf file
+&dollar;cmd 020 &dollar;skip tcp from any to x.x.x.x 53 out via &dollar;pif setup keep-state
+
+
+# Allow out access to my ISP's DHCP server for cable/DSL configurations.
+&dollar;cmd 030 &dollar;skip udp from any to x.x.x.x 67 out via &dollar;pif keep-state
+
+# Allow out non-secure standard www function
+&dollar;cmd 040 &dollar;skip tcp from any to any 80 out via &dollar;pif setup keep-state
+
+# Allow out secure www function https over TLS SSL
+&dollar;cmd 050 &dollar;skip tcp from any to any 443 out via &dollar;pif setup keep-state
+
+# Allow out send & get email function
+&dollar;cmd 060 &dollar;skip tcp from any to any 25 out via &dollar;pif setup keep-state
+&dollar;cmd 061 &dollar;skip tcp from any to any 110 out via &dollar;pif setup keep-state
+
+# Allow out FreeBSD (make install & CVSUP) functions
+# Basically give user root "GOD" privileges.
+&dollar;cmd 070 &dollar;skip tcp from me to any out via &dollar;pif setup keep-state uid root
+
+# Allow out ping
+&dollar;cmd 080 &dollar;skip icmp from any to any out via &dollar;pif keep-state
+
+# Allow out Time
+&dollar;cmd 090 &dollar;skip tcp from any to any 37 out via &dollar;pif setup keep-state
+
+# Allow out nntp news (i.e. news groups)
+&dollar;cmd 100 &dollar;skip tcp from any to any 119 out via &dollar;pif setup keep-state
+
+# Allow out secure FTP, Telnet, and SCP
+# This function is using SSH (secure shell)
+&dollar;cmd 110 &dollar;skip tcp from any to any 22 out via &dollar;pif setup keep-state
+
+# Allow out whois
+&dollar;cmd 120 &dollar;skip tcp from any to any 43 out via &dollar;pif setup keep-state
+
+# Allow ntp time server
+&dollar;cmd 130 &dollar;skip udp from any to any 123 out via &dollar;pif keep-state
+
+#################################################################
+# Interface facing Public Internet (Inbound Section)
+# Interrogate packets originating from the public Internet
+# destine for this gateway server or the private network.
+#################################################################
+
+# Deny all inbound traffic from non-routable reserved address spaces
+&dollar;cmd 300 deny all from 192.168.0.0/16 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 301 deny all from 172.16.0.0/12 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 302 deny all from 10.0.0.0/8 to any in via &dollar;pif #RFC 1918 private IP
+&dollar;cmd 303 deny all from 127.0.0.0/8 to any in via &dollar;pif #loopback
+&dollar;cmd 304 deny all from 0.0.0.0/8 to any in via &dollar;pif #loopback
+&dollar;cmd 305 deny all from 169.254.0.0/16 to any in via &dollar;pif #DHCP auto-config
+&dollar;cmd 306 deny all from 192.0.2.0/24 to any in via &dollar;pif #reserved for docs
+&dollar;cmd 307 deny all from 204.152.64.0/23 to any in via &dollar;pif #Sun cluster
+&dollar;cmd 308 deny all from 224.0.0.0/3 to any in via &dollar;pif #Class D & E multicast
+
+# Deny ident
+&dollar;cmd 315 deny tcp from any to any 113 in via &dollar;pif
+
+# Deny all Netbios service. 137=name, 138=datagram, 139=session
+# Netbios is MS/Windows sharing services.
+# Block MS/Windows hosts2 name server requests 81
+&dollar;cmd 320 deny tcp from any to any 137 in via &dollar;pif
+&dollar;cmd 321 deny tcp from any to any 138 in via &dollar;pif
+&dollar;cmd 322 deny tcp from any to any 139 in via &dollar;pif
+&dollar;cmd 323 deny tcp from any to any 81 in via &dollar;pif
+
+# Deny any late arriving packets
+&dollar;cmd 330 deny all from any to any frag in via &dollar;pif
+
+# Deny ACK packets that did not match the dynamic rule table
+&dollar;cmd 332 deny tcp from any to any established in via &dollar;pif
+
+# Allow traffic in from ISP's DHCP server. This rule must contain
+# the IP address of your ISP's DHCP server as it's the only
+# authorized source to send this packet type.
+# Only necessary for cable or DSL configurations.
+# This rule is not needed for 'user ppp' type connection to
+# the public Internet. This is the same IP address you captured
+# and used in the outbound section.
+&dollar;cmd 360 allow udp from x.x.x.x to any 68 in via &dollar;pif keep-state
+
+# Allow in standard www function because I have Apache server
+&dollar;cmd 370 allow tcp from any to me 80 in via &dollar;pif setup limit src-addr 2
+
+# Allow in secure FTP, Telnet, and SCP from public Internet
+&dollar;cmd 380 allow tcp from any to me 22 in via &dollar;pif setup limit src-addr 2
+
+# Allow in non-secure Telnet session from public Internet
+# labeled non-secure because ID & PW are passed over public
+# Internet as clear text.
+# Delete this sample group if you do not have telnet server enabled.
+&dollar;cmd 390 allow tcp from any to me 23 in via &dollar;pif setup limit src-addr 2
+
+# Reject & Log all unauthorized incoming connections from the public Internet
+&dollar;cmd 400 deny log all from any to any in via &dollar;pif
+
+# Reject & Log all unauthorized out going connections to the public Internet
+&dollar;cmd 450 deny log all from any to any out via &dollar;pif
+
+# This is skipto location for outbound stateful rules
+&dollar;cmd 800 divert natd ip from any to any out via &dollar;pif
+&dollar;cmd 801 allow ip from any to any
+
+# Everything else is denied by default
+# deny and log all packets that fell through to see what they are
+&dollar;cmd 999 deny log all from any to any
+################ End of IPFW rules file ###############################</programlisting>
+ </sect3>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/geom/Makefile b/zh_TW.Big5/books/handbook/geom/Makefile
new file mode 100644
index 0000000000..59e5759cdc
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/geom/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= geom/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/geom/chapter.sgml b/zh_TW.Big5/books/handbook/geom/chapter.sgml
new file mode 100644
index 0000000000..b8909b3eb9
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/geom/chapter.sgml
@@ -0,0 +1,402 @@
+<!--
+ The FreeBSD Documentation Project
+ $FreeBSD$
+
+-->
+
+<chapter id="GEOM">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>GEOM: Modular Disk Transformation Framework</title>
+
+ <sect1 id="GEOM-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm>
+ <primary>GEOM</primary>
+ </indexterm>
+ <indexterm>
+ <primary>GEOM Disk Framework</primary>
+ <see>GEOM</see>
+ </indexterm>
+
+ <para>¥»³¹²[»\¦p¦ó¦b &os; ªº GEOM ¬[ºc¤U¨Ï¥ÎºÏºÐ¡A
+ ¥]§t¥Î¨Ó³]©w´XºØ±`¥Îªº <acronym
+ role="Redundant Array of Inexpensive Disks¡AºÏºÐ°}¦C¨t²Î">RAID</acronym>
+ ªº±±¨î¤u¨ã¡C¥»³¹¤£·|²`¤J±´°Q GEOM ¦p¦ó³B²z©³¼hªº I/O¡A³oÃþ¸ê°T½Ð°Ñ¦Ò
+ &man.geom.4; ¤Î¬ÛÃöªº SEE ALSO ³¡¥÷¡C¥»³¹¤]«D <acronym>RAID</acronym>
+ ³]©w«ü«n¡A¦b³o¸Ì¥u·|°Q½×¥Ø«e GEOM ¤ä´©ªº <acronym>RAID</acronym> ¼Ò¦¡¡C
+ </para>
+
+ <para>¾\Ū¥»³¹«á¡A±z·|ª¾¹D³o¨Ç¸ê°T¡G</para>
+ <itemizedlist>
+ <listitem>
+ <para>³z¹L GEOM ¥i¤ä´©­þ¨Ç¼Ò¦¡ªº <acronym>RAID</acronym>¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>¦p¦ó¨Ï¥Î°ò¥»¤u¨ã¨Ó°t¸m¡B¾Þ§@¡BºûÅ@¤£¦P¼Ò¦¡ªº
+ <acronym>RAID</acronym>¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>¦p¦ó³z¹L GEOM ¨Ó§¹¦¨Ãè®g (mirror)¡B¤À´²³sµ² (stripe)¡B¥[±K (encryp)
+ ¡B»·ºÝ³s±µºÏºÐµ¥¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>·í GEOM ¬[ºc¤UªººÏºÐµo¥Í°ÝÃD¡A¦p¦ó±Æ°£¡C</para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+ <para>¦b¶}©l¤§«e¡A½Ð±z½T¥ô¤U¦C­I´ºª¾ÃÑ¡G</para>
+
+
+ <itemizedlist>
+ <listitem>
+ <para>¤F¸Ñ &os; ¦p¦ó¬Ý«ÝºÏºÐ (<xref linkend="disks">) ¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>ª¾¹D¦p¦ó³]©w¡B¦w¸Ë·sªº &os; ®Ö¤ß
+ (<xref linkend="kernelconfig">) ¡C</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="GEOM-intro">
+ <title>GEOM ¾É½×</title>
+
+ <para>GEOM ³z¹L privoder (§Y <dilename role="directory">/dev/</filename>
+ ¤Uªº¯S®í¸Ë¸mÀÉ®×) ¨Ó¾Þ±± classes (¦p Master Boot Records¡B
+ <acronym>BSD</acronym> labels µ¥) ¡CGEOM ¤ä´©¦hºØ³nÅé
+ <acronym>RAID</acronym> °t¸m¡A³z¹L GEOM ¦s¨ú®É¡A
+ §@·~¨t²Î©MÀ³¥Îµ{¦¡¤£·|·NÃѨì GEOM ¦s¦b¡C</para>
+ </sect1>
+
+ <sect1 id="GEOM-striping">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by </contrib>
+ </author>
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>RAID0 - ¤À´²³sµ² (striping)</title>
+
+ <indexterm>
+ <primary>GEOM</primary>
+ </indexterm>
+ <indexterm>
+ <primary>¤À´²³sµ² (Striping)</primary>
+ </indexterm>
+
+ <para>¤À´²³sµ² (striping) ¥i¥Î¨Ó³sµ²¦h­ÓºÏºÐ¦¨¬°¤@¤j¶ôªÅ¶¡¡C
+ «Ü¦h®É­ÔµwÅé±±¨î¾¹¥i¥H§¹¦¨³o¥ó¨Æ¡A¤£¹L GEOM ¤]´£¨Ñ¤F³nÅ骩¥»ªº
+ <acronym>RAID</acronym>0¡A¤]´N¬O¤À´²³sµ² (striping)¡C</para>
+
+ <para>¦b <acronym>RAID</acronym>0 ¸Ì¡A¸ê®Æ·|³Q¤Á¤À¦¨«Ü¦h¶ô¡A
+ ¦A¤À´²¼g¤J¥þ³¡ªººÏºÐ¡C¨Ò¦p­n¼g¤J 256k ªº¸ê®Æ¨ì³æ¤@ºÏºÐ¡A¦b
+ ¥|­ÓºÏºÐªº <acronym>RAID</acronym>0 ¤¤¥i¦P®É¼g¤J 64k ¨ì¥|­ÓºÏºÐ¸Ì¡A
+ ¦]¦¹¥i¤j´T´£¤É I/O ®Ä¯à¡C¦pªG¨Ï¥Î§ó¦hªººÏºÐ±±¨î¾¹¡A
+ I/O ®Ä¯à¥i¦A´£¤É¡C</para>
+
+ <para>¥Ñ©óŪ©Î¼g®É·|¦P¨B¥æ¿ù¹ï³\¦hºÏºÐ¶i¦æ I/O ³B²z¡A¦]¦¹
+ <acronym>RAID</acronym>0 ªº¨C­ÓºÏºÐ¥²»Ý¤j¤p¤@¼Ë¡C
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="geom/striping" align="center">
+ </imageobject>
+
+ <textobject>
+ <phrase>Disk Striping Illustration</phrase>
+ </textobject>
+ </mediaobject>
+
+ <procedure>
+ <title>¥Î¥¼®æ¦¡¤Æªº ATA ºÏºÐ¨Ó«Ø¥ß¤À´²³sµ²</title>
+
+ <step><para>¸ü¤J <filename>geom_stripe</filename>
+ ®Ö¤ß¼Ò²Õ¡G</para>
+
+ <screen>&prompt.root; <userinput>kldload geom_stripe.ko</userinput></screen>
+ </step>
+
+ <step><para>½T©w±¾¸üÂI (mount point) ¦s¦b¡C
+ ¦pªG·Q¥Î¤À´²³sµ²ªºªÅ¶¡°µ¬°®Ú¥Ø¿ý (root partition¡A§Y /)¡A
+ «h¥ý¥Î­Ó¼È®Éªº±¾¸üÂI¡A¦p
+ <filename role="directory">/mnt</filename>¡G</para>
+
+ <screen>&prompt.root; <userinput>mkdir /mnt</userinput></screen>
+ </step>
+
+ <step><para>½T»{­n¥Î¨Ó¤À´²³sµ²ªº¸Ë¸m¦WºÙ¡A±µµÛ«Ø·s·sªº¤À´²³sµ²¸Ë¸m¡C
+ ¨Ò¦p¤U­±ªº«ü¥O·|¤À´²³sµ²¨â­Ó¥¼¨Ï¥Î¡B©|¥¼¤À°Ïªº <acronym>ATA</acronym>
+ ºÏºÐ (<filename>/dev/ad2</filename> ©M
+ <filename>/dev/ad3</filename>) ¡G</para>
+ <screen>&prompt.root; <userinput>
+ gstripe label -v st0 /dev/ad2 /dev/ad3</userinput></screen>
+
+ <screen>&prompt.root; <userinput>gstripe label -v st0 /dev/ad2 /dev/ad3</userinput></screen>
+
+<!--
+ <para>A message should be returned explaining that meta data has
+ been stored on the devices.
+XXX: What message? Put it inside the screen output above.
+-->
+ </step>
+
+ <step><para>¥Î¤U­±ªº«ü¥O¨Ó«Ø¥ß¤À°Ïªí (partition table)¡G</para>
+
+ <screen>&prompt.root; <userinput>bsdlabel -wB /dev/stripe/st0</userinput></screen>
+
+ </step>
+
+ <step><para>°£¤F¥ý«e«Ø¥ßªº <devicename>st0</devices> ¡A³o­Ó¨BÆJÁÙ·|¦b
+ <filename role="directory">/dev/stripe</filename> ¤U·s¼W¨â­Ó¸Ë¸m¡G
+ <devicename>st0a</devicename> ©M <devicename>st0c</devicename>¡C
+ §Q¥Î <command>newfs</command> «ü¥O¥i¥H¦b
+ <devicename>st0a</devicename> «Ø¥ßÀɮרt²Î¡G
+
+ <screen>&prompt.root; <userinput>newfs -U /dev/stripe/st0a</userinput></screen>
+
+ <para>¿Ã¹õ¤W·|¦³¤@°ï¼Æ¦r¶ÉÂm¦Ó¹L¡A´X¬íÄÁ«á´N·|§¹¦¨¡C¦¹®ÉªÅ¶¡¤w«Ø¥ß¡A
+ ¥i¥Î¨Ó±¾¸ü¨Ï¥Î¤F¡C</para>
+ </step>
+ </procedure>
+
+ <para>¤U­±«ü¥O¥i¥Î¨Ó¤â°Ê±¾¸ü¤À´²³sµ²ªÅ¶¡¡G</para>
+
+ <screen>&prompt.root; <userinput>mount /dev/stripe/st0a /mnt</userinput></screen>
+
+ <para>¦pªG­n¦b¶}¾÷®É¦Û°Ê±¾¸ü¡A¦b <filename>/etc/fstab</filename>
+ ¥[¤J³o¶ôªÅ¶¡ªº¸ê°T¡G</para>
+
+ <screen>&prompt.root; <userinput>echo "/dev/stripe/st0a /mnt ufs rw 2 2" \</userinput>
+ <userinput>&gt;&gt; /etc/fstab</userinput></screen>
+
+ <para>¦Ó <filename>geom</filename> ®Ö¤ß¼Ò²Õ¥²»Ý¦b¨t²Îªì©l¤Æ®É¦Û°Ê¸ü¤J¡A
+ ¦]¦¹¦b </filename>/boot/lodaer.conf</filename> ¥[¤J¤@¦æ¡G</para>
+
+ <screen>&prompt.root; <userinput>echo 'geom_stripe_load="YES"' &gt;&gt; /boot/loader.conf</userinput></screen>
+
+ </sect1>
+
+ <sect1 id="GEOM-mirror">
+ <title>RAID1 - Mirroring</title>
+
+ <indexterm>
+ <primary>GEOM</primary>
+ </indexterm>
+ <indexterm>
+ <primary>Disk Mirroring</primary>
+ </indexterm>
+
+ <para>Mirroring is a technology used by many corporations and home
+ users to back up data without interruption. When a mirror exists,
+ it simply means that diskB replicates diskA. Or, perhaps diskC+D
+ replicates diskA+B. Regardless of the disk configuration, the
+ important aspect is that information on one disk or partition is
+ being replicated. Later, that information could be more easily
+ restored, backed up without causing service or access
+ interruption, and even be physically stored in a data
+ safe.</para>
+
+ <para>To begin, ensure the system has two disk drives of equal size,
+ this exercise assumes they are direct access (&man.da.4;)
+ <acronym>SCSI</acronym> disks.</para>
+
+ <para>Begin by installing &os; on the first disk with only two
+ partitions. One should be a swap partition, double the
+ <acronym>RAM</acronym> size and all remaining space devoted to
+ the root (<filename role="directory">/</filename>) file system.
+ It is possible to have separate partitions for other mount points;
+ however, this will increase the difficulty level ten fold due to
+ manual alteration of the &man.bsdlabel.8; and &man.fdisk.8;
+ settings.</para>
+
+ <para>Reboot and wait for the system to fully initialize. Once this
+ process has completed, log in as the <username>root</username>
+ user.</para>
+
+ <para>Create the <filename>/dev/mirror/gm</filename> device and link
+ it with <filename>/dev/da1</filename>:</para>
+
+ <screen>&prompt.root; <userinput>gmirror label -vnb round-robin gm0 /dev/da1</userinput></screen>
+
+ <para>The system should respond with:</para>
+ <screen>
+Metadata value stored on /dev/da1.
+Done.</screen>
+
+ <para>Initialize GEOM, this will load the
+ <filename>/boot/kernel/geom_mirror.ko</filename> kernel
+ module:</para>
+
+ <screen>&prompt.root; <userinput>gmirror load</userinput></screen>
+
+ <note>
+ <para>This command should have created the
+ <devicename>gm0</devicename>, device node under the
+ <filename role="directory">/dev/mirror</filename>
+ directory.</para>
+ </note>
+
+ <para>Install a generic <command>fdisk</command> label and boot code
+ to newly created <devicename>gm0</devicename> device:</para>
+
+ <screen>&prompt.root; <userinput>fdisk -vBI /dev/mirror/gm0</userinput></screen>
+
+ <para>Now install generic <command>bsdlabel</command>
+ information:</para>
+
+ <screen>&prompt.root; <userinput>bsdlabel -wB /dev/mirror/gm0s1</userinput></screen>
+
+ <note>
+ <para>If multiple slices and partitions exist, the flags for the
+ previous two commands will require alteration. They must match
+ the slice and partition size of the other disk.</para>
+ </note>
+
+ <para>Use the &man.newfs.8; utility to create a default file
+ system on the <devicename>gm0s1a</devicename> device node:</para>
+
+ <screen>&prompt.root; <userinput>newfs -U /dev/mirror/gm0s1a</userinput></screen>
+
+ <para>This should have caused the system to spit out some
+ information and a bunch of numbers. This is good. Examine the
+ screen for any error messages and mount the device to the
+ <filename role="directory">/mnt</filename> mount point:</para>
+
+ <screen>&prompt.root; <userinput>mount /dev/mirror/gm0s1a /mnt</userinput></screen>
+
+ <para>Now move all data from the boot disk over to this new file
+ system. This example uses the &man.dump.8; and &man.restore.8;
+ commands; however, &man.dd.1; would also work with this
+ scenario.</para>
+
+ <screen>&prompt.root; <userinput>dump -L -0 -f- / |(cd /mnt && restore -r -v -f-)</userinput></screen>
+
+ <para>This must be done for each file system. Simply place the
+ appropriate file system in the correct location when running the
+ aforementioned command.</para>
+
+ <para>Now edit the replicated <filename>/mnt/etc/fstab</filename>
+ file and remove or comment out the swap file
+ <footnote>
+ <para>It should be noted that commenting out the swap file entry
+ in <filename>fstab</filename> will most likely require you to
+ re-establish a different way of enabling swap space. Please
+ refer to <xref linkend="adding-swap-space"> for more
+ information.</para>
+ </footnote>. Change the other file system information to use the
+ new disk. See the following example:</para>
+
+ <programlisting># Device Mountpoint FStype Options Dump Pass#
+#/dev/da0s2b none swap sw 0 0
+/dev/mirror/gm0s1a / ufs rw 1 1</programlisting>
+
+ <para>Now create a <filename>boot.conf</filename> file on both the
+ current and new root partitions. This file will
+ <quote>help</quote> the system <acronym>BIOS</acronym>
+ boot the correct drive:</para>
+
+ <screen>&prompt.root; <userinput>echo "1:da(1,a)/boot/loader" &gt; /boot.config</userinput></screen>
+
+ <screen>&prompt.root; <userinput>echo "1:da(1,a)/boot/loader" &gt; /mnt/boot.config</userinput></screen>
+
+ <note>
+ <para>We have placed it on both root partitions to ensure proper
+ boot up. If for some reason the system cannot read from the
+ new root partition, a failsafe is available.</para>
+ </note>
+
+ <para>Now add the following line to the new
+ <filename>/boot/loader.conf</filename>:</para>
+
+ <screen>&prompt.root; <userinput>echo 'geom_mirror_load="YES"' &gt;&gt; /mnt/boot/loader.conf</userinput></screen>
+
+ <para>This will instruct &man.loader.8; utility to load the
+ <filename>geom_mirror.ko</filename> module during system
+ initialization.</para>
+
+ <para>Reboot the system:</para>
+
+ <screen>&prompt.root; <userinput>shutdown -r now</userinput></screen>
+
+ <para>If all has gone well, the system should have booted from the
+ <devicename>gm0s1a</devicename> device and a <command>login</command>
+ prompt should be waiting. If something went wrong, see review
+ the forthcoming troubleshooting section. Now add the
+ <devicename>da0</devicename> disk to <devicename>gm0</devicename>
+ device:</para>
+
+ <screen>&prompt.root; <userinput>gmirror configure -a gm0</userinput>
+&prompt.root; <userinput>gmirror insert gm0 /dev/da0</userinput></screen>
+
+ <para>The <option>-a</option> flag tells &man.gmirror.8; to use
+ automatic synchronization; i.e., mirror the disk writes
+ automatically. The manual page explains how to rebuild and
+ replace disks, although it uses <devicename>data</devicename>
+ in place of <devicename>gm0</devicename>.</para>
+
+ <sect2>
+ <title>Troubleshooting</title>
+
+ <sect3>
+ <title>System refuses to boot</title>
+
+ <para>If the system boots up to a prompt similar to:</para>
+
+ <programlisting>ffs_mountroot: can't find rootvp
+Root mount failed: 6
+mountroot></programlisting>
+
+ <para>Reboot the machine using the power or reset button. At
+ the boot menu, select option six (6). This will drop the
+ system to a &man.loader.8; prompt. Load the kernel module
+ manually:</para>
+
+ <screen>OK? <userinput>load geom_mirror.ko</userinput>
+OK? <userinput>boot</userinput></screen>
+
+ <para>If this works then for whatever reason the module was not
+ being loaded properly. Place:</para>
+
+ <programlisting>options GEOM_MIRROR</programlisting>
+
+ <para>in the kernel configuration file, rebuild and reinstall.
+ That should remedy this issue.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/install/Makefile b/zh_TW.Big5/books/handbook/install/Makefile
new file mode 100644
index 0000000000..738cdb647d
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/install/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= install/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/install/chapter.sgml b/zh_TW.Big5/books/handbook/install/chapter.sgml
new file mode 100644
index 0000000000..3304ba6ab3
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/install/chapter.sgml
@@ -0,0 +1,5683 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="install">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Restructured, reorganized, and parts
+ rewritten by </contrib>
+ </author>
+ </authorgroup>
+
+ <authorgroup>
+ <author>
+ <firstname>Randy</firstname>
+ <surname>Pratt</surname>
+ <contrib>The sysinstall walkthrough, screenshots, and general
+ copy by </contrib>
+ </author>
+ </authorgroup>
+ <!-- January 2000 -->
+ </chapterinfo>
+
+ <title>¦w¸Ë FreeBSD</title>
+
+ <sect1 id="install-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm><primary>installation</primary></indexterm>
+
+ <para>FreeBSD is provided with a text-based, easy to use installation
+ program called <application>sysinstall</application>. This is the
+ default installation program for FreeBSD, although vendors are free to
+ provide their own installation suite if they wish. This chapter
+ describes how to use <application>sysinstall</application> to install
+ FreeBSD.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to create the FreeBSD installation disks.</para>
+ </listitem>
+
+ <listitem>
+ <para>How FreeBSD refers to, and subdivides, your hard disks.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to start <application>sysinstall</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The questions <application>sysinstall</application> will ask
+ you, what they mean, and how to answer them.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Read the supported hardware list that shipped with the version
+ of FreeBSD you are installing, and verify that your hardware is
+ supported.</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <para>In general, these installation instructions are written
+ for &i386; (<quote>PC compatible</quote>) architecture
+ computers. Where applicable, instructions specific to other
+ platforms (for example, Alpha) will be listed. Although this
+ guide is kept as up to date as possible, you may find minor
+ differences between the installer and what is shown here. It is
+ suggested that you use this chapter as a general guide rather
+ than a literal installation manual.</para>
+ </note>
+
+ </sect1>
+
+ <sect1 id="install-pre">
+ <title>Pre-installation Tasks</title>
+
+ <sect2 id="install-inventory">
+ <title>Inventory Your Computer</title>
+
+ <para>Before installing FreeBSD you should attempt to inventory the
+ components in your computer. The FreeBSD installation routines will
+ show you the components (hard disks, network cards, CDROM drives, and
+ so forth) with their model number and manufacturer. FreeBSD will also
+ attempt to determine the correct configuration for these devices,
+ which includes information about IRQ and IO port usage. Due to the
+ vagaries of PC hardware this process is not always completely
+ successful, and you may need to correct FreeBSD's determination of
+ your configuration.</para>
+
+ <para>If you already have another operating system installed, such as
+ &windows; or Linux, it is a good idea to use the facilities provided
+ by those operating systems to see how your hardware is already
+ configured. If you are not sure what settings an expansion
+ card is using, you may find it printed on the card itself. Popular IRQ
+ numbers are 3, 5, and 7, and IO port addresses are normally written as
+ hexadecimal numbers, such as 0x330.</para>
+
+ <para>We recommend you print or write down this information before
+ installing FreeBSD. It may help to use a table, like this:</para>
+
+ <table pgwide="1" frame="none">
+ <title>Sample Device Inventory</title>
+
+ <tgroup cols="4">
+ <colspec colwidth="2*">
+ <colspec colwidth="1*">
+ <colspec colwidth="1*">
+ <colspec colwidth="4*">
+ <thead>
+ <row>
+ <entry>Device Name</entry>
+
+ <entry>IRQ</entry>
+
+ <entry>IO port(s)</entry>
+
+ <entry>Notes</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>First hard disk</entry>
+
+ <entry>N/A</entry>
+
+ <entry>N/A</entry>
+
+ <entry>40&nbsp;GB, made by Seagate, first IDE master</entry>
+ </row>
+
+ <row>
+ <entry>CDROM</entry>
+
+ <entry>N/A</entry>
+
+ <entry>N/A</entry>
+
+ <entry>First IDE slave</entry>
+ </row>
+
+ <row>
+ <entry>Second hard disk</entry>
+
+ <entry>N/A</entry>
+
+ <entry>N/A</entry>
+
+ <entry>20&nbsp;GB, made by IBM, second IDE master</entry>
+ </row>
+
+ <row>
+ <entry>First IDE controller</entry>
+
+ <entry>14</entry>
+
+ <entry>0x1f0</entry>
+
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry>Network card</entry>
+
+ <entry>N/A</entry>
+
+ <entry>N/A</entry>
+
+ <entry>&intel; 10/100</entry>
+ </row>
+
+ <row>
+ <entry>Modem</entry>
+
+ <entry>N/A</entry>
+
+ <entry>N/A</entry>
+
+ <entry>&tm.3com; 56K faxmodem, on COM1</entry>
+ </row>
+
+ <row>
+ <entry>&hellip;</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect2>
+
+ <sect2>
+ <title>Backup Your Data</title>
+
+ <para>If the computer you will be installing FreeBSD on contains
+ valuable data, then ensure you have it backed up, and that you have
+ tested the backups before installing FreeBSD. The FreeBSD
+ installation routine will prompt you before writing any
+ data to your disk, but once that process has started it cannot be
+ undone.</para>
+ </sect2>
+
+ <sect2 id="install-where">
+ <title>Decide Where to Install FreeBSD</title>
+
+ <para>If you want FreeBSD to use your entire hard disk, then there is nothing
+ more to concern yourself with at this point &mdash; you can skip this
+ section.</para>
+
+ <para>However, if you need FreeBSD to co-exist with other operating
+ systems then you need to have a rough understanding of how data is
+ laid out on the disk, and how this affects you.</para>
+
+ <sect3 id="install-where-i386">
+ <title>Disk Layouts for the &i386;</title>
+
+ <para>A PC disk can be divided into discrete chunks. These chunks are
+ called <firstterm>partitions</firstterm>. By design, the PC only
+ supports four partitions per disk. These partitions are called
+ <firstterm>primary partitions</firstterm>. To work around this
+ limitation and allow more than four partitions, a new partition type
+ was created, the <firstterm>extended partition</firstterm>. A disk
+ may contain only one extended partition. Special partitions, called
+ <firstterm>logical partitions</firstterm>, can be created inside this
+ extended partition.</para>
+
+ <para>Each partition has a <firstterm>partition ID</firstterm>, which is
+ a number used to identify the type of data on the partition. FreeBSD
+ partitions have the partition ID of <literal>165</literal>.</para>
+
+ <para>In general, each operating system that you use will identify
+ partitions in a particular way. For example, DOS, and its
+ descendants, like &windows;, assign each primary and logical partition a
+ <firstterm>drive letter</firstterm>, starting with
+ <devicename>C:</devicename>.</para>
+
+ <para>FreeBSD must be installed into a primary partition. FreeBSD can
+ keep all its data, including any files that you create, on this one
+ partition. However, if you have multiple disks, then you can create a
+ FreeBSD partition on all, or some, of them. When you install FreeBSD,
+ you must have one partition available. This might be a blank
+ partition that you have prepared, or it might be an existing partition
+ that contains data that you no longer care about.</para>
+
+ <para>If you are already using all the partitions on all your disks, then
+ you will have to free one of them for FreeBSD using the tools
+ provided by the other operating systems you use (e.g.,
+ <command>fdisk</command> on DOS or &windows;).</para>
+
+ <para>If you have a spare partition then you can use that. However, you
+ may need to shrink one or more of your existing partitions
+ first.</para>
+
+ <para>A minimal installation of FreeBSD takes as little as 100&nbsp;MB of disk
+ space. However, that is a <emphasis>very</emphasis> minimal install,
+ leaving almost no space for your own files. A more realistic minimum
+ is 250&nbsp;MB without a graphical environment, and 350&nbsp;MB or more if you
+ want a graphical user interface. If you intend to install a lot of
+ third party software as well, then you will need more space.</para>
+
+ <para>You can use a commercial tool such as <application>&partitionmagic;</application>
+ to resize your partitions to make space for
+ FreeBSD. The <filename>tools</filename> directory on the CDROM
+ contains two free software tools which can carry out this task, namely
+ <application>FIPS</application> and
+ <application>PResizer</application>. Documentation for both
+ of these is available in the same directory.
+ <application>FIPS</application>,
+ <application>PResizer</application>, and
+ <application>&partitionmagic;</application> can resize
+ <acronym>FAT16</acronym> and <acronym>FAT32</acronym>
+ partitions &mdash; used in &ms-dos; through &windows; ME.
+ <application>&partitionmagic;</application> is the only one of
+ the above applications that can resize <acronym>NTFS</acronym>
+ partitions.</para>
+
+ <warning>
+ <para>Incorrect use of these tools can delete the data on your disk.
+ Be sure that you have recent, working backups before using
+ them.</para>
+ </warning>
+
+ <example>
+ <title>Using an Existing Partition Unchanged</title>
+
+ <para>Suppose that you have a computer with a single 4&nbsp;GB disk that
+ already has a version of &windows; installed, and you have split the
+ disk into two drive letters, <devicename>C:</devicename> and
+ <devicename>D:</devicename>, each of which is 2&nbsp;GB in size. You have
+ 1&nbsp;GB of data on <devicename>C:</devicename>, and 0.5&nbsp;GB of data on
+ <devicename>D:</devicename>.</para>
+
+ <para>This means that your disk has two partitions on it, one per
+ drive letter. You can copy all your existing data from
+ <devicename>D:</devicename> to <devicename>C:</devicename>, which
+ will free up the second partition, ready for FreeBSD.</para>
+ </example>
+
+ <example>
+ <title>Shrinking an Existing Partition</title>
+
+ <para>Suppose that you have a computer with a single 4&nbsp;GB disk that
+ already has a version of &windows; installed. When you installed
+ &windows; you created one large partition, giving you a
+ <devicename>C:</devicename> drive that is 4&nbsp;GB in size. You are
+ currently using 1.5&nbsp;GB of space, and want FreeBSD to have 2&nbsp;GB of
+ space.</para>
+
+ <para>In order to install FreeBSD you will need to either:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Backup your &windows; data, and then reinstall &windows;,
+ asking for a 2&nbsp;GB partition at install time.</para>
+ </listitem>
+
+ <listitem>
+ <para>Use one of the tools such as <application>&partitionmagic;</application>,
+ described above, to shrink your &windows;
+ partition.</para>
+ </listitem>
+ </orderedlist>
+ </example>
+
+ </sect3>
+
+ <sect3>
+ <title>Disk Layouts for the Alpha</title>
+
+ <indexterm><primary>Alpha</primary></indexterm>
+
+ <para>You will need a dedicated disk for FreeBSD on the
+ Alpha. It is not possible to share a disk with another
+ operating system at this time. Depending on the specific
+ Alpha machine you have, this disk can either be a SCSI disk
+ or an IDE disk, as long as your machine is capable of
+ booting from it.</para>
+
+ <para>Following the conventions of the Digital / Compaq
+ manuals all SRM input is shown in uppercase. SRM is case
+ insensitive.</para>
+
+ <para>To find the names and types of disks in your machine, use
+ the <literal>SHOW DEVICE</literal> command from the SRM
+ console prompt:</para>
+
+ <screen>&gt;&gt;&gt;<userinput>SHOW DEVICE</userinput>
+dka0.0.0.4.0 DKA0 TOSHIBA CD-ROM XM-57 3476
+dkc0.0.0.1009.0 DKC0 RZ1BB-BS 0658
+dkc100.1.0.1009.0 DKC100 SEAGATE ST34501W 0015
+dva0.0.0.0.1 DVA0
+ewa0.0.0.3.0 EWA0 00-00-F8-75-6D-01
+pkc0.7.0.1009.0 PKC0 SCSI Bus ID 7 5.27
+pqa0.0.0.4.0 PQA0 PCI EIDE
+pqb0.0.1.4.0 PQB0 PCI EIDE</screen>
+
+ <para>This example is from a Digital Personal Workstation
+ 433au and shows three disks attached to the machine. The
+ first is a CDROM drive called <devicename>DKA0</devicename> and
+ the other two are disks and are called
+ <devicename>DKC0</devicename> and
+ <devicename>DKC100</devicename> respectively.</para>
+
+ <para>Disks with names of the form <devicename>DKx</devicename>
+ are SCSI disks. For example <devicename>DKA100</devicename>
+ refers to a SCSI disk with SCSI target ID 1 on the first SCSI bus (A),
+ whereas <devicename>DKC300</devicename> refers to a SCSI disk
+ with SCSI ID 3 on the third SCSI bus (C). Devicename <devicename>
+ PKx</devicename> refers to the SCSI host bus adapter. As
+ seen in the <literal>SHOW DEVICE</literal> output SCSI
+ CDROM drives are treated as any other SCSI hard disk drive.</para>
+
+ <para>IDE disks have names similar to <devicename>DQx</devicename>,
+ while <devicename>PQx</devicename> is the associated IDE
+ controller.</para>
+
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Collect Your Network Configuration Details</title>
+
+ <para>If you intend to connect to a network as part of your FreeBSD
+ installation (for example, if you will be installing from an FTP
+ site or an
+ NFS server), then you need to know your network configuration. You
+ will be prompted for this information during the installation so that
+ FreeBSD can connect to the network to complete the install.</para>
+
+ <sect3>
+ <title>Connecting to an Ethernet Network or Cable/DSL Modem</title>
+
+ <para>If you connect to an Ethernet network, or you have an Internet
+ connection using an Ethernet adapter via cable or DSL, then you will need the following
+ information:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>IP address</para>
+ </listitem>
+
+ <listitem>
+ <para>IP address of the default gateway</para>
+ </listitem>
+
+ <listitem>
+ <para>Hostname</para>
+ </listitem>
+
+ <listitem>
+ <para>DNS server IP addresses</para>
+ </listitem>
+
+ <listitem>
+ <para>Subnet Mask</para>
+ </listitem>
+ </orderedlist>
+
+ <para>If you do not know this information, then ask your system
+ administrator or service provider. They may say that this
+ information is assigned automatically, using
+ <firstterm>DHCP</firstterm>. If so, make a note of this.</para>
+ </sect3>
+
+ <sect3>
+ <title>Connecting Using a Modem</title>
+
+ <para>If you dial up to an ISP using a regular modem then you can
+ still install FreeBSD over the Internet, it will just take a very
+ long time.</para>
+
+ <para>You will need to know:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>The phone number to dial for your ISP</para>
+ </listitem>
+
+ <listitem>
+ <para>The COM: port your modem is connected to</para>
+ </listitem>
+
+ <listitem>
+ <para>The username and password for your ISP account</para>
+ </listitem>
+ </orderedlist>
+ </sect3>
+ </sect2>
+ <sect2>
+ <title>Check for FreeBSD Errata</title>
+
+ <para>Although the FreeBSD project strives to ensure that each release
+ of FreeBSD is as stable as possible, bugs do occasionally creep into
+ the process. On very rare occasions those bugs affect the
+ installation process. As these problems are discovered and fixed, they
+ are noted in the <ulink url="http://www.FreeBSD.org/releases/&rel.current;R/errata.html">FreeBSD Errata</ulink>, which is found on the FreeBSD web site. You
+ should check the errata before installing to make sure that there are
+ no late-breaking problems which you should be aware of.</para>
+
+ <para>Information about all the releases, including the errata for each
+ release, can be found on the
+ <ulink
+ url="&url.base;/releases/index.html">release
+ information</ulink> section of the
+ <ulink
+ url="&url.base;/index.html">FreeBSD web site</ulink>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Obtain the FreeBSD Installation Files</title>
+
+ <para>The FreeBSD installation process can install FreeBSD from files
+ located in any of the following places:</para>
+
+ <itemizedlist>
+ <title>Local Media</title>
+
+ <listitem>
+ <para>A CDROM or DVD</para>
+ </listitem>
+
+ <listitem>
+ <para>A DOS partition on the same computer</para>
+ </listitem>
+
+ <listitem>
+ <para>A SCSI or QIC tape</para>
+ </listitem>
+
+ <listitem>
+ <para>Floppy disks</para>
+ </listitem>
+ </itemizedlist>
+
+ <itemizedlist>
+ <title>Network</title>
+
+ <listitem>
+ <para>An FTP site, going through a firewall, or using an HTTP proxy,
+ as necessary</para>
+ </listitem>
+
+ <listitem>
+ <para>An NFS server</para>
+ </listitem>
+
+ <listitem>
+ <para>A dedicated parallel or serial connection</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you have purchased FreeBSD on CD or DVD then you already have
+ everything you need, and should proceed to the next section
+ (<xref linkend="install-floppies">).</para>
+
+ <para>If you have not obtained the FreeBSD installation files you should
+ skip ahead to <xref linkend="install-diff-media"> which explains how
+ to prepare to install FreeBSD from any of the above. After reading
+ that section, you should come back here, and read on to
+ <xref linkend="install-floppies">.</para>
+ </sect2>
+
+ <sect2 id="install-floppies">
+ <title>Prepare the Boot Media</title>
+
+ <para>The FreeBSD installation process is started by booting your
+ computer into the FreeBSD installer&mdash;it is not a program you run
+ within another operating system. Your computer normally boots using
+ the operating system installed on your hard disk, but it can also be
+ configured to use a <quote>bootable</quote> floppy disk.
+ Most modern computers can also
+ boot from a CDROM in the CDROM drive.</para>
+
+ <tip>
+ <para>If you have FreeBSD on CDROM or DVD (either one you purchased
+ or you prepared yourself), and your computer allows you to boot from
+ the CDROM or DVD (typically a BIOS option called <quote>Boot
+ Order</quote> or similar), then you can skip this section. The
+ FreeBSD CDROM and DVD images are bootable and can be used to install
+ FreeBSD without any other special preparation.</para>
+ </tip>
+
+ <para>To create boot floppy images, follow these steps:</para>
+
+ <procedure>
+ <step>
+ <title>Acquire the Boot Floppy Images</title>
+
+ <para>The boot disks are available on your installation media
+ in the <filename>floppies/</filename> directory, and
+ can also be downloaded from the floppies directory, <literal>ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/<replaceable>&lt;arch&gt;</replaceable>/<replaceable>&lt;version&gt;</replaceable>-RELEASE/floppies/</literal>.
+ Replace <replaceable>&lt;arch&gt;</replaceable> and
+ <replaceable>&lt;version&gt;</replaceable>
+ with the architecture and the version number
+ which you want to install, respectively.
+ For example, the boot floppy images for
+ &os;&nbsp;&rel.current;-RELEASE for &i386; are available
+ from <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE/floppies/"></ulink>.</para>
+
+ <para>The floppy images have a <filename>.flp</filename> extension.
+ The <filename>floppies/</filename> directory contains a number of
+ different images, and the ones you will need to use depends on the
+ version of FreeBSD you are installing, and in some cases, the
+ hardware you are installing to. If you are installing
+ FreeBSD&nbsp;4.X in most cases you will just need
+ two files, <filename>kern.flp</filename> and
+ <filename>mfsroot.flp</filename>. If you are
+ installing FreeBSD&nbsp;5.X in most cases you will need three
+ floppies, <filename>boot.flp</filename>,
+ <filename>kern1.flp</filename>, and
+ <filename>kern2.flp</filename>. Check
+ <filename>README.TXT</filename> in the same directory for the
+ most up to date information about these floppy images.</para>
+
+ <note><para>Additional device drivers may
+ be necessary for 5.X systems older than &os;&nbsp;5.3.
+ These drivers are provided on the
+ <filename>drivers.flp</filename> image.</para></note>
+
+ <important>
+ <para>Your FTP program must use <emphasis>binary mode</emphasis>
+ to download these disk images. Some web browsers have been
+ known to use <emphasis>text</emphasis> (or
+ <emphasis>ASCII</emphasis>) mode, which will be apparent if you
+ cannot boot from the disks.</para>
+ </important>
+ </step>
+
+ <step>
+ <title>Prepare the Floppy Disks</title>
+
+ <para>You must prepare one floppy disk per image file you had to
+ download. It is imperative that these disks are free from
+ defects. The easiest way to test this is to format the disks
+ for yourself. Do not trust pre-formatted floppies. The format
+ utility in &windows; will not tell about the presence of
+ bad blocks, it simply marks them as <quote>bad</quote>
+ and ignores them. It is advised that you use brand new
+ floppies if choosing this installation route.</para>
+
+ <important>
+ <para>If you try to install FreeBSD and the installation
+ program crashes, freezes, or otherwise misbehaves, one of
+ the first things to suspect is the floppies. Try writing
+ the floppy image files to new disks and try
+ again.</para>
+ </important>
+ </step>
+
+ <step>
+ <title>Write the Image Files to the Floppy Disks</title>
+
+ <para>The <filename>.flp</filename> files are
+ <emphasis>not</emphasis> regular files you copy to the disk.
+ They are images of the complete contents of the
+ disk. This means that you <emphasis>cannot</emphasis> simply
+ copy files from one disk to another.
+ Instead, you must use specific tools to write the
+ images directly to the disk.</para>
+
+ <indexterm><primary>DOS</primary></indexterm>
+ <para>If you are creating the floppies on a computer running
+ &ms-dos;/&windows;, then we provide a tool to do
+ this called <command>fdimage</command>.</para>
+
+ <para>If you are using the floppies from the CDROM, and your
+ CDROM is the <devicename>E:</devicename> drive, then you would
+ run this:</para>
+
+ <screen><prompt>E:\&gt;</prompt> <userinput>tools\fdimage floppies\kern.flp A:</userinput></screen>
+
+ <para>Repeat this command for each <filename>.flp</filename>
+ file, replacing the floppy disk each time, being sure to label
+ the disks with the name of the file that you copied to them.
+ Adjust the command line as necessary, depending on where you have
+ placed the <filename>.flp</filename> files. If you do not have
+ the CDROM, then <command>fdimage</command> can be downloaded from
+ the <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/tools/"><filename class="directory">tools</filename>
+ directory</ulink> on the FreeBSD FTP site.</para>
+
+ <para>If you are writing the floppies on a &unix; system (such as
+ another FreeBSD system) you can use the &man.dd.1; command to
+ write the image files directly to disk. On FreeBSD, you would
+ run:</para>
+
+ <screen>&prompt.root; <userinput>dd if=kern.flp of=/dev/fd0</userinput></screen>
+
+ <para>On FreeBSD, <filename>/dev/fd0</filename> refers to the
+ first floppy disk (the <devicename>A:</devicename> drive).
+ <filename>/dev/fd1</filename> would be the
+ <devicename>B:</devicename> drive, and so on. Other &unix;
+ variants might have different names for the floppy disk
+ devices, and you will need to check the documentation for the
+ system as necessary.</para>
+ </step>
+ </procedure>
+
+ <para>You are now ready to start installing FreeBSD.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="install-start">
+ <title>Starting the Installation</title>
+
+ <important>
+ <para>By default, the installation will not make any changes to your
+ disk(s) until you see the following message:</para>
+
+ <literallayout class="monospaced">Last Chance: Are you SURE you want continue the installation?
+
+If you're running this on a disk with data you wish to save then WE
+STRONGLY ENCOURAGE YOU TO MAKE PROPER BACKUPS before proceeding!
+
+We can take no responsibility for lost disk contents!</literallayout>
+
+ <para>The install can be exited at any time prior to the final
+ warning without changing the contents of the hard drive. If you are
+ concerned that you have configured something incorrectly you can just
+ turn the computer off before this point, and no damage will be
+ done.</para>
+ </important>
+
+ <sect2 id="install-starting">
+ <title>Booting</title>
+
+ <sect3 id="install-starting-i386">
+ <title>Booting for the &i386;</title>
+
+ <procedure>
+ <step>
+ <para>Start with your computer turned off.</para>
+ </step>
+
+ <step>
+ <para>Turn on the computer. As it starts it should display an
+ option to enter the system set up menu, or BIOS, commonly reached
+ by keys like <keycap>F2</keycap>, <keycap>F10</keycap>,
+ <keycap>Del</keycap>, or
+ <keycombo action="simul">
+ <keycap>Alt</keycap>
+ <keycap>S</keycap>
+ </keycombo>. Use whichever keystroke is indicated on screen. In
+ some cases your computer may display a graphic while it starts.
+ Typically, pressing <keycap>Esc</keycap> will dismiss the graphic
+ and allow you to see the necessary messages.</para>
+ </step>
+
+ <step>
+ <para>Find the setting that controls which devices the system boots
+ from. This is usually labeled as the <quote>Boot Order</quote>
+ and commonly shown as a list of devices, such as
+ <literal>Floppy</literal>, <literal>CDROM</literal>,
+ <literal>First Hard Disk</literal>, and so on.</para>
+
+ <para>If you needed to prepare boot floppies, then make sure that the
+ floppy disk is selected. If you are booting from the CDROM then
+ make sure that that is selected instead. In case of doubt, you
+ should consult the manual that came with your computer, and/or its
+ motherboard.</para>
+
+ <para>Make the change, then save and exit. The computer should now
+ restart.</para>
+ </step>
+
+ <step>
+ <para>If you needed to prepare boot floppies, as described in
+ <xref linkend="install-floppies">, then one of them will be the
+ first boot disc, probably the one containing
+ <filename>kern.flp</filename>. Put this disc in your floppy
+ drive.</para>
+
+ <para>If you are booting from CDROM, then you will need to turn on
+ the computer, and insert the CDROM at the first
+ opportunity.</para>
+
+ <para>If your computer starts up as normal and loads your existing
+ operating system, then either:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>The disks were not inserted early enough in the boot
+ process. Leave them in, and try restarting your
+ computer.</para>
+ </listitem>
+
+ <listitem>
+ <para>The BIOS changes earlier did not work correctly. You
+ should redo that step until you get the right option.</para>
+ </listitem>
+
+ <listitem>
+ <para>Your particular BIOS does not support booting from
+ the desired media.</para>
+ </listitem>
+ </orderedlist>
+ </step>
+
+ <step>
+ <para>FreeBSD will start to boot. If you are booting from CDROM you
+ will see a display similar to this (version information omitted):</para>
+
+ <screen>Verifying DMI Pool Data ........
+Boot from ATAPI CD-ROM :
+ 1. FD 2.88MB System Type-(00)
+Uncompressing ... done
+
+BTX loader 1.00 BTX version is 1.01
+Console: internal video/keyboard
+BIOS drive A: is disk0
+BIOS drive B: is disk1
+BIOS drive C: is disk2
+BIOS drive D: is disk3
+BIOS 639kB/261120kB available memory
+
+FreeBSD/i386 bootstrap loader, Revision 0.8
+
+/kernel text=0x277391 data=0x3268c+0x332a8 |
+
+|
+Hit [Enter] to boot immediately, or any other key for command prompt.
+Booting [kernel] in 9 seconds... _</screen>
+
+ <para>If you are booting from floppy disc, you will see a display
+ similar to this (version information omitted):</para>
+
+ <screen>Verifying DMI Pool Data ........
+
+BTX loader 1.00 BTX version is 1.01
+Console: internal video/keyboard
+BIOS drive A: is disk0
+BIOS drive C: is disk1
+BIOS 639kB/261120kB available memory
+
+FreeBSD/i386 bootstrap loader, Revision 0.8
+
+/kernel text=0x277391 data=0x3268c+0x332a8 |
+
+Please insert MFS root floppy and press enter:</screen>
+
+ <para>Follow these instructions by removing the
+ <filename>kern.flp</filename> disc, insert the
+ <filename>mfsroot.flp</filename> disc, and press
+ <keycap>Enter</keycap>. &os;&nbsp;5.3
+ and above provide other floppy disks set, as described
+ in <link linkend="install-floppies">previous
+ section</link>. Boot from first floppy;
+ when prompted, insert the other disks as required.</para>
+ </step>
+
+ <step>
+ <para>Whether you booted from floppy or CDROM, the
+ boot process will then get to this point:</para>
+
+ <screen>Hit [Enter] to boot immediately, or any other key for command prompt.
+Booting [kernel] in 9 seconds... _</screen>
+
+ <para>Either wait ten seconds, or press <keycap>Enter</keycap>
+ (for &os;&nbsp;4.X this
+ will then launch the kernel configuration menu).</para>
+ </step>
+ </procedure>
+
+ </sect3>
+ <sect3>
+ <title>Booting for the Alpha</title>
+
+ <indexterm><primary>Alpha</primary></indexterm>
+
+ <procedure>
+ <step>
+ <para>Start with your computer turned off.</para>
+ </step>
+
+ <step>
+ <para>Turn on the computer and wait for a boot monitor
+ prompt.</para>
+ </step>
+
+ <step>
+ <para>If you needed to prepare boot floppies, as described in
+ <xref linkend="install-floppies"> then one of them will be the
+ first boot disc, probably the one containing
+ <filename>kern.flp</filename>. Put this disc in your floppy
+ drive and type the following command to boot the disk
+ (substituting the name of your floppy drive if
+ necessary):</para>
+
+ <screen>&gt;&gt;&gt;<userinput>BOOT DVA0 -FLAGS '' -FILE ''</userinput></screen>
+
+ <para>If you are booting from CDROM, insert the CDROM into
+ the drive and type the following command to start the
+ installation (substituting the name of the appropriate
+ CDROM drive if necessary):</para>
+
+ <screen>&gt;&gt;&gt;<userinput>BOOT DKA0 -FLAGS '' -FILE ''</userinput></screen>
+ </step>
+
+ <step>
+ <para>FreeBSD will start to boot. If you are booting from a
+ floppy disc, at some point you will see the message:</para>
+
+ <screen>Please insert MFS root floppy and press enter:</screen>
+
+ <para>Follow these instructions by removing the
+ <filename>kern.flp</filename> disc, insert the
+ <filename>mfsroot.flp</filename> disc, and press
+ <keycap>Enter</keycap>.</para>
+ </step>
+
+ <step>
+ <para>Whether you booted from floppy or CDROM, the
+ boot process will then get to this point:</para>
+
+ <screen>Hit [Enter] to boot immediately, or any other key for command prompt.
+Booting [kernel] in 9 seconds... _</screen>
+
+ <para>Either wait ten seconds, or press <keycap>Enter</keycap>. This
+ will then launch the kernel configuration menu.</para>
+ </step>
+ </procedure>
+
+ </sect3>
+
+ </sect2>
+
+ <sect2 id="start-userconfig">
+ <title>Kernel Configuration</title>
+
+ <note><para>From FreeBSD versions 5.0 and later, userconfig has been deprecated
+ in favor of the new &man.device.hints.5; method. For more information
+ on &man.device.hints.5; please visit <xref linkend="device-hints"></para></note>
+
+ <para>The <firstterm>kernel</firstterm> is the core of the operating
+ system. It is responsible for many things, including access to all
+ the devices you may have on your system, such as hard disks, network
+ cards, sound cards, and so on. Each piece of hardware supported by
+ the FreeBSD kernel has a driver associated with it. Each driver has a
+ two or three letter name, such as <devicename>sa</devicename> for the
+ SCSI sequential access driver, or <devicename>sio</devicename> for the
+ Serial I/O driver (which manages COM ports).</para>
+
+ <para>When the kernel starts, each driver checks the system to see
+ whether or not the hardware it supports exists on your system. If it
+ does, then the driver configures the hardware and makes it available
+ to the rest of the kernel.</para>
+
+ <para>This checking is commonly referred to as <firstterm>device
+ probing</firstterm>. Unfortunately, it is not always possible to do
+ this in a safe way. Some hardware drivers do not co-exist well,
+ and probing for one piece of hardware can sometimes leave
+ another in an inconsistent state. This is a basic
+ limitation of the <acronym>PC</acronym> design.</para>
+
+ <para>Many older devices are called ISA devices&mdash;as opposed
+ to PCI devices. The ISA specification requires each device to have
+ some information hard coded into it, typically the Interrupt Request
+ Line number (IRQ) and IO port address that the driver uses. This
+ information is commonly set by using physical
+ <firstterm>jumpers</firstterm> on the card, or by using a DOS based
+ utility.</para>
+
+ <para>This was often a source of problems, because it was not possible
+ to have two devices that shared the same IRQ or port address.</para>
+
+ <para>Newer devices follow the PCI specification, which does not require
+ this, as the devices are supposed to cooperate with the BIOS, and are
+ told which IRQ and IO port addresses to use.</para>
+
+ <para>If you have any ISA devices in your computer then FreeBSD's
+ driver for that device will need to be configured with the IRQ and
+ port address that you have set the card to. This is why carrying out
+ an inventory of your hardware (see <xref
+ linkend="install-inventory">) can be useful.</para>
+
+ <para>Unfortunately, the default IRQs and memory ports used by some
+ drivers clash. This is because some ISA devices are shipped with IRQs
+ or memory ports that clash. The defaults in FreeBSD's drivers are
+ deliberately set to mirror the manufacturer's defaults, so that, out
+ of the box, as many devices as possible will work.</para>
+
+ <para>This is almost never an issue when running FreeBSD day-to-day.
+ Your computer will not normally contain two pieces of hardware that
+ clash, because one of them would not work (irrespective of the
+ operating system you are using).</para>
+
+ <para>It becomes an issue when you are installing FreeBSD for the first
+ time because the kernel used to carry out the install has to contain
+ as many drivers as possible, so that many different hardware
+ configurations can be supported. This means that some of
+ those drivers will have conflicting configurations. The devices are
+ probed in a strict order, and if you own a device that is probed late
+ in the process, but conflicted with an earlier probe, then your
+ hardware might not function or be probed correctly when you install
+ FreeBSD.</para>
+
+ <para>Because of this, the first thing you have the opportunity to do
+ when installing FreeBSD is look at the list of drivers that are
+ configured into the kernel, and either disable some of them, if you
+ do not own that device, or confirm (and alter) the driver's
+ configuration if you do own the device but the defaults are
+ wrong.</para>
+
+ <para>This probably sounds much more complicated than it actually
+ is.</para>
+
+ <para><xref linkend="kernel-config"> shows the first kernel
+ configuration menu. We recommend that you choose the
+ <guimenuitem>Start kernel configuration in full-screen visual
+ mode</guimenuitem> option, as it presents the easiest interface for
+ the new user.</para>
+
+ <figure id="kernel-config">
+ <title>Kernel Configuration Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/userconfig" format="PNG">
+ </imageobject>
+
+ <textobject>
+ <screen>&txt.install.userconfig;</screen>
+ </textobject>
+ </mediaobject>
+ </figure>
+
+ <para>The kernel configuration screen (<xref linkend="fig-userconfig">)
+ is then divided into four sections:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>A collapsible list of all the drivers that are currently
+ marked as <quote>active</quote>, subdivided into groups such as
+ <literal>Storage</literal>, and <literal>Network</literal>. Each
+ driver is shown as a description, its two or three letter driver
+ name, and the IRQ and memory port used by that driver. In
+ addition, if an active driver conflicts with another active driver
+ then <literal>CONF</literal> is shown next to the driver name.
+ This section also shows the total number of conflicting drivers
+ that are currently active.</para>
+ </listitem>
+
+ <listitem>
+ <para>Drivers that have been marked inactive. They remain in the
+ kernel, but they will not probe for their device when the kernel
+ starts. These are subdivided into groups in the same way as the
+ active driver list.</para>
+ </listitem>
+
+ <listitem>
+ <para>More detail about the currently selected driver, including its
+ IRQ and memory port address.</para>
+ </listitem>
+
+ <listitem>
+ <para>Information about the keystrokes that are valid at this point
+ in time.</para>
+ </listitem>
+ </orderedlist>
+
+ <figure id="fig-userconfig">
+ <title>The Kernel Device Configuration Visual Interface</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/userconfig2" format="PNG">
+ </imageobject>
+
+ <textobject>
+ <screen>&txt.install.userconfig2;</screen>
+ </textobject>
+ </mediaobject>
+ </figure>
+
+ <para>Do not worry if any conflicts are listed,
+ it is to be expected; all the drivers are enabled, and
+ as has already been explained, some of them will conflict with one
+ another.</para>
+
+ <para>You now have to work through the list of drivers, resolving the
+ conflicts.</para>
+
+ <procedure>
+ <title>Resolving Driver Conflicts</title>
+
+ <step>
+ <para>Press <keycap>X</keycap>. This will completely expand the
+ list of drivers, so you can see all of them. You will need to use
+ the arrow keys to scroll back and forth through the active driver
+ list.</para>
+
+ <para><xref linkend="hardware-conflicts"> shows the result of
+ pressing <keycap>X</keycap>.</para>
+
+ <figure id="hardware-conflicts">
+ <title>Expanded Driver List</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/hdwrconf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </step>
+
+ <step>
+ <para>Disable all the drivers for devices that you do not have. To
+ disable a driver, highlight it with the arrow keys and press
+ <keycap>Del</keycap>. The driver will be moved to the
+ <literal>Inactive Drivers</literal> list.</para>
+
+ <para>If you inadvertently disable a device that you need then press
+ <keycap>Tab</keycap> to switch to the <literal>Inactive
+ Drivers</literal> list, select the driver that you disabled, and
+ press <keycap>Enter</keycap> to move it back to the active
+ list.</para>
+
+ <warning>
+ <para>Do not disable <devicename>sc0</devicename>. This controls
+ the screen, and you will need this unless you are installing
+ over a serial cable.</para>
+ </warning>
+
+ <warning>
+ <para>Only disable <devicename>atkbd0</devicename> if you are
+ using a USB keyboard. If you have a normal keyboard then you
+ must keep <devicename>atkbd0</devicename>.</para>
+ </warning>
+ </step>
+
+ <step>
+ <para>If there are no conflicts listed then you can skip this step.
+ Otherwise, the remaining conflicts need to be examined. If they
+ do not have the indication of an <quote>allowed conflict</quote>
+ in the message area, then either the IRQ/address for device probe
+ will need to be changed, <emphasis>or</emphasis> the IRQ/address
+ on the hardware will need to be changed.</para>
+
+ <para>To change the driver's configuration for IRQ and IO port
+ address, select the device and press <keycap>Enter</keycap>. The
+ cursor will move to the third section of the screen, and you can
+ change the values. You should enter the values for IRQ and port
+ address that you discovered when you made your hardware inventory.
+ Press <keycap>Q</keycap> to finish editing the device's
+ configuration and return to the active driver list.</para>
+
+ <para>If you are not sure what these figures should be then you can
+ try using <literal>-1</literal>. Some FreeBSD drivers can safely
+ probe the hardware to discover what the correct value should be,
+ and a value of <literal>-1</literal> configures them to do
+ this.</para>
+
+ <para>The procedure for changing the address on the hardware varies
+ from device to device. For some devices you may need to
+ physically remove the card from your computer and adjust jumper
+ settings or DIP switches. Other cards may have come with a DOS
+ floppy that contains the programs used to reconfigure the card.
+ In any case, you should refer to the documentation that came with
+ the device. This will obviously entail restarting your computer,
+ so you will need to boot back into the FreeBSD installation
+ routine when you have reconfigured the card.</para>
+ </step>
+
+ <step>
+ <para>When all the conflicts have been resolved the screen will look
+ similar to <xref linkend="userconfig-done">.</para>
+
+ <figure id="userconfig-done">
+ <title>Driver Configuration With No Conflicts</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/probstart" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>As you can see, the active driver list is now much smaller,
+ with only drivers for the hardware that actually exists being
+ listed.</para>
+
+ <para>You can now save these changes, and move on to the next step
+ of the install. Press <keycap>Q</keycap> to quit the device
+ configuration interface. This message will appear:</para>
+
+ <screen>Save these parameters before exiting? ([Y]es/[N]o/[C]ancel)</screen>
+
+ <para>Answer <keycap>Y</keycap> to save the parameters to memory
+ (it will be saved to disk if you finish the install) and the
+ probing will start. After displaying the probe results in white
+ on black text <application>sysinstall</application> will start
+ and display its main menu
+ (<xref linkend="sysinstall-main">).</para>
+
+ <figure id="sysinstall-main">
+ <title>Sysinstall Main Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/main1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2 id="view-probe">
+ <title>Reviewing the Device Probe Results</title>
+
+ <para>The last few hundred lines that have been displayed on screen are
+ stored and can be reviewed.</para>
+
+ <para>To review the buffer, press <keycap>Scroll Lock</keycap>. This
+ turns on scrolling in the display. You can then use the arrow keys, or
+ <keycap>PageUp</keycap> and <keycap>PageDown</keycap> to view the
+ results. Press <keycap>Scroll Lock</keycap> again to stop
+ scrolling.</para>
+
+ <para>Do this now, to review the text that scrolled off the screen when
+ the kernel was carrying out the device probes. You will see text
+ similar to <xref linkend="install-dev-probe">, although the precise
+ text will differ depending on the devices that you have in your
+ computer.</para>
+
+ <figure id="install-dev-probe">
+ <title>Typical Device Probe Results</title>
+
+ <screen>avail memory = 253050880 (247120K bytes)
+Preloaded elf kernel "kernel" at 0xc0817000.
+Preloaded mfs_root "/mfsroot" at 0xc0817084.
+md0: Preloaded image &lt;/mfsroot&gt; 4423680 bytes at 0xc03ddcd4
+
+md1: Malloc disk
+Using $PIR table, 4 entries at 0xc00fde60
+npx0: &lt;math processor&gt; on motherboard
+npx0: INT 16 interface
+pcib0: &lt;Host to PCI bridge&gt; on motherboard
+pci0: &lt;PCI bus&gt; on pcib0
+pcib1:&lt;VIA 82C598MVP (Apollo MVP3) PCI-PCI (AGP) bridge&gt; at device 1.0 on pci0
+pci1: &lt;PCI bus&gt; on pcib1
+pci1: &lt;Matrox MGA G200 AGP graphics accelerator&gt; at 0.0 irq 11
+isab0: &lt;VIA 82C586 PCI-ISA bridge&gt; at device 7.0 on pci0
+isa0: &lt;iSA bus&gt; on isab0
+atapci0: &lt;VIA 82C586 ATA33 controller&gt; port 0xe000-0xe00f at device 7.1 on pci0
+ata0: at 0x1f0 irq 14 on atapci0
+ata1: at 0x170 irq 15 on atapci0
+uhci0 &lt;VIA 83C572 USB controller&gt; port 0xe400-0xe41f irq 10 at device 7.2 on pci
+0
+usb0: &lt;VIA 83572 USB controller&gt; on uhci0
+usb0: USB revision 1.0
+uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr1
+uhub0: 2 ports with 2 removable, self powered
+pci0: &lt;unknown card&gt; (vendor=0x1106, dev=0x3040) at 7.3
+dc0: &lt;ADMtek AN985 10/100BaseTX&gt; port 0xe800-0xe8ff mem 0xdb000000-0xeb0003ff ir
+q 11 at device 8.0 on pci0
+dc0: Ethernet address: 00:04:5a:74:6b:b5
+miibus0: &lt;MII bus&gt; on dc0
+ukphy0: &lt;Generic IEEE 802.3u media interface&gt; on miibus0
+ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
+ed0: &lt;NE2000 PCI Ethernet (RealTek 8029)&gt; port 0xec00-0xec1f irq 9 at device 10.
+0 on pci0
+ed0 address 52:54:05:de:73:1b, type NE2000 (16 bit)
+isa0: too many dependant configs (8)
+isa0: unexpected small tag 14
+orm0: &lt;Option ROM&gt; at iomem 0xc0000-0xc7fff on isa0
+fdc0: &lt;NEC 72065B or clone&gt; at port 0x3f0-0x3f5,0x3f7 irq 6 drq2 on isa0
+fdc0: FIFO enabled, 8 bytes threshold
+fd0: &lt;1440-KB 3.5" drive&gt; on fdc0 drive 0
+atkbdc0: &lt;Keyboard controller (i8042)&gt; at port 0x60,0x64 on isa0
+atkbd0: &lt;AT Keyboard&gt; flags 0x1 irq1 on atkbdc0
+kbd0 at atkbd0
+psm0: &lt;PS/2 Mouse&gt; irq 12 on atkbdc0
+psm0: model Generic PS/@ mouse, device ID 0
+vga0: &lt;Generic ISA VGA&gt; at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
+sc0: &lt;System console&gt; at flags 0x100 on isa0
+sc0: VGA &lt;16 virtual consoles, flags=0x300&gt;
+sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
+sio0: type 16550A
+sio1 at port 0x2f8-0x2ff irq 3 on isa0
+sio1: type 16550A
+ppc0: &lt;Parallel port&gt; at port 0x378-0x37f irq 7 on isa0
+pppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
+ppc0: FIFO with 16/16/15 bytes threshold
+plip0: &lt;PLIP network interface&gt; on ppbus0
+ad0: 8063MB &lt;IBM-DHEA-38451&gt; [16383/16/63] at ata0-master UDMA33
+acd0: CD-RW &lt;LITE-ON LTR-1210B&gt; at ata1-slave PIO4
+Mounting root from ufs:/dev/md0c
+/stand/sysinstall running as init on vty0</screen>
+ </figure>
+
+ <para>Check the probe results carefully to make sure that FreeBSD found
+ all the devices you expected. If a device was not found, then it will
+ not be listed. If the device's driver required configuring
+ with the IRQ and port address then you should check that you entered
+ them correctly.</para>
+
+ <para>If you need to make changes to the UserConfig device probing,
+ it is easy to exit the <application>sysinstall</application> program
+ and start over again. It is also a good way to become more familiar
+ with the process.</para>
+
+ <figure id="sysinstall-exit">
+ <title>Select Sysinstall Exit</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/sysinstall-exit" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Use the arrow keys to select
+ <guimenuitem>Exit Install</guimenuitem> from the Main
+ Install Screen menu. The following message will display:</para>
+
+
+ <screen> User Confirmation Requested
+ Are you sure you wish to exit? The system will reboot
+ (be sure to remove any floppies from the drives).
+
+ [ Yes ] No</screen>
+
+ <para>The install program will start again if the CDROM is left
+ in the drive and &gui.yes; is selected.</para>
+
+ <para>If you are booting from floppies it will be necessary to remove
+ the <filename>mfsroot.flp</filename> floppy and replace it with
+ <filename>kern.flp</filename> before rebooting.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="using-sysinstall">
+ <title>Introducing Sysinstall</title>
+
+ <para>The <application>sysinstall</application> utility is the installation
+ application provided by the FreeBSD Project. It is console based and is
+ divided into a number of menus and screens that you can use to
+ configure and control the installation process.</para>
+
+ <para>The <application>sysinstall</application> menu system is controlled
+ by the arrow keys, <keycap>Enter</keycap>, <keycap>Space</keycap>, and
+ other keys. A detailed description of these keys and what they do is
+ contained in <application>sysinstall</application>'s usage
+ information.</para>
+
+ <para>To review this information, ensure that the
+ <guimenuitem>Usage</guimenuitem> entry is highlighted and that the
+ <guibutton>[Select]</guibutton> button is selected, as shown in <xref
+ linkend="sysinstall-main3">, then press <keycap>Enter</keycap>.</para>
+
+ <para>The instructions for using the menu system will be displayed. After
+ reviewing them, press <keycap>Enter</keycap> to return to the Main
+ Menu.</para>
+
+ <figure id="sysinstall-main3">
+ <title>Selecting Usage from Sysinstall Main Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/main1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <sect2 id="select-doc">
+ <title>Selecting the Documentation Menu</title>
+
+ <para>From the Main Menu, select <guimenuitem>Doc</guimenuitem> with
+ the arrow keys and
+ press <keycap>Enter</keycap>.</para>
+
+ <figure id="main-doc">
+ <title>Selecting Documentation Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/main-doc" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>This will display the Documentation Menu.</para>
+
+ <figure id="docmenu1">
+ <title>Sysinstall Documentation Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/docmenu1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>It is important to read the documents provided.</para>
+
+ <para>To view a document, select it with the arrow keys and
+ press <keycap>Enter</keycap>. When finished reading a document,
+ pressing <keycap>Enter</keycap> will return to the Documentation
+ Menu.</para>
+
+ <para>To return to the Main Installation Menu, select
+ <guimenuitem>Exit</guimenuitem> with the
+ arrow keys and press <keycap>Enter</keycap>.</para>
+ </sect2>
+
+ <sect2 id="keymap">
+ <title>Selecting the Keymap Menu</title>
+
+ <para>To change the keyboard mapping, use the arrow keys to select
+ <guimenuitem>Keymap</guimenuitem> from the menu and press
+ <keycap>Enter</keycap>. This is only required if you are
+ using a non-standard or non-US keyboard.</para>
+
+ <figure id="sysinstall-keymap">
+ <title>Sysinstall Main Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/main-keymap" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>A different keyboard mapping may be chosen by selecting the
+ menu item using up/down arrow keys and pressing <keycap>Space</keycap>.
+ Pressing <keycap>Space</keycap> again will unselect the item.
+ When finished, choose the &gui.ok; using the arrow keys and press
+ <keycap>Enter</keycap>.</para>
+
+ <para>Only a partial list is shown in this screen representation.
+ Selecting &gui.cancel; by pressing <keycap>Tab</keycap> will use the default
+ keymap and return to the Main Install Menu.</para>
+
+ <figure id="sysinstall-keymap-menu">
+ <title>Sysinstall Keymap Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/keymap" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ </sect2>
+
+ <sect2 id="viewsetoptions">
+ <title>Installation Options Screen</title>
+
+ <para>Select <guimenuitem>Options</guimenuitem> and press
+ <keycap>Enter</keycap>.</para>
+
+ <figure id="sysinstall-options">
+ <title>Sysinstall Main Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/main-options" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <figure id="options">
+ <title>Sysinstall Options</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/options" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The default values are usually fine for most users and do
+ not need to be changed. The release name will vary according
+ to the version being installed.</para>
+
+ <para>The description of the selected item will appear at the
+ bottom of the screen highlighted in blue. Notice that one of the
+ options is <guimenuitem>Use Defaults</guimenuitem> to reset all
+ values to startup defaults.</para>
+
+ <para>Press <keycap>F1</keycap> to read the help screen about the
+ various options.</para>
+
+ <para>Pressing <keycap>Q</keycap> will return to the Main Install
+ menu.</para>
+ </sect2>
+
+ <sect2 id="start-install">
+ <title>Begin a Standard Installation</title>
+
+ <para>The <guimenuitem>Standard</guimenuitem> installation is the
+ option recommended for those new to &unix; or FreeBSD. Use the arrow
+ keys to select <guimenuitem>Standard</guimenuitem> and
+ then press <keycap>Enter</keycap> to start the installation.</para>
+
+ <figure id="sysinstall-standard">
+ <title>Begin Standard Installation</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/main-std" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect2>
+ </sect1>
+
+ <sect1 id="install-steps">
+ <title>Allocating Disk Space</title>
+
+ <para>Your first task is to allocate disk space for FreeBSD, and label
+ that space so that <application>sysinstall</application> can prepare
+ it. In order to do this you need to know how FreeBSD expects to find
+ information on the disk.</para>
+
+ <sect2 id="install-drive-bios-numbering">
+ <title>BIOS Drive Numbering</title>
+
+ <para>Before you install and configure FreeBSD on your system, there is an
+ important subject that you should be aware of, especially if you have
+ multiple hard drives.</para>
+
+ <indexterm><primary>DOS</primary></indexterm>
+ <indexterm><primary>Microsoft Windows</primary></indexterm>
+ <para>In a PC running a BIOS-dependent operating system such as
+ &ms-dos; or &microsoft.windows;, the BIOS is able to abstract the
+ normal disk drive order, and
+ the operating system goes along with the change. This allows the user
+ to boot from a disk drive other than the so-called <quote>primary
+ master</quote>. This is especially convenient for some users who have
+ found that the simplest and cheapest way to keep a system backup is to
+ buy an identical second hard drive, and perform routine copies of the
+ first drive to the second drive using
+ <application><trademark class="registered">Ghost</trademark></application> or <application>XCOPY</application>
+ . Then, if the
+ first drive fails, or is attacked by a virus, or is scribbled upon by an
+ operating system defect, he can easily recover by instructing the BIOS
+ to logically swap the drives. It is like switching the cables on the
+ drives, but without having to open the case.</para>
+
+ <indexterm><primary>SCSI</primary></indexterm>
+ <indexterm><primary>BIOS</primary></indexterm>
+ <para>More expensive systems with SCSI controllers often include BIOS
+ extensions which allow the SCSI drives to be re-ordered in a similar
+ fashion for up to seven drives.</para>
+
+ <para>A user who is accustomed to taking advantage of these features may
+ become surprised when the results with FreeBSD are not as expected.
+ FreeBSD does not use the BIOS, and does not know the <quote>logical BIOS
+ drive mapping</quote>. This can lead to very perplexing situations,
+ especially when drives are physically identical in geometry, and have
+ also been made as data clones of one another.</para>
+
+ <para>When using FreeBSD, always restore the BIOS to natural drive
+ numbering before installing FreeBSD, and then leave it that way. If you
+ need to switch drives around, then do so, but do it the hard way, and
+ open the case and move the jumpers and cables.</para>
+
+ <sidebar>
+ <title>An Illustration from the Files of Bill and Fred's Exceptional
+ Adventures:</title>
+
+ <para>Bill breaks-down an older Wintel box to make another FreeBSD box
+ for Fred. Bill installs a single SCSI drive as SCSI unit zero and
+ installs FreeBSD on it.</para>
+
+ <para>Fred begins using the system, but after several days notices that
+ the older SCSI drive is reporting numerous soft errors and reports
+ this fact to Bill.</para>
+
+ <para>After several more days, Bill decides it is time to address the
+ situation, so he grabs an identical SCSI drive from the disk drive
+ <quote>archive</quote> in the back room. An initial surface scan
+ indicates that
+ this drive is functioning well, so Bill installs this drive as SCSI
+ unit four and makes an image copy from drive zero to drive four. Now
+ that the new drive is installed and functioning nicely, Bill decides
+ that it is a good idea to start using it, so he uses features in the
+ SCSI BIOS to re-order the disk drives so that the system boots from
+ SCSI unit four. FreeBSD boots and runs just fine.</para>
+
+ <para>Fred continues his work for several days, and soon Bill and Fred
+ decide that it is time for a new adventure &mdash; time to upgrade to a
+ newer version of FreeBSD. Bill removes SCSI unit zero because it was
+ a bit flaky and replaces it with another identical disk drive from
+ the <quote>archive</quote>. Bill then installs the new version of
+ FreeBSD onto the new SCSI unit zero using Fred's magic Internet FTP
+ floppies. The installation goes well.</para>
+
+ <para>Fred uses the new version of FreeBSD for a few days, and certifies
+ that it is good enough for use in the engineering department. It is
+ time to copy all of his work from the old version. So Fred mounts
+ SCSI unit four (the latest copy of the older FreeBSD version). Fred
+ is dismayed to find that none of his precious work is present on SCSI
+ unit four.</para>
+
+ <para>Where did the data go?</para>
+
+ <para>When Bill made an image copy of the original SCSI unit zero onto
+ SCSI unit four, unit four became the <quote>new clone</quote>.
+ When Bill re-ordered the SCSI BIOS so that he could boot from
+ SCSI unit four, he was only fooling himself.
+ FreeBSD was still running on SCSI unit zero.
+ Making this kind of BIOS change will cause some or all of the Boot and
+ Loader code to be fetched from the selected BIOS drive, but when the
+ FreeBSD kernel drivers take-over, the BIOS drive numbering will be
+ ignored, and FreeBSD will transition back to normal drive numbering.
+ In the illustration at hand, the system continued to operate on the
+ original SCSI unit zero, and all of Fred's data was there, not on SCSI
+ unit four. The fact that the system appeared to be running on SCSI
+ unit four was simply an artifact of human expectations.</para>
+
+ <para>We are delighted to mention that no data bytes were killed or
+ harmed in any way by our discovery of this phenomenon. The older SCSI
+ unit zero was retrieved from the bone pile, and all of Fred's work was
+ returned to him, (and now Bill knows that he can count as high as
+ zero).</para>
+
+ <para>Although SCSI drives were used in this illustration, the concepts
+ apply equally to IDE drives.</para>
+ </sidebar>
+ </sect2>
+
+ <sect2 id="main-fdisk">
+ <title>Creating Slices Using FDisk</title>
+
+ <note>
+ <para>No changes you make at this point will be written to the disk.
+ If you think you have made a mistake and want to start again you can
+ use the menus to exit <application>sysinstall</application> and try
+ again or press <keycap>U</keycap> to use the <guimenuitem>Undo</guimenuitem> option.
+ If you get confused and can not see how to exit you can
+ always turn your computer off.</para>
+ </note>
+
+ <para>After choosing to begin a standard installation in
+ <application>sysinstall</application> you will be shown this
+ message:</para>
+
+ <screen> Message
+ In the next menu, you will need to set up a DOS-style ("fdisk")
+ partitioning scheme for your hard disk. If you simply wish to devote
+ all disk space to FreeBSD (overwriting anything else that might be on
+ the disk(s) selected) then use the (A)ll command to select the default
+ partitioning scheme followed by a (Q)uit. If you wish to allocate only
+ free space to FreeBSD, move to a partition marked "unused" and use the
+ (C)reate command.
+ [ OK ]
+
+ [ Press enter or space ]</screen>
+
+ <para>Press <keycap>Enter</keycap> as instructed. You will then be
+ shown a list of all the hard drives that the kernel found when it
+ carried out the device probes.
+ <xref linkend="sysinstall-fdisk-drive1"> shows an example from a
+ system with two IDE disks. They have been called
+ <devicename>ad0</devicename> and <devicename>ad2</devicename>.</para>
+
+ <figure id="sysinstall-fdisk-drive1">
+ <title>Select Drive for FDisk</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/fdisk-drive1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>You might be wondering why <devicename>ad1</devicename> is not
+ listed here. Why has it been missed?</para>
+
+ <para>Consider what would happen if you had two IDE hard disks, one
+ as the master on the first IDE controller, and one as the master on
+ the second IDE controller. If FreeBSD numbered these as it found
+ them, as <devicename>ad0</devicename> and
+ <devicename>ad1</devicename> then everything would work.</para>
+
+ <para>But if you then added a third disk, as the slave device on the
+ first IDE controller, it would now be <devicename>ad1</devicename>,
+ and the previous <devicename>ad1</devicename> would become
+ <devicename>ad2</devicename>. Because device names (such as
+ <devicename>ad1s1a</devicename>) are used to find filesystems, you
+ may suddenly discover that some of your filesystems no longer
+ appear correctly, and you would need to change your FreeBSD
+ configuration.</para>
+
+ <para>To work around this, the kernel can be configured to name IDE
+ disks based on where they are, and not the order in which they were
+ found. With this scheme the master disk on the second IDE
+ controller will <emphasis>always</emphasis> be
+ <devicename>ad2</devicename>, even if there are no
+ <devicename>ad0</devicename> or <devicename>ad1</devicename>
+ devices.</para>
+
+ <para>This configuration is the default for the FreeBSD kernel, which
+ is why this display shows <devicename>ad0</devicename> and
+ <devicename>ad2</devicename>. The machine on which this screenshot
+ was taken had IDE disks on both master channels of the IDE
+ controllers, and no disks on the slave channels.</para>
+
+ <para>You should select the disk on which you want to install FreeBSD,
+ and then press &gui.ok;.
+ <application>FDisk</application> will start, with a display similar to
+ that shown in <xref linkend="sysinstall-fdisk1">.</para>
+
+ <para>The <application>FDisk</application> display is broken into three
+ sections.</para>
+
+ <para>The first section, covering the first two lines of the display,
+ shows details about the currently selected disk, including its FreeBSD
+ name, the disk geometry, and the total size of the disk.</para>
+
+ <para>The second section shows the slices that are currently on the
+ disk, where they start and end, how large they are, the name FreeBSD
+ gives them, and their description and sub-type. This example shows two
+ small unused slices, which are artifacts of disk layout schemes on the
+ PC. It also shows one large <acronym>FAT</acronym> slice, which almost certainly appears
+ as <devicename>C:</devicename> in &ms-dos; / &windows;, and an extended
+ slice, which may contain other drive letters for &ms-dos; / &windows;.</para>
+
+ <para>The third section shows the commands that are available in
+ <application>FDisk</application>.</para>
+
+ <figure id="sysinstall-fdisk1">
+ <title>Typical Fdisk Partitions before Editing</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/fdisk-edit1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>What you do now will depend on how you want to slice up your
+ disk.</para>
+
+ <para>If you want to use FreeBSD for the entire disk (which will delete
+ all the other data on this disk when you confirm that you want
+ <application>sysinstall</application> to continue later in the
+ installation process) then you can press <keycap>A</keycap>, which
+ corresponds to the <guimenuitem>Use Entire Disk</guimenuitem> option.
+ The existing slices will be removed, and replaced with a small area
+ flagged as <literal>unused</literal> (again, an artifact of PC disk
+ layout), and then one large slice for FreeBSD. If you do this, then
+ you should select the newly created FreeBSD slice using the arrow
+ keys, and press <keycap>S</keycap> to mark the slice as being
+ bootable. The screen will then look very similar to
+ <xref linkend="sysinstall-fdisk2">. Note the
+ <literal>A</literal> in the <literal>Flags</literal> column, which
+ indicates that this slice is <emphasis>active</emphasis>, and will be
+ booted from.</para>
+
+ <para>If you will be deleting an existing slice to make space for
+ FreeBSD then you should select the slice using the arrow keys, and
+ then press <keycap>D</keycap>. You can then press <keycap>C</keycap>,
+ and be prompted for size of slice you want to create. Enter the
+ appropriate figure and press <keycap>Enter</keycap>. The default
+ value in this box represents the largest possible slice you can
+ make, which could be the largest contiguous block of unallocated
+ space or the size of the entire hard disk.</para>
+
+ <para>If you have already made space for FreeBSD (perhaps by using a
+ tool such as <application>&partitionmagic;</application>) then you can
+ press <keycap>C</keycap> to create a new slice. Again, you will be
+ prompted for the size of slice you would like to create.</para>
+
+ <figure id="sysinstall-fdisk2">
+ <title>Fdisk Partition Using Entire Disk</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/fdisk-edit2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>When finished, press <keycap>Q</keycap>. Your changes will be
+ saved in <application>sysinstall</application>, but will not yet be
+ written to disk.</para>
+ </sect2>
+
+ <sect2 id="bootmgr">
+ <title>Install a Boot Manager</title>
+
+ <para>You now have the option to install a boot manager. In general,
+ you should choose to install the FreeBSD boot manager if:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>You have more than one drive, and have installed FreeBSD onto
+ a drive other than the first one.</para>
+ </listitem>
+
+ <listitem>
+ <para>You have installed FreeBSD alongside another operating system
+ on the same disk, and you want to choose whether to start FreeBSD
+ or the other operating system when you start the computer.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If FreeBSD is going to be the only operating system on
+ this machine, installed on the first hard disk, then the
+ <guimenuitem>Standard</guimenuitem> boot manager will suffice.
+ Choose <guimenuitem>None</guimenuitem> if you are using a
+ third-party boot manager capable of booting FreeBSD.</para>
+
+ <para>Make your choice and press <keycap>Enter</keycap>.</para>
+
+ <figure id="sysinstall-bootmgr">
+ <title>Sysinstall Boot Manager Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/boot-mgr" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The help screen, reached by pressing <keycap>F1</keycap>,
+ discusses the problems that can be encountered when trying to share
+ the hard disk between operating systems.</para>
+ </sect2>
+
+ <sect2>
+ <title>Creating Slices on Another Drive</title>
+
+ <para>If there is more than one drive, it will return to the
+ Select Drives screen after the boot manager selection. If you wish to
+ install FreeBSD on to more than one disk, then you can select another
+ disk here and repeat the slice process using
+ <application>FDisk</application>.</para>
+
+ <important>
+ <para>If you are installing FreeBSD on a drive other than your
+ first, then the FreeBSD boot manager needs to be installed on
+ both drives.</para>
+ </important>
+
+ <figure id="sysinstall-fdisk-drive2">
+ <title>Exit Select Drive</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/fdisk-drive2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The <keycap>Tab</keycap> key toggles between the last drive
+ selected, &gui.ok;, and
+ &gui.cancel;.</para>
+
+ <para>Press the <keycap>Tab</keycap> once to toggle to the
+ &gui.ok;, then
+ press <keycap>Enter</keycap>
+ to continue with the installation.</para>
+ </sect2>
+
+ <sect2 id="disklabeleditor">
+ <title>Creating Partitions Using
+ <application>Disklabel</application></title>
+
+ <para>You must now create some partitions inside each slice that you
+ have just created. Remember that each partition is lettered, from
+ <literal>a</literal> through to <literal>h</literal>, and that
+ partitions <literal>b</literal>, <literal>c</literal>, and
+ <literal>d</literal> have conventional meanings that you should adhere
+ to.</para>
+
+ <para>Certain applications can benefit from particular partition
+ schemes, especially if you are laying out partitions across more than
+ one disk. However, for this, your first FreeBSD installation, you do
+ not need to give too much thought to how you partition the disk. It
+ is more important that you install FreeBSD and start learning how to
+ use it. You can always re-install FreeBSD to change your partition
+ scheme when you are more familiar with the operating system.</para>
+
+ <para>This scheme features four partitions&mdash;one for swap space, and
+ three for filesystems.</para>
+
+ <table frame="none" pgwide="1">
+ <title>Partition Layout for First Disk</title>
+
+ <tgroup cols="4">
+ <colspec colwidth="1*">
+ <colspec colwidth="1*">
+ <colspec colwidth="1*">
+ <colspec colwidth="4*">
+
+ <thead>
+ <row>
+ <entry>Partition</entry>
+
+ <entry>Filesystem</entry>
+
+ <entry>Size</entry>
+
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literal>a</literal></entry>
+
+ <entry><filename>/</filename></entry>
+
+ <entry>100&nbsp;MB</entry>
+
+ <entry>This is the root filesystem. Every other filesystem
+ will be mounted somewhere under this one. 100&nbsp;MB is a
+ reasonable size for this filesystem. You will not be storing
+ too much data on it, as a regular FreeBSD install will put
+ about 40&nbsp;MB of data here. The remaining space is for temporary
+ data, and also leaves expansion space if future versions of
+ FreeBSD need more space in <filename>/</filename>.</entry>
+ </row>
+
+ <row>
+ <entry><literal>b</literal></entry>
+
+ <entry>N/A</entry>
+
+ <entry>2-3 x RAM</entry>
+
+ <entry><para>The system's swap space is kept on this partition.
+ Choosing the right amount of swap space can be a bit of an
+ art. A good rule of thumb is that your swap
+ space should be two or three times as much as the
+ available physical memory (RAM).
+ You should also have at least 64&nbsp;MB of swap, so if you have
+ less than 32&nbsp;MB of RAM in your computer then set the swap
+ amount to 64&nbsp;MB.</para><para>
+
+ If you have more than one disk then you can put swap
+ space on each disk. FreeBSD will then use each disk for
+ swap, which effectively speeds up the act of swapping. In
+ this case, calculate the total amount of swap you need
+ (e.g., 128&nbsp;MB), and then divide this by the number of disks
+ you have (e.g., two disks) to give the amount of swap you
+ should put on each disk, in this example, 64&nbsp;MB of swap per
+ disk.</para></entry>
+ </row>
+
+ <row>
+ <entry><literal>e</literal></entry>
+
+ <entry><filename>/var</filename></entry>
+
+ <entry>50&nbsp;MB</entry>
+
+ <entry>The <filename>/var</filename> directory contains
+ files that are constantly varying;
+ log files, and other administrative files. Many
+ of these files are read-from or written-to extensively during
+ FreeBSD's day-to-day running. Putting these files on another
+ filesystem allows FreeBSD to optimize the access of these
+ files without affecting other files in other directories that
+ do not have the same access pattern.</entry>
+ </row>
+
+ <row>
+ <entry><literal>f</literal></entry>
+
+ <entry><filename>/usr</filename></entry>
+
+ <entry>Rest of disk</entry>
+
+ <entry>All your other files will typically be stored in
+ <filename>/usr</filename> and its subdirectories.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>If you will be installing FreeBSD on to more than one disk then
+ you must also create partitions in the other slices that you
+ configured. The easiest way to do this is to create two partitions on
+ each disk, one for the swap space, and one for a filesystem.</para>
+
+ <table frame="none" pgwide="1">
+ <title>Partition Layout for Subsequent Disks</title>
+
+ <tgroup cols="4">
+ <colspec colwidth="1*">
+ <colspec colwidth="1*">
+ <colspec colwidth="2*">
+ <colspec colwidth="3*">
+
+ <thead>
+ <row>
+ <entry>Partition</entry>
+
+ <entry>Filesystem</entry>
+
+ <entry>Size</entry>
+
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literal>b</literal></entry>
+
+ <entry>N/A</entry>
+
+ <entry>See description</entry>
+
+ <entry>As already discussed, you can split swap space across
+ each disk. Even though the <literal>a</literal> partition is
+ free, convention dictates that swap space stays on the
+ <literal>b</literal> partition.</entry>
+ </row>
+
+ <row>
+ <entry><literal>e</literal></entry>
+
+ <entry>/disk<replaceable>n</replaceable></entry>
+
+ <entry>Rest of disk</entry>
+
+ <entry>The rest of the disk is taken up with one big partition.
+ This could easily be put on the <literal>a</literal>
+ partition, instead of the <literal>e</literal> partition.
+ However, convention says that the <literal>a</literal>
+ partition on a slice is reserved for the filesystem that will
+ be the root (<filename>/</filename>) filesystem. You do not
+ have to follow this convention, but
+ <application>sysinstall</application> does, so following it
+ yourself makes the installation slightly cleaner. You can
+ choose to mount this filesystem anywhere; this example
+ suggests that you mount them as directories
+ <filename>/disk<replaceable>n</replaceable></filename>, where
+ <replaceable>n</replaceable> is a number that changes for each
+ disk. But you can use another scheme if you prefer.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>Having chosen your partition layout you can now create it using
+ <application>sysinstall</application>. You will see this
+ message:</para>
+
+ <screen> Message
+ Now, you need to create BSD partitions inside of the fdisk
+ partition(s) just created. If you have a reasonable amount of disk
+ space (200MB or more) and don't have any special requirements, simply
+ use the (A)uto command to allocate space automatically. If you have
+ more specific needs or just don't care for the layout chosen by
+ (A)uto, press F1 for more information on manual layout.
+
+ [ OK ]
+ [ Press enter or space ]</screen>
+
+ <para>Press <keycap>Enter</keycap> to start the FreeBSD partition
+ editor, called <application>Disklabel</application>.</para>
+
+ <para><xref linkend="sysinstall-label"> shows the display when you first
+ start <application>Disklabel</application>. The display is divided in
+ to three sections.</para>
+
+ <para>The first few lines show the name of the disk you are currently
+ working on, and the slice that contains the partitions you are
+ creating (at this point <application>Disklabel</application> calls
+ this the <literal>Partition name</literal> rather than slice name).
+ This display also shows the amount of free space within the slice;
+ that is, space that was set aside in the slice, but that has not yet
+ been assigned to a partition.</para>
+
+ <para>The middle of the display shows the partitions that have been
+ created, the name of the filesystem that each partition contains,
+ their size, and some options pertaining to the creation of the
+ filesystem.</para>
+
+ <para>The bottom third of the screen shows the keystrokes that are valid
+ in <application>Disklabel</application>.</para>
+
+ <figure id="sysinstall-label">
+ <title>Sysinstall Disklabel Editor</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disklabel-ed1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para><application>Disklabel</application> can automatically create
+ partitions for you and assign them default sizes. Try this now, by
+ Pressing <keycap>A</keycap>. You will see a display similar to that
+ shown in <xref linkend="sysinstall-label2">. Depending on the size of
+ the disk you are using, the defaults may or may not be appropriate.
+ This does not matter, as you do not have to accept the
+ defaults.</para>
+
+ <note>
+ <para>Beginning with FreeBSD&nbsp;4.5, the default partitioning assigns
+ the <filename>/tmp</filename> directory its own partition instead
+ of being part of the <filename>/</filename> partition. This
+ helps avoid filling the <filename>/</filename> partition with
+ temporary files.</para>
+ </note>
+
+ <figure id="sysinstall-label2">
+ <title>Sysinstall Disklabel Editor with Auto Defaults</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disklabel-auto" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>If you choose to not use the default partitions and wish to
+ replace them with your
+ own, use the arrow keys to select the first partition, and press
+ <keycap>D</keycap> to delete it. Repeat this to delete all the
+ suggested partitions.</para>
+
+ <para>To create the first partition (<literal>a</literal>, mounted as
+ <filename>/</filename> &mdash; root), make sure the proper disk slice at the top of
+ the screen is selected and press <keycap>C</keycap>. A dialog box
+ will appear prompting you for the size of the new partition (as shown
+ in <xref linkend="sysinstall-label-add">). You can enter the size as
+ the number of disk blocks you want to use, or as a
+ number followed by either <literal>M</literal> for megabytes,
+ <literal>G</literal> for gigabytes, or <literal>C</literal> for
+ cylinders.</para>
+
+ <note><para>Beginning with FreeBSD&nbsp;5.X, users can: select
+ <acronym>UFS2</acronym> (which is default on &os;&nbsp;5.1 and
+ above) using the <literal>Custom Newfs</literal>
+ (<keycap>Z</keycap>) option, create labels with
+ <literal>Auto Defaults</literal> and modify them with the <literal>Custom Newfs</literal> option or
+ add <option>-O 2</option> during the regular creation period.
+ Do not forget to add <option>-U</option> for SoftUpdates if you use the <literal>Custom Newfs</literal>
+ option!</para></note>
+
+ <figure id="sysinstall-label-add">
+ <title>Free Space for Root Partition</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disklabel-root1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The default size shown will create a partition that takes up the
+ rest of the slice. If you are using the partition sizes described
+ in the earlier example, then delete the existing figure using
+ <keycap>Backspace</keycap>, and then type in
+ <userinput>64M</userinput>, as shown in
+ <xref linkend="sysinstall-label-add2">. Then press
+ &gui.ok;.</para>
+
+ <figure id="sysinstall-label-add2">
+ <title>Edit Root Partition Size</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disklabel-root2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Having chosen the partition's size you will then be asked whether
+ this partition will contain a filesystem or swap space. The dialog
+ box is shown in <xref linkend="sysinstall-label-type">. This first
+ partition will contain a filesystem, so check that
+ <guimenuitem>FS</guimenuitem> is selected and press
+ <keycap>Enter</keycap>.</para>
+
+ <figure id="sysinstall-label-type">
+ <title>Choose the Root Partition Type</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disklabel-fs" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Finally, because you are creating a filesystem, you must tell
+ <application>Disklabel</application> where the filesystem is to be
+ mounted. The dialog box is shown in
+ <xref linkend="sysinstall-label-mount">. The root filesystem's mount
+ point is <filename>/</filename>, so type <userinput>/</userinput>, and
+ then press <keycap>Enter</keycap>.</para>
+
+ <figure id="sysinstall-label-mount">
+ <title>Choose the Root Mount Point</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disklabel-root3" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The display will then update to show you the newly created
+ partition. You should repeat this procedure for the other
+ partitions. When you create the swap partition, you will not be
+ prompted for the filesystem mount point, as swap partitions are never
+ mounted. When you create the final partition,
+ <filename>/usr</filename>, you can leave the suggested size as is, to
+ use the rest of the slice.</para>
+
+ <para>Your final FreeBSD DiskLabel Editor screen will appear similar to
+ <xref linkend="sysinstall-label4">, although your values chosen may
+ be different. Press <keycap>Q</keycap> to finish.</para>
+
+ <figure id="sysinstall-label4">
+ <title>Sysinstall Disklabel Editor</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/disklabel-ed2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect2>
+ </sect1>
+
+ <sect1 id="install-choosing">
+ <title>Choosing What to Install</title>
+
+ <sect2 id="distset">
+ <title>Select the Distribution Set</title>
+
+ <para>Deciding which distribution set to install will depend largely
+ on the intended use of the system and the amount of disk space
+ available. The predefined options range from installing the
+ smallest possible configuration to everything. Those who are
+ new to &unix; and/or FreeBSD should almost certainly select one
+ of these canned options. Customizing a distribution set is
+ typically for the more experienced user.</para>
+
+ <para>Press <keycap>F1</keycap> for more information on the
+ distribution set options and what they contain. When finished
+ reviewing the help, pressing <keycap>Enter</keycap> will return
+ to the Select Distributions Menu.</para>
+
+ <para>If a graphical user interface is desired then a distribution
+ set that is preceded by an <literal>X</literal> should be
+ chosen. The configuration of the X server and selection of a default
+ desktop must be done after the installation of &os;. More
+ information regarding the configuration of a X server can be
+ found in <xref linkend="x11">.</para>
+
+ <para>The default version of X11 that is installed depends on the
+ version of FreeBSD that you are installing. For FreeBSD versions
+ prior to 5.3, <application>&xfree86;&nbsp;4.X</application> is installed. For &os;&nbsp;5.3 and later,
+ <application>&xorg;</application> is the default.</para>
+
+ <para>If compiling a custom kernel is anticipated, select an option
+ which includes the source code. For more information on why a
+ custom kernel should be built or how to build a custom kernel, see
+ <xref linkend="kernelconfig">.</para>
+
+ <para>Obviously, the most versatile system is one that includes
+ everything. If there is adequate disk space, select
+ <guimenuitem>All</guimenuitem> as shown in
+ <xref linkend="distribution-set1"> by using the arrow keys and
+ press <keycap>Enter</keycap>. If there is a concern about disk
+ space consider using an option that is more suitable for the
+ situation.
+ Do not fret over the perfect choice, as other distributions can be
+ added after installation.</para>
+
+ <figure id="distribution-set1">
+ <title>Choose Distributions</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/dist-set" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect2>
+
+ <sect2 id="portscol">
+ <title>Installing the Ports Collection</title>
+
+ <para>After selecting the desired distribution, an opportunity to
+ install the FreeBSD Ports Collection is presented. The ports
+ collection is an easy and convenient way to install software.
+ The Ports Collection does not contain the source code necessary
+ to compile the software. Instead, it is a collection of files which
+ automates the downloading, compiling and installation
+ of third-party software packages.
+ <xref linkend="ports"> discusses how to use the ports
+ collection.</para>
+
+ <para>The installation program does not check to see if you have
+ adequate space. Select this option only if you have
+ adequate hard disk space. As of FreeBSD &rel.current;, the FreeBSD
+ Ports Collection takes up about &ports.size; of disk space.
+ You can safely assume a larger value for more recent versions
+ of FreeBSD.</para>
+
+<screen> User Confirmation Requested
+ Would you like to install the FreeBSD ports collection?
+
+ This will give you ready access to over &os.numports; ported software packages,
+ at a cost of around &ports.size; of disk space when "clean" and possibly much
+ more than that if a lot of the distribution tarballs are loaded
+ (unless you have the extra CDs from a FreeBSD CD/DVD distribution
+ available and can mount it on /cdrom, in which case this is far less
+ of a problem).
+
+ The Ports Collection is a very valuable resource and well worth having
+ on your /usr partition, so it is advisable to say Yes to this option.
+
+ For more information on the Ports Collection & the latest ports,
+ visit:
+ http://www.FreeBSD.org/ports
+
+ [ Yes ] No</screen>
+
+ <para>Select &gui.yes; with the arrow keys to
+ install the Ports Collection or &gui.no; to
+ skip this option. Press <keycap>Enter</keycap> to continue.
+ The Choose Distributions menu will redisplay.</para>
+
+ <figure id="distribution-set2">
+ <title>Confirm Distributions</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/dist-set2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>If satisfied with the options, select
+ <guimenuitem>Exit</guimenuitem> with the arrow keys, ensure that
+ &gui.ok; is highlighted, and pressing
+ <keycap>Enter</keycap> to continue.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="install-media">
+ <title>Choosing Your Installation Media</title>
+
+ <para>If Installing from a CDROM or DVD, use the arrow keys to highlight
+ <guimenuitem>Install from a FreeBSD CD/DVD</guimenuitem>. Ensure
+ that &gui.ok; is highlighted, then press
+ <keycap>Enter</keycap> to proceed with the installation.</para>
+
+ <para>For other methods of installation, select the appropriate
+ option and follow the instructions.</para>
+
+ <para>Press <keycap>F1</keycap> to display the Online Help for
+ installation media. Press <keycap>Enter</keycap> to return
+ to the media selection menu.</para>
+
+ <figure id="choose-media">
+ <title>Choose Installation Media</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/media" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <note>
+ <title>FTP Installation Modes</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>network</secondary>
+ <tertiary>FTP</tertiary>
+ </indexterm>
+
+ <para>There are three FTP installation modes you can choose from:
+ active FTP, passive FTP, or via a HTTP proxy.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>FTP Active: <guimenuitem>Install from an FTP
+ server</guimenuitem></term>
+
+ <listitem>
+ <para>This option will make all FTP transfers
+ use <quote>Active</quote>
+ mode. This will not work through firewalls, but will
+ often work with older FTP servers that do not support
+ passive mode. If your connection hangs with passive
+ mode (the default), try active!</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>FTP Passive: <guimenuitem>Install from an FTP server through a
+ firewall</guimenuitem></term>
+
+ <listitem>
+ <indexterm>
+ <primary>FTP</primary>
+ <secondary>passive mode</secondary>
+ </indexterm>
+
+ <para>This option instructs <application>sysinstall</application> to use
+ <quote>Passive</quote> mode for all FTP operations.
+ This allows the user to pass through firewalls
+ that do not allow incoming connections on random TCP ports.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>FTP via a HTTP proxy: <guimenuitem>Install from an FTP server
+ through a http proxy</guimenuitem></term>
+
+ <listitem>
+ <indexterm>
+ <primary>FTP</primary>
+ <secondary>via a HTTP proxy</secondary>
+ </indexterm>
+
+ <para>This option instructs <application>sysinstall</application> to use the HTTP
+ protocol (like a web browser) to connect to a proxy
+ for all FTP operations. The proxy will translate
+ the requests and send them to the FTP server.
+ This allows the user to pass through firewalls
+ that do not allow FTP at all, but offer a HTTP
+ proxy.
+ In this case, you have to specify the proxy in
+ addition to the FTP server.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>For a proxy FTP server, you should usually give the name of the
+ server you really want as a part of the username, after an
+ <quote>@</quote> sign. The proxy server then <quote>fakes</quote>
+ the real server. For example, assuming you want to install from
+ <hostid role="fqdn">ftp.FreeBSD.org</hostid>, using the proxy FTP
+ server <hostid role="fqdn">foo.example.com</hostid>, listening on port
+ 1024.</para>
+
+ <para>In this case, you go to the options menu, set the FTP username
+ to <literal>ftp@ftp.FreeBSD.org</literal>, and the password to your
+ email address. As your installation media, you specify FTP (or
+ passive FTP, if the proxy supports it), and the URL
+ <literal>ftp://foo.example.com:1234/pub/FreeBSD</literal>.</para>
+
+ <para>Since <filename>/pub/FreeBSD</filename> from
+ <hostid role="fqdn">ftp.FreeBSD.org</hostid> is proxied under
+ <hostid role="fqdn">foo.example.com</hostid>, you are able to install
+ from <emphasis>that</emphasis> machine (which will fetch the files
+ from <hostid role="fqdn">ftp.FreeBSD.org</hostid> as your
+ installation requests them).</para>
+ </note>
+ </sect1>
+
+ <sect1 id="install-final-warning">
+ <title>Committing to the Installation</title>
+
+ <para>The installation can now proceed if desired. This is also
+ the last chance for aborting the installation to prevent changes
+ to the hard drive.</para>
+
+ <screen> User Confirmation Requested
+ Last Chance! Are you SURE you want to continue the installation?
+
+ If you're running this on a disk with data you wish to save then WE
+ STRONGLY ENCOURAGE YOU TO MAKE PROPER BACKUPS before proceeding!
+
+ We can take no responsibility for lost disk contents!
+
+ [ Yes ] No</screen>
+
+ <para>Select &gui.yes; and press
+ <keycap>Enter</keycap> to proceed.</para>
+
+ <para>The installation time will vary according to the distribution
+ chosen, installation media, and the speed of the computer.
+ There will be a series of
+ messages displayed indicating the status.</para>
+
+ <para>The installation is complete when the following message is
+ displayed:</para>
+
+ <screen> Message
+
+Congratulations! You now have FreeBSD installed on your system.
+
+We will now move on to the final configuration questions.
+For any option you do not wish to configure, simply select No.
+
+If you wish to re-enter this utility after the system is up, you may
+do so by typing: /stand/sysinstall .
+
+ [ OK ]
+
+ [ Press enter to continue ]</screen>
+
+ <para>Press <keycap>Enter</keycap> to proceed with post-installation
+ configurations.</para>
+
+ <para>Selecting &gui.no; and pressing
+ <keycap>Enter</keycap> will abort
+ the installation so no changes will be made to your system. The
+ following message will appear:</para>
+
+ <screen> Message
+Installation complete with some errors. You may wish to scroll
+through the debugging messages on VTY1 with the scroll-lock feature.
+You can also choose "No" at the next prompt and go back into the
+installation menus to retry whichever operations have failed.
+
+ [ OK ]</screen>
+
+ <para>This message is generated because nothing was installed.
+ Pressing <keycap>Enter</keycap> will return to the
+ Main Installation Menu to exit the installation.</para>
+ </sect1>
+
+ <sect1 id="install-post">
+ <title>«áÄò¦w¸Ë</title>
+
+ <para>¦w¸Ë¨t²Î¦¨¥\¤§«á¡A¥i¥H¦b·s¸Ë¦nªº FreeBSD
+ ­«¶}¾÷¤§«e¡A©ÎªÌ¬O¨Æ«á¦A³z¹L <command>sysinstall</command>
+ (&os; 5.2 ¤§«eª©¥»«h¬O <command>/stand/sysinstall</command>) µM«á¿ï¾Ü
+ <guimenuitem>Configure</guimenuitem> ¿ï¶µ¥H¶i¦æ«áÄò³]©w¡C</para>
+
+ <sect2 id="inst-network-dev">
+ <title>Network Device Configuration</title>
+
+ <para>If you previously configured PPP for an FTP install, this screen
+ will not display and can be configured later as described
+ above.</para>
+
+ <para>For detailed information on Local Area Networks and
+ configuring FreeBSD as a gateway/router refer to the
+ <link linkend="advanced-networking">Advanced Networking</link>
+ chapter.</para>
+
+ <screen> User Confirmation Requested
+ Would you like to configure any Ethernet or SLIP/PPP network devices?
+
+ [ Yes ] No</screen>
+
+ <para>To configure a network device, select
+ &gui.yes; and press <keycap>Enter</keycap>.
+ Otherwise, select &gui.no; to continue.</para>
+
+ <figure id="ed-config1">
+ <title>Selecting an Ethernet Device</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/ed0-conf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Select the interface to be configured with the arrow keys and press
+ <keycap>Enter</keycap>.</para>
+
+ <screen> User Confirmation Requested
+ Do you want to try IPv6 configuration of the interface?
+
+ Yes [ No ]</screen>
+
+ <para>In this private local area network, the current Internet
+ type protocol (<acronym>IPv4</acronym>) was sufficient and &gui.no;
+ was selected with the arrow keys and <keycap>Enter</keycap>
+ pressed.</para>
+
+ <para>If you are connected to an existing <acronym>IPv6</acronym> network
+ with an <acronym>RA</acronym> server, then choose
+ &gui.yes; and press <keycap>Enter</keycap>.
+ It will take several seconds to scan for RA servers.</para>
+
+ <screen> User Confirmation Requested
+ Do you want to try DHCP configuration of the interface?
+
+ Yes [ No ]</screen>
+
+ <para>If DHCP (Dynamic Host Configuration Protocol) is not required
+ select &gui.no; with the arrow keys and press
+ <keycap>Enter</keycap>.</para>
+
+ <para>Selecting &gui.yes; will execute
+ <application>dhclient</application>, and if successful, will fill
+ in the network configuration information automatically. Refer to
+ <xref linkend="network-dhcp"> for more information.</para>
+
+ <para>The following Network Configuration screen shows the
+ configuration of the Ethernet device for a system that will act
+ as the gateway for a Local Area Network.</para>
+
+ <figure id="ed-config2">
+ <title>Set Network Configuration for ed0</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/ed0-conf2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Use <keycap>Tab</keycap> to select the information fields and
+ fill in appropriate information:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Host</term>
+
+ <listitem>
+ <para>The fully-qualified hostname, such as <hostid role="fqdn">k6-2.example.com</hostid> in
+ this case.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Domain</term>
+
+ <listitem>
+ <para>The name of the domain that your machine is
+ in, such as <hostid role="domainname">example.com</hostid> for this case.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>IPv4 Gateway</term>
+
+ <listitem>
+ <para>IP address of host forwarding packets to non-local
+ destinations. You must fill this in if the machine is a node
+ on the network. <emphasis>Leave this field blank</emphasis>
+ if the machine is the gateway to the Internet for the
+ network. The IPv4 Gateway is also known as the default
+ gateway or default route.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Name server</term>
+
+ <listitem>
+ <para>IP address of your local DNS server. There is no local
+ DNS server on this private local area network so the IP
+ address of the provider's DNS server
+ (<hostid role="ipaddr">208.163.10.2</hostid>) was used.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>IPv4 address</term>
+
+ <listitem>
+ <para>The IP address to be used for this interface was
+ <hostid role="ipaddr">192.168.0.1</hostid></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Netmask</term>
+
+ <listitem>
+ <para>The address block being used for this local area
+ network is a Class C block
+ (<hostid role="ipaddr">192.168.0.0</hostid> -
+ <hostid role="ipaddr">192.168.255.255</hostid>).
+ The default netmask is for a Class C network
+ (<hostid role="netmask">255.255.255.0</hostid>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Extra options to ifconfig</term>
+
+ <listitem>
+ <para>Any interface-specific options to <command>ifconfig</command>
+ you would like to add. There were none in this case.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ <para>Use <keycap>Tab</keycap> to select &gui.ok;
+ when finished and press <keycap>Enter</keycap>.</para>
+
+
+ <screen> User Confirmation Requested
+ Would you like to Bring Up the ed0 interface right now?
+
+ [ Yes ] No</screen>
+
+ <para>Choosing &gui.yes; and pressing
+ <keycap>Enter</keycap> will bring
+ the machine up on the network and be ready for use. However,
+ this does not accomplish much during installation, since
+ the machine still needs to be rebooted.</para>
+ </sect2>
+
+ <sect2 id="gateway">
+ <title>Configure Gateway</title>
+
+ <screen> User Confirmation Requested
+ Do you want this machine to function as a network gateway?
+
+ [ Yes ] No</screen>
+
+ <para>If the machine will be acting as the gateway for a local area
+ network and forwarding packets between other machines then select
+ &gui.yes; and press <keycap>Enter</keycap>.
+ If the machine is a node on a network then
+ select &gui.no; and press
+ <keycap>Enter</keycap> to continue.</para>
+ </sect2>
+
+ <sect2 id="inetd-services">
+ <title>Configure Internet Services</title>
+
+ <screen> User Confirmation Requested
+Do you want to configure inetd and the network services that it provides?
+
+ Yes [ No ]</screen>
+
+ <para>If &gui.no; is selected, various services
+ such <application>telnetd</application> will not be enabled. This
+ means that remote users will not be able to
+ <application>telnet</application> into this machine. Local users
+ will be still be able to access remote machines with
+ <application>telnet</application>.</para>
+
+ <para>These services can be enabled after installation by editing
+ <filename>/etc/inetd.conf</filename> with your favorite text editor.
+ See <xref linkend="network-inetd-overview"> for more information.</para>
+
+ <para>Select &gui.yes; if you wish to
+ configure these services during install. An additional
+ confirmation will display:</para>
+
+ <screen> User Confirmation Requested
+The Internet Super Server (inetd) allows a number of simple Internet
+services to be enabled, including finger, ftp and telnetd. Enabling
+these services may increase risk of security problems by increasing
+the exposure of your system.
+
+With this in mind, do you wish to enable inetd?
+
+ [ Yes ] No</screen>
+
+ <para>Select &gui.yes; to continue.</para>
+
+ <screen> User Confirmation Requested
+inetd(8) relies on its configuration file, /etc/inetd.conf, to determine
+which of its Internet services will be available. The default FreeBSD
+inetd.conf(5) leaves all services disabled by default, so they must be
+specifically enabled in the configuration file before they will
+function, even once inetd(8) is enabled. Note that services for
+IPv6 must be separately enabled from IPv4 services.
+
+Select [Yes] now to invoke an editor on /etc/inetd.conf, or [No] to
+use the current settings.
+
+ [ Yes ] No</screen>
+
+ <para>Selecting &gui.yes; will allow adding
+ services by deleting the <literal>#</literal> at the beginning
+ of a line.</para>
+
+ <figure id="inetd-edit">
+ <title>Editing <filename>inetd.conf</filename></title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/edit-inetd-conf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>After adding the desired services, pressing <keycap>Esc</keycap>
+ will display a menu which will allow exiting and saving
+ the changes.</para>
+
+ </sect2>
+
+ <sect2 id="ftpanon">
+ <title>Anonymous FTP</title>
+
+ <indexterm>
+ <primary>FTP</primary>
+ <secondary>anonymous</secondary>
+ </indexterm>
+
+ <screen> User Confirmation Requested
+ Do you want to have anonymous FTP access to this machine?
+
+ Yes [ No ]</screen>
+
+ <sect3 id="deny-anon">
+ <title>Deny Anonymous FTP</title>
+
+ <para>Selecting the default &gui.no; and pressing
+ <keycap>Enter</keycap> will still allow users who have accounts
+ with passwords to use FTP to access the machine.</para>
+ </sect3>
+
+ <sect3 id="ftpallow">
+ <title>Allow Anonymous FTP</title>
+
+ <para>Anyone can access your machine if you elect to allow
+ anonymous FTP connections. The security implications should be
+ considered before enabling this option. For more information
+ about security see <xref linkend="security">.</para>
+
+ <para>To allow anonymous FTP, use the arrow keys to select
+ &gui.yes; and press <keycap>Enter</keycap>.
+ The following screen (or similar) will display:</para>
+
+ <figure id="anon-ftp2">
+ <title>Default Anonymous FTP Configuration</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/ftp-anon1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Pressing <keycap>F1</keycap> will display the help:</para>
+
+ <screen>This screen allows you to configure the anonymous FTP user.
+
+The following configuration values are editable:
+
+UID: The user ID you wish to assign to the anonymous FTP user.
+ All files uploaded will be owned by this ID.
+
+Group: Which group you wish the anonymous FTP user to be in.
+
+Comment: String describing this user in /etc/passwd
+
+
+FTP Root Directory:
+
+ Where files available for anonymous FTP will be kept.
+
+Upload subdirectory:
+
+ Where files uploaded by anonymous FTP users will go.</screen>
+
+ <para>The ftp root directory will be put in <filename>/var</filename>
+ by default. If you do not have enough room there for the
+ anticipated FTP needs, the <filename>/usr</filename> directory
+ could be used by setting the FTP Root Directory to
+ <filename>/usr/ftp</filename>.</para>
+
+ <para>When you are satisfied with the values, press
+ <keycap>Enter</keycap> to continue.</para>
+
+ <screen> User Confirmation Requested
+ Create a welcome message file for anonymous FTP users?
+
+ [ Yes ] No</screen>
+
+ <para>If you select &gui.yes; and press
+ <keycap>Enter</keycap>, an editor will automatically start
+ allowing you to edit the message.</para>
+
+ <figure id="anon-ftp4">
+ <title>Edit the FTP Welcome Message</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/ftp-anon2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>This is a text editor called <command>ee</command>. Use the
+ instructions to change the message or change the message later
+ using a text editor of your choice. Note the file name/location
+ at the bottom of the editor screen.</para>
+
+ <para>Press <keycap>Esc</keycap> and a pop-up menu will default
+ to <guimenuitem>a) leave editor</guimenuitem>. Press
+ <keycap>Enter</keycap> to exit and continue. Press
+ <keycap>Enter</keycap> again to save changes if you made
+ any.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="nfsconf">
+ <title>Configure Network File System</title>
+
+ <para>Network File System (NFS) allows sharing of files across a
+ network. A machine can be configured as a server, a client, or
+ both. Refer to <xref linkend="network-nfs"> for a more information.</para>
+
+ <sect3 id="nsf-server-options">
+ <title>NFS Server</title>
+
+ <screen> User Confirmation Requested
+ Do you want to configure this machine as an NFS server?
+
+ Yes [ No ]</screen>
+
+ <para>If there is no need for a Network File System server,
+ select &gui.no; and press
+ <keycap>Enter</keycap>.</para>
+
+ <para>If &gui.yes; is chosen, a message will
+ pop-up indicating that the <filename>exports</filename> file must be
+ created.</para>
+
+ <screen> Message
+Operating as an NFS server means that you must first configure an
+/etc/exports file to indicate which hosts are allowed certain kinds of
+access to your local filesystems.
+Press [Enter] now to invoke an editor on /etc/exports
+ [ OK ]</screen>
+
+ <para>Press <keycap>Enter</keycap> to continue. A text editor will
+ start allowing the <filename>exports</filename> file to be created
+ and edited.</para>
+
+ <figure id="nfs-server-edit">
+ <title>Editing <filename>exports</filename></title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/nfs-server-edit" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Use the instructions to add the actual exported filesystems
+ now or later using a text editor of your choice. Note the
+ file name/location at the bottom of the editor screen.</para>
+
+ <para>Press <keycap>Esc</keycap> and a pop-up menu will default to
+ <guimenuitem>a) leave editor</guimenuitem>. Press
+ <keycap>Enter</keycap> to exit and continue.</para>
+ </sect3>
+
+ <sect3 id="nfs-client-options">
+ <title>NFS Client</title>
+
+ <para>The NFS client allows your machine to access NFS servers.</para>
+
+ <screen> User Confirmation Requested
+ Do you want to configure this machine as an NFS client?
+
+ Yes [ No ]</screen>
+
+ <para>With the arrow keys, select &gui.yes;
+ or &gui.no; as appropriate and
+ press <keycap>Enter</keycap>.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="securityprofile">
+ <title>Security Profile</title>
+
+ <para>A <quote>security profile</quote> is a set of
+ configuration options that attempts to achieve the desired
+ ratio of security to convenience by enabling and disabling
+ certain programs and other settings. The more severe the
+ security profile, the fewer programs will be enabled by
+ default. This is one of the basic principles of security: do
+ not run anything except what you must.</para>
+
+ <para>Please note that the security profile is just a default
+ setting. All programs can be enabled and disabled after you
+ have installed FreeBSD by editing or adding the appropriate
+ line(s) to <filename>/etc/rc.conf</filename>. For more
+ information, please see the &man.rc.conf.5; manual
+ page.</para>
+
+ <para>The following table describes what each of the security
+ profiles does. The columns are the choices you have for a
+ security profile, and the rows are the program or feature that
+ the profile enables or disables.</para>
+
+ <table>
+ <title>Possible Security Profiles</title>
+
+ <tgroup cols=3>
+ <thead>
+ <row>
+ <entry></entry>
+
+ <entry>Extreme</entry>
+
+ <entry>Moderate</entry>
+ </row>
+ </thead>
+
+ <tbody>
+
+ <row>
+ <entry>&man.sendmail.8;</entry>
+
+ <entry>NO</entry>
+
+ <entry>YES</entry>
+ </row>
+
+ <row>
+ <entry>&man.sshd.8;</entry>
+
+ <entry>NO</entry>
+
+ <entry>YES</entry>
+ </row>
+
+ <row>
+ <entry>&man.portmap.8;</entry>
+
+ <entry>NO</entry>
+
+ <entry>MAYBE
+ <footnote>
+ <para>The portmapper is enabled if the machine has
+ been configured as an NFS client or server earlier
+ in the installation.</para>
+ </footnote>
+ </entry>
+ </row>
+
+ <row>
+ <entry>NFS server</entry>
+
+ <entry>NO</entry>
+
+ <entry>YES</entry>
+ </row>
+
+ <row>
+ <entry>&man.securelevel.8;</entry>
+
+ <entry>YES
+ <footnote>
+ <para>If you choose a security profile that sets the
+ securelevel to <quote>Extreme</quote> or
+ <quote>High</quote>, you must be aware of the
+ implications. Please read the &man.init.8;
+ manual page and pay particular attention to the
+ meanings of the security levels, or you may have
+ significant trouble later!</para>
+ </footnote>
+ </entry>
+
+ <entry>NO</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <screen> User Confirmation Requested
+ Do you want to select a default security profile for this host (select
+ No for "medium" security)?
+
+ [ Yes ] No</screen>
+
+ <para>Selecting &gui.no; and pressing
+ <keycap>Enter</keycap> will set the security profile to medium.</para>
+
+ <para>Selecting &gui.yes; and pressing
+ <keycap>Enter</keycap> will allow selecting a different security
+ profile.</para>
+
+ <figure id="security-profile">
+ <title>Security Profile Options</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/security" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Press <keycap>F1</keycap> to display the help. Press
+ <keycap>Enter</keycap> to return to selection menu.</para>
+
+ <para>Use the arrow keys to choose <guimenuitem>Medium</guimenuitem>
+ unless your are sure that another level is required for your needs.
+ With &gui.ok; highlighted, press
+ <keycap>Enter</keycap>.</para>
+
+ <para>An appropriate confirmation message will display depending on
+ which security setting was chosen.</para>
+
+ <screen> Message
+
+Moderate security settings have been selected.
+
+Sendmail and SSHd have been enabled, securelevels are
+disabled, and NFS server setting have been left intact.
+PLEASE NOTE that this still does not save you from having
+to properly secure your system in other ways or exercise
+due diligence in your administration, this simply picks
+a standard set of out-of-box defaults to start with.
+
+To change any of these settings later, edit /etc/rc.conf
+
+ [OK]</screen>
+
+ <screen> Message
+
+Extreme security settings have been selected.
+
+Sendmail, SSHd, and NFS services have been disabled, and
+securelevels have been enabled.
+PLEASE NOTE that this still does not save you from having
+to properly secure your system in other ways or exercise
+due diligence in your administration, this simply picks
+a more secure set of out-of-box defaults to start with.
+
+To change any of these settings later, edit /etc/rc.conf
+
+ [OK]</screen>
+
+ <para>Press <keycap>Enter</keycap> to continue with the
+ post-installation configuration.</para>
+
+ <warning>
+ <para>The security profile is not a silver bullet! Even if
+ you use the extreme setting, you need to keep up with
+ security issues by reading an appropriate mailing
+ list (<xref linkend="eresources-mail">),
+ using good passwords and passphrases, and
+ generally adhering to good security practices. It simply
+ sets up the desired security to convenience ratio out of the
+ box.</para>
+ </warning>
+
+ </sect2>
+
+ <sect2 id="console">
+ <title>System Console Settings</title>
+
+ <para>There are several options available to customize the system
+ console.</para>
+
+ <screen> User Confirmation Requested
+ Would you like to customize your system console settings?
+
+ [ Yes ] No</screen>
+
+ <para>To view and configure the options, select
+ &gui.yes; and press
+ <keycap>Enter</keycap>.</para>
+
+ <figure id="saver-options">
+ <title>System Console Configuration Options</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/console-saver1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>A commonly used option is the screen saver. Use the arrow keys
+ to select <guimenuitem>Saver</guimenuitem> and then press
+ <keycap>Enter</keycap>.</para>
+
+ <figure id="saver-select">
+ <title>Screen Saver Options</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/console-saver2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Select the desired screen saver using the arrow keys
+ and then press <keycap>Enter</keycap>. The System Console
+ Configuration menu will redisplay.</para>
+
+ <para>The default time interval is 300 seconds. To change the time
+ interval, select <guimenuitem>Saver</guimenuitem> again. At the
+ Screen Saver Options menu, select <guimenuitem>Timeout</guimenuitem>
+ using the arrow keys and press <keycap>Enter</keycap>. A pop-up
+ menu will appear:</para>
+
+ <figure id="saver-timeout">
+ <title>Screen Saver Timeout</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/console-saver3" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The value can be changed, then select &gui.ok;
+ and press <keycap>Enter</keycap> to return to the System Console
+ Configuration menu.</para>
+
+ <figure id="saver-exit">
+ <title>System Console Configuration Exit</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/console-saver4" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Selecting <guimenuitem>Exit</guimenuitem> and pressing
+ <keycap>Enter</keycap> will continue with the post-installation
+ configurations.</para>
+ </sect2>
+
+ <sect2 id="timezone">
+ <title>Setting the Time Zone</title>
+
+ <para>Setting the time zone for your machine will allow it to
+ automatically correct for any regional time changes and perform
+ other time zone related functions properly.</para>
+
+ <para>The example shown is for a machine located in the Eastern
+ time zone of the United States. Your selections will vary according
+ to your geographical location.</para>
+
+ <screen> User Confirmation Requested
+ Would you like to set this machine's time zone now?
+
+ [ Yes ] No</screen>
+
+ <para>Select &gui.yes; and press
+ <keycap>Enter</keycap> to set the time zone.</para>
+
+ <screen> User Confirmation Requested
+ Is this machine's CMOS clock set to UTC? If it is set to local time
+ or you don't know, please choose NO here!
+
+ Yes [ No ]</screen>
+
+ <para>Select &gui.yes;
+ or &gui.no; according to how the machine's
+ clock is configured and press <keycap>Enter</keycap>.</para>
+
+ <figure id="set-timezone-region">
+ <title>Select Your Region</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/timezone1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The appropriate region is selected using the arrow keys
+ and then pressing <keycap>Enter</keycap>.</para>
+
+ <figure id="set-timezone-country">
+ <title>Select Your Country</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/timezone2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Select the appropriate country using the arrow keys
+ and press <keycap>Enter</keycap>.</para>
+
+ <figure id="set-timezone-locality">
+ <title>Select Your Time Zone</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/timezone3" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The appropriate time zone is selected using the arrow
+ keys and pressing <keycap>Enter</keycap>.</para>
+
+ <screen> Confirmation
+ Does the abbreviation 'EDT' look reasonable?
+
+ [ Yes ] No</screen>
+
+ <para>Confirm the abbreviation for the time zone is correct.
+ If it looks okay, press <keycap>Enter</keycap> to continue with
+ the post-installation configuration.</para>
+ </sect2>
+
+ <sect2 id="linuxcomp">
+ <title>Linux Compatibility</title>
+
+ <screen> User Confirmation Requested
+ Would you like to enable Linux binary compatibility?
+
+ [ Yes ] No</screen>
+
+ <para>Selecting &gui.yes; and pressing
+ <keycap>Enter</keycap> will allow
+ running Linux software on FreeBSD. The install will add
+ the appropriate packages for Linux compatibility.</para>
+
+ <para>If installing by FTP, the machine will need to be connected to
+ the Internet. Sometimes a remote ftp site will not have all the
+ distributions like the Linux binary compatibility. This can
+ be installed later if necessary.</para>
+ </sect2>
+
+ <sect2 id="mouse">
+ <title>Mouse Settings</title>
+
+ <para>This option will allow you to cut and paste text in the
+ console and user programs with a 3-button mouse. If using a 2-button
+ mouse, refer to manual page, &man.moused.8;, after installation for
+ details on emulating the 3-button style. This example depicts a
+ non-USB mouse configuration (such as a PS/2 or COM port mouse):</para>
+
+ <screen> User Confirmation Requested
+ Does this system have a non-USB mouse attached to it?
+
+ [ Yes ] No </screen>
+
+ <para>Select &gui.yes; for a non-USB mouse or
+ &gui.no; for a USB mouse and press
+ <keycap>Enter</keycap>.</para>
+
+ <figure id="mouse-protocol">
+ <title>Select Mouse Protocol Type</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mouse1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Use the arrow keys to select <guimenuitem>Type</guimenuitem> and
+ press <keycap>Enter</keycap>.</para>
+
+ <figure id="set-mouse-protocol">
+ <title>Set Mouse Protocol</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mouse2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The mouse used in this example is a PS/2 type, so the default
+ <guimenuitem>Auto</guimenuitem> was appropriate. To change protocol,
+ use the arrow keys to select another option. Ensure that &gui.ok; is
+ highlighted and press <keycap>Enter</keycap> to exit this menu.</para>
+
+ <figure id="config-mouse-port">
+ <title>Configure Mouse Port</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mouse3" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Use the arrow keys to select <guimenuitem>Port</guimenuitem> and
+ press <keycap>Enter</keycap>.</para>
+
+ <figure id="set-mouse-port">
+ <title>Setting the Mouse Port</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mouse4" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>This system had a PS/2 mouse, so the default
+ <guimenuitem>PS/2</guimenuitem> was appropriate. To change the port,
+ use the arrow keys and then press <keycap>Enter</keycap>.</para>
+
+ <figure id="test-daemon">
+ <title>Enable the Mouse Daemon</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mouse5" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Last, use the arrow keys to select
+ <guimenuitem>Enable</guimenuitem>, and press
+ <keycap>Enter</keycap> to enable and test the mouse
+ daemon.</para>
+
+
+ <figure id="test-mouse-daemon">
+ <title>Test the Mouse Daemon</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mouse6" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Move the mouse around the screen and verify the cursor
+ shown responds properly. If it does, select
+ &gui.yes; and press <keycap>Enter</keycap>. If
+ not, the mouse has not been configured correctly &mdash; select
+ &gui.no; and try using different configuration
+ options.</para>
+
+ <para>Select <guimenuitem>Exit</guimenuitem> with the arrow keys
+ and press <keycap>Enter</keycap> to return to continue with the
+ post-installation configuration.</para>
+ </sect2>
+
+ <sect2 id="network-services">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>Configure Additional Network Services</title>
+
+ <para>Configuring network services can be a daunting
+ task for new users if they lack previous
+ knowledge in this area. Networking, including the Internet,
+ is critical to all modern operating systems including &os;;
+ as a result, it is very useful to have some understanding
+ &os;'s extensive networking capabilities. Doing this
+ during the installation will ensure users have some
+ understanding of the various services available to them.</para>
+
+ <para>Network services are programs that accept input from
+ anywhere on the network. Every effort is made to make sure
+ these programs will not do anything <quote>harmful</quote>.
+ Unfortunately, programmers are not perfect and through time
+ there have been cases where bugs in network services have been
+ exploited by attackers to do bad things. It is important that
+ you only enable the network services you know that you need. If
+ in doubt it is best if you do not enable a network service until
+ you find out that you do need it. You can always enable it
+ later by re-running <application>sysinstall</application> or by
+ using the features provided by the
+ <filename>/etc/rc.conf</filename> file.</para>
+
+ <para>Selecting the <guimenu>Networking</guimenu> option will display
+ a menu similar to the one below:</para>
+
+ <figure id="network-configuration">
+ <title>Network Configuration Upper-level</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/net-config-menu1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The first option, <guimenuitem>Interfaces</guimenuitem>, was previously covered during
+ the <xref linkend="inst-network-dev">, thus this option can
+ safely be ignored.</para>
+
+ <para>Selecting the <guimenuitem>AMD</guimenuitem> option adds
+ support for the <acronym>BSD</acronym> automatic mount utility.
+ This is usually used in conjunction with the
+ <acronym>NFS</acronym> protocol (see below)
+ for automatically mounting remote file systems.
+ No special configuration is required here.</para>
+
+ <para>Next in line is the <guimenuitem>AMD Flags</guimenuitem>
+ option. When selected, a menu will pop up for you
+ to enter specific <acronym>AMD</acronym> flags.
+ The menu already contains a set of default options:</para>
+
+ <screen>-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map</screen>
+
+ <para>The <option>-a</option> option sets the default mount
+ location which is specified here as
+ <filename>/.amd_mnt</filename>. The <option>-l</option>
+ option specifies the default <filename>log</filename> file;
+ however, when <literal>syslogd</literal> is used all log
+ activity will be sent to the system log daemon. The
+ <filename class="directory">/host</filename> directory is used
+ to mount an exported file system from a remote
+ host, while <filename class="directory">/net</filename>
+ directory is used to mount an exported file system from an
+ <acronym>IP</acronym> address. The
+ <filename>/etc/amd.map</filename> file defines the default
+ options for <acronym>AMD</acronym> exports.</para>
+
+ <indexterm>
+ <primary>FTP</primary>
+ <secondary>anonymous</secondary>
+ </indexterm>
+
+ <para>The <guimenuitem>Anon FTP</guimenuitem> option permits anonymous
+ <acronym>FTP</acronym> connections. Select this option to
+ make this machine an anonymous <acronym>FTP</acronym> server.
+ Be aware of the security risks involved with this option.
+ Another menu will be displayed to explain the security risks
+ and configuration in depth.</para>
+
+ <para>The <guimenuitem>Gateway</guimenuitem> configuration menu will set
+ the machine up to be a gateway as explained previously. This
+ can be used to unset the <guimenuitem>Gateway</guimenuitem> option if you accidentally
+ selected it during the installation process.</para>
+
+ <para>The <guimenuitem>Inetd</guimenuitem> option can be used to configure
+ or completely disable the &man.inetd.8; daemon as discussed
+ above.</para>
+
+ <para>The <guimenuitem>Mail</guimenuitem> option is used to configure the system's
+ default <acronym>MTA</acronym> or Mail Transfer Agent.
+ Selecting this option will bring up the following menu:</para>
+
+ <figure id="mta-selection">
+ <title>Select a default MTA</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mta-main" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Here you are offered a choice as to which
+ <acronym>MTA</acronym> to install
+ and set as the default. An <acronym>MTA</acronym> is nothing
+ more than a mail server which delivers email to users on the
+ system or the Internet.</para>
+
+ <para>Selecting <guimenuitem>Sendmail</guimenuitem> will install
+ the popular <application>sendmail</application> server which
+ is the &os; default. The <guimenuitem>Sendmail local</guimenuitem> option
+ will set <application>sendmail</application> to be the default
+ <acronym>MTA</acronym>, but disable its ability to receive
+ incoming email from the Internet. The other options here,
+ <guimenuitem>Postfix</guimenuitem> and
+ <guimenuitem>Exim</guimenuitem> act similar to
+ <guimenuitem>Sendmail</guimenuitem>. They both deliver
+ email; however, some users prefer these alternatives to the
+ <application>sendmail</application>
+ <acronym>MTA</acronym>.</para>
+
+ <para>After selecting an <acronym>MTA</acronym>, or choosing
+ not to select an MTA, the network configuration menu will appear
+ with the next option being <guimenuitem>NFS client</guimenuitem>.</para>
+
+ <para>The <guimenuitem>NFS client</guimenuitem> option will
+ configure the system to communicate with a server via
+ <acronym>NFS</acronym>. An <acronym>NFS</acronym> server
+ makes file systems available to other machines on the
+ network via the <acronym>NFS</acronym> protocol. If this is
+ a stand alone machine, this option can remain unselected.
+ The system may require more configuration later; see
+ <xref linkend="network-nfs"> for more
+ information about client and server configuration.</para>
+
+ <para>Below that option is the <guimenuitem>NFS server</guimenuitem>
+ option, permitting you to set the system up as an
+ <acronym>NFS</acronym> server. This adds the required
+ information to start up the <acronym>RPC</acronym> remote
+ procedure call services. <acronym>RPC</acronym> is used to
+ coordinate connections between hosts and programs.</para>
+
+ <para>Next in line is the <guimenuitem>Ntpdate</guimenuitem> option,
+ which deals with time synchronization. When selected, a menu
+ like the one below shows up:</para>
+
+ <figure id="Ntpdate-config">
+ <title>Ntpdate Configuration</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/ntp-config" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>From this menu, select the server which is the closest
+ to your location. Selecting a close one will make the time
+ synchronization more accurate as a server further from your
+ location may have more connection latency.</para>
+
+ <para>The next option is the <acronym>PCNFSD</acronym> selection.
+ This option will install the
+ <filename role="package">net/pcnfsd</filename> package from
+ the Ports Collection. This is a useful utility which provides
+ <acronym>NFS</acronym> authentication services for systems which
+ are unable to provide their own, such as Microsoft's
+ &ms-dos; operating system.</para>
+
+ <para>Now you must scroll down a bit to see the other
+ options:</para>
+
+ <figure id="Network-configuration-cont">
+ <title>Network Configuration Lower-level</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/net-config-menu2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The &man.rpcbind.8;, &man.rpc.statd.8;, and
+ &man.rpc.lockd.8; utilities are all used for Remote Procedure
+ Calls (<acronym>RPC</acronym>).
+ The <command>rpcbind</command> utility manages communication
+ between <acronym>NFS</acronym> servers and clients, and is
+ required for <acronym>NFS</acronym> servers to operate
+ correctly. The <application>rpc.statd</application> daemon interacts
+ with the <application>rpc.statd</application> daemon on other hosts to
+ provide status monitoring. The reported status is usually held
+ in the <filename>/var/db/statd.status</filename> file. The
+ next option listed here is the <guimenuitem>rpc.lockd</guimenuitem>
+ option, which, when selected, will provide file locking
+ services. This is usually used with
+ <application>rpc.statd</application> to monitor what hosts are
+ requesting locks and how frequently they request them.
+ While these last two options are marvelous for debugging, they
+ are not required for <acronym>NFS</acronym> servers and clients
+ to operate correctly.</para>
+
+ <para>As you progress down the list the next item here is
+ <guimenuitem>Routed</guimenuitem>, which is the routing daemon. The
+ &man.routed.8; utility manages network routing tables,
+ discovers multicast routers, and supplies a copy of the routing
+ tables to any physically connected host on the network upon
+ request. This is mainly used for machines which act as a
+ gateway for the local network. When selected, a menu will be
+ presented requesting the default location of the utility.
+ The default location is already defined for you and can be
+ selected with the <keycap>Enter</keycap> key. You will then
+ be presented with yet another menu, this time asking for the
+ flags you wish to pass on to <application>routed</application>. The
+ default is <option>-q</option> and it should already appear
+ on the screen.</para>
+
+ <para>Next in line is the <guimenuitem>Rwhod</guimenuitem> option which,
+ when selected, will start the &man.rwhod.8; daemon
+ during system initialization. The <command>rwhod</command>
+ utility broadcasts system messages across the network
+ periodically, or collects them when in <quote>consumer</quote>
+ mode. More information can be found in the &man.ruptime.1; and
+ &man.rwho.1; manual pages.</para>
+
+ <para>The next to the last option in the list is for the
+ &man.sshd.8; daemon. This is the secure shell server for
+ <application>OpenSSH</application> and it is highly recommended
+ over the standard <application>telnet</application> and
+ <acronym>FTP</acronym> servers. The <application>sshd</application>
+ server is used to create a secure connection from one host to
+ another by using encrypted connections.</para>
+
+ <para>Finally there is the <guimenuitem>TCP Extensions</guimenuitem>
+ option. This enables the <acronym>TCP</acronym> Extensions
+ defined in <acronym>RFC</acronym>&nbsp;1323 and
+ <acronym>RFC</acronym>&nbsp;1644. While on many hosts this can
+ speed up connections, it can also cause some connections to be
+ dropped. It is not recommended for servers, but may be
+ beneficial for stand alone machines.</para>
+
+ <para>Now that you have configured the network services, you can
+ scroll up to the very top item which is <guimenuitem>Exit</guimenuitem>
+ and continue on to the next configuration section.</para>
+
+ </sect2>
+
+ <sect2 id="x-server">
+ <title>Configure X Server</title>
+
+ <note>
+ <para>As of &os;&nbsp;5.3-RELEASE, the X server configuration
+ facility has been removed from
+ <application>sysinstall</application>, you have to install
+ and configure the X server after the installation of &os;.
+ More information regarding the installation and the
+ configuration of a X server can be found in <xref
+ linkend="x11">. You can skip this section if you are not
+ installing a &os; version prior to 5.3-RELEASE.</para>
+ </note>
+
+ <para>In order to use a graphical user interface such as
+ <application>KDE</application>, <application>GNOME</application>,
+ or others, the X server will need to be configured.</para>
+
+ <note>
+ <para>In order to run <application>&xfree86;</application> as a
+ non <username>root</username> user you will need to
+ have <filename role="package">x11/wrapper</filename> installed.
+ This is installed by default beginning with FreeBSD 4.7. For
+ earlier versions this can be added
+ from the Package Selection menu.</para>
+ </note>
+
+ <para>To see whether your video card is supported, check the
+ <ulink url="http://www.xfree86.org/">&xfree86;</ulink> web site.</para>
+
+ <screen> User Confirmation Requested
+ Would you like to configure your X server at this time?
+
+ [ Yes ] No</screen>
+
+ <warning>
+ <para>It is necessary to know your monitor specifications and
+ video card information. Equipment damage can occur if settings
+ are incorrect. If you do not have this information, select
+ &gui.no; and perform the configuration
+ after installation when you have the information using
+ <command>sysinstall</command> (<command>/stand/sysinstall</command>
+ in &os; versions older than 5.2), selecting
+ <guimenuitem>Configure</guimenuitem> and then
+ <guimenuitem>XFree86</guimenuitem>. Improper configuration
+ of the X server at this time can leave the machine in a
+ frozen state. It is often advised to configure the X server
+ once the installation has completed.
+ </para>
+ </warning>
+
+ <para>If you have graphics card and monitor information, select
+ &gui.yes; and press <keycap>Enter</keycap>
+ to proceed with configuring the X server.</para>
+
+ <figure id="xserver2">
+ <title>Select Configuration Method Menu</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/xf86setup" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>There are several ways to configure the X server.
+ Use the arrow keys to select one of the methods and press
+ <keycap>Enter</keycap>. Be sure to read all instructions
+ carefully.</para>
+
+ <para>The <application>xf86cfg</application> and
+ <application>xf86cfg -textmode</application> methods may make the screen
+ go dark and take a few seconds to start. Be patient.</para>
+
+
+ <para>The following will illustrate the use of the
+ <application>xf86config</application> configuration tool. The
+ configuration choices you make will depend on the hardware in the
+ system so your choices will probably be different than those
+ shown:</para>
+
+ <screen> Message
+ You have configured and been running the mouse daemon.
+ Choose "/dev/sysmouse" as the mouse port and "SysMouse" or
+ "MouseSystems" as the mouse protocol in the X configuration utility.
+
+ [ OK ]
+
+ [ Press enter to continue ]</screen>
+
+ <para>This indicates that the mouse daemon previously configured has been
+ detected.
+ Press <keycap>Enter</keycap> to continue.</para>
+
+ <para>Starting <application>xf86config</application> will display
+ a brief introduction:</para>
+
+ <screen>This program will create a basic XF86Config file, based on menu selections you
+make.
+
+The XF86Config file usually resides in /usr/X11R6/etc/X11 or /etc/X11. A sample
+XF86Config file is supplied with XFree86; it is configured for a standard
+VGA card and monitor with 640x480 resolution. This program will ask for a
+pathname when it is ready to write the file.
+
+You can either take the sample XF86Config as a base and edit it for your
+configuration, or let this program produce a base XF86Config file for your
+configuration and fine-tune it.
+
+Before continuing with this program, make sure you know what video card
+you have, and preferably also the chipset it uses and the amount of video
+memory on your video card. SuperProbe may be able to help with this.
+
+Press enter to continue, or ctrl-c to abort.</screen>
+
+ <para>Pressing <keycap>Enter</keycap> will start the mouse
+ configuration. Be sure to follow the instructions and use
+ <quote>Mouse Systems</quote> as the mouse protocol and
+ <filename>/dev/sysmouse</filename> as the mouse port even if
+ using a PS/2 mouse is shown as an illustration.</para>
+
+ <screen>First specify a mouse protocol type. Choose one from the following list:
+
+ 1. Microsoft compatible (2-button protocol)
+ 2. Mouse Systems (3-button protocol) & FreeBSD moused protocol
+ 3. Bus Mouse
+ 4. PS/2 Mouse
+ 5. Logitech Mouse (serial, old type, Logitech protocol)
+ 6. Logitech MouseMan (Microsoft compatible)
+ 7. MM Series
+ 8. MM HitTablet
+ 9. Microsoft IntelliMouse
+
+If you have a two-button mouse, it is most likely of type 1, and if you have
+a three-button mouse, it can probably support both protocol 1 and 2. There are
+two main varieties of the latter type: mice with a switch to select the
+protocol, and mice that default to 1 and require a button to be held at
+boot-time to select protocol 2. Some mice can be convinced to do 2 by sending
+a special sequence to the serial port (see the ClearDTR/ClearRTS options).
+
+Enter a protocol number: 2
+
+You have selected a Mouse Systems protocol mouse. If your mouse is normally
+in Microsoft-compatible mode, enabling the ClearDTR and ClearRTS options
+may cause it to switch to Mouse Systems mode when the server starts.
+
+Please answer the following question with either 'y' or 'n'.
+Do you want to enable ClearDTR and ClearRTS? n
+
+You have selected a three-button mouse protocol. It is recommended that you
+do not enable Emulate3Buttons, unless the third button doesn't work.
+
+Please answer the following question with either 'y' or 'n'.
+Do you want to enable Emulate3Buttons? y
+
+Now give the full device name that the mouse is connected to, for example
+/dev/tty00. Just pressing enter will use the default, /dev/mouse.
+On FreeBSD, the default is /dev/sysmouse.
+
+Mouse device: /dev/sysmouse</screen>
+
+ <para>The keyboard is the next item to be configured. A generic
+ 101-key model is shown for illustration. Any name may be used
+ for the variant or simply press <keycap>Enter</keycap> to accept
+ the default value.</para>
+
+ <screen>Please select one of the following keyboard types that is the better
+description of your keyboard. If nothing really matches,
+choose 1 (Generic 101-key PC)
+
+ 1 Generic 101-key PC
+ 2 Generic 102-key (Intl) PC
+ 3 Generic 104-key PC
+ 4 Generic 105-key (Intl) PC
+ 5 Dell 101-key PC
+ 6 Everex STEPnote
+ 7 Keytronic FlexPro
+ 8 Microsoft Natural
+ 9 Northgate OmniKey 101
+ 10 Winbook Model XP5
+ 11 Japanese 106-key
+ 12 PC-98xx Series
+ 13 Brazilian ABNT2
+ 14 HP Internet
+ 15 Logitech iTouch
+ 16 Logitech Cordless Desktop Pro
+ 17 Logitech Internet Keyboard
+ 18 Logitech Internet Navigator Keyboard
+ 19 Compaq Internet
+ 20 Microsoft Natural Pro
+ 21 Genius Comfy KB-16M
+ 22 IBM Rapid Access
+ 23 IBM Rapid Access II
+ 24 Chicony Internet Keyboard
+ 25 Dell Internet Keyboard
+
+Enter a number to choose the keyboard.
+
+1
+
+
+Please select the layout corresponding to your keyboard
+
+
+ 1 U.S. English
+ 2 U.S. English w/ ISO9995-3
+ 3 U.S. English w/ deadkeys
+ 4 Albanian
+ 5 Arabic
+ 6 Armenian
+ 7 Azerbaidjani
+ 8 Belarusian
+ 9 Belgian
+ 10 Bengali
+ 11 Brazilian
+ 12 Bulgarian
+ 13 Burmese
+ 14 Canadian
+ 15 Croatian
+ 16 Czech
+ 17 Czech (qwerty)
+ 18 Danish
+
+Enter a number to choose the country.
+Press enter for the next page
+
+1
+
+
+Please enter a variant name for 'us' layout. Or just press enter
+for default variant
+
+us
+
+
+Please answer the following question with either 'y' or 'n'.
+Do you want to select additional XKB options (group switcher,
+group indicator, etc.)? n</screen>
+
+ <para>Next, we proceed to the configuration for the monitor. Do not
+ exceed the ratings of your monitor. Damage could occur. If you
+ have any doubts, do the configuration after you have the
+ information.</para>
+
+ <screen>Now we want to set the specifications of the monitor. The two critical
+parameters are the vertical refresh rate, which is the rate at which the
+whole screen is refreshed, and most importantly the horizontal sync rate,
+which is the rate at which scanlines are displayed.
+
+The valid range for horizontal sync and vertical sync should be documented
+in the manual of your monitor. If in doubt, check the monitor database
+/usr/X11R6/lib/X11/doc/Monitors to see if your monitor is there.
+
+Press enter to continue, or ctrl-c to abort.
+
+
+
+You must indicate the horizontal sync range of your monitor. You can either
+select one of the predefined ranges below that correspond to industry-
+standard monitor types, or give a specific range.
+
+It is VERY IMPORTANT that you do not specify a monitor type with a horizontal
+sync range that is beyond the capabilities of your monitor. If in doubt,
+choose a conservative setting.
+
+ hsync in kHz; monitor type with characteristic modes
+ 1 31.5; Standard VGA, 640x480 @ 60 Hz
+ 2 31.5 - 35.1; Super VGA, 800x600 @ 56 Hz
+ 3 31.5, 35.5; 8514 Compatible, 1024x768 @ 87 Hz interlaced (no 800x600)
+ 4 31.5, 35.15, 35.5; Super VGA, 1024x768 @ 87 Hz interlaced, 800x600 @ 56 Hz
+ 5 31.5 - 37.9; Extended Super VGA, 800x600 @ 60 Hz, 640x480 @ 72 Hz
+ 6 31.5 - 48.5; Non-Interlaced SVGA, 1024x768 @ 60 Hz, 800x600 @ 72 Hz
+ 7 31.5 - 57.0; High Frequency SVGA, 1024x768 @ 70 Hz
+ 8 31.5 - 64.3; Monitor that can do 1280x1024 @ 60 Hz
+ 9 31.5 - 79.0; Monitor that can do 1280x1024 @ 74 Hz
+10 31.5 - 82.0; Monitor that can do 1280x1024 @ 76 Hz
+11 Enter your own horizontal sync range
+
+Enter your choice (1-11): 6
+
+You must indicate the vertical sync range of your monitor. You can either
+select one of the predefined ranges below that correspond to industry-
+standard monitor types, or give a specific range. For interlaced modes,
+the number that counts is the high one (e.g. 87 Hz rather than 43 Hz).
+
+ 1 50-70
+ 2 50-90
+ 3 50-100
+ 4 40-150
+ 5 Enter your own vertical sync range
+
+Enter your choice: 2
+
+You must now enter a few identification/description strings, namely an
+identifier, a vendor name, and a model name. Just pressing enter will fill
+in default names.
+
+The strings are free-form, spaces are allowed.
+Enter an identifier for your monitor definition: Hitachi</screen>
+
+ <para>The selection of a video card driver from a list is
+ next. If you pass your card on the list, continue to press
+ <keycap>Enter</keycap> and the list will repeat. Only an
+ excerpt from the list is shown:</para>
+
+ <screen>Now we must configure video card specific settings. At this point you can
+choose to make a selection out of a database of video card definitions.
+Because there can be variation in Ramdacs and clock generators even
+between cards of the same model, it is not sensible to blindly copy
+the settings (e.g. a Device section). For this reason, after you make a
+selection, you will still be asked about the components of the card, with
+the settings from the chosen database entry presented as a strong hint.
+
+The database entries include information about the chipset, what driver to
+run, the Ramdac and ClockChip, and comments that will be included in the
+Device section. However, a lot of definitions only hint about what driver
+to run (based on the chipset the card uses) and are untested.
+
+If you can't find your card in the database, there's nothing to worry about.
+You should only choose a database entry that is exactly the same model as
+your card; choosing one that looks similar is just a bad idea (e.g. a
+GemStone Snail 64 may be as different from a GemStone Snail 64+ in terms of
+hardware as can be).
+
+Do you want to look at the card database? y
+
+
+
+288 Matrox Millennium G200 8MB mgag200
+289 Matrox Millennium G200 SD 16MB mgag200
+290 Matrox Millennium G200 SD 4MB mgag200
+291 Matrox Millennium G200 SD 8MB mgag200
+292 Matrox Millennium G400 mgag400
+293 Matrox Millennium II 16MB mga2164w
+294 Matrox Millennium II 4MB mga2164w
+295 Matrox Millennium II 8MB mga2164w
+296 Matrox Mystique mga1064sg
+297 Matrox Mystique G200 16MB mgag200
+298 Matrox Mystique G200 4MB mgag200
+299 Matrox Mystique G200 8MB mgag200
+300 Matrox Productiva G100 4MB mgag100
+301 Matrox Productiva G100 8MB mgag100
+302 MediaGX mediagx
+303 MediaVision Proaxcel 128 ET6000
+304 Mirage Z-128 ET6000
+305 Miro CRYSTAL VRX Verite 1000
+
+Enter a number to choose the corresponding card definition.
+Press enter for the next page, q to continue configuration.
+
+288
+
+Your selected card definition:
+
+Identifier: Matrox Millennium G200 8MB
+Chipset: mgag200
+Driver: mga
+Do NOT probe clocks or use any Clocks line.
+
+Press enter to continue, or ctrl-c to abort.
+
+
+
+Now you must give information about your video card. This will be used for
+the "Device" section of your video card in XF86Config.
+
+You must indicate how much video memory you have. It is probably a good
+idea to use the same approximate amount as that detected by the server you
+intend to use. If you encounter problems that are due to the used server
+not supporting the amount memory you have (e.g. ATI Mach64 is limited to
+1024K with the SVGA server), specify the maximum amount supported by the
+server.
+
+How much video memory do you have on your video card:
+
+ 1 256K
+ 2 512K
+ 3 1024K
+ 4 2048K
+ 5 4096K
+ 6 Other
+
+Enter your choice: 6
+
+Amount of video memory in Kbytes: 8192
+
+You must now enter a few identification/description strings, namely an
+identifier, a vendor name, and a model name. Just pressing enter will fill
+in default names (possibly from a card definition).
+
+Your card definition is Matrox Millennium G200 8MB.
+
+The strings are free-form, spaces are allowed.
+Enter an identifier for your video card definition:</screen>
+
+ <para>Next, the video modes are set for the resolutions
+ desired. Typically, useful ranges are 640x480, 800x600, and 1024x768
+ but those are a function of video card capability, monitor size,
+ and eye comfort. When selecting a color depth, select the highest
+ mode that your card will support.</para>
+
+ <screen>For each depth, a list of modes (resolutions) is defined. The default
+resolution that the server will start-up with will be the first listed
+mode that can be supported by the monitor and card.
+Currently it is set to:
+
+"640x480" "800x600" "1024x768" "1280x1024" for 8-bit
+"640x480" "800x600" "1024x768" "1280x1024" for 16-bit
+"640x480" "800x600" "1024x768" "1280x1024" for 24-bit
+
+Modes that cannot be supported due to monitor or clock constraints will
+be automatically skipped by the server.
+
+ 1 Change the modes for 8-bit (256 colors)
+ 2 Change the modes for 16-bit (32K/64K colors)
+ 3 Change the modes for 24-bit (24-bit color)
+ 4 The modes are OK, continue.
+
+Enter your choice: 2
+
+Select modes from the following list:
+
+ 1 "640x400"
+ 2 "640x480"
+ 3 "800x600"
+ 4 "1024x768"
+ 5 "1280x1024"
+ 6 "320x200"
+ 7 "320x240"
+ 8 "400x300"
+ 9 "1152x864"
+ a "1600x1200"
+ b "1800x1400"
+ c "512x384"
+
+Please type the digits corresponding to the modes that you want to select.
+For example, 432 selects "1024x768" "800x600" "640x480", with a
+default mode of 1024x768.
+
+Which modes? 432
+
+You can have a virtual screen (desktop), which is screen area that is larger
+than the physical screen and which is panned by moving the mouse to the edge
+of the screen. If you don't want virtual desktop at a certain resolution,
+you cannot have modes listed that are larger. Each color depth can have a
+differently-sized virtual screen
+
+Please answer the following question with either 'y' or 'n'.
+Do you want a virtual screen that is larger than the physical screen? n
+
+
+
+For each depth, a list of modes (resolutions) is defined. The default
+resolution that the server will start-up with will be the first listed
+mode that can be supported by the monitor and card.
+Currently it is set to:
+
+"640x480" "800x600" "1024x768" "1280x1024" for 8-bit
+"1024x768" "800x600" "640x480" for 16-bit
+"640x480" "800x600" "1024x768" "1280x1024" for 24-bit
+
+Modes that cannot be supported due to monitor or clock constraints will
+be automatically skipped by the server.
+
+ 1 Change the modes for 8-bit (256 colors)
+ 2 Change the modes for 16-bit (32K/64K colors)
+ 3 Change the modes for 24-bit (24-bit color)
+ 4 The modes are OK, continue.
+
+Enter your choice: 4
+
+
+
+Please specify which color depth you want to use by default:
+
+ 1 1 bit (monochrome)
+ 2 4 bits (16 colors)
+ 3 8 bits (256 colors)
+ 4 16 bits (65536 colors)
+ 5 24 bits (16 million colors)
+
+Enter a number to choose the default depth.
+
+4</screen>
+
+ <para>Finally, the configuration needs to be saved. Be sure
+ to enter <filename>/etc/X11/XF86Config</filename> as the location
+ for saving the configuration.</para>
+
+ <screen>I am going to write the XF86Config file now. Make sure you don't accidently
+overwrite a previously configured one.
+
+Shall I write it to /etc/X11/XF86Config? y</screen>
+
+ <para>If the configuration fails, you can try the configuration again
+ by selecting &gui.yes; when the following
+ message appears:</para>
+
+ <screen> User Confirmation Requested
+The XFree86 configuration process seems to have
+failed. Would you like to try again?
+
+ [ Yes ] No</screen>
+
+ <para>If you have trouble configuring <application>&xfree86;</application>, select
+ &gui.no; and press <keycap>Enter</keycap>
+ and continue with the installation process. After installation
+ you can use <command>xf86cfg -textmode</command> or
+ <command>xf86config</command> to access the command line
+ configuration utilities as <username>root</username>. There is
+ an additional method for configuring <application>&xfree86;</application> described in
+ <xref linkend="x11">. If you choose not to configure
+ <application>&xfree86;</application> at this time the next menu will be for package
+ selection.</para>
+
+ <para>The default setting which allows the server to be killed
+ is the hotkey sequence <keycombo action='simul'>
+ <keycap>Ctrl</keycap><keycap>Alt</keycap>
+ <keycap>Backspace</keycap></keycombo>. This
+ can be executed if something is wrong with the server settings and
+ prevent hardware damage.</para>
+
+ <para>The default setting that allows video mode switching will
+ permit changing of the mode while running X with the hotkey
+ sequence
+ <keycombo action='simul'>
+ <keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>+</keycap>
+ </keycombo> or
+ <keycombo action='simul'>
+ <keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>-</keycap>
+ </keycombo>.
+ </para>
+
+ <para>After you have <application>&xfree86;</application>
+ running, the display can be adjusted for height, width,
+ or centering by using <application>xvidtune</application>.</para>
+
+ <para>There are warnings that improper settings can
+ damage your equipment. Heed them. If in doubt, do not do
+ it. Instead, use the monitor controls to adjust the display for
+ X Window. There may be some display differences when switching
+ back to text mode, but it is better than damaging equipment.</para>
+
+ <para>Read the &man.xvidtune.1; manual page before making
+ any adjustments.</para>
+
+ <para>Following a successful <application>&xfree86;</application> configuration, it will proceed
+ to the selection of a default desktop.</para>
+ </sect2>
+
+ <sect2 id="default-desktop">
+ <title>Select Default X Desktop</title>
+
+ <note>
+ <para>As of &os;&nbsp;5.3-RELEASE, the X desktop selection
+ facility has been removed from
+ <application>sysinstall</application>, you have to configure
+ the X desktop after the installation of &os;. More
+ information regarding the installation and the configuration
+ of a X desktop can be found in <xref linkend="x11">. You
+ can skip this section if you are not installing a &os;
+ version prior to 5.3-RELEASE.</para>
+ </note>
+
+ <para>There are a variety of window managers available. They range
+ from very basic environments to full desktop environments with a
+ large suite of software. Some require only minimal disk space and
+ low memory while others with more features require much more. The
+ best way to determine which is most suitable for you is to try a few
+ different ones. Those are available from the Ports Collection or as
+ packages and can be added after installation.</para>
+
+ <para>You can select one of the popular desktops to be installed
+ and configured as the default desktop. This will allow you
+ to start it right after installation.</para>
+
+ <figure id="x-desktop">
+ <title>Select Default Desktop</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/desktop" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Use the arrow keys to select a desktop and press
+ <keycap>Enter</keycap>. Installation of the selected desktop will
+ proceed.</para>
+ </sect2>
+
+ <sect2 id="packages">
+ <title>Install Packages</title>
+
+ <para>Packages are pre-compiled binaries and are a convenient
+ way to install software.</para>
+
+ <para>Installation of one package is shown for purposes of
+ illustration. Additional packages can also be added at this
+ time if desired. After installation
+ <command>sysinstall</command> (<command>/stand/sysinstall</command>
+ in &os; versions older than 5.2) can be used to add additional
+ packages.</para>
+
+ <screen> User Confirmation Requested
+ The FreeBSD package collection is a collection of hundreds of
+ ready-to-run applications, from text editors to games to WEB servers
+ and more. Would you like to browse the collection now?
+
+ [ Yes ] No</screen>
+
+ <para>Selecting &gui.yes; and pressing
+ <keycap>Enter</keycap> will be
+ followed by the Package Selection screens:</para>
+
+ <figure id="package-category">
+ <title>Select Package Category</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/pkg-cat" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Only packages on the current installation media are
+ available for installation at any given time.</para>
+
+ <para>All packages available will be displayed if
+ <guimenuitem>All</guimenuitem> is selected or you can select a
+ particular category. Highlight your selection with the arrow
+ keys and press <keycap>Enter</keycap>.</para>
+
+ <para>A menu will display showing all the packages available for
+ the selection made:</para>
+
+ <figure id="package-select">
+ <title>Select Packages</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/pkg-sel" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The <application>bash</application> shell is shown selected.
+ Select as many as desired by highlighting the package and pressing the
+ <keycap>Space</keycap> key. A short description of each package will
+ appear in the lower left corner of the screen.</para>
+
+ <para>Pressing the <keycap>Tab</keycap> key will toggle between the last
+ selected package, &gui.ok;, and &gui.cancel;.</para>
+
+ <para>When you have finished marking the packages for installation,
+ press <keycap>Tab</keycap> once to toggle to the &gui.ok; and press
+ <keycap>Enter</keycap> to return to the Package Selection menu.</para>
+
+ <para>The left and right arrow keys will also toggle between &gui.ok;
+ and &gui.cancel;. This method can also be used to select &gui.ok; and
+ press <keycap>Enter</keycap> to return to the Package Selection
+ menu.</para>
+
+ <figure id="package-install">
+ <title>Install Packages</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/pkg-install" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Use the <keycap>Tab</keycap> and arrow keys to select <guibutton>[&nbsp;Install&nbsp;]</guibutton>
+ and press <keycap>Enter</keycap>. You will then need to confirm
+ that you want to install the packages:</para>
+
+ <figure id="package-install-confirm">
+ <title>Confirm Package Installation</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/pkg-confirm" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Selecting &gui.ok; and pressing <keycap>Enter</keycap> will start
+ the package installation. Installing messages will appear until
+ completed. Make note if there are any error messages.</para>
+
+ <para>The final configuration continues after packages are
+ installed. If you end up not selecting any packages, and wish
+ to return to the final configuration, select
+ <guibutton>Install</guibutton> anyways.</para>
+ </sect2>
+
+ <sect2 id="addusers">
+ <title>Add Users/Groups</title>
+
+ <para>You should add at least one user during the installation so
+ that you can use the system without being logged in as
+ <username>root</username>. The root partition is generally small
+ and running applications as <username>root</username> can quickly
+ fill it. A bigger danger is noted below:</para>
+
+ <screen> User Confirmation Requested
+ Would you like to add any initial user accounts to the system? Adding
+ at least one account for yourself at this stage is suggested since
+ working as the "root" user is dangerous (it is easy to do things which
+ adversely affect the entire system).
+
+ [ Yes ] No</screen>
+
+ <para>Select &gui.yes; and press
+ <keycap>Enter</keycap> to continue with adding a user.</para>
+
+ <figure id="add-user2">
+ <title>Select User</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/adduser1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Select <guimenuitem>User</guimenuitem> with the arrow keys
+ and press <keycap>Enter</keycap>.</para>
+
+ <figure id="add-user3">
+ <title>Add User Information</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/adduser2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The following descriptions will appear in the lower part of
+ the screen as the items are selected with <keycap>Tab</keycap>
+ to assist with entering the required information:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Login ID</term>
+
+ <listitem>
+ <para>The login name of the new user (mandatory).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>UID</term>
+
+ <listitem>
+ <para>The numerical ID for this user (leave blank for
+ automatic choice).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Group</term>
+
+ <listitem>
+ <para>The login group name for this user (leave blank for
+ automatic choice).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Password</term>
+
+ <listitem>
+ <para>The password for this user (enter this field with
+ care!).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Full name</term>
+
+ <listitem>
+ <para>The user's full name (comment).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Member groups</term>
+
+ <listitem>
+ <para>The groups this user belongs to (i.e. gets access
+ rights for).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Home directory</term>
+
+ <listitem>
+ <para>The user's home directory (leave blank for
+ default).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Login shell</term>
+ <listitem>
+ <para>The user's login shell (leave blank for
+ default, e.g. <filename>/bin/sh</filename>).</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The login shell was changed from <filename>/bin/sh</filename> to
+ <filename>/usr/local/bin/bash</filename> to use the
+ <application>bash</application> shell that was previously installed as
+ a package. Do not try to use a shell that does not exist or you will
+ not be able to login. The most common shell used in the
+ BSD-world is the C shell, which can be indicated as
+ <filename>/bin/tcsh</filename>.</para>
+
+ <para>The user was also added to the <groupname>wheel</groupname> group
+ to be able to become a superuser with <username>root</username>
+ privileges.</para>
+
+ <para>When you are satisfied, press &gui.ok; and
+ the User and Group Management menu will redisplay:</para>
+
+ <figure id="add-user4">
+ <title>Exit User and Group Management</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/adduser3" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Groups can also be added at this time if specific needs
+ are known. Otherwise, this may be accessed through using
+ <command>sysinstall</command> (<command>/stand/sysinstall</command>
+ in &os; versions older than 5.2) after installation is
+ completed.</para>
+
+ <para>When you are finished adding users, select
+ <guimenuitem>Exit</guimenuitem> with the arrow keys and press
+ <keycap>Enter</keycap> to continue the installation.</para>
+ </sect2>
+
+ <sect2 id="rootpass">
+ <title>Set the <username>root</username> Password</title>
+
+ <screen> Message
+ Now you must set the system manager's password.
+ This is the password you'll use to log in as "root".
+
+ [ OK ]
+
+ [ Press enter to continue ]</screen>
+
+ <para>Press <keycap>Enter</keycap> to set the <username>root</username>
+ password.</para>
+
+ <para>The password will need to be typed in twice correctly. Needless to
+ say, make sure you have a way of finding the password if you
+ forget. Notice that the password you type in is not echoed, nor
+ are asterisks displayed.</para>
+
+ <screen>Changing local password for root.
+New password :
+Retype new password :</screen>
+
+ <para>The installation will continue after the password is
+ successfully entered.</para>
+ </sect2>
+
+ <sect2 id="exit-inst">
+ <title>Exiting Install</title>
+
+ <para>If you need to configure additional network devices or
+ any other configuration, you can do it at this point or
+ after installation with <command>sysinstall</command>
+ (<command>/stand/sysinstall</command> in &os; versions older
+ than 5.2).</para>
+
+ <screen> User Confirmation Requested
+ Visit the general configuration menu for a chance to set any last
+ options?
+
+ Yes [ No ]</screen>
+
+ <para>Select &gui.no; with the arrow keys
+ and press <keycap>Enter</keycap> to return to the Main
+ Installation Menu.</para>
+
+ <figure id="final-main">
+ <title>Exit Install</title>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="install/mainexit" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>Select <guibutton>[X Exit Install]</guibutton> with the arrow
+ keys and press <keycap>Enter</keycap>. You will be asked to
+ confirm exiting the installation:</para>
+
+ <screen> User Confirmation Requested
+ Are you sure you wish to exit? The system will reboot (be sure to
+ remove any floppies from the drives).
+
+ [ Yes ] No</screen>
+
+ <para>Select &gui.yes; and remove the floppy if
+ booting from the floppy. The CDROM drive is locked until the machine
+ starts to reboot. The CDROM drive is then unlocked and the disk can
+ be removed from drive (quickly).</para>
+
+ <para>The system will reboot so watch for any error messages that
+ may appear.</para>
+ </sect2>
+
+ <sect2 id="freebsdboot">
+ <title>FreeBSD Bootup</title>
+
+ <sect3 id="freebsdboot-i386">
+ <title>FreeBSD Bootup on the &i386;</title>
+
+ <para>If everything went well, you will see messages scroll
+ off the screen and you will arrive at a login prompt. You can view
+ the content of the messages by pressing <keycap>Scroll-Lock</keycap>
+ and using <keycap>PgUp</keycap> and <keycap>PgDn</keycap>.
+ Pressing <keycap>Scroll-Lock</keycap> again will return
+ to the prompt.</para>
+
+ <para>The entire message may not display (buffer limitation) but
+ it can be viewed from the command line after logging in by typing
+ <command>dmesg</command> at the prompt.</para>
+
+ <para>Login using the username/password you set during installation
+ (<username>rpratt</username>, in this example). Avoid logging in as
+ <username>root</username> except when necessary.</para>
+
+ <para>Typical boot messages (version information omitted):</para>
+
+<screen>Copyright (c) 1992-2002 The FreeBSD Project.
+Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+
+Timecounter "i8254" frequency 1193182 Hz
+CPU: AMD-K6(tm) 3D processor (300.68-MHz 586-class CPU)
+ Origin = "AuthenticAMD" Id = 0x580 Stepping = 0
+ Features=0x8001bf&lt;FPU,VME,DE,PSE,TSC,MSR,MCE,CX8,MMX&gt;
+ AMD Features=0x80000800&lt;SYSCALL,3DNow!&gt;
+real memory = 268435456 (262144K bytes)
+config&gt; di sn0
+config&gt; di lnc0
+config&gt; di le0
+config&gt; di ie0
+config&gt; di fe0
+config&gt; di cs0
+config&gt; di bt0
+config&gt; di aic0
+config&gt; di aha0
+config&gt; di adv0
+config&gt; q
+avail memory = 256311296 (250304K bytes)
+Preloaded elf kernel "kernel" at 0xc0491000.
+Preloaded userconfig_script "/boot/kernel.conf" at 0xc049109c.
+md0: Malloc disk
+Using $PIR table, 4 entries at 0xc00fde60
+npx0: &lt;math processor&gt; on motherboard
+npx0: INT 16 interface
+pcib0: &lt;Host to PCI bridge&gt; on motherboard
+pci0: &lt;PCI bus&gt; on pcib0
+pcib1: &lt;VIA 82C598MVP (Apollo MVP3) PCI-PCI (AGP) bridge&gt; at device 1.0 on pci0
+pci1: &lt;PCI bus&gt; on pcib1
+pci1: &lt;Matrox MGA G200 AGP graphics accelerator&gt; at 0.0 irq 11
+isab0: &lt;VIA 82C586 PCI-ISA bridge&gt; at device 7.0 on pci0
+isa0: &lt;ISA bus&gt; on isab0
+atapci0: &lt;VIA 82C586 ATA33 controller&gt; port 0xe000-0xe00f at device 7.1 on pci0
+ata0: at 0x1f0 irq 14 on atapci0
+ata1: at 0x170 irq 15 on atapci0
+uhci0: &lt;VIA 83C572 USB controller&gt; port 0xe400-0xe41f irq 10 at device 7.2 on pci0
+usb0: &lt;VIA 83C572 USB controller&gt; on uhci0
+usb0: USB revision 1.0
+uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
+uhub0: 2 ports with 2 removable, self powered
+chip1: &lt;VIA 82C586B ACPI interface&gt; at device 7.3 on pci0
+ed0: &lt;NE2000 PCI Ethernet (RealTek 8029)&gt; port 0xe800-0xe81f irq 9 at
+device 10.0 on pci0
+ed0: address 52:54:05:de:73:1b, type NE2000 (16 bit)
+isa0: too many dependant configs (8)
+isa0: unexpected small tag 14
+fdc0: &lt;NEC 72065B or clone&gt; at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
+fdc0: FIFO enabled, 8 bytes threshold
+fd0: &lt;1440-KB 3.5" drive&gt; on fdc0 drive 0
+atkbdc0: &lt;keyboard controller (i8042)&gt; at port 0x60-0x64 on isa0
+atkbd0: &lt;AT Keyboard&gt; flags 0x1 irq 1 on atkbdc0
+kbd0 at atkbd0
+psm0: &lt;PS/2 Mouse&gt; irq 12 on atkbdc0
+psm0: model Generic PS/2 mouse, device ID 0
+vga0: &lt;Generic ISA VGA&gt; at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
+sc0: &lt;System console&gt; at flags 0x1 on isa0
+sc0: VGA &lt;16 virtual consoles, flags=0x300&gt;
+sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
+sio0: type 16550A
+sio1 at port 0x2f8-0x2ff irq 3 on isa0
+sio1: type 16550A
+ppc0: &lt;Parallel port&gt; at port 0x378-0x37f irq 7 on isa0
+ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
+ppc0: FIFO with 16/16/15 bytes threshold
+ppbus0: IEEE1284 device found /NIBBLE
+Probing for PnP devices on ppbus0:
+plip0: &lt;PLIP network interface&gt; on ppbus0
+lpt0: &lt;Printer&gt; on ppbus0
+lpt0: Interrupt-driven port
+ppi0: &lt;Parallel I/O&gt; on ppbus0
+ad0: 8063MB &lt;IBM-DHEA-38451&gt; [16383/16/63] at ata0-master using UDMA33
+ad2: 8063MB &lt;IBM-DHEA-38451&gt; [16383/16/63] at ata1-master using UDMA33
+acd0: CDROM &lt;DELTA OTC-H101/ST3 F/W by OIPD&gt; at ata0-slave using PIO4
+Mounting root from ufs:/dev/ad0s1a
+swapon: adding /dev/ad0s1b as swap device
+Automatic boot in progress...
+/dev/ad0s1a: FILESYSTEM CLEAN; SKIPPING CHECKS
+/dev/ad0s1a: clean, 48752 free (552 frags, 6025 blocks, 0.9% fragmentation)
+/dev/ad0s1f: FILESYSTEM CLEAN; SKIPPING CHECKS
+/dev/ad0s1f: clean, 128997 free (21 frags, 16122 blocks, 0.0% fragmentation)
+/dev/ad0s1g: FILESYSTEM CLEAN; SKIPPING CHECKS
+/dev/ad0s1g: clean, 3036299 free (43175 frags, 374073 blocks, 1.3% fragmentation)
+/dev/ad0s1e: filesystem CLEAN; SKIPPING CHECKS
+/dev/ad0s1e: clean, 128193 free (17 frags, 16022 blocks, 0.0% fragmentation)
+Doing initial network setup: hostname.
+ed0: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
+ inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
+ inet6 fe80::5054::5ff::fede:731b%ed0 prefixlen 64 tentative scopeid 0x1
+ ether 52:54:05:de:73:1b
+lo0: flags=8049&lt;UP,LOOPBACK,RUNNING,MULTICAST&gt; mtu 16384
+ inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
+ inet6 ::1 prefixlen 128
+ inet 127.0.0.1 netmask 0xff000000
+Additional routing options: IP gateway=YES TCP keepalive=YES
+routing daemons:.
+additional daemons: syslogd.
+Doing additional network setup:.
+Starting final network daemons: creating ssh RSA host key
+Generating public/private rsa1 key pair.
+Your identification has been saved in /etc/ssh/ssh_host_key.
+Your public key has been saved in /etc/ssh/ssh_host_key.pub.
+The key fingerprint is:
+cd:76:89:16:69:0e:d0:6e:f8:66:d0:07:26:3c:7e:2d root@k6-2.example.com
+ creating ssh DSA host key
+Generating public/private dsa key pair.
+Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
+Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
+The key fingerprint is:
+f9:a1:a9:47:c4:ad:f9:8d:52:b8:b8:ff:8c:ad:2d:e6 root@k6-2.example.com.
+setting ELF ldconfig path: /usr/lib /usr/lib/compat /usr/X11R6/lib
+/usr/local/lib
+a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout /usr/X11R6/lib/aout
+starting standard daemons: inetd cron sshd usbd sendmail.
+Initial rc.i386 initialization:.
+rc.i386 configuring syscons: blank_time screensaver moused.
+Additional ABI support: linux.
+Local package initialization:.
+Additional TCP options:.
+
+FreeBSD/i386 (k6-2.example.com) (ttyv0)
+
+login: rpratt
+Password:</screen>
+
+ <para>Generating the RSA and DSA keys may take some time on slower
+ machines. This happens only on the initial boot-up of a new
+ installation. Subsequent boots will be faster.</para>
+
+ <para>If the X server has been configured and a Default Desktop
+ chosen, it can be started by typing <command>startx</command> at
+ the command line.</para>
+
+ </sect3>
+
+ <sect3>
+ <title>Bootup of FreeBSD on the Alpha</title>
+
+ <indexterm><primary>Alpha</primary></indexterm>
+
+ <para>Once the install procedure has finished, you will be
+ able to start FreeBSD by typing something like this to the
+ SRM prompt:</para>
+
+ <screen>&gt;&gt;&gt;<userinput>BOOT DKC0</userinput></screen>
+
+ <para>This instructs the firmware to boot the specified
+ disk. To make FreeBSD boot automatically in the future, use
+ these commands:</para>
+
+ <screen><prompt>&gt;&gt;&gt;</prompt> <userinput>SET BOOT_OSFLAGS A</userinput>
+<prompt>&gt;&gt;&gt;</prompt> <userinput>SET BOOT_FILE ''</userinput>
+<prompt>&gt;&gt;&gt;</prompt> <userinput>SET BOOTDEF_DEV DKC0</userinput>
+<prompt>&gt;&gt;&gt;</prompt> <userinput>SET AUTO_ACTION BOOT</userinput></screen>
+
+ <para>The boot messages will be similar (but not identical) to
+ those produced by FreeBSD booting on the &i386;.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="shutdown">
+ <title>FreeBSD Shutdown</title>
+
+ <para>It is important to properly shutdown the operating
+ system. Do not just turn off power. First, become a superuser by
+ typing <command>su</command> at the command line and entering the
+ <username>root</username> password. This will work only if the user
+ is a member of the <groupname>wheel</groupname> group.
+ Otherwise, login as <username>root</username> and use
+ <command>shutdown -h now</command>.</para>
+
+ <screen>The operating system has halted.
+Please press any key to reboot.</screen>
+
+ <para>It is safe to turn off the power after the shutdown command
+ has been issued and the message <quote>Please press any key to reboot</quote>
+ appears. If any key is pressed instead of turning off the power
+ switch, the system will reboot.</para>
+
+ <para>You could also use the
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>Alt</keycap>
+ <keycap>Del</keycap>
+ </keycombo>
+ key combination to reboot the system, however this is not recommended
+ during normal operation.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="install-supported-hardware">
+ <title>Supported Hardware</title>
+
+ <indexterm><primary>hardware</primary></indexterm>
+ <para>FreeBSD currently runs on a wide variety of ISA, VLB, EISA, and PCI
+ bus-based PCs with Intel, AMD, Cyrix, or NexGen <quote>x86</quote>
+ processors, as well as a number of machines based on the Compaq Alpha
+ processor. Support for generic IDE or ESDI drive configurations,
+ various SCSI controllers, PCMCIA cards, USB devices, and network and
+ serial cards is also provided. FreeBSD also supports IBM's microchannel
+ (MCA) bus.</para>
+
+ <para>A list of supported hardware is provided with each FreeBSD release
+ in the FreeBSD Hardware Notes. This document can usually be found in a
+ file named <filename>HARDWARE.TXT</filename>, in the top-level directory
+ of a CDROM or FTP distribution or in
+ <application>sysinstall</application>'s documentation menu. It lists,
+ for a given architecture, what hardware devices are known to be
+ supported by each release of FreeBSD. Copies of the supported
+ hardware list for various releases and architectures can also be
+ found on the <ulink
+ url="http://www.FreeBSD.org/releases/index.html">Release
+ Information</ulink> page of the FreeBSD Web site.</para>
+ </sect1>
+
+ <sect1 id="install-trouble">
+ <title>Troubleshooting</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>troubleshooting</secondary>
+ </indexterm>
+ <para>The following section covers basic installation troubleshooting,
+ such as common problems people have reported. There are also a few
+ questions and answers for people wishing to dual-boot FreeBSD with
+ &ms-dos;.</para>
+
+ <sect2>
+ <title>What to Do If Something Goes Wrong</title>
+
+ <para>Due to various limitations of the PC architecture, it is
+ impossible for probing to be 100% reliable, however, there are a
+ few things you can do if it fails.</para>
+
+ <para>Check the Hardware Notes document for your version of
+ FreeBSD to make sure your hardware is
+ supported.</para>
+
+ <para>If your hardware is supported and you still experience
+ lock-ups or other problems, reset your computer, and when the
+ visual kernel configuration option is given, choose it. This will
+ allow you to go through your hardware and supply information to the
+ system about it. The kernel on the boot disks is configured
+ assuming that most hardware devices are in their factory default
+ configuration in terms of IRQs, IO addresses, and DMA channels. If
+ your hardware has been reconfigured, you will most likely need to
+ use the configuration editor to tell FreeBSD where to find
+ things.</para>
+
+ <para>It is also possible that a probe for a device not present will
+ cause a later probe for another device that is present to fail. In
+ that case, the probes for the conflicting driver(s) should be
+ disabled.</para>
+
+ <note>
+ <para>Some installation problems can be avoided or alleviated
+ by updating the firmware on various hardware components, most notably
+ the motherboard. The motherboard firmware may also be referred to
+ as <acronym>BIOS</acronym> and most of the motherboard or computer
+ manufactures have a website where the upgrades and upgrade information
+ may be located.</para>
+
+ <para>Most manufacturers strongly advise against upgrading the motherboard
+ <acronym>BIOS</acronym> unless there is a good reason for doing so, which
+ could possibly be a critical update of sorts. The upgrade process
+ <emphasis>can</emphasis> go wrong, causing permanent damage to the
+ <acronym>BIOS</acronym> chip.</para>
+ </note>
+
+ <warning>
+ <para>Do not disable any drivers you will need during the
+ installation, such as your screen (<devicename>sc0</devicename>).
+ If the installation wedges or fails mysteriously after leaving
+ the configuration editor, you have probably removed or changed
+ something you should not have. Reboot and try again.</para>
+ </warning>
+
+ <para>In configuration mode, you can:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>List the device drivers installed in the kernel.</para>
+ </listitem>
+
+ <listitem>
+ <para>Disable device drivers for hardware that is not present in
+ your system.</para>
+ </listitem>
+
+ <listitem>
+ <para>Change IRQs, DRQs, and IO port addresses used by a device
+ driver.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>After adjusting the kernel to match your hardware
+ configuration, type <command>Q</command> to boot with the new
+ settings. Once the installation has completed, any changes you
+ made in the configuration mode will be permanent so you do not have
+ to reconfigure every time you boot. It is still highly likely that
+ you will eventually want to build a <link
+ linkend="kernelconfig">custom kernel</link>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Dealing with Existing &ms-dos; Partitions</title>
+
+ <indexterm><primary>DOS</primary></indexterm>
+ <para>Many users wish to install &os; on <acronym>PC</acronym>s inhabited by
+ &microsoft; based operating systems. For those instances, &os; has a
+ utility known as <application>FIPS</application>. This utility can be found
+ in the <filename>tools</filename> directory on the install CD-ROM, or downloaded
+ from one of various <link linkend="mirrors">&os; mirrors</link>.</para>
+
+ <para>The <application>FIPS</application> utility allows you to split an
+ existing &ms-dos; partition into two pieces, preserving the original
+ partition and allowing you to install onto the second free piece.
+ You first need to defragment your &ms-dos; partition using the &windows;
+ <application>Disk Defragmenter</application> utility (go into Explorer, right-click on
+ the hard drive, and choose to defrag your hard drive), or use
+ <application>Norton Disk Tools</application>. Now you can run the
+ <application>FIPS</application> utility. It will prompt you for the rest of
+ the information, just follow the on screen instructions. Afterwards, you can
+ reboot and install &os; on the new free slice. See the <guimenuitem>Distributions</guimenuitem> menu
+ for an estimate of how much free space you will need for the kind of
+ installation you want.</para>
+
+ <para>There is also a very useful product from PowerQuest
+ (<ulink url="http://www.powerquest.com/">http://www.powerquest.com</ulink>) called
+ <application>&partitionmagic;</application>. This application has far more
+ functionality than <application>FIPS</application>, and is highly recommended
+ if you plan to add/remove operating systems often. It does cost money, so if you
+ plan to install &os; and keep it installed, <application>FIPS</application>
+ will probably be fine for you.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using &ms-dos; and &windows; File Systems</title>
+
+ <para>At this time, &os; does not support file systems compressed with the
+ <application>Double Space&trade;</application> application. Therefore the file
+ system will need to be uncompressed before &os; can access the data. This
+ can be done by running the <application>Compression Agent</application>
+ located in the <guimenuitem>Start</guimenuitem>&gt; <guimenuitem>Programs</guimenuitem> &gt;
+ <guimenuitem>System Tools</guimenuitem> menu.</para>
+
+ <para>&os; can support &ms-dos; based file systems. This requires you use
+ the &man.mount.msdos.8; command (in &os; 5.X, the command is &man.mount.msdosfs.8;)
+ with the required parameters. The utilities most common usage is:</para>
+
+ <screen>&prompt.root; <userinput>mount_msdos /dev/ad0s1 /mnt</userinput></screen>
+
+ <para>In this example, the &ms-dos; file system is located on the first partition of
+ the primary hard disk. Your situation may be different, check the output from
+ the <command>dmesg</command>, and <command>mount</command> commands. They should
+ produce enough information to give an idea of the partition layout.</para>
+
+ <note><para>Extended &ms-dos; file systems are usually mapped after the &os;
+ partitions. In other words, the slice number may be higher than the ones
+ &os; is using. For instance, the first &ms-dos; partition may be
+ <filename>/dev/ad0s1</filename>, the &os; partition may be
+ <filename>/dev/ad0s2</filename>, with the extended &ms-dos; partition being
+ located on <filename>/dev/ad0s3</filename>. To some, this can be confusing
+ at first.</para></note>
+
+ <para>NTFS partitions can also be mounted in a similar manner
+ using the &man.mount.ntfs.8; command.</para>
+ </sect2>
+
+ <sect2>
+ <title>Alpha User's Questions and Answers</title>
+
+ <indexterm><primary>Alpha</primary></indexterm>
+
+ <para>This section answers some commonly asked questions about
+ installing FreeBSD on Alpha systems.</para>
+
+ <qandaset>
+ <qandaentry>
+ <question>
+ <para>Can I boot from the ARC or Alpha BIOS Console?</para>
+ </question>
+
+ <indexterm><primary>ARC</primary></indexterm>
+ <indexterm><primary>Alpha BIOS</primary></indexterm>
+ <indexterm><primary>SRM</primary></indexterm>
+
+ <answer>
+ <para>No. &os;, like Compaq Tru64 and VMS, will only boot
+ from the SRM console.</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>Help, I have no space! Do I need to delete
+ everything first?</para>
+ </question>
+
+ <answer>
+ <para>Unfortunately, yes.</para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>Can I mount my Compaq Tru64 or VMS filesystems?</para>
+ </question>
+
+ <answer>
+ <para>No, not at this time.</para>
+ </answer>
+ </qandaentry>
+ </qandaset>
+ </sect2>
+ </sect1>
+
+ <sect1 id="install-advanced">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Valentino</firstname>
+ <surname>Vaschetto</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ <!-- May 2001 -->
+ </authorgroup>
+ </sect1info>
+
+ <title>Advanced Installation Guide</title>
+
+ <para>This section describes how to install FreeBSD in exceptional
+ cases.</para>
+
+ <sect2 id="headless-install">
+ <title>Installing FreeBSD on a System without a Monitor or
+ Keyboard</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>headless (serial console)</secondary>
+ </indexterm>
+ <indexterm><primary>serial console</primary></indexterm>
+ <para>This type of installation is called a <quote>headless
+ install</quote>, because the machine that you are trying to install
+ FreeBSD on either does not have a monitor attached to it, or does not
+ even have a VGA output. How is this possible you ask? Using a
+ serial console. A serial console is basically using another
+ machine to act as the main display and keyboard for a
+ system. To do this, just follow the steps to create
+ installation floppies, explained in <xref
+ linkend="install-floppies">.</para>
+
+ <para>To modify these floppies to boot into a serial console, follow
+ these steps:</para>
+
+ <procedure>
+ <step>
+ <title>Enabling the Boot Floppies to Boot into a Serial Console</title>
+ <indexterm>
+ <primary><command>mount</command></primary>
+ </indexterm>
+ <para>If you were to boot into the floppies that you just
+ made, FreeBSD would boot into its normal install mode. We
+ want FreeBSD to boot into a serial console for our
+ install. To do this, you have to mount the
+ <filename>kern.flp</filename> floppy onto your FreeBSD
+ system using the &man.mount.8; command.</para>
+
+ <screen>&prompt.root; <userinput>mount /dev/fd0 /mnt</userinput></screen>
+
+ <para>Now that you have the floppy mounted, you must
+ change into the <filename class="directory">/mnt</filename> directory:</para>
+
+ <screen>&prompt.root; <userinput>cd /mnt</userinput></screen>
+
+ <para>Here is where you must set the floppy to boot into a
+ serial console. You have to make a file called
+ <filename>boot.config</filename> containing
+ <literal>/boot/loader -h</literal>. All this does is pass a flag to the bootloader to
+ boot into a serial console.</para>
+
+ <screen>&prompt.root; <userinput>echo "/boot/loader -h" > boot.config</userinput></screen>
+
+ <para>Now that you have your floppy configured correctly,
+ you must unmount the floppy using the &man.umount.8;
+ command:</para>
+
+ <screen>&prompt.root; <userinput>cd /</userinput>
+&prompt.root; <userinput>umount /mnt</userinput></screen>
+
+ <para>Now you can remove the floppy from the floppy
+ drive.</para>
+ </step>
+
+ <step>
+ <title>Connecting Your Null-modem Cable</title>
+
+ <indexterm><primary>null-modem cable</primary></indexterm>
+ <para>You now need to connect a
+ <link linkend="term-cables-null">null-modem cable</link> between
+ the two machines. Just connect the cable to the serial
+ ports of the 2 machines. <emphasis>A normal serial cable
+ will not work here</emphasis>, you need a null-modem
+ cable because it has some of the wires inside crossed
+ over.</para>
+ </step>
+
+ <step>
+ <title>Booting Up for the Install</title>
+
+ <para>It is now time to go ahead and start the install. Put
+ the <filename>kern.flp</filename> floppy in the floppy
+ drive of the machine you are doing the headless install
+ on, and power on the machine.</para>
+ </step>
+
+ <step>
+ <title>Connecting to Your Headless Machine</title>
+ <indexterm>
+ <primary><command>cu</command></primary>
+ </indexterm>
+ <para>Now you have to connect to that machine with
+ &man.cu.1;:</para>
+
+ <screen>&prompt.root; <userinput>cu -l /dev/cuaa0</userinput></screen>
+ </step>
+ </procedure>
+
+ <para>That's it! You should now be able to control the headless machine
+ through your <command>cu</command> session. It will ask you to
+ put in the <filename>mfsroot.flp</filename>, and then it will come up
+ with a selection of what kind of terminal to use. Select the
+ FreeBSD color console and proceed with your install!</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="install-diff-media">
+ <title>Preparing Your Own Installation Media</title>
+
+ <note>
+ <para>To prevent repetition, <quote>FreeBSD disc</quote> in this context
+ means a FreeBSD CDROM or DVD that you have purchased or produced
+ yourself.</para>
+ </note>
+
+ <para>There may be some situations in which you need to create your own
+ FreeBSD installation media and/or source. This might be physical media,
+ such as a tape, or a source that <application>sysinstall</application>
+ can use to retrieve the files, such as a local FTP site, or an &ms-dos;
+ partition.</para>
+
+ <para>For example:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>You have many machines connected to your local network, and one
+ FreeBSD disc. You want to create a local FTP site using the
+ contents of the FreeBSD disc, and then have your machines use this
+ local FTP site instead of needing to connect to the Internet.</para>
+ </listitem>
+
+ <listitem>
+ <para>You have a FreeBSD disc, and FreeBSD does not recognize your CD/DVD
+ drive, but &ms-dos;/&windows; does. You want to copy the FreeBSD
+ installation files to a DOS partition on the same computer, and
+ then install FreeBSD using those files.</para>
+ </listitem>
+
+ <listitem>
+ <para>The computer you want to install on does not have a CD/DVD
+ drive or a network card, but you can connect a
+ <quote>Laplink-style</quote> serial or parallel cable to a computer
+ that does.</para>
+ </listitem>
+
+ <listitem>
+ <para>You want to create a tape that can be used to install
+ FreeBSD.</para>
+ </listitem>
+ </itemizedlist>
+
+ <sect2 id="install-cdrom">
+ <title>Creating an Installation CDROM</title>
+
+ <para>As part of each release, the FreeBSD project makes available two
+ CDROM images (<quote>ISO images</quote>). These images can be written
+ (<quote>burned</quote>) to CDs if you have a CD writer, and then used
+ to install FreeBSD. If you have a CD writer, and bandwidth is cheap,
+ then this is the easiest way to install FreeBSD.</para>
+
+ <procedure>
+ <step>
+ <title>Download the Correct ISO Images</title>
+
+ <para>The ISO images for each release can be downloaded from <filename>ftp://ftp.FreeBSD.org/pub/FreeBSD/ISO-IMAGES-<replaceable>arch</replaceable>/<replaceable>version</replaceable></filename> or the closest mirror.
+ Substitute <replaceable>arch</replaceable> and
+ <replaceable>version</replaceable> as appropriate.</para>
+
+ <para>That directory will normally contain the following images:</para>
+
+ <table frame="none">
+ <title>FreeBSD 4.<replaceable>X</replaceable> ISO Image Names and Meanings</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Filename</entry>
+
+ <entry>Contains</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><filename><replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-miniinst.iso</filename></entry>
+
+ <entry>Everything you need to install FreeBSD.</entry>
+ </row>
+
+ <row>
+ <entry><filename><replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-disc1.iso</filename></entry>
+
+ <entry>Everything you need to install FreeBSD, and as many
+ additional third party packages as would fit on the
+ disc.</entry>
+ </row>
+
+ <row>
+ <entry><filename><replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-disc2.iso</filename></entry>
+
+ <entry>A <quote>live filesystem</quote>, which is used in
+ conjunction with the <quote>Repair</quote> facility in
+ <application>sysinstall</application>. A copy of the
+ FreeBSD CVS tree. As many additional third party packages
+ as would fit on the disc.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <table frame="none">
+ <title>FreeBSD 5.<replaceable>X</replaceable> ISO Image Names and Meanings</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Filename</entry>
+
+ <entry>Contains</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><filename><replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-bootonly.iso</filename></entry>
+
+ <entry>Everything you need to boot into a FreeBSD
+ kernel and start the installation interface.
+ The installable files have to be pulled over FTP
+ or some other supported source.</entry>
+ </row>
+
+ <row>
+ <entry><filename><replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-miniinst.iso</filename></entry>
+
+ <entry>Everything you need to install FreeBSD.</entry>
+ </row>
+
+ <row>
+ <entry><filename><replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-disc1.iso</filename></entry>
+
+ <entry>Everything you need to install &os; and a
+ <quote>live filesystem</quote>, which is used in
+ conjunction with the <quote>Repair</quote> facility
+ in <application>sysinstall</application>.</entry>
+ </row>
+
+ <row>
+ <entry><filename><replaceable>version</replaceable>-RELEASE-<replaceable>arch</replaceable>-disc2.iso</filename></entry>
+
+ <entry>&os; documentation and as many third party packages as
+ would fit on the disc.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>You <emphasis>must</emphasis> download one of either the miniinst
+ ISO image, or the image of disc one. Do not download both of them,
+ since the disc one image contains everything that the miniinst ISO
+ image contains.</para>
+
+ <note>
+ <para>The miniinst ISO image is only available for releases prior
+ to 5.4-RELEASE.</para>
+ </note>
+
+ <para>Use the miniinst ISO if Internet access is cheap for you. It will
+ let you install FreeBSD, and you can then install third party
+ packages by downloading them using the ports/packages system (see
+ <xref linkend="ports">) as
+ necessary.</para>
+
+ <para>Use the image of disc one if you want to install a
+ &os;&nbsp;4.<replaceable>X</replaceable> release and want
+ a reasonable selection of third party packages on the disc
+ as well.</para>
+
+ <para>The additional disc images are useful, but not essential,
+ especially if you have high-speed access to the Internet.</para>
+ </step>
+
+ <step>
+ <title>Write the CDs</title>
+
+ <para>You must then write the CD images to disc. If you will be
+ doing this on another FreeBSD system then see
+ <xref linkend="creating-cds"> for more information (in
+ particular, <xref linkend="burncd"> and
+ <xref linkend="cdrecord">).</para>
+
+ <para>If you will be doing this on another platform then you will
+ need to use whatever utilities exist to control your CD writer on
+ that platform. The images provided are in the standard ISO format,
+ which many CD writing applications support.</para>
+ </step>
+ </procedure>
+
+ <note><para>If you are interested in building a customized
+ release of FreeBSD, please see the <ulink
+ url="&url.articles.releng;">Release Engineering
+ Article</ulink>.</para></note>
+
+ </sect2>
+
+ <sect2 id="install-ftp">
+ <title>Creating a Local FTP Site with a FreeBSD Disc</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>network</secondary>
+ <tertiary>FTP</tertiary>
+ </indexterm>
+
+ <para>FreeBSD discs are laid out in the same way as the FTP site. This
+ makes it very easy for you to create a local FTP site that can be used
+ by other machines on your network when installing FreeBSD.</para>
+
+ <procedure>
+ <step>
+ <para>On the FreeBSD computer that will host the FTP site, ensure
+ that the CDROM is in the drive, and mounted on
+ <filename>/cdrom</filename>.</para>
+
+ <screen>&prompt.root; <userinput>mount /cdrom</userinput></screen>
+ </step>
+
+ <step>
+ <para>Create an account for anonymous FTP in
+ <filename>/etc/passwd</filename>. Do this by editing
+ <filename>/etc/passwd</filename> using &man.vipw.8; and adding
+ this line:</para>
+
+ <programlisting>ftp:*:99:99::0:0:FTP:/cdrom:/nonexistent</programlisting>
+ </step>
+
+ <step>
+ <para>Ensure that the FTP service is enabled in
+ <filename>/etc/inetd.conf</filename>.</para>
+ </step>
+ </procedure>
+
+ <para>Anyone with network connectivity to your machine can now
+ chose a media type of FTP and type in
+ <userinput>ftp://<replaceable>your machine</replaceable></userinput>
+ after picking <quote>Other</quote> in the FTP sites menu during
+ the install.</para>
+
+ <note>
+ <para>If the boot media (floppy disks, usually) for your FTP
+ clients is not precisely the same version as that provided
+ by the local FTP site, then <application>sysinstall</application> will not let you
+ complete the installation. If the versions are not similar and
+ you want to override this, you must go into the <guimenu>Options</guimenu> menu
+ and change distribution name to
+ <guimenuitem>any</guimenuitem>.</para>
+ </note>
+
+ <warning>
+ <para>This approach is OK for a machine that is on your local network,
+ and that is protected by your firewall. Offering up FTP services to
+ other machines over the Internet (and not your local network)
+ exposes your computer to the attention of crackers and other
+ undesirables. We strongly recommend that you follow good security
+ practices if you do this.</para>
+ </warning>
+ </sect2>
+
+ <sect2>
+ <title>Creating Installation Floppies</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>floppies</secondary>
+ </indexterm>
+
+ <para>If you must install from floppy disk (which we suggest you
+ do <emphasis>not</emphasis> do), either due to unsupported
+ hardware or simply because you insist on doing things the hard
+ way, you must first prepare some floppies for the installation.</para>
+
+ <para>At a minimum, you will need as many 1.44&nbsp;MB or 1.2&nbsp;MB floppies
+ as it takes to hold all the files in the
+ <filename>bin</filename> (binary distribution) directory. If
+ you are preparing the floppies from DOS, then they
+ <emphasis>must</emphasis> be formatted using the &ms-dos;
+ <command>FORMAT</command> command. If you are using &windows;,
+ use Explorer to format the disks (right-click on the
+ <devicename>A:</devicename> drive, and select <quote>Format</quote>).</para>
+
+ <para>Do <emphasis>not</emphasis> trust factory pre-formatted
+ floppies. Format them again yourself, just to be sure. Many
+ problems reported by our users in the past have resulted from
+ the use of improperly formatted media, which is why we are
+ making a point of it now.</para>
+
+ <para>If you are creating the floppies on another FreeBSD machine,
+ a format is still not a bad idea, though you do not need to put
+ a DOS filesystem on each floppy. You can use the
+ <command>disklabel</command> and <command>newfs</command>
+ commands to put a UFS filesystem on them instead, as the
+ following sequence of commands (for a 3.5" 1.44&nbsp;MB floppy)
+ illustrates:</para>
+
+ <screen>&prompt.root; <userinput>fdformat -f 1440 fd0.1440</userinput>
+&prompt.root; <userinput>disklabel -w -r fd0.1440 floppy3</userinput>
+&prompt.root; <userinput>newfs -t 2 -u 18 -l 1 -i 65536 /dev/fd0</userinput></screen>
+
+ <note>
+ <para>Use <literal>fd0.1200</literal> and
+ <literal>floppy5</literal> for 5.25" 1.2&nbsp;MB disks.</para>
+ </note>
+
+ <para>Then you can mount and write to them like any other
+ filesystem.</para>
+
+ <para>After you have formatted the floppies, you will need to copy
+ the files to them. The distribution files are split into chunks
+ conveniently sized so that five of them will fit on a conventional
+ 1.44&nbsp;MB floppy. Go through all your floppies, packing as many
+ files as will fit on each one, until you have all of the
+ distributions you want packed up in this fashion. Each
+ distribution should go into a subdirectory on the floppy, e.g.:
+ <filename>a:\bin\bin.aa</filename>,
+ <filename>a:\bin\bin.ab</filename>, and so on.</para>
+
+ <para>Once you come to the Media screen during the install
+ process, select <guimenuitem>Floppy</guimenuitem> and you
+ will be prompted for the rest.</para>
+ </sect2>
+
+ <sect2 id="install-msdos">
+ <title>Installing from an &ms-dos; Partition</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>from MS-DOS</secondary>
+ </indexterm>
+ <para>To prepare for an installation from an &ms-dos; partition,
+ copy the files from the distribution into a directory
+ called <filename>freebsd</filename> in the root directory of the
+ partition. For example, <filename>c:\freebsd</filename>. The
+ directory structure of the CDROM or FTP site must be partially
+ reproduced within this directory, so we suggest using the DOS
+ <command>xcopy</command> command if you are copying it from a CD.
+ For example, to prepare for a minimal installation of
+ FreeBSD:</para>
+
+ <screen><prompt>C:\&gt;</prompt> <userinput>md c:\freebsd</userinput>
+<prompt>C:\&gt;</prompt> <userinput>xcopy e:\bin c:\freebsd\bin\ /s</userinput>
+<prompt>C:\&gt;</prompt> <userinput>xcopy e:\manpages c:\freebsd\manpages\ /s</userinput></screen>
+
+ <para>Assuming that <devicename>C:</devicename> is where you have
+ free space and <devicename>E:</devicename> is where your CDROM
+ is mounted.</para>
+
+ <para>If you do not have a CDROM drive, you can download the
+ distribution from <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE/">ftp.FreeBSD.org</ulink>.
+ Each distribution is in its own directory; for example, the
+ <emphasis>base</emphasis> distribution can be found in the <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE/base/">&rel.current;/base/</ulink>
+ directory.</para>
+
+ <note>
+ <para>In the 4.X and older releases of &os; the <quote>base</quote>
+ distribution is called <quote>bin</quote>. Adjust the sample
+ commands and URLs above accordingly, if you are using one of these
+ versions.</para>
+ </note>
+
+ <para>For as many distributions you wish to install from an &ms-dos;
+ partition (and you have the free space for), install each one
+ under <filename>c:\freebsd</filename> &mdash; the
+ <literal>BIN</literal> distribution is the only one required for
+ a minimum installation.</para>
+ </sect2>
+
+ <sect2>
+ <title>Creating an Installation Tape</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>from QIC/SCSI Tape</secondary>
+ </indexterm>
+ <para>Installing from tape is probably the easiest method, short
+ of an online FTP install or CDROM install. The installation
+ program expects the files to be simply tarred onto the tape.
+ After getting all of the distribution files you are interested
+ in, simply tar them onto the tape:</para>
+
+ <screen>&prompt.root; <userinput>cd /freebsd/distdir</userinput>
+&prompt.root; <userinput>tar cvf /dev/rwt0 dist1 ... dist2</userinput></screen>
+
+ <para>When you perform the installation, you should make
+ sure that you leave enough room in some temporary directory
+ (which you will be allowed to choose) to accommodate the
+ <emphasis>full</emphasis> contents of the tape you have created.
+ Due to the non-random access nature of tapes, this method of
+ installation requires quite a bit of temporary storage.</para>
+
+ <note>
+ <para>When starting the installation, the tape must be in the
+ drive <emphasis>before</emphasis> booting from the boot
+ floppy. The installation probe may otherwise fail to find
+ it.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Before Installing over a Network</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>network</secondary>
+ <tertiary>serial (SLIP or PPP)</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>network</secondary>
+ <tertiary>parallel (PLIP)</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>network</secondary>
+ <tertiary>Ethernet</tertiary>
+ </indexterm>
+ <para>There are three types of network installations available.
+ Serial port (SLIP or PPP), Parallel port (PLIP (laplink cable)),
+ or Ethernet (a standard Ethernet controller (includes some
+ PCMCIA)).</para>
+
+ <para>The SLIP support is rather primitive, and limited primarily
+ to hard-wired links, such as a serial cable running between a
+ laptop computer and another computer. The link should be
+ hard-wired as the SLIP installation does not currently offer a
+ dialing capability; that facility is provided with the PPP
+ utility, which should be used in preference to SLIP whenever
+ possible.</para>
+
+ <para>If you are using a modem, then PPP is almost certainly
+ your only choice. Make sure that you have your service
+ provider's information handy as you will need to know it fairly
+ early in the installation process.</para>
+
+ <para>If you use PAP or CHAP to connect your ISP (in other words, if
+ you can connect to the ISP in &windows; without using a script), then
+ all you will need to do is type in <command>dial</command> at the
+ <application>ppp</application> prompt. Otherwise, you will need to
+ know how to dial your ISP using the <quote>AT commands</quote>
+ specific to your modem, as the PPP dialer provides only a very
+ simple terminal emulator. Please refer to the user-ppp <link
+ linkend="userppp">handbook</link> and <ulink
+ url="&url.books.faq;/ppp.html">FAQ</ulink> entries for further information.
+ If you have problems, logging can be directed to the screen using
+ the command <command>set log local ...</command>.</para>
+
+ <para>If a hard-wired connection to another FreeBSD (2.0-R or
+ later) machine is available, you might also consider installing
+ over a <quote>laplink</quote> parallel port cable. The data rate
+ over the parallel port is much higher than what is typically
+ possible over a serial line (up to 50&nbsp;kbytes/sec), thus resulting
+ in a quicker installation.</para>
+
+ <para>Finally, for the fastest possible network installation, an
+ Ethernet adapter is always a good choice! FreeBSD supports most
+ common PC Ethernet cards; a table of supported cards (and their
+ required settings) is provided in the Hardware Notes for each
+ release of FreeBSD. If you are using one of the supported PCMCIA
+ Ethernet cards, also be sure that it is plugged in
+ <emphasis>before</emphasis> the laptop is powered on! FreeBSD does
+ not, unfortunately, currently support hot insertion of PCMCIA cards
+ during installation.</para>
+
+ <para>You will also need to know your IP address on the network,
+ the netmask value for your address class, and the name of your
+ machine. If you are installing over a PPP connection and do not
+ have a static IP, fear not, the IP address can be dynamically
+ assigned by your ISP. Your system administrator can tell you
+ which values to use for your particular network setup. If you
+ will be referring to other hosts by name rather than IP address,
+ you will also need a name server and possibly the address of a
+ gateway (if you are using PPP, it is your provider's IP address)
+ to use in talking to it. If you want to install by FTP via a
+ HTTP proxy, you will also need the proxy's address.
+ If you do not know the answers to all or most of these questions,
+ then you should really probably talk to your system administrator
+ or ISP <emphasis>before</emphasis> trying this type of
+ installation.</para>
+
+ <sect3>
+ <title>Before Installing via NFS</title>
+
+ <indexterm>
+ <primary>installation</primary>
+ <secondary>network</secondary>
+ <tertiary>NFS</tertiary>
+ </indexterm>
+ <para>The NFS installation is fairly straight-forward. Simply
+ copy the FreeBSD distribution files you want onto an NFS server
+ and then point the NFS media selection at it.</para>
+
+ <para>If this server supports only <quote>privileged port</quote>
+ (as is generally the default for Sun workstations), you will
+ need to set the option <literal>NFS Secure</literal> in the
+ <guimenu>Options</guimenu> menu before installation can proceed.</para>
+
+ <para>If you have a poor quality Ethernet card which suffers
+ from very slow transfer rates, you may also wish to toggle the
+ <literal>NFS Slow</literal> flag.</para>
+
+ <para>In order for NFS installation to work, the server must
+ support subdir mounts, for example, if your FreeBSD&nbsp;&rel.current; distribution
+ directory lives on:
+ <filename>ziggy:/usr/archive/stuff/FreeBSD</filename>, then
+ <hostid>ziggy</hostid> will have to allow the direct mounting
+ of <filename>/usr/archive/stuff/FreeBSD</filename>, not just
+ <filename>/usr</filename> or
+ <filename>/usr/archive/stuff</filename>.</para>
+
+ <para>In FreeBSD's <filename>/etc/exports</filename> file, this
+ is controlled by the <option>-alldirs</option> options. Other NFS
+ servers may have different conventions. If you are getting
+ <errorname>permission denied</errorname> messages from the
+ server, then it is likely that you do not have this enabled
+ properly.</para>
+ </sect3>
+
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/install/example-dir1.dot b/zh_TW.Big5/books/handbook/install/example-dir1.dot
new file mode 100644
index 0000000000..f259e8377d
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/install/example-dir1.dot
@@ -0,0 +1,7 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/";
+ root -> "A2/";
+}
diff --git a/zh_TW.Big5/books/handbook/install/example-dir2.dot b/zh_TW.Big5/books/handbook/install/example-dir2.dot
new file mode 100644
index 0000000000..b846c82399
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/install/example-dir2.dot
@@ -0,0 +1,8 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/" -> "B1/";
+ "A1/" -> "B2/";
+ root -> "A2/";
+}
diff --git a/zh_TW.Big5/books/handbook/install/example-dir3.dot b/zh_TW.Big5/books/handbook/install/example-dir3.dot
new file mode 100644
index 0000000000..178a3a91bb
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/install/example-dir3.dot
@@ -0,0 +1,8 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/";
+ root -> "A2/" -> "B1/";
+ "A2/" -> "B2/";
+}
diff --git a/zh_TW.Big5/books/handbook/install/example-dir4.dot b/zh_TW.Big5/books/handbook/install/example-dir4.dot
new file mode 100644
index 0000000000..82d12b421a
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/install/example-dir4.dot
@@ -0,0 +1,9 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/";
+ root -> "A2/" -> "B1/" -> "C1/";
+ "B1/" -> "C2/";
+ "A2/" -> "B2/";
+}
diff --git a/zh_TW.Big5/books/handbook/install/example-dir5.dot b/zh_TW.Big5/books/handbook/install/example-dir5.dot
new file mode 100644
index 0000000000..f5aa6e01dc
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/install/example-dir5.dot
@@ -0,0 +1,9 @@
+// $FreeBSD$
+
+digraph directory {
+ root [label="Root\n/"];
+ root -> "A1/" -> "C1/";
+ "A1/" -> "C2/";
+ root -> "A2/" -> "B1/";
+ "A2/" -> "B2/";
+}
diff --git a/zh_TW.Big5/books/handbook/introduction/Makefile b/zh_TW.Big5/books/handbook/introduction/Makefile
new file mode 100644
index 0000000000..4c22f7ce8a
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/introduction/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= introduction/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/introduction/chapter.sgml b/zh_TW.Big5/books/handbook/introduction/chapter.sgml
new file mode 100644
index 0000000000..c408fb0685
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/introduction/chapter.sgml
@@ -0,0 +1,951 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="introduction">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Restructured, reorganized, and parts
+ rewritten by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>²¤¶</title>
+
+ <sect1 id="introduction-synopsis">
+ <title>·§­z</title>
+
+ <para>«D±`·PÁ±z¹ï FreeBSD ·P¿³½ì¡I¥H¤U³¹¸`²[»\ FreeBSD
+ ­pµeªº¦U¤è­±¡G¤ñ¦p¥¦ªº¾ú¥v¡B¥Ø¼Ð¡B¶}µo¼Ò¦¡µ¥µ¥¡C</para>
+
+ <para>Ū§¹³o³¹¡A¥i¥HÁA¸Ñ¡G</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>FreeBSD »P¨ä¥L OS ¤§¶¡ªºÃö«Y¡F</para>
+ </listitem>
+ <listitem>
+ <para>FreeBSD ­pµeªº¾ú¥v²W·½¡F</para>
+ </listitem>
+ <listitem>
+ <para>FreeBSD ­pµeªº¥Ø¼Ð¡F</para>
+ </listitem>
+ <listitem>
+ <para>FreeBSD open-source ¶}µo¼Ò¦¡ªº°ò¦·§©À¡F</para>
+ </listitem>
+ <listitem>
+ <para>·íµMÅo¡AÁÙ¦³ <quote>FreeBSD</quote> ³o¦W¦rªº½t¬G¡C</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="nutshell">
+ <title>Welcome to FreeBSD!</title>
+ <indexterm><primary>4.4BSD-Lite</primary></indexterm>
+
+ <para>FreeBSD ¬O¤@­Ó±q 4.4BSD-Lite ­l¥Í¥X¦Ó¯à¦b¥H Intel (x86 and &itanium;),
+ AMD64, <trademark>Alpha</trademark>, Sun &ultrasparc;
+ ¬°°ò¦ªº¹q¸£¤W°õ¦æªº§@·~¨t²Î¡C¦P®É¡A²¾´Ó¨ì¨ä¥L¥­¥xªº¤u§@¤]¦b¶i¦æ¤¤¡C
+ ¹ï©ó¥»­p¹º¾ú¥vªº¤¶²Ð¡A½Ð¬Ý <link linkend="history">FreeBSD ªºÂ²µu¾ú¥v</link>¡A
+ ¹ï©ó FreeBSD ªº³Ì·sª©¥»¤¶²Ð¡A½Ð¬Ý <link linkend="relnotes"> current release
+ </link>
+
+is a 4.4BSD-Lite based operating system for
+ Intel (x86 and &itanium;), AMD64, <trademark>Alpha</trademark>, Sun
+ &ultrasparc; computers. Ports to other
+ architectures are also underway.
+ You can also
+ read about <link linkend="history">the history of FreeBSD</link>,
+ or the <link linkend="relnotes">current release</link>. If you
+ are interested in contributing something to the Project (code,
+ hardware, unmarked bills), see the <ulink
+ url="&url.articles.contributing;/index.html">Contributing to FreeBSD</ulink> article.</para>
+
+ <sect2 id="os-overview">
+ <title>What Can FreeBSD Do?</title>
+
+ <para>FreeBSD has many noteworthy features. Some of these
+ are:</para>
+
+ <itemizedlist>
+ <indexterm><primary>preemptive multitasking</primary></indexterm>
+ <listitem>
+ <para><emphasis>Preemptive multitasking</emphasis> with
+ dynamic priority adjustment to ensure smooth and fair
+ sharing of the computer between applications and users, even
+ under the heaviest of loads.</para>
+ </listitem>
+
+ <indexterm><primary>multi-user facilities</primary></indexterm>
+ <listitem>
+ <para><emphasis>Multi-user facilities</emphasis> which allow many
+ people to use a FreeBSD system simultaneously for a variety
+ of things. This means, for example, that system peripherals
+ such as printers and tape drives are properly shared between
+ all users on the system or the network and that individual
+ resource limits can be placed on users or groups of users,
+ protecting critical system resources from over-use.</para>
+ </listitem>
+
+ <indexterm><primary>TCP/IP networking</primary></indexterm>
+ <listitem>
+ <para>Strong <emphasis>TCP/IP networking</emphasis> with
+ support for industry standards such as SLIP, PPP, NFS, DHCP,
+ and NIS. This means that your FreeBSD machine can
+ interoperate easily with other systems as well as act as an
+ enterprise server, providing vital functions such as NFS
+ (remote file access) and email services or putting your
+ organization on the Internet with WWW, FTP, routing and
+ firewall (security) services.</para>
+ </listitem>
+
+ <indexterm><primary>memory protection</primary></indexterm>
+ <listitem>
+ <para><emphasis>Memory protection</emphasis> ensures that
+ applications (or users) cannot interfere with each other. One
+ application crashing will not affect others in any way.</para>
+ </listitem>
+
+ <listitem>
+ <para>FreeBSD is a <emphasis>32-bit</emphasis> operating
+ system (<emphasis>64-bit</emphasis> on the Alpha, &itanium;, AMD64, and &ultrasparc;) and was
+ designed as such from the ground up.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>X Window System</primary>
+ <seealso>XFree86</seealso>
+ </indexterm>
+
+ <listitem>
+ <para>The industry standard <emphasis>X Window System</emphasis>
+ (X11R6) provides a graphical user interface (GUI) for the cost
+ of a common VGA card and monitor and comes with full
+ sources.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>binary compatibility</primary>
+ <secondary>Linux</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>binary compatibility</primary>
+ <secondary>SCO</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>binary compatibility</primary>
+ <secondary>SVR4</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>binary compatibility</primary>
+ <secondary>BSD/OS</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>binary compatibility</primary>
+ <secondary>NetBSD</secondary>
+ </indexterm>
+ <listitem>
+ <para><emphasis>Binary compatibility</emphasis> with many
+ programs built for Linux, SCO, SVR4, BSDI and NetBSD.</para>
+ </listitem>
+
+ <listitem>
+ <para>Thousands of <emphasis>ready-to-run</emphasis>
+ applications are available from the FreeBSD
+ <emphasis>ports</emphasis> and <emphasis>packages</emphasis>
+ collection. Why search the net when you can find it all right
+ here?</para>
+ </listitem>
+
+ <listitem>
+ <para>Thousands of additional and
+ <emphasis>easy-to-port</emphasis> applications are available
+ on the Internet. FreeBSD is source code compatible with most
+ popular commercial &unix; systems and thus most applications
+ require few, if any, changes to compile.</para>
+ </listitem>
+
+ <indexterm><primary>virtual memory</primary></indexterm>
+ <listitem>
+ <para>Demand paged <emphasis>virtual memory</emphasis> and
+ <quote>merged VM/buffer cache</quote> design efficiently
+ satisfies applications with large appetites for memory while
+ still maintaining interactive response to other users.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>Symmetric Multi-Processing (SMP)</primary>
+ </indexterm>
+ <listitem>
+ <para><emphasis>SMP</emphasis> support for machines with
+ multiple CPUs.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>compilers</primary>
+ <secondary>C</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>compilers</primary>
+ <secondary>C++</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>compilers</primary>
+ <secondary>FORTRAN</secondary>
+ </indexterm>
+ <listitem>
+ <para>A full complement of <emphasis>C</emphasis>,
+ <emphasis>C++</emphasis>, <emphasis>Fortran</emphasis>, and
+ <emphasis>Perl</emphasis> development tools.
+ Many additional languages for advanced research
+ and development are also available in the ports and packages
+ collection.</para>
+ </listitem>
+
+ <indexterm><primary>source code</primary></indexterm>
+ <listitem>
+ <para><emphasis>Source code</emphasis> for the entire system
+ means you have the greatest degree of control over your
+ environment. Why be locked into a proprietary solution
+ at the mercy of your vendor when you can have a truly open
+ system?</para>
+ </listitem>
+
+ <listitem>
+ <para>Extensive <emphasis>online
+ documentation</emphasis>.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>And many more!</emphasis></para>
+ </listitem>
+ </itemizedlist>
+
+ <indexterm><primary>4.4BSD-Lite</primary></indexterm>
+ <indexterm>
+ <primary>Computer Systems Research Group (CSRG)</primary>
+ </indexterm>
+ <indexterm><primary>U.C. Berkeley</primary></indexterm>
+ <para>FreeBSD is based on the 4.4BSD-Lite release from Computer
+ Systems Research Group (CSRG) at the University of California at
+ Berkeley, and carries on the distinguished tradition of BSD
+ systems development. In addition to the fine work provided by
+ CSRG, the FreeBSD Project has put in many thousands of hours in
+ fine tuning the system for maximum performance and reliability in
+ real-life load situations. As many of the commercial giants
+ struggle to field PC operating systems with such features,
+ performance and reliability, FreeBSD can offer them
+ <emphasis>now</emphasis>!</para>
+
+ <para>The applications to which FreeBSD can be put are truly
+ limited only by your own imagination. From software development
+ to factory automation, inventory control to azimuth correction of
+ remote satellite antennae; if it can be done with a commercial
+ &unix; product then it is more than likely that you can do it with
+ FreeBSD too! FreeBSD also benefits significantly from
+ literally thousands of high quality applications developed by
+ research centers and universities around the world, often
+ available at little to no cost. Commercial applications are also
+ available and appearing in greater numbers every day.</para>
+
+ <para>Because the source code for FreeBSD itself is generally
+ available, the system can also be customized to an almost unheard
+ of degree for special applications or projects, and in ways not
+ generally possible with operating systems from most major
+ commercial vendors. Here is just a sampling of some of the
+ applications in which people are currently using FreeBSD:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>Internet Services:</emphasis> The robust TCP/IP
+ networking built into FreeBSD makes it an ideal platform for a
+ variety of Internet services such as:</para>
+
+ <itemizedlist>
+ <indexterm><primary>FTP servers</primary></indexterm>
+ <listitem>
+ <para>FTP servers</para>
+ </listitem>
+
+ <indexterm><primary>web servers</primary></indexterm>
+ <listitem>
+ <para>World Wide Web servers (standard or secure
+ [SSL])</para>
+ </listitem>
+
+ <indexterm><primary>firewall</primary></indexterm>
+ <indexterm><primary>NAT</primary></indexterm>
+ <listitem>
+ <para>Firewalls and NAT (<quote>IP masquerading</quote>)
+ gateways</para>
+ </listitem>
+
+ <indexterm>
+ <primary>electronic mail</primary>
+ <see>email</see>
+ </indexterm>
+ <indexterm>
+ <primary>email</primary>
+ </indexterm>
+ <listitem>
+ <para>Electronic Mail servers</para>
+ </listitem>
+
+ <indexterm><primary>USENET</primary></indexterm>
+ <listitem>
+ <para>USENET News or Bulletin Board Systems</para>
+ </listitem>
+
+ <listitem>
+ <para>And more...</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>With FreeBSD, you can easily start out small with an
+ inexpensive 386 class PC and upgrade all the way up to a
+ quad-processor Xeon with RAID storage as your enterprise
+ grows.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>Education:</emphasis> Are you a student of
+ computer science or a related engineering field? There is no
+ better way of learning about operating systems, computer
+ architecture and networking than the hands on, under the hood
+ experience that FreeBSD can provide. A number of freely
+ available CAD, mathematical and graphic design packages also
+ make it highly useful to those whose primary interest in a
+ computer is to get <emphasis>other</emphasis> work
+ done!</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>Research:</emphasis> With source code for the
+ entire system available, FreeBSD is an excellent platform for
+ research in operating systems as well as other branches of
+ computer science. FreeBSD's freely available nature also makes
+ it possible for remote groups to collaborate on ideas or
+ shared development without having to worry about special
+ licensing agreements or limitations on what may be discussed
+ in open forums.</para>
+ </listitem>
+
+ <indexterm><primary>router</primary></indexterm>
+ <indexterm><primary>DNS Server</primary></indexterm>
+ <listitem>
+ <para><emphasis>Networking:</emphasis> Need a new router? A
+ name server (DNS)? A firewall to keep people out of your
+ internal network? FreeBSD can easily turn that unused 386 or
+ 486 PC sitting in the corner into an advanced router with
+ sophisticated packet-filtering capabilities.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>X Window System</primary>
+ <secondary>XFree86</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>X Window System</primary>
+ <secondary>Accelerated-X</secondary>
+ </indexterm>
+ <listitem>
+ <para><emphasis>X Window workstation:</emphasis> FreeBSD is a
+ fine choice for an inexpensive X terminal solution, either
+ using the freely available X11 server or one of the
+ excellent commercial servers provided by <ulink
+ url="http://www.xig.com">Xi Graphics</ulink>. Unlike an
+ X terminal, FreeBSD allows many applications to be run
+ locally if desired, thus relieving the burden on a central
+ server. FreeBSD can even boot <quote>diskless</quote>, making
+ individual workstations even cheaper and easier to
+ administer.</para>
+ </listitem>
+
+ <indexterm><primary>GNU Compiler Collection</primary></indexterm>
+ <listitem>
+ <para><emphasis>Software Development:</emphasis> The basic
+ FreeBSD system comes with a full complement of development
+ tools including the renowned GNU C/C++ compiler and
+ debugger.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>FreeBSD is available in both source and binary form on CDROM,
+ DVD,
+ and via anonymous FTP. Please see <xref linkend="mirrors">
+ for more information about obtaining FreeBSD.</para>
+ </sect2>
+
+ <sect2>
+ <title>Who Uses FreeBSD?</title>
+
+ <indexterm>
+ <primary>users</primary>
+ <secondary>large sites running FreeBSD</secondary>
+ </indexterm>
+
+ <para>FreeBSD is used to power some of the biggest sites on the
+ Internet, including:</para>
+
+ <itemizedlist>
+ <indexterm><primary>Yahoo!</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.yahoo.com/">Yahoo!</ulink></para>
+ </listitem>
+
+ <indexterm><primary>Apache</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.apache.org/">Apache</ulink></para>
+ </listitem>
+
+ <indexterm><primary>Blue Mountain Arts</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.bluemountain.com/">Blue Mountain
+ Arts</ulink></para>
+ </listitem>
+
+ <indexterm><primary>Pair Networks</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.pair.com/">Pair
+ Networks</ulink></para>
+ </listitem>
+
+ <indexterm><primary>Sony Japan</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.sony.co.jp/">Sony
+ Japan</ulink></para>
+ </listitem>
+
+ <indexterm><primary>Netcraft</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.netcraft.com/">Netcraft</ulink>
+ </para>
+ </listitem>
+
+ <indexterm><primary>Weathernews</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.wni.com/">Weathernews</ulink>
+ </para></listitem>
+
+ <indexterm><primary>Supervalu</primary></indexterm>
+ <listitem>
+ <para><ulink
+ url="http://www.supervalu.com/">Supervalu</ulink></para>
+ </listitem>
+
+ <indexterm><primary>TELEHOUSE America</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.telehouse.com/">TELEHOUSE
+ America</ulink></para>
+ </listitem>
+
+ <indexterm><primary>Sophos Anti-Virus</primary></indexterm>
+ <listitem>
+ <para><ulink url="http://www.sophos.com/">Sophos
+ Anti-Virus</ulink></para>
+ </listitem>
+
+ <indexterm><primary>JMA Wired</primary></indexterm>
+ <listitem>
+ <para><ulink
+ url="http://www.jmawired.com/">JMA Wired</ulink></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>and many more.</para>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="history">
+ <title>About the FreeBSD Project</title>
+
+ <para>The following section provides some background information on
+ the project, including a brief history, project goals, and the
+ development model of the project.</para>
+
+ <sect2 id="intro-history">
+ <sect2info role="firstperson">
+ <authorgroup>
+ <author>
+ <firstname>Jordan</firstname>
+ <surname>Hubbard</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>A Brief History of FreeBSD</title>
+
+ <indexterm><primary>386BSD Patchkit</primary></indexterm>
+ <indexterm><primary>Hubbard, Jordan</primary></indexterm>
+ <indexterm><primary>Williams, Nate</primary></indexterm>
+ <indexterm><primary>Grimes, Rod</primary></indexterm>
+ <indexterm>
+ <primary>FreeBSD Project</primary>
+ <secondary>history</secondary>
+ </indexterm>
+ <para>The FreeBSD project had its genesis in the early part of 1993,
+ partially as an outgrowth of the <quote>Unofficial 386BSD
+ Patchkit</quote> by the patchkit's last 3 coordinators: Nate
+ Williams, Rod Grimes and myself.</para>
+
+ <indexterm><primary>386BSD</primary></indexterm>
+ <para>Our original goal was to produce an intermediate snapshot of
+ 386BSD in order to fix a number of problems with it that the
+ patchkit mechanism just was not capable of solving. Some of you
+ may remember the early working title for the project being
+ <quote>386BSD 0.5</quote> or <quote>386BSD Interim</quote> in
+ reference to that fact.</para>
+
+ <indexterm><primary>Jolitz, Bill</primary></indexterm>
+ <para>386BSD was Bill Jolitz's operating system, which had been up
+ to that point suffering rather severely from almost a year's worth
+ of neglect. As the patchkit swelled ever more uncomfortably with
+ each passing day, we were in unanimous agreement that something
+ had to be done and decided to assist Bill by providing
+ this interim <quote>cleanup</quote> snapshot. Those plans came to
+ a rude halt when Bill Jolitz suddenly decided to withdraw his
+ sanction from the project without any clear indication of what
+ would be done instead.</para>
+
+ <indexterm><primary>Greenman, David</primary></indexterm>
+ <indexterm><primary>Walnut Creek CDROM</primary></indexterm>
+ <para>It did not take us long to decide that the goal remained
+ worthwhile, even without Bill's support, and so we adopted the
+ name <quote>FreeBSD</quote>, coined by David Greenman. Our initial
+ objectives were set after consulting with the system's current
+ users and, once it became clear that the project was on the road
+ to perhaps even becoming a reality, I contacted Walnut Creek CDROM
+ with an eye toward improving FreeBSD's distribution channels for
+ those many unfortunates without easy access to the Internet.
+ Walnut Creek CDROM not only supported the idea of distributing
+ FreeBSD on CD but also went so far as to provide the project with a
+ machine to work on and a fast Internet connection. Without Walnut
+ Creek CDROM's almost unprecedented degree of faith in what was, at
+ the time, a completely unknown project, it is quite unlikely that
+ FreeBSD would have gotten as far, as fast, as it has today.</para>
+
+ <indexterm><primary>4.3BSD-Lite</primary></indexterm>
+ <indexterm><primary>Net/2</primary></indexterm>
+ <indexterm><primary>U.C. Berkeley</primary></indexterm>
+ <indexterm><primary>386BSD</primary></indexterm>
+ <indexterm><primary>Free Software Foundation</primary></indexterm>
+ <para>The first CDROM (and general net-wide) distribution was
+ FreeBSD&nbsp;1.0, released in December of 1993. This was based on the
+ 4.3BSD-Lite (<quote>Net/2</quote>) tape from U.C. Berkeley, with
+ many components also provided by 386BSD and the Free Software
+ Foundation. It was a fairly reasonable success for a first
+ offering, and we followed it with the highly successful FreeBSD
+ 1.1 release in May of 1994.</para>
+
+ <indexterm><primary>Novell</primary></indexterm>
+ <indexterm><primary>U.C. Berkeley</primary></indexterm>
+ <indexterm><primary>Net/2</primary></indexterm>
+ <indexterm><primary>AT&amp;T</primary></indexterm>
+ <para>Around this time, some rather unexpected storm clouds formed
+ on the horizon as Novell and U.C. Berkeley settled their
+ long-running lawsuit over the legal status of the Berkeley Net/2
+ tape. A condition of that settlement was U.C. Berkeley's
+ concession that large parts of Net/2 were <quote>encumbered</quote>
+ code and the property of Novell, who had in turn acquired it from
+ AT&amp;T some time previously. What Berkeley got in return was
+ Novell's <quote>blessing</quote> that the 4.4BSD-Lite release, when
+ it was finally released, would be declared unencumbered and all
+ existing Net/2 users would be strongly encouraged to switch. This
+ included FreeBSD, and the project was given until the end of July
+ 1994 to stop shipping its own Net/2 based product. Under the
+ terms of that agreement, the project was allowed one last release
+ before the deadline, that release being FreeBSD&nbsp;1.1.5.1.</para>
+
+ <para>FreeBSD then set about the arduous task of literally
+ re-inventing itself from a completely new and rather incomplete
+ set of 4.4BSD-Lite bits. The <quote>Lite</quote> releases were
+ light in part because Berkeley's CSRG had removed large chunks of
+ code required for actually constructing a bootable running system
+ (due to various legal requirements) and the fact that the Intel
+ port of 4.4 was highly incomplete. It took the project until
+ November of 1994 to make this transition, at which point it
+ released FreeBSD&nbsp;2.0 to the net and on CDROM (in late December).
+ Despite being still more than a little rough around the edges,
+ the release was a significant success and was followed by the
+ more robust and easier to install FreeBSD&nbsp;2.0.5 release in June of
+ 1995.</para>
+
+ <para>We released FreeBSD&nbsp;2.1.5 in August of 1996, and it appeared
+ to be popular enough among the ISP and commercial communities that
+ another release along the 2.1-STABLE branch was merited. This was
+ FreeBSD&nbsp;2.1.7.1, released in February 1997 and capping the end of
+ mainstream development on 2.1-STABLE. Now in maintenance mode,
+ only security enhancements and other critical bug fixes will be
+ done on this branch (RELENG_2_1_0).</para>
+
+ <para>FreeBSD&nbsp;2.2 was branched from the development mainline
+ (<quote>-CURRENT</quote>) in November 1996 as the RELENG_2_2
+ branch, and the first full release (2.2.1) was released in April
+ 1997. Further releases along the 2.2 branch were done in the
+ summer and fall of '97, the last of which (2.2.8) appeared in
+ November 1998. The first official 3.0 release appeared in
+ October 1998 and spelled the beginning of the end for the 2.2
+ branch.</para>
+
+ <para>The tree branched again on Jan 20, 1999, leading to the
+ 4.0-CURRENT and 3.X-STABLE branches. From 3.X-STABLE, 3.1 was
+ released on February 15, 1999, 3.2 on May 15, 1999, 3.3 on
+ September 16, 1999, 3.4 on December 20, 1999, and 3.5 on
+ June 24, 2000, which was followed a few days later by a minor
+ point release update to 3.5.1, to incorporate some last-minute
+ security fixes to Kerberos. This will be the final release in the
+ 3.X branch.</para>
+
+ <para>There was another branch on March 13, 2000, which saw the
+ emergence of the 4.X-STABLE branch. There have been several releases
+ from it so far: 4.0-RELEASE was introduced in March 2000, and
+ the last &rel2.current;-RELEASE came out in
+ &rel2.current.date;.</para>
+
+ <para>The long-awaited 5.0-RELEASE was announced on January 19,
+ 2003. The culmination of nearly three years of work, this
+ release started FreeBSD on the path of advanced multiprocessor
+ and application thread support and introduced support for the
+ &ultrasparc; and <literal>ia64</literal> platforms. This release
+ was followed by 5.1 in June of 2003. The last 5.X release from
+ -CURRENT branch was 5.2.1-RELEASE, introduced in February 2004.</para>
+
+ <para>RELENG_5 branch created in August 2004, followed by 5.3-RELEASE,
+ that marks beginning of the 5-STABLE branch releases. The most
+ recent &rel.current;-RELEASE came out in &rel.current.date;.
+ There will be additional releases from the RELENG_5 branch.</para>
+
+ <para>For now, long-term development projects continue to take place in the
+ 6.X-CURRENT (trunk) branch, and SNAPshot releases of 6.X on
+ CDROM (and, of course, on the net) are continually made available
+ from <ulink url="ftp://current.FreeBSD.org/pub/FreeBSD/snapshots/">
+ the snapshot server</ulink> as work progresses.</para>
+ </sect2>
+
+ <sect2 id="goals">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Jordan</firstname>
+ <surname>Hubbard</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>FreeBSD Project Goals</title>
+
+ <indexterm>
+ <primary>FreeBSD Project</primary>
+ <secondary>goals</secondary>
+ </indexterm>
+ <para>The goals of the FreeBSD Project are to provide software that
+ may be used for any purpose and without strings attached. Many of
+ us have a significant investment in the code (and project) and
+ would certainly not mind a little financial compensation now and
+ then, but we are definitely not prepared to insist on it. We
+ believe that our first and foremost <quote>mission</quote> is to
+ provide code to any and all comers, and for whatever purpose, so
+ that the code gets the widest possible use and provides the widest
+ possible benefit. This is, I believe, one of the most fundamental
+ goals of Free Software and one that we enthusiastically
+ support.</para>
+
+ <indexterm>
+ <primary>GNU General Public License (GPL)</primary>
+ </indexterm>
+ <indexterm>
+ <primary>GNU Lesser General Public License (LGPL)</primary>
+ </indexterm>
+ <indexterm><primary>BSD Copyright</primary></indexterm>
+ <para>That code in our source tree which falls under the GNU
+ General Public License (GPL) or Library General Public License
+ (LGPL) comes with slightly more strings attached, though at
+ least on the side of enforced access rather than the usual
+ opposite. Due to the additional complexities that can evolve
+ in the commercial use of GPL software we do, however, prefer
+ software submitted under the more relaxed BSD copyright when
+ it is a reasonable option to do so.</para>
+ </sect2>
+
+ <sect2 id="development">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Satoshi</firstname>
+ <surname>Asami</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>The FreeBSD Development Model</title>
+
+ <indexterm>
+ <primary>FreeBSD Project</primary>
+ <secondary>development model</secondary>
+ </indexterm>
+ <para>The development of FreeBSD is a very open and flexible
+ process, being literally built from the contributions
+ of hundreds of people around the world, as can be seen from
+ our <ulink
+ url="&url.articles.contributors;/article.html">list of
+ contributors</ulink>. FreeBSD's development infrastructure allow
+ these hundreds of developers to collaborate over the Internet.
+ We are constantly on the lookout for
+ new developers and ideas, and those interested in becoming
+ more closely involved with the project need simply contact us
+ at the &a.hackers;. The &a.announce; is also available to
+ those wishing to make other FreeBSD users aware of major areas
+ of work.</para>
+
+ <para>Useful things to know about the FreeBSD project and its
+ development process, whether working independently or in close
+ cooperation:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>The CVS repository<anchor
+ id="development-cvs-repository"></term>
+
+ <indexterm>
+ <primary>CVS</primary>
+ <secondary>repository</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Concurrent Versions System</primary>
+ <see>CVS</see>
+ </indexterm>
+ <listitem>
+ <para>The central source tree for FreeBSD is maintained by
+ <ulink url="http://www.cvshome.org/">CVS</ulink>
+ (Concurrent Versions System), a freely available source code
+ control tool that comes bundled with FreeBSD. The primary
+ <ulink url="http://www.FreeBSD.org/cgi/cvsweb.cgi">CVS
+ repository</ulink> resides on a machine in Santa Clara CA, USA
+ from where it is replicated to numerous mirror machines
+ throughout the world. The CVS tree, which contains the <link
+ linkend="current">-CURRENT</link> and <link
+ linkend="stable">-STABLE</link> trees,
+ can all be easily replicated to your own machine as well.
+ Please refer to the <link linkend="synching">Synchronizing
+ your source tree</link> section for more information on
+ doing this.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>The committers list<anchor
+ id="development-committers"></term>
+
+ <indexterm><primary>committers</primary></indexterm>
+ <listitem>
+ <para>The <firstterm>committers</firstterm>
+ are the people who have <emphasis>write</emphasis> access to
+ the CVS tree, and are authorized to make modifications
+ to the FreeBSD source (the term <quote>committer</quote>
+ comes from the &man.cvs.1; <command>commit</command>
+ command, which is used to bring new changes into the CVS
+ repository). The best way of making submissions for review
+ by the committers list is to use the &man.send-pr.1;
+ command. If something appears to be jammed in the
+ system, then you may also reach them by sending mail to
+ the &a.committers;.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>The FreeBSD core team<anchor id="development-core"></term>
+
+ <indexterm><primary>core team</primary></indexterm>
+ <listitem>
+ <para>The <firstterm>FreeBSD core team</firstterm>
+ would be equivalent to the board of directors if the FreeBSD
+ Project were a company. The primary task of the core team
+ is to make sure the project, as a whole, is in good shape
+ and is heading in the right directions. Inviting dedicated
+ and responsible developers to join our group of committers
+ is one of the functions of the core team, as is the
+ recruitment of new core team members as others move on.
+ The current core team was elected from a pool of committer
+ candidates in July 2004. Elections are held every 2 years.
+ </para>
+
+ <para>Some core team members also have specific areas of
+ responsibility, meaning that they are committed to
+ ensuring that some large portion of the system works as
+ advertised. For a complete list of FreeBSD developers
+ and their areas of responsibility, please see the <ulink
+ url="&url.articles.contributors;/article.html">Contributors
+ List</ulink></para>
+
+ <note>
+ <para>Most members of the core team are volunteers when it
+ comes to FreeBSD development and do not benefit from the
+ project financially, so <quote>commitment</quote> should
+ also not be misconstrued as meaning <quote>guaranteed
+ support.</quote> The <quote>board of directors</quote>
+ analogy above is not very accurate, and it may be
+ more suitable to say that these are the people who gave up
+ their lives in favor of FreeBSD against their better
+ judgment!</para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Outside contributors</term>
+
+ <indexterm><primary>contributors</primary></indexterm>
+ <listitem>
+ <para>Last, but definitely not least, the largest group of
+ developers are the users themselves who provide feedback and
+ bug fixes to us on an almost constant basis. The primary
+ way of keeping in touch with FreeBSD's more non-centralized
+ development is to subscribe to the &a.hackers; where such
+ things are discussed. See <xref
+ linkend="eresources"> for more information about
+ the various FreeBSD mailing lists.</para>
+
+ <para><citetitle><ulink
+ url="&url.articles.contributors;/article.html">The
+ FreeBSD Contributors List</ulink></citetitle> is a long
+ and growing one, so why not join it by contributing
+ something back to FreeBSD today?</para>
+
+ <para>Providing code is not the only way of contributing to
+ the project; for a more complete list of things that need
+ doing, please refer to the <ulink
+ url="&url.base;/index.html">FreeBSD Project web
+ site</ulink>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>In summary, our development model is organized as a loose set
+ of concentric circles. The centralized model is designed for the
+ convenience of the <emphasis>users</emphasis> of FreeBSD, who are
+ provided with an easy way of tracking one central code
+ base, not to keep potential contributors out! Our desire is to
+ present a stable operating system with a large set of coherent
+ <link linkend="ports">application programs</link> that the users
+ can easily install and use &mdash; this model works very well in
+ accomplishing that.</para>
+
+ <para>All we ask of those who would join us as FreeBSD developers is
+ some of the same dedication its current people have to its
+ continued success!</para>
+ </sect2>
+
+ <sect2 id="relnotes">
+ <title>The Current FreeBSD Release</title>
+
+ <indexterm><primary>NetBSD</primary></indexterm>
+ <indexterm><primary>OpenBSD</primary></indexterm>
+ <indexterm><primary>386BSD</primary></indexterm>
+ <indexterm><primary>Free Software Foundation</primary></indexterm>
+ <indexterm><primary>U.C. Berkeley</primary></indexterm>
+ <indexterm>
+ <primary>Computer Systems Research Group (CSRG)</primary>
+ </indexterm>
+ <para>FreeBSD is a freely available, full source 4.4BSD-Lite based
+ release for Intel &i386;, &i486;, &pentium;,
+ &pentium;&nbsp;Pro,
+ &celeron;,
+ &pentium;&nbsp;II,
+ &pentium;&nbsp;III,
+ &pentium;&nbsp;4 (or compatible),
+ &xeon;, DEC <trademark>Alpha</trademark>
+ and Sun &ultrasparc; based computer
+ systems. It is based primarily on software from U.C. Berkeley's
+ CSRG group, with some enhancements from NetBSD, OpenBSD, 386BSD, and
+ the Free Software Foundation.</para>
+
+ <para>Since our release of FreeBSD&nbsp;2.0 in late 94, the performance,
+ feature set, and stability of FreeBSD has improved dramatically.
+ <!-- XXX is the rest of this paragraph still true ? -->
+ The largest change is a revamped virtual memory system with a merged
+ VM/file buffer cache that not only increases performance, but also
+ reduces FreeBSD's memory footprint, making a 5&nbsp;MB configuration a
+ more acceptable minimum. Other enhancements include full NIS client
+ and server support, transaction TCP support, dial-on-demand PPP,
+ integrated DHCP support, an improved SCSI subsystem, ISDN support,
+ support for ATM, FDDI, Fast and Gigabit Ethernet (1000&nbsp;Mbit)
+ adapters, improved support for the latest Adaptec controllers, and
+ many thousands of bug fixes.</para>
+
+ <para>In addition to the base distributions, FreeBSD offers a
+ ported software collection with thousands of commonly
+ sought-after programs. At the time of this printing, there
+ were over &os.numports; ports! The list of ports ranges from
+ http (WWW) servers, to games, languages, editors, and almost
+ everything in between. The entire Ports Collection requires
+ approximately &ports.size; of storage, all ports being expressed as
+ <quote>deltas</quote> to their original sources. This makes
+ it much easier for us to update ports, and greatly reduces the
+ disk space demands made by the older 1.0 Ports Collection. To
+ compile a port, you simply change to the directory of the
+ program you wish to install, type <command>make
+ install</command>, and let the system do the rest. The full
+ original distribution for each port you build is retrieved
+ dynamically off the CDROM or a local FTP site, so you need
+ only enough disk space to build the ports you want. Almost
+ every port is also provided as a pre-compiled
+ <quote>package</quote>, which can be installed with a simple
+ command (<command>pkg_add</command>) by those who do not wish
+ to compile their own ports from source. More information on
+ packages and ports can be found in <xref linkend="ports">.</para>
+
+ <para>A number of additional documents which you may find very helpful
+ in the process of installing and using FreeBSD may now also be found
+ in the <filename>/usr/share/doc</filename> directory on any recent
+ FreeBSD machine. You may view the locally installed
+ manuals with any HTML capable browser using the following
+ URLs:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>The FreeBSD Handbook</term>
+
+ <listitem>
+ <para><ulink type="html"
+ url="file://localhost/usr/share/doc/handbook/index.html"><filename>/usr/share/doc/handbook/index.html</filename></ulink></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>The FreeBSD FAQ</term>
+
+ <listitem>
+ <para><ulink type="html"
+ url="file://localhost/usr/share/doc/faq/index.html"><filename>/usr/share/doc/faq/index.html</filename></ulink></para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>You can also view the master (and most frequently updated)
+ copies at <ulink
+ url="http://www.FreeBSD.org/"></ulink>.</para>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/kernelconfig/Makefile b/zh_TW.Big5/books/handbook/kernelconfig/Makefile
new file mode 100644
index 0000000000..95839d340a
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/kernelconfig/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= kernelconfig/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/kernelconfig/chapter.sgml b/zh_TW.Big5/books/handbook/kernelconfig/chapter.sgml
new file mode 100644
index 0000000000..e2cd57ab35
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/kernelconfig/chapter.sgml
@@ -0,0 +1,1693 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="kernelconfig">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Updated and restructured by </contrib>
+ <!-- Mar 2000 -->
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Jake</firstname>
+ <surname>Hamby</surname>
+ <contrib>Originally contributed by </contrib>
+ <!-- 6 Oct 1995 -->
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Configuring the FreeBSD Kernel</title>
+
+ <sect1 id="kernelconfig-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>building a custom kernel</secondary>
+ </indexterm>
+
+ <para>The kernel is the core of the &os; operating system. It is
+ responsible for managing memory, enforcing security controls,
+ networking, disk access, and much more. While more and more of &os;
+ becomes dynamically configurable it is still occasionally necessary to
+ reconfigure and recompile your kernel.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Why you might need to build a custom kernel.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to write a kernel configuration file, or alter an existing
+ configuration file.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use the kernel configuration file to create and build a
+ new kernel.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install the new kernel.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to create any entries in <filename>/dev</filename> that may
+ be required.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to troubleshoot if things go wrong.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>All of the commands listed within this chapter by way of example
+ should be executed as <username>root</username> in order to
+ succeed.</para>
+ </sect1>
+
+ <sect1 id="kernelconfig-custom-kernel">
+ <title>Why Build a Custom Kernel?</title>
+
+ <para>Traditionally, &os; has had what is called a
+ <quote>monolithic</quote> kernel. This means that the kernel was one
+ large program, supported a fixed list of devices, and if you wanted to
+ change the kernel's behavior then you had to compile a new kernel, and
+ then reboot your computer with the new kernel.</para>
+
+ <para>Today, &os; is rapidly moving to a model where much of the
+ kernel's functionality is contained in modules which can be
+ dynamically loaded and unloaded from the kernel as necessary.
+ This allows the kernel to adapt to new hardware suddenly
+ becoming available (such as PCMCIA cards in a laptop), or for
+ new functionality to be brought into the kernel that was not
+ necessary when the kernel was originally compiled. This is
+ known as a modular kernel.</para>
+
+ <para>Despite this, it is still necessary to carry out some static kernel
+ configuration. In some cases this is because the functionality is so
+ tied to the kernel that it can not be made dynamically loadable. In
+ others it may simply be because no one has yet taken the time to write a
+ dynamic loadable kernel module for that functionality.</para>
+
+ <para>Building a custom kernel is one of the most important rites of
+ passage nearly every BSD user must endure. This process, while
+ time consuming, will provide many benefits to your &os; system.
+ Unlike the <filename>GENERIC</filename> kernel, which must support a
+ wide range of hardware, a custom kernel only contains support for
+ <emphasis>your</emphasis> PC's hardware. This has a number of
+ benefits, such as:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Faster boot time. Since the kernel will only probe the
+ hardware you have on your system, the time it takes your system to
+ boot can decrease dramatically.</para>
+ </listitem>
+
+ <listitem>
+ <para>Lower memory usage. A custom kernel often uses less memory
+ than the <filename>GENERIC</filename> kernel, which is important
+ because the kernel must always be present in real
+ memory. For this reason, a custom kernel is especially useful
+ on a system with a small amount of RAM.</para>
+ </listitem>
+
+ <listitem>
+ <para>Additional hardware support. A custom kernel allows you to
+ add in support for devices which are not
+ present in the <filename>GENERIC</filename> kernel, such as
+ sound cards.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="kernelconfig-building">
+ <title>Building and Installing a Custom Kernel</title>
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>building / installing</secondary>
+ </indexterm>
+
+ <para>First, let us take a quick tour of the kernel build directory.
+ All directories mentioned will be relative to the main
+ <filename>/usr/src/sys</filename> directory, which is also
+ accessible through the path name <filename>/sys</filename>. There are a number of
+ subdirectories here representing different parts of the kernel, but
+ the most important for our purposes are
+ <filename><replaceable>arch</replaceable>/conf</filename>, where you
+ will edit your custom kernel configuration, and
+ <filename>compile</filename>, which is the staging area where your
+ kernel will be built. <replaceable>arch</replaceable> represents
+ one of <filename>i386</filename>, <filename>alpha</filename>,
+ <filename>amd64</filename>, <filename>ia64</filename>,
+ <filename>powerpc</filename>, <filename>sparc64</filename>, or
+ <filename>pc98</filename> (an alternative development branch of PC
+ hardware, popular in Japan). Everything inside a particular
+ architecture's directory deals with that architecture only; the rest
+ of the code is machine independent code common to all platforms to which &os; could
+ potentially be ported. Notice the logical organization of the
+ directory structure, with each supported device, file system, and
+ option in its own subdirectory. Versions of &os; prior to 5.X
+ support only the <filename>i386</filename>, <filename>alpha</filename>
+ and <filename>pc98</filename> architectures.</para>
+
+ <para>This chapter assumes that you are using the i386 architecture
+ in the examples. If this is not the case for your situation,
+ make appropriate adjustments to the path names for your system's
+ architecture.</para>
+
+ <note>
+ <para>If there is <emphasis>not</emphasis> a
+ <filename>/usr/src/sys</filename> directory on your system,
+ then the kernel source has not been installed. The easiest
+ way to do this is by running
+ <command>sysinstall</command> (<command>/stand/sysinstall</command>
+ in &os; versions older than 5.2) as
+ <username>root</username>, choosing
+ <guimenuitem>Configure</guimenuitem>, then
+ <guimenuitem>Distributions</guimenuitem>, then
+ <guimenuitem>src</guimenuitem>, then
+ <guimenuitem>sys</guimenuitem>. If you have an aversion to
+ <application>sysinstall</application> and you have access to
+ an <quote>official</quote> &os; CDROM, then you can also
+ install the source from the command line:</para>
+
+ <screen>&prompt.root; <userinput>mount /cdrom</userinput>
+&prompt.root; <userinput>mkdir -p /usr/src/sys</userinput>
+&prompt.root; <userinput>ln -s /usr/src/sys /sys</userinput>
+&prompt.root; <userinput>cat /cdrom/src/ssys.[a-d]* | tar -xzvf -</userinput></screen>
+ </note>
+
+ <para>Next, move to the
+ <filename><replaceable>arch</replaceable>/conf</filename> directory
+ and copy the <filename>GENERIC</filename> configuration file to the
+ name you want to give your kernel. For example:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/sys/<replaceable>i386</replaceable>/conf</userinput>
+&prompt.root; <userinput>cp GENERIC MYKERNEL</userinput></screen>
+
+ <para>Traditionally, this name is in all capital letters and, if you
+ are maintaining multiple &os; machines with different hardware,
+ it is a good idea to name it after your machine's hostname. We will
+ call it <filename>MYKERNEL</filename> for the purpose of this
+ example.</para>
+
+ <tip>
+ <para>Storing your kernel configuration file directly under
+ <filename>/usr/src</filename> can be a bad idea. If you are
+ experiencing problems it can be tempting to just delete
+ <filename>/usr/src</filename> and start again. After doing this,
+ it usually only takes a few seconds for
+ you to realize that you have deleted your custom kernel
+ configuration file. Also, do not edit <filename>GENERIC</filename>
+ directly, as it may get overwritten the next time you
+ <link linkend="cutting-edge">update your source tree</link>, and
+ your kernel modifications will be lost.</para>
+
+ <para>You might want to keep your kernel configuration file
+ elsewhere, and then create a symbolic link to the file in
+ the <filename><replaceable>i386</replaceable></filename>
+ directory.</para>
+
+ <para>For example:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/sys/<replaceable>i386</replaceable>/conf</userinput>
+&prompt.root; <userinput>mkdir /root/kernels</userinput>
+&prompt.root; <userinput>cp GENERIC /root/kernels/<replaceable>MYKERNEL</replaceable></userinput>
+&prompt.root; <userinput>ln -s /root/kernels/<replaceable>MYKERNEL</replaceable></userinput></screen>
+ </tip>
+
+ <para>Now, edit <filename>MYKERNEL</filename> with your favorite text
+ editor. If you are just starting out, the only editor available
+ will probably be <application>vi</application>, which is too complex to
+ explain here, but is covered well in many books in the <link
+ linkend="bibliography">bibliography</link>. However, &os; does
+ offer an easier editor called <application>ee</application> which, if
+ you are a beginner, should be your editor of choice. Feel free to
+ change the comment lines at the top to reflect your configuration or
+ the changes you have made to differentiate it from
+ <filename>GENERIC</filename>.</para>
+ <indexterm><primary>SunOS</primary></indexterm>
+
+ <para>If you have built a kernel under &sunos; or some other BSD
+ operating system, much of this file will be very familiar to you.
+ If you are coming from some other operating system such as DOS, on
+ the other hand, the <filename>GENERIC</filename> configuration file
+ might seem overwhelming to you, so follow the descriptions in the
+ <link linkend="kernelconfig-config">Configuration File</link>
+ section slowly and carefully.</para>
+
+ <note>
+ <para>If you <link
+ linkend="cutting-edge">sync your source tree</link> with the
+ latest sources of the &os; project,
+ be sure to always check the file
+ <filename>/usr/src/UPDATING</filename> before you perform any update
+ steps. This file describes any important issues or areas
+ requiring special attention within the updated source code.
+ <filename>/usr/src/UPDATING</filename> always matches
+ your version of the &os; source, and is therefore more up to date
+ with new information than this handbook.</para>
+ </note>
+
+ <para>You must now compile the source code for the kernel. There are two
+ procedures you can use to do this, and the one you will use depends on
+ why you are rebuilding the kernel and the version of &os; that you are
+ running.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>If you have installed <emphasis>only</emphasis> the kernel
+ source code, use procedure 1.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you are running a &os; version prior to 4.0, and you are
+ <emphasis>not</emphasis> upgrading to &os;&nbsp;4.0 or higher using
+ the <command>make buildworld</command> procedure, use procedure 1.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>If you are building a new kernel without updating the source
+ code (perhaps just to add a new option, such as
+ <literal>IPFIREWALL</literal>) you can use either procedure.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you are rebuilding the kernel as part of a
+ <command>make buildworld</command> process, use procedure 2.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <indexterm>
+ <primary><command>cvsup</command></primary>
+ </indexterm>
+ <indexterm><primary>CTM</primary></indexterm>
+ <indexterm>
+ <primary>CVS</primary>
+ <secondary>anonymous</secondary>
+ </indexterm>
+
+ <para>If you have <emphasis>not</emphasis> upgraded your source
+ tree in any way since the last time you successfully completed
+ a <maketarget>buildworld</maketarget>-<maketarget>installworld</maketarget> cycle
+ (you have not run <application>CVSup</application>,
+ <application>CTM</application>, or used
+ <application>anoncvs</application>), then it is safe to use the
+ <command>config</command>, <command>make depend</command>,
+ <command>make</command>, <command>make install</command> sequence.
+ </para>
+
+ <procedure>
+ <title>Procedure 1. Building a Kernel the <quote>Traditional</quote> Way</title>
+
+ <step>
+ <para>Run &man.config.8; to generate the kernel source code.</para>
+
+ <screen>&prompt.root; <userinput>/usr/sbin/config <replaceable>MYKERNEL</replaceable></userinput></screen>
+ </step>
+
+ <step>
+ <para>Change into the build directory. &man.config.8; will print
+ the name of this directory after being run as above.</para>
+
+ <screen>&prompt.root; <userinput>cd ../compile/<replaceable>MYKERNEL</replaceable></userinput></screen>
+
+ <para>For &os; versions prior to 5.0, use the following form instead:</para>
+
+ <screen>&prompt.root; <userinput>cd ../../compile/<replaceable>MYKERNEL</replaceable></userinput></screen>
+ </step>
+
+ <step>
+ <para>Compile the kernel.</para>
+
+ <screen>&prompt.root; <userinput>make depend</userinput>
+&prompt.root; <userinput>make</userinput></screen>
+ </step>
+
+ <step>
+ <para>Install the new kernel.</para>
+
+ <screen>&prompt.root; <userinput>make install</userinput></screen>
+ </step>
+ </procedure>
+
+ <procedure>
+ <title>Procedure 2. Building a Kernel the <quote>New</quote>
+ Way</title>
+
+ <step>
+ <para>Change to the <filename>/usr/src</filename> directory.</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src</userinput></screen>
+ </step>
+
+ <step>
+ <para>Compile the kernel.</para>
+
+ <screen>&prompt.root; <userinput>make buildkernel KERNCONF=<replaceable>MYKERNEL</replaceable></userinput></screen>
+ </step>
+
+ <step>
+ <para>Install the new kernel.</para>
+
+ <screen>&prompt.root; <userinput>make installkernel KERNCONF=<replaceable>MYKERNEL</replaceable></userinput></screen>
+ </step>
+ </procedure>
+
+ <note>
+ <para>This method of kernel building requires full source files. If you
+ only installed the kernel source, use the traditional method, as
+ described above.</para>
+ </note>
+
+ <tip>
+ <para>By default, when you build a custom kernel,
+ <emphasis>all</emphasis> kernel modules also will be rebuilded.
+ If you want to update a kernel faster or to build only custom
+ modules, you should edit <filename>/etc/make.conf</filename>
+ before starting to build the kernel:</para>
+
+ <programlisting>MODULES_OVERRIDE = linux acpi sound/sound sound/driver/ds1 ntfs</programlisting>
+
+ <para>This variable sets up a list of modules to build instead
+ of all of them. For other variables which you may find useful
+ in the process of building kernel, refer to &man.make.conf.5;
+ manual page.</para>
+ </tip>
+
+ <note>
+ <para>In &os;&nbsp;4.2 and older you must replace
+ <literal>KERNCONF=</literal> with <literal>KERNEL=</literal>.
+ 4.2-STABLE that was fetched before Feb 2nd, 2001 does not
+ recognize <literal>KERNCONF=</literal>.</para>
+ </note>
+
+ <indexterm>
+ <primary><filename class="directory">/boot/kernel.old</filename></primary>
+ </indexterm>
+
+ <para>The new kernel will be copied to the <filename
+ class="directory">/boot/kernel</filename> directory as
+ <filename>/boot/kernel/kernel</filename> and the old kernel will be moved to
+ <filename>/boot/kernel.old/kernel</filename>. Now, shutdown the system and
+ reboot to use your new kernel. If something goes wrong, there are
+ some <link linkend="kernelconfig-trouble">troubleshooting</link>
+ instructions at the end of this chapter that you may find useful. Be sure to read the
+ section which explains how to recover in case your new kernel <link
+ linkend="kernelconfig-noboot">does not boot</link>.</para>
+
+ <note>
+ <para>In &os; 4.X and earlier, kernels are installed
+ in <filename>/kernel</filename>, modules in <filename
+ class="directory">/modules</filename>, and old kernels
+ are backed up in <filename>/kernel.old</filename>.
+ Other files relating to the boot process, such as the boot
+ &man.loader.8; and configuration are stored in
+ <filename>/boot</filename>. Third party or custom modules
+ can be placed in <filename class="directory">/modules</filename>, although
+ users should be aware that keeping modules in sync with the
+ compiled kernel is very important. Modules not intended
+ to run with the compiled kernel may result in instability
+ or incorrectness.</para>
+ </note>
+
+ <note>
+ <para>If you have added any new devices (such as sound cards)
+ and you are running &os;&nbsp;4.X or previous versions, you
+ may have to add some device nodes to your
+ <filename class="directory">/dev</filename> directory before
+ you can use them. For more information, take a look at <link
+ linkend="kernelconfig-nodes">Making Device Nodes</link>
+ section later on in this chapter.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="kernelconfig-config">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Joel</firstname>
+ <surname>Dahl</surname>
+ <contrib>Updated for &os; 5.X by </contrib>
+ <!-- August 2004, PR docs/70674 -->
+ </author>
+ <!-- <editor><othername role="freefall login">ceri</othername></editor> -->
+ </authorgroup>
+ </sect1info>
+ <title>The Configuration File</title>
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>NOTES</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>LINT</secondary>
+ </indexterm>
+ <indexterm><primary>NOTES</primary></indexterm>
+ <indexterm><primary>LINT</primary></indexterm>
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>configuration file</secondary>
+ </indexterm>
+
+ <para>The general format of a configuration file is quite simple.
+ Each line contains a keyword and one or more arguments. For
+ simplicity, most lines only contain one argument. Anything
+ following a <literal>#</literal> is considered a comment and
+ ignored. The following sections describe each keyword, in
+ the order they are listed in <filename>GENERIC</filename>.
+ <anchor
+ id="kernelconfig-options"> For an exhaustive list of architecture
+ dependent options and devices, see the <filename>NOTES</filename>
+ file in the same directory as <filename>GENERIC</filename>. For
+ architecture independent options, see
+ <filename>/usr/src/sys/conf/NOTES</filename>.</para>
+
+ <note>
+ <para><filename>NOTES</filename> does not exist in &os;&nbsp;4.X.
+ Instead, see the <filename>LINT</filename> file for detailed
+ explanations of options and devices in <filename>GENERIC</filename>.
+ <filename>LINT</filename> served two purposes in 4.X: to provide a
+ reference for choosing kernel options when building a custom
+ kernel, and to provide a kernel configuration with as many
+ tweakable options tweaked to non-default values as possible. The
+ reason behind this was that such a configuration helped (and still
+ does) a lot when testing new code and changes to existing code that
+ may cause conflicts with other parts of the kernel. However,
+ the kernel configuration framework went through some heavy changes
+ in 5.X; one example of this is that the driver configuration options were moved
+ to a <literal>hints</literal> file so that they could be changed
+ and loaded dynamically at boot time, and <filename>LINT</filename>
+ could not contain those hints anymore. For this and other
+ reasons, the <filename>LINT</filename> file was renamed to
+ <filename>NOTES</filename> and retained mostly the first reason for
+ its existence: documenting the available options for user
+ convenience.</para>
+
+ <para>In &os; 5.X and later versions you can still generate a buildable
+ <filename>LINT</filename> file by typing:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/sys/<replaceable>i386</replaceable>/conf && make LINT</userinput></screen>
+ </note>
+
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>configuration file</secondary>
+ </indexterm>
+
+ <para>The following is an example of the <filename>GENERIC</filename> kernel
+ configuration file with various additional comments where needed for
+ clarity. This example should match your copy in
+ <filename>/usr/src/sys/<replaceable>i386</replaceable>/conf/GENERIC</filename>
+ fairly closely.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>machine</secondary>
+ </indexterm>
+
+ <programlisting>machine i386</programlisting>
+
+ <para>This is the machine architecture. It must be either
+ <literal>alpha</literal>, <literal>amd64</literal>,
+ <literal>i386</literal>, <literal>ia64</literal>,
+ <literal>pc98</literal>, <literal>powerpc</literal>, or
+ <literal>sparc64</literal>.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>cpu</secondary>
+ </indexterm>
+ <programlisting>cpu I486_CPU
+cpu I586_CPU
+cpu I686_CPU</programlisting>
+
+ <para>The above option specifies the type of CPU you have in your
+ system. You may have multiple instances of the CPU line (if, for
+ example, you are not sure whether you should use
+ <literal>I586_CPU</literal> or <literal>I686_CPU</literal>),
+ but for a custom kernel it is best to specify only the CPU
+ you have. If you are unsure of your CPU type, you can check the
+ <filename>/var/run/dmesg.boot</filename> file to view your boot
+ messages.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>cpu type</secondary>
+ </indexterm>
+ <para>Support for <literal>I386_CPU</literal> is still provided in the
+ source of &os;, but it is disabled by default in both -STABLE and
+ -CURRENT. This means that to install &os; with a 386-class cpu, you now
+ have the following options:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Install an older &os; release and rebuild from source as
+ described in <xref linkend="kernelconfig-building">.</para>
+ </listitem>
+
+ <listitem>
+ <para>Build the userland and kernel on a newer machine and install on
+ the 386 using the precompiled <filename>/usr/obj</filename>
+ files (see <xref linkend="small-lan"> for details).</para>
+ </listitem>
+
+ <listitem>
+ <para>Roll your own release of &os; which includes
+ <literal>I386_CPU</literal> support in the kernels of the
+ installation CD-ROM.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The first of these options is probably the easiest of all, but you
+ will need a lot of disk space which, on a 386-class machine, may be
+ difficult to find.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>ident</secondary>
+ </indexterm>
+
+ <programlisting>ident GENERIC</programlisting>
+
+ <para>This is the identification of the kernel. You should change
+ this to whatever you named your kernel,
+ i.e. <literal>MYKERNEL</literal> if you have followed the
+ instructions of the previous examples. The value you put in the
+ <literal>ident</literal> string will print when you boot up the
+ kernel, so it is useful to give the new kernel a different name if you
+ want to keep it separate from your usual kernel (e.g., you want to
+ build an experimental kernel).</para>
+
+ <programlisting>#To statically compile in device wiring instead of /boot/device.hints
+#hints "GENERIC.hints" # Default places to look for devices.</programlisting>
+
+ <para>In &os; 5.X and newer versions the &man.device.hints.5; is
+ used to configure options of the device drivers. The default
+ location that &man.loader.8; will check at boot time is
+ <filename>/boot/device.hints</filename>. Using the
+ <literal>hints</literal> option you can compile these hints
+ statically into your kernel. Then there is no need to create a
+ <filename>device.hints</filename> file in
+ <filename>/boot</filename>.</para>
+
+ <!-- XXX: Add a comment here that explains when compiling hints into
+ the kernel is a good idea and why. -->
+
+ <programlisting>#makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols</programlisting>
+
+ <para>The normal build process of &os; does not include
+ debugging information when building the kernel and strips most
+ symbols after the resulting kernel is linked, to save some space
+ at the install location. If you are going to do tests of kernels
+ in the -CURRENT branch or develop changes of your own for the &os;
+ kernel, you might want to uncomment this line. It will enable the
+ use of the <option>-g</option> option which enables debugging
+ information when passed to &man.gcc.1;. The same can be
+ accomplished by the &man.config.8; <option>-g</option> option, if
+ you are using the <quote>traditional</quote> way for building your
+ kernels (see <xref linkend="kernelconfig-building">
+ for more information).</para>
+
+ <programlisting>options SCHED_4BSD # 4BSD scheduler</programlisting>
+
+ <para>The traditional scheduler for &os;. Depending on your system's
+ workload, you may gain performance by using the new ULE scheduler for
+ &os; that has been designed specially for SMP, but works just fine on UP
+ systems too. If you wish to try it out, replace <literal>SCHED_4BSD</literal>
+ with <literal>SCHED_ULE</literal> in your configuration file.</para>
+
+ <programlisting>options INET # InterNETworking</programlisting>
+
+ <para>Networking support. Leave this in, even if you do not plan to
+ be connected to a network. Most programs require at least loopback
+ networking (i.e., making network connections within your PC), so
+ this is essentially mandatory.</para>
+
+ <programlisting>options INET6 # IPv6 communications protocols</programlisting>
+
+ <para>This enables the IPv6 communication protocols.</para>
+
+ <programlisting>options FFS # Berkeley Fast Filesystem</programlisting>
+
+ <para>This is the basic hard drive file system. Leave it in if you
+ boot from the hard disk.</para>
+
+ <programlisting>options SOFTUPDATES # Enable FFS Soft Updates support</programlisting>
+
+ <para>This option enables Soft Updates in the kernel, this will
+ help speed up write access on the disks. Even when this
+ functionality is provided by the kernel, it must be turned on
+ for specific disks. Review the output from &man.mount.8; to see
+ if Soft Updates is enabled for your system disks. If you do not
+ see the <literal>soft-updates</literal> option then you will
+ need to activate it using the &man.tunefs.8; (for existing
+ file systems) or &man.newfs.8; (for new file systems)
+ commands.</para>
+
+ <programlisting>options UFS_ACL # Support for access control lists</programlisting>
+
+ <para>This option, present only in &os;&nbsp;5.X, enables kernel support
+ for access control lists. This relies on the use of extended
+ attributes and <acronym>UFS2</acronym>, and the feature is described
+ in detail in <xref linkend="fs-acl">. <acronym>ACL</acronym>s are
+ enabled by default and should not be
+ disabled in the kernel if they have been used previously on a file
+ system, as this will remove the access control lists, changing the
+ way files are protected in unpredictable ways.</para>
+
+ <programlisting>options UFS_DIRHASH # Improve performance on big directories</programlisting>
+
+ <para>This option includes functionality to speed up disk
+ operations on large directories, at the expense of using
+ additional memory. You would normally keep this for a large
+ server, or interactive workstation, and remove it if you are
+ using &os; on a smaller system where memory is at a premium and
+ disk access speed is less important, such as a firewall.</para>
+
+ <programlisting>options MD_ROOT # MD is a potential root device</programlisting>
+
+ <para>This option enables support for a memory backed virtual disk
+ used as a root device.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>NFS</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>NFS_ROOT</secondary>
+ </indexterm>
+ <programlisting>options NFSCLIENT # Network Filesystem Client
+options NFSSERVER # Network Filesystem Server
+options NFS_ROOT # NFS usable as /, requires NFSCLIENT</programlisting>
+
+ <para>The network file system. Unless you plan to mount partitions
+ from a &unix; file server over TCP/IP, you can comment these
+ out.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>MSDOSFS</secondary>
+ </indexterm>
+ <programlisting>options MSDOSFS # MSDOS Filesystem</programlisting>
+
+ <para>The &ms-dos; file system. Unless you plan to mount a DOS formatted
+ hard drive partition at boot time, you can safely comment this out.
+ It will be automatically loaded the first time you mount a DOS
+ partition, as described above. Also, the excellent
+ <filename role="package">emulators/mtools</filename> software
+ allows you to access DOS floppies without having to mount and
+ unmount them (and does not require <literal>MSDOSFS</literal> at
+ all).</para>
+
+ <programlisting>options CD9660 # ISO 9660 Filesystem</programlisting>
+
+ <para>The ISO 9660 file system for CDROMs. Comment it out if you do
+ not have a CDROM drive or only mount data CDs occasionally (since it
+ will be dynamically loaded the first time you mount a data CD).
+ Audio CDs do not need this file system.</para>
+
+ <programlisting>options PROCFS # Process filesystem</programlisting>
+
+ <para>The process file system. This is a <quote>pretend</quote>
+ file system mounted on <filename>/proc</filename> which allows
+ programs like &man.ps.1; to give you more information on what
+ processes are running. In &os; 5.X and above, use of <literal>PROCFS</literal>
+ is not required under most circumstances, as most
+ debugging and monitoring tools have been adapted to run without
+ <literal>PROCFS</literal>: unlike in &os; 4.X, new installations of
+ &os; 5.X will not mount the process file system by default.
+ In addition, 6.X-CURRENT kernels
+ making use of <literal>PROCFS</literal> must now also include
+ support for <literal>PSEUDOFS</literal>:</para>
+
+ <programlisting>options PSEUDOFS # Pseudo-filesystem framework</programlisting>
+
+ <para><literal>PSEUDOFS</literal> is not available in &os; 4.X.</para>
+
+ <programlisting>options GEOM_GPT # GUID Partition Tables.</programlisting>
+
+ <para>This option brings the ability to have a large number of
+ partitions on a single disk.</para>
+
+ <programlisting>options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]</programlisting>
+
+ <para>Compatibility with 4.3BSD. Leave this in; some programs will
+ act strangely if you comment this out.</para>
+
+ <programlisting>options COMPAT_FREEBSD4 # Compatible with &os;4</programlisting>
+
+ <para>This option is required on &os;&nbsp;5.X &i386; and Alpha systems
+ to support applications compiled on older versions of &os;
+ that use older system call interfaces. It is recommended that
+ this option be used on all &i386; and Alpha systems that may
+ run older applications; platforms that gained support only in
+ 5.X, such as ia64 and &sparc64;, do not require this option.</para>
+
+ <programlisting>options SCSI_DELAY=15000 # Delay (in ms) before probing SCSI</programlisting>
+
+ <para>This causes the kernel to pause for 15 seconds before probing
+ each SCSI device in your system. If you only have IDE hard drives,
+ you can ignore this, otherwise you will probably want to lower this
+ number, perhaps to 5 seconds, to speed up booting. Of course, if
+ you do this and &os; has trouble recognizing your SCSI devices,
+ you will have to raise it again.</para>
+
+ <programlisting>options KTRACE # ktrace(1) support</programlisting>
+
+ <para>This enables kernel process tracing, which is useful in
+ debugging.</para>
+
+ <programlisting>options SYSVSHM # SYSV-style shared memory</programlisting>
+
+ <para>This option provides for System&nbsp;V shared memory. The most
+ common use of this is the XSHM extension in X, which many
+ graphics-intensive programs will automatically take advantage of for
+ extra speed. If you use X, you will definitely want to include
+ this.</para>
+
+ <programlisting>options SYSVMSG # SYSV-style message queues</programlisting>
+
+ <para>Support for System&nbsp;V messages. This option only adds
+ a few hundred bytes to the kernel.</para>
+
+ <programlisting>options SYSVSEM # SYSV-style semaphores</programlisting>
+
+ <para>Support for System&nbsp;V semaphores. Less commonly used but only
+ adds a few hundred bytes to the kernel.</para>
+
+ <note>
+ <para>The <option>-p</option> option of the &man.ipcs.1; command will
+ list any processes using each of these System&nbsp;V facilities.</para>
+ </note>
+
+ <programlisting>options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions</programlisting>
+
+ <para>Real-time extensions added in the 1993 &posix;. Certain
+ applications in the Ports Collection use these
+ (such as <application>&staroffice;</application>).</para>
+
+ <programlisting>options KBD_INSTALL_CDEV # install a CDEV entry in /dev</programlisting>
+
+ <para>This option is related to the keyboard. It installs a CDEV entry
+ in <filename>/dev</filename>.</para>
+
+ <programlisting>options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
+ # output. Adds ~128k to driver.
+options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
+ # output. Adds ~215k to driver.</programlisting>
+
+ <para>This helps debugging by printing easier register definitions for
+ reading.</para>
+
+ <programlisting>options ADAPTIVE_GIANT # Giant mutex is adaptive.</programlisting>
+
+ <para>Giant is the name of a mutual exclusion mechanism (a sleep mutex)
+ that protects a large set of kernel resources. Today, this is an
+ unacceptable performance bottleneck which is actively being replaced
+ with locks that protect individual resources. The
+ <literal>ADAPTIVE_GIANT</literal> option causes Giant to be included
+ in the set of mutexes adaptively spun on. That is, when a thread
+ wants to lock the Giant mutex, but it is already locked by a thread
+ on another CPU, the first thread will keep running and wait for the
+ lock to be released. Normally, the thread would instead go back to
+ sleep and wait for its next chance to run. If you are not sure,
+ leave this in.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>SMP</secondary>
+ </indexterm>
+ <programlisting>device apic # I/O APIC</programlisting>
+
+ <para>The apic device enables the use of the I/O APIC for interrupt
+ delivery. The apic device can be used in both UP and SMP kernels, but
+ is required for SMP kernels. Add <literal>options SMP</literal> to
+ include support for multiple processors.</para>
+
+ <programlisting>device isa</programlisting>
+
+ <para>All PCs supported by &os; have one of these. Do not remove this,
+ even if you have no ISA slots. If you have an
+ IBM PS/2 (Micro Channel Architecture) system, &os; provides only
+ limited support at this time. For more information about the
+ MCA support, see
+ <filename>/usr/src/sys/i386/conf/NOTES</filename>.</para>
+
+ <programlisting>device eisa</programlisting>
+
+ <para>Include this if you have an EISA motherboard. This enables
+ auto-detection and configuration support for all devices on the EISA
+ bus.</para>
+
+ <programlisting>device pci</programlisting>
+
+ <para>Include this if you have a PCI motherboard. This enables
+ auto-detection of PCI cards and gatewaying from the PCI to ISA
+ bus.</para>
+
+ <programlisting># Floppy drives
+device fdc</programlisting>
+
+ <para>This is the floppy drive controller.</para>
+
+ <programlisting># ATA and ATAPI devices
+device ata</programlisting>
+
+ <para>This driver supports all ATA and ATAPI devices. You only need
+ one <literal>device ata</literal> line for the kernel to detect all
+ PCI ATA/ATAPI devices on modern machines.</para>
+
+ <programlisting>device atadisk # ATA disk drives</programlisting>
+
+ <para>This is needed along with <literal>device ata</literal> for
+ ATA disk drives.</para>
+
+ <programlisting>device ataraid # ATA RAID drives</programlisting>
+
+ <para>This is needed along with <literal>device ata</literal> for ATA
+ RAID drives.</para>
+
+ <programlisting><anchor id="kernelconfig-atapi">
+device atapicd # ATAPI CDROM drives</programlisting>
+
+ <para>This is needed along with <literal>device ata</literal> for
+ ATAPI CDROM drives.</para>
+
+ <programlisting>device atapifd # ATAPI floppy drives</programlisting>
+
+ <para>This is needed along with <literal>device ata</literal> for
+ ATAPI floppy drives.</para>
+
+ <programlisting>device atapist # ATAPI tape drives</programlisting>
+
+ <para>This is needed along with <literal>device ata</literal> for
+ ATAPI tape drives.</para>
+
+ <programlisting>options ATA_STATIC_ID # Static device numbering</programlisting>
+
+ <para>This makes the controller number static; without this,
+ the device numbers are dynamically allocated.</para>
+
+ <programlisting># SCSI Controllers
+device ahb # EISA AHA1742 family
+device ahc # AHA2940 and onboard AIC7xxx devices
+device ahd # AHA39320/29320 and onboard AIC79xx devices
+device amd # AMD 53C974 (Teckram DC-390(T))
+device isp # Qlogic family
+device mpt # LSI-Logic MPT-Fusion
+#device ncr # NCR/Symbios Logic
+device sym # NCR/Symbios Logic (newer chipsets)
+device trm # Tekram DC395U/UW/F DC315U adapters
+
+device adv # Advansys SCSI adapters
+device adw # Advansys wide SCSI adapters
+device aha # Adaptec 154x SCSI adapters
+device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
+device bt # Buslogic/Mylex MultiMaster SCSI adapters
+
+device ncv # NCR 53C500
+device nsp # Workbit Ninja SCSI-3
+device stg # TMC 18C30/18C50</programlisting>
+
+ <para>SCSI controllers. Comment out any you do not have in your
+ system. If you have an IDE only system, you can remove these
+ altogether.</para>
+
+ <programlisting># SCSI peripherals
+device scbus # SCSI bus (required for SCSI)
+device ch # SCSI media changers
+device da # Direct Access (disks)
+device sa # Sequential Access (tape etc)
+device cd # CD
+device pass # Passthrough device (direct SCSI access)
+device ses # SCSI Environmental Services (and SAF-TE)</programlisting>
+
+ <para>SCSI peripherals. Again, comment out any you do not have, or if
+ you have only IDE hardware, you can remove them completely.</para>
+
+ <note>
+ <para>The USB &man.umass.4; driver and a few other drivers use
+ the SCSI subsystem even though they are not real SCSI devices.
+ Therefore make sure not to remove SCSI support, if any such
+ drivers are included in the kernel configuration.</para>
+ </note>
+
+ <programlisting># RAID controllers interfaced to the SCSI subsystem
+device amr # AMI MegaRAID
+device arcmsr # Areca SATA II RAID
+device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
+device ciss # Compaq Smart RAID 5*
+device dpt # DPT Smartcache III, IV - See NOTES for options
+device hptmv # Highpoint RocketRAID 182x
+device iir # Intel Integrated RAID
+device ips # IBM (Adaptec) ServeRAID
+device mly # Mylex AcceleRAID/eXtremeRAID
+device twa # 3ware 9000 series PATA/SATA RAID
+
+# RAID controllers
+device aac # Adaptec FSA RAID
+device aacp # SCSI passthrough for aac (requires CAM)
+device ida # Compaq Smart RAID
+device mlx # Mylex DAC960 family
+device pst # Promise Supertrak SX6000
+device twe # 3ware ATA RAID</programlisting>
+
+ <para>Supported RAID controllers. If you do not have any of these,
+ you can comment them out or remove them.</para>
+
+ <programlisting># atkbdc0 controls both the keyboard and the PS/2 mouse
+device atkbdc # AT keyboard controller</programlisting>
+
+ <para>The keyboard controller (<literal>atkbdc</literal>) provides I/O
+ services for the AT keyboard and PS/2 style pointing devices. This
+ controller is required by the keyboard driver
+ (<literal>atkbd</literal>) and the PS/2 pointing device driver
+ (<literal>psm</literal>).</para>
+
+ <programlisting>device atkbd # AT keyboard</programlisting>
+
+ <para>The <literal>atkbd</literal> driver, together with
+ <literal>atkbdc</literal> controller, provides access to the AT 84
+ keyboard or the AT enhanced keyboard which is connected to the AT
+ keyboard controller.</para>
+
+ <programlisting>device psm # PS/2 mouse</programlisting>
+
+ <para>Use this device if your mouse plugs into the PS/2 mouse
+ port.</para>
+
+ <programlisting>device vga # VGA video card driver</programlisting>
+
+ <para>The video card driver.</para>
+
+ <programlisting># splash screen/screen saver
+device splash # Splash screen and screen saver support</programlisting>
+
+ <para>Splash screen at start up! Screen savers require this
+ too. Use the line <literal>pseudo-device splash</literal> with
+ &os;&nbsp;4.X.</para>
+
+ <programlisting># syscons is the default console driver, resembling an SCO console
+device sc</programlisting>
+
+ <para><literal>sc</literal> is the default console driver and
+ resembles a SCO console. Since most full-screen programs access the
+ console through a terminal database library like
+ <filename>termcap</filename>, it should not matter whether you use
+ this or <literal>vt</literal>, the <literal>VT220</literal>
+ compatible console driver. When you log in, set your
+ <envar>TERM</envar> variable to <literal>scoansi</literal> if
+ full-screen programs have trouble running under this console.</para>
+
+ <programlisting># Enable this for the pcvt (VT220 compatible) console driver
+#device vt
+#options XSERVER # support for X server on a vt console
+#options FAT_CURSOR # start with block cursor</programlisting>
+
+ <para>This is a VT220-compatible console driver, backward compatible to
+ VT100/102. It works well on some laptops which have hardware
+ incompatibilities with <literal>sc</literal>. Also set your
+ <envar>TERM</envar> variable to <literal>vt100</literal> or
+ <literal>vt220</literal> when you log in. This driver might also
+ prove useful when connecting to a large number of different machines
+ over the network, where <filename>termcap</filename> or
+ <filename>terminfo</filename> entries for the <literal>sc</literal>
+ device are often not available &mdash; <literal>vt100</literal>
+ should be available on virtually any platform.</para>
+
+ <programlisting>device agp</programlisting>
+
+ <para>Include this if you have an AGP card in the system. This
+ will enable support for AGP, and AGP GART for boards which
+ have these features.</para>
+
+ <programlisting># Floating point support - do not disable.
+device npx</programlisting>
+
+ <para><literal>npx</literal> is the interface to the floating point
+ math unit in &os;, which is either the hardware co-processor or
+ the software math emulator. This is <emphasis>not</emphasis>
+ optional.</para>
+
+ <indexterm>
+ <primary>APM</primary>
+ </indexterm>
+
+ <programlisting># Power management support (see NOTES for more options)
+#device apm</programlisting>
+
+ <para>Advanced Power Management support. Useful for laptops,
+ although in &os; 5.X and above this is disabled in
+ <filename>GENERIC</filename> by default.</para>
+
+ <programlisting># Add suspend/resume support for the i8254.
+device pmtimer</programlisting>
+
+ <para>Timer device driver for power management events, such as APM and
+ ACPI.</para>
+
+ <programlisting># PCCARD (PCMCIA) support
+# PCMCIA and cardbus bridge support
+device cbb # cardbus (yenta) bridge
+device pccard # PC Card (16-bit) bus
+device cardbus # CardBus (32-bit) bus</programlisting>
+
+ <para>PCMCIA support. You want this if you are using a
+ laptop.</para>
+
+ <programlisting># Serial (COM) ports
+device sio # 8250, 16[45]50 based serial ports</programlisting>
+
+ <para>These are the serial ports referred to as
+ <devicename>COM</devicename> ports in the &ms-dos;/&windows;
+ world.</para>
+
+ <note>
+ <para>If you have an internal modem on <devicename>COM4</devicename>
+ and a serial port at <devicename>COM2</devicename>, you will have
+ to change the IRQ of the modem to 2 (for obscure technical reasons,
+ IRQ2 = IRQ 9) in order to access it
+ from &os;. If you have a multiport serial card, check the
+ manual page for &man.sio.4; for more information on the proper
+ values to add to your <filename>/boot/device.hints</filename>.
+ Some video cards (notably those based on
+ S3 chips) use IO addresses in the form of
+ <literal>0x*2e8</literal>, and since many cheap serial cards do
+ not fully decode the 16-bit IO address space, they clash with
+ these cards making the <devicename>COM4</devicename> port
+ practically unavailable.</para>
+
+ <para>Each serial port is required to have a unique IRQ (unless you
+ are using one of the multiport cards where shared interrupts are
+ supported), so the default IRQs for <devicename>COM3</devicename>
+ and <devicename>COM4</devicename> cannot be used.</para>
+ </note>
+
+ <programlisting># Parallel port
+device ppc</programlisting>
+
+ <para>This is the ISA-bus parallel port interface.</para>
+
+ <programlisting>device ppbus # Parallel port bus (required)</programlisting>
+
+ <para>Provides support for the parallel port bus.</para>
+
+ <programlisting>device lpt # Printer</programlisting>
+
+ <para>Support for parallel port printers.</para>
+
+ <note>
+ <para>All three of the above are required to enable parallel printer
+ support.</para>
+ </note>
+
+ <programlisting>device plip # TCP/IP over parallel</programlisting>
+
+ <para>This is the driver for the parallel network interface.</para>
+
+ <programlisting>device ppi # Parallel port interface device</programlisting>
+
+ <para>The general-purpose I/O (<quote>geek port</quote>) + IEEE1284
+ I/O.</para>
+
+ <programlisting>#device vpo # Requires scbus and da</programlisting>
+
+ <indexterm><primary>zip drive</primary></indexterm>
+ <para>This is for an Iomega Zip drive. It requires
+ <literal>scbus</literal> and <literal>da</literal> support. Best
+ performance is achieved with ports in EPP 1.9 mode.</para>
+
+ <programlisting>#device puc</programlisting>
+
+ <para>Uncomment this device if you have a <quote>dumb</quote> serial
+ or parallel PCI card that is supported by the &man.puc.4; glue
+ driver.</para>
+
+ <programlisting># PCI Ethernet NICs.
+device de # DEC/Intel DC21x4x (<quote>Tulip</quote>)
+device em # Intel PRO/1000 adapter Gigabit Ethernet Card
+device ixgb # Intel PRO/10GbE Ethernet Card
+device txp # 3Com 3cR990 (<quote>Typhoon</quote>)
+device vx # 3Com 3c590, 3c595 (<quote>Vortex</quote>)</programlisting>
+
+ <para>Various PCI network card drivers. Comment out or remove any of
+ these not present in your system.</para>
+
+ <programlisting># PCI Ethernet NICs that use the common MII bus controller code.
+# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
+device miibus # MII bus support</programlisting>
+
+ <para>MII bus support is required for some PCI 10/100 Ethernet NICs,
+ namely those which use MII-compliant transceivers or implement
+ transceiver control interfaces that operate like an MII. Adding
+ <literal>device miibus</literal> to the kernel config pulls in
+ support for the generic miibus API and all of the PHY drivers,
+ including a generic one for PHYs that are not specifically handled
+ by an individual driver.</para>
+
+ <programlisting>device bfe # Broadcom BCM440x 10/100 Ethernet
+device bge # Broadcom BCM570xx Gigabit Ethernet
+device dc # DEC/Intel 21143 and various workalikes
+device fxp # Intel EtherExpress PRO/100B (82557, 82558)
+device lge # Level 1 LXT1001 gigabit ethernet
+device nge # NatSemi DP83820 gigabit ethernet
+device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
+device re # RealTek 8139C+/8169/8169S/8110S
+device rl # RealTek 8129/8139
+device sf # Adaptec AIC-6915 (<quote>Starfire</quote>)
+device sis # Silicon Integrated Systems SiS 900/SiS 7016
+device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
+device ste # Sundance ST201 (D-Link DFE-550TX)
+device ti # Alteon Networks Tigon I/II gigabit Ethernet
+device tl # Texas Instruments ThunderLAN
+device tx # SMC EtherPower II (83c170 <quote>EPIC</quote>)
+device vge # VIA VT612x gigabit ethernet
+device vr # VIA Rhine, Rhine II
+device wb # Winbond W89C840F
+device xl # 3Com 3c90x (<quote>Boomerang</quote>, <quote>Cyclone</quote>)</programlisting>
+
+ <para>Drivers that use the MII bus controller code.</para>
+
+ <programlisting># ISA Ethernet NICs. pccard NICs included.
+device cs # Crystal Semiconductor CS89x0 NIC
+# 'device ed' requires 'device miibus'
+device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
+device ex # Intel EtherExpress Pro/10 and Pro/10+
+device ep # Etherlink III based cards
+device fe # Fujitsu MB8696x based cards
+device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
+device lnc # NE2100, NE32-VL Lance Ethernet cards
+device sn # SMC's 9000 series of Ethernet chips
+device xe # Xircom pccard Ethernet
+
+# ISA devices that use the old ISA shims
+#device le</programlisting>
+
+ <para>ISA Ethernet drivers. See
+ <filename>/usr/src/sys/<replaceable>i386</replaceable>/conf/NOTES</filename> for details
+of which cards are
+ supported by which driver.</para>
+
+ <programlisting># Wireless NIC cards
+device wlan # 802.11 support
+device an # Aironet 4500/4800 802.11 wireless NICs.
+device awi # BayStack 660 and others
+device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
+#device wl # Older non 802.11 Wavelan wireless NIC.</programlisting>
+
+ <para>Support for various wireless cards.</para>
+
+ <programlisting># Pseudo devices
+device loop # Network loopback</programlisting>
+
+ <para>This is the generic loopback device for TCP/IP. If you telnet
+ or FTP to <hostid>localhost</hostid> (a.k.a. <hostid
+ role="ipaddr">127.0.0.1</hostid>) it will come back at you through
+ this device. This is <emphasis>mandatory</emphasis>. Under
+ &os;&nbsp;4.X you have to use the line <literal>pseudo-device
+ loop</literal>.</para>
+
+ <programlisting>device mem # Memory and kernel memory devices</programlisting>
+
+ <para>The system memory devices.</para>
+
+ <programlisting>device io # I/O device</programlisting>
+
+ <para>This option allows a process to gain I/O privileges. This is
+ useful in order to write userland programs that can handle hardware
+ directly. This is required to run the X Window system.</para>
+
+ <programlisting>device random # Entropy device</programlisting>
+
+ <para>Cryptographically secure random number generator.</para>
+
+ <programlisting>device ether # Ethernet support</programlisting>
+
+ <para><literal>ether</literal> is only needed if you have an Ethernet
+ card. It includes generic Ethernet protocol code. Under
+ &os;&nbsp;4.X use the line <literal>pseudo-device
+ ether</literal>.</para>
+
+ <programlisting>device sl # Kernel SLIP</programlisting>
+
+ <para><literal>sl</literal> is for SLIP support. This has been almost
+ entirely supplanted by PPP, which is easier to set up, better suited
+ for modem-to-modem connection, and more powerful.
+ With &os;&nbsp;4.X use the line <literal>pseudo-device
+ sl</literal>.</para>
+
+ <programlisting>device ppp # Kernel PPP</programlisting>
+
+ <para>This is for kernel PPP support for dial-up connections. There
+ is also a version of PPP implemented as a userland application that
+ uses <literal>tun</literal> and offers more flexibility and features
+ such as demand dialing.
+ With &os;&nbsp;4.X use the line
+ <literal>pseudo-device ppp</literal>.</para>
+
+ <programlisting>device tun # Packet tunnel.</programlisting>
+
+ <para>This is used by the userland PPP software.
+ See
+ the <link linkend="userppp">PPP</link> section of this book for more
+ information. With &os;&nbsp;4.X use the line <literal>pseudo-device
+ tun</literal>.</para>
+
+ <programlisting><anchor id="kernelconfig-ptys">
+device pty # Pseudo-ttys (telnet etc)</programlisting>
+
+ <para>This is a <quote>pseudo-terminal</quote> or simulated login port.
+ It is used by incoming <command>telnet</command> and
+ <command>rlogin</command> sessions,
+ <application>xterm</application>, and some other applications such
+ as <application>Emacs</application>.</para>
+
+ <note><para>Under &os;&nbsp;4.X, you
+ have to use the line <literal>pseudo-device pty
+ <replaceable>number</replaceable></literal>. The
+ <replaceable>number</replaceable> after <literal>pty</literal>
+ indicates the number of
+ <literal>pty</literal>s to create. If you need more than the
+ default of 16 simultaneous <application>xterm</application> windows
+ and/or remote logins, be sure to increase this number accordingly,
+ up to a maximum of 256.</para></note>
+
+ <programlisting>device md # Memory <quote>disks</quote></programlisting>
+
+ <para>Memory disk pseudo-devices. With &os;&nbsp;4.X use the
+ line <literal>pseudo-device md</literal>.</para>
+
+ <programlisting>device gif # IPv6 and IPv4 tunneling</programlisting>
+
+ <para>This implements IPv6 over IPv4 tunneling, IPv4 over IPv6 tunneling,
+ IPv4 over IPv4 tunneling, and IPv6 over IPv6 tunneling. Beginning with
+ &os;&nbsp;4.4 the <literal>gif</literal> device is
+ <quote>auto-cloning</quote>, and you should use the line
+ <literal>pseudo-device gif</literal>.
+ Earlier versions of &os;&nbsp;4.X require a number, for example
+ <literal>pseudo-device gif 4</literal>.</para>
+
+ <programlisting>device faith # IPv6-to-IPv4 relaying (translation)</programlisting>
+
+ <para>This pseudo-device captures packets that are sent to it and
+ diverts them to the IPv4/IPv6 translation daemon. With
+ &os;&nbsp;4.X use the line
+ <literal>pseudo-device faith 1</literal>.</para>
+
+ <programlisting># The `bpf' device enables the Berkeley Packet Filter.
+# Be aware of the administrative consequences of enabling this!
+# Note that 'bpf' is required for DHCP.
+device bpf # Berkeley packet filter</programlisting>
+
+ <para>This is the Berkeley Packet Filter. This pseudo-device allows
+ network interfaces to be placed in promiscuous mode, capturing every
+ packet on a broadcast network (e.g., an Ethernet). These packets
+ can be captured to disk and or examined with the &man.tcpdump.1;
+ program. With &os;&nbsp;4.X use the line
+ <literal>pseudo-device bpf</literal>.</para>
+
+ <note>
+ <para>The &man.bpf.4; device is also used by
+ &man.dhclient.8; to obtain the IP address of the default router
+ (gateway) and so on. If you use DHCP, leave this
+ uncommented.</para>
+ </note>
+
+ <programlisting># USB support
+device uhci # UHCI PCI-&gt;USB interface
+device ohci # OHCI PCI-&gt;USB interface
+#device ehci # EHCI PCI-&gt;USB interface (USB 2.0)
+device usb # USB Bus (required)
+#device udbp # USB Double Bulk Pipe devices
+device ugen # Generic
+device uhid # <quote>Human Interface Devices</quote>
+device ukbd # Keyboard
+device ulpt # Printer
+device umass # Disks/Mass storage - Requires scbus and da
+device ums # Mouse
+device urio # Diamond Rio 500 MP3 player
+device uscanner # Scanners
+# USB Ethernet, requires mii
+device aue # ADMtek USB Ethernet
+device axe # ASIX Electronics USB Ethernet
+device cdce # Generic USB over Ethernet
+device cue # CATC USB Ethernet
+device kue # Kawasaki LSI USB Ethernet
+device rue # RealTek RTL8150 USB Ethernet</programlisting>
+
+ <para>Support for various USB devices.</para>
+
+ <programlisting># FireWire support
+device firewire # FireWire bus code
+device sbp # SCSI over FireWire (Requires scbus and da)
+device fwe # Ethernet over FireWire (non-standard!)</programlisting>
+
+ <para>Support for various Firewire devices.</para>
+
+ <para>For more information and additional devices supported by
+ &os;, see
+ <filename>/usr/src/sys/<replaceable>i386</replaceable>/conf/NOTES</filename>.</para>
+
+ <sect2>
+ <title>Large Memory Configurations (<acronym>PAE</acronym>)</title>
+ <indexterm>
+ <primary>Physical Address Extensions
+ (<acronym>PAE</acronym>)</primary>
+ <secondary>large memory</secondary>
+ </indexterm>
+
+ <para>Large memory configuration machines require access to
+ more than the 4 gigabyte limit on User+Kernel Virtual
+ Address (<acronym>KVA</acronym>) space. Due to this
+ limitation, Intel added support for 36-bit physical address
+ space access in the &pentium; Pro and later line of CPUs.</para>
+
+ <para>The Physical Address Extension (<acronym>PAE</acronym>)
+ capability of the &intel; &pentium; Pro and later CPUs
+ allows memory configurations of up to 64 gigabytes.
+ &os; provides support for this capability via the
+ <option>PAE</option> kernel configuration option, available
+ in the 4.X series of &os; beginning with 4.9-RELEASE and
+ in the 5.X series of &os; beginning with 5.1-RELEASE. Due to
+ the limitations of the Intel memory architecture, no distinction
+ is made for memory above or below 4 gigabytes. Memory allocated
+ above 4 gigabytes is simply added to the pool of available
+ memory.</para>
+
+ <para>To enable <acronym>PAE</acronym> support in the kernel,
+ simply add the following line to your kernel configuration
+ file:</para>
+
+ <programlisting>options PAE</programlisting>
+
+ <note>
+ <para>The <acronym>PAE</acronym> support in &os; is only
+ available for &intel; IA-32 processors. It should also be
+ noted, that the <acronym>PAE</acronym> support in &os; has
+ not received wide testing, and should be considered beta
+ quality compared to other stable features of &os;.</para>
+ </note>
+
+ <para><acronym>PAE</acronym> support in &os; has a few limitations:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>A process is not able to access more than 4
+ gigabytes of VM space.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>KLD</acronym> modules cannot be loaded into
+ a <acronym>PAE</acronym> enabled kernel, due to the
+ differences in the build framework of a module and the
+ kernel.</para>
+ </listitem>
+
+ <listitem>
+ <para>Device drivers that do not use the &man.bus.dma.9;
+ interface will cause data corruption in a
+ <acronym>PAE</acronym> enabled kernel and are not
+ recommended for use. For this reason, the
+ <filename>PAE</filename> kernel
+ configuration file is provided in &os; 5.X, which
+ excludes all drivers not known to work in a <acronym>PAE</acronym> enabled
+ kernel.</para>
+ </listitem>
+
+ <listitem>
+ <para>Some system tunables determine memory resource usage
+ by the amount of available physical memory. Such
+ tunables can unnecessarily over-allocate due to the
+ large memory nature of a <acronym>PAE</acronym> system.
+ One such example is the <option>kern.maxvnodes</option>
+ sysctl, which controls the maximum number of vnodes allowed
+ in the kernel. It is advised to adjust this and other
+ such tunables to a reasonable value.</para>
+ </listitem>
+
+ <listitem>
+ <para>It might be necessary to increase the kernel virtual
+ address (<acronym>KVA</acronym>) space or to reduce the
+ amount of specific kernel resource that is heavily used
+ (see above) in order to avoid <acronym>KVA</acronym>
+ exhaustion. The <option>KVA_PAGES</option> kernel option
+ can be used for increasing the
+ <acronym>KVA</acronym> space.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>For performance and stability concerns, it is advised to
+ consult the &man.tuning.7; manual page. The &man.pae.4;
+ manual page contains up-to-date information on &os;'s
+ <acronym>PAE</acronym> support.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="kernelconfig-nodes">
+ <title>Making Device Nodes</title>
+
+ <indexterm><primary>device nodes</primary></indexterm>
+ <indexterm>
+ <primary><command>MAKEDEV</command></primary>
+ </indexterm>
+
+ <para><emphasis>If you are running &os;&nbsp;5.0 or later
+ you can safely skip this section. These versions use
+ &man.devfs.5; to allocate device nodes transparently for
+ the user.</emphasis></para>
+
+ <para>Almost every device in the kernel has a corresponding
+ <quote>node</quote> entry in the <filename>/dev</filename> directory.
+ These nodes look like regular files, but are actually special
+ entries into the kernel which programs use to access the device.
+ The shell script <filename>/dev/MAKEDEV</filename>, which is
+ executed when you first install the operating system, creates
+ nearly all of the device nodes supported. However, it does not
+ create <emphasis>all</emphasis> of them, so when you add support for
+ a new device, it pays to make sure that the appropriate entries are
+ in this directory, and if not, add them. Here is a simple
+ example:</para>
+
+ <para>Suppose you add the IDE CD-ROM support to the kernel. The line
+ to add is:</para>
+
+ <programlisting>device acd0</programlisting>
+
+ <para>This means that you should look for some entries that start with
+ <filename>acd0</filename> in the <filename>/dev</filename>
+ directory, possibly followed by a letter, such as
+ <literal>c</literal>, or preceded by the letter
+ <literal>r</literal>, which means a <quote>raw</quote> device. It
+ turns out that those files are not there, so you must change to the
+ <filename>/dev</filename> directory and type:</para>
+
+ <indexterm>
+ <primary><command>MAKEDEV</command></primary></indexterm>
+ <screen>&prompt.root; <userinput>sh MAKEDEV acd0</userinput></screen>
+
+ <para>When this script finishes, you will find that there are now
+ <filename>acd0c</filename> and <filename>racd0c</filename> entries
+ in <filename>/dev</filename> so you know that it executed
+ correctly.</para>
+
+ <para>For sound cards, the following command creates the appropriate
+ entries:</para>
+
+ <screen>&prompt.root; <userinput>sh MAKEDEV snd0</userinput></screen>
+
+ <note>
+ <para>When creating device nodes for devices such as sound cards, if
+ other people have access to your machine, it may be desirable to
+ protect the devices from outside access by adding them to the
+ <filename>/etc/fbtab</filename> file. See &man.fbtab.5; for more
+ information.</para>
+ </note>
+
+ <para>Follow this simple procedure for any other
+ non-<filename>GENERIC</filename> devices which do not have
+ entries.</para>
+
+ <note>
+ <para>All SCSI controllers use the same set of
+ <filename>/dev</filename> entries, so you do not need to create
+ these. Also, network cards and SLIP/PPP pseudo-devices do not
+ have entries in <filename>/dev</filename> at all, so you do not
+ have to worry about these either.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="kernelconfig-trouble">
+ <title>If Something Goes Wrong</title>
+
+ <para>There are five categories of trouble that can occur when
+ building a custom kernel. They are:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><command>config</command> fails:</term>
+
+ <listitem>
+ <para>If the &man.config.8; command fails when you
+ give it your kernel description, you have probably made a
+ simple error somewhere. Fortunately,
+ &man.config.8; will print the line number that it
+ had trouble with, so that you can quickly locate the line
+ containing the error. For example, if you see:</para>
+
+ <screen>config: line 17: syntax error</screen>
+
+ <para>Make sure the
+ keyword is typed correctly by comparing it to the
+ <filename>GENERIC</filename> kernel or another
+ reference.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>make</command> fails:</term>
+
+ <listitem>
+ <para>If the <command>make</command> command fails, it usually
+ signals an error in your kernel description which is not severe
+ enough for &man.config.8; to catch. Again, look
+ over your configuration, and if you still cannot resolve the
+ problem, send mail to the &a.questions; with your kernel
+ configuration, and it should be diagnosed quickly.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Installing the new kernel fails:</term>
+
+ <listitem>
+ <para>If the kernel compiled fine, but failed to install
+ (the <command>make install</command> or
+ <command>make installkernel</command> command failed),
+ the first thing to check is if your system is running at
+ securelevel 1 or higher (see &man.init.8;). The kernel
+ installation tries to remove the immutable flag from
+ your kernel and set the immutable flag on the new one.
+ Since securelevel 1 or higher prevents unsetting the immutable
+ flag for any files on the system, the kernel installation needs
+ to be performed at securelevel 0 or lower.</para>
+
+ <para>The above only applies to &os; 4.X and earlier versions.
+ &os; 5.X, along with later versions, does not set the
+ immutable flag on the kernel and a failure to install a
+ kernel probably indicates a more fundamental problem.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>The kernel does not boot:<anchor
+ id="kernelconfig-noboot"></term>
+
+ <listitem>
+ <para>If your new kernel does not boot, or fails to
+ recognize your devices, do not panic! Fortunately, &os; has
+ an excellent mechanism for recovering from incompatible
+ kernels. Simply choose the kernel you want to boot from at
+ the &os; boot loader. You can access this when the system
+ counts down from 10 at the boot menu. Hit any key except for the
+ <keycap>Enter</keycap> key, type <command>unload</command>
+ and then type
+ <command>boot /boot/<replaceable>kernel.old</replaceable>/kernel</command>,
+ or the filename of any other kernel that will boot properly.
+ When reconfiguring a kernel, it is always a good idea to keep
+ a kernel that is known to work on hand.</para>
+
+ <para>After booting with a good kernel you can check over your
+ configuration file and try to build it again. One helpful
+ resource is the <filename>/var/log/messages</filename> file
+ which records, among other things, all of the kernel messages
+ from every successful boot. Also, the &man.dmesg.8; command
+ will print the kernel messages from the current boot.</para>
+
+ <note>
+ <para>If you are having trouble building a kernel, make sure
+ to keep a <filename>GENERIC</filename>, or some other kernel
+ that is known to work on hand as a different name that will
+ not get erased on the next build. You cannot rely on
+ <filename>kernel.old</filename> because when installing a
+ new kernel, <filename>kernel.old</filename> is overwritten
+ with the last installed kernel which may be non-functional.
+ Also, as soon as possible, move the working kernel to the
+ proper <filename class="directory">/boot/kernel</filename>
+ location or commands such
+ as &man.ps.1; may not work properly. To do this, simply
+ rename the directory containing the good kernel:</para>
+
+ <screen>&prompt.root; <userinput>mv /boot/kernel /boot/kernel.bad</userinput>
+&prompt.root; <userinput>mv /boot/<replaceable>kernel.good</replaceable> /boot/kernel</userinput></screen>
+
+ <para>For versions of &os; prior to 5.X, the proper command to
+ <quote>unlock</quote> the kernel file that
+ <command>make</command> installs (in order to move another
+ kernel back permanently) is:</para>
+
+ <screen>&prompt.root; <userinput>chflags noschg /kernel</userinput></screen>
+
+ <para>If you find you cannot do this, you are probably running
+ at a &man.securelevel.8; greater than zero. Edit
+ <literal>kern_securelevel</literal> in
+ <filename>/etc/rc.conf</filename> and set it to
+ <literal>-1</literal>, then reboot. You can change it back
+ to its previous setting when you are happy with your new
+ kernel.</para>
+
+ <para>And, if you want to <quote>lock</quote> your new kernel
+ into place, or any file for that matter, so that it cannot
+ be moved or tampered with:</para>
+
+ <screen>&prompt.root; <userinput>chflags schg /kernel</userinput></screen>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>The kernel works, but &man.ps.1; does not work
+ any more:</term>
+
+ <listitem>
+ <para>If you have installed a different version of the kernel
+ from the one that the system utilities have been built with,
+ for example, a 5.X kernel on a 4.X system, many system-status
+ commands like &man.ps.1; and &man.vmstat.8; will not work any
+ more. You should <link linkend="makeworld">recompile and install
+ a world</link> built with the same version of the source tree as
+ your kernel. This is one reason it is
+ not normally a good idea to use a different version of the
+ kernel from the rest of the operating system.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/handbook/l10n/Makefile b/zh_TW.Big5/books/handbook/l10n/Makefile
new file mode 100644
index 0000000000..c6741a2341
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/l10n/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= l10n/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/l10n/chapter.sgml b/zh_TW.Big5/books/handbook/l10n/chapter.sgml
new file mode 100644
index 0000000000..47f477876f
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/l10n/chapter.sgml
@@ -0,0 +1,971 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="l10n">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Andrey</firstname>
+ <surname>Chernov</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Michael C.</firstname>
+ <surname>Wu</surname>
+ <contrib>Rewritten by </contrib>
+ </author>
+ <!-- 30 Nv 2000 -->
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Localization - I18N/L10N Usage and Setup</title>
+
+ <sect1 id="l10n-synopsis">
+ <title>Synopsis</title>
+
+ <para>FreeBSD is a very distributed project with users and
+ contributors located all over the world. This chapter discusses
+ the internationalization and localization features of FreeBSD
+ that allow non-English speaking users to get real work done.
+ There are many aspects of the i18n implementation in both the system
+ and application levels, so where applicable we refer the reader
+ to more specific sources of documentation.</para>
+
+ <para>After reading this chapter, you will know:</para>
+ <itemizedlist>
+ <listitem><para>How different languages and locales are encoded
+ on modern operating systems.</para></listitem>
+ <listitem><para>How to set the locale for your login
+ shell.</para></listitem>
+ <listitem><para>How to configure your console for non-English
+ languages.</para></listitem>
+ <listitem><para>How to use X Window System effectively with different
+ languages.</para></listitem>
+ <listitem><para>Where to find more information about writing
+ i18n-compliant applications.</para></listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem><para>Know how to install additional third-party
+ applications (<xref linkend="ports">).</para></listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="l10n-basics">
+ <title>The Basics</title>
+
+ <sect2>
+ <title>What Is I18N/L10N?</title>
+ <indexterm>
+ <primary>internationalization</primary>
+ <see>localization</see>
+ </indexterm>
+ <indexterm><primary>localization</primary></indexterm>
+
+ <para>Developers shortened internationalization into the term I18N,
+ counting the number of letters between the first and the last
+ letters of internationalization. L10N uses the same naming
+ scheme, coming from <quote>localization</quote>. Combined
+ together, I18N/L10N methods, protocols, and applications allow
+ users to use languages of their choice.</para>
+
+ <para>I18N applications are programmed using I18N kits under
+ libraries. It allows for developers to write a simple file and
+ translate displayed menus and texts to each language. We strongly
+ encourage programmers to follow this convention.</para>
+ </sect2>
+
+ <sect2>
+ <title>Why Should I Use I18N/L10N?</title>
+
+ <para>I18N/L10N is used whenever you wish to either view, input, or
+ process data in non-English languages.</para>
+ </sect2>
+
+ <sect2>
+ <title>What Languages Are Supported in the I18N Effort?</title>
+
+ <para>I18N and L10N are not FreeBSD specific. Currently, one can
+ choose from most of the major languages of the World, including
+ but not limited to: Chinese, German, Japanese, Korean, French,
+ Russian, Vietnamese and others.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="using-localization">
+ <title>Using Localization</title>
+
+ <para>In all its splendor, I18N is not FreeBSD-specific and is a
+ convention. We encourage you to help FreeBSD in following this
+ convention.</para>
+ <indexterm><primary>locale</primary></indexterm>
+
+ <para>Localization settings are based on three main terms:
+ Language Code, Country Code, and Encoding. Locale names are
+ constructed from these parts as follows:</para>
+
+ <programlisting><replaceable>LanguageCode</replaceable>_<replaceable>CountryCode</replaceable>.<replaceable>Encoding</replaceable></programlisting>
+
+ <sect2>
+ <title>Language and Country Codes</title>
+ <indexterm><primary>language codes</primary></indexterm>
+ <indexterm><primary>country codes</primary></indexterm>
+
+ <para>In order to localize a FreeBSD system to a specific language
+ (or any other I18N-supporting &unix; like systems), the user needs to find out
+ the codes for the specify country and language (country
+ codes tell applications what variation of given
+ language to use). In addition, web
+ browsers, SMTP/POP servers, web servers, etc. make decisions based on
+ them. The following are examples of language/country codes:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Language/Country Code</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>en_US</entry>
+ <entry>English - United States</entry>
+ </row>
+
+ <row>
+ <entry>ru_RU</entry>
+ <entry>Russian for Russia</entry>
+ </row>
+
+ <row>
+ <entry>zh_TW</entry>
+ <entry>Traditional Chinese for Taiwan</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ </sect2>
+
+ <sect2>
+ <title>Encodings</title>
+ <indexterm><primary>encodings</primary></indexterm>
+ <indexterm><primary>ASCII</primary></indexterm>
+
+ <para>Some languages use non-ASCII encodings that are 8-bit, wide
+ or multibyte characters, see &man.multibyte.3; for more
+ details. Older applications do not recognize them
+ and mistake them for control characters. Newer applications
+ usually do recognize 8-bit characters. Depending on the
+ implementation, users may be required to compile an application
+ with wide or multibyte characters support, or configure it correctly.
+ To be able to input and process wide or multibyte characters, the <ulink
+ url="&url.base;/ports/index.html">FreeBSD Ports Collection</ulink> has provided
+ each language with different programs. Refer to the I18N
+ documentation in the respective FreeBSD Port.</para>
+
+ <para>Specifically, the user needs to look at the application
+ documentation to decide on how to configure it correctly or to
+ pass correct values into the configure/Makefile/compiler.</para>
+
+ <para>Some things to keep in mind are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Language specific single C chars character sets
+ (see &man.multibyte.3;), e.g.
+ ISO-8859-1, ISO-8859-15, KOI8-R, CP437.</para>
+ </listitem>
+
+ <listitem>
+ <para>Wide or multibyte encodings, e.g. EUC, Big5.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>You can check the active list of character sets at the
+ <ulink
+ url="http://www.iana.org/assignments/character-sets">IANA Registry</ulink>.</para>
+
+ <note>
+ <para>FreeBSD versions 4.5 and up use X11-compatible locale
+ encodings instead.</para>
+ </note>
+
+ </sect2>
+
+ <sect2>
+ <title>I18N Applications</title>
+
+ <para>In the FreeBSD Ports and Package system, I18N applications
+ have been named with <literal>I18N</literal> in their names for
+ easy identification. However, they do not always support the
+ language needed.</para>
+ </sect2>
+
+ <sect2 id="setting-locale">
+ <title>Setting Locale</title>
+
+ <para>Usually it is sufficient to export the value of the locale name
+ as <envar>LANG</envar> in the login shell. This could be done in
+ the user's <filename>~/.login_conf</filename> file or in the
+ startup file of the user's shell (<filename>~/.profile</filename>,
+ <filename>~/.bashrc</filename>, <filename>~/.cshrc</filename>).
+ There is no need to set the locale subsets such as
+ <envar>LC_CTYPE</envar>, <envar>LC_CTIME</envar>. Please
+ refer to language-specific FreeBSD documentation for more
+ information.</para>
+
+ <para>You should set the following two environment variables in your configuration
+ files:</para>
+
+ <itemizedlist>
+ <indexterm><primary>POSIX</primary></indexterm>
+ <listitem>
+ <para><envar>LANG</envar> for &posix; &man.setlocale.3; family
+ functions</para>
+ </listitem>
+
+ <indexterm><primary>MIME</primary></indexterm>
+ <listitem>
+ <para><envar>MM_CHARSET</envar> for applications' MIME character
+ set</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>This includes the user shell configuration, the specific application
+ configuration, and the X11 configuration.</para>
+
+ <sect3>
+ <title>Setting Locale Methods</title>
+ <indexterm><primary>locale</primary></indexterm>
+ <indexterm><primary>login class</primary></indexterm>
+
+ <para>There are two methods for setting locale, and both are
+ described below. The first (recommended one) is by assigning
+ the environment variables in <link linkend="login-class">login
+ class</link>, and the second is by adding the environment
+ variable assignments to the system's shell <link
+ linkend="startup-file">startup file</link>.</para>
+
+ <sect4 id="login-class">
+ <title>Login Classes Method</title>
+
+ <para>This method allows environment variables needed for locale
+ name and MIME character sets to be assigned once for every
+ possible shell instead of adding specific shell assignments to
+ each shell's startup file. <link linkend="usr-setup">User
+ Level Setup</link> can be done by an user himself and <link
+ linkend="adm-setup">Administrator Level Setup</link> require
+ superuser privileges.</para>
+
+ <sect5 id="usr-setup">
+ <title>User Level Setup</title>
+
+ <para>Here is a minimal example of a
+ <filename>.login_conf</filename> file in user's home
+ directory which has both variables set for Latin-1
+ encoding:</para>
+
+ <programlisting>me:\
+ :charset=ISO-8859-1:\
+ :lang=de_DE.ISO8859-1:</programlisting>
+
+ <indexterm><primary>Traditional Chinese</primary><secondary>BIG-5 encoding</secondary></indexterm>
+ <para>Here is an example of a
+ <filename>.login_conf</filename> that sets the variables
+ for Traditional Chinese in BIG-5 encoding. Notice the many
+ more variables set because some software does not respect
+ locale variables correctly for Chinese, Japanese, and Korean.</para>
+
+ <programlisting>#Users who do not wish to use monetary units or time formats
+#of Taiwan can manually change each variable
+me:\
+ :lang=zh_TW.Big5:\
+ :lc_all=zh_TW.Big:\
+ :lc_collate=zh_TW.Big5:\
+ :lc_ctype=zh_TW.Big5:\
+ :lc_messages=zh_TW.Big5:\
+ :lc_monetary=zh_TW.Big5:\
+ :lc_numeric=zh_TW.Big5:\
+ :lc_time=zh_TW.Big5:\
+ :charset=big5:\
+ :xmodifiers="@im=xcin": #Setting the XIM Input Server</programlisting>
+
+ <para>See <link linkend="adm-setup">Administrator Level
+ Setup</link> and &man.login.conf.5; for more details.</para>
+ </sect5>
+
+ <sect5 id="adm-setup">
+ <title>Administrator Level Setup</title>
+
+ <para>Verify that the user's login class in
+ <filename>/etc/login.conf</filename> sets the correct
+ language. Make sure these settings
+ appear in <filename>/etc/login.conf</filename>:</para>
+
+ <programlisting><replaceable>language_name</replaceable>:<replaceable>accounts_title</replaceable>:\
+ :charset=<replaceable>MIME_charset</replaceable>:\
+ :lang=<replaceable>locale_name</replaceable>:\
+ :tc=default:</programlisting>
+
+ <para>So sticking with our previous example using Latin-1, it
+ would look like this:</para>
+
+ <programlisting>german:German Users Accounts:\
+ :charset=ISO-8859-1:\
+ :lang=de_DE.ISO8859-1:\
+ :tc=default:</programlisting>
+
+ <bridgehead renderas=sect4>Changing Login Classes with &man.vipw.8;</bridgehead>
+
+ <indexterm>
+ <primary><command>vipw</command></primary>
+ </indexterm>
+ <para>Use <command>vipw</command> to add new users, and make
+ the entry look like this:</para>
+
+ <programlisting>user:password:1111:11:<replaceable>language</replaceable>:0:0:User Name:/home/user:/bin/sh</programlisting>
+
+ <bridgehead renderas=sect4>Changing Login Classes with &man.adduser.8;</bridgehead>
+
+ <indexterm>
+ <primary><command>adduser</command></primary>
+ </indexterm>
+ <indexterm><primary>login class</primary></indexterm>
+ <para>Use <command>adduser</command> to add new users, and do
+ the following:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Set <literal>defaultclass =
+ <replaceable>language</replaceable></literal> in
+ <filename>/etc/adduser.conf</filename>. Keep in mind
+ you must enter a <literal>default</literal> class for
+ all users of other languages in this case.</para>
+ </listitem>
+
+ <listitem>
+ <para>An alternative variant is answering the specified
+ language each time that
+<screen><prompt>Enter login class: default []: </prompt></screen>
+ appears from &man.adduser.8;.</para>
+ </listitem>
+
+ <listitem>
+ <para>Another alternative is to use the following for each
+ user of a different language that you wish to
+ add:</para>
+
+ <screen>&prompt.root; <userinput>adduser -class <replaceable>language</replaceable></userinput></screen>
+ </listitem>
+ </itemizedlist>
+
+ <bridgehead renderas=sect4>Changing Login Classes with &man.pw.8;</bridgehead>
+ <indexterm>
+ <primary><command>pw</command></primary>
+ </indexterm>
+ <para>If you use &man.pw.8; for adding new users, call it in
+ this form:</para>
+
+ <screen>&prompt.root; <userinput>pw useradd <replaceable>user_name</replaceable> -L <replaceable>language</replaceable></userinput></screen>
+ </sect5>
+ </sect4>
+
+ <sect4 id="startup-file">
+ <title>Shell Startup File Method</title>
+
+ <note>
+ <para>This method is not recommended because it requires a
+ different setup for each possible shell program chosen. Use
+ the <link linkend="login-class">Login Class Method</link>
+ instead.</para>
+ </note>
+
+ <indexterm><primary>MIME</primary></indexterm>
+ <indexterm><primary>locale</primary></indexterm>
+ <para>To add the locale name and MIME character set, just set
+ the two environment variables shown below in the
+ <filename>/etc/profile</filename> and/or
+ <filename>/etc/csh.login</filename> shell startup files. We
+ will use the German language as an example below:</para>
+
+ <para>In <filename>/etc/profile</filename>:</para>
+
+ <programlisting><envar>LANG=de_DE.ISO8859-1; export LANG</envar>
+<envar>MM_CHARSET=ISO-8859-1; export MM_CHARSET</envar></programlisting>
+
+ <para>Or in <filename>/etc/csh.login</filename>:</para>
+
+ <programlisting><envar>setenv LANG de_DE.ISO8859-1</envar>
+<envar>setenv MM_CHARSET ISO-8859-1</envar></programlisting>
+
+ <para>Alternatively, you can add the above instructions to
+ <filename>/usr/share/skel/dot.profile</filename> (similar to
+ what was used in <filename>/etc/profile</filename> above), or
+ <filename>/usr/share/skel/dot.login</filename> (similar to
+ what was used in <filename>/etc/csh.login</filename>
+ above).</para>
+
+ <para>For X11:</para>
+
+ <para>In <filename>$HOME/.xinitrc</filename>:</para>
+
+ <programlisting><envar>LANG=de_DE.ISO8859-1; export LANG</envar></programlisting>
+
+ <para>Or:</para>
+
+ <programlisting><envar>setenv LANG de_DE.ISO8859-1</envar></programlisting>
+
+ <para>Depending on your shell (see above).</para>
+
+ </sect4>
+ </sect3>
+ </sect2>
+
+ <sect2 id="setting-console">
+ <title>Console Setup</title>
+
+ <para>For all single C chars character sets, set the correct
+ console fonts in <filename>/etc/rc.conf</filename> for the
+ language in question with:</para>
+
+ <programlisting>font8x16=<replaceable>font_name</replaceable>
+font8x14=<replaceable>font_name</replaceable>
+font8x8=<replaceable>font_name</replaceable></programlisting>
+
+ <para>The <replaceable>font_name</replaceable> here is taken from
+ the <filename>/usr/share/syscons/fonts</filename> directory,
+ without the <filename>.fnt</filename> suffix.</para>
+
+ <indexterm>
+ <primary><application>sysinstall</application></primary>
+ </indexterm>
+ <indexterm><primary>keymap</primary></indexterm>
+ <indexterm><primary>screenmap</primary></indexterm>
+ <para>Also be sure to set the correct keymap and screenmap for your
+ single C chars character set through
+ <command>sysinstall</command> (<command>/stand/sysinstall</command>
+ in &os; versions older than 5.2).
+ Once inside <application>sysinstall</application>, choose <guimenuitem>Configure</guimenuitem>, then
+ <guimenuitem>Console</guimenuitem>. Alternatively, you can add the
+ following to <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>scrnmap=<replaceable>screenmap_name</replaceable>
+keymap=<replaceable>keymap_name</replaceable>
+keychange="<replaceable>fkey_number sequence</replaceable>"</programlisting>
+
+ <para>The <replaceable>screenmap_name</replaceable> here is taken
+ from the <filename>/usr/share/syscons/scrnmaps</filename>
+ directory, without the <filename>.scm</filename> suffix. A
+ screenmap with a corresponding mapped font is usually needed as a
+ workaround for expanding bit 8 to bit 9 on a VGA adapter's font
+ character matrix in pseudographics area, i.e., to move letters out
+ of that area if screen font uses a bit 8 column.</para>
+
+ <para>If you have the <application>moused</application> daemon
+ enabled by setting the following
+ in your <filename>/etc/rc.conf</filename>:</para>
+
+<programlisting>moused_enable="YES"</programlisting>
+
+ <para>then examine the mouse cursor information in the next
+ paragraph.</para>
+
+ <indexterm>
+ <primary><application>moused</application></primary>
+ </indexterm>
+ <para>By default the mouse cursor of the &man.syscons.4; driver occupies the
+ 0xd0-0xd3 range in the character set. If your language uses this
+ range, you need to move the cursor's range outside of it. To enable
+ the workaround for FreeBSD versions before 5.0, insert the following
+ line into your kernel configuration:</para>
+
+ <programlisting>options SC_MOUSE_CHAR=0x03</programlisting>
+
+ <para>For FreeBSD versions 4.4 and up insert the following line
+ into <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>mousechar_start=3</programlisting>
+
+ <para>The <replaceable>keymap_name</replaceable> here is taken from
+ the <filename>/usr/share/syscons/keymaps</filename> directory,
+ without the <filename>.kbd</filename> suffix. If you are
+ uncertain which keymap to use, you use can &man.kbdmap.1; to test
+ keymaps without rebooting.</para>
+
+ <para>The <literal>keychange</literal> is usually needed to program
+ function keys to match the selected terminal type because
+ function key sequences cannot be defined in the key map.</para>
+
+ <para>Also be sure to set the correct console terminal type in
+ <filename>/etc/ttys</filename> for all <literal>ttyv*</literal>
+ entries. Current pre-defined correspondences are:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Character Set</entry>
+ <entry>Terminal Type</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>ISO-8859-1 or ISO-8859-15</entry>
+ <entry><literal>cons25l1</literal></entry>
+ </row>
+
+ <row>
+ <entry>ISO-8859-2</entry>
+ <entry><literal>cons25l2</literal></entry>
+ </row>
+
+ <row>
+ <entry>ISO-8859-7</entry>
+ <entry><literal>cons25l7</literal></entry>
+ </row>
+
+ <row>
+ <entry>KOI8-R</entry>
+ <entry><literal>cons25r</literal></entry>
+ </row>
+
+ <row>
+ <entry>KOI8-U</entry>
+ <entry><literal>cons25u</literal></entry>
+ </row>
+
+ <row>
+ <entry>CP437 (VGA default)</entry>
+ <entry><literal>cons25</literal></entry>
+ </row>
+
+ <row>
+ <entry>US-ASCII</entry>
+ <entry><literal>cons25w</literal></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>For wide or multibyte characters languages, use the correct
+ FreeBSD port in your
+ <filename>/usr/ports/<replaceable>language</replaceable></filename>
+ directory. Some ports appear as console while the system sees it
+ as serial vtty's, hence you must reserve enough vtty's for both
+ X11 and the pseudo-serial console. Here is a partial list of
+ applications for using other languages in console:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Language</entry>
+ <entry>Location</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>Traditional Chinese (BIG-5)</entry>
+ <entry><filename role="package">chinese/big5con</filename></entry>
+ </row>
+
+ <row>
+ <entry>Japanese</entry>
+ <entry><filename role="package">japanese/kon2-16dot</filename> or
+ <filename role="package">japanese/mule-freewnn</filename></entry>
+ </row>
+
+ <row>
+ <entry>Korean</entry>
+ <entry><filename role="package">korean/han</filename></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
+ <sect2>
+ <title>X11 Setup</title>
+
+ <para>Although X11 is not part of the FreeBSD Project, we have
+ included some information here for FreeBSD users. For more
+ details, refer to the <ulink
+ url="http://www.x.org/">&xorg;
+ web site</ulink> or whichever X11 Server you use.</para>
+
+ <para>In <filename>~/.Xresources</filename>, you can additionally
+ tune application specific I18N settings (e.g., fonts, menus,
+ etc.).</para>
+
+ <sect3>
+ <title>Displaying Fonts</title>
+ <indexterm><primary>X11 True Type font server</primary></indexterm>
+ <para>Install <application>&xorg;</application> server
+ (<filename role="package">x11-servers/xorg-server</filename>)
+ or <application>&xfree86;</application> server
+ (<filename role="package">x11-servers/XFree86-4-Server</filename>),
+ then install the language &truetype; fonts. Setting the correct
+ locale should allow you to view your selected language in menus
+ and such.</para>
+ </sect3>
+
+ <sect3>
+ <title>Inputting Non-English Characters</title>
+ <indexterm><primary>X11 Input Method (XIM)</primary></indexterm>
+ <para>The X11 Input Method (XIM) Protocol is a new standard for
+ all X11 clients. All X11 applications should be written as XIM
+ clients that take input from XIM Input servers. There are
+ several XIM servers available for different languages.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Printer Setup</title>
+
+ <para>Some single C chars character sets are usually hardware
+ coded into printers. Wide or multibyte
+ character sets require special setup and we recommend using
+ <application>apsfilter</application>. You may also convert the
+ document to &postscript; or PDF formats using language specific
+ converters.</para>
+ </sect2>
+
+ <sect2>
+ <title>Kernel and File Systems</title>
+
+ <para>The FreeBSD fast filesystem (FFS) is 8-bit clean, so it can be used
+ with any single C chars character set (see &man.multibyte.3;),
+ but there is no character set
+ name stored in the filesystem; i.e., it is raw 8-bit and does not
+ know anything about encoding order. Officially, FFS does not
+ support any form of wide or multibyte character sets yet. However, some
+ wide or multibyte character sets have independent patches for FFS
+ enabling such support. They are only temporary unportable
+ solutions or hacks and we have decided to not include them in the
+ source tree. Refer to respective languages' web sites for more
+ information and the patch files.</para>
+
+ <indexterm><primary>DOS</primary></indexterm>
+ <indexterm><primary>Unicode</primary></indexterm>
+ <para>The FreeBSD &ms-dos; filesystem has the configurable ability to
+ convert between &ms-dos;, Unicode character sets and chosen
+ FreeBSD filesystem character sets. See &man.mount.msdos.8; for
+ details.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="l10n-compiling">
+ <title>Compiling I18N Programs</title>
+
+ <para>Many FreeBSD Ports have been ported with I18N support. Some
+ of them are marked with -I18N in the port name. These and many
+ other programs have built in support for I18N and need no special
+ consideration.</para>
+
+ <indexterm>
+ <primary><application>MySQL</application></primary>
+ </indexterm>
+ <para>However, some applications such as
+ <application>MySQL</application> need to be have the
+ <filename>Makefile</filename> configured with the specific
+ charset. This is usually done in the
+ <filename>Makefile</filename> or done by passing a value to
+ <application>configure</application> in the source.</para>
+ </sect1>
+
+ <sect1 id="lang-setup">
+ <title>Localizing FreeBSD to Specific Languages</title>
+
+ <sect2 id="ru-localize">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Andrey</firstname>
+ <surname>Chernov</surname>
+ <contrib>Originally contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>Russian Language (KOI8-R Encoding)</title>
+ <indexterm>
+ <primary>localization</primary>
+ <secondary>Russian</secondary>
+ </indexterm>
+
+ <para>For more information about KOI8-R encoding, see the <ulink
+ url="http://koi8.pp.ru/">KOI8-R References
+ (Russian Net Character Set)</ulink>.</para>
+
+ <sect3>
+ <title>Locale Setup</title>
+
+ <para>Put the following lines into your
+ <filename>~/.login_conf</filename> file:</para>
+
+ <programlisting>me:My Account:\
+ :charset=KOI8-R:\
+ :lang=ru_RU.KOI8-R:</programlisting>
+
+ <para>See earlier in this chapter for examples of setting up the
+ <link linkend="setting-locale">locale</link>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Console Setup</title>
+
+ <itemizedlist>
+ <listitem>
+ <para>For the FreeBSD versions before 5.0 add the following line
+ to your kernel configuration file:</para>
+
+ <programlisting>options SC_MOUSE_CHAR=0x03</programlisting>
+
+ <para>For FreeBSD versions 4.4 and up insert the following
+ line into <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>mousechar_start=3</programlisting>
+ </listitem>
+
+ <listitem>
+ <para>Use following settings in
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>keymap="ru.koi8-r"
+scrnmap="koi8-r2cp866"
+font8x16="cp866b-8x16"
+font8x14="cp866-8x14"
+font8x8="cp866-8x8"</programlisting>
+
+ </listitem>
+
+ <listitem>
+ <para>For each <literal>ttyv*</literal> entry in
+ <filename>/etc/ttys</filename>, use
+ <literal>cons25r</literal> as the terminal type.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>See earlier in this chapter for examples of setting up the
+ <link linkend="setting-console">console</link>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Printer Setup</title>
+ <indexterm><primary>printers</primary></indexterm>
+ <para>Since most printers with Russian characters come with
+ hardware code page CP866, a special output filter is needed
+ to convert from KOI8-R to CP866. Such a filter is installed by
+ default as <filename>/usr/libexec/lpr/ru/koi2alt</filename>.
+ A Russian printer <filename>/etc/printcap</filename> entry
+ should look like:</para>
+
+ <programlisting>lp|Russian local line printer:\
+ :sh:of=/usr/libexec/lpr/ru/koi2alt:\
+ :lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs:</programlisting>
+
+ <para>See &man.printcap.5; for a detailed description.</para>
+ </sect3>
+
+ <sect3>
+ <title>&ms-dos; FS and Russian Filenames</title>
+
+ <para>The following example &man.fstab.5; entry enables support
+ for Russian filenames in mounted &ms-dos; filesystems:</para>
+
+ <programlisting>/dev/ad0s2 /dos/c msdos rw,-Wkoi2dos,-Lru_RU.KOI8-R 0 0</programlisting>
+
+ <para>The option <option>-L</option> selects the locale name
+ used, and <option>-W</option> sets the character conversion
+ table. To use the <option>-W</option> option, be sure to
+ mount <filename>/usr</filename> before the &ms-dos; partition
+ because the conversion tables are located in
+ <filename>/usr/libdata/msdosfs</filename>. For more
+ information, see the &man.mount.msdos.8; manual
+ page.</para>
+ </sect3>
+
+ <sect3>
+ <title>X11 Setup</title>
+
+ <orderedlist>
+ <listitem>
+ <para>Do <link linkend="setting-locale">non-X locale
+ setup</link> first as described.</para>
+
+ <note>
+ <para><anchor id="russian-note">The Russian KOI8-R locale
+ may not work with old <application>&xfree86;</application> releases (lower than 3.3).
+ <application>&xorg;</application> is now the default
+ version of the X Window System on FreeBSD.
+ This should not be an
+ issue unless you are using an old version of
+ FreeBSD.</para>
+ </note>
+ </listitem>
+
+ <listitem>
+ <para>If you use <application>&xorg;</application>,
+ install
+ <filename role="package">x11-fonts/xorg-fonts-cyrillic</filename>
+ package.</para>
+
+ <para>Check the <literal>"Files"</literal> section
+ in your <filename>/etc/X11/xorg.conf</filename> file.
+ The following
+ lines must be added <emphasis>before</emphasis> any other
+ <literal>FontPath</literal> entries:</para>
+
+ <programlisting>FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/misc"
+FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/75dpi"
+FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/100dpi"</programlisting>
+
+ <para>If you use a high resolution video mode, swap the 75 dpi
+ and 100 dpi lines.</para>
+ </listitem>
+
+ <listitem>
+ <para>To activate a Russian keyboard, add the following to the
+ <literal>"Keyboard"</literal> section of your
+ <filename>XF86Config</filename> file.</para>
+
+ <para>For <application>&xfree86; 3.X</application>:</para>
+
+ <programlisting>XkbLayout "ru"
+XkbOptions "grp:caps_toggle"</programlisting>
+
+ <para>For <application>&xorg;</application> (or
+ <application>&xfree86; 4.X</application>):</para>
+
+ <programlisting>Option "XkbLayout" "us,ru"
+Option "XkbOptions" "grp:toggle"</programlisting>
+
+ <para>Also make sure that <literal>XkbDisable</literal> is
+ turned off (commented out) there.</para>
+
+ <para>For <literal>grp:caps_toggle</literal>
+ the RUS/LAT switch will be <keycap>CapsLock</keycap>.
+ The old <keycap>CapsLock</keycap> function is still
+ available via <keycombo action="simul"><keycap>Shift</keycap><keycap>CapsLock</keycap></keycombo> (in LAT mode
+ only). For <literal>grp:toggle</literal>
+ the RUS/LAT switch will be <keycap>Right Alt</keycap>.
+ <literal>grp:caps_toggle</literal> does not work in
+ <application>&xorg;</application> for unknown reason.</para>
+
+ <para>If you have <quote>&windows;</quote> keys on your keyboard,
+ and notice that some non-alphabetical keys are mapped
+ incorrectly in RUS mode, add the following line in your
+ <filename>XF86Config</filename> file.</para>
+
+ <para>For <application>&xfree86; 3.X</application>:</para>
+
+ <programlisting>XkbVariant "winkeys"</programlisting>
+
+ <para>For <application>&xorg;</application> (or
+ <application>&xfree86; 4.X</application>):</para>
+
+ <programlisting>Option "XkbVariant" ",winkeys"</programlisting>
+
+ <note>
+ <para>The Russian XKB keyboard may not work with old <application>&xfree86;</application>
+ versions, see the <link linkend="russian-note">above
+ note</link> for more information. The Russian XKB
+ keyboard may also not work with non-localized
+ applications as well.</para>
+ </note>
+ </listitem>
+ </orderedlist>
+ <note>
+ <para>Minimally localized applications
+ should call a <function>XtSetLanguageProc (NULL, NULL,
+ NULL);</function> function early in the program.</para>
+ <para>See <ulink
+ url="http://koi8.pp.ru/xwin.html">
+ KOI8-R for X Window</ulink> for more instructions on
+ localizing X11 applications.</para>
+ </note>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Traditional Chinese Localization for Taiwan</title>
+ <indexterm>
+ <primary>localization</primary>
+ <secondary>Traditional Chinese</secondary>
+ </indexterm>
+ <para>The FreeBSD-Taiwan Project has an Chinese HOWTO for
+ FreeBSD at <ulink url="http://netlab.cse.yzu.edu.tw/~statue/freebsd/zh-tut/"></ulink>
+ using many Chinese ports.
+ Current editor for the <literal>FreeBSD Chinese HOWTO</literal> is
+ Shen Chuan-Hsing <email>statue@freebsd.sinica.edu.tw</email>.
+ </para>
+
+ <para>Chuan-Hsing Shen <email>statue@freebsd.sinica.edu.tw</email> has
+ created the <ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/">
+ Chinese FreeBSD Collection (CFC)</ulink> using FreeBSD-Taiwan's
+ <literal>zh-L10N-tut</literal>. The packages and the script files
+ are available at <ulink url="ftp://freebsd.csie.nctu.edu.tw/pub/taiwan/CFC/"></ulink>.</para>
+ </sect2>
+
+ <sect2>
+ <title>German Language Localization (for All ISO 8859-1
+ Languages)</title>
+ <indexterm>
+ <primary>localization</primary>
+ <secondary>German</secondary>
+ </indexterm>
+
+ <para>Slaven Rezic <email>eserte@cs.tu-berlin.de</email> wrote a
+ tutorial how to use umlauts on a FreeBSD machine. The tutorial
+ is written in German and available at
+ <ulink url="http://www.de.FreeBSD.org/de/umlaute/"></ulink>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Japanese and Korean Language Localization</title>
+ <indexterm>
+ <primary>localization</primary>
+ <secondary>Japanese</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>localization</primary>
+ <secondary>Korean</secondary>
+ </indexterm>
+ <para>For Japanese, refer to
+ <ulink url="http://www.jp.FreeBSD.org/"></ulink>,
+ and for Korean, refer to
+ <ulink url="http://www.kr.FreeBSD.org/"></ulink>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Non-English FreeBSD Documentation</title>
+
+ <para>Some FreeBSD contributors have translated parts of FreeBSD to
+ other languages. They are available through links on the <ulink
+ url="&url.base;/index.html">main site</ulink> or in
+ <filename>/usr/share/doc</filename>.</para>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/linuxemu/Makefile b/zh_TW.Big5/books/handbook/linuxemu/Makefile
new file mode 100644
index 0000000000..37adfa9af6
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/linuxemu/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= linuxemu/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/linuxemu/chapter.sgml b/zh_TW.Big5/books/handbook/linuxemu/chapter.sgml
new file mode 100644
index 0000000000..a64a35ff6e
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/linuxemu/chapter.sgml
@@ -0,0 +1,3348 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="linuxemu">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Restructured and parts updated by </contrib>
+ </author>
+ <!-- 22 Mar 2000 -->
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Brian N.</firstname>
+ <surname>Handy</surname>
+ <contrib>Originally contributed by </contrib>
+ </author>
+ <author>
+ <firstname>Rich</firstname>
+ <surname>Murphey</surname>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Linux Binary Compatibility</title>
+
+ <sect1 id="linuxemu-synopsis">
+ <title>Synopsis</title>
+ <indexterm><primary>Linux binary compatibility</primary></indexterm>
+ <indexterm>
+ <primary>binary compatibility</primary>
+ <secondary>Linux</secondary>
+ </indexterm>
+
+ <para>FreeBSD provides binary compatibility with several other
+ &unix; like operating systems, including Linux. At this point,
+ you may be asking yourself why exactly, does
+ FreeBSD need to be able to run Linux binaries? The answer to that
+ question is quite simple. Many companies and developers develop
+ only for Linux, since it is the latest <quote>hot thing</quote> in
+ the computing world. That leaves the rest of us FreeBSD users
+ bugging these same companies and developers to put out native
+ FreeBSD versions of their applications. The problem is, that most
+ of these companies do not really realize how many people would use
+ their product if there were FreeBSD versions too, and most continue
+ to only develop for Linux. So what is a FreeBSD user to do? This
+ is where the Linux binary compatibility of FreeBSD comes into
+ play.</para>
+
+ <para>In a nutshell, the compatibility allows FreeBSD users to run
+ about 90% of all Linux applications without modification. This
+ includes applications such as <application>&staroffice;</application>,
+ the Linux version of <application>&netscape;</application>,
+ <application>&adobe;&nbsp;&acrobat;</application>,
+ <application><trademark class="registered">RealPlayer</trademark></application>,
+ <application><trademark>VMware</trademark></application>,
+ <application>&oracle;</application>,
+ <application><trademark class="registered">WordPerfect</trademark></application>, <application>Doom</application>,
+ <application>Quake</application>, and more. It is also reported
+ that in some situations, Linux binaries perform better on FreeBSD
+ than they do under Linux.</para>
+
+ <para>There are, however, some Linux-specific operating system
+ features that are not supported under FreeBSD. Linux binaries will
+ not work on FreeBSD if they overly use &i386; specific
+ calls, such as enabling virtual 8086 mode.</para>
+
+ <para>After reading this chapter, you will know:</para>
+ <itemizedlist>
+ <listitem>
+ <para>How to enable Linux binary compatibility on your system.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install additional Linux shared
+ libraries.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install Linux applications on your FreeBSD system.</para>
+ </listitem>
+
+ <listitem>
+ <para>The implementation details of Linux compatibility in FreeBSD.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Know how to install additional third-party
+ software (<xref linkend="ports">).</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="linuxemu-lbc-install">
+ <title>Installation</title>
+
+ <indexterm><primary>KLD (kernel loadable object)</primary></indexterm>
+
+ <para>Linux binary compatibility is not turned on by default. The
+ easiest way to enable this functionality is to load the
+ <literal>linux</literal> KLD object (<quote>Kernel LoaDable
+ object</quote>). You can load this module by typing the
+ following as <username>root</username>:</para>
+
+ <screen>&prompt.root; <userinput>kldload linux</userinput></screen>
+
+ <para>If you would like Linux compatibility to always be enabled,
+ then you should add the following line to
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>linux_enable="YES"</programlisting>
+
+ <para>The &man.kldstat.8; command can be used to verify that the
+ KLD is loaded:</para>
+
+ <screen>&prompt.user; <userinput>kldstat</userinput>
+Id Refs Address Size Name
+ 1 2 0xc0100000 16bdb8 kernel
+ 7 1 0xc24db000 d000 linux.ko</screen>
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>LINUX</secondary>
+ </indexterm>
+
+ <para>If for some reason you do not want to or cannot load the KLD,
+ then you may statically link Linux binary compatibility into the kernel
+ by adding <literal>options COMPAT_LINUX</literal> to your kernel
+ configuration file. Then install your new kernel as described in
+ <xref linkend="kernelconfig">.</para>
+
+ <sect2>
+ <title>Installing Linux Runtime Libraries</title>
+ <indexterm>
+ <primary>Linux</primary>
+ <secondary>installing Linux libraries</secondary>
+ </indexterm>
+
+ <para>This can be done one of two ways, either by using the
+ <link linkend="linuxemu-libs-port">linux_base</link> port, or
+ by installing them <link
+ linkend="linuxemu-libs-manually">manually</link>.</para>
+
+ <sect3 id="linuxemu-libs-port">
+ <title>Installing Using the linux_base Port</title>
+ <indexterm><primary>Ports Collection</primary></indexterm>
+
+ <para>This is by far the easiest method to use when installing the
+ runtime libraries. It is just like installing any other port
+ from the <ulink type="html" url="file://localhost/usr/ports/">Ports Collection</ulink>.
+ Simply do the following:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/emulators/linux_base</userinput>
+&prompt.root; <userinput>make install distclean</userinput></screen>
+
+ <para>You should now have working Linux binary compatibility.
+ Some programs may complain about incorrect minor versions of the
+ system libraries. In general, however, this does not seem to be
+ a problem.</para>
+
+ <note><para>There may be multiple versions of the <filename
+ role="package">emulators/linux_base</filename> port available,
+ corresponding to different versions of various Linux distributions.
+ You should install the port most closely resembling the
+ requirements of the Linux applications you would like to
+ install.</para></note>
+
+ </sect3>
+
+ <sect3 id="linuxemu-libs-manually">
+ <title>Installing Libraries Manually</title>
+
+ <para>If you do not have the <quote>ports</quote> collection
+ installed, you can install the libraries by hand instead. You
+ will need the Linux shared libraries that the program depends on
+ and the runtime linker. Also, you will need to create a
+ <quote>shadow root</quote> directory,
+ <filename>/compat/linux</filename>, for Linux libraries on your
+ FreeBSD system. Any shared libraries opened by Linux programs
+ run under FreeBSD will look in this tree first. So, if a Linux
+ program loads, for example, <filename>/lib/libc.so</filename>,
+ FreeBSD will first try to open
+ <filename>/compat/linux/lib/libc.so</filename>, and if that does
+ not exist, it will then try <filename>/lib/libc.so</filename>.
+ Shared libraries should be installed in the shadow tree
+ <filename>/compat/linux/lib</filename> rather than the paths
+ that the Linux <command>ld.so</command> reports.</para>
+
+ <para>Generally, you will need to look for the shared libraries
+ that Linux binaries depend on only the first few times that you
+ install a Linux program on your FreeBSD system. After a while,
+ you will have a sufficient set of Linux shared libraries on your
+ system to be able to run newly imported Linux binaries without
+ any extra work.</para>
+ </sect3>
+
+ <sect3>
+ <title>How to Install Additional Shared Libraries</title>
+ <indexterm><primary>shared libraries</primary></indexterm>
+
+ <para>What if you install the <filename>linux_base</filename> port
+ and your application still complains about missing shared
+ libraries? How do you know which shared libraries Linux
+ binaries need, and where to get them? Basically, there are 2
+ possibilities (when following these instructions you will need
+ to be <username>root</username> on your FreeBSD system).</para>
+
+ <para>If you have access to a Linux system, see what shared
+ libraries the application needs, and copy them to your FreeBSD
+ system. Look at the following example:</para>
+
+ <informalexample>
+ <para>Let us assume you used FTP to get the Linux binary of
+ <application>Doom</application>, and put it on a Linux system you have access to. You
+ then can check which shared libraries it needs by running
+ <command>ldd linuxdoom</command>, like so:</para>
+
+ <screen>&prompt.user; <userinput>ldd linuxdoom</userinput>
+libXt.so.3 (DLL Jump 3.1) =&gt; /usr/X11/lib/libXt.so.3.1.0
+libX11.so.3 (DLL Jump 3.1) =&gt; /usr/X11/lib/libX11.so.3.1.0
+libc.so.4 (DLL Jump 4.5pl26) =&gt; /lib/libc.so.4.6.29</screen>
+
+ <indexterm><primary>symbolic links</primary></indexterm>
+ <para>You would need to get all the files from the last column,
+ and put them under <filename>/compat/linux</filename>, with
+ the names in the first column as symbolic links pointing to
+ them. This means you eventually have these files on your
+ FreeBSD system:</para>
+
+ <screen>/compat/linux/usr/X11/lib/libXt.so.3.1.0
+/compat/linux/usr/X11/lib/libXt.so.3 -&gt; libXt.so.3.1.0
+/compat/linux/usr/X11/lib/libX11.so.3.1.0
+/compat/linux/usr/X11/lib/libX11.so.3 -&gt; libX11.so.3.1.0
+/compat/linux/lib/libc.so.4.6.29
+/compat/linux/lib/libc.so.4 -&gt; libc.so.4.6.29</screen>
+
+ <blockquote>
+ <note>
+ <para>Note that if you already have a Linux shared library
+ with a matching major revision number to the first column
+ of the <command>ldd</command> output, you will not need to
+ copy the file named in the last column to your system, the
+ one you already have should work. It is advisable to copy
+ the shared library anyway if it is a newer version,
+ though. You can remove the old one, as long as you make
+ the symbolic link point to the new one. So, if you have
+ these libraries on your system:</para>
+
+ <screen>/compat/linux/lib/libc.so.4.6.27
+/compat/linux/lib/libc.so.4 -&gt; libc.so.4.6.27</screen>
+
+ <para>and you find a new binary that claims to require a
+ later version according to the output of
+ <command>ldd</command>:</para>
+
+ <screen>libc.so.4 (DLL Jump 4.5pl26) -&gt; libc.so.4.6.29</screen>
+
+ <para>If it is only one or two versions out of date in the
+ in the trailing digit then do not worry about copying
+ <filename>/lib/libc.so.4.6.29</filename> too, because the
+ program should work fine with the slightly older version.
+ However, if you like, you can decide to replace the
+ <filename>libc.so</filename> anyway, and that should leave
+ you with:</para>
+
+ <screen>/compat/linux/lib/libc.so.4.6.29
+/compat/linux/lib/libc.so.4 -&gt; libc.so.4.6.29</screen>
+ </note>
+ </blockquote>
+
+ <blockquote>
+ <note>
+ <para>The symbolic link mechanism is
+ <emphasis>only</emphasis> needed for Linux binaries. The
+ FreeBSD runtime linker takes care of looking for matching
+ major revision numbers itself and you do not need to worry
+ about it.</para>
+ </note>
+ </blockquote>
+ </informalexample>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Installing Linux ELF Binaries</title>
+ <indexterm>
+ <primary>Linux</primary>
+ <secondary>ELF binaries</secondary>
+ </indexterm>
+
+ <para>ELF binaries sometimes require an extra step of
+ <quote>branding</quote>. If you attempt to run an unbranded ELF
+ binary, you will get an error message like the following:</para>
+
+ <screen>&prompt.user; <userinput>./my-linux-elf-binary</userinput>
+ELF binary type not known
+Abort</screen>
+
+ <para>To help the FreeBSD kernel distinguish between a FreeBSD ELF
+ binary from a Linux binary, use the &man.brandelf.1;
+ utility.</para>
+
+ <screen>&prompt.user; <userinput>brandelf -t Linux my-linux-elf-binary</userinput></screen>
+
+ <indexterm><primary>GNU toolchain</primary></indexterm>
+ <para>The GNU toolchain now places the appropriate branding
+ information into ELF binaries automatically, so this step
+ should become increasingly unnecessary in the future.</para>
+ </sect2>
+
+ <sect2>
+ <title>Configuring the Hostname Resolver</title>
+
+ <para>If DNS does not work or you get this message:</para>
+
+ <screen>resolv+: "bind" is an invalid keyword resolv+:
+"hosts" is an invalid keyword</screen>
+
+ <para>You will need to configure a
+ <filename>/compat/linux/etc/host.conf</filename> file
+ containing:</para>
+
+ <programlisting>order hosts, bind
+multi on</programlisting>
+
+ <para>The order here specifies that <filename>/etc/hosts</filename>
+ is searched first and DNS is searched second. When
+ <filename>/compat/linux/etc/host.conf</filename> is not
+ installed, Linux applications find FreeBSD's
+ <filename>/etc/host.conf</filename> and complain about the
+ incompatible FreeBSD syntax. You should remove
+ <literal>bind</literal> if you have not configured a name server
+ using the <filename>/etc/resolv.conf</filename> file.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="linuxemu-mathematica">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ <contrib>Updated for Mathematica 4.X by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Bojan</firstname>
+ <surname>Bistrovic</surname>
+ <contrib>Merged with work by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Installing &mathematica;</title>
+
+ <indexterm>
+ <primary>applications</primary>
+ <secondary><application>Mathematica</application></secondary>
+ </indexterm>
+
+ <para>This document describes the process of installing the Linux
+ version of <application>&mathematica; 4.X</application> onto
+ a FreeBSD system.</para>
+
+ <para>The Linux version of <application>&mathematica;</application>
+ runs perfectly under FreeBSD
+ however the binaries shipped by Wolfram need to be branded so that
+ FreeBSD knows to use the Linux ABI to execute them.</para>
+
+ <para>The Linux version of <application>&mathematica;</application>
+ or <application>&mathematica; for Students</application> can
+ be ordered directly from Wolfram at
+ <ulink url="http://www.wolfram.com/"></ulink>.</para>
+
+ <sect2>
+ <title>Branding the Linux Binaries</title>
+
+ <para>The Linux binaries are located in the <filename>Unix</filename>
+ directory of the <application>&mathematica;</application> CDROM
+ distributed by Wolfram. You
+ need to copy this directory tree to your local hard drive so that
+ you can brand the Linux binaries with &man.brandelf.1; before
+ running the installer:</para>
+
+ <screen>&prompt.root; <userinput>mount /cdrom</userinput>
+&prompt.root; <userinput>cp -rp /cdrom/Unix/ /localdir/</userinput>
+&prompt.root; <userinput>brandelf -t Linux /localdir/Files/SystemFiles/Kernel/Binaries/Linux/*</userinput>
+&prompt.root; <userinput>brandelf -t Linux /localdir/Files/SystemFiles/FrontEnd/Binaries/Linux/*</userinput>
+&prompt.root; <userinput>brandelf -t Linux /localdir/Files/SystemFiles/Installation/Binaries/Linux/*</userinput>
+&prompt.root; <userinput>brandelf -t Linux /localdir/Files/SystemFiles/Graphics/Binaries/Linux/*</userinput>
+&prompt.root; <userinput>brandelf -t Linux /localdir/Files/SystemFiles/Converters/Binaries/Linux/*</userinput>
+&prompt.root; <userinput>brandelf -t Linux /localdir/Files/SystemFiles/LicenseManager/Binaries/Linux/mathlm</userinput>
+&prompt.root; <userinput>cd /localdir/Installers/Linux/</userinput>
+&prompt.root; <userinput>./MathInstaller</userinput></screen>
+
+ <para>Alternatively, you can simply set the default ELF brand
+ to Linux for all unbranded binaries with the command:</para>
+ <screen>&prompt.root; <userinput>sysctl kern.fallback_elf_brand=3</userinput></screen>
+ <para>This will make FreeBSD assume that unbranded ELF binaries
+ use the Linux ABI and so you should be able to run the
+ installer straight from the CDROM.</para>
+ </sect2>
+
+ <sect2>
+ <title>Obtaining Your &mathematica; Password</title>
+
+ <para>Before you can run <application>&mathematica;</application>
+ you will have to obtain a
+ password from Wolfram that corresponds to your <quote>machine
+ ID</quote>.</para>
+ <indexterm>
+ <primary>Ethernet</primary>
+ <secondary>MAC address</secondary>
+ </indexterm>
+
+ <para>Once you have installed the Linux compatibility runtime
+ libraries and unpacked <application>&mathematica;</application>
+ you can obtain the
+ <quote>machine ID</quote> by running the program
+ <command>mathinfo</command> in the installation directory. This
+ machine ID is based solely on the MAC address of your first
+ Ethernet card.</para>
+
+ <screen>&prompt.root; <userinput>cd /localdir/Files/SystemFiles/Installation/Binaries/Linux</userinput>
+&prompt.root; <userinput>mathinfo</userinput>
+disco.example.com 7115-70839-20412</screen>
+
+ <para>When you register with Wolfram, either by email, phone or fax,
+ you will give them the <quote>machine ID</quote> and they will
+ respond with a corresponding password consisting of groups of
+ numbers. You can then enter this information when you attempt to
+ run <application>&mathematica;</application> for the first time
+ exactly as you would for any other
+ <application>&mathematica;</application> platform.</para>
+ </sect2>
+
+ <sect2>
+ <title>Running the &mathematica; Frontend over a Network</title>
+
+ <para><application>&mathematica;</application> uses some special
+ fonts to display characters not
+ present in any of the standard font sets (integrals, sums, Greek
+ letters, etc.). The X protocol requires these fonts to be install
+ <emphasis>locally</emphasis>. This means you will have to copy
+ these fonts from the CDROM or from a host with
+ <application>&mathematica;</application>
+ installed to your local machine. These fonts are normally stored
+ in <filename>/cdrom/Unix/Files/SystemFiles/Fonts</filename> on the
+ CDROM, or
+ <filename>/usr/local/mathematica/SystemFiles/Fonts</filename> on
+ your hard drive. The actual fonts are in the subdirectories
+ <filename>Type1</filename> and <filename>X</filename>. There are
+ several ways to use them, as described below.</para>
+
+ <para>The first way is to copy them into one of the existing font
+ directories in <filename>/usr/X11R6/lib/X11/fonts</filename>.
+ This will require editing the <filename>fonts.dir</filename> file,
+ adding the font names to it, and changing the number of fonts on
+ the first line. Alternatively, you should also just be able to
+ run &man.mkfontdir.1; in the directory you have copied
+ them to.</para>
+
+ <para>The second way to do this is to copy the directories to
+ <filename>/usr/X11R6/lib/X11/fonts</filename>:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/X11R6/lib/X11/fonts</userinput>
+&prompt.root; <userinput>mkdir X</userinput>
+&prompt.root; <userinput>mkdir MathType1</userinput>
+&prompt.root; <userinput>cd /cdrom/Unix/Files/SystemFiles/Fonts</userinput>
+&prompt.root; <userinput>cp X/* /usr/X11R6/lib/X11/fonts/X</userinput>
+&prompt.root; <userinput>cp Type1/* /usr/X11R6/lib/X11/fonts/MathType1</userinput>
+&prompt.root; <userinput>cd /usr/X11R6/lib/X11/fonts/X</userinput>
+&prompt.root; <userinput>mkfontdir</userinput>
+&prompt.root; <userinput>cd ../MathType1</userinput>
+&prompt.root; <userinput>mkfontdir</userinput></screen>
+
+ <para>Now add the new font directories to your font path:</para>
+
+ <screen>&prompt.root; <userinput>xset fp+ /usr/X11R6/lib/X11/fonts/X</userinput>
+&prompt.root; <userinput>xset fp+ /usr/X11R6/lib/X11/fonts/MathType1</userinput>
+&prompt.root; <userinput>xset fp rehash</userinput></screen>
+
+ <para>If you are using the <application>&xorg;</application> server, you can have these font
+ directories loaded automatically by adding them to your
+ <filename>xorg.conf</filename> file.</para>
+
+ <note><para>For <application>&xfree86;</application> servers,
+ the configuration file is <filename>XF86Config</filename>.</para></note>
+ <indexterm><primary>fonts</primary></indexterm>
+
+ <para>If you <emphasis>do not</emphasis> already have a directory
+ called <filename>/usr/X11R6/lib/X11/fonts/Type1</filename>, you
+ can change the name of the <filename>MathType1</filename>
+ directory in the example above to
+ <filename>Type1</filename>.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="linuxemu-maple">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Aaron</firstname>
+ <surname>Kaplan</surname>
+<!-- <address><email>aaron@lo-res.org</email></address>-->
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Robert</firstname>
+ <surname>Getschmann</surname>
+<!-- <address><email>rob@getschmann.org</email></address>-->
+ <contrib>Thanks to </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Installing &maple;</title>
+
+ <indexterm>
+ <primary>applications</primary>
+ <secondary><application>Maple</application></secondary>
+ </indexterm>
+
+ <para><application>&maple;</application> is a commercial mathematics program similar to
+ <application>&mathematica;</application>. You must purchase this software from <ulink
+ url="http://www.maplesoft.com/"></ulink> and then register there
+ for a license file. To install this software on FreeBSD, please
+ follow these simple steps.</para>
+
+ <procedure>
+ <step><para>Execute the <filename>INSTALL</filename> shell
+ script from the product distribution. Choose the
+ <quote>RedHat</quote> option when prompted by the
+ installation program. A typical installation directory
+ might be <filename
+ class="directory">/usr/local/maple</filename>.</para></step>
+
+ <step><para>If you have not done so, order a license for <application>&maple;</application>
+ from Maple Waterloo Software (<ulink url="http://register.maplesoft.com/"></ulink>)
+ and copy it to
+ <filename>/usr/local/maple/license/license.dat</filename>.</para></step>
+
+ <step><para>Install the <application>FLEXlm</application>
+ license manager by running the
+ <filename>INSTALL_LIC</filename> install shell script that
+ comes with <application>&maple;</application>. Specify the
+ primary hostname for your machine for the license
+ server.</para></step>
+
+ <step><para>Patch the
+ <filename>/usr/local/maple/bin/maple.system.type</filename>
+ file with the following:</para>
+<programlisting> ----- snip ------------------
+*** maple.system.type.orig Sun Jul 8 16:35:33 2001
+--- maple.system.type Sun Jul 8 16:35:51 2001
+***************
+*** 72,77 ****
+--- 72,78 ----
+ # the IBM RS/6000 AIX case
+ MAPLE_BIN="bin.IBM_RISC_UNIX"
+ ;;
++ "FreeBSD"|\
+ "Linux")
+ # the Linux/x86 case
+ # We have two Linux implementations, one for Red Hat and
+ ----- snip end of patch -----</programlisting>
+
+ <para>Please note that after the <literal>"FreeBSD"|\</literal> no other
+ whitespace should be present.</para>
+
+ <para>This patch instructs <application>&maple;</application> to
+ recognize <quote>FreeBSD</quote> as a type of Linux system.
+ The <filename>bin/maple</filename> shell script calls the
+ <filename>bin/maple.system.type</filename> shell script
+ which in turn calls <command>uname -a</command> to find out the operating
+ system name. Depending on the OS name it will find out which
+ binaries to use.</para></step>
+
+ <step><para>Start the license server.</para>
+
+ <para>The following script, installed as
+ <filename>/usr/local/etc/rc.d/lmgrd.sh</filename> is a
+ convenient way to start up <command>lmgrd</command>:</para>
+
+ <programlisting> ----- snip ------------
+
+#! /bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
+PATH=${PATH}:/usr/local/maple/bin:/usr/local/maple/FLEXlm/UNIX/LINUX
+export PATH
+
+LICENSE_FILE=/usr/local/maple/license/license.dat
+LOG=/var/log/lmgrd.log
+
+case "$1" in
+start)
+ lmgrd -c ${LICENSE_FILE} 2>> ${LOG} 1>&2
+ echo -n " lmgrd"
+ ;;
+stop)
+ lmgrd -c ${LICENSE_FILE} -x lmdown 2>> ${LOG} 1>&2
+ ;;
+*)
+ echo "Usage: `basename $0` {start|stop}" 1>&2
+ exit 64
+ ;;
+esac
+
+exit 0
+ ----- snip ------------</programlisting></step>
+
+
+ <step><para>Test-start <application>&maple;</application>:</para>
+ <screen>&prompt.user; <userinput>cd /usr/local/maple/bin</userinput>
+&prompt.user; <userinput>./xmaple</userinput></screen>
+
+ <para>You should be up and running. Make sure to write
+ Maplesoft to let them know you would like a native FreeBSD
+ version!</para></step>
+ </procedure>
+
+ <sect2>
+ <title>Common Pitfalls</title>
+
+ <itemizedlist>
+ <listitem><para>The <application>FLEXlm</application> license manager can be a difficult
+ tool to work with. Additional documentation on the subject
+ can be found at <ulink
+ url="http://www.globetrotter.com/"></ulink>.</para></listitem>
+
+ <listitem><para><command>lmgrd</command> is known to be very picky
+ about the license file and to core dump if there are any
+ problems. A correct license file should look like this:</para>
+
+<programlisting># =======================================================
+# License File for UNIX Installations ("Pointer File")
+# =======================================================
+SERVER chillig ANY
+#USE_SERVER
+VENDOR maplelmg
+
+FEATURE Maple maplelmg 2000.0831 permanent 1 XXXXXXXXXXXX \
+ PLATFORMS=i86_r ISSUER="Waterloo Maple Inc." \
+ ISSUED=11-may-2000 NOTICE=" Technische Universitat Wien" \
+ SN=XXXXXXXXX</programlisting>
+
+ <note><para>Serial number and key 'X''ed out. <hostid>chillig</hostid> is a
+ hostname.</para></note>
+
+ <para>Editing the license file works as long as you do not
+ touch the <quote>FEATURE</quote> line (which is protected by the
+ license key).</para></listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="linuxemu-matlab">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Dan</firstname>
+ <surname>Pelleg</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ <!-- daniel+handbook@pelleg.org -->
+ </authorgroup>
+ </sect1info>
+ <title>Installing &matlab;</title>
+
+ <indexterm>
+ <primary>applications</primary>
+ <secondary><application>MATLAB</application></secondary>
+ </indexterm>
+
+ <para>This document describes the process of installing the Linux
+ version of <application>&matlab; version 6.5</application> onto
+ a &os; system. It works quite well, with the exception of the
+ <application>&java.virtual.machine;</application> (see
+ <xref linkend="matlab-jre">).</para>
+
+ <para>The Linux version of <application>&matlab;</application> can be
+ ordered directly from The MathWorks at <ulink
+ url="http://www.mathworks.com"></ulink>. Make sure you also get
+ the license file or instructions how to create it. While you
+ are there, let them know you would like a native &os;
+ version of their software.</para>
+
+ <sect2>
+ <title>Installing &matlab;</title>
+
+ <para>To install <application>&matlab;</application>, do the
+ following:</para>
+
+ <procedure>
+ <step>
+ <para>Insert the installation CD and mount it.
+ Become <username>root</username>, as recommended by the
+ installation script. To start the installation script
+ type:</para>
+
+ <screen>&prompt.root; <userinput>/compat/linux/bin/sh /cdrom/install</userinput></screen>
+
+ <tip>
+ <para>The installer is graphical. If you get errors about
+ not being able to open a display, type
+ <command>setenv HOME ~<replaceable>USER</replaceable></command>,
+ where <replaceable>USER</replaceable> is the user you did a
+ &man.su.1; as.</para>
+ </tip>
+ </step>
+
+ <step>
+ <para>
+ When asked for the <application>&matlab;</application> root
+ directory, type:
+ <userinput>/compat/linux/usr/local/matlab</userinput>.</para>
+
+ <tip>
+ <para>For easier typing on the rest of the installation
+ process, type this at your shell prompt:
+ <command>set MATLAB=/compat/linux/usr/local/matlab</command></para>
+ </tip>
+ </step>
+
+ <step>
+ <para>Edit the license file as instructed when
+ obtaining the <application>&matlab;</application> license.</para>
+
+ <tip>
+ <para>You can prepare this file in advance using your
+ favorite editor, and copy it to
+ <filename>$MATLAB/license.dat</filename> before the
+ installer asks you to edit it.</para>
+ </tip>
+ </step>
+
+ <step>
+ <para>Complete the installation process.</para>
+ </step>
+ </procedure>
+
+ <para>At this point your <application>&matlab;</application>
+ installation is complete. The following steps apply
+ <quote>glue</quote> to connect it to your &os; system.</para>
+ </sect2>
+
+ <sect2>
+ <title>License Manager Startup</title>
+ <procedure>
+ <step>
+ <para>Create symlinks for the license manager scripts:</para>
+
+ <screen>&prompt.root; <userinput>ln -s $MATLAB/etc/lmboot /usr/local/etc/lmboot_TMW</userinput>
+&prompt.root; <userinput>ln -s $MATLAB/etc/lmdown /usr/local/etc/lmdown_TMW</userinput></screen>
+ </step>
+
+ <step>
+ <para>Create a startup file at
+ <filename>/usr/local/etc/rc.d/flexlm.sh</filename>. The
+ example below is a modified version of the distributed
+ <filename>$MATLAB/etc/rc.lm.glnx86</filename>. The changes
+ are file locations, and startup of the license manager
+ under Linux emulation.</para>
+
+ <programlisting>#!/bin/sh
+case "$1" in
+ start)
+ if [ -f /usr/local/etc/lmboot_TMW ]; then
+ /compat/linux/bin/sh /usr/local/etc/lmboot_TMW -u <replaceable>username</replaceable> &amp;&amp; echo 'MATLAB_lmgrd'
+ fi
+ ;;
+ stop)
+ if [ -f /usr/local/etc/lmdown_TMW ]; then
+ /compat/linux/bin/sh /usr/local/etc/lmdown_TMW &gt; /dev/null 2&gt;&amp;1
+ fi
+ ;;
+ *)
+ echo "Usage: $0 {start|stop}"
+ exit 1
+ ;;
+esac
+
+exit 0</programlisting>
+
+ <important>
+ <para>The file must be made executable:</para>
+
+ <screen>&prompt.root; <userinput>chmod +x /usr/local/etc/rc.d/flexlm.sh</userinput></screen>
+
+ <para>You must also replace
+ <replaceable>username</replaceable> above with the name
+ of a valid user on your system (and not
+ <username>root</username>).</para>
+ </important>
+ </step>
+
+ <step>
+ <para>Start the license manager with the command:</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/flexlm.sh start</userinput></screen>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2 id="matlab-jre">
+ <title>Linking the &java; Runtime Environment</title>
+
+ <para>Change the <application>&java;</application> Runtime
+ Environment (JRE) link to one working under &os;:</para>
+
+ <screen>&prompt.root; <userinput>cd $MATLAB/sys/java/jre/glnx86/</userinput>
+&prompt.root; <userinput>unlink jre; ln -s ./jre1.1.8 ./jre</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Creating a &matlab; Startup Script</title>
+
+ <procedure>
+ <step>
+ <para>Place the following startup script in
+ <filename>/usr/local/bin/matlab</filename>:
+ </para>
+
+ <programlisting>#!/bin/sh
+/compat/linux/bin/sh /compat/linux/usr/local/matlab/bin/matlab "$@"</programlisting>
+ </step>
+
+ <step>
+ <para>Then type the command
+ <command>chmod +x /usr/local/bin/matlab</command>.</para>
+ </step>
+ </procedure>
+
+ <tip>
+ <para>Depending on your version of
+ <filename role="package">emulators/linux_base</filename>, you
+ may run into errors when running this script. To avoid that,
+ edit the file
+ <filename>/compat/linux/usr/local/matlab/bin/matlab</filename>,
+ and change the line that says:</para>
+
+ <programlisting>if [ `expr "$lscmd" : '.*-&gt;.*'` -ne 0 ]; then</programlisting>
+
+ <para>(in version 13.0.1 it is on line 410) to this
+ line:</para>
+
+ <programlisting>if test -L $newbase; then</programlisting>
+ </tip>
+ </sect2>
+
+ <sect2>
+ <title>Creating a &matlab; Shutdown Script</title>
+
+ <para>The following is needed to solve a problem with &matlab;
+ not exiting correctly.</para>
+
+ <procedure>
+ <step>
+ <para>Create a file
+ <filename>$MATLAB/toolbox/local/finish.m</filename>, and
+ in it put the single line:</para>
+
+ <programlisting>! $MATLAB/bin/finish.sh</programlisting>
+
+ <note><para>The <literal>$MATLAB</literal> is
+ literal.</para></note>
+
+ <tip>
+ <para>In the same directory, you will find the files
+ <filename>finishsav.m</filename> and
+ <filename>finishdlg.m</filename>, which let you save
+ your workspace before quitting. If you use either of
+ them, insert the line above immediately after the
+ <literal>save</literal> command.</para></tip>
+ </step>
+
+ <step>
+ <para>Create a file
+ <filename>$MATLAB/bin/finish.sh</filename>, which will
+ contain the following:</para>
+
+ <programlisting>#!/usr/compat/linux/bin/sh
+(sleep 5; killall -1 matlab_helper) &
+exit 0</programlisting>
+ </step>
+
+ <step>
+ <para>Make the file executable:</para>
+
+ <screen>&prompt.root; <userinput>chmod +x $MATLAB/bin/finish.sh</userinput></screen>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2 id="matlab-using">
+ <title>Using &matlab;</title>
+
+ <para>At this point you are ready to type
+ <command>matlab</command> and start using it.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="linuxemu-oracle">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marcel</firstname>
+ <surname>Moolenaar</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ <!-- marcel@cup.hp.com -->
+ </authorgroup>
+ </sect1info>
+ <title>Installing &oracle;</title>
+
+ <indexterm>
+ <primary>applications</primary>
+ <secondary><application>Oracle</application></secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Preface</title>
+ <para>This document describes the process of installing <application>&oracle; 8.0.5</application> and
+ <application>&oracle; 8.0.5.1 Enterprise Edition</application> for Linux onto a FreeBSD
+ machine.</para>
+ </sect2>
+
+ <sect2>
+ <title>Installing the Linux Environment</title>
+
+ <para>Make sure you have both <filename role='package'>emulators/linux_base</filename> and
+ <filename role='package'>devel/linux_devtools</filename> from the Ports Collection
+ installed. If you run into difficulties with these ports,
+ you may have to use
+ the packages or older versions available in the Ports Collection.</para>
+
+ <para>If you want to run the intelligent agent, you will
+ also need to install the Red Hat Tcl package:
+ <filename>tcl-8.0.3-20.i386.rpm</filename>. The general command
+ for installing packages with the official <application>RPM</application> port (<filename role='package'>archivers/rpm</filename>) is:</para>
+
+ <screen>&prompt.root; <userinput>rpm -i --ignoreos --root /compat/linux --dbpath /var/lib/rpm <replaceable>package</replaceable></userinput></screen>
+
+ <para>Installation of the <replaceable>package</replaceable> should not generate any errors.</para>
+ </sect2>
+
+ <sect2>
+ <title>Creating the &oracle; Environment</title>
+
+ <para>Before you can install <application>&oracle;</application>, you need to set up a proper
+ environment. This document only describes what to do
+ <emphasis>specially</emphasis> to run <application>&oracle;</application> for Linux on FreeBSD, not
+ what has been described in the <application>&oracle;</application> installation guide.</para>
+
+ <sect3 id="linuxemu-kernel-tuning">
+ <title>Kernel Tuning</title>
+ <indexterm><primary>kernel tuning</primary></indexterm>
+
+ <para>As described in the <application>&oracle;</application> installation guide, you need to set
+ the maximum size of shared memory. Do not use
+ <literal>SHMMAX</literal> under FreeBSD. <literal>SHMMAX</literal>
+ is merely calculated out of <literal>SHMMAXPGS</literal> and
+ <literal>PGSIZE</literal>. Therefore define
+ <literal>SHMMAXPGS</literal>. All other options can be used as
+ described in the guide. For example:</para>
+
+ <programlisting>options SHMMAXPGS=10000
+options SHMMNI=100
+options SHMSEG=10
+options SEMMNS=200
+options SEMMNI=70
+options SEMMSL=61</programlisting>
+
+ <para>Set these options to suit your intended use of <application>&oracle;</application>.</para>
+
+ <para>Also, make sure you have the following options in your kernel
+ configuration file:</para>
+
+<programlisting>options SYSVSHM #SysV shared memory
+options SYSVSEM #SysV semaphores
+options SYSVMSG #SysV interprocess communication</programlisting>
+ </sect3>
+
+ <sect3 id="linuxemu-oracle-account">
+
+ <title>&oracle; Account</title>
+
+ <para>Create an <username>oracle</username> account just as you would create any other
+ account. The <username>oracle</username> account is special only that you need to give
+ it a Linux shell. Add <literal>/compat/linux/bin/bash</literal> to
+ <filename>/etc/shells</filename> and set the shell for the <username>oracle</username>
+ account to <filename>/compat/linux/bin/bash</filename>.</para>
+ </sect3>
+
+ <sect3 id="linuxemu-environment">
+ <title>Environment</title>
+
+ <para>Besides the normal <application>&oracle;</application> variables, such as
+ <envar>ORACLE_HOME</envar> and <envar>ORACLE_SID</envar> you must
+ set the following environment variables:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="2*">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+
+ <entry>Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><envar>LD_LIBRARY_PATH</envar></entry>
+
+ <entry><literal>$ORACLE_HOME/lib</literal></entry>
+ </row>
+
+ <row>
+ <entry><envar>CLASSPATH</envar></entry>
+
+ <entry><literal>$ORACLE_HOME/jdbc/lib/classes111.zip</literal></entry>
+ </row>
+
+ <row>
+ <entry><envar>PATH</envar></entry>
+
+ <entry><literal>/compat/linux/bin
+/compat/linux/sbin
+/compat/linux/usr/bin
+/compat/linux/usr/sbin
+/bin
+/sbin
+/usr/bin
+/usr/sbin
+/usr/local/bin
+$ORACLE_HOME/bin</literal></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>It is advised to set all the environment variables in
+ <filename>.profile</filename>. A complete example is:</para>
+
+<programlisting>ORACLE_BASE=/oracle; export ORACLE_BASE
+ORACLE_HOME=/oracle; export ORACLE_HOME
+LD_LIBRARY_PATH=$ORACLE_HOME/lib
+export LD_LIBRARY_PATH
+ORACLE_SID=ORCL; export ORACLE_SID
+ORACLE_TERM=386x; export ORACLE_TERM
+CLASSPATH=$ORACLE_HOME/jdbc/lib/classes111.zip
+export CLASSPATH
+PATH=/compat/linux/bin:/compat/linux/sbin:/compat/linux/usr/bin
+PATH=$PATH:/compat/linux/usr/sbin:/bin:/sbin:/usr/bin:/usr/sbin
+PATH=$PATH:/usr/local/bin:$ORACLE_HOME/bin
+export PATH</programlisting>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Installing &oracle;</title>
+
+ <para>Due to a slight inconsistency in the Linux emulator, you need to
+ create a directory named <filename>.oracle</filename> in
+ <filename>/var/tmp</filename> before you start the installer.
+ Let it be owned by the <username>oracle</username> user. You
+ should be able to install <application>&oracle;</application> without any problems. If you have
+ problems, check your <application>&oracle;</application> distribution and/or configuration first!
+ After you have installed <application>&oracle;</application>, apply the patches described in the
+ next two subsections.</para>
+
+ <para>A frequent problem is that the TCP protocol adapter is not
+ installed right. As a consequence, you cannot start any TCP listeners.
+ The following actions help solve this problem:</para>
+
+ <screen>&prompt.root; <userinput>cd $ORACLE_HOME/network/lib</userinput>
+&prompt.root; <userinput>make -f ins_network.mk ntcontab.o</userinput>
+&prompt.root; <userinput>cd $ORACLE_HOME/lib</userinput>
+&prompt.root; <userinput>ar r libnetwork.a ntcontab.o</userinput>
+&prompt.root; <userinput>cd $ORACLE_HOME/network/lib</userinput>
+&prompt.root; <userinput>make -f ins_network.mk install</userinput></screen>
+
+ <para>Do not forget to run <filename>root.sh</filename> again!</para>
+
+ <sect3 id="linuxemu-patch-root">
+ <title>Patching root.sh</title>
+
+ <para>When installing <application>&oracle;</application>, some actions, which need to be performed
+ as <username>root</username>, are recorded in a shell script called
+ <filename>root.sh</filename>. This script is
+ written in the <filename>orainst</filename> directory. Apply the
+ following patch to <filename>root.sh</filename>, to have it use to proper location of
+ <command>chown</command> or alternatively run the script under a
+ Linux native shell.</para>
+
+ <programlisting>*** orainst/root.sh.orig Tue Oct 6 21:57:33 1998
+--- orainst/root.sh Mon Dec 28 15:58:53 1998
+***************
+*** 31,37 ****
+# This is the default value for CHOWN
+# It will redefined later in this script for those ports
+# which have it conditionally defined in ss_install.h
+! CHOWN=/bin/chown
+#
+# Define variables to be used in this script
+--- 31,37 ----
+# This is the default value for CHOWN
+# It will redefined later in this script for those ports
+# which have it conditionally defined in ss_install.h
+! CHOWN=/usr/sbin/chown
+#
+# Define variables to be used in this script</programlisting>
+
+ <para>When you do not install <application>&oracle;</application> from CD, you can patch the source
+ for <filename>root.sh</filename>. It is called
+ <filename>rthd.sh</filename> and is located in the
+ <filename>orainst</filename> directory in the source tree.</para>
+ </sect3>
+
+ <sect3 id="linuxemu-patch-tcl">
+ <title>Patching genclntsh</title>
+
+ <para>The script <command>genclntsh</command> is used to create
+ a single shared client
+ library. It is used when building the demos. Apply the following
+ patch to comment out the definition of <envar>PATH</envar>:</para>
+
+ <programlisting>*** bin/genclntsh.orig Wed Sep 30 07:37:19 1998
+--- bin/genclntsh Tue Dec 22 15:36:49 1998
+***************
+*** 32,38 ****
+#
+# Explicit path to ensure that we're using the correct commands
+#PATH=/usr/bin:/usr/ccs/bin export PATH
+! PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin export PATH
+#
+# each product MUST provide a $PRODUCT/admin/shrept.lst
+--- 32,38 ----
+#
+# Explicit path to ensure that we're using the correct commands
+#PATH=/usr/bin:/usr/ccs/bin export PATH
+! #PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin export PATH
+#
+# each product MUST provide a $PRODUCT/admin/shrept.lst</programlisting>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Running &oracle;</title>
+
+ <para>When you have followed the instructions, you should be able to run
+ <application>&oracle;</application> as if it was run on Linux
+ itself.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="sapr3">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Holger</firstname>
+ <surname>Kipp</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- holger.kipp@alogis.com -->
+ <authorgroup>
+ <author>
+ <firstname>Valentino</firstname>
+ <surname>Vaschetto</surname>
+ <contrib>Original version converted to SGML by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Installing &sap.r3;</title>
+
+ <indexterm>
+ <primary>applications</primary>
+ <secondary><application>SAP R/3</application></secondary>
+ </indexterm>
+
+ <para>Installations of <application>&sap;</application> Systems using FreeBSD will not be
+ supported by the &sap; support team &mdash; they only offer support
+ for certified platforms.</para>
+
+ <sect2 id="preface">
+ <title>Preface</title>
+
+ <para>This document describes a possible way of installing a
+ <application>&sap.r3; System</application>
+ with <application>&oracle; Database</application>
+ for Linux onto a FreeBSD machine, including the installation
+ of FreeBSD and <application>&oracle;</application>. Two different
+ configurations will be described:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><application>&sap.r3; 4.6B (IDES)</application> with
+ <application>&oracle; 8.0.5</application> on FreeBSD 4.3-STABLE</para>
+ </listitem>
+
+ <listitem>
+ <para><application>&sap.r3; 4.6C</application> with
+ <application>&oracle; 8.1.7</application> on FreeBSD 4.5-STABLE</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Even though this document tries to describe all important
+ steps in a greater detail, it is not intended as a replacement
+ for the <application>&oracle;</application> and
+ <application>&sap.r3;</application> installation guides.</para>
+
+ <para>Please see the documentation that comes with the
+ <application>&sap.r3;</application>
+ Linux edition for <application>&sap;</application> and
+ <application>&oracle;</application> specific questions, as well
+ as resources from <application>&oracle;</application> and
+ <application>&sap; OSS</application>.</para>
+ </sect2>
+
+ <sect2 id="software">
+ <title>Software</title>
+
+ <para>The following CD-ROMs have been used for <application>&sap;</application> installations:</para>
+
+ <sect3 id="software-46b">
+ <title>&sap.r3; 4.6B, &oracle; 8.0.5</title>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols=3>
+ <thead>
+ <row>
+ <entry>Name</entry> <entry>Number</entry> <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>KERNEL</entry> <entry>51009113</entry> <entry>SAP Kernel Oracle /
+ Installation / AIX, Linux, Solaris</entry>
+ </row>
+
+ <row>
+ <entry>RDBMS</entry> <entry>51007558</entry> <entry>Oracle / RDBMS 8.0.5.X /
+ Linux</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT1</entry> <entry>51010208</entry> <entry>IDES / DB-Export /
+ Disc 1 of 6</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT2</entry> <entry>51010209</entry> <entry>IDES / DB-Export /
+ Disc 2 of 6</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT3</entry> <entry>51010210</entry> <entry>IDES / DB-Export /
+ Disc 3 of 6</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT4</entry> <entry>51010211</entry> <entry>IDES / DB-Export /
+ Disc 4 of 6</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT5</entry> <entry>51010212</entry> <entry>IDES / DB-Export /
+ Disc 5 of 6</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT6</entry> <entry>51010213</entry> <entry>IDES / DB-Export /
+ Disc 6 of 6</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Additionally, we used the <application>&oracle; 8
+ Server</application> (Pre-production version 8.0.5 for Linux,
+ Kernel Version 2.0.33) CD which is not really necessary, and
+ FreeBSD 4.3-STABLE (it was only a few days past 4.3
+ RELEASE).</para>
+
+ </sect3>
+ <sect3 id="software-46c">
+ <title>&sap.r3; 4.6C SR2, &oracle; 8.1.7</title>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols=3>
+ <thead>
+ <row>
+ <entry>Name</entry> <entry>Number</entry> <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>KERNEL</entry> <entry>51014004</entry> <entry>SAP Kernel Oracle /
+ SAP Kernel Version 4.6D / DEC, Linux</entry>
+ </row>
+
+ <row>
+ <entry>RDBMS</entry> <entry>51012930</entry> <entry>Oracle 8.1.7/ RDBMS /
+ Linux</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT1</entry> <entry>51013953</entry> <entry>Release 4.6C SR2 / Export
+ / Disc 1 of 4</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT1</entry> <entry>51013953</entry> <entry>Release 4.6C SR2 / Export
+ / Disc 2 of 4</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT1</entry> <entry>51013953</entry> <entry>Release 4.6C SR2 / Export
+ / Disc 3 of 4</entry>
+ </row>
+
+ <row>
+ <entry>EXPORT1</entry> <entry>51013953</entry> <entry>Release 4.6C SR2 / Export
+ / Disc 4 of 4</entry>
+ </row>
+
+ <row>
+ <entry>LANG1</entry> <entry>51013954</entry> <entry>Release 4.6C SR2 /
+ Language / DE, EN, FR / Disc 1 of 3</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Depending on the languages you would like to install, additional
+ language CDs might be necessary. Here we are just using DE and EN, so
+ the first language CD is the only one needed. As a little note, the
+ numbers for all four EXPORT CDs are identical. All three language CDs
+ also have the same number (this is different from the 4.6B IDES
+ release CD numbering). At the time of writing this installation is
+ running on FreeBSD 4.5-STABLE (20.03.2002).</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="sap-notes">
+ <title>&sap; Notes</title>
+
+ <para>The following notes should be read before installing
+ <application>&sap.r3;</application> and proved to be useful
+ during installation:</para>
+
+ <sect3 id="sap-notes-46b">
+ <title>&sap.r3; 4.6B, &oracle; 8.0.5</title>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Number</entry>
+ <entry>Title</entry>
+ </row>
+ </thead>
+ <tbody>
+
+ <row>
+ <entry>0171356</entry> <entry>SAP Software on Linux: Essential
+ Comments</entry>
+ </row>
+
+ <row>
+ <entry>0201147</entry> <entry>INST: 4.6C R/3 Inst. on UNIX -
+ Oracle</entry>
+ </row>
+
+ <row>
+ <entry>0373203</entry> <entry>Update / Migration Oracle 8.0.5 --&gt;
+ 8.0.6/8.1.6 LINUX</entry>
+ </row>
+
+ <row>
+ <entry>0072984</entry> <entry>Release of Digital UNIX 4.0B for
+ Oracle</entry>
+ </row>
+
+ <row>
+ <entry>0130581</entry> <entry>R3SETUP step DIPGNTAB terminates</entry>
+ </row>
+
+ <row>
+ <entry>0144978</entry> <entry>Your system has not been installed
+ correctly</entry>
+ </row>
+
+ <row>
+ <entry>0162266</entry> <entry>Questions and tips for R3SETUP on Windows
+ NT / W2K</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect3>
+
+ <sect3 id="sap-notes-46c">
+ <title>&sap.r3; 4.6C, &oracle; 8.1.7</title>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Number</entry>
+ <entry>Title</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>0015023</entry> <entry>Initializing table TCPDB (RSXP0004)
+ (EBCDIC)</entry>
+ </row>
+
+ <row>
+ <entry>0045619</entry> <entry>R/3 with several languages or
+ typefaces</entry>
+ </row>
+
+ <row>
+ <entry>0171356</entry> <entry>SAP Software on Linux: Essential
+ Comments</entry>
+ </row>
+
+ <row>
+ <entry>0195603</entry> <entry>RedHat 6.1 Enterprise version:
+ Known problems</entry>
+ </row>
+
+ <row>
+ <entry>0212876</entry> <entry>The new archiving tool SAPCAR</entry>
+ </row>
+
+ <row>
+ <entry>0300900</entry> <entry>Linux: Released DELL Hardware</entry>
+ </row>
+
+ <row>
+ <entry>0377187</entry> <entry>RedHat 6.2: important remarks</entry>
+ </row>
+
+ <row>
+ <entry>0387074</entry> <entry>INST: R/3 4.6C SR2 Installation on
+ UNIX</entry>
+ </row>
+
+ <row>
+ <entry>0387077</entry> <entry>INST: R/3 4.6C SR2 Inst. on UNIX -
+ Oracle</entry>
+ </row>
+
+ <row>
+ <entry>0387078</entry> <entry>SAP Software on UNIX: OS Dependencies
+ 4.6C SR2</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect3>
+ </sect2>
+
+ <sect2 id="hardware-requirements">
+ <title>Hardware Requirements</title>
+
+ <para>The following equipment is sufficient for the installation
+ of a <application>&sap.r3; System</application>. For production
+ use, a more exact sizing is of course needed:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Component</entry>
+ <entry>4.6B</entry>
+ <entry>4.6C</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Processor</entry>
+ <entry>2 x 800MHz &pentium; III</entry>
+ <entry>2 x 800MHz &pentium; III</entry>
+ </row>
+
+ <row>
+ <entry>Memory</entry>
+ <entry>1GB ECC</entry>
+ <entry>2GB ECC</entry>
+ </row>
+
+ <row>
+ <entry>Hard Disk Space</entry>
+ <entry>50-60GB (IDES)</entry>
+ <entry>50-60GB (IDES)</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>For use in production, &xeon; Processors with large cache,
+ high-speed disk access (SCSI, RAID hardware controller), USV
+ and ECC-RAM is recommended. The large amount of hard disk
+ space is due to the preconfigured IDES System, which creates
+ 27&nbsp;GB of database files during installation. This space is
+ also sufficient for initial production systems and application
+ data.</para>
+
+ <sect3 id="hardware-46b">
+ <title>&sap.r3; 4.6B, &oracle; 8.0.5</title>
+
+ <para>The following off-the-shelf hardware was used: a dual processor
+ board with 2 800&nbsp;MHz &pentium;&nbsp;III processors, &adaptec; 29160 Ultra160
+ SCSI adapter (for accessing a 40/80&nbsp;GB DLT tape drive and CDROM),
+ &mylex; &acceleraid; (2 channels, firmware 6.00-1-00 with 32&nbsp;MB RAM).
+ To the &mylex; RAID controller are attached two 17&nbsp;GB hard disks
+ (mirrored) and four 36&nbsp;GB hard disks (RAID level 5).</para>
+ </sect3>
+
+ <sect3 id="hardware-46c">
+ <title>&sap.r3; 4.6C, &oracle; 8.1.7</title>
+
+ <para>For this installation a &dell; &poweredge; 2500 was used: a
+ dual processor board with two 1000&nbsp;MHz &pentium;&nbsp;III processors
+ (256&nbsp;kB Cache), 2&nbsp;GB PC133 ECC SDRAM, PERC/3 DC PCI RAID Controller
+ with 128&nbsp;MB, and an EIDE DVD-ROM drive. To the RAID controller are
+ attached two 18&nbsp;GB hard disks (mirrored) and four 36&nbsp;GB hard disks
+ (RAID level 5).</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="installation">
+ <title>Installation of FreeBSD</title>
+
+ <para>First you have to install FreeBSD. There are several ways to do
+ this (FreeBSD&nbsp;4.3 was installed via FTP, FreeBSD&nbsp;4.5 directly from
+ the RELEASE CD) for more information read the <xref
+ linkend="install-diff-media">.</para>
+
+ <sect3 id="disk-layout">
+ <title>Disk Layout</title>
+
+ <para>To keep it simple, the same disk layout both for the
+ <application>&sap.r3; 46B</application> and <application>&sap.r3; 46C
+ SR2</application> installation was used. Only the device names
+ changed, as the installations were on different hardware (<filename>/dev/da</filename>
+ and <filename>/dev/amr</filename> respectively, so if using an AMI &megaraid;, one will see
+ <filename>/dev/amr0s1a</filename> instead of <filename>/dev/da0s1a</filename>):</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>File system</entry>
+ <entry>Size (1k-blocks)</entry>
+ <entry>Size (GB)</entry>
+ <entry>Mounted on</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><filename>/dev/da0s1a</filename></entry>
+ <entry>1.016.303</entry>
+ <entry>1</entry>
+ <entry><filename>/</filename></entry>
+ </row>
+
+ <row>
+ <entry><filename>/dev/da0s1b</filename></entry>
+ <entry> </entry>
+ <entry>6</entry>
+ <entry>swap</entry>
+ </row>
+
+ <row>
+ <entry><filename>/dev/da0s1e</filename></entry>
+ <entry>2.032.623</entry>
+ <entry>2</entry>
+ <entry><filename>/var</filename></entry>
+ </row>
+
+ <row>
+ <entry><filename>/dev/da0s1f</filename></entry>
+ <entry>8.205.339</entry>
+ <entry>8</entry>
+ <entry><filename>/usr</filename></entry>
+ </row>
+
+ <row>
+ <entry><filename>/dev/da1s1e</filename></entry>
+ <entry>45.734.361</entry>
+ <entry>45</entry>
+ <entry><filename>/compat/linux/oracle</filename></entry>
+ </row>
+
+ <row>
+ <entry><filename>/dev/da1s1f</filename></entry>
+ <entry>2.032.623</entry>
+ <entry>2</entry>
+ <entry><filename>/compat/linux/sapmnt</filename></entry>
+ </row>
+
+ <row>
+ <entry><filename>/dev/da1s1g</filename></entry>
+ <entry>2.032.623</entry>
+ <entry>2</entry>
+ <entry><filename>/compat/linux/usr/sap</filename></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Configure and initialize the two logical drives
+ with the &mylex; or PERC/3 RAID software beforehand.
+ The software can be started during the
+ <acronym>BIOS</acronym> boot phase.</para>
+
+ <para> Please note that this disk layout differs slightly from
+ the &sap; recommendations, as &sap; suggests mounting the
+ <application>&oracle;</application> subdirectories (and some others) separately &mdash; we
+ decided to just create them as real subdirectories for
+ simplicity.</para>
+ </sect3>
+
+ <sect3 id="makeworldandnewkernel">
+ <title><command>make world</command> and a New Kernel</title>
+
+ <para>Download the latest -STABLE sources. Rebuild world and your
+ custom kernel after configuring your kernel configuration file.
+ Here you should also include the
+ <link linkend="kerneltuning">kernel parameters</link>
+ which are required for both <application>&sap.r3;</application>
+ and <application>&oracle;</application>.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="installingthelinuxenviornment">
+ <title>Installing the Linux Environment</title>
+
+ <sect3 id="installinglinuxbase-system">
+ <title>Installing the Linux Base System</title>
+
+ <para>First the <link linkend="linuxemu-libs-port">linux_base</link>
+ port needs to be installed (as <username>root</username>):</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/emulators/linux_base</userinput>
+&prompt.root; <userinput>make install distclean</userinput></screen>
+
+ </sect3>
+
+
+ <sect3 id="installinglinuxdevelopment">
+ <title>Installing Linux Development Environment</title>
+
+ <para>The Linux development environment is needed, if you want to install
+ <application>&oracle;</application> on FreeBSD according to the
+ <xref linkend="linuxemu-oracle">:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/devel/linux_devtools</userinput>
+&prompt.root; <userinput>make install distclean</userinput></screen>
+
+ <para>The Linux development environment has only been installed for the <application>&sap.r3;
+ 46B IDES</application> installation. It is not needed, if
+ the <application>&oracle; DB</application> is not relinked on the
+ FreeBSD system. This is the case if you are using the
+ <application>&oracle;</application> tarball from a Linux system.</para>
+
+ </sect3>
+
+
+ <sect3 id="installingnecessaryrpms">
+ <title>Installing the Necessary RPMs</title>
+ <indexterm><primary>RPMs</primary></indexterm>
+
+ <para>To start the <command>R3SETUP</command> program, PAM support is needed.
+ During the first <application>&sap;</application> Installation on FreeBSD 4.3-STABLE we
+ tried to install PAM with all the required packages and
+ finally forced the installation of the PAM package, which
+ worked. For <application>&sap.r3; 4.6C SR2</application> we
+ directly forced the installation of the PAM RPM, which also
+ works, so it seems the dependent packages are not needed:</para>
+
+
+<screen>&prompt.root; <userinput>rpm -i --ignoreos --nodeps --root /compat/linux --dbpath /var/lib/rpm \
+pam-0.68-7.i386.rpm</userinput></screen>
+
+ <para>For <application>&oracle; 8.0.5</application> to run the
+ intelligent agent, we also had to install the RedHat Tcl package
+ <filename>tcl-8.0.5-30.i386.rpm</filename> (otherwise the
+ relinking during <application>&oracle;</application> installation
+ will not work). There are some other issues regarding
+ relinking of <application>&oracle;</application>, but that is
+ a <application>&oracle;</application> Linux issue, not FreeBSD specific.</para>
+
+ </sect3>
+
+ <sect3 id="linuxprocandfallbackelfbrand">
+ <title>Some Additional Hints</title>
+
+ <para>It might also be a good idea to add <literal>linprocfs</literal>
+ to <filename>/etc/fstab</filename>, for more information, see the &man.linprocfs.5; manual page.
+ Another parameter to set is <literal>kern.fallback_elf_brand=3</literal>
+ which is done in the file <filename>/etc/sysctl.conf</filename>.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="creatingsapr3env">
+ <title>Creating the &sap.r3; Environment</title>
+
+ <sect3 id="filesystemsandmountpoints">
+ <title>Creating the Necessary File Systems and Mountpoints</title>
+
+ <para>For a simple installation, it is sufficient to create the
+ following file systems:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>mount point</entry>
+ <entry>size in GB</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><filename>/compat/linux/oracle</filename></entry>
+ <entry>45 GB</entry>
+ </row>
+
+ <row>
+ <entry><filename>/compat/linux/sapmnt</filename></entry>
+ <entry>2 GB</entry>
+ </row>
+
+ <row>
+ <entry><filename>/compat/linux/usr/sap</filename></entry>
+ <entry>2 GB</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>It is also necessary to created some links. Otherwise
+ the <application>&sap;</application> Installer will complain, as it is checking the
+ created links:</para>
+
+ <screen>&prompt.root; <userinput>ln -s /compat/linux/oracle /oracle</userinput>
+&prompt.root; <userinput>ln -s /compat/linux/sapmnt /sapmnt</userinput>
+&prompt.root; <userinput>ln -s /compat/linux/usr/sap /usr/sap</userinput></screen>
+
+ <para>Possible error message during installation (here with
+ System <emphasis>PRD</emphasis> and the
+ <application>&sap.r3; 4.6C SR2</application>
+ installation):</para>
+
+ <screen>INFO 2002-03-19 16:45:36 R3LINKS_IND_IND SyLinkCreate:200
+ Checking existence of symbolic link /usr/sap/PRD/SYS/exe/dbg to
+ /sapmnt/PRD/exe. Creating if it does not exist...
+
+WARNING 2002-03-19 16:45:36 R3LINKS_IND_IND SyLinkCreate:400
+ Link /usr/sap/PRD/SYS/exe/dbg exists but it points to file
+ /compat/linux/sapmnt/PRD/exe instead of /sapmnt/PRD/exe. The
+ program cannot go on as long as this link exists at this
+ location. Move the link to another location.
+
+ERROR 2002-03-19 16:45:36 R3LINKS_IND_IND Ins_SetupLinks:0
+ can not setup link '/usr/sap/PRD/SYS/exe/dbg' with content
+ '/sapmnt/PRD/exe'</screen>
+ </sect3>
+
+ <sect3 id="creatingusersanddirectories">
+ <title>Creating Users and Directories</title>
+
+ <para><application>&sap.r3;</application> needs two users and
+ three groups. The user names depend on the
+ <application>&sap;</application> system ID (SID) which consists
+ of three letters. Some of these SIDs are reserved
+ by <application>&sap;</application> (for example
+ <literal>SAP</literal> and <literal>NIX</literal>. For a
+ complete list please see the <application>&sap;</application> documentation). For the IDES
+ installation we used <literal>IDS</literal>, for the
+ 4.6C SR2 installation <literal>PRD</literal>, as that system
+ is intended for production use. We have
+ therefore the following groups (group IDs might differ, these
+ are just the values we used with our installation):</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>group ID</entry>
+ <entry>group name</entry>
+ <entry>description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>100</entry>
+ <entry>dba</entry>
+ <entry>Data Base Administrator</entry>
+ </row>
+ <row>
+ <entry>101</entry>
+ <entry>sapsys</entry>
+ <entry>&sap; System</entry>
+ </row>
+ <row>
+ <entry>102</entry>
+ <entry>oper</entry>
+ <entry>Data Base Operator</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>For a default <application>&oracle;</application> installation, only group
+ <groupname>dba</groupname> is used. As
+ <groupname>oper</groupname> group, one also uses group
+ <groupname>dba</groupname> (see <application>&oracle;</application> and
+ <application>&sap;</application> documentation for further information).</para>
+
+ <para>We also need the following users:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="6">
+ <thead>
+ <row>
+ <entry>user ID</entry>
+ <entry>user name</entry>
+ <entry>generic name</entry>
+ <entry>group</entry>
+ <entry>additional groups</entry>
+ <entry>description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>1000</entry>
+ <entry>idsadm/prdadm</entry>
+ <entry><replaceable>sid</replaceable>adm</entry>
+ <entry>sapsys</entry>
+ <entry>oper</entry>
+ <entry>&sap; Administrator</entry>
+ </row>
+ <row>
+ <entry>1002</entry>
+ <entry>oraids/oraprd</entry>
+ <entry>ora<replaceable>sid</replaceable></entry>
+ <entry>dba</entry>
+ <entry>oper</entry>
+ <entry>&oracle; Administrator</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Adding the users with &man.adduser.8;
+ requires the following (please note shell and home
+ directory) entries for <quote>&sap; Administrator</quote>:</para>
+
+ <programlisting>Name: <replaceable>sid</replaceable>adm
+Password: ******
+Fullname: SAP Administrator <replaceable>SID</replaceable>
+Uid: 1000
+Gid: 101 (sapsys)
+Class:
+Groups: sapsys dba
+HOME: /home/<replaceable>sid</replaceable>adm
+Shell: bash (/compat/linux/bin/bash)</programlisting>
+
+ <para>and for <quote>&oracle; Administrator</quote>:</para>
+
+ <programlisting>Name: ora<replaceable>sid</replaceable>
+Password: ******
+Fullname: Oracle Administrator <replaceable>SID</replaceable>
+Uid: 1002
+Gid: 100 (dba)
+Class:
+Groups: dba
+HOME: /oracle/<replaceable>sid</replaceable>
+Shell: bash (/compat/linux/bin/bash)</programlisting>
+
+ <para>This should also include group
+ <groupname>oper</groupname> in case you are using both
+ groups <groupname>dba</groupname> and
+ <groupname>oper</groupname>.</para>
+
+ </sect3>
+
+ <sect3 id="creatingdirectories">
+ <title>Creating Directories</title>
+
+ <para>These directories are usually created as separate
+ file systems. This depends entirely on your requirements. We
+ choose to create them as simple directories, as they are all
+ located on the same RAID 5 anyway:</para>
+
+ <para>First we will set owners and rights of some directories (as
+ user <username>root</username>):</para>
+
+ <screen>&prompt.root; <userinput>chmod 775 /oracle</userinput>
+&prompt.root; <userinput>chmod 777 /sapmnt</userinput>
+&prompt.root; <userinput>chown root:dba /oracle</userinput>
+&prompt.root; <userinput>chown <replaceable>sid</replaceable>adm:sapsys /compat/linux/usr/sap</userinput>
+&prompt.root; <userinput>chmod 775 /compat/linux/usr/sap</userinput></screen>
+
+ <para>Second we will create directories as user
+ <username>ora<replaceable>sid</replaceable></username>. These
+ will all be subdirectories of
+ <filename>/oracle/<replaceable>SID</replaceable></filename>:</para>
+
+ <screen>&prompt.root; <userinput>su - ora<replaceable>sid</replaceable></userinput>
+&prompt.root; <userinput>cd /oracle/<replaceable>SID</replaceable></userinput>
+&prompt.root; <userinput>mkdir mirrlogA mirrlogB origlogA origlogB</userinput>
+&prompt.root; <userinput>mkdir sapdata1 sapdata2 sapdata3 sapdata4 sapdata5 sapdata6</userinput>
+&prompt.root; <userinput>mkdir saparch sapreorg</userinput>
+&prompt.root; <userinput>exit</userinput></screen>
+
+ <para>For the <application>&oracle; 8.1.7</application> installation
+ some additional directories are needed:</para>
+
+ <screen>&prompt.root; <userinput>su - ora<replaceable>sid</replaceable></userinput>
+&prompt.root; <userinput>cd /oracle</userinput>
+&prompt.root; <userinput>mkdir 805_32</userinput>
+&prompt.root; <userinput>mkdir client stage</userinput>
+&prompt.root; <userinput>mkdir client/80x_32</userinput>
+&prompt.root; <userinput>mkdir stage/817_32</userinput>
+&prompt.root; <userinput>cd /oracle/<replaceable>SID</replaceable></userinput>
+&prompt.root; <userinput>mkdir 817_32</userinput></screen>
+
+ <note><para>The directory <filename>client/80x_32</filename> is used
+ with exactly this name. Do not replace the <emphasis>x</emphasis>
+ with some number or anything.</para></note>
+
+ <para>In the third step we create directories as user
+ <username><replaceable>sid</replaceable>adm</username>:</para>
+
+ <screen>&prompt.root; <userinput>su - <replaceable>sid</replaceable>adm</userinput>
+&prompt.root; <userinput>cd /usr/sap</userinput>
+&prompt.root; <userinput>mkdir <replaceable>SID</replaceable></userinput>
+&prompt.root; <userinput>mkdir trans</userinput>
+&prompt.root; <userinput>exit</userinput></screen>
+ </sect3>
+
+ <sect3 id="entriesinslashetcslashservices">
+ <title>Entries in <filename>/etc/services</filename></title>
+
+ <para><application>&sap.r3;</application> requires some entries in file
+ <filename>/etc/services</filename>, which will not be set
+ correctly during installation under FreeBSD. Please add the
+ following entries (you need at least those entries
+ corresponding to the instance number &mdash; in this case,
+ <literal>00</literal>. It will do no harm adding all
+ entries from <literal>00</literal> to
+ <literal>99</literal> for <literal>dp</literal>,
+ <literal>gw</literal>, <literal>sp</literal> and
+ <literal>ms</literal>). If you are going to use a <application>SAProuter</application>
+ or need to access <application>&sap;</application> OSS, you also need <literal>99</literal>,
+ as port 3299 is usually used for the <application>SAProuter</application> process on the
+ target system:</para>
+
+ <programlisting>
+sapdp00 3200/tcp # SAP Dispatcher. 3200 + Instance-Number
+sapgw00 3300/tcp # SAP Gateway. 3300 + Instance-Number
+sapsp00 3400/tcp # 3400 + Instance-Number
+sapms00 3500/tcp # 3500 + Instance-Number
+sapms<replaceable>SID</replaceable> 3600/tcp # SAP Message Server. 3600 + Instance-Number
+sapgw00s 4800/tcp # SAP Secure Gateway 4800 + Instance-Number</programlisting>
+ </sect3>
+
+ <sect3 id="necessarylocales">
+ <title>Necessary Locales</title>
+ <indexterm><primary>locale</primary></indexterm>
+
+ <para><application>&sap;</application> requires at least two locales that are not part of
+ the default RedHat installation. &sap; offers the required
+ RPMs as download from their FTP server (which is only
+ accessible if you are a customer with OSS access). See note
+ 0171356 for a list of RPMs you need.</para>
+
+ <para>It is also possible to just create appropriate links
+ (for example from <emphasis>de_DE</emphasis> and
+ <emphasis>en_US</emphasis> ), but we would not recommend this
+ for a production system (so far it worked with the IDES
+ system without any problems, though). The following locales
+ are needed:</para>
+
+ <programlisting>de_DE.ISO-8859-1
+en_US.ISO-8859-1</programlisting>
+
+ <para>Create the links like this:</para>
+
+ <screen>&prompt.root; <userinput>cd /compat/linux/usr/share/locale</userinput>
+&prompt.root; <userinput>ln -s de_DE de_DE.ISO-8859-1</userinput>
+&prompt.root; <userinput>ln -s en_US en_US.ISO-8859-1</userinput></screen>
+
+ <para>If they are not present, there will be some problems
+ during the installation. If these are then subsequently
+ ignored (by setting the <literal>STATUS</literal> of the offending steps to
+ <literal>OK</literal> in file <filename>CENTRDB.R3S</filename>), it will be impossible to log onto
+ the <application>&sap;</application> system without some additional effort.</para>
+ </sect3>
+
+ <sect3 id="kerneltuning">
+ <title>Kernel Tuning</title>
+ <indexterm><primary>kernel tuning</primary></indexterm>
+
+ <para><application>&sap.r3;</application> systems need a lot of resources. We therefore
+ added the following parameters to the kernel configuration file:</para>
+
+ <programlisting># Set these for memory pigs (SAP and Oracle):
+options MAXDSIZ="(1024*1024*1024)"
+options DFLDSIZ="(1024*1024*1024)"
+# System V options needed.
+options SYSVSHM #SYSV-style shared memory
+options SHMMAXPGS=262144 #max amount of shared mem. pages
+#options SHMMAXPGS=393216 #use this for the 46C inst.parameters
+options SHMMNI=256 #max number of shared memory ident if.
+options SHMSEG=100 #max shared mem.segs per process
+options SYSVMSG #SYSV-style message queues
+options MSGSEG=32767 #max num. of mes.segments in system
+options MSGSSZ=32 #size of msg-seg. MUST be power of 2
+options MSGMNB=65535 #max char. per message queue
+options MSGTQL=2046 #max amount of msgs in system
+options SYSVSEM #SYSV-style semaphores
+options SEMMNU=256 #number of semaphore UNDO structures
+options SEMMNS=1024 #number of semaphores in system
+options SEMMNI=520 #number of semaphore identifiers
+options SEMUME=100 #number of UNDO keys</programlisting>
+
+ <para>The minimum values are specified in the documentation that
+ comes from &sap;. As there is no description for Linux, see the
+ HP-UX section (32-bit) for further information. As the system
+ for the 4.6C SR2 installation has more main memory, the shared
+ segments can be larger both for <application>&sap;</application>
+ and <application>&oracle;</application>, therefore choose a larger
+ number of shared memory pages.</para>
+
+ <note><para>With the default installation of FreeBSD&nbsp;4.5 on &i386;,
+ leave <literal>MAXDSIZ</literal> and <literal>DFLDSIZ</literal> at 1&nbsp;GB maximum. Otherwise, strange
+ errors like <errorname>ORA-27102: out of memory</errorname> and
+ <errorname>Linux Error: 12: Cannot allocate memory</errorname>
+ might happen.</para></note>
+ </sect3>
+ </sect2>
+
+ <sect2 id="installingsapr3">
+ <title>Installing &sap.r3;</title>
+
+ <sect3 id="preparingsapcdroms">
+ <title>Preparing &sap; CDROMs</title>
+
+ <para>There are many CDROMs to mount and unmount during the
+ installation. Assuming you have enough CDROM drives, you
+ can just mount them all. We decided to copy the CDROMs
+ contents to corresponding directories:</para>
+
+ <programlisting>/oracle/<replaceable>SID</replaceable>/sapreorg/<replaceable>cd-name</replaceable></programlisting>
+
+ <para>where <replaceable>cd-name</replaceable> was one of <filename>KERNEL</filename>,
+ <filename>RDBMS</filename>, <filename>EXPORT1</filename>,
+ <filename>EXPORT2</filename>, <filename>EXPORT3</filename>,
+ <filename>EXPORT4</filename>, <filename>EXPORT5</filename> and
+ <filename>EXPORT6</filename> for the 4.6B/IDES installation, and
+ <filename>KERNEL</filename>, <filename>RDBMS</filename>,
+ <filename>DISK1</filename>, <filename>DISK2</filename>,
+ <filename>DISK3</filename>, <filename>DISK4</filename> and
+ <filename>LANG</filename> for the 4.6C SR2 installation. All the
+ filenames on the mounted CDs should be in capital letters,
+ otherwise use the <option>-g</option> option for mounting. So use the following
+ commands:</para>
+
+ <screen>&prompt.root; <userinput>mount_cd9660 -g /dev/cd0a /mnt</userinput>
+&prompt.root; <userinput>cp -R /mnt/* /oracle/<replaceable>SID</replaceable>/sapreorg/<replaceable>cd-name</replaceable></userinput>
+&prompt.root; <userinput>umount /mnt</userinput></screen>
+ </sect3>
+
+ <sect3 id="runningtheinstall-script">
+ <title>Running the Installation Script</title>
+
+ <para>First you have to prepare an <filename class="directory">install</filename> directory:</para>
+
+ <screen>&prompt.root; <userinput>cd /oracle/<replaceable>SID</replaceable>/sapreorg</userinput>
+&prompt.root; <userinput>mkdir install</userinput>
+&prompt.root; <userinput>cd install</userinput></screen>
+
+ <para>Then the installation script is started, which will copy nearly
+ all the relevant files into the <filename class="directory">install</filename> directory:</para>
+
+ <screen>&prompt.root; <userinput>/oracle/<replaceable>SID</replaceable>/sapreorg/KERNEL/UNIX/INSTTOOL.SH</userinput></screen>
+
+ <para>The IDES installation (4.6B) comes with a fully customized
+ &sap.r3; demonstration system, so there are six instead of just three
+ EXPORT CDs. At this point the installation template
+ <filename>CENTRDB.R3S</filename> is for installing a standard
+ central instance (<application>&r3;</application> and database), not the IDES central
+ instance, so one needs to copy the corresponding <filename>CENTRDB.R3S</filename>
+ from the <filename class="directory">EXPORT1</filename> directory, otherwise <command>R3SETUP</command> will only ask
+ for three EXPORT CDs.</para>
+
+ <para>The newer <application>&sap; 4.6C SR2</application> release
+ comes with four EXPORT CDs. The parameter file that controls
+ the installation steps is <filename>CENTRAL.R3S</filename>.
+ Contrary to earlier releases there are no separate installation
+ templates for a central instance with or without database.
+ <application>&sap;</application> is using a separate template for database installation. To restart
+ the installation later it is however sufficient to restart with
+ the original file.</para>
+
+ <para>During and after installation, <application>&sap;</application> requires
+ <command>hostname</command> to return the computer name
+ only, not the fully qualified domain name. So either
+ set the hostname accordingly, or set an alias with
+ <command>alias hostname='hostname -s'</command> for
+ both <username>ora<replaceable>sid</replaceable></username> and
+ <username><replaceable>sid</replaceable>adm</username> (and for
+ <username>root</username> at least during installation
+ steps performed as <username>root</username>). It is also
+ possible to adjust the installed <filename>.profile</filename> and <filename>.login</filename> files of
+ both users that are installed during
+ <application>&sap;</application> installation.</para>
+ </sect3>
+
+ <sect3 id="startr3setup-46B">
+ <title>Start <command>R3SETUP</command> 4.6B</title>
+
+ <para>Make sure <envar>LD_LIBRARY_PATH</envar> is set correctly:</para>
+
+ <screen>&prompt.root; <userinput>export LD_LIBRARY_PATH=/oracle/IDS/lib:/sapmnt/IDS/exe:/oracle/805_32/lib</userinput></screen>
+
+ <para>Start <command>R3SETUP</command> as <username>root</username> from
+ installation directory:</para>
+
+ <screen>&prompt.root; <userinput>cd /oracle/IDS/sapreorg/install</userinput>
+&prompt.root; <userinput>./R3SETUP -f CENTRDB.R3S</userinput></screen>
+
+ <para>The script then asks some questions (defaults in brackets,
+ followed by actual input):</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Question</entry>
+ <entry>Default</entry>
+ <entry>Input</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Enter SAP System ID</entry>
+ <entry>[C11]</entry>
+ <entry>IDS<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter SAP Instance Number</entry>
+ <entry>[00]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter SAPMOUNT Directory</entry>
+ <entry>[/sapmnt]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter name of SAP central host</entry>
+ <entry>[troubadix.domain.de]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter name of SAP db host</entry>
+ <entry>[troubadix]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Select character set</entry>
+ <entry>[1] (WE8DEC)</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Oracle server version (1) Oracle 8.0.5, (2) Oracle 8.0.6, (3) Oracle 8.1.5, (4) Oracle 8.1.6</entry>
+ <entry> </entry>
+ <entry>1<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Extract Oracle Client archive</entry>
+ <entry>[1] (Yes, extract)</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter path to KERNEL CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/KERNEL</entry>
+ </row>
+ <row>
+ <entry>Enter path to RDBMS CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/RDBMS</entry>
+ </row>
+ <row>
+ <entry>Enter path to EXPORT1 CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/EXPORT1</entry>
+ </row>
+ <row>
+ <entry>Directory to copy EXPORT1 CD</entry>
+ <entry>[/oracle/IDS/sapreorg/CD4_DIR]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter path to EXPORT2 CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/EXPORT2</entry>
+ </row>
+ <row>
+ <entry>Directory to copy EXPORT2 CD</entry>
+ <entry>[/oracle/IDS/sapreorg/CD5_DIR]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter path to EXPORT3 CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/EXPORT3</entry>
+ </row>
+ <row>
+ <entry>Directory to copy EXPORT3 CD</entry>
+ <entry>[/oracle/IDS/sapreorg/CD6_DIR]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter path to EXPORT4 CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/EXPORT4</entry>
+ </row>
+ <row>
+ <entry>Directory to copy EXPORT4 CD</entry>
+ <entry>[/oracle/IDS/sapreorg/CD7_DIR]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter path to EXPORT5 CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/EXPORT5</entry>
+ </row>
+ <row>
+ <entry>Directory to copy EXPORT5 CD</entry>
+ <entry>[/oracle/IDS/sapreorg/CD8_DIR]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter path to EXPORT6 CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/IDS/sapreorg/EXPORT6</entry>
+ </row>
+ <row>
+ <entry>Directory to copy EXPORT6 CD</entry>
+ <entry>[/oracle/IDS/sapreorg/CD9_DIR]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter amount of RAM for SAP + DB</entry>
+ <entry> </entry>
+ <entry>850<keycap>Enter</keycap> (in Megabytes)</entry>
+ </row>
+ <row>
+ <entry>Service Entry Message Server</entry>
+ <entry>[3600]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Group-ID of sapsys</entry>
+ <entry>[101]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Group-ID of oper</entry>
+ <entry>[102]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Group-ID of dba</entry>
+ <entry>[100]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter User-ID of <replaceable>sid</replaceable>adm</entry>
+ <entry>[1000]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter User-ID of ora<replaceable>sid</replaceable></entry>
+ <entry>[1002]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Number of parallel procs</entry>
+ <entry>[2]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>If you had not copied the CDs to the different locations,
+ then the <application>&sap;</application> installer cannot find the CD needed (identified
+ by the <filename>LABEL.ASC</filename> file on the CD) and would
+ then ask you to insert and mount the CD and confirm or enter
+ the mount path.</para>
+
+ <para>The <filename>CENTRDB.R3S</filename> might not be
+ error free. In our case, it requested EXPORT4 CD again but
+ indicated the correct key (6_LOCATION, then 7_LOCATION
+ etc.), so one can just continue with entering the correct
+ values.</para>
+
+ <para>Apart from some problems mentioned below, everything
+ should go straight through up to the point where the &oracle;
+ database software needs to be installed.</para>
+ </sect3>
+
+ <sect3 id="startr3setup-46C">
+ <title>Start <command>R3SETUP</command> 4.6C SR2</title>
+
+ <para>Make sure <envar>LD_LIBRARY_PATH</envar> is set correctly. This is a
+ different value from the 4.6B installation with
+ <application>&oracle; 8.0.5</application>:</para>
+
+ <screen>&prompt.root; <userinput>export LD_LIBRARY_PATH=/sapmnt/PRD/exe:/oracle/PRD/817_32/lib</userinput></screen>
+
+ <para>Start <command>R3SETUP</command> as user <username>root</username> from installation directory:</para>
+
+ <screen>&prompt.root; <userinput>cd /oracle/PRD/sapreorg/install</userinput>
+&prompt.root; <userinput>./R3SETUP -f CENTRAL.R3S</userinput></screen>
+
+ <para>The script then asks some questions (defaults in brackets,
+ followed by actual input):</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Question</entry>
+ <entry>Default</entry>
+ <entry>Input</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Enter SAP System ID</entry>
+ <entry>[C11]</entry>
+ <entry>PRD<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter SAP Instance Number</entry>
+ <entry>[00]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter SAPMOUNT Directory</entry>
+ <entry>[/sapmnt]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter name of SAP central host</entry>
+ <entry>[majestix]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Database System ID</entry>
+ <entry>[PRD]</entry>
+ <entry>PRD<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter name of SAP db host</entry>
+ <entry>[majestix]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Select character set</entry>
+ <entry>[1] (WE8DEC)</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Oracle server version (2) Oracle 8.1.7</entry>
+ <entry> </entry>
+ <entry>2<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Extract Oracle Client archive</entry>
+ <entry>[1] (Yes, extract)</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter path to KERNEL CD</entry>
+ <entry>[/sapcd]</entry>
+ <entry>/oracle/PRD/sapreorg/KERNEL</entry>
+ </row>
+ <row>
+ <entry>Enter amount of RAM for SAP + DB</entry>
+ <entry>2044</entry>
+ <entry>1800<keycap>Enter</keycap> (in Megabytes)</entry>
+ </row>
+ <row>
+ <entry>Service Entry Message Server</entry>
+ <entry>[3600]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Group-ID of sapsys</entry>
+ <entry>[100]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Group-ID of oper</entry>
+ <entry>[101]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Group-ID of dba</entry>
+ <entry>[102]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter User-ID of <username>oraprd</username></entry>
+ <entry>[1002]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter User-ID of <username>prdadm</username></entry>
+ <entry>[1000]</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>LDAP support</entry>
+ <entry> </entry>
+ <entry>3<keycap>Enter</keycap> (no support)</entry>
+ </row>
+ <row>
+ <entry>Installation step completed</entry>
+ <entry>[1] (continue)</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Choose installation service</entry>
+ <entry>[1] (DB inst,file)</entry>
+ <entry><keycap>Enter</keycap></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>So far, creation of users gives an error during
+ installation in phases OSUSERDBSID_IND_ORA (for creating
+ user <username>ora<replaceable>sid</replaceable></username>) and
+ OSUSERSIDADM_IND_ORA (creating user
+ <username><replaceable>sid</replaceable>adm</username>).</para>
+
+ <para>Apart from some problems mentioned below, everything
+ should go straight through up to the point where the &oracle;
+ database software needs to be installed.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="installingoracle805">
+ <title>Installing &oracle; 8.0.5</title>
+
+ <para>Please see the corresponding &sap; Notes and &oracle; <filename>Readme</filename>s
+ regarding Linux and <application>&oracle; DB</application> for possible problems. Most if
+ not all problems stem from incompatible libraries.</para>
+
+ <para>For more information on installing <application>&oracle;</application>, refer to <link
+ linkend="linuxemu-oracle">the Installing &oracle;
+ chapter.</link></para>
+
+
+ <sect3 id="installingtheoracle805withorainst">
+ <title>Installing the &oracle; 8.0.5 with <command>orainst</command></title>
+
+ <para>If <application>&oracle; 8.0.5</application> is to be
+ used, some additional libraries are needed for successfully
+ relinking, as <application>&oracle; 8.0.5</application> was linked with an old glibc
+ (RedHat 6.0), but RedHat 6.1 already uses a new glibc. So
+ you have to install the following additional packages to
+ ensure that linking will work:</para>
+
+ <para><filename>compat-libs-5.2-2.i386.rpm</filename></para>
+ <para><filename>compat-glibc-5.2-2.0.7.2.i386.rpm</filename></para>
+ <para><filename>compat-egcs-5.2-1.0.3a.1.i386.rpm</filename></para>
+ <para><filename>compat-egcs-c++-5.2-1.0.3a.1.i386.rpm</filename></para>
+ <para><filename>compat-binutils-5.2-2.9.1.0.23.1.i386.rpm</filename></para>
+
+ <para>See the corresponding &sap; Notes or &oracle; <filename>Readme</filename>s for
+ further information. If this is no option (at the time of
+ installation we did not have enough time to check this), one
+ could use the original binaries, or use the relinked
+ binaries from an original RedHat system.</para>
+
+ <para>For compiling the intelligent agent, the RedHat Tcl
+ package must be installed. If you cannot get
+ <filename>tcl-8.0.3-20.i386.rpm</filename>, a newer one like
+ <filename>tcl-8.0.5-30.i386.rpm</filename> for RedHat 6.1
+ should also do.</para>
+
+ <para>Apart from relinking, the installation is
+ straightforward:</para>
+
+ <screen>&prompt.root; <userinput>su - oraids</userinput>
+&prompt.root; <userinput>export TERM=xterm</userinput>
+&prompt.root; <userinput>export ORACLE_TERM=xterm</userinput>
+&prompt.root; <userinput>export ORACLE_HOME=/oracle/IDS</userinput>
+&prompt.root; <userinput>cd $ORACLE_HOME/orainst_sap</userinput>
+&prompt.root; <userinput>./orainst</userinput></screen>
+
+ <para>Confirm all screens with <keycap>Enter</keycap> until the software is
+ installed, except that one has to deselect the
+ <emphasis>&oracle; On-Line Text Viewer</emphasis>, as this is
+ not currently available for Linux. <application>&oracle;</application> then wants to
+ relink with <command>i386-glibc20-linux-gcc</command>
+ instead of the available <command>gcc</command>,
+ <command>egcs</command> or <command>i386-redhat-linux-gcc
+ </command>.</para>
+
+ <para>Due to time constrains we decided to use the binaries
+ from an <application>&oracle; 8.0.5 PreProduction</application>
+ release, after the first
+ attempt at getting the version from the RDBMS CD working,
+ failed, and finding and accessing the correct RPMs was a
+ nightmare at that time.</para>
+
+ </sect3>
+
+ <sect3 id="installingtheoracle805preproduction">
+ <title>Installing the &oracle; 8.0.5 Pre-production Release for
+ Linux (Kernel 2.0.33)</title>
+
+ <para>This installation is quite easy. Mount the CD, start the
+ installer. It will then ask for the location of the &oracle;
+ home directory, and copy all binaries there. We did not
+ delete the remains of our previous RDBMS installation tries,
+ though.</para>
+
+ <para>Afterwards, <application>&oracle;</application> Database could be started with no
+ problems.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="installingoracle817">
+ <title>Installing the &oracle; 8.1.7 Linux Tarball</title>
+ <para>Take the tarball <filename>oracle81732.tgz</filename> you
+ produced from the installation directory on a Linux system
+ and untar it to <filename>/oracle/<replaceable>SID</replaceable>/817_32/</filename>.</para>
+ </sect2>
+
+ <sect2 id="continuewithsapr4installation">
+ <title>Continue with &sap.r3; Installation</title>
+
+ <para>First check the environment settings of users
+ <username>idsamd</username>
+ (<replaceable>sid</replaceable>adm) and
+ <username>oraids</username> (ora<replaceable>sid</replaceable>). They should now
+ both have the files <filename>.profile</filename>,
+ <filename>.login</filename> and <filename>.cshrc</filename>
+ which are all using <command>hostname</command>. In case the
+ system's hostname is the fully qualified name, you need to
+ change <command>hostname</command> to <command>hostname
+ -s</command> within all three files.</para>
+
+ <sect3 id="databaseload">
+ <title>Database Load</title>
+
+ <para>Afterwards, <command>R3SETUP</command> can either be restarted or continued
+ (depending on whether exit was chosen or not). <command>R3SETUP</command> then
+ creates the tablespaces and loads the data (for 46B IDES, from
+ EXPORT1 to EXPORT6, for 46C from DISK1 to DISK4) with <command>R3load</command>
+ into the database.</para>
+
+ <para>When the database load is finished (might take a few
+ hours), some passwords are requested. For test
+ installations, one can use the well known default passwords
+ (use different ones if security is an issue!):</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Question</entry>
+ <entry>Input</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Enter Password for sapr3</entry>
+ <entry>sap<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Confirum Password for sapr3</entry>
+ <entry>sap<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Password for sys</entry>
+ <entry>change_on_install<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Confirm Password for sys</entry>
+ <entry>change_on_install<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Enter Password for system</entry>
+ <entry>manager<keycap>Enter</keycap></entry>
+ </row>
+ <row>
+ <entry>Confirm Password for system</entry>
+ <entry>manager<keycap>Enter</keycap></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>At this point We had a few problems with
+ <command>dipgntab</command> during the 4.6B
+ installation.</para>
+ </sect3>
+
+ <sect3 id="listener">
+ <title>Listener</title>
+
+ <para>Start the <application>&oracle;</application> Listener as user
+ <username>ora<replaceable>sid</replaceable></username> as follows:</para>
+
+ <screen>&prompt.user; <userinput>umask 0; lsnrctl start</userinput></screen>
+
+ <para>Otherwise you might get the error <errorcode>ORA-12546</errorcode> as the sockets will not
+ have the correct permissions. See &sap; Note 072984.</para>
+ </sect3>
+
+ <sect3 id="mnlstables">
+ <title>Updating MNLS Tables</title>
+ <para>If you plan to import non-Latin-1 languages into the <application>&sap;</application> system,
+ you have to update the Multi National Language Support tables.
+ This is described in the &sap; OSS Notes 15023 and 45619. Otherwise,
+ you can skip this question during <application>&sap;</application> installation.</para>
+ <note><para>If you do not need MNLS, it is still necessary to check
+ the table TCPDB and initializing it if this has not been done. See
+ &sap; note 0015023 and 0045619 for further information.</para></note>
+ </sect3>
+ </sect2>
+
+ <sect2 id="postinstallationsteps">
+ <title>Post-installation Steps</title>
+
+ <sect3 id="requestsapr3licensekey">
+ <title>Request &sap.r3; License Key</title>
+
+ <para>You have to request your <application>&sap.r3;</application> License Key. This is needed,
+ as the temporary license that was installed during installation
+ is only valid for four weeks. First get the hardware key. Log
+ on as user <username>idsadm</username> and call
+ <command>saplicense</command>:</para>
+
+ <screen>&prompt.root; <userinput>/sapmnt/IDS/exe/saplicense -get</userinput></screen>
+
+ <para>Calling <command>saplicense</command> without parameters gives
+ a list of options. Upon receiving the license key, it can be
+ installed using:</para>
+
+ <screen>&prompt.root; <userinput>/sapmnt/IDS/exe/saplicense -install</userinput></screen>
+
+ <para>You are then required to enter the following values:</para>
+
+ <programlisting>SAP SYSTEM ID = <replaceable>SID, 3 chars</replaceable>
+CUSTOMER KEY = <replaceable>hardware key, 11 chars</replaceable>
+INSTALLATION NO = <replaceable>installation, 10 digits</replaceable>
+EXPIRATION DATE = <replaceable>yyyymmdd, usually "99991231"</replaceable>
+LICENSE KEY = <replaceable>license key, 24 chars</replaceable></programlisting>
+ </sect3>
+
+ <sect3 id="creatingusers">
+ <title>Creating Users</title>
+
+ <para>Create a user within client 000 (for some tasks required
+ to be done within client 000, but with a user different from
+ users <username>sap*</username> and
+ <username>ddic</username>). As a user name, We usually choose
+ <username>wartung</username> (or
+ <username>service</username> in English). Profiles
+ required are <literal>sap_new</literal> and
+ <literal>sap_all</literal>. For additional safety the
+ passwords of default users within all clients should be
+ changed (this includes users <username>sap*</username> and
+ <username>ddic</username>).</para>
+ </sect3>
+
+ <sect3 id="configtranssysprofileopermodesetc">
+ <title>Configure Transport System, Profile, Operation Modes, Etc.</title>
+
+ <para>Within client 000, user different from <username>ddic</username>
+ and <username>sap*</username>, do at least the following:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Task</entry>
+ <entry>Transaction</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Configure Transport System, e.g. as <emphasis>Stand-Alone
+ Transport Domain Entity</emphasis></entry>
+ <entry>STMS</entry>
+ </row>
+ <row>
+ <entry>Create / Edit Profile for System</entry>
+ <entry>RZ10</entry>
+ </row>
+ <row>
+ <entry>Maintain Operation Modes and Instances</entry>
+ <entry>RZ04</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>These and all the other post-installation steps are
+ thoroughly described in <application>&sap;</application> installation guides.</para>
+ </sect3>
+
+ <sect3 id="editintsidsap">
+ <title>Edit <filename>init<replaceable>sid</replaceable>.sap</filename> (<filename>initIDS.sap</filename>)</title>
+
+ <para>The file <filename>/oracle/IDS/dbs/initIDS.sap</filename>
+ contains the <application>&sap;</application> backup profile. Here the size of the tape to
+ be used, type of compression and so on need to be defined. To
+ get this running with <command>sapdba</command> /
+ <command>brbackup</command>, we changed the following values:</para>
+
+ <programlisting>compress = hardware
+archive_function = copy_delete_save
+cpio_flags = "-ov --format=newc --block-size=128 --quiet"
+cpio_in_flags = "-iuv --block-size=128 --quiet"
+tape_size = 38000M
+tape_address = /dev/nsa0
+tape_address_rew = /dev/sa0</programlisting>
+
+ <para>Explanations:</para>
+
+ <para><varname>compress</varname>: The tape we use is a HP DLT1
+ which does hardware compression.</para>
+
+ <para><varname>archive_function</varname>: This defines the
+ default behavior for saving &oracle; archive logs: new logfiles
+ are saved to tape, already saved logfiles are saved again and
+ are then deleted. This prevents lots of trouble if you need to
+ recover the database, and one of the archive-tapes has gone
+ bad.</para>
+
+ <para><varname>cpio_flags</varname>: Default is to use <option>-B</option> which
+ sets block size to 5120&nbsp;Bytes. For DLT Tapes, HP recommends at
+ least 32&nbsp;K block size, so we used <option>--block-size=128</option> for
+ 64&nbsp;K. <option>--format=newc</option> is needed because we have inode numbers greater than
+ 65535. The last option <option>--quiet</option> is needed as otherwise
+ <command>brbackup</command>
+ complains as soon as <command>cpio</command> outputs the
+ numbers of blocks saved.</para>
+
+ <para><varname>cpio_in_flags</varname>: Flags needed for
+ loading data back from tape. Format is recognized
+ automatically.</para>
+
+ <para><varname>tape_size</varname>: This usually gives the raw
+ storage capability of the tape. For security reason (we use
+ hardware compression), the value is slightly lower than the
+ actual value.</para>
+
+ <para><varname>tape_address</varname>: The non-rewindable
+ device to be used with <command>cpio</command>.</para>
+
+ <para><varname>tape_address_rew</varname>: The rewindable device to be
+ used with <command>cpio</command>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Configuration Issues after Installation</title>
+
+ <para>The following <application>&sap;</application> parameters should be tuned after
+ installation (examples for IDES 46B, 1&nbsp;GB memory):</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Name</entry>
+ <entry>Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>ztta/roll_extension</entry>
+ <entry>250000000</entry>
+ </row>
+ <row>
+ <entry>abap/heap_area_dia</entry>
+ <entry>300000000</entry>
+ </row>
+ <row>
+ <entry>abap/heap_area_nondia</entry>
+ <entry>400000000</entry>
+ </row>
+ <row>
+ <entry>em/initial_size_MB</entry>
+ <entry>256</entry>
+ </row>
+ <row>
+ <entry>em/blocksize_kB</entry>
+ <entry>1024</entry>
+ </row>
+ <row>
+ <entry>ipc/shm_psize_40</entry>
+ <entry>70000000</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>&sap; Note 0013026:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Name</entry>
+ <entry>Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>ztta/dynpro_area</entry>
+ <entry>2500000</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>&sap; Note 0157246:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Name</entry>
+ <entry>Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>rdisp/ROLL_MAXFS</entry>
+ <entry>16000</entry>
+ </row>
+ <row>
+ <entry>rdisp/PG_MAXFS</entry>
+ <entry>30000</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <note>
+ <para>With the above parameters, on a system with 1&nbsp;gigabyte
+ of memory, one may find memory consumption similar to:</para>
+
+ <programlisting>Mem: 547M Active, 305M Inact, 109M Wired, 40M Cache, 112M Buf, 3492K Free</programlisting>
+ </note>
+ </sect3>
+ </sect2>
+
+ <sect2 id="problemsduringinstallation">
+ <title>Problems during Installation</title>
+
+ <sect3 id="restartr3setup">
+ <title>Restart <command>R3SETUP</command> after Fixing a Problem</title>
+
+ <para><command>R3SETUP</command> stops if it encounters an error. If you have
+ looked at the corresponding logfiles and fixed the error,
+ you have to start <command>R3SETUP</command> again, usually selecting REPEAT
+ as option for the last step <command>R3SETUP</command> complained about.</para>
+
+ <para>To restart <command>R3SETUP</command>, just start it with the corresponding
+ <filename>R3S</filename> file:</para>
+
+ <screen>&prompt.root; <userinput>./R3SETUP -f CENTRDB.R3S</userinput></screen>
+
+ <para>for 4.6B, or with</para>
+
+ <screen>&prompt.root; <userinput>./R3SETUP -f CENTRAL.R3S</userinput></screen>
+
+ <para>for 4.6C, no matter whether the error occurred
+ with <filename>CENTRAL.R3S</filename> or
+ <filename>DATABASE.R3S</filename>.</para>
+
+ <note><para>At some stages, <command>R3SETUP</command> assumes that both database
+ and <application>&sap;</application> processes are up and running (as those were steps it
+ already completed). Should errors occur and for example the
+ database could not be started, you have to start both database
+ and <application>&sap;</application> by hand after you fixed the errors and before starting
+ <command>R3SETUP</command> again.</para>
+ <para>Do not forget to also start the <application>&oracle;</application> listener again (as
+ <username>ora<replaceable>sid</replaceable></username> with
+ <command>umask 0; lsnrctl start</command>) if it was also
+ stopped (for example due to a necessary reboot of the
+ system).</para>
+ </note>
+ </sect3>
+
+ <sect3 id="indoraduringduringr3setup">
+ <title>OSUSERSIDADM_IND_ORA during <command>R3SETUP</command></title>
+
+ <para>If <command>R3SETUP</command> complains at this stage, edit the
+ template file <command>R3SETUP</command> used at that time
+ (<filename>CENTRDB.R3S</filename> (4.6B) or either
+ <filename>CENTRAL.R3S</filename> or
+ <filename>DATABASE.R3S</filename> (4.6C)).
+ Locate <literal>[OSUSERSIDADM_IND_ORA]</literal> or search for the
+ only <literal>STATUS=ERROR</literal> entry
+ and edit the following values:</para>
+
+ <programlisting>HOME=/home/<replaceable>sid</replaceable>adm (was empty)
+STATUS=OK (had status ERROR)
+ </programlisting>
+
+ <para>Then you can restart <command>R3SETUP</command> again.</para>
+ </sect3>
+
+ <sect3 id="indoraduringr3setup">
+ <title>OSUSERDBSID_IND_ORA during <command>R3SETUP</command></title>
+
+ <para>Possibly <command>R3SETUP</command> also complains at this stage. The error
+ here is similar to the one in phase OSUSERSIDADM_IND_ORA.
+ Just edit
+ the template file <command>R3SETUP</command> used at that time
+ (<filename>CENTRDB.R3S</filename> (4.6B) or either
+ <filename>CENTRAL.R3S</filename> or
+ <filename>DATABASE.R3S</filename> (4.6C)).
+ Locate <literal>[OSUSERDBSID_IND_ORA]</literal> or search for the
+ only <literal>STATUS=ERROR</literal> entry
+ and edit the following value in that section:</para>
+
+ <programlisting>STATUS=OK</programlisting>
+
+ <para>Then restart <command>R3SETUP</command>.</para>
+ </sect3>
+
+ <sect3 id="oraviewvrffilenotfound">
+ <title><errorname>oraview.vrf FILE NOT FOUND</errorname> during &oracle; Installation</title>
+
+ <para>You have not deselected <emphasis>&oracle; On-Line Text Viewer</emphasis>
+ before starting the installation. This is marked for installation even
+ though this option is currently not available for Linux. Deselect this
+ product inside the <application>&oracle;</application> installation menu and restart installation.</para>
+ </sect3>
+
+ <sect3 id="textenvincalid">
+ <title><errorname>TEXTENV_INVALID</errorname> during <command>R3SETUP</command>, RFC or SAPgui Start</title>
+
+ <para>If this error is encountered, the correct locale is
+ missing. &sap; Note 0171356 lists the necessary RPMs that need
+ be installed (e.g. <filename>saplocales-1.0-3</filename>,
+ <filename>saposcheck-1.0-1</filename> for RedHat 6.1). In case
+ you ignored all the related errors and set the corresponding
+ <literal>STATUS</literal> from <literal>ERROR</literal> to <literal>OK</literal> (in <filename>CENTRDB.R3S</filename>) every time <command>R3SETUP</command>
+ complained and just restarted <command>R3SETUP</command>, the <application>&sap;</application> system will not
+ be properly configured and you will then not be able to
+ connect to the system with a
+ <application>SAPgui</application>, even though the system
+ can be started. Trying to connect with the old Linux
+ <application>SAPgui</application> gave the following
+ messages:</para>
+
+ <programlisting>Sat May 5 14:23:14 2001
+*** ERROR => no valid userarea given [trgmsgo. 0401]
+Sat May 5 14:23:22 2001
+*** ERROR => ERROR NR 24 occured [trgmsgi. 0410]
+*** ERROR => Error when generating text environment. [trgmsgi. 0435]
+*** ERROR => function failed [trgmsgi. 0447]
+*** ERROR => no socket operation allowed [trxio.c 3363]
+Speicherzugriffsfehler</programlisting>
+
+ <para>This behavior is due to <application>&sap.r3;</application> being unable to correctly
+ assign a locale and also not being properly configured itself
+ (missing entries in some database tables). To be able to connect
+ to <application>&sap;</application>, add the following entries to file
+ <filename>DEFAULT.PFL</filename> (see Note 0043288):</para>
+
+ <programlisting>abap/set_etct_env_at_new_mode = 0
+install/collate/active = 0
+rscp/TCP0B = TCP0B</programlisting>
+
+ <para>Restart the <application>&sap;</application> system. Now you can connect to the
+ system, even though country-specific language settings might
+ not work as expected. After correcting country settings
+ (and providing the correct locales), these entries can be
+ removed from <filename>DEFAULT.PFL</filename> and the <application>&sap;</application>
+ system can be restarted.</para>
+
+ </sect3>
+
+ <sect3 id="ora-00001">
+ <title><errorcode>ORA-00001</errorcode></title>
+ <para>This error only happened with
+ <application>&oracle; 8.1.7</application> on FreeBSD&nbsp;4.5.
+ The reason was that the <application>&oracle;</application> database could not initialize itself
+ properly and crashed, leaving semaphores and shared memory on the
+ system. The next try to start the database then returned
+ <errorcode>ORA-00001</errorcode>.</para>
+
+ <para>Find them with <command>ipcs -a</command> and remove them
+ with <command>ipcrm</command>.</para>
+ </sect3>
+
+ <sect3 id="ora-00445pmon">
+ <title><errorcode>ORA-00445</errorcode> (Background Process PMON Did Not Start)</title>
+ <para>This error happened with <application>&oracle; 8.1.7</application>.
+ This error is reported if the database is started with
+ the usual <command>startsap</command> script (for example
+ <command>startsap_majestix_00</command>) as user
+ <username>prdadm</username>.</para>
+
+ <para>A possible workaround is to start the database as user
+ <username>oraprd</username> instead
+ with <command>svrmgrl</command>:</para>
+
+ <screen>&prompt.user; <userinput>svrmgrl</userinput>
+SVRMGR&gt; <userinput>connect internal;</userinput>
+SVRMGR&gt; <userinput>startup</userinput>;
+SVRMGR&gt; <userinput>exit</userinput></screen>
+
+ </sect3>
+
+ <sect3 id="ora-12546">
+ <title><errorcode>ORA-12546</errorcode> (Start Listener with Correct Permissions)</title>
+
+ <para>Start the <application>&oracle;</application> listener as user
+ <username>oraids</username> with the following commands:</para>
+
+ <screen>&prompt.root; <userinput>umask 0; lsnrctl start</userinput></screen>
+
+ <para>Otherwise you might get <errorcode>ORA-12546</errorcode> as the sockets will not
+ have the correct permissions. See &sap; Note 0072984.</para>
+ </sect3>
+
+ <sect3 id="ora-27102">
+ <title><errorcode>ORA-27102</errorcode> (Out of Memory)</title>
+
+ <para>This error happened whilst trying to use values for
+ <literal>MAXDSIZ</literal> and <literal>DFLDSIZ</literal>
+ greater than 1&nbsp;GB (1024x1024x1024). Additionally, we got
+ <errorname>Linux Error 12: Cannot allocate memory</errorname>.</para>
+ </sect3>
+
+ <sect3 id="dipgntabindind">
+ <title>[DIPGNTAB_IND_IND] during <command>R3SETUP</command></title>
+
+ <para>In general, see &sap; Note 0130581 (<command>R3SETUP</command> step
+ <literal>DIPGNTAB</literal> terminates). During the
+ IDES-specific installation, for some reason the installation
+ process was not using the proper <application>&sap;</application> system name <quote>IDS</quote>, but
+ the empty string <literal>""</literal> instead. This leads to some minor problems
+ with accessing directories, as the paths are generated
+ dynamically using <replaceable>SID</replaceable> (in this case IDS). So instead
+ of accessing:</para>
+
+ <programlisting>/usr/sap/IDS/SYS/...
+/usr/sap/IDS/DVMGS00</programlisting>
+
+ <para>the following paths were used:</para>
+
+ <programlisting>/usr/sap//SYS/...
+/usr/sap/D00</programlisting>
+
+ <para>To continue with the installation, we created a link and an
+ additional directory:</para>
+
+ <screen>&prompt.root; <userinput>pwd</userinput>
+/compat/linux/usr/sap
+&prompt.root; <userinput>ls -l</userinput>
+total 4
+drwxr-xr-x 3 idsadm sapsys 512 May 5 11:20 D00
+drwxr-x--x 5 idsadm sapsys 512 May 5 11:35 IDS
+lrwxr-xr-x 1 root sapsys 7 May 5 11:35 SYS -> IDS/SYS
+drwxrwxr-x 2 idsadm sapsys 512 May 5 13:00 tmp
+drwxrwxr-x 11 idsadm sapsys 512 May 4 14:20 trans</screen>
+
+ <para>We also found &sap; Notes (0029227 and 0008401) describing
+ this behavior. We did not encounter any of these problems with
+ the <application>&sap; 4.6C</application> installation.</para>
+ </sect3>
+
+ <sect3 id="rfcrswboiniindind">
+ <title>[RFCRSWBOINI_IND_IND] during <command>R3SETUP</command></title>
+
+ <para>During installation of <application>&sap; 4.6C</application>,
+ this error was just the result of another error happening
+ earlier during installation. In this case, you have to look
+ through the corresponding logfiles and correct the real
+ problem.</para>
+
+ <para>If after looking through the logfiles this error is
+ indeed the correct one (check the &sap; Notes), you can set
+ <literal>STATUS</literal> of the offending step from <literal>ERROR</literal> to <literal>OK</literal> (file
+ <filename>CENTRDB.R3S</filename>) and restart <command>R3SETUP</command>. After
+ installation, you have to execute the report
+ <literal>RSWBOINS</literal> from transaction SE38. See &sap;
+ Note 0162266 for additional information about phase
+ <literal>RFCRSWBOINI</literal> and
+ <literal>RFCRADDBDIF</literal>.</para>
+ </sect3>
+
+ <sect3 id="rfcraddbdifindind">
+ <title>[RFCRADDBDIF_IND_IND] during <command>R3SETUP</command></title>
+ <para>Here the same restrictions apply: make sure by looking
+ through the logfiles, that this error is not caused by some
+ previous problems.</para>
+
+ <para>If you can confirm that &sap; Note 0162266 applies, just
+ set <literal>STATUS</literal> of the offending step from <literal>ERROR</literal> to <literal>OK</literal> (file
+ <filename>CENTRDB.R3S</filename>) and restart <command>R3SETUP</command>. After
+ installation, you have to execute the report
+ <literal>RADDBDIF</literal> from transaction SE38.</para>
+ </sect3>
+
+ <sect3 id="sigactionsig31">
+ <title><errorcode>sigaction sig31: File size limit exceeded</errorcode></title>
+
+ <para>This error occurred during start of <application>&sap;</application> processes
+ <emphasis>disp+work</emphasis>. If starting <application>&sap;</application> with the
+ <command>startsap</command> script, subprocesses are then started which
+ detach and do the dirty work of starting all other <application>&sap;</application>
+ processes. As a result, the script itself will not notice
+ if something goes wrong.</para>
+
+ <para>To check whether the <application>&sap;</application> processes did start properly,
+ have a look at the process status with
+ <command>ps ax | grep <replaceable>SID</replaceable></command>, which will give
+ you a list of all <application>&oracle;</application> and <application>&sap;</application> processes. If it looks like
+ some processes are missing or if you cannot connect to the <application>&sap;</application> system,
+ look at the corresponding logfiles which can be found
+ at <filename>/usr/sap/<replaceable>SID</replaceable>/DVEBMGS<replaceable>nr</replaceable>/work/</filename>.
+ The files to look at are <filename>dev_ms</filename> and
+ <filename>dev_disp</filename>.</para>
+
+ <para>Signal 31 happens here if the amount of shared memory used by
+ <application>&oracle;</application> and <application>&sap;</application> exceed the one defined within the kernel configuration
+ file and could be resolved by using a larger value:</para>
+
+ <programlisting># larger value for 46C production systems:
+options SHMMAXPGS=393216
+# smaller value sufficient for 46B:
+#options SHMMAXPGS=262144</programlisting>
+
+ </sect3>
+
+ <sect3 id="saposcolfails">
+ <title>Start of <command>saposcol</command> Failed</title>
+ <para>There are some problems with the program <command>saposcol</command> (version 4.6D).
+ The <application>&sap;</application> system is using <command>saposcol</command> to collect data about the
+ system performance. This program is not needed to use the <application>&sap;</application> system,
+ so this problem can be considered a minor one. The older versions
+ (4.6B) does work, but does not collect all the data (many calls will
+ just return 0, for example for CPU usage).</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="linuxemu-advanced">
+ <title>Advanced Topics</title>
+
+ <para>If you are curious as to how the Linux binary compatibility
+ works, this is the section you want to read. Most of what follows
+ is based heavily on an email written to &a.chat; by Terry Lambert
+ <email>tlambert@primenet.com</email> (Message ID:
+ <literal>&lt;199906020108.SAA07001@usr09.primenet.com&gt;</literal>).</para>
+
+ <sect2>
+ <title>How Does It Work?</title>
+ <indexterm><primary>execution class loader</primary></indexterm>
+
+ <para>FreeBSD has an abstraction called an <quote>execution class
+ loader</quote>. This is a wedge into the &man.execve.2; system
+ call.</para>
+
+ <para>What happens is that FreeBSD has a list of loaders, instead of
+ a single loader with a fallback to the <literal>#!</literal>
+ loader for running any shell interpreters or shell scripts.</para>
+
+ <para>Historically, the only loader on the &unix; platform examined
+ the magic number (generally the first 4 or 8 bytes of the file) to
+ see if it was a binary known to the system, and if so, invoked the
+ binary loader.</para>
+
+ <para>If it was not the binary type for the system, the
+ &man.execve.2; call returned a failure, and the shell attempted to
+ start executing it as shell commands.</para>
+
+ <para>The assumption was a default of <quote>whatever the current
+ shell is</quote>.</para>
+
+ <para>Later, a hack was made for &man.sh.1; to examine the first two
+ characters, and if they were <literal>:\n</literal>, then it
+ invoked the &man.csh.1; shell instead (we believe SCO first made
+ this hack).</para>
+
+ <para>What FreeBSD does now is go through a list of loaders, with a
+ generic <literal>#!</literal> loader that knows about interpreters
+ as the characters which follow to the next whitespace next to
+ last, followed by a fallback to
+ <filename>/bin/sh</filename>.</para>
+ <indexterm><primary>ELF</primary></indexterm>
+
+ <para>For the Linux ABI support, FreeBSD sees the magic number as an
+ ELF binary (it makes no distinction between FreeBSD, &solaris;,
+ Linux, or any other OS which has an ELF image type, at this
+ point).</para>
+ <indexterm><primary>Solaris</primary></indexterm>
+
+ <para>The ELF loader looks for a specialized
+ <emphasis>brand</emphasis>, which is a comment section in the ELF
+ image, and which is not present on SVR4/&solaris; ELF
+ binaries.</para>
+
+ <para>For Linux binaries to function, they must be
+ <emphasis>branded</emphasis> as type <literal>Linux</literal>
+ from &man.brandelf.1;:</para>
+
+ <screen>&prompt.root; <userinput>brandelf -t Linux file</userinput></screen>
+
+ <para>When this is done, the ELF loader will see the
+ <literal>Linux</literal> brand on the file.</para>
+ <indexterm>
+ <primary>ELF</primary>
+ <secondary>branding</secondary>
+ </indexterm>
+
+ <para>When the ELF loader sees the <literal>Linux</literal> brand,
+ the loader replaces a pointer in the <literal>proc</literal>
+ structure. All system calls are indexed through this pointer (in
+ a traditional &unix; system, this would be the
+ <literal>sysent[]</literal> structure array, containing the system
+ calls). In addition, the process is flagged for special handling of
+ the trap vector for the signal trampoline code, and several other
+ (minor) fix-ups that are handled by the Linux kernel
+ module.</para>
+
+ <para>The Linux system call vector contains, among other things, a
+ list of <literal>sysent[]</literal> entries whose addresses reside
+ in the kernel module.</para>
+
+ <para>When a system call is called by the Linux binary, the trap
+ code dereferences the system call function pointer off the
+ <literal>proc</literal> structure, and gets the Linux, not the
+ FreeBSD, system call entry points.</para>
+
+ <para>In addition, the Linux mode dynamically
+ <emphasis>reroots</emphasis> lookups; this is, in effect, what the
+ <option>union</option> option to file system mounts
+ (<emphasis>not</emphasis> the <literal>unionfs</literal> file system type!) does. First, an attempt
+ is made to lookup the file in the
+ <filename>/compat/linux/<replaceable>original-path</replaceable></filename>
+ directory, <emphasis>then</emphasis> only if that fails, the
+ lookup is done in the
+ <filename>/<replaceable>original-path</replaceable></filename>
+ directory. This makes sure that binaries that require other
+ binaries can run (e.g., the Linux toolchain can all run under
+ Linux ABI support). It also means that the Linux binaries can
+ load and execute FreeBSD binaries, if there are no corresponding
+ Linux binaries present, and that you could place a &man.uname.1;
+ command in the <filename>/compat/linux</filename> directory tree
+ to ensure that the Linux binaries could not tell they were not
+ running on Linux.</para>
+
+ <para>In effect, there is a Linux kernel in the FreeBSD kernel; the
+ various underlying functions that implement all of the services
+ provided by the kernel are identical to both the FreeBSD system
+ call table entries, and the Linux system call table entries: file
+ system operations, virtual memory operations, signal delivery,
+ System V IPC, etc&hellip; The only difference is that FreeBSD
+ binaries get the FreeBSD <emphasis>glue</emphasis> functions, and
+ Linux binaries get the Linux <emphasis>glue</emphasis> functions
+ (most older OS's only had their own <emphasis>glue</emphasis>
+ functions: addresses of functions in a static global
+ <literal>sysent[]</literal> structure array, instead of addresses
+ of functions dereferenced off a dynamically initialized pointer in
+ the <literal>proc</literal> structure of the process making the
+ call).</para>
+
+ <para>Which one is the native FreeBSD ABI? It does not matter.
+ Basically the only difference is that (currently; this could
+ easily be changed in a future release, and probably will be after
+ this) the FreeBSD <emphasis>glue</emphasis> functions are
+ statically linked into the kernel, and the Linux <emphasis>glue</emphasis> functions
+ can be statically linked, or they can be accessed via a kernel
+ module.</para>
+
+ <para>Yeah, but is this really emulation? No. It is an ABI
+ implementation, not an emulation. There is no emulator (or
+ simulator, to cut off the next question) involved.</para>
+
+ <para>So why is it sometimes called <quote>Linux emulation</quote>?
+ To make it hard to sell FreeBSD! Really, it
+ is because the historical implementation was done at a time when
+ there was really no word other than that to describe what was
+ going on; saying that FreeBSD ran Linux binaries was not true, if
+ you did not compile the code in or load a module, and there needed
+ to be a word to describe what was being loaded&mdash;hence
+ <quote>the Linux emulator</quote>.</para>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/handbook/mac/Makefile b/zh_TW.Big5/books/handbook/mac/Makefile
new file mode 100644
index 0000000000..74aca4172f
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/mac/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= mac/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/mac/chapter.sgml b/zh_TW.Big5/books/handbook/mac/chapter.sgml
new file mode 100644
index 0000000000..f1ffb8d56f
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/mac/chapter.sgml
@@ -0,0 +1,2288 @@
+<!--
+ The FreeBSD Documentation Project
+ $FreeBSD$
+-->
+
+<chapter id="mac">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Mandatory Access Control</title>
+
+ <sect1 id="mac-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm><primary>MAC</primary></indexterm>
+ <indexterm>
+ <primary>Mandatory Access Control</primary>
+ <see>MAC</see>
+ </indexterm>
+
+ <para>&os;&nbsp;5.X introduced new security extensions from the
+ TrustedBSD project based on the &posix;.1e draft. Two of the most
+ significant new security mechanisms are file system Access Control
+ Lists (<acronym>ACLs</acronym>) and Mandatory Access Control
+ (<acronym>MAC</acronym>) facilities. Mandatory Access Control allows
+ new access control modules to be loaded, implementing new security
+ policies. Some provide protections of a narrow subset of the
+ system, hardening a particular service, while others provide
+ comprehensive labeled security across all subjects and objects.
+ The mandatory part
+ of the definition comes from the fact that the enforcement of
+ the controls is done by administrators and the system, and is
+ not left up to the discretion of users as is done with
+ discretionary access control (<acronym>DAC</acronym>, the standard
+ file and System V <acronym>IPC</acronym> permissions on &os;).</para>
+
+ <para>This chapter will focus on the
+ Mandatory Access Control Framework (MAC Framework), and a set
+ of pluggable security policy modules enabling various security
+ mechanisms.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>What <acronym>MAC</acronym> security policy modules are currently
+ included in &os; and their associated mechanisms.</para>
+ </listitem>
+
+ <listitem>
+ <para>What <acronym>MAC</acronym> security policy modules implement as
+ well as the difference between a labeled and non-labeled
+ policy.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to efficiently configure a system to use
+ the <acronym>MAC</acronym> framework.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure the different security policy modules included with the
+ <acronym>MAC</acronym> framework.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to implement a more secure environment using the
+ <acronym>MAC</acronym> framework and the examples
+ shown.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to test the <acronym>MAC</acronym> configuration
+ to ensure the framework has been properly implemented.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand &unix; and &os; basics
+ (<xref linkend="basics">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Be familiar with
+ the basics of kernel configuration/compilation
+ (<xref linkend="kernelconfig">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Have some familiarity with security and how it
+ pertains to &os; (<xref linkend="security">).</para>
+ </listitem>
+ </itemizedlist>
+
+ <warning>
+ <para>The improper use of the
+ information in this chapter may cause loss of system access,
+ aggravation of users, or inability to access the features
+ provided by X11. More importantly, <acronym>MAC</acronym> should not
+ be relied upon to completely secure a system. The
+ <acronym>MAC</acronym> framework only augments
+ existing security policy; without sound security practices and
+ regular security checks, the system will never be completely
+ secure.</para>
+
+ <para>It should also be noted that the examples contained
+ within this chapter are just that, examples. It is not
+ recommended that these particular settings be rolled out
+ on a production system. Implementing the various security policy modules takes
+ a good deal of thought. One who does not fully understand
+ exactly how everything works may find him or herself going
+ back through the entire system and reconfiguring many files
+ or directories.</para>
+ </warning>
+
+ <sect2>
+ <title>What Will Not Be Covered</title>
+
+ <para>This chapter covers a broad range of security issues relating
+ to the <acronym>MAC</acronym> framework; however, the
+ development of new <acronym>MAC</acronym> security policy modules
+ will not be covered. A number of security policy modules included with the
+ <acronym>MAC</acronym> framework have specific characteristics
+ which are provided for both testing and new module
+ development. These include the &man.mac.test.4;,
+ &man.mac.stub.4; and &man.mac.none.4;.
+ For more information on these security policy modules and the various
+ mechanisms they provide, please review the manual pages.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-inline-glossary">
+ <title>Key Terms in this Chapter</title>
+
+ <para>Before reading this chapter, a few key terms must be
+ explained. This will hopefully clear up any confusion that
+ may occur and avoid the abrupt introduction of new terms
+ and information.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>compartment</emphasis>: A compartment is a
+ set of programs and data to be partitioned or separated,
+ where users are given explicit access to specific components
+ of a system. Also, a compartment represents a grouping,
+ such as a work group, department, project, or topic. Using
+ compartments, it is possible to implement a need-to-know
+ security policy.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>integrity</emphasis>: Integrity, as a key
+ concept, is the level of trust which can be placed on data.
+ As the integrity of the data is elevated, so does the ability
+ to trust that data.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>label</emphasis>: A label is a security
+ attribute which can be applied to files, directories, or
+ other items in the system. It could be considered
+ a confidentiality stamp; when a label is placed on
+ a file it describes the security properties for that specific
+ file and will only permit access by files, users, resources,
+ etc. with a similar security setting. The meaning and
+ interpretation of label values depends on the policy configuration: while
+ some policies might treat a label as representing the
+ integrity or secrecy of an object, other policies might use
+ labels to hold rules for access.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>level</emphasis>: The increased or decreased
+ setting of a security attribute. As the level increases,
+ its security is considered to elevate as well.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>multilabel</emphasis>: The
+ <option>multilabel</option> property is a file system option
+ which can be set in single user mode using the
+ &man.tunefs.8; utility, during the boot operation
+ using the &man.fstab.5; file, or during the creation of
+ a new file system. This option will permit an administrator
+ to apply different <acronym>MAC</acronym> labels on different
+ objects. This option
+ only applies to security policy modules which support labeling.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>object</emphasis>: An object or system
+ object is an entity through which information flows
+ under the direction of a <emphasis>subject</emphasis>.
+ This includes directories, files, fields, screens, keyboards,
+ memory, magnetic storage, printers or any other data
+ storage/moving device. Basically, an object is a data container or
+ a system resource; access to an <emphasis>object</emphasis>
+ effectively means access to the data.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>policy</emphasis>: A collection of rules
+ which defines how objectives are to be achieved. A
+ <emphasis>policy</emphasis> usually documents how certain
+ items are to be handled. This chapter will
+ consider the term <emphasis>policy</emphasis> in this
+ context as a <emphasis>security policy</emphasis>; i.e.
+ a collection of rules which will control the flow of data
+ and information and define whom will have access to that
+ data and information.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>sensitivity</emphasis>: Usually used when
+ discussing <acronym>MLS</acronym>. A sensitivity level is
+ a term used to describe how important or secret the data
+ should be. As the sensitivity level increases, so does the
+ importance of the secrecy, or confidentiality of the data.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>single label</emphasis>: A single label is
+ when the entire file system uses one label to
+ enforce access control over the flow of data. When a file
+ system has this set, which is any time when the
+ <option>multilabel</option> option is not set, all
+ files will conform to the same label setting.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>subject</emphasis>: a subject is any
+ active entity that causes information to flow between
+ <emphasis>objects</emphasis>; e.g. a user, user processor,
+ system process, etc. On &os;, this is almost always a thread
+ acting in a process on behalf of a user.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="mac-initial">
+ <title>Explanation of MAC</title>
+
+ <para>With all of these new terms in mind, consider how the
+ <acronym>MAC</acronym> framework augments the security of
+ the system as a whole. The various security policy modules provided by
+ the <acronym>MAC</acronym> framework could be used to
+ protect the network and file systems, block users from
+ accessing certain ports and sockets, and more. Perhaps
+ the best use of the policy modules is to blend them together, by loading
+ several security policy modules at a time for a multi-layered
+ security environment. In a multi-layered security environment,
+ multiple policy modules are in effect to keep security in check. This
+ is different to a hardening policy, which typically hardens
+ elements of a system that is used only for specific purposes.
+ The only downside is administrative overhead in cases of
+ multiple file system labels, setting network access control
+ user by user, etc.</para>
+
+ <para>These downsides are minimal when compared to the lasting
+ effect of the framework; for instance, the ability to pick and choose
+ which policies are required for a specific configuration keeps
+ performance overhead down. The reduction of support for unneeded
+ policies can increase the overall performance of the system as well as
+ offer flexibility of choice. A good implementation would
+ consider the overall security requirements and effectively implement
+ the various security policy modules offered by the framework.</para>
+
+ <para>Thus a system utilizing <acronym>MAC</acronym> features
+ should at least guarantee that a user will not be permitted
+ to change security attributes at will; all user utilities,
+ programs and scripts must work within the constraints of
+ the access rules provided by the selected security policy modules; and
+ that total control of the <acronym>MAC</acronym> access
+ rules are in the hands of the system administrator.</para>
+
+ <para>It is the sole duty of the system administrator to
+ carefully select the correct security policy modules. Some environments
+ may need to limit access control over the network; in these
+ cases, the &man.mac.portacl.4;, &man.mac.ifoff.4; and even
+ &man.mac.biba.4; policy modules might make good starting points. In other
+ cases, strict confidentiality of file system objects might
+ be required. Policy modules such as &man.mac.bsdextended.4;
+ and &man.mac.mls.4; exist for this purpose.</para>
+
+ <para>Policy decisions could be made based on network
+ configuration. Perhaps only certain users should be permitted
+ access to facilities provided by &man.ssh.1; to access the
+ network or the Internet. The &man.mac.portacl.4; would be
+ the policy module of choice for these situations. But what should be
+ done in the case of file systems? Should all access to certain
+ directories be severed from other groups or specific
+ users? Or should we limit user or utility access to specific
+ files by setting certain objects as classified?</para>
+
+ <para>In the file system case, access to objects might be
+ considered confidential to some users, but not to others.
+ For an example, a large development team might be broken
+ off into smaller groups of individuals. Developers in
+ project A might not be permitted to access objects written
+ by developers in project B. Yet they might need to access
+ objects created by developers in project C; that is quite a
+ situation indeed. Using the different security policy modules provided by
+ the <acronym>MAC</acronym> framework; users could
+ be divided into these groups and then given access to the
+ appropriate areas without fear of information
+ leakage.</para>
+
+ <para>Thus, each security policy module has a unique way of dealing with
+ the overall security of a system. Module selection should be based
+ on a well thought out security policy. In many cases, the
+ overall policy may need to be revised and reimplemented on
+ the system. Understanding the different security policy modules offered by
+ the <acronym>MAC</acronym> framework will help administrators
+ choose the best policies for their situations.</para>
+
+ <para>The default &os; kernel does not include the option for
+ the <acronym>MAC</acronym> framework; thus the following
+ kernel option must be added before trying any of the examples or
+ information in this chapter:</para>
+
+ <programlisting>options MAC</programlisting>
+
+ <para>And the kernel will require a rebuild and a reinstall.</para>
+
+ <caution>
+ <para>While the various manual pages for <acronym>MAC</acronym>
+ policy modules state that they may be built into the kernel,
+ it is possible to lock the system out of
+ the network and more. Implementing <acronym>MAC</acronym>
+ is much like implementing a firewall, care must be taken
+ to prevent being completely locked out of the system. The
+ ability to revert back to a previous configuration should be
+ considered while the implementation of <acronym>MAC</acronym>
+ remotely should be done with extreme caution.</para>
+ </caution>
+ </sect1>
+
+ <sect1 id="mac-understandlabel">
+ <title>Understanding MAC Labels</title>
+
+ <para>A <acronym>MAC</acronym> label is a security attribute
+ which may be applied to subjects and objects throughout
+ the system.</para>
+
+ <para>When setting a label, the user must be able to comprehend
+ what it is, exactly, that is being done. The attributes
+ available on an object depend on the policy module loaded, and that
+ policy modules interpret their attributes in different
+ ways. If improperly configured due to lack of comprehension, or
+ the inability to understand the implications, the result will
+ be the unexpected and perhaps, undesired, behavior of the
+ system.</para>
+
+ <para>The security label on an object is used as a part of a
+ security access control decision by a policy. With some
+ policies, the label by itself contains all information necessary
+ to make a decision; in other models, the labels may be processed
+ as part of a larger rule set, etc.</para>
+
+ <para>For instance, setting the label of <literal>biba/low</literal>
+ on a file will represent a label maintained by the Biba security policy module,
+ with a value of <quote>low</quote>.</para>
+
+ <para>A few policy modules which support the labeling feature in
+ &os; offer three specific predefined labels. These
+ are the low, high, and equal labels. Although they enforce
+ access control in a different manner with each policy module, you
+ can be sure that the low label will be the lowest setting,
+ the equal label will set the subject or object to be disabled
+ or unaffected, and the high label will enforce the highest
+ setting available in the Biba and <acronym>MLS</acronym>
+ policy modules.</para>
+
+ <para>Within single label file system environments, only one label may be
+ used on objects. This will enforce one set of
+ access permissions across the entire system and in many
+ environments may be all that is required. There are a few
+ cases where multiple labels may be set on objects
+ or subjects in the file system. For those cases, the
+ <option>multilabel</option> option may be passed to
+ &man.tunefs.8;.</para>
+
+ <para>In the case of Biba and <acronym>MLS</acronym>, a numeric
+ label may be set to indicate the precise level of hierarchical
+ control. This numeric level is used to partition or sort
+ information into different groups of say, classification only
+ permitting access to that group or a higher group level.</para>
+
+ <para>In most cases the administrator will only be setting up a
+ single label to use throughout the file system.</para>
+
+ <para><emphasis>Hey wait, this is similar to <acronym>DAC</acronym>!
+ I thought <acronym>MAC</acronym> gave control strictly to the
+ administrator.</emphasis> That statement still holds true, to some
+ extent as <username>root</username> is the one in control and who
+ configures the policies so that users are placed in the
+ appropriate categories/access levels. Alas, many policy modules can
+ restrict the <username>root</username> user as well. Basic
+ control over objects will then be released to the group, but
+ <username>root</username> may revoke or modify the settings
+ at any time. This is the hierarchal/clearance model covered
+ by policies such as Biba and <acronym>MLS</acronym>.</para>
+
+ <sect2>
+ <title>Label Configuration</title>
+
+ <para>Virtually all aspects of label policy module configuration
+ will be performed using the base system utilities. These
+ commands provide a simple interface for object or subject
+ configuration or the manipulation and verification of
+ the configuration.</para>
+
+ <para>All configuration may be done by use of the
+ &man.setfmac.8; and &man.setpmac.8; utilities.
+ The <command>setfmac</command> command is used to set
+ <acronym>MAC</acronym> labels on system objects while the
+ <command>setpmac</command> command is used to set the labels
+ on system subjects. Observe:</para>
+
+ <screen>&prompt.root; <userinput>setfmac biba/high test</userinput></screen>
+
+ <para>If no errors occurred with the command above, a prompt
+ will be returned. The only time these commands are not
+ quiescent is when an error occurred; similarly to the
+ &man.chmod.1; and &man.chown.8; commands. In some cases this
+ error may be a <errorname>Permission denied</errorname> and
+ is usually obtained when the label is being set or modified
+ on an object which is restricted.<footnote><para>Other conditions
+ may produce different failures. For instance, the file may not
+ be owned by the user attempting to relabel the object, the
+ object may not exist or may be read only. A mandatory policy
+ will not allow the process to relabel the file, maybe because
+ of a property of the file, a property of the process, or a
+ property of the proposed new label value. For example: a user
+ running at low integrity tries to change the label of a high
+ integrity file. Or perhaps a user running at low integrity
+ tries to change the label of a low integrity file to a high
+ integrity label.</para></footnote> The system administrator
+ may use the following commands to overcome this:</para>
+
+ <screen>&prompt.root; <userinput>setfmac biba/high test</userinput>
+<errorname>Permission denied</errorname>
+&prompt.root; <userinput>setpmac biba/low setfmac biba/high test</userinput>
+&prompt.root; <userinput>getfmac test</userinput>
+test: biba/high</screen>
+
+ <para>As we see above, <command>setpmac</command>
+ can be used to override the policy module's settings by assigning
+ a different label to the invoked process. The
+ <command>getpmac</command> utility is usually used with currently
+ running processes, such as <application>sendmail</application>:
+ although it takes a process ID in place of
+ a command the logic is extremely similar. If users
+ attempt to manipulate a file not in their access, subject to the
+ rules of the loaded policy modules, the
+ <errorname>Operation not permitted</errorname> error
+ will be displayed by the <function>mac_set_link</function>
+ function.</para>
+
+ <sect3>
+ <title>Common Label Types</title>
+
+ <para>For the &man.mac.biba.4;, &man.mac.mls.4; and
+ &man.mac.lomac.4; policy modules, the ability to assign
+ simple labels is provided. These take the form of high,
+ equal and low, what follows is a brief description of
+ what these labels provide:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <literal>low</literal> label is considered the
+ lowest label setting an object or subject may have.
+ Setting this on objects or subjects will block their
+ access to objects or subjects marked high.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>equal</literal> label should only be
+ placed on objects considered to be exempt from the
+ policy.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>high</literal> label grants an object or
+ subject the highest possible setting.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>With respect to each policy module, each of those settings
+ will instate a different information flow directive. Reading
+ the proper manual pages will further explain the traits of
+ these generic label configurations.</para>
+
+ <sect4>
+ <title>Advanced Label Configuration</title>
+
+ <para>Numeric grade numbers used for
+ <literal>comparison:compartment+compartment</literal>; thus
+ the following:</para>
+
+ <programlisting>biba/10:2+3+6(5:2+3-20:2+3+4+5+6)</programlisting>
+
+ <para>May be interpreted as:</para>
+
+ <para><quote>Biba Policy Label</quote>/<quote>Grade 10</quote>
+ :<quote>Compartments 2, 3 and 6</quote>:
+ (<quote>grade 5 ...</quote>)</para>
+
+ <para>In this example, the first grade would be considered
+ the <quote>effective grade</quote> with
+ <quote>effective compartments</quote>, the second grade
+ is the low grade and the last one is the high grade.
+ In most configurations these settings will not be used;
+ indeed, they offered for more advanced
+ configurations.</para>
+
+ <para>When applied to system objects, they will only have a
+ current grade/compartments as opposed to system subjects
+ as they reflect the range of available rights in the system,
+ and network interfaces, where they are used for access
+ control.</para>
+
+ <para>The grade and compartments in a subject and object pair
+ are used to construct a relationship referred to as
+ <quote>dominance</quote>, in which a subject dominates an
+ object, the object dominates the subject, neither dominates
+ the other, or both dominate each other. The
+ <quote>both dominate</quote> case occurs when the two labels
+ are equal. Due to the information flow nature of Biba, you
+ have rights to a set of compartments,
+ <quote>need to know</quote>, that might correspond to
+ projects, but objects also have a set of compartments.
+ Users may have to subset their rights using
+ <command>su</command> or <command>setpmac</command> in order
+ to access objects in a compartment from which they are not
+ restricted.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Users and Label Settings</title>
+
+ <para>Users themselves are required to have labels so that
+ their files and processes may properly interact with the
+ security policy defined on the system. This is
+ configured through the <filename>login.conf</filename> file
+ by use of login classes. Every policy module that uses labels
+ will implement the user class setting.</para>
+
+ <para>An example entry containing every policy module setting is displayed
+ below:</para>
+
+ <programlisting>default:\
+ :copyright=/etc/COPYRIGHT:\
+ :welcome=/etc/motd:\
+ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
+ :path=~/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:\
+ :manpath=/usr/share/man /usr/local/man:\
+ :nologin=/usr/sbin/nologin:\
+ :cputime=1h30m:\
+ :datasize=8M:\
+ :vmemoryuse=100M:\
+ :stacksize=2M:\
+ :memorylocked=4M:\
+ :memoryuse=8M:\
+ :filesize=8M:\
+ :coredumpsize=8M:\
+ :openfiles=24:\
+ :maxproc=32:\
+ :priority=0:\
+ :requirehome:\
+ :passwordtime=91d:\
+ :umask=022:\
+ :ignoretime@:\
+ :label=partition/13,mls/5,biba/10(5-15),lomac10[2]:</programlisting>
+
+ <para>The <literal>label</literal> option is used to set the
+ user class default label which will be enforced by
+ <acronym>MAC</acronym>. Users will never be permitted to
+ modify this value, thus it can be considered not optional
+ in the user case. In a real configuration, however, the
+ administrator will never wish to enable every policy module.
+ It is recommended that the rest of this chapter be reviewed
+ before any of this configuration is implemented.</para>
+
+ <note>
+ <para>Users may change their label after the initial login;
+ however, this change is subject constraints of the policy.
+ The example above tells the Biba policy that a process's
+ minimum integrity is 5, its maximum is 15, but the default
+ effective label is 10. The process will run at 10 until
+ it chooses to change label, perhaps due to the user using
+ the setpmac command, which will be constrained by Biba to
+ the range set at login.</para>
+ </note>
+
+ <para>In all cases, after a change to
+ <filename>login.conf</filename>, the login class capability
+ database must be rebuilt using <command>cap_mkdb</command>
+ and this will be reflected throughout every forthcoming
+ example or discussion.</para>
+
+ <para>It is useful to note that many sites may have a
+ particularly large number of users requiring several
+ different user classes. In depth planning is required
+ as this may get extremely difficult to manage.</para>
+
+ <para>Future versions of &os; will include a new way to
+ deal with mapping users to labels; however, this will
+ not be available until some time after &os;&nbsp;5.3.</para>
+ </sect3>
+
+ <sect3>
+ <title>Network Interfaces and Label Settings</title>
+
+ <para>Labels may also be set on network interfaces to help
+ control the flow of data across the network. In all cases
+ they function in the same way the policies function with
+ respect to objects. Users at high settings in
+ <literal>biba</literal>, for example, will not be permitted
+ to access network interfaces with a label of low.</para>
+
+ <para>The <option>maclabel</option> may be passed to
+ <command>ifconfig</command> when setting the
+ <acronym>MAC</acronym> label on network interfaces. For
+ example:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig bge0 maclabel biba/equal</userinput></screen>
+
+ <para>will set the <acronym>MAC</acronym> label of
+ <literal>biba/equal</literal> on the &man.bge.4; interface.
+ When using a setting similar to
+ <literal>biba/high(low-high)</literal> the entire label should
+ be quoted; otherwise an error will be returned.</para>
+
+ <para>Each policy module which supports labeling has a tunable
+ which may be used to disable the <acronym>MAC</acronym>
+ label on network interfaces. Setting the label to
+ <option>equal</option> will have a similar effect. Review
+ the output from <command>sysctl</command>, the policy manual
+ pages, or even the information found later in this chapter
+ for those tunables.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Singlelabel or Multilabel?</title>
+<!-- Stopped here with my edits -->
+ <para>By default the system will use the
+ <option>singlelabel</option> option. But what does this
+ mean to the administrator? There are several differences
+ which, in their own right, offer pros and cons to the
+ flexibility in the systems security model.</para>
+
+ <para>The <option>singlelabel</option> only permits for one
+ label, for instance <literal>biba/high</literal> to be used
+ for each subject or object. It provides for lower
+ administration overhead but decreases the flexibility of
+ policies which support labeling. Many administrators may
+ want to use the <option>multilabel</option> option in
+ their security policy.</para>
+
+ <para>The <option>multilabel</option> option will permit each
+ subject or object to have its own independent
+ <acronym>MAC</acronym> label in
+ place of the standard <option>singlelabel</option> option
+ which will allow only one label throughout the partition.
+ The <option>multilabel</option> and <option>single</option>
+ label options are only required for the policies which
+ implement the labeling feature, including the Biba, Lomac,
+ <acronym>MLS</acronym> and <acronym>SEBSD</acronym>
+ policies.</para>
+
+ <para>In many cases, the <option>multilabel</option> may not need
+ to be set at all. Consider the following situation and
+ security model:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>&os; web-server using the <acronym>MAC</acronym>
+ framework and a mix of the various policies.</para>
+ </listitem>
+
+ <listitem>
+ <para>This machine only requires one label,
+ <literal>biba/high</literal>, for everything in the system.
+ Here the file system would not require the
+ <option>multilabel</option> option as a single label
+ will always be in effect.</para>
+ </listitem>
+
+ <listitem>
+ <para>But, this machine will be a web server and should have
+ the web server run at <literal>biba/low</literal> to prevent
+ write up capabilities. The Biba policy and how it works
+ will be discussed later, so if the previous comment was
+ difficult to interpret just continue reading and return.
+ The server could use a separate partition set at
+ <literal>biba/low</literal> for most if not all of its
+ runtime state. Much is lacking from this example, for
+ instance the restrictions on data, configuration and user
+ settings; however, this is just a quick example to prove the
+ aforementioned point.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If any of the non-labeling policies are to be used,
+ then the <option>multilabel</option> option would never
+ be required. These include the <literal>seeotheruids</literal>,
+ <literal>portacl</literal> and <literal>partition</literal>
+ policies.</para>
+
+ <para>It should also be noted that using
+ <option>multilabel</option> with a partition and establishing
+ a security model based on <option>multilabel</option>
+ functionality could open the doors for higher administrative
+ overhead as everything in the file system would have a label.
+ This includes directories, files, and even device
+ nodes.</para>
+
+ <para>The following command will set <option>multilabel</option>
+ on the file systems to have multiple labels. This may only be
+ done in single user mode:</para>
+
+ <screen>&prompt.root; <userinput>tunefs -l enable /</userinput></screen>
+
+ <para>This is not a requirement for the swap file
+ system.</para>
+
+ <note>
+ <para>Some users have experienced problems with setting the
+ <option>multilabel</option> flag on the root partition.
+ If this is the case, please review the
+ <xref linkend="mac-troubleshoot"> of this chapter.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Controlling MAC with Tunables</title>
+
+ <para>Without any modules loaded, there are still some parts
+ of <acronym>MAC</acronym> which may be configured using
+ the <command>sysctl</command> interface. These tunables
+ are described below and in all cases the number one (1)
+ means enabled while the number zero (0) means
+ disabled:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.enforce_fs</literal> defaults to
+ one (1) and enforces <acronym>MAC</acronym> file system
+ policies on the file systems.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.enforce_kld</literal> defaults to
+ one (1) and enforces <acronym>MAC</acronym> kernel linking
+ policies on the dynamic kernel linker (see
+ &man.kld.4;).</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.enforce_network</literal> defaults
+ to one (1) and enforces <acronym>MAC</acronym> network
+ policies.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.enforce_pipe</literal> defaults
+ to one (1) and enforces <acronym>MAC</acronym> policies
+ on pipes.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.enforce_process</literal> defaults
+ to one (1) and enforces <acronym>MAC</acronym> policies
+ on processes which utilize inter-process
+ communication.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.enforce_socket</literal> defaults
+ to one (1) and enforces <acronym>MAC</acronym> policies
+ on sockets (see the &man.socket.2; manual page).</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.enforce_system</literal> defaults
+ to one (1) and enforces <acronym>MAC</acronym> policies
+ on system activities such as accounting and
+ rebooting.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.enforce_vm</literal> defaults
+ to one (1) and enforces <acronym>MAC</acronym> policies
+ on the virtual memory system.</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <para>Every policy or <acronym>MAC</acronym> option supports
+ tunables. These usually hang off of the
+ <literal>security.mac.&lt;policyname&gt;</literal> tree.
+ To view all of the tunables from <acronym>MAC</acronym>
+ use the following command:</para>
+
+ <screen>&prompt.root; <userinput>sysctl -da | grep mac</userinput></screen>
+ </note>
+
+ <para>This should be interpreted as all of the basic
+ <acronym>MAC</acronym> policies are enforced by default.
+ If the modules were built into the kernel the system
+ would be extremely locked down and most likely unable to
+ communicate with the local network or connect to the Internet,
+ etc. This is why building the modules into the kernel is not
+ completely recommended. Not because it limits the ability to
+ disable features on the fly with <command>sysctl</command>,
+ but it permits the administrator to instantly switch the
+ policies of a system without the requirement of rebuilding
+ and reinstalling a new system.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-modules">
+ <title>Module Configuration</title>
+
+ <para>Every module included with the <acronym>MAC</acronym>
+ framework may be either compiled into the kernel as noted above
+ or loaded as a run-time kernel module.
+ The recommended method is to add the module name to the
+ <filename>/boot/loader.conf</filename> file so that it will load
+ during the initial boot operation.</para>
+
+ <para>The following sections will discuss the various
+ <acronym>MAC</acronym> modules and cover their features.
+ Implementing them into a specific environment will also
+ be a consideration of this chapter. Some modules support
+ the use of labeling, which is controlling access by enforcing
+ a label such as <quote>this is allowed and this is not</quote>.
+ A label configuration file may control how files may be accessed,
+ network communication can be exchanged, and more. The previous
+ section showed how the <option>multilabel</option> flag could
+ be set on file systems to enable per-file or per-partition
+ access control.</para>
+
+ <para>A single label configuration would enforce only one label
+ across the system, that is why the <command>tunefs</command>
+ option is called <option>multilabel</option>.</para>
+
+ <sect2 id="mac-seeotheruids">
+ <title>The MAC seeotheruids Module</title>
+
+ <indexterm>
+ <primary>MAC See Other UIDs Policy</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_seeotheruids.ko</filename></para>
+
+ <para>Kernel configuration line:
+ <literal>options MAC_SEEOTHERUIDS</literal></para>
+
+ <para>Boot option:
+ <literal>mac_seeotheruids_load="YES"</literal></para>
+
+ <para>The &man.mac.seeotheruids.4; module mimics and extends
+ the <literal>security.bsd.see_other_uids</literal> and
+ <literal>security.bsd.see_other_gids</literal>
+ <command>sysctl</command> tunables. This option does
+ not require any labels to be set before configuration and
+ can operate transparently with the other modules.</para>
+
+ <para>After loading the module, the following
+ <command>sysctl</command> tunables may be used to control
+ the features:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.seeotheruids.enabled</literal>
+ will enable the module's features and use the default
+ settings. These default settings will deny users the
+ ability to view processes and sockets owned by other
+ users.</para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <literal>security.mac.seeotheruids.specificgid_enabled</literal>
+ will allow a certain group to be exempt from this policy.
+ To exempt specific groups from this policy, use the
+ <literal>security.mac.seeotheruids.specificgid=<replaceable>XXX</replaceable></literal>
+ <command>sysctl</command> tunable. In the above example,
+ the <replaceable>XXX</replaceable> should be replaced with the
+ numeric group ID to be exempted.</para>
+ </listitem>
+
+ <listitem>
+ <para>
+ <literal>security.mac.seeotheruids.primarygroup_enabled</literal>
+ is used to exempt specific primary groups from this policy.
+ When using this tunable, the
+ <literal>security.mac.seeotheruids.specificgid_enabled</literal>
+ may not be set.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-bsdextended">
+ <title>The MAC bsdextended Module</title>
+
+ <indexterm>
+ <primary>MAC</primary>
+ <secondary>File System Firewall Policy</secondary>
+ </indexterm>
+ <para>Module name: <filename>mac_bsdextended.ko</filename></para>
+
+ <para>Kernel configuration line:
+ <literal>options MAC_BSDEXTENDED</literal></para>
+
+ <para>Boot option:
+ <literal>mac_bsdextended_load="YES"</literal></para>
+
+ <para>The &man.mac.bsdextended.4; module enforces the file system
+ firewall. This module's policy provides an extension to the
+ standard file system permissions model, permitting an
+ administrator to create a firewall-like ruleset to protect files,
+ utilities, and directories in the file system hierarchy.</para>
+
+ <para>The policy may be created using a utility, &man.ugidfw.8;,
+ that has a syntax similar to that of &man.ipfw.8;. More tools
+ can be written by using the functions in the
+ &man.libugidfw.3; library.</para>
+
+ <para>Extreme caution should be taken when working with this
+ module; incorrect use could block access to certain parts of
+ the file system.</para>
+
+ <sect2>
+ <title>Examples</title>
+
+ <para>After the &man.mac.bsdextended.4; module has
+ been loaded, the following command may be used to list the
+ current rule configuration:</para>
+
+ <screen>&prompt.root; <userinput>ugidfw list</userinput>
+0 slots, 0 rules</screen>
+
+ <para>As expected, there are no rules defined. This means that
+ everything is still completely accessible. To create a rule
+ which will block all access by users but leave
+ <username>root</username> unaffected, simply run the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>ugidfw add subject not uid root new object not uid root mode n</userinput></screen>
+
+ <note>
+ <para>In releases prior to &os;&nbsp;5.3, the
+ <parameter>add</parameter> parameter did not exist. In those
+ cases the <parameter>set</parameter> should be used
+ instead. See below for a command example.</para></note>
+
+ <para>This is a very bad idea as it will block all users from
+ issuing even the most simple commands, such as
+ <command>ls</command>. A more patriotic list of rules
+ might be:</para>
+
+ <screen>&prompt.root; <userinput>ugidfw set 2 subject uid <replaceable>user1</replaceable> object uid <replaceable>user2</replaceable> mode n</userinput>
+&prompt.root; <userinput>ugidfw set 3 subject uid <replaceable>user1</replaceable> object gid <replaceable>user2</replaceable> mode n</userinput></screen>
+
+ <para>This will block any and all access, including directory
+ listings, to <username><replaceable>user2</replaceable></username>'s home
+ directory from the username <username>user1</username>.</para>
+
+ <para>In place of <username>user1</username>, the
+ <option>not uid <replaceable>user2</replaceable></option> could
+ be passed. This will enforce the same access restrictions
+ above for all users in place of just one user.</para>
+
+ <note>
+ <para>The <username>root</username> user will be unaffected
+ by these changes.</para>
+ </note>
+
+ <para>This should give a general idea of how the
+ &man.mac.bsdextended.4; module may be used to help fortify
+ a file system. For more information, see the
+ &man.mac.bsdextended.4; and the &man.ugidfw.8; manual
+ pages.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-ifoff">
+ <title>The MAC ifoff Module</title>
+
+ <indexterm>
+ <primary>MAC Interface Silencing Policy</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_ifoff.ko</filename></para>
+
+ <para>Kernel configuration line:
+ <literal>options MAC_IFOFF</literal></para>
+
+ <para>Boot option: <literal>mac_ifoff_load="YES"</literal></para>
+
+ <para>The &man.mac.ifoff.4; module exists solely to disable network
+ interfaces on the fly and keep network interfaces from being
+ brought up during the initial system boot. It does not require
+ any labels to be set up on the system, nor does it have a
+ dependency on other <acronym>MAC</acronym> modules.</para>
+
+ <para>Most of the control is done through the
+ <command>sysctl</command> tunables listed below.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.ifoff.lo_enabled</literal> will
+ enable/disable all traffic on the loopback (&man.lo.4;)
+ interface.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.ifoff.bpfrecv_enabled</literal> will
+ enable/disable all traffic on the Berkeley Packet Filter
+ interface (&man.bpf.4;)</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.ifoff.other_enabled</literal> will
+ enable/disable traffic on all other interfaces.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>One of the most common uses of &man.mac.ifoff.4; is network
+ monitoring in an environment where network traffic should not
+ be permitted during the boot sequence. Another suggested use
+ would be to write a script which uses
+ <filename role="package">security/aide</filename> to automatically
+ block network traffic if it finds new or altered files in
+ protected directories.</para>
+ </sect1>
+
+ <sect1 id="mac-portacl">
+ <title>The MAC portacl Module</title>
+
+ <indexterm>
+ <primary>MAC Port Access Control List Policy</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_portacl.ko</filename></para>
+
+ <para>Kernel configuration line:
+ <literal>MAC_PORTACL</literal></para>
+
+ <para>Boot option: <literal>mac_portacl_load="YES"</literal></para>
+
+ <para>The &man.mac.portacl.4; module is used to limit binding to
+ local <acronym>TCP</acronym> and <acronym>UDP</acronym> ports
+ using a variety of <command>sysctl</command> variables. In
+ essence &man.mac.portacl.4; makes it possible to allow
+ non-<username>root</username> users to bind to specified
+ privileged ports, i.e. ports fewer than 1024.</para>
+
+ <para>Once loaded, this module will enable the
+ <acronym>MAC</acronym> policy on all sockets. The following
+ tunables are available:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.portacl.enabled</literal> will
+ enable/disable the policy completely.<footnote><para>Due to
+ a bug the <literal>security.mac.portacl.enabled</literal>
+ <command>sysctl</command> variable will not work on
+ &os;&nbsp;5.2.1 or previous releases.</para></footnote></para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.portacl.port_high</literal> will set
+ the highest port number that &man.mac.portacl.4;
+ will enable protection for.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.portacl.suser_exempt</literal> will,
+ when set to a non-zero value, exempt the
+ <username>root</username> user from this policy.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.portacl.rules</literal> will
+ specify the actual mac_portacl policy; see below.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The actual <literal>mac_portacl</literal> policy, as
+ specified in the <literal>security.mac.portacl.rules</literal>
+ sysctl, is a text string of the form:
+ <literal>rule[,rule,...]</literal> with as many rules as
+ needed. Each rule is of the form:
+ <literal>idtype:id:protocol:port</literal>. The
+ <parameter>idtype</parameter> parameter can be
+ <literal>uid</literal> or <literal>gid</literal> and used to
+ interpret the <parameter>id</parameter> parameter as either a
+ user id or group id, respectively. The
+ <parameter>protocol</parameter> parameter is used to determine if
+ the rule should apply to <acronym>TCP</acronym> or
+ <acronym>UDP</acronym> by setting the parameter to
+ <literal>tcp</literal> or <literal>udp</literal>. The final
+ <parameter>port</parameter> parameter is the port number to allow
+ the specified user or group to bind to.</para>
+
+ <note>
+ <para>Since the ruleset is interpreted directly by the kernel
+ only numeric values can be used for the user ID, group ID, and
+ port parameters. I.e. user, group, and port service names
+ cannot be used.</para>
+ </note>
+
+ <para>By default, on &unix;-like systems, ports fewer than 1024
+ can only be used by/bound to privileged processes,
+ i.e. those run as <username>root</username>. For
+ &man.mac.portacl.4; to allow non-privileged processes to bind
+ to ports below 1024 this standard &unix; restriction has to be
+ disabled. This can be accomplished by setting the &man.sysctl.8;
+ variables <literal>net.inet.ip.portrange.reservedlow</literal> and
+ <literal>net.inet.ip.portrange.reservedhigh</literal>
+ to zero.</para>
+
+ <para>See the examples below or review the &man.mac.portacl.4;
+ manual page for further information.</para>
+
+ <sect2>
+ <title>Examples</title>
+
+ <para>The following examples should illuminate the above
+ discussion a little better:</para>
+
+ <screen>&prompt.root; <userinput>sysctl security.mac.portacl.port_high=1023</userinput>
+&prompt.root; <userinput>sysctl net.inet.ip.portrange.reservedlow=0 net.inet.ip.portrange.reservedhigh=0</userinput></screen>
+
+ <para>First we set &man.mac.portacl.4; to cover the standard
+ privileged ports and disable the normal &unix; bind
+ restrictions.</para>
+
+ <screen>&prompt.root; <userinput>sysctl security.mac.portacl.suser_exempt=1</userinput></screen>
+
+ <para>The <username>root</username> user should not be crippled
+ by this policy, thus set the
+ <literal>security.mac.portacl.suser_exempt</literal> to a
+ non-zero value. The &man.mac.portacl.4; module
+ has now been set up to behave the same way &unix;-like systems
+ behave by default.</para>
+
+ <screen>&prompt.root; <userinput>sysctl security.mac.portacl.rules=uid:80:tcp:80</userinput></screen>
+
+ <para>Allow the user with <acronym>UID</acronym> 80 (normally
+ the <username>www</username> user) to bind to port 80.
+ This can be used to allow the <username>www</username>
+ user to run a web server without ever having
+ <username>root</username> privilege.</para>
+
+ <screen>&prompt.root; <userinput>sysctl security.mac.portacl.rules=uid:1001:tcp:110,uid:1001:tcp:995</userinput></screen>
+
+ <para>Permit the user with the <acronym>UID</acronym> of
+ 1001 to bind to the <acronym>TCP</acronym> ports 110
+ (<quote>pop3</quote>) and 995 (<quote>pop3s</quote>).
+ This will permit this user to start a server that accepts
+ connections on ports 110 and 995.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-labelingpolicies">
+ <title>MAC Policies with Labeling Features</title>
+
+ <para>The next few sections will discuss <acronym>MAC</acronym>
+ policies which use labels.</para>
+
+ <para>From here on this chapter will focus on the features
+ of &man.mac.biba.4;, &man.mac.lomac.4;,
+ &man.mac.partition.4;, and &man.mac.mls.4;.</para>
+
+ <note>
+ <para>This is an example configuration only and should not be
+ considered for a production implementation. The goal is
+ to document and show the syntax as well as examples for
+ implementation and testing.</para>
+ </note>
+
+ <para>For these policies to work correctly several
+ preparations must be made.</para>
+
+ <sect2 id="mac-prep">
+ <title>Preparation for Labeling Policies</title>
+
+ <para>The following changes are required in the
+ <filename>login.conf</filename> file:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>An <literal>insecure</literal> class, or another
+ class of similar type, must be
+ added. The login class of <literal>insecure</literal>
+ is not required and just used as an example here; different
+ configurations may use another class name.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>insecure</literal> class should have
+ the following settings and definitions. Several of these
+ can be altered but the line which defines the default
+ label is a requirement and must remain.</para>
+
+ <programlisting>insecure:\
+ :copyright=/etc/COPYRIGHT:\
+ :welcome=/etc/motd:\
+ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
+ :path=~/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:\
+ :manpath=/usr/share/man /usr/local/man:\
+ :nologin=/usr/sbin/nologin:\
+ :cputime=1h30m:\
+ :datasize=8M:\
+ :vmemoryuse=100M:\
+ :stacksize=2M:\
+ :memorylocked=4M:\
+ :memoryuse=8M:\
+ :filesize=8M:\
+ :coredumpsize=8M:\
+ :openfiles=24:\
+ :maxproc=32:\
+ :priority=0:\
+ :requirehome:\
+ :passwordtime=91d:\
+ :umask=022:\
+ :ignoretime@:\
+ :label=partition/13,mls/5,biba/low:</programlisting>
+
+ <para>The &man.cap.mkdb.1; command needs to be ran on
+ &man.login.conf.5; before any of the
+ users can be switched over to the new class.</para>
+
+ <para>The <username>root</username> username should also be placed
+ into a login class; otherwise, almost every command
+ executed by <username>root</username> will require the
+ use of <command>setpmac</command>.</para>
+
+ <warning>
+ <para>Rebuilding the <filename>login.conf</filename>
+ database may cause some errors later with the daemon
+ class. Simply uncommenting the daemon account and
+ rebuilding the database should alleviate these
+ issues.</para>
+ </warning>
+ </listitem>
+
+ <listitem>
+ <para>Ensure that all partitions on which
+ <acronym>MAC</acronym> labeling will be implemented support
+ the <option>multilabel</option>. We must do this because
+ many of the examples here contain different labels for
+ testing purposes. Review the output from the
+ <command>mount</command> command as a precautionary
+ measure.</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch any users who will have the higher security
+ mechanisms enforced over to the new user class. A quick
+ run of &man.pw.8; or &man.vipw.8; should do the
+ trick.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-partition">
+ <title>The MAC partition Module</title>
+
+ <indexterm>
+ <primary>MAC Process Partition Policy</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_partition.ko</filename></para>
+
+ <para>Kernel configuration line:
+ <literal>options MAC_PARTITION</literal></para>
+
+ <para>Boot option:
+ <literal>mac_partition_load="YES"</literal></para>
+
+ <para>The &man.mac.partition.4; policy will drop processes into
+ specific <quote>partitions</quote> based on their
+ <acronym>MAC</acronym> label. Think of it as a special
+ type of &man.jail.8;, though that is hardly a worthy
+ comparison.</para>
+
+ <para>This is one module that should be added to the
+ &man.loader.conf.5; file so that it loads
+ and enables the policy during the boot process.</para>
+
+ <para>Most configuration for this policy is done using
+ the &man.setpmac.8; utility which will be explained below.
+ The following <command>sysctl</command> tunable is
+ available for this policy:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.partition.enabled</literal> will
+ enable the enforcement of <acronym>MAC</acronym> process
+ partitions.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>When this policy is enabled, users will only be permitted
+ to see their processes but will not be permitted to work with
+ certain utilities. For instance, a user in the
+ <literal>insecure</literal> class above will not be permitted
+ to access the <command>top</command> command as well as many
+ other commands that must spawn a process.</para>
+
+ <para>To set or drop utilities into a partition label, use the
+ <command>setpmac</command> utility:</para>
+
+ <screen>&prompt.root; <userinput>setpmac partition/13 top</userinput></screen>
+
+ <para>This will add the <command>top</command> command to the
+ label set on users in the <literal>insecure</literal> class.
+ Note that all processes spawned by users
+ in the <literal>insecure</literal> class will stay in the
+ <literal>partition/13</literal> label.</para>
+
+ <sect2>
+ <title>Examples</title>
+
+ <para>The following command will show you the partition label
+ and the process list:</para>
+
+ <screen>&prompt.root; <userinput>ps Zax</userinput></screen>
+
+ <para>This next command will allow the viewing of another
+ user's process partition label and that user's currently
+ running processes:</para>
+
+ <screen>&prompt.root; <userinput>ps -ZU trhodes</userinput></screen>
+
+ <note>
+ <para>Users can see processes in <username>root</username>'s
+ label unless the &man.mac.seeotheruids.4; policy is
+ loaded.</para>
+ </note>
+
+ <para>A really crafty implementation could have all of the
+ services disabled in <filename>/etc/rc.conf</filename> and
+ started by a script that starts them with the proper
+ labeling set.</para>
+
+ <note>
+ <para>The following policies support integer settings
+ in place of the three default labels offered. These options,
+ including their limitations, are further explained in
+ the module manual pages.</para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-mls">
+ <title>The MAC Multi-Level Security Module</title>
+
+ <indexterm>
+ <primary>MAC Multi-Level Security Policy</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_mls.ko</filename></para>
+
+ <para>Kernel configuration line:
+ <literal>options MAC_MLS</literal></para>
+
+ <para>Boot option: <literal>mac_mls_load="YES"</literal></para>
+
+ <para>The &man.mac.mls.4; policy controls access between subjects
+ and objects in the system by enforcing a strict information
+ flow policy.</para>
+
+ <para>In <acronym>MLS</acronym> environments, a
+ <quote>clearance</quote> level is set in each subject or objects
+ label, along with compartments. Since these clearance or
+ sensibility levels can reach numbers greater than six thousand;
+ it would be a daunting task for any system administrator to
+ thoroughly configure each subject or object. Thankfully, three
+ <quote>instant</quote> labels are already included in this
+ policy.</para>
+
+ <para>These labels are <literal>mls/low</literal>,
+ <literal>mls/equal</literal> and <literal>mls/high</literal>.
+ Since these labels are described in depth in the manual page,
+ they will only get a brief description here:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <literal>mls/low</literal> label contains a low
+ configuration which permits it to be dominated by all other
+ objects. Anything labeled with <literal>mls/low</literal>
+ will have a low clearance level and not be permitted to access
+ information of a higher level. In addition, this label will
+ prevent objects of a higher clearance level from writing or
+ passing information on to them.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>mls/equal</literal> label should be
+ placed on objects considered to be exempt from the
+ policy.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>mls/high</literal> label is the highest level
+ of clearance possible. Objects assigned this label will
+ hold dominance over all other objects in the system; however,
+ they will not permit the leaking of information to objects
+ of a lower class.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><acronym>MLS</acronym> provides for:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>A hierarchical security level with a set of non
+ hierarchical categories;</para>
+ </listitem>
+
+ <listitem>
+ <para>Fixed rules: no read up, no write down (a subject can
+ have read access to objects on its own level or below, but
+ not above. Similarly, a subject can have write access to
+ objects on its own level or above but not beneath.);</para>
+ </listitem>
+
+ <listitem>
+ <para>Secrecy (preventing inappropriate disclosure
+ of data);</para>
+ </listitem>
+
+ <listitem>
+ <para>Basis for the design of systems that concurrently handle
+ data at multiple sensitivity levels (without leaking
+ information between secret and confidential).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following <command>sysctl</command> tunables are
+ available for the configuration of special services and
+ interfaces:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.mls.enabled</literal> is used to
+ enable/disable the <acronym>MLS</acronym> policy.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.mls.ptys_equal</literal> will label
+ all &man.pty.4; devices as <literal>mls/equal</literal> during
+ creation.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.mls.revocation_enabled</literal> is
+ used to revoke access to objects after their label changes
+ to a label of a lower grade.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.mls.max_compartments</literal> is
+ used to set the maximum number of compartment levels with
+ objects; basically the maximum compartment number allowed
+ on a system.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>To manipulate the <acronym>MLS</acronym> labels, the
+ &man.setfmac.8; command has been provided. To assign a label
+ to an object, issue the following command:</para>
+
+ <screen>&prompt.root; <userinput>setfmac mls/5 test</userinput></screen>
+
+ <para>To get the <acronym>MLS</acronym> label for the file
+ <filename>test</filename> issue the following command:</para>
+
+ <screen>&prompt.root; <userinput>getfmac test</userinput></screen>
+
+ <para>This is a summary of the <acronym>MLS</acronym>
+ policy's features. Another approach is to create a master policy
+ file in <filename class="directory">/etc</filename> which
+ specifies the <acronym>MLS</acronym> policy information and to
+ feed that file into the <command>setfmac</command> command. This
+ method will be explained after all policies are covered.</para>
+
+ <para>Observations: an object with lower clearance is unable to
+ observe higher clearance processes. A basic policy would be
+ to enforce <literal>mls/high</literal> on everything not to be
+ read, even if it needs to be written. Enforce
+ <literal>mls/low</literal> on everything not to be written, even
+ if it needs to be read. And finally enforce
+ <literal>mls/equal</literal> on the rest. All users marked
+ <literal>insecure</literal> should be set at
+ <literal>mls/low</literal>.</para>
+ </sect1>
+
+ <sect1 id="mac-biba">
+ <title>The MAC Biba Module</title>
+
+ <indexterm>
+ <primary>MAC Biba Integrity Policy</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_biba.ko</filename></para>
+
+ <para>Kernel configuration line: <literal>options MAC_BIBA</literal></para>
+
+ <para>Boot option: <literal>mac_biba_load="YES"</literal></para>
+
+ <para>The &man.mac.biba.4; module loads the <acronym>MAC</acronym>
+ Biba policy. This policy works much like that of the
+ <acronym>MLS</acronym> policy with the exception that the rules
+ for information flow
+ are slightly reversed. This is said to prevent the downward
+ flow of sensitive information whereas the <acronym>MLS</acronym>
+ policy prevents the upward flow of sensitive information; thus,
+ much of this section can apply to both policies.</para>
+
+ <para>In Biba environments, an <quote>integrity</quote> label is
+ set on each subject or object. These labels are made up of
+ hierarchal grades, and non-hierarchal components. As an object's
+ or subject's grade ascends, so does its integrity.</para>
+
+ <para>Supported labels are <literal>biba/low</literal>,
+ <literal>biba/equal</literal>, and <literal>biba/high</literal>;
+ as explained below:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <literal>biba/low</literal> label is considered the
+ lowest integrity an object or subject may have. Setting
+ this on objects or subjects will block their write access
+ to objects or subjects marked high. They still have read
+ access though.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>biba/equal</literal> label should only be
+ placed on objects considered to be exempt from the
+ policy.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>biba/high</literal> label will permit
+ writing to objects set at a lower label, but not
+ permit reading that object. It is recommended that this
+ label be placed on objects that affect the integrity of
+ the entire system.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Biba provides for:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Hierarchical integrity level with a set of non
+ hierarchical integrity categories;</para>
+ </listitem>
+
+ <listitem>
+ <para>Fixed rules: no write up, no read down (opposite of
+ <acronym>MLS</acronym>). A subject can have write access
+ to objects on its own level or below, but not above. Similarly, a
+ subject can have read access to objects on its own level
+ or above, but not below;</para>
+ </listitem>
+
+ <listitem>
+ <para>Integrity (preventing inappropriate modification of
+ data);</para>
+ </listitem>
+
+ <listitem>
+ <para>Integrity levels (instead of MLS sensitivity
+ levels).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following <command>sysctl</command> tunables can
+ be used to manipulate the Biba policy.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.biba.enabled</literal> may be used
+ to enable/disable enforcement of the Biba policy on the
+ target machine.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.biba.ptys_equal</literal> may be
+ used to disable the Biba policy on &man.pty.4;
+ devices.</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>security.mac.biba.revocation_enabled</literal>
+ will force the revocation of access to objects if the label
+ is changed to dominate the subject.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>To access the Biba policy setting on system objects, use
+ the <command>setfmac</command> and <command>getfmac</command>
+ commands:</para>
+
+ <screen>&prompt.root; <userinput>setfmac biba/low test</userinput>
+&prompt.root; <userinput>getfmac test</userinput>
+test: biba/low</screen>
+
+ <para>Observations: a lower integrity subject is unable to write
+ to a higher integrity subject; a higher integrity subject cannot
+ observe or read a lower integrity object.</para>
+ </sect1>
+
+ <sect1 id="mac-lomac">
+ <title>The MAC LOMAC Module</title>
+
+ <indexterm>
+ <primary>MAC LOMAC</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_lomac.ko</filename></para>
+
+ <para>Kernel configuration line: <literal>options MAC_LOMAC</literal></para>
+ <para>Boot option: <literal>mac_lomac_load="YES"</literal></para>
+
+ <para>Unlike the <acronym>MAC</acronym> Biba policy, the
+ &man.mac.lomac.4; policy permits access to lower integrity
+ objects only after decreasing the integrity level to not disrupt
+ any integrity rules.</para>
+
+ <para>The <acronym>MAC</acronym> version of the Low-watermark
+ integrity policy, not to be confused with the older &man.lomac.4;
+ implementation, works almost identically to Biba, but with the
+ exception of using floating labels to support subject
+ demotion via an auxiliary grade compartment. This secondary
+ compartment takes the form of <literal>[auxgrade]</literal>.
+ When assigning a lomac policy with an auxiliary grade, it
+ should look a little bit like: <literal>lomac/10[2]</literal>
+ where the number two (2) is the auxiliary grade.</para>
+
+ <para>The <acronym>MAC</acronym> LOMAC policy relies on the
+ ubiquitous labeling of all system objects with integrity labels,
+ permitting subjects to read from low integrity objects and then
+ downgrading the label on the subject to prevent future writes to
+ high integrity objects. This is the
+ <literal>[auxgrade]</literal> option discussed above, thus the
+ policy may provide for greater compatibility and require less
+ initial configuration than Biba.</para>
+
+ <sect2>
+ <title>Examples</title>
+
+ <para>Like the Biba and <acronym>MLS</acronym> policies;
+ the <command>setfmac</command> and <command>setpmac</command>
+ utilities may be used to place labels on system objects:</para>
+
+ <screen>&prompt.root; <userinput>setfmac /usr/home/trhodes lomac/high[low]</userinput>
+&prompt.root; <userinput>getfmac /usr/home/trhodes</userinput> lomac/high[low]</screen>
+
+ <para>Notice the auxiliary grade here is <literal>low</literal>,
+ this is a feature provided only by the <acronym>MAC</acronym>
+ LOMAC policy.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mac-implementing">
+ <title>Implementing a Secure Environment with MAC</title>
+
+ <indexterm>
+ <primary>MAC Example Implementation</primary>
+ </indexterm>
+
+ <para>The following demonstration will implement a secure
+ environment using various <acronym>MAC</acronym> modules
+ with properly configured policies. This is only a test and
+ should not be considered the complete answer to everyone's
+ security woes. Just implementing a policy and ignoring it
+ never works and could be disastrous in a production
+ environment.</para>
+
+ <para>Before beginning this process, the
+ <literal>multilabel</literal> option must be set on each file
+ system as stated at the beginning of this chapter. Not doing
+ so will result in errors.</para>
+
+ <sect2>
+ <title>Create an insecure User Class</title>
+
+ <para>Begin the procedure by adding the following user class
+ to the <filename>/etc/login.conf</filename> file:</para>
+
+ <programlisting>insecure:\
+:copyright=/etc/COPYRIGHT:\
+:welcome=/etc/motd:\
+:setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
+:path=~/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+:manpath=/usr/share/man /usr/local/man:\
+:nologin=/usr/sbin/nologin:\
+:cputime=1h30m:\
+:datasize=8M:\
+:vmemoryuse=100M:\
+:stacksize=2M:\
+:memorylocked=4M:\
+:memoryuse=8M:\
+:filesize=8M:\
+:coredumpsize=8M:\
+:openfiles=24:\
+:maxproc=32:\
+:priority=0:\
+:requirehome:\
+:passwordtime=91d:\
+:umask=022:\
+:ignoretime@:\
+:label=partition/13,mls/5:</programlisting>
+
+ <para>And adding the following line to the default user
+ class:</para>
+
+ <programlisting>:label=mls/equal,biba/equal,partition/15:</programlisting>
+
+ <para>Once this is completed, the following command must be
+ issued to rebuild the database:</para>
+
+ <screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Boot with the Correct Modules</title>
+
+ <para>Add the following lines to
+ <filename>/boot/loader.conf</filename> so the required
+ modules will load during system initialization:</para>
+
+ <programlisting>mac_biba_load="YES"
+mac_mls_load="YES"
+mac_seeotheruids_load="YES"
+mac_partition_load="YES"</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>Set All Users to Insecure</title>
+
+ <para>All user accounts that are not <username>root</username>
+ or system users will now require a login class. The login
+ class is required otherwise users will be refused access
+ to common commands such as &man.vi.1;.
+ The following <command>sh</command> script should do the
+ trick:</para>
+
+ <screen>&prompt.root; <userinput>for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' \</userinput>
+ <userinput>/etc/passwd`; do pw usermod $x -L insecure; done;</userinput></screen>
+
+ <para>The <command>cap_mkdb</command> command will need to be
+ run on <filename>/etc/master.passwd</filename> after this
+ change.</para>
+ </sect2>
+
+ <sect2>
+ <title>Complete the Configuration</title>
+
+ <para>A contexts file should now be created; the following
+ example was taken from Robert Watson's example policy and
+ should be placed in
+ <filename>/etc/policy.contexts</filename>.</para>
+
+ <programlisting># This is the default BIBA/MLS policy for this system.
+
+.* biba/high,mls/high
+/sbin/dhclient biba/high(low),mls/high(low)
+/dev(/.*)? biba/equal,mls/equal
+# This is not an exhaustive list of all "privileged" devices.
+/dev/mdctl biba/high,mls/high
+/dev/pci biba/high,mls/high
+/dev/k?mem biba/high,mls/high
+/dev/io biba/high,mls/high
+/dev/agp.* biba/high,mls/high
+(/var)?/tmp(/.*)? biba/equal,mls/equal
+/tmp/\.X11-unix biba/high(equal),mls/high(equal)
+/tmp/\.X11-unix/.* biba/equal,mls/equal
+/proc(/.*)? biba/equal,mls/equal
+/mnt.* biba/low,mls/low
+(/usr)?/home biba/high(low),mls/high(low)
+(/usr)?/home/.* biba/low,mls/low
+/var/mail(/.*)? biba/low,mls/low
+/var/spool/mqueue(/.*)? biba/low,mls/low
+(/mnt)?/cdrom(/.*)? biba/high,mls/high
+(/usr)?/home/(ftp|samba)(/.*)? biba/high,mls/high
+/var/log/sendmail\.st biba/low,mls/low
+/var/run/utmp biba/equal,mls/equal
+/var/log/(lastlog|wtmp) biba/equal,mls/equal</programlisting>
+
+ <para>This policy will enforce security by setting restrictions
+ on both the downward and upward flow of information with
+ regards to the directories and utilities listed on the
+ left.</para>
+
+ <para>This can now be read into our system by issuing the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>setfsmac -ef /etc/policy.contexts /</userinput>
+&prompt.root; <userinput>setfsmac -ef /etc/policy.contexts /usr</userinput></screen>
+
+ <note>
+ <para>The above file system layout may be different depending
+ on environment.</para>
+ </note>
+
+ <para>The <filename>/etc/mac.conf</filename> file requires
+ the following modifications in the main section:</para>
+
+ <programlisting>default_labels file ?biba,?mls
+default_labels ifnet ?biba,?mls
+default_labels process ?biba,?mls,?partition
+default_labels socket ?biba,?mls</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>Testing the Configuration</title>
+
+ <indexterm>
+ <primary>MAC Configuration Testing</primary>
+ </indexterm>
+
+ <para>Add a user with the <command>adduser</command> command
+ and place that user in the <literal>insecure</literal>
+ class for these tests.</para>
+
+ <para>The examples below will show a mix of
+ <username>root</username> and regular user tests; use the
+ prompt to distinguish between the two.</para>
+
+ <sect3>
+ <title>Basic Labeling Tests</title>
+
+ <screen>&prompt.user; <userinput>getpmac</userinput>
+biba/15(15-15),mls/15(15-15),partition/15
+&prompt.root; <userinput>setpmac partition/15,mls/equal top</userinput></screen>
+
+ <note>
+ <para>The top process will be killed before we start
+ another top process.</para>
+ </note>
+ </sect3>
+
+ <sect3>
+ <title>MAC Seeotheruids Tests</title>
+
+ <screen>&prompt.user; <userinput>ps Zax</userinput>
+biba/15(15-15),mls/15(15-15),partition/15 1096 #C: S 0:00.03 -su (bash)
+biba/15(15-15),mls/15(15-15),partition/15 1101 #C: R+ 0:00.01 ps Zax</screen>
+
+ <para>We should not be permitted to see any processes
+ owned by other users.</para>
+ </sect3>
+
+ <sect3>
+ <title>MAC Partition Test</title>
+
+ <para>Disable the <acronym>MAC</acronym>
+ <literal>seeotheruids</literal> policy for the rest of these
+ tests:</para>
+
+ <screen>&prompt.root; <userinput>sysctl security.mac.seeotheruids.enabled=0</userinput>
+&prompt.user; <userinput>ps Zax</userinput>
+LABEL PID TT STAT TIME COMMAND
+ biba/equal(low-high),mls/equal(low-high),partition/15 1122 #C: S+ 0:00.02 top
+ biba/15(15-15),mls/15(15-15),partition/15 1096 #C: S 0:00.05 -su (bash)
+ biba/15(15-15),mls/15(15-15),partition/15 1123 #C: R+ 0:00.01 ps Zax</screen>
+
+ <para>All users should be permitted to see every process in
+ their partition.</para>
+ </sect3>
+
+ <sect3>
+ <title>Testing Biba and MLS Labels</title>
+
+ <screen>&prompt.root; <userinput>setpmac partition/15,mls/equal,biba/high\(high-high\) top</userinput>
+&prompt.user; <userinput>ps Zax</userinput>
+LABEL PID TT STAT TIME COMMAND
+ biba/high(high-high),mls/equal(low-high),partition/15 1251 #C: S+ 0:00.02 top
+ biba/15(15-15),mls/15(15-15),partition/15 1096 #C: S 0:00.06 -su (bash)
+ biba/15(15-15),mls/15(15-15),partition/15 1157 #C: R+ 0:00.00 ps Zax</screen>
+
+ <para>The Biba policy allows us to read higher-labeled
+ objects.</para>
+
+ <screen>&prompt.root; <userinput>setpmac partition/15,mls/equal,biba/low top</userinput>
+&prompt.user; <userinput>ps Zax</userinput>
+LABEL PID TT STAT TIME COMMAND
+ biba/15(15-15),mls/15(15-15),partition/15 1096 #C: S 0:00.07 -su (bash)
+ biba/15(15-15),mls/15(15-15),partition/15 1226 #C: R+ 0:00.01 ps Zax</screen>
+
+ <para>The Biba policy does not allow lower-labeled objects
+ to be read; however, <acronym>MLS</acronym> does.</para>
+
+ <screen>&prompt.user; <userinput>ifconfig bge0 | grep maclabel</userinput>
+maclabel biba/low(low-low),mls/low(low-low)
+&prompt.user; <userinput>ping -c 1 192.0.34.166</userinput>
+PING 192.0.34.166 (192.0.34.166): 56 data bytes
+ping: sendto: Permission denied</screen>
+
+ <para>Users are unable to ping
+ <hostid role="domainname">example.com</hostid>, or any domain
+ for that matter.</para>
+
+ <para>To prevent this error from occurring, run the following
+ command:</para>
+
+ <screen>&prompt.root; <userinput>sysctl security.mac.biba.trust_all_interfaces=1</userinput></screen>
+
+ <para>This sets the default interface label to insecure mode,
+ so the default Biba policy label will not be enforced.</para>
+
+ <screen>&prompt.root; <userinput>ifconfig bge0 maclabel biba/equal\(low-high\),mls/equal\(low-high\)</userinput>
+&prompt.user; <userinput>ping -c 1 192.0.34.166</userinput>
+PING 192.0.34.166 (192.0.34.166): 56 data bytes
+64 bytes from 192.0.34.166: icmp_seq=0 ttl=50 time=204.455 ms
+--- 192.0.34.166 ping statistics ---
+1 packets transmitted, 1 packets received, 0% packet loss
+round-trip min/avg/max/stddev = 204.455/204.455/204.455/0.000 ms</screen>
+
+ <para>By setting a more correct label, we can issue
+ <command>ping</command> requests.</para>
+
+ <para>Now to create a few files for some read and write
+ testing procedures:</para>
+
+ <screen>&prompt.root; <userinput>touch test1 test2 test3 test4 test5</userinput>
+&prompt.root; <userinput>getfmac test1</userinput>
+test1: biba/equal,mls/equal
+&prompt.root; <userinput>setfmac biba/low test1 test2; setfmac biba/high test4 test5; \
+ setfmac mls/low test1 test3; setfmac mls/high test2 test4</userinput>
+&prompt.root; <userinput>setfmac mls/equal,biba/equal test3 && getfmac test?</userinput>
+test1: biba/low,mls/low
+test2: biba/low,mls/high
+test3: biba/equal,mls/equal
+test4: biba/high,mls/high
+test5: biba/high,mls/equal
+&prompt.root; <userinput>chown testuser:testuser test?</userinput></screen>
+
+ <para>All of these files should now be owned by our
+ <username>testuser</username> user. And now for some read
+ tests:</para>
+
+ <screen>&prompt.user; <userinput>ls</userinput>
+test1 test2 test3 test4 test5
+&prompt.user; <userinput>ls test?</userinput>
+ls: test1: Permission denied
+ls: test2: Permission denied
+ls: test4: Permission denied
+test3 test5</screen>
+
+ <para>We should not be permitted to observe pairs; e.g.:
+ <literal>(biba/low,mls/low)</literal>,
+ <literal>(biba/low,mls/high)</literal> and
+ <literal>(biba/high,mls/high)</literal>. And of course,
+ read access should be denied. Now for some write
+ tests:</para>
+
+ <screen>&prompt.user; <userinput>for i in `echo test*`; do echo 1 > $i; done</userinput>
+-su: test1: Permission denied
+-su: test4: Permission denied
+-su: test5: Permission denied</screen>
+
+ <para>Like with the read tests, write access should not be
+ permitted to write pairs; e.g.:
+ <literal>(biba/low,mls/high)</literal> and
+ <literal>(biba/equal,mls/equal)</literal>.</para>
+
+ <screen>&prompt.user; <userinput>cat test?</userinput>
+cat: test1: Permission denied
+cat: test2: Permission denied
+1
+cat: test4: Permission denied</screen>
+
+ <para>And now as <username>root</username>:</para>
+
+ <screen>&prompt.root; <userinput>cat test2</userinput>
+1</screen>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="MAC-examplehttpd">
+ <title>Another Example: Using MAC to Constrain a Web Server</title>
+
+ <para>A separate location for the web data which users
+ must be capable of accessing will be appointed. This
+ will permit <literal>biba/high</literal> processes access
+ rights to the web data.</para>
+
+ <para>Begin by creating a directory to store the web
+ data in:</para>
+
+ <screen>&prompt.root; <userinput>mkdir /usr/home/cvs</userinput></screen>
+
+ <para>Now initialize it with <command>cvs</command>:</para>
+
+ <screen>&prompt.root; <userinput>cvs -d /usr/home/cvs init</userinput></screen>
+
+ <para>The first goal is to enable the <literal>biba</literal>
+ policy, thus the <literal>mac_biba_enable="YES"</literal>
+ should be placed in
+ <filename>/boot/loader.conf</filename>. This assumes
+ that support for <acronym>MAC</acronym> has been enabled
+ in the kernel.</para>
+
+ <para>From this point on everything in the system should
+ be set at <literal>biba/high</literal> by default.</para>
+
+ <para>The following modification must be made to the
+ <filename>login.conf</filename> file, under the default
+ user class:</para>
+
+ <programlisting>:ignoretime@:\
+ :umask=022:\
+ :label=biba/high:</programlisting>
+
+ <para>Every user should now be placed in the default class;
+ a command such as:</para>
+
+ <screen>&prompt.root; <userinput>for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' \</userinput>
+ <userinput>/etc/passwd`; do pw usermod $x -L default; done;</userinput></screen>
+
+ <para>will accomplish this task in a few moments.</para>
+
+ <para>Now create another class, web, a copy of default,
+ with the label setting of <literal>biba/low</literal>.</para>
+
+ <para>Create a user who will be used to work with the
+ main web data stored in a <application>cvs</application>
+ repository. This user must be placed in our new login
+ class, <username>web</username>.</para>
+
+ <para>Since the default is <literal>biba/high</literal>
+ everywhere, the repository will be the same. The web data must
+ also be the same for users to have read/write access to it;
+ however, since our web server will be serving data that
+ <literal>biba/high</literal> users must access, we will need to
+ downgrade the data as a whole.</para>
+
+ <para>The perfect tools for this are &man.sh.1; and
+ &man.cron.8; and are already provided in &os;. The following
+ script should do everything we want:</para>
+
+ <programlisting>PATH=/bin:/usr/bin:/usr/local/bin; export PATH;
+CVSROOT=/home/repo; export CVSROOT;
+cd /home/web;
+cvs -qR checkout -P htdocs;
+exit;</programlisting>
+
+ <note>
+ <para>In many cases the <command>cvs</command>
+ Id tags must be placed into the web
+ site data files.</para>
+ </note>
+
+ <para>This script may now be placed into
+ <username>web</username>'s home directory and the following
+ &man.crontab.1; entry added:</para>
+
+ <programlisting># Check out the web data as biba/low every twelve hours:
+0 */12 * * * web /home/web/checkout.sh</programlisting>
+
+ <para>This will check out the <acronym>HTML</acronym> sources
+ every twelve hours on the machine.</para>
+
+ <para>The default startup method for the web server must also be
+ modified to start the process as <literal>biba/low</literal>.
+ This can be done by making the following modification to the
+ <filename>/usr/local/etc/rc.d/apache.sh</filename>
+ script:</para>
+
+ <programlisting>command="setpmac biba/low /usr/local/sbin/httpd"</programlisting>
+
+ <para>The <application>Apache</application> configuration must be
+ altered to work with the <literal>biba/low</literal> policy. In
+ this case the software must be configured to append to the
+ log files in a directory set at <literal>biba/low</literal>
+ or else <errorname>access denied</errorname> errors will be
+ returned.</para>
+
+ <note>
+ <para>Following this example requires that the
+ <literal>docroot</literal> directive be set to
+ <filename>/home/web/htdocs</filename>; otherwise,
+ <application>Apache</application> will fail when trying
+ to locate the directory to serve documents from.</para>
+ </note>
+
+ <para>Other configuration variables must be altered as well,
+ including the <acronym>PID</acronym> file,
+ <literal>Scoreboardfile</literal>,
+ <literal>DocumentRoot</literal>, log file locations, or any
+ other variable which requires write access.
+ When using <literal>biba</literal>, all write access will be
+ denied to the server in areas <emphasis>not</emphasis> set at
+ <literal>biba/low</literal>.</para>
+<!--
+PROBLEM: CAN THIS WORK? OR SHOULD IT BE start_precmd? More testing need here.
+-->
+ </sect1>
+
+<!--
+XXX
+
+ <sect1 id="mac-examplesandbox">
+ <title>An Example of a MAC Sandbox</title>
+
+ <para>An example of placing users in a sandbox using
+ <acronym>MAC</acronym> should go here.</para>
+ </sect1>
+-->
+
+ <sect1 id="mac-troubleshoot">
+ <title>Troubleshooting the MAC Framework</title>
+
+ <indexterm>
+ <primary>MAC Troubleshooting</primary>
+ </indexterm>
+
+ <para>During the development stage, a few users reported problems
+ with normal configuration. Some of these problems
+ are listed below:</para>
+
+ <sect2>
+ <title>The <option>multilabel</option> option cannot be enabled on
+ <filename>/</filename></title>
+
+ <para>The <option>multilabel</option> flag does not stay
+ enabled on my root (<filename>/</filename>) partition!</para>
+
+
+ <para>It seems that one out of every fifty users has this
+ problem, indeed, we had this problem during our initial
+ configuration. Further observation of this so called
+ <quote>bug</quote> has lead me to believe that it is a
+ result of either incorrect documentation or misinterpretation
+ of the documentation. Regardless of why it happened, the
+ following steps may be taken to resolve it:</para>
+
+ <procedure>
+ <step>
+ <para>Edit <filename>/etc/fstab</filename> and set the root
+ partition at <option>ro</option> for read-only.</para>
+ </step>
+
+ <step>
+ <para>Reboot into single user mode.</para>
+ </step>
+
+ <step>
+ <para>Run <command>tunefs</command> <option>-l enable</option>
+ on <filename>/</filename>.</para>
+ </step>
+
+ <step>
+ <para>Reboot the system into normal mode.</para>
+ </step>
+
+ <step>
+ <para>Run <command>mount</command> <option>-urw</option>
+ <filename>/</filename> and change the <option>ro</option>
+ back to <option>rw</option> in <filename>/etc/fstab</filename>
+ and reboot the system again.</para>
+ </step>
+
+ <step>
+ <para>Double-check the output from the
+ <command>mount</command> to ensure that
+ <option>multilabel</option> has been properly set on the
+ root file system.</para>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2>
+ <title>Cannot start a X11 server after <acronym>MAC</acronym></title>
+
+ <para>After establishing a secure environment with
+ <acronym>MAC</acronym>, I am no longer able to start
+ X!</para>
+
+ <para>This could be caused by the <acronym>MAC</acronym>
+ <literal>partition</literal> policy or by a mislabeling in
+ one of the <acronym>MAC</acronym> labeling policies. To
+ debug, try the following:</para>
+
+ <procedure>
+ <step>
+ <para>Check the error message; if the user is in the
+ <literal>insecure</literal> class, the
+ <literal>partition</literal> policy may be the culprit.
+ Try setting the user's class back to the
+ <literal>default</literal> class and rebuild the database
+ with the <command>cap_mkdb</command> command. If this
+ does not alleviate the problem, go to step two.</para>
+ </step>
+
+ <step>
+ <para>Double-check the label policies. Ensure that the
+ policies are set correctly for the user in question, the
+ X11 application, and
+ the <filename class="directory">/dev</filename>
+ entries.</para>
+ </step>
+
+ <step>
+ <para>If neither of these resolve the problem, send the
+ error message and a description of your environment to
+ the TrustedBSD discussion lists located at the
+ <ulink url="http://www.TrustedBSD.org">TrustedBSD</ulink>
+ website or to the &a.questions;
+ mailing list.</para>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2>
+ <title>Error: &man..secure.path.3; cannot stat <filename>.login_conf</filename></title>
+
+ <para>When I attempt to switch from the <username>root</username>
+ to another user in the system, the error message
+ <errorname>_secure_path: unable to state .login_conf</errorname>.</para>
+
+ <para>This message is usually shown when the user has a higher
+ label setting then that of the user whom they are attempting to
+ become. For instance a user on the system,
+ <username>joe</username>, has a default label of
+ <option>biba/low</option>. The <username>root</username> user,
+ who has a label of <option>biba/high</option>, cannot view
+ <username>joe</username>'s home directory. This will happen
+ regardless if <username>root</username> has used the
+ <command>su</command> command to become <username>joe</username>,
+ or not. In this scenario, the Biba integrity model will not
+ permit <username>root</username> to view objects set at a lower
+ integrity level.</para>
+ </sect2>
+
+ <sect2>
+ <title>The <username>root</username> username is broken!</title>
+
+ <para>In normal or even single user mode, the
+ <username>root</username> is not recognized. The
+ <command>whoami</command> command returns 0 (zero) and
+ <command>su</command> returns <errorname>who are you?</errorname>.
+ What could be going on?</para>
+
+ <para>This can happen if a labeling policy has been disabled,
+ either by a &man.sysctl.8; or the policy module was unloaded.
+ If the policy is being disabled or has been temporarily
+ disabled, then the login capabilities database needs to be
+ reconfigured with the <option>label</option> option being
+ removed. Double check the <filename>login.conf</filename>
+ file to ensure that all <option>label</option> options have
+ been removed and rebuild the database with the
+ <command>cap_mkdb</command> command.</para>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/mail/Makefile b/zh_TW.Big5/books/handbook/mail/Makefile
new file mode 100644
index 0000000000..538dff091f
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/mail/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= mail/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/mail/chapter.sgml b/zh_TW.Big5/books/handbook/mail/chapter.sgml
new file mode 100644
index 0000000000..c85ed1895b
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/mail/chapter.sgml
@@ -0,0 +1,2323 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="mail">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Bill</firstname>
+ <surname>Lloyd</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Rewritten by </contrib>
+ <!-- 2 Dec 1999 -->
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Electronic Mail</title>
+
+ <sect1 id="mail-synopsis">
+ <title>Synopsis</title>
+ <indexterm><primary>email</primary></indexterm>
+
+ <para><quote>Electronic Mail</quote>, better known as email, is one of the
+ most widely used forms of communication today. This chapter provides
+ a basic introduction to running a mail server on &os;, as well as an
+ introduction to sending and receiving email using &os;; however,
+ it is not a complete reference and in fact many important
+ considerations are omitted. For more complete coverage of the
+ subject, the reader is referred to the many excellent books listed
+ in <xref linkend="bibliography">.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>What software components are involved in sending and receiving
+ electronic mail.</para>
+ </listitem>
+
+ <listitem>
+ <para>Where basic <application>sendmail</application> configuration
+ files are located in FreeBSD.</para>
+ </listitem>
+
+ <listitem>
+ <para>The difference between remote and
+ local mailboxes.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to block spammers from illegally using your mail server as a
+ relay.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install and configure an alternate Mail Transfer Agent on
+ your system, replacing <application>sendmail</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to troubleshoot common mail server problems.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use SMTP with UUCP.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up the system to send mail only.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use mail with a dialup connection.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure SMTP Authentication for added security.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install and use a Mail User Agent, such as
+ <application>mutt</application> to send and receive email.</para>
+ </listitem>
+
+ <listitem>
+
+ <para>How to download your mail from a remote <acronym>POP</acronym>
+ or <acronym>IMAP</acronym> server.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to automatically apply filters and rules to incoming
+ email.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Properly set up your network connection
+ (<xref linkend="advanced-networking">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Properly set up the DNS information for your mail host
+ (<xref linkend="network-servers">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Know how to install additional third-party software
+ (<xref linkend="ports">).</para></listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="mail-using">
+ <title>Using Electronic Mail</title>
+ <indexterm><primary>POP</primary></indexterm>
+ <indexterm><primary>IMAP</primary></indexterm>
+ <indexterm><primary>DNS</primary></indexterm>
+
+ <para>There are five major parts involved in an email exchange. They
+ are: <link linkend="mail-mua">the user program</link>, <link
+ linkend="mail-mta">the server daemon</link>, <link
+ linkend="mail-dns">DNS</link>, <link linkend="mail-receive">a
+ remote or local mailbox</link>, and of course, <link linkend="mail-host">the
+ mailhost itself</link>.</para>
+
+ <sect2 id="mail-mua">
+ <title>The User Program</title>
+
+ <para>This includes command line programs such as
+ <application>mutt</application>,
+ <application>pine</application>, <application>elm</application>,
+ and <command>mail</command>, and <acronym>GUI</acronym> programs such as
+ <application>balsa</application>,
+ <application>xfmail</application> to name a few, and something
+ more <quote>sophisticated</quote> like a WWW browser. These
+ programs simply pass off the email transactions to the local
+ <link linkend="mail-host"><quote>mailhost</quote></link>, either
+ by calling one of the <link linkend="mail-mta">server
+ daemons</link> available, or delivering it over <acronym>TCP</acronym>.</para>
+ </sect2>
+
+ <sect2 id="mail-mta">
+ <title>Mailhost Server Daemon</title>
+ <indexterm>
+ <primary>mail server daemons</primary>
+ <secondary><application>sendmail</application></secondary>
+ </indexterm>
+ <indexterm>
+ <primary>mail server daemons</primary>
+ <secondary><application>postfix</application></secondary>
+ </indexterm>
+ <indexterm>
+ <primary>mail server daemons</primary>
+ <secondary><application>qmail</application></secondary>
+ </indexterm>
+ <indexterm>
+ <primary>mail server daemons</primary>
+ <secondary><application>exim</application></secondary>
+ </indexterm>
+
+ <para>&os; ships with <application>sendmail</application> by
+ default, but also support numerous other mail server daemons,
+ just some of which include:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><application>exim</application>;</para>
+ </listitem>
+
+ <listitem>
+ <para><application>postfix</application>;</para>
+ </listitem>
+
+ <listitem>
+ <para><application>qmail</application>.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The server daemon usually has two functions&mdash;it is responsible
+ for receiving incoming mail as well as delivering outgoing mail. It is
+ <emphasis>not</emphasis> responsible for the collection of mail using protocols
+ such as <acronym>POP</acronym> or <acronym>IMAP</acronym> to
+ read your email, nor does it allow connecting to local
+ <filename>mbox</filename> or Maildir mailboxes. You may require
+ an additional <link linkend="mail-receive">daemon</link> for
+ that.</para>
+
+ <warning>
+ <para>Older versions of <application>sendmail</application>
+ have some serious security issues which may result in an
+ attacker gaining local and/or remote access to your machine.
+ Make sure that you are running a current version to avoid
+ these problems. Optionally, install an alternative
+ <acronym>MTA</acronym> from the <link linkend="ports">&os;
+ Ports Collection</link>.</para>
+ </warning>
+ </sect2>
+
+ <sect2 id="mail-dns">
+ <title>Email and DNS</title>
+
+ <para>The Domain Name System (DNS) and its daemon
+ <command>named</command> play a large role in the delivery of
+ email. In order to deliver mail from your site to another, the
+ server daemon will look up the remote site in the DNS to determine the
+ host that will receive mail for the destination. This process
+ also occurs when mail is sent from a remote host to your mail
+ server.</para>
+
+ <indexterm>
+ <primary>MX record</primary>
+ </indexterm>
+
+ <para><acronym>DNS</acronym> is responsible for mapping
+ hostnames to IP addresses, as well as for storing information
+ specific to mail delivery, known as MX records. The MX (Mail
+ eXchanger) record specifies which host, or hosts, will receive
+ mail for a particular domain. If you do not have an MX record
+ for your hostname or domain, the mail will be delivered
+ directly to your host provided you have an A record pointing
+ your hostname to your IP address.</para>
+
+ <para>You may view the MX records for any domain by using the
+ &man.host.1; command, as seen in the example below:</para>
+
+ <screen>&prompt.user; <userinput>host -t mx FreeBSD.org</userinput>
+FreeBSD.org mail is handled (pri=10) by mx1.FreeBSD.org</screen>
+ </sect2>
+
+ <sect2 id="mail-receive">
+ <title>Receiving Mail</title>
+ <indexterm>
+ <primary>email</primary>
+ <secondary>receiving</secondary>
+ </indexterm>
+
+ <para>Receiving mail for your domain is done by the mail host. It
+ will collect all mail sent to your domain and store it
+ either in <filename>mbox</filename> (the default method for storing mail) or Maildir format, depending
+ on your configuration.
+ Once mail has been stored, it may either be read locally using
+ applications such as &man.mail.1; or
+ <application>mutt</application>, or remotely accessed and
+ collected using protocols such as
+ <acronym>POP</acronym> or <acronym>IMAP</acronym>.
+ This means that should you only
+ wish to read mail locally, you are not required to install a
+ <acronym>POP</acronym> or <acronym>IMAP</acronym> server.</para>
+
+ <sect3 id="pop-and-imap">
+ <title>Accessing remote mailboxes using <acronym>POP</acronym> and <acronym>IMAP</acronym></title>
+
+ <indexterm><primary>POP</primary></indexterm>
+ <indexterm><primary>IMAP</primary></indexterm>
+ <para>In order to access mailboxes remotely, you are required to
+ have access to a <acronym>POP</acronym> or <acronym>IMAP</acronym>
+ server. These protocols allow users to connect to their mailboxes from
+ remote locations with ease. Though both
+ <acronym>POP</acronym> and <acronym>IMAP</acronym> allow users
+ to remotely access mailboxes, <acronym>IMAP</acronym> offers
+ many advantages, some of which are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><acronym>IMAP</acronym> can store messages on a remote
+ server as well as fetch them.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>IMAP</acronym> supports concurrent updates.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>IMAP</acronym> can be extremely useful over
+ low-speed links as it allows users to fetch the structure
+ of messages without downloading them; it can also
+ perform tasks such as searching on the server in
+ order to minimize data transfer between clients and
+ servers.</para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>In order to install a <acronym>POP</acronym> or
+ <acronym>IMAP</acronym> server, the following steps should be
+ performed:</para>
+
+ <procedure>
+ <step>
+ <para>Choose an <acronym>IMAP</acronym> or
+ <acronym>POP</acronym> server that best suits your needs.
+ The following <acronym>POP</acronym> and
+ <acronym>IMAP</acronym> servers are well known and serve
+ as some good examples:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><application>qpopper</application>;</para>
+ </listitem>
+
+ <listitem>
+ <para><application>teapop</application>;</para>
+ </listitem>
+
+ <listitem>
+ <para><application>imap-uw</application>;</para>
+ </listitem>
+
+ <listitem>
+ <para><application>courier-imap</application>;</para>
+ </listitem>
+ </itemizedlist>
+
+ </step>
+
+ <step>
+ <para>Install the <acronym>POP</acronym> or
+ <acronym>IMAP</acronym> daemon of your choosing from the
+ ports
+ collection.</para>
+ </step>
+
+ <step>
+ <para>Where required, modify <filename>/etc/inetd.conf</filename>
+ to load the <acronym>POP</acronym> or
+ <acronym>IMAP</acronym> server.</para>
+ </step>
+ </procedure>
+
+ <warning>
+ <para>It should be noted that both <acronym>POP</acronym> and
+ <acronym>IMAP</acronym> transmit information, including
+ username and password credentials in clear-text. This means
+ that if you wish to secure the transmission of information
+ across these protocols, you should consider tunneling
+ sessions over &man.ssh.1;. Tunneling sessions is
+ described in <xref linkend="security-ssh-tunneling">.</para>
+ </warning>
+ </sect3>
+
+ <sect3 id="local">
+ <title>Accessing local mailboxes</title>
+
+ <para>Mailboxes may be accessed locally by directly utilizing
+ <acronym>MUA</acronym>s on the server on which the mailbox
+ resides. This can be done using applications such as
+ <application>mutt</application> or &man.mail.1;.
+ </para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="mail-host">
+ <title>The Mail Host</title>
+ <indexterm><primary>mail host</primary></indexterm>
+
+ <para>The mail host is the name given to a server that is
+ responsible for delivering and receiving mail for your host, and
+ possibly your network.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="sendmail">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Christopher</firstname>
+ <surname>Shumway</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title><application>sendmail</application> Configuration</title>
+
+ <indexterm>
+ <primary><application>sendmail</application></primary>
+ </indexterm>
+
+ <para>&man.sendmail.8; is the default Mail Transfer Agent (MTA) in
+ FreeBSD. <application>sendmail</application>'s job is to accept
+ mail from Mail User Agents (<acronym>MUA</acronym>) and deliver it
+ to the appropriate mailer as defined by its configuration file.
+ <application>sendmail</application> can also accept network
+ connections and deliver mail to local mailboxes or deliver it to
+ another program.</para>
+
+ <para><application>sendmail</application> uses the following
+ configuration files:</para>
+
+ <indexterm>
+ <primary><filename>/etc/mail/access</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/etc/mail/aliases</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/etc/mail/local-host-names</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/etc/mail/mailer.conf</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/etc/mail/mailertable</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/etc/mail/sendmail.cf</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/etc/mail/virtusertable</filename></primary>
+ </indexterm>
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Filename</entry>
+ <entry>Function</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <filename>/etc/mail/access</filename>
+ </entry>
+ <entry><application>sendmail</application> access database
+ file</entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/mail/aliases</filename>
+ </entry>
+ <entry>Mailbox aliases</entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/mail/local-host-names</filename>
+ </entry>
+ <entry>Lists of hosts <application>sendmail</application>
+ accepts mail for</entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/mail/mailer.conf</filename>
+ </entry>
+ <entry>Mailer program configuration</entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/mail/mailertable</filename>
+ </entry>
+ <entry>Mailer delivery table</entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/mail/sendmail.cf</filename>
+ </entry>
+ <entry><application>sendmail</application> master
+ configuration file</entry>
+ </row>
+ <row>
+ <entry>
+ <filename>/etc/mail/virtusertable</filename>
+ </entry>
+ <entry>Virtual users and domain tables</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <sect2>
+ <title><filename>/etc/mail/access</filename></title>
+
+ <para>The access database defines what host(s) or IP addresses
+ have access to the local mail server and what kind of access
+ they have. Hosts can be listed as <option>OK</option>,
+ <option>REJECT</option>, <option>RELAY</option> or simply passed
+ to <application>sendmail</application>'s error handling routine with a given mailer error.
+ Hosts that are listed as <option>OK</option>, which is the
+ default, are allowed to send mail to this host as long as the
+ mail's final destination is the local machine. Hosts that are
+ listed as <option>REJECT</option> are rejected for all mail
+ connections. Hosts that have the <option>RELAY</option> option
+ for their hostname are allowed to send mail for any destination
+ through this mail server.</para>
+
+ <example>
+ <title>Configuring the <application>sendmail</application>
+ Access Database</title>
+
+ <programlisting>cyberspammer.com 550 We do not accept mail from spammers
+FREE.STEALTH.MAILER@ 550 We do not accept mail from spammers
+another.source.of.spam REJECT
+okay.cyberspammer.com OK
+128.32 RELAY</programlisting>
+ </example>
+
+ <para>In this example we have five entries. Mail senders that
+ match the left hand side of the table are affected by the action
+ on the right side of the table. The first two examples give an
+ error code to <application>sendmail</application>'s error
+ handling routine. The message is printed to the remote host when
+ a mail matches the left hand side of the table. The next entry
+ rejects mail from a specific host on the Internet,
+ <hostid>another.source.of.spam</hostid>. The next entry accepts
+ mail connections from a host
+ <hostid role="fqdn">okay.cyberspammer.com</hostid>, which is more exact than
+ the <hostid role="domainname">cyberspammer.com</hostid> line above. More specific
+ matches override less exact matches. The last entry allows
+ relaying of electronic mail from hosts with an IP address that
+ begins with <hostid>128.32</hostid>. These hosts would be able
+ to send mail through this mail server that are destined for other
+ mail servers.</para>
+
+ <para>When this file is updated, you need to run
+ <command>make</command> in <filename>/etc/mail/</filename> to
+ update the database.</para>
+
+ </sect2>
+ <sect2>
+ <title><filename>/etc/mail/aliases</filename></title>
+
+ <para>The aliases database contains a list of virtual mailboxes
+ that are expanded to other user(s), files, programs or other
+ aliases. Here are a few examples that can be used in
+ <filename>/etc/mail/aliases</filename>:</para>
+
+ <example>
+ <title>Mail Aliases</title>
+ <programlisting>root: localuser
+ftp-bugs: joe,eric,paul
+bit.bucket: /dev/null
+procmail: "|/usr/local/bin/procmail"</programlisting>
+ </example>
+
+ <para>The file format is simple; the mailbox name on the left
+ side of the colon is expanded to the target(s) on the right.
+ The
+ first example simply expands the mailbox <username>root</username>
+ to the mailbox <username>localuser</username>, which is then
+ looked up again in the aliases database. If no match is found,
+ then the message is delivered to the local user
+ <username>localuser</username>. The next example shows a mail
+ list. Mail to the mailbox <username>ftp-bugs</username> is
+ expanded to the three local mailboxes <username>joe</username>,
+ <username>eric</username>, and <username>paul</username>. Note
+ that a remote mailbox could be specified as <email>user@example.com</email>. The
+ next example shows writing mail to a file, in this case
+ <filename>/dev/null</filename>. The last example shows sending
+ mail to a program, in this case the mail message is written to the
+ standard input of <filename>/usr/local/bin/procmail</filename>
+ through a &unix; pipe.</para>
+
+ <para>When this file is updated, you need to run
+ <command>make</command> in <filename>/etc/mail/</filename> to
+ update the database.</para>
+ </sect2>
+ <sect2>
+ <title><filename>/etc/mail/local-host-names</filename></title>
+
+ <para>This is a list of hostnames &man.sendmail.8; is to accept as
+ the local host name. Place any domains or hosts that
+ <application>sendmail</application> is to be receiving mail for.
+ For example, if this mail server was to accept mail for the
+ domain <hostid role="domainname">example.com</hostid> and the host
+ <hostid role="fqdn">mail.example.com</hostid>, its
+ <filename>local-host-names</filename> might look something like
+ this:</para>
+
+ <programlisting>example.com
+mail.example.com</programlisting>
+
+ <para>When this file is updated, &man.sendmail.8; needs to be
+ restarted to read the changes.</para>
+
+ </sect2>
+
+ <sect2>
+ <title><filename>/etc/mail/sendmail.cf</filename></title>
+
+ <para><application>sendmail</application>'s master configuration
+ file, <filename>sendmail.cf</filename> controls the overall
+ behavior of <application>sendmail</application>, including everything
+ from rewriting e-mail addresses to printing rejection messages to
+ remote mail servers. Naturally, with such a diverse role, this
+ configuration file is quite complex and its details are a bit
+ out of the scope of this section. Fortunately, this file rarely
+ needs to be changed for standard mail servers.</para>
+
+ <para>The master <application>sendmail</application> configuration
+ file can be built from &man.m4.1; macros that define the features
+ and behavior of <application>sendmail</application>. Please see
+ <filename>/usr/src/contrib/sendmail/cf/README</filename> for
+ some of the details.</para>
+
+ <para>When changes to this file are made,
+ <application>sendmail</application> needs to be restarted for
+ the changes to take effect.</para>
+
+ </sect2>
+ <sect2>
+ <title><filename>/etc/mail/virtusertable</filename></title>
+
+ <para>The <filename>virtusertable</filename> maps mail addresses for
+ virtual domains and
+ mailboxes to real mailboxes. These mailboxes can be local,
+ remote, aliases defined in
+ <filename>/etc/mail/aliases</filename> or files.</para>
+
+ <example>
+ <title>Example Virtual Domain Mail Map</title>
+
+ <programlisting>root@example.com root
+postmaster@example.com postmaster@noc.example.net
+@example.com joe</programlisting>
+ </example>
+
+ <para>In the above example, we have a mapping for a domain
+ <hostid role="domainname">example.com</hostid>. This file is processed in a
+ first match order down the file. The first item maps
+ <email>root@example.com</email> to the local mailbox <username>root</username>. The next entry maps
+ <email>postmaster@example.com</email> to the mailbox <username>postmaster</username> on the host
+ <hostid role="fqdn">noc.example.net</hostid>. Finally, if nothing from <hostid role="domainname">example.com</hostid> has
+ matched so far, it will match the last mapping, which matches
+ every other mail message addressed to someone at
+ <hostid role="domainname">example.com</hostid>.
+ This will be mapped to the local mailbox <username>joe</username>.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="mail-changingmta">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Andrew</firstname>
+ <surname>Boothman</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Gregory</firstname>
+ <surname>Neil Shapiro</surname>
+ <contrib>Information taken from e-mails written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Changing Your Mail Transfer Agent</title>
+ <indexterm>
+ <primary>email</primary>
+ <secondary>change mta</secondary>
+ </indexterm>
+
+ <para>As already mentioned, FreeBSD comes with
+ <application>sendmail</application> already installed as your
+ MTA (Mail Transfer Agent). Therefore by default it is
+ in charge of your outgoing and incoming mail.</para>
+
+ <para>However, for a variety of reasons, some system
+ administrators want to change their system's MTA. These
+ reasons range from simply wanting to try out another MTA to
+ needing a specific feature or package which relies on another
+ mailer. Fortunately, whatever the reason, FreeBSD makes it
+ easy to make the change.</para>
+
+ <sect2>
+ <title>Install a New MTA</title>
+
+ <para>You have a wide choice of MTAs available. A good
+ starting point is the
+ <link linkend="ports">FreeBSD Ports Collection</link> where
+ you will be able to find many. Of course you are free to use
+ any MTA you want from any location, as long as you can make
+ it run under FreeBSD.</para>
+
+ <para>Start by installing your new MTA. Once it is installed
+ it gives you a chance to decide if it really fulfills your
+ needs, and also gives you the opportunity to configure your
+ new software before getting it to take over from
+ <application>sendmail</application>. When doing this, you
+ should be sure that installing the new software will not attempt
+ to overwrite system binaries such as
+ <filename>/usr/bin/sendmail</filename>. Otherwise, your new
+ mail software has essentially been put into service before
+ you have configured it.</para>
+
+ <para>Please refer to your chosen MTA's documentation for
+ information on how to configure the software you have
+ chosen.</para>
+ </sect2>
+
+ <sect2 id="mail-disable-sendmail">
+ <title>Disable <application>sendmail</application></title>
+
+ <para>The procedure used to start
+ <application>sendmail</application> changed significantly
+ between 4.5-RELEASE, 4.6-RELEASE, and later releases.
+ Therefore, the procedure used to disable it is subtly
+ different.</para>
+
+ <warning>
+ <para>If you disable <application>sendmail</application>'s
+ outgoing mail service, it is important that you replace it
+ with an alternative mail delivery system. If
+ you choose not to, system functions such as &man.periodic.8;
+ will be unable to deliver their results by e-mail as they
+ would normally expect to. Many parts of your system may
+ expect to have a functional
+ <application>sendmail</application>-compatible system. If
+ applications continue to use
+ <application>sendmail</application>'s binaries to try to send
+ e-mail after you have disabled them, mail could go into an
+ inactive <application>sendmail</application> queue, and
+ never be delivered.</para>
+ </warning>
+
+ <sect3>
+ <title>FreeBSD 4.5-STABLE before 2002/4/4 and Earlier
+ (Including 4.5-RELEASE and Earlier)</title>
+
+ <para>Enter:</para>
+
+ <programlisting>sendmail_enable="NO"</programlisting>
+
+ <para>into <filename>/etc/rc.conf</filename>. This will disable
+ <application>sendmail</application>'s incoming mail service,
+ but if <filename>/etc/mail/mailer.conf</filename> (see below)
+ is not changed, <application>sendmail</application> will
+ still be used to send e-mail.</para>
+ </sect3>
+
+ <sect3>
+ <title>FreeBSD 4.5-STABLE after 2002/4/4
+ (Including 4.6-RELEASE and Later)</title>
+
+ <para>In order to completely disable
+ <application>sendmail</application>, including the outgoing
+ mail service, you must use</para>
+
+ <programlisting>sendmail_enable="NONE"</programlisting>
+
+ <para>in <filename>/etc/rc.conf.</filename></para>
+
+ <para>If you only want to disable
+ <application>sendmail</application>'s incoming mail service,
+ you should set</para>
+
+ <programlisting>sendmail_enable="NO"</programlisting>
+
+ <para>in <filename>/etc/rc.conf</filename>. However, if
+ incoming mail is disabled, local delivery will still
+ function. More information on
+ <application>sendmail</application>'s startup options is
+ available from the &man.rc.sendmail.8; manual page.</para>
+ </sect3>
+
+ <sect3>
+ <title>FreeBSD 5.0-STABLE and Later</title>
+
+ <para>In order to completely disable
+ <application>sendmail</application>, including the outgoing
+ mail service, you must use</para>
+
+ <programlisting>sendmail_enable="NO"
+sendmail_submit_enable="NO"
+sendmail_outbound_enable="NO"
+sendmail_msp_queue_enable="NO"</programlisting>
+
+ <para>in <filename>/etc/rc.conf.</filename></para>
+
+ <para>If you only want to disable
+ <application>sendmail</application>'s incoming mail service,
+ you should set</para>
+
+ <programlisting>sendmail_enable="NO"</programlisting>
+
+ <para>in <filename>/etc/rc.conf</filename>. More information on
+ <application>sendmail</application>'s startup options is
+ available from the &man.rc.sendmail.8; manual page.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Running Your New MTA on Boot</title>
+
+ <para>You may have a choice of two methods for running your
+ new MTA on boot, again depending on what version of FreeBSD
+ you are running.</para>
+
+ <sect3>
+ <title>FreeBSD 4.5-STABLE before 2002/4/11
+ (Including 4.5-RELEASE and Earlier)</title>
+
+ <para>Add a script to
+ <filename>/usr/local/etc/rc.d/</filename> that
+ ends in <filename>.sh</filename> and is executable by
+ <username>root</username>. The script should accept <literal>start</literal> and
+ <literal>stop</literal> parameters. At startup time the
+ system scripts will execute the command</para>
+
+ <programlisting>/usr/local/etc/rc.d/supermailer.sh start</programlisting>
+
+ <para>which you can also use to manually start the server. At
+ shutdown time, the system scripts will use the
+ <literal>stop</literal> option, running the command</para>
+
+ <programlisting>/usr/local/etc/rc.d/supermailer.sh stop</programlisting>
+
+ <para>which you can also use to manually stop the server
+ while the system is running.</para>
+
+ </sect3>
+
+ <sect3>
+ <title>FreeBSD 4.5-STABLE after 2002/4/11
+ (Including 4.6-RELEASE and Later)</title>
+
+ <para>With later versions of FreeBSD, you can use the
+ above method or you can set</para>
+
+ <programlisting>mta_start_script="filename"</programlisting>
+
+ <para>in <filename>/etc/rc.conf</filename>, where
+ <replaceable>filename</replaceable> is the name of some
+ script that you want executed at boot to start your
+ MTA.</para>
+ </sect3>
+
+ </sect2>
+
+ <sect2>
+ <title>Replacing <application>sendmail</application> as
+ the System's Default Mailer</title>
+
+ <para>The program <application>sendmail</application> is so ubiquitous
+ as standard software on &unix; systems that some software
+ just assumes it is already installed and configured.
+ For this reason, many alternative MTA's provide their own compatible
+ implementations of the <application>sendmail</application>
+ command-line interface; this facilitates using them as
+ <quote>drop-in</quote> replacements for <application>sendmail</application>.</para>
+
+ <para>Therefore, if you are using an alternative mailer,
+ you will need to make sure that software trying to execute
+ standard <application>sendmail</application> binaries such as
+ <filename>/usr/bin/sendmail</filename> actually executes
+ your chosen mailer instead. Fortunately, FreeBSD provides
+ a system called &man.mailwrapper.8; that does this job for
+ you.</para>
+
+ <para>When <application>sendmail</application> is operating as installed, you will
+ find something like the following
+ in <filename>/etc/mail/mailer.conf</filename>:</para>
+
+<programlisting>sendmail /usr/libexec/sendmail/sendmail
+send-mail /usr/libexec/sendmail/sendmail
+mailq /usr/libexec/sendmail/sendmail
+newaliases /usr/libexec/sendmail/sendmail
+hoststat /usr/libexec/sendmail/sendmail
+purgestat /usr/libexec/sendmail/sendmail</programlisting>
+
+ <para>This means that when any of these common commands
+ (such as <filename>sendmail</filename> itself) are run,
+ the system actually invokes a copy of mailwrapper named <filename>sendmail</filename>, which
+ checks <filename>mailer.conf</filename> and
+ executes <filename>/usr/libexec/sendmail/sendmail</filename>
+ instead. This system makes it easy to change what binaries
+ are actually executed when these default <filename>sendmail</filename> functions
+ are invoked.</para>
+
+ <para>Therefore if you wanted
+ <filename>/usr/local/supermailer/bin/sendmail-compat</filename>
+ to be run instead of <application>sendmail</application>, you could change
+ <filename>/etc/mail/mailer.conf</filename> to read:</para>
+
+<programlisting>sendmail /usr/local/supermailer/bin/sendmail-compat
+send-mail /usr/local/supermailer/bin/sendmail-compat
+mailq /usr/local/supermailer/bin/mailq-compat
+newaliases /usr/local/supermailer/bin/newaliases-compat
+hoststat /usr/local/supermailer/bin/hoststat-compat
+purgestat /usr/local/supermailer/bin/purgestat-compat</programlisting>
+
+ </sect2>
+
+ <sect2>
+ <title>Finishing</title>
+
+ <para>Once you have everything configured the way you want it, you should
+ either kill the <application>sendmail</application> processes that
+ you no longer need and start the processes belonging to your new
+ software, or simply reboot. Rebooting will also
+ give you the opportunity to ensure that you have correctly
+ configured your system to start your new MTA automatically on boot.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="mail-trouble">
+ <title>Troubleshooting</title>
+ <indexterm>
+ <primary>email</primary>
+ <secondary>troubleshooting</secondary>
+ </indexterm>
+
+ <qandaset>
+ <qandaentry>
+ <question>
+ <para>Why do I have to use the FQDN for hosts on my site?</para>
+ </question>
+
+ <answer>
+ <para>You will probably find that the host is actually in a
+ different domain; for example, if you are in
+ <hostid role="fqdn">foo.bar.edu</hostid> and you wish to reach
+ a host called <hostid>mumble</hostid> in the <hostid
+ role="domainname">bar.edu</hostid> domain, you will have to
+ refer to it by the fully-qualified domain name, <hostid
+ role="fqdn">mumble.bar.edu</hostid>, instead of just
+ <hostid>mumble</hostid>.</para>
+
+ <indexterm><primary>BIND</primary></indexterm>
+ <para>Traditionally, this was allowed by BSD BIND resolvers.
+ However the current version of <application>BIND</application>
+ that ships with FreeBSD no longer provides default abbreviations
+ for non-fully qualified domain names other than the domain you
+ are in. So an unqualified host <hostid>mumble</hostid> must
+ either be found as <hostid
+ role="fqdn">mumble.foo.bar.edu</hostid>, or it will be searched
+ for in the root domain.</para>
+
+ <para>This is different from the previous behavior, where the
+ search continued across <hostid
+ role="domainname">mumble.bar.edu</hostid>, and <hostid
+ role="domainname">mumble.edu</hostid>. Have a look at RFC 1535
+ for why this was considered bad practice, or even a security
+ hole.</para>
+
+ <para>As a good workaround, you can place the line:
+
+ <programlisting>search foo.bar.edu bar.edu</programlisting>
+
+ instead of the previous:
+
+ <programlisting>domain foo.bar.edu</programlisting>
+
+ into your <filename>/etc/resolv.conf</filename>. However, make
+ sure that the search order does not go beyond the
+ <quote>boundary between local and public administration</quote>,
+ as RFC 1535 calls it.</para>
+ </answer>
+ </qandaentry>
+
+ <indexterm>
+ <primary>MX record</primary>
+ </indexterm>
+
+ <qandaentry>
+ <question>
+ <para><application>sendmail</application> says <errorname>mail
+ loops back to myself</errorname></para>
+ </question>
+
+ <answer>
+ <para>This is answered in the
+ <application>sendmail</application> FAQ as follows:</para>
+
+ <programlisting>I'm getting these error messages:
+
+553 MX list for domain.net points back to relay.domain.net
+554 &lt;user@domain.net&gt;... Local configuration error
+
+How can I solve this problem?
+
+You have asked mail to the domain (e.g., domain.net) to be
+forwarded to a specific host (in this case, relay.domain.net)
+by using an MX record, but the relay machine does not recognize
+itself as domain.net. Add domain.net to /etc/mail/local-host-names
+[known as /etc/sendmail.cw prior to version 8.10]
+(if you are using FEATURE(use_cw_file)) or add <quote>Cw domain.net</quote>
+to /etc/mail/sendmail.cf.</programlisting>
+
+ <para>The <application>sendmail</application> FAQ can be found at
+ <ulink url="http://www.sendmail.org/faq/"></ulink> and is
+ recommended reading if you want to do any
+ <quote>tweaking</quote> of your mail setup.</para>
+ </answer>
+ </qandaentry>
+
+ <indexterm><primary>PPP</primary></indexterm>
+ <qandaentry>
+ <question>
+ <para>How can I run a mail server on a dial-up PPP host?</para>
+ </question>
+
+ <answer>
+ <para>You want to connect a FreeBSD box on a LAN to the
+ Internet. The FreeBSD box will be a mail gateway for the LAN.
+ The PPP connection is non-dedicated.</para>
+
+ <indexterm><primary>UUCP</primary></indexterm>
+ <indexterm>
+ <primary>MX record</primary>
+ </indexterm>
+
+ <para>There are at least two ways to do this. One way is to use
+ UUCP.</para>
+
+ <para>Another way is to get a full-time Internet server to provide secondary MX
+ services for your domain. For example, if your company's domain is
+ <hostid role="domainname">example.com</hostid> and your Internet service provider has
+ set <hostid role="domainname">example.net</hostid> up to provide secondary MX services
+ to your domain:</para>
+
+ <programlisting>example.com. MX 10 example.com.
+ MX 20 example.net.</programlisting>
+
+ <para>Only one host should be specified as the final recipient
+ (add <literal>Cw example.com</literal> in
+ <filename>/etc/mail/sendmail.cf</filename> on <hostid role="domainname">example.com</hostid>).</para>
+
+ <para>When the sending <command>sendmail</command> is trying to
+ deliver the mail it will try to connect to you (<hostid role="domainname">example.com</hostid>) over the modem
+ link. It will most likely time out because you are not online.
+ The program <application>sendmail</application> will automatically deliver it to the
+ secondary MX site, i.e. your Internet provider (<hostid role="domainname">example.net</hostid>). The secondary MX
+ site will then periodically try to connect to
+ your host and deliver the mail to the primary MX host (<hostid role="domainname">example.com</hostid>).</para>
+
+ <para>You might want to use something like this as a login
+ script:</para>
+
+ <programlisting>#!/bin/sh
+# Put me in /usr/local/bin/pppmyisp
+( sleep 60 ; /usr/sbin/sendmail -q ) &amp;
+/usr/sbin/ppp -direct pppmyisp</programlisting>
+
+ <para>If you are going to create a separate login script for a
+ user you could use <command>sendmail -qRexample.com</command>
+ instead in the script above. This will force all mail in your
+ queue for <hostid role="domainname">example.com</hostid> to be processed immediately.</para>
+
+ <para>A further refinement of the situation is as follows:</para>
+
+ <para>Message stolen from the &a.isp;.</para>
+
+ <programlisting>&gt; we provide the secondary MX for a customer. The customer connects to
+&gt; our services several times a day automatically to get the mails to
+&gt; his primary MX (We do not call his site when a mail for his domains
+&gt; arrived). Our sendmail sends the mailqueue every 30 minutes. At the
+&gt; moment he has to stay 30 minutes online to be sure that all mail is
+&gt; gone to the primary MX.
+&gt;
+&gt; Is there a command that would initiate sendmail to send all the mails
+&gt; now? The user has not root-privileges on our machine of course.
+
+In the <quote>privacy flags</quote> section of sendmail.cf, there is a
+definition Opgoaway,restrictqrun
+
+Remove restrictqrun to allow non-root users to start the queue processing.
+You might also like to rearrange the MXs. We are the 1st MX for our
+customers like this, and we have defined:
+
+# If we are the best MX for a host, try directly instead of generating
+# local config error.
+OwTrue
+
+That way a remote site will deliver straight to you, without trying
+the customer connection. You then send to your customer. Only works for
+<quote>hosts</quote>, so you need to get your customer to name their mail
+machine <quote>customer.com</quote> as well as
+<quote>hostname.customer.com</quote> in the DNS. Just put an A record in
+the DNS for <quote>customer.com</quote>.</programlisting>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>Why do I keep getting <errorname>Relaying
+ Denied</errorname> errors when sending mail from other
+ hosts?</para>
+ </question>
+
+ <answer>
+ <para>In default FreeBSD installations,
+ <application>sendmail</application> is configured to only
+ send mail from the host it is running on. For example, if
+ a <acronym>POP</acronym> server is available, then users
+ will be able to check mail from school, work, or other
+ remote locations but they still will not be able to send
+ outgoing emails from outside locations. Typically, a few
+ moments after the attempt, an email will be sent from
+ <application>MAILER-DAEMON</application> with a
+ <errorname>5.7 Relaying Denied</errorname> error
+ message.</para>
+
+ <para>There are several ways to get around this. The most
+ straightforward solution is to put your ISP's address in
+ a relay-domains file at
+ <filename>/etc/mail/relay-domains</filename>. A quick way
+ to do this would be:</para>
+
+ <screen>&prompt.root; <userinput>echo "your.isp.example.com" &gt; /etc/mail/relay-domains</userinput></screen>
+
+ <para>After creating or editing this file you must restart
+ <application>sendmail</application>. This works great if
+ you are a server administrator and do not wish to send mail
+ locally, or would like to use a point and click
+ client/system on another machine or even another ISP. It
+ is also very useful if you only have one or two email
+ accounts set up. If there is a large number of addresses
+ to add, you can simply open this file in your favorite
+ text editor and then add the domains, one per line:</para>
+
+ <programlisting>your.isp.example.com
+other.isp.example.net
+users-isp.example.org
+www.example.org</programlisting>
+
+ <para>Now any mail sent through your system, by any host in
+ this list (provided the user has an account on your
+ system), will succeed. This is a very nice way to allow
+ users to send mail from your system remotely without
+ allowing people to send SPAM through your system.</para>
+
+ </answer>
+ </qandaentry>
+ </qandaset>
+ </sect1>
+
+ <sect1 id="mail-advanced">
+ <title>Advanced Topics</title>
+
+ <para>The following section covers more involved topics such as mail
+ configuration and setting up mail for your entire domain.</para>
+
+ <sect2 id="mail-config">
+ <title>Basic Configuration</title>
+ <indexterm>
+ <primary>email</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+
+ <para>Out of the box, you should be able to send email to external
+ hosts as long as you have set up
+ <filename>/etc/resolv.conf</filename> or are running your own
+ name server. If you would like to have mail for your host
+ delivered to the MTA (e.g., <application>sendmail</application>) on your own FreeBSD host, there are two methods:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Run your own name server and have your own domain. For
+ example, <hostid
+ role="domainname">FreeBSD.org</hostid></para>
+ </listitem>
+
+ <listitem>
+ <para>Get mail delivered directly to your host. This is done by
+ delivering mail directly to the current DNS name for your
+ machine. For example, <hostid
+ role="fqdn">example.FreeBSD.org</hostid>.</para>
+ </listitem>
+ </itemizedlist>
+
+ <indexterm><primary>SMTP</primary></indexterm>
+ <para>Regardless of which of the above you choose, in order to have
+ mail delivered directly to your host, it must have a permanent
+ static IP address (not a dynamic address, as with most PPP dial-up configurations). If you are behind a
+ firewall, it must pass SMTP traffic on to you. If you want to
+ receive mail directly at your host, you need to be sure of either of two
+ things:</para>
+
+ <itemizedlist>
+ <indexterm><primary>MX record</primary></indexterm>
+ <listitem>
+ <para>Make sure that the (lowest-numbered) MX record in your DNS points to your
+ host's IP address.</para>
+ </listitem>
+
+ <listitem>
+ <para>Make sure there is no MX entry in your DNS for your
+ host.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Either of the above will allow you to receive mail directly at
+ your host.</para>
+
+ <para>Try this:</para>
+
+ <screen>&prompt.root; <userinput>hostname</userinput>
+example.FreeBSD.org
+&prompt.root; <userinput>host example.FreeBSD.org</userinput>
+example.FreeBSD.org has address 204.216.27.XX</screen>
+
+ <para>If that is what you see, mail directly to
+ <email role="nolink">yourlogin@example.FreeBSD.org</email> should work without
+ problems (assuming <application>sendmail</application> is
+ running correctly on <hostid role="fqdn">example.FreeBSD.org</hostid>).</para>
+
+ <para>If instead you see something like this:</para>
+
+ <screen>&prompt.root; <userinput>host example.FreeBSD.org</userinput>
+example.FreeBSD.org has address 204.216.27.XX
+example.FreeBSD.org mail is handled (pri=10) by hub.FreeBSD.org</screen>
+
+ <para>All mail sent to your host (<hostid
+ role="fqdn">example.FreeBSD.org</hostid>) will end up being
+ collected on <hostid>hub</hostid> under the same username instead
+ of being sent directly to your host.</para>
+
+ <para>The above information is handled by your DNS server. The DNS
+ record that carries mail routing information is the
+ <emphasis>M</emphasis>ail e<emphasis>X</emphasis>change entry. If
+ no MX record exists, mail will be delivered directly to the host by
+ way of its IP address.</para>
+
+ <para>The MX entry for <hostid
+ role="fqdn">freefall.FreeBSD.org</hostid> at one time looked like
+ this:</para>
+
+ <programlisting>freefall MX 30 mail.crl.net
+freefall MX 40 agora.rdrop.com
+freefall MX 10 freefall.FreeBSD.org
+freefall MX 20 who.cdrom.com</programlisting>
+
+ <para>As you can see, <hostid>freefall</hostid> had many MX entries.
+ The lowest MX number is the host that receives mail directly if
+ available; if it is not accessible for some reason, the others
+ (sometimes called <quote>backup MXes</quote>) accept messages
+ temporarily, and pass it along when a lower-numbered host becomes
+ available, eventually to the lowest-numbered host.</para>
+
+ <para>Alternate MX sites should have separate Internet connections
+ from your own in order to be most useful. Your ISP or another
+ friendly site should have no problem providing this service for
+ you.</para>
+ </sect2>
+
+ <sect2 id="mail-domain">
+ <title>Mail for Your Domain</title>
+
+ <para>In order to set up a <quote>mailhost</quote> (a.k.a. mail
+ server) you need to have any mail sent to various workstations
+ directed to it. Basically, you want to <quote>claim</quote> any
+ mail for any hostname in your domain (in this case <hostid
+ role="fqdn">*.FreeBSD.org</hostid>) and divert it to your mail
+ server so your users can receive their mail on
+ the master mail server.</para>
+
+ <indexterm><primary>DNS</primary></indexterm>
+ <para>To make life easiest, a user account with the same
+ <emphasis>username</emphasis> should exist on both machines. Use
+ &man.adduser.8; to do this.</para>
+
+ <para>The mailhost you will be using must be the designated mail
+ exchanger for each workstation on the network. This is done in
+ your DNS configuration like so:</para>
+
+ <programlisting>example.FreeBSD.org A 204.216.27.XX ; Workstation
+ MX 10 hub.FreeBSD.org ; Mailhost</programlisting>
+
+ <para>This will redirect mail for the workstation to the mailhost no
+ matter where the A record points. The mail is sent to the MX
+ host.</para>
+
+ <para>You cannot do this yourself unless you are running a DNS
+ server. If you are not, or cannot run your own DNS server, talk
+ to your ISP or whoever provides your DNS.</para>
+
+ <para>If you are doing virtual email hosting, the following
+ information will come in handy. For this example, we
+ will assume you have a customer with his own domain, in this
+ case <hostid role="domainname">customer1.org</hostid>, and you want
+ all the mail for <hostid role="domainname">customer1.org</hostid>
+ sent to your mailhost, <hostid
+ role="fqdn">mail.myhost.com</hostid>. The entry in your DNS
+ should look like this:</para>
+
+ <programlisting>customer1.org MX 10 mail.myhost.com</programlisting>
+
+ <para>You do <emphasis>not</emphasis> need an A record for <hostid role="domainname">customer1.org</hostid> if you only
+ want to handle email for that domain.</para>
+
+ <note>
+ <para>Be aware that pinging <hostid
+ role="domainname">customer1.org</hostid> will not work unless
+ an A record exists for it.</para>
+ </note>
+
+ <para>The last thing that you must do is tell
+ <application>sendmail</application> on your mailhost what domains
+ and/or hostnames it should be accepting mail for. There are a few
+ different ways this can be done. Either of the following will
+ work:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Add the hosts to your
+ <filename>/etc/mail/local-host-names</filename> file if you are using the
+ <literal>FEATURE(use_cw_file)</literal>. If you are using
+ a version of <application>sendmail</application> earlier than 8.10, the file is
+ <filename>/etc/sendmail.cw</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Add a <literal>Cwyour.host.com</literal> line to your
+ <filename>/etc/sendmail.cf</filename> or
+ <filename>/etc/mail/sendmail.cf</filename> if you are using
+ <application>sendmail</application> 8.10 or higher.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="SMTP-UUCP">
+ <title>SMTP with UUCP</title>
+
+ <para>The <application>sendmail</application> configuration that ships with FreeBSD is
+ designed for sites that connect directly to the Internet. Sites
+ that wish to exchange their mail via UUCP must install another
+ <application>sendmail</application> configuration file.</para>
+
+ <para>Tweaking <filename>/etc/mail/sendmail.cf</filename> manually
+ is an advanced topic. <application>sendmail</application> version 8 generates config files
+ via &man.m4.1; preprocessing, where the actual configuration
+ occurs on a higher abstraction level. The &man.m4.1;
+ configuration files can be found under
+ <filename>/usr/src/usr.sbin/sendmail/cf</filename>.</para>
+
+ <para>If you did not install your system with full sources, the
+ <application>sendmail</application> configuration set has been broken out into a separate source
+ distribution tarball. Assuming you have your FreeBSD source code
+ CDROM mounted, do:</para>
+
+ <screen>&prompt.root; <userinput>cd /cdrom/src</userinput>
+&prompt.root; <userinput>cat scontrib.?? | tar xzf - -C /usr/src/contrib/sendmail</userinput></screen>
+
+ <para>This extracts to only a few hundred kilobytes. The file
+ <filename>README</filename> in the <filename>cf</filename>
+ directory can serve as a basic introduction to &man.m4.1;
+ configuration.</para>
+
+ <para>The best way to support UUCP delivery is to use the
+ <literal>mailertable</literal> feature. This creates a database
+ that <application>sendmail</application> can use to make routing decisions.</para>
+
+ <para>First, you have to create your <filename>.mc</filename>
+ file. The directory
+ <filename>/usr/src/usr.sbin/sendmail/cf/cf</filename> contains a
+ few examples. Assuming you have named your file
+ <filename>foo.mc</filename>, all you need to do in order to
+ convert it into a valid <filename>sendmail.cf</filename>
+ is:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/usr.sbin/sendmail/cf/cf</userinput>
+&prompt.root; <userinput>make foo.cf</userinput>
+&prompt.root; <userinput>cp foo.cf /etc/mail/sendmail.cf</userinput></screen>
+
+ <para>A typical <filename>.mc</filename> file might look
+ like:</para>
+
+ <programlisting>VERSIONID(`<replaceable>Your version number</replaceable>') OSTYPE(bsd4.4)
+
+FEATURE(accept_unresolvable_domains)
+FEATURE(nocanonify)
+FEATURE(mailertable, `hash -o /etc/mail/mailertable')
+
+define(`UUCP_RELAY', <replaceable>your.uucp.relay</replaceable>)
+define(`UUCP_MAX_SIZE', 200000)
+define(`confDONT_PROBE_INTERFACES')
+
+MAILER(local)
+MAILER(smtp)
+MAILER(uucp)
+
+Cw <replaceable>your.alias.host.name</replaceable>
+Cw <replaceable>youruucpnodename.UUCP</replaceable></programlisting>
+
+ <para>The lines containing
+ <literal>accept_unresolvable_domains</literal>,
+ <literal>nocanonify</literal>, and
+ <literal>confDONT_PROBE_INTERFACES</literal> features will
+ prevent any usage of the DNS during mail delivery. The
+ <literal>UUCP_RELAY</literal> clause is needed to support UUCP
+ delivery. Simply put an Internet hostname there that is able to
+ handle .UUCP pseudo-domain addresses; most likely, you will
+ enter the mail relay of your ISP there.</para>
+
+ <para>Once you have this, you need an
+ <filename>/etc/mail/mailertable</filename> file. If you have
+ only one link to the outside that is used for all your mails,
+ the following file will suffice:</para>
+
+ <programlisting>#
+# makemap hash /etc/mail/mailertable.db &lt; /etc/mail/mailertable
+. uucp-dom:<replaceable>your.uucp.relay</replaceable></programlisting>
+
+ <para>A more complex example might look like this:</para>
+
+ <programlisting>#
+# makemap hash /etc/mail/mailertable.db &lt; /etc/mail/mailertable
+#
+horus.interface-business.de uucp-dom:horus
+.interface-business.de uucp-dom:if-bus
+interface-business.de uucp-dom:if-bus
+.heep.sax.de smtp8:%1
+horus.UUCP uucp-dom:horus
+if-bus.UUCP uucp-dom:if-bus
+. uucp-dom:</programlisting>
+
+
+ <para>The first three lines handle special cases where
+ domain-addressed mail should not be sent out to the default
+ route, but instead to some UUCP neighbor in order to
+ <quote>shortcut</quote> the delivery path. The next line handles
+ mail to the local Ethernet domain that can be delivered using
+ SMTP. Finally, the UUCP neighbors are mentioned in the .UUCP
+ pseudo-domain notation, to allow for a
+ <literal><replaceable>uucp-neighbor
+ </replaceable>!<replaceable>recipient</replaceable></literal>
+ override of the default rules. The last line is always a single
+ dot, matching everything else, with UUCP delivery to a UUCP
+ neighbor that serves as your universal mail gateway to the
+ world. All of the node names behind the
+ <literal>uucp-dom:</literal> keyword must be valid UUCP
+ neighbors, as you can verify using the command
+ <literal>uuname</literal>.</para>
+
+ <para>As a reminder that this file needs to be converted into a
+ DBM database file before use. The command line to accomplish
+ this is best placed as a comment at the top of the <filename>mailertable</filename> file.
+ You always have to execute this command each time you change
+ your <filename>mailertable</filename> file.</para>
+
+ <para>Final hint: if you are uncertain whether some particular
+ mail routing would work, remember the <option>-bt</option>
+ option to <application>sendmail</application>. It starts <application>sendmail</application> in <emphasis>address test
+ mode</emphasis>; simply enter <literal>3,0</literal>, followed
+ by the address you wish to test for the mail routing. The last
+ line tells you the used internal mail agent, the destination
+ host this agent will be called with, and the (possibly
+ translated) address. Leave this mode by typing <keycombo
+ action="simul"><keycap>Ctrl</keycap><keycap>D</keycap></keycombo>.</para>
+
+ <screen>&prompt.user; <userinput>sendmail -bt</userinput>
+ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
+Enter &lt;ruleset&gt; &lt;address&gt;
+<prompt>&gt;</prompt> <userinput>3,0 foo@example.com</userinput>
+canonify input: foo @ example . com
+...
+parse returns: $# uucp-dom $@ <replaceable>your.uucp.relay</replaceable> $: foo &lt; @ example . com . &gt;
+<prompt>&gt;</prompt> <userinput>^D</userinput></screen>
+ </sect1>
+
+ <sect1 id="outgoing-only">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Bill</firstname>
+ <surname>Moran</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Setting Up to Send Only</title>
+
+ <para>There are many instances where you may only want to send
+ mail through a relay. Some examples are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Your computer is a desktop machine, but you want
+ to use programs such as &man.send-pr.1;. To do so, you should use
+ your ISP's mail relay.</para>
+ </listitem>
+
+ <listitem>
+ <para>The computer is a server that does not handle mail
+ locally, but needs to pass off all mail to a relay for
+ processing.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Just about any <acronym>MTA</acronym> is capable of filling
+ this particular niche. Unfortunately, it can be very difficult
+ to properly configure a full-featured <acronym>MTA</acronym>
+ just to handle offloading mail. Programs such as
+ <application>sendmail</application> and
+ <application>postfix</application> are largely overkill for
+ this use.</para>
+
+ <para>Additionally, if you are using a typical Internet access
+ service, your agreement may forbid you from running a
+ <quote>mail server</quote>.</para>
+
+ <para>The easiest way to fulfill those needs is to install the
+ <filename role="package">mail/ssmtp</filename> port. Execute
+ the following commands as <username>root</username>:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/mail/ssmtp</userinput>
+&prompt.root; <userinput>make install replace clean</userinput></screen>
+
+ <para>Once installed,
+ <filename role="package">mail/ssmtp</filename> can be configured
+ with a four-line file located at
+ <filename>/usr/local/etc/ssmtp/ssmtp.conf</filename>:</para>
+
+ <programlisting>root=yourrealemail@example.com
+mailhub=mail.example.com
+rewriteDomain=example.com
+hostname=_HOSTNAME_</programlisting>
+
+ <para>Make sure you use your real email address for
+ <username>root</username>. Enter your ISP's outgoing mail relay
+ in place of <hostid role="fqdn">mail.example.com</hostid> (some ISPs call
+ this the <quote>outgoing mail server</quote> or
+ <quote>SMTP server</quote>).</para>
+
+ <para>Make sure you disable <application>sendmail</application>,
+ including the outgoing mail service. See
+ <xref linkend="mail-disable-sendmail"> for details.</para>
+
+ <para><filename role="package">mail/ssmtp</filename> has some
+ other options available. See the example configuration file in
+ <filename>/usr/local/etc/ssmtp</filename> or the manual page of
+ <application>ssmtp</application> for some examples and more
+ information.</para>
+
+ <para>Setting up <application>ssmtp</application> in this manner
+ will allow any software on your computer that needs to send
+ mail to function properly, while not violating your ISP's usage
+ policy or allowing your computer to be hijacked for spamming.</para>
+ </sect1>
+
+ <sect1 id="SMTP-dialup">
+ <title>Using Mail with a Dialup Connection</title>
+
+ <para>If you have a static IP address, you should not need to
+ adjust anything from the defaults. Set your host name to your
+ assigned Internet name and <application>sendmail</application> will do the rest.</para>
+
+ <para>If you have a dynamically assigned IP number and use a
+ dialup PPP connection to the Internet, you will probably have a
+ mailbox on your ISPs mail server. Let's assume your ISP's domain
+ is <hostid role="domainname">example.net</hostid>, and that your
+ user name is <username>user</username>, you have called your
+ machine <hostid role="fqdn">bsd.home</hostid>, and your ISP has
+ told you that you may use <hostid
+ role="fqdn">relay.example.net</hostid> as a mail relay.</para>
+
+ <para>In order to retrieve mail from your mailbox, you must
+ install a retrieval agent. The
+ <application>fetchmail</application> utility is a good choice as
+ it supports many different protocols. This program is available
+ as a package or from the Ports Collection (<filename
+ role="package">mail/fetchmail</filename>). Usually, your <acronym>ISP</acronym> will
+ provide <acronym>POP</acronym>. If you are using user <acronym>PPP</acronym>, you can
+ automatically fetch your mail when an Internet connection is
+ established with the following entry in
+ <filename>/etc/ppp/ppp.linkup</filename>:</para>
+
+ <programlisting>MYADDR:
+!bg su user -c fetchmail</programlisting>
+
+ <para>If you are using <application>sendmail</application> (as
+ shown below) to deliver mail to non-local accounts, you probably
+ want to have <application>sendmail</application> process your
+ mailqueue as soon as your Internet connection is established.
+ To do this, put this command after the
+ <command>fetchmail</command> command in
+ <filename>/etc/ppp/ppp.linkup</filename>:</para>
+
+ <programlisting> !bg su user -c "sendmail -q"</programlisting>
+
+ <para>Assume that you have an account for
+ <username>user</username> on <hostid
+ role="fqdn">bsd.home</hostid>. In the home directory of
+ <username>user</username> on <hostid
+ role="fqdn">bsd.home</hostid>, create a
+ <filename>.fetchmailrc</filename> file:</para>
+
+ <programlisting>poll example.net protocol pop3 fetchall pass MySecret</programlisting>
+
+ <para>This file should not be readable by anyone except
+ <username>user</username> as it contains the password
+ <literal>MySecret</literal>.</para>
+
+ <para>In order to send mail with the correct
+ <literal>from:</literal> header, you must tell
+ <application>sendmail</application> to use
+ <email>user@example.net</email> rather than
+ <email role="nolink">user@bsd.home</email>. You may also wish to tell
+ <application>sendmail</application> to send all mail via <hostid
+ role="fqdn">relay.example.net</hostid>, allowing quicker mail
+ transmission.</para>
+
+ <para>The following <filename>.mc</filename> file should
+ suffice:</para>
+
+ <programlisting>VERSIONID(`bsd.home.mc version 1.0')
+OSTYPE(bsd4.4)dnl
+FEATURE(nouucp)dnl
+MAILER(local)dnl
+MAILER(smtp)dnl
+Cwlocalhost
+Cwbsd.home
+MASQUERADE_AS(`example.net')dnl
+FEATURE(allmasquerade)dnl
+FEATURE(masquerade_envelope)dnl
+FEATURE(nocanonify)dnl
+FEATURE(nodns)dnl
+define(`SMART_HOST', `relay.example.net')
+Dmbsd.home
+define(`confDOMAIN_NAME',`bsd.home')dnl
+define(`confDELIVERY_MODE',`deferred')dnl</programlisting>
+
+ <para>Refer to the previous section for details of how to turn
+ this <filename>.mc</filename> file into a
+ <filename>sendmail.cf</filename> file. Also, do not forget to
+ restart <application>sendmail</application> after updating
+ <filename>sendmail.cf</filename>.</para>
+ </sect1>
+
+ <sect1 id="SMTP-Auth">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>James</firstname>
+ <surname>Gorham</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>SMTP Authentication</title>
+
+ <para>Having <acronym>SMTP</acronym> Authentication in place on
+ your mail server has a number of benefits.
+ <acronym>SMTP</acronym> Authentication can add another layer
+ of security to <application>sendmail</application>, and has the benefit of giving mobile
+ users who switch hosts the ability to use the same mail server
+ without the need to reconfigure their mail client settings
+ each time.</para>
+
+ <procedure>
+ <step>
+ <para>Install <filename role="package">security/cyrus-sasl</filename>
+ from the ports. You can find this port in
+ <filename role="package">security/cyrus-sasl</filename>.
+ <filename role="package">security/cyrus-sasl</filename> has
+ a number of compile time options to choose from and, for
+ the method we will be using here, make sure to select the
+ <option>pwcheck</option> option.</para>
+ </step>
+
+
+ <step>
+ <para>After installing <filename role="package">security/cyrus-sasl</filename>,
+ edit <filename>/usr/local/lib/sasl/Sendmail.conf</filename>
+ (or create it if it does not exist) and add the following
+ line:</para>
+
+ <programlisting>pwcheck_method: passwd</programlisting>
+
+ <para>This method will enable <application>sendmail</application>
+ to authenticate against your FreeBSD <filename>passwd</filename>
+ database. This saves the trouble of creating a new set of usernames
+ and passwords for each user that needs to use
+ <acronym>SMTP</acronym> authentication, and keeps the login
+ and mail password the same.</para>
+ </step>
+
+ <step>
+ <para>Now edit <filename>/etc/make.conf</filename> and add the
+ following lines:</para>
+
+ <programlisting>SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -DSASL
+SENDMAIL_LDFLAGS=-L/usr/local/lib
+SENDMAIL_LDADD=-lsasl</programlisting>
+
+ <para>These lines will give <application>sendmail</application>
+ the proper configuration options for linking
+ to <filename role="package">cyrus-sasl</filename> at compile time.
+ Make sure that <filename role="package">cyrus-sasl</filename>
+ has been installed before recompiling
+ <application>sendmail</application>.</para>
+ </step>
+
+ <step>
+ <para>Recompile <application>sendmail</application> by executing the following commands:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/usr.sbin/sendmail</userinput>
+&prompt.root; <userinput>make cleandir</userinput>
+&prompt.root; <userinput>make obj</userinput>
+&prompt.root; <userinput>make</userinput>
+&prompt.root; <userinput>make install</userinput></screen>
+
+ <para>The compile of <application>sendmail</application> should not have any problems
+ if <filename>/usr/src</filename> has not been changed extensively
+ and the shared libraries it needs are available.</para>
+ </step>
+
+ <step>
+ <para>After <application>sendmail</application> has been compiled
+ and reinstalled, edit your <filename>/etc/mail/freebsd.mc</filename>
+ file (or whichever file you use as your <filename>.mc</filename> file. Many administrators
+ choose to use the output from &man.hostname.1; as the <filename>.mc</filename> file for
+ uniqueness). Add these lines to it:</para>
+
+ <programlisting>dnl set SASL options
+TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
+define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
+define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl</programlisting>
+
+ <para>These options configure the different methods available to
+ <application>sendmail</application> for authenticating users.
+ If you would like to use a method other than
+ <application>pwcheck</application>, please see the
+ included documentation.</para>
+ </step>
+
+ <step>
+ <para>Finally, run &man.make.1; while in <filename>/etc/mail</filename>.
+ That will run your new <filename>.mc</filename> file and create a <filename>.cf</filename> file named
+ <filename>freebsd.cf</filename> (or whatever name you have used
+ for your <filename>.mc</filename> file). Then use the
+ command <command>make install restart</command>, which will
+ copy the file to <filename>sendmail.cf</filename>, and will
+ properly restart <application>sendmail</application>.
+ For more information about this process, you should refer
+ to <filename>/etc/mail/Makefile</filename>.</para>
+ </step>
+ </procedure>
+
+ <para>If all has gone correctly, you should be able to enter your login
+ information into the mail client and send a test message.
+ For further investigation, set the <option>LogLevel</option> of
+ <application>sendmail</application> to 13 and watch
+ <filename>/var/log/maillog</filename> for any errors.</para>
+
+ <para>You may wish to add the following line to <filename>/etc/rc.conf</filename>
+ so this service will be available after every system boot:</para>
+
+ <programlisting>cyrus_pwcheck_enable="YES"</programlisting>
+
+ <para>This will ensure the initialization of <acronym>SMTP_AUTH</acronym> upon system
+ boot.</para>
+
+ <para>For more information, please see the <application>sendmail</application>
+ page regarding
+ <ulink url="http://www.sendmail.org/~ca/email/auth.html">
+ <acronym>SMTP</acronym> authentication</ulink>.</para>
+
+ </sect1>
+
+ <sect1 id="mail-agents">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Silver</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Mail User Agents</title>
+
+ <indexterm>
+ <primary>Mail User Agents</primary>
+ </indexterm>
+
+ <para>A Mail User Agent (<acronym>MUA</acronym>) is an application
+ that is used to send and receive email. Furthermore, as email
+ <quote>evolves</quote> and becomes more complex,
+ <acronym>MUA</acronym>'s are becoming increasingly powerful in the
+ way they interact with email; this gives users increased
+ functionality and flexibility. &os; contains support for
+ numerous mail user agents, all of which can be easily installed
+ using the <link linkend="ports">FreeBSD Ports Collection</link>.
+ Users may choose between graphical email clients such as
+ <application>evolution</application> or
+ <application>balsa</application>, console based clients such as
+ <application>mutt</application>, <application>pine</application>
+ or <command>mail</command>, or the web interfaces used by some
+ large organizations.</para>
+
+ <sect2 id="mail-command">
+ <title>mail</title>
+
+ <para>&man.mail.1; is the default Mail User Agent
+ (<acronym>MUA</acronym>) in &os;. It is a
+ console based <acronym>MUA</acronym> that offers all the basic
+ functionality required to send and receive text-based email,
+ though it is limited in interaction abilities with attachments
+ and can only support local mailboxes.</para>
+
+ <para>Although <command>mail</command> does not natively support
+ interaction with <acronym>POP</acronym> or
+ <acronym>IMAP</acronym> servers, these mailboxes may be
+ downloaded to a local <filename>mbox</filename> file using an
+ application such as <application>fetchmail</application>, which
+ will be discussed later in this chapter (<xref
+ linkend="mail-fetchmail">).</para>
+
+ <para>In order to send and receive email, simply invoke the
+ <command>mail</command> command as per the following
+ example:</para>
+
+ <screen>&prompt.user; <userinput>mail</userinput></screen>
+
+ <para>The contents of the user mailbox in
+ <filename class="directory">/var/mail</filename> are
+ automatically read by the <command>mail</command> utility.
+ Should the mailbox be empty, the utility exits with a
+ message indicating that no mails could be found. Once the
+ mailbox has been read, the application interface is started, and
+ a list of messages will be displayed. Messages are automatically
+ numbered, as can be seen in the following example:</para>
+
+ <screen>Mail version 8.1 6/6/93. Type ? for help.
+"/var/mail/marcs": 3 messages 3 new
+>N 1 root@localhost Mon Mar 8 14:05 14/510 "test"
+ N 2 root@localhost Mon Mar 8 14:05 14/509 "user account"
+ N 3 root@localhost Mon Mar 8 14:05 14/509 "sample"</screen>
+
+ <para>Messages can now be read by using the <keycap>t</keycap>
+ <command>mail</command> command, suffixed by the message number
+ that should be displayed. In this example, we will read the
+ first email:</para>
+
+ <screen>& <userinput>t 1</userinput>
+Message 1:
+From root@localhost Mon Mar 8 14:05:52 2004
+X-Original-To: marcs@localhost
+Delivered-To: marcs@localhost
+To: marcs@localhost
+Subject: test
+Date: Mon, 8 Mar 2004 14:05:52 +0200 (SAST)
+From: root@localhost (Charlie Root)
+
+This is a test message, please reply if you receive it.</screen>
+
+ <para>As can be seen in the example above, the <keycap>t</keycap>
+ key will cause the message to be displayed with full headers.
+ To display the list of messages again, the <keycap>h</keycap>
+ key should be used.</para>
+
+ <para>If the email requires a response, you may use
+ <command>mail</command> to reply, by using either the
+ <keycap>R</keycap> or <keycap>r</keycap> <command>mail</command>
+ keys. The <keycap>R</keycap> key instructs
+ <command>mail</command> to reply only to the sender of the
+ email, while <keycap>r</keycap> replies not only to the sender,
+ but also to other recipients of the message. You may also
+ suffix these commands with the mail number which you would like
+ make a reply to. Once this has been done, the response should
+ be entered, and the end of the message should be marked by a
+ single <keycap>.</keycap> on a new line. An example can be seen
+ below:</para>
+
+ <screen>& <userinput>R 1</userinput>
+To: root@localhost
+Subject: Re: test
+
+<userinput>Thank you, I did get your email.
+.</userinput>
+EOT</screen>
+
+ <para>In order to send new email, the <keycap>m</keycap>
+ key should be used, followed by the
+ recipient email address. Multiple recipients may also be
+ specified by separating each address with the <keycap>,</keycap>
+ delimiter. The subject of the message may then be entered,
+ followed by the message contents. The end of the message should
+ be specified by putting a single <keycap>.</keycap> on a new
+ line.</para>
+
+ <screen>& <userinput>mail root@localhost</userinput>
+Subject: <userinput>I mastered mail
+
+Now I can send and receive email using mail ... :)
+.</userinput>
+EOT</screen>
+
+ <para>While inside the <command>mail</command> utility, the
+ <keycap>?</keycap> command may be used to display help at any
+ time, the &man.mail.1; manual page should also be consulted for
+ more help with <command>mail</command>.</para>
+
+ <note>
+ <para>As previously mentioned, the &man.mail.1; command was not
+ originally designed to handle attachments, and thus deals with
+ them very poorly. Newer <acronym>MUA</acronym>s such as
+ <application>mutt</application> handle attachments in a much
+ more intelligent way. But should you still wish to use the
+ <command>mail</command> command, the <filename
+ role="package">converters/mpack</filename> port may be of
+ considerable use.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="mutt-command">
+ <title>mutt</title>
+
+ <para><application>mutt</application> is a small yet very
+ powerful Mail User Agent, with excellent features,
+ just some of which include:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The ability to thread messages;</para>
+ </listitem>
+
+ <listitem>
+ <para>PGP support for digital signing and encryption of
+ email;</para>
+ </listitem>
+
+ <listitem>
+ <para>MIME Support;</para>
+ </listitem>
+
+ <listitem>
+ <para>Maildir Support;</para>
+ </listitem>
+
+ <listitem>
+ <para>Highly customizable.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>All of these features help to make
+ <application>mutt</application> one of the most advanced mail
+ user agents available. See <ulink
+ url="http://www.mutt.org"></ulink> for more
+ information on <application>mutt</application>.</para>
+
+ <para>The stable version of <application>mutt</application> may be
+ installed using the <filename
+ role="package">mail/mutt</filename> port, while the current
+ development version may be installed via the <filename
+ role="package">mail/mutt-devel</filename> port. After the port
+ has been installed, <application>mutt</application> can be
+ started by issuing the following command:</para>
+
+ <screen>&prompt.user; <userinput>mutt</userinput></screen>
+
+ <para><application>mutt</application> will automatically read the
+ contents of the user mailbox in <filename
+ class="directory">/var/mail</filename> and display the contents
+ if applicable. If no mails are found in the user mailbox, then
+ <application>mutt</application> will wait for commands from the
+ user. The example below shows <application>mutt</application>
+ displaying a list of messages:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/mutt1" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para>In order to read an email, simply select it using the cursor
+ keys, and press the <keycap>Enter</keycap> key. An example of
+ <application>mutt</application> displaying email can be seen
+ below:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/mutt2" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para>As with the &man.mail.1; command,
+ <application>mutt</application> allows users to reply only to
+ the sender of the message as well as to all recipients. To
+ reply only to the sender of the email, use the
+ <keycap>r</keycap> keyboard shortcut. To send a group reply,
+ which will be sent to the original sender as well as all the
+ message recipients, use the <keycap>g</keycap> shortcut.</para>
+
+ <note>
+ <para><application>mutt</application> makes use of the
+ &man.vi.1; command as an editor for creating and replying to
+ emails. This may be customized by the user by creating or
+ editing their own <filename>.muttrc</filename> file in their home directory and setting the
+ <literal>editor</literal> variable.</para>
+ </note>
+
+ <para>In order to compose a new mail message, press
+ <keycap>m</keycap>. After a valid subject has been given,
+ <application>mutt</application> will start &man.vi.1; and the
+ mail can be written. Once the contents of the mail are
+ complete, save and quit from <command>vi</command> and
+ <application>mutt</application> will resume, displaying a
+ summary screen of the mail that is to be delivered. In order to
+ send the mail, press <keycap>y</keycap>. An example of the
+ summary screen can be seen below:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/mutt3" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para><application>mutt</application> also contains extensive
+ help, which can be accessed from most of the menus by pressing
+ the <keycap>?</keycap> key. The top line also displays the
+ keyboard shortcuts where appropriate.</para>
+ </sect2>
+
+ <sect2 id="pine-command">
+ <title>pine</title>
+
+ <para><application>pine</application> is aimed at a beginner
+ user, but also includes some advanced features.</para>
+
+ <warning>
+ <para>The <application>pine</application> software has had several remote vulnerabilities
+ discovered in the past, which allowed remote attackers to
+ execute arbitrary code as users on the local system, by the
+ action of sending a specially-prepared email. All such
+ <emphasis>known</emphasis> problems have been fixed, but the
+ <application>pine</application> code is written in a very insecure style and the &os;
+ Security Officer believes there are likely to be other
+ undiscovered vulnerabilities. You install
+ <application>pine</application> at your own risk.</para>
+ </warning>
+
+ <para>The current version of <application>pine</application> may
+ be installed using the <filename
+ role="package">mail/pine4</filename> port. Once the port has
+ installed, <application>pine</application> can be started by
+ issuing the following command:</para>
+
+ <screen>&prompt.user; <userinput>pine</userinput></screen>
+
+ <para>The first time that <application>pine</application> is run
+ it displays a greeting page with a brief introduction, as well
+ as a request from the <application>pine</application>
+ development team to send an anonymous email message allowing
+ them to judge how many users are using their client. To send
+ this anonymous message, press <keycap>Enter</keycap>, or
+ alternatively press <keycap>E</keycap> to exit the greeting
+ without sending an anonymous message. An example of the
+ greeting page can be seen below:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/pine1" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para>Users are then presented with the main menu, which can be
+ easily navigated using the cursor keys. This main menu provides
+ shortcuts for the composing new mails, browsing of mail directories,
+ and even the administration of address book entries. Below the
+ main menu, relevant keyboard shortcuts to perform functions
+ specific to the task at hand are shown.</para>
+
+ <para>The default directory opened by <application>pine</application>
+ is the <filename class="directory">inbox</filename>. To view the message index, press
+ <keycap>I</keycap>, or select the <guimenuitem>MESSAGE INDEX</guimenuitem>
+ option as seen below:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/pine2" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para>The message index shows messages in the current directory,
+ and can be navigated by using the cursor keys. Highlighted
+ messages can be read by pressing the
+ <keycap>Enter</keycap> key.</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/pine3" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para>In the screenshot below, a sample message is displayed by
+ <application>pine</application>. Keyboard shortcuts are
+ displayed as a reference at the bottom of the screen. An
+ example of one of these shortcuts is the <keycap>r</keycap> key,
+ which tells the <acronym>MUA</acronym> to reply to the current
+ message being displayed.</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/pine4" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para>Replying to an email in <application>pine</application> is
+ done using the <application>pico</application> editor, which is
+ installed by default with <application>pine</application>.
+ The <application>pico</application> utility makes it easy to
+ navigate around the message and is slightly more forgiving on
+ novice users than &man.vi.1; or &man.mail.1;. Once the reply
+ is complete, the message can be sent by pressing
+ <keycombo action="simul"><keycap>Ctrl</keycap><keycap>X</keycap>
+ </keycombo>. The <application>pine</application> application
+ will ask for confirmation.</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="mail/pine5" format="PNG">
+ </imageobject>
+ </mediaobject>
+
+ <para>The <application>pine</application> application can be
+ customized using the <guimenuitem>SETUP</guimenuitem> option from the main
+ menu. Consult <ulink url="http://www.washington.edu/pine/"></ulink>
+ for more information.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="mail-fetchmail">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Silver</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Using fetchmail</title>
+
+ <indexterm>
+ <primary>fetchmail</primary>
+ </indexterm>
+
+ <para><application>fetchmail</application> is a full-featured
+ <acronym>IMAP</acronym> and <acronym>POP</acronym> client which
+ allows users to automatically download mail from remote
+ <acronym>IMAP</acronym> and <acronym>POP</acronym> servers and
+ save it into local mailboxes; there it can be accessed more easily.
+ <application>fetchmail</application> can be installed using the
+ <filename role="package">mail/fetchmail</filename> port, and
+ offers various features, some of which include:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Support of <acronym>POP3</acronym>,
+ <acronym>APOP</acronym>, <acronym>KPOP</acronym>,
+ <acronym>IMAP</acronym>, <acronym>ETRN</acronym> and
+ <acronym>ODMR</acronym> protocols.</para>
+ </listitem>
+
+ <listitem>
+ <para>Ability to forward mail using <acronym>SMTP</acronym>, which
+ allows filtering, forwarding, and aliasing to function
+ normally.</para>
+ </listitem>
+
+ <listitem>
+ <para>May be run in daemon mode to check periodically for new
+ messages.</para>
+ </listitem>
+
+ <listitem>
+ <para>Can retrieve multiple mailboxes and forward them based
+ on configuration, to different local users.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>While it is outside the scope of this document to explain
+ all of <application>fetchmail</application>'s features, some
+ basic features will be explained. The
+ <application>fetchmail</application> utility requires a
+ configuration file known as <filename>.fetchmailrc</filename>,
+ in order to run correctly. This file includes server information
+ as well as login credentials. Due to the sensitive nature of the
+ contents of this file, it is advisable to make it readable only by the owner,
+ with the following command:</para>
+
+ <screen>&prompt.user; <userinput>chmod 600 .fetchmailrc</userinput></screen>
+
+ <para>The following <filename>.fetchmailrc</filename> serves as an
+ example for downloading a single user mailbox using
+ <acronym>POP</acronym>. It tells
+ <application>fetchmail</application> to connect to <hostid
+ role="fqdn">example.com</hostid> using a username of
+ <username>joesoap</username> and a password of
+ <literal>XXX</literal>. This example assumes that the user
+ <username>joesoap</username> is also a user on the local
+ system.</para>
+
+ <programlisting>poll example.com protocol pop3 username "joesoap" password "XXX"</programlisting>
+
+ <para>The next example connects to multiple <acronym>POP</acronym>
+ and <acronym>IMAP</acronym> servers and redirects to different
+ local usernames where applicable:</para>
+
+ <programlisting>poll example.com proto pop3:
+user "joesoap", with password "XXX", is "jsoap" here;
+user "andrea", with password "XXXX";
+poll example2.net proto imap:
+user "john", with password "XXXXX", is "myth" here;</programlisting>
+
+ <para>The <application>fetchmail</application> utility can be run in daemon
+ mode by running it with the <option>-d</option> flag, followed
+ by the interval (in seconds) that
+ <application>fetchmail</application> should poll servers listed
+ in the <filename>.fetchmailrc</filename> file. The following
+ example would cause <application>fetchmail</application> to poll
+ every 600 seconds:</para>
+
+ <screen>&prompt.user; <userinput>fetchmail -d 600</userinput></screen>
+
+ <para>More information on <application>fetchmail</application> can
+ be found at <ulink
+ url="http://fetchmail.berlios.de/"></ulink>.</para>
+ </sect1>
+
+ <sect1 id="mail-procmail">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Silver</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Using procmail</title>
+
+ <indexterm>
+ <primary>procmail</primary>
+ </indexterm>
+
+ <para>The <application>procmail</application> utility is an
+ incredibly powerful application used to filter incoming mail.
+ It allows users to define <quote>rules</quote> which can be
+ matched to incoming mails to perform specific functions or to
+ reroute mail to alternative mailboxes and/or email addresses.
+ <application>procmail</application> can be installed using the
+ <filename role="package">mail/procmail</filename> port. Once
+ installed, it can be directly integrated into most
+ <acronym>MTA</acronym>s; consult your <acronym>MTA</acronym>
+ documentation for more information. Alternatively,
+ <application>procmail</application> can be integrated by adding
+ the following line to a <filename>.forward</filename> in the home
+ directory of the user utilizing
+ <application>procmail</application> features:</para>
+
+ <programlisting>"|exec /usr/local/bin/procmail || exit 75"</programlisting>
+
+ <para>The following section will display some basic
+ <application>procmail</application> rules, as well as brief
+ descriptions on what they do. These rules, and others must be
+ inserted into a <filename>.procmailrc</filename> file, which
+ must reside in the user's home directory.</para>
+
+ <para>The majority of these rules can also be found in the
+ &man.procmailex.5; manual page.</para>
+
+ <para>Forward all mail from <email>user@example.com</email> to an
+ external address of <email role="nolink">goodmail@example2.com</email>:</para>
+
+ <programlisting>:0
+* ^From.*user@example.com
+! goodmail@example2.com</programlisting>
+
+ <para>Forward all mails shorter than 1000 bytes to an external
+ address of <email role="nolink">goodmail@example2.com</email>:</para>
+
+ <programlisting>:0
+* < 1000
+! goodmail@example2.com</programlisting>
+
+ <para>Send all mail sent to <email>alternate@example.com</email>
+ into a mailbox called <filename>alternate</filename>:</para>
+
+ <programlisting>:0
+* ^TOalternate@example.com
+alternate</programlisting>
+
+ <para>Send all mail with a subject of <quote>Spam</quote> to
+ <filename>/dev/null</filename>:</para>
+
+ <programlisting>:0
+^Subject:.*Spam
+/dev/null</programlisting>
+
+ <para>A useful recipe that parses incoming <hostid role="domainname">&os;.org</hostid> mailing lists
+ and places each list in its own mailbox:</para>
+
+ <programlisting>:0
+* ^Sender:.owner-freebsd-\/[^@]+@FreeBSD.ORG
+{
+ LISTNAME=${MATCH}
+ :0
+ * LISTNAME??^\/[^@]+
+ FreeBSD-${MATCH}
+}</programlisting>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/mirrors/Makefile b/zh_TW.Big5/books/handbook/mirrors/Makefile
new file mode 100644
index 0000000000..ad5c0e2abe
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/mirrors/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= mirrors/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/mirrors/chapter.sgml b/zh_TW.Big5/books/handbook/mirrors/chapter.sgml
new file mode 100644
index 0000000000..31726da40b
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/mirrors/chapter.sgml
@@ -0,0 +1,3169 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<appendix id="mirrors">
+ <title>Obtaining FreeBSD</title>
+
+ <sect1 id="mirrors-cdrom">
+ <title>CDROM and DVD Publishers</title>
+
+ <sect2>
+ <title>Retail Boxed Products</title>
+
+ <para>FreeBSD is available as a boxed product (FreeBSD CDs,
+ additional software, and printed documentation) from several
+ retailers:</para>
+
+ <itemizedlist>
+ <listitem>
+ <address>
+ <otheraddr>CompUSA</otheraddr>
+ WWW: <otheraddr><ulink url="http://www.compusa.com/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Frys Electronics</otheraddr>
+ WWW: <otheraddr><ulink url="http://www.frys.com/"></ulink></otheraddr>
+ </address>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>CD and DVD Sets</title>
+
+ <para>FreeBSD CD and DVD sets are available from many online
+ retailers:</para>
+
+ <itemizedlist>
+ <listitem>
+ <address>
+ <otheraddr>BSD Mall by Daemon News</otheraddr>
+ <street>PO Box 161</street>
+ <city>Nauvoo</city>, <state>IL</state> <postcode>62354</postcode>
+ <country>USA</country>
+ Phone: <phone>+1 866 273-6255</phone>
+ Fax: <fax>+1 217 453-9956</fax>
+ Email: <email>sales@bsdmall.com</email>
+ WWW: <otheraddr><ulink url="http://www.bsdmall.com/freebsd1.html"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>BSD-Systems</otheraddr>
+ Email: <email>info@bsd-systems.co.uk</email>
+ WWW: <otheraddr><ulink url="http://www.bsd-systems.co.uk"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>fastdiscs.com</otheraddr>
+ <street>6 Eltham Close</street>
+ <city>Leeds</city>, <postcode>LS6 2TY</postcode>
+ <country>United Kingdom</country>
+ Phone: <phone>+44 870 1995 171</phone>
+ Email: <email>sales@fastdiscs.com</email>
+ WWW: <otheraddr><ulink url="http://fastdiscs.com/freebsd/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>FreeBSD Mall, Inc.</otheraddr>
+ <street>3623 Sanford Street</street>
+ <city>Concord</city>, <state>CA</state> <postcode>94520-1405</postcode>
+ <country>USA</country>
+ Phone: <phone>+1 925 674-0783</phone>
+ Fax: <fax>+1 925 674-0821</fax>
+ Email: <email>info@freebsdmall.com</email>
+ WWW: <otheraddr><ulink url="http://www.freebsdmall.com/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Hinner EDV</otheraddr>
+ <street>St. Augustinus-Str. 10</street>
+ <postcode>D-81825</postcode> <city>M&uuml;nchen</city>
+ <country>Germany</country>
+ Phone: <phone>(089) 428 419</phone>
+ WWW: <otheraddr><ulink url="http://www.hinner.de/linux/freebsd.html"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Ikarios</otheraddr>
+ <street>22-24 rue Voltaire</street>
+ <postcode>92000</postcode> <city>Nanterre</city>
+ <country>France</country>
+ WWW: <otheraddr><ulink url="http://ikarios.com/form/#freebsd"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>JMC Software</otheraddr>
+ <country>Ireland</country>
+ Phone: <phone>353 1 6291282</phone>
+ WWW: <otheraddr><ulink url="http://www.thelinuxmall.com"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Linux CD Mall</otheraddr>
+ <street>Private Bag MBE N348</street>
+ <city>Auckland 1030</city>
+ <country>New Zealand</country>
+ Phone: <phone>+64 21 866529</phone>
+ WWW: <otheraddr><ulink url="http://www.linuxcdmall.co.nz/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>The Linux Emporium</otheraddr>
+ <street>Hilliard House, Lester Way</street>
+ <city>Wallingford</city>
+ <postcode>OX10 9TA</postcode>
+ <country>United Kingdom</country>
+ Phone: <phone>+44 1491 837010</phone>
+ Fax: <fax>+44 1491 837016</fax>
+ WWW: <otheraddr><ulink url="http://www.linuxemporium.co.uk/products/freebsd/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Linux+ DVD Magazine</otheraddr>
+ <street>Lewartowskiego 6</street>
+ <city>Warsaw</city>
+ <postcode>00-190</postcode>
+ <country>Poland</country>
+ Phone: <phone>+48 22 860 18 18</phone>
+ Email: <email>editors@lpmagazine.org</email>
+ WWW: <otheraddr><ulink url="http://www.lpmagazine.org/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Linux System Labs Australia</otheraddr>
+ <street>21 Ray Drive</street>
+ <city>Balwyn North</city>
+ <postcode>VIC - 3104</postcode>
+ <country>Australia</country>
+ Phone: <phone>+61 3 9857 5918</phone>
+ Fax: <fax>+61 3 9857 8974</fax>
+ WWW: <otheraddr><ulink url="http://www.lsl.com.au"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>LinuxCenter.Ru</otheraddr>
+ <street>Galernaya Street, 55</street>
+ <city>Saint-Petersburg</city>
+ <postcode>190000</postcode>
+ <country>Russia</country>
+ Phone: <phone>+7-812-3125208</phone>
+ Email: <email>info@linuxcenter.ru</email>
+ WWW: <otheraddr><ulink url="http://linuxcenter.ru/freebsd"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Distributors</title>
+
+ <para>If you are a reseller and want to carry FreeBSD CDROM products,
+ please contact a distributor:</para>
+
+ <itemizedlist>
+ <listitem>
+ <address>
+ <otheraddr>Cylogistics</otheraddr>
+ <street>809B Cuesta Dr., #2149</street>
+ <city>Mountain View</city>, <state>CA</state> <postcode>94040</postcode>
+ <country>USA</country>
+ Phone: <phone>+1 650 694-4949</phone>
+ Fax: <fax>+1 650 694-4953</fax>
+ Email: <email>sales@cylogistics.com</email>
+ WWW: <otheraddr><ulink url="http://www.cylogistics.com/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Ingram Micro</otheraddr>
+ <street>1600 E. St. Andrew Place</street>
+ <city>Santa Ana</city>, <state>CA</state> <postcode>92705-4926</postcode>
+ <country>USA</country>
+ Phone: <phone>1 (800) 456-8000</phone>
+ WWW: <otheraddr><ulink url="http://www.ingrammicro.com/"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Kudzu, LLC</otheraddr>
+ <street>7375 Washington Ave. S.</street>
+ <city>Edina</city>, <state>MN</state> <postcode>55439</postcode>
+ <country>USA</country>
+ Phone: <phone>+1 952 947-0822</phone>
+ Fax: <fax>+1 952 947-0876</fax>
+ Email: <email>sales@kudzuenterprises.com</email>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>LinuxCenter.Ru</otheraddr>
+ <street>Galernaya Street, 55</street>
+ <city>Saint-Petersburg</city>
+ <postcode>190000</postcode>
+ <country>Russia</country>
+ Phone: <phone>+7-812-3125208</phone>
+ Email: <email>info@linuxcenter.ru</email>
+ WWW: <otheraddr><ulink url="http://linuxcenter.ru/freebsd"></ulink></otheraddr>
+ </address>
+ </listitem>
+
+ <listitem>
+ <address>
+ <otheraddr>Navarre Corp</otheraddr>
+ <street>7400 49th Ave South</street>
+ <city>New Hope</city>, <state>MN</state> <postcode>55428</postcode>
+ <country>USA</country>
+ Phone: <phone>+1 763 535-8333</phone>
+ Fax: <fax>+1 763 535-0341</fax>
+ WWW: <otheraddr><ulink url="http://www.navarre.com/"></ulink></otheraddr>
+ </address>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mirrors-ftp">
+ <title>FTP Sites</title>
+
+ <para>The official sources for FreeBSD are available via anonymous FTP
+ from a worldwide set of mirror sites. The site
+ <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/"></ulink> is well
+ connected and allows a large number of connections to it, but
+ you are probably better off finding a <quote>closer</quote>
+ mirror site (especially if you decide to set up some sort of
+ mirror site).</para>
+
+ <para>The <ulink
+ url="http://mirrorlist.FreeBSD.org/">FreeBSD mirror
+ sites database</ulink> is more accurate than the mirror listing in the
+ Handbook, as it gets its information from the DNS rather than relying on
+ static lists of hosts.</para>
+
+ <para>Additionally, FreeBSD is available via anonymous FTP from the
+ following mirror sites. If you choose to obtain FreeBSD via anonymous
+ FTP, please try to use a site near you. The mirror sites listed as
+ <quote>Primary Mirror Sites</quote> typically have the entire FreeBSD archive (all
+ the currently available versions for each of the architectures) but
+ you will probably have faster download times from a site that is
+ in your country or region. The regional sites carry the most recent
+ versions for the most popular architecture(s) but might not carry
+ the entire FreeBSD archive. All sites provide access via anonymous
+ FTP but some sites also provide access via other methods. The access
+ methods available for each site are provided in parentheses
+ after the hostname.</para>
+
+ &chap.mirrors.ftp.inc;
+ </sect1>
+
+ <sect1 id="anoncvs">
+ <title>Anonymous CVS</title>
+
+ <sect2>
+ <title><anchor id="anoncvs-intro">Introduction</title>
+
+ <indexterm>
+ <primary>CVS</primary>
+ <secondary>anonymous</secondary>
+ </indexterm>
+
+ <para>Anonymous CVS (or, as it is otherwise known,
+ <emphasis>anoncvs</emphasis>) is a feature provided by the CVS
+ utilities bundled with FreeBSD for synchronizing with a remote
+ CVS repository. Among other things, it allows users of FreeBSD
+ to perform, with no special privileges, read-only CVS operations
+ against one of the FreeBSD project's official anoncvs servers.
+ To use it, one simply sets the <envar>CVSROOT</envar>
+ environment variable to point at the appropriate anoncvs server,
+ provides the well-known password <quote>anoncvs</quote> with the
+ <command>cvs login</command> command, and then uses the
+ &man.cvs.1; command to access it like any local
+ repository.</para>
+
+ <note>
+ <para>The <command>cvs login</command> command, stores the passwords
+ that are used for authenticating to the CVS server in a file
+ called <filename>.cvspass</filename> in your
+ <envar>HOME</envar> directory. If this file does not exist,
+ you might get an error when trying to use <command>cvs
+ login</command> for the first time. Just make an empty
+ <filename>.cvspass</filename> file, and retry to login.</para>
+ </note>
+
+ <para>While it can also be said that the <link
+ linkend="cvsup">CVSup</link> and <emphasis>anoncvs</emphasis>
+ services both perform essentially the same function, there are
+ various trade-offs which can influence the user's choice of
+ synchronization methods. In a nutshell,
+ <application>CVSup</application> is much more efficient in its
+ usage of network resources and is by far the most technically
+ sophisticated of the two, but at a price. To use
+ <application>CVSup</application>, a special client must first be
+ installed and configured before any bits can be grabbed, and
+ then only in the fairly large chunks which
+ <application>CVSup</application> calls
+ <emphasis>collections</emphasis>.</para>
+
+ <para><application>Anoncvs</application>, by contrast, can be used
+ to examine anything from an individual file to a specific
+ program (like <command>ls</command> or <command>grep</command>)
+ by referencing the CVS module name. Of course,
+ <application>anoncvs</application> is also only good for
+ read-only operations on the CVS repository, so if it is your
+ intention to support local development in one repository shared
+ with the FreeBSD project bits then
+ <application>CVSup</application> is really your only
+ option.</para>
+ </sect2>
+
+ <sect2>
+ <title><anchor id="anoncvs-usage">Using Anonymous CVS</title>
+
+ <para>Configuring &man.cvs.1; to use an Anonymous CVS repository
+ is a simple matter of setting the <envar>CVSROOT</envar>
+ environment variable to point to one of the FreeBSD project's
+ <emphasis>anoncvs</emphasis> servers. At the time of this
+ writing, the following servers are available:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>Austria</emphasis>:
+ :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs
+ (Use <command>cvs login</command> and enter any
+ password when prompted.)</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>France</emphasis>:
+ :pserver:anoncvs@anoncvs.fr.FreeBSD.org:/home/ncvs
+ (pserver (password <quote>anoncvs</quote>), ssh (no password))
+ </para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Germany</emphasis>:
+ :pserver:anoncvs@anoncvs.de.FreeBSD.org:/home/ncvs
+ (Use <command>cvs login</command> and enter the password
+ <quote>anoncvs</quote> when prompted.)</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Germany</emphasis>:
+ :pserver:anoncvs@anoncvs2.de.FreeBSD.org:/home/ncvs
+ (rsh, pserver, ssh, ssh/2022)
+ </para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Japan</emphasis>:
+ :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs
+ (Use <command>cvs login</command> and enter the password
+ <quote>anoncvs</quote> when prompted.)</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Sweden</emphasis>:
+ freebsdanoncvs@anoncvs.se.FreeBSD.org:/home/ncvs
+ (ssh only - no password)</para>
+
+ <programlisting>SSH HostKey: 1024 a7:34:15:ee:0e:c6:65:cf:40:78:2d:f3:cd:87:bd:a6 root@apelsin.fruitsalad.org
+SSH2 HostKey: 1024 21:df:04:03:c7:26:3e:e8:36:1a:50:2d:c7:ae:b8:5f ssh_host_dsa_key.pub</programlisting>
+
+ </listitem>
+ <listitem>
+ <para><emphasis>USA</emphasis>:
+ freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs
+ (ssh only - no password)</para>
+
+ <programlisting>SSH HostKey: 1024 a1:e7:46:de:fb:56:ef:05:bc:73:aa:91:09:da:f7:f4 root@sanmateo.ecn.purdue.edu
+SSH2 HostKey: 1024 52:02:38:1a:2f:a8:71:d3:f5:83:93:8d:aa:00:6f:65 ssh_host_dsa_key.pub</programlisting>
+
+ </listitem>
+ <listitem>
+ <para><emphasis>USA</emphasis>:
+ anoncvs@anoncvs1.FreeBSD.org:/home/ncvs (ssh only - no
+ password)</para>
+
+ <programlisting>SSH HostKey: 1024 4b:83:b6:c5:70:75:6c:5b:18:8e:3a:7a:88:a0:43:bb root@ender.liquidneon.com
+SSH2 HostKey: 1024 80:a7:87:fa:61:d9:25:5c:33:d5:48:51:aa:8f:b6:12 ssh_host_dsa_key.pub</programlisting>
+
+ </listitem>
+ </itemizedlist>
+
+ <para>Since CVS allows one to <quote>check out</quote> virtually
+ any version of the FreeBSD sources that ever existed (or, in
+ some cases, will exist), you need to be
+ familiar with the revision (<option>-r</option>) flag to
+ &man.cvs.1; and what some of the permissible values for it in
+ the FreeBSD Project repository are.</para>
+
+ <para>There are two kinds of tags, revision tags and branch tags.
+ A revision tag refers to a specific revision. Its meaning stays
+ the same from day to day. A branch tag, on the other hand,
+ refers to the latest revision on a given line of development, at
+ any given time. Because a branch tag does not refer to a
+ specific revision, it may mean something different tomorrow than
+ it means today.</para>
+
+ <para><xref linkend="cvs-tags"> contains revision tags that users
+ might be interested
+ in. Again, none of these are valid for the Ports Collection
+ since the Ports Collection does not have multiple
+ revisions.</para>
+
+ <para>When you specify a branch tag, you normally receive the
+ latest versions of the files on that line of development. If
+ you wish to receive some past version, you can do so by
+ specifying a date with the <option>-D date</option> flag.
+ See the &man.cvs.1; manual page for more details.</para>
+ </sect2>
+
+ <sect2>
+ <title>Examples</title>
+
+ <para>While it really is recommended that you read the manual page
+ for &man.cvs.1; thoroughly before doing anything, here are some
+ quick examples which essentially show how to use Anonymous
+ CVS:</para>
+
+ <example>
+ <title>Checking Out Something from -CURRENT (&man.ls.1;):</title>
+
+ <screen>&prompt.user; <userinput>setenv CVSROOT :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs</userinput>
+&prompt.user; <userinput>cvs login</userinput>
+<emphasis>At the prompt, enter the password</emphasis> <quote>anoncvs</quote>.
+&prompt.user; <userinput>cvs co ls</userinput>
+ </screen>
+ </example>
+
+ <example>
+ <title>Using SSH to check out the <filename>src/</filename>
+ tree:</title>
+ <screen>&prompt.user; <userinput>cvs -d freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs co src</userinput>
+The authenticity of host 'anoncvs.freebsd.org (128.46.156.46)' can't be established.
+DSA key fingerprint is 52:02:38:1a:2f:a8:71:d3:f5:83:93:8d:aa:00:6f:65.
+Are you sure you want to continue connecting (yes/no)? <userinput>yes</userinput>
+Warning: Permanently added 'anoncvs.freebsd.org' (DSA) to the list of known hosts.</screen>
+ </example>
+
+ <example>
+ <title>Checking Out the Version of &man.ls.1; in the 6-STABLE
+ Branch:</title>
+
+ <screen>&prompt.user; <userinput>setenv CVSROOT :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs</userinput>
+&prompt.user; <userinput>cvs login</userinput>
+<emphasis>At the prompt, enter the password</emphasis> <quote>anoncvs</quote>.
+&prompt.user; <userinput>cvs co -rRELENG_6 ls</userinput>
+ </screen>
+ </example>
+
+ <example>
+ <title>Creating a List of Changes (as Unified Diffs) to &man.ls.1;</title>
+
+ <screen>&prompt.user; <userinput>setenv CVSROOT :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs</userinput>
+&prompt.user; <userinput>cvs login</userinput>
+<emphasis>At the prompt, enter the password</emphasis> <quote>anoncvs</quote>.
+&prompt.user; <userinput>cvs rdiff -u -rRELENG_5_3_0_RELEASE -rRELENG_5_4_0_RELEASE ls</userinput>
+ </screen>
+ </example>
+
+ <example>
+ <title>Finding Out What Other Module Names Can Be Used:</title>
+
+ <screen>&prompt.user; <userinput>setenv CVSROOT :pserver:anoncvs@anoncvs.jp.FreeBSD.org:/home/ncvs</userinput>
+&prompt.user; <userinput>cvs login</userinput>
+<emphasis>At the prompt, enter the password</emphasis> <quote>anoncvs</quote>.
+&prompt.user; <userinput>cvs co modules</userinput>
+&prompt.user; <userinput>more modules/modules</userinput>
+ </screen>
+ </example>
+ </sect2>
+
+ <sect2>
+ <title>Other Resources</title>
+
+ <para>The following additional resources may be helpful in learning
+ CVS:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink
+ url="http://www.csc.calpoly.edu/~dbutler/tutorials/winter96/cvs/">CVS Tutorial</ulink> from Cal Poly.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.cvshome.org/">CVS Home</ulink>,
+ the CVS development and support community.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.FreeBSD.org/cgi/cvsweb.cgi">CVSweb</ulink> is
+ the FreeBSD Project web interface for CVS.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+
+ <sect1 id="ctm">
+ <title>Using CTM</title>
+
+ <indexterm>
+ <primary>CTM</primary>
+ </indexterm>
+
+ <para><application>CTM</application> is a method for keeping a
+ remote directory tree in sync with a central one. It has been
+ developed for usage with FreeBSD's source trees, though other
+ people may find it useful for other purposes as time goes by.
+ Little, if any, documentation currently exists at this time on the
+ process of creating deltas, so contact the &a.ctm-users.name; mailing list for more
+ information and if you wish to use <application>CTM</application>
+ for other things.</para>
+
+ <sect2>
+ <title>Why Should I Use <application>CTM</application>?</title>
+
+ <para><application>CTM</application> will give you a local copy of
+ the FreeBSD source trees. There are a number of
+ <quote>flavors</quote> of the tree available. Whether you wish
+ to track the entire CVS tree or just one of the branches,
+ <application>CTM</application> can provide you the information.
+ If you are an active developer on FreeBSD, but have lousy or
+ non-existent TCP/IP connectivity, or simply wish to have the
+ changes automatically sent to you,
+ <application>CTM</application> was made for you. You will need
+ to obtain up to three deltas per day for the most active
+ branches. However, you should consider having them sent by
+ automatic email. The sizes of the updates are always kept as
+ small as possible. This is typically less than 5K, with an
+ occasional (one in ten) being 10-50K and every now and then a
+ large 100K+ or more coming around.</para>
+
+ <para>You will also need to make yourself aware of the various
+ caveats related to working directly from the development sources
+ rather than a pre-packaged release. This is particularly true
+ if you choose the <quote>current</quote> sources. It is
+ recommended that you read <link linkend="current">Staying
+ current with FreeBSD</link>.</para>
+ </sect2>
+
+ <sect2>
+ <title>What Do I Need to Use
+ <application>CTM</application>?</title>
+
+ <para>You will need two things: The <application>CTM</application>
+ program, and the initial deltas to feed it (to get up to
+ <quote>current</quote> levels).</para>
+
+ <para>The <application>CTM</application> program has been part of
+ FreeBSD ever since version 2.0 was released, and lives in
+ <filename>/usr/src/usr.sbin/ctm</filename> if you have a copy
+ of the source available.</para>
+
+ <para>The <quote>deltas</quote> you feed
+ <application>CTM</application> can be had two ways, FTP or
+ email. If you have general FTP access to the Internet then the
+ following FTP sites support access to
+ <application>CTM</application>:</para>
+
+ <para><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CTM/"></ulink></para>
+
+ <para>or see section <link
+ linkend="mirrors-ctm">mirrors</link>.</para>
+
+ <para>FTP the relevant directory and fetch the
+ <filename>README</filename> file, starting from there.</para>
+
+ <para>If you wish to get your deltas via email:</para>
+
+ <para>Subscribe to one of the
+ <application>CTM</application> distribution lists.
+ &a.ctm-cvs-cur.name; supports the entire CVS tree.
+ &a.ctm-src-cur.name; supports the head of the development
+ branch. &a.ctm-src-4.name; supports the 4.X release
+ branch, etc.. (If you do not know how to subscribe yourself
+ to a list, click on the list name above or go to
+ &a.mailman.lists.link; and click on the list that you
+ wish to subscribe to. The list page should contain all of
+ the necessary subscription instructions.)</para>
+
+ <para>When you begin receiving your <application>CTM</application>
+ updates in the mail, you may use the
+ <command>ctm_rmail</command> program to unpack and apply them.
+ You can actually use the <command>ctm_rmail</command> program
+ directly from a entry in <filename>/etc/aliases</filename> if
+ you want to have the process run in a fully automated fashion.
+ Check the <command>ctm_rmail</command> manual page for more
+ details.</para>
+
+ <note>
+ <para>No matter what method you use to get the
+ <application>CTM</application> deltas, you should subscribe to
+ the &a.ctm-announce.name; mailing list. In
+ the future, this will be the only place where announcements
+ concerning the operations of the
+ <application>CTM</application> system will be posted. Click
+ on the list name above and follow the instructions
+ to subscribe to the
+ list.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Using <application>CTM</application> for the First
+ Time</title>
+
+ <para>Before you can start using <application>CTM</application>
+ deltas, you will need to get to a starting point for the deltas
+ produced subsequently to it.</para>
+
+ <para>First you should determine what you already have. Everyone
+ can start from an <quote>empty</quote> directory. You must use
+ an initial <quote>Empty</quote> delta to start off your
+ <application>CTM</application> supported tree. At some point it
+ is intended that one of these <quote>started</quote> deltas be
+ distributed on the CD for your convenience, however, this does
+ not currently happen.</para>
+
+ <para>Since the trees are many tens of megabytes, you should
+ prefer to start from something already at hand. If you have a
+ -RELEASE CD, you can copy or extract an initial source from it.
+ This will save a significant transfer of data.</para>
+
+ <para>You can recognize these <quote>starter</quote> deltas by the
+ <literal>X</literal> appended to the number
+ (<filename>src-cur.3210XEmpty.gz</filename> for instance). The
+ designation following the <literal>X</literal> corresponds to
+ the origin of your initial <quote>seed</quote>.
+ <filename>Empty</filename> is an empty directory. As a rule a
+ base transition from <literal>Empty</literal> is produced
+ every 100 deltas. By the way, they are large! 70 to 80
+ Megabytes of <command>gzip</command>'d data is common for the
+ <filename>XEmpty</filename> deltas.</para>
+
+ <para>Once you have picked a base delta to start from, you will also
+ need all deltas with higher numbers following it.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using <application>CTM</application> in Your Daily
+ Life</title>
+
+ <para>To apply the deltas, simply say:</para>
+
+ <screen>&prompt.root; <userinput>cd /where/ever/you/want/the/stuff</userinput>
+&prompt.root; <userinput>ctm -v -v /where/you/store/your/deltas/src-xxx.*</userinput></screen>
+
+ <para><application>CTM</application> understands deltas which have
+ been put through <command>gzip</command>, so you do not need to
+ <command>gunzip</command> them first, this saves disk space.</para>
+
+ <para>Unless it feels very secure about the entire process,
+ <application>CTM</application> will not touch your tree. To
+ verify a delta you can also use the <option>-c</option> flag and
+ <application>CTM</application> will not actually touch your
+ tree; it will merely verify the integrity of the delta and see
+ if it would apply cleanly to your current tree.</para>
+
+ <para>There are other options to <application>CTM</application>
+ as well, see the manual pages or look in the sources for more
+ information.</para>
+
+ <para>That is really all there is to it. Every time you get a new
+ delta, just run it through <application>CTM</application> to
+ keep your sources up to date.</para>
+
+ <para>Do not remove the deltas if they are hard to download again.
+ You just might want to keep them around in case something bad
+ happens. Even if you only have floppy disks, consider using
+ <command>fdwrite</command> to make a copy.</para>
+ </sect2>
+
+ <sect2>
+ <title>Keeping Your Local Changes</title>
+
+ <para>As a developer one would like to experiment with and change
+ files in the source tree. <application>CTM</application>
+ supports local modifications in a limited way: before checking
+ for the presence of a file <filename>foo</filename>, it first
+ looks for <filename>foo.ctm</filename>. If this file exists,
+ <application>CTM</application> will operate on it instead of
+ <filename>foo</filename>.</para>
+
+ <para>This behavior gives us a simple way to maintain local
+ changes: simply copy the files you plan to modify to the
+ corresponding file names with a <filename>.ctm</filename>
+ suffix. Then you can freely hack the code, while <application>CTM</application> keeps the
+ <filename>.ctm</filename> file up-to-date.</para>
+ </sect2>
+
+ <sect2>
+ <title>Other Interesting <application>CTM</application> Options</title>
+
+ <sect3>
+ <title>Finding Out Exactly What Would Be Touched by an
+ Update</title>
+
+ <para>You can determine the list of changes that
+ <application>CTM</application> will make on your source
+ repository using the <option>-l</option> option to
+ <application>CTM</application>.</para>
+
+ <para>This is useful if you would like to keep logs of the
+ changes, pre- or post- process the modified files in any
+ manner, or just are feeling a tad paranoid.</para>
+ </sect3>
+
+ <sect3>
+ <title>Making Backups Before Updating</title>
+
+ <para>Sometimes you may want to backup all the files that would
+ be changed by a <application>CTM</application> update.</para>
+
+ <para>Specifying the <option>-B backup-file</option> option
+ causes <application>CTM</application> to backup all files that
+ would be touched by a given <application>CTM</application>
+ delta to <filename>backup-file</filename>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Restricting the Files Touched by an Update</title>
+
+ <para>Sometimes you would be interested in restricting the scope
+ of a given <application>CTM</application> update, or may be
+ interested in extracting just a few files from a sequence of
+ deltas.</para>
+
+ <para>You can control the list of files that
+ <application>CTM</application> would operate on by specifying
+ filtering regular expressions using the <option>-e</option>
+ and <option>-x</option> options.</para>
+
+ <para>For example, to extract an up-to-date copy of
+ <filename>lib/libc/Makefile</filename> from your collection of
+ saved <application>CTM</application> deltas, run the commands:</para>
+
+ <screen>&prompt.root; <userinput>cd /where/ever/you/want/to/extract/it/</userinput>
+&prompt.root; <userinput>ctm -e '^lib/libc/Makefile' ~ctm/src-xxx.*</userinput></screen>
+
+ <para>For every file specified in a
+ <application>CTM</application> delta, the <option>-e</option>
+ and <option>-x</option> options are applied in the order given
+ on the command line. The file is processed by
+ <application>CTM</application> only if it is marked as
+ eligible after all the <option>-e</option> and
+ <option>-x</option> options are applied to it.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Future Plans for <application>CTM</application></title>
+
+ <para>Tons of them:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Use some kind of authentication into the <application>CTM</application> system, so
+ as to allow detection of spoofed <application>CTM</application> updates.</para>
+ </listitem>
+
+ <listitem>
+ <para>Clean up the options to <application>CTM</application>,
+ they became confusing and counter intuitive.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Miscellaneous Stuff</title>
+
+ <para>There is a sequence of deltas for the
+ <literal>ports</literal> collection too, but interest has not
+ been all that high yet.</para>
+ </sect2>
+
+ <sect2 id="mirrors-ctm">
+ <title>CTM Mirrors</title>
+
+ <para><link linkend="ctm">CTM</link>/FreeBSD is available via anonymous
+ FTP from the following mirror sites. If you choose to obtain <application>CTM</application> via
+ anonymous FTP, please try to use a site near you.</para>
+
+ <para>In case of problems, please contact the &a.ctm-users.name;
+ mailing list.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>California, Bay Area, official source</term>
+
+ <listitem>
+ <itemizedlist>
+ <listitem>
+ <para><ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/development/CTM/"></ulink></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>South Africa, backup server for old deltas</term>
+
+ <listitem>
+ <itemizedlist>
+ <listitem>
+ <para><ulink url="ftp://ftp.za.FreeBSD.org/pub/FreeBSD/CTM/"></ulink></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Taiwan/R.O.C.</term>
+
+ <listitem>
+ <itemizedlist>
+ <listitem>
+ <para><ulink url="ftp://ctm.tw.FreeBSD.org/pub/FreeBSD/development/CTM/"></ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="ftp://ctm2.tw.FreeBSD.org/pub/FreeBSD/development/CTM/"></ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="ftp://ctm3.tw.FreeBSD.org/pub/FreeBSD/development/CTM/"></ulink></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>If you did not find a mirror near to you or the mirror is
+ incomplete, try to use a search engine such as
+ <ulink url="http://www.alltheweb.com/">alltheweb</ulink>.</para>
+ </sect2></sect1>
+
+ <sect1 id="cvsup">
+ <title>Using CVSup</title>
+
+ <sect2 id="cvsup-intro">
+ <title>Introduction</title>
+
+ <para><application>CVSup</application> is a software package for
+ distributing and updating source trees from a master CVS
+ repository on a remote server host. The FreeBSD sources are
+ maintained in a CVS repository on a central development machine
+ in California. With <application>CVSup</application>, FreeBSD
+ users can easily keep their own source trees up to date.</para>
+
+ <para><application>CVSup</application> uses the so-called
+ <emphasis>pull</emphasis> model of updating. Under the pull
+ model, each client asks the server for updates, if and when they
+ are wanted. The server waits passively for update requests from
+ its clients. Thus all updates are instigated by the client.
+ The server never sends unsolicited updates. Users must either
+ run the <application>CVSup</application> client manually to get
+ an update, or they must set up a <command>cron</command> job to
+ run it automatically on a regular basis.</para>
+
+ <para>The term <application>CVSup</application>, capitalized just
+ so, refers to the entire software package. Its main components
+ are the client <command>cvsup</command> which runs on each
+ user's machine, and the server <command>cvsupd</command> which
+ runs at each of the FreeBSD mirror sites.</para>
+
+ <para>As you read the FreeBSD documentation and mailing lists, you
+ may see references to <application>sup</application>.
+ <application>Sup</application> was the predecessor of
+ <application>CVSup</application>, and it served a similar
+ purpose. <application>CVSup</application> is used much in the
+ same way as sup and, in fact, uses configuration files which are
+ backward-compatible with <command>sup</command>'s.
+ <application>Sup</application> is no longer used in the FreeBSD
+ project, because <application>CVSup</application> is both faster
+ and more flexible.</para>
+ </sect2>
+
+ <sect2 id="cvsup-install">
+ <title>Installation</title>
+
+ <para>The easiest way to install <application>CVSup</application>
+ is to use the precompiled <filename role="package">net/cvsup</filename> package
+ from the FreeBSD <link linkend="ports">packages collection</link>.
+ If you prefer to build <application>CVSup</application> from
+ source, you can use the <filename role="package">net/cvsup</filename>
+ port instead. But be forewarned: the
+ <filename role="package">net/cvsup</filename> port depends on the Modula-3
+ system, which takes a substantial amount of time and
+ disk space to download and build.</para>
+
+ <note>
+ <para>If you are going to be using
+ <application>CVSup</application> on a machine which will not have
+ <application>&xfree86;</application> or <application>&xorg;</application> installed, such as a server, be
+ sure to use the port which does not include the
+ <application>CVSup</application> <acronym>GUI</acronym>,
+ <filename role="package">net/cvsup-without-gui</filename>.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="cvsup-config">
+ <title>CVSup Configuration</title>
+
+ <para><application>CVSup</application>'s operation is controlled
+ by a configuration file called the <filename>supfile</filename>.
+ There are some sample <filename>supfiles</filename> in the
+ directory <ulink type="html"
+ url="file://localhost/usr/share/examples/cvsup/"><filename>/usr/share/examples/cvsup/</filename></ulink>.</para>
+
+ <para>The information in a <filename>supfile</filename> answers
+ the following questions for <application>CVSup</application>:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><link linkend="cvsup-config-files">Which files do you
+ want to receive?</link></para>
+ </listitem>
+
+ <listitem>
+ <para><link linkend="cvsup-config-vers">Which versions of them
+ do you want?</link></para>
+ </listitem>
+
+ <listitem>
+ <para><link linkend="cvsup-config-where">Where do you want to
+ get them from?</link></para>
+ </listitem>
+
+ <listitem>
+ <para><link linkend="cvsup-config-dest">Where do you want to
+ put them on your own machine?</link></para>
+ </listitem>
+
+ <listitem>
+ <para><link linkend="cvsup-config-status">Where do you want to
+ put your status files?</link></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>In the following sections, we will construct a typical
+ <filename>supfile</filename> by answering each of these
+ questions in turn. First, we describe the overall structure of
+ a <filename>supfile</filename>.</para>
+
+ <para>A <filename>supfile</filename> is a text file. Comments
+ begin with <literal>#</literal> and extend to the end of the
+ line. Lines that are blank and lines that contain only
+ comments are ignored.</para>
+
+ <para>Each remaining line describes a set of files that the user
+ wishes to receive. The line begins with the name of a
+ <quote>collection</quote>, a logical grouping of files defined by
+ the server. The name of the collection tells the server which
+ files you want. After the collection name come zero or more
+ fields, separated by white space. These fields answer the
+ questions listed above. There are two types of fields: flag
+ fields and value fields. A flag field consists of a keyword
+ standing alone, e.g., <literal>delete</literal> or
+ <literal>compress</literal>. A value field also begins with a
+ keyword, but the keyword is followed without intervening white
+ space by <literal>=</literal> and a second word. For example,
+ <literal>release=cvs</literal> is a value field.</para>
+
+ <para>A <filename>supfile</filename> typically specifies more than
+ one collection to receive. One way to structure a
+ <filename>supfile</filename> is to specify all of the relevant
+ fields explicitly for each collection. However, that tends to
+ make the <filename>supfile</filename> lines quite long, and it
+ is inconvenient because most fields are the same for all of the
+ collections in a <filename>supfile</filename>.
+ <application>CVSup</application> provides a defaulting mechanism
+ to avoid these problems. Lines beginning with the special
+ pseudo-collection name <literal>*default</literal> can be used
+ to set flags and values which will be used as defaults for the
+ subsequent collections in the <filename>supfile</filename>. A
+ default value can be overridden for an individual collection, by
+ specifying a different value with the collection itself.
+ Defaults can also be changed or augmented in mid-supfile by
+ additional <literal>*default</literal> lines.</para>
+
+ <para>With this background, we will now proceed to construct a
+ <filename>supfile</filename> for receiving and updating the main
+ source tree of <link
+ linkend="current">FreeBSD-CURRENT</link>.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><anchor id="cvsup-config-files">Which files do you want
+ to receive?</para>
+
+ <para>The files available via <application>CVSup</application>
+ are organized into named groups called
+ <quote>collections</quote>. The collections that are
+ available are described in the <link
+ linkend="cvsup-collec">following section</link>. In this
+ example, we
+ wish to receive the entire main source tree for the FreeBSD
+ system. There is a single large collection
+ <literal>src-all</literal> which will give us all of that.
+ As a first step toward constructing our
+ <filename>supfile</filename>, we
+ simply list the collections, one per line (in this case,
+ only one line):</para>
+
+ <programlisting>src-all</programlisting>
+ </listitem>
+
+ <listitem>
+ <para><anchor id="cvsup-config-vers">Which version(s) of them
+ do you want?</para>
+
+ <para>With <application>CVSup</application>, you can receive
+ virtually any version of the sources that ever existed.
+ That is possible because the
+ <application>cvsupd</application> server works directly from
+ the CVS repository, which contains all of the versions. You
+ specify which one of them you want using the
+ <literal>tag=</literal> and <option>date=</option> value
+ fields.</para>
+
+ <warning>
+ <para>Be very careful to specify any <literal>tag=</literal>
+ fields correctly. Some tags are valid only for certain
+ collections of files. If you specify an incorrect or
+ misspelled tag, <application>CVSup</application>
+ will delete files which you probably
+ do not want deleted. In particular, use <emphasis>only
+ </emphasis> <literal>tag=.</literal> for the
+ <literal>ports-*</literal> collections.</para>
+ </warning>
+
+ <para>The <literal>tag=</literal> field names a symbolic tag
+ in the repository. There are two kinds of tags, revision
+ tags and branch tags. A revision tag refers to a specific
+ revision. Its meaning stays the same from day to day. A
+ branch tag, on the other hand, refers to the latest revision
+ on a given line of development, at any given time. Because
+ a branch tag does not refer to a specific revision, it may
+ mean something different tomorrow than it means
+ today.</para>
+
+ <para><xref linkend="cvs-tags"> contains branch tags that
+ users might be interested in. When specifying a tag in
+ <application>CVSup</application>'s configuration file, it
+ must be preceded with <literal>tag=</literal>
+ (<literal>RELENG_4</literal> will become
+ <literal>tag=RELENG_4</literal>).
+ Keep in mind that only the <literal>tag=.</literal> is
+ relevant for the Ports Collection.</para>
+
+ <warning>
+ <para>Be very careful to type the tag name exactly as shown.
+ <application>CVSup</application> cannot distinguish
+ between valid and invalid tags. If you misspell the tag,
+ <application>CVSup</application> will behave as though you
+ had specified a valid tag which happens to refer to no
+ files at all. It will delete your existing sources in
+ that case.</para>
+ </warning>
+
+ <para>When you specify a branch tag, you normally receive the
+ latest versions of the files on that line of development.
+ If you wish to receive some past version, you can do so by
+ specifying a date with the <option>date=</option> value
+ field. The &man.cvsup.1; manual page explains how to do
+ that.</para>
+
+ <para>For our example, we wish to receive FreeBSD-CURRENT. We
+ add this line at the beginning of our
+ <filename>supfile</filename>:</para>
+
+ <programlisting>*default tag=.</programlisting>
+
+ <para>There is an important special case that comes into play
+ if you specify neither a <literal>tag=</literal> field nor a
+ <literal>date=</literal> field. In that case, you receive
+ the actual RCS files directly from the server's CVS
+ repository, rather than receiving a particular version.
+ Developers generally prefer this mode of operation. By
+ maintaining a copy of the repository itself on their
+ systems, they gain the ability to browse the revision
+ histories and examine past versions of files. This gain is
+ achieved at a large cost in terms of disk space,
+ however.</para>
+ </listitem>
+
+ <listitem>
+ <para><anchor id="cvsup-config-where">Where do you want to get
+ them from?</para>
+
+ <para>We use the <literal>host=</literal> field to tell
+ <command>cvsup</command> where to obtain its updates. Any
+ of the <link linkend="cvsup-mirrors">CVSup mirror
+ sites</link> will do, though you should try to select one
+ that is close to you in cyberspace. In this example we will
+ use a fictional FreeBSD distribution site,
+ <hostid role="fqdn">cvsup99.FreeBSD.org</hostid>:</para>
+
+ <programlisting>*default host=cvsup99.FreeBSD.org</programlisting>
+
+ <para>You will need to change the host to one that actually
+ exists before running <application>CVSup</application>.
+ On any particular run of
+ <command>cvsup</command>, you can override the host setting
+ on the command line, with <option>-h
+ <replaceable>hostname</replaceable></option>.</para>
+ </listitem>
+
+ <listitem>
+ <para><anchor id="cvsup-config-dest">Where do you want to put
+ them on your own machine?</para>
+
+ <para>The <literal>prefix=</literal> field tells
+ <command>cvsup</command> where to put the files it receives.
+ In this example, we will put the source files directly into
+ our main source tree, <filename>/usr/src</filename>. The
+ <filename>src</filename> directory is already implicit in
+ the collections we have chosen to receive, so this is the
+ correct specification:</para>
+
+ <programlisting>*default prefix=/usr</programlisting>
+ </listitem>
+
+ <listitem>
+ <para><anchor id="cvsup-config-status">Where should
+ <command>cvsup</command> maintain its status files?</para>
+
+ <para>The <application>CVSup</application> client maintains
+ certain status files in what
+ is called the <quote>base</quote> directory. These files
+ help <application>CVSup</application> to work more
+ efficiently, by keeping track of which updates you have
+ already received. We will use the standard base directory,
+ <filename>/var/db</filename>:</para>
+
+ <programlisting>*default base=/var/db</programlisting>
+
+ <para>If your base directory does not already exist, now would
+ be a good time to create it. The <command>cvsup</command>
+ client will refuse to run if the base directory does not
+ exist.</para>
+ </listitem>
+
+ <listitem>
+ <para>Miscellaneous <filename>supfile</filename>
+ settings:</para>
+
+ <para>There is one more line of boiler plate that normally
+ needs to be present in the
+ <filename>supfile</filename>:</para>
+
+ <programlisting>*default release=cvs delete use-rel-suffix compress</programlisting>
+
+ <para><literal>release=cvs</literal> indicates that the server
+ should get its information out of the main FreeBSD CVS
+ repository. This is virtually always the case, but there
+ are other possibilities which are beyond the scope of this
+ discussion.</para>
+
+ <para><literal>delete</literal> gives
+ <application>CVSup</application> permission to delete files.
+ You should always specify this, so that
+ <application>CVSup</application> can keep your source tree
+ fully up-to-date. <application>CVSup</application> is
+ careful to delete only those files for which it is
+ responsible. Any extra files you happen to have will be
+ left strictly alone.</para>
+
+ <para><literal>use-rel-suffix</literal> is ... arcane. If you
+ really want to know about it, see the &man.cvsup.1; manual
+ page. Otherwise, just specify it and do not worry about
+ it.</para>
+
+ <para><literal>compress</literal> enables the use of
+ gzip-style compression on the communication channel. If
+ your network link is T1 speed or faster, you probably should
+ not use compression. Otherwise, it helps
+ substantially.</para>
+ </listitem>
+
+ <listitem>
+ <para>Putting it all together:</para>
+
+ <para>Here is the entire <filename>supfile</filename> for our
+ example:</para>
+
+ <programlisting>*default tag=.
+*default host=cvsup99.FreeBSD.org
+*default prefix=/usr
+*default base=/var/db
+*default release=cvs delete use-rel-suffix compress
+
+src-all</programlisting>
+ </listitem>
+ </itemizedlist>
+ <sect3 id="cvsup-refuse-file">
+ <title>The <filename>refuse</filename> File</title>
+
+ <para>As mentioned above, <application>CVSup</application> uses
+ a <emphasis>pull method</emphasis>. Basically, this means that
+ you connect to the <application>CVSup</application> server, and
+ it says, <quote>Here is what you can download from
+ me...</quote>, and your client responds <quote>OK, I will take
+ this, this, this, and this.</quote> In the default
+ configuration, the <application>CVSup</application> client will
+ take every file associated with the collection and tag you
+ chose in the configuration file. However, this is not always
+ what you want, especially if you are synching the <filename>doc</filename>, <filename>ports</filename>, or
+ <filename>www</filename> trees &mdash; most people cannot read four or five
+ languages, and therefore they do not need to download the
+ language-specific files. If you are
+ <application>CVSup</application>ing the Ports Collection, you
+ can get around this by specifying each collection individually
+ (e.g., <emphasis>ports-astrology</emphasis>,
+ <emphasis>ports-biology</emphasis>, etc instead of simply
+ saying <emphasis>ports-all</emphasis>). However, since the <filename>doc</filename>
+ and <filename>www</filename> trees do not have language-specific collections, you
+ must use one of <application>CVSup</application>'s many nifty
+ features: the <filename>refuse</filename> file.</para>
+
+ <para>The <filename>refuse</filename> file essentially tells
+ <application>CVSup</application> that it should not take every
+ single file from a collection; in other words, it tells the
+ client to <emphasis>refuse</emphasis> certain files from the
+ server. The <filename>refuse</filename> file can be found (or, if you do not yet
+ have one, should be placed) in
+ <filename><replaceable>base</replaceable>/sup/</filename>.
+ <replaceable>base</replaceable> is defined in your <filename>supfile</filename>;
+ our defined <replaceable>base</replaceable> is
+ <filename>/var/db</filename>,
+ which means that by default the <filename>refuse</filename> file is
+ <filename>/var/db/sup/refuse</filename>.</para>
+
+ <para>The <filename>refuse</filename> file has a very simple format; it simply
+ contains the names of files or directories that you do not wish
+ to download. For example, if you cannot speak any languages other
+ than English and some German, and you do not feel the need to read
+ the German translation of documentation, you can put the following in your
+ <filename>refuse</filename> file:</para>
+
+ <screen>doc/bn_*
+doc/da_*
+doc/de_*
+doc/el_*
+doc/es_*
+doc/fr_*
+doc/it_*
+doc/ja_*
+doc/nl_*
+doc/no_*
+doc/pl_*
+doc/pt_*
+doc/ru_*
+doc/sr_*
+doc/tr_*
+doc/zh_*</screen>
+
+ <para>and so forth for the other languages (you can find the
+ full list by browsing the <ulink
+ url="http://www.FreeBSD.org/cgi/cvsweb.cgi/">FreeBSD
+ CVS repository</ulink>).</para>
+
+ <para>With this very useful feature, those users who are on
+ slow links or pay by the minute for their Internet connection
+ will be able to save valuable time as they will no longer need
+ to download files that they will never use. For more
+ information on <filename>refuse</filename> files and other neat
+ features of <application>CVSup</application>, please view its
+ manual page.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Running <application>CVSup</application></title>
+
+ <para>You are now ready to try an update. The command line for
+ doing this is quite simple:</para>
+
+ <screen>&prompt.root; <userinput>cvsup <replaceable>supfile</replaceable></userinput></screen>
+
+ <para>where <filename><replaceable>supfile</replaceable></filename>
+ is of course the name of the <filename>supfile</filename> you have just created.
+ Assuming you are running under X11, <command>cvsup</command>
+ will display a GUI window with some buttons to do the usual
+ things. Press the <guibutton>go</guibutton> button, and watch it
+ run.</para>
+
+ <para>Since you are updating your actual
+ <filename>/usr/src</filename> tree in this example, you will
+ need to run the program as <username>root</username> so that
+ <command>cvsup</command> has the permissions it needs to update
+ your files. Having just created your configuration file, and
+ having never used this program before, that might
+ understandably make you nervous. There is an easy way to do a
+ trial run without touching your precious files. Just create an
+ empty directory somewhere convenient, and name it as an extra
+ argument on the command line:</para>
+
+ <screen>&prompt.root; <userinput>mkdir /var/tmp/dest</userinput>
+&prompt.root; <userinput>cvsup supfile /var/tmp/dest</userinput></screen>
+
+ <para>The directory you specify will be used as the destination
+ directory for all file updates.
+ <application>CVSup</application> will examine your usual files
+ in <filename>/usr/src</filename>, but it will not modify or
+ delete any of them. Any file updates will instead land in
+ <filename>/var/tmp/dest/usr/src</filename>.
+ <application>CVSup</application> will also leave its base
+ directory status files untouched when run this way. The new
+ versions of those files will be written into the specified
+ directory. As long as you have read access to
+ <filename>/usr/src</filename>, you do not even need to be
+ <username>root</username> to perform this kind of trial run.</para>
+
+ <para>If you are not running X11 or if you just do not like GUIs,
+ you should add a couple of options to the command line when you
+ run <command>cvsup</command>:</para>
+
+ <screen>&prompt.root; <userinput>cvsup -g -L 2 <replaceable>supfile</replaceable></userinput></screen>
+
+ <para>The <option>-g</option> tells
+ <application>CVSup</application> not to use its GUI. This is
+ automatic if you are not running X11, but otherwise you have to
+ specify it.</para>
+
+ <para>The <option>-L 2</option> tells
+ <application>CVSup</application> to print out the
+ details of all the file updates it is doing. There are three
+ levels of verbosity, from <option>-L 0</option> to
+ <option>-L 2</option>. The default is 0, which means total
+ silence except for error messages.</para>
+
+ <para>There are plenty of other options available. For a brief
+ list of them, type <command>cvsup -H</command>. For more
+ detailed descriptions, see the manual page.</para>
+
+ <para>Once you are satisfied with the way updates are working, you
+ can arrange for regular runs of <application>CVSup</application>
+ using &man.cron.8;.
+ Obviously, you should not let <application>CVSup</application>
+ use its GUI when running it from &man.cron.8;.</para>
+ </sect2>
+
+ <sect2 id="cvsup-collec">
+ <title><application>CVSup</application> File Collections</title>
+
+ <para>The file collections available via
+ <application>CVSup</application> are organized hierarchically.
+ There are a few large collections, and they are divided into
+ smaller sub-collections. Receiving a large collection is
+ equivalent to receiving each of its sub-collections. The
+ hierarchical relationships among collections are reflected by
+ the use of indentation in the list below.</para>
+
+ <para>The most commonly used collections are
+ <literal>src-all</literal>, and
+ <literal>ports-all</literal>. The other collections are used
+ only by small groups of people for specialized purposes, and
+ some mirror sites may not carry all of them.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>cvs-all release=cvs</literal></term>
+
+ <listitem>
+ <para>The main FreeBSD CVS repository, including the
+ cryptography code.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>distrib release=cvs</literal></term>
+
+ <listitem>
+ <para>Files related to the distribution and mirroring
+ of FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>doc-all release=cvs</literal></term>
+ <listitem>
+ <para>Sources for the FreeBSD Handbook and other
+ documentation. This does not include files for
+ the FreeBSD web site.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-all release=cvs</literal></term>
+
+ <listitem>
+ <para>The FreeBSD Ports Collection.</para>
+
+ <important id="cvsup-collec-pbase-warn">
+ <para>If you do not want to update the whole of
+ <literal>ports-all</literal> (the whole ports tree),
+ but use one of the subcollections listed below,
+ make sure that you <emphasis>always</emphasis> update
+ the <literal>ports-base</literal> subcollection!
+ Whenever something changes in the ports build
+ infrastructure represented by
+ <literal>ports-base</literal>, it is virtually certain
+ that those changes will be used by <quote>real</quote>
+ ports real soon. Thus, if you only update the
+ <quote>real</quote> ports and they use some of the new
+ features, there is a very high chance that their build
+ will fail with some mysterious error message. The
+ <emphasis>very first</emphasis> thing to do in this
+ case is to make sure that your
+ <literal>ports-base</literal> subcollection is up to
+ date.</para>
+ </important>
+
+ <important id="cvsup-collec-index-warn">
+ <para>If you are going to be building your own local
+ copy of <filename>ports/INDEX</filename>, you
+ <emphasis>must</emphasis> accept
+ <literal>ports-all</literal> (the whole ports tree).
+ Building <filename>ports/INDEX</filename> with
+ a partial tree is not supported. See the
+ <ulink url="&url.books.faq;/applications.html#MAKE-INDEX">
+ FAQ</ulink>.</para>
+ </important>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>ports-accessibility
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Software to help disabled users.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-arabic
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Arabic language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-archivers
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Archiving tools.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-astro
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Astronomical ports.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-audio
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Sound support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-base
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>The Ports Collection build infrastructure -
+ various files located in the
+ <filename>Mk/</filename> and
+ <filename>Tools/</filename> subdirectories of
+ <filename>/usr/ports</filename>.</para>
+
+ <note>
+ <para>Please see the <link
+ linkend="cvsup-collec-pbase-warn">important
+ warning above</link>: you should
+ <emphasis>always</emphasis> update this
+ subcollection, whenever you update any part of
+ the FreeBSD Ports Collection!</para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-benchmarks
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Benchmarks.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-biology
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Biology.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-cad
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Computer aided design tools.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-chinese
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Chinese language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-comms
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Communication software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-converters
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>character code converters.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-databases
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Databases.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-deskutils
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Things that used to be on the desktop
+ before computers were invented.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-devel
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Development utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-dns
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>DNS related software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-editors
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Editors.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-emulators
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Emulators for other operating
+ systems.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-finance
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Monetary, financial and related applications.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-ftp
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>FTP client and server utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-games
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Games.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-german
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>German language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-graphics
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Graphics utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-hebrew
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Hebrew language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-hungarian
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Hungarian language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-irc
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Internet Relay Chat utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-japanese
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Japanese language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-java
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>&java; utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-korean
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Korean language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-lang
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Programming languages.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-mail
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Mail software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-math
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Numerical computation software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-mbone
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>MBone applications.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-misc
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Miscellaneous utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-multimedia
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Multimedia software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-net
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Networking software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-net-im
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Instant messaging software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-net-mgmt
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Network management software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-news
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>USENET news software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-palm
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Software support for <trademark class="trade">Palm</trademark>
+ series.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-polish
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Polish language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-portuguese
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Portuguese language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-print
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Printing software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-russian
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Russian language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-science
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Science.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-security
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Security utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-shells
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Command line shells.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-sysutils
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>System utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-textproc
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>text processing utilities (does not
+ include desktop publishing).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-ukrainian
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Ukrainian language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-vietnamese
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Vietnamese language support.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-www
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Software related to the World Wide
+ Web.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Ports to support the X window
+ system.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11-clocks
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>X11 clocks.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11-fm
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>X11 file managers.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11-fonts
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>X11 fonts and font utilities.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11-toolkits
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>X11 toolkits.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11-servers
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>X11 servers.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11-themes
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>X11 themes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ports-x11-wm
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>X11 window managers.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-all release=cvs</literal></term>
+
+ <listitem>
+ <para>The main FreeBSD sources, including the
+ cryptography code.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>src-base
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Miscellaneous files at the top of
+ <filename>/usr/src</filename>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-bin
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>User utilities that may be needed in
+ single-user mode
+ (<filename>/usr/src/bin</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-contrib
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Utilities and libraries from outside the
+ FreeBSD project, used relatively unmodified
+ (<filename>/usr/src/contrib</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-crypto release=cvs</literal></term>
+
+ <listitem>
+ <para>Cryptography utilities and libraries from
+ outside the FreeBSD project, used relatively
+ unmodified
+ (<filename>/usr/src/crypto</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-eBones release=cvs</literal></term>
+
+ <listitem>
+ <para>Kerberos and DES
+ (<filename>/usr/src/eBones</filename>). Not
+ used in current releases of FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-etc
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>System configuration files
+ (<filename>/usr/src/etc</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-games
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Games
+ (<filename>/usr/src/games</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-gnu
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Utilities covered by the GNU Public
+ License (<filename>/usr/src/gnu</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-include
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Header files
+ (<filename>/usr/src/include</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-kerberos5
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Kerberos5 security package
+ (<filename>/usr/src/kerberos5</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-kerberosIV
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>KerberosIV security package
+ (<filename>/usr/src/kerberosIV</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-lib
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Libraries
+ (<filename>/usr/src/lib</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-libexec
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>System programs normally executed by other
+ programs
+ (<filename>/usr/src/libexec</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-release
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Files required to produce a FreeBSD
+ release
+ (<filename>/usr/src/release</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-sbin release=cvs</literal></term>
+
+ <listitem>
+ <para>System utilities for single-user mode
+ (<filename>/usr/src/sbin</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-secure
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Cryptographic libraries and commands
+ (<filename>/usr/src/secure</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-share
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Files that can be shared across multiple
+ systems
+ (<filename>/usr/src/share</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-sys
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>The kernel
+ (<filename>/usr/src/sys</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-sys-crypto
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Kernel cryptography code
+ (<filename>/usr/src/sys/crypto</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-tools
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>Various tools for the maintenance of
+ FreeBSD
+ (<filename>/usr/src/tools</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-usrbin
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>User utilities
+ (<filename>/usr/src/usr.bin</filename>).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>src-usrsbin
+ release=cvs</literal></term>
+
+ <listitem>
+ <para>System utilities
+ (<filename>/usr/src/usr.sbin</filename>).</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>www release=cvs</literal></term>
+
+ <listitem>
+ <para>The sources for the FreeBSD WWW site.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>distrib release=self</literal></term>
+
+ <listitem>
+ <para>The <application>CVSup</application> server's own
+ configuration files. Used by <application>CVSup</application>
+ mirror sites.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>gnats release=current</literal></term>
+
+ <listitem>
+ <para>The GNATS bug-tracking database.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>mail-archive release=current</literal></term>
+
+ <listitem>
+ <para>FreeBSD mailing list archive.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>www release=current</literal></term>
+
+ <listitem>
+ <para>The pre-processed FreeBSD WWW site files (not the
+ source files). Used by WWW mirror sites.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect2>
+
+ <sect2>
+ <title>For More Information</title>
+
+ <para>For the <application>CVSup</application> FAQ and other
+ information about <application>CVSup</application>, see
+ <ulink url="http://www.polstra.com/projects/freeware/CVSup/">The
+ CVSup Home Page</ulink>.</para>
+
+ <para>Most FreeBSD-related discussion of
+ <application>CVSup</application> takes place on the
+ &a.hackers;. New versions of the software are announced there,
+ as well as on the &a.announce;.</para>
+
+ <para>Questions and bug reports should be addressed to the author
+ of the program at <email>cvsup-bugs@polstra.com</email>.</para>
+ </sect2>
+
+ <sect2 id="cvsup-mirrors">
+ <title>CVSup Sites</title>
+
+ <para><link linkend="cvsup">CVSup</link> servers for FreeBSD are running
+ at the following sites:</para>
+
+ &chap.mirrors.cvsup.inc;
+ </sect2>
+ </sect1>
+
+ <sect1 id="portsnap">
+ <title>Using Portsnap</title>
+
+ <sect2 id="portsnap-intro">
+ <title>Introduction</title>
+
+ <para><application>Portsnap</application> is a system for securely
+ distributing the &os; ports tree. Approximately once an hour,
+ a <quote>snapshot</quote> of the ports tree is generated,
+ repackaged, and cryptographically signed. The resulting files
+ are then distributed via HTTP.</para>
+
+ <para>Like <application>CVSup</application>,
+ <application>Portsnap</application> uses a
+ <emphasis>pull</emphasis> model of updating: The packaged and
+ signed ports trees are placed on a web server which waits
+ passively for clients to request files. Users must either run
+ &man.portsnap.8; manually to download updates
+ or set up a &man.cron.8; job to download updates
+ automatically on a regular basis.</para>
+
+ <para>For technical reasons, <application>Portsnap</application>
+ does not update the <quote>live</quote> ports tree in
+ <filename>/usr/ports/</filename> directly; instead, it works
+ via a compressed copy of the ports tree stored in
+ <filename>/var/db/portsnap/</filename> by default. This
+ compressed copy is then used to update the live ports tree.</para>
+
+ <note>
+ <para>If <application>Portsnap</application> is installed from
+ the &os; Ports Collection, then the default location for its
+ compressed snapshot will be <filename>/usr/local/portsnap/</filename>
+ instead of <filename>/var/db/portsnap/</filename>.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="portsnap-install">
+ <title>Installation</title>
+
+ <para>On &os; 6.0 and more recent versions,
+ <application>Portsnap</application> is contained in the &os;
+ base system. On older versions of &os;, it can be installed
+ using the <filename role="package">sysutils/portsnap</filename>
+ port.</para>
+ </sect2>
+
+ <sect2 id="portsnap-config">
+ <title>Portsnap Configuration</title>
+
+ <para><application>Portsnap</application>'s operation is controlled
+ by the <filename>/etc/portsnap.conf</filename> configuration
+ file. For most users, the default configuration file will
+ suffice; for more details, consult the &man.portsnap.conf.5;
+ manual page.</para>
+
+ <note>
+ <para>If <application>Portsnap</application> is installed from
+ the &os; Ports Collection, it will use the configuration file
+ <filename>/usr/local/etc/portsnap.conf</filename> instead of
+ <filename>/etc/portsnap.conf</filename>. This configuration
+ file is not created when the port is installed, but a sample
+ configuration file is distributed; to copy it into place, run
+ the following command:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/local/etc && cp portsnap.conf.sample portsnap.conf</userinput></screen>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Running <application>Portsnap</application> for the First
+ Time</title>
+
+ <para>The first time &man.portsnap.8; is run,
+ it will need to download a compressed snapshot of the entire
+ ports tree into <filename>/var/db/portsnap/</filename> (or
+ <filename>/usr/local/portsnap/</filename> if
+ <application>Portsnap</application> was installed from the
+ Ports Collection). This is approximately a 36&nbsp;MB
+ download.</para>
+
+ <screen>&prompt.root; <userinput>portsnap fetch</userinput></screen>
+
+ <para>Once the compressed snapshot has been downloaded, a
+ <quote>live</quote> copy of the ports tree can be extracted into
+ <filename>/usr/ports/</filename>. This is necessary even if a
+ ports tree has already been created in that directory (e.g., by
+ using <application>CVSup</application>), since it establishes a
+ baseline from which <command>portsnap</command> can
+ determine which parts of the ports tree need to be updated
+ later.</para>
+
+ <note>
+ <para>In the default installation
+ <filename role="directory">/usr/ports</filename> is not
+ created. It should be created before
+ <application>portsnap</application> is used.</para>
+
+ <screen>&prompt.root; <userinput>mkdir /usr/ports</userinput></screen>
+ </note>
+
+ <screen>&prompt.root; <userinput>portsnap extract</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Updating the Ports Tree</title>
+
+ <para>After an initial compressed snapshot of the ports tree has
+ been downloaded and extracted into <filename>/usr/ports/</filename>,
+ updating the ports tree consists of two steps:
+ <emphasis>fetch</emphasis>ing updates to the compressed
+ snapshot, and using them to <emphasis>update</emphasis> the
+ live ports tree. These two steps can be specified to
+ <command>portsnap</command> as a single command:</para>
+
+ <screen>&prompt.root; <userinput>portsnap fetch update</userinput></screen>
+
+ <note>
+ <para>Some older versions of <command>portsnap</command>
+ do not support this syntax; if it fails, try instead the
+ following:</para>
+
+ <screen>&prompt.root; <userinput>portsnap fetch</userinput>
+&prompt.root; <userinput>portsnap update</userinput></screen>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Running Portsnap from cron</title>
+
+ <para>In order to avoid problems with <quote>flash crowds</quote>
+ accessing the <application>Portsnap</application> servers,
+ <command>portsnap fetch</command> will not run from
+ a &man.cron.8; job. Instead, a special
+ <command>portsnap cron</command> command exists, which
+ waits for a random duration up to 3600 seconds before fetching
+ updates.</para>
+
+ <para>In addition, it is strongly recommended that
+ <command>portsnap update</command> not be run from a
+ <command>cron</command> job, since it is liable to cause
+ major problems if it happens to run at the same time as a port
+ is being built or installed. However, it is safe to update
+ the ports INDEX files, and this can be done by passing the
+ <option>-I</option> flag to
+ <command>portsnap</command>. (Obviously, if
+ <command>portsnap -I update</command> is run from
+ <command>cron</command>, then it will be necessary to run
+ <command>portsnap update</command> without the <option>-I</option>
+ flag at a later time in order to update the rest of the tree.)</para>
+
+ <para>Adding the following line to <filename>/etc/crontab</filename>
+ will cause <command>portsnap</command> to update its
+ compressed snapshot and the INDEX files in
+ <filename>/usr/ports/</filename>, and will send an email if any
+ installed ports are out of date:</para>
+
+ <programlisting>0 3 * * * root portsnap -I cron update && pkg_version -vIL=</programlisting>
+
+ <note>
+ <para>If the system clock is not set to the local time zone,
+ please replace <literal>3</literal> with a random
+ value between 0 and 23, in order to spread the load on the
+ <application>Portsnap</application> servers more evenly.</para>
+ </note>
+ <note>
+ <para>Some older versions of <command>portsnap</command>
+ do not support listing multiple commands (e.g., <literal>cron update</literal>)
+ in the same invocation of <command>portsnap</command>. If
+ the line above fails, try replacing
+ <command>portsnap -I cron update</command> with
+ <command>portsnap cron && portsnap -I update</command>.</para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="cvs-tags">
+ <title>CVS Tags</title>
+
+ <para>When obtaining or updating sources using
+ <application>cvs</application> or
+ <application>CVSup</application>, a revision tag must be specified.
+ A revision tag refers to either a particular line of &os;
+ development, or a specific point in time. The first type are called
+ <quote>branch tags</quote>, and the second type are called
+ <quote>release tags</quote>.</para>
+
+ <sect2>
+ <title>Branch Tags</title>
+
+ <para>All of these, with the exception of <literal>HEAD</literal> (which
+ is always a valid tag), only apply to the <filename>src/</filename>
+ tree. The <filename>ports/</filename>, <filename>doc/</filename>, and
+ <filename>www/</filename> trees are not branched.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>HEAD</term>
+
+ <listitem>
+ <para>Symbolic name for the main line, or FreeBSD-CURRENT.
+ Also the default when no revision is specified.</para>
+
+ <para>In <application>CVSup</application>, this tag is represented
+ by a <literal>.</literal> (not punctuation, but a literal
+ <literal>.</literal> character).</para>
+
+ <note>
+ <para>In CVS, this is the default when no revision tag is
+ specified. It is usually <emphasis>not</emphasis>
+ a good idea to checkout or update to CURRENT sources
+ on a STABLE machine, unless that is your intent.</para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_6</term>
+
+ <listitem>
+ <para>The line of development for FreeBSD-6.X, also known
+ as FreeBSD 6-STABLE</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_6_0</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-6.0, used only for
+ security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5</term>
+
+ <listitem>
+ <para>The line of development for FreeBSD-5.X, also known
+ as FreeBSD 5-STABLE.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_4</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-5.4, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_3</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-5.3, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_2</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-5.2 and FreeBSD-5.2.1, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_1</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-5.1, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_0</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-5.0, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4</term>
+
+ <listitem>
+ <para>The line of development for FreeBSD-4.X, also known
+ as FreeBSD 4-STABLE.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_11</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.11, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_10</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.10, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_9</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.9, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_8</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.8, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_7</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.7, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_6</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.6 and FreeBSD-4.6.2,
+ used only for security advisories and other
+ critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_5</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.5, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_4</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.4, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_3</term>
+
+ <listitem>
+ <para>The release branch for FreeBSD-4.3, used only
+ for security advisories and other critical fixes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_3</term>
+
+ <listitem>
+ <para>The line of development for FreeBSD-3.X, also known
+ as 3.X-STABLE.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2</term>
+
+ <listitem>
+ <para>The line of development for FreeBSD-2.2.X, also known
+ as 2.2-STABLE. This branch is mostly obsolete.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect2>
+
+ <sect2>
+ <title>Release Tags</title>
+
+ <para>These tags refer to a specific point in time when a particular
+ version of &os; was released. The release engineering process is
+ documented in more detail by the
+ <ulink url="&url.base;/releng/">Release Engineering
+ Information</ulink> and
+ <ulink url="&url.articles.releng;/release-proc.html">Release
+ Process</ulink> documents.
+ The <filename class="directory">src</filename> tree uses tag names that
+ start with <literal>RELENG_</literal> tags.
+ The <filename class="directory">ports</filename> and
+ <filename class="directory">doc</filename> trees use tags whose names
+ begin with <literal>RELEASE</literal> tags.
+ Finally, the <filename class="directory">www</filename> tree is not
+ tagged with any special name for releases.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>RELENG_5_4_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 5.4</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_11_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.11</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_3_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 5.3</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_10_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.10</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_2_1_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 5.2.1</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_2_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 5.2</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_9_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.9</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_1_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 5.1</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_8_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.8</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_5_0_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 5.0</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_7_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.7</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_6_2_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.6.2</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_6_1_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.6.1</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_6_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.6</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_5_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.5</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_4_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.4</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_3_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.3</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_2_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.2</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_1_1_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.1.1</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_1_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.1</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_4_0_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD 4.0</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_3_5_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-3.5</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_3_4_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-3.4</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_3_3_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-3.3</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_3_2_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-3.2</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_3_1_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-3.1</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_3_0_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-3.0</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2_8_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-2.2.8</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2_7_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-2.2.7</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2_6_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-2.2.6</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2_5_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-2.2.5</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2_2_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-2.2.2</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2_1_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-2.2.1</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RELENG_2_2_0_RELEASE</term>
+
+ <listitem>
+ <para>FreeBSD-2.2.0</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="mirrors-afs">
+ <title>AFS Sites</title>
+
+ <para>AFS servers for FreeBSD are running at the following sites:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Sweden</term>
+
+ <listitem>
+ <para>The path to the files are:
+ <filename>/afs/stacken.kth.se/ftp/pub/FreeBSD/</filename></para>
+
+ <programlisting>stacken.kth.se # Stacken Computer Club, KTH, Sweden
+130.237.234.43 #hot.stacken.kth.se
+130.237.237.230 #fishburger.stacken.kth.se
+130.237.234.3 #milko.stacken.kth.se</programlisting>
+
+ <para>Maintainer <email>ftp@stacken.kth.se</email></para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect1>
+
+ <sect1 id="mirrors-rsync">
+ <title>rsync Sites</title>
+
+ <para>The following sites make FreeBSD available through the rsync
+ protocol. The <application>rsync</application> utility works in
+ much the same way as the &man.rcp.1; command,
+ but has more options and uses the rsync remote-update protocol
+ which transfers only the differences between two sets of files,
+ thus greatly speeding up the synchronization over the network.
+ This is most useful if you are a mirror site for the
+ FreeBSD FTP server, or the CVS repository. The
+ <application>rsync</application> suite is available for many
+ operating systems, on FreeBSD, see the
+ <filename role="package">net/rsync</filename>
+ port or use the package.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Czech Republic</term>
+
+ <listitem>
+ <para>rsync://ftp.cz.FreeBSD.org/</para>
+
+ <para>Available collections:</para>
+ <itemizedlist>
+ <listitem><para>ftp: A partial mirror of the FreeBSD FTP
+ server.</para></listitem>
+ <listitem><para>FreeBSD: A full mirror of the FreeBSD FTP
+ server.</para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Germany</term>
+
+ <listitem>
+ <para>rsync://grappa.unix-ag.uni-kl.de/</para>
+
+ <para>Available collections:</para>
+ <itemizedlist>
+ <listitem><para>freebsd-cvs: The full FreeBSD CVS
+ repository.</para></listitem>
+ </itemizedlist>
+ <para>This machine also mirrors the CVS repositories of the
+ NetBSD and the OpenBSD projects, among others.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Netherlands</term>
+
+ <listitem>
+ <para>rsync://ftp.nl.FreeBSD.org/</para>
+
+ <para>Available collections:</para>
+ <itemizedlist>
+ <listitem><para>vol/4/freebsd-core: A full mirror of the
+ FreeBSD FTP server.</para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>United Kingdom</term>
+
+ <listitem>
+ <para>rsync://rsync.mirror.ac.uk/</para>
+
+ <para>Available collections:</para>
+ <itemizedlist>
+ <listitem><para>ftp.FreeBSD.org: A full mirror of the
+ FreeBSD FTP server.</para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>United States of America</term>
+
+ <listitem>
+ <para>rsync://ftp-master.FreeBSD.org/</para>
+
+ <para>This server may only be used by FreeBSD primary mirror
+ sites.</para>
+ <para>Available collections:</para>
+ <itemizedlist>
+ <listitem><para>FreeBSD: The master archive of the FreeBSD
+ FTP server.</para></listitem>
+ <listitem><para>acl: The FreeBSD master ACL
+ list.</para></listitem>
+ </itemizedlist>
+
+ <para>rsync://ftp13.FreeBSD.org/</para>
+
+ <para>Available collections:</para>
+ <itemizedlist>
+ <listitem><para>FreeBSD: A full mirror of the FreeBSD FTP
+ server.</para></listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect1>
+</appendix>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../appendix.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "appendix")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/handbook/multimedia/Makefile b/zh_TW.Big5/books/handbook/multimedia/Makefile
new file mode 100644
index 0000000000..f90e1cd2b0
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/multimedia/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= multimedia/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/multimedia/chapter.sgml b/zh_TW.Big5/books/handbook/multimedia/chapter.sgml
new file mode 100644
index 0000000000..c7e9e90a67
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/multimedia/chapter.sgml
@@ -0,0 +1,1865 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="multimedia">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Ross</firstname>
+ <surname>Lippert</surname>
+ <contrib>Edited by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Multimedia</title>
+ <sect1 id="multimedia-synopsis">
+ <title>Synopsis</title>
+
+ <para>FreeBSD supports a wide variety of sound cards, allowing you
+ to enjoy high fidelity output from your computer. This includes
+ the ability to record and playback audio in the MPEG Audio Layer
+ 3 (MP3), WAV, and Ogg Vorbis formats as well as many other
+ formats. The FreeBSD Ports Collection also contains
+ applications allowing you to edit your recorded audio, add sound
+ effects, and control attached MIDI devices.</para>
+
+ <para>With some willingness to experiment, FreeBSD can support
+ playback of video files and DVD's. The number of applications
+ to encode, convert, and playback various video media is more
+ limited than the number of sound applications. For example as
+ of this writing, there is no good re-encoding application in the
+ FreeBSD Ports Collection, which could be use to convert
+ between formats, as there is with <filename
+ role="package">audio/sox</filename>. However, the software
+ landscape in this area is changing rapidly.</para>
+
+ <para>This chapter will describe the necessary steps to configure
+ your sound card. The configuration and installation of X11
+ (<xref linkend="x11">) has already taken care of the
+ hardware issues for your video card, though there may be some
+ tweaks to apply for better playback.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to configure your system so that your sound card is
+ recognized.</para>
+ </listitem>
+
+ <listitem>
+ <para>Methods to test that your card is working using
+ sample applications.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to troubleshoot your sound setup.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to playback and encode MP3s and other audio.</para>
+ </listitem>
+
+ <listitem>
+ <para>How video is supported by the X server.</para>
+ </listitem>
+
+ <listitem>
+ <para>Some video player/encoder ports which give good results.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to playback DVD's, <filename>.mpg</filename> and
+ <filename>.avi</filename> files.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to rip CD and DVD information into files.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure a TV card.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure an image scanner.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem><para>Know how to configure and install a new kernel (<xref
+ linkend="kernelconfig">).</para></listitem>
+ </itemizedlist>
+
+ <warning>
+ <para>Trying to mount audio CDs
+ with the &man.mount.8; command will
+ result in an error, at least, and a <emphasis>kernel
+ panic</emphasis>, at worst. These media have specialized
+ encodings which differ from the usual ISO-filesystem.</para>
+ </warning>
+
+ </sect1>
+
+ <sect1 id="sound-setup">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Moses</firstname>
+ <surname>Moore</surname>
+ <contrib>Contributed by </contrib>
+ <!-- 20 November 2000 -->
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Enhanced for &os;&nbsp;5.X by </contrib>
+ <!-- 13 September 2004 -->
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Setting Up the Sound Card</title>
+
+ <sect2 id="sound-device">
+ <title>Configuring the System</title>
+
+ <indexterm><primary>PCI</primary></indexterm>
+ <indexterm><primary>ISA</primary></indexterm>
+ <indexterm><primary>sound cards</primary></indexterm>
+ <para>Before you begin, you should know the model of the card you
+ have, the chip it uses, and whether it is a PCI or ISA card.
+ FreeBSD supports a wide variety of both PCI and ISA cards.
+ Check the supported audio devices list of the <ulink
+ url="&rel.current.hardware;">Hardware Notes</ulink> to see if
+ your card is supported. This document will also mention which
+ driver supports your card.</para>
+
+ <indexterm>
+ <primary>kernel</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+
+ <para>To use your sound device, you will need to load the proper
+ device driver. This may be accomplished in one of two ways.
+ The easiest way is to simply load a kernel module for your sound
+ card with &man.kldload.8; which can either be done from the
+ command line:</para>
+
+ <screen>&prompt.root; <userinput>kldload snd_emu10k1</userinput></screen>
+
+ <para>or by adding the appropriate line to the file
+ <filename>/boot/loader.conf</filename> like this:</para>
+
+ <programlisting>snd_emu10k1_load="YES"</programlisting>
+
+ <para>These examples are for a Creative &soundblaster; Live! sound
+ card. Other available loadable sound modules are listed in
+ <filename>/boot/defaults/loader.conf</filename>.
+ If you are not sure which driver to use, you may try to load
+ the <filename>snd_driver</filename> module:</para>
+
+ <screen>&prompt.root; <userinput>kldload snd_driver</userinput></screen>
+
+ <para>This is a metadriver loading the most common device drivers
+ at once. This speeds up the search for the correct driver. It
+ is also possible to load all sound drivers via the
+ <filename>/boot/loader.conf</filename> facility.</para>
+
+ <para>If you wish to find out the driver selected for your
+ soundcard after loading the <filename>snd_driver</filename>
+ metadriver, you may check the <filename>/dev/sndstat</filename>
+ file with the <command>cat /dev/sndstat</command>
+ command.</para>
+
+ <note>
+ <para>Under &os;&nbsp;4.X, to load all sound drivers, you have
+ to load the <filename>snd</filename> module instead of
+ <filename>snd_driver</filename>.</para>
+ </note>
+
+ <para>A second method is to statically
+ compile in support for your sound card in your kernel. The
+ section below provides the information you need to add support
+ for your hardware in this manner. For more information about
+ recompiling your kernel, please see <xref
+ linkend="kernelconfig">.</para>
+
+ <sect3>
+ <title>Configuring a Custom Kernel with Sound Support</title>
+
+ <para>The first thing to do is adding the generic audio driver
+ &man.sound.4; to the kernel, for that you will need to
+ add the following line to the kernel configuration file:</para>
+
+ <programlisting>device sound</programlisting>
+
+ <para>Under &os;&nbsp;4.X, you would use the following
+ line:</para>
+
+ <programlisting>device pcm</programlisting>
+
+ <para>Then we have to add the support for our sound card.
+ Therefore, we need to know which driver supports the card.
+ Check the supported audio devices list of the <ulink
+ url="&rel.current.hardware;">Hardware Notes</ulink>, to
+ determine the correct driver for your sound card. For
+ example, a Creative &soundblaster; Live! sound card is
+ supported by the &man.snd.emu10k1.4; driver. To add the support
+ for this card, use the following:</para>
+
+ <programlisting>device "snd_emu10k1"</programlisting>
+
+ <para>Be sure to read the manual page of the driver for the
+ syntax to use. Information regarding the syntax of sound
+ drivers in the kernel configuration can also be found in the
+ <filename>/usr/src/sys/conf/NOTES</filename> file
+ (<filename>/usr/src/sys/i386/conf/LINT</filename> for
+ &os;&nbsp;4.X).</para>
+
+ <para>Non-PnP ISA cards may require you to provide the kernel
+ with information on the sound card settings (IRQ, I/O port,
+ etc). This is done via the
+ <filename>/boot/device.hints</filename> file. At system boot,
+ the &man.loader.8; will read this file and pass the settings
+ to the kernel. For example, an old
+ Creative &soundblaster; 16 ISA non-PnP card will use the
+ &man.snd.sbc.4; driver in conjunction with snd_sb16(4). For this card the following lines have to be added to
+ the kernel configuration file:</para>
+
+ <programlisting>device snd_sbc
+device snd_sb16</programlisting>
+
+ <para>as well as the following in
+ <filename>/boot/device.hints</filename>:</para>
+
+ <programlisting>hint.sbc.0.at="isa"
+hint.sbc.0.port="0x220"
+hint.sbc.0.irq="5"
+hint.sbc.0.drq="1"
+hint.sbc.0.flags="0x15"</programlisting>
+
+ <para>In this case, the card uses the <literal>0x220</literal>
+ I/O port and the IRQ <literal>5</literal>.</para>
+
+ <para>The syntax used in the
+ <filename>/boot/device.hints</filename> file is covered in the
+ sound driver manual page. On &os;&nbsp;4.X, these settings
+ are directly written in the kernel configuration file. In the
+ case of our ISA card, we would only use this line:</para>
+
+ <programlisting>device sbc0 at isa? port 0x220 irq 5 drq 1 flags 0x15</programlisting>
+
+ <para>The settings shown above are the defaults. In some
+ cases, you may need to change the IRQ or the other settings to
+ match your card. See the &man.snd.sbc.4; manual page for more
+ information.</para>
+
+ <note>
+ <para>Under &os;&nbsp;4.X, some systems with built-in
+ motherboard sound devices may require the following option in
+ the kernel configuration:</para>
+
+ <programlisting>options PNPBIOS</programlisting>
+ </note>
+ </sect3>
+ </sect2>
+
+ <sect2 id="sound-testing">
+ <title>Testing the Sound Card</title>
+
+ <para>After rebooting with the modified kernel, or after loading
+ the required module, the sound card should appear in your system
+ message buffer (&man.dmesg.8;) as something like:</para>
+
+ <screen>pcm0: &lt;Intel ICH3 (82801CA)&gt; port 0xdc80-0xdcbf,0xd800-0xd8ff irq 5 at device 31.5 on pci0
+pcm0: [GIANT-LOCKED]
+pcm0: &lt;Cirrus Logic CS4205 AC97 Codec&gt;</screen>
+
+ <para>The status of the sound card may be checked via the
+ <filename>/dev/sndstat</filename> file:</para>
+
+ <screen>&prompt.root; <userinput>cat /dev/sndstat</userinput>
+FreeBSD Audio Driver (newpcm)
+Installed devices:
+pcm0: &lt;Intel ICH3 (82801CA)&gt; at io 0xd800, 0xdc80 irq 5 bufsz 16384
+kld snd_ich (1p/2r/0v channels duplex default)</screen>
+
+ <para>The output from your system may vary. If no
+ <devicename>pcm</devicename> devices show up, go back and review
+ what was done earlier. Go through your kernel
+ configuration file again and make sure the correct
+ device is chosen. Common problems are listed in <xref
+ linkend="troubleshooting">.</para>
+
+ <para>If all goes well, you should now have a functioning sound
+ card. If your CD-ROM or DVD-ROM drive is properly coupled to
+ your sound card, you can put a CD in the drive and play it
+ with &man.cdcontrol.1;:</para>
+
+ <screen>&prompt.user; <userinput>cdcontrol -f /dev/acd0 play 1</userinput></screen>
+
+ <para>Various applications, such as <filename
+ role="package">audio/workman</filename> can provide a friendlier
+ interface. You may want to install an application such as
+ <filename role="package">audio/mpg123</filename> to listen to
+ MP3 audio files. A quick way to test the card is sending data
+ to the <filename>/dev/dsp</filename>, like this:</para>
+
+ <screen>&prompt.user; <userinput>cat <replaceable>filename</replaceable> &gt; /dev/dsp</userinput></screen>
+
+ <para>where <replaceable>filename</replaceable> can be any file.
+ This command line should produce some noise, confirming the
+ sound card is actually working.</para>
+
+ <note>
+ <para>&os;&nbsp;4.X users need to create the sound card device
+ nodes before being able to use it. If the card showed up in
+ message buffer as <devicename>pcm0</devicename>, you will have
+ to run the following as <username>root</username>:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>sh MAKEDEV snd0</userinput></screen>
+
+ <para>If the card detection returned <devicename>pcm1</devicename>,
+ follow the same steps as shown above, replacing
+ <devicename>snd0</devicename> with
+ <devicename>snd1</devicename>.</para>
+
+ <para><command>MAKEDEV</command> will create a group of device
+ nodes that will be used by the different sound related
+ applications.</para>
+ </note>
+
+ <para>Sound card mixer levels can be changed via the &man.mixer.8;
+ command. More details can be found in the &man.mixer.8; manual
+ page.</para>
+
+ <sect3 id="troubleshooting">
+ <title>Common Problems</title>
+
+ <indexterm><primary>device nodes</primary></indexterm>
+ <indexterm><primary>I/O port</primary></indexterm>
+ <indexterm><primary>IRQ</primary></indexterm>
+ <indexterm><primary>DSP</primary></indexterm>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Error</entry>
+ <entry>Solution</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><errorname>unsupported subdevice XX</errorname></entry>
+ <entry><para>One or more of the device nodes was not created
+ correctly. Repeat the steps above.</para></entry>
+ </row>
+
+ <row>
+ <entry><errorname>sb_dspwr(XX) timed out</errorname></entry>
+ <entry><para>The I/O port is not set correctly.</para></entry>
+ </row>
+
+ <row>
+ <entry><errorname>bad irq XX</errorname></entry>
+ <entry><para>The IRQ is set incorrectly. Make sure that
+ the set IRQ and the sound IRQ are the same.</para></entry>
+ </row>
+
+ <row>
+ <entry><errorname>xxx: gus pcm not attached, out of memory</errorname></entry>
+ <entry><para>There is not enough available memory to use
+ the device.</para></entry>
+ </row>
+
+ <row>
+ <entry><errorname>xxx: can't open /dev/dsp!</errorname></entry>
+ <entry><para>Check with <command>fstat | grep dsp</command>
+ if another application is holding the device open.
+ Noteworthy troublemakers are <application>esound</application> and <application>KDE</application>'s sound
+ support.</para></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect3>
+ </sect2>
+
+ <sect2 id="sound-multiple-sources">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Munish</firstname>
+ <surname>Chopra</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>Utilizing Multiple Sound Sources</title>
+
+ <para>It is often desirable to have multiple sources of sound that
+ are able to play simultaneously, such as when
+ <application>esound</application> or
+ <application>artsd</application> do not support sharing of the
+ sound device with a certain application.</para>
+
+ <para>FreeBSD lets you do this through <emphasis>Virtual Sound
+ Channels</emphasis>, which can be set with the &man.sysctl.8;
+ facility. Virtual channels allow you to multiplex your sound
+ card's playback channels by mixing sound in the kernel.</para>
+
+ <para>To set the number of virtual channels, there are two sysctl
+ knobs which, if you are the <username>root</username> user, can
+ be set like this:</para>
+ <screen>&prompt.root; <userinput>sysctl hw.snd.pcm0.vchans=4</userinput>
+&prompt.root; <userinput>sysctl hw.snd.maxautovchans=4</userinput></screen>
+
+ <para>The above example allocates four virtual channels, which is a
+ practical number for everyday use. <varname>hw.snd.pcm0.vchans</varname>
+ is the number of virtual channels <devicename>pcm0</devicename> has, and is configurable
+ once a device has been attached.
+ <literal>hw.snd.maxautovchans</literal> is the number of virtual channels
+ a new audio device is given when it is attached using
+ &man.kldload.8;. Since the <devicename>pcm</devicename> module
+ can be loaded independently of the hardware drivers,
+ <varname>hw.snd.maxautovchans</varname> can store how many
+ virtual channels any devices which are attached later will be
+ given.</para>
+
+ <note>
+ <para>You cannot change the number of virtual channels for a
+ device while it is in use. First close any programs using the
+ device, such as music players or sound daemons.</para>
+ </note>
+
+ <para>If you are not using &man.devfs.5;, you will have to point
+ your applications at
+ <filename>/dev/dsp0</filename>.<replaceable>x</replaceable>,
+ where <replaceable>x</replaceable> is 0 to 3 if
+ <varname>hw.snd.pcm.0.vchans</varname> is set to 4 as in the
+ above example. On a system using &man.devfs.5;, the above will
+ automatically be allocated transparently to the user.</para>
+ </sect2>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Josef</firstname>
+ <surname>El-Rayes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Setting Default Values for Mixer Channels</title>
+
+ <para>The default values for the different mixer channels are
+ hardcoded in the sourcecode of the &man.pcm.4; driver. There are
+ a lot of different applications and daemons that allow
+ you to set values for the mixer they remember and set
+ each time they are started, but this is not a clean
+ solution, we want to have default values at the driver
+ level. This is accomplished by defining the appropriate
+ values in <filename>/boot/device.hints</filename>. E.g.:</para>
+<programlisting>hint.pcm.0.vol="100"</programlisting>
+
+ <para>This will set the volume channel to a default value of
+ 100, as soon as the &man.pcm.4; module gets loaded.</para>
+
+ <note>
+ <para>This is only supported in &os; 5.3-RELEASE and later.</para>
+ </note>
+ </sect2>
+</sect1>
+
+ <sect1 id="sound-mp3">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 11 Sept 2001 -->
+ </sect1info>
+
+ <title>MP3 Audio</title>
+
+ <para>MP3 (MPEG Layer 3 Audio) accomplishes near CD-quality sound,
+ leaving no reason to let your FreeBSD workstation fall short of
+ its offerings.</para>
+
+ <sect2 id="mp3-players">
+ <title>MP3 Players</title>
+
+ <para>By far, the most popular X11 MP3 player is
+ <application>XMMS</application> (X Multimedia System).
+ <application>Winamp</application>
+ skins can be used with <application>XMMS</application> since the
+ GUI is almost identical to that of Nullsoft's
+ <application>Winamp</application>.
+ <application>XMMS</application> also has native plug-in
+ support.</para>
+
+ <para><application>XMMS</application> can be installed from the
+ <filename role="package">multimedia/xmms</filename> port or package.</para>
+
+ <para><application>XMMS'</application> interface is intuitive,
+ with a playlist, graphic equalizer, and more. Those familiar
+ with <application>Winamp</application> will find
+ <application>XMMS</application> simple to use.</para>
+
+ <para>The <filename role="package">audio/mpg123</filename> port is an alternative,
+ command-line MP3 player.</para>
+
+ <para><application>mpg123</application> can be run by specifying
+ the sound device and the MP3 file on the command line, as
+ shown below:</para>
+
+ <screen>&prompt.root; <userinput>mpg123 -a <replaceable>/dev/dsp1.0</replaceable> Foobar-GreatestHits.mp3</userinput>
+High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
+Version 0.59r (1999/Jun/15). Written and copyrights by Michael Hipp.
+Uses code from various people. See 'README' for more!
+THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
+
+
+
+
+
+Playing MPEG stream from Foobar-GreatestHits.mp3 ...
+MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo
+</screen>
+
+ <para><literal>/dev/dsp1.0</literal> should be replaced with the
+ <devicename>dsp</devicename> device entry on your system.</para>
+
+ </sect2>
+
+ <sect2 id="rip-cd">
+ <title>Ripping CD Audio Tracks</title>
+
+ <para>Before encoding a CD or CD track to MP3, the audio data on
+ the CD must be ripped onto the hard drive. This is done by
+ copying the raw CDDA (CD Digital Audio) data to WAV
+ files.</para>
+
+ <para>The <command>cdda2wav</command> tool, which is a part of
+ the <filename role="package">sysutils/cdrtools</filename>
+ suite, is used for ripping audio information from CDs and the
+ information associated with them.</para>
+
+ <para>With the audio CD in the drive, the following command can
+ be issued (as <username>root</username>) to rip an entire CD
+ into individual (per track) WAV files:</para>
+
+ <screen>&prompt.root; <userinput>cdda2wav -D <replaceable>0,1,0</replaceable> -B</userinput></screen>
+
+ <para><application>cdda2wav</application> will support
+ ATAPI (IDE) CDROM drives. To rip from an IDE drive, specify
+ the device name in place of the SCSI unit numbers. For
+ example, to rip track 7 from an IDE drive:</para>
+
+ <screen>&prompt.root; <userinput>cdda2wav -D <replaceable>/dev/acd0a</replaceable> -t 7</userinput></screen>
+
+ <para>The <option>-D <replaceable>0,1,0</replaceable></option>
+ indicates the SCSI device <devicename>0,1,0</devicename>,
+ which corresponds to the output of <command>cdrecord
+ -scanbus</command>.</para>
+
+ <para>To rip individual tracks, make use of the
+ <option>-t</option> option as shown:</para>
+
+ <screen>&prompt.root; <userinput>cdda2wav -D <replaceable>0,1,0</replaceable> -t 7</userinput></screen>
+
+ <para>This example rips track seven of the audio CDROM. To rip
+ a range of tracks, for example, track one to seven, specify a
+ range:</para>
+
+ <screen>&prompt.root; <userinput>cdda2wav -D <replaceable>0,1,0</replaceable> -t 1+7</userinput></screen>
+
+ <para>The utility &man.dd.1; can also be used to extract audio tracks
+ on ATAPI drives, read <xref linkend="duplicating-audiocds">
+ for more information on that possibility.</para>
+
+ </sect2>
+
+ <sect2 id="mp3-encoding">
+ <title>Encoding MP3s</title>
+
+ <para>Nowadays, the mp3 encoder of choice is
+ <application>lame</application>.
+ <application>Lame</application> can be found at
+ <filename role="package">audio/lame</filename> in the ports tree.</para>
+
+ <para>Using the ripped WAV files, the following command will
+ convert <filename>audio01.wav</filename> to
+ <filename>audio01.mp3</filename>:</para>
+
+ <screen>&prompt.root; <userinput>lame -h -b <replaceable>128</replaceable> \
+--tt "<replaceable>Foo Song Title</replaceable>" \
+--ta "<replaceable>FooBar Artist</replaceable>" \
+--tl "<replaceable>FooBar Album</replaceable>" \
+--ty "<replaceable>2001</replaceable>" \
+--tc "<replaceable>Ripped and encoded by Foo</replaceable>" \
+--tg "<replaceable>Genre</replaceable>" \
+<replaceable>audio01.wav audio01.mp3</replaceable></userinput></screen>
+
+ <para>128&nbsp;kbits seems to be the standard MP3 bitrate in use.
+ Many enjoy the higher quality 160, or 192. The higher the
+ bitrate, the more disk space the resulting MP3 will
+ consume--but the quality will be higher. The
+ <option>-h</option> option turns on the <quote>higher quality
+ but a little slower</quote> mode. The options beginning with
+ <option>--t</option> indicate ID3 tags, which usually contain
+ song information, to be embedded within the MP3 file.
+ Additional encoding options can be found by consulting the
+ lame man page.</para>
+ </sect2>
+
+ <sect2 id="mp3-decoding">
+ <title>Decoding MP3s</title>
+
+ <para>In order to burn an audio CD from MP3s, they must be
+ converted to a non-compressed WAV format. Both
+ <application>XMMS</application> and
+ <application>mpg123</application> support the output of MP3 to
+ an uncompressed file format.</para>
+
+ <para>Writing to Disk in <application>XMMS</application>:</para>
+
+ <procedure>
+ <step>
+ <para>Launch <application>XMMS</application>.</para>
+ </step>
+
+ <step>
+ <para>Right-click on the window to bring up the
+ <application>XMMS</application> menu.</para>
+ </step>
+
+ <step>
+ <para>Select <literal>Preference</literal> under
+ <literal>Options</literal>.</para>
+ </step>
+
+ <step>
+ <para>Change the Output Plugin to <quote>Disk Writer
+ Plugin</quote>.</para>
+ </step>
+
+ <step>
+ <para>Press <literal>Configure</literal>.</para>
+ </step>
+
+ <step>
+ <para>Enter (or choose browse) a directory to write the
+ uncompressed files to.</para>
+ </step>
+
+ <step>
+ <para>Load the MP3 file into <application>XMMS</application>
+ as usual, with volume at 100% and EQ settings turned
+ off.</para>
+ </step>
+
+ <step>
+ <para>Press <literal>Play</literal> &mdash;
+ <application>XMMS</application> will appear as if it is
+ playing the MP3, but no music will be heard. It is
+ actually playing the MP3 to a file.</para>
+ </step>
+
+ <step>
+ <para>Be sure to set the default Output Plugin back to what
+ it was before in order to listen to MP3s again.</para>
+ </step>
+ </procedure>
+
+ <para>Writing to stdout in <application>mpg123</application>:</para>
+
+ <procedure>
+ <step>
+ <para>Run <command>mpg123 -s <replaceable>audio01.mp3</replaceable>
+ &gt; audio01.pcm</command></para>
+ </step>
+ </procedure>
+
+ <para><application>XMMS</application> writes a file in the WAV
+ format, while <application>mpg123</application> converts the
+ MP3 into raw PCM audio data. Both of these formats can be
+ used with <application>cdrecord</application> to create audio CDs.
+ You have to use raw PCM with &man.burncd.8;.
+ If you use WAV files, you will notice a small tick sound at the
+ beginning of each track, this sound is the header of the WAV
+ file. You can simply remove the header of a WAV file with the
+ utility <application>SoX</application> (it can be installed from
+ the <filename role="package">audio/sox</filename> port or
+ package):</para>
+
+ <screen>&prompt.user; <userinput>sox -t wav -r 44100 -s -w -c 2 <replaceable>track.wav track.raw</replaceable></userinput></screen>
+
+ <para>Read <xref linkend="creating-cds"> for more information on using a
+ CD burner in FreeBSD.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="video-playback">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Ross</firstname>
+ <surname>Lippert</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 5 June 2002 -->
+ </sect1info>
+
+ <title>Video Playback</title>
+
+ <para>Video playback is a very new and rapidly developing application
+ area. Be patient. Not everything is going to work as smoothly as
+ it did with sound.</para>
+
+ <para>Before you begin, you should know the model of the video
+ card you have and the chip it uses. While <application>&xorg;</application> and <application>&xfree86;</application> support a
+ wide variety of video cards, fewer give good playback
+ performance. To obtain a list of extensions supported by the
+ X server using your card use the command &man.xdpyinfo.1; while
+ X11 is running.</para>
+
+ <para>It is a good idea to have a short MPEG file which can be
+ treated as a test file for evaluating various players and
+ options. Since some DVD players will look for DVD media in
+ <filename>/dev/dvd</filename> by default, or have this device
+ name hardcoded in them, you might find it useful to make
+ symbolic links to the proper devices:</para>
+
+ <screen>&prompt.root; <userinput>ln -sf /dev/acd0c /dev/dvd</userinput>
+&prompt.root; <userinput>ln -sf /dev/racd0c /dev/rdvd</userinput></screen>
+
+ <para>On FreeBSD&nbsp;5.X, which uses &man.devfs.5; there
+ is a slightly different set of recommended links:</para>
+
+ <screen>&prompt.root; <userinput>ln -sf /dev/acd0 /dev/dvd</userinput>
+&prompt.root; <userinput>ln -sf /dev/acd0 /dev/rdvd</userinput></screen>
+
+ <para>Note that due to the nature of &man.devfs.5;,
+ manually created links like these will not persist if you reboot
+ your system. In order to create the symbolic links
+ automatically whenever you boot your system, add the following
+ lines to <filename>/etc/devfs.conf</filename>:</para>
+
+ <programlisting>link acd0 dvd
+link acd0 rdvd</programlisting>
+
+ <para>Additionally, DVD decryption, which requires invoking
+ special DVD-ROM functions, requires write permission on the DVD
+ devices.</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>CPU_ENABLE_SSE</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>USER_LDT</secondary>
+ </indexterm>
+
+ <para>Some of the ports discussed rely on the following kernel
+ options to build correctly. Before attempting to build, add
+ this option to the kernel configuration file, build a new kernel, and reboot:</para>
+
+ <programlisting>options CPU_ENABLE_SSE</programlisting>
+
+ <note>
+ <para>On &os;&nbsp;4.X <literal>options USER_LDT</literal> should
+ be added to the kernel configuration file. This option is not
+ available on &os;&nbsp;5.X and later version.</para>
+ </note>
+
+ <para>To enhance the shared memory X11 interface, it is
+ recommended that the values of some &man.sysctl.8; variables
+ should be increased:</para>
+
+ <programlisting>kern.ipc.shmmax=67108864
+kern.ipc.shmall=32768</programlisting>
+
+ <sect2 id="video-interface">
+ <title>Determining Video Capabilities</title>
+
+ <indexterm><primary>XVideo</primary></indexterm>
+ <indexterm><primary>SDL</primary></indexterm>
+ <indexterm><primary>DGA</primary></indexterm>
+
+ <para>There are several possible ways to display video under X11.
+ What will really work is largely hardware dependent. Each
+ method described below will have varying quality across
+ different hardware. Secondly, the rendering of video in X11 is
+ a topic receiving a lot of attention lately, and with each
+ version of <application>&xorg;</application>, or of <application>&xfree86;</application>, there may be significant improvement.</para>
+
+ <para>A list of common video interfaces:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>X11: normal X11 output using shared memory.</para>
+ </listitem>
+ <listitem>
+ <para>XVideo: an extension to the X11
+ interface which supports video in any X11 drawable.</para>
+ </listitem>
+ <listitem>
+ <para>SDL: the Simple Directmedia Layer.</para>
+ </listitem>
+ <listitem>
+ <para>DGA: the Direct Graphics Access.</para>
+ </listitem>
+ <listitem>
+ <para>SVGAlib: low level console graphics layer.</para>
+ </listitem>
+ </orderedlist>
+
+ <sect3 id="video-interface-xvideo">
+ <title>XVideo</title>
+
+ <para><application>&xorg;</application> and <application>&xfree86; 4.X</application> have an extension called
+ <emphasis>XVideo</emphasis> (aka Xvideo, aka Xv, aka xv) which
+ allows video to be directly displayed in drawable objects
+ through a special acceleration. This extension provides very
+ good quality playback even on low-end machines.</para>
+
+ <para>To check whether the extension is running,
+ use <command>xvinfo</command>:</para>
+
+ <screen>&prompt.user; <userinput>xvinfo</userinput></screen>
+
+ <para>XVideo is supported for your card if the result looks like:</para>
+<screen>X-Video Extension version 2.2
+screen #0
+ Adaptor #0: "Savage Streams Engine"
+ number of ports: 1
+ port base: 43
+ operations supported: PutImage
+ supported visuals:
+ depth 16, visualID 0x22
+ depth 16, visualID 0x23
+ number of attributes: 5
+ "XV_COLORKEY" (range 0 to 16777215)
+ client settable attribute
+ client gettable attribute (current value is 2110)
+ "XV_BRIGHTNESS" (range -128 to 127)
+ client settable attribute
+ client gettable attribute (current value is 0)
+ "XV_CONTRAST" (range 0 to 255)
+ client settable attribute
+ client gettable attribute (current value is 128)
+ "XV_SATURATION" (range 0 to 255)
+ client settable attribute
+ client gettable attribute (current value is 128)
+ "XV_HUE" (range -180 to 180)
+ client settable attribute
+ client gettable attribute (current value is 0)
+ maximum XvImage size: 1024 x 1024
+ Number of image formats: 7
+ id: 0x32595559 (YUY2)
+ guid: 59555932-0000-0010-8000-00aa00389b71
+ bits per pixel: 16
+ number of planes: 1
+ type: YUV (packed)
+ id: 0x32315659 (YV12)
+ guid: 59563132-0000-0010-8000-00aa00389b71
+ bits per pixel: 12
+ number of planes: 3
+ type: YUV (planar)
+ id: 0x30323449 (I420)
+ guid: 49343230-0000-0010-8000-00aa00389b71
+ bits per pixel: 12
+ number of planes: 3
+ type: YUV (planar)
+ id: 0x36315652 (RV16)
+ guid: 52563135-0000-0000-0000-000000000000
+ bits per pixel: 16
+ number of planes: 1
+ type: RGB (packed)
+ depth: 0
+ red, green, blue masks: 0x1f, 0x3e0, 0x7c00
+ id: 0x35315652 (RV15)
+ guid: 52563136-0000-0000-0000-000000000000
+ bits per pixel: 16
+ number of planes: 1
+ type: RGB (packed)
+ depth: 0
+ red, green, blue masks: 0x1f, 0x7e0, 0xf800
+ id: 0x31313259 (Y211)
+ guid: 59323131-0000-0010-8000-00aa00389b71
+ bits per pixel: 6
+ number of planes: 3
+ type: YUV (packed)
+ id: 0x0
+ guid: 00000000-0000-0000-0000-000000000000
+ bits per pixel: 0
+ number of planes: 0
+ type: RGB (packed)
+ depth: 1
+ red, green, blue masks: 0x0, 0x0, 0x0</screen>
+
+ <para>Also note that the formats listed (YUV2, YUV12, etc) are not
+ present with every implementation of XVideo and their absence may
+ hinder some players.</para>
+
+ <para>If the result looks like:</para>
+<screen>X-Video Extension version 2.2
+screen #0
+no adaptors present</screen>
+
+ <para>Then XVideo is probably not supported for your card.</para>
+
+ <para>If XVideo is not supported for your card, this only means
+ that it will be more difficult for your display to meet the
+ computational demands of rendering video. Depending on your
+ video card and processor, though, you might still be able to
+ have a satisfying experience. You should probably read about
+ ways of improving performance in the advanced reading <xref
+ linkend="video-further-reading">.</para>
+
+ </sect3>
+
+ <sect3 id="video-interface-SDL">
+ <title>Simple Directmedia Layer</title>
+
+ <para>The Simple Directmedia Layer, SDL, was intended to be a
+ porting layer between &microsoft.windows;, BeOS, and &unix;,
+ allowing cross-platform applications to be developed which made
+ efficient use of sound and graphics. The SDL layer provides a
+ low-level abstraction to the hardware which can sometimes be
+ more efficient than the X11 interface.</para>
+
+ <para>The SDL can be found at <filename role="package">devel/sdl12</filename>.</para>
+
+ </sect3>
+
+ <sect3 id="video-interface-DGA">
+ <title>Direct Graphics Access</title>
+
+ <para>Direct Graphics Access is an X11 extension which allows
+ a program to bypass the X server and directly alter the
+ framebuffer. Because it relies on a low level memory mapping to
+ effect this sharing, programs using it must be run as
+ <username>root</username>.</para>
+
+ <para>The DGA extension can be tested and benchmarked by
+ &man.dga.1;. When <command>dga</command> is running, it
+ changes the colors of the display whenever a key is pressed. To
+ quit, use <keycap>q</keycap>.</para>
+
+ </sect3>
+
+ </sect2>
+
+ <sect2 id="video-ports">
+ <title>Ports and Packages Dealing with Video</title>
+
+ <indexterm><primary>video ports</primary></indexterm>
+ <indexterm><primary>video packages</primary></indexterm>
+
+ <para>This section discusses the software available from the
+ FreeBSD Ports Collection which can be used for video playback.
+ Video playback is a very active area of software development,
+ and the capabilities of various applications are bound to
+ diverge somewhat from the descriptions given here.</para>
+
+ <para>Firstly, it is important to know that many of the video
+ applications which run on FreeBSD were developed as Linux
+ applications. Many of these applications are still
+ beta-quality. Some of the problems that you may encounter with
+ video packages on FreeBSD include:</para>
+
+ <orderedlist>
+
+ <listitem>
+ <para>An application cannot playback a file which another
+ application produced.</para>
+ </listitem>
+
+ <listitem>
+ <para>An application cannot playback a file which the
+ application itself produced.</para>
+ </listitem>
+
+ <listitem>
+ <para>The same application on two different machines,
+ rebuilt on each machine for that machine, plays back the same
+ file differently.</para>
+ </listitem>
+
+ <listitem>
+ <para>A seemingly trivial filter like rescaling of the image
+ size results in very bad artifacts from a buggy rescaling
+ routine.</para>
+ </listitem>
+
+ <listitem>
+ <para>An application frequently dumps core.</para>
+ </listitem>
+
+ <listitem>
+ <para>Documentation is not installed with the port and can be
+ found either on the web or under the port's <filename class='directory'>work</filename>
+ directory.</para>
+ </listitem>
+
+ </orderedlist>
+
+ <para>Many of these applications may also exhibit
+ <quote>Linux-isms</quote>. That is, there may be
+ issues resulting from the way some standard libraries are
+ implemented in the Linux distributions, or some features of the
+ Linux kernel which have been assumed by the authors of the
+ applications. These issues are not always noticed and worked around
+ by the port maintainers, which can lead to problems like
+ these:</para>
+
+ <orderedlist>
+
+ <listitem>
+ <para>The use of <filename>/proc/cpuinfo</filename> to detect
+ processor characteristics.</para>
+ </listitem>
+
+ <listitem>
+ <para>A misuse of threads which causes a program to hang upon
+ completion instead of truly terminating.</para>
+ </listitem>
+
+ <listitem>
+ <para>Software not yet in the FreeBSD Ports Collection
+ which is commonly used in conjunction with the application.</para>
+ </listitem>
+
+ </orderedlist>
+
+ <para>So far, these application developers have been cooperative with
+ port maintainers to minimize the work-arounds needed for
+ port-ing.</para>
+
+ <sect3 id="video-mplayer">
+ <title>MPlayer</title>
+
+ <para><application>MPlayer</application> is a recently developed and rapidly developing
+ video player. The goals of the <application>MPlayer</application> team are speed and
+ flexibility on Linux and other Unices. The project was
+ started when the team founder got fed up with bad playback
+ performance on then available players. Some would say that
+ the graphical interface has been sacrificed for a streamlined
+ design. However, once
+ you get used to the command line options and the key-stroke
+ controls, it works very well.</para>
+
+ <sect4 id="video-mplayer-building">
+ <title>Building MPlayer</title>
+ <indexterm><primary>MPlayer</primary>
+ <secondary>making</secondary></indexterm>
+
+ <para><application>MPlayer</application> resides in <filename
+ role="package">multimedia/mplayer</filename>.
+ <application>MPlayer</application> performs a variety of
+ hardware checks during the build process, resulting in a
+ binary which will not be portable from one system to
+ another. Therefore, it is important to build it from
+ ports and not to use a binary package. Additionally, a
+ number of options can be specified in the <command>make</command>
+ command line, as described in the <filename>Makefile</filename> and at the start of the build:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/multimedia/mplayer</userinput>
+&prompt.root; <userinput>make</userinput>
+N - O - T - E
+
+Take a careful look into the Makefile in order
+to learn how to tune mplayer towards you personal preferences!
+For example,
+make WITH_GTK1
+builds MPlayer with GTK1-GUI support.
+If you want to use the GUI, you can either install
+/usr/ports/multimedia/mplayer-skins
+or download official skin collections from
+http://www.mplayerhq.hu/homepage/dload.html
+</screen>
+
+ <para>The default port options should be sufficient for most
+ users. However, if you need the XviD codec, you have to
+ specify the <makevar>WITH_XVID</makevar> option in the
+ command line. The default DVD device can also be defined
+ with the <makevar>WITH_DVD_DEVICE</makevar> option, by
+ default <filename>/dev/acd0</filename> will be used.</para>
+
+ <para>As of this writing, the <application>MPlayer</application> port will build its HTML
+ documentation and two executables,
+ <command>mplayer</command>, and
+ <command>mencoder</command>, which is a tool for
+ re-encoding video.</para>
+
+ <para>The HTML documentation for <application>MPlayer</application> is very informative.
+ If the reader finds the information on video hardware and
+ interfaces in this chapter lacking, the <application>MPlayer</application> documentation
+ is a very thorough supplement. You should definitely take
+ the time to read the <application>MPlayer</application>
+ documentation if you are looking for information about video
+ support in &unix;.</para>
+
+ </sect4>
+
+ <sect4 id="video-mplayer-using">
+ <title>Using MPlayer</title>
+ <indexterm><primary>MPlayer</primary>
+ <secondary>use</secondary></indexterm>
+
+ <para>Any user of <application>MPlayer</application> must set up a
+ <filename>.mplayer</filename> subdirectory of her
+ home directory. To create this necessary subdirectory,
+ you can type the following:</para>
+
+<screen>&prompt.user; <userinput>cd /usr/ports/multimedia/mplayer</userinput>
+&prompt.user; <userinput>make install-user</userinput></screen>
+
+ <para>The command options for <command>mplayer</command> are
+ listed in the manual page. For even more detail there is HTML
+ documentation. In this section, we will describe only a few
+ common uses.</para>
+
+ <para>To play a file, such as
+ <filename><replaceable>testfile.avi</replaceable></filename>,
+ through one of the various video interfaces set the
+ <option>-vo</option> option:</para>
+
+ <screen>&prompt.user; <userinput>mplayer -vo xv testfile.avi</userinput></screen>
+ <screen>&prompt.user; <userinput>mplayer -vo sdl testfile.avi</userinput></screen>
+ <screen>&prompt.user; <userinput>mplayer -vo x11 testfile.avi</userinput></screen>
+ <screen>&prompt.root; <userinput>mplayer -vo dga testfile.avi</userinput></screen>
+ <screen>&prompt.root; <userinput>mplayer -vo 'sdl:dga' testfile.avi</userinput></screen>
+
+ <para>It is worth trying all of these options, as their relative
+ performance depends on many factors and will vary significantly
+ with hardware.</para>
+
+ <para>To play from a DVD, replace the
+ <filename>testfile.avi</filename> with <option>dvd://<replaceable>N</replaceable> -dvd-device
+ <replaceable>DEVICE</replaceable></option> where <replaceable>N</replaceable> is
+ the title number to play and
+ <filename><replaceable>DEVICE</replaceable></filename> is the
+ device node for the DVD-ROM. For example, to play title 3
+ from <filename>/dev/dvd</filename>:</para>
+
+ <screen>&prompt.root; <userinput>mplayer -vo xv dvd://3 -dvd-device /dev/dvd</userinput></screen>
+
+ <note>
+ <para>The default DVD device can be defined during the build
+ of the <application>MPlayer</application> port via the
+ <makevar>WITH_DVD_DEVICE</makevar> option. By default,
+ this device is <filename>/dev/acd0</filename>. More
+ details can be found in the port
+ <filename>Makefile</filename>.</para>
+ </note>
+
+ <para>To stop, pause, advance and so on, consult the
+ keybindings, which are output by running <command>mplayer
+ -h</command> or read the manual page.</para>
+
+ <para>Additional important options for playback are:
+ <option>-fs -zoom</option> which engages the fullscreen mode
+ and <option>-framedrop</option> which helps performance.</para>
+
+ <para>In order for the mplayer command line to not become too
+ large, the user can create a file
+ <filename>.mplayer/config</filename> and set default options
+ there:</para>
+<programlisting>vo=xv
+fs=yes
+zoom=yes</programlisting>
+
+ <para>Finally, <command>mplayer</command> can be used to rip a
+ DVD title into a <filename>.vob</filename> file. To dump
+ out the second title from a DVD, type this:</para>
+
+ <screen>&prompt.root; <userinput>mplayer -dumpstream -dumpfile out.vob dvd://2 -dvd-device /dev/dvd</userinput></screen>
+
+ <para>The output file, <filename>out.vob</filename>, will be
+ MPEG and can be manipulated by the other packages described
+ in this section.</para>
+
+ </sect4>
+ <sect4 id="video-mencoder">
+ <title>mencoder</title>
+ <indexterm>
+ <primary>mencoder</primary>
+ </indexterm>
+
+ <para>Before using
+ <command>mencoder</command> it is a good idea to
+ familiarize yourself with the options from the HTML
+ documentation. There is a manual page, but it is not very
+ useful without the HTML documentation. There are innumerable ways to
+ improve quality, lower bitrate, and change formats, and some
+ of these tricks may make the difference between good
+ or bad performance. Here are a couple of examples to get
+ you going. First a simple copy:</para>
+
+ <screen>&prompt.user; <userinput>mencoder input.avi -oac copy -ovc copy -o output.avi</userinput></screen>
+
+ <para>Improper combinations of command line options can yield
+ output files that are
+ unplayable even by <command>mplayer</command>. Thus, if you
+ just want to rip to a file, stick to the <option>-dumpfile</option>
+ in <command>mplayer</command>.</para>
+
+ <para>To convert <filename>input.avi</filename> to the MPEG4
+ codec with MPEG3 audio encoding (<filename role="package">audio/lame</filename> is required):</para>
+
+ <screen>&prompt.user; <userinput>mencoder input.avi -oac mp3lame -lameopts br=192 \
+ -ovc lavc -lavcopts vcodec=mpeg4:vhq -o output.avi</userinput></screen>
+
+ <para>This has produced output playable by <command>mplayer</command>
+ and <command>xine</command>.</para>
+
+ <para><filename>input.avi</filename> can be replaced with
+ <option>dvd://1 -dvd-device /dev/dvd</option> and run as
+ <username>root</username> to re-encode a DVD title
+ directly. Since you are likely to be dissatisfied with
+ your results the first time around, it is recommended you
+ dump the title to a file and work on the file.</para>
+ </sect4>
+
+ </sect3>
+
+ <sect3 id="video-xine">
+ <title>The xine Video Player</title>
+
+ <para>The <application>xine</application> video player is a project of wide scope aiming not only at being an
+ all in one video solution, but also in producing a reusable base
+ library and a modular executable which can be extended with
+ plugins. It comes both as a package and as a port, <filename
+ role="package">multimedia/xine</filename>.</para>
+
+ <para>The <application>xine</application> player
+ is still very rough around the edges, but it is clearly off to a
+ good start. In practice, <application>xine</application> requires either a fast CPU with a
+ fast video card, or support for the XVideo extension. The GUI is
+ usable, but a bit clumsy.</para>
+
+ <para>As of this writing, there is no input module shipped with
+ <application>xine</application> which will play CSS encoded DVD's. There are third party
+ builds which do have modules for this built in them, but none
+ of these are in the FreeBSD Ports Collection.</para>
+
+ <para>Compared to <application>MPlayer</application>, <application>xine</application> does more for the user, but at the
+ same time, takes some of the more fine-grained control away from
+ the user. The <application>xine</application> video player
+ performs best on XVideo interfaces.</para>
+
+ <para>By default, <application>xine</application> player will
+ start up in a graphical user interface. The menus can then be
+ used to open a specific file:</para>
+
+ <screen>&prompt.user; <userinput>xine</userinput></screen>
+
+ <para>Alternatively, it may be invoked to play a file immediately
+ without the GUI with the command:</para>
+
+ <screen>&prompt.user; <userinput>xine -g -p mymovie.avi</userinput></screen>
+
+ </sect3>
+
+ <sect3 id="video-ports-transcode">
+ <title>The transcode Utilities</title>
+
+ <para>The software <application>transcode</application> is not a player, but a suite of tools for
+ re-encoding video and audio files. With <application>transcode</application>, one has the
+ ability to merge video files, repair broken files, using command
+ line tools with <filename>stdin/stdout</filename> stream
+ interfaces.</para>
+
+ <para>A great number of options can be specified during
+ the build from the <filename
+ role="package">multimedia/transcode</filename> port, we recommend the
+ following command line to build
+ <application>transcode</application>:</para>
+
+ <screen>&prompt.root; <userinput>make WITH_OPTIMIZED_CFLAGS=yes WITH_LIBA52=yes WITH_LAME=yes WITH_OGG=yes \
+WITH_MJPEG=yes -DWITH_XVID=yes</userinput></screen>
+
+ <para>The proposed settings should be sufficient for most users.</para>
+
+ <para>To illustrate <command>transcode</command> capacities, one
+ example to show how to convert a DivX file into a PAL MPEG-1
+ file (PAL VCD):</para>
+
+ <screen>&prompt.user; <userinput>transcode -i input.avi -V --export_prof vcd-pal -o output_vcd</userinput>
+&prompt.user; <userinput>mplex -f 1 -o output_vcd.mpg output_vcd.m1v output_vcd.mpa</userinput></screen>
+
+ <para>The resulting MPEG file,
+ <filename>output_vcd.mpg</filename>, is ready to be played with
+ <application>MPlayer</application>. You could even burn the
+ file on a CD-R media to create a Video CD, in this case you will
+ need to install and use both <filename
+ role="package">multimedia/vcdimager</filename> and <filename
+ role="package">sysutils/cdrdao</filename> programs.</para>
+
+ <para>There is a manual page for <command>transcode</command>, but
+ you should also consult the <ulink
+ url="http://www.transcoding.org/cgi-bin/transcode">transcode
+ wiki</ulink> for further information and examples.</para>
+ </sect3>
+
+ </sect2>
+
+ <sect2 id="video-further-reading">
+ <title>Further Reading</title>
+
+ <para>The various video software packages for FreeBSD are
+ developing rapidly. It is quite possible that in the near
+ future many of the problems discussed here will have been
+ resolved. In the mean time, those who
+ want to get the very most out of FreeBSD's A/V capabilities will
+ have to cobble together knowledge from several FAQs and tutorials
+ and use a few different applications. This section exists to
+ give the reader pointers to such additional information.</para>
+
+ <para>The
+ <ulink url="http://www.mplayerhq.hu/DOCS/">MPlayer documentation</ulink>
+ is very technically informative.
+ These documents should probably be consulted by anyone wishing
+ to obtain a high level of expertise with &unix; video. The
+ <application>MPlayer</application> mailing list is hostile to anyone who has not bothered
+ to read the documentation, so if you plan on making bug reports
+ to them, RTFM.</para>
+
+ <para>The
+ <ulink url="http://dvd.sourceforge.net/xine-howto/en_GB/html/howto.html"> xine HOWTO</ulink>
+ contains a chapter on performance improvement
+ which is general to all players.</para>
+
+ <para>Finally, there are some other promising applications which
+ the reader may try:</para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para><ulink
+ url="http://avifile.sourceforge.net/">Avifile</ulink> which
+ is also a port <filename
+ role='package'>multimedia/avifile</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.dtek.chalmers.se/groups/dvd/">Ogle</ulink>
+ which is also a port <filename
+ role='package'>multimedia/ogle</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://xtheater.sourceforge.net/">Xtheater</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><filename
+ role="package">multimedia/dvdauthor</filename>, an open
+ source package for authoring DVD content.</para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="tvcard">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Josef</firstname>
+ <surname>El-Rayes</surname>
+ <contrib>Original contribution by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Enhanced and adapted by </contrib>
+ <!-- 02 January 2004 -->
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Setting Up TV Cards</title>
+ <indexterm>
+ <primary>TV cards</primary>
+ </indexterm>
+
+ <sect2>
+ <title>Introduction</title>
+
+ <para>TV cards allow you to watch broadcast or cable TV on your
+ computer. Most of them accept composite video via an RCA or
+ S-video input and some of these cards come with a FM
+ radio tuner.</para>
+
+ <para>&os; provides support for PCI-based TV cards using a
+ Brooktree Bt848/849/878/879 or a Conexant CN-878/Fusion 878a
+ Video Capture Chip with the &man.bktr.4; driver. You must
+ also ensure the board comes with a supported tuner, consult
+ the &man.bktr.4; manual page for a list of supported
+ tuners.</para>
+ </sect2>
+
+ <sect2>
+ <title>Adding the Driver</title>
+
+ <para>To use your card, you will need to load the &man.bktr.4;
+ driver, this can be done by adding the following line to the
+ <filename>/boot/loader.conf</filename> file like this:</para>
+
+ <programlisting>bktr_load="YES"</programlisting>
+
+ <para>Alternatively, you may statically compile the support for
+ the TV card in your kernel, in that case add the following
+ lines to your kernel configuration:</para>
+
+ <programlisting>device bktr
+device iicbus
+device iicbb
+device smbus</programlisting>
+
+ <para>These additional device drivers are necessary because of the
+ card components being interconnected via an I2C bus. Then build
+ and install a new kernel.</para>
+
+ <para>Once the support was added to your system, you have to
+ reboot your machine. During the boot process, your TV card
+ should show up, like this:</para>
+
+ <programlisting>bktr0: &lt;BrookTree 848A&gt; mem 0xd7000000-0xd7000fff irq 10 at device 10.0 on pci0
+iicbb0: &lt;I2C bit-banging driver&gt; on bti2c0
+iicbus0: &lt;Philips I2C bus&gt; on iicbb0 master-only
+iicbus1: &lt;Philips I2C bus&gt; on iicbb0 master-only
+smbus0: &lt;System Management Bus&gt; on bti2c0
+bktr0: Pinnacle/Miro TV, Philips SECAM tuner.</programlisting>
+
+ <para>Of course these messages can differ according to your
+ hardware. However you should check if the tuner is correctly
+ detected; it is still possible to override some of the
+ detected parameters with &man.sysctl.8; MIBs and kernel
+ configuration file options. For example, if you want to force
+ the tuner to a Philips SECAM tuner, you should add the
+ following line to your kernel configuration file:</para>
+
+ <programlisting>options OVERRIDE_TUNER=6</programlisting>
+
+ <para>or you can directly use &man.sysctl.8;:</para>
+
+ <screen>&prompt.root; <userinput>sysctl hw.bt848.tuner=6</userinput></screen>
+
+ <para>See the &man.bktr.4; manual page and the
+ <filename>/usr/src/sys/conf/NOTES</filename> file for more
+ details on the available options. (If you are under
+ &os;&nbsp;4.X, <filename>/usr/src/sys/conf/NOTES</filename> is
+ replaced with
+ <filename>/usr/src/sys/i386/conf/LINT</filename>.)</para>
+ </sect2>
+
+ <sect2>
+ <title>Useful Applications</title>
+
+ <para>To use your TV card you need to install one of the
+ following applications:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><filename role="package">multimedia/fxtv</filename>
+ provides TV-in-a-window and image/audio/video capture
+ capabilities.</para>
+ </listitem>
+ <listitem>
+ <para><filename role="package">multimedia/xawtv</filename>
+ is also a TV application, with the same features as
+ <application>fxtv</application>.</para>
+ </listitem>
+ <listitem>
+ <para><filename role="package">misc/alevt</filename> decodes
+ and displays Videotext/Teletext.</para>
+ </listitem>
+ <listitem>
+ <para><filename role="package">audio/xmradio</filename>, an
+ application to use the FM radio tuner coming with some
+ TV cards.</para>
+ </listitem>
+ <listitem>
+ <para><filename role="package">audio/wmtune</filename>, a handy
+ desktop application for radio tuners.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>More applications are available in the &os; Ports
+ Collection.</para>
+ </sect2>
+
+ <sect2>
+ <title>Troubleshooting</title>
+
+ <para>If you encounter any problem with your TV card, you should
+ check at first if the video capture chip and the tuner are
+ really supported by the &man.bktr.4; driver and if you used the right
+ configuration options. For more support and various questions
+ about your TV card you may want to contact and use the
+ archives of the &a.multimedia.name; mailing list.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="scanners">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Written by </contrib>
+ <!-- 04 August 2004 -->
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Image Scanners</title>
+ <indexterm>
+ <primary>image scanners</primary>
+ </indexterm>
+
+ <sect2>
+ <title>Introduction</title>
+
+ <para>&os;, like any modern operating system, allows the use of
+ image scanners. Standardized access to scanners is provided
+ by the <application>SANE</application> (Scanner Access Now
+ Easy) <acronym role="Application Programming
+ Interface">API</acronym> available through the &os; Ports
+ Collection. <application>SANE</application> will also use
+ some &os; devices drivers to access to the scanner
+ hardware.</para>
+
+ <para>&os; supports both SCSI and USB scanners. Be sure your
+ scanner is supported by <application>SANE</application> prior
+ to performing any configuration.
+ <application>SANE</application> has a <ulink
+ url="http://sane-project.org/sane-supported-devices.html">supported
+ devices</ulink> list that can provide you with information
+ about the support for a scanner and its status. The
+ &man.uscanner.4; manual page also provides a list of supported
+ USB scanners.</para>
+ </sect2>
+
+ <sect2>
+ <title>Kernel Configuration</title>
+
+ <para>As mentioned above both SCSI and USB interfaces are
+ supported. According to your scanner interface, different
+ device drivers are required.</para>
+
+ <sect3 id="scanners-kernel-usb">
+ <title>USB Interface</title>
+
+ <para>The <filename>GENERIC</filename> kernel by default
+ includes the device drivers needed to support USB scanners.
+ Should you decide to use a custom kernel, be sure that the
+ following lines are present in your kernel configuration
+ file:</para>
+
+ <programlisting>device usb
+device uhci
+device ohci
+device uscanner</programlisting>
+
+ <para>Depending upon the USB chipset on your motherboard, you
+ will only need either <literal>device uhci</literal> or
+ <literal>device ohci</literal>, however having both in the
+ kernel configuration file is harmless.</para>
+
+ <para>If you do not want to rebuild your kernel and your
+ kernel is not the <filename>GENERIC</filename> one, you can
+ directly load the &man.uscanner.4; device driver module with
+ the &man.kldload.8; command:</para>
+
+ <screen>&prompt.root; <userinput>kldload uscanner</userinput></screen>
+
+ <para>To load this module at each system startup, add the
+ following line to
+ <filename>/boot/loader.conf</filename>:</para>
+
+ <programlisting>uscanner_load="YES"</programlisting>
+
+ <para>After rebooting with the correct kernel, or after
+ loading the required module, plug in your USB scanner. The
+ scanner should appear in your system message buffer
+ (&man.dmesg.8;) as something like:</para>
+
+ <screen>uscanner0: EPSON EPSON Scanner, rev 1.10/3.02, addr 2</screen>
+
+ <para>This shows that our scanner is using the
+ <filename>/dev/uscanner0</filename> device node.</para>
+
+ <note>
+ <para>On &os;&nbsp;4.X, the USB daemon (&man.usbd.8;) must
+ be running to be able to see some USB devices. To enable
+ this, add <literal>usbd_enable="YES"</literal> to your
+ <filename>/etc/rc.conf</filename> file and reboot the
+ machine.</para>
+ </note>
+ </sect3>
+
+ <sect3>
+ <title>SCSI Interface</title>
+
+ <para>If your scanner comes with a SCSI interface, it is
+ important to know which SCSI controller board you will use.
+ According to the SCSI chipset used, you will have to tune
+ your kernel configuration file. The
+ <filename>GENERIC</filename> kernel supports the most common
+ SCSI controllers. Be sure to read the
+ <filename>NOTES</filename> file (<filename>LINT</filename>
+ under &os;&nbsp;4.X) and add the correct line to your kernel
+ configuration file. In addition to the SCSI adapter driver,
+ you need to have the following lines in your kernel
+ configuration file:</para>
+
+ <programlisting>device scbus
+device pass</programlisting>
+
+ <para>Once your kernel has been properly compiled, you should
+ be able to see the devices in your system message buffer,
+ when booting:</para>
+
+ <screen>pass2 at aic0 bus 0 target 2 lun 0
+pass2: &lt;AGFA SNAPSCAN 600 1.10&gt; Fixed Scanner SCSI-2 device
+pass2: 3.300MB/s transfers</screen>
+
+ <para>If your scanner was not powered-on at system boot, it is
+ still possible to manually force the detection by performing
+ a SCSI bus scan with the &man.camcontrol.8; command:</para>
+
+ <screen>&prompt.root; <userinput>camcontrol rescan all</userinput>
+Re-scan of bus 0 was successful
+Re-scan of bus 1 was successful
+Re-scan of bus 2 was successful
+Re-scan of bus 3 was successful</screen>
+
+ <para>Then the scanner will appear in the SCSI devices
+ list:</para>
+
+ <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
+&lt;IBM DDRS-34560 S97B&gt; at scbus0 target 5 lun 0 (pass0,da0)
+&lt;IBM DDRS-34560 S97B&gt; at scbus0 target 6 lun 0 (pass1,da1)
+&lt;AGFA SNAPSCAN 600 1.10&gt; at scbus1 target 2 lun 0 (pass3)
+&lt;PHILIPS CDD3610 CD-R/RW 1.00&gt; at scbus2 target 0 lun 0 (pass2,cd0)</screen>
+
+ <para>More details about SCSI devices, are available in the
+ &man.scsi.4; and &man.camcontrol.8; manual pages.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>SANE Configuration</title>
+
+ <para>The <application>SANE</application> system has been
+ splitted in two parts: the backends (<filename
+ role="package">graphics/sane-backends</filename>) and the
+ frontends (<filename
+ role="package">graphics/sane-frontends</filename>). The
+ backends part provides access to the scanner itself. The
+ <application>SANE</application>'s <ulink
+ url="http://sane-project.org/sane-supported-devices.html">supported
+ devices</ulink> list specifies which backend will support your
+ image scanner. It is mandatory to determine the correct
+ backend for your scanner if you want to be able to use your
+ device. The frontends part provides the graphical scanning
+ interface (<application>xscanimage</application>).</para>
+
+ <para>The first thing to do is install the <filename
+ role="package">graphics/sane-backends</filename> port or
+ package. Then, use the <command>sane-find-scanner</command>
+ command to check the scanner detection by the
+ <application>SANE</application> system:</para>
+
+ <screen>&prompt.root; <userinput>sane-find-scanner -q</userinput>
+found SCSI scanner "AGFA SNAPSCAN 600 1.10" at /dev/pass3</screen>
+
+ <para>The output will show the interface type of the scanner and
+ the device node used to attach the scanner to the system. The
+ vendor and the product model may not appear, it is not
+ important.</para>
+
+ <note>
+ <para>Some USB scanners require you to load a firmware, this
+ is explained in the backend manual page. You should also read
+ &man.sane-find-scanner.1; and &man.sane.7; manual
+ pages.</para>
+ </note>
+
+ <para>Now we have to check if the scanner will be identified by
+ a scanning frontend. By default, the
+ <application>SANE</application> backends comes with a command
+ line tool called &man.scanimage.1;. This command allows you
+ to list the devices and to perform an image acquisition from
+ the command line. The <option>-L</option> option is used to
+ list the scanner device:</para>
+
+ <screen>&prompt.root; <userinput>scanimage -L</userinput>
+device `snapscan:/dev/pass3' is a AGFA SNAPSCAN 600 flatbed scanner</screen>
+
+ <para>No output or a message saying that no scanners were
+ identified indicates that &man.scanimage.1; is unable to
+ identify the scanner. If this happens, you will need to edit
+ the backend configuration file and define the scanner device
+ used. The <filename
+ class="directory">/usr/local/etc/sane.d/</filename> directory
+ contains all backends configuration files. This
+ identification problem does appear with certain USB
+ scanners.</para>
+
+ <para>For example, with the USB scanner used in the <xref
+ linkend="scanners-kernel-usb">,
+ <command>sane-find-scanner</command> gives us the following
+ information:</para>
+
+ <screen>&prompt.root; <userinput>sane-find-scanner -q</userinput>
+found USB scanner (UNKNOWN vendor and product) at device /dev/uscanner0</screen>
+ <para>The scanner is correctly detected, it uses the USB
+ interface and is attached to the
+ <filename>/dev/uscanner0</filename> device node. We can now
+ check if the scanner is correctly identified:</para>
+
+ <screen>&prompt.root; <userinput>scanimage -L</userinput>
+
+No scanners were identified. If you were expecting something different,
+check that the scanner is plugged in, turned on and detected by the
+sane-find-scanner tool (if appropriate). Please read the documentation
+which came with this software (README, FAQ, manpages).</screen>
+
+ <para>Since the scanner is not identified, we will need to edit
+ the <filename>/usr/local/etc/sane.d/epson.conf</filename>
+ file. The scanner model used was the &epson.perfection; 1650,
+ so we know the scanner will use the <literal>epson</literal>
+ backend. Be sure to read the help comments in the backends
+ configuration files. Line changes are quite simple: comment
+ out all lines that have the wrong interface for your scanner
+ (in our case, we will comment out all lines starting with the
+ word <literal>scsi</literal> as our scanner uses the USB
+ interface), then add at the end of the file a line specifying
+ the interface and the device node used. In this case, we add
+ the following line:</para>
+
+ <programlisting>usb /dev/uscanner0</programlisting>
+
+ <para>Please be sure to read the comments provided in the
+ backend configuration file as well as the backend manual page
+ for more details and correct syntax to use. We can now verify
+ if the scanner is identified:</para>
+
+ <screen>&prompt.root; <userinput>scanimage -L</userinput>
+device `epson:/dev/uscanner0' is a Epson GT-8200 flatbed scanner</screen>
+
+ <para>Our USB scanner has been identified. It is not important
+ if the brand and the model do not match. The key item to be
+ concerned with is the
+ <literal>`epson:/dev/uscanner0'</literal> field, which give us
+ the right backend name and the right device node.</para>
+
+ <para>Once the <command>scanimage -L</command> command is able
+ to see the scanner, the configuration is complete. The device
+ is now ready to scan.</para>
+
+ <para>While &man.scanimage.1; does allow us to perform an
+ image acquisition from the command line, it is preferable to
+ use a graphical user interface to perform image scanning.
+ <application>SANE</application> offers a simple but efficient
+ graphical interface: <application>xscanimage</application>
+ (<filename
+ role="package">graphics/sane-frontends</filename>).</para>
+
+ <para><application>Xsane</application> (<filename
+ role="package">graphics/xsane</filename>) is another popular
+ graphical scanning frontend. This frontend offers advanced
+ features such as various scanning mode (photocopy, fax, etc.),
+ color correction, batch scans, etc. Both of these applications
+ are useable as a <application>GIMP</application>
+ plugin.</para>
+ </sect2>
+
+ <sect2>
+ <title>Allowing Scanner Access to Other Users</title>
+
+ <para>All previous operations have been done with
+ <username>root</username> privileges. You may however, need
+ other users to have access
+ to the scanner. The user will need read and write
+ permissions to the device node used by the scanner. As an
+ example, our USB scanner uses the device node
+ <filename>/dev/uscanner0</filename> which is owned by the
+ <groupname>operator</groupname> group. Adding the user
+ <username>joe</username> to the
+ <groupname>operator</groupname> group will allow him to use
+ the scanner:</para>
+
+ <screen>&prompt.root; <userinput>pw groupmod operator -m <replaceable>joe</replaceable></userinput></screen>
+
+ <para>For more details read the &man.pw.8; manual page. You
+ also have to set the correct write permissions (0660 or 0664)
+ on the <filename>/dev/uscanner0</filename> device node, by
+ default the <groupname>operator</groupname> group can only
+ read the device node. This is done by adding the following
+ lines to the <filename>/etc/devfs.rules</filename> file:</para>
+
+ <programlisting>[system=5]
+add path uscanner0 mode 660</programlisting>
+
+ <para>Then add the following to
+ <filename>/etc/rc.conf</filename> and reboot the
+ machine:</para>
+
+ <programlisting>devfs_system_ruleset="system"</programlisting>
+
+ <para>More information regarding these lines can be found in the
+ &man.devfs.8; manual page. Under &os;&nbsp;4.X, the
+ <groupname>operator</groupname> group has, by default, read
+ and write permissions to
+ <filename>/dev/uscanner0</filename>.</para>
+
+ <note>
+ <para>Of course, for security reasons, you should think twice
+ before adding a user to any group, especially the
+ <groupname>operator</groupname> group.</para>
+ </note>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/network-servers/Makefile b/zh_TW.Big5/books/handbook/network-servers/Makefile
new file mode 100644
index 0000000000..150dbe3121
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/network-servers/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= network-servers/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/network-servers/chapter.sgml b/zh_TW.Big5/books/handbook/network-servers/chapter.sgml
new file mode 100644
index 0000000000..b9d302fda8
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/network-servers/chapter.sgml
@@ -0,0 +1,5184 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="network-servers">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ <contrib>Reorganized by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 23 July 2004 -->
+ </chapterinfo>
+
+ <title>Network Servers</title>
+
+ <sect1 id="network-servers-synopsis">
+ <title>Synopsis</title>
+
+ <para>This chapter will cover some of the more frequently used
+ network services on &unix; systems. We will cover how to
+ install, configure, test, and maintain many different types of
+ network services. Example configuration files are included
+ throughout this chapter for you to benefit from.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>How to manage the <application>inetd</application>
+ daemon.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up a network file system.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up a network information server for sharing
+ user accounts.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up automatic network settings using DHCP.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up a domain name server.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up the <application>Apache</application> HTTP Server.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up a File Transfer Protocol (FTP) Server.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up a file and print server for &windows;
+ clients using <application>Samba</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to synchronize the time and date, and set up a
+ time server, with the NTP protocol.</para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand the basics of the
+ <filename>/etc/rc</filename> scripts.</para>
+ </listitem>
+
+ <listitem>
+ <para>Be familiar with basic network terminology.</para>
+ </listitem>
+
+ <listitem>
+ <para>Know how to install additional third-party
+ software (<xref linkend="ports">).</para>
+ </listitem>
+
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="network-inetd">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>The <application>inetd</application> <quote>Super-Server</quote></title>
+
+ <sect2 id="network-inetd-overview">
+ <title>Overview</title>
+
+ <para>&man.inetd.8; is referred to as the <quote>Internet
+ Super-Server</quote> because it manages connections for
+ several services. When a
+ connection is received by <application>inetd</application>, it
+ determines which program the connection is destined for, spawns
+ the particular process and delegates the socket to it (the program
+ is invoked with the service socket as its standard input, output
+ and error descriptors). Running
+ one instance of <application>inetd</application> reduces the
+ overall system load as compared to running each daemon
+ individually in stand-alone mode.</para>
+
+ <para>Primarily, <application>inetd</application> is used to
+ spawn other daemons, but several trivial protocols are handled
+ directly, such as <application>chargen</application>,
+ <application>auth</application>, and
+ <application>daytime</application>.</para>
+
+ <para>This section will cover the basics in configuring
+ <application>inetd</application> through its command-line
+ options and its configuration file,
+ <filename>/etc/inetd.conf</filename>.</para>
+ </sect2>
+
+ <sect2 id="network-inetd-settings">
+ <title>Settings</title>
+
+ <para><application>inetd</application> is initialized through
+ the <filename>/etc/rc.conf</filename> system. The
+ <literal>inetd_enable</literal> option is set to
+ <literal>NO</literal> by default, but is often times turned on
+ by <application>sysinstall</application> with the medium
+ security profile. Placing:
+ <programlisting>inetd_enable="YES"</programlisting> or
+ <programlisting>inetd_enable="NO"</programlisting> into
+ <filename>/etc/rc.conf</filename> can enable or disable
+ <application>inetd</application> starting at boot time.</para>
+
+ <para>Additionally, different command-line options can be passed
+ to <application>inetd</application> via the
+ <literal>inetd_flags</literal> option.</para>
+ </sect2>
+
+ <sect2 id="network-inetd-cmdline">
+ <title>Command-Line Options</title>
+
+ <para><application>inetd</application> synopsis:</para>
+
+ <para><option> inetd [-d] [-l] [-w] [-W] [-c maximum] [-C rate] [-a address | hostname]
+ [-p filename] [-R rate] [configuration file]</option></para>
+
+ <variablelist>
+ <varlistentry>
+ <term>-d</term>
+
+ <listitem>
+ <para>Turn on debugging.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-l</term>
+
+ <listitem>
+ <para>Turn on logging of successful connections.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-w</term>
+
+ <listitem>
+ <para>Turn on TCP Wrapping for external services (on by
+ default).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-W</term>
+
+ <listitem>
+ <para>Turn on TCP Wrapping for internal services which are
+ built into <application>inetd</application> (on by
+ default).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-c maximum</term>
+
+ <listitem>
+ <para>Specify the default maximum number of simultaneous
+ invocations of each service; the default is unlimited.
+ May be overridden on a per-service basis with the
+ <option>max-child</option> parameter.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-C rate</term>
+
+ <listitem>
+ <para>Specify the default maximum number of times a
+ service can be invoked from a single IP address in one
+ minute; the default is unlimited. May be overridden on a
+ per-service basis with the
+ <option>max-connections-per-ip-per-minute</option>
+ parameter.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-R rate</term>
+
+ <listitem>
+ <para>Specify the maximum number of times a service can be
+ invoked in one minute; the default is 256. A rate of 0
+ allows an unlimited number of invocations.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-a</term>
+
+ <listitem>
+ <para>Specify one specific IP address to bind to.
+ Alternatively, a hostname can be specified, in which case
+ the IPv4 or IPv6 address which corresponds to that
+ hostname is used. Usually a hostname is specified when
+ <application>inetd</application> is run inside a
+ &man.jail.8;, in which case the hostname corresponds to
+ the &man.jail.8; environment.</para>
+
+ <para>When hostname specification is used and both IPv4
+ and IPv6 bindings are desired, one entry with the
+ appropriate protocol type for each binding is required
+ for each service in
+ <filename>/etc/inetd.conf</filename>. For example, a
+ TCP-based service would need two entries, one using
+ <literal>tcp4</literal> for the protocol and the other
+ using <literal>tcp6</literal>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p</term>
+
+ <listitem>
+ <para>Specify an alternate file in which to store the
+ process ID.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>These options can be passed to
+ <application>inetd</application> using the
+ <literal>inetd_flags</literal> option in
+ <filename>/etc/rc.conf</filename>. By default,
+ <literal>inetd_flags</literal> is set to
+ <literal>-wW</literal>, which turns on TCP wrapping for
+ <application>inetd</application>'s internal and external
+ services. For novice users, these parameters usually do not
+ need to be modified or even entered in
+ <filename>/etc/rc.conf</filename>.</para>
+
+ <note>
+ <para>An external service is a daemon outside of
+ <application>inetd</application>, which is invoked when a
+ connection is received for it. On the other hand, an
+ internal service is one that
+ <application>inetd</application> has the facility of
+ offering within itself.</para>
+ </note>
+
+ </sect2>
+
+ <sect2 id="network-inetd-conf">
+ <title><filename>inetd.conf</filename></title>
+
+ <para>Configuration of <application>inetd</application> is
+ controlled through the <filename>/etc/inetd.conf</filename>
+ file.</para>
+
+ <para>When a modification is made to
+ <filename>/etc/inetd.conf</filename>,
+ <application>inetd</application> can be forced to re-read its
+ configuration file by sending a HangUP signal to the
+ <application>inetd</application> process as shown:</para>
+
+ <example id="network-inetd-hangup">
+ <title>Sending <application>inetd</application> a HangUP Signal</title>
+
+ <screen>&prompt.root; <userinput>kill -HUP `cat /var/run/inetd.pid`</userinput></screen>
+ </example>
+
+ <para>Each line of the configuration file specifies an
+ individual daemon. Comments in the file are preceded by a
+ <quote>#</quote>. The format of
+ <filename>/etc/inetd.conf</filename> is as follows:</para>
+
+ <programlisting>service-name
+socket-type
+protocol
+{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]]
+user[:group][/login-class]
+server-program
+server-program-arguments</programlisting>
+
+ <para>An example entry for the <application>ftpd</application> daemon
+ using IPv4:</para>
+
+ <programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting>
+
+ <variablelist>
+ <varlistentry>
+ <term>service-name</term>
+
+ <listitem>
+ <para>This is the service name of the particular daemon.
+ It must correspond to a service listed in
+ <filename>/etc/services</filename>. This determines
+ which port <application>inetd</application> must listen
+ to. If a new service is being created, it must be
+ placed in <filename>/etc/services</filename>
+ first.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>socket-type</term>
+
+ <listitem>
+ <para>Either <literal>stream</literal>,
+ <literal>dgram</literal>, <literal>raw</literal>, or
+ <literal>seqpacket</literal>. <literal>stream</literal>
+ must be used for connection-based, TCP daemons, while
+ <literal>dgram</literal> is used for daemons utilizing
+ the <acronym>UDP</acronym> transport protocol.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>protocol</term>
+
+ <listitem>
+ <para>One of the following:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Protocol</entry>
+ <entry>Explanation</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>tcp, tcp4</entry>
+ <entry>TCP IPv4</entry>
+ </row>
+ <row>
+ <entry>udp, udp4</entry>
+ <entry>UDP IPv4</entry>
+ </row>
+ <row>
+ <entry>tcp6</entry>
+ <entry>TCP IPv6</entry>
+ </row>
+ <row>
+ <entry>udp6</entry>
+ <entry>UDP IPv6</entry>
+ </row>
+ <row>
+ <entry>tcp46</entry>
+ <entry>Both TCP IPv4 and v6</entry>
+ </row>
+ <row>
+ <entry>udp46</entry>
+ <entry>Both UDP IPv4 and v6</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]]</term>
+
+ <listitem>
+ <para><option>wait|nowait</option> indicates whether the
+ daemon invoked from <application>inetd</application> is
+ able to handle its own socket or not.
+ <option>dgram</option> socket types must use the
+ <option>wait</option> option, while stream socket
+ daemons, which are usually multi-threaded, should use
+ <option>nowait</option>. <option>wait</option> usually
+ hands off multiple sockets to a single daemon, while
+ <option>nowait</option> spawns a child daemon for each
+ new socket.</para>
+
+ <para>The maximum number of child daemons
+ <application>inetd</application> may spawn can be set
+ using the <option>max-child</option> option. If a limit
+ of ten instances of a particular daemon is needed, a
+ <literal>/10</literal> would be placed after
+ <option>nowait</option>.</para>
+
+ <para>In addition to <option>max-child</option>, another
+ option limiting the maximum connections from a single
+ place to a particular daemon can be enabled.
+ <option>max-connections-per-ip-per-minute</option> does
+ just this. A value of ten here would limit any particular
+ IP address connecting to a particular service to ten
+ attempts per minute. This is useful to prevent
+ intentional or unintentional resource consumption and
+ Denial of Service (DoS) attacks to a machine.</para>
+
+ <para>In this field, <option>wait</option> or
+ <option>nowait</option> is mandatory.
+ <option>max-child</option> and
+ <option>max-connections-per-ip-per-minute</option> are
+ optional.</para>
+
+ <para>A stream-type multi-threaded daemon without any
+ <option>max-child</option> or
+ <option>max-connections-per-ip-per-minute</option> limits
+ would simply be: <literal>nowait</literal>.</para>
+
+ <para>The same daemon with a maximum limit of ten daemons
+ would read: <literal>nowait/10</literal>.</para>
+
+ <para>Additionally, the same setup with a limit of twenty
+ connections per IP address per minute and a maximum
+ total limit of ten child daemons would read:
+ <literal>nowait/10/20</literal>.</para>
+
+ <para>These options are all utilized by the default
+ settings of the <application>fingerd</application> daemon,
+ as seen here:</para>
+
+ <programlisting>finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s</programlisting>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>user</term>
+
+ <listitem>
+ <para>This is the username that the particular daemon
+ should run as. Most commonly, daemons run as the
+ <username>root</username> user. For security purposes, it is
+ common to find some servers running as the
+ <username>daemon</username> user, or the least privileged
+ <username>nobody</username> user.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>server-program</term>
+
+ <listitem>
+ <para>The full path of the daemon to be executed when a
+ connection is received. If the daemon is a service
+ provided by <application>inetd</application> internally,
+ then <option>internal</option> should be
+ used.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>server-program-arguments</term>
+
+ <listitem>
+ <para>This works in conjunction with
+ <option>server-program</option> by specifying the
+ arguments, starting with <literal>argv[0]</literal>,
+ passed to the daemon on invocation. If
+ <command>mydaemon -d</command> is the command line,
+ <literal>mydaemon -d</literal> would be the value of
+ <option>server-program-arguments</option>. Again, if
+ the daemon is an internal service, use
+ <option>internal</option> here.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect2>
+
+ <sect2 id="network-inetd-security">
+ <title>Security</title>
+
+ <para>Depending on the security profile chosen at install, many
+ of <application>inetd</application>'s daemons may be enabled
+ by default. If there is no apparent need for a particular
+ daemon, disable it! Place a <quote>#</quote> in front of the
+ daemon in question in <filename>/etc/inetd.conf</filename>,
+ and then send a <link linkend="network-inetd-hangup">hangup
+ signal to inetd</link>. Some daemons, such as
+ <application>fingerd</application>, may not be desired at all
+ because they provide an attacker with too much
+ information.</para>
+
+ <para>Some daemons are not security-conscious and have long, or
+ non-existent timeouts for connection attempts. This allows an
+ attacker to slowly send connections to a particular daemon,
+ thus saturating available resources. It may be a good idea to
+ place <option>max-connections-per-ip-per-minute</option> and
+ <option>max-child</option> limitations on certain
+ daemons.</para>
+
+ <para>By default, TCP wrapping is turned on. Consult the
+ &man.hosts.access.5; manual page for more information on placing
+ TCP restrictions on various <application>inetd</application>
+ invoked daemons.</para>
+ </sect2>
+
+ <sect2 id="network-inetd-misc">
+ <title>Miscellaneous</title>
+
+ <para><application>daytime</application>,
+ <application>time</application>,
+ <application>echo</application>,
+ <application>discard</application>,
+ <application>chargen</application>, and
+ <application>auth</application> are all internally provided
+ services of <application>inetd</application>.</para>
+
+ <para>The <application>auth</application> service provides
+ identity (<application>ident</application>,
+ <application>identd</application>) network services, and is
+ configurable to a certain degree.</para>
+
+ <para>Consult the &man.inetd.8; manual page for more in-depth
+ information.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-nfs">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Reorganized and enhanced by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Bill</firstname>
+ <surname>Swingle</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Network File System (NFS)</title>
+
+ <indexterm><primary>NFS</primary></indexterm>
+ <para>Among the many different file systems that FreeBSD supports
+ is the Network File System, also known as <acronym role="Network
+ File System">NFS</acronym>. <acronym role="Network File
+ System">NFS</acronym> allows a system to share directories and
+ files with others over a network. By using <acronym
+ role="Network File System">NFS</acronym>, users and programs can
+ access files on remote systems almost as if they were local
+ files.</para>
+
+ <para>Some of the most notable benefits that
+ <acronym>NFS</acronym> can provide are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Local workstations use less disk space because commonly
+ used data can be stored on a single machine and still remain
+ accessible to others over the network.</para>
+ </listitem>
+
+ <listitem>
+ <para>There is no need for users to have separate home
+ directories on every network machine. Home directories
+ could be set up on the <acronym>NFS</acronym> server and
+ made available throughout the network.</para>
+ </listitem>
+
+ <listitem>
+ <para>Storage devices such as floppy disks, CDROM drives, and
+ &iomegazip; drives can be used by other machines on the network.
+ This may reduce the number of removable media drives
+ throughout the network.</para>
+ </listitem>
+ </itemizedlist>
+
+ <sect2>
+ <title>How <acronym>NFS</acronym> Works</title>
+
+ <para><acronym>NFS</acronym> consists of at least two main
+ parts: a server and one or more clients. The client remotely
+ accesses the data that is stored on the server machine. In
+ order for this to function properly a few processes have to be
+ configured and running.</para>
+
+ <note><para>Under &os;&nbsp;4.X, the <application>portmap</application>
+ utility is used in place of the
+ <application>rpcbind</application> utility. Thus, in &os;&nbsp;4.X
+ the user is required to replace every instance of
+ <application>rpcbind</application> with
+ <application>portmap</application> in the forthcoming
+ examples.</para></note>
+
+ <para>The server has to be running the following daemons:</para>
+ <indexterm>
+ <primary>NFS</primary>
+ <secondary>server</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>file server</primary>
+ <secondary>UNIX clients</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary><application>rpcbind</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>portmap</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>mountd</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>nfsd</application></primary>
+ </indexterm>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="3*">
+
+ <thead>
+ <row>
+ <entry>Daemon</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><application>nfsd</application></entry>
+ <entry>The <acronym>NFS</acronym> daemon which services
+ requests from the <acronym>NFS</acronym>
+ clients.</entry>
+ </row>
+ <row>
+ <entry><application>mountd</application></entry>
+ <entry>The <acronym>NFS</acronym> mount daemon which carries out
+ the requests that &man.nfsd.8; passes on to it.</entry>
+ </row>
+ <row>
+ <entry><application>rpcbind</application></entry>
+ <entry> This daemon allows
+ <acronym>NFS</acronym> clients to discover which port
+ the <acronym>NFS</acronym> server is using.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>The client can also run a daemon, known as
+ <application>nfsiod</application>. The
+ <application>nfsiod</application> daemon services the requests
+ from the <acronym>NFS</acronym> server. This is optional, and
+ improves performance, but is not required for normal and
+ correct operation. See the &man.nfsiod.8; manual page for
+ more information.
+ </para>
+ </sect2>
+
+ <sect2 id="network-configuring-nfs">
+ <title>Configuring <acronym>NFS</acronym></title>
+ <indexterm>
+ <primary>NFS</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+
+ <para><acronym>NFS</acronym> configuration is a relatively
+ straightforward process. The processes that need to be
+ running can all start at boot time with a few modifications to
+ your <filename>/etc/rc.conf</filename> file.</para>
+
+ <para>On the <acronym>NFS</acronym> server, make sure that the
+ following options are configured in the
+ <filename>/etc/rc.conf</filename> file:</para>
+
+ <programlisting>rpcbind_enable="YES"
+nfs_server_enable="YES"
+mountd_flags="-r"</programlisting>
+
+ <para><application>mountd</application> runs automatically
+ whenever the <acronym>NFS</acronym> server is enabled.</para>
+
+ <para>On the client, make sure this option is present in
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>nfs_client_enable="YES"</programlisting>
+
+ <para>The <filename>/etc/exports</filename> file specifies which
+ file systems <acronym>NFS</acronym> should export (sometimes
+ referred to as <quote>share</quote>). Each line in
+ <filename>/etc/exports</filename> specifies a file system to be
+ exported and which machines have access to that file system.
+ Along with what machines have access to that file system,
+ access options may also be specified. There are many such
+ options that can be used in this file but only a few will be
+ mentioned here. You can easily discover other options by
+ reading over the &man.exports.5; manual page.</para>
+
+ <para>Here are a few example <filename>/etc/exports</filename>
+ entries:</para>
+
+ <indexterm>
+ <primary>NFS</primary>
+ <secondary>export examples</secondary>
+ </indexterm>
+
+ <para>The following examples give an idea of how to export
+ file systems, although the settings may be different depending
+ on your environment and network configuration. For instance,
+ to export the <filename>/cdrom</filename> directory to three
+ example machines that have the same domain name as the server
+ (hence the lack of a domain name for each) or have entries in
+ your <filename>/etc/hosts</filename> file. The
+ <option>-ro</option> flag makes the exported file system
+ read-only. With this flag, the remote system will not be able
+ to write any changes to the exported file system.</para>
+
+ <programlisting>/cdrom -ro host1 host2 host3</programlisting>
+
+ <para>The following line exports <filename>/home</filename> to
+ three hosts by IP address. This is a useful setup if you have
+ a private network without a <acronym>DNS</acronym> server
+ configured. Optionally the <filename>/etc/hosts</filename>
+ file could be configured for internal hostnames; please review
+ &man.hosts.5; for more information. The
+ <option>-alldirs</option> flag allows the subdirectories to be
+ mount points. In other words, it will not mount the
+ subdirectories but permit the client to mount only the
+ directories that are required or needed.</para>
+
+ <programlisting>/home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4</programlisting>
+
+ <para>The following line exports <filename>/a</filename> so that
+ two clients from different domains may access the file system.
+ The <option>-maproot=root</option> flag allows the
+ <username>root</username> user on the remote system to write
+ data on the exported file system as <username>root</username>.
+ If the <literal>-maproot=root</literal> flag is not specified,
+ then even if a user has <username>root</username> access on
+ the remote system, he will not be able to modify files on
+ the exported file system.</para>
+
+ <programlisting>/a -maproot=root host.example.com box.example.org</programlisting>
+
+ <para>In order for a client to access an exported file system,
+ the client must have permission to do so. Make sure the
+ client is listed in your <filename>/etc/exports</filename>
+ file.</para>
+
+ <para>In <filename>/etc/exports</filename>, each line represents
+ the export information for one file system to one host. A
+ remote host can only be specified once per file system, and may
+ only have one default entry. For example, assume that
+ <filename>/usr</filename> is a single file system. The
+ following <filename>/etc/exports</filename> would be
+ invalid:</para>
+
+ <programlisting># Invalid when /usr is one file system
+/usr/src client
+/usr/ports client</programlisting>
+
+ <para>One file system, <filename>/usr</filename>, has two lines
+ specifying exports to the same host, <hostid>client</hostid>.
+ The correct format for this situation is:</para>
+
+ <programlisting>/usr/src /usr/ports client</programlisting>
+
+ <para>The properties of one file system exported to a given host
+ must all occur on one line. Lines without a client specified
+ are treated as a single host. This limits how you can export
+ file systems, but for most people this is not an issue.</para>
+
+ <para>The following is an example of a valid export list, where
+ <filename>/usr</filename> and <filename>/exports</filename>
+ are local file systems:</para>
+
+ <programlisting># Export src and ports to client01 and client02, but only
+# client01 has root privileges on it
+/usr/src /usr/ports -maproot=root client01
+/usr/src /usr/ports client02
+# The client machines have root and can mount anywhere
+# on /exports. Anyone in the world can mount /exports/obj read-only
+/exports -alldirs -maproot=root client01 client02
+/exports/obj -ro</programlisting>
+
+ <para>You must restart
+ <application>mountd</application> whenever you modify
+ <filename>/etc/exports</filename> so the changes can take effect.
+ This can be accomplished by sending the HUP signal
+ to the <command>mountd</command> process:</para>
+
+ <screen>&prompt.root; <userinput>kill -HUP `cat /var/run/mountd.pid`</userinput></screen>
+
+ <para>Alternatively, a reboot will make FreeBSD set everything
+ up properly. A reboot is not necessary though.
+ Executing the following commands as <username>root</username>
+ should start everything up.</para>
+
+ <para>On the <acronym>NFS</acronym> server:</para>
+
+ <screen>&prompt.root; <userinput>rpcbind</userinput>
+&prompt.root; <userinput>nfsd -u -t -n 4</userinput>
+&prompt.root; <userinput>mountd -r</userinput></screen>
+
+ <para>On the <acronym>NFS</acronym> client:</para>
+
+ <screen>&prompt.root; <userinput>nfsiod -n 4</userinput></screen>
+
+ <para>Now everything should be ready to actually mount a remote file
+ system. In these examples the
+ server's name will be <hostid>server</hostid> and the client's
+ name will be <hostid>client</hostid>. If you only want to
+ temporarily mount a remote file system or would rather test the
+ configuration, just execute a command like this as <username>root</username> on the
+ client:</para>
+ <indexterm>
+ <primary>NFS</primary>
+ <secondary>mounting</secondary>
+ </indexterm>
+ <screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen>
+
+ <para>This will mount the <filename>/home</filename> directory
+ on the server at <filename>/mnt</filename> on the client. If
+ everything is set up correctly you should be able to enter
+ <filename>/mnt</filename> on the client and see all the files
+ that are on the server.</para>
+
+ <para>If you want to automatically mount a remote file system
+ each time the computer boots, add the file system to the
+ <filename>/etc/fstab</filename> file. Here is an example:</para>
+
+ <programlisting>server:/home /mnt nfs rw 0 0</programlisting>
+
+ <para>The &man.fstab.5; manual page lists all the available
+ options.</para>
+ </sect2>
+
+ <sect2>
+ <title>Practical Uses</title>
+
+ <para><acronym>NFS</acronym> has many practical uses. Some of
+ the more common ones are listed below:</para>
+
+ <indexterm>
+ <primary>NFS</primary>
+ <secondary>uses</secondary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para>Set several machines to share a CDROM or other media
+ among them. This is cheaper and often a more convenient
+ method to install software on multiple machines.</para>
+ </listitem>
+
+ <listitem>
+ <para>On large networks, it might be more convenient to
+ configure a central <acronym>NFS</acronym> server in which
+ to store all the user home directories. These home
+ directories can then be exported to the network so that
+ users would always have the same home directory,
+ regardless of which workstation they log in to.</para>
+ </listitem>
+
+ <listitem>
+ <para>Several machines could have a common
+ <filename>/usr/ports/distfiles</filename> directory. That
+ way, when you need to install a port on several machines,
+ you can quickly access the source without downloading it
+ on each machine.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2 id="network-amd">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Wylie</firstname>
+ <surname>Stilwell</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Rewritten by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>Automatic Mounts with <application>amd</application></title>
+
+ <indexterm><primary>amd</primary></indexterm>
+ <indexterm><primary>automatic mounter daemon</primary></indexterm>
+
+ <para>&man.amd.8; (the automatic mounter daemon)
+ automatically mounts a
+ remote file system whenever a file or directory within that
+ file system is accessed. Filesystems that are inactive for a
+ period of time will also be automatically unmounted by
+ <application>amd</application>. Using
+ <application>amd</application> provides a simple alternative
+ to permanent mounts, as permanent mounts are usually listed in
+ <filename>/etc/fstab</filename>.</para>
+
+ <para><application>amd</application> operates by attaching
+ itself as an NFS server to the <filename>/host</filename> and
+ <filename>/net</filename> directories. When a file is accessed
+ within one of these directories, <application>amd</application>
+ looks up the corresponding remote mount and automatically mounts
+ it. <filename>/net</filename> is used to mount an exported
+ file system from an IP address, while <filename>/host</filename>
+ is used to mount an export from a remote hostname.</para>
+
+ <para>An access to a file within
+ <filename>/host/foobar/usr</filename> would tell
+ <application>amd</application> to attempt to mount the
+ <filename>/usr</filename> export on the host
+ <hostid>foobar</hostid>.</para>
+
+ <example>
+ <title>Mounting an Export with <application>amd</application></title>
+
+ <para>You can view the available mounts of a remote host with
+ the <command>showmount</command> command. For example, to
+ view the mounts of a host named <hostid>foobar</hostid>, you
+ can use:</para>
+
+ <screen>&prompt.user; <userinput>showmount -e foobar</userinput>
+Exports list on foobar:
+/usr 10.10.10.0
+/a 10.10.10.0
+&prompt.user; <userinput>cd /host/foobar/usr</userinput></screen>
+ </example>
+
+ <para>As seen in the example, the <command>showmount</command> shows
+ <filename>/usr</filename> as an export. When changing directories to
+ <filename>/host/foobar/usr</filename>, <application>amd</application>
+ attempts to resolve the hostname <hostid>foobar</hostid> and
+ automatically mount the desired export.</para>
+
+ <para><application>amd</application> can be started by the
+ startup scripts by placing the following lines in
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>amd_enable="YES"</programlisting>
+
+ <para>Additionally, custom flags can be passed to
+ <application>amd</application> from the
+ <varname>amd_flags</varname> option. By default,
+ <varname>amd_flags</varname> is set to:</para>
+
+ <programlisting>amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"</programlisting>
+
+ <para>The <filename>/etc/amd.map</filename> file defines the
+ default options that exports are mounted with. The
+ <filename>/etc/amd.conf</filename> file defines some of the more
+ advanced features of <application>amd</application>.</para>
+
+ <para>Consult the &man.amd.8; and &man.amd.conf.5; manual pages for more
+ information.</para>
+ </sect2>
+
+ <sect2 id="network-nfs-integration">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>John</firstname>
+ <surname>Lind</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>Problems Integrating with Other Systems</title>
+
+ <para>Certain Ethernet adapters for ISA PC systems have limitations
+ which can lead to serious network problems, particularly with NFS.
+ This difficulty is not specific to FreeBSD, but FreeBSD systems
+ are affected by it.</para>
+
+ <para>The problem nearly always occurs when (FreeBSD) PC systems are
+ networked with high-performance workstations, such as those made
+ by Silicon Graphics, Inc., and Sun Microsystems, Inc. The NFS
+ mount will work fine, and some operations may succeed, but
+ suddenly the server will seem to become unresponsive to the
+ client, even though requests to and from other systems continue to
+ be processed. This happens to the client system, whether the
+ client is the FreeBSD system or the workstation. On many systems,
+ there is no way to shut down the client gracefully once this
+ problem has manifested itself. The only solution is often to
+ reset the client, because the NFS situation cannot be
+ resolved.</para>
+
+ <para>Though the <quote>correct</quote> solution is to get a
+ higher performance and capacity Ethernet adapter for the
+ FreeBSD system, there is a simple workaround that will allow
+ satisfactory operation. If the FreeBSD system is the
+ <emphasis>server</emphasis>, include the option
+ <option>-w=1024</option> on the mount from the client. If the
+ FreeBSD system is the <emphasis>client</emphasis>, then mount
+ the NFS file system with the option <option>-r=1024</option>.
+ These options may be specified using the fourth field of the
+ <filename>fstab</filename> entry on the client for automatic
+ mounts, or by using the <option>-o</option> parameter of the
+ &man.mount.8; command for manual mounts.</para>
+
+ <para>It should be noted that there is a different problem,
+ sometimes mistaken for this one, when the NFS servers and
+ clients are on different networks. If that is the case, make
+ <emphasis>certain</emphasis> that your routers are routing the
+ necessary <acronym>UDP</acronym> information, or you will not get anywhere, no
+ matter what else you are doing.</para>
+
+ <para>In the following examples, <hostid>fastws</hostid> is the host
+ (interface) name of a high-performance workstation, and
+ <hostid>freebox</hostid> is the host (interface) name of a FreeBSD
+ system with a lower-performance Ethernet adapter. Also,
+ <filename>/sharedfs</filename> will be the exported NFS
+ file system (see &man.exports.5;), and
+ <filename>/project</filename> will be the mount point on the
+ client for the exported file system. In all cases, note that
+ additional options, such as <option>hard</option> or
+ <option>soft</option> and <option>bg</option> may be desirable in
+ your application.</para>
+
+ <para>Examples for the FreeBSD system (<hostid>freebox</hostid>)
+ as the client in <filename>/etc/fstab</filename> on
+ <hostid>freebox</hostid>:</para>
+
+ <programlisting>fastws:/sharedfs /project nfs rw,-r=1024 0 0</programlisting>
+
+ <para>As a manual mount command on <hostid>freebox</hostid>:</para>
+
+ <screen>&prompt.root; <userinput>mount -t nfs -o -r=1024 fastws:/sharedfs /project</userinput></screen>
+
+ <para>Examples for the FreeBSD system as the server in
+ <filename>/etc/fstab</filename> on
+ <hostid>fastws</hostid>:</para>
+
+ <programlisting>freebox:/sharedfs /project nfs rw,-w=1024 0 0</programlisting>
+
+ <para>As a manual mount command on <hostid>fastws</hostid>:</para>
+
+ <screen>&prompt.root; <userinput>mount -t nfs -o -w=1024 freebox:/sharedfs /project</userinput></screen>
+
+ <para>Nearly any 16-bit Ethernet adapter will allow operation
+ without the above restrictions on the read or write size.</para>
+
+ <para>For anyone who cares, here is what happens when the
+ failure occurs, which also explains why it is unrecoverable.
+ NFS typically works with a <quote>block</quote> size of
+ 8&nbsp;K (though it may do fragments of smaller sizes). Since
+ the maximum Ethernet packet is around 1500&nbsp;bytes, the NFS
+ <quote>block</quote> gets split into multiple Ethernet
+ packets, even though it is still a single unit to the
+ upper-level code, and must be received, assembled, and
+ <emphasis>acknowledged</emphasis> as a unit. The
+ high-performance workstations can pump out the packets which
+ comprise the NFS unit one right after the other, just as close
+ together as the standard allows. On the smaller, lower
+ capacity cards, the later packets overrun the earlier packets
+ of the same unit before they can be transferred to the host
+ and the unit as a whole cannot be reconstructed or
+ acknowledged. As a result, the workstation will time out and
+ try again, but it will try again with the entire 8&nbsp;K
+ unit, and the process will be repeated, ad infinitum.</para>
+
+ <para>By keeping the unit size below the Ethernet packet size
+ limitation, we ensure that any complete Ethernet packet
+ received can be acknowledged individually, avoiding the
+ deadlock situation.</para>
+
+ <para>Overruns may still occur when a high-performance
+ workstations is slamming data out to a PC system, but with the
+ better cards, such overruns are not guaranteed on NFS
+ <quote>units</quote>. When an overrun occurs, the units
+ affected will be retransmitted, and there will be a fair
+ chance that they will be received, assembled, and
+ acknowledged.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-nis">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Bill</firstname>
+ <surname>Swingle</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Eric</firstname>
+ <surname>Ogren</surname>
+ <contrib>Enhanced by </contrib>
+ </author>
+ <author>
+ <firstname>Udo</firstname>
+ <surname>Erdelhoff</surname>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Network Information System (NIS/YP)</title>
+
+ <sect2>
+ <title>What Is It?</title>
+ <indexterm><primary>NIS</primary></indexterm>
+ <indexterm><primary>Solaris</primary></indexterm>
+ <indexterm><primary>HP-UX</primary></indexterm>
+ <indexterm><primary>AIX</primary></indexterm>
+ <indexterm><primary>Linux</primary></indexterm>
+ <indexterm><primary>NetBSD</primary></indexterm>
+ <indexterm><primary>OpenBSD</primary></indexterm>
+
+ <para><acronym role="Network Information System">NIS</acronym>,
+ which stands for Network Information Services, was developed
+ by Sun Microsystems to centralize administration of &unix;
+ (originally &sunos;) systems. It has now essentially become
+ an industry standard; all major &unix; like systems
+ (&solaris;, HP-UX, &aix;, Linux, NetBSD, OpenBSD, FreeBSD,
+ etc) support <acronym role="Network Information
+ System">NIS</acronym>.</para>
+
+ <indexterm><primary>yellow pages</primary><see>NIS</see></indexterm>
+
+ <para><acronym role="Network Information System">NIS</acronym>
+ was formerly known as Yellow Pages, but because of trademark
+ issues, Sun changed the name. The old term (and yp) is still
+ often seen and used.</para>
+
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>domains</secondary>
+ </indexterm>
+
+ <para>It is a RPC-based client/server system that allows a group
+ of machines within an NIS domain to share a common set of
+ configuration files. This permits a system administrator to
+ set up NIS client systems with only minimal configuration data
+ and add, remove or modify configuration data from a single
+ location.</para>
+
+ <indexterm><primary>Windows NT</primary></indexterm>
+
+ <para>It is similar to the &windowsnt; domain system; although
+ the internal implementation of the two are not at all similar,
+ the basic functionality can be compared.</para>
+ </sect2>
+
+ <sect2>
+ <title>Terms/Processes You Should Know</title>
+
+ <para>There are several terms and several important user
+ processes that you will come across when attempting to
+ implement NIS on FreeBSD, whether you are trying to create an
+ NIS server or act as an NIS client:</para>
+
+ <indexterm>
+ <primary><application>rpcbind</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>portmap</application></primary>
+ </indexterm>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="3*">
+
+ <thead>
+ <row>
+ <entry>Term</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>NIS domainname</entry>
+
+ <entry>An NIS master server and all of its clients
+ (including its slave servers) have a NIS domainname.
+ Similar to an &windowsnt; domain name, the NIS
+ domainname does not have anything to do with
+ <acronym>DNS</acronym>.</entry>
+ </row>
+ <row>
+ <entry><application>rpcbind</application></entry>
+
+ <entry>Must be running in order to enable
+ <acronym>RPC</acronym> (Remote Procedure Call, a
+ network protocol used by NIS). If
+ <application>rpcbind</application> is not running, it
+ will be impossible to run an NIS server, or to act as
+ an NIS client (Under &os;&nbsp;4.X
+ <application>portmap</application> is used in place of
+ <application>rpcbind</application>).</entry>
+ </row>
+ <row>
+ <entry><application>ypbind</application></entry>
+
+ <entry><quote>Binds</quote> an NIS client to its NIS
+ server. It will take the NIS domainname from the
+ system, and using <acronym>RPC</acronym>, connect to
+ the server. <application>ypbind</application> is the
+ core of client-server communication in an NIS
+ environment; if <application>ypbind</application> dies
+ on a client machine, it will not be able to access the
+ NIS server.</entry>
+ </row>
+ <row>
+ <entry><application>ypserv</application></entry>
+ <entry>Should only be running on NIS servers; this is
+ the NIS server process itself. If &man.ypserv.8;
+ dies, then the server will no longer be able to
+ respond to NIS requests (hopefully, there is a slave
+ server to take over for it). There are some
+ implementations of NIS (but not the FreeBSD one), that
+ do not try to reconnect to another server if the
+ server it used before dies. Often, the only thing
+ that helps in this case is to restart the server
+ process (or even the whole server) or the
+ <application>ypbind</application> process on the
+ client.
+ </entry>
+ </row>
+ <row>
+ <entry><application>rpc.yppasswdd</application></entry>
+ <entry>Another process that should only be running on
+ NIS master servers; this is a daemon that will allow NIS
+ clients to change their NIS passwords. If this daemon
+ is not running, users will have to login to the NIS
+ master server and change their passwords there.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <!-- XXX Missing: rpc.ypxfrd (not important, though) May only run
+ on the master -->
+
+ </sect2>
+
+ <sect2>
+ <title>How Does It Work?</title>
+
+ <para>There are three types of hosts in an NIS environment:
+ master servers, slave servers, and clients. Servers act as a
+ central repository for host configuration information. Master
+ servers hold the authoritative copy of this information, while
+ slave servers mirror this information for redundancy. Clients
+ rely on the servers to provide this information to
+ them.</para>
+
+ <para>Information in many files can be shared in this manner.
+ The <filename>master.passwd</filename>,
+ <filename>group</filename>, and <filename>hosts</filename>
+ files are commonly shared via NIS. Whenever a process on a
+ client needs information that would normally be found in these
+ files locally, it makes a query to the NIS server that it is
+ bound to instead.</para>
+
+ <sect3>
+ <title>Machine Types</title>
+
+ <itemizedlist>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>master server</secondary>
+ </indexterm>
+ <listitem>
+ <para>A <emphasis>NIS master server</emphasis>. This
+ server, analogous to a &windowsnt; primary domain
+ controller, maintains the files used by all of the NIS
+ clients. The <filename>passwd</filename>,
+ <filename>group</filename>, and other various files used
+ by the NIS clients live on the master server.</para>
+
+ <note><para>It is possible for one machine to be an NIS
+ master server for more than one NIS domain. However,
+ this will not be covered in this introduction, which
+ assumes a relatively small-scale NIS
+ environment.</para></note>
+ </listitem>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>slave server</secondary>
+ </indexterm>
+ <listitem>
+ <para><emphasis>NIS slave servers</emphasis>. Similar to
+ the &windowsnt; backup domain controllers, NIS slave
+ servers maintain copies of the NIS master's data files.
+ NIS slave servers provide the redundancy, which is
+ needed in important environments. They also help to
+ balance the load of the master server: NIS Clients
+ always attach to the NIS server whose response they get
+ first, and this includes slave-server-replies.</para>
+ </listitem>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>client</secondary>
+ </indexterm>
+ <listitem>
+ <para><emphasis>NIS clients</emphasis>. NIS clients, like
+ most &windowsnt; workstations, authenticate against the
+ NIS server (or the &windowsnt; domain controller in the
+ &windowsnt; workstations case) to log on.</para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Using NIS/YP</title>
+
+ <para>This section will deal with setting up a sample NIS
+ environment.</para>
+
+ <note><para>This section assumes that you are running
+ FreeBSD&nbsp;3.3 or later. The instructions given here will
+ <emphasis>probably</emphasis> work for any version of FreeBSD
+ greater than 3.0, but there are no guarantees that this is
+ true.</para></note>
+
+
+ <sect3>
+ <title>Planning</title>
+
+ <para>Let us assume that you are the administrator of a small
+ university lab. This lab, which consists of 15 FreeBSD
+ machines, currently has no centralized point of
+ administration; each machine has its own
+ <filename>/etc/passwd</filename> and
+ <filename>/etc/master.passwd</filename>. These files are
+ kept in sync with each other only through manual
+ intervention; currently, when you add a user to the lab, you
+ must run <command>adduser</command> on all 15 machines.
+ Clearly, this has to change, so you have decided to convert
+ the lab to use NIS, using two of the machines as
+ servers.</para>
+
+ <para>Therefore, the configuration of the lab now looks something
+ like:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Machine name</entry>
+ <entry>IP address</entry>
+ <entry>Machine role</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><hostid>ellington</hostid></entry>
+ <entry><hostid role="ipaddr">10.0.0.2</hostid></entry>
+ <entry>NIS master</entry>
+ </row>
+ <row>
+ <entry><hostid>coltrane</hostid></entry>
+ <entry><hostid role="ipaddr">10.0.0.3</hostid></entry>
+ <entry>NIS slave</entry>
+ </row>
+ <row>
+ <entry><hostid>basie</hostid></entry>
+ <entry><hostid role="ipaddr">10.0.0.4</hostid></entry>
+ <entry>Faculty workstation</entry>
+ </row>
+ <row>
+ <entry><hostid>bird</hostid></entry>
+ <entry><hostid role="ipaddr">10.0.0.5</hostid></entry>
+ <entry>Client machine</entry>
+ </row>
+ <row>
+ <entry><hostid>cli[1-11]</hostid></entry>
+ <entry><hostid role="ipaddr">10.0.0.[6-17]</hostid></entry>
+ <entry>Other client machines</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>If you are setting up a NIS scheme for the first time, it
+ is a good idea to think through how you want to go about it. No
+ matter what the size of your network, there are a few decisions
+ that need to be made.</para>
+
+ <sect4>
+ <title>Choosing a NIS Domain Name</title>
+
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>domainname</secondary>
+ </indexterm>
+ <para>This might not be the <quote>domainname</quote> that
+ you are used to. It is more accurately called the
+ <quote>NIS domainname</quote>. When a client broadcasts
+ its requests for info, it includes the name of the NIS
+ domain that it is part of. This is how multiple servers
+ on one network can tell which server should answer which
+ request. Think of the NIS domainname as the name for a
+ group of hosts that are related in some way.</para>
+
+ <para>Some organizations choose to use their Internet
+ domainname for their NIS domainname. This is not
+ recommended as it can cause confusion when trying to debug
+ network problems. The NIS domainname should be unique
+ within your network and it is helpful if it describes the
+ group of machines it represents. For example, the Art
+ department at Acme Inc. might be in the
+ <quote>acme-art</quote> NIS domain. For this example,
+ assume you have chosen the name
+ <literal>test-domain</literal>.</para>
+
+ <indexterm><primary>SunOS</primary></indexterm>
+ <para>However, some operating systems (notably &sunos;) use
+ their NIS domain name as their Internet domain name. If one
+ or more machines on your network have this restriction, you
+ <emphasis>must</emphasis> use the Internet domain name as
+ your NIS domain name.</para>
+ </sect4>
+
+ <sect4>
+ <title>Physical Server Requirements</title>
+
+ <para>There are several things to keep in mind when choosing
+ a machine to use as a NIS server. One of the unfortunate
+ things about NIS is the level of dependency the clients
+ have on the server. If a client cannot contact the server
+ for its NIS domain, very often the machine becomes
+ unusable. The lack of user and group information causes
+ most systems to temporarily freeze up. With this in mind
+ you should make sure to choose a machine that will not be
+ prone to being rebooted regularly, or one that might be
+ used for development. The NIS server should ideally be a
+ stand alone machine whose sole purpose in life is to be an
+ NIS server. If you have a network that is not very
+ heavily used, it is acceptable to put the NIS server on a
+ machine running other services, just keep in mind that if
+ the NIS server becomes unavailable, it will affect
+ <emphasis>all</emphasis> of your NIS clients
+ adversely.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>NIS Servers</title>
+
+ <para> The canonical copies of all NIS information are stored
+ on a single machine called the NIS master server. The
+ databases used to store the information are called NIS maps.
+ In FreeBSD, these maps are stored in
+ <filename>/var/yp/[domainname]</filename> where
+ <filename>[domainname]</filename> is the name of the NIS
+ domain being served. A single NIS server can support
+ several domains at once, therefore it is possible to have
+ several such directories, one for each supported domain.
+ Each domain will have its own independent set of
+ maps.</para>
+
+ <para>NIS master and slave servers handle all NIS requests
+ with the <command>ypserv</command> daemon.
+ <command>ypserv</command> is responsible for receiving
+ incoming requests from NIS clients, translating the
+ requested domain and map name to a path to the corresponding
+ database file and transmitting data from the database back
+ to the client.</para>
+
+ <sect4>
+ <title>Setting Up a NIS Master Server</title>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>server configuration</secondary>
+ </indexterm>
+ <para>Setting up a master NIS server can be relatively
+ straight forward, depending on your needs. FreeBSD comes
+ with support for NIS out-of-the-box. All you need is to
+ add the following lines to
+ <filename>/etc/rc.conf</filename>, and FreeBSD will do the
+ rest for you.</para>
+
+ <procedure>
+ <step>
+ <para><programlisting>nisdomainname="test-domain"</programlisting>
+ This line will set the NIS domainname to
+ <literal>test-domain</literal>
+ upon network setup (e.g. after reboot).</para>
+ </step>
+ <step>
+ <para><programlisting>nis_server_enable="YES"</programlisting>
+ This will tell FreeBSD to start up the NIS server processes
+ when the networking is next brought up.</para>
+ </step>
+ <step>
+ <para><programlisting>nis_yppasswdd_enable="YES"</programlisting>
+ This will enable the <command>rpc.yppasswdd</command>
+ daemon which, as mentioned above, will allow users to
+ change their NIS password from a client machine.</para>
+ </step>
+ </procedure>
+
+ <note>
+ <para>Depending on your NIS setup, you may need to add
+ further entries. See the <link
+ linkend="network-nis-server-is-client">section about NIS
+ servers that are also NIS clients</link>, below, for
+ details.</para>
+ </note>
+
+ <para>Now, all you have to do is to run the command
+ <command>/etc/netstart</command> as superuser. It will
+ set up everything for you, using the values you defined in
+ <filename>/etc/rc.conf</filename>.</para>
+ </sect4>
+
+ <sect4>
+ <title>Initializing the NIS Maps</title>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>maps</secondary>
+ </indexterm>
+ <para>The <emphasis>NIS maps</emphasis> are database files,
+ that are kept in the <filename>/var/yp</filename>
+ directory. They are generated from configuration files in
+ the <filename>/etc</filename> directory of the NIS master,
+ with one exception: the
+ <filename>/etc/master.passwd</filename> file. This is for
+ a good reason, you do not want to propagate passwords to
+ your <username>root</username> and other administrative
+ accounts to all the servers in the NIS domain. Therefore,
+ before we initialize the NIS maps, you should:</para>
+
+ <screen>&prompt.root; <userinput>cp /etc/master.passwd /var/yp/master.passwd</userinput>
+&prompt.root; <userinput>cd /var/yp</userinput>
+&prompt.root; <userinput>vi master.passwd</userinput></screen>
+
+ <para>You should remove all entries regarding system
+ accounts (<username>bin</username>,
+ <username>tty</username>, <username>kmem</username>,
+ <username>games</username>, etc), as well as any accounts
+ that you do not want to be propagated to the NIS clients
+ (for example <username>root</username> and any other UID 0
+ (superuser) accounts).</para>
+
+ <note><para>Make sure the
+ <filename>/var/yp/master.passwd</filename> is neither group
+ nor world readable (mode 600)! Use the
+ <command>chmod</command> command, if appropriate.</para></note>
+
+ <indexterm><primary>Tru64 UNIX</primary></indexterm>
+
+ <para>When you have finished, it is time to initialize the
+ NIS maps! FreeBSD includes a script named
+ <command>ypinit</command> to do this for you (see its
+ manual page for more information). Note that this script
+ is available on most &unix; Operating Systems, but not on
+ all. On Digital UNIX/Compaq Tru64 UNIX it is called
+ <command>ypsetup</command>. Because we are generating
+ maps for an NIS master, we are going to pass the
+ <option>-m</option> option to <command>ypinit</command>.
+ To generate the NIS maps, assuming you already performed
+ the steps above, run:</para>
+
+ <screen>ellington&prompt.root; <userinput>ypinit -m test-domain</userinput>
+Server Type: MASTER Domain: test-domain
+Creating an YP server will require that you answer a few questions.
+Questions will all be asked at the beginning of the procedure.
+Do you want this procedure to quit on non-fatal errors? [y/n: n] <userinput>n</userinput>
+Ok, please remember to go back and redo manually whatever fails.
+If you don't, something might not work.
+At this point, we have to construct a list of this domains YP servers.
+rod.darktech.org is already known as master server.
+Please continue to add any slave servers, one per line. When you are
+done with the list, type a &lt;control D&gt;.
+master server : ellington
+next host to add: <userinput>coltrane</userinput>
+next host to add: <userinput>^D</userinput>
+The current list of NIS servers looks like this:
+ellington
+coltrane
+Is this correct? [y/n: y] <userinput>y</userinput>
+
+[..output from map generation..]
+
+NIS Map update completed.
+ellington has been setup as an YP master server without any errors.</screen>
+
+ <para><command>ypinit</command> should have created
+ <filename>/var/yp/Makefile</filename> from
+ <filename>/var/yp/Makefile.dist</filename>.
+ When created, this file assumes that you are operating
+ in a single server NIS environment with only FreeBSD
+ machines. Since <literal>test-domain</literal> has
+ a slave server as well, you must edit
+ <filename>/var/yp/Makefile</filename>:</para>
+
+ <screen>ellington&prompt.root; <userinput>vi /var/yp/Makefile</userinput></screen>
+
+ <para>You should comment out the line that says</para>
+
+ <programlisting>NOPUSH = "True"</programlisting>
+
+ <para>(if it is not commented out already).</para>
+ </sect4>
+
+ <sect4>
+ <title>Setting up a NIS Slave Server</title>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>slave server</secondary>
+ </indexterm>
+ <para>Setting up an NIS slave server is even more simple than
+ setting up the master. Log on to the slave server and edit the
+ file <filename>/etc/rc.conf</filename> as you did before.
+ The only difference is that we now must use the
+ <option>-s</option> option when running <command>ypinit</command>.
+ The <option>-s</option> option requires the name of the NIS
+ master be passed to it as well, so our command line looks
+ like:</para>
+
+ <screen>coltrane&prompt.root; <userinput>ypinit -s ellington test-domain</userinput>
+
+Server Type: SLAVE Domain: test-domain Master: ellington
+
+Creating an YP server will require that you answer a few questions.
+Questions will all be asked at the beginning of the procedure.
+
+Do you want this procedure to quit on non-fatal errors? [y/n: n] <userinput>n</userinput>
+
+Ok, please remember to go back and redo manually whatever fails.
+If you don't, something might not work.
+There will be no further questions. The remainder of the procedure
+should take a few minutes, to copy the databases from ellington.
+Transferring netgroup...
+ypxfr: Exiting: Map successfully transferred
+Transferring netgroup.byuser...
+ypxfr: Exiting: Map successfully transferred
+Transferring netgroup.byhost...
+ypxfr: Exiting: Map successfully transferred
+Transferring master.passwd.byuid...
+ypxfr: Exiting: Map successfully transferred
+Transferring passwd.byuid...
+ypxfr: Exiting: Map successfully transferred
+Transferring passwd.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring group.bygid...
+ypxfr: Exiting: Map successfully transferred
+Transferring group.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring services.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring rpc.bynumber...
+ypxfr: Exiting: Map successfully transferred
+Transferring rpc.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring protocols.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring master.passwd.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring networks.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring networks.byaddr...
+ypxfr: Exiting: Map successfully transferred
+Transferring netid.byname...
+ypxfr: Exiting: Map successfully transferred
+Transferring hosts.byaddr...
+ypxfr: Exiting: Map successfully transferred
+Transferring protocols.bynumber...
+ypxfr: Exiting: Map successfully transferred
+Transferring ypservers...
+ypxfr: Exiting: Map successfully transferred
+Transferring hosts.byname...
+ypxfr: Exiting: Map successfully transferred
+
+coltrane has been setup as an YP slave server without any errors.
+Don't forget to update map ypservers on ellington.</screen>
+
+ <para>You should now have a directory called
+ <filename>/var/yp/test-domain</filename>. Copies of the NIS
+ master server's maps should be in this directory. You will
+ need to make sure that these stay updated. The following
+ <filename>/etc/crontab</filename> entries on your slave
+ servers should do the job:</para>
+
+ <programlisting>20 * * * * root /usr/libexec/ypxfr passwd.byname
+21 * * * * root /usr/libexec/ypxfr passwd.byuid</programlisting>
+
+ <para>These two lines force the slave to sync its maps with
+ the maps on the master server. Although these entries are
+ not mandatory, since the master server attempts to ensure
+ any changes to its NIS maps are communicated to its slaves
+ and because password information is vital to systems
+ depending on the server, it is a good idea to force the
+ updates. This is more important on busy networks where map
+ updates might not always complete.</para>
+
+ <para>Now, run the command <command>/etc/netstart</command> on the
+ slave server as well, which again starts the NIS server.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>NIS Clients</title>
+
+ <para> An NIS client establishes what is called a binding to a
+ particular NIS server using the
+ <command>ypbind</command> daemon.
+ <command>ypbind</command> checks the system's default
+ domain (as set by the <command>domainname</command> command),
+ and begins broadcasting RPC requests on the local network.
+ These requests specify the name of the domain for which
+ <command>ypbind</command> is attempting to establish a binding.
+ If a server that has been configured to serve the requested
+ domain receives one of the broadcasts, it will respond to
+ <command>ypbind</command>, which will record the server's
+ address. If there are several servers available (a master and
+ several slaves, for example), <command>ypbind</command> will
+ use the address of the first one to respond. From that point
+ on, the client system will direct all of its NIS requests to
+ that server. <command>ypbind</command> will
+ occasionally <quote>ping</quote> the server to make sure it is
+ still up and running. If it fails to receive a reply to one of
+ its pings within a reasonable amount of time,
+ <command>ypbind</command> will mark the domain as unbound and
+ begin broadcasting again in the hopes of locating another
+ server.</para>
+
+ <sect4>
+ <title>Setting Up a NIS Client</title>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>client configuration</secondary>
+ </indexterm>
+ <para>Setting up a FreeBSD machine to be a NIS client is fairly
+ straightforward.</para>
+
+ <procedure>
+ <step>
+ <para>Edit the file <filename>/etc/rc.conf</filename> and
+ add the following lines in order to set the NIS domainname
+ and start <command>ypbind</command> upon network
+ startup:</para>
+
+ <programlisting>nisdomainname="test-domain"
+nis_client_enable="YES"</programlisting>
+ </step>
+
+ <step>
+ <para>To import all possible password entries from the NIS
+ server, remove all user accounts from your
+ <filename>/etc/master.passwd</filename> file and use
+ <command>vipw</command> to add the following line to
+ the end of the file:</para>
+
+ <programlisting>+:::::::::</programlisting>
+
+ <note>
+ <para>This line will afford anyone with a valid account in
+ the NIS server's password maps an account. There are
+ many ways to configure your NIS client by changing this
+ line. See the <link linkend="network-netgroups">netgroups
+ section</link> below for more information.
+ For more detailed reading see O'Reilly's book on
+ <literal>Managing NFS and NIS</literal>.</para>
+ </note>
+
+ <note>
+ <para>You should keep at least one local account (i.e.
+ not imported via NIS) in your
+ <filename>/etc/master.passwd</filename> and this
+ account should also be a member of the group
+ <groupname>wheel</groupname>. If there is something
+ wrong with NIS, this account can be used to log in
+ remotely, become <username>root</username>, and fix things.</para>
+ </note>
+ </step>
+
+ <step>
+ <para>To import all possible group entries from the NIS
+ server, add this line to your
+ <filename>/etc/group</filename> file:</para>
+
+ <programlisting>+:*::</programlisting>
+ </step>
+ </procedure>
+
+ <para>After completing these steps, you should be able to run
+ <command>ypcat passwd</command> and see the NIS server's
+ passwd map.</para>
+ </sect4>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>NIS Security</title>
+
+ <para>In general, any remote user can issue an RPC to
+ &man.ypserv.8; and retrieve the contents of your NIS maps,
+ provided the remote user knows your domainname. To prevent
+ such unauthorized transactions, &man.ypserv.8; supports a
+ feature called <quote>securenets</quote> which can be used to
+ restrict access to a given set of hosts. At startup,
+ &man.ypserv.8; will attempt to load the securenets information
+ from a file called
+ <filename>/var/yp/securenets</filename>.</para>
+
+ <note>
+ <para>This path varies depending on the path specified with the
+ <option>-p</option> option. This file contains entries that
+ consist of a network specification and a network mask separated
+ by white space. Lines starting with <quote>#</quote> are
+ considered to be comments. A sample securenets file might look
+ like this:</para>
+ </note>
+
+ <programlisting># allow connections from local host -- mandatory
+127.0.0.1 255.255.255.255
+# allow connections from any host
+# on the 192.168.128.0 network
+192.168.128.0 255.255.255.0
+# allow connections from any host
+# between 10.0.0.0 to 10.0.15.255
+# this includes the machines in the testlab
+10.0.0.0 255.255.240.0</programlisting>
+
+ <para>If &man.ypserv.8; receives a request from an address that
+ matches one of these rules, it will process the request
+ normally. If the address fails to match a rule, the request
+ will be ignored and a warning message will be logged. If the
+ <filename>/var/yp/securenets</filename> file does not exist,
+ <command>ypserv</command> will allow connections from any
+ host.</para>
+
+ <para>The <command>ypserv</command> program also has support for
+ Wietse Venema's <application>TCP Wrapper</application> package.
+ This allows the administrator to use the
+ <application>TCP Wrapper</application> configuration files for
+ access control instead of
+ <filename>/var/yp/securenets</filename>.</para>
+
+ <note>
+ <para>While both of these access control mechanisms provide some
+ security, they, like the privileged port test, are
+ vulnerable to <quote>IP spoofing</quote> attacks. All
+ NIS-related traffic should be blocked at your firewall.</para>
+
+ <para>Servers using <filename>/var/yp/securenets</filename>
+ may fail to serve legitimate NIS clients with archaic TCP/IP
+ implementations. Some of these implementations set all
+ host bits to zero when doing broadcasts and/or fail to
+ observe the subnet mask when calculating the broadcast
+ address. While some of these problems can be fixed by
+ changing the client configuration, other problems may force
+ the retirement of the client systems in question or the
+ abandonment of <filename>/var/yp/securenets</filename>.</para>
+
+ <para>Using <filename>/var/yp/securenets</filename> on a
+ server with such an archaic implementation of TCP/IP is a
+ really bad idea and will lead to loss of NIS functionality
+ for large parts of your network.</para>
+
+ <indexterm><primary>TCP Wrappers</primary></indexterm>
+ <para>The use of the <application>TCP Wrapper</application>
+ package increases the latency of your NIS server. The
+ additional delay may be long enough to cause timeouts in
+ client programs, especially in busy networks or with slow
+ NIS servers. If one or more of your client systems
+ suffers from these symptoms, you should convert the client
+ systems in question into NIS slave servers and force them
+ to bind to themselves.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Barring Some Users from Logging On</title>
+
+ <para>In our lab, there is a machine <hostid>basie</hostid> that
+ is supposed to be a faculty only workstation. We do not want
+ to take this machine out of the NIS domain, yet the
+ <filename>passwd</filename> file on the master NIS server
+ contains accounts for both faculty and students. What can we
+ do?</para>
+
+ <para>There is a way to bar specific users from logging on to a
+ machine, even if they are present in the NIS database. To do
+ this, all you must do is add
+ <literal>-<replaceable>username</replaceable></literal> to the
+ end of the <filename>/etc/master.passwd</filename> file on the
+ client machine, where <replaceable>username</replaceable> is
+ the username of the user you wish to bar from logging in.
+ This should preferably be done using <command>vipw</command>,
+ since <command>vipw</command> will sanity check your changes
+ to <filename>/etc/master.passwd</filename>, as well as
+ automatically rebuild the password database when you finish
+ editing. For example, if we wanted to bar user
+ <username>bill</username> from logging on to
+ <hostid>basie</hostid> we would:</para>
+
+ <screen>basie&prompt.root; <userinput>vipw</userinput>
+<userinput>[add -bill to the end, exit]</userinput>
+vipw: rebuilding the database...
+vipw: done
+
+basie&prompt.root; <userinput>cat /etc/master.passwd</userinput>
+
+root:[password]:0:0::0:0:The super-user:/root:/bin/csh
+toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh
+daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
+operator:*:2:5::0:0:System &:/:/sbin/nologin
+bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
+tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
+kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
+games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
+news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
+man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
+bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
+uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
+xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
+pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
+nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
++:::::::::
+-bill
+
+basie&prompt.root;</screen>
+ </sect2>
+
+ <sect2 id="network-netgroups">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Udo</firstname>
+ <surname>Erdelhoff</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Using Netgroups</title>
+ <indexterm><primary>netgroups</primary></indexterm>
+
+ <para>The method shown in the previous section works reasonably
+ well if you need special rules for a very small number of
+ users and/or machines. On larger networks, you
+ <emphasis>will</emphasis> forget to bar some users from logging
+ onto sensitive machines, or you may even have to modify each
+ machine separately, thus losing the main benefit of NIS:
+ <emphasis>centralized</emphasis> administration.</para>
+
+ <para>The NIS developers' solution for this problem is called
+ <emphasis>netgroups</emphasis>. Their purpose and semantics
+ can be compared to the normal groups used by &unix; file
+ systems. The main differences are the lack of a numeric ID
+ and the ability to define a netgroup by including both user
+ accounts and other netgroups.</para>
+
+ <para>Netgroups were developed to handle large, complex networks
+ with hundreds of users and machines. On one hand, this is
+ a Good Thing if you are forced to deal with such a situation.
+ On the other hand, this complexity makes it almost impossible to
+ explain netgroups with really simple examples. The example
+ used in the remainder of this section demonstrates this
+ problem.</para>
+
+ <para>Let us assume that your successful introduction of NIS in
+ your laboratory caught your superiors' interest. Your next
+ job is to extend your NIS domain to cover some of the other
+ machines on campus. The two tables contain the names of the
+ new users and new machines as well as brief descriptions of
+ them.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>User Name(s)</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><username>alpha</username>, <username>beta</username></entry>
+ <entry>Normal employees of the IT department</entry>
+ </row>
+
+ <row>
+ <entry><username>charlie</username>, <username>delta</username></entry>
+ <entry>The new apprentices of the IT department</entry>
+ </row>
+
+ <row>
+ <entry><username>echo</username>, <username>foxtrott</username>, <username>golf</username>, ...</entry>
+ <entry>Ordinary employees</entry>
+ </row>
+
+ <row>
+ <entry><username>able</username>, <username>baker</username>, ...</entry>
+ <entry>The current interns</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Machine Name(s)</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <!-- Names taken from "Good Omens" by Neil Gaiman and Terry
+ Pratchett. Many thanks for a brilliant book. -->
+
+ <entry><hostid>war</hostid>, <hostid>death</hostid>,
+ <hostid>famine</hostid>,
+ <hostid>pollution</hostid></entry>
+ <entry>Your most important servers. Only the IT
+ employees are allowed to log onto these
+ machines.</entry>
+ </row>
+ <row>
+ <!-- gluttony was omitted because it was too fat -->
+
+ <entry><hostid>pride</hostid>, <hostid>greed</hostid>,
+ <hostid>envy</hostid>, <hostid>wrath</hostid>,
+ <hostid>lust</hostid>, <hostid>sloth</hostid></entry>
+ <entry>Less important servers. All members of the IT
+ department are allowed to login onto these
+ machines.</entry>
+ </row>
+
+ <row>
+ <entry><hostid>one</hostid>, <hostid>two</hostid>,
+ <hostid>three</hostid>, <hostid>four</hostid>,
+ ...</entry>
+
+ <entry>Ordinary workstations. Only the
+ <emphasis>real</emphasis> employees are allowed to use
+ these machines.</entry>
+ </row>
+
+ <row>
+ <entry><hostid>trashcan</hostid></entry>
+ <entry>A very old machine without any critical data.
+ Even the intern is allowed to use this box.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>If you tried to implement these restrictions by separately
+ blocking each user, you would have to add one
+ <literal>-<replaceable>user</replaceable></literal> line to
+ each system's <filename>passwd</filename> for each user who is
+ not allowed to login onto that system. If you forget just one
+ entry, you could be in trouble. It may be feasible to do this
+ correctly during the initial setup, however you
+ <emphasis>will</emphasis> eventually forget to add the lines
+ for new users during day-to-day operations. After all, Murphy
+ was an optimist.</para>
+
+ <para>Handling this situation with netgroups offers several
+ advantages. Each user need not be handled separately; you
+ assign a user to one or more netgroups and allow or forbid
+ logins for all members of the netgroup. If you add a new
+ machine, you will only have to define login restrictions for
+ netgroups. If a new user is added, you will only have to add
+ the user to one or more netgroups. Those changes are
+ independent of each other: no more <quote>for each combination
+ of user and machine do...</quote> If your NIS setup is planned
+ carefully, you will only have to modify exactly one central
+ configuration file to grant or deny access to machines.</para>
+
+ <para>The first step is the initialization of the NIS map
+ netgroup. FreeBSD's &man.ypinit.8; does not create this map by
+ default, but its NIS implementation will support it once it has
+ been created. To create an empty map, simply type</para>
+
+ <screen>ellington&prompt.root; <userinput>vi /var/yp/netgroup</userinput></screen>
+
+ <para>and start adding content. For our example, we need at
+ least four netgroups: IT employees, IT apprentices, normal
+ employees and interns.</para>
+
+ <programlisting>IT_EMP (,alpha,test-domain) (,beta,test-domain)
+IT_APP (,charlie,test-domain) (,delta,test-domain)
+USERS (,echo,test-domain) (,foxtrott,test-domain) \
+ (,golf,test-domain)
+INTERNS (,able,test-domain) (,baker,test-domain)</programlisting>
+
+ <para><literal>IT_EMP</literal>, <literal>IT_APP</literal> etc.
+ are the names of the netgroups. Each bracketed group adds
+ one or more user accounts to it. The three fields inside a
+ group are:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>The name of the host(s) where the following items are
+ valid. If you do not specify a hostname, the entry is
+ valid on all hosts. If you do specify a hostname, you
+ will enter a realm of darkness, horror and utter confusion.</para>
+ </listitem>
+
+ <listitem>
+ <para>The name of the account that belongs to this
+ netgroup.</para>
+ </listitem>
+
+ <listitem>
+ <para>The NIS domain for the account. You can import
+ accounts from other NIS domains into your netgroup if you
+ are one of the unlucky fellows with more than one NIS
+ domain.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>Each of these fields can contain wildcards. See
+ &man.netgroup.5; for details.</para>
+
+ <note>
+ <indexterm><primary>netgroups</primary></indexterm>
+ <para>Netgroup names longer than 8 characters should not be
+ used, especially if you have machines running other
+ operating systems within your NIS domain. The names are
+ case sensitive; using capital letters for your netgroup
+ names is an easy way to distinguish between user, machine
+ and netgroup names.</para>
+
+ <para>Some NIS clients (other than FreeBSD) cannot handle
+ netgroups with a large number of entries. For example, some
+ older versions of &sunos; start to cause trouble if a netgroup
+ contains more than 15 <emphasis>entries</emphasis>. You can
+ circumvent this limit by creating several sub-netgroups with
+ 15 users or less and a real netgroup that consists of the
+ sub-netgroups:</para>
+
+ <programlisting>BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...]
+BIGGRP2 (,joe16,domain) (,joe17,domain) [...]
+BIGGRP3 (,joe31,domain) (,joe32,domain)
+BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3</programlisting>
+
+ <para>You can repeat this process if you need more than 225
+ users within a single netgroup.</para>
+ </note>
+
+ <para>Activating and distributing your new NIS map is
+ easy:</para>
+
+ <screen>ellington&prompt.root; <userinput>cd /var/yp</userinput>
+ellington&prompt.root; <userinput>make</userinput></screen>
+
+ <para>This will generate the three NIS maps
+ <filename>netgroup</filename>,
+ <filename>netgroup.byhost</filename> and
+ <filename>netgroup.byuser</filename>. Use &man.ypcat.1; to
+ check if your new NIS maps are available:</para>
+
+ <screen>ellington&prompt.user; <userinput>ypcat -k netgroup</userinput>
+ellington&prompt.user; <userinput>ypcat -k netgroup.byhost</userinput>
+ellington&prompt.user; <userinput>ypcat -k netgroup.byuser</userinput></screen>
+
+ <para>The output of the first command should resemble the
+ contents of <filename>/var/yp/netgroup</filename>. The second
+ command will not produce output if you have not specified
+ host-specific netgroups. The third command can be used to
+ get the list of netgroups for a user.</para>
+
+ <para>The client setup is quite simple. To configure the server
+ <hostid>war</hostid>, you only have to start
+ &man.vipw.8; and replace the line</para>
+
+ <programlisting>+:::::::::</programlisting>
+
+ <para>with</para>
+
+ <programlisting>+@IT_EMP:::::::::</programlisting>
+
+ <para>Now, only the data for the users defined in the netgroup
+ <literal>IT_EMP</literal> is imported into
+ <hostid>war</hostid>'s password database and only
+ these users are allowed to login.</para>
+
+ <para>Unfortunately, this limitation also applies to the
+ <literal>~</literal> function of the shell and all routines
+ converting between user names and numerical user IDs. In
+ other words, <command>cd
+ ~<replaceable>user</replaceable></command> will not work,
+ <command>ls -l</command> will show the numerical ID instead of
+ the username and <command>find . -user joe -print</command>
+ will fail with <errorname>No such user</errorname>. To fix
+ this, you will have to import all user entries
+ <emphasis>without allowing them to login onto your
+ servers</emphasis>.</para>
+
+ <para>This can be achieved by adding another line to
+ <filename>/etc/master.passwd</filename>. This line should
+ contain:</para>
+
+ <para><literal>+:::::::::/sbin/nologin</literal>, meaning
+ <quote>Import all entries but replace the shell with
+ <filename>/sbin/nologin</filename> in the imported
+ entries</quote>. You can replace any field in the
+ <literal>passwd</literal> entry by placing a default value in
+ your <filename>/etc/master.passwd</filename>.</para>
+
+ <!-- Been there, done that, got the scars to prove it - ue -->
+ <warning>
+ <para>Make sure that the line
+ <literal>+:::::::::/sbin/nologin</literal> is placed after
+ <literal>+@IT_EMP:::::::::</literal>. Otherwise, all user
+ accounts imported from NIS will have <filename>/sbin/nologin</filename> as their
+ login shell.</para>
+ </warning>
+
+ <para>After this change, you will only have to change one NIS
+ map if a new employee joins the IT department. You could use
+ a similar approach for the less important servers by replacing
+ the old <literal>+:::::::::</literal> in their local version
+ of <filename>/etc/master.passwd</filename> with something like
+ this:</para>
+
+ <programlisting>+@IT_EMP:::::::::
++@IT_APP:::::::::
++:::::::::/sbin/nologin</programlisting>
+
+ <para>The corresponding lines for the normal workstations
+ could be:</para>
+
+ <programlisting>+@IT_EMP:::::::::
++@USERS:::::::::
++:::::::::/sbin/nologin</programlisting>
+
+ <para>And everything would be fine until there is a policy
+ change a few weeks later: The IT department starts hiring
+ interns. The IT interns are allowed to use the normal
+ workstations and the less important servers; and the IT
+ apprentices are allowed to login onto the main servers. You
+ add a new netgroup <literal>IT_INTERN</literal>, add the new
+ IT interns to this netgroup and start to change the
+ configuration on each and every machine... As the old saying
+ goes: <quote>Errors in centralized planning lead to global
+ mess</quote>.</para>
+
+ <para>NIS' ability to create netgroups from other netgroups can
+ be used to prevent situations like these. One possibility
+ is the creation of role-based netgroups. For example, you
+ could create a netgroup called
+ <literal>BIGSRV</literal> to define the login
+ restrictions for the important servers, another netgroup
+ called <literal>SMALLSRV</literal> for the less
+ important servers and a third netgroup called
+ <literal>USERBOX</literal> for the normal
+ workstations. Each of these netgroups contains the netgroups
+ that are allowed to login onto these machines. The new
+ entries for your NIS map netgroup should look like this:</para>
+
+ <programlisting>BIGSRV IT_EMP IT_APP
+SMALLSRV IT_EMP IT_APP ITINTERN
+USERBOX IT_EMP ITINTERN USERS</programlisting>
+
+ <para>This method of defining login restrictions works
+ reasonably well if you can define groups of machines with
+ identical restrictions. Unfortunately, this is the exception
+ and not the rule. Most of the time, you will need the ability
+ to define login restrictions on a per-machine basis.</para>
+
+ <para>Machine-specific netgroup definitions are the other
+ possibility to deal with the policy change outlined above. In
+ this scenario, the <filename>/etc/master.passwd</filename> of
+ each box contains two lines starting with <quote>+</quote>.
+ The first of them adds a netgroup with the accounts allowed to
+ login onto this machine, the second one adds all other
+ accounts with <filename>/sbin/nologin</filename> as shell. It
+ is a good idea to use the <quote>ALL-CAPS</quote> version of
+ the machine name as the name of the netgroup. In other words,
+ the lines should look like this:</para>
+
+ <programlisting>+@<replaceable>BOXNAME</replaceable>:::::::::
++:::::::::/sbin/nologin</programlisting>
+
+ <para>Once you have completed this task for all your machines,
+ you will not have to modify the local versions of
+ <filename>/etc/master.passwd</filename> ever again. All
+ further changes can be handled by modifying the NIS map. Here
+ is an example of a possible netgroup map for this
+ scenario with some additional goodies:</para>
+
+ <programlisting># Define groups of users first
+IT_EMP (,alpha,test-domain) (,beta,test-domain)
+IT_APP (,charlie,test-domain) (,delta,test-domain)
+DEPT1 (,echo,test-domain) (,foxtrott,test-domain)
+DEPT2 (,golf,test-domain) (,hotel,test-domain)
+DEPT3 (,india,test-domain) (,juliet,test-domain)
+ITINTERN (,kilo,test-domain) (,lima,test-domain)
+D_INTERNS (,able,test-domain) (,baker,test-domain)
+#
+# Now, define some groups based on roles
+USERS DEPT1 DEPT2 DEPT3
+BIGSRV IT_EMP IT_APP
+SMALLSRV IT_EMP IT_APP ITINTERN
+USERBOX IT_EMP ITINTERN USERS
+#
+# And a groups for a special tasks
+# Allow echo and golf to access our anti-virus-machine
+SECURITY IT_EMP (,echo,test-domain) (,golf,test-domain)
+#
+# machine-based netgroups
+# Our main servers
+WAR BIGSRV
+FAMINE BIGSRV
+# User india needs access to this server
+POLLUTION BIGSRV (,india,test-domain)
+#
+# This one is really important and needs more access restrictions
+DEATH IT_EMP
+#
+# The anti-virus-machine mentioned above
+ONE SECURITY
+#
+# Restrict a machine to a single user
+TWO (,hotel,test-domain)
+# [...more groups to follow]</programlisting>
+
+ <para>If you are using some kind of database to manage your user
+ accounts, you should be able to create the first part of the
+ map with your database's report tools. This way, new users
+ will automatically have access to the boxes.</para>
+
+ <para>One last word of caution: It may not always be advisable
+ to use machine-based netgroups. If you are deploying a couple of
+ dozen or even hundreds of identical machines for student labs,
+ you should use role-based netgroups instead of machine-based
+ netgroups to keep the size of the NIS map within reasonable
+ limits.</para>
+ </sect2>
+
+ <sect2>
+ <title>Important Things to Remember</title>
+
+ <para>There are still a couple of things that you will need to do
+ differently now that you are in an NIS environment.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Every time you wish to add a user to the lab, you
+ must add it to the master NIS server <emphasis>only</emphasis>,
+ and <emphasis>you must remember to rebuild the NIS
+ maps</emphasis>. If you forget to do this, the new user will
+ not be able to login anywhere except on the NIS master.
+ For example, if we needed to add a new user
+ <username>jsmith</username> to the lab, we would:</para>
+
+ <screen>&prompt.root; <userinput>pw useradd jsmith</userinput>
+&prompt.root; <userinput>cd /var/yp</userinput>
+&prompt.root; <userinput>make test-domain</userinput></screen>
+
+ <para>You could also run <command>adduser jsmith</command> instead
+ of <command>pw useradd jsmith</command>.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Keep the administration accounts out of the
+ NIS maps</emphasis>. You do not want to be propagating
+ administrative accounts and passwords to machines that
+ will have users that should not have access to those
+ accounts.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Keep the NIS master and slave secure, and
+ minimize their downtime</emphasis>. If somebody either
+ hacks or simply turns off these machines, they have
+ effectively rendered many people without the ability to
+ login to the lab.</para>
+
+ <para>This is the chief weakness of any centralized administration
+ system. If you do
+ not protect your NIS servers, you will have a lot of angry
+ users!</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>NIS v1 Compatibility</title>
+
+ <para> FreeBSD's <application>ypserv</application> has some
+ support for serving NIS v1 clients. FreeBSD's NIS
+ implementation only uses the NIS v2 protocol, however other
+ implementations include support for the v1 protocol for
+ backwards compatibility with older systems. The
+ <application>ypbind</application> daemons supplied with these
+ systems will try to establish a binding to an NIS v1 server
+ even though they may never actually need it (and they may
+ persist in broadcasting in search of one even after they
+ receive a response from a v2 server). Note that while support
+ for normal client calls is provided, this version of
+ <application>ypserv</application> does not handle v1 map
+ transfer requests; consequently, it cannot be used as a master
+ or slave in conjunction with older NIS servers that only
+ support the v1 protocol. Fortunately, there probably are not
+ any such servers still in use today.</para>
+ </sect2>
+
+ <sect2 id="network-nis-server-is-client">
+ <title>NIS Servers That Are Also NIS Clients</title>
+
+ <para> Care must be taken when running
+ <application>ypserv</application> in a multi-server domain
+ where the server machines are also NIS clients. It is
+ generally a good idea to force the servers to bind to
+ themselves rather than allowing them to broadcast bind
+ requests and possibly become bound to each other. Strange
+ failure modes can result if one server goes down and others
+ are dependent upon it. Eventually all the clients will time
+ out and attempt to bind to other servers, but the delay
+ involved can be considerable and the failure mode is still
+ present since the servers might bind to each other all over
+ again.</para>
+
+ <para>You can force a host to bind to a particular server by running
+ <command>ypbind</command> with the <option>-S</option>
+ flag. If you do not want to do this manually each time you
+ reboot your NIS server, you can add the following lines to
+ your <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>nis_client_enable="YES" # run client stuff as well
+nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</replaceable>"</programlisting>
+
+ <para>See &man.ypbind.8; for further information.</para>
+ </sect2>
+
+ <sect2>
+ <title>Password Formats</title>
+ <indexterm>
+ <primary>NIS</primary>
+ <secondary>password formats</secondary>
+ </indexterm>
+ <para>One of the most common issues that people run into when trying
+ to implement NIS is password format compatibility. If your NIS
+ server is using DES encrypted passwords, it will only support
+ clients that are also using DES. For example, if you have
+ &solaris; NIS clients in your network, then you will almost certainly
+ need to use DES encrypted passwords.</para>
+
+ <para>To check which format your servers
+ and clients are using, look at <filename>/etc/login.conf</filename>.
+ If the host is configured to use DES encrypted passwords, then the
+ <literal>default</literal> class will contain an entry like this:</para>
+
+ <programlisting>default:\
+ :passwd_format=des:\
+ :copyright=/etc/COPYRIGHT:\
+ [Further entries elided]</programlisting>
+
+ <para>Other possible values for the <literal>passwd_format</literal>
+ capability include <literal>blf</literal> and <literal>md5</literal>
+ (for Blowfish and MD5 encrypted passwords, respectively).</para>
+
+ <para>If you have made changes to
+ <filename>/etc/login.conf</filename>, you will also need to
+ rebuild the login capability database, which is achieved by
+ running the following command as
+ <username>root</username>:</para>
+
+ <screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
+
+ <note><para>The format of passwords already in
+ <filename>/etc/master.passwd</filename> will not be updated
+ until a user changes his password for the first time
+ <emphasis>after</emphasis> the login capability database is
+ rebuilt.</para></note>
+
+ <para>Next, in order to ensure that passwords are encrypted with
+ the format that you have chosen, you should also check that
+ the <literal>crypt_default</literal> in
+ <filename>/etc/auth.conf</filename> gives precedence to your
+ chosen password format. To do this, place the format that you
+ have chosen first in the list. For example, when using DES
+ encrypted passwords, the entry would be:</para>
+
+ <programlisting>crypt_default = des blf md5</programlisting>
+
+ <para>Having followed the above steps on each of the &os; based
+ NIS servers and clients, you can be sure that they all agree
+ on which password format is used within your network. If you
+ have trouble authenticating on an NIS client, this is a pretty
+ good place to start looking for possible problems. Remember:
+ if you want to deploy an NIS server for a heterogenous
+ network, you will probably have to use DES on all systems
+ because it is the lowest common standard.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-dhcp">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Greg</firstname>
+ <surname>Sutter</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Automatic Network Configuration (DHCP)</title>
+
+ <sect2>
+ <title>What Is DHCP?</title>
+ <indexterm>
+ <primary>Dynamic Host Configuration Protocol</primary>
+ <see>DHCP</see>
+ </indexterm>
+ <indexterm>
+ <primary>Internet Software Consortium (ISC)</primary>
+ </indexterm>
+
+ <para>DHCP, the Dynamic Host Configuration Protocol, describes
+ the means by which a system can connect to a network and obtain the
+ necessary information for communication upon that network. FreeBSD
+ versions prior to 6.0 use the ISC (Internet Software
+ Consortium) DHCP client (&man.dhclient.8;) implementation.
+ Later versions use the OpenBSD <command>dhclient</command>
+ taken from OpenBSD&nbsp;3.7. All
+ information here regarding <command>dhclient</command> is for
+ use with either of the ISC or OpenBSD DHCP clients. The DHCP
+ server is the one included in the ISC distribution.</para>
+ </sect2>
+
+ <sect2>
+ <title>What This Section Covers</title>
+
+ <para>This section describes both the client-side components of the ISC and OpenBSD DHCP client and
+ server-side components of the ISC DHCP system. The
+ client-side program, <command>dhclient</command>, comes
+ integrated within FreeBSD, and the server-side portion is
+ available from the <filename
+ role="package">net/isc-dhcp3-server</filename> port. The
+ &man.dhclient.8;, &man.dhcp-options.5;, and
+ &man.dhclient.conf.5; manual pages, in addition to the
+ references below, are useful resources.</para>
+ </sect2>
+
+ <sect2>
+ <title>How It Works</title>
+ <indexterm><primary>UDP</primary></indexterm>
+ <para>When <command>dhclient</command>, the DHCP client, is
+ executed on the client machine, it begins broadcasting
+ requests for configuration information. By default, these
+ requests are on UDP port 68. The server replies on UDP 67,
+ giving the client an IP address and other relevant network
+ information such as netmask, router, and DNS servers. All of
+ this information comes in the form of a DHCP
+ <quote>lease</quote> and is only valid for a certain time
+ (configured by the DHCP server maintainer). In this manner,
+ stale IP addresses for clients no longer connected to the
+ network can be automatically reclaimed.</para>
+
+ <para>DHCP clients can obtain a great deal of information from
+ the server. An exhaustive list may be found in
+ &man.dhcp-options.5;.</para>
+ </sect2>
+
+ <sect2>
+ <title>FreeBSD Integration</title>
+
+ <para>&os; fully integrates the ISC or OpenBSD DHCP client,
+ <command>dhclient</command> (according to the &os; version you run). DHCP client support is provided
+ within both the installer and the base system, obviating the need
+ for detailed knowledge of network configurations on any network
+ that runs a DHCP server. <command>dhclient</command> has been
+ included in all FreeBSD distributions since 3.2.</para>
+ <indexterm>
+ <primary><application>sysinstall</application></primary>
+ </indexterm>
+
+ <para>DHCP is supported by
+ <application>sysinstall</application>. When configuring a
+ network interface within
+ <application>sysinstall</application>, the second question
+ asked is: <quote>Do you want to try DHCP configuration of
+ the interface?</quote>. Answering affirmatively will
+ execute <command>dhclient</command>, and if successful, will
+ fill in the network configuration information
+ automatically.</para>
+
+ <para>There are two things you must do to have your system use
+ DHCP upon startup:</para>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>requirements</secondary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para>Make sure that the <devicename>bpf</devicename>
+ device is compiled into your kernel. To do this, add
+ <literal>device bpf</literal> (<literal>pseudo-device
+ bpf</literal> under &os;&nbsp;4.X) to your kernel
+ configuration file, and rebuild the kernel. For more
+ information about building kernels, see <xref
+ linkend="kernelconfig">.</para> <para>The
+ <devicename>bpf</devicename> device is already part of
+ the <filename>GENERIC</filename> kernel that is supplied
+ with FreeBSD, so if you do not have a custom kernel, you
+ should not need to create one in order to get DHCP
+ working.</para>
+ <note>
+ <para>For those who are particularly security conscious,
+ you should be warned that <devicename>bpf</devicename>
+ is also the device that allows packet sniffers to work
+ correctly (although they still have to be run as
+ <username>root</username>). <devicename>bpf</devicename>
+ <emphasis>is</emphasis> required to use DHCP, but if
+ you are very sensitive about security, you probably
+ should not add <devicename>bpf</devicename> to your
+ kernel in the expectation that at some point in the
+ future you will be using DHCP.</para>
+ </note>
+ </listitem>
+ <listitem>
+ <para>Edit your <filename>/etc/rc.conf</filename> to
+ include the following:</para>
+
+ <programlisting>ifconfig_fxp0="DHCP"</programlisting>
+
+ <note>
+ <para>Be sure to replace <literal>fxp0</literal> with the
+ designation for the interface that you wish to dynamically
+ configure, as described in
+ <xref linkend="config-network-setup">.</para>
+ </note>
+
+ <para>If you are using a different location for
+ <command>dhclient</command>, or if you wish to pass additional
+ flags to <command>dhclient</command>, also include the
+ following (editing as necessary):</para>
+
+ <programlisting>dhcp_program="/sbin/dhclient"
+dhcp_flags=""</programlisting>
+ </listitem>
+ </itemizedlist>
+
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>server</secondary>
+ </indexterm>
+ <para>The DHCP server, <application>dhcpd</application>, is included
+ as part of the <filename
+ role="package">net/isc-dhcp3-server</filename> port in the ports
+ collection. This port contains the ISC DHCP server and
+ documentation.</para>
+ </sect2>
+
+ <sect2>
+ <title>Files</title>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>configuration files</secondary>
+ </indexterm>
+ <itemizedlist>
+ <listitem><para><filename>/etc/dhclient.conf</filename></para>
+ <para><command>dhclient</command> requires a configuration file,
+ <filename>/etc/dhclient.conf</filename>. Typically the file
+ contains only comments, the defaults being reasonably sane. This
+ configuration file is described by the &man.dhclient.conf.5;
+ manual page.</para>
+ </listitem>
+
+ <listitem><para><filename>/sbin/dhclient</filename></para>
+ <para><command>dhclient</command> is statically linked and
+ resides in <filename>/sbin</filename>. The &man.dhclient.8;
+ manual page gives more information about
+ <command>dhclient</command>.</para>
+ </listitem>
+
+ <listitem><para><filename>/sbin/dhclient-script</filename></para>
+ <para><command>dhclient-script</command> is the FreeBSD-specific
+ DHCP client configuration script. It is described in
+ &man.dhclient-script.8;, but should not need any user
+ modification to function properly.</para>
+ </listitem>
+
+ <listitem><para><filename>/var/db/dhclient.leases</filename></para>
+ <para>The DHCP client keeps a database of valid leases in this
+ file, which is written as a log. &man.dhclient.leases.5;
+ gives a slightly longer description.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Further Reading</title>
+
+ <para>The DHCP protocol is fully described in
+ <ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</ulink>.
+ An informational resource has also been set up at
+ <ulink url="http://www.dhcp.org/"></ulink>.</para>
+ </sect2>
+
+ <sect2 id="network-dhcp-server">
+ <title>Installing and Configuring a DHCP Server</title>
+
+ <sect3>
+ <title>What This Section Covers</title>
+
+ <para>This section provides information on how to configure
+ a FreeBSD system to act as a DHCP server using the ISC
+ (Internet Software Consortium) implementation of the DHCP
+ suite.</para>
+
+ <para>The server portion of the suite is not provided as part of
+ FreeBSD, and so you will need to install the
+ <filename role="package">net/isc-dhcp3-server</filename>
+ port to provide this service. See <xref linkend="ports"> for
+ more information on using the Ports Collection.</para>
+ </sect3>
+
+ <sect3>
+ <title>DHCP Server Installation</title>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>installation</secondary>
+ </indexterm>
+ <para>In order to configure your FreeBSD system as a DHCP
+ server, you will need to ensure that the &man.bpf.4;
+ device is compiled into your kernel. To do this, add
+ <literal>device bpf</literal> (<literal>pseudo-device
+ bpf</literal> under &os;&nbsp;4.X) to your kernel
+ configuration file, and rebuild the kernel. For more
+ information about building kernels, see <xref
+ linkend="kernelconfig">.</para>
+
+ <para>The <devicename>bpf</devicename> device is already
+ part of the <filename>GENERIC</filename> kernel that is
+ supplied with FreeBSD, so you do not need to create a custom
+ kernel in order to get DHCP working.</para>
+
+ <note>
+ <para>Those who are particularly security conscious
+ should note that <devicename>bpf</devicename>
+ is also the device that allows packet sniffers to work
+ correctly (although such programs still need privileged
+ access). <devicename>bpf</devicename>
+ <emphasis>is</emphasis> required to use DHCP, but if
+ you are very sensitive about security, you probably
+ should not include <devicename>bpf</devicename> in your
+ kernel purely because you expect to use DHCP at some
+ point in the future.</para>
+ </note>
+
+ <para>The next thing that you will need to do is edit the sample
+ <filename>dhcpd.conf</filename> which was installed by the
+ <filename role="package">net/isc-dhcp3-server</filename> port.
+ By default, this will be
+ <filename>/usr/local/etc/dhcpd.conf.sample</filename>, and you
+ should copy this to
+ <filename>/usr/local/etc/dhcpd.conf</filename> before proceeding
+ to make changes.</para>
+ </sect3>
+
+ <sect3>
+ <title>Configuring the DHCP Server</title>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>dhcpd.conf</secondary>
+ </indexterm>
+ <para><filename>dhcpd.conf</filename> is
+ comprised of declarations regarding subnets and hosts, and is
+ perhaps most easily explained using an example :</para>
+
+ <programlisting>option domain-name "example.com";<co id="domain-name">
+option domain-name-servers 192.168.4.100;<co id="domain-name-servers">
+option subnet-mask 255.255.255.0;<co id="subnet-mask">
+
+default-lease-time 3600;<co id="default-lease-time">
+max-lease-time 86400;<co id="max-lease-time">
+ddns-update-style none;<co id="ddns-update-style">
+
+subnet 192.168.4.0 netmask 255.255.255.0 {
+ range 192.168.4.129 192.168.4.254;<co id="range">
+ option routers 192.168.4.1;<co id="routers">
+}
+
+host mailhost {
+ hardware ethernet 02:03:04:05:06:07;<co id="hardware">
+ fixed-address mailhost.example.com;<co id="fixed-address">
+}</programlisting>
+
+ <calloutlist>
+ <callout arearefs="domain-name">
+ <para>This option specifies the domain that will be provided
+ to clients as the default search domain. See
+ &man.resolv.conf.5; for more information on what this
+ means.</para>
+ </callout>
+
+ <callout arearefs="domain-name-servers">
+ <para>This option specifies a comma separated list of DNS
+ servers that the client should use.</para>
+ </callout>
+
+ <callout arearefs="subnet-mask">
+ <para>The netmask that will be provided to clients.</para>
+ </callout>
+
+ <callout arearefs="default-lease-time">
+ <para>A client may request a specific length of time that a
+ lease will be valid. Otherwise the server will assign
+ a lease with this expiry value (in seconds).</para>
+ </callout>
+
+ <callout arearefs="max-lease-time">
+ <para>This is the maximum length of time that the server will
+ lease for. Should a client request a longer lease, a lease
+ will be issued, although it will only be valid for
+ <literal>max-lease-time</literal> seconds.</para>
+ </callout>
+
+ <callout arearefs="ddns-update-style">
+ <para>This option specifies whether the DHCP server should
+ attempt to update DNS when a lease is accepted or released.
+ In the ISC implementation, this option is
+ <emphasis>required</emphasis>.</para>
+ </callout>
+
+ <callout arearefs="range">
+ <para>This denotes which IP addresses should be used in
+ the pool reserved for allocating to clients. IP
+ addresses between, and including, the ones stated are
+ handed out to clients.</para>
+ </callout>
+
+ <callout arearefs="routers">
+ <para>Declares the default gateway that will be provided to
+ clients.</para>
+ </callout>
+
+ <callout arearefs="hardware">
+ <para>The hardware MAC address of a host (so that the DHCP server
+ can recognize a host when it makes a request).</para>
+ </callout>
+
+ <callout arearefs="fixed-address">
+ <para>Specifies that the host should always be given the
+ same IP address. Note that using a hostname is
+ correct here, since the DHCP server will resolve the
+ hostname itself before returning the lease
+ information.</para>
+ </callout>
+ </calloutlist>
+
+ <para>Once you have finished writing your
+ <filename>dhcpd.conf</filename>, you can proceed to start the
+ server by issuing the following command:</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/isc-dhcpd.sh start</userinput></screen>
+
+ <para>Should you need to make changes to the configuration of your
+ server in the future, it is important to note that sending a
+ <literal>SIGHUP</literal> signal to
+ <application>dhcpd</application> does <emphasis>not</emphasis>
+ result in the configuration being reloaded, as it does with most
+ daemons. You will need to send a <literal>SIGTERM</literal>
+ signal to stop the process, and then restart it using the command
+ above.</para>
+ </sect3>
+
+ <sect3>
+ <title>Files</title>
+ <indexterm>
+ <primary>DHCP</primary>
+ <secondary>configuration files</secondary>
+ </indexterm>
+ <itemizedlist>
+ <listitem><para><filename>/usr/local/sbin/dhcpd</filename></para>
+ <para><application>dhcpd</application> is statically linked and
+ resides in <filename>/usr/local/sbin</filename>. The
+ &man.dhcpd.8; manual page installed with the
+ port gives more information about
+ <application>dhcpd</application>.</para>
+ </listitem>
+
+ <listitem><para><filename>/usr/local/etc/dhcpd.conf</filename></para>
+ <para><application>dhcpd</application> requires a configuration
+ file, <filename>/usr/local/etc/dhcpd.conf</filename> before it
+ will start providing service to clients. This file needs to
+ contain all the information that should be provided to clients
+ that are being serviced, along with information regarding the
+ operation of the server. This configuration file is described
+ by the &man.dhcpd.conf.5; manual page installed
+ by the port.</para>
+ </listitem>
+
+ <listitem><para><filename>/var/db/dhcpd.leases</filename></para>
+ <para>The DHCP server keeps a database of leases it has issued
+ in this file, which is written as a log. The manual page
+ &man.dhcpd.leases.5;, installed by the port
+ gives a slightly longer description.</para>
+ </listitem>
+
+ <listitem><para><filename>/usr/local/sbin/dhcrelay</filename></para>
+ <para><application>dhcrelay</application> is used in advanced
+ environments where one DHCP server forwards a request from a
+ client to another DHCP server on a separate network. If you
+ require this functionality, then install the <filename
+ role="package">net/isc-dhcp3-relay</filename> port. The
+ &man.dhcrelay.8; manual page provided with the
+ port contains more detail.</para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="network-dns">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Domain Name System (DNS)</title>
+
+ <sect2>
+ <title>Overview</title>
+ <indexterm><primary>BIND</primary></indexterm>
+
+ <para>FreeBSD utilizes, by default, a version of BIND (Berkeley
+ Internet Name Domain), which is the most common implementation
+ of the DNS protocol. DNS is the protocol through which names
+ are mapped to IP addresses, and vice versa. For example, a
+ query for <hostid role="fqdn">www.FreeBSD.org</hostid> will
+ receive a reply with the IP address of The FreeBSD Project's
+ web server, whereas, a query for <hostid
+ role="fqdn">ftp.FreeBSD.org</hostid> will return the IP
+ address of the corresponding FTP machine. Likewise, the
+ opposite can happen. A query for an IP address can resolve
+ its hostname. It is not necessary to run a name server to
+ perform DNS lookups on a system.
+ </para>
+
+ <indexterm><primary>DNS</primary></indexterm>
+ <para>DNS is coordinated across the Internet through a somewhat
+ complex system of authoritative root name servers, and other
+ smaller-scale name servers who host and cache individual domain
+ information.
+ </para>
+
+ <para>
+ This document refers to BIND 8.x, as it is the stable version
+ used in &os;. Versions of &os;&nbsp;5.3 and beyond include
+ <acronym>BIND</acronym>9 and the configuration instructions
+ may be found later in this chapter. Users of &os;&nbsp;5.2
+ and other previous versions may install <acronym>BIND</acronym>9
+ from the <filename role="package">net/bind9</filename> port.</para>
+
+ <para>
+ RFC1034 and RFC1035 dictate the DNS protocol.
+ </para>
+
+ <para>
+ Currently, BIND is maintained by the
+ Internet Software Consortium <ulink url="http://www.isc.org/"></ulink>.
+ </para>
+ </sect2>
+
+ <sect2>
+ <title>Terminology</title>
+
+ <para>To understand this document, some terms related to DNS must be
+ understood.</para>
+
+ <indexterm><primary>resolver</primary></indexterm>
+ <indexterm><primary>reverse DNS</primary></indexterm>
+ <indexterm><primary>root zone</primary></indexterm>
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="3*">
+
+ <thead>
+ <row>
+ <entry>Term</entry>
+ <entry>Definition</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>Forward DNS</entry>
+ <entry>Mapping of hostnames to IP addresses</entry>
+ </row>
+
+ <row>
+ <entry>Origin</entry>
+ <entry>Refers to the domain covered in a particular zone
+ file</entry>
+ </row>
+
+ <row>
+ <entry><application>named</application>, BIND, name server</entry>
+ <entry>Common names for the BIND name server package within
+ FreeBSD</entry>
+ </row>
+
+ <row>
+ <entry>Resolver</entry>
+ <entry>A system process through which a
+ machine queries a name server for zone information</entry>
+ </row>
+
+ <row>
+ <entry>Reverse DNS</entry>
+ <entry>The opposite of forward DNS; mapping of IP addresses to
+ hostnames</entry>
+ </row>
+
+ <row>
+ <entry>Root zone</entry>
+
+ <entry>The beginning of the Internet zone hierarchy.
+ All zones fall under the root zone, similar to how
+ all files in a file system fall under the root directory.</entry>
+ </row>
+
+ <row>
+ <entry>Zone</entry>
+ <entry>An individual domain, subdomain, or portion of the DNS administered by
+ the same authority</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <indexterm>
+ <primary>zones</primary>
+ <secondary>examples</secondary>
+ </indexterm>
+
+ <para>Examples of zones:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para><hostid>.</hostid> is the root zone</para>
+ </listitem>
+ <listitem>
+ <para><hostid>org.</hostid> is a zone under the root zone</para>
+ </listitem>
+ <listitem>
+ <para><hostid role="domainname">example.org.</hostid> is a
+ zone under the <hostid>org.</hostid> zone</para>
+ </listitem>
+ <listitem>
+ <para><hostid role="domainname">foo.example.org.</hostid> is
+ a subdomain, a zone under the <hostid
+ role="domainname">example.org.</hostid> zone</para>
+ </listitem>
+ <listitem>
+ <para>
+ <hostid>1.2.3.in-addr.arpa</hostid> is a zone referencing
+ all IP addresses which fall under the <hostid
+ role="ipaddr">3.2.1.*</hostid> IP space.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>As one can see, the more specific part of a hostname
+ appears to its left. For example, <hostid
+ role="domainname">example.org.</hostid> is more specific than
+ <hostid>org.</hostid>, as <hostid>org.</hostid> is more
+ specific than the root zone. The layout of each part of a
+ hostname is much like a file system: the
+ <filename>/dev</filename> directory falls within the root, and
+ so on.</para>
+
+
+ </sect2>
+
+ <sect2>
+ <title>Reasons to Run a Name Server</title>
+
+ <para>Name servers usually come in two forms: an authoritative
+ name server, and a caching name server.</para>
+
+ <para>An authoritative name server is needed when:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>one wants to serve DNS information to the
+ world, replying authoritatively to queries.</para>
+ </listitem>
+ <listitem>
+ <para>a domain, such as <hostid role="domainname">example.org</hostid>, is
+ registered and IP addresses need to be assigned to hostnames
+ under it.</para>
+ </listitem>
+ <listitem>
+ <para>an IP address block requires reverse DNS entries (IP to
+ hostname).</para>
+ </listitem>
+ <listitem>
+ <para>a backup name server, called a slave, must reply to queries
+ when the primary is down or inaccessible.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>A caching name server is needed when:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>a local DNS server may cache and respond more quickly
+ than querying an outside name server.</para>
+ </listitem>
+ <listitem>
+ <para>a reduction in overall network traffic is desired (DNS
+ traffic has been measured to account for 5% or more of total
+ Internet traffic).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>When one queries for <hostid
+ role="fqdn">www.FreeBSD.org</hostid>, the resolver usually
+ queries the uplink ISP's name server, and retrieves the reply.
+ With a local, caching DNS server, the query only has to be
+ made once to the outside world by the caching DNS server.
+ Every additional query will not have to look to the outside of
+ the local network, since the information is cached
+ locally.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>How It Works</title>
+ <para>In FreeBSD, the BIND daemon is called
+ <application>named</application> for obvious reasons.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>File</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><application>named</application></entry>
+ <entry>the BIND daemon</entry>
+ </row>
+
+ <row>
+ <entry><command>ndc</command></entry>
+ <entry>name daemon control program</entry>
+ </row>
+
+ <row>
+ <entry><filename>/etc/namedb</filename></entry>
+ <entry>directory where BIND zone information resides</entry>
+ </row>
+
+ <row>
+ <entry><filename>/etc/namedb/named.conf</filename></entry>
+ <entry>daemon configuration file</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>
+ Zone files are usually contained within the
+ <filename>/etc/namedb</filename>
+ directory, and contain the DNS zone information
+ served by the name server.
+ </para>
+ </sect2>
+
+ <sect2>
+ <title>Starting BIND</title>
+ <indexterm>
+ <primary>BIND</primary>
+ <secondary>starting</secondary>
+ </indexterm>
+ <para>
+ Since BIND is installed by default, configuring it all is
+ relatively simple.
+ </para>
+ <para>
+ To ensure the <application>named</application> daemon is
+ started at boot, put the following line in
+ <filename>/etc/rc.conf</filename>:
+ </para>
+ <programlisting>named_enable="YES"</programlisting>
+ <para>To start the daemon manually (after configuring it):</para>
+ <screen>&prompt.root; <userinput>ndc start</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Configuration Files</title>
+ <indexterm>
+ <primary>BIND</primary>
+ <secondary>configuration files</secondary>
+ </indexterm>
+ <sect3>
+ <title>Using <command>make-localhost</command></title>
+ <para>Be sure to:
+ </para>
+ <screen>&prompt.root; <userinput>cd /etc/namedb</userinput>
+&prompt.root; <userinput>sh make-localhost</userinput></screen>
+ <para>to properly create the local reverse DNS zone file in
+ <filename>/etc/namedb/master/localhost.rev</filename>.
+ </para>
+ </sect3>
+
+ <sect3>
+ <title><filename>/etc/namedb/named.conf</filename></title>
+
+ <programlisting>// &dollar;FreeBSD$
+//
+// Refer to the named(8) manual page for details. If you are ever going
+// to setup a primary server, make sure you've understood the hairy
+// details of how DNS is working. Even with simple mistakes, you can
+// break connectivity for affected parties, or cause huge amount of
+// useless Internet traffic.
+
+options {
+ directory "/etc/namedb";
+
+// In addition to the "forwarders" clause, you can force your name
+// server to never initiate queries of its own, but always ask its
+// forwarders only, by enabling the following line:
+//
+// forward only;
+
+// If you've got a DNS server around at your upstream provider, enter
+// its IP address here, and enable the line below. This will make you
+// benefit from its cache, thus reduce overall DNS traffic in the
+Internet.
+/*
+ forwarders {
+ 127.0.0.1;
+ };
+*/</programlisting>
+
+ <para>
+ Just as the comment says, to benefit from an uplink's cache,
+ <literal>forwarders</literal> can be enabled here. Under normal
+ circumstances, a name server will recursively query the Internet
+ looking at certain name servers until it finds the answer it is
+ looking for. Having this enabled will have it query the uplink's
+ name server (or name server provided) first, taking advantage of
+ its cache. If the uplink name server in question is a heavily
+ trafficked, fast name server, enabling this may be worthwhile.
+ </para>
+
+ <warning><para><hostid role="ipaddr">127.0.0.1</hostid>
+ will <emphasis>not</emphasis> work here.
+ Change this IP address to a name server at your uplink.</para>
+ </warning>
+
+ <programlisting> /*
+ * If there is a firewall between you and name servers you want
+ * to talk to, you might need to uncomment the query-source
+ * directive below. Previous versions of BIND always asked
+ * questions using port 53, but BIND 8.1 uses an unprivileged
+ * port by default.
+ */
+ // query-source address * port 53;
+
+ /*
+ * If running in a sandbox, you may have to specify a different
+ * location for the dumpfile.
+ */
+ // dump-file "s/named_dump.db";
+};
+
+// Note: the following will be supported in a future release.
+/*
+host { any; } {
+ topology {
+ 127.0.0.0/8;
+ };
+};
+*/
+
+// Setting up secondaries is way easier and the rough picture for this
+// is explained below.
+//
+// If you enable a local name server, don't forget to enter 127.0.0.1
+// into your /etc/resolv.conf so this server will be queried first.
+// Also, make sure to enable it in /etc/rc.conf.
+
+zone "." {
+ type hint;
+ file "named.root";
+};
+
+zone "0.0.127.IN-ADDR.ARPA" {
+ type master;
+ file "localhost.rev";
+};
+
+// NB: Do not use the IP addresses below, they are faked, and only
+// serve demonstration/documentation purposes!
+//
+// Example secondary config entries. It can be convenient to become
+// a secondary at least for the zone where your own domain is in. Ask
+// your network administrator for the IP address of the responsible
+// primary.
+//
+// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
+// (This is the first bytes of the respective IP address, in reverse
+// order, with ".IN-ADDR.ARPA" appended.)
+//
+// Before starting to setup a primary zone, better make sure you fully
+// understand how DNS and BIND works, however. There are sometimes
+// unobvious pitfalls. Setting up a secondary is comparably simpler.
+//
+// NB: Don't blindly enable the examples below. :-) Use actual names
+// and addresses instead.
+//
+// NOTE!!! FreeBSD runs BIND in a sandbox (see named_flags in rc.conf).
+// The directory containing the secondary zones must be write accessible
+// to BIND. The following sequence is suggested:
+//
+// mkdir /etc/namedb/s
+// chown bind:bind /etc/namedb/s
+// chmod 750 /etc/namedb/s</programlisting>
+
+ <para>For more information on running BIND in a sandbox, see
+ <link linkend="network-named-sandbox">Running named in a sandbox</link>.
+ </para>
+
+ <programlisting>/*
+zone "example.com" {
+ type slave;
+ file "s/example.com.bak";
+ masters {
+ 192.168.1.1;
+ };
+};
+
+zone "0.168.192.in-addr.arpa" {
+ type slave;
+ file "s/0.168.192.in-addr.arpa.bak";
+ masters {
+ 192.168.1.1;
+ };
+};
+*/</programlisting>
+ <para>In <filename>named.conf</filename>, these are examples of slave
+ entries for a forward and reverse zone.</para>
+
+ <para>For each new zone served, a new zone entry must be added to
+ <filename>named.conf</filename>.</para>
+
+ <para>For example, the simplest zone entry for
+ <hostid role="domainname">example.org</hostid> can look like:</para>
+
+ <programlisting>zone "example.org" {
+ type master;
+ file "example.org";
+};</programlisting>
+
+ <para>The zone is a master, as indicated by the <option>type</option>
+ statement, holding its zone information in
+ <filename>/etc/namedb/example.org</filename> indicated by
+ the <option>file</option> statement.</para>
+
+ <programlisting>zone "example.org" {
+ type slave;
+ file "example.org";
+};</programlisting>
+
+ <para>In the slave case, the zone information is transferred from
+ the master name server for the particular zone, and saved in the
+ file specified. If and when the master server dies or is
+ unreachable, the slave name server will have the transferred
+ zone information and will be able to serve it.</para>
+ </sect3>
+
+ <sect3>
+ <title>Zone Files</title>
+ <para>
+ An example master zone file for <hostid
+ role="domainname">example.org</hostid> (existing within
+ <filename>/etc/namedb/example.org</filename>) is as follows:
+ </para>
+
+ <programlisting>$TTL 3600
+
+example.org. IN SOA ns1.example.org. admin.example.org. (
+ 5 ; Serial
+ 10800 ; Refresh
+ 3600 ; Retry
+ 604800 ; Expire
+ 86400 ) ; Minimum TTL
+
+; DNS Servers
+@ IN NS ns1.example.org.
+@ IN NS ns2.example.org.
+
+; Machine Names
+localhost IN A 127.0.0.1
+ns1 IN A 3.2.1.2
+ns2 IN A 3.2.1.3
+mail IN A 3.2.1.10
+@ IN A 3.2.1.30
+
+; Aliases
+www IN CNAME @
+
+; MX Record
+@ IN MX 10 mail.example.org.</programlisting>
+
+ <para>
+ Note that every hostname ending in a <quote>.</quote> is an
+ exact hostname, whereas everything without a trailing
+ <quote>.</quote> is referenced to the origin. For example,
+ <literal>www</literal> is translated into
+ <literal>www.<replaceable>origin</replaceable></literal>.
+ In our fictitious zone file, our origin is
+ <hostid>example.org.</hostid>, so <literal>www</literal>
+ would translate to <hostid>www.example.org.</hostid>
+ </para>
+
+ <para>
+ The format of a zone file follows:
+ </para>
+ <programlisting>recordname IN recordtype value</programlisting>
+
+ <indexterm>
+ <primary>DNS</primary>
+ <secondary>records</secondary>
+ </indexterm>
+ <para>
+ The most commonly used DNS records:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term>SOA</term>
+
+ <listitem><para>start of zone authority</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>NS</term>
+
+ <listitem><para>an authoritative name server</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>A</term>
+
+ <listitem><para>a host address</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>CNAME</term>
+
+ <listitem><para>the canonical name for an alias</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>MX</term>
+
+ <listitem><para>mail exchanger</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PTR</term>
+
+ <listitem><para>a domain name pointer (used in reverse DNS)
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <programlisting>
+example.org. IN SOA ns1.example.org. admin.example.org. (
+ 5 ; Serial
+ 10800 ; Refresh after 3 hours
+ 3600 ; Retry after 1 hour
+ 604800 ; Expire after 1 week
+ 86400 ) ; Minimum TTL of 1 day</programlisting>
+
+
+
+ <variablelist>
+ <varlistentry>
+ <term><hostid role="domainname">example.org.</hostid></term>
+
+ <listitem><para>the domain name, also the origin for this
+ zone file.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><hostid role="fqdn">ns1.example.org.</hostid></term>
+
+ <listitem><para>the primary/authoritative name server for this
+ zone.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>admin.example.org.</literal></term>
+
+ <listitem><para>the responsible person for this zone,
+ email address with <quote>@</quote>
+ replaced. (<email>admin@example.org</email> becomes
+ <literal>admin.example.org</literal>)</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>5</literal></term>
+
+ <listitem><para>the serial number of the file. This
+ must be incremented each time the zone file is
+ modified. Nowadays, many admins prefer a
+ <literal>yyyymmddrr</literal> format for the serial
+ number. <literal>2001041002</literal> would mean
+ last modified 04/10/2001, the latter
+ <literal>02</literal> being the second time the zone
+ file has been modified this day. The serial number
+ is important as it alerts slave name servers for a
+ zone when it is updated.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <programlisting>
+@ IN NS ns1.example.org.</programlisting>
+
+ <para>
+ This is an NS entry. Every name server that is going to reply
+ authoritatively for the zone must have one of these entries.
+ The <literal>@</literal> as seen here could have been
+ <hostid role="domainname">example.org.</hostid>
+ The <literal>@</literal> translates to the origin.
+ </para>
+
+ <programlisting>
+localhost IN A 127.0.0.1
+ns1 IN A 3.2.1.2
+ns2 IN A 3.2.1.3
+mail IN A 3.2.1.10
+@ IN A 3.2.1.30</programlisting>
+
+ <para>
+ The A record indicates machine names. As seen above,
+ <hostid role="fqdn">ns1.example.org</hostid> would resolve
+ to <hostid role="ipaddr">3.2.1.2</hostid>. Again, the
+ origin symbol, <literal>@</literal>, is used here, thus
+ meaning <hostid role="domainname">example.org</hostid> would
+ resolve to <hostid role="ipaddr">3.2.1.30</hostid>.
+ </para>
+
+ <programlisting>
+www IN CNAME @</programlisting>
+
+ <para>
+ The canonical name record is usually used for giving aliases
+ to a machine. In the example, <hostid>www</hostid> is
+ aliased to the machine addressed to the origin, or
+ <hostid role="domainname">example.org</hostid>
+ (<hostid role="ipaddr">3.2.1.30</hostid>).
+ CNAMEs can be used to provide alias
+ hostnames, or round robin one hostname among multiple
+ machines.
+ </para>
+
+ <indexterm>
+ <primary>MX record</primary>
+ </indexterm>
+
+ <programlisting>
+@ IN MX 10 mail.example.org.</programlisting>
+
+ <para>
+ The MX record indicates which mail
+ servers are responsible for handling incoming mail for the
+ zone. <hostid role="fqdn">mail.example.org</hostid> is the
+ hostname of the mail server, and 10 being the priority of
+ that mail server.
+ </para>
+
+ <para>
+ One can have several mail servers, with priorities of 3, 2,
+ 1. A mail server attempting to deliver to <hostid
+ role="domainname">example.org</hostid> would first try the
+ highest priority MX, then the second highest, etc, until the
+ mail can be properly delivered.
+ </para>
+
+ <para>
+ For in-addr.arpa zone files (reverse DNS), the same format is
+ used, except with PTR entries instead of
+ A or CNAME.
+ </para>
+
+ <programlisting>$TTL 3600
+
+1.2.3.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (
+ 5 ; Serial
+ 10800 ; Refresh
+ 3600 ; Retry
+ 604800 ; Expire
+ 3600 ) ; Minimum
+
+@ IN NS ns1.example.org.
+@ IN NS ns2.example.org.
+
+2 IN PTR ns1.example.org.
+3 IN PTR ns2.example.org.
+10 IN PTR mail.example.org.
+30 IN PTR example.org.</programlisting>
+
+ <para>This file gives the proper IP address to hostname
+ mappings of our above fictitious domain.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Caching Name Server</title>
+ <indexterm>
+ <primary>BIND</primary>
+ <secondary>caching name server</secondary>
+ </indexterm>
+
+ <para>A caching name server is a name server that is not
+ authoritative for any zones. It simply asks queries of its
+ own, and remembers them for later use. To set one up, just
+ configure the name server as usual, omitting any inclusions of
+ zones.</para>
+ </sect2>
+
+ <sect2 id="network-named-sandbox">
+ <title>Running <application>named</application> in a Sandbox</title>
+ <indexterm>
+ <primary>BIND</primary>
+ <secondary>running in a sandbox</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary><command>chroot</command></primary>
+ </indexterm>
+ <para>For added security you may want to run &man.named.8; as an
+ unprivileged user, and configure it to &man.chroot.8; into a
+ sandbox directory. This makes everything outside of the
+ sandbox inaccessible to the <application>named</application>
+ daemon. Should <application>named</application> be
+ compromised, this will help to reduce the damage that can be
+ caused. By default, FreeBSD has a user and a group called
+ <groupname>bind</groupname>, intended for this use.</para>
+
+ <note><para>Various people would recommend that instead of configuring
+ <application>named</application> to <command>chroot</command>, you
+ should run <application>named</application> inside a &man.jail.8;.
+ This section does not attempt to cover this situation.</para>
+ </note>
+
+ <para>Since <application>named</application> will not be able to
+ access anything outside of the sandbox (such as shared
+ libraries, log sockets, and so on), there are a number of steps
+ that need to be followed in order to allow
+ <application>named</application> to function correctly. In the
+ following checklist, it is assumed that the path to the sandbox
+ is <filename>/etc/namedb</filename> and that you have made no
+ prior modifications to the contents of this directory. Perform
+ the following steps as <username>root</username>:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Create all directories that <application>named</application>
+ expects to see:</para>
+
+ <screen>&prompt.root; <userinput>cd /etc/namedb</userinput>
+&prompt.root; <userinput>mkdir -p bin dev etc var/tmp var/run master slave</userinput>
+&prompt.root; <userinput>chown bind:bind slave var/*</userinput><co id="chown-slave"></screen>
+
+
+
+ <calloutlist>
+ <callout arearefs="chown-slave">
+ <para><application>named</application> only needs write access to
+ these directories, so that is all we give it.</para>
+ </callout>
+ </calloutlist>
+ </listitem>
+
+ <listitem>
+ <para>Rearrange and create basic zone and configuration files:</para>
+ <screen>&prompt.root; <userinput>cp /etc/localtime etc</userinput><co id="localtime">
+&prompt.root; <userinput>mv named.conf etc && ln -sf etc/named.conf</userinput>
+&prompt.root; <userinput>mv named.root master</userinput>
+<!-- I don't like this next bit -->
+&prompt.root; <userinput>sh make-localhost</userinput>
+&prompt.root; <userinput>cat > master/named.localhost
+$ORIGIN localhost.
+$TTL 6h
+@ IN SOA localhost. postmaster.localhost. (
+ 1 ; serial
+ 3600 ; refresh
+ 1800 ; retry
+ 604800 ; expiration
+ 3600 ) ; minimum
+ IN NS localhost.
+ IN A 127.0.0.1
+^D</userinput></screen>
+
+ <calloutlist>
+ <callout arearefs="localtime">
+ <para>This allows <application>named</application> to log the
+ correct time to &man.syslogd.8;.</para>
+ </callout>
+ </calloutlist>
+ </listitem>
+
+ <listitem>
+
+ <indexterm><primary>syslog</primary></indexterm>
+ <indexterm><primary>log files</primary>
+ <secondary>named</secondary></indexterm>
+
+ <para>If you are running a version of &os; prior to 4.9-RELEASE, build a statically linked copy of
+ <application>named-xfer</application>, and copy it into the sandbox:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/lib/libisc</userinput>
+&prompt.root; <userinput>make cleandir && make cleandir && make depend && make all</userinput>
+&prompt.root; <userinput>cd /usr/src/lib/libbind</userinput>
+&prompt.root; <userinput>make cleandir && make cleandir && make depend && make all</userinput>
+&prompt.root; <userinput>cd /usr/src/libexec/named-xfer</userinput>
+&prompt.root; <userinput>make cleandir && make cleandir && make depend && make NOSHARED=yes all</userinput>
+&prompt.root; <userinput>cp named-xfer /etc/namedb/bin && chmod 555 /etc/namedb/bin/named-xfer</userinput><co id="clean-cruft"></screen>
+
+ <para>After your statically linked
+ <command>named-xfer</command> is installed some cleaning up
+ is required, to avoid leaving stale copies of libraries or
+ programs in your source tree:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src/lib/libisc</userinput>
+&prompt.root; <userinput>make cleandir</userinput>
+&prompt.root; <userinput>cd /usr/src/lib/libbind</userinput>
+&prompt.root; <userinput>make cleandir</userinput>
+&prompt.root; <userinput>cd /usr/src/libexec/named-xfer</userinput>
+&prompt.root; <userinput>make cleandir</userinput></screen>
+
+ <calloutlist>
+ <callout arearefs="clean-cruft">
+ <para>This step has been reported to fail occasionally. If this
+ happens to you, then issue the command:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/src && make cleandir && make cleandir</userinput></screen>
+
+ <para>and delete your <filename>/usr/obj</filename> tree:</para>
+
+ <screen>&prompt.root; <userinput>rm -fr /usr/obj && mkdir /usr/obj</userinput></screen>
+
+ <para>This will clean out any <quote>cruft</quote> from your
+ source tree, and retrying the steps above should then work.</para>
+ </callout>
+ </calloutlist>
+
+ <para>If you are running &os; version 4.9-RELEASE or later,
+ then the copy of <command>named-xfer</command> in
+ <filename>/usr/libexec</filename> is statically linked by
+ default, and you can simply use &man.cp.1; to copy it into
+ your sandbox.</para>
+ </listitem>
+
+ <listitem>
+ <para>Make a <filename>dev/null</filename> that
+ <application>named</application> can see and write to:</para>
+
+ <screen>&prompt.root; <userinput>cd /etc/namedb/dev && mknod null c 2 2</userinput>
+&prompt.root; <userinput>chmod 666 null</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>Symlink <filename> /var/run/ndc</filename> to
+ <filename>/etc/namedb/var/run/ndc</filename>:</para>
+
+ <screen>&prompt.root; <userinput>ln -sf /etc/namedb/var/run/ndc /var/run/ndc</userinput></screen>
+
+ <note>
+ <para>This simply avoids having to specify the
+ <option>-c</option> option to &man.ndc.8; every time you
+ run it. Since the contents of
+ <filename>/var/run</filename> are deleted on boot, it may
+ be useful to add this command to
+ <username>root</username>'s &man.crontab.5;, using the
+ <option>@reboot</option> option.</para>
+ </note>
+
+ </listitem>
+
+ <listitem>
+
+ <indexterm><primary>syslog</primary></indexterm>
+ <indexterm><primary>log files</primary>
+ <secondary>named</secondary></indexterm>
+
+ <para>Configure &man.syslogd.8; to create an extra
+ <devicename>log</devicename> socket that
+ <application>named</application> can write to. To do this,
+ add <literal>-l /etc/namedb/dev/log</literal> to the
+ <varname>syslogd_flags</varname> variable in
+ <filename>/etc/rc.conf</filename>.</para>
+ </listitem>
+
+ <listitem>
+
+ <indexterm><primary><command>chroot</command></primary></indexterm>
+
+ <para>Arrange to have <application>named</application> start
+ and <command>chroot</command> itself to the sandbox by
+ adding the following to
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>named_enable="YES"
+named_flags="-u bind -g bind -t /etc/namedb /etc/named.conf"</programlisting>
+
+ <note>
+ <para>Note that the configuration file
+ <replaceable>/etc/named.conf</replaceable> is denoted by a full
+ pathname <emphasis>relative to the sandbox</emphasis>, i.e. in
+ the line above, the file referred to is actually
+ <filename>/etc/namedb/etc/named.conf</filename>.</para>
+ </note>
+ </listitem>
+ </itemizedlist>
+
+ <para>The next step is to edit
+ <filename>/etc/namedb/etc/named.conf</filename> so that
+ <application>named</application> knows which zones to load and
+ where to find them on the disk. There follows a commented
+ example (anything not specifically commented here is no
+ different from the setup for a DNS server not running in a
+ sandbox):</para>
+
+ <programlisting>options {
+ directory "/";<co id="directory">
+ named-xfer "/bin/named-xfer";<co id="named-xfer">
+ version ""; // Don't reveal BIND version
+ query-source address * port 53;
+};
+// ndc control socket
+controls {
+ unix "/var/run/ndc" perm 0600 owner 0 group 0;
+};
+// Zones follow:
+zone "localhost" IN {
+ type master;
+ file "master/named.localhost";<co id="master">
+ allow-transfer { localhost; };
+ notify no;
+};
+zone "0.0.127.in-addr.arpa" IN {
+ type master;
+ file "master/localhost.rev";
+ allow-transfer { localhost; };
+ notify no;
+};
+zone "." IN {
+ type hint;
+ file "master/named.root";
+};
+zone "private.example.net" in {
+ type master;
+ file "master/private.example.net.db";
+ allow-transfer { 192.168.10.0/24; };
+};
+zone "10.168.192.in-addr.arpa" in {
+ type slave;
+ masters { 192.168.10.2; };
+ file "slave/192.168.10.db";<co id="slave">
+};</programlisting>
+
+ <calloutlist>
+ <callout arearefs="directory">
+ <para>The
+ <literal>directory</literal> statement is specified as
+ <filename>/</filename>, since all files that
+ <application>named</application> needs are within this
+ directory (recall that this is equivalent to a
+ <quote>normal</quote> user's
+ <filename>/etc/namedb</filename>).</para>
+ </callout>
+
+ <callout arearefs="named-xfer">
+ <para>Specifies the full path
+ to the <command>named-xfer</command> binary (from
+ <application>named</application>'s frame of reference). This
+ is necessary since <application>named</application> is
+ compiled to look for <command>named-xfer</command> in
+ <filename>/usr/libexec</filename> by default.</para>
+ </callout>
+ <callout arearefs="master"><para>Specifies the filename (relative
+ to the <literal>directory</literal> statement above) where
+ <application>named</application> can find the zone file for this
+ zone.</para>
+ </callout>
+ <callout arearefs="slave"><para>Specifies the filename
+ (relative to the <literal>directory</literal> statement above)
+ where <application>named</application> should write a copy of
+ the zone file for this zone after successfully transferring it
+ from the master server. This is why we needed to change the
+ ownership of the directory <filename>slave</filename> to
+ <groupname>bind</groupname> in the setup stages above.</para>
+ </callout>
+ </calloutlist>
+
+ <para>After completing the steps above, either reboot your
+ server or restart &man.syslogd.8; and start &man.named.8;, making
+ sure to use the new options specified in
+ <varname>syslogd_flags</varname> and
+ <varname>named_flags</varname>. You should now be running a
+ sandboxed copy of <application>named</application>!</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Security</title>
+
+ <para>Although BIND is the most common implementation of DNS,
+ there is always the issue of security. Possible and
+ exploitable security holes are sometimes found.
+ </para>
+
+ <para>
+ It is a good idea to read <ulink
+ url="http://www.cert.org/">CERT</ulink>'s security advisories and
+ to subscribe to the &a.security-notifications;
+ to stay up to date with the current Internet and FreeBSD security
+ issues.
+ </para>
+
+ <tip><para>If a problem arises, keeping sources up to date and
+ having a fresh build of <application>named</application> would
+ not hurt.</para></tip>
+ </sect2>
+
+ <sect2>
+ <title>Further Reading</title>
+
+ <para>BIND/<application>named</application> manual pages:
+ &man.ndc.8; &man.named.8; &man.named.conf.5;</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink
+ url="http://www.isc.org/products/BIND/">Official ISC BIND
+ Page</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.nominum.com/getOpenSourceResource.php?id=6">
+ BIND FAQ</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.oreilly.com/catalog/dns4/">O'Reilly
+ DNS and BIND 4th Edition</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="ftp://ftp.isi.edu/in-notes/rfc1034.txt">RFC1034
+ - Domain Names - Concepts and Facilities</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="ftp://ftp.isi.edu/in-notes/rfc1035.txt">RFC1035
+ - Domain Names - Implementation and Specification</ulink></para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-bind9">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title><acronym>BIND</acronym>9 and &os;</title>
+
+<!-- This section is here to get users up with BIND9 configurations! It
+ does not cover the terminology, theoretical discussion (why run a name
+ server) or the further reading which is still in the previous section.
+ I did things this way to avoid repetition of content and obviously we
+ cannot just remove the previous section since other supported releases
+ use it. When the previous section is removed then those comments
+ should be moved here. // Tom Rhodes -->
+
+ <indexterm><primary>bind9</primary>
+ <secondary>setting up</secondary></indexterm>
+
+ <para>The release of &os;&nbsp;5.3 brought the
+ <acronym>BIND</acronym>9 <acronym>DNS</acronym> server software
+ into the distribution. New security features, a new file system
+ layout and automated &man.chroot.8; configuration came with the
+ import. This section has been written in two parts, the first
+ will discuss new features and their configuration; the latter
+ will cover upgrades to aid in move to &os;&nbsp;5.3. From this
+ moment on, the server will be referred to simply as
+ &man.named.8; in place of <acronym>BIND</acronym>. This section
+ skips over the terminology described in the previous section as
+ well as some of the theoretical discussions; thus, it is
+ recommended that the previous section be consulted before reading
+ any further here.</para>
+
+ <para>Configuration files for <application>named</application> currently
+ reside in
+ <filename class="directory">/var/named/etc/namedb/</filename> and
+ will need modification before use. This is where most of the
+ configuration will be performed.</para>
+
+ <sect2>
+ <title>Configuration of a Master Zone</title>
+
+ <para>To configure a master zone visit
+ <filename class="directory">/var/named/etc/namedb/</filename>
+ and run the following command:</para>
+
+ <screen>&prompt.root; <userinput>sh make-localhost</userinput></screen>
+
+ <para>If all went well a new file should exist in the
+ <filename class="directory">master</filename> directory. The
+ filenames should be <filename>localhost.rev</filename> for
+ the local domain name and <filename>localhost-v6.rev</filename>
+ for <acronym>IPv6</acronym> configurations. As the default
+ configuration file, configuration for its use will already
+ be present in the <filename>named.conf</filename> file.</para>
+ </sect2>
+
+ <sect2>
+ <title>Configuration of a Slave Zone</title>
+
+ <para>Configuration for extra domains or sub domains may be
+ done properly by setting them as a slave zone. In most cases,
+ the <filename>master/localhost.rev</filename> file could just be
+ copied over into the <filename class="directory">slave</filename>
+ directory and modified. Once completed, the files need
+ to be properly added in <filename>named.conf</filename> such
+ as in the following configuration for
+ <hostid role="domainname">example.com</hostid>:</para>
+
+ <programlisting>zone "example.com" {
+ type slave;
+ file "slave/example.com";
+ masters {
+ 10.0.0.1;
+ };
+};
+
+zone "0.168.192.in-addr.arpa" {
+ type slave;
+ file "slave/0.168.192.in-addr.arpa";
+ masters {
+ 10.0.0.1;
+ };
+};</programlisting>
+
+ <para>Note well that in this example, the master
+ <acronym>IP</acronym> address is the primary domain server
+ from which the zones are transferred; it does not necessary serve
+ as <acronym>DNS</acronym> server itself.</para>
+ </sect2>
+
+ <sect2>
+ <title>System Initialization Configuration</title>
+
+ <para>In order for the <application>named</application> daemon to start
+ when the system is booted, the following option must be present
+ in the <filename>rc.conf</filename> file:</para>
+
+ <programlisting>named_enable="YES"</programlisting>
+
+ <para>While other options exist, this is the bare minimal
+ requirement. Consult the &man.rc.conf.5; manual page for
+ a list of the other options. If nothing is entered in the
+ <filename>rc.conf</filename> file then <application>named</application>
+ may be started on the command line by invoking:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/named start</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title><acronym>BIND</acronym>9 Security</title>
+
+ <para>While &os; automatically drops <application>named</application>
+ into a &man.chroot.8; environment; there are several other
+ security mechanisms in place which could help to lure off
+ possible <acronym>DNS</acronym> service attacks.</para>
+
+ <sect3>
+ <title>Query Access Control Lists</title>
+
+ <para>A query access control list can be used to restrict
+ queries against the zones. The configuration works by
+ defining the network inside of the <literal>acl</literal>
+ token and then listing <acronym>IP</acronym> addresses in
+ the zone configuration. To permit domains to query the
+ example host, just define it like this:</para>
+
+ <programlisting>acl "example.com" {
+ 192.168.0.0/24;
+};
+
+zone "example.com" {
+ type slave;
+ file "slave/example.com";
+ masters {
+ 10.0.0.1;
+ };
+ allow-query { example.com; };
+};
+
+zone "0.168.192.in-addr.arpa" {
+ type slave;
+ file "slave/0.168.192.in-addr.arpa";
+ masters {
+ 10.0.0.1;
+ };
+ allow-query { example.com; };
+};</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Restrict Version</title>
+
+ <para>Permitting version lookups on the <acronym>DNS</acronym>
+ server could be opening the doors for an attacker. A
+ malicious user may use this information to hunt up known
+ exploits or bugs to utilize against the host.</para>
+
+ <warning>
+ <para>Setting a false version will not protect the server
+ from exploits. Only upgrading to a version that is not
+ vulnerable will protect your server.</para>
+ </warning>
+
+ <para>A false version string can be placed the
+ <literal>options</literal> section of
+ <filename>named.conf</filename>:</para>
+
+ <programlisting>options {
+ directory "/etc/namedb";
+ pid-file "/var/run/named/pid";
+ dump-file "/var/dump/named_dump.db";
+ statistics-file "/var/stats/named.stats";
+ version "None of your business";
+};</programlisting>
+ </sect3>
+
+<!-- Here is where I stopped for now
+ <sect3>
+ <title>Authentication</title>
+
+ <para> ... </para>
+
+-->
+ </sect2>
+ </sect1>
+
+
+ <sect1 id="network-apache">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Apache HTTP Server</title>
+
+ <indexterm><primary>web servers</primary>
+ <secondary>setting up</secondary></indexterm>
+ <indexterm><primary>Apache</primary></indexterm>
+
+ <sect2>
+ <title>Overview</title>
+
+ <para>&os; is used to run some of the busiest web sites in the
+ world. The majority of web servers on the Internet are using
+ the <application>Apache HTTP Server</application>.
+ <application>Apache</application> software packages should be
+ included on your FreeBSD installation media. If you did not
+ install <application>Apache</application> when you first
+ installed FreeBSD, then you can install it from the <filename
+ role="package">www/apache13</filename> or <filename
+ role="package">www/apache2</filename> port.</para>
+
+ <para>Once <application>Apache</application> has been installed
+ successfully, it must be configured.</para>
+
+ <note><para>This section covers version 1.3.X of the
+ <application>Apache HTTP Server</application> as that is the
+ most widely used version for &os;. <application>Apache</application>&nbsp;2.X introduces many
+ new technologies but they are not discussed here. For more
+ information about <application>Apache</application>&nbsp;2.X, please see <ulink
+ url="http://httpd.apache.org/"></ulink>.</para></note>
+
+ </sect2>
+
+ <sect2>
+ <title>Configuration</title>
+
+ <indexterm><primary>Apache</primary>
+ <secondary>configuration file</secondary></indexterm>
+
+ <para>The main <application>Apache HTTP Server</application> configuration file is
+ installed as
+ <filename>/usr/local/etc/apache/httpd.conf</filename> on &os;.
+ This file is a typical &unix; text configuration file with
+ comment lines beginning with the <literal>#</literal>
+ character. A comprehensive description of all possible
+ configuration options is outside the scope of this book, so
+ only the most frequently modified directives will be described
+ here.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>ServerRoot "/usr/local"</literal></term>
+
+ <listitem>
+ <para>This specifies the default directory hierarchy for
+ the <application>Apache</application> installation. Binaries are stored in the
+ <filename class="directory">bin</filename> and
+ <filename class="directory">sbin</filename> subdirectories
+ of the server root, and configuration files are stored in
+ <filename class="directory">etc/apache</filename>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ServerAdmin you@your.address</literal></term>
+
+ <listitem>
+ <para>The address to which problems with the server should
+ be emailed. This address appears on some
+ server-generated pages, such as error documents.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ServerName www.example.com</literal></term>
+
+ <listitem>
+ <para><literal>ServerName</literal> allows you to set a host name which is
+ sent back to clients for your server if it is different
+ to the one that the host is configured with (i.e., use <hostid>www</hostid>
+ instead of the host's real name).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>DocumentRoot "/usr/local/www/data"</literal></term>
+
+ <listitem>
+ <para><literal>DocumentRoot</literal>: The directory out of which you will
+ serve your documents. By default, all requests are taken
+ from this directory, but symbolic links and aliases may
+ be used to point to other locations.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>It is always a good idea to make backup copies of your
+ <application>Apache</application> configuration file before making changes. Once you are
+ satisfied with your initial configuration you are ready to
+ start running <application>Apache</application>.</para>
+
+<!-- sect3 for performance tuning directives? maxservers minservers -->
+<!-- etc..?? -->
+
+<!-- Advanced configuration section.
+
+Performance tuning directives.
+
+Log file format -->
+
+ </sect2>
+
+ <sect2>
+ <title>Running <application>Apache</application></title>
+
+ <indexterm><primary>Apache</primary>
+ <secondary>starting or stopping</secondary></indexterm>
+
+ <para><application>Apache</application> does not run from the
+ <application>inetd</application> super server as many other
+ network servers do. It is configured to run standalone for
+ better performance for incoming HTTP requests from client web
+ browsers. A shell script wrapper is included to make
+ starting, stopping, and restarting the server as simple as
+ possible. To start up <application>Apache</application> for
+ the first time, just run:</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/sbin/apachectl start</userinput></screen>
+
+ <para>You can stop the server at any time by typing:</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/sbin/apachectl stop</userinput></screen>
+
+ <para>After making changes to the configuration file for any
+ reason, you will need to restart the server:</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/sbin/apachectl restart</userinput></screen>
+
+ <para>To restart <application>Apache</application> without
+ aborting current connections, run:</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/sbin/apachectl graceful</userinput></screen>
+
+ <para>Additional information available at
+ &man.apachectl.8; manual page.</para>
+
+ <para>To launch <application>Apache</application> at system
+ startup, add the following line to
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>apache_enable="YES"</programlisting>
+
+ <para>If you would like to supply additional command line
+ options for the <application>Apache</application>
+ <command>httpd</command> program started at system boot, you
+ may specify them with an additional line in
+ <filename>rc.conf</filename>:</para>
+
+ <programlisting>apache_flags=""</programlisting>
+
+ <para>Now that the web server is running, you can view your web
+ site by pointing a web browser to
+ <literal>http://localhost/</literal>. The default web page
+ that is displayed is
+ <filename>/usr/local/www/data/index.html</filename>.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Virtual Hosting</title>
+
+ <para><application>Apache</application> supports two different
+ types of Virtual Hosting. The first method is Name-based
+ Virtual Hosting. Name-based virtual hosting uses the clients
+ HTTP/1.1 headers to figure out the hostname. This allows many
+ different domains to share the same IP address.</para>
+
+ <para>To setup <application>Apache</application> to use
+ Name-based Virtual Hosting add an entry like the following to
+ your <filename>httpd.conf</filename>:</para>
+
+ <programlisting>NameVirtualHost *</programlisting>
+
+ <para>If your webserver was named <hostid role="fqdn">www.domain.tld</hostid> and
+ you wanted to setup a virtual domain for
+ <hostid role="fqdn">www.someotherdomain.tld</hostid> then you would add
+ the following entries to
+ <filename>httpd.conf</filename>:</para>
+
+ <screen>&lt;VirtualHost *&gt;
+ServerName www.domain.tld
+DocumentRoot /www/domain.tld
+&lt;/VirtualHost&gt;
+
+&lt;VirtualHost *&gt;
+ServerName www.someotherdomain.tld
+DocumentRoot /www/someotherdomain.tld
+&lt;/VirtualHost&gt;</screen>
+
+ <para>Replace the addresses with the addresses you want to use
+ and the path to the documents with what you are using.</para>
+
+ <para>For more information about setting up virtual hosts,
+ please consult the official <application>Apache</application>
+ documentation at: <ulink
+ url="http://httpd.apache.org/docs/vhosts/"></ulink>.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Apache Modules</title>
+
+ <indexterm><primary>Apache</primary>
+ <secondary>modules</secondary></indexterm>
+
+ <para>There are many different <application>Apache</application> modules available to add
+ functionality to the basic server. The FreeBSD Ports
+ Collection provides an easy way to install
+ <application>Apache</application> together with some of the
+ more popular add-on modules.</para>
+
+ <sect3>
+ <title>mod_ssl</title>
+
+ <indexterm><primary>web servers</primary>
+ <secondary>secure</secondary></indexterm>
+ <indexterm><primary>SSL</primary></indexterm>
+ <indexterm><primary>cryptography</primary></indexterm>
+
+ <para>The <application>mod_ssl</application> module uses the OpenSSL library to provide
+ strong cryptography via the Secure Sockets Layer (SSL v2/v3)
+ and Transport Layer Security (TLS v1) protocols. This
+ module provides everything necessary to request a signed
+ certificate from a trusted certificate signing authority so
+ that you can run a secure web server on &os;.</para>
+
+ <para>If you have not yet installed
+ <application>Apache</application>, then a version of <application>Apache</application>
+ 1.3.X that includes <application>mod_ssl</application> may be installed with the <filename
+ role="package">www/apache13-modssl</filename> port. SSL
+ support is also available for <application>Apache</application>&nbsp;2.X in the
+ <filename role="package">www/apache2</filename> port,
+ where it is enabled by default.</para>
+
+<!-- XXX add more information about configuring mod_ssl here. -->
+<!-- Generating keys, getting the key signed, setting up your secure -->
+<!-- web server! -->
+ </sect3>
+
+ <sect3>
+ <title>mod_perl</title>
+
+ <indexterm><primary>Perl</primary></indexterm>
+
+ <para>The <application>Apache</application>/Perl integration project brings together the
+ full power of the Perl programming language and the <application>Apache
+ HTTP Server</application>. With the <application>mod_perl</application> module it is possible to
+ write <application>Apache</application> modules entirely in Perl. In addition, the
+ persistent interpreter embedded in the server avoids the
+ overhead of starting an external interpreter and the penalty
+ of Perl start-up time.</para>
+
+ <para>If you have not yet installed
+ <application>Apache</application>, then a version of <application>Apache</application>
+ that includes <application>mod_perl</application> may be installed with the <filename
+ role="package">www/apache13-modperl</filename> port.</para>
+ </sect3>
+
+ <sect3>
+ <sect3info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect3info>
+ <title>PHP</title>
+
+ <indexterm><primary>PHP</primary></indexterm>
+
+ <para>In the past few years, more businesses have turned to the
+ Internet in order to enhance their revenue and increase
+ exposure. This has also increased the need for interactive
+ web content. While some companies, such as &microsoft;, have
+ introduced solutions into their proprietary products, the
+ open source community answered the call. One answer, widely
+ used, is known as <acronym>PHP</acronym>.
+
+ <para>PHP, also known as <quote>Hypertext Preprocessor</quote>
+ is a general-purpose scripting language that is especially
+ suited for Web development. Capable of being embedded into
+ <acronym>HTML</acronym> its syntax draws upon C, &java;,
+ and Perl with the intention of allowing web developers
+ write dynamically generated webpages quickly.</para>
+
+ <para>To gain support for <acronym>PHP</acronym>5 for the
+ <application>Apache</application> web server, begin by
+ installing the
+ <filename role="package">www/mod_php5</filename>
+ port.</para>
+
+ <para>This will install and configure the modules required
+ to support dynamic web applications. Check to ensure the
+ following lines have been added to
+ <filename>/usr/local/etc/apache/httpd.conf</filename>:</para>
+
+ <programlisting>LoadModule php5_module libexec/apache/libphp5.so
+AddModule mod_php5.c
+ &lt;IfModule mod_php5.c&gt;
+ DirectoryIndex index.php index.html
+ &lt;/IfModule&gt;
+
+ &lt;IfModule mod_php5.c&gt;
+ AddType application/x-httpd-php .php
+ AddType application/x-httpd-php-source .phps
+ &lt;/IfModule&gt;</programlisting>
+
+ <para>Once completed, a simple call to the
+ <command>apachectl</command> command for a graceful
+ restart:</para>
+
+ <screen>&prompt.root; <userinput>apachectl graceful</userinput></screen>
+
+ <para>The <acronym>PHP</acronym> support in &os; is extremely
+ modular. If support for any extensions is required, an
+ administrator only needs to install the appropriate port
+ and restart <application>Apache</application> like recommended
+ above.</para>
+
+ <para>For instance, to add support for the
+ <application>MySQL</application> database server to
+ <acronym>PHP</acronym>5, simply install the
+ <filename role="package">databases/php5-mysql</filename>
+ and issue the following command:</para>
+
+ <screen>&prompt.root; <userinput>apachectl graceful</userinput></screen>
+
+ <para>Which will enable <application>MySQL</application>
+ support in <acronym>PHP</acronym>.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-ftp">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>File Transfer Protocol (FTP)</title>
+
+ <indexterm><primary>FTP servers</primary></indexterm>
+
+ <sect2>
+ <title>Overview</title>
+
+ <para>The File Transfer Protocol (FTP) provides users with a
+ simple way to transfer files to and from an <acronym
+ role="File Transfer Protocol">FTP</acronym> server. &os;
+ includes <acronym role="File Transfer Protocol">FTP</acronym>
+ server software, <application>ftpd</application>, in the base
+ system. This makes setting up and administering an <acronym
+ role="File Transfer Protocol">FTP</acronym> server on FreeBSD
+ very straightforward.</para>
+ </sect2>
+
+ <sect2>
+ <title>Configuration</title>
+
+ <para>The most important configuration step is deciding which
+ accounts will be allowed access to the FTP server. A normal
+ FreeBSD system has a number of system accounts used for
+ various daemons, but unknown users should not be allowed to
+ log in with these accounts. The
+ <filename>/etc/ftpusers</filename> file is a list of users
+ disallowed any FTP access. By default, it includes the
+ aforementioned system accounts, but it is possible to add
+ specific users here that should not be allowed access to
+ FTP.</para>
+
+ <para>You may want to restrict the access of some users without
+ preventing them completely from using FTP. This can be
+ accomplished with the <filename>/etc/ftpchroot</filename>
+ file. This file lists users and groups subject to FTP access
+ restrictions. The &man.ftpchroot.5; manual page has all of
+ the details so it will not be described in detail here.</para>
+
+ <indexterm>
+ <primary>FTP</primary>
+ <secondary>anonymous</secondary>
+ </indexterm>
+
+ <para>If you would like to enable anonymous FTP access to your
+ server, then you must create a user named
+ <username>ftp</username> on your &os; system. Users will then
+ be able to log on to your FTP server with a username of
+ <username>ftp</username> or <username>anonymous</username> and
+ with any password (by convention an email address for the user
+ should be used as the password). The FTP server will call
+ &man.chroot.2; when an anonymous user logs in, to restrict
+ access to only the home directory of the
+ <username>ftp</username> user.</para>
+
+ <para>There are two text files that specify welcome messages to
+ be displayed to FTP clients. The contents of the file
+ <filename>/etc/ftpwelcome</filename> will be displayed to
+ users before they reach the login prompt. After a successful
+ login, the contents of the file
+ <filename>/etc/ftpmotd</filename> will be displayed. Note
+ that the path to this file is relative to the login environment, so the
+ file <filename>~ftp/etc/ftpmotd</filename> would be displayed
+ for anonymous users.</para>
+
+ <para>Once the FTP server has been configured properly, it must
+ be enabled in <filename>/etc/inetd.conf</filename>. All that
+ is required here is to remove the comment symbol
+ <quote>#</quote> from in front of the existing
+ <application>ftpd</application> line :</para>
+
+ <programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting>
+
+ <para>As explained in <xref linkend="network-inetd-hangup">, a
+ HangUP Signal must be sent to <application>inetd</application>
+ after this configuration file is changed.</para>
+
+ <para>You can now log on to your FTP server by typing:</para>
+
+ <screen>&prompt.user; <userinput>ftp localhost</userinput></screen>
+
+ </sect2>
+
+ <sect2>
+ <title>Maintaining</title>
+
+ <indexterm><primary>syslog</primary></indexterm>
+ <indexterm><primary>log files</primary>
+ <secondary>FTP</secondary></indexterm>
+
+ <para>The <application>ftpd</application> daemon uses
+ &man.syslog.3; to log messages. By default, the system log
+ daemon will put messages related to FTP in the
+ <filename>/var/log/xferlog</filename> file. The location of
+ the FTP log can be modified by changing the following line in
+ <filename>/etc/syslog.conf</filename>:</para>
+
+ <programlisting>ftp.info /var/log/xferlog</programlisting>
+
+ <indexterm>
+ <primary>FTP</primary>
+ <secondary>anonymous</secondary>
+ </indexterm>
+
+ <para>Be aware of the potential problems involved with running
+ an anonymous FTP server. In particular, you should think
+ twice about allowing anonymous users to upload files. You may
+ find that your FTP site becomes a forum for the trade of
+ unlicensed commercial software or worse. If you do need to
+ allow anonymous FTP uploads, then you should set up the
+ permissions so that these files can not be read by other
+ anonymous users until they have been reviewed.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="network-samba">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>File and Print Services for &microsoft.windows; clients (Samba)</title>
+
+ <indexterm><primary>Samba server</primary></indexterm>
+ <indexterm><primary>Microsoft Windows</primary></indexterm>
+ <indexterm>
+ <primary>file server</primary>
+ <secondary>Windows clients</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>print server</primary>
+ <secondary>Windows clients</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Overview</title>
+
+ <para><application>Samba</application> is a popular open source
+ software package that provides file and print services for
+ &microsoft.windows; clients. Such clients can connect to and
+ use FreeBSD filespace as if it was a local disk drive, or
+ FreeBSD printers as if they were local printers.</para>
+
+ <para><application>Samba</application> software packages should
+ be included on your FreeBSD installation media. If you did
+ not install <application>Samba</application> when you first
+ installed FreeBSD, then you can install it from the <filename
+ role="package">net/samba3</filename> port or package.</para>
+
+<!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. -->
+
+ </sect2>
+
+ <sect2>
+ <title>Configuration</title>
+
+ <para>A default <application>Samba</application> configuration
+ file is installed as
+ <filename>/usr/local/etc/smb.conf.default</filename>. This
+ file must be copied to
+ <filename>/usr/local/etc/smb.conf</filename> and customized
+ before <application>Samba</application> can be used.</para>
+
+ <para>The <filename>smb.conf</filename> file contains runtime
+ configuration information for
+ <application>Samba</application>, such as definitions of the
+ printers and <quote>file system shares</quote> that you would
+ like to share with &windows; clients. The
+ <application>Samba</application> package includes a web based
+ tool called <application>swat</application> which provides a
+ simple way of configuring the <filename>smb.conf</filename>
+ file.</para>
+
+ <sect3>
+ <title>Using the Samba Web Administration Tool (SWAT)</title>
+
+ <para>The Samba Web Administration Tool (SWAT) runs as a
+ daemon from <application>inetd</application>. Therefore, the
+ following line in <filename>/etc/inetd.conf</filename>
+ should be uncommented before <application>swat</application> can be
+ used to configure <application>Samba</application>:</para>
+
+ <programlisting>swat stream tcp nowait/400 root /usr/local/sbin/swat</programlisting>
+ <para>As explained in <xref linkend="network-inetd-hangup">, a
+ HangUP Signal must be sent to
+ <application>inetd</application> after this configuration
+ file is changed.</para>
+
+ <para>Once <application>swat</application> has been enabled in
+ <filename>inetd.conf</filename>, you can use a browser to
+ connect to <ulink url="http://localhost:901"></ulink>. You will
+ first have to log on with the system <username>root</username> account.</para>
+
+<!-- XXX screenshots go here, loader is creating them -->
+
+ <para>Once you have successfully logged on to the main
+ <application>Samba</application> configuration page, you can
+ browse the system documentation, or begin by clicking on the
+ <guimenu>Globals</guimenu> tab. The <guimenu>Globals</guimenu> section corresponds to the
+ variables that are set in the <literal>[global]</literal>
+ section of
+ <filename>/usr/local/etc/smb.conf</filename>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Global Settings</title>
+
+ <para>Whether you are using <application>swat</application> or
+ editing <filename>/usr/local/etc/smb.conf</filename>
+ directly, the first directives you are likely to encounter
+ when configuring <application>Samba</application>
+ are:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>workgroup</literal></term>
+
+ <listitem>
+ <para>NT Domain-Name or Workgroup-Name for the computers
+ that will be accessing this server.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>netbios name</literal></term>
+ <indexterm><primary>NetBIOS</primary></indexterm>
+
+ <listitem>
+ <para>This sets the NetBIOS name by which a <application>Samba</application> server
+ is known. By default it is the same as the first
+ component of the host's DNS name.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>server string</literal></term>
+
+ <listitem>
+ <para>This sets the string that will be displayed with
+ the <command>net view</command> command and some other
+ networking tools that seek to display descriptive text
+ about the server.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect3>
+
+ <sect3>
+ <title>Security Settings</title>
+
+ <para>Two of the most important settings in
+ <filename>/usr/local/etc/smb.conf</filename> are the
+ security model chosen, and the backend password format for
+ client users. The following directives control these
+ options:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>security</literal></term>
+
+ <listitem>
+ <para>The two most common options here are
+ <literal>security = share</literal> and <literal>security
+ = user</literal>. If your clients use usernames that
+ are the same as their usernames on your &os; machine
+ then you will want to use user level security. This
+ is the default security policy and it requires clients
+ to first log on before they can access shared
+ resources.</para>
+
+ <para>In share level security, client do not need to log
+ onto the server with a valid username and password
+ before attempting to connect to a shared resource.
+ This was the default security model for older versions
+ of <application>Samba</application>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>passdb backend</literal></term>
+
+ <indexterm><primary>NIS+</primary></indexterm>
+ <indexterm><primary>LDAP</primary></indexterm>
+ <indexterm><primary>SQL database</primary></indexterm>
+
+ <listitem>
+ <para><application>Samba</application> has several
+ different backend authentication models. You can
+ authenticate clients with LDAP, NIS+, a SQL database,
+ or a modified password file. The default
+ authentication method is <literal>smbpasswd</literal>,
+ and that is all that will be covered here.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Assuming that the default <literal>smbpasswd</literal>
+ backend is used, the
+ <filename>/usr/local/private/smbpasswd</filename> file must
+ be created to allow <application>Samba</application> to
+ authenticate clients. If you would like to give all of
+ your &unix; user accounts access from &windows; clients, use the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>grep -v "^#" /etc/passwd | make_smbpasswd &gt; /usr/local/private/smbpasswd</userinput>
+&prompt.root; <userinput>chmod 600 /usr/local/private/smbpasswd</userinput></screen>
+
+ <para>Please see the <application>Samba</application>
+ documentation for additional information about configuration
+ options. With the basics outlined here, you should have
+ everything you need to start running
+ <application>Samba</application>.</para>
+ </sect3>
+
+ </sect2>
+ <sect2>
+ <title>Starting <application>Samba</application></title>
+
+ <para>To enable <application>Samba</application> when your
+ system boots, add the following line to
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>samba_enable="YES"</programlisting>
+
+ <para>You can then start <application>Samba</application> at any
+ time by typing:</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/samba.sh start</userinput>
+Starting SAMBA: removing stale tdbs :
+Starting nmbd.
+Starting smbd.</screen>
+
+ <para><application>Samba</application> actually consists of
+ three separate daemons. You should see that both the
+ <application>nmbd</application> and <application>smbd</application> daemons
+ are started by the <filename>samba.sh</filename> script. If
+ you enabled winbind name resolution services in
+ <filename>smb.conf</filename>, then you will also see that
+ the <application>winbindd</application> daemon is started.</para>
+
+ <para>You can stop <application>Samba</application> at any time
+ by typing :</para>
+
+ <screen>&prompt.root; <userinput>/usr/local/etc/rc.d/samba.sh stop</userinput></screen>
+
+ <para><application>Samba</application> is a complex software
+ suite with functionality that allows broad integration with
+ &microsoft.windows; networks. For more information about
+ functionality beyond the basic installation described here,
+ please see <ulink url="http://www.samba.org"></ulink>.</para>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="network-ntp">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Hukins</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Clock Synchronization with NTP</title>
+
+ <indexterm><primary>NTP</primary></indexterm>
+
+ <sect2>
+ <title>Overview</title>
+
+ <para>Over time, a computer's clock is prone to drift. The
+ Network Time Protocol (NTP) is one way to ensure your clock stays
+ accurate.</para>
+
+ <para>Many Internet services rely on, or greatly benefit from,
+ computers' clocks being accurate. For example, a web server
+ may receive requests to send a file if it has been modified since a
+ certain time. In a local area network environment, it is
+ essential that computers sharing files from the same file
+ server have synchronized clocks so that file timestamps stay
+ consistent. Services such as &man.cron.8; also rely on
+ an accurate system clock to run commands at the specified
+ times.</para>
+
+ <indexterm>
+ <primary>NTP</primary>
+ <secondary>ntpd</secondary>
+ </indexterm>
+ <para>FreeBSD ships with the &man.ntpd.8; <acronym role="Network
+ Time Protocol">NTP</acronym> server which can be used to query
+ other <acronym role="Network Time Protocol">NTP</acronym>
+ servers to set the clock on your machine or provide time
+ services to others.</para>
+ </sect2>
+
+ <sect2>
+ <title>Choosing Appropriate NTP Servers</title>
+
+ <indexterm>
+ <primary>NTP</primary>
+ <secondary>choosing servers</secondary>
+ </indexterm>
+
+ <para>In order to synchronize your clock, you will need to find
+ one or more <acronym role="Network Time
+ Protocol">NTP</acronym> servers to use. Your network
+ administrator or ISP may have set up an NTP server for this
+ purpose&mdash;check their documentation to see if this is the
+ case. There is an <ulink
+ url="http://ntp.isc.org/bin/view/Servers/WebHome">online
+ list of publicly accessible NTP servers</ulink> which you can
+ use to find an NTP server near to you. Make sure you are
+ aware of the policy for any servers you choose, and ask for
+ permission if required.</para>
+
+ <para>Choosing several unconnected NTP servers is a good idea in
+ case one of the servers you are using becomes unreachable or
+ its clock is unreliable. &man.ntpd.8; uses the responses it
+ receives from other servers intelligently&mdash;it will favor
+ unreliable servers less than reliable ones.</para>
+ </sect2>
+
+ <sect2>
+ <title>Configuring Your Machine</title>
+
+ <indexterm>
+ <primary>NTP</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+
+ <sect3>
+ <title>Basic Configuration</title>
+ <indexterm><primary>ntpdate</primary></indexterm>
+
+ <para>If you only wish to synchronize your clock when the
+ machine boots up, you can use &man.ntpdate.8;. This may be
+ appropriate for some desktop machines which are frequently
+ rebooted and only require infrequent synchronization, but
+ most machines should run &man.ntpd.8;.</para>
+
+ <para>Using &man.ntpdate.8; at boot time is also a good idea
+ for machines that run &man.ntpd.8;. The &man.ntpd.8;
+ program changes the clock gradually, whereas &man.ntpdate.8;
+ sets the clock, no matter how great the difference between a
+ machine's current clock setting and the correct time.</para>
+
+ <para>To enable &man.ntpdate.8; at boot time, add
+ <literal>ntpdate_enable="YES"</literal> to
+ <filename>/etc/rc.conf</filename>. You will also need to
+ specify all servers you wish to synchronize with and any
+ flags to be passed to &man.ntpdate.8; in
+ <varname>ntpdate_flags</varname>.</para>
+ </sect3>
+
+ <sect3>
+ <indexterm>
+ <primary>NTP</primary>
+ <secondary>ntp.conf</secondary>
+ </indexterm>
+
+ <title>General Configuration</title>
+
+ <para>NTP is configured by the
+ <filename>/etc/ntp.conf</filename> file in the format
+ described in &man.ntp.conf.5;. Here is a simple
+ example:</para>
+
+ <programlisting>server ntplocal.example.com prefer
+server timeserver.example.org
+server ntp2a.example.net
+
+driftfile /var/db/ntp.drift</programlisting>
+
+ <para>The <literal>server</literal> option specifies which
+ servers are to be used, with one server listed on each line.
+ If a server is specified with the <literal>prefer</literal>
+ argument, as with <hostid
+ role="fqdn">ntplocal.example.com</hostid>, that server is
+ preferred over other servers. A response from a preferred
+ server will be discarded if it differs significantly from
+ other servers' responses, otherwise it will be used without
+ any consideration to other responses. The
+ <literal>prefer</literal> argument is normally used for NTP
+ servers that are known to be highly accurate, such as those
+ with special time monitoring hardware.</para>
+
+ <para>The <literal>driftfile</literal> option specifies which
+ file is used to store the system clock's frequency offset.
+ The &man.ntpd.8; program uses this to automatically
+ compensate for the clock's natural drift, allowing it to
+ maintain a reasonably correct setting even if it is cut off
+ from all external time sources for a period of time.</para>
+
+ <para>The <literal>driftfile</literal> option specifies which
+ file is used to store information about previous responses
+ from the NTP servers you are using. This file contains
+ internal information for NTP. It should not be modified by
+ any other process.</para>
+ </sect3>
+
+ <sect3>
+ <title>Controlling Access to Your Server</title>
+
+ <para>By default, your NTP server will be accessible to all
+ hosts on the Internet. The <literal>restrict</literal>
+ option in <filename>/etc/ntp.conf</filename> allows you to
+ control which machines can access your server.</para>
+
+ <para>If you want to deny all machines from accessing your NTP
+ server, add the following line to
+ <filename>/etc/ntp.conf</filename>:</para>
+
+ <programlisting>restrict default ignore</programlisting>
+
+ <para>If you only want to allow machines within your own
+ network to synchronize their clocks with your server, but
+ ensure they are not allowed to configure the server or used
+ as peers to synchronize against, add</para>
+
+ <programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
+
+ <para>instead, where <hostid role="ipaddr">192.168.1.0</hostid> is
+ an IP address on your network and <hostid
+ role="netmask">255.255.255.0</hostid> is your network's
+ netmask.</para>
+
+ <para><filename>/etc/ntp.conf</filename> can contain multiple
+ <literal>restrict</literal> options. For more details, see
+ the <literal>Access Control Support</literal> subsection of
+ &man.ntp.conf.5;.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Running the NTP Server</title>
+
+ <para>To ensure the NTP server is started at boot time, add the
+ line <literal>ntpd_enable="YES"</literal> to
+ <filename>/etc/rc.conf</filename>. If you wish to pass
+ additional flags to &man.ntpd.8;, edit the
+ <varname>ntpd_flags</varname> parameter in
+ <filename>/etc/rc.conf</filename>.</para>
+
+ <para>To start the server without rebooting your machine, run
+ <command>ntpd</command> being sure to specify any additional
+ parameters from <varname>ntpd_flags</varname> in
+ <filename>/etc/rc.conf</filename>. For example:</para>
+
+ <screen>&prompt.root; <userinput>ntpd -p /var/run/ntpd.pid</userinput></screen>
+
+ <note>
+ <para>Under &os;&nbsp;4.X,
+ you have to replace every instance of <literal>ntpd</literal>
+ with <literal>xntpd</literal> in the options above.</para></note>
+ </sect2>
+
+ <sect2>
+ <title>Using ntpd with a Temporary Internet
+ Connection</title>
+
+ <para>The &man.ntpd.8; program does not need a permanent
+ connection to the Internet to function properly. However, if
+ you have a temporary connection that is configured to dial out
+ on demand, it is a good idea to prevent NTP traffic from
+ triggering a dial out or keeping the connection alive. If you
+ are using user PPP, you can use <literal>filter</literal>
+ directives in <filename>/etc/ppp/ppp.conf</filename>. For
+ example:</para>
+
+ <programlisting> set filter dial 0 deny udp src eq 123
+ # Prevent NTP traffic from initiating dial out
+ set filter dial 1 permit 0 0
+ set filter alive 0 deny udp src eq 123
+ # Prevent incoming NTP traffic from keeping the connection open
+ set filter alive 1 deny udp dst eq 123
+ # Prevent outgoing NTP traffic from keeping the connection open
+ set filter alive 2 permit 0/0 0/0</programlisting>
+
+ <para>For more details see the <literal>PACKET
+ FILTERING</literal> section in &man.ppp.8; and the examples in
+ <filename>/usr/share/examples/ppp/</filename>.</para>
+
+ <note>
+ <para>Some Internet access providers block low-numbered ports,
+ preventing NTP from functioning since replies never
+ reach your machine.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Further Information</title>
+
+ <para>Documentation for the NTP server can be found in
+ <filename>/usr/share/doc/ntp/</filename> in HTML
+ format.</para>
+ </sect2>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+<!-- LocalWords: config mnt www -->
diff --git a/zh_TW.Big5/books/handbook/pgpkeys/Makefile b/zh_TW.Big5/books/handbook/pgpkeys/Makefile
new file mode 100644
index 0000000000..7c61203aff
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/pgpkeys/Makefile
@@ -0,0 +1,19 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= pgpkeys/chapter.sgml
+
+PGPKEYS!= perl -ne 'm/\"([\w-]+.key)\"/ && print "$$1\n"' \
+ ${DOC_PREFIX}/share/pgpkeys/pgpkeys.ent
+SRCS+= ${PGPKEYS}
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/pgpkeys/chapter.sgml b/zh_TW.Big5/books/handbook/pgpkeys/chapter.sgml
new file mode 100644
index 0000000000..209ea6aeb9
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/pgpkeys/chapter.sgml
@@ -0,0 +1,1031 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+<!--
+
+ Do not edit this file except as instructed by the addkey.sh script.
+
+ See the README file in doc/share/pgpkeys for instructions.
+
+-->
+<appendix id="pgpkeys">
+ <title>PGP Keys</title>
+
+ <indexterm><primary>pgp keys</primary></indexterm>
+ <para>In case you need to verify a signature or send encrypted email
+ to one of the officers or developers a number of keys are provided
+ here for your convenience. A complete keyring of <hostid role="domainname">FreeBSD.org</hostid>
+ users is available for download from <ulink url="&url.base;/doc/pgpkeyring.txt">http://www.FreeBSD.org/doc/pgpkeyring.txt</ulink>.</para>
+
+ <sect1 id="pgpkeys-officers">
+ <title>Officers</title>
+
+ <sect2 id="pgpkey-security-officer">
+ <title>&a.security-officer;</title>
+ &pgpkey.security-officer;
+ </sect2>
+
+ <sect2 id="pgpkey-core-secretary">
+ <title>&a.core-secretary;</title>
+ &pgpkey.core-secretary;
+ </sect2>
+
+ <sect2 id="pgpkey-portmgr-secretary">
+ <title>&a.portmgr-secretary;</title>
+ &pgpkey.portmgr-secretary;
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="pgpkeys-core">
+ <title>Core Team Members</title>
+
+ <sect2 id="pgpkey-jhb">
+ <title>&a.jhb;</title>
+ &pgpkey.jhb;
+ </sect2>
+
+ <sect2 id="pgpkey-kuriyama">
+ <title>&a.kuriyama;</title>
+ &pgpkey.kuriyama;
+ </sect2>
+
+ <sect2 id="pgpkey-imp">
+ <title>&a.imp;</title>
+ &pgpkey.imp;
+ </sect2>
+
+ <sect2 id="pgpkey-wes">
+ <title>&a.wes;</title>
+ &pgpkey.wes;
+ </sect2>
+
+ <sect2 id="pgpkey-murray">
+ <title>&a.murray;</title>
+ &pgpkey.murray;
+ </sect2>
+
+ <sect2 id="pgpkey-peter">
+ <title>&a.peter;</title>
+ &pgpkey.peter;
+ </sect2>
+ </sect1>
+
+ <sect1 id="pgpkeys-developers">
+ <title>Developers</title>
+
+ <sect2 id="pgpkey-ariff">
+ <title>&a.ariff;</title>
+ &pgpkey.ariff;
+ </sect2>
+
+ <sect2 id="pgpkey-will">
+ <title>&a.will;</title>
+ &pgpkey.will;
+ </sect2>
+
+ <sect2 id="pgpkey-anholt">
+ <title>&a.anholt;</title>
+ &pgpkey.anholt;
+ </sect2>
+
+ <sect2 id="pgpkey-mat">
+ <title>&a.mat;</title>
+ &pgpkey.mat;
+ </sect2>
+
+ <sect2 id="pgpkey-asami">
+ <title>&a.asami;</title>
+ &pgpkey.asami;
+ </sect2>
+
+ <sect2 id="pgpkey-barner">
+ <title>&a.barner;</title>
+ &pgpkey.barner;
+ </sect2>
+
+ <sect2 id="pgpkey-dougb">
+ <title>&a.dougb;</title>
+ &pgpkey.dougb;
+ </sect2>
+
+ <sect2 id="pgpkey-bvs">
+ <title>&a.bvs;</title>
+ &pgpkey.bvs;
+ </sect2>
+
+ <sect2 id="pgpkey-tobez">
+ <title>&a.tobez;</title>
+ &pgpkey.tobez;
+ </sect2>
+
+ <sect2 id="pgpkey-damien">
+ <title>&a.damien;</title>
+ &pgpkey.damien;
+ </sect2>
+
+ <sect2 id="pgpkey-tdb">
+ <title>&a.tdb;</title>
+ &pgpkey.tdb;
+ </sect2>
+
+ <sect2 id="pgpkey-mbr">
+ <title>&a.mbr;</title>
+ &pgpkey.mbr;
+ </sect2>
+
+ <sect2 id="pgpkey-novel">
+ <title>&a.novel;</title>
+ &pgpkey.novel;
+ </sect2>
+
+ <sect2 id="pgpkey-hart">
+ <title>&a.harti;</title>
+ &pgpkey.harti;
+ </sect2>
+
+ <sect2 id="pgpkey-obraun">
+ <title>&a.obraun;</title>
+ &pgpkey.obraun;
+ </sect2>
+
+ <sect2 id="pgpkey-jmb">
+ <title>&a.jmb;</title>
+ &pgpkey.jmb;
+ </sect2>
+
+ <sect2 id="pgpkey-brueffer">
+ <title>&a.brueffer;</title>
+ &pgpkey.brueffer;
+ </sect2>
+
+ <sect2 id="pgpkey-markus">
+ <title>&a.markus;</title>
+ &pgpkey.markus;
+ </sect2>
+
+ <sect2 id="pgpkey-wilko">
+ <title>&a.wilko;</title>
+ &pgpkey.wilko;
+ </sect2>
+
+ <sect2 id="pgpkey-oleg">
+ <title>&a.oleg;</title>
+ &pgpkey.oleg;
+ </sect2>
+
+ <sect2 id="pgpkey-jcamou">
+ <title>&a.jcamou;</title>
+ &pgpkey.jcamou;
+ </sect2>
+
+ <sect2 id="pgpkey-perky">
+ <title>&a.perky;</title>
+ &pgpkey.perky;
+ </sect2>
+
+ <sect2 id="pgpkey-jon">
+ <title>&a.jon;</title>
+ &pgpkey.jon;
+ </sect2>
+
+ <sect2 id="pgpkey-luoqi">
+ <title>&a.luoqi;</title>
+ &pgpkey.luoqi;
+ </sect2>
+
+ <sect2 id="pgpkey-ache">
+ <title>&a.ache;</title>
+ &pgpkey.ache;
+ </sect2>
+
+ <sect2 id="pgpkey-seanc">
+ <title>&a.seanc;</title>
+ &pgpkey.seanc;
+ </sect2>
+
+ <sect2 id="pgpkey-cjh">
+ <title>&a.cjh;</title>
+ &pgpkey.cjh;
+ </sect2>
+
+ <sect2 id="pgpkey-cjc">
+ <title>&a.cjc;</title>
+ &pgpkey.cjc;
+ </sect2>
+
+ <sect2 id="pgpkey-marcus">
+ <title>&a.marcus;</title>
+ &pgpkey.marcus;
+ </sect2>
+
+ <sect2 id="pgpkey-nik">
+ <title>&a.nik;</title>
+ &pgpkey.nik;
+ </sect2>
+
+ <sect2 id="pgpkey-aaron">
+ <title>&a.aaron;</title>
+ &pgpkey.aaron;
+ </sect2>
+
+ <sect2 id="pgpkey-ceri">
+ <title>&a.ceri;</title>
+ &pgpkey.ceri;
+ </sect2>
+
+ <sect2 id="pgpkey-brd">
+ <title>&a.brd;</title>
+ &pgpkey.brd;
+ </sect2>
+
+ <sect2 id="pgpkey-brooks">
+ <title>&a.brooks;</title>
+ &pgpkey.brooks;
+ </sect2>
+
+ <sect2 id="pgpkey-gnn">
+ <title>&a.gnn;</title>
+ &pgpkey.gnn;
+ </sect2>
+
+ <sect2 id="pgpkey-pjd">
+ <title>&a.pjd;</title>
+ &pgpkey.pjd;
+ </sect2>
+
+ <sect2 id="pgpkey-bsd">
+ <title>&a.bsd;</title>
+ &pgpkey.bsd;
+ </sect2>
+
+ <sect2 id="pgpkey-danfe">
+ <title>&a.danfe;</title>
+ &pgpkey.danfe;
+ </sect2>
+
+ <sect2 id="pgpkey-dd">
+ <title>&a.dd;</title>
+ &pgpkey.dd;
+ </sect2>
+
+ <sect2 id="pgpkey-bruno">
+ <title>&a.bruno;</title>
+ &pgpkey.bruno;
+ </sect2>
+
+ <sect2 id="pgpkey-ale">
+ <title>&a.ale;</title>
+ &pgpkey.ale;
+ </sect2>
+
+ <sect2 id="pgpkey-peadar">
+ <title>&a.peadar;</title>
+ &pgpkey.peadar;
+ </sect2>
+
+ <sect2 id="pgpkey-josef">
+ <title>&a.josef;</title>
+ &pgpkey.josef;
+ </sect2>
+
+ <sect2 id="pgpkey-ue">
+ <title>&a.ue;</title>
+ &pgpkey.ue;
+ </sect2>
+
+ <sect2 id="pgpkey-ru">
+ <title>&a.ru;</title>
+ &pgpkey.ru;
+ </sect2>
+
+ <sect2 id="pgpkey-le">
+ <title>&a.le;</title>
+ &pgpkey.le;
+ </sect2>
+
+ <sect2 id="pgpkey-stefanf">
+ <title>&a.stefanf;</title>
+ &pgpkey.stefanf;
+ </sect2>
+
+ <sect2 id="pgpkey-jedgar">
+ <title>&a.jedgar;</title>
+ &pgpkey.jedgar;
+ </sect2>
+
+ <sect2 id="pgpkey-green">
+ <title>&a.green;</title>
+ &pgpkey.green;
+ </sect2>
+
+ <sect2 id="pgpkey-lioux">
+ <title>&a.lioux;</title>
+ &pgpkey.lioux;
+ </sect2>
+
+ <sect2 id="pgpkey-fanf">
+ <title>&a.fanf;</title>
+ &pgpkey.fanf;
+ </sect2>
+
+ <sect2 id="pgpkey-blackend">
+ <title>&a.blackend;</title>
+ &pgpkey.blackend;
+ </sect2>
+
+ <sect2 id="pgpkey-petef">
+ <title>&a.petef;</title>
+ &pgpkey.petef;
+ </sect2>
+
+ <sect2 id="pgpkey-billf">
+ <title>&a.billf;</title>
+ &pgpkey.billf;
+ </sect2>
+
+ <sect2 id="pgpkey-gioria">
+ <title>&a.gioria;</title>
+ &pgpkey.gioria;
+ </sect2>
+
+ <sect2 id="pgpkey-mnag">
+ <title>&a.mnag;</title>
+ &pgpkey.mnag;
+ </sect2>
+
+ <sect2 id="pgpkey-jmg">
+ <title>&a.jmg;</title>
+ &pgpkey.jmg;
+ </sect2>
+
+ <sect2 id="pgpkey-dannyboy">
+ <title>&a.dannyboy;</title>
+ &pgpkey.dannyboy;
+ </sect2>
+
+ <sect2 id="pgpkey-dhartmei">
+ <title>&a.dhartmei;</title>
+ &pgpkey.dhartmei;
+ </sect2>
+
+ <sect2 id="pgpkey-jhay">
+ <title>&a.jhay;</title>
+ &pgpkey.jhay;
+ </sect2>
+
+ <sect2 id="pgpkey-sheldonh">
+ <title>&a.sheldonh;</title>
+ &pgpkey.sheldonh;
+ </sect2>
+
+ <sect2 id="pgpkey-mikeh">
+ <title>&a.mikeh;</title>
+ &pgpkey.mikeh;
+ </sect2>
+
+ <sect2 id="pgpkey-mheinen">
+ <title>&a.mheinen;</title>
+ &pgpkey.mheinen;
+ </sect2>
+
+ <sect2 id="pgpkey-niels">
+ <title>&a.niels;</title>
+ &pgpkey.niels;
+ </sect2>
+
+ <sect2 id="pgpkey-ghelmer">
+ <title>&a.ghelmer;</title>
+ &pgpkey.ghelmer;
+ </sect2>
+
+ <sect2 id="pgpkey-mux">
+ <title>&a.mux;</title>
+ &pgpkey.mux;
+ </sect2>
+
+ <sect2 id="pgpkey-mich">
+ <title>&a.mich;</title>
+ &pgpkey.mich;
+ </sect2>
+
+ <sect2 id="pgpkey-foxfair">
+ <title>&a.foxfair;</title>
+ &pgpkey.foxfair;
+ </sect2>
+
+ <sect2 id="pgpkey-jkh">
+ <title>&a.jkh;</title>
+ &pgpkey.jkh;
+ </sect2>
+
+ <sect2 id="pgpkey-ahze">
+ <title>&a.ahze;</title>
+ &pgpkey.ahze;
+ </sect2>
+
+ <sect2 id="pgpkey-trevor">
+ <title>&a.trevor;</title>
+ &pgpkey.trevor;
+ </sect2>
+
+ <sect2 id="pgpkey-phk">
+ <title>&a.phk;</title>
+ &pgpkey.phk;
+ </sect2>
+
+ <sect2 id="pgpkey-joe">
+ <title>&a.joe;</title>
+ &pgpkey.joe;
+ </sect2>
+
+ <sect2 id="pgpkey-vkashyap">
+ <title>&a.vkashyap;</title>
+ &pgpkey.vkashyap;
+ </sect2>
+
+ <sect2 id="pgpkey-kris">
+ <title>&a.kris;</title>
+ &pgpkey.kris;
+ </sect2>
+
+ <sect2 id="pgpkey-keramida">
+ <title>&a.keramida;</title>
+ &pgpkey.keramida;
+ </sect2>
+
+ <sect2 id="pgpkey-fjoe">
+ <title>&a.fjoe;</title>
+ &pgpkey.fjoe;
+ </sect2>
+
+ <sect2 id="pgpkey-jkim">
+ <title>&a.jkim;</title>
+ &pgpkey.jkim;
+ </sect2>
+
+ <sect2 id="pgpkey-andreas">
+ <title>&a.andreas;</title>
+ &pgpkey.andreas;
+ </sect2>
+
+ <sect2 id="pgpkey-jkois">
+ <title>&a.jkois;</title>
+ &pgpkey.jkois;
+ </sect2>
+
+ <sect2 id="pgpkey-sergei">
+ <title>&a.sergei;</title>
+ &pgpkey.sergei;
+ </sect2>
+
+ <sect2 id="pgpkey-maxim">
+ <title>&a.maxim;</title>
+ &pgpkey.maxim;
+ </sect2>
+
+ <sect2 id="pgpkey-jkoshy">
+ <title>&a.jkoshy;</title>
+ &pgpkey.jkoshy;
+ </sect2>
+
+ <sect2 id="pgpkey-rik">
+ <title>&a.rik;</title>
+ &pgpkey.rik;
+ </sect2>
+
+ <sect2 id="pgpkey-rushani">
+ <title>&a.rushani;</title>
+ &pgpkey.rushani;
+ </sect2>
+
+ <sect2 id="pgpkey-clement">
+ <title>&a.clement;</title>
+ &pgpkey.clement;
+ </sect2>
+
+ <sect2 id="pgpkey-mlaier">
+ <title>&a.mlaier;</title>
+ &pgpkey.mlaier;
+ </sect2>
+
+ <sect2 id="pgpkey-erwin">
+ <title>&a.erwin;</title>
+ &pgpkey.erwin;
+ </sect2>
+
+ <sect2 id="pgpkey-lawrance">
+ <title>&a.lawrance;</title>
+ &pgpkey.lawrance;
+ </sect2>
+
+ <sect2 id="pgpkey-leeym">
+ <title>&a.leeym;</title>
+ &pgpkey.leeym;
+ </sect2>
+
+ <sect2 id="pgpkey-sam">
+ <title>&a.sam;</title>
+ &pgpkey.sam;
+ </sect2>
+
+ <sect2 id="pgpkey-jylefort">
+ <title>&a.jylefort;</title>
+ &pgpkey.jylefort;
+ </sect2>
+
+ <sect2 id="pgpkey-netchild">
+ <title>&a.netchild;</title>
+ &pgpkey.netchild;
+ </sect2>
+
+ <sect2 id="pgpkey-lesi">
+ <title>&a.lesi;</title>
+ &pgpkey.lesi;
+ </sect2>
+
+ <sect2 id="pgpkey-glewis">
+ <title>&a.glewis;</title>
+ &pgpkey.glewis;
+ </sect2>
+
+ <sect2 id="pgpkey-delphij">
+ <title>&a.delphij;</title>
+ &pgpkey.delphij;
+ </sect2>
+
+ <sect2 id="pgpkey-avatar">
+ <title>&a.avatar;</title>
+ &pgpkey.avatar;
+ </sect2>
+
+ <sect2 id="pgpkey-ijliao">
+ <title>&a.ijliao;</title>
+ &pgpkey.ijliao;
+ </sect2>
+
+ <sect2 id="pgpkey-clive">
+ <title>&a.clive;</title>
+ &pgpkey.clive;
+ </sect2>
+
+ <sect2 id="pgpkey-clsung">
+ <title>&a.clsung;</title>
+ &pgpkey.clsung;
+ </sect2>
+
+ <sect2 id="pgpkey-arved">
+ <title>&a.arved;</title>
+ &pgpkey.arved;
+ </sect2>
+
+ <sect2 id="pgpkey-remko">
+ <title>&a.remko;</title>
+ &pgpkey.remko;
+ </sect2>
+
+ <sect2 id="pgpkey-scottl">
+ <title>&a.scottl;</title>
+ &pgpkey.scottl;
+ </sect2>
+
+ <sect2 id="pgpkey-pav">
+ <title>&a.pav;</title>
+ &pgpkey.pav;
+ </sect2>
+
+ <sect2 id="pgpkey-bmah">
+ <title>&a.bmah;</title>
+ &pgpkey.bmah;
+ </sect2>
+
+ <sect2 id="pgpkey-mtm">
+ <title>&a.mtm;</title>
+ &pgpkey.mtm;
+ </sect2>
+
+ <sect2 id="pgpkey-dwmalone">
+ <title>&a.dwmalone;</title>
+ &pgpkey.dwmalone;
+ </sect2>
+
+ <sect2 id="pgpkey-sem">
+ <title>&a.sem;</title>
+ &pgpkey.sem;
+ </sect2>
+
+ <sect2 id="pgpkey-ehaupt">
+ <title>&a.ehaupt;</title>
+ &pgpkey.ehaupt;
+ </sect2>
+
+ <sect2 id="pgpkey-kwm">
+ <title>&a.kwm;</title>
+ &pgpkey.kwm;
+ </sect2>
+
+ <sect2 id="pgpkey-matusita">
+ <title>&a.matusita;</title>
+ &pgpkey.matusita;
+ </sect2>
+
+ <sect2 id="pgpkey-tmclaugh">
+ <title>&a.tmclaugh;</title>
+ &pgpkey.tmclaugh;
+ </sect2>
+
+ <sect2 id="pgpkey-ken">
+ <title>&a.ken;</title>
+ &pgpkey.ken;
+ </sect2>
+
+ <sect2 id="pgpkey-dinoex">
+ <title>&a.dinoex;</title>
+ &pgpkey.dinoex;
+ </sect2>
+
+ <sect2 id="pgpkey-sanpei">
+ <title>&a.sanpei;</title>
+ &pgpkey.sanpei;
+ </sect2>
+
+ <sect2 id="pgpkey-marcel">
+ <title>&a.marcel;</title>
+ &pgpkey.marcel;
+ </sect2>
+
+ <sect2 id="pgpkey-marck">
+ <title>&a.marck;</title>
+ &pgpkey.marck;
+ </sect2>
+
+ <sect2 id="pgpkey-tmm">
+ <title>&a.tmm;</title>
+ &pgpkey.tmm;
+ </sect2>
+
+ <sect2 id="pgpkey-rich">
+ <title>&a.rich;</title>
+ &pgpkey.rich;
+ </sect2>
+
+ <sect2 id="pgpkey-knu">
+ <title>&a.knu;</title>
+ &pgpkey.knu;
+ </sect2>
+
+ <sect2 id="pgpkey-max">
+ <title>&a.max;</title>
+ &pgpkey.max;
+ </sect2>
+
+ <sect2 id="pgpkey-yoichi">
+ <title>&a.yoichi;</title>
+ &pgpkey.yoichi;
+ </sect2>
+
+ <sect2 id="pgpkey-bland">
+ <title>&a.bland;</title>
+ &pgpkey.bland;
+ </sect2>
+
+ <sect2 id="pgpkey-simon">
+ <title>&a.simon;</title>
+ &pgpkey.simon;
+ </sect2>
+
+ <sect2 id="pgpkey-anders">
+ <title>&a.anders;</title>
+ &pgpkey.anders;
+ </sect2>
+
+ <sect2 id="pgpkey-obrien">
+ <title>&a.obrien;</title>
+ &pgpkey.obrien;
+ </sect2>
+
+ <sect2 id="pgpkey-philip">
+ <title>&a.philip;</title>
+ &pgpkey.philip;
+ </sect2>
+
+ <sect2 id="pgpkey-hmp">
+ <title>&a.hmp;</title>
+ &pgpkey.hmp;
+ </sect2>
+
+ <sect2 id="pgpkey-mp">
+ <title>&a.mp;</title>
+ &pgpkey.mp;
+ </sect2>
+
+ <sect2 id="pgpkey-roam">
+ <title>&a.roam;</title>
+ &pgpkey.roam;
+ </sect2>
+
+ <sect2 id="pgpkey-den">
+ <title>&a.den;</title>
+ &pgpkey.den;
+ </sect2>
+
+ <sect2 id="pgpkey-gerald">
+ <title>&a.gerald;</title>
+ &pgpkey.gerald;
+ </sect2>
+
+ <sect2 id="pgpkey-jdp">
+ <title>&a.jdp;</title>
+ &pgpkey.jdp;
+ </sect2>
+
+ <sect2 id="pgpkey-krion">
+ <title>&a.krion;</title>
+ &pgpkey.krion;
+ </sect2>
+
+ <sect2 id="pgpkey-markp">
+ <title>&a.markp;</title>
+ &pgpkey.markp;
+ </sect2>
+
+ <sect2 id="pgpkey-thomas">
+ <title>&a.thomas;</title>
+ &pgpkey.thomas;
+ </sect2>
+
+ <sect2 id="pgpkey-hq">
+ <title>&a.hq;</title>
+ &pgpkey.hq;
+ </sect2>
+
+ <sect2 id="pgpkey-dfr">
+ <title>&a.dfr;</title>
+ &pgpkey.dfr;
+ </sect2>
+
+ <sect2 id="pgpkey-rees">
+ <title>&a.rees;</title>
+ &pgpkey.rees;
+ </sect2>
+
+ <sect2 id="pgpkey-trhodes">
+ <title>&a.trhodes;</title>
+ &pgpkey.trhodes;
+ </sect2>
+
+ <sect2 id="pgpkey-benno">
+ <title>&a.benno;</title>
+ &pgpkey.benno;
+ </sect2>
+
+ <sect2 id="pgpkey-roberto">
+ <title>&a.roberto;</title>
+ &pgpkey.roberto;
+ </sect2>
+
+ <sect2 id="pgpkey-rodrigc">
+ <title>&a.rodrigc;</title>
+ &pgpkey.rodrigc;
+ </sect2>
+
+ <sect2 id="pgpkey-guido">
+ <title>&a.guido;</title>
+ &pgpkey.guido;
+ </sect2>
+
+ <sect2 id="pgpkey-niklas">
+ <title>&a.niklas;</title>
+ &pgpkey.niklas;
+ </sect2>
+
+ <sect2 id="pgpkey-marks">
+ <title>&a.marks;</title>
+ &pgpkey.marks;
+ </sect2>
+
+ <sect2 id="pgpkey-hrs">
+ <title>&a.hrs;</title>
+ &pgpkey.hrs;
+ </sect2>
+
+ <sect2 id="pgpkey-wosch">
+ <title>&a.wosch;</title>
+ &pgpkey.wosch;
+ </sect2>
+
+ <sect2 id="pgpkey-das">
+ <title>&a.das;</title>
+ &pgpkey.das;
+ </sect2>
+
+ <sect2 id="pgpkey-schweikh">
+ <title>&a.schweikh;</title>
+ &pgpkey.schweikh;
+ </sect2>
+
+ <sect2 id="pgpkey-gshapiro">
+ <title>&a.gshapiro;</title>
+ &pgpkey.gshapiro;
+ </sect2>
+
+ <sect2 id="pgpkey-arun">
+ <title>&a.arun;</title>
+ &pgpkey.arun;
+ </sect2>
+
+ <sect2 id="pgpkey-nork">
+ <title>&a.nork;</title>
+ &pgpkey.nork;
+ </sect2>
+
+ <sect2 id="pgpkey-vanilla">
+ <title>&a.vanilla;</title>
+ &pgpkey.vanilla;
+ </sect2>
+
+ <sect2 id="pgpkey-demon">
+ <title>&a.demon;</title>
+ &pgpkey.demon;
+ </sect2>
+
+ <sect2 id="pgpkey-jesper">
+ <title>&a.jesper;</title>
+ &pgpkey.jesper;
+ </sect2>
+
+ <sect2 id="pgpkey-scop">
+ <title>&a.scop;</title>
+ &pgpkey.scop;
+ </sect2>
+
+ <sect2 id="pgpkey-anray">
+ <title>&a.anray;</title>
+ &pgpkey.anray;
+ </sect2>
+
+ <sect2 id="pgpkey-glebius">
+ <title>&a.glebius;</title>
+ &pgpkey.glebius;
+ </sect2>
+
+ <sect2 id="pgpkey-kensmith">
+ <title>&a.kensmith;</title>
+ &pgpkey.kensmith;
+ </sect2>
+
+ <sect2 id="pgpkey-ben">
+ <title>&a.ben;</title>
+ &pgpkey.ben;
+ </sect2>
+
+ <sect2 id="pgpkey-des">
+ <title>&a.des;</title>
+ &pgpkey.des;
+ </sect2>
+
+ <sect2 id="pgpkey-sobomax">
+ <title>&a.sobomax;</title>
+ &pgpkey.sobomax;
+ </sect2>
+
+ <sect2 id="pgpkey-brian">
+ <title>&a.brian;</title>
+ &pgpkey.brian;
+ </sect2>
+
+ <sect2 id="pgpkey-nsouch">
+ <title>&a.nsouch;</title>
+ &pgpkey.nsouch;
+ </sect2>
+
+ <sect2 id="pgpkey-ssouhlal">
+ <title>&a.ssouhlal;</title>
+ &pgpkey.ssouhlal;
+ </sect2>
+
+ <sect2 id="pgpkey-vsevolod">
+ <title>&a.vsevolod;</title>
+ &pgpkey.vsevolod;
+ </sect2>
+
+ <sect2 id="pgpkey-vs">
+ <title>&a.vs;</title>
+ &pgpkey.vs;
+ </sect2>
+
+ <sect2 id="pgpkey-gsutter">
+ <title>&a.gsutter;</title>
+ &pgpkey.gsutter;
+ </sect2>
+
+ <sect2 id="pgpkey-metal">
+ <title>&a.metal;</title>
+ &pgpkey.metal;
+ </sect2>
+
+ <sect2 id="pgpkey-garys">
+ <title>&a.garys;</title>
+ &pgpkey.garys;
+ </sect2>
+
+ <sect2 id="pgpkey-nyan">
+ <title>&a.nyan;</title>
+ &pgpkey.nyan;
+ </sect2>
+
+ <sect2 id="pgpkey-mi">
+ <title>&a.mi;</title>
+ &pgpkey.mi;
+ </sect2>
+
+ <sect2 id="pgpkey-gordon">
+ <title>&a.gordon;</title>
+ &pgpkey.gordon;
+ </sect2>
+
+ <sect2 id="pgpkey-lth">
+ <title>&a.lth;</title>
+ &pgpkey.lth;
+ </sect2>
+
+ <sect2 id="pgpkey-thierry">
+ <title>&a.thierry;</title>
+ &pgpkey.thierry;
+ </sect2>
+
+ <sect2 id="pgpkey-thompsa">
+ <title>&a.thompsa;</title>
+ &pgpkey.thompsa;
+ </sect2>
+
+ <sect2 id="pgpkey-flz">
+ <title>&a.flz;</title>
+ &pgpkey.flz;
+ </sect2>
+
+ <sect2 id="pgpkey-ume">
+ <title>&a.ume;</title>
+ &pgpkey.ume;
+ </sect2>
+
+ <sect2 id="pgpkey-ups">
+ <title>&a.ups;</title>
+ &pgpkey.ups;
+ </sect2>
+
+ <sect2 id="pgpkey-nectar">
+ <title>&a.nectar;</title>
+ &pgpkey.nectar;
+ </sect2>
+
+ <sect2 id="pgpkey-adamw">
+ <title>&a.adamw;</title>
+ &pgpkey.adamw;
+ </sect2>
+
+ <sect2 id="pgpkey-nate">
+ <title>&a.nate;</title>
+ &pgpkey.nate;
+ </sect2>
+
+ <sect2 id="pgpkey-wollman">
+ <title>&a.wollman;</title>
+ &pgpkey.wollman;
+ </sect2>
+
+ <sect2 id="pgpkey-joerg">
+ <title>&a.joerg;</title>
+ &pgpkey.joerg;
+ </sect2>
+
+ <sect2 id="pgpkey-emax">
+ <title>&a.emax;</title>
+ &pgpkey.emax;
+ </sect2>
+
+ <sect2 id="pgpkey-bz">
+ <title>&a.bz;</title>
+ &pgpkey.bz;
+ </sect2>
+
+ <sect2 id="pgpkey-phantom">
+ <title>&a.phantom;</title>
+ &pgpkey.phantom;
+ </sect2>
+
+ </sect1>
+</appendix>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../appendix.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "appendix")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/ports/Makefile b/zh_TW.Big5/books/handbook/ports/Makefile
new file mode 100644
index 0000000000..93280bcae8
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/ports/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= ports/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/ports/chapter.sgml b/zh_TW.Big5/books/handbook/ports/chapter.sgml
new file mode 100644
index 0000000000..64393aaf09
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/ports/chapter.sgml
@@ -0,0 +1,1405 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="ports">
+ <title>Installing Applications: Packages and Ports</title>
+
+ <sect1 id="ports-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm><primary>ports</primary></indexterm>
+ <indexterm><primary>packages</primary></indexterm>
+ <para>FreeBSD is bundled with a rich collection of system tools as
+ part of the base system. However, there is only so much one can
+ do before needing to install an additional third-party
+ application to get real work done. FreeBSD provides two
+ complementary technologies for installing third party software
+ on your system: the FreeBSD Ports Collection (for installing from
+ source), and packages (for installing from pre-built binaries).
+ Either method may be used to install the
+ newest version of your favorite applications from local media or
+ straight off the network.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to install third-party binary software packages.</para>
+ </listitem>
+ <listitem>
+ <para>How to build third-party software from source by using the ports
+ collection.</para>
+ </listitem>
+ <listitem>
+ <para>How to remove previously installed packages or ports.</para>
+ </listitem>
+ <listitem>
+ <para>How to override the default values that the ports
+ collection uses.</para>
+ </listitem>
+ <listitem>
+ <para>How to find the appropriate software package.</para>
+ </listitem>
+ <listitem>
+ <para>How to upgrade your applications.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="ports-overview">
+ <title>Overview of Software Installation</title>
+
+ <para>If you have used a &unix; system before you will know that
+ the typical procedure for installing third party software goes
+ something like this:</para>
+
+ <procedure>
+ <step>
+ <para>Download the software, which might be distributed in
+ source code format, or as a binary.</para>
+ </step>
+
+ <step>
+ <para>Unpack the software from its distribution format
+ (typically a tarball compressed with &man.compress.1;,
+ &man.gzip.1;, or &man.bzip2.1;).</para>
+ </step>
+
+ <step>
+ <para>Locate the documentation (perhaps an
+ <filename>INSTALL</filename> or <filename>README</filename>
+ file, or some files in a <filename>doc/</filename>
+ subdirectory) and read up on how to install the
+ software.</para>
+ </step>
+
+ <step>
+ <para>If the software was distributed in source format,
+ compile it. This may involve editing a
+ <filename>Makefile</filename>, or running a
+ <command>configure</command> script, and other work.</para>
+ </step>
+
+ <step>
+ <para>Test and install the software.</para>
+ </step>
+ </procedure>
+
+ <para>And that is only if everything goes well. If you are
+ installing a software package that was not deliberately ported
+ to FreeBSD you may even have to go in and edit the code to make
+ it work properly.</para>
+
+ <para>Should you want to, you can continue to install software the
+ <quote>traditional</quote> way with FreeBSD. However, FreeBSD
+ provides two technologies which can save you a lot of effort:
+ packages and ports. At the time of writing, over &os.numports;
+ third party applications have been made available in this
+ way.</para>
+
+ <para>For any given application, the FreeBSD package for that
+ application is a single file which you must download. The
+ package contains pre-compiled copies of all the commands for the
+ application, as well as any configuration files or
+ documentation. A downloaded package file can be manipulated
+ with FreeBSD package management commands, such as
+ &man.pkg.add.1;, &man.pkg.delete.1;, &man.pkg.info.1;, and so
+ on. Installing a new application can be carried out with a
+ single command.</para>
+
+ <para>A FreeBSD port for an application is a collection of files
+ designed to automate the process of compiling an application
+ from source code.</para>
+
+ <para>Remember that there are a number of steps you would normally
+ carry out if you compiled a program yourself (downloading,
+ unpacking, patching, compiling, installing). The files that
+ make up a port contain all the necessary information to allow
+ the system to do this for you. You run a handful of simple
+ commands and the source code for the application is
+ automatically downloaded, extracted, patched, compiled, and
+ installed for you.</para>
+
+ <para>In fact, the ports system can also be used to generate packages
+ which can later be manipulated with <command>pkg_add</command>
+ and the other package management commands that will be introduced
+ shortly.</para>
+
+ <para>Both packages and ports understand
+ <emphasis>dependencies</emphasis>. Suppose you want to install
+ an application that depends on a specific library being
+ installed. Both the application and the library have been made
+ available as FreeBSD ports and packages. If you use the
+ <command>pkg_add</command> command or the ports system to add
+ the application, both will notice that the library has not been
+ installed, and automatically install the library first.</para>
+
+ <para>Given that the two technologies are quite similar, you might
+ be wondering why FreeBSD bothers with both. Packages and ports
+ both have their own strengths, and which one you use will depend
+ on your own preference.</para>
+
+ <itemizedlist>
+ <title>Package Benefits</title>
+
+ <listitem>
+ <para>A compressed package tarball is typically smaller than
+ the compressed tarball containing the source code for the
+ application.</para>
+ </listitem>
+
+ <listitem>
+ <para>Packages do not require any additional compilation. For
+ large applications, such as
+ <application>Mozilla</application>,
+ <application>KDE</application>, or
+ <application>GNOME</application> this can be important,
+ particularly if you are on a slow system.</para>
+ </listitem>
+
+ <listitem>
+ <para>Packages do not require any understanding of the process
+ involved in compiling software on FreeBSD.</para>
+ </listitem>
+ </itemizedlist>
+
+ <itemizedlist>
+ <title>Ports Benefits</title>
+
+ <listitem>
+ <para>Packages are normally compiled with conservative options,
+ because they have to run on the maximum number of systems. By
+ installing from the port, you can tweak the compilation options to
+ (for example) generate code that is specific to a Pentium
+ IV or Athlon processor.</para>
+ </listitem>
+
+ <listitem>
+ <para>Some applications have compile time options relating to
+ what they can and cannot do. For example,
+ <application>Apache</application> can be configured with a
+ wide variety of different built-in options. By building
+ from the port you do not have to accept the default options,
+ and can set them yourself.</para>
+
+ <para>In some cases, multiple packages will exist for the same
+ application to specify certain settings. For example,
+ <application>Ghostscript</application> is available as a
+ <filename>ghostscript</filename> package and a
+ <filename>ghostscript-nox11</filename> package, depending on
+ whether or not you have installed an X11 server. This sort
+ of rough tweaking is possible with packages, but rapidly
+ becomes impossible if an application has more than one or
+ two different compile time options.</para>
+ </listitem>
+
+ <listitem>
+ <para>The licensing conditions of some software distributions forbid
+ binary distribution. They must be distributed as source
+ code.</para>
+ </listitem>
+
+ <listitem>
+ <para>Some people do not trust binary distributions. At least
+ with source code, you can (in theory) read through it and
+ look for potential problems yourself.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you have local patches, you will need the source in order to
+ apply them.</para>
+ </listitem>
+
+ <listitem>
+ <para>Some people like having code around, so they can read it
+ if they get bored, hack it, borrow from it (license
+ permitting, of course), and so on.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>To keep track of updated ports, subscribe to the
+ &a.ports; and the &a.ports-bugs;.</para>
+
+ <warning>
+ <para>Before installing any application, you should check <ulink
+ url="http://vuxml.freebsd.org/"></ulink> for security issues
+ related to your application.</para>
+
+ <para>You can also install <filename
+ role="package">security/portaudit</filename> which will
+ automatically check all installed applications for known
+ vulnerabilities; a check will be also performed before any port
+ build. Meanwhile, you can use the command <command>portaudit
+ -F -a</command> after you have installed some
+ packages.</para>
+ </warning>
+
+ <para>The remainder of this chapter will explain how to use
+ packages and ports to install and manage third party software on
+ FreeBSD.</para>
+ </sect1>
+
+ <sect1 id="ports-finding-applications">
+ <title>Finding Your Application</title>
+
+ <para>Before you can install any applications you need to know what you
+ want, and what the application is called.</para>
+
+ <para>FreeBSD's list of available applications is growing all the
+ time. Fortunately, there are a number of ways to find what you
+ want:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The FreeBSD web site maintains an up-to-date searchable
+ list of all the available applications, at <ulink
+ url="&url.base;/ports/index.html">http://www.FreeBSD.org/ports/</ulink>.
+ The ports are divided into categories, and you may either
+ search for an application by name (if you know it), or see
+ all the applications available in a category.</para>
+ </listitem>
+
+ <indexterm><primary>FreshPorts</primary></indexterm>
+
+ <listitem>
+ <para>Dan Langille maintains FreshPorts, at <ulink
+ url="http://www.FreshPorts.org/"></ulink>. FreshPorts
+ tracks changes to the applications in the ports tree as they
+ happen, allows you to <quote>watch</quote> one or more
+ ports, and can send you email when they are updated.</para>
+ </listitem>
+
+ <indexterm><primary>FreshMeat</primary></indexterm>
+
+ <listitem>
+ <para>If you do not know the name of the application you want,
+ try using a site like FreshMeat (<ulink
+ url="http://www.freshmeat.net/"></ulink>) to find an
+ application, then check back at the FreeBSD site to see if
+ the application has been ported yet.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you know the exact name of the port, but just need to
+ find out which category it is in, you can use the
+ &man.whereis.1; command.
+ Simply type <command>whereis
+ <replaceable>file</replaceable></command>, where
+ <replaceable>file</replaceable> is the program you want to
+ install. If it is found on your system, you will be told
+ where it is, as follows:</para>
+
+ <screen>&prompt.root; <userinput>whereis lsof</userinput>
+lsof: /usr/ports/sysutils/lsof</screen>
+
+ <para>This tells us that <command>lsof</command> (a system
+ utility) can be found in the
+ <filename>/usr/ports/sysutils/lsof</filename>
+ directory.</para></listitem>
+
+ <listitem>
+ <para>Yet another way to find a particular port is by using the
+ Ports Collection's built-in search mechanism. To use the
+ search feature, you will need to be in the
+ <filename>/usr/ports</filename> directory. Once in that
+ directory, run <command>make search
+ name=<replaceable>program-name</replaceable></command> where
+ <replaceable>program-name</replaceable> is the name of the
+ program you want to find. For example, if you were looking
+ for <command>lsof</command>:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports</userinput>
+&prompt.root; <userinput>make search name=lsof</userinput>
+Port: lsof-4.56.4
+Path: /usr/ports/sysutils/lsof
+Info: Lists information about open files (similar to fstat(1))
+Maint: obrien@FreeBSD.org
+Index: sysutils
+B-deps:
+R-deps: </screen>
+
+ <para>The part of the output you want to pay particular
+ attention to is the <quote>Path:</quote> line, since that
+ tells you where to find the port. The other information
+ provided is not needed in order to install the port, so it
+ will not be covered here.</para>
+
+ <para>For more in-depth searching you can also use <command>make
+ search key=<replaceable>string</replaceable></command> where
+ <replaceable>string</replaceable> is some text to search for.
+ This searches port names, comments, descriptions and
+ dependencies and can be used to find ports which relate to a
+ particular subject if you do not know the name of the program
+ you are looking for.</para>
+
+ <para>In both of these cases, the search string is case-insensitive.
+ Searching for <quote>LSOF</quote> will yield the same results as
+ searching for <quote>lsof</quote>.</para>
+ </listitem>
+
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="packages-using">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 30 Mar 2001 -->
+ </sect1info>
+
+ <title>Using the Packages System</title>
+
+ <sect2>
+ <title>Installing a Package</title>
+ <indexterm>
+ <primary>packages</primary>
+ <secondary>installing</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary><command>pkg_add</command></primary>
+ </indexterm>
+ <para>You can use the &man.pkg.add.1; utility to install a
+ FreeBSD software package from a local file or from a server on
+ the network.</para>
+
+ <example>
+ <title>Downloading a Package Manually and Installing It Locally</title>
+
+ <screen>&prompt.root; <userinput>ftp -a <replaceable>ftp2.FreeBSD.org</replaceable></userinput>
+Connected to ftp2.FreeBSD.org.
+220 ftp2.FreeBSD.org FTP server (Version 6.00LS) ready.
+331 Guest login ok, send your email address as password.
+230-
+230- This machine is in Vienna, VA, USA, hosted by Verio.
+230- Questions? E-mail freebsd@vienna.verio.net.
+230-
+230-
+230 Guest login ok, access restrictions apply.
+Remote system type is UNIX.
+Using binary mode to transfer files.
+<prompt>ftp></prompt> <userinput>cd /pub/FreeBSD/ports/packages/sysutils/</userinput>
+250 CWD command successful.
+<prompt>ftp></prompt> <userinput>get lsof-4.56.4.tgz</userinput>
+local: lsof-4.56.4.tgz remote: lsof-4.56.4.tgz
+200 PORT command successful.
+150 Opening BINARY mode data connection for 'lsof-4.56.4.tgz' (92375 bytes).
+100% |**************************************************| 92375 00:00 ETA
+226 Transfer complete.
+92375 bytes received in 5.60 seconds (16.11 KB/s)
+<prompt>ftp></prompt> <userinput>exit</userinput>
+&prompt.root; <userinput>pkg_add <replaceable>lsof-4.56.4.tgz</replaceable></userinput></screen>
+ </example>
+
+ <para>If you do not have a source of local packages (such as a
+ FreeBSD CD-ROM set) then it will probably be easier to use the
+ <option>-r</option> option to &man.pkg.add.1;. This will
+ cause the utility to automatically determine the correct
+ object format and release and then fetch and install the
+ package from an FTP site.
+ </para>
+
+ <indexterm>
+ <primary><command>pkg_add</command></primary></indexterm>
+ <screen>&prompt.root; <userinput>pkg_add -r <replaceable>lsof</replaceable></userinput></screen>
+
+ <para>The example above would download the correct package and
+ add it without any further user intervention.
+ If you want to specify an alternative &os; Packages Mirror,
+ instead of the main distribution site, you have to set
+ <envar>PACKAGESITE</envar> accordingly, to
+ override the default settings. &man.pkg.add.1;
+ uses &man.fetch.3; to download the files, which honors various
+ environment variables, including
+ <envar>FTP_PASSIVE_MODE</envar>, <envar>FTP_PROXY</envar>, and
+ <envar>FTP_PASSWORD</envar>. You may need to set one or more
+ of these if you are behind a firewall, or need to use an
+ FTP/HTTP proxy. See &man.fetch.3; for the complete list.
+ Note that in the example above
+ <literal>lsof</literal> is used instead of
+ <literal>lsof-4.56.4</literal>. When the remote fetching
+ feature is used, the version number of the package must be
+ removed. &man.pkg.add.1; will automatically fetch the latest
+ version of the application.</para>
+
+ <note>
+ <para>&man.pkg.add.1; will download the latest version of
+ your application if you are using &os.current; or
+ &os.stable;. If you run a -RELEASE version, it will grab
+ the version of the package that was built with your
+ release. It is possible to change this behavior by
+ overriding the <envar>PACKAGESITE</envar> environment
+ variable. For example, if you run a &os;&nbsp;5.4-RELEASE
+ system, by default &man.pkg.add.1; will try to fetch
+ packages from
+ <literal>ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/</literal>.
+ If you want to force &man.pkg.add.1; to download
+ &os;&nbsp;5-STABLE packages, set <envar>PACKAGESITE</envar>
+ to
+ <literal>ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/Latest/</literal>.
+ </para>
+ </note>
+
+ <para>Package files are distributed in <filename>.tgz</filename>
+ and <filename>.tbz</filename> formats. You can find them at <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/packages/"></ulink>,
+ or on the FreeBSD CD-ROM distribution. Every CD on the
+ FreeBSD 4-CD set (and the PowerPak, etc.) contains packages
+ in the <filename>/packages</filename> directory. The layout
+ of the packages is similar to that of the
+ <filename>/usr/ports</filename> tree. Each category has its
+ own directory, and every package can be found within the
+ <filename>All</filename> directory.
+ </para>
+
+ <para>The directory structure of the package system matches the
+ ports layout; they work with each other to form the entire
+ package/port system.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Managing Packages</title>
+
+ <indexterm>
+ <primary>packages</primary>
+ <secondary>managing</secondary>
+ </indexterm>
+ <para>&man.pkg.info.1; is a utility that lists and describes
+ the various packages installed.
+ </para>
+
+ <indexterm>
+ <primary><command>pkg_info</command></primary>
+ </indexterm>
+ <screen>&prompt.root; <userinput>pkg_info</userinput>
+cvsup-16.1 A general network file distribution system optimized for CV
+docbook-1.2 Meta-port for the different versions of the DocBook DTD
+...</screen>
+ <para>&man.pkg.version.1; is a utility that summarizes the
+ versions of all installed packages. It compares the package
+ version to the current version found in the ports tree.
+ </para>
+ <indexterm>
+ <primary><command>pkg_version</command></primary>
+ </indexterm>
+ <screen>&prompt.root; <userinput>pkg_version</userinput>
+cvsup =
+docbook =
+...</screen>
+
+ <para>The symbols in the second column indicate the relative age
+ of the installed version and the version available in the
+ local ports tree.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Symbol</entry>
+ <entry>Meaning</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>=</entry> <entry>The version of the
+ installed package matches the one found in the
+ local ports tree.</entry>
+ </row>
+
+ <row><entry>&lt;</entry>
+ <entry>The installed version is older than the one available
+ in the ports tree.</entry>
+ </row>
+
+ <row><entry>&gt;</entry><entry>The installed version is newer
+ than the one found in the local ports tree. (The local ports
+ tree is probably out of date.)</entry></row>
+
+ <row><entry>?</entry><entry>The installed package cannot be
+ found in the ports index. (This can happen, for instance, if an
+ installed port is removed from the Ports Collection or
+ renamed.)</entry></row>
+
+ <row><entry>*</entry><entry>There are multiple versions of the
+ package.</entry></row>
+
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
+ <sect2>
+ <title>Deleting a Package</title>
+ <indexterm>
+ <primary><command>pkg_delete</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>packages</primary>
+ <secondary>deleting</secondary>
+ </indexterm>
+ <para>To remove a previously installed software package, use the
+ &man.pkg.delete.1; utility.
+ </para>
+
+ <screen>&prompt.root; <userinput>pkg_delete <replaceable>xchat-1.7.1</replaceable></userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Miscellaneous</title>
+ <para>All package information is stored within the
+ <filename>/var/db/pkg</filename> directory. The installed
+ file list and descriptions of each package can be found within
+ files in this directory.
+ </para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="ports-using">
+ <title>Using the Ports Collection</title>
+
+ <para>The following sections provide basic instructions on using the
+ Ports Collection to install or remove programs from your
+ system. The detailed description of available <command>make</command>
+ targets and environment variables is available in &man.ports.7;.</para>
+
+ <sect2 id="ports-tree">
+ <title>Obtaining the Ports Collection</title>
+
+ <para>Before you can install ports, you must first obtain the
+ Ports Collection&mdash;which is essentially a set of
+ <filename>Makefiles</filename>, patches, and description files
+ placed in <filename>/usr/ports</filename>.
+ </para>
+
+ <para>When installing your FreeBSD system,
+ <application>sysinstall</application> asked if you would like
+ to install the Ports Collection. If you chose no, you can
+ follow these instructions to obtain the ports
+ collection:</para>
+
+ <procedure>
+ <title>CVSup Method</title>
+
+ <para>This is a quick method for getting and keeping your copy of the
+ Ports Collection up to date using <application>CVSup</application>.
+ If you want to learn more about <application>CVSup</application>, see
+ <link linkend="cvsup">Using CVSup</link>.</para>
+
+ <step>
+ <para>Install the <filename
+ role="package">net/cvsup-without-gui</filename> package:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r cvsup-without-gui</userinput></screen>
+
+ <para>See <link
+ linkend="cvsup-install">CVSup Installation</link> (<xref
+ linkend="cvsup-install">) for more details.</para>
+ </step>
+
+ <step>
+ <para>Run <command>cvsup</command>:</para>
+
+ <screen>&prompt.root; <userinput>cvsup -L 2 -h <replaceable>cvsup.FreeBSD.org</replaceable> /usr/share/examples/cvsup/ports-supfile</userinput></screen>
+
+ <para>Change
+ <replaceable>cvsup.FreeBSD.org</replaceable> to a
+ <application>CVSup</application> server near you. See
+ <link linkend="cvsup-mirrors">CVSup Mirrors</link> (<xref
+ linkend="cvsup-mirrors">) for a complete listing of mirror
+ sites.</para>
+
+ <note>
+ <para>One may want to use his own
+ <filename>ports-supfile</filename>, for example to avoid
+ the need of passing the <application>CVSup</application>
+ server on the command line.</para>
+
+ <procedure>
+ <step>
+ <para>In this case, as <username>root</username>, copy
+ <filename>/usr/share/examples/cvsup/ports-supfile</filename>
+ to a new location, such as
+ <filename>/root</filename> or your home
+ directory.</para>
+ </step>
+
+ <step>
+ <para>Edit <filename>ports-supfile</filename>.</para>
+ </step>
+
+ <step>
+ <para>Change
+ <replaceable>CHANGE_THIS.FreeBSD.org</replaceable>
+ to a <application>CVSup</application> server near
+ you. See <link linkend="cvsup-mirrors">CVSup
+ Mirrors</link> (<xref linkend="cvsup-mirrors">) for
+ a complete listing of mirror sites.</para>
+ </step>
+
+ <step>
+ <para>And now to run <command>cvsup</command>, use the
+ following:</para>
+
+ <screen>&prompt.root; <userinput>cvsup -L 2 <replaceable>/root/ports-supfile</replaceable></userinput></screen>
+ </step>
+ </procedure>
+ </note>
+ </step>
+
+ <step>
+ <para>Running the &man.cvsup.1; command later will download and apply all
+ the recent changes to your Ports Collection, except
+ actually rebuilding the ports for your own system.</para>
+ </step>
+ </procedure>
+
+ <procedure>
+ <title>Portsnap Method</title>
+
+ <para>&man.portsnap.8; is an alternative system for distributing the
+ Ports Collection. It was first included in &os;&nbsp;6.0. On older
+ systems, you can install it from <filename
+ role="package">sysutils/portsnap</filename> port:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r portsnap</userinput></screen>
+
+ <para>Please refer to <link linkend="portsnap">Using Portsnap</link>
+ for a detailed description of all <application>Portsnap</application>
+ features.</para>
+
+ <step>
+ <para>Create an empty directory <filename
+ role="directory">/usr/ports</filename> if it does not exists.</para>
+
+ <screen>&prompt.root; <userinput>mkdir /usr/ports</userinput></screen>
+ </step>
+
+ <step>
+ <para>Download a compressed snapshot of the Ports Collection into
+ <filename role="directory">/var/db/portsnap</filename>. You can
+ disconnect from the Internet after this step, if you wish.</para>
+
+ <screen>&prompt.root; <userinput>portsnap fetch</userinput></screen>
+ </step>
+
+ <step>
+ <para>If you are running <application>Portsnap</application> for the
+ first time, extract the snapshot into <filename
+ role="directory">/usr/ports</filename>:
+ </para>
+
+ <screen>&prompt.root; <userinput>portsnap extract</userinput></screen>
+
+ <para>If you already have a populated <filename
+ role="directory">/usr/ports</filename> and you are just updating,
+ run the following command instead:</para>
+
+ <screen>&prompt.root; <userinput>portsnap update</userinput></screen>
+ </step>
+
+ </procedure>
+
+ <procedure>
+ <title>Sysinstall Method</title>
+
+ <para>This method involves using <application>sysinstall</application>
+ to install the Ports Collection from the installation media. Note
+ that the old copy of Ports Collection from the date of the release
+ will be installed. If you have Internet access, you should always
+ use one of the methods mentioned above.</para>
+
+ <step>
+ <para>As <username>root</username>, run
+ <command>sysinstall</command>
+ (<command>/stand/sysinstall</command> in &os;
+ versions older than 5.2) as shown below:</para>
+
+ <screen>&prompt.root; <userinput>sysinstall</userinput></screen>
+ </step>
+
+ <step>
+ <para>Scroll down and select <guimenuitem>Configure</guimenuitem>,
+ press <keycap>Enter</keycap>.</para>
+ </step>
+
+ <step>
+ <para>Scroll down and select
+ <guimenuitem>Distributions</guimenuitem>, press
+ <keycap>Enter</keycap>.</para>
+ </step>
+
+ <step>
+ <para>Scroll down to <guimenuitem>ports</guimenuitem>, press
+ <keycap>Space</keycap>.</para>
+ </step>
+
+ <step>
+ <para>Scroll up to <guimenuitem>Exit</guimenuitem>, press
+ <keycap>Enter</keycap>.</para>
+ </step>
+
+ <step>
+ <para>Select your desired installation media, such as CDROM,
+ FTP, and so on.</para>
+ </step>
+
+ <step>
+ <para>Scroll up to <guimenuitem>Exit</guimenuitem> and press
+ <keycap>Enter</keycap>.</para>
+ </step>
+
+ <step>
+ <para>Press <keycap>X</keycap> to exit
+ <application>sysinstall</application>.</para>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2 id="ports-skeleton">
+ <title>Installing Ports</title>
+
+ <indexterm>
+ <primary>ports</primary>
+ <secondary>installing</secondary>
+ </indexterm>
+ <para>The first thing that should be explained when it comes to
+ the Ports Collection is what is actually meant by a
+ <quote>skeleton</quote>. In a nutshell, a port skeleton is a
+ minimal set of files that tell your FreeBSD system how to
+ cleanly compile and install a program. Each port skeleton
+ includes:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>A <filename>Makefile</filename>. The
+ <filename>Makefile</filename> contains various statements
+ that specify how the application should be compiled and
+ where it should be installed on your system.</para>
+ </listitem>
+
+ <listitem>
+ <para>A <filename>distinfo</filename> file. This file
+ contains information about the files that must be
+ downloaded to build the port and their checksums, to
+ verify that files have not been corrupted during the
+ download using &man.md5.1;.</para>
+ </listitem>
+
+ <listitem>
+ <para>A <filename>files</filename> directory. This
+ directory contains patches to make the program compile and
+ install on your FreeBSD system. Patches are basically
+ small files that specify changes to particular files.
+ They are in plain text format, and basically say
+ <quote>Remove line 10</quote> or <quote>Change line 26 to
+ this ...</quote>. Patches are also known as
+ <quote>diffs</quote> because they are generated by the
+ &man.diff.1; program.</para>
+
+ <para>This directory may also contain other files used to build
+ the port.</para>
+ </listitem>
+
+ <listitem>
+ <para>A <filename>pkg-descr</filename> file. This is a more
+ detailed, often multiple-line, description of the program.</para>
+ </listitem>
+
+ <listitem>
+ <para>A <filename>pkg-plist</filename> file. This is a list
+ of all the files that will be installed by the port. It
+ also tells the ports system what files to remove upon
+ deinstallation.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Some ports have other files, such as
+ <filename>pkg-message</filename>. The ports system uses these
+ files to handle special situations. If you want more details
+ on these files, and on ports in general, check out the <ulink
+ url="&url.books.porters-handbook;/index.html">FreeBSD Porter's
+ Handbook</ulink>.</para>
+
+ <para>The port includes instructions on how to build source
+ code, but does not include the actual source code. You can
+ get the source code from a CD-ROM or from the Internet.
+ Source code is distributed in whatever manner the software
+ author desires. Frequently this is a tarred and gzipped file,
+ but it might be compressed with some other tool or even
+ uncompressed. The program source code, whatever form it comes
+ in, is called a <quote>distfile</quote>. The two methods for
+ installing a &os; port are described below.</para>
+
+ <note>
+ <para>You must be logged in as <username>root</username> to
+ install ports.</para>
+ </note>
+
+ <warning>
+ <para>Before installing any port, you should be sure to have
+ an up-to-date Ports Collection and you should check <ulink
+ url="http://vuxml.freebsd.org/"></ulink> for security issues
+ related to your port.</para>
+
+ <para>A security vulnerabilities check can be automatically
+ done by <application>portaudit</application> before any new
+ application installation. This tool can be found in the
+ Ports Collection (<filename
+ role="package">security/portaudit</filename>). Consider
+ running <command>portaudit -F</command> before installing a
+ new port, to fetch the current vulnerabilities database. A
+ security audit and an update of the database will be
+ performed during the daily security system check. For more
+ information read the &man.portaudit.1; and &man.periodic.8;
+ manual pages.</para>
+ </warning>
+
+ <para>The Ports Collection makes an assumption that you have a working
+ Internet connection. If you do not, you will need to put a copy of the
+ distfile into <filename>/usr/ports/distfiles</filename>
+ manually.</para>
+
+ <para>To begin, change to the directory for the port you want to
+ install:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/sysutils/lsof</userinput></screen>
+
+ <para>Once inside the <filename>lsof</filename> directory, you
+ will see the port skeleton. The next step is to compile, or
+ <quote>build</quote>, the port. This is done by simply
+ typing <command>make</command> at the prompt. Once you have
+ done so, you should see something like this:</para>
+
+ <screen>&prompt.root; <userinput>make</userinput>
+&gt;&gt; lsof_4.57D.freebsd.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
+&gt;&gt; Attempting to fetch from ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/.
+===&gt; Extracting for lsof-4.57
+...
+[extraction output snipped]
+...
+&gt;&gt; Checksum OK for lsof_4.57D.freebsd.tar.gz.
+===&gt; Patching for lsof-4.57
+===&gt; Applying FreeBSD patches for lsof-4.57
+===&gt; Configuring for lsof-4.57
+...
+[configure output snipped]
+...
+===&gt; Building for lsof-4.57
+...
+[compilation output snipped]
+...
+&prompt.root;</screen>
+
+ <para>Notice that once the compile is complete you are
+ returned to your prompt. The next step is to install the
+ port. In order to install it, you simply need to tack one word
+ onto the <command>make</command> command, and that word is
+ <command>install</command>:</para>
+
+ <screen>&prompt.root; <userinput>make install</userinput>
+===&gt; Installing for lsof-4.57
+...
+[installation output snipped]
+...
+===&gt; Generating temporary packing list
+===&gt; Compressing manual pages for lsof-4.57
+===&gt; Registering installation for lsof-4.57
+===&gt; SECURITY NOTE:
+ This port has installed the following binaries which execute with
+ increased privileges.
+&prompt.root;</screen>
+
+ <para>Once you are returned to your prompt, you should be able to
+ run the application you just installed. Since
+ <command>lsof</command> is a
+ program that runs with increased privileges, a security
+ warning is shown. During the building and installation of
+ ports, you should take heed of any other warnings that
+ may appear.</para>
+
+ <para>It is a good idea to delete the working subdirectory,
+ which contains all the temporary files used during compilation.
+ Not only it consumes a valuable disk space, it would also cause
+ problems later when upgrading to the newer version of the port.</para>
+
+ <screen>&prompt.root; <userinput>make clean</userinput>
+===&gt; Cleaning for lsof-4.57
+&prompt.root;</screen>
+
+ <note>
+ <para>You can save an extra step by just running <command>make
+ install clean</command> instead of <command>make</command>,
+ <command>make install</command> and <command>make clean</command>
+ as three separate steps.</para>
+ </note>
+
+ <note>
+ <para>Some shells keep a cache of the commands that are
+ available in the directories listed in the
+ <envar>PATH</envar> environment variable, to speed up
+ lookup operations for the executable file of these
+ commands. If you are using one of these shells, you might
+ have to use the <command>rehash</command> command after
+ installing a port, before the newly installed commands can
+ be used. This command will work for shells like
+ <command>tcsh</command>. Use the <command>hash -r</command>
+ command for shells like <command>sh</command>. Look at the
+ documentation for your shell for more information.</para>
+ </note>
+
+ <para>Some third party DVD-ROM products such as the FreeBSD Toolkit
+ from the <ulink url="http://www.freebsdmall.com/">FreeBSD
+ Mall</ulink> contain distfiles. They can be used with the Ports
+ Collection. Mount the DVD-ROM on <filename>/cdrom</filename>. If
+ you use a different mount point, set <makevar>CD_MOUNTPTS</makevar>
+ make variable. The needed distfiles will be automatically used
+ if they are present on the disk.</para>
+
+ <note>
+ <para>Please be aware that the licenses of a few ports do
+ not allow for inclusion on the CD-ROM. This could be
+ because a registration form needs to be filled out before
+ downloading or redistribution is not allowed, or for
+ another reason. If you wish to install a port not
+ included on the CD-ROM, you will need to be online in
+ order to do so.</para>
+ </note>
+
+ <para>The ports system uses &man.fetch.1; to download the
+ files, which honors various environment variables, including
+ <envar>FTP_PASSIVE_MODE</envar>, <envar>FTP_PROXY</envar>,
+ and <envar>FTP_PASSWORD</envar>. You may need to set one or
+ more of these if you are behind a firewall, or need to use
+ an FTP/HTTP proxy. See &man.fetch.3; for the complete
+ list.</para>
+
+ <para>For users which cannot be connected all the time, the
+ <command>make <maketarget>fetch</maketarget></command> option is
+ provided. Just run this command at the top level directory
+ (<filename>/usr/ports</filename>) and the required files
+ will be downloaded for you. This command will also work in
+ the lower level categories, for example:
+ <filename>/usr/ports/net</filename>.
+ Note that if a port depends on libraries or other ports this will
+ <emphasis>not</emphasis> fetch the distfiles of those ports too.
+ Replace <maketarget>fetch</maketarget> with
+ <maketarget>fetch-recursive</maketarget>
+ if you want to fetch all the dependencies of a port too.</para>
+
+ <note><para>You can build all the ports in a category or as a
+ whole by running <command>make</command> in the top level
+ directory, just like the aforementioned <command>make
+ <makevar>fetch</makevar></command> method. This is
+ dangerous, however, as some ports cannot co-exist. In other
+ cases, some ports can install two different files with the
+ same filename.</para></note>
+
+ <para>In some rare cases, users may need to acquire the
+ tarballs from a site other than the
+ <makevar>MASTER_SITES</makevar> (the location where files
+ are downloaded from). You can override the
+ <makevar>MASTER_SITES</makevar> option with the following
+ command:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/<replaceable>directory</replaceable></userinput>
+&prompt.root; <userinput>make MASTER_SITE_OVERRIDE= \
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ fetch</userinput></screen>
+
+ <para>In this example we change the
+ <makevar>MASTER_SITES</makevar> option to <hostid
+ role="fqdn">ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/</hostid>.</para>
+
+ <note><para>Some ports allow (or even require) you to provide
+ build options which can enable/disable parts of the
+ application which are unneeded, certain security options,
+ and other customizations. A few which come to mind are
+ <filename role="package">www/mozilla</filename>, <filename
+ role="package">security/gpgme</filename>, and <filename
+ role="package">mail/sylpheed-claws</filename>. A message
+ will be displayed when options such as these are
+ available.</para></note>
+
+ <sect3>
+ <title>Overriding the Default Ports Directories</title>
+
+ <para>Sometimes it is useful (or mandatory) to use a different
+ distfiles and ports directory. The
+ <makevar>PORTSDIR</makevar> and <makevar>PREFIX</makevar>
+ variables can override the default directories. For
+ example:</para>
+
+ <screen>&prompt.root; <userinput>make PORTSDIR=/usr/home/example/ports install</userinput></screen>
+
+ <para>will compile the port in
+ <filename>/usr/home/example/ports</filename> and install
+ everything under <filename>/usr/local</filename>.</para>
+
+ <screen>&prompt.root; <userinput>make PREFIX=/usr/home/example/local install</userinput></screen>
+
+ <para>will compile it in <filename>/usr/ports</filename> and
+ install it in
+ <filename>/usr/home/example/local</filename>.</para>
+
+ <para>And of course,</para>
+
+ <screen>&prompt.root; <userinput>make PORTSDIR=../ports PREFIX=../local install</userinput></screen>
+
+ <para>will combine the two (it is too long to completely write
+ on this page, but it should give you the general
+ idea).</para>
+
+ <para>Alternatively, these variables can also be set as part
+ of your environment. Read the manual page for your shell
+ for instructions on doing so.</para>
+ </sect3>
+
+ <sect3>
+ <title>Dealing with <command>imake</command></title>
+
+ <para>Some ports that use <command>imake</command> (a part of
+ the X Window System) do not work well with
+ <makevar>PREFIX</makevar>, and will insist on installing
+ under <filename>/usr/X11R6</filename>. Similarly, some Perl
+ ports ignore <makevar>PREFIX</makevar> and install in the
+ Perl tree. Making these ports respect
+ <makevar>PREFIX</makevar> is a difficult or impossible
+ job.</para>
+
+ </sect3>
+ </sect2>
+
+ <sect2 id="ports-removing">
+ <title>Removing Installed Ports</title>
+
+ <indexterm>
+ <primary>ports</primary>
+ <secondary>removing</secondary>
+ </indexterm>
+ <para>Now that you know how to install ports, you are probably
+ wondering how to remove them, just in case you install one and
+ later on decide that you installed the wrong port.
+ We will remove our previous example (which was
+ <command>lsof</command> for
+ those of you not paying attention). Ports are being removed exactly
+ the same as the packages (discussed in the <link
+ linkend="packages-using">Packages section</link>), using the
+ &man.pkg.delete.1; command:</para>
+
+ <screen>&prompt.root; <userinput>pkg_delete lsof-4.57</userinput></screen>
+
+ </sect2>
+
+ <sect2 id="ports-upgrading">
+ <title>Upgrading Ports</title>
+
+ <indexterm>
+ <primary>ports</primary>
+ <secondary>upgrading</secondary>
+ </indexterm>
+ <para>First, list outdated ports that have a newer version available in
+ the Ports Collection with the &man.pkg.version.1; command:</para>
+
+ <screen>&prompt.root; <userinput>pkg_version -v</userinput></screen>
+
+ <note>
+ <para>Once you updated your Ports Collection, before
+ attempting a port upgrade, you should check the
+ <filename>/usr/ports/UPDATING</filename> file. This file
+ describes various issues and additional steps users may
+ encounter and need to perform when updating a port.</para>
+ </note>
+
+ <sect3 id="portupgrade">
+ <title>Upgrading Ports using Portupgrade</title>
+
+ <indexterm>
+ <primary>portupgrade</primary>
+ </indexterm>
+
+ <para>The <application>portupgrade</application> utility is designed
+ to easily upgrade installed ports. It is available from the <filename
+ role="package">sysutils/portupgrade</filename> port. Install it like
+ any other port, using the <command>make <makevar>install
+ clean</makevar></command> command:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/sysutils/portupgrade</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>Scan the list of installed ports with the <command>pkgdb
+ -F</command> command and fix all the inconsistencies it reports. It is
+ a good idea to do this regularly, before every upgrade.</para>
+
+ <para>When you run <command>portupgrade -a</command>,
+ <application>portupgrade</application> will begin to upgrade all the
+ outdated ports installed on your system. Use the <option>-i</option>
+ flag if you want to be asked for confirmation of every individual
+ upgrade.</para>
+
+ <screen>&prompt.root; <userinput>portupgrade -ai</userinput></screen>
+
+ <para>If you want to upgrade only a
+ certain application, not all available ports, use <command>portupgrade
+ <replaceable>pkgname</replaceable></command>. Include the
+ <option>-R</option> flag if <application>portupgrade</application>
+ should first upgrade all the ports required by the given
+ application.</para>
+
+ <screen>&prompt.root; <userinput>portupgrade -R firefox</userinput></screen>
+
+ <para>To use packages instead of ports for installation, provide
+ <option>-P</option> flag. With this option
+ <application>portupgrade</application> searches
+ the local directories listed in <envar>PKG_PATH</envar>, or
+ fetches packages from remote site if it is not found locally.
+ If packages can not be found locally or fetched remotely,
+ <application>portupgrade</application> will use ports.
+ To avoid using ports, specify <option>-PP</option>.</para>
+
+ <screen>&prompt.root; <userinput>portupgrade -PR gnome2</userinput></screen>
+
+ <para>To just fetch distfiles (or packages, if
+ <option>-P</option> is specified) without building or
+ installing anything, use <option>-F</option>.
+ For further information see &man.portupgrade.1;.</para>
+ </sect3>
+
+ <sect3 id="portmanager">
+ <title>Upgrading Ports using Portmanager</title>
+
+ <indexterm>
+ <primary>portmanager</primary>
+ </indexterm>
+
+ <para><application>Portmanager</application> is another utility for
+ easy upgrading of installed ports. It is available from the
+ <filename role="package">sysutils/portmanager</filename> port:</para>
+
+ <screen>&prompt.root; <userinput>cd <filename role="directory">/usr/ports/sysutils/portmanager</filename></userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>All the installed ports can be upgraded using this simple
+ command:</para>
+
+ <screen>&prompt.root; <userinput>portmanager -u</userinput></screen>
+
+ <para>You can add the <option>-ui</option> flag to get asked for
+ confirmation of every step <application>Portmanager</application>
+ will perform. <application>Portmanager</application> can also be
+ used to install new ports on the system. Unlike the usual
+ <command>make install clean</command> command, it will upgrade all
+ the dependencies prior to building and installing the
+ selected port.</para>
+
+ <screen>&prompt.root; <userinput>portmanager <replaceable>x11/gnome2</replaceable></userinput></screen>
+
+ <para>If there are any problems regarding the dependencies for the
+ selected port, you can use <application>Portmanager</application> to
+ rebuild all of them in the correct order. Once finished, the
+ problematic port will be rebuilt too.</para>
+
+ <screen>&prompt.root; <userinput>portmanager <replaceable>graphics/gimp</replaceable> -f</userinput></screen>
+
+ <para>For more information see
+ <application>Portmanager</application>'s manual page.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="ports-disk-space">
+ <title>Ports and Disk Space</title>
+
+ <indexterm>
+ <primary>ports</primary>
+ <secondary>disk-space</secondary>
+ </indexterm>
+ <para>Using the Ports Collection will use up disk
+ space over time. After building and installing software from the
+ ports, you should always remember to clean up
+ the temporary <filename class="directory">work</filename> directories using the <command>make
+ <makevar>clean</makevar></command> command. You can sweep the whole
+ Ports Collection with the following command:</para>
+
+ <screen>&prompt.root; <userinput>portsclean -C</userinput></screen>
+
+ <para>You will accumulate a lot of old source distribution files in the
+ <filename class="directory">distfiles</filename> directory over time.
+ You can remove them by hand, or you can use the following command to
+ delete all the distfiles that are no longer referenced by any
+ ports:</para>
+
+ <screen>&prompt.root; <userinput>portsclean -D</userinput></screen>
+
+ <note>
+ <para>The <command>portsclean</command> utility is part of the
+ <application>portupgrade</application> suite.</para>
+ </note>
+
+ <para>Do not forget to remove the installed ports once you no longer need
+ them. A nice tool to help automate this task is available from the
+ <filename role="package">sysutils/pkg_cutleaves</filename> port.</para>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="ports-nextsteps">
+ <title>Post-installation Activities</title>
+
+ <para>After installing a new application you will normally want to
+ read any documentation it may have included, edit any
+ configuration files that are required, ensure that the
+ application starts at boot time (if it is a daemon), and so
+ on.</para>
+
+ <para>The exact steps you need to take to configure each
+ application will obviously be different. However, if you have
+ just installed a new application and are wondering <quote>What
+ now?</quote> these tips might help:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Use &man.pkg.info.1; to find out which files were installed,
+ and where. For example, if you have just
+ installed FooPackage version 1.0.0, then this command</para>
+
+ <screen>&prompt.root; <userinput>pkg_info -L foopackage-1.0.0 | less</userinput></screen>
+
+ <para>will show all the files installed by the package. Pay
+ special attention to files in <filename>man/</filename>
+ directories, which will be manual pages,
+ <filename>etc/</filename> directories, which will be
+ configuration files, and <filename>doc/</filename>, which
+ will be more comprehensive documentation.</para>
+
+ <para>If you are not sure which version of the application was
+ just installed, a command like this</para>
+
+ <screen>&prompt.root; <userinput>pkg_info | grep -i <replaceable>foopackage</replaceable></userinput></screen>
+
+ <para>will find all the installed packages that have
+ <replaceable>foopackage</replaceable> in the package name.
+ Replace <replaceable>foopackage</replaceable> in your
+ command line as necessary.</para>
+ </listitem>
+
+ <listitem>
+ <para>Once you have identified where the application's manual
+ pages have been installed, review them using &man.man.1;.
+ Similarly, look over the sample configuration files, and any
+ additional documentation that may have been provided.</para>
+ </listitem>
+
+ <listitem>
+ <para>If the application has a web site, check it for
+ additional documentation, frequently asked questions, and so
+ forth. If you are not sure of the web site address it may
+ be listed in the output from</para>
+
+ <screen>&prompt.root; <userinput>pkg_info <replaceable>foopackage-1.0.0</replaceable></userinput></screen>
+
+ <para>A <literal>WWW:</literal> line, if present, should provide a URL
+ for the application's web site.</para>
+ </listitem>
+
+ <listitem>
+ <para>Ports that should start at boot (such as Internet
+ servers) will usually install a sample script in
+ <filename>/usr/local/etc/rc.d</filename>. You should
+ review this script for correctness and edit or rename it if
+ needed. See <link
+ linkend="configtuning-starting-services">Starting
+ Services</link> for more information.</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="ports-broken">
+ <title>Dealing with Broken Ports</title>
+
+ <para>If you come across a port that does not work for you,
+ there are a few things you can do, including:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Find out if there is a fix pending for the port in
+ the <ulink url="&url.base;/support.html#gnats">Problem Report
+ database</ulink>. If so, you may be able to use the
+ proposed fix.</para>
+ </listitem>
+
+ <listitem>
+ <para>Ask the maintainer of the port for help. Type
+ <command>make maintainer</command> or read the
+ <filename>Makefile</filename> to find the maintainer's
+ email address. Remember to include the name and version
+ of the port (send the <literal>&dollar;FreeBSD:</literal>
+ line from the <filename>Makefile</filename>) and the
+ output leading up to the error when you email the
+ maintainer.</para>
+
+ <note>
+ <para>Some ports are not maintained by an individual but
+ instead by a <ulink
+ url="&url.articles.mailing-list-faq;/article.html">mailing
+ list</ulink>. Many, but not all, of these addresses look like
+ <email role="nolink">freebsd-listname@FreeBSD.org</email>. Please
+ take this into account when phrasing your questions.</para>
+
+ <para>In particular, ports shown as maintained by
+ <email role="nolink">freebsd-ports@FreeBSD.org</email> are
+ actually not maintained by anyone. Fixes and support, if
+ any, come from the general community who subscribe to that
+ mailing list. More volunteers are always needed!</para>
+ </note>
+
+ <para>If you do not get a response,
+ you can use &man.send-pr.1; to submit a bug
+ report (see <ulink
+ url="&url.articles.problem-reports;/article.html">Writing
+ FreeBSD Problem Reports</ulink>).</para>
+ </listitem>
+
+ <listitem>
+ <para>Fix it! The <ulink
+ url="&url.books.porters-handbook;/index.html">Porter's
+ Handbook</ulink> includes detailed information on the
+ <quote>Ports</quote> infrastructure so that you can fix the occasional
+ broken port or even submit your own!</para>
+ </listitem>
+
+ <listitem>
+ <para>Grab the package from an FTP site near you. The
+ <quote>master</quote> package collection is on <hostid
+ role="fqdn">ftp.FreeBSD.org</hostid> in the <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/packages/">packages
+ directory</ulink>, but be sure to check your <ulink
+ url="http://mirrorlist.FreeBSD.org/">local mirror</ulink>
+ <emphasis>first</emphasis>! These are more likely to work
+ than trying to compile from source and are a lot faster as
+ well. Use the &man.pkg.add.1; program to install the
+ package on your system.</para>
+ </listitem>
+ </orderedlist>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/ppp-and-slip/Makefile b/zh_TW.Big5/books/handbook/ppp-and-slip/Makefile
new file mode 100644
index 0000000000..1a44fcbd0c
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/ppp-and-slip/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= ppp-and-slip/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.sgml b/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.sgml
new file mode 100644
index 0000000000..6b0fe2eafe
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.sgml
@@ -0,0 +1,3234 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="ppp-and-slip">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Restructured, reorganized, and updated by </contrib>
+ <!-- 1 Mar 2000 -->
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>PPP and SLIP</title>
+
+ <sect1 id="ppp-and-slip-synopsis">
+ <title>Synopsis</title>
+ <indexterm id="ppp-ppp">
+ <primary>PPP</primary>
+ </indexterm>
+ <indexterm id="ppp-slip">
+ <primary>SLIP</primary>
+ </indexterm>
+
+ <para>FreeBSD has a number of ways to link one computer to
+ another. To establish a network or Internet connection through a
+ dial-up modem, or to allow others to do so through you, requires
+ the use of PPP or SLIP. This chapter describes setting up
+ these modem-based communication services in detail.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to set up user PPP.</para>
+ </listitem>
+ <listitem>
+ <para>How to set up kernel PPP.</para>
+ </listitem>
+ <listitem>
+ <para>How to set up <acronym>PPPoE</acronym> (PPP over
+ Ethernet).</para>
+ </listitem>
+ <listitem>
+ <para>How to set up <acronym>PPPoA</acronym> (PPP over
+ ATM).</para>
+ </listitem>
+ <listitem>
+ <para>How to configure and set up a SLIP client and
+ server.</para>
+ </listitem>
+ </itemizedlist>
+
+ <indexterm id="ppp-ppp-user">
+ <primary>PPP</primary>
+ <secondary>user PPP</secondary>
+ </indexterm>
+ <indexterm id="ppp-ppp-kernel">
+ <primary>PPP</primary>
+ <secondary>kernel PPP</secondary>
+ </indexterm>
+ <indexterm id="ppp-ppp-ethernet">
+ <primary>PPP</primary>
+ <secondary>over Ethernet</secondary>
+ </indexterm>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Be familiar with basic network terminology.</para>
+ </listitem>
+ <listitem>
+ <para>Understand the basics and purpose of a dialup connection
+ and PPP and/or SLIP.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>You may be wondering what the main difference is between user
+ PPP and kernel PPP. The answer is simple: user PPP processes the
+ inbound and outbound data in userland rather than in the kernel.
+ This is expensive in terms of copying the data between the kernel
+ and userland, but allows a far more feature-rich PPP implementation.
+ User PPP uses the <devicename>tun</devicename> device to communicate
+ with the outside world whereas kernel PPP uses the
+ <devicename>ppp</devicename> device.</para>
+
+ <note>
+ <para>Throughout in this chapter, user PPP will simply be
+ referred to as <application>ppp</application> unless a distinction needs to be made between it
+ and any other PPP software such as <application>pppd</application>.
+ Unless otherwise stated, all of the commands explained in this
+ chapter should be executed as <username>root</username>.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="userppp">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Updated and enhanced by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Brian</firstname>
+ <surname>Somers</surname>
+ <contrib>Originally contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Nik</firstname>
+ <surname>Clayton</surname>
+ <contrib>With input from </contrib>
+ </author>
+ <author>
+ <firstname>Dirk</firstname>
+ <surname>Fr&ouml;mberg</surname>
+ </author>
+ <author>
+ <firstname>Peter</firstname>
+ <surname>Childs</surname>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Using User PPP</title>
+
+ <sect2>
+ <title>User PPP</title>
+
+ <sect3>
+ <title>Assumptions</title>
+
+ <para>This document assumes you have the following:</para>
+
+ <itemizedlist>
+ <indexterm id="ppp-isp">
+ <primary>ISP</primary>
+ </indexterm>
+ <indexterm id="ppp-ppp2">
+ <primary>PPP</primary>
+ </indexterm>
+ <listitem>
+ <para>An account with an Internet Service Provider (ISP) which
+ you connect to using PPP.</para>
+ </listitem>
+
+ <listitem>
+ <para>You have a modem or
+ other device connected to your system and configured
+ correctly which allows you to connect to your ISP.</para>
+ </listitem>
+
+ <listitem>
+ <para>The dial-up number(s) of your ISP.</para>
+ </listitem>
+
+ <indexterm id="ppp-pap">
+ <primary>PAP</primary>
+ </indexterm>
+ <indexterm id="ppp-chap">
+ <primary>CHAP</primary>
+ </indexterm>
+ <indexterm id="ppp-unix">
+ <primary>UNIX</primary>
+ </indexterm>
+ <indexterm id="ppp-login">
+ <primary>login name</primary>
+ </indexterm>
+ <indexterm id="ppp-password">
+ <primary>password</primary>
+ </indexterm>
+ <listitem>
+ <para>Your login name and password. (Either a
+ regular &unix; style login and password pair, or a PAP or CHAP
+ login and password pair.)</para>
+ </listitem>
+
+ <indexterm id="ppp-nameserver">
+ <primary>nameserver</primary>
+ </indexterm>
+ <listitem>
+ <para>The IP address of one or more name servers.
+ Normally, you will be given two IP addresses by your ISP to
+ use for this. If they have not given you at least one, then
+ you can use the <command>enable dns</command> command in
+ <filename>ppp.conf</filename> and
+ <application>ppp</application> will set the name servers for
+ you. This feature depends on your ISPs PPP implementation
+ supporting DNS negotiation.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following information may be supplied by your ISP, but
+ is not completely necessary:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The IP address of your ISP's gateway. The gateway is
+ the machine to which you will connect and will be set up as
+ your <emphasis>default route</emphasis>. If you do not have
+ this information, we can make one up and your ISP's PPP
+ server will tell us the correct value when we connect.</para>
+
+ <para>This IP number is referred to as
+ <literal>HISADDR</literal> by
+ <application>ppp</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The netmask you should use. If your ISP has not
+ provided you with one, you can safely use <hostid
+ role="netmask">255.255.255.255</hostid>.</para>
+ </listitem>
+
+ <indexterm id="ppp-static-ip">
+ <primary>static IP address</primary>
+ </indexterm>
+ <listitem>
+ <para>If your ISP provides you with a static IP address and
+ hostname, you can enter it. Otherwise, we simply let the
+ peer assign whatever IP address it sees fit.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you do not have any of the required information, contact
+ your ISP.</para>
+
+ <note>
+ <para>Throughout this section, many of the examples showing
+ the contents of configuration files are numbered by line.
+ These numbers serve to aid in the presentation and
+ discussion only and are not meant to be placed in the actual
+ file. Proper indentation with tab and space characters is
+ also important.</para>
+ </note>
+
+ </sect3>
+
+ <sect3>
+ <title>Creating PPP Device Nodes</title>
+ <indexterm><primary>PPP</primary><secondary>creating device nodes</secondary></indexterm>
+
+ <para>Under normal circumstances, most users will only need
+ one <devicename>tun</devicename> device
+ (<filename>/dev/tun0</filename>). References to
+ <devicename>tun0</devicename> below may be changed to
+ <devicename>tun<replaceable>N</replaceable></devicename>
+ where <replaceable>N</replaceable> is any unit number
+ corresponding to your system.</para>
+
+ <para>For FreeBSD installations that do not have &man.devfs.5; enabled
+ (FreeBSD&nbsp;4.X and earlier), the existence of the
+ <devicename>tun0</devicename> device should be verified (this is not
+ necessary if &man.devfs.5; is enabled as device nodes will be created
+ on demand).</para>
+
+ <para>The easiest way to make sure that the
+ <devicename>tun0</devicename> device is configured correctly
+ is to remake the device. To remake the device, do the
+ following:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>sh MAKEDEV tun0</userinput></screen>
+
+ <para>If you need 16 tunnel devices in your kernel, you will need
+ to create them. This can be done by executing the following
+ commands:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>sh MAKEDEV tun15</userinput></screen>
+ </sect3>
+
+ <sect3>
+ <title>Automatic <application>PPP</application> Configuration</title>
+
+ <indexterm><primary>PPP</primary><secondary>configuration</secondary></indexterm>
+ <para>Both <command>ppp</command> and <command>pppd</command>
+ (the kernel level implementation of PPP) use the configuration
+ files located in the <filename>/etc/ppp</filename> directory.
+ Examples for user ppp can be found in
+ <filename>/usr/share/examples/ppp/</filename>.</para>
+
+ <para>Configuring <command>ppp</command> requires that you edit a
+ number of files, depending on your requirements. What you put
+ in them depends to some extent on whether your ISP allocates IP
+ addresses statically (i.e., you get given one IP address, and
+ always use that one) or dynamically (i.e., your IP address
+ changes each time you connect to your ISP).</para>
+
+ <sect4 id="userppp-staticIP">
+ <title>PPP and Static IP Addresses</title>
+
+ <indexterm><primary>PPP</primary><secondary>with static IP addresses</secondary></indexterm>
+ <para>You will need to edit the
+ <filename>/etc/ppp/ppp.conf</filename> configuration file. It
+ should look similar to the example below.</para>
+
+ <note>
+ <para>Lines that end in a <literal>:</literal> start in
+ the first column (beginning of the line)&mdash; all other
+ lines should be indented as shown using spaces or
+ tabs.</para>
+ </note>
+
+ <programlisting>1 default:
+2 set log Phase Chat LCP IPCP CCP tun command
+3 ident user-ppp VERSION (built COMPILATIONDATE)
+4 set device /dev/cuaa0
+5 set speed 115200
+6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
+7 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
+8 set timeout 180
+9 enable dns
+10
+11 provider:
+12 set phone "(123) 456 7890"
+13 set authname foo
+14 set authkey bar
+15 set login "TIMEOUT 10 \"\" \"\" gin:--gin: \\U word: \\P col: ppp"
+16 set timeout 300
+17 set ifaddr <replaceable>x.x.x.x</replaceable> <replaceable>y.y.y.y</replaceable> 255.255.255.255 0.0.0.0
+18 add default HISADDR</programlisting>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 1:</term>
+
+ <listitem>
+ <para>Identifies the default entry. Commands in this
+ entry are executed automatically when ppp is run.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 2:</term>
+
+ <listitem>
+ <para>Enables logging parameters. When the configuration
+ is working satisfactorily, this line should be reduced
+ to saying
+
+ <programlisting>set log phase tun</programlisting>
+
+ in order to avoid excessive log file sizes.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 3:</term>
+
+ <listitem>
+ <para>Tells PPP how to identify itself to the peer.
+ PPP identifies itself to the peer if it has any trouble
+ negotiating and setting up the link, providing information
+ that the peers administrator may find useful when
+ investigating such problems.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 4:</term>
+
+ <listitem>
+ <para>Identifies the device to which the modem is
+ connected. <devicename>COM1</devicename> is
+ <filename>/dev/cuaa0</filename> and
+ <devicename>COM2</devicename> is
+ <filename>/dev/cuaa1</filename>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 5:</term>
+
+ <listitem>
+ <para>Sets the speed you want to connect at. If 115200
+ does not work (it should with any reasonably new modem),
+ try 38400 instead.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 6 & 7:</term>
+
+ <indexterm><primary>PPP</primary><secondary>user PPP</secondary></indexterm>
+ <listitem>
+ <para>The dial string. User PPP uses an expect-send
+ syntax similar to the &man.chat.8; program. Refer to
+ the manual page for information on the features of this
+ language.</para>
+
+ <para>Note that this command continues onto the next line
+ for readability. Any command in
+ <filename>ppp.conf</filename> may do this if the last
+ character on the line is a ``\'' character.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 8:</term>
+
+ <listitem>
+ <para>Sets the idle timeout for the link. 180 seconds
+ is the default, so this line is purely cosmetic.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 9:</term>
+
+ <listitem>
+ <para>Tells PPP to ask the peer to confirm the local
+ resolver settings. If you run a local name server, this
+ line should be commented out or removed.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 10:</term>
+
+ <listitem>
+ <para>A blank line for readability. Blank lines are ignored
+ by PPP.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 11:</term>
+
+ <listitem>
+ <para>Identifies an entry for a provider called
+ <quote>provider</quote>. This could be changed
+ to the name of your <acronym>ISP</acronym> so
+ that later you can use the <option>load ISP</option>
+ to start the connection.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 12:</term>
+
+ <listitem>
+ <para>Sets the phone number for this provider. Multiple
+ phone numbers may be specified using the colon
+ (<literal>:</literal>) or pipe character
+ (<literal>|</literal>)as a separator. The difference
+ between the two separators is described in &man.ppp.8;.
+ To summarize, if you want to rotate through the numbers,
+ use a colon. If you want to always attempt to dial the
+ first number first and only use the other numbers if the
+ first number fails, use the pipe character. Always
+ quote the entire set of phone numbers as shown.</para>
+
+ <para>You must enclose the phone number in quotation marks
+ (<literal>"</literal>) if there is any intention on using
+ spaces in the phone number. This can cause a simple, yet
+ subtle error.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 13 & 14:</term>
+
+ <listitem>
+ <para>Identifies the user name and password. When
+ connecting using a &unix; style login prompt, these
+ values are referred to by the <command>set
+ login</command> command using the \U and \P
+ variables. When connecting using PAP or CHAP, these
+ values are used at authentication time.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 15:</term>
+
+ <listitem>
+ <indexterm><primary>PAP</primary></indexterm>
+ <indexterm><primary>CHAP</primary></indexterm>
+ <para>If you are using PAP or CHAP, there will be no login
+ at this point, and this line should be commented out or
+ removed. See <link linkend="userppp-PAPnCHAP">PAP and CHAP
+ authentication</link> for further details.</para>
+
+ <para>The login string is of the same chat-like syntax as
+ the dial string. In this example, the string works for
+ a service whose login session looks like this:</para>
+
+ <screen>J. Random Provider
+login: <replaceable>foo</replaceable>
+password: <replaceable>bar</replaceable>
+protocol: ppp</screen>
+
+ <para>You will need to alter this script to suit your
+ own needs. When you write this script for the first
+ time, you should ensure that you have enabled
+ <quote>chat</quote> logging so you can determine if
+ the conversation is going as expected.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 16:</term>
+
+ <indexterm><primary>timeout</primary></indexterm>
+ <listitem>
+ <para>Sets the default idle timeout (in seconds) for the
+ connection. Here, the connection will be closed
+ automatically after 300 seconds of inactivity. If you
+ never want to timeout, set this value to zero or use
+ the <option>-ddial</option> command line switch.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 17:</term>
+ <indexterm><primary>ISP</primary></indexterm>
+ <listitem>
+ <para>Sets the interface addresses. The string
+ <replaceable>x.x.x.x</replaceable> should be
+ replaced by the IP address that your provider has
+ allocated to you. The string
+ <replaceable>y.y.y.y</replaceable> should be
+ replaced by the IP address that your ISP indicated
+ for their gateway (the machine to which you
+ connect). If your ISP has not given you a gateway
+ address, use <hostid
+ role="netmask">10.0.0.2/0</hostid>. If you need to
+ use a <quote>guessed</quote> address, make sure that
+ you create an entry in
+ <filename>/etc/ppp/ppp.linkup</filename> as per the
+ instructions for <link
+ linkend="userppp-dynamicIP">PPP and Dynamic IP
+ addresses</link>. If this line is omitted,
+ <command>ppp</command> cannot run in
+ <option>-auto</option> mode.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 18:</term>
+
+ <listitem>
+ <para>Adds a default route to your ISP's gateway. The
+ special word <literal>HISADDR</literal> is replaced with
+ the gateway address specified on line 17. It is
+ important that this line appears after line 17,
+ otherwise <literal>HISADDR</literal> will not yet be
+ initialized.</para>
+
+ <para>If you do not wish to run ppp in <option>-auto</option>,
+ this line should be moved to the
+ <filename>ppp.linkup</filename> file.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>It is not necessary to add an entry to
+ <filename>ppp.linkup</filename> when you have a static IP
+ address and are running ppp in <option>-auto</option> mode as your
+ routing table entries are already correct before you connect.
+ You may however wish to create an entry to invoke programs after
+ connection. This is explained later with the sendmail
+ example.</para>
+
+ <para>Example configuration files can be found in the
+ <filename>/usr/share/examples/ppp/</filename> directory.</para>
+ </sect4>
+
+ <sect4 id="userppp-dynamicIP">
+ <title>PPP and Dynamic IP Addresses</title>
+ <indexterm><primary>PPP</primary><secondary>with dynamic IP addresses</secondary></indexterm>
+ <indexterm><primary>IPCP</primary></indexterm>
+ <para>If your service provider does not assign static IP
+ addresses, <command>ppp</command> can be configured to
+ negotiate the local and remote addresses. This is done by
+ <quote>guessing</quote> an IP address and allowing
+ <command>ppp</command> to set it up correctly using the IP
+ Configuration Protocol (IPCP) after connecting. The
+ <filename>ppp.conf</filename> configuration is the same as
+ <link linkend="userppp-staticIP">PPP and Static IP
+ Addresses</link>, with the following change:</para>
+
+ <programlisting>17 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255</programlisting>
+
+ <para>Again, do not include the line number, it is just for
+ reference. Indentation of at least one space is
+ required.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 17:</term>
+
+ <listitem>
+ <para>The number after the <literal>/</literal> character
+ is the number of bits of the address that ppp will
+ insist on. You may wish to use IP numbers more
+ appropriate to your circumstances, but the above example
+ will always work.</para>
+
+ <para>The last argument (<literal>0.0.0.0</literal>) tells
+ PPP to start negotiations using address <hostid
+ role="ipaddr">0.0.0.0</hostid> rather than <hostid
+ role="ipaddr">10.0.0.1</hostid> and is necessary for some
+ ISPs. Do not use <literal>0.0.0.0</literal> as the first
+ argument to <command>set ifaddr</command> as it prevents
+ PPP from setting up an initial route in
+ <option>-auto</option> mode.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>If you are not running in <option>-auto</option> mode, you
+ will need to create an entry in
+ <filename>/etc/ppp/ppp.linkup</filename>.
+ <filename>ppp.linkup</filename> is used after a connection has
+ been established. At this point, <command>ppp</command> will
+ have assigned the interface addresses and it will now be
+ possible to add the routing table entries:</para>
+
+ <programlisting>1 provider:
+2 add default HISADDR</programlisting>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 1:</term>
+
+ <listitem>
+ <para>On establishing a connection,
+ <command>ppp</command> will look for an entry in
+ <filename>ppp.linkup</filename> according to the
+ following rules: First, try to match the same label
+ as we used in <filename>ppp.conf</filename>. If
+ that fails, look for an entry for the IP address of
+ our gateway. This entry is a four-octet IP style
+ label. If we still have not found an entry, look
+ for the <literal>MYADDR</literal> entry.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 2:</term>
+
+ <listitem>
+ <para>This line tells <command>ppp</command> to add a
+ default route that points to
+ <literal>HISADDR</literal>.
+ <literal>HISADDR</literal> will be replaced with the
+ IP number of the gateway as negotiated by the
+ IPCP.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>See the <literal>pmdemand</literal> entry in the files
+ <filename>/usr/share/examples/ppp/ppp.conf.sample</filename>
+ and
+ <filename>/usr/share/examples/ppp/ppp.linkup.sample</filename>
+ for a detailed example.</para>
+ </sect4>
+
+ <sect4>
+ <title>Receiving Incoming Calls</title>
+ <indexterm><primary>PPP</primary><secondary>receiving
+ incoming calls</secondary></indexterm>
+ <para>When you configure <application>ppp</application> to
+ receive incoming calls on a machine connected to a LAN, you
+ must decide if you wish to forward packets to the LAN. If you
+ do, you should allocate the peer an IP number from your LAN's
+ subnet, and use the command <command>enable proxy</command> in
+ your <filename>/etc/ppp/ppp.conf</filename> file. You should
+ also confirm that the <filename>/etc/rc.conf</filename> file
+ contains the following:</para>
+
+ <programlisting>gateway_enable="YES"</programlisting>
+ </sect4>
+
+ <sect4>
+ <title>Which getty?</title>
+
+ <para><link linkend="dialup">Configuring FreeBSD for Dial-up
+ Services</link> provides a good description on enabling
+ dial-up services using &man.getty.8;.</para>
+
+ <para>An alternative to <command>getty</command> is <ulink
+ url="http://www.leo.org/~doering/mgetty/index.html">mgetty</ulink>,
+ a smarter version of <command>getty</command> designed
+ with dial-up lines in mind.</para>
+
+ <para>The advantages of using <command>mgetty</command> is
+ that it actively <emphasis>talks</emphasis> to modems,
+ meaning if port is turned off in
+ <filename>/etc/ttys</filename> then your modem will not answer
+ the phone.</para>
+
+ <para>Later versions of <command>mgetty</command> (from
+ 0.99beta onwards) also support the automatic detection of
+ PPP streams, allowing your clients script-less access to
+ your server.</para>
+
+ <para>Refer to <link linkend="userppp-mgetty">Mgetty and
+ AutoPPP</link> for more information on
+ <command>mgetty</command>.</para>
+ </sect4>
+
+ <sect4>
+ <title><application>PPP</application> Permissions</title>
+
+ <para>The <command>ppp</command> command must normally be
+ run as the <username>root</username> user. If however,
+ you wish to allow <command>ppp</command> to run in
+ server mode as a normal user by executing
+ <command>ppp</command> as described below, that user
+ must be given permission to run <command>ppp</command>
+ by adding them to the <username>network</username> group
+ in <filename>/etc/group</filename>.</para>
+
+ <para>You will also need to give them access to one or more
+ sections of the configuration file using the
+ <command>allow</command> command:</para>
+
+ <programlisting>allow users fred mary</programlisting>
+
+ <para>If this command is used in the <literal>default</literal>
+ section, it gives the specified users access to
+ everything.</para>
+ </sect4>
+
+ <sect4>
+ <title>PPP Shells for Dynamic-IP Users</title>
+ <indexterm><primary>PPP shells</primary></indexterm>
+
+ <para>Create a file called
+ <filename>/etc/ppp/ppp-shell</filename> containing the
+ following:</para>
+
+ <programlisting>#!/bin/sh
+IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
+CALLEDAS="$IDENT"
+TTY=`tty`
+
+if [ x$IDENT = xdialup ]; then
+ IDENT=`basename $TTY`
+fi
+
+echo "PPP for $CALLEDAS on $TTY"
+echo "Starting PPP for $IDENT"
+
+exec /usr/sbin/ppp -direct $IDENT</programlisting>
+
+ <para>This script should be executable. Now make a symbolic
+ link called <filename>ppp-dialup</filename> to this script
+ using the following commands:</para>
+
+ <screen>&prompt.root; <userinput>ln -s ppp-shell /etc/ppp/ppp-dialup</userinput></screen>
+
+ <para>You should use this script as the
+ <emphasis>shell</emphasis> for all of your dialup users.
+ This is an example from <filename>/etc/passwd</filename>
+ for a dialup PPP user with username
+ <username>pchilds</username> (remember do not directly edit
+ the password file, use &man.vipw.8;).</para>
+
+ <programlisting>pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup</programlisting>
+
+ <para>Create a <filename>/home/ppp</filename> directory that
+ is world readable containing the following 0 byte
+ files:</para>
+
+ <screen>-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
+-r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts</screen>
+
+ <para>which prevents <filename>/etc/motd</filename> from being
+ displayed.</para>
+ </sect4>
+
+ <sect4>
+ <title>PPP Shells for Static-IP Users</title>
+ <indexterm><primary>PPP shells</primary></indexterm>
+
+ <para>Create the <filename>ppp-shell</filename> file as above,
+ and for each account with statically assigned IPs create a
+ symbolic link to <filename>ppp-shell</filename>.</para>
+
+ <para>For example, if you have three dialup customers,
+ <username>fred</username>, <username>sam</username>, and
+ <username>mary</username>, that you route class C networks
+ for, you would type the following:</para>
+
+ <screen>&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred</userinput>
+&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam</userinput>
+&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary</userinput></screen>
+
+ <para>Each of these users dialup accounts should have their
+ shell set to the symbolic link created above (for example,
+ <username>mary</username>'s shell should be
+ <filename>/etc/ppp/ppp-mary</filename>).</para>
+ </sect4>
+
+ <sect4>
+ <title>Setting Up <filename>ppp.conf</filename> for Dynamic-IP Users</title>
+
+ <para>The <filename>/etc/ppp/ppp.conf</filename> file should
+ contain something along the lines of:</para>
+
+ <programlisting>default:
+ set debug phase lcp chat
+ set timeout 0
+
+ttyd0:
+ set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
+ enable proxy
+
+ttyd1:
+ set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
+ enable proxy</programlisting>
+
+ <note>
+ <para>The indenting is important.</para>
+ </note>
+
+ <para>The <literal>default:</literal> section is loaded for
+ each session. For each dialup line enabled in
+ <filename>/etc/ttys</filename> create an entry similar to
+ the one for <literal>ttyd0:</literal> above. Each line
+ should get a unique IP address from your pool of IP
+ addresses for dynamic users.</para>
+ </sect4>
+
+ <sect4>
+ <title>Setting Up <filename>ppp.conf</filename> for Static-IP
+ Users</title>
+
+ <para>Along with the contents of the sample
+ <filename>/usr/share/examples/ppp/ppp.conf</filename>
+ above you should add a section for each of the
+ statically assigned dialup users. We will continue with
+ our <username>fred</username>, <username>sam</username>,
+ and <username>mary</username> example.</para>
+
+ <programlisting>fred:
+ set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
+
+sam:
+ set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
+
+mary:
+ set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255</programlisting>
+
+ <para>The file <filename>/etc/ppp/ppp.linkup</filename>
+ should also contain routing information for each static
+ IP user if required. The line below would add a route
+ for the <hostid role="ipaddr">203.14.101.0</hostid>
+ class C via the client's ppp link.</para>
+
+ <programlisting>fred:
+ add 203.14.101.0 netmask 255.255.255.0 HISADDR
+
+sam:
+ add 203.14.102.0 netmask 255.255.255.0 HISADDR
+
+mary:
+ add 203.14.103.0 netmask 255.255.255.0 HISADDR</programlisting>
+ </sect4>
+
+ <sect4 id="userppp-mgetty">
+ <title><command>mgetty</command> and AutoPPP</title>
+ <indexterm>
+ <primary><command>mgetty</command></primary>
+ </indexterm>
+ <indexterm><primary>AutoPPP</primary></indexterm>
+ <indexterm><primary>LCP</primary></indexterm>
+
+ <para>Configuring and compiling <command>mgetty</command>
+ with the <literal>AUTO_PPP</literal> option enabled
+ allows <command>mgetty</command> to detect the LCP phase
+ of PPP connections and automatically spawn off a ppp
+ shell. However, since the default login/password
+ sequence does not occur it is necessary to authenticate
+ users using either PAP or CHAP.</para>
+
+ <para>This section assumes the user has successfully
+ configured, compiled, and installed a version of
+ <command>mgetty</command> with the
+ <literal>AUTO_PPP</literal> option (v0.99beta or
+ later).</para>
+
+ <para>Make sure your
+ <filename>/usr/local/etc/mgetty+sendfax/login.config</filename>
+ file has the following in it:</para>
+
+ <programlisting>/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting>
+
+ <para>This will tell <command>mgetty</command> to run the
+ <filename>ppp-pap-dialup</filename> script for detected
+ PPP connections.</para>
+
+ <para>Create a file called
+ <filename>/etc/ppp/ppp-pap-dialup</filename> containing the
+ following (the file should be executable):</para>
+
+ <programlisting>#!/bin/sh
+exec /usr/sbin/ppp -direct pap$IDENT</programlisting>
+
+ <para>For each dialup line enabled in
+ <filename>/etc/ttys</filename>, create a corresponding entry
+ in <filename>/etc/ppp/ppp.conf</filename>. This will
+ happily co-exist with the definitions we created
+ above.</para>
+
+ <programlisting>pap:
+ enable pap
+ set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
+ enable proxy</programlisting>
+
+ <para>Each user logging in with this method will need to have
+ a username/password in
+ <filename>/etc/ppp/ppp.secret</filename> file, or
+ alternatively add the following option to authenticate users
+ via PAP from the <filename>/etc/passwd</filename> file.</para>
+
+ <programlisting>enable passwdauth</programlisting>
+
+ <para>If you wish to assign some users a static IP number,
+ you can specify the number as the third argument in
+ <filename>/etc/ppp/ppp.secret</filename>. See
+ <filename>/usr/share/examples/ppp/ppp.secret.sample</filename>
+ for examples.</para>
+ </sect4>
+
+ <sect4>
+ <title>MS Extensions</title>
+ <indexterm><primary>DNS</primary></indexterm>
+ <indexterm><primary>NetBIOS</primary></indexterm>
+ <indexterm><primary>PPP</primary><secondary>Microsoft extensions</secondary></indexterm>
+ <para>It is possible to configure PPP to supply DNS and
+ NetBIOS nameserver addresses on demand.</para>
+
+ <para>To enable these extensions with PPP version 1.x, the
+ following lines might be added to the relevant section of
+ <filename>/etc/ppp/ppp.conf</filename>.</para>
+
+ <programlisting>enable msext
+set ns 203.14.100.1 203.14.100.2
+set nbns 203.14.100.5</programlisting>
+
+ <para>And for PPP version 2 and above:</para>
+
+ <programlisting>accept dns
+set dns 203.14.100.1 203.14.100.2
+set nbns 203.14.100.5</programlisting>
+
+ <para>This will tell the clients the primary and secondary
+ name server addresses, and a NetBIOS nameserver host.</para>
+
+ <para>In version 2 and above, if the
+ <literal>set dns</literal> line is omitted, PPP will use the
+ values found in <filename>/etc/resolv.conf</filename>.</para>
+ </sect4>
+
+ <sect4 id="userppp-PAPnCHAP">
+ <title>PAP and CHAP Authentication</title>
+ <indexterm><primary>PAP</primary></indexterm>
+ <indexterm><primary>CHAP</primary></indexterm>
+ <para>Some ISPs set their system up so that the authentication
+ part of your connection is done using either of the PAP or
+ CHAP authentication mechanisms. If this is the case, your ISP
+ will not give a <prompt>login:</prompt> prompt when you
+ connect, but will start talking PPP immediately.</para>
+
+ <para>PAP is less secure than CHAP, but security is not normally
+ an issue here as passwords, although being sent as plain text
+ with PAP, are being transmitted down a serial line only.
+ There is not much room for crackers to
+ <quote>eavesdrop</quote>.</para>
+
+ <para>Referring back to the <link linkend="userppp-staticIP">PPP
+ and Static IP addresses</link> or <link
+ linkend="userppp-dynamicIP">PPP and Dynamic IP addresses</link>
+ sections, the following alterations must be made:</para>
+
+ <programlisting>13 set authname <replaceable>MyUserName</replaceable>
+14 set authkey <replaceable>MyPassword</replaceable>
+15 set login</programlisting>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 13:</term>
+
+ <listitem>
+ <para>This line specifies your PAP/CHAP user name. You
+ will need to insert the correct value for
+ <replaceable>MyUserName</replaceable>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 14:</term>
+ <indexterm><primary>password</primary></indexterm>
+ <listitem>
+ <para>This line specifies your PAP/CHAP password. You
+ will need to insert the correct value for
+ <replaceable>MyPassword</replaceable>. You may want to
+ add an additional line, such as:</para>
+
+ <programlisting>16 accept PAP</programlisting>
+
+ <para>or</para>
+
+ <programlisting>16 accept CHAP</programlisting>
+
+ <para>to make it obvious that this is the intention, but
+ PAP and CHAP are both accepted by default.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 15:</term>
+
+ <listitem>
+ <para>Your ISP will not normally require that you log into
+ the server if you are using PAP or CHAP. You must
+ therefore disable your <quote>set login</quote>
+ string.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect4>
+
+ <sect4>
+ <title>Changing Your <command>ppp</command> Configuration on the
+ Fly</title>
+
+ <para>It is possible to talk to the <command>ppp</command>
+ program while it is running in the background, but only if a
+ suitable diagnostic port has been set up. To do this, add the
+ following line to your configuration:</para>
+
+ <programlisting>set server /var/run/ppp-tun<replaceable>%d</replaceable> DiagnosticPassword 0177</programlisting>
+
+ <para>This will tell PPP to listen to the specified
+ &unix; domain socket, asking clients for the specified
+ password before allowing access. The
+ <literal>%d</literal> in the name is replaced with the
+ <devicename>tun</devicename> device number that is in
+ use.</para>
+
+ <para>Once a socket has been set up, the &man.pppctl.8;
+ program may be used in scripts that wish to manipulate the
+ running program.</para>
+ </sect4>
+ </sect3>
+
+ <sect3 id="userppp-nat">
+ <title>Using PPP Network Address Translation Capability</title>
+ <indexterm><primary>PPP</primary><secondary>NAT</secondary></indexterm>
+
+ <para>PPP has ability to use internal NAT without kernel diverting
+ capabilities. This functionality may be enabled by the following
+ line in <filename>/etc/ppp/ppp.conf</filename>:</para>
+
+ <programlisting>nat enable yes</programlisting>
+
+ <para>Alternatively, PPP NAT may be enabled by command-line
+ option <literal>-nat</literal>. There is also
+ <filename>/etc/rc.conf</filename> knob named
+ <literal>ppp_nat</literal>, which is enabled by default.</para>
+
+ <para>If you use this feature, you may also find useful
+ the following <filename>/etc/ppp/ppp.conf</filename> options
+ to enable incoming connections forwarding:</para>
+
+ <programlisting>nat port tcp 10.0.0.2:ftp ftp
+nat port tcp 10.0.0.2:http http</programlisting>
+
+ <para>or do not trust the outside at all</para>
+
+ <programlisting>nat deny_incoming yes</programlisting>
+ </sect3>
+
+ <sect3 id="userppp-final">
+ <title>Final System Configuration</title>
+ <indexterm><primary>PPP</primary><secondary>configuration</secondary></indexterm>
+
+ <para>You now have <command>ppp</command> configured, but there
+ are a few more things to do before it is ready to work. They
+ all involve editing the <filename>/etc/rc.conf</filename>
+ file.</para>
+
+ <para>Working from the top down in this file, make sure the
+ <literal>hostname=</literal> line is set, e.g.:</para>
+
+ <programlisting>hostname="foo.example.com"</programlisting>
+
+ <para>If your ISP has supplied you with a static IP address and
+ name, it is probably best that you use this name as your host
+ name.</para>
+
+ <para>Look for the <literal>network_interfaces</literal> variable.
+ If you want to configure your system to dial your ISP on demand,
+ make sure the <devicename>tun0</devicename> device is added to
+ the list, otherwise remove it.</para>
+
+ <programlisting>network_interfaces="lo0 tun0"
+ifconfig_tun0=</programlisting>
+
+ <note>
+ <para>The <literal>ifconfig_tun0</literal> variable should be
+ empty, and a file called
+ <filename>/etc/start_if.tun0</filename> should be created.
+ This file should contain the line:</para>
+
+ <programlisting>ppp -auto mysystem</programlisting>
+
+ <para>This script is executed at network configuration time,
+ starting your ppp daemon in automatic mode. If you have a LAN
+ for which this machine is a gateway, you may also wish to use
+ the <option>-alias</option> switch. Refer to the manual page
+ for further details.</para>
+ </note>
+
+ <para>Make sure that the router program is set to <literal>NO</literal> with
+ the following line in your
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>router_enable="NO"</programlisting>
+
+ <indexterm>
+ <primary><application>routed</application></primary>
+ </indexterm>
+ <para>It is important that the <command>routed</command> daemon is
+ not started, as
+ <command>routed</command> tends to delete the default routing
+ table entries created by <command>ppp</command>.</para>
+
+ <para>It is probably worth your while ensuring that the
+ <literal>sendmail_flags</literal> line does not include the
+ <option>-q</option> option, otherwise
+ <command>sendmail</command> will attempt to do a network lookup
+ every now and then, possibly causing your machine to dial out.
+ You may try:</para>
+
+ <programlisting>sendmail_flags="-bd"</programlisting>
+
+ <indexterm>
+ <primary><application>sendmail</application></primary>
+ </indexterm>
+ <para>The downside of this is that you must force
+ <command>sendmail</command> to re-examine the mail queue
+ whenever the ppp link is up by typing:</para>
+
+ <screen>&prompt.root; <userinput>/usr/sbin/sendmail -q</userinput></screen>
+
+ <para>You may wish to use the <command>!bg</command> command in
+ <filename>ppp.linkup</filename> to do this automatically:</para>
+
+ <programlisting>1 provider:
+2 delete ALL
+3 add 0 0 HISADDR
+4 !bg sendmail -bd -q30m</programlisting>
+
+ <indexterm><primary>SMTP</primary></indexterm>
+ <para>If you do not like this, it is possible to set up a
+ <quote>dfilter</quote> to block SMTP traffic. Refer to the
+ sample files for further details.</para>
+
+ <para>All that is left is to reboot the machine. After rebooting,
+ you can now either type:</para>
+
+ <screen>&prompt.root; <userinput>ppp</userinput></screen>
+
+ <para>and then <command>dial provider</command> to start the PPP
+ session, or, if you want <command>ppp</command> to establish
+ sessions automatically when there is outbound traffic (and
+ you have not created the <filename>start_if.tun0</filename>
+ script), type:</para>
+
+ <screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen>
+ </sect3>
+
+ <sect3>
+ <title>Summary</title>
+
+ <para>To recap, the following steps are necessary when setting up
+ ppp for the first time:</para>
+
+ <para>Client side:</para>
+
+ <procedure>
+ <step>
+ <para>Ensure that the <devicename>tun</devicename> device is
+ built into your kernel.</para>
+ </step>
+
+ <step>
+ <para>Ensure that the
+ <filename>tun<replaceable>N</replaceable></filename> device
+ file is available in the <filename>/dev</filename>
+ directory.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in
+ <filename>/etc/ppp/ppp.conf</filename>. The
+ <filename>pmdemand</filename> example should suffice for
+ most ISPs.</para>
+ </step>
+
+ <step>
+ <para>If you have a dynamic IP address, create an entry in
+ <filename>/etc/ppp/ppp.linkup</filename>.</para>
+ </step>
+
+ <step>
+ <para>Update your <filename>/etc/rc.conf</filename>
+ file.</para>
+ </step>
+
+ <step>
+ <para>Create a <filename>start_if.tun0</filename> script if
+ you require demand dialing.</para>
+ </step>
+ </procedure>
+
+ <para>Server side:</para>
+
+ <procedure>
+ <step>
+ <para>Ensure that the <devicename>tun</devicename> device is
+ built into your kernel.</para>
+ </step>
+
+ <step>
+ <para>Ensure that the
+ <filename>tun<replaceable>N</replaceable></filename> device
+ file is available in the <filename>/dev</filename>
+ directory.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in <filename>/etc/passwd</filename>
+ (using the &man.vipw.8; program).</para>
+ </step>
+
+ <step>
+ <para>Create a profile in this users home directory that runs
+ <command>ppp -direct direct-server</command> or
+ similar.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in
+ <filename>/etc/ppp/ppp.conf</filename>. The
+ <filename>direct-server</filename> example should
+ suffice.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in
+ <filename>/etc/ppp/ppp.linkup</filename>.</para>
+ </step>
+
+ <step>
+ <para>Update your <filename>/etc/rc.conf</filename>
+ file.</para>
+ </step>
+ </procedure>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="ppp">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Gennady B.</firstname>
+ <surname>Sorokopud</surname>
+ <contrib>Parts originally contributed by </contrib>
+ </author>
+ <author>
+ <firstname>Robert</firstname>
+ <surname>Huff</surname>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Using Kernel PPP</title>
+
+ <sect2>
+ <title>Setting Up Kernel PPP</title>
+ <indexterm><primary>PPP</primary><secondary>kernel PPP</secondary></indexterm>
+
+ <para>Before you start setting up PPP on your machine, make sure
+ that <command>pppd</command> is located in
+ <filename>/usr/sbin</filename> and the directory
+ <filename>/etc/ppp</filename> exists.</para>
+
+ <para><command>pppd</command> can work in two modes:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>As a <quote>client</quote> &mdash; you want to connect your
+ machine to the outside world via a PPP serial connection or
+ modem line.</para>
+ </listitem>
+
+ <indexterm><primary>PPP</primary><secondary>server</secondary></indexterm>
+ <listitem>
+ <para>As a <quote>server</quote> &mdash; your machine is located on
+ the network, and is used to connect other computers using
+ PPP.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>In both cases you will need to set up an options file
+ (<filename>/etc/ppp/options</filename> or
+ <filename>~/.ppprc</filename> if you have more than one user on
+ your machine that uses PPP).</para>
+
+ <para>You will also need some modem/serial software (preferably
+ <filename role="package">comms/kermit</filename>), so you can dial and
+ establish a connection with the remote host.</para>
+ </sect2>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Trev</firstname>
+ <surname>Roydhouse</surname>
+ <contrib>Based on information provided by </contrib>
+ <!-- Trev.Roydhouse@f401.n711.z3.fidonet.org -->
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Using <command>pppd</command> as a Client</title>
+ <indexterm><primary>PPP</primary><secondary>client</secondary></indexterm>
+ <indexterm><primary>Cisco</primary></indexterm>
+ <para>The following <filename>/etc/ppp/options</filename> might be
+ used to connect to a Cisco terminal server PPP line.</para>
+
+ <programlisting>crtscts # enable hardware flow control
+modem # modem control line
+noipdefault # remote PPP server must supply your IP address
+ # if the remote host does not send your IP during IPCP
+ # negotiation, remove this option
+passive # wait for LCP packets
+domain ppp.foo.com # put your domain name here
+
+:&lt;remote_ip&gt; # put the IP of remote PPP host here
+ # it will be used to route packets via PPP link
+ # if you didn't specified the noipdefault option
+ # change this line to &lt;local_ip&gt;:&lt;remote_ip&gt;
+
+defaultroute # put this if you want that PPP server will be your
+ # default router</programlisting>
+
+ <para>To connect:</para>
+
+ <indexterm><primary>Kermit</primary></indexterm>
+ <indexterm><primary>modem</primary></indexterm>
+ <procedure>
+ <step>
+ <para>Dial to the remote host using <application>Kermit</application> (or some other modem
+ program), and enter your user name and password (or whatever
+ is needed to enable PPP on the remote host).</para>
+ </step>
+
+ <step>
+ <para>Exit <application>Kermit</application> (without
+ hanging up the line).</para>
+ </step>
+
+ <step>
+ <para>Enter the following:</para>
+
+ <screen>&prompt.root; <userinput>/usr/src/usr.sbin/pppd.new/pppd <replaceable>/dev/tty01</replaceable> <replaceable>19200</replaceable></userinput></screen>
+
+ <para>Be sure to use the appropriate speed and device name.</para>
+ </step>
+ </procedure>
+
+ <para>Now your computer is connected with PPP. If the connection
+ fails, you can add the <option>debug</option> option to the
+ <filename>/etc/ppp/options</filename> file, and check console messages
+ to track the problem.</para>
+
+ <para>Following <filename>/etc/ppp/pppup</filename> script will make
+ all 3 stages automatic:</para>
+
+ <programlisting>#!/bin/sh
+ps ax |grep pppd |grep -v grep
+pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
+if [ "X${pid}" != "X" ] ; then
+ echo 'killing pppd, PID=' ${pid}
+ kill ${pid}
+fi
+ps ax |grep kermit |grep -v grep
+pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
+if [ "X${pid}" != "X" ] ; then
+ echo 'killing kermit, PID=' ${pid}
+ kill -9 ${pid}
+fi
+
+ifconfig ppp0 down
+ifconfig ppp0 delete
+
+kermit -y /etc/ppp/kermit.dial
+pppd /dev/tty01 19200</programlisting>
+
+ <indexterm><primary>Kermit</primary></indexterm>
+ <para><filename>/etc/ppp/kermit.dial</filename> is a <application>Kermit</application>
+ script that dials and makes all necessary authorization on the
+ remote host (an example of such a script is attached to the end
+ of this document).</para>
+
+ <para>Use the following <filename>/etc/ppp/pppdown</filename> script
+ to disconnect the PPP line:</para>
+
+ <programlisting>#!/bin/sh
+pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
+if [ X${pid} != "X" ] ; then
+ echo 'killing pppd, PID=' ${pid}
+ kill -TERM ${pid}
+fi
+
+ps ax |grep kermit |grep -v grep
+pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
+if [ "X${pid}" != "X" ] ; then
+ echo 'killing kermit, PID=' ${pid}
+ kill -9 ${pid}
+fi
+
+/sbin/ifconfig ppp0 down
+/sbin/ifconfig ppp0 delete
+kermit -y /etc/ppp/kermit.hup
+/etc/ppp/ppptest</programlisting>
+
+ <para>Check to see if <command>pppd</command> is still running by executing
+ <filename>/usr/etc/ppp/ppptest</filename>, which should look like
+ this:</para>
+
+ <programlisting>#!/bin/sh
+pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
+if [ X${pid} != "X" ] ; then
+ echo 'pppd running: PID=' ${pid-NONE}
+else
+ echo 'No pppd running.'
+fi
+set -x
+netstat -n -I ppp0
+ifconfig ppp0</programlisting>
+
+ <para>To hang up the modem, execute
+ <filename>/etc/ppp/kermit.hup</filename>, which should
+ contain:</para>
+
+ <programlisting>set line /dev/tty01 ; put your modem device here
+set speed 19200
+set file type binary
+set file names literal
+set win 8
+set rec pack 1024
+set send pack 1024
+set block 3
+set term bytesize 8
+set command bytesize 8
+set flow none
+
+pau 1
+out +++
+inp 5 OK
+out ATH0\13
+echo \13
+exit</programlisting>
+
+ <para>Here is an alternate method using <command>chat</command>
+ instead of <command>kermit</command>:</para>
+
+ <para>The following two files are sufficient to accomplish a
+ <command>pppd</command> connection.</para>
+
+ <para><filename>/etc/ppp/options</filename>:</para>
+
+ <programlisting>/dev/cuaa1 115200
+
+crtscts # enable hardware flow control
+modem # modem control line
+connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
+noipdefault # remote PPP serve must supply your IP address
+ # if the remote host doesn't send your IP during
+ # IPCP negotiation, remove this option
+passive # wait for LCP packets
+domain &lt;your.domain&gt; # put your domain name here
+
+: # put the IP of remote PPP host here
+ # it will be used to route packets via PPP link
+ # if you didn't specified the noipdefault option
+ # change this line to &lt;local_ip&gt;:&lt;remote_ip&gt;
+
+defaultroute # put this if you want that PPP server will be
+ # your default router</programlisting>
+
+ <para><filename>/etc/ppp/login.chat.script</filename>:</para>
+
+ <note>
+ <para>The following should go on a single line.</para>
+ </note>
+
+ <programlisting>ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT&lt;phone.number&gt;
+ CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: &lt;login-id&gt;
+ TIMEOUT 5 sword: &lt;password&gt;</programlisting>
+
+ <para>Once these are installed and modified correctly, all you need
+ to do is run <command>pppd</command>, like so:</para>
+
+ <screen>&prompt.root; <userinput>pppd</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Using <command>pppd</command> as a Server</title>
+
+ <para><filename>/etc/ppp/options</filename> should contain something
+ similar to the following:</para>
+
+ <programlisting>crtscts # Hardware flow control
+netmask 255.255.255.0 # netmask (not required)
+192.114.208.20:192.114.208.165 # IP's of local and remote hosts
+ # local ip must be different from one
+ # you assigned to the Ethernet (or other)
+ # interface on your machine.
+ # remote IP is IP address that will be
+ # assigned to the remote machine
+domain ppp.foo.com # your domain
+passive # wait for LCP
+modem # modem line</programlisting>
+
+ <para>The following <filename>/etc/ppp/pppserv</filename> script
+ will tell <application>pppd</application> to behave as a
+ server:</para>
+
+ <programlisting>#!/bin/sh
+ps ax |grep pppd |grep -v grep
+pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
+if [ "X${pid}" != "X" ] ; then
+ echo 'killing pppd, PID=' ${pid}
+ kill ${pid}
+fi
+ps ax |grep kermit |grep -v grep
+pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
+if [ "X${pid}" != "X" ] ; then
+ echo 'killing kermit, PID=' ${pid}
+ kill -9 ${pid}
+fi
+
+# reset ppp interface
+ifconfig ppp0 down
+ifconfig ppp0 delete
+
+# enable autoanswer mode
+kermit -y /etc/ppp/kermit.ans
+
+# run ppp
+pppd /dev/tty01 19200</programlisting>
+
+ <para>Use this <filename>/etc/ppp/pppservdown</filename> script to
+ stop the server:</para>
+
+ <programlisting>#!/bin/sh
+ps ax |grep pppd |grep -v grep
+pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
+if [ "X${pid}" != "X" ] ; then
+ echo 'killing pppd, PID=' ${pid}
+ kill ${pid}
+fi
+ps ax |grep kermit |grep -v grep
+pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
+if [ "X${pid}" != "X" ] ; then
+ echo 'killing kermit, PID=' ${pid}
+ kill -9 ${pid}
+fi
+ifconfig ppp0 down
+ifconfig ppp0 delete
+
+kermit -y /etc/ppp/kermit.noans</programlisting>
+
+ <para>The following <application>Kermit</application> script
+ (<filename>/etc/ppp/kermit.ans</filename>) will enable/disable
+ autoanswer mode on your modem. It should look like this:</para>
+
+ <programlisting>set line /dev/tty01
+set speed 19200
+set file type binary
+set file names literal
+set win 8
+set rec pack 1024
+set send pack 1024
+set block 3
+set term bytesize 8
+set command bytesize 8
+set flow none
+
+pau 1
+out +++
+inp 5 OK
+out ATH0\13
+inp 5 OK
+echo \13
+out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
+ ; autoanswer mode
+inp 5 OK
+echo \13
+exit</programlisting>
+
+ <para>A script named <filename>/etc/ppp/kermit.dial</filename> is
+ used for dialing and authenticating on the remote host. You will
+ need to customize it for your needs. Put your login and password
+ in this script; you will also need to change the input statement
+ depending on responses from your modem and remote host.</para>
+
+ <programlisting>;
+; put the com line attached to the modem here:
+;
+set line /dev/tty01
+;
+; put the modem speed here:
+;
+set speed 19200
+set file type binary ; full 8 bit file xfer
+set file names literal
+set win 8
+set rec pack 1024
+set send pack 1024
+set block 3
+set term bytesize 8
+set command bytesize 8
+set flow none
+set modem hayes
+set dial hangup off
+set carrier auto ; Then SET CARRIER if necessary,
+set dial display on ; Then SET DIAL if necessary,
+set input echo on
+set input timeout proceed
+set input case ignore
+def \%x 0 ; login prompt counter
+goto slhup
+
+:slcmd ; put the modem in command mode
+echo Put the modem in command mode.
+clear ; Clear unread characters from input buffer
+pause 1
+output +++ ; hayes escape sequence
+input 1 OK\13\10 ; wait for OK
+if success goto slhup
+output \13
+pause 1
+output at\13
+input 1 OK\13\10
+if fail goto slcmd ; if modem doesn't answer OK, try again
+
+:slhup ; hang up the phone
+clear ; Clear unread characters from input buffer
+pause 1
+echo Hanging up the phone.
+output ath0\13 ; hayes command for on hook
+input 2 OK\13\10
+if fail goto slcmd ; if no OK answer, put modem in command mode
+
+:sldial ; dial the number
+pause 1
+echo Dialing.
+output atdt9,550311\13\10 ; put phone number here
+assign \%x 0 ; zero the time counter
+
+:look
+clear ; Clear unread characters from input buffer
+increment \%x ; Count the seconds
+input 1 {CONNECT }
+if success goto sllogin
+reinput 1 {NO CARRIER\13\10}
+if success goto sldial
+reinput 1 {NO DIALTONE\13\10}
+if success goto slnodial
+reinput 1 {\255}
+if success goto slhup
+reinput 1 {\127}
+if success goto slhup
+if < \%x 60 goto look
+else goto slhup
+
+:sllogin ; login
+assign \%x 0 ; zero the time counter
+pause 1
+echo Looking for login prompt.
+
+:slloop
+increment \%x ; Count the seconds
+clear ; Clear unread characters from input buffer
+output \13
+;
+; put your expected login prompt here:
+;
+input 1 {Username: }
+if success goto sluid
+reinput 1 {\255}
+if success goto slhup
+reinput 1 {\127}
+if success goto slhup
+if < \%x 10 goto slloop ; try 10 times to get a login prompt
+else goto slhup ; hang up and start again if 10 failures
+
+:sluid
+;
+; put your userid here:
+;
+output ppp-login\13
+input 1 {Password: }
+;
+; put your password here:
+;
+output ppp-password\13
+input 1 {Entering SLIP mode.}
+echo
+quit
+
+:slnodial
+echo \7No dialtone. Check the telephone line!\7
+exit 1
+
+; local variables:
+; mode: csh
+; comment-start: "; "
+; comment-start-skip: "; "
+; end:</programlisting>
+ </sect2>
+ </sect1>
+
+ <sect1 id="ppp-troubleshoot">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 13 June 2003 -->
+ </sect1info>
+ <title>Troubleshooting <acronym>PPP</acronym> Connections</title>
+
+ <indexterm><primary>PPP</primary><secondary>troubleshooting</secondary></indexterm>
+
+ <para>This section covers a few issues which may arise when
+ using PPP over a modem connection. For instance, perhaps you
+ need to know exactly what prompts the system you are dialing
+ into will present. Some <acronym>ISP</acronym>s present the
+ <literal>ssword</literal> prompt, and others will present
+ <literal>password</literal>; if the <command>ppp</command>
+ script is not written accordingly, the login attempt will
+ fail. The most common way to debug <command>ppp</command>
+ connections is by connecting manually. The following
+ information will walk you through a manual connection step by
+ step.</para>
+
+ <sect2>
+ <title>Check the Device Nodes</title>
+
+ <para>If you reconfigured your kernel then you recall the
+ <devicename>sio</devicename> device. If you did not
+ configure your kernel, there is no reason to worry. Just
+ check the <command>dmesg</command> output for the modem
+ device with:</para>
+
+ <screen>&prompt.root; <userinput>dmesg | grep sio</userinput></screen>
+
+ <para>You should get some pertinent output about the
+ <devicename>sio</devicename> devices. These are the COM
+ ports we need. If your modem acts like a standard serial
+ port then you should see it listed on
+ <devicename>sio1</devicename>, or <devicename>COM2</devicename>. If so, you are not
+ required to rebuild the kernel, you just need to make the
+ serial device. You can do this by changing your directory
+ to <filename>/dev</filename> and running the
+ <filename>MAKEDEV</filename> script like above. Now make
+ the serial devices with:</para>
+
+ <screen>&prompt.root; <userinput>sh MAKEDEV cuaa0 cuaa1 cuaa2 cuaa3</userinput></screen>
+
+ <para>which will create the serial devices for your system.
+ When matching up sio modem is on <devicename>sio1</devicename> or
+ <devicename>COM2</devicename> if you are in DOS, then your
+ modem device would be <filename>/dev/cuaa1</filename>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Connecting Manually</title>
+
+ <para>Connecting to the Internet by manually controlling
+ <command>ppp</command> is quick, easy, and a great way to
+ debug a connection or just get information on how your
+ <acronym>ISP</acronym> treats <command>ppp</command> client
+ connections. Lets start <application>PPP</application> from
+ the command line. Note that in all of our examples we will
+ use <emphasis>example</emphasis> as the hostname of the
+ machine running <application>PPP</application>. You start
+ <command>ppp</command> by just typing
+ <command>ppp</command>:</para>
+
+ <screen>&prompt.root; <userinput>ppp</userinput></screen>
+
+ <para>We have now started <command>ppp</command>.</para>
+
+ <screen>ppp ON example&gt; <userinput>set device <filename>/dev/cuaa1</filename></userinput></screen>
+
+ <para>We set our modem device, in this case it is
+ <devicename>cuaa1</devicename>.</para>
+
+ <screen>ppp ON example&gt; <userinput>set speed 115200</userinput></screen>
+
+ <para>Set the connection speed, in this case we
+ are using 115,200 <acronym>kbps</acronym>.</para>
+
+ <screen>ppp ON example&gt; <userinput>enable dns</userinput></screen>
+
+ <para>Tell <command>ppp</command> to configure our
+ resolver and add the nameserver lines to
+ <filename>/etc/resolv.conf</filename>. If <command>ppp</command>
+ cannot determine our hostname, we can set one manually later.</para>
+
+ <screen>ppp ON example&gt; <userinput>term</userinput></screen>
+
+ <para>Switch to <quote>terminal</quote> mode so that we can manually
+ control the modem.</para>
+
+ <programlisting>deflink: Entering terminal mode on <filename>/dev/cuaa1</filename>
+type '~h' for help</programlisting>
+
+ <screen><userinput>at</userinput>
+OK
+<userinput>atdt<replaceable>123456789</replaceable></userinput></screen>
+
+ <para>Use <command>at</command> to initialize the modem,
+ then use <command>atdt</command> and the number for your
+ <acronym>ISP</acronym> to begin the dial in process.</para>
+
+ <screen>CONNECT</screen>
+
+ <para>Confirmation of the connection, if we are going to have
+ any connection problems, unrelated to hardware, here is where
+ we will attempt to resolve them.</para>
+
+ <screen>ISP Login:<userinput>myusername</userinput></screen>
+
+ <para>Here you are prompted for a username, return the
+ prompt with the username that was provided by the
+ <acronym>ISP</acronym>.</para>
+
+ <screen>ISP Pass:<userinput>mypassword</userinput></screen>
+
+ <para>This time we are prompted for a password, just
+ reply with the password that was provided by the
+ <acronym>ISP</acronym>. Just like logging into
+ &os;, the password will not echo.</para>
+
+ <screen>Shell or PPP:<userinput>ppp</userinput></screen>
+
+ <para>Depending on your <acronym>ISP</acronym> this prompt
+ may never appear. Here we are being asked if we wish to
+ use a shell on the provider, or to start
+ <command>ppp</command>. In this example, we have chosen
+ to use <command>ppp</command> as we want an Internet
+ connection.</para>
+
+ <screen>Ppp ON example&gt;</screen>
+
+ <para>Notice that in this example the first <option>p</option>
+ has been capitalized. This shows that we have successfully
+ connected to the <acronym>ISP</acronym>.</para>
+
+ <screen>PPp ON example&gt;</screen>
+
+ <para>We have successfully authenticated with our
+ <acronym>ISP</acronym> and are waiting for the
+ assigned <acronym>IP</acronym> address.</para>
+
+ <screen>PPP ON example&gt;</screen>
+
+ <para>We have made an agreement on an <acronym>IP</acronym>
+ address and successfully completed our connection.</para>
+
+ <screen>PPP ON example&gt;<userinput>add default HISADDR</userinput></screen>
+
+ <para>Here we add our default route, we need to do this before
+ we can talk to the outside world as currently the only
+ established connection is with the peer. If this fails due to
+ existing routes you can put a bang character
+ <literal>!</literal> in front of the <option>add</option>.
+ Alternatively, you can set this before making the actual
+ connection and it will negotiate a new route
+ accordingly.</para>
+
+ <para>If everything went good we should now have an active
+ connection to the Internet, which could be thrown into the
+ background using <keycombo
+ action="simul"><keycap>CTRL</keycap>
+ <keycap>z</keycap></keycombo> If you notice the
+ <command>PPP</command> return to <command>ppp</command> then
+ we have lost our connection. This is good to know because it
+ shows our connection status. Capital P's show that we have a
+ connection to the <acronym>ISP</acronym> and lowercase p's
+ show that the connection has been lost for whatever reason.
+ <command>ppp</command> only has these 2 states.</para>
+
+ <sect3>
+ <title>Debugging</title>
+
+ <para>If you have a direct line and cannot seem to make a
+ connection, then turn hardware flow
+ <acronym>CTS/RTS</acronym> to off with the <option>set
+ ctsrts off</option>. This is mainly the case if you are
+ connected to some <application>PPP</application> capable
+ terminal servers, where <application>PPP</application> hangs
+ when it tries to write data to your communication link, so
+ it would be waiting for a <acronym>CTS</acronym>, or Clear
+ To Send signal which may never come. If you use this option
+ however, you should also use the <option>set accmap</option>
+ option, which may be required to defeat hardware dependent
+ on passing certain characters from end to end, most of the
+ time XON/XOFF. See the &man.ppp.8; manual page for more
+ information on this option, and how it is used.</para>
+
+ <para>If you have an older modem, you may need to use the
+ <option>set parity even</option>. Parity is set at none
+ be default, but is used for error checking (with a large
+ increase in traffic) on older modems and some
+ <acronym>ISP</acronym>s. You may need this option for
+ the Compuserve <acronym>ISP</acronym>.</para>
+
+ <para><application>PPP</application> may not return to the
+ command mode, which is usually a negotiation error where
+ the <acronym>ISP</acronym> is waiting for your side to start
+ negotiating. At this point, using the <command>~p</command>
+ command will force ppp to start sending the configuration
+ information.</para>
+
+ <para>If you never obtain a login prompt, then most likely you
+ need to use <acronym>PAP</acronym> or
+ <acronym>CHAP</acronym> authentication instead of the
+ &unix; style in the example above. To use
+ <acronym>PAP</acronym> or <acronym>CHAP</acronym> just add
+ the following options to <application>PPP</application>
+ before going into terminal mode:</para>
+
+ <screen>ppp ON example&gt; <userinput>set authname <replaceable>myusername</replaceable></userinput></screen>
+
+ <para>Where <replaceable>myusername</replaceable> should be
+ replaced with the username that was assigned by the
+ <acronym>ISP</acronym>.</para>
+
+ <screen>ppp ON example&gt; <userinput>set authkey <replaceable>mypassword</replaceable></userinput></screen>
+
+ <para>Where <replaceable>mypassword</replaceable> should be
+ replaced with the password that was assigned by the
+ <acronym>ISP</acronym>.</para>
+
+ <para>If you connect fine, but cannot seem to find any domain
+ name, try to use &man.ping.8; with an <acronym>IP</acronym>
+ address and see if you can get any return information. If
+ you experience 100 percent (100%) packet loss, then it is most
+ likely that you were not assigned a default route. Double
+ check that the option <option>add default HISADDR</option>
+ was set during the connection. If you can connect to a
+ remote <acronym>IP</acronym> address then it is possible
+ that a resolver address has not been added to the
+ <filename>/etc/resolv.conf</filename>. This file should
+ look like:</para>
+
+ <programlisting>domain <replaceable>example.com</replaceable>
+nameserver <replaceable>x.x.x.x</replaceable>
+nameserver <replaceable>y.y.y.y</replaceable></programlisting>
+
+ <para>Where <replaceable>x.x.x.x</replaceable> and
+ <replaceable>y.y.y.y</replaceable> should be replaced with
+ the <acronym>IP</acronym> address of your
+ <acronym>ISP</acronym>'s DNS servers. This information may
+ or may not have been provided when you signed up, but a
+ quick call to your <acronym>ISP</acronym> should remedy
+ that.</para>
+
+ <para>You could also have &man.syslog.3; provide a logging
+ function for your <application>PPP</application> connection.
+ Just add:</para>
+
+ <programlisting>!ppp
+*.* /var/log/ppp.log</programlisting>
+
+ <para>to <filename>/etc/syslog.conf</filename>. In most cases, this
+ functionality already exists.</para>
+
+ </sect3>
+ </sect2>
+ </sect1>
+
+
+
+
+ <sect1 id="pppoe">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Contributed (from http://node.to/freebsd/how-tos/how-to-freebsd-pppoe.html) by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 10 Jan 2000 -->
+ </sect1info>
+
+ <title>Using PPP over Ethernet (PPPoE)</title>
+ <indexterm><primary>PPP</primary><secondary>over Ethernet</secondary></indexterm>
+ <indexterm>
+ <primary>PPPoE</primary>
+ <see>PPP, over Ethernet</see>
+ </indexterm>
+
+ <para>This section describes how to set up PPP over Ethernet
+ (<acronym>PPPoE</acronym>).</para>
+
+ <sect2>
+ <title>Configuring the Kernel</title>
+
+ <para>No kernel configuration is necessary for PPPoE any longer. If
+ the necessary netgraph support is not built into the kernel, it will
+ be dynamically loaded by <application>ppp</application>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Setting Up <filename>ppp.conf</filename></title>
+
+ <para>Here is an example of a working
+ <filename>ppp.conf</filename>:</para>
+
+ <programlisting>default:
+ set log Phase tun command # you can add more detailed logging if you wish
+ set ifaddr 10.0.0.1/0 10.0.0.2/0
+
+name_of_service_provider:
+ set device PPPoE:<replaceable>xl1</replaceable> # replace xl1 with your Ethernet device
+ set authname YOURLOGINNAME
+ set authkey YOURPASSWORD
+ set dial
+ set login
+ add default HISADDR</programlisting>
+
+ </sect2>
+
+ <sect2>
+ <title>Running <application>ppp</application></title>
+
+ <para>As <username>root</username>, you can run:</para>
+
+ <screen>&prompt.root; <userinput>ppp -ddial name_of_service_provider</userinput></screen>
+
+ </sect2>
+
+ <sect2>
+ <title>Starting <application>ppp</application> at Boot</title>
+
+ <para>Add the following to your <filename>/etc/rc.conf</filename>
+ file:</para>
+
+ <programlisting>ppp_enable="YES"
+ppp_mode="ddial"
+ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO
+ppp_profile="name_of_service_provider"</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>Using a PPPoE Service Tag</title>
+
+ <para>Sometimes it will be necessary to use a service tag to establish
+ your connection. Service tags are used to distinguish between
+ different PPPoE servers attached to a given network.</para>
+
+ <para>You should have been given any required service tag information
+ in the documentation provided by your ISP. If you cannot locate
+ it there, ask your ISP's tech support personnel.</para>
+
+ <para>As a last resort, you could try the method suggested by the
+ <ulink url="http://www.roaringpenguin.com/pppoe/">Roaring Penguin
+ PPPoE</ulink> program which can be found in the <link
+ linkend="ports">Ports Collection</link>. Bear in mind however,
+ this may de-program your modem and render it useless, so
+ think twice before doing it. Simply install the program shipped
+ with the modem by your provider. Then, access the
+ <guimenu>System</guimenu> menu from the program. The name of your
+ profile should be listed there. It is usually
+ <emphasis>ISP</emphasis>.</para>
+
+ <para>The profile name (service tag) will be used in the PPPoE
+ configuration entry in <filename>ppp.conf</filename> as the provider
+ part of the <command>set device</command> command (see the &man.ppp.8;
+ manual page for full details). It should look like this:</para>
+
+ <programlisting>set device PPPoE:<replaceable>xl1</replaceable>:<replaceable>ISP</replaceable></programlisting>
+
+ <para>Do not forget to change <replaceable>xl1</replaceable>
+ to the proper device for your Ethernet card.</para>
+ <para>Do not forget to change <replaceable>ISP</replaceable>
+ to the profile you have just found above.</para>
+
+ <para>For additional information, see:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink
+ url="http://renaud.waldura.com/doc/freebsd/pppoe/">Cheaper
+ Broadband with FreeBSD on DSL</ulink> by Renaud
+ Waldura.</para>
+ </listitem>
+
+ <listitem>
+ <para><ulink
+ url="http://www.ruhr.de/home/nathan/FreeBSD/tdsl-freebsd.html">
+ Nutzung von T-DSL und T-Online mit FreeBSD</ulink>
+ by Udo Erdelhoff (in German).</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2 id="ppp-3com">
+
+ <title>PPPoE with a &tm.3com; <trademark class="registered">HomeConnect</trademark> ADSL Modem Dual Link</title>
+
+ <para>This modem does not follow <ulink
+ url="http://www.faqs.org/rfcs/rfc2516.html">RFC 2516</ulink>
+ (<emphasis>A Method for transmitting PPP over Ethernet
+ (PPPoE)</emphasis>, written by L. Mamakos, K. Lidl, J. Evarts,
+ D. Carrel, D. Simone, and R. Wheeler). Instead, different packet
+ type codes have been used for the Ethernet frames. Please complain
+ to <ulink url="http://www.3com.com/">3Com</ulink> if you think it
+ should comply with the PPPoE specification.</para>
+
+ <para>In order to make FreeBSD capable of communicating with this
+ device, a sysctl must be set. This can be done automatically at
+ boot time by updating <filename>/etc/sysctl.conf</filename>:</para>
+
+ <programlisting>net.graph.nonstandard_pppoe=1</programlisting>
+
+ <para>or can be done immediately with the command:</para>
+
+ <screen>&prompt.root; <userinput>sysctl net.graph.nonstandard_pppoe=1</userinput></screen>
+
+ <para>Unfortunately, because this is a system-wide setting, it is
+ not possible to talk to a normal PPPoE client or server and a
+ &tm.3com; <trademark class="registered">HomeConnect</trademark> ADSL Modem at the same time.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="pppoa">
+ <title>Using <application>PPP</application> over ATM (PPPoA)</title>
+ <indexterm><primary>PPP</primary><secondary>over ATM</secondary></indexterm>
+ <indexterm>
+ <primary>PPPoA</primary>
+ <see>PPP, over ATM</see>
+ </indexterm>
+
+ <para>The following describes how to set up PPP over ATM (PPPoA).
+ PPPoA is a popular choice among European DSL providers.</para>
+
+ <sect2>
+ <title>Using PPPoA with the Alcatel &speedtouch; USB</title>
+
+ <para>PPPoA support for this device is supplied as a port in
+ FreeBSD because the firmware is distributed under <ulink
+ url="http://www.speedtouchdsl.com/disclaimer_lx.htm">Alcatel's
+ license agreement</ulink> and can not be redistributed freely
+ with the base system of FreeBSD.</para>
+
+ <para>To install the software, simply use the <link
+ linkend="ports">Ports Collection</link>. Install the
+ <filename role="package">net/pppoa</filename> port and follow the
+ instructions provided with it.</para>
+
+ <para>Like many USB devices, the Alcatel &speedtouch; USB needs to
+ download firmware from the host computer to operate properly.
+ It is possible to automate this process in &os; so that this
+ transfer takes place whenever the device is plugged into a USB
+ port. The following information can be added to the
+ <filename>/etc/usbd.conf</filename> file to enable this
+ automatic firmware transfer. This file must be edited as the
+ <username>root</username> user.</para>
+
+ <programlisting>device "Alcatel SpeedTouch USB"
+ devname "ugen[0-9]+"
+ vendor 0x06b9
+ product 0x4061
+ attach "/usr/local/sbin/modem_run -f /usr/local/libdata/mgmt.o"</programlisting>
+
+ <para>To enable the USB daemon, <application>usbd</application>,
+ put the following the line into
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>usbd_enable="YES"</programlisting>
+
+ <para>It is also possible to set up
+ <application>ppp</application> to dial up at startup. To do
+ this add the following lines to
+ <filename>/etc/rc.conf</filename>. Again, for this procedure
+ you will need to be logged in as the <username>root</username>
+ user.</para>
+
+ <programlisting>ppp_enable="YES"
+ppp_mode="ddial"
+ppp_profile="adsl"</programlisting>
+
+ <para>For this to work correctly you will need to have used the
+ sample <filename>ppp.conf</filename> which is supplied with the
+ <filename role="package">net/pppoa</filename> port.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Using mpd</title>
+
+ <para>You can use <application>mpd</application> to connect to a
+ variety of services, in particular PPTP services. You can find
+ <application>mpd</application> in the Ports Collection,
+ <filename role="package">net/mpd</filename>. Many ADSL modems
+ require that a PPTP tunnel is created between the modem and
+ computer, one such modem is the Alcatel &speedtouch;
+ Home.</para>
+
+ <para>First you must install the port, and then you can
+ configure <application>mpd</application> to suit your
+ requirements and provider settings. The port places a set of
+ sample configuration files which are well documented in
+ <filename><replaceable>PREFIX</replaceable>/etc/mpd/</filename>.
+ Note here that <replaceable>PREFIX</replaceable> means the directory
+ into which your ports are installed, this defaults to
+ <filename>/usr/local/</filename>. A complete guide to
+ configure <application>mpd</application> is available in
+ HTML format once the port has been installed. It is placed in
+ <filename><replaceable>PREFIX</replaceable>/share/doc/mpd/</filename>.
+ Here is a sample configuration for connecting to an ADSL
+ service with <application>mpd</application>. The configuration
+ is spread over two files, first the
+ <filename>mpd.conf</filename>:</para>
+
+ <programlisting>default:
+ load adsl
+
+adsl:
+ new -i ng0 adsl adsl
+ set bundle authname <replaceable>username</replaceable> <co
+ id="co-mpd-ex-user">
+ set bundle password <replaceable>password</replaceable> <co
+ id="co-mpd-ex-pass">
+ set bundle disable multilink
+
+ set link no pap acfcomp protocomp
+ set link disable chap
+ set link accept chap
+ set link keep-alive 30 10
+
+ set ipcp no vjcomp
+ set ipcp ranges 0.0.0.0/0 0.0.0.0/0
+
+ set iface route default
+ set iface disable on-demand
+ set iface enable proxy-arp
+ set iface idle 0
+
+ open</programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-mpd-ex-user">
+ <para>The username used to authenticate with your ISP.</para>
+ </callout>
+ <callout arearefs="co-mpd-ex-pass">
+ <para>The password used to authenticate with your ISP.</para>
+ </callout>
+ </calloutlist>
+
+ <para>The <filename>mpd.links</filename> file contains information about
+ the link, or links, you wish to establish. An example
+ <filename>mpd.links</filename> to accompany the above example is given
+ beneath:</para>
+
+ <programlisting>adsl:
+ set link type pptp
+ set pptp mode active
+ set pptp enable originate outcall
+ set pptp self <replaceable>10.0.0.1</replaceable> <co
+ id="co-mpd-ex-self">
+ set pptp peer <replaceable>10.0.0.138</replaceable> <co
+ id="co-mpd-ex-peer"></programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-mpd-ex-self">
+ <para>The IP address of your &os; computer which you will be
+ using <application>mpd</application> from.</para>
+ </callout>
+ <callout arearefs="co-mpd-ex-peer">
+ <para>The IP address of your ADSL modem. For the Alcatel
+ &speedtouch; Home this address defaults to <hostid
+ role="ipaddr">10.0.0.138</hostid>.</para>
+ </callout>
+ </calloutlist>
+
+ <para>It is possible to initialize the connection easily by issuing the
+ following command as <username>root</username>:</para>
+
+ <screen>&prompt.root; <userinput>mpd -b <replaceable>adsl</replaceable></userinput></screen>
+
+ <para>You can see the status of the connection with the following
+ command:</para>
+
+ <screen>&prompt.user; <userinput>ifconfig <replaceable>ng0</replaceable></userinput>
+ng0: flags=88d1&lt;UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST&gt; mtu 1500
+ inet 216.136.204.117 --> 204.152.186.171 netmask 0xffffffff</screen>
+
+ <para>Using <application>mpd</application> is the recommended way to
+ connect to an ADSL service with &os;.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Using pptpclient</title>
+
+ <para>It is also possible to use FreeBSD to connect to other PPPoA
+ services using
+ <filename role="package">net/pptpclient</filename>.</para>
+
+ <para>To use <filename role="package">net/pptpclient</filename> to
+ connect to a DSL service, install the port or package and edit your
+ <filename>/etc/ppp/ppp.conf</filename>. You will need to be
+ <username>root</username> to perform both of these operations. An
+ example section of <filename>ppp.conf</filename> is given
+ below. For further information on <filename>ppp.conf</filename>
+ options consult the <application>ppp</application> manual page,
+ &man.ppp.8;.</para>
+
+ <programlisting>adsl:
+ set log phase chat lcp ipcp ccp tun command
+ set timeout 0
+ enable dns
+ set authname <replaceable>username</replaceable> <co id="co-pptp-ex-user">
+ set authkey <replaceable>password</replaceable> <co id="co-pptp-ex-pass">
+ set ifaddr 0 0
+ add default HISADDR</programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-pptp-ex-user">
+ <para>The username of your account with the DSL provider.</para>
+ </callout>
+ <callout arearefs="co-pptp-ex-pass">
+ <para>The password for your account.</para>
+ </callout>
+ </calloutlist>
+
+ <warning>
+ <para>Because you must put your account's password in the
+ <filename>ppp.conf</filename> file in plain text form you should
+ make sure than nobody can read the contents of this file. The
+ following series of commands will make sure the file is only
+ readable by the <username>root</username> account. Refer to the
+ manual pages for &man.chmod.1; and &man.chown.8; for further
+ information.</para>
+ <screen>&prompt.root; <userinput>chown root:wheel /etc/ppp/ppp.conf</userinput>
+&prompt.root; <userinput>chmod 600 /etc/ppp/ppp.conf</userinput></screen>
+ </warning>
+
+ <para>This will open a tunnel for a PPP session to your DSL router.
+ Ethernet DSL modems have a preconfigured LAN IP address which you
+ connect to. In the case of the Alcatel &speedtouch; Home this address is
+ <hostid role="ipaddr">10.0.0.138</hostid>. Your router documentation
+ should tell you which address your device uses. To open the tunnel and
+ start a PPP session execute the following
+ command:</para>
+
+ <screen>&prompt.root; <userinput>pptp <replaceable>address</replaceable> <replaceable>adsl</replaceable></userinput></screen>
+
+ <tip>
+ <para>You may wish to add an ampersand (<quote>&amp;</quote>) to the
+ end of the previous command because <application>pptp</application>
+ will not return your prompt to you otherwise.</para>
+ </tip>
+
+ <para>A <devicename>tun</devicename> virtual tunnel device will be
+ created for interaction between the <application>pptp</application>
+ and <application>ppp</application> processes. Once you have been
+ returned to your prompt, or the <application>pptp</application>
+ process has confirmed a connection you can examine the tunnel like
+ so:</para>
+
+ <screen>&prompt.user; <userinput>ifconfig <replaceable>tun0</replaceable></userinput>
+tun0: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500
+ inet 216.136.204.21 --> 204.152.186.171 netmask 0xffffff00
+ Opened by PID 918</screen>
+
+ <para>If you are unable to connect, check the configuration of
+ your router, which is usually accessible via
+ <application>telnet</application> or with a web browser. If you still
+ cannot connect you should examine the output of the
+ <command>pptp</command> command and the contents of the
+ <application>ppp</application> log file,
+ <filename>/var/log/ppp.log</filename> for clues.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="slip">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Satoshi</firstname>
+ <surname>Asami</surname>
+ <contrib>Originally contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Guy</firstname>
+ <surname>Helmer</surname>
+ <contrib>With input from </contrib>
+ </author>
+ <author>
+ <firstname>Piero</firstname>
+ <surname>Serini</surname>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Using SLIP</title>
+ <indexterm><primary>SLIP</primary></indexterm>
+
+ <sect2 id="slipc">
+ <title>Setting Up a SLIP Client</title>
+ <indexterm><primary>SLIP</primary><secondary>client</secondary></indexterm>
+ <para>The following is one way to set up a FreeBSD machine for SLIP
+ on a static host network. For dynamic hostname assignments (your
+ address changes each time you dial up), you probably need to
+ have a more complex setup.</para>
+
+ <para>First, determine which serial port your modem is connected to.
+ Many people set up a symbolic link, such as
+ <filename>/dev/modem</filename>, to point to the real device name,
+ <filename>/dev/cuaaN</filename> (or <filename>/dev/cuadN</filename> under &os;&nbsp;6.X). This allows you to
+ abstract the actual device name should you ever need to move
+ the modem to a different port. It can become quite cumbersome when you
+ need to fix a bunch of files in <filename>/etc</filename> and
+ <filename>.kermrc</filename> files all over the system!</para>
+
+ <note>
+ <para><filename>/dev/cuaa0</filename> (or <filename>/dev/cuad0</filename> under &os;&nbsp;6.X) is
+ <devicename>COM1</devicename>, <filename>cuaa1</filename> (or <filename>/dev/cuad1</filename>) is
+ <devicename>COM2</devicename>, etc.</para>
+ </note>
+
+ <para>Make sure you have the following in your kernel configuration
+ file:</para>
+
+ <programlisting>device sl</programlisting>
+
+ <para>Under &os;&nbsp;4.X, use instead the following
+ line:</para>
+
+ <programlisting>pseudo-device sl 1</programlisting>
+
+ <para>It is included in the <filename>GENERIC</filename> kernel, so
+ this should not be a problem unless you have deleted it.</para>
+
+ <sect3>
+ <title>Things You Have to Do Only Once</title>
+
+ <procedure>
+ <step>
+ <para>Add your home machine, the gateway and nameservers to
+ your <filename>/etc/hosts</filename> file. Ours looks like
+ this:</para>
+
+ <programlisting>127.0.0.1 localhost loghost
+136.152.64.181 water.CS.Example.EDU water.CS water
+136.152.64.1 inr-3.CS.Example.EDU inr-3 slip-gateway
+128.32.136.9 ns1.Example.EDU ns1
+128.32.136.12 ns2.Example.EDU ns2</programlisting>
+ </step>
+
+ <step>
+ <para>Make sure you have <literal>hosts</literal> before
+ <literal>bind</literal> in your
+ <filename>/etc/host.conf</filename> on FreeBSD versions
+ prior to 5.0. Since FreeBSD&nbsp;5.0, the system uses
+ the file <filename>/etc/nsswitch.conf</filename> instead,
+ make sure you have <literal>files</literal> before
+ <literal>dns</literal> in the <option>hosts</option> line
+ of this file. Without these parameters funny
+ things may happen.</para>
+ </step>
+
+ <step>
+ <para>Edit the <filename>/etc/rc.conf</filename> file.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Set your hostname by editing the line that
+ says:</para>
+
+ <programlisting>hostname="myname.my.domain"</programlisting>
+
+ <para>Your machine's full Internet hostname should be
+ placed here.</para>
+ </listitem>
+
+ <indexterm><primary>default route</primary></indexterm>
+ <listitem>
+ <para>Designate the default router by changing the
+ line:</para>
+
+ <programlisting>defaultrouter="NO"</programlisting>
+
+ <para>to:</para>
+
+ <programlisting>defaultrouter="slip-gateway"</programlisting>
+ </listitem>
+ </orderedlist>
+ </step>
+
+ <step>
+ <para>Make a file <filename>/etc/resolv.conf</filename> which
+ contains:</para>
+
+ <programlisting>domain CS.Example.EDU
+nameserver 128.32.136.9
+nameserver 128.32.136.12</programlisting>
+
+ <indexterm><primary>nameserver</primary></indexterm>
+ <indexterm><primary>domain name</primary></indexterm>
+ <para>As you can see, these set up the nameserver hosts. Of
+ course, the actual domain names and addresses depend on your
+ environment.</para>
+ </step>
+
+ <step>
+ <para>Set the password for <username>root</username> and
+ <username>toor</username> (and any other
+ accounts that do not have a password).</para>
+ </step>
+
+ <step>
+ <para>Reboot your machine and make sure it comes up with the
+ correct hostname.</para>
+ </step>
+ </procedure>
+ </sect3>
+
+ <sect3>
+ <title>Making a SLIP Connection</title>
+ <indexterm><primary>SLIP</primary><secondary>connecting with</secondary></indexterm>
+ <procedure>
+ <step>
+ <para>Dial up, type <command>slip</command> at the prompt,
+ enter your machine name and password. What is required to
+ be entered depends on your environment. If you use
+ <application>Kermit</application>, you can try a script like this:</para>
+
+ <programlisting># kermit setup
+set modem hayes
+set line /dev/modem
+set speed 115200
+set parity none
+set flow rts/cts
+set terminal bytesize 8
+set file type binary
+# The next macro will dial up and login
+define slip dial 643-9600, input 10 =&gt;, if failure stop, -
+output slip\x0d, input 10 Username:, if failure stop, -
+output silvia\x0d, input 10 Password:, if failure stop, -
+output ***\x0d, echo \x0aCONNECTED\x0a</programlisting>
+
+ <para>Of course, you have to change the username and password
+ to fit yours. After doing so, you can just type
+ <command>slip</command> from the <application>Kermit</application> prompt to
+ connect.</para>
+
+ <note>
+ <para>Leaving your password in plain text anywhere in the
+ filesystem is generally a <emphasis>bad</emphasis> idea.
+ Do it at your own risk.</para>
+ </note>
+ </step>
+
+ <step>
+ <para>Leave the <application>Kermit</application> there (you can suspend it by
+ <keycombo>
+ <keycap>Ctrl</keycap>
+ <keycap>z</keycap>
+ </keycombo>) and as <username>root</username>, type:</para>
+
+ <screen>&prompt.root; <userinput>slattach -h -c -s 115200 /dev/modem</userinput></screen>
+
+ <para>If you are able to <command>ping</command> hosts on the
+ other side of the router, you are connected! If it does not
+ work, you might want to try <option>-a</option> instead of
+ <option>-c</option> as an argument to
+ <command>slattach</command>.</para>
+ </step>
+ </procedure>
+ </sect3>
+
+ <sect3>
+ <title>How to Shutdown the Connection</title>
+
+ <para>Do the following:</para>
+
+ <screen>&prompt.root; <userinput>kill -INT `cat /var/run/slattach.modem.pid`</userinput></screen>
+
+ <para>to kill <command>slattach</command>. Keep in mind you must be
+ <username>root</username> to do the above. Then go back to
+ <command>kermit</command> (by running <command>fg</command> if you suspended it) and
+ exit from
+ it (<keycap>q</keycap>).</para>
+
+ <para>The &man.slattach.8; manual page says you have
+ to use <command>ifconfig sl0 down</command>
+ to mark the interface down, but this does not
+ seem to make any difference.
+ (<command>ifconfig sl0</command> reports the same thing.)</para>
+
+ <para>Some times, your modem might refuse to drop the carrier.
+ In that case, simply start <command>kermit</command> and quit
+ it again. It usually goes out on the second try.</para>
+ </sect3>
+
+ <sect3>
+ <title>Troubleshooting</title>
+
+ <para>If it does not work, feel free to ask on &a.net.name; mailing list. The things that
+ people tripped over so far:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Not using <option>-c</option> or <option>-a</option> in
+ <command>slattach</command> (This should not be fatal,
+ but some users have reported that this solves their
+ problems.)</para>
+ </listitem>
+
+ <listitem>
+ <para>Using <option>s10</option> instead of
+ <option>sl0</option> (might be hard to see the difference on
+ some fonts).</para>
+ </listitem>
+
+ <listitem>
+ <para>Try <command>ifconfig sl0</command> to see your
+ interface status. For example, you might get:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig sl0</userinput>
+sl0: flags=10&lt;POINTOPOINT&gt;
+ inet 136.152.64.181 --&gt; 136.152.64.1 netmask ffffff00</screen>
+ </listitem>
+
+ <listitem>
+ <para>If you get <errorname>no route to host</errorname>
+ messages from &man.ping.8;, there may be a problem with your
+ routing table. You can use the <command>netstat -r</command>
+ command to display the current routes :</para>
+
+ <screen>&prompt.root; <userinput>netstat -r</userinput>
+Routing tables
+Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
+
+(root node)
+(root node)
+
+Route Tree for Protocol Family inet:
+(root node) =&gt;
+default inr-3.Example.EDU UG 8 224515 sl0 - -
+localhost.Exampl localhost.Example. UH 5 42127 lo0 - 0.438
+inr-3.Example.ED water.CS.Example.E UH 1 0 sl0 - -
+water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438
+(root node)</screen>
+
+ <para>The preceding examples are from a relatively busy system.
+ The numbers on your system will vary depending on
+ network activity.</para>
+
+ </listitem>
+ </itemizedlist>
+ </sect3>
+ </sect2>
+
+ <sect2 id="slips">
+ <title>Setting Up a SLIP Server</title>
+ <indexterm><primary>SLIP</primary><secondary>server</secondary></indexterm>
+
+ <para>This document provides suggestions for setting up SLIP Server
+ services on a FreeBSD system, which typically means configuring
+ your system to automatically startup connections upon login for
+ remote SLIP clients.</para>
+
+ <!-- Disclaimer is not necessarily relevant
+ <para> The author has written this document based
+ on his experience; however, as your system and needs may be
+ different, this document may not answer all of your questions, and
+ the author cannot be responsible if you damage your system or lose
+ data due to attempting to follow the suggestions here.</para>
+ -->
+
+ <sect3 id="slips-prereqs">
+ <title>Prerequisites</title>
+ <indexterm><primary>TCP/IP networking</primary></indexterm>
+ <para>This section is very technical in nature, so background
+ knowledge is required. It is assumed that you are familiar with
+ the TCP/IP network protocol, and in particular, network and node
+ addressing, network address masks, subnetting, routing, and
+ routing protocols, such as RIP. Configuring SLIP services on a
+ dial-up server requires a knowledge of these concepts, and if
+ you are not familiar with them, please read a copy of either
+ Craig Hunt's <emphasis>TCP/IP Network Administration</emphasis>
+ published by O'Reilly &amp; Associates, Inc. (ISBN Number
+ 0-937175-82-X), or Douglas Comer's books on the TCP/IP
+ protocol.</para>
+
+ <indexterm><primary>modem</primary></indexterm>
+ <para>It is further assumed that you have already set up your
+ modem(s) and configured the appropriate system files to allow
+ logins through your modems. If you have not prepared your
+ system for this yet, please see <xref
+ linkend="dialup"> for details on dialup services
+ configuration.
+ You may also want to check the manual pages for &man.sio.4; for
+ information on the serial port device driver and &man.ttys.5;,
+ &man.gettytab.5;, &man.getty.8;, &amp; &man.init.8; for
+ information relevant to configuring the system to accept logins
+ on modems, and perhaps &man.stty.1; for information on setting
+ serial port parameters (such as <literal>clocal</literal> for
+ directly-connected serial interfaces).</para>
+ </sect3>
+
+ <sect3>
+ <title>Quick Overview</title>
+
+ <para>In its typical configuration, using FreeBSD as a SLIP server
+ works as follows: a SLIP user dials up your FreeBSD SLIP Server
+ system and logs in with a special SLIP login ID that uses
+ <filename>/usr/sbin/sliplogin</filename> as the special user's
+ shell. The <command>sliplogin</command> program browses the
+ file <filename>/etc/sliphome/slip.hosts</filename> to find a
+ matching line for the special user, and if it finds a match,
+ connects the serial line to an available SLIP interface and then
+ runs the shell script
+ <filename>/etc/sliphome/slip.login</filename> to configure the
+ SLIP interface.</para>
+
+ <sect4>
+ <title>An Example of a SLIP Server Login</title>
+
+ <para>For example, if a SLIP user ID were
+ <username>Shelmerg</username>, <username>Shelmerg</username>'s
+ entry in <filename>/etc/master.passwd</filename> would look
+ something like this:</para>
+
+ <programlisting>Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin</programlisting>
+
+ <para>When <username>Shelmerg</username> logs in,
+ <command>sliplogin</command> will search
+ <filename>/etc/sliphome/slip.hosts</filename> for a line that
+ had a matching user ID; for example, there may be a line in
+ <filename>/etc/sliphome/slip.hosts</filename> that
+ reads:</para>
+
+ <programlisting>Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp</programlisting>
+
+ <para><command>sliplogin</command> will find that matching line,
+ hook the serial line into the next available SLIP interface,
+ and then execute <filename>/etc/sliphome/slip.login</filename>
+ like this:</para>
+
+ <programlisting>/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp</programlisting>
+
+ <para>If all goes well,
+ <filename>/etc/sliphome/slip.login</filename> will issue an
+ <command>ifconfig</command> for the SLIP interface to which
+ <command>sliplogin</command> attached itself (SLIP interface
+ 0, in the above example, which was the first parameter in the
+ list given to <filename>slip.login</filename>) to set the
+ local IP address (<hostid>dc-slip</hostid>), remote IP address
+ (<hostid>sl-helmer</hostid>), network mask for the SLIP
+ interface (<hostid role="netmask">0xfffffc00</hostid>), and
+ any additional flags (<literal>autocomp</literal>). If
+ something goes wrong, <command>sliplogin</command> usually
+ logs good informational messages via the
+ <application>syslogd</application> daemon facility, which usually logs
+ to <filename>/var/log/messages</filename> (see the manual
+ pages for &man.syslogd.8; and &man.syslog.conf.5; and perhaps
+ check <filename>/etc/syslog.conf</filename> to see to what
+ <application>syslogd</application> is logging and where it is
+ logging to).</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Kernel Configuration</title>
+ <indexterm><primary>kernel</primary><secondary>configuration</secondary></indexterm>
+ <indexterm><primary>SLIP</primary></indexterm>
+
+ <para>&os;'s default kernel (<filename>GENERIC</filename>)
+ comes with SLIP (&man.sl.4;) support; in case of a custom
+ kernel, you have to add the following line to your kernel
+ configuration file:</para>
+
+ <programlisting>device sl</programlisting>
+
+ <para>Under &os;&nbsp;4.X, use instead the following
+ line:</para>
+
+ <programlisting>pseudo-device sl 2</programlisting>
+
+ <note>
+ <para>The number at the end of the line is the maximum
+ number of SLIP connections that may be operating
+ simultaneously. Since &os;&nbsp;5.0, the &man.sl.4;
+ driver is <quote>auto-cloning</quote>.</para>
+ </note>
+
+ <para>By default, your &os; machine will not forward packets.
+ If you want your FreeBSD SLIP Server to act as a router, you
+ will have to edit the <filename>/etc/rc.conf</filename> file and
+ change the setting of the <literal>gateway_enable</literal> variable to
+ <option>YES</option>.</para>
+
+ <para>You will then need to reboot for the new settings to take
+ effect.</para>
+
+ <para>Please refer to <xref linkend="kernelconfig"> on
+ Configuring the FreeBSD Kernel for help in
+ reconfiguring your kernel.</para>
+ </sect3>
+
+ <sect3>
+ <title>Sliplogin Configuration</title>
+
+ <para>As mentioned earlier, there are three files in the
+ <filename>/etc/sliphome</filename> directory that are part of
+ the configuration for <filename>/usr/sbin/sliplogin</filename>
+ (see &man.sliplogin.8; for the actual manual page for
+ <command>sliplogin</command>): <filename>slip.hosts</filename>,
+ which defines the SLIP users and their associated IP
+ addresses; <filename>slip.login</filename>, which usually just
+ configures the SLIP interface; and (optionally)
+ <filename>slip.logout</filename>, which undoes
+ <filename>slip.login</filename>'s effects when the serial
+ connection is terminated.</para>
+
+ <sect4>
+ <title><filename>slip.hosts</filename> Configuration</title>
+
+ <para><filename>/etc/sliphome/slip.hosts</filename> contains
+ lines which have at least four items separated by
+ whitespace:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>SLIP user's login ID</para>
+ </listitem>
+
+ <listitem>
+ <para>Local address (local to the SLIP server) of the SLIP
+ link</para>
+ </listitem>
+
+ <listitem>
+ <para>Remote address of the SLIP link</para>
+ </listitem>
+
+ <listitem>
+ <para>Network mask</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The local and remote addresses may be host names
+ (resolved to IP addresses by
+ <filename>/etc/hosts</filename> or by the domain name
+ service, depending on your specifications in the file
+ <filename>/etc/nsswitch.conf</filename>,
+ or in <filename>/etc/host.conf</filename>
+ if you use FreeBSD&nbsp;4.X), and the network mask may be
+ a name that can be resolved by a lookup into
+ <filename>/etc/networks</filename>. On a sample system,
+ <filename>/etc/sliphome/slip.hosts</filename> looks like
+ this:</para>
+
+ <programlisting>#
+# login local-addr remote-addr mask opt1 opt2
+# (normal,compress,noicmp)
+#
+Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp</programlisting>
+
+ <para>At the end of the line is one or more of the
+ options:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><option>normal</option> &mdash; no header
+ compression</para>
+ </listitem>
+
+ <listitem>
+ <para><option>compress</option> &mdash; compress
+ headers</para>
+ </listitem>
+
+ <listitem>
+ <para><option>autocomp</option> &mdash; compress headers if
+ the remote end allows it</para>
+ </listitem>
+
+ <listitem>
+ <para><option>noicmp</option> &mdash; disable ICMP packets
+ (so any <quote>ping</quote> packets will be dropped instead
+ of using up your bandwidth)</para>
+ </listitem>
+ </itemizedlist>
+
+ <indexterm><primary>SLIP</primary></indexterm>
+ <indexterm><primary>TCP/IP networking</primary></indexterm>
+ <para>Your choice of local and remote addresses for your SLIP
+ links depends on whether you are going to dedicate a TCP/IP
+ subnet or if you are going to use <quote>proxy ARP</quote> on
+ your SLIP server (it is not <quote>true</quote> proxy ARP, but
+ that is the terminology used in this section to describe it).
+ If you are not sure which method to select or how to assign IP
+ addresses, please refer to the TCP/IP books referenced in
+ the SLIP Prerequisites (<xref linkend="slips-prereqs">)
+ and/or consult your IP network manager.</para>
+
+ <para>If you are going to use a separate subnet for your SLIP
+ clients, you will need to allocate the subnet number out of
+ your assigned IP network number and assign each of your SLIP
+ client's IP numbers out of that subnet. Then, you will
+ probably need to configure a static route to the SLIP
+ subnet via your SLIP server on your nearest IP router.</para>
+
+ <indexterm><primary>Ethernet</primary></indexterm>
+ <para>Otherwise, if you will use the <quote>proxy ARP</quote>
+ method, you will need to assign your SLIP client's IP
+ addresses out of your SLIP server's Ethernet subnet, and you
+ will also need to adjust your
+ <filename>/etc/sliphome/slip.login</filename> and
+ <filename>/etc/sliphome/slip.logout</filename> scripts to use
+ &man.arp.8; to manage the proxy-ARP entries in the SLIP
+ server's ARP table.</para>
+ </sect4>
+
+ <sect4>
+ <title><filename>slip.login</filename> Configuration</title>
+
+ <para>The typical <filename>/etc/sliphome/slip.login</filename>
+ file looks like this:</para>
+
+ <programlisting>#!/bin/sh -
+#
+# @(#)slip.login 5.1 (Berkeley) 7/1/90
+
+#
+# generic login file for a slip line. sliplogin invokes this with
+# the parameters:
+# 1 2 3 4 5 6 7-n
+# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
+#
+/sbin/ifconfig sl$1 inet $4 $5 netmask $6</programlisting>
+
+ <para>This <filename>slip.login</filename> file merely runs
+ <command>ifconfig</command> for the appropriate SLIP interface
+ with the local and remote addresses and network mask of the
+ SLIP interface.</para>
+
+ <para>If you have decided to use the <quote>proxy ARP</quote>
+ method (instead of using a separate subnet for your SLIP
+ clients), your <filename>/etc/sliphome/slip.login</filename>
+ file will need to look something like this:</para>
+
+ <programlisting>#!/bin/sh -
+#
+# @(#)slip.login 5.1 (Berkeley) 7/1/90
+
+#
+# generic login file for a slip line. sliplogin invokes this with
+# the parameters:
+# 1 2 3 4 5 6 7-n
+# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
+#
+/sbin/ifconfig sl$1 inet $4 $5 netmask $6
+# Answer ARP requests for the SLIP client with our Ethernet addr
+/usr/sbin/arp -s $5 00:11:22:33:44:55 pub</programlisting>
+
+ <para>The additional line in this
+ <filename>slip.login</filename>, <command>arp -s
+ &#36;5 00:11:22:33:44:55 pub</command>, creates an ARP entry
+ in the SLIP server's ARP table. This ARP entry causes the
+ SLIP server to respond with the SLIP server's Ethernet MAC
+ address whenever another IP node on the Ethernet asks to
+ speak to the SLIP client's IP address.</para>
+
+ <indexterm><primary>Ethernet</primary><secondary>MAC address</secondary></indexterm>
+ <para>When using the example above, be sure to replace the
+ Ethernet MAC address (<hostid
+ role="mac">00:11:22:33:44:55</hostid>) with the MAC address of
+ your system's Ethernet card, or your <quote>proxy ARP</quote>
+ will definitely not work! You can discover your SLIP server's
+ Ethernet MAC address by looking at the results of running
+ <command>netstat -i</command>; the second line of the output
+ should look something like:</para>
+
+ <screen>ed0 1500 &lt;Link&gt;0.2.c1.28.5f.4a 191923 0 129457 0 116</screen>
+
+ <para>This indicates that this particular system's Ethernet MAC
+ address is <hostid role="mac">00:02:c1:28:5f:4a</hostid>
+ &mdash; the periods in the Ethernet MAC address given by
+ <command>netstat -i</command> must be changed to colons and
+ leading zeros should be added to each single-digit hexadecimal
+ number to convert the address into the form that &man.arp.8;
+ desires; see the manual page on &man.arp.8; for complete
+ information on usage.</para>
+
+ <note>
+ <para>When you create
+ <filename>/etc/sliphome/slip.login</filename> and
+ <filename>/etc/sliphome/slip.logout</filename>, the
+ <quote>execute</quote> bit (i.e., <command>chmod 755
+ /etc/sliphome/slip.login /etc/sliphome/slip.logout</command>)
+ must be set, or <command>sliplogin</command> will be unable
+ to execute it.</para>
+ </note>
+ </sect4>
+
+ <sect4>
+ <title><filename>slip.logout</filename> Configuration</title>
+
+ <para><filename>/etc/sliphome/slip.logout</filename> is not
+ strictly needed (unless you are implementing <quote>proxy
+ ARP</quote>), but if you decide to create it, this is an
+ example of a basic
+ <filename>slip.logout</filename> script:</para>
+
+ <programlisting>#!/bin/sh -
+#
+# slip.logout
+
+#
+# logout file for a slip line. sliplogin invokes this with
+# the parameters:
+# 1 2 3 4 5 6 7-n
+# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
+#
+/sbin/ifconfig sl$1 down</programlisting>
+
+ <para>If you are using <quote>proxy ARP</quote>, you will want to
+ have <filename>/etc/sliphome/slip.logout</filename> remove the
+ ARP entry for the SLIP client:</para>
+
+ <programlisting>#!/bin/sh -
+#
+# @(#)slip.logout
+
+#
+# logout file for a slip line. sliplogin invokes this with
+# the parameters:
+# 1 2 3 4 5 6 7-n
+# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
+#
+/sbin/ifconfig sl$1 down
+# Quit answering ARP requests for the SLIP client
+/usr/sbin/arp -d $5</programlisting>
+
+ <para>The <command>arp -d &#36;5</command> removes the ARP entry
+ that the <quote>proxy ARP</quote>
+ <filename>slip.login</filename> added when the SLIP client
+ logged in.</para>
+
+ <para>It bears repeating: make sure
+ <filename>/etc/sliphome/slip.logout</filename> has the execute
+ bit set after you create it (i.e., <command>chmod 755
+ /etc/sliphome/slip.logout</command>).</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Routing Considerations</title>
+ <indexterm>
+ <primary>SLIP</primary>
+ <secondary>routing</secondary>
+ </indexterm>
+ <para>If you are not using the <quote>proxy ARP</quote> method for
+ routing packets between your SLIP clients and the rest of your
+ network (and perhaps the Internet), you will probably
+ have to add static routes to your closest default router(s) to
+ route your SLIP clients subnet via your SLIP server.</para>
+
+ <sect4>
+ <title>Static Routes</title>
+ <indexterm><primary>static routes</primary></indexterm>
+
+ <para>Adding static routes to your nearest default routers
+ can be troublesome (or impossible if you do not have
+ authority to do so...). If you have a multiple-router
+ network in your organization, some routers, such as those
+ made by Cisco and Proteon, may not only need to be
+ configured with the static route to the SLIP subnet, but
+ also need to be told which static routes to tell other
+ routers about, so some expertise and
+ troubleshooting/tweaking may be necessary to get
+ static-route-based routing to work.</para>
+ </sect4>
+
+ <sect4>
+ <title>Running <application>&gated;</application></title>
+ <indexterm>
+ <primary><application>&gated;</application></primary>
+ </indexterm>
+
+ <note>
+ <para><application>&gated;</application> is proprietary software now and
+ will not be available as source code to the public anymore
+ (more info on the <ulink
+ url="http://www.gated.org/">&gated;</ulink> website). This
+ section only exists to ensure backwards compatibility for
+ those that are still using an older version.</para>
+ </note>
+
+ <para>An alternative to the headaches of static routes is to
+ install <application>&gated;</application> on your FreeBSD SLIP server
+ and configure it to use the appropriate routing protocols
+ (RIP/OSPF/BGP/EGP) to tell other routers about your SLIP
+ subnet.
+ You will need to write a <filename>/etc/gated.conf</filename>
+ file to configure your <application>&gated;</application>; here is a sample, similar to
+ what the author used on a FreeBSD SLIP server:</para>
+
+ <programlisting>#
+# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
+# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
+#
+#
+# tracing options
+#
+traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
+
+rip yes {
+ interface sl noripout noripin ;
+ interface ed ripin ripout version 1 ;
+ traceoptions route ;
+} ;
+
+#
+# Turn on a bunch of tracing info for the interface to the kernel:
+kernel {
+ traceoptions remnants request routes info interface ;
+} ;
+
+#
+# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
+#
+
+export proto rip interface ed {
+ proto direct {
+ <replaceable>xxx.xxx.yy</replaceable> mask 255.255.252.0 metric 1; # SLIP connections
+ } ;
+} ;
+
+#
+# Accept routes from RIP via ed Ethernet interfaces
+
+import proto rip interface ed {
+ all ;
+} ;</programlisting>
+
+ <indexterm><primary>RIP</primary></indexterm>
+ <para>The above sample <filename>gated.conf</filename> file
+ broadcasts routing information regarding the SLIP subnet
+ <replaceable>xxx.xxx.yy</replaceable> via RIP onto the
+ Ethernet; if you are using a different Ethernet driver than
+ the <devicename>ed</devicename> driver, you will need to
+ change the references to the <devicename>ed</devicename>
+ interface appropriately. This sample file also sets up
+ tracing to <filename>/var/tmp/gated.output</filename> for
+ debugging <application>&gated;</application>'s activity; you can
+ certainly turn off the tracing options if
+ <application>&gated;</application> works correctly for you. You will need to
+ change the <replaceable>xxx.xxx.yy</replaceable>'s into the
+ network address of your own SLIP subnet (be sure to change the
+ net mask in the <literal>proto direct</literal> clause as
+ well).</para>
+
+ <para>Once you have installed and configured
+ <application>&gated;</application> on your system, you will need to
+ tell the FreeBSD startup scripts to run
+ <application>&gated;</application> in place of
+ <application>routed</application>. The easiest way to accomplish
+ this is to set the <varname>router</varname> and
+ <varname>router_flags</varname> variables in
+ <filename>/etc/rc.conf</filename>. Please see the manual
+ page for <application>&gated;</application> for information on
+ command-line parameters.</para>
+ </sect4>
+ </sect3>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/preface/preface.sgml b/zh_TW.Big5/books/handbook/preface/preface.sgml
new file mode 100644
index 0000000000..18edf57a28
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/preface/preface.sgml
@@ -0,0 +1,625 @@
+<!--
+ $FreeBSD$
+-->
+
+<preface id="book-preface">
+ <title>Preface</title>
+
+ <bridgehead id="preface-audience" renderas=sect1>Intended
+ Audience</bridgehead>
+
+ <para>The FreeBSD newcomer will find that the first section of this
+ book guides the user through the FreeBSD installation process and
+ gently introduces the concepts and conventions that underpin &unix;.
+ Working through this section requires little more than the desire
+ to explore, and the ability to take on board new concepts as they
+ are introduced.</para>
+
+ <para>Once you have traveled this far, the second, far larger,
+ section of the Handbook is a comprehensive reference to all manner
+ of topics of interest to FreeBSD system administrators. Some of
+ these chapters may recommend that you do some prior reading, and
+ this is noted in the synopsis at the beginning of each
+ chapter.</para>
+
+ <para>For a list of additional sources of information, please see <xref
+ linkend="bibliography">.</para>
+
+ <bridgehead id="preface-changes-from2" renderas=sect1>Changes from the
+ Second Edition</bridgehead>
+
+ <para>This third edition is the culmination of over two years of
+ work by the dedicated members of the FreeBSD Documentation
+ Project. The following are the major changes in this new
+ edition:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><xref linkend="config-tuning">, Configuration and
+ Tuning, has been expanded with new information about the
+ ACPI power and resource management, the cron system utility,
+ and more kernel tuning options.</para>
+ </listitem>
+
+ <listitem>
+ <para><xref linkend="security">, Security, has been expanded with
+ new information about virtual private networks (VPNs), file
+ system access control lists (ACLs), and security
+ advisories.</para>
+ </listitem>
+
+ <listitem>
+ <para><xref linkend="mac">, Mandatory Access Control (MAC), is
+ a new chapter with this edition. It explains what MAC is
+ and how this mechanism can be used to secure a FreeBSD
+ system.</para>
+ </listitem>
+
+ <listitem>
+ <para><xref linkend="disks">, Storage, has been expanded with
+ new information about USB storage devices, file system
+ snapshots, file system quotas, file and network backed
+ filesystems, and encrypted disk partitions.</para>
+ </listitem>
+
+ <listitem>
+ <para><xref linkend="vinum-vinum">, Vinum, is a new chapter
+ with this edition. It describes how to use Vinum, a logical
+ volume manager which provides device-independent logical
+ disks, and software RAID-0, RAID-1 and RAID-5.</para>
+ </listitem>
+
+ <listitem>
+ <para>A troubleshooting section has been added to <xref
+ linkend="ppp-and-slip">, PPP and SLIP.</para>
+ </listitem>
+
+ <listitem>
+ <para><xref linkend="mail">, Electronic Mail, has been
+ expanded with new information about using alternative
+ transport agents, SMTP authentication, UUCP, fetchmail,
+ procmail, and other advanced topics.</para>
+ </listitem>
+
+ <listitem>
+ <para><xref linkend="network-servers">, Network Servers, is
+ all new with this edition. This chapter includes
+ information about setting up the Apache HTTP Server, FTPd,
+ and setting up a server for Microsoft Windows clients with
+ Samba. Some sections from <xref
+ linkend="advanced-networking">, Advanced Networking, were
+ moved here to improve the presentation.</para>
+ </listitem>
+
+ <listitem>
+ <para><xref linkend="advanced-networking">, Advanced
+ Networking, has been expanded with new information about
+ using Bluetooth devices with FreeBSD, setting up wireless
+ networks, and Asynchronous Transfer Mode (ATM)
+ networking.</para>
+ </listitem>
+
+ <listitem>
+ <para>A glossary has been added to provide a central location
+ for the definitions of technical terms used throughout the
+ book.</para>
+ </listitem>
+
+ <listitem>
+ <para>A number of aesthetic improvements have been made to the
+ tables and figures throughout the book.</para>
+ </listitem>
+ </itemizedlist>
+
+ <bridgehead id="preface-changes" renderas=sect1>Changes from the
+ First Edition</bridgehead>
+
+ <para>The second edition was the culmination of over two years of
+ work by the dedicated members of the FreeBSD Documentation
+ Project. The following were the major changes in this
+ edition:</para>
+
+<!-- Talk a little about justification and other stylesheet changes? -->
+
+ <itemizedlist>
+ <listitem>
+ <para>A complete Index has been added.</para>
+ </listitem>
+ <listitem>
+ <para>All ASCII figures have been replaced by graphical diagrams.</para>
+ </listitem>
+ <listitem>
+ <para>A standard synopsis has been added to each chapter to
+ give a quick summary of what information the chapter contains,
+ and what the reader is expected to know.</para>
+ </listitem>
+ <listitem>
+ <para>The content has been logically reorganized into three
+ parts: <quote>Getting Started</quote>, <quote>System Administration</quote>, and
+ <quote>Appendices</quote>.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="install"> (<quote>Installing FreeBSD</quote>) was completely
+ rewritten with many screenshots to make it much easier for new
+ users to grasp the text.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="basics"> (<quote>&unix; Basics</quote>) has been expanded to contain
+ additional information about processes, daemons, and
+ signals.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="ports"> (<quote>Installing Applications</quote>) has been expanded
+ to contain additional information about binary package
+ management.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="x11"> (<quote>The X Window System</quote>) has been completely
+ rewritten with an emphasis on using modern desktop
+ technologies such as <application>KDE</application> and <application>GNOME</application> on &xfree86; 4.X.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="boot"> (<quote>The FreeBSD Booting Process</quote>) has been
+ expanded.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="disks"> (<quote>Storage</quote>) has been written from what used
+ to be two separate chapters on <quote>Disks</quote> and <quote>Backups</quote>. We feel
+ that the topics are easier to comprehend when presented as a
+ single chapter. A section on RAID (both hardware and
+ software) has also been added.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="serialcomms"> (<quote>Serial Communications</quote>) has been completely
+ reorganized and updated for FreeBSD 4.X/5.X.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="ppp-and-slip"> (<quote>PPP and SLIP</quote>) has been substantially
+ updated.</para>
+ </listitem>
+ <listitem>
+ <para>Many new sections have been added to <xref linkend="advanced-networking">
+ (<quote>Advanced Networking</quote>).</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="mail"> (<quote>Electronic Mail</quote>) has been expanded to
+ include more information about configuring
+ <application>sendmail</application>.</para>
+ </listitem>
+ <listitem>
+ <para><xref linkend="linuxemu"> (<quote>&linux; Compatibility</quote>) has been expanded to
+ include information about installing
+ <application>&oracle;</application> and
+ <application>&sap.r3;</application>.</para>
+ </listitem>
+ <listitem>
+ <para>The following new topics are covered in this second
+ edition:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Configuration and Tuning (<xref linkend="config-tuning">).</para>
+ </listitem>
+ <listitem>
+ <para>Multimedia (<xref linkend="multimedia">)</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+
+ <bridgehead id="preface-overview" renderas=sect1>Organization of This
+ Book</bridgehead>
+
+ <para>This book is split into five logically distinct sections.
+ The first section, <emphasis>Getting Started</emphasis>, covers
+ the installation and basic usage of FreeBSD. It is expected that
+ the reader will follow these chapters in sequence, possibly
+ skipping chapters covering familiar topics. The second section,
+ <emphasis>Common Tasks</emphasis>, covers some frequently used
+ features of FreeBSD. This section, and all subsequent sections,
+ can be read out of order. Each chapter begins with a succinct
+ synopsis that
+ describes what the chapter covers and what the reader is expected
+ to already know. This is meant to allow the casual reader to skip
+ around to find chapters of interest. The third section,
+ <emphasis>System Administration</emphasis>, covers administration
+ topics. The fourth section, <emphasis>Network
+ Communication</emphasis>, covers networking and server topics.
+ The fifth section contains
+ appendices of reference information.</para>
+
+ <variablelist>
+
+<!-- Part I - Introduction -->
+
+ <varlistentry>
+ <term><emphasis><xref linkend="introduction">, Introduction</emphasis></term>
+ <listitem>
+ <para>Introduces FreeBSD to a new user. It describes the
+ history of the FreeBSD Project, its goals and development model.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="install">, Installation</emphasis></term>
+ <listitem>
+ <para>Walks a user through the entire installation process.
+ Some advanced installation topics, such as installing through
+ a serial console, are also covered.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="basics">, &unix; Basics</emphasis></term>
+ <listitem>
+ <para>Covers the basic commands and functionality of the
+ FreeBSD operating system. If you are familiar with &linux; or
+ another flavor of &unix; then you can probably skip this
+ chapter.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="ports">, Installing Applications</emphasis></term>
+ <listitem>
+ <para>Covers the installation of third-party software with
+ both FreeBSD's innovative <quote>Ports Collection</quote> and standard
+ binary packages.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="x11">, The X Window System</emphasis></term>
+ <listitem>
+ <para>Describes the X Window System in general and using
+ X11 on FreeBSD in particular. Also describes common
+ desktop environments such as <application>KDE</application> and <application>GNOME</application>.</para>
+ </listitem>
+ </varlistentry>
+
+<!-- Part II Common Tasks -->
+
+ <varlistentry>
+ <term><emphasis><xref linkend="desktop">, Desktop Applications</emphasis></term>
+ <listitem>
+ <para>Lists some common desktop applications, such as web browsers
+ and productivity suites, and describes how to install them on
+ FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="multimedia">, Multimedia</emphasis></term>
+ <listitem>
+ <para>Shows how to set up sound and video playback support for your
+ system. Also describes some sample audio and video applications.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="kernelconfig">, Configuring the FreeBSD
+ Kernel</emphasis></term>
+ <listitem>
+ <para>Explains why you might need to configure a new kernel
+ and provides detailed instructions for configuring, building,
+ and installing a custom kernel.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="printing">, Printing</emphasis></term>
+ <listitem>
+ <para>Describes managing printers on FreeBSD, including
+ information about banner pages, printer accounting, and
+ initial setup.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="linuxemu">, &linux; Binary Compatibility</emphasis></term>
+ <listitem>
+ <para>Describes the &linux; compatibility features of FreeBSD.
+ Also provides detailed installation instructions for many
+ popular &linux; applications such as <application>&oracle;</application>, <application>&sap.r3;</application>, and
+ <application>&mathematica;</application>.</para>
+ </listitem>
+ </varlistentry>
+
+<!-- Part III - System Administration -->
+
+ <varlistentry>
+ <term><emphasis><xref linkend="config-tuning">, Configuration and Tuning</emphasis></term>
+ <listitem>
+ <para>Describes the parameters available for system
+ administrators to tune a FreeBSD system for optimum
+ performance. Also describes the various configuration files
+ used in FreeBSD and where to find them.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="boot">, Booting Process</emphasis></term>
+ <listitem>
+ <para>Describes the FreeBSD boot process and explains
+ how to control this process with configuration options.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="users">, Users and Basic Account
+ Management</emphasis></term>
+ <listitem>
+ <para>Describes the creation and manipulation of user
+ accounts. Also discusses resource limitations that can be
+ set on users and other account management tasks.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="security">, Security</emphasis></term>
+ <listitem>
+ <para>Describes many different tools available to help keep your
+ FreeBSD system secure, including Kerberos, IPsec and OpenSSH.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="mac">, Mandatory Access Control</emphasis></term>
+ <listitem>
+ <para>Explains what Mandatory Access Control (MAC) is and how this
+ mechanism can be used to secure a FreeBSD system.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="disks">, Storage</emphasis></term>
+ <listitem>
+ <para>Describes how to manage storage media and filesystems
+ with FreeBSD. This includes physical disks, RAID arrays,
+ optical and tape media, memory-backed disks, and network
+ filesystems.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="geom">, GEOM</emphasis></term>
+ <listitem>
+ <para>Describes what the GEOM framework in FreeBSD is and how
+ to configure various supported RAID levels.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="vinum-vinum">, Vinum</emphasis></term>
+ <listitem>
+ <para>Describes how to use Vinum, a logical volume manager
+ which provides device-independent logical disks, and
+ software RAID-0, RAID-1 and RAID-5.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="l10n">, Localization</emphasis></term>
+ <listitem>
+ <para>Describes how to use FreeBSD in languages other than
+ English. Covers both system and application level
+ localization.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="cutting-edge">, The Cutting Edge</emphasis></term>
+ <listitem>
+ <para>Explains the differences between FreeBSD-STABLE,
+ FreeBSD-CURRENT, and FreeBSD releases. Describes which users
+ would benefit from tracking a development system and outlines
+ that process.</para>
+ </listitem>
+ </varlistentry>
+
+<!-- Part IV - Network Communications -->
+
+ <varlistentry>
+ <term><emphasis><xref linkend="serialcomms">, Serial Communications</emphasis></term>
+ <listitem>
+ <para>Explains how to connect terminals and modems to your
+ FreeBSD system for both dial in and dial out connections.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="ppp-and-slip">, PPP and SLIP</emphasis></term>
+ <listitem>
+ <para>Describes how to use PPP, SLIP, or PPP over Ethernet to
+ connect to remote systems with FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="mail">, Electronic Mail</emphasis></term>
+ <listitem>
+ <para>Explains the different components of an email server and
+ dives into simple configuration topics for the most popular
+ mail server software:
+ <application>sendmail</application>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="network-servers">, Network Servers</emphasis></term>
+ <listitem>
+ <para>Provides detailed instructions and example configuration
+ files to set up your FreeBSD machine as a network filesystem
+ server, domain name server, network information system
+ server, or time synchronization server.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="firewalls">, Firewalls</emphasis></term>
+ <listitem>
+ <para>Explains the philosophy behind software-based firewalls and
+ provides detailed information about the configuration of the
+ different firewalls available for FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="advanced-networking">, Advanced Networking</emphasis></term>
+ <listitem>
+ <para>Describes many networking topics, including sharing an
+ Internet connection with other computers on your LAN, advanced
+ routing topics, wireless networking, bluetooth, ATM, IPv6, and
+ much more.</para>
+ </listitem>
+ </varlistentry>
+
+<!-- Part V - Appendices -->
+
+ <varlistentry>
+ <term><emphasis><xref linkend="mirrors">, Obtaining FreeBSD </emphasis></term>
+ <listitem>
+ <para>Lists different sources for obtaining FreeBSD media on CDROM
+ or DVD as well as different sites on the Internet that allow
+ you to download and install FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="bibliography">, Bibliography </emphasis></term>
+ <listitem>
+ <para>This book touches on many different subjects that may
+ leave you hungry for a more detailed explanation. The
+ bibliography lists many excellent books that are referenced in
+ the text.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="eresources">, Resources on the Internet</emphasis></term>
+ <listitem>
+ <para>Describes the many forums available for FreeBSD users to
+ post questions and engage in technical conversations about
+ FreeBSD.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><emphasis><xref linkend="pgpkeys">, PGP Keys</emphasis></term>
+ <listitem>
+ <para>Lists the PGP fingerprints of several FreeBSD Developers.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <bridgehead id="preface-conv" renderas=sect1>Conventions used
+ in this book</bridgehead>
+
+ <para>To provide a consistent and easy to read text, several
+ conventions are followed throughout the book.</para>
+
+ <bridgehead id="preface-conv-typographic" renderas=sect2>Typographic
+ Conventions</bridgehead>
+
+ <variablelist>
+ <varlistentry>
+ <term><emphasis>Italic</emphasis></term>
+ <listitem>
+ <para>An <emphasis>italic</emphasis> font is used for filenames, URLs,
+ emphasized text, and the first usage of technical terms.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>Monospace</literal></term>
+ <listitem>
+ <para>A <literal>monospaced</literal> font is
+ used for error messages, commands, environment variables,
+ names of ports, hostnames, user names, group names, device
+ names, variables, and code fragments.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><application>Bold</application></term>
+ <listitem>
+ <para>A <application>bold</application> font is used for
+ applications, commands, and keys.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+<!-- Var list -->
+ <bridgehead id="preface-conv-commands"
+ renderas=sect2>User Input</bridgehead>
+
+ <para>Keys are shown in <keycap>bold</keycap> to stand out from
+ other text. Key combinations that are meant to be typed
+ simultaneously are shown with `<literal>+</literal>' between
+ the keys, such as:</para>
+
+ <para>
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>Alt</keycap>
+ <keycap>Del</keycap>
+ </keycombo>
+ </para>
+
+ <para>Meaning the user should type the <keycap>Ctrl</keycap>,
+ <keycap>Alt</keycap>, and <keycap>Del</keycap> keys at the same
+ time.</para>
+
+ <para>Keys that are meant to be typed in sequence will be separated with
+ commas, for example:</para>
+
+ <para>
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>X</keycap>
+ </keycombo>,
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>S</keycap>
+ </keycombo>
+ </para>
+
+ <para>Would mean that the user is expected to type the
+ <keycap>Ctrl</keycap> and <keycap>X</keycap> keys simultaneously
+ and then to type the <keycap>Ctrl</keycap> and <keycap>S</keycap>
+ keys simultaneously.</para>
+
+<!-- How to type in key stokes, etc.. -->
+ <bridgehead id="preface-conv-examples"
+ renderas=sect2>Examples</bridgehead>
+
+ <para>Examples starting with <devicename>E:\&gt;</devicename>
+ indicate a &ms-dos; command. Unless otherwise noted, these commands
+ may be executed from a <quote>Command Prompt</quote> window in a modern &microsoft.windows;
+ environment.</para>
+
+ <screen><prompt>E:\&gt;</prompt> <userinput>tools\fdimage floppies\kern.flp A:</userinput></screen>
+
+ <para>Examples starting with &prompt.root; indicate a command that
+ must be invoked as the superuser in FreeBSD. You can login as
+ <username>root</username> to type the command, or login as your
+ normal account and use &man.su.1; to gain
+ superuser privileges.</para>
+
+ <screen>&prompt.root; <userinput>dd if=kern.flp of=/dev/fd0</userinput></screen>
+
+ <para>Examples starting with &prompt.user; indicate a command that
+ should be invoked from a normal user account. Unless otherwise
+ noted, C-shell syntax is used for setting environment variables
+ and other shell commands.</para>
+
+ <screen>&prompt.user; <userinput>top</userinput></screen>
+
+ <bridgehead id="preface-acknowledgements"
+ renderas=sect1>Acknowledgments</bridgehead>
+
+ <para>The book you are holding represents the efforts of many hundreds of
+ people around the world. Whether they sent in fixes for typos, or
+ submitted complete chapters, all the contributions have been
+ useful.</para>
+
+ <para>Several companies have supported the development of this
+ document by paying authors to work on it full-time, paying for
+ publication, etc. In particular, BSDi (subsequently acquired by
+ <ulink url="http://www.windriver.com">Wind River Systems</ulink>)
+ paid members of the FreeBSD Documentation Project to work on
+ improving this book full time leading up to the publication of the
+ first printed edition in March 2000 (ISBN 1-57176-241-8). Wind
+ River Systems then paid several additional authors to make a
+ number of improvements to the print-output infrastructure and to add
+ additional chapters to the text. This work culminated in the
+ publication of the second printed edition in November 2001 (ISBN
+ 1-57176-303-1). In 2003-2004, <ulink
+ url="http://www.freebsdmall.com">FreeBSD Mall, Inc</ulink>, paid
+ several contributors to improve the Handbook in preparation for
+ the third printed edition.</para>
+
+</preface>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "book" "preface")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/printing/Makefile b/zh_TW.Big5/books/handbook/printing/Makefile
new file mode 100644
index 0000000000..72d9e9b80a
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/printing/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= printing/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/printing/chapter.sgml b/zh_TW.Big5/books/handbook/printing/chapter.sgml
new file mode 100644
index 0000000000..f67a28c26c
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/printing/chapter.sgml
@@ -0,0 +1,4948 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="printing">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Sean</firstname>
+ <surname>Kelly</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ <!-- 30 Sept 1995 -->
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Mock</surname>
+ <contrib>Restructured and updated by </contrib>
+ <!-- Mar 2000 -->
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Printing</title>
+
+ <sect1 id="printing-synopsis">
+ <title>Synopsis</title>
+ <indexterm><primary>LPD spooling system</primary></indexterm>
+ <indexterm><primary>printing</primary></indexterm>
+
+ <para>FreeBSD can be used to print with a wide variety of printers, from the
+ oldest impact printer to the latest laser printers, and everything in
+ between, allowing you to produce high-quality printed output from the
+ applications you run.</para>
+
+ <para>FreeBSD can also be configured to act as a print server on a
+ network; in this capacity FreeBSD can receive print jobs from a variety
+ of other computers, including other FreeBSD computers, &windows; and &macos;
+ hosts. FreeBSD will ensure that one job at a time is printed, and can
+ keep statistics on which users and machines are doing the most printing,
+ produce <quote>banner</quote> pages showing who's printout is who's, and
+ more.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>How to configure the FreeBSD print spooler.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install print filters, to handle special print jobs
+ differently, including converting incoming documents to print
+ formats that your printers understand.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to enable header, or banner pages on your printout.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to print with printers connected to other computers.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to print with printers connected directly to the
+ network.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to control printer restrictions, including limiting the size
+ of print jobs, and preventing certain users from printing.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to keep printer statistics, and account for printer
+ usage.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to troubleshoot printing problems.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Know how to configure and install a new kernel
+ (<xref linkend="kernelconfig">).</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="printing-intro-spooler">
+ <title>Introduction</title>
+
+ <para>In order to use printers with FreeBSD, you may set
+ them up to work with the Berkeley line printer spooling system,
+ also known as the <application>LPD</application> spooling system,
+ or just <application>LPD</application>.
+ It is the standard printer control system in FreeBSD. This
+ chapter introduces <application>LPD</application> and
+ will guide you through its configuration.</para>
+
+ <para>If you are already familiar with
+ <application>LPD</application> or another printer spooling
+ system, you may wish to skip to section <link
+ linkend="printing-intro-setup">Basic Setup</link>.</para>
+
+ <para><application>LPD</application> controls everything about a
+ host's printers. It is responsible for a number of things:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>It controls access to attached printers and printers
+ attached to other hosts on the network.</para>
+ </listitem>
+
+ <indexterm><primary>print jobs</primary></indexterm>
+ <listitem>
+ <para>It enables users to submit files to be printed; these
+ submissions are known as <emphasis>jobs</emphasis>.</para>
+ </listitem>
+
+ <listitem>
+ <para>It prevents multiple users from accessing a printer at the
+ same time by maintaining a <emphasis>queue</emphasis> for each
+ printer.</para>
+ </listitem>
+
+ <listitem>
+ <para>It can print <emphasis>header pages</emphasis> (also known
+ as <emphasis>banner</emphasis> or <emphasis>burst</emphasis>
+ pages) so users can easily find jobs they have printed in a
+ stack of printouts.</para>
+ </listitem>
+
+ <listitem>
+ <para>It takes care of communications parameters for printers
+ connected on serial ports.</para>
+ </listitem>
+
+ <listitem>
+ <para>It can send jobs over the network to a
+ <application>LPD</application> spooler on another host.</para>
+ </listitem>
+
+ <listitem>
+ <para>It can run special filters to format jobs to be printed for
+ various printer languages or printer capabilities.</para>
+ </listitem>
+
+ <listitem>
+ <para>It can account for printer usage.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Through a configuration file
+ (<filename>/etc/printcap</filename>), and by providing the special
+ filter programs, you can enable the <application>LPD</application>
+ system to do all or some
+ subset of the above for a great variety of printer hardware.</para>
+
+ <sect2 id="printing-intro-why">
+ <title>Why You Should Use the Spooler</title>
+
+ <para>If you are the sole user of your system, you may be wondering
+ why you should bother with the spooler when you do not need access
+ control, header pages, or printer accounting. While it is
+ possible to enable direct access to a printer, you should use the
+ spooler anyway since:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><application>LPD</application> prints jobs in the background;
+ you do not have to wait
+ for data to be copied to the printer.</para>
+ </listitem>
+
+ <indexterm><primary>&tex;</primary></indexterm>
+ <listitem>
+ <para><application>LPD</application> can conveniently run a job
+ to be printed through
+ filters to add date/time headers or convert a special file
+ format (such as a &tex; DVI file) into a format the printer will
+ understand. You will not have to do these steps
+ manually.</para>
+ </listitem>
+
+ <listitem>
+ <para>Many free and commercial programs that provide a print
+ feature usually expect to talk to the spooler on your system.
+ By setting up the spooling system, you will more easily
+ support other software you may later add or already
+ have.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="printing-intro-setup">
+ <title>Basic Setup</title>
+
+ <para>To use printers with the <application>LPD</application> spooling
+ system, you will need to
+ set up both your printer hardware and the
+ <application>LPD</application> software. This
+ document describes two levels of setup:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>See section <link linkend="printing-simple">Simple Printer
+ Setup</link> to learn how to connect a printer, tell
+ <application>LPD</application> how to
+ communicate with it, and print plain text files to the
+ printer.</para>
+ </listitem>
+
+ <listitem>
+ <para>See section <link linkend="printing-advanced">Advanced
+ Printer Setup</link> to learn how to print a variety of
+ special file formats, to print header pages, to print across a
+ network, to control access to printers, and to do printer
+ accounting.</para>
+ </listitem>
+ </itemizedlist>
+
+ <sect2 id="printing-simple">
+ <title>Simple Printer Setup</title>
+
+ <para>This section tells how to configure printer hardware and the
+ <application>LPD</application> software to use the printer.
+ It teaches the basics:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Section <link linkend="printing-hardware">Hardware
+ Setup</link> gives some hints on connecting the printer to a
+ port on your computer.</para>
+ </listitem>
+
+ <listitem>
+ <para>Section <link linkend="printing-software">Software
+ Setup</link> shows how to set up the
+ <application>LPD</application> spooler configuration
+ file (<filename>/etc/printcap</filename>).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you are setting up a printer that uses a network protocol
+ to accept data to print instead of a computer's local interfaces,
+ see <link linkend="printing-advanced-network-net-if">Printers With
+ Networked Data Stream Interfaces</link>.</para>
+
+ <para>Although this section is called <quote>Simple Printer
+ Setup</quote>, it is actually fairly complex. Getting the printer
+ to work with your computer and the <application>LPD</application>
+ spooler is the hardest
+ part. The advanced options like header pages and accounting are
+ fairly easy once you get the printer working.</para>
+
+ <sect3 id="printing-hardware">
+ <title>Hardware Setup</title>
+
+ <para>This section tells about the various ways you can connect a
+ printer to your PC. It talks about the kinds of ports and
+ cables, and also the kernel configuration you may need to enable
+ FreeBSD to speak to the printer.</para>
+
+ <para>If you have already connected your printer and have
+ successfully printed with it under another operating system, you
+ can probably skip to section <link
+ linkend="printing-software">Software Setup</link>.</para>
+
+ <sect4 id="printing-ports">
+ <title>Ports and Cables</title>
+
+ <para>Printers sold for use on PC's today generally come
+ with one or more of the following three interfaces:</para>
+
+ <itemizedlist>
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>serial</secondary>
+ </indexterm>
+ <listitem>
+ <para><emphasis>Serial</emphasis> interfaces, also known
+ as RS-232 or COM ports, use a serial port
+ on your computer to send data to the printer. Serial
+ interfaces are common in the computer industry and cables
+ are readily available and also easy to construct. Serial
+ interfaces sometimes need special cables and might require
+ you to configure somewhat complex communications
+ options. Most PC serial ports have a maximum
+ transmission rate of 115200&nbsp;bps, which makes printing
+ large graphic print jobs with them impractical.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>parallel</secondary>
+ </indexterm>
+ <listitem>
+ <para><emphasis>Parallel</emphasis> interfaces use a
+ parallel port on your computer to send data to the
+ printer. Parallel interfaces are common in the PC market
+ and are faster than RS-232 serial.
+ Cables are readily available but more difficult to
+ construct by hand. There are usually no communications
+ options with parallel interfaces, making their
+ configuration exceedingly simple.</para>
+
+ <indexterm>
+ <primary>centronics</primary>
+ <see>parallel printers</see>
+ </indexterm>
+ <para>Parallel interfaces are sometimes known as
+ <quote>Centronics</quote> interfaces, named after the
+ connector type on the printer.</para>
+ </listitem>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>USB</secondary>
+ </indexterm>
+ <listitem>
+ <para>USB interfaces, named for the Universal Serial
+ Bus, can run at even faster speeds than parallel or
+ RS-232 serial interfaces. Cables are simple and cheap.
+ USB is superior to RS-232 Serial and to Parallel for
+ printing, but it is not as well supported under &unix;
+ systems. A way to avoid this problem is to purchase a
+ printer that has both a USB interface and a Parallel
+ interface, as many printers do.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>In general, Parallel interfaces usually offer just
+ one-way communication (computer to printer) while serial
+ and USB gives you two-way. Newer parallel ports (EPP and
+ ECP) and printers
+ can communicate in both directions under FreeBSD when a
+ IEEE-1284-compliant cable is used.</para>
+
+ <indexterm><primary>PostScript</primary></indexterm>
+
+ <para>Two-way communication to the printer over a parallel
+ port is generally done in one of two ways. The first method
+ uses a custom-built printer driver for FreeBSD that speaks
+ the proprietary language used by the printer. This is
+ common with inkjet printers and can be used for reporting
+ ink levels and other status information. The second
+ method is used when the printer supports
+ &postscript;.</para>
+
+ <para>&postscript; jobs are
+ actually programs sent to the printer; they need not produce
+ paper at all and may return results directly to the computer.
+ &postscript; also uses two-way communication to tell the
+ computer about problems, such as errors in the &postscript;
+ program or paper jams. Your users may be appreciative of such
+ information. Furthermore, the best way to do effective
+ accounting with a &postscript; printer requires two-way
+ communication: you ask the printer for its page count (how
+ many pages it has printed in its lifetime), then send the
+ user's job, then ask again for its page count. Subtract the
+ two values and you know how much paper to charge to the
+ user.</para>
+ </sect4>
+
+ <sect4 id="printing-parallel">
+ <title>Parallel Ports</title>
+
+ <para>To hook up a printer using a parallel interface, connect
+ the Centronics cable between the printer and the computer.
+ The instructions that came with the printer, the computer, or
+ both should give you complete guidance.</para>
+
+ <para>Remember which parallel port you used on the computer.
+ The first parallel port is <filename>ppc0</filename> to
+ FreeBSD; the second is <filename>ppc1</filename>, and so
+ on. The printer device name uses the same scheme:
+ <filename>/dev/lpt0</filename> for the printer on the first
+ parallel ports etc.</para>
+ </sect4>
+
+ <sect4 id="printing-serial">
+ <title>Serial Ports</title>
+
+ <para>To hook up a printer using a serial interface, connect the
+ proper serial cable between the printer and the computer. The
+ instructions that came with the printer, the computer, or both
+ should give you complete guidance.</para>
+
+ <para>If you are unsure what the <quote>proper serial
+ cable</quote> is, you may wish to try one of the following
+ alternatives:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>A <emphasis>modem</emphasis> cable connects each pin
+ of the connector on one end of the cable straight through
+ to its corresponding pin of the connector on the other
+ end. This type of cable is also known as a
+ <quote>DTE-to-DCE</quote> cable.</para>
+ </listitem>
+
+ <indexterm><primary>null-modem cable</primary></indexterm>
+ <listitem>
+ <para>A <emphasis>null-modem</emphasis> cable connects some
+ pins straight through, swaps others (send data to receive
+ data, for example), and shorts some internally in each
+ connector hood. This type of cable is also known as a
+ <quote>DTE-to-DTE</quote> cable.</para>
+ </listitem>
+
+ <listitem>
+ <para>A <emphasis>serial printer</emphasis> cable, required
+ for some unusual printers, is like the null-modem cable,
+ but sends some signals to their counterparts instead of
+ being internally shorted.</para>
+ </listitem>
+ </itemizedlist>
+
+ <indexterm><primary>baud rate</primary></indexterm>
+ <indexterm><primary>parity</primary></indexterm>
+ <indexterm><primary>flow control protocol</primary></indexterm>
+ <para>You should also set up the communications parameters for
+ the printer, usually through front-panel controls or DIP
+ switches on the printer. Choose the highest
+ <literal>bps</literal> (bits per second, sometimes
+ <emphasis>baud rate</emphasis>) that both your computer
+ and the printer can support. Choose 7 or 8 data bits; none,
+ even, or odd parity; and 1 or 2 stop bits. Also choose a flow
+ control protocol: either none, or XON/XOFF (also known as
+ <quote>in-band</quote> or <quote>software</quote>) flow control.
+ Remember these settings for the software configuration that
+ follows.</para>
+ </sect4>
+ </sect3>
+
+ <sect3 id="printing-software">
+ <title>Software Setup</title>
+
+ <para>This section describes the software setup necessary to print
+ with the <application>LPD</application> spooling system in FreeBSD.
+ </para>
+
+ <para>Here is an outline of the steps involved:</para>
+
+ <procedure>
+ <step>
+ <para>Configure your kernel, if necessary, for the port you
+ are using for the printer; section <link
+ linkend="printing-kernel">Kernel Configuration</link> tells
+ you what you need to do.</para>
+ </step>
+
+ <step>
+ <para>Set the communications mode for the parallel port, if
+ you are using a parallel port; section <link
+ linkend="printing-parallel-port-mode">Setting the
+ Communication Mode for the Parallel Port</link> gives
+ details.</para>
+ </step>
+
+ <step>
+ <para>Test if the operating system can send data to the printer.
+ Section <link linkend="printing-testing">Checking Printer
+ Communications</link> gives some suggestions on how to do
+ this.</para>
+ </step>
+
+ <step>
+ <para>Set up <application>LPD</application> for the printer by
+ modifying the file
+ <filename>/etc/printcap</filename>. You will find out how
+ to do this later in this chapter.</para>
+ </step>
+ </procedure>
+
+ <sect4 id="printing-kernel">
+ <title>Kernel Configuration</title>
+
+ <para>The operating system kernel is compiled to work with a
+ specific set of devices. The serial or parallel interface for
+ your printer is a part of that set. Therefore, it might be
+ necessary to add support for an additional serial or parallel
+ port if your kernel is not already configured for one.</para>
+
+ <para>To find out if the kernel you are currently using supports
+ a serial interface, type:</para>
+
+ <screen>&prompt.root; <userinput>grep sio<replaceable>N</replaceable> /var/run/dmesg.boot</userinput></screen>
+
+ <para>Where <replaceable>N</replaceable> is the number of the
+ serial port, starting from zero. If you see output similar to
+ the following:</para>
+
+ <screen>sio2 at port 0x3e8-0x3ef irq 5 on isa
+sio2: type 16550A</screen>
+
+ <para>then the kernel supports the port.</para>
+
+ <para>To find out if the kernel supports a parallel interface,
+ type:</para>
+
+ <screen>&prompt.root; <userinput>grep ppc<replaceable>N</replaceable> /var/run/dmesg.boot</userinput></screen>
+
+ <para>Where <replaceable>N</replaceable> is the number of the
+ parallel port, starting from zero. If you see output similar
+ to the following:</para>
+
+ <screen>ppc0: &lt;Parallel port&gt; at port 0x378-0x37f irq 7 on isa0
+ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
+ppc0: FIFO with 16/16/8 bytes threshold</screen>
+
+ <para>then the kernel supports the port.</para>
+
+ <para>You might have to reconfigure your kernel in order for the
+ operating system to recognize and use the parallel or serial
+ port you are using for the printer.</para>
+
+ <para>To add support for a serial port, see the section on
+ kernel configuration. To add support for a parallel port, see
+ that section <emphasis>and</emphasis> the section that
+ follows.</para>
+ </sect4>
+ </sect3>
+
+ <sect3 id="printing-dev-ports">
+ <title>Adding <filename>/dev</filename> Entries for the
+ Ports</title>
+
+ <note><para>FreeBSD&nbsp;5.0 includes the <literal>devfs</literal>
+ filesystem which automatically creates device nodes as
+ needed. If you are running a version of FreeBSD with
+ <literal>devfs</literal> enabled then you can safely skip
+ this section.</para></note>
+
+ <para>Even though the kernel may support communication along a
+ serial or parallel port, you will still need a software
+ interface through which programs running on the system can
+ send and receive data. That is what entries in the
+ <filename>/dev</filename> directory are for.</para>
+
+ <para><emphasis>To add a <filename>/dev</filename> entry for a
+ port:</emphasis></para>
+
+ <procedure>
+ <step>
+ <para>Become <username>root</username> with the &man.su.1; command.
+ Enter the <username>root</username> password when prompted.</para>
+ </step>
+
+ <step>
+ <para>Change to the <filename>/dev</filename>
+ directory:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput></screen>
+ </step>
+
+ <step>
+ <para>Type:</para>
+
+ <screen>&prompt.root; <userinput>./MAKEDEV <replaceable>port</replaceable></userinput></screen>
+
+ <para>Where <replaceable>port</replaceable> is the device
+ entry for the port you want to make. Use
+ <literal>lpt0</literal> for the printer on the first parallel port,
+ <literal>lpt1</literal> for the printer on the second port, and so on; use
+ <literal>ttyd0</literal> for the first serial port,
+ <literal>ttyd1</literal> for the second, and so on.</para>
+ </step>
+
+ <step>
+ <para>Type:</para>
+
+ <screen>&prompt.root; <userinput>ls -l <replaceable>port</replaceable></userinput></screen>
+
+ <para>to make sure the device entry got created.</para>
+ </step>
+ </procedure>
+
+ <sect4 id="printing-parallel-port-mode">
+ <title>Setting the Communication Mode for the Parallel
+ Port</title>
+
+ <para>When you are using the parallel interface, you can choose
+ whether FreeBSD should use interrupt-driven or polled
+ communication with the printer. The generic printer
+ device driver (&man.lpt.4;) on FreeBSD&nbsp;4.X and 5.X
+ uses the &man.ppbus.4; system, which controls the port
+ chipset with the &man.ppc.4; driver.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <emphasis>interrupt-driven</emphasis> method is
+ the default with the GENERIC kernel. With this method,
+ the operating system uses an IRQ line to determine when
+ the printer is ready for data.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <emphasis>polled</emphasis> method directs the
+ operating system to repeatedly ask the printer if it is
+ ready for more data. When it responds ready, the kernel
+ sends more data.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The interrupt-driven method is usually somewhat faster
+ but uses up a precious IRQ line. Some newer HP printers
+ are claimed not to work correctly in interrupt mode,
+ apparently due to some (not yet exactly understood) timing
+ problem. These printers need polled mode. You should use
+ whichever one works. Some printers will work in both
+ modes, but are painfully slow in interrupt mode.</para>
+
+ <para>You can set the communications mode in two ways: by
+ configuring the kernel or by using the &man.lptcontrol.8;
+ program.</para>
+
+ <para><emphasis>To set the communications mode by configuring
+ the kernel:</emphasis></para>
+
+ <procedure>
+ <step>
+ <para>Edit your kernel configuration file. Look for
+ an <literal>ppc0</literal> entry. If you are setting up
+ the second parallel port, use <literal>ppc1</literal>
+ instead. Use <literal>ppc2</literal> for the third port,
+ and so on.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>If you want interrupt-driven mode, for FreeBSD&nbsp;4.X add the
+ <literal>irq</literal> specifier:</para>
+
+ <programlisting>device ppc0 at isa? irq <replaceable>N</replaceable></programlisting>
+
+ <para>Where <replaceable>N</replaceable> is the IRQ
+ number for your computer's parallel port.</para>
+
+ <para>For FreeBSD&nbsp;5.X, edit the following line:</para>
+
+ <programlisting>hint.ppc.0.irq="<replaceable>N</replaceable>"</programlisting>
+
+ <para>in the <filename>/boot/device.hints</filename> file
+ and replace <replaceable>N</replaceable> with the right
+ IRQ number. The kernel configuration file must
+ also contain the &man.ppc.4; driver:</para>
+
+ <screen>device ppc</screen>
+
+ </listitem>
+
+ <listitem>
+ <para>If you want polled mode, do not add the
+ <literal>irq</literal> specifier:</para>
+
+ <para>For FreeBSD&nbsp;4.X, use the following line in
+ your kernel configuration file:</para>
+
+ <programlisting>device ppc0 at isa?</programlisting>
+
+ <para>For FreeBSD&nbsp;5.X, simply remove in your
+ <filename>/boot/device.hints</filename> file, the
+ following line:</para>
+
+ <programlisting>hint.ppc.0.irq="<replaceable>N</replaceable>"</programlisting>
+
+ <para>In some cases, this is not enough to put the
+ port in polled mode under FreeBSD&nbsp;5.X. Most of
+ time it comes from &man.acpi.4; driver, this latter
+ is able to probe and attach devices, and therefore,
+ control the access mode to the printer port. You
+ should check your &man.acpi.4; configuration to
+ correct this problem.</para>
+ </listitem>
+ </itemizedlist>
+ </step>
+
+ <step>
+ <para>Save the file. Then configure, build, and install the
+ kernel, then reboot. See <link
+ linkend="kernelconfig">kernel configuration</link> for
+ more details.</para>
+ </step>
+ </procedure>
+
+ <para><emphasis>To set the communications mode with</emphasis>
+ &man.lptcontrol.8;:</para>
+
+ <procedure>
+ <step>
+ <para>Type:</para>
+
+ <screen>&prompt.root; <userinput>lptcontrol -i -d /dev/lpt<replaceable>N</replaceable></userinput></screen>
+
+ <para>to set interrupt-driven mode for
+ <literal>lpt<replaceable>N</replaceable></literal>.</para>
+ </step>
+
+ <step>
+ <para>Type:</para>
+
+ <screen>&prompt.root; <userinput>lptcontrol -p -d /dev/lpt<replaceable>N</replaceable></userinput></screen>
+
+ <para>to set polled-mode for
+ <literal>lpt<replaceable>N</replaceable></literal>.</para>
+ </step>
+ </procedure>
+
+ <para>You could put these commands in your
+ <filename>/etc/rc.local</filename> file to set the mode each
+ time your system boots. See &man.lptcontrol.8; for more
+ information.</para>
+ </sect4>
+
+ <sect4 id="printing-testing">
+ <title>Checking Printer Communications</title>
+
+ <para>Before proceeding to configure the spooling system, you
+ should make sure the operating system can successfully send
+ data to your printer. It is a lot easier to debug printer
+ communication and the spooling system separately.</para>
+
+ <para>To test the printer, we will send some text to it. For
+ printers that can immediately print characters sent to them,
+ the program &man.lptest.1; is perfect: it generates all 96
+ printable ASCII characters in 96 lines.</para>
+
+ <indexterm><primary>PostScript</primary></indexterm>
+ <para>For a &postscript; (or other language-based) printer, we
+ will need a more sophisticated test. A small &postscript;
+ program, such as the following, will suffice:</para>
+
+ <programlisting>%!PS
+100 100 moveto 300 300 lineto stroke
+310 310 moveto /Helvetica findfont 12 scalefont setfont
+(Is this thing working?) show
+showpage</programlisting>
+
+ <para>The above &postscript; code can be placed into a file and
+ used as shown in the examples appearing in the following
+ sections.</para>
+
+ <indexterm><primary>PCL</primary></indexterm>
+ <note>
+ <para>When this document refers to a printer language, it is
+ assuming a language like &postscript;, and not Hewlett
+ Packard's PCL. Although PCL has great functionality, you
+ can intermingle plain text with its escape sequences.
+ &postscript; cannot directly print plain text, and that is the
+ kind of printer language for which we must make special
+ accommodations.</para>
+ </note>
+
+ <sect5 id="printing-checking-parallel">
+ <title>Checking a Parallel Printer</title>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>parallel</secondary>
+ </indexterm>
+ <para>This section tells you how to check if FreeBSD can
+ communicate with a printer connected to a parallel
+ port.</para>
+
+ <para><emphasis>To test a printer on a parallel
+ port:</emphasis></para>
+
+ <procedure>
+ <step>
+ <para>Become <username>root</username> with &man.su.1;.</para>
+ </step>
+
+ <step>
+ <para>Send data to the printer.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>If the printer can print plain text, then use
+ &man.lptest.1;. Type:</para>
+
+ <screen>&prompt.root; <userinput>lptest &gt; /dev/lpt<replaceable>N</replaceable></userinput></screen>
+
+ <para>Where <replaceable>N</replaceable> is the number
+ of the parallel port, starting from zero.</para>
+ </listitem>
+
+ <listitem>
+ <para>If the printer understands &postscript; or other
+ printer language, then send a small program to the
+ printer. Type:</para>
+
+ <screen>&prompt.root; <userinput>cat &gt; /dev/lpt<replaceable>N</replaceable></userinput></screen>
+
+ <para>Then, line by line, type the program
+ <emphasis>carefully</emphasis> as you cannot edit a
+ line once you have pressed <literal>RETURN</literal>
+ or <literal>ENTER</literal>. When you have finished
+ entering the program, press
+ <literal>CONTROL+D</literal>, or whatever your end
+ of file key is.</para>
+
+ <para>Alternatively, you can put the program in a file
+ and type:</para>
+
+ <screen>&prompt.root; <userinput>cat <replaceable>file</replaceable> &gt; /dev/lpt<replaceable>N</replaceable></userinput></screen>
+
+ <para>Where <replaceable>file</replaceable> is the
+ name of the file containing the program you want to
+ send to the printer.</para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ </procedure>
+
+ <para>You should see something print. Do not worry if the
+ text does not look right; we will fix such things
+ later.</para>
+ </sect5>
+
+ <sect5 id="printing-checking-serial">
+ <title>Checking a Serial Printer</title>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>serial</secondary>
+ </indexterm>
+ <para>This section tells you how to check if FreeBSD can
+ communicate with a printer on a serial port.</para>
+
+ <para><emphasis>To test a printer on a serial
+ port:</emphasis></para>
+
+ <procedure>
+ <step>
+ <para>Become <username>root</username> with &man.su.1;.</para>
+ </step>
+
+ <step>
+ <para>Edit the file <filename>/etc/remote</filename>. Add
+ the following entry:</para>
+
+ <programlisting>printer:dv=/dev/<replaceable>port</replaceable>:br#<replaceable>bps-rate</replaceable>:pa=<replaceable>parity</replaceable></programlisting>
+
+ <indexterm><primary>bits-per-second</primary></indexterm>
+ <indexterm><primary>serial port</primary></indexterm>
+ <indexterm><primary>parity</primary></indexterm>
+ <para>Where <replaceable>port</replaceable> is the device
+ entry for the serial port (<literal>ttyd0</literal>,
+ <literal>ttyd1</literal>, etc.),
+ <replaceable>bps-rate</replaceable> is the
+ bits-per-second rate at which the printer communicates,
+ and <replaceable>parity</replaceable> is the parity
+ required by the printer (either <literal>even</literal>,
+ <literal>odd</literal>, <literal>none</literal>, or
+ <literal>zero</literal>).</para>
+
+ <para>Here is a sample entry for a printer connected via
+ a serial line to the third serial port at 19200&nbsp;bps with
+ no parity:</para>
+
+ <programlisting>printer:dv=/dev/ttyd2:br#19200:pa=none</programlisting>
+ </step>
+
+ <step>
+ <para>Connect to the printer with &man.tip.1;.
+ Type:</para>
+
+ <screen>&prompt.root; <userinput>tip printer</userinput></screen>
+
+ <para>If this step does not work, edit the file
+ <filename>/etc/remote</filename> again and try using
+ <filename>/dev/cuaa<replaceable>N</replaceable></filename>
+ instead of
+ <filename>/dev/ttyd<replaceable>N</replaceable></filename>.</para>
+ </step>
+
+ <step>
+ <para>Send data to the printer.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>If the printer can print plain text, then use
+ &man.lptest.1;. Type:</para>
+
+ <screen>&prompt.user; <userinput>$lptest</userinput></screen>
+ </listitem>
+
+ <listitem>
+ <para>If the printer understands &postscript; or other
+ printer language, then send a small program to the
+ printer. Type the program, line by line,
+ <emphasis>very carefully</emphasis> as backspacing
+ or other editing keys may be significant to the
+ printer. You may also need to type a special
+ end-of-file key for the printer so it knows it
+ received the whole program. For &postscript;
+ printers, press <literal>CONTROL+D</literal>.</para>
+
+ <para>Alternatively, you can put the program in a file
+ and type:</para>
+
+ <screen>&prompt.user; <userinput>&gt;<replaceable>file</replaceable></userinput></screen>
+
+ <para>Where <replaceable>file</replaceable> is the
+ name of the file containing the program. After
+ &man.tip.1; sends the file, press any required
+ end-of-file key.</para>
+ </listitem>
+ </itemizedlist>
+ </step>
+ </procedure>
+
+ <para>You should see something print. Do not worry if the
+ text does not look right; we will fix that later.</para>
+ </sect5>
+ </sect4>
+ </sect3>
+
+ <sect3 id="printing-printcap">
+ <title>Enabling the Spooler: the <filename>/etc/printcap</filename>
+ File</title>
+
+ <para>At this point, your printer should be hooked up, your kernel
+ configured to communicate with it (if necessary), and you have
+ been able to send some simple data to the printer. Now, we are
+ ready to configure <application>LPD</application> to control access
+ to your printer.</para>
+
+ <para>You configure <application>LPD</application> by editing the file
+ <filename>/etc/printcap</filename>. The
+ <application>LPD</application> spooling system
+ reads this file each time the spooler is used, so updates to the
+ file take immediate effect.</para>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>capabilities</secondary>
+ </indexterm>
+ <para>The format of the &man.printcap.5; file is straightforward.
+ Use your favorite text editor to make changes to
+ <filename>/etc/printcap</filename>. The format is identical to
+ other capability files like
+ <filename>/usr/share/misc/termcap</filename> and
+ <filename>/etc/remote</filename>. For complete information
+ about the format, see the &man.cgetent.3;.</para>
+
+ <para>The simple spooler configuration consists of the following
+ steps:</para>
+
+ <procedure>
+ <step>
+ <para>Pick a name (and a few convenient aliases) for the
+ printer, and put them in the
+ <filename>/etc/printcap</filename> file; see the
+ <link linkend="printing-naming">Naming the Printer</link>
+ section for more information on naming.</para>
+ </step>
+
+ <indexterm><primary>header pages</primary></indexterm>
+ <step>
+ <para>Turn off header pages (which are on by default) by
+ inserting the <literal>sh</literal> capability; see the
+ <link linkend="printing-no-header-pages">Suppressing Header
+ Pages</link> section for more information.</para>
+ </step>
+
+ <step>
+ <para>Make a spooling directory, and specify its location with
+ the <literal>sd</literal> capability; see the <link
+ linkend="printing-spooldir">Making the Spooling
+ Directory</link> section for more information.</para>
+ </step>
+
+ <step>
+ <para>Set the <filename>/dev</filename> entry to use for the
+ printer, and note it in <filename>/etc/printcap</filename>
+ with the <literal>lp</literal> capability; see the <link
+ linkend="printing-device">Identifying the Printer
+ Device</link> for more information. Also, if the printer is
+ on a serial port, set up the communication parameters with
+ the <literal>ms#</literal> capability which is discussed in the <link
+ linkend="printing-commparam">Configuring Spooler
+ Communications Parameters</link> section.</para>
+ </step>
+
+ <step>
+ <para>Install a plain text input filter; see the <link
+ linkend="printing-textfilter">Installing the Text
+ Filter</link> section for details.</para>
+ </step>
+
+ <step>
+ <para>Test the setup by printing something with the
+ &man.lpr.1; command. More details are available in the
+ <link linkend="printing-trying">Trying It Out</link> and
+ <link
+ linkend="printing-troubleshooting">Troubleshooting</link>
+ sections.</para>
+ </step>
+ </procedure>
+
+ <note>
+ <para>Language-based printers, such as &postscript; printers,
+ cannot directly print plain text. The simple setup outlined
+ above and described in the following sections assumes that if
+ you are installing such a printer you will print only files
+ that the printer can understand.</para>
+ </note>
+
+ <para>Users often expect that they can print plain text to any of
+ the printers installed on your system. Programs that interface
+ to <application>LPD</application> to do their printing usually
+ make the same assumption.
+ If you are installing such a printer and want to be able to
+ print jobs in the printer language <emphasis>and</emphasis>
+ print plain text jobs, you are strongly urged to add an
+ additional step to the simple setup outlined above: install an
+ automatic plain-text-to-&postscript; (or other printer language)
+ conversion program. The section entitled <link
+ linkend="printing-advanced-if-conversion">Accommodating Plain
+ Text Jobs on &postscript; Printers</link> tells how to do
+ this.</para>
+
+ <sect4 id="printing-naming">
+ <title>Naming the Printer</title>
+
+ <para>The first (easy) step is to pick a name for your printer.
+ It really does not matter whether you choose functional or
+ whimsical names since you can also provide a number of aliases
+ for the printer.</para>
+
+ <para>At least one of the printers specified in the
+ <filename>/etc/printcap</filename> should have the alias
+ <literal>lp</literal>. This is the default printer's name.
+ If users do not have the <envar>PRINTER</envar> environment
+ variable nor specify a printer name on the command line of any
+ of the <application>LPD</application> commands,
+ then <literal>lp</literal> will be the
+ default printer they get to use.</para>
+
+ <para>Also, it is common practice to make the last alias for a
+ printer be a full description of the printer, including make
+ and model.</para>
+
+ <para>Once you have picked a name and some common aliases, put
+ them in the <filename>/etc/printcap</filename> file. The name
+ of the printer should start in the leftmost column. Separate
+ each alias with a vertical bar and put a colon after the last
+ alias.</para>
+
+ <para>In the following example, we start with a skeletal
+ <filename>/etc/printcap</filename> that defines two printers
+ (a Diablo 630 line printer and a Panasonic KX-P4455 &postscript;
+ laser printer):</para>
+
+ <programlisting>#
+# /etc/printcap for host rose
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:</programlisting>
+
+ <para>In this example, the first printer is named
+ <literal>rattan</literal> and has as aliases
+ <literal>line</literal>, <literal>diablo</literal>,
+ <literal>lp</literal>, and <literal>Diablo 630 Line
+ Printer</literal>. Since it has the alias
+ <literal>lp</literal>, it is also the default printer. The
+ second is named <literal>bamboo</literal>, and has as aliases
+ <literal>ps</literal>, <literal>PS</literal>,
+ <literal>S</literal>, <literal>panasonic</literal>, and
+ <literal>Panasonic KX-P4455 PostScript v51.4</literal>.</para>
+ </sect4>
+
+ <sect4 id="printing-no-header-pages">
+ <title>Suppressing Header Pages</title>
+ <indexterm>
+ <primary>printing</primary>
+ <secondary>header pages</secondary>
+ </indexterm>
+
+ <para>The <application>LPD</application> spooling system will
+ by default print a
+ <emphasis>header page</emphasis> for each job. The header
+ page contains the user name who requested the job, the host
+ from which the job came, and the name of the job, in nice
+ large letters. Unfortunately, all this extra text gets in the
+ way of debugging the simple printer setup, so we will suppress
+ header pages.</para>
+
+ <para>To suppress header pages, add the <literal>sh</literal>
+ capability to the entry for the printer in
+ <filename>/etc/printcap</filename>. Here is an example
+ <filename>/etc/printcap</filename> with <literal>sh</literal>
+ added:</para>
+
+ <programlisting>#
+# /etc/printcap for host rose - no header pages anywhere
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:</programlisting>
+
+ <para>Note how we used the correct format: the first line starts
+ in the leftmost column, and subsequent lines are indented.
+ Every line in an entry except the last ends in
+ a backslash character.</para>
+ </sect4>
+
+ <sect4 id="printing-spooldir">
+ <title>Making the Spooling Directory</title>
+ <indexterm><primary>printer spool</primary></indexterm>
+ <indexterm><primary>print jobs</primary></indexterm>
+
+ <para>The next step in the simple spooler setup is to make a
+ <emphasis>spooling directory</emphasis>, a directory where
+ print jobs reside until they are printed, and where a number
+ of other spooler support files live.</para>
+
+ <para>Because of the variable nature of spooling directories, it
+ is customary to put these directories under
+ <filename>/var/spool</filename>. It is not necessary to
+ backup the contents of spooling directories, either.
+ Recreating them is as simple as running &man.mkdir.1;.</para>
+
+ <para>It is also customary to make the directory with a name
+ that is identical to the name of the printer, as shown
+ below:</para>
+
+ <screen>&prompt.root; <userinput>mkdir /var/spool/<replaceable>printer-name</replaceable></userinput></screen>
+
+ <para>However, if you have a lot of printers on your network,
+ you might want to put the spooling directories under a single
+ directory that you reserve just for printing with
+ <application>LPD</application>. We
+ will do this for our two example printers
+ <literal>rattan</literal> and
+ <literal>bamboo</literal>:</para>
+
+ <screen>&prompt.root; <userinput>mkdir /var/spool/lpd</userinput>
+&prompt.root; <userinput>mkdir /var/spool/lpd/rattan</userinput>
+&prompt.root; <userinput>mkdir /var/spool/lpd/bamboo</userinput></screen>
+
+ <note>
+ <para>If you are concerned about the privacy of jobs that
+ users print, you might want to protect the spooling
+ directory so it is not publicly accessible. Spooling
+ directories should be owned and be readable, writable, and
+ searchable by user daemon and group daemon, and no one else.
+ We will do this for our example printers:</para>
+
+ <screen>&prompt.root; <userinput>chown daemon:daemon /var/spool/lpd/rattan</userinput>
+&prompt.root; <userinput>chown daemon:daemon /var/spool/lpd/bamboo</userinput>
+&prompt.root; <userinput>chmod 770 /var/spool/lpd/rattan</userinput>
+&prompt.root; <userinput>chmod 770 /var/spool/lpd/bamboo</userinput></screen>
+ </note>
+
+ <para>Finally, you need to tell <application>LPD</application>
+ about these directories
+ using the <filename>/etc/printcap</filename> file. You
+ specify the pathname of the spooling directory with the
+ <literal>sd</literal> capability:</para>
+
+ <programlisting>#
+# /etc/printcap for host rose - added spooling directories
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:sd=/var/spool/lpd/rattan:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:</programlisting>
+
+ <para>Note that the name of the printer starts in the first
+ column but all other entries describing the printer should be
+ indented and each line end escaped with a
+ backslash.</para>
+
+ <para>If you do not specify a spooling directory with
+ <literal>sd</literal>, the spooling system will use
+ <filename>/var/spool/lpd</filename> as a default.</para>
+ </sect4>
+
+ <sect4 id="printing-device">
+ <title>Identifying the Printer Device</title>
+
+ <para>In the <link linkend="printing-dev-ports">Adding
+ <filename>/dev</filename> Entries for the Ports</link>
+ section, we identified which entry in the
+ <filename>/dev</filename> directory FreeBSD will use to
+ communicate with the printer. Now, we tell
+ <application>LPD</application> that
+ information. When the spooling system has a job to print, it
+ will open the specified device on behalf of the filter program
+ (which is responsible for passing data to the printer).</para>
+
+ <para>List the <filename>/dev</filename> entry pathname in the
+ <filename>/etc/printcap</filename> file using the
+ <literal>lp</literal> capability.</para>
+
+ <para>In our running example, let us assume that
+ <literal>rattan</literal> is on the first parallel port, and
+ <literal>bamboo</literal> is on a sixth serial port; here are
+ the additions to <filename>/etc/printcap</filename>:</para>
+
+ <programlisting>#
+# /etc/printcap for host rose - identified what devices to use
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:sd=/var/spool/lpd/rattan:\
+ :lp=/dev/lpt0:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:\
+ :lp=/dev/ttyd5:</programlisting>
+
+ <para>If you do not specify the <literal>lp</literal> capability
+ for a printer in your <filename>/etc/printcap</filename> file,
+ <application>LPD</application> uses <filename>/dev/lp</filename>
+ as a default.
+ <filename>/dev/lp</filename> currently does not exist in
+ FreeBSD.</para>
+
+ <para>If the printer you are installing is connected to a
+ parallel port, skip to the section entitled, <link
+ linkend="printing-textfilter">Installing the Text
+ Filter</link>. Otherwise, be sure to follow the instructions
+ in the next section.</para>
+ </sect4>
+
+ <sect4 id="printing-commparam">
+ <title>Configuring Spooler Communication Parameters</title>
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>serial</secondary>
+ </indexterm>
+
+ <para>For printers on serial ports, <application>LPD</application>
+ can set up the bps rate,
+ parity, and other serial communication parameters on behalf of
+ the filter program that sends data to the printer. This is
+ advantageous since:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>It lets you try different communication parameters by
+ simply editing the <filename>/etc/printcap</filename>
+ file; you do not have to recompile the filter
+ program.</para>
+ </listitem>
+
+ <listitem>
+ <para>It enables the spooling system to use the same filter
+ program for multiple printers which may have different
+ serial communication settings.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following <filename>/etc/printcap</filename>
+ capabilities control serial communication parameters of the
+ device listed in the <literal>lp</literal> capability:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>br#<replaceable>bps-rate</replaceable></literal></term>
+
+ <listitem>
+ <para>Sets the communications speed of the device to
+ <replaceable>bps-rate</replaceable>, where
+ <replaceable>bps-rate</replaceable> can be 50, 75, 110,
+ 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800, 9600,
+ 19200, 38400, 57600, or 115200 bits-per-second.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>ms#<replaceable>stty-mode</replaceable></literal></term>
+
+ <listitem>
+ <para>Sets the options for the terminal device after
+ opening the device. &man.stty.1; explains the
+ available options.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>When <application>LPD</application> opens the device
+ specified by the <literal>lp</literal> capability, it sets
+ the characteristics of the device to those specified with
+ the <literal>ms#</literal> capability. Of particular
+ interest will be the <literal>parenb</literal>,
+ <literal>parodd</literal>, <literal>cs5</literal>,
+ <literal>cs6</literal>, <literal>cs7</literal>,
+ <literal>cs8</literal>, <literal>cstopb</literal>,
+ <literal>crtscts</literal>, and <literal>ixon</literal>
+ modes, which are explained in the &man.stty.1;
+ manual page.</para>
+
+ <para>Let us add to our example printer on the sixth serial
+ port. We will set the bps rate to 38400. For the mode,
+ we will set no parity with <literal>-parenb</literal>,
+ 8-bit characters with <literal>cs8</literal>,
+ no modem control with <literal>clocal</literal> and
+ hardware flow control with <literal>crtscts</literal>:</para>
+
+ <programlisting>bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:\
+ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:</programlisting>
+ </sect4>
+
+ <sect4 id="printing-textfilter">
+ <title>Installing the Text Filter</title>
+ <indexterm>
+ <primary>printing</primary>
+ <secondary>filters</secondary>
+ </indexterm>
+
+ <para>We are now ready to tell <application>LPD</application>
+ what text filter to use to
+ send jobs to the printer. A <emphasis>text filter</emphasis>,
+ also known as an <emphasis>input filter</emphasis>, is a
+ program that <application>LPD</application> runs when it
+ has a job to print. When <application>LPD</application>
+ runs the text filter for a printer, it sets the filter's
+ standard input to the job to print, and its standard output to
+ the printer device specified with the <literal>lp</literal>
+ capability. The filter is expected to read the job from
+ standard input, perform any necessary translation for the
+ printer, and write the results to standard output, which will
+ get printed. For more information on the text filter, see
+ the <link linkend="printing-advanced-filters">Filters</link>
+ section.</para>
+
+ <para>For our simple printer setup, the text filter can be a
+ small shell script that just executes
+ <command>/bin/cat</command> to send the job to the printer.
+ FreeBSD comes with another filter called
+ <filename>lpf</filename> that handles backspacing and
+ underlining for printers that might not deal with such
+ character streams well. And, of course, you can use any other
+ filter program you want. The filter <command>lpf</command> is
+ described in detail in section entitled <link
+ linkend="printing-advanced-lpf">lpf: a Text
+ Filter</link>.</para>
+
+ <para>First, let us make the shell script
+ <filename>/usr/local/libexec/if-simple</filename> be a simple
+ text filter. Put the following text into that file with your
+ favorite text editor:</para>
+
+ <programlisting>#!/bin/sh
+#
+# if-simple - Simple text input filter for lpd
+# Installed in /usr/local/libexec/if-simple
+#
+# Simply copies stdin to stdout. Ignores all filter arguments.
+
+/bin/cat &amp;&amp; exit 0
+exit 2</programlisting>
+
+ <para>Make the file executable:</para>
+
+ <screen>&prompt.root; <userinput>chmod 555 /usr/local/libexec/if-simple</userinput></screen>
+
+ <para>And then tell LPD to use it by specifying it with the
+ <literal>if</literal> capability in
+ <filename>/etc/printcap</filename>. We will add it to the two
+ printers we have so far in the example
+ <filename>/etc/printcap</filename>:</para>
+
+ <programlisting>#
+# /etc/printcap for host rose - added text filter
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\
+ :if=/usr/local/libexec/if-simple:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:\
+ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:\
+ :if=/usr/local/libexec/if-simple:</programlisting>
+
+ <note>
+ <para>A copy of the <filename>if-simple</filename> script
+ can be found in the <filename
+ class="directory">/usr/share/examples/printing</filename>
+ directory.</para>
+ </note>
+ </sect4>
+
+ <sect4>
+ <title>Turn on <application>LPD</application></title>
+
+ <para>&man.lpd.8; is run from <filename>/etc/rc</filename>,
+ controlled by the <literal>lpd_enable</literal> variable. This
+ variable defaults to <literal>NO</literal>. If you have not done
+ so already, add the line:</para>
+
+ <programlisting>lpd_enable="YES"</programlisting>
+
+ <para>to <filename>/etc/rc.conf</filename>, and then either restart
+ your machine, or just run &man.lpd.8;.</para>
+
+ <screen>&prompt.root; <userinput>lpd</userinput></screen>
+ </sect4>
+
+ <sect4 id="printing-trying">
+ <title>Trying It Out</title>
+
+ <para>You have reached the end of the simple
+ <application>LPD</application> setup.
+ Unfortunately, congratulations are not quite yet in order,
+ since we still have to test the setup and correct any
+ problems. To test the setup, try printing something. To
+ print with the <application>LPD</application> system, you
+ use the command &man.lpr.1;,
+ which submits a job for printing.</para>
+
+ <para>You can combine &man.lpr.1; with the &man.lptest.1;
+ program, introduced in section <link
+ linkend="printing-testing">Checking Printer
+ Communications</link> to generate some test text.</para>
+
+ <para><emphasis>To test the simple <application>LPD</application>
+ setup:</emphasis></para>
+
+ <para>Type:</para>
+
+ <screen>&prompt.root; <userinput>lptest 20 5 | lpr -P<replaceable>printer-name</replaceable></userinput></screen>
+
+ <para>Where <replaceable>printer-name</replaceable> is a the
+ name of a printer (or an alias) specified in
+ <filename>/etc/printcap</filename>. To test the default
+ printer, type &man.lpr.1; without any <option>-P</option>
+ argument. Again, if you are testing a printer that expects
+ &postscript;, send a &postscript; program in that language instead
+ of using &man.lptest.1;. You can do so by putting the program
+ in a file and typing <command>lpr
+ <replaceable>file</replaceable></command>.</para>
+
+ <para>For a &postscript; printer, you should get the results of
+ the program. If you are using &man.lptest.1;, then your
+ results should look like the following:</para>
+
+ <programlisting>!"#$%&amp;'()*+,-./01234
+"#$%&amp;'()*+,-./012345
+#$%&amp;'()*+,-./0123456
+$%&amp;'()*+,-./01234567
+%&amp;'()*+,-./012345678</programlisting>
+
+ <para>To further test the printer, try downloading larger
+ programs (for language-based printers) or running
+ &man.lptest.1; with different arguments. For example,
+ <command>lptest 80 60</command> will produce 60 lines of 80
+ characters each.</para>
+
+ <para>If the printer did not work, see the <link
+ linkend="printing-troubleshooting">Troubleshooting</link>
+ section.</para>
+ </sect4>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="printing-advanced">
+ <title>Advanced Printer Setup</title>
+
+ <para>This section describes filters for printing specially formatted
+ files, header pages, printing across networks, and restricting and
+ accounting for printer usage.</para>
+
+ <sect2 id="printing-advanced-filter-intro">
+ <title>Filters</title>
+ <indexterm>
+ <primary>printing</primary>
+ <secondary>filters</secondary>
+ </indexterm>
+
+ <para>Although <application>LPD</application> handles network protocols,
+ queuing, access control,
+ and other aspects of printing, most of the <emphasis>real</emphasis>
+ work happens in the <emphasis>filters</emphasis>. Filters are
+ programs that communicate with the printer and handle its device
+ dependencies and special requirements. In the simple printer setup,
+ we installed a plain text filter&mdash;an extremely simple one that
+ should work with most printers (section <link
+ linkend="printing-textfilter">Installing the Text
+ Filter</link>).</para>
+
+ <para>However, in order to take advantage of format conversion, printer
+ accounting, specific printer quirks, and so on, you should understand
+ how filters work. It will ultimately be the filter's responsibility
+ to handle these aspects. And the bad news is that most of the time
+ <emphasis>you</emphasis> have to provide filters yourself. The good
+ news is that many are generally available; when they are not, they are
+ usually easy to write.</para>
+
+ <para>Also, FreeBSD comes with one,
+ <filename>/usr/libexec/lpr/lpf</filename>, that works with many
+ printers that can print plain text. (It handles backspacing and tabs
+ in the file, and does accounting, but that is about all it does.)
+ There are also several filters and filter components in the FreeBSD
+ Ports Collection.</para>
+
+ <para>Here is what you will find in this section:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Section <link linkend="printing-advanced-filters">How Filters
+ Work</link>, tries to give an overview of a filter's role in the
+ printing process. You should read this section to get an
+ understanding of what is happening <quote>under the hood</quote>
+ when <application>LPD</application> uses filters. This knowledge
+ could help you anticipate
+ and debug problems you might encounter as you install more and
+ more filters on each of your printers.</para>
+ </listitem>
+
+ <listitem>
+ <para><application>LPD</application> expects every printer to be
+ able to print plain text by
+ default. This presents a problem for &postscript; (or other
+ language-based printers) which cannot directly print plain text.
+ Section <link
+ linkend="printing-advanced-if-conversion">Accommodating
+ Plain Text Jobs on &postscript; Printers</link> tells you what you
+ should do to overcome this problem. You should read this
+ section if you have a &postscript; printer.</para>
+ </listitem>
+
+ <listitem>
+ <para>&postscript; is a popular output format for many programs.
+ Some people even write &postscript; code directly. Unfortunately,
+ &postscript; printers are expensive. Section <link
+ linkend="printing-advanced-ps">Simulating &postscript; on
+ Non &postscript; Printers</link> tells how you can further modify
+ a printer's text filter to accept and print &postscript; data on a
+ <emphasis>non &postscript;</emphasis> printer. You should read
+ this section if you do not have a &postscript; printer.</para>
+ </listitem>
+
+ <listitem>
+ <para>Section <link
+ linkend="printing-advanced-convfilters">Conversion
+ Filters</link> tells about a way you can automate the conversion
+ of specific file formats, such as graphic or typesetting data,
+ into formats your printer can understand. After reading this
+ section, you should be able to set up your printers such that
+ users can type <command>lpr -t</command> to print troff data, or
+ <command>lpr -d</command> to print &tex; DVI data, or <command>lpr
+ -v</command> to print raster image data, and so forth. I
+ recommend reading this section.</para>
+ </listitem>
+
+ <listitem>
+ <para>Section <link linkend="printing-advanced-of">Output
+ Filters</link> tells all about a not often used feature of
+ <application>LPD</application>:
+ output filters. Unless you are printing header pages (see <link
+ linkend="printing-advanced-header-pages">Header Pages</link>),
+ you can probably skip that section altogether.</para>
+ </listitem>
+
+ <listitem>
+ <para>Section <link linkend="printing-advanced-lpf">lpf: a Text
+ Filter</link> describes <command>lpf</command>, a fairly
+ complete if simple text filter for line printers (and laser
+ printers that act like line printers) that comes with FreeBSD. If
+ you need a quick way to get printer accounting working for plain
+ text, or if you have a printer which emits smoke when it sees
+ backspace characters, you should definitely consider
+ <command>lpf</command>.</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <para>A copy of the various scripts described below can be
+ found in the <filename
+ class="directory">/usr/share/examples/printing</filename>
+ directory.</para>
+ </note>
+
+ <sect3 id="printing-advanced-filters">
+ <title>How Filters Work</title>
+
+ <para>As mentioned before, a filter is an executable program started
+ by <application>LPD</application> to handle the device-dependent part of
+ communicating with the printer.</para>
+
+ <para>When <application>LPD</application> wants to print a file in a
+ job, it starts a filter
+ program. It sets the filter's standard input to the file to print,
+ its standard output to the printer, and its standard error to the
+ error logging file (specified in the <literal>lf</literal>
+ capability in <filename>/etc/printcap</filename>, or
+ <filename>/dev/console</filename> by default).</para>
+
+ <indexterm>
+ <primary><command>troff</command></primary>
+ </indexterm>
+ <para>Which filter <application>LPD</application> starts and the
+ filter's arguments depend on
+ what is listed in the <filename>/etc/printcap</filename> file and
+ what arguments the user specified for the job on the
+ &man.lpr.1; command line. For example, if the user typed
+ <command>lpr -t</command>, <application>LPD</application> would
+ start the troff filter, listed
+ in the <literal>tf</literal> capability for the destination printer.
+ If the user wanted to print plain text, it would start the
+ <literal>if</literal> filter (this is mostly true: see <link
+ linkend="printing-advanced-of">Output Filters</link> for
+ details).</para>
+
+ <para>There are three kinds of filters you can specify in
+ <filename>/etc/printcap</filename>:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <emphasis>text filter</emphasis>, confusingly called the
+ <emphasis>input filter</emphasis> in
+ <application>LPD</application> documentation, handles
+ regular text printing. Think of it as the default filter.
+ <application>LPD</application>
+ expects every printer to be able to print plain text by default,
+ and it is the text filter's job to make sure backspaces, tabs,
+ or other special characters do not confuse the printer. If you
+ are in an environment where you have to account for printer
+ usage, the text filter must also account for pages printed,
+ usually by counting the number of lines printed and comparing
+ that to the number of lines per page the printer supports. The
+ text filter is started with the following argument list:
+
+ <cmdsynopsis>
+ <command>filter-name</command>
+ <arg>-c</arg>
+ <arg choice="plain">-w<replaceable>width</replaceable></arg>
+ <arg choice="plain">-l<replaceable>length</replaceable></arg>
+ <arg choice="plain">-i<replaceable>indent</replaceable></arg>
+ <arg choice="plain">-n <replaceable>login</replaceable></arg>
+ <arg choice="plain">-h <replaceable>host</replaceable></arg>
+ <arg choice="plain"><replaceable>acct-file</replaceable></arg>
+ </cmdsynopsis>
+
+ where
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-c</option></term>
+
+ <listitem>
+ <para>appears if the job is submitted with <command>lpr
+ -l</command></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><replaceable>width</replaceable></term>
+
+ <listitem>
+ <para>is the value from the <literal>pw</literal> (page
+ width) capability specified in
+ <filename>/etc/printcap</filename>, default 132</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><replaceable>length</replaceable></term>
+
+ <listitem>
+ <para>is the value from the <literal>pl</literal> (page
+ length) capability, default 66</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><replaceable>indent</replaceable></term>
+
+ <listitem>
+ <para>is the amount of the indentation from <command>lpr
+ -i</command>, default 0</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><replaceable>login</replaceable></term>
+
+ <listitem>
+ <para>is the account name of the user printing the
+ file</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><replaceable>host</replaceable></term>
+
+ <listitem>
+ <para>is the host name from which the job was
+ submitted</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><replaceable>acct-file</replaceable></term>
+
+ <listitem>
+ <para>is the name of the accounting file from the
+ <literal>af</literal> capability.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ </listitem>
+
+ <indexterm>
+ <primary>printing</primary>
+ <secondary>filters</secondary>
+ </indexterm>
+ <listitem>
+ <para>A <emphasis>conversion filter</emphasis> converts a specific
+ file format into one the printer can render onto paper. For
+ example, ditroff typesetting data cannot be directly printed,
+ but you can install a conversion filter for ditroff files to
+ convert the ditroff data into a form the printer can digest and
+ print. Section <link
+ linkend="printing-advanced-convfilters">Conversion
+ Filters</link> tells all about them. Conversion filters also
+ need to do accounting, if you need printer accounting.
+ Conversion filters are started with the following arguments:
+
+ <cmdsynopsis>
+ <command>filter-name</command>
+ <arg
+ choice="plain">-x<replaceable>pixel-width</replaceable></arg>
+ <arg choice="plain">-y<replaceable>pixel-height</replaceable></arg>
+ <arg choice="plain">-n <replaceable>login</replaceable></arg>
+ <arg choice="plain">-h <replaceable>host</replaceable></arg>
+ <arg choice="plain"><replaceable>acct-file</replaceable></arg>
+ </cmdsynopsis>
+
+ where <replaceable>pixel-width</replaceable> is the value
+ from the <literal>px</literal> capability (default 0) and
+ <replaceable>pixel-height</replaceable> is the value from the
+ <literal>py</literal> capability (default 0).</para>
+ </listitem>
+
+ <listitem>
+ <para>The <emphasis>output filter</emphasis> is used only if there
+ is no text filter, or if header pages are enabled. In my
+ experience, output filters are rarely used. Section <link
+ linkend="printing-advanced-of">Output Filters</link> describe
+ them. There are only two arguments to an output filter:
+
+ <cmdsynopsis>
+ <command>filter-name</command>
+ <arg choice="plain">-w<replaceable>width</replaceable></arg>
+ <arg choice="plain">-l<replaceable>length</replaceable></arg>
+ </cmdsynopsis>
+
+ which are identical to the text filters <option>-w</option> and
+ <option>-l</option> arguments.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Filters should also <emphasis>exit</emphasis> with the
+ following exit status:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>exit 0</term>
+
+ <listitem>
+ <para>If the filter printed the file successfully.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>exit 1</term>
+
+ <listitem>
+ <para>If the filter failed to print the file but wants
+ <application>LPD</application> to
+ try to print the file again. <application>LPD</application>
+ will restart a filter if it exits with this status.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>exit 2</term>
+
+ <listitem>
+ <para>If the filter failed to print the file and does not want
+ <application>LPD</application> to try again.
+ <application>LPD</application> will throw out the file.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The text filter that comes with the FreeBSD release,
+ <filename>/usr/libexec/lpr/lpf</filename>, takes advantage of the
+ page width and length arguments to determine when to send a form
+ feed and how to account for printer usage. It uses the login, host,
+ and accounting file arguments to make the accounting entries.</para>
+
+ <para>If you are shopping for filters, see if they are LPD-compatible.
+ If they are, they must support the argument lists described above.
+ If you plan on writing filters for general use, then have them
+ support the same argument lists and exit codes.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-if-conversion">
+ <title>Accommodating Plain Text Jobs on &postscript; Printers</title>
+ <indexterm><primary>print jobs</primary></indexterm>
+
+ <para>If you are the only user of your computer and &postscript; (or
+ other language-based) printer, and you promise to never send plain
+ text to your printer and to never use features of various programs
+ that will want to send plain text to your printer, then you do not
+ need to worry about this section at all.</para>
+
+ <para>But, if you would like to send both &postscript; and plain text
+ jobs to the printer, then you are urged to augment your printer
+ setup. To do so, we have the text filter detect if the arriving job
+ is plain text or &postscript;. All &postscript; jobs must start with
+ <literal>%!</literal> (for other printer languages, see your printer
+ documentation). If those are the first two characters in the job,
+ we have &postscript;, and can pass the rest of the job directly. If
+ those are not the first two characters in the file, then the filter
+ will convert the text into &postscript; and print the result.</para>
+
+ <para>How do we do this?</para>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>serial</secondary>
+ </indexterm>
+ <para>If you have got a serial printer, a great way to do it is to
+ install <command>lprps</command>. <command>lprps</command> is a
+ &postscript; printer filter which performs two-way communication with
+ the printer. It updates the printer's status file with verbose
+ information from the printer, so users and administrators can see
+ exactly what the state of the printer is (such as <errorname>toner
+ low</errorname> or <errorname>paper jam</errorname>). But more
+ importantly, it includes a program called <command>psif</command>
+ which detects whether the incoming job is plain text and calls
+ <command>textps</command> (another program that comes with
+ <command>lprps</command>) to convert it to &postscript;. It then uses
+ <command>lprps</command> to send the job to the printer.</para>
+
+ <para><command>lprps</command> is part of the FreeBSD Ports Collection
+ (see <link linkend="ports">The Ports Collection</link>). You can
+ fetch, build and install it yourself, of course. After installing
+ <command>lprps</command>, just specify the pathname to the
+ <command>psif</command> program that is part of
+ <command>lprps</command>. If you installed <command>lprps</command>
+ from the Ports Collection, use the following in the serial
+ &postscript; printer's entry in
+ <filename>/etc/printcap</filename>:</para>
+
+ <programlisting>:if=/usr/local/libexec/psif:</programlisting>
+
+ <para>You should also specify the <literal>rw</literal> capability;
+ that tells <application>LPD</application> to open the printer in
+ read-write mode.</para>
+
+ <para>If you have a parallel &postscript; printer (and therefore cannot
+ use two-way communication with the printer, which
+ <command>lprps</command> needs), you can use the following shell
+ script as the text filter:</para>
+
+ <programlisting>#!/bin/sh
+#
+# psif - Print PostScript or plain text on a PostScript printer
+# Script version; NOT the version that comes with lprps
+# Installed in /usr/local/libexec/psif
+#
+
+IFS="" read -r first_line
+first_two_chars=`expr "$first_line" : '\(..\)'`
+
+if [ "$first_two_chars" = "%!" ]; then
+ #
+ # PostScript job, print it.
+ #
+ echo "$first_line" &amp;&amp; cat &amp;&amp; printf "\004" &amp;&amp; exit 0
+ exit 2
+else
+ #
+ # Plain text, convert it, then print it.
+ #
+ ( echo "$first_line"; cat ) | /usr/local/bin/textps &amp;&amp; printf "\004" &amp;&amp; exit 0
+ exit 2
+fi</programlisting>
+
+ <para>In the above script, <command>textps</command> is a program we
+ installed separately to convert plain text to &postscript;. You can
+ use any text-to-&postscript; program you wish. The FreeBSD Ports
+ Collection (see <link linkend="ports">The Ports Collection</link>)
+ includes a full featured text-to-&postscript; program called
+ <literal>a2ps</literal> that you might want to investigate.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-ps">
+ <title>Simulating &postscript; on Non &postscript; Printers</title>
+ <indexterm>
+ <primary>PostScript</primary>
+ <secondary>emulating</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>Ghostscript</primary></indexterm>
+ <para>&postscript; is the <emphasis>de facto</emphasis> standard for
+ high quality typesetting and printing. &postscript; is, however, an
+ <emphasis>expensive</emphasis> standard. Thankfully, Aladdin
+ Enterprises has a free &postscript; work-alike called
+ <application>Ghostscript</application> that runs with FreeBSD.
+ Ghostscript can read most &postscript; files and can render their
+ pages onto a variety of devices, including many brands of
+ non-PostScript printers. By installing Ghostscript and using a
+ special text filter for your printer, you can make your
+ non &postscript; printer act like a real &postscript; printer.</para>
+
+ <para>Ghostscript is in the FreeBSD Ports Collection, if you
+ would like to install it from there. You can fetch, build, and
+ install it quite easily yourself, as well.</para>
+
+ <para>To simulate &postscript;, we have the text filter detect if it is
+ printing a &postscript; file. If it is not, then the filter will pass
+ the file directly to the printer; otherwise, it will use Ghostscript
+ to first convert the file into a format the printer will
+ understand.</para>
+
+ <para>Here is an example: the following script is a text filter
+ for Hewlett Packard DeskJet 500 printers. For other printers,
+ substitute the <option>-sDEVICE</option> argument to the
+ <command>gs</command> (Ghostscript) command. (Type <command>gs
+ -h</command> to get a list of devices the current installation of
+ Ghostscript supports.)</para>
+
+ <programlisting>#!/bin/sh
+#
+# ifhp - Print Ghostscript-simulated PostScript on a DeskJet 500
+# Installed in /usr/local/libexec/ifhp
+
+#
+# Treat LF as CR+LF (to avoid the "staircase effect" on HP/PCL
+# printers):
+#
+printf "\033&amp;k2G" || exit 2
+
+#
+# Read first two characters of the file
+#
+IFS="" read -r first_line
+first_two_chars=`expr "$first_line" : '\(..\)'`
+
+if [ "$first_two_chars" = "%!" ]; then
+ #
+ # It is PostScript; use Ghostscript to scan-convert and print it.
+ #
+ /usr/local/bin/gs -dSAFER -dNOPAUSE -q -sDEVICE=djet500 \
+ -sOutputFile=- - &amp;&amp; exit 0
+else
+ #
+ # Plain text or HP/PCL, so just print it directly; print a form feed
+ # at the end to eject the last page.
+ #
+ echo "$first_line" &amp;&amp; cat &amp;&amp; printf "\033&amp;l0H" &amp;&amp;
+exit 0
+fi
+
+exit 2</programlisting>
+
+ <para>Finally, you need to notify <application>LPD</application> of
+ the filter via the <literal>if</literal> capability:</para>
+
+ <programlisting>:if=/usr/local/libexec/ifhp:</programlisting>
+
+ <para>That is it. You can type <command>lpr plain.text</command> and
+ <filename>lpr whatever.ps</filename> and both should print
+ successfully.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-convfilters">
+ <title>Conversion Filters</title>
+
+ <para>After completing the simple setup described in <link
+ linkend="printing-simple">Simple Printer Setup</link>, the first
+ thing you will probably want to do is install conversion filters for
+ your favorite file formats (besides plain ASCII text).</para>
+
+ <sect4>
+ <title>Why Install Conversion Filters?</title>
+ <indexterm>
+ <primary>&tex;</primary>
+ <secondary>printing DVI files</secondary>
+ </indexterm>
+
+ <para>Conversion filters make printing various kinds of files easy.
+ As an example, suppose we do a lot of work with the &tex;
+ typesetting system, and we have a &postscript; printer. Every time
+ we generate a DVI file from &tex;, we cannot print it directly until
+ we convert the DVI file into &postscript;. The command sequence
+ goes like this:</para>
+
+ <screen>&prompt.user; <userinput>dvips seaweed-analysis.dvi</userinput>
+&prompt.user; <userinput>lpr seaweed-analysis.ps</userinput></screen>
+
+ <para>By installing a conversion filter for DVI files, we can skip
+ the hand conversion step each time by having
+ <application>LPD</application> do it for us.
+ Now, each time we get a DVI file, we are just one step away from
+ printing it:</para>
+
+ <screen>&prompt.user; <userinput>lpr -d seaweed-analysis.dvi</userinput></screen>
+
+ <para>We got <application>LPD</application> to do the DVI file
+ conversion for us by specifying
+ the <option>-d</option> option. Section <link
+ linkend="printing-lpr-options-format">Formatting and Conversion
+ Options</link> lists the conversion options.</para>
+
+ <para>For each of the conversion options you want a printer to
+ support, install a <emphasis>conversion filter</emphasis> and
+ specify its pathname in <filename>/etc/printcap</filename>. A
+ conversion filter is like the text filter for the simple printer
+ setup (see section <link linkend="printing-textfilter">Installing
+ the Text Filter</link>) except that instead of printing plain
+ text, the filter converts the file into a format the printer can
+ understand.</para>
+ </sect4>
+
+ <sect4>
+ <title>Which Conversion Filters Should I Install?</title>
+
+ <para>You should install the conversion filters you expect to use.
+ If you print a lot of DVI data, then a DVI conversion filter is in
+ order. If you have got plenty of troff to print out, then you
+ probably want a troff filter.</para>
+
+ <para>The following table summarizes the filters that
+ <application>LPD</application> works
+ with, their capability entries for the
+ <filename>/etc/printcap</filename> file, and how to invoke them
+ with the <command>lpr</command> command:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>File type</entry>
+ <entry><filename>/etc/printcap</filename> capability</entry>
+ <entry><command>lpr</command> option</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>cifplot</entry>
+ <entry><literal>cf</literal></entry>
+ <entry><option>-c</option></entry>
+ </row>
+
+ <row>
+ <entry>DVI</entry>
+ <entry><literal>df</literal></entry>
+ <entry><option>-d</option></entry>
+ </row>
+
+ <row>
+ <entry>plot</entry>
+ <entry><literal>gf</literal></entry>
+ <entry><option>-g</option></entry>
+ </row>
+
+ <row>
+ <entry>ditroff</entry>
+ <entry><literal>nf</literal></entry>
+ <entry><option>-n</option></entry>
+ </row>
+
+ <row>
+ <entry>FORTRAN text</entry>
+ <entry><literal>rf</literal></entry>
+ <entry><option>-f</option></entry>
+ </row>
+
+ <row>
+ <entry>troff</entry>
+ <entry><literal>tf</literal></entry>
+ <entry><option>-f</option></entry>
+ </row>
+
+ <row>
+ <entry>raster</entry>
+ <entry><literal>vf</literal></entry>
+ <entry><option>-v</option></entry>
+ </row>
+
+ <row>
+ <entry>plain text</entry>
+ <entry><literal>if</literal></entry>
+ <entry>none, <option>-p</option>, or
+ <option>-l</option></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>In our example, using <command>lpr -d</command> means the
+ printer needs a <literal>df</literal> capability in its entry in
+ <filename>/etc/printcap</filename>.</para>
+
+ <indexterm><primary>FORTRAN</primary></indexterm>
+ <para>Despite what others might contend, formats like FORTRAN text
+ and plot are probably obsolete. At your site, you can give new
+ meanings to these or any of the formatting options just by
+ installing custom filters. For example, suppose you would like to
+ directly print Printerleaf files (files from the Interleaf desktop
+ publishing program), but will never print plot files. You could
+ install a Printerleaf conversion filter under the
+ <literal>gf</literal> capability and then educate your users that
+ <command>lpr -g</command> mean <quote>print Printerleaf
+ files.</quote></para>
+ </sect4>
+
+ <sect4>
+ <title>Installing Conversion Filters</title>
+
+ <para>Since conversion filters are programs you install outside of
+ the base FreeBSD installation, they should probably go under
+ <filename>/usr/local</filename>. The directory
+ <filename>/usr/local/libexec</filename> is a popular location,
+ since they are specialized programs that only
+ <application>LPD</application> will run;
+ regular users should not ever need to run them.</para>
+
+ <para>To enable a conversion filter, specify its pathname under the
+ appropriate capability for the destination printer in
+ <filename>/etc/printcap</filename>.</para>
+
+ <para>In our example, we will add the DVI conversion filter to the
+ entry for the printer named <literal>bamboo</literal>. Here is
+ the example <filename>/etc/printcap</filename> file again, with
+ the new <literal>df</literal> capability for the printer
+ <literal>bamboo</literal>.</para>
+
+ <programlisting>#
+# /etc/printcap for host rose - added df filter for bamboo
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:sd=/var/spool/lpd/rattan:\
+ :lp=/dev/lpt0:\
+ :if=/usr/local/libexec/if-simple:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:\
+ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
+ :if=/usr/local/libexec/psif:\
+ :df=/usr/local/libexec/psdf:</programlisting>
+
+ <para>The DVI filter is a shell script named
+ <filename>/usr/local/libexec/psdf</filename>. Here is that
+ script:</para>
+
+ <programlisting>#!/bin/sh
+#
+# psdf - DVI to PostScript printer filter
+# Installed in /usr/local/libexec/psdf
+#
+# Invoked by lpd when user runs lpr -d
+#
+exec /usr/local/bin/dvips -f | /usr/local/libexec/lprps "$@"</programlisting>
+
+ <para>This script runs <command>dvips</command> in filter mode (the
+ <option>-f</option> argument) on standard input, which is the job
+ to print. It then starts the &postscript; printer filter
+ <command>lprps</command> (see section <link
+ linkend="printing-advanced-if-conversion">Accommodating Plain
+ Text Jobs on &postscript; Printers</link>) with the arguments
+ <application>LPD</application>
+ passed to this script. <command>lprps</command> will use those
+ arguments to account for the pages printed.</para>
+ </sect4>
+
+ <sect4>
+ <title>More Conversion Filter Examples</title>
+
+ <para>Since there is no fixed set of steps to install conversion
+ filters, let me instead provide more examples. Use these as
+ guidance to making your own filters. Use them directly, if
+ appropriate.</para>
+
+ <para>This example script is a raster (well, GIF file, actually)
+ conversion filter for a Hewlett Packard LaserJet III-Si
+ printer:</para>
+
+ <programlisting>#!/bin/sh
+#
+# hpvf - Convert GIF files into HP/PCL, then print
+# Installed in /usr/local/libexec/hpvf
+
+PATH=/usr/X11R6/bin:$PATH; export PATH
+giftopnm | ppmtopgm | pgmtopbm | pbmtolj -resolution 300 \
+ &amp;&amp; exit 0 \
+ || exit 2</programlisting>
+
+ <para>It works by converting the GIF file into a portable anymap,
+ converting that into a portable graymap, converting that into a
+ portable bitmap, and converting that into LaserJet/PCL-compatible
+ data.</para>
+
+ <para>Here is the <filename>/etc/printcap</filename> file with an
+ entry for a printer using the above filter:</para>
+
+ <programlisting>#
+# /etc/printcap for host orchid
+#
+teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
+ :lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\
+ :if=/usr/local/libexec/hpif:\
+ :vf=/usr/local/libexec/hpvf:</programlisting>
+
+ <para>The following script is a conversion filter for troff data
+ from the groff typesetting system for the &postscript; printer named
+ <literal>bamboo</literal>:</para>
+
+ <programlisting>#!/bin/sh
+#
+# pstf - Convert groff's troff data into PS, then print.
+# Installed in /usr/local/libexec/pstf
+#
+exec grops | /usr/local/libexec/lprps "$@"</programlisting>
+
+ <para>The above script makes use of <command>lprps</command> again
+ to handle the communication with the printer. If the printer were
+ on a parallel port, we would use this script instead:</para>
+
+ <programlisting>#!/bin/sh
+#
+# pstf - Convert groff's troff data into PS, then print.
+# Installed in /usr/local/libexec/pstf
+#
+exec grops</programlisting>
+
+ <para>That is it. Here is the entry we need to add to
+ <filename>/etc/printcap</filename> to enable the filter:</para>
+
+ <programlisting>:tf=/usr/local/libexec/pstf:</programlisting>
+
+ <para>Here is an example that might make old hands at FORTRAN blush.
+ It is a FORTRAN-text filter for any printer that can directly
+ print plain text. We will install it for the printer
+ <literal>teak</literal>:</para>
+
+ <programlisting>#!/bin/sh
+#
+# hprf - FORTRAN text filter for LaserJet 3si:
+# Installed in /usr/local/libexec/hprf
+#
+
+printf "\033&amp;k2G" &amp;&amp; fpr &amp;&amp; printf "\033&amp;l0H" &amp;&amp;
+ exit 0
+exit 2</programlisting>
+
+ <para>And we will add this line to the
+ <filename>/etc/printcap</filename> for the printer
+ <literal>teak</literal> to enable this filter:</para>
+
+ <programlisting>:rf=/usr/local/libexec/hprf:</programlisting>
+
+ <para>Here is one final, somewhat complex example. We will add a
+ DVI filter to the LaserJet printer <literal>teak</literal>
+ introduced earlier. First, the easy part: updating
+ <filename>/etc/printcap</filename> with the location of the DVI
+ filter:</para>
+
+ <programlisting>:df=/usr/local/libexec/hpdf:</programlisting>
+
+ <para>Now, for the hard part: making the filter. For that, we need
+ a DVI-to-LaserJet/PCL conversion program. The FreeBSD Ports
+ Collection (see <link linkend="ports">The Ports Collection</link>)
+ has one: <command>dvi2xx</command> is the name of the package.
+ Installing this package gives us the program we need,
+ <command>dvilj2p</command>, which converts DVI into LaserJet IIp,
+ LaserJet III, and LaserJet 2000 compatible codes.</para>
+
+ <para><command>dvilj2p</command> makes the filter
+ <command>hpdf</command> quite complex since
+ <command>dvilj2p</command> cannot read from standard input. It
+ wants to work with a filename. What is worse, the filename has to
+ end in <filename>.dvi</filename> so using
+ <filename>/dev/fd/0</filename> for standard input is problematic.
+ We can get around that problem by linking (symbolically) a
+ temporary file name (one that ends in <filename>.dvi</filename>)
+ to <filename>/dev/fd/0</filename>, thereby forcing
+ <command>dvilj2p</command> to read from standard input.</para>
+
+ <para>The only other fly in the ointment is the fact that we cannot
+ use <filename>/tmp</filename> for the temporary link. Symbolic
+ links are owned by user and group <username>bin</username>. The
+ filter runs as user <username>daemon</username>. And the
+ <filename>/tmp</filename> directory has the sticky bit set. The
+ filter can create the link, but it will not be able clean up when
+ done and remove it since the link will belong to a different
+ user.</para>
+
+ <para>Instead, the filter will make the symbolic link in the current
+ working directory, which is the spooling directory (specified by
+ the <literal>sd</literal> capability in
+ <filename>/etc/printcap</filename>). This is a perfect place for
+ filters to do their work, especially since there is (sometimes)
+ more free disk space in the spooling directory than under
+ <filename>/tmp</filename>.</para>
+
+ <para>Here, finally, is the filter:</para>
+
+ <programlisting>#!/bin/sh
+#
+# hpdf - Print DVI data on HP/PCL printer
+# Installed in /usr/local/libexec/hpdf
+
+PATH=/usr/local/bin:$PATH; export PATH
+
+#
+# Define a function to clean up our temporary files. These exist
+# in the current directory, which will be the spooling directory
+# for the printer.
+#
+cleanup() {
+ rm -f hpdf$$.dvi
+}
+
+#
+# Define a function to handle fatal errors: print the given message
+# and exit 2. Exiting with 2 tells LPD to do not try to reprint the
+# job.
+#
+fatal() {
+ echo "$@" 1&gt;&amp;2
+ cleanup
+ exit 2
+}
+
+#
+# If user removes the job, LPD will send SIGINT, so trap SIGINT
+# (and a few other signals) to clean up after ourselves.
+#
+trap cleanup 1 2 15
+
+#
+# Make sure we are not colliding with any existing files.
+#
+cleanup
+
+#
+# Link the DVI input file to standard input (the file to print).
+#
+ln -s /dev/fd/0 hpdf$$.dvi || fatal "Cannot symlink /dev/fd/0"
+
+#
+# Make LF = CR+LF
+#
+printf "\033&amp;k2G" || fatal "Cannot initialize printer"
+
+#
+# Convert and print. Return value from dvilj2p does not seem to be
+# reliable, so we ignore it.
+#
+dvilj2p -M1 -q -e- dfhp$$.dvi
+
+#
+# Clean up and exit
+#
+cleanup
+exit 0</programlisting>
+ </sect4>
+
+ <sect4 id="printing-advanced-autoconv">
+ <title>Automated Conversion: an Alternative to Conversion
+ Filters</title>
+
+ <para>All these conversion filters accomplish a lot for your
+ printing environment, but at the cost forcing the user to specify
+ (on the &man.lpr.1; command line) which one to use.
+ If your users are not particularly computer literate, having to
+ specify a filter option will become annoying. What is worse,
+ though, is that an incorrectly specified filter option may run a
+ filter on the wrong type of file and cause your printer to spew
+ out hundreds of sheets of paper.</para>
+
+ <para>Rather than install conversion filters at all, you might want
+ to try having the text filter (since it is the default filter)
+ detect the type of file it has been asked to print and then
+ automatically run the right conversion filter. Tools such as
+ <command>file</command> can be of help here. Of course, it will
+ be hard to determine the differences between
+ <emphasis>some</emphasis> file types&mdash;and, of course, you can
+ still provide conversion filters just for them.</para>
+
+ <indexterm><primary>apsfilter</primary></indexterm>
+ <indexterm>
+ <primary>printing</primary>
+ <secondary>filters</secondary>
+ <tertiary>apsfilter</tertiary>
+ </indexterm>
+ <para>The FreeBSD Ports Collection has a text filter that performs
+ automatic conversion called <command>apsfilter</command>. It can
+ detect plain text, &postscript;, and DVI files, run the proper
+ conversions, and print.</para>
+ </sect4>
+ </sect3>
+
+ <sect3 id="printing-advanced-of">
+ <title>Output Filters</title>
+
+ <para>The <application>LPD</application> spooling system supports one
+ other type of filter that
+ we have not yet explored: an output filter. An output filter is
+ intended for printing plain text only, like the text filter, but
+ with many simplifications. If you are using an output filter but no
+ text filter, then:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><application>LPD</application> starts an output filter once
+ for the entire job instead
+ of once for each file in the job.</para>
+ </listitem>
+
+ <listitem>
+ <para><application>LPD</application> does not make any provision
+ to identify the start or the
+ end of files within the job for the output filter.</para>
+ </listitem>
+
+ <listitem>
+ <para><application>LPD</application> does not pass the user's
+ login or host to the filter, so
+ it is not intended to do accounting. In fact, it gets only two
+ arguments:</para>
+
+ <cmdsynopsis>
+ <command>filter-name</command>
+ <arg choice="plain">-w<replaceable>width</replaceable></arg>
+ <arg choice="plain">-l<replaceable>length</replaceable></arg>
+ </cmdsynopsis>
+
+ <para>Where <replaceable>width</replaceable> is from the
+ <literal>pw</literal> capability and
+ <replaceable>length</replaceable> is from the
+ <literal>pl</literal> capability for the printer in
+ question.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Do not be seduced by an output filter's simplicity. If you
+ would like each file in a job to start on a different page an output
+ filter <emphasis>will not work</emphasis>. Use a text filter (also
+ known as an input filter); see section <link
+ linkend="printing-textfilter">Installing the Text Filter</link>.
+ Furthermore, an output filter is actually <emphasis>more
+ complex</emphasis> in that it has to examine the byte stream being
+ sent to it for special flag characters and must send signals to
+ itself on behalf of <application>LPD</application>.</para>
+
+ <para>However, an output filter is <emphasis>necessary</emphasis> if
+ you want header pages and need to send escape sequences or other
+ initialization strings to be able to print the header page. (But it
+ is also <emphasis>futile</emphasis> if you want to charge header
+ pages to the requesting user's account, since
+ <application>LPD</application> does not give any
+ user or host information to the output filter.)</para>
+
+ <para>On a single printer, <application>LPD</application>
+ allows both an output filter and text or other filters. In
+ such cases, <application>LPD</application> will start the
+ output filter
+ to print the header page (see section <link
+ linkend="printing-advanced-header-pages">Header Pages</link>)
+ only. <application>LPD</application> then expects the
+ output filter to <emphasis>stop
+ itself</emphasis> by sending two bytes to the filter: ASCII 031
+ followed by ASCII 001. When an output filter sees these two bytes
+ (031, 001), it should stop by sending <literal>SIGSTOP</literal>
+ to itself. When
+ <application>LPD</application>'s
+ done running other filters, it will restart the output filter by
+ sending <literal>SIGCONT</literal> to it.</para>
+
+ <para>If there is an output filter but <emphasis>no</emphasis> text
+ filter and <application>LPD</application> is working on a plain
+ text job, <application>LPD</application> uses the output
+ filter to do the job. As stated before, the output filter will
+ print each file of the job in sequence with no intervening form
+ feeds or other paper advancement, and this is probably
+ <emphasis>not</emphasis> what you want. In almost all cases, you
+ need a text filter.</para>
+
+ <para>The program <command>lpf</command>, which we introduced earlier
+ as a text filter, can also run as an output filter. If you need a
+ quick-and-dirty output filter but do not want to write the byte
+ detection and signal sending code, try <command>lpf</command>. You
+ can also wrap <command>lpf</command> in a shell script to handle any
+ initialization codes the printer might require.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-lpf">
+ <title><command>lpf</command>: a Text Filter</title>
+
+ <para>The program <filename>/usr/libexec/lpr/lpf</filename> that comes
+ with FreeBSD binary distribution is a text filter (input filter)
+ that can indent output (job submitted with <command>lpr
+ -i</command>), allow literal characters to pass (job submitted
+ with <command>lpr -l</command>), adjust the printing position for
+ backspaces and tabs in the job, and account for pages printed. It
+ can also act like an output filter.</para>
+
+ <para><command>lpf</command> is suitable for many printing
+ environments. And although it has no capability to send
+ initialization sequences to a printer, it is easy to write a shell
+ script to do the needed initialization and then execute
+ <command>lpf</command>.</para>
+
+ <indexterm><primary>page accounting</primary></indexterm>
+ <indexterm>
+ <primary>accounting</primary>
+ <secondary>printer</secondary>
+ </indexterm>
+ <para>In order for <command>lpf</command> to do page accounting
+ correctly, it needs correct values filled in for the
+ <literal>pw</literal> and <literal>pl</literal> capabilities in the
+ <filename>/etc/printcap</filename> file. It uses these values to
+ determine how much text can fit on a page and how many pages were in
+ a user's job. For more information on printer accounting, see <link
+ linkend="printing-advanced-acct">Accounting for Printer
+ Usage</link>.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="printing-advanced-header-pages">
+ <title>Header Pages</title>
+
+ <para>If you have <emphasis>lots</emphasis> of users, all of them using
+ various printers, then you probably want to consider <emphasis>header
+ pages</emphasis> as a necessary evil.</para>
+
+ <indexterm>
+ <primary>banner pages</primary>
+ <see>header pages</see>
+ </indexterm>
+ <indexterm><primary>header pages</primary></indexterm>
+ <para>Header pages, also known as <emphasis>banner</emphasis> or
+ <emphasis>burst pages</emphasis> identify to whom jobs belong after
+ they are printed. They are usually printed in large, bold letters,
+ perhaps with decorative borders, so that in a stack of printouts they
+ stand out from the real documents that comprise users' jobs. They
+ enable users to locate their jobs quickly. The obvious drawback to a
+ header page is that it is yet one more sheet that has to be printed
+ for every job, their ephemeral usefulness lasting not more than a few
+ minutes, ultimately finding themselves in a recycling bin or rubbish
+ heap. (Note that header pages go with each job, not each file in a
+ job, so the paper waste might not be that bad.)</para>
+
+ <para>The <application>LPD</application> system can provide header
+ pages automatically for your
+ printouts <emphasis>if</emphasis> your printer can directly print
+ plain text. If you have a &postscript; printer, you will need an
+ external program to generate the header page; see <link
+ linkend="printing-advanced-header-pages-ps">Header Pages on
+ &postscript; Printers</link>.</para>
+
+ <sect3 id="printing-advanced-header-pages-enabling">
+ <title>Enabling Header Pages</title>
+
+ <para>In the <link linkend="printing-simple">Simple Printer
+ Setup</link> section, we turned off header pages by specifying
+ <literal>sh</literal> (meaning <quote>suppress header</quote>) in the
+ <filename>/etc/printcap</filename> file. To enable header pages for
+ a printer, just remove the <literal>sh</literal> capability.</para>
+
+ <para>Sounds too easy, right?</para>
+
+ <para>You are right. You <emphasis>might</emphasis> have to provide
+ an output filter to send initialization strings to the printer.
+ Here is an example output filter for Hewlett Packard PCL-compatible
+ printers:</para>
+
+ <programlisting>#!/bin/sh
+#
+# hpof - Output filter for Hewlett Packard PCL-compatible printers
+# Installed in /usr/local/libexec/hpof
+
+printf "\033&amp;k2G" || exit 2
+exec /usr/libexec/lpr/lpf</programlisting>
+
+ <para>Specify the path to the output filter in the
+ <literal>of</literal> capability. See the <link
+ linkend="printing-advanced-of">Output Filters</link> section for more
+ information.</para>
+
+ <para>Here is an example <filename>/etc/printcap</filename> file for
+ the printer <literal>teak</literal> that we introduced earlier; we
+ enabled header pages and added the above output filter:</para>
+
+ <programlisting>#
+# /etc/printcap for host orchid
+#
+teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
+ :lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:\
+ :if=/usr/local/libexec/hpif:\
+ :vf=/usr/local/libexec/hpvf:\
+ :of=/usr/local/libexec/hpof:</programlisting>
+
+ <para>Now, when users print jobs to <literal>teak</literal>, they get
+ a header page with each job. If users want to spend time searching
+ for their printouts, they can suppress header pages by submitting
+ the job with <command>lpr -h</command>; see the <link
+ linkend="printing-lpr-options-misc">Header Page Options</link> section for
+ more &man.lpr.1; options.</para>
+
+ <note>
+ <para><application>LPD</application> prints a form feed character
+ after the header page. If
+ your printer uses a different character or sequence of characters
+ to eject a page, specify them with the <literal>ff</literal>
+ capability in <filename>/etc/printcap</filename>.</para>
+ </note>
+ </sect3>
+
+ <sect3 id="printing-advanced-header-pages-controlling">
+ <title>Controlling Header Pages</title>
+
+ <para>By enabling header pages, <application>LPD</application> will
+ produce a <emphasis>long
+ header</emphasis>, a full page of large letters identifying the
+ user, host, and job. Here is an example (kelly printed the job
+ named outline from host <hostid>rose</hostid>):</para>
+
+ <programlisting> k ll ll
+ k l l
+ k l l
+ k k eeee l l y y
+ k k e e l l y y
+ k k eeeeee l l y y
+ kk k e l l y y
+ k k e e l l y yy
+ k k eeee lll lll yyy y
+ y
+ y y
+ yyyy
+
+
+ ll
+ t l i
+ t l
+ oooo u u ttttt l ii n nnn eeee
+ o o u u t l i nn n e e
+ o o u u t l i n n eeeeee
+ o o u u t l i n n e
+ o o u uu t t l i n n e e
+ oooo uuu u tt lll iii n n eeee
+
+
+
+
+
+
+
+
+
+ r rrr oooo ssss eeee
+ rr r o o s s e e
+ r o o ss eeeeee
+ r o o ss e
+ r o o s s e e
+ r oooo ssss eeee
+
+
+
+
+
+
+
+ Job: outline
+ Date: Sun Sep 17 11:04:58 1995</programlisting>
+
+ <para><application>LPD</application> appends a form feed after this
+ text so the job starts on a
+ new page (unless you have <literal>sf</literal> (suppress form
+ feeds) in the destination printer's entry in
+ <filename>/etc/printcap</filename>).</para>
+
+ <para>If you prefer, <application>LPD</application> can make a
+ <emphasis>short header</emphasis>;
+ specify <literal>sb</literal> (short banner) in the
+ <filename>/etc/printcap</filename> file. The header page will look
+ like this:</para>
+
+ <programlisting>rose:kelly Job: outline Date: Sun Sep 17 11:07:51 1995</programlisting>
+
+ <para>Also by default, <application>LPD</application> prints the
+ header page first, then the job.
+ To reverse that, specify <literal>hl</literal> (header last) in
+ <filename>/etc/printcap</filename>.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-header-pages-accounting">
+ <title>Accounting for Header Pages</title>
+
+ <para>Using <application>LPD</application>'s built-in header pages
+ enforces a particular paradigm
+ when it comes to printer accounting: header pages must be
+ <emphasis>free of charge</emphasis>.</para>
+
+ <para>Why?</para>
+
+ <para>Because the output filter is the only external program that will
+ have control when the header page is printed that could do
+ accounting, and it is not provided with any <emphasis>user or
+ host</emphasis> information or an accounting file, so it has no
+ idea whom to charge for printer use. It is also not enough to just
+ <quote>add one page</quote> to the text filter or any of the
+ conversion filters (which do have user and host information) since
+ users can suppress header pages with <command>lpr -h</command>.
+ They could still be charged for header pages they did not print.
+ Basically, <command>lpr -h</command> will be the preferred option of
+ environmentally-minded users, but you cannot offer any incentive to
+ use it.</para>
+
+ <para>It is <emphasis>still not enough</emphasis> to have each of the
+ filters generate their own header pages (thereby being able to
+ charge for them). If users wanted the option of suppressing the
+ header pages with <command>lpr -h</command>, they will still get
+ them and be charged for them since <application>LPD</application>
+ does not pass any knowledge
+ of the <option>-h</option> option to any of the filters.</para>
+
+ <para>So, what are your options?</para>
+
+ <para>You can:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Accept <application>LPD</application>'s paradigm and make
+ header pages free.</para>
+ </listitem>
+
+ <listitem>
+ <para>Install an alternative to <application>LPD</application>,
+ such as
+ <application>LPRng</application>. Section
+ <link linkend="printing-lpd-alternatives">Alternatives to the
+ Standard Spooler</link> tells more about other spooling
+ software you can substitute for <application>LPD</application>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>Write a <emphasis>smart</emphasis> output filter. Normally,
+ an output filter is not meant to do anything more than
+ initialize a printer or do some simple character conversion. It
+ is suited for header pages and plain text jobs (when there is no
+ text (input) filter). But, if there is a text filter for the
+ plain text jobs, then <application>LPD</application> will start
+ the output filter only for
+ the header pages. And the output filter can parse the header
+ page text that <application>LPD</application> generates to
+ determine what user and host to
+ charge for the header page. The only other problem with this
+ method is that the output filter still does not know what
+ accounting file to use (it is not passed the name of the file
+ from the <literal>af</literal> capability), but if you have a
+ well-known accounting file, you can hard-code that into the
+ output filter. To facilitate the parsing step, use the
+ <literal>sh</literal> (short header) capability in
+ <filename>/etc/printcap</filename>. Then again, all that might
+ be too much trouble, and users will certainly appreciate the
+ more generous system administrator who makes header pages
+ free.</para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+
+ <sect3 id="printing-advanced-header-pages-ps">
+ <title>Header Pages on &postscript; Printers</title>
+
+ <para>As described above, <application>LPD</application> can generate
+ a plain text header page
+ suitable for many printers. Of course, &postscript; cannot directly
+ print plain text, so the header page feature of
+ <application>LPD</application> is
+ useless&mdash;or mostly so.</para>
+
+ <para>One obvious way to get header pages is to have every conversion
+ filter and the text filter generate the header page. The filters
+ should use the user and host arguments to generate a suitable
+ header page. The drawback of this method is that users will always
+ get a header page, even if they submit jobs with <command>lpr
+ -h</command>.</para>
+
+ <para>Let us explore this method. The following script takes three
+ arguments (user login name, host name, and job name) and makes a
+ simple &postscript; header page:</para>
+
+ <programlisting>#!/bin/sh
+#
+# make-ps-header - make a PostScript header page on stdout
+# Installed in /usr/local/libexec/make-ps-header
+#
+
+#
+# These are PostScript units (72 to the inch). Modify for A4 or
+# whatever size paper you are using:
+#
+page_width=612
+page_height=792
+border=72
+
+#
+# Check arguments
+#
+if [ $# -ne 3 ]; then
+ echo "Usage: `basename $0` &lt;user&gt; &lt;host&gt; &lt;job&gt;" 1&gt;&amp;2
+ exit 1
+fi
+
+#
+# Save these, mostly for readability in the PostScript, below.
+#
+user=$1
+host=$2
+job=$3
+date=`date`
+
+#
+# Send the PostScript code to stdout.
+#
+exec cat &lt;&lt;EOF
+%!PS
+
+%
+% Make sure we do not interfere with user's job that will follow
+%
+save
+
+%
+% Make a thick, unpleasant border around the edge of the paper.
+%
+$border $border moveto
+$page_width $border 2 mul sub 0 rlineto
+0 $page_height $border 2 mul sub rlineto
+currentscreen 3 -1 roll pop 100 3 1 roll setscreen
+$border 2 mul $page_width sub 0 rlineto closepath
+0.8 setgray 10 setlinewidth stroke 0 setgray
+
+%
+% Display user's login name, nice and large and prominent
+%
+/Helvetica-Bold findfont 64 scalefont setfont
+$page_width ($user) stringwidth pop sub 2 div $page_height 200 sub moveto
+($user) show
+
+%
+% Now show the boring particulars
+%
+/Helvetica findfont 14 scalefont setfont
+/y 200 def
+[ (Job:) (Host:) (Date:) ] {
+200 y moveto show /y y 18 sub def }
+forall
+
+/Helvetica-Bold findfont 14 scalefont setfont
+/y 200 def
+[ ($job) ($host) ($date) ] {
+ 270 y moveto show /y y 18 sub def
+} forall
+
+%
+% That is it
+%
+restore
+showpage
+EOF</programlisting>
+
+ <para>Now, each of the conversion filters and the text filter can call
+ this script to first generate the header page, and then print the
+ user's job. Here is the DVI conversion filter from earlier in this
+ document, modified to make a header page:</para>
+
+ <programlisting>#!/bin/sh
+#
+# psdf - DVI to PostScript printer filter
+# Installed in /usr/local/libexec/psdf
+#
+# Invoked by lpd when user runs lpr -d
+#
+
+orig_args="$@"
+
+fail() {
+ echo "$@" 1&gt;&amp;2
+ exit 2
+}
+
+while getopts "x:y:n:h:" option; do
+ case $option in
+ x|y) ;; # Ignore
+ n) login=$OPTARG ;;
+ h) host=$OPTARG ;;
+ *) echo "LPD started `basename $0` wrong." 1&gt;&amp;2
+ exit 2
+ ;;
+ esac
+done
+
+[ "$login" ] || fail "No login name"
+[ "$host" ] || fail "No host name"
+
+( /usr/local/libexec/make-ps-header $login $host "DVI File"
+ /usr/local/bin/dvips -f ) | eval /usr/local/libexec/lprps $orig_args</programlisting>
+
+ <para>Notice how the filter has to parse the argument list in order to
+ determine the user and host name. The parsing for the other
+ conversion filters is identical. The text filter takes a slightly
+ different set of arguments, though (see section <link
+ linkend="printing-advanced-filters">How Filters
+ Work</link>).</para>
+
+ <para>As we have mentioned before, the above scheme, though fairly
+ simple, disables the <quote>suppress header page</quote> option (the
+ <option>-h</option> option) to <command>lpr</command>. If users
+ wanted to save a tree (or a few pennies, if you charge for header
+ pages), they would not be able to do so, since every filter's going
+ to print a header page with every job.</para>
+
+ <para>To allow users to shut off header pages on a per-job basis, you
+ will need to use the trick introduced in section <link
+ linkend="printing-advanced-header-pages-accounting">Accounting for
+ Header Pages</link>: write an output filter that parses the
+ LPD-generated header page and produces a &postscript; version. If the
+ user submits the job with <command>lpr -h</command>, then
+ <application>LPD</application> will
+ not generate a header page, and neither will your output filter.
+ Otherwise, your output filter will read the text from
+ <application>LPD</application> and send
+ the appropriate header page &postscript; code to the printer.</para>
+
+ <para>If you have a &postscript; printer on a serial line, you can make
+ use of <command>lprps</command>, which comes with an output filter,
+ <command>psof</command>, which does the above. Note that
+ <command>psof</command> does not charge for header pages.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="printing-advanced-network-printers">
+ <title>Networked Printing</title>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>network</secondary>
+ </indexterm>
+ <indexterm><primary>network printing</primary></indexterm>
+ <para>FreeBSD supports networked printing: sending jobs to remote
+ printers. Networked printing generally refers to two different
+ things:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Accessing a printer attached to a remote host. You install a
+ printer that has a conventional serial or parallel interface on
+ one host. Then, you set up <application>LPD</application> to
+ enable access to the printer
+ from other hosts on the network. Section <link
+ linkend="printing-advanced-network-rm">Printers Installed on
+ Remote Hosts</link> tells how to do this.</para>
+ </listitem>
+
+ <listitem>
+ <para>Accessing a printer attached directly to a network. The
+ printer has a network interface in addition (or in place of) a
+ more conventional serial or parallel interface. Such a printer
+ might work as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>It might understand the <application>LPD</application>
+ protocol and can even queue
+ jobs from remote hosts. In this case, it acts just like a
+ regular host running <application>LPD</application>. Follow
+ the same procedure in
+ section <link linkend="printing-advanced-network-rm">Printers
+ Installed on Remote Hosts</link> to set up such a
+ printer.</para>
+ </listitem>
+
+ <listitem>
+ <para>It might support a data stream network connection. In this
+ case, you <quote>attach</quote> the printer to one host on the
+ network by making that host responsible for spooling jobs and
+ sending them to the printer. Section <link
+ linkend="printing-advanced-network-net-if">Printers with
+ Networked Data Stream Interfaces</link> gives some
+ suggestions on installing such printers.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+
+ <sect3 id="printing-advanced-network-rm">
+ <title>Printers Installed on Remote Hosts</title>
+
+ <para>The <application>LPD</application> spooling system has built-in
+ support for sending jobs to
+ other hosts also running <application>LPD</application> (or are
+ compatible with <application>LPD</application>). This
+ feature enables you to install a printer on one host and make it
+ accessible from other hosts. It also works with printers that have
+ network interfaces that understand the
+ <application>LPD</application> protocol.</para>
+
+ <para>To enable this kind of remote printing, first install a printer
+ on one host, the <emphasis>printer host</emphasis>, using the simple
+ printer setup described in the <link linkend="printing-simple">Simple
+ Printer Setup</link> section. Do any advanced setup in <link
+ linkend="printing-advanced">Advanced Printer Setup</link> that you
+ need. Make sure to test the printer and see if it works with the
+ features of <application>LPD</application> you have enabled.
+ Also ensure that the
+ <emphasis>local host</emphasis> has authorization to use the
+ <application>LPD</application>
+ service in the <emphasis>remote host</emphasis> (see <link
+ linkend="printing-advanced-restricting-remote">Restricting Jobs
+ from Remote Printers</link>).</para>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>network</secondary>
+ </indexterm>
+ <indexterm><primary>network printing</primary></indexterm>
+ <para>If you are using a printer with a network interface that is
+ compatible with <application>LPD</application>, then the
+ <emphasis>printer host</emphasis> in
+ the discussion below is the printer itself, and the
+ <emphasis>printer name</emphasis> is the name you configured for the
+ printer. See the documentation that accompanied your printer and/or
+ printer-network interface.</para>
+
+ <tip>
+ <para>If you are using a Hewlett Packard Laserjet then the printer
+ name <literal>text</literal> will automatically perform the LF to
+ CRLF conversion for you, so you will not require the
+ <filename>hpif</filename> script.</para>
+ </tip>
+
+ <para>Then, on the other hosts you want to have access to the printer,
+ make an entry in their <filename>/etc/printcap</filename> files with
+ the following:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Name the entry anything you want. For simplicity, though,
+ you probably want to use the same name and aliases as on the
+ printer host.</para>
+ </listitem>
+
+ <listitem>
+ <para>Leave the <literal>lp</literal> capability blank, explicitly
+ (<literal>:lp=:</literal>).</para>
+ </listitem>
+
+ <listitem>
+ <para>Make a spooling directory and specify its location in the
+ <literal>sd</literal> capability. <application>LPD</application>
+ will store jobs here
+ before they get sent to the printer host.</para>
+ </listitem>
+
+ <listitem>
+ <para>Place the name of the printer host in the
+ <literal>rm</literal> capability.</para>
+ </listitem>
+
+ <listitem>
+ <para>Place the printer name on the <emphasis>printer
+ host</emphasis> in the <literal>rp</literal>
+ capability.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>That is it. You do not need to list conversion filters, page
+ dimensions, or anything else in the
+ <filename>/etc/printcap</filename> file.</para>
+
+ <para>Here is an example. The host <hostid>rose</hostid> has two
+ printers, <literal>bamboo</literal> and <literal>rattan</literal>.
+ We will enable users on the host <hostid>orchid</hostid> to print
+ to those printers.
+ Here is the <filename>/etc/printcap</filename> file for
+ <hostid>orchid</hostid> (back from section <link
+ linkend="printing-advanced-header-pages-enabling">Enabling Header
+ Pages</link>). It already had the entry for the printer
+ <literal>teak</literal>; we have added entries for the two printers
+ on the host <hostid>rose</hostid>:</para>
+
+ <programlisting>#
+# /etc/printcap for host orchid - added (remote) printers on rose
+#
+
+#
+# teak is local; it is connected directly to orchid:
+#
+teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
+ :lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:\
+ :if=/usr/local/libexec/ifhp:\
+ :vf=/usr/local/libexec/vfhp:\
+ :of=/usr/local/libexec/ofhp:
+
+#
+# rattan is connected to rose; send jobs for rattan to rose:
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan:
+
+#
+# bamboo is connected to rose as well:
+#
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo:</programlisting>
+
+ <para>Then, we just need to make spooling directories on
+ <hostid>orchid</hostid>:</para>
+
+ <screen>&prompt.root; <userinput>mkdir -p /var/spool/lpd/rattan /var/spool/lpd/bamboo</userinput>
+&prompt.root; <userinput>chmod 770 /var/spool/lpd/rattan /var/spool/lpd/bamboo</userinput>
+&prompt.root; <userinput>chown daemon:daemon /var/spool/lpd/rattan /var/spool/lpd/bamboo</userinput></screen>
+
+ <para>Now, users on <hostid>orchid</hostid> can print to
+ <literal>rattan</literal> and <literal>bamboo</literal>. If, for
+ example, a user on <hostid>orchid</hostid> typed
+
+ <screen>&prompt.user; <userinput>lpr -P bamboo -d sushi-review.dvi</userinput></screen>
+
+ the <application>LPD</application> system on <hostid>orchid</hostid>
+ would copy the job to the spooling
+ directory <filename>/var/spool/lpd/bamboo</filename> and note that it was a
+ DVI job. As soon as the host <hostid>rose</hostid> has room in its
+ <literal>bamboo</literal> spooling directory, the two
+ <application>LPDs</application> would transfer the
+ file to <hostid>rose</hostid>. The file would wait in <hostid>rose</hostid>'s
+ queue until it was finally printed. It would be converted from DVI to
+ &postscript; (since <literal>bamboo</literal> is a &postscript; printer) on
+ <hostid>rose</hostid>.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-network-net-if">
+ <title>Printers with Networked Data Stream Interfaces</title>
+
+ <para>Often, when you buy a network interface card for a printer, you
+ can get two versions: one which emulates a spooler (the more
+ expensive version), or one which just lets you send data to it as if
+ you were using a serial or parallel port (the cheaper version).
+ This section tells how to use the cheaper version. For the more
+ expensive one, see the previous section <link
+ linkend="printing-advanced-network-rm">Printers Installed on
+ Remote Hosts</link>.</para>
+
+ <para>The format of the <filename>/etc/printcap</filename> file lets
+ you specify what serial or parallel interface to use, and (if you
+ are using a serial interface), what baud rate, whether to use flow
+ control, delays for tabs, conversion of newlines, and more. But
+ there is no way to specify a connection to a printer that is
+ listening on a TCP/IP or other network port.</para>
+
+ <para>To send data to a networked printer, you need to develop a
+ communications program that can be called by the text and conversion
+ filters. Here is one such example: the script
+ <command>netprint</command> takes all data on standard input and
+ sends it to a network-attached printer. We specify the hostname of
+ the printer as the first argument and the port number to which to
+ connect as the second argument to <command>netprint</command>. Note
+ that this supports one-way communication only (FreeBSD to printer);
+ many network printers support two-way communication, and you might
+ want to take advantage of that (to get printer status, perform
+ accounting, etc.).</para>
+
+ <programlisting>#!/usr/bin/perl
+#
+# netprint - Text filter for printer attached to network
+# Installed in /usr/local/libexec/netprint
+#
+$#ARGV eq 1 || die "Usage: $0 &lt;printer-hostname&gt; &lt;port-number&gt;";
+
+$printer_host = $ARGV[0];
+$printer_port = $ARGV[1];
+
+require 'sys/socket.ph';
+
+($ignore, $ignore, $protocol) = getprotobyname('tcp');
+($ignore, $ignore, $ignore, $ignore, $address)
+ = gethostbyname($printer_host);
+
+$sockaddr = pack('S n a4 x8', &amp;AF_INET, $printer_port, $address);
+
+socket(PRINTER, &amp;PF_INET, &amp;SOCK_STREAM, $protocol)
+ || die "Can't create TCP/IP stream socket: $!";
+connect(PRINTER, $sockaddr) || die "Can't contact $printer_host: $!";
+while (&lt;STDIN&gt;) { print PRINTER; }
+exit 0;</programlisting>
+
+ <para>We can then use this script in various filters. Suppose we had
+ a Diablo 750-N line printer connected to the network. The printer
+ accepts data to print on port number 5100. The host name of the
+ printer is scrivener. Here is the text filter for the
+ printer:</para>
+
+ <programlisting>#!/bin/sh
+#
+# diablo-if-net - Text filter for Diablo printer `scrivener' listening
+# on port 5100. Installed in /usr/local/libexec/diablo-if-net
+#
+exec /usr/libexec/lpr/lpf "$@" | /usr/local/libexec/netprint scrivener 5100</programlisting>
+ </sect3>
+ </sect2>
+
+ <sect2 id="printing-advanced-restricting">
+ <title>Restricting Printer Usage</title>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>restricting access to</secondary>
+ </indexterm>
+ <para>This section gives information on restricting printer usage. The
+ <application>LPD</application> system lets you control who can access
+ a printer, both locally or
+ remotely, whether they can print multiple copies, how large their jobs
+ can be, and how large the printer queues can get.</para>
+
+ <sect3 id="printing-advanced-restricting-copies">
+ <title>Restricting Multiple Copies</title>
+
+ <para>The <application>LPD</application> system makes it easy for
+ users to print multiple copies
+ of a file. Users can print jobs with <command>lpr -#5</command>
+ (for example) and get five copies of each file in the job. Whether
+ this is a good thing is up to you.</para>
+
+ <para>If you feel multiple copies cause unnecessary wear and tear on
+ your printers, you can disable the <option>-#</option> option to
+ &man.lpr.1; by adding the <literal>sc</literal> capability to the
+ <filename>/etc/printcap</filename> file. When users submit jobs
+ with the <option>-#</option> option, they will see:</para>
+
+ <screen>lpr: multiple copies are not allowed</screen>
+
+
+ <para>Note that if you have set up access to a printer remotely (see
+ section <link linkend="printing-advanced-network-rm">Printers
+ Installed on Remote Hosts</link>), you need the
+ <literal>sc</literal> capability on the remote
+ <filename>/etc/printcap</filename> files as well, or else users will
+ still be able to submit multiple-copy jobs by using another
+ host.</para>
+
+ <para>Here is an example. This is the
+ <filename>/etc/printcap</filename> file for the host
+ <hostid>rose</hostid>. The printer <literal>rattan</literal> is
+ quite hearty, so we will allow multiple copies, but the laser
+ printer <literal>bamboo</literal> is a bit more delicate, so we will
+ disable multiple copies by adding the <literal>sc</literal>
+ capability:</para>
+
+ <programlisting>#
+# /etc/printcap for host rose - restrict multiple copies on bamboo
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:sd=/var/spool/lpd/rattan:\
+ :lp=/dev/lpt0:\
+ :if=/usr/local/libexec/if-simple:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:sc:\
+ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
+ :if=/usr/local/libexec/psif:\
+ :df=/usr/local/libexec/psdf:</programlisting>
+
+ <para>Now, we also need to add the <literal>sc</literal> capability on
+ the host <hostid>orchid</hostid>'s
+ <filename>/etc/printcap</filename> (and while we are at it, let us
+ disable multiple copies for the printer
+ <literal>teak</literal>):</para>
+
+ <programlisting>#
+# /etc/printcap for host orchid - no multiple copies for local
+# printer teak or remote printer bamboo
+teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
+ :lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:sc:\
+ :if=/usr/local/libexec/ifhp:\
+ :vf=/usr/local/libexec/vfhp:\
+ :of=/usr/local/libexec/ofhp:
+
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo:sc:</programlisting>
+
+ <para>By using the <literal>sc</literal> capability, we prevent the
+ use of <command>lpr -#</command>, but that still does not prevent
+ users from running &man.lpr.1;
+ multiple times, or from submitting the same file multiple times in
+ one job like this:</para>
+
+ <screen>&prompt.user; <userinput>lpr forsale.sign forsale.sign forsale.sign forsale.sign forsale.sign</userinput></screen>
+
+ <para>There are many ways to prevent this abuse (including ignoring
+ it) which you are free to explore.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-restricting-access">
+ <title>Restricting Access to Printers</title>
+
+ <para>You can control who can print to what printers by using the &unix;
+ group mechanism and the <literal>rg</literal> capability in
+ <filename>/etc/printcap</filename>. Just place the users you want
+ to have access to a printer in a certain group, and then name that
+ group in the <literal>rg</literal> capability.</para>
+
+ <para>Users outside the group (including <username>root</username>)
+ will be greeted with
+
+ <errorname>lpr: Not a member of the restricted group</errorname>
+
+ if they try to print to the controlled printer.</para>
+
+ <para>As with the <literal>sc</literal> (suppress multiple copies)
+ capability, you need to specify <literal>rg</literal> on remote
+ hosts that also have access to your printers, if you feel it is
+ appropriate (see section <link
+ linkend="printing-advanced-network-rm">Printers Installed on
+ Remote Hosts</link>).</para>
+
+ <para>For example, we will let anyone access the printer
+ <literal>rattan</literal>, but only those in group
+ <literal>artists</literal> can use <literal>bamboo</literal>. Here
+ is the familiar <filename>/etc/printcap</filename> for host
+ <hostid>rose</hostid>:</para>
+
+ <programlisting>#
+# /etc/printcap for host rose - restricted group for bamboo
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:sd=/var/spool/lpd/rattan:\
+ :lp=/dev/lpt0:\
+ :if=/usr/local/libexec/if-simple:
+
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:\
+ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
+ :if=/usr/local/libexec/psif:\
+ :df=/usr/local/libexec/psdf:</programlisting>
+
+ <para>Let us leave the other example
+ <filename>/etc/printcap</filename> file (for the host
+ <hostid>orchid</hostid>) alone. Of course, anyone on
+ <hostid>orchid</hostid> can print to <literal>bamboo</literal>. It
+ might be the case that we only allow certain logins on
+ <hostid>orchid</hostid> anyway, and want them to have access to the
+ printer. Or not.</para>
+
+ <note>
+ <para>There can be only one restricted group per printer.</para>
+ </note>
+ </sect3>
+
+ <sect3 id="printing-advanced-restricting-sizes">
+ <title>Controlling Sizes of Jobs Submitted</title>
+
+ <indexterm><primary>print jobs</primary></indexterm>
+ <para>If you have many users accessing the printers, you probably need
+ to put an upper limit on the sizes of the files users can submit to
+ print. After all, there is only so much free space on the
+ filesystem that houses the spooling directories, and you also need
+ to make sure there is room for the jobs of other users.</para>
+
+ <indexterm>
+ <primary>print jobs</primary>
+ <secondary>controlling</secondary>
+ </indexterm>
+ <para><application>LPD</application> enables you to limit the maximum
+ byte size a file in a job
+ can be with the <literal>mx</literal> capability. The units are in
+ <literal>BUFSIZ</literal> blocks, which are 1024 bytes. If you put
+ a zero for this
+ capability, there will be no limit on file size; however, if no
+ <literal>mx</literal> capability is specified, then a default limit
+ of 1000 blocks will be used.</para>
+
+ <note>
+ <para>The limit applies to <emphasis>files</emphasis> in a job, and
+ <emphasis>not</emphasis> the total job size.</para>
+ </note>
+
+ <para><application>LPD</application> will not refuse a file that is
+ larger than the limit you
+ place on a printer. Instead, it will queue as much of the file up
+ to the limit, which will then get printed. The rest will be
+ discarded. Whether this is correct behavior is up for
+ debate.</para>
+
+ <para>Let us add limits to our example printers
+ <literal>rattan</literal> and <literal>bamboo</literal>. Since
+ those artists' &postscript; files tend to be large, we will limit them
+ to five megabytes. We will put no limit on the plain text line
+ printer:</para>
+
+ <programlisting>#
+# /etc/printcap for host rose
+#
+
+#
+# No limit on job size:
+#
+rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:mx#0:sd=/var/spool/lpd/rattan:\
+ :lp=/dev/lpt0:\
+ :if=/usr/local/libexec/if-simple:
+
+#
+# Limit of five megabytes:
+#
+bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\
+ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
+ :if=/usr/local/libexec/psif:\
+ :df=/usr/local/libexec/psdf:</programlisting>
+
+ <para>Again, the limits apply to the local users only. If you have
+ set up access to your printers remotely, remote users will not get
+ those limits. You will need to specify the <literal>mx</literal>
+ capability in the remote <filename>/etc/printcap</filename> files as
+ well. See section <link
+ linkend="printing-advanced-network-rm">Printers Installed on
+ Remote Hosts</link> for more information on remote
+ printing.</para>
+
+ <para>There is another specialized way to limit job sizes from remote
+ printers; see section <link
+ linkend="printing-advanced-restricting-remote">Restricting Jobs
+ from Remote Printers</link>.</para>
+ </sect3>
+
+ <sect3 id="printing-advanced-restricting-remote">
+ <title>Restricting Jobs from Remote Printers</title>
+
+ <para>The <application>LPD</application> spooling system provides
+ several ways to restrict print
+ jobs submitted from remote hosts:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Host restrictions</term>
+
+ <listitem>
+ <para>You can control from which remote hosts a local
+ <application>LPD</application> accepts requests with the files
+ <filename>/etc/hosts.equiv</filename> and
+ <filename>/etc/hosts.lpd</filename>.
+ <application>LPD</application> checks to see if an
+ incoming request is from a host listed in either one of these
+ files. If not, <application>LPD</application> refuses the
+ request.</para>
+
+ <para>The format of these files is simple: one host name per
+ line. Note that the file
+ <filename>/etc/hosts.equiv</filename> is also used by the
+ &man.ruserok.3; protocol, and affects programs like
+ &man.rsh.1; and &man.rcp.1;, so be careful.</para>
+
+ <para>For example, here is the
+ <filename>/etc/hosts.lpd</filename> file on the host
+ <hostid>rose</hostid>:</para>
+
+ <programlisting>orchid
+violet
+madrigal.fishbaum.de</programlisting>
+
+ <para>This means <hostid>rose</hostid> will accept requests from
+ the hosts <hostid>orchid</hostid>, <hostid>violet</hostid>,
+ and <hostid role="fqdn">madrigal.fishbaum.de</hostid>. If any
+ other host tries to access <hostid>rose</hostid>'s
+ <application>LPD</application>, the job will be refused.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Size restrictions</term>
+
+ <listitem>
+ <para>You can control how much free space there needs to remain
+ on the filesystem where a spooling directory resides. Make a
+ file called <filename>minfree</filename> in the spooling
+ directory for the local printer. Insert in that file a number
+ representing how many disk blocks (512 bytes) of free space
+ there has to be for a remote job to be accepted.</para>
+
+ <para>This lets you insure that remote users will not fill your
+ filesystem. You can also use it to give a certain priority to
+ local users: they will be able to queue jobs long after the
+ free disk space has fallen below the amount specified in the
+ <filename>minfree</filename> file.</para>
+
+ <para>For example, let us add a <filename>minfree</filename>
+ file for the printer <literal>bamboo</literal>. We examine
+ <filename>/etc/printcap</filename> to find the spooling
+ directory for this printer; here is <literal>bamboo</literal>'s
+ entry:</para>
+
+ <programlisting>bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
+ :sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\
+ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:mx#5000:\
+ :if=/usr/local/libexec/psif:\
+ :df=/usr/local/libexec/psdf:</programlisting>
+
+ <para>The spooling directory is given in the <literal>sd</literal>
+ capability. We will make three megabytes (which is 6144 disk blocks)
+ the amount of free disk space that must exist on the filesystem for
+ <application>LPD</application> to accept remote jobs:</para>
+
+ <screen>&prompt.root; <userinput>echo 6144 &gt; /var/spool/lpd/bamboo/minfree
+ </userinput></screen>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>User restrictions</term>
+
+ <listitem>
+ <para>You can control which remote users can print to local
+ printers by specifying the <literal>rs</literal> capability in
+ <filename>/etc/printcap</filename>. When
+ <literal>rs</literal> appears in the entry for a
+ locally-attached printer, <application>LPD</application> will
+ accept jobs from remote
+ hosts <emphasis>if</emphasis> the user submitting the job also
+ has an account of the same login name on the local host.
+ Otherwise, <application>LPD</application> refuses the job.</para>
+
+ <para>This capability is particularly useful in an environment
+ where there are (for example) different departments sharing a
+ network, and some users transcend departmental boundaries. By
+ giving them accounts on your systems, they can use your
+ printers from their own departmental systems. If you would
+ rather allow them to use <emphasis>only</emphasis> your
+ printers and not your computer resources, you can give them
+ <quote>token</quote> accounts, with no home directory and a
+ useless shell like <filename>/usr/bin/false</filename>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect3>
+ </sect2>
+
+ <sect2 id="printing-advanced-acct">
+ <title>Accounting for Printer Usage</title>
+
+ <indexterm>
+ <primary>accounting</primary>
+ <secondary>printer</secondary>
+ </indexterm>
+ <para>So, you need to charge for printouts. And why not? Paper and ink
+ cost money. And then there are maintenance costs&mdash;printers are
+ loaded with moving parts and tend to break down. You have examined
+ your printers, usage patterns, and maintenance fees and have come up
+ with a per-page (or per-foot, per-meter, or per-whatever) cost. Now,
+ how do you actually start accounting for printouts?</para>
+
+ <para>Well, the bad news is the <application>LPD</application> spooling
+ system does not provide
+ much help in this department. Accounting is highly dependent on the
+ kind of printer in use, the formats being printed, and
+ <emphasis>your</emphasis> requirements in charging for printer
+ usage.</para>
+
+ <para>To implement accounting, you have to modify a printer's text
+ filter (to charge for plain text jobs) and the conversion filters (to
+ charge for other file formats), to count pages or query the printer
+ for pages printed. You cannot get away with using the simple output
+ filter, since it cannot do accounting. See section <link
+ linkend="printing-advanced-filter-intro">Filters</link>.</para>
+
+ <para>Generally, there are two ways to do accounting:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>Periodic accounting</emphasis> is the more common
+ way, possibly because it is easier. Whenever someone prints a
+ job, the filter logs the user, host, and number of pages to an
+ accounting file. Every month, semester, year, or whatever time
+ period you prefer, you collect the accounting files for the
+ various printers, tally up the pages printed by users, and charge
+ for usage. Then you truncate all the logging files, starting with
+ a clean slate for the next period.</para>
+ </listitem>
+
+ <listitem>
+ <para><emphasis>Timely accounting</emphasis> is less common,
+ probably because it is more difficult. This method has the
+ filters charge users for printouts as soon as they use the
+ printers. Like disk quotas, the accounting is immediate. You can
+ prevent users from printing when their account goes in the red,
+ and might provide a way for users to check and adjust their
+ <quote>print quotas.</quote> But this method requires some database
+ code to track users and their quotas.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The <application>LPD</application> spooling system supports both
+ methods easily: since you
+ have to provide the filters (well, most of the time), you also have to
+ provide the accounting code. But there is a bright side: you have
+ enormous flexibility in your accounting methods. For example, you
+ choose whether to use periodic or timely accounting. You choose what
+ information to log: user names, host names, job types, pages printed,
+ square footage of paper used, how long the job took to print, and so
+ forth. And you do so by modifying the filters to save this
+ information.</para>
+
+ <sect3>
+ <title>Quick and Dirty Printer Accounting</title>
+
+ <para>FreeBSD comes with two programs that can get you set up with
+ simple periodic accounting right away. They are the text filter
+ <command>lpf</command>, described in section <link
+ linkend="printing-advanced-lpf">lpf: a Text Filter</link>, and
+ &man.pac.8;, a program to gather and total
+ entries from printer accounting files.</para>
+
+ <para>As mentioned in the section on filters (<link
+ linkend="printing-advanced-filters">Filters</link>),
+ <application>LPD</application> starts
+ the text and the conversion filters with the name of the accounting
+ file to use on the filter command line. The filters can use this
+ argument to know where to write an accounting file entry. The name
+ of this file comes from the <literal>af</literal> capability in
+ <filename>/etc/printcap</filename>, and if not specified as an
+ absolute path, is relative to the spooling directory.</para>
+
+ <para><application>LPD</application> starts <command>lpf</command>
+ with page width and length
+ arguments (from the <literal>pw</literal> and <literal>pl</literal>
+ capabilities). <command>lpf</command> uses these arguments to
+ determine how much paper will be used. After sending the file to
+ the printer, it then writes an accounting entry in the accounting
+ file. The entries look like this:</para>
+
+ <programlisting>2.00 rose:andy
+3.00 rose:kelly
+3.00 orchid:mary
+5.00 orchid:mary
+2.00 orchid:zhang</programlisting>
+
+ <para>You should use a separate accounting file for each printer, as
+ <command>lpf</command> has no file locking logic built into it, and
+ two <command>lpf</command>s might corrupt each other's entries if
+ they were to write to the same file at the same time. An easy way
+ to insure a separate accounting file for each printer is to use
+ <literal>af=acct</literal> in <filename>/etc/printcap</filename>.
+ Then, each accounting file will be in the spooling directory for a
+ printer, in a file named <filename>acct</filename>.</para>
+
+ <para>When you are ready to charge users for printouts, run the
+ &man.pac.8; program. Just change to the spooling directory for
+ the printer you want to collect on and type <literal>pac</literal>.
+ You will get a dollar-centric summary like the following:</para>
+
+ <screen> Login pages/feet runs price
+orchid:kelly 5.00 1 $ 0.10
+orchid:mary 31.00 3 $ 0.62
+orchid:zhang 9.00 1 $ 0.18
+rose:andy 2.00 1 $ 0.04
+rose:kelly 177.00 104 $ 3.54
+rose:mary 87.00 32 $ 1.74
+rose:root 26.00 12 $ 0.52
+
+total 337.00 154 $ 6.74</screen>
+
+ <para>These are the arguments &man.pac.8; expects:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-P<replaceable>printer</replaceable></option></term>
+
+ <listitem>
+ <para>Which <replaceable>printer</replaceable> to summarize.
+ This option works only if there is an absolute path in the
+ <literal>af</literal> capability in
+ <filename>/etc/printcap</filename>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-c</option></term>
+
+ <listitem>
+ <para>Sort the output by cost instead of alphabetically by user
+ name.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-m</option></term>
+
+ <listitem>
+ <para>Ignore host name in the accounting files. With this
+ option, user <username>smith</username> on host
+ <hostid>alpha</hostid> is the same user
+ <username>smith</username> on host <hostid>gamma</hostid>.
+ Without, they are different users.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-p<replaceable>price</replaceable></option></term>
+
+ <listitem>
+ <para>Compute charges with <replaceable>price</replaceable>
+ dollars per page or per foot instead of the price from the
+ <literal>pc</literal> capability in
+ <filename>/etc/printcap</filename>, or two cents (the
+ default). You can specify <replaceable>price</replaceable> as
+ a floating point number.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-r</option></term>
+
+ <listitem>
+ <para>Reverse the sort order.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-s</option></term>
+
+ <listitem>
+ <para>Make an accounting summary file and truncate the
+ accounting file.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><replaceable>name</replaceable>
+ <replaceable>&hellip;</replaceable></term>
+
+ <listitem>
+ <para>Print accounting information for the given user
+ <replaceable>names</replaceable> only.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>In the default summary that &man.pac.8; produces, you see the
+ number of pages printed by each user from various hosts. If, at
+ your site, host does not matter (because users can use any host),
+ run <command>pac -m</command>, to produce the following
+ summary:</para>
+
+ <screen> Login pages/feet runs price
+andy 2.00 1 $ 0.04
+kelly 182.00 105 $ 3.64
+mary 118.00 35 $ 2.36
+root 26.00 12 $ 0.52
+zhang 9.00 1 $ 0.18
+
+total 337.00 154 $ 6.74</screen>
+
+
+ <para>To compute the dollar amount due,
+ &man.pac.8; uses the <literal>pc</literal> capability in the
+ <filename>/etc/printcap</filename> file (default of 200, or 2 cents
+ per page). Specify, in hundredths of cents, the price per page or
+ per foot you want to charge for printouts in this capability. You
+ can override this value when you run &man.pac.8; with the
+ <option>-p</option> option. The units for the <option>-p</option>
+ option are in dollars, though, not hundredths of cents. For
+ example,
+
+ <screen>&prompt.root; <userinput>pac -p1.50</userinput></screen>
+
+ makes each page cost one dollar and fifty cents. You can really
+ rake in the profits by using this option.</para>
+
+ <para>Finally, running <command>pac -s</command> will save the summary
+ information in a summary accounting file, which is named the same as
+ the printer's accounting file, but with <literal>_sum</literal>
+ appended to the name. It then truncates the accounting file. When
+ you run &man.pac.8; again, it rereads the
+ summary file to get starting totals, then adds information from the
+ regular accounting file.</para>
+ </sect3>
+
+ <sect3>
+ <title>How Can You Count Pages Printed?</title>
+
+ <para>In order to perform even remotely accurate accounting, you need
+ to be able to determine how much paper a job uses. This is the
+ essential problem of printer accounting.</para>
+
+ <para>For plain text jobs, the problem is not that hard to solve: you
+ count how many lines are in a job and compare it to how many lines
+ per page your printer supports. Do not forget to take into account
+ backspaces in the file which overprint lines, or long logical lines
+ that wrap onto one or more additional physical lines.</para>
+
+ <para>The text filter <command>lpf</command> (introduced in <link
+ linkend="printing-advanced-lpf">lpf: a Text Filter</link>) takes
+ into account these things when it does accounting. If you are
+ writing a text filter which needs to do accounting, you might want
+ to examine <command>lpf</command>'s source code.</para>
+
+ <para>How do you handle other file formats, though?</para>
+
+ <para>Well, for DVI-to-LaserJet or DVI-to-&postscript; conversion, you
+ can have your filter parse the diagnostic output of
+ <command>dvilj</command> or <command>dvips</command> and look to see
+ how many pages were converted. You might be able to do similar
+ things with other file formats and conversion programs.</para>
+
+ <para>But these methods suffer from the fact that the printer may not
+ actually print all those pages. For example, it could jam, run out
+ of toner, or explode&mdash;and the user would still get
+ charged.</para>
+
+ <para>So, what can you do?</para>
+
+ <para>There is only one <emphasis>sure</emphasis> way to do
+ <emphasis>accurate</emphasis> accounting. Get a printer that can
+ tell you how much paper it uses, and attach it via a serial line or
+ a network connection. Nearly all &postscript; printers support this
+ notion. Other makes and models do as well (networked Imagen laser
+ printers, for example). Modify the filters for these printers to
+ get the page usage after they print each job and have them log
+ accounting information based on that value
+ <emphasis>only</emphasis>. There is no line counting nor
+ error-prone file examination required.</para>
+
+ <para>Of course, you can always be generous and make all printouts
+ free.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="printing-using">
+ <title>Using Printers</title>
+
+ <indexterm>
+ <primary>printers</primary>
+ <secondary>usage</secondary>
+ </indexterm>
+ <para>This section tells you how to use printers you have set up with
+ FreeBSD. Here is an overview of the user-level commands:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>&man.lpr.1;</term>
+
+ <listitem>
+ <para>Print jobs</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&man.lpq.1;</term>
+
+ <listitem>
+ <para>Check printer queues</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>&man.lprm.1;</term>
+
+ <listitem>
+ <para>Remove jobs from a printer's queue</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>There is also an administrative command, &man.lpc.8;,
+ described in the section <link
+ linkend="printing-lpc">Administering Printers</link>, used to
+ control printers and their queues.</para>
+
+ <para>All three of the commands &man.lpr.1;, &man.lprm.1;, and &man.lpq.1;
+ accept an option <option>-P
+ <replaceable>printer-name</replaceable></option> to specify on which
+ printer/queue to operate, as listed in the
+ <filename>/etc/printcap</filename> file. This enables you to submit,
+ remove, and check on jobs for various printers. If you do not use the
+ <option>-P</option> option, then these commands use the printer
+ specified in the <envar>PRINTER</envar> environment variable. Finally,
+ if you do not have a <envar>PRINTER</envar> environment variable, these
+ commands default to the printer named <literal>lp</literal>.</para>
+
+ <para>Hereafter, the terminology <emphasis>default printer</emphasis>
+ means the printer named in the <envar>PRINTER</envar> environment
+ variable, or the printer named <literal>lp</literal> when there is no
+ <envar>PRINTER</envar> environment variable.</para>
+
+ <sect2 id="printing-lpr">
+ <title>Printing Jobs</title>
+
+ <para>To print files, type:</para>
+
+ <screen>&prompt.user; <userinput>lpr <replaceable>filename</replaceable> <replaceable>...</replaceable></userinput></screen>
+
+ <indexterm><primary>printing</primary></indexterm>
+ <para>This prints each of the listed files to the default printer. If
+ you list no files, &man.lpr.1; reads data to
+ print from standard input. For example, this command prints some
+ important system files:</para>
+
+ <screen>&prompt.user; <userinput>lpr /etc/host.conf /etc/hosts.equiv</userinput></screen>
+
+ <para>To select a specific printer, type:</para>
+
+ <screen>&prompt.user; <userinput>lpr -P <replaceable>printer-name</replaceable> <replaceable>filename</replaceable> <replaceable>...</replaceable></userinput></screen>
+
+ <para>This example prints a long listing of the current directory to the
+ printer named <literal>rattan</literal>:</para>
+
+ <screen>&prompt.user; <userinput>ls -l | lpr -P rattan</userinput></screen>
+
+ <para>Because no files were listed for the
+ &man.lpr.1; command, <command>lpr</command> read the data to print
+ from standard input, which was the output of the <command>ls
+ -l</command> command.</para>
+
+ <para>The &man.lpr.1; command can also accept a wide variety of options
+ to control formatting, apply file conversions, generate multiple
+ copies, and so forth. For more information, see the section <link
+ linkend="printing-lpr-options">Printing Options</link>.</para>
+ </sect2>
+
+ <sect2 id="printing-lpq">
+ <title>Checking Jobs</title>
+
+ <indexterm><primary>print jobs</primary></indexterm>
+ <para>When you print with &man.lpr.1;, the data you wish to print is put
+ together in a package called a <quote>print job</quote>, which is sent
+ to the <application>LPD</application> spooling system. Each printer
+ has a queue of jobs, and
+ your job waits in that queue along with other jobs from yourself and
+ from other users. The printer prints those jobs in a first-come,
+ first-served order.</para>
+
+ <para>To display the queue for the default printer, type &man.lpq.1;.
+ For a specific printer, use the <option>-P</option> option. For
+ example, the command
+
+ <screen>&prompt.user; <userinput>lpq -P bamboo</userinput></screen>
+
+ shows the queue for the printer named <literal>bamboo</literal>. Here
+ is an example of the output of the <command>lpq</command>
+ command:</para>
+
+ <screen>bamboo is ready and printing
+Rank Owner Job Files Total Size
+active kelly 9 /etc/host.conf, /etc/hosts.equiv 88 bytes
+2nd kelly 10 (standard input) 1635 bytes
+3rd mary 11 ... 78519 bytes</screen>
+
+ <para>This shows three jobs in the queue for <literal>bamboo</literal>.
+ The first job, submitted by user kelly, got assigned <quote>job
+ number</quote> 9. Every job for a printer gets a unique job number.
+ Most of the time you can ignore the job number, but you will need it
+ if you want to cancel the job; see section <link
+ linkend="printing-lprm">Removing Jobs</link> for details.</para>
+
+ <para>Job number nine consists of two files; multiple files given on the
+ &man.lpr.1; command line are treated as part of a single job. It
+ is the currently active job (note the word <literal>active</literal>
+ under the <quote>Rank</quote> column), which means the printer should
+ be currently printing that job. The second job consists of data
+ passed as the standard input to the &man.lpr.1; command. The third
+ job came from user <username>mary</username>; it is a much larger
+ job. The pathname of the file she is trying to print is too long to
+ fit, so the &man.lpq.1; command just shows three dots.</para>
+
+ <para>The very first line of the output from &man.lpq.1; is also useful:
+ it tells what the printer is currently doing (or at least what
+ <application>LPD</application> thinks the printer is doing).</para>
+
+ <para>The &man.lpq.1; command also support a <option>-l</option> option
+ to generate a detailed long listing. Here is an example of
+ <command>lpq -l</command>:</para>
+
+ <screen>waiting for bamboo to become ready (offline ?)
+kelly: 1st [job 009rose]
+ /etc/host.conf 73 bytes
+ /etc/hosts.equiv 15 bytes
+
+kelly: 2nd [job 010rose]
+ (standard input) 1635 bytes
+
+mary: 3rd [job 011rose]
+ /home/orchid/mary/research/venus/alpha-regio/mapping 78519 bytes</screen>
+ </sect2>
+
+ <sect2 id="printing-lprm">
+ <title>Removing Jobs</title>
+
+ <para>If you change your mind about printing a job, you can remove the
+ job from the queue with the &man.lprm.1; command. Often, you can
+ even use &man.lprm.1; to remove an active job, but some or all of the
+ job might still get printed.</para>
+
+ <para>To remove a job from the default printer, first use
+ &man.lpq.1; to find the job number. Then type:</para>
+
+ <screen>&prompt.user; <userinput>lprm <replaceable>job-number</replaceable></userinput></screen>
+
+ <para>To remove the job from a specific printer, add the
+ <option>-P</option> option. The following command removes job number
+ 10 from the queue for the printer <literal>bamboo</literal>:</para>
+
+ <screen>&prompt.user; <userinput>lprm -P bamboo 10</userinput></screen>
+
+ <para>The &man.lprm.1; command has a few shortcuts:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>lprm -</term>
+
+ <listitem>
+ <para>Removes all jobs (for the default printer) belonging to
+ you.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>lprm <replaceable>user</replaceable></term>
+
+ <listitem>
+ <para>Removes all jobs (for the default printer) belonging to
+ <replaceable>user</replaceable>. The superuser can remove other
+ users' jobs; you can remove only your own jobs.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>lprm</term>
+
+ <listitem>
+ <para>With no job number, user name, or <option>-</option>
+ appearing on the command line,
+ &man.lprm.1; removes the currently active job on the
+ default printer, if it belongs to you. The superuser can remove
+ any active job.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Just use the <option>-P</option> option with the above shortcuts
+ to operate on a specific printer instead of the default. For example,
+ the following command removes all jobs for the current user in the
+ queue for the printer named <literal>rattan</literal>:</para>
+
+ <screen>&prompt.user; <userinput>lprm -P rattan -</userinput></screen>
+
+ <note>
+ <para>If you are working in a networked environment, &man.lprm.1; will
+ let you remove jobs only from the
+ host from which the jobs were submitted, even if the same printer is
+ available from other hosts. The following command sequence
+ demonstrates this:</para>
+
+ <screen>&prompt.user; <userinput>lpr -P rattan myfile</userinput>
+&prompt.user; <userinput>rlogin orchid</userinput>
+&prompt.user; <userinput>lpq -P rattan</userinput>
+Rank Owner Job Files Total Size
+active seeyan 12 ... 49123 bytes
+2nd kelly 13 myfile 12 bytes
+&prompt.user; <userinput>lprm -P rattan 13</userinput>
+rose: Permission denied
+&prompt.user; <userinput>logout</userinput>
+&prompt.user; <userinput>lprm -P rattan 13</userinput>
+dfA013rose dequeued
+cfA013rose dequeued
+ </screen>
+ </note>
+ </sect2>
+
+ <sect2 id="printing-lpr-options">
+ <title>Beyond Plain Text: Printing Options</title>
+
+ <para>The &man.lpr.1; command supports a number of options that control
+ formatting text, converting graphic and other file formats, producing
+ multiple copies, handling of the job, and more. This section
+ describes the options.</para>
+
+ <sect3 id="printing-lpr-options-format">
+ <title>Formatting and Conversion Options</title>
+
+ <para>The following &man.lpr.1; options control formatting of the
+ files in the job. Use these options if the job does not contain
+ plain text or if you want plain text formatted through the
+ &man.pr.1; utility.</para>
+
+ <indexterm><primary>&tex;</primary></indexterm>
+ <para>For example, the following command prints a DVI file (from the
+ &tex; typesetting system) named <filename>fish-report.dvi</filename>
+ to the printer named <literal>bamboo</literal>:</para>
+
+ <screen>&prompt.user; <userinput>lpr -P bamboo -d fish-report.dvi</userinput></screen>
+
+ <para>These options apply to every file in the job, so you cannot mix
+ (say) DVI and ditroff files together in a job. Instead, submit the
+ files as separate jobs, using a different conversion option for each
+ job.</para>
+
+ <note>
+ <para>All of these options except <option>-p</option> and
+ <option>-T</option> require conversion filters installed for the
+ destination printer. For example, the <option>-d</option> option
+ requires the DVI conversion filter. Section <link
+ linkend="printing-advanced-convfilters">Conversion
+ Filters</link> gives details.</para>
+ </note>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-c</option></term>
+
+ <listitem>
+ <para>Print cifplot files.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-d</option></term>
+
+ <listitem>
+ <para>Print DVI files.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-f</option></term>
+
+ <listitem>
+ <para>Print FORTRAN text files.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-g</option></term>
+
+ <listitem>
+ <para>Print plot data.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-i <replaceable>number</replaceable></option></term>
+
+ <listitem>
+ <para>Indent the output by <replaceable>number</replaceable>
+ columns; if you omit <replaceable>number</replaceable>, indent
+ by 8 columns. This option works only with certain conversion
+ filters.</para>
+
+ <note>
+ <para>Do not put any space between the <option>-i</option> and
+ the number.</para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-l</option></term>
+
+ <listitem>
+ <para>Print literal text data, including control
+ characters.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-n</option></term>
+
+ <listitem>
+ <para>Print ditroff (device independent troff) data.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-p</term>
+
+ <listitem>
+ <para>Format plain text with &man.pr.1; before printing. See
+ &man.pr.1; for more information.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-T <replaceable>title</replaceable></option></term>
+
+ <listitem>
+ <para>Use <replaceable>title</replaceable> on the
+ &man.pr.1; header instead of the file name. This option has
+ effect only when used with the <option>-p</option>
+ option.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-t</option></term>
+
+ <listitem>
+ <para>Print troff data.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-v</option></term>
+
+ <listitem>
+ <para>Print raster data.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Here is an example: this command prints a nicely formatted
+ version of the &man.ls.1; manual page on the default printer:</para>
+
+ <screen>&prompt.user; <userinput>zcat /usr/share/man/man1/ls.1.gz | troff -t -man | lpr -t</userinput></screen>
+
+ <para>The &man.zcat.1; command uncompresses the source of the
+ &man.ls.1; manual page and passes it to the &man.troff.1;
+ command, which formats that source and makes GNU troff
+ output and passes it to &man.lpr.1;, which submits the job
+ to the <application>LPD</application> spooler. Because we
+ used the <option>-t</option>
+ option to &man.lpr.1;, the spooler will convert the GNU
+ troff output into a format the default printer can
+ understand when it prints the job.</para>
+ </sect3>
+
+ <sect3 id="printing-lpr-options-job-handling">
+ <title>Job Handling Options</title>
+
+ <para>The following options to &man.lpr.1; tell
+ <application>LPD</application> to handle the job
+ specially:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>-# <replaceable>copies</replaceable></term>
+
+ <listitem>
+ <para>Produce a number of <replaceable>copies</replaceable> of
+ each file in the job instead of just one copy. An
+ administrator may disable this option to reduce printer
+ wear-and-tear and encourage photocopier usage. See section
+ <link
+ linkend="printing-advanced-restricting-copies">Restricting
+ Multiple Copies</link>.</para>
+
+ <para>This example prints three copies of
+ <filename>parser.c</filename> followed by three copies of
+ <filename>parser.h</filename> to the default printer:</para>
+
+ <screen>&prompt.user; <userinput>lpr -#3 parser.c parser.h</userinput></screen>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m</term>
+
+ <listitem>
+ <para>Send mail after completing the print job. With this
+ option, the <application>LPD</application> system will send
+ mail to your account when it
+ finishes handling your job. In its message, it will tell you
+ if the job completed successfully or if there was an error,
+ and (often) what the error was.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-s</term>
+
+ <listitem>
+ <para>Do not copy the files to the spooling directory, but make
+ symbolic links to them instead.</para>
+
+ <para>If you are printing a large job, you probably want to use
+ this option. It saves space in the spooling directory (your
+ job might overflow the free space on the filesystem where the
+ spooling directory resides). It saves time as well since
+ <application>LPD</application>
+ will not have to copy each and every byte of your job to the
+ spooling directory.</para>
+
+ <para>There is a drawback, though: since
+ <application>LPD</application> will refer to the
+ original files directly, you cannot modify or remove them
+ until they have been printed.</para>
+
+ <note>
+ <para>If you are printing to a remote printer,
+ <application>LPD</application> will
+ eventually have to copy files from the local host to the
+ remote host, so the <option>-s</option> option will save
+ space only on the local spooling directory, not the remote.
+ It is still useful, though.</para>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r</term>
+
+ <listitem>
+ <para>Remove the files in the job after copying them to the
+ spooling directory, or after printing them with the
+ <option>-s</option> option. Be careful with this
+ option!</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect3>
+
+ <sect3 id="printing-lpr-options-misc">
+ <title>Header Page Options</title>
+
+ <para>These options to &man.lpr.1; adjust the text that normally
+ appears on a job's header page. If header pages are suppressed for
+ the destination printer, these options have no effect. See section
+ <link linkend="printing-advanced-header-pages">Header Pages</link>
+ for information about setting up header pages.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>-C <replaceable>text</replaceable></term>
+
+ <listitem>
+ <para>Replace the hostname on the header page with
+ <replaceable>text</replaceable>. The hostname is normally the
+ name of the host from which the job was submitted.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-J <replaceable>text</replaceable></term>
+
+ <listitem>
+ <para>Replace the job name on the header page with
+ <replaceable>text</replaceable>. The job name is normally the
+ name of the first file of the job, or
+ <filename>stdin</filename> if you are printing standard
+ input.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-h</term>
+
+ <listitem>
+ <para>Do not print any header page.</para>
+
+ <note>
+ <para>At some sites, this option may have no effect due to the
+ way header pages are generated. See <link
+ linkend="printing-advanced-header-pages">Header
+ Pages</link> for details.</para>
+ </note>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect3>
+ </sect2>
+
+ <sect2 id="printing-lpc">
+ <title>Administering Printers</title>
+
+ <para>As an administrator for your printers, you have had to install,
+ set up, and test them. Using the &man.lpc.8; command, you
+ can interact with your printers in yet more ways. With &man.lpc.8;,
+ you can</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Start and stop the printers</para>
+ </listitem>
+
+ <listitem>
+ <para>Enable and disable their queues</para>
+ </listitem>
+
+ <listitem>
+ <para>Rearrange the order of the jobs in each queue.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>First, a note about terminology: if a printer is
+ <emphasis>stopped</emphasis>, it will not print anything in its queue.
+ Users can still submit jobs, which will wait in the queue until the
+ printer is <emphasis>started</emphasis> or the queue is
+ cleared.</para>
+
+ <para>If a queue is <emphasis>disabled</emphasis>, no user (except
+ <username>root</username>) can submit jobs for the printer. An
+ <emphasis>enabled</emphasis> queue allows jobs to be submitted. A
+ printer can be <emphasis>started</emphasis> for a disabled queue, in
+ which case it will continue to print jobs in the queue until the queue
+ is empty.</para>
+
+ <para>In general, you have to have <username>root</username> privileges
+ to use the &man.lpc.8; command. Ordinary users can use the &man.lpc.8;
+ command to get printer status and to restart a hung printer only.</para>
+
+ <para>Here is a summary of the &man.lpc.8; commands. Most of the
+ commands take a <replaceable>printer-name</replaceable> argument to
+ tell on which printer to operate. You can use <literal>all</literal>
+ for the <replaceable>printer-name</replaceable> to mean all printers
+ listed in <filename>/etc/printcap</filename>.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><command>abort
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Cancel the current job and stop the printer. Users can
+ still submit jobs if the queue is enabled.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>clean
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Remove old files from the printer's spooling directory.
+ Occasionally, the files that make up a job are not properly
+ removed by <application>LPD</application>, particularly if
+ there have been errors during
+ printing or a lot of administrative activity. This command
+ finds files that do not belong in the spooling directory and
+ removes them.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>disable
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Disable queuing of new jobs. If the printer is running, it
+ will continue to print any jobs remaining in the queue. The
+ superuser (<username>root</username>) can always submit jobs,
+ even to a disabled queue.</para>
+
+ <para>This command is useful while you are testing a new printer
+ or filter installation: disable the queue and submit jobs as
+ <username>root</username>. Other users will not be able to submit
+ jobs until you complete your testing and re-enable the queue with
+ the <command>enable</command> command.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>down <replaceable>printer-name</replaceable>
+ <replaceable>message</replaceable></command></term>
+
+ <listitem>
+ <para>Take a printer down. Equivalent to
+ <command>disable</command> followed by <command>stop</command>.
+ The <replaceable>message</replaceable> appears as the printer's
+ status whenever a user checks the printer's queue with
+ &man.lpq.1; or status with <command>lpc
+ status</command>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>enable
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Enable the queue for a printer. Users can submit jobs but
+ the printer will not print anything until it is started.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>help
+ <replaceable>command-name</replaceable></command></term>
+
+ <listitem>
+ <para>Print help on the command
+ <replaceable>command-name</replaceable>. With no
+ <replaceable>command-name</replaceable>, print a summary of the
+ commands available.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>restart
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Start the printer. Ordinary users can use this command if
+ some extraordinary circumstance hangs
+ <application>LPD</application>, but they cannot start
+ a printer stopped with either the <command>stop</command> or
+ <command>down</command> commands. The
+ <command>restart</command> command is equivalent to
+ <command>abort</command> followed by
+ <command>start</command>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>start
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Start the printer. The printer will print jobs in its
+ queue.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>stop
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Stop the printer. The printer will finish the current job
+ and will not print anything else in its queue. Even though the
+ printer is stopped, users can still submit jobs to an enabled
+ queue.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>topq <replaceable>printer-name</replaceable>
+ <replaceable>job-or-username</replaceable></command></term>
+
+ <listitem>
+ <para>Rearrange the queue for
+ <replaceable>printer-name</replaceable> by placing the jobs with
+ the listed <replaceable>job</replaceable> numbers or the jobs
+ belonging to <replaceable>username</replaceable> at the top of
+ the queue. For this command, you cannot use
+ <literal>all</literal> as the
+ <replaceable>printer-name</replaceable>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>up
+ <replaceable>printer-name</replaceable></command></term>
+
+ <listitem>
+ <para>Bring a printer up; the opposite of the
+ <command>down</command> command. Equivalent to
+ <command>start</command> followed by
+ <command>enable</command>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>&man.lpc.8; accepts the above commands on the command line. If
+ you do not enter any commands, &man.lpc.8; enters an interactive mode,
+ where you can enter commands until you type <command>exit</command>,
+ <command>quit</command>, or end-of-file.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="printing-lpd-alternatives">
+ <title>Alternatives to the Standard Spooler</title>
+
+ <para>If you have been reading straight through this manual, by now you
+ have learned just about everything there is to know about the
+ <application>LPD</application>
+ spooling system that comes with FreeBSD. You can probably appreciate
+ many of its shortcomings, which naturally leads to the question:
+ <quote>What other spooling systems are out there (and work with
+ FreeBSD)?</quote></para>
+
+ <variablelist>
+ <varlistentry>
+ <term>LPRng</term>
+
+ <indexterm><primary>LPRng</primary></indexterm>
+ <listitem>
+ <para><application>LPRng</application>, which purportedly means
+ <quote>LPR: the Next
+ Generation</quote> is a complete rewrite of PLP. Patrick Powell
+ and Justin Mason (the principal maintainer of PLP) collaborated to
+ make <application>LPRng</application>. The main site for
+ <application>LPRng</application> is <ulink
+ url="http://www.lprng.org/"></ulink>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>CUPS</term>
+
+ <indexterm><primary>CUPS</primary></indexterm>
+ <listitem>
+ <para><application>CUPS</application>, the Common UNIX Printing
+ System, provides a portable printing layer for &unix;-based
+ operating systems. It has been developed by Easy Software
+ Products to promote a standard printing solution for all &unix;
+ vendors and users.</para>
+
+ <para><application>CUPS</application> uses the Internet Printing
+ Protocol (<acronym>IPP</acronym>) as the basis for managing
+ print jobs and queues. The Line Printer Daemon
+ (<acronym>LPD</acronym>), Server Message Block
+ (<acronym>SMB</acronym>), and AppSocket (a.k.a. JetDirect)
+ protocols are also supported with reduced functionality. CUPS
+ adds network printer browsing and PostScript Printer Description
+ (<acronym>PPD</acronym>) based printing options to support
+ real-world printing under &unix;.</para>
+
+ <para>The main site for <application>CUPS</application> is <ulink
+ url="http://www.cups.org/"></ulink>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect1>
+
+ <sect1 id="printing-troubleshooting">
+ <title>Troubleshooting</title>
+
+ <para>After performing the simple test with &man.lptest.1;, you might
+ have gotten one of the following results instead of the correct
+ printout:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>It worked, after awhile; or, it did not eject a full
+ sheet.</term>
+
+ <listitem>
+ <para>The printer printed the above, but it sat for awhile and
+ did nothing. In fact, you might have needed to press a
+ PRINT REMAINING or FORM FEED button on the printer to get any
+ results to appear.</para>
+
+ <para>If this is the case, the printer was probably waiting to
+ see if there was any more data for your job before it printed
+ anything. To fix this problem, you can have the text filter
+ send a FORM FEED character (or whatever is necessary) to the
+ printer. This is usually sufficient to have the printer
+ immediately print any text remaining in its internal buffer.
+ It is also useful to make sure each print job ends on a full
+ sheet, so the next job does not start somewhere on the middle
+ of the last page of the previous job.</para>
+
+ <para>The following replacement for the shell script
+ <filename>/usr/local/libexec/if-simple</filename> prints a
+ form feed after it sends the job to the printer:</para>
+
+ <programlisting>#!/bin/sh
+#
+# if-simple - Simple text input filter for lpd
+# Installed in /usr/local/libexec/if-simple
+#
+# Simply copies stdin to stdout. Ignores all filter arguments.
+# Writes a form feed character (\f) after printing job.
+
+/bin/cat &amp;&amp; printf "\f" &amp;&amp; exit 0
+exit 2</programlisting>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>It produced the <quote>staircase effect.</quote></term>
+
+ <listitem>
+ <para>You got the following on paper:</para>
+
+ <programlisting>!"#$%&amp;'()*+,-./01234
+ "#$%&amp;'()*+,-./012345
+ #$%&amp;'()*+,-./0123456</programlisting>
+
+ <indexterm><primary>MS-DOS</primary></indexterm>
+ <indexterm><primary>OS/2</primary></indexterm>
+ <indexterm><primary>ASCII</primary></indexterm>
+ <para>You have become another victim of the <emphasis>staircase
+ effect</emphasis>, caused by conflicting interpretations of
+ what characters should indicate a new line. &unix; style
+ operating systems use a single character: ASCII code 10, the
+ line feed (LF). &ms-dos;, &os2;, and others uses a pair of
+ characters, ASCII code 10 <emphasis>and</emphasis> ASCII code
+ 13 (the carriage return or CR). Many printers use the &ms-dos;
+ convention for representing new-lines.</para>
+
+ <para>When you print with FreeBSD, your text used just the line
+ feed character. The printer, upon seeing a line feed
+ character, advanced the paper one line, but maintained the
+ same horizontal position on the page for the next character
+ to print. That is what the carriage return is for: to move
+ the location of the next character to print to the left edge
+ of the paper.</para>
+
+ <para>Here is what FreeBSD wants your printer to do:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <tbody>
+ <row>
+ <entry>Printer received CR</entry>
+ <entry>Printer prints CR</entry>
+ </row>
+
+ <row>
+ <entry>Printer received LF</entry>
+ <entry>Printer prints CR + LF</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Here are some ways to achieve this:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Use the printer's configuration switches or control
+ panel to alter its interpretation of these characters.
+ Check your printer's manual to find out how to do
+ this.</para>
+
+ <note>
+ <para>If you boot your system into other operating systems
+ besides FreeBSD, you may have to
+ <emphasis>reconfigure</emphasis> the printer to use a an
+ interpretation for CR and LF characters that those other
+ operating systems use. You might prefer one of the other
+ solutions, below.</para>
+ </note>
+ </listitem>
+
+ <listitem>
+ <para>Have FreeBSD's serial line driver automatically
+ convert LF to CR+LF. Of course, this works with printers
+ on serial ports <emphasis>only</emphasis>. To enable this
+ feature, use the <literal>ms#</literal> capability and
+ set the <literal>onlcr</literal> mode
+ in the <filename>/etc/printcap</filename> file
+ for the printer.</para>
+ </listitem>
+
+ <listitem>
+ <para>Send an <emphasis>escape code</emphasis> to the
+ printer to have it temporarily treat LF characters
+ differently. Consult your printer's manual for escape
+ codes that your printer might support. When you find the
+ proper escape code, modify the text filter to send the
+ code first, then send the print job.</para>
+
+ <indexterm><primary>PCL</primary></indexterm>
+ <para>Here is an example text filter for printers that
+ understand the Hewlett-Packard PCL escape codes. This
+ filter makes the printer treat LF characters as a LF and
+ CR; then it sends the job; then it sends a form feed to
+ eject the last page of the job. It should work with
+ nearly all Hewlett Packard printers.</para>
+
+ <programlisting>#!/bin/sh
+#
+# hpif - Simple text input filter for lpd for HP-PCL based printers
+# Installed in /usr/local/libexec/hpif
+#
+# Simply copies stdin to stdout. Ignores all filter arguments.
+# Tells printer to treat LF as CR+LF. Ejects the page when done.
+
+printf "\033&amp;k2G" &amp;&amp; cat &amp;&amp; printf "\033&amp;l0H" &amp;&amp; exit 0
+exit 2</programlisting>
+
+ <para>Here is an example <filename>/etc/printcap</filename>
+ from a host called <hostid>orchid</hostid>. It has a single printer
+ attached to its first parallel port, a Hewlett Packard
+ LaserJet 3Si named <literal>teak</literal>. It is using the
+ above script as its text filter:</para>
+
+ <programlisting>#
+# /etc/printcap for host orchid
+#
+teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
+ :lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\
+ :if=/usr/local/libexec/hpif:</programlisting>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>It overprinted each line.</term>
+
+ <listitem>
+ <para>The printer never advanced a line. All of the lines of
+ text were printed on top of each other on one line.</para>
+
+ <para>This problem is the <quote>opposite</quote> of the
+ staircase effect, described above, and is much rarer.
+ Somewhere, the LF characters that FreeBSD uses to end a line
+ are being treated as CR characters to return the print
+ location to the left edge of the paper, but not also down a
+ line.</para>
+
+ <para>Use the printer's configuration switches or control panel
+ to enforce the following interpretation of LF and CR
+ characters:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Printer receives</entry>
+ <entry>Printer prints</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>CR</entry>
+ <entry>CR</entry>
+ </row>
+
+ <row>
+ <entry>LF</entry>
+ <entry>CR + LF</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>The printer lost characters.</term>
+
+ <listitem>
+ <para>While printing, the printer did not print a few characters
+ in each line. The problem might have gotten worse as the
+ printer ran, losing more and more characters.</para>
+
+ <para>The problem is that the printer cannot keep up with the
+ speed at which the computer sends data over a serial line
+ (this problem should not occur with printers on parallel
+ ports). There are two ways to overcome the problem:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>If the printer supports XON/XOFF flow control, have
+ FreeBSD use it by specifying the <literal>ixon</literal> mode
+ in the <literal>ms#</literal> capability.</para>
+ </listitem>
+
+ <listitem>
+ <para>If the printer supports carrier flow control, specify
+ the <literal>crtscts</literal> mode in the
+ <literal>ms#</literal> capability.
+ Make sure the cable connecting the printer to the computer
+ is correctly wired for carrier flow control.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>It printed garbage.</term>
+
+ <listitem>
+ <para>The printer printed what appeared to be random garbage,
+ but not the desired text.</para>
+
+ <para>This is usually another symptom of incorrect
+ communications parameters with a serial printer. Double-check
+ the bps rate in the <literal>br</literal> capability, and the
+ parity setting in the
+ <literal>ms#</literal> capability; make sure the printer is
+ using the same settings as specified in the
+ <filename>/etc/printcap</filename> file.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Nothing happened.</term>
+
+ <listitem>
+ <para>If nothing happened, the problem is probably within
+ FreeBSD and not the hardware. Add the log file
+ (<literal>lf</literal>) capability to the entry for the
+ printer you are debugging in the
+ <filename>/etc/printcap</filename> file. For example, here is
+ the entry for <literal>rattan</literal>, with the
+ <literal>lf</literal> capability:</para>
+
+ <programlisting>rattan|line|diablo|lp|Diablo 630 Line Printer:\
+ :sh:sd=/var/spool/lpd/rattan:\
+ :lp=/dev/lpt0:\
+ :if=/usr/local/libexec/if-simple:\
+ :lf=/var/log/rattan.log</programlisting>
+
+ <para>Then, try printing again. Check the log file (in our
+ example, <filename>/var/log/rattan.log</filename>) to see any
+ error messages that might appear. Based on the messages you
+ see, try to correct the problem.</para>
+
+ <para>If you do not specify a <literal>lf</literal> capability,
+ <application>LPD</application> uses
+ <filename>/dev/console</filename> as a default.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+
+
diff --git a/zh_TW.Big5/books/handbook/security/Makefile b/zh_TW.Big5/books/handbook/security/Makefile
new file mode 100644
index 0000000000..bbf01aa7ab
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/security/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= security/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/security/chapter.sgml b/zh_TW.Big5/books/handbook/security/chapter.sgml
new file mode 100644
index 0000000000..58d2b80de9
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/security/chapter.sgml
@@ -0,0 +1,5123 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="security">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Matthew</firstname>
+ <surname>Dillon</surname>
+ <contrib>Much of this chapter has been taken from the
+ security(7) manual page by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>Security</title>
+ <indexterm><primary>security</primary></indexterm>
+
+ <sect1 id="security-synopsis">
+ <title>Synopsis</title>
+
+ <para>This chapter will provide a basic introduction to system security
+ concepts, some general good rules of thumb, and some advanced topics
+ under &os;. A lot of the topics covered here can be applied
+ to system and Internet security in general as well. The Internet
+ is no longer a <quote>friendly</quote> place in which everyone
+ wants to be your kind neighbor. Securing your system is imperative
+ to protect your data, intellectual property, time, and much more
+ from the hands of hackers and the like.</para>
+
+ <para>&os; provides an array of utilities and mechanisms to ensure
+ the integrity and security of your system and network.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Basic system security concepts, in respect to &os;.</para>
+ </listitem>
+
+ <listitem>
+ <para>About the various crypt mechanisms available in &os;,
+ such as <acronym>DES</acronym> and <acronym>MD5</acronym>.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up one-time password authentication.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure <acronym>TCP</acronym> Wrappers for use
+ with <command>inetd</command>.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up <application>KerberosIV</application> on &os;
+ releases prior to 5.0.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up <application>Kerberos5</application> on
+ post &os; 5.0 releases.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure IPsec and create a <acronym>VPN</acronym> between
+ &os;/&windows; machines.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to configure and use <application>OpenSSH</application>, &os;'s <acronym>SSH</acronym>
+ implementation.</para>
+ </listitem>
+
+ <listitem>
+ <para>What file system <acronym>ACL</acronym>s are and how to use them.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use the <application>Portaudit</application>
+ utility to audit third party software packages installed
+ from the Ports Collection.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to utilize the &os; security advisories
+ publications.</para>
+ </listitem>
+
+ <listitem>
+ <para>Have an idea of what Process Accounting is and how to
+ enable it on &os;.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand basic &os; and Internet concepts.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Additional security topics are covered throughout this book.
+ For example, Mandatory Access Control is discussed in <xref
+ linkend="mac"> and Internet Firewalls are discussed in <xref
+ linkend="firewalls">.</para>
+ </sect1>
+
+ <sect1 id="security-intro">
+ <title>Introduction</title>
+
+ <para>Security is a function that begins and ends with the system
+ administrator. While all BSD &unix; multi-user systems have some
+ inherent security, the job of building and maintaining additional
+ security mechanisms to keep those users <quote>honest</quote> is
+ probably one of the single largest undertakings of the sysadmin.
+ Machines are only as secure as you make them, and security concerns
+ are ever competing with the human necessity for convenience. &unix;
+ systems, in general, are capable of running a huge number of
+ simultaneous processes and many of these processes operate as
+ servers &mdash; meaning that external entities can connect and talk
+ to them. As yesterday's mini-computers and mainframes become
+ today's desktops, and as computers become networked and
+ internetwork, security becomes an even bigger issue.</para>
+
+ <para>Security is best implemented through a layered
+ <quote>onion</quote> approach. In a nutshell, what you want to do is
+ to create as many layers of security as are convenient and then
+ carefully monitor the system for intrusions. You do not want to
+ overbuild your security or you will interfere with the detection
+ side, and detection is one of the single most important aspects of
+ any security mechanism. For example, it makes little sense to set
+ the <literal>schg</literal> flag (see &man.chflags.1;) on every
+ system binary because
+ while this may temporarily protect the binaries, it prevents an
+ attacker who has broken in from making an easily detectable change
+ that may result in your security mechanisms not detecting the attacker
+ at all.</para>
+
+ <para>System security also pertains to dealing with various forms of
+ attack, including attacks that attempt to crash, or otherwise make a
+ system unusable, but do not attempt to compromise the
+ <username>root</username> account (<quote>break root</quote>).
+ Security concerns
+ can be split up into several categories:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Denial of service attacks.</para>
+ </listitem>
+
+ <listitem>
+ <para>User account compromises.</para>
+ </listitem>
+
+ <listitem>
+ <para>Root compromise through accessible servers.</para>
+ </listitem>
+
+ <listitem>
+ <para>Root compromise via user accounts.</para>
+ </listitem>
+
+ <listitem>
+ <para>Backdoor creation.</para>
+ </listitem>
+ </orderedlist>
+
+ <indexterm>
+ <primary>DoS attacks</primary>
+ <see>Denial of Service (DoS)</see>
+ </indexterm>
+ <indexterm>
+ <primary>security</primary>
+ <secondary>DoS attacks</secondary>
+ <see>Denial of Service (DoS)</see>
+ </indexterm>
+ <indexterm><primary>Denial of Service (DoS)</primary></indexterm>
+
+ <para>A denial of service attack is an action that deprives the
+ machine of needed resources. Typically, DoS attacks are
+ brute-force mechanisms that attempt to crash or otherwise make a
+ machine unusable by overwhelming its servers or network stack. Some
+ DoS attacks try to take advantage of bugs in the networking
+ stack to crash a machine with a single packet. The latter can only
+ be fixed by applying a bug fix to the kernel. Attacks on servers
+ can often be fixed by properly specifying options to limit the load
+ the servers incur on the system under adverse conditions.
+ Brute-force network attacks are harder to deal with. A
+ spoofed-packet attack, for example, is nearly impossible to stop,
+ short of cutting your system off from the Internet. It may not be
+ able to take your machine down, but it can saturate your
+ Internet connection.</para>
+
+ <indexterm>
+ <primary>security</primary>
+ <secondary>account compromises</secondary>
+ </indexterm>
+
+ <para>A user account compromise is even more common than a DoS
+ attack. Many sysadmins still run standard
+ <application>telnetd</application>, <application>rlogind</application>,
+ <application>rshd</application>,
+ and <application>ftpd</application> servers on their machines.
+ These servers, by default, do
+ not operate over encrypted connections. The result is that if you
+ have any moderate-sized user base, one or more of your users logging
+ into your system from a remote location (which is the most common
+ and convenient way to login to a system) will have his or her
+ password sniffed. The attentive system admin will analyze his
+ remote access logs looking for suspicious source addresses even for
+ successful logins.</para>
+
+ <para>One must always assume that once an attacker has access to a
+ user account, the attacker can break <username>root</username>.
+ However, the reality is that in a well secured and maintained system,
+ access to a user account does not necessarily give the attacker
+ access to <username>root</username>. The distinction is important
+ because without access to <username>root</username> the attacker
+ cannot generally hide his tracks and may, at best, be able to do
+ nothing more than mess with the user's files, or crash the machine.
+ User account compromises are very common because users tend not to
+ take the precautions that sysadmins take.</para>
+
+ <indexterm>
+ <primary>security</primary>
+ <secondary>backdoors</secondary>
+ </indexterm>
+
+ <para>System administrators must keep in mind that there are
+ potentially many ways to break <username>root</username> on a machine.
+ The attacker may know the <username>root</username> password,
+ the attacker may find a bug in a root-run server and be able
+ to break <username>root</username> over a network
+ connection to that server, or the attacker may know of a bug in
+ a suid-root program that allows the attacker to break
+ <username>root</username> once he has broken into a user's account.
+ If an attacker has found a way to break <username>root</username>
+ on a machine, the attacker may not have a need
+ to install a backdoor. Many of the <username>root</username> holes
+ found and closed to date involve a considerable amount of work
+ by the attacker to cleanup after himself, so most attackers install
+ backdoors. A backdoor provides the attacker with a way to easily
+ regain <username>root</username> access to the system, but it
+ also gives the smart system administrator a convenient way
+ to detect the intrusion.
+ Making it impossible for an attacker to install a backdoor may
+ actually be detrimental to your security, because it will not
+ close off the hole the attacker found to break in the first
+ place.</para>
+
+
+ <para>Security remedies should always be implemented with a
+ multi-layered <quote>onion peel</quote> approach and can be
+ categorized as follows:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Securing <username>root</username> and staff accounts.</para>
+ </listitem>
+
+ <listitem>
+ <para>Securing <username>root</username>&ndash;run servers
+ and suid/sgid binaries.</para>
+ </listitem>
+
+ <listitem>
+ <para>Securing user accounts.</para>
+ </listitem>
+
+ <listitem>
+ <para>Securing the password file.</para>
+ </listitem>
+
+ <listitem>
+ <para>Securing the kernel core, raw devices, and
+ file systems.</para>
+ </listitem>
+
+ <listitem>
+ <para>Quick detection of inappropriate changes made to the
+ system.</para>
+ </listitem>
+
+ <listitem>
+ <para>Paranoia.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>The next section of this chapter will cover the above bullet
+ items in greater depth.</para>
+ </sect1>
+
+ <sect1 id="securing-freebsd">
+ <title>Securing &os;</title>
+ <indexterm>
+ <primary>security</primary>
+ <secondary>securing &os;</secondary>
+ </indexterm>
+
+ <note>
+ <title>Command vs. Protocol</title>
+ <para>Throughout this document, we will use
+ <application>bold</application> text to refer to an
+ application, and a <command>monospaced</command> font to refer
+ to specific commands. Protocols will use a normal font. This
+ typographical distinction is useful for instances such as ssh,
+ since it is
+ a protocol as well as command.</para>
+ </note>
+
+ <para>The sections that follow will cover the methods of securing your
+ &os; system that were mentioned in the <link
+ linkend="security-intro">last section</link> of this chapter.</para>
+
+ <sect2 id="securing-root-and-staff">
+ <title>Securing the <username>root</username> Account and
+ Staff Accounts</title>
+ <indexterm>
+ <primary><command>su</command></primary>
+ </indexterm>
+
+ <para>First off, do not bother securing staff accounts if you have
+ not secured the <username>root</username> account.
+ Most systems have a password assigned to the <username>root</username>
+ account. The first thing you do is assume
+ that the password is <emphasis>always</emphasis> compromised.
+ This does not mean that you should remove the password. The
+ password is almost always necessary for console access to the
+ machine. What it does mean is that you should not make it
+ possible to use the password outside of the console or possibly
+ even with the &man.su.1; command. For example, make sure that
+ your ptys are specified as being insecure in the
+ <filename>/etc/ttys</filename> file so that direct
+ <username>root</username> logins
+ via <command>telnet</command> or <command>rlogin</command> are
+ disallowed. If using other login services such as
+ <application>sshd</application>, make sure that direct
+ <username>root</username> logins are disabled there as well.
+ You can do this by editing
+ your <filename>/etc/ssh/sshd_config</filename> file, and making
+ sure that <literal>PermitRootLogin</literal> is set to
+ <literal>NO</literal>. Consider every access method &mdash;
+ services such as FTP often fall through the cracks.
+ Direct <username>root</username> logins should only be allowed
+ via the system console.</para>
+ <indexterm>
+ <primary><groupname>wheel</groupname></primary>
+ </indexterm>
+
+ <para>Of course, as a sysadmin you have to be able to get to
+ <username>root</username>, so we open up a few holes.
+ But we make sure these holes require additional password
+ verification to operate. One way to make <username>root</username>
+ accessible is to add appropriate staff accounts to the
+ <groupname>wheel</groupname> group (in
+ <filename>/etc/group</filename>). The staff members placed in the
+ <groupname>wheel</groupname> group are allowed to
+ <command>su</command> to <username>root</username>.
+ You should never give staff
+ members native <groupname>wheel</groupname> access by putting them in the
+ <groupname>wheel</groupname> group in their password entry. Staff
+ accounts should be placed in a <groupname>staff</groupname> group, and
+ then added to the <groupname>wheel</groupname> group via the
+ <filename>/etc/group</filename> file. Only those staff members
+ who actually need to have <username>root</username> access
+ should be placed in the
+ <groupname>wheel</groupname> group. It is also possible, when using
+ an authentication method such as Kerberos, to use Kerberos'
+ <filename>.k5login</filename> file in the <username>root</username>
+ account to allow a &man.ksu.1; to <username>root</username>
+ without having to place anyone at all in the
+ <groupname>wheel</groupname> group. This may be the better solution
+ since the <groupname>wheel</groupname> mechanism still allows an
+ intruder to break <username>root</username> if the intruder
+ has gotten hold of your
+ password file and can break into a staff account. While having
+ the <groupname>wheel</groupname> mechanism is better than having
+ nothing at all, it is not necessarily the safest option.</para>
+
+ <!-- XXX:
+ This will need updating depending on the outcome of PR bin/71147.
+ Personally I know what I'd like to see, which puts this in definite
+ need of a rewrite, but we'll have to wait and see. ceri@
+ -->
+
+ <para>An indirect way to secure staff accounts, and ultimately
+ <username>root</username> access is to use an alternative
+ login access method and
+ do what is known as <quote>starring</quote> out the encrypted
+ password for the staff accounts. Using the &man.vipw.8;
+ command, one can replace each instance of an encrypted password
+ with a single <quote><literal>*</literal></quote> character.
+ This command will update the <filename>/etc/master.passwd</filename>
+ file and user/password database to disable password-authenticated
+ logins.</para>
+
+ <para>A staff account entry such as:</para>
+
+ <programlisting>foobar:R9DT/Fa1/LV9U:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+
+ <para>Should be changed to this:</para>
+
+ <programlisting>foobar:*:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+
+ <para>This change will prevent normal logins from occurring,
+ since the encrypted password will never match
+ <quote><literal>*</literal></quote>. With this done,
+ staff members must use
+ another mechanism to authenticate themselves such as
+ &man.kerberos.1; or &man.ssh.1; using a public/private key
+ pair. When using something like Kerberos, one generally must
+ secure the machines which run the Kerberos servers and your
+ desktop workstation. When using a public/private key pair
+ with ssh, one must generally secure
+ the machine used to login <emphasis>from</emphasis> (typically
+ one's workstation). An additional layer of protection can be
+ added to the key pair by password protecting the key pair when
+ creating it with &man.ssh-keygen.1;. Being able to
+ <quote>star</quote> out the passwords for staff accounts also
+ guarantees that staff members can only login through secure
+ access methods that you have set up. This forces all staff
+ members to use secure, encrypted connections for all of their
+ sessions, which closes an important hole used by many
+ intruders: sniffing the network from an unrelated,
+ less secure machine.</para>
+
+ <para>The more indirect security mechanisms also assume that you are
+ logging in from a more restrictive server to a less restrictive
+ server. For example, if your main box is running all sorts of
+ servers, your workstation should not be running any. In order for
+ your workstation to be reasonably secure you should run as few
+ servers as possible, up to and including no servers at all, and
+ you should run a password-protected screen blanker. Of course,
+ given physical access to a workstation an attacker can break any
+ sort of security you put on it. This is definitely a problem that
+ you should consider, but you should also consider the fact that the
+ vast majority of break-ins occur remotely, over a network, from
+ people who do not have physical access to your workstation or
+ servers.</para>
+ <indexterm><primary>KerberosIV</primary></indexterm>
+
+ <para>Using something like Kerberos also gives you the ability to
+ disable or change the password for a staff account in one place,
+ and have it immediately affect all the machines on which the staff
+ member may have an account. If a staff member's account gets
+ compromised, the ability to instantly change his password on all
+ machines should not be underrated. With discrete passwords,
+ changing a password on N machines can be a mess. You can also
+ impose re-passwording restrictions with Kerberos: not only can a
+ Kerberos ticket be made to timeout after a while, but the Kerberos
+ system can require that the user choose a new password after a
+ certain period of time (say, once a month).</para>
+ </sect2>
+
+ <sect2>
+ <title>Securing Root-run Servers and SUID/SGID Binaries</title>
+
+ <indexterm>
+ <primary><command>ntalk</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>comsat</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>finger</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>sandboxes</primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>sshd</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>telnetd</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>rshd</application></primary>
+ </indexterm>
+ <indexterm>
+ <primary><application>rlogind</application></primary>
+ </indexterm>
+
+ <para>The prudent sysadmin only runs the servers he needs to, no
+ more, no less. Be aware that third party servers are often the
+ most bug-prone. For example, running an old version of
+ <application>imapd</application> or
+ <application>popper</application> is like giving a universal
+ <username>root</username> ticket out to the entire world.
+ Never run a server that you have not checked out carefully.
+ Many servers do not need to be run as <username>root</username>.
+ For example, the <application>ntalk</application>,
+ <application>comsat</application>, and
+ <application>finger</application> daemons can be run in special
+ user <firstterm>sandboxes</firstterm>. A sandbox is not perfect,
+ unless you go through a large amount of trouble, but the onion
+ approach to security still stands: If someone is able to break
+ in through a server running in a sandbox, they still have to
+ break out of the sandbox. The more layers the attacker must
+ break through, the lower the likelihood of his success. Root
+ holes have historically been found in virtually every server
+ ever run as <username>root</username>, including basic system servers.
+ If you are running a machine through which people only login via
+ <application>sshd</application> and never login via
+ <application>telnetd</application> or
+ <application>rshd</application> or
+ <application>rlogind</application>, then turn off those
+ services!</para>
+
+ <para>&os; now defaults to running
+ <application>ntalkd</application>,
+ <application>comsat</application>, and
+ <application>finger</application> in a sandbox. Another program
+ which may be a candidate for running in a sandbox is &man.named.8;.
+ <filename>/etc/defaults/rc.conf</filename> includes the arguments
+ necessary to run <application>named</application> in a sandbox in a
+ commented-out form. Depending on whether you are installing a new
+ system or upgrading an existing system, the special user accounts
+ used by these sandboxes may not be installed. The prudent
+ sysadmin would research and implement sandboxes for servers
+ whenever possible.</para>
+ <indexterm>
+ <primary><application>sendmail</application></primary>
+ </indexterm>
+
+ <para>There are a number of other servers that typically do not run
+ in sandboxes: <application>sendmail</application>,
+ <application>popper</application>,
+ <application>imapd</application>, <application>ftpd</application>,
+ and others. There are alternatives to some of these, but
+ installing them may require more work than you are willing to
+ perform (the convenience factor strikes again). You may have to
+ run these servers as <username>root</username> and rely on other
+ mechanisms to detect break-ins that might occur through them.</para>
+
+ <para>The other big potential <username>root</username> holes in a
+ system are the
+ suid-root and sgid binaries installed on the system. Most of
+ these binaries, such as <application>rlogin</application>, reside
+ in <filename>/bin</filename>, <filename>/sbin</filename>,
+ <filename>/usr/bin</filename>, or <filename>/usr/sbin</filename>.
+ While nothing is 100% safe, the system-default suid and sgid
+ binaries can be considered reasonably safe. Still,
+ <username>root</username> holes are occasionally found in these
+ binaries. A <username>root</username> hole was found in
+ <literal>Xlib</literal> in 1998 that made
+ <application>xterm</application> (which is typically suid)
+ vulnerable. It is better to be safe than sorry and the prudent
+ sysadmin will restrict suid binaries, that only staff should run,
+ to a special group that only staff can access, and get rid of
+ (<command>chmod 000</command>) any suid binaries that nobody uses.
+ A server with no display generally does not need an
+ <application>xterm</application> binary. Sgid binaries can be
+ almost as dangerous. If an intruder can break an sgid-kmem binary,
+ the intruder might be able to read <filename>/dev/kmem</filename>
+ and thus read the encrypted password file, potentially compromising
+ any passworded account. Alternatively an intruder who breaks
+ group <literal>kmem</literal> can monitor keystrokes sent through
+ ptys, including ptys used by users who login through secure
+ methods. An intruder that breaks the <groupname>tty</groupname>
+ group can write to
+ almost any user's tty. If a user is running a terminal program or
+ emulator with a keyboard-simulation feature, the intruder can
+ potentially generate a data stream that causes the user's terminal
+ to echo a command, which is then run as that user.</para>
+ </sect2>
+
+ <sect2 id="secure-users">
+ <title>Securing User Accounts</title>
+
+ <para>User accounts are usually the most difficult to secure. While
+ you can impose Draconian access restrictions on your staff and
+ <quote>star</quote> out their passwords, you may not be able to
+ do so with any general user accounts you might have. If you do
+ have sufficient control, then you may win out and be able to secure
+ the user accounts properly. If not, you simply have to be more
+ vigilant in your monitoring of those accounts. Use of
+ ssh and Kerberos for user accounts is
+ more problematic, due to the extra administration and technical
+ support required, but still a very good solution compared to a
+ crypted password file.</para>
+ </sect2>
+
+ <sect2>
+ <title>Securing the Password File</title>
+
+ <para>The only sure fire way is to <literal>*</literal> out as many
+ passwords as you can and use ssh or
+ Kerberos for access to those accounts. Even though the encrypted
+ password file (<filename>/etc/spwd.db</filename>) can only be read
+ by <username>root</username>, it may be possible for an intruder
+ to obtain read access to that file even if the attacker cannot
+ obtain root-write access.</para>
+
+ <para>Your security scripts should always check for and report
+ changes to the password file (see the <link
+ linkend="security-integrity">Checking file integrity</link> section
+ below).</para>
+ </sect2>
+
+ <sect2>
+ <title>Securing the Kernel Core, Raw Devices, and
+ File systems</title>
+
+ <para>If an attacker breaks <username>root</username> he can do
+ just about anything, but
+ there are certain conveniences. For example, most modern kernels
+ have a packet sniffing device driver built in. Under &os; it
+ is called the <devicename>bpf</devicename> device. An intruder
+ will commonly attempt to run a packet sniffer on a compromised
+ machine. You do not need to give the intruder the capability and
+ most systems do not have the need for the
+ <devicename>bpf</devicename> device compiled in.</para>
+
+ <indexterm>
+ <primary><command>sysctl</command></primary>
+ </indexterm>
+ <para>But even if you turn off the <devicename>bpf</devicename>
+ device, you still have
+ <filename>/dev/mem</filename> and
+ <filename>/dev/kmem</filename>
+ to worry about. For that matter, the intruder can still write to
+ raw disk devices. Also, there is another kernel feature called
+ the module loader, &man.kldload.8;. An enterprising intruder can
+ use a KLD module to install his own <devicename>bpf</devicename>
+ device, or other sniffing
+ device, on a running kernel. To avoid these problems you have to
+ run the kernel at a higher secure level, at least securelevel 1.
+ The securelevel can be set with a <command>sysctl</command> on
+ the <varname>kern.securelevel</varname> variable. Once you have
+ set the securelevel to 1, write access to raw devices will be
+ denied and special <command>chflags</command> flags,
+ such as <literal>schg</literal>,
+ will be enforced. You must also ensure that the
+ <literal>schg</literal> flag is set on critical startup binaries,
+ directories, and script files &mdash; everything that gets run up
+ to the point where the securelevel is set. This might be overdoing
+ it, and upgrading the system is much more difficult when you
+ operate at a higher secure level. You may compromise and run the
+ system at a higher secure level but not set the
+ <literal>schg</literal> flag for every system file and directory
+ under the sun. Another possibility is to simply mount
+ <filename>/</filename> and <filename>/usr</filename> read-only.
+ It should be noted that being too Draconian in what you attempt to
+ protect may prevent the all-important detection of an
+ intrusion.</para>
+ </sect2>
+
+ <sect2 id="security-integrity">
+ <title>Checking File Integrity: Binaries, Configuration Files,
+ Etc.</title>
+
+ <para>When it comes right down to it, you can only protect your core
+ system configuration and control files so much before the
+ convenience factor rears its ugly head. For example, using
+ <command>chflags</command> to set the <literal>schg</literal> bit
+ on most of the files in <filename>/</filename> and
+ <filename>/usr</filename> is probably counterproductive, because
+ while it may protect the files, it also closes a detection window.
+ The last layer of your security onion is perhaps the most
+ important &mdash; detection. The rest of your security is pretty
+ much useless (or, worse, presents you with a false sense of
+ safety) if you cannot detect potential incursions. Half the job
+ of the onion is to slow down the attacker, rather than stop him, in
+ order to give the detection side of the equation a chance to catch
+ him in the act.</para>
+
+ <para>The best way to detect an incursion is to look for modified,
+ missing, or unexpected files. The best way to look for modified
+ files is from another (often centralized) limited-access system.
+ Writing your security scripts on the extra-secure limited-access
+ system makes them mostly invisible to potential attackers, and this
+ is important. In order to take maximum advantage you generally
+ have to give the limited-access box significant access to the
+ other machines in the business, usually either by doing a
+ read-only NFS export of the other machines to the limited-access
+ box, or by setting up ssh key-pairs to
+ allow the limited-access box to ssh to
+ the other machines. Except for its network traffic, NFS is the
+ least visible method &mdash; allowing you to monitor the
+ file systems on each client box virtually undetected. If your
+ limited-access server is connected to the client boxes through a
+ switch, the NFS method is often the better choice. If your
+ limited-access server is connected to the client boxes through a
+ hub, or through several layers of routing, the NFS method may be
+ too insecure (network-wise) and using
+ ssh may be the better choice even with
+ the audit-trail tracks that ssh
+ lays.</para>
+
+ <para>Once you give a limited-access box, at least read access to the
+ client systems it is supposed to monitor, you must write scripts
+ to do the actual monitoring. Given an NFS mount, you can write
+ scripts out of simple system utilities such as &man.find.1; and
+ &man.md5.1;. It is best to physically md5 the client-box files
+ at least once a day, and to test control files such as those
+ found in <filename>/etc</filename> and
+ <filename>/usr/local/etc</filename> even more often. When
+ mismatches are found, relative to the base md5 information the
+ limited-access machine knows is valid, it should scream at a
+ sysadmin to go check it out. A good security script will also
+ check for inappropriate suid binaries and for new or deleted files
+ on system partitions such as <filename>/</filename> and
+ <filename>/usr</filename>.</para>
+
+ <para>When using ssh rather than NFS,
+ writing the security script is much more difficult. You
+ essentially have to <command>scp</command> the scripts to the client
+ box in order to
+ run them, making them visible, and for safety you also need to
+ <command>scp</command> the binaries (such as find) that those
+ scripts use. The <application>ssh</application> client on the
+ client box may already be compromised. All in all, using
+ ssh may be necessary when running over
+ insecure links, but it is also a lot harder to deal with.</para>
+
+ <para>A good security script will also check for changes to user and
+ staff members access configuration files:
+ <filename>.rhosts</filename>, <filename>.shosts</filename>,
+ <filename>.ssh/authorized_keys</filename> and so forth&hellip;
+ files that might fall outside the purview of the
+ <literal>MD5</literal> check.</para>
+
+ <para>If you have a huge amount of user disk space, it may take too
+ long to run through every file on those partitions. In this case,
+ setting mount flags to disallow suid binaries and devices on those
+ partitions is a good idea. The <literal>nodev</literal> and
+ <literal>nosuid</literal> options (see &man.mount.8;) are what you
+ want to look into. You should probably scan them anyway, at least
+ once a week, since the object of this layer is to detect a break-in
+ whether or not the break-in is effective.</para>
+
+ <para>Process accounting (see &man.accton.8;) is a relatively
+ low-overhead feature of the operating system which might help
+ as a post-break-in evaluation mechanism. It is especially
+ useful in tracking down how an intruder has actually broken into
+ a system, assuming the file is still intact after the break-in
+ occurs.</para>
+
+ <para>Finally, security scripts should process the log files, and the
+ logs themselves should be generated in as secure a manner as
+ possible &mdash; remote syslog can be very useful. An intruder
+ tries to cover his tracks, and log files are critical to the
+ sysadmin trying to track down the time and method of the initial
+ break-in. One way to keep a permanent record of the log files is
+ to run the system console to a serial port and collect the
+ information on a continuing basis through a secure machine
+ monitoring the consoles.</para>
+ </sect2>
+
+ <sect2>
+ <title>Paranoia</title>
+
+ <para>A little paranoia never hurts. As a rule, a sysadmin can add
+ any number of security features, as long as they do not affect
+ convenience, and can add security features that
+ <emphasis>do</emphasis> affect convenience with some added thought.
+ Even more importantly, a security administrator should mix it up a
+ bit &mdash; if you use recommendations such as those given by this
+ document verbatim, you give away your methodologies to the
+ prospective attacker who also has access to this document.</para>
+ </sect2>
+
+ <sect2>
+ <title>Denial of Service Attacks</title>
+ <indexterm><primary>Denial of Service (DoS)</primary></indexterm>
+
+ <para>This section covers Denial of Service attacks. A DoS attack
+ is typically a packet attack. While there is not much you can do
+ about modern spoofed packet attacks that saturate your network,
+ you can generally limit the damage by ensuring that the attacks
+ cannot take down your servers.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Limiting server forks.</para>
+ </listitem>
+
+ <listitem>
+ <para>Limiting springboard attacks (ICMP response attacks, ping
+ broadcast, etc.).</para>
+ </listitem>
+
+ <listitem>
+ <para>Kernel Route Cache.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>A common DoS attack is against a forking server that attempts
+ to cause the server to eat processes, file descriptors, and memory,
+ until the machine dies. <application>inetd</application>
+ (see &man.inetd.8;) has several
+ options to limit this sort of attack. It should be noted that
+ while it is possible to prevent a machine from going down, it is
+ not generally possible to prevent a service from being disrupted
+ by the attack. Read the <application>inetd</application> manual
+ page carefully and pay
+ specific attention to the <option>-c</option>, <option>-C</option>,
+ and <option>-R</option> options. Note that spoofed-IP attacks
+ will circumvent the <option>-C</option> option to
+ <application>inetd</application>, so
+ typically a combination of options must be used. Some standalone
+ servers have self-fork-limitation parameters.</para>
+
+ <para><application>Sendmail</application> has its
+ <option>-OMaxDaemonChildren</option> option, which tends to work
+ much better than trying to use sendmail's load limiting options
+ due to the load lag. You should specify a
+ <literal>MaxDaemonChildren</literal> parameter, when you start
+ <application>sendmail</application>, high enough to handle your
+ expected load, but not so high that the computer cannot handle that
+ number of <application>sendmails</application> without falling on
+ its face. It is also prudent to run sendmail in queued mode
+ (<option>-ODeliveryMode=queued</option>) and to run the daemon
+ (<command>sendmail -bd</command>) separate from the queue-runs
+ (<command>sendmail -q15m</command>). If you still want real-time
+ delivery you can run the queue at a much lower interval, such as
+ <option>-q1m</option>, but be sure to specify a reasonable
+ <literal>MaxDaemonChildren</literal> option for
+ <emphasis>that</emphasis> sendmail to prevent cascade failures.</para>
+
+ <para><application>Syslogd</application> can be attacked directly
+ and it is strongly recommended that you use the <option>-s</option>
+ option whenever possible, and the <option>-a</option> option
+ otherwise.</para>
+
+ <para>You should also be fairly careful with connect-back services
+ such as <application>TCP Wrapper</application>'s reverse-identd,
+ which can be attacked directly. You generally do not want to use
+ the reverse-ident feature of
+ <application>TCP Wrapper</application> for this reason.</para>
+
+ <para>It is a very good idea to protect internal services from
+ external access by firewalling them off at your border routers.
+ The idea here is to prevent saturation attacks from outside your
+ LAN, not so much to protect internal services from network-based
+ <username>root</username> compromise.
+ Always configure an exclusive firewall, i.e.,
+ <quote>firewall everything <emphasis>except</emphasis> ports A, B,
+ C, D, and M-Z</quote>. This way you can firewall off all of your
+ low ports except for certain specific services such as
+ <application>named</application> (if you are primary for a zone),
+ <application>ntalkd</application>,
+ <application>sendmail</application>, and other Internet-accessible
+ services. If you try to configure the firewall the other way
+ &mdash; as an inclusive or permissive firewall, there is a good
+ chance that you will forget to <quote>close</quote> a couple of
+ services, or that you will add a new internal service and forget
+ to update the firewall. You can still open up the high-numbered
+ port range on the firewall, to allow permissive-like operation,
+ without compromising your low ports. Also take note that &os;
+ allows you to control the range of port numbers used for dynamic
+ binding, via the various <varname>net.inet.ip.portrange</varname>
+ <command>sysctl</command>'s (<command>sysctl -a | fgrep
+ portrange</command>), which can also ease the complexity of your
+ firewall's configuration. For example, you might use a normal
+ first/last range of 4000 to 5000, and a hiport range of 49152 to
+ 65535, then block off everything under 4000 in your firewall
+ (except for certain specific Internet-accessible ports, of
+ course).</para>
+
+ <para>Another common DoS attack is called a springboard attack
+ &mdash; to attack a server in a manner that causes the server to
+ generate responses which overloads the server, the local
+ network, or some other machine. The most common attack of this
+ nature is the <emphasis>ICMP ping broadcast attack</emphasis>.
+ The attacker spoofs ping packets sent to your LAN's broadcast
+ address with the source IP address set to the actual machine they
+ wish to attack. If your border routers are not configured to
+ stomp on ping's to broadcast addresses, your LAN winds up
+ generating sufficient responses to the spoofed source address to
+ saturate the victim, especially when the attacker uses the same
+ trick on several dozen broadcast addresses over several dozen
+ different networks at once. Broadcast attacks of over a hundred
+ and twenty megabits have been measured. A second common
+ springboard attack is against the ICMP error reporting system.
+ By constructing packets that generate ICMP error responses, an
+ attacker can saturate a server's incoming network and cause the
+ server to saturate its outgoing network with ICMP responses. This
+ type of attack can also crash the server by running it out of
+ mbuf's, especially if the server cannot drain the ICMP responses
+ it generates fast enough. &os; 4.X kernels have a kernel
+ compile option called <option>ICMP_BANDLIM</option>
+ which limits the effectiveness
+ of these sorts of attacks.
+ Later kernels use the <application>sysctl</application>
+ variable <literal>net.inet.icmp.icmplim</literal>.
+ The last major class of springboard
+ attacks is related to certain internal
+ <application>inetd</application> services such as the
+ udp echo service. An attacker simply spoofs a UDP packet with the
+ source address being server A's echo port, and the destination
+ address being server B's echo port, where server A and B are both
+ on your LAN. The two servers then bounce this one packet back and
+ forth between each other. The attacker can overload both servers
+ and their LANs simply by injecting a few packets in this manner.
+ Similar problems exist with the internal
+ <application>chargen</application> port. A
+ competent sysadmin will turn off all of these inetd-internal test
+ services.</para>
+
+ <para>Spoofed packet attacks may also be used to overload the kernel
+ route cache. Refer to the <varname>net.inet.ip.rtexpire</varname>,
+ <varname>rtminexpire</varname>, and <varname>rtmaxcache</varname>
+ <command>sysctl</command> parameters. A spoofed packet attack
+ that uses a random source IP will cause the kernel to generate a
+ temporary cached route in the route table, viewable with
+ <command>netstat -rna | fgrep W3</command>. These routes
+ typically timeout in 1600 seconds or so. If the kernel detects
+ that the cached route table has gotten too big it will dynamically
+ reduce the <varname>rtexpire</varname> but will never decrease it
+ to less than <varname>rtminexpire</varname>. There are two
+ problems:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>The kernel does not react quickly enough when a lightly
+ loaded server is suddenly attacked.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <varname>rtminexpire</varname> is not low enough for
+ the kernel to survive a sustained attack.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>If your servers are connected to the Internet via a T3 or
+ better, it may be prudent to manually override both
+ <varname>rtexpire</varname> and <varname>rtminexpire</varname>
+ via &man.sysctl.8;. Never set either parameter to zero (unless
+ you want to crash the machine). Setting both
+ parameters to 2 seconds should be sufficient to protect the route
+ table from attack.</para>
+ </sect2>
+
+ <sect2>
+ <title>Access Issues with Kerberos and SSH</title>
+ <indexterm><primary><command>ssh</command></primary></indexterm>
+ <indexterm><primary>KerberosIV</primary></indexterm>
+
+ <para>There are a few issues with both Kerberos and
+ ssh that need to be addressed if
+ you intend to use them. Kerberos V is an excellent
+ authentication protocol, but there are bugs in the kerberized
+ <application>telnet</application> and
+ <application>rlogin</application> applications that make them
+ unsuitable for dealing with binary streams. Also, by default
+ Kerberos does not encrypt a session unless you use the
+ <option>-x</option> option. <application>ssh</application>
+ encrypts everything by default.</para>
+
+ <para>ssh works quite well in every
+ respect except that it forwards encryption keys by default. What
+ this means is that if you have a secure workstation holding keys
+ that give you access to the rest of the system, and you
+ ssh to an insecure machine, your keys
+ are usable. The actual keys themselves are not exposed, but
+ ssh installs a forwarding port for the
+ duration of your login, and if an attacker has broken
+ <username>root</username> on the
+ insecure machine he can utilize that port to use your keys to gain
+ access to any other machine that your keys unlock.</para>
+
+ <para>We recommend that you use ssh in
+ combination with Kerberos whenever possible for staff logins.
+ <application>ssh</application> can be compiled with Kerberos
+ support. This reduces your reliance on potentially exposed
+ ssh keys while at the same time
+ protecting passwords via Kerberos. ssh
+ keys should only be used for automated tasks from secure machines
+ (something that Kerberos is unsuited to do). We also recommend that
+ you either turn off key-forwarding in the
+ ssh configuration, or that you make use
+ of the <literal>from=IP/DOMAIN</literal> option that
+ ssh allows in its
+ <filename>authorized_keys</filename> file to make the key only
+ usable to entities logging in from specific machines.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="crypt">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Bill</firstname>
+ <surname>Swingle</surname>
+ <contrib>Parts rewritten and updated by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 21 Mar 2000 -->
+ </sect1info>
+
+ <title>DES, MD5, and Crypt</title>
+ <indexterm>
+ <primary>security</primary>
+ <secondary>crypt</secondary>
+ </indexterm>
+
+ <indexterm><primary>crypt</primary></indexterm>
+ <indexterm><primary>DES</primary></indexterm>
+ <indexterm><primary>MD5</primary></indexterm>
+
+ <para>Every user on a &unix; system has a password associated with
+ their account. It seems obvious that these passwords need to be
+ known only to the user and the actual operating system. In
+ order to keep these passwords secret, they are encrypted with
+ what is known as a <quote>one-way hash</quote>, that is, they can
+ only be easily encrypted but not decrypted. In other words, what
+ we told you a moment ago was obvious is not even true: the
+ operating system itself does not <emphasis>really</emphasis> know
+ the password. It only knows the <emphasis>encrypted</emphasis>
+ form of the password. The only way to get the
+ <quote>plain-text</quote> password is by a brute force search of the
+ space of possible passwords.</para>
+
+ <para>Unfortunately the only secure way to encrypt passwords when
+ &unix; came into being was based on DES, the Data Encryption
+ Standard. This was not such a problem for users resident in
+ the US, but since the source code for DES could not be exported
+ outside the US, &os; had to find a way to both comply with
+ US law and retain compatibility with all the other &unix;
+ variants that still used DES.</para>
+
+ <para>The solution was to divide up the encryption libraries
+ so that US users could install the DES libraries and use
+ DES but international users still had an encryption method
+ that could be exported abroad. This is how &os; came to
+ use MD5 as its default encryption method. MD5 is believed to
+ be more secure than DES, so installing DES is offered primarily
+ for compatibility reasons.</para>
+
+ <sect2>
+ <title>Recognizing Your Crypt Mechanism</title>
+
+ <para>Before &os;&nbsp;4.4 <filename>libcrypt.a</filename> was a
+ symbolic link pointing to the library which was used for
+ encryption. &os;&nbsp;4.4 changed <filename>libcrypt.a</filename> to
+ provide a configurable password authentication hash library.
+ Currently the library supports DES, MD5 and Blowfish hash
+ functions. By default &os; uses MD5 to encrypt
+ passwords.</para>
+
+ <para>It is pretty easy to identify which encryption method
+ &os; is set up to use. Examining the encrypted passwords in
+ the <filename>/etc/master.passwd</filename> file is one way.
+ Passwords encrypted with the MD5 hash are longer than those
+ encrypted with the DES hash and also begin with the characters
+ <literal>&dollar;1&dollar;</literal>. Passwords starting with
+ <literal>&dollar;2a&dollar;</literal> are encrypted with the
+ Blowfish hash function. DES password strings do not
+ have any particular identifying characteristics, but they are
+ shorter than MD5 passwords, and are coded in a 64-character
+ alphabet which does not include the <literal>&dollar;</literal>
+ character, so a relatively short string which does not begin with
+ a dollar sign is very likely a DES password.</para>
+
+ <para>The password format used for new passwords is controlled
+ by the <literal>passwd_format</literal> login capability in
+ <filename>/etc/login.conf</filename>, which takes values of
+ <literal>des</literal>, <literal>md5</literal> or
+ <literal>blf</literal>. See the &man.login.conf.5; manual page
+ for more information about login capabilities.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="one-time-passwords">
+ <title>One-time Passwords</title>
+ <indexterm><primary>one-time passwords</primary></indexterm>
+ <indexterm>
+ <primary>security</primary>
+ <secondary>one-time passwords</secondary>
+ </indexterm>
+
+ <para>S/Key is a one-time password scheme based on a one-way hash
+ function. &os; uses the MD4 hash for compatibility but other
+ systems have used MD5 and DES-MAC. S/Key has been part of the
+ &os; base system since version 1.1.5 and is also used on a
+ growing number of other operating systems. S/Key is a registered
+ trademark of Bell Communications Research, Inc.</para>
+
+ <para>From version 5.0 of &os;, S/Key has been replaced with
+ the functionally equivalent OPIE (One-time Passwords In
+ Everything). OPIE uses the MD5 hash by default.</para>
+
+ <para>There are three different sorts of passwords which we will discuss
+ below. The first is your usual &unix; style or
+ Kerberos password; we will call this a <quote>&unix; password</quote>.
+ The second sort is the one-time password which is generated by the
+ S/Key <command>key</command> program or the OPIE
+ &man.opiekey.1; program and accepted by the
+ <command>keyinit</command> or &man.opiepasswd.1; programs
+ and the login prompt; we will
+ call this a <quote>one-time password</quote>. The final sort of
+ password is the secret password which you give to the
+ <command>key</command>/<command>opiekey</command> programs (and
+ sometimes the
+ <command>keyinit</command>/<command>opiepasswd</command> programs)
+ which it uses to generate
+ one-time passwords; we will call it a <quote>secret password</quote>
+ or just unqualified <quote>password</quote>.</para>
+
+ <para>The secret password does not have anything to do with your &unix;
+ password; they can be the same but this is not recommended. S/Key
+ and OPIE secret passwords are not limited to 8 characters like old
+ &unix; passwords<footnote><para>Under &os; the standard login
+ password may be up to 128 characters in length.</para></footnote>,
+ they can be as long as you like. Passwords of six or
+ seven word long phrases are fairly common. For the most part, the
+ S/Key or OPIE system operates completely independently of the &unix;
+ password system.</para>
+
+ <para>Besides the password, there are two other pieces of data that
+ are important to S/Key and OPIE. One is what is known as the
+ <quote>seed</quote> or <quote>key</quote>, consisting of two letters
+ and five digits. The other is what is called the <quote>iteration
+ count</quote>, a number between 1 and 100. S/Key creates the
+ one-time password by concatenating the seed and the secret password,
+ then applying the MD4/MD5 hash as many times as specified by the
+ iteration count and turning the result into six short English words.
+ These six English words are your one-time password. The
+ authentication system (primarily PAM) keeps
+ track of the last one-time password used, and the user is
+ authenticated if the hash of the user-provided password is equal to
+ the previous password. Because a one-way hash is used it is
+ impossible to generate future one-time passwords if a successfully
+ used password is captured; the iteration count is decremented after
+ each successful login to keep the user and the login program in
+ sync. When the iteration count gets down to 1, S/Key and OPIE must be
+ reinitialized.</para>
+
+ <para>There are three programs involved in each system
+ which we will discuss below. The <command>key</command> and
+ <command>opiekey</command> programs accept an iteration
+ count, a seed, and a secret password, and generate a one-time
+ password or a consecutive list of one-time passwords. The
+ <command>keyinit</command> and <command>opiepasswd</command>
+ programs are used to initialize S/Key and OPIE respectively,
+ and to change passwords, iteration counts, or seeds; they
+ take either a secret passphrase, or an iteration count,
+ seed, and one-time password. The <command>keyinfo</command>
+ and <command>opieinfo</command> programs examine the
+ relevant credentials files (<filename>/etc/skeykeys</filename> or
+ <filename>/etc/opiekeys</filename>) and print out the invoking user's
+ current iteration count and seed.</para>
+
+ <para>There are four different sorts of operations we will cover. The
+ first is using <command>keyinit</command> or
+ <command>opiepasswd</command> over a secure connection to set up
+ one-time-passwords for the first time, or to change your password
+ or seed. The second operation is using <command>keyinit</command>
+ or <command>opiepasswd</command> over an insecure connection, in
+ conjunction with <command>key</command> or <command>opiekey</command>
+ over a secure connection, to do the same. The third is using
+ <command>key</command>/<command>opiekey</command> to log in over
+ an insecure connection. The fourth is using <command>key</command>
+ or <command>opiekey</command> to generate a number of keys which
+ can be written down or printed out to carry with you when going to
+ some location without secure connections to anywhere.</para>
+
+ <sect2>
+ <title>Secure Connection Initialization</title>
+
+ <para>To initialize S/Key for the first time, change your password,
+ or change your seed while logged in over a secure connection
+ (e.g. on the console of a machine or via <application>ssh</application>), use the
+ <command>keyinit</command> command without any parameters while
+ logged in as yourself:</para>
+
+ <screen>&prompt.user; <userinput>keyinit</userinput>
+Adding unfurl:
+Reminder - Only use this method if you are directly connected.
+If you are using telnet or rlogin exit with no password and use keyinit -s.
+Enter secret password:
+Again secret password:
+
+ID unfurl s/key is 99 to17757
+DEFY CLUB PRO NASH LACE SOFT</screen>
+
+ <para>For OPIE, <command>opiepasswd</command> is used instead:</para>
+
+ <screen>&prompt.user; <userinput>opiepasswd -c</userinput>
+[grimreaper] ~ $ opiepasswd -f -c
+Adding unfurl:
+Only use this method from the console; NEVER from remote. If you are using
+telnet, xterm, or a dial-in, type ^C now or exit with no password.
+Then run opiepasswd without the -c parameter.
+Using MD5 to compute responses.
+Enter new secret pass phrase:
+Again new secret pass phrase:
+ID unfurl OTP key is 499 to4268
+MOS MALL GOAT ARM AVID COED
+</screen>
+
+ <para>At the <prompt>Enter new secret pass phrase:</prompt> or
+ <prompt>Enter secret password:</prompt> prompts, you
+ should enter a password or phrase. Remember, this is not the
+ password that you will use to login with, this is used to generate
+ your one-time login keys. The <quote>ID</quote> line gives the
+ parameters of your particular instance: your login name, the
+ iteration count, and seed. When logging in the system
+ will remember these parameters and present them back to you so you
+ do not have to remember them. The last line gives the particular
+ one-time password which corresponds to those parameters and your
+ secret password; if you were to re-login immediately, this
+ one-time password is the one you would use.</para>
+ </sect2>
+
+ <sect2>
+ <title>Insecure Connection Initialization</title>
+
+ <para>To initialize or change your secret password over an
+ insecure connection, you will need to already have a secure
+ connection to some place where you can run <command>key</command>
+ or <command>opiekey</command>; this might be in the form of a
+ desk accessory on a &macintosh;, or a shell prompt on a machine you
+ trust. You will also need to make up an iteration count (100 is
+ probably a good value), and you may make up your own seed or use a
+ randomly-generated one. Over on the insecure connection (to the
+ machine you are initializing), use the <command>keyinit
+ -s</command> command:</para>
+
+ <screen>&prompt.user; <userinput>keyinit -s</userinput>
+Updating unfurl:
+Old key: to17758
+Reminder you need the 6 English words from the key command.
+Enter sequence count from 1 to 9999: <userinput>100</userinput>
+Enter new key [default to17759]:
+s/key 100 to 17759
+s/key access password:
+s/key access password:<userinput>CURE MIKE BANE HIM RACY GORE</userinput>
+</screen>
+
+ <para>For OPIE, you need to use <command>opiepasswd</command>:</para>
+
+ <screen>&prompt.user; <userinput>opiepasswd</userinput>
+
+Updating unfurl:
+You need the response from an OTP generator.
+Old secret pass phrase:
+ otp-md5 498 to4268 ext
+ Response: GAME GAG WELT OUT DOWN CHAT
+New secret pass phrase:
+ otp-md5 499 to4269
+ Response: LINE PAP MILK NELL BUOY TROY
+
+ID mark OTP key is 499 gr4269
+LINE PAP MILK NELL BUOY TROY
+</screen>
+
+ <para>To accept the default seed (which the
+ <command>keyinit</command> program confusingly calls a
+ <literal>key</literal>), press <keycap>Return</keycap>.
+ Then before entering an
+ access password, move over to your secure connection or S/Key desk
+ accessory, and give it the same parameters:</para>
+
+ <screen>&prompt.user; <userinput>key 100 to17759</userinput>
+Reminder - Do not use this program while logged in via telnet or rlogin.
+Enter secret password: <userinput>&lt;secret password&gt;</userinput>
+CURE MIKE BANE HIM RACY GORE</screen>
+
+ <para>Or for OPIE:</para>
+
+ <screen>&prompt.user; <userinput>opiekey 498 to4268</userinput>
+Using the MD5 algorithm to compute response.
+Reminder: Don't use opiekey from telnet or dial-in sessions.
+Enter secret pass phrase:
+GAME GAG WELT OUT DOWN CHAT
+</screen>
+
+ <para>Now switch back over to the insecure connection, and copy the
+ one-time password generated over to the relevant program.</para>
+ </sect2>
+
+ <sect2>
+ <title>Generating a Single One-time Password</title>
+
+ <para>Once you have initialized S/Key or OPIE, when you login you will be
+ presented with a prompt like this:</para>
+
+<screen>&prompt.user; <userinput>telnet example.com</userinput>
+Trying 10.0.0.1...
+Connected to example.com
+Escape character is '^]'.
+
+FreeBSD/i386 (example.com) (ttypa)
+
+login: <userinput>&lt;username&gt;</userinput>
+s/key 97 fw13894
+Password: </screen>
+
+ <para>Or for OPIE:</para>
+
+<screen>&prompt.user; <userinput>telnet example.com</userinput>
+Trying 10.0.0.1...
+Connected to example.com
+Escape character is '^]'.
+
+FreeBSD/i386 (example.com) (ttypa)
+
+login: <userinput>&lt;username&gt;</userinput>
+otp-md5 498 gr4269 ext
+Password: </screen>
+
+ <para>As a side note, the S/Key and OPIE prompts have a useful feature
+ (not shown here): if you press <keycap>Return</keycap>
+ at the password prompt, the
+ prompter will turn echo on, so you can see what you are
+ typing. This can be extremely useful if you are attempting to
+ type in a password by hand, such as from a printout.</para>
+
+ <indexterm><primary>MS-DOS</primary></indexterm>
+ <indexterm><primary>Windows</primary></indexterm>
+ <indexterm><primary>MacOS</primary></indexterm>
+
+ <para>At this point you need to generate your one-time password to
+ answer this login prompt. This must be done on a trusted system
+ that you can run <command>key</command> or
+ <command>opiekey</command> on. (There are versions of these for DOS,
+ &windows; and &macos; as well.) They need both the iteration count and
+ the seed as command line options. You can cut-and-paste these
+ right from the login prompt on the machine that you are logging
+ in to.</para>
+
+ <para>On the trusted system:</para>
+
+ <screen>&prompt.user; <userinput>key 97 fw13894</userinput>
+Reminder - Do not use this program while logged in via telnet or rlogin.
+Enter secret password:
+WELD LIP ACTS ENDS ME HAAG</screen>
+
+ <para>For OPIE:</para>
+
+ <screen>&prompt.user; <userinput>opiekey 498 to4268</userinput>
+Using the MD5 algorithm to compute response.
+Reminder: Don't use opiekey from telnet or dial-in sessions.
+Enter secret pass phrase:
+GAME GAG WELT OUT DOWN CHAT</screen>
+
+ <para>Now that you have your one-time password you can continue
+ logging in:</para>
+
+ <screen>login: <userinput>&lt;username&gt;</userinput>
+s/key 97 fw13894
+Password: <userinput>&lt;return to enable echo&gt;</userinput>
+s/key 97 fw13894
+Password [echo on]: WELD LIP ACTS ENDS ME HAAG
+Last login: Tue Mar 21 11:56:41 from 10.0.0.2 ... </screen>
+
+ </sect2>
+
+ <sect2>
+ <title>Generating Multiple One-time Passwords</title>
+
+ <para>Sometimes you have to go places where you do not have
+ access to a trusted machine or secure connection. In this case,
+ it is possible to use the <command>key</command> and
+ <command>opiekey</command> commands to
+ generate a number of one-time passwords beforehand to be printed
+ out and taken with you. For example:</para>
+
+ <screen>&prompt.user; <userinput>key -n 5 30 zz99999</userinput>
+Reminder - Do not use this program while logged in via telnet or rlogin.
+Enter secret password: <userinput>&lt;secret password&gt;</userinput>
+26: SODA RUDE LEA LIND BUDD SILT
+27: JILT SPY DUTY GLOW COWL ROT
+28: THEM OW COLA RUNT BONG SCOT
+29: COT MASH BARR BRIM NAN FLAG
+30: CAN KNEE CAST NAME FOLK BILK</screen>
+
+ <para>Or for OPIE:</para>
+
+ <screen>&prompt.user; <userinput>opiekey -n 5 30 zz99999</userinput>
+Using the MD5 algorithm to compute response.
+Reminder: Don't use opiekey from telnet or dial-in sessions.
+Enter secret pass phrase: <userinput>&lt;secret password&gt;</userinput>
+26: JOAN BORE FOSS DES NAY QUIT
+27: LATE BIAS SLAY FOLK MUCH TRIG
+28: SALT TIN ANTI LOON NEAL USE
+29: RIO ODIN GO BYE FURY TIC
+30: GREW JIVE SAN GIRD BOIL PHI</screen>
+
+ <para>The <option>-n 5</option> requests five keys in sequence, the
+ <option>30</option> specifies what the last iteration number
+ should be. Note that these are printed out in
+ <emphasis>reverse</emphasis> order of eventual use. If you are
+ really paranoid, you might want to write the results down by hand;
+ otherwise you can cut-and-paste into <command>lpr</command>. Note
+ that each line shows both the iteration count and the one-time
+ password; you may still find it handy to scratch off passwords as
+ you use them.</para>
+ </sect2>
+
+ <sect2>
+ <title>Restricting Use of &unix; Passwords</title>
+
+ <para>S/Key can place restrictions on the use of &unix; passwords based
+ on the host name, user name, terminal port, or IP address of a
+ login session. These restrictions can be found in the
+ configuration file <filename>/etc/skey.access</filename>. The
+ &man.skey.access.5; manual page has more information on the complete
+ format of the file and also details some security cautions to be
+ aware of before depending on this file for security.</para>
+
+ <para>If there is no <filename>/etc/skey.access</filename> file
+ (this is the default on &os;&nbsp;4.X systems), then all users will
+ be allowed to use &unix; passwords. If the file exists, however,
+ then all users will be required to use S/Key unless explicitly
+ permitted to do otherwise by configuration statements in the
+ <filename>skey.access</filename> file. In all cases, &unix;
+ passwords are permitted on the console.</para>
+
+ <para>Here is a sample <filename>skey.access</filename> configuration
+ file which illustrates the three most common sorts of configuration
+ statements:</para>
+
+ <programlisting>permit internet 192.168.0.0 255.255.0.0
+permit user fnord
+permit port ttyd0</programlisting>
+
+ <para>The first line (<literal>permit internet</literal>) allows
+ users whose IP source address (which is vulnerable to spoofing)
+ matches the specified value and mask, to use &unix; passwords. This
+ should not be considered a security mechanism, but rather, a means
+ to remind authorized users that they are using an insecure network
+ and need to use S/Key for authentication.</para>
+
+ <para>The second line (<literal>permit user</literal>) allows the
+ specified username, in this case <username>fnord</username>, to use
+ &unix; passwords at any time. Generally speaking, this should only
+ be used for people who are either unable to use the
+ <command>key</command> program, like those with dumb terminals, or
+ those who are ineducable.</para>
+
+ <para>The third line (<literal>permit port</literal>) allows all
+ users logging in on the specified terminal line to use &unix;
+ passwords; this would be used for dial-ups.</para>
+
+ <para>OPIE can restrict the use of &unix; passwords based on the IP
+ address of a login session just like S/Key does. The relevant file
+ is <filename>/etc/opieaccess</filename>, which is present by default
+ on &os;&nbsp;5.0 and newer systems. Please check &man.opieaccess.5;
+ for more information on this file and which security considerations
+ you should be aware of when using it.</para>
+
+ <para>Here is a sample <filename>opieaccess</filename> file:</para>
+
+ <programlisting>permit 192.168.0.0 255.255.0.0</programlisting>
+
+ <para>This line allows users whose IP source address (which is
+ vulnerable to spoofing) matches the specified value and mask,
+ to use &unix; passwords at any time.</para>
+
+ <para>If no rules in <filename>opieaccess</filename> are matched,
+ the default is to deny non-OPIE logins.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="tcpwrappers">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by: </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <indexterm><primary>TCP Wrappers</primary></indexterm>
+
+ <title>TCP Wrappers</title>
+
+ <para>Anyone familiar with &man.inetd.8; has probably heard
+ of <acronym>TCP</acronym> Wrappers at some point. But few
+ individuals seem to fully comprehend its usefulness in a
+ network environment. It seems that everyone wants to
+ install a firewall to handle network connections. While a
+ firewall has a wide variety of uses, there are some things
+ that a firewall not handle such as sending text back to the
+ connection originator. The <acronym>TCP</acronym> software
+ does this and much more. In the next few sections many of
+ the <acronym>TCP</acronym> Wrappers features will be discussed,
+ and, when applicable, example configuration lines will be
+ provided.</para>
+
+ <para>The <acronym>TCP</acronym> Wrappers software extends the
+ abilities of <command>inetd</command> to provide support for
+ every server daemon under its control. Using this method it
+ is possible to provide logging support, return messages to
+ connections, permit a daemon to only accept internal connections,
+ etc. While some of these features can be provided by implementing
+ a firewall, this will add not only an extra layer of protection
+ but go beyond the amount of control a firewall can
+ provide.</para>
+
+ <para>The added functionality of <acronym>TCP</acronym> Wrappers
+ should not be considered a replacement for a good firewall.
+ <acronym>TCP</acronym> Wrappers can be used in conjunction
+ with a firewall or other security enhancements though and
+ it can serve nicely as an extra layer of protection
+ for the system.</para>
+
+ <para>Since this is an extension to the configuration of
+ <command>inetd</command>, the reader is expected have
+ read the <link linkend="network-inetd">inetd configuration</link>
+ section.</para>
+
+ <note>
+ <para>While programs run by &man.inetd.8; are not exactly
+ <quote>daemons</quote>, they have traditionally been called
+ daemons. This is the term we will use in this section too.</para>
+ </note>
+
+ <sect2>
+ <title>Initial Configuration</title>
+
+ <para>The only requirement of using <acronym>TCP</acronym>
+ Wrappers in &os; is to ensure the <command>inetd</command>
+ server is started from <filename>rc.conf</filename> with the
+ <option>-Ww</option> option; this is the default setting. Of
+ course, proper configuration of
+ <filename>/etc/hosts.allow</filename> is also expected, but
+ &man.syslogd.8; will throw messages in the system logs in
+ these cases.</para>
+
+ <note>
+ <para>Unlike other implementations of <acronym>TCP</acronym>
+ Wrappers, the use of <filename>hosts.deny</filename> has
+ been deprecated. All configuration options should be placed
+ in <filename>/etc/hosts.allow</filename>.</para>
+ </note>
+
+ <para>In the simplest configuration, daemon connection policies
+ are set to either be permitted or blocked depending on the
+ options in <filename>/etc/hosts.allow</filename>. The default
+ configuration in &os; is to allow a connection to every daemon
+ started with <command>inetd</command>. Changing this will be
+ discussed only after the basic configuration is covered.</para>
+
+ <para>Basic configuration usually takes the form of
+ <literal>daemon : address : action</literal>. Where
+ <literal>daemon</literal> is the daemon name which
+ <command>inetd</command> started. The
+ <literal>address</literal> can be a valid hostname, an
+ <acronym>IP</acronym> address or an IPv6 address enclosed in
+ brackets ([&nbsp;]). The action field can be either allow
+ or deny to grant or deny access appropriately. Keep in mind
+ that configuration works off a first rule match semantic,
+ meaning that the configuration file is scanned in ascending
+ order for a matching rule. When a match is found the rule
+ is applied and the search process will halt.</para>
+
+ <para>Several other options exist but they will be explained
+ in a later section. A simple configuration line may easily be
+ constructed from that information alone. For example, to
+ allow <acronym>POP</acronym>3 connections via the
+ <filename role="package">mail/qpopper</filename> daemon,
+ the following lines should be appended to
+ <filename>hosts.allow</filename>:</para>
+
+ <programlisting># This line is required for POP3 connections:
+qpopper : ALL : allow</programlisting>
+
+ <para>After adding this line, <command>inetd</command> will need
+ restarted. This can be accomplished by use of the &man.kill.1;
+ command, or with the <parameter>restart</parameter> parameter
+ with <filename>/etc/rc.d/inetd</filename>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Advanced Configuration</title>
+
+ <para><acronym>TCP</acronym> Wrappers has advanced
+ options too; they will allow for more control over the
+ way connections are handled. In some cases it may be
+ a good idea to return a comment to certain hosts or
+ daemon connections. In other cases, perhaps a log file
+ should be recorded or an email sent to the administrator.
+ Other situations may require the use of a service for local
+ connections only. This is all possible through the use of
+ configuration options known as <literal>wildcards</literal>,
+ expansion characters and external command execution. The
+ next two sections are written to cover these situations.</para>
+
+ <sect3>
+ <title>External Commands</title>
+
+ <para>Suppose that a situation occurs where a connection
+ should be denied yet a reason should be sent to the
+ individual who attempted to establish that connection. How
+ could it be done? That action can be made possible by
+ using the <option>twist</option> option. When a connection
+ attempt is made, <option>twist</option> will be called to
+ execute a shell command or script. An example already exists
+ in the <filename>hosts.allow</filename> file:</para>
+
+ <programlisting># The rest of the daemons are protected.
+ALL : ALL \
+ : severity auth.info \
+ : twist /bin/echo "You are not welcome to use %d from %h."</programlisting>
+
+ <para>This example shows that the message,
+ <quote>You are not allowed to use <literal>daemon</literal>
+ from <literal>hostname</literal>.</quote> will be returned
+ for any daemon not previously configured in the access file.
+ This is extremely useful for sending a reply back to the
+ connection initiator right after the established connection
+ is dropped. Note that any message returned
+ <emphasis>must</emphasis> be wrapped in quote
+ <literal>"</literal> characters; there are no exceptions to
+ this rule.</para>
+
+ <warning>
+ <para>It may be possible to launch a denial of service attack
+ on the server if an attacker, or group of attackers could
+ flood these daemons with connection requests.</para>
+ </warning>
+
+ <para>Another possibility is to use the <option>spawn</option>
+ option in these cases. Like <option>twist</option>, the
+ <option>spawn</option> implicitly denies the connection and
+ may be used to run external shell commands or scripts.
+ Unlike <option>twist</option>, <option>spawn</option> will
+ not send a reply back to the individual who established the
+ connection. For an example, consider the following
+ configuration line:</para>
+
+ <programlisting># We do not allow connections from example.com:
+ALL : .example.com \
+ : spawn (/bin/echo %a from %h attempted to access %d &gt;&gt; \
+ /var/log/connections.log) \
+ : deny</programlisting>
+
+ <para>This will deny all connection attempts from the
+ <hostid role="fqdn">*.example.com</hostid> domain;
+ simultaneously logging the hostname, <acronym>IP</acronym>
+ address and the daemon which they attempted to access in the
+ <filename>/var/log/connections.log</filename> file.</para>
+
+ <para>Aside from the already explained substitution characters
+ above, e.g. %a, a few others exist. See the
+ &man.hosts.access.5; manual page for the complete list.</para>
+ </sect3>
+
+ <sect3>
+ <title>Wildcard Options</title>
+
+ <para>Thus far the <literal>ALL</literal> example has been used
+ continuously throughout the examples. Other options exist
+ which could extend the functionality a bit further. For
+ instance, <literal>ALL</literal> may be used to match every
+ instance of either a daemon, domain or an
+ <acronym>IP</acronym> address. Another wildcard available is
+ <literal>PARANOID</literal> which may be used to match any
+ host which provides an <acronym>IP</acronym> address that may
+ be forged. In other words, <literal>paranoid</literal> may
+ be used to define an action to be taken whenever a connection
+ is made from an <acronym>IP</acronym> address that differs
+ from its hostname. The following example may shed some more
+ light on this discussion:</para>
+
+ <programlisting># Block possibly spoofed requests to sendmail:
+sendmail : PARANOID : deny</programlisting>
+
+ <para>In that example all connection requests to
+ <command>sendmail</command> which have an
+ <acronym>IP</acronym> address that varies from its hostname
+ will be denied.</para>
+
+ <caution>
+ <para>Using the <literal>PARANOID</literal> may severely
+ cripple servers if the client or server has a broken
+ <acronym>DNS</acronym> setup. Administrator discretion
+ is advised.</para>
+ </caution>
+
+ <para>To learn more about wildcards and their associated
+ functionality, see the &man.hosts.access.5; manual
+ page.</para>
+
+ <para>Before any of the specific configuration lines above will
+ work, the first configuration line should be commented out
+ in <filename>hosts.allow</filename>. This was noted at the
+ beginning of this section.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="kerberosIV">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Mark</firstname>
+ <surname>Murray</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Mark</firstname>
+ <surname>Dapoz</surname>
+ <contrib>Based on a contribution by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title><application>KerberosIV</application></title>
+
+ <para>Kerberos is a network add-on system/protocol that allows users to
+ authenticate themselves through the services of a secure server.
+ Services such as remote login, remote copy, secure inter-system file
+ copying and other high-risk tasks are made considerably safer and more
+ controllable.</para>
+
+ <para>The following instructions can be used as a guide on how to set up
+ Kerberos as distributed for &os;. However, you should refer to the
+ relevant manual pages for a complete description.</para>
+
+ <sect2>
+ <title>Installing <application>KerberosIV</application></title>
+
+ <indexterm><primary>MIT</primary></indexterm>
+ <indexterm>
+ <primary>KerberosIV</primary>
+ <secondary>installing</secondary>
+ </indexterm>
+ <para>Kerberos is an optional component of &os;. The easiest
+ way to install this software is by selecting the <literal>krb4</literal> or
+ <literal>krb5</literal> distribution in <application>sysinstall</application>
+ during the initial installation of &os;. This will install
+ the <quote>eBones</quote> (KerberosIV) or <quote>Heimdal</quote> (Kerberos5)
+ implementation of Kerberos. These implementations are
+ included because they are developed outside the USA/Canada and
+ were thus available to system owners outside those countries
+ during the era of restrictive export controls on cryptographic
+ code from the USA.</para>
+
+ <para>Alternatively, the MIT implementation of Kerberos is
+ available from the Ports Collection as
+ <filename role="package">security/krb5</filename>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Creating the Initial Database</title>
+
+ <para>This is done on the Kerberos server only. First make sure that
+ you do not have any old Kerberos databases around. You should change
+ to the directory <filename>/etc/kerberosIV</filename> and check that
+ only the following files are present:</para>
+
+ <screen>&prompt.root; <userinput>cd /etc/kerberosIV</userinput>
+&prompt.root; <userinput>ls</userinput>
+README krb.conf krb.realms</screen>
+
+ <para>If any additional files (such as <filename>principal.*</filename>
+ or <filename>master_key</filename>) exist, then use the
+ <command>kdb_destroy</command> command to destroy the old Kerberos
+ database, or if Kerberos is not running, simply delete the extra
+ files.</para>
+
+ <para>You should now edit the <filename>krb.conf</filename> and
+ <filename>krb.realms</filename> files to define your Kerberos realm.
+ In this case the realm will be <literal>EXAMPLE.COM</literal> and the
+ server is <hostid role="fqdn">grunt.example.com</hostid>. We edit
+ or create the <filename>krb.conf</filename> file:</para>
+
+ <screen>&prompt.root; <userinput>cat krb.conf</userinput>
+EXAMPLE.COM
+EXAMPLE.COM grunt.example.com admin server
+CS.BERKELEY.EDU okeeffe.berkeley.edu
+ATHENA.MIT.EDU kerberos.mit.edu
+ATHENA.MIT.EDU kerberos-1.mit.edu
+ATHENA.MIT.EDU kerberos-2.mit.edu
+ATHENA.MIT.EDU kerberos-3.mit.edu
+LCS.MIT.EDU kerberos.lcs.mit.edu
+TELECOM.MIT.EDU bitsy.mit.edu
+ARC.NASA.GOV trident.arc.nasa.gov</screen>
+
+ <para>In this case, the other realms do not need to be there. They are
+ here as an example of how a machine may be made aware of multiple
+ realms. You may wish to not include them for simplicity.</para>
+
+ <para>The first line names the realm in which this system works. The
+ other lines contain realm/host entries. The first item on a line is a
+ realm, and the second is a host in that realm that is acting as a
+ <quote>key distribution center</quote>. The words <literal>admin
+ server</literal> following a host's name means that host also
+ provides an administrative database server. For further explanation
+ of these terms, please consult the Kerberos manual pages.</para>
+
+ <para>Now we have to add <hostid role="fqdn">grunt.example.com</hostid>
+ to the <literal>EXAMPLE.COM</literal> realm and also add an entry to
+ put all hosts in the <hostid role="domainname">.example.com</hostid>
+ domain in the <literal>EXAMPLE.COM</literal> realm. The
+ <filename>krb.realms</filename> file would be updated as
+ follows:</para>
+
+ <screen>&prompt.root; <userinput>cat krb.realms</userinput>
+grunt.example.com EXAMPLE.COM
+.example.com EXAMPLE.COM
+.berkeley.edu CS.BERKELEY.EDU
+.MIT.EDU ATHENA.MIT.EDU
+.mit.edu ATHENA.MIT.EDU</screen>
+
+ <para>Again, the other realms do not need to be there. They are here as
+ an example of how a machine may be made aware of multiple realms. You
+ may wish to remove them to simplify things.</para>
+
+ <para>The first line puts the <emphasis>specific</emphasis> system into
+ the named realm. The rest of the lines show how to default systems of
+ a particular subdomain to a named realm.</para>
+
+ <para>Now we are ready to create the database. This only needs to run
+ on the Kerberos server (or Key Distribution Center). Issue the
+ <command>kdb_init</command> command to do this:</para>
+
+ <screen>&prompt.root; <userinput>kdb_init</userinput>
+<prompt>Realm name [default ATHENA.MIT.EDU ]:</prompt> <userinput>EXAMPLE.COM</userinput>
+You will be prompted for the database Master Password.
+It is important that you NOT FORGET this password.
+
+<prompt>Enter Kerberos master key:</prompt> </screen>
+
+ <para>Now we have to save the key so that servers on the local machine
+ can pick it up. Use the <command>kstash</command> command to do
+ this:</para>
+
+ <screen>&prompt.root; <userinput>kstash</userinput>
+
+<prompt>Enter Kerberos master key:</prompt>
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!</screen>
+
+ <para>This saves the encrypted master password in
+ <filename>/etc/kerberosIV/master_key</filename>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Making It All Run</title>
+
+ <indexterm>
+ <primary>KerberosIV</primary>
+ <secondary>initial startup</secondary>
+ </indexterm>
+
+ <para>Two principals need to be added to the database for
+ <emphasis>each</emphasis> system that will be secured with Kerberos.
+ Their names are <literal>kpasswd</literal> and <literal>rcmd</literal>.
+ These two principals are made for each system, with the instance being
+ the name of the individual system.</para>
+
+ <para>These daemons, <application>kpasswd</application> and
+ <application>rcmd</application> allow other systems to change Kerberos
+ passwords and run commands like &man.rcp.1;,
+ &man.rlogin.1; and &man.rsh.1;.</para>
+
+ <para>Now let us add these entries:</para>
+
+ <screen>&prompt.root; <userinput>kdb_edit</userinput>
+Opening database...
+
+<prompt>Enter Kerberos master key:</prompt>
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+Previous or default values are in [brackets] ,
+enter return to leave the same, or new value.
+
+<prompt>Principal name:</prompt> <userinput>passwd</userinput>
+<prompt>Instance:</prompt> <userinput>grunt</userinput>
+
+&lt;Not found&gt;, <prompt>Create [y] ?</prompt> <userinput>y</userinput>
+
+Principal: passwd, Instance: grunt, kdc_key_ver: 1
+<prompt>New Password:</prompt> &lt;---- enter RANDOM here
+Verifying password
+
+<prompt>New Password:</prompt> &lt;---- enter RANDOM here
+
+<prompt>Random password [y] ?</prompt> <userinput>y</userinput>
+
+Principal's new key version = 1
+<prompt>Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?</prompt>
+<prompt>Max ticket lifetime (*5 minutes) [ 255 ] ?</prompt>
+<prompt>Attributes [ 0 ] ?</prompt>
+Edit O.K.
+<prompt>Principal name:</prompt> <userinput>rcmd</userinput>
+<prompt>Instance:</prompt> <userinput>grunt</userinput>
+
+&lt;Not found&gt;, <prompt>Create [y] ?</prompt>
+
+Principal: rcmd, Instance: grunt, kdc_key_ver: 1
+<prompt>New Password:</prompt> &lt;---- enter RANDOM here
+Verifying password
+
+<prompt>New Password:</prompt> &lt;---- enter RANDOM here
+
+<prompt>Random password [y] ?</prompt>
+
+Principal's new key version = 1
+<prompt>Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?</prompt>
+<prompt>Max ticket lifetime (*5 minutes) [ 255 ] ?</prompt>
+<prompt>Attributes [ 0 ] ?</prompt>
+Edit O.K.
+<prompt>Principal name:</prompt> &lt;---- null entry here will cause an exit</screen>
+ </sect2>
+
+ <sect2>
+ <title>Creating the Server File</title>
+
+ <para>We now have to extract all the instances which define the
+ services on each machine. For this we use the
+ <command>ext_srvtab</command> command. This will create a file
+ which must be copied or moved <emphasis>by secure
+ means</emphasis> to each Kerberos client's
+ <filename>/etc/kerberosIV</filename> directory. This file must
+ be present on each server and client, and is crucial to the
+ operation of Kerberos.</para>
+
+
+ <screen>&prompt.root; <userinput>ext_srvtab grunt</userinput>
+<prompt>Enter Kerberos master key:</prompt>
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+Generating 'grunt-new-srvtab'....</screen>
+
+ <para>Now, this command only generates a temporary file which must be
+ renamed to <filename>srvtab</filename> so that all the servers can pick
+ it up. Use the &man.mv.1; command to move it into place on
+ the original system:</para>
+
+ <screen>&prompt.root; <userinput>mv grunt-new-srvtab srvtab</userinput></screen>
+
+ <para>If the file is for a client system, and the network is not deemed
+ safe, then copy the
+ <filename><replaceable>client</replaceable>-new-srvtab</filename> to
+ removable media and transport it by secure physical means. Be sure to
+ rename it to <filename>srvtab</filename> in the client's
+ <filename>/etc/kerberosIV</filename> directory, and make sure it is
+ mode 600:</para>
+
+ <screen>&prompt.root; <userinput>mv grumble-new-srvtab srvtab</userinput>
+&prompt.root; <userinput>chmod 600 srvtab</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Populating the Database</title>
+
+ <para>We now have to add some user entries into the database. First
+ let us create an entry for the user <username>jane</username>. Use the
+ <command>kdb_edit</command> command to do this:</para>
+
+ <screen>&prompt.root; <userinput>kdb_edit</userinput>
+Opening database...
+
+<prompt>Enter Kerberos master key:</prompt>
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+Previous or default values are in [brackets] ,
+enter return to leave the same, or new value.
+
+<prompt>Principal name:</prompt> <userinput>jane</userinput>
+<prompt>Instance:</prompt>
+
+&lt;Not found&gt;, <prompt>Create [y] ?</prompt> <userinput>y</userinput>
+
+Principal: jane, Instance: , kdc_key_ver: 1
+<prompt>New Password:</prompt> &lt;---- enter a secure password here
+Verifying password
+
+<prompt>New Password:</prompt> &lt;---- re-enter the password here
+Principal's new key version = 1
+<prompt>Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?</prompt>
+<prompt>Max ticket lifetime (*5 minutes) [ 255 ] ?</prompt>
+<prompt>Attributes [ 0 ] ?</prompt>
+Edit O.K.
+<prompt>Principal name:</prompt> &lt;---- null entry here will cause an exit</screen>
+ </sect2>
+
+ <sect2>
+ <title>Testing It All Out</title>
+
+ <para>First we have to start the Kerberos daemons. Note that if you
+ have correctly edited your <filename>/etc/rc.conf</filename> then this
+ will happen automatically when you reboot. This is only necessary on
+ the Kerberos server. Kerberos clients will automatically get what
+ they need from the <filename>/etc/kerberosIV</filename>
+ directory.</para>
+
+ <screen>&prompt.root; <userinput>kerberos &amp;</userinput>
+Kerberos server starting
+Sleep forever on error
+Log file is /var/log/kerberos.log
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+
+Current Kerberos master key version is 1
+Local realm: EXAMPLE.COM
+&prompt.root; <userinput>kadmind -n &amp;</userinput>
+KADM Server KADM0.0A initializing
+Please do not use 'kill -9' to kill this job, use a
+regular kill instead
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!</screen>
+
+ <para>Now we can try using the <command>kinit</command> command to get a
+ ticket for the ID <username>jane</username> that we created
+ above:</para>
+
+ <screen>&prompt.user; <userinput>kinit jane</userinput>
+MIT Project Athena (grunt.example.com)
+Kerberos Initialization for "jane"
+<prompt>Password:</prompt> </screen>
+
+ <para>Try listing the tokens using <command>klist</command> to see if we
+ really have them:</para>
+
+ <screen>&prompt.user; <userinput>klist</userinput>
+Ticket file: /tmp/tkt245
+Principal: jane@EXAMPLE.COM
+
+ Issued Expires Principal
+Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.EXAMPLE.COM@EXAMPLE.COM</screen>
+
+ <para>Now try changing the password using &man.passwd.1; to
+ check if the <application>kpasswd</application> daemon can get
+ authorization to the Kerberos database:</para>
+
+ <screen>&prompt.user; <userinput>passwd</userinput>
+realm EXAMPLE.COM
+<prompt>Old password for jane:</prompt>
+<prompt>New Password for jane:</prompt>
+Verifying password
+<prompt>New Password for jane:</prompt>
+Password changed.</screen>
+ </sect2>
+
+ <sect2>
+ <title>Adding <command>su</command> Privileges</title>
+
+ <para>Kerberos allows us to give <emphasis>each</emphasis> user
+ who needs <username>root</username> privileges their own
+ <emphasis>separate</emphasis> &man.su.1; password.
+ We could now add an ID which is authorized to
+ &man.su.1; to <username>root</username>. This is
+ controlled by having an instance of <username>root</username>
+ associated with a principal. Using <command>kdb_edit</command>
+ we can create the entry <literal>jane.root</literal> in the
+ Kerberos database:</para>
+
+ <screen>&prompt.root; <userinput>kdb_edit</userinput>
+Opening database...
+
+<prompt>Enter Kerberos master key:</prompt>
+
+Current Kerberos master key version is 1.
+
+Master key entered. BEWARE!
+Previous or default values are in [brackets] ,
+enter return to leave the same, or new value.
+
+<prompt>Principal name:</prompt> <userinput>jane</userinput>
+<prompt>Instance:</prompt> <userinput>root</userinput>
+
+&lt;Not found&gt;, Create [y] ? y
+
+Principal: jane, Instance: root, kdc_key_ver: 1
+<prompt>New Password:</prompt> &lt;---- enter a SECURE password here
+Verifying password
+
+<prompt>New Password:</prompt> &lt;---- re-enter the password here
+
+Principal's new key version = 1
+<prompt>Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ?</prompt>
+<prompt>Max ticket lifetime (*5 minutes) [ 255 ] ?</prompt> <userinput>12</userinput> &lt;--- Keep this short!
+<prompt>Attributes [ 0 ] ?</prompt>
+Edit O.K.
+<prompt>Principal name:</prompt> &lt;---- null entry here will cause an exit</screen>
+
+ <para>Now try getting tokens for it to make sure it works:</para>
+
+ <screen>&prompt.root; <userinput>kinit jane.root</userinput>
+MIT Project Athena (grunt.example.com)
+Kerberos Initialization for "jane.root"
+<prompt>Password:</prompt></screen>
+
+ <para>Now we need to add the user to <username>root</username>'s
+ <filename>.klogin</filename> file:</para>
+
+ <screen>&prompt.root; <userinput>cat /root/.klogin</userinput>
+jane.root@EXAMPLE.COM</screen>
+
+ <para>Now try doing the &man.su.1;:</para>
+
+ <screen>&prompt.user; <userinput>su</userinput>
+<prompt>Password:</prompt></screen>
+
+ <para>and take a look at what tokens we have:</para>
+
+ <screen>&prompt.root; <userinput>klist</userinput>
+Ticket file: /tmp/tkt_root_245
+Principal: jane.root@EXAMPLE.COM
+
+ Issued Expires Principal
+May 2 20:43:12 May 3 04:43:12 krbtgt.EXAMPLE.COM@EXAMPLE.COM</screen>
+ </sect2>
+
+ <sect2>
+ <title>Using Other Commands</title>
+
+ <para>In an earlier example, we created a principal called
+ <literal>jane</literal> with an instance <literal>root</literal>.
+ This was based on a user with the same name as the principal, and this
+ is a Kerberos default; that a
+ <literal>&lt;principal&gt;.&lt;instance&gt;</literal> of the form
+ <literal>&lt;username&gt;.</literal><username>root</username> will allow
+ that <literal>&lt;username&gt;</literal> to &man.su.1; to
+ <username>root</username> if the necessary entries are in the
+ <filename>.klogin</filename> file in <username>root</username>'s
+ home directory:</para>
+
+ <screen>&prompt.root; <userinput>cat /root/.klogin</userinput>
+jane.root@EXAMPLE.COM</screen>
+
+ <para>Likewise, if a user has in their own home directory lines of the
+ form:</para>
+
+ <screen>&prompt.user; <userinput>cat ~/.klogin</userinput>
+jane@EXAMPLE.COM
+jack@EXAMPLE.COM</screen>
+
+ <para>This allows anyone in the <literal>EXAMPLE.COM</literal> realm
+ who has authenticated themselves as <username>jane</username> or
+ <username>jack</username> (via <command>kinit</command>, see above)
+ to access to <username>jane</username>'s
+ account or files on this system (<hostid>grunt</hostid>) via
+ &man.rlogin.1;, &man.rsh.1; or
+ &man.rcp.1;.</para>
+
+ <para>For example, <username>jane</username> now logs into another system using
+ Kerberos:</para>
+
+ <screen>&prompt.user; <userinput>kinit</userinput>
+MIT Project Athena (grunt.example.com)
+<prompt>Password:</prompt>
+&prompt.user; <userinput>rlogin grunt</userinput>
+Last login: Mon May 1 21:14:47 from grumble
+Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+
+FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
+
+ <para>Or <username>jack</username> logs into <username>jane</username>'s account on the same machine
+ (<username>jane</username> having
+ set up the <filename>.klogin</filename> file as above, and the person
+ in charge of Kerberos having set up principal
+ <emphasis>jack</emphasis> with a null instance):</para>
+
+ <screen>&prompt.user; <userinput>kinit</userinput>
+&prompt.user; <userinput>rlogin grunt -l jane</userinput>
+MIT Project Athena (grunt.example.com)
+<prompt>Password:</prompt>
+Last login: Mon May 1 21:16:55 from grumble
+Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
+ </sect2>
+ </sect1>
+
+ <sect1 id="kerberos5">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tillman</firstname>
+ <surname>Hodgson</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Mark</firstname>
+ <surname>Murray</surname>
+ <contrib>Based on a contribution by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title><application>Kerberos5</application></title>
+
+ <para>Every &os; release beyond &os;-5.1 includes support
+ only for <application>Kerberos5</application>. Hence
+ <application>Kerberos5</application> is the only version
+ included, and its configuration is similar in many aspects
+ to that of <application>KerberosIV</application>. The following
+ information only applies to
+ <application>Kerberos5</application> in post &os;-5.0
+ releases. Users who wish to use the
+ <application>KerberosIV</application> package may install the
+ <filename role="package">security/krb4</filename> port.</para>
+
+ <para><application>Kerberos</application> is a network add-on
+ system/protocol that allows users to authenticate themselves
+ through the services of a secure server. Services such as remote
+ login, remote copy, secure inter-system file copying and other
+ high-risk tasks are made considerably safer and more
+ controllable.</para>
+
+ <para><application>Kerberos</application> can be described as an
+ identity-verifying proxy system. It can also be described as a
+ trusted third-party authentication system.
+ <application>Kerberos</application> provides only one
+ function &mdash; the secure authentication of users on the network.
+ It does not provide authorization functions (what users are
+ allowed to do) or auditing functions (what those users did).
+ After a client and server have used
+ <application>Kerberos</application> to prove their identity, they
+ can also encrypt all of their communications to assure privacy
+ and data integrity as they go about their business.</para>
+
+ <para>Therefore it is highly recommended that
+ <application>Kerberos</application> be used with other security
+ methods which provide authorization and audit services.</para>
+
+ <para>The following instructions can be used as a guide on how to set
+ up <application>Kerberos</application> as distributed for &os;.
+ However, you should refer to the relevant manual pages for a complete
+ description.</para>
+
+ <para>For purposes of demonstrating a <application>Kerberos</application>
+ installation, the various name spaces will be handled as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <acronym>DNS</acronym> domain (<quote>zone</quote>)
+ will be example.org.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <application>Kerberos</application> realm will be
+ EXAMPLE.ORG.</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <para>Please use real domain names when setting up
+ <application>Kerberos</application> even if you intend to run
+ it internally. This avoids <acronym>DNS</acronym> problems
+ and assures inter-operation with other
+ <application>Kerberos</application> realms.</para>
+ </note>
+
+ <sect2>
+ <title>History</title>
+ <indexterm>
+ <primary>Kerberos5</primary>
+ <secondary>history</secondary>
+ </indexterm>
+
+ <para><application>Kerberos</application> was created by
+ <acronym>MIT</acronym> as a solution to network security problems.
+ The <application>Kerberos</application> protocol uses strong
+ cryptography so that a client can prove its identity to a server
+ (and vice versa) across an insecure network connection.</para>
+
+ <para><application>Kerberos</application> is both the name of a
+ network authentication protocol and an adjective to describe
+ programs that implement the program
+ (<application>Kerberos</application> telnet, for example). The
+ current version of the protocol is version 5, described in
+ <acronym>RFC</acronym>&nbsp;1510.</para>
+
+ <para>Several free implementations of this protocol are available,
+ covering a wide range of operating systems. The Massachusetts
+ Institute of Technology (<acronym>MIT</acronym>), where
+ <application>Kerberos</application> was originally developed,
+ continues to develop their <application>Kerberos</application>
+ package. It is commonly used in the <acronym>US</acronym>
+ as a cryptography product, as such it
+ has historically been affected by <acronym>US</acronym> export
+ regulations. The <acronym>MIT</acronym>
+ <application>Kerberos</application> is available as a port
+ (<filename role="package">security/krb5</filename>). Heimdal
+ <application>Kerberos</application> is another version 5
+ implementation, and was explicitly developed outside of the
+ <acronym>US</acronym> to avoid export
+ regulations (and is thus often included in non-commercial &unix;
+ variants). The Heimdal <application>Kerberos</application>
+ distribution is available as a port
+ (<filename role="package">security/heimdal</filename>), and a
+ minimal installation of it is included in the base &os;
+ install.</para>
+
+ <para>In order to reach the widest audience, these instructions assume
+ the use of the Heimdal distribution included in &os;.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Setting up a Heimdal <acronym>KDC</acronym></title>
+ <indexterm>
+ <primary>Kerberos5</primary>
+ <secondary>Key Distribution Center</secondary>
+ </indexterm>
+
+ <para>The Key Distribution Center (<acronym>KDC</acronym>) is the
+ centralized authentication service that
+ <application>Kerberos</application> provides &mdash; it is the
+ computer that issues <application>Kerberos</application> tickets.
+ The <acronym>KDC</acronym> is considered <quote>trusted</quote> by
+ all other computers in the <application>Kerberos</application>
+ realm, and thus has heightened security concerns.</para>
+
+ <para>Note that while running the <application>Kerberos</application>
+ server requires very few computing resources, a dedicated machine
+ acting only as a <acronym>KDC</acronym> is recommended for security
+ reasons.</para>
+
+ <para>To begin setting up a <acronym>KDC</acronym>, ensure that your
+ <filename>/etc/rc.conf</filename> file contains the correct
+ settings to act as a <acronym>KDC</acronym> (you may need to adjust
+ paths to reflect your own system):</para>
+
+ <programlisting>kerberos5_server_enable="YES"
+kadmind5_server_enable="YES"
+kerberos_stash="YES"</programlisting>
+
+ <note>
+ <para>The <option>kerberos_stash</option> is only available in
+ &os;&nbsp;4.X.</para>
+ </note>
+
+ <para>Next we will set up your <application>Kerberos</application>
+ config file, <filename>/etc/krb5.conf</filename>:</para>
+
+ <programlisting>[libdefaults]
+ default_realm = EXAMPLE.ORG
+[realms]
+ EXAMPLE.ORG = {
+ kdc = kerberos.example.org
+ admin_server = kerberos.example.org
+ }
+[domain_realm]
+ .example.org = EXAMPLE.ORG</programlisting>
+
+ <para>Note that this <filename>/etc/krb5.conf</filename> file implies
+ that your <acronym>KDC</acronym> will have the fully-qualified
+ hostname of <hostid role="fqdn">kerberos.example.org</hostid>.
+ You will need to add a CNAME (alias) entry to your zone file to
+ accomplish this if your <acronym>KDC</acronym> has a different
+ hostname.</para>
+
+ <note>
+ <para>For large networks with a properly configured
+ <acronym>BIND</acronym> <acronym>DNS</acronym> server, the
+ above example could be trimmed to:</para>
+
+ <programlisting>[libdefaults]
+ default_realm = EXAMPLE.ORG</programlisting>
+
+ <para>With the following lines being appended to the
+ <hostid role="fqdn">example.org</hostid> zonefile:</para>
+
+ <programlisting>_kerberos._udp IN SRV 01 00 88 kerberos.example.org.
+_kerberos._tcp IN SRV 01 00 88 kerberos.example.org.
+_kpasswd._udp IN SRV 01 00 464 kerberos.example.org.
+_kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org.
+_kerberos IN TXT EXAMPLE.ORG</programlisting></note>
+
+ <note>
+ <para>For clients to be able to find the
+ <application>Kerberos</application> services, you
+ <emphasis>must</emphasis> have either a fully configured
+ <filename>/etc/krb5.conf</filename> or a miminally configured
+ <filename>/etc/krb5.conf</filename> <emphasis>and</emphasis> a
+ properly configured DNS server.</para>
+ </note>
+
+ <para>Next we will create the <application>Kerberos</application>
+ database. This database contains the keys of all principals encrypted
+ with a master password. You are not
+ required to remember this password, it will be stored in a file
+ (<filename>/var/heimdal/m-key</filename>). To create the master
+ key, run <command>kstash</command> and enter a password.</para>
+
+ <para>Once the master key has been created, you can initialize the
+ database using the <command>kadmin</command> program with the
+ <literal>-l</literal> option (standing for <quote>local</quote>).
+ This option instructs <command>kadmin</command> to modify the
+ database files directly rather than going through the
+ <command>kadmind</command> network service. This handles the
+ chicken-and-egg problem of trying to connect to the database
+ before it is created. Once you have the <command>kadmin</command>
+ prompt, use the <command>init</command> command to create your
+ realms initial database.</para>
+
+ <para>Lastly, while still in <command>kadmin</command>, create your
+ first principal using the <command>add</command> command. Stick
+ to the defaults options for the principal for now, you can always
+ change them later with the <command>modify</command> command.
+ Note that you can use the <literal>?</literal> command at any
+ prompt to see the available options.</para>
+
+ <para>A sample database creation session is shown below:</para>
+
+ <screen>&prompt.root; <userinput>kstash</userinput>
+Master key: <userinput>xxxxxxxx</userinput>
+Verifying password - Master key: <userinput>xxxxxxxx</userinput>
+
+&prompt.root; <userinput>kadmin -l</userinput>
+kadmin> <userinput>init EXAMPLE.ORG</userinput>
+Realm max ticket life [unlimited]:
+kadmin> <userinput>add tillman</userinput>
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Attributes []:
+Password: <userinput>xxxxxxxx</userinput>
+Verifying password - Password: <userinput>xxxxxxxx</userinput></screen>
+
+ <para>Now it is time to start up the <acronym>KDC</acronym> services.
+ Run <command>/etc/rc.d/kerberos start</command> and
+ <command>/etc/rc.d/kadmind start</command> to bring up the
+ services. Note that you will not have any kerberized daemons running
+ at this point but you should be able to confirm the that the
+ <acronym>KDC</acronym> is functioning by obtaining and listing a
+ ticket for the principal (user) that you just created from the
+ command-line of the <acronym>KDC</acronym> itself:</para>
+
+ <screen>&prompt.user; <userinput>k5init <replaceable>tillman</replaceable></userinput>
+tillman@EXAMPLE.ORG's Password:
+
+&prompt.user; <userinput>k5list</userinput>
+Credentials cache: FILE:<filename>/tmp/krb5cc_500</filename>
+ Principal: tillman@EXAMPLE.ORG
+
+ Issued Expires Principal
+Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/EXAMPLE.ORG@EXAMPLE.ORG</screen>
+
+ </sect2>
+
+ <sect2>
+ <title><application>Kerberos</application> enabling a server with
+ Heimdal services</title>
+
+ <indexterm>
+ <primary>Kerberos5</primary>
+ <secondary>enabling services</secondary>
+ </indexterm>
+
+ <para>First, we need a copy of the <application>Kerberos</application>
+ configuration file, <filename>/etc/krb5.conf</filename>. To do
+ so, simply copy it over to the client computer from the
+ <acronym>KDC</acronym> in a secure fashion (using network utilities,
+ such as &man.scp.1;, or physically via a
+ floppy disk).</para>
+
+ <para>Next you need a <filename>/etc/krb5.keytab</filename> file.
+ This is the major difference between a server providing
+ <application>Kerberos</application> enabled daemons and a
+ workstation &mdash; the server must have a
+ <filename>keytab</filename> file. This file
+ contains the servers host key, which allows it and the
+ <acronym>KDC</acronym> to verify each others identity. It
+ must be transmitted to the server in a secure fashion, as the
+ security of the server can be broken if the key is made public.
+ This explicitly means that transferring it via a clear text
+ channel, such as <acronym>FTP</acronym>, is a very bad idea.</para>
+
+ <para>Typically, you transfer to the <filename>keytab</filename>
+ to the server using the <command>kadmin</command> program.
+ This is handy because you also need to create the host principal
+ (the <acronym>KDC</acronym> end of the
+ <filename>krb5.keytab</filename>) using
+ <command>kadmin</command>.</para>
+
+ <para>Note that you must have already obtained a ticket and that this
+ ticket must be allowed to use the <command>kadmin</command>
+ interface in the <filename>kadmind.acl</filename>. See the section
+ titled <quote>Remote administration</quote> in the Heimdal info
+ pages (<command>info heimdal</command>) for details on designing
+ access control lists. If you do not want to enable remote
+ <command>kadmin</command> access, you can simply securely connect
+ to the <acronym>KDC</acronym> (via local console,
+ &man.ssh.1; or <application>Kerberos</application>
+ &man.telnet.1;) and perform administration locally
+ using <command>kadmin -l</command>.</para>
+
+ <para>After installing the <filename>/etc/krb5.conf</filename> file,
+ you can use <command>kadmin</command> from the
+ <application>Kerberos</application> server. The
+ <command>add --random-key</command> command will let you add the
+ servers host principal, and the <command>ext</command> command
+ will allow you to extract the servers host principal to its own
+ keytab. For example:</para>
+
+ <screen>&prompt.root; <userinput>kadmin</userinput>
+kadmin><userinput> add --random-key host/myserver.example.org</userinput>
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Attributes []:
+kadmin><userinput> ext host/myserver.example.org</userinput>
+kadmin><userinput> exit</userinput></screen>
+
+ <para>Note that the <command>ext</command> command (short for
+ <quote>extract</quote>) stores the extracted key in
+ <filename>/etc/krb5.keytab</filename> by default.</para>
+
+ <para>If you do not have <command>kadmind</command> running on the
+ <acronym>KDC</acronym> (possibly for security reasons) and thus
+ do not have access to <command>kadmin</command> remotely, you
+ can add the host principal
+ (<username>host/myserver.EXAMPLE.ORG</username>) directly on the
+ <acronym>KDC</acronym> and then extract it to a temporary file
+ (to avoid over-writing the <filename>/etc/krb5.keytab</filename>
+ on the <acronym>KDC</acronym>) using something like this:</para>
+
+ <screen>&prompt.root; <userinput>kadmin</userinput>
+kadmin><userinput> ext --keytab=/tmp/example.keytab host/myserver.example.org</userinput>
+kadmin><userinput> exit</userinput></screen>
+
+ <para>You can then securely copy the keytab to the server
+ computer (using <command>scp</command> or a floppy, for
+ example). Be sure to specify a non-default keytab name
+ to avoid over-writing the keytab on the
+ <acronym>KDC</acronym>.</para>
+
+ <para>At this point your server can communicate with the
+ <acronym>KDC</acronym> (due to its <filename>krb5.conf</filename>
+ file) and it can prove its own identity (due to the
+ <filename>krb5.keytab</filename> file). It is now ready for
+ you to enable some <application>Kerberos</application> services.
+ For this example we will enable the <command>telnet</command>
+ service by putting a line like this into your
+ <filename>/etc/inetd.conf</filename> and then restarting the
+ &man.inetd.8; service with
+ <command>/etc/rc.d/inetd restart</command>:</para>
+
+ <programlisting>telnet stream tcp nowait root /usr/libexec/telnetd telnetd -a user</programlisting>
+
+ <para>The critical bit is that the <command>-a</command>
+ (for authentication) type is set to user. Consult the
+ &man.telnetd.8; manual page for more details.</para>
+
+ </sect2>
+
+ <sect2>
+ <title><application>Kerberos</application> enabling a client with Heimdal</title>
+
+ <indexterm>
+ <primary>Kerberos5</primary>
+ <secondary>configure clients</secondary>
+ </indexterm>
+
+ <para>Setting up a client computer is almost trivially easy. As
+ far as <application>Kerberos</application> configuration goes,
+ you only need the <application>Kerberos</application>
+ configuration file, located at <filename>/etc/krb5.conf</filename>.
+ Simply securely copy it over to the client computer from the
+ <acronym>KDC</acronym>.</para>
+
+ <para>Test your client computer by attempting to use
+ <command>kinit</command>, <command>klist</command>, and
+ <command>kdestroy</command> from the client to obtain, show, and
+ then delete a ticket for the principal you created above. You
+ should also be able to use <application>Kerberos</application>
+ applications to connect to <application>Kerberos</application>
+ enabled servers, though if that does not work and obtaining a
+ ticket does the problem is likely with the server and not with
+ the client or the <acronym>KDC</acronym>.</para>
+
+ <para>When testing an application like <command>telnet</command>,
+ try using a packet sniffer (such as &man.tcpdump.1;)
+ to confirm that your password is not sent in the clear. Try
+ using <command>telnet</command> with the <literal>-x</literal>
+ option, which encrypts the entire data stream (similar to
+ <command>ssh</command>).</para>
+
+ <para>The core <application>Kerberos</application> client applications
+ (traditionally named <command>kinit</command>,
+ <command>klist</command>, <command>kdestroy</command>, and
+ <command>kpasswd</command>) are installed in
+ the base &os; install. Note that &os; versions prior to 5.0
+ renamed them to <command>k5init</command>,
+ <command>k5list</command>, <command>k5destroy</command>,
+ <command>k5passwd</command>, and <command>k5stash</command>
+ (though it is typically only used once).</para>
+
+ <para>Various non-core <application>Kerberos</application> client
+ applications are also installed by default. This is where the
+ <quote>minimal</quote> nature of the base Heimdal installation is
+ felt: <command>telnet</command> is the only
+ <application>Kerberos</application> enabled service.</para>
+
+ <para>The Heimdal port adds some of the missing client applications:
+ <application>Kerberos</application> enabled versions of
+ <command>ftp</command>, <command>rsh</command>,
+ <command>rcp</command>, <command>rlogin</command>, and a few
+ other less common programs. The <acronym>MIT</acronym> port also
+ contains a full suite of <application>Kerberos</application>
+ client applications.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>User configuration files: <filename>.k5login</filename> and <filename>.k5users</filename></title>
+
+ <indexterm>
+ <primary><filename>.k5login</filename></primary>
+ </indexterm>
+
+ <indexterm>
+ <primary><filename>.k5users</filename></primary>
+ </indexterm>
+
+ <para>Users within a realm typically have their
+ <application>Kerberos</application> principal (such as
+ <username>tillman@EXAMPLE.ORG</username>) mapped to a local
+ user account (such as a local account named
+ <username>tillman</username>). Client applications such as
+ <command>telnet</command> usually do not require a user name
+ or a principal.</para>
+
+ <para>Occasionally, however, you want to grant access to a local
+ user account to someone who does not have a matching
+ <application>Kerberos</application> principal. For example,
+ <username>tillman@EXAMPLE.ORG</username> may need access to the
+ local user account <username>webdevelopers</username>. Other
+ principals may also need access to that local account.</para>
+
+ <para>The <filename>.k5login</filename> and
+ <filename>.k5users</filename> files, placed in a users home
+ directory, can be used similar to a powerful combination of
+ <filename>.hosts</filename> and <filename>.rhosts</filename>,
+ solving this problem. For example, if a
+ <filename>.k5login</filename> with the following
+ contents:</para>
+
+ <screen>tillman@example.org
+jdoe@example.org</screen>
+
+ <para>Were to be placed into the home directory of the local user
+ <username>webdevelopers</username> then both principals listed
+ would have access to that account without requiring a shared
+ password.</para>
+
+ <para>Reading the manual pages for these commands is recommended.
+ Note that the <command>ksu</command> manual page covers
+ <filename>.k5users</filename>.</para>
+
+ </sect2>
+
+ <sect2>
+ <title><application>Kerberos</application> Tips, Tricks, and Troubleshooting</title>
+
+ <indexterm>
+ <primary>Kerberos5</primary>
+ <secondary>troubleshooting</secondary>
+ </indexterm>
+
+ <itemizedlist>
+ <listitem>
+ <para>When using either the Heimdal or <acronym>MIT</acronym>
+ <application>Kerberos</application> ports ensure that your
+ <envar>PATH</envar> environment variable lists the
+ <application>Kerberos</application> versions of the client
+ applications before the system versions.</para>
+ </listitem>
+
+ <listitem>
+ <para>Do all the computers in your realm have synchronized
+ time settings? If not, authentication may fail.
+ <xref linkend="network-ntp"> describes how to synchronize
+ clocks using <acronym>NTP</acronym>.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>MIT</acronym> and Heimdal inter-operate nicely.
+ Except for <command>kadmin</command>, the protocol for
+ which is not standardized.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you change your hostname, you also need to change your
+ <username>host/</username> principal and update your keytab.
+ This also applies to special keytab entries like the
+ <username>www/</username> principal used for Apache's
+ <filename role="package">www/mod_auth_kerb</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>All hosts in your realm must be resolvable (both forwards
+ and reverse) in <acronym>DNS</acronym> (or
+ <filename>/etc/hosts</filename> as a minimum). CNAMEs
+ will work, but the A and PTR records must be correct and in
+ place. The error message is not very intuitive:
+ <errorname>Kerberos5 refuses authentication because Read req
+ failed: Key table entry not found</errorname>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Some operating systems that may being acting as clients
+ to your <acronym>KDC</acronym> do not set the permissions
+ for <command>ksu</command> to be setuid
+ <username>root</username>. This means that
+ <command>ksu</command> does not work, which is a good
+ security idea but annoying. This is not a
+ <acronym>KDC</acronym> error.</para>
+ </listitem>
+
+ <listitem>
+ <para>With <acronym>MIT</acronym>
+ <application>Kerberos</application>, if you want to allow a
+ principal to have a ticket life longer than the default ten
+ hours, you must use <command>modify_principal</command> in
+ <command>kadmin</command> to change the maxlife of both the
+ principal in question and the <username>krbtgt</username>
+ principal. Then the principal can use the
+ <literal>-l</literal> option with <command>kinit</command>
+ to request a ticket with a longer lifetime.</para>
+ </listitem>
+
+ <listitem>
+ <note><para>If you run a packet sniffer on your
+ <acronym>KDC</acronym> to add in troubleshooting and then
+ run <command>kinit</command> from a workstation, you will
+ notice that your <acronym>TGT</acronym> is sent
+ immediately upon running <command>kinit</command> &mdash;
+ even before you type your password! The explanation is
+ that the <application>Kerberos</application> server freely
+ transmits a <acronym>TGT</acronym> (Ticket Granting
+ Ticket) to any unauthorized request; however, every
+ <acronym>TGT</acronym> is encrypted in a key derived from
+ the user's password. Therefore, when a user types their
+ password it is not being sent to the <acronym>KDC</acronym>,
+ it is being used to decrypt the <acronym>TGT</acronym> that
+ <command>kinit</command> already obtained. If the decryption
+ process results in a valid ticket with a valid time stamp,
+ the user has valid <application>Kerberos</application>
+ credentials. These credentials include a session key for
+ establishing secure communications with the
+ <application>Kerberos</application> server in the future, as
+ well as the actual ticket-granting ticket, which is actually
+ encrypted with the <application>Kerberos</application>
+ server's own key. This second layer of encryption is
+ unknown to the user, but it is what allows the
+ <application>Kerberos</application> server to verify
+ the authenticity of each <acronym>TGT</acronym>.</para></note>
+ </listitem>
+
+ <listitem>
+ <para>If you want to use long ticket lifetimes (a week, for
+ example) and you are using <application>OpenSSH</application>
+ to connect to the machine where your ticket is stored, make
+ sure that <application>Kerberos</application>
+ <option>TicketCleanup</option> is set to <literal>no</literal>
+ in your <filename>sshd_config</filename> or else your tickets
+ will be deleted when you log out.</para>
+ </listitem>
+
+ <listitem>
+ <para>Remember that host principals can have a longer ticket
+ lifetime as well. If your user principal has a lifetime of a
+ week but the host you are connecting to has a lifetime of nine
+ hours, you will have an expired host principal in your cache
+ and the ticket cache will not work as expected.</para>
+ </listitem>
+
+ <listitem>
+ <para>When setting up a <filename>krb5.dict</filename> file to
+ prevent specific bad passwords from being used (the manual page
+ for <command>kadmind</command> covers this briefly), remember
+ that it only applies to principals that have a password policy
+ assigned to them. The <filename>krb5.dict</filename> files
+ format is simple: one string per line. Creating a symbolic
+ link to <filename>/usr/share/dict/words</filename> might be
+ useful.</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect2>
+
+ <sect2>
+ <title>Differences with the <acronym>MIT</acronym> port</title>
+
+ <para>The major difference between the <acronym>MIT</acronym>
+ and Heimdal installs relates to the <command>kadmin</command>
+ program which has a different (but equivalent) set of commands
+ and uses a different protocol. This has a large implications
+ if your <acronym>KDC</acronym> is <acronym>MIT</acronym> as you
+ will not be able to use the Heimdal <command>kadmin</command>
+ program to administer your <acronym>KDC</acronym> remotely
+ (or vice versa, for that matter).</para>
+
+ <para>The client applications may also take slightly different
+ command line options to accomplish the same tasks. Following
+ the instructions on the <acronym>MIT</acronym>
+ <application>Kerberos</application> web site
+ (<ulink url="http://web.mit.edu/Kerberos/www/"></ulink>)
+ is recommended. Be careful of path issues: the
+ <acronym>MIT</acronym> port installs into
+ <filename>/usr/local/</filename> by default, and the
+ <quote>normal</quote> system applications may be run instead
+ of <acronym>MIT</acronym> if your <envar>PATH</envar>
+ environment variable lists the system directories first.</para>
+
+ <note><para>With the <acronym>MIT</acronym>
+ <filename role="package">security/krb5</filename> port
+ that is provided by &os;, be sure to read the
+ <filename>/usr/local/share/doc/krb5/README.FreeBSD</filename>
+ file installed by the port if you want to understand why logins
+ via <command>telnetd</command> and <command>klogind</command>
+ behave somewhat oddly. Most importantly, correcting the
+ <quote>incorrect permissions on cache file</quote> behavior
+ requires that the <command>login.krb5</command> binary be used
+ for authentication so that it can properly change ownership for
+ the forwarded credentials.</para></note>
+
+ </sect2>
+
+ <sect2>
+ <title>Mitigating limitations found in <application>Kerberos</application></title>
+
+ <indexterm>
+ <primary>Kerberos5</primary>
+ <secondary>limitations and shortcomings</secondary>
+ </indexterm>
+
+ <sect3>
+ <title><application>Kerberos</application> is an all-or-nothing approach</title>
+
+ <para>Every service enabled on the network must be modified to
+ work with <application>Kerberos</application> (or be otherwise
+ secured against network attacks) or else the users credentials
+ could be stolen and re-used. An example of this would be
+ <application>Kerberos</application> enabling all remote shells
+ (via <command>rsh</command> and <command>telnet</command>, for
+ example) but not converting the <acronym>POP3</acronym> mail
+ server which sends passwords in plain text.</para>
+
+ </sect3>
+
+ <sect3>
+ <title><application>Kerberos</application> is intended for single-user workstations</title>
+
+ <para>In a multi-user environment,
+ <application>Kerberos</application> is less secure.
+ This is because it stores the tickets in the
+ <filename>/tmp</filename> directory, which is readable by all
+ users. If a user is sharing a computer with several other
+ people simultaneously (i.e. multi-user), it is possible that
+ the user's tickets can be stolen (copied) by another
+ user.</para>
+
+ <para>This can be overcome with the <literal>-c</literal>
+ filename command-line option or (preferably) the
+ <envar>KRB5CCNAME</envar> environment variable, but this
+ is rarely done. In principal, storing the ticket in the users
+ home directory and using simple file permissions can mitigate
+ this problem.</para>
+
+ </sect3>
+
+ <sect3>
+ <title>The KDC is a single point of failure</title>
+
+ <para>By design, the <acronym>KDC</acronym> must be as secure as
+ the master password database is contained on it. The
+ <acronym>KDC</acronym> should have absolutely no other
+ services running on it and should be physically secured. The
+ danger is high because <application>Kerberos</application>
+ stores all passwords encrypted with the same key (the
+ <quote>master</quote> key), which in turn is stored as a file
+ on the <acronym>KDC</acronym>.</para>
+
+ <para>As a side note, a compromised master key is not quite as
+ bad as one might normally fear. The master key is only used
+ to encrypt the <application>Kerberos</application> database
+ and as a seed for the random number generator. As long as
+ access to your <acronym>KDC</acronym> is secure, an attacker
+ cannot do much with the master key.</para>
+
+ <para>Additionally, if the <acronym>KDC</acronym> is unavailable
+ (perhaps due to a denial of service attack or network problems)
+ the network services are unusable as authentication can not be
+ performed, a recipe for a denial-of-service attack. This can
+ alleviated with multiple <acronym>KDC</acronym>s (a single
+ master and one or more slaves) and with careful implementation
+ of secondary or fall-back authentication
+ (<acronym>PAM</acronym> is excellent for this).</para>
+
+ </sect3>
+
+ <sect3>
+ <title><application>Kerberos</application> Shortcomings</title>
+
+ <para><application>Kerberos</application> allows users, hosts
+ and services to authenticate between themselves. It does not
+ have a mechanism to authenticate the <acronym>KDC</acronym>
+ to the users, hosts or services. This means that a trojanned
+ <command>kinit</command> (for example) could record all user
+ names and passwords. Something like
+ <filename role="package">security/tripwire</filename> or
+ other file system integrity checking tools can alleviate
+ this.</para>
+
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Resources and further information</title>
+
+ <indexterm>
+ <primary>Kerberos5</primary>
+ <secondary>external resources</secondary>
+ </indexterm>
+
+ <itemizedlist>
+ <listitem>
+ <para><ulink
+ url="http://www.faqs.org/faqs/Kerberos-faq/general/preamble.html">
+ The <application>Kerberos</application> FAQ</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://web.mit.edu/Kerberos/www/dialogue.html">Designing
+ an Authentication System: a Dialog in Four Scenes</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.ietf.org/rfc/rfc1510.txt?number=1510">RFC 1510,
+ The <application>Kerberos</application> Network Authentication Service
+ (V5)</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://web.mit.edu/Kerberos/www/"><acronym>MIT</acronym>
+ <application>Kerberos</application> home page</ulink></para>
+ </listitem>
+
+ <listitem>
+ <para><ulink url="http://www.pdc.kth.se/heimdal/">Heimdal
+ <application>Kerberos</application> home page</ulink></para>
+ </listitem>
+
+ </itemizedlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="openssl">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Written by: </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>OpenSSL</title>
+ <indexterm>
+ <primary>security</primary>
+ <secondary>OpenSSL</secondary>
+ </indexterm>
+
+ <para>One feature that many users overlook is the
+ <application>OpenSSL</application> toolkit included
+ in &os;. <application>OpenSSL</application> provides an
+ encryption transport layer on top of the normal communications
+ layer; thus allowing it to be intertwined with many network
+ applications and services.</para>
+
+ <para>Some uses of <application>OpenSSL</application> may include
+ encrypted authentication of mail clients, web based transactions
+ such as credit card payments and more. Many ports such as
+ <filename role="package">www/apache13-ssl</filename>, and
+ <filename role="package">mail/sylpheed-claws</filename>
+ will offer compilation support for building with
+ <application>OpenSSL</application>.</para>
+
+ <note>
+ <para>In most cases the Ports Collection will attempt to build
+ the <filename role="package">security/openssl</filename> port
+ unless the <makevar>WITH_OPENSSL_BASE</makevar> make variable
+ is explicitly set to <quote>yes</quote>.</para>
+ </note>
+
+ <para>The version of <application>OpenSSL</application> included
+ in &os; supports Secure Sockets Layer v2/v3 (SSLv2/SSLv3),
+ Transport Layer Security v1 (TLSv1) network security protocols
+ and can be used as a general cryptographic library.</para>
+
+ <note>
+ <para>While <application>OpenSSL</application> supports the
+ <acronym>IDEA</acronym> algorithm, it is disabled by default
+ due to United States patents. To use it, the license should
+ be reviewed and, if the restrictions are acceptable, the
+ <makevar>MAKE_IDEA</makevar> variable must be set in
+ <filename>make.conf</filename>.</para>
+ </note>
+
+ <para>One of the most common uses of
+ <application>OpenSSL</application> is to provide certificates for
+ use with software applications. These certificates ensure
+ that the credentials of the company or individual are valid
+ and not fraudulent. If the certificate in question has
+ not been verified by one of the several <quote>Certificate Authorities</quote>,
+ or <acronym>CA</acronym>s, a warning is usually produced. A
+ Certificate Authority is a company, such as <ulink url="http://www.verisign.com">VeriSign</ulink>, which will
+ sign certificates in order to validate credentials of individuals
+ or companies. This process has a cost associated with it and
+ is definitely not a requirement for using certificates; however,
+ it can put some of the more paranoid users at ease.</para>
+
+ <sect2>
+ <title>Generating Certificates</title>
+
+ <indexterm>
+ <primary>OpenSSL</primary>
+ <secondary>certificate generation</secondary>
+ </indexterm>
+
+ <para>To generate a certificate, the following command is
+ available:</para>
+
+ <screen>&prompt.root; <userinput>openssl req -new -nodes -out req.pem -keyout cert.pem</userinput>
+Generating a 1024 bit RSA private key
+................++++++
+.......................................++++++
+writing new private key to 'cert.pem'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:<userinput><replaceable>US</replaceable></userinput>
+State or Province Name (full name) [Some-State]:<userinput><replaceable>PA</replaceable></userinput>
+Locality Name (eg, city) []:<userinput><replaceable>Pittsburgh</replaceable></userinput>
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:<userinput><replaceable>My Company</replaceable></userinput>
+Organizational Unit Name (eg, section) []:<userinput><replaceable>Systems Administrator</replaceable></userinput>
+Common Name (eg, YOUR name) []:<userinput><replaceable>localhost.example.org</replaceable></userinput>
+Email Address []:<userinput><replaceable>trhodes@FreeBSD.org</replaceable></userinput>
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:<userinput><replaceable>SOME PASSWORD</replaceable></userinput>
+An optional company name []:<userinput><replaceable>Another Name</replaceable></userinput></screen>
+
+ <para>Notice the response directly after the
+ <quote>Common Name</quote> prompt shows a domain name.
+ This prompt requires a server name to be entered for
+ verification purposes; placing anything but a domain name
+ would yield a useless certificate. Other options, for
+ instance expire time, alternate encryption algorithms, etc.
+ are available. A complete list may be obtained by viewing
+ the &man.openssl.1; manual page.</para>
+
+ <para>Two files should now exist in
+ the directory in which the aforementioned command was issued.
+ The certificate request, <filename>req.pem</filename>, may be
+ sent to a certificate authority who will validate the credentials
+ that you entered, sign the request and return the certificate to
+ you. The second file created will be named <filename>cert.pem</filename>
+ and is the private key for the certificate and should be
+ protected at all costs; if this falls in the hands of others it
+ can be used to impersonate you (or your server).</para>
+
+ <para>In cases where a signature from a <acronym>CA</acronym> is
+ not required, a self signed certificate can be created. First,
+ generate the <acronym>RSA</acronym> key:</para>
+
+ <screen>&prompt.root; <userinput>openssl dsaparam -rand -genkey -out <filename>myRSA.key</filename> 1024</userinput></screen>
+
+ <para>Next, generate the <acronym>CA</acronym> key:</para>
+
+ <screen>&prompt.root; <userinput>openssl gendsa -des3 -out <filename>myca.key</filename> <filename>myRSA.key</filename></userinput></screen>
+
+ <para>Use this key to create the certificate:</para>
+
+ <screen>&prompt.root; <userinput>openssl req -new -x509 -days 365 -key <filename>myca.key</filename> -out <filename>new.crt</filename></userinput></screen>
+
+ <para>Two new files should appear in the directory: a certificate
+ authority signature file, <filename>myca.key</filename> and the
+ certificate itself, <filename>new.crt</filename>. These should
+ be placed in a directory, preferably under
+ <filename class="directory">/etc</filename>, which is readable
+ only by <username>root</username>. Permissions of 0700 should be fine for this and
+ they can be set with the <command>chmod</command>
+ utility.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using Certificates, an Example</title>
+
+ <para>So what can these files do? A good use would be to
+ encrypt connections to the <application>Sendmail</application>
+ <acronym>MTA</acronym>. This would dissolve the use of clear
+ text authentication for users who send mail via the local
+ <acronym>MTA</acronym>.</para>
+
+ <note>
+ <para>This is not the best use in the world as some
+ <acronym>MUA</acronym>s will present the user with an
+ error if they have not installed the certificate locally.
+ Refer to the documentation included with the software for
+ more information on certificate installation.</para>
+ </note>
+
+ <para>The following lines should be placed inside the
+ local <filename>.mc</filename> file:</para>
+
+ <programlisting>dnl SSL Options
+define(`confCACERT_PATH',`/etc/certs')dnl
+define(`confCACERT',`/etc/certs/new.crt')dnl
+define(`confSERVER_CERT',`/etc/certs/new.crt')dnl
+define(`confSERVER_KEY',`/etc/certs/myca.key')dnl
+define(`confTLS_SRV_OPTIONS', `V')dnl</programlisting>
+
+ <para>Where <filename class="directory">/etc/certs/</filename>
+ is the directory to be used for storing the certificate
+ and key files locally. The last few requirements are a rebuild
+ of the local <filename>.cf</filename> file. This is easily
+ achieved by typing <command>make</command>
+ <parameter>install</parameter> within the
+ <filename class="directory">/etc/mail</filename>
+ directory. Follow that up with <command>make</command>
+ <parameter>restart</parameter> which should start the
+ <application>Sendmail</application> daemon.</para>
+
+ <para>If all went well there will be no error messages in the
+ <filename>/var/log/maillog</filename> file and
+ <application>Sendmail</application> will show up in the process
+ list.</para>
+
+ <para>For a simple test, simply connect to the mail server
+ using the &man.telnet.1; utility:</para>
+
+ <screen>&prompt.root; <userinput>telnet <replaceable>example.com</replaceable> 25</userinput>
+Trying 192.0.34.166...
+Connected to <hostid role="fqdn">example.com</hostid>.
+Escape character is '^]'.
+220 <hostid role="fqdn">example.com</hostid> ESMTP Sendmail 8.12.10/8.12.10; Tue, 31 Aug 2004 03:41:22 -0400 (EDT)
+<userinput>ehlo <replaceable>example.com</replaceable></userinput>
+250-example.com Hello example.com [192.0.34.166], pleased to meet you
+250-ENHANCEDSTATUSCODES
+250-PIPELINING
+250-8BITMIME
+250-SIZE
+250-DSN
+250-ETRN
+250-AUTH LOGIN PLAIN
+250-STARTTLS
+250-DELIVERBY
+250 HELP
+<userinput>quit</userinput>
+221 2.0.0 <hostid role="fqdn">example.com</hostid> closing connection
+Connection closed by foreign host.</screen>
+
+ <para>If the <quote>STARTTLS</quote> line appears in the output
+ then everything is working correctly.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="ipsec">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Nik</firstname>
+ <surname>Clayton</surname>
+ <affiliation>
+ <address><email>nik@FreeBSD.org</email></address>
+ </affiliation>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <indexterm>
+ <primary>IPsec</primary>
+ </indexterm>
+
+ <title>VPN over IPsec</title>
+ <para>Creating a VPN between two networks, separated by the
+ Internet, using FreeBSD gateways.</para>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Hiten M.</firstname>
+ <surname>Pandya</surname>
+ <affiliation>
+ <address><email>hmp@FreeBSD.org</email></address>
+ </affiliation>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Understanding IPsec</title>
+
+ <para>This section will guide you through the process of setting
+ up IPsec, and to use it in an environment which consists of
+ FreeBSD and <application>&microsoft.windows; 2000/XP</application>
+ machines, to make them communicate securely. In order to set up
+ IPsec, it is necessary that you are familiar with the concepts
+ of building a custom kernel (see
+ <xref linkend="kernelconfig">).</para>
+
+ <para><emphasis>IPsec</emphasis> is a protocol which sits on top
+ of the Internet Protocol (IP) layer. It allows two or more
+ hosts to communicate in a secure manner (hence the name). The
+ FreeBSD IPsec <quote>network stack</quote> is based on the
+ <ulink url="http://www.kame.net/">KAME</ulink> implementation,
+ which has support for both protocol families, IPv4 and
+ IPv6.</para>
+
+ <note>
+ <para>FreeBSD 5.X contains a <quote>hardware
+ accelerated</quote> IPsec stack, known as <quote>Fast
+ IPsec</quote>, that was obtained from OpenBSD. It employs
+ cryptographic hardware (whenever possible) via the
+ &man.crypto.4; subsystem to optimize the performance of IPsec.
+ This subsystem is new, and does not support all the features
+ that are available in the KAME version of IPsec. However, in
+ order to enable hardware-accelerated IPsec, the following
+ kernel option has to be added to your kernel configuration
+ file:</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>FAST_IPSEC</secondary>
+ </indexterm>
+
+ <screen>
+options FAST_IPSEC # new IPsec (cannot define w/ IPSEC)
+ </screen>
+
+ <para> Note, that it is not currently possible to use the
+ <quote>Fast IPsec</quote> subsystem in lue with the KAME
+ implementation of IPsec. Consult the &man.fast.ipsec.4;
+ manual page for more information.</para>
+
+ </note>
+
+ <indexterm>
+ <primary>IPsec</primary>
+ <secondary>ESP</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>IPsec</primary>
+ <secondary>AH</secondary>
+ </indexterm>
+
+ <para>IPsec consists of two sub-protocols:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><emphasis>Encapsulated Security Payload
+ (ESP)</emphasis>, protects the IP packet data from third
+ party interference, by encrypting the contents using
+ symmetric cryptography algorithms (like Blowfish,
+ 3DES).</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Authentication Header (AH)</emphasis>,
+ protects the IP packet header from third party interference
+ and spoofing, by computing a cryptographic checksum and
+ hashing the IP packet header fields with a secure hashing
+ function. This is then followed by an additional header
+ that contains the hash, to allow the information in the
+ packet to be authenticated.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><acronym>ESP</acronym> and <acronym>AH</acronym> can
+ either be used together or separately, depending on the
+ environment.</para>
+
+ <indexterm>
+ <primary>VPN</primary>
+ </indexterm>
+
+ <indexterm>
+ <primary>virtual private network</primary>
+ <see>VPN</see>
+ </indexterm>
+
+ <para>IPsec can either be used to directly encrypt the traffic
+ between two hosts (known as <emphasis>Transport
+ Mode</emphasis>); or to build <quote>virtual tunnels</quote>
+ between two subnets, which could be used for secure
+ communication between two corporate networks (known as
+ <emphasis>Tunnel Mode</emphasis>). The latter is more commonly
+ known as a <emphasis>Virtual Private Network (VPN)</emphasis>.
+ The &man.ipsec.4; manual page should be consulted for detailed
+ information on the IPsec subsystem in FreeBSD.</para>
+
+ <para>To add IPsec support to your kernel, add the following
+ options to your kernel configuration file:</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>IPSEC</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>IPSEC_ESP</secondary>
+ </indexterm>
+
+ <screen>
+options IPSEC #IP security
+options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
+ </screen>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>IPSEC_DEBUG</secondary>
+ </indexterm>
+
+ <para>If IPsec debugging support is desired, the following
+ kernel option should also be added:</para>
+
+ <screen>
+options IPSEC_DEBUG #debug for IP security
+ </screen>
+ </sect2>
+
+ <sect2>
+ <title>The Problem</title>
+
+ <para>There is no standard for what constitutes a VPN. VPNs can
+ be implemented using a number of different technologies, each of
+ which have their own strengths and weaknesses. This section
+ presents a scenario, and the strategies used for implementing a
+ VPN for this scenario.</para>
+ </sect2>
+
+ <sect2>
+ <title>The Scenario: Two networks, connected to the Internet, to
+ behave as one</title>
+
+ <indexterm>
+ <primary>VPN</primary>
+ <secondary>creating</secondary>
+ </indexterm>
+
+ <para>The premise is as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>You have at least two sites</para>
+ </listitem>
+ <listitem>
+ <para>Both sites are using IP internally</para>
+ </listitem>
+ <listitem>
+ <para>Both sites are connected to the Internet, through a
+ gateway that is running FreeBSD.</para>
+ </listitem>
+ <listitem>
+ <para>The gateway on each network has at least one public IP
+ address.</para>
+ </listitem>
+ <listitem>
+ <para>The internal addresses of the two networks can be
+ public or private IP addresses, it does not matter. You can
+ be running NAT on the gateway machine if necessary.</para>
+ </listitem>
+ <listitem>
+ <para>The internal IP addresses of the two networks
+ <emphasis>do not collide</emphasis>. While I expect it is
+ theoretically possible to use a combination of VPN
+ technology and NAT to get this to work, I expect it to be a
+ configuration nightmare.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you find that you are trying to connect two networks,
+ both of which, internally, use the same private IP address range
+ (e.g. both of them use <hostid
+ role="ipaddr">192.168.1.x</hostid>), then one of the networks will
+ have to be renumbered.</para>
+
+ <para>The network topology might look something like this:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="security/ipsec-network" align="center">
+ </imageobject>
+
+ <textobject>
+<literallayout class="monospaced">Network #1 [ Internal Hosts ] Private Net, 192.168.1.2-254
+ [ Win9x/NT/2K ]
+ [ UNIX ]
+ |
+ |
+ .---[fxp1]---. Private IP, 192.168.1.1
+ | FreeBSD |
+ `---[fxp0]---' Public IP, A.B.C.D
+ |
+ |
+ -=-=- Internet -=-=-
+ |
+ |
+ .---[fxp0]---. Public IP, W.X.Y.Z
+ | FreeBSD |
+ `---[fxp1]---' Private IP, 192.168.2.1
+ |
+ |
+Network #2 [ Internal Hosts ]
+ [ Win9x/NT/2K ] Private Net, 192.168.2.2-254
+ [ UNIX ]</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>Notice the two public IP addresses. I will use the letters to
+ refer to them in the rest of this article. Anywhere you see those
+ letters in this article, replace them with your own public IP
+ addresses. Note also that internally, the two gateway
+ machines have .1 IP addresses, and that the two networks have
+ different private IP addresses (<hostid
+ role="ipaddr">192.168.1.x</hostid> and <hostid
+ role="ipaddr">192.168.2.x</hostid> respectively). All the
+ machines on the private networks have been configured to use the
+ <hostid role="ipaddr">.1</hostid> machine as their default
+ gateway.</para>
+
+ <para>The intention is that, from a network point of view, each
+ network should view the machines on the other network as though
+ they were directly attached the same router -- albeit a slightly
+ slow router with an occasional tendency to drop packets.</para>
+
+ <para>This means that (for example), machine <hostid
+ role="ipaddr">192.168.1.20</hostid> should be able to run</para>
+
+ <programlisting>ping 192.168.2.34</programlisting>
+
+ <para>and have it work, transparently. &windows; machines should
+ be able to see the machines on the other network, browse file
+ shares, and so on, in exactly the same way that they can browse
+ machines on the local network.</para>
+
+ <para>And the whole thing has to be secure. This means that
+ traffic between the two networks has to be encrypted.</para>
+
+ <para>Creating a VPN between these two networks is a multi-step
+ process. The stages are as follows:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Create a <quote>virtual</quote> network link between the two
+ networks, across the Internet. Test it, using tools like
+ &man.ping.8;, to make sure it works.</para>
+ </listitem>
+
+ <listitem>
+ <para>Apply security policies to ensure that traffic between
+ the two networks is transparently encrypted and decrypted as
+ necessary. Test this, using tools like &man.tcpdump.1;, to
+ ensure that traffic is encrypted.</para>
+ </listitem>
+
+ <listitem>
+ <para>Configure additional software on the FreeBSD gateways,
+ to allow &windows; machines to see one another across the
+ VPN.</para>
+ </listitem>
+ </orderedlist>
+
+ <sect3>
+ <title>Step 1: Creating and testing a <quote>virtual</quote>
+ network link</title>
+
+ <para>Suppose that you were logged in to the gateway machine on
+ network #1 (with public IP address <hostid
+ role="ipaddr">A.B.C.D</hostid>, private IP address <hostid
+ role="ipaddr">192.168.1.1</hostid>), and you ran <command>ping
+ 192.168.2.1</command>, which is the private address of the machine
+ with IP address <hostid role="ipaddr">W.X.Y.Z</hostid>. What
+ needs to happen in order for this to work?</para>
+
+ <orderedlist>
+ <listitem>
+ <para>The gateway machine needs to know how to reach <hostid
+ role="ipaddr">192.168.2.1</hostid>. In other words, it needs
+ to have a route to <hostid
+ role="ipaddr">192.168.2.1</hostid>.</para>
+ </listitem>
+ <listitem>
+ <para>Private IP addresses, such as those in the <hostid
+ role="ipaddr">192.168.x</hostid> range are not supposed to
+ appear on the Internet at large. Instead, each packet you
+ send to <hostid role="ipaddr">192.168.2.1</hostid> will need
+ to be wrapped up inside another packet. This packet will need
+ to appear to be from <hostid role="ipaddr">A.B.C.D</hostid>,
+ and it will have to be sent to <hostid
+ role="ipaddr">W.X.Y.Z</hostid>. This process is called
+ <firstterm>encapsulation</firstterm>.</para>
+ </listitem>
+ <listitem>
+ <para>Once this packet arrives at <hostid
+ role="ipaddr">W.X.Y.Z</hostid> it will need to
+ <quote>unencapsulated</quote>, and delivered to <hostid
+ role="ipaddr">192.168.2.1</hostid>.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>You can think of this as requiring a <quote>tunnel</quote>
+ between the two networks. The two <quote>tunnel mouths</quote> are the IP
+ addresses <hostid role="ipaddr">A.B.C.D</hostid> and <hostid
+ role="ipaddr">W.X.Y.Z</hostid>, and the tunnel must be told the
+ addresses of the private IP addresses that will be allowed to pass
+ through it. The tunnel is used to transfer traffic with private
+ IP addresses across the public Internet.</para>
+
+ <para>This tunnel is created by using the generic interface, or
+ <devicename>gif</devicename> devices on FreeBSD. As you can
+ imagine, the <devicename>gif</devicename> interface on each
+ gateway host must be configured with four IP addresses; two for
+ the public IP addresses, and two for the private IP
+ addresses.</para>
+
+ <para>Support for the gif device must be compiled in to the
+ &os; kernel on both machines. You can do this by adding the
+ line:</para>
+
+ <programlisting>device gif</programlisting>
+
+ <para>to the kernel configuration files on both machines, and
+ then compile, install, and reboot as normal.</para>
+
+ <para>Configuring the tunnel is a two step process. First the
+ tunnel must be told what the outside (or public) IP addresses
+ are, using &man.gifconfig.8;. Then the private IP addresses must be
+ configured using &man.ifconfig.8;.</para>
+
+ <note>
+ <para>In &os;&nbsp;5.X, the functionality provided by the
+ &man.gifconfig.8; utility has been merged into
+ &man.ifconfig.8;.</para></note>
+
+ <para>On the gateway machine on network #1 you would run the
+ following two commands to configure the tunnel.</para>
+
+ <programlisting>gifconfig gif0 A.B.C.D W.X.Y.Z
+ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 0xffffffff
+ </programlisting>
+
+ <para>On the other gateway machine you run the same commands,
+ but with the order of the IP addresses reversed.</para>
+
+ <programlisting>gifconfig gif0 W.X.Y.Z A.B.C.D
+ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xffffffff
+ </programlisting>
+
+ <para>You can then run:</para>
+
+ <programlisting>gifconfig gif0</programlisting>
+
+ <para>to see the configuration. For example, on the network #1
+ gateway, you would see this:</para>
+
+ <screen>&prompt.root; <userinput>gifconfig gif0</userinput>
+gif0: flags=8011&lt;UP,POINTTOPOINT,MULTICAST&gt; mtu 1280
+inet 192.168.1.1 --&gt; 192.168.2.1 netmask 0xffffffff
+physical address inet A.B.C.D --&gt; W.X.Y.Z
+ </screen>
+
+ <para>As you can see, a tunnel has been created between the
+ physical addresses <hostid role="ipaddr">A.B.C.D</hostid> and
+ <hostid role="ipaddr">W.X.Y.Z</hostid>, and the traffic allowed
+ through the tunnel is that between <hostid
+ role="ipaddr">192.168.1.1</hostid> and <hostid
+ role="ipaddr">192.168.2.1</hostid>.</para>
+
+ <para>This will also have added an entry to the routing table
+ on both machines, which you can examine with the command <command>netstat -rn</command>.
+ This output is from the gateway host on network #1.</para>
+
+ <screen>&prompt.root; <userinput>netstat -rn</userinput>
+Routing tables
+
+Internet:
+Destination Gateway Flags Refs Use Netif Expire
+...
+192.168.2.1 192.168.1.1 UH 0 0 gif0
+...
+ </screen>
+
+ <para>As the <quote>Flags</quote> value indicates, this is a
+ host route, which means that each gateway knows how to reach the
+ other gateway, but they do not know how to reach the rest of
+ their respective networks. That problem will be fixed
+ shortly.</para>
+
+ <para>It is likely that you are running a firewall on both
+ machines. This will need to be circumvented for your VPN
+ traffic. You might want to allow all traffic between both
+ networks, or you might want to include firewall rules that
+ protect both ends of the VPN from one another.</para>
+
+ <para>It greatly simplifies testing if you configure the
+ firewall to allow all traffic through the VPN. You can always
+ tighten things up later. If you are using &man.ipfw.8; on the
+ gateway machines then a command like</para>
+
+ <programlisting>ipfw add 1 allow ip from any to any via gif0</programlisting>
+
+ <para>will allow all traffic between the two end points of the
+ VPN, without affecting your other firewall rules. Obviously
+ you will need to run this command on both gateway hosts.</para>
+
+ <para>This is sufficient to allow each gateway machine to ping
+ the other. On <hostid role="ipaddr">192.168.1.1</hostid>, you
+ should be able to run</para>
+
+ <programlisting>ping 192.168.2.1</programlisting>
+
+ <para>and get a response, and you should be able to do the same
+ thing on the other gateway machine.</para>
+
+ <para>However, you will not be able to reach internal machines
+ on either network yet. This is because of the routing --
+ although the gateway machines know how to reach one another,
+ they do not know how to reach the network behind each one.</para>
+
+ <para>To solve this problem you must add a static route on each
+ gateway machine. The command to do this on the first gateway
+ would be:</para>
+
+ <programlisting>route add 192.168.2.0 192.168.2.1 netmask 0xffffff00
+ </programlisting>
+
+ <para>This says <quote>In order to reach the hosts on the
+ network <hostid role="ipaddr">192.168.2.0</hostid>, send the
+ packets to the host <hostid
+ role="ipaddr">192.168.2.1</hostid></quote>. You will need to
+ run a similar command on the other gateway, but with the
+ <hostid role="ipaddr">192.168.1.x</hostid> addresses
+ instead.</para>
+
+ <para>IP traffic from hosts on one network will now be able to
+ reach hosts on the other network.</para>
+
+ <para>That has now created two thirds of a VPN between the two
+ networks, in as much as it is <quote>virtual</quote> and it is a
+ <quote>network</quote>. It is not private yet. You can test
+ this using &man.ping.8; and &man.tcpdump.1;. Log in to the
+ gateway host and run</para>
+
+ <programlisting>tcpdump dst host 192.168.2.1</programlisting>
+
+ <para>In another log in session on the same host run</para>
+
+ <programlisting>ping 192.168.2.1</programlisting>
+
+ <para>You will see output that looks something like this:</para>
+
+ <programlisting>
+16:10:24.018080 192.168.1.1 &gt; 192.168.2.1: icmp: echo request
+16:10:24.018109 192.168.1.1 &gt; 192.168.2.1: icmp: echo reply
+16:10:25.018814 192.168.1.1 &gt; 192.168.2.1: icmp: echo request
+16:10:25.018847 192.168.1.1 &gt; 192.168.2.1: icmp: echo reply
+16:10:26.028896 192.168.1.1 &gt; 192.168.2.1: icmp: echo request
+16:10:26.029112 192.168.1.1 &gt; 192.168.2.1: icmp: echo reply
+ </programlisting>
+
+ <para>As you can see, the ICMP messages are going back and forth
+ unencrypted. If you had used the <option>-s</option> parameter to
+ &man.tcpdump.1; to grab more bytes of data from the packets you
+ would see more information.</para>
+
+ <para>Obviously this is unacceptable. The next section will
+ discuss securing the link between the two networks so that it
+ all traffic is automatically encrypted.</para>
+
+ <itemizedlist>
+ <title>Summary:</title>
+ <listitem>
+ <para>Configure both kernels with <quote>pseudo-device
+ gif</quote>.</para>
+ </listitem>
+ <listitem>
+ <para>Edit <filename>/etc/rc.conf</filename> on gateway host
+ #1 and add the following lines (replacing IP addresses as
+ necessary).</para>
+ <programlisting>gifconfig_gif0="A.B.C.D W.X.Y.Z"
+ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff"
+static_routes="vpn"
+route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00"
+ </programlisting>
+ </listitem>
+
+ <listitem>
+ <para>Edit your firewall script
+ (<filename>/etc/rc.firewall</filename>, or similar) on both
+ hosts, and add</para>
+
+ <programlisting>ipfw add 1 allow ip from any to any via gif0</programlisting>
+ </listitem>
+ <listitem>
+ <para>Make similar changes to
+ <filename>/etc/rc.conf</filename> on gateway host #2,
+ reversing the order of IP addresses.</para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+
+ <sect3>
+ <title>Step 2: Securing the link</title>
+
+ <para>To secure the link we will be using IPsec. IPsec provides
+ a mechanism for two hosts to agree on an encryption key, and to
+ then use this key in order to encrypt data between the two
+ hosts.</para>
+
+ <para>The are two areas of configuration to be considered here.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>There must be a mechanism for two hosts to agree on the
+ encryption mechanism to use. Once two hosts have agreed on
+ this mechanism there is said to be a <quote>security association</quote>
+ between them.</para>
+ </listitem>
+ <listitem>
+ <para>There must be a mechanism for specifying which traffic
+ should be encrypted. Obviously, you do not want to encrypt
+ all your outgoing traffic -- you only want to encrypt the
+ traffic that is part of the VPN. The rules that you put in
+ place to determine what traffic will be encrypted are called
+ <quote>security policies</quote>.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>Security associations and security policies are both
+ maintained by the kernel, and can be modified by userland
+ programs. However, before you can do this you must configure the
+ kernel to support IPsec and the Encapsulated Security Payload
+ (ESP) protocol. This is done by configuring a kernel with:</para>
+
+ <indexterm>
+ <primary>kernel options</primary>
+ <secondary>IPSEC</secondary>
+ </indexterm>
+
+ <programlisting>options IPSEC
+options IPSEC_ESP
+ </programlisting>
+
+ <para>and recompiling, reinstalling, and rebooting. As before
+ you will need to do this to the kernels on both of the gateway
+ hosts.</para>
+
+ <indexterm>
+ <primary>IKE</primary>
+ </indexterm>
+
+ <para>You have two choices when it comes to setting up security
+ associations. You can configure them by hand between two hosts,
+ which entails choosing the encryption algorithm, encryption keys,
+ and so forth, or you can use daemons that implement the Internet
+ Key Exchange protocol (IKE) to do this for you.</para>
+
+ <para>I recommend the latter. Apart from anything else, it is
+ easier to set up.</para>
+
+ <indexterm>
+ <primary>IPsec</primary>
+ <secondary>security policies</secondary>
+ </indexterm>
+
+ <indexterm>
+ <primary><command>setkey</command></primary>
+ </indexterm>
+
+ <para>Editing and displaying security policies is carried out
+ using &man.setkey.8;. By analogy, <command>setkey</command> is
+ to the kernel's security policy tables as &man.route.8; is to
+ the kernel's routing tables. <command>setkey</command> can
+ also display the current security associations, and to continue
+ the analogy further, is akin to <command>netstat -r</command>
+ in that respect.</para>
+
+ <para>There are a number of choices for daemons to manage
+ security associations with FreeBSD. This article will describe
+ how to use one of these, racoon&nbsp;&mdash; which is available from
+ <filename role="package">security/ipsec-tools</filename> in the &os; Ports
+ collection.</para>
+
+ <indexterm>
+ <primary>racoon</primary>
+ </indexterm>
+
+ <para>The <application>racoon</application> software must be run on both gateway hosts. On each host it
+ is configured with the IP address of the other end of the VPN,
+ and a secret key (which you choose, and must be the same on both
+ gateways).</para>
+
+ <para>The two daemons then contact one another, confirm that they
+ are who they say they are (by using the secret key that you
+ configured). The daemons then generate a new secret key, and use
+ this to encrypt the traffic over the VPN. They periodically
+ change this secret, so that even if an attacker were to crack one
+ of the keys (which is as theoretically close to unfeasible as it
+ gets) it will not do them much good -- by the time they have cracked
+ the key the two daemons have chosen another one.</para>
+
+ <para>The configuration file for racoon is stored in
+ <filename>${PREFIX}/etc/racoon</filename>. You should find a
+ configuration file there, which should not need to be changed
+ too much. The other component of racoon's configuration,
+ which you will need to change, is the <quote>pre-shared
+ key</quote>.</para>
+
+ <para>The default racoon configuration expects to find this in
+ the file <filename>${PREFIX}/etc/racoon/psk.txt</filename>. It is important to note
+ that the pre-shared key is <emphasis>not</emphasis> the key that will be used to
+ encrypt your traffic across the VPN link, it is simply a token
+ that allows the key management daemons to trust one another.</para>
+
+ <para><filename>psk.txt</filename> contains a line for each
+ remote site you are dealing with. In this example, where there
+ are two sites, each <filename>psk.txt</filename> file will contain one line (because
+ each end of the VPN is only dealing with one other end).</para>
+
+ <para>On gateway host #1 this line should look like this:</para>
+
+ <programlisting>W.X.Y.Z secret</programlisting>
+
+ <para>That is, the <emphasis>public</emphasis> IP address of the remote end,
+ whitespace, and a text string that provides the secret.
+ Obviously, you should not use <quote>secret</quote> as your key -- the normal
+ rules for choosing a password apply.</para>
+
+ <para>On gateway host #2 the line would look like this</para>
+
+ <programlisting>A.B.C.D secret</programlisting>
+
+ <para>That is, the public IP address of the remote end, and the
+ same secret key. <filename>psk.txt</filename> must be mode
+ <literal>0600</literal> (i.e., only read/write to
+ <username>root</username>) before racoon will run.</para>
+
+ <para>You must run racoon on both gateway machines. You will
+ also need to add some firewall rules to allow the IKE traffic,
+ which is carried over UDP to the ISAKMP (Internet Security Association
+ Key Management Protocol) port. Again, this should be fairly early in
+ your firewall ruleset.</para>
+
+ <programlisting>ipfw add 1 allow udp from A.B.C.D to W.X.Y.Z isakmp
+ipfw add 1 allow udp from W.X.Y.Z to A.B.C.D isakmp
+ </programlisting>
+
+ <para>Once racoon is running you can try pinging one gateway host
+ from the other. The connection is still not encrypted, but
+ racoon will then set up the security associations between the two
+ hosts -- this might take a moment, and you may see this as a
+ short delay before the ping commands start responding.</para>
+
+ <para>Once the security association has been set up you can
+ view it using &man.setkey.8;. Run</para>
+
+ <programlisting>setkey -D</programlisting>
+
+ <para>on either host to view the security association information.</para>
+
+ <para>That's one half of the problem. They other half is setting
+ your security policies.</para>
+
+ <para>To create a sensible security policy, let's review what's
+ been set up so far. This discussions hold for both ends of the
+ link.</para>
+
+ <para>Each IP packet that you send out has a header that contains
+ data about the packet. The header includes the IP addresses of
+ both the source and destination. As we already know, private IP
+ addresses, such as the <hostid role="ipaddr">192.168.x.y</hostid>
+ range are not supposed to appear on the public Internet.
+ Instead, they must first be encapsulated inside another packet.
+ This packet must have the public source and destination IP
+ addresses substituted for the private addresses.</para>
+
+ <para>So if your outgoing packet started looking like this:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="security/ipsec-out-pkt" align="center">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced">
+ .----------------------.
+ | Src: 192.168.1.1 |
+ | Dst: 192.168.2.1 |
+ | &lt;other header info&gt; |
+ +----------------------+
+ | &lt;packet data&gt; |
+ `----------------------'</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>Then it will be encapsulated inside another packet, looking
+ something like this:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="security/ipsec-encap-pkt" align="center">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced">
+ .--------------------------.
+ | Src: A.B.C.D |
+ | Dst: W.X.Y.Z |
+ | &lt;other header info&gt; |
+ +--------------------------+
+ | .----------------------. |
+ | | Src: 192.168.1.1 | |
+ | | Dst: 192.168.2.1 | |
+ | | &lt;other header info&gt; | |
+ | +----------------------+ |
+ | | &lt;packet data&gt; | |
+ | `----------------------' |
+ `--------------------------'</literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>This encapsulation is carried out by the
+ <devicename>gif</devicename> device. As
+ you can see, the packet now has real IP addresses on the outside,
+ and our original packet has been wrapped up as data inside the
+ packet that will be put out on the Internet.</para>
+
+ <para>Obviously, we want all traffic between the VPNs to be
+ encrypted. You might try putting this in to words, as:</para>
+
+ <para><quote>If a packet leaves from <hostid
+ role="ipaddr">A.B.C.D</hostid>, and it is destined for <hostid
+ role="ipaddr">W.X.Y.Z</hostid>, then encrypt it, using the
+ necessary security associations.</quote></para>
+
+ <para><quote>If a packet arrives from <hostid
+ role="ipaddr">W.X.Y.Z</hostid>, and it is destined for <hostid
+ role="ipaddr">A.B.C.D</hostid>, then decrypt it, using the
+ necessary security associations.</quote></para>
+
+ <para>That's close, but not quite right. If you did this, all
+ traffic to and from <hostid role="ipaddr">W.X.Y.Z</hostid>, even
+ traffic that was not part of the VPN, would be encrypted. That's
+ not quite what you want. The correct policy is as follows</para>
+
+ <para><quote>If a packet leaves from <hostid
+ role="ipaddr">A.B.C.D</hostid>, and that packet is encapsulating
+ another packet, and it is destined for <hostid
+ role="ipaddr">W.X.Y.Z</hostid>, then encrypt it, using the
+ necessary security associations.</quote></para>
+
+ <para><quote>If a packet arrives from <hostid
+ role="ipaddr">W.X.Y.Z</hostid>, and that packet is encapsulating
+ another packet, and it is destined for <hostid
+ role="ipaddr">A.B.C.D</hostid>, then decrypt it, using the
+ necessary security associations.</quote></para>
+
+ <para>A subtle change, but a necessary one.</para>
+
+ <para>Security policies are also set using &man.setkey.8;.
+ &man.setkey.8; features a configuration language for defining the
+ policy. You can either enter configuration instructions via
+ stdin, or you can use the <option>-f</option> option to specify a
+ filename that contains configuration instructions.</para>
+
+ <para>The configuration on gateway host #1 (which has the public
+ IP address <hostid role="ipaddr">A.B.C.D</hostid>) to force all
+ outbound traffic to <hostid role="ipaddr">W.X.Y.Z</hostid> to be
+ encrypted is:</para>
+
+ <programlisting>
+spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P out ipsec esp/tunnel/A.B.C.D-W.X.Y.Z/require;
+ </programlisting>
+
+ <para>Put these commands in a file (e.g.
+ <filename>/etc/ipsec.conf</filename>) and then run</para>
+
+ <screen>&prompt.root; <userinput>setkey -f /etc/ipsec.conf</userinput></screen>
+
+ <para><option>spdadd</option> tells &man.setkey.8; that we want
+ to add a rule to the secure policy database. The rest of this
+ line specifies which packets will match this policy. <hostid
+ role="ipaddr">A.B.C.D/32</hostid> and <hostid
+ role="ipaddr">W.X.Y.Z/32</hostid> are the IP addresses and
+ netmasks that identify the network or hosts that this policy will
+ apply to. In this case, we want it to apply to traffic between
+ these two hosts. <option>ipencap</option> tells the kernel that
+ this policy should only apply to packets that encapsulate other
+ packets. <option>-P out</option> says that this policy applies
+ to outgoing packets, and <option>ipsec</option> says that the
+ packet will be secured.</para>
+
+ <para>The second line specifies how this packet will be
+ encrypted. <option>esp</option> is the protocol that will be
+ used, while <option>tunnel</option> indicates that the packet
+ will be further encapsulated in an IPsec packet. The repeated
+ use of <hostid role="ipaddr">A.B.C.D</hostid> and <hostid
+ role="ipaddr">W.X.Y.Z</hostid> is used to select the security
+ association to use, and the final <option>require</option>
+ mandates that packets must be encrypted if they match this
+ rule.</para>
+
+ <para>This rule only matches outgoing packets. You will need a
+ similar rule to match incoming packets.</para>
+
+ <programlisting>spdadd W.X.Y.Z/32 A.B.C.D/32 ipencap -P in ipsec esp/tunnel/W.X.Y.Z-A.B.C.D/require;</programlisting>
+
+ <para>Note the <option>in</option> instead of
+ <option>out</option> in this case, and the necessary reversal of
+ the IP addresses.</para>
+
+ <para>The other gateway host (which has the public IP address
+ <hostid role="ipaddr">W.X.Y.Z</hostid>) will need similar rules.</para>
+
+ <programlisting>spdadd W.X.Y.Z/32 A.B.C.D/32 ipencap -P out ipsec esp/tunnel/W.X.Y.Z-A.B.C.D/require;
+spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P in ipsec esp/tunnel/A.B.C.D-W.X.Y.Z/require;</programlisting>
+
+ <para>Finally, you need to add firewall rules to allow ESP and
+ IPENCAP packets back and forth. These rules will need to be
+ added to both hosts.</para>
+
+ <programlisting>ipfw add 1 allow esp from A.B.C.D to W.X.Y.Z
+ipfw add 1 allow esp from W.X.Y.Z to A.B.C.D
+ipfw add 1 allow ipencap from A.B.C.D to W.X.Y.Z
+ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
+ </programlisting>
+
+ <para>Because the rules are symmetric you can use the same rules
+ on each gateway host.</para>
+
+ <para>Outgoing packets will now look something like this:</para>
+
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="security/ipsec-crypt-pkt" align="center">
+ </imageobject>
+
+ <textobject>
+ <literallayout class="monospaced">
+ .------------------------------. --------------------------.
+ | Src: A.B.C.D | |
+ | Dst: W.X.Y.Z | |
+ | &lt;other header info&gt; | | Encrypted
+ +------------------------------+ | packet.
+ | .--------------------------. | -------------. | contents
+ | | Src: A.B.C.D | | | | are
+ | | Dst: W.X.Y.Z | | | | completely
+ | | &lt;other header info&gt; | | | |- secure
+ | +--------------------------+ | | Encap'd | from third
+ | | .----------------------. | | -. | packet | party
+ | | | Src: 192.168.1.1 | | | | Original |- with real | snooping
+ | | | Dst: 192.168.2.1 | | | | packet, | IP addr |
+ | | | &lt;other header info&gt; | | | |- private | |
+ | | +----------------------+ | | | IP addr | |
+ | | | &lt;packet data&gt; | | | | | |
+ | | `----------------------' | | -' | |
+ | `--------------------------' | -------------' |
+ `------------------------------' --------------------------'
+ </literallayout>
+ </textobject>
+ </mediaobject>
+
+ <para>When they are received by the far end of the VPN they will
+ first be decrypted (using the security associations that have
+ been negotiated by racoon). Then they will enter the
+ <devicename>gif</devicename> interface, which will unwrap
+ the second layer, until you are left with the innermost
+ packet, which can then travel in to the inner network.</para>
+
+ <para>You can check the security using the same &man.ping.8; test from
+ earlier. First, log in to the
+ <hostid role="ipaddr">A.B.C.D</hostid> gateway machine, and
+ run:</para>
+
+ <programlisting>tcpdump dst host 192.168.2.1</programlisting>
+
+ <para>In another log in session on the same host run</para>
+
+ <programlisting>ping 192.168.2.1</programlisting>
+
+ <para>This time you should see output like the following:</para>
+
+ <programlisting>XXX tcpdump output</programlisting>
+
+ <para>Now, as you can see, &man.tcpdump.1; shows the ESP packets. If
+ you try to examine them with the <option>-s</option> option you will see
+ (apparently) gibberish, because of the encryption.</para>
+
+ <para>Congratulations. You have just set up a VPN between two
+ remote sites.</para>
+
+ <itemizedlist>
+ <title>Summary</title>
+ <listitem>
+ <para>Configure both kernels with:</para>
+
+ <programlisting>options IPSEC
+options IPSEC_ESP
+ </programlisting>
+ </listitem>
+ <listitem>
+ <para>Install <filename
+ role="package">security/ipsec-tools</filename>. Edit
+ <filename>${PREFIX}/etc/racoon/psk.txt</filename> on both
+ gateway hosts, adding an entry for the remote host's IP
+ address and a secret key that they both know. Make sure
+ this file is mode 0600.</para>
+ </listitem>
+ <listitem>
+ <para>Add the following lines to
+ <filename>/etc/rc.conf</filename> on each host:</para>
+
+ <programlisting>ipsec_enable="YES"
+ipsec_file="/etc/ipsec.conf"
+ </programlisting>
+ </listitem>
+ <listitem>
+ <para>Create an <filename>/etc/ipsec.conf</filename> on each
+ host that contains the necessary spdadd lines. On gateway
+ host #1 this would be:</para>
+
+ <programlisting>
+spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P out ipsec
+ esp/tunnel/A.B.C.D-W.X.Y.Z/require;
+spdadd W.X.Y.Z/32 A.B.C.D/32 ipencap -P in ipsec
+ esp/tunnel/W.X.Y.Z-A.B.C.D/require;
+</programlisting>
+
+ <para>On gateway host #2 this would be:</para>
+
+<programlisting>
+spdadd W.X.Y.Z/32 A.B.C.D/32 ipencap -P out ipsec
+ esp/tunnel/W.X.Y.Z-A.B.C.D/require;
+spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P in ipsec
+ esp/tunnel/A.B.C.D-W.X.Y.Z/require;
+</programlisting>
+ </listitem>
+ <listitem>
+ <para>Add firewall rules to allow IKE, ESP, and IPENCAP
+ traffic to both hosts:</para>
+
+ <programlisting>
+ipfw add 1 allow udp from A.B.C.D to W.X.Y.Z isakmp
+ipfw add 1 allow udp from W.X.Y.Z to A.B.C.D isakmp
+ipfw add 1 allow esp from A.B.C.D to W.X.Y.Z
+ipfw add 1 allow esp from W.X.Y.Z to A.B.C.D
+ipfw add 1 allow ipencap from A.B.C.D to W.X.Y.Z
+ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
+ </programlisting>
+ </listitem>
+ </itemizedlist>
+
+ <para>The previous two steps should suffice to get the VPN up and
+ running. Machines on each network will be able to refer to one
+ another using IP addresses, and all traffic across the link will
+ be automatically and securely encrypted.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="openssh">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Chern</firstname>
+ <surname>Lee</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ <!-- 21 April 2001 -->
+ </authorgroup>
+ </sect1info>
+
+ <title>OpenSSH</title>
+ <indexterm><primary>OpenSSH</primary></indexterm>
+ <indexterm>
+ <primary>security</primary>
+ <secondary>OpenSSH</secondary>
+ </indexterm>
+
+ <para><application>OpenSSH</application> is a set of network connectivity tools used to
+ access remote machines securely. It can be used as a direct
+ replacement for <command>rlogin</command>,
+ <command>rsh</command>, <command>rcp</command>, and
+ <command>telnet</command>. Additionally, any other TCP/IP
+ connections can be tunneled/forwarded securely through SSH.
+ <application>OpenSSH</application> encrypts all traffic to effectively eliminate eavesdropping,
+ connection hijacking, and other network-level attacks.</para>
+
+ <para><application>OpenSSH</application> is maintained by the OpenBSD project, and is based
+ upon SSH v1.2.12 with all the recent bug fixes and updates. It
+ is compatible with both SSH protocols 1 and 2. <application>OpenSSH</application> has been
+ in the base system since FreeBSD&nbsp;4.0.</para>
+
+ <sect2>
+ <title>Advantages of Using OpenSSH</title>
+
+ <para>Normally, when using &man.telnet.1; or &man.rlogin.1;,
+ data is sent over the network in an clear, un-encrypted form.
+ Network sniffers anywhere in between the client and server can
+ steal your user/password information or data transferred in
+ your session. <application>OpenSSH</application> offers a variety of authentication and
+ encryption methods to prevent this from happening.</para>
+ </sect2>
+
+ <sect2>
+ <title>Enabling sshd</title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>enabling</secondary>
+ </indexterm>
+
+ <para>The <application>sshd</application> daemon is enabled by
+ default on &os;&nbsp;4.X and is enabled or not during the
+ installation by the user of &os;&nbsp;5.X. To see if it is
+ enabled, check the <filename>rc.conf</filename> file for:</para>
+ <screen>sshd_enable="YES"</screen>
+ <para>This will load &man.sshd.8;, the daemon program for <application>OpenSSH</application>,
+ the next time your system initializes. Alternatively, you can
+ simply run directly the <application>sshd</application> daemon by typing <command>sshd</command> on the command line.</para>
+ </sect2>
+
+ <sect2>
+ <title>SSH Client</title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>client</secondary>
+ </indexterm>
+
+ <para>The &man.ssh.1; utility works similarly to
+ &man.rlogin.1;.</para>
+
+ <screen>&prompt.root; <userinput>ssh <replaceable>user@example.com</replaceable></userinput>
+Host key not found from the list of known hosts.
+Are you sure you want to continue connecting (yes/no)? <userinput>yes</userinput>
+Host 'example.com' added to the list of known hosts.
+user@example.com's password: <userinput>*******</userinput></screen>
+
+ <para>The login will continue just as it would have if a session was
+ created using <command>rlogin</command> or
+ <command>telnet</command>. SSH utilizes a key fingerprint
+ system for verifying the authenticity of the server when the
+ client connects. The user is prompted to enter
+ <literal>yes</literal> only when
+ connecting for the first time. Future attempts to login are all
+ verified against the saved fingerprint key. The SSH client
+ will alert you if the saved fingerprint differs from the
+ received fingerprint on future login attempts. The fingerprints
+ are saved in <filename>~/.ssh/known_hosts</filename>, or
+ <filename>~/.ssh/known_hosts2</filename> for SSH v2
+ fingerprints.</para>
+
+ <para>By default, recent versions of the
+ <application>OpenSSH</application> servers only accept SSH v2
+ connections. The client will use version 2 if possible and
+ will fall back to version 1. The client can also be forced to
+ use one or the other by passing it the <option>-1</option> or
+ <option>-2</option> for version 1 or version 2, respectively.
+ The version 1 compatability is maintained in the client for
+ backwards compatability with older versions.</para>
+ </sect2>
+
+ <sect2>
+ <title>Secure Copy</title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>secure copy</secondary>
+ </indexterm>
+ <indexterm><primary><command>scp</command></primary></indexterm>
+
+ <para>The &man.scp.1; command works similarly to
+ &man.rcp.1;; it copies a file to or from a remote machine,
+ except in a secure fashion.</para>
+
+ <screen>&prompt.root; <userinput> scp <replaceable>user@example.com:/COPYRIGHT COPYRIGHT</replaceable></userinput>
+user@example.com's password: <userinput>*******</userinput>
+COPYRIGHT 100% |*****************************| 4735
+00:00
+&prompt.root;</screen>
+ <para>Since the fingerprint was already saved for this host in the
+ previous example, it is verified when using &man.scp.1;
+ here.</para>
+
+ <para>The arguments passed to &man.scp.1; are similar
+ to &man.cp.1;, with the file or files in the first
+ argument, and the destination in the second. Since the file is
+ fetched over the network, through SSH, one or more of the file
+ arguments takes on the form
+ <option>user@host:&lt;path_to_remote_file&gt;</option>.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Configuration</title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>configuration</secondary>
+ </indexterm>
+
+ <para>The system-wide configuration files for both the
+ <application>OpenSSH</application> daemon and client reside
+ within the <filename>/etc/ssh</filename> directory.</para>
+
+ <para><filename>ssh_config</filename> configures the client
+ settings, while <filename>sshd_config</filename> configures the
+ daemon.</para>
+
+ <para>Additionally, the <option>sshd_program</option>
+ (<filename>/usr/sbin/sshd</filename> by default), and
+ <option>sshd_flags</option> <filename>rc.conf</filename>
+ options can provide more levels of configuration.</para>
+ </sect2>
+
+ <sect2 id="security-ssh-keygen">
+ <title>ssh-keygen</title>
+
+ <para>Instead of using passwords, &man.ssh-keygen.1; can
+ be used to generate DSA or RSA keys to authenticate a user:</para>
+
+ <screen>&prompt.user; <userinput>ssh-keygen -t <replaceable>dsa</replaceable></userinput>
+Generating public/private dsa key pair.
+Enter file in which to save the key (/home/user/.ssh/id_dsa):
+Created directory '/home/user/.ssh'.
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Your identification has been saved in /home/user/.ssh/id_dsa.
+Your public key has been saved in /home/user/.ssh/id_dsa.pub.
+The key fingerprint is:
+bb:48:db:f2:93:57:80:b6:aa:bc:f5:d5:ba:8f:79:17 user@host.example.com
+</screen>
+
+ <para>&man.ssh-keygen.1; will create a public and private
+ key pair for use in authentication. The private key is stored in
+ <filename>~/.ssh/id_dsa</filename> or
+ <filename>~/.ssh/id_rsa</filename>, whereas the public key is
+ stored in <filename>~/.ssh/id_dsa.pub</filename> or
+ <filename>~/.ssh/id_rsa.pub</filename>, respectively for DSA and
+ RSA key types. The public key must be placed in
+ <filename>~/.ssh/authorized_keys</filename> of the remote
+ machine in order for the setup to work. Similarly, RSA version
+ 1 public keys should be placed in
+ <filename>~/.ssh/authorized_keys</filename>.</para>
+
+ <para>This will allow connection to the remote machine based upon
+ SSH keys instead of passwords.</para>
+
+ <para>If a passphrase is used in &man.ssh-keygen.1;, the user
+ will be prompted for a password each time in order to use the
+ private key. &man.ssh-agent.1; can alleviate the strain of
+ repeatedly entering long passphrases, and is explored in the
+ <xref linkend="security-ssh-agent"> section below.</para>
+
+ <warning><para>The various options and files can be different
+ according to the <application>OpenSSH</application> version
+ you have on your system; to avoid problems you should consult
+ the &man.ssh-keygen.1; manual page.</para></warning>
+ </sect2>
+
+ <sect2 id="security-ssh-agent">
+ <title>ssh-agent and ssh-add</title>
+
+ <para>The &man.ssh-agent.1; and &man.ssh-add.1; utilities provide
+ methods for <application>SSH</application> keys to be loaded
+ into memory for use, without needing to type the passphrase
+ each time.</para>
+
+ <para>The &man.ssh-agent.1; utility will handle the authentication
+ using the private key(s) that are loaded into it.
+ &man.ssh-agent.1; should be used to launch another application.
+ At the most basic level, it could spawn a shell or at a more
+ advanced level, a window manager.<para>
+
+ <para>To use &man.ssh-agent.1; in a shell, first it will need to
+ be spawned with a shell as an argument. Secondly, the
+ identity needs to be added by running &man.ssh-add.1; and
+ providing it the passphrase for the private key. Once these
+ steps have been completed the user will be able to &man.ssh.1;
+ to any host that has the corresponding public key installed.
+ For example:</para>
+
+ <screen>&prompt.user; ssh-agent <replaceable>csh</replaceable>
+&prompt.user; ssh-add
+Enter passphrase for /home/user/.ssh/id_dsa:
+Identity added: /home/user/.ssh/id_dsa (/home/user/.ssh/id_dsa)
+&prompt.user;</screen>
+
+ <para>To use &man.ssh-agent.1; in X11, a call to
+ &man.ssh-agent.1; will need to be placed in
+ <filename>~/.xinitrc</filename>. This will provide the
+ &man.ssh-agent.1; services to all programs launched in X11.
+ An example <filename>~/.xinitrc</filename> file might look
+ like this:</para>
+
+ <programlisting>exec ssh-agent <replaceable>startxfce4</replaceable></programlisting>
+
+ <para>This would launch &man.ssh-agent.1;, which would in turn
+ launch <application>XFCE</application>, every time X11 starts.
+ Then once that is done and X11 has been restarted so that the
+ changes can take effect, simply run &man.ssh-add.1; to load
+ all of your SSH keys.</para>
+ </sect2>
+
+ <sect2 id="security-ssh-tunneling">
+ <title>SSH Tunneling</title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>tunneling</secondary>
+ </indexterm>
+
+ <para><application>OpenSSH</application> has the ability to create a tunnel to encapsulate
+ another protocol in an encrypted session.</para>
+
+ <para>The following command tells &man.ssh.1; to create a tunnel
+ for <application>telnet</application>:</para>
+
+ <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5023:localhost:23 user@foo.example.com</replaceable></userinput>
+&prompt.user;</screen>
+
+ <para>The <command>ssh</command> command is used with the
+ following options:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-2</option></term>
+
+ <listitem>
+ <para>Forces <command>ssh</command> to use version 2 of
+ the protocol. (Do not use if you are working with older
+ SSH servers)</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-N</option></term>
+
+ <listitem>
+ <para>Indicates no command, or tunnel only. If omitted,
+ <command>ssh</command> would initiate a normal
+ session.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-f</option></term>
+
+ <listitem>
+ <para>Forces <command>ssh</command> to run in the
+ background.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-L</option></term>
+
+ <listitem>
+ <para>Indicates a local tunnel in
+ <replaceable>localport:remotehost:remoteport</replaceable>
+ fashion.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>user@foo.example.com</option></term>
+
+ <listitem>
+ <para>The remote SSH server.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+
+ <para>An SSH tunnel works by creating a listen socket on
+ <hostid>localhost</hostid> on the specified port.
+ It then forwards any connection received
+ on the local host/port via the SSH connection to the specified
+ remote host and port.</para>
+
+ <para>In the example, port <replaceable>5023</replaceable> on
+ <hostid>localhost</hostid> is being forwarded to port
+ <replaceable>23</replaceable> on <hostid>localhost</hostid>
+ of the remote machine. Since <replaceable>23</replaceable> is <application>telnet</application>,
+ this would create a secure <application>telnet</application> session through an SSH tunnel.</para>
+
+ <para>This can be used to wrap any number of insecure TCP
+ protocols such as SMTP, POP3, FTP, etc.</para>
+
+ <example>
+ <title>Using SSH to Create a Secure Tunnel for SMTP</title>
+
+ <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5025:localhost:25 user@mailserver.example.com</replaceable></userinput>
+user@mailserver.example.com's password: <userinput>*****</userinput>
+&prompt.user; <userinput>telnet localhost 5025</userinput>
+Trying 127.0.0.1...
+Connected to localhost.
+Escape character is '^]'.
+220 mailserver.example.com ESMTP</screen>
+
+ <para>This can be used in conjunction with an
+ &man.ssh-keygen.1; and additional user accounts to create a
+ more seamless/hassle-free SSH tunneling environment. Keys
+ can be used in place of typing a password, and the tunnels
+ can be run as a separate user.</para>
+ </example>
+
+ <sect3>
+ <title>Practical SSH Tunneling Examples</title>
+
+ <sect4>
+ <title>Secure Access of a POP3 Server</title>
+
+ <para>At work, there is an SSH server that accepts
+ connections from the outside. On the same office network
+ resides a mail server running a POP3 server. The network,
+ or network path between your home and office may or may not
+ be completely trustable. Because of this, you need to check
+ your e-mail in a secure manner. The solution is to create
+ an SSH connection to your office's SSH server, and tunnel
+ through to the mail server.</para>
+
+ <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>2110:mail.example.com:110 user@ssh-server.example.com</replaceable></userinput>
+user@ssh-server.example.com's password: <userinput>******</userinput></screen>
+
+ <para>When the tunnel is up and running, you can point your
+ mail client to send POP3 requests to <hostid>localhost</hostid>
+ port 2110. A connection here will be forwarded securely across
+ the tunnel to <hostid>mail.example.com</hostid>.</para>
+ </sect4>
+
+ <sect4>
+ <title>Bypassing a Draconian Firewall</title>
+
+ <para>Some network administrators impose extremely draconian
+ firewall rules, filtering not only incoming connections,
+ but outgoing connections. You may be only given access
+ to contact remote machines on ports 22 and 80 for SSH
+ and web surfing.</para>
+
+ <para>You may wish to access another (perhaps non-work
+ related) service, such as an Ogg Vorbis server to stream
+ music. If this Ogg Vorbis server is streaming on some other
+ port than 22 or 80, you will not be able to access it.</para>
+
+ <para>The solution is to create an SSH connection to a machine
+ outside of your network's firewall, and use it to tunnel to
+ the Ogg Vorbis server.</para>
+
+ <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>8888:music.example.com:8000 user@unfirewalled-system.example.org</replaceable></userinput>
+user@unfirewalled-system.example.org's password: <userinput>*******</userinput></screen>
+
+ <para>Your streaming client can now be pointed to
+ <hostid>localhost</hostid> port 8888, which will be
+ forwarded over to <hostid>music.example.com</hostid> port
+ 8000, successfully evading the firewall.</para>
+ </sect4>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>The <varname>AllowUsers</varname> Users Option</title>
+
+ <para>It is often a good idea to limit which users can log in and
+ from where. The <literal>AllowUsers</literal> option is a good
+ way to accomplish this. For example, to only allow the
+ <username>root</username> user to log in from
+ <hostid role="ipaddr">192.168.1.32</hostid>, something like this
+ would be appropriate in the
+ <filename>/etc/ssh/sshd_config</filename> file:</para>
+
+ <programlisting>AllowUsers root@192.168.1.32</programlisting>
+
+ <para>To allow the user <username>admin</username> to log in from
+ anywhere, just list the username by itself:</para>
+
+ <programlisting>AllowUsers admin</programlisting>
+
+ <para>Multiple users should be listed on the same line, like so:</para>
+
+ <programlisting>AllowUsers root@192.168.1.32 admin</programlisting>
+
+ <note>
+ <para>It is important that you list each user that needs to
+ log in to this machine; otherwise they will be locked out.</para>
+ </note>
+
+ <para>After making changes to
+ <filename>/etc/ssh/sshd_config</filename> you must tell
+ &man.sshd.8; to reload its config files, by running:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/sshd reload</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Further Reading</title>
+ <para><ulink url="http://www.openssh.com/">OpenSSH</ulink></para>
+ <para>&man.ssh.1; &man.scp.1; &man.ssh-keygen.1;
+ &man.ssh-agent.1; &man.ssh-add.1; &man.ssh.config.5;</para>
+ <para>&man.sshd.8; &man.sftp-server.8; &man.sshd.config.5;</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="fs-acl">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <indexterm>
+ <primary>ACL</primary>
+ </indexterm>
+ <title>File System Access Control Lists</title>
+
+ <para>In conjunction with file system enhancements like snapshots, FreeBSD 5.0
+ and later offers the security of File System Access Control Lists
+ (<acronym>ACLs</acronym>).</para>
+
+ <para>Access Control Lists extend the standard &unix;
+ permission model in a highly compatible (&posix;.1e) way. This feature
+ permits an administrator to make use of and take advantage of a
+ more sophisticated security model.</para>
+
+ <para>To enable <acronym>ACL</acronym> support for <acronym>UFS</acronym>
+ file systems, the following:</para>
+
+ <programlisting>options UFS_ACL</programlisting>
+
+ <para>must be compiled into the kernel. If this option has
+ not been compiled in, a warning message will be displayed
+ when attempting to mount a file system supporting <acronym>ACLs</acronym>.
+ This option is included in the <filename>GENERIC</filename> kernel.
+ <acronym>ACLs</acronym> rely on extended attributes being enabled on
+ the file system. Extended attributes are natively supported in the next generation
+ &unix; file system, <acronym>UFS2</acronym>.</para>
+
+ <note><para>A higher level of administrative overhead is required to
+ configure extended attributes on <acronym>UFS1</acronym> than on
+ <acronym>UFS2</acronym>. The performance of extended attributes
+ on <acronym>UFS2</acronym> is also substantially higher. As a
+ result, <acronym>UFS2</acronym> is generally recommended in preference
+ to <acronym>UFS1</acronym> for use with access control lists.</para></note>
+
+ <para><acronym>ACLs</acronym> are enabled by the mount-time administrative
+ flag, <option>acls</option>, which may be added to <filename>/etc/fstab</filename>.
+ The mount-time flag can also be automatically set in a persistent manner using
+ &man.tunefs.8; to modify a superblock <acronym>ACLs</acronym> flag in the
+ file system header. In general, it is preferred to use the superblock flag
+ for several reasons:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The mount-time <acronym>ACLs</acronym> flag cannot be changed by a
+ remount (&man.mount.8; <option>-u</option>), only by means of a complete
+ &man.umount.8; and fresh &man.mount.8;. This means that
+ <acronym>ACLs</acronym> cannot be enabled on the root file system after boot.
+ It also means that you cannot change the disposition of a file system once
+ it is in use.</para>
+ </listitem>
+
+ <listitem>
+ <para>Setting the superblock flag will cause the file system to always be
+ mounted with <acronym>ACLs</acronym> enabled even if there is not an
+ <filename>fstab</filename> entry or if the devices re-order. This prevents
+ accidental mounting of the file system without <acronym>ACLs</acronym>
+ enabled, which can result in <acronym>ACLs</acronym> being improperly enforced,
+ and hence security problems.</para>
+ </listitem>
+ </itemizedlist>
+
+ <note><para>We may change the <acronym>ACLs</acronym> behavior to allow the flag to
+ be enabled without a complete fresh &man.mount.8;, but we consider it desirable to
+ discourage accidental mounting without <acronym>ACLs</acronym> enabled, because you
+ can shoot your feet quite nastily if you enable <acronym>ACLs</acronym>, then disable
+ them, then re-enable them without flushing the extended attributes. In general, once
+ you have enabled <acronym>ACLs</acronym> on a file system, they should not be disabled,
+ as the resulting file protections may not be compatible with those intended by the
+ users of the system, and re-enabling <acronym>ACLs</acronym> may re-attach the previous
+ <acronym>ACLs</acronym> to files that have since had their permissions changed,
+ resulting in other unpredictable behavior.</para></note>
+
+ <para>File systems with <acronym>ACLs</acronym> enabled will show a <literal>+</literal>
+ (plus) sign in their permission settings when viewed. For example:</para>
+
+ <programlisting>drwx------ 2 robert robert 512 Dec 27 11:54 private
+drwxrwx---+ 2 robert robert 512 Dec 23 10:57 directory1
+drwxrwx---+ 2 robert robert 512 Dec 22 10:20 directory2
+drwxrwx---+ 2 robert robert 512 Dec 27 11:57 directory3
+drwxr-xr-x 2 robert robert 512 Nov 10 11:54 public_html</programlisting>
+
+ <para>Here we see that the <filename>directory1</filename>,
+ <filename>directory2</filename>, and <filename>directory3</filename>
+ directories are all taking advantage of <acronym>ACLs</acronym>. The
+ <filename>public_html</filename> directory is not.</para>
+
+ <sect2>
+ <title>Making Use of <acronym>ACL</acronym>s</title>
+
+ <para>The file system <acronym>ACL</acronym>s can be viewed by the
+ &man.getfacl.1; utility. For instance, to view the
+ <acronym>ACL</acronym> settings on the <filename>test</filename>
+ file, one would use the command:</para>
+
+ <screen>&prompt.user; <userinput>getfacl <filename>test</filename></userinput>
+ #file:test
+ #owner:1001
+ #group:1001
+ user::rw-
+ group::r--
+ other::r--</screen>
+
+ <para>To change the <acronym>ACL</acronym> settings on this file,
+ invoke the &man.setfacl.1; utility. Observe:</para>
+
+ <screen>&prompt.user; <userinput>setfacl -k <filename>test</filename></userinput></screen>
+
+ <para>The <option>-k</option> flag will remove all of the
+ currently defined <acronym>ACL</acronym>s from a file or file
+ system. The more preferable method would be to use
+ <option>-b</option> as it leaves the basic fields required for
+ <acronym>ACL</acronym>s to work.</para>
+
+ <screen>&prompt.user; <userinput>setfacl -m u:trhodes:rwx,group:web:r--,o::--- <filename>test</filename></userinput></screen>
+
+ <para>In the aforementioned command, the <option>-m</option>
+ option was used to modify the default <acronym>ACL</acronym>
+ entries. Since there were no pre-defined entries, as they were
+ removed by the previous command, this will restore the default
+ options and assign the options listed. Take care to notice that
+ if you add a user or group which does not exist on the system,
+ an <errorname>Invalid argument</errorname> error will be printed
+ to <devicename>stdout</devicename>.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="security-portaudit">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <indexterm>
+ <primary>Portaudit</primary>
+ </indexterm>
+ <title>Monitoring Third Party Security Issues</title>
+
+ <para>In recent years, the security world has made many improvements
+ to how vulnerability assessment is handled. The threat of system
+ intrusion increases as third party utilities are installed and
+ configured for virtually any operating system available
+ today.</para>
+
+ <para>Vulnerability assessment is a key factor in security, and
+ while &os; releases advisories for the base system, doing so
+ for every third party utility is beyond the &os; Project's
+ capability. There is a way to mitigate third party
+ vulnerabilities and warn administrators of known security
+ issues. A &os; add on utility known as
+ <application>Portaudit</application> exists solely for this
+ purpose.</para>
+
+ <para>The <filename role="port">security/portaudit</filename> port
+ polls a database, updated and maintained by the &os; Security
+ Team and ports developers, for known security issues.</para>
+
+ <para>To begin using <application>Portaudit</application>, one
+ must install it from the Ports Collection:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/security/portaudit && make install clean</userinput></screen>
+
+ <para>During the install process, the configuration files for
+ &man.periodic.8; will be updated, permitting
+ <application>Portaudit</application> output in the daily security
+ runs. Ensure the daily security run emails, which are sent to
+ <username>root</username>'s email account, are being read. No
+ more configuration will be required here.</para>
+
+ <para>After installation, an administrator must update the database
+ stored locally in
+ <filename role="directory">/var/db/portaudit</filename> by
+ invoking the following command:</para>
+
+ <screen>&prompt.root; <userinput>portaudit -F</userinput></screen>
+
+ <note>
+ <para>The database will automatically be updated during the
+ &man.periodic.8; run; thus, the previous command is completely
+ optional. It is only required for the following
+ examples.</para>
+ </note>
+
+ <para>To audit the third party utilities installed as part of
+ the Ports Collection, an administrator need only run the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>portaudit -a</userinput></screen>
+
+ <para>An example of output is provided:</para>
+
+ <programlisting>Affected package: cups-base-1.1.22.0_1
+Type of problem: cups-base -- HPGL buffer overflow vulnerability.
+Reference: &lt;http://www.FreeBSD.org/ports/portaudit/40a3bca2-6809-11d9-a9e7-0001020eed82.html&gt;
+
+1 problem(s) in your installed packages found.
+
+You are advised to update or deinstall the affected package(s) immediately.</programlisting>
+
+ <para>By pointing a web browser to the <acronym>URL</acronym> shown,
+ an administrator may obtain more information about the
+ vulnerability in question. This will include versions affected,
+ by &os; Port version, along with other web sites which may contain
+ security advisories.</para>
+
+ <para>In short, <application>Portaudit</application> is a powerful
+ utility and extremely useful when coupled with the
+ <application>Portupgrade</application> port.</para>
+ </sect1>
+
+ <sect1 id="security-advisories">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <indexterm>
+ <primary>FreeBSD Security Advisories</primary>
+ </indexterm>
+ <title>&os; Security Advisories</title>
+
+ <para>Like many production quality operating systems, &os; publishes
+ <quote>Security Advisories</quote>. These advisories are usually
+ mailed to the security lists and noted in the Errata only
+ after the appropriate releases have been patched. This section
+ will work to explain what an advisory is, how to understand it,
+ and what measures to take in order to patch a system.</para>
+
+ <sect2>
+ <title>What does an advisory look like?</title>
+
+ <para>The &os; security advisories look similar to the one below,
+ taken from the &a.security-notifications.name; mailing list.</para>
+
+ <programlisting>=============================================================================
+&os;-SA-XX:XX.UTIL Security Advisory
+ The &os; Project
+
+Topic: denial of service due to some problem<co id="co-topic">
+
+Category: core<co id="co-category">
+Module: sys<co id="co-module">
+Announced: 2003-09-23<co id="co-announce">
+Credits: Person@EMAIL-ADDRESS<co id="co-credit">
+Affects: All releases of &os;<co id="co-affects">
+ &os; 4-STABLE prior to the correction date
+Corrected: 2003-09-23 16:42:59 UTC (RELENG_4, 4.9-PRERELEASE)
+ 2003-09-23 20:08:42 UTC (RELENG_5_1, 5.1-RELEASE-p6)
+ 2003-09-23 20:07:06 UTC (RELENG_5_0, 5.0-RELEASE-p15)
+ 2003-09-23 16:44:58 UTC (RELENG_4_8, 4.8-RELEASE-p8)
+ 2003-09-23 16:47:34 UTC (RELENG_4_7, 4.7-RELEASE-p18)
+ 2003-09-23 16:49:46 UTC (RELENG_4_6, 4.6-RELEASE-p21)
+ 2003-09-23 16:51:24 UTC (RELENG_4_5, 4.5-RELEASE-p33)
+ 2003-09-23 16:52:45 UTC (RELENG_4_4, 4.4-RELEASE-p43)
+ 2003-09-23 16:54:39 UTC (RELENG_4_3, 4.3-RELEASE-p39)<co id="co-corrected">
+&os; only: NO<co id="co-only">
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+http://www.FreeBSD.org/security/.
+
+I. Background<co id="co-backround">
+
+
+II. Problem Description<co id="co-descript">
+
+
+III. Impact<co id="co-impact">
+
+
+IV. Workaround<co id="co-workaround">
+
+
+V. Solution<co id="co-solution">
+
+
+VI. Correction details<co id="co-details">
+
+
+VII. References<co id="co-ref"></programlisting>
+
+
+ <calloutlist>
+ <callout arearefs="co-topic">
+ <para>The <literal>Topic</literal> field indicates exactly what the problem is.
+ It is basically an introduction to the current security
+ advisory and notes the utility with the
+ vulnerability.</para>
+ </callout>
+
+ <callout arearefs="co-category">
+ <para>The <literal>Category</literal> refers to the affected part of the system
+ which may be one of <literal>core</literal>, <literal>contrib</literal>, or <literal>ports</literal>. The <literal>core</literal>
+ category means that the vulnerability affects a core
+ component of the &os; operating system. The <literal>contrib</literal>
+ category means that the vulnerability affects software
+ contributed to the &os; Project, such as
+ <application>sendmail</application>. Finally the <literal>ports</literal>
+ category indicates that the vulnerability affects add on
+ software available as part of the Ports Collection.</para>
+ </callout>
+
+ <callout arearefs="co-module">
+ <para>The <literal>Module</literal> field refers to the component location, for
+ instance <literal>sys</literal>. In this example, we see that the module,
+ <literal>sys</literal>, is affected; therefore, this vulnerability
+ affects a component used within the kernel.</para>
+ </callout>
+
+ <callout arearefs="co-announce">
+ <para>The <literal>Announced</literal> field reflects the date said security
+ advisory was published, or announced to the world. This
+ means that the security team has verified that the problem
+ does exist and that a patch has been committed to the &os;
+ source code repository.</para>
+ </callout>
+
+ <callout arearefs="co-credit">
+ <para>The <literal>Credits</literal> field gives credit to the individual or
+ organization who noticed the vulnerability and reported
+ it.</para>
+ </callout>
+
+ <callout arearefs="co-affects">
+ <para>The <literal>Affects</literal> field explains which releases of &os; are
+ affected by this vulnerability. For the kernel, a quick
+ look over the output from <command>ident</command> on the
+ affected files will help in determining the revision.
+ For ports, the version number is listed after the port name
+ in <filename>/var/db/pkg</filename>. If the system does not
+ sync with the &os; <acronym>CVS</acronym> repository and rebuild
+ daily, chances are that it is affected.</para>
+ </callout>
+
+ <callout arearefs="co-corrected">
+ <para>The <literal>Corrected</literal> field indicates the date, time, time
+ offset, and release that was corrected.</para>
+ </callout>
+
+ <callout arearefs="co-only">
+ <para>The <literal>&os; only</literal> field indicates whether this vulnerability
+ affects just &os;, or if it affects other operating systems
+ as well.</para>
+ </callout>
+
+ <callout arearefs="co-backround">
+ <para>The <literal>Background</literal> field gives information on exactly what
+ the affected utility is. Most of the time this is why
+ the utility exists in &os;, what it is used for, and a bit
+ of information on how the utility came to be.</para>
+ </callout>
+
+ <callout arearefs="co-descript">
+ <para>The <literal>Problem Description</literal> field explains the security hole
+ in depth. This can include information on flawed code, or
+ even how the utility could be maliciously used to open
+ a security hole.</para>
+ </callout>
+
+ <callout arearefs="co-impact">
+ <para>The <literal>Impact</literal> field describes what type of impact the
+ problem could have on a system. For example, this could
+ be anything from a denial of service attack, to extra
+ privileges available to users, or even giving the attacker
+ superuser access.</para>
+ </callout>
+
+ <callout arearefs="co-workaround">
+ <para>The <literal>Workaround</literal> field offers a feasible workaround to
+ system administrators who may be incapable of upgrading
+ the system. This may be due to time constraints, network
+ availability, or a slew of other reasons. Regardless,
+ security should not be taken lightly, and an affected system
+ should either be patched or the security hole workaround
+ should be implemented.</para>
+ </callout>
+
+ <callout arearefs="co-solution">
+ <para>The <literal>Solution</literal> field offers instructions on patching the
+ affected system. This is a step by step tested and verified
+ method for getting a system patched and working
+ securely.</para>
+ </callout>
+
+ <callout arearefs="co-details">
+ <para>The <literal>Correction Details</literal> field displays the
+ <acronym>CVS</acronym> branch or release name with the
+ periods changed to underscore characters. It also shows
+ the revision number of the affected files within each
+ branch.</para>
+ </callout>
+
+ <callout arearefs="co-ref">
+ <para>The <literal>References</literal> field usually offers sources of other
+ information. This can included web <acronym>URL</acronym>s,
+ books, mailing lists, and newsgroups.</para>
+ </callout>
+ </calloutlist>
+ </sect2>
+ </sect1>
+
+ <sect1 id="security-accounting">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <indexterm>
+ <primary>Process Accounting</primary>
+ </indexterm>
+ <title>Process Accounting</title>
+
+ <para>Process accounting is a security method in which an
+ administrator may keep track of system resources used,
+ their allocation among users, provide for system monitoring,
+ and minimally track a user's commands.</para>
+
+ <para>This indeed has its own positive and negative points. One of
+ the positives is that an intrusion may be narrowed down
+ to the point of entry. A negative is the amount of logs
+ generated by process accounting, and the disk space they may
+ require. This section will walk an administrator through
+ the basics of process accounting.</para>
+
+ <sect2>
+ <title>Enable and Utilizing Process Accounting</title>
+ <para>Before making use of process accounting, it
+ must be enabled. To do this, execute the following
+ commands:</para>
+
+ <screen>&prompt.root; <userinput>touch <filename>/var/account/acct</filename></userinput>
+
+&prompt.root; <userinput>accton <filename>/var/account/acct</filename></userinput>
+
+&prompt.root; <userinput>echo 'accounting_enable="YES"' &gt;&gt; <filename>/etc/rc.conf</filename></userinput></screen>
+
+ <para>Once enabled, accounting will begin to track
+ <acronym>CPU</acronym> stats, commands, etc. All accounting
+ logs are in a non-human readable format and may be viewed
+ using the &man.sa.8; utility. If issued without any options,
+ <command>sa</command> will print information relating to the
+ number of per user calls, the total elapsed time in minutes,
+ total <acronym>CPU</acronym> and user time in minutes, average
+ number of I/O operations, etc.</para>
+
+ <para>To view information about commands being issued, one
+ would use the &man.lastcomm.1; utility. The
+ <command>lastcomm</command> may be used to print out commands
+ issued by users on specific &man.ttys.5;, for example:</para>
+
+ <screen>&prompt.root; <userinput>lastcomm ls
+ <username>trhodes</username> ttyp1</userinput></screen>
+
+ <para>Would print out all known usage of the <command>ls</command>
+ by <username>trhodes</username> on the ttyp1 terminal.</para>
+
+ <para>Many other useful options exist and are explained in the
+ &man.lastcomm.1;, &man.acct.5; and &man.sa.8; manual
+ pages.</para>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/serialcomms/Makefile b/zh_TW.Big5/books/handbook/serialcomms/Makefile
new file mode 100644
index 0000000000..b83d9a27bb
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/serialcomms/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= serialcomms/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/serialcomms/chapter.sgml b/zh_TW.Big5/books/handbook/serialcomms/chapter.sgml
new file mode 100644
index 0000000000..284f345750
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/serialcomms/chapter.sgml
@@ -0,0 +1,2892 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="serialcomms">
+ <title>Serial Communications</title>
+
+ <sect1 id="serial-synopsis">
+ <title>Synopsis</title>
+
+ <indexterm><primary>serial communications</primary></indexterm>
+ <para>&unix; has always had support for serial communications. In fact,
+ the very first &unix; machines relied on serial lines for user input
+ and output. Things have changed a lot from the days when the average
+ <quote>terminal</quote> consisted of a 10-character-per-second serial
+ printer and a keyboard. This chapter will cover some of the ways in
+ which FreeBSD uses serial communications.</para>
+
+ <para>After reading this chapter, you will know:</para>
+ <itemizedlist>
+ <listitem><para>How to connect terminals to your FreeBSD
+ system.</para></listitem>
+ <listitem><para>How to use a modem to dial out to remote
+ hosts.</para></listitem>
+ <listitem><para>How to allow remote users to login to your
+ system with a modem.</para></listitem>
+ <listitem><para>How to boot your system from a serial
+ console.</para></listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+ <itemizedlist>
+ <listitem><para>Know how to configure and install a new kernel (<xref
+ linkend="kernelconfig">).</para></listitem>
+ <listitem><para>Understand &unix; permissions and processes (<xref linkend="basics">).</para></listitem>
+ <listitem><para>Have access to the technical manual for the
+ serial hardware (modem or multi-port card) that you would like
+ to use with FreeBSD.</para></listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="serial">
+ <title>Introduction</title>
+
+ <!-- XXX Write me! -->
+
+ <sect2 id="serial-terminology">
+ <title>Terminology</title>
+
+ <variablelist>
+ <indexterm><primary>bits-per-second</primary></indexterm>
+ <varlistentry>
+ <term>bps</term>
+ <listitem>
+ <para>Bits per Second &mdash; the rate at which data is
+ transmitted</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>DTE</term>
+ <indexterm><primary>DTE</primary></indexterm>
+ <listitem>
+ <para>Data Terminal Equipment &mdash; for example, your
+ computer</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>DCE</term>
+ <indexterm><primary>DCE</primary></indexterm>
+ <listitem>
+ <para>Data Communications Equipment &mdash; your modem</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>RS-232</term>
+ <indexterm><primary>RS-232C cables</primary></indexterm>
+ <listitem>
+ <para>EIA standard for hardware serial communications</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>When talking about communications data rates, this section
+ does not use the term <quote>baud</quote>. Baud refers to the
+ number of electrical state transitions that may be made in a
+ period of time, while <quote>bps</quote> (bits per second) is
+ the <emphasis>correct</emphasis> term to use (at least it does not
+ seem to bother the curmudgeons quite as much).</para>
+ </sect2>
+
+ <sect2 id="serial-cables-ports">
+ <title>Cables and Ports</title>
+
+ <para>To connect a modem or terminal to your FreeBSD system, you
+ will need a serial port on your computer and the proper cable to connect
+ to your serial device. If you are already familiar with your
+ hardware and the cable it requires, you can safely skip this
+ section.</para>
+
+ <sect3 id="term-cables">
+ <title>Cables</title>
+
+ <para>There are several different kinds of serial cables. The
+ two most common types for our purposes are null-modem cables
+ and standard (<quote>straight</quote>) RS-232 cables. The documentation
+ for your hardware should describe the type of cable
+ required.</para>
+
+ <sect4 id="term-cables-null">
+ <title>Null-modem Cables</title>
+
+ <indexterm>
+ <primary>null-modem cable</primary>
+ </indexterm>
+ <para>A null-modem cable passes some signals, such as <quote>Signal
+ Ground</quote>, straight through, but switches other signals. For
+ example, the <quote>Transmitted Data</quote> pin on one end goes to the
+ <quote>Received Data</quote> pin on the other end.</para>
+
+ <para>You can also construct your own null-modem cable for use with
+ terminals (e.g., for quality purposes). This table shows the RS-232C
+ <link linkend="serialcomms-signal-names">signals</link> and the pin
+ numbers on a DB-25 connector. Note that the standard also calls for a
+ straight-through pin 1 to pin 1 <emphasis>Protective Ground</emphasis>
+ line, but it is often omitted. Some terminals work OK using only
+ pins 2, 3 and 7, while others require different configurations than
+ the examples shown below.</para>
+
+ <table frame="none" pgwide="1">
+ <title>DB-25 to DB-25 Null-Modem Cable</title>
+
+ <tgroup cols="5">
+ <thead>
+ <row>
+ <entry align="left">Signal</entry>
+ <entry align="left">Pin #</entry>
+ <entry></entry>
+ <entry align="left">Pin #</entry>
+ <entry align="left">Signal</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>SG</entry>
+ <entry>7</entry>
+ <entry>connects to</entry>
+ <entry>7</entry>
+ <entry>SG</entry>
+ </row>
+
+ <row>
+ <entry>TD</entry>
+ <entry>2</entry>
+ <entry>connects to</entry>
+ <entry>3</entry>
+ <entry>RD</entry>
+ </row>
+
+ <row>
+ <entry>RD</entry>
+ <entry>3</entry>
+ <entry>connects to</entry>
+ <entry>2</entry>
+ <entry>TD</entry>
+ </row>
+
+ <row>
+ <entry>RTS</entry>
+ <entry>4</entry>
+ <entry>connects to</entry>
+ <entry>5</entry>
+ <entry>CTS</entry>
+ </row>
+
+ <row>
+ <entry>CTS</entry>
+ <entry>5</entry>
+ <entry>connects to</entry>
+ <entry>4</entry>
+ <entry>RTS</entry>
+ </row>
+
+ <row>
+ <entry>DTR</entry>
+ <entry>20</entry>
+ <entry>connects to</entry>
+ <entry>6</entry>
+ <entry>DSR</entry>
+ </row>
+
+ <row>
+ <entry>DTR</entry>
+ <entry>20</entry>
+ <entry>connects to</entry>
+ <entry>8</entry>
+ <entry>DCD</entry>
+ </row>
+
+ <row>
+ <entry>DSR</entry>
+ <entry>6</entry>
+ <entry>connects to</entry>
+ <entry>20</entry>
+ <entry>DTR</entry>
+ </row>
+
+ <row>
+ <entry>DCD</entry>
+ <entry>8</entry>
+ <entry>connects to</entry>
+ <entry>20</entry>
+ <entry>DTR</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>Here are two other schemes more common nowadays.</para>
+
+ <table frame="none" pgwide="1">
+ <title>DB-9 to DB-9 Null-Modem Cable</title>
+
+ <tgroup cols="5">
+ <thead>
+ <row>
+ <entry align="left">Signal</entry>
+ <entry align="left">Pin #</entry>
+ <entry></entry>
+ <entry align="left">Pin #</entry>
+ <entry align="left">Signal</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>RD</entry>
+ <entry>2</entry>
+ <entry>connects to</entry>
+ <entry>3</entry>
+ <entry>TD</entry>
+ </row>
+
+ <row>
+ <entry>TD</entry>
+ <entry>3</entry>
+ <entry>connects to</entry>
+ <entry>2</entry>
+ <entry>RD</entry>
+ </row>
+
+ <row>
+ <entry>DTR</entry>
+ <entry>4</entry>
+ <entry>connects to</entry>
+ <entry>6</entry>
+ <entry>DSR</entry>
+ </row>
+
+ <row>
+ <entry>DTR</entry>
+ <entry>4</entry>
+ <entry>connects to</entry>
+ <entry>1</entry>
+ <entry>DCD</entry>
+ </row>
+
+ <row>
+ <entry>SG</entry>
+ <entry>5</entry>
+ <entry>connects to</entry>
+ <entry>5</entry>
+ <entry>SG</entry>
+ </row>
+
+ <row>
+ <entry>DSR</entry>
+ <entry>6</entry>
+ <entry>connects to</entry>
+ <entry>4</entry>
+ <entry>DTR</entry>
+ </row>
+
+ <row>
+ <entry>DCD</entry>
+ <entry>1</entry>
+ <entry>connects to</entry>
+ <entry>4</entry>
+ <entry>DTR</entry>
+ </row>
+
+ <row>
+ <entry>RTS</entry>
+ <entry>7</entry>
+ <entry>connects to</entry>
+ <entry>8</entry>
+ <entry>CTS</entry>
+ </row>
+
+ <row>
+ <entry>CTS</entry>
+ <entry>8</entry>
+ <entry>connects to</entry>
+ <entry>7</entry>
+ <entry>RTS</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <table frame="none" pgwide="1">
+ <title>DB-9 to DB-25 Null-Modem Cable</title>
+
+ <tgroup cols="5">
+ <thead>
+ <row>
+ <entry align="left">Signal</entry>
+ <entry align="left">Pin #</entry>
+ <entry></entry>
+ <entry align="left">Pin #</entry>
+ <entry align="left">Signal</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>RD</entry>
+ <entry>2</entry>
+ <entry>connects to</entry>
+ <entry>2</entry>
+ <entry>TD</entry>
+ </row>
+
+ <row>
+ <entry>TD</entry>
+ <entry>3</entry>
+ <entry>connects to</entry>
+ <entry>3</entry>
+ <entry>RD</entry>
+ </row>
+
+ <row>
+ <entry>DTR</entry>
+ <entry>4</entry>
+ <entry>connects to</entry>
+ <entry>6</entry>
+ <entry>DSR</entry>
+ </row>
+
+ <row>
+ <entry>DTR</entry>
+ <entry>4</entry>
+ <entry>connects to</entry>
+ <entry>8</entry>
+ <entry>DCD</entry>
+ </row>
+
+ <row>
+ <entry>SG</entry>
+ <entry>5</entry>
+ <entry>connects to</entry>
+ <entry>7</entry>
+ <entry>SG</entry>
+ </row>
+
+ <row>
+ <entry>DSR</entry>
+ <entry>6</entry>
+ <entry>connects to</entry>
+ <entry>20</entry>
+ <entry>DTR</entry>
+ </row>
+
+ <row>
+ <entry>DCD</entry>
+ <entry>1</entry>
+ <entry>connects to</entry>
+ <entry>20</entry>
+ <entry>DTR</entry>
+ </row>
+
+ <row>
+ <entry>RTS</entry>
+ <entry>7</entry>
+ <entry>connects to</entry>
+ <entry>5</entry>
+ <entry>CTS</entry>
+ </row>
+
+ <row>
+ <entry>CTS</entry>
+ <entry>8</entry>
+ <entry>connects to</entry>
+ <entry>4</entry>
+ <entry>RTS</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <note>
+ <para>When one pin at one end connects to a pair of pins
+ at the other end, it is usually implemented with one short
+ wire between the pair of pins in their connector and a
+ long wire to the other single pin.</para>
+ </note>
+
+ <para>The above designs seems to be the most popular. In another
+ variation (explained in the book <emphasis>RS-232 Made
+ Easy</emphasis>) SG connects to SG, TD connects to RD, RTS and
+ CTS connect to DCD, DTR connects to DSR, and vice-versa.</para>
+ </sect4>
+
+ <sect4 id="term-cables-std">
+ <title>Standard RS-232C Cables</title>
+ <indexterm><primary>RS-232C cables</primary></indexterm>
+
+ <para>A standard serial cable passes all of the RS-232C signals
+ straight through. That is, the <quote>Transmitted Data</quote> pin on one
+ end of the cable goes to the <quote>Transmitted Data</quote> pin on the
+ other end. This is the type of cable to use to connect a modem to your
+ FreeBSD system, and is also appropriate for some
+ terminals.</para>
+ </sect4>
+ </sect3>
+
+ <sect3 id="term-ports">
+ <title>Ports</title>
+
+ <para>Serial ports are the devices through which data is transferred
+ between the FreeBSD host computer and the terminal. This section
+ describes the kinds of ports that exist and how they are addressed
+ in FreeBSD.</para>
+
+ <sect4 id="term-portkinds">
+ <title>Kinds of Ports</title>
+
+ <para>Several kinds of serial ports exist. Before you purchase or
+ construct a cable, you need to make sure it will fit the ports on
+ your terminal and on the FreeBSD system.</para>
+
+ <para>Most terminals will have DB-25 ports. Personal computers,
+ including PCs running FreeBSD, will have DB-25 or DB-9 ports. If you
+ have a multiport serial card for your PC, you may have RJ-12 or
+ RJ-45 ports.</para>
+
+ <para>See the documentation that accompanied the hardware for
+ specifications on the kind of port in use. A visual inspection of
+ the port often works too.</para>
+ </sect4>
+
+ <sect4 id="term-portnames">
+ <title>Port Names</title>
+
+ <para>In FreeBSD, you access each serial port through an entry in
+ the <filename>/dev</filename> directory. There are two different
+ kinds of entries:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Call-in ports are named
+ <filename>/dev/ttyd<replaceable>N</replaceable></filename>
+ where <replaceable>N</replaceable> is the port number,
+ starting from zero. Generally, you use the call-in port for
+ terminals. Call-in ports require that the serial line assert
+ the data carrier detect (DCD) signal to work correctly.</para>
+ </listitem>
+
+ <listitem>
+ <para>Call-out ports are named
+ <filename>/dev/cuad<replaceable>N</replaceable></filename>.
+ You usually do not use the call-out port for terminals, just
+ for modems. You may use the call-out port if the serial cable
+ or the terminal does not support the carrier detect
+ signal.</para>
+
+ <note><para>Call-out ports are named
+ <filename>/dev/cuaa<replaceable>N</replaceable></filename> in
+ &os;&nbsp;5.X and older.</para></note>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you have connected a terminal to the first serial port
+ (<devicename>COM1</devicename> in &ms-dos;), then you will
+ use <filename>/dev/ttyd0</filename> to refer to the terminal. If
+ the terminal is on the second serial port (also known as
+ <devicename>COM2</devicename>), use
+ <filename>/dev/ttyd1</filename>, and so forth.</para>
+
+ </sect4>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Kernel Configuration</title>
+
+ <para>FreeBSD supports four serial ports by default. In the
+ &ms-dos; world, these are known as
+ <devicename>COM1</devicename>,
+ <devicename>COM2</devicename>,
+ <devicename>COM3</devicename>, and
+ <devicename>COM4</devicename>. FreeBSD currently supports
+ <quote>dumb</quote> multiport serial interface cards, such as
+ the BocaBoard 1008 and 2016, as well as more
+ intelligent multi-port cards such as those made by Digiboard
+ and Stallion Technologies. However, the default kernel only looks
+ for the standard COM ports.</para>
+
+ <para>To see if your kernel recognizes any of your serial ports, watch
+ for messages while the kernel is booting, or use the
+ <command>/sbin/dmesg</command> command to replay the kernel's boot
+ messages. In particular, look for messages that start with the
+ characters <literal>sio</literal>.</para>
+
+ <tip><para>To view just the messages that have the word
+ <literal>sio</literal>, use the command:</para>
+
+ <screen>&prompt.root; <userinput>/sbin/dmesg | grep 'sio'</userinput></screen>
+ </tip>
+
+ <para>For example, on a system with four serial ports, these are the
+ serial-port specific kernel boot messages:</para>
+
+ <screen>sio0 at 0x3f8-0x3ff irq 4 on isa
+sio0: type 16550A
+sio1 at 0x2f8-0x2ff irq 3 on isa
+sio1: type 16550A
+sio2 at 0x3e8-0x3ef irq 5 on isa
+sio2: type 16550A
+sio3 at 0x2e8-0x2ef irq 9 on isa
+sio3: type 16550A</screen>
+
+ <para>If your kernel does not recognize all of your serial
+ ports, you will probably need to configure your kernel
+ in the <filename>/boot/device.hints</filename> file. You can
+ also comment-out or completely remove lines for devices you do not
+ have.</para>
+
+ <para>On &os;&nbsp;4.X you have to edit your kernel configuration file.
+ For detailed information on configuring your kernel, please see <xref
+ linkend="kernelconfig">. The relevant device lines would look like
+ this:</para>
+
+ <programlisting>device sio0 at isa? port IO_COM1 irq 4
+device sio1 at isa? port IO_COM2 irq 3
+device sio2 at isa? port IO_COM3 irq 5
+device sio3 at isa? port IO_COM4 irq 9</programlisting>
+
+ <para>Please refer to the &man.sio.4; manual page for
+ more information on serial ports and multiport boards configuration.
+ Be careful if you are using a configuration
+ file that was previously used for a different version of
+ FreeBSD because the device flags and the syntax have changed between
+ versions.</para>
+
+ <note>
+ <para><literal>port IO_COM1</literal> is a substitution for
+ <literal>port 0x3f8</literal>, <literal>IO_COM2</literal> is
+ <literal>0x2f8</literal>, <literal>IO_COM3</literal> is
+ <literal>0x3e8</literal>, and <literal>IO_COM4</literal> is
+ <literal>0x2e8</literal>, which are fairly common port addresses for
+ their respective serial ports; interrupts 4, 3, 5, and 9 are fairly
+ common interrupt request lines. Also note that regular serial ports
+ <emphasis>cannot</emphasis> share interrupts on ISA-bus PCs
+ (multiport boards have on-board electronics that allow all the
+ 16550A's on the board to share one or two interrupt request
+ lines).</para>
+ </note>
+
+ </sect2>
+
+ <sect2>
+ <title>Device Special Files</title>
+
+ <para>Most devices in the kernel are accessed through <quote>device
+ special files</quote>, which are located in the
+ <filename>/dev</filename> directory. The <devicename>sio</devicename>
+ devices are accessed through the
+ <filename>/dev/ttyd<replaceable>N</replaceable></filename> (dial-in)
+ and <filename>/dev/cuad<replaceable>N</replaceable></filename>
+ (call-out) devices. FreeBSD also provides initialization devices
+ (<filename>/dev/ttyd<replaceable>N</replaceable>.init</filename> and
+ <filename>/dev/cuad<replaceable>N</replaceable>.init</filename> on
+ &os;&nbsp;6.X,
+ <filename>/dev/ttyid<replaceable>N</replaceable></filename> and
+ <filename>/dev/cuaid<replaceable>N</replaceable></filename> on
+ &os;&nbsp;5.X and older) and
+ locking devices
+ (<filename>/dev/ttyd<replaceable>N</replaceable>.lock</filename> and
+ <filename>/dev/cuad<replaceable>N</replaceable>.lock</filename> on
+ &os;&nbsp;6.X,
+ <filename>/dev/ttyld<replaceable>N</replaceable></filename> and
+ <filename>/dev/cuald<replaceable>N</replaceable></filename> on
+ &os;&nbsp;5.X and older). The
+ initialization devices are used to initialize communications port
+ parameters each time a port is opened, such as
+ <literal>crtscts</literal> for modems which use
+ <literal>RTS/CTS</literal> signaling for flow control. The locking
+ devices are used to lock flags on ports to prevent users or programs
+ changing certain parameters; see the manual pages &man.termios.4;,
+ &man.sio.4;, and &man.stty.1; for
+ information on the terminal settings, locking and initializing
+ devices, and setting terminal options, respectively.</para>
+
+ <sect3>
+ <title>Making Device Special Files</title>
+
+ <note><para>FreeBSD&nbsp;5.0 includes the &man.devfs.5;
+ filesystem which automatically creates device nodes as
+ needed. If you are running a version of FreeBSD with
+ <literal>devfs</literal> enabled then you can safely skip
+ this section.</para></note>
+
+ <para>A shell script called <command>MAKEDEV</command> in the
+ <filename>/dev</filename> directory manages the device special
+ files. To use <command>MAKEDEV</command> to make dial-up device
+ special files for <devicename>COM1</devicename> (port 0),
+ <command>cd</command> to <filename>/dev</filename> and issue the
+ command <command>MAKEDEV ttyd0</command>. Likewise, to make dial-up
+ device special files for <devicename>COM2</devicename> (port 1),
+ use <command>MAKEDEV ttyd1</command>.</para>
+
+ <para><command>MAKEDEV</command> not only creates the
+ <filename>/dev/ttyd<replaceable>N</replaceable></filename> device
+ special files, but also the
+ <filename>/dev/cuaa<replaceable>N</replaceable></filename>,
+ <filename>/dev/cuaia<replaceable>N</replaceable></filename>,
+ <filename>/dev/cuala<replaceable>N</replaceable></filename>,
+ <filename>/dev/ttyld<replaceable>N</replaceable></filename>,
+ and
+ <filename>/dev/ttyid<replaceable>N</replaceable></filename>
+ nodes.</para>
+
+ <para>After making new device special files, be sure to check the
+ permissions on the files (especially the
+ <filename>/dev/cua*</filename> files) to make sure that only users
+ who should have access to those device special files can read and
+ write on them &mdash; you probably do not want to allow your average
+ user to use your modems to dial-out. The default permissions on the
+ <filename>/dev/cua*</filename> files should be sufficient:</para>
+
+ <screen>crw-rw---- 1 uucp dialer 28, 129 Feb 15 14:38 /dev/cuaa1
+crw-rw---- 1 uucp dialer 28, 161 Feb 15 14:38 /dev/cuaia1
+crw-rw---- 1 uucp dialer 28, 193 Feb 15 14:38 /dev/cuala1</screen>
+
+ <para>These permissions allow the user <username>uucp</username> and
+ users in the group <username>dialer</username> to use the call-out
+ devices.</para>
+ </sect3>
+ </sect2>
+
+
+ <sect2 id="serial-hw-config">
+ <title>Serial Port Configuration</title>
+
+ <indexterm><primary><devicename>ttyd</devicename></primary></indexterm>
+ <indexterm><primary><devicename>cuad</devicename></primary></indexterm>
+
+ <para>The <devicename>ttyd<replaceable>N</replaceable></devicename> (or
+ <devicename>cuad<replaceable>N</replaceable></devicename>) device is the
+ regular device you will want to open for your applications. When a
+ process opens the device, it will have a default set of terminal I/O
+ settings. You can see these settings with the command</para>
+
+ <screen>&prompt.root; <userinput>stty -a -f /dev/ttyd1</userinput></screen>
+
+ <para>When you change the settings to this device, the settings are in
+ effect until the device is closed. When it is reopened, it goes back to
+ the default set. To make changes to the default set, you can open and
+ adjust the settings of the <quote>initial state</quote> device. For
+ example, to turn on <option>CLOCAL</option> mode, 8 bit communication,
+ and <option>XON/XOFF</option> flow control by default for
+ <devicename>ttyd5</devicename>, type:</para>
+
+ <screen>&prompt.root; <userinput>stty -f /dev/ttyd5.init clocal cs8 ixon ixoff</userinput></screen>
+
+ <indexterm>
+ <primary>rc files</primary>
+ <secondary><filename>rc.serial</filename></secondary>
+ </indexterm>
+
+ <para>System-wide initialization of the serial devices is
+ controlled in <filename>/etc/rc.d/serial</filename>. This file
+ affects the default settings of serial devices.</para>
+
+ <note>
+ <para>On &os;&nbsp;4.X, system-wide initialization of the serial devices
+ is controlled in <filename>/etc/rc.serial</filename>.</para>
+ </note>
+
+ <para>To prevent certain settings from being changed by an
+ application, make adjustments to the <quote>lock state</quote>
+ device. For example, to lock the speed of
+ <devicename>ttyd5</devicename> to 57600&nbsp;bps, type:</para>
+
+ <screen>&prompt.root; <userinput>stty -f /dev/ttyd5.lock 57600</userinput></screen>
+
+ <para>Now, an application that opens
+ <devicename>ttyd5</devicename> and tries to change the speed of
+ the port will be stuck with 57600&nbsp;bps.</para>
+
+ <indexterm>
+ <primary><command>MAKEDEV</command></primary>
+ </indexterm>
+ <para>Naturally, you should make the initial state and lock state devices
+ writable only by the <username>root</username> account.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="term">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Sean</firstname>
+ <surname>Kelly</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ <!-- 28 July 1996 -->
+ </authorgroup>
+ </sect1info>
+ <title>Terminals</title>
+
+ <indexterm><primary>terminals</primary></indexterm>
+
+ <para>Terminals provide a convenient and low-cost way to access
+ your FreeBSD system when you are not at the computer's console or on
+ a connected network. This section describes how to use terminals with
+ FreeBSD.</para>
+
+ <sect2 id="term-uses">
+ <title>Uses and Types of Terminals</title>
+
+ <para>The original &unix; systems did not have consoles. Instead, people
+ logged in and ran programs through terminals that were connected to
+ the computer's serial ports. It is quite similar to using a modem and
+ terminal software to dial into a remote system to do text-only
+ work.</para>
+
+ <para>Today's PCs have consoles capable of high quality graphics, but
+ the ability to establish a login session on a serial port still exists
+ in nearly every &unix; style operating system today; FreeBSD is no
+ exception. By using a terminal attached to an unused serial port, you
+ can log in and run any text program that you would normally run on the
+ console or in an <command>xterm</command> window in the X Window
+ System.</para>
+
+ <para>For the business user, you can attach many terminals to a FreeBSD
+ system and place them on your employees' desktops. For a home user, a
+ spare computer such as an older IBM PC or a &macintosh; can be a
+ terminal wired into a more powerful computer running FreeBSD. You can
+ turn what might otherwise be a single-user computer into a powerful
+ multiple user system.</para>
+
+ <para>For FreeBSD, there are three kinds of terminals:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><link linkend="term-dumb">Dumb terminals</link></para>
+ </listitem>
+
+ <listitem>
+ <para><link linkend="term-pcs">PCs acting as terminals</link></para>
+ </listitem>
+
+ <listitem>
+ <para><link linkend="term-x">X terminals</link></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The remaining subsections describe each kind.</para>
+
+ <sect3 id="term-dumb">
+ <title>Dumb Terminals</title>
+
+ <para>Dumb terminals are specialized pieces of hardware that let you
+ connect to computers over serial lines. They are called
+ <quote>dumb</quote> because they have only enough computational power
+ to display, send, and receive text. You cannot run any programs on
+ them. It is the computer to which you connect them that has all the
+ power to run text editors, compilers, email, games, and so
+ forth.</para>
+
+ <para>There are hundreds of kinds of dumb terminals made by many
+ manufacturers, including Digital Equipment Corporation's VT-100 and
+ Wyse's WY-75. Just about any kind will work with FreeBSD. Some
+ high-end terminals can even display graphics, but only certain
+ software packages can take advantage of these advanced
+ features.</para>
+
+ <para>Dumb terminals are popular in work environments where workers do
+ not need access to graphical applications such as those provided by
+ the X Window System.</para>
+ </sect3>
+
+ <sect3 id="term-pcs">
+ <title>PCs Acting as Terminals</title>
+
+ <para>If a <link linkend="term-dumb">dumb terminal</link> has just
+ enough ability to display, send, and receive text, then certainly
+ any spare personal computer can be a dumb terminal. All you need is
+ the proper cable and some <emphasis>terminal emulation</emphasis>
+ software to run on the computer.</para>
+
+ <para>Such a configuration is popular in homes. For example, if your
+ spouse is busy working on your FreeBSD system's console, you can do
+ some text-only work at the same time from a less powerful personal
+ computer hooked up as a terminal to the FreeBSD system.</para>
+ </sect3>
+
+ <sect3 id="term-x">
+ <title>X Terminals</title>
+
+ <para>X terminals are the most sophisticated kind of terminal
+ available. Instead of connecting to a serial port, they usually
+ connect to a network like Ethernet. Instead of being relegated to
+ text-only applications, they can display any X application.</para>
+
+ <para>We introduce X terminals just for the sake of completeness.
+ However, this chapter does <emphasis>not</emphasis> cover setup,
+ configuration, or use of X terminals.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="term-config">
+ <title>Configuration</title>
+
+ <para>This section describes what you need to configure on your FreeBSD
+ system to enable a login session on a terminal. It assumes you have
+ already configured your kernel to support the serial port to which the
+ terminal is connected&mdash;and that you have connected it.</para>
+
+ <para>Recall from <xref linkend="boot"> that the
+ <command>init</command> process is responsible for all process
+ control and initialization at system startup. One of the
+ tasks performed by <command>init</command> is to read the
+ <filename>/etc/ttys</filename> file and start a
+ <command>getty</command> process on the available terminals.
+ The <command>getty</command> process is responsible for
+ reading a login name and starting the <command>login</command>
+ program.</para>
+
+ <para>Thus, to configure terminals for your FreeBSD system the
+ following steps should be taken as <username>root</username>:</para>
+
+ <procedure>
+ <step>
+ <para>Add a line to <filename>/etc/ttys</filename> for the entry in
+ the <filename>/dev</filename> directory for the serial port if it
+ is not already there.</para>
+ </step>
+
+ <step>
+ <para>Specify that <command>/usr/libexec/getty</command> be run on
+ the port, and specify the appropriate
+ <replaceable>getty</replaceable> type from the
+ <filename>/etc/gettytab</filename> file.</para>
+ </step>
+
+ <step>
+ <para>Specify the default terminal type.</para>
+ </step>
+
+ <step>
+ <para>Set the port to <quote>on.</quote></para>
+ </step>
+
+ <step>
+ <para>Specify whether the port should be
+ <quote>secure.</quote></para>
+ </step>
+
+ <step>
+ <para>Force <command>init</command> to reread the
+ <filename>/etc/ttys</filename> file.</para>
+ </step>
+ </procedure>
+
+ <para>As an optional step, you may wish to create a custom
+ <replaceable>getty</replaceable> type for use in step 2 by making an
+ entry in <filename>/etc/gettytab</filename>. This chapter does
+ not explain how to do so; you are encouraged to see the
+ &man.gettytab.5; and the &man.getty.8; manual pages for more
+ information.</para>
+
+ <sect3 id="term-etcttys">
+ <title>Adding an Entry to <filename>/etc/ttys</filename></title>
+
+ <para>The <filename>/etc/ttys</filename> file lists all of the ports
+ on your FreeBSD system where you want to allow logins. For example,
+ the first virtual console <filename>ttyv0</filename> has an entry in
+ this file. You can log in on the console using this entry. This
+ file also contains entries for the other virtual consoles, serial ports,
+ and pseudo-ttys. For a hardwired terminal, just list the serial
+ port's <filename>/dev</filename> entry without the
+ <filename>/dev</filename> part (for example,
+ <filename>/dev/ttyv0</filename> would be listed as
+ <devicename>ttyv0</devicename>).</para>
+
+ <para>A default FreeBSD install includes an
+ <filename>/etc/ttys</filename> file with support for the first
+ four serial ports: <filename>ttyd0</filename> through
+ <filename>ttyd3</filename>. If you are attaching a terminal
+ to one of those ports, you do not need to add another entry.</para>
+
+ <example id="ex-etc-ttys">
+ <title>Adding Terminal Entries to
+ <filename>/etc/ttys</filename></title>
+
+ <para>Suppose we would like to connect two terminals to the
+ system: a Wyse-50 and an old 286 IBM PC running
+ <application>Procomm</application> terminal software
+ emulating a VT-100 terminal. We connect the Wyse to the
+ second serial port and the 286 to the sixth serial port (a
+ port on a multiport serial card). The corresponding
+ entries in the <filename>/etc/ttys</filename> file would
+ look like this:</para>
+
+ <programlisting>ttyd1<co
+ id="co-ttys-line1col1"> "/usr/libexec/getty std.38400"<co
+ id="co-ttys-line1col2"> wy50<co
+ id="co-ttys-line1col3"> on<co
+ id="co-ttys-line1col4"> insecure<co
+ id="co-ttys-line1col5">
+ttyd5 "/usr/libexec/getty std.19200" vt100 on insecure
+ </programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-ttys-line1col1">
+ <para>The first field normally specifies the name of
+ the terminal special file as it is found in
+ <filename>/dev</filename>.</para>
+ </callout>
+ <callout arearefs="co-ttys-line1col2">
+
+ <para>The second field is the command to execute for
+ this line, which is usually &man.getty.8;.
+ <command>getty</command> initializes and opens the
+ line, sets the speed, prompts for a user name and then
+ executes the &man.login.1; program.</para>
+
+ <para>The <command>getty</command> program accepts one
+ (optional) parameter on its command line, the
+ <replaceable>getty</replaceable> type. A
+ <replaceable>getty</replaceable> type configures
+ characteristics on the terminal line, like bps rate
+ and parity. The <command>getty</command> program reads
+ these characteristics from the file
+ <filename>/etc/gettytab</filename>.</para>
+
+ <para>The file <filename>/etc/gettytab</filename>
+ contains lots of entries for terminal lines both old
+ and new. In almost all cases, the entries that start
+ with the text <literal>std</literal> will work for
+ hardwired terminals. These entries ignore parity.
+ There is a <literal>std</literal> entry for each bps
+ rate from 110 to 115200. Of course, you can add your
+ own entries to this file. The &man.gettytab.5; manual
+ page provides more information.</para>
+
+ <para>When setting the <replaceable>getty</replaceable>
+ type in the <filename>/etc/ttys</filename> file, make
+ sure that the communications settings on the terminal
+ match.</para>
+
+ <para>For our example, the Wyse-50 uses no parity and
+ connects at 38400&nbsp;bps. The 286&nbsp;PC uses no parity and
+ connects at 19200&nbsp;bps.</para>
+
+ </callout>
+
+ <callout arearefs="co-ttys-line1col3">
+
+ <para>The third field is the type of terminal usually
+ connected to that tty line. For dial-up ports,
+ <literal>unknown</literal> or
+ <literal>dialup</literal> is typically used in this
+ field since users may dial up with practically any
+ type of terminal or software. For hardwired
+ terminals, the terminal type does not change, so you
+ can put a real terminal type from the &man.termcap.5;
+ database file in this field.</para>
+
+ <para>For our example, the Wyse-50 uses the real
+ terminal type while the 286 PC running
+ <application>Procomm</application> will be set to
+ emulate at VT-100. </para>
+
+ </callout>
+
+ <callout arearefs="co-ttys-line1col4">
+ <para>The fourth field specifies if the port should be
+ enabled. Putting <literal>on</literal> here will have
+ the <command>init</command> process start the program
+ in the second field, <command>getty</command>. If you
+ put <literal>off</literal> in this field, there will
+ be no <command>getty</command>, and hence no logins on
+ the port.</para>
+ </callout>
+
+ <callout arearefs="co-ttys-line1col5">
+ <para>The final field is used to specify whether the
+ port is secure. Marking a port as secure means that
+ you trust it enough to allow the
+ <username>root</username> account (or any account with
+ a user ID of 0) to login from that port. Insecure
+ ports do not allow <username>root</username> logins.
+ On an insecure port, users must login from
+ unprivileged accounts and then use &man.su.1; or a
+ similar mechanism to gain superuser privileges.</para>
+
+ <para>It is highly recommended that you use
+ <quote>insecure</quote>
+ even for terminals that are behind locked doors. It
+ is quite easy to login and use <command>su</command>
+ if you need superuser privileges.</para>
+ </callout>
+ </calloutlist>
+ </example>
+ </sect3>
+
+ <sect3 id="term-hup">
+ <title>Force <command>init</command> to Reread
+ <filename>/etc/ttys</filename></title>
+
+ <para>After making the necessary changes to the
+ <filename>/etc/ttys</filename> file you should send a SIGHUP
+ (hangup) signal to the <command>init</command> process to
+ force it to re-read its configuration file. For example:</para>
+
+ <screen>&prompt.root; <userinput>kill -HUP 1</userinput></screen>
+
+ <note>
+ <para><command>init</command> is always the first process run
+ on a system, therefore it will always have PID 1.</para>
+ </note>
+
+ <para>If everything is set up correctly, all cables are in
+ place, and the terminals are powered up, then a
+ <command>getty</command> process should be running on each
+ terminal and you should see login prompts on your terminals
+ at this point.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="term-debug">
+ <title>Troubleshooting Your Connection</title>
+
+ <para>Even with the most meticulous attention to detail, something could
+ still go wrong while setting up a terminal. Here is a list of
+ symptoms and some suggested fixes.</para>
+
+ <sect3>
+ <title>No Login Prompt Appears</title>
+
+ <para>Make sure the terminal is plugged in and powered up. If it
+ is a personal computer acting as a terminal, make sure it is
+ running terminal emulation software on the correct serial
+ port.</para>
+
+ <para>Make sure the cable is connected firmly to both the terminal
+ and the FreeBSD computer. Make sure it is the right kind of
+ cable.</para>
+
+ <para>Make sure the terminal and FreeBSD agree on the bps rate and
+ parity settings. If you have a video display terminal, make
+ sure the contrast and brightness controls are turned up. If it
+ is a printing terminal, make sure paper and ink are in good
+ supply.</para>
+
+ <para>Make sure that a <command>getty</command> process is running
+ and serving the terminal. For example, to get a list of
+ running <command>getty</command> processes with
+ <command>ps</command>, type:</para>
+
+ <screen>&prompt.root; <userinput>ps -axww|grep getty</userinput></screen>
+
+ <para>You should see an entry for the terminal. For
+ example, the following display shows that a
+ <command>getty</command> is running on the second serial
+ port <literal>ttyd1</literal> and is using the
+ <literal>std.38400</literal> entry in
+ <filename>/etc/gettytab</filename>:</para>
+
+ <screen>22189 d1 Is+ 0:00.03 /usr/libexec/getty std.38400 ttyd1</screen>
+
+ <para>If no <command>getty</command> process is running, make sure
+ you have enabled the port in <filename>/etc/ttys</filename>.
+ Also remember to run <command>kill -HUP 1</command>
+ after modifying the <filename>ttys</filename> file.</para>
+
+ <para>If the <command>getty</command> process is running
+ but the terminal still does not display a login prompt,
+ or if it displays a prompt but will not allow you to
+ type, your terminal or cable may not support hardware
+ handshaking. Try changing the entry in
+ <filename>/etc/ttys</filename> from
+ <literal>std.38400</literal> to
+ <literal>3wire.38400</literal> remember to run
+ <command>kill -HUP 1</command> after modifying
+ <filename>/etc/ttys</filename>). The
+ <literal>3wire</literal> entry is similar to
+ <literal>std</literal>, but ignores hardware
+ handshaking. You may need to reduce the baud rate or
+ enable software flow control when using
+ <literal>3wire</literal> to prevent buffer
+ overflows.</para>
+
+ </sect3>
+
+ <sect3>
+ <title>If Garbage Appears Instead of a Login Prompt</title>
+
+ <para>Make sure the terminal and FreeBSD agree on the bps rate and
+ parity settings. Check the <command>getty</command> processes
+ to make sure the
+ correct <replaceable>getty</replaceable> type is in use. If
+ not, edit <filename>/etc/ttys</filename> and run <command>kill
+ -HUP 1</command>.</para>
+
+ </sect3>
+
+ <sect3>
+ <title>Characters Appear Doubled; the Password Appears When Typed</title>
+
+ <para>Switch the terminal (or the terminal emulation software)
+ from <quote>half duplex</quote> or <quote>local echo</quote> to
+ <quote>full duplex.</quote></para>
+
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="dialup">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Guy</firstname>
+ <surname>Helmer</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Sean</firstname>
+ <surname>Kelly</surname>
+ <contrib>Additions by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Dial-in Service</title>
+ <indexterm><primary>dial-in service</primary></indexterm>
+
+ <para>Configuring your FreeBSD system for dial-in service is very
+ similar to connecting terminals except that you are dealing with
+ modems instead of terminals.</para>
+
+ <sect2>
+ <title>External vs. Internal Modems</title>
+
+ <para>External modems seem to be more convenient for dial-up, because
+ external modems often can be semi-permanently configured via
+ parameters stored in non-volatile RAM and they usually provide
+ lighted indicators that display the state of important RS-232
+ signals. Blinking lights impress visitors, but lights are also very
+ useful to see whether a modem is operating properly.</para>
+
+ <para>Internal modems usually lack non-volatile RAM, so their
+ configuration may be limited only to setting DIP switches. If your
+ internal modem has any signal indicator lights, it is probably
+ difficult to view the lights when the system's cover is in
+ place.</para>
+
+ <sect3>
+ <title>Modems and Cables</title>
+ <indexterm><primary>modem</primary></indexterm>
+
+ <para>If you are using an external modem, then you will of
+ course need the proper cable. A standard RS-232C serial
+ cable should suffice as long as all of the normal signals
+ are wired:</para>
+
+ <table frame="none" pgwide="1" id="serialcomms-signal-names">
+ <title>Signal Names</title>
+
+ <tgroup cols="5">
+ <thead>
+ <row>
+ <entry align="left">Acronyms</entry>
+ <entry align="left">Names</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><acronym>RD</acronym></entry>
+ <entry>Received Data</entry>
+ </row>
+
+ <row>
+ <entry><acronym>TD</acronym></entry>
+ <entry>Transmitted Data</entry>
+ </row>
+
+ <row>
+ <entry><acronym>DTR</acronym></entry>
+ <entry>Data Terminal Ready</entry>
+ </row>
+
+ <row>
+ <entry><acronym>DSR</acronym></entry>
+ <entry>Data Set Ready</entry>
+ </row>
+
+ <row>
+ <entry><acronym>DCD</acronym></entry>
+ <entry>Data Carrier Detect (RS-232's Received Line
+ Signal Detector)</entry>
+ </row>
+
+ <row>
+ <entry><acronym>SG</acronym></entry>
+ <entry>Signal Ground</entry>
+ </row>
+
+ <row>
+ <entry><acronym>RTS</acronym></entry>
+ <entry>Request to Send</entry>
+ </row>
+
+ <row>
+ <entry><acronym>CTS</acronym></entry>
+ <entry>Clear to Send</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>FreeBSD needs the <acronym>RTS</acronym> and
+ <acronym>CTS</acronym> signals for flow control at speeds above
+ 2400&nbsp;bps, the <acronym>CD</acronym> signal to detect when a call has
+ been answered or the line has been hung up, and the
+ <acronym>DTR</acronym> signal to reset the modem after a session is
+ complete. Some cables are wired without all of the needed signals,
+ so if you have problems, such as a login session not going away when
+ the line hangs up, you may have a problem with your cable.</para>
+
+ <para>Like other &unix; like operating systems, FreeBSD uses the
+ hardware signals to find out when a call has been answered
+ or a line has been hung up and to hangup and reset the modem
+ after a call. FreeBSD avoids sending commands to the modem
+ or watching for status reports from the modem. If you are
+ familiar with connecting modems to PC-based bulletin board
+ systems, this may seem awkward.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Serial Interface Considerations</title>
+
+ <para>FreeBSD supports NS8250-, NS16450-, NS16550-, and NS16550A-based
+ EIA RS-232C (CCITT V.24) communications interfaces. The 8250 and
+ 16450 devices have single-character buffers. The 16550 device
+ provides a 16-character buffer, which allows for better system
+ performance. (Bugs in plain 16550's prevent the use of the
+ 16-character buffer, so use 16550A's if possible). Because
+ single-character-buffer devices require more work by the operating
+ system than the 16-character-buffer devices, 16550A-based serial
+ interface cards are much preferred. If the system has many active
+ serial ports or will have a heavy load, 16550A-based cards are
+ better for low-error-rate communications.</para>
+ </sect2>
+
+ <sect2>
+ <title>Quick Overview</title>
+
+ <indexterm><primary>getty</primary></indexterm>
+ <para>As with terminals, <command>init</command> spawns a
+ <command>getty</command> process for each configured serial
+ port for dial-in connections. For example, if a modem is
+ attached to <filename>/dev/ttyd0</filename>, the command
+ <command>ps ax</command> might show this:</para>
+
+ <screen> 4850 ?? I 0:00.09 /usr/libexec/getty V19200 ttyd0</screen>
+
+ <para>When a user dials the modem's line and the modems connect, the
+ <acronym>CD</acronym> (Carrier Detect) line is reported by the modem.
+ The kernel
+ notices that carrier has been detected and completes
+ <command>getty</command>'s open of the port. <command>getty</command>
+ sends a <prompt>login:</prompt> prompt at the specified initial line
+ speed. <command>getty</command> watches to see if legitimate
+ characters are received, and, in a typical configuration, if it finds
+ junk (probably due to the modem's connection speed being different
+ than <command>getty</command>'s speed), <command>getty</command> tries
+ adjusting the line speeds until it receives reasonable
+ characters.</para>
+
+ <indexterm>
+ <primary><command>/usr/bin/login</command></primary>
+ </indexterm>
+ <para>After the user enters his/her login name,
+ <command>getty</command> executes
+ <filename>/usr/bin/login</filename>, which completes the login
+ by asking for the user's password and then starting the user's
+ shell.</para>
+ </sect2>
+
+
+ <sect2>
+ <title>Configuration Files</title>
+
+ <para>There are three system configuration files in the
+ <filename>/etc</filename> directory that you will probably need to
+ edit to allow dial-up access to your FreeBSD system. The first,
+ <filename>/etc/gettytab</filename>, contains configuration information
+ for the <filename>/usr/libexec/getty</filename> daemon. Second,
+ <filename>/etc/ttys</filename> holds information that tells
+ <filename>/sbin/init</filename> what <filename>tty</filename> devices
+ should have <command>getty</command> processes running on them.
+ Lastly, you can place port initialization commands in the
+ <filename>/etc/rc.d/serial</filename> script.</para>
+
+ <para>There are two schools of thought regarding dial-up modems on &unix;.
+ One group likes to configure their modems and systems so that no matter
+ at what speed a remote user dials in, the local computer-to-modem
+ RS-232 interface runs at a locked speed. The benefit of this
+ configuration is that the remote user always sees a system login
+ prompt immediately. The downside is that the system does not know
+ what a user's true data rate is, so full-screen programs like Emacs
+ will not adjust their screen-painting methods to make their response
+ better for slower connections.</para>
+
+ <para>The other school configures their modems' RS-232 interface to vary
+ its speed based on the remote user's connection speed. For example,
+ V.32bis (14.4&nbsp;Kbps) connections to the modem might make the modem run
+ its RS-232 interface at 19.2&nbsp;Kbps, while 2400&nbsp;bps connections make the
+ modem's RS-232 interface run at 2400&nbsp;bps. Because
+ <command>getty</command> does not understand any particular modem's
+ connection speed reporting, <command>getty</command> gives a
+ <prompt>login:</prompt> message at an initial speed and watches the
+ characters that come back in response. If the user sees junk, it is
+ assumed that they know they should press the
+ <keycode>Enter</keycode> key until they see a recognizable
+ prompt. If the data rates do not match, <command>getty</command> sees
+ anything the user types as <quote>junk</quote>, tries going to the next
+ speed and gives the <prompt>login:</prompt> prompt again. This
+ procedure can continue ad nauseam, but normally only takes a keystroke
+ or two before the user sees a good prompt. Obviously, this login
+ sequence does not look as clean as the former
+ <quote>locked-speed</quote> method, but a user on a low-speed
+ connection should receive better interactive response from full-screen
+ programs.</para>
+
+ <para>This section will try to give balanced configuration information,
+ but is biased towards having the modem's data rate follow the
+ connection rate.</para>
+
+ <sect3>
+ <title><filename>/etc/gettytab</filename></title>
+
+ <indexterm>
+ <primary><filename>/etc/gettytab</filename></primary>
+ </indexterm>
+ <para><filename>/etc/gettytab</filename> is a &man.termcap.5;-style
+ file of configuration information for &man.getty.8;. Please see the
+ &man.gettytab.5; manual page for complete information on the
+ format of the file and the list of capabilities.</para>
+
+ <sect4>
+ <title>Locked-speed Config</title>
+
+ <para>If you are locking your modem's data communications rate at a
+ particular speed, you probably will not need to make any changes
+ to <filename>/etc/gettytab</filename>.</para>
+ </sect4>
+
+ <sect4>
+ <title>Matching-speed Config</title>
+
+ <para>You will need to set up an entry in
+ <filename>/etc/gettytab</filename> to give
+ <command>getty</command> information about the speeds you wish to
+ use for your modem. If you have a 2400&nbsp;bps modem, you can
+ probably use the existing <literal>D2400</literal> entry.</para>
+
+ <programlisting>#
+# Fast dialup terminals, 2400/1200/300 rotary (can start either way)
+#
+D2400|d2400|Fast-Dial-2400:\
+ :nx=D1200:tc=2400-baud:
+3|D1200|Fast-Dial-1200:\
+ :nx=D300:tc=1200-baud:
+5|D300|Fast-Dial-300:\
+ :nx=D2400:tc=300-baud:</programlisting>
+
+ <para>If you have a higher speed modem, you will probably need to
+ add an entry in <filename>/etc/gettytab</filename>; here is an
+ entry you could use for a 14.4&nbsp;Kbps modem with a top interface
+ speed of 19.2&nbsp;Kbps:</para>
+
+ <programlisting>#
+# Additions for a V.32bis Modem
+#
+um|V300|High Speed Modem at 300,8-bit:\
+ :nx=V19200:tc=std.300:
+un|V1200|High Speed Modem at 1200,8-bit:\
+ :nx=V300:tc=std.1200:
+uo|V2400|High Speed Modem at 2400,8-bit:\
+ :nx=V1200:tc=std.2400:
+up|V9600|High Speed Modem at 9600,8-bit:\
+ :nx=V2400:tc=std.9600:
+uq|V19200|High Speed Modem at 19200,8-bit:\
+ :nx=V9600:tc=std.19200:</programlisting>
+
+ <para>This will result in 8-bit, no parity connections.</para>
+
+ <para>The example above starts the communications rate at 19.2&nbsp;Kbps
+ (for a V.32bis connection), then cycles through 9600&nbsp;bps (for
+ V.32), 2400&nbsp;bps, 1200&nbsp;bps, 300&nbsp;bps, and back to 19.2&nbsp;Kbps.
+ Communications rate cycling is implemented with the
+ <literal>nx=</literal> (<quote>next table</quote>) capability.
+ Each of the lines uses a <literal>tc=</literal> (<quote>table
+ continuation</quote>) entry to pick up the rest of the
+ <quote>standard</quote> settings for a particular data rate.</para>
+
+ <para>If you have a 28.8&nbsp;Kbps modem and/or you want to take
+ advantage of compression on a 14.4&nbsp;Kbps modem, you need to use a
+ higher communications rate than 19.2&nbsp;Kbps. Here is an example of
+ a <filename>gettytab</filename> entry starting a 57.6&nbsp;Kbps:</para>
+
+ <programlisting>#
+# Additions for a V.32bis or V.34 Modem
+# Starting at 57.6 Kbps
+#
+vm|VH300|Very High Speed Modem at 300,8-bit:\
+ :nx=VH57600:tc=std.300:
+vn|VH1200|Very High Speed Modem at 1200,8-bit:\
+ :nx=VH300:tc=std.1200:
+vo|VH2400|Very High Speed Modem at 2400,8-bit:\
+ :nx=VH1200:tc=std.2400:
+vp|VH9600|Very High Speed Modem at 9600,8-bit:\
+ :nx=VH2400:tc=std.9600:
+vq|VH57600|Very High Speed Modem at 57600,8-bit:\
+ :nx=VH9600:tc=std.57600:</programlisting>
+
+ <para>If you have a slow CPU or a heavily loaded system and do
+ not have 16550A-based serial ports, you may receive
+ <errorname>sio</errorname>
+ <quote>silo</quote> errors at 57.6&nbsp;Kbps.</para>
+ </sect4>
+ </sect3>
+
+ <sect3 id="dialup-ttys">
+ <title><filename>/etc/ttys</filename></title>
+ <indexterm>
+ <primary><filename>/etc/ttys</filename></primary>
+ </indexterm>
+
+ <para>Configuration of the <filename>/etc/ttys</filename> file
+ was covered in <xref linkend="ex-etc-ttys">.
+ Configuration for modems is similar but we must pass a
+ different argument to <command>getty</command> and specify a
+ different terminal type. The general format for both
+ locked-speed and matching-speed configurations is:</para>
+
+ <programlisting>ttyd0 "/usr/libexec/getty <replaceable>xxx</replaceable>" dialup on</programlisting>
+
+ <para>The first item in the above line is the device special file for
+ this entry &mdash; <literal>ttyd0</literal> means
+ <filename>/dev/ttyd0</filename> is the file that this
+ <command>getty</command> will be watching. The second item,
+ <literal>"/usr/libexec/getty
+ <replaceable>xxx</replaceable>"</literal>
+ (<replaceable>xxx</replaceable> will be replaced by the initial
+ <filename>gettytab</filename> capability) is the process
+ <command>init</command> will run on the device. The third item,
+ <literal>dialup</literal>, is the default terminal type. The fourth
+ parameter, <literal>on</literal>, indicates to
+ <command>init</command> that the line is operational. There can be
+ a fifth parameter, <literal>secure</literal>, but it should only be
+ used for terminals which are physically secure (such as the system
+ console).</para>
+
+ <para>The default terminal type (<literal>dialup</literal> in the
+ example above) may depend on local preferences.
+ <literal>dialup</literal> is the traditional default terminal type
+ on dial-up lines so that users may customize their login scripts to
+ notice when the terminal is <literal>dialup</literal> and
+ automatically adjust their terminal type. However, the author finds
+ it easier at his site to specify <literal>vt102</literal> as the
+ default terminal type, since the users just use VT102 emulation on
+ their remote systems.</para>
+
+ <para>After you have made changes to <filename>/etc/ttys</filename>,
+ you may send the <command>init</command> process a
+ <acronym>HUP</acronym> signal to re-read the file. You can use the
+ command
+
+ <screen>&prompt.root; <userinput>kill -HUP 1</userinput></screen>
+
+ to send the signal. If this is your first time setting up the
+ system, you may want to wait until your modem(s) are properly
+ configured and connected before signaling <command>init</command>.
+ </para>
+
+ <sect4>
+ <title>Locked-speed Config</title>
+
+ <para>For a locked-speed configuration, your
+ <filename>ttys</filename> entry needs to have a fixed-speed entry
+ provided to <command>getty</command>. For a modem whose port
+ speed is locked at 19.2&nbsp;Kbps, the <filename>ttys</filename> entry
+ might look like this:</para>
+
+ <programlisting>ttyd0 "/usr/libexec/getty std.19200" dialup on</programlisting>
+
+ <para>If your modem is locked at a different data rate,
+ substitute the appropriate value for
+ <literal>std.<replaceable>speed</replaceable></literal>
+ instead of <literal>std.19200</literal>. Make sure that
+ you use a valid type listed in
+ <filename>/etc/gettytab</filename>.</para>
+ </sect4>
+
+ <sect4>
+ <title>Matching-speed Config</title>
+
+ <para>In a matching-speed configuration, your
+ <filename>ttys</filename> entry needs to reference the appropriate
+ beginning <quote>auto-baud</quote> (sic) entry in
+ <filename>/etc/gettytab</filename>. For example, if you added the
+ above suggested entry for a matching-speed modem that starts at
+ 19.2&nbsp;Kbps (the <filename>gettytab</filename> entry containing the
+ <literal>V19200</literal> starting point), your
+ <filename>ttys</filename> entry might look like this:</para>
+
+ <programlisting>ttyd0 "/usr/libexec/getty V19200" dialup on</programlisting>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title><filename>/etc/rc.d/serial</filename></title>
+ <indexterm>
+ <primary>rc files</primary>
+ <secondary><filename>rc.serial</filename></secondary>
+ </indexterm>
+
+ <para>High-speed modems, like V.32, V.32bis, and V.34 modems,
+ need to use hardware (<literal>RTS/CTS</literal>) flow
+ control. You can add <command>stty</command> commands to
+ <filename>/etc/rc.d/serial</filename> to set the hardware flow
+ control flag in the FreeBSD kernel for the modem
+ ports.</para>
+
+ <para>For example to set the <literal>termios</literal> flag
+ <varname>crtscts</varname> on serial port #1's
+ (<devicename>COM2</devicename>) dial-in and dial-out initialization
+ devices, the following lines could be added to
+ <filename>/etc/rc.d/serial</filename>:</para>
+ <programlisting># Serial port initial configuration
+stty -f /dev/ttyd1.init crtscts
+stty -f /dev/cuad1.init crtscts</programlisting>
+
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Modem Settings</title>
+
+ <para>If you have a modem whose parameters may be permanently set in
+ non-volatile RAM, you will need to use a terminal program (such as
+ Telix under &ms-dos; or <command>tip</command> under FreeBSD) to set the
+ parameters. Connect to the modem using the same communications speed
+ as the initial speed <command>getty</command> will use and configure
+ the modem's non-volatile RAM to match these requirements:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><acronym>CD</acronym> asserted when connected</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>DTR</acronym> asserted for operation; dropping DTR
+ hangs up line and resets modem</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>CTS</acronym> transmitted data flow control</para>
+ </listitem>
+
+ <listitem>
+ <para>Disable <acronym>XON/XOFF</acronym> flow control</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>RTS</acronym> received data flow control</para>
+ </listitem>
+
+ <listitem>
+ <para>Quiet mode (no result codes)</para>
+ </listitem>
+
+ <listitem>
+ <para>No command echo</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Please read the documentation for your modem to find out what
+ commands and/or DIP switch settings you need to give it.</para>
+
+ <para>For example, to set the above parameters on a &usrobotics;
+ &sportster; 14,400 external modem, one could give these commands to
+ the modem:</para>
+
+ <programlisting>ATZ
+AT&amp;C1&amp;D2&amp;H1&amp;I0&amp;R2&amp;W</programlisting>
+
+ <para>You might also want to take this opportunity to adjust other
+ settings in the modem, such as whether it will use V.42bis and/or MNP5
+ compression.</para>
+
+ <para>The &usrobotics; &sportster; 14,400 external modem also has some DIP switches
+ that need to be set; for other modems, perhaps you can use these
+ settings as an example:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Switch 1: UP &mdash; DTR Normal</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch 2: N/A (Verbal Result Codes/Numeric Result
+ Codes)</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch 3: UP &mdash; Suppress Result Codes</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch 4: DOWN &mdash; No echo, offline commands</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch 5: UP &mdash; Auto Answer</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch 6: UP &mdash; Carrier Detect Normal</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch 7: UP &mdash; Load NVRAM Defaults</para>
+ </listitem>
+
+ <listitem>
+ <para>Switch 8: N/A (Smart Mode/Dumb Mode)</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Result codes should be disabled/suppressed for dial-up modems to
+ avoid problems that can occur if <command>getty</command> mistakenly
+ gives a <prompt>login:</prompt> prompt to a modem that is in command
+ mode and the modem echoes the command or returns a result
+ code. This sequence can result in a extended, silly conversation
+ between <command>getty</command> and the modem.</para>
+
+ <sect3>
+ <title>Locked-speed Config</title>
+
+ <para>For a locked-speed configuration, you will need to configure the
+ modem to maintain a constant modem-to-computer data rate independent
+ of the communications rate. On a &usrobotics; &sportster; 14,400 external
+ modem, these commands will lock the modem-to-computer data rate at
+ the speed used to issue the commands:</para>
+
+ <programlisting>ATZ
+AT&amp;B1&amp;W</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Matching-speed Config</title>
+
+ <para>For a variable-speed configuration, you will need to configure
+ your modem to adjust its serial port data rate to match the incoming
+ call rate. On a &usrobotics; &sportster; 14,400 external modem, these commands
+ will lock the modem's error-corrected data rate to the speed used to
+ issue the commands, but allow the serial port rate to vary for
+ non-error-corrected connections:</para>
+
+ <programlisting>ATZ
+AT&amp;B2&amp;W</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Checking the Modem's Configuration</title>
+
+ <para>Most high-speed modems provide commands to view the modem's
+ current operating parameters in a somewhat human-readable fashion.
+ On the &usrobotics; &sportster; 14,400 external modems, the command
+ <command>ATI5</command> displays the settings that are stored in the
+ non-volatile RAM. To see the true operating parameters of the modem
+ (as influenced by the modem's DIP switch settings), use the commands
+ <command>ATZ</command> and then <command>ATI4</command>.</para>
+
+ <para>If you have a different brand of modem, check your modem's
+ manual to see how to double-check your modem's configuration
+ parameters.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Troubleshooting</title>
+
+ <para>Here are a few steps you can follow to check out the dial-up modem
+ on your system.</para>
+
+ <sect3>
+ <title>Checking Out the FreeBSD System</title>
+
+ <para>Hook up your modem to your FreeBSD system, boot the system, and,
+ if your modem has status indication lights, watch to see whether the
+ modem's <acronym>DTR</acronym> indicator lights when the
+ <prompt>login:</prompt> prompt appears on the system's console
+ &mdash; if it lights up, that should mean that FreeBSD has started a
+ <command>getty</command> process on the appropriate communications
+ port and is waiting for the modem to accept a call.</para>
+
+ <para>If the <acronym>DTR</acronym> indicator does not light, login to
+ the FreeBSD system through the console and issue a <command>ps
+ ax</command> to see if FreeBSD is trying to run a
+ <command>getty</command> process on the correct port. You should see
+ lines like these among the processes displayed:</para>
+
+ <screen> 114 ?? I 0:00.10 /usr/libexec/getty V19200 ttyd0
+ 115 ?? I 0:00.10 /usr/libexec/getty V19200 ttyd1</screen>
+
+ <para>If you see something different, like this:</para>
+
+ <screen> 114 d0 I 0:00.10 /usr/libexec/getty V19200 ttyd0</screen>
+
+ <para>and the modem has not accepted a call yet, this means that
+ <command>getty</command> has completed its open on the
+ communications port. This could indicate a problem with the cabling
+ or a mis-configured modem, because <command>getty</command> should
+ not be able to open the communications port until
+ <acronym>CD</acronym> (carrier detect) has been asserted by the
+ modem.</para>
+
+ <para>If you do not see any <command>getty</command> processes waiting
+ to open the desired
+ <filename>ttyd<replaceable>N</replaceable></filename> port,
+ double-check your entries in <filename>/etc/ttys</filename> to see
+ if there are any mistakes there. Also, check the log file
+ <filename>/var/log/messages</filename> to see if there are any log
+ messages from <command>init</command> or <command>getty</command>
+ regarding any problems. If there are any messages, triple-check the
+ configuration files <filename>/etc/ttys</filename> and
+ <filename>/etc/gettytab</filename>, as well as the appropriate
+ device special files <filename>/dev/ttydN</filename>, for any
+ mistakes, missing entries, or missing device special files.</para>
+ </sect3>
+
+ <sect3>
+ <title>Try Dialing In</title>
+
+ <para>Try dialing into the system; be sure to use 8 bits, no parity,
+ and 1
+ stop bit on the remote system. If you do not get a prompt right
+ away, or get garbage, try pressing <keycode>Enter</keycode>
+ about once per second. If you still do not see a
+ <prompt>login:</prompt> prompt after a while, try sending a
+ <command>BREAK</command>. If you are using a high-speed modem to do
+ the dialing, try dialing again after locking the dialing modem's
+ interface speed (via <command>AT&amp;B1</command> on a &usrobotics;
+ &sportster; modem, for example).</para>
+
+ <para>If you still cannot get a <prompt>login:</prompt> prompt, check
+ <filename>/etc/gettytab</filename> again and double-check
+ that</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The initial capability name specified in
+ <filename>/etc/ttys</filename> for the line matches a name of a
+ capability in <filename>/etc/gettytab</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>Each <literal>nx=</literal> entry matches another
+ <filename>gettytab</filename> capability name</para>
+ </listitem>
+
+ <listitem>
+ <para>Each <literal>tc=</literal> entry matches another
+ <filename>gettytab</filename> capability name</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you dial but the modem on the FreeBSD system will not answer,
+ make sure that the modem is configured to answer the phone when
+ <acronym>DTR</acronym> is asserted. If the modem seems to be
+ configured correctly, verify that the <acronym>DTR</acronym> line is
+ asserted by checking the modem's indicator lights (if it has
+ any).</para>
+
+ <para>If you have gone over everything several times and it still does
+ not work, take a break and come back to it later. If it still does
+ not work, perhaps you can send an electronic mail message to the
+ &a.questions; describing your modem and your problem, and the good
+ folks on the list will try to help.</para>
+ </sect3>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="dialout">
+ <title>Dial-out Service</title>
+ <indexterm><primary>dial-out service</primary></indexterm>
+
+ <para>The following are tips for getting your host to be able to connect
+ over the modem to another computer. This is appropriate for
+ establishing a terminal session with a remote host.</para>
+
+ <para>This is useful to log onto a BBS.</para>
+
+ <para>This kind of connection can be extremely helpful to get a file on
+ the Internet if you have problems with PPP. If you need to FTP
+ something and PPP is broken, use the terminal session to FTP it. Then
+ use zmodem to transfer it to your machine.</para>
+
+ <sect2>
+ <title>My Stock Hayes Modem Is Not Supported, What Can I Do?</title>
+
+ <para>Actually, the manual page for <command>tip</command> is out of date.
+ There is a generic Hayes dialer already built in. Just use
+ <literal>at=hayes</literal> in your <filename>/etc/remote</filename>
+ file.</para>
+
+ <para>The Hayes driver is not smart enough to recognize some of the
+ advanced features of newer modems&mdash;messages like
+ <literal>BUSY</literal>, <literal>NO DIALTONE</literal>, or
+ <literal>CONNECT 115200</literal> will just confuse it. You should
+ turn those messages off when you use <command>tip</command> (using
+ <command>ATX0&amp;W</command>).</para>
+
+ <para>Also, the dial timeout for <command>tip</command> is 60 seconds.
+ Your modem should use something less, or else tip will think there is
+ a communication problem. Try <command>ATS7=45&amp;W</command>.</para>
+
+ <note>
+ <para>As shipped, <command>tip</command> does not yet support
+ Hayes modems fully. The solution is to edit the file
+ <filename>tipconf.h</filename> in the directory
+ <filename>/usr/src/usr.bin/tip/tip</filename>. Obviously you need the
+ source distribution to do this.</para>
+
+ <para>Edit the line <literal>#define HAYES 0</literal> to
+ <literal>#define HAYES 1</literal>. Then <command>make</command> and
+ <command>make install</command>. Everything works nicely after
+ that.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="direct-at">
+ <title>How Am I Expected to Enter These AT Commands?</title>
+
+ <indexterm>
+ <primary><filename>/etc/remote</filename></primary>
+ </indexterm>
+ <para>Make what is called a <quote>direct</quote> entry in your
+ <filename>/etc/remote</filename> file. For example, if your modem is
+ hooked up to the first serial port, <filename>/dev/cuad0</filename>,
+ then put in the following line:</para>
+
+ <programlisting>cuad0:dv=/dev/cuad0:br#19200:pa=none</programlisting>
+
+ <para>Use the highest bps rate your modem supports in the br capability.
+ Then, type <command>tip cuad0</command> and you will be connected to
+ your modem.</para>
+
+ <para>Or use <command>cu</command> as <username>root</username> with the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>cu -l<replaceable>line</replaceable> -s<replaceable>speed</replaceable></userinput></screen>
+
+ <para><replaceable>line</replaceable> is the serial port
+ (e.g.<filename>/dev/cuad0</filename>) and
+ <replaceable>speed</replaceable> is the speed
+ (e.g.<literal>57600</literal>). When you are done entering the AT
+ commands hit <keycap>~.</keycap> to exit.</para>
+ </sect2>
+
+ <sect2>
+ <title>The <literal>@</literal> Sign for the pn Capability Does Not
+ Work!</title>
+
+ <para>The <literal>@</literal> sign in the phone number capability tells
+ tip to look in <filename>/etc/phones</filename> for a phone number.
+ But the <literal>@</literal> sign is also a special character in
+ capability files like <filename>/etc/remote</filename>. Escape it
+ with a backslash:</para>
+
+ <programlisting>pn=\@</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>How Can I Dial a Phone Number on the Command Line?</title>
+
+ <para>Put what is called a <quote>generic</quote> entry in your
+ <filename>/etc/remote</filename> file. For example:</para>
+
+ <programlisting>tip115200|Dial any phone number at 115200 bps:\
+ :dv=/dev/cuad0:br#115200:at=hayes:pa=none:du:
+tip57600|Dial any phone number at 57600 bps:\
+ :dv=/dev/cuad0:br#57600:at=hayes:pa=none:du:</programlisting>
+
+ <para>Then you can do things like:</para>
+
+ <screen>&prompt.root; <userinput>tip -115200 5551234</userinput></screen>
+
+ <para>If you prefer <command>cu</command> over <command>tip</command>,
+ use a generic <literal>cu</literal> entry:</para>
+
+ <programlisting>cu115200|Use cu to dial any number at 115200bps:\
+ :dv=/dev/cuad1:br#57600:at=hayes:pa=none:du:</programlisting>
+
+ <para>and type:</para>
+
+ <screen>&prompt.root; <userinput>cu 5551234 -s 115200</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Do I Have to Type in the bps Rate Every Time I Do That?</title>
+
+ <para>Put in an entry for <literal>tip1200</literal> or
+ <literal>cu1200</literal>, but go ahead and use whatever bps rate is
+ appropriate with the br capability. <command>tip</command> thinks a
+ good default is 1200&nbsp;bps which is why it looks for a
+ <literal>tip1200</literal> entry. You do not have to use 1200&nbsp;bps,
+ though.</para>
+ </sect2>
+
+ <sect2>
+ <title>I Access a Number of Hosts Through a Terminal Server</title>
+
+ <para>Rather than waiting until you are connected and typing
+ <command>CONNECT &lt;host&gt;</command> each time, use tip's
+ <literal>cm</literal> capability. For example, these entries in
+ <filename>/etc/remote</filename>:</para>
+
+ <programlisting>pain|pain.deep13.com|Forrester's machine:\
+ :cm=CONNECT pain\n:tc=deep13:
+muffin|muffin.deep13.com|Frank's machine:\
+ :cm=CONNECT muffin\n:tc=deep13:
+deep13:Gizmonics Institute terminal server:\
+ :dv=/dev/cuad2:br#38400:at=hayes:du:pa=none:pn=5551234:</programlisting>
+
+ <para>will let you type <command>tip pain</command> or <command>tip
+ muffin</command> to connect to the hosts pain or muffin, and
+ <command>tip deep13</command> to get to the terminal server.</para>
+ </sect2>
+
+ <sect2>
+ <title>Can Tip Try More Than One Line for Each Site?</title>
+
+ <para>This is often a problem where a university has several modem lines
+ and several thousand students trying to use them.</para>
+
+ <para>Make an entry for your university in
+ <filename>/etc/remote</filename> and use <literal>@</literal> for the
+ <literal>pn</literal> capability:</para>
+
+ <programlisting>big-university:\
+ :pn=\@:tc=dialout
+dialout:\
+ :dv=/dev/cuad3:br#9600:at=courier:du:pa=none:</programlisting>
+
+ <para>Then, list the phone numbers for the university in
+ <filename>/etc/phones</filename>:</para>
+
+ <programlisting>big-university 5551111
+big-university 5551112
+big-university 5551113
+big-university 5551114</programlisting>
+
+ <para><command>tip</command> will try each one in the listed order, then
+ give up. If you want to keep retrying, run <command>tip</command> in
+ a while loop.</para>
+ </sect2>
+
+ <sect2>
+ <title>Why Do I Have to Hit
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>P</keycap>
+ </keycombo>
+ Twice to Send
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>P</keycap>
+ </keycombo>
+ Once?</title>
+
+ <para><keycombo action="simul"><keycap>Ctrl</keycap><keycap>P</keycap></keycombo> is the default <quote>force</quote> character, used to tell
+ <command>tip</command> that the next character is literal data. You
+ can set the force character to any other character with the
+ <command>~s</command> escape, which means <quote>set a
+ variable.</quote></para>
+
+ <para>Type
+ <command>~sforce=<replaceable>single-char</replaceable></command>
+ followed by a newline. <replaceable>single-char</replaceable> is any
+ single character. If you leave out
+ <replaceable>single-char</replaceable>, then the force character is
+ the nul character, which you can get by typing
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap><keycap>2</keycap>
+ </keycombo>
+ or
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap><keycap>Space</keycap>
+ </keycombo>.
+ A pretty good value for <replaceable>single-char</replaceable> is
+ <keycombo action="simul">
+ <keycap>Shift</keycap>
+ <keycap>Ctrl</keycap>
+ <keycap>6</keycap>
+ </keycombo>, which is only used on some terminal
+ servers.</para>
+
+ <para>You can have the force character be whatever you want by
+ specifying the following in your <filename>&#36;HOME/.tiprc</filename>
+ file:</para>
+
+ <programlisting>force=&lt;single-char&gt;</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>Suddenly Everything I Type Is in Upper Case??</title>
+
+ <para>You must have pressed
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>A</keycap>
+ </keycombo>, <command>tip</command>'s
+ <quote>raise character,</quote> specially designed for people with
+ broken caps-lock keys. Use <command>~s</command> as above and set the
+ variable <literal>raisechar</literal> to something reasonable. In
+ fact, you can set it to the same as the force character, if you never
+ expect to use either of these features.</para>
+
+ <para>Here is a sample .tiprc file perfect for
+ <application>Emacs</application> users who need to type
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap><keycap>2</keycap>
+ </keycombo>
+ and
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap><keycap>A</keycap>
+ </keycombo>
+ a lot:</para>
+
+ <programlisting>force=^^
+raisechar=^^</programlisting>
+
+ <para>The ^^ is
+ <keycombo action="simul">
+ <keycap>Shift</keycap><keycap>Ctrl</keycap><keycap>6</keycap>
+ </keycombo>.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>How Can I Do File Transfers with <command>tip</command>?</title>
+
+ <para>If you are talking to another &unix; system, you can send and
+ receive files with <command>~p</command> (put) and
+ <command>~t</command> (take). These commands run
+ <command>cat</command> and <command>echo</command> on the remote
+ system to accept and send files. The syntax is:</para>
+
+ <cmdsynopsis>
+ <command>~p</command>
+ <arg choice="plain">local-file</arg>
+ <arg choice="opt">remote-file</arg>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>~t</command>
+ <arg choice="plain">remote-file</arg>
+ <arg choice="opt">local-file</arg>
+ </cmdsynopsis>
+
+ <para>There is no error checking, so you probably should use another
+ protocol, like zmodem.</para>
+ </sect2>
+
+ <sect2>
+ <title>How Can I Run zmodem with <command>tip</command>?</title>
+
+ <para>To receive files, start the sending program on the remote end.
+ Then, type <command>~C rz</command> to begin receiving them
+ locally.</para>
+
+ <para>To send files, start the receiving program on the remote end.
+ Then, type <command>~C sz <replaceable>files</replaceable></command>
+ to send them to the remote system.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="serialconsole-setup">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Kazutaka</firstname>
+ <surname>YOKOTA</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Bill</firstname>
+ <surname>Paul</surname>
+ <contrib>Based on a document by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Setting Up the Serial Console</title>
+ <indexterm><primary>serial console</primary></indexterm>
+
+ <sect2 id="serialconsole-intro">
+ <title>Introduction</title>
+
+ <para>FreeBSD has the ability to boot on a system with only
+ a dumb terminal on a serial port as a console. Such a configuration
+ should be useful for two classes of people: system administrators who
+ wish to install FreeBSD on machines that have no keyboard or monitor
+ attached, and developers who want to debug the kernel or device
+ drivers.</para>
+
+ <para>As described in <xref linkend="boot">, FreeBSD employs a three stage
+ bootstrap. The first two stages are in the boot block code which is
+ stored at the beginning of the FreeBSD slice on the boot disk. The
+ boot block will then load and run the boot loader
+ (<filename>/boot/loader</filename>) as the third stage code.</para>
+
+ <para>In order to set up the serial console you must configure the boot
+ block code, the boot loader code and the kernel.</para>
+
+ </sect2>
+
+ <sect2 id="serialconsole-howto-fast">
+ <title>Serial Console Configuration, Terse Version</title>
+
+ <para>This section assumes that you are using the default setup
+ and just want a fast overview of setting up the serial
+ console.</para>
+
+ <procedure>
+
+ <step>
+ <para>Connect the serial cable to COM1 and the controlling
+ terminal.</para>
+ </step>
+
+ <step>
+ <para>To see all boot messages on the serial console, issue
+ the following command while logged in as the superuser:</para>
+ <screen>&prompt.root; echo 'console="comconsole"' &gt;&gt; /boot/loader.conf</screen>
+ </step>
+
+ <step>
+ <para>Edit <filename>/etc/ttys</filename> and change
+ <literal>off</literal> to <literal>on</literal> and
+ <literal>dialup</literal> to <literal>vt100</literal> for the
+ <literal>ttyd0</literal> entry. Otherwise a password will not be
+ required to connect via the serial console, resulting in a
+ potential security hole.</para>
+ </step>
+
+ <step>
+ <para><para>Reboot the system to see if the changes took effect.</para>
+ </step>
+
+ </procedure>
+
+ <para>If a different configuration is required, a more in depth
+ configuration explanation exists in
+ <xref linkend="serialconsole-howto">.</para>
+ </sect2>
+
+ <sect2 id="serialconsole-howto">
+ <title>Serial Console Configuration</title>
+
+ <procedure>
+ <step>
+ <para>Prepare a serial cable.</para>
+
+ <indexterm><primary>null-modem cable</primary></indexterm>
+ <para>You will need either a null-modem cable or a standard serial
+ cable and a null-modem adapter. See <xref linkend="serial-cables-ports"> for
+ a discussion on serial cables.</para>
+ </step>
+
+ <step>
+ <para>Unplug your keyboard.</para>
+
+ <para>Most PC systems probe for the keyboard during the Power-On
+ Self-Test (POST) and will generate an error if the keyboard is not
+ detected. Some machines complain loudly about the lack of a
+ keyboard and will not continue to boot until it is plugged
+ in.</para>
+
+ <para>If your computer complains about the error, but boots anyway,
+ then you do not have to do anything special. (Some machines with
+ Phoenix BIOS installed merely say <errorname>Keyboard
+ failed</errorname> and continue to boot normally.)</para>
+
+ <para>If your computer refuses to boot without a keyboard attached
+ then you will have to configure the BIOS so that it ignores this
+ error (if it can). Consult your motherboard's manual for details
+ on how to do this.</para>
+
+ <tip>
+ <para>Set the keyboard to <quote>Not installed</quote> in the
+ BIOS setup. You will still
+ be able to use your keyboard. All this does is tell the BIOS
+ not to probe for a keyboard at power-on. Your BIOS should not
+ complain if the keyboard is absent. You can leave the
+ keyboard plugged in even with this flag set to <quote>Not
+ installed</quote> and the keyboard will still work.</para>
+ </tip>
+
+ <note>
+ <para>If your system has a &ps2; mouse, chances are very good that
+ you may have to unplug your mouse as well as your keyboard.
+ This is because &ps2; mice share some hardware with the keyboard
+ and leaving the mouse plugged in can fool the keyboard probe
+ into thinking the keyboard is still there. It is said that a
+ Gateway 2000 Pentium 90&nbsp;MHz system with an AMI BIOS that behaves
+ this way. In general, this is not a problem since the mouse is
+ not much good without the keyboard anyway.</para>
+ </note>
+ </step>
+
+ <step>
+ <para>Plug a dumb terminal into <devicename>COM1</devicename>
+ (<devicename>sio0</devicename>).</para>
+
+ <para>If you do not have a dumb terminal, you can use an old PC/XT
+ with a modem program, or the serial port on another &unix; box. If
+ you do not have a <devicename>COM1</devicename>
+ (<devicename>sio0</devicename>), get one. At this time, there is
+ no way to select a port other than <devicename>COM1</devicename>
+ for the boot blocks without recompiling the boot blocks. If you
+ are already using <devicename>COM1</devicename> for another
+ device, you will have to temporarily remove that device and
+ install a new boot block and kernel once you get FreeBSD up and
+ running. (It is assumed that <devicename>COM1</devicename> will
+ be available on a file/compute/terminal server anyway; if you
+ really need <devicename>COM1</devicename> for something else
+ (and you cannot switch that something else to
+ <devicename>COM2</devicename> (<devicename>sio1</devicename>)),
+ then you probably should not even be bothering with all this in
+ the first place.)</para>
+ </step>
+
+ <step>
+ <para>Make sure the configuration file of your kernel has
+ appropriate flags set for <devicename>COM1</devicename>
+ (<devicename>sio0</devicename>).</para>
+
+ <para>Relevant flags are:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>0x10</literal></term>
+
+ <listitem>
+ <para>Enables console support for this unit. The other
+ console flags are ignored unless this is set. Currently, at
+ most one unit can have console support; the first one (in
+ config file order) with this flag set is preferred. This
+ option alone will not make the serial port the console. Set
+ the following flag or use the <option>-h</option> option
+ described below, together with this flag.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>0x20</literal></term>
+
+ <listitem>
+ <para>Forces this unit to be the console (unless there is
+ another higher priority console), regardless of the
+ <option>-h</option> option discussed below.
+ The flag <literal>0x20</literal> must be used
+ together with the <option>0x10</option> flag.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>0x40</literal></term>
+
+ <listitem>
+ <para>Reserves this unit (in conjunction with
+ <literal>0x10</literal>) and makes the unit
+ unavailable for normal access. You should not set
+ this flag to the serial port unit which you want to
+ use as the serial console. The only use of this
+ flag is to designate the unit for kernel remote
+ debugging. See <ulink
+ url="&url.books.developers-handbook;/index.html">The
+ Developer's Handbook</ulink> for more information on
+ remote debugging.</para>
+
+ <note>
+ <para>In FreeBSD&nbsp;4.0 or later the semantics of the
+ flag <literal>0x40</literal> are slightly different and
+ there is another flag to specify a serial port for remote
+ debugging.</para>
+ </note>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Example:</para>
+
+ <programlisting>device sio0 at isa? port IO_COM1 flags 0x10 irq 4</programlisting>
+
+ <para>See the &man.sio.4; manual page for more details.</para>
+
+ <para>If the flags were not set, you need to run UserConfig (on a
+ different console) or recompile the kernel.</para>
+ </step>
+
+ <step>
+ <para>Create <filename>boot.config</filename> in the root directory
+ of the <literal>a</literal> partition on the boot drive.</para>
+
+ <para>This file will instruct the boot block code how you would like
+ to boot the system. In order to activate the serial console, you
+ need one or more of the following options&mdash;if you want
+ multiple options, include them all on the same line:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-h</option></term>
+
+ <listitem>
+ <para>Toggles internal and serial consoles. You can use this
+ to switch console devices. For instance, if you boot from
+ the internal (video) console, you can use
+ <option>-h</option> to direct the boot loader and the kernel
+ to use the serial port as its console device. Alternatively,
+ if you boot from the serial port, you can use the
+ <option>-h</option> to tell the boot loader and the kernel
+ to use the video display as the console instead.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-D</option></term>
+
+ <listitem>
+ <para>Toggles single and dual console configurations. In the
+ single configuration the console will be either the internal
+ console (video display) or the serial port, depending on the
+ state of the <option>-h</option> option above. In the dual
+ console configuration, both the video display and the
+ serial port will become the console at the same time,
+ regardless of the state of the <option>-h</option> option.
+ However, note that the dual console configuration takes effect
+ only during the boot block is running. Once the boot loader
+ gets control, the console specified by the
+ <option>-h</option> option becomes the only console.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-P</option></term>
+
+ <listitem>
+ <para>Makes the boot block probe the keyboard. If no keyboard
+ is found, the <option>-D</option> and <option>-h</option>
+ options are automatically set.</para>
+
+ <note>
+ <para>Due to space constraints in the current version of the
+ boot blocks, the <option>-P</option> option is capable of
+ detecting extended keyboards only. Keyboards with less
+ than 101 keys (and without F11 and F12 keys) may not be
+ detected. Keyboards on some laptop computers may not be
+ properly found because of this limitation. If this is
+ the case with your system, you have to abandon using
+ the <option>-P</option> option. Unfortunately there is no
+ workaround for this problem.</para>
+ </note>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Use either the <option>-P</option> option to select the
+ console automatically, or the <option>-h</option> option to
+ activate the serial console.</para>
+
+ <para>You may include other options described in &man.boot.8; as
+ well.</para>
+
+ <para>The options, except for <option>-P</option>, will be passed to
+ the boot loader (<filename>/boot/loader</filename>). The boot
+ loader will determine which of the internal video or the serial
+ port should become the console by examining the state of the
+ <option>-h</option> option alone. This means that if you specify
+ the <option>-D</option> option but not the <option>-h</option>
+ option in <filename>/boot.config</filename>, you can use the
+ serial port as the console only during the boot block; the boot
+ loader will use the internal video display as the console.</para>
+ </step>
+
+ <step>
+ <para>Boot the machine.</para>
+
+ <para>When you start your FreeBSD box, the boot blocks will echo the
+ contents of <filename>/boot.config</filename> to the console. For
+ example:</para>
+
+ <screen>/boot.config: -P
+Keyboard: no</screen>
+
+ <para>The second line appears only if you put <option>-P</option> in
+ <filename>/boot.config</filename> and indicates presence/absence
+ of the keyboard. These messages go to either serial or internal
+ console, or both, depending on the option in
+ <filename>/boot.config</filename>.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry align="left">Options</entry>
+ <entry align="left">Message goes to</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>none</entry>
+ <entry>internal console</entry>
+ </row>
+
+ <row>
+ <entry><option>-h</option></entry>
+ <entry>serial console</entry>
+ </row>
+
+ <row>
+ <entry><option>-D</option></entry>
+ <entry>serial and internal consoles</entry>
+ </row>
+
+ <row>
+ <entry><option>-Dh</option></entry>
+ <entry>serial and internal consoles</entry>
+ </row>
+
+ <row>
+ <entry><option>-P</option>, keyboard present</entry>
+ <entry>internal console</entry>
+ </row>
+
+ <row>
+ <entry><option>-P</option>, keyboard absent</entry>
+ <entry>serial console</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>After the above messages, there will be a small pause before
+ the boot blocks continue loading the boot loader and before any
+ further messages printed to the console. Under normal
+ circumstances, you do not need to interrupt the boot blocks, but
+ you may want to do so in order to make sure things are set up
+ correctly.</para>
+
+ <para>Hit any key, other than <keycode>Enter</keycode>, at the console to
+ interrupt the boot process. The boot blocks will then prompt you
+ for further action. You should now see something like:</para>
+
+ <screen>>> FreeBSD/i386 BOOT
+Default: 0:ad(0,a)/boot/loader
+boot:</screen>
+
+ <para>Verify the above message appears on either the serial or
+ internal console or both, according to the options you put in
+ <filename>/boot.config</filename>. If the message appears in the
+ correct console, hit <keycode>Enter</keycode> to continue the boot
+ process.</para>
+
+ <para>If you want the serial console but you do not see the prompt
+ on the serial terminal, something is wrong with your settings. In
+ the meantime, you enter <option>-h</option> and hit Enter/Return
+ (if possible) to tell the boot block (and then the boot loader and
+ the kernel) to choose the serial port for the console. Once the
+ system is up, go back and check what went wrong.</para>
+ </step>
+ </procedure>
+
+ <para>After the boot loader is loaded and you are in the third stage of
+ the boot process you can still switch between the internal console and
+ the serial console by setting appropriate environment variables in the
+ boot loader. See <xref linkend="serialconsole-loader">.</para>
+ </sect2>
+
+ <sect2 id="serialconsole-summary">
+ <title>Summary</title>
+
+ <para>Here is the summary of various settings discussed in this section
+ and the console eventually selected.</para>
+
+ <sect3>
+ <title>Case 1: You Set the Flags to 0x10 for
+ <devicename>sio0</devicename></title>
+
+ <programlisting>device sio0 at isa? port IO_COM1 flags 0x10 irq 4</programlisting>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry align="left">Options in /boot.config</entry>
+ <entry align="left">Console during boot blocks</entry>
+ <entry align="left">Console during boot loader</entry>
+ <entry align="left">Console in kernel</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>nothing</entry>
+ <entry>internal</entry>
+ <entry>internal</entry>
+ <entry>internal</entry>
+ </row>
+
+ <row>
+ <entry><option>-h</option></entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ </row>
+
+ <row>
+ <entry><option>-D</option></entry>
+ <entry>serial and internal</entry>
+ <entry>internal</entry>
+ <entry>internal</entry>
+ </row>
+
+ <row>
+ <entry><option>-Dh</option></entry>
+ <entry>serial and internal</entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ </row>
+
+ <row>
+ <entry><option>-P</option>, keyboard present</entry>
+ <entry>internal</entry>
+ <entry>internal</entry>
+ <entry>internal</entry>
+ </row>
+
+ <row>
+ <entry><option>-P</option>, keyboard absent</entry>
+ <entry>serial and internal</entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect3>
+
+ <sect3>
+ <title>Case 2: You Set the Flags to 0x30 for sio0</title>
+
+ <programlisting>device sio0 at isa? port IO_COM1 flags 0x30 irq 4</programlisting>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry align="left">Options in /boot.config</entry>
+ <entry align="left">Console during boot blocks</entry>
+ <entry align="left">Console during boot loader</entry>
+ <entry align="left">Console in kernel</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>nothing</entry>
+ <entry>internal</entry>
+ <entry>internal</entry>
+ <entry>serial</entry>
+ </row>
+
+ <row>
+ <entry><option>-h</option></entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ </row>
+
+ <row>
+ <entry><option>-D</option></entry>
+ <entry>serial and internal</entry>
+ <entry>internal</entry>
+ <entry>serial</entry>
+ </row>
+
+ <row>
+ <entry><option>-Dh</option></entry>
+ <entry>serial and internal</entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ </row>
+
+ <row>
+ <entry><option>-P</option>, keyboard present</entry>
+ <entry>internal</entry>
+ <entry>internal</entry>
+ <entry>serial</entry>
+ </row>
+
+ <row>
+ <entry><option>-P</option>, keyboard absent</entry>
+ <entry>serial and internal</entry>
+ <entry>serial</entry>
+ <entry>serial</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect3>
+ </sect2>
+
+ <sect2 id="serialconsole-tips">
+ <title>Tips for the Serial Console</title>
+
+ <sect3>
+ <title>Setting a Faster Serial Port Speed</title>
+
+ <para>By default, the serial port settings are: 9600 baud, 8
+ bits, no parity, and 1 stop bit. If you wish to change the speed, you
+ need to recompile at least the boot blocks. Add the following line
+ to <filename>/etc/make.conf</filename> and compile new boot
+ blocks:</para>
+
+ <programlisting>BOOT_COMCONSOLE_SPEED=19200</programlisting>
+
+ <para>See <xref linkend="serialconsole-com2"> for detailed
+ instructions about building and installing new boot blocks.</para>
+
+ <para>If the serial console is configured in some other way than by
+ booting with <option>-h</option>, or if the serial console used by
+ the kernel is different from the one used by the boot blocks, then
+ you must also add the following option to the kernel configuration
+ file and compile a new kernel:</para>
+
+ <programlisting>options CONSPEED=19200</programlisting>
+ </sect3>
+
+ <sect3 id="serialconsole-com2">
+ <title>Using Serial Port Other Than <devicename>sio0</devicename> for
+ the Console</title>
+
+ <para>Using a port other than <devicename>sio0</devicename> as the
+ console requires some recompiling. If you want to use another
+ serial port for whatever reasons, recompile the boot blocks, the
+ boot loader and the kernel as follows.</para>
+
+ <procedure>
+ <step>
+ <para>Get the kernel source. (See <xref linkend="cutting-edge">)</para>
+ </step>
+
+ <step>
+ <para>Edit <filename>/etc/make.conf</filename> and set
+ <literal>BOOT_COMCONSOLE_PORT</literal> to the address of the
+ port you want to use (0x3F8, 0x2F8, 0x3E8 or 0x2E8). Only
+ <devicename>sio0</devicename> through
+ <devicename>sio3</devicename> (<devicename>COM1</devicename>
+ through <devicename>COM4</devicename>) can be used; multiport
+ serial cards will not work. No interrupt setting is
+ needed.</para>
+ </step>
+
+ <step>
+ <para>Create a custom kernel configuration file and add
+ appropriate flags for the serial port you want to use. For
+ example, if you want to make <devicename>sio1</devicename>
+ (<devicename>COM2</devicename>) the console:</para>
+
+ <programlisting>device sio1 at isa? port IO_COM2 flags 0x10 irq 3</programlisting>
+
+ <para>or</para>
+
+ <programlisting>device sio1 at isa? port IO_COM2 flags 0x30 irq 3</programlisting>
+
+ <para>The console flags for the other serial ports should not be
+ set.</para>
+ </step>
+
+ <step>
+ <para>Recompile and install the boot blocks and the boot loader:</para>
+
+ <screen>&prompt.root; <userinput>cd /sys/boot</userinput>
+&prompt.root; <userinput>make clean</userinput>
+&prompt.root; <userinput>make</userinput>
+&prompt.root; <userinput>make install</userinput></screen>
+ </step>
+
+ <step>
+ <para>Rebuild and install the kernel.</para>
+ </step>
+
+ <step>
+ <para>Write the boot blocks to the boot disk with
+ &man.disklabel.8; and boot from the new kernel.</para>
+ </step>
+ </procedure>
+ </sect3>
+
+ <sect3 id="serialconsole-ddb">
+ <title>Entering the DDB Debugger from the Serial Line</title>
+
+ <para>If you wish to drop into the kernel debugger from the serial
+ console (useful for remote diagnostics, but also dangerous if you
+ generate a spurious BREAK on the serial port!) then you should
+ compile your kernel with the following options:</para>
+
+ <programlisting>options BREAK_TO_DEBUGGER
+options DDB</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Getting a Login Prompt on the Serial Console</title>
+
+ <para>While this is not required, you may wish to get a
+ <emphasis>login</emphasis> prompt over the serial line, now that you
+ can see boot messages and can enter the kernel debugging session
+ through the serial console. Here is how to do it.</para>
+
+ <para>Open the file <filename>/etc/ttys</filename> with an editor
+ and locate the lines:</para>
+
+ <programlisting>ttyd0 "/usr/libexec/getty std.9600" unknown off secure
+ttyd1 "/usr/libexec/getty std.9600" unknown off secure
+ttyd2 "/usr/libexec/getty std.9600" unknown off secure
+ttyd3 "/usr/libexec/getty std.9600" unknown off secure</programlisting>
+
+ <para><literal>ttyd0</literal> through <literal>ttyd3</literal>
+ corresponds to <devicename>COM1</devicename> through
+ <devicename>COM4</devicename>. Change <literal>off</literal> to
+ <literal>on</literal> for the desired port. If you have changed the
+ speed of the serial port, you need to change
+ <literal>std.9600</literal> to match the current setting, e.g.
+ <literal>std.19200</literal>.</para>
+
+ <para>You may also want to change the terminal type from
+ <literal>unknown</literal> to the actual type of your serial
+ terminal.</para>
+
+ <para>After editing the file, you must <command>kill -HUP 1</command>
+ to make this change take effect.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="serialconsole-loader">
+ <title>Changing Console from the Boot Loader</title>
+
+ <para>Previous sections described how to set up the serial console by
+ tweaking the boot block. This section shows that you can specify the
+ console by entering some commands and environment variables in the
+ boot loader. As the boot loader is invoked at the third stage of the
+ boot process, after the boot block, the settings in the boot loader
+ will override the settings in the boot block.</para>
+
+ <sect3>
+ <title>Setting Up the Serial Console</title>
+
+ <para>You can easily specify the boot loader and the kernel to use the
+ serial console by writing just one line in
+ <filename>/boot/loader.rc</filename>:</para>
+
+ <programlisting>set console="comconsole"</programlisting>
+
+ <para>This will take effect regardless of the settings in the boot
+ block discussed in the previous section.</para>
+
+ <para>You had better put the above line as the first line of
+ <filename>/boot/loader.rc</filename> so as to see boot messages on
+ the serial console as early as possible.</para>
+
+ <para>Likewise, you can specify the internal console as:</para>
+
+ <programlisting>set console="vidconsole"</programlisting>
+
+ <para>If you do not set the boot loader environment variable
+ <envar>console</envar>, the boot loader, and subsequently the
+ kernel, will use whichever console indicated by the
+ <option>-h</option> option in the boot block.</para>
+
+ <para>In versions 3.2 or later, you may specify the console in
+ <filename>/boot/loader.conf.local</filename> or
+ <filename>/boot/loader.conf</filename>, rather than in
+ <filename>/boot/loader.rc</filename>. In this method your
+ <filename>/boot/loader.rc</filename> should look like:</para>
+
+ <programlisting>include /boot/loader.4th
+start</programlisting>
+
+ <para>Then, create <filename>/boot/loader.conf.local</filename> and
+ put the following line there.</para>
+
+ <programlisting>console=comconsole</programlisting>
+
+ <para>or</para>
+
+ <programlisting>console=vidconsole</programlisting>
+
+ <para>See &man.loader.conf.5; for more information.</para>
+
+ <note>
+ <para>At the moment, the boot loader has no option equivalent to the
+ <option>-P</option> option in the boot block, and there is no
+ provision to automatically select the internal console and the
+ serial console based on the presence of the keyboard.</para>
+ </note>
+ </sect3>
+
+ <sect3>
+ <title>Using a Serial Port Other Than <devicename>sio0</devicename> for
+ the Console</title>
+
+ <para>You need to recompile the boot loader to use a serial port other
+ than <devicename>sio0</devicename> for the serial console. Follow the
+ procedure described in <xref linkend="serialconsole-com2">.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="serialconsole-caveats">
+ <title>Caveats</title>
+
+ <para>The idea here is to allow people to set up dedicated servers that
+ require no graphics hardware or attached keyboards. Unfortunately,
+ while most systems will let you boot without a keyboard, there
+ are quite a few that will not let you boot without a graphics adapter.
+ Machines with AMI BIOSes can be configured to boot with no graphics
+ adapter installed simply by changing the <quote>graphics adapter</quote> setting in
+ the CMOS configuration to <quote>Not installed.</quote></para>
+
+ <para>However, many machines do not support this option and will refuse
+ to boot if you have no display hardware in the system. With these
+ machines, you will have to leave some kind of graphics card plugged in,
+ (even if it is just a junky mono board) although you will not have to
+ attach a monitor. You might also try installing an AMI
+ BIOS.</para>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/handbook/txtfiles.ent b/zh_TW.Big5/books/handbook/txtfiles.ent
new file mode 100644
index 0000000000..80dbca6982
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/txtfiles.ent
@@ -0,0 +1,71 @@
+<!--
+ Creates entities for each .txt screenshot that is included in the
+ Handbook.
+
+ Each entity is named txt.dir.foo, where dir is the directory in
+ which it is stored, and foo is its filename, without the '.txt'
+ extension.
+
+ Entities should be listed in alphabetical order.
+
+ $FreeBSD$
+-->
+
+<!ENTITY txt.install.adduser1 SYSTEM "install/adduser1.txt">
+<!ENTITY txt.install.adduser2 SYSTEM "install/adduser2.txt">
+<!ENTITY txt.install.adduser3 SYSTEM "install/adduser3.txt">
+<!ENTITY txt.install.boot-mgr SYSTEM "install/boot-mgr.txt">
+<!ENTITY txt.install.console-saver1 SYSTEM "install/console-saver1.txt">
+<!ENTITY txt.install.console-saver2 SYSTEM "install/console-saver2.txt">
+<!ENTITY txt.install.console-saver3 SYSTEM "install/console-saver3.txt">
+<!ENTITY txt.install.console-saver4 SYSTEM "install/console-saver4.txt">
+<!ENTITY txt.install.desktop SYSTEM "install/desktop.txt">
+<!ENTITY txt.install.disklabel-auto SYSTEM "install/disklabel-auto.txt">
+<!ENTITY txt.install.disklabel-ed1 SYSTEM "install/disklabel-ed1.txt">
+<!ENTITY txt.install.disklabel-ed2 SYSTEM "install/disklabel-ed2.txt">
+<!ENTITY txt.install.disklabel-fs SYSTEM "install/disklabel-fs.txt">
+<!ENTITY txt.install.disklabel-root1 SYSTEM "install/disklabel-root1.txt">
+<!ENTITY txt.install.disklabel-root2 SYSTEM "install/disklabel-root2.txt">
+<!ENTITY txt.install.disklabel-root3 SYSTEM "install/disklabel-root3.txt">
+<!ENTITY txt.install.dist-set SYSTEM "install/dist-set.txt">
+<!ENTITY txt.install.dist-set2 SYSTEM "install/dist-set2.txt">
+<!ENTITY txt.install.docmenu1 SYSTEM "install/docmenu1.txt">
+<!ENTITY txt.install.ed0-conf SYSTEM "install/ed0-conf.txt">
+<!ENTITY txt.install.ed0-conf2 SYSTEM "install/ed0-conf2.txt">
+<!ENTITY txt.install.edit-inetd-conf SYSTEM "install/edit-inetd-conf.txt">
+<!ENTITY txt.install.fdisk-drive1 SYSTEM "install/fdisk-drive1.txt">
+<!ENTITY txt.install.fdisk-drive2 SYSTEM "install/fdisk-drive2.txt">
+<!ENTITY txt.install.fdisk-edit1 SYSTEM "install/fdisk-edit1.txt">
+<!ENTITY txt.install.fdisk-edit2 SYSTEM "install/fdisk-edit2.txt">
+<!ENTITY txt.install.ftp-anon1 SYSTEM "install/ftp-anon1.txt">
+<!ENTITY txt.install.ftp-anon2 SYSTEM "install/ftp-anon2.txt">
+<!ENTITY txt.install.hdwrconf SYSTEM "install/hdwrconf.txt">
+<!ENTITY txt.install.keymap SYSTEM "install/keymap.txt">
+<!ENTITY txt.install.main-doc SYSTEM "install/main-doc.txt">
+<!ENTITY txt.install.main-keymap SYSTEM "install/main-keymap.txt">
+<!ENTITY txt.install.main-options SYSTEM "install/main-options.txt">
+<!ENTITY txt.install.main-std SYSTEM "install/main-std.txt">
+<!ENTITY txt.install.main1 SYSTEM "install/main1.txt">
+<!ENTITY txt.install.mainexit SYSTEM "install/mainexit.txt">
+<!ENTITY txt.install.media SYSTEM "install/media.txt">
+<!ENTITY txt.install.mouse1 SYSTEM "install/mouse1.txt">
+<!ENTITY txt.install.mouse2 SYSTEM "install/mouse2.txt">
+<!ENTITY txt.install.mouse3 SYSTEM "install/mouse3.txt">
+<!ENTITY txt.install.mouse4 SYSTEM "install/mouse4.txt">
+<!ENTITY txt.install.mouse5 SYSTEM "install/mouse5.txt">
+<!ENTITY txt.install.mouse6 SYSTEM "install/mouse6.txt">
+<!ENTITY txt.install.nfs-server-edit SYSTEM "install/nfs-server-edit.txt">
+<!ENTITY txt.install.options SYSTEM "install/options.txt">
+<!ENTITY txt.install.pkg-cat SYSTEM "install/pkg-cat.txt">
+<!ENTITY txt.install.pkg-confirm SYSTEM "install/pkg-confirm.txt">
+<!ENTITY txt.install.pkg-install SYSTEM "install/pkg-install.txt">
+<!ENTITY txt.install.pkg-sel SYSTEM "install/pkg-sel.txt">
+<!ENTITY txt.install.probstart SYSTEM "install/probstart.txt">
+<!ENTITY txt.install.security SYSTEM "install/security.txt">
+<!ENTITY txt.install.sysinstall-exit SYSTEM "install/sysinstall-exit.txt">
+<!ENTITY txt.install.timezone1 SYSTEM "install/timezone1.txt">
+<!ENTITY txt.install.timezone2 SYSTEM "install/timezone2.txt">
+<!ENTITY txt.install.timezone3 SYSTEM "install/timezone3.txt">
+<!ENTITY txt.install.userconfig SYSTEM "../../../share/images/books/handbook/install/userconfig.txt">
+<!ENTITY txt.install.userconfig2 SYSTEM "../../../share/images/books/handbook/install/userconfig2.txt">
+<!ENTITY txt.install.xf86setup SYSTEM "install/xf86setup.txt">
diff --git a/zh_TW.Big5/books/handbook/users/Makefile b/zh_TW.Big5/books/handbook/users/Makefile
new file mode 100644
index 0000000000..dfa2918b7b
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/users/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= users/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/users/chapter.sgml b/zh_TW.Big5/books/handbook/users/chapter.sgml
new file mode 100644
index 0000000000..68c3ec3df0
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/users/chapter.sgml
@@ -0,0 +1,1118 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="users">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Neil</firstname>
+ <surname>Blakey-Milner</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- Feb 2000 -->
+ </chapterinfo>
+
+ <title>Users and Basic Account Management</title>
+
+ <sect1 id="users-synopsis">
+ <title>Synopsis</title>
+
+ <para>FreeBSD allows multiple users to use the computer at the same time.
+ Obviously, only one of those users can be sitting in front of the screen and
+ keyboard at any one time
+ <footnote>
+ <para>Well, unless you hook up multiple terminals, but we will
+ save that for <xref linkend="serialcomms">.</para>
+ </footnote>, but any number of users can log in through the
+ network to get their work done. To use the system every user must have
+ an account.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The differences between the various user accounts on a FreeBSD
+ system.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to add user accounts.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to remove user accounts.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to change account details, such as the user's full name, or
+ preferred shell.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set limits on a per-account basis, to control the
+ resources such as memory and CPU time that accounts and groups of
+ accounts are allowed to access.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use groups to make account management easier.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Understand the basics of &unix; and FreeBSD (<xref
+ linkend="basics">).</para>
+ </listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="users-introduction">
+ <title>Introduction</title>
+
+ <para>All access to the system is achieved via accounts, and all
+ processes are run by users, so user and account management are
+ of integral importance on FreeBSD systems.</para>
+
+ <para>Every account on a FreeBSD system has certain information associated
+ with it to identify the account.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>User name</term>
+
+ <listitem>
+ <para>The user name as it would be typed at the
+ <prompt>login:</prompt> prompt. User names must be unique across
+ the computer; you may not have two users with the same
+ user name. There are a number of rules for creating valid user
+ names, documented in &man.passwd.5;; you would typically use user
+ names that consist of eight or fewer all lower case
+ characters.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Password</term>
+
+ <listitem>
+ <para>Each account has a password associated with it. The password
+ may be blank, in which case no password will be required to access
+ the system. This is normally a very bad idea; every account
+ should have a password.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>User ID (UID)</term>
+
+ <listitem>
+ <para>The UID is a number, traditionally from 0 to 65535<footnote id="users-largeuidgid">
+ <para>It is possible to use UID/GIDs as large as
+ 4294967295, but such IDs can cause serious problems
+ with software that makes assumptions about the values
+ of IDs.</para>
+ </footnote>, used to uniquely identify
+ the user to the system. Internally, FreeBSD uses the UID to
+ identify users&mdash;any FreeBSD commands that allow you to
+ specify a user name will convert it to the UID before working with
+ it. This means that you can have several accounts with different
+ user names but the same UID. As far as FreeBSD is concerned these
+ accounts are one user. It is unlikely you will ever need to do
+ this.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Group ID (GID)</term>
+
+ <listitem>
+ <para>The GID is a number, traditionally from 0 to 65535<footnoteref linkend="users-largeuidgid">, used to uniquely identify
+ the primary group that the user belongs to. Groups are a
+ mechanism for controlling access to resources based on a user's
+ GID rather than their UID. This can significantly reduce the size
+ of some configuration files. A user may also be in more than one
+ group.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Login class</term>
+
+ <listitem>
+ <para>Login classes are an extension to the group mechanism that
+ provide additional flexibility when tailoring the system to
+ different users.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Password change time</term>
+
+ <listitem>
+ <para>By default FreeBSD does not force users to change their
+ passwords periodically. You can enforce this on a per-user basis,
+ forcing some or all of your users to change their passwords after
+ a certain amount of time has elapsed.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Account expiry time</term>
+
+ <listitem>
+ <para>By default FreeBSD does not expire accounts. If you are
+ creating accounts that you know have a limited lifespan, for
+ example, in a school where you have accounts for the students,
+ then you can specify when the account expires. After the expiry
+ time has elapsed the account cannot be used to log in to the
+ system, although the account's directories and files will
+ remain.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>User's full name</term>
+
+ <listitem>
+ <para>The user name uniquely identifies the account to FreeBSD, but
+ does not necessarily reflect the user's real name. This
+ information can be associated with the account.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Home directory</term>
+
+ <listitem>
+ <para>The home directory is the full path to a directory on the
+ system in which the user will start when logging on to the
+ system. A common convention is to put all user home directories
+ under
+ <filename>/home/<replaceable>username</replaceable></filename>
+ or <filename>/usr/home/<replaceable>username</replaceable></filename>.
+ The user would store their personal files in their home directory,
+ and any directories they may create in there.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>User shell</term>
+
+ <listitem>
+ <para>The shell provides the default environment users use to
+ interact with the system. There are many different kinds of
+ shells, and experienced users will have their own preferences,
+ which can be reflected in their account settings.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>There are three main types of accounts: the <link
+ linkend="users-superuser">Superuser</link>, <link
+ linkend="users-system">system users</link>, and <link
+ linkend="users-user">user accounts</link>. The Superuser
+ account, usually called <username>root</username>, is used to
+ manage the system with no limitations on privileges. System
+ users run services. Finally, user accounts are used by real
+ people, who log on, read mail, and so forth.</para>
+ </sect1>
+
+ <sect1 id="users-superuser">
+ <title>The Superuser Account</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>superuser (root)</secondary>
+ </indexterm>
+ <para>The superuser account, usually called
+ <username>root</username>, comes preconfigured to facilitate
+ system administration, and should not be used for day-to-day
+ tasks like sending and receiving mail, general exploration of
+ the system, or programming.</para>
+
+ <para>This is because the superuser, unlike normal user accounts,
+ can operate without limits, and misuse of the superuser account
+ may result in spectacular disasters. User accounts are unable
+ to destroy the system by mistake, so it is generally best to use
+ normal user accounts whenever possible, unless you especially
+ need the extra privilege.</para>
+
+ <para>You should always double and triple-check commands you issue
+ as the superuser, since an extra space or missing character can
+ mean irreparable data loss.</para>
+
+ <para>So, the first thing you should do after reading this
+ chapter is to create an unprivileged user account for yourself
+ for general usage if you have not already. This applies equally
+ whether you are running a multi-user or single-user machine.
+ Later in this chapter, we discuss how to create additional
+ accounts, and how to change between the normal user and
+ superuser.</para>
+ </sect1>
+
+ <sect1 id="users-system">
+ <title>System Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>system</secondary>
+ </indexterm>
+ <para>System users are those used to run services such as DNS,
+ mail, web servers, and so forth. The reason for this is
+ security; if all services ran as the superuser, they could
+ act without restriction.</para>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>daemon</username></secondary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>operator</username></secondary>
+ </indexterm>
+ <para>Examples of system users are <username>daemon</username>,
+ <username>operator</username>, <username>bind</username> (for
+ the Domain Name Service), <username>news</username>, and
+ <username>www</username>.</para>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>nobody</username></secondary>
+ </indexterm>
+ <para><username>nobody</username> is the generic unprivileged
+ system user. However, it is important to keep in mind that the
+ more services that use <username>nobody</username>, the more
+ files and processes that user will become associated with, and
+ hence the more privileged that user becomes.</para>
+ </sect1>
+
+ <sect1 id="users-user">
+ <title>User Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>user</secondary>
+ </indexterm>
+ <para>User accounts are the primary means of access for real
+ people to the system, and these accounts insulate the user and
+ the environment, preventing the users from damaging the system
+ or other users, and allowing users to customize their
+ environment without affecting others.</para>
+
+ <para>Every person accessing your system should have a unique user
+ account. This allows you to find out who is doing what, prevent
+ people from clobbering each others' settings or reading each
+ others' mail, and so forth.</para>
+
+ <para>Each user can set up their own environment to accommodate
+ their use of the system, by using alternate shells, editors, key
+ bindings, and language.</para>
+ </sect1>
+
+ <sect1 id="users-modifying">
+ <title>Modifying Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>modifying</secondary>
+ </indexterm>
+
+ <para>There are a variety of different commands available in the
+ &unix; environment to manipulate user accounts. The most common
+ commands are summarized below, followed by more detailed
+ examples of their usage.</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <colspec colwidth="1*">
+ <colspec colwidth="2*">
+
+ <thead>
+ <row>
+ <entry>Command</entry>
+ <entry>Summary</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>&man.adduser.8;</entry>
+ <entry>The recommended command-line application for adding
+ new users.</entry>
+ </row>
+ <row>
+ <entry>&man.rmuser.8;</entry>
+ <entry>The recommended command-line application for
+ removing users.</entry>
+ </row>
+ <row>
+ <entry>&man.chpass.1;</entry>
+ <entry>A flexible tool to change user database information.</entry>
+ </row>
+ <row>
+ <entry>&man.passwd.1;</entry>
+ <entry>The simple command-line tool to change user
+ passwords.</entry>
+ </row>
+ <row>
+ <entry>&man.pw.8;</entry>
+ <entry>A powerful and flexible tool to modify all aspects
+ of user accounts.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <sect2 id="users-adduser">
+ <title><command>adduser</command></title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>adding</secondary>
+ </indexterm>
+ <indexterm>
+ <primary><command>adduser</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename class="directory">/usr/share/skel</filename></primary>
+ </indexterm>
+ <indexterm><primary>skeleton directory</primary></indexterm>
+ <para>&man.adduser.8; is a simple program for
+ adding new users. It creates entries in the system
+ <filename>passwd</filename> and <filename>group</filename>
+ files. It will also create a home directory for the new user,
+ copy in the default configuration files (<quote>dotfiles</quote>) from
+ <filename>/usr/share/skel</filename>, and can optionally mail
+ the new user a welcome message.</para>
+
+ <para>In &os;&nbsp;5.0, &man.adduser.8; was rewritten from a
+ Perl script to a shell script that acts as wrapper around
+ &man.pw.8;, so its usage is slightly different on &os;&nbsp;4.X
+ and &os;&nbsp;5.X.</para>
+
+ <para>To create the initial configuration file, use
+ <command>adduser -s -config_create</command>.
+ <footnote>
+ <para>The <option>-s</option> makes &man.adduser.8;
+ default to
+ quiet. We use <option>-v</option> later when we want to
+ change defaults.</para>
+ </footnote>
+ Next, we configure &man.adduser.8;
+ defaults, and create our first user account, since using
+ <username>root</username> for normal usage is evil and
+ nasty.</para>
+
+ <example>
+ <title>Configuring <command>adduser</command> and adding a
+ user on &os;&nbsp;4.X</title>
+
+ <screen>&prompt.root; <userinput>adduser -v</userinput>
+Use option ``-silent'' if you don't want to see all warnings and questions.
+Check /etc/shells
+Check /etc/master.passwd
+Check /etc/group
+Enter your default shell: csh date no sh tcsh zsh [sh]: <userinput>zsh</userinput>
+Your default shell is: zsh -&gt; /usr/local/bin/zsh
+Enter your default HOME partition: [/home]:
+Copy dotfiles from: /usr/share/skel no [/usr/share/skel]:
+Send message from file: /etc/adduser.message no
+[/etc/adduser.message]: <userinput>no</userinput>
+Do not send message
+Use passwords (y/n) [y]: <userinput>y</userinput>
+
+Write your changes to /etc/adduser.conf? (y/n) [n]: <userinput>y</userinput>
+
+Ok, let's go.
+Don't worry about mistakes. I will give you the chance later to correct any input.
+Enter username [a-z0-9_-]: <userinput>jru</userinput>
+Enter full name []: <userinput>J. Random User</userinput>
+Enter shell csh date no sh tcsh zsh [zsh]:
+Enter home directory (full path) [/home/jru]:
+Uid [1001]:
+Enter login class: default []:
+Login group jru [jru]:
+Login group is ``jru''. Invite jru into other groups: guest no
+[no]: <userinput>wheel</userinput>
+Enter password []:
+Enter password again []:
+
+Name: jru
+Password: ****
+Fullname: J. Random User
+Uid: 1001
+Gid: 1001 (jru)
+Class:
+Groups: jru wheel
+HOME: /home/jru
+Shell: /usr/local/bin/zsh
+OK? (y/n) [y]: <userinput>y</userinput>
+Added user ``jru''
+Copy files from /usr/share/skel to /home/jru
+Add another user? (y/n) [y]: <userinput>n</userinput>
+Goodbye!
+&prompt.root;</screen>
+ </example>
+
+ <para>In summary, we changed the default shell to
+ <application>zsh</application> (an additional shell found in
+ the Ports Collection), and turned off the sending of a welcome mail to
+ added users. We then saved the configuration,
+ created an account for <username>jru</username>, and made
+ sure <username>jru</username> is in <username>wheel</username>
+ group (so that she may assume the role of
+ <username>root</username> with the &man.su.1;
+ command.)</para>
+
+ <note>
+ <para>The password you type in is not echoed, nor are asterisks
+ displayed. Make sure that you do not mistype the password.
+ </para>
+ </note>
+
+ <note>
+ <para>Just use &man.adduser.8; without arguments
+ from now on, and you will not have to go through changing the
+ defaults. If the program asks you to change the defaults,
+ exit the program, and try the <option>-s</option>
+ option.</para>
+ </note>
+
+ <example>
+ <title>Adding a user on &os;&nbsp;5.X</title>
+
+ <screen>&prompt.root; <userinput>adduser</userinput>
+Username: <userinput>jru</userinput>
+Full name: <userinput>J. Random User</userinput>
+Uid (Leave empty for default):
+Login group [jru]:
+Login group is jru. Invite jru into other groups? []: <userinput>wheel</userinput>
+Login class [default]:
+Shell (sh csh tcsh zsh nologin) [sh]: <userinput>zsh</userinput>
+Home directory [/home/jru]:
+Use password-based authentication? [yes]:
+Use an empty password? (yes/no) [no]:
+Use a random password? (yes/no) [no]:
+Enter password:
+Enter password again:
+Lock out the account after creation? [no]:
+Username : jru
+Password : ****
+Full Name : J. Random User
+Uid : 1001
+Class :
+Groups : jru wheel
+Home : /home/jru
+Shell : /usr/local/bin/zsh
+Locked : no
+OK? (yes/no): <userinput>yes</userinput>
+adduser: INFO: Successfully added (jru) to the user database.
+Add another user? (yes/no): <userinput>no</userinput>
+Goodbye!
+&prompt.root;</screen>
+ </example>
+ </sect2>
+
+ <sect2 id="users-rmuser">
+ <title><command>rmuser</command></title>
+
+ <indexterm><primary><command>rmuser</command></primary></indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>removing</secondary>
+ </indexterm>
+
+ <para>You can use &man.rmuser.8; to
+ completely remove a user from the system.
+ &man.rmuser.8; performs the following
+ steps:</para>
+
+ <procedure>
+ <step>
+ <para>Removes the user's &man.crontab.1; entry (if
+ any).</para>
+ </step>
+ <step>
+ <para>Removes any &man.at.1; jobs belonging to the
+ user.</para>
+ </step>
+ <step>
+ <para>Kills all processes owned by the user.</para>
+ </step>
+ <step>
+ <para>Removes the user from the system's local password
+ file.</para>
+ </step>
+ <step>
+ <para>Removes the user's home directory (if it is owned by
+ the user).</para>
+ </step>
+ <step>
+ <para>Removes the incoming mail files belonging to the user
+ from <filename>/var/mail</filename>.</para>
+ </step>
+ <step>
+ <para>Removes all files owned by the user from temporary
+ file storage areas such as <filename>/tmp</filename>.</para>
+ </step>
+ <step>
+ <para>Finally, removes the username from all groups to which
+ it belongs in <filename>/etc/group</filename>.
+
+ <note>
+ <para>If a group becomes empty and the group name is the
+ same as the username, the group is removed; this
+ complements the per-user unique groups created by
+ &man.adduser.8;.</para>
+ </note>
+ </para>
+ </step>
+ </procedure>
+
+ <para>&man.rmuser.8; cannot be used to remove
+ superuser accounts, since that is almost always an indication
+ of massive destruction.</para>
+
+ <para>By default, an interactive mode is used, which attempts to
+ make sure you know what you are doing.</para>
+
+ <example>
+ <title><command>rmuser</command> Interactive Account Removal</title>
+
+ <screen>&prompt.root; <userinput>rmuser jru</userinput>
+Matching password entry:
+jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh
+Is this the entry you wish to remove? <userinput>y</userinput>
+Remove user's home directory (/home/jru)? <userinput>y</userinput>
+Updating password file, updating databases, done.
+Updating group file: trusted (removing group jru -- personal group is empty) done.
+Removing user's incoming mail file /var/mail/jru: done.
+Removing files belonging to jru from /tmp: done.
+Removing files belonging to jru from /var/tmp: done.
+Removing files belonging to jru from /var/tmp/vi.recover: done.
+&prompt.root;</screen>
+ </example>
+ </sect2>
+
+ <sect2 id="users-chpass">
+ <title><command>chpass</command></title>
+
+ <indexterm><primary><command>chpass</command></primary></indexterm>
+ <para>&man.chpass.1; changes user database
+ information such as passwords, shells, and personal
+ information.</para>
+
+ <para>Only system administrators, as the superuser, may change
+ other users' information and passwords with
+ &man.chpass.1;.</para>
+
+ <para>When passed no options, aside from an optional username,
+ &man.chpass.1; displays an editor
+ containing user information. When the user exists from the
+ editor, the user database is updated with the new
+ information.</para>
+
+ <note>
+ <para>In &os;&nbsp;5.X, you will be asked for your password
+ after exiting the editor if you are not the superuser.</para>
+ </note>
+
+ <example>
+ <title>Interactive <command>chpass</command> by Superuser</title>
+
+ <screen>#Changing user database information for jru.
+Login: jru
+Password: *
+Uid [#]: 1001
+Gid [# or name]: 1001
+Change [month day year]:
+Expire [month day year]:
+Class:
+Home directory: /home/jru
+Shell: /usr/local/bin/zsh
+Full Name: J. Random User
+Office Location:
+Office Phone:
+Home Phone:
+Other information:</screen>
+ </example>
+
+ <para>The normal user can change only a small subset of this
+ information, and only for themselves.</para>
+
+ <example>
+ <title>Interactive <command>chpass</command> by Normal User</title>
+
+ <screen>#Changing user database information for jru.
+Shell: /usr/local/bin/zsh
+Full Name: J. Random User
+Office Location:
+Office Phone:
+Home Phone:
+Other information:</screen>
+ </example>
+
+ <note>
+ <para>&man.chfn.1; and &man.chsh.1; are
+ just links to &man.chpass.1;, as
+ are &man.ypchpass.1;,
+ &man.ypchfn.1;, and
+ &man.ypchsh.1;. NIS support is automatic, so
+ specifying the <literal>yp</literal> before the command is
+ not necessary. If this is confusing to you, do not worry, NIS will
+ be covered in <xref linkend="network-servers">.</para>
+ </note>
+ </sect2>
+ <sect2 id="users-passwd">
+ <title><command>passwd</command></title>
+
+ <indexterm><primary><command>passwd</command></primary></indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>changing password</secondary>
+ </indexterm>
+ <para>&man.passwd.1; is the usual way to
+ change your own password as a user, or another user's password
+ as the superuser.</para>
+
+ <note>
+ <para>To prevent accidental or unauthorized changes, the original
+ password must be entered before a new password can be set.</para>
+ </note>
+
+ <example>
+ <title>Changing Your Password</title>
+
+ <screen>&prompt.user; <userinput>passwd</userinput>
+Changing local password for jru.
+Old password:
+New password:
+Retype new password:
+passwd: updating the database...
+passwd: done</screen>
+ </example>
+
+ <example>
+ <title>Changing Another User's Password as the Superuser</title>
+
+ <screen>&prompt.root; <userinput>passwd jru</userinput>
+Changing local password for jru.
+New password:
+Retype new password:
+passwd: updating the database...
+passwd: done</screen>
+ </example>
+
+ <note>
+ <para>As with &man.chpass.1;,
+ &man.yppasswd.1; is just a link to
+ &man.passwd.1;, so NIS works with either
+ command.</para>
+ </note>
+ </sect2>
+
+
+ <sect2 id="users-pw">
+ <title><command>pw</command></title>
+ <indexterm><primary><command>pw</command></primary></indexterm>
+
+ <para>&man.pw.8; is a command line utility to create, remove,
+ modify, and display users and groups. It functions as a front
+ end to the system user and group files. &man.pw.8;
+ has a very powerful set of command line options that make it
+ suitable for use in shell scripts, but new users may find it
+ more complicated than the other commands presented
+ here.</para>
+ </sect2>
+
+
+ </sect1>
+
+ <sect1 id="users-limiting">
+ <title>Limiting Users</title>
+
+ <indexterm><primary>limiting users</primary></indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>limiting</secondary>
+ </indexterm>
+ <para>If you have users, the ability to limit their system use may
+ have come to mind. FreeBSD provides
+ several ways an administrator can limit the amount of system
+ resources an individual may use. These limits are
+ divided into two sections: disk quotas, and other resource
+ limits.</para>
+
+ <indexterm><primary>quotas</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>quotas</secondary>
+ </indexterm>
+ <indexterm><primary>disk quotas</primary></indexterm>
+ <para>Disk quotas limit disk usage to users, and
+ they
+ provide a way to quickly check that usage without
+ calculating it every time. Quotas are discussed in <xref
+ linkend="quotas">.</para>
+
+ <para>The other resource limits include ways to limit the amount of
+ CPU, memory, and other resources a user may consume. These are
+ defined using login classes and are discussed here.</para>
+
+ <indexterm>
+ <primary><filename>/etc/login.conf</filename></primary>
+ </indexterm>
+ <para>Login classes are defined in
+ <filename>/etc/login.conf</filename>. The precise semantics are
+ beyond the scope of this section, but are described in detail in the
+ &man.login.conf.5; manual page. It is sufficient to say that each
+ user is assigned to a login class (<literal>default</literal> by
+ default), and that each login class has a set of login capabilities
+ associated with it. A login capability is a
+ <literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>
+ pair, where <replaceable>name</replaceable> is a well-known
+ identifier and <replaceable>value</replaceable> is an arbitrary
+ string processed accordingly depending on the name. Setting up login
+ classes and capabilities is rather straight-forward and is also
+ described in &man.login.conf.5;.</para>
+
+ <note>
+ <para>The system does not read the configuration in
+ <filename>/etc/login.conf</filename> directly, but reads the database
+ file <filename>/etc/login.conf.db</filename>.
+ To generate <filename>/etc/login.conf.db</filename> from
+ <filename>/etc/login.conf</filename>, execute the following
+ command:</para>
+
+ <screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
+ </note>
+
+ <para>Resource limits are different from plain vanilla login
+ capabilities in two ways. First, for every limit, there is a soft
+ (current) and hard limit. A soft limit may be adjusted by the user
+ or application, but may be no higher than the hard limit. The latter
+ may be lowered by the user, but never raised. Second, most resource
+ limits apply per process to a specific user, not the user as a whole.
+ Note, however, that these differences are mandated by the specific
+ handling of the limits, not by the implementation of the login
+ capability framework (i.e., they are not <emphasis>really</emphasis>
+ a special case of login capabilities).</para>
+
+ <para>And so, without further ado, below are the most commonly used
+ resource limits (the rest, along with all the other login
+ capabilities, may be found in &man.login.conf.5;).</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>coredumpsize</literal></term>
+
+ <listitem>
+ <indexterm><primary>coredumpsize</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>coredumpsize</secondary>
+ </indexterm>
+ <para>The limit on the size of a core file generated by a program
+ is, for obvious reasons, subordinate to other limits on disk
+ usage (e.g., <literal>filesize</literal>, or disk quotas).
+ Nevertheless, it is often used as a less-severe method of
+ controlling disk space consumption: since users do not generate
+ core files themselves, and often do not delete them, setting this
+ may save them from running out of disk space should a large
+ program (e.g., <application>emacs</application>) crash.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>cputime</literal></term>
+
+ <listitem>
+ <indexterm><primary>cputime</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>cputime</secondary>
+ </indexterm>
+ <para>This is the maximum amount of CPU time a user's process may
+ consume. Offending processes will be killed by the kernel.
+
+ <note>
+ <para>This is a limit on CPU <emphasis>time</emphasis>
+ consumed, not percentage of the CPU as displayed in some
+ fields by &man.top.1; and &man.ps.1;. A limit on the
+ latter is, at the time of this writing, not possible, and
+ would be rather useless: a compiler&mdash;probably a
+ legitimate task&mdash;can easily use almost 100% of a CPU
+ for some time.</para>
+ </note>
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>filesize</literal></term>
+
+ <listitem>
+ <indexterm><primary>filesize</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>filesize</secondary>
+ </indexterm>
+ <para>This is the maximum size of a file the user may possess.
+ Unlike <link linkend="quotas">disk quotas</link>, this limit is
+ enforced on individual files, not the set of all files a user
+ owns.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>maxproc</literal></term>
+
+ <listitem>
+ <indexterm><primary>maxproc</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>maxproc</secondary>
+ </indexterm>
+ <para>This is the maximum number of processes a user may be
+ running. This includes foreground and background processes
+ alike. For obvious reasons, this may not be larger than the
+ system limit specified by the <varname>kern.maxproc</varname>
+ &man.sysctl.8;. Also note that setting this
+ too small may hinder a
+ user's productivity: it is often useful to be logged in
+ multiple times or execute pipelines. Some tasks, such as
+ compiling a large program, also spawn multiple processes (e.g.,
+ &man.make.1;, &man.cc.1;, and other intermediate
+ preprocessors).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>memorylocked</literal></term>
+
+ <listitem>
+ <indexterm><primary>memorylocked</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>memorylocked</secondary>
+ </indexterm>
+ <para>This is the maximum amount a memory a process may have
+ requested to be locked into main memory (e.g., see
+ &man.mlock.2;). Some system-critical programs, such as
+ &man.amd.8;, lock into main memory such that in the event
+ of being swapped out, they do not contribute to
+ a system's trashing in time of trouble.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>memoryuse</literal></term>
+
+ <listitem>
+ <indexterm><primary>memoryuse</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>memoryuse</secondary>
+ </indexterm>
+ <para>This is the maximum amount of memory a process may consume
+ at any given time. It includes both core memory and swap
+ usage. This is not a catch-all limit for restricting memory
+ consumption, but it is a good start.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>openfiles</literal></term>
+
+ <listitem>
+ <indexterm><primary>openfiles</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>openfiles</secondary>
+ </indexterm>
+ <para>This is the maximum amount of files a process may have
+ open. In FreeBSD, files are also used to represent sockets and
+ IPC channels; thus, be careful not to set this too low. The
+ system-wide limit for this is defined by the
+ <varname>kern.maxfiles</varname> &man.sysctl.8;.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>sbsize</literal></term>
+
+ <listitem>
+ <indexterm><primary>sbsize</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>sbsize</secondary>
+ </indexterm>
+ <para>This is the limit on the amount of network memory, and thus
+ mbufs, a user may consume. This originated as a response to an
+ old DoS attack by creating a lot of sockets, but can be
+ generally used to limit network communications.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>stacksize</literal></term>
+
+ <listitem>
+ <indexterm><primary>stacksize</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>stacksize</secondary>
+ </indexterm>
+ <para>This is the maximum size a process' stack may grow to.
+ This alone is not sufficient to limit the amount of memory a
+ program may use; consequently, it should be used in conjunction
+ with other limits.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>There are a few other things to remember when setting resource
+ limits. Following are some general tips, suggestions, and
+ miscellaneous comments.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Processes started at system startup by
+ <filename>/etc/rc</filename> are assigned to the
+ <literal>daemon</literal> login class.</para>
+ </listitem>
+
+ <listitem>
+ <para>Although the <filename>/etc/login.conf</filename> that comes
+ with the system is a good source of reasonable values for most
+ limits, only you, the administrator, can know what is appropriate
+ for your system. Setting a limit too high may open your system
+ up to abuse, while setting it too low may put a strain on
+ productivity.</para>
+ </listitem>
+
+ <listitem>
+ <para>Users of the X Window System (X11) should probably be granted
+ more resources than other users. X11 by itself takes a lot of
+ resources, but it also encourages users to run more programs
+ simultaneously.</para>
+ </listitem>
+
+ <listitem>
+ <para>Remember that many limits apply to individual processes, not
+ the user as a whole. For example, setting
+ <varname>openfiles</varname> to 50 means
+ that each process the user runs may open up to 50 files. Thus,
+ the gross amount of files a user may open is the value of
+ <literal>openfiles</literal> multiplied by the value of
+ <literal>maxproc</literal>. This also applies to memory
+ consumption.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>For further information on resource limits and login classes and
+ capabilities in general, please consult the relevant manual pages:
+ &man.cap.mkdb.1;, &man.getrlimit.2;, &man.login.conf.5;.</para>
+ </sect1>
+
+ <sect1 id="users-groups">
+ <title>Groups</title>
+
+ <indexterm><primary>groups</primary></indexterm>
+ <indexterm>
+ <primary><filename>/etc/groups</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>groups</secondary>
+ </indexterm>
+ <para>A group is simply a list of users. Groups are identified by
+ their group name and GID (Group ID). In FreeBSD (and most other &unix; like
+ systems), the two factors the kernel uses to decide whether a process
+ is allowed to do something is its user ID and list of groups it
+ belongs to. Unlike a user ID, a process has a list of groups
+ associated with it. You may hear some things refer to the <quote>group ID</quote>
+ of a user or process; most of the time, this just means the first
+ group in the list.</para>
+
+ <para>The group name to group ID map is in
+ <filename>/etc/group</filename>. This is a plain text file with four
+ colon-delimited fields. The first field is the group name, the
+ second is the encrypted password, the third the group ID, and the
+ fourth the comma-delimited list of members. It can safely be edited
+ by hand (assuming, of course, that you do not make any syntax
+ errors!). For a more complete description of the syntax, see the
+ &man.group.5; manual page.</para>
+
+ <para>If you do not want to edit <filename>/etc/group</filename>
+ manually, you can use the &man.pw.8; command to add and edit groups.
+ For example, to add a group called <groupname>teamtwo</groupname> and
+ then confirm that it exists you can use:</para>
+
+ <example>
+ <title>Adding a Group Using &man.pw.8;</title>
+
+ <screen>&prompt.root; <userinput>pw groupadd teamtwo</userinput>
+&prompt.root; <userinput>pw groupshow teamtwo</userinput>
+teamtwo:*:1100:</screen>
+ </example>
+
+ <para>The number <literal>1100</literal> above is the group ID of the
+ group <groupname>teamtwo</groupname>. Right now,
+ <groupname>teamtwo</groupname> has no members, and is thus rather
+ useless. Let's change that by inviting <username>jru</username> to
+ the <groupname>teamtwo</groupname> group.</para>
+
+ <example>
+ <title>Adding Somebody to a Group Using &man.pw.8;</title>
+
+ <screen>&prompt.root; <userinput>pw groupmod teamtwo -M jru</userinput>
+&prompt.root; <userinput>pw groupshow teamtwo</userinput>
+teamtwo:*:1100:jru</screen>
+ </example>
+
+ <para>The argument to the <option>-M</option> option is a
+ comma-delimited list of users who are members of the group. From the
+ preceding sections, we know that the password file also contains a
+ group for each user. The latter (the user) is automatically added to
+ the group list by the system; the user will not show up as a member
+ when using the <option>groupshow</option> command to &man.pw.8;,
+ but will show up when the information is queried via &man.id.1; or
+ similar tool. In other words, &man.pw.8; only manipulates the
+ <filename>/etc/group</filename> file; it will never attempt to read
+ additionally data from <filename>/etc/passwd</filename>.</para>
+
+ <example>
+ <title>Using &man.id.1; to Determine Group Membership</title>
+
+ <screen>&prompt.user; <userinput>id jru</userinput>
+uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)</screen>
+ </example>
+
+ <para>As you can see, <username>jru</username> is a member of the
+ groups <groupname>jru</groupname> and
+ <groupname>teamtwo</groupname>.</para>
+
+ <para>For more information about &man.pw.8;, see its manual page, and
+ for more information on the format of
+ <filename>/etc/group</filename>, consult the &man.group.5; manual
+ page.</para>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/vinum/Makefile b/zh_TW.Big5/books/handbook/vinum/Makefile
new file mode 100644
index 0000000000..eca585a9aa
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/vinum/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= vinum/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/vinum/chapter.sgml b/zh_TW.Big5/books/handbook/vinum/chapter.sgml
new file mode 100644
index 0000000000..728160fb7f
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/vinum/chapter.sgml
@@ -0,0 +1,1475 @@
+<!--
+ The Vinum Volume Manager
+ By Greg Lehey (grog at lemis dot com)
+
+ Added to the Handbook by Hiten Pandya <hmp@FreeBSD.org>
+ and Tom Rhodes <trhodes@FreeBSD.org>
+
+ For the FreeBSD Documentation Project
+ $FreeBSD$
+-->
+
+<chapter id="vinum-vinum">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Greg</firstname>
+ <surname>Lehey</surname>
+ <contrib>Originally written by </contrib>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>The Vinum Volume Manager</title>
+
+ <sect1 id="vinum-synopsis">
+ <title>Synopsis</title>
+
+
+<para>No matter what disks you have, there are always potential problems:</para>
+ <itemizedlist>
+ <listitem>
+ <para>They can be too small.</para>
+ </listitem>
+
+ <listitem>
+ <para>They can be too slow.</para>
+ </listitem>
+
+ <listitem>
+ <para>They can be too unreliable.</para>
+ </listitem>
+ </itemizedlist>
+
+<para>One way some users safeguard themselves against such issues is
+through the use of multiple, and sometimes redundant, disks.</para>
+
+<para>In addition to supporting various cards and controllers for hardware
+RAID systems, the base FreeBSD system includes the Vinum Volume Manager,
+a block device driver that implements virtual disk drives.</para>
+
+<para>Vinum provides more flexibility, performance, and reliability than
+traditional disk storage, and implements RAID-0, RAID-1, and RAID-5
+models both individually and in combination.</para>
+
+<para>This chapter provides an overview of potential problems with traditional
+disk storage, and an introduction to the Vinum Volume Manager.</para>
+
+ </sect1>
+
+ <sect1 id="vinum-intro">
+ <title>Disks Are Too Small</title>
+
+ <indexterm><primary>Vinum</primary></indexterm>
+ <indexterm><primary>RAID</primary>
+ <secondary>software</secondary></indexterm>
+
+ <para><emphasis>Vinum</emphasis> is a so-called <emphasis>Volume
+ Manager</emphasis>, a virtual disk driver that addresses these
+ three problems. Let us look at them in more detail. Various
+ solutions to these problems have been proposed and
+ implemented:</para>
+
+
+ <para>Disks are getting bigger, but so are data storage
+ requirements. Often you will find you want a file system that
+ is bigger than the disks you have available. Admittedly, this
+ problem is not as acute as it was ten years ago, but it still
+ exists. Some systems have solved this by creating an abstract
+ device which stores its data on a number of disks.</para>
+ </sect1>
+
+ <sect1 id="vinum-access-bottlenecks">
+ <title>Access Bottlenecks</title>
+
+ <para>Modern systems frequently need to access data in a highly
+ concurrent manner. For example, large FTP or HTTP servers can
+ maintain thousands of concurrent sessions and have multiple
+ 100&nbsp;Mbit/s connections to the outside world, well beyond
+ the sustained transfer rate of most disks.</para>
+
+ <para>Current disk drives can transfer data sequentially at up to
+ 70&nbsp;MB/s, but this value is of little importance in an
+ environment where many independent processes access a drive,
+ where they may achieve only a fraction of these values. In such
+ cases it is more interesting to view the problem from the
+ viewpoint of the disk subsystem: the important parameter is the
+ load that a transfer places on the subsystem, in other words the
+ time for which a transfer occupies the drives involved in the
+ transfer.</para>
+
+ <para>In any disk transfer, the drive must first position the
+ heads, wait for the first sector to pass under the read head,
+ and then perform the transfer. These actions can be considered
+ to be atomic: it does not make any sense to interrupt
+ them.</para>
+
+ <para><anchor id="vinum-latency"> Consider a typical transfer of
+ about 10&nbsp;kB: the current generation of high-performance
+ disks can position the heads in an average of 3.5&nbsp;ms. The
+ fastest drives spin at 15,000&nbsp;rpm, so the average
+ rotational latency (half a revolution) is 2&nbsp;ms. At
+ 70&nbsp;MB/s, the transfer itself takes about 150&nbsp;&mu;s,
+ almost nothing compared to the positioning time. In such a
+ case, the effective transfer rate drops to a little over
+ 1&nbsp;MB/s and is clearly highly dependent on the transfer
+ size.</para>
+
+ <para>The traditional and obvious solution to this bottleneck is
+ <quote>more spindles</quote>: rather than using one large disk,
+ it uses several smaller disks with the same aggregate storage
+ space. Each disk is capable of positioning and transferring
+ independently, so the effective throughput increases by a factor
+ close to the number of disks used.
+ </para>
+
+ <para>The exact throughput improvement is, of course, smaller than
+ the number of disks involved: although each drive is capable of
+ transferring in parallel, there is no way to ensure that the
+ requests are evenly distributed across the drives. Inevitably
+ the load on one drive will be higher than on another.</para>
+
+ <indexterm>
+ <primary>disk concatenation</primary>
+ </indexterm>
+ <indexterm>
+ <primary>Vinum</primary>
+ <secondary>concatenation</secondary>
+ </indexterm>
+
+ <para>The evenness of the load on the disks is strongly dependent
+ on the way the data is shared across the drives. In the
+ following discussion, it is convenient to think of the disk
+ storage as a large number of data sectors which are addressable
+ by number, rather like the pages in a book. The most obvious
+ method is to divide the virtual disk into groups of consecutive
+ sectors the size of the individual physical disks and store them
+ in this manner, rather like taking a large book and tearing it
+ into smaller sections. This method is called
+ <emphasis>concatenation</emphasis> and has the advantage that
+ the disks are not required to have any specific size
+ relationships. It works well when the access to the virtual
+ disk is spread evenly about its address space. When access is
+ concentrated on a smaller area, the improvement is less marked.
+ <xref linkend="vinum-concat"> illustrates the sequence in which
+ storage units are allocated in a concatenated
+ organization.</para>
+
+ <para>
+ <figure id="vinum-concat">
+ <title>Concatenated Organization</title>
+ <graphic fileref="vinum/vinum-concat">
+ </figure>
+ </para>
+
+ <indexterm>
+ <primary>disk striping</primary>
+ </indexterm>
+ <indexterm>
+ <primary>Vinum</primary>
+ <secondary>striping</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>RAID</primary>
+ </indexterm>
+
+ <para>An alternative mapping is to divide the address space into
+ smaller, equal-sized components and store them sequentially on
+ different devices. For example, the first 256 sectors may be
+ stored on the first disk, the next 256 sectors on the next disk
+ and so on. After filling the last disk, the process repeats
+ until the disks are full. This mapping is called
+ <emphasis>striping</emphasis> or <acronym>RAID-0</acronym>
+
+ <footnote>
+ <para><acronym>RAID</acronym> stands for <emphasis>Redundant
+ Array of Inexpensive Disks</emphasis> and offers various forms
+ of fault tolerance, though the latter term is somewhat
+ misleading: it provides no redundancy.</para> </footnote>.
+
+ Striping requires somewhat more effort to locate the data, and it
+ can cause additional I/O load where a transfer is spread over
+ multiple disks, but it can also provide a more constant load
+ across the disks. <xref linkend="vinum-striped"> illustrates the
+ sequence in which storage units are allocated in a striped
+ organization.</para>
+
+ <para>
+ <figure id="vinum-striped">
+ <title>Striped Organization</title>
+ <graphic fileref="vinum/vinum-striped">
+ </figure>
+ </para>
+ </sect1>
+
+ <sect1 id="vinum-data-integrity">
+ <title>Data Integrity</title>
+
+ <para>The final problem with current disks is that they are
+ unreliable. Although disk drive reliability has increased
+ tremendously over the last few years, they are still the most
+ likely core component of a server to fail. When they do, the
+ results can be catastrophic: replacing a failed disk drive and
+ restoring data to it can take days.</para>
+
+ <indexterm>
+ <primary>disk mirroring</primary>
+ </indexterm>
+ <indexterm>
+ <primary>Vinum</primary>
+ <secondary>mirroring</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>RAID-1</primary>
+ </indexterm>
+
+ <para>The traditional way to approach this problem has been
+ <emphasis>mirroring</emphasis>, keeping two copies of the data
+ on different physical hardware. Since the advent of the
+ <acronym>RAID</acronym> levels, this technique has also been
+ called <acronym>RAID level 1</acronym> or
+ <acronym>RAID-1</acronym>. Any write to the volume writes to
+ both locations; a read can be satisfied from either, so if one
+ drive fails, the data is still available on the other
+ drive.</para>
+
+ <para>Mirroring has two problems:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The price. It requires twice as much disk storage as
+ a non-redundant solution.</para>
+ </listitem>
+
+ <listitem>
+ <para>The performance impact. Writes must be performed to
+ both drives, so they take up twice the bandwidth of a
+ non-mirrored volume. Reads do not suffer from a
+ performance penalty: it even looks as if they are
+ faster.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><indexterm><primary>RAID-5</primary></indexterm>An
+ alternative solution is <emphasis>parity</emphasis>,
+ implemented in the <acronym>RAID</acronym> levels 2, 3, 4 and
+ 5. Of these, <acronym>RAID-5</acronym> is the most
+ interesting. As implemented in Vinum, it is a variant on a
+ striped organization which dedicates one block of each stripe
+ to parity of the other blocks. As implemented by Vinum, a
+ <acronym>RAID-5</acronym> plex is similar to a striped plex,
+ except that it implements <acronym>RAID-5</acronym> by
+ including a parity block in each stripe. As required by
+ <acronym>RAID-5</acronym>, the location of this parity block
+ changes from one stripe to the next. The numbers in the data
+ blocks indicate the relative block numbers.</para>
+
+ <para>
+ <figure id="vinum-raid5-org">
+ <title>RAID-5 Organization</title>
+ <graphic fileref="vinum/vinum-raid5-org">
+ </figure>
+ </para>
+
+ <para>Compared to mirroring, <acronym>RAID-5</acronym> has the
+ advantage of requiring significantly less storage space. Read
+ access is similar to that of striped organizations, but write
+ access is significantly slower, approximately 25% of the read
+ performance. If one drive fails, the array can continue to
+ operate in degraded mode: a read from one of the remaining
+ accessible drives continues normally, but a read from the
+ failed drive is recalculated from the corresponding block from
+ all the remaining drives.
+ </para>
+ </sect1>
+
+ <sect1 id="vinum-objects">
+ <title>Vinum Objects</title>
+ <para>In order to address these problems, Vinum implements a four-level
+ hierarchy of objects:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The most visible object is the virtual disk, called a
+ <emphasis>volume</emphasis>. Volumes have essentially the same
+ properties as a &unix; disk drive, though there are some minor
+ differences. They have no size limitations.</para>
+ </listitem>
+
+ <listitem>
+ <para>Volumes are composed of <emphasis>plexes</emphasis>,
+ each of which represent the total address space of a
+ volume. This level in the hierarchy thus provides
+ redundancy. Think of plexes as individual disks in a
+ mirrored array, each containing the same data.</para>
+ </listitem>
+
+ <listitem>
+ <para>Since Vinum exists within the &unix; disk storage
+ framework, it would be possible to use &unix;
+ partitions as the building block for multi-disk plexes,
+ but in fact this turns out to be too inflexible:
+ &unix; disks can have only a limited number of
+ partitions. Instead, Vinum subdivides a single
+ &unix; partition (the <emphasis>drive</emphasis>)
+ into contiguous areas called
+ <emphasis>subdisks</emphasis>, which it uses as building
+ blocks for plexes.</para>
+ </listitem>
+
+ <listitem>
+ <para>Subdisks reside on Vinum <emphasis>drives</emphasis>,
+ currently &unix; partitions. Vinum drives can
+ contain any number of subdisks. With the exception of a
+ small area at the beginning of the drive, which is used
+ for storing configuration and state information, the
+ entire drive is available for data storage.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following sections describe the way these objects provide the
+ functionality required of Vinum.</para>
+
+ <sect2>
+ <title>Volume Size Considerations</title>
+
+ <para>Plexes can include multiple subdisks spread over all
+ drives in the Vinum configuration. As a result, the size of
+ an individual drive does not limit the size of a plex, and
+ thus of a volume.</para>
+ </sect2>
+
+ <sect2>
+ <title>Redundant Data Storage</title>
+ <para>Vinum implements mirroring by attaching multiple plexes to
+ a volume. Each plex is a representation of the data in a
+ volume. A volume may contain between one and eight
+ plexes.</para>
+
+ <para>Although a plex represents the complete data of a volume,
+ it is possible for parts of the representation to be
+ physically missing, either by design (by not defining a
+ subdisk for parts of the plex) or by accident (as a result of
+ the failure of a drive). As long as at least one plex can
+ provide the data for the complete address range of the volume,
+ the volume is fully functional.</para>
+ </sect2>
+
+ <sect2>
+ <title>Performance Issues</title>
+
+ <para>Vinum implements both concatenation and striping at the
+ plex level:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>A <emphasis>concatenated plex</emphasis> uses the
+ address space of each subdisk in turn.</para>
+ </listitem>
+
+ <listitem>
+ <para>A <emphasis>striped plex</emphasis> stripes the data
+ across each subdisk. The subdisks must all have the same
+ size, and there must be at least two subdisks in order to
+ distinguish it from a concatenated plex.</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Which Plex Organization?</title>
+ <para>The version of Vinum supplied with FreeBSD &rel.current; implements
+ two kinds of plex:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Concatenated plexes are the most flexible: they can
+ contain any number of subdisks, and the subdisks may be of
+ different length. The plex may be extended by adding
+ additional subdisks. They require less
+ <acronym>CPU</acronym> time than striped plexes, though
+ the difference in <acronym>CPU</acronym> overhead is not
+ measurable. On the other hand, they are most susceptible
+ to hot spots, where one disk is very active and others are
+ idle.</para>
+ </listitem>
+
+ <listitem>
+ <para>The greatest advantage of striped
+ (<acronym>RAID-0</acronym>) plexes is that they reduce hot
+ spots: by choosing an optimum sized stripe (about
+ 256&nbsp;kB), you can even out the load on the component
+ drives. The disadvantages of this approach are
+ (fractionally) more complex code and restrictions on
+ subdisks: they must be all the same size, and extending a
+ plex by adding new subdisks is so complicated that Vinum
+ currently does not implement it. Vinum imposes an
+ additional, trivial restriction: a striped plex must have
+ at least two subdisks, since otherwise it is
+ indistinguishable from a concatenated plex.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><xref linkend="vinum-comparison"> summarizes the advantages
+ and disadvantages of each plex organization.</para>
+
+ <table id="vinum-comparison" frame="none">
+ <title>Vinum Plex Organizations</title>
+ <tgroup cols="5">
+ <thead>
+ <row>
+ <entry>Plex type</entry>
+ <entry>Minimum subdisks</entry>
+ <entry>Can add subdisks</entry>
+ <entry>Must be equal size</entry>
+ <entry>Application</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>concatenated</entry>
+ <entry>1</entry>
+ <entry>yes</entry>
+ <entry>no</entry>
+ <entry>Large data storage with maximum placement flexibility
+ and moderate performance</entry>
+ </row>
+
+ <row>
+ <entry>striped</entry>
+ <entry>2</entry>
+ <entry>no</entry>
+ <entry>yes</entry>
+ <entry>High performance in combination with highly concurrent
+ access</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect2>
+ </sect1>
+
+ <sect1 id="vinum-examples">
+ <title>Some Examples</title>
+
+ <para>Vinum maintains a <emphasis>configuration
+ database</emphasis> which describes the objects known to an
+ individual system. Initially, the user creates the
+ configuration database from one or more configuration files with
+ the aid of the &man.vinum.8; utility program. Vinum stores a
+ copy of its configuration database on each disk slice (which
+ Vinum calls a <emphasis>device</emphasis>) under its control.
+ This database is updated on each state change, so that a restart
+ accurately restores the state of each Vinum object.</para>
+
+ <sect2>
+ <title>The Configuration File</title>
+ <para>The configuration file describes individual Vinum objects. The
+ definition of a simple volume might be:</para>
+
+ <programlisting>
+ drive a device /dev/da3h
+ volume myvol
+ plex org concat
+ sd length 512m drive a</programlisting>
+
+ <para>This file describes four Vinum objects:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <emphasis>drive</emphasis> line describes a disk
+ partition (<emphasis>drive</emphasis>) and its location
+ relative to the underlying hardware. It is given the
+ symbolic name <emphasis>a</emphasis>. This separation of
+ the symbolic names from the device names allows disks to
+ be moved from one location to another without
+ confusion.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <emphasis>volume</emphasis> line describes a volume.
+ The only required attribute is the name, in this case
+ <emphasis>myvol</emphasis>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <emphasis>plex</emphasis> line defines a plex.
+ The only required parameter is the organization, in this
+ case <emphasis>concat</emphasis>. No name is necessary:
+ the system automatically generates a name from the volume
+ name by adding the suffix
+ <emphasis>.p</emphasis><emphasis>x</emphasis>, where
+ <emphasis>x</emphasis> is the number of the plex in the
+ volume. Thus this plex will be called
+ <emphasis>myvol.p0</emphasis>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <emphasis>sd</emphasis> line describes a subdisk.
+ The minimum specifications are the name of a drive on
+ which to store it, and the length of the subdisk. As with
+ plexes, no name is necessary: the system automatically
+ assigns names derived from the plex name by adding the
+ suffix <emphasis>.s</emphasis><emphasis>x</emphasis>,
+ where <emphasis>x</emphasis> is the number of the subdisk
+ in the plex. Thus Vinum gives this subdisk the name
+ <emphasis>myvol.p0.s0</emphasis>.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>After processing this file, &man.vinum.8; produces the following
+ output:</para>
+
+ <programlisting width="97">
+ &prompt.root; vinum -&gt; <userinput>create config1</userinput>
+ Configuration summary
+ Drives: 1 (4 configured)
+ Volumes: 1 (4 configured)
+ Plexes: 1 (8 configured)
+ Subdisks: 1 (16 configured)
+
+ D a State: up Device /dev/da3h Avail: 2061/2573 MB (80%)
+
+ V myvol State: up Plexes: 1 Size: 512 MB
+
+ P myvol.p0 C State: up Subdisks: 1 Size: 512 MB
+
+ S myvol.p0.s0 State: up PO: 0 B Size: 512 MB</programlisting>
+
+ <para>This output shows the brief listing format of &man.vinum.8;. It
+ is represented graphically in <xref linkend="vinum-simple-vol">.</para>
+
+ <para>
+ <figure id="vinum-simple-vol">
+ <title>A Simple Vinum Volume</title>
+ <graphic fileref="vinum/vinum-simple-vol">
+ </figure>
+ </para>
+
+ <para>This figure, and the ones which follow, represent a
+ volume, which contains the plexes, which in turn contain the
+ subdisks. In this trivial example, the volume contains one
+ plex, and the plex contains one subdisk.</para>
+
+ <para>This particular volume has no specific advantage over a
+ conventional disk partition. It contains a single plex, so it
+ is not redundant. The plex contains a single subdisk, so
+ there is no difference in storage allocation from a
+ conventional disk partition. The following sections
+ illustrate various more interesting configuration
+ methods.</para>
+ </sect2>
+
+ <sect2>
+ <title>Increased Resilience: Mirroring</title>
+
+ <para>The resilience of a volume can be increased by mirroring.
+ When laying out a mirrored volume, it is important to ensure
+ that the subdisks of each plex are on different drives, so
+ that a drive failure will not take down both plexes. The
+ following configuration mirrors a volume:</para>
+
+ <programlisting>
+ drive b device /dev/da4h
+ volume mirror
+ plex org concat
+ sd length 512m drive a
+ plex org concat
+ sd length 512m drive b</programlisting>
+
+ <para>In this example, it was not necessary to specify a
+ definition of drive <emphasis>a</emphasis> again, since Vinum
+ keeps track of all objects in its configuration database.
+ After processing this definition, the configuration looks
+ like:</para>
+
+
+ <programlisting width="97">
+ Drives: 2 (4 configured)
+ Volumes: 2 (4 configured)
+ Plexes: 3 (8 configured)
+ Subdisks: 3 (16 configured)
+
+ D a State: up Device /dev/da3h Avail: 1549/2573 MB (60%)
+ D b State: up Device /dev/da4h Avail: 2061/2573 MB (80%)
+
+ V myvol State: up Plexes: 1 Size: 512 MB
+ V mirror State: up Plexes: 2 Size: 512 MB
+
+ P myvol.p0 C State: up Subdisks: 1 Size: 512 MB
+ P mirror.p0 C State: up Subdisks: 1 Size: 512 MB
+ P mirror.p1 C State: initializing Subdisks: 1 Size: 512 MB
+
+ S myvol.p0.s0 State: up PO: 0 B Size: 512 MB
+ S mirror.p0.s0 State: up PO: 0 B Size: 512 MB
+ S mirror.p1.s0 State: empty PO: 0 B Size: 512 MB</programlisting>
+
+ <para><xref linkend="vinum-mirrored-vol"> shows the structure
+ graphically.</para>
+
+ <para>
+ <figure id="vinum-mirrored-vol">
+ <title>A Mirrored Vinum Volume</title>
+ <graphic fileref="vinum/vinum-mirrored-vol">
+ </figure>
+ </para>
+
+ <para>In this example, each plex contains the full 512&nbsp;MB
+ of address space. As in the previous example, each plex
+ contains only a single subdisk.</para>
+ </sect2>
+
+ <sect2>
+ <title>Optimizing Performance</title>
+
+ <para>The mirrored volume in the previous example is more
+ resistant to failure than an unmirrored volume, but its
+ performance is less: each write to the volume requires a write
+ to both drives, using up a greater proportion of the total
+ disk bandwidth. Performance considerations demand a different
+ approach: instead of mirroring, the data is striped across as
+ many disk drives as possible. The following configuration
+ shows a volume with a plex striped across four disk
+ drives:</para>
+
+ <programlisting>
+ drive c device /dev/da5h
+ drive d device /dev/da6h
+ volume stripe
+ plex org striped 512k
+ sd length 128m drive a
+ sd length 128m drive b
+ sd length 128m drive c
+ sd length 128m drive d</programlisting>
+
+ <para>As before, it is not necessary to define the drives which are
+ already known to Vinum. After processing this definition, the
+ configuration looks like:</para>
+
+ <programlisting width="92">
+ Drives: 4 (4 configured)
+ Volumes: 3 (4 configured)
+ Plexes: 4 (8 configured)
+ Subdisks: 7 (16 configured)
+
+ D a State: up Device /dev/da3h Avail: 1421/2573 MB (55%)
+ D b State: up Device /dev/da4h Avail: 1933/2573 MB (75%)
+ D c State: up Device /dev/da5h Avail: 2445/2573 MB (95%)
+ D d State: up Device /dev/da6h Avail: 2445/2573 MB (95%)
+
+ V myvol State: up Plexes: 1 Size: 512 MB
+ V mirror State: up Plexes: 2 Size: 512 MB
+ V striped State: up Plexes: 1 Size: 512 MB
+
+ P myvol.p0 C State: up Subdisks: 1 Size: 512 MB
+ P mirror.p0 C State: up Subdisks: 1 Size: 512 MB
+ P mirror.p1 C State: initializing Subdisks: 1 Size: 512 MB
+ P striped.p1 State: up Subdisks: 1 Size: 512 MB
+
+ S myvol.p0.s0 State: up PO: 0 B Size: 512 MB
+ S mirror.p0.s0 State: up PO: 0 B Size: 512 MB
+ S mirror.p1.s0 State: empty PO: 0 B Size: 512 MB
+ S striped.p0.s0 State: up PO: 0 B Size: 128 MB
+ S striped.p0.s1 State: up PO: 512 kB Size: 128 MB
+ S striped.p0.s2 State: up PO: 1024 kB Size: 128 MB
+ S striped.p0.s3 State: up PO: 1536 kB Size: 128 MB</programlisting>
+
+ <para>
+ <figure id="vinum-striped-vol">
+ <title>A Striped Vinum Volume</title>
+ <graphic fileref="vinum/vinum-striped-vol">
+ </figure>
+ </para>
+
+ <para>This volume is represented in
+ <xref linkend="vinum-striped-vol">. The darkness of the stripes
+ indicates the position within the plex address space: the lightest stripes
+ come first, the darkest last.</para>
+ </sect2>
+
+ <sect2>
+ <title>Resilience and Performance</title>
+
+ <para><anchor id="vinum-resilience">With sufficient hardware, it
+ is possible to build volumes which show both increased
+ resilience and increased performance compared to standard
+ &unix; partitions. A typical configuration file might
+ be:</para>
+
+ <programlisting>
+ volume raid10
+ plex org striped 512k
+ sd length 102480k drive a
+ sd length 102480k drive b
+ sd length 102480k drive c
+ sd length 102480k drive d
+ sd length 102480k drive e
+ plex org striped 512k
+ sd length 102480k drive c
+ sd length 102480k drive d
+ sd length 102480k drive e
+ sd length 102480k drive a
+ sd length 102480k drive b</programlisting>
+
+ <para>The subdisks of the second plex are offset by two drives from those
+ of the first plex: this helps ensure that writes do not go to the same
+ subdisks even if a transfer goes over two drives.</para>
+
+ <para><xref linkend="vinum-raid10-vol"> represents the structure
+ of this volume.</para>
+
+ <para>
+ <figure id="vinum-raid10-vol">
+ <title>A Mirrored, Striped Vinum Volume</title>
+ <graphic fileref="vinum/vinum-raid10-vol">
+ </figure>
+ </para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="vinum-object-naming">
+ <title>Object Naming</title>
+
+ <para>As described above, Vinum assigns default names to plexes
+ and subdisks, although they may be overridden. Overriding the
+ default names is not recommended: experience with the VERITAS
+ volume manager, which allows arbitrary naming of objects, has
+ shown that this flexibility does not bring a significant
+ advantage, and it can cause confusion.</para>
+
+ <para>Names may contain any non-blank character, but it is
+ recommended to restrict them to letters, digits and the
+ underscore characters. The names of volumes, plexes and
+ subdisks may be up to 64 characters long, and the names of
+ drives may be up to 32 characters long.</para>
+
+ <para>Vinum objects are assigned device nodes in the hierarchy
+ <filename>/dev/vinum</filename>. The configuration shown above
+ would cause Vinum to create the following device nodes:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The control devices
+ <filename>/dev/vinum/control</filename> and
+ <filename>/dev/vinum/controld</filename>, which are used
+ by &man.vinum.8; and the Vinum daemon respectively.</para>
+ </listitem>
+
+ <listitem>
+ <para>Block and character device entries for each volume.
+ These are the main devices used by Vinum. The block device
+ names are the name of the volume, while the character device
+ names follow the BSD tradition of prepending the letter
+ <emphasis>r</emphasis> to the name. Thus the configuration
+ above would include the block devices
+ <filename>/dev/vinum/myvol</filename>,
+ <filename>/dev/vinum/mirror</filename>,
+ <filename>/dev/vinum/striped</filename>,
+ <filename>/dev/vinum/raid5</filename> and
+ <filename>/dev/vinum/raid10</filename>, and the
+ character devices
+ <filename>/dev/vinum/rmyvol</filename>,
+ <filename>/dev/vinum/rmirror</filename>,
+ <filename>/dev/vinum/rstriped</filename>,
+ <filename>/dev/vinum/rraid5</filename> and
+ <filename>/dev/vinum/rraid10</filename>. There is
+ obviously a problem here: it is possible to have two volumes
+ called <emphasis>r</emphasis> and <emphasis>rr</emphasis>,
+ but there will be a conflict creating the device node
+ <filename>/dev/vinum/rr</filename>: is it a character
+ device for volume <emphasis>r</emphasis> or a block device
+ for volume <emphasis>rr</emphasis>? Currently Vinum does
+ not address this conflict: the first-defined volume will get
+ the name.</para>
+ </listitem>
+
+ <listitem>
+ <para>A directory <filename>/dev/vinum/drive</filename>
+ with entries for each drive. These entries are in fact
+ symbolic links to the corresponding disk nodes.</para>
+ </listitem>
+
+ <listitem>
+ <para>A directory <filename>/dev/vinum/volume</filename> with
+ entries for each volume. It contains subdirectories for
+ each plex, which in turn contain subdirectories for their
+ component subdisks.</para>
+ </listitem>
+
+ <listitem>
+ <para>The directories
+ <filename>/dev/vinum/plex</filename>,
+ <filename>/dev/vinum/sd</filename>, and
+ <filename>/dev/vinum/rsd</filename>, which contain block
+ device nodes for each plex and block and character device
+ nodes respectively for each subdisk.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>For example, consider the following configuration file:</para>
+ <programlisting>
+ drive drive1 device /dev/sd1h
+ drive drive2 device /dev/sd2h
+ drive drive3 device /dev/sd3h
+ drive drive4 device /dev/sd4h
+ volume s64 setupstate
+ plex org striped 64k
+ sd length 100m drive drive1
+ sd length 100m drive drive2
+ sd length 100m drive drive3
+ sd length 100m drive drive4</programlisting>
+
+ <para>After processing this file, &man.vinum.8; creates the following
+ structure in <filename>/dev/vinum</filename>:</para>
+
+ <programlisting>
+ brwx------ 1 root wheel 25, 0x40000001 Apr 13 16:46 Control
+ brwx------ 1 root wheel 25, 0x40000002 Apr 13 16:46 control
+ brwx------ 1 root wheel 25, 0x40000000 Apr 13 16:46 controld
+ drwxr-xr-x 2 root wheel 512 Apr 13 16:46 drive
+ drwxr-xr-x 2 root wheel 512 Apr 13 16:46 plex
+ crwxr-xr-- 1 root wheel 91, 2 Apr 13 16:46 rs64
+ drwxr-xr-x 2 root wheel 512 Apr 13 16:46 rsd
+ drwxr-xr-x 2 root wheel 512 Apr 13 16:46 rvol
+ brwxr-xr-- 1 root wheel 25, 2 Apr 13 16:46 s64
+ drwxr-xr-x 2 root wheel 512 Apr 13 16:46 sd
+ drwxr-xr-x 3 root wheel 512 Apr 13 16:46 vol
+
+ /dev/vinum/drive:
+ total 0
+ lrwxr-xr-x 1 root wheel 9 Apr 13 16:46 drive1 -&gt; /dev/sd1h
+ lrwxr-xr-x 1 root wheel 9 Apr 13 16:46 drive2 -&gt; /dev/sd2h
+ lrwxr-xr-x 1 root wheel 9 Apr 13 16:46 drive3 -&gt; /dev/sd3h
+ lrwxr-xr-x 1 root wheel 9 Apr 13 16:46 drive4 -&gt; /dev/sd4h
+
+ /dev/vinum/plex:
+ total 0
+ brwxr-xr-- 1 root wheel 25, 0x10000002 Apr 13 16:46 s64.p0
+
+ /dev/vinum/rsd:
+ total 0
+ crwxr-xr-- 1 root wheel 91, 0x20000002 Apr 13 16:46 s64.p0.s0
+ crwxr-xr-- 1 root wheel 91, 0x20100002 Apr 13 16:46 s64.p0.s1
+ crwxr-xr-- 1 root wheel 91, 0x20200002 Apr 13 16:46 s64.p0.s2
+ crwxr-xr-- 1 root wheel 91, 0x20300002 Apr 13 16:46 s64.p0.s3
+
+ /dev/vinum/rvol:
+ total 0
+ crwxr-xr-- 1 root wheel 91, 2 Apr 13 16:46 s64
+
+ /dev/vinum/sd:
+ total 0
+ brwxr-xr-- 1 root wheel 25, 0x20000002 Apr 13 16:46 s64.p0.s0
+ brwxr-xr-- 1 root wheel 25, 0x20100002 Apr 13 16:46 s64.p0.s1
+ brwxr-xr-- 1 root wheel 25, 0x20200002 Apr 13 16:46 s64.p0.s2
+ brwxr-xr-- 1 root wheel 25, 0x20300002 Apr 13 16:46 s64.p0.s3
+
+ /dev/vinum/vol:
+ total 1
+ brwxr-xr-- 1 root wheel 25, 2 Apr 13 16:46 s64
+ drwxr-xr-x 3 root wheel 512 Apr 13 16:46 s64.plex
+
+ /dev/vinum/vol/s64.plex:
+ total 1
+ brwxr-xr-- 1 root wheel 25, 0x10000002 Apr 13 16:46 s64.p0
+ drwxr-xr-x 2 root wheel 512 Apr 13 16:46 s64.p0.sd
+
+ /dev/vinum/vol/s64.plex/s64.p0.sd:
+ total 0
+ brwxr-xr-- 1 root wheel 25, 0x20000002 Apr 13 16:46 s64.p0.s0
+ brwxr-xr-- 1 root wheel 25, 0x20100002 Apr 13 16:46 s64.p0.s1
+ brwxr-xr-- 1 root wheel 25, 0x20200002 Apr 13 16:46 s64.p0.s2
+ brwxr-xr-- 1 root wheel 25, 0x20300002 Apr 13 16:46 s64.p0.s3</programlisting>
+
+ <para>Although it is recommended that plexes and subdisks should
+ not be allocated specific names, Vinum drives must be named.
+ This makes it possible to move a drive to a different location
+ and still recognize it automatically. Drive names may be up to
+ 32 characters long.</para>
+
+ <sect2>
+ <title>Creating File Systems</title>
+
+ <para>Volumes appear to the system to be identical to disks,
+ with one exception. Unlike &unix; drives, Vinum does
+ not partition volumes, which thus do not contain a partition
+ table. This has required modification to some disk
+ utilities, notably &man.newfs.8;, which previously tried to
+ interpret the last letter of a Vinum volume name as a
+ partition identifier. For example, a disk drive may have a
+ name like <filename>/dev/ad0a</filename> or
+ <filename>/dev/da2h</filename>. These names represent
+ the first partition (<devicename>a</devicename>) on the
+ first (0) IDE disk (<devicename>ad</devicename>) and the
+ eighth partition (<devicename>h</devicename>) on the third
+ (2) SCSI disk (<devicename>da</devicename>) respectively.
+ By contrast, a Vinum volume might be called
+ <filename>/dev/vinum/concat</filename>, a name which has
+ no relationship with a partition name.</para>
+
+ <para>Normally, &man.newfs.8; interprets the name of the disk and
+ complains if it cannot understand it. For example:</para>
+
+ <screen>&prompt.root; <userinput>newfs /dev/vinum/concat</userinput>
+newfs: /dev/vinum/concat: can't figure out file system partition</screen>
+
+ <note><para>The following is only valid for FreeBSD versions
+ prior to 5.0:</para></note>
+
+ <para>In order to create a file system on this volume, use the
+ <option>-v</option> option to &man.newfs.8;:</para>
+
+ <screen>&prompt.root; <userinput>newfs -v /dev/vinum/concat</userinput></screen>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="vinum-config">
+ <title>Configuring Vinum</title>
+
+ <para>The <filename>GENERIC</filename> kernel does not contain
+ Vinum. It is possible to build a special kernel which includes
+ Vinum, but this is not recommended. The standard way to start
+ Vinum is as a kernel module (<acronym>kld</acronym>). You do
+ not even need to use &man.kldload.8; for Vinum: when you start
+ &man.vinum.8;, it checks whether the module has been loaded, and
+ if it is not, it loads it automatically.</para>
+
+
+ <sect2>
+ <title>Startup</title>
+
+ <para>Vinum stores configuration information on the disk slices
+ in essentially the same form as in the configuration files.
+ When reading from the configuration database, Vinum recognizes
+ a number of keywords which are not allowed in the
+ configuration files. For example, a disk configuration might
+ contain the following text:</para>
+
+ <programlisting width="119">volume myvol state up
+volume bigraid state down
+plex name myvol.p0 state up org concat vol myvol
+plex name myvol.p1 state up org concat vol myvol
+plex name myvol.p2 state init org striped 512b vol myvol
+plex name bigraid.p0 state initializing org raid5 512b vol bigraid
+sd name myvol.p0.s0 drive a plex myvol.p0 state up len 1048576b driveoffset 265b plexoffset 0b
+sd name myvol.p0.s1 drive b plex myvol.p0 state up len 1048576b driveoffset 265b plexoffset 1048576b
+sd name myvol.p1.s0 drive c plex myvol.p1 state up len 1048576b driveoffset 265b plexoffset 0b
+sd name myvol.p1.s1 drive d plex myvol.p1 state up len 1048576b driveoffset 265b plexoffset 1048576b
+sd name myvol.p2.s0 drive a plex myvol.p2 state init len 524288b driveoffset 1048841b plexoffset 0b
+sd name myvol.p2.s1 drive b plex myvol.p2 state init len 524288b driveoffset 1048841b plexoffset 524288b
+sd name myvol.p2.s2 drive c plex myvol.p2 state init len 524288b driveoffset 1048841b plexoffset 1048576b
+sd name myvol.p2.s3 drive d plex myvol.p2 state init len 524288b driveoffset 1048841b plexoffset 1572864b
+sd name bigraid.p0.s0 drive a plex bigraid.p0 state initializing len 4194304b driveoff set 1573129b plexoffset 0b
+sd name bigraid.p0.s1 drive b plex bigraid.p0 state initializing len 4194304b driveoff set 1573129b plexoffset 4194304b
+sd name bigraid.p0.s2 drive c plex bigraid.p0 state initializing len 4194304b driveoff set 1573129b plexoffset 8388608b
+sd name bigraid.p0.s3 drive d plex bigraid.p0 state initializing len 4194304b driveoff set 1573129b plexoffset 12582912b
+sd name bigraid.p0.s4 drive e plex bigraid.p0 state initializing len 4194304b driveoff set 1573129b plexoffset 16777216b</programlisting>
+
+ <para>The obvious differences here are the presence of
+ explicit location information and naming (both of which are
+ also allowed, but discouraged, for use by the user) and the
+ information on the states (which are not available to the
+ user). Vinum does not store information about drives in the
+ configuration information: it finds the drives by scanning
+ the configured disk drives for partitions with a Vinum
+ label. This enables Vinum to identify drives correctly even
+ if they have been assigned different &unix; drive
+ IDs.</para>
+
+ <sect3 id="vinum-rc-startup">
+ <title>Automatic Startup</title>
+
+ <para>In order to start Vinum automatically when you boot the
+ system, ensure that you have the following line in your
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>start_vinum="YES" # set to YES to start vinum</programlisting>
+
+ <para>If you do not have a file
+ <filename>/etc/rc.conf</filename>, create one with this
+ content. This will cause the system to load the Vinum
+ <acronym>kld</acronym> at startup, and to start any objects
+ mentioned in the configuration. This is done before
+ mounting file systems, so it is possible to automatically
+ &man.fsck.8; and mount file systems on Vinum volumes.</para>
+
+ <para>When you start Vinum with the <command>vinum
+ start</command> command, Vinum reads the configuration
+ database from one of the Vinum drives. Under normal
+ circumstances, each drive contains an identical copy of the
+ configuration database, so it does not matter which drive is
+ read. After a crash, however, Vinum must determine which
+ drive was updated most recently and read the configuration
+ from this drive. It then updates the configuration if
+ necessary from progressively older drives.</para>
+
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="vinum-root">
+ <title>Using Vinum for the Root Filesystem</title>
+
+ <para>For a machine that has fully-mirrored filesystems using
+ Vinum, it is desirable to also mirror the root filesystem.
+ Setting up such a configuration is less trivial than mirroring
+ an arbitrary filesystem because:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The root filesystem must be available very early during
+ the boot process, so the Vinum infrastructure must already be
+ available at this time.</para>
+ </listitem>
+ <listitem>
+ <para>The volume containing the root filesystem also contains
+ the system bootstrap and the kernel, which must be read
+ using the host system's native utilities (e. g. the BIOS on
+ PC-class machines) which often cannot be taught about the
+ details of Vinum.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>In the following sections, the term <quote>root
+ volume</quote> is generally used to describe the Vinum volume
+ that contains the root filesystem. It is probably a good idea
+ to use the name <literal>"root"</literal> for this volume, but
+ this is not technically required in any way. All command
+ examples in the following sections assume this name though.</para>
+
+ <sect2>
+ <title>Starting up Vinum Early Enough for the Root
+ Filesystem</title>
+
+ <para>There are several measures to take for this to
+ happen:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Vinum must be available in the kernel at boot-time.
+ Thus, the method to start Vinum automatically described in
+ <xref linkend="vinum-rc-startup"> is not applicable to
+ accomplish this task, and the
+ <literal>start_vinum</literal> parameter must actually
+ <emphasis>not</emphasis> be set when the following setup
+ is being arranged. The first option would be to compile
+ Vinum statically into the kernel, so it is available all
+ the time, but this is usually not desirable. There is
+ another option as well, to have
+ <filename>/boot/loader</filename> (<xref
+ linkend="boot-loader">) load the vinum kernel module
+ early, before starting the kernel. This can be
+ accomplished by putting the line:</para>
+
+ <programlisting>vinum_load="YES"</programlisting>
+
+ <para>into the file
+ <filename>/boot/loader.conf</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Vinum must be initialized early since it needs to
+ supply the volume for the root filesystem. By default,
+ the Vinum kernel part is not looking for drives that might
+ contain Vinum volume information until the administrator
+ (or one of the startup scripts) issues a <command>vinum
+ start</command> command.</para>
+
+ <note><para>The following paragraphs are outlining the steps
+ needed for FreeBSD 5.X and above. The setup required for
+ FreeBSD 4.X differs, and is described below in <xref
+ linkend="vinum-root-4x">.</para></note>
+
+ <para>By placing the line:</para>
+
+ <programlisting>vinum.autostart="YES"</programlisting>
+
+ <para>into <filename>/boot/loader.conf</filename>, Vinum is
+ instructed to automatically scan all drives for Vinum
+ information as part of the kernel startup.</para>
+
+ <para>Note that it is not necessary to instruct the kernel
+ where to look for the root filesystem.
+ <filename>/boot/loader</filename> looks up the name of the
+ root device in <filename>/etc/fstab</filename>, and passes
+ this information on to the kernel. When it comes to mount
+ the root filesystem, the kernel figures out from the
+ device name provided which driver to ask to translate this
+ into the internal device ID (major/minor number).</para>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2>
+ <title>Making a Vinum-based Root Volume Accessible to the
+ Bootstrap</title>
+
+ <para>Since the current FreeBSD bootstrap is only 7.5 KB of
+ code, and already has the burden of reading files (like
+ <filename>/boot/loader</filename>) from the UFS filesystem, it
+ is sheer impossible to also teach it about internal Vinum
+ structures so it could parse the Vinum configuration data, and
+ figure out about the elements of a boot volume itself. Thus,
+ some tricks are necessary to provide the bootstrap code with
+ the illusion of a standard <literal>"a"</literal> partition
+ that contains the root filesystem.</para>
+
+ <para>For this to be possible at all, the following requirements
+ must be met for the root volume:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The root volume must not be striped or RAID-5.</para>
+ </listitem>
+
+ <listitem>
+ <para>The root volume must not contain more than one
+ concatenated subdisk per plex.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Note that it is desirable and possible that there are
+ multiple plexes, each containing one replica of the root
+ filesystem. The bootstrap process will, however, only use one
+ of these replica for finding the bootstrap and all the files,
+ until the kernel will eventually mount the root filesystem
+ itself. Each single subdisk within these plexes will then
+ need its own <literal>"a"</literal> partition illusion, for
+ the respective device to become bootable. It is not strictly
+ needed that each of these faked <literal>"a"</literal>
+ partitions is located at the same offset within its device,
+ compared with other devices containing plexes of the root
+ volume. However, it is probably a good idea to create the
+ Vinum volumes that way so the resulting mirrored devices are
+ symmetric, to avoid confusion.</para>
+
+ <para>In order to set up these <literal>"a"</literal> partitions,
+ for each device containing part of the root volume, the
+ following needs to be done:</para>
+
+ <procedure>
+ <step>
+ <para>The location (offset from the beginning of the device)
+ and size of this device's subdisk that is part of the root
+ volume need to be examined, using the command:</para>
+
+ <screen>&prompt.root; <userinput>vinum l -rv root</userinput></screen>
+
+ <para>Note that Vinum offsets and sizes are measured in
+ bytes. They must be divided by 512 in order to obtain the
+ block numbers that are to be used in the
+ <command>disklabel</command> command.</para>
+ </step>
+
+ <step>
+ <para>Run the command:</para>
+
+ <screen>&prompt.root; <userinput>disklabel -e <replaceable>devname</replaceable></userinput></screen>
+
+ <para>for each device that participates in the root volume.
+ <replaceable>devname</replaceable> must be either the name
+ of the disk (like <devicename>da0</devicename>) for disks
+ without a slice (aka. fdisk) table, or the name of the
+ slice (like <devicename>ad0s1</devicename>).</para>
+
+ <para>If there is already an <literal>"a"</literal>
+ partition on the device (presumably, containing a
+ pre-Vinum root filesystem), it should be renamed to
+ something else, so it remains accessible (just in case),
+ but will no longer be used by default to bootstrap the
+ system. Note that active partitions (like a root
+ filesystem currently mounted) cannot be renamed, so this
+ must be executed either when being booted from a
+ <quote>Fixit</quote> medium, or in a two-step process,
+ where (in a mirrored situation) the disk that has not been
+ currently booted is being manipulated first.</para>
+
+ <para>Then, the offset the Vinum partition on this
+ device (if any) must be added to the offset of the
+ respective root volume subdisk on this device. The
+ resulting value will become the
+ <literal>"offset"</literal> value for the new
+ <literal>"a"</literal> partition. The
+ <literal>"size"</literal> value for this partition can be
+ taken verbatim from the calculation above. The
+ <literal>"fstype"</literal> should be
+ <literal>4.2BSD</literal>. The
+ <literal>"fsize"</literal>, <literal>"bsize"</literal>,
+ and <literal>"cpg"</literal> values should best be chosen
+ to match the actual filesystem, though they are fairly
+ unimportant within this context.</para>
+
+ <para>That way, a new <literal>"a"</literal> partition will
+ be established that overlaps the Vinum partition on this
+ device. Note that the <command>disklabel</command> will
+ only allow for this overlap if the Vinum partition has
+ properly been marked using the <literal>"vinum"</literal>
+ fstype.</para>
+ </step>
+
+ <step>
+ <para>That's all! A faked <literal>"a"</literal> partition
+ does exist now on each device that has one replica of the
+ root volume. It is highly recommendable to verify the
+ result again, using a command like:</para>
+
+ <screen>&prompt.root; <userinput>fsck -n /dev/<replaceable>devname</replaceable>a</userinput></screen>
+ </step>
+ </procedure>
+
+ <para>It should be remembered that all files containing control
+ information must be relative to the root filesystem in the
+ Vinum volume which, when setting up a new Vinum root volume,
+ might not match the root filesystem that is currently active.
+ So in particular, the files <filename>/etc/fstab</filename>
+ and <filename>/boot/loader.conf</filename> need to be taken
+ care of.</para>
+
+ <para>At next reboot, the bootstrap should figure out the
+ appropriate control information from the new Vinum-based root
+ filesystem, and act accordingly. At the end of the kernel
+ initialization process, after all devices have been announced,
+ the prominent notice that shows the success of this setup is a
+ message like:</para>
+
+ <screen>Mounting root from ufs:/dev/vinum/root</screen>
+ </sect2>
+
+ <sect2>
+ <title>Example of a Vinum-based Root Setup</title>
+
+ <para>After the Vinum root volume has been set up, the output of
+ <command>vinum l -rv root</command> could look like:</para>
+
+ <screen>
+...
+Subdisk root.p0.s0:
+ Size: 125829120 bytes (120 MB)
+ State: up
+ Plex root.p0 at offset 0 (0 B)
+ Drive disk0 (/dev/da0h) at offset 135680 (132 kB)
+
+Subdisk root.p1.s0:
+ Size: 125829120 bytes (120 MB)
+ State: up
+ Plex root.p1 at offset 0 (0 B)
+ Drive disk1 (/dev/da1h) at offset 135680 (132 kB)
+ </screen>
+
+ <para>The values to note are <literal>135680</literal> for the
+ offset (relative to partition
+ <filename>/dev/da0h</filename>). This translates to 265
+ 512-byte disk blocks in <command>disklabel</command>'s terms.
+ Likewise, the size of this root volume is 245760 512-byte
+ blocks. <filename>/dev/da1h</filename>, containing the
+ second replica of this root volume, has a symmetric
+ setup.</para>
+
+ <para>The disklabel for these devices might look like:</para>
+
+ <screen>
+...
+8 partitions:
+# size offset fstype [fsize bsize bps/cpg]
+ a: 245760 281 4.2BSD 2048 16384 0 # (Cyl. 0*- 15*)
+ c: 71771688 0 unused 0 0 # (Cyl. 0 - 4467*)
+ h: 71771672 16 vinum # (Cyl. 0*- 4467*)
+ </screen>
+
+ <para>It can be observed that the <literal>"size"</literal>
+ parameter for the faked <literal>"a"</literal> partition
+ matches the value outlined above, while the
+ <literal>"offset"</literal> parameter is the sum of the offset
+ within the Vinum partition <literal>"h"</literal>, and the
+ offset of this partition within the device (or slice). This
+ is a typical setup that is necessary to avoid the problem
+ described in <xref linkend="vinum-root-panic">. It can also
+ be seen that the entire <literal>"a"</literal> partition is
+ completely within the <literal>"h"</literal> partition
+ containing all the Vinum data for this device.</para>
+
+ <para>Note that in the above example, the entire device is
+ dedicated to Vinum, and there is no leftover pre-Vinum root
+ partition, since this has been a newly set-up disk that was
+ only meant to be part of a Vinum configuration, ever.</para>
+ </sect2>
+
+ <sect2>
+ <title>Troubleshooting</title>
+
+ <para>If something goes wrong, a way is needed to recover from
+ the situation. The following list contains few known pitfalls
+ and solutions.</para>
+
+ <sect3>
+ <title>System Bootstrap Loads, but System Does Not Boot</title>
+
+ <para>If for any reason the system does not continue to boot,
+ the bootstrap can be interrupted with by pressing the
+ <keycap>space</keycap> key at the 10-seconds warning. The
+ loader variables (like <literal>vinum.autostart</literal>)
+ can be examined using the <command>show</command>, and
+ manipulated using <command>set</command> or
+ <command>unset</command> commands.</para>
+
+ <para>If the only problem was that the Vinum kernel module was
+ not yet in the list of modules to load automatically, a
+ simple <command>load vinum</command> will help.</para>
+
+ <para>When ready, the boot process can be continued with a
+ <command>boot -as</command>. The options
+ <option>-as</option> will request the kernel to ask for the
+ root filesystem to mount (<option>-a</option>), and make the
+ boot process stop in single-user mode (<option>-s</option>),
+ where the root filesystem is mounted read-only. That way,
+ even if only one plex of a multi-plex volume has been
+ mounted, no data inconsistency between plexes is being
+ risked.</para>
+
+ <para>At the prompt asking for a root filesystem to mount, any
+ device that contains a valid root filesystem can be entered.
+ If <filename>/etc/fstab</filename> had been set up
+ correctly, the default should be something like
+ <literal>ufs:/dev/vinum/root</literal>. A typical alternate
+ choice would be something like
+ <literal>ufs:da0d</literal> which could be a
+ hypothetical partition that contains the pre-Vinum root
+ filesystem. Care should be taken if one of the alias
+ <literal>"a"</literal> partitions are entered here that are
+ actually reference to the subdisks of the Vinum root device,
+ because in a mirrored setup, this would only mount one piece
+ of a mirrored root device. If this filesystem is to be
+ mounted read-write later on, it is necessary to remove the
+ other plex(es) of the Vinum root volume since these plexes
+ would otherwise carry inconsistent data.</para>
+ </sect3>
+
+ <sect3>
+ <title>Only Primary Bootstrap Loads</title>
+
+ <para>If <filename>/boot/loader</filename> fails to load, but
+ the primary bootstrap still loads (visible by a single dash
+ in the left column of the screen right after the boot
+ process starts), an attempt can be made to interrupt the
+ primary bootstrap at this point, using the
+ <keycap>space</keycap> key. This will make the bootstrap
+ stop in stage two, see <xref linkend="boot-boot1">. An
+ attempt can be made here to boot off an alternate partition,
+ like the partition containing the previous root filesystem
+ that has been moved away from <literal>"a"</literal>
+ above.</para>
+ </sect3>
+
+ <sect3 id="vinum-root-panic">
+ <title>Nothing Boots, the Bootstrap
+ Panics</title>
+
+ <para>This situation will happen if the bootstrap had been
+ destroyed by the Vinum installation. Unfortunately, Vinum
+ accidentally currently leaves only 4 KB at the beginning of
+ its partition free before starting to write its Vinum header
+ information. However, the stage one and two bootstraps plus
+ the disklabel embedded between them currently require 8 KB.
+ So if a Vinum partition was started at offset 0 within a
+ slice or disk that was meant to be bootable, the Vinum setup
+ will trash the bootstrap.</para>
+
+ <para>Similarly, if the above situation has been recovered,
+ for example by booting from a <quote>Fixit</quote> medium,
+ and the bootstrap has been re-installed using
+ <command>disklabel -B</command> as described in <xref
+ linkend="boot-boot1">, the bootstrap will trash the Vinum
+ header, and Vinum will no longer find its disk(s). Though
+ no actual Vinum configuration data or data in Vinum volumes
+ will be trashed by this, and it would be possible to recover
+ all the data by entering exact the same Vinum configuration
+ data again, the situation is hard to fix at all. It would
+ be necessary to move the entire Vinum partition by at least
+ 4 KB off, in order to have the Vinum header and the system
+ bootstrap no longer collide.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="vinum-root-4x">
+ <title>Differences for FreeBSD 4.X</title>
+
+ <para>Under FreeBSD 4.X, some internal functions required to
+ make Vinum automatically scan all disks are missing, and the
+ code that figures out the internal ID of the root device is
+ not smart enough to handle a name like
+ <filename>/dev/vinum/root</filename> automatically.
+ Therefore, things are a little different here.</para>
+
+ <para>Vinum must explicitly be told which disks to scan, using a
+ line like the following one in
+ <filename>/boot/loader.conf</filename>:</para>
+
+ <programlisting>vinum.drives="/dev/<replaceable>da0</replaceable> /dev/<replaceable>da1</replaceable>"</programlisting>
+
+ <para>It is important that all drives are mentioned that could
+ possibly contain Vinum data. It does not harm if
+ <emphasis>more</emphasis> drives are listed, nor is it
+ necessary to add each slice and/or partition explicitly, since
+ Vinum will scan all slices and partitions of the named drives
+ for valid Vinum headers.</para>
+
+ <para>Since the routines used to parse the name of the root
+ filesystem, and derive the device ID (major/minor number) are
+ only prepared to handle <quote>classical</quote> device names
+ like <filename>/dev/ad0s1a</filename>, they cannot make
+ any sense out of a root volume name like
+ <filename>/dev/vinum/root</filename>. For that reason,
+ Vinum itself needs to pre-setup the internal kernel parameter
+ that holds the ID of the root device during its own
+ initialization. This is requested by passing the name of the
+ root volume in the loader variable
+ <literal>vinum.root</literal>. The entry in
+ <filename>/boot/loader.conf</filename> to accomplish this
+ looks like:</para>
+
+ <programlisting>vinum.root="root"</programlisting>
+
+ <para>Now, when the kernel initialization tries to find out the
+ root device to mount, it sees whether some kernel module has
+ already pre-initialized the kernel parameter for it. If that
+ is the case, <emphasis>and</emphasis> the device claiming the
+ root device matches the major number of the driver as figured
+ out from the name of the root device string being passed (that
+ is, <literal>"vinum"</literal> in our case), it will use the
+ pre-allocated device ID, instead of trying to figure out one
+ itself. That way, during the usual automatic startup, it can
+ continue to mount the Vinum root volume for the root
+ filesystem.</para>
+
+ <para>However, when <command>boot -a</command> has been
+ requesting to ask for entering the name of the root device
+ manually, it must be noted that this routine still cannot
+ actually parse a name entered there that refers to a Vinum
+ volume. If any device name is entered that does not refer to
+ a Vinum device, the mismatch between the major numbers of the
+ pre-allocated root parameter and the driver as figured out
+ from the given name will make this routine enter its normal
+ parser, so entering a string like
+ <literal>ufs:da0d</literal> will work as expected. Note
+ that if this fails, it is however no longer possible to
+ re-enter a string like <literal>ufs:vinum/root</literal>
+ again, since it cannot be parsed. The only way out is to
+ reboot again, and start over then. (At the
+ <quote>askroot</quote> prompt, the initial
+ <filename>/dev/</filename> can always be omitted.)</para>
+ </sect2>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/handbook/x11/Makefile b/zh_TW.Big5/books/handbook/x11/Makefile
new file mode 100644
index 0000000000..06b452cd33
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/x11/Makefile
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD$
+#
+
+CHAPTERS= x11/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff --git a/zh_TW.Big5/books/handbook/x11/chapter.sgml b/zh_TW.Big5/books/handbook/x11/chapter.sgml
new file mode 100644
index 0000000000..c21eda03d2
--- /dev/null
+++ b/zh_TW.Big5/books/handbook/x11/chapter.sgml
@@ -0,0 +1,1822 @@
+<!--
+ The FreeBSD Documentation Project
+
+ $FreeBSD$
+-->
+
+<chapter id="x11">
+ <chapterinfo>
+ <authorgroup>
+ <author>
+ <firstname>Ken</firstname>
+ <surname>Tom</surname>
+ <contrib>Updated for X.Org's X11 server by </contrib>
+ </author>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ </author>
+ </authorgroup>
+ </chapterinfo>
+
+ <title>The X Window System</title>
+
+ <sect1 id="x11-synopsis">
+ <title>Synopsis</title>
+
+ <para>FreeBSD uses X11 to provide users with
+ a powerful graphical user interface. X11
+ is an open-source implementation of the X Window System that
+ includes both <application>&xorg;</application> and
+ <application>&xfree86;</application>. &os; versions up to and
+ including &os;&nbsp;4.11-RELEASE and &os;&nbsp;5.2.1-RELEASE
+ will find the default installation to be
+ <application>&xfree86;</application>, the X11 server released by
+ The &xfree86; Project, Inc. As of &os;&nbsp;5.3-RELEASE, the
+ default and official flavor of X11 was changed to
+ <application>&xorg;</application>, the X11 server developed by
+ the X.Org Foundation.</para>
+
+ <para>This chapter will cover the installation and configuration
+ of X11 with emphasis on
+ <application>&xorg;</application>.</para>
+
+ <para>For more information on the video hardware that X11
+ supports, check either the <ulink
+ url="http://www.x.org/">&xorg;</ulink> or <ulink
+ url="http://www.XFree86.org/">&xfree86;</ulink> web
+ sites.</para>
+
+ <para>After reading this chapter, you will know:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The various components of the X Window System, and how they
+ interoperate.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install and configure X11.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to install and use different window managers.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to use &truetype; fonts in X11.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set up your system for graphical logins
+ (<application>XDM</application>).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Before reading this chapter, you should:</para>
+
+ <itemizedlist>
+ <listitem><para>Know how to install additional third-party
+ software (<xref linkend="ports">).</para></listitem>
+ </itemizedlist>
+
+ <note>
+ <para>This chapter covers the installation and the configuration
+ of both <application>&xorg;</application> and
+ <application>&xfree86;</application> X11 servers. For the most
+ part, configuration files, commands and syntaxes are identical.
+ In the case where there are differences, both
+ <application>&xorg;</application> and
+ <application>&xfree86;</application> syntaxes will be
+ shown.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="x-understanding">
+ <title>Understanding X</title>
+
+ <para>Using X for the first time can be somewhat of a shock to someone
+ familiar with other graphical environments, such as &microsoft.windows; or
+ &macos;.</para>
+
+ <para>While it is not necessary to understand all of the details of various
+ X components and how they interact, some basic knowledge makes
+ it possible to take advantage of X's strengths.</para>
+
+ <sect2>
+ <title>Why X?</title>
+
+ <para>X is not the first window system written for &unix;, but it is the
+ most popular of them. X's original development team had worked on another
+ window system prior to writing X. That system's name was
+ <quote>W</quote> (for <quote>Window</quote>). X was just the next
+ letter in the Roman alphabet.</para>
+
+ <para>X can be called <quote>X</quote>, <quote>X Window System</quote>,
+ <quote>X11</quote>, and a number of other terms. You may find
+ that using the term <quote>X Windows</quote> to describe X11
+ can be offensive to some people; for a bit more insight on
+ this, see &man.X.7;.</para>
+ </sect2>
+
+ <sect2>
+ <title>The X Client/Server Model</title>
+
+ <para>X was designed from the beginning to be network-centric, and
+ adopts a <quote>client-server</quote> model.</para>
+
+ <para>In the X model, the
+ <quote>X server</quote> runs on the computer that has the keyboard,
+ monitor, and mouse attached. The server's responsibility includes tasks such as managing
+ the display, handling input from the keyboard and mouse, and so on.
+ Each X application (such as <application>XTerm</application>, or
+ <application>&netscape;</application>) is a <quote>client</quote>. A
+ client sends messages to the server such as <quote>Please draw a
+ window at these coordinates</quote>, and the server sends back
+ messages such as <quote>The user just clicked on the OK
+ button</quote>.</para>
+
+ <para>In a home or small
+ office environment, the X server and the X clients commonly run on
+ the same computer. However, it is perfectly possible to run the X
+ server on a less powerful desktop computer, and run X applications
+ (the clients) on, say, the powerful and expensive machine that serves
+ the office. In this scenario the communication between the X client
+ and server takes place over the network.</para>
+
+ <para>This confuses some people, because the X terminology is
+ exactly backward to what they expect. They expect the <quote>X
+ server</quote> to be the big powerful machine down the hall, and
+ the <quote>X client</quote> to be the machine on their desk.</para>
+
+ <para>It is important to remember that the X server is the machine with the monitor and
+ keyboard, and the X clients are the programs that display the
+ windows.</para>
+
+ <para>There is nothing in the protocol that forces the client and
+ server machines to be running the same operating system, or even to
+ be running on the same type of computer. It is certainly possible to
+ run an X server on &microsoft.windows; or Apple's &macos;, and there are
+ various free and commercial applications available that do exactly
+ that.</para>
+
+ <para>Starting with &os;&nbsp;5.3-RELEASE, the X server that
+ installs with &os; is <application>&xorg;</application>,
+ and is available for free, under a
+ license very similar to the FreeBSD license. Commercial X servers for
+ FreeBSD are also available.</para>
+ </sect2>
+
+ <sect2>
+ <title>The Window Manager</title>
+
+ <para>The X design philosophy is much like the &unix; design philosophy,
+ <quote>tools, not policy</quote>. This means that X does not try to
+ dictate how a task is to be accomplished. Instead, tools are provided
+ to the user, and it is the user's responsibility to decide how to use
+ those tools.</para>
+
+ <para>This philosophy extends to X not dictating what windows should
+ look like on screen, how to move them around with the mouse, what
+ keystrokes should be used to move between windows (i.e.,
+ <keycombo action="simul">
+ <keycap>Alt</keycap>
+ <keycap>Tab</keycap>
+ </keycombo>, in the case of &microsoft.windows;), what the title bars
+ on each window should look like, whether or not they have close
+ buttons on them, and so on.</para>
+
+ <para>Instead, X delegates this responsibility to an application called
+ a <quote>Window Manager</quote>. There are dozens of window
+ managers available for X: <application>AfterStep</application>,
+ <application>Blackbox</application>, <application>ctwm</application>,
+ <application>Enlightenment</application>,
+ <application>fvwm</application>, <application>Sawfish</application>,
+ <application>twm</application>,
+ <application>Window Maker</application>, and more. Each of these
+ window managers provides a different look and feel; some of them
+ support <quote>virtual desktops</quote>; some of them allow customized
+ keystrokes to manage the desktop; some have a <quote>Start</quote>
+ button or similar device; some are <quote>themeable</quote>, allowing
+ a complete change of look-and-feel by applying a new theme. These
+ window managers, and many more, are available in the
+ <filename>x11-wm</filename> category of the Ports Collection.</para>
+
+ <para>In addition, the <application>KDE</application> and
+ <application>GNOME</application> desktop environments both have their
+ own window managers which integrate with the desktop.</para>
+
+ <para>Each window manager also has a different configuration mechanism;
+ some expect configuration file written by hand, others feature
+ GUI tools for most of the configuration tasks; at least one
+ (<application>Sawfish</application>) has a configuration file written
+ in a dialect of the Lisp language.</para>
+
+ <note>
+ <title>Focus Policy</title>
+
+ <para>Another feature the window manager is responsible for is the
+ mouse <quote>focus policy</quote>. Every windowing system
+ needs some means of choosing a window to be actively receiving
+ keystrokes, and should visibly indicate which window is active as
+ well.</para>
+
+ <para>A familiar focus policy is called <quote>click-to-focus</quote>.
+ This is the model utilized by &microsoft.windows;, in which a window
+ becomes active upon receiving a mouse click.</para>
+
+ <para>X does not support any particular focus policy. Instead, the
+ window manager controls which window has the focus at any one time.
+ Different window managers will support different focus methods. All
+ of them support click to focus, and the majority of them support
+ several others.</para>
+
+ <para>The most popular focus policies are:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>focus-follows-mouse</term>
+
+ <listitem>
+ <para>The window that is under the mouse pointer is the
+ window that has the focus. This may not necessarily be
+ the window that is on top of all the other windows.
+ The focus is changed by pointing at another window, there
+ is no need to click in it as well.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>sloppy-focus</term>
+
+ <listitem>
+ <para>This policy is a small extension to focus-follows-mouse.
+ With focus-follows-mouse, if the mouse is moved over the
+ root window (or background) then no window has the focus,
+ and keystrokes are simply lost. With sloppy-focus, focus is
+ only changed when the cursor enters a new window, and not
+ when exiting the current window.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>click-to-focus</term>
+
+ <listitem>
+ <para>The active window is selected by mouse click. The
+ window may then be <quote>raised</quote>, and appear in
+ front of all other windows. All keystrokes will now be
+ directed to this window, even if the cursor is moved to
+ another window.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Many window managers support other policies, as well as
+ variations on these. Be sure to consult the documentation for
+ the window manager itself.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Widgets</title>
+
+ <para>The X approach of providing tools and not policy extends to the
+ widgets seen on screen in each application.</para>
+
+ <para><quote>Widget</quote> is a term for all the items in the user
+ interface that can be clicked or manipulated in some way; buttons,
+ check boxes, radio buttons, icons, lists, and so on. &microsoft.windows;
+ calls these <quote>controls</quote>.</para>
+
+ <para>&microsoft.windows; and Apple's &macos; both have a very rigid widget
+ policy. Application developers are supposed to ensure that their
+ applications share a common look and feel. With X, it was not
+ considered sensible to mandate a particular graphical style, or set
+ of widgets to adhere to.</para>
+
+ <para>As a result, do not expect X applications to have a common
+ look and feel. There are several popular widget sets and
+ variations, including the original Athena widget set from MIT,
+ <application>&motif;</application> (on which the widget set in
+ &microsoft.windows; was modeled, all bevelled edges and three shades of
+ grey), <application>OpenLook</application>, and others.</para>
+
+ <para>Most newer X applications today will use a modern-looking widget
+ set, either Qt, used by <application>KDE</application>, or
+ GTK+, used by the
+ <application>GNOME</application>
+ project. In this respect, there is some convergence in
+ look-and-feel of the &unix; desktop, which certainly makes things
+ easier for the novice user.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="x-install">
+ <title>Installing X11</title>
+
+ <para><application>&xorg;</application> or
+ <application>&xfree86;</application> may be installed on &os;.
+ Beginning with &os;&nbsp;5.3-RELEASE,
+ <application>&xorg;</application> is the default X11
+ implementation for &os;. <application>&xorg;</application> is
+ the X server of the open source X Window System implementation released by the X.Org
+ Foundation. <application>&xorg;</application> is based on the code of
+ <application>&xfree86&nbsp;4.4RC2</application> and X11R6.6.
+ The X.Org Foundation released X11R6.7 in April 2004 and
+ X11R6.8.2 in February 2005, this latter is the version
+ currently available in the &os; Ports Collection.</para>
+
+ <para>To build and install <application>&xorg;</application> from the
+ Ports Collection:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/x11/xorg</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <note>
+ <para>To build <application>&xorg;</application> in its
+ entirety, be sure to have at least 4&nbsp;GB of free space
+ available.</para>
+ </note>
+
+ <para>To build and install <application>&xfree86;</application>
+ from the Ports Collection:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/x11/XFree86-4</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>Alternatively, X11
+ can be installed directly from packages.
+ Binary packages to use with &man.pkg.add.1; tool are also available for
+ X11. When the remote fetching
+ feature of &man.pkg.add.1; is used, the version number of the
+ package must be removed. &man.pkg.add.1; will automatically fetch
+ the latest version of the application.</para>
+
+ <para>So to fetch and install the package of
+ <application>&xorg;</application>, simply type:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r xorg</userinput></screen>
+
+ <para>The <application>&xfree86;&nbsp;4.X</application> package can be
+ installed by typing:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r XFree86</userinput></screen>
+
+ <note><para>The examples above will install the complete
+ X11 distribution including the
+ servers, clients, fonts etc. Separate packages and ports of X11
+ are also
+ available.</para></note>
+
+ <para>The rest of this chapter will explain how to configure
+ X11, and how to set up a productive desktop
+ environment.</para>
+
+ <sect2 id="x-to-xorg">
+ <title>Moving from <application>&xfree86;</application> to
+ <application>&xorg;</application></title>
+
+ <para>As with any port, you should check the
+ <filename>/usr/ports/UPDATING</filename> file for changes.
+ Included in this file are instructions for converting your
+ system from <application>&xfree86;</application> to
+ <application>&xorg;</application>.</para>
+
+ <para>Use <application>CVSup</application> to update your ports
+ tree prior to attempting any conversion. You will also need
+ to install <filename
+ role="package">sysutils/portupgrade</filename> prior to
+ converting your X11 installation.</para>
+
+ <para>In your <filename>/etc/make.conf</filename> you will need
+ to add the variable <literal>X_WINDOW_SYSTEM=xorg</literal>.
+ This ensures that your system knows which X11 is being used.
+ The older <literal>XFREE86_VERSION</literal> variable has been
+ deprecated and has been replaced with the
+ <literal>X_WINDOW_SYSTEM</literal> variable.</para>
+
+ <para>Then, use the following commands:</para>
+
+ <screen>&prompt.root; <userinput>pkg_delete -f /var/db/pkg/imake-4* /var/db/pkg/XFree86-*</userinput>
+&prompt.root; <userinput>cd /usr/ports/x11/xorg</userinput>
+&prompt.root; <userinput>make install clean</userinput>
+&prompt.root; <userinput>pkgdb -F</userinput></screen>
+
+ <para>The &man.pkgdb.1; command is part of the
+ <application>portupgrade</application> software and will
+ update various package dependencies.</para>
+
+ <note>
+ <para>To build <application>&xorg;</application> in its
+ entirety, be sure to have at least 4&nbsp;GB of free space
+ available.</para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="x-config">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Christopher</firstname>
+ <surname>Shumway</surname>
+ <contrib>Contributed by </contrib>
+ <!-- July 2001 -->
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>X11 Configuration</title>
+
+
+ <indexterm><primary>&xfree86;&nbsp;4.X</primary></indexterm>
+ <indexterm><primary>&xfree86;</primary></indexterm>
+ <indexterm><primary>&xorg;</primary></indexterm>
+ <indexterm><primary>X11</primary></indexterm>
+
+ <sect2>
+ <title>Before Starting</title>
+
+ <para>Before configuration of X11
+ the following information about the target system is needed:</para>
+
+ <itemizedlist>
+ <listitem><para>Monitor specifications</para></listitem>
+ <listitem><para>Video Adapter chipset</para></listitem>
+ <listitem><para>Video Adapter memory</para></listitem>
+ </itemizedlist>
+
+ <indexterm><primary>horizontal scan rate</primary></indexterm>
+ <indexterm><primary>vertical scan rate</primary></indexterm>
+
+ <para>The specifications for the monitor are used by
+ X11 to determine the resolution and
+ refresh rate to run at. These specifications can usually be
+ obtained from the documentation that came with the monitor or from
+ the manufacturer's website. There are two ranges of numbers that
+ are needed, the horizontal scan rate and the vertical synchronization
+ rate.</para>
+
+ <para>The video adapter's chipset defines what driver module
+ X11 uses to talk to the graphics
+ hardware. With most chipsets, this can be automatically
+ determined, but it is still useful to know in case the automatic
+ detection does not work correctly.</para>
+
+ <para>Video memory on the graphic adapter determines the
+ resolution and color depth which the system can run at. This is
+ important to know so the user knows the limitations of the
+ system.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Configuring X11</title>
+
+ <para>Configuration of X11 is
+ a multi-step process. The first step is to build an initial
+ configuration file.
+ As the super user, simply
+ run:</para>
+
+ <screen>&prompt.root; <userinput>Xorg -configure</userinput></screen>
+
+ <para>In the case of <application>&xfree86;</application>
+ type:</para>
+
+ <screen>&prompt.root; <userinput>XFree86 -configure</userinput></screen>
+
+ <para>This will generate an
+ X11 configuration skeleton file in the
+ <filename>/root</filename> directory called
+ <filename>xorg.conf.new</filename> (whether you &man.su.1; or
+ do a direct login affects the inherited supervisor
+ <envar>$HOME</envar> directory variable).
+ For <application>&xfree86;</application>, this configuration
+ file is called <filename>XF86Config.new</filename>. The
+ X11 program will attempt to probe
+ the graphics hardware on the system and write a
+ configuration file to load the proper drivers for the detected
+ hardware on the target system.</para>
+
+ <para>The next step is to test the existing
+ configuration to verify that <application>&xorg;</application>
+ can work with the graphics
+ hardware on the target system. To perform this task,
+ type:</para>
+
+ <screen>&prompt.root; <userinput>Xorg -config xorg.conf.new</userinput></screen>
+
+ <para><application>&xfree86;</application> users will type:</para>
+
+ <screen>&prompt.root; <userinput>XFree86 -xf86config XF86Config.new</userinput></screen>
+
+ <para>If a black and grey grid and an X mouse cursor appear,
+ the configuration was successful. To exit the test, just press
+ <keycombo action="simul">
+ <keycap>Ctrl</keycap>
+ <keycap>Alt</keycap>
+ <keycap>Backspace</keycap>
+ </keycombo> simultaneously.</para>
+
+ <note><para>If the mouse does not work, you will need to first
+ configure it before proceeding. See <xref linkend="mouse">
+ in the &os; install chapter.</para></note>
+
+ <indexterm><primary>X11 tuning</primary></indexterm>
+
+ <para>Next, tune the <filename>xorg.conf.new</filename> (or <filename>XF86Config.new</filename> if you are running <application>&xfree86;</application>)
+ configuration file to taste. Open the file in a text editor such
+ as &man.emacs.1; or &man.ee.1;. First, add the
+ frequencies for the target system's monitor. These are usually
+ expressed as a horizontal and vertical synchronization rate. These
+ values are added to the <filename>xorg.conf.new</filename> file
+ under the <literal>"Monitor"</literal> section:</para>
+
+ <programlisting>Section "Monitor"
+ Identifier "Monitor0"
+ VendorName "Monitor Vendor"
+ ModelName "Monitor Model"
+ HorizSync 30-107
+ VertRefresh 48-120
+EndSection</programlisting>
+
+ <para>The <literal>HorizSync</literal> and
+ <literal>VertRefresh</literal> keywords may be missing in the
+ configuration file. If they are, they need to be added, with
+ the correct horizontal synchronization rate placed after the
+ <literal>HorizSync</literal> keyword and the vertical
+ synchronization rate after the <literal>VertRefresh</literal>
+ keyword. In the example above the target monitor's rates were
+ entered.</para>
+
+ <para>X allows DPMS (Energy Star) features to be used with capable
+ monitors. The &man.xset.1; program controls the time-outs and can force
+ standby, suspend, or off modes. If you wish to enable DPMS features
+ for your monitor, you must add the following line to the monitor
+ section:</para>
+
+ <programlisting>
+ Option "DPMS"</programlisting>
+
+ <indexterm>
+ <primary><filename>xorg.conf</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>XF86Config</filename></primary>
+ </indexterm>
+
+ <para>While the <filename>xorg.conf.new</filename> (or <filename>XF86Config.new</filename>)
+ configuration file is still open in an editor, select
+ the default resolution and color depth desired. This is
+ defined in the <literal>"Screen"</literal> section:</para>
+
+ <programlisting>Section "Screen"
+ Identifier "Screen0"
+ Device "Card0"
+ Monitor "Monitor0"
+ DefaultDepth 24
+ SubSection "Display"
+ Viewport 0 0
+ Depth 24
+ Modes "1024x768"
+ EndSubSection
+EndSection</programlisting>
+
+ <para>The <literal>DefaultDepth</literal> keyword describes
+ the color depth to run at by default. This can be overridden
+ with the <option>-depth</option> command line switch to
+ &man.Xorg.1; (or &man.XFree86.1;).
+ The <literal>Modes</literal> keyword
+ describes the resolution to run at for the given color depth.
+ Note that only VESA standard modes are supported as defined by
+ the target system's graphics hardware.
+ In the example above, the default color depth is twenty-four
+ bits per pixel. At this color depth, the accepted resolution is
+ 1024 by 768
+ pixels.</para>
+
+ <para>Finally, write the configuration file and test it using
+ the test mode given above.</para>
+
+ <note>
+ <para>One of the tools available to assist you during
+ troubleshooting process are the X11 log files, which contain
+ information on each device that the X11 server attaches to.
+ <application>&xorg;</application> log file names are in the format
+ of <filename>/var/log/Xorg.0.log</filename>
+ (<application>&xfree86;</application> log file names follow the
+ format of <filename>XFree86.0.log</filename>). The exact name
+ of the log can vary from <filename>Xorg.0.log</filename> to
+ <filename>Xorg.8.log</filename> and so forth.</para>
+ </note>
+
+ <para>If all is well, the configuration
+ file needs to be installed in a common location where
+ &man.Xorg.1; (or &man.XFree86.1;)
+ can find it.
+ This is typically <filename>/etc/X11/xorg.conf</filename> or
+ <filename>/usr/X11R6/etc/X11/xorg.conf</filename> (for
+ <application>&xfree86;</application> it is called
+ <filename>/etc/X11/XF86Config</filename> or
+ <filename>/usr/X11R6/etc/X11/XF86Config</filename>).</para>
+
+ <screen>&prompt.root; <userinput>cp xorg.conf.new /etc/X11/xorg.conf</userinput></screen>
+
+ <para>For <application>&xfree86;</application>:</para>
+
+ <screen>&prompt.root; <userinput>cp XF86Config.new /etc/X11/XF86Config</userinput></screen>
+
+ <para>The X11 configuration process is now
+ complete. In order to start
+ <application>&xfree86;&nbsp;4.X</application> with &man.startx.1;,
+ install the <filename role="package">x11/wrapper</filename> port.
+ <application>&xorg;</application> already includes the wrapper
+ code and does not require the installation of the wrapper port.
+ The X11 server may also be started with the use of
+ &man.xdm.1;.</para>
+
+ <note><para>There is also a graphical configuration tool,
+ &man.xorgcfg.1; (&man.xf86cfg.1; for <application>&xfree86;</application>), that comes with the
+ X11 distribution. It
+ allows you to interactively define your configuration by choosing
+ the appropriate drivers and settings. This program can be invoked from the console, by typing the command <command>xorgcfg -textmode</command>. For more details,
+ refer to the &man.xorgcfg.1; and &man.xf86cfg.1; manual pages.</para>
+
+ <para>Alternatively, there is also a tool called &man.xorgconfig.1;
+ (&man.xf86config.1; for <application>&xfree86;</application>),
+ this program is a console utility that is less user friendly,
+ but it may work in situations where the other tools do
+ not.</para></note>
+
+ </sect2>
+
+ <sect2>
+ <title>Advanced Configuration Topics</title>
+
+ <sect3>
+ <title>Configuration with &intel; i810 Graphics Chipsets</title>
+
+ <indexterm><primary>Intel i810 graphic chipset</primary></indexterm>
+
+ <para>Configuration with &intel; i810 integrated chipsets
+ requires the <devicename>agpgart</devicename>
+ AGP programming interface for X11
+ to drive the card. The &man.agp.4; driver is in the
+ <filename>GENERIC</filename> kernel since releases
+ 4.8-RELEASE and 5.0-RELEASE. On prior releases, you will
+ have to add the following line:</para>
+
+ <programlisting>device agp</programlisting>
+
+ <para>in your kernel configuration file and rebuild a new
+ kernel. Instead, you may want to load
+ the <filename>agp.ko</filename> kernel module
+ automatically with the &man.loader.8; at boot time.
+ For that, simply add this line to
+ <filename>/boot/loader.conf</filename>:</para>
+
+ <programlisting>agp_load="YES"</programlisting>
+
+ <para>Next, if you are running FreeBSD&nbsp;4.X or earlier, a
+ device node needs to be created for the
+ programming interface. To create the AGP device node, run
+ &man.MAKEDEV.8; in the <filename>/dev</filename>
+ directory:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
+&prompt.root; <userinput>sh MAKEDEV agpgart</userinput></screen>
+
+ <note>
+ <para>FreeBSD&nbsp;5.X or later will use &man.devfs.5; to allocate
+ device nodes transparently, therefore the
+ &man.MAKEDEV.8; step is not required.</para>
+ </note>
+
+ <para>This will allow configuration of the hardware as any other
+ graphics board. Note on systems without the &man.agp.4;
+ driver compiled in the kernel, trying to load the module
+ with &man.kldload.8; will not work. This driver has to be
+ in the kernel at boot time through being compiled in or
+ using <filename>/boot/loader.conf</filename>.</para>
+
+ <para>If you are using <application>&xfree86;&nbsp;4.1.0</application> (or
+ later) and messages about unresolved symbols like
+ <literal>fbPictureInit</literal> appear, try adding the
+ following line after <literal>Driver "i810"</literal> in the
+ X11 configuration file:</para>
+ <programlisting>Option "NoDDC"</programlisting>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="x-fonts">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Using Fonts in X11</title>
+
+ <sect2 id="type1">
+ <title>Type1 Fonts</title>
+ <para>The default fonts that ship with
+ X11 are less than ideal for typical
+ desktop publishing applications. Large presentation fonts show up
+ jagged and unprofessional looking, and small fonts in
+ <application>&netscape;</application> are almost completely unintelligible.
+ However, there are several free, high quality Type1 (&postscript;) fonts
+ available which can be readily used
+ with X11. For instance, the URW font collection
+ (<filename role="package">x11-fonts/urwfonts</filename>) includes
+ high quality versions of standard type1 fonts (<trademark class="registered">Times Roman</trademark>,
+ <trademark class="registered">Helvetica</trademark>, <trademark class="registered">Palatino</trademark> and others). The Freefonts collection
+ (<filename role="package">x11-fonts/freefonts</filename>) includes
+ many more fonts, but most of them are intended for use in
+ graphics software such as the <application>Gimp</application>, and are not
+ complete enough to serve as screen fonts. In addition,
+ X11 can be configured to use
+ &truetype; fonts with a minimum of effort. For more details on
+ this, see the &man.X.7; manual page or the
+ <link linkend="truetype">section on &truetype; fonts</link>.</para>
+
+ <para>To install the above Type1 font collections from the ports
+ collection, run the following commands:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/x11-fonts/urwfonts</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>And likewise with the freefont or other collections. To have the X
+ server detect these fonts, add an appropriate line to the
+ X server configuration file in <filename>/etc/X11/</filename>
+ (<filename>xorg.conf</filename> for
+ <application>&xorg;</application> and
+ <filename>XF86Config</filename> for
+ <application>&xfree86;</application>), which reads:</para>
+
+ <programlisting>FontPath "/usr/X11R6/lib/X11/fonts/URW/"</programlisting>
+
+ <para>Alternatively, at the command line in the X session
+ run:</para>
+
+ <screen>&prompt.user; <userinput>xset fp+ /usr/X11R6/lib/X11/fonts/URW</userinput>
+&prompt.user; <userinput>xset fp rehash</userinput></screen>
+
+ <para>This will work but will be lost when the X session is closed,
+ unless it is added to the startup file (<filename>~/.xinitrc</filename>
+ for a normal <command>startx</command> session,
+ or <filename>~/.xsession</filename> when logging in through a
+ graphical login manager like <application>XDM</application>).
+ A third way is to use the new
+ <filename>/usr/X11R6/etc/fonts/local.conf</filename> file: see the
+ section on <link linkend="antialias">anti-aliasing</link>.
+ </para>
+ </sect2>
+
+ <sect2 id="truetype">
+ <title>&truetype; Fonts</title>
+
+ <indexterm><primary>TrueType Fonts</primary></indexterm>
+ <indexterm><primary>fonts</primary>
+ <secondary>TrueType</secondary>
+ </indexterm>
+
+ <para>Both <application>&xfree86;&nbsp;4.X</application> and <application>&xorg;</application> have built in support
+ for rendering &truetype; fonts. There are two different modules
+ that can enable this functionality. The freetype module is used
+ in this example because it is more consistent with the other font
+ rendering back-ends. To enable the freetype module just add the
+ following line to the <literal>"Module"</literal> section of the
+ <filename>/etc/X11/xorg.conf</filename> or
+ <filename>/etc/X11/XF86Config</filename> file.</para>
+
+ <programlisting>Load "freetype"</programlisting>
+
+ <para>For <application>&xfree86;&nbsp;3.3.X</application>, a separate
+ &truetype; font server is needed.
+ <application>Xfstt</application> is commonly used for
+ this purpose. To install <application>Xfstt</application>,
+ simply install the port
+ <filename role="package">x11-servers/Xfstt</filename>.</para>
+
+ <para>Now make a directory for the &truetype; fonts (for example,
+ <filename>/usr/X11R6/lib/X11/fonts/TrueType</filename>)
+ and copy all of the &truetype; fonts into this directory. Keep in
+ mind that &truetype; fonts cannot be directly taken from a
+ &macintosh;; they must be in &unix;/&ms-dos;/&windows; format for use by
+ X11. Once the files have been
+ copied into this directory, use
+ <application>ttmkfdir</application> to create a
+ <filename>fonts.dir</filename> file, so that the X font renderer
+ knows that these new files have been installed.
+ <command>ttmkfdir</command> is available from the FreeBSD
+ Ports Collection as
+ <filename role="package">x11-fonts/ttmkfdir</filename>.</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/X11R6/lib/X11/fonts/TrueType</userinput>
+&prompt.root; <userinput>ttmkfdir &gt; fonts.dir</userinput></screen>
+
+ <para>Now add the &truetype; directory to the font
+ path. This is just the same as described above for <link
+ linkend="type1">Type1</link> fonts, that is, use</para>
+
+ <screen>&prompt.user; <userinput>xset fp+ /usr/X11R6/lib/X11/fonts/TrueType</userinput>
+&prompt.user; <userinput>xset fp rehash</userinput></screen>
+
+ <para>or add a <literal>FontPath</literal> line to the
+ <filename>xorg.conf</filename> (or <filename>XF86Config</filename>) file.</para>
+
+ <para>That's it. Now <application>&netscape;</application>,
+ <application>Gimp</application>,
+ <application>&staroffice;</application>, and all of the other X
+ applications should now recognize the installed &truetype;
+ fonts. Extremely small fonts (as with text in a high resolution
+ display on a web page) and extremely large fonts (within
+ <application>&staroffice;</application>) will look much better
+ now.</para>
+ </sect2>
+
+ <sect2 id="antialias">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Joe Marcus</firstname>
+ <surname>Clarke</surname>
+ <contrib>Updated by </contrib>
+ <!-- May 2003 -->
+ </author>
+ </authorgroup>
+ </sect2info>
+ <title>Anti-Aliased Fonts</title>
+
+ <indexterm><primary>anti-aliased fonts</primary></indexterm>
+ <indexterm><primary>fonts</primary>
+ <secondary>anti-aliased</secondary></indexterm>
+
+ <para>Anti-aliasing has been available in X11 since
+ <application>&xfree86;</application> 4.0.2. However, font
+ configuration was cumbersome before the introduction of
+ <application>&xfree86;</application> 4.3.0.
+ Beginning with
+ <application>&xfree86;</application> 4.3.0, all fonts in X11
+ that are found
+ in <filename>/usr/X11R6/lib/X11/fonts/</filename> and
+ <filename>~/.fonts/</filename> are automatically
+ made available for anti-aliasing to Xft-aware applications. Not
+ all applications are Xft-aware, but many have received Xft support.
+ Examples of Xft-aware applications include Qt 2.3 and higher (the
+ toolkit for the <application>KDE</application> desktop),
+ GTK+ 2.0 and higher (the toolkit for the
+ <application>GNOME</application> desktop), and
+ <application>Mozilla</application> 1.2 and higher.
+ </para>
+
+ <para>In order to control which fonts are anti-aliased, or to
+ configure anti-aliasing properties, create (or edit, if it
+ already exists) the file
+ <filename>/usr/X11R6/etc/fonts/local.conf</filename>. Several
+ advanced features of the Xft font system can be tuned using
+ this file; this section describes only some simple
+ possibilities. For more details, please see
+ &man.fonts-conf.5;.</para>
+
+ <indexterm><primary>XML</primary></indexterm>
+
+ <para>This file must be in XML format. Pay careful attention to
+ case, and make sure all tags are properly closed. The file
+ begins with the usual XML header followed by a DOCTYPE
+ definition, and then the <literal>&lt;fontconfig&gt;</literal> tag:</para>
+
+ <programlisting>
+ &lt;?xml version="1.0"?&gt;
+ &lt;!DOCTYPE fontconfig SYSTEM "fonts.dtd"&gt;
+ &lt;fontconfig&gt;
+ </programlisting>
+
+ <para>As previously stated, all fonts in
+ <filename>/usr/X11R6/lib/X11/fonts/</filename> as well as
+ <filename>~/.fonts/</filename> are already made available to
+ Xft-aware applications. If you wish to add another directory
+ outside of these two directory trees, add a line similar to the
+ following to
+ <filename>/usr/X11R6/etc/fonts/local.conf</filename>:</para>
+
+ <programlisting>&lt;dir&gt;/path/to/my/fonts&lt;/dir&gt;</programlisting>
+
+ <para>After adding new fonts, and especially new font directories,
+ you should run the following command to rebuild the font
+ caches:</para>
+
+ <screen>&prompt.root; <userinput>fc-cache -f</userinput></screen>
+
+ <para>Anti-aliasing makes borders slightly fuzzy, which makes very
+ small text more readable and removes <quote>staircases</quote> from
+ large text, but can cause eyestrain if applied to normal text. To
+ exclude font sizes smaller than 14 point from anti-aliasing, include
+ these lines:</para>
+
+ <programlisting> &lt;match target="font"&gt;
+ &lt;test name="size" compare="less"&gt;
+ &lt;double&gt;14&lt;/double&gt;
+ &lt;/test&gt;
+ &lt;edit name="antialias" mode="assign"&gt;
+ &lt;bool&gt;false&lt;/bool&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt;
+ &lt;match target="font"&gt;
+ &lt;test name="pixelsize" compare="less" qual="any"&gt;
+ &lt;double&gt;14&lt;/double&gt;
+ &lt;/test&gt;
+ &lt;edit mode="assign" name="antialias"&gt;
+ &lt;bool&gt;false&lt;/bool&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt;</programlisting>
+
+ <indexterm><primary>fonts</primary>
+ <secondary>spacing</secondary></indexterm>
+
+ <para>Spacing for some monospaced fonts may also be inappropriate
+ with anti-aliasing. This seems to be an issue with
+ <application>KDE</application>, in particular. One possible fix for
+ this is to force the spacing for such fonts to be 100. Add the
+ following lines:</para>
+
+ <programlisting> &lt;match target="pattern" name="family"&gt;
+ &lt;test qual="any" name="family"&gt;
+ &lt;string&gt;fixed&lt;/string&gt;
+ &lt;/test&gt;
+ &lt;edit name="family" mode="assign"&gt;
+ &lt;string&gt;mono&lt;/string&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt;
+ &lt;match target="pattern" name="family"&gt;
+ &lt;test qual="any" name="family"&gt;
+ &lt;string&gt;console&lt;/string&gt;
+ &lt;/test&gt;
+ &lt;edit name="family" mode="assign"&gt;
+ &lt;string&gt;mono&lt;/string&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt;</programlisting>
+
+ <para>(this aliases the other common names for fixed fonts as
+ <literal>"mono"</literal>), and then add:</para>
+
+ <programlisting> &lt;match target="pattern" name="family"&gt;
+ &lt;test qual="any" name="family"&gt;
+ &lt;string&gt;mono&lt;/string&gt;
+ &lt;/test&gt;
+ &lt;edit name="spacing" mode="assign"&gt;
+ &lt;int&gt;100&lt;/int&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt; </programlisting>
+
+ <para>Certain fonts, such as Helvetica, may have a problem when
+ anti-aliased. Usually this manifests itself as a font that
+ seems cut in half vertically. At worst, it may cause
+ applications such as <application>Mozilla</application> to
+ crash. To avoid this, consider adding the following to
+ <filename>local.conf</filename>:</para>
+
+ <programlisting> &lt;match target="pattern" name="family"&gt;
+ &lt;test qual="any" name="family"&gt;
+ &lt;string&gt;Helvetica&lt;/string&gt;
+ &lt;/test&gt;
+ &lt;edit name="family" mode="assign"&gt;
+ &lt;string&gt;sans-serif&lt;/string&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt; </programlisting>
+
+ <para>Once you have finished editing
+ <filename>local.conf</filename> make sure you end the file
+ with the <literal>&lt;/fontconfig&gt;</literal> tag. Not doing this will cause
+ your changes to be ignored.</para>
+
+ <para>The default font set that comes with
+ X11 is not very
+ desirable when it comes to anti-aliasing. A much better
+ set of default fonts can be found in the
+ <filename role="package">x11-fonts/bitstream-vera</filename>
+ port. This port will install a
+ <filename>/usr/X11R6/etc/fonts/local.conf</filename> file
+ if one does not exist already. If the file does exist,
+ the port will create a <filename>/usr/X11R6/etc/fonts/local.conf-vera
+ </filename> file. Merge the contents of this file into
+ <filename>/usr/X11R6/etc/fonts/local.conf</filename>, and the
+ Bitstream fonts will automatically replace the default
+ X11 Serif, Sans Serif, and Monospaced
+ fonts.</para>
+
+ <para>Finally, users can add their own settings via their personal
+ <filename>.fonts.conf</filename> files. To do this, each user should
+ simply create a <filename>~/.fonts.conf</filename>. This file must
+ also be in XML format.</para>
+
+ <indexterm><primary>LCD screen</primary></indexterm>
+ <indexterm><primary>Fonts</primary>
+ <secondary>LCD screen</secondary></indexterm>
+
+ <para>One last point: with an LCD screen, sub-pixel sampling may be
+ desired. This basically treats the (horizontally separated)
+ red, green and blue components separately to improve the horizontal
+ resolution; the results can be dramatic. To enable this, add the
+ line somewhere in the <filename>local.conf</filename> file:</para>
+
+ <programlisting>
+ &lt;match target="font"&gt;
+ &lt;test qual="all" name="rgba"&gt;
+ &lt;const&gt;unknown&lt;/const&gt;
+ &lt;/test&gt;
+ &lt;edit name="rgba" mode="assign"&gt;
+ &lt;const&gt;rgb&lt;/const&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt;
+ </programlisting>
+
+ <note><para>Depending on the sort of display,
+ <literal>rgb</literal> may need to be changed to <literal>bgr</literal>,
+ <literal>vrgb</literal> or <literal>vbgr</literal>: experiment and
+ see which works best.</para></note>
+
+ <indexterm>
+ <primary>Mozilla</primary>
+ <secondary>disabling anti-aliased fonts</secondary>
+ </indexterm>
+
+ <para>Anti-aliasing should be enabled the next time the X
+ server is started. However, programs must know how to take
+ advantage of it. At present, the Qt toolkit does,
+ so the entire <application>KDE</application> environment can
+ use anti-aliased fonts (see <xref
+ linkend="x11-wm-kde-antialias"> on
+ <application>KDE</application> for details). GTK+ and
+ <application>GNOME</application> can also be made to use
+ anti-aliasing via the <quote>Font</quote> capplet (see <xref
+ linkend="x11-wm-gnome-antialias"> for details). By default,
+ <application>Mozilla</application> 1.2 and greater will
+ automatically use anti-aliasing. To disable this, rebuild
+ <application>Mozilla</application> with the
+ <makevar>-DWITHOUT_XFT</makevar> flag.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="x-xdm">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Seth</firstname>
+ <surname>Kingsley</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>The X Display Manager</title>
+ <sect2>
+ <title>Overview</title>
+
+ <indexterm><primary>X Display Manager</primary></indexterm>
+ <para>The X Display Manager (<application>XDM</application>) is
+ an optional part of the X Window System that is used for login
+ session management. This is useful for several types of
+ situations, including minimal <quote>X Terminals</quote>,
+ desktops, and large network display
+ servers. Since the X Window System is network and protocol
+ independent, there are a wide variety of possible configurations
+ for running X clients and servers on different machines
+ connected by a network. <application>XDM</application> provides
+ a graphical interface for choosing which display server to
+ connect to, and entering authorization information such as a
+ login and password combination.</para>
+
+ <para>Think of <application>XDM</application> as
+ providing the same functionality to the user as the
+ &man.getty.8; utility (see <xref linkend="term-config"> for
+ details). That is, it performs system logins to the display
+ being connected to and then runs a session manager on behalf of
+ the user (usually an X window
+ manager). <application>XDM</application> then waits for this
+ program to exit, signaling that the user is done and should be
+ logged out of the display. At this point,
+ <application>XDM</application> can display the login and display
+ chooser screens for the next user to login.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using XDM</title>
+
+ <para>The <application>XDM</application> daemon program is
+ located in <filename>/usr/X11R6/bin/xdm</filename>. This program
+ can be run at any time as <username>root</username> and it will
+ start managing the X display on the local machine. If
+ <application>XDM</application> is to be run every
+ time the machine boots up, a convenient way to do this is by
+ adding an entry to <filename>/etc/ttys</filename>. For more
+ information about the format and usage of this file, see <xref
+ linkend="term-etcttys">. There is a line in the default
+ <filename>/etc/ttys</filename> file for running the
+ <application>XDM</application> daemon on a virtual terminal:</para>
+
+ <screen>ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</screen>
+
+ <para>By default this entry is disabled; in order to enable it
+ change field 5 from <literal>off</literal> to
+ <literal>on</literal> and restart &man.init.8; using the
+ directions in <xref linkend="term-hup">. The first field, the
+ name of the terminal this program will manage, is
+ <literal>ttyv8</literal>. This means that
+ <application>XDM</application> will start running on the 9th
+ virtual terminal.</para>
+ </sect2>
+
+ <sect2>
+ <title>Configuring XDM</title>
+
+ <para>The <application>XDM</application> configuration directory
+ is located in <filename>/usr/X11R6/lib/X11/xdm</filename>. In
+ this directory there are several files used to change the
+ behavior and appearance of
+ <application>XDM</application>. Typically these files will
+ be found:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>File</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><filename>Xaccess</filename></entry>
+ <entry>Client authorization ruleset.</entry>
+ </row>
+
+ <row>
+ <entry><filename>Xresources</filename></entry>
+ <entry>Default X resource values.</entry>
+ </row>
+
+ <row>
+ <entry><filename>Xservers</filename></entry>
+ <entry>List of remote and local displays to manage.</entry>
+ </row>
+
+ <row>
+ <entry><filename>Xsession</filename></entry>
+ <entry>Default session script for logins.</entry>
+ </row>
+
+ <row>
+ <entry><filename>Xsetup_</filename>*</entry>
+ <entry>Script to launch applications before the login
+ interface.</entry>
+ </row>
+
+ <row>
+ <entry><filename>xdm-config</filename></entry>
+ <entry>Global configuration for all displays running on
+ this machine.</entry>
+ </row>
+
+ <row>
+ <entry><filename>xdm-errors</filename></entry>
+ <entry>Errors generated by the server program.</entry>
+ </row>
+
+ <row>
+ <entry><filename>xdm-pid</filename></entry>
+ <entry>The process ID of the currently running XDM.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Also in this directory are a few scripts and programs used
+ to set up the desktop when <application>XDM</application> is
+ running. The purpose of each of these files will be briefly
+ described. The exact syntax and usage of all of these files is
+ described in &man.xdm.1;.</para>
+
+ <para>The default configuration is a simple rectangular login
+ window with the hostname of the machine displayed at the top in
+ a large font and <quote>Login:</quote> and
+ <quote>Password:</quote> prompts below. This is a good starting
+ point for changing the look and feel of
+ <application>XDM</application> screens.</para>
+
+ <sect3>
+ <title>Xaccess</title>
+
+ <para>The protocol for connecting to
+ <application>XDM</application> controlled displays is called
+ the X Display Manager Connection Protocol (XDMCP). This file
+ is a ruleset for controlling XDMCP connections from remote
+ machines. It's ignored unless the <filename>xdm-config</filename>
+ is changed to listen for remote connections. By default, it does
+ not allow any clients to connect.</para>
+ </sect3>
+
+ <sect3>
+ <title>Xresources</title>
+ <para>This is an application-defaults file for the display
+ chooser and the login screens. This is where the appearance
+ of the login program can be modified. The format is identical
+ to the app-defaults file described in the
+ X11 documentation.</para>
+ </sect3>
+
+ <sect3>
+ <title>Xservers</title>
+ <para>This is a list of the remote displays the chooser should
+ provide as choices.</para>
+ </sect3>
+
+ <sect3>
+ <title>Xsession</title>
+ <para>This is the default session script for
+ <application>XDM</application> to run after a user has logged
+ in. Normally each user will have a customized session script
+ in <filename>~/.xsession</filename> that overrides this
+ script.</para>
+ </sect3>
+
+ <sect3>
+ <title>Xsetup_*</title>
+ <para>These will be run automatically before displaying the
+ chooser or login interfaces. There is a script for each
+ display being used, named <filename>Xsetup_</filename> followed
+ by the local display number (for instance
+ <filename>Xsetup_0</filename>). Typically these scripts will
+ run one or two programs in the background such as
+ <command>xconsole</command>.</para>
+ </sect3>
+
+ <sect3>
+ <title>xdm-config</title>
+ <para>This contains settings in the form of app-defaults
+ that are applicable to every display that this installation
+ manages.</para>
+ </sect3>
+
+ <sect3>
+ <title>xdm-errors</title>
+ <para>This contains the output of the X servers that
+ <application>XDM</application> is trying to run. If a display
+ that <application>XDM</application> is trying to start hangs
+ for some reason, this is a good place to look for error
+ messages. These messages are also written to the user's
+ <filename>~/.xsession-errors</filename> file on a per-session
+ basis.</para>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Running a Network Display Server</title>
+
+ <para>In order for other clients to connect to the display
+ server, edit the access control rules, and enable the connection
+ listener. By default these are set to conservative values.
+ To make <application>XDM</application> listen for connections,
+ first comment out a line in the <filename>xdm-config</filename>
+ file:</para>
+
+ <screen>! SECURITY: do not listen for XDMCP or Chooser requests
+! Comment out this line if you want to manage X terminals with xdm
+DisplayManager.requestPort: 0</screen>
+
+ <para>and then restart <application>XDM</application>. Remember that
+ comments in app-defaults files begin with a <quote>!</quote>
+ character, not the usual <quote>#</quote>. More strict
+ access controls may be desired. Look at the example
+ entries in <filename>Xaccess</filename>, and refer to the
+ &man.xdm.1; manual page.</para>
+ </sect2>
+
+ <sect2>
+ <title>Replacements for XDM</title>
+
+ <para>Several replacements for the default
+ <application>XDM</application> program exist. One of them,
+ <application>kdm</application> (bundled with
+ <application>KDE</application>) is described later in this
+ chapter. The <application>kdm</application> display manager offers many visual
+ improvements and cosmetic frills, as well as the
+ functionality to allow users to choose their window manager
+ of choice at login time.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="x11-wm">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Valentino</firstname>
+ <surname>Vaschetto</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ <!-- June 2001 -->
+ </authorgroup>
+ </sect1info>
+
+ <title>Desktop Environments</title>
+
+ <para>This section describes the different desktop environments
+ available for X on FreeBSD. A <quote>desktop environment</quote>
+ can mean anything ranging from a simple window manager to a
+ complete suite of desktop applications, such as
+ <application>KDE</application> or <application>GNOME</application>.
+ </para>
+
+ <sect2 id="x11-wm-gnome">
+ <title>GNOME</title>
+
+ <sect3 id="x11-wm-gnome-about">
+ <title>About GNOME</title>
+
+ <indexterm><primary>GNOME</primary></indexterm>
+ <para><application>GNOME</application> is a user-friendly
+ desktop environment that enables users to easily use and
+ configure their computers. <application>GNOME</application>
+ includes a panel (for starting applications and displaying
+ status), a desktop (where data and applications can be
+ placed), a set of standard desktop tools and applications, and
+ a set of conventions that make it easy for applications to
+ cooperate and be consistent with each other. Users of other
+ operating systems or environments should feel right at home
+ using the powerful graphics-driven environment that
+ <application>GNOME</application> provides. More
+ information regarding <application>GNOME</application> on
+ FreeBSD can be found on the <ulink
+ url="http://www.FreeBSD.org/gnome">FreeBSD GNOME
+ Project</ulink>'s web site. The web site also contains fairly
+ comprehensive FAQs about installing, configuring, and managing
+ <application>GNOME</application>.</para>
+ </sect3>
+
+ <sect3 id="x11-wm-gnome-install">
+ <title>Installing GNOME</title>
+
+ <para>The easiest way to install
+ <application>GNOME</application> is through the
+ <quote>Desktop Configuration</quote> menu during the FreeBSD
+ installation process as described in <xref
+ linkend="default-desktop"> of Chapter&nbsp;2. It can also
+ be easily installed from a package or the ports
+ collection:</para>
+
+ <para>To install the <application>GNOME</application> package
+ from the network, simply type:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r gnome2</userinput></screen>
+
+ <para>To build <application>GNOME</application> from source, use
+ the ports tree:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/x11/gnome2</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>Once <application>GNOME</application> is installed,
+ the X server must be told to start
+ <application>GNOME</application> instead of a default window
+ manager.</para>
+
+ <para>The easiest way to start
+ <application>GNOME</application> is with
+ <application>GDM</application>, the GNOME Display Manager.
+ <application>GDM</application>, which is installed as a part
+ of the <application>GNOME</application> desktop (but is
+ disabled by default), can be enabled by adding
+ <literal>gdm_enable="YES"</literal> to
+ <filename>/etc/rc.conf</filename>. Once you have rebooted,
+ <application>GNOME</application> will start automatically
+ once you log in &mdash; no further configuration is
+ necessary.</para>
+
+ <para><application>GNOME</application> may also be started
+ from the command-line by properly configuring a file named
+ <filename>.xinitrc</filename>.
+ If a custom <filename>.xinitrc</filename> is already in
+ place, simply replace the line that starts the current window
+ manager with one that starts
+ <application>/usr/X11R6/bin/gnome-session</application> instead.
+ If nothing special has been done to the configuration file,
+ then it is enough simply to type:</para>
+
+ <screen>&prompt.user; <userinput>echo "/usr/X11R6/bin/gnome-session" &gt; ~/.xinitrc</userinput></screen>
+
+ <para>Next, type <command>startx</command>, and the
+ <application>GNOME</application> desktop environment will be
+ started.</para>
+
+ <note><para>If an older display manager, like
+ <application>XDM</application>, is being used, this will not work.
+ Instead, create an executable <filename>.xsession</filename>
+ file with the same command in it. To do this, edit the file
+ and replace the existing window manager command with
+ <application>/usr/X11R6/bin/gnome-session</application>:
+ </para></note>
+
+ <screen>&prompt.user; <userinput>echo "#!/bin/sh" > ~/.xsession</userinput>
+&prompt.user; <userinput>echo "/usr/X11R6/bin/gnome-session" >> ~/.xsession</userinput>
+&prompt.user; <userinput>chmod +x ~/.xsession</userinput></screen>
+
+ <para>Yet another option is to configure the display manager to
+ allow choosing the window manager at login time; the section on
+ <link linkend="x11-wm-kde-details">KDE details</link>
+ explains how to do this for <application>kdm</application>, the
+ display manager of <application>KDE</application>.</para>
+ </sect3>
+
+ <sect3 id="x11-wm-gnome-antialias">
+ <title>Anti-aliased Fonts with GNOME</title>
+
+ <indexterm><primary>GNOME</primary>
+ <secondary>anti-aliased fonts</secondary></indexterm>
+ <para>X11
+ supports anti-aliasing via its <quote>RENDER</quote> extension.
+ GTK+ 2.0 and greater (the toolkit used by
+ <application>GNOME</application>) can make use of this
+ functionality. Configuring anti-aliasing is described in
+ <xref linkend="antialias">. So, with up-to-date software,
+ anti-aliasing is possible within the
+ <application>GNOME</application> desktop. Just go to
+ <menuchoice>
+ <guimenu>Applications</guimenu>
+ <guisubmenu>Desktop Preferences</guisubmenu>
+ <guimenuitem>Font</guimenuitem></menuchoice>, and select either
+ <guibutton>Best shapes</guibutton>,
+ <guibutton>Best contrast</guibutton>, or
+ <guibutton>Subpixel smoothing (LCDs)</guibutton>. For a
+ GTK+ application that is not part of the
+ <application>GNOME</application> desktop, set the
+ environment variable <varname>GDK_USE_XFT</varname> to
+ <literal>1</literal> before launching the program.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="x11-wm-kde">
+ <title>KDE</title>
+
+ <indexterm><primary>KDE</primary></indexterm>
+ <sect3 id="x11-wm-kde-about">
+ <title>About KDE</title>
+
+ <para><application>KDE</application> is an easy to use
+ contemporary desktop environment. Some of the things that
+ <application>KDE</application> brings to the user are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>A beautiful contemporary desktop</para>
+ </listitem>
+
+ <listitem>
+ <para>A desktop exhibiting complete network transparency</para>
+ </listitem>
+
+ <listitem>
+ <para>An integrated help system allowing for convenient,
+ consistent access to help on the use of the
+ <application>KDE</application> desktop and its
+ applications</para>
+ </listitem>
+
+ <listitem>
+ <para>Consistent look and feel of all
+ <application>KDE</application> applications</para>
+ </listitem>
+
+ <listitem>
+ <para>Standardized menu and toolbars, keybindings, color-schemes,
+ etc.</para>
+ </listitem>
+
+ <listitem>
+ <para>Internationalization: <application>KDE</application>
+ is available in more than 40 languages</para>
+ </listitem>
+
+ <listitem>
+ <para>Centralized consisted dialog driven desktop
+ configuration</para>
+ </listitem>
+
+ <listitem>
+ <para>A great number of useful
+ <application>KDE</application> applications</para>
+ </listitem>
+ </itemizedlist>
+
+ <para><application>KDE</application> has an office application
+ suite based on <application>KDE</application>'s
+ <quote>KParts</quote> technology consisting
+ of a spread-sheet, a presentation application, an organizer, a
+ news client and more. <application>KDE</application> also
+ comes with a web browser called
+ <application>Konqueror</application>, which represents
+ a solid competitor to other existing web browsers on &unix;
+ systems. More information on <application>KDE</application>
+ can be found on the <ulink url="http://www.kde.org/">KDE
+ website</ulink>. For FreeBSD specific information and
+ resources on <application>KDE</application>, consult
+ the <ulink url="http://freebsd.kde.org/">FreeBSD-KDE
+ team</ulink>'s website.</para>
+ </sect3>
+
+ <sect3 id="x11-wm-kde-install">
+ <title>Installing KDE</title>
+
+ <para>Just as with <application>GNOME</application> or any
+ other desktop environment, the easiest way to install
+ <application>KDE</application> is through the <quote>Desktop
+ Configuration</quote> menu during the FreeBSD installation
+ process as described in <xref linkend="default-desktop"> of Chapter
+ 2. Once again, the software can be easily installed from a package
+ or from the Ports Collection:</para>
+
+ <para>To install the <application>KDE</application> package
+ from the network, simply type:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r kde</userinput></screen>
+
+ <para>&man.pkg.add.1; will automatically fetch the latest version
+ of the application.</para>
+
+ <para>To build <application>KDE</application> from source,
+ use the ports tree:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/x11/kde3</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>After <application>KDE</application> has been installed,
+ the X server must be told to launch this application
+ instead of the default window manager. This is accomplished
+ by editing the <filename>.xinitrc</filename> file:</para>
+
+ <screen>&prompt.user; <userinput>echo "exec startkde" &gt; ~/.xinitrc</userinput></screen>
+
+ <para>Now, whenever the X Window System is invoked with
+ <command>startx</command>,
+ <application>KDE</application> will be the desktop.</para>
+
+ <para>If a display manager such as
+ <application>XDM</application> is being used, the
+ configuration is slightly different. Edit the
+ <filename>.xsession</filename> file instead. Instructions
+ for <application>kdm</application> are described later in
+ this chapter.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="x11-wm-kde-details">
+ <title>More Details on KDE</title>
+
+ <para>Now that <application>KDE</application> is installed on
+ the system, most things can be discovered through the
+ help pages, or just by pointing and clicking at various menus.
+ &windows; or &mac; users will feel quite at home.</para>
+
+ <para>The best reference for <application>KDE</application> is
+ the on-line documentation. <application>KDE</application>
+ comes with its own web browser,
+ <application>Konqueror</application>, dozens of useful
+ applications, and extensive documentation. The remainder of
+ this section discusses the technical items that are
+ difficult to learn by random exploration.</para>
+
+ <sect3 id="x11-wm-kde-kdm">
+ <title>The KDE Display Manager</title>
+
+ <indexterm><primary>KDE</primary>
+ <secondary>display manager</secondary></indexterm>
+ <para>An administrator of a multi-user system may wish to have
+ a graphical login screen to welcome users.
+ <link linkend="x-xdm">XDM</link> can be
+ used, as described earlier. However,
+ <application>KDE</application> includes an
+ alternative, <application>kdm</application>, which is designed
+ to look more attractive and include more login-time options.
+ In particular, users can easily choose (via a menu) which
+ desktop environment (<application>KDE</application>,
+ <application>GNOME</application>, or something else) to run
+ after logging on.</para>
+
+ <para>To begin with, run the <application>KDE</application>
+ control panel, <command>kcontrol</command>, as
+ <username>root</username>. It is generally considered
+ unsafe to run the entire X environment as
+ <username>root</username>. Instead, run the window manager
+ as a normal user, open a terminal window (such as
+ <filename>xterm</filename> or <application>KDE</application>'s
+ <filename>konsole</filename>), become <username>root</username>
+ with <userinput>su</userinput> (the user must be in the
+ <groupname>wheel</groupname>
+ group in <filename>/etc/group</filename> for this), and then
+ type <userinput>kcontrol</userinput>.</para>
+
+ <para>Click on the icon on the left marked
+ <guibutton>System</guibutton>, then on <guibutton>Login
+ manager</guibutton>. On the right there are
+ various configurable options, which the
+ <application>KDE</application> manual will explain in greater
+ detail. Click on <guibutton>sessions</guibutton> on the right.
+ Click <guibutton>New type</guibutton> to add various window
+ managers and desktop environments. These are just labels,
+ so they can say <application>KDE</application> and
+ <application>GNOME</application> rather than
+ <application>startkde</application> or
+ <application>gnome-session</application>.
+ Include a label <literal>failsafe</literal>.</para>
+
+ <para>Play with the other menus as well, they are mainly
+ cosmetic and self-explanatory. When you are done, click on
+ <guibutton>Apply</guibutton> at the bottom, and quit the
+ control center.</para>
+
+ <para>To make sure <application>kdm</application> understands
+ what the labels (<application>KDE</application>,
+ <application>GNOME</application> etc) mean, edit the files used
+ by <link linkend="x-xdm">XDM</link>.
+ <note><para>In <application>KDE 2.2</application> this has
+ changed: <application>kdm</application> now uses its own
+ configuration files. Please see the <application>KDE
+ 2.2</application> documentation for details.</para>
+ </note>
+ In a terminal window, as <username>root</username>,
+ edit the file
+ <filename>/usr/X11R6/lib/X11/xdm/Xsession</filename>. There is
+ a section in the middle like this:</para>
+
+ <screen>case $# in
+1)
+ case $1 in
+ failsafe)
+ exec xterm -geometry 80x24-0-0
+ ;;
+ esac
+esac</screen>
+
+ <para>A few lines need to be added to this section.
+ Assuming the labels from used were <quote>KDE</quote> and
+ <quote>GNOME</quote>,
+ use the following:</para>
+
+ <screen>case $# in
+1)
+ case $1 in
+ kde)
+ exec /usr/local/bin/startkde
+ ;;
+ GNOME)
+ exec /usr/X11R6/bin/gnome-session
+ ;;
+ failsafe)
+ exec xterm -geometry 80x24-0-0
+ ;;
+ esac
+esac</screen>
+
+ <para>For the <application>KDE</application>
+ login-time desktop background to be honored,
+ the following line needs to be added to
+ <filename>/usr/X11R6/lib/X11/xdm/Xsetup_0</filename>:</para>
+
+ <screen>/usr/local/bin/krootimage</screen>
+
+ <para>Now, make sure <application>kdm</application> is listed in
+ <filename>/etc/ttys</filename> to be started at the next bootup.
+ To do this, simply follow the instructions from the previous
+ section on <link linkend="x-xdm">XDM</link> and replace
+ references to the <command>/usr/X11R6/bin/xdm</command>
+ program with <command>/usr/local/bin/kdm</command>.</para>
+ </sect3>
+
+ <sect3 id="x11-wm-kde-antialias">
+ <title>Anti-aliased Fonts</title>
+
+ <indexterm><primary>KDE</primary>
+ <secondary>anti-aliased fonts</secondary></indexterm>
+ <para>X11
+ supports anti-aliasing via
+ its <quote>RENDER</quote> extension, and starting with version 2.3,
+ Qt (the toolkit used by <application>KDE</application>) supports
+ this extension. Configuring this is described in <xref
+ linkend="antialias"> on antialiasing X11 fonts. So, with
+ up-to-date software, anti-aliasing is possible on a
+ <application>KDE</application> desktop. Just go to the KDE
+ menu, go to
+ <menuchoice>
+ <guimenu>Preferences</guimenu>
+ <guisubmenu>Look and Feel</guisubmenu>
+ <guimenuitem>Fonts</guimenuitem></menuchoice>, and click on the check box
+ <guibutton>Use Anti-Aliasing for Fonts and Icons</guibutton>.
+ For a Qt application which is not part of
+ <application>KDE</application>, the environment variable
+ <varname>QT_XFT</varname> needs to be set to <literal>true</literal>
+ before starting the program.</para>
+
+ </sect3>
+ </sect2>
+
+ <sect2 id="x11-wm-xfce">
+ <title>XFce</title>
+ <sect3 id="x11-wm-xfce-about">
+ <title>About XFce</title>
+
+ <para><application>XFce</application> is a desktop environment
+ based on the GTK+
+ toolkit used by <application>GNOME</application>, but is much
+ more lightweight and meant for those who want a simple,
+ efficient desktop which is nevertheless easy to use and
+ configure. Visually, it looks very much like
+ <application>CDE</application>, found on commercial &unix;
+ systems. Some of <application>XFce</application>'s features
+ are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>A simple, easy-to-handle desktop</para>
+ </listitem>
+
+ <listitem>
+ <para>Fully configurable via mouse, with drag and
+ drop, etc </para>
+ </listitem>
+
+ <listitem>
+ <para>Main panel similar to <application>CDE</application>, with
+ menus, applets and applications launchers</para>
+ </listitem>
+
+ <listitem>
+ <para>Integrated window manager, file manager, sound manager,
+ <application>GNOME</application> compliance module, and other
+ things</para>
+ </listitem>
+
+ <listitem>
+ <para>Themeable (since it uses GTK+)</para>
+ </listitem>
+
+ <listitem>
+ <para>Fast, light and efficient: ideal for older/slower machines
+ or machines with memory limitations</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>More information on <application>XFce</application>
+ can be found on the <ulink url="http://www.xfce.org/">XFce
+ website</ulink>.</para>
+ </sect3>
+
+ <sect3 id="x11-wm-xfce-install">
+ <title>Installing XFce</title>
+
+ <para>A binary package for <application>XFce</application>
+ exists (at the time of writing). To install, simply type:</para>
+
+ <screen>&prompt.root; <userinput>pkg_add -r xfce4</userinput></screen>
+
+ <para>Alternatively, to build from source, use the ports
+ collection:</para>
+
+ <screen>&prompt.root; <userinput>cd /usr/ports/x11-wm/xfce4</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+
+ <para>Now, tell the X server to launch
+ <application>XFce</application> the next time X is started.
+ Simply type this:</para>
+
+ <screen>&prompt.user; <userinput>echo "/usr/X11R6/bin/startxfce4" &gt; ~/.xinitrc</userinput></screen>
+
+ <para>The next time X is started,
+ <application>XFce</application> will be the desktop.
+ As before, if a display manager like
+ <application>XDM</application> is being used, create an
+ <filename>.xsession</filename>, as described in the
+ section on <link linkend="x11-wm-gnome">GNOME</link>, but
+ with the <filename>/usr/X11R6/bin/startxfce4</filename>
+ command; or, configure the display manager to allow
+ choosing a desktop at login time, as explained in
+ the section on <link linkend="x11-wm-kde-kdm">kdm</link>.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../book.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/porters-handbook/Makefile b/zh_TW.Big5/books/porters-handbook/Makefile
new file mode 100644
index 0000000000..c0ffab6a1e
--- /dev/null
+++ b/zh_TW.Big5/books/porters-handbook/Makefile
@@ -0,0 +1,43 @@
+#
+# $FreeBSD$
+#
+# Build the FreeBSD Porter's Handbook.
+#
+
+MAINTAINER=doc@FreeBSD.org
+
+DOC?= book
+
+FORMATS?= html-split
+
+INSTALL_COMPRESSED?= gz
+INSTALL_ONLY_COMPRESSED?=
+
+#
+# SRCS lists the individual SGML files that make up the document. Changes
+# to any of these files will force a rebuild
+#
+
+# SGML content
+SRCS= book.sgml
+
+# Use the local DSSSL file
+DSLHTML?= ${.CURDIR}/freebsd.dsl
+DSLPRINT?= ${.CURDIR}/freebsd.dsl
+
+# Images from the cross-document image library
+IMAGES_LIB+= callouts/1.png
+IMAGES_LIB+= callouts/2.png
+IMAGES_LIB+= callouts/3.png
+IMAGES_LIB+= callouts/4.png
+IMAGES_LIB+= callouts/5.png
+IMAGES_LIB+= callouts/6.png
+IMAGES_LIB+= callouts/7.png
+IMAGES_LIB+= callouts/8.png
+IMAGES_LIB+= callouts/9.png
+IMAGES_LIB+= callouts/10.png
+
+URL_RELPREFIX?= ../../../..
+DOC_PREFIX?= ${.CURDIR}/../../..
+
+.include "${DOC_PREFIX}/share/mk/doc.project.mk"
diff --git a/zh_TW.Big5/books/porters-handbook/book.sgml b/zh_TW.Big5/books/porters-handbook/book.sgml
new file mode 100644
index 0000000000..b9a77a6283
--- /dev/null
+++ b/zh_TW.Big5/books/porters-handbook/book.sgml
@@ -0,0 +1,9888 @@
+<!--
+ The FreeBSD Documentation Project
+
+ Original Revision: 1.645
+ $FreeBSD$
+-->
+
+<!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
+<!ENTITY % books.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Books Entity Set//EN">
+%books.ent;
+]>
+
+<book>
+ <bookinfo>
+ <title>FreeBSD Porter's Handbook</title>
+
+ <authorgroup>
+ <corpauthor>FreeBSD ¤å¥ó­p¹º</corpauthor>
+ </authorgroup>
+
+ <pubdate>April 2000</pubdate>
+
+ <copyright>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <year>2004</year>
+ <year>2005</year>
+ <holder role="mailto:doc@FreeBSD.org">FreeBSD ¤å¥ó­p¹º</holder>
+ </copyright>
+
+ &bookinfo.trademarks;
+
+ &bookinfo.legalnotice;
+ </bookinfo>
+
+ <chapter id="why-port">
+ <title>·¤¤l</title>
+
+ <para>´X¥G¨C­Ó FreeBSD ·R¥ÎªÌ³£¬O³z¹L FreeBSD Ports Collection
+ ¨Ó¸Ë¦U¦¡À³¥Îµ{¦¡("ports")¡C¦p¦P FreeBSD ªº¨ä¥L³¡¤À¤@¼Ë¡A
+ ³o¨Ç ports ³£¥D­n¨Ó¦Û³\¦h§Ó¤uªº§V¤O¦¨ªG¡A©Ò¥H¦b¾\Ū³o¥÷¤å¥ó®É¡A
+ ½Ð°È¥²·P®¦¦b¤ß¡C</para>
+
+ <para>¦b FreeBSD ¤W­±¡A¨C­Ó¤H³£¥i¥H´£¥æ·sªº port¡A
+ ©Î°²¦p¸Ó port ¨Ã¨S¦³¤HºûÅ@ªº¸Ü¡A¥i¥H¦ÛÄ@ºûÅ@ &mdash;
+ ³oÂI¨Ã¤£»Ý­n¥ô¦ó commit ªºÅv­­¡A´N¥i¥H¨Ó°µ³o¥ó¨Æ±¡¡C</para>
+
+ </chapter>
+
+ <chapter id="own-port">
+ <title>¦Û¦æ»s§@ port</title>
+
+ <para>¨º»ò¡A¶}©l¹ï¦Û¦æ»s§@ port ©Î§ó·s²{¦³ port
+ ¦³¤@¨Ç¿³½ì¤F¶Ü¡H¤Ó¦nÅo¡I</para>
+
+ <para>¤U­±±N¤¶²Ð¤@¨Ç«Ø¥ß port ®É¸Óª`·Nªº¨Æ¶µ¡C¦pªG¬O·Q¤É¯Å²{¦³ªº port
+ ¡A¨º»ò¤]½Ð°Ñ¾\ <xref linkend="port-upgrading"> »¡©ú¡C</para>
+
+ <para>¦]¬°³o¥÷¤å¥ó¥i¯àÁ¿±o¤£¬O¤Q¤À¸Ô²Ó¡A¥i¯à»Ý­n°Ñ¦Ò
+ <filename>/usr/ports/Mk/bsd.port.mk</filename>
+ ³oÀɬO©Ò¦³ port ªº Makefile Àɳ£·|¥Î¨ìªº¡C´Nºâ§A¤£¬O¨C¤Ñ¤£Â_ hacking Makefiles
+ ¡A¤]³£¥i¥HÂǥѥ¦¨Ó¹ï¾ã­Ó port ¾÷¨î¡BMakefile §óÁA¸Ñ¡A¸Ì­±ªºµùÄÀ¬Û·í¸Ô²Ó¡C
+ ¦¹¥~¡A­Y¦³¨ä¥L¯S©w port ªº°ÝÃD¡A¤]¥i¥H¨ì &a.ports; ¨ÓÀò±oµª®×¡C</para>
+
+ <note>
+ <para>Only a fraction of the variables
+ (<makevar><replaceable>VAR</replaceable></makevar>) that can be
+ overridden are mentioned in this document. Most (if not all)
+ are documented at the start of <filename>/usr/ports/Mk/bsd.port.mk</filename>;
+ the others probably ought to be.
+ Note that this file uses a non-standard tab setting:
+ <application>Emacs</application> and
+ <application>Vim</application> should recognize the setting on
+ loading the file. Both &man.vi.1; and
+ &man.ex.1; can be set to use the correct value by
+ typing <command>:set tabstop=4</command> once the file has been
+ loaded.</para>
+ </note>
+ </chapter>
+
+ <chapter id="quick-porting">
+ <title>¥´³y Port §Ö³t¤W¤â½g</title>
+
+ <para>¥»¸`¥D­n¤¶²Ð¦p¦ó¨Ó§Ö³t¥´³y port¡AµM¦Ó¡A«Ü¦h®É­Ô³o¨Ç¤º®e¨Ã¤£¬O«Ü°÷¥Î¡A
+ «Øij¾\Ū¥»¤å¥ó¤¤§ó²`¶øªº¦a¤è¡C</para>
+
+ <para>­º¥ý¨ú±o¸ÓÀ³¥Îµ{¦¡ªº­ì©lµ{¦¡½XÀ£ÁYÀÉ(tarball)¡A¨Ã§â¥¦©ñ¨ì
+ <makevar>DISTDIR</makevar>¡A¹w³]¸ô®|À³¸Ó¬O
+ <filename>/usr/ports/distfiles</filename>¡C</para>
+
+ <note>
+ <para>¤U­±ªº¨Ò¤l¡A¬O°²³]¨Ã¤£»Ý­n¦A­×§ï¸ÓÀ³¥Îµ{¦¡ªº­ì©l½X¡A´N¥i¥H¦b
+ FreeBSD ¤W½sĶ¦¨¥\ªº¡F°²¦pÁٻݭn¥t¥~­×§ï¤~¯à¦¨¥\½sĶªº¸Ü¡A¨º»ò½Ð°Ñ¦Ò¤U¤@³¹ªº»¡©ú¡C
+ </para>
+ </note>
+
+ <sect1 id="porting-makefile">
+ <title>½s¼g <filename>Makefile</filename></title>
+
+ <para>³Ì²³æªº <filename>Makefile</filename> ¤j·§¬O¹³³o¼Ë¡G</para>
+
+ <programlisting># New ports collection makefile for: oneko
+# Date created: 5 December 1994
+# Whom: asami
+#
+# &dollar;FreeBSD&dollar;
+#
+
+PORTNAME= oneko
+PORTVERSION= 1.1b
+CATEGORIES= games
+MASTER_SITES= ftp://ftp.cs.columbia.edu/archives/X11R5/contrib/
+
+MAINTAINER= asami@FreeBSD.org
+COMMENT= A cat chasing a mouse all over the screen
+
+MAN1= oneko.1
+MANCOMPRESSED= yes
+USE_IMAKE= yes
+
+.include &lt;bsd.port.mk&gt;</programlisting>
+
+ <para>¶â¡A¤j­P´N¬O³o¼Ë¡A¬Ý¬Ý§A¤w¸g»â²¤¦h¤Ö¤F©O¡H¬Ý¨ì <literal>&dollar;FreeBSD&dollar;</literal>
+ ³o¤@¦æªº¸Ü¡A§O·Q¤Ó¦h¡A¥¦¬O CVS ID tag ¥Î³~¡A·í¸Ó port ¥¿¦¡¶i¤J port tree ®É¡A´N·|¦Û°ÊÂà´«¬°¬ÛÃö¦r¦êÅo¡C
+ ¦³Ãö³oÂIªº²Ó¸`³¡¥÷¡A¥i¥H°Ñ¾\ <link linkend="porting-samplem">sample Makefile</link> ³¹¸`¡C</para>
+ </sect1>
+
+ <sect1 id="porting-desc">
+ <title>¼¶¼g¸Ó³nÅ骺»¡©úÀÉ</title>
+
+ <para>µL½×¬O§_¥´ºâ¦A¥[¤u°µ¦¨ package¡A¦³ 2 ­Ó»¡©úÀɬO¥ô¦ó¹êÅé port (Slave port«h¤£¤@©w)³£¥²¶·­n¨ã³Æªº¡C
+ ³o 2 ­ÓÀɤÀ§O¬O <filename>pkg-descr</filename> ÀɤÎ
+ <filename>pkg-plist</filename> ÀÉ¡C³o¨â­ÓÀÉ®×ÀɦW«e­±³£¦³ <filename>pkg-</filename>
+ ¥H¸ò¨ä¥LÀÉ®×°µ°Ï§O¡C</para>
+
+ <sect2>
+ <title><filename>pkg-descr</filename></title>
+
+ <para>³o¬O¦¹ port ªº¸Ô²Ó»¡©úÀÉ¡A½Ð¥Î¤@¬q©Î´X¬q¤å¦r¨Ó»¡©ú¸Ó port ªº§@¥Î¡A¨Ãªþ¤W WWW
+ ºô§}(­Y¦³ªº¸Ü)</para>
+
+ <note><para>½Ðª`·N¡A³oÀɵ´«D¡u¸Ó³nÅ骺»¡©ú¤â¥U¡v©Î¬O¡u¦p¦ó½sĶ¡B¨Ï¥Î¸Ó port ªº»¡©ú¡v¡C
+ ­Y¬O±q¸Ó³nÅ骺 <filename>README</filename> ©Î manpage ª½±µ½Æ»s¹L¨Óªº¸Ü¡A
+ ½Ðª`·N¡A¦]¬°¥¦­Ì³q±`³£¼g±o¤Ó¸Ô²Ó¡B®æ¦¡¸û¯S§O(¤ñ¦p manpage ·|¦Û°Ê½Õ¾ãªÅ¥Õ)¡A
+ ½Ð¾¨¶qÁקK³o¨Ç¤¾ªøÂصü©Î±Ä¥Î¯S®í®æ¦¡¡C­Y¸Ó³nÅ馳©x¤èª©­º­¶ªº¸Ü¡A½Ð¦b¦¹¦C¥X¨Ó¡C
+ ¨C­Óºô§}½Ð¥Î <literal>WWW:</literal> §@¬°¶}ÀY¡A³o¼Ë¤l¬ÛÃö¤u¨ãµ{¦¡´N·|¦Û°Ê³B²z§¹²¦¡C<para>
+ </note>
+
+ <para>¸Ó port
+ ªº <filename>pkg-descr</filename> ¤º®e¡A¤j­P¦p¤U­±¨Ò¤l:</para>
+
+ <programlisting>This is a port of oneko, in which a cat chases a poor mouse all over
+the screen.
+ :
+(etc.)
+
+WWW: http://www.oneko.org/</programlisting>
+ </sect2>
+
+ <sect2>
+ <title><filename>pkg-plist</filename></title>
+
+ <para>This file lists all the files installed by the port. It is
+ also called the <quote>packing list</quote> because the package is
+ generated by packing the files listed here. The pathnames are
+ relative to the installation prefix (usually
+ <filename>/usr/local</filename> or
+ <filename>/usr/X11R6</filename>). If you are using the
+ <makevar>MAN<replaceable>n</replaceable></makevar> variables (as
+ you should be), do not list any manpages here. If the port creates
+ directories during installation, make sure to add
+ <literal>@dirrm</literal> lines to remove them when the package is
+ deleted.</para>
+
+ <para>Here is a small example:</para>
+
+ <programlisting>bin/oneko
+lib/X11/app-defaults/Oneko
+lib/X11/oneko/cat1.xpm
+lib/X11/oneko/cat2.xpm
+lib/X11/oneko/mouse.xpm
+@dirrm lib/X11/oneko</programlisting>
+
+ <para>Refer to the &man.pkg.create.1; manual page for details on the
+ packing list.</para>
+
+ <note>
+ <para>It is recommended that you keep all the filenames in this
+ file sorted alphabetically. It will make verifying the changes
+ when you upgrade the port much easier.</para>
+ </note>
+
+ <note>
+ <para>Creating a packing list manually can be a very tedious
+ task. If the port installs a large numbers of files, <link
+ linkend="plist-autoplist">creating the packing list
+ automatically</link> might save time.</para>
+ </note>
+
+ <para>There is only one case when <filename>pkg-plist</filename>
+ can be omitted from a port. If the port installs just a handful
+ of files, and perhaps directories, the files and directories may
+ be listed in the variables <makevar>PLIST_FILES</makevar> and
+ <makevar>PLIST_DIRS</makevar>, respectively, within the port's
+ <filename>Makefile</filename>. For instance, we could get along
+ without <filename>pkg-plist</filename> in the above
+ <filename>oneko</filename> port by adding the
+ following lines to the <filename>Makefile</filename>:</para>
+
+ <programlisting>PLIST_FILES= bin/oneko \
+ lib/X11/app-defaults/Oneko \
+ lib/X11/oneko/cat1.xpm \
+ lib/X11/oneko/cat2.xpm \
+ lib/X11/oneko/mouse.xpm
+PLIST_DIRS= lib/X11/oneko</programlisting>
+
+ <para>Of course, <makevar>PLIST_DIRS</makevar> should be left
+ unset if a port installs no directories of its own.</para>
+
+ <para>The price for this way of listing port's files and
+ directories is that you cannot use command sequences
+ described in &man.pkg.create.1;. Therefore, it is suitable
+ only for simple ports and makes them even simpler. At the
+ same time, it has the advantage of reducing the number of files
+ in the ports collection. Please consider using this technique
+ before you resort to <filename>pkg-plist</filename>.</para>
+
+ <para>Later we will see how <filename>pkg-plist</filename>
+ and <makevar>PLIST_FILES</makevar> can be used to fulfil
+ <link linkend="plist">more sophisticated
+ tasks</link>.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="porting-checksum">
+ <title>Creating the checksum file</title>
+
+ <para>Just type <command>make makesum</command>. The ports make rules
+ will automatically generate the file
+ <filename>distinfo</filename>.</para>
+
+ <para>If a file fetched has its checksum changed regularly and you are
+ certain the source is trusted (i.e. it comes from manufacturer CDs
+ or documentation generated daily), you should specify these files in
+ the <makevar>IGNOREFILES</makevar> variable.
+ Then the checksum is not calculated for that file when you run
+ <command>make makesum</command>, but set to
+ <literal>IGNORE</literal>.</para>
+ </sect1>
+
+ <sect1 id="porting-testing">
+ <title>Testing the port</title>
+
+ <para>You should make sure that the port rules do exactly what you
+ want them to do, including packaging up the port. These are the
+ important points you need to verify.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><filename>pkg-plist</filename> does not contain anything not
+ installed by your port</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>pkg-plist</filename> contains everything that is
+ installed by your port</para>
+ </listitem>
+
+ <listitem>
+ <para>Your port can be installed multiple times using the
+ <maketarget>reinstall</maketarget> target</para>
+ </listitem>
+
+ <listitem>
+ <para>Your port <link linkend="plist-cleaning">cleans up</link>
+ after itself upon deinstall</para>
+ </listitem>
+ </itemizedlist>
+
+ <procedure>
+ <title>Recommended test ordering</title>
+
+ <step>
+ <para><command>make install</command></para>
+ </step>
+
+ <step>
+ <para><command>make package</command></para>
+ </step>
+
+ <step>
+ <para><command>make deinstall</command></para>
+ </step>
+
+ <step>
+ <para><command>pkg_add <replaceable>package-name</replaceable>
+ </command></para>
+ </step>
+
+ <step>
+ <para><command>make deinstall</command></para>
+ </step>
+
+ <step>
+ <para><command>make reinstall</command></para>
+ </step>
+
+ <step>
+ <para><command>make package</command></para>
+ </step>
+ </procedure>
+
+ <para>Make sure that there are not any warnings issued in any of the
+ <maketarget>package</maketarget> and
+ <maketarget>deinstall</maketarget> stages. After step 3, check to
+ see if all the new directories are correctly deleted. Also, try
+ using the software after step 4, to ensure that it works correctly
+ when installed from a package.</para>
+ </sect1>
+
+ <sect1 id="porting-portlint">
+ <title>Checking your port with <command>portlint</command></title>
+
+ <para>Please use <command>portlint</command> to see if your port
+ conforms to our guidelines. The <filename role="package">
+ devel/portlint</filename> program is part of the ports collection.
+ In particular, you may want to check if the
+ <link linkend="porting-samplem">Makefile</link> is in the right
+ shape and the <link linkend="porting-pkgname">package</link> is named
+ appropriately.</para>
+ </sect1>
+
+ <sect1 id="porting-submitting">
+ <title>Submitting the port</title>
+
+ <para>First, make sure you have read the <link
+ linkend="porting-dads">DOs and DON'Ts</link> section.</para>
+
+ <para>Now that you are happy with your port, the only thing remaining
+ is to put it in the main FreeBSD ports tree and make everybody else
+ happy about it too. We do not need your <filename>work</filename>
+ directory or the <filename>pkgname.tgz</filename> package, so delete
+ them now. Next, simply include the output of <command>shar `find
+ port_dir`</command> in a bug report and send it with the
+ &man.send-pr.1; program (see <ulink url="&url.articles.contributing;/contrib-how.html#CONTRIB-GENERAL">Bug
+ Reports and General Commentary</ulink> for more information about
+ &man.send-pr.1;). Be sure to classify the bug report as category
+ <literal>ports</literal> and class
+ <literal>change-request</literal> (Do not mark the report
+ <literal>confidential</literal>!).
+ Also add a short description of the program you ported
+ to the <quote>Description</quote> field of the PR and
+ the shar to the <quote>Fix</quote> field.</para>
+
+ <note>
+ <para>You can make our work a lot easier, if you use a good
+ description in the synopsis of the problem report.
+ We prefer something like
+ <quote>New port: &lt;category&gt;/&lt;portname&gt;
+ &lt;short description of the port&gt;</quote> for new ports and
+ <quote>Update port: &lt;category&gt;/&lt;portname&gt;
+ &lt;short description of the update&gt;</quote> for port updates.
+ If you stick to this scheme, the chance that someone will take a
+ look at your PR soon is much better.</para>
+ </note>
+
+ <para>One more time, <emphasis>do not include the original source
+ distfile, the <filename>work</filename> directory, or the package
+ you built with <command>make package</command></emphasis>.</para>
+
+ <para>After you have submitted your port, please be patient.
+ Sometimes it can take a few months before a port is included
+ in FreeBSD, although it might only take a few days. You can
+ view the list of <ulink
+ url="http://www.FreeBSD.org/cgi/query-pr-summary.cgi?category=ports">ports
+ waiting to be committed to FreeBSD</ulink>.</para>
+
+ <para>Once we have looked at your port, we will get back to you if necessary, and put
+ it in the tree. Your name will also appear in the list of
+ <ulink url="&url.articles.contributors;/contrib-additional.html">Additional FreeBSD Contributors</ulink>
+ and other files. Isn't that great?!? <!-- smiley
+ -->:-)</para>
+ </sect1>
+ </chapter>
+
+ <chapter id="slow">
+ <title>Slow Porting</title>
+
+ <para>Ok, so it was not that simple, and the port required some
+ modifications to get it to work. In this section, we will explain,
+ step by step, how to modify it to get it to work with the ports
+ paradigm.</para>
+
+ <sect1 id="slow-work">
+ <title>How things work</title>
+
+ <para>First, this is the sequence of events which occurs when the user
+ first types <command>make</command> in your port's directory.
+ You may find that having <filename>bsd.port.mk</filename> in another
+ window while you read this really helps to understand it.</para>
+
+ <para>But do not worry if you do not really understand what
+ <filename>bsd.port.mk</filename> is doing, not many people do...
+ <!-- smiley --><emphasis>:-&gt;</emphasis></para>
+
+ <procedure>
+
+ <step>
+ <para>The <maketarget>fetch</maketarget> target is run. The
+ <maketarget>fetch</maketarget> target is responsible for making
+ sure that the tarball exists locally in
+ <makevar>DISTDIR</makevar>. If <maketarget>fetch</maketarget>
+ cannot find the required files in <makevar>DISTDIR</makevar> it
+ will look up the URL <makevar>MASTER_SITES</makevar>, which is
+ set in the Makefile, as well as our main FTP site at <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/"></ulink>,
+ where we put sanctioned distfiles as backup. It will then
+ attempt to fetch the named distribution file with
+ <makevar>FETCH</makevar>, assuming that the requesting site has
+ direct access to the Internet. If that succeeds, it will save
+ the file in <makevar>DISTDIR</makevar> for future use and
+ proceed.</para>
+ </step>
+
+ <step>
+ <para>The <maketarget>extract</maketarget> target is run. It
+ looks for your port's distribution file (typically a gzip'd
+ tarball) in <makevar>DISTDIR</makevar> and unpacks it into a
+ temporary subdirectory specified by <makevar>WRKDIR</makevar>
+ (defaults to <filename>work</filename>).</para>
+ </step>
+
+ <step>
+ <para>The <maketarget>patch</maketarget> target is run. First,
+ any patches defined in <makevar>PATCHFILES</makevar> are
+ applied. Second, if any patch files named
+ <filename>patch-<replaceable>*</replaceable></filename> are found in
+ <makevar>PATCHDIR</makevar> (defaults to the
+ <filename>files</filename> subdirectory), they are applied at
+ this time in alphabetical order.</para>
+ </step>
+
+ <step>
+ <para>The <maketarget>configure</maketarget> target is run. This
+ can do any one of many different things.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>If it exists, <filename>scripts/configure</filename> is
+ run.</para>
+ </listitem>
+
+ <listitem>
+ <para>If <makevar>HAS_CONFIGURE</makevar> or
+ <makevar>GNU_CONFIGURE</makevar> is set,
+ <filename><makevar>WRKSRC</makevar>/configure</filename> is
+ run.</para>
+ </listitem>
+
+ <listitem>
+ <para>If <makevar>USE_IMAKE</makevar> is set,
+ <makevar>XMKMF</makevar> (default: <command>xmkmf
+ -a</command>) is run.</para>
+ </listitem>
+ </orderedlist>
+ </step>
+
+ <step>
+ <para>The <maketarget>build</maketarget> target is run. This is
+ responsible for descending into the port's private working
+ directory (<makevar>WRKSRC</makevar>) and building it. If
+ <makevar>USE_GMAKE</makevar> is set, GNU <command>make</command>
+ will be used, otherwise the system <command>make</command> will
+ be used.</para>
+ </step>
+ </procedure>
+
+ <para>The above are the default actions. In addition, you can define
+ targets
+ <maketarget>pre-<replaceable>something</replaceable></maketarget> or
+ <maketarget>post-<replaceable>something</replaceable></maketarget>,
+ or put scripts with those names, in the <filename>scripts</filename>
+ subdirectory, and they will be run before or after the default
+ actions are done.</para>
+
+ <para>For example, if you have a <maketarget>post-extract</maketarget>
+ target defined in your <filename>Makefile</filename>, and a file
+ <filename>pre-build</filename> in the <filename>scripts</filename>
+ subdirectory, the <maketarget>post-extract</maketarget> target will
+ be called after the regular extraction actions, and the
+ <filename>pre-build</filename> script will be executed before the
+ default build rules are done. It is recommended that you use
+ <filename>Makefile</filename> targets if the actions are simple
+ enough, because it will be easier for someone to figure out what
+ kind of non-default action the port requires.</para>
+
+ <para>The default actions are done by the
+ <filename>bsd.port.mk</filename> targets
+ <maketarget>do-<replaceable>something</replaceable></maketarget>.
+ For example, the commands to extract a port are in the target
+ <maketarget>do-extract</maketarget>. If you are not happy with the
+ default target, you can fix it by redefining the
+ <maketarget>do-<replaceable>something</replaceable></maketarget>
+ target in your <filename>Makefile</filename>.</para>
+
+ <note>
+ <para>The <quote>main</quote> targets (e.g.,
+ <maketarget>extract</maketarget>,
+ <maketarget>configure</maketarget>, etc.) do nothing more than
+ make sure all the stages up to that one are completed and call
+ the real targets or scripts, and they are not intended to be
+ changed. If you want to fix the extraction, fix
+ <maketarget>do-extract</maketarget>, but never ever change
+ the way <maketarget>extract</maketarget> operates!</para>
+ </note>
+
+ <para>Now that you understand what goes on when the user types
+ <command>make</command>, let us go through the recommended steps to
+ create the perfect port.</para>
+ </sect1>
+
+ <sect1 id="slow-sources">
+ <title>Getting the original sources</title>
+
+ <para>Get the original sources (normally) as a compressed tarball
+ (<filename><replaceable>foo</replaceable>.tar.gz</filename> or
+ <filename><replaceable>foo</replaceable>.tar.Z</filename>) and copy
+ it into <makevar>DISTDIR</makevar>. Always use
+ <emphasis>mainstream</emphasis> sources when and where you
+ can.</para>
+
+ <para>You will need to set the variable <makevar>MASTER_SITES</makevar>
+ to reflect where the original tarball resides. You will find
+ convenient shorthand definitions for most mainstream sites
+ in <filename>bsd.sites.mk</filename>. Please use these
+ sites&mdash;and the associated definitions&mdash;if
+ at all possible, to help avoid the problem of having the same
+ information repeated over again many times in the source base.
+ As these sites tend to change over time, this becomes a
+ maintenance nightmare for everyone involved.</para>
+
+ <para>If you cannot find a FTP/HTTP site that is well-connected to the
+ net, or can only find sites that have irritatingly non-standard
+ formats, you might want to put a copy on a reliable FTP or HTTP
+ server that you control (e.g., your home page).</para>
+
+ <para>If you cannot find somewhere convenient and reliable to put the
+ distfile
+ we can <quote>house</quote> it ourselves
+ on <hostid>ftp.FreeBSD.org</hostid>; however, this is the
+ least-preferred solution.
+ The distfile must be placed into
+ <filename>~/public_distfiles/</filename> of someone's
+ <hostid>freefall</hostid> account.
+ Ask the person who commits your port to do this.
+ This person will also set <makevar>MASTER_SITES</makevar> to
+ <makevar>MASTER_SITE_LOCAL</makevar> and
+ <makevar>MASTER_SITE_SUBDIR</makevar> to their
+ <hostid>freefall</hostid> username.</para>
+
+ <para>If your port's distfile changes all the time without any
+ kind of version update by the author,
+ consider putting the distfile on your home page and listing it as
+ the first <makevar>MASTER_SITES</makevar>. If you can, try
+ to talk the port author out of doing this; it
+ really does help to establish some kind of source code control.
+ Hosting your own version will prevent users
+ from getting <errorname>checksum mismatch</errorname> errors, and
+ also reduce the workload of maintainers of our FTP site. Also, if
+ there is only one master site for the port, it is recommended that
+ you house a backup at your site and list it as the second
+ <makevar>MASTER_SITES</makevar>.</para>
+
+ <para>If your port requires some additional `patches' that are
+ available on the Internet, fetch them too and put them in
+ <makevar>DISTDIR</makevar>. Do not worry if they come from a site
+ other than where you got the main source tarball, we have a way to
+ handle these situations (see the description of <link
+ linkend="porting-patchfiles">PATCHFILES</link> below).</para>
+ </sect1>
+
+ <sect1 id="slow-modifying">
+ <title>Modifying the port</title>
+
+ <para>Unpack a copy of the tarball in a private directory and make
+ whatever changes are necessary to get the port to compile properly
+ under the current version of FreeBSD. Keep <emphasis>careful
+ track</emphasis> of everything you do, as you will be automating
+ the process shortly. Everything, including the deletion, addition,
+ or modification of files should be doable using an automated script
+ or patch file when your port is finished.</para>
+
+ <para>If your port requires significant user interaction/customization
+ to compile or install, you should take a look at one of Larry Wall's
+ classic <application>Configure</application> scripts and perhaps do
+ something similar yourself. The goal of the new ports collection is
+ to make each port as <quote>plug-and-play</quote> as possible for the
+ end-user while using a minimum of disk space.</para>
+
+ <note>
+ <para>Unless explicitly stated, patch files, scripts, and other
+ files you have created and contributed to the FreeBSD ports
+ collection are assumed to be covered by the standard BSD copyright
+ conditions.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="slow-patch">
+ <title>Patching</title>
+
+ <para>In the preparation of the port, files that have been added or
+ changed can be picked up with a recursive &man.diff.1;
+ for later feeding to &man.patch.1;. Each set of patches you
+ wish to apply should be collected into a file named
+ <filename>patch-<replaceable>*</replaceable></filename> where
+ <replaceable>*</replaceable> indicates
+ the pathnames of the files that are patched,
+ such as <filename>patch-Imakefile</filename> or
+ <filename>patch-src-config.h</filename>. These files should
+ be stored in <makevar>PATCHDIR</makevar>, from where they will be
+ automatically applied. All patches must be relative to
+ <makevar>WRKSRC</makevar> (generally the directory your port's
+ tarball unpacks itself into, that being where the build is done).
+ To make fixes and upgrades easier, you should avoid having more than
+ one patch fix the same file (e.g., <filename>patch-file</filename> and
+ <filename>patch-file2</filename> both changing
+ <filename><makevar>WRKSRC</makevar>/foobar.c</filename>).</para>
+
+ <para>Please only use characters <literal>[-+._a-zA-Z0-9]</literal> for
+ naming your patches. Do not use any other characters besides them.
+ Do not name your patches like <filename>patch-aa</filename> or
+ <filename>patch-ab</filename> etc, always mention path and file name
+ in patch names.</para>
+
+ <para>Do not put RCS strings in patches. CVS will mangle them when we
+ put the files into the ports tree, and when we check them out again,
+ they will come out different and the patch will fail. RCS strings
+ are surrounded by dollar (<literal>&dollar;</literal>) signs, and
+ typically start with <literal>&dollar;Id</literal> or
+ <literal>&dollar;RCS</literal>.</para>
+
+ <para>Using the recurse (<option>-r</option>) option to
+ &man.diff.1; to generate patches is fine, but please take
+ a look at the resulting patches to make sure you do not have any
+ unnecessary junk in there. In particular, diffs between two backup
+ files, <filename>Makefile</filename>s when the port uses
+ <command>Imake</command> or GNU <command>configure</command>, etc.,
+ are unnecessary and should be deleted. If you had to edit
+ <filename>configure.in</filename> and run
+ <command>autoconf</command> to regenerate
+ <command>configure</command>, do not take the diffs of
+ <command>configure</command> (it often grows to a few thousand
+ lines!); define <literal>USE_AUTOCONF_VER=213</literal> and take the
+ diffs of <filename>configure.in</filename>.</para>
+
+ <para>Quite often, there is a situation when the software being
+ ported, especially if it is primarily developed on &windows;, uses
+ the CR/LF convention for most of its source files. This may cause
+ problems with further patching, compiler warnings, scripts
+ execution (<command>/bin/sh^M</command> not found), etc. To
+ quickly convert those files from CR/LF to just LF, you can do
+ something like this:</para>
+
+ <programlisting>USE_REINPLACE= yes
+
+post-extract:
+ @${FIND} -E ${WRKDIR} -type f -iregex ".*\.(c|cpp|h|txt)" -print0 | \
+ ${XARGS} -0 ${REINPLACE_CMD} -e 's/[[:cntrl:]]*$$//'</programlisting>
+
+ <para>Of course, if you need to process each and every file,
+ <option>-iregex</option> above can be omitted. Be aware that this
+ piece of code will strip all trailing control characters from each
+ line of processed file (except <literal>\n</literal>).</para>
+
+ <para>Also, if you had to delete a file, then you can do it in the
+ <maketarget>post-extract</maketarget> target rather than as part of
+ the patch. Once you are happy with the resulting diff, please split
+ it up into one source file per patch file.</para>
+ </sect1>
+
+ <sect1 id="slow-configure">
+ <title>Configuring</title>
+
+ <para>Include any additional customization commands in your
+ <filename>configure</filename> script and save it in the
+ <filename>scripts</filename> subdirectory. As mentioned above, you
+ can also do this with <filename>Makefile</filename> targets and/or
+ scripts with the name <filename>pre-configure</filename> or
+ <filename>post-configure</filename>.</para>
+ </sect1>
+
+ <sect1 id="slow-user-input">
+ <title>Handling user input</title>
+
+ <para>If your port requires user input to build, configure, or install,
+ you must set <makevar>IS_INTERACTIVE</makevar> in your <filename>Makefile</filename>. This
+ will allow <quote>overnight builds</quote> to skip your port if the
+ user sets the variable <envar>BATCH</envar> in his environment (and
+ if the user sets the variable <envar>INTERACTIVE</envar>, then
+ <emphasis>only</emphasis> those ports requiring interaction are
+ built). This will save a lot of wasted time on the set of
+ machines that continually build ports (see below).</para>
+
+ <para>It is also recommended that if there are reasonable default
+ answers to the questions, you check the
+ <makevar>PACKAGE_BUILDING</makevar> variable and turn off the
+ interactive script when it is set. This will allow us to build the
+ packages for CDROMs and FTP.</para>
+ </sect1>
+ </chapter>
+
+ <chapter id="makefile">
+ <title>Configuring the Makefile</title>
+
+ <para>Configuring the <filename>Makefile</filename> is pretty simple, and again we suggest
+ that you look at existing examples before starting. Also, there is a
+ <link linkend="porting-samplem">sample Makefile</link> in this
+ handbook, so take a look and please follow the ordering of variables
+ and sections in that template to make your port easier for others to
+ read.</para>
+
+ <para>Now, consider the following problems in sequence as you design
+ your new <filename>Makefile</filename>:</para>
+
+ <sect1 id="makefile-source">
+ <title>The original source</title>
+
+ <para>Does it live in <makevar>DISTDIR</makevar> as a standard
+ gzip'd tarball named something like
+ <filename>foozolix-1.2.tar.gz</filename>? If so, you can go on
+ to the next step. If not, you should look at overriding any of
+ the <makevar>DISTVERSION</makevar>, <makevar>DISTNAME</makevar>,
+ <makevar>EXTRACT_CMD</makevar>,
+ <makevar>EXTRACT_BEFORE_ARGS</makevar>,
+ <makevar>EXTRACT_AFTER_ARGS</makevar>,
+ <makevar>EXTRACT_SUFX</makevar>, or <makevar>DISTFILES</makevar>
+ variables, depending on how alien a format your port's
+ distribution file is. (The most common case is
+ <literal>EXTRACT_SUFX=.tar.Z</literal>, when the tarball is
+ condensed by regular <command>compress</command>, not
+ <command>gzip</command>.)</para>
+
+ <para>In the worst case, you can simply create your own
+ <maketarget>do-extract</maketarget> target to override the
+ default, though this should be rarely, if ever,
+ necessary.</para>
+ </sect1>
+
+ <sect1 id="makefile-naming">
+ <title>Naming</title>
+
+ <para>The first part of the port's <filename>Makefile</filename> names
+ the port, describes its version number, and lists it in the correct
+ category.</para>
+
+ <sect2>
+ <title><makevar>PORTNAME</makevar> and <makevar>PORTVERSION</makevar></title>
+
+ <para>You should set <makevar>PORTNAME</makevar> to the
+ base name of your port, and <makevar>PORTVERSION</makevar>
+ to the version number of the port.</para>
+ </sect2>
+
+ <sect2 id="makefile-naming-revepoch">
+ <title><makevar>PORTREVISION</makevar> and
+ <makevar>PORTEPOCH</makevar></title>
+
+ <sect3>
+ <title><makevar>PORTREVISION</makevar></title>
+
+ <para>The <makevar>PORTREVISION</makevar> variable is a
+ monotonically increasing value which is reset to 0 with
+ every increase of <makevar>PORTVERSION</makevar> (i.e.
+ every time a new official vendor release is made), and
+ appended to the package name if non-zero.
+ Changes to <makevar>PORTREVISION</makevar> are
+ used by automated tools (e.g. &man.pkg.version.1;)
+ to highlight the fact that a new package is
+ available.</para>
+
+ <para><makevar>PORTREVISION</makevar> should be increased
+ each time a change is made to the port which significantly
+ affects the content or structure of the derived
+ package.</para>
+
+ <para>Examples of when <makevar>PORTREVISION</makevar>
+ should be bumped:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Addition of patches to correct security
+ vulnerabilities, bugs, or to add new functionality to
+ the port.</para>
+ </listitem>
+
+ <listitem>
+ <para>Changes to the port <filename>Makefile</filename> to enable or disable
+ compile-time options in the package.</para>
+ </listitem>
+
+ <listitem>
+ <para>Changes in the packing list or the install-time
+ behavior of the package (e.g. change to a script
+ which generates initial data for the package, like ssh
+ host keys).</para>
+ </listitem>
+
+ <listitem>
+ <para>Version bump of a port's shared library dependency
+ (in this case, someone trying to install the old
+ package after installing a newer version of the
+ dependency will fail since it will look for the old
+ libfoo.x instead of libfoo.(x+1)).</para>
+ </listitem>
+
+ <listitem>
+ <para>Silent changes to the port distfile which have
+ significant functional differences, i.e. changes to
+ the distfile requiring a correction to
+ <filename>distinfo</filename> with no corresponding change to
+ <makevar>PORTVERSION</makevar>, where a <command>diff
+ -ru</command> of the old and new versions shows
+ non-trivial changes to the code.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Examples of changes which do not require a
+ <makevar>PORTREVISION</makevar> bump:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Style changes to the port skeleton with no
+ functional change to what appears in the resulting
+ package.</para>
+ </listitem>
+
+ <listitem>
+ <para>Changes to <makevar>MASTER_SITES</makevar> or
+ other functional changes to the port which do not
+ affect the resulting package.</para>
+ </listitem>
+
+ <listitem>
+ <para>Trivial patches to the distfile such as correction
+ of typos, which are not important enough that users of
+ the package should go to the trouble of
+ upgrading.</para>
+ </listitem>
+
+ <listitem>
+ <para>Build fixes which cause a package to become
+ compilable where it was previously failing (as long as
+ the changes do not introduce any functional change on
+ any other platforms on which the port did previously
+ build). Since <makevar>PORTREVISION</makevar> reflects
+ the content of the package, if the package was not
+ previously buildable then there is no need to increase
+ <makevar>PORTREVISION</makevar> to mark a
+ change.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>A rule of thumb is to ask yourself whether a change
+ committed to a port is something which everyone
+ would benefit from having (either because of an
+ enhancement, fix, or by virtue that the new package will
+ actually work at all), and weigh that against that fact
+ that it will cause everyone who regularly updates their
+ ports tree to be compelled to update. If yes, the
+ <makevar>PORTREVISION</makevar> should be bumped.</para>
+ </sect3>
+
+ <sect3>
+ <title><makevar>PORTEPOCH</makevar></title>
+
+ <para>From time to time a software vendor or FreeBSD porter
+ will do something silly and release a version of their
+ software which is actually numerically less than the
+ previous version. An example of this is a port which goes
+ from foo-20000801 to foo-1.0 (the former will be
+ incorrectly treated as a newer version since 20000801 is a
+ numerically greater value than 1).</para>
+
+ <para>In situations such as this, the
+ <makevar>PORTEPOCH</makevar> version should be increased.
+ If <makevar>PORTEPOCH</makevar> is nonzero it is appended
+ to the package name as described in section 0 above.
+ <makevar>PORTEPOCH</makevar> must never be decreased or reset
+ to zero, because that would cause comparison to a package
+ from an earlier epoch to fail (i.e. the package would not
+ be detected as out of date): the new version number (e.g.
+ <literal>1.0,1</literal> in the above example) is still
+ numerically less than the previous version (20000801), but
+ the <literal>,1</literal> suffix is treated specially by
+ automated tools and found to be greater than the implied
+ suffix <literal>,0</literal> on the earlier package.</para>
+
+ <para>Dropping or resetting <makevar>PORTEPOCH</makevar>
+ incorrectly leads
+ to no end of grief; if you do not understand the above discussion,
+ please keep after it until you do, or ask questions on
+ the mailing lists.</para>
+
+ <para>It is expected that <makevar>PORTEPOCH</makevar> will
+ not be used for the majority of ports, and that sensible
+ use of <makevar>PORTVERSION</makevar> can often pre-empt
+ it becoming necessary if a future release of the software
+ should change the version structure. However, care is
+ needed by FreeBSD porters when a vendor release is made
+ without an official version number &mdash; such as a code
+ <quote>snapshot</quote> release. The temptation is to label the
+ release with the release date, which will cause problems
+ as in the example above when a new <quote>official</quote> release is
+ made.</para>
+
+ <para>For example, if a snapshot release is made on the date
+ 20000917, and the previous version of the software was
+ version 1.2, the snapshot release should be given a
+ <makevar>PORTVERSION</makevar> of 1.2.20000917 or similar,
+ not 20000917, so that the succeeding release, say 1.3, is
+ still a numerically greater value.</para>
+ </sect3>
+
+ <sect3>
+ <title>Example of <makevar>PORTREVISION</makevar> and
+ <makevar>PORTEPOCH</makevar> usage</title>
+
+ <para>The <literal>gtkmumble</literal> port, version
+ <literal>0.10</literal>, is committed to the ports
+ collection:</para>
+
+ <programlisting>PORTNAME= gtkmumble
+PORTVERSION= 0.10</programlisting>
+
+ <para><makevar>PKGNAME</makevar> becomes
+ <literal>gtkmumble-0.10</literal>.</para>
+
+ <para>A security hole is discovered which requires a local
+ FreeBSD patch. <makevar>PORTREVISION</makevar> is bumped
+ accordingly.</para>
+
+ <programlisting>PORTNAME= gtkmumble
+PORTVERSION= 0.10
+PORTREVISION= 1</programlisting>
+
+ <para><makevar>PKGNAME</makevar> becomes
+ <literal>gtkmumble-0.10_1</literal></para>
+
+ <para>A new version is released by the vendor, numbered <literal>0.2</literal>
+ (it turns out the author actually intended
+ <literal>0.10</literal> to actually mean
+ <literal>0.1.0</literal>, not <quote>what comes after
+ 0.9</quote> - oops, too late now). Since the new minor
+ version <literal>2</literal> is numerically less than the
+ previous version <literal>10</literal>, the
+ <makevar>PORTEPOCH</makevar> must be bumped to manually
+ force the new package to be detected as <quote>newer</quote>. Since it
+ is a new vendor release of the code,
+ <makevar>PORTREVISION</makevar> is reset to 0 (or removed
+ from the <filename>Makefile</filename>).</para>
+
+ <programlisting>PORTNAME= gtkmumble
+PORTVERSION= 0.2
+PORTEPOCH= 1</programlisting>
+
+ <para><makevar>PKGNAME</makevar> becomes
+ <literal>gtkmumble-0.2,1</literal></para>
+
+ <para>The next release is 0.3. Since
+ <makevar>PORTEPOCH</makevar> never decreases, the version
+ variables are now:</para>
+
+ <programlisting>PORTNAME= gtkmumble
+PORTVERSION= 0.3
+PORTEPOCH= 1</programlisting>
+
+ <para><makevar>PKGNAME</makevar> becomes
+ <literal>gtkmumble-0.3,1</literal></para>
+
+ <note>
+ <para>If <makevar>PORTEPOCH</makevar> were reset
+ to <literal>0</literal> with this upgrade, someone who had
+ installed the <literal>gtkmumble-0.10_1</literal> package would not detect
+ the <literal>gtkmumble-0.3</literal> package as newer, since
+ <literal>3</literal> is still numerically less than
+ <literal>10</literal>. Remember, this is the whole point of
+ <makevar>PORTEPOCH</makevar> in the first place.</para>
+ </note>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title><makevar>PKGNAMEPREFIX</makevar> and <makevar>PKGNAMESUFFIX</makevar></title>
+
+ <para>Two optional variables, <makevar>PKGNAMEPREFIX</makevar> and
+ <makevar>PKGNAMESUFFIX</makevar>, are combined with
+ <makevar>PORTNAME</makevar> and
+ <makevar>PORTVERSION</makevar> to
+ form <makevar>PKGNAME</makevar> as
+ <literal>${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}-${PORTVERSION}</literal>.
+ Make sure this conforms to our <link
+ linkend="porting-pkgname">guidelines for a good package
+ name</link>. In particular, you are <emphasis>not</emphasis> allowed to use a
+ hyphen (<literal>-</literal>) in
+ <makevar>PORTVERSION</makevar>. Also, if the package name
+ has the <replaceable>language-</replaceable> or the
+ <replaceable>-compiled.specifics</replaceable> part (see below), use
+ <makevar>PKGNAMEPREFIX</makevar> and
+ <makevar>PKGNAMESUFFIX</makevar>, respectively. Do not make
+ them part of <makevar>PORTNAME</makevar>.</para>
+ </sect2>
+
+ <sect2 id="porting-pkgname">
+ <title>Package Naming Conventions</title>
+
+ <para>The following are the conventions you should follow in naming your
+ packages. This is to have our package directory easy to scan, as
+ there are already thousands of packages and users are going to
+ turn away if they hurt their eyes!</para>
+
+ <para>The package name should look like
+ <filename><replaceable><optional>language<optional>_region</optional></optional>-name<optional><optional>-</optional>compiled.specifics</optional>-version.numbers</replaceable></filename>.</para>
+
+ <para>The package name is defined as
+ <literal>${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}-${PORTVERSION}</literal>.
+ Make sure to set the variables to conform to that format.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>FreeBSD strives to support the native language of its users.
+ The <replaceable>language-</replaceable> part should be a two
+ letter abbreviation of the natural language defined by ISO-639 if
+ the port is specific to a certain language. Examples are
+ <literal>ja</literal> for Japanese, <literal>ru</literal> for
+ Russian, <literal>vi</literal> for Vietnamese,
+ <literal>zh</literal> for Chinese, <literal>ko</literal> for
+ Korean and <literal>de</literal> for German.</para>
+
+ <para>If the port is specific to a certain region within the
+ language area, add the two letter country code as well.
+ Examples are <literal>en_US</literal> for US English and
+ <literal>fr_CH</literal> for Swiss French.</para>
+
+ <para>The <replaceable>language-</replaceable> part should
+ be set in the <makevar>PKGNAMEPREFIX</makevar> variable.</para>
+ </listitem>
+
+ <listitem>
+ <para>The first letter of <filename>name</filename> part
+ should be lowercase. (The rest of the name can contain
+ capital letters, so use your own discretion when you are
+ converting a software name that has some capital letters in it.)
+ There is a tradition of naming <literal>perl 5</literal> modules by
+ prepending <literal>p5-</literal> and converting the double-colon
+ separator to a hyphen; for example, the
+ <literal>Data::Dumper</literal> module becomes
+ <literal>p5-Data-Dumper</literal>. If the software in question
+ has numbers, hyphens, or underscores in its name, you may include
+ them as well (like <literal>kinput2</literal>).</para>
+ </listitem>
+
+ <listitem>
+ <para>If the port can be built with different <link
+ linkend="makefile-masterdir">hardcoded defaults</link> (usually
+ part of the directory name in a family of ports), the
+ <replaceable>-compiled.specifics</replaceable> part should state
+ the compiled-in defaults (the hyphen is optional). Examples are
+ papersize and font units.</para>
+
+ <para>The <replaceable>-compiled.specifics</replaceable> part
+ should be set in the <makevar>PKGNAMESUFFIX</makevar>
+ variable.</para>
+ </listitem>
+
+ <listitem>
+ <para>The version string should follow a dash
+ (<literal>-</literal>) and be a period-separated list of
+ integers and single lowercase alphabetics. In particular,
+ it is not permissible to have another dash inside the
+ version string. The only exception is the string
+ <literal>pl</literal> (meaning <quote>patchlevel</quote>), which can be
+ used <emphasis>only</emphasis> when there are no major and
+ minor version numbers in the software. If the software
+ version has strings like <quote>alpha</quote>, <quote>beta</quote>, <quote>rc</quote>, or <quote>pre</quote>, take
+ the first letter and put it immediately after a period.
+ If the version string continues after those names, the
+ numbers should follow the single alphabet without an extra
+ period between them.</para>
+
+ <para>The idea is to make it easier to sort ports by looking
+ at the version string. In particular, make sure version
+ number components are always delimited by a period, and
+ if the date is part of the string, use the
+ <literal><replaceable>yyyy</replaceable>.<replaceable>mm</replaceable>.<replaceable>dd</replaceable></literal>
+ format, not
+ <literal><replaceable>dd</replaceable>.<replaceable>mm</replaceable>.<replaceable>yyyy</replaceable></literal>
+ or the non-Y2K compliant
+ <literal><replaceable>yy</replaceable>.<replaceable>mm</replaceable>.<replaceable>dd</replaceable></literal>
+ format.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>Here are some (real) examples on how to convert the name
+ as called by the software authors to a suitable package
+ name:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="6">
+ <thead>
+ <row>
+ <entry>Distribution Name</entry>
+ <entry><makevar>PKGNAMEPREFIX</makevar></entry>
+ <entry><makevar>PORTNAME</makevar></entry>
+ <entry><makevar>PKGNAMESUFFIX</makevar></entry>
+ <entry><makevar>PORTVERSION</makevar></entry>
+ <entry>Reason</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>mule-2.2.2</entry>
+ <entry>(empty)</entry>
+ <entry>mule</entry>
+ <entry>(empty)</entry>
+ <entry>2.2.2</entry>
+ <entry>No changes required</entry>
+ </row>
+
+ <row>
+ <entry>XFree86-3.3.6</entry>
+ <entry>(empty)</entry>
+ <entry>XFree86</entry>
+ <entry>(empty)</entry>
+ <entry>3.3.6</entry>
+ <entry>No changes required</entry>
+ </row>
+
+ <row>
+ <entry>EmiClock-1.0.2</entry>
+ <entry>(empty)</entry>
+ <entry>emiclock</entry>
+ <entry>(empty)</entry>
+ <entry>1.0.2</entry>
+ <entry>No uppercase names for single programs</entry>
+ </row>
+
+ <row>
+ <entry>rdist-1.3alpha</entry>
+ <entry>(empty)</entry>
+ <entry>rdist</entry>
+ <entry>(empty)</entry>
+ <entry>1.3.a</entry>
+ <entry>No strings like <literal>alpha</literal>
+ allowed</entry>
+ </row>
+
+ <row>
+ <entry>es-0.9-beta1</entry>
+ <entry>(empty)</entry>
+ <entry>es</entry>
+ <entry>(empty)</entry>
+ <entry>0.9.b1</entry>
+ <entry>No strings like <literal>beta</literal>
+ allowed</entry>
+ </row>
+
+ <row>
+ <entry>mailman-2.0rc3</entry>
+ <entry>(empty)</entry>
+ <entry>mailman</entry>
+ <entry>(empty)</entry>
+ <entry>2.0.r3</entry>
+ <entry>No strings like <literal>rc</literal>
+ allowed</entry>
+ </row>
+
+ <row>
+ <entry>v3.3beta021.src</entry>
+ <entry>(empty)</entry>
+ <entry>tiff</entry>
+ <entry>(empty)</entry>
+ <entry>3.3</entry>
+ <entry>What the heck was that anyway?</entry>
+ </row>
+
+ <row>
+ <entry>tvtwm</entry>
+ <entry>(empty)</entry>
+ <entry>tvtwm</entry>
+ <entry>(empty)</entry>
+ <entry>pl11</entry>
+ <entry>Version string always required</entry>
+ </row>
+
+ <row>
+ <entry>piewm</entry>
+ <entry>(empty)</entry>
+ <entry>piewm</entry>
+ <entry>(empty)</entry>
+ <entry>1.0</entry>
+ <entry>Version string always required</entry>
+ </row>
+
+ <row>
+ <entry>xvgr-2.10pl1</entry>
+ <entry>(empty)</entry>
+ <entry>xvgr</entry>
+ <entry>(empty)</entry>
+ <entry>2.10.1</entry>
+ <entry><literal>pl</literal> allowed only when no
+ major/minor version numbers</entry>
+ </row>
+
+ <row>
+ <entry>gawk-2.15.6</entry>
+ <entry>ja-</entry>
+ <entry>gawk</entry>
+ <entry>(empty)</entry>
+ <entry>2.15.6</entry>
+ <entry>Japanese language version</entry>
+ </row>
+
+ <row>
+ <entry>psutils-1.13</entry>
+ <entry>(empty)</entry>
+ <entry>psutils</entry>
+ <entry>-letter</entry>
+ <entry>1.13</entry>
+ <entry>Papersize hardcoded at package build time</entry>
+ </row>
+
+ <row>
+ <entry>pkfonts</entry>
+ <entry>(empty)</entry>
+ <entry>pkfonts</entry>
+ <entry>300</entry>
+ <entry>1.0</entry>
+ <entry>Package for 300dpi fonts</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>If there is absolutely no trace of version information in the
+ original source and it is unlikely that the original author will ever
+ release another version, just set the version string to
+ <literal>1.0</literal> (like the <literal>piewm</literal> example above). Otherwise, ask
+ the original author or use the date string
+ (<literal><replaceable>yyyy</replaceable>.<replaceable>mm</replaceable>.<replaceable>dd</replaceable></literal>)
+ as the version.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="makefile-categories">
+ <title>Categorization</title>
+
+ <sect2>
+ <title><makevar>CATEGORIES</makevar></title>
+
+ <para>When a package is created, it is put under
+ <filename>/usr/ports/packages/All</filename> and links are made from
+ one or more subdirectories of
+ <filename>/usr/ports/packages</filename>. The names of these
+ subdirectories are specified by the variable
+ <makevar>CATEGORIES</makevar>. It is intended to make life easier
+ for the user when he is wading through the pile of packages on the
+ FTP site or the CDROM. Please take a look at the <link
+ linkend="porting-categories">current list of categories</link> and pick the ones
+ that are suitable for your port.</para>
+
+ <para>This list also determines where in the ports tree the port is
+ imported. If you put more than one category here, it is assumed
+ that the port files will be put in the subdirectory with the name in
+ the first category. See <link
+ linkend="choosing-categories">below</link> for more
+ discussion about how to pick the right categories.</para>
+ </sect2>
+
+ <sect2 id="porting-categories">
+ <title>Current list of categories</title>
+
+ <para>Here is the current list of port categories. Those
+ marked with an asterisk (<literal>*</literal>) are
+ <emphasis>virtual</emphasis> categories&mdash;those that do not have
+ a corresponding subdirectory in the ports tree. They are only
+ used as secondary categories, and only for search purposes.</para>
+
+ <note>
+ <para>For non-virtual categories, you will find a one-line
+ description in the <makevar>COMMENT</makevar> in that
+ subdirectory's <filename>Makefile</filename>.</para>
+ </note>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Category</entry>
+ <entry>Description</entry>
+ <entry>Notes</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><filename>accessibility</filename></entry>
+ <entry>Ports to help disabled users.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>afterstep*</filename></entry>
+ <entry>Ports to support the
+ <ulink url="http://www.afterstep.org">AfterStep</ulink>
+ window manager.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>arabic</filename></entry>
+ <entry>Arabic language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>archivers</filename></entry>
+ <entry>Archiving tools.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>astro</filename></entry>
+ <entry>Astronomical ports.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>audio</filename></entry>
+ <entry>Sound support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>benchmarks</filename></entry>
+ <entry>Benchmarking utilities.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>biology</filename></entry>
+ <entry>Biology-related software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>cad</filename></entry>
+ <entry>Computer aided design tools.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>chinese</filename></entry>
+ <entry>Chinese language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>comms</filename></entry>
+ <entry>Communication software.</entry>
+ <entry>Mostly software to talk to your serial port.</entry>
+ </row>
+
+ <row>
+ <entry><filename>converters</filename></entry>
+ <entry>Character code converters.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>databases</filename></entry>
+ <entry>Databases.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>deskutils</filename></entry>
+ <entry>Things that used to be on the desktop before
+ computers were invented.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>devel</filename></entry>
+ <entry>Development utilities.</entry>
+ <entry>Do not put libraries here just because they are
+ libraries&mdash;unless they truly do not belong anywhere
+ else, they should not be in this category.</entry>
+ </row>
+
+ <row>
+ <entry><filename>dns</filename></entry>
+ <entry>DNS-related software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>editors</filename></entry>
+ <entry>General editors.</entry>
+ <entry>Specialized editors go in the section for those
+ tools (e.g., a mathematical-formula editor will go
+ in <filename>math</filename>).</entry>
+ </row>
+
+ <row>
+ <entry><filename>elisp*</filename></entry>
+ <entry>Emacs-lisp ports.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>emulators</filename></entry>
+ <entry>Emulators for other operating systems.</entry>
+ <entry>Terminal emulators do <emphasis>not</emphasis> belong
+ here&mdash;X-based ones should go to
+ <filename>x11</filename> and text-based ones to either
+ <filename>comms</filename> or <filename>misc</filename>,
+ depending on the exact functionality.</entry>
+ </row>
+
+ <row>
+ <entry><filename>finance</filename></entry>
+ <entry>Monetary, financial and related applications.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>french</filename></entry>
+ <entry>French language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>ftp</filename></entry>
+ <entry>FTP client and server utilities.</entry>
+ <entry>If your port speaks both FTP and HTTP, put it in
+ <filename>ftp</filename> with a secondary
+ category of <filename>www</filename>.</entry>
+ </row>
+
+ <row>
+ <entry><filename>games</filename></entry>
+ <entry>Games.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>german</filename></entry>
+ <entry>German language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>gnome*</filename></entry>
+ <entry>Ports from the <ulink
+ url="http://www.gnome.org">GNOME</ulink>
+ Project.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>graphics</filename></entry>
+ <entry>Graphics utilities.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>haskell*</filename></entry>
+ <entry>Software related to the Haskell language.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>hebrew</filename></entry>
+ <entry>Hebrew language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>hungarian</filename></entry>
+ <entry>Hungarian language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>ipv6*</filename></entry>
+ <entry>IPv6 related software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>irc</filename></entry>
+ <entry>Internet Relay Chat utilities.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>japanese</filename></entry>
+ <entry>Japanese language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>java</filename></entry>
+ <entry>Software related to the Java language.</entry>
+ <entry>The <filename>java</filename> category shall not be
+ the only one for a port. Save for ports directly related to
+ the Java language, porters are also encouraged not to
+ use <filename>java</filename> as the main category of a
+ port.</entry>
+ </row>
+
+ <row>
+ <entry><filename>kde*</filename></entry>
+ <entry>Ports from the <ulink url="http://www.kde.org">K Desktop Environment (KDE)</ulink>
+ Project.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>korean</filename></entry>
+ <entry>Korean language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>lang</filename></entry>
+ <entry>Programming languages.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>linux*</filename></entry>
+ <entry>Linux applications and support utilities.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>lisp*</filename></entry>
+ <entry>Software related to the Lisp language.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>mail</filename></entry>
+ <entry>Mail software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>math</filename></entry>
+ <entry>Numerical computation software and other utilities
+ for mathematics.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>mbone</filename></entry>
+ <entry>MBone applications.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>misc</filename></entry>
+ <entry>Miscellaneous utilities</entry>
+ <entry>Basically things that
+ do not belong anywhere else.
+ If at all possible, try to
+ find a better category for your port than
+ <literal>misc</literal>, as ports tend to get overlooked
+ in here.</entry>
+ </row>
+
+ <row>
+ <entry><filename>multimedia</filename></entry>
+ <entry>Multimedia software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>net</filename></entry>
+ <entry>Miscellaneous networking software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>net-im</filename></entry>
+ <entry>Instant messaging software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>net-mgmt</filename></entry>
+ <entry>Networking management software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>news</filename></entry>
+ <entry>USENET news software.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>offix*</filename></entry>
+ <entry>Ports from the <ulink url="http://leb.net/offix/">OffiX</ulink> suite.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>palm</filename></entry>
+ <entry>Software support for the <ulink url="http://www.palm.com/">Palm&trade;</ulink> series.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>parallel*</filename></entry>
+ <entry>Applications dealing with parallelism in computing.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>pear*</filename></entry>
+ <entry>Ports related to the Pear PHP framework.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>perl5*</filename></entry>
+ <entry>Ports that require <application>Perl</application> version 5 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>plan9*</filename></entry>
+ <entry>Various programs from <ulink url="http://www.cs.bell-labs.com/plan9dist/">Plan9</ulink>.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>polish</filename></entry>
+ <entry>Polish language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>portuguese</filename></entry>
+ <entry>Portuguese language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>print</filename></entry>
+ <entry>Printing software.</entry>
+ <entry>Desktop publishing tools
+ (previewers, etc.) belong here too.</entry>
+ </row>
+
+ <row>
+ <entry><filename>python*</filename></entry>
+ <entry>Software related to the <ulink url="http://www.python.org/">Python</ulink> language.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>ruby*</filename></entry>
+ <entry>Software related to the <ulink url="http://www.ruby-lang.org/">Ruby</ulink> language.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>russian</filename></entry>
+ <entry>Russian language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>scheme*</filename></entry>
+ <entry>Software related to the Scheme language.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>science</filename></entry>
+ <entry>Scientific ports that do not fit into other
+ categories such as <filename>astro</filename>,
+ <filename>biology</filename> and
+ <filename>math</filename>.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>security</filename></entry>
+ <entry>Security utilities.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>shells</filename></entry>
+ <entry>Command line shells.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>sysutils</filename></entry>
+ <entry>System utilities.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tcl80*</filename></entry>
+ <entry>Ports that use Tcl version 8.0 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tcl81*</filename></entry>
+ <entry>Ports that use Tcl version 8.1 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tcl82*</filename></entry>
+ <entry>Ports that use Tcl version 8.2 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tcl83*</filename></entry>
+ <entry>Ports that use Tcl version 8.3 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tcl84*</filename></entry>
+ <entry>Ports that use Tcl version 8.4 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>textproc</filename></entry>
+ <entry>Text processing utilities.</entry>
+ <entry>It does not include
+ desktop publishing tools, which go to <filename>print</filename>.</entry>
+ </row>
+
+ <row>
+ <entry><filename>tk80*</filename></entry>
+ <entry>Ports that use Tk version 8.0 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tk82*</filename></entry>
+ <entry>Ports that use Tk version 8.2 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tk83*</filename></entry>
+ <entry>Ports that use Tk version 8.3 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tk84*</filename></entry>
+ <entry>Ports that use Tk version 8.4 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>tkstep80*</filename></entry>
+ <entry>Ports that use TkSTEP version 8.0 to run.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>ukrainian</filename></entry>
+ <entry>Ukrainian language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>vietnamese</filename></entry>
+ <entry>Vietnamese language support.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>windowmaker*</filename></entry>
+ <entry>Ports to support the WindowMaker window
+ manager.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>www</filename></entry>
+ <entry>Software related to the World Wide Web.</entry>
+ <entry>HTML language
+ support belongs here too.</entry>
+ </row>
+
+ <row>
+ <entry><filename>x11</filename></entry>
+ <entry>The X Window System and friends.</entry>
+ <entry>This category is only
+ for software that directly supports the window system. Do not
+ put regular X applications here; most of them should go
+ into other <filename>x11-*</filename> categories (see below).
+ If your port <emphasis>is</emphasis> an X
+ application, define <makevar>USE_XLIB</makevar> (implied by
+ <makevar>USE_IMAKE</makevar>) and put it in the appropriate
+ category.</entry>
+ </row>
+
+ <row>
+ <entry><filename>x11-clocks</filename></entry>
+ <entry>X11 clocks.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>x11-fm</filename></entry>
+ <entry>X11 file managers.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>x11-fonts</filename></entry>
+ <entry>X11 fonts and font utilities.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>x11-servers</filename></entry>
+ <entry>X11 servers.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>x11-themes</filename></entry>
+ <entry>X11 themes.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>x11-toolkits</filename></entry>
+ <entry>X11 toolkits.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>x11-wm</filename></entry>
+ <entry>X11 window managers.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>xfce*</filename></entry>
+ <entry>Ports relating to the
+ <ulink url="http://www.xfce.org/">Xfce</ulink> desktop
+ environment.</entry>
+ <entry></entry>
+ </row>
+
+ <row>
+ <entry><filename>zope*</filename></entry>
+ <entry><ulink url="http://www.zope.org/">Zope</ulink> support.</entry>
+ <entry></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+
+ <sect2 id="choosing-categories">
+ <title>Choosing the right category</title>
+
+ <para>As many of the categories overlap, you often have to choose
+ which of the categories should be the primary category of your port.
+ There are several rules that govern this issue. Here is the list of
+ priorities, in decreasing order of precedence:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The first category must be a physical category (see
+ <link linkend="porting-categories">above</link>). This is
+ necessary to make the packaging work. Virtual categories and
+ physical categories may be intermixed after that.</para>
+ </listitem>
+
+ <listitem>
+ <para>Language specific categories always come first. For
+ example, if your port installs Japanese X11 fonts, then your
+ <makevar>CATEGORIES</makevar> line would read <filename>japanese
+ x11-fonts</filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para>Specific categories are listed before less-specific ones. For
+ instance, an HTML editor should be listed as <filename>www
+ editors</filename>, not the other way around. Also, you should not
+ list <filename>net</filename> when the port belongs to
+ any of <filename>irc</filename>, <filename>mail</filename>,
+ <filename>mbone</filename>, <filename>news</filename>,
+ <filename>security</filename>, or <filename>www</filename>, as
+ <filename>net</filename> is included implicitly.</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>x11</filename> is used as a secondary category only
+ when the primary category is a natural language. In particular,
+ you should not put <filename>x11</filename> in the category line
+ for X applications.</para>
+ </listitem>
+
+ <listitem>
+ <para><application>Emacs</application> modes should be
+ placed in the same ports category as the application
+ supported by the mode, not in
+ <filename>editors</filename>. For example, an
+ <application>Emacs</application> mode to edit source
+ files of some programming language should go into
+ <filename>lang</filename>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para><filename>misc</filename>
+ should not appear with any other non-virtual category.
+ If you have <literal>misc</literal> with something else in
+ your <makevar>CATEGORIES</makevar> line, that means you can
+ safely delete <literal>misc</literal> and just put the port
+ in that other subdirectory!</para>
+ </listitem>
+
+ <listitem>
+ <para>If your port truly does not belong anywhere else, put it in
+ <filename>misc</filename>.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you are not sure about the category, please put a comment to
+ that effect in your &man.send-pr.1; submission so we can
+ discuss it before we import it. If you are a committer, send a note
+ to the &a.ports; so we can discuss it first. Too often, new ports are
+ imported to the wrong category only to be moved right away.
+ This causes unnecessary and undesirable bloat in the master
+ source repository.</para>
+ </sect2>
+
+ <sect2 id="proposing-categories">
+ <title>Proposing a new category</title>
+
+ <para>As the Ports Collection has grown over time, various new
+ categories have been introduced. New categories can either
+ be <emphasis>virtual</emphasis> categories&mdash;those that do
+ not have a corresponding subdirectory in the ports tree&mdash;
+ or <emphasis>physical</emphasis> categories&mdash;those that
+ do. The following text discusses the issues involved in creating
+ a new physical category so that you can understand them before
+ you propose one.</para>
+
+ <para>Our existing practice has been to avoid creating a new
+ physical category unless either a large number of ports would
+ logically belong to it, or the ports that would belong to it
+ are a logically distinct group that is of limited general
+ interest (for instance, categories related to spoken human
+ languages), or preferably both.</para>
+
+ <para>The rationale for this is that such a change creates a
+ <ulink url="&url.articles.committers-guide;/#ports">
+ fair amount of work</ulink> for both the committers and also
+ for all users who track changes to the Ports Collection. In
+ addition, proposed category changes just naturally seem to
+ attract controversy. (Perhaps this is because there is no
+ clear consensus on when a category is <quote>too big</quote>,
+ nor whether categories should lend themselves to browsing (and
+ thus what number of categories would be an ideal number), and
+ so forth.)</para>
+
+ <para>Here is the procedure:</para>
+
+ <procedure>
+ <step>
+ <para>Propose the new category on &a.ports;. You should
+ include a detailed rationale for the new category,
+ including why you feel the existing categories are not
+ sufficient, and the list of existing ports proposed to move.
+ (If there are new ports pending in
+ <application>GNATS</application> that would fit this
+ category, list them too.) If you are the maintainer and/or
+ submitter, respectively, mention that as it may help you
+ to make your case.</para>
+ </step>
+
+ <step>
+ <para>Participate in the discussion.</para>
+ </step>
+
+ <step>
+ <para>If it seems that there is support for your idea,
+ file a PR which includes both the rationale and the list
+ of existing ports that need to be moved. Ideally, this
+ PR should also include patches for the following:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><filename>Makefile</filename>s for the
+ new ports once they are repocopied</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>Makefile</filename> for the
+ new category</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>Makefile</filename> for the
+ old ports' categories</para>
+ </listitem>
+
+ <listitem>
+ <para><filename>Makefile</filename>s for ports
+ that depend on the old ports</para>
+ </listitem>
+
+ <listitem>
+ <para>(for extra credit, you can include the other
+ files that have to change, as per the procedure
+ in the Committer's Guide.)</para>
+ </listitem>
+ </itemizedlist>
+ </step>
+
+ <step>
+ <para>Since it affects the ports infrastructure and involves
+ not only performing repo-copies but also possibly running
+ regression tests on the build cluster, the PR should be
+ assigned to the &a.portmgr;.</para>
+ </step>
+
+ <step>
+ <para>If that PR is approved, a committer will need to follow
+ the rest of the procedure that is
+ <ulink url="&url.articles.committers-guide;/#ports">
+ outlined in the Committer's Guide</ulink>.</para>
+ </step>
+ </procedure>
+
+ <para>Proposing a new virtual category should be similar to
+ the above but much less involved, since no ports will
+ actually have to move. In this case, the only patches to
+ include in the PR would be those to add the new category to the
+ <makevar>CATEGORIES</makevar>s of the affected ports.</para>
+ </sect2>
+
+ <sect2 id="proposing-reorg">
+ <title>Proposing reorganizing all the categories</title>
+
+ <para>Occasionally someone proposes reorganizing the categories
+ with either a 2-level structure, or some other kind of keyword
+ structure. To date, nothing has come of any of these proposals
+ because, while they are very easy to make, the effort involved to
+ retrofit the entire existing ports collection with any kind of
+ reorganization is daunting to say the very least. Please read
+ the history of these proposals in the mailing list archives before
+ you post this idea; furthermore, you should be prepared to be
+ challenged to offer a working prototype.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="makefile-distfiles">
+ <title>The distribution files</title>
+
+ <para>The second part of the <filename>Makefile</filename> describes the
+ files that must be downloaded in order to build the port, and where
+ they can be downloaded from.</para>
+
+ <sect2>
+ <title><makevar>DISTVERSION/DISTNAME</makevar></title>
+
+ <para><makevar>DISTNAME</makevar> is the name of the port as
+ called by the authors of the software.
+ <makevar>DISTNAME</makevar> defaults to
+ <literal>${PORTNAME}-${PORTVERSION}</literal>, so override it only if necessary.
+ <makevar>DISTNAME</makevar> is only used in two places.
+ First, the distribution file list
+ (<makevar>DISTFILES</makevar>) defaults to
+ <makevar>${DISTNAME}</makevar><makevar>${EXTRACT_SUFX}</makevar>.
+ Second, the distribution file is expected to extract into a
+ subdirectory named <makevar>WRKSRC</makevar>, which defaults
+ to <filename>work/<makevar>${DISTNAME}</makevar></filename>.</para>
+
+ <para>Some vendor's distribution names which do not fit into the
+ <literal>${PORTNAME}-${PORTVERSION}</literal>-scheme can be handled
+ automatically by setting <makevar>DISTVERSION</makevar>.
+ <makevar>PORTVERSION</makevar> and <makevar>DISTNAME</makevar> will be
+ derived automatically, but can of course be overridden. The following
+ table lists some examples:</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry><makevar>DISTVERSION</makevar></entry>
+ <entry><makevar>PORTVERSION</makevar></entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>0.7.1d</entry>
+ <entry>0.7.1.d</entry>
+ </row>
+ <row>
+ <entry>10Alpha3</entry>
+ <entry>10.a3</entry>
+ </row>
+ <row>
+ <entry>3Beta7-pre2</entry>
+ <entry>3.b7.p2</entry>
+ </row>
+ <row>
+ <entry>8:f_17</entry>
+ <entry>8f.17</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <note>
+ <para><makevar>PKGNAMEPREFIX</makevar> and
+ <makevar>PKGNAMESUFFIX</makevar> do not affect
+ <makevar>DISTNAME</makevar>. Also note that if
+ <makevar>WRKSRC</makevar> is equal to
+ <filename>work/<makevar>${PORTNAME}-${PORTVERSION}</makevar></filename>
+ while the original source archive is named something other than
+ <makevar>${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}</makevar>,
+ you should probably leave <makevar>DISTNAME</makevar>
+ alone&mdash; you are better off defining
+ <makevar>DISTFILES</makevar> than having to set both
+ <makevar>DISTNAME</makevar> and <makevar>WRKSRC</makevar>
+ (and possibly <makevar>EXTRACT_SUFX</makevar>).</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title><makevar>MASTER_SITES</makevar></title>
+
+ <para>Record the directory part of the FTP/HTTP-URL pointing at the
+ original tarball in <makevar>MASTER_SITES</makevar>. Do not forget
+ the trailing slash (<filename>/</filename>)!</para>
+
+ <para>The <command>make</command> macros will try to use this
+ specification for grabbing the distribution file with
+ <makevar>FETCH</makevar> if they cannot find it already on the
+ system.</para>
+
+ <para>It is recommended that you put multiple sites on this list,
+ preferably from different continents. This will safeguard against
+ wide-area network problems. We are even planning to add support
+ for automatically determining the closest master site and fetching
+ from there; having multiple sites will go a long way towards
+ helping this effort.</para>
+
+ <para>If the original tarball is part of one of the popular
+ archives such as X-contrib, GNU, or Perl CPAN, you may be able
+ refer to those sites in an easy compact form using
+ <makevar>MASTER_SITE_<replaceable>*</replaceable></makevar>
+ (e.g., <makevar>MASTER_SITE_XCONTRIB</makevar> and
+ <makevar>MASTER_SITE_PERL_GNU</makevar>). Simply set
+ <makevar>MASTER_SITES</makevar> to one of these variables and
+ <makevar>MASTER_SITE_SUBDIR</makevar> to the path within the
+ archive. Here is an example:</para>
+
+ <programlisting>MASTER_SITES= ${MASTER_SITE_XCONTRIB}
+MASTER_SITE_SUBDIR= applications</programlisting>
+
+ <para>These variables are defined in
+ <filename>/usr/ports/Mk/bsd.sites.mk</filename>. There are
+ new entries added all the time, so make sure to check the
+ latest version of this file before submitting a port.</para>
+
+ <para>The user can also set the <makevar>MASTER_SITE_*</makevar>
+ variables in <filename>/etc/make.conf</filename> to override our
+ choices, and use their favorite mirrors of these popular archives
+ instead.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>EXTRACT_SUFX</makevar></title>
+
+ <para>If you have one distribution file, and it uses an odd suffix to
+ indicate the compression mechanism, set
+ <makevar>EXTRACT_SUFX</makevar>.</para>
+
+ <para>For example, if the distribution file was named
+ <filename>foo.tgz</filename> instead of the more normal
+ <filename>foo.tar.gz</filename>, you would write:</para>
+
+ <programlisting>DISTNAME= foo
+EXTRACT_SUFX= .tgz</programlisting>
+
+ <para>The <makevar>USE_BZIP2</makevar> and <makevar>USE_ZIP</makevar>
+ variables automatically set <makevar>EXTRACT_SUFX</makevar> to
+ <literal>.tar.bz2</literal> or <literal>.zip</literal> as necessary. If
+ neither of these are set then <makevar>EXTRACT_SUFX</makevar>
+ defaults to <literal>.tar.gz</literal>.</para>
+
+ <note>
+ <para>You never need to set both <makevar>EXTRACT_SUFX</makevar> and
+ <makevar>DISTFILES</makevar>.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title><makevar>DISTFILES</makevar></title>
+
+ <para>Sometimes the names of the files to be downloaded have no
+ resemblance to the name of the port. For example, it might be
+ called <filename>source.tar.gz</filename> or similar. In other
+ cases the application's source code might be in several different
+ archives, all of which must be downloaded.</para>
+
+ <para>If this is the case, set <makevar>DISTFILES</makevar> to be a
+ space separated list of all the files that must be
+ downloaded.</para>
+
+ <programlisting>DISTFILES= source1.tar.gz source2.tar.gz</programlisting>
+
+ <para>If not explicitly set, <makevar>DISTFILES</makevar> defaults to
+ <literal>${DISTNAME}${EXTRACT_SUFX}</literal>.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>EXTRACT_ONLY</makevar></title>
+
+ <para>If only some of the <makevar>DISTFILES</makevar> must be
+ extracted&mdash;for example, one of them is the source code, while
+ another is an uncompressed document&mdash;list the filenames that
+ must be extracted in <makevar>EXTRACT_ONLY</makevar>.</para>
+
+ <programlisting>DISTFILES= source.tar.gz manual.html
+EXTRACT_ONLY= source.tar.gz</programlisting>
+
+ <para>If <emphasis>none</emphasis> of the <makevar>DISTFILES</makevar>
+ should be uncompressed then set <makevar>EXTRACT_ONLY</makevar> to
+ the empty string.</para>
+
+ <programlisting>EXTRACT_ONLY=</programlisting>
+ </sect2>
+
+ <sect2 id="porting-patchfiles">
+ <title><makevar>PATCHFILES</makevar></title>
+
+ <para>If your port requires some additional patches that are available
+ by FTP or HTTP, set <makevar>PATCHFILES</makevar> to the names of
+ the files and <makevar>PATCH_SITES</makevar> to the URL of the
+ directory that contains them (the format is the same as
+ <makevar>MASTER_SITES</makevar>).</para>
+
+ <para>If the patch is not relative to the top of the source tree
+ (i.e., <makevar>WRKSRC</makevar>) because it contains some extra
+ pathnames, set <makevar>PATCH_DIST_STRIP</makevar> accordingly. For
+ instance, if all the pathnames in the patch have an extra
+ <literal>foozolix-1.0/</literal> in front of the filenames, then set
+ <literal>PATCH_DIST_STRIP=-p1</literal>.</para>
+
+ <para>Do not worry if the patches are compressed; they will be
+ decompressed automatically if the filenames end with
+ <filename>.gz</filename> or <filename>.Z</filename>.</para>
+
+ <para>If the patch is distributed with some other files, such as
+ documentation, in a gzip'd tarball, you cannot just use
+ <makevar>PATCHFILES</makevar>. If that is the case, add the name
+ and the location of the patch tarball to
+ <makevar>DISTFILES</makevar> and <makevar>MASTER_SITES</makevar>.
+ Then, use the <makevar>EXTRA_PATCHES</makevar> variable to
+ point to those files and <filename>bsd.port.mk</filename>
+ will automatically apply them for you. In particular, do
+ <emphasis>not</emphasis> copy patch files into the
+ <makevar>PATCHDIR</makevar> directory&mdash;that directory may
+ not be writable.</para>
+
+ <note>
+ <para>The tarball will have been extracted alongside the
+ regular source by then, so there is no need to explicitly extract
+ it if it is a regular gzip'd or compress'd tarball. If you do the
+ latter, take extra care not to overwrite something that already
+ exists in that directory. Also, do not forget to add a command to
+ remove the copied patch in the <maketarget>pre-clean</maketarget>
+ target.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="porting-master-sites-n">
+ <title>Multiple distribution files or patches from different
+ sites and subdirectories
+ (<literal>MASTER_SITES:n</literal>)</title>
+
+ <para>(Consider this to be a somewhat <quote>advanced topic</quote>;
+ those new to this document may wish to skip this section at first).
+ </para>
+
+ <para>This section has information on the fetching mechanism
+ known as both <literal>MASTER_SITES:n</literal> and
+ <literal>MASTER_SITES_NN</literal>. We will refer to this
+ mechanism as <literal>MASTER_SITES:n</literal>
+ hereon.</para>
+
+ <para>A little background first. OpenBSD has a neat feature
+ inside both <makevar>DISTFILES</makevar> and
+ <makevar>PATCHFILES</makevar> variables, both files and
+ patches can be postfixed with <literal>:n</literal>
+ identifiers where <literal>n</literal> both can be
+ <literal>[0-9]</literal> and denote a group designation.
+ For example:</para>
+
+ <programlisting>DISTFILES= alpha:0 beta:1</programlisting>
+
+ <para>In OpenBSD, distribution file <filename>alpha</filename>
+ will be associated with variable
+ <makevar>MASTER_SITES0</makevar> instead of our common
+ <makevar>MASTER_SITES</makevar> and
+ <filename>beta</filename> with
+ <makevar>MASTER_SITES1</makevar>.</para>
+
+ <para>This is a very interesting feature which can decrease
+ that endless search for the correct download site.</para>
+
+ <para>Just picture 2 files in <makevar>DISTFILES</makevar> and
+ 20 sites in <makevar>MASTER_SITES</makevar>, the sites slow
+ as hell where <filename>beta</filename> is carried by all
+ sites in <makevar>MASTER_SITES</makevar>, and
+ <filename>alpha</filename> can only be found in the 20th
+ site. It would be such a waste to check all of them if
+ maintainer knew this beforehand, would it not? Not a good
+ start for that lovely weekend!</para>
+
+ <para>Now that you have the idea, just imagine more
+ <makevar>DISTFILES</makevar> and more
+ <makevar>MASTER_SITES</makevar>. Surely our
+ <quote>distfiles survey meister</quote> would appreciate the
+ relief to network strain that this would bring.</para>
+
+ <para>In the next sections, information will follow on the
+ FreeBSD implementation of this idea. We improved a bit on
+ OpenBSD's concept.</para>
+
+ <sect3>
+ <title>Simplified information</title>
+
+ <para>This section tells you how to quickly prepare fine
+ grained fetching of multiple distribution files and
+ patches from different sites and subdirectories. We
+ describe here a case of simplified
+ <literal>MASTER_SITES:n</literal> usage. This will be
+ sufficient for most scenarios. However, if you need
+ further information, you will have to refer to the next
+ section.</para>
+
+ <para>Some applications consist of multiple distribution
+ files that must be downloaded from a number of different
+ sites. For example,
+ <application>Ghostscript</application> consists of the
+ core of the program, and then a large number of driver
+ files that are used depending on the user's printer. Some
+ of these driver files are supplied with the core, but many
+ others must be downloaded from a variety of different
+ sites.</para>
+
+ <para>To support this, each entry in
+ <makevar>DISTFILES</makevar> may be followed by a colon
+ and a <quote>tag name</quote>. Each site listed in
+ <makevar>MASTER_SITES</makevar> is then followed by a
+ colon, and the tag that indicates which distribution files
+ should be downloaded from this site.</para>
+
+ <para>For example, consider an application with the source
+ split in two parts, <filename>source1.tar.gz</filename>
+ and <filename>source2.tar.gz</filename>, which must be
+ downloaded from two different sites. The port's
+ <filename>Makefile</filename> would include lines like
+ <xref
+ linkend="ports-master-sites-n-example-simple-use-one-file-per-site">.</para>
+
+ <example
+ id="ports-master-sites-n-example-simple-use-one-file-per-site">
+ <title>Simplified use of <literal>MASTER_SITES:n</literal>
+ with 1 file per site</title>
+
+ <programlisting>MASTER_SITES= ftp://ftp.example1.com/:source1 \
+ ftp://ftp.example2.com/:source2
+DISTFILES= source1.tar.gz:source1 \
+ source2.tar.gz:source2</programlisting>
+ </example>
+
+ <para>Multiple distribution files can have the same tag.
+ Continuing the previous example, suppose that there was a
+ third distfile, <filename>source3.tar.gz</filename>, that
+ should be downloaded from
+ <hostid>ftp.example2.com</hostid>. The
+ <filename>Makefile</filename> would then be written like
+ <xref
+ linkend="ports-master-sites-n-example-simple-use-more-than-one-file-per-site">.</para>
+
+ <example
+ id="ports-master-sites-n-example-simple-use-more-than-one-file-per-site">
+ <title>Simplified use of <literal>MASTER_SITES:n</literal>
+ with more than 1 file per site</title>
+
+ <programlisting>MASTER_SITES= ftp://ftp.example1.com/:source1 \
+ ftp://ftp.example2.com/:source2
+DISTFILES= source1.tar.gz:source1 \
+ source2.tar.gz:source2 \
+ source3.tar.gz:source2</programlisting>
+ </example>
+ </sect3>
+
+ <sect3>
+ <title>Detailed information</title>
+
+ <para>Okay, so the previous section example did not reflect
+ your needs? In this section we will explain in detail how
+ the fine grained fetching mechanism
+ <literal>MASTER_SITES:n</literal> works and how you can
+ modify your ports to use it.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Elements can be postfixed with
+ <literal>:<replaceable>n</replaceable></literal> where
+ <replaceable>n</replaceable> is
+ <literal>[^:,]+</literal>, i.e.,
+ <replaceable>n</replaceable> could conceptually be any
+ alphanumeric string but we will limit it to
+ <literal>[a-zA-Z_][0-9a-zA-Z_]+</literal> for
+ now.</para>
+
+ <para>Moreover, string matching is case sensitive;
+ i.e., <literal>n</literal> is different from
+ <literal>N</literal>.</para>
+
+ <para>However, the following words cannot be used for
+ postfixing purposes since they yield special meaning:
+ <literal>default</literal>, <literal>all</literal> and
+ <literal>ALL</literal> (they are used internally in
+ item <xref
+ linkend="porting-master-sites-n-what-changes-in-port-targets">).
+ Furthermore, <literal>DEFAULT</literal> is a special
+ purpose word (check item <xref
+ linkend="porting-master-sites-n-DEFAULT-group">).</para>
+ </listitem>
+
+ <listitem>
+ <para>Elements postfixed with <literal>:n</literal>
+ belong to the group <literal>n</literal>,
+ <literal>:m</literal> belong to group
+ <literal>m</literal> and so forth.</para>
+ </listitem>
+
+ <listitem id="porting-master-sites-n-DEFAULT-group">
+ <para>Elements without a postfix are groupless, i.e.,
+ they all belong to the special group
+ <literal>DEFAULT</literal>. If you postfix any
+ elements with <literal>DEFAULT</literal>, you are just
+ being redundant unless you want to have an element
+ belonging to both <literal>DEFAULT</literal> and other
+ groups at the same time (check item <xref
+ linkend="porting-master-sites-n-comma-operator">).</para>
+
+ <para>The following examples are equivalent but the
+ first one is preferred:</para>
+
+ <programlisting>MASTER_SITES= alpha
+
+MASTER_SITES= alpha:DEFAULT</programlisting>
+ </listitem>
+
+ <listitem>
+ <para>Groups are not exclusive, an element may belong to
+ several different groups at the same time and a group
+ can either have either several different elements or
+ none at all. Repeated elements within the same group
+ will be simply that, repeated elements.</para>
+ </listitem>
+
+ <listitem id="porting-master-sites-n-comma-operator">
+ <para>When you want an element to belong to several
+ groups at the same time, you can use the comma
+ operator (<literal>,</literal>).</para>
+
+ <para>Instead of repeating it several times, each time
+ with a different postfix, we can list several groups
+ at once in a single postfix. For instance,
+ <literal>:m,n,o</literal> marks an element that
+ belongs to group <literal>m</literal>,
+ <literal>n</literal> and <literal>o</literal>.</para>
+
+ <para>All the following examples are equivalent but the
+ last one is preferred:</para>
+
+ <programlisting>MASTER_SITES= alpha alpha:SOME_SITE
+
+MASTER_SITES= alpha:DEFAULT alpha:SOME_SITE
+
+MASTER_SITES= alpha:SOME_SITE,DEFAULT
+
+MASTER_SITES= alpha:DEFAULT,SOME_SITE</programlisting>
+ </listitem>
+
+ <listitem>
+ <para>All sites within a given group are sorted
+ according to <makevar>MASTER_SORT_AWK</makevar>. All
+ groups within <makevar>MASTER_SITES</makevar> and
+ <makevar>PATCH_SITES</makevar> are sorted as
+ well.</para>
+ </listitem>
+
+ <listitem id="porting-master-sites-n-group-semantics">
+ <para>Group semantics can be used in any of the
+ following variables <makevar>MASTER_SITES</makevar>,
+ <makevar>PATCH_SITES</makevar>,
+ <makevar>MASTER_SITE_SUBDIR</makevar>,
+ <makevar>PATCH_SITE_SUBDIR</makevar>,
+ <makevar>DISTFILES</makevar>, and
+ <makevar>PATCHFILES</makevar> according to the
+ following syntax:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>All <makevar>MASTER_SITES</makevar>,
+ <makevar>PATCH_SITES</makevar>,
+ <makevar>MASTER_SITE_SUBDIR</makevar> and
+ <makevar>PATCH_SITE_SUBDIR</makevar> elements must
+ be terminated with the forward slash
+ <literal>/</literal> character. If any elements
+ belong to any groups, the group postfix
+ <literal>:<replaceable>n</replaceable></literal>
+ must come right after the terminator
+ <literal>/</literal>. The
+ <literal>MASTER_SITES:n</literal> mechanism relies
+ on the existence of the terminator
+ <literal>/</literal> to avoid confusing elements
+ where a <literal>:n</literal> is a valid part of
+ the element with occurrences where
+ <literal>:n</literal> denotes group
+ <literal>n</literal>. For compatibility purposes,
+ since the <literal>/</literal> terminator was not
+ required before in both
+ <makevar>MASTER_SITE_SUBDIR</makevar> and
+ <makevar>PATCH_SITE_SUBDIR</makevar> elements, if
+ the postfix immediate preceding character is not
+ a <literal>/</literal> then <literal>:n</literal>
+ will be considered a valid part of the element
+ instead of a group postfix even if an element is
+ postfixed with <literal>:n</literal>. See both
+ <xref
+ linkend="ports-master-sites-n-example-detailed-use-master-site-subdir">
+ and <xref
+ linkend="ports-master-sites-n-example-detailed-use-complete-example-master-sites">.</para>
+
+ <example id="ports-master-sites-n-example-detailed-use-master-site-subdir">
+ <title>Detailed use of
+ <literal>MASTER_SITES:n</literal> in
+ <makevar>MASTER_SITE_SUBDIR</makevar></title>
+
+ <programlisting>MASTER_SITE_SUBDIR= old:n new/:NEW</programlisting>
+
+ <itemizedlist>
+ <listitem>
+ <para>Directories within group
+ <literal>DEFAULT</literal> -> old:n</para>
+ </listitem>
+
+ <listitem>
+ <para>Directories within group
+ <literal>NEW</literal> -> new</para>
+ </listitem>
+ </itemizedlist>
+ </example>
+
+ <example
+ id="ports-master-sites-n-example-detailed-use-complete-example-master-sites">
+ <title>Detailed use of
+ <literal>MASTER_SITES:n</literal> with comma
+ operator, multiple files, multiple sites and
+ multiple subdirectories</title>
+
+ <programlisting>MASTER_SITES= http://site1/%SUBDIR%/ http://site2/:DEFAULT \
+ http://site3/:group3 http://site4/:group4 \
+ http://site5/:group5 http://site6/:group6 \
+ http://site7/:DEFAULT,group6 \
+ http://site8/%SUBDIR%/:group6,group7 \
+ http://site9/:group8
+DISTFILES= file1 file2:DEFAULT file3:group3 \
+ file4:group4,group5,group6 file5:grouping \
+ file6:group7
+MASTER_SITE_SUBDIR= directory-trial:1 directory-n/:groupn \
+ directory-one/:group6,DEFAULT \
+ directory</programlisting>
+
+ <para>The previous example results in the
+ following fine grained fetching. Sites are
+ listed in the exact order they will be
+ used.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><filename>file1</filename> will be
+ fetched from</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>MASTER_SITE_OVERRIDE</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para>http://site1/directory-trial:1/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site1/directory-one/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site1/directory/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site2/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site7/</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>MASTER_SITE_BACKUP</makevar></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para><filename>file2</filename> will be
+ fetched exactly as
+ <filename>file1</filename> since they
+ both belong to the same group</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>MASTER_SITE_OVERRIDE</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para>http://site1/directory-trial:1/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site1/directory-one/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site1/directory/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site2/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site7/</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>MASTER_SITE_BACKUP</makevar></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para><filename>file3</filename> will be
+ fetched from</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>MASTER_SITE_OVERRIDE</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para>http://site3/</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>MASTER_SITE_BACKUP</makevar></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para><filename>file4</filename> will be
+ fetched from</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>MASTER_SITE_OVERRIDE</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para>http://site4/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site5/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site6/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site7/</para>
+ </listitem>
+
+ <listitem>
+ <para>http://site8/directory-one/</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>MASTER_SITE_BACKUP</makevar></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para><filename>file5</filename> will be
+ fetched from</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>MASTER_SITE_OVERRIDE</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>MASTER_SITE_BACKUP</makevar></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para><filename>file6</filename> will be
+ fetched from</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>MASTER_SITE_OVERRIDE</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para>http://site8/</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>MASTER_SITE_BACKUP</makevar></para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+ </example>
+ </listitem>
+ </orderedlist>
+ </listitem>
+
+ <listitem>
+ <para>How do I group one of the special variables from
+ <filename>bsd.sites.mk</filename>, e.g.,
+ <makevar>MASTER_SITE_SOURCEFORGE</makevar>?</para>
+
+ <para>See <xref
+ linkend="ports-master-sites-n-example-detailed-use-master-site-sourceforge">.</para>
+
+ <example
+ id="ports-master-sites-n-example-detailed-use-master-site-sourceforge">
+ <title>Detailed use of
+ <literal>MASTER_SITES:n</literal> with
+ <makevar>MASTER_SITE_SOURCEFORGE</makevar></title>
+
+ <programlisting>MASTER_SITES= http://site1/ ${MASTER_SITE_SOURCEFORGE:S/$/:sourceforge,TEST/}
+DISTFILES= something.tar.gz:sourceforge</programlisting>
+ </example>
+
+ <para><filename>something.tar.gz</filename> will be
+ fetched from all sites within
+ <makevar>MASTER_SITE_SOURCEFORGE</makevar>.</para>
+ </listitem>
+
+ <listitem>
+ <para>How do I use this with <makevar>PATCH*</makevar>
+ variables?</para>
+
+ <para>All examples were done with
+ <makevar>MASTER*</makevar> variables but they work
+ exactly the same for <makevar>PATCH*</makevar> ones as
+ can be seen in <xref
+ linkend="ports-master-sites-n-example-detailed-use-patch-sites">.</para>
+
+ <example
+ id="ports-master-sites-n-example-detailed-use-patch-sites">
+ <title>Simplified use of
+ <literal>MASTER_SITES:n</literal> with
+ <makevar>PATCH_SITES</makevar>.</title>
+
+ <programlisting>PATCH_SITES= http://site1/ http://site2/:test
+PATCHFILES= patch1:test</programlisting>
+ </example>
+ </listitem>
+ </orderedlist>
+ </sect3>
+
+ <sect3>
+ <title>What does change for ports? What does not?</title>
+
+ <orderedlist numeration="lowerroman">
+ <listitem>
+ <para>All current ports remain the same. The
+ <literal>MASTER_SITES:n</literal> feature code is only
+ activated if there are elements postfixed with
+ <literal>:<replaceable>n</replaceable></literal> like
+ elements according to the aforementioned syntax rules,
+ especially as shown in item <xref
+ linkend="porting-master-sites-n-group-semantics">.</para>
+ </listitem>
+
+ <listitem id="porting-master-sites-n-what-changes-in-port-targets">
+ <para>The port targets remain the same:
+ <maketarget>checksum</maketarget>,
+ <maketarget>makesum</maketarget>,
+ <maketarget>patch</maketarget>,
+ <maketarget>configure</maketarget>,
+ <maketarget>build</maketarget>, etc. With the obvious
+ exceptions of <maketarget>do-fetch</maketarget>,
+ <maketarget>fetch-list</maketarget>,
+ <maketarget>master-sites</maketarget> and
+ <maketarget>patch-sites</maketarget>.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><maketarget>do-fetch</maketarget>: deploys the
+ new grouping postfixed
+ <makevar>DISTFILES</makevar> and
+ <makevar>PATCHFILES</makevar> with their matching
+ group elements within both
+ <makevar>MASTER_SITES</makevar> and
+ <makevar>PATCH_SITES</makevar> which use matching
+ group elements within both
+ <makevar>MASTER_SITE_SUBDIR</makevar> and
+ <makevar>PATCH_SITE_SUBDIR</makevar>. Check <xref
+ linkend="ports-master-sites-n-example-detailed-use-complete-example-master-sites">.</para>
+ </listitem>
+
+ <listitem>
+ <para><maketarget>fetch-list</maketarget>: works
+ like old <maketarget>fetch-list</maketarget> with
+ the exception that it groups just like
+ <maketarget>do-fetch</maketarget>.</para>
+ </listitem>
+
+ <listitem>
+ <para><maketarget>master-sites</maketarget> and
+ <maketarget>patch-sites</maketarget>:
+ (incompatible with older versions) only return the
+ elements of group <literal>DEFAULT</literal>; in
+ fact, they execute targets
+ <maketarget>master-sites-default</maketarget> and
+ <maketarget>patch-sites-default</maketarget>
+ respectively.</para>
+
+ <para>Furthermore, using target either
+ <maketarget>master-sites-all</maketarget> or
+ <maketarget>patch-sites-all</maketarget> is
+ preferred to directly checking either
+ <maketarget>MASTER_SITES</maketarget> or
+ <maketarget>PATCH_SITES</maketarget>. Also,
+ directly checking is not guaranteed to work in any
+ future versions. Check item <xref
+ linkend="porting-master-sites-n-new-port-targets-master-sites-all">
+ for more information on these new port
+ targets.</para>
+ </listitem>
+
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>New port targets</para>
+
+ <orderedlist>
+ <listitem>
+ <para>There are
+ <maketarget>master-sites-<replaceable>n</replaceable></maketarget>
+ and
+ <maketarget>patch-sites-<replaceable>n</replaceable></maketarget>
+ targets which will list the elements of the
+ respective group <replaceable>n</replaceable>
+ within <makevar>MASTER_SITES</makevar> and
+ <makevar>PATCH_SITES</makevar> respectively. For
+ instance, both
+ <maketarget>master-sites-DEFAULT</maketarget> and
+ <maketarget>patch-sites-DEFAULT</maketarget> will
+ return the elements of group
+ <literal>DEFAULT</literal>,
+ <maketarget>master-sites-test</maketarget> and
+ <maketarget>patch-sites-test</maketarget> of group
+ <literal>test</literal>, and thereon.</para>
+ </listitem>
+
+ <listitem id="porting-master-sites-n-new-port-targets-master-sites-all">
+ <para>There are new targets
+ <maketarget>master-sites-all</maketarget> and
+ <maketarget>patch-sites-all</maketarget> which do
+ the work of the old
+ <maketarget>master-sites</maketarget> and
+ <maketarget>patch-sites</maketarget> ones. They
+ return the elements of all groups as if they all
+ belonged to the same group with the caveat that it
+ lists as many
+ <makevar>MASTER_SITE_BACKUP</makevar> and
+ <makevar>MASTER_SITE_OVERRIDE</makevar> as there
+ are groups defined within either
+ <makevar>DISTFILES</makevar> or
+ <makevar>PATCHFILES</makevar>; respectively for
+ <maketarget>master-sites-all</maketarget> and
+ <maketarget>patch-sites-all</maketarget>.</para>
+ </listitem>
+ </orderedlist>
+ </listitem>
+ </orderedlist>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title><makevar>DIST_SUBDIR</makevar></title>
+
+ <para>Do not let your port clutter
+ <filename>/usr/ports/distfiles</filename>. If your port requires a
+ lot of files to be fetched, or contains a file that has a name that
+ might conflict with other ports (e.g.,
+ <filename>Makefile</filename>), set <makevar>DIST_SUBDIR</makevar>
+ to the name of the port (<literal>${PORTNAME}</literal> or
+ <literal>${PKGNAMEPREFIX}${PORTNAME}</literal>
+ should work fine). This will change
+ <makevar>DISTDIR</makevar> from the default
+ <filename>/usr/ports/distfiles</filename> to
+ <filename>/usr/ports/distfiles/<makevar>DIST_SUBDIR</makevar></filename>,
+ and in effect puts everything that is required for your port into
+ that subdirectory.</para>
+
+ <para>It will also look at the subdirectory with the same name on the
+ backup master site at <filename>ftp.FreeBSD.org</filename>.
+ (Setting <makevar>DISTDIR</makevar> explicitly in your
+ <makevar>Makefile</makevar> will not accomplish this, so please use
+ <makevar>DIST_SUBDIR</makevar>.)</para>
+
+ <note>
+ <para>This does not affect the <makevar>MASTER_SITES</makevar> you
+ define in your <filename>Makefile</filename>.</para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="makefile-maintainer">
+ <title><makevar>MAINTAINER</makevar></title>
+
+ <para>Set your mail-address here. Please. <!-- smiley
+ --><emphasis>:-)</emphasis></para>
+
+ <para>Note that only a single address without the comment part is
+ allowed as a <makevar>MAINTAINER</makevar> value.
+ The format used should be <literal>user@hostname.domain</literal>.
+ Please do not include any descriptive text such as your real
+ name in this entry&mdash;that merely confuses
+ <filename>bsd.port.mk</filename>.</para>
+
+ <para>For a detailed description of the responsibilities of maintainers,
+ refer to the <ulink url="&url.books.developers-handbook;/policies.html#POLICIES-MAINTAINER">MAINTAINER on
+ Makefiles</ulink> section.</para>
+
+ <para>If the maintainer of a port does not respond to an update
+ request from a user after two weeks (excluding major public
+ holidays), then that is considered a maintainer timeout, and the
+ update may be made without explicit maintainer approval. If the
+ maintainer does not respond within three months, then that
+ maintainer is considered absent without leave, and can be
+ replaced as the maintainer of the particular port in question.
+ Exceptions to this are anything maintained by the &a.portmgr;, or
+ the &a.security-officer;. No unauthorized commits may ever be
+ made to ports maintained by those groups.</para>
+
+ <para>The &a.portmgr; reserves the right to revoke or override
+ anyone's maintainership for any reason, and the &a.security-officer;
+ reserves the right to revoke or override maintainership for security
+ reasons.</para>
+ </sect1>
+
+ <sect1 id="makefile-comment">
+ <title><makevar>COMMENT</makevar></title>
+
+ <para>This is a one-line description of the port.
+ <emphasis>Please</emphasis> do not include the package name (or
+ version number of the software) in the comment. The comment
+ should begin with a capital and end without a period. Here
+ is an example:</para>
+
+ <programlisting>COMMENT= A cat chasing a mouse all over the screen</programlisting>
+
+ <para>The COMMENT variable should immediately follow the MAINTAINER
+ variable in the <filename>Makefile</filename>.</para>
+
+ <para>Please try to keep the COMMENT line less than 70
+ characters, as it is displayed to users as a one-line
+ summary of the port.</para>
+ </sect1>
+
+ <sect1 id="makefile-depend">
+ <title>Dependencies</title>
+
+ <para>Many ports depend on other ports. There are seven variables that
+ you can use to ensure that all the required bits will be on the
+ user's machine. There are also some pre-supported dependency
+ variables for common cases, plus a few more to control the behavior
+ of dependencies.</para>
+
+ <sect2>
+ <title><makevar>LIB_DEPENDS</makevar></title>
+
+ <para>This variable specifies the shared libraries this port depends
+ on. It is a list of
+ <replaceable>lib</replaceable>:<replaceable>dir</replaceable><optional><replaceable>:target</replaceable></optional>
+ tuples where <replaceable>lib</replaceable> is the name of the
+ shared library, <replaceable>dir</replaceable> is the
+ directory in which to find it in case it is not available, and
+ <replaceable>target</replaceable> is the target to call in that
+ directory. For example,
+ <programlisting>LIB_DEPENDS= jpeg.9:${PORTSDIR}/graphics/jpeg:install</programlisting>
+ will check for a shared jpeg library with major version 9, and
+ descend into the <filename>graphics/jpeg</filename> subdirectory
+ of your ports tree to build and install it if it is not found.
+ The <replaceable>target</replaceable> part can be omitted if it is
+ equal to <makevar>DEPENDS_TARGET</makevar> (which defaults to
+ <literal>install</literal>).</para>
+
+ <note>
+ <para>The <replaceable>lib</replaceable> part is a regular
+ expression which is being looked up in the
+ <command>ldconfig -r</command> output. Values such as
+ <literal>intl.[5-7]</literal> and <literal>intl</literal> are
+ allowed. The first pattern,
+ <literal>intl.[5-7]</literal>, will match any of:
+ <literal>intl.5</literal>, <literal>intl.6</literal> or
+ <literal>intl.7</literal>. The second pattern,
+ <literal>intl</literal>, will match any version of the
+ <literal>intl</literal> library.</para>
+ </note>
+
+ <para>The dependency is checked twice, once from within the
+ <maketarget>extract</maketarget> target and then from within the
+ <maketarget>install</maketarget> target. Also, the name of the
+ dependency is put into the package so that
+ &man.pkg.add.1; will automatically install it if it is
+ not on the user's system.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>RUN_DEPENDS</makevar></title>
+
+ <para>This variable specifies executables or files this port depends
+ on during run-time. It is a list of
+ <replaceable>path</replaceable>:<replaceable>dir</replaceable><optional><replaceable>:target</replaceable></optional>
+ tuples where <replaceable>path</replaceable> is the name of the
+ executable or file, <replaceable>dir</replaceable> is the
+ directory in which to find it in case it is not available, and
+ <replaceable>target</replaceable> is the target to call in that
+ directory. If <replaceable>path</replaceable> starts with a slash
+ (<literal>/</literal>), it is treated as a file and its existence
+ is tested with <command>test -e</command>; otherwise, it is
+ assumed to be an executable, and <command>which -s</command> is
+ used to determine if the program exists in the search path.</para>
+
+ <para>For example,</para>
+
+ <programlisting>RUN_DEPENDS= ${LOCALBASE}/etc/innd:${PORTSDIR}/news/inn \
+ wish8.0:${PORTSDIR}/x11-toolkits/tk80</programlisting>
+
+ <para>will check if the file or directory
+ <filename>/usr/local/etc/innd</filename> exists, and build and
+ install it from the <filename>news/inn</filename> subdirectory of
+ the ports tree if it is not found. It will also see if an
+ executable called <command>wish8.0</command> is in the search
+ path, and descend into the <filename>x11-toolkits/tk80</filename>
+ subdirectory of your ports tree to build and install it if it is
+ not found.</para>
+
+ <note>
+ <para>In this case, <command>innd</command> is actually an
+ executable; if an executable is in a place that is not expected
+ to be in the search path, you should use the full
+ pathname.</para>
+ </note>
+
+ <note>
+ <para>The official search <envar>PATH</envar> used on the ports
+ build cluster is</para>
+
+ <programlisting>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin</programlisting>
+ </note>
+
+ <para>The dependency is checked from within the
+ <maketarget>install</maketarget> target. Also, the name of the
+ dependency is put into the package so that
+ &man.pkg.add.1; will automatically install it if it is
+ not on the user's system. The <replaceable>target</replaceable>
+ part can be omitted if it is the same as
+ <makevar>DEPENDS_TARGET</makevar>.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>BUILD_DEPENDS</makevar></title>
+
+ <para>This variable specifies executables or files this port
+ requires to build. Like <makevar>RUN_DEPENDS</makevar>, it is a
+ list of
+ <replaceable>path</replaceable>:<replaceable>dir</replaceable><optional><replaceable>:target</replaceable></optional>
+ tuples. For example, <programlisting> BUILD_DEPENDS=
+ unzip:${PORTSDIR}/archivers/unzip</programlisting> will check
+ for an executable called <command>unzip</command>, and descend
+ into the <filename>archivers/unzip</filename> subdirectory of your
+ ports tree to build and install it if it is not found.</para>
+
+ <note>
+ <para><quote>build</quote> here means everything from extraction to
+ compilation. The dependency is checked from within the
+ <maketarget>extract</maketarget> target. The
+ <replaceable>target</replaceable> part can be omitted if it is
+ the same as <makevar>DEPENDS_TARGET</makevar></para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title><makevar>FETCH_DEPENDS</makevar></title>
+
+ <para>This variable specifies executables or files this port
+ requires to fetch. Like the previous two, it is a list of
+ <replaceable>path</replaceable>:<replaceable>dir</replaceable><optional><replaceable>:target</replaceable></optional>
+ tuples. For example, <programlisting> FETCH_DEPENDS=
+ ncftp2:${PORTSDIR}/net/ncftp2</programlisting> will check for an
+ executable called <command>ncftp2</command>, and descend into the
+ <filename>net/ncftp2</filename> subdirectory of your ports tree to
+ build and install it if it is not found.</para>
+
+ <para>The dependency is checked from within the
+ <maketarget>fetch</maketarget> target. The
+ <replaceable>target</replaceable> part can be omitted if it is the
+ same as <makevar>DEPENDS_TARGET</makevar>.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>EXTRACT_DEPENDS</makevar></title>
+
+ <para>This variable specifies executables or files this port
+ requires for extraction. Like the previous, it is a list of
+ <replaceable>path</replaceable>:<replaceable>dir</replaceable><optional><replaceable>:target</replaceable></optional>
+ tuples. For example, <programlisting>EXTRACT_DEPENDS=
+ unzip:${PORTSDIR}/archivers/unzip</programlisting> will check
+ for an executable called <command>unzip</command>, and descend
+ into the <filename>archivers/unzip</filename> subdirectory of
+ your ports tree to build and install it if it is not found.</para>
+
+ <para>The dependency is checked from within the
+ <maketarget>extract</maketarget> target. The
+ <replaceable>target</replaceable> part can be omitted if it is the
+ same as <makevar>DEPENDS_TARGET</makevar>.</para>
+
+ <note>
+ <para>Use this variable only if the extraction does not already
+ work (the default assumes <command>gzip</command>) and cannot
+ be made to work using <makevar>USE_ZIP</makevar> or
+ <makevar>USE_BZIP2</makevar> described in <xref
+ linkend="use-vars">.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title><makevar>PATCH_DEPENDS</makevar></title>
+
+ <para>This variable specifies executables or files this port
+ requires to patch. Like the previous, it is a list of
+ <replaceable>path</replaceable>:<replaceable>dir</replaceable><optional><replaceable>:target</replaceable></optional>
+ tuples. For example, <programlisting> PATCH_DEPENDS=
+ ${NONEXISTENT}:${PORTSDIR}/java/jfc:extract
+ </programlisting>will descend into the
+ <filename>java/jfc</filename> subdirectory of your ports tree to
+ build and install it if it is not found.</para>
+
+ <para>The dependency is checked from within the
+ <maketarget>patch</maketarget> target. The
+ <replaceable>target</replaceable> part can be omitted if it is the
+ same as <makevar>DEPENDS_TARGET</makevar>.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>DEPENDS</makevar></title>
+
+ <para>If there is a dependency that does not fall into either of the
+ above categories, or your port requires having the source of
+ the other port extracted in addition to having it installed,
+ then use this variable. This is a list of
+ <replaceable>dir</replaceable><optional><replaceable>:target</replaceable></optional>,
+ as there is nothing to check, unlike the previous four. The
+ <replaceable>target</replaceable> part can be omitted if it is the
+ same as <makevar>DEPENDS_TARGET</makevar>.</para>
+ </sect2>
+
+ <sect2 id="use-vars">
+ <title><makevar>USE_<replaceable>*</replaceable></makevar></title>
+
+ <para>A number of variables exist in order to encapsulate common
+ dependencies that many ports have. Although their use is
+ optional, they can help to reduce the verbosity of the port
+ <filename>Makefile</filename>s. Each of them is styled
+ as <makevar>USE_<replaceable>*</replaceable></makevar>. The
+ usage of these variables is restricted to the port
+ <filename>Makefile</filename>s and
+ <filename>ports/Mk/bsd.*.mk</filename> and is not designed
+ to encapsulate user-settable options &mdash; use
+ <makevar>WITH_<replaceable>*</replaceable></makevar> and
+ <makevar>WITHOUT_<replaceable>*</replaceable></makevar>
+ for that purpose.</para>
+
+ <note>
+ <para>It is <emphasis>always</emphasis> incorrect to set
+ any <makevar>USE_<replaceable>*</replaceable></makevar>
+ in <filename>/etc/make.conf</filename>. For instance,
+ setting <programlisting>USE_GCC=3.2</programlisting>
+ would adds a dependency on gcc32 for every port,
+ including gcc32 itself!</para>
+ </note>
+
+ <table frame="none">
+ <title>The <makevar>USE_<replaceable>*</replaceable></makevar>
+ variables</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+
+ <entry>Means</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>USE_BZIP2</makevar></entry>
+
+ <entry>The port's tarballs are compressed with
+ <command>bzip2</command>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_ZIP</makevar></entry>
+
+ <entry>The port's tarballs are compressed with
+ <command>zip</command>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_BISON</makevar></entry>
+
+ <entry>The port uses <command>bison</command> for
+ building.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_GCC</makevar></entry>
+
+ <entry>The port requires a specific version of
+ <command>gcc</command> to build. The exact version can be
+ specified with value such as <literal>3.2</literal>.
+ The minimal required version can be specified as
+ <literal>3.2+</literal>. The <command>gcc</command> from
+ the base system is used when it satisfies the requested
+ version, otherwise an appropriate <command>gcc</command> is
+ compiled from ports and the <makevar>CC</makevar> and
+ <makevar>CXX</makevar> variables are adjusted.
+ <makevar>USE_GCC</makevar> can't be used together with
+ <makevar>USE_LIBTOOL_VER</makevar>.</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>Variables related to <application>gmake</application> and
+ the <filename>configure</filename> script are described in
+ <xref linkend="building">, while
+ <application>autoconf</application>,
+ <application>automake</application> and
+ <application>libtool</application> are described in
+ <xref linkend="using-autotools">. <application>Perl</application>
+ related variables are described in <xref linkend="using-perl">.
+ X11 variables are listed in <xref linkend="using-x11">. <xref
+ linkend="using-gnome"> deals with GNOME and <xref
+ linkend="using-kde"> with KDE related variables. <xref
+ linkend="using-java"> documents Java variables, while <xref
+ linkend="using-php"> contains information on
+ <application>Apache</application>, <application>PHP</application>
+ and PEAR modules. <application>Python</application> is discussed
+ in <xref linkend="using-python">, while
+ <application>Ruby</application> in <xref linkend="using-ruby">.
+ Finally, <xref linkend="using-sdl"> provides variables used for
+ <application>SDL</application> applications.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>Notes on dependencies</title>
+
+ <para>As mentioned above, the default target to call when a
+ dependency is required is <maketarget>DEPENDS_TARGET</maketarget>.
+ It defaults to <literal>install</literal>. This is a user
+ variable; it is never defined in a port's
+ <filename>Makefile</filename>. If your port needs a special way
+ to handle a dependency, use the <literal>:target</literal> part of
+ the <makevar>*_DEPENDS</makevar> variables instead of redefining
+ <makevar>DEPENDS_TARGET</makevar>.</para>
+
+ <para>When you type <command>make clean</command>, its dependencies
+ are automatically cleaned too. If you do not wish this to happen,
+ define the variable <makevar>NOCLEANDEPENDS</makevar> in your
+ environment. This may be particularly desirable if the port
+ has something that takes a long time to rebuild in its
+ dependency list, such as KDE, GNOME or Mozilla.</para>
+
+ <para>To depend on another port unconditionally, use the
+ variable <makevar>${NONEXISTENT}</makevar> as the first field
+ of <makevar>BUILD_DEPENDS</makevar> or
+ <makevar>RUN_DEPENDS</makevar>. Use this only when you need to
+ get the source of the other port. You can often save
+ compilation time by specifying the target too. For
+ instance
+
+ <programlisting>BUILD_DEPENDS= ${NONEXISTENT}:${PORTSDIR}/graphics/jpeg:extract</programlisting>
+
+ will always descend to the <literal>jpeg</literal> port and extract it.</para>
+
+ <para>Do not use <makevar>DEPENDS</makevar> unless there is no other
+ way the behavior you want can be accomplished. It will cause the
+ other port to always be built (and installed, by default), and the
+ dependency will go into the packages as well. If this is really
+ what you need, you should probably write it as
+ <literal>BUILD_DEPENDS</literal> and
+ <literal>RUN_DEPENDS</literal> instead&mdash;at least the
+ intention will be clear.</para>
+ </sect2>
+
+ <sect2>
+ <title>Circular dependencies are fatal</title>
+
+ <important>
+ <para>Do not introduce any circular dependencies into the
+ ports tree!</para>
+ </important>
+
+ <para>The ports building technology does not tolerate
+ circular dependencies. If you introduce one, you will have
+ someone, somewhere in the world, whose FreeBSD installation will
+ break almost immediately, with many others quickly to follow.
+ These can really be hard to detect; if in doubt, before
+ you make that change, make sure you have done the following:
+ <command>cd /usr/ports; make index</command>. That process
+ can be quite slow on older machines, but you may be able to
+ save a large number of people&mdash;including yourself&mdash;
+ a lot of grief in the process.</para>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="makefile-masterdir">
+ <title><makevar>MASTERDIR</makevar></title>
+
+ <para>If your port needs to build slightly different versions of
+ packages by having a variable (for instance, resolution, or paper
+ size) take different values, create one subdirectory per package to
+ make it easier for users to see what to do, but try to share as many
+ files as possible between ports. Typically you only need a very short
+ <filename>Makefile</filename> in all but one of the directories if you
+ use variables cleverly. In the sole <filename>Makefile</filename>,
+ you can use <makevar>MASTERDIR</makevar> to specify the directory
+ where the rest of the files are. Also, use a variable as part of
+ <link linkend="porting-pkgname"><makevar>PKGNAMESUFFIX</makevar></link> so
+ the packages will have different names.</para>
+
+ <para>This will be best demonstrated by an example. This is part of
+ <filename>japanese/xdvi300/Makefile</filename>;</para>
+
+ <programlisting>PORTNAME= xdvi
+PORTVERSION= 17
+PKGNAMEPREFIX= ja-
+PKGNAMESUFFIX= ${RESOLUTION}
+ :
+# default
+RESOLUTION?= 300
+.if ${RESOLUTION} != 118 && ${RESOLUTION} != 240 && \
+ ${RESOLUTION} != 300 && ${RESOLUTION} != 400
+ @${ECHO} "Error: invalid value for RESOLUTION: \"${RESOLUTION}\""
+ @${ECHO} "Possible values are: 118, 240, 300 (default) and 400."
+ @${FALSE}
+.endif</programlisting>
+
+ <para><filename role="package">japanese/xdvi300</filename> also has all the regular
+ patches, package files, etc. If you type <command>make</command>
+ there, it will take the default value for the resolution (300) and
+ build the port normally.</para>
+
+ <para>As for other resolutions, this is the <emphasis>entire</emphasis>
+ <filename>xdvi118/Makefile</filename>:</para>
+
+ <programlisting>RESOLUTION= 118
+MASTERDIR= ${.CURDIR}/../xdvi300
+
+.include "${MASTERDIR}/Makefile"</programlisting>
+
+ <para>(<filename>xdvi240/Makefile</filename> and
+ <filename>xdvi400/Makefile</filename> are similar). The
+ <makevar>MASTERDIR</makevar> definition tells
+ <filename>bsd.port.mk</filename> that the regular set of
+ subdirectories like <makevar>FILESDIR</makevar> and
+ <makevar>SCRIPTDIR</makevar> are to be found under
+ <filename>xdvi300</filename>. The <literal>RESOLUTION=118</literal>
+ line will override the <literal>RESOLUTION=300</literal> line in
+ <filename>xdvi300/Makefile</filename> and the port will be built with
+ resolution set to 118.</para>
+ </sect1>
+
+ <sect1 id="makefile-manpages">
+ <title>Manpages</title>
+
+ <para>The <makevar>MAN[1-9LN]</makevar> variables will automatically add
+ any manpages to <filename>pkg-plist</filename> (this means you must
+ <emphasis>not</emphasis> list manpages in the
+ <filename>pkg-plist</filename>&mdash;see <link
+ linkend="plist-sub">generating PLIST</link> for more). It also
+ makes the install stage automatically compress or uncompress manpages
+ depending on the setting of <makevar>NOMANCOMPRESS</makevar> in
+ <filename>/etc/make.conf</filename>.</para>
+
+ <para>If your port tries to install multiple names for manpages using
+ symlinks or hardlinks, you must use the <makevar>MLINKS</makevar>
+ variable to identify these. The link installed by your port will
+ be destroyed and recreated by <filename>bsd.port.mk</filename>
+ to make sure it points to the correct file. Any manpages
+ listed in MLINKS must not be listed in the
+ <filename>pkg-plist</filename>.</para>
+
+ <para>To specify whether the manpages are compressed upon installation,
+ use the <makevar>MANCOMPRESSED</makevar> variable. This variable can
+ take three values, <literal>yes</literal>, <literal>no</literal> and
+ <literal>maybe</literal>. <literal>yes</literal> means manpages are
+ already installed compressed, <literal>no</literal> means they are
+ not, and <literal>maybe</literal> means the software already respects
+ the value of <makevar>NOMANCOMPRESS</makevar> so
+ <filename>bsd.port.mk</filename> does not have to do anything
+ special.</para>
+
+ <para><makevar>MANCOMPRESSED</makevar> is automatically set to
+ <literal>yes</literal> if <makevar>USE_IMAKE</makevar> is set and
+ <makevar>NO_INSTALL_MANPAGES</makevar> is not set, and to
+ <literal>no</literal> otherwise. You do not have to explicitly define
+ it unless the default is not suitable for your port.</para>
+
+ <para>If your port anchors its man tree somewhere other than
+ <makevar>PREFIX</makevar>, you can use the
+ <makevar>MANPREFIX</makevar> to set it. Also, if only manpages in
+ certain sections go in a non-standard place, such as some <literal>perl</literal> modules
+ ports, you can set individual man paths using
+ <makevar>MAN<replaceable>sect</replaceable>PREFIX</makevar> (where
+ <replaceable>sect</replaceable> is one of <literal>1-9</literal>,
+ <literal>L</literal> or <literal>N</literal>).</para>
+
+ <para>If your manpages go to language-specific subdirectories, set the
+ name of the languages to <makevar>MANLANG</makevar>. The value of
+ this variable defaults to <literal>""</literal> (i.e., English
+ only).</para>
+
+ <para>Here is an example that puts it all together.</para>
+
+ <programlisting>MAN1= foo.1
+MAN3= bar.3
+MAN4= baz.4
+MLINKS= foo.1 alt-name.8
+MANLANG= "" ja
+MAN3PREFIX= ${PREFIX}/share/foobar
+MANCOMPRESSED= yes</programlisting>
+
+ <para>This states that six files are installed by this port;</para>
+
+ <programlisting>${PREFIX}/man/man1/foo.1.gz
+${PREFIX}/man/ja/man1/foo.1.gz
+${PREFIX}/share/foobar/man/man3/bar.3.gz
+${PREFIX}/share/foobar/man/ja/man3/bar.3.gz
+${PREFIX}/man/man4/baz.4.gz
+${PREFIX}/man/ja/man4/baz.4.gz</programlisting>
+
+ <para>Additionally <filename>${PREFIX}/man/man8/alt-name.8.gz</filename>
+ may or may not be installed by your port. Regardless, a
+ symlink will be made to join the foo(1) manpage and
+ alt-name(8) manpage.</para>
+
+ </sect1>
+
+ <sect1 id="makefile-info">
+ <title>Info files</title>
+
+ <para>If your package needs to install GNU info files, they should be
+ listed in the <makevar>INFO</makevar> variable (without the trailing
+ <literal>.info</literal>), and appropriate installation/de-installation
+ code will be automatically added to the temporary
+ <filename>pkg-plist</filename> before package registration.</para>
+ </sect1>
+
+ <sect1 id="makefile-options">
+ <title>Makefile Options</title>
+
+ <para>Some large applications can be built in a number of
+ configurations, adding functionality if one of a number of
+ libraries or applications is available. Examples include
+ choice of natural (human) language, GUI versus command-line,
+ or type of database to support. Since not all users
+ want those libraries or applications, the ports system
+ provides hooks that the port author can use to control which
+ configuration should be built. Supporting these properly will
+ make users happy, and effectively provide 2 or more ports for the
+ price of one.</para>
+
+ <sect2>
+ <title><makevar>KNOBS</makevar></title>
+
+ <sect3>
+ <title><makevar>WITH_<replaceable>*</replaceable></makevar> and
+ <makevar>WITHOUT_<replaceable>*</replaceable></makevar></title>
+
+ <para>These variables are designed to be set by the system
+ administrator. There are many that are standardized in
+ <filename>ports/Mk/bsd.*.mk</filename>; others are not,
+ which can be confusing. If you need to add such a
+ configuration variable, please consider using one of the
+ ones from the following list.</para>
+
+ <note>
+ <para>You should not assume that a
+ <makevar>WITH_<replaceable>*</replaceable></makevar>
+ necessarily has a corresponding
+ <makevar>WITHOUT_<replaceable>*</replaceable></makevar>
+ variable and vice versa. In general, the default is
+ simply assumed.</para>
+ </note>
+
+ <note>
+ <para>Unless otherwise specified, these variables are only
+ tested for being set or not set, rather than being set to
+ some kind of variable such as <literal>YES</literal> or
+ <literal>NO</literal>.</para>
+ </note>
+
+ <table frame="none">
+ <title>The <makevar>WITH_<replaceable>*</replaceable></makevar>
+ and <makevar>WITHOUT_<replaceable>*</replaceable></makevar>
+ variables</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+
+ <entry>Means</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>WITH_APACHE2</makevar></entry>
+
+ <entry>If set, use
+ <filename role="package">www/apache2</filename>
+ instead of the default of
+ <filename role="package">www/apache</filename>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WITH_BERKELEY_DB</makevar></entry>
+
+ <entry>Define this variable to specify the ability to
+ use a variant of the Berkeley database package such as
+ <filename role="package">databases/db41</filename>.
+ An associated variable,
+ <makevar>WITH_BDB_VER</makevar>, may be
+ set to values such as 2, 3, 4, 41 or 42.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WITH_MYSQL</makevar></entry>
+
+ <entry>Define this variable to specify the ability to
+ use a variant of the MySQL database package such as
+ <filename role="package">databases/mysql40-server</filename>.
+ An associated variable,
+ <makevar>WANT_MYSQL_VER</makevar>, may be
+ set to values such as 323, 40, 41, or 50.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WITHOUT_NLS</makevar></entry>
+
+ <entry>If set, says that internationalization is not
+ needed, which can save compile time. By default,
+ internationalization is used.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WITH_OPENSSL_BASE</makevar></entry>
+
+ <entry>Use the version of OpenSSL in the base system.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WITH_OPENSSL_PORT</makevar></entry>
+
+ <entry>Use the version of OpenSSL from
+ <filename role="package">security/openssh</filename>,
+ overwriting the version that was originally installed
+ in the base system.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WITH_POSTGRESQL</makevar></entry>
+
+ <entry>Define this variable to specify the ability to
+ use a variant of the PostGreSQL database package such as
+ <filename role="package">databases/postgresql72</filename>.
+ </entry>
+ </row>
+
+ <row>
+ <entry><makevar>WITHOUT_X11</makevar></entry>
+
+ <entry>If the port can be built both with and without
+ X support, then it should normally be built with
+ X support. If this variable is defined, then
+ the version that does not have X support should
+ be built instead.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ </sect3>
+
+ <sect3>
+ <title>Knob naming</title>
+ <para>It is recommended that porters use like-named knobs, for the
+ benefit of end-users and to help keep the number of knob names down.
+ A list of popular knob names can be found in the
+ <ulink url="http://www.freebsd.org/cgi/cvsweb.cgi/ports/KNOBS?rev=HEAD&amp;content-type=text/x-cvsweb-markup">KNOBS</ulink>
+ file.</para>
+
+ <para>Knob names should reflect what the knob is and does.
+ When a port has a lib-prefix in the <makevar>PORTNAME</makevar>
+ the lib-prefix should be dropped in knob naming.</para>
+
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title><makevar>OPTIONS</makevar></title>
+
+ <sect3>
+ <title>Background</title>
+ <para>The <makevar>OPTIONS</makevar> variable gives the user who
+ installs the port a dialog with the available options and saves
+ them to <filename>/var/db/ports/<replaceable>portname</replaceable>/options</filename>.
+ Next time when the port has to be rebuild, the options are reused.
+ Never again you will have to remember all the twenty
+ <makevar>WITH_<replaceable>*</replaceable></makevar> and
+ <makevar>WITHOUT_<replaceable>*</replaceable></makevar> options you
+ used to build this port!</para>
+
+ <para>When the user runs <command>make config</command> (or runs
+ <command>make build</command> for the first time), the framework will
+ check for
+ <filename>/var/db/ports/<replaceable>portname</replaceable>/options</filename>.
+ If that file does not exist, it will use the values of
+ <makevar>OPTIONS</makevar> to create a dialogbox where the options
+ can be enabled or disabled. Then the
+ <filename>options</filename> file is saved and the selected
+ variables will be used when building the port.</para>
+
+ <para>Use <command>make showconfig</command> to see the saved
+ configuration. Use <command>make rmconfig</command> to remove the
+ saved configuration.</para>
+ </sect3>
+
+ <sect3>
+ <title>Syntax</title>
+ <para>The syntax for the <makevar>OPTIONS</makevar> variable is:
+
+<programlisting>OPTIONS= OPTION "descriptive text" default ...
+</programlisting>
+
+ The value for default is either <literal>ON</literal> or
+ <literal>OFF</literal>. Multiple repetitions of these three fields
+ are allowed.</para>
+
+ <para><makevar>OPTIONS</makevar> definition must appear before
+ the inclusion of <filename>bsd.port.pre.mk</filename>.
+ The <makevar>WITH_*</makevar> and <makevar>WITHOUT_*</makevar>
+ variables can only be tested after the inclusion of
+ <filename>bsd.port.pre.mk</filename>. Due to a deficiency
+ in the infrastructure, you can only test
+ <makevar>WITH_*</makevar> variables for options, which are
+ <literal>OFF</literal> by default, and
+ <makevar>WITHOUT_*</makevar> variables for options, which
+ defaults to <literal>ON</literal>.</para>
+
+ <sect3>
+ <title>Example</title>
+ <example id="ports-options-simple-use">
+ <title>Simple use of <makevar>OPTIONS</makevar></title>
+ <para><programlisting>OPTIONS= FOO "Enable option foo" On \
+ BAR "Support feature bar" Off
+
+.include &lt;bsd.port.pre.mk&gt;
+
+.if defined(WITHOUT_FOO)
+CONFIGURE_ARGS+= --without-foo
+.else
+CONFIGURE_ARGS+= --with-foo
+.endif
+
+.if defined(WITH_BAR)
+RUN_DEPENDS+= bar:${PORTSDIR}/bar/bar
+.endif
+
+.include &lt;bsd.port.post.mk&gt;</programlisting></para>
+ </example>
+
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="makefile-wrkdir">
+ <title>Specifying the working directory</title>
+
+ <para>Each port is extracted in to a working directory, which must be
+ writable. The ports system defaults to having the
+ <makevar>DISTFILES</makevar> unpack in to a directory called
+ <literal>${DISTNAME}</literal>. In other words, if you have
+ set:</para>
+
+ <programlisting>PORTNAME= foo
+PORTVERSION= 1.0</programlisting>
+
+ <para>then the port's distribution files contain a top-level directory,
+ <filename>foo-1.0</filename>, and the rest of the files are located
+ under that directory.</para>
+
+ <para>There are a number of variables you can override if that is not the
+ case.</para>
+
+ <sect2>
+ <title><makevar>WRKSRC</makevar></title>
+
+ <para>The variable lists the name of the directory that is created when
+ the application's distfiles are extracted. If our previous example
+ extracted into a directory called <filename>foo</filename> (and not
+ <filename>foo-1.0</filename>) you would write:</para>
+
+ <programlisting>WRKSRC= ${WRKDIR}/foo</programlisting>
+
+ <para>or possibly</para>
+
+ <programlisting>WRKSRC= ${WRKDIR}/${PORTNAME}</programlisting>
+ </sect2>
+
+ <sect2>
+ <title><makevar>NO_WRKSUBDIR</makevar></title>
+
+ <para>If the port does not extract in to a subdirectory at all then
+ you should set <makevar>NO_WRKSUBDIR</makevar> to indicate
+ that.</para>
+
+ <programlisting>NO_WRKSUBDIR= yes</programlisting>
+ </sect2>
+ </sect1>
+
+ <sect1 id="conflicts">
+ <title><makevar>CONFLICTS</makevar></title>
+
+ <para>If your package cannot coexist with other packages
+ (because of file conflicts, runtime incompatibility, etc.),
+ list the other package names in the <makevar>CONFLICTS</makevar>
+ variable. You can use shell globs like <literal>*</literal> and
+ <literal>?</literal> here. Packages names should be
+ enumerated the same way they appear in
+ <filename>/var/db/pkg</filename>. Please make sure that
+ <makevar>CONFLICTS</makevar> does not match this port's
+ package itself, or else forcing its installation with
+ <makevar>FORCE_PKG_REGISTER</makevar> will no longer work.
+ </para>
+
+ <note>
+ <para><makevar>CONFLICTS</makevar> automatically sets
+ <makevar>IGNORE</makevar>, which is more fully documented
+ in <xref linkend="dads-noinstall">.</para>
+ </note>
+ </sect1>
+
+ </chapter>
+
+ <chapter id="special">
+ <title>Special considerations</title>
+
+ <para>There are some more things you have to take into account when you
+ create a port. This section explains the most common of those.</para>
+
+ <sect1 id="porting-shlibs">
+ <title>Shared Libraries</title>
+
+ <para>If your port installs one or more shared libraries, define a
+ <makevar>INSTALLS_SHLIB</makevar> make variable, which will instruct
+ a <filename>bsd.port.mk</filename> to run
+ <literal>&dollar;{LDCONFIG} -m</literal> on the directory where the
+ new library is installed (usually
+ <filename><makevar>PREFIX</makevar>/lib</filename>) during
+ <maketarget>post-install</maketarget> target to register it into the
+ shared library cache. This variable, when defined, will also
+ facilitate addition of an appropriate
+ <literal>@exec /sbin/ldconfig -m</literal> and
+ <literal>@unexec /sbin/ldconfig -R</literal> pair into your
+ <filename>pkg-plist</filename> file, so that a user who installed
+ the package can start using the shared library immediately and
+ de-installation will not cause the system to still believe the
+ library is there.</para>
+
+ <para>If you need, you can override the default location where the new
+ library is installed by defining the <makevar>LDCONFIG_DIRS</makevar>
+ make variable, which should contain a list of directories into which
+ shared libraries are to be installed. For example if your port
+ installs shared libraries into
+ <filename><makevar>PREFIX</makevar>/lib/foo</filename> and
+ <filename><makevar>PREFIX</makevar>/lib/bar</filename> directories
+ you could use the following in your
+ <filename>Makefile</filename>:</para>
+
+ <programlisting>INSTALLS_SHLIB= yes
+LDCONFIG_DIRS= %%PREFIX%%/lib/foo %%PREFIX%%/lib/bar</programlisting>
+
+ <para>Remember that non-standard directories will not be passed to
+ &man.ldconfig.8; on (re-)boot! If any port really
+ needs this to work, install a startup-script as
+ <filename role="package">x11/kdelibs3</filename> does. Please
+ double-check, often this is not necessary at all or can be avoided
+ through <literal>-rpath</literal> or setting <envar>LD_RUN_PATH</envar>
+ during linking (see <filename role="package">lang/moscow_ml</filename>
+ for an example), or through a shell-wrapper which sets
+ <makevar>LD_LIBRARY_PATH</makevar> before invoking the binary, like
+ <filename role="package">www/mozilla</filename> does.</para>
+
+ <para>Note that content of <makevar>LDCONFIG_DIRS</makevar> is passed
+ through &man.sed.1; just like the rest of <filename>pkg-plist</filename>,
+ so <makevar>PLIST_SUB</makevar> substitutions also apply here. It is
+ recommended that you use <literal>%%PREFIX%%</literal> for
+ <makevar>PREFIX</makevar>, <literal>%%LOCALBASE%%</literal> for
+ <makevar>LOCALBASE</makevar> and <literal>%%X11BASE%%</literal> for
+ <makevar>X11BASE</makevar>.</para>
+
+ <para>Try to keep shared library version numbers in the
+ <filename>libfoo.so.0</filename> format. Our runtime linker only
+ cares for the major (first) number.</para>
+
+ <para>When the major library version number increments in the update
+ to the new port version, all other ports that link to the affected
+ library should have their <makevar>PORTREVISION</makevar> incremented,
+ to force recompilation with the new library version.</para>
+
+ </sect1>
+
+ <sect1 id="porting-restrictions">
+ <title>Ports with distribution restrictions</title>
+
+ <para>Licenses vary, and some of them place restrictions on how the
+ application can be packaged, whether it can be sold for profit, and so
+ on.</para>
+
+ <important>
+ <para>It is your responsibility as a porter to read the licensing
+ terms of the software and make sure that the FreeBSD project will
+ not be held accountable for violating them by redistributing the
+ source or compiled binaries either via FTP/HTTP or CD-ROM. If in doubt,
+ please contact the &a.ports;.</para>
+ </important>
+
+ <para>In situations like this, the variables described in the following
+ sections can be set.</para>
+
+ <sect2>
+ <title><makevar>NO_PACKAGE</makevar></title>
+
+ <para>This variable indicates that we may not generate a binary
+ package of the application. For instance, the license may
+ disallow binary redistribution, or it may prohibit distribution
+ of packages created from patched sources.</para>
+
+ <para>However, the port's <makevar>DISTFILES</makevar> may be
+ freely mirrored on FTP/HTTP. They may also be distributed on
+ a CD-ROM (or similar media) unless <makevar>NO_CDROM</makevar>
+ is set as well.</para>
+
+ <para><makevar>NO_PACKAGE</makevar> should also be used if the binary
+ package is not generally useful, and the application should always
+ be compiled from the source code. For example, if the application
+ has configuration information that is site specific hard coded in to
+ it at compile time, set <makevar>NO_PACKAGE</makevar>.</para>
+
+ <para><makevar>NO_PACKAGE</makevar> should be set to a string
+ describing the reason why the package should not be
+ generated.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>NO_CDROM</makevar></title>
+
+ <para>This variable alone indicates that, although we are allowed
+ to generate binary packages, we may put neither those packages
+ nor the port's <makevar>DISTFILES</makevar> onto a CD-ROM (or
+ similar media) for resale. However, the binary packages and
+ the port's <makevar>DISTFILES</makevar> will still be available
+ via FTP/HTTP.</para>
+
+ <para> If this variable is set along with
+ <makevar>NO_PACKAGE</makevar>, then only the port's
+ <makevar>DISTFILES</makevar> will be available, and only via
+ FTP/HTTP.</para>
+
+ <para><makevar>NO_CDROM</makevar> should be set to a string
+ describing the reason why the port cannot be redistributed
+ on CD-ROM. For instance, this should be used if the port's license
+ is for <quote>non-commercial</quote> use only.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>RESTRICTED</makevar></title>
+
+ <para>Set this variable alone if the application's license permits
+ neither mirroring the application's <makevar>DISTFILES</makevar>
+ nor distributing the binary package in any way.</para>
+
+ <para><makevar>NO_CDROM</makevar> or <makevar>NO_PACKAGE</makevar>
+ should not be set along with <makevar>RESTRICTED</makevar>
+ since the latter variable implies the former ones.</para>
+
+ <para><makevar>RESTRICTED</makevar> should be set to a string
+ describing the reason why the port cannot be redistributed.
+ Typically, this indicates that the port contains proprietary
+ software and that the user will need to manually download the
+ <makevar>DISTFILES</makevar>, possibly after registering for the
+ software or agreeing to accept the terms of an
+ <acronym>EULA</acronym>.</para>
+ </sect2>
+
+ <sect2>
+ <title><makevar>RESTRICTED_FILES</makevar></title>
+
+ <para>When <makevar>RESTRICTED</makevar> or <makevar>NO_CDROM</makevar>
+ is set, this variable defaults to <literal>${DISTFILES}
+ ${PATCHFILES}</literal>, otherwise it is empty. If only some of the
+ distribution files are restricted, then set this variable to list
+ them.</para>
+
+ <para>Note that the port committer should add an entry to
+ <filename>/usr/ports/LEGAL</filename> for every listed distribution
+ file, describing exactly what the restriction entails.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="building">
+ <title>Building mechanisms</title>
+
+ <sect2 id="using-make">
+ <title><command>make</command>, <command>gmake</command>, and
+ <command>imake</command></title>
+
+ <para>If your port uses <application>GNU make</application>, set
+ <literal>USE_GMAKE=yes</literal>.</para>
+
+ <table frame="none">
+ <title>Variables for ports related to gmake</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+
+ <entry>Means</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>USE_GMAKE</makevar></entry>
+
+ <entry>The port requires <command>gmake</command> to
+ build.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>GMAKE</makevar></entry>
+
+ <entry>The full path for <command>gmake</command> if it is not
+ in the <envar>PATH</envar>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>If your port is an X application that creates
+ <filename>Makefile</filename> files from
+ <filename>Imakefile</filename> files using
+ <application>imake</application>, then set
+ <literal>USE_IMAKE=yes</literal>. This will cause the
+ configure stage to automatically do an <command>xmkmf -a</command>.
+ If the <option>-a</option> flag is a problem for your port, set
+ <literal>XMKMF=xmkmf</literal>. If the port uses
+ <application>imake</application> but does not understand the
+ <maketarget>install.man</maketarget> target,
+ <literal>NO_INSTALL_MANPAGES=yes</literal> should be set.</para>
+
+ <para>If your port's source <filename>Makefile</filename> has
+ something else than <maketarget>all</maketarget> as the main build
+ target, set <makevar>ALL_TARGET</makevar> accordingly. Same goes
+ for <maketarget>install</maketarget> and
+ <makevar>INSTALL_TARGET</makevar>.</para>
+
+ </sect2>
+
+ <sect2 id="using-configure">
+ <title><command>configure</command> script</title>
+
+ <para>If your port uses the <command>configure</command> script to
+ generate <filename>Makefile</filename> files from
+ <filename>Makefile.in</filename> files, set
+ <literal>GNU_CONFIGURE=yes</literal>. If you want to give extra
+ arguments to the <command>configure</command> script (the default
+ argument is <literal>--prefix=&dollar;{PREFIX}
+ &dollar;{CONFIGURE_TARGET}</literal>), set those
+ extra arguments in <makevar>CONFIGURE_ARGS</makevar>. Extra
+ environment variables can be passed using
+ <makevar>CONFIGURE_ENV</makevar> variable.</para>
+
+ <para>If your package uses GNU <command>configure</command>, and
+ the resulting executable file has a <quote>strange</quote> name
+ like
+ <filename>i386-portbld-freebsd4.7-</filename><replaceable>appname</replaceable>,
+ you will need to additionally override the
+ <makevar>CONFIGURE_TARGET</makevar> variable to specify the
+ target in the way required by scripts generated by recent
+ versions of <command>autoconf</command>. Add the following line
+ immediately after the <literal>GNU_CONFIGURE=yes</literal> line
+ in your <filename>Makefile</filename>:</para>
+
+ <para>
+ <literal>CONFIGURE_TARGET=--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}</literal>
+ </para>
+
+ <table frame="none">
+ <title>Variables for ports that use configure</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+
+ <entry>Means</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>GNU_CONFIGURE</makevar></entry>
+
+ <entry>The port uses <command>configure</command> script to
+ prepare build.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>HAS_CONFIGURE</makevar></entry>
+
+ <entry>Same as <makevar>GNU_CONFIGURE</makevar>, except
+ default configure target is not added to
+ <makevar>CONFIGURE_ARGS</makevar>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>CONFIGURE_ARGS</makevar></entry>
+
+ <entry>Additional arguments passed to
+ <command>configure</command> script.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>CONFIGURE_ENV</makevar></entry>
+
+ <entry>Additional environment variables to be set
+ for <command>configure</command> script run.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>CONFIGURE_TARGET</makevar></entry>
+
+ <entry>Override default configure target. Default value is
+ <literal>&dollar;{MACHINE_ARCH}-portbld-freebsd&dollar;{OSREL}</literal>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect2>
+ </sect1>
+
+ <sect1 id="using-autotools">
+ <title>Using GNU autotools</title>
+
+ <sect2 id="using-autotools-introduction">
+ <title>Introduction</title>
+
+ <para>The various GNU autotools provide an abstraction mechanism for
+ building a piece of software over a wide variety of operating
+ systems and machine architectures. Within the Ports Collection,
+ an individual port can make use of these tools via a simple
+ construct:</para>
+
+ <programlisting>USE_AUTOTOOLS= <replaceable>tool</replaceable>:<replaceable>version</replaceable>[:<replaceable>operation</replaceable>] ...</programlisting>
+
+ <para>At the time of writing, <replaceable>tool</replaceable> can be
+ one of <literal>libtool</literal>, <literal>libltdl</literal>,
+ <literal>autoconf</literal>, <literal>autoheader</literal>,
+ <literal>automake</literal> or <literal>aclocal</literal>.</para>
+
+ <para><replaceable>version</replaceable> specifies the particular
+ tool revision to be used (see
+ <literal>devel/{automake,autoconf,libtool}[0-9]+</literal> for
+ valid versions).</para>
+
+ <para><replaceable>operation</replaceable> is an optional extension
+ to modify how the tool is used.</para>
+
+ <para>Multiple tools can be specified at once, either by including
+ them all on a single line, or using the <literal>+=</literal>
+ Makefile construct.</para>
+
+ <para>Before proceeding any further, it cannot be stressed highly
+ enough that the constructs discussed here are for use ONLY in
+ building other ports. For cross-development work, the
+ <literal>devel/gnu-{automake,autoconf,libtool}</literal> ports
+ should be used, such as within an IDE. <filename
+ role="package">devel/anjuta</filename> and <filename
+ role="package">devel/kdevelop</filename> (GNOME and KDE
+ respectively) are good examples of how to achieve this.</para>
+
+ </sect2>
+
+ <sect2 id="using-libtool">
+ <title><command>libtool</command></title>
+
+ <para>Shared libraries using the GNU building framework usually use
+ <command>libtool</command> to adjust the compilation and
+ installation of shared libraries to match the specifics of the
+ underlying operating system. The Ports Collection provides a
+ number of versions of <command>libtool</command> modified for use by
+ &os;.</para>
+
+ <programlisting>USE_AUTOTOOLS= libtool:<replaceable>version</replaceable>[:inc|:env]</programlisting>
+
+ <para>With no additional operations,
+ <literal>libtool:<replaceable>version</replaceable></literal> tells
+ the building framework that the port uses
+ <command>libtool</command>, implying
+ <makevar>GNU_CONFIGURE</makevar>. The configure script will be
+ patched with the system-installed copy of
+ <command>libtool</command>. Further, a number of make and shell
+ variables will be assigned for onward use by the port. See
+ <filename>bsd.autotools.mk</filename> for details.</para>
+
+ <para>With the <literal>:inc</literal> operation, the environment
+ will be set up, and a slightly different set of patching will be
+ performed.</para>
+
+ <para>With the <literal>:env</literal> operation, only the
+ environment will be set up.</para>
+
+ <informaltable frame="none">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Previously</entry>
+
+ <entry><makevar>USE_AUTOTOOLS</makevar> construct</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literal>USE_LIBTOOL_VER=13</literal></entry>
+
+ <entry><literal>libtool:13</literal></entry>
+ </row>
+
+ <row>
+ <entry><literal>USE_INC_LIBTOOL_VER=15</literal></entry>
+
+ <entry><literal>libtool:15:inc</literal></entry>
+ </row>
+
+ <row>
+ <entry><literal>WANT_LIBTOOL_VER=15</literal></entry>
+
+ <entry><literal>libtool:15:env</literal></entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Finally, <makevar>LIBTOOLFLAGS</makevar> and
+ <makevar>LIBTOOLFILES</makevar> can be optionally set to override
+ the most likely arguments to, and files patched by,
+ <command>libtool</command>. Most ports are unlikely to need this.
+ See <filename>bsd.autotools.mk</filename> for further
+ details.</para>
+
+ </sect2>
+
+ <sect2 id="using-libltdl">
+ <title><command>libltdl</command></title>
+
+ <para>Some ports make use of the <command>libltdl</command> library
+ package, which is part of the <command>libtool</command> suite.
+ Use of this library does not automatically necessitate the use of
+ <command>libtool</command> itself, so a separate construct is
+ provided.</para>
+
+ <programlisting>USE_AUTOTOOLS= libltdl:<replaceable>version</replaceable></programlisting>
+
+ <para>Currently, all this does is to bring in a
+ <makevar>LIB_DEPENDS</makevar> on the appropriate
+ <command>libltdl</command> port, and is provided as a convenience
+ function to help eliminate any dependencies on the autotools ports
+ outside of the <makevar>USE_AUTOTOOLS</makevar> framework. There
+ are no optional operations for this tool.</para>
+
+ <informaltable frame="none">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Previously</entry>
+
+ <entry><makevar>USE_AUTOTOOLS</makevar> construct</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literal>USE_LIBLTDL=YES</literal></entry>
+
+ <entry><literal>libltdl:15</literal></entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ </sect2>
+
+ <sect2 id="using-autoconf">
+ <title><command>autoconf</command> and
+ <command>autoheader</command></title>
+
+ <para>Some ports do not contain a configure script, but do contain an
+ autoconf template in the <filename>configure.ac</filename> file.
+ You can use the following assignments to let
+ <command>autoconf</command> create the configure script, and also
+ have <command>autoheader</command> create template headers for use
+ by the configure script.</para>
+
+ <programlisting>USE_AUTOTOOLS= autoconf:<replaceable>version</replaceable>[:env]</programlisting>
+
+ <para>and</para>
+
+ <programlisting>USE_AUTOTOOLS= autoheader:<replaceable>version</replaceable></programlisting>
+
+ <para>which also implies the use of
+ <literal>autoconf:<replaceable>version</replaceable></literal>.</para>
+
+ <para>Similarly to <command>libtool</command>, the inclusion of the
+ optional <literal>:env</literal> operation simply sets up the
+ environment for further use. Without it, patching and
+ reconfiguration of the port is carried out.</para>
+
+ <informaltable frame="none">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Previously</entry>
+
+ <entry><makevar>USE_AUTOTOOLS</makevar> construct</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literal>USE_AUTOCONF_VER=213</literal></entry>
+
+ <entry><literal>autoconf:213</literal></entry>
+ </row>
+
+ <row>
+ <entry><literal>WANT_AUTOCONF_VER=259</literal></entry>
+
+ <entry><literal>autoconf:259:env</literal></entry>
+ </row>
+
+ <row>
+ <entry><literal>USE_AUTOHEADER_VER=253</literal></entry>
+
+ <entry><literal>autoheader:253</literal> (implies
+ <literal>autoconf:253</literal>)</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>The additional optional variables
+ <makevar>AUTOCONF_ARGS</makevar> and
+ <makevar>AUTOHEADER_ARGS</makevar> can be overridden by the port
+ <filename>Makefile</filename> if specifically requested. As with
+ the <command>libtool</command> equivalents, most ports are unlikely
+ to need this.</para>
+
+ </sect2>
+
+ <sect2 id="using-automake">
+ <title><command>automake</command> and
+ <command>aclocal</command></title>
+
+ <para>Some packages only contain <filename>Makefile.am</filename>
+ files. These have to be converted into
+ <filename>Makefile.in</filename> files using
+ <command>automake</command>, and the further processed by
+ <command>configure</command> to generate an actual
+ <filename>Makefile</filename>.</para>
+
+ <para>Similarly, packages occasionally do not ship with included
+ <filename>aclocal.m4</filename> files, again required to build the
+ software. This can be achieved with <command>aclocal</command>,
+ which scans <filename>configure.ac</filename> or
+ <filename>configure.in</filename>.</para>
+
+ <para><command>aclocal</command> has a similar relationship to
+ <command>automake</command> as <command>autoheader</command> does
+ to <command>autoconf</command>, described in the previous section.
+ <command>aclocal</command> implies the use of
+ <command>automake</command>, thus we have:</para>
+
+ <programlisting>USE_AUTOTOOLS= automake:<replaceable>version</replaceable>[:<replaceable>env</replaceable>]</programlisting>
+
+ <para>and</para>
+
+ <programlisting>USE_AUTOTOOLS= aclocal:<replaceable>version</replaceable></programlisting>
+
+ <para>which also implies the use of
+ <literal>automake:<replaceable>version</replaceable></literal>.</para>
+
+ <para>Similarly to <command>libtool</command> and
+ <command>autoconf</command>, the inclusion of the optional
+ <literal>:env</literal> operation simply sets up the environment
+ for further use. Without it, reconfiguration of the port is
+ carried out.</para>
+
+ <informaltable frame="none">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Previously</entry>
+
+ <entry><makevar>USE_AUTOTOOLS</makevar> construct</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><literal>USE_AUTOMAKE_VER=14</literal></entry>
+
+ <entry><literal>automake:14</literal></entry>
+ </row>
+
+ <row>
+ <entry><literal>WANT_AUTOMAKE_VER=15</literal></entry>
+
+ <entry><literal>automake:15:env</literal></entry>
+ </row>
+
+ <row>
+ <entry><literal>USE_ACLOCAL_VER=19</literal></entry>
+
+ <entry><literal>aclocal:19</literal> (implies
+ <literal>automake:19</literal>)</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>As with
+ <command>autoconf</command> and <command>autoheader</command>, both
+ <command>automake</command> and <command>aclocal</command> have
+ optional argument variables, <makevar>AUTOMAKE_ARGS</makevar> and
+ <makevar>ACLOCAL_ARGS</makevar> respectively, which may be
+ overriden by the port <filename>Makefile</filename> if
+ required.</para>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="using-perl">
+ <title>Using <literal>perl</literal></title>
+
+ <table frame="none">
+ <title>Variables for ports that use <literal>perl</literal></title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+
+ <entry>Means</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>USE_PERL5</makevar></entry>
+
+ <entry>Says that the port uses <literal>perl 5</literal> to build and run.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_PERL5_BUILD</makevar></entry>
+
+ <entry>Says that the port uses <literal>perl 5</literal> to build.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_PERL5_RUN</makevar></entry>
+
+ <entry>Says that the port uses <literal>perl 5</literal> to run.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PERL</makevar></entry>
+
+ <entry>The full path of <literal>perl 5</literal>, either in the
+ system or installed from a port, but without the version
+ number. Use this if you need to replace
+ <quote><literal>#!</literal></quote>lines in scripts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PERL_CONFIGURE</makevar></entry>
+
+ <entry>Configure using Perl's MakeMaker. It implies
+ <makevar>USE_PERL5</makevar>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PERL_MODBUILD</makevar></entry>
+
+ <entry>Configure, build and install using Module::Build. It
+ implies <makevar>PERL_CONFIGURE</makevar>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Read only variables</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>PERL_VERSION</makevar></entry>
+
+ <entry>The full version of <literal>perl</literal> installed (e.g.,
+ <literal>5.00503</literal>).</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PERL_VER</makevar></entry>
+
+ <entry>The short version of <literal>perl</literal> installed (e.g.,
+ <literal>5.005</literal>).</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PERL_LEVEL</makevar></entry>
+
+ <entry>The installed <literal>perl</literal> version as an integer of the form <literal>MNNNPP</literal>
+ (e.g., <literal>500503</literal>).</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PERL_ARCH</makevar></entry>
+
+ <entry>Where <literal>perl</literal> stores architecture dependent libraries.
+ Defaults to <literal>${ARCH}-freebsd</literal>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PERL_PORT</makevar></entry>
+
+ <entry>Name of the <literal>perl</literal> port that is
+ installed (e.g., <literal>perl5</literal>).</entry>
+ </row>
+
+ <row>
+ <entry><makevar>SITE_PERL</makevar></entry>
+
+ <entry>Directory name where site specific
+ <literal>perl</literal> packages go.
+ This value is added to PLIST_SUB.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <note>
+ <para>Ports of Perl modules, which do not have an official website,
+ should link <hostid>cpan.org</hostid> in the WWW line of a
+ <filename>pkg-descr</filename> file. The suggested URL scheme is
+ <literal>http://search.cpan.org/dist/Module-Name</literal>.</para>
+ </note>
+
+ </sect1>
+
+ <sect1 id="using-x11">
+ <title>Using X11</title>
+
+ <sect2 id="x11-variables">
+ <title>Variable definitions</title>
+
+ <table frame="none">
+ <title>Variables for ports that use X</title>
+
+ <tgroup cols="2">
+ <tbody>
+ <row>
+ <entry><makevar>USE_X_PREFIX</makevar></entry>
+
+ <entry>The port installs in <makevar>X11BASE</makevar>, not
+ <makevar>PREFIX</makevar>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_XLIB</makevar></entry>
+
+ <entry>The port uses the X libraries.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_MOTIF</makevar></entry>
+
+ <entry>The port uses the Motif toolkit. Implies
+ <makevar>USE_XPM</makevar>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_IMAKE</makevar></entry>
+
+ <entry>The port uses <command>imake</command>. Implies
+ <makevar>USE_X_PREFIX</makevar>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>XMKMF</makevar></entry>
+
+ <entry>Set to the path of <command>xmkmf</command> if not in the
+ <envar>PATH</envar>. Defaults to <literal>xmkmf
+ -a</literal>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <table frame="none">
+ <title>Variables for depending on individual parts of X11</title>
+
+ <tgroup cols="2">
+ <tbody>
+ <row>
+ <entry><makevar>X_IMAKE_PORT</makevar></entry>
+
+ <entry>Port providing <command>imake</command> and several
+ other utilities used to build X11.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_LIBRARIES_PORT</makevar></entry>
+
+ <entry>Port providing X11 libraries.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_CLIENTS_PORT</makevar></entry>
+
+ <entry>Port providing X clients.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_SERVER_PORT</makevar></entry>
+
+ <entry>Port providing X server.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTSERVER_PORT</makevar></entry>
+
+ <entry>Port providing font server.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_PRINTSERVER_PORT</makevar></entry>
+
+ <entry>Port providing print server.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_VFBSERVER_PORT</makevar></entry>
+
+ <entry>Port providing virtual framebuffer server.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_NESTSERVER_PORT</makevar></entry>
+
+ <entry>Port providing a nested X server.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTS_ENCODINGS_PORT</makevar></entry>
+
+ <entry>Port providing encodings for fonts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTS_MISC_PORT</makevar></entry>
+
+ <entry>Port providing miscellaneous bitmap fonts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTS_100DPI_PORT</makevar></entry>
+
+ <entry>Port providing 100dpi bitmap fonts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTS_75DPI_PORT</makevar></entry>
+
+ <entry>Port providing 75dpi bitmap fonts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTS_CYRILLIC_PORT</makevar></entry>
+
+ <entry>Port providing cyrillic bitmap fonts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTS_TTF_PORT</makevar></entry>
+
+ <entry>Port providing &truetype; fonts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_FONTS_TYPE1_PORT</makevar></entry>
+
+ <entry>Port providing Type1 fonts.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X_MANUALS_PORT</makevar></entry>
+
+ <entry>Port providing developer oriented manual pages</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <example id="using-x11-vars">
+ <title>Using X11 related variables in port</title>
+ <programlisting># Use X11 libraries and depend on
+# font server as well as cyrillic fonts.
+RUN_DEPENDS= ${X11BASE}/bin/xfs:${X_FONTSERVER_PORT} \
+ ${X11BASE}/lib/X11/fonts/cyrillic/crox1c.pcf.gz:${X_FONTS_CYRILLIC_PORT}
+
+USE_XLIB= yes</programlisting>
+ </example>
+
+ </sect2>
+
+ <sect2 id="x11-motif">
+ <title>Ports that require Motif</title>
+
+ <para>If your port requires a Motif library, define
+ <makevar>USE_MOTIF</makevar> in the <filename>Makefile</filename>.
+ Default Motif implementation is
+ <filename role="package">x11-toolkits/open-motif</filename>.
+ Users can choose
+ <filename role="package">x11-toolkits/lesstif</filename> instead
+ by setting <makevar>WANT_LESSTIF</makevar> variable.</para>
+
+ <para>The <makevar>MOTIFLIB</makevar> variable will be set by
+ <filename>bsd.port.mk</filename> to reference the appropriate
+ Motif library. Please patch the source of your port to
+ use <literal>&dollar;{MOTIFLIB}</literal> wherever the Motif library is referenced in the original
+ <filename>Makefile</filename> or
+ <filename>Imakefile</filename>.</para>
+
+ <para>There are two common cases:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>If the port refers to the Motif library as
+ <literal>-lXm</literal> in its <filename>Makefile</filename> or
+ <filename>Imakefile</filename>, simply substitute
+ <literal>&dollar;{MOTIFLIB}</literal> for it.</para>
+ </listitem>
+
+ <listitem>
+ <para>If the port uses <literal>XmClientLibs</literal> in its
+ <filename>Imakefile</filename>, change it to
+ <literal>&dollar;{MOTIFLIB} &dollar;{XTOOLLIB}
+ &dollar;{XLIB}</literal>.</para>
+ </listitem>
+
+ </itemizedlist>
+
+ <para>Note that <makevar>MOTIFLIB</makevar> (usually) expands to
+ <literal>-L/usr/X11R6/lib -lXm</literal> or
+ <literal>/usr/X11R6/lib/libXm.a</literal>, so there is no need to
+ add <literal>-L</literal> or <literal>-l</literal> in front.</para>
+
+ </sect2>
+
+ <sect2>
+ <title>X11 fonts</title>
+
+ <para>If your port installs fonts for the X Window System, put them in
+ <filename><makevar>X11BASE</makevar>/lib/X11/fonts/local</filename>.<para>
+
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="using-gnome">
+ <title>Using GNOME</title>
+
+ <para>The FreeBSD/GNOME project uses its own set of variables
+ to define which GNOME components a
+ particular port uses. A
+ <ulink url="http://www.FreeBSD.org/gnome/docs/porting.html">comprehensive
+ list of these variables</ulink> exists within the FreeBSD/GNOME
+ project's homepage.</para>
+
+ <note>
+ <para>Your port does not need to depend on GNOME if it merely installs
+ <application>pkg-config</application> metadata files to
+ <filename><makevar>PREFIX</makevar>/libdata/pkgconfig</filename>.
+ As usual, your port should be prepared to clean up after itself
+ and remove that directory if it becomes empty.
+ Assuming that your port installs a file named
+ <filename>gtkmumble.pc</filename> to the said location, just add
+ the following lines to <filename>pkg-plist</filename>:</para>
+
+ <programlisting>libdata/pkgconfig/gtkmumble.pc
+@unexec rmdir %B 2>/dev/null || true</programlisting>
+
+ <para>The latter line must appear immediately after the former one
+ so that <literal>%B</literal> expands correctly. Please refer
+ to &man.pkg.create.1; for a detailed description of the syntax
+ used in <filename>pkg-plist</filename>.</para>
+ </note>
+
+ </sect1>
+
+ <sect1 id="using-kde">
+ <title>Using KDE</title>
+
+ <table frame="none">
+ <title>Variables for ports that use KDE</title>
+
+ <tgroup cols="2">
+ <tbody>
+ <row>
+ <entry><makevar>USE_QT_VER</makevar></entry>
+
+ <entry>The port uses the Qt toolkit. Possible values are
+ <literal>1</literal> and
+ <literal>3</literal>; each specify the major version
+ of Qt to use. Sets both <makevar>MOC</makevar> and
+ <makevar>QTCPPFLAGS</makevar>to default appropriate
+ values.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_KDELIBS_VER</makevar></entry>
+
+ <entry>The port uses KDE libraries. Possible values are
+ <literal>3</literal>; each specify the major version
+ of KDE to use. Implies <makevar>USE_QT_VER</makevar>
+ of the appropriate version.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_KDEBASE_VER</makevar></entry>
+
+ <entry>The port uses KDE base. Possible values are
+ <literal>3</literal>; each specify the major version
+ of KDE to use. Implies <makevar>USE_KDELIBS_VER</makevar>
+ of the appropriate version.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>MOC</makevar></entry>
+
+ <entry>Set to the path of <command>moc</command>.
+ Default set according to <makevar>USE_QT_VER</makevar>
+ value.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>QTCPPFLAGS</makevar></entry>
+
+ <entry>Set the <makevar>CPPFLAGS</makevar> to use when
+ processing Qt code. Default set according to
+ <makevar>USE_QT_VER</makevar> value.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ </sect1>
+
+ <sect1 id="using-java">
+ <title>Using Java</title>
+
+ <sect2 id="java-variables">
+ <title>Variable definitions</title>
+
+ <para>If your port needs a Java&trade; Development Kit (JDK) to
+ either build, run or even extract the distfile, then it should
+ define <makevar>USE_JAVA</makevar>.</para>
+
+ <para>There are several JDKs in the ports collection, from various
+ vendors, and in several versions. If your port must use one of
+ these versions, you can define which one. The most current
+ version is <filename role="package">java/jdk14</filename>.</para>
+
+ <table frame="none">
+ <title>Variables that may be set by ports that use Java</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Means</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><makevar>USE_JAVA</makevar></entry>
+ <entry>Should be defined for the remaining variables to have any
+ effect.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_VERSION</makevar></entry>
+ <entry>List of space-separated suitable Java versions for
+ the port. An optional <literal>"+"</literal> allows you to
+ specify a range of versions (allowed values:
+ <literal>1.1[+] 1.2[+] 1.3[+] 1.4[+]</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_OS</makevar></entry>
+ <entry>List of space-separated suitable JDK port operating
+ systems for the port (allowed values: <literal>native
+ linux</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_VENDOR</makevar></entry>
+ <entry>List of space-separated suitable JDK port vendors for
+ the port (allowed values: <literal>freebsd bsdjava sun ibm
+ blackdown</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_BUILD</makevar></entry>
+ <entry>When set, it means that the selected JDK port should
+ be added to the build dependencies of the port.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_RUN</makevar></entry>
+ <entry>When set, it means that the selected JDK port should
+ be added to the run dependencies of the port.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_EXTRACT</makevar></entry>
+ <entry>When set, it means that the selected JDK port should
+ be added to the extract dependencies of the port.</entry>
+ </row>
+ <row>
+ <entry><makevar>USE_JIKES</makevar></entry>
+ <entry>Whether the port should or should not use the
+ <command>jikes</command> bytecode compiler to build. When
+ no value is set for this variable, the port will use
+ <command>jikes</command> to build if available. You may
+ also explicitly forbid or enforce the use of
+ <command>jikes</command> (by setting <literal>'no'</literal>
+ or <literal>'yes'</literal>). In the later case, <filename
+ role="package">devel/jikes</filename> will be added to build
+ dependencies of the port. In any case that <command>jikes</command>
+ is actually used in place of <command>javac</command>, then the
+ <makevar>HAVE_JIKES</makevar> variable is defined by
+ <filename>bsd.java.mk</filename>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>Below is the list of all settings a port will receive after
+ setting <makevar>USE_JAVA</makevar>:</para>
+
+ <table frame="none">
+ <title>Variables provided to ports that use Java</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><makevar>JAVA_PORT</makevar></entry>
+ <entry>The name of the JDK port (e.g.
+ <literal>'java/jdk14'</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_PORT_VERSION</makevar></entry>
+ <entry>The full version of the JDK port (e.g.
+ <literal>'1.4.2'</literal>). If you only need the first
+ two digits of this version number, use
+ <makevar>${JAVA_PORT_VERSION:C/^([0-9])\.([0-9])(.*)$/\1.\2/}</makevar>.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_PORT_OS</makevar></entry>
+ <entry>The operating system used by the JDK port (e.g.
+ <literal>'linux'</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_PORT_VENDOR</makevar></entry>
+ <entry>The vendor of the JDK port (e.g.
+ <literal>'sun'</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_PORT_OS_DESCRIPTION</makevar></entry>
+ <entry>Description of the operating system used by the JDK port
+ (e.g. <literal>'Linux'</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_PORT_VENDOR_DESCRIPTION</makevar></entry>
+ <entry>Description of the vendor of the JDK port (e.g.
+ <literal>'FreeBSD Foundation'</literal>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_HOME</makevar></entry>
+ <entry>Path to the installation directory of the JDK (e.g.
+ <filename>'/usr/local/jdk1.3.1'</filename>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVAC</makevar></entry>
+ <entry>Path to the Java compiler to use (e.g.
+ <filename>'/usr/local/jdk1.1.8/bin/javac'</filename> or
+ <filename>'/usr/local/bin/jikes'</filename>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAR</makevar></entry>
+ <entry>Path to the <command>jar</command> tool to use (e.g.
+ <filename>'/usr/local/jdk1.2.2/bin/jar'</filename> or
+ <filename>'/usr/local/bin/fastjar'</filename>).</entry>
+ </row>
+ <row>
+ <entry><makevar>APPLETVIEWER</makevar></entry>
+ <entry>Path to the <command>appletviewer</command> utility (e.g.
+ <filename>'/usr/local/linux-jdk1.2.2/bin/appletviewer'</filename>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA</makevar></entry>
+ <entry>Path to the <command>java</command> executable. Use
+ this for executing Java programs (e.g.
+ <filename>'/usr/local/jdk1.3.1/bin/java'</filename>).</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVADOC</makevar></entry>
+ <entry>Path to the <command>javadoc</command> utility
+ program.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVAH</makevar></entry>
+ <entry>Path to the <command>javah</command> program.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVAP</makevar></entry>
+ <entry>Path to the <command>javap</command> program.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_KEYTOOL</makevar></entry>
+ <entry>Path to the <command>keytool</command> utility program.
+ This variable is available only if the JDK is Java 1.2 or
+ higher.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_N2A</makevar></entry>
+ <entry>Path to the <command>native2ascii</command> tool.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_POLICYTOOL</makevar></entry>
+ <entry>Path to the <command>policytool</command> program.
+ This variable is available only if the JDK is Java 1.2 or
+ higher.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_SERIALVER</makevar></entry>
+ <entry>Path to the <command>serialver</command> utility
+ program.</entry>
+ </row>
+ <row>
+ <entry><makevar>RMIC</makevar></entry>
+ <entry>Path to the RMI stub/skeleton generator,
+ <command>rmic</command>.</entry>
+ </row>
+ <row>
+ <entry><makevar>RMIREGISTRY</makevar></entry>
+ <entry>Path to the RMI registry program,
+ <command>rmiregistry</command>.</entry>
+ </row>
+ <row>
+ <entry><makevar>RMID</makevar></entry>
+ <entry>Path to the RMI daemon program <command>rmid</command>.
+ This variable is only available if the JDK is Java 1.2
+ or higher.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVA_CLASSES</makevar></entry>
+ <entry>Path to the archive that contains the JDK class
+ files. On JDK 1.2 or later, this is
+ <filename>${JAVA_HOME}/jre/lib/rt.jar</filename>. Earlier
+ JDKs used
+ <filename>${JAVA_HOME}/lib/classes.zip</filename>.</entry>
+ </row>
+ <row>
+ <entry><makevar>HAVE_JIKES</makevar></entry>
+ <entry>Defined whenever <command>jikes</command> is used by
+ the port (see <makevar>USE_JIKES</makevar> above).</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>You may use the <literal>java-debug</literal> make target
+ to get information for debugging your port. It will display the
+ value of many of the forecited variables.</para>
+
+ <para>Additionally, the following constants are defined so all
+ Java ports may be installed in a consistent way:</para>
+
+ <table frame="none">
+ <title>Constants defined for ports that use Java</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Constant</entry>
+ <entry>Value</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><makevar>JAVASHAREDIR</makevar></entry>
+ <entry>The base directory for everything related to Java.
+ Default: <filename>${PREFIX}/share/java</filename>.
+ </entry>
+ </row>
+ <row>
+ <entry><makevar>JAVAJARDIR</makevar></entry>
+ <entry>The directory where JAR files should be installed.
+ Default:
+ <filename>${JAVASHAREDIR}/classes</filename>.</entry>
+ </row>
+ <row>
+ <entry><makevar>JAVALIBDIR</makevar></entry>
+ <entry>The directory where JAR files installed by other
+ ports are located. Default:
+ <filename>${LOCALBASE}/share/java/classes</filename>.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>The related entries are defined in both
+ <makevar>PLIST_SUB</makevar> (documented in
+ <xref linkend="plist-sub">) and
+ <makevar>SUB_LIST</makevar>.</para>
+
+ </sect2>
+
+ <sect2 id="java-building-with-ant">
+ <title>Building with Ant</title>
+
+ <para>When the port is to be built using Apache Ant, it has to
+ define <makevar>USE_ANT</makevar>. Ant is thus considered to be
+ the sub-make command. When no <literal>do-build</literal> target
+ is defined by the port, a default one will be set that simply
+ runs Ant according to <makevar>MAKE_ENV</makevar>,
+ <makevar>MAKE_ARGS</makevar> and <makevar>ALL_TARGETS</makevar>.
+ This is similar to the <makevar>USE_GMAKE</makevar> mechanism,
+ which is documented in <xref linkend="building">.</para>
+
+ <para>If <command>jikes</command> is used in place of
+ <command>javac</command> (see <makevar>USE_JIKES</makevar> in
+ <xref linkend="java-variables">), then Ant will automatically
+ use it to build the port.</para>
+
+ </sect2>
+
+ <sect2 id="java-best-practices">
+ <title>Best practices</title>
+
+ <para>When porting a Java library, your port should install the
+ JAR file(s) in <filename>${JAVAJARDIR}</filename>, and everything
+ else under <filename>${JAVASHAREDIR}/${PORTNAME}</filename>
+ (except for the documentation, see below). In order to reduce
+ the packing file size, you may reference the JAR file(s) directly
+ in the <filename>Makefile</filename>. Just use the following
+ statement (where <filename>myport.jar</filename> is the name
+ of the JAR file installed as part of the port):</para>
+
+ <programlisting>PLIST_FILES+= %%JAVAJARDIR%%/myport.jar</programlisting>
+
+ <para>When porting a Java application, the port usually installs
+ everything under a single directory (including its JAR
+ dependencies). The use of
+ <filename>${JAVASHAREDIR}/${PORTNAME}</filename> is strongly
+ encouraged in this regard. It is up the porter to decide
+ whether the port should install the additional JAR dependencies
+ under this directory or directly use the already installed ones
+ (from <filename>${JAVAJARDIR}</filename>).</para>
+
+ <para>Regardless of the type of your port (library or application),
+ the additional documentation should be installed in the
+ <link linkend="dads-documentation">same location</link> as for
+ any other port. The JavaDoc tool is known to produce a
+ different set of files depending on the version of the JDK that
+ is used. For ports that do not enforce the use of a particular
+ JDK, it is therefore a complex task to specify the packing list
+ (<filename>pkg-plist</filename>). This is one reason why
+ porters are strongly encouraged to use the
+ <makevar>PORTDOCS</makevar> macro. Moreover, even if you can
+ predict the set of files that will be generated by
+ <command>javadoc</command>, the size of the resulting
+ <filename>pkg-plist</filename> advocates for the use of
+ <makevar>PORTDOCS</makevar>.</para>
+
+ <para>The default value for <makevar>DATADIR</makevar> is
+ <filename>${PREFIX}/share/${PORTNAME}</filename>. It is a good
+ idea to override <makevar>DATADIR</makevar> to
+ <filename>${JAVASHAREDIR}/${PORTNAME}</filename> for Java ports.
+ Indeed, <makevar>DATADIR</makevar> is automatically added to
+ <makevar>PLIST_SUB</makevar> (documented in <xref
+ linkend="plist-sub">) so you may use
+ <literal>%%DATADIR%%</literal> directly in
+ <filename>pkg-plist</filename>.</para>
+
+ <para>As for the choice of building Java ports from source or
+ directly installing them from a binary distribution, there is
+ no defined policy at the time of writing. However, people from
+ the <ulink
+ url="http://www.freebsd.org/java/">&os; Java Project</ulink>
+ encourage porters to have their ports built from source whenever
+ it is a trivial task.</para>
+
+ <para>All the features that have been presented in this section
+ are implemented in <filename>bsd.java.mk</filename>. If you
+ ever think that your port needs more sophisticated Java support,
+ please first have a look at the <ulink
+ url="http://www.freebsd.org/cgi/cvsweb.cgi/ports/Mk/bsd.java.mk">
+ bsd.java.mk CVS log</ulink> as it usually takes some time to
+ document the latest features. Then, if you think the support
+ you are lacking would be beneficial to many other Java ports,
+ feel free to discuss it on the &a.java;.</para>
+
+ <para>Although there is a <literal>java</literal> category for
+ PRs, it refers to the JDK porting effort from the &os; Java
+ project. Therefore, you should submit your Java port in the
+ <literal>ports</literal> category as for any other port, unless
+ the issue you are trying to resolve is related to either a JDK
+ implementation or <filename>bsd.java.mk</filename>.</para>
+
+ <para>Similarly, there is a defined policy regarding the
+ <makevar>CATEGORIES</makevar> of a Java port, which is detailed
+ in <xref linkend="makefile-categories">.</para>
+
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="using-php">
+ <title>Using Apache and PHP</title>
+
+ <sect2 id="using-apache">
+ <title>Apache</title>
+
+ <table frame="none">
+ <title>Variables for ports that use Apache</title>
+
+ <tgroup cols="2">
+ <tbody>
+
+ <row>
+ <entry>USE_APACHE</entry>
+
+ <entry>The port requires Apache.</entry>
+ </row>
+
+ <row>
+ <entry>WITH_APACHE2</entry>
+
+ <entry>The port requires Apache 2.0. Without this variable,
+ the port will depend on Apache 1.3.</entry>
+ </row>
+
+ <row>
+ <entry>APXS</entry>
+
+ <entry>Full path to the <command>apxs</command> binary
+ (read-only variable).</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </table>
+
+ </sect2>
+
+ <sect2 id="php-variables">
+ <title>PHP</title>
+
+ <table frame="none">
+ <title>Variables for ports that use PHP</title>
+
+ <tgroup cols="2">
+ <tbody>
+ <row>
+ <entry><makevar>USE_PHP</makevar></entry>
+
+ <entry>The port requires PHP. The value <literal>yes</literal>
+ adds a dependency on PHP. The list of required PHP extensions
+ can be specified instead. Example: <literal>pcre xml
+ gettext</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>DEFAULT_PHP_VER</makevar></entry>
+
+ <entry>Selects which major version of PHP will be installed as
+ a dependency when no PHP is installed yet. Default is
+ <literal>4</literal>. Possible values: <literal>4</literal>,
+ <literal>5</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>BROKEN_WITH_PHP</makevar></entry>
+
+ <entry>The port does not work with PHP of the given version.
+ Possible values: <literal>4</literal>,
+ <literal>5</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_PHPIZE</makevar></entry>
+
+ <entry>The port will be built as a PHP extension.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_PHPEXT</makevar></entry>
+
+ <entry>The port will be treated as a PHP extension, including
+ installation and registration in the extension registry.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_PHP_BUILD</makevar></entry>
+
+ <entry>Set PHP as a build dependency.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WANT_PHP_CLI</makevar></entry>
+
+ <entry>Want the CLI (command line) version of PHP.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WANT_PHP_CGI</makevar></entry>
+
+ <entry>Want the CGI version of PHP.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WANT_PHP_MOD</makevar></entry>
+
+ <entry>Want the Apache module version of PHP.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WANT_PHP_SCR</makevar></entry>
+
+ <entry>Want the CLI or the CGI version of PHP.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WANT_PHP_WEB</makevar></entry>
+
+ <entry>Want the Apache module or the CGI version of PHP.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>WANT_PHP_PEAR</makevar></entry>
+
+ <entry>Want the PEAR framework.</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </table>
+
+ </sect2>
+
+ <sect2>
+ <title>PEAR modules</title>
+
+ <para>Porting PEAR modules is a very simple process.</para>
+
+ <para>Use the variables <makevar>FILES</makevar>,
+ <makevar>TESTS</makevar>, <makevar>DATA</makevar>,
+ <makevar>SQLS</makevar>, <makevar>SCRIPTFILES</makevar>,
+ <makevar>DOCS</makevar> and <makevar>EXAMPLES</makevar> to list the
+ files you want to install. All listed files will be automatically
+ installed into the appropriate locations and added to
+ <filename>pkg-plist</filename>.</para>
+
+ <para>Include
+ <filename>&dollar;{PORTSDIR}/devel/pear-PEAR/Makefile.common</filename>
+ on the last line of the <filename>Makefile</filename>.</para>
+
+ <example id="pear-makefile">
+ <title>Example Makefile for PEAR class</title>
+ <programlisting>PORTNAME= Date
+PORTVERSION= 1.4.3
+CATEGORIES= devel www pear
+
+MAINTAINER= example@domain.com
+COMMENT= PEAR Date and Time Zone Classes
+
+BUILD_DEPENDS= ${PEARDIR}/PEAR.php:${PORTSDIR}/devel/pear-PEAR
+RUN_DEPENDS= ${BUILD_DEPENDS}
+
+FILES= Date.php Date/Calc.php Date/Human.php Date/Span.php \
+ Date/TimeZone.php
+TESTS= test_calc.php test_date_methods_span.php testunit.php \
+ testunit_date.php testunit_date_span.php wknotest.txt \
+ bug674.php bug727_1.php bug727_2.php bug727_3.php \
+ bug727_4.php bug967.php weeksinmonth_4_monday.txt \
+ weeksinmonth_4_sunday.txt weeksinmonth_rdm_monday.txt \
+ weeksinmonth_rdm_sunday.txt
+DOCS= TODO
+_DOCSDIR= .
+
+.include &lt;bsd.port.pre.mk&gt;
+.include "&dollar;{PORTSDIR}/devel/pear-PEAR/Makefile.common"
+.include &lt;bsd.port.post.mk&gt;</programlisting>
+
+ </example>
+
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="using-python">
+ <title>Using Python</title>
+
+ <table frame="none">
+ <title>Most useful variables for ports that use Python</title>
+
+ <tgroup cols="2">
+ <tbody>
+ <row>
+ <entry><makevar>USE_PYTHON</makevar></entry>
+
+ <entry>The port needs Python. Minimal required version can be
+ specified with values such as <literal>2.3+</literal>.
+ Version ranges can also be specified, by separating two version
+ numbers with a dash, e.g.: <literal>2.1-2.3</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_PYDISTUTILS</makevar></entry>
+
+ <entry>Use Python distutils for configuring, compiling and
+ installing. This is required when the port comes with
+ <filename>setup.py</filename>. This overrides the
+ <maketarget>do-build</maketarget> and
+ <maketarget>do-install</maketarget> targets
+ and may also override <maketarget>do-configure</maketarget> if
+ <makevar>GNU_CONFIGURE</makevar> is not defined.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PYTHON_PKGNAMEPREFIX</makevar></entry>
+
+ <entry>Used as a <makevar>PKGNAMEPREFIX</makevar> to distinguish
+ packages for different Python versions.
+ Example: <literal>py24-</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>PYTHON_SITELIBDIR</makevar></entry>
+
+ <entry>Location of the site-packages tree, that contains
+ installation path of Python (usually <makevar>LOCALBASE</makevar>).
+ The <makevar>PYTHON_SITELIBDIR</makevar> variable can be very
+ useful when installing Python modules.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PYTHONPREFIX_SITELIBDIR</makevar></entry>
+
+ <entry>The PREFIX-clean variant of PYTHON_SITELIBDIR.
+ Always use
+ <literal>%%PYTHON_SITELIBDIR%%</literal> in
+ <filename>pkg-plist</filename> when possible. The default value of
+ <literal>%%PYTHON_SITELIBDIR%%</literal> is
+ <literal>lib/python%%PYTHON_VERSION%%/site-packages</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>PYTHON_CMD</makevar></entry>
+
+ <entry>Python interpreter command line, including version
+ number.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PYNUMERIC</makevar></entry>
+
+ <entry>Dependency line for numeric extension.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PYXML</makevar></entry>
+
+ <entry>Dependency line for XML extension (not needed for
+ Python 2.0 and higher as it is also in base distribution).</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_TWISTED</makevar></entry>
+
+ <entry>Add dependency on twistedCore. The list of required
+ components can be specified as a value of this
+ variable. Example: <literal>web lore pair
+ flow</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_ZOPE</makevar></entry>
+
+ <entry>Add dependency on Zope, a web application platform.
+ Change Python dependency to Python 2.3. Set
+ <makevar>ZOPEBASEDIR</makevar> containing a directory with
+ Zope installation.</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>A complete list of available variables can be found in
+ <filename>/usr/ports/Mk/bsd.python.mk</filename>.</para>
+
+ </sect1>
+
+ <sect1 id="using-emacs">
+ <title>Using Emacs</title>
+
+ <para>This section is yet to be written.</para>
+ </sect1>
+
+ <sect1 id="using-ruby">
+ <title>Using Ruby</title>
+
+ <table frame="none">
+ <title>Useful variables for ports that use Ruby</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><makevar>USE_RUBY</makevar></entry>
+
+ <entry>The port requires Ruby.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_RUBY_EXTCONF</makevar></entry>
+
+ <entry>The port uses <filename>extconf.rb</filename> to
+ configure.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>USE_RUBY_SETUP</makevar></entry>
+
+ <entry>The port uses <filename>setup.rb</filename> to
+ configure.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>RUBY_SETUP</makevar></entry>
+
+ <entry>Set to the alternative name of
+ <filename>setup.rb</filename>. Common value is
+ <filename>install.rb</filename>.</entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>The following table shows the selected variables available to port
+ authors via the ports infrastructure. These variables should be used
+ to install files into their proper locations. Use them in
+ <filename>pkg-plist</filename> as much as possible. These variables
+ should not be redefined in the port.</para>
+
+ <table frame="none">
+ <title>Selected read-only variables for ports that use Ruby</title>
+
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Description</entry>
+ <entry>Example value</entry>
+ </row>
+ </thead>
+ <tbody>
+
+ <row>
+ <entry><makevar>RUBY_PKGNAMEPREFIX</makevar></entry>
+
+ <entry>Used as a <makevar>PKGNAMEPREFIX</makevar> to distinguish
+ packages for different Ruby versions.</entry>
+
+ <entry><literal>ruby18-</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>RUBY_VERSION</makevar></entry>
+
+ <entry>Full version of Ruby in the form of
+ <literal>x.y.z</literal>.</entry>
+
+ <entry><literal>1.8.2</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>RUBY_SITELIBDIR</makevar></entry>
+
+ <entry>Architecture independent libraries installation
+ path.</entry>
+
+ <entry><literal>/usr/local/lib/ruby/site_ruby/1.8</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>RUBY_SITEARCHILIBDIR</makevar></entry>
+
+ <entry>Architecture dependent libraries installation
+ path.</entry>
+
+ <entry><literal>/usr/local/lib/ruby/site_ruby/1.8/amd64-freebsd6</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>RUBY_MODDOCDIR</makevar></entry>
+
+ <entry>Module documentation installation path.</entry>
+
+ <entry><literal>/usr/local/share/doc/ruby18/patsy</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>RUBY_MODEXAMPLESDIR</makevar></entry>
+
+ <entry>Module examples installation path.</entry>
+
+ <entry><literal>/usr/local/share/examples/ruby18/patsy</literal></entry>
+ </row>
+
+ </tbody>
+ </tgroup>
+ </table>
+
+ <para>A complete list of available variables can be found in
+ <filename>/usr/ports/Mk/bsd.ruby.mk</filename>.</para>
+
+ </sect1>
+
+ <sect1 id="using-sdl">
+ <title>Using SDL</title>
+
+ <para>The <makevar>USE_SDL</makevar> variable is used to autoconfigure
+ the dependencies for ports which use an SDL based library like
+ <filename role="package">devel/sdl12</filename> and
+ <filename role="package">x11-toolkits/sdl_gui</filename>.</para>
+
+ <para>The following SDL libraries are recognized at the moment:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>sdl: <filename role="package">devel/sdl12</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>gfx: <filename role="package">graphics/sdl_gfx</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>gui: <filename role="package">x11-toolkits/sdl_gui</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>image: <filename role="package">graphics/sdl_image</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>ldbad: <filename role="package">devel/sdl_ldbad</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>mixer: <filename role="package">audio/sdl_mixer</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>mm: <filename role="package">devel/sdlmm</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>net: <filename role="package">net/sdl_net</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>sound: <filename role="package">audio/sdl_sound</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>ttf: <filename role="package">graphics/sdl_ttf</filename></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Therefore, if a port has a dependency on
+ <filename role="package">net/sdl_net</filename> and
+ <filename role="package">audio/sdl_mixer</filename>,
+ the syntax will be:</para>
+
+ <programlisting>USE_SDL= net mixer</programlisting>
+
+ <para>The dependency <filename role="package">devel/sdl12</filename>,
+ which is required by <filename role="package">net/sdl_net</filename> and
+ <filename role="package">audio/sdl_mixer</filename>, is automatically
+ added as well.</para>
+
+ <para>If you use <makevar>USE_SDL</makevar>, it will automatically:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Add a dependency on <application>sdl12-config</application> to
+ <makevar>BUILD_DEPENDS</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para>Add the variable <makevar>SDL_CONFIG</makevar> to
+ <makevar>CONFIGURE_ENV</makevar></para>
+ </listitem>
+
+ <listitem>
+ <para>Add the dependencies of the selected libraries to the
+ <makevar>LIB_DEPENDS</makevar></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>To check whether an SDL library is available, you can do it
+ with the <makevar>WANT_SDL</makevar> variable:</para>
+
+ <programlisting>WANT_SDL=yes
+
+.include &lt;bsd.port.pre.mk&gt;
+
+.if ${HAVE_SDL:Mmixer}!=""
+USE_SDL+= mixer
+.endif
+
+.include &lt;bsd.port.post.mk&gt;</programlisting>
+
+ </sect1>
+
+ <sect1 id="rc-scripts">
+ <title>Starting and stopping services (rc scripts)</title>
+
+ <para>Startup scripts are used to start services on system
+ startup, and to give administrator a standard way of stopping,
+ starting and restarting the service. Ports integrates into
+ the system <filename>rc.d</filename> framework. Details on usage
+ can be found in
+ <ulink url="&url.books.handbook;/configtuning-rcng.html">the Handbook
+ chapter</ulink>. Detailed explanation of available commands is in
+ &man.rc.subr.8;.</para>
+
+ <para>One or more rc scripts can be installed:</para>
+
+ <programlisting>USE_RC_SUBR= doorman.sh</programlisting>
+
+ <para>Scripts must be placed in the <filename>files</filename>
+ subdirectory and a <literal>.in</literal> suffix must be added to their
+ filename. The only difference from a base system rc script is that the
+ <literal>.&nbsp;/etc/rc.subr</literal> line must be replaced with
+ <literal>.&nbsp;%%RC_SUBR%%</literal>, because older versions of &os;
+ do not have an <filename>/etc/rc.subr</filename> file. Standard
+ <makevar>SUB_LIST</makevar> expansions are used too. Especially using
+ <literal>%%PREFIX%%</literal> is advised. More on
+ <makevar>SUB_LIST</makevar> in <link
+ linkend="using-sub-files">the relevant section</link>.</para>
+
+ <para>Integration with &man.rcorder.8; is available by using
+ <makevar>USE_RCORDER</makevar> instead of
+ <makevar>USE_RC_SUBR</makevar>.
+
+ <para>Example simple rc script:</para>
+
+ <programlisting>#!/bin/sh
+
+# PROVIDE: doorman
+# REQUIRE: LOGIN
+# KEYWORD: FreeBSD
+
+#
+# Add the following lines to /etc/rc.conf to enable doorman:
+# doorman_enable (bool): Set to "NO" by default.
+# Set it to "YES" to enable doorman
+# doorman_config (path): Set to "%%PREFIX%%/etc/doormand/doormand.cf" by default.
+#
+
+. %%RC_SUBR%%
+
+name="doorman"
+rcvar=`set_rcvar`
+
+load_rc_config $name
+
+: ${doorman_enable="NO"}
+: ${doorman_config="%%PREFIX%%/etc/doormand/doormand.cf"}
+
+command=%%PREFIX%%/sbin/doormand
+pidfile=/var/run/doormand.pid
+command_args="-p $pidfile -f $doorman_config"
+
+run_rc_command "$1"</programlisting>
+
+ </sect1>
+ </chapter>
+
+ <chapter id="plist">
+ <title>Advanced <filename>pkg-plist</filename> practices</title>
+
+ <sect1 id="plist-sub">
+ <title>Changing <filename>pkg-plist</filename> based on make
+ variables</title>
+
+ <para>Some ports, particularly the <literal>p5-</literal> ports,
+ need to change their <filename>pkg-plist</filename> depending on
+ what options they are configured with (or version of
+ <literal>perl</literal>, in the case of <literal>p5-</literal>
+ ports). To make this easy, any instances in the
+ <filename>pkg-plist</filename> of <literal>%%OSREL%%</literal>,
+ <literal>%%PERL_VER%%</literal>, and
+ <literal>%%PERL_VERSION%%</literal> will be substituted for
+ appropriately. The value of <literal>%%OSREL%%</literal> is the
+ numeric revision of the operating system (e.g.,
+ <literal>4.9</literal>). <literal>%%PERL_VERSION%%</literal> is
+ the full version number of <command>perl</command> (e.g.,
+ <literal>5.00502</literal>) and <literal>%%PERL_VER%%</literal>
+ is the <command>perl</command> version number minus
+ the patchlevel (e.g., <literal>5.005</literal>). Several other
+ <literal>%%<replaceable>VARS</replaceable>%%</literal> related to
+ port's documentation files are described in <link
+ linkend="dads-documentation">the relevant section</link>.</para>
+
+ <para>If you need to make other substitutions, you can set the
+ <makevar>PLIST_SUB</makevar> variable with a list of
+ <literal><replaceable>VAR</replaceable>=<replaceable>VALUE</replaceable></literal>
+ pairs and instances of
+ <literal>%%<replaceable>VAR</replaceable>%%</literal> will be
+ substituted with <replaceable>VALUE</replaceable> in the
+ <filename>pkg-plist</filename>.</para>
+
+ <para>For instance, if you have a port that installs many files in a
+ version-specific subdirectory, you can put something like</para>
+
+ <programlisting>OCTAVE_VERSION= 2.0.13
+PLIST_SUB= OCTAVE_VERSION=${OCTAVE_VERSION}</programlisting>
+
+ <para>in the <filename>Makefile</filename> and use
+ <literal>%%OCTAVE_VERSION%%</literal> wherever the version shows up
+ in <filename>pkg-plist</filename>. That way, when you upgrade the port,
+ you will not have to change dozens (or in some cases, hundreds) of
+ lines in the <filename>pkg-plist</filename>.</para>
+
+ <para>This substitution (as well as addition of any <link
+ linkend="makefile-manpages">manual pages</link>) will be done between
+ the <maketarget>pre-install</maketarget> and
+ <maketarget>do-install</maketarget> targets, by reading from
+ <filename><makevar>PLIST</makevar></filename> and writing to
+ <filename><makevar>TMPPLIST</makevar></filename>
+ (default:
+ <filename><makevar>WRKDIR</makevar>/.PLIST.mktmp</filename>). So if
+ your port builds <filename><makevar>PLIST</makevar></filename>
+ on the fly, do so in or
+ before <maketarget>pre-install</maketarget>. Also, if your port
+ needs to edit the resulting file, do so in
+ <maketarget>post-install</maketarget> to a file named
+ <filename><makevar>TMPPLIST</makevar></filename>.</para>
+
+ <para>Another possibility to modify port's packing list is based
+ on setting the variables <makevar>PLIST_FILES</makevar> and
+ <makevar>PLIST_DIRS</makevar>. The value of each variable
+ is regarded as a list of pathnames to
+ write to <filename><makevar>TMPPLIST</makevar></filename>
+ along with <filename><makevar>PLIST</makevar></filename>
+ contents. Names listed in <makevar>PLIST_FILES</makevar>
+ and <makevar>PLIST_DIRS</makevar> are subject to
+ <literal>%%<replaceable>VAR</replaceable>%%</literal>
+ substitution, as described above.
+ Except for that, names from <makevar>PLIST_FILES</makevar>
+ will appear in the final packing list unchanged,
+ while <literal>@dirrm</literal> will be
+ prepended to names from <makevar>PLIST_DIRS</makevar>.
+ To take effect, <makevar>PLIST_FILES</makevar> and
+ <makevar>PLIST_DIRS</makevar> must be set before
+ <filename><makevar>TMPPLIST</makevar></filename> is written,
+ i.e. in <maketarget>pre-install</maketarget> or earlier.</para>
+ </sect1>
+
+ <sect1 id="plist-cleaning">
+ <title>Empty directories</title>
+
+ <sect2 id="plist-dir-cleaning">
+ <title>Cleaning up empty directories</title>
+
+ <para>Do make your ports remove empty directories when they are
+ de-installed. This is usually accomplished by adding
+ <literal>@dirrm</literal> lines for all directories that are
+ specifically created by the port. You need to delete subdirectories
+ before you can delete parent directories.</para>
+
+ <programlisting> :
+lib/X11/oneko/pixmaps/cat.xpm
+lib/X11/oneko/sounds/cat.au
+ :
+@dirrm lib/X11/oneko/pixmaps
+@dirrm lib/X11/oneko/sounds
+@dirrm lib/X11/oneko</programlisting>
+
+ <para>However, sometimes <literal>@dirrm</literal> will give you
+ errors because other ports share the same directory. You
+ can call <command>rmdir</command> from <literal>@unexec</literal> to
+ remove only empty directories without warning.</para>
+
+ <programlisting>@unexec rmdir %D/share/doc/gimp 2>/dev/null || true</programlisting>
+
+ <para>This will neither print any error messages nor cause
+ &man.pkg.delete.1; to exit abnormally even if
+ <filename><makevar>PREFIX</makevar>/share/doc/gimp</filename> is not
+ empty due to other ports installing some files in there.</para>
+ </sect2>
+
+ <sect2 id="plist-dir-empty">
+ <title>Creating empty directories</title>
+
+ <para>Empty directories created during port installation need special
+ attention. They will not get created when installing the package,
+ because packages only store the files, and &man.pkg.add.1; creates
+ directories for them as needed. To make sure the empty directory
+ is created when installing the package, add this line to
+ <filename>pkg-plist</filename> above the corresponding
+ <literal>@dirrm</literal> line:</para>
+
+ <programlisting>@exec mkdir -p %D/share/foo/templates</programlisting>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="plist-config">
+ <title>Configuration files</title>
+
+ <para>If your port requires some configuration files in
+ <filename><makevar>PREFIX</makevar>/etc</filename>, do
+ <emphasis>not</emphasis> just install them and list them in
+ <filename>pkg-plist</filename>. That will cause
+ &man.pkg.delete.1; to delete files carefully edited by
+ the user and a new installation to wipe them out.</para>
+
+ <para>Instead, install sample files with a suffix
+ (<filename><replaceable>filename</replaceable>.sample</filename>
+ will work well). Copy the sample file as the real configuration
+ file, if it does not exist. On deinstall, delete the configuration
+ file, but only if it was not modified by the user. You need to
+ handle this both in the port <filename>Makefile</filename>, and in
+ the <filename>pkg-plist</filename> (for installation from
+ the package).</para>
+
+ <para>Example of the <filename>Makefile</filename> part:</para>
+
+ <programlisting>post-install:
+ @if [ ! -f ${PREFIX}/etc/orbit.conf ]; then \
+ ${CP} -p ${PREFIX}/etc/orbit.conf.sample ${PREFIX}/etc/orbit.conf ; \
+ fi</programlisting>
+
+ <para>Example of the <filename>pkg-plist</filename> part:</para>
+
+ <programlisting>@unexec if cmp -s %D/etc/orbit.conf.sample %D/etc/orbit.conf; then rm -f %D/etc/orbit.conf; fi
+etc/orbit.conf.sample
+@exec if [ ! -f %D/etc/orbit.conf ] ; then cp -p %D/%F %B/orbit.conf; fi</programlisting>
+
+ <para>Alternatively, print out a <link
+ linkend="porting-message">message</link> pointing out that the
+ user has to copy and edit the file before the software can be made
+ to work.</para>
+ </sect1>
+
+ <sect1 id="plist-dynamic">
+ <title>Dynamic vs. static package list</title>
+
+ <para>A <emphasis>static package list</emphasis> is a package list
+ which is available in the Ports Collection either as a
+ <filename>pkg-plist</filename> file (with or without variable
+ substitution), or embedded into the <filename>Makefile</filename>
+ via <makevar>PLIST_FILES</makevar> and <makevar>PLIST_DIRS</makevar>.
+ Even if the contents are auto-generated by a tool or a target
+ in the Makefile <emphasis>before</emphasis> the inclusion into the
+ Ports Collection by a committer, this is still considered a
+ static list, since it is possible to examine it without having
+ to download or compile the distfile.</para>
+
+ <para>A <emphasis>dynamic package list</emphasis> is a package list
+ which is generated at the time the port is compiled based upon the
+ files and directories which are installed. It is not possible to
+ examine it before the source code of the ported application
+ is downloaded and compiled, or after running a <literal>make
+ clean</literal>.</para>
+
+ <para>While the use of dynamic package lists is not forbidden,
+ maintainers should use static package lists wherever possible, as it
+ enables users to &man.grep.1; through available ports to discover,
+ for example, which port installs a certain file. Dynamic lists
+ should be primarily used for
+ complex ports where the package list changes drastically based upon
+ optional features of the port (and thus maintaining a static package
+ list is infeasible), or ports which change the
+ package list based upon the version of dependent software used (e.g.
+ ports which generate docs with
+ <application>Javadoc</application>).</para>
+
+ <para>Maintainers who prefer dynamic package lists are encouraged to
+ add a new target to their port which generates the
+ <filename>pkg-plist</filename> file so that users may examine
+ the contents.</para>
+
+ </sect1>
+
+ <sect1 id="plist-autoplist">
+ <title>Automated package list creation</title>
+
+ <para>First, make sure your port is almost complete, with only
+ <filename>pkg-plist</filename> missing.</para>
+
+ <para>Next, create a temporary directory tree into which your port can be
+ installed, and install any dependencies.
+ <replaceable>port-type</replaceable> should be <literal>local</literal>
+ for non-X ports and <literal>x11-4</literal> or <literal>x11</literal>
+ for ports which install into the directory hierarchy of XFree86 4
+ or an earlier XFree86 release, respectively.</para>
+
+ <screen>&prompt.root; <userinput>mkdir /var/tmp/<replaceable>port-name</replaceable></userinput>
+&prompt.root; <userinput>mtree -U -f /etc/mtree/BSD.<replaceable>port-type</replaceable>.dist -d -e -p /var/tmp/<replaceable>port-name</replaceable></userinput>
+&prompt.root; <userinput>make depends PREFIX=/var/tmp/<replaceable>port-name</replaceable></userinput></screen>
+
+ <para>Store the directory structure in a new file.</para>
+
+ <screen>&prompt.root; <userinput>(cd /var/tmp/<replaceable>port-name</replaceable> && find -d * -type d) | sort &gt; OLD-DIRS</userinput></screen>
+
+ <para>Create an empty <filename>pkg-plist</filename> file:</para>
+
+ <screen>&prompt.root; <userinput>touch pkg-plist</userinput></screen>
+
+ <para>If your port honors <makevar>PREFIX</makevar> (which it should)
+ you can then install the port and create the package list.</para>
+
+ <screen>&prompt.root; <userinput>make install PREFIX=/var/tmp/<replaceable>port-name</replaceable></userinput>
+&prompt.root; <userinput>(cd /var/tmp/<replaceable>port-name</replaceable> && find -d * \! -type d) | sort &gt; pkg-plist</userinput></screen>
+
+ <para>You must also add any newly created directories to the packing
+ list.</para>
+
+ <screen>&prompt.root; <userinput>(cd /var/tmp/<replaceable>port-name</replaceable> && find -d * -type d) | sort | comm -13 OLD-DIRS - | sort -r | sed -e 's#^#@dirrm #' &gt;&gt; pkg-plist</userinput></screen>
+
+ <para>Finally, you need to tidy up the packing list by hand; it is not
+ <emphasis>all</emphasis> automated. Manual pages should be listed in
+ the port's <filename>Makefile</filename> under
+ <makevar>MAN<replaceable>n</replaceable></makevar>, and not in the
+ package list. User configuration files should be removed, or
+ installed as
+ <filename><replaceable>filename</replaceable>.sample</filename>.
+ The <filename>info/dir</filename> file should not be listed
+ and appropriate <filename>install-info</filename> lines should
+ be added as noted in the <link linkend="makefile-info">info
+ files</link> section. Any
+ libraries installed by the port should be listed as specified in the
+ <link linkend="porting-shlibs">shared libraries</link> section.</para>
+
+ <para>Alternatively, use the <command>plist</command> script in
+ <filename>/usr/ports/Tools/scripts/</filename> to build the
+ package list automatically. The first step is the same as
+ above: take the first three lines, that is,
+ <command>mkdir</command>, <command>mtree</command> and
+ <command>make depends</command>. Then build and install the
+ port:</para>
+
+ <screen>&prompt.root; <userinput>make install PREFIX=/var/tmp/<replaceable>port-name</replaceable></userinput></screen>
+
+ <para>And let <command>plist</command> create the
+ <filename>pkg-plist</filename> file:</para>
+
+ <screen>&prompt.root; <userinput>/usr/ports/Tools/scripts/plist -Md -m /etc/mtree/BSD.<replaceable>port-type</replaceable>.dist /var/tmp/<replaceable>port-name</replaceable> &gt; pkg-plist</userinput></screen>
+
+ <para>The packing list still has to be tidied up by hand as
+ stated above.</para>
+
+ </sect1>
+
+ </chapter>
+
+ <chapter id="pkg-files">
+ <title>The <filename>pkg-<replaceable>*</replaceable></filename> files</title>
+
+ <para>There are some tricks we have not mentioned yet about the
+ <filename>pkg-<replaceable>*</replaceable></filename> files
+ that come in handy sometimes.</para>
+
+ <sect1 id="porting-message">
+ <title><filename>pkg-message</filename></title>
+
+ <para>If you need to display a message to the installer, you may place
+ the message in <filename>pkg-message</filename>. This capability is
+ often useful to display additional installation steps to be taken
+ after a &man.pkg.add.1; or to display licensing
+ information.</para>
+
+ <note>
+ <para>The <filename>pkg-message</filename> file does not need to be
+ added to <filename>pkg-plist</filename>. Also, it will not get
+ automatically printed if the user is using the port, not the
+ package, so you should probably display it from the
+ <maketarget>post-install</maketarget> target yourself.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="pkg-install">
+ <title><filename>pkg-install</filename></title>
+
+ <para>If your port needs to execute commands when the binary package
+ is installed with &man.pkg.add.1; you can do this via the
+ <filename>pkg-install</filename> script. This script will
+ automatically be added to the package, and will be run twice by
+ &man.pkg.add.1;: the first time as
+ <literal>&dollar;{SH} pkg-install &dollar;{PKGNAME}
+ PRE-INSTALL</literal> and the second time as
+ <literal>&dollar;{SH} pkg-install &dollar;{PKGNAME} POST-INSTALL</literal>.
+ <literal>&dollar;2</literal> can be tested to determine which mode
+ the script is being run in. The <envar>PKG_PREFIX</envar>
+ environmental variable will be set to the package installation
+ directory. See &man.pkg.add.1; for
+ additional information.</para>
+
+ <note>
+ <para>This script is not run automatically if you install the port
+ with <command>make install</command>. If you are depending on it
+ being run, you will have to explicitly call it from your port's
+ <filename>Makefile</filename>, with a line like
+ <literal>PKG_PREFIX=&dollar;{PREFIX} &dollar;{SH} &dollar;{PKGINSTALL}
+ &dollar;{PKGNAME} PRE-INSTALL</literal>.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="pkg-deinstall">
+ <title><filename>pkg-deinstall</filename></title>
+
+ <para>This script executes when a package is removed.</para>
+
+ <para>
+ This script will be run twice by &man.pkg.delete.1;.
+ The first time as <literal>&dollar;{SH} pkg-deinstall &dollar;{PKGNAME}
+ DEINSTALL</literal> and the second time as
+ <literal>&dollar;{SH} pkg-deinstall &dollar;{PKGNAME} POST-DEINSTALL</literal>.
+ </para>
+ </sect1>
+
+ <sect1 id="pkg-req">
+ <title><filename>pkg-req</filename></title>
+
+ <para>If your port needs to determine if it should install or not, you
+ can create a <filename>pkg-req</filename> <quote>requirements</quote>
+ script. It will be invoked automatically at
+ installation/de-installation time to determine whether or not
+ installation/de-installation should proceed.</para>
+
+ <para>The script will be run at installation time by
+ &man.pkg.add.1; as
+ <literal>pkg-req &dollar;{PKGNAME} INSTALL</literal>.
+ At de-installation time it will be run by
+ &man.pkg.delete.1; as
+ <literal>pkg-req &dollar;{PKGNAME} DEINSTALL</literal>.</para>
+ </sect1>
+
+ <sect1 id="pkg-names">
+ <title id="porting-pkgfiles">Changing the names of
+ <filename>pkg-<replaceable>*</replaceable></filename> files</title>
+
+ <para>All the names of <filename>pkg-<replaceable>*</replaceable></filename> files
+ are defined using variables so you can change them in your
+ <filename>Makefile</filename> if need be. This is especially useful
+ when you are sharing the same <filename>pkg-<replaceable>*</replaceable></filename> files
+ among several ports or have to write to one of the above files (see
+ <link linkend="porting-wrkdir">writing to places other than
+ <makevar>WRKDIR</makevar></link> for why it is a bad idea to write
+ directly into the <filename>pkg-<replaceable>*</replaceable></filename> subdirectory).</para>
+
+ <para>Here is a list of variable names and their default
+ values. (<makevar>PKGDIR</makevar> defaults to
+ <makevar>${MASTERDIR}</makevar>.)</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Default value</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>DESCR</makevar></entry>
+ <entry><literal>${PKGDIR}/pkg-descr</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>PLIST</makevar></entry>
+ <entry><literal>${PKGDIR}/pkg-plist</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>PKGINSTALL</makevar></entry>
+ <entry><literal>${PKGDIR}/pkg-install</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>PKGDEINSTALL</makevar></entry>
+ <entry><literal>${PKGDIR}/pkg-deinstall</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>PKGREQ</makevar></entry>
+ <entry><literal>${PKGDIR}/pkg-req</literal></entry>
+ </row>
+
+ <row>
+ <entry><makevar>PKGMESSAGE</makevar></entry>
+ <entry><literal>${PKGDIR}/pkg-message</literal></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Please change these variables rather than overriding
+ <makevar>PKG_ARGS</makevar>. If you change
+ <makevar>PKG_ARGS</makevar>, those files will not correctly be
+ installed in <filename>/var/db/pkg</filename> upon install from a
+ port.</para>
+ </sect1>
+
+ <sect1 id="using-sub-files">
+ <title>Making use of <makevar>SUB_FILES</makevar> and
+ <makevar>SUB_LIST</makevar></title>
+
+ <para>The <makevar>SUB_FILES</makevar> and <makevar>SUB_LIST</makevar>
+ variables are useful for dynamic values in port files, such as the
+ installation <makevar>PREFIX</makevar> in
+ <filename>pkg-message</filename>.</para>
+
+ <para>The <makevar>SUB_FILES</makevar> variable specifies a list
+ of files to be automatically modified. Each
+ <replaceable>file</replaceable> in the
+ <makevar>SUB_FILES</makevar> list must have a corresponding
+ <filename><replaceable>file</replaceable>.in</filename> present
+ in <makevar>FILESDIR</makevar>. A modified version will
+ be created in <makevar>WRKDIR</makevar>. Files defined as a
+ value of <makevar>USE_RC_SUBR</makevar> and
+ <makevar>USE_RCORDER</makevar> are automatically added to
+ <makevar>SUB_FILES</makevar>. For the files
+ <filename>pkg-message</filename>,
+ <filename>pkg-install</filename>, <filename>pkg-deinstall</filename>
+ and <filename>pkg-reg</filename>, the corresponding Makefile variable
+ is automatically set to point to the processed version.</para>
+
+ <para>The <makevar>SUB_LIST</makevar> variable is a list of
+ <literal>VAR=VALUE</literal> pairs. For each pair
+ <literal>%%VAR%%</literal> will get replaced
+ with <literal>VALUE</literal> in each file listed in
+ <makevar>SUB_FILES</makevar>. Several common pairs are
+ automatically defined: <makevar>PREFIX</makevar>,
+ <makevar>LOCALBASE</makevar>, <makevar>X11BASE</makevar>,
+ <makevar>DATADIR</makevar>, <makevar>DOCSDIR</makevar>,
+ <makevar>EXAMPLESDIR</makevar>. Any line beginning with
+ <literal>@comment</literal> will be deleted from resulting files
+ after a variable substitution.</para>
+
+ <para>The following example will replace <literal>%%ARCH%%</literal>
+ with the system architecture
+ in a <filename>pkg-message</filename>:</para>
+
+ <programlisting>SUB_FILES= pkg-message
+SUB_LIST= ARCH=${ARCH}</programlisting>
+
+ <para>Note that for this example, the
+ <filename>pkg-message.in</filename> file must exist in
+ <makevar>FILESDIR</makevar>.</para>
+
+ <para>Example of a good <filename>pkg-message.in</filename>:</para>
+
+ <programlisting>Now it's time to configure this package.
+Copy %%PREFIX%%/share/examples/putsy/%%ARCH%%.conf into your home directory
+as .putsy.conf and edit it.</programlisting>
+
+ </sect1>
+ </chapter>
+
+ <chapter id="testing">
+ <title>Testing your port</title>
+
+ <sect1 id="make-describe">
+ <title>Running <command>make describe</command></title>
+
+ <para>Several of the &os; port maintenance tools, such as
+ &man.portupgrade.1;, rely on a database called
+ <filename>/usr/ports/INDEX</filename> which keeps track of such
+ items as port dependencies. <filename>INDEX</filename> is created
+ by the top-level <filename>ports/Makefile</filename> via
+ <command>make index</command>, which descends into each
+ port subdirectory and executes <command>make describe</command>
+ there. Thus, if <command>make describe</command> fails in any
+ port, no one can generate <filename>INDEX</filename>, and many
+ people will quickly become unhappy.</para>
+
+ <note>
+ <para>It is important to be able to generate this file no
+ matter what options are present in <filename>make.conf</filename>,
+ so please avoid doing things such as using <literal>.error</literal>
+ statements when (for instance) a dependency is not satisfied.
+ (See <xref linkend="dads-dot-error">.)</para>
+ </note>
+
+ <para>If <command>make describe</command> produces a string
+ rather than an error message, you are probably safe. See
+ <filename>bsd.port.mk</filename> for the meaning of the
+ string produced.</para>
+
+ <para>Also note that running a recent version of
+ <command>portlint</command> (as specified in the next section)
+ will cause <command>make describe</command> to be run
+ automatically.</para>
+ </sect1>
+
+ <sect1 id="testing-portlint">
+ <title>Portlint</title>
+
+ <para>Do check your work with <link
+ linkend="porting-portlint"><command>portlint</command></link>
+ before you submit or commit it. <command>portlint</command>
+ warns you about many common errors, both functional and
+ stylistic. For a new (or repocopied) port,
+ <command>portlint -A</command> is the most thorough; for an
+ existing port, <command>portlint -C</command> is sufficient.</para>
+
+ <para>Since <command>portlint</command> uses heuristics to
+ try to figure out errors, it can produce false positive
+ warnings. In addition, occasionally something that is
+ flagged as a problem really cannot be done in any other
+ way due to limitations in the ports framework. When in
+ doubt, the best thing to do is ask on &a.ports;.</para>
+ </sect1>
+
+ <sect1 id="porting-prefix">
+ <title><makevar>PREFIX</makevar></title>
+
+ <para>Do try to make your port install relative to
+ <makevar>PREFIX</makevar>. The value of this variable will be set
+ to <makevar>LOCALBASE</makevar> (default
+ <filename>/usr/local</filename>). If
+ <makevar>USE_X_PREFIX</makevar> or <makevar>USE_IMAKE</makevar> is
+ set, <makevar>PREFIX</makevar> will be <makevar>X11BASE</makevar> (default
+ <filename>/usr/X11R6</filename>). If
+ <makevar>USE_LINUX_PREFIX</makevar> is set, <makevar>PREFIX</makevar>
+ will be <makevar>LINUXBASE</makevar> (default
+ <filename>/compat/linux</filename>).</para>
+
+ <para>Avoiding the hard-coding of <filename>/usr/local</filename> or
+ <filename>/usr/X11R6</filename> anywhere in the source will make the
+ port much more flexible and able to cater to the needs of other
+ sites. For X ports that use <command>imake</command>, this is
+ automatic; otherwise, this can often be done by simply replacing the
+ occurrences of <filename>/usr/local</filename> (or
+ <filename>/usr/X11R6</filename> for X ports that do not use imake)
+ in the various <filename>scripts/Makefile</filename>s in the port to read
+ <makevar>${PREFIX}</makevar>, as this variable is automatically passed
+ down to every stage of the build and install processes.</para>
+
+ <para>Make sure your application is not installing things in
+ <filename>/usr/local</filename> instead of <makevar>PREFIX</makevar>.
+ A quick test for this is to do this is:</para>
+
+ <screen>&prompt.root; <userinput>make clean; make package PREFIX=/var/tmp/<replaceable>port-name</replaceable></userinput></screen>
+
+ <para>If anything is installed outside of <makevar>PREFIX</makevar>,
+ the package creation process will complain that it
+ cannot find the files.</para>
+
+ <!-- XXX This paragraph is confusing and poorly indented. -->
+ <para>This does not test for the existence of internal references,
+ or correct use of <makevar>LOCALBASE</makevar> for references to
+ files from other ports. Testing the installation in
+ <filename>/var/tmp/<replaceable>port-name</replaceable></filename>
+ to do that while you have it installed would do that.</para>
+
+ <para>Do not set <makevar>USE_X_PREFIX</makevar> unless your port
+ truly requires it (i.e., it links against X libs or it needs to
+ reference files in <makevar>X11BASE</makevar>).</para>
+
+ <para>The variable <makevar>PREFIX</makevar> can be reassigned in your
+ <filename>Makefile</filename> or in the user's environment.
+ However, it is strongly discouraged for individual ports to set this
+ variable explicitly in the <filename>Makefile</filename>s.</para>
+
+ <para>Also, refer to programs/files from other ports with the
+ variables mentioned above, not explicit pathnames. For instance, if
+ your port requires a macro <literal>PAGER</literal> to be the full
+ pathname of <command>less</command>, use the compiler flag:
+
+ <programlisting>-DPAGER=\"&dollar;{LOCALBASE}/bin/less\"</programlisting>
+
+ instead of
+ <literal>-DPAGER=\"/usr/local/bin/less\"</literal>. This way it will
+ have a better chance of working if the system administrator has
+ moved the whole <filename>/usr/local</filename> tree somewhere else.</para>
+ </sect1>
+ </chapter>
+
+ <chapter id="port-upgrading">
+ <title>Upgrading</title>
+
+ <para>When you notice that a port is out of date compared to the latest
+ version from the original authors, you should first ensure that you
+ have the latest
+ port. You can find them in the
+ <filename>ports/ports-current</filename> directory of the &os; FTP mirror
+ sites. However, if you are working with more than a few
+ ports, you will probably find it easier to use
+ <application>CVSup</application> to keep your whole ports collection
+ up-to-date, as described in the
+ <ulink url="&url.books.handbook;/synching.html#CVSUP-CONFIG">Handbook</ulink>.
+ This will have the added benefit of tracking all the ports'
+ dependencies.</para>
+
+ <para>The next step is to see if there is an update already pending.
+ To do this, you have two options. There is a searchable interface
+ to the
+ <ulink url="http://www.FreeBSD.org/cgi/query-pr-summary.cgi?query">
+ FreeBSD Problem Report (PR) database</ulink> (also known as
+ <literal>GNATS</literal>). Select <literal>ports</literal> in the
+ dropdown, and enter the name of the port.</para>
+
+ <para>However, sometimes people forget to put the name of the port
+ into the Synopsis field in an unambiguous fashion. In that case,
+ you can try the <link linkend="portsmon">
+ FreeBSD Ports Monitoring System</link> (also known as
+ <literal>portsmon</literal>). This system attempts to classify
+ port PRs by portname. To search for PRs about a particular port,
+ use the <ulink url="http://portsmon.FreeBSD.org/portoverview.py">
+ Overview of One Port</ulink>.</para>
+
+ <para>If there is no pending PR, the next step is to send an email
+ to the port's maintainer, as shown by
+ <command>make maintainer</command>. That person may
+ already be working on an upgrade, or have a reason to not upgrade the
+ port right now (because of, for example, stability problems of the new
+ version); you would not want to duplicate their work. Note that
+ unmaintained ports are listed with a maintainer of
+ <literal>ports@FreeBSD.org</literal>, which is just the general
+ ports mailing list, so sending mail there
+ probably will not help in this case.</para>
+
+ <para>If the maintainer asks you to do the upgrade or there is
+ no maintainer, then you have a chance to help out &os; by
+ preparing the update yourself! Please make the changes and save
+ the result of the
+ recursive <command>diff</command> output
+ of the new and old
+ ports directories (e.g., if your modified port directory is
+ called <filename>superedit</filename> and the original is in our tree
+ as <filename>superedit.bak</filename>, then save the result of
+ <command>diff -ruN superedit.bak superedit</command>). Either
+ unified or context diff is fine, but port committers generally
+ prefer unified diffs. Note the use of the <literal>-N</literal>
+ option&mdash;this is the accepted way to force diff to properly
+ deal with the case of new files being added or old files being
+ deleted. Before sending us the diff, please examine the
+ output to make sure all the changes make sense. To
+ simplify common operations with patch files, you can use
+ <filename>/usr/ports/Tools/scripts/patchtool.py</filename>.
+ Before using it, please read
+ <filename>/usr/ports/Tools/scripts/README.patchtool</filename>.</para>
+
+ <para>If the port is unmaintained, and you are actively using
+ it yourself, please consider volunteering to become its
+ maintainer. &os; has over 2000 ports without maintainers,
+ and this is an area where more volunteers are always needed.
+ (For a detailed description of the responsibilities of maintainers,
+ refer to the
+ <ulink url="&url.books.developers-handbook;/policies.html#POLICIES-MAINTAINER">
+ MAINTAINER on Makefiles</ulink> section.)</para>
+
+ <para> The best way to
+ send us the diff is by including it via &man.send-pr.1; (category
+ <literal>ports</literal>). If you are volunteering to maintain the
+ port,
+ be sure to put <literal>[maintainer update]</literal> at the beginning
+ of your synopsis line and set the <quote>Class</quote> of your PR
+ to <literal>maintainer-update</literal>. Otherwise, the
+ <quote>Class</quote> of your PR should be
+ <literal>change-request</literal>. Please mention any added or
+ deleted files in the message, as they have to be explicitly specified
+ to &man.cvs.1; when doing a commit. If the diff is more than about 20KB,
+ please compress and uuencode it; otherwise, just include it in the PR
+ as is.</para>
+
+ <para>Before you &man.send-pr.1;, you should review the
+ <ulink url="&url.articles.problem-reports;/pr-writing.html">
+ Writing the problem report</ulink> section in the Problem
+ Reports article; it contains far more information about how to write
+ useful problem reports.</para>
+
+ <important>
+ <para>If your upgrade is motivated by security concerns or a
+ serious fault in the currently committed port, please notify
+ the &a.portmgr; to request immediate rebuilding and
+ redistribution of your port's package. Unsuspecting users
+ of &man.pkg.add.1; will otherwise continue to install the
+ old version via <command>pkg_add -r</command> for several
+ weeks.</para>
+ </important>
+
+ <note>
+ <para>Once again, please use &man.diff.1; and not &man.shar.1; to send
+ updates to existing ports!</para>
+ </note>
+
+ <para>Now that you have done all that, you will want to read about
+ how to keep up-to-date in <xref linkend="keeping-up">.</para>
+
+ </chapter>
+
+ <chapter id="security">
+ <title>Ports security</title>
+
+ <sect1 id="security-intro">
+ <title>Why security is so important</title>
+
+ <para>Bugs are occasionally introduced to the software.
+ Arguably, the most dangerous of them are those opening
+ security vulnerabilities. From the technical viewpoint,
+ such vulnerabilities are to be closed by exterminating
+ the bugs that caused them. However, the policies for
+ handling mere bugs and security vulnerabilities are
+ very different.</para>
+
+ <para>A typical small bug affects only those users who have
+ enabled some combination of options triggering the bug.
+ The developer will eventually release a patch followed
+ by a new version of the software, free of the bug, but
+ the majority of users will not take the trouble of upgrading
+ immediately because the bug has never vexed them. A
+ critical bug that may cause data loss represents a graver
+ issue. Nevertheless, prudent users know that a lot of
+ possible accidents, besides software bugs, are likely to
+ lead to data loss, and so they make backups of important
+ data; in addition, a critical bug will be discovered
+ really soon.</para>
+
+ <para>A security vulnerability is all different. First,
+ it may remain unnoticed for years because often it does
+ not cause software malfunction. Second, a malicious party
+ can use it to gain unauthorized access to a vulnerable
+ system, to destroy or alter sensitive data; and in the
+ worst case the user will not even notice the harm caused.
+ Third, exposing a vulnerable system often assists attackers
+ to break into other systems that could not be compromised
+ otherwise. Therefore closing a vulnerability alone is
+ not enough: the audience should be notified of it in most
+ clear and comprehensive manner, which will allow to
+ evaluate the danger and take appropriate actions.</para>
+ </sect1>
+
+ <sect1 id="security-fix">
+ <title>Fixing security vulnerabilities</title>
+
+ <para>While on the subject of ports and packages, a security
+ vulnerability may initially appear in the original
+ distribution or in the port files. In the former case,
+ the original software developer is likely to release a
+ patch or a new version instantly, and you will
+ only need to update the port promptly with respect to
+ the author's fix. If the fix is delayed for some reason,
+ you should either <link linkend="dads-noinstall">mark the port as
+ <makevar>FORBIDDEN</makevar></link>
+ or introduce a patch file of your own to the port. In
+ the case of a vulnerable port, just fix the port as soon as
+ possible. In either case, <link linkend="port-upgrading">the
+ standard procedure for submitting your change</link> should
+ be followed unless you have rights to commit it directly
+ to the ports tree.</para>
+
+ <important>
+ <para>Being a ports committer is not enough to commit to
+ an arbitrary port. Remember that ports usually have
+ maintainers, whom you should respect.</para>
+ </important>
+
+ <para>Please make sure that the port's revision is bumped
+ as soon as the vulnerability has been closed.
+ That is how the users who upgrade installed packages
+ on a regular basis will see they need to run an update.
+ Besides, a new package will be built and distributed
+ over FTP and WWW mirrors, replacing the vulnerable one.
+ <makevar>PORTREVISION</makevar> should be bumped unless
+ <makevar>PORTVERSION</makevar> has changed in the course
+ of correcting the vulnerability. That is you should
+ bump <makevar>PORTREVISION</makevar> if you have added a
+ patch file to the port, but you should not if you have updated
+ the port to the latest software version and thus already
+ touched <makevar>PORTVERSION</makevar>. Please refer to the
+ <link linkend="makefile-naming-revepoch">corresponding section</link>
+ for more information.</para>
+ </sect1>
+
+ <sect1 id="security-notify">
+ <title>Keeping the community informed</title>
+
+ <sect2 id="security-notify-vuxml-db">
+ <title>The VuXML database</title>
+
+ <para>A very important and urgent step to take as early as
+ a security vulnerability is discovered is to notify the
+ community of port users about the jeopardy. Such
+ notification serves two purposes. First, should the danger
+ be really severe, it will be wise to apply an instant workaround,
+ e.g., stop the affected network service or even deinstall
+ the port completely, until the vulnerability is closed.
+ Second, a lot of users tend to upgrade installed packages
+ just occasionally. They will know from the notification
+ that they <emphasis>must</emphasis> update the package
+ without delay as soon as a corrected version is available.</para>
+
+ <para>Given the huge number of ports in the tree,
+ a security advisory cannot be issued on each incident
+ without creating a flood and losing the attention of
+ the audience by the time it comes to really serious
+ matters. Therefore security vulnerabilities found in
+ ports are recorded in <ulink
+ url="http://vuxml.freebsd.org/">the FreeBSD VuXML
+ database</ulink>. The Security Officer Team members
+ are monitoring it for issues requiring their
+ intervention.</para>
+
+ <para>If you have committer rights, you can update the VuXML
+ database by yourself. So you will both help the Security
+ Officer Team and deliver the crucial information to the
+ community earlier. However, if you are not a committer,
+ or you believe you have found an exceptionally severe
+ vulnerability, or whatever, please do not hesitate to
+ contact the Security Officer Team directly as described
+ on the <ulink
+ url="http://www.freebsd.org/security/#how">FreeBSD
+ Security Information</ulink> page.</para>
+
+ <para>All right, you elected the hard way. As it may be obvious
+ from its title, the VuXML database is essentially an
+ XML document. Its source file <filename>vuln.xml</filename>
+ is kept right inside the port <filename
+ role="package">security/vuxml</filename>. Therefore
+ the file's full pathname will be
+ <filename><envar>PORTSDIR</envar>/security/vuxml/vuln.xml</filename>.
+ Each time you discover a security vulnerability in a
+ port, please add an entry for it to that file.
+ Until you are familiar with VuXML, the best thing you can
+ do is to find an existing entry fitting your case, then copy
+ it and use as a template.</para>
+ </sect2>
+
+ <sect2 id="security-notify-vuxml-intro">
+ <title>A short introduction to VuXML</title>
+
+ <para>The full-blown XML is complex and far beyond the scope of
+ this book. However, to gain basic insight on the structure
+ of a VuXML entry, you need only the notion of tags. XML
+ tag names are enclosed in angle brackets. Each opening
+ &lt;tag&gt; must have a matching closing &lt;/tag&gt;.
+ Tags may be nested. If nesting, the inner tags must be
+ closed before the outer ones. There is a hierarchy of
+ tags, i.e. more complex rules of nesting them. Sounds
+ very similar to HTML, doesn't it? The major difference
+ is that XML is e<emphasis>X</emphasis>tensible, i.e. based
+ on defining custom tags. Due to its intrinsic structure,
+ XML puts otherwise amorphous data into shape. VuXML is
+ particularly tailored to mark up descriptions of security
+ vulnerabilities.</para>
+
+ <para>Now let's consider a realistic VuXML entry:</para>
+
+ <programlisting>&lt;vuln vid="f4bc80f4-da62-11d8-90ea-0004ac98a7b9"&gt; <co id="co-vx-vid">
+ &lt;topic&gt;Several vulnerabilities found in Foo&lt;/topic&gt; <co id="co-vx-top">
+ &lt;affects&gt;
+ &lt;package&gt;
+ &lt;name&gt;foo&lt;/name&gt; <co id="co-vx-nam">
+ &lt;name&gt;foo-devel&lt;/name&gt;
+ &lt;name&gt;ja-foo&lt;/name&gt;
+ &lt;range&gt;&lt;ge&gt;1.6&lt;/ge&gt;&lt;lt&gt;1.9&lt;/lt&gt;&lt;/range&gt; <co id="co-vx-rng">
+ &lt;range&gt;&lt;ge&gt;2.*&lt;/ge&gt;&lt;lt&gt;2.4_1&lt;/lt&gt;&lt;/range&gt;
+ &lt;range&gt;&lt;eq&gt;3.0b1&lt;/eq&gt;&lt;/range&gt;
+ &lt;/package&gt;
+ &lt;package&gt;
+ &lt;name&gt;openfoo&lt;/name&gt; <co id="co-vx-nm2">
+ &lt;range&gt;&lt;lt&gt;1.10_7&lt;/lt&gt;&lt;/range&gt; <co id="co-vx-epo">
+ &lt;range&gt;&lt;ge&gt;1.2,1&lt;/ge&gt;&lt;lt&gt;1.3_1,1&lt;/lt&gt;&lt;/range&gt;
+ &lt;/package&gt;
+ &lt;/affects&gt;
+ &lt;description&gt;
+ &lt;body xmlns="http://www.w3.org/1999/xhtml"&gt;
+ &lt;p&gt;J. Random Hacker reports:&lt;/p&gt; <co id="co-vx-bdy">
+ &lt;blockquote
+ cite="http://j.r.hacker.com/advisories/1"&gt;
+ &lt;p&gt;Several issues in the Foo software may be exploited
+ via carefully crafted QUUX requests. These requests will
+ permit the injection of Bar code, mumble theft, and the
+ readability of the Foo administrator account.&lt;/p&gt;
+ &lt;/blockquote&gt;
+ &lt;/body&gt;
+ &lt;/description&gt;
+ &lt;references&gt; <co id="co-vx-ref">
+ &lt;freebsdsa&gt;SA-10:75.foo&lt;/freebsdsa&gt; <co id="co-vx-fsa">
+ &lt;freebsdpr&gt;ports/987654&lt;/freebsdpr&gt; <co id="co-vx-fpr">
+ &lt;cvename&gt;CAN-2010-0201&lt;/cvename&gt; <co id="co-vx-cve">
+ &lt;cvename&gt;CAN-2010-0466&lt;/cvename&gt;
+ &lt;bid&gt;96298&lt;/bid&gt; <co id="co-vx-bid">
+ &lt;certsa&gt;CA-2010-99&lt;/certsa&gt; <co id="co-vx-cts">
+ &lt;certvu&gt;740169&lt;/certvu&gt; <co id="co-vx-ctv">
+ &lt;uscertsa&gt;SA10-99A&lt;/uscertsa&gt; <co id="co-vx-ucs">
+ &lt;uscertta&gt;SA10-99A&lt;/uscertta&gt; <co id="co-vx-uct">
+ &lt;mlist msgid="201075606@hacker.com"&gt;http://marc.theaimsgroup.com/?l=bugtraq&amp;amp;m=203886607825605&lt;/mlist&gt; <co id="co-vx-mls">
+ &lt;url&gt;http://j.r.hacker.com/advisories/1&lt;/url&gt; <co id="co-vx-url">
+ &lt;/references&gt;
+ &lt;dates&gt;
+ &lt;discovery&gt;2010-05-25&lt;/discovery&gt; <co id="co-vx-dsc">
+ &lt;entry&gt;2010-07-13&lt;/entry&gt; <co id="co-vx-ent">
+ &lt;modified&gt;2010-09-17&lt;/entry&gt; <co id="co-vx-mod">
+ &lt;/dates&gt;
+&lt;/vuln&gt;</programlisting>
+
+ <para>The tag names are supposed to be self-descriptive,
+ so we shall take a closer look only at fields you will need
+ to fill in by yourself:</para>
+
+ <calloutlist>
+ <callout arearefs="co-vx-vid">
+ <para>This is the top-level tag of a VuXML entry. It has
+ a mandatory attribute, <literal>vid</literal>,
+ specifying a universally unique identifier (UUID) for
+ this entry (in quotes). You should generate a UUID
+ for each new VuXML entry (and do not forget to substitute
+ it for the template UUID unless you are writing the
+ entry from scratch). You can use &man.uuidgen.1; in
+ FreeBSD 5.x, or you may install the port <filename
+ role="package">devel/p5-Data-UUID</filename> and issue
+ the following command:</para>
+
+ <programlisting>perl -MData::UUID -le 'print lc new Data::UUID-&gt;create_str'</programlisting>
+ </callout>
+
+ <callout arearefs="co-vx-top">
+ <para>This is a one-line description of the issue found.</para>
+ </callout>
+
+ <callout arearefs="co-vx-nam">
+ <para>The names of packages affected are listed there.
+ Multiple names can be given since several packages may be
+ based on a single master port or software product. This
+ may include stable and development branches, localized
+ versions, and slave ports featuring different choices of
+ important build-time configuration options.</para>
+
+ <important>
+ <para>It is your responsibility to find all such related
+ packages when writing a VuXML entry. Keep in mind that
+ <literal>make search name=foo</literal> is your friend.
+ The primary points to look for are as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>the <filename>foo-devel</filename> variant
+ for a <filename>foo</filename> port;</para>
+ </listitem>
+
+ <listitem>
+ <para>other variants with a suffix like
+ <literal>-a4</literal> (for print-related packages),
+ <literal>-without-gui</literal> (for packages with X
+ support disabled), or similar;</para>
+ </listitem>
+
+ <listitem>
+ <para><literal>jp-</literal>, <literal>ru-</literal>,
+ <literal>zh-</literal>, and other possible localized
+ variants in the corresponding national categories of
+ the ports collection.</para>
+ </listitem>
+ </itemizedlist>
+ </important>
+ </callout>
+
+ <callout arearefs="co-vx-rng">
+ <para>Affected versions of the package(s) are specified
+ there as one or more ranges using a combination of
+ <literal>&lt;lt&gt;</literal>, <literal>&lt;le&gt;</literal>,
+ <literal>&lt;eq&gt;</literal>, <literal>&lt;ge&gt;</literal>,
+ and <literal>&lt;gt&gt;</literal> elements. The
+ version ranges given should not overlap.</para>
+
+ <para>In a range specification, <literal>*</literal> (asterisk)
+ denotes the smallest version number. In particular,
+ <literal>2.*</literal> is less than <literal>2.a</literal>.
+ Therefore an asterisk may be used for a range to match all
+ possible <literal>alpha</literal>, <literal>beta</literal>,
+ and <literal>RC</literal> versions. For instance,
+ <literal>&lt;ge&gt;2.*&lt;/ge&gt;&lt;lt&gt;3.*&lt;/lt&gt;</literal>
+ will selectively match every <literal>2.x</literal> version while
+ <literal>&lt;ge&gt;2.0&lt;/ge&gt;&lt;lt&gt;3.0&lt;/lt&gt;</literal>
+ will obviously not since the latter misses
+ <literal>2.r3</literal> and matches
+ <literal>3.b</literal>.</para>
+
+ <para>The above example
+ specifies that affected are versions from <literal>1.6</literal>
+ to <literal>1.9</literal> inclusive, versions
+ <literal>2.x</literal> before <literal>2.4_1</literal>,
+ and version <literal>3.0b1</literal>.</para>
+ </callout>
+
+ <callout arearefs="co-vx-nm2">
+ <para>Several related package groups (essentially, ports)
+ can be listed in the <literal>&lt;affected&gt;</literal>
+ section. This can be used if several software products
+ (say FooBar, FreeBar and OpenBar) grow from the same code base
+ and still share its bugs and vulnerabilities. Note the
+ difference from listing multiple names within a single
+ &lt;package&gt; section.</para>
+ </callout>
+
+ <callout arearefs="co-vx-epo">
+ <para>The version ranges should allow for
+ <makevar>PORTEPOCH</makevar> and
+ <makevar>PORTREVISION</makevar> if applicable.
+ Please remember that according to the collation rules,
+ a version with a non-zero <makevar>PORTEPOCH</makevar> is
+ greater than any version without
+ <makevar>PORTEPOCH</makevar>, e.g., <literal>3.0,1</literal>
+ is greater than <literal>3.1</literal> or even than
+ <literal>8.9</literal>.</para>
+ </callout>
+
+ <callout arearefs="co-vx-bdy">
+ <para>This is a summary of the issue.
+ XHTML is used in this field. At least enclosing
+ <literal>&lt;p&gt;</literal> and <literal>&lt;/p&gt;</literal>
+ should appear. More complex mark-up may be used, but only for
+ the sake of accuracy and clarity: No eye candy please.</para>
+ </callout>
+
+ <callout arearefs="co-vx-ref">
+ <para>This section contains references to relevant documents.
+ As many references as apply are encouraged.</para>
+ </callout>
+
+ <callout arearefs="co-vx-fsa">
+ <para>This is a
+ <ulink url="http://www.freebsd.org/security/#adv">FreeBSD
+ security advisory</ulink>.</para>
+ </callout>
+
+ <callout arearefs="co-vx-fpr">
+ <para>This is a
+ <ulink url="http://www.freebsd.org/support.html#gnats">FreeBSD
+ problem report</ulink>.</para>
+ </callout>
+
+ <callout arearefs="co-vx-cve">
+ <para>This is a <ulink url="http://www.cve.mitre.org/">Mitre
+ CVE</ulink> identifier.</para>
+ </callout>
+
+ <callout arearefs="co-vx-bid">
+ <para>This is a
+ <ulink url="http://www.securityfocus.com/bid">SecurityFocus
+ Bug ID</ulink>.</para>
+ </callout>
+
+ <callout arearefs="co-vx-cts">
+ <para>This is a
+ <ulink url="http://www.cert.org/">US-CERT</ulink>
+ security advisory.</para>
+ </callout>
+
+ <callout arearefs="co-vx-ctv">
+ <para>This is a
+ <ulink url="http://www.cert.org/">US-CERT</ulink>
+ vulnerability note.</para>
+ </callout>
+
+ <callout arearefs="co-vx-ucs">
+ <para>This is a
+ <ulink url="http://www.cert.org/">US-CERT</ulink>
+ Cyber Security Alert.</para>
+ </callout>
+
+ <callout arearefs="co-vx-uct">
+ <para>This is a
+ <ulink url="http://www.cert.org/">US-CERT</ulink>
+ Technical Cyber Security Alert.</para>
+ </callout>
+
+ <callout arearefs="co-vx-mls">
+ <para>This is a URL to an archived posting in a mailing list.
+ The attribute <literal>msgid</literal> is optional and
+ may specify the message ID of the posting.</para>
+ </callout>
+
+ <callout arearefs="co-vx-url">
+ <para>This is a generic URL. It should be used only if none of
+ the other reference categories apply.</para>
+ </callout>
+
+ <callout arearefs="co-vx-dsc">
+ <para>This is the date when the issue was disclosed
+ (<replaceable>YYYY-MM-DD</replaceable>).</para>
+ </callout>
+
+ <callout arearefs="co-vx-ent">
+ <para>This is the date when the entry was added
+ (<replaceable>YYYY-MM-DD</replaceable>).</para>
+ </callout>
+
+ <callout arearefs="co-vx-mod">
+ <para>This is the date when any information in the entry
+ was last modified (<replaceable>YYYY-MM-DD</replaceable>).
+ New entries must not include this field. It should be added
+ upon editing an existing entry.</para>
+ </callout>
+ </calloutlist>
+ </sect2>
+
+ <sect2 id="security-notify-vuxml-testing">
+ <title>Testing your changes to the VuXML database</title>
+
+ <para>Assume you just wrote or filled in an entry for a
+ vulnerability in the package <literal>clamav</literal>
+ that has been fixed in version <literal>0.65_7</literal>.</para>
+
+ <para>As a prerequisite, you need to install fresh versions of the
+ ports <filename role="package">security/portaudit</filename> and
+ <filename role="package">security/portaudit-db</filename>.</para>
+
+ <para>First, check whether there already is an entry for this
+ vulnerability. If there were such entry, it would match the
+ previous version of the package,
+ <literal>0.65_6</literal>:</para>
+
+ <screen>&prompt.user; <userinput>packaudit</userinput>
+&prompt.user; <userinput>portaudit clamav-0.65_6</userinput></screen>
+
+ <note>
+ <para>To run <command>packaudit</command>, you must have
+ permission to write to its
+ <filename><makevar>DATABASEDIR</makevar></filename>,
+ typically <filename>/var/db/portaudit</filename>.</para>
+ </note>
+
+ <para>If there is none found, you get the green light to add
+ a new entry for this vulnerability. Now you can generate
+ a brand-new UUID (assume it's
+ <literal>74a9541d-5d6c-11d8-80e3-0020ed76ef5a</literal>) and
+ add your new entry to the VuXML database. Please verify
+ its syntax after that as follows:</para>
+
+ <screen>&prompt.user; <userinput>cd ${PORTSDIR}/security/vuxml && make validate</userinput></screen>
+
+ <note>
+ <para>You will need at least one of the following packages
+ installed: <filename role="package">textproc/libxml2</filename>,
+ <filename role="package">textproc/jade</filename>.</para>
+ </note>
+
+ <para>Now rebuild the <command>portaudit</command> database
+ from the VuXML file:</para>
+
+ <screen>&prompt.user; <userinput>packaudit</userinput></screen>
+
+ <para>To verify that the <literal>&lt;affected&gt;</literal>
+ section of your entry will match correct package(s), issue
+ the following command:</para>
+
+ <screen>&prompt.user; <userinput>portaudit -f /usr/ports/INDEX -r 74a9541d-5d6c-11d8-80e3-0020ed76ef5a</userinput></screen>
+
+ <note>
+ <para>Please refer to &man.portaudit.1; for better understanding
+ of the command syntax.</para>
+ </note>
+
+ <para>Make sure that your entry produces no spurious matches
+ in the output.</para>
+
+ <para>Now check whether the right package versions are matched
+ by your entry:</para>
+
+ <screen>&prompt.user; <userinput>portaudit clamav-0.65_6 clamav-0.65_7</userinput>
+Affected package: clamav-0.65_6 (matched by clamav&lt;0.65_7)
+Type of problem: clamav remote denial-of-service.
+Reference: &lt;http://www.freebsd.org/ports/portaudit/74a9541d-5d6c-11d8-80e3-0020ed76ef5a.html&gt;
+
+1 problem(s) found.</screen>
+
+ <para>Obviously, the former version should match while the
+ latter one should not.</para>
+
+ <para>Finally, verify whether the web page generated from the
+ VuXML database looks like expected:</para>
+
+ <screen>&prompt.user; <userinput>mkdir -p ~/public_html/portaudit</userinput>
+&prompt.user; <userinput>packaudit</userinput>
+&prompt.user; <userinput>lynx ~/public_html/portaudit/74a9541d-5d6c-11d8-80e3-0020ed76ef5a.html</userinput></screen>
+ </sect2>
+
+ <sect2 id="security-notify-noxml">
+ <title>If VuXML still scares you...</title>
+
+ <para>As an easy alternative to writing VuXML, you may opt to add
+ a single line to a different file with much simpler syntax,
+ <filename><envar>PORTSDIR</envar>/security/portaudit-db/database/portaudit.txt</filename>,
+ which resides within the port <filename
+ role="package">security/portaudit-db</filename>, and
+ send a request for review to the Security Officer Team
+ as described on the <ulink
+ url="http://www.freebsd.org/security/#how">FreeBSD
+ Security Information</ulink> page.</para>
+
+ <para>A line in that file consists of four fields
+ separated by <literal>|</literal>, a pipe character.
+ The first field is a &man.pkg.version.1; pattern
+ expression matching the vulnerable packages. The second
+ field contains URLs to relevant information, separated
+ by space characters. The third field is a one-line
+ description of the issue. The fourth and last field
+ is the entry's UUID.</para>
+
+ <para>You may want take a closer look at existing entries in
+ <filename>portaudit.txt</filename> before adding your
+ first line to that file.</para>
+ </sect2>
+ </sect1>
+ </chapter>
+
+ <chapter id="porting-dads">
+ <title>Dos and Don'ts</title>
+
+ <sect1 id="dads-intro">
+ <title>Introduction</title>
+
+ <para>Here is a list of common dos and don'ts that you encounter during
+ the porting process. You should check your own port against this list,
+ but you can also check ports in the <ulink url="http://www.FreeBSD.org/cgi/query-pr-summary.cgi?query">PR database</ulink> that others have
+ submitted. Submit any comments on ports you check as described in
+ <ulink url="&url.articles.contributing;/contrib-how.html#CONTRIB-GENERAL">Bug Reports and General
+ Commentary</ulink>. Checking ports in the PR database will both make
+ it faster for us to commit them, and prove that you know what you are
+ doing.</para>
+ </sect1>
+
+ <sect1 id="dads-strip">
+ <title>Stripping Binaries</title>
+
+ <para>Do not strip binaries manually unless you have to. All binaries
+ should be stripped, but the <maketarget>INSTALL_PROGRAM</maketarget>
+ macro will install and strip a binary at the same time (see the next
+ section).</para>
+
+ <para>If you need to strip a file, but do not wish to use the
+ <makevar>INSTALL_PROGRAM</makevar> macro,
+ <makevar>${STRIP_CMD}</makevar> will strip your program. This is
+ typically done within the <literal>post-install</literal>
+ target. For example:</para>
+
+ <programlisting>post-install:
+ ${STRIP_CMD} ${PREFIX}/bin/xdl</programlisting>
+
+ <para>Use the &man.file.1; command on the installed executable to
+ check whether the binary is stripped or not. If it does not say
+ <literal>not stripped</literal>, it is stripped. Additionally,
+ &man.strip.1; will not strip a previously stripped program; it
+ will instead exit cleanly.</para>
+ </sect1>
+
+ <sect1 id="dads-install">
+ <title>INSTALL_* macros</title>
+
+ <para>Do use the macros provided in <filename>bsd.port.mk</filename>
+ to ensure correct modes and ownership of files in your own
+ <maketarget>*-install</maketarget> targets.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>INSTALL_PROGRAM</makevar> is a command to install
+ binary executables.</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>INSTALL_SCRIPT</makevar> is a command to install
+ executable scripts.</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>INSTALL_DATA</makevar> is a command to install
+ sharable data.</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>INSTALL_MAN</makevar> is a command to install
+ manpages and other documentation (it does not compress
+ anything).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>These are basically the <command>install</command> command with
+ all the appropriate flags. See below for an example on how to use
+ them.</para>
+ </sect1>
+
+ <sect1 id="porting-wrkdir">
+ <title><makevar>WRKDIR</makevar></title>
+
+ <para>Do not write anything to files outside
+ <makevar>WRKDIR</makevar>. <makevar>WRKDIR</makevar> is the only
+ place that is guaranteed to be writable during the port build (see
+ <ulink url="&url.books.handbook;/ports-using.html#PORTS-CD">
+ installing ports from a CDROM</ulink> for an
+ example of building ports from a read-only tree). If you need to
+ modify one of the <filename>pkg-<replaceable>*</replaceable></filename>
+ files, do so by <link
+ linkend="porting-pkgfiles">redefining a variable</link>, not by
+ writing over it.</para>
+ </sect1>
+
+ <sect1 id="porting-wrkdirprefix">
+ <title><makevar>WRKDIRPREFIX</makevar></title>
+
+ <para>Make sure your port honors <makevar>WRKDIRPREFIX</makevar>.
+ Most ports do not have to worry about this. In particular, if you
+ are referring to a <makevar>WRKDIR</makevar> of another port, note
+ that the correct location is
+ <filename><makevar>WRKDIRPREFIX</makevar><makevar>PORTSDIR</makevar>/<replaceable>subdir</replaceable>/<replaceable>name</replaceable>/work</filename> not <filename><makevar>PORTSDIR</makevar>/<replaceable>subdir</replaceable>/<replaceable>name</replaceable>/work</filename> or <filename><makevar>.CURDIR</makevar>/../../<replaceable>subdir</replaceable>/<replaceable>name</replaceable>/work</filename> or some such.</para>
+
+ <para>Also, if you are defining <makevar>WRKDIR</makevar> yourself,
+ make sure you prepend
+ <literal>&dollar;{WRKDIRPREFIX}&dollar;{.CURDIR}</literal> in the
+ front.</para>
+ </sect1>
+
+ <sect1 id="porting-versions">
+ <title>Differentiating operating systems and OS versions</title>
+
+ <para>You may come across code that needs modifications or conditional
+ compilation based upon what version of Unix it is running under. If
+ you need to make such changes to the code for conditional
+ compilation, make sure you make the changes as general as possible
+ so that we can back-port code to older FreeBSD systems and cross-port
+ to other BSD systems such as 4.4BSD from CSRG, BSD/386, 386BSD,
+ NetBSD, and OpenBSD.</para>
+
+ <para>The preferred way to tell 4.3BSD/Reno (1990) and newer versions
+ of the BSD code apart is by using the <literal>BSD</literal> macro
+ defined in
+ <ulink url="http://cvsweb.freebsd.org/src/sys/sys/param.h">sys/param.h</ulink>.
+ Hopefully that
+ file is already included; if not, add the code:</para>
+
+ <programlisting>#if (defined(__unix__) || defined(unix)) &amp;&amp; !defined(USG)
+#include &lt;sys/param.h&gt;
+#endif</programlisting>
+
+ <para>to the proper place in the <filename>.c</filename> file. We
+ believe that every system that defines these two symbols has
+ <filename>sys/param.h</filename>. If you find a system that
+ does not, we would like to know. Please send mail to the
+ &a.ports;.</para>
+
+ <para>Another way is to use the GNU Autoconf style of doing
+ this:</para>
+
+ <programlisting>#ifdef HAVE_SYS_PARAM_H
+#include &lt;sys/param.h&gt;
+#endif</programlisting>
+
+ <para>Do not forget to add <literal>-DHAVE_SYS_PARAM_H</literal> to the
+ <makevar>CFLAGS</makevar> in the <filename>Makefile</filename> for
+ this method.</para>
+
+ <para>Once you have <filename>sys/param.h</filename> included, you may
+ use:</para>
+
+ <programlisting>#if (defined(BSD) &amp;&amp; (BSD &gt;= 199103))</programlisting>
+
+ <para>to detect if the code is being compiled on a 4.3 Net2 code base
+ or newer (e.g. FreeBSD 1.x, 4.3/Reno, NetBSD 0.9, 386BSD, BSD/386
+ 1.1 and below).</para>
+
+ <para>Use:</para>
+
+ <programlisting>#if (defined(BSD) &amp;&amp; (BSD &gt;= 199306))</programlisting>
+
+ <para>to detect if the code is being compiled on a 4.4 code base or
+ newer (e.g. FreeBSD 2.x, 4.4, NetBSD 1.0, BSD/386 2.0 or
+ above).</para>
+
+ <para>The value of the <literal>BSD</literal> macro is
+ <literal>199506</literal> for the 4.4BSD-Lite2 code base. This is
+ stated for informational purposes only. It should not be used to
+ distinguish between versions of FreeBSD based only on 4.4-Lite vs.
+ versions that have merged in changes from 4.4-Lite2. The
+ <literal>__FreeBSD__</literal> macro should be used instead.</para>
+
+ <para>Use sparingly:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>__FreeBSD__</literal> is defined in all versions of
+ FreeBSD. Use it if the change you are making
+ <emphasis>only</emphasis> affects FreeBSD. Porting gotchas like
+ the use of <literal>sys_errlist[]</literal> vs
+ <function>strerror()</function> are Berkeley-isms, not FreeBSD
+ changes.</para>
+ </listitem>
+
+ <listitem>
+ <para>In FreeBSD 2.x, <literal>__FreeBSD__</literal> is defined to
+ be <literal>2</literal>. In earlier versions, it is
+ <literal>1</literal>. Later versions always bump it to match
+ their major version number.</para>
+ </listitem>
+
+ <listitem>
+ <para>If you need to tell the difference between a FreeBSD 1.x
+ system and a FreeBSD 2.x or above system, usually the right answer
+ is to use the <literal>BSD</literal> macros described above. If
+ there actually is a FreeBSD specific change (such as special
+ shared library options when using <command>ld</command>) then it
+ is OK to use <literal>__FreeBSD__</literal> and <literal>#if
+ __FreeBSD__ &gt; 1</literal> to detect a FreeBSD 2.x and later
+ system. If you need more granularity in detecting FreeBSD
+ systems since 2.0-RELEASE you can use the following:</para>
+
+ <programlisting>#if __FreeBSD__ &gt;= 2
+#include &lt;osreldate.h&gt;
+# if __FreeBSD_version &gt;= 199504
+ /* 2.0.5+ release specific code here */
+# endif
+#endif</programlisting>
+ </listitem>
+ </itemizedlist>
+
+ <para>In the hundreds of ports that have been done, there have only
+ been one or two cases where <literal>__FreeBSD__</literal> should
+ have been used. Just because an earlier port screwed up and used it
+ in the wrong place does not mean you should do so too.</para>
+ </sect1>
+
+ <sect1 id="freebsd-versions">
+ <title>__FreeBSD_version values</title>
+
+ <para>Here is a convenient list of
+ <literal>__FreeBSD_version</literal> values as defined in
+ <ulink url="http://cvsweb.freebsd.org/src/sys/sys/param.h">sys/param.h</ulink>:</para>
+
+ <table frame="none">
+ <title>__FreeBSD_version values</title>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Release</entry>
+ <entry><literal>__FreeBSD_version</literal></entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry>2.0-RELEASE</entry>
+ <entry>119411</entry>
+ </row>
+
+ <row>
+ <entry>2.1-CURRENT</entry>
+ <entry>199501, 199503</entry>
+ </row>
+
+ <row>
+ <entry>2.0.5-RELEASE</entry>
+ <entry>199504</entry>
+ </row>
+
+ <row>
+ <entry>2.2-CURRENT before 2.1</entry>
+ <entry>199508</entry>
+ </row>
+
+ <row>
+ <entry>2.1.0-RELEASE</entry>
+ <entry>199511</entry>
+ </row>
+
+ <row>
+ <entry>2.2-CURRENT before 2.1.5</entry>
+ <entry>199512</entry>
+ </row>
+
+ <row>
+ <entry>2.1.5-RELEASE</entry>
+ <entry>199607</entry>
+ </row>
+
+ <row>
+ <entry>2.2-CURRENT before 2.1.6</entry>
+ <entry>199608</entry>
+ </row>
+
+ <row>
+ <entry>2.1.6-RELEASE</entry>
+ <entry>199612</entry>
+ </row>
+
+ <row>
+ <entry>2.1.7-RELEASE</entry>
+ <entry>199612</entry>
+ </row>
+
+ <row>
+ <entry>2.2-RELEASE</entry>
+ <entry>220000</entry>
+ </row>
+
+ <row>
+ <entry>2.2.1-RELEASE</entry>
+ <entry>220000 (no change)</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after 2.2.1-RELEASE</entry>
+ <entry>220000 (no change)</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after texinfo-3.9</entry>
+ <entry>221001</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after top</entry>
+ <entry>221002</entry>
+ </row>
+
+ <row>
+ <entry>2.2.2-RELEASE</entry>
+ <entry>222000</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after 2.2.2-RELEASE</entry>
+ <entry>222001</entry>
+ </row>
+
+ <row>
+ <entry>2.2.5-RELEASE</entry>
+ <entry>225000</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after 2.2.5-RELEASE</entry>
+ <entry>225001</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after ldconfig -R merge</entry>
+ <entry>225002</entry>
+ </row>
+
+ <row>
+ <entry>2.2.6-RELEASE</entry>
+ <entry>226000</entry>
+ </row>
+
+ <row>
+ <entry>2.2.7-RELEASE</entry>
+ <entry>227000</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after 2.2.7-RELEASE</entry>
+ <entry>227001</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after &man.semctl.2; change</entry>
+ <entry>227002</entry>
+ </row>
+
+ <row>
+ <entry>2.2.8-RELEASE</entry>
+ <entry>228000</entry>
+ </row>
+
+ <row>
+ <entry>2.2-STABLE after 2.2.8-RELEASE</entry>
+ <entry>228001</entry>
+ </row>
+
+ <row>
+ <entry>3.0-CURRENT before &man.mount.2; change</entry>
+ <entry>300000</entry>
+ </row>
+
+ <row>
+ <entry>3.0-CURRENT after &man.mount.2; change</entry>
+ <entry>300001</entry>
+ </row>
+
+ <row>
+ <entry>3.0-CURRENT after &man.semctl.2; change</entry>
+ <entry>300002</entry>
+ </row>
+
+ <row>
+ <entry>3.0-CURRENT after ioctl arg changes</entry>
+ <entry>300003</entry>
+ </row>
+
+ <row>
+ <entry>3.0-CURRENT after ELF conversion</entry>
+ <entry>300004</entry>
+ </row>
+
+ <row>
+ <entry>3.0-RELEASE</entry>
+ <entry>300005</entry>
+ </row>
+
+ <row>
+ <entry>3.0-CURRENT after 3.0-RELEASE</entry>
+ <entry>300006</entry>
+ </row>
+
+ <row>
+ <entry>3.0-STABLE after 3/4 branch</entry>
+ <entry>300007</entry>
+ </row>
+
+ <row>
+ <entry>3.1-RELEASE</entry>
+ <entry>310000</entry>
+ </row>
+
+ <row>
+ <entry>3.1-STABLE after 3.1-RELEASE</entry>
+ <entry>310001</entry>
+ </row>
+
+ <row>
+ <entry>3.1-STABLE after C++ constructor/destructor order
+ change</entry>
+ <entry>310002</entry>
+ </row>
+
+ <row>
+ <entry>3.2-RELEASE</entry>
+ <entry>320000</entry>
+ </row>
+
+ <row>
+ <entry>3.2-STABLE</entry>
+ <entry>320001</entry>
+ </row>
+
+ <row>
+ <entry>3.2-STABLE after binary-incompatible IPFW and
+ socket changes</entry>
+ <entry>320002</entry>
+ </row>
+
+ <row>
+ <entry>3.3-RELEASE</entry>
+ <entry>330000</entry>
+ </row>
+
+ <row>
+ <entry>3.3-STABLE</entry>
+ <entry>330001</entry>
+ </row>
+
+ <row>
+ <entry>3.3-STABLE after adding &man.mkstemp.3;
+ to libc</entry>
+ <entry>330002</entry>
+ </row>
+
+ <row>
+ <entry>3.4-RELEASE</entry>
+ <entry>340000</entry>
+ </row>
+
+ <row>
+ <entry>3.4-STABLE</entry>
+ <entry>340001</entry>
+ </row>
+
+ <row>
+ <entry>3.5-RELEASE</entry>
+ <entry>350000</entry>
+ </row>
+
+ <row>
+ <entry>3.5-STABLE</entry>
+ <entry>350001</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after 3.4 branch</entry>
+ <entry>400000</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after change in dynamic linker
+ handling</entry>
+ <entry>400001</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after C++ constructor/destructor
+ order change</entry>
+ <entry>400002</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after functioning &man.dladdr.3;</entry>
+ <entry>400003</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after __deregister_frame_info dynamic
+ linker bug fix (also 4.0-CURRENT after EGCS 1.1.2
+ integration)
+ </entry>
+ <entry>400004</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after &man.suser.9; API change
+ (also 4.0-CURRENT after newbus)</entry>
+ <entry>400005</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after cdevsw registration change</entry>
+ <entry>400006</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after the addition of so_cred for
+ socket level credentials</entry>
+ <entry>400007</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after the addition of a poll syscall
+ wrapper to libc_r</entry>
+ <entry>400008</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after the change of the kernel's
+ <literal>dev_t</literal> type to <literal>struct
+ specinfo</literal> pointer</entry>
+ <entry>400009</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after fixing a hole
+ in &man.jail.2;</entry>
+ <entry>400010</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after the <literal>sigset_t</literal>
+ datatype change</entry>
+ <entry>400011</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after the cutover to the GCC 2.95.2
+ compiler</entry>
+ <entry>400012</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after adding pluggable linux-mode
+ ioctl handlers</entry>
+ <entry>400013</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after importing OpenSSL</entry>
+ <entry>400014</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after the C++ ABI change in GCC 2.95.2
+ from -fvtable-thunks to -fno-vtable-thunks by
+ default</entry>
+ <entry>400015</entry>
+ </row>
+
+ <row>
+ <entry>4.0-CURRENT after importing OpenSSH</entry>
+ <entry>400016</entry>
+ </row>
+
+ <row>
+ <entry>4.0-RELEASE</entry>
+ <entry>400017</entry>
+ </row>
+
+ <row>
+ <entry>4.0-STABLE after 4.0-RELEASE</entry>
+ <entry>400018</entry>
+ </row>
+
+ <row>
+ <entry>4.0-STABLE after the introduction of delayed
+ checksums.</entry>
+ <entry>400019</entry>
+ </row>
+
+ <row>
+ <entry>4.0-STABLE after merging libxpg4 code into
+ libc.</entry>
+ <entry>400020</entry>
+ </row>
+
+ <row>
+ <entry>4.0-STABLE after upgrading Binutils to 2.10.0, ELF
+ branding changes, and tcsh in the base system.</entry>
+ <entry>400021</entry>
+ </row>
+
+ <row>
+ <entry>4.1-RELEASE</entry>
+ <entry>410000</entry>
+ </row>
+
+ <row>
+ <entry>4.1-STABLE after 4.1-RELEASE</entry>
+ <entry>410001</entry>
+ </row>
+
+ <row>
+ <entry>4.1-STABLE after &man.setproctitle.3; moved from
+ libutil to libc.</entry>
+ <entry>410002</entry>
+ </row>
+
+ <row>
+ <entry>4.1.1-RELEASE</entry>
+ <entry>411000</entry>
+ </row>
+
+ <row>
+ <entry>4.1.1-STABLE after 4.1.1-RELEASE</entry>
+ <entry>411001</entry>
+ </row>
+
+ <row>
+ <entry>4.2-RELEASE</entry>
+ <entry>420000</entry>
+ </row>
+
+ <row>
+ <entry>4.2-STABLE after combining libgcc.a and
+ libgcc_r.a, and associated GCC linkage changes.</entry>
+ <entry>420001</entry>
+ </row>
+
+ <row>
+ <entry>4.3-RELEASE</entry>
+ <entry>430000</entry>
+ </row>
+
+ <row>
+ <entry>4.3-STABLE after wint_t introduction.</entry>
+ <entry>430001</entry>
+ </row>
+
+ <row>
+ <entry>4.3-STABLE after PCI powerstate API merge.</entry>
+ <entry>430002</entry>
+ </row>
+
+ <row>
+ <entry>4.4-RELEASE</entry>
+ <entry>440000</entry>
+ </row>
+
+ <row>
+ <entry>4.4-STABLE after d_thread_t introduction.</entry>
+ <entry>440001</entry>
+ </row>
+
+ <row>
+ <entry>4.4-STABLE after mount structure changes (affects
+ filesystem klds).</entry>
+ <entry>440002</entry>
+ </row>
+
+ <row>
+ <entry>4.4-STABLE after the userland components of smbfs
+ were imported.</entry>
+ <entry>440003</entry>
+ </row>
+
+ <row>
+ <entry>4.5-RELEASE</entry>
+ <entry>450000</entry>
+ </row>
+
+ <row>
+ <entry>4.5-STABLE after the usb structure element rename.</entry>
+ <entry>450001</entry>
+ </row>
+
+ <row>
+ <entry>4.5-STABLE after the
+ <literal>sendmail_enable</literal> &man.rc.conf.5;
+ variable was made to take the value
+ <literal>NONE</literal>.</entry>
+ <entry>450004</entry>
+ </row>
+
+ <row>
+ <entry>4.5-STABLE after moving to XFree86 4 by default
+ for package builds.</entry>
+ <entry>450005</entry>
+ </row>
+
+ <row>
+ <entry>4.5-STABLE after accept filtering was fixed so
+ that is no longer susceptible to an easy DoS.</entry>
+ <entry>450006</entry>
+ </row>
+
+ <row>
+ <entry>4.6-RELEASE</entry>
+ <entry>460000</entry>
+ </row>
+
+ <row>
+ <entry>4.6-STABLE &man.sendfile.2; fixed to comply with
+ documentation, not to count any headers sent against
+ the amount of data to be sent from the file.</entry>
+ <entry>460001</entry>
+ </row>
+
+ <row>
+ <entry>4.6.2-RELEASE</entry>
+ <entry>460002</entry>
+ </row>
+
+ <row>
+ <entry>4.6-STABLE</entry>
+ <entry>460100</entry>
+ </row>
+
+ <row>
+ <entry>4.6-STABLE after MFC of `sed -i'.</entry>
+ <entry>460101</entry>
+ </row>
+
+ <row>
+ <entry>4.6-STABLE after MFC of many new pkg_install
+ features from the HEAD.</entry>
+ <entry>460102</entry>
+ </row>
+
+ <row>
+ <entry>4.7-RELEASE</entry>
+ <entry>470000</entry>
+ </row>
+
+ <row>
+ <entry>4.7-STABLE</entry>
+ <entry>470100</entry>
+ </row>
+
+ <row>
+ <entry>Start generated __std{in,out,err}p references rather
+ than __sF. This changes std{in,out,err} from a
+ compile time expression to a runtime one.</entry>
+ <entry>470101</entry>
+ </row>
+
+ <row>
+ <entry>4.7-STABLE after MFC of mbuf changes to replace
+ m_aux mbufs by m_tag's</entry>
+ <entry>470102</entry>
+ </row>
+
+ <row>
+ <entry>4.7-STABLE gets OpenSSL 0.9.7</entry>
+ <entry>470103</entry>
+ </row>
+
+ <row>
+ <entry>4.8-RELEASE</entry>
+ <entry>480000</entry>
+ </row>
+
+ <row>
+ <entry>4.8-STABLE</entry>
+ <entry>480100</entry>
+ </row>
+
+ <row>
+ <entry>4.8-STABLE after &man.realpath.3; has been made
+ thread-safe</entry>
+ <entry>480101</entry>
+ </row>
+
+ <row>
+ <entry>4.8-STABLE 3ware API changes to twe.</entry>
+ <entry>480102</entry>
+ </row>
+
+ <row>
+ <entry>4.9-RELEASE</entry>
+ <entry>490000</entry>
+ </row>
+
+ <row>
+ <entry>4.9-STABLE</entry>
+ <entry>490100</entry>
+ </row>
+
+ <row>
+ <entry>4.9-STABLE after e_sid was added to struct
+ kinfo_eproc.</entry>
+ <entry>490101</entry>
+ </row>
+
+ <row>
+ <entry>4.9-STABLE after MFC of libmap functionality
+ for rtld.</entry>
+ <entry>490102</entry>
+ </row>
+
+ <row>
+ <entry>4.10-RELEASE</entry>
+ <entry>491000</entry>
+ </row>
+
+ <row>
+ <entry>4.10-STABLE</entry>
+ <entry>491100</entry>
+ </row>
+
+ <row>
+ <entry>4.10-STABLE after MFC of revision 20040629 of
+ the package tools</entry>
+ <entry>491101</entry>
+ </row>
+
+ <row>
+ <entry>4.10-STABLE after VM fix dealing with unwiring
+ of fictitious pages</entry>
+ <entry>491102</entry>
+ </row>
+
+ <row>
+ <entry>4.11-RELEASE</entry>
+ <entry>492000</entry>
+ </row>
+
+ <row>
+ <entry>4.11-STABLE</entry>
+ <entry>492100</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT</entry>
+ <entry>500000</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after adding addition ELF header fields,
+ and changing our ELF binary branding method.</entry>
+ <entry>500001</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after kld metadata changes.</entry>
+ <entry>500002</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after buf/bio changes.</entry>
+ <entry>500003</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after binutils upgrade.</entry>
+ <entry>500004</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after merging libxpg4 code into
+ libc and after TASKQ interface introduction.</entry>
+ <entry>500005</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the addition of AGP
+ interfaces.</entry>
+ <entry>500006</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after Perl upgrade to 5.6.0</entry>
+ <entry>500007</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the update of KAME code to
+ 2000/07 sources.</entry>
+ <entry>500008</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after ether_ifattach() and
+ ether_ifdetach() changes.</entry>
+ <entry>500009</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after changing mtree defaults
+ back to original variant, adding -L to follow
+ symlinks.</entry>
+ <entry>500010</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after kqueue API changed.</entry>
+ <entry>500011</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after &man.setproctitle.3; moved from
+ libutil to libc.</entry>
+ <entry>500012</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the first SMPng commit.</entry>
+ <entry>500013</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after &lt;sys/select.h&gt; moved to
+ &lt;sys/selinfo.h&gt;.</entry>
+ <entry>500014</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after combining libgcc.a and
+ libgcc_r.a, and associated GCC linkage changes.</entry>
+ <entry>500015</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after change allowing libc and libc_r
+ to be linked together, deprecating -pthread
+ option.</entry>
+ <entry>500016</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after switch from struct ucred to
+ struct xucred to stabilize kernel-exported API for
+ mountd et al.</entry>
+ <entry>500017</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after addition of CPUTYPE make variable
+ for controlling CPU-specific optimizations.</entry>
+ <entry>500018</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after moving machine/ioctl_fd.h to
+ sys/fdcio.h</entry>
+ <entry>500019</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after locale names renaming.</entry>
+ <entry>500020</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after Bzip2 import.
+ Also signifies removal of S/Key.</entry>
+ <entry>500021</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after SSE support.</entry>
+ <entry>500022</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after KSE Milestone 2.</entry>
+ <entry>500023</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after d_thread_t,
+ and moving UUCP to ports.</entry>
+ <entry>500024</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after ABI change for descriptor
+ and creds passing on 64 bit platforms.</entry>
+ <entry>500025</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after moving to XFree86 4 by default for
+ package builds, and after the new libc strnstr() function
+ was added.</entry>
+ <entry>500026</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the new libc strcasestr() function
+ was added.</entry>
+ <entry>500027</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the userland components of smbfs
+ were imported.</entry>
+ <entry>500028</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the new C99 specific-width
+ integer types were added.</entry>
+ <entry>(Not incremented.)</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after a change was made in the return
+ value of &man.sendfile.2;.</entry>
+ <entry>500029</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the introduction of the
+ type <literal>fflags_t</literal>, which is the
+ appropriate size for file flags.</entry>
+ <entry>500030</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the usb structure element rename.</entry>
+ <entry>500031</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the introduction of
+ Perl 5.6.1.</entry>
+ <entry>500032</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the
+ <literal>sendmail_enable</literal> &man.rc.conf.5;
+ variable was made to take the value
+ <literal>NONE</literal>.</entry>
+ <entry>500033</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after mtx_init() grew a third argument.</entry>
+ <entry>500034</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT with Gcc 3.1.</entry>
+ <entry>500035</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT without Perl in /usr/src</entry>
+ <entry>500036</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the addition of &man.dlfunc.3;</entry>
+ <entry>500037</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the types of some struct
+ sockbuf members were changed and the structure was
+ reordered.</entry>
+ <entry>500038</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after GCC 3.2.1 import.
+ Also after headers stopped using
+ _BSD_FOO_T_ and started using _FOO_T_DECLARED.
+ This value can also be used as a conservative
+ estimate of the start of &man.bzip2.1; package
+ support.</entry>
+ <entry>500039</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after various changes to disk functions
+ were made in the name of removing dependency on disklabel
+ structure internals.</entry>
+ <entry>500040</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after the addition of &man.getopt.long.3;
+ to libc.</entry>
+ <entry>500041</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after Binutils 2.13 upgrade, which
+ included new FreeBSD emulation, vec, and output format.
+ </entry>
+ <entry>500042</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after adding weak pthread_XXX stubs
+ to libc, obsoleting libXThrStub.so. 5.0-RELEASE.</entry>
+ <entry>500043</entry>
+ </row>
+
+ <row>
+ <entry>5.0-CURRENT after branching for RELENG_5_0</entry>
+ <entry>500100</entry>
+ </row>
+ <row>
+ <entry>&lt;sys/dkstat.h&gt; is empty and should
+ not be included.</entry>
+ <entry>500101</entry>
+ </row>
+ <row>
+ <entry>5.0-CURRENT after the d_mmap_t interface
+ change.</entry>
+ <entry>500102</entry>
+ </row>
+ <row>
+ <entry>5.0-CURRENT after taskqueue_swi changed to run
+ without Giant, and taskqueue_swi_giant added to run
+ with Giant.</entry>
+ <entry>500103</entry>
+ </row>
+ <row>
+ <entry>cdevsw_add() and cdevsw_remove() no
+ longer exists.
+ Appearance of MAJOR_AUTO allocation facility.</entry>
+ <entry>500104</entry>
+ </row>
+ <row>
+ <entry>5.0-CURRENT after new cdevsw initialization method.</entry>
+ <entry>500105</entry>
+ </row>
+ <row>
+ <entry>devstat_add_entry() has been replaced by
+ devstat_new_entry()</entry>
+ <entry>500106</entry>
+ </row>
+ <row>
+ <entry>Devstat interface change; see sys/sys/param.h 1.149</entry>
+ <entry>500107</entry>
+ </row>
+ <row>
+ <entry>Token-Ring interface changes.</entry>
+ <entry>500108</entry>
+ </row>
+ <row>
+ <entry>Addition of vm_paddr_t.</entry>
+ <entry>500109</entry>
+ </row>
+ <row>
+ <entry>5.0-CURRENT after &man.realpath.3; has been made
+ thread-safe</entry>
+ <entry>500110</entry>
+ </row>
+ <row>
+ <entry>5.0-CURRENT after &man.usbhid.3; has been synced with
+ NetBSD</entry>
+ <entry>500111</entry>
+ </row>
+ <row>
+ <entry>5.0-CURRENT after new NSS implementation
+ and addition of POSIX.1 getpw*_r, getgr*_r
+ functions</entry>
+ <entry>500112</entry>
+ </row>
+ <row>
+ <entry>5.0-CURRENT after removal of the old rc system.</entry>
+ <entry>500113</entry>
+ </row>
+ <row>
+ <entry>5.1-RELEASE.</entry>
+ <entry>501000</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after branching for RELENG_5_1.</entry>
+ <entry>501100</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after correcting the semantics of
+ sigtimedwait(2) and sigwaitinfo(2).</entry>
+ <entry>501101</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after adding the lockfunc and lockfuncarg
+ fields to &man.bus.dma.tag.create.9;.</entry>
+ <entry>501102</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after GCC 3.3.1-pre 20030711 snapshot
+ integration.</entry>
+ <entry>501103</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT 3ware API changes to twe.</entry>
+ <entry>501104</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT dynamically-linked /bin and /sbin
+ support and movement of libraries to /lib.</entry>
+ <entry>501105</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after adding kernel support for
+ Coda 6.x.</entry>
+ <entry>501106</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after 16550 UART constants moved from
+ <filename>&lt;dev/sio/sioreg.h&gt;</filename> to
+ <filename>&lt;dev/ic/ns16550.h&gt;</filename>.
+ Also when libmap functionality was unconditionally
+ supported by rtld.</entry>
+ <entry>501107</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after PFIL_HOOKS API update</entry>
+ <entry>501108</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after adding kiconv(3)</entry>
+ <entry>501109</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after changing default operations
+ for open and close in cdevsw</entry>
+ <entry>501110</entry>
+ </row>
+ <row>
+ <entry>5.1-CURRENT after changed layout of cdevsw</entry>
+ <entry>501111</entry>
+ </row>
+ <row>
+ <entry> 5.1-CURRENT after adding kobj multiple inheritance
+ </entry>
+ <entry>501112</entry>
+ </row>
+ <row>
+ <entry> 5.1-CURRENT after the if_xname change in
+ struct ifnet</entry>
+ <entry>501113</entry>
+ </row>
+ <row>
+ <entry> 5.1-CURRENT after changing /bin and /sbin to
+ be dynamically linked</entry>
+ <entry>501114</entry>
+ </row>
+ <row>
+ <entry>5.2-RELEASE</entry>
+ <entry>502000</entry>
+ </row>
+ <row>
+ <entry>5.2.1-RELEASE</entry>
+ <entry>502010</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after branching for RELENG_5_2</entry>
+ <entry>502100</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after __cxa_atexit/__cxa_finalize
+ functions were added to libc.</entry>
+ <entry>502101</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after change of default thread library
+ from libc_r to libpthread.</entry>
+ <entry>502102</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after device driver API megapatch.
+ </entry>
+ <entry>502103</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after getopt_long_only() addition.
+ </entry>
+ <entry>502104</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after NULL is made into ((void *)0)
+ for C, creating more warnings.
+ </entry>
+ <entry>502105</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after pf is linked to the build and
+ install.
+ </entry>
+ <entry>502106</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after time_t is changed to a
+ 64-bit value on sparc64.
+ </entry>
+ <entry>502107</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after Intel C/C++ compiler support in some headers and execve(2) changes to be more strictly conforming to POSIX.
+ </entry>
+ <entry>502108</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the introduction of the
+ bus_alloc_resource_any API
+ </entry>
+ <entry>502109</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the addition of UTF-8 locales
+ </entry>
+ <entry>502110</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the removal of the getvfsent(3)
+ API
+ </entry>
+ <entry>502111</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the addition of the .warning
+ directive for make.</entry>
+ <entry>502112</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after ttyioctl() was made mandatory
+ for serial drivers.</entry>
+ <entry>502113</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after import of the ALTQ framework.
+ </entry>
+ <entry>502114</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after changing sema_timedwait(9) to
+ return 0 on success and a non-zero error code on
+ failure.
+ </entry>
+ <entry>502115</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after changing kernel dev_t to
+ be pointer to struct cdev *.
+ </entry>
+ <entry>502116</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after changing kernel udev_t to dev_t.
+ </entry>
+ <entry>502117</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after adding support for CLOCK_VIRTUAL
+ and CLOCK_PROF to clock_gettime(2) and clock_getres(2).
+ </entry>
+ <entry>502118</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after changing network interface
+ cloning overhaul.
+ </entry>
+ <entry>502119</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the update of the package tools
+ to revision 20040629.
+ </entry>
+ <entry>502120</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after marking Bluetooth code as
+ non-i386 specific.
+ </entry>
+ <entry>502121</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the introduction of the KDB
+ debugger framework, the conversion of DDB into a
+ backend and the introduction of the GDB backend.
+ </entry>
+ <entry>502122</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after change to make
+ VFS_ROOT take a struct
+ thread argument as does vflush. Struct kinfo_proc
+ now has a user data pointer.
+ The switch of the default X implementation to
+ <literal>xorg</literal> was also made at this time.
+ </entry>
+ <entry>502123</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the change to separate the way
+ ports rc.d and legacy scripts are started.
+ </entry>
+ <entry>502124</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the backout of the
+ previous change.
+ </entry>
+ <entry>502125</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the removal of
+ kmem_alloc_pageable() and the import of gcc 3.4.2.
+ </entry>
+ <entry>502126</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after changing the UMA kernel
+ API to allow ctors/inits to fail.
+ </entry>
+ <entry>502127</entry>
+ </row>
+ <row>
+ <entry>5.2-CURRENT after the change of the
+ vfs_mount signature as well as global replacement of
+ PRISON_ROOT with SUSER_ALLOWJAIL for the suser(9)
+ API.
+ </entry>
+ <entry>502128</entry>
+ </row>
+ <row>
+ <entry>5.3-BETA/RC before the pfil API change</entry>
+ <entry>503000</entry>
+ </row>
+ <row>
+ <entry>5.3-RELEASE</entry>
+ <entry>503001</entry>
+ </row>
+ <row>
+ <entry>5.3-STABLE after branching for RELENG_5_3</entry>
+ <entry>503100</entry>
+ </row>
+ <row>
+ <entry>5.3-STABLE after addition of glibc style
+ &man.strftime.3; padding options.</entry>
+ <entry>503101</entry>
+ </row>
+ <row>
+ <entry>5.3-STABLE after OpenBSD's nc(1) import MFC.</entry>
+ <entry>503102</entry>
+ </row>
+ <row>
+ <entry>5.4-PRERELEASE after the MFC of the fixes in
+ <filename>&lt;src/include/stdbool.h&gt;</filename> and
+ <filename>&lt;src/sys/i386/include/_types.h&gt;</filename>
+ for using the GCC-compatibility of the Intel C/C++ compiler.</entry>
+ <entry>503103</entry>
+ </row>
+ <row>
+ <entry>5.4-PRERELEASE after the MFC of the change of
+ ifi_epoch from wall clock time to uptime.</entry>
+ <entry>503104</entry>
+ </row>
+ <row>
+ <entry>5.4-PRERELEASE after the MFC of the fix of EOVERFLOW check in vswprintf(3).</entry>
+ <entry>503105</entry>
+ </row>
+ <row>
+ <entry>5.4-RELEASE.</entry>
+ <entry>504000</entry>
+ </row>
+ <row>
+ <entry>5.4-STABLE after branching for RELENG_5_4</entry>
+ <entry>504100</entry>
+ </row>
+ <row>
+ <entry>5.4-STABLE after increasing the default
+ thread stacksizes</entry>
+ <entry>504101</entry>
+ </row>
+ <row>
+ <entry>5.4-STABLE after the addition of sha256</entry>
+ <entry>504102</entry>
+ </row>
+ <row>
+ <entry>5.4-STABLE after the MFC of if_bridge</entry>
+ <entry>504103</entry>
+ </row>
+ <row>
+ <entry>5.4-STABLE after the MFC of bsdiff and portsnap</entry>
+ <entry>504104</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT</entry>
+ <entry>600000</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after permanently enabling PFIL_HOOKS
+ in the kernel.
+ </entry>
+ <entry>600001</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after initial addition of
+ ifi_epoch to struct if_data. Backed out after a
+ few days. Do not use this value.
+ </entry>
+ <entry>600002</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after the re-addition of the
+ ifi_epoch member of struct if_data.
+ </entry>
+ <entry>600003</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after addition of the struct inpcb
+ argument to the pfil API.
+ </entry>
+ <entry>600004</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after addition of the "-d
+ DESTDIR" argument to newsyslog.
+ </entry>
+ <entry>600005</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after addition of glibc style
+ &man.strftime.3; padding options.
+ </entry>
+ <entry>600006</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after addition of 802.11 framework
+ updates.
+ </entry>
+ <entry>600007</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after changes to VOP_*VOBJECT() functions
+ and introduction of MNTK_MPSAFE flag for Giantfree filesystems.
+ </entry>
+ <entry>600008</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after addition of the cpufreq framework
+ and drivers.
+ </entry>
+ <entry>600009</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after importing OpenBSD's nc(1).</entry>
+ <entry>600010</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after removing semblance of SVID2
+ <literal>matherr()</literal> support.</entry>
+ <entry>600011</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after increase of default thread stacks'
+ size.</entry>
+ <entry>600012</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after fixes in
+ <filename>&lt;src/include/stdbool.h&gt;</filename> and
+ <filename>&lt;src/sys/i386/include/_types.h&gt;</filename>
+ for using the GCC-compatibility of the Intel C/C++ compiler.</entry>
+ <entry>600013</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after EOVERFLOW checks in vswprintf(3) fixed.</entry>
+ <entry>600014</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after changing the struct if_data
+ member, ifi_epoch, from wall clock time to uptime.</entry>
+ <entry>600015</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after LC_CTYPE disk format changed.</entry>
+ <entry>600016</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after NLS catalogs disk format changed.</entry>
+ <entry>600017</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after LC_COLLATE disk format changed.</entry>
+ <entry>600018</entry>
+ </row>
+ <row>
+ <entry>Installation of acpica includes into /usr/include.</entry>
+ <entry>600019</entry>
+ </row>
+ <row>
+ <entry>Addition of MSG_NOSIGNAL flag to send(2) API.</entry>
+ <entry>600020</entry>
+ </row>
+ <row>
+ <entry>Addition of fields to cdevsw</entry>
+ <entry>600021</entry>
+ </row>
+ <row>
+ <entry>Removed gtar from base system.</entry>
+ <entry>600022</entry>
+ </row>
+ <row>
+ <entry>LOCAL_CREDS, LOCAL_CONNWAIT socket options added to unix(4).</entry>
+ <entry>600023</entry>
+ </row>
+ <row>
+ <entry>&man.hwpmc.4; and related tools added to 6.0-CURRENT.</entry>
+ <entry>600024</entry>
+ </row>
+ <row>
+ <entry>struct icmphdr added to 6.0-CURRENT.</entry>
+ <entry>600025</entry>
+ </row>
+ <row>
+ <entry>pf updated to 3.7.</entry>
+ <entry>600026</entry>
+ </row>
+ <row>
+ <entry>Kernel libalias and ng_nat introduced.</entry>
+ <entry>600027</entry>
+ </row>
+ <row>
+ <entry>POSIX ttyname_r(3) made available through unistd.h and libc.</entry>
+ <entry>600028</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after libpcap updated to v0.9.1 alpha 096.</entry>
+ <entry>600029</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after importing NetBSD's if_bridge(4).</entry>
+ <entry>600030</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after struct ifnet was broken out
+ of the driver softcs.</entry>
+ <entry>600031</entry>
+ </row>
+ <row>
+ <entry>6.0-CURRENT after the import of libpcap v0.9.1.</entry>
+ <entry>600032</entry>
+ </row>
+ <row>
+ <entry>6.0-STABLE after bump of all shared library
+ versions that had not been changed since
+ RELENG_5.</entry>
+ <entry>600033</entry>
+ </row>
+ <row>
+ <entry>6.0-STABLE after credential argument is added to
+ dev_clone vent handler. 6.0-RELEASE.</entry>
+ <entry>600034</entry>
+ </row>
+ <row>
+ <entry>6.0-STABLE after 6.0-RELEASE</entry>
+ <entry>600100</entry>
+ </row>
+ <row>
+ <entry>6.0-STABLE after incorporating scripts from the
+ local_startup directories into the base rcorder.</entry>
+ <entry>600101</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT.</entry>
+ <entry>700000</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after bump of all shared library
+ versions that had not been changed since
+ RELENG_5.</entry>
+ <entry>700001</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after credential argument is added to
+ dev_clone vent handler.</entry>
+ <entry>700002</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after memmem(3) is added to libc.</entry>
+ <entry>700003</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after solisten(9) kernel arguments
+ are modified to accept a backlog paramater.</entry>
+ <entry>700004</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after IFP2ENADDR() was changed to return
+ a pointer to IF_LLADDR().</entry>
+ <entry>700005</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after addition of <literal>if_addr</literal>
+ member to <literal>struct ifnet</literal> and IFP2ENADDR()
+ removal.</entry>
+ <entry>700006</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after incorporating scripts from the
+ local_startup directories into the base rcorder.</entry>
+ <entry>700007</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after removal of MNT_NODEV mount
+ option.</entry>
+ <entry>700008</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after ELF-64 type changes and symbol
+ versioning.</entry>
+ <entry>700009</entry>
+ </row>
+ <row>
+ <entry>7.0-CURRENT after addition of hostb and vgapci
+ drivers, addition of pci_find_extcap(), and changing
+ the AGP drivers to no longer map the aperture.</entry>
+ <entry>700010</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <note>
+ <para>Note that 2.2-STABLE sometimes identifies itself as
+ <quote>2.2.5-STABLE</quote> after the 2.2.5-RELEASE. The pattern
+ used to be year followed by the month, but we decided to change it
+ to a more straightforward major/minor system starting from 2.2.
+ This is because the parallel development on several branches made
+ it infeasible to classify the releases simply by their real
+ release dates. If you are making a port now, you do not have to
+ worry about old -CURRENTs; they are listed here just for your
+ reference.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="dads-after-port-mk">
+ <title>Writing something after
+ <filename>bsd.port.mk</filename></title>
+
+ <para>Do not write anything after the <literal>.include
+ &lt;bsd.port.mk&gt;</literal> line. It usually can be avoided by
+ including <filename>bsd.port.pre.mk</filename> somewhere in the
+ middle of your <filename>Makefile</filename> and
+ <filename>bsd.port.post.mk</filename> at the end.</para>
+
+ <note>
+ <para>You need to include either the
+ <filename>bsd.port.pre.mk</filename>/<filename>bsd.port.post.mk</filename> pair or
+ <filename>bsd.port.mk</filename> only; do not mix these two usages.</para>
+ </note>
+
+ <para><filename>bsd.port.pre.mk</filename> only defines a few
+ variables, which can be used in tests in the
+ <filename>Makefile</filename>, <filename>bsd.port.post.mk</filename>
+ defines the rest.</para>
+
+ <para>Here are some important variables defined in
+ <filename>bsd.port.pre.mk</filename> (this is not the complete list,
+ please read <filename>bsd.port.mk</filename> for the complete
+ list).</para>
+
+ <informaltable frame="none" pgwide="1">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Variable</entry>
+ <entry>Description</entry>
+ </row>
+ </thead>
+
+ <tbody>
+ <row>
+ <entry><makevar>ARCH</makevar></entry>
+ <entry>The architecture as returned by <command>uname
+ -m</command> (e.g., <literal>i386</literal>)</entry>
+ </row>
+
+ <row>
+ <entry><makevar>OPSYS</makevar></entry>
+ <entry>The operating system type, as returned by
+ <command>uname -s</command> (e.g.,
+ <literal>FreeBSD</literal>)</entry>
+ </row>
+
+ <row>
+ <entry><makevar>OSREL</makevar></entry>
+ <entry>The release version of the operating system (e.g.,
+ <literal>2.1.5</literal> or
+ <literal>2.2.7</literal>)</entry>
+ </row>
+
+ <row>
+ <entry><makevar>OSVERSION</makevar></entry>
+ <entry>The numeric version of the operating system; the same as
+ <link
+ linkend="freebsd-versions"><literal>__FreeBSD_version</literal></link>.</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PORTOBJFORMAT</makevar></entry>
+ <entry>The object format of the system
+ (<literal>elf</literal> or <literal>aout</literal>;
+ note that for <quote>modern</quote> versions of FreeBSD,
+ <literal>aout</literal> is deprecated.)</entry>
+ </row>
+
+ <row>
+ <entry><makevar>LOCALBASE</makevar></entry>
+ <entry>The base of the <quote>local</quote> tree (e.g.,
+ <literal>/usr/local/</literal>)</entry>
+ </row>
+
+ <row>
+ <entry><makevar>X11BASE</makevar></entry>
+ <entry>The base of the <quote>X11</quote> tree (e.g.,
+ <literal>/usr/X11R6</literal>)</entry>
+ </row>
+
+ <row>
+ <entry><makevar>PREFIX</makevar></entry>
+ <entry>Where the port installs itself (see <link
+ linkend="porting-prefix">more on
+ <makevar>PREFIX</makevar></link>).</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <note>
+ <para>If you have to define the variables
+ <makevar>USE_IMAKE</makevar>, <makevar>USE_X_PREFIX</makevar>, or
+ <makevar>MASTERDIR</makevar>, do so before including
+ <filename>bsd.port.pre.mk</filename>.</para>
+ </note>
+
+ <para>Here are some examples of things you can write after
+ <filename>bsd.port.pre.mk</filename>:</para>
+
+ <programlisting># no need to compile lang/perl5 if perl5 is already in system
+.if ${OSVERSION} > 300003
+BROKEN= perl is in system
+.endif
+
+# only one shlib version number for ELF
+.if ${PORTOBJFORMAT} == "elf"
+TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}
+.else
+TCL_LIB_FILE= ${TCL_LIB}.${SHLIB_MAJOR}.${SHLIB_MINOR}
+.endif
+
+# software already makes link for ELF, but not for a.out
+post-install:
+.if ${PORTOBJFORMAT} == "aout"
+ ${LN} -sf liblinpack.so.1.0 ${PREFIX}/lib/liblinpack.so
+.endif</programlisting>
+
+ <para>You did remember to use tab instead of spaces after
+ <literal>BROKEN=</literal> and
+ <literal>TCL_LIB_FILE=</literal>, did you not?
+ <!-- smiley -->:-).</para>
+ </sect1>
+
+ <sect1 id="dads-documentation">
+ <title>Install additional documentation</title>
+
+ <para>If your software has some documentation other than the standard
+ man and info pages that you think is useful for the user, install it
+ under <filename><makevar>PREFIX</makevar>/share/doc</filename>.
+ This can be done, like the previous item, in the
+ <maketarget>post-install</maketarget> target.</para>
+
+ <para>Create a new directory for your port. The directory name should
+ reflect what the port is. This usually means
+ <makevar>PORTNAME</makevar>. However, if you
+ think the user might want different versions of the port to be
+ installed at the same time, you can use the whole
+ <makevar>PKGNAME</makevar>.</para>
+
+ <para>Make the installation dependent on the variable
+ <makevar>NOPORTDOCS</makevar> so that users can disable it in
+ <filename>/etc/make.conf</filename>, like this:</para>
+
+ <programlisting>post-install:
+.if !defined(NOPORTDOCS)
+ ${MKDIR} ${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/xvdocs.ps ${DOCSDIR}
+.endif</programlisting>
+
+ <para>Here are some handy variables and how they are expanded
+ by default when used
+ in the <filename>Makefile</filename>:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>DATADIR</makevar> gets expanded to
+ <filename><makevar>PREFIX</makevar>/share/<makevar>PORTNAME</makevar></filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>DOCSDIR</makevar> gets expanded to
+ <filename><makevar>PREFIX</makevar>/share/doc/<makevar>PORTNAME</makevar></filename>.</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>EXAMPLESDIR</makevar> gets expanded to
+ <filename><makevar>PREFIX</makevar>/share/examples/<makevar>PORTNAME</makevar></filename>.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>These variables are exported to <makevar>PLIST_SUB</makevar>.
+ Their values will appear there as pathnames relative to
+ <filename><makevar>PREFIX</makevar></filename> if possible.
+ That is, <filename>share/doc/<makevar>PORTNAME</makevar></filename>
+ will be substituted for <literal>%%DOCSDIR%%</literal>
+ in the packing list by default, and so on.
+ (See more on <filename>pkg-plist</filename> substitution
+ <link linkend="plist-sub">here</link>.)</para>
+
+ <para>All documentation files and directories installed should
+ be included in <filename>pkg-plist</filename> with the
+ <literal>%%PORTDOCS%%</literal> prefix, for example:</para>
+
+ <programlisting>%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
+%%PORTDOCS%%%%DOCSDIR%%/CONTACT
+%%PORTDOCS%%@dirrm %%DOCSDIR%%</programlisting>
+
+ <para>As an alternative to enumerating the documentation files
+ in <filename>pkg-plist</filename>, a port can set the variable
+ <makevar>PORTDOCS</makevar> to a list of file names and shell
+ glob patterns to add to the final packing list.
+ The names will be relative to <makevar>DOCSDIR</makevar>.
+ Therefore, a port that utilizes <makevar>PORTDOCS</makevar> and
+ uses a non-default location for its documentation should set
+ <makevar>DOCSDIR</makevar> accordingly.
+ If a directory is listed in <makevar>PORTDOCS</makevar>
+ or matched by a glob pattern from this variable,
+ the entire subtree of contained files and directories will be
+ registered in the final packing list. If <makevar>NOPORTDOCS</makevar>
+ is defined then files and directories listed in
+ <makevar>PORTDOCS</makevar> would not be installed and neither
+ would be added to port packing list.
+ Installing the documentation at <makevar>PORTDOCS</makevar>
+ as shown above remains up to the port itself.
+ A typical example of utilizing <makevar>PORTDOCS</makevar>
+ looks as follows:</para>
+
+ <programlisting>PORTDOCS= README.* ChangeLog docs/*</programlisting>
+
+ <note>
+ <para>You can also use the <filename>pkg-message</filename> file to
+ display messages upon installation. See <link
+ linkend="porting-message">the section on using
+ <filename>pkg-message</filename></link> for details.
+ The <filename>pkg-message</filename> file does not need to be
+ added to <filename>pkg-plist</filename>.</para>
+ </note>
+ </sect1>
+
+ <sect1 id="dads-subdirs">
+ <title>Subdirectories</title>
+
+ <para>Try to let the port put things in the right subdirectories of
+ <makevar>PREFIX</makevar>. Some ports lump everything and put it in
+ the subdirectory with the port's name, which is incorrect. Also,
+ many ports put everything except binaries, header files and manual
+ pages in the a subdirectory of <filename>lib</filename>, which does
+ not work well with the BSD paradigm. Many of the files should be
+ moved to one of the following: <filename>etc</filename>
+ (setup/configuration files), <filename>libexec</filename>
+ (executables started internally), <filename>sbin</filename>
+ (executables for superusers/managers), <filename>info</filename>
+ (documentation for info browser) or <filename>share</filename>
+ (architecture independent files). See &man.hier.7; for details;
+ the rules governing
+ <filename>/usr</filename> pretty much apply to
+ <filename>/usr/local</filename> too. The exception are ports
+ dealing with USENET <quote>news</quote>. They may use
+ <filename><makevar>PREFIX</makevar>/news</filename> as a destination
+ for their files.</para>
+ </sect1>
+
+ <sect1 id="dads-uid-and-gids">
+ <title>UIDs and GIDs</title>
+
+ <para>If your port requires a certain user to be on the installed
+ system, let the <filename>pkg-install</filename> script call
+ <command>pw</command> to create it automatically. Look at
+ <filename role="package">net/cvsup-mirror</filename> for an example.</para>
+
+ <para>If your port must use the same user/group ID number when it is
+ installed as a binary package as when it was compiled, then you must
+ choose a free UID from 50 to 999 and register it below. Look at
+ <filename role="package">japanese/Wnn6</filename> for an example.</para>
+
+ <para>Make sure you do not use a UID already used by the system or
+ other ports.</para>
+
+ <para>This is the current list of UIDs between 50 and 999.</para>
+
+ <!-- Please keep this list sorted by uid -->
+ <programlisting>bind:*:53:53:Bind Sandbox:/:/sbin/nologin
+majordom:*:54:54:Majordomo Pseudo User:/usr/local/majordomo:/nonexistent
+rdfdb:*:55:55:rdfDB Daemon:/var/db/rdfdb:/bin/sh
+spamd:*:58:58:SpamAssassin user:/var/spool/spamd:/sbin/nologin
+cyrus:*:60:60:the cyrus mail server:/nonexistent:/nonexistent
+gnats:*:61:1:GNATS database owner:/usr/local/share/gnats/gnats-db:/bin/sh
+proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/nonexistent
+uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
+xten:*:67:67:X-10 daemon:/usr/local/xten:/nonexistent
+pop:*:68:6:Post Office Owner (popper):/nonexistent:/sbin/nologin
+wnn:*:69:7:Wnn:/nonexistent:/nonexistent
+pgsql:*:70:70:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh
+oracle:*:71:71::0:0:Oracle:/usr/local/oracle7:/sbin/nologin
+ircd:*:72:72:IRC daemon:/nonexistent:/nonexistent
+ircservices:*:73:73:IRC services:/nonexistent:/nonexistent
+simscan:*:74:74:Simscan User:/nonexistent:/sbin/nologin
+ifmail:*:75:66:Ifmail user:/nonexistent:/nonexistent
+www:*:80:80:World Wide Web Owner:/nonexistent:/sbin/nologin
+alias:*:81:81:QMail user:/var/qmail/alias:/nonexistent
+qmaild:*:82:81:QMail user:/var/qmail:/nonexistent
+qmaill:*:83:81:QMail user:/var/qmail:/nonexistent
+qmailp:*:84:81:QMail user:/var/qmail:/nonexistent
+qmailq:*:85:82:QMail user:/var/qmail:/nonexistent
+qmailr:*:86:82:QMail user:/var/qmail:/nonexistent
+qmails:*:87:82:QMail user:/var/qmail:/nonexistent
+mysql:*:88:88:MySQL Daemon:/var/db/mysql:/sbin/nologin
+vpopmail:*:89:89:VPop Mail User:/usr/local/vpopmail:/nonexistent
+firebird:*:90:90:Firebird Database Administrator:/usr/local/firebird:/bin/sh
+mailman:*:91:91:Mailman User:/usr/local/mailman:/sbin/nologin
+gdm:*:92:92:GDM Sandbox:/:/sbin/nologin
+jabber:*:93:93:Jabber Daemon:/nonexistent:/nonexistent
+p4admin:*:94:94:Perforce admin:/usr/local/perforce:/sbin/nologin
+interch:*:95:95:Interchange user:/usr/local/interchange:/sbin/nologin
+squeuer:*:96:96:SQueuer Owner:/nonexistent:/bin/sh
+mud:*:97:97:MUD Owner:/nonexistent:/bin/sh
+msql:*:98:98:mSQL-2 pseudo-user:/var/db/msqldb:/bin/sh
+rscsi:*:99:99:Remote SCSI:/usr/local/rscsi:/usr/local/sbin/rscsi
+squid:*:100:100:squid caching-proxy pseudo user:/usr/local/squid:/sbin/nologin
+quagga:*:101:101:Quagga route daemon pseudo user:/usr/local/etc/quagga:/sbin/nologin
+ganglia:*:102:102:Ganglia User:/nonexistent:/sbin/nologin
+sgeadmin:*:103:103:Sun Grid Engine Admin:/nonexistent:/sbin/nologin
+slimserv:*:104:104:Slim Devices SlimServer pseudo-user:/nonexistent:/sbin/nologin
+dnetc:*:105:105:distributed.net client and proxy pseudo-user:/nonexistent:/sbin/nologin
+clamav:*:106:106:Clamav Antivirus:/nonexistent:/sbin/nologin
+cacti:*:107:107:Cacti Sandbox:/nonexistent:/sbin/nologin
+webkit:*:108:108:WebKit Default User:/usr/local/www/webkit:/bin/sh
+quickml:*:109:109:quickml Server:/nonexistent:/sbin/nologin
+vscan:*:110:110:Scanning Virus Account:/var/amavis:/bin/sh
+fido:*:111:111:Fido System:/usr/local/fido:/bin/sh
+dcc:*:112:112:Distributed Checksum Clearinghouse:/nonexistent:/sbin/nologin
+amavis:*:113:113:Amavis-stats Account:/nonexistent:/sbin/nologin
+dhis:*:114:114:DHIS Daemon:/nonexistent:/sbin/nologin
+_symon:*:115:115:Symon Account:/var/empty:/sbin/nologin
+postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/sbin/nologin
+rbldns:*:153:153:rbldnsd pseudo-user:/nonexistent:/sbin/nologin
+sfs:*:171:171:Self-Certifying File System:/nonexistent:/sbin/nologin
+agk:*:172:172:AquaGateKeeper:/nonexistent:/nonexistent
+polipo:*:173:173:polipo web cache:/nonexistent:/sbin/nologin
+bogomilter:*:174:174:milter-bogom:/nonexistent:/sbin/nologin
+moinmoin:*:192:192:MoinMoin User:/nonexistent:/sbin/nologin
+sympa:*:200:200:Sympa Owner:/nonexistent:/sbin/nologin
+privoxy:*:201:201:Privoxy proxy user:/nonexistent:/sbin/nologin
+dspam:*:202:202:Dspam:/nonexistent:/sbin/nologin
+shoutcast:*:210:210:Shoutcast sandbox:/nonexistent:/bin/sh
+_tor:*:256:256:Tor anonymising router:/var/db/tor:/bin/sh
+smxs:*:260:260:Sendmail X SMTPS:/nonexistent:/sbin/nologin
+smxq:*:261:261:Sendmail X QMGR:/nonexistent:/sbin/nologin
+smxc:*:262:262:Sendmail X SMTPC:/nonexistent:/sbin/nologin
+smxm:*:263:263:Sendmail X misc:/nonexistent:/sbin/nologin
+smx:*:264:264:Sendmail X other:/nonexistent:/sbin/nologin
+ldap:*:389:389:OpenLDAP Server:/nonexistent:/sbin/nologin
+drweb:*:426:426:Dr.Web Mail Scanner:/nonexistent:/sbin/nologin
+courier:*:465:465:Courier Mail Server:/nonexistent:/sbin/nologin
+_bbstored:*:505:505::0:0:BoxBackup Store Daemon:/nonexistent:/bin/sh
+qtss:*:554:554:Darwin Streaming Server:/nonexistent:/sbin/nologin
+ircdru:*:555:555:Russian hybrid IRC server:/nonexistent:/bin/sh
+messagebus:*:556:556:D-BUS Daemon User:/nonexistent:/sbin/nologin
+avahi:*:558:558:Avahi Daemon User:/nonexistent:/sbin/nologin
+bnetd:*:700:700:Bnetd user:/nonexistent:/sbin/nologin
+bopm:*:717:717:Blitzed Open Proxy Monitor:/nonexistent:/bin/sh
+bacula:*:910:910:Bacula Daemon:/var/db/bacula:/sbin/nologin</programlisting>
+
+ <para>This is the current list of reserved GIDs.</para>
+
+ <!-- Please keep this list sorted by gid -->
+ <!-- XXX incomplete! -->
+ <programlisting>bind:*:53:
+rdfdb:*:55:
+spamd:*:58:
+cyrus:*:60:
+proxy:*:62:
+authpf:*:63:
+uucp:*:66:
+xten:*:67:
+dialer:*:68:
+network:*:69:
+pgsql:*:70:
+simscan:*:74:
+www:*:80:
+qnofiles:*:81:
+qmail:*:82:
+mysql:*:88:
+vpopmail:*:89:
+firebird:*:90:
+mailman:*:91:
+gdm:*:92:
+jabber:*:93:
+p4admin:*:94:
+interch:*:95:
+squeuer:*:96:
+mud:*:97:
+msql:*:98:
+rscsi:*:99:
+squid:*:100:
+quagga:*:101:
+ganglia:*:102:
+sgeadmin:*:103:
+slimserv:*:104:
+dnetc:*:105:
+clamav:*:106:
+cacti:*:107:
+webkit:*:108:
+quickml:*:109:
+vscan:*:110:
+fido:*:111:
+dcc:*:112:
+amavis:*:113:
+dhis:*:114:
+_symon:*:115:
+postfix:*:125:
+maildrop:*:126:
+rbldns:*:153:
+sfs:*:171:
+agk:*:172:
+polipo:*:173:
+moinmoin:*:192:
+sympa:*:200:
+dspam:*:202:
+_tor:*:256:
+smxs:*:260:
+smxq:*:261:
+smxc:*:262:
+smxm:*:263:
+smx:*:264:
+ldap:*:389:
+drweb:*:426:
+courier:*:465:
+_bbstored:*:505:
+qtss:*:554:
+ircdru:*:555:
+messagebus:*:556:
+realtime:*:557:
+avahi:*:558:
+bnetd:*:700:
+bopm:*:717:
+bacula:*:910:</programlisting>
+
+ <para>Please include a notice when you submit a port (or an upgrade)
+ that reserves a new UID or GID in this range. This allows us to
+ keep the list of reserved IDs up to date.</para>
+ </sect1>
+
+ <sect1 id="dads-rational">
+ <title>Do things rationally</title>
+
+ <para>The <filename>Makefile</filename> should do things simply and
+ reasonably. If you can make it a couple of lines shorter or more
+ readable, then do so. Examples include using a make
+ <literal>.if</literal> construct instead of a shell
+ <literal>if</literal> construct, not redefining
+ <maketarget>do-extract</maketarget> if you can redefine
+ <makevar>EXTRACT*</makevar> instead, and using
+ <makevar>GNU_CONFIGURE</makevar> instead of <literal>CONFIGURE_ARGS
+ += --prefix=&dollar;{PREFIX}</literal>.</para>
+
+ <para>If you find yourself having to write a lot
+ of new code to try to do something, please go back and review
+ <filename>bsd.port.mk</filename> to see if it contains an
+ existing implementation of what you are trying to do. While
+ hard to read, there are a great many seemingly-hard problems for
+ which <filename>bsd.port.mk</filename> already provides a
+ shorthand solution.</para>
+ </sect1>
+
+ <sect1 id="dads-cc">
+ <title>Respect both <makevar>CC</makevar> and
+ <makevar>CXX</makevar></title>
+
+ <para>The port should respect both <makevar>CC</makevar>
+ and <makevar>CXX</makevar> variables. What we mean by this
+ is that the port should not set the values of these variables
+ absolutely, overriding existing values; instead, it should append
+ whatever values it needs to the existing values. This is so that
+ build options that affect all ports can be set globally.</para>
+
+ <para>If the port does not respect these variables,
+ please add <literal>NO_PACKAGE=ignores either cc or
+ cxx</literal> to the <filename>Makefile</filename>.</para>
+
+ <para>An example of a <filename>Makefile</filename> respecting
+ both <makevar>CC</makevar> and <makevar>CXX</makevar>
+ variables follows. Note the <makevar>?=</makevar>:</para>
+
+ <programlisting>CC?= gcc</programlisting>
+ <programlisting>CXX?= g++</programlisting>
+
+ <para>Here is an example which respects neither
+ <makevar>CC</makevar> nor <makevar>CXX</makevar>
+ variables:</para>
+
+ <programlisting>CC= gcc</programlisting>
+ <programlisting>CXX= g++</programlisting>
+
+ <para>Both <makevar>CC</makevar> and <makevar>CXX</makevar>
+ variables can be defined on FreeBSD systems in
+ <filename>/etc/make.conf</filename>. The first example
+ defines a value if it was not previously set in
+ <filename>/etc/make.conf</filename>, preserving any
+ system-wide definitions. The second example clobbers
+ anything previously defined.</para>
+ </sect1>
+
+ <sect1 id="dads-cflags">
+ <title>Respect <makevar>CFLAGS</makevar></title>
+
+ <para>The port should respect the <makevar>CFLAGS</makevar> variable.
+ What we mean by this is that the port should not set the value of
+ this variable absolutely, overriding the existing value; instead,
+ it should append whatever values it needs to the existing value.
+ This is so that build options that affect all ports can be set
+ globally.</para>
+
+ <para>If it does not, please add <literal>NO_PACKAGE=ignores
+ cflags</literal> to the <filename>Makefile</filename>.</para>
+
+ <para>An example of a <filename>Makefile</filename> respecting
+ the <makevar>CFLAGS</makevar> variable follows. Note the
+ <makevar>+=</makevar>:</para>
+
+ <programlisting>CFLAGS+= -Wall -Werror</programlisting>
+
+ <para>Here is an example which does not respect the
+ <makevar>CFLAGS</makevar> variable:</para>
+
+ <programlisting>CFLAGS= -Wall -Werror</programlisting>
+
+ <para>The <makevar>CFLAGS</makevar> variable is defined on
+ FreeBSD systems in <filename>/etc/make.conf</filename>. The
+ first example appends additional flags to the
+ <makevar>CFLAGS</makevar> variable, preserving any system-wide
+ definitions. The second example clobbers anything previously
+ defined.</para>
+
+ <para>You should remove optimization flags from the third party
+ <filename>Makefile</filename>s. System <makevar>CFLAGS</makevar>
+ contains system-wide optimization flags. An example from
+ an unmodified <filename>Makefile</filename>:</para>
+
+ <programlisting>CFLAGS= -O3 -funroll-loops -DHAVE_SOUND</programlisting>
+
+ <para>Using system optimization flags, the
+ <filename>Makefile</filename> would look similar to the
+ following example:</para>
+
+ <programlisting>CFLAGS+= -DHAVE_SOUND</programlisting>
+
+ </sect1>
+
+ <sect1 id="dads-freedback">
+ <title>Feedback</title>
+
+ <para>Do send applicable changes/patches to the original
+ author/maintainer for inclusion in next release of the code. This
+ will only make your job that much easier for the next
+ release.</para>
+ </sect1>
+
+ <sect1 id="dads-readme">
+ <title><filename>README.html</filename></title>
+
+ <para>Do not include the <filename>README.html</filename> file. This
+ file is not part of the cvs collection but is generated using the
+ <command>make readme</command> command.
+ </para>
+ </sect1>
+
+ <sect1 id="dads-noinstall">
+ <title>Marking a port not installable with <makevar>BROKEN</makevar>,
+ <makevar>FORBIDDEN</makevar>, or <makevar>IGNORE</makevar></title>
+
+ <para>In certain cases users should be prevented from installing
+ a port. To tell a user that
+ a port should not be installed, there are several
+ <command>make</command> variables that can be used in a port's
+ <filename>Makefile</filename>. The value of the following
+ <command>make</command> variables will be the reason that is
+ given back to users for why the port refuses to install itself.
+ Please use the correct <command>make</command> variable as
+ each make variable conveys radically different meanings to
+ both users, and to automated systems that depend on the
+ <filename>Makefile</filename>s, such as
+ <link linkend="build-cluster">the ports build cluster</link>,
+ <link linkend="freshports">FreshPorts</link>, and
+ <link linkend="portsmon">portsmon</link>.</para>
+
+ <sect2 id="dads-noinstall-variables">
+ <title>Variables</title>
+
+ <itemizedlist>
+ <listitem>
+ <para><makevar>BROKEN</makevar> is reserved for ports that
+ currently do not compile, install, or deinstall correctly.
+ It should be used for ports where the the problem is
+ believed to be temporary.
+ The build cluster will still attempt to try to build
+ them to see if the underlying problem has been
+ resolved. For instance, use
+ <makevar>BROKEN</makevar> when a port:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>does not compile</para>
+ </listitem>
+
+ <listitem>
+ <para>fails its configuration or installation process</para>
+ </listitem>
+
+ <listitem>
+ <para>installs files outside of
+ <filename>${LOCALBASE}</filename> and
+ <filename>${X11BASE}</filename></para>
+ </listitem>
+
+ <listitem>
+ <para>does not remove all its files cleanly upon
+ deinstall (however, it may be acceptable, and desirable,
+ for the port to leave user-modified files behind)</para>
+ </listitem>
+ </itemizedlist>
+
+ </listitem>
+
+ <listitem>
+ <para><makevar>FORBIDDEN</makevar> is used for ports that
+ do contain a security vulnerability or induce grave
+ concern regarding the security of a FreeBSD system with
+ a given port installed (ex: a reputably insecure program
+ or a program that provides easily exploitable services).
+ Ports should be marked as <makevar>FORBIDDEN</makevar>
+ as soon as a particular piece of software has a
+ vulnerability and there is no released upgrade. Ideally
+ ports should be upgraded as soon as possible when a
+ security vulnerability is discovered so as to reduce the
+ number of vulnerable FreeBSD hosts (we like being known
+ for being secure), however sometimes there is a
+ noticeable time gap between disclosure of a
+ vulnerability and an updated release of the
+ vulnerable software. Do not mark a port
+ <makevar>FORBIDDEN</makevar> for any reason other than
+ security.</para>
+ </listitem>
+
+ <listitem>
+ <para><makevar>IGNORE</makevar> is reserved for ports that
+ should not be built for some other reason.
+ It should be used for ports where the the problem is
+ believed to be structural.
+ The build
+ cluster will not, under any
+ circumstances, build ports marked as
+ <makevar>IGNORE</makevar>. For instance, use
+ <makevar>IGNORE</makevar> when a port:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>compiles but does not run properly</para>
+ </listitem>
+
+ <listitem>
+ <para>does not work on the installed version of &os;</para>
+ </listitem>
+
+ <listitem>
+ <para>requires &os; kernel sources to build, but the
+ user does not have them installed</para>
+ </listitem>
+
+ <listitem>
+ <para>has a distfile which may not be automatically
+ fetched due to licensing restrictions</para>
+ </listitem>
+
+ <listitem>
+ <para>does not work with some other currently installed
+ port (for instance, the port depends on
+ <filename role="package">www/apache21</filename> but
+ <filename role="package">www/apache13</filename>
+ is installed)</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <para>If a port would conflict with a currently installed
+ port (for example, if they install a file in the same
+ place that perfoms a different function),
+ <link linkend="conflicts">use
+ <makevar>CONFLICTS</makevar> instead</link>.
+ <makevar>CONFLICTS</makevar> will set
+ <makevar>IGNORE</makevar> by itself.</para>
+ </note>
+ </listitem>
+
+ <listitem>
+ <para>If a port sould be marked <makevar>IGNORE</makevar>
+ only on certain architectures, there are two other
+ convenience variables that will automatically set
+ <makevar>IGNORE</makevar> for you:
+ <makevar>ONLY_FOR_ARCHS</makevar> and
+ <makevar>NOT_FOR_ARCHS</makevar>. Examples:</para>
+
+ <programlisting>ONLY_FOR_ARCHS= i386 amd64</programlisting>
+
+ <programlisting>NOT_FOR_ARCHS= alpha ia64 sparc64</programlisting>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ <sect2 id="dads-noinstall-notes">
+ <title>Implementation Notes</title>
+
+ <para>Due to vagaries in the usage of <makevar>IGNORECMD</makevar>
+ in <filename>bsd.port.mk</filename> among other places,
+ the value of <makevar>BROKEN</makevar> should be enclosed
+ in quotes, and the value of <makevar>IGNORE</makevar> should
+ not be enclosed in quotes.</para>
+
+ <para>Also, the wording of the string should be somewhat
+ different due to the way the information is shown to the
+ user. Examples:</para>
+
+ <programlisting>BROKEN= "this port is unsupported on FreeBSD 5.x"</programlisting>
+
+ <programlisting>IGNORE= is unsupported on FreeBSD 5.x</programlisting>
+
+ <para>resulting in the following output from
+ <command>make describe</command>:</para>
+
+ <programlisting>===> foobar-0.1 is marked as broken: this port is unsupported on FreeBSD 5.x.</programlisting>
+
+ <programlisting>===> foobar-0.1 is unsupported on FreeBSD 5.x.</programlisting>
+ </sect2>
+ </sect1>
+
+ <sect1 id="dads-deprecated">
+ <title>Marking a port for removal with <makevar>DEPRECATED</makevar>
+ or <makevar>EXPIRATION_DATE</makevar></title>
+
+ <para>Do remember that <makevar>BROKEN</makevar> and
+ <makevar>FORBIDDEN</makevar> are to be used as a
+ temporary resort if a port is not working. Permanently
+ broken ports should be removed from the tree
+ entirely.</para>
+
+ <para>When it makes sense to do so, users can be warned about
+ a pending port removal with <makevar>DEPRECATED</makevar>
+ and <makevar>EXPIRATION_DATE</makevar>. The former is
+ simply a string stating why the port is scheduled for removal;
+ the latter is a string in ISO 8601 format (YYYY-MM-DD). Both
+ will be shown to the user.</para>
+
+ <para>It is possible to set <makevar>DEPRECATED</makevar>
+ without an <makevar>EXPIRATION_DATE</makevar> (for
+ instance, recommending a newer version of the port), but
+ the converse does not make any sense.</para>
+
+ <para>There is no set policy on how much notice to give.
+ Current practice seems to be one month for security-related
+ issues and two months for build issues. This also gives any
+ interested committers a little time to fix the problems.</para>
+ </sect1>
+
+ <sect1 id="dads-dot-error">
+ <title>Avoid use of the <literal>.error</literal> construct</title>
+
+ <para>The correct way for a <filename>Makefile</filename> to
+ signal that the port can not be installed due to some external
+ factor (for instance, the user has specified an illegal
+ combination of build options) is to set a nonblank value to
+ <makevar>IGNORE</makevar>. This value will be formatted and
+ shown to the user by <command>make install</command>.</para>
+
+ <para>It is a common mistake to use <literal>.error</literal>
+ for this purpose. The problem with this is that many
+ automated tools that work with the ports tree will fail in
+ this situation. The most common occurence of this is seen
+ when trying to build <filename>/usr/ports/INDEX</filename>
+ (see <xref linkend="make-describe">). However, even more
+ trivial commands such as <command>make -V maintainer</command>
+ also fail in this scenario. This is not acceptable.</para>
+
+ <example id="dot-error-breaks-index">
+ <title>How to avoid using <literal>.error</literal></title>
+ <para>Assume that someone has the line
+ <programlisting>USE_POINTYHAT=yes</programlisting>
+ in <filename>make.conf</filename>. The first of
+ the next two <filename>Makefile</filename> snippets will
+ cause <command>make index</command> to fail, while the
+ second one will not:</para>
+ <programlisting>.if USE_POINTYHAT
+.error "POINTYHAT is not supported"
+.endif</programlisting>
+ <programlisting>.if USE_POINTYHAT
+IGNORE=POINTYHAT is not supported
+.endif</programlisting>
+ </example>
+
+ </sect1>
+
+ <sect1 id="dads-workarounds">
+ <title>Necessary workarounds</title>
+
+ <para>Sometimes it is necessary to work around bugs in
+ software included with older versions of &os;.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Some versions of &man.make.1; were broken
+ on at least 4.8 and 5.0 with respect to handling
+ comparisons based on <makevar>OSVERSION</makevar>.
+ This would often lead to failures during
+ <command>make describe</command> (and thus, the overall
+ ports <command>make index</command>). The workaround is
+ to enclose the conditional comparison in spaces, e.g.:
+ <programlisting>if ( ${OSVERSION} > 500023 )</programlisting>
+ Be aware that test-installing a port on 4.9 or 5.2
+ will <emphasis>not</emphasis> detect this problem.</para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="dads-misc">
+ <title>Miscellanea</title>
+
+ <para>The files
+ <filename>pkg-descr</filename> and <filename>pkg-plist</filename>
+ should each be double-checked. If you are reviewing a port and feel
+ they can be worded better, do so.</para>
+
+ <para>Do not copy more copies of the GNU General Public License into
+ our system, please.</para>
+
+ <para>Please be careful to note any legal issues! Do not let us
+ illegally distribute software!</para>
+ </sect1>
+
+ </chapter>
+
+ <chapter id="porting-samplem">
+ <title>A Sample <filename>Makefile</filename></title>
+
+ <para>Here is a sample <filename>Makefile</filename> that you can use to
+ create a new port. Make sure you remove all the extra comments (ones
+ between brackets)!</para>
+
+ <para>It is recommended that you follow this format (ordering of
+ variables, empty lines between sections, etc.). This format is
+ designed so that the most important information is easy to locate. We
+ recommend that you use <link
+ linkend="porting-portlint">portlint</link> to check the
+ <filename>Makefile</filename>.</para>
+
+ <programlisting>[the header...just to make it easier for us to identify the ports.]
+# New ports collection makefile for: xdvi
+[the "version required" line is only needed when the PORTVERSION
+ variable is not specific enough to describe the port.]
+# Date created: 26 May 1995
+[this is the person who did the original port to FreeBSD, in particular, the
+person who wrote the first version of this Makefile. Remember, this should
+not be changed when upgrading the port later.]
+# Whom: Satoshi Asami &lt;asami@FreeBSD.org&gt;
+#
+# &dollar;FreeBSD&dollar;
+[ ^^^^^^^^^ This will be automatically replaced with RCS ID string by CVS
+when it is committed to our repository. If upgrading a port, do not alter
+this line back to "&dollar;FreeBSD&dollar;". CVS deals with it automatically.]
+#
+
+[section to describe the port itself and the master site - PORTNAME
+ and PORTVERSION are always first, followed by CATEGORIES,
+ and then MASTER_SITES, which can be followed by MASTER_SITE_SUBDIR.
+ PKGNAMEPREFIX and PKGNAMESUFFIX, if needed, will be after that.
+ Then comes DISTNAME, EXTRACT_SUFX and/or DISTFILES, and then
+ EXTRACT_ONLY, as necessary.]
+PORTNAME= xdvi
+PORTVERSION= 18.2
+CATEGORIES= print
+[do not forget the trailing slash ("/")!
+ if you are not using MASTER_SITE_* macros]
+MASTER_SITES= ${MASTER_SITE_XCONTRIB}
+MASTER_SITE_SUBDIR= applications
+PKGNAMEPREFIX= ja-
+DISTNAME= xdvi-pl18
+[set this if the source is not in the standard ".tar.gz" form]
+EXTRACT_SUFX= .tar.Z
+
+[section for distributed patches -- can be empty]
+PATCH_SITES= ftp://ftp.sra.co.jp/pub/X11/japanese/
+PATCHFILES= xdvi-18.patch1.gz xdvi-18.patch2.gz
+
+[maintainer; *mandatory*! This is the person who is volunteering to
+ handle port updates, build breakages, and to whom a users can direct
+ questions and bug reports. To keep the quality of the Ports Collection
+ as high as possible, we no longer accept new ports that are assigned to
+ "ports@FreeBSD.org".]
+MAINTAINER= asami@FreeBSD.org
+COMMENT= A DVI Previewer for the X Window System
+
+[dependencies -- can be empty]
+RUN_DEPENDS= gs:${PORTSDIR}/print/ghostscript
+LIB_DEPENDS= Xpm.5:${PORTSDIR}/graphics/xpm
+
+[this section is for other standard bsd.port.mk variables that do not
+ belong to any of the above]
+[If it asks questions during configure, build, install...]
+IS_INTERACTIVE= yes
+[If it extracts to a directory other than ${DISTNAME}...]
+WRKSRC= ${WRKDIR}/xdvi-new
+[If the distributed patches were not made relative to ${WRKSRC}, you
+ may need to tweak this]
+PATCH_DIST_STRIP= -p1
+[If it requires a "configure" script generated by GNU autoconf to be run]
+GNU_CONFIGURE= yes
+[If it requires GNU make, not /usr/bin/make, to build...]
+USE_GMAKE= yes
+[If it is an X application and requires "xmkmf -a" to be run...]
+USE_IMAKE= yes
+[et cetera.]
+
+[non-standard variables to be used in the rules below]
+MY_FAVORITE_RESPONSE= "yeah, right"
+
+[then the special rules, in the order they are called]
+pre-fetch:
+ i go fetch something, yeah
+
+post-patch:
+ i need to do something after patch, great
+
+pre-install:
+ and then some more stuff before installing, wow
+
+[and then the epilogue]
+.include &lt;bsd.port.mk&gt;</programlisting>
+ </chapter>
+
+ <chapter id="keeping-up">
+ <title>Keeping Up</title>
+
+ <para>The &os; Ports Collection is constantly changing. Here is
+ some information on how to keep up.</para>
+
+ <sect1 id="freshports">
+ <title>FreshPorts</title>
+
+ <para>One of the easiest ways to learn about updates that have
+ already been committed is by subscribing to
+ <ulink url="http://www.FreshPorts.org/">FreshPorts</ulink>.
+ You can select multiple ports to monitor. Maintainers are
+ strongly encouraged to subscribe, because they will receive
+ notification of not only their own changes, but also any
+ changes that any other &os; committer has made. (These are
+ often necessary to keep up with changes in the underlying
+ ports framework&mdash;although it would be most polite to
+ receive an advance heads-up from those committing such changes,
+ sometimes this is overlooked or just simply impractical.
+ Also, in some cases, the changes are very minor in nature.
+ We expect everyone to use their best judgement in these
+ cases.)</para>
+
+ <para>If you wish to use FreshPorts, all you need is an
+ account. If your registered email address is
+ <literal>@FreeBSD.org</literal>, you will see the opt-in link on the
+ right hand side of the webpages.
+ For those of you who already have a FreshPorts account, but are not
+ using your <literal>@FreeBSD.org</literal> email address,
+ just change your email to <literal>@FreeBSD.org</literal>, subscribe,
+ then change it back again.</para>
+
+ <para>FreshPorts also has
+ a sanity test feature which automatically tests each commit to the
+ FreeBSD ports tree. If subscribed to this service, you will be
+ notified of any errors which FreshPorts detects during sanity
+ testing of your commits.</para>
+ </sect1>
+
+ <sect1 id="cvsweb">
+ <title>The Web Interface to the Source Repository</title>
+
+ <para>It is possible to browse the files in the source repository by
+ using a web interface. Changes that affect the entire port system
+ are now documented in the
+ <ulink url="http://cvsweb.FreeBSD.org/ports/CHANGES">
+ CHANGES</ulink> file. Changes that affect individual ports
+ are now documented in the
+ <ulink url="http://cvsweb.FreeBSD.org/ports/UPDATING">
+ UPDATING</ulink> file. However, the definitive answer to any
+ question is undoubtedly to read the source code of <ulink
+ url="http://cvsweb.FreeBSD.org/ports/Mk/bsd.port.mk">
+ bsd.port.mk</ulink>, and associated files.</para>
+
+ </sect1>
+
+ <sect1 id="ports-mailling-list">
+ <title>The &os; Ports Mailing List</title>
+
+ <para>If you maintain ports, you should consider following the
+ &a.ports;. Important changes to the way ports work will be announced
+ there, and then committed to <filename>CHANGES</filename>.</para>
+
+ </sect1>
+
+ <sect1 id="build-cluster">
+ <title>The &os; Port Building Cluster on
+ <hostid role="hostname">pointyhat.FreeBSD.org</hostid></title>
+
+ <para>One of the least-publicized strengths of &os; is that
+ an entire cluster of machines is dedicated to continually
+ building the Ports Collection, for each of the major OS
+ releases and for each Tier-1 architecture. You can find
+ the results of these builds at
+ <ulink url="http://pointyhat.FreeBSD.org/">package building logs
+ and errors</ulink>.</para>
+
+ <para>Individual ports are built unless they are specifically
+ marked with <makevar>IGNORE</makevar>. Ports that are
+ marked with <makevar>BROKEN</makevar> will still be attempted,
+ to see if the underlying problem has been resolved. (This
+ is done by passing <makevar>TRYBROKEN</makevar> to the
+ port's <filename>Makefile</filename>.)</para>
+
+ </sect1>
+
+ <sect1 id="distfile-survey">
+ <title>The &os; Port Distfile Survey</title>
+
+ <para>The build cluster is dedicated to building the latest
+ release of each port with distfiles that have already been
+ fetched. However, as the Internet continually changes,
+ distfiles can quickly go missing. The <ulink
+ url="http://people.FreeBSD.org/~fenner/portsurvey/">FreeBSD
+ Ports distfiles survey</ulink> attempts to query every
+ download site for every port to find out if each distfile
+ is still currently available. Maintainers are asked to
+ check this report periodically, not only to speed up the
+ building process for users, but to help avoid wasting
+ bandwidth of the sites that volunteer to host all these
+ distfiles.</para>
+
+ </sect1>
+
+ <sect1 id="portsmon">
+
+ <title>The &os; Ports Monitoring System</title>
+
+ <para>Another handy resource is the
+ <ulink url="http://portsmon.FreeBSD.org">
+ FreeBSD Ports Monitoring System</ulink> (also known as
+ <literal>portsmon</literal>). This system comprises a
+ database that processes information from several sources
+ and allows its to be browsed via a web interface. Currently,
+ the ports Problem Reports (PRs), the error logs from
+ the build cluster, and individual files from the ports
+ collection are used. In the future, this will be expanded
+ to include the distfile survey, as well as other sources.</para>
+
+ <para>To get started, you can view all information about a
+ particular port by using the
+ <ulink url="http://portsmon.FreeBSD.org/portoverview.py">
+ Overview of One Port</ulink>.</para>
+
+ <para>As of this writing, this is the only resource available
+ that maps GNATS PR entries to portnames. (PR submitters
+ do not always include the portname in their Synopsis, although
+ we would prefer that they did.) So, <literal>portsmon</literal>
+ is a good place to start if you want to find out whether an
+ existing port has any PRs filed against it and/or any build
+ errors; or, to find out if a new port that you may be thinking
+ about creating has already been submitted.</para>
+ </sect1>
+
+ </chapter>
+</book>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ End:
+-->
diff --git a/zh_TW.Big5/books/porters-handbook/freebsd.dsl b/zh_TW.Big5/books/porters-handbook/freebsd.dsl
new file mode 100644
index 0000000000..b0369c5209
--- /dev/null
+++ b/zh_TW.Big5/books/porters-handbook/freebsd.dsl
@@ -0,0 +1,40 @@
+<!-- $FreeBSD$ -->
+
+<!-- Local DSSSL file for the Porter's Handbook. This is so we can include
+ a link to the -ports mailing list at the bottom of the HTML files,
+ rather than the -questions mailing list. -->
+
+<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
+<!ENTITY freebsd.dsl SYSTEM "../../share/sgml/freebsd.dsl" CDATA DSSSL>
+<!ENTITY % output.html "IGNORE">
+]>
+
+<style-sheet>
+ <style-specification use="docbook">
+ <style-specification-body>
+
+ <![ %output.html; [
+ (define ($email-footer$)
+ (make sequence
+ (literal "For questions about the FreeBSD ports system, e-mail <")
+ (create-link (list (list "HREF" "mailto:ports@FreeBSD.org"))
+ (literal "ports@FreeBSD.org"))
+ (literal ">.")
+ (make empty-element gi: "br")
+ (literal "For questions about this documentation, e-mail <")
+ (create-link (list (list "HREF" "mailto:doc@FreeBSD.org"))
+ (literal "doc@FreeBSD.org"))
+ (literal ">.")))
+
+ <!-- Convert " ... " to `` ... '' in the HTML output. -->
+ (element quote
+ (make sequence
+ (literal "``")
+ (process-children)
+ (literal "''")))
+ ]]>
+ </style-specification-body>
+ </style-specification>
+
+ <external-specification id="docbook" document="freebsd.dsl">
+</style-sheet>
diff --git a/zh_TW.Big5/books/zh-tut/Makefile b/zh_TW.Big5/books/zh-tut/Makefile
new file mode 100644
index 0000000000..09e2ed6c58
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/Makefile
@@ -0,0 +1,140 @@
+#
+# $FreeBSD$
+#
+# Build the FreeBSD Handbook.
+#
+
+MAINTAINER= statue@freebsd.sinica.edu.tw
+
+DOC?= zh-tut
+
+FORMATS?= html-split
+
+INSTALL_COMPRESSED?= gz
+INSTALL_ONLY_COMPRESSED?=
+
+TIDYFLAGS= -raw
+
+DSLHTML= freebsd.dsl
+DSLPRINT= freebsd.dsl
+#
+# SRCS lists the individual SGML files that make up the document. Changes
+# to any of these files will force a rebuild
+#
+
+# SGML content
+SRCS= book.sgml
+SRCS+= chapters/ack.sgml
+SRCS+= chapters/compose.sgml
+SRCS+= chapters/converter.sgml
+SRCS+= chapters/charmap.sgml
+SRCS+= chapters/devel.sgml
+SRCS+= chapters/dict.sgml
+SRCS+= chapters/difficult.sgml
+SRCS+= chapters/faq.sgml
+SRCS+= chapters/fonts.sgml
+SRCS+= chapters/l10n.sgml
+SRCS+= chapters/mailclient.sgml
+SRCS+= chapters/message.sgml
+SRCS+= chapters/multimedia.sgml
+SRCS+= chapters/net.sgml
+SRCS+= chapters/other.sgml
+SRCS+= chapters/outta.sgml
+SRCS+= chapters/preface.sgml
+SRCS+= chapters/print.sgml
+SRCS+= chapters/software.sgml
+SRCS+= chapters/stepbystep.sgml
+SRCS+= chapters/view.sgml
+SRCS+= chapters/wm.sgml
+SRCS+= chapters/xwin.sgml
+
+# Entities
+SRCS+= authors.ent
+SRCS+= chapters.ent
+
+IMAGES= images/20020527-2.png
+IMAGES+= images/20020527.png
+IMAGES+= images/Eterm.png
+IMAGES+= images/IglooFTP.png
+IMAGES+= images/abiword.png
+IMAGES+= images/acroread.png
+IMAGES+= images/applet.png
+IMAGES+= images/arphicttf.png
+IMAGES+= images/aterm.png
+IMAGES+= images/bbsnet.png
+IMAGES+= images/bg5pdf.png
+IMAGES+= images/bg5ps.png
+IMAGES+= images/big5con.png
+IMAGES+= images/cccii.png
+IMAGES+= images/cce.png
+IMAGES+= images/cid-gv.png
+IMAGES+= images/cjk.png
+IMAGES+= images/cjk-lyx.png
+IMAGES+= images/cwtexttf.png
+IMAGES+= images/cxterm.png
+IMAGES+= images/dict.png
+IMAGES+= images/dvipdfmx.png
+IMAGES+= images/edict-big5.png
+IMAGES+= images/fzzdxfw.png
+IMAGES+= images/fortunetw.png
+IMAGES+= images/gaim.png
+IMAGES+= images/gnuls.png
+IMAGES+= images/hanzim.png
+IMAGES+= images/hztty.png
+IMAGES+= images/irssi.png
+IMAGES+= images/joe.png
+IMAGES+= images/kde-print.png
+IMAGES+= images/kfont_3_1.png
+IMAGES+= images/kmerlin.png
+IMAGES+= images/konq_3_1.png
+IMAGES+= images/konq_3_2.png
+IMAGES+= images/konq_3_3.png
+IMAGES+= images/konq_3_4.png
+IMAGES+= images/konqueror.png
+IMAGES+= images/konsole.png
+IMAGES+= images/ldap.png
+IMAGES+= images/lynx.png
+IMAGES+= images/licq.png
+IMAGES+= images/man.png
+IMAGES+= images/mlterm.png
+IMAGES+= images/mplayer.png
+IMAGES+= images/moefonts-cid.png
+IMAGES+= images/moettf.png
+IMAGES+= images/mozilla.png
+IMAGES+= images/mutt.png
+IMAGES+= images/nautilus.png
+IMAGES+= images/ncftp3.png
+IMAGES+= images/ntfs.png
+IMAGES+= images/ntuttf.png
+IMAGES+= images/openoffice.png
+IMAGES+= images/oxford.png
+IMAGES+= images/php-imagettftext.png
+IMAGES+= images/php-pdf.png
+IMAGES+= images/pydict.png
+IMAGES+= images/qe.png
+IMAGES+= images/qkmj.png
+IMAGES+= images/qterm.png
+IMAGES+= images/rxvt.png
+IMAGES+= images/showttf.png
+IMAGES+= images/stardict.png
+IMAGES+= images/stardict2.png
+IMAGES+= images/swing.png
+IMAGES+= images/sylpheed.png
+IMAGES+= images/tcltk.png
+IMAGES+= images/tcsh.png
+IMAGES+= images/tin.png
+IMAGES+= images/tintin++.png
+IMAGES+= images/ttf2pt1.png
+IMAGES+= images/ve.png
+IMAGES+= images/vim.png
+IMAGES+= images/vnc.png
+IMAGES+= images/wangttf.png
+IMAGES+= images/windowmaker.png
+IMAGES+= images/xchat.png
+IMAGES+= images/xcin25.png
+IMAGES+= images/xmms.png
+IMAGES+= images/xpdf.png
+IMAGES+= images/zhcon.png
+
+DOC_PREFIX?= ${.CURDIR}/../../..
+.include "${DOC_PREFIX}/share/mk/doc.project.mk"
diff --git a/zh_TW.Big5/books/zh-tut/authors.ent b/zh_TW.Big5/books/zh-tut/authors.ent
new file mode 100644
index 0000000000..177cb2d061
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/authors.ent
@@ -0,0 +1,39 @@
+<!--
+ Names and email address of contributing authors and CVS committers.
+ Entity names for committers should be the same as their login names on
+ freefall.FreeBSD.org.
+
+ Use these entities when referencing people.
+
+ Please keep this list in alphabetical order by entity names.
+
+ Id: authors.ent,v 1.9 2003/10/12 12:14:19 statue Exp
+ $FreeBSD$
+-->
+
+<!ENTITY a.statue "Shen Chun-Hsing <email>statue@freebsd.sinica.edu.tw</email>">
+<!ENTITY a.clive "Clive T. Lin<email>clive@FreeBSD.ORG</email>">
+<!ENTITY a.cschin "Chen-Shan Chin <email>cschin@u.washington.edu</email>">
+<!ENTITY a.cwhuang "cwhuang <email>cwhuang@phys.ntu.edu.tw</email>">
+<!ENTITY a.cwweng "Chih-Wei Weng <email>cwweng@mail.ep.nctu.edu.tw</email>">
+<!ENTITY a.edwardlee "Edward G.J. Lee <email>EdwardLee@bbs.ee.ntu.edu.tw</email>">
+<!ENTITY a.foxfair "Foxfair Hu <email>foxfair@FreeBSD.ORG</email>">
+<!ENTITY a.gslin "Gea-Suan Lin <email>gslin@ccca.nctu.edu.tw</email>">
+<!ENTITY a.ijliao "Ying-chieh Liao <email>ijliao@FreeBSD.ORG</email>">
+<!ENTITY a.jdli "jdli <email>jdli@csie.nctu.edu.tw</email>">
+<!ENTITY a.jerry "jerry <email>jerry@mail.hantop.com.tw</email>">
+<!ENTITY a.joelu "Joe Lu <email>JoeLu@freebsd.ee.ntu.edu.tw</email>">
+<!ENTITY a.keichii "Michael C. Wu <email>keichii@FreeBSD.ORG</email>">
+<!ENTITY a.keith "Jing-Tang Keith Jang <email>keith@FreeBSD.ORG</email>">
+<!ENTITY a.kevlo "Kevin Lo <email>kevlo@FreeBSD.ORG</email>">
+<!ENTITY a.kuang.c.w "Kuang-che Wu <email>b88062@csie.ntu.edu.tw</email>">
+<!ENTITY a.leeym "Yen-Ming Lee <email>leeym@FreeBSD.ORG</email>">
+<!ENTITY a.mhsin "mhsin <email>b7506043@csie.ntu.edu.tw</email>">
+<!ENTITY a.platin "platin <email>platin@ms31.hinet.net</email>">
+<!ENTITY a.srlee "§õªYèû <email>srlee@csie.nctu.edu.tw</email>">
+<!ENTITY a.tung.c.k "Chung-Kie Tung <email>tung@turtle.ee.ncku.edu.tw</email>">
+<!ENTITY a.thhsieh "thhsieh <email>thhsieh@linux.org.tw</email>">
+<!ENTITY a.vanilla "Vanilla I. Shu <email>vanilla@FreeBSD.ORG</email>">
+<!ENTITY a.weijr "weijr <email>weijr.bbs@bbs.ntu.edu.tw</email>">
+<!ENTITY a.ycheng "Yuan-Chen Cheng <email>ycheng@sinica.edu.tw</email>">
+<!ENTITY a.yinjieh "yinjieh <email>yinjieh@csie.nctu.edu.tw</email>">
diff --git a/zh_TW.Big5/books/zh-tut/chapter.decl b/zh_TW.Big5/books/zh-tut/chapter.decl
new file mode 100644
index 0000000000..3e187a32ee
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapter.decl
@@ -0,0 +1,2 @@
+<!-- $FreeBSD$ -->
+<!DOCTYPE chapter PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN">
diff --git a/zh_TW.Big5/books/zh-tut/chapters.ent b/zh_TW.Big5/books/zh-tut/chapters.ent
new file mode 100644
index 0000000000..7946b240ab
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters.ent
@@ -0,0 +1,39 @@
+<!--
+ Creates entities for each chapter in the FreeBSD Handbook. Each entity
+ is named chap.foo, where foo is the value of the id attribute on that
+ chapter, and corresponds to the name of the directory in which that
+ chapter's .sgml file is stored.
+
+ Chapters should be listed in the order in which they are referenced.
+
+ Id: chapters.ent,v 1.13 2003/09/10 19:57:19 statue Exp
+ $FreeBSD$
+-->
+
+<!-- Part one -->
+<!ENTITY chap.preface SYSTEM "chapters/preface.sgml">
+<!ENTITY chap.stepbystep SYSTEM "chapters/stepbystep.sgml">
+<!ENTITY chap.dict SYSTEM "chapters/dict.sgml">
+<!ENTITY chap.difficult SYSTEM "chapters/difficult.sgml">
+<!ENTITY chap.environment SYSTEM "chapters/environment.sgml">
+<!ENTITY chap.fetch SYSTEM "chapters/fetch.sgml">
+<!ENTITY chap.xwin SYSTEM "chapters/xwin.sgml">
+<!ENTITY chap.message SYSTEM "chapters/message.sgml">
+<!ENTITY chap.fonts SYSTEM "chapters/fonts.sgml">
+<!ENTITY chap.view SYSTEM "chapters/view.sgml">
+<!ENTITY chap.wm SYSTEM "chapters/wm.sgml">
+<!ENTITY chap.print SYSTEM "chapters/print.sgml">
+<!ENTITY chap.compose SYSTEM "chapters/compose.sgml">
+<!ENTITY chap.converter SYSTEM "chapters/converter.sgml">
+<!ENTITY chap.mailclient SYSTEM "chapters/mailclient.sgml">
+<!ENTITY chap.net SYSTEM "chapters/net.sgml">
+<!ENTITY chap.irc SYSTEM "chapters/irc.sgml">
+<!ENTITY chap.devel SYSTEM "chapters/devel.sgml">
+<!ENTITY chap.multimedia SYSTEM "chapters/multimedia.sgml">
+<!ENTITY chap.software SYSTEM "chapters/software.sgml">
+<!ENTITY chap.outta SYSTEM "chapters/outta.sgml">
+<!ENTITY chap.other SYSTEM "chapters/other.sgml">
+<!ENTITY chap.l10n SYSTEM "chapters/l10n.sgml">
+<!ENTITY chap.faq SYSTEM "chapters/faq.sgml">
+<!ENTITY chap.charmap SYSTEM "chapters/charmap.sgml">
+<!ENTITY chap.ack SYSTEM "chapters/ack.sgml">
diff --git a/zh_TW.Big5/books/zh-tut/chapters/ack.sgml b/zh_TW.Big5/books/zh-tut/chapters/ack.sgml
new file mode 100644
index 0000000000..b5c9112391
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/ack.sgml
@@ -0,0 +1,147 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: ack.sgml,v 1.16 2003/12/08 11:06:41 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="ack">
+ <title>·PÁÂ</title>
+ <para>¥»¥÷¤å¥óªº§¹¦¨¡A­n·PÁÂ¥H¤Uªº¼ö¤ß¤H¤h :-)¡C
+ §ó­n·PÁ­P¤O¬° FreeBSD ¤¤¤å¤Æªº³\¦h¤H­Ì¡C¦]¬°¥L­Ìªº§V¤O¡A¤µ¤é
+ §Ú­Ì¦b FreeBSD ¤W¤~¦³µÎ¾Aªº¤¤¤åÀô¹Ò¯à¨Ï¥Î¡C
+ ¥i¥H±q <ulink url="http://www.freebsd.org/cgi/cvsweb.cgi/CVSROOT-ports/access">CVSROOT-ports/access</ulink> ±o¨ì©Ò¦³ ports committer ªº¥[¤J®É¶¡¡C</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>&a.statue; Weak initializer¡A¤]¬O·s¤â ports maintainer¡C</para>
+ </listitem>
+ <listitem>
+ <para>&a.clive; µ¹¤©³o¥÷¤å¥ó«Ü¦hªº«ü¾É¡A
+ FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/clive@freebsd.org.html">ports committer</ulink>
+ (06 Dec 2000)¡A¹ï©ó¤¤¤åªº°^Äm¤£¿ò¾l¤O¡C</para>
+ </listitem>
+ <listitem>
+ <para>&a.foxfair; FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/foxfair@freebsd.org.html">ports committer</ulink>¡A
+ ¹ï©ó¤¤¤åªº°^Äm¤£¿ò¾l¤O¡C</para>
+ </listitem>
+ <listitem>
+ <para>&a.gslin; ´£¨Ñ cvsup ªº³]©w¤è¦¡©M¨BÆJ¡A°ê¤º¨Ï¥Î FreeBSD ªº°ª¯Åª±®a¡C
+ </para>
+ </listitem>
+ <listitem>
+ <para>&a.ijliao; FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/ijliao@freebsd.org.html">ports committer</ulink>
+ (20 Jan 2001)¡A¹ï©ó¤¤¤åªº°^Äm¤£¿ò¾l¤O¡C </para>
+ </listitem>
+ <listitem>
+ <para>&a.keichii; FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/keichii@freebsd.org.html">src committer</ulink>(07 Mar 2001)¡A¦b¦C¦Lªº³¹¸`µ¹¤©¤F«Ü¦hªº«ü¾É¡C</para>
+ </listitem>
+ <listitem>
+ <para>&a.keith; FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/keith@freebsd.org.html">ports committer</ulink>
+ (06 Nov 2000)¡A¹ï©ó¤¤¤åªº°^Äm¤£¿ò¾l¤O¡C </para>
+ </listitem>
+ <listitem>
+ <para>&a.kevlo; FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/kevlo@freebsd.org.html">ports committer</ulink>
+ (28 May 1999)¡A¹ï©ó¤¤¤åªº°^Äm¤£¿ò¾l¤O¡C </para>
+ </listitem>
+ <listitem>
+ <para>&a.leeym; FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/leeym@freebsd.org.html">ports committer</ulink>
+ (14 Aug 2002)¡A¹ï©ó¤¤¤åªº°^Äm¤£¿ò¾l¤O¡C </para>
+ </listitem>
+ <listitem>
+ <para>&a.vanilla; FreeBSD ªº <ulink url="http://people.freebsd.org/~fenner/portsurvey/vanilla@freebsd.org.html">ports committer</ulink>
+ (25 Dec 1997)¡A¹ï©ó¤¤¤åªº°^Äm¤£¿ò¾l¤O¡C </para>
+ </listitem>
+ <listitem>
+ <para>davidxu ¬O¤j³°ªº committer¡A±Mªù°µ KSE ¤è­±¡C</para>
+ </listitem>
+ <listitem>
+ <para>hsu ¬O¤j³°ªº committer¡C</para>
+ </listitem>
+ <listitem>
+ <para>bmah ¬O­»´äªº committer¡C</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>¥H¤U¬O FreeBSD ports maintainers¡C</para>
+ <programlisting>
+find /usr/ports -name Makefile -print|xargs grep MAINTAINER|grep \\.tw|sort|uniq|less
+cut -d\| -f6 /usr/ports/INDEX | grep \.tw\$ | sort | uniq -c</programlisting>
+ <itemizedlist>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/avatar@mmlab.cse.yzu.edu.tw.html">avatar@mmlab.cse.yzu.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/clsung@dragon2.net.html">clsung@dragon2.net</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/edwardc@firebird.org.tw.html">edwardc@firebird.org.tw.html</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/gslin@ccca.nctu.edu.tw.html">gslin@ccca.nctu.edu.tw.html</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/horance@freedom.ie.cycu.edu.tw.html">horance@freedom.ie.cycu.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/jdli@csie.nctu.edu.tw.html">jdli@csie.nctu.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/jihuang@gate.sinica.edu.tw.html">jihuang@gate.sinica.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/kcwu@ck.tp.edu.tw.html">kcwu@ck.tp.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/sexbear@tmu.edu.tw.html">sexbear@tmu.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/piaip@csie.ntu.edu.tw.html">piaip@csie.ntu.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/tung@turtle.ee.ncku.edu.tw.html">tung@turtle.ee.ncku.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/woju@freebsd.ntu.edu.tw.html">woju@freebsd.ntu.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/ycheng@sinica.edu.tw.html">ycheng@sinica.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/yinjieh@csie.nctu.edu.tw.html">yinjieh@csie.nctu.edu.tw</ulink></para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://people.freebsd.org/~fenner/portsurvey/yssu@ccca.nctu.edu.tw.html">yssu@CCCA.NCTU.edu.tw</ulink></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>¥H¤U¬O GNU/Linux ¬ÛÃöªº°^ÄmªÌ¡C</para>
+ <itemizedlist>
+ <listitem>
+ <para>&a.cwhuang; ³o¥÷¤å¥óªº GNU/Linux ª©¥»¡A¥¦¬O¥»¤å¥óªº°ò¦¡C</para>
+ </listitem>
+ <listitem>
+ <para>&a.platin; ¿Ë¤â¥´³y GNU/Linux ¤¤¤åÀô¹Ò­ì¤å¡C</para>
+ </listitem>
+ <listitem>
+ <para>&a.thhsieh; ¿Ë¤â¥´³y GNU/Linux ¤¤¤åÀô¹Ò­ì¤å¡C</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>¥t¥~·PÁÂ¥xÆW ftp[1-n].tw.freebsd.org ªº mirror ¯¸ºûÅ@ªÌ¡A
+ ¦³¤F³o¨Ç¥D¾÷©MÀW¼eÅý§Ú­Ì¯à°÷¬Ù³\¦h¨ì°ê¥~§ì¨úÀɮתº®É¶¡¡A
+ ¨Ï±o FreeBSD ¯à°÷§Ö³t¬y³q©ó¥xÆW¡C
+ ¥xÆW¤]¬O¥þ¥@¬É mirror ¯¸±K«×³Ì°ªªº¡C</para>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/zh-tut/chapters/charmap.sgml b/zh_TW.Big5/books/zh-tut/chapters/charmap.sgml
new file mode 100644
index 0000000000..cd61435f6b
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/charmap.sgml
@@ -0,0 +1,79 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: charmap.sgml,v 1.18 2003/11/13 12:02:46 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="charmap">
+ <title>¤å¦r½s½X</title>
+
+ <sect1 id="charmap-taiwan">
+ <title>¤¤¤å½s½X</title>
+ <para></para>
+ <sect2 id="big5tbl">
+ <title>Big5 ¤å¦r¤º½Xªí</title>
+ <programlisting>
+#!/usr/bin/perl
+#
+# create code table (Big5) [\0xa1-0xf9][\0x40-\0x7e\0xa1-\0xfe]
+#
+
+# ÁcÅ餤¤å (Big5) ¤å¦r¤º½Xªíªº²£¥Í
+open (OUT, "&gt; big5tbl.txt"); select OUT;
+
+# ¤å¦r¤º½Xªíªº²£¥Í
+for ($c1 = 0xA1; $c1 &lt;= 0xF9; $c1++) { # $c1 ¬O²Ä¤@­Ó¦ì¤¸ [\0xa1-\0xf9]
+
+ # ¶}ÀYªºªí¥Ü
+ print "\ncode ";
+ print "+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F\n";
+
+ $head = "";
+ $line = "";
+ $c = 1; # 1¦æ¤å¦r¼Æ(16¤å¦r)
+
+ for ($c2 = 0x40; $c2 &lt;= 0xFF; $c2++) { # $c2 ¬O²Ä¤G­Ó¦ì¤¸
+
+ # ¶}ÀY²Ä¤@­Ó¦r
+ if ("$head" eq "") {
+ $head = sprintf ("%02X%02X ", $c1, $c2);
+ }
+
+ # ¤å¦rªºªí¥Ü
+ $line .= " "; # ¤å¦r¶¡ªºªÅ¥Õ
+ if (($c2 == 0x7F) || ($c2 == 0xA0) || ($c2 == 0xFF)) {
+ $line .= ' ';
+ } else {
+ $line .= pack("CC", $c1, $c2);
+ }
+
+ if ($c == 16) { # 16¤å¦rªí¥Ü¤@¦æ
+ print "$head$line\n";
+ $head = "";
+ $line = "";
+ $c = 1;
+ if ($c2 == 0x7F) { $c2 = 0x9F; } # ¸õ¹L [\0x80-0x9f]
+ } else {
+ $c++;
+ }
+ }
+}
+close(OUT);
+
+exit; </programlisting>
+ </sect2>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/zh-tut/chapters/compose.sgml b/zh_TW.Big5/books/zh-tut/chapters/compose.sgml
new file mode 100644
index 0000000000..cd4dad4ca9
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/compose.sgml
@@ -0,0 +1,1036 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: compose.sgml,v 1.82 2003/12/08 11:06:41 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="compose">
+ <title>¤¤¤å±Æª©³nÅé</title>
+
+ <sect1 id="openoffice">
+ <title>OpenOffice - ¾ã¦X©Êªº¿ì¤½«Ç³nÅé</title>
+ <para>¦w¸Ë¦n OpenOffice 1.0 «á¡A¹w³]¬O¦b
+ <filename>/usr/local/OpenOffice.org1.0/</filename></para>
+ <para>¥ô¦ó¨Ï¥ÎªÌ°õ¦æ <filename>/usr/local/OpenOffice.org1.0/program/soffice
+ </filename>³£·|¥X²{¬O§_­n repair µe­±(in X)¡A¿ï¾Ü Yes¡A¨Ã¿ï¾Ü Complete
+ ·|§â¤@¨ÇªF¦è¸Ë¨ì <filename>~/OpenOffice.org1.0/</filename>¡A
+ ¨Ã¸õ¥X setup</para>
+ <para>¦A¦¸°õ¦æ <filename>/usr/local/OpenOffice.org1.0/program/soffice</filename>
+ ´N¥i¥H¬Ý¨ì soffice ªº doc ¤å®Ñ³B²zµe­±¤F</para>
+ <para>Q1: ¦p¦ó¥[¤J¤¤¤å¦r«¬¡H</para>
+ <para>A1: GUI ªº¥[¤J¤è¦¡¡G</para>
+ <screen>
+°õ¦æ /usr/local/OpenOffice.org1.0/program/spadmin ¦C¦LºÞ²zµ{¦¡¡A
+Fonts -> Add -> Source directory: /usr/local/share/fonts/TrueType/
+-> £¾Create soft links only -> ¤å¹©PL²Ó¤W®ü§º(bsmi00lp.ttf) -> Ok</screen>
+ <para>CLI ªº¥[¤J¤è¦¡¡G</para>
+ <screen>
+cd /usr/local/OpenOffice.org1.0/share/fonts/truetype
+ln -s /usr/local/share/fonts/TrueType/bsmi00lp.ttf bsmi00lp.ttf
+¦b¥[¤J§¹¦r«¬«á¡AOpenOffice ¦b¨C¦¸¶i¤J³nÅé«e³£·|¦Û°Ê«Ø¥ß fonts.dir</screen>
+ <para>Q2: µe­±«ÜÁà¡A­^¤å¦r«Ü¼e¡H</para>
+ <para>A2: ­×§ï¤À¦¨¨â­Ó³¡¥÷¡A¤@­Ó¬O±N Interface User §ï¦¨¤å¹©PL²Ó¤W®ü§º¡A
+ ¥t¤@­Ó«h¬O½Õ¾ã¦r«¬¤j¤p¡A¦r«¬µy·L¤j¤@ÂI´N·|¦³ AntiAlias ªº®ÄªG¡A
+ «Øij­È¬O >= 120%</para>
+ <para>GUI ªº­×§ï¤è¦¡¡G</para>
+ <screen>
+±Ò°Ê soffice «á­×§ï Interface User
+ Tools -> Options -> OpenOffice.org -> Font Replacement ->
+ £¾Apply replacement table -> Font: Interface User
+ Replace with: ¤å¹© PL ²Ó¤W®ü§º -> £¾ -> £¾always -> Ok
+­×§ï¦r«¬¤j¤p
+ Tools -> Options -> OpenOffice.org -> View -> Scale: 120% -> Ok</screen>
+<!-- <para>CLI ªº­×§ï¤è¦¡¡G</para>
+ <screen>
+cd ~/
+mkdir -p OpenOffice.org1.0/user/config/registry/instance/org/openoffice/Office
+cd ~/OpenOffice.org1.0/user/config/registry/instance/org/openoffice/Office
+fetch ftp://freebsd.sinica.edu.tw/pub/statue/OpenOffice/Common.xml</screen>-->
+ <para>Q3: ¿é¤J¤¤¤åÅܦ¨¤è¶ô¡H</para>
+ <para>A3: ¦]¬°¹w³]ªº Thorndale ¨Ã¤£¯àÅã¥Ü¤¤¤å¡Aµ§ªÌ·|Åý¹w³]¦¨¤å¹©PL²Ó¤W®ü§º</para>
+ <para>GUI ªº­×§ï¤è¦¡¡G</para>
+ <screen>
+±Ò°Ê soffice «á­×§ï Basic Fonts(Western) ©M Basic Fonts(Asian)
+ Tools -> Options -> OpenOffice.org -> Text Document ->
+ Basic Fonts(Western) -> Default: ¤å¹©PL²Ó¤W®ü§º ->
+ Heading: ¤å¹©PL²Ó¤W®ü§º -> Ok</screen>
+<!-- <para>CLI ªº­×§ï¤è¦¡¡G</para>
+ <screen>
+cd ~/
+mkdir -p OpenOffice.org1.0/user/config/registry/instance/org/openoffice/Office
+cd OpenOffice.org1.0/user/config/registry/instance/org/openoffice/Office
+fetch ftp://freebsd.sinica.edu.tw/pub/statue/OpenOffice/Writer.xml</screen>-->
+ <para>Q4: ¦p¦ó¶}±Ò¤¤¤åªºHTML¤Î¯Â¤å¦rÀÉ¡H</para>
+ <para>A4: ¦pªG±z­n¶}¯Â¤å¦rÀÉ¡A¦b¶}±ÒÀɮתº¹ï¸Ü®Ø¤¤¡A
+ FileType°O±o¿ï¡GText Encoded¡A
+ ·í¿ï§¹±z­n¶}ªºÀɮ׫á¡A·|¦A¥X²{¤@­Ó¹ï¸Ü®Ø¡A
+ ³Ì­«­nªº¬OFonts¨º¨à­n¿ï¡GChinese traditional ( Windows-950 )¡A
+ ³Ñ¤Uªº·Ó±zªº­n¨D¿ï¡A¤§«á¤¤¤å´N¥X¨ÓÅo¡ã
+ ÁÙ¬O¬Ý¤£¨ì¡H¸Õ¸Õ¬Ý§ï¤@¤U¦r§Î¡A¤]³\±z¿ï¨ì¤F­^¤å¦r«¬¡C</para>
+ <para>¦pªG¬OHTML©O¡H§ó¬O²³æ¡A½Ð¦bÀɮפ@¶}ÀY¥[¤W¡G</para>
+ <programlisting>
+&lt;HEAD&gt;
+&lt;META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=big5"&gt;
+&lt;/HEAD&gt;</programlisting>
+ <para>Q5: ¨Ï¥Î²Ó©úÅé»P·s²Ó©úÅé®É¡AÅã¥Üªº¦r·|¸H±¼¡H</para>
+ <para>A5: ¼x¨D¸Ñµª¤¤¡C</para>
+ <figure>
+ <title>openoffice snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/openoffice" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.openoffice.org/">
+ http://www.openoffice.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="eioffice">
+ <title>eioffice - ¥Ã¤¤Office 2003</title>
+ <para>eioffice ¥Ø«e¥u¦³ Windows ©M GNU/Linux ªºª©¥».
+ <para>FreeBSD °µªk¨ä¹ê«Ü²³æ, ¦]¬°§Ú¥»¨Ó¥H¬°¥Lªº GNU/Linux
+ ª©¥Î¤F¯S®íªºÀ£ÁY¨Ó¥]¸Ë, µ²ªG§ì¥h¬Ý¤F¤@¤U, µo²{ fonts.data
+ ©M source.data ³o¨â­Ó³Ì¤jªºÀɳºµM¬O¥Î zip À£ÁYªº, ¸Ñ¶}·íµMµo²{
+ fonts.data ¸Ì­±¥]ªº¬O¦r«¬, source.data ¸Ì­±´N¬O¥D­nªºµ{¦¡Åo,
+ «þ¨©¨ì¬Û¹ïÀ³ªº¦a¤è«á´N¥i¥H°õ¦æ¤F.</para>
+ <para>­nª`·Nªº¬O, unzip ¤@©w­n¥Î chinese/unzip, ¦]¬°§Ú¦³§Ë¤¤¤åªº patch ¦b¤W­±, ¤£µM¥i¯à·|¦³¿ù.</para>
+ <para>jdk §Ú¥u¦³´ú¸Õ 1.4.1, ¤£ª¾¹D 1.4.2 ¦³¨S¦³®t§O.</para>
+ <para>§Ú¤]§Ë¤F¨â­Óª©¥», ²Åé(eioffice-zh_CN)©MÁcÅé(eioffice-zh_TW), §ó·s outta-port «á´N·|¬Ý¨ìÅo.</para>
+ <para>WWW: <ulink url="http://www.resii.com.tw/">¥xÆW¥Ã¤¤</ulink></para>
+ <para>WWW: <ulink url="http://www.evermoresw.com.cn/">¤j³°¥Ã¤¤</ulink></para>
+ </sect1>
+
+ <sect1 id="AbiWord">
+ <title>AbiWord - ¶}©ñ­ì©l½X¡B¸ó¥­¥x¡B©Ò¨£§Y©Ò±oªº¤å¦r½s¿è¾¹</title>
+ <para><application>AbiWord</application> ¥i¥H»¡¬O Word ªºÂ½ª©¡A
+ ¥u¬O´«¤F­Ó§@·~¨t²Î¡A®e©ö¤W¤â¡B
+ ¤¶­±¤Íµ½ªºÀuÂI¤´¦b¡C¦ý¦]¥L¤´¬Oµo®i¤¤ªº³nÅé¡A³\¦hªº¥\¯à¡A
+ ¨Ã¤£¯à»P·L³nªº Word ¬Û¤ñ¡A¾ãÅé¤W¦³¤@ÂIÂI¯Ê¾Ñ¡C¥i¬O¥L¤´¬O
+ FreeBSD ¤Wªº­«­n«ü¼Ð¡A¥NªíµÛ¥¼¨Ó FreeBSD ±N¦³¤£¿é©ó Word
+ ªº³nÅé¥X²{¡A¤]»¡©úµÛ¡AFreeBSD ±N±q¦øªA¾¹¨«¦V­Ó¤H¨Ï¥ÎªÌ¡C</para>
+ <para>«Øij±Ä¥Î <filename role="package">editors/AbiWord2</filename>¡A
+ ¥u­n¦³³]©w¦n gtk2 ´N¥i¥H¥¿±`¨Ï¥Î¡A­ì¥»ªº
+ <filename role="package">chinese/abiword</filename> ·f°t
+ <filename role="package">editors/AbiWord</filename> ¤w¸gµLªk¥¿±`¨Ï¥Î¡A
+ ©Ò¥H¥H¤Uªº¤å³¹¥i¥H©¿²¤¡A¥u­n¦w¸Ë§¹ AbiWord2¡A
+ ¿é¤J¤¤¤å«e¿ï¾Ü¤¤¤å¦rÅé¡A´N¥i¥H¥¿±`ªº¿é¤J¤¤¤å¡C</para>
+ <para>
+ <application>AbiWord</application> ¤w¸g¥i¥H¦b
+ zh_TW.Big5 ªº locale ©³¤U¤u§@¨Ã¿é¤J¡A
+ ¿ï³æ¤]¤w¸g³¡¥÷¤¤¤å¤Æ¡A¤¤¤åªº¦C¦L¤]¥i¥H³z¹L
+ <application>moecid-fonts</application>¡C</para>
+ <para>¦b AbiWord ¤¤·s¼W¦r«¬¡G</para>
+ <para>­n¦b <application>AbiWord</application>
+ ¤¤¦w¸Ë¤¤¤å¦r«¬¤~¯à¿é¤J¤¤¤å¦r¡A
+ ¦w¸Ëªº¤è¦¡¥²¶·³z¹L <application>ttfm</application>
+ ³o®M¦n¥Îªº³nÅé¡C¦b¦¹®M¥ó¤¤¤w¸g¹w³]¦w¸Ë¤F¤å¹©ÁcÅé»P²Åé¦r«¬¡C
+ ¦pªG·Q¦Û¦æ¦w¸Ë·s¦r«¬¡A¥H¤U¬O¤å¹©ÁcÅ骺¦w¸Ë¡A¥i¥H°Ñ¦Ò¬Ý¬Ý¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --add abiword /usr/local/share/fonts/TrueType/bkai00lp.ttf</userinput>
+&prompt.root; <userinput>ttfm.sh --add abiword /usr/local/share/fonts/TrueType/bsmi00lp.ttf</userinput></screen>
+ <para>¨Ã¦b <filename>XF86Config</filename> ¥[¤J
+ <option>FontPath "/usr/X11R6/share/AbiSuite/fonts/zh-TW"</option>¡C</para>
+ <para>Ãö©ó¤¤¤å¦C¦Lªº³¡¤À¡A½Ð°Ñ¦Ò <link linkend="abiword-print">abiword ªº²ÊÅé»P±×Åé</link> ¤@¸`¡C</para>
+ <figure>
+ <title>abiword snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/abiword" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.abisource.com/">
+ abisource project</ulink></para>
+ <para>WWW: <ulink url="http://www.gnome.org/gnome-office/abiword.shtml">
+ gnome-office abiword</ulink></para>
+ </sect1>
+
+ <sect1 id="xemacs">
+ <title>XEmacs - ¤ä´© XIM ¥B Big5 ³]©wªº XEmacs ¤å¦r½s¿è¾¹</title>
+ <para>·í±z°Ý¤@¨Ç¨Ï¥ÎUnix¦h¦~ªº¦Ñª±®a¡A
+ ¥L­Ì»{¬°³Ì¨ã¥Nªí©Êªº¤å®Ñ³B²z³nÅé¬O¤°»ò©O¡H
+ ¥L­Ì´X¥G³£·|¦^µª¡ÐEmacs¡A¦Ó¦bX Windowªº­·¦æ¤§¤U¡A
+ Emacs¤]±À¥X¤FXWindowsª©¡ÐXEmacs¡C</para>
+ <para>XEmacs¤@¶µµÛ¦Wªº¯à¤O¬O¥¦¯à°÷³B²z¦h°ê»y¤å¡A
+ ¯à°÷³B²z¦UºØ¤£¦P¤å¦rªº³nÅé¤v¸g¥O¤H¤Q¤ÀÅ岧¡A
+ ¦ý­n¦b¤@­Ó¤å¥ó¤¤¦P®É³B²z¦n´XºØ¤£¦P»y¤å¡A
+ XEmacsÁÙ¬O¥i¥H°µ¨ì¡A¥¦¦b³o¤è­±ªº¯à¤O¡A
+ ´X¥G¨S¦³¦PÃþ§Îªº³nÅé¯à±æ¨ä¶µ­I¡C</para>
+ <para>°£¦¹¤§¥~¡AXEmacs¬°¤F¯à³B²z¦UºØ¤å¥ó¡A¥¦±NÂsÄýHTML¤å¥ó¡A
+ ÁÙ¦³¦¬µoE-mailªº¥\¯à¥þ³¡¾ã¦X¶i¨Ó¡AÅý±z¯à°÷¥ÎXEmacs¨Ó½s¼g
+ HTML©Î¬O¼g«Hªº¤u§@¡C¥¦¬Æ¦ÜÁÙ¾ã¦X¤FC©MLisp»y¨¥ªº½sĶ¾¹¡A
+ Åý±z¦bXEmacs¤W¼gµ{¦¡¡A¨Ã¥B¤]¥i¥H¦b¨ä¤¤½sĶµ{¦¡¡A
+ ¨Ï¼gµ{¦¡®É´î¤Ö­±¹ïÁcº¾ªº¨Æ°È¡C</para>
+ <para>¹³«÷¦rÀˬd³oºØ¤u§@¡A¤@¯ë³£¥u¦³°Ó·~³nÅé´£¨Ñ¡A
+ ¦ý¬OXEmacs¤]´£¨Ñ¤F¡A³s¦r¨å¤]¥i¥H¦Û¤v«ü©w¡AUnixªº¥Ø¿ýµ²ºc¡A
+ XEmacs¤]¥i¥H½s¿è¡C¨ä¥¦ÁÙ¦³³\³\¦h¦hªº¥\¯à¡A«Ü¦h¤H¥Î¤F¤@¬q®É¶¡¡A
+ ³£¥u¦³¨Ï¥Î¤F¤@¤p³¡¤À¡A¥i¨£¨ä¥\¯à¤§¼s¡C</para>
+ <para>XEmacs¬O¤@­Ó¤£¥i¦h±oªº¤å®Ñ³B²z³nÅé¡A¸Õ¸Õ¬Ý¡A
+ ©Î³\¥i¥HÅý±z¦³§ó¤è«K³B²z¤å¥óªº¤èªk¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/xemacs21</filename>¡C</para>
+ <para>ÁÙ¦³¡Aemacs ©M xemacs ¬O¤£¤@¼Ëªº¡Aªì¾Ç *emacs ÁÙ¬O±q xemacs
+ ¾Ç¤ñ¸û¦n¡C¦Ü¤Ö &a.keith; ¤j¤j§â¤@¤Á³£¥´ÂI¦n¤F¡C</para>
+ <para><filename>~/Emacs</filename> «h¬O³] fontset¡C</para>
+ <programlisting>
+Emacs.Font: fontset-18
+Emacs.Fontset-0: -*-*-medium-r-normal-*-18-*-*-*-*-*-fontset-18,\
+ ascii:-*-lucidatypewriter-medium-r-normal-*-*-100-*-*-m-*-iso8859-1,\
+ chinese-big5-1:-*-fixed-medium-r-normal-*-*-160-*-*-c-*-big5-0,\
+ chinese-big5-2:-*-fixed-medium-r-normal-*-*-160-*-*-c-*-big5-0</programlisting>
+ </sect1>
+
+ <sect1 id="wvware">
+ <title>wvware - ¥i¥HÂà´«·L³n Word Àɮתº¤u¨ã</title>
+ <para>Last Update: 2003¦~ 1¤ë26¤é ©P¤é 03®É34¤À02¬í CST</para>
+ <para><application>wv</application> ¬O¤@®M¥i¥HÂà´«·L³n Word Àɮתº¤u¨ã¡A
+ ¯à°÷Ū¨ú¨Ã¥B¸ÑªR Word 6-9 ®æ¦¡ (Word 6, 95, 97, 2000)¡C</para>
+ <para>¨Ã¥B´£¨Ñ³\¦hÂà´«¤u¨ã¡A³qºÙ¬° <application>wvWare</application>¡C</para>
+ <programlisting>
+wvHtml, wvLatex, wvCleanLatex, wvDVI, wvPS, wvPDF,
+wvText, wvAbw, wvWml, wvMime</programlisting>
+ <para>¦w¸Ë <filename role="package">textproc/wv</filename>¡C</para>
+ <para>±µµÛ¥H³Ì±`¥Îªº wvHtml ¬°¨Ò¡A­nÂà Word ¦¨ HTML¡A
+ ¥u­n¤U <command>wvHtml --charset=big5 input.doc ouput.html</command>
+ ¡C</para>
+ <para>WWW: <ulink url="http://www.wvware.com/">
+ wvware project</ulink></para>
+ </sect1>
+
+ <sect1 id="emacs">
+ <title>Emacs</title>
+ <para>¦w¸Ë <filename role="package">chinese/emacs20</filename>¡C</para>
+ <para>emacs ¤£¬O§¹¾ãªº XIM support¡A½Ð¬Ý
+ <ulink url="http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21160">
+ http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21160</ulink>¡C</para>
+ <para><filename>~/.emacs</filename> ¬O³] mule</para>
+ <programlisting>
+;; Set environment to Chinese-Big5
+(set-language-environment 'chinese-big5)
+(set-keyboard-coding-system 'chinese-big5)
+(set-terminal-coding-system 'chinese-big5)
+(set-buffer-file-coding-system 'chinese-big5)
+(set-selection-coding-system 'chinese-big5)
+(modify-coding-system-alist 'process "*" 'chinese-big5)</programlisting>
+ <para>¦Ü©ó <filename>~/.emacs</filename> ÁÙ¦³«Ü¦h¦nª±ªº¡A¥i¥H¨ì
+ <ulink url="http://dotfiles.com">http://dotfiles.com</ulink>
+ °Ñ¦Ò°Ñ¦Ò¡C</para>
+ </sect1>
+
+ <sect1 id="celvis">
+ <title>celvis - Ãþ¦ü vi/ex ¥B¤¤¤åÅã¥Üªº¤å¦r½s¿è¾¹</title>
+ <para><application>Celvis</application> ¬O¤@­Ó«Ü¹³ UNIX ¤W¼Ð·Ç½s¿è¾¹
+ <application>vi</application>/<application>ex</application>
+ ªºªF¦è¡A´X¥G¤ä´©©Ò¦³ <application>vi</application>/
+ <application>ex</application> ªº«ü¥O¡C
+ <application>Celvis</application> ¥i½s¿è¦P®É§t¦³¤¤­^¤åªº¤å³¹¡C
+ ¥¦¤]¦P®É¤ä´© GB2312-80 ©M BIG5 ½s½X¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/celvis</filename>¡C</para>
+ </sect1>
+
+ <sect1 id="joe">
+ <title>joe - ²©ö¥B¥\¯à¤£¿ùªº½s¿èµ{¦¡</title>
+ <para><application>joe</application> ¬O¤@­Ó UNIX ¤W§K¶O±M·~ªº
+ ASCII ¤å¦r½s¿è¾¹¡C¥¦¥Î°_¨Ó´N¹³¤j³¡¥÷ IBM PC ¤Wªº¤å¦r½s¿è¾¹¡C
+ ¥¦¬O¤@®M¾Þ§@¬Û·í¤è«Kªº¤å®Ñ½s¿èµ{¦¡¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/joe</filename>¡C</para>
+ <para>­n¦b <application>joe</application> ¤W¨Ï¥Î¤¤¤å¡A¥²¶·­×§ï
+ <filename>/usr/local/lib/joerc</filename> ©M
+ <filename>/usr/local/lib/rjoerc</filename>ªº³]©w¡C</para>
+ <programlisting>
+ -asis Characters 128 - 255 shown as-is
+quote Enter Ctrl chars
+ ±N¥H¤Wªº¦Û¶Ç­×§ï¦¨¥H¤Uªº¦r¦ê
+-asis Characters 128 - 255 shown as-is
+quote .k; Enter Ctrl chars</programlisting>
+ <para><option>-asis</option> ¬O­n¯àÅã¥Ü¤¤¤å¦r¡A
+ ¦Ó <option>quote</option> ¬O­n¿é¤J¯S®íªº±±¨î¦r¤¸®É¨Ï¥Îªº«öÁä¡A
+ ¦Ó¹w³]­È¬O <option></option>¡A´N·|¹J¨ì¦³¨Ç¤¤¤å¦rªº¤º½X¡A
+ µM«á¥u­n¥[°Ñ¼Æ <option>-asia</option> ´N¥i¥H¬Ý¤¤¤å¡A¦p¡G
+ <command>joe -asis filename</command> ´N¥i¥H¤F¡A¦ý¬O
+ <option>quote</option> «h¥²¶·§ïÀɮסA©Î¬O¨â­Ó³£§ïÀɮקa¡C</para>
+ <figure>
+ <title>joe snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/joe" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="nvi">
+ <title>nvi - Ãþ¦ü vi/ex¡A¦³¦hºØ»y¨¥­×¸É¡A¹w³]¬° big5</title>
+ <para>¦³ <application>nvi-big5</application>¡B
+ <application>nvi-enc-cn</application>¡B
+ <application>nvi-enc-tw</application> µ¥¤£¦Pªº®M¥ó¡C
+ BIG5 ©Î GB ¬Û®eªº <application>vi</application> ¾Þ§@¤¶­±½s¿è¾¹
+ <application>vi</application> ¬O UNIX
+ ªº¼Ð·Ç½s¿è¾¹¡A¦¹µ{¦¡©M¤¤¤åÁcÅé¡B<application>enc-cn</application>¡B
+ <application>euc-tw</application> ¬Û®e¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/nvi-big5</filename>¡C</para>
+ <para>½s¿è ~/.nexrc</para>
+ <programlisting>
+set noskipdisplay
+set displayencoding=big5
+set inputencoding=big5
+set fileencoding=big5
+set autodetect=tw</programlisting>
+ <para>WWW: <ulink url="http://www.itojun.org/">
+ http://www.itojun.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="qe">
+ <title>qe - qe ¬O¤@­Ó¼Ò¥é PE2 ªº½s¿èµ{¦¡</title>
+ <para>qe ¬O¤@­Ó¼Ò¥é PE2 ªº½s¿èµ{¦¡¡A¥s qe ªº­ì¦]¥u¬O¦]¬°¦r¥À Q ¬O±Æ¦b P
+ ¤§«á¡C©M DOS ¤£¦Pªº¬O¡AUNIX ¨S¦³¨º»ò¦hÁä¥i¥Î¡A¦Ó¥B¤£¦Pªº Terminal
+ ªºÁä½X¤]²¤¦³¤£¦P¡C¦]¦¹¤@¨Ç±`¥Îªº function ³Ì¦n©w¸q¨ì Control Key
+ ©Î Meta Key ¤W¡A¥H§K¤£³ô¨Ï¥Î¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/qe</filename>¡C</para>
+ <figure>
+ <title>qe snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/qe" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.cc.ncu.edu.tw/~center5/product/qe/">
+ qe project</ulink></para>
+ </sect1>
+
+ <sect1 id="ve">
+ <title>ve - NTHU-CS Maple BBS µo®iªº BBS-like ¤å¦r½s¿è¾¹</title>
+ <para>¤@®M¥Ñ NTHU-CS Maple BBS 2.36 µo®iªº BBS-like ¤å¦r½s¿è¾¹¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/ve</filename>¡C</para>
+ <figure>
+ <title>ve snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/ve" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="chitex">
+ <title>ChiTex - ¤¤¤å Tex/LaTex</title>
+ <para><application>ChiTeX</application> ¬O¤@®M¤¤¤å <application>LeX
+ </application>/<application>LaTeX</application>¡A¥u­n·|­^¤å
+ <application>TeX</application>/<application>LaTeX</application>
+ ´N´X¥G¥ß¨è¥i¨Ï¥Î <application>ChiTeX</application>¡A¥»ª©¥i¾A¥Î©ó
+ Big5 ¤Î GB ¤º½X¤§¤¤¤å¡C¦¹¤@ Unix ª©¥i¥Î©ó¸Ë¦³
+ <application>teTeX</application> ªº GNU/Linux¡AFreeBSD¡ASolaris¡A»P
+ SunOS ¨t²Î¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/chitex</filename>¡C</para>
+ <para><application>ChiTeX</application> 6.1.2 ¤@¨t¦Cªº§ï¶i¡A
+ ¥H¤Î¤U¸ü¦ì¸m½Ð°Ñ¦Ò¡G<ulink url="ftp://dongpo.math.ncu.edu.tw/tex-archive/local/chitex/chitex/unix">
+ chitex ftp site</ulink>¡C</para>
+ <para><application>ChiTex</application> ªº¯SÂI¡G</para>
+ <itemizedlist>
+ <listitem>
+ <para>¥Îªk²³æ¡A¤£¥Î¯S§O¾Ç²ß¡A·|¥Î­^¤å <application>TeX</application>
+ /<application>LaTeX</application> ´N´X¥G¥ß¨è¥i¨Ï¥Î
+ <application>ChiTeX</application>
+ (­Y­n¶i¤@¨B¨Ï¥Î¸û¦h¥\¯à¡A¥u­n¾Ç²ß´X­Ó²³æªº¯S®í«ü¥O´N¥i)¡C</para>
+ </listitem>
+ <listitem>
+ <para>»P­^¤å <application>TeX</application>/<application>
+ LaTeX</application> ¬Û®e©Ê°ª¡C</para>
+ </listitem>
+ <listitem>
+ <para> ¥\¯à§¹³Æ¦Ó¦h¼Ë¤Æ¡C </para>
+ </listitem>
+ <listitem>
+ <para> ´£¨Ñ cbibtex¡Acmakeindex ¥i¥Î¥H¤Þ¥Î¤º§t¤¤¤åªº¥~¦b°Ñ¦Ò¤åÄm¸ê®Æ¤Î
+ ¦Û°Ê½s¿è§t¤¤¤å¤§¯Á¤Þ¡C´£¨Ñ¤¤¤å¤Æªº chilatex2html ¥i±N§t¤¤¤åªº
+ LaTeX ¤å¥óÂà´«¬° HTML ®æ¦¡ÀÉ¡C</para>
+ </listitem>
+ <listitem>
+ <para>¤ä´©¥Ñ <application>TeX</application>/<application>LaTeX
+ </application> ¤å¥ó²£¥Í pdf ÀÉ¡C</para>
+ </listitem>
+ <listitem>
+ <para> ¦P®É¤ä´© Big5 ½X¤¤¤å (¥xÆW¡A­»´ä) ¤Î GB ½X¤¤¤å (·s¥[©Y»P¤j³°)¡C
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>²{¦b±z¥i¥H®³ <application>ChiTeX</application> ªþªº½d¨Ò¨Ó´ú¸Õ¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/local/share/texmf/tex/chinese</userinput>
+&prompt.root; <userinput>chilatex math2.tex (½sĶ)</userinput>
+&prompt.root; <userinput>xdvi math2.dvi (¹wµø)</userinput>
+&prompt.root; <userinput>dvips math2.dvi -o math2.ps (Âà´«¦¨ PostScript ÀÉ)</userinput>
+&prompt.root; <userinput>gv math2.ps (¥Î gv Æ[¬Ý)</userinput></screen>
+ <para>WWW: <ulink url="http://www.math.ncu.edu.tw/~yih/">
+ yih's homepage</ulink></para>
+ <para>WWW: <ulink url="http://xm1.net.free.fr/kile/index.html">
+ Kile: LaTeX source editor</ulink></para>
+ </sect1>
+
+ <sect1 id="cjk">
+ <title>CJK - ¥i¥H¨Ï¥Î CJK scripts ªº LaTeX2e ¥¨¶°®M¥ó</title>
+ <para><application>TeX</application>/<application>LaTeX</application>
+ ¬O¤@®Mªº¹õ«á±Æª©³nÅé¡C¨äÀu¨qªº¿é¥X«~½è¦­¤w¬°¼s¤jªº
+ ¾Ç³N¬ÉªB¤Í©Ò³ß·R¤Î±Ä¥Î¡C<application>CJK</application> ¬O¤@­Ó
+ <application>LaTeX2e</application> ªº¥¨¶°®M¥ó(macro package)¡A
+ ¯àÅý±z¦b <application>TeX</application> ¤å¥ó¤¤¨Ï¥Î
+ <application>CJK</application> (Chinese/Japanese/Korean)
+ ªº¤å¦r½s½X¡C</para>
+ <para>
+ ±zªº¨t²Î¥²¶·¥ý¦w¸Ë¦n <application>teTeX</application>/
+ <application>LaTeX</application>¡C¦pªG¨S¦³ªº¸Ü¡A±z¤]¥i¥H¦Û¤v¸Ë¡C
+ ½Ð°Ñ¦Ò <filename>/usr/ports/print/teTeX</filename> ªº»¡©ú¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/CJK</filename>¡C</para>
+ <para>¦b CJK ®M¥ó¤¤¦³¤@¥÷¤¤¤å¤å¥ó¡A¥Ñ§õ§g¦t¥ý¥Í©Ò¼gªº¤¶²Ð¡A
+ ±Mªù¤¶²Ð CJK ³B²z¤¤¤åªº»yªk¡A¦b <filename>
+ /usr/local/share/doc/CJK/chinese/READMEb5.tex</filename>¡A
+ ¦b¦¹´£¨Ñ <ulink url="READMEb5.pdf">READMEb5.pdf</ulink> ªº¤U¸ü¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/local/share/doc/CJK/chinese/</userinput>
+&prompt.root; <userinput>bg5latex READMEb5.tex (¬Ý¬Ý¦³¨S¦³²£¥Í READMEb5.dvi)</userinput>
+&prompt.root; <userinput>xdvi READMEb5.dvi (¬O§_¯à¬Ý¨ì¤¤¤å? ·íµM±z­n¥ý¶i X Window)</userinput>
+&prompt.root; <userinput>dvips READMEb5.dvi -o READMEb5.ps (Âà´«¦¨ PostScript ®æ¦¡))</userinput>
+&prompt.root; <userinput>gv READMEb5.ps (¥Î gv Æ[¬Ý)</userinput></screen>
+ <programlisting>
+% ´ú¸Õ¤å¥ó
+\documentclass{article}
+\usepackage{CJK}
+\begin{document}
+\begin{CJK*}{Bg5}{song}
+§ºÅé
+\end{CJK*}
+\begin{CJK*}{Bg5}{kai}
+·¢Åé
+\end{CJK*}
+\end{document}</programlisting>
+ <figure>
+ <title>CJK snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/cjk" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://info.sayya.org/~edt1023/tex/mycjk.html">
+ §Úªº CJK - by Edward</ulink></para>
+ <para>WWW: <ulink url="http://cjk.ffii.org">
+ cjk project</ulink></para>
+ </sect1>
+
+ <sect1 id="cjk-lyx">
+ <title>CJK-LyX - ¦³ LaTeX ¨Ï¥Î¤¶­±ªº¤å¥ó½s¿è¾¹(©Ò¨£§Y©Ò±o)</title>
+ <para><application>LyX</application> ¬O¤@­Ó¦³ <application>LaTeX
+ </application> ¤¶­±¤å¥ó½s¿è¾¹¡A¬O¤@­Ó®e©ö¨Ï¥Îªº¤å¦r½s¿è¾¹
+ ¡A¤]¬O¤@­Ó¦³¼u©Ê¥B±j¤jªº <application>LaTeX</application>¡C</para>
+ <para>¦³µÛ©Ò¨£§Y©Ò±oªº¤¶­±¡A©M³\¦h <application>LaTeX</application>
+ ­·®æ©M¦Û°Ê²£¥Íªº³]­p¡C¥[³t¾Ç²ß <application>LaTeX</application>
+ ¨Ã¨Ï½ÆÂøªº³]­p²³æ¤Æ©Mª½Ä±¤Æ¡C·sªº¯S¦â¥]§t«÷¦rÀˬd
+ ¡A°ê»Ú¤Æ¡A¦r¤¸´£¨Ñ¡A©Ò¨£§Y©Ò±oªº¹Ï§Î¡Bªí®æ¡B¤èµ{¦¡¡C</para>
+ <para><application>LyX</application> ¬O¤@­Ó¶i¥i§ð
+ <application>TeX</application>/<application>LaTeX</application>¡A
+ °h¥i¦u (§â <application>LyX</application> ·í¦¨¤å®Ñ³B²z³nÅé)
+ ªº¤@­Ó¥\¯à±j¤j¡A¥i¥H³B²z¹Ï¤åªº¤å®Ñ³B²z³nÅé¡C</para>
+ <para>¦w¸Ë <filename role="package">print/cjk-lyx</filename>¡C</para>
+ <para>¥²­nªº³]©w¡G</para>
+ <para>½Ð½s¿è¤@­Ó <filename>~/.lyx/preferences</filename>
+ (¨S¦³³o­ÓÀÉ¡A½Ð¦Û¦æ«Ø¥ß)¡A¤º®e¦p¤U¡G</para>
+ <programlisting>
+\screen_dpi 100
+\screen_font_roman "-*-times new roman"
+\screen_font_sans "-*-arial"
+\screen_font_typewriter "-*-courier new"
+\screen_font_i18n1_encoding "big5-0"
+\screen_font_i18n1_normal "-*-ar pl mingti2l big5"
+\screen_font_i18n1_gothic "-*-ar pl mingti2l big5"
+\screen_font_i18n2_encoding "big5-0"
+\screen_font_i18n2_normal "-*-ar pl kaitim big5"
+\screen_font_i18n2_gothic "-*-ar pl kaitim big5"</programlisting>
+ <para>¥t¥~°w¹ï <application>CJK</application> ÁÙ·|³]©w¦p¤UªºªF¦è¡G</para>
+ <programlisting>
+\language_package "\usepackage{CJK}"
+\language_command_begin "\begin{CJK*}{Bg5}{aming}"
+\language_command_end "\end{CJK*}"
+\language_auto_begin false
+\language_auto_end false
+\mark_foreign_language false
+\converter latex dvi "bg5latex $$i" "latex"
+#\converter dvi pdf "dvipdfm $$i" ""
+#\font_encoding default</programlisting>
+ <para>¦pªG±z TeX/LaTeX ¬O¨Ï¥Î¤¤¤å Type1 ¦r«¬ªº¸Ü¡A½Ð±N³Ì«á¤G¦æªº mark
+ ®³±¼¡C</para>
+ <para>´ú¸Õ¡G</para>
+ <para>½Ð¶i¤J <application>LyX</application> «áÀH«K½s¿è¤@­Ó¤¤¤åÀÉ¡A
+ µM«á«ö View =&gt; DVI ¤Î View =&gt; Postscript ¬Ý¹B§@¬O¤£¬O¥¿±`¡C
+ ¥t¥~ File =&gt; Export =&gt; Postscript ¬Ý¬O¤£¬O¥i¥H¥¿½T¿é¥X¤å½Zªº
+ *.ps ÀÉ¡C</para>
+ <para>* ¦b¦¹«Øij¨Ï¥Î¤¤¤å Type1 ¦r«¬¡A¥H§K¦hªá®É¶¡µ¥«Ý¨t²Î»s³y pk ¦r«¬¡C
+ ½Ð°Ñ¦Ò¤»¤ë¥÷ªºÂ«H¡A¼ÐÃD¬O¡G
+ ``[FYI] CJK/LaTeX enviroment ¤¤¤å Type1 ¤Î TTF ªº¨Ï¥Î''</para>
+ <para>­nÅÜ´«¦r«¬©Î°µ§ó½ÆÂøªºÅܤơALyX ¥»¨­¨Ã¨S¦³ CJK enviroment
+ ªº¯S®í¥\¯à¡A±o¦Û¦æ¥[¤J tags¡C¨Ò¦p­n´«¦r«¬¡A
+ ¥i«ö¥\¯àªí¨º­Ó¤jªº¦V¤Uªº¶Â½bÀY¿ï LaTeX¡A¥H«K¿é¤J CJK enviroment
+ ªº tag¡G</para>
+ <programlisting>
+ \CJKfamily{akai}</programlisting>
+ <para>³o¼Ë¥H¤Uªº¤å¦r´N·|§ï¥Î·¢Åé¦r¡Aª`·N¡A³o¸Ì«üªº¬O©Ò¿é¥Xªº *.ps
+ Àɪº¦r«¬¡A¦Ó¤£¤@©w¬O±z¿Ã¹õ¤W¬Ý¨ìªº¦r«¬
+ (¨Ì§Úªº³]©w¡A¿Ã¹õ¤W¬O©úÅé)¡C</para>
+ <para>¨ä¥Lªº¤¤¤å TeX/LaTeX ¨t²Î¡A¦p cwTeX/ChiTeX
+ ½Ð°Ñ¦Ò¥H¤W³]©w¡A¦Û¦æ§ó§ï¡C</para>
+ <para>Copyright (c) 2001 §õªG¥¿(&a.edwardlee;)</para>
+ <para>¥»¤å¬°¦Û¥Ñ¤å¥ó(FDL http://www.gnu.org/copyleft/fdl.html)
+ ¥i¦Û¥Ñ½Æ»s/­×§ï/´²§G¡C¦ý½Ð«O¯dª©ÅvÁn©úªº³¡¥÷¡C</para>
+ <figure>
+ <title>CJK-LyX snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/cjk-lyx" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.study-area.org/tips/latex/cjk-lyx.html">
+ CJK-LyX ¤¤¨Ï¥Î¤¤¤å</ulink></para>
+ <para>WWW: <ulink url="http://www.lyx.org/">
+ lyx project</ulink></para>
+ <para>WWW: <ulink url="http://cellular.phys.pusan.ac.kr/cjk.html">
+ CJK-LyX project</ulink></para>
+ </sect1>
+
+ <sect1 id="context">
+ <title>¦b ConTeXt ¨Ï¥Î Big-5 ¤¤¤å</title>
+ <para>Contributed by &a.edwardlee;</para>
+ <para>Last Update: 2003¦~ 4¤ë30¤é ©P¤T 03®É25¤À52¬í CST</para>
+ <para>¦bÅý ConTeXt ¨Ï¥Î Big-5 ¤¤¤å«e¡A
+ ¦Ü¤Ö­n¯à¦b­^¤åÀô¹Ò¹B§@¡C</para>
+ <screen>
+&prompt.root; <userinput>cd ${TEXMF}/web2c</userinput>
+&prompt.root; <userinput>texexec --make en metafun</userinput></screen>
+ <para>¬°¤F©M CJK ©M dvipdfmx °t¦X¡A
+ ½Ð¥ý¦w¸Ë <filename role="package">chinese/CJK</filename> ©M
+ <filename role="package">print/dvipdfmx</filename>¡A
+ ±Ä¥Î CJK standard encoding vector¡A³o¼Ë¤@¨Ó¡A
+ ¦r«¬¤è­±ªº¸ê®Æ´N¥i¥H¦@¥Î¤F¡C</para>
+ <para>­×§ïÀɮסG</para>
+ <para>1. ${TEXMF}/tex/context/config/cont-usr.tex</para>
+ <para>¦pªG¨S¦³³o­ÓÀÉ¡A½Ð±N ../base/cont-usr.ori «þ¨©¤@¥÷¦¨ cont-usr.tex¡C
+ ¦b \protect \endinput ¤§«e¥[¤J¤U¦C¸ê®Æ¡G</para>
+ <programlisting>
+% ±N Poorman ªº¹ïÀ³¡AÂন CJK ªº¹ïÀ³
+\defineucharmapping{BIG5}#1#2%
+ {\unicodeposition=#1
+ \advance\unicodeposition -161
+ \multiply\unicodeposition 157
+ \advance\unicodeposition #2
+ \advance\unicodeposition-\ifnum#2>160 98\else64\fi
+ \dorepositionunicode}
+
+% for Big-5 CJK standard encoding vector
+\def\currentucharmapping{BIG5}
+
+% font alias¡C³o¼Ë´N¤£¥²§ó°Ê­ì¨Óªº¦r«¬³]©w¤F
+\definefontsynonym [b5song] [arb5sung] [encoding=big5]
+\definefontsynonym [b5songsl] [arb5sungs] [encoding=big5]
+\definefontsynonym [b5kai] [arb5kai] [encoding=big5]
+\definefontsynonym [b5kaisl] [arb5kais] [encoding=big5]</programlisting>
+ <para>2. ${TEXMF}/tex/context/base/font-chi.tex</para>
+ <para>±N¬Y¦æ¥u¦³ <option>\SimChi</option> §ï¦¨ <option>\TraChi</option>¡C</para>
+ <para>§ï¦n«á­«·s°õ¦æ¡G</para>
+ <screen>
+&prompt.root; <userinput>cd ${TEXMF}/web2c/</userinput>
+&prompt.root; <userinput>texec --make en</userinput></screen>
+ <para>«e¸m³B²z script</para>
+ <para>¥Ñ©ó¡u³\¡B¥\¡vªº°ÝÃD¡A§Ú­Ì¥²¶·«e¸m³B²z¡A¥H¤U¬O§ï¦Û¤ý¦ö¤¤¥ý¥Íªº
+ clatex ªº perl script¡C</para>
+ <programlisting>
+#!/usr/bin/env perl
+#
+# Process Big-5 Traditional Chinese ConTeXt file.
+# Usage: chcont.pl tex file(NO tex extension)
+# By Edward G.J. Lee &lt;edt1023@speedymail.org&gt; 2003.04.24
+# Inspire heavily from wycc's(wycc@iis.sinica.edu.tw) clatex.
+#
+
+$one = 161;
+$two = 254;
+
+open(CONT,">$ARGV[0].cont");
+if ($ARGV[0] =~/(.*)\.tex$/)
+{
+ -r $ARGV[0] || die " file $ARGV[0] not found\n";
+ open(INFILE,"&lt;$ARGV[0]");
+}
+else
+{
+ -r "$ARGV[0].tex" || die "file $ARGV[0].tex not found\n";
+ open(INFILE,"&lt;$ARGV[0].tex");
+}
+
+while(&lt;INFILE&gt;)
+{
+ &amp;trans_print($_);
+}
+close(CONT);
+system "texexec ${ARGV[0]}.cont";
+
+sub trans_print {
+ local($s) = @_;
+ local($i,$c,$nc,$ordc,$ordc1);
+
+ for($i=0;$i&lt;length($s);$i++)
+ {
+ $c = substr($s,$i,1);
+ $ordc = ord($c);
+ if (($ordc>=$one)&amp;&amp;($ordc&lt;=$two))
+ {
+ $nc = substr($s,$i+1,1);
+ if ($nc =~/[\\{}\^_]/)
+ {
+ $ordc1 = ord($nc);
+ print CONT "\\uc{$ordc}{$ordc1}";
+ }
+ else
+ {
+ print CONT $c,$nc;
+ }
+ $i++;
+
+ }
+ else
+ {
+ print CONT $c;
+ }
+ }
+}</programlisting>
+ <para>´ú¸Õ¡G</para>
+ <programlisting>
+\usemodule[chinese]
+\starttext
+
+\completecontent
+%\setupindenting[medium]
+\setupwhitespace[10pt]
+
+\chapter{®çªá·½°O}
+
+\ConTeXt\ ¤¤¤å´ú¸Õ¡C
+
+\section{®çªá·½°O«e¬q}
+
+®Ê¤Ó¤¸¤¤¡AªZ³®¤H¡A®·³½¬°·~¡A½t·Ë¦æ¡A§Ñ¸ô¤§»·ªñ¡F©¿³{®çªáªL¡A§¨©¤¼Æ¦Ê¨B¡A
+¤¤µLÂø¾ð¡AªÚ¯óÂA¬ü¡A¸¨­^Ä}¯É¡Aº®¤H¬Æ²§¤§¡C´_«e¦æ¡A±ý½a¨äªL¡CªLºÉ¤ô·½¡A
+«K±o¤@¤s¡C¤s¦³¤p¤f¡A§Ï©»­Y¦³¥ú¡A«K±Ë²î¡A±q¤f¤J¡C
+
+ªì·¥¯U¡AÅ׳q¤H¡F´_¦æ¼Æ¤Q¨B¡AÁŵM¶}®Ô¡C¤g¦a¥­Ãm¡A«ÎªÙÅkµM¡C¦³¨}¥Ð¡B¬ü¦À¡B
+®á¡B¦Ë¤§ÄÝ¡A¦é­¯¥æ³q¡AÂû¤ü¬Û»D¡C¨ä¤¤©¹¨ÓºØ§@¡A¨k¤k¦çµÛ¡A±x¦p¥~¤H¡F¶À¾v¡B
+««èÔ¡A¨Ã©ÉµM¦Û¼Ö¡C¨£º®¤H¡A¤D¤jÅå¡A°Ý©Ò±q¨Ó¡F¨ãµª¤§¡A«K­nÁÙ®a¡A³]°s¡B±þÂû¡B
+§@­¹¡C§ø¤¤»D¦³¦¹¤H¡A«w¨Ó°Ý°T¡C¦Û¤ª¡G¡u¥ý¥@Áׯ³®É¶Ã¡A²v©d¤l¨¶¤H¨Ó¦¹µ´¹Ò¡A
+¤£´_¥X²j¡F¹E»P¥~¤H¶¢¹j¡C¡v°Ý¤µ¬O¦ó¥@¡F¤D¤£ª¾¦³º~¡AµL½×ÃQ¡B®Ê¡C¦¹¤H¤@¤@
+¬°¨ã¨¥©Ò»D¡A¬Ò¼Û±{¡C¾l¤H¦U´_©µ¦Ü¨ä®a¡A¬Ò¥X°s­¹¡C°±¼Æ¤é¡AÃã¥h¡C¦¹¤¤¤H»y
+¤ª¡G¡u¤£¨¬¬°¥~¤H¹D¤]¡C¡v
+
+¬J¥X¡A±o¨ä²î¡A«K§ß¦V¸ô¡A³B³B»x¤§¡C¤Î°p¤U¡A¸Ú¤Ó¦u¡A»¡¦p¦¹¡A¤Ó¦u§Y»º¤HÀH
+¨ä©¹¡A´M¦V©Ò»x¡A¹E°g¤£´_±o¸ô¡C«n¶§¼B¤lÆk¡A°ª©|¤h¤]¡A»D¤§¡AªYµM³W©¹¡A¥¼
+ªG¡A´M¯f²×¡C«á¹EµL°Ý¬zªÌ¡C
+
+\chapter{±N¶i°s}
+
+§g¤£¨£¡A¶Àªe¤§¤ô¤Ñ¤W¨Ó¡A©b¬y¨ì®ü¤£´_¦^¡C
+§g¤£¨£¡A°ª°ó©úÃè´d¥Õ¾v¡A´Â¦p«Cµ·¼Ç¦¨³·¡C
+¤H¥Í±o·N¶·ºÉÅw¡A²ö¨Ïª÷¾êªÅ¹ï¤ë¡C
+¤Ñ¥Í§Ú§÷¥²¦³¥Î¡A¤dª÷´²ºÉÁÙ´_¨Ó¡C
+²i¦Ï®_¤û¥B¬°¼Ö¡A·|¶·¤@¶¼¤T¦ÊªM¡C
+§Â¤Ò¤l¡A¤¦¥C¥Í¡A±N¶i°s¡A§g²ö°±¡C
+»P§gºq¤@¦±¡A½Ð§g¬°§Ú°¼¦ÕÅ¥¡C
+
+ÄÁ¹ªõW¥É¤£¨¬¶Q¡A¦ýÄ@ªø¾K¤£Ä@¿ô¡C
+¥j¨Ó¸t½å¬Ò±I¹æ¡A±©¦³¶¼ªÌ¯d¨ä¦W¡C
+³¯¤ý©õ®É®b¥­¼Ö¡A¤æ°s¤Q¤d®¡ùN릡C
+¥D¤H¦ó¬°¨¥¤Ö¿ú¡A®|¶·ªf¨ú¹ï§g°u¡C
+¤­ªá°¨ ¤dª÷¸Ê¡A©I¨à±N¥X´«¬ü°s¡C
+»Pº¸¦P®ø¸U¥j·T¡C
+
+\chapter{³\¥\¶}ªº°ÝÃD}
+
+³\¥\¶}¡C³o¨Ç¦³°ÝÃDªº¦r¤¸­nÁ׶}¡C
+
+¤]´N¬O»¡¡A­n«e¸m³B²z³o¨Ç¦r¤¸¡C
+
+\stoptext</programlisting>
+ <screen>
+&prompt.root; <userinput>chcont.pl cont-b5</userinput> ==&gt; ¤d¸U¤£­n¥[°ÆÀɦW¡A¤Á°O¡I</screen>
+ <para>³o¼Ë·|²£¥Í cont-b5.dvi</para>
+ <screen>
+&prompt.root; <userinput>dvipdfmx cont-b5</userinput> ==&gt; ²£¥Í¤£¤º´O¦r«¬¥B¥i copy&amp;paste ªº pdf ÀÉ¡C</screen>
+ <para>³o¸Ì¨S¦³¥Î¨ì pdftex ´O¤J TTF ªº¥\¯à¡A­ì¦]¬O¥L¤£¶È´O¤J¾ã­Ó subfont
+ ÀÉ®×·|Åܱo«Ü¤j¡A¦Ó¥B¤S¨S¦³ copy&amp;paste&amp;search ªº¥\¯à¡C</para>
+ <para>WWW: <ulink url="http://www.pragma-ade.com/">
+ http://www.pragma-ade.com/</ulink></para>
+ <para>WWW: <ulink url="http://www.pragma-ade.com/general/manuals/mchinese.pdf">
+ http://www.pragma-ade.com/general/manuals/mchinese.pdf</ulink></para>
+ </sect1>
+
+ <sect1 id="cwtex">
+ <title>cwTeX</title>
+ <para><application>cwTeX</application> ±Æª©¨t²Î¥Ñ§dÁo±Ó»P§dÁo¼z¦@¦Pµo®i¡A
+ ¥¦©µ¦ù TeX/LaTeX ¤§¥\¯à¡A¨Ï¤§¥i¥H±Æª©¤¤¤å¡C</para>
+ <para>·íªì§d¦Ñ®v³]­p cwTeX ¦r«¬®É¡A¹ï¦r«¬ªº½s±Æ¬O¥J²Ó³]­pªº¡C
+ ¥L±N³Ì±`¥Îªº¦r«¬¨Ì¥ý«á¶¶§Ç½s±Æ¡A¶V¬O±`¥Îªº¡A´N¶V©ñ¦b«e­±¡C
+ ©Ò¥H¡A³o©M windows ¤Wªº¦r«¬¶¶§Ç¤£¬Û¦P¡C·íªì¤§©Ò¥H¦p¦¹³]­p¡A
+ ¬O¬°¤FÅý½sĶªº³t«×¯à°÷Åܱo¤ñ¸û§Ö¡C</para>
+ <para>¤£¹L¡AÀHµÛ¹q¸£ªº³t«×¶V¨Ó¶V§Ö¡AµwºÐ¶V¨Ó¶V«K©y¡A¥L¹ï³o¼Ëªº³]­p
+ ¦ü¥Gı±o¤]¥i¥H§ïÅÜ¡C´N©M Windows ªº¦Û¦æ½s±Æ¤è¦¡¤@­P¥Lı±o©Î³\
+ ¥ç¤£¥¢¬°¤@­Ó user friendly ªº¤èªk¡C¦]¬°¹³ PuTeX ¥i¥H¨Ï¥Î²³¦h
+ ¤¤¤å¦r¦r«¬ªºÀuÂIªº½T«Ü§l¤Þ¤H¡A¤£¹L©O¡A³o¥i¯àÁٻݭn¡u¥Á·N¡v¡C
+ ½Ð¦Ñ®v¨Ó¶Ë¸£µ¬§a¡C</para>
+ <para>¤ºªþ¦r§Î¬°¡G©úÅé(m)¡B¶ÂÅé(bb)¡B·¢®Ñ(k)¡B¶êÅé(r)¡B¥é§ºÅé(f)¡A
+ ­Y»Ý­n««ª½¦rÅé«h¦b«e­±¥[¤W v¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/cwtex</filename>¡C</para>
+ <para><application>cwTeX</application> ªº¨Ï¥Î¡G</para>
+ <screen>
+&prompt.user; <userinput>vi file.ctx</userinput>
+&prompt.user; <userinput>cwtex file</userinput>
+&prompt.user; <userinput>latex file.tex</userinput>
+&prompt.user; <userinput>dvips -o file.ps file.dvi</userinput>
+&prompt.user; <userinput>gv -antialias file.ps</userinput></screen>
+ <para>³o¸Ì¦³§d¦Ñ®v cwTeX ±Æª©¨t²Î¤Gª©¤â¥U
+ <ulink url="ftp://192.192.110.1/cwtex/windows/miktex/cwtex/cxbook.pdf">cxbook.pdf</ulink>¡C</para>
+ <para>WWW: <ulink url="http://ceiba.cc.ntu.edu.tw/tmwu/">
+ tmwu's homepage</ulink></para>
+ </sect1>
+
+ <sect1 id="dvipdfmx">
+ <title>dvipdfmx - Âà´« *.dvi ¦¨¬°¤£¤º´O¤¤¤å¦r«¬ªº *.pdf ÀÉ</title>
+ <para>Copyright (c) 20021 §õªG¥¿(&a.edwardlee;)</para>
+ <para>³o¬O Jin-Hwan Cho(Áú)¡BShunsaku Hirata(¤é) ­×§ï¦Û Mark A. Wicks
+ ªº dvipdfm ¦Ó¨Óªº¡C</para>
+ <para>¥D­nªº¥\¯à¬OÂà´« *.dvi ¦¨¬°¤£¤º´O¤¤¤å¦r«¬ªº *.pdf ÀÉ¡C
+ ¤@¯ëªº­^¤åÀɤ]¬O¥i¥H·Ó±`¨Ï¥Î(§t­ì¦³ dvipdfm ªº¥\¯à)¡C
+ ¤£ºÞ¬O¥i³B²z double-byte code ªº Omega ©Î¥u¯à³B²z single-byte ¨Ï¥Î
+ subfont ªº CJK package ³£¥i¥H¨Ï¥Î¡C</para>
+ <para>³Ì¤jªº¦n³B¬O¥i¥H§Q¥Î TeX/LaTeX ¨Ó»s§@¤¤¤å pdf ÀÉ¡A
+ ¦Ó¥B¤S¤£¤º´O¤¤¤å¦r«¬¡A¥i¥H¨ÏÀɮפp«Ü¦h(¬O¯uªº¡y«Ü¦h¡z¡I:)¡C
+ ¥iª½±µ¨Ï¥Î TTF¡A¦ý·|³Q¼Ð°O¬° use font of acroread
+ ©Ò¹w³]¨Ï¥Îªº¦r«¬(MHei-Medium ¤Î MSung-Light)¡A³o¼ËÁöµM¤£¤º´O¦r«¬¡A
+ ¦ý¦b acroread/xpdf ³£¥i¥H¥¿±`¾\Äý¡A«D±`¤è«Kºô¸ô¤Wªº¬y³q¡C
+ ¤S¤£¥²¦A¥hªá»È¤l¶R³nÅé¨Ó»s§@¡A§ó­«­nªº¬O TeX/LaTeX
+ ªº¯S®í¥\¯àÁÙ¬O¥i¥HÄ~Äòªu¥Î¡C</para>
+ <para>¦pªG©M pslatex °t¦X¨Ï¥Îªº¸Ü¡A
+ ¨º³s­^¤å¦r«¬¤Î¤Ö¼Æ¯S®í²Å¸¹¤]·|¤£¤º´O¡A¨ÏÀɮקó¤p¡A
+ ·íµM mathtime ªº¤@¨Ç¼Æ¾Ç²Å¸¹¨Ã¨S¦³ free ªº¡A³o·|¤º´O CM ¦r«¬¡C</para>
+ <para>¦w¸Ë <filename role="package">print/dvipdfmx</filename>¡C</para>
+ <para>¥H bsmi00lp.ttf ¬°¨Ò¡A¦w¸Ë¦n«á $TEXMF/dvipdfm/config/cid-x.map ³]¬°¡G</para>
+ <programlisting>
+arb5sung@Big5@ ETen-B5-H :0:!arb5_sung.ttf
+arb5sungs@Big5@ ETen-B5-H :0:!arb5_sung.ttf,Italic
+arb5sung@Big5@ ETen-B5-H :0:!arb5_sung.ttf,Bold
+arb5sungs@Big5@ ETen-B5-H :0:!arb5_sung.ttf,BoldItalic
+arb5kai@Big5@ ETen-B5-H :0:!arb5_kai.ttf
+arb5kais@Big5@ ETen-B5-H :0:!arb5_kai.ttf,Italic
+arb5kai@Big5@ ETen-B5-H :0:!arb5_kai.ttf,Bold
+arb5kais@Big5@ ETen-B5-H :0:!arb5_kai.ttf,BoldItalic
+% ¦ý¤£§t postscript name ªº¦r«¬«hµLªk¨Ï¥Î¡C¥h±¼ ``!'' ·|´O¤J TTF(
+% CIDFontType2¡A©Î Type11)¡A¤£»Ý *.enc ÀÉ¡C</programlisting>
+ <para>¥t¥~¤]¦³¤H«Øij±N <option>,Italic</option> §ï¦¨
+ <option> -s .167</option> ¡A<option>,BoldItalic</option>
+ §ï¦¨ <option>,Bold -s .167</option> ¥HÁקK±×Åé¦rÅã¥Ü¤£¥¿±`¡A
+ ¨S¦³³rÂIªº°ÝÃD¡C</para>
+ <note><para>¸Ë§¹«á°O±o°õ¦æ <command>mktexlsr</command></para></note>
+ <para>§Y¥i¡C·íµM¡A­ì¥ýªº¨t²Î CJK package ­n¯à°÷¥¿±`¹B§@
+ (¤£ºÞ¬O¨Ï¥Î Type1©Î pk ¦r«¬)¡A¦]¬°»Ý­n¥¿½Tªº *.tfm ¦r«¬´y­zÀÉ¡C
+ µM«á¡A¨Ì·Ó¤@¯ë¥¿±`µ{§Ç½sĶ CJK ¤å½Z§Y¥i¡C</para>
+ <para>¥Ñ©ó¨Ã¨S¦³¥hÅܳy¡B´O¤J¦r«¬¥»¨­¡A
+ ©Ò¥H¥u­n¬O¦Xªk¶R¨Óªº¦r«¬À³¸Ó³£¥i¥H©ñ¤ß¥h¨Ï¥Î¤F¡C</para>
+ <para>% §Ú¤£¬O«ß®v¡A¥i¤£­t¾á«O³d¥ô¡C:)</para>
+ <para>Åý­^¤å¦r«¬¤]¤£¤º´O¡G¥Ñ *.tex ¤å½Z¤¤¡A¥[¤J¡G</para>
+ <programlisting>
+\usepackage{pslatex}</programlisting>
+ <para>´ú¸Õ¡G</para>
+ <screen>
+&prompt.user; <userinput>cat cjk.tex</userinput>
+\documentclass{article}
+\usepackage{CJK}
+\begin{document}
+Hello World
+\begin{CJK*}{Bg5}{song}
+±z¦n
+\end{CJK*}
+\end{document}
+&prompt.user; <userinput>bg5latex cjk.tex</userinput>
+&prompt.user; <userinput>dvips -o ps2pdf-cjk.ps cjk.dvi</userinput>
+&prompt.user; <userinput>ps2pdf ps2pdf-cjk.ps</userinput>
+&prompt.user; <userinput>dvipdfmx -o dvipdfmx-cjk.pdf cjk.dvi</userinput>
+&prompt.user; <userinput>cat bg5pslatex</userinput>
+#!/bin/sh
+f=`echo $1 | sed -e 's|\(.*\)\.[^/]*$|\1|'`
+bg5conv < $1 > $f.cjk && pslatex $f.cjk
+&prompt.user; <userinput>./bg5pslatex cjk.tex</userinput>
+&prompt.user; <userinput>dvipdfmx -o pslatex-cjk.pdf cjk.dvi</userinput>
+&prompt.user; <userinput>pdffonts ps2pdf-cjk.pdf</userinput>
+name type emb sub uni object ID
+------------------------------------ ------------ --- --- --- ---------
+[none] Type 3 no no no 9 0
+&prompt.user; <userinput>pdffonts dvipdfmx-cjk.pdf</userinput>
+name type emb sub uni object ID
+------------------------------------ ------------ --- --- --- ---------
+TGRGZY+CMR10 Type 1 yes yes no 10 0
+ZenKai-Medium CID TrueType no no no 13 0
+&prompt.user; <userinput>pdffonts pslatex-cjk.pdf</userinput>
+name type emb sub uni object ID
+------------------------------------ ------------ --- --- --- ---------
+Times-Roman Type 1 no no no 8 0
+ZenKai-Medium CID TrueType no no no 11 0
+&prompt.user; <userinput>ls -l *.pdf</userinput>
+-rw-r--r-- 1 root wheel 8427 7 6 00:17 dvipdfmx-cjk.pdf
+-rw-r--r-- 1 root wheel 5373 7 6 00:17 ps2pdf-cjk.pdf
+-rw-r--r-- 1 root wheel 3789 7 6 00:17 pslatex-cjk.pdf</screen>
+ <para>°ÝÃD¡G</para>
+ <para>µLªk¥Ñ pdf2ps/pdftops ¨ÓÂন ps¡C¤]´N¬O»¡¤@¯ëªí¾÷·|¦L¤£¥X¨Ó¡C</para>
+ <para>¹ïµ¦¡G</para>
+ <para>¥i¸g¥Ñ acroread §Q¥Î¸ÌÀYªº CIDKeyed font ¨ÓÂন ps ÀÉ¡C
+ «~½è¬Û·íºë¨}¡A¥u¬OÀɮ׫ܤj´N¬O¤F¡C</para>
+ <para>²×¨s¸Ñ¨M¤èªk¡G</para>
+ <para>­n©M gs ¾ã¦X¦b¤@°_¡C</para>
+ <figure>
+ <title>dvipdfmx snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/dvipdfmx" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://info.sayya.org/~edt1023/tex/mycjk.html">
+ §Úªº CJK - by Edward</ulink></para>
+ <para>WWW: <ulink url="http://project.ktug.or.kr/dvipdfmx/">
+ dvipdfmx project</ulink></para>
+ </sect1>
+
+ <sect1 id="ttf2pt1">
+ <title>ttf2pt1 - TTF Âत¤å Type1 ¦r«¬</title>
+ <para>Copyright (c) 2001 §õªG¥¿(&a.edwardlee;)</para>
+ <para>¥»¤å¬°¦Û¥Ñ¤å¥ó(FDL http://www.gnu.org/copyleft/fdl.html)
+ ¥i¦Û¥Ñ½Æ»s/­×§ï/´²§G¡C¦ý½Ð«O¯dª©ÅvÁn©úªº³¡¥÷¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/ttf2pt1</filename>¡A
+ ¥L·|³s <filename role="package">print/ttf2pt1</filename> ¤@°_¦w¸Ë¡C</para>
+ <para>chinese ®M¥ó¥u¬O map ªí¡A¦³­Ê¤Ñ¦r¶°¥i¥Î¡C</para>
+ <para>¼g¤@­Ó sh script(mkfont) ¤º®e¦p¤U¡G</para>
+ <programlisting>
+=== mkfont begin ===
+#!/bin/sh
+#
+# By Edward G.J. Lee 2001.11.25
+# This code is Public Domain.
+#
+if [ $# -ne 1 ]
+then
+ echo "Usage: `basename $0` your.ttf"
+ exit 1
+fi
+
+echo
+echo "Now create *.t1a and *.enc and *.afm files. Wait... "
+echo
+FONTNAME=$1
+MAPFILE=/usr/local/share/ttf2pt1/maps/cubig5.map
+n=1
+while [ $n -lt 10 ]
+do
+ m=0$n
+ ttf2pt1 -GE -pft -Ohub -W0 -L $MAPFILE+$m $FONTNAME ${FONTNAME%.ttf}$m
+ n=`expr $n + 1`
+done
+
+m=10
+while [ $m -lt 56 ]
+do
+ ttf2pt1 -GE -pft -Ohub -W0 -L $MAPFILE+$m $FONTNAME ${FONTNAME%.ttf}$m
+ m=`expr $m + 1`
+done
+
+# avoid dvips(k)(before v5.86) t1part module bug.
+#
+perl -pi -e 's/_/Z/g' *.t1a *.afm
+
+echo
+echo "Now create *.pfb, wait... "
+echo
+for ps in *.t1a
+do
+ t1asm -b $ps &gt; ${ps%.t1a}.pfb
+done
+
+echo
+echo "Now create *.tfm, wait... "
+echo
+for afm in *.afm
+do
+ afm2tfm $afm
+done
+
+AFM=${FONTNAME%.ttf}-afm
+TFM=${FONTNAME%.ttf}-tfm
+PFB=${FONTNAME%.ttf}-pfb
+ENC=${FONTNAME%.ttf}-enc
+rm -f *.t1a
+mkdir -p $AFM $TFM $PFB $ENC
+mv -f *.enc $ENC
+mv -f *.afm $AFM
+mv -f *.tfm $TFM
+mv -f *.pfb $PFB
+echo
+echo "OK, all done. :-)"
+echo
+=== mkfotn end ===</programlisting>
+ <para>¦b¤@­Ó¿W¥ß¥Ø¿ý©ñ mkfont(­n¥ý chmod +x mkfont)¡A
+ ¦A§â¦r«¬¸m©ó¦P¤@¥Ø¿ý¡C</para>
+ <para>* ¤@¨Ç¸ô®|¦³¤£¤@¼Ëªº¸Ü¡A½Ð¦Û¦æ­×§ï¡C</para>
+ <para>³o¸Ì¥H¤å¹©²Ó¤W®ü§º©M¤å¹©¤¤·¢¬°¨Ò¡G</para>
+ <para><command>./mkfont bsmi00lp.ttf; ./mkfont bkai00mp.ttf</command></para>
+ <para>§Y¥i¡C§¹¦¨«á·|²£¥Í afm, euc, tfm, pfb µ¥¥|­Ó¥Ø¿ý¡A¸Ì­±³£¬O¦r«¬¸ê®Æ¡C</para>
+ <para>±N¸ê®Æ·h²¾¨ì©ÒÄݪº¦a¤è(arphic ¥Ø¿ý½Ð¦Û¦æ«Ø¥ß)¡C</para>
+ <para>afm copy ¦Ü /usr/local/share/texmf/fonts/afm/arphic¡C</para>
+ <para>tfm copy ¦Ü /usr/local/share/texmf/fonts/tfm/arphic¡C</para>
+ <para>pfb copy ¦Ü /usr/local/share/texmf/fonts/type1/arphic¡C</para>
+ <para>euc copy ¦Ü /usr/local/share/texmf/dvips/arphic¡C</para>
+ <para>·s¼W /usr/local/share/texmf/dvips/config/aming.map ¤º®e¦p¤U¡G</para>
+ <programlisting>
+bsmi00lp01 ShanHeiSun-Light-01 &lt;bsmi00lp01.pfb
+bsmi00lp02 ShanHeiSun-Light-02 &lt;bsmi00lp02.pfb
+...
+bsmi00lp55 ShanHeiSun-Light-55 &lt;bsmi00lp55.pfb </programlisting>
+ <para>·s¼W /usr/local/share/texmf/dvips/config/akai.map ¤º®e¦p¤U¡G</para>
+ <programlisting>
+bkai00mp01 ZenKai-Medium-01 &lt;bkai00mp01.pfb
+bkai00mp02 ZenKai-Medium-02 &lt;bkai00mp02.pfb
+...
+bkai00mp55 ZenKai-Medium-55 &lt;bkai00mp55.pfb</programlisting>
+ <para>¦b /usr/local/share/texmf/dvips/config/config.ps ¥[¤J¡G</para>
+ <programlisting>
+p +aming.map
+p +akai.map </programlisting>
+ <para>·s¼W /usr/local/share/texmf/dvips/config/bsmi00lp.map ¤º®e¦p¤U¡G</para>
+ <programlisting>
+bsmi00lp01 &lt;bsmi00lp01.enc &lt;bsmi00lp.ttf
+bsmi00lp02 &lt;bsmi00lp02.enc &lt;bsmi00lp.ttf
+...
+bsmi00lp55 &lt;bsmi00lp55.enc &lt;bsmi00lp.ttf</programlisting>
+ <para>·s¼W /usr/local/share/texmf/dvips/config/bkai00lp.map ¤º®e¦p¤U¡G</para>
+ <programlisting>
+bkai00mp01 &lt;bkai00mp01.enc &lt;bkai00mp.ttf
+bkai00mp02 &lt;bkai00mp02.enc &lt;bkai00mp.ttf
+...
+bkai00mp55 &lt;bkai00mp55.enc &lt;bkai00mp.ttf</programlisting>
+ <para>* bsmi00lp.ttf,bkai00mp.ttf ­n¸m©ó kpathsea §ä±o¨ìªº¦a¤è¡A¦p
+ /usr/local/share/texmf/fonts/truetype (¥Ø¿ý¥i¦Û¦æ«Ø¥ß)¡C</para>
+ <para>­×§ï /usr/local/share/texmf/pdftex/config/pdftex.cfg¡A¥[¤J¡G</para>
+ <programlisting>
+map +bsmi00lp.map
+map +bkai00mp.map</programlisting>
+ <para>·s¼W /usr/local/share/texmf/tex/latex/CJK/Bg5/c00aming.fd ¤º®e¦p¤U¡G</para>
+ <programlisting>
+\def\fileversion{4.2.0}
+\def\filedate{2001/09/28}
+\ProvidesFile{c00aming.fd}[\filedate\space\fileversion]
+\DeclareFontFamily{C00}{aming}{}
+\DeclareFontShape{C00}{aming}{m}{n}{<-&gt; CJK * bsmi00lp}{}
+\DeclareFontShape{C00}{aming}{bx}{n}{<-&gt; CJK * bkai00mp}{}
+\endinput</programlisting>
+ <para>·s¼W /usr/local/share/texmf/tex/latex/CJK/Bg5/c00bsmi00lp.fd ¤º®e¦p¤U¡G</para>
+ <programlisting>
+\def\fileversion{4.2.0}
+\def\filedate{2001/09/28}
+\ProvidesFile{c00bsmi00lp.fd}[\filedate\space\fileversion]
+\DeclareFontFamily{C00}{bsmi00lp}{}
+\DeclareFontShape{C00}{bsmi00lp}{m}{n}{<-&gt; CJK * bsmi00lp}{}
+\DeclareFontShape{C00}{bsmi00lp}{bx}{n}{<-&gt; CJK * bkai00mp}{}
+\endinput</programlisting>
+ <para>³o¼Ë²ÊÅé¦r·|¥h¿ï¥Î¤å¹©·¢®ÑÅé(­Ó¤H¤£³ßÅw¼ÒÀÀ¥X¨Óªº²ÊÅé¦r)¡C
+ ·íµM·¢®ÑÅé¤]­n¦Û¦æ«ö¤W­z¤èªk»s§@¥X¨Ó¡C</para>
+ <para>°õ¦æ texhash(or mktexlsr)¡C³o¼Ë´N¥i¥H¤F¡A­n¨Ï¥Î©úÅé´N¨Ï¥Î
+ aming ªº¦r«¬¦WºÙ¡A­n¨Ï¥Î·¢Åé´N¨Ï¥Î akai(¨Ì¤W­z¤èªk°µ¤@­Ó c00akai.fd)¡C</para>
+ <para>·íµM¡ACJK ªº¨Ï¥Î¤èªk¡A½Ð°Ñ¦Ò CJK ©Òªþ¤å¥ó¡A¤@©w­n«ü©w aming
+ ¤~·|¥h¨Ï¥Î©Ò©w¸q¥X¨Óªº¦r«¬¡A§_«h·|¥h§ì CJK ¹w³]¦r«¬¡A
+ ¨º·íµM¤@¯ë¨t²Î¤W¬O¨S¦³ªº¡C</para>
+ <para>¬°¤F°t¦X¤¤¤å Type1 ¦r«¬¡A°õ¦æ dvips ®É½Ð¥[¤W -Ppdf ©Î -Pcmz °Ñ¼Æ¡A
+ ³o¼Ë­^¤å¦r«¬¤~·|¥h¨Ï¥Î Type1¡C</para>
+ <para>³Ì«á°O±o°õ¦æ texhash¡C</para>
+ <para>´ú¸Õ¨Ò¤l</para>
+ <programlisting>
+=== begin ex.tex ===
+\def\Fn{\char}
+\font\Aa=bsmi00lp01 scaled 1000
+\font\CCC=bsmi00lp55 scaled 3000
+\font\CCc=bsmi00lp55 scaled 2000
+\font\Ccc=bsmi00lp55 scaled 1000
+\font\JJJ=bsmi00lp24 scaled 3000
+\font\JJj=bsmi00lp24 scaled 2000
+\font\Jjj=bsmi00lp24 scaled 1000
+{\CCC\Fn108}
+{\CCC\Fn109}
+{\CCc\Fn110}
+{\CCc\Fn111}
+{\Ccc\Fn112}
+{\Ccc\Fn113}
+{\Ccc\Fn114}
+{\JJJ\Fn55}
+{\JJj\Fn95}
+{\Jjj\Fn84}
+{\CCC\Fn101}
+{\CCC\Fn102}
+{\CCc\Fn103}
+{\CCc\Fn104}
+{\Ccc\Fn106}
+{\Ccc\Fn107}
+\bye
+=== end ex.tex ===</programlisting>
+ <para>pdftex ex.tex §Y¥i²£¥Í¤º´O¤¤¤å TTF ªº ex.pdf¡C
+ ¦pªG¦³»s§@¤¤¤å Type1 ¦r«¬¡A«h tex ex.tex ; dvipdf ex
+ «h¬O·|¤º´O¤¤¤å Type1¡A¦U¦ì¥i¤ñ¸û¬Ý¬Ý¨âªÌ¦³¦ó¤£¦P¡C</para>
+ <para>¼g­Ó cjk-latex ½Z¸Õ¬Ý¬Ý§a¡I¦r«¬¦WºÙ­n¨Ï¥Î bsmi00lp¡C§Ú¼gªº
+ sh script ¥u¬O­Ó¥b¦¨«~¡A¥i¯à±o¦h¸Õ´X¦¸¤~·|¦¨¥\¡Chave fun! :)</para>
+ <para>* LaTeX ½Z½Ð¥Î pdflatex¡C</para>
+ <para>­n½sĶ CJK-latex ¤å½Z¡A¥i¦³¨âºØ¤è¦¡¡G</para>
+ <para>1. bg5latex test.tex ; pdflatex test.cjk</para>
+ <para>2. ¼g¤@­Ó sh script(bg5pdflatex) ¤º®e¦p¤U¡G</para>
+ <programlisting>
+=== bg5pdflatex begin ===
+#!/bin/sh
+FILE=`echo $1 | sed -e 's|\(.*\)\.[^/]*$|\1|'`
+bg5conv < $1 &gt; $FILE.cjk
+pdflatex $FILE.cjk
+=== bg5pdflatex end ===</programlisting>
+ <para>chmod +x bg5pdflatex «á¸m©ó PATH ¥i¤Î¤§³B¡C</para>
+ <para>bg5pdflatex test.tex</para>
+ <para>§Y¥i¡C¨ä¹ê³o­Ó script ªº¤º®e©M bg5latex ¬O¤@¼Ëªº¡A¥u¤£¹L¬O§â
+ latex ´«¦¨ pdflatex ¦Ó¤w¡C</para>
+ <para>ps. ¤º®e¦p¦³¿ù»~¡A½Ð¤£§[«ü¥¿¡C</para>
+ <figure>
+ <title>ttf2pt1 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/ttf2pt1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.study-area.org/tips/latex/pdftex.html">
+ ¨Ï¥Î pdfTeX/pdfLaTeX Åý pdf Àɤº´O¤¤¤å TTF/TTC</ulink></para>
+ <para>WWW: <ulink url="http://www.study-area.org/tips/latex/chpdf.html">
+ ¥Ñ TeX/LaTeX »s§@¤¤¤å PDF ÀÉ</ulink></para>
+ <para>WWW: <ulink url="http://www.study-area.org/tips/latex/cjk-ttf.html">
+ CJK/LaTeX environment ¤¤¤å Type1 ¤Î TTF ªº¨Ï¥Î</ulink></para>
+ <para>WWW: <ulink url="http://ttf2pt1.sourceforge.net/">
+ http://ttf2pt1.sourceforge.net/</ulink></para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/converter.sgml b/zh_TW.Big5/books/zh-tut/chapters/converter.sgml
new file mode 100644
index 0000000000..3b4907ca69
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/converter.sgml
@@ -0,0 +1,362 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: converter.sgml,v 1.28 2003/12/08 11:06:41 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="converter">
+ <title>¤¤¤åÂà½X³nÅé</title>
+ <para></para>
+
+ <sect1 id="iconv">
+ <title>iconv</title>
+ <para>¥Ñ©óª©Åvªº°ÝÃD¡AFreeBSD ¤Uªº iconv 2.0 ¤j¬ù¬O 2000 ¦~ªºµ{¦¡¡A
+ ¤]´N¤£¯à GNU libiconv ©Ò¾Ö¦³ªºÂà´«ªí¡A
+ ¦b¨Ï¥Î¤W¤]¬O¦³³\¦h¯ÊÂI¡C</para>
+ <para>¦w¸Ë <filename role="package">converters/iconv</filename>¡C</para>
+ <para>°ò¥»ªº¥Îªk¦³¡G</para>
+ <screen>
+&prompt.user; <userinput>iconv -f gb2312 -t big5 file.gb &gt; file.big5</userinput></screen>
+ <para>¥H¤U¬O¼g C µ{¦¡ªº¤p½d¨Ò¡G</para>
+ <programlisting>
+#include &lt;stdio.h&gt;
+#include "iconv.h"
+
+void
+my_iconv(char *fromcode, char *tocode, char *inbuf, char *outbuf)
+{
+ iconv_t cd;
+ size_t status;
+ char *inbufp, *outbufp;
+ size_t inbytesleft, outbytesleft;
+
+ inbytesleft = strlen(inbuf);
+ outbytesleft = inbytesleft * 5;
+
+ cd = iconv_open(tocode, fromcode);
+ if ((iconv_t) (-1) == cd) {
+ perror ("Error at iconv_open");
+ exit(1);
+ }
+
+ inbufp = inbuf;
+ outbufp = outbuf;
+ status = iconv (cd, &amp;inbufp, &amp;inbytesleft, &amp;outbufp, &amp;outbytesleft);
+ if (status == (size_t) -1)
+ {
+ perror ("Error at my_iconv");
+ }
+
+ status = iconv_close(cd);
+ if (status == (int) -1)
+ {
+ perror ("Error at iconv_close");
+ }
+
+ return;
+}
+
+int
+main(int argc, char* argv[])
+{
+ char *inbuf = "¥[¤W";
+ char *outbuf = (char *) malloc(sizeof (char) * strlen(inbuf)*5);
+
+ my_iconv("Big5", "GBK", inbuf, outbuf);
+ printf("%s -> %s\n", inbuf, outbuf);
+ free(outbuf);
+}</programlisting>
+ <para>¥H¤U¬O½sĶªº¤è¦¡¡G</para>
+ <programlisting>
+gcc -I/usr/local/include -L/usr/local/lib -liconv -o my_iconv my_iconv.c</programlisting>
+ <para>
+ WWW: <ulink url="http://www.dante.net/staff/konstantin/FreeBSD/iconv/">
+ http://www.dante.net/staff/konstantin/FreeBSD/iconv/</ulink></para>
+ </sect1>
+
+ <sect1 id="cn2jp">
+ <title>cn2jp - ¦b¤¤¤å©M¤é¤å¶¡ªº½s½XÂಾ¨ç¦¡®w</title>
+ <para>
+ ¤@­Ó¥i¥H¤¤¤å {GB,Big5,HZ} ©M¤é¤å (EUC-Jis/Shift-Jis/Jis)
+ ¤§¶¡¤¬¬ÛÂà´«ªºµ{¦¡¡C</para>
+ <para>¦w¸Ë <filename role="package">converters/cn2jp</filename>¡C</para>
+ <para>°ò¥»ªº¥Îªk¦³¡G</para>
+ <screen>
+&prompt.user; <userinput>b2j &lt; file.big5 &gt; file.jis</userinput>
+&prompt.user; <userinput>g2j &lt; file.gb &gt; file.jis</userinput>
+&prompt.user; <userinput>j2b &lt; file.jis &gt; file.big5</userinput>
+&prompt.user; <userinput>g2b &lt; file.gb &gt; file.big5</userinput>
+&prompt.user; <userinput>j2g &lt; file.jis &gt; file.gb</userinput>
+&prompt.user; <userinput>b2g &lt; file.big5 &gt; file.gb</userinput></screen>
+ <para>¥t¥~ÁÙ¦³´X­Ó¥i¥H¨Ï¥Îªº Library¡G</para>
+ <programlisting>
+char *lang_big5_to_eucjis(istr)
+ ;translate Big5 in istr to EUC-Jis in allocated buffer
+ ;the allocated buffer is returned and valid until next call
+ ;refer to subdirectory big2jis
+
+char *lang_gb_to_eucjis();
+ ;translate GB in istr to EUC-Jis in allocated buffer
+ ;the allocated buffer is returned and valid until next call
+ ;refer to subdirectory gb2jis
+
+char *lang_eucjis_to_big5(istr)
+ ;translate EUC-Jis in istr to Big5 in allocated buffer
+ ;the allocated buffer is returned and valid until next call
+ ;refer to subdirectory jis2big
+
+char *lang_gb_to_big5(istr)
+ ;translate GB in istr to Big5 in allocated buffer
+ ;the allocated buffer is returned and valid until next call
+ ;refer to subdirectory gb2big
+
+char *lang_eucjis_to_gb(istr)
+ ;translate EUC-Jis in istr to GB in allocated buffer
+ ;the allocated buffer is returned and valid until next call
+ ;refer to subdirectory jis2gb
+
+char *lang_big5_to_gb(istr)
+ ;translate Big5 in istr to GB in allocated buffer
+ ;the allocated buffer is returned and valid until next call
+ ;refer to subdirectory big2gb
+
+int lang_uzpj
+ ;uses the uzpj system for unmappable words
+
+int lang_debug
+ ;turns on the debug info in translation</programlisting>
+ </sect1>
+
+ <sect1 id="autoconvert">
+ <title>autoconvert - ´¼¼zªº¤¤¤å½s½XÂà´«</title>
+ <para>
+ <application>autoconverter</application>
+ ªº¯S¦â¬O¦³¦Û°Ê§PÂ_Âà½X¥\¯à¡A¾A¦X¥Î¦b
+ GB &lt;=&gt; Big5 &lt;=&gt; HZ ¤¬Âà¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/autoconvert</filename>¡C</para>
+ <para>
+ ¦pªG±z¨Ï¥Î <application>procmail</application>¡A¦b
+ <filename>/usr/local/share/autoconvert/procmailrc.example</filename>
+ ©³¤U¦³¤@­Ó±N
+ <application>autoconvert</application> ᒤ@
+ <application>procmail</application> ¹LÂo¾¹ªº½d¨Ò¡C</para>
+ <para><application>autoconvert</application>¨Ï¥Î¤èªk¡G</para>
+ <screen>
+&prompt.user; <userinput>autob5 -i utf8 -o big5 &lt; shed.utf8 &gt; shed.utf8.big5-ac</userinput>
+ </screen>
+ <para>
+ WWW: <ulink url="http://banyan.dlut.edu.cn/~ygh/">
+ http://banyan.dlut.edu.cn/~ygh/</ulink></para>
+ </sect1>
+
+ <sect1 id="c2t">
+ <title>c2t - ÂàĶ GB/Big5 ½s½X¦¨«÷­µ</title>
+ <para>GB(¤j³°)/Big5(¥xÆW)¤¤¤åÂন«÷­µ¤¤¤å¦rÂন­^¤å¦r¥À«÷­µ¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/c2t</filename>¡C</para>
+ <programlisting>
+&prompt.user; <userinput>echo "±z¦n" | b2g | c2t</userinput>
+nin2 hao3</programlisting>
+ </sect1>
+
+ <sect1 id="hc">
+ <title>hc - º~¦rÂà´«¾¹¡A¦b GB ©M Big5 ½s½X¶¡Âà´«</title>
+ <para>
+ º~¦rÂà´«¾¹¡A³o¬O¤@­Ó BIG5 ¤Î GB ½s½XªºÂà´«µ{¦¡¡C </para>
+ <para>GB »P Big5 ÄÝ©ó¨â­Ó¤£¦P²Õ´¦U¦Û¨î©wªº¼Ð·Ç¡A
+ ¹ïÀ³º~¦r½s½XªºÂà´«³£¬O³q¹Lªí®æ¨ÓÂà´«¡A
+ ¥¦­Ì¤§¶¡¤£¦s¦b¥ô¦ó¤º¦bªºÅÞ¿èÃö«Y©Î¨ç¼Æ¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/hc</filename>¡C</para>
+ <para>GB Âର BIG5 ¥Î¡G</para>
+ <screen>
+&prompt.user; <userinput>hc -m g2b -t /usr/local/share/chinese/hc.tab &lt; INPUT_FILE &gt; OUTPUT_FILE</userinput>
+ </screen>
+ <para>BIG5 Âର GB ¥Î¡G</para>
+ <screen>
+&prompt.user; <userinput>hc -m b2g -t /usr/local/share/chinese/hc.tab &lt; INPUT_FILE &gt; OUTPUT_FILE</userinput>
+ </screen>
+ <para>
+ ±z¥i¥H¦Û¤v¼g¤@­Ó shell script ¨Ó²¤Æ¤W­±ªº«ü¥O¡C
+ ©Î¬Oª½±µ¨Ï¥Î¤w¸g¼g¦nªº shell script
+ <command>g2b</command> ©M <command>b2g</command>¡C</para>
+ </sect1>
+
+ <sect1 id="gb2jis">
+ <title>gb2jis - GBº~¦rÂà´«JISº~¦r</title>
+ <para>¦w¸Ë <filename role="package">chinese/gb2jis</filename>¡C</para>
+ <para>¥i¿é¤J¥H¤U½s½X¡G</para>
+ <programlisting>
+GB2312-80 + GB8565-88
+GB2312-80
+¤¤°ê»yEUC (8-bit GuoBiao)
+HZ-encoding</programlisting>
+ <para>¥i¿é¥X¥H¤U½s½X¡G</para>
+ <programlisting>
+JISX0208-1983 + JISX0212-1990
+JISX0208-1983 + JISX0212-1990 + UZPJ
+JISX0208-1983
+JISX0208-1983 + UZPJ
+¤é¥»»yEUC
+¤é¥»»yEUC + UZPJ
+Shift-JIS
+Shift-JIS + UZPJ</programlisting>
+ <para>UZPJ¡]Âù«÷¡^³W«hµ¥¸Ô²Ó»¡©ú½Ð°Ñ¾\
+ <command>man 1 gb2jis</command> ªº¾Þ§@«ü«n¡C</para>
+ </sect1>
+
+ <sect1 id="hztty">
+ <title>hztty - ¦b GB Big5 ©M HZ tty ¤¤Âà´«</title>
+ <para>
+ <application>Hztty</application> ¥i¦b¤£¦P¤¤¤å½s½X®æ¦¡°µÂà´«¡C
+ ¥iÂà´«°ê¼Ð(GB)/ÁcÅé(Big5)/º~¦r(HZ)¼Ð(GB)´N¬O¤j³°¥ÎªºÂ²Åé¦r¡A
+ ÁcÅé(Big5)¬O¥xÆW¥Îªº¡Aº~¦r(HZ)¬O¨ä¥¦¦a°Ï¥Îªº¡A
+ ¦U¦a°Ï¦³¤£¦Pªº¤¤¤å½s½X¡A¦³¤F¦¹µ{¦¡Åý¤£¦P¦a°Ï¶¡ªº¤¤¤å·¾³q§ó¶¶ºZ¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/hztty</filename>¡C</para>
+ <para>
+ ¥Îªk«Ü²³æ¡A¦pªG±z­n¦b Big5 ªºÀô¹Ò©³¤U³s¤W GB ªº
+ BBS¡A¥u­n¨Ì·Ó¥H¤Uªº¨BÆJ¡G</para>
+ <screen>
+&prompt.user; <userinput>hztty -I big2gb -O gb2big</userinput>
+[hztty started] [using /dev/ttyp3]
+&prompt.user; <userinput>telnet bbs.tsinghua.edu.cn</userinput>
+&prompt.user; <userinput>exit</userinput>
+exit
+
+[hztty exited]</screen>
+ <para>
+ ³o¼Ë¤l´N¥i¥H¿é¥X¦Û°Ê±N²ÅéÂରÁcÅé¡A¨Ã±N¿é¤J¦Û°Ê¥ÑÁcÅéÂର²Åé¡A
+ ´N¥i¥H«Ü¤è«Kªº»P¨Ï¥Î²Å骺¤H·¾³q¤F¡C</para>
+ <para>
+ bbs.tsinghua.edu.cn(¤ô¤ì²MµØ) ¦³ FreeBSD ªº°Q½×ª©¡C</para>
+ <figure>
+ <title>hztty snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/hztty" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="jis2gb">
+ <title>jis2gb - JISº~¦rÂà´«GBº~¦r</title>
+ <para>¦w¸Ë <filename role="package">chinese/jis2gb</filename>¡C</para>
+ <para>¥i¿é¤J¥H¤U½s½X¡G</para>
+ <programlisting>
+JISX0208-1983 (JISC6226-1978)
+JISX0212-1990
+¤é¥»»yEUC
+Shift-JIS</programlisting>
+ <para>¥i¿é¥X¥H¤U½s½X¡G</para>
+ <programlisting>
+GB2312-80 + GB8565-88
+GB2312-80
+¤¤°ê»yEUC (8-bit GuoBiao)
+HZ-encoding</programlisting>
+ <para>¸Ô²Ó»¡©ú½Ð°Ñ¾\
+ <command>man 1 jis2gb</command> ªº¾Þ§@«ü«n¡C</para>
+ </sect1>
+
+ <sect1 id="pycodec">
+ <title>pycodec - ¤¤¤å½X/¸U°ê½XÂà´«µ{¦¡</title>
+ <para>
+ ³o­Ó®M¥ó¤ä´©Python©MC¨âºØ¤¶­±¡A¥iÂà´«¤¤¤å½X©M¸U°ê½X(Unicode)¡C
+ ¦pªG±z¥u¥ÎPython¼gµ{¦¡¡A½Ð±Ä¥ÎPython¤¶­±¡C
+ µM¦Ó¡A¦pªG±z³ßÅwC¡A¥i¥H¸ÕµÛ¨Ï¥ÎC¤¶­±¡C
+ C¤¶­±¬O¥ÎPython/C API¼g¥X¨Óªº¡A¥Øªº¬O¬°¤F±o¨ì¸û¨Îªº®Ä¯à¡C
+ ´N¥Ø«e¦Ó¨¥¡APython¤¶­±¾A¥ÎGNU/Linux©MWindows¨t²Î¡A
+ ¦ý¬O¡A³o¤@ª©ªºC¤¶­±¥u¯à¥Î©óGNU/Linux¨t²Î¡C</para>
+ <para>¦w¸Ë <filename role="package">converters/py-cjkcodecs</filename>¡C</para>
+ <para>¦bdemo/¤l¥Ø¿ý¤U¡A±z¥i¥H§ä¨ìtest_*.py¡F
+ ³o¬O¥Î¨Ó¥Ü½d¦p¦ó§â¤¤¤å½XÂà´«¦¨Unicode¡A
+ ©ÎªÌ±qUnicodeÂà´«¦¨¤¤¤å½X¡C</para>
+ <para>
+ ¦bchinesetw/¤l¥Ø¿ý¤U¡A¦³¥|­Ó¹ï·ÓªíÀɮסA¦p¤U©Ò¥Ü¡G</para>
+ <programlisting>
+o big52utf1.py
+o big52utf2.py
+o utf2big51.py
+o utf2big52.py</programlisting>
+ <para>
+ ¥DÀɦW¤¤³Ì«á¤@­Ó¼Æ¦r¬O«üBIG5½Xªº¼h¯Å¡A¦pbig52utf1.py«üªº´N¬O²Ä¤@¼h
+ BIG5½X¡A¦Óbig52utf2.py«üªº´N¬O²Ä¤G¼hBIG5½X¡C
+ ¥Ñ©ó²Ä¤@¼hBIG5½X©w¸qªº³£¬O³Ì±`¥Îªº¤¤¤å¦r¡A
+ ¦]¦¹¡A§â²Ä¤@¼h©M²Ä¤G¼h¤À¶}¡A¦h¤Ö¦³§U©ó¥[§ÖÃã¨åªº·j´M³t«×¡C</para>
+ <para>
+ ¦¹¥~¡A­Ê¤Ñª©ªºBig5©Î¬OBig5 Plus¨Ã¤£«OÃүॿ±`¹B§@¡C</para>
+ <para>
+ C¤¶­±¡G¨C­Ó¦@¨É¼Ò²Õ¤¤¥u¦³¨â­Ó¤è¨ç¡Gdecode()©Mencode()¡C
+ ±z¥i¥H§âBIG5¦r¦êÂন¸U°ê½X¦r¦ê¡A¤]¥i¥Hª½±µÂনUTF-8©ÎUTF-16¡C
+ ³Ì­ì©lªº¥Îªk¡A½Ð°Ñ¨£½d¨Ò¡C</para>
+ <programlisting>
+#!/usr/local/bin/python
+twstring = "³o¬O¤@­Ó´ú¸Õ, ­^¤å¬O\"This is a test.\"\n" + \
+ "¥ý§âBIG5½XÂà´«¦¨Unicode, ¦A§âUnicodeÂà\n" + \
+ "¦^BIG5½X. ®ÄªGÁÙ¤£¿ù, ¦ý®Ä¯à®t¤@ÂI."
+uni = unicode(twstring, "big5_tw")
+bstring = uni.encode("big5_tw")
+print "Original BGI5 encoded string:"
+print twstring
+print "Transcode to Unicode encoding:"
+print repr(uni)
+print "Print as a BIG5 encoded string:"
+print bstring</programlisting>
+ <para>
+ WWW: <ulink url="http://sourceforge.net/projects/python-codecs/">
+ http://sourceforge.net/projects/python-codecs/</ulink></para>
+ </sect1>
+
+ <sect1 id="fzzdxfw">
+ <title>fzzdxfw - ¤è¥¿¤¤µ¥½uÁcÅé</title>
+ <para>Contributed by ¶h±á (weonfu@hotmail.com)</para>
+ <para>Last Update: 2003¦~ 4¤ë 6¤é ©P¤é 15®É43¤À29¬í CST</para>
+ <para>§â²Åéºô¯¸ª½±µÅÜÁcÅ骺¤è¦¡¥Ø«e¦³¤£¤ÖºØ¡A
+ ¨Ï¥Î«n·¥¬Pªº³nÅé¡A¨Ï¥Î¤¤¤¶«¬ºô¯¸¨Ò¦p
+ <ulink url="http://chinagate.yam.com/">
+ µfÁ¦ÃêºÂ²Åéºô­¶ÁcÅé¤Æ</ulink>¡A
+ ¥t£¸ºØ´N¬Oª½±µ±q¦r«¬¤U¤â¡C
+ ¦b³oÃä´£¨Ñ±q¦r«¬¤U¤âªº¤è¦¡¡C</para>
+ <para><application>fzzdxfw</application> ¦r«¬ªº¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/fzzdxfw</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>¦w¸Ë§¹«á¡A¥i¥H¥Î ttfm.sh --list xttfm ¨Ó¬d¬Ý¬O§_¦³¸Ë¦n¡C</para>
+ <programlisting>
+FZZDXFW.TTF -misc-FZZhongDengXian_Z07T-medium-r-normal--0-0-0-0-c-0-gb2312.1980-0
+FZZDXFW.TTF -misc-FZZhongDengXian_Z07T-medium-r-normal--0-0-0-0-p-0-iso8859-1
+FZZDXFW.TTF -misc-FZZhongDengXian_Z07T-medium-r-normal--0-0-0-0-c-0-iso10646-1</programlisting>
+ <para>½T»{«á¡A³]©w Mozilla ªº¦r«¬°t¸m¡A
+ ÁcÅé¦r«¬»P¼Ú¬ü¦r«¬ªº³¡¤À«O«ù­ì³]©w¡A
+ ¥u»Ý­n­×§ï²Åé¦r«¬ªº³¡¤À¡C</para>
+ <para>¦pªG¬O IE ªº¨Ï¥ÎªÌ¥i¥H±N¦r«¬¦w¸Ë¨ì
+ <filename>C:/WINDOWS/Fonts</filename> ¤§¤U¡A
+ µM«á¶}±Ò IE¡A<option>¤u¨ã -&gt; ºô»Úºô¸ô¿ï¶µ -&gt; £¸¯ë -&gt;
+ ¦r«¬ -&gt; ¦r¶°: ²Å餤¤å -&gt; ºô­¶¦r«¬: FZZhongDengXian-Z07T -&gt;
+ ¯Â¤å¦r¦r«¬: FZZhongDengXian-Z07T</option>¡A
+ ¨Ã¥B­×§ï <option>¤u¨ã -&gt; ºô»Úºô¸ô¿ï¶µ -&gt; £¸¯ë -&gt;
+ ¦s¨ú³]©w -&gt; ²¤¹LWabºô­¶¤W«ü©w¦r«¬¼Ë¦¡</option>
+ ¤Ä°_¨Ó¡A¥i¥H¨¾¤îºô­¶ª½±µ¼g¦º¦r«¬¡C</para>
+ <figure>
+ <title>fzzdxfw snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/fzzdxfw" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>DL: <ulink url="http://dl1.51soft.com:8080/51fonts/cnfont/fangzheng/fzzdxfw.zip">
+ ¤è¥¿¤¤µ¥½uÁcÅé¤U¸ü¦ì§}</ulink></para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/zh-tut/chapters/devel.sgml b/zh_TW.Big5/books/zh-tut/chapters/devel.sgml
new file mode 100644
index 0000000000..d56f6360cf
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/devel.sgml
@@ -0,0 +1,985 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: devel.sgml,v 1.53 2003/12/08 11:09:26 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="devel">
+ <title>¤¤¤åµ{¦¡³]­p</title>
+ <para>
+ ¥H¤U¬O¤@¨Ç³nÅé¦b¤¤¤å¤ä´©¤è­±¡A§Q¥Îµ{¦¡ªº§PÂ_¡C</para>
+ <para>
+ ­ì«h¤W¦pªG¬O¥Î gtk ¼gªº³nÅé¡A¸Ì­±¦³©I¥s¨ì gtk_set_locale()
+ ³o­Ó¨ç¦¡ªº¸ÜÀ³¸Ó³£¨S°ÝÃD¡C</para>
+ <para>
+ ¦pªG¬O¨ä¥Lªº X ³nÅé¥i¯à­n§ä¤@¤U source ¸Ì­±¦³¨S¦³
+ setlocale(LC_CTYPE, NULL);
+ ¤Î XIM ¬ÛÃö¨ç¦¡©I¥s±¡§Î¡C¦pªG¦³¿í·Ó¥¿²Î°µªk¡A
+ <application>xcin2.5</application> À³¸Ó³£¥i¥H¸ò¥¦·f°t¨}¦n¡C</para>
+ <para>
+ Qt ¨S¸I¹L¡A©Ò¥H¤£ª¾¹D¥L«ç»ò¹B§@¡C¤£¹L²q·Q XIM ³o¬qÀ³¸Ó¸ò
+ gtk ¤j¦P¤p²§¡C</para>
+ <para>
+ ¥Î xforms ¼gªº³nÅéÀ³¸Ó·|¦³°ÝÃD¡C</para>
+ <para>
+ ¥Î X11R6.4 ª©¥H«áªº Xt/Xaw ¼gªº³nÅéÀ³¸Ó¬O¨S°ÝÃD¡A
+ °O±o¦b .Xdefaults ¸ÌÀY¥[¤J <option>*international:true</option>
+ ¡B<option>*fontSet:-*-iso8859-1,-*-16-*-big5-0</option>
+ µ¥µ¥¡C</para>
+ <para>¥Î fltk ¼gªº³nÅé¦ü¥G¤]¨S¤ä´© XIM¡C</para>
+
+ <sect1 id="freebsd-prog">
+ <title>¦b FreeBSD ¤U¼gµ{¦¡À³¸Óª`·Nªº°ÝÃD</title>
+ <para>
+ ¦bFreeBSD¤U¼gµ{¦¡¡Aµ²ªGµo²{¤@­Ó¤¤¤åªº°ÝÃD¡A
+ ¨Ò¦p¦r¦ê¤¤¥]§t³o"³\"³o­Ó¦r¡A¦]¬°³\¦rªº¤U¥b½X¬O
+ ascii¤¤ªº\²Å¸¹¡Aµ²ªG´N·|³y¦¨¿ù»~¡A½Ð°Ý³oºØ±¡§Î
+ À³¸Ó¦p¦ó¸Ñ¨M¡H¤SÁÙ¦³¨S¦³¨ä¥Lªº½X¦³³oºØ°ÝÃD¡H</para>
+ <para>¦bµ{¦¡¤¤¸Ó¦r«e¥[¤@­Ó '\'¡AÁÙ¦³«Ü¦h¦³³o­Ó°ÝÃD©O¡A¦p¤U¡G</para>
+ <programlisting>
+5C +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
+A0 ¡\ ¢\ £\ ¤\ ¥\ ¦\ §\ ¨\ ©\ ª\ «\ ¬\ ­\ ®\ ¯\
+B0 °\ ±\ ²\ ³\ ´\ µ\ ¶\ ·\ ¸\ ¹\ º\ »\ ¼\ ½\ ¾\ ¿\
+C0 À\ Á\ Â\ Ã\ Ä\ Å\ Æ\ Ç\ È\ É\ Ê\ Ë\ Ì\ Í\ Î\ Ï\
+D0 Ð\ Ñ\ Ò\ Ó\ Ô\ Õ\ Ö\ ×\ Ø\ Ù\ Ú\ Û\ Ü\ Ý\ Þ\ ß\
+E0 à\ á\ â\ ã\ ä\ å\ æ\ ç\ è\ é\ ê\ ë\ ì\ í\ î\ ï\
+F0 ð\ ñ\ ò\ ó\ ô\ õ\ ö\ ÷\ ø\ ù\ </programlisting>
+ <para> '\' ªº ASCII code ¬O \0x5c¡A±q [\0xa1-\0xf9][\0x5c]
+ ³£·|¦³³o­Ó°ÝÃD¡C</para>
+ <programlisting>
+#!/usr/bin/perl
+#
+# create code table (Big5) [\0xa1-0xf9][\0x40-\0x7e\0xa1-\0xfe]
+#
+
+# ÁcÅ餤¤å (Big5) ¤å¦r¤º½Xªíªº²£¥Í
+open (OUT, "&gt; big55c.txt"); select OUT;
+
+# ¤å¦r¤º½Xªíªº²£¥Í
+# ¶}ÀYªºªí¥Ü
+print "\n5C ";
+print "+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F\n";
+$c = 1; # 1¦æ¤å¦r¼Æ(16¤å¦r)
+$head = "";
+$line = "";
+for ($c1 = 0xA0; $c1 i&lt;= 0xF9; $c1++) { # $c1 ¬O²Ä¤@­Ó¦ì¤¸ [\0xa1-\0xf9]
+ $c2=0x5c;
+ # ¶}ÀY²Ä¤@­Ó¦r
+ if ("$head" eq "") {
+ $head = sprintf ("%02X ", $c1);
+ }
+
+ $line .= " "; # ¤å¦r¶¡ªºªÅ¥Õ
+ if ($c1 == 0xA0) {
+ $line .= " ";
+ } else {
+ $line .= pack("CC", $c1, $c2);
+ }
+
+ if ($c == 16 || $c1 ==0xf9) { # 16¤å¦rªí¥Ü¤@¦æ
+ print "$head$line\n";
+ $head = "";
+ $line = "";
+ $c = 1;
+ } else {
+ $c++;
+ }
+}
+close(OUT);
+
+exit;</programlisting>
+ </sect1>
+
+ <sect1 id="jsp-servlet">
+ <title>JSP / Servlet «ç¼Ë¤~¯à³B²z¤¤¤å¡H</title>
+ <para>
+ ¾G­ì¯u &a.ycheng; Copyright 2000.</para>
+ <para>
+ ¥»¤åª©Åv : GPL or BSD style¡A½Ð«O¯d§@ªÌ©m¦W¡C</para>
+ <para>
+ ¥»¤å°²³]±z¤w¸g·|¨Ï¥Î JSP ©Î¬O Servlet ¼¶¼g­^¤åªº Web-Page¡C
+ ¦pªG±zÁÙ¤£·|¡A©Î¬O®Ú¥»¤£ª¾¹D JSP ©Î¬O Servlet ¬O·F¤°»òªº¡A
+ ¨º³o½g¤å³¹¤£¬O¼gµ¹±z¬Ýªº¡C</para>
+ <para>
+ ¦b Java Servlet Spec v2.0 ¤¤¡A¹ï©ó¦h°ê»y¨¥ªº¤ä´©¡A¨Ã¤£¨¬¡C
+ ±z¥²¶·§ä¨ì Java Servlet Spec v2.2 ªº¹ê§@¤~¦æ¡Aµ§ªÌ¸Õ¹Lªº
+ ¬O Apache Jakarta Tomcat 3.1 ³nÅé(µù¤@¡^¡C</para>
+ <para>
+ ¥»¤å´ú¸Õ¥­¥x¬O Debian Woody, Sun jdk1.2.2, Tomcat 3.1,
+ mm.mysql-2.0.2</para>
+ <para>Java Server ¦p¦ó³B²z¤¤¤å¡C</para>
+ <para>«e¨¥</para>
+ <para>
+ ­º¥ý¡A¦p¦ó¥¿½Tªº¤F¸Ñ±z¤@­Ó Big5 ¤¤¤å¦b Java ¤¤¬O¥¿½Tªº
+ ¤¤¤å Unicode ©O¡H</para>
+ <para>
+ ¿é¥X¤@­Ó String("¤µ").length() §a ! ¥Ñ©ó "¤µ" ¦b Big5 ¬O¥Ñ¨â­Ó
+ byte ²Õ¦¨¡A¦ý¹ï java ¨Ó»¡¡Ajava ªº¦r¤¸¬O unicode¡A¤]´N¬O»¡¡A
+ µL½×¬O¤@­Ó­^¤å¦r©Î¬O¤@­Ó¤¤¤å¦r¡A¨ä length() ³£¬O 1. ¤]´N¬O»¡¡A
+ (new String("¤µ")).length() ==&gt; 1¡C¤~¬O¥¿½Tªº¡C</para>
+ <para>Servlet ¿é¥X¤¤¤åªº¤@­Ó¨Ò¤l¡C</para>
+ <para>¤U­±¬O¤@­Ó¨å«¬ªº Java Servlet¡C</para>
+ <programlisting>
+HelloWorldExample.java =&gt;
+----------- cut here -----------------
+import java.io.*;
+import java.text.*;
+import java.util.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+public class HelloWorldExample extends HttpServlet {
+
+ public void doGet(HttpServletRequest request,
+ HttpServletResponse response)
+ throws IOException, ServletException
+ {
+ response.setLocale(new Locale(new String("zh"), new String("TW")));
+ response.setContentType("text/html");
+ PrintWriter out = response.getWriter();
+
+ out.println("&lt;html&gt;");
+ out.println("&lt;head&gt;");
+
+ String title = new String("hello ¤j®a¦n");
+
+ out.println("&lt;title&gt;" + title + "&lt;/title&gt;");
+ out.println("&lt;/head&gt;");
+ out.println("&lt;body bgcolor=\"white\"&gt;");
+ out.println("&lt;body&gt;");
+
+ out.println("&lt;p&gt;");
+
+ out.println("&lt;h1&gt;" + title + "&lt;/h1&gt;");
+ out.println("&lt;/body&gt;");
+ out.println("&lt;/html&gt;");
+ }
+}
+----------- cut here -----------------</programlisting>
+ <para>¥i¥H¥¿±`¿é¥X¤¤¤åªºÃöÁä¬O¡G</para>
+ <programlisting>
+ response.setLocale(new Locale(new String("zh"), new String("TW")));</programlisting>
+ <para>ª`·N³o¤@¦æÀ³¸Ó­n©ñ¦b</para>
+ <programlisting>
+ PrintWriter out = response.getWriter();</programlisting>
+ <para>¤§«e°õ¦æ¡C¥t¥~½sĶ®Éª`·N</para>
+ <programlisting>
+ javac -encoding Big5 HelloWorldExample.java</programlisting>
+ <para>©Î¬O (linux ¤Wªº jdk1.2.2)</para>
+ <programlisting>
+ export LANG=zh_TW.Big5
+ export LC_CTYPE=zh_TW.Big5
+ javac HelloWorldExample.java</programlisting>
+ <para>
+ ª`·N¡A³o­Ó¨Ò¤l¦b jserv v1.1.2 ¨Ã¤£¯à work¡A¦]¬°¸Óª©¥»¹ê°µªº
+ JavaSoft Java Servlet APIs 2.0, ¦Ó setLocale ¬O¨ì
+ Servlet APIs 2.2 ¤~¦³¡C</para>
+ <para>Java Server Page ¦p¦ó³B²z¤¤¤å</para>
+ <para>¦b¦¹Â²²¤»¡©ú¡A¥ý¬Ý¤U­±ªº¨Ò¤l¡G</para>
+ <programlisting>
+test.jsp
+----------------------
+&lt;%@ page contentType="text/html; charset=big5" %&gt;
+&lt;html&gt;
+&lt;body bgcolor="white"&gt;
+ ¤¤¤åTEST.&lt;p&gt;
+ &lt;%= (new String("¤µ¤Ñ")).length() %&gt;
+ out.println("¤j®a¦n");
+&lt;/body&gt;
+&lt;/html&gt;
+----------------------</programlisting>
+ <para>ÃöÁä¦b²Ä¤@¦æ¡C¦³¤F³o¤@¦æ´N¦æ¤F¡C</para>
+ <para>¦Ó¦pªG¨Ï¥Î POST ®É¡A­n¨Ï¥Î¤¤¤å´N¥ý¬Ý¤U­±ªº¨Ò¤l</para>
+ <programlisting>
+test2.jsp
+----------------------
+&lt;html&gt;
+&lt;head&gt;
+ &lt;title&gt;Instropection&lt;/title&gt;
+&lt;/head&gt;
+&lt;meta http-equiv="Content-Type" content="text/html; charset=big5"&gt;
+&lt;body&gt;
+&lt;body bgcolor="#FFFFFF" text="#000000"&gt;
+&lt;form name="form1" action="test3.jsp" method="post" &gt;
+ &lt;p&gt; ©m¦W¡G
+ &lt;input type="text" name="name"&gt;
+ &lt;/p&gt;
+ &lt;p&gt;½s¸¹¡G
+ &lt;input type="text" name="number"&gt;
+ &lt;/p&gt;
+ &lt;p&gt;
+ &lt;input type="submit" value="¶Ç°e"&gt;
+ &lt;input type="reset" value="²M°£"&gt;
+ &lt;/p&gt;
+&lt;/form&gt;
+&lt;/body&gt;
+&lt;/html&gt;
+----------------------
+
+test3.jsp
+----------------------
+&lt;%@ page language="java" contentType="text/html;charset=Big5" %&gt;
+&lt;html&gt;
+&lt;head&gt;
+ &lt;title&gt;Instropection&lt;/title&gt;
+&lt;/head&gt;
+&lt;body&gt;
+&lt;%
+ String name = new String(request.getParameter("name").getBytes("ISO-8859-1"), "Big5");
+ String number = request.getParameter("number");
+%&gt;
+©m¦W¡G&lt;%= name %&gt;
+&lt;br&gt;½s¸¹¡G&lt;%= number %&gt;
+&lt;/body&gt;
+&lt;/html&gt;
+----------------------</programlisting>
+ <para>
+ ÃöÁä¦b©ó String(str.getBytes("ISO-8859-1"), "Big5")¡A
+ java.lang.String ªº«Øºc¨ç¦¡¥i¥H²£¥Í«ü©w¯S©w»y¨tªº String¡A
+ ³z¹L³o­Ó½d¨Ò¡A¥i¥H¨Ï String ¥¿½T¦aÂà´«¤¤¤å¡C</para>
+ <para>For Hacker¡G</para>
+ <para>
+ ²z½×¤W³o¤@¦æ¥i¥H©ñ¦b¤å¥óªº¥ô¦ó¦a¤è¡A¦ý¥Ñ©ó Java ®É°µ¤W
+ ¶}Àɮ׫á³q±`´N¥²¶·«ü©w encoding¡A·í java jsp engine µo²{
+ charset ¸ò default ¤£¦P®É¡A³q±`¥²¶·­«·s¶}ÀɮסC©Ò¥H¹ê°µ¤W
+ ³o¤@¦æ©ñ¦b¶V«e­±¶V¦n¡C¤£¹L¸Ü¬O³o¼Ë»¡¡A¥Ñ©ó³q±` jsp ·|¦b
+ run time ³Q compile ¦¨ java bytecode¡A¤]´N¬O»¡¥u¦³¦b
+ .jsp §ó·s®É¤~»Ý­n recompile¡Coverhead ¹ê¦b¦³­­¡C</para>
+ <para>
+ µù¤@¡G½Ð¨ì http://jakarta.apache.org/ ¤U¥h Download¡C</para>
+ </sect1>
+
+ <sect1 id="java-mysql">
+ <title>Java ³sµ²¨ì MySql ¦p¦ó¨Ï¥Î¤¤¤å¡H</title>
+ <para>¾G­ì¯u &a.ycheng; Copyright 2000.</para>
+ <para>¥»¤åª©Åv : GPL or BSD style¡A½Ð«O¯d§@ªÌ©m¦W¡C</para>
+ <para>
+ ¥»¤å°²³]±z¤w¸g·|¨Ï¥Î JSP ©Î¬O Servlet ¼¶¼g­^¤åªº Web-Page¡C
+ ¦pªG±zÁÙ¤£·|¡A©Î¬O®Ú¥»¤£ª¾¹D JSP ©Î¬O Servlet ¬O·F¤°»òªº¡A
+ ¨º³o½g¤å³¹¤£¬O¼gµ¹±z¬Ýªº¡C</para>
+ <para>
+ ¦b Java Servlet Spec v2.0 ¤¤¡A¹ï©ó¦h°ê»y¨¥ªº¤ä´©¡A¨Ã¤£¨¬¡C
+ ±z¥²¶·§ä¨ì Java Servlet Spec v2.2 ªº¹ê§@¤~¦æ¡Aµ§ªÌ¸Õ¹Lªº
+ ¬O Apache Jakarta Tomcat 3.1 ³nÅé(µù¤@¡^¡C</para>
+ <para>
+ ¥»¤å´ú¸Õ¥­¥x¬O Debian Woody, Sun jdk1.2.2, Tomcat 3.1,
+ mm.mysql-2.0.2</para>
+ <para>
+ Java ¥H jdbc ³sµ²¨ì databases server¡AMySql ¦³ Free ªº
+ jdbc driver¡C¥H¤U¤£ÀÀ»¡©ú¦p¦ó¨Ï¥Î jdbc¡A¶È»¡©ú¦p¦ó­×§ï
+ ±zªº code ¨Ï¥i¥H¥Î¤¤¤å¡C</para>
+ <para>
+ mysql Àx¦s¤¤¤å¸ê®Æ¦³¨âºØ¤èªk¡A²Ä¤@ºØ¬O¨Ï¥Î big5 ¤º½XÀx¦s¡A
+ ¨äÀuÂI¬O¸`¬ÙµwºÐ/°O¾ÐÅéªÅ¶¡¡A¬Û¸û©ó¨Ï¥Î UTF8 ¤§¤U¡A­Y¿é¥X
+ ¬° Big5¡A§ó¬Ù¥h¤@¦¸ªº Unicode (UTF8) »P Big5 »Ý­n¸g¹L
+ Table lookup ªºÂà´«¡C¦ý¨Ï¥Î Big5 ´N·|¦³ Big5 ¥ý¤Ñ¤Wªº°ÝÃD¡C
+ ¨å«¬ªº°ÝÃD¬O Big5 ¦r¦ê¦b³B²z¦rªºÃä¬Éªº°ÝÃD¡CBig5 ¥ý¤Ñ¤Wªº
+ °ÝÃD¬O³o¼Ëªº¡A´N¥H "°ÝÃD" ³o­Ó¦r¦ê¬°¨Ò¡A°Ý¦rªº²Ä¤G­Ó byte
+ ¸òÃD¦rªº²Ä¤@­Ó byte ©Ò§Î¦¨ªº¦r¬O "ÝÃ" ¦r¡C©Ò¥H·í§Ú­Ì¦b§@
+ ¤å¦r·j´M§ä¥]§t "ÝÃ" ªº¦r¦ê¡A§Ú­Ì·|³s¥]§t "°ÝÃD" ªº¦r¦ê¤]
+ ¤@°_§ä¨ì¡C¦ý UTF8 ¤º½X¦b³]­p¤W´NÁ׶}¤F³o­Ó°ÝÃD, Ä묹ªº¬O
+ ¥²¶·¥Î¸û¦hªº byte (octets) ªí¥Ü¡C</para>
+ <para>
+ §Ú¥u¦³¸Õ¹L MySql ¤ºªº Data ¥Î UTF8¡ABig5 ¨S¸Õ¹L¡C­nª`·Nªº
+ ¬O¡A¦b UTF8 ¤¤¡A¤¤¤åªºªø«×¬O 3 ­Ó bytes¡A¥Ñ©ó MySQL ©T©w
+ ¦r¦êÄæ¦ì°e¶i¹Lªøªº¸ê®Æ®É¡A·|µo¥Í¹Lªø³B³QºIÂ_¡C¦ý MySql ¤£À´
+ UTF8¡A©Ò¥H¥i¯àµo¥Í¤@­Ó UTF8 ¦r¤¸²Ä¤G or ¤T­Ó byte ³QºI±¼
+ °ÝÃD¡A¦b ASCII ¤¤°ÝÃD¤£¤j¡A³»¦h¥X²{¤@­Ó "I Love Yo"¡A"u" ¤£
+ ¨£¤F¡C¦ý¦b java §â¸ê®ÆŪ¶i¨Ó¡A§â UTF8 Âন java ¤º³¡ªºªí¥Ü
+ ªk®É¡A´N·|µo¥Í¦³¨Ç Byte µLªkÂন¥\ªº°ÝÃD¡AÀ³¸Ó·|³y¦¨
+ Exception¡C(µù¤G)</para>
+ <para>
+ ¦n¡A¦^¨Ó¡A¦b jdbc ¤¤¡A¨Ã¨S¦³³W½d¦b Database ¤¤ªº¦r¤¸ªº¤º½X¡A
+ ¦Ó§â³o­Ó°ÝÃD¯dµ¹¦U­Ó jdbc driver ³B²z¡Cmysql jdbc driver
+ ­n¦b database ¤¤³]¬° utf8 ªº³]©w¤è¦¡¦p¤U¡G</para>
+ <programlisting>
+ Properties pr;
+ Connection db;
+
+ pr = new Properties();
+ pr.put("characterEncoding", "UTF8");
+ pr.put("useUnicode", "TRUE");
+ Class.forName("org.gjt.mm.mysql.Driver").newInstance();
+ db = DriverManager.getConnection("jdbc:mysql:///test", pr);</programlisting>
+ <para>
+ ¨ä¾l½Ð¦Û¦æ°Ñ¦Ò¤@¯ë jdbc µ{¦¡¼g§@ªº¸ê®Æ¡C·íµM, compile ¦¹
+ Servlet ®É»Ý­n¦b©I¥s javac ®É¥[¤W "-encoding Big5"¡C</para>
+ <para>
+ ­Y­n¨Ï¥Î Big5 ªº¸Ü, ¤W­± "UTF8" §ï¦¨ "Big5" §Y¥i¡C¦ý³o¼Ë§@·|
+ ¥X²{¥t¤@­Ó°ÝÃD, ´N¬O¤¤¤å²Ä¤G­Ó byte ¦³ '\' ªº°ÝÃD¡C³o­Ó°ÝÃD§Ú
+ ¤£ª¾¹D¦³¨S¦³¤è«Kªº¸Ñªk¡A¤£ª¾¹D compile mysql ®É±N encoding ³]
+ ¬° big5 ¥i§_¸Ñ¨M³o­Ó°ÝÃD¡C(µù¤G)</para>
+ <para>
+ µù¤G¡G³o­Ó§Ú¨S¦³´ú¸Õ¹L¡A½Ö­n´ú¤F¸ò¤j®a»¡µ²ªGªº¡H</para>
+ </sect1>
+
+ <sect1 id="linux-gtk">
+ <title>linux-gtk - gtk-1.2.6 ªº¨ç¦¡®w rpm¡A¦³ Big5/GB ªº¤ä´©</title>
+ <para>
+ ¥H¤U¬O¤ñ x11-toolkits/linux-gtk §ó¦nªº I18N ªºÀuÂI¡C</para>
+ <programlisting>
+ Better word wrapping for CJK strings
+ Specify default font's encoding explicitly
+ Better XLFD handling
+ Selection resync fixes
+ Numerous gtkrc.$locale samples
+ Other minor fixes</programlisting>
+ <para>¦w¸Ë <filename role="package">chinese/linux-gtk</filename>¡C</para>
+ <para>
+ °ß¤@ªº¯ÊÂI¬O³o­Ó®M¥ó¬O CLE ¥Î¨Óµ¹ i386 ¥­¥x©Ò¨Ï¥Îªº¡A
+ ©Ò¥H¦pªG¬O alpha ªº¨Ï¥ÎªÌªº¸Ü¤´»Ý¨Ï¥Î x11-toolkits/linux-gtk¡C</para>
+ </sect1>
+
+ <sect1 id="php-ImageTTFText">
+ <title>php ªº ImageTTFText() ¸g±`§ì¿ù¦r¡H</title>
+ <para>Contributed by &a.jerry;</para>
+ <para>Last Update: 2003¦~ 4¤ë29¤é ©P¤G 19®É43¤À15¬í CST</para>
+ <para>¦b¦w¸Ë <filename role="package">www/mod_php4</filename>
+ ®É¥²¶·¿ï¾Ü GD library support ¤Î freetype ªº®M¥ó¤~¯à¶i¦æ¤U­±ªº¨BÆJ¡C</para>
+ <para>¥Ø«e±`¨£ªº¦³¤TºØ°µªk¡A¤@ºØ¬O patch gdttf.c¡A
+ ¤@ºØ¬O¨Ï¥Î iconv support ¨Ó±N½s½XÂন UCS-2 ¡A
+ ÁÙ¦³¤@ºØ´N¬Oª½±µ¨Ï¥Î <filename role="package">chinese/hc</filename>
+ ªº¸ê®Æ®w¡C</para>
+ <para>³oÃä¬O²Ä¤@ºØ°µªk¡Apatch gdttf.c Åý PHP ¤£·|§ì¿ù¦r¡C</para>
+ <programlisting>
+--- gdttf.c.orig Mon Oct 16 21:55:47 2000
++++ gdttf.c Sun Dec 31 18:00:34 2000
+@@ -654,7 +654,7 @@
+ TT_BBox **bbox,
+ char **next)
+ {
+- int pc, ch, len;
++ int pc, ch, len, ch2;
+ int row, col;
+ int x2, y2; /* char start pos in pixels */
+ int x3, y3; /* current pixel pos */
+@@ -687,6 +687,8 @@
+ (*next)++;
+ if (ch &gt;= 161 /* first code of JIS-8 pair */
+ && **next) { /* don't advance past '\0' */
++ ch2 = (**next) & 255;
++ if(ch2 &gt;= 161) ch++; /* Big5 ttf patch */
+ ch = (ch * 256) + **next;
+ (*next)++;
+ }</programlisting>
+ <para>¥Ñ©ó¤w¸g³B²z¹L gdttf.c¡A¦b³oÃä´N¥i¥Hª½±µ¨Ï¥Î¤¤¤å½s½Xªº¦r¡C</para>
+ <programlisting>
+&lt;?php
+ Header ("Content-type: image/gif");
+ $im = imagecreate (400, 30);
+ $black = ImageColorAllocate ($im, 0, 0, 0);
+ $white = ImageColorAllocate ($im, 255, 255, 255);
+ ImageTTFText ($im, 20, 0, 10, 20, $white,
+ "/usr/X11R6/lib/X11/fonts/TrueType/moe_kai.ttf", "³o¬O¤¤¤å´ú¸Õ ³\¥\»\ ");
+ ImagePng ($im);
+ ImageDestroy ($im);
+?&gt;</programlisting>
+ <para>
+ ²Ä¤GºØ¬O¨Ï¥Î unicode Åý¤¤¤å¥¿±`ªºÅã¥Ü¡A
+ ¥H¤U´N¬O big5 Âà unicode ªº°µªk¡A
+ ¦b³oÃä´£¨Ñ¤@­Ó¤p¨ç¦¡¨Ó¦Û°Ê§PÂ_¬°­^¤åÁÙ¬O¤¤¤å¡A
+ ­^¤åªº³¡¤À¤£»Ý­nÂà½X¡A¥u¦³¤¤¤å¤~»Ý­n¡C</para>
+ <programlisting>
+&lt;?php
+ /* need iconv module */
+ function big52uni($text) {
+ $rtext="";
+ $max=strlen($text);
+ for($i=0;$i&lt;$max;$i++){
+ $h=ord($text[$i]);
+ if($h>=160 && $i&lt;$max-1){
+ $rtext.="&#".base_convert(bin2hex(iconv("big5","ucs-2",
+ substr($text,$i,2))),16,10).";";
+ $i++;
+ }else{
+ $rtext.=$text[$i];
+ }
+ }
+ return $rtext;
+ }
+?&gt;</programlisting>
+ <para>¥Îªkªº½d¨Ò¦p¤U¡A¦b ImageTTFText ¥²¶·«ü©w¨t²Î¤Wªº¦r«¬¡A
+ ¥H¤U¬O¦w¸Ë <filename role="package">chinese/arphicttf</filename>
+ ¨Ó¨Ï¥Î¤å¹©PL¤W®ü§º¡A©Ò¥H¥²¶·®Ú¾Ú¦Û¤vªº¦w¸Ëªº¦r«¬§@­×§ï¡A
+ µM«á·f°t¤W­±ªº big52uni ³o­Ó¨ç¦¡¡G</para>
+ <programlisting>
+&lt;?php
+Header("Content-type: image/gif");
+$im = imagecreate(400,30);
+$black = ImageColorAllocate($im, 0,0,0);
+$white = ImageColorAllocate($im, 255,255,255);
+ImageTTFText($im, 20, 0, 10, 20, $white,
+ "/usr/local/share/fonts/TrueType/bsmi00lp.ttf",
+ big52uni("Test¤¤¤å´ú¸Õ"));
+ImageGif($im);
+ImageDestroy($im);
+?&gt;</programlisting>
+ <figure>
+ <title>php-imagettftext snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/php-imagettftext" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://www.php.net/">
+ http://www.php.net/</ulink></para>
+ </sect1>
+
+ <sect1 id="php-upload">
+ <title>php ¤W¶Ç¤¤¤åÀɦWªºÀÉ®×</title>
+ <para>by Wiseguy.bbs@bbs.nsysu.edu.tw</para>
+ <para>
+ ¥t¶}¤@­Ó &lt;input type="hidden" name="filename"&gt;
+ ¦b submit «e¡A§â file ¸ÌªºÀɦW¨ú¥X¨Ó (¥Î split('\\')¡A°}¦C³Ì«á¤@­Ó¡C)
+ ©ñ¨ì filename ¥h¡A³o¼Ë´N¥iª¾¹D­ìÀɦW¬O¤°»ò¡A¦Ó¤£¥Î file ¸Ì­±³B²zªºÀɦW¡C
+ ³oºØ§@ªk¥i¥H¨Ï¤¤¤åÀɦW¡B§tªÅ¥Õ¡BºÞ¹D¦r¤¸ | ¡B¤Ï±×½u¡A³q³q¥i¤W¶Ç¡C</para>
+ <programlisting>
+&lt;?php
+if($_FILES['userfile']['name']) {
+ echo $_POST['fname'];
+} else {
+?&gt;
+&lt;script language="JavaScript"&gt;
+function validate() {
+ var Ary = document.uploadf.userfile.value.split('\\');
+ document.uploadf.fname.value=Ary[Ary.length-1];
+ return true;
+}
+&lt;/script&gt;
+&lt;form enctype="multipart/form-data" action="index.php" method="post"
+ name="uploadf" onsubmit="return validate()"&gt;
+ Send this file: &lt;input name="userfile" type="file"&gt;
+ &lt;input type="hidden" name="fname"&gt;
+ &lt;input type="submit" value="Send File"&gt;
+&lt;/form&gt;
+&lt;?php } ?&gt;
+</programlisting>
+ <para>
+ WWW: <ulink url="http://www.php.net/manual/en/features.file-upload.php">
+ http://www.php.net/manual/en/features.file-upload.php</ulink></para>
+ </sect1>
+
+ <sect1 id="php-pdf">
+ <title>¥Î php »s§@¤¤¤å PDF ÀÉ</title>
+ <para>Contributed by Tim (tim@dnes.mlc.edu.tw)</para>
+ <para>Last Update: 2003¦~ 4¤ë20¤é ©P¤é 15®É59¤À41¬í CST</para>
+ <para>php ¥Ø«e¥i¥H¨Ï¥Î PDFlib ¨Ó«Ø¥ß¤£¤º´O¦r«¬ªº PDF ÀÉ¡A
+
+ ¦b pdf_findfont ªº³¡¤À­nµ¹¹ï¦r«¬´N¥i¥H¤F¡C</para>
+ <programlisting>
+$font = pdf_findfont($pdf, 'MSung-Light', 'ETen-B5-H', 0); </programlisting>
+ <para>¥H¤U¬O§¹¾ã½d¨Ò¡A°O±o­n¥ý¦b¸Ó¥Ø¿ý©³¤U«Ø¥ß hello.pdf
+ ¨Ã¥B±NÅv­­§ï¦¨ 666¡C</para>
+ <programlisting>
+&lt;?php
+ echo '&lt;meta http-equiv="Content-Type" content="text/html; charset=big5"&gt;';
+ //create file
+ $fp = fopen('hello.pdf', 'w');
+ if(!$fp)
+ {
+ echo "Error: could not create the PDF file";
+ exit;
+ }
+
+ // start the pdf document
+ $pdf = pdf_open($fp);
+ pdf_set_info($pdf, "Creator", "pdftest.php");
+ pdf_set_info($pdf, "Author", "Shen Chun-Hsing");
+ pdf_set_info($pdf, "Title", "Hello World (PHP)");
+
+ // US letter is 11" x 8.5" and there are approximately 72 points per inch
+ pdf_begin_page($pdf, 8.5*72, 11*72/2);
+ pdf_add_outline($pdf, 'Page 1');
+
+ // ¨ú±o¦r«¬
+ $Efont = pdf_findfont($pdf, 'Times-Roman', 'host', 0);
+ $Cfont = pdf_findfont($pdf, 'MSung-Light', 'ETen-B5-H', 0);
+
+ // write text
+ pdf_setfont($pdf, $Efont, 24);
+ pdf_set_text_pos($pdf, 50, 700/2);
+ pdf_show($pdf,'Hello world!');
+ pdf_continue_text($pdf,'(says PHP)');
+ pdf_setfont($pdf, $Cfont, 24);
+ pdf_continue_text($pdf,'²Ó©úÅ餤¤å¦r´ú¸Õ');
+
+ // end the document
+ pdf_end_page($pdf);
+ pdf_close($pdf);
+ fclose($fp);
+
+ // display a link to download
+ echo "&lt;a href = 'hello.pdf' target='_blank'&gt;´ú¸ÕÀÉPDF&lt;/a&gt;";
+ echo "&lt;hr&gt;";
+ show_source( basename( getenv("SCRIPT_FILENAME") ) );
+?&gt;</programlisting>
+
+ <para>¦b pdf_findfont ªº³¡¤À¿ï¾Ü ('MSung-Light', 'ETen-B5-H')
+ ³o¼Ë¤lªº CID-Keyed font ´N¥i¥H¨Ï¥Î©úÅé¤F¡A
+ ²Ä¤@­ÓÄæ¦ìÁÙ¥i¥H´«¦¨ MHei-Medium ¨Ó¨Ï¥Î·¢Åé¡A
+ ¤£¹L¦b¥Ø«eªº¤ä´©«×¤U¡A©Ò¯à¬Ý¨ìªº¤£ºÞ³]©w©úÅé©Î¬O·¢Åé¡A
+ ³£¥u·|¦³©úÅé¦Ó¥H¡A
+ ³o¥²¶·¬O PDF ÂsÄý¾¹¤ä´©³]©wªº¦rÅ馳¨ä¬Û¹ïÀ³ªº¦rÅé¤~¦æ¡A
+ ¦Ó²Ä¤G­ÓÄæ¦ì CMap °ò¥»¤W«Øij¨Ï¥Î ETen-B5-H ¤~¯à¨Ï¥Î­Ê¤Ñ¥~¦r¡C</para>
+ <para>¥i¥H¥Îªº­^¤å¦r«¬¦p¤U¡G
+Courier Courier-Bold Courier-Oblique Courier-BoldOblique Helvetica
+Helvetica-Bold Helvetica-Oblique Helvetica-BoldOblique Symbol
+Times-Roman Times-Bold Times-Italic Times-BoldItalic ZapfDingbats¡C</para>
+ <para>¥i¥H¥Îªº¤¤¤å CMap ¦p¤U¡G
+B5pc-H B5pc-V HKscs-B5-H HKscs-B5-V ETen-B5-H ETen-B5-V ETenms-B5-H
+ETenms-B5-V CNS-EUC-H CNS-EUC-V UniCNS-UCS2-H UniCNS-UCS2-V¡C</para>
+ <figure>
+ <title>php-pdf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/php-pdf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>¦Ó pdf_add_bookmark ¦³¤H»¡¦³¤¤¤åªº°ÝÃD¡A¥i¬O¦bµ§ªÌªº´ú¸Õ¤§¤U¡A
+ Big5 ½s½Xªº bookmark ¦b Acroread 5 ¥i¥H¥¿±`¬Ý¨ì¡A©Î¬O§Q¥Î
+ iconv Âন UTF-16 ¤]¬O¥¿±`ªº¡A©Ò¥H¦pªG±z¬Ý¨ìªº bookmark ¦³¤¤¤å°ÝÃD¡A
+ ¥i¥H§Q¥Î iconv("Big5", "UTF-16", "¤¤¤å¦r") ¨Ó¸Õ¸Õ¬Ý¡C</para>
+ <para>WWW: <ulink url="http://www.PDFlib.com/">
+ http://www.PDFlib.com/</ulink></para>
+ </sect1>
+
+ <sect1 id="tcltk">
+ <title>Tcl/Tk - ¼s¬°¹B¥Îªº¤@ºØ°ª¶¥¹q¸£»y¨¥»P GUI µo®i¤u¨ã</title>
+ <para>
+ tcl ¬O¤@­Ó°ª¶¥ªº¹q¸£»y¨¥¡A»yªkÃþ¦ü shell script »P C »y¨¥¤§¶¡¡C¦Ó
+ tk ¬O¤@­Ó¨Ï¥ÎªÌ¬É­±µo®i¤u¨ã¡A¦³ buttons¡Bmenus¡Blistboxes¡B
+ scrollbars µ¥µ¥¡C</para>
+ <para>
+ §â³o¨âªÌµ²¦X°_¨Ó¡A´N§Î¦¨¤F±j¦³¤Oªº GUI µo®i®M¥ó¡C³Ì·sª©¥»ªº
+ tcl/tk ¤ä´©¤F¦h¥­¥xªº¶}µoµ{¦¡®w¡C©Ò¥H§Ú­Ì¥i¥H¼g¤@­Ó tcl/tk
+ ªºµ{¦¡¡]¤]ºÙ¬°script¡^¡AµM«á¦b UNIX ¤U¬Ý°_¨Ó´N¹³¬O Motif
+ ªºÀ³¥Îµ{¦¡¡F¦b Windows9x/NT ¤U¬Ý°_¨Ó¹³¬O Win32 ªºÀ³¥Îµ{¦¡¡F¦Ó¦b
+ Macintosh ¤U¬Ý°_¨Ó¹³ Mac ªºÀ³¥Îµ{¦¡¡C</para>
+ <para>
+ tcl/tk ªºÀuÂI²Ä¤@¬O free¡]¦Û¥Ñ¡^¡C
+ ²Ä¤G¬O®e©ö¾Ç²ß¡A±z¤£¶·¨ã³Æ object-oriented ©Î threads ©Î
+ Microsoft Fundation Classes ªº°ò¦¡A¤]¤£¶·¼g¤@¤j¦êªºµ{¦¡½X¡C
+ ¹³¬O¶Ç²Îªº Hello, World! µ{¦¡¡A¦b tcl/tk ¥u­n¨â¦æ´N·d©w¡A</para>
+ <programlisting>
+button .b -text "Hello, World!" -command exit
+pack .b</programlisting>
+ <para>
+ ²Ä¤T¬O¦³³\¦hªº extensions¡]©µ¦ù®M¥ó¡^¥i¥H¤ä´©¨ä¥L³nÅéµ{¦¡®w¡A
+ ¨Ò¦p Oracle, Sybase, Informix, OpenGL µ¥¦h¹F 400 ºØ¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/tcl83</filename> »P
+ <filename role="package">chinese/tk83</filename>¡C</para>
+ <para>
+ chinese/tcl83 ©M chinese/tk83 ¥D­n¬O¸É¤W¤@­Ó
+ <option>--enable-i18nImprove</option> ªº¿ï¶µ¡A
+ ­×¥¿ XIM ³B²z¦³°ÝÃDªº³¡¥÷¡C</para>
+ <para>¤¤¤åÅã¥Ü³£¥¿±`¡A¤¤¤å¿é¤J¤]¬O¥¿±`ªº¡C</para>
+ <programlisting>
+#!/usr/local/bin/wish8.3
+tk useinputmethods 1
+font create bsmilpfont -family "ar pl mingti2l big5" -size 16
+label .a -text "¼ÐÅÒ" -font bsmilpfont
+pack .a
+button .b -text "«ö¶s" -command { puts stdout $cc; exit } -font bsmilpfont
+pack .b
+entry .c -textvariable cc -font bsmilpfont
+pack .c</programlisting>
+ <figure>
+ <title>tcltk snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/tcltk" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para> WWW: <ulink url="http://www.scriptics.com/software/tcltk/8.3.html">
+ http://www.scriptics.com/software/tcltk/8.3.html</ulink></para>
+ </sect1>
+
+ <sect1 id="postgre">
+ <title>PostgreSQL ¤£¯à³B²z¤¤¤å¡H</title>
+ <para>
+ <application>PostgreSQL</application> ¤¤¨Ï¥Î¤¤¤å¤@¦V¦³¤p°ÝÃD¡A
+ ¦p '³\'¡B'ªÀ' µ¥µ¥«á­±¬O \ ªº¤¤¤å¦r³£·|¥XÝ´¡Aª½¨ì
+ 6.5 ª©¥H«á¡A¤~¥[¤J¤F multibyte ªº¤ä´©¡C</para>
+ <para>
+ <application>PostgreSQL</application> ªº»y¨¥¤ä´©¤À
+ «e/«áºÝ(frontend/backend)¡AµL½×«eºÝ¨Ï¥Î¦óºØ»y¨¥¡A
+ «áºÝ³£·|¨Ï¥Î³]©w¦nªº»y¨¥¦s¤J¸ê®Æ®w¤¤¡C</para>
+ <para>
+ ³o¦³¤°»ò¦n³B¡H¨Ò¦p¡G«áºÝ³]©w¦¨ÁcÅ餤¤å¡A«eºÝ³]©w¦¨Â²Å餤¤å¡A
+ µM«á¡A¦s¤JªºÁcÅ餤¤å¡AÅã¥Üªº¬O²Å餤¤å¡A·íµM¡A
+ ¥¦¤£·|°µ¤¤¡B­^½Ķ¡C</para>
+ <para>
+ ­n¥¿½T¨Ï¥Î¤¤¤å¡A¤ñ¸û«OÀIªº§@ªk¬O«áºÝ¨Ï¥Î euc_tw
+ ½s½X¡A«eºÝ¨Ï¥Î big5 ½s½X¡A¨Ò¦p¡G</para>
+ <screen>
+<prompt>%</prompt> <userinput>createdb --encoding euc_tw test</userinput> ' «Ø>
+¥ß«áºÝ¬° euc_tw ½s½Xªº db
+<prompt>%</prompt> <userinput>psql test</userinput> ' ¨Ï¥Î psql ºÞ²z¤u¨ã¡A´N¹³
+mysql ¯ë¡C
+<prompt>test=#</prompt> ' ¤w¸g¶i¤J psql
+<prompt>test=#</prompt> <userinput>\encoding big5</userinput> ' ³]©w«eºÝ¬° big5 ½s½X
+<prompt>test=#</prompt> <userinput>create table test (</userinput>
+<prompt>test=#</prompt> <userinput>usrname char(20));</userinput> ' «Ø¥ß table
+<prompt>test=#</prompt> <userinput>insert into test values('³\°êºa');</userinput> ' ´ú¸Õ
+<prompt>test=#</prompt> <userinput>select * from test;</userinput> '±z·|¬Ý¨ì¥¿>
+½Tªºµª®×
+<prompt>test=#</prompt> <userinput>\q</userinput></screen>
+ <para>
+ ¤]¥i¥H¦b <application>PostgreSQL</application> ¤¤¤U
+ <command>PGCLIENTENCODING=BIG5</command>
+ ªº«ü¥O¡A¦pªG¬O¨Ï¥Î <application>PHP</application>
+ + <application>PostgreSQL</application> «h¨Ï¥Î¥H¤U¤è¦¡¡G</para>
+ <programlisting>
+ $conn = pg_connect("user=postgres dbname=stip");
+ pg_exec($conn, "set client_encoding to 'BIG5'");</programlisting>
+ <para>
+ WWW: <ulink url="http://www.postgresql.org/">
+ http://www.postgresql.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="postgresql-jdbc">
+ <title>PostgreSQL + JDBC + Servlet + XMLC ¤¤¤å§¹¥þ¸Ñ¨M¤è®×</title>
+ <para>§@ªÌ¡Gsmallufo¡AEmail¡Gsmallufo@bigfoot.com</para>
+ <para>
+ ¦Û¥j¥H¨Ó Servlet ³sµ² Database ¦b¤¤¤å¤è­±Á`¬O¦³³\¦h°ÝÃD¡A¤×¨ä¬O¦b
+ web ºÝ¡A­n¦Ò¼{ªº¦]¯À§ó¦h¤F¡C¦³®É­Ô¡Aformªº¤å¦r¹J¨ì¡u³\¡A¥\¡vµ¥¦r¡A
+ ­n¨Ï¥ÎªÌ¦Û¦æ¿é¤J¡§\¡¨³o­Ó¸õ»¡¦r¤¸¡F¦³®É­Ô©ú©ú§â¡u³\¡A¥\¡vinsert
+ ¶i¸ê®Æ®w¡A¦ý¬O¨ú¥X¨Ó¤S·|Åܦ¨¡q¡H¡r¡F¦Ó¤¤¤åªº³\¦h¦¸±`¥Î¦r¡A
+ ¨Ò¦p§»ùÖªº¡uùÖ¡v¡Aµ¥©Ç©Çªº¦r¤¸¡A§ó¬OÅý
+ programmer ÀY¾v¥Õ¤F¤@¥b¡C¦Ó encoding ¤S¬O­Ó³Ì­«­nªºÃöÁä¡A±`¨£ªº
+ encoding ¦³¥H¤U´XÂI¡G</para>
+ <programlisting>
+code +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
+F9D0 ùÖ ù× ùØ ùÙ ùÚ ùÛ ùÜ ùÝ ùÞ ùß
+F9E0 ùà ùá ùâ ùã ùä ùå ùæ ùç ùè ùé ùê ùë ùì ùí ùî ùï
+F9F0 ùð ùñ ùò ùó ùô ùõ ùö ù÷ ùø ùù ¢~ ¢¡ ¢¢ ¢£ ùþ </programlisting>
+ <itemizedlist>
+ <listitem><para>
+ §@·~¨t²Î Locale ªº encoding
+ </para></listitem>
+ <listitem><para>
+ ¸ê®Æ®wºÝªº encoding
+ </para></listitem>
+ <listitem><para>
+ javac-encoding xxx
+ </para></listitem>
+ <listitem><para>
+ ServletRequest.setContentType("texe/html; charset=xxx)
+ </para></listitem>
+ <listitem><para>
+ web application deployment(web.xml) ©Ò«ü©wªº character-encoding="xxx"
+ </para></listitem>
+ <listitem><para>
+ new String(String.getByte("xxx),"yyy)
+ </para></listitem>
+ <listitem><para>
+ ¦pªG¨Ï¥Î xmlc¡AÁÙ¦³ xmlc ªº encoding ¥H¤Î
+ org.enhydra.xml.io.OutputOptions.setXmlEncoding("xxx")
+ </para></listitem>
+ </itemizedlist>
+ <para>
+ ³o´XºØ encoding ¸U°¨©bÄË¡A±`¨Ï programmer Â઺·wÀYÂà¦V¡A
+ ¤£ª¾¥Ø«e¨­¦b¦ó³B¡A¤£ª¾¦h¤Ö programmer ¦b¦¹®ö¶O«C¬K¡C</para>
+ <para>
+ ¤¤¤å¸Ñ¨M¤è®×¥H«e¦bºô¸ô¤W¦³³\¦h°µªk¡A¦ý¬O³q±`³£¤£¤Ó§¹¾ã¡A
+ ­n¤£µM´N±o¤j¤MÁï©ò§ó°Ê¨ì JDBC driver¡A©Î¬O­«·s compile
+ ¾ã­Ó¸ê®Æ®w¨t²Î¡C¦Ó¬°¤F¨t²Îªº¡u§¹¾ã©Ê¡v¡A§Ú¨Ã¤£¦Ò¼{³o¨Ç°µªk¡C
+ §Úªº§@ªk¥i¥H§¹¾ã«O¯d postgreSQL ªº§¹¾ã©Ê¡q¥H RPM ¦w¸Ë¡A¤£¥Î­«·s
+ compile¡r¡A¦Ó¥B JDBC driver ¤£¥Î­«·s compile¡C
+ ¥H¤Uªº¨BÆJ«á¥b³¡¥D­n¬O°w¹ï XMLC ¦Ó¨¥¡A¤£¹L¤@¯ë¡u¯Â¡vªº servlet
+ µ{¦¡¡AÀ³¸Ó«Ü®e©öºé¨ú¥X¨Ó¡C</para>
+ <para>¥H¤U¬O§Úªº¤@¨ÇÀô¹Ò¡G</para>
+ <para>
+ RedHat Linux 7.0 (CLE 1.0)¡A¨ä¥Lªº¤¤¤åÀô¹Ò¤]À³¸Ó¨S°ÝÃD¡C
+ ¦pªG±z¬O­^¤åª©ªº¡A½Ð¦w¸Ë Chinese locale patch §Y¥i¡C
+ ­«ÂI¬O¡A·í±z¿é¤J 'set' ®É¡A¥i¥H¬Ý¨ì 'LANG=zh_TW' ³o­ÓÀô¹ÒÅܼơC</para>
+ <para>Servlet Engine¡GResin 2.0.2</para>
+ <para>posrgreSQL-7.1.3-1PGDG.i386.rpm¡AÀɮפj¤p 1164817 bytes¡Aª½±µ¥H
+ rpm -Uvh ¦w¸Ë§Y¥i¡A¤£¥Î­«·s compile¡CJDBC driver ¤]¬Oª½±µ¨Ï¥Î
+ postgresql-jdbc-7.1.3-1PGDG.i386.rpm ©Ò¦w¸Ëªº jdbc7.1-1.2.jar §Y¥i¡C</para>
+ <para>¸ê®Æ®w½Ð¥H Unicode ½s½X¡qcreatedb -E Unicode¡r¡A³oÂI³Ì¬°­«­n¡C</para>
+ <para>Web application Deployment(web.xml) ¤¤ªº &lt;web-app&gt; ¤£­n¥[¤W
+ character-encoding="xxx" ³o­Ó attribute</para>
+ <para>¦b servlet ¤¤¡A½Ð³]©w res.setcontentType("text/html; charset=CP950");</para>
+ <para>form ªº°Ñ¼Æ¡Aª½±µ¥H getParameter("xxx") Ū¨ú¡A
+ ¦A insert ¶i¸ê®Æ®w¡A¤£¥Î§@¥ô¦óÂà½X¡C</para>
+ <para>­n±q¸ê®Æ®w¤¤Åª¨ú¸ê®Æ¡A±o§Q¥Î¡G
+ new String(rs.getString("ColName").getBytes("8859_1"),"CP950") </para>
+ <para>­n¿é¥X¾ã¥÷¤å¥ó¡qimplement org.enhydra.xml.xmlc.html.HTMLObject ªº¤å¥ó¡r®É¡A
+ ¤£­n¥Î out.println(doc.toDocument())¡A½Ð§ï¥Î¦p¤Uªº¤èªk¡G</para>
+ <programlisting>
+org.enhydra.xml.io.OutputOptions options = new OutputOptions();
+options.setOmitEncoding(false);
+options.setXmlEncoding("Big5");
+DOMFormatter formatter = new DOMFormatter(options);
+if(iChingVotingsPage.getDelefate() != null) {
+ out.println(formatter.toString(iChingVotingsPage.getDelegate()));
+) else {
+ out.println(formatter.toString(iChingVoringPage));
+}</programlisting>
+ <para>Servlet ÀÉ®×­n¥H javac -encoding CP950 ¨Ó½sĶ¡C</para>
+ <para>¤j¥\§i¦¨¡A¦p¦¹¸Ñ¨M¤è®×¡A«h¥i¥H§¹¥þ¥¿±`³B²z©Ò¦³¨u¨£¥H¤Î¯S®í¦r¤¸¡A
+ ¤£½×¬O´¡¤J¸ê®Æ®w¡A±q¸ê®Æ®w¨ú¥X¨Ó¦bºô­¶¤W¡A³£¨S¦³°ÝÃD¡C</para>
+ </sect1>
+
+ <sect1 id="java">
+ <title>Java ¤¤¤åµ{¦¡³]­p</title>
+ <para>FreeBSD ¤Uªº java distribution ¤À¬° Native JDK For FreeBSD¡B
+ Sun JDK For Linux¡BIBM JDK For Linux¡BBlackdown JDK For Linux¡A
+ ³£¥i¥H¦b <filename>/usr/ports/java</filename> ¥Ø¿ý¤U§ä¨ì¡A
+ For Linux ªº³¡¤À¥u­n¸Ë¤W Linux ¼ÒÀÀ¾¹´N¥i¥H°õ¦æ¡A
+ ¦Ó Native JDK ´N¥²¶·¦Û¤v±q source ½sĶ¡C
+ ¦Ó¥B¦w¸Ë¤W³£¥²¶·¨Ì·Ó¨BÆJ¥ý¥hºô¯¸¤W¤U¸ü©Ò»ÝªºÀɮסA
+ ©ñ¸m¨ì <filename>/usr/ports/distfiles</filename>¡C</para>
+ <para>¥H³Ì§xÃøªº <filename role="package">java/jdk13</filename> ¦w¸Ë¬°¨Ò¡A
+ §A¥²¶·¨ì <ulink url="http://www.sun.com/software/java2/download.html">
+ Sun Community Source Licensing</ulink> ¤U¸ü j2sdk-src-scsl.zip ©M
+ j2sdk-bin.scsl.zip ³o¨â­ÓÀɮסA¨Ã¨ì
+ <ulink url="http://www.eyesbeyond.com/freebsddom/java/jdk14.html">
+ Java 2 on FreeBSD</ulink> ¤U¸ü bsd-jdk14-patches.tar.gz¡C
+ ¤S¦]¬°½sĶªº®É­Ô»Ý­n <filename role="package">java/linux-sun-jdk14</filename>¡A
+ ©Ò¥HÁٻݭn¥ý¦w¸Ë¦n¤~¦æ¡C
+ ¨Ã¥B®Ú¾Ú½sĶªº»Ý¨D¡A§Ú­ÌÁٻݭn¤@­Ó <option>linprocfs</option>¡A
+ §A¥i¥H¥Î <command>mount -t linprocfs linprocfs /compat/linux/proc</command>
+ ¨Ó±N linprocfs ±¾¤W¡C¨Ã¦b¨t²Î¤W¹w¯d 2.5GB ªºµwºÐªÅ¶¡¨Ó¶i¦æ½sĶ¡A
+ ·í¥H¤W³£·Ç³Æ´Nºü¡A´N¥i¥H¶}©l½sĶµM«áµ¥©ú¤Ñ¦A¨ÓÅ禬Åo¡C</para>
+ <para>·Qª¾¹D±zªº JDK ©Î JRE ·|¥Î¤°»ò¼Ëªº½s½X¤è¦¡¨Ó©M§@·~¨t²Î·¾³q¡A
+ ½Ð°õ¦æ¤U­±ªº Java µ{¦¡¡G</para>
+ <programlisting>
+public class ShowNativeEncoding {
+ public static void main(String[] args) {
+ String enc = System.getProperty("file.encoding");
+ System.out.println("NativeEncoding:" + enc);
+ System.out.println("¦¨¥\");
+ }
+}</programlisting>
+ <screen>
+&prompt.user; <userinput>javac ShowNativeEncoding.java</userinput>
+&prompt.user; <userinput>java ShowNativeEncoding</userinput>
+NativeEncoding:Big5
+¦¨¥\</screen>
+ <para>
+ ¦pªG¥X²{¥H¤Wªº°T®§¡A´Nªí¥Ü¤¤¤å¥¿±`¡A¦pªG¨S¦³ªº¸Ü¡A
+ ½Ð½T©w±zªº LC_CTYPE ¬O zh_TW.Big5¡A©Î¬O¥Î
+ <command>javac -encoding CP950 ShowNativeEncoding.java</command>
+ ¨Ó¶i¦æ½sĶ¡AÀ³¸Ó·|¥X²{¦p¤WªºÅã¥Ü¤~¹ï¡C</para>
+ <note>
+ <para>Big5¡G³o¬OÁcÅ餤¤å de facto ¼Ð·Ç¡C </para>
+ <para>
+ MS950 ©Î Cp950¡GASCII + Big5¡A¥Î©ó¥xÆW©M­»´äªºÁcÅ餤¤å MS
+Windows§@·~¨t²Î¡C</para></note>
+ <para>µ§ªÌªºÀô¹Ò³]©w <filename>~/.cshrc</filename></para>
+ <programlisting>
+# For JAVA jdk1.3.1
+setenv JAVA_HOME /usr/local/jdk1.3.1
+setenv CLASSPATH /usr/local/jdk1.3.1/lib/tools.jar:/usr/local/share/java/classes/:./
+setenv PATH /usr/local/jdk1.3.1/bin:$PATH</programlisting>
+ <para>¦pªG­n°õ¦æ applet ©Î¬O swingªº¸Ü¡A
+ ½Ð«ö·Ó¥H¤U¨BÆJ³]©w¤~¯à¥¿½Tªº¬Ý¨ì¤¤¤å¦r¡A
+ <filename>font.properties.zh_TW</filename> ¬° Forth ´£¨Ñ¡A
+ ¸Ó³]©wÀɱMµ¹ arphicttf ¨Ï¥Î¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/local/jdk1.3.1/jre/lib/</userinput>
+&prompt.root; <userinput>fetch http://freebsd.sinica.edu.tw/~statue/conf/font.properties.zh_TW</userinput></screen>
+ <para>
+ ¸gµ§ªÌ´ú¸Õ¦b mozilla-1.0 + jdk1.3.1p6_4 ¤§«á¤w¸g¤£»Ý­n³]©w´N¥i¥H¥¿½Tªº¬Ý¨ì¤¤¤å¡A
+ ¦pªG¨S¿ìªk´N¤â°Ê§@¦p¤U¨BÆJ¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/X11R6/lib/mozilla/plugins/</userinput>
+&prompt.root; <userinput>ln -s /usr/local/jdk1.3.1/jre/plugin/i386/ns600/libjavaplugin_oji.so libjavaplugin_oji.so</userinput></screen>
+ <figure>
+ <title>applet snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/applet" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <figure>
+ <title>swing snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/swing" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ °Ñ¦Ò¡G
+ <ulink url="http://www.oreilly.com.tw/sleepless/java_big5_1.htm">
+ JavaÁcÅ餤¤å³B²z§¹¥þ§ð²¤¡]¤@¡^</ulink>¡B
+ <ulink url="http://www.oreilly.com.tw/sleepless/java_big5_2.htm">
+ Java ÁcÅ餤¤å³B²z§¹¥þ§ð²¤¡]¤G¡^</ulink>¡C</para>
+ <para>
+ WWW: <ulink url="http://java.sun.com/">
+ http://java.sun.com/</ulink></para>
+ </sect1>
+
+ <sect1 id="perl">
+ <title>Perl ¤¤¤åµ{¦¡³]­p</title>
+ <para>¦p¦ó±Æ°£ Perl µ{¦¡³B²z¤¤¤å¸ê®Æªº»Ùê¡H</para>
+ <para>
+ ¦b CGI Perl µ{¦¡¤¤¡A¦³³\¦h²Å¸¹¦r¤¸¬O¦³¯S®í¥Î³~ªº¡A
+ ¦Ó¤£©¯ªº¦³¬Y¨Ç³o¼Ëªº¦r¤¸«o»P¤¤¤å¦rªº²Ä¤G­Ó¦ì¤¸²Õ¤¬¬Û½Ä¬ð¡A
+ ¥H¦Ü©ó·|¦³¤¤¤å¦rÅã¥Ü©Î¤ñ¹ï¤£¥¿½T¡A¬Æ¦Ü¬O²£¥Í¿ù»~µ²ªGªº²{¶H¡A
+ ¤×¨ä¬O | ¤Î \ ³o¨â­Ó¦r¤¸¡A©Ò©¯§Ú­ÌÁÙ¦³­Ó quotemeta «ü¥O¥i¥H¨Ï¥Î¡A
+ ³o­Ó«ü¥O¥i¥H±N«ü©wªº¦r¦ê¤¤¨C­Ó¦r¤¸ªº«e­±³£¦A¦h¥[¤W¤@­Ó \
+ ³o­Ó¦r¤¸¡A¨Ï±o¦r¦ê¤ºªº¯S®í¦r¤¸¦b³B²z®É³Qµø¬°³æ¯Âªº¦r½X¡A
+ ½Ð°Ñ¦Ò¤U¦Cªº½d¨Ò¡G</para>
+ <para>
+ °²³] $str ¬O¤@­Ó­n°µ·j´M¤ñ¹ïªº¤¤¤å¦r¦ê¡A¦Ó $line
+ ¬O³v¦æŪ¤Jªº¸ê®ÆÀɤº®e¡G</para>
+<programlisting>
+$restr = quotemeta $str;
+if ($line !~ m/$restr/i) { ......
+}</programlisting>
+ <para>
+ ¥t¥~­Y¤£¬O¥HÅܼƨӳB²zªº¦r¦ê¡A³q±`§Ú­Ì·|¨Ï¥ÎÂù¤Þ¸¹¨Ó¼Ð¥Ü¤Î³B²z¡A
+ µM¦Ó³o¤]¬O·|µo¥Í¤W­zªº»Ùê¡A¦ý¬O·í±zª½±µ¹ïÂù¤Þ¸¹¬A¦íªº¦r¦ê¨Ï¥Î
+ quotemeta ¨Ó³B²z®É«o¤S·|©Ç©Çªº¡A¨º«ç»ò¿ì©O¡H«Ü¶¡³æ¡I
+ ±NÂù¤Þ¸¹§ï¬°³æ¤Þ¸¹´N¥i¥HÅo¡ã¦]¬°³æ¤Þ¸¹¤£·|¹ï¨ä¤ºªº¦r¤¸§@¯S®í³B²z¡A
+ ´«¥y¸ÜÁ¿¦b³æ¤Þ¸¹¤§¤ºªº¤å¦r¸ê®Æ±N·|­ì­ì¥»¥»ªº§e²{¥X¨Ó¡A
+ ¤£·|¥h¸ÑĶÅܼƤ]¤£·|³B²z escape ¦r¤¸ ¡A¨Ò¦p­ì¨Óªº±Ô­z¬O¡G</para>
+<programlisting>
+print "´ú¸Õ¦¨¥\ªº$msg°T®§¡I\n";</programlisting>
+ <para>À³§ï¬°¡G</para>
+<programlisting>
+print '´ú¸Õ¦¨¥\ªº°T®§¡I';</programlisting>
+ <para>
+ ½Ð¯S§Oª`·N \n ´«¦æ²Å¸¹¤Î $msg ÅܼƤ]»Ý®³±¼¡A¦]¬°³æ¤Þ¸¹¨Ã¤£³B²z
+ escape ¦r¤¸¤ÎÅܼơA¦pªG¤£±N \n ²Å¸¹¤Î $msg ÅܼƮ³±¼¡A
+ ¨º»òÅã¥Ü¥X¨Óªº¦r¼Ë±N·|¬O</para>
+<screen>
+¦¨¥\ªº$msg°T®§¡I\n</screen>
+ <para>
+ ¡A¦pªG±z¤´§Æ±æÅã¥Ü¦¨­ì¨Ó¥]§tÅܼƤδ«¦æªº®ÄªG¡A
+ ¨º´N¥²¶·±N³æ¤Þ¸¹»PÂù¤Þ¸¹¸ê®Æ¨Ö¥Î¡A¦P®É¥H .
+ ²Å¸¹¨Ó³sµ²¦¨§¹¾ãªº¿é¥X±Ô­z¡G</para>
+<programlisting>
+print '¦¨¥\ªº'.$msg.'°T®§¡I'."\n";</programlisting>
+ <para>
+ ¤W­zµ²½×´N¬O·í¦L¥X ¦¨¥\ªº »P °T®§¡I ¦r¼Ë¬O¨Ï¥Î³æ¤Þ¸¹¡A
+ ¦Ó´«¦æªº \n «h¬O¥ÎÂù¤Þ¸¹¡C</para>
+ <para>¥H¤U¬O¤@­Ó±NÀɮפ¤©Ò¦³ªº¤¤¤å¦r²¾°£ªºµ{¦¡½d¨Ò¡G</para>
+ <programlisting>
+#!/usr/bin/perl -w
+# ./bg5rm.pl filename
+# and it's will generate a filename.bg5rm
+$ifname=$ARGV[0];
+open(IF,"$ifname");
+open(OF,"&gt;${ifname}.bg5rm");
+$big5 = "[\xA1-\xF9][\x40-\x7E\xA1-\xFE]";
+while(&lt;IF&gt;) {
+ s/$big5//g;
+ print OF $_;
+ print $_;
+}
+close(IF);
+close(OF);</programlisting>
+ <para>¥H¤U¬O¤@­Ó±N¤å³¹¤¤ªº¤¤­^¤å word split ¶i list¡G</para>
+ <programlisting>
+my $big5 = q{
+ [\xA1-\xF9][\x40-\x7E\xA1-\xFE]
+};
+my $big5plus = q{
+ [\x81-\xFE][\x40-\x7E\x80-\xFE]
+};
+my @chars = /$big5|$ascii+/gox;
+my @charsplus = /$big5plus|$ascii+/gox;</programlisting>
+ <para>MPX ªº <ulink url="http://www.hkln.net/perl/technique/chinese.htm">
+ ¸Ñ¨M Perl ³B²z¤¤¤å¦rªº°ÝÃD</ulink></para>
+ <para>CJKV Information Processing ³o¥»®Ñ¦³¨Ç¤£¿ùªº perl µ{¦¡
+ <ulink url="ftp://ftp.oreilly.com/pub/examples/nutshell/cjkv/perl/">
+ ½d¨Ò</ulink>¡A¨ä¤¤ *.pdf ¬O¤@¨Ç°Q½× perl ¤U³B²z multibyte ªº
+ papers¡C</para>
+ <para>Erik Peterson ¼g¤F¤@¨Ç¦³¥Îªº <ulink
+ url="http://www.mandarintools.com/">Perl µ{¦¡</ulink>¡A
+ ¥i³B²z¤¤¤åÂà´«¡C</para>
+ <para>
+ WWW: <ulink url="http://www.perl.org/">
+ http://www.perl.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="mysql">
+ <title>MySQL Localisation and International Usage</title>
+ <para>WWW: <ulink url="http://www.mysql.com/documentation/mysql/bychapter/index.html#Localisation">
+ MySQL Localisation and International Usage</ulink></para>
+ <para>°ÊºA¯à±q my.cnf ½Õ¾ãªº³¡¥÷¨Ã¨S¦³ big5.conf¡G</para>
+ <screen>
+&prompt.user; <userinput>ls /usr/local/share/mysql/charsets</userinput>
+Index danish.conf greek.conf koi8_ukr.conf usa7.conf
+README dec8.conf hebrew.conf latin1.conf win1250.conf
+cp1251.conf dos.conf hp8.conf latin2.conf win1251.conf
+cp1257.conf estonia.conf hungarian.conf latin5.conf win1251ukr.conf
+croat.conf german1.conf koi8_ru.conf swe7.conf</screen>
+ <para>ÀRºA­n¦b compile ¶¥¬q§¹¦¨ªº³¡¥÷¡G</para>
+ <screen>
+&prompt.user; <userinput>ls mysql-3.23.55/strings/ctype*.c</userinput>
+mysql-3.23.55/strings/ctype-big5.c mysql-3.23.55/strings/ctype-sjis.c
+mysql-3.23.55/strings/ctype-czech.c mysql-3.23.55/strings/ctype-tis620.c
+mysql-3.23.55/strings/ctype-euc_kr.c mysql-3.23.55/strings/ctype-ujis.c
+mysql-3.23.55/strings/ctype-gb2312.c mysql-3.23.55/strings/ctype.c
+mysql-3.23.55/strings/ctype-gbk.c</screen>
+ <para>¤]´N¬O»¡ multibyte support ¥²¶·­n compile ®É´Nµ¹¥L¤U¦n³o­Ó°Ñ¼Æ¡A
+ ¬O§_¯àª½±µ³]©w my.cnf ¹F¨ì --with-charset=big5 ªº®ÄªGÁÙ¤£½T©w¡C</para>
+ <para>ÀËÅç¤è¦¡¡A¶i¤J mysql «á¥´¡G</para>
+ <screen>
+mysql&gt; <userinput>show variables like 'character_sets';</userinput>
+mysql&gt; <userinput>show variables like 'character_set';</userinput></screen>
+ <para>¨º character set ¼vÅT¨º¨Ç©O¡H´N§Ú©Òª¾ªº¦³ ORDER BY ©M GROUP BY
+ ªº¶¶§Ç¡A¨º¯S®í¤¤¤å¦r insert ¶i¸ê®Æªº°ÝÃDÁÙ¬O¦b¶Ü¡H</para>
+ <note><para>¥t¤@±`¨£ªº°ÝÃD¬O¡AMySQL µLªk¿é¤J¤¤¤å¸ê®Æ®w¦WºÙ¡B¤¤¤åªí®æ¦WºÙ¡B
+ ¤¤¤åÄæ¦ì¦WºÙ¡H¨ä¹ê¬O¥i¥Hªº¡A¥u­n¥Î <literal>`</literal>
+ ±N¤¤¤å¦r¥]§t¦b¤º´N¥i¥H¡A¹³¬O <command>CREATE DATABASE `«¢Åo`;</command>¡C</para></note>
+ <para>WWW: <ulink url="http://www.mysql.com/">
+ http://www.mysql.com/</ulink></para>
+ </sect1>
+
+ <sect1 id="ldap">
+ <title>¦b LDAP ¤U¨Ï¥Î¤¤¤å</title>
+ <para>Contributed by duncanlo (duncan@twn.wox.org)</para>
+ <para>Last Update: 2003¦~ 4¤ë24¤é ©P¥| 05®É13¤À04¬í CST</para>
+ <para>¦pªG¬O­n±N .ldif Âà¤J¡A¥²¶·¥ý±N¤¤¤åÂন utf-8¡C</para>
+ <para>¦w¸Ë <filename role="package">converter/iconv</filename>¡A
+ °²³]­nÂà½XªºÀɮ׬O big5.ldif¡AÂà¥X¨ÓªºÀɮ׬O utf-8.ldif¡C</para>
+ <screen>
+&prompt.user; <userinput>iconv -f big5 -t utf-8 big5.ldif > utf-8.ldif</userinput></screen>
+ <para>µM«á´N¥i¥H¥Î <command>ldapadd</command> ¨Ó±N utf-8.ldif Âà¤J ldap ¤F¡C</para>
+ <figure>
+ <title>ldap snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/ldap" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.iit.edu/~gawojar/ldap/">
+ Java LDAP Browser/Editor</ulink></para>
+ </sect1>
+
+ <sect1 id="perl-cgi">
+ <title>¥Î perl ¼g CGI ®Éªº¤¤¤åÅã¥Ü°ÝÃD¡H</title>
+ <para>Contributed by fjj.bbs@bbs.csie.ncku.edu.tw (Frank Millers)</para>
+ <para>Last Update: Sun Nov 2 17:45:35 2003</para>
+ <programlisting>
+use CGI;
+my $q = new CGI;
+$q->head(charset=big5);
+$q->start_html(lang=big5);</programlisting>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/dict.sgml b/zh_TW.Big5/books/zh-tut/chapters/dict.sgml
new file mode 100644
index 0000000000..f0c9ab19ef
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/dict.sgml
@@ -0,0 +1,230 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: dict.sgml,v 1.4 2003/12/04 13:16:46 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="dict">
+ <title>¦r¨å³nÅé</title>
+ <para></para>
+ <sect1 id="dictd-database">
+ <title>dictd-database - dictd ªº¦r¨åÀɸê®Æ®w</title>
+ <para>¤@®M¤¤¤å»P­^¤åªº <application>dictd</application>
+ ¦r¨åÀɸê®Æ®w¡A©Ò¥H¥²¶··f°t¨Ï¥Î¡C
+ ¦Ó <application>chinese/dictd</application> «h¬O­×¥¿¯S®í¤¤¤å¦rªº°ÝÃD¡A
+ ¦pªG·Q­n¥¿±`¨Ï¥Îº~­^¦r¨å(Cedict)¡A¨º»ò´N¥²¶·¦w¸Ë¦¹­×¥¿¹Lªº port¡C
+ </para>
+ <para>¸Ì­±¥Ø«e¥]§t¥|­Ó¦r¨åÀÉ¡Amoecomp ©M netterm ³£¬O­^º~¦r¨åÀÉ¡A
+ ¦Ó pydict «h¬O­^º~¡Bº~­^¦r¨åÀÉ¡A¥Ø«e¥u¦³°µ­^º~ªº³¡¤À¡A
+ cedict «h¤]¬O­^º~¡Bº~­^¦r¨åÀÉ¡A¤£¹L¥Ø«e¥u¦³°µº~­^ªº³¡¤À¡C</para>
+ <para>¦b¦w¸Ë§¹«á¡A¥²¶·¥ý­×§ï <filename>/usr/local/etc/dictd.conf
+ </filename>¡A³o­ÓÀɮ׬Oµ¹ <application>net/dictd-database</application>
+ ¨Ï¥Îªº¡A¦pªG¤£¥´ºâ¥Î­^­^¦r¨å¡A¨º»ò´N¥þ³¡´«¦¨¥H¤Uªº¤º®e¨Ó²Å¦X
+ <application>chinese/dictd-database</application> ªº­n¨D¡C</para>
+ <programlisting>
+database moecomp { data "/usr/local/lib/dict/moecomp.dict.dz"
+ index "/usr/local/lib/dict/moecomp.index" }
+database netterm { data "/usr/local/lib/dict/netterm.dict.dz"
+ index "/usr/local/lib/dict/netterm.index" }
+database pydict { data "/usr/local/lib/dict/pydict.dict.dz"
+ index "/usr/local/lib/dict/pydict.index" }
+database cedict { data "/usr/local/lib/dict/cedict.dict.dz"
+ index "/usr/local/lib/dict/cedict.index" }</programlisting>
+ <para>µM«á´N¥i¥H±Ò°Ê <command>/usr/local/etc/rc.d/dictd.sh start
+ </command>¡C</para>
+ <para>±µµÛ¦b¥h <filename>/usr/ports/textproc/dict</filename>
+ ¦w¸Ë <application>dict</application>¡A³o¬O¤@­Ó¥i¥H¥Î¨Ó¦s¨ú
+ DICT ¦øªA¾¹ªº¥Î¤áºÝ¡A¥u¯à¥Î©R¥O¦C¼Ò¦¡¡C</para>
+ <para>¥Îªk½d¨Ò¦p¤U¡G</para>
+ <screen>
+&prompt.user; <userinput>dict -h localhost -D</userinput>
+Databases available:
+ moecomp Taiwan MOE computer dictionary
+ netterm Network Terminology
+ pydict pydict data
+&prompt.user; <userinput>dict -h localhost -d moecomp hello | less</userinput>
+1 definition found
+
+From Taiwan MOE computer dictionary [moecomp]:
+
+ hello
+ ©I¥s
+&prompt.user; <userinput>dict -h localhost ¦¨¥\</userinput>
+1 definition found
+
+From Chinese to English dictionary [cedict]:
+
+ ¦¨¥\
+ [cheng2 gong1]
+ success
+ to succeed</screen>
+ <para>¦b <filename>/usr/ports/net/dictd-database</filename>
+ ÁÙ¦³¨ä¥Lªº¦r¨åÀɸê®Æ®w¡A¥i¥H°Ñ¦Ò¬Ý¬Ý¬O§_»Ý­n¡C</para>
+ <para>µ§ªÌ³q±`³£·|¦w¸Ë <filename>/usr/ports/net/dictd-database
+ </filename>¡AµM«á±N©Ò¦³ªº¸ê®Æ®w³£¼g¤J <filename>
+ /usr/local/etc/dictd.conf</filename>¡AµM«á¥Î
+ <command>dict -h localhost hello</command> ¨Ó¹ï©Ò¦³ªº¸ê®Æ®w¬d¸ß¡A
+ ¦b¬d³æ¦rªº®É­ÔÆZ¤è«Kªº¡C</para>
+ <figure>
+ <title>dict snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/dict" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>cedict: <ulink url="http://www.mandarintools.com/cedict.html">
+ CEDICT: Chinese-English Dictionary</ulink></para>
+ <para>dict: <ulink url="http://www.dict.org/">
+ http://www.dict.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="pydict">
+ <title>pyDict - ­^º~¡Bº~­^¨â¥Î¦r¨å</title>
+ <para>¦b²³¦hªº Unix-like ½Ķ³nÅ餤¡AÂA¤Ö¯à§ä¨ì¹ï¤¤¤å½Ķªºµ{¦¡¡A¦Ó
+ <application>pyDict</application> ´N¬O³o»ò¤@­Ó¦n¥Îªº¤u¨ã¡I
+ pyDict ªº¦r¨åÀɬO xdict Âà¥X¨Óªº, ¨Ã¸g¹L§@ªÌªº¾ã²z»P§ïµ½.</para>
+ <para><application>pyDict</application> ¬O¥Î
+ <application>python</application>
+ ¥[¤W <application>gtk</application> ªº¬É­±¤u¨ã¶°(widgets)
+ ¼g¦¨ªº­^º~¡Bº~­^¨â¥Î¦r¨å¡C
+ ¦Ó¥B¤ä´© XIM¡A¬O¥Ø«e¤¤¤å³Ì¦n¥Îªº¦r¨å¡C
+ ÁÙ¦³­Ó´¼¼z¼Ò¦¡¡A¨Ï¥Î°_¨Ó¬O¤£¬O¸ò¤@¯ëªº¹q¤l¦r¨åÃþ¦ü©O¡H
+ </para>
+ <para>±Ò°Ê»¡©ú</para>
+ <programlisting>
+pydict [options] [word]
+
+options:
+ -h ¦C¥X¤å¦r¼Ò¦¡¤Uªº»¡©ú
+ -i console¤¬°Ê¼Ò¦¡
+ -e [word] ­^º~¬d¸ß¡]¥i¤£¥[-e¡^
+ -c [word] º~­^¬d¸ß </programlisting>
+ <para>console ¼Ò¦¡»¡©ú¡G</para>
+ <para>¦b²×ºÝµøµ¡¤¤·|¦³word:ªº´£¥Ü²Å¸¹¡A¨Ï¥ÎªÌ¥i¥HÁä¤J·Q¬d
+ ¸ßªº³æ¦r¡C¦pªG·QÂন¨ä¥L¼Ò¦¡¥i¥HÁä¤J¤U¦C¦r¦ê¡G</para>
+ <programlisting>
+-c Âà´«¦¨º~­^¼Ò¦¡
+-e Âà´«¦¨­^º~¼Ò¦¡</programlisting>
+ <para>¦pªG­nÂ÷¶}console¤¬°Ê¼Ò¦¡¡A¥i¥HÁä¤J-q©Î¬O¦bword:«áª½
+ ±µ«öEnterÁä´N¥i¥H¤F¡C</para>
+ <para>¦pªG¤¤¤å¦³°ÝÃDªº¸Ü¡Aªí¥Ü gtk ªº¤¤¤å¦r«¬¨S³]©w¦n¡A
+ ¥Î <command>cp /usr/X11R6/lib/X11/pyDict/gtkrc.zh_TW.big5.sample ~/.gtkrc</command>
+ ±N pyDict ªº½d¨Ò«þ¨©¹L¨Ó¨Ï¥Î´N¥i¥H¤F¡C</para>
+ <para>§@ªÌ¤w¸g«Ü¤[¨S¦³ºûÅ@, ¥Ø«e <ulink url="http://people.redhat.com/llch/pydict/">llch at redhat.com</ulink> ¦³­×§ï¨Ã²¾´Ó¨ì pygtk2 ¤§¤W.</para>
+ <figure>
+ <title>pydict snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/pydict" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://sourceforge.net/projects/pydict/">
+ http://sourceforge.net/projects/pydict/</ulink></para>
+ <para>
+ WWW: <ulink url="http://www.linux.org.tw/~plateau/linux_notes/">
+ http://www.linux.org.tw/~plateau/linux_notes/</ulink></para>
+ </sect1>
+
+ <sect1 id="stardict">
+ <title>stardict - ¤¤¤å»P­^¤åªºÂ½Ä¶¦r¨å</title>
+ <para>
+ ¤@­Ó¤¤¤å»P­^¤åªºÂ½Ä¶¦r¨å¡A¥Ñ Motif ¶}µoªº¡A¦b³o­Ó³nÅ餤¥]§t¤F
+ ¬P»ÚĶ¤ý·½µ{§Ç¡B¹Ï¼Ð©M­I´º¹Ï§Î¤å¥ó¡Aº~¦r¦rÅé¡B­µ¼Ð¦rÅé
+ ¡Aµü®w¡B­µ¼Ð®w¡AReadme¡B¶}µo­p¹ºµ¥¤å¥ó¡C </para>
+ <para>
+ ¥\¯à¯S©Ê´y­z¡Gªñ¤­¸U³æµü¡A±`¥Îµü±a­µ¼Ð¡B¨ã¦³¼Ò½k¤Ç°t¥\¯à¡B
+ ¨ã¦³«Ì¹õ¨úµü¥\¯à¡B¦Û±aº~¦r¦rÅé¡AµL»Ýº~¦rÀô¹Ò¡BÁc²¨âºØ¦rÅé¡C
+ </para>
+ <para>¹w³]¬°Â²Åé¡A­Y­n¬Ý¨ìÁcÅ餶­±¡A«h­×§ï <filename>
+ /usr/X11R6/share/stardict/hzfont/fonts.dir</filename></para>
+ <programlisting>
+--- fonts.dir.orig Sat Nov 3 01:17:39 2001
++++ fonts.dir Sat Nov 3 01:14:25 2001
+@@ -1,3 +1,3 @@
+ 2
+-hz16.pcf hz16
++hz16ft.pcf hz16
+ yb10x20.pcf yb10x20</programlisting>
+ <figure>
+ <title>stardict snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/stardict" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="stardict2">
+ <title>stardict2</title>
+ <para>¬P»ÚĶ¤ý 2.0.0,¤@­Ó¹B¦æ¦bGNOMEÀô¹Ò¤Uªº°ê»Ú¤Æªºµü¨å³n¥ó¡A
+ ¦³¿ï¤¤°Ï¨úµü¡A³q°t²Å¤Ç°t¡A¼Ò½k¬d¸ßµ¥±j¤j¥\¯à¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/stardict2</filename>¡C</para>
+ <figure>
+ <title>stardict2 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/stardict2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://stardict.cosoft.org.cn/">
+ http://stardict.cosoft.org.cn/</ulink></para>
+ </sect1>
+
+ <sect1 id="oxford">
+ <title>oxford</title>
+ <para>oxford is a English to Chinese dictionary, written in Perl.</para>
+ <para>¦w¸Ë <filename role="package">chinese/oxford</filename>¡C</para>
+ <figure>
+ <title>oxford snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/oxford" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://igloo.its.unimelb.edu.au/Blowfish/">
+ http://igloo.its.unimelb.edu.au/Blowfish/</ulink></para>
+ </sect1>
+
+ <sect1 id="edict-big5">
+ <title>edict-big5 - ¤é¤åº~¦rÂत¤åº~¦r«áªºº~­^¦r¨å</title>
+ <para>EDICT ¥»¨Ó¬O¤é­^¦r¨å¡A¤£¹L§Ú³z¹L <filename role="package">
+ lang/perl5.8</filename> ªº <command>piconv</command> ±N EUC-JP Âন Big5¡A
+ ¦³³\¦h¦rµLªk§ä¨ì¹ïÀ³ªº Big5 ©Ò¥H³o­Ó¦r¨åÀɤ´µM¦³³\¦h°ÝÃD¡A
+ µ§ªÌ¤]±N®æ¦¡Âন dict ªº®æ¦¡¡A¦]¬°°¾¦n­ì¦]¡C</para>
+ <para>¿ï¾Ü <command>piconv</command> ªº­ì¦]¬O¥Ø«e¥L¤ñ
+ <command>iconv</command> ¨ã³Æ§ó¦hªºÂà½X¹ïÀ³¡A
+ ³o¼Ë¤l¤~¯àÅý¯à¬Ý¨ìªº Big5 §ó¦h¡C</para>
+ <para><application>edict-big5</application> ªº¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-ports/edict-big5</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <figure>
+ <title>edict-big5 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/edict-big5" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.csse.monash.edu.au/~jwb/edict.html">
+ http://www.csse.monash.edu.au/~jwb/edict.html</ulink></para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/difficult.sgml b/zh_TW.Big5/books/zh-tut/chapters/difficult.sgml
new file mode 100644
index 0000000000..16e38687c9
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/difficult.sgml
@@ -0,0 +1,943 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: difficult.sgml,v 1.26 2003/11/13 12:02:46 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="difficult">
+ <title>¤¤¤åÀô¹Ò</title>
+ <para>¦b½Í¤¤¤åÀô¹Ò«e¡A¥²¶·¥ý¥¿¦W¤@¤U¡A¥xÆW¬O "Taiwan, Republic of China"
+ ©ÎªÌ²ºÙ "Taiwan, ROC"¡B"Taiwan"¡A¤d¸U¤£­n¥Î "Taiwan, Province of China"¡A
+ ¨âªÌªº®t²§©Ê¤Q¤À¥¨¤j¡A¤£ºÞ¬O¦b¥Á¥D¬Fªv¡B¤HÅv¡B¨¥½×¦Û¥Ñµ¥µ¥¡C</para>
+
+ <sect1 id="chinese-intro">
+ <title>º~¦r·§½×</title>
+ <para>º~¦r¬O¥Ñ³¡­ºµ¥¸û¤pªº¤¸¥ó²Õ¦¨ªº¡F¥i¥H±N³¡­ºµ¥·í§@«Ø¿v¿n¤ì¥Î¡C
+ ³o¨Ç¤¸¥ó¥i§@¬°ºc¦¨º~¦rªº°ò¥»³æ¦ì¥Î¡Cº~¦r¨Ï¥Î 214 ºØ³¡­º§@¯Á¤Þ¡C</para>
+ <para>º~¦rªººØÃþ«Ü¦h¡F±`¨£ªº¦³¥|ºØ¡G¶H§Î(pictographs)¡B
+ «ü¨Æ(simple ideographs)¡B·|·N(compound ideographs)¡B
+ §ÎÁn(phonetic ideographs)¡C</para>
+ <para>³Ì°ò¥»ªº¬O¶H§Î¦r¡F¶H§Î¦r¦p¦P¬O¤@±i¤p¹Ï¡A³q±`»P¨ä©Òªí¹Fªº¹ï¶H«Ü¹³¡C
+ ¦p¡G¤é¡B¤ë¡B¤s¡B¤õ¡B¤ì¡B¨®¡B¤f¡C
+ ¦Ó«ü¨Æ¦r«hªí¹F¼Æ¦r©M¤è¦Vµ¥©â¶H·§©À©Î·N«ä¡C
+ ¦p¡G¤W¡B¤U¡B¤¤¡B¤@¡B¤G¡B¤T¡C
+ ¶H§Î¦r©M«ü¨Æ¦r¥i¥H²Õ¦¨§ó½ÆÂøªº¦r¡A³q±`¨ä·N«ä¬O¦U­Ó²Õ¦¨³¡¤Àªº·N«äªººî¦X¡A
+ ºÙ¬°·|·N¦r¡C
+ ¦p¡GªL¡B´Ë¡B©ú¡C
+ §ÎÁn¦r¦û¤Fº~¦rªº 90% ¥H¤W¡A¤@¯ë¦Ü¤Ö¦³¨â­Ó³¡¤À¡F
+ ¤@­Ó¬O»y­µ¡A¥t¤@­Ó«h¬O¦r·½¡C
+ ¦p¡G»É¡B¬}¡C
+ º~¦r¥i¥H¦X¨Ö¦¨µü²Õ¡A¥Î¨Óªí¹F§ó½ÆÂøªº·N«ä©Î·§©À¡C</para>
+ <para>º~¦rªºµo®i¬O¥Hªí·Nªº¹Ïµe¶}©lªº¡A¨Ã«O«ù¦r§Îª¬»P»y·Nªº³sµ²¡C</para>
+ <table>
+ <title>¤£¦P®É´Áªºº~¦rÁ`¼Æ</title>
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>¦è¤¸</entry>
+ <entry>º~¦rÁ`¼Æ</entry>
+ <entry>°Ñ¦Ò¤åÄm</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>100</entry>
+ <entry>9,353</entry>
+ <entry>»¡¤å¸Ñ¦r</entry>
+ </row>
+ <row>
+ <entry>1716</entry>
+ <entry>47,021</entry>
+ <entry>±dº³¦r¨å</entry>
+ </row>
+ <row>
+ <entry>1986</entry>
+ <entry>56,000</entry>
+ <entry>º~»y¤j¦r¨å</entry>
+ </row>
+ <row>
+ <entry>1994</entry>
+ <entry>85,000</entry>
+ <entry>¤¤µØ¦r®ü</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <para>¨â¤d¦~¨Ó¡Aº~¦rªºÁ`¼Æ¼W¥[¤F±Nªñ¤­­¿¡C¦b¦¹´Á¶¡¥X²{ªºº~¦r¤j¦h¼Æ¬O§ÎÁn¦r¡C</para>
+ </sect1>
+
+ <sect1 id="holo">
+ <title>»Ô«n»y©M«È®a¸Ü</title>
+ <para>Contributed by KhoGuan Phuann</para>
+ <para>Last Update: 2003¦~10¤ë13¤é ©P¤@ 02®É17¤À56¬í CST</para>
+ <para>¦b¥xÆW¡Aº~¦rªº¨Ï¥Î¡A°£¤F°ê»y(Mandarin)ªº®Ñ¼g¥H¥~¡A
+ ¤]¦³¥Îº~¦r¼g¦¨ªº»Ô«n¸Ü(Holo)©Î«È®a¸Ü(Hakka)ªº¤å¦r§@«~
+ ¡]¥H¤U±Ô­z¤¤ªº¥xÆW¸Ü(Taiwanese)¥]¬A»Ô«n¸Ü¤Î«È®a¸Ü¡^¡C
+ ªñ¦~¨Ó¡AÁöµM¬F©²¤w¶}©l¶i¦æ¥À»y±Ð¨|¡A¦ý¨ä®Ñ­±¤å¦r¤´¥¼¼Ð·Ç¤Æ¡C
+ ­n§¹¥þ¨Ï¥Îº~¦r¨Ó¥R¥÷®Ñ¼g¥xÆW¸Ü¡A¹ê»Ú¤W·¥§xÃø¡C
+ ¤£¬O­n¥Î¨ì¤@¨Ç§N»÷ªºº~¦r¡A´N¬OµLº~¦r¥i¥Î¡A­n³Ð³y·sªºº~¦r¡C
+ ¤@¨Ç¹L¥h¥Á¶¡±`¥Îªº¥xÆW¸Üº~¦r¡]¦p &#20010; )¡ABig5¥¼¦¬¡F
+ §Y¨Ï¬O Unicode 4.0 ¤]ÁÙ¦³©Ò¿òº|¡C§ó¤£¥Î»¡¥xÆW¸Ü¤¤¦³³\¦h¥~¨Ó»y¡A
+ «j±j¥Îº~¦rªñ­µ¦r¨Óªí°O¡A«D±`²Â©å¡C</para>
+ <para>¦³³\¦h¤H¥D±i¥Îº~¦r»P©é­µ¤å¦r²V¥Îªº¤è¦¡¨Ó®Ñ¼g¥xÆW¸Ü¡A
+ ¥H¸Ñ¨M¤W­zªº°ÝÃD¡A¤]¦³¤H¥D±i§¹¥þ¨Ï¥Î©é­µ¤å¦r¡C</para>
+ <para>¥xÆW¸Üªº©é­µ¤å¦r¤¤¡A¾ú¥v³Ìªø¤[ªº¬O¡u¥Õ¸Ü¦r¡v
+ (P&ccedil;h-&ouml;e-ji¡A²¼g¬° POJ)¡C
+ ¥Õ¸Ü¦r´N¬O±Ð·|ù°¨¦r(Church Romanization)¡A
+ ¤Q¤E¥@¬ö±q¦è¬v¨Ó¨ìºÖ«Ø¤Î¼sªF¶Ç±Ðªºªø¦Ñ±Ð·|ªª®v¡A
+ ¶}©l³]­p»Ô«n¸Ü¤Î«È®a¸ÜªºÃ¹°¨©é­µ®Ñ¼g¨t²Î¡A¨Ã¶Ç¼½¨ì¥xÆW¨Ó¡C
+ ¾ú¸gÅܾE¡A¥Ø«e±Ð·|ù°¨¦r¬O³Ì¦h¤H¨Ï¥Îªº¥xÆW¸Ü©é­µ¤å¦r¡A
+ ¨Ã¤£­­©ó±Ð·|¤H¤h¡C</para>
+ <para>ªñ¦~¥xÆW»y¤å¾Ç·|(Taiwan Languages and Literature Society)
+ ¥H±Ð·|ù°¨¦r¬°°ò¦¥[¥H­×­q¡A¨î©w¤F¥xÆW»y¨¥­µ¼Ð¤è®×(Taiwanese
+ Language Phonetic Alphabet¡A²¼g¬° TLPA)¡C¦Û±Ð¨|³¡©ó 1998
+ ¦~¤½§i¥H¨Ó¡A¦³¶V¨Ó¶V¦h¥xÆW¸Üªº»y¤å±Ð§÷¡B¥Á¶¡±Ä¶°¡B¤å¾Ç§@«~
+ ¥H¤Î¬ã¨sµÛ§@±Ä¥Î³o®M­µ¼Ð¡C</para>
+ <para>¦Û¥Ñ³nÅ餤¡Ayudit ³o­Ó Unicode ½s¿è¾¹¡A°t¦X¬ÛÀ³ªº keymap
+ ¥i¥H«Ü¤è«Kªº¿é¤J POJ ©Î TLPA¡C¸Ô±¡½Ð°Ñ¦Ò
+ <ulink url="http://linux.taigi.idv.tw/nngthe/yudit">
+ ¼ï¬ì¤¸¥x»y Linux ºô¯¸</ulink>¡C</para>
+ </sect1>
+
+ <sect1 id="chinese-code">
+ <title>½s½X¼Ð·Ç</title>
+ <para>¦b¹q¸£¶}©l¨Ï¥Îªº®É­Ô¡A©Ò¦³ªº¦r³£¥u¥Î 1byte ¨ÓÀx¦s¡A
+ 1byte ¥]§t 8bits¡A¨C­Ó bits ³£¥u¯àªí¥Ü on/off¡A
+ ¤]´N¬O 1byte ¥u¯àªí¥Ü 0000 0000 ¨ì 1111 1111 ªº½s½X½d³ò¡A
+ ¥u¦³ 256 ­Ó½s½XªÅ¶¡¡A³o¹ï¤¤¤å¦Ó¨¥¡A¬O¤£°÷ªº¡C</para>
+ <para>§Ú­Ìª¾¹D¤¤¤å¦r¦b¥Ø«e±`¨£ªº¹q¸£¤W¬O¥Ñ¨â­Ó¦ì¤¸²Õ(two bytes)
+ ©Ò½s½X²Õ¦¨ªº¡C
+ ³Ì±`¨£ªº½s½X¤è¦¡¦³¥xÆW¦a°Ï©Ò³q¦æªº Big5 ½s½X¡A¤Î¤j³°¦a°Ï©Ò¨Ï¥Îªº
+ GB ½s½X¡C¦Ó¥B¶}ÀYªº¦ì¤¸²Õ´X¥G³£¬O¤j©ó 128 ªº¼Æ­È¡A¤]´N¬O©Ò¿×
+ non-ASCII ½Xªº½d³ò(ASCII ¬O«ü¤p©ó 128 ªº½s½X)¡C</para>
+ <para>¦r¶°(Character Set)¬O¤@²Õ²Å¸¹©Î¤å¦rªº²Õ¦X¡A
+ ¦Ó½s½X(Encoding)«h¬O±N³o¤@²Õ²Å¸¹©Î¤å¦r¥H¾A·íªº¤è¦¡½s¤J¦ì¤¸²Õ¤¤¡A
+ ¥H«K¹q¸£¯à°÷ªí¥Ü»PÀx¦s¡C
+ ¥Ø«e²{¦³ªº¦r¶°¦p¤¤¤å¦r¶°¡B­^¤å¦r¶°¡B¤é¤å¦r¶°µ¥¡A
+ ¦Ó¤¤¤å½s½X«h¬O¿ï¨ú³¡¥÷©Î¥þ³¡¦r¶°¤¤ªº³¡¤À©Î¥þ³¡¦r¡A
+ µ¹¤©¤@­Ó¸¹½X¡A¦pBig5 ¥]§t³¡¤À¤¤¤å¦r¶°¡B­^¤å¦r¶°¡B³¡¤À¤é¤å¦r¶°µ¥¡C</para>
+ <para>±µ¤U¨Ó´N¬O¸U½X©bÄË¡A²³¦h¤¤¤å½s½X¼Ð·Çªº°ÝÃD¡A
+ ¥Ø«e¥xÆW¨Ï¥Îªº¤¤¤å½s½X¦s¦b³\¦h°ÝÃD¡A²Ä¤@¬O¤¤¤å½s½X¦³¼ÆºØ
+ Big5¡BCCCII¡BCNS11643¡BBig5E¡BBig5+¡BISO 10646¡BCP950¡A
+ ¨C­Ó½s½X©Ò¥]§tªº¤¤¤å¦r¼Æ¤£¦P¡A½s½X¤è¦¡¤]¤£¬Û¦P¡A
+ ¦Ó¥B¤j³¡¤À³£¨S¦³¼Ð·Ç³W®æ¡A
+ ²Ä¤G¬O±`¥Îªº Big5 ½s½X¦r¼Æ¤£¨¬¡C</para>
+ <para>ÁöµM±`¥Îªº Big5 ¤w¸g¨Ï¥Î 2bytes ¨Óªí¥Ü¤¤¤å¦r¡A¦ý¬O
+ 2bytes = 16bits = 2^16 = 65536 ­Ó½s½XªÅ¶¡¡A
+ ¥H Big5 ªº¼Ð·Ç¦Ó¨¥¡A¬°¤F­n©M ASCII ¯à°÷¬Û®e¡A¥u¯à¨Ï¥Î¨â¸U¦h¦r¡A
+ ²{¦sªº¤¤¤å¦r³Ì¤Ö¦b¤C¸U¥H¤W¡A³y¦¨³\¦h¦r¦b Big5 ªº¨t²Î¤U¡A
+ µLªk¨Ï¥Î¡C¦b¥[¤W¤¤¤å¼Ð·ÇÁc¦h¡A«o¤S¨S¦³³Ì«áªº¼Ð·Ç³W®æ¡A
+ ¦U®a¼t°Ó©Ò¹ê°µ²£«~¤]´N¥¼¥²¬Û®e¡C
+ ³Ì©úÅ㪺¨Ò¤l´N¬O¤é¤å¥­°²¤ù°²¦W¡A
+ ¦b³o¨Ç¤¤¤å½s½X¤¤¨Ã¤£¬O¨C­Ó³£¥]§t¡A
+ ·í¹J¨ì©Ò¿×ªº¡uBig5¤é¤å¡v®É¡A´N·|²£¥Í³\¦h°ÝÃD¡C</para>
+ </sect1>
+
+ <sect1 id="ascii">
+ <title>ASCII</title>
+ <para>ASCII ¤À¦¨¨â­Ó°Ï°ì¡A0x00 ¨ì 0x1F µ¹±±¨î¦r¤¸¥Î¡A¦@¤Q¤»­Ó¦ì¸m¡C
+ 0x20 ¨ì 0x7F µ¹¤@¯ëªº¹Ï§Î¦r¤¸¥Î(¤j¤p¼g­^¤å¡B¼Æ¦r©M²Å¸¹)¡A
+ ¦³ 94 ­Ó¦ì¸m¡A0x20 ©M 0x7F ¤À§O¬O SPACE ©M DELETE¡C</para>
+ </sect1>
+
+ <sect1 id="iso8859-1">
+ <title>ISO8859-1</title>
+ <para>¤SºÙ¬° Latin-1¡A0x00 ¨ì 0x1F µ¹±±¨î¦r¤¸¥Î¡A¦@¤Q¤»­Ó¦ì¸m¡C
+ 0x20 ¨ì 0x7F µ¹¤@¯ëªº¹Ï§Î¦r¤¸¥Î(¤j¤p¼g­^¤å¡B¼Æ¦r©M²Å¸¹)¡A
+ 0xA0 ¨ì 0xFF ¬° Latin-1 ÃB¥~¥[ªº³¡¥÷¡A
+ ¥Ñ©ó¨Ï¥Î¤F¤K¦ì¤¸¡AÅý¥Ø«e³\¦h¶È¤ä´© ISO8859-1 «o¤£¤ä´© Big5 ªº¡A
+ ¥i¥H¼È®Éªº¨Ï¥Î¦Ó¤£·|¦³¤Ó¦hªº°ÝÃD¡A¹³¬O vi, write, talk, talk,
+ finger, mail µ¥µ¥ªº FreeBSD ¤º«Øµ{¦¡¦bÅã¥Ü¤¤¤å¥i¥H¹B§@¡A
+ ¦]¬°³o¨Çµ{¦¡¦b³B²z®É¤£·|§â Latin-1 ÃB¥~¥[ªº³¡¥÷¹LÂo±¼¡A
+ ¤¤¤åªºÅã¥Ü¤]´N¨S¦³°ÝÃD¡C</para>
+ </sect1>
+
+ <sect1 id="big5">
+ <title>BIG5</title>
+ <para>BIG5 ¬O¦b CCCII ¤£¬°¬F©²³æ¦ì±Ä¯Ç¡A
+ °ê®a¹{¥¬ªº¤¤¤å¼Ð·Ç½X¤S¤£³ô¥Îªº±¡ªp¤U¡A
+ ¦b¥Á°ê 73 ¦~¡A¥Ñ¥x¥_¥«¹q¸£¤½·|¥D¾É¡AÁp¦X¤F¤Q¤T®a·~ªÌ¡A
+ ¦@¦P¨î©w¡A¤SºÙ¬° BIG5_1984
+ (¥]¬A 5401 ­Ó±`¥Î¦r¡B7652 ­Ó¦¸±`¥Î¦r¡B¥H¤Î 441 ­Ó¦U¦¡²Å¸¹)¡C
+ Big5 ªº¦r²ÅªÅ¶¡¬O­Ó«D³sÄòªº 94x157 ¯x°}¡A¨ä®e¶q¬° 14,758 ¦ì¡C</para>
+ <para>BIG5_ETen ¬°­Ê¤Ñ¤¤¤å¦b­ì¥»ªº BIG5 ½X¤W¡A
+ ¼W¥[¤F¤é¤å¡B«X¤å¡B¿é¤Jªk¯S®í²Å¸¹¡B¤C­ÓÂX¥R¦r¡B¥H¤Îªí®æ²Å¸¹°Ï¡C</para>
+ <para>CP950 ¬O·L³n¦b­ì¥»ªº BIG5 ½X¤W¡A
+ ¼W¥[¤F¤C­ÓÂX¥R¦r¡B¥H¤Îªí®æ²Å¸¹°Ï¡C</para>
+ <para>¦p¤£¥h¦Ò¼{¯S®í²Å¸¹¡A¤Î«á¨Óªº¤C­ÓÂX¥R¦r¡A
+ ±N©Ò¦³ªº¦r¤À¦¨¨â¤j¸s: ±`¥Î¦r°Ï»P¦¸±`¥Î¦r°Ï¡A
+ ¨C¤@­Ó¦r°Ï¤À§O¥Îµ§µe¨Ó±Æ§Ç¡A
+ ¦P¤@­Óµ§µeªº¦r¡A¨Ì³¡­º¨Ó±Æ¡C</para>
+ <para>¥Ø«e¥D±Àªº¬O BIG5_ETen¡A¨C­Ó¦r¥Ñ¨â­Ó¦ì¤¸²Õ(2 bytes)²Õ¦¨¡A
+ ¨ä²Ä¤@¦ì¤¸²Õ½s½X½d³ò¬° 0xA1 ... 0xF9¡A
+ ²Ä¤G¦ì¤¸²Õ½s½X½d³ò¬° 0x40 ... 0x7E »P 0xA1 ... 0xFE¡A
+ Á`­p¦¬¤J 13868 ­Ó¦r
+ (¥]¬A 5401 ­Ó±`¥Î¦r¡B7652 ­Ó¦¸±`¥Î¦r¡B7 ­ÓÂX¥R¦r¡B¥H¤Î 808 ­Ó¦U¦¡²Å¸¹)
+ ¡A¨ä¤¤¥i¥H¤j­P¹º¤À¬°¥H¤U´X­Ó¦r°Ï¡G</para>
+ <note><para>¥Ñ©ó CNS11643-1992 ªì´Áªº¤£³ô¥Î¡A
+ Big5 ÁöµM¤£¬O°ê®a¼Ð·Ç¡A¦ý¬O¦b¥xÆW¤ñ CNS11643-1992
+ ªº°ê®a³W®æ¥Îªº§ó¼s¡C´«¥y¸Ü»¡¡ABig5 ¬O¥xÆWªº·~¬É¼Ð·Ç
+ (de facto standard)¡C</para></note>
+ <table>
+ <title>BIG5 ¦r°Ï»P½s½X½d³ò</title>
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>²Ä¤@¦ì¤¸²Õ</entry>
+ <entry>²Ä¤G¦ì¤¸²Õ</entry>
+ <entry>¦r°Ï</entry>
+ <entry>¨î©w</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>A1..A2</entry>
+ <entry>40..7E, A1..FE</entry>
+ <entry>¦UºØ²Å¸¹°Ï</entry>
+ <entry>1984</entry>
+ </row>
+ <row>
+ <entry>A3</entry>
+ <entry>40..7E, A1..BF</entry>
+ <entry>¦UºØ²Å¸¹°Ï (¥]¬A¼ÐÂI²Å¸¹¡BASCII ¥þ§Î²Å¸¹¡Bª`­µ²Å¸¹µ¥)</entry>
+ <entry>1984</entry>
+ </row>
+ <row>
+ <entry>A3</entry>
+ <entry>E1</entry>
+ <entry>¼Ú¤¸²Å¸¹</entry>
+ <entry>CP950</entry>
+ </row>
+ <row>
+ <entry>A4..C5</entry>
+ <entry>40..7E, A1..FE</entry>
+ <entry>±`¥Î¦r°Ï</entry>
+ <entry>1984</entry>
+ </row>
+ <row>
+ <entry>C6</entry>
+ <entry>40..7E</entry>
+ <entry>±`¥Î¦r°Ï</entry>
+ <entry>1984</entry>
+ </row>
+ <row>
+ <entry>C6</entry>
+ <entry>A1..FE</entry>
+ <entry>¨u¥Î²Å¸¹°Ï</entry>
+ <entry>­Ê¤Ñ</entry>
+ </row>
+ <row>
+ <entry>C7</entry>
+ <entry>40..7E, A1..FE</entry>
+ <entry>¨u¥Î²Å¸¹°Ï (¥]¬A¤é¤å¡B«X¤åµ¥)</entry>
+ <entry>­Ê¤Ñ</entry>
+ </row>
+ <row>
+ <entry>C8</entry>
+ <entry>40..7E, A1..D3</entry>
+ <entry>¨u¥Î²Å¸¹°Ï (¥]¬A«X¤å¡B¿é¤Jªk¯S®í²Å¸¹µ¥)</entry>
+ <entry>­Ê¤Ñ</entry>
+ </row>
+ <row>
+ <entry>C9..F8</entry>
+ <entry>40..7E, A1..FE</entry>
+ <entry>¦¸±`¥Î¦r°Ï</entry>
+ <entry>1984</entry>
+ </row>
+ <row>
+ <entry>F9</entry>
+ <entry>40..7E, A1..D5</entry>
+ <entry>¦¸±`¥Î¦r°Ï</entry>
+ <entry>1984</entry>
+ </row>
+ <row>
+ <entry>F9</entry>
+ <entry>D6..DC</entry>
+ <entry>¤C­ÓÂX¥R¦r</entry>
+ <entry>­Ê¤Ñ</entry>
+ </row>
+ <row>
+ <entry>F9</entry>
+ <entry>DD..FE</entry>
+ <entry>ªí®æ²Å¸¹°Ï</entry>
+ <entry>­Ê¤Ñ</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <table>
+ <title>¤C­ÓÂX¥R¦r</title>
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>ÂX¥R¦r</entry>
+ <entry>BIG5 ½X</entry>
+ <entry>Unicode ½X</entry>
+ <entry>BIG5_1984 ªº¦P¸q¦r</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>ùÖ</entry>
+ <entry>0xF9D6</entry>
+ <entry>0x88CF</entry>
+ <entry>´Ñ</entry>
+ </row>
+ <row>
+ <entry>ù×</entry>
+ <entry>0xF9D7</entry>
+ <entry>0x92B9</entry>
+ <entry>ÄÃ</entry>
+ </row>
+ <row>
+ <entry>ùØ</entry>
+ <entry>0xF9D8</entry>
+ <entry>0x7CA7</entry>
+ <entry>¸Ì</entry>
+ </row>
+ <row>
+ <entry>ùÙ</entry>
+ <entry>0xF9D9</entry>
+ <entry>0x58BB</entry>
+ <entry>Àð</entry>
+ </row>
+ <row>
+ <entry>ùÚ</entry>
+ <entry>0xF9DA</entry>
+ <entry>0x6052</entry>
+ <entry>«í</entry>
+ </row>
+ <row>
+ <entry>ùÛ</entry>
+ <entry>0xF9DB</entry>
+ <entry>0x7881</entry>
+ <entry>§©</entry>
+ </row>
+ <row>
+ <entry>ùÜ</entry>
+ <entry>0xF9DC</entry>
+ <entry>0x5AFA</entry>
+ <entry>¼_</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <para>Big5 ¦³¨â­Ó­«½Æ½s½Xªºº~¦r¡A¤À§O¬O A461, C94a ©M DCD1, DDFC¡A
+ CNS11643-1992 §R°£¤F²Ä¤G¦¸½s½Xªºº~¦r(C94A ©M DDFC)¡C</para>
+ <para>BIG5 ³Ì¤jªº°ÝÃD¬O¦r¼Æ¤£¨¬¡C</para>
+ </sect1>
+
+ <sect1 id="cns11643">
+ <title>CNS11643</title>
+ <para>CNS11643 ¤¤¤å¼Ð·Ç¥æ´«½X¡A ¤@¯ë²ºÙ CNS ½X©Î CNS11643 ¡A
+ ¦]<ulink url="http://www.cns11643.gov.tw/">¤¤¥¡¼Ð·Ç§½
+ </ulink>¤½§G¤Î­×­q¤§¥ý«á¦Ó¦³¤G­Óª©¥»¡A¤@¯ëºÙ¬°
+ CNS11643-1986 ª©(1986¤½§iª©)¤Î CNS11643-1992 ª©(1992¦~­×­qª©)¡A
+ ¦¹¤G­Óª©¥»¤§®t²§¶È¦b©ó¨ä©Ò½s©w¤§¦r¼Æ¤£¦P¡C 75 ¦~¤½§i¤§ CNS11643-1986
+ ©w¸q 13,051­Óº~¦r(¥h±¼ Big5 ¦h¥X¨â­Óº~¦r)¡A
+ ¦WºÙ¬°¡u³q¥Îº~¦r¼Ð·Ç¥æ´«½X¡v
+ 81 ¦~­×­qª© CNS11643-1992 ÂX½s¬°48,027 ­Óº~¦r¡A
+ ÂX¥R«á­×­q¦WºÙ¬°¡u¤¤¤å¼Ð·Ç¥æ´«½X¡v¡C</para>
+ <para>CNS11643 ¥H2­Ó¦ì¤¸²Õ (byte)¬°¤¤¤å½X½s½X³æ¦ì¡C
+ ¦r½X¤¤¤§ 00 ¦Ü 20 ¥H¤Î 7F §¡¤©Á׶}¡A
+ «h 7bit ¦r½X¶°¦@¦³ 94 ­Ó½s½X¦ì¸m¡A
+ ¨â­Ó¦ì¤¸²Õ¦@¥i½s 8,836 ­Ó¦r½X¡A­q¬°¤@¦r­±¡C
+ ¨Ì¦r¤§¨Ï¥ÎÀW²v½s±Æ©ó¦U¦r­±¡C
+ ¨Ì¥ýµ§µe«á³¡­º±Æ¦C¶¶§Ç½s½X¡C</para>
+ <para>CNS11643-1992 ªº½s½Xªk¬°¡GISO-2022-CN¡BISO-2022-CN-EXT¡B
+ EUC-TW¡C±q¬Y¨¤«×¨Ó¬Ý¡A¥i¥H§â Big5 ¬Ý¦¨¬O CNS11643-1992
+ ²Ä¤@©M²Ä¤G¦r­±ªº¤@ºØ½s½Xªk¡A
+ ¦]¬° CNS11643 ª½±µ¨ú¥Î Big5 ªº²Ä¤@©M²Ä¤G¯Åº~¦r°Ï¡A
+ §@¬° CNS11643 ªº²Ä¤@©M²Ä¤G¦r­±¡C</para>
+ <para>¥Ø«e²{¦³ªº CNS11643 ¤C­Ó¦r­±ªº¦r«¬¥i¥H¦b
+ <filename role="package">x11-fonts/intlfonts</filename> ¤¤§ä¨ì¡A
+ ¦³ 16¡B24¡B40 ÂI¦rµ¥¦rÅé¤j¤p¥i¥H¨ú¥Î¡C</para>
+ <table>
+ <title>ISO-2022-CN ªº³W®æ -1,2</title>
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>¦r¶°</entry>
+ <entry>¤Q¤»¶i¦ì</entry>
+ <entry>¹Ï§Î¦r²Å(ASCII)</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>CNS 11643-1992 ²Ä 1 ¦r­±</entry>
+ <entry>1B 24 29 47</entry>
+ <entry>&lt;ESC&gt; $ ) G</entry>
+ </row>
+ <row>
+ <entry>CNS 11643-1992 ²Ä 2 ¦r­±</entry>
+ <entry>1B 24 2A 48</entry>
+ <entry>&lt;ESC&gt; $ * H</entry>
+ </row>
+ <row>
+ <entry>CNS 11643-1992 ²Ä 3 ¦r­±</entry>
+ <entry>1B 24 2B 49</entry>
+ <entry>&lt;ESC&gt; $ + I</entry>
+ </row>
+ <row>
+ <entry>CNS 11643-1992 ²Ä 4 ¦r­±</entry>
+ <entry>1B 24 2B 4A</entry>
+ <entry>&lt;ESC&gt; $ + J</entry>
+ </row>
+ <row>
+ <entry>CNS 11643-1992 ²Ä 5 ¦r­±</entry>
+ <entry>1B 24 2B 4B</entry>
+ <entry>&lt;ESC&gt; $ + K</entry>
+ </row>
+ <row>
+ <entry>CNS 11643-1992 ²Ä 6 ¦r­±</entry>
+ <entry>1B 24 2B 4C</entry>
+ <entry>&lt;ESC&gt; $ + L</entry>
+ </row>
+ <row>
+ <entry>CNS 11643-1992 ²Ä 7 ¦r­±</entry>
+ <entry>1B 24 2B 4D</entry>
+ <entry>&lt;ESC&gt; $ + M</entry>
+ </row>
+ <row>
+ <entry>One-byte shift</entry>
+ <entry>0F</entry>
+ <entry></entry>
+ </row>
+ <row>
+ <entry>Two-byte shift</entry>
+ <entry>0E</entry>
+ <entry></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <table>
+ <title>ISO-2022-CN ªº³W®æ -3</title>
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>²¾¦ìºØÃþ</entry>
+ <entry>¤Q¤»¶i¦ì</entry>
+ <entry>¦r¶°</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>SO</entry>
+ <entry>0E</entry>
+ <entry>CNS 11643-1992 ²Ä 1 ¦r­±</entry>
+ </row>
+ <row>
+ <entry>SS2</entry>
+ <entry>1B 4E</entry>
+ <entry>CNS 11643-1992 ²Ä 2 ¦r­±</entry>
+ </row>
+ <row>
+ <entry>SS3</entry>
+ <entry>1B 4F</entry>
+ <entry>CNS 11643-1992 ²Ä 3 ¦Ü²Ä 7 ¦r­±</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <table>
+ <title>¥xÆWº~¦r¦r¶°³W«h</title>
+ <tgroup cols="6">
+ <thead>
+ <row>
+ <entry>¦r¶°</entry>
+ <entry>¤½§G®É¶¡</entry>
+ <entry>²Ä¤@¯Å</entry>
+ <entry>²Ä¤G¯Å</entry>
+ <entry>ªþ¥[º~¦r</entry>
+ <entry>²Å¸¹</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>CCCII</entry>
+ <entry>1980</entry>
+ <entry>75684</entry>
+ <entry></entry>
+ <entry></entry>
+ <entry></entry>
+ </row>
+ <row>
+ <entry>Big5</entry>
+ <entry>1984</entry>
+ <entry>5401</entry>
+ <entry>7652</entry>
+ <entry></entry>
+ <entry>441</entry>
+ </row>
+ <row>
+ <entry>Big5_ETen</entry>
+ <entry>1985</entry>
+ <entry>5401</entry>
+ <entry>7652</entry>
+ <entry>7</entry>
+ <entry>808</entry>
+ </row>
+ <row>
+ <entry>CNS11643</entry>
+ <entry>1992</entry>
+ <entry>5401</entry>
+ <entry>7650</entry>
+ <entry>34976</entry>
+ <entry>684</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <para>WWW: <ulink url="http://www.cns11643.gov.tw/">
+ http://www.cns11643.gov.tw/</ulink></para>
+ </sect1>
+ <sect1 id="cccii">
+ <title>CCCII</title>
+ <para>CCCII(Chinese Character Code for Information Interchange¡G
+ ¤¤¤å¸ê°T¥æ´«½X)¡A¬Oºë¤ß³]­pªº¥xÆW¦r¶°³W«h¤§¤@¡C
+ ¸Ó³W«h¬O¥xÆWªº°ê¦r¾ã²z¤p²Õ¶}µoªº¡C
+ ²Ä¤@ª©¹{¥¬©ó1980¦~¡C</para>
+ <para>CCCIIÁ`¦@¦³16¼h¡A¨C¤@¼h³£¦³¤»­Ó³s¦b¤@°_ªº94x94¦r­±
+ (¦@¦³94­Ó¦r­±)¡C
+ ³o¼Ë¤l´N²£¥Í¤F¤@­Ó94x94x94ªº¦r½XªÅ¶¡(¬Ò¬° 0x21-0x7E ªº½s½X½d³ò)¡C
+ ¦r²Å«ö¨äºØÃþ¦¬½s©ó¤£¦Pªº¼h¡C</para>
+ <para>CCCIIªºº~¦r¥ý«ö³¡­º¡A«á«öÁ`µ§¹º¼Æ±Æ¦C(ª@§Ç)¡C</para>
+ <para>CCCII²Ä¤@¼h¥Î©ó°ò¥»º~¦r¶°¦X¡A¥]¬A 4808 ±`¥Îº~¦r¡A
+ 17032 ¦¸±`¥Îº~¦r¡A20583 ¨ä¥Lº~¦r¡C
+ ³Ñ¤Uªº¼h¥Î©ó²Ä¤@¼hªº²§Åé¦r¡C</para>
+ <para>³Ì·sªºCCCII¥¿¦¡ª©¹{¥¬©ó1987¦~¡A¦@¦¬½s¤F53,940­Ó¦r²Å¡C
+ ¤Uª©(1989¦~)±N¦¬½s75,684­Ó¦r²Å(44,167­Ó¥¿Åé¦r©M31,517­Ó²§Åé¦r)¡C</para>
+ <para>¥Ø«eCCCIIªº¹ê§@¥i¥H¤À¬°¡Gª½±µ¨Ï¥ÎCCCII½s½X¡AISO-2022-CN¡A
+ <link linkend="cccii-ft">CCCII-FT</link>¡A
+ ¥H¤Î¥ÃÅ襤¤å½Xµ¥¥|ºØ¡C</para>
+ <table>
+ <title>CCCII ²Ä¤@¼hªººc³y</title>
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>¦r­±</entry>
+ <entry>°Ï</entry>
+ <entry>¦r²Å</entry>
+ <entry>¤º®e</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>1</entry>
+ <entry>1</entry>
+ <entry>0</entry>
+ <entry>«O¯dµ¹±±¨î½X</entry>
+ </row>
+ <row>
+ <entry>1</entry>
+ <entry>2</entry>
+ <entry>56</entry>
+ <entry>¼Æ¾Ç²Å¸¹</entry>
+ </row>
+ <row>
+ <entry>1</entry>
+ <entry>3</entry>
+ <entry>94</entry>
+ <entry>ASCII</entry>
+ </row>
+ <row>
+ <entry>1</entry>
+ <entry>4-10</entry>
+ <entry>0</entry>
+ <entry>¥¼½s±Æ</entry>
+ </row>
+ <row>
+ <entry>1</entry>
+ <entry>11</entry>
+ <entry>35</entry>
+ <entry>¤¤¤å¼ÐÂI²Å¸¹</entry>
+ </row>
+ <row>
+ <entry>1</entry>
+ <entry>12-14</entry>
+ <entry>214</entry>
+ <entry>ÁcÅ鳡­º</entry>
+ </row>
+ <row>
+ <entry>1</entry>
+ <entry>15</entry>
+ <entry>78</entry>
+ <entry>41¤¤¤å¼Æ¦r, 37«÷­µ²Å¸¹, 4­µ½Õ²Å¸¹</entry>
+ </row>
+ <row>
+ <entry>1</entry>
+ <entry>16-67</entry>
+ <entry>4808</entry>
+ <entry>±`¥Îº~¦r(213021~21637E)</entry>
+ </row>
+ <row>
+ <entry>1-3</entry>
+ <entry>68-64</entry>
+ <entry>17032</entry>
+ <entry>¦¸±`¥Îº~¦r(216421~23607E)</entry>
+ </row>
+ <row>
+ <entry>3-6</entry>
+ <entry>65-5</entry>
+ <entry>20583</entry>
+ <entry>¨ä¥Lº~¦r(236121-262543)</entry>
+ </row>
+ <row>
+ <entry>6</entry>
+ <entry>6-94</entry>
+ <entry>0</entry>
+ <entry>¥¼½s±Æ</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect1>
+ <sect1 id="euc-tw">
+ <title>EUC-TW</title>
+ <para>EUC-TW ±N CNS11643-1992 ªº 16 ¶i¦ì¥[¤W 0x8080¡C
+ ²Ä¤G¦r­±Âà´« 8E A2¡A²Ä¤T¦r­±Âà´« 8E A3¡A²Ä¥|¦r­±Âà´« 8E A4¡A
+ ²Ä¤­¦r­±Âà´« 8E A5¡A²Ä¤­¦r­±Âà´« 8E A6¡A²Ä¤C¦r­±Âà´« 8E A7¡C</para>
+ <table>
+ <title>10¤ë18¤é</title>
+ <tgroup cols="3">
+ <thead>
+ <row>
+ <entry>½s½X</entry>
+ <entry>ªí¥Üªk</entry>
+ <entry>¸ÑÄÀ</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>CCCII</entry>
+ <entry>21 23 31 21 23 30 21 43 5B 21 23 31 21 23 38 21 42 73</entry>
+ <entry>212331:1 212330:0 21435B:¤ë 212331:1 212338:8 214273:¤é</entry>
+ </row>
+ <row>
+ <entry>Big5</entry>
+ <entry>31 30 A4 EB 31 38 A4 E9</entry>
+ <entry>31:1 30:0 A4EB:¤ë 31:1 38:8 A4E9:¤é</entry>
+ </row>
+ <row>
+ <entry>CNS11643-1992</entry>
+ <entry>1B 24 29 47 31 30 0E 45 4C 0F 31 38 0E 45 4A 0F</entry>
+ <entry>1B242947:(²Ä¤@¦r­±) 31:1 30:0 0E:(º~¦r) 454C:¤ë 0F:(ASCII) 31:1 38:8 0E:(º~¦r) 454A:¤é 0F:(µ²§ô)</entry>
+ </row>
+ <row>
+ <entry>EUC-TW</entry>
+ <entry>31 30 C5 CC 31 38 C5 CA</entry>
+ <entry>31:1 30:0 C5CC:¤ë 31:1 38:8 C5CA:¤é</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect1>
+
+ <sect1 id="gb-code">
+ <title>GB</title>
+ <para>¦b¤¤°ê¡A¤¤¤å«H®§½s½X¥Ñ¬F©²­t³d¨î©w¨ÃºÊ·þ¹ê¬I¡C
+ ³o¬O¬°¤F«OÃÒ¹ï©ó©Ò¦³ªº¨t²Î¤¤¤åªº½s½X³£¬O¤@­Pªº¡A¯à°÷¤¬¬Û¶i¦æ¾Þ§@¡C
+ ±q­pºâ¾÷ªºÀ³¥Î¶}©l¡A¤w¸g¹{¥¬¤F¦hºØ¤¤¤å«H®§½s½X¼Ð·Ç¡A
+ ±`¥Îªº¬O GB2312-1980¡AGB12345¡AGB13000(GBK)¡A¥H¤Î³Ì·s¼Ð·Ç 18030¡C
+ ­È±o¤@´£ªº¬O¡A³Ì·sªº GB18030 ¼Ð·Ç±N­n§@¬°±j¨î¼Ð·Ç¹ê¦æ¡A©Ò¦³¤£¤ä«ù
+ GB18030 ¼Ð·Çªº³nÅé±N¤£¯à§@¬°²£«~ªº¥X°â¡C</para>
+ <para>±q GB2312-1980 ½s½X¶}©l¡Aº~¦r³£¬O±Ä¥ÎÂù¦r¸`½s½X¡C
+ ¬°¤F»P¨t²Î¤¤°ò¥»ªº ASCII ¦r²Å¶°°Ï¤À¶}¡A
+ ©Ò¦³º~¦r½s½Xªº¨C­Ó¦r¸`ªº²Ä¤@¦ì¤¸³£¬O1¡C¨Ò¦p¡G"°Ú" ¦rªº½s½X¬°
+ 0xB0A1¡C</para>
+ <table>
+ <title>GB ªºº~¦r½s½X³W«h</title>
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>½s½X</entry>
+ <entry>²Ä¤@­Ó¦r¸`</entry>
+ <entry>²Ä¤G­Ó¦r¸`</entry>
+ <entry>²Ä¤T­Ó¦r¸`</entry>
+ <entry>²Ä¥|­Ó¦r¸`</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>GB2312</entry>
+ <entry>0xB0 - 0xF7</entry>
+ <entry>0xA0 - 0xFE</entry>
+ <entry></entry>
+ <entry></entry>
+ </row>
+ <row>
+ <entry>GBK</entry>
+ <entry>0x81 - 0xFE</entry>
+ <entry>0x40 - 0xFE</entry>
+ <entry></entry>
+ <entry></entry>
+ </row>
+ <row>
+ <entry>GB18030 ªºÂù¦r¸`</entry>
+ <entry>0x81 - 0xFE</entry>
+ <entry>0x40 - 0x7E, 0x80 - 0xFE</entry>
+ <entry></entry>
+ <entry></entry>
+ </row>
+ <row>
+ <entry>GB18030 ªº¥|¦r¸`</entry>
+ <entry>0x81 - 0xFE</entry>
+ <entry>0x30 - 0x39</entry>
+ <entry>0x81 - 0xFE</entry>
+ <entry>0x30 - 0x39</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect1>
+
+ <sect1 id="iso10646">
+ <title>Unicode/ISO 10646 </title>
+ <para>Unicode (Universal Multiple Octet Coded Character Set)¡A
+ Unicode °ê»Ú¼Ð·Ç²Õ´©ó1984¦~4¤ë¦¨¥ß
+ IOS / IEC JTC1 / SC2 / WG2¤u§@²Õ¡A°w¹ï¦U°ê¤å¦r¡B
+ ²Å¸¹¶i¦æ²Î¤@©Ê½s½X¡A1991¦~¬ü°ê¸ó°ê¤½¥q¦¨¥ßUnicode Consortium¡A
+ ¨Ã©ó1991¦~10¤ë»PWG2¹F¦¨¨óij¡A±Ä¥Î¦P¤@½s½X¦r¶° ¡C
+ ¥Ø«eUnicode¬O±Ä¥Î16 bit¤§½s½X¬[ºc¡A¨ä¦r¶°¤º®e»PISO 10646¤§
+ BMP(Basic Multilingual Plane)¬Û¦P¡C</para>
+ <para>Unicode (Unicode Consortium)¨Ã©ó1992¦~6¤ë³q¹L
+ DIS(Draft International Standard)¡A¥Ø«eª©¥»¬°Unicode v2.0
+ ©ó1996¦~¤½§G¡A ¤º®e¥]§t²Å¸¹6811¡B º~¦r20902¡BÁú¤å«÷­µ11172¡B
+ ³y¦r°Ï6400¡A«O¯d20249¦@65534­Ó½X¦ì ¡C</para>
+ <para>
+ ¥Ø«e½X¦ìªÅ¶¡¬° U+0000 ¨ì U+10FFFF¡A¦@¦³
+ 1,114,112 ­ÓªÅ¶¡¡C</para>
+ <para>Unihan3.2 ¥]§t¶W¹L¤C¸U­Ó CJK ¦r¡C</para>
+ <para>ISO 10646 HK WWW: <ulink url="http://www.iso10646hk.net/">
+ http://www.iso10646hk.net/</ulink></para>
+ <para>WWW: <ulink url="http://www.unicode.org/">
+ http://www.unicode.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="basic">
+ <title>°ò¥»¤¤¤åÀô¹Òªº­n¥ó</title>
+ <para>¥ýÅý§Ú­Ì¤@°_¨Ó·Q¤@·Q¡A
+ ¤@­Ó°ò¦¤¤¤å¥­¥x­n¯à°÷°µ¨ì¨º¨Ç¨Æ±¡¡A
+ ¤£§«´N¥H½s¿è¤@¥÷¤å¥ó¬°¨Ò§a(¹³§Ú²{¦b¦b³oÃä¼g½Z¤@¼Ë)¡A
+ §Ú­Ì§Æ±æ¶}±Òªºµ{¦¡¥i¥H¦³¤Íµ½ªº¤¶­±¡A¦³¤¤¤åªº¿ï³æ¸ò»¡©ú(¤¤¤å°T®§)¡A
+ ÁÙ­n¦³ºD¥Îªº¤¤¤å¿é¤Jªk¥i¥H§â¤¤¤å¥´¶i¥h(¿é¤J)¡A
+ ¥´¦r¶i¥h¥H«á¥²¶·¥i¥H¬Ý¨ì¿é¤Jªºµ²ªG(Åã¥Ü)¡A
+ ¥´¦r¥X¿ù¤FÁÙ­n¥i¥H­×§ï¤~¦æ¡A¥²­nªº®É«áÁÙ±o¥i¥H§ïÅܦr«¬µ¥µ¥ªº(³B²z)¡A
+ ¤å³¹¥´§¹¤F¡A­n¯à°÷¶¶§Qªº§âµ²ªG¦L¥X¨Ó(¦C¦L)¡F
+ ±q³o¤@­Ó¨Ò¤l¸Ì­±§Ú­Ì´N¥i¥HÂk¯Ç¥X¤@­Ó°ò¥»¤¤¤åÀô¹Ò¡A
+ À³¸Ó­n¥i¥H°µ¨ì¤U­±³o´X¥ó¨Æ±¡¡G </para>
+ <itemizedlist>
+ <listitem><para>¤¤¤åªº°T®§</para></listitem>
+ <listitem><para>¤¤¤åªºÅã¥Ü</para></listitem>
+ <listitem><para>¤¤¤åªº¿é¤J</para></listitem>
+ <listitem><para>¤¤¤åªº¦C¦L</para></listitem>
+ <listitem><para>¤¤¤åªº³B²z</para></listitem>
+ </itemizedlist>
+ <para> ¤W­±ªº¦Cªí´N¬O§Ú­Ì»{¬°¤@­Ó°ò¥»¤¤¤åÀô¹Ò©Ò­nº¡¨¬ªº­n¥ó¡A
+ ¤]¬O§Ú­Ì¦bµû¦ô¤@­Ó¨t²Î¤¤¤å¤ä´©Àu¦H®É©Ò¥Îªº°ò·Ç¡A
+ ¨ä¹ê©Ò¿×ªº"¤¤¤å¤Æ"¡A¥Nªíªº´N¬O¦b§@¬°°ò¦ªº­^¤åª©§@·~¨t²Î¤W­±¡A
+ °µ¥X­×¥¿ªº¤u§@¡A¥Øªº¤£¥~¬O­n¯à°÷º¡¨¬¤W­±©Ò´£¨ìªº³o¨Ç­n¥ó½}¤F¡A
+ ³o­Ó¦Cªíªº¶¶§Ç­è¦n¬O¨Ì·Óµ{¦¡³]­p¥[¥H¤ä´©ªº§xÃøµ{«×±Æ¥X¨Óªº¡A
+ ¶¶§Ç¬O±q²³æ¨ì§xÃø¡F´£¨Ñ¤¤¤åªº°T®§¸ò¤¶­±©Ò²o¯A¨ìªº¤j¦h¥u¬O½Ķªº¤u§@¡A
+ ³Ì¬°Â²³æ¡A¦bÅã¥Ü®É­n¦Ò¼{¨ì¦r«¬ªº·f°t°ÝÃD¡A
+ ¦b¿é¤J®É­n¦³¤@­Óµ{¦¡¤§¶¡¦@¥Îªº¿é¤J¤¶­±¡A³o¨Ç´N¤ñ¸û§xÃø¡A
+ ¦Ó¦C¦L¤£¥u­n§@¨ìÀ³¥Îµ{¦¡¸ò¦C¦L¦øªAµ{¦¡¤§¶¡ªº¾ã¦X¡A
+ Áٻݭn¦³²£¥Í¤jÂI¼Æ¬üÆ[¦rÅ骺¯à¤O¡A³o¥ó¤u§@²o¯Aªº°ÝÃD§ó¥[½ÆÂø¤F¡A
+ ³o´XÂI¸Ì­±­nÅýÀ³¥Îµ{¦¡³B²z¤¤¤å¬O³Ì§xÃøªº¤@³¡¤À¡A
+ ¨Ò¦p¤¤¤å¥¿³Wªí¥Üªk¡B¤¤¤å¦r¦ê·j´Mµ¥µ¥¡A³£¬O¥Ø«eÁÙÃø¥H¸Ñ¨Mªº½ÒÃD¡C</para>
+ <para> ¨º»ò¡A¦b¥Ø«eªº FreeBSD Àô¹Ò©³¤U¡A
+ ­n¥Î¬Æ»ò¤èªk¤~¥i¥HÅý¨t²Î¤ä´©¤W­±´£¨ìªº³o¨Ç°ò¥»­n¥ó©O¡H </para>
+ </sect1>
+
+ <sect1 id="i18n-l10n">
+ <title>°ê»Ú¤Æ»P¤¤¤å¤Æ</title>
+ <para>­nÅý¨t²Î¤ä´©¤¤¤å¡A¥i¯àªº¸Ñ¨M¤è®×¤£¥X¤TºØ¡A
+ ¤@¬O¨Ï¥Î¥~±¾¦¡ªº¤¤¤å¨t²Î¡A¤G¬O¼¶¼g¿W¥ßªº¤¤¤åµ{¦¡¡A
+ ¤T¬O§Q¥Î¨t²Î¤W´£¨Ñªº°ê»Ú¤Æ¬[ºc¨Ó¤ä´©¡C©Ò¿×ªº¥~±¾¦¡¤¤¤åÀô¹Ò¡A
+ «üªº¬O¦p¦P DOS ©³¤Uªº­Ê¤Ñ¤¤¤å©ÎªÌ Windows ©³¤UªºÂù¾ô¤¤¤å³o¼Ëªº¨t²Î¡A
+ ¦b FreeBSD ¨t²Î©³¤U¡A¥~±¾¦¡ªº¤¤¤åÀô¹Ò¥i¥HÂÇµÛ LD_PRELOAD
+ ªº¾÷¨î¨Ó¹F¦¨¡A¥u­n³]©w LD_PRELOAD ³o­ÓÀô¹ÒÅܼơA
+ ¾A®Éªº«ü¨ì´£¨Ñ¤¤¤å¤ä´©ªº°ÊºA¨ç¦¡®w¥h¡A´N¥i¥H¦bµ{¦¡°õ¦æ®É¡A
+ °ÊºAªº¥Î¤ä´©¤¤¤åªº¨ç¦¡¨Ó´À´«±¼­ì¥»¤£¤ä´©¤¤¤åªº¨ç¦¡¡A
+ µ²ªG´N¥i¥HÅý¤£¤ä´©¤¤¤åªºµ{¦¡Åܱo¥i¥HÅã¥Ü¤¤¤å¸ò±µ¨ü¤¤¤å¿é¤J¤F¡A
+ ¨Ò¦p <application>xa+cv</application> ©ÎªÌ¬O¦b
+ <application>TurboLinux</application> ¸Ì­±¨Ï¥Îªº <application>
+ zhWinPro</application> ³£¬OÄÝ©ó³oÃþªºµ{¦¡¡C
+ §Q¥Î³oºØ¤è¦¡¨Ó´£¨Ñ¤¤¤åªº¤ä´©«Ü²³æ¡A«ÜÆF¬¡¡A
+ ¤]¤£»Ý­n¥h­×§ïµ{¦¡ªº­ì©l½X¨Ã­«·s½sĶ¡A
+ ¥i¬O³o­Ó¤èªk«o¨S¿ìªkÅýÀ³¥Îµ{¦¡¹ï¤¤¤å§@¥¿½Tªº"³B²z"¡A
+ ±`¨£ªº¨Ò¤l¬OÁöµM¥[¤W¤F¥~±¾ªº¤¤¤å¨t²Î¡A
+ ¥i¬O½s¿è¤å¦r®É¦b¤¤¤å¦r¤W­±«ö¤@¦¸§R°£Áä«oÁÙ¬O¥u¯à§R°£¥b­Ó¤¤¤å¡A
+ ³o¬O¦]¬°¦bÀ³¥Îµ{¦¡¤º³¡¤´µM¬O§â¤@­Ó¤¤¤å¦r·í¦¨¨â­Ó­^¤å¦r¨Ó¬Ý«Ý¡A
+ ¦Ó³oÅãµM¬O¤£¥¿½Tªº¡A¦¹¥~³o­Ó¤è¦¡¤]¤£¤ä´©¸ò¨ç¦¡®w§@ÀRºA³sµ²ªºµ{¦¡¡A
+ ÁÙ±±·|³y¦¨¨t²Îªº¤£Ã­©w¡A¦]¦¹¤j®a¤w¸g²z¸Ñ¨ì³o­Ó¤è¦¡µLªk¸Ñ¨M®Ú¥»°ÝÃD¡A
+ º¥º¥ªº±Ë±ó³oºØ¥~±¾ªº¤è¦¡¡A¦Ó¥Î¨ä¥Lªº¤èªk´£¨Ñ¤¤¤å¤ä´©¤F¡C </para>
+ <para>²Ä¤GºØ¤è¦¡¬O­×§ïµ{¦¡¡Aª½±µÅý¨C­Óµ{¦¡³£¤ä´©¤¤¤åªº¨Ï¥Î¡A
+ ³oºØ¬O³Ì²³æ¤]¬O³Ì§xÃøªº¤èªk¡A»¡¥¦Â²³æ¡A¦]¬°³o¥ó¤u§@«Üª½±µ¡A
+ FreeBSD ©³¤Uªºµ{¦¡¤S¤j¦h¼Æ³£¥i¥H®³¨ìµ{¦¡ªº­ì©l½X¡A
+ ¥u­n¹ï³o¨Ç­ì©l½X§@­×¥¿¡A¥[¤J¤ä´©¤¤¤åªº³¡¥÷¡A´N¥i¥H¤ä´©¤¤¤åªº¨Ï¥ÎÅo¡A
+ ¨Ò¦p«Ü¦h¤H¨Ï¥Îªº¤¤¤å <application>cpine</application>
+ ¶l¥óµ{¦¡´N¬O¥Î­^¤åª© <application>pine</application> ªº­ì©l½X§ï¥X¨Óªº¡A
+ ¨ä¥L¦p <application>cxterm</application> µ{¦¡©ÎªÌ¤ä´©¦hºØ»y¨¥ªº
+ <application>emacs</application>
+ µ¥µ¥µ{¦¡³£¬O¥ÑÀ³¥Îµ{¦¡¦Û¦æ´£¨Ñ¤¤¤å¤ä´©ªº¡A
+ ³o¨Çµ{¦¡¹ï¤¤¤åªº¤ä´©«Ü¦n¡A¤]³£¨ü¨ì¤F¤j®aªºÅwªï·R¥Î¡A¥i¬O¡A
+ ¨Ï¥ÎªÌ¤@¥¹Â÷¶}³o¨Ç¦³´£¨Ñ¤¤¤å¤ä´©ªºµ{¦¡¥H«á´NµLªk¥Î¤¤¤å¤F¡A
+ ¤@­Ó FreeBSD ®M¥ó¤Ö»¡¦³¤­¤»¦Ê­Óµ{¦¡®M¥ó¡A
+ ·Q­n¥þ­±ªº¤¤¤å¤Æ¡A¥²¶·­n¤@­Ó¤@­Ó§¹¾ãªº¹ï³o¨Çµ{¦¡°µ¥X­×§ï¤~¦æ¡A
+ ³o¥ó¤u§@¦b¤H¤O¸òª«¤O¤W³£·|¬O¤@­Ó¤Ñ¤å¼Æ¦rªº§ë¸ê¡A¬O¤£¥i¯àªº¨Æ±¡¡A
+ ©Ò¥H§Ú­Ì«e­±»¡³o¤]¬O³Ì§xÃøªº¤èªk :) ªp¥B¡A¦]¬°½s½X¨t²Î¤£¤@¼Ë¡A
+ ³o¨Çµ{¦¡®³¨ì¤é¥»´N­n§ï¤@¦¸¤é¤åª©¡A®³¨ìÁú°ê¤]­n¦A§ï¤@¦¸Áú¤åª©¡A
+ ³oºØ§@ªk·|¨Ï±o¸ê·½­«½Æ®ö¶Oªº³¡¥÷¤Q¤ÀÄY­«¡A¥Ñ¦¹¥i¨£¡A
+ ¾a¿W¥ßªºµ{¦¡¨Ó´£¨Ñ¤¤¤åÀô¹Ò¨Ã¤£¬O­ÓÁo©úªº§@ªk¡A
+ ¥²¶·­n¦³§ó¦nªº¤è¦¡¤~¦æ¡C</para>
+ <para> ¨º»ò¬Æ»ò¤~¬O³o­Ó§ó¦nªº¤è¦¡©O¡H
+ "°ê»Ú¤Æ"¥i¯à¬O¥Ø«e§Ú­Ì§ä±o¨ìªº³Ì¦n¸Ñµª¡A
+ °ê»Ú¤Æªº­^¤å¦WºÙ¬O InternationalizatioN¡A³o­Ó­^¤å³æ¦rªº²Ä¤@­Ó¦r¥À
+ I »P³Ì«á¤@­Ó¦r¥À N ¤§¶¡¦³ 18 ­Ó¦r¥À¡A©Ò¥H¤]³Q²ºÙ¬° I18N¡C
+ I18N ¬O¤@ºØÆ[©À¸ò¥Ø¼Ð¡A³o­Ó·Qªk¬O­n´£¨Ñ¤@­Ó¬[ºc¡A
+ Åý¦P¼Ëªºµ{¦¡½X¥i¥H¾A¥Î¦b¦UºØ»y¤å²ßºD¸ò½s½X¨t²Î¤W­±¡A
+ µ{¦¡³]­p¤H­û¥u­n§Q¥Î³o­Ó¬[ºcªº¾÷¨î¸ò·Ç«h¼¶¼gÀ³¥Îµ{¦¡¡A
+ ´N¥i¥H¦b¤£»Ý­«·s½sĶµ{¦¡ªº±¡ªp¤U¡A¦ÛµMªº¤ä´©¦U¦¡¦U¼Ëªº»y¨¥¡A
+ ¤£¹L¬°¤F­n¹F¦¨³o¼Ëªº¥Ø¼Ð¡A§@·~¨t²Î¥²¶·´£¨Ñ¤@©wµ{«×ªº¤ä´©¡A
+ ¯S§O¬O¦b¦UºØªºµ{¦¡®w¸Ì­±³£±o¦³¤ä´© I18N ªº ³]­p¤~¥i¥H¡A
+ ³oÃä¯S§O­«­nªº´NÄÝ C µ{¦¡®w¥H¤Î X µøµ¡¨t²Îªº°ê»Ú¤Æ³]­p¤F¡C
+ ¹L¥h¡AFreeBSD ¤Wªº C µ{¦¡®w¸ò X ¹ï°ê»Ú¤Æªº¤ä´©³£¤£§¹¾ã¡A
+ ¾ã­Ó°ò¦Àô¹ÒÁÙ¤£¦¨¼ô¡A©Ò¥H¦h¼Æªºµ{¦¡¨Ã¨S¦³·ÓµÛ I18N ªº¼Ð·Ç¨Ó¼¶¼g¡A
+ ¾É­P¤¤¤å¤Æªº°ÝÃD§xÃø­«­«¡A³o­Ó²{¶H¦b³o¤@¦~¨Ó¤w¸g¦³¤F¤j´Tªº§ïµ½¡A
+ ¥Ø«e°ê»Ú¤W¤j®a¼gµ{¦¡ªº®É­Ô¤w¸g¦³¤ä´© I18N ªº´¶¹M¦@ÃѤF¡A
+ ¥D¬yªºµ{¦¡¤]³£º¥º¥´£¨Ñ¤F I18N ªº¤ä´©¡A§Q¥Î¼Ð·Çªº FreeBSD
+ °ê»Ú¤Æ¬[ºc¨Ó¤ä´©¤¤¤åÁÙ¬O­n§ïµ{¦¡¡A¤£¹L³o­Ó§ïªk¬O°ê»Úªº¥D¬y¡A
+ ¤]¥i¥H«OÃÒ§ë¸ê¥i¥H¦³³Ì¤jªºÀò¯q¡A©Ò¥H§Ú­Ì»{¬°³o¤~¬O«Øºc¤¤¤åÀô¹Òªº¥¿³~¡A
+ ¦b«áÄòªº¤å³¹¸Ì­±§Ú­Ì±N·|¤@¤@¸ò¤j®a¤¶²Ð¥Ø«e FreeBSD ©³¤U I18N
+ Àô¹Òªº¹ê§@¤èªk¡A¥H¤Î³]­p I18N µ{¦¡©Ò¸Óª`·Nªº¨Æ¶µ¡C</para>
+ <para>¤@¯ë°ê»Ú¤Æ¬[ºc³]­pªº°ò¥»­ì«h¡A
+ ¬O§âµ{¦¡³B²z·|¸ò»y¤å½s½X¬ÛÃöªº³¡¥÷¿W¥ß¥X¨Ó¡A
+ ³o¨Ç¸ê®Æ¤£¥u¬O½s½X¨t²Îªº©w¸q¡AÁÙ¥]¬A¸Ó»y¤å¤Uªº¤@¨Ç¨Ï¥Î²ßºD¡A
+ ¨Ò¦p¼Æ¦r¡B¤é´Á¡B±Æ§Ç¡B³f¹ôªº®æ¦¡¡A¥H¤Î½Ķªº°T®§µ¥µ¥...
+ ³o¨Ç¸ò»y¤åÀô¹Ò¦³¬ÛÃöªº¸ê®Æ¡A§Ú­ÌºÙ¤§¬° "°Ï°ìÀô¹Ò¸ê®Æ®w"
+ (locale database,LOCALization Environment database)¡A
+ §â³o¨Ç¸ê®Æ¤ÀÂ÷¥X¨Ó¥H«á¡A´N¥i¥H©w¸q¤@­Ó¸ò»y¤å½s½XµLÃöªº¤¶­±¡A
+ µ¹µ{¦¡³]­p®v¨Ï¥Î¡AÅýµ{¦¡³]­p¤H­û¦b³]­pµ{¦¡®É¤£¥²¦Ò¼{¡A
+ ¹ï¯S©w»y¤åÀô¹Ò´£¨Ñ¤ä´©ªº²Ó¸¡A¼g¥X¨Óªºµ{¦¡´N¥i¥H¤£­­©ó¤ä´©¯S©w»y¨¥¡A
+ ¦Ó¬O¦bµ{¦¡°õ¦æªº®É­Ô¤~¨Ì¨Ï¥ÎªÌªº¿ï¾Üªº°Ï°ìÀô¹Ò (locale)
+ Ápô¨ì¤£¦Pªº¸ê®Æ®w¡A¶i¦Ó´£¨Ñ¸Ó»y¤åªº¤ä´©¡C </para>
+ <para>I18N ¥u¬O´£¨Ñ¥i¯à¥Î¨Ó¤ä´©¤¤¤åªº¤j¬[ºc¡A­n¯à°÷¨Ï¥Î¤¤¤å¡A
+ ÁÙ¥²¶·­n¦b³o­Ó¬[ºc¸Ì­±¥[¤J¹ï¤¤¤å»y¤å½s½Xªº¤ä´©¤~¥i¥H¡A
+ ³o­Ó¦b°ê»Ú¤Æ¬[ºc¤§¤U¥[¤J¹ï¬YºØ¯S©w»y¤å¤ä´©ªº°Ê§@ºÙ¬°"°Ï°ì¤Æ"¡A
+ ­^¤åºÙ¬° LocalizatioN¡A¦]¬° L ¸ò N ¤§¶¡¦³ 10 ­Ó­^¤å¦r¥À¡A
+ ¤]±`³Q²ºÙ¬° L10N¡A¤@¯ëªº "¤¤¤å¤Æ"
+ ¬Oªx«ü¬°À³¥Îµ{¦¡¥[¤W¤¤¤å¤ä´©ªº¹Lµ{¡A¤£¹L§Ú­Ì³oÃä´£¨ìªº¤¤¤å¤Æ¡A
+ ¨Æ¹ê¤W´N¬O¦b°ê»Ú¤Æ¬[ºc¤U­±¥[¤J¤¤¤å°Ï°ì¤Æ¤ä´©ªº¤u§@¡F
+ ´N¥Ø«eªºFreeBSD Àô¹Ò¦Ó¨¥¡A
+ ·í«e¦b FreeBSD ¤W¥Î¨Ó´£¨Ñ¤¤¤å¤ä´©ªº°ê»Ú¤Æ¬[ºc¥i»¡¬O¤w¸g¤j­P§¹³Æ¡A
+ ©³¼hµ{¦¡®wªº¤¤¤å°Ï°ì¤Æ¤u§@¤]³£¤j­P§¹¦¨¤F¡A
+ ¦b³o­Ó¬[ºc¤§¤W¤w¸g¥i¥H´£¨Ñ¤@­Ó¤£¿ùªº¤¤¤åÀô¹Ò¥i¥H¥Î¤F¡A»¡°_¨Ó¡A
+ §Ú­Ì¯à¦³¤µ¤éªº¤¤¤åÀô¹Ò¥i¥Î¡A¹ê¦b­n·PÁ³o¨Ç°ê»Ú©Êµ{¦¡¶}µo²Õ´(XFree86)
+ ¦³¤ß­«µø¨È¬w»y¨t¨Ï¥ÎªÌªº»Ý¨D¡A¦¹¥~¡A
+ ªø¤[¥H¨Ó³\³\¦h¦hºô¸ô¤W¦Û¥Ñ³nÅé§@ªÌªº°^Äm¤]¬O¥\¤£¥i¨S¡A
+ ¥¿´N¬O¦]¬°¦³³o³\¦h«e¤H¤£­p­Ó¤H³ø¹Sªº§V¤O¡A
+ §Ú­Ì¤~¯à¨É¨ü·í«eªº¤¤¤åÀô¹Ò¡C </para>
+ </sect1>
+
+ <sect1 id="chinese-trans">
+ <title>¥i¯àªº°ÝÃD</title>
+ <para>³\¦hµ{¦¡¥Ñ©ó¦U¦¡¦U¼Ëªº­ì¦]¡A
+ ¨Ã¥¼¦Ò¼{¨ì¿é¤Jªº¸ê®Æ¥i¯à¬O non-ASCII ½Xªº°ÝÃD¡C
+ ¥¦©¹©¹°²³]¤F¥¦©Ò­n³B²zªº¸ê®Æ³£¬O ASCII ½X¡A§óÁV¿|ªº¬O¡A·í¥¦¹J¨ì
+ non-ASCII ½X®É¡A±`±`°²³]¥¦¤£¦s¦b¡A¦Ó±N¥¦ªº²Ä¤K­Ó¦ì¤¸ºI¥h¡I
+ ³o¬O©Ò¿×ªº 8-bit clean °ÝÃD¡C</para>
+ <para>¨Ò¦p¡A±zªº <link linkend="telnet">telnet</link> µ{¦¡
+ Á`¬O»{¬°±z¿é¤Jªº³£¬O¤C¦ì¤¸ªº ASCII ½X¡C·í±z¿é¤J¤¤¤å®É¡A
+ ¨C¨C±N²Ä¤K¦ì¤¸¬å±¼¡A©Ò¥H³£Åܦ¨¶Ã½X¡C</para>
+ <para>ºô¸ô¤Wªº³q°Tµ{¦¡¤]±`±`¥u¯à¶Ç¿é¤C¦ì¤¸ªº¸ê®Æ¡C¸û¦­´Áªº
+ <application>sendmail</application> µ{¦¡´N¬O´c¦W¬L¹üªº¨Ò¤l¡C
+ <application>sendmail</application> ¥u¯à±µ°e§t¤C¦ì¤¸ªº«H¥ó¡A
+ ¾É­P§Ú­Ì¦b¶Ç°e¤¤¤å«H¥ó®É¡A¥²¶·±Ä¥Î¦U¦¡¦U¼Ë©_©Çªº
+ <link linkend="procmail">½s½X®æ¦¡</link>
+ (¦p uuencode¡Abase64¡AQP µ¥)¡A³o©¹©¹¤S¬°¦¬«HªÌ±a¨Ó«Ü¤jªº§xÂZ¡I
+ (§Ú±`¦b·Q¦pªG·íªì¹q¤l¶l¥óªº³Ð³yªÌ¯à¦h¤@ÂIÂIªº»·¨£¡A
+ §Ú­Ì¤µ¤Ñ´N·|¤Ö³\¦hªº°ÝÃD¡I)</para>
+ <para>¦bºô¸ô¤W³o­Ó°ÝÃDÅã±o§ó¬°½ÆÂø¡C
+ §Y¨Ï±z©M±zªº¦¬«H¤Hªº¾÷¾¹³£¤w¸g¦w¸Ë¤F¥i¥H³B²z¤¤¤å«H¥óªº
+ <application>sendmail</application> µ{¦¡
+ ¡A¹ï¤è¤´¦³¥i¯à¦¬¨ì¶Ã½X«H¥ó¡C
+ ¦]¬°³o«Ê«H¦b¨ì¹F¹ï¤è¤â¤¤«e¥i¯à¸g¹L¦n¦h³¡¥D¾÷¡A
+ ¦pªG¨ä¤¤¤@³¡¾÷¾¹ªº <application>sendmail</application>
+ ±N²Ä¤K¦ì¤¸ºI¥h¡A¨Æ±¡´N§¹¤F¡I
+ ¹ï©ó client/server ¬[ºcªºµ{¦¡¡A°ÝÃD¥i¯à¥X¦b client ºÝ¡A
+ ¤]¥i¯à¬O¦b server ºÝ¡A©Î¬OÂù¤è³£¦³¡C</para>
+ <para>°£¤FµLªk³B²z non-ASCII ½X¸ê®Æªº°ÝÃD¤§¥~¡A
+ À³¥Îµ{¦¡µLªk¿ëÃѤ¤¤å½s½X¤]¬O¤@¤j°ÝÃD¡C¤]´N¬O¡A«Ü¦hµ{¦¡
+ (§Y¨Ï¯à¥¿½T³B²z¤K¦ì¤¸ªº¸ê®Æ)³£±N¤@­Ó¤¤¤å¦rµø¬°¨â­Ó¿W¥ßªº¦ì¤¸²Õ¡C
+ ³o¦b³\¦h±¡ªp¤U¤£·|¦³¤°»ò¤£¦n¡A¦ý¦b¬Y¨Ç³õ¦X¤U´NÅã±o«ÜÁV¡I</para>
+ <para>³ÌÅãµMªº¨Ò¤l¡A§Y¨Ï±z¯à¥¿½Tªº¿é¤J¤¤¤å¡A¥i¬O·í±z«ö¤U­Ë°hÁä
+ (backspace)®É¡A©¹©¹¥u­Ë«á¤F¤@­Ó¦ì¤¸²Õ¦Ó±N¤@­Ó¦n¦nªº¤¤¤å¦rºI¦¨¨â¥b¡A
+ ³Ñ¤Uªº¨º¥b·íµM´N¦¨¤F¶Ã½X¡CÁÙ¦³¡A
+ ¤å®Ñ½s¿è¾¹¥i¯à¦b¤@­Ó¤¤¤å¦r¤¤¶¡´«¦æ¦Ó¾É­P¥X²{¶Ã½X¡A
+ ©Î¬O±N¤@¦æ«Üªøªº¤¤¤å¥y¤l·í§@¤@­Ó«Üªøªº­^¤å¦r¥À¦Ó¤£´«¦æ¡A
+ ¨Ï±oµe­±Åܱo«ÜÃø¬Ý¡C</para>
+ <para>ÁÙ¦³§óÁVªº¡I¬Y¨Ç¤¤¤å¦r©Ò§tªº¯S®í¤º½X¹ï¬Y¨ÇÀ³¥Îµ{¦¡¨ã¦³¯S§Oªº·N¸q¡A
+ ³o¾É­Pµ{¦¡¹J¨ì³o¨Ç¤º½X®É±N²£¥ÍÄY­«ªº¿ù»~¡A©Î¬O·í±¼¡C</para>
+ <para>¤U­±±N¸ÕµÛ¬°³o¨Ç°ÝÃD´£¥X¤@¨Ç¸Ñ¨M¤§¹D¡A¦ý¬O³o¤´¬O¤ù­±ªº¡A
+ ¤£§¹¥þªº¡A¦Ó¥B¤£¯à¥O¤Hº¡·N¡C
+ ¤]³\¥u¦³·í©Ò¦³ªº³nÅé³£¯à¬°¤¤¤å¶q¨­¥´³y®É°ÝÃD¤~¥i¯à¯u¥¿ªº¸Ñ¨M¡C</para>
+ <para>¸ÜÁö¦p¦¹¡A·U¨Ó·U¦hªºµ{¦¡¦b³]­p¤W¤w¸gª`·N¨ì°ê»Ú¤Æªº°ÝÃD¡A
+ ¨Ò¦p²{¦b¤j³¡¤À¥D¾÷ªº <application>sendmail</application>
+ µ{¦¡³£¤w¸g¯à¥¿½T³B²z 8-bit ªº«H¥ó ---
+ ¦]¬°¤£¶È¶È¬O¶Ç¿é¤¤¤å«H¥ó»Ý­n 8-bit¡A
+ ²{¦b«Ü¦hªº¦h´CÅé¶l¥ó¤]³£»Ý­n¥Î 8-bit ¶Ç°e¡C
+ «Ü¦h³nÅé¤w¸g§¹¥þ¤£»Ý­×§ï¡A
+ ©ÎªÌ¥u­n¶}±Ò¤@¨Ç¯S®íªº¿ï¶µ¡A´N¯à¨Ï¥Î¤¤¤å¡C
+ ¦P®É¤]¦³·U¨Ó·U¦h¤H¥¿¦b¬°³nÅ骺¤¤¤å¤Æ¦Ó§V¤O¡C¥BÅý§Ú­Ì«ø¥Ø¥H«Ý¡C</para>
+ </sect1>
+
+ <sect1 id="locale">
+ <title>¤°»ò¬O locale ¡H</title>
+ <para>locale ¬O¤@²Õ C µ{¦¡»y¨¥³B²z¦ÛµM»y¨¥(¤å¦r)ªºµ{¦¡¤¶­±¡A
+ ¤]¥i¥H²³æªº»¡¡Alocale ´N¬O¤@²Õ [¦a°Ï©Ê»y¨¥] ªº¸ê°T¡C
+ ¥Ñ°ê®a»y¨¥©M¦U¦a²ß«U¼vÅT©Ò¨M©wªººD¨Ò¡A©Î¥Nªí¤@­Ó¦a²z°Ï°ìªº©w¸q©Ò²Õ¦¨¡A
+ ³o¨ÇºD¨Ò¥]§t¤å¦r¡B¤é´Á¡B¼Æ¦r¡B³f¹ô®æ¦¡©M±Æ§Çµ¥µ¥¡C³o¥NªíµÛ locale ¥iÅýµ{¦¡ªº¿é¥X¥i¥Hª½±µ¤ÏÀ³¦a¤è°Ï°ì©Êªº¤å¤Æ¡CC »y¨¥ªº locale
+ ©w¸q¡A¤À¬°¤U¦C¦U¤jÃþ¡G</para>
+ <itemizedlist>
+ <listitem><para>LC_ALL ¥Nªí©Ò¦³ªº Locale</para></listitem>
+ <listitem><para>LC_CTYPE ¦r¤¸©w¸q (¥]§t¦r¤¸¤ÀÃþ»PÂà´«³W«h)</para></listitem>
+ <listitem><para>LC_MESSAGES °T®§Åã¥Ü</para></listitem>
+ <listitem><para>LC_TIME ®É¶¡®æ¦¡</para></listitem>
+ <listitem><para>LC_NUMERIC ¼Æ¦r®æ¦¡</para></listitem>
+ <listitem><para>LC_MONETARY ³f¹ô®æ¦¡</para></listitem>
+ <listitem><para>LC_COLLATE ¦r¥À¶¶§Ç»P¯S®í¦r¤¸¤ñ¸û</para></listitem>
+ </itemizedlist>
+ <para>¨ä¤¤»P¤@¯ë¨Ï¥ÎªÌ®§®§¬ÛÃöªº¡A¬O¦r¤¸©w¸q (LC_CTYPE) »P°T®§Åã¥Ü
+ (LC_MESSAGES)¡CLC_CTYPE ª½±µÃö«Y¨ì¬Y¨Ç¦r¤¸©Î¤º½X¦b¥Ø«eªº
+ locale ¤U¬O§_¥i¦C¦L¡H­n¦p¦óÂà´«¦r½X¡H¹ïÀ³¨ì­þ¤@­Ó¦r¡H....
+ µ¥µ¥¡CLC_MESSAGES «hÃö«Y¨ì³nÅ骺°T®§¿é¥X¬O¤£¬O²Å¦X¦a°ì©Ê¡A¨Ò¦p
+ ¡G§Ú­Ì»Ý­nªº¬O¤¤¤å¡C¦Ó¤@­Ó¯u¥¿§¹¾ã¤ä´© locale ¨t²Î¡A
+ ¬O·í¨Ï¥ÎªÌ¦b shell prompt ¤U¡Aª½±µ³]¦nÀô¹ÒÅܼƫá¡A
+ «h°¨¤W´N¯à¤Á´«¨ì¨º­Ó»y¨¥¤F¡C¨Ò¦p¡G </para>
+ <screen>
+&prompt.user; <userinput>setenv LC_CTYPE zh_TW.Big5</userinput> </screen>
+ <para>locale ©R¦W³W«h¡G»y¨¥_¦a°Ï¦W.¦r¤¸½s½X¦WºÙ</para>
+ <para>³]©w Locale ªº¦r¤¸©w¸q¬°¥xÆW¦a°Ïªº Big5 ÁcÅ餤¤å½X©w¸q¡A
+ ¦³¤F¥¿½Tªº locale ªº©w¸q«á¡A¨Ï±o¥ô¦ó¦a°Ïªº»y¤å¡A¥u­n¦b¥[¤J¾A·íªº
+ locale data ¤§«á¡AC Library ´N¯à¥¿½T¦a³B²z³nÅéÅã¥Ü°T®§¡A
+ ¦Ó§Ú­Ì¨Ï¥Îªº [¤¤¤å] ·íµM¤]¤£¨Ò¥~¡A¦Ó¥Ø«e¤¤¤å¨Ï¥Îªº locale data
+ ´N¬O zh_TW.Big5¡A¥Nªíªº´N¬O¤¤¤å»y¨t(zh)¥xÆW¦a°Ï(TW)
+ ¨Ï¥ÎBig5½s½X¨t²Î(Big5)¡C </para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/faq.sgml b/zh_TW.Big5/books/zh-tut/chapters/faq.sgml
new file mode 100644
index 0000000000..2d2a697b4b
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/faq.sgml
@@ -0,0 +1,910 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: faq.sgml,v 1.100 2003/12/08 11:06:41 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="faq">
+ <title>±`¨£°ÝÃD¸Ñµª</title>
+
+ <sect1 id="anti-input">
+ <title>¬°¦ó§ÚµLªk¿é¤J¤¤¤å¡H</title>
+ <para>³o­Ó°ÝÃD°Ý±o¤ÓÅ¢²Î¤F¡I±z¬O¦b¤°»ò±¡ªp¤U¤£¯à¿é¤J¤¤¤åªº¡H</para>
+ <para>¦pªG±z¬O¦b console ªº shell ¤U¤£¯à¿é¤J¤¤¤å¡A½Ð°Ñ¦Ò
+ <link linkend="shell">¦b Shell ©³¤U¿é¤J¤¤¤å</link>
+ ¤@¤p¸`ªº»¡©ú¡C</para>
+ <para>¦pªG±z¬O¦b½s¿è¾¹¤¤¤£¯à¿é¤J¡A¥i¯à±zªº½s¿è¾¹µLªk¤ä´©¤¤¤å¡C
+ ½Ð°Ñ¦Ò <link linkend="software">¦³¥Îªº¤¤¤å³nÅé</link>
+ ¤@¸`¦w¸Ë¯à¤ä´©¤¤¤åªº½s¿è¾¹¡C
+ ¦pªG¬O <application>vi</application> µLªk¿é¤J¤¤¤å½Ð°Ñ¦Ò
+ <link linkend="vi">¿é¤J¤¤¤å·|Åã¥Ü /XX/XX¡H</link></para>
+ <para>¦pªG±z¬O <application>telnet</application>
+ ¨ì§O¤Jªº¾÷¾¹«á¤£¯à¿é¤J¤¤¤å¡A¨º»ò°ÝÃD«Ü¥i¯à¦b
+ <application>telnet</application> ³o¤äµ{¦¡¤W¡C½Ð°Ñ¦Ò
+ <link linkend="telnet">telnet</link>
+ ¤@¤p¸`ªº»¡©ú¡C </para>
+ </sect1>
+
+ <sect1 id="input-in-netscape">
+ <title>¦p¦ó¦b Netscape ¿é¤J¤¤¤å¡H [OBSOLETE]</title>
+ <para>¦w¸Ë <application>xcin25</application> ¨Ã³]©w¦n XIM §Y¥i¡C½Ð°Ñ¦Ò
+ <link linkend="xcin25">xcin25</link>
+ ¤@¸`ªº»¡©ú¡C¤£¹L¦pªG <application>netscape</application>
+ ¬O¥H package ¦w¸Ëªº¡A¥i¯à¨S¿ìªk¡C </para>
+ </sect1>
+
+ <sect1 id="chitex-cjk">
+ <title>ChiTeX »P CJK ¦³¦ó¤£¦P¡H ¥i§_¦P®É¦w¸Ë¡H</title>
+ <itemizedlist>
+ <listitem><para>
+ <application>CJK</application> ªº¤¤¤å¦r§ÎŪ¨ú´M§ä¨t²Î¬[ºc¦b
+ <application>LaTeX</application> ªº NFSS ¤W¡A
+ </para></listitem>
+ <listitem><para>
+ <application>ChiTeX</application> ªº¤¤¤å¦r§ÎŪ¨ú´M§ä¨t²Î¬O¿W¥ß¦Ó®Ä²v°ªªº¨t²Î
+ </para></listitem>
+ <listitem><para>
+ <application>CJK</application> ¥i¨Ï¥Î¤¤¤å¡A¤é¤å¡AÁú¤å¡F¦Ó
+ <application>ChiTeX</application> ¥u¹ï¤¤¤å¥¿Åé¦r(Big5)
+ </para></listitem>
+ <listitem><para>
+ <application>CJK</application> ¥u¯à¥Î¦b
+ <application>LaTeX</application> ¤W¡F¦Ó
+ <application>ChiTeX</application> ¥i¥Î¦b plain
+ <application>TeX</application> »P
+ <application>LaTeX</application> ¤W¡C
+ </para></listitem>
+ <listitem><para>
+ <application>ChiTeX</application> «ü¥O²³æ¦ý«Ü¦³¥Î¡C
+ </para></listitem>
+ <listitem><para>
+ <application>ChiTeX</application> ¬O±µªñ¯u¥¿¤¤¤å
+ <application>LaTeX</application> ªº¤¤¤å
+ <application>LaTeX</application>¡C
+ </para></listitem>
+ <listitem><para>
+ ¥\¯àªº¤£¦P...
+ </para></listitem>
+ </itemizedlist>
+ <para><application>ChiTeX</application> ©M
+ <application>CJK</application> À³¸Ó¬O¥i¥H¦P®É¦w¸Ëªº¡A¦ý¬O
+ <application>ChiTeX</application> »P
+ <application>CJK</application> ©Ò¥Îªº
+ <application>ttf2pk</application> ¦pªG¦P¦W¦r¡A¥i¯à¦³°ÝÃD¡C
+ ¸Ñ¨Mªº¿ìªk¬O¦b¦U¦Û°_©lªº«ü¥O½Z(shell script)¤¤©w¸q $PATH
+ ÅܼơA¨Ï¨ä«ü¦V¥¿½Tªº <application>ttf2pk</application> ¦ì¸m¡C
+ </para>
+ <para> (·PÁ³¯¥°¼Ý±Ð±Â¸Ñµª¡C) </para>
+ </sect1>
+
+ <sect1 id="rxvt-locale">
+ <title>rxvt-2.7.3 ¬°¦ó¬O¤é¤åªº¡H</title>
+ <para>½Ð°Ñ¦Ò<link linkend="rxvt">rxvt</link>¡C</para>
+ </sect1>
+
+ <sect1 id="speedup-xwin">
+ <title>¥[§Ö X Win ªº¤èªk¡H</title>
+ <para>¥Î "<command>startx - -deferglyphs 16</command>"
+ ¶i¤J X µøµ¡¨t²Î¸Õ¸Õ¬Ý¡A³o¸Ì
+ "<option>-deferglyphs 16</option>" ªº°Ñ¼Æ·|Åý X ©µ¿ð²£¥Í
+ 16bit ¦r«¬ªº®É¶¡¡A
+ ¤£¦b²Ä¤@¦¸¸ü¤J¦r«¬ªº®É­Ô´N¥þ³¡¤@¦¸²£¥Í¡A¦Ó¦b¯u¥¿¨Ï¥Î¨ì¦r«¬
+ ªº®É­Ô¤~²£¥Í¡A¥i¥HÅý¸ü¤J¤¤¤å¦r«¬ªº®É­Ô¤£·| hang ¦í¡A¥i¥H¥[
+ §Ö¤¤¤å¦rÅã¥Üªº³t«×¡C</para>
+ </sect1>
+
+ <sect1 id="netscape-color">
+ <title>¬°¦ó Netscape ªº¹Ï¥Ü¬O¶Â¥Õªº¡H [OBSOLETE]</title>
+ <para>
+ ·í <option>bpp</option> ³]¦¨ 24 ®É¡A
+ <application>Netscape</application>
+ ªº¹Ï¥Ü´N·|Åܦ¨¶Â¥Õ¡A
+ ¥u­n¥Î <option>bpp 16</option> ©Î¬O
+ <option>bpp 32</option> ´N·|Åܦ¨±m¦â¤F¡C</para>
+ </sect1>
+
+ <sect1 id="ssh">
+ <title>¤¤¤åªº SSH client for windows¡H</title>
+ <para><application>PuTTY</application> ²{¦b¦³¤¤¤å¬Û®eªºª©¥»¥X¨Ó¤F¡A
+ ±ÀÂ˵¹¤j®a¡A«Ü¤pªºÀɮסA¥u¦³ 216 KB¡A¦¹ª©¤¤¤å¥¿±`¡C
+ <application>PuTTY</application> ¤¤¤å¬Û®e§@ªÌ¡G&a.mhsin;¡A
+ ¤¤¤å¬Û®e¥\¯à§@ªÌºô­¶: <ulink url="http://www.mhsin.org/putty/">
+ http://www.mhsin.org/putty/</ulink>¡A³o¸Ì´£¨Ñ¤@­Ó<ulink
+ url="http://freebsd.sinica.edu.tw/~statue/putty.exe">¤U¸üÂI</ulink>¡C</para>
+ <para>¦b 0.52 ª©ªº putty ¥u»Ý­n½Õ¾ã¤@¤U³]©w´N¥i¥H¿é¤J¤¤¤å¤F¡C
+ Change Settings -&gt; Window -&gt; Appearance -&gt; ªº
+ Set the font used in the terminal window ÂI Change «á
+ ±N¦r«¬¿ï¾Ü²Ó©úÅé©Î¬O¼Ð·¢Å骺¤¤¤å¦r«¬¡A¨Ã§â¦r¶°¿ï¾Ü
+ CHINESE_BIG5¡A³o¼Ë¤l´N¥i¥H¿é¤J¤¤¤åÅo¡C</para>
+ <para>¨Ï¥Î·sª©PuTTY®É½Ð°O±o§âWindow-->Appearance¸Ìªºcursor appearance§ï¦¨
+ Underline¡AÁקK¹w³]ªº¶ôª¬´å¼Ð¦b­«Ã¸®É·|§â´å¼Ð©Ò¦bªº¤¤¤å¦r¤Á¶}¡C</para>
+ <para>µ§ªÌ³q±`ÁÙ·|§â Terminal ¸Ì­±ªº <option>Enable blinking text</option>
+ ¨Ó¤ä´©°{Ã{¦r¡A¥H¤Î§â Keyboard ¸Ì­±ªº <option>The Backspace key</option>
+ §ï¦¨ <option>Control-H</option> ¨Ó¨Ï BackSpace ¦³®Ä¥Î¡C</para>
+ <para>Putty WWW: <ulink url="http://www.chiark.greenend.org.uk/~sgtatham/putty/">
+ http://www.chiark.greenend.org.uk/~sgtatham/putty/</ulink>¡C</para>
+ <para>­n¤£µM¤]¥i¥H¨ì <ulink url="http://www.ssh.com/products/ssh/download.cfm">
+ http://www.ssh.com/products/ssh/download.cfm</ulink> §ì¨ú
+ <application>SSHWinClient-3.0.0.exe</application>¡A
+ ¦¹ª©¤¤¤å¤]¥¿±`¡A¥\¯à¤]¤ñ <application>Putty</application>
+ ¦h«Ü¦h¡A¤£¹LÀɮפj¤FÂI¡A¬ù 6.37MB¡A³o¸Ì´£¨Ñ¤@­Ó
+ <ulink url="http://freebsd.sinica.edu.tw/~statue/SSHWinClient-3.0.0.exe">¤U¸üÂI</ulink>¡C</para>
+ <para>SSHWinClient WWW: <ulink url="http://www.ssh.com/">
+ http://www.ssh.com/</ulink>¡C</para>
+ <para>Chinese Putty WWW: <ulink url="http://mhsin.org/putty/">
+ http://mhsin.org/putty/</ulink></para>
+ </sect1>
+
+ <sect1 id="input-in-ftp">
+ <title>¦b FTP ¤¤¿é¤J¤¤¤å¡H</title>
+ <para>¦b²×ºÝ¾÷©³¤U½Ð¸Õ¸Õ¥Î <link linkend="ncftp3">ftp/ncftp3</link>¡A
+ ¦pªG¦b X ©³¤U«Øij¨Ï¥Î <link linkend="iglooftp">ftp/IglooFTP</link>
+ µe­±©M¨Ï¥Î¤è¦¡«OÃÒ·R¤£ÄÀ¤â¡C</para>
+ </sect1>
+
+ <sect1 id="oracle8i">
+ <title>Oracle8i ¨S¿ìªk¨Ï¥Î¤¤¤å¡H</title>
+ <para>¦bÀô¹ÒÅܼƤ¤³]©w nls_lang</para>
+ <programlisting>
+<!--export nls_lang=American_America.ZHT16BIG5-->
+export nls_lang="traditional chinese"</programlisting>
+ <para>©Î¬O³]©w NLS_LANG ¬° TRADITIONAL CHINESE_TAIWAN.ZHT16BIG5¡A
+ ³o¨âºØ¤èªk³£¦³¤H´£¥X¨Ó¡A¤£¹Lµ§ªÌ¨S¦³¹ê»Ú´ú¸Õ¹L¡C</para>
+ <para>WWW: <ulink url="http://www.oracle.com.tw/">
+ http://www.orcale.com.tw/</ulink></para>
+ </sect1>
+
+ <sect1 id="oracle9i">
+ <title>¦w¸Ë Oracle9i ¥X²{¶Ã½X¡H</title>
+ <para>by tommy@teatime.com.tw</para>
+ <para>Oracle 9i ¤ºªº JAVA ¦r«¬³]©w¦³ÂI°ÝÃD¡A
+ ¦w¸ËÀô¹Ò³£³]¬°­^¤å´N¥i¥H¦w¸Ë¤F¡C</para>
+ <para>¦pªG¤@©w­n¬Ý¨ì¤¤¤å¡A´N§â¤U­±³o­ÓÀɮתº¤º®e§ï¤@§ï¦A¸Ë¡G</para>
+ <programlisting>
+ Disk1/stage/Components/oracle.swd.jre/1.1.8.0.0/1/ \
+ DataFiles/Expanded/linux/lib/font.properties.zh_TW_Big5</programlisting>
+ <para>©Î¬O¡G</para>
+ <programlisting>
+ Disk1/stage/Components/oracle.swd.jre/1.3.1.0.0/1/ \
+ DataFiles/Expanded/jre/linux/libfont.properties.zh</programlisting>
+ <para>¸Ì­±ªº 1.1.8.0.0 ©Î¬O 1.3.1.0.0 ­n®Ú¾Ú±z©Ò¦w¸Ëªº
+ jsdk ¤ºªþªºª©¥»¡A¨Ã¥B§â big5 ¨º´X¦æ§ï¬°¡G</para>
+ <programlisting>
+-default-ming-medium-r-normal--*-%d-*-*-c-*-big5-0</programlisting>
+ <para>´N¥i¥H¤F¡C</para>
+ <para>©Î¬Oª½¸Ó­×§ï $JAVA_HOME/jre/lib/font.properties
+ ¤]¥i¥H¡A·PÁÂ jsona laio &lt;freeonfair@yahoo.co.uk&gt;¡C</para>
+ </sect1>
+
+ <sect1 id="wuftp">
+ <title>wu-ftp µLªk¤W¶Ç¤¤¤åÀɦWªºÀɮסH</title>
+ <para>¬°¤°»ò°Î¦WªÌµLªk¤W¶Ç¤¤¤åÀɦWªºÀɮסA¦ý«o¥i¤W¶Ç­^¤åÀɦWªºÀɮסH</para>
+ <para>§Ú·Q¬O±z¦b ftpaccess ³]©wÀɤ¤³]©w¤F patch-filter ¤F¡C
+ ¥u­n§â¥H¤Uªº³]©wµù¸Ñ°_¨Ó¡AÀ³¸Ó´N¥i¥H¶Ç¤¤¤åÀɦWªºÀɮפF¡C</para>
+ <programlisting>
+# path-filter...
+path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
+path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-</programlisting>
+ </sect1>
+
+ <sect1 id="kdm">
+ <title>kdm µn¤Jµe­±¬O¶Ã½X¡H</title>
+ <para><filename>/usr/local/share/config/kdmrc</filename> ÀɮסA
+ §ä¨ì font ¬ÛÃö³]©w¡A¼Æ¦r³]©w²Ä¤T­ÓÄæ¦ìªº 0 §ï¦¨ big5 §Y¥i¡Cex:</para>
+ <programlisting>
+FailFont=helvetica,12,5,big5,75,0
+GreetFont=charter,24,5,big5,50,0
+StdFont=helvetica,12,5,big5,50,0</programlisting>
+ <para>¶¶«K¬Ý¤@¤U [Locale] °Ï¬q¡A­n¥¿±`Åã¥Ü¤¤¤å¡A­n¸É¤W¡G</para>
+ <programlisting>
+Country=tw
+Language=zh_TW.Big5</programlisting>
+ <para>¥t¥~¡A¤¤¤åªºÀô¹Ò³]©w­n¦b <filename>~/.xsession</filename>
+ ¸Ì­±³]©w¡A¦Ó¤£¬O¦b <filename>~/.cshrc</filename>¡C</para>
+ </sect1>
+
+ <sect1 id="vi">
+ <title>vi ¿é¤J¤¤¤å·|Åã¥Ü /XX/XX¡H</title>
+ <para>³o³q±`³£¬O³]©w¤F LC_CTYPE ¬° zh_TW.Big5 ©Î¬O¨S³]©w LC_CTYPE
+ ¤~·|µo¥Íªº°ÝÃD¡A¦b <filename>~/.cshrc</filename> ¤¤¥[¤W¤U­±ªº
+ alias §Y¥i¡G</para>
+ <programlisting>
+alias vi 'env LC_CTYPE=en_US.ISO_8859-1 vi'</programlisting>
+ <para>©Î¬Oª½±µ§ï¥Î vim6¡A·|¦³§ó¦hªº¥\¯à»P¤ä´©¡C</para>
+ <para>½Ð°Ñ¦Ò <link linkend="iso8859-1">ISO8859-1</link> ¤@¸`¡C</para>
+ </sect1>
+
+ <sect1 id="write">
+ <title>write µLªk°e¤¤¤å°T®§¡H</title>
+ <para>³o³q±`³£¬O³]©w¤F LC_CTYPE ¬° zh_TW.Big5 ©Î¬O¨S³]©w LC_CTYPE
+ ¤~·|µo¥Íªº°ÝÃD¡A¦b <filename>~/.cshrc</filename> ¤¤¥[¤W¤U­±ªº
+ alias §Y¥i¡G</para>
+ <programlisting>
+alias write 'env LC_CTYPE=en_US.ISO_8859-1 write'</programlisting>
+ <para>½Ð°Ñ¦Ò <link linkend="iso8859-1">ISO8859-1</link> ¤@¸`¡C</para>
+ </sect1>
+
+ <sect1 id="talk">
+ <title>talk µLªk°e¤¤¤å°T®§¡H</title>
+ <para>³o³q±`³£¬O³]©w¤F LC_CTYPE ¬° zh_TW.Big5 ©Î¬O¨S³]©w LC_CTYPE
+ ¤~·|µo¥Íªº°ÝÃD¡A¦b <filename>~/.cshrc</filename> ¤¤¥[¤W¤U­±ªº
+ alias §Y¥i¡G</para>
+ <programlisting>
+alias talk 'env LC_CTYPE=en_US.ISO_8859-1 talk'</programlisting>
+ <para>½Ð°Ñ¦Ò <link linkend="iso8859-1">ISO8859-1</link> ¤@¸`¡C</para>
+ </sect1>
+
+ <sect1 id="wall">
+ <title>wall µLªk°e¤¤¤å°T®§¡H</title>
+ <para>³o³q±`³£¬O³]©w¤F LC_CTYPE ¬° zh_TW.Big5 ©Î¬O¨S³]©w LC_CTYPE
+ ¤~·|µo¥Íªº°ÝÃD¡A¦b <filename>~/.cshrc</filename> ¤¤¥[¤W¤U­±ªº
+ alias §Y¥i¡G</para>
+ <programlisting>
+alias wall 'env LC_CTYPE=en_US.ISO_8859-1 wall'</programlisting>
+ <para>½Ð°Ñ¦Ò <link linkend="iso8859-1">ISO8859-1</link> ¤@¸`¡C</para>
+ </sect1>
+
+ <sect1 id="finger">
+ <title>finger µLªk¬Ý¨ì¤¤¤åproject¡H</title>
+ <para>³o³q±`³£¬O³]©w¤F LC_CTYPE ¬° zh_TW.Big5 ©Î¬O¨S³]©w LC_CTYPE
+ ¤~·|µo¥Íªº°ÝÃD¡A¦b <filename>~/.cshrc</filename> ¤¤¥[¤W¤U­±ªº
+ alias §Y¥i¡G</para>
+ <programlisting>
+alias finger 'env LC_CTYPE=en_US.ISO_8859-1 finger'</programlisting>
+ <para>½Ð°Ñ¦Ò <link linkend="iso8859-1">ISO8859-1</link> ¤@¸`¡C</para>
+ </sect1>
+
+ <sect1 id="mail">
+ <title>mail µLªk¬Ý¨ì¤¤¤å¡H</title>
+ <para>³o³q±`³£¬O³]©w¤F LC_CTYPE ¬° zh_TW.Big5 ©Î¬O¨S³]©w LC_CTYPE
+ ¤~·|µo¥Íªº°ÝÃD¡A¦b <filename>~/.cshrc</filename> ¤¤¥[¤W¤U­±ªº
+ alias §Y¥i¡G</para>
+ <programlisting>
+alias mail 'env LC_CTYPE=en_US.ISO_8859-1 mail''</programlisting>
+ <para>½Ð°Ñ¦Ò <link linkend="iso8859-1">ISO8859-1</link> ¤@¸`¡C</para>
+ </sect1>
+
+ <sect1 id="xml">
+ <title>xml ¬O§_¨ã¦³³B²z¤¤¤åªº¯à¤O¡H</title>
+ <para>½Ð°Ñ¦Ò¥H¤Uªººô§}¡G</para>
+ <para>WWW: <ulink url="http://www.ascc.net/xml/zh/big5/">
+ Chinese XML Now</ulink></para>
+ </sect1>
+
+ <sect1 id="rm-i">
+ <title>¦p¦ó§R°£¥H¤¤¤å©R¦WªºÀɮסH</title>
+ <para>·í¹J¨ì¤£ª¾¦Wªº¶Ã½X©R¦WÀɮ׮ɡA¥i¥H¥Î
+ <command>rm -i *</command> ¨Ó§R°£ÀɮסA
+ ¥¦·|¨C¤@­ÓÀɮ׳£¸ß°Ý±z¬O§_­n§R°£¡C</para>
+ </sect1>
+
+ <sect1 id="x-win32">
+ <title>X-win32 ¦p¦ó¦w¸Ë¤¤¤å¦r«¬¡H</title>
+ <para>³q±`µ§ªÌ³£·|¨Ï¥Î kcfonts¡A¦]¬°¸ò¹w³]ªº¨t²Î¤ñ¸û¦X¡C</para>
+ <para>­º¥ý¦b <filename>chinese/kcfonts</filename> ¦w¸Ë¦n«á¡A
+ ±N <filename>/usr/X11R6/lib/X11/fonts/local/</filename> ©³¤UªºÀɮסA
+ ¥þ³£·h²¾¨ì <filename>C:\Program Files\StarNet\X-Win32 5.1\Lib\Fonts\
+ </filename> ©³¤U¡AµM«á¥Î <option>Font -&gt; Add... -&gt;
+ local\</option>¡A±µµÛ <option>Make FONTS.DIR</option>¡A
+ ¨Ã <option>Edit Alias File...</option>¡G</para>
+ <programlisting>
+kc12x24 -kc-fixed-medium-r-normal--24-170-100-100-c-120-iso8859-1
+kc15f -kc-fixed-medium-r-normal--16-160-72-72-c-160-big5-0
+kc24f -kc-fixed-medium-r-normal--24-240-100-100-c-240-big5-0
+kc8x15 -kc-fixed-medium-r-normal--15-170-100-100-c-80-iso8859-1
+taipei16 -kc-fixed-medium-r-normal--16-160-72-72-c-160-big5-0
+taipei24 -kc-fixed-medium-r-normal--24-240-100-100-c-240-big5-0</programlisting>
+ <para>©Î¬O¥Î <filename>ports/x11-fonts/getbdf</filename> ¡A<command>
+ getbdf -font "-dynalab-mingliu-medium-r-normal--16-*-*-*-c-*-big5-0"
+ &gt; mingliu16.bdf</command> ¨Ó²£¥Í 16pt ªº¦r«¬¡A
+ µM«á¨Ì§Ç²£¥Í©Ò»Ý­n¥Îªº¦r«¬¡C</para>
+ <para>¦b Windows ©³¤U¤]¥i¥H§ì¨ú <filename>ttf2bdf.exe</filename>¡A±N
+ <filename>C:\Windows\Fonts\mingliu.ttc</filename> Âন bdf¡A
+ µM«á¨Ì·Ó¤W­±ªº¤èªk¤]¬O¥i¥H¨Ï¥Îªº¡C</para>
+ </sect1>
+
+ <sect1 id="www">
+ <title>ºô­¶¶Ã½X¡H</title>
+ <para>¦pªG¬Oºô­¶¤º®e¡A½Ð¦bºô­¶ªº³Ì«e­±¥[¤W¡G</para>
+ <programlisting>
+&lt;META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5"&gt;
+</programlisting>
+ <para>¦bºô­¶¤¤³]©w«á¡A­«ÅªÀ³¸Ó´N¥¿±`¤F¡A¦pªGÁÙ¬O¤£¥¿±`´NÀ˹î
+ <filename>httpd.conf</filename> ¬Ý¬O§_¦³¤U­±³o¦æ¡G
+ <option>AddDefaultCharset ISO-8859-1</option>¡A
+ ³o¦æ³]©w·|ÅýÂsÄý¾¹¤£·|®Ú¾Úºô­¶¤¤ªº»y¨¥³]©w¦Ó§PÂ_½s½X¤èªk¡A
+ ¥u­n§â³o¦æµù¸Ñ±¼´N¥i¥H¤F¡C</para>
+ <para>¦pªG¬O URL ¦C¤¤¤åÅܶýX¡A³o¬O¥¿±`ªº¡A±z¥i¥H¥Î perl ¨Ó½s½X¡G</para>
+ <programlisting>
+$string =~ s/([^0-9A-Za-z])/sprintf("%%%02X",ord($1))/ge;</programlisting>
+ <para>©Î¬O¥Î perl ¨Ó¸Ñ½X¡G</para>
+ <programlisting>
+$string =~ s/%([0-9A-Fa-f][0-9A-Fa-f])/chr hex $1/ge;</programlisting>
+ </sect1>
+
+ <sect1 id="vnc">
+ <title>vnc §ì XFree86 ªº¤¤¤å°ÝÃD¡H</title>
+ <para>by nestlin (nestlin.bbs@nestlin.Dorm13.NCTU.edu.tw)</para>
+ <para>Q: ½Ð±Ð¤@¤U¡A§Ú¦b w2k ¤¤°õ¦æ vnc ¥h§ì bsd ªº xwin 3.3.6 ª©¡A
+ ¬O¥i¥H§ì¶i¨Ó¡A¦ý¨S¦³¤¤¤å¡A¦ý¦pªG§Úªº¦b bsd ¤WÀY¨Ï¥Î startx
+ ¶] xwin ®É¤¤¤å½T¬O¥¿±`ªº¡A½Ð°Ý§Ú­n¦p¦ó¸Ñ¨M vnc ¤¤ ¤¤¤åªº°ÝÃD¡C</para>
+ <para>A: ¦pªG¬O GNOME2 ªº³nÅé¡A¤¤¤å¤£·|¦³°ÝÃD¡A
+ ¦ý¬O¦pªG¬O¶Ç²Î XLFD ¦Y¦rªº¸Ü¡A¥i¥H°Ñ¦Ò¥H¤Uªº¦w¸Ë¹Lµ{¡G</para>
+ <para>¦w¸Ë <filename role="package">net/vnc</filename>¡C</para>
+ <para>±µµÛ­×§ï <filename>/usr/X11R6/bin/vncserver</filename>¡G</para>
+ <programlisting>
+--- vncserver.orig Fri Jan 4 15:45:23 2002
++++ vncserver Fri Jan 4 16:07:47 2002
+@@ -149,6 +149,7 @@
+
+ # Add font path and color database stuff here, e.g.:
+ #
++$cmd .= " -fp /usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/100dpi/,/usr/X11R6/lib/X11/fonts/local/";
+ # $cmd .= " -fp /usr/lib/X11/fonts/misc/,/usr/lib/X11/fonts/75dpi/";
+ # $cmd .= " -co /usr/lib/X11/rgb";
+ #</programlisting>
+ <para>±µµÛ´N¥i¥H±Ò°ÊÅo¡C</para>
+ <screen>
+&prompt.root; <userinput>vncserver :1</userinput> (±Ò°Ê)
+
+You will require a password to access your desktops.
+
+Password: <userinput>passwd</userinput>
+Verify: <userinput>passwd</userinput>
+xauth: creating new authority file /root/.Xauthority
+
+New 'X' desktop is statue2.elife.idv.tw:1
+
+Creating default startup script /root/.vnc/xstartup
+Starting applications specified in /root/.vnc/xstartup
+Log file is /root/.vnc/statue2.elife.idv.tw:1.log
+&prompt.root; <userinput>vncpasswd</userinput> (´«±K½X)
+Password: <userinput>passwd</userinput>
+Verify: <userinput>passwd</userinput>
+&prompt.root; <userinput>ps -aux |grep Xvnc</userinput> (Àˬdª¬ºA)
+root 7103 0.9 0.7 5652 5288 p1 I 3:36¤U¤È 0:42.89 Xvnc :1 -desktop
+&prompt.root; <userinput>vncserver -kill :1</userinput> (²×¤î)
+ </screen>
+ <para>vncviewer «h¬O¥H statue2.elife.idv.tw:1 ¨Ó³s½u¡C</para>
+ <para>¦pªG¤£·Q­×§ï vncserver ©Î¬O·Q¥H¨ä¥Lªº window Manager ¨Ó±Ò°Ê¡A
+ ¨º»ò´N­n­×§ï <filename>~/.vnc/xstartup</filename>¡G</para>
+ <programlisting>
+xset +fp /usr/X11R6/lib/X11/fonts/misc/
+xset +fp /usr/X11R6/lib/X11/fonts/100dpi/
+xset +fp /usr/X11R6/lib/X11/fonts/local/
+xcin2.5 &
+icewm</programlisting>
+ <para>¥Ñ©ó vnc ¬O¥Ñ XFree86-3 §ïªº¡A©Ò¥H²{¦b§ÚÁÙ¤£ª¾¹D¸Ó«ç»ò¨Ï¥Î TTF¡C</para>
+ <para>VNC ¬O¤@­Ó«Ü¦n¥Îªº Remote Desktop Controller¡A¦ý¨ä X version ¬O§ï¦Û
+ XFree86 3.3.2¡A©Ò¥H¨S¦³¤ä´© TrueType ¦r«¬¡C</para>
+ <para>TridiaVNC ¬O¥Ñ Tridia ¤½¥qµo®i¡A©µÄò vnc ªº¶}µo¡A¬° vnc ¥[¤W³\¦h¥\¯à¡A
+ ¦p´£¨Ñ§ó¦hªºÀ£ÁY¤è¦¡¡A¤Î¥[¤J¹ï xtt ªº TrueType ¦r«¬¤ä´©¡C(XFree86-4
+ ¤º§t xtt module¡A¬G TridiaVNC ¥i¥Hª½±µ¨Ï¥Î XFree86-4 ªº TrueType ¦r«¬)
+ </para>
+ <para>¦w¸Ë <filename role="package">net/tridiavnc</filename>¡C</para>
+ <para>­Y¨t²Î¤¤¤w¸g¦³ xtt ¦r«¬¥Ø¿ý¡A½Ð©ó ~/.vnc/xstart ¤º¥[¤J¡G</para>
+ <programlisting>
+xset +fp /usr/X11R6/lib/X11/fonts/TrueType</programlisting>
+ <para>­YµL¡A½Ð¦w¸Ë ports ¸Ìªº TrueType ¦r«¬¡C</para>
+ <para>VNC ¸Ì­±«ç»ò¥´¤¤¤å¡H¥u­nCtrl+Space¤£­n³Q Windows ¦Y¤F´N¦n¤F¡A
+ ©Î¬O§ïÅÜ VNC ¤ºªº xin2.5 ¤Á´«¤¤¤åªº¼öÁä¤]¥i¥H¡C</para>
+ <figure>
+ <title>vnc snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/vnc" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>RealVNC WWW: <ulink url="http://www.realvnc.com">
+ http://www.realvnc.com</ulink></para>
+ <para>tridiaVNC WWW: <ulink url="http://www.tridiavnc.com">
+ http://www.tridiavnc.com</ulink></para>
+ <para>tightVNC WWW: <ulink url="http://www.tightvnc.com">
+ http://www.tightvnc.com</ulink></para>
+
+ </sect1>
+
+ <sect1 id="cccii-ft">
+ <title>CCCII-FT</title>
+ <para>¦]¬°°ò©óCCCIIªºÁcÅ餤¤å¤º½X¤@ª½¥¼©w¥X¾A·íªº¼Ð·Ç¡A
+ ¬G changcs °Ñ¦Ò¤F¤@¨Ç¸ê®Æ(CCCII¤â¥U¡BEUC-TW¤º½X)¡A
+ ¥H¤U´£¥X¤@­Ó°ò©óCCCIIªºÁcÅé¦r±M¥Î¤¤¤å¤º½X(¼ÈºÙ¬°EUC-CCCII-FT)¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/cccii-ft</userinput>
+&prompt.root; <userinput>make install clean</userinput>
+
+Add the following lines into your ~/.Xdefaults:
+
+whterm*font: 12x24
+whterm*kanjiMode: euc
+whterm*cccii21Font: cccii21Font
+whterm*cccii22Font: cccii22Font
+whterm*cccii23Font: cccii23Font
+whterm*cccii24Font: cccii24Font
+whterm*cccii25Font: cccii25Font
+whterm*cccii26Font: cccii26Font
+
+&prompt.root; <userinput>xset +fp /usr/X11R6/lib/X11/fonts/cccii/</userinput>
+&prompt.root; <userinput>xlsfonts | grep cccii</userinput>
+&prompt.root; <userinput>xrdb -load ~/.Xdefaults</userinput>
+&prompt.root; <userinput>whterm &</userinput>
+&prompt.root; <userinput>cat /usr/X11R6/share/cccii/test_file</userinput></screen>
+ <figure>
+ <title>cccii snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/cccii" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://santos.ee.ntu.edu.tw/~changcs/whterm/whterm.html">
+ http://santos.ee.ntu.edu.tw/~changcs/whterm/whterm.html</ulink></para>
+ </sect1>
+
+ <sect1 id="default-font">
+ <title>¦p¦ó§ó§ï X ªº¹w³]¤¤¤å¦rÅé¡H</title>
+ <para>¦b¦w¸Ë§¹ X «á¡A¿ï³æ¡AÅã¥Ü³£¬O¤å¹©¤¤·¢¡A³o¹ï¥ÎºD¤F²Ó©úÅ骺¤H¡A
+ ¦³µÛ²ö¤jªº¤£«K¡A¦ý¬O§â¨t²Î¦r«¬¥þ³£´«¦¨ Ming Åé«á¡A¤]´N¬O¤å¹©§ºÅé«á¡A
+ ­^¤å¦rÅ骺ÅܤƴN·|Åܤ֤F¡A©Ò¥HÀ³¸Ó¦³Â²³æªº¤è¦¡¥i¥H¨ú¥N¡C</para>
+ <para>«á¨Ó¬Ý¨ì &a.edwardlee;
+ ªº¤@½g¤å³¹¡A¤~ª¾¹D­ì¨Ó X ¹w³]§ì¦r«¬ªº®É­Ô¡A¬O¥H fonts.dir
+ ªº¤º®e¨Ó±Æ§Çªº¡A¥Ñ©ó¤å¹©ªº foundry name ³£¬O Arphic¡A©Ò¥H´N¬Ý¤U¤@­Ó
+ family name¡A
+ AR PL KaitiM Big5 ¤ñ AR PL Mingti2L Big5 ÁÙ«e­±¡A©Ò¥H³o´N¬O¬°¤°»ò¡A
+ ¤@¯ë³£·|§ì¨ì·¢Å骺­ì¦]¡C©Ò¥H´N·|¥h§ïÅܦr«¬ªº family name¡A
+ ¨ÓªvÀø³o­Ó°ÝÃD¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/X11R6/lib/X11/fonts/TrueType</userinput>
+&prompt.root; <userinput>perl -pi -e 's/Kai/Nai/g' fonts.alias fonts.dir fonts.scale</userinput></screen>
+ <para>¦ý¬O³o¼Ë¤lªº°µªk·|Åý KaitiM ªº¦r«¬¦b¾ã¦X¤W·|¥X²{³\¦h°ÝÃD¡A
+ ¦pªG³£¤£·|¨Ï¥Î¨ì KaitiM ªº¨Ï¥ÎªÌ¤~«Øij¦p¦¹°µ¡C</para>
+ </sect1>
+
+ <sect1 id="gdk-warning">
+ <title>Gdk-WARNING **: BIG5-0</title>
+ <para>·|¥X²{³o¼Ë¤lªº°T®§³q±`³£¬O¨S³]©w¦n <filename>~/.gtkrc</filename>¡A
+ ½Ð°Ñ¦Ò <link linkend="gnome">GNOME µ{¦¡ªº¤¤¤å¤ä´©</link>¡C</para>
+ </sect1>
+
+ <sect1 id="unzip">
+ <title>unzip ¸Ñ¶}¤¤¤åÀɦWÅܶýX¡H</title>
+ <para>¦b Windows ¤¤¥Î Winzip À£ÁY¤¤¤åÀɦWªºÀɮסA
+ §ì¨ì FreeBSD ©³¤U unzip ·|Åܦ¨¶Ã½X¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/unzip</filename>¡C</para>
+ <para>©Î¬O§Q¥Î¤U­±¦³­Ó leeym ¤j¤jªº patch¡G</para>
+ <programlisting>
+--- unzpriv.h.orig Thu Apr 10 02:13:13 2003
++++ unzpriv.h Thu Apr 10 02:24:23 2003
+@@ -2333,7 +2333,7 @@
+ # endif
+ # define _OEM_INTERN(str1) {register uch *p;\
+ for (p=(uch *)(str1); *p; p++)\
+- *p = native((*p & 0x80) ? oem2iso[*p & 0x7f] : *p);}
++ *p = native(/*(*p & 0x80) ? oem2iso[*p & 0x7f] :*/ *p);}
+ # endif
+ #endif
+</programlisting>
+ </sect1>
+
+ <sect1 id="squid">
+ <title>squid ÂsÄý ftp »P gopher ¤¤¤å¶Ã½X¡H</title>
+ <para>by KTH.bbs&amp;alway.twbbs.org</para>
+ <para>­ì¥»¾Ç®Õ¨Ï¥Î Squid 2.1¡A³z¹L¥¦ÂsÄý ftp ¯¸¥x»P
+ gopher ¯¸¥x°T®§¤£·|¦³¶Ã½X¥X²{¡A«á¨Ó¦h¤F¤@¥x 2.4STABLEX
+ ¥H«á,µo²{³£·|¦³¶Ã½Xªº²£¥Í¡Aµy·L°lÂܤF¤@¤Uµ{¦¡¡A
+ ­ì¨Ó°ÝÃD¥X¦b 2.4x ¥H«á·|±N &gt;=0x7f »P &lt;=0x1f ªº¦r¤¸½s½X¦¨
+ &#%3d ªº®æ¦¡¡A¦]¦¹¦b¤£¼vÅTí©w«×ªº±¡ªp¤U¡A
+ ´N°®¯Ü§â³o¤@¬qµ{¦¡µ¹µù¸Ñ±¼¤F¡A³o¼Ë´N¯à¸Ñ¨M¤¤¤å¶Ã½X°ÝÃD¤F¡A
+ ¥ÎÂsÄý¾¹ÂsÄý°_¨Ó¯uªºÆZµÎªAªº ^^</para>
+ <programlisting>
+--- lib/html_quote.c.orig Wed Jun 5 16:02:30 2002
++++ lib/html_quote.c Wed Jun 5 16:03:07 2002
+@@ -114,11 +114,13 @@
+ * sure all 8-bit characters are encoded to protect from buggy
+ * clients
+ */
++#if 0
+ if (!escape && (ch &lt;= 0x1F || ch &gt;= 0x7f) && ch != '\n' && ch != '\r' && ch != '\t') {
+ static char dec_encoded[7];
+ snprintf(dec_encoded, sizeof dec_encoded, "&#%3d;", (int) ch);
+ escape = dec_encoded;
+ }
++#endif
+ if (escape) {
+ /* Ok, An escaped form was found above. Use it */
+ strncpy(dst, escape, 6);</programlisting>
+ </sect1>
+
+ <sect1 id="apache2">
+ <title>apache2 ¹w³]Åã¥Ü¤¤¤åºô­¶</title>
+ <para>apache2 ªºhttpd.conf¸Ì­±¦³¤@¦æ³]©w:</para>
+ <programlisting>
+AddDefaultCharset ISO-8859-1</programlisting>
+ <para>³o¤@¦æ³]©w¾É­PÂsÄý¾¹¤£·|®Ú¾Úºô­¶¸Ì­±ªº»y¨¥³]©w¦Ó§PÂ_½s½X¤èªk¡A
+ ¥u­n§â³o¦æµù¸Ñ±¼´N¥i¥H¥¿±`¤F¡C</para>
+ <para>¦pªG­n¹w³]¬° Big5 ½s½X¡A¤]¥i¥H§ï¬°:</para>
+ <programlisting>
+AddDefaultCharset Big5</programlisting>
+ <para>¤£¹L¦pªG¦³¨Ï¥ÎªÌªººô­¶¨Ã«D Big5 ½s½X¡A
+ ³o¼Ë¤lªº³]©w¥i¯à·|³y¦¨§xÂZ¡A
+ ¤£¦pµù¸Ñ±¼¥Ñ¨Ï¥ÎªÌ¦Û¤v¥h¼g¥H¤Uªº¼ÐÀY§ó¬°¦X¾A:</para>
+ <programlisting>
+&lt;meta http-equiv="Content-Type" content="text/html; charset=big5"&gt;</programlisting>
+ </sect1>
+
+ <sect1 id="url">
+ <title>ºô§}¦C¤£¯à¨Ï¥Î¤¤¤åÀɦW¡H</title>
+ <para>ºô§}¦C¤£¯à¨Ï¥Î¤¤¤å¡A¥i¯à¬O IE ªº¹w³]­È³y¦¨ªº¡C
+ «ö³y¤U­±ªº¨BÆJ­×§ï¬Ý¬Ý¡G</para>
+ <programlisting>¤u¨ã(T) -&gt; ºô»Úºô¸ô¿ï¶µ(O) -&gt; ¶i¶¥</programlisting>
+ <para>¸Ì­±¦³­Ó <option>¥Ã»·±N URL ¶Ç°e¦¨ UTF-8 (»Ý­n­«·s±Ò°Ê)</option>
+ ªº¿ï¶µ¡A§â¤Ä¨ú®ø«á¡A«ö½T©w¨Ã±N IE Ãö±¼­«¶}¡C</para>
+ </sect1>
+
+ <sect1 id="wget">
+ <title>wget ¤¤¤åÀɦWÅܶýX</title>
+ <para>¤¤¤åÀɦW¦b¥­±`ªº±¡ªp¤U·|³Q½s½X¡A
+ ¦ý¬O¦b <option>--cut-dirs</option> ®É¤S¬O¥¿±`ªº¡A
+ ¨º´N¤j®a¥Î <option>--cut-dirs</option>¡A
+ ©Î¬O¨Ï¥Î <filename>outta-port/wget</filename> §a</para>
+ <programlisting>
+wget -r -np -nH --cut-dirs=3 ftp://freebsd.sinica.edu.tw/pub/statue/test/
+ ´ú¸Õ.txt
+wget -r -np -nH -nd ftp://freebsd.sinica.edu.tw/pub/statue/test/
+ %B4%FA%B8%D5.txt
+wget "ftp://freebsd.sinica.edu.tw/pub/statue/test/*"
+ %B4%FA%B8%D5.txt</programlisting>
+ <para><application>wget</application> ªº¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/wget</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>¥Ñ©ó¤£ª¾¦Wªº­ì¦]¡A¥i¯à¬O¬°¤FÁ׶}¯S®íÀɦW¡A
+ wget ·|¦Û°Ê±N§ì¨úÀɦWªº³¡¤À¥Î encode_string ³B²z¹L¡A
+ ©Ò¥H¸Ó patch ´N§â³Q encode_string ³B²z¦¨ "%3A" ³oºØªF¦è¡A
+ ¥Î decode_string Á٭즨 ":"¡A
+ ¨Ã®M¥Î¦b¥Ø¿ý»PÀɮצWºÙªº³¡¤À¡Adecode_string ¬O wget ¤º«Øªº¨ç¦¡¡C</para>
+ <para>WWW: <ulink url="http://sunsite.auc.dk/wget/">
+ http://sunsite.auc.dk/wget/</ulink></para>
+ </sect1>
+
+ <sect1 id="bdf-newchar">
+ <title>¦p¦ó³y¦r¡H</title>
+ <para>³y¦rªº°ÝÃD¡A¥Ø«eµ§ªÌ·|ªº¥u¦³³yÂI°}¦r¦Ó¤w¡C</para>
+ <para>­º¥ý¡A§ä¨ì±z­n§ïªº¦r«¬ÀÉ¡A¦b³oÃä°²³]¬O
+ <filename>kc15f.bdf</filename>¡A§Ú¥u·|§ï BDF ®æ¦¡ªº¡A
+ µM«á§âÂI°}ªº®æ¦¡´O¤J¸Ó¦r«¬Àɤº¡C</para>
+ <para>¥H '¤å' ¬°¨Ò¡A¥ý±o¨ì¥Lªº ENCODING¡G</para
+ <screen>
+&prompt.root; <userinput>echo "¤å" | hexdump</userinput>
+0000000 e5a4 000a
+0000003
+&prompt.root; <userinput>printf %d 0xa4e5</userinput>
+42213</screen>
+ <para>¥H¤Î¥Lªº ucs-2¡G</para>
+ <screen>
+&prompt.root; <userinput>echo "¤å" | iconv -f big5 -t ucs-2 | hexdump</userinput>
+0000000 8765 0a00
+0000004</screen>
+ <para>§Ú­Ì¦b³oÃä¥H (¤è¤è¤g) ¬°¨Ò¡A¥Lªº big5 code ¬O
+ 0x964f(38479)¡Aucs-2 code ¬O 0x5803¡C</para>
+ <para>¥ý§ä¨ì <option>CHARS 13867</option>¡A¦]¬°§Ú­Ì­n¥[·s¦r¡A
+ ©Ò¥H§ï¦¨ <option>CHARS 13868</option>¡C</para>
+ <para>µM«á¨ì³o­ÓÀɪº³Ì«á¡A§ä³Ì«á¤@­Ó <option>STARTCHAR</option>
+ ¥[¤@¡A¦b³oÃä¬O STARTCHAR 13868 ¬°³Ì«á¤@­Ó¡A©Ò¥H¤]¥[¤@¡A
+ µM«á±N¦r¶ë³Ì«á¡A¨Ã¦b <option>ENDFONT</option> ¤§«e¡C</para>
+ <programlisting>
+STARTCHAR 13869
+ENCODING 38479
+SWIDTH 31 0
+DWIDTH 16 0
+BBX 15 15 1 -3
+BITMAP
+1830
+1424
+FEFE
+2040
+3C78
+2488
+4488
+5528
+8A10
+0180
+0110
+3FF8
+0100
+0104
+FFFE
+ENDCHAR</programlisting>
+ <para>µM«á¸òµÛ¥H¤Uªº¤è¦¡§@¨ÓÅý X »{Ãѱz©Ò³yªº¦r¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/X11R6/lib/X11/fonts/encodings/large/</userinput>
+&prompt.root; <userinput>cp big5.eten-0.enc.gz big5.eten-0.enc.gz.bak</userinput>
+&prompt.root; <userinput>gunzip big5.eten-0.enc.gz</userinput>
+&prompt.root; <userinput>chmod 644 big5.eten-0.enc</userinput>
+&prompt.root; <userinput>vim big5.eten-0.enc</userinput>
+0x964F 0x5803
+&prompt.root; <userinput>chmod 444 big5.eten-0.enc</userinput>
+&prompt.root; <userinput>gzip big5.eten-0.enc</userinput>
+&prompt.root; <userinput>cd /usr/X11R6/lib/X11/fonts/local</userinput>
+&prompt.root; <userinput>fetch kc15f.bdf</userinput>
+&prompt.root; <userinput>mkfontdir</userinput>
+&prompt.root; <userinput>crxvt -fm -kc-fixed-medium-r-normal--16-160-72-72-c-160-big5-0</userinput>
+&prompt.root; <userinput>perl -e 'print pack("CC", 0x96, 0x4F);'</userinput></screen>
+ </sect1>
+
+ <sect1 id="ftpd">
+ <title>¤º«Ø ftpd ªº¤¤¤å°ÝÃD</title>
+ <para>Contributed by: Wang.bbs@bbs.ba.mgt.ncu.edu.tw</para>
+ <para>Last Update: 2003¦~ 4¤ë 1¤é ©P¤G 12®É57¤À00¬í CST</para>
+ <para>Q: 4.7 Release ¤º«Ø ftpd¡A
+ ¨Ò¦p¡uµ{¡v¡B¡u³{¡v²Ä¤G­Ó character ¬O '{' ªº¤¤¤å¦r´N¤U¸ü¤£¤U¨Ó¡H</para>
+ <para>A: ¦]¬° FreeBSD ¤º«Øªº FTPD ·|±N { ©M \ ªº¦r¥h°£¡A
+ ¦pªG±z·Q­nÅý³o¨Ç¤¤¤å¦r¥i¥i¥H¥¿±`¨Ï¥Î½Ð­×§ï
+ <filename>/usr/src/libexec/ftpd/ftpcmd.y</filename>
+ §ä¨ì¤U¦C³o¤@¦æ¡G</para>
+ <programlisting>
+GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;</programlisting>
+ <para>±N¥¦§ï¦¨¡G</para>
+ <programlisting>
+GLOB_NOCHECK|GLOB_TILDE|GLOB_NOESCAPE;</programlisting>
+ <para>¦A­«·s compile ftpd</para>
+ <screen>
+&prompt.user; <userinput> man 3 glob</userinput></screen>
+ <programlisting>
+ GLOB_NOESCAPE By default, a backslash (`\') character is used to
+ escape the following character in the pattern, avoiding
+ any special interpretation of the character. If
+ GLOB_NOESCAPE is set, backslash escaping is disabled.
+
+ GLOB_BRACE Pre-process the pattern string to expand `{pat,pat,...}'
+ strings like csh(1). The pattern `{}' is left unex-
+ panded for historical reasons (and csh(1) does the same
+ thing to ease typing of find(1) patterns).</programlisting>
+ <para>§Ú¤]§Ë¦¨¤F outta-port¡A¦³¿³½ì¥i¥Hª½±µ¨ì outta-port/ftpd ©³¤U¦w¸Ë¡C</para>
+ </sect1>
+
+ <sect1 id="chm2html">
+ <title>.chm «ç»ò¦b Unix ©³¤UÆ[¬Ý¡H</title>
+ <para>Contributed by: mison@bbs.ee.ntu.edu.tw</para>
+ <para>Last Update: 2003¦~ 4¤ë16¤é ©P¤T 16®É35¤À53¬í CST</para>
+ <para>¥Ø«e³£¬O±N <filename>.chm</filename> ¸ÑÀ£ÁY¦¨
+ <filename>.html</filename> «á¦A¡A¦A¥ÎÂsÄý¾¹¥h¬Ý¡C
+ ²{¦³ªº .chm ¤è®×¦³¨â­Ó¡A¤@­Ó¬O
+ <filename role="package">misc/chmlib</filename>
+ ¥H¤Î chmtools¡A¤£¹L¨â®M³£¨S¦³¸ÑÀ£ÁYªº¤u¨ã¡A
+ ©Î¬O¤£¾A¦X¤¤¤åªº³B²z¡A¦]¦¹ mison §Q¥Î chmtools ¼g¤F¤@­Ó
+ chm2html ªº¤u¨ã¡A¦pªG¦³¿³½ìªº¤H¥i¥H¸Õ¸Õ¬Ý¡C</para>
+ <para><application>outta-port/chm2html</application> ªº¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/chm2html</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>¦b³oÃä¥H¤@­Ó <filename>braille.chm</filename> ¬°¨Ò¤l¡A
+ ¥Î <command>chm2html</command>
+ ¨Ó¸ÑÀ£ÁY¡A¨Ã¸ÑÀ£ÁY¨ì braille ªº¥Ø¿ý¤U¡G</para>
+ <screen>chm2html &lt; braille.chm braille/</screen>
+ <para>¦b braille ªº¥Ø¿ý¤U·|²£¥Í¤@­Ó braille.hhc ªº¥Ø¿ýÀÉ¡A
+ ±µµÛ¦A¥Î <command>hhc2html.pl</command> ±N¯Á¤ÞÀÉÂà¥X¨Ó¡G</para>
+ <screen>hhc2html.pl braille/braille.hhc &gt; braille/braille.html</screen>
+ <para>¤]¥i¥H¥Î <command>hhc2bookmark.pl</command> ±N¥Ø¿ýÀÉÂন
+ <application>mozilla</application> ªº bookmark ¨Ó¥Î¡G</para>
+ <screen>hhc2bookmark.pl --lo=on --root=`pwd`/brailee brailee/braille.hhc > bookmark.html</screen>
+ <para>¤¤¤åÀɦWªº³¡¤À¡A¥u¬O§â chm ¸Ìªº unicode Âন big5¡A
+ ³o¼Ë¥u¬OÅý¸Ñ¥X¨Óªº¤¤¤åÀɦW¥i¥HÅý¤H¬Ý±oÀ´¡Ahyper linkÁÙ¬O·|¦³°ÝÃD¡C</para>
+ <para>°Ñ¼Æ <option>--lo=on</option> ¬O«ü©w§â¤j¼gÀɦW§ï¬°¤p¼g¡A
+ ³o¬O¦]¬° chm2thml ¬O®Ú¾Ú chm ÀÉÀY¸Ñ¥XÀɮסA
+ ¦Ó hhc ¥Ø¿ý¡Bchm ÀÉÀY¸ÌªºÀɦW¡A¨âªÌ¥i¯à¤£¤@­P¡C
+ ©Ò¥H¦b²Ä¤@¨B chm ¸Ñ¶}«á¡B
+ ¦Û¦æ§PÂ_­n¤£­n¥[ <option>--lo=on</option>¡C</para>
+ <para>bookmark ¥u¬O¤@­Ó¼È®Éªº¸Ñ¨M¤è®×¡A¥i¥H¥Î
+ <filename>hhc2bookmark.pl</filename> Âà¥X¨ÓªºÀÉ®×´À´«­ì¨Ó
+ <filename>~/.mozilla</filename> ¸Ìªº bookmark¡A
+ ³o¼Ë¥i¥H¼ÒÀÀ MircoSoft IE ªº text/sitemap¡F¨ä¹ê¦³§ó¦n
+ ªº¤èªk¡A <application>mozilla</application> ¦³´£¨Ñ
+ sidebar ©M IE sitemap Ãþ¦ü¡A©Î¬O¦b <application>mozilla</application>
+ Ū¨ú¨ì¯S®íªº°ÆÀɦW©Î¬O MIME Type ®É¥h¦Û°Ê©I¥s
+ chm2html ¨Ã§@¦¨ºô­¶¨ÓŪ¥h¡C</para>
+ <para>hyper link ÀɦW¤£¤@­Pªº°ÝÃD¥i¯à¤d©_¦Ê©Ç¡AÂà¥Ø¿ýªºµ{¦¡¬O¥Î perl ¼gªº¡A
+ ­Y¦³»Ý­n¡A½Ð¦Û¦æ­×§ï perl µ{¦¡¸Ìªº regular expressions</para>
+ <para>¦b±N hhc2html.pl ²£¥Íªº¥Ø¿ý¥[¨ì sidebar ¤¤¡A
+ §Ú´ú¸Õªºµ²ªG¡A¨Ï¥Î¦p¤Uªº¤è¦¡¥i¥H¥[¤J sitebar¡G</para>
+ <screen>javascript:window.sidebar.addPanel('title','http://','');</screen>
+ <para>¦ý¬O§â http:// ´«¦¨ file:// ´N¨S¿ìªk¥[¶i¥h¡A©Ò¥HÁÙ¬Oª½±µ°õ¦æ
+ <command>chm.sh braille.chm</command> Åo¡C</para>
+ <para>¦b¯S®íÀɦW©Î¬OMIME Typeªº³B²z±o·PÁ bv1al ´£¨ÑªºÆF·P¡A
+ ¨Ï¥Î <application>mozilla</application> ¤]¥i¥H¥ÎÃþ¦ü¤èªk¶}±Ò¡C</para>
+ <programlisting>
+mozilla pull-down toolbar:
+ Edit->Preferences->Navigator->HelperApplications->NewType:
+ Description of type: MicroSoft HTML Help
+ File extension: chm
+ MIME Type: chemical/x-chemdraw application/mshelp
+ Application to use: chm.sh</programlisting>
+ <para>¤£¹L¥H¤Wªº¤èªk¦bµ§ªÌ´ú¸Õ¤U¡A¨Ã¨S¦³§@¥Î¡A¦pªG¦³¤H¦¨¥\½Ð§i¶D§Ú¤@¤U¡C</para>
+ <para>MicroSoft ¦³­Óµ{¦¡¥i¥H HTML Âà CHM¡A¤]¥i¥HÂà¦^¨Ó¡AÀ³¸Ó¬O³o­Ó
+ <ulink url="http://download.microsoft.com/download/OfficeXPProf/Install/4.
+71.1015.0/W98NT42KMe/EN-US/HTMLHELP.EXE">HTMLHELP.EXE</ulink>
+ ¡A¦b MicroSoft ¤U³B²z HTML »P CHM ¤¬Âà®ÉÆZ¦n¥Îªº¡C</para>
+ <para>WWW: <ulink url="http://66.93.236.84/~jedwin/projects/chmlib/">
+ http://66.93.236.84/~jedwin/projects/chmlib/</ulink></para>
+ <para>WWW: <ulink url="http://www.speakeasy.org/~russotto/chm/">
+ http://www.speakeasy.org/~russotto/chm/</ulink></para>
+ </sect1>
+
+ <sect1 id="konsole">
+ <title>konsole ¦r¶Z¹L¤j</title>
+ <para>Settings -&gt; Font -&gt; Custom -&gt; Terminal 12</para>
+ <para>Settings -&gt; Size -&gt; 80x24 (VT100)</para>
+ <figure>
+ <title>konsole snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/konsole" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="cyrus-imapd2">
+ <title>Cyrus-IMAP ±N 8-bit ¤å¦rÂà´«¬° X ªº°ÝÃD</title>
+ <para>Contributed by ¤p³¢ (jimkou.bbs@bbs.sayya.org)</para>
+ <para>Last Update: Sat May 17 12:09:58 2003</para>
+ <para>¥H <filename role="package">mail/cyrus-imapd2</filename>-2.1.13
+ ¬[³]¶l¥ó¦øªA¾¹¡A¦³¨Ç«H¥óªº¥D¦®¥þ³¡Åܦ¨¤F XXXXXX ¡H
+ ³o¬O RFC 2047 ªº¼Ð·Ç¤£¬Û®e 8Bit ¥D¦®ªº¶l¥ó¡C
+ ¥Ø«e¯à¥Îªº¿ìªk¬O±N¼ÐÃD½s½X¡A³o¬O¤ñ¸û¼Ð·Çªº°µªk¡A
+ ©Î¬O­×§ï source code ¨â­ÓÀÉ®×
+ <filename>imap/lmtpengine.c</filename> ¥H¤Î
+ <filename>imap/message.c</filename>
+ Åý¦¬«Hªº IMAPD ¤ä´© 8Bit ¥D¦®¡C</para>
+ <programlisting>
+--- imap/lmtpengine.c.orig Sat May 17 14:45:39 2003
++++ imap/lmtpengine.c Sat May 17 14:48:07 2003
+@@ -739,6 +739,7 @@
+ state s = NAME_START;
+ int r = 0;
+ int reject8bit = config_getswitch("reject8bit", 0);
++ int ignore8bit = config_getswitch("ignore8bit", 0);
+
+ if (namelen == 0) {
+ namelen += NAMEINC;
+@@ -854,7 +855,7 @@
+ form. */
+ r = IMAP_MESSAGE_CONTAINS8BIT;
+ goto ph_error;
+- } else {
++ } else if (!ignore8bit) {
+ /* We have been configured to munge all mail of this
+ form. */
+ c = 'X';</programlisting>
+ <programlisting>
+--- imap/message.c.orig Fri Apr 18 06:49:49 2003
++++ imap/message.c Sat May 17 14:46:27 2003
+@@ -229,6 +229,7 @@
+ int n;
+ int sawcr = 0, sawnl;
+ int reject8bit = config_getswitch("reject8bit", 0);
++ int ignore8bit = config_getswitch("ignore8bit", 0);
+ int inheader = 1, blankline = 1;
+
+ while (size) {
+@@ -264,7 +265,7 @@
+ /* We have been configured to reject all mail of this
+ form. */
+ if (!r) r = IMAP_MESSAGE_CONTAINS8BIT;
+- } else {
++ } else if (!ignore8bit) {
+ /* We have been configured to munge all mail of this
+ form. */
+ *p = 'X';</programlisting>
+ <para>³Ì«á¦A½s¿è <filename>${PREFIX}/etc/imapd.conf</filename>
+ ¨Ã¼W¥[¤@¦æ¡G</para>
+ <programlisting>ignore8bit = yes</programlisting>
+ <para>RFC 2047 MIME (Multipurpose Internet Mail Extensions) Part Three:
+ Message Header Extensions for Non-ASCII Text</para>
+ <para>WWW: <ulink url="http://asg.web.cmu.edu/cyrus/">
+ http://asg.web.cmu.edu/cyrus/</ulink></para>
+ </sect1>
+
+ <sect1 id="font-width">
+ <title>­^¤å¦r©M¤¤¤å¦rµ¥¼e¡H</title>
+ <para>Contributed by firefly</para>
+ <para>TrueType ¦rÅé¤À¦¨¨âºØ¡A¤@ºØ¬O¥iÅܦr¶Z¡A¤]´N¬O¨C­Ó¦r²Å¼e«×¤£¤@¼Ë¡A
+ ¤ñ¦p "x" »P "i"¡A³o¨â­Ó¦r²Å´N¤£µ¥¼e¡A¥¦¬O¦b¨C­Ó¦r²Å¤¤¬ö¿ý¸Ó¦r²Åªº¼e«×¡A
+ ¤j¦h¼Æªº TrueType ³£¬O³oºØ®æ¦¡¡C </para>
+ <para>¥t¤@ºØ´N¬O©T©w¦r¶Z¡C¤]´N¬O¨C­Ó¦r²Å¼e«×³£¤@¼Ë¡A³o¼ËÅã¥Ü©Î¥´¦L®É¡A
+ ·|¦³¹ï»ô®ÄªG¡A¤ñ¸û¬üÆ[¡A¦b­^»yÀô¹Ò¤¤¡A¤£·|¦³¥ô¦ó°ÝÃD¡AÁo©úªº±z¡A
+ ª¾¹D°ÝÃD©Ò¦b¤F§a¡C</para>
+ <para>¨S¿ù¡ICJK ªºµ¥¼e¦rÅé¡A¥]§t¡y¥b¼e­^¼Æ¦r²Å¡z»P¡y¥þ¼e CJK ¦r²Å¡z¡A
+ ¦r«¬¤ÞÀº·|§â¥þ¼e¦r¼e«×®M¥Î¦b¥b¼e¦r¤WÀY¡A³y¦¨¥b¼e¦r¬Ý°_¨Ó¶¡¶Z¤Ó¤j¡A
+ ³o´N¬O°ÝÃD©Ò¦b¡C</para>
+ <para>³o¸Ì´£¨Ñ¤@­Ó¤èªk¡AÅý¦r«¬¤ÞÀº©¿²¤ CJK ¦rÅé«ü©wªº¼e«×¡A
+ ±z¥i¥H±N¥H¤U³o¬q¤º®e¡A½Æ»s¨ì ~/.fonts.conf ¤¤¡G</para>
+ <programlisting>
+&lt;match target="font"&gt;
+ &lt;test target="pattern" name="lang" compare="contains"&gt;
+ &lt;string&gt;zh-tw&lt;/string&gt;
+ &lt;string&gt;zh-cn&lt;/string&gt;
+ &lt;string&gt;ja&lt;/string&gt;
+ &lt;string&gt;ko&lt;/string&gt;
+ &lt;/test&gt;
+ &lt;test name="spacing" compare="eq"&gt;
+ &lt;const>mono&lt;/const&gt;
+ &lt;/test&gt;
+ &lt;edit name="globaladvance" mode="assign"&gt;
+ &lt;bool&gt;false&lt;/bool&gt;
+ &lt;/edit&gt;
+&lt;/match&gt; </programlisting>
+ <para>¥H¤W¨º¬qªº·N«ä¬O¡G·í¹J¨ì CJK ¦r«¬¡A¤S¬Oµ¥¼e®É¡A
+ ©¿²¤¨t²Î¤º©w¼e«×¡A³o¼Ë¡A·í¨t²Î¨Ï¥Î CJK µ¥¼e¦r®É¡A
+ «K¤£·|¦A¦³¶¡¶Z¹L¤jªº°ÝÃD¡C</para>
+ <para>¦]¬° MingLiU «ÅºÙ¦Û¤v¬O monospaced ¦r«¬¡A¦ý¹ê»Ú¤W¥¦¦³¨âºØ¼e«×¡G
+ ¤¤¤åªº¥þ§Î¥H¤Î­^¤åªº¥b§Î¡C</para>
+ <programlisting>
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;MingLiU&lt;/string&gt;&lt;/test&gt;
+ &lt;edit name="globaladvance"&gt&lt;bool&gt;false&lt;/bool&gt;&lt;/edit&gt;
+ &lt;/match&gt;</programlisting>
+ <para>ÁÙ¥i¥H§ï spacing¡A0 ¬O proportional ªº spacing¡A100 ¬O mono¡A
+ 110 ¬O charcell¡C</para>
+ <programlisting>
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;MingLiU&lt;/string&gt;&lt;/test&gt;
+ &lt;edit name="spacing"&gt;&lt;int&gt;0&lt;/int&gt;&lt;/edit&gt;
+ &lt;/match&gt;</programlisting>
+ <para>¦b X11 Core Font ªº³¡¤À«h¬O¥²¶·­×§ï XLFD¡A
+ ±N -m- §ï¦¨ -p-¡C</para>
+ </sect1>
+
+ <sect1 id="pw">
+ <title>pw ¶}±b¸¹¸I¨ì'@'°ÝÃD¡H</title>
+ <para>Q: pw ¦b¶}±b¸¹®É¡A¥u­nµù¸Ñ¦³ '@' §Y¦³¤U­±°T®§¡G</para>
+ <screen>
+&prompt.root; <userinput>pw useradd -n test -c "¤@" -d /home/test -g nogroup -m -s /bin/tcsh -w yes</userinput>
+pw: invalid character `@' at position 1 in gecos field</screen>
+ <para>A: ¼x¨D¸Ñµª¤¤¡C</para>
+ </sect1>
+
+ <sect1 id="smbfs">
+ <title>mount_smbfs ¤£¯à¥Î¤¤¤å share ¦WºÙ¡H</title>
+ <para>Q: mount_smbfs ¨Ï¥Î¤¤¤å share ¦WºÙ¹J¨ì¦p¤Uªº¿ù»~¡G</para>
+ <programlisting>mount_smbfs: unable to open connection: syserr = No such file or directory</programlisting>
+ <para>A: ¼x¨D¸Ñµª¤¤¡C</para>
+ </sect1>
+
+ <sect1 id="flash">
+ <title>flash ¤¤¤åÅã¥Ü¡H</title>
+ <para>Q: MozillaÂsÄýflashºô­¶®É¤¤¤å¦rÅܦ¨¶Ã½X¡H</para>
+ <para>A: ¼x¨D¸Ñµª¤¤¡C</para>
+ </sect1>
+
+ <sect1 id="gtk-kde">
+ <title>KDE ¤U¨Ï¥Î GTK ªº¦r«¬°ÝÃD¡H</title>
+ <para>Q: ¦b KDE ¤U¹B¦æ GTK ªº³nÅé¦r«¬©Ç©Çªº¡H</para>
+ <para>A: °õ¦æ <command>gnome-settings-daemon &</command>¡A¨Ã¥Î
+ <command>gnome-control-center</command> ¨Ó³]©w¦r«¬¡C</para>
+ </sect1>
+
+ <sect1 id="filename">
+ <title>ÀɦW¤j¼g´«¤p¼g¡A§t¤l¥Ø¿ý¡H</title>
+ <para>Contributed by edwar</para>
+ <para>big5 ¤¤¤å¤Î¯S®í¦r¤¸À³¸Ó¤]³£¨S°ÝÃD¡C</para>
+ <programlisting>
+find ./t -depth \
+| perl -ne 'chomp;m</[^/]*$>;$d=$`;$_=$f=$&;'\
+'s/([\x80-\xFF].)|(\w)/$1\l$2/g;system "echo",$d.$f,$d.$_ if $f ne $_'</programlisting>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/fonts.sgml b/zh_TW.Big5/books/zh-tut/chapters/fonts.sgml
new file mode 100644
index 0000000000..c1b4bb7e45
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/fonts.sgml
@@ -0,0 +1,1038 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: fonts.sgml,v 1.62 2003/12/01 19:37:17 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="fonts">
+ <title>¿é¥X¦r«¬</title>
+ <para>¦b³o­Ó³¹¸`¤¤±N·|¤¶²ÐÂI°}¦r«¬(Bitmapped Font)¡A
+ ¥H¤Î¦±½u´yÃä¦r«¬(Outline Fonts)¡C</para>
+ <para>ÂI°}¦r«¬(Bitmapped Fonts)¡G
+ ³oºØ¦r«¬´N¬Oª½±µ±NÂI¯x°}ªº¦r«¬Àx¦s¦b°O¾ÐÅ餤¡A
+ ¨Ï¥Î®É´Nª½±µ¨ú¥X¡A³oºØ¤è¦¡­YÀx¦sÂI¼Æ¤£¦h«h¿é¥X¦r«¬¤ÓÃø¬Ý¡F
+ ¦ý­YÀx¦sÂI¼Æ¸û¦h«h»Ý­n¦û±¼¤Ó¦h°O¾ÐÅé¡A
+ ¦P®É±N¦rÅé©ñ¤j«á¥i¯à²£¥Í¿÷¾¦§§¡A¦]¦¹¥Ø«e°£¤F¯S®í¥Î³~¥~¡A
+ ´X¥G«Ü¤Ö¥Î¨ì¡C</para>
+ <para>¦±½u´yÃä¦r«¬(Outline Fonts)¬O§Q¥Î¦±½u¤½¦¡¨Ó´yø¦r®Ø¡A
+ ¦]¦¹¤£½×©ñ¤jÁY¤p¦ì¼Æ¬O¦h¤Ö³£¤@¼Ë¥­·Æ¡A
+ ¦ý¬O¯ÊÂI¬O­pºâ¯Ó®É¡A±`¨£ªº¥]¬A±`¥Î¦b¦L¨êªº Postscript
+ »P¥Î¦b¿Ã¹õÅã¥Üªº TrueType Font(TTF) µ¥¡C</para>
+ <para>¥Ø«e¨Ï¥ÎÂI°}¦r«¬ªº¥D­n¬O±±¨î¥x³nÅé¡A¹³¬O big5con¡Bzhcon µ¥¡A
+ ¥D­n¬O¦]¬°Åª¨ú¦±½u´yÃä¦r«¬ªº³t«×¸ûºC¡A
+ ¤]¤ñ¸û½ÆÂø¡A©Ò¥H¥Ø«eªº±±¨î¥x³nÅé³£¨S¬Ý¨ì¨Ï¥Î¦±½u´yÃä¦r«¬ªº¡C</para>
+ <para>WWW: <ulink url="http://www.geocities.com/fontboard/cjk/index.html">
+ Chinese, Japanese and Korean characters in English
+ Windows</ulink></para>
+ <para>WWW: <ulink url="http://cgm.cs.mcgill.ca/~luc/china.html">
+ Chinese Fonts</ulink></para>
+ <figure>
+ <title>showttf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/showttf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+
+ <sect1 id="pcf">
+ <title>Bitmapped Font - ÂI°}¦r«¬·§½×</title>
+ <para>ÂI°}¦r«¬¥Nªí¦r«¬ BDF(Bitmap Distribution Format¡AÂI°}¤À´²®æ¦¡)¡B
+ HBF(Hanzi Bitmap Font¡Aº~¦rÂI°}¦rÅé)¡B
+ PCF(Portable Compiled Font)¡C</para>
+ <para>BDF Spec:<ulink url="http://partners.adobe.com/asn/developer/pdfs/tn/5005.BDF_Spec.pdf">
+ 5005.BDF_Spec.pdf</ulink></para>
+ </sect1>
+
+ <sect1 id="cmexfonts">
+ <title>cmexfonts - ¤¤±À·| Big5+ ÂI°}¦r«¬</title>
+ <para>¸ÓµÛ§@Åv¬°¤¤µØ¥Á°ê¦æ¬F°|¬ã¦Ò·|¡B¤¤¤å¹q¸£±À¼s°òª÷·|©Ò¦@¦³¡A
+ ¦r§Î³]­p¬°µØ±d¬ì§Þ Dynalab Inc.¡C</para>
+ <para>¸Ó®M¦r«¬¨Ã¤£¬O¼Ð·Çªº Big5 ¦r«¬¡A¦Ó¬O·í®É¬°¤F±À¼s Big5+ ©Ò»s§@ªº¡A
+ ¥Ø«e¨ÃµL¨Ï¥Îªº»ù­È¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/cmexfonts</filename>¡C</para>
+ <para>³o­Ó®M¥ó¤¤¥]§t¤F 16 ÂI¡B24 ÂI¨â®M¤¤¤åÂI°}¦r«¬¡C</para>
+ <para>WWW: <ulink url="http://www.cmex.org.tw/">
+ cmex org</ulink></para>
+ </sect1>
+
+ <sect1 id="kcfonts">
+ <title>kcfonts - °ê³ìÂI°}¦r«¬</title>
+ <para>°ê³ì¤¤¤å PCF ¦r«¬¬O FreeBSD ¤U³Ì±`¥ÎªºÂI°}¦r«¬¡C</para>
+ <para>­n±oª¾¤w¦w¸Ëªº BIG5 ¦r«¬¥Î¡G</para>
+ <screen>
+&prompt.user; <userinput>xlsfonts | grep big5</userinput>
+kc15f.pcf.gz -kc-fixed-medium-r-normal--16-160-72-72-c-160-big5-0
+kc24f.pcf.gz -kc-fixed-medium-r-normal--24-240-100-100-c-240-big5-0</screen>
+ <para>¦w¸Ë <filename role="package">chinese/kcfonts</filename>¡C</para>
+ <para>³o­Ó®M¥ó¸Ì­±¥]§t¤F 16 ÂI¡B20 ÂI¥H¤Î 24 ÂI¤T®M¤¤
+ ¤åÂI°}¦rÅé¡A¨¬¨Ñ¤@¯ë±¡ªpÅã¥Ü¤¤¤å¤§¥Î¡C</para>
+ <para>¾A¥Î©ó 640x480 ¸ÑªR«× (NoteBook)</para>
+ <screen>
+&prompt.root; <userinput>rxvt -ls -fm kc15 -fn 8x16 &</userinput></screen>
+ <para>¾A¥Î©ó +1024x768 ¸ÑªR«× (17 ¦T¿Ã¹õ)</para>
+ <screen>
+&prompt.root; <userinput>rxvt -ls -fm kc24 -fn 12x24 &</userinput></screen>
+ </sect1>
+
+ <sect1 id="gugod-clean">
+ <title>gugod-clean - ·f°t¤¤¤åÂI°}¦r«¬¥Îªº­^¤åÂI°}¦r«¬</title>
+ <para>¬Ý¤F¤@¤U irc ¤W±o²á¤Ñ¡A²×©óÀ´±o¬O¬°¤F²×ºÝ¾÷ªº´Ý¼v°ÝÃD¡C</para>
+ <para>¸`¿ý gugod ªº¤@¬q¸Ü¡G</para>
+ <para>
+ °t¦X kc15f §ï¤F¤@¤U schumacher ªº clean¡A¥»¨Ó³o¨âºØ¦r¤£¤@¼Ë°ª¡A
+ ©Ò¥H¥Î¤[¤F term ·|żżªº¡A§ï¦¨¤@¼Ë°ª´N¤£·|¤F¡A³o­Ó clean ¬O 15 ªº¡A
+ «ç»ò§ï¦¨¤@¼Ë°ªªº¡H¤j­P¤W¬O§ï bdf ¤¤ªº PIXEL_SIZE, POINT_SIZE,
+ FONT_ASCENT, FONT_DESCENT ÁÙ¦³ FONT ³o¨ÇªFªF¥ý¡A¤£¹L­n¥ý¥Î
+ xmbdfed §â bdf ¦r§ï¦¨·Q­nªºªø¼e¡A¤£µM clean
+ ¦rªº¨C­Ó¦r¥Àªø¼e³£¤£¤@¼Ë¡A«ÜÃø½Z¡A¬ÛÃö¤u¨ã½Ð¬Ý
+ <filename>ports/x11-fonts</filename>¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/gugod-clean</filename>¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/X11R6/lib/X11/fonts/local</userinput>
+&prompt.root; <userinput>mkfontdir</userinput>
+&prompt.root; <userinput>xset fp rehash</userinput> </screen>
+ <para>±N¥H¤U¥[¤J <filename>/usr/X11R6/lib/X11/fonts/local/fonts.alias</filename></para>
+ <programlisting>
+gugod16 -gugod-clean-medium-r-normal--16-160-75-75-c-90-iso8859-1
+gugod18 -gugod-clean-medium-r-normal--18-180-75-75-c-80-iso8859-1
+gugod20 -gugod-clean-medium-r-normal--20-200-75-75-c-100-iso8859-1
+gugod22 -gugod-clean-medium-r-normal--22-220-75-75-c-110-iso8859-1 </programlisting>
+ <para>µM«á°õ¦æ <command>Eterm --font gugod16 &</command></para>
+ <para>´N¥i¥H¬Ý¨ì«Üº}«Gªº Eterm ³z©ú­I´º¡A
+ ­ì¨Ó·|ż±¼ªº²×ºÝ¾÷¤]¨S°ÝÃD¤F¡C</para>
+ </sect1>
+
+ <sect1 id="intlfonts">
+ <title>intlfonts - ¦U°êªº§K¶OÂI°}¦r«¬</title>
+ <para>
+ ³o­Ó¥]§t¦U°êªº§K¶O PCF ¦r«¬¡A¦Ó¥B¸Ì­±ÁÙ¥]§t¤F cns11643 ¤C­Ó¦r­±ªº
+ 16pt¡B24pt »P 40pt¡A¥H¤Î big5 ªº taipei16 »P taipei24¡A
+ ¸Ë§¹´X¥G¥i¥H³B²z¦UºØ»y¨¥¤F¡C </para>
+ <para>¦w¸Ë <filename role="package">x11-fonts/intlfonts</filename>¡C</para>
+ </sect1>
+
+ <sect1 id="PostScript">
+ <title>PostScript ·§½×</title>
+ <para> PostScript¬°¬ü°êAdobe(<ulink url="http://www.adobe.com">
+ http://www.adobe.com</ulink>)¤½¥q©ó1985¦~©Òµoªíªº¤å¥ó´y­z§Þ³N¡A
+ Adobe¨Ã§Q¥Î³o­Ó§Þ³N¡A³Ð³yµÛ¦W¦X¥GPostScript§Þ³Nªº¦r«¬¡A
+ ¨Ã±q¦Ó§ïÅܾã­Ó¦L¨ê¤u·~¡APostScript
+ ¥i¥Hºë½Tªº´y­z¥­­±Ã¸»s¥ô¦ó¤å¦r¤Î¹Ï§Î¡A²{¤µPostScript
+ ªº§Þ³N¤w¸g«D±`´¶¹Mªº¨Ï¥Î¦b¦L¨ê»â°ì¡A¥]¬A¿Ã¹õÅã¥Ü(Display)¡A
+ ¹p®g¦Lªí¾÷(Laser Printer)¡A ¿é¥X¾÷(Imagesetter)¡A
+ ¼Æ¦ì¦L¨ê¾÷(Digital Printing)..µ¥µ¥¿é¥X³]³Æ¡C</para>
+ <para> ¦Ó»PPostScript§Þ³N·f°t³Ì­«­nªº¬OPostScript¦r«¬¡A
+ ¨Ï¥ÎªÌ¥i¥H³z¹LPostScript§Þ³N½Õ¾ã¬Y¨Ç°Ñ¼Æ¡A¦Ó§ïÅܦr«¬ªº¤j¤p¡A
+ ³±¼v/¥ßÅé/ªÅ¤ß/²Ê²Óµ¥¯S®í®ÄªG¡A ¥Ñ©óPostScript¦b¦L¨ê¤è­±¨ô¶Vªí²{¡A
+ ¥Ø«e¥@¬É¤W¥D­nªº¤åÄm´X¥G¦h¬O¥HPostScriptªº§Î¦¡¥X²{¡C</para>
+ <para>¥Ø«e±`¨£ªº¤¤¤å¦C¦L¤è®×³£¬O²£¥Í Postscript «á¡A
+ ¦A¶i¦æ¦C¦L¡C²£¥ÍªºÀɮפS¥i¤À¬°¤º´O(bg5ps¡Benscript¡Bcnprint)
+ »P¤£¤º´O¦r«¬(truetype¡Bcid font)¡A
+ ¥Ø«eªº¸Ñ¨M¤è®×°¾¦V©ó¨Ï¥Î CID-Keyed font¡C</para>
+ <para>CID-Keyed font¡ACID¬OCharacter IDªºÂ²ºÙ¡C</para>
+ <para>CID¦r§Î®æ¦¡ªº³]­p¥D­n¬O¬°¤F¦UºØPostScript¿é¥X³]³Æ¡A
+ ATM(Adobe Type Manager)³nÅé¡A
+ CPSI(Configurable PostScript Interpreter)¸ÑĶ¾¹¤Î
+ DPS(Display PostScript)Åã¥Ü«¬PostScript³nÅéµ¥¡A
+ ¯à¨Ï¥Î©ó¤j¦r®w¦rÅ鶰¡A¯S§O¬O¥xÆW¡B¤j³°¡B¤é¥»¡BÁú°ê
+ µ¥Âù¦ì¤¸»y¨tªº°ê®a¤å¦r¡C </para>
+ <para> CJK(Chinese , Japan , Korean)¦r¶°¤W¤é¡BÁú¤G°ê¤å¦r¡A
+ °£¤F¥­°²¦W¡B¤ù°²¦W¤ÎÁú¤å¦r¥~¡A¦û³Ì¦h¦rÅé®e¶qªºÁÙ¬Oº~¦r³¡¥÷¡A
+ ¦Ó¥B¤¤¡B¤é¡BÁúªºº~¦r«Ü¦h³£¬O¬Û¦Pªºº~¦r¡A¦pªG¤@®MCJK¦r¶°¯à¥]¬A
+ Big5¡BGB¡BJIS¤ÎKSC½Xªº©Ò¦³ªº¦r§Î¡B
+ ®e¶q¤@©w¤ñ¥|ºØ½X¦ì¤À¶}ªº¦r§Î¤Ö30%¥H¤W¡A¦Ó¥B¥i¥H¤£¥Î¾á¤ß¡A
+ ¥H«á±q¥H¤W¥|­Ó¦a°Ï¨Óªº¤å¥ó¡A¿é¥X®É¨S¦³¹ïÀ³ªº¦r§Î¿é¥X¡C</para>
+ <para> ¦b1990¦~Adobeµoªí¥i¥H¤ä´©Âù¦ì¤¸¬[ºcªºPostScript¦r§Î®æ¦¡¡A
+ ¤@¯ë§Ú­Ì³qºÙ¬°OCF(Original Composite Font)®æ¦¡¡A
+ ¥¦¨Ï¥Î¤ñ¸û½ÆÂø¦r§Îºc³y¤Î¦r§ÎÀx¦s¤è¦¡¡A
+ ¦]¬°¥¦¬°¤F­n¤ä´©Âù¦ì¤¸ªº¦r§Î¡A´N¥²¶·­n°µ¦¨³o¼Ë½ÆÂøªº¬[ºc¡A
+ ¹³¥Ø«e¤j®a©Ò¨Ï¥Îªº¤¤¤åType1¡BType3¡BType4µ¥¦r§Î®æ¦¡¡A
+ ³£¬OÄÝ©óOCF®æ¦¡¡C</para>
+ <para> OCF¦r§Î­n§ì¨ú¦C¦L¤@­ÓÂù¦ì¤¸¦r§Î®É¡A¥²¶·­n¸g¹L½ÆÂøªº¹ïÀ³Ãö«Y¡A
+ ¤~¯à¨ú±o¦r§Îªº¥~®Ø¸ê®Æ¥h¦C¦L¡A©Ò¥HType1¡BType3¡BType4µ¥OCF
+ ¦r§ÎªºÀÉÀY(header)´y­z³£«D±`½ÆÂø¡A
+ ¦Ó¥B¨C¤@®a¦r§Î¼t°Ó³£¤£¤Ó¤@¼Ë¡C</para>
+ <para>CID¦r§Îªº¬[ºc¤ñOCF¦r§Î´N²³æ¦h¤F¡A
+ ª½±µ¥ÑCMapÀÉ®×¥h¹ïÀ³¦r§Î¥~®Ø¸ê®Æ¡A
+ ©Ò¥H¸ÑĶ¾¹¯à§Ö³tªº¨ú±o¤Î¸ÑĶ¦r§Îªº¥~®Ø¸ê®Æ¤Î¦C¦L¡A
+ ¦Ó¥B¤ñ¸û¸`¬Ù°O¾ÐÅ骺¨Ï¥Î¡C</para>
+ <para>Character Collection(¦r§Î¶°)¤ÎCMap File(¹ïÀ³ÀÉ)³o¤GªÌAdobe
+ ¦³©w¸q¼Ð·Ç®æ¦¡¡A¦r§Î¼t°Ó¥i¥H¨Ï¥ÎAdobeªº¼Ð·Ç®æ¦¡¡A
+ ¥HÁcÅ餤¤å¬°¨Ò¡AAdobe©w¸q¤@­ÓCharacter Collection¡A
+ ©M«Ü¦h­ÓªºCMap File¡A¦pAdobe-CNS1-0¡AB5-H¡AB5pc-H¡AETen-B5-H
+ µ¥¤£¦PªºCMap file¡C ¤£¦PªºCMap file¨Ï¥Î©ó¤£¦Pªº¤º½X¨t²Î¡A
+ ¦pªG³o¨Ç¤º½X¨t²Îªº¦r½X¦³ÂX¥R®É¡A¥u­n¼W¥[·sªºCMap file¤ÎCID
+ ¦r§Î§Y¥i¡A¥i¥H¤£¼vÅT¨ì­ì¨ÓªºCMap file¤ÎCID¦r§ÎÀÉ¡C </para>
+ <para>WWW: <ulink url="http://www.arphic.com.tw/faqs/faqs_cid.htm">
+ cid faqs at arphic</ulink></para>
+ <para>WWW: <ulink url="http://partners.adobe.com/asn/tech/type/index.jsp">
+ Fonts / Type / OpenType</ulink></para>
+ </sect1>
+
+ <sect1 id="truetype-as-cidfonts">
+ <title>¨Ï¥Î TrueType ¦r«¬·í§@¬O CID fonts</title>
+ <para>gs-cjk ¬O¤@­ÓÅý Aladdin/Artifex/GNU ghostscript(gs)
+ ¯à°÷¨Ï¥Î CJK ¥\¯àªºµo®i­pµe¡C¦b³o­Óºô¯¸¤¤¡A©Ò´£¨Ñªºµ{¦¡¶°¡A
+ ¥]§tÅý gs ¯à°÷§â CJK ( Ác¡B²¤¤¤å¡A¤é¤å¡AÁú¤å )
+ ªº TrueType ¦r«¬·í§@ CID-Keyed ªº¦r«¬¨Ó³B²zªº¥²­n­×¸ÉÀÉ®×( patch)¡A
+ ¥H¤Î§ï¶i¦b gs CID-Keyed ¦r«¬ªºhandler¡C</para>
+ <para>¸Ó­pµe¤w¸g¾ã¦X¨ì <application>ghostscript7</application></para>
+ <para>CID-Keyed font ¥Ñ CID font ©M CMap ©Ò²Õ¦¨¡A
+ ¨Ï¥Î«e°O±o¦w¸Ë <filename role="package">print/adobe-cmap</filename>
+ ¡C</para>
+ <para>¨Ï¥Î ghostscript ¨Ó¦C¦L¤å¥ó¡G</para>
+ <screen>
+&prompt.root; <userinput>gs -sDEVICE=cdj550 -sOutputFile=/dev/lpt0 xx.ps</userinput>
+ </screen>
+ <para><command>gs --help</command> ·|¦³§ó¦hªº¿ï¶µ</para>
+ <para>¥H¦¹®M¥ó·f°t arphicttf ´N¥i¥HÅý¤j³¡¤Àªº³nÅé¥i¥H³z¹L
+ gs Ū¨ú ttf ¨Ó²£¥Í¥¿½Tªº gs ÀÉ¡C</para>
+ <para>¥H¤U¬O§Q¥Î <application>ttfm</application> ¨Ó±N <application>arphicttf</application> ªº¦r«¬¥[¤J gs-cjk ªº¦Cªí¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --add gs-cjk bkai00mp.ttf</userinput>
+&prompt.root; <userinput>ttfm.sh --add gs-cjk bsmi00lp.ttf</userinput></screen>
+ <para>³o¼Ë·|¤À§O²£¥Í±`¥Îªº CID-Keyed¡GShanHeiSun-Light-Eten-B5-H ¥H¤Î
+ ZenKai-Medium-Eten-B5-H ¥H¨Ñ»Ý­n¦C¦Lªº³nÅé¨Ï¥Î¡A¨Ò¦p
+ Mozilla¡BKDEµ¥¡C</para>
+ <para>WWW: <ulink url="http://www.cs.wisc.edu/~ghost/index.html">
+ Ghostscript, Ghostview and GSview</ulink></para>
+ <para>WWW: <ulink url="http://www.gyve.org/gs-cjk/">
+ gs-cjk project</ulink></para>
+ </sect1>
+
+ <sect1 id="moefonts-cid">
+ <title>moefonts-cid - ¥Ñ Adobe ÂàĶªº MOE CID Font</title>
+ <para>CID-Keyed font ¥Ñ CID font ©M CMap ©Ò²Õ¦¨¡A
+ CMap ¥i¥H³z¹L¦w¸Ë
+ <filename role="package">print/adobe-cmaps</filename> ¨Ó¹F¦¨¡A
+ ¦Ó CID font «h¥²¶·¥t¥~¦w¸Ë¡C
+ ¤¤¤å CID font(MOEKai ©M MOESung) ¬O±q±Ð¨|³¡¦Ó¨Óªº¡A
+ ­ì¥»¬° 48x48 ÂI°}¦r«¬¡A¥Ñ Adobe »s§@¦¨ CID font¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/moefonts-cid</filename>¡C</para>
+ <para>¦Û¦æ¦w¸Ëªº¸Ü¡ACID-Keyed font ¥i¥H±q
+ <ulink url="ftp://ftp.oreilly.com/pub/examples/nutshell/cjkv/adobe/samples/">
+ ftp://ftp.oreilly.com/pub/examples/nutshell/cjkv/adobe/samples/</ulink>
+ ¨ú±o MOEKai-Regular MOESung-Regular ³o¨â­Ó CIDFont¡A¨Ã¦b
+ <ulink url="ftp://ftp.oreilly.com/pub/examples/nutshell/cjkv/adobe/">
+ ftp://ftp.oreilly.com/pub/examples/nutshell/cjkv/adobe/</ulink>
+ ¨ú±o ac14.tar.Z¡A¸Ì­±¥]§t¤F Adobe-CNS1 ªº CMap ÀɮסC</para>
+ <para>¸Ë§¹«á´N¦³¦p¤Uªº CID-Keyed font ¥i¥H¨Ï¥Î¡G</para>
+ <programlisting>
+MOEKai-Regular-ETen-B5-H
+MOEKai-Regular-ETen-B5-V
+MOESung-Regular-ETen-B5-H
+MOESung-Regular-ETen-B5-V</programlisting>
+ <para>¥H¤U¬O¤@­Ó´ú¸Õªº½d¨Ò¡G</para>
+ <screen>
+&prompt.user; <userinput>cat cid.ps</userinput>
+/MOEKai-Regular-ETen-B5-H findfont 60 scalefont setfont
+50 600 moveto (²³¸Ì´M¥L¤d¦Ê«×) show
+50 520 moveto (ÅZµM¦^­º) show
+50 440 moveto (¨º¤H«o¦b¿O¤õÄæ¬À³B) show
+showpage
+quit
+&prompt.user; <userinput>gv -antialias cid.ps</userinput>
+&prompt.user; <userinput>ps2ps cid.ps cid2.ps</userinput>
+&prompt.user; <userinput>ps2pdf cid.ps</userinput>
+&prompt.user; <userinput>ps2pdf cid2.ps</userinput>
+&prompt.user; <userinput>xpdf cid.pdf</userinput> (¥i¯à¤£¦æ)
+&prompt.user; <userinput>xpdf cid2.pdf</userinput></screen>
+ <figure>
+ <title>cid-gv snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/cid-gv" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>¥Ø«e¤w¸g¥i¥H¥Ñ <application>ttfm</application> ·f°t
+ <application>gs-cjk</application>
+ ªº¤è¦¡¨Ó¨ú¥N¡A¦Ó¥B®ÄªG§ó¦n¡C</para>
+ <para>¥H¤U¬O¥H MOESung-Regular ¬°¨Ò¤l¡A¨Ó¼W¥[²ÊÅé¡B±×Åé¡B²Ê±×Åé¤ä´©¡A
+ ¦b¦w¸Ë®É¡A¥Ñ©ó¥²¶·ÃB¥~¦w¸Ë adobe-cmaps ¨Ó·f°t¡A
+ ©Ò¥H·| DEPENDS print/adobe-cmaps¡C</para>
+ <para>¦A¨Ó¬O«Ø¥ß²ÊÅé¡A±×Åé¡A²Ê±×Åéµ¥¡A¦b¬Ý§¹ ttfm ªº gs-cjk ¼Ò²Õ«á¡A
+ ¦³­Ó·Qªk´N¬O gs-cjk ªº°µªk¬O¦b ttf ¤W­±«Ø¥ß²ÊÅé¡A±×Åé¡A²Ê±×Åéµ¥¡A
+ ³o¨Ç°µªk¬O¤£¬OÀ³¸Ó¤]¾A¥Î©ó moefonts-cid¡H</para>
+ <para>¦]¦¹´N«Ø¥ß¤F MOESung-Regular-Bold</para>
+ <programlisting>
+%!PS-Adobe-3.0 Resource-CIDFont
+%%BeginResource: CIDFont (MOESung-Regular-Bold)
+/MOESung-Regular-Bold
+/MOESung-Regular /CIDFont findresource
+16 dict begin
+ /basecidfont exch def
+ /basefont-H /.basefont-H /Identity-H [ basecidfont ] composefont def
+ /basefont-V /.basefont-V /Identity-V [ basecidfont ] composefont def
+ /CIDFontName dup basecidfont exch get def
+ /CIDFontType 1 def
+ /CIDSystemInfo dup basecidfont exch get def
+ /FontInfo dup basecidfont exch get def
+ /FontMatrix [ 1 0 0 1 0 0 ] def
+ /FontBBox [
+ basecidfont /FontBBox get cvx exec
+ 4 2 roll basecidfont /FontMatrix get transform
+ 4 2 roll basecidfont /FontMatrix get transform
+ ] def
+ /cid 2 string def
+ /BuildGlyph {
+ gsave
+ exch begin
+ dup 256 idiv cid exch 0 exch put
+ 256 mod cid exch 1 exch put
+ rootfont /WMode known { rootfont /WMode get 1 eq } { false } ifelse
+ { basefont-V } { basefont-H } ifelse setfont
+ .03 setlinewidth 1 setlinejoin
+ newpath
+ 0 0 moveto cid false charpath stroke
+ 0 0 moveto cid show
+ currentpoint setcharwidth
+ end
+ grestore
+ } bind def
+ currentdict
+end
+/CIDFont defineresource pop
+%%EndResource
+%%EOF</programlisting>
+ <para>¥H¤Î MOESung-Regular-Bold-ETen-B5-H.gsf</para>
+ <programlisting>
+/MOESung-Regular-Bold-ETen-B5-H
+/MOESung-Regular-Bold (MOESung-Regular-Bold)
+/ETen-B5-H (CMap/ETen-B5-H)
+
+1 index /CMap resourcestatus
+{pop pop pop}
+{runlibfile} ifelse
+/CMap findresource
+
+3 1 roll
+1 index /CIDFont resourcestatus
+{pop pop pop}
+{runlibfile} ifelse
+/CIDFont findresource
+
+[ exch ] composefont pop </programlisting>
+ <para>µ²ªGµo²{¦b´ú¸ÕÀÉ cid.ps</para>
+ <programlisting>
+/MOESung-Regular-ETen-B5-H findfont 30 scalefont setfont
+50 600 moveto (2000¦~5¤ë29¤é) show
+/MOESung-Regular-Bold-ETen-B5-H findfont 30 scalefont setfont
+50 560 moveto (2000¦~5¤ë29¤é) show
+/MOESung-Regular-Italic-ETen-B5-H findfont 30 scalefont setfont
+50 520 moveto (2000¦~5¤ë29¤é) show
+/MOESung-Regular-BoldItalic-ETen-B5-H findfont 30 scalefont setfont
+50 480 moveto (2000¦~5¤ë29¤é) show
+/MOEKai-Regular-ETen-B5-H findfont 30 scalefont setfont
+50 440 moveto (2000¦~5¤ë29¤é) show
+/MOEKai-Regular-Bold-ETen-B5-H findfont 30 scalefont setfont
+50 400 moveto (2000¦~5¤ë29¤é) show
+/MOEKai-Regular-Italic-ETen-B5-H findfont 30 scalefont setfont
+50 360 moveto (2000¦~5¤ë29¤é) show
+/MOEKai-Regular-BoldItalic-ETen-B5-H findfont 30 scalefont setfont
+50 320 moveto (2000¦~5¤ë29¤é) show
+showpage
+quit</programlisting>
+ <para>²ÊÅ骺³¡¤À¥X²{¤F¹w´Áªº®ÄªG¡A©Ò¥H´NÄ~Äò»s§@±×Åé»P²Ê±×Åé¡A
+ ³o³¡¤À¥i¥H°Ñ¦Ò gs-cjk¡A±×Å骺¦WºÙ©w¬° MOESung-Regular-Italic¡A
+ ¦Ó²Ê±×Åé«h¬O MOESung-Regular-BoldItalic¡C</para>
+ <para>³Ì«á¡A°O±o§â³o¨Ç .gsf ¼g¤J
+ /usr/local/share/ghostscript/7.05/lib/Fontmap.GS
+ ¼gªk¬O¡G¦r«¬ (¦r«¬.gsf) ;</para>
+ <programlisting>
+/MOESung-Regular-ETen-B5-H (MOESung-Regular-ETen-B5-H.gsf) ;
+/MOESung-Regular-Bold-ETen-B5-H (MOESung-Regular-Bold-ETen-B5-H.gsf) ;
+/MOESung-Regular-BoldItalic-ETen-B5-H (MOESung-Regular-BoldItalic-ETen-B5-H.gsf) ;
+/MOESung-Regular-Italic-ETen-B5-H (MOESung-Regular-Italic-ETen-B5-H.gsf) ;</programlisting>
+ <para>³Ì«á­×§ï¤@¤U -H ¦¨ -V ¦A­«½Æ¤W­±ªº¹Lµ{§Y¥i¡A
+ ¨ä¥Lªº¦r«¬¤]¬O´X¥G¤@¼Ëªº°µªk´N¥i¥H§¹¤u¤F¡A
+ ¤£¹L¡A¯uªº¤ñ¤£¤W¥Î ttf °µ¥X¨Óªº§r</para>
+ <para>¦p¦¹«Ø¥ß§¹¡A´N·|¦³¤@°ï¥i¥Îªº CID-Keyed ¦r«¬</para>
+ <programlisting>
+MOESung-Regular-ETen-B5-H
+MOESung-Regular-Bold-ETen-B5-H
+MOESung-Regular-BoldItalic-ETen-B5-H
+MOESung-Regular-Italic-ETen-B5-H</programlisting>
+ <para>³o¼Ë¤l¦b°t¦X¤å®Ñ³nÅé¤W¡AÀ³¸Ó·|§ó¦n¡A
+ §Ú·Q¤å®Ñ³nÅéºCºCªº¤]·|§â¦C¦Lªº³¡¤À¥Î
+ gs ©Ò´£¨Ñªº¦r«¬¨Ó¼ÒÀÀ¡A¹³¬O editors/Abiword ´N¬O­Ó«Ü´Îªº¨Ò¤l¡A
+ ¦Ó kde2 «h¬O¦Û¤v°µ²ÊÅé¡A±×Åéµ¥ªº¼ÒÀÀ¡A
+ ¤£¹L§ÚÁÙ¨S¥h´ú¸Õ¨ì²ÊÅé©M±×Å骺³¡¤À¡A
+ µ¥¦³ªÅ¶¢¤F¦A¥h¸Õ¸Õ¡C</para>
+ <figure>
+ <title>moefonts-cid snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/moefonts-cid" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="embbed-pdf">
+ <title>¥H gs Æ[¬Ý¤£¤º´Oªº pdf ÀÉ</title>
+ <para>gs/gv ¦³­Ó dirty hack¡A´N¬O¬Ý¨ì</para>
+ <programlisting>
+name type emb sub uni object ID
+------------------------------------ ------------ --- --- --- ---------
+°ê¦r¼Ð·Ç§ºÅé CID TrueType no no no 22 0</programlisting>
+ <para>³oºØÃþ«¬ªº¤£¤º´O¦r¡A´N¦Û¤v¨ì
+ <filename>/usr/local/share/ghostscript/7.05/lib/CIDFnmap</filename>
+ ¤¤¥[¤W alias¡A¥H§Ú¦Ó¨¥·|¥[¤W¤å¹©¤W®ü§ºªº alias¡G</para>
+ <programlisting>
+/°ê¦r¼Ð·Ç§ºÅé /ShanHeiSun-Light ;</programlisting>
+ <para>§õªG¥¿ Edward G.J. Lee ¤]´£¥X¤ñ¸û¥¿¦¡ªº¸Ñªk¦p¤U¡G</para>
+ <para>
+ ¬Q¤Ñª±¤F¤@¤U gs¡Cµo²{¥i¯à¤£¥²³o»ò³Â·Ð¡A¦]¬° CJK-latex + dvipdfmix
+ »s§@¥X¨Óªº¤£¤º´O¤¤¤å PDF ÀÉ¡A»á¦X PDF-spec¡CÁöµM¡Apdffonts ¬Ý¨ìªº¬O¡G</para>
+ <programlisting>
+name type emb sub uni object ID
+------------------------------------ ------------ --- --- --- ---------
+°ê¦r¼Ð·Ç§ºÅé CID TrueType no no no 22 0</programlisting>
+ <para>¦ý¨ä¹ê PDF ÀɸÌÀY·|¼Ð°O¦¨ Adobe-CNS1¡A¤]´N¬O»¡·|¥h¨Ï¥Î PDF browser
+ Adobe-CNS1 ªº¹w³]¦r«¬¡A¨Ò¦p¡G</para>
+ <programlisting>
+34 0 obj
+&lt;&lt;
+/Type/Font
+/Subtype/CIDFontType2
+/BaseFont/#b0#ea#a6r#bc#d0#b7#c7#a7#ba#c5#e9,Italic
+/FontDescriptor 35 0 R
+/CIDSystemInfo&lt;&lt;
+/Registry(Adobe)
+/Ordering(CNS1)
+/Supplement 0
+&gt;&gt;
+&gt;&gt;
+endobj</programlisting>
+ <para>¥H¦¹ object ¬°¨Ò¡C¨ä¤¤ # ¬O¥Nªí hex notation¡A
+ ¨º¤@°ï´N¬O¡y°ê¦r¼Ð·Ç§ºÅé¡z¡A
+ «á­±·|¦³ /Registry(Adobe) /Ordering(CNS1)¡A¦]¦¹¡A¥u­n gs ªº
+ CIDFnmap ³]¦¨¡G</para>
+ <programlisting>
+/Adobe-CNS1 /ShanHeiSun-Light ;</programlisting>
+ <para>´N¥i¥H¤F¡A¤]´N¬O»¡¡A¤£ºÞ PDF ¨Ï¥Î¤°»ò¦r«¬¡A¦pªG§ä¤£¨ì¦¹¦r«¬¡A
+ ´N·|¨Ï¥Î¹w³]ªº (Adobe-CNS1)ShanHeiSun-Light¡C
+ ³o¼Ë´N¤£¥²¹J¨ì¨S¦³ªº¦r«¬´N±o¥h¥[¤J alias¡C
+ ¦Ó acroread ¤]·|¥h§ä¥Lªº¹w³]¦r«¬ MHei-Medium ©Î MSung-Light
+ (µø acroread ¦p¦ó³]©w¡A³]¦¨ sans «h¨ú¥Î¶ÂÅé¡A³]¦¨ serif
+ «h¨ú¥Î§ºÅé)¡C¬°¨¾·N¥~¡A«Øij¥H¤U¨â¦æ¤]¥[¤J¡G</para>
+ <programlisting>
+/Adobe-CNS1-Big5 /ShanHeiSun-Light ;
+/Adobe-CNS1-Unicode /ShanHeiSun-Light ;</programlisting>
+ <para>³o¼Ë¤@¨Ó¡A¦C¦Lªº°ÝÃD¤]¸Ñ¨M¤F¡Cpdf2ps(pswrite device) ®É gs ·|¥h¨ú¥Î
+ ShanHeiSun-Light¡C·íµM¡A«e´£¬O /usr/share/ghostscript/Resource ­n§â
+ ShanHeiSun-Light ¹w¥ý³]©w¦n¡C</para>
+ </sect1>
+
+ <sect1 id="truetype">
+ <title>TrueType - ¥þ¯u¦r«¬·§½×</title>
+ <para>TrueType¦r«¬®æ¦¡¬°¬ü°êApple (<ulink url="http://www.apple.com">
+ http://www.apple.com</ulink>)¤ÎMicrosoft (
+ <ulink url="http://www.microsoft.com">http://www.microsoft.com</ulink>
+ )©Ò¦@¦P¨î©w¡A³Ì¥ý¨Ï¥Î©óAppleªºMacintosh¨t¦C¤Î
+ Microsoft Windows 3.1¡A ¦Ó¥Ø«eAppleªºOS 8.0¤Î
+ Microsoft Windows 95/NT/2000/XP¤]³£¨Ï¥Î
+ TrueType§@¬°¦r«¬®æ¦¡¡C</para>
+ <para>°ò¥»¤WTrueType©MPostScript¤@¼Ë¡A³£¬O¨Ï¥Î¨©¯÷¦±½u(Bezier Curve)
+ ¨Ó´y­zªº¥~®Ø¦r¡C ¦r«¬¥i¥H§@¥ô·N¤Ø¤oªº©ñ¤jÁY¤p¡A
+ ©Î§@¨ä¥LÄݩʪºÅܤơA¤£¹L¥Ñ©óApple¤ÎMicrosoft
+ ªº§@·~¨t²Î³£ª½±µ¤ä´©¦¹¦r«¬®æ¦¡¡A©Ò¥H¨Ã¤£»Ý­n¦pPostScript
+ ¤@¼Ë¡A¥~±¾(Adobe)Type Manager¤§Ãþªºµ{¦¡¡C </para>
+ <para>WWW: <ulink url="http://www.microsoft.com/typography/users.htm">
+ Features of TrueType and OpenType</ulink></para>
+ </sect1>
+
+ <sect1 id="ttfm">
+ <title>ttfm - TrueType ¦r«¬ºÞ²z¤u¨ã</title>
+ <para>¥Ø«e¦³³\¦hµ{¦¡³£·|­n¨D¨Ï¥Î TTF ¦r«¬¡A©Ò¥H§Ú­Ì³Ì¦nÁÙ¬OÀ° X ¥[
+ ¤W¤¤¤åªº TTF ¦r«¬¤ä´©¡C¥Ø«e¦w¸Ë¦r«¬©Ò»Ýªº
+ <filename>fonts.dir</filename> ¤w¸g¤£»Ý­n
+ ¨Ï¥Î¼É¤Oªº¤èªk²£¥Í¡A¨Ï¥Î <application>ttfm</application>
+ ´N¥i¥H«Ü¶¶§QªººÞ²z©Ò¦³ªº¤¤¤å¦r
+ «¬¤F¡C¦Ó²{¦b¦b ports ¤¤ªº TrueType ¦r«¬¦³¤T®M¡A
+ <application>arphicttf</application>¡B
+ <application>moettf</application>¡B
+ <application>wangttf</application>¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/ttfm</filename>¡C</para>
+ <para>¦w¸Ë«á¥]§t¤F¡G</para>
+ <para><command>ttfinfo¡G</command>¤@­Ó¥i¥H¥Î¨ÓŪ¨ú ttf
+ ¦r«¬®æ¦¡¸ê°Tªº¤pµ{¦¡¡A½d¨Ò¦p¤U¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfinfo /usr/local/share/fonts/TrueType/bkai00mp.ttf</userinput>
+TTFINFO_FONT_FILE="/usr/local/share/fonts/TrueType/bkai00mp.ttf"
+TTFINFO_FONT_NAME="AR PL KaitiM Big5"
+TTFINFO_FONT_PSNAME="ZenKai-Medium"
+TTFINFO_FOUNDRY_NAME="Arphic"
+TTFINFO_WEIGHT_NAME="medium"
+TTFINFO_WIDTH="normal"
+TTFINFO_NUMCMAP="2"
+TTFINFO_CMAP0="1,0"
+TTFINFO_CMAPNAME0="Apple,Roman"
+TTFINFO_CMAP1="3,1"
+TTFINFO_CMAPNAME1="Windows,Unicode"
+TTFINFO_MAPNUM="1"
+TTFINFO_FONTMAP1="-Arphic-AR PL KaitiM Big5-medium-r-normal--0-0-0-0-c-0-big5-0"</screen>
+ <para><command>ttfinst.tk</command>¡G¹Ï§Î¤¶­±ªº tk script¡A
+ ¥i¥H¥Î¨Ó¦w¸Ë¦r«¬¡A¤£«Øij¨Ï¥Î¡C</para>
+ <para><command>ttfm.sh</command>¡Gshell script¡A¹w³Æ§@¬° ttf ¦r«¬Á`ºÞ¡C</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --help</userinput>
+True-Type Font Manager 0.9.3
+
+Usage: /usr/local/bin/ttfm.sh [option]
+
+ --add [module] &lt;file&gt;... install ttf font
+ --remove [module] &lt;file&gt;... remove ttf font from the system
+ --list &lt;module&gt;... list all ttf fonts on the system
+ --modules list all ttf manager modules on the system
+ --initm &lt;module&gt;.. initialize modules
+ --help show this info</screen>
+ <para>³o­Óµ{¦¡·|¥h§Q¥Î¦ì©ó
+ <filename>/usr/share/fonts/install/</filename> ©³¤U¥H
+ <filename>".ttfm"</filename> µ²§Àªº¥i°õ¦æÀɨӦw¸Ë¡B³]©w¦r«¬¡A
+ ³o¨Ç <filename>.ttfm</filename> ÀɮקںÙ
+ ¬° ttfm module¡A¥Ñ»Ý­n¨Ï¥Î¨ì ttf ¦r«¬ªºµ{¦¡´£¨Ñ¡A³o¨Ç¼Ò²Õ¥²
+ ¶·²Å¦X¥H¤U­n¨D¡G</para>
+ <itemizedlist>
+ <listitem><para>
+ ¥i¿W¥ß¨Ï¥Î¡A¤£¤@©w³z¹L <command>ttfm.sh</command> ©I¥s°õ¦æ¡C
+ </para></listitem>
+ <listitem><para>
+ ¤£¹ï¨t²Î¦r«¬¥Ø¿ý¦³¥ô¦ó¹w³]¡A¥uºÞ²z¦Û¤v¼Ò²Õ¦r«¬¥Ø¿ý¤UªºÀɮסC
+ </para></listitem>
+ <listitem><para>
+ ¹ï ttf Àɮצì¸m»Ý¨D¤£¦P©ó <command>ttfm.sh</command>
+ ¤¤ªº¨t²Î¦r«¬¥Ø¿ý®É¡A¥H
+ link ¤è¦¡³B²z¡A¤£ copy ttf ÀɮסA²¾°£¦r«¬®É¤£§ó°Ê¨t²Î¦r«¬¥Ø
+ ¿ý¤¤ªºÀɮסC
+ </para></listitem>
+ <listitem><para>
+ ´£¨Ñ¦Ü¤Ö¤U­±´X­Ó°Ñ¼Æ¨Ñ <command>ttfm.sh</command> ¨Ï¥Î¡G</para>
+ <programlisting>
+ --name Åã¥Ü¼Ò²Õ¦WºÙ
+ --list ¦C¥X¼Ò²ÕºÞ²zªº²{¦³¦r«¬»P¹ïÀ³ªº¦WºÙ
+ --add &lt;file&gt; ¼W¥[¦r«¬¡Afile ¬°¤@¦r«¬ÀɮצWºÙ¡A¦p
+ /mnt/windows/fonts/mingliu.ttc
+ --remove &lt;file&gt; ²¾°£¦r«¬¡Afile ¬°¦r«¬ÀɮצWºÙ¡A¥i¥H¬O
+ fullpath¡B¥ç¥i¥H¬O³æ¯ÂÀɮצW¡A¦p
+ /usr/local/share/fonts/TrueType/bkai00mp.ttf or bkai00mp.ttf
+ </programlisting>
+ </listitem>
+ </itemizedlist>
+ <para><application>ttfm</application> ±Ä¥Î¼Ò²Õ¤Æªº³]­p¡C
+ ¨C¤@­Ó»Ý­n¨Ï¥Î¨ì ttf ¦r«¬ªº
+ µ{¦¡³£¥i¥H´£¨Ñ <application>ttfm</application> ªº¼Ò²Õ¡A
+ µM«á«K¥i³z¹L <command>ttfm.sh</command> ¨Ó°µ¨ì
+ ¦r«¬ªº¦w¸Ë¡A²¾°£¡A¦Cªí¡A³]©w¹w³]¦r«¬µ¥ºÞ²zªº°Ê§@¡C
+ ¥Ø«e¤w¦³ªº <application>ttfm</application> ¼Ò²Õ¦³¡G</para>
+ <programlisting>
+abiword µ¹ AbiWord 0.7.12 ©Î¬O¥H¤Wªºª©¥»¨Ï¥Î¡C
+chitex ¦w¸Ë ChiTeX ¦r«¬ (by cwhuang)
+gscjk µ¹ Aladdin Ghostscript ¨Ï¥Î¡C¥i¥HºÞ²z TrueType ¦r«¬
+ ©M CID ¦r«¬¡AGhostscript ¥²¶·­×¸É¥i¥H¨Ï¥Î TrueType ¦r«¬¡C
+ttf2pk ¨Ñ freetype-contrib ªº ttf2tfm, ttf2pk ¨Ï¥Î (by cwhuang)
+xfreetype µ¹ XFree86's freetype backend¡A¦b 3.x ¬O Xfsft¡A
+ ¦b 4.x ¬O freetype ¼Ò²Õ¡C
+xttfm-tcl µ¹ XFree86 3.3.x X-TrueType server¡C
+xttfm ¦w¸Ëµ¹ X window ¥Îªº font.dir, font.alias (by ¤p¦ä)</programlisting>
+ <para>¤@¨Ç¨Ï¥Î½d¨Ò¡G</para>
+ <para>1. ¥[¤J¦r«¬¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --add &lt;path&gt;/bsmi00lp.ttf</userinput></screen>
+ <para>(xttfm ·|¥O xfs ­«·s¸ü¤J¦r«¬¦WºÙ¡C¦pªG±z¤£¬O¨Ï¥Î xfs¡A
+ ±z­n¦Û¤v¤U <command>xset fp rehash</command>
+ ¥O·sªº¦r«¬¦WºÙ¥Í®Ä¡A©ÎªÌ­«·s±Ò°Ê X Window )</para>
+ <para>2. ¦C¥X¦r«¬¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --list xttfm</userinput></screen>
+ <para>·|¦C¥X xttfm ¼Ò²Õ©Ò¦³¦w¸Ëªº¦r«¬¡C
+ ±z²{¦b¥i¥H¥Î <command>xlsfonts</command> ¬Ý¨ì³o¨Ç¦r«¬¦WºÙ¡C
+ ¨Ã¥i¥Î <command>xfd -fn &lt;¦r«¬¦WºÙ&gt;</command>
+ ¸Õ¸Õ¯à§_¬Ý¨ì¦r«¬¡C</para>
+ <para>3. ²¾°£¦r«¬¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --remove bsmi00lp.ttf</userinput></screen>
+ <para>³o¤£»Ý¦h°µ¸ÑÄÀ§a¡H</para>
+ <para>4. ³]©w¹w³]¦r«¬¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --setdefault xttfm bkai00mp.ttf</userinput></screen>
+ <para>±N xttfm ¼Ò²Õªº¹w³]¦r«¬§ó§ï¬°
+ bkai00mp.ttf ³o©Î³\¬O <application>ttfm</application>
+ ³Ì powerful ªº¥\¯à¤§¤@¤F¡C
+ ±z¥iµo²{ X Window ¹w³]ªº¤¤¤å¦r«¬³q³qÅܦ¨·¢Å骺¡C</para>
+ <para>ª`·N¹w³]¦r«¬¬O¸ò encoding ¦³Ãöªº¡C±z¥i¥H¹ï¤£¦Pªº
+ encoding ¤À§Oµ¹©w¹w³]¦r«¬¡C<application>ttfm</application>
+ ·|¦Û°Ê®Ú¾Ú©Òµ¹©w
+ ttf ¦Û°Ê§PÂ_À³³]©w¨ººØ encoding ªº¹w³]¦r«¬¡C
+ ¨Ò¦p <command>ttfm.sh --setdefault xttfm gkai00mp.ttf</command>
+ ·|³]©w GB ªº¹w³]¦r«¬¬°·¢Åé¡C </para>
+ <para>5. ¼Ò²Õªºªì©l¤Æ¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --initm &lt;module name&gt;...</userinput></screen>
+ <para>³o­Ó¥\¯à¬O¥Î¨Ó¦b¦w¸Ë¤@¼Ò²Õ®É¡A±N¨t²Î¤w¦³ªº
+ ttf ¦r«¬³q³q¦w¸Ë¨ì¸Ó¼Ò²Õ¤¤¡C
+ ¦pªG¤U: </para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --initm all</userinput></screen>
+ <para>·|¥O©Ò¦³¤w¦w¸Ëªº¼Ò²Õ³£°µªì©l¤Æªº°Ê§@¡C
+ (¤]´N¬O±N©Ò¦³¦r«¬¦w¸Ë¨ì©Ò¦³ªº¼Ò²Õ¤¤) </para>
+ <para>¦pªG±z¼¶¼g¤F¤@­Ó ttfm ªº¼Ò²Õ¡A½Ð°O±o¦b¦w¸Ë®É
+ °õ¦æ <command>ttfm.sh --initm &lt;±zªº¼Ò²Õ¦WºÙ&gt;</command></para>
+ <note><para>Ãö©ó TrueType ¦r«¬ªº³]©w¡A¦b±Ò°Ê±zªº X ¤§«e¡A
+ °O±oÀˬd <filename>/etc/XFree86</filename> ¤U­±¦³¨S¦³
+ <option>FontPath "/usr/X11R6/lib/X11/fonts/TrueType"</option>
+ ©Î¬O¦b <filename>~/.xinitrc</filename> ¤¤¥[¤W
+ <option>xset +fp /usr/X11R6/lib/X11/fonts/TrueType/ </option>¡C</note>
+ <screen>
+&prompt.root; <userinput>cvs -d :pserver:anonymous@cle.linux.org.tw:/var/lib/CVSROOT login</userinput>
+(Logging in to anonymous@cle.linux.org.tw)
+CVS password: <userinput></userinput>
+&prompt.root; <userinput>cvs -d :pserver:anonymous@cle.linux.org.tw:/var/lib/CVSROOT checkout ttfm</userinput> </screen>
+ <para>WWW: <ulink url="http://cle.linux.org.tw/cgi-bin/cvsweb.cgi/ttfm/">
+ ttfm project</ulink></para>
+ </sect1>
+
+ <sect1 id="mingliu">
+ <title>mingliu - ·L³n²Ó©úÅé TrueType ¦r«¬</title>
+ <para>Contributed by EricCheng</para>
+ <para>Last Update: 2003¦~ 9¤ë21¤é ©P¤é 21®É13¤À54¬í CST</para>
+ <para>mingliu ¬O·L³n¦VµØ±dÁʶRªº¤¤¤åÁcÅé¦r«¬¡A
+ ¤]¬O Windows ¨Ï¥ÎªÌ³Ì²ßºDªº¹q¸£¦r¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/mingliu</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>mingliu.ttc ¦³¨â­Ó faces¡A²Ä¹s­Ó face ¬O
+ ²Ó©úÅé(MingLiU)¡A­^¤å¦r«¬¬Oµ¥¼eªº¡A
+ ²Ä¤@­Ó¬O·s²Ó©úÅé(PMingLiU)¡A¤£µ¥¼eªº­^¤å¦r«¬¡A
+ ¹w³]·|¨Ï¥Î²Ä¹s­Ó¡A¦pªG­n¨Ï¥Î·s²Ó©úÅ骺¸Ü¡A¥²¶·¥t¥~³]©w¡C</para>
+ <para>²Ó©úÅé¦b 11, 12, 13, 15, 16, 20 ÂIªº¤j¤p¦³¯S§O°µ¤º´OªºÂI°}¦r¡A
+ ´«¥y¸Ü»¡¡A¥Ñ©ó¤¤¤å¦rªº hinting ¤£©ö¡A¦³®ÉÂI°}¦r·|¤ñ¸û¦³®Ä¡C
+ ¤S¦]¬°·s²Ó©úÅé¨Ï¥Î¤F bytecode ¨Ó²Õ¦Xµ§¹º¡A
+ ¨S¦³½s¶i bytecode interpreter ªº freetype ª©¥»¦b render ªº®É­Ô¡A
+ ´N·|¸H±¼¡C
+ ¦b¥Ø«e ports/print/freetype2 ¤¤¡A¹w³]·|§Q¥Î
+ files/patch-include::freetype::config::ftoption.h ±N
+ TT_CONFIG_OPTION_BYTECODE_INTERPRETER ¥´¶}¡C</para>
+ <para>³]©wÅý²Ó©úÅé¦b³o¨Ç¤j¤p®É¡AÅã¥Ü¤º«ØªºÂI°}¦r¦Ó¤£­n¥Î anti-aliased¡A
+ ¦b ~/.fonts.conf ¥[¤J¡G</para>
+ <programlisting>
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;MingLiU&lt;/string&gt;&lt;/test&gt;
+ &lt;edit name="antialias"&gt;&lt;bool&gt;true&lt;/bool&gt;&lt;/edit&gt;
+ &lt;edit name="hinting"&gt;&lt;bool&gt;true&lt;/bool&gt;&lt;/edit&gt;
+ &lt;edit name="autohint"&gt;&lt;bool&gt;false&lt;/bool&gt;&lt;/edit&gt;
+ &lt;/match&gt;
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;MingLiU&lt;/string&gt;&lt;/test&gt;
+ &lt;test name="size" compare="less_eq"&gt;&lt;int&gt;12&lt;/int&gt;&lt;/test&gt;
+ &lt;edit name="antialias" mode="assign"&gt;&lt;bool&gt;false&lt;/bool&gt;&lt;/edit&gt;
+ &lt;edit name="hinting" mode="assign"&gt;&lt;bool&gt;true&lt;/bool&gt;&lt;/edit&gt;
+ &lt;/match&gt;</programlisting>
+ <para>¦]¬° MingLiU «ÅºÙ¦Û¤v¬O monospaced ¦r«¬¡A
+ ¦ý¹ê»Ú¤W¥¦¦³¨âºØ©T©w¼e«×¡G¤¤¤åªº¥þ§Î¥H¤Î­^¤åªº¥b§Î¡A
+ ³y¦¨ freetype »~§P©Ò¦³¦r³£¬O¸ò¤¤¤åªº¥þ§Î¤@¼Ë¼e¡A
+ ¨Ï±o­^¤å¦r©M¤¤¤å¦r·|µ¥¼e¡C</para>
+ <para>¥i¥H­×§ï freetype ªº globaladvance flag ©Î¬O spacing¡A
+ 0 ¬O proportional ªº spacing¡A100 ¬O mono¡A110 ¬O charcell¡G</para>
+ <programlisting>
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;MingLiU&lt;/string&gt;&lt;/test&gt;
+ &lt;edit name="globaladvance"&gt;&lt;bool&gt;false&lt;/bool&gt;&lt;/edit&gt;
+ &lt;/match&gt;
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;MingLiU&lt;/string&gt;&lt;/test&gt;
+ &lt;edit name="spacing"&gt;&lt;int&gt;0&lt;/int&gt;&lt;/edit&gt;
+ &lt;/match&gt;</programlisting>
+ <note><para>°O±o¦b ~/.fonts.conf ªºÀY§À¥[¤W</para>
+ <programlisting>
+&lt;?xml version="1.0"?&gt;
+&lt;!DOCTYPE fontconfig SYSTEM "fonts.dtd"&gt;
+&lt;fontconfig&gt;
+...
+&lt;/fontconfig&gt;</programlisting></note>
+ <para>¦b X11 Core Font ¤W¡A«h¬O§Q¥Î xtt ªº¥\¯à¨Ó¿ï¨ú Face 1 ªº
+ PMingLiU ¨ÓÅã¥Ü¡A¤]´N¬O¦b³Ì«e­±¥[¤W fn=1¡A¨ÃÀˬd
+ Spacing Äæ¦ì¬O§_¬° p¡AMingLiU ªº Spacing Äæ¦ì¬O m¡C
+ ¦pªG¦w¸Ë <filename role="package">chinese/ttfm</filename> ·|¦Û°Ê¥[¤J¨â­Ó face¡C</para>
+ <programlisting>
+mingliu.ttc -DynaLab-MingLiU-medium-r-normal--0-0-0-0-m-0-iso8859-1
+fn=1:mingliu.ttc -DynaLab-PMingLiU-medium-r-normal--0-0-0-0-p-0-iso8859-1</programlisting>
+ <para>WWW: <ulink url=" http://fractal.csie.org/~eric/wiki/wiki.phtml?title=Fontconfig">
+ EricCheng Fontconfig</ulink></para>
+ </sect1>
+
+ <sect1 id="simsun">
+ <title>simsun - ·L³n§ºÅé TrueType ¦r«¬</title>
+ <para>simsun ¬O·L³n¦V ZHONGYI Electronic Co. ÁʶRªº¤¤¤å²Åé¦r«¬¡A
+ ¤]¬O Windows ¨Ï¥ÎªÌ³Ì²ßºDªº¹q¸£¦r¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/simsun</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>simsun.ttc ¦³¨â­Ó faces¡A²Ä¹s­Ó face ¬O
+ SimSun¡A­^¤å¦r«¬¬O¤£µ¥¼eªº¡A
+ ²Ä¤@­Ó¬ONSimSun¡Aµ¥¼eªº­^¤å¦r«¬¡A
+ ¹w³]·|¨Ï¥Î²Ä¹s­Ó¡A¦pªG­n¨Ï¥ÎNSimSunªº¸Ü¡A¥²¶·¥t¥~³]©w¡C</para>
+ <para>¦]¬° NSimSun «ÅºÙ¦Û¤v¬O monospaced ¦r«¬¡A
+ ¦ý¹ê»Ú¤W¥¦¦³¨âºØ©T©w¼e«×¡G¤¤¤åªº¥þ§Î¥H¤Î­^¤åªº¥b§Î¡A
+ ³y¦¨ freetype »~§P©Ò¦³¦r³£¬O¸ò¤¤¤åªº¥þ§Î¤@¼Ë¼e¡A
+ ¨Ï±o­^¤å¦r©M¤¤¤å¦r·|µ¥¼e¡C</para>
+ <para>¥i¥H­×§ï freetype ªº globaladvance flag ©Î¬O spacing¡A
+ 0 ¬O proportional ªº spacing¡A100 ¬O mono¡A110 ¬O charcell¡G</para>
+ <programlisting>
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;NSimSun&lt;/string&gt;&lt;/test&gt;
+ &lt;edit name="globaladvance"&gt;&lt;bool&gt;false&lt;/bool&gt;&lt;/edit&gt;
+ &lt;/match&gt;
+ &lt;match target="font"&gt;
+ &lt;test name="family"&gt;&lt;string&gt;NSimSun&lt;/string&gt;&lt;/test&gt;
+ &lt;edit name="spacing"&gt;&lt;int&gt;0&lt;/int&gt;&lt;/edit&gt;
+ &lt;/match&gt;</programlisting>
+ <note><para>°O±o¦b ~/.fonts.conf ªºÀY§À¥[¤W</para>
+ <programlisting>
+&lt;?xml version="1.0"?&gt;
+&lt;!DOCTYPE fontconfig SYSTEM "fonts.dtd"&gt;
+&lt;fontconfig&gt;
+...
+&lt;/fontconfig&gt;</programlisting></note>
+ <para>­Y­n¨Ï¥Îµ¥¼eªº NSimSun¡A¦b X11 Core Font ¤W¡A
+ «h¬O xtt ªº¥\¯à¨Ó¿ï¨ú Face 1 ªº
+ NSimSun ¨ÓÅã¥Ü¡A¤]´N¬O¦b³Ì«e­±¥[¤W fn=1¡A¨ÃÀˬd
+ Spacing Äæ¦ì¬O§_¬° m¡ASimSun ªº Spacing Äæ¦ì¬O p¡C
+ ¦pªG¦w¸Ë <filename role="package">chinese/ttfm</filename> ·|¦Û°Ê¥[¤J¨â­Ó face¡C</para>
+ <programlisting>
+simsun.ttc -misc-SimSun-medium-r-normal--0-0-0-0-p-0-iso8859-1
+fn=1:simsun.ttc -misc-NSimSun-medium-r-normal--0-0-0-0-m-0-iso8859-1</programlisting>
+ </sect1>
+
+ <sect1 id="minguni">
+ <title>mingunittf - ­»´ä¸É¼W¦r²Å¶°2001</title>
+ <para>mingunittf ¥]§t¤F­»´ä¸É¼W¦r²Å¶°2001ªº©Ò¦³¦r¡C</para>
+ <para>mingunittf ªº¦w¸Ë:</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/mingunittf</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>¥Ñ©ó·f°t ttfm ªº xttfm ¼Ò²Õ¡A¦]¦¹¦b <filename>XF86Config</filename>
+ ¸Ì­±¤@©w­n <option>Load "xtt"</option> ¤~¦æ¡C</para>
+ </sect1>
+
+ <sect1 id="moettf">
+ <title>moettf - ¥xÆW±Ð¨|³¡¼Ð·Ç TrueType ¦r«¬</title>
+ <para><application>moettf</application> ¥xÆW±Ð¨|³¡¼Ð·Ç·¢®Ñ¡B§ºÅé
+ ttf ¦r§ÎÀÉ¡A²{¦b¤S¥[¤F¨â­Ó¦r«¬
+ <filename>moe_sungext.ttf</filename> ©M
+ <filename>moe_sungsym.ttf</filename>¡AÁöµM¦r«¬¬O BIG5 ½s½X¡A
+ ¦r¤¸©M²Å¸¹¦b CNS ¤¤ÁÙ¬O°¸¦Ó·|¥Î¨ì¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/moettf</filename>¡C</para>
+ <para>¥H¤U«ö·Ó¦~¥N»¡©ú</para>
+ <programlisting>
+85.12.03 °ê¦r¼Ð·Ç¦rÅé·¢®Ñ¥À½Z
+85.12.03 °ê¦r¼Ð·Ç¦rÅ駺Åé¥À½Z
+85.12.05 °ê¦r¤èÅé¥À½Z</programlisting>
+ <para>³o®É Wukai ±q±Ð¨|³¡ªº¼Ð·Ç¦rÅéÂন¨â­Ó ttf¡A
+ <ulink url="http://bbs.ee.ntu.edu.tw/boards/Linux/7/8/4.html">
+ http://bbs.ee.ntu.edu.tw/boards/Linux/7/8/4.html</ulink>
+ ¡A¤]´N¬O²Ä¤@ª©ªº moe_kai.ttf »P moe_sung.ttf¡A
+ moe_sung ªº¦r¼Æ¬O 13865¡Amoe_kai ªº¦r¼Æ¬O 13849 ¤Ö¤F´X­Ó¯S§O½ÆÂøªº¦r¡A
+ ³o¬O±Ð¨|³¡­ì©l´£¨Ñªº¦r­±¥À½Zªº¤Ö¤Fªº¡A¤£¬OÂà´«¹Lµ{¤¤ lost ±¼ªº¡C</para>
+ <programlisting>
+87.12.28 °ê¦rÁõ®Ñ¥À½Z
+88.05.20 °ê¦r¼Ð·Ç¦rÅ駺Åé¥À½Z¼W¸É½s</programlisting>
+ <para>³o¨â­Ó´N¬O«á¨Ó¼W¥[ªº edustd-15.exe¡Bedustds1.exe¡Bedustds2.exe¡A
+ ¤]´N¬O«á¨Óªº²Ä¤Gª©¡C</para>
+ <programlisting>
+92.02 ±Ð¨|³¡·¢®Ñ¦r§ÎÀÉ</programlisting>
+ <para>³o­Ó«h¬O³Ìªñ·s¼WªºÀɮסA«~½è¤ñ·¢®Ñ¥À½Z¦n«Ü¦h¡A
+ ¦³ Big5 ©M Unicode ª©¡C·íµM¦³¾÷·|¨ú¥N­ì moe_kai.ttf¡A
+ ¤£¹LÁٻݭn¤ñ¸û¦r¼Æµ¥¥i¯à°ÝÃD¡C</para>
+ <para>Á`µ²¡G¥Ø«e¦b ports/chinese/moettf ¤¤¦³¤­­ÓÀɮסA¤è§O¬O</para>
+ <programlisting>
+ 2059101 edustd-15.exe ±Ð¨|³¡Áõ®Ñ¦r§ÎÀÉ[µù1]
+ 1971355 edustds1.exe ±Ð¨|³¡¼Ð§ºÅé¼W¸É½s¦r§ÎÀÉ[µù2]
+ 139950 edustds2.exe ±Ð¨|³¡¼Ð§ºÅé¼W¸É½s¦r§ÎÀÉ[µù2]
+ 9194491 moe_kai.ttf °ê¦r¼Ð·Ç¦rÅé·¢®Ñ¥À½Z[µù3]
+ 8647174 moe_sung.ttf °ê¦r¼Ð·Ç¦rÅ駺Åé¥À½Z[µù3]
+
+ [µù1] http://www.edu.tw/mandr/allbook/lishu/lishu.htm
+ [µù2] http://www.edu.tw/mandr/result/5879/5879.html
+ [µù3] http://www.edu.tw/mandr/bbs/1-4-2/ksf.html</programlisting>
+ <para>¦ý¬O¦b±Ð¨|³¡·¢®Ñ¦r§ÎÀÉ[µù4]¡A¬Ý¨ì¤T­Ó¤£¦Pªº·¢®Ñ¦r«¬¡H</para>
+ <programlisting>
+13842688 kai-pc.ttf PC ª©(92.2) Windows ¨t²Î¾A¥Î
+13837924 kai-linux.ttf Linux ª©(92.2) Linux§@·~Àô¹Ò¾A¥Î
+ 9300584 ct.sit MAC ª©(92.2) APPLE¹q¸£¾A¥Î
+
+ [µù4] http://www.edu.tw/mandr/bbs/1-4-2/kai.htm</programlisting>
+ <figure>
+ <title>moettf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/moettf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.edu.tw/mandr/bbs/1-4-2/1-4-2.html">
+ ±Ð¨|³¡°ê¦r¼Ð·Ç¦rÅ餽§i</ulink></para>
+ <para>
+ </sect1>
+
+ <sect1 id="arphicttf">
+ <title>arphicttf - ¤å¹©¬ì§Þ TrueType ¦r«¬</title>
+ <para><application>arphicttf</application> ¬O¥Ñ¤å¹©¬ì§Þ´£¨Ñ¡A
+ ¥]§t¤å¹©PL²Ó¤W®ü§º¡A¤å¹©PL¤¤·¢
+ ¡]BIG-5½X¡^©M¤å¹©PL²³ø§º¡B¤å¹©PL²¤¤·¢¡]GB½X¡^¡C¥¦¥i¥H³Q¥Î¨Ó
+ §@¬° X Window ¨t²Î©Î¬O±Æª©³nÅé¨Ò¦p
+ <application>CJK</application>¡C·PÁ¤幩¬ì§Þ¡A±z¥i¥H
+ ¦b GPL-base ª©Åv¤U¦Û¥Ñ´²§G³o¨Ç°ª«~½èªº¦r«¬¡C
+ <filename>ARPHIC_*.TXT</filename> ¦³§ó¸Ô²Óªº¤å¥ó¡C</para>
+ <note><para>ºÉ¶qÁקK¨Ï¥Î¤å¹©PL²Ó¤W®ü§º©ó±Ð¨|¥Î³~¡A
+ ¸Ó¦r«¬¦³³\¦h¦rªº¦r§Î·|³y¦¨±Ð¨|¥Î³~¤Wªº»~¾É¡A
+ ¬°¤FÁקK»~¤H¤l§Ì¡AºÉ¥i¯àªº¤£­n¨Ï¥Î¸Ó¦rÅé¡C
+ ¨ä¤¤²Ó¤W®ü§ºªº³¡¥÷¬O±Ä¥Î¹ï©¤ªººD¥ÎªºÁcÅé¼gªk¡A©M¥xÆWªº¼gªk¨Ã¤£¬Û¦P¡A
+ ³ÌÅãµÛªº¨Ò¤l¬O¡y¨¤¡z¡A¤¤¶¡ªº¡y¤g¡z¤¤¶¡¬OÁa¬ïªº¡A
+ ¤j®a¥i¥H©M MS ªº·s²Ó©ú¤ñ¸û«K¥iª¾¹D¡C¦ý¤¤·¢ªº³¡¥÷«hµL¦¹±¡§Î¡C
+ ¦]¦¹¡A´£¿ô¤j®a¡A¦pªG¬O¥Î¦b¾Ç®Õ¡B¤½°È³æ¦ì¡A©Î®a¸Ì¦³¦b¾Ç¤l§Ì¦b¨Ï¥Îªº¸Ü¡A
+ «ØijºÉ¶qÁקK¨Ï¥Î²Ó¤W®ü§º¡A§ï±Ä¤¤·¢¡A©Î¥t¦æÁʸm¥xÆW³q¥Îªº¦r«¬¡C
+ ¯à«O¯d¤¤¤åÁcÅ骺¥¿Åé¼gªkªº°ê®a¡A¤j·§´N¥u³Ñ¥xÆW¤F¡A
+ ½Ð¤j®a¦n¦n·RÅ@§Ú­Ìªº¬Ã¶Q¤å¤Æ¿ò²£¡C
+ ÁÙ¦³¤@¨Ç¥xÆWÁcÅé»P¤j³°ÁcÅ骺¼gªk®t²§¡A
+ ¡u°©¡v¡B¡uÅé¡v¡B¡u¹L¡v¦rµ¥µ¥¡A¡u¢z¡v¨º¨â¹º³Q²¤Æ¦¨¤@¹º¡AÅܦ¨¡u¢{¡v¡C
+ ¯óªáÀY¡G¥xÆW¼Ð·Ç¼gªk¬O ¡u¤Q¤Q¡v¡A¤j³°¼Ð·Ç¼gªk¬O¡u¤{¡v(¥|¹º --> ¤T¹º)¡C
+ ¡u§d¡v¦r¡A¤j³°¼Ð·Ç¼gªk¬O¡u¤f¤Ñ¡v¡A¡u®T¡B»~¡vµ¥¦r¦P¨Ò¡C
+ ¡u¥R¡v¦r¡A¥xÆW¤­¹º (¾î£ª)¡A­»´ä©M¤j³°¤»¹º (ÂI¾î£ª)¡C
+ ¡u³o¡v¦r³¡­º¡A¥xÆW¥|¹º (ÂI¢²±Ì¡^¡A¤j³°¤T¹º (ÂI¢¶±Ì)¡C
+ ¡u¥H¡v¦r¡A¥xÆW¤­¹º¡A¤j³°¥|¹º (³Ì¥ªÃ䪺¨â¹º³sµ§)¡C</para></note>
+ <para>¦w¸Ë <filename role="package">chinese/arphicttf</filename>¡C</para>
+ <para>¥H¤Uªí®æ¦¡¾ã²z¹L«áªº¤å¹©¦rÅé³t¬dªí¡A
+ ·|¦³¨â­Ó Font Family ¬O¦]¬°­^¤åªº¬O
+ <option>Microsoft,Unicode,English - United States</option>
+ ªº¸ê°T¡A±`¥Î©ó gtk2 µ¥¦r«¬³]©w¡A
+ ¤¤¤åªº«h¬O <option>Microsoft,Unicode,Chinese - Taiwan</option>
+ ªº¸ê°T¡A³q±`¬O utf8 ½s½X¡A±`¥Î©ó openoffice ªº¦r«¬³]©w¡A
+ Font Family, Unique subfamily identification, Full name
+ ªº¸ê°T³q±`³£·|¬Û¦P¡C</para>
+ <table>
+ <title>¤å¹©¦rÅé³t¬dªí</title>
+ <tgroup cols="4">
+ <thead>
+ <row>
+ <entry>ÀɦW</entry>
+ <entry>PostScript name</entry>
+ <entry>Font Family</entry>
+ <entry>Font Family</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>bkai00mp</entry>
+ <entry>ZenKai-Medium</entry>
+ <entry>AR PL KaitiM Big5</entry>
+ <entry>¤å¹©¢Þ¢Ú¤¤·¢</entry>
+ </row>
+ <row>
+ <entry>bsmi00lp</entry>
+ <entry>ShanHeiSun-Light</entry>
+ <entry>AR PL Mingti2L Big5</entry>
+ <entry>¤å¹©¢Þ¢Ú²Ó¤W®ü§º</entry>
+ </row>
+ <row>
+ <entry>gkai00mp</entry>
+ <entry>GBZenKai-Medium</entry>
+ <entry>AR PL KaitiM GB</entry>
+ <entry>¤å¹©¢Þ¢Ú²¤¤·¢</entry>
+ </row>
+ <row>
+ <entry>gbsn00lp</entry>
+ <entry>BousungEG-Light-GB</entry>
+ <entry>AR PL SungtiL GB</entry>
+ <entry>¤å¹©¢Þ¢Ú²³ø§º</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <figure>
+ <title>arphicttf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/arphicttf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.arphic.com.tw/">¤å¹©¬ì§Þ</ulink></para>
+ </sect1>
+
+ <sect1 id="wangttf">
+ <title>wangttf - ¤ýº~©v±Ð±Â TrueType ¦r«¬</title>
+ <para><application>wangttf</application> ¥Ñ
+ Dr. Hann-Tzong Wang ´£¨Ñªº¦r«¬¡A¥i¥H¬Ý¬Ý
+ <filename>wangttf.txt</filename> ±o¨ì§ó¸Ô²Óªº¸ê°T¡A
+ ¤£¹L¦w¸Ë°_¨Ó¦³ 80MB¡A©Ò¥H½Ð·r°u«á¦A¨Ï¥Î¡C
+ Ä~ ¤å¹©¬ì§Þ ®½¥X¥|®M¦r§Î¤§«á¡A
+ ¬ãµo¤ÑÅú¦r®wªº¤¤­ì¤j¾Ç¼Æ¾Ç¨t¤ýº~©v±Ð±Â¡A
+ ¤]®½¥X¤Q®M¦r«¬¡Aµ¹ Linux ªÀ¸s¨Ï¥Î¡Cª©Åv±Ä¥Î GPL ÄÀ¥X¡C
+ ¤ýº~©v±Ð±Â®½¥X¤F¥H¤U¤QºØ¦r«¬¡G
+ ¤ýº~©v·s¼éÅé--ªi®ö¡B
+ ¤ýº~©v¯S©úÅé--¼Ð·Ç¡B
+ ¤ýº~©vªi¥dÅé--ªÅ³±¡B
+ ¤ýº~©vºîÃÀÅé--ÂùªÅ³±¡B
+ ¤ýº~©v¼Ð·¢Åé--ªÅ¤ß¡B
+ ¤ýº~©v¥é§ºÅé--¼Ð·Ç¡B
+ ¤ýº~©v²Ê¿ûÅé--¼Ð·Ç¡B
+ ¤ýº~©v²Ê¶ÂÅé--¹ê³±¡B
+ ¤ýº~©v²Ê¶êÅé--ÂùªÅ¡B
+ ¤ýº~©v®ü³øÅé--¥b¤Ñ¤ô¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/wangttf</filename>¡C</para>
+ <figure>
+ <title>wangttf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/wangttf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="ntuttf">
+ <title>ntuttf - ¥x¤j¦r«¬</title>
+ <para>Date: Thu, 17 Mar 94 14:18:18 CST</para>
+ <para>From: Lin YawJen &lt;f1506015@csman.csie.ntu.edu.tw&gt;
+ <para>HISTORY: I had written a program to convert fonts from
+ large bitmap into TrueTypefor MS-Windows. For Mac, see
+ ifcss.org:/software/fonts/mac/ the bitmaps came
+ from DYNAFONT (Hua2 Kang1) and ETen..</para>
+ <para>This is the critical point of this product.</para>
+ <para>Font styles includes:</para>
+ <programlisting>
+kai: ·¢®Ñ
+br: ²Ê¶ê
+fs_m: ¥é§º±`¥Î
+li_m:Áõ®Ñ±`¥Î
+mb: ¤¤¶Â
+mm:¤¤©ú
+mr:¤¤¶ê
+tw: ·¥²Ó</programlisting>
+ <para>COPYRIGHT: These fonts are created by Mr. Lin Yaw-JenAll Right reserved.
+ These fonts must not be used for any commercial activities.</para>
+ <programlisting>
+Lab of OA Network
+Home: 4F, No. 12-2 Alley 2 Lane 250 Sec 5 Nanking East Rd.
+Department of Computer Science and Information Engineering
+Taipei Taiwan R.O.C National Taiwan University
+Tel: 886-2-7641236 Taipei Taiwan R.O.C
+Fax: 886-2-760184 Email: f1506015@csman.csie.ntu.edu.tw</programlisting>
+ <para>¦w¸Ë <filename role="package">chinese/ntuttf</filename>¡C</para>
+ <figure>
+ <title>ntuttf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/ntuttf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="ftp://cle.linux.org.tw/pub/fonts/ttf/source/ntu/ctlg.html">
+ ntu ctlg</ulink></para>
+ </sect1>
+
+ <sect1 id="oto">
+ <title>oto - Open Type Organizer µ{¦¡</title>
+ <para>Joe Man post ¨ì zh-l10n ªº¤å³¹¤¤¸`¿ý³¡¤À¦p¤U: </para>
+ <para>Open Type Organizer(oto) ³o­Ó¤p¤pµ{¦¡µw¬O­n±o¡I
+ ¥¦¥i¥H±N­ì¥»¥u¦³ big5 ©Î gb ½s½Xªº TrueType ¦r¦A¥[¤J¤@­Ó
+ unicode ½s½X¡A¦ýµ´¹ï¤£·|ÅͶí쥻ªº¦r«¬¡C[big5 ³¡¥÷¬O¥Ñ§Ú­×¥¿ªº¡A
+ ½Ð¤j®aÀ°¦£´ú¸Õ :)] ³o­Ó¤è®×ÁÙ¦³¤@­Ó¦n³B... ¦] OpenOffice ¥u»{
+ Unicode ½s½Xªº TrueType ¦r¡A¤Þ¦Ü«Ü¦h Big5 ½s½Xªº¦r¤£¯à¥Î¡C
+ ²{¦b¥u­n±NÂàÅܫ᪺¦r§Û¨ì OpenOffice ¤Uªº share/fonts/truetype/
+ ´N¥i¥H¥Î¤F¡C¦n¡I §Ú¤w¸g´ú¸Õ¤F´X­Ó¤ýº~©v±Ð±Âªº¦r«¬¡A
+ (½T«Yè°)¡I---¼sªF¸Ü :) </para>
+ <para>¦w¸Ë <filename role="package">chinese/oto</filename>¡C</para>
+ <para>wangttf ªº¦r«¬¥u¦³ Big5 ½s½X¡A©Ò¥H§Ú­ÌÀ°¦o¥[¤W
+ Unicode ½s½X¡C</para>
+ <screen>
+&prompt.root; <userinput>oto wcl-01.ttf wcl-01-unicode.ttf</userinput>
+&prompt.root; <userinput>ttfinfo wcl-01.ttf</userinput>
+TTFINFO_FONT_FILE="wcl-01.ttf"
+TTFINFO_FONT_NAME="unknown"
+TTFINFO_FONT_PSNAME="unknown"
+TTFINFO_FOUNDRY_NAME="misc"
+TTFINFO_WEIGHT_NAME="medium"
+TTFINFO_WIDTH="normal"
+TTFINFO_NUMCMAP="1"
+TTFINFO_CMAP0="3,4"
+TTFINFO_CMAPNAME0="Windows,Big 5"
+TTFINFO_MAPNUM="1"
+TTFINFO_FONTMAP1="-misc-unknown-medium-r-normal--0-0-0-0-c-0-big5-0"
+&prompt.root; <userinput>ttfinfo wcl-01-unicode.ttf</userinput>
+TTFINFO_FONT_FILE="wcl-01-2.ttf"
+TTFINFO_FONT_NAME="unknown"
+TTFINFO_FONT_PSNAME="unknown"
+TTFINFO_FOUNDRY_NAME="misc"
+TTFINFO_WEIGHT_NAME="medium"
+TTFINFO_WIDTH="normal"
+TTFINFO_NUMCMAP="2"
+TTFINFO_CMAP0="3,1"
+TTFINFO_CMAPNAME0="Windows,Unicode"
+TTFINFO_CMAP1="3,4"
+TTFINFO_CMAPNAME1="Windows,Big 5"
+TTFINFO_MAPNUM="1"
+TTFINFO_FONTMAP1="-misc-unknown-medium-r-normal--0-0-0-0-c-0-big5-0"</screen>
+ <para>oto ¥t¥~¤@­Ó¦n¥Îªº¥\¯à´N¬O¯à­×§ï¦r«¬ªºÄÝ©Ê¡G</para>
+ <screen>
+&prompt.user; <userinput>oto NTU_KAI.TTF > test</userinput>
+&prompt.user; <userinput>iconv -f utf-8 -t big5 test > test.big5</userinput>
+&prompt.user; <userinput>vi test.big5</userinput>
+&prompt.user; <userinput>iconv -f big5 -t utf-8 test.big5 > test.utf-8</userinput>
+&prompt.user; <userinput>oto NTU_KAI.TTF ntu-kai-new.ttf --names test.utf-8</userinput></screen>
+ <para>½s¿è test.big5 §â
+ <option>(Microsoft,Unicode,Chinese - Taiwan) .... at ...:</option>
+ §ï¦¨±z·Q­nÅã¥Üªº¦r¡A¨Ï¥Î iconv ¥i¯à­nª`·N¨Ã«D¾ã­ÓÀɳ£¬O utf-8 ½s½Xªº¡A
+ ¤j·§§â Unicode ¨º¨Ç°Ï¬q¦Û¤v§ä¥X¨ÓÂন big5 ½s¿è«á¦A¼g¦^¥h¡A
+ ³Ì«á¦A·f°t --names ¨Ó§âÄݩʧﱼ¡C</para>
+ <para>¥H¤U¬O Edward G.J. Lee¡]§õªG¥¿¡^ ©Ò°^Ämªº¡C</para>
+ <para>Pfaedit ¤]¬O¥i¥H­×§ï¦r«¬ªºÄÝ©Ê</para>
+ <programlisting>
+#!/usr/bin/env pfaedit
+# Reencoding a font to Unicode TTF.
+# By Edward G.J. Lee, this code is public domain.
+# $1: your TTF name.
+
+if ($argc != 2)
+ Print("usage: ", $0, " your.tt[fc]")
+ Quit(1)
+endif
+
+Print("Loading ", $1, "...")
+Open($1)
+
+SetFontNames("myfont","myfont","myfont")
+
+Reencode("iso10646-1")
+
+ClearHints()
+Print("Generating fonts...")
+Generate($1 + ".ttf")
+
+Close()
+Quit(0)</programlisting>
+ <para>chmod +x unifont.pe ´N¥i¥H°õ¦æ¤F(Unix-like ¨t²Î/Àô¹Ò)¡C³o­Ó script
+ ·|§â¤£¬O Unicode ªº TTF Âন Unicode TTF¡C¨ä¤¤ ps name ªº³¡¥÷½Ð¦Û
+ ¦æ§ó§ï¡A§Ú³o¸Ì¬O¨Ï¥Î myfont¡C</para>
+ <para>./unifont.pe your.ttf</para>
+ <para>´N¥i¥H¤F¡A·|²£¥Í your.ttf.ttf¡A¦A¦Û¦æ§ó§ïÀɦW¡C</para>
+ <para>WWW: <ulink url="http://sourceforge.net/projects/oto">
+ oto project</ulink></para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/l10n.sgml b/zh_TW.Big5/books/zh-tut/chapters/l10n.sgml
new file mode 100644
index 0000000000..e1182905d9
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/l10n.sgml
@@ -0,0 +1,653 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: l10n.sgml,v 1.48 2003/11/16 13:15:51 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="l10n">
+ <title>FreeBSD ªº¤¤¤å¤Æ</title>
+ <para>¦pªG±zÁÙª¾¹D¦³¨º¨Ç FreeBSD ¤¤¤å¤Æªº­pµe¡A½Ð§i¶D§Ú
+ &a.statue;¡C
+ </para>
+
+ <sect1 id="cfdp">
+ <title>FreeBSD ¤¤¤å¤å¥ó­pµe</title>
+ <para>
+ FreeBSD ¤¤¤å¤å¥ó­pµe(FDP)¥Ø«e¥¿¥þ¤O¶i¦æ©ó FreeBSD Handbook ¤å
+ ¥óªº¤¤¤å½Ķ¤u§@¡A¥¦ªººô§}¬O
+ <ulink url="http://freebsd.sinica.edu.tw/~ncvs/zh-translation/">
+ http://freebsd.sinica.edu.tw/~ncvs/zh-translation/</ulink>¡C </para>
+ <para>
+ ¥Ø«e¦b CFDP ©³¤U¦³¤T­Ó¤å¥ó¡Adoc¡Bzh-l10n-tut¡Bzh-tut
+ ©M¤@­Ó outta-port¡C </para>
+ <para>cvsup ¨ú±o¤è¦¡¡G</para>
+ <screen>
+&prompt.user; <userinput>fetch ftp://freebsd.sinica.edu.tw/pub/ycheng/CVSUP/outta-port.supfile</userinput>
+&prompt.user; <userinput>fetch ftp://freebsd.sinica.edu.tw/pub/ycheng/CVSUP/zh-doc-all.supfile</userinput>
+&prompt.user; <userinput>fetch ftp://freebsd.sinica.edu.tw/pub/ycheng/CVSUP/zh-l10n-tut.supfile</userinput>
+&prompt.user; <userinput>fetch ftp://freebsd.sinica.edu.tw/pub/ycheng/CVSUP/zh-tut.supfile</userinput>
+&prompt.user; <userinput>cvsup -g zh-tut.supfile</userinput>
+ </screen>
+ <para>cvs ¨ú±o¤è¦¡¡G¤À§O¬° doc/zh¡Bzh-l10n-tut¡Bzh-tut¡Boutta-port</para>
+ <screen>
+&prompt.user; <userinput>cvs -d :pserver:anoncvs@freebsd.sinica.edu.tw:/home1/ncvs login</userinput>
+(Logging in to anoncvs@freebsd.sinica.edu.tw)
+CVS password: <userinput>anoncvs</userinput>
+&prompt.user; <userinput>cvs -d :pserver:anoncvs@freebsd.sinica.edu.tw:/home1/ncvs checkout zh-tut</userinput> </screen>
+ </sect1>
+
+ <sect1 id="proj">
+ <title>FreeBSD ¤¤¤å¤Æ­p¹º</title>
+ <para>
+ ¤U¦C¦aÂI¥i§ä¨ì FreeBSD ¤¤¤å¸ê°T¡C¦pªG±zÁÙª¾¹D¦³¨ä¥¦¥¼¦C¥Xªº¡A
+ ½Ð§i¶D§Ú &a.statue;¡C </para>
+ <itemizedlist>
+ <listitem><para>
+ <ulink url="http://freebsd.sinica.edu.tw/~statue/boot/">FreeBSD ¤¤¤å¦w¸Ë¤¶­±</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://freebsd.sinica.edu.tw/zh-fdp/">FreeBSD HandBook ½Ķ</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://freebsd.sinica.edu.tw/~statue/zh-tut/outta.html">FreeBSD Outta-port</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://fatpipi.cirx.org/~vanilla/fcdp.html">FreeBSD FAQ ½Ķ</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://zope.slat.org/Project/ZopeBook">ZopeBook</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://potian.163.net/">CGDP ¤¤¤åGNU¤åÀɤuµ{</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://www.cmpp.net/">CMPP ¤¤¤åMAN-PAGE­p¹º</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://www.china-pub.com/computers/eMook/emooknew/RFC/rfc.htm">RFC¤åÀɤ¤¤å½Ķ­p¹º </ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://www.pgsqldb.org/">PostgreSQL ¤¤¤å«H®§</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+ <ulink url="http://savannah.gnu.org/projects/chinese/">Savannah: Project Info - Chinese Translators Team</ulink>
+ </para></listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="wwwsite">
+ <title>FreeBSD ªº¤¤¤å¯¸¥x</title>
+ <para>
+ ¤U¦C¦aÂI¥i§ä¨ì FreeBSD ¤¤¤å¸ê°T¡C¦pªG±zÁÙª¾¹D¦³¨ä¥¦¥¼¦C¥Xªº¡A
+ ½Ð§i¶D§Ú &a.statue;¡C
+ </para>
+ <para>±ÀÂ˺ô¯¸</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://www.study-area.org/">Study Area</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+ <ulink url="http://www.gocar.idv.tw">¶Ì¥ÊªºFreeBSD±Ð¾Çºô</ulink> (Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.lsps.tp.edu.tw/~gsyan/freebsd2001/">¶¯ªº®a</ulink> (Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://freebsd.lab.mlc.edu.tw/">­]®ß¿¤¤j´ò¶m¤j«n°ê¥Á¤p¾Ç FreeBSD
+¥þ²y¸ê°Tºô¸ô¬[¯¸¤é»x </ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://turtle.ee.ncku.edu.tw/~tung/">Àu«Èµ§°Oï</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://ohaha.ks.edu.tw/">OHaHa's ¾Ç²ß¤ß±o</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.europa.idv.tw/">ºô¸ô¹A¤Ò</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://hk.geocities.com/L142857/ChComp/">¤¤¤å¹q¸£</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.freebsd.org.hk ">FreeBSD ¸ê°Tºô</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.sinica.edu.tw/~cdp/">¤åÄm³B²z¹êÅç«Ç</ulink> (Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.ascc.net/">¤¤¥¡¬ã¨s°|­pºâ¤¤¤ß</ulink> (Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.iso10646hk.net/">­»´ä ISO 10646</ulink> (Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://140.136.81.146/%7Epg/book/paper.html">¦Û¥Ñ³nÅé®à­±¨t²Î -GNU/Linux</ulink> (Big5) BROKEN
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.cmex.org.tw/">¤¤±À·|</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.cbflabs.com/">¦¶¨¹´_¤u§@«Ç</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.liu.com.tw/">µL½¼¦Ì¤¤¤å¿é¤Jªk</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://chewing.good-man.org/">»Å­µ¤¤¤å¿é¤Jªk</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.geocities.com/Baja/Mesa/2118/">§Úªº­Ü¾e - ¤¤¤å¿é¤Jªk±À¼s²Õ´</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/">CFC ¤¤¤å¦¬Âîa</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://freebsd.ntu.edu.tw/taiwan/clement">Clem's XEmacs Page</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://main.rtfiber.com.tw/~changyj/">Àsªù¤Ö±LªººÛ</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://mouse.oit.edu.tw/">¦|¼Ýºô¸ô¬ã¨s«Ç</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.hello.com.tw/~wolfant/">¶Â¤â¤u¤H--¿v¹ÚªÅ¶¡</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.math.ncu.edu.tw/~shann/Chinese/Welcome.html">¤¤¥¡¤j¾Ç - ³æºû¹ü¦Ñ®v</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://mmlab.im.fju.edu.tw/~maa/">¤p°¨ªº®a</ulink>(Big5)
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://freebsd.netwain.com/">NetWain ¤u§@«Ç</ulink>(Big5) BROKEN
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://www.homed.idv.tw/freebsd/freebsd.htm">ªü¥¿ªº¤pºÛ</ulink>(Big5) BROKEN
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://ccs.cc.nccu.edu.tw/marr/html/index.html">ÄÀ©ñ PC ªº«Â¤O</ulink>(Big5) BROKEN
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://php.lzp.ks.edu.tw/">PHP ¬[¯¸¤é°O</ulink>(Big5) BROKEN
+ </para></listitem>
+
+ <listitem><para>
+<ulink url="http://input.cpatch.org/">¤¤¤å¹q¸£§Þ³N¤Î¿é¤Jªk(ÀÉ®×®w)</ulink>(Big5)
+ </para></listitem>
+ </itemizedlist>
+
+ <para>FreeBSD ¸ê·½</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://freebsd.ntu.edu.tw/bsd/">¥xÆW¤j¾Ç FreeBSD WWW Site</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://tw.freebsd.org/">¥æ³q¸ê¤u FreeBSD WWW Site</ulink>(Big5) BROKEN
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://xcin.linux.org.tw/">XCIN Project Á`³¡</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.linux.org.tw/hardware/index.php3">¥xÆWlinux/freebsdµwÅé¤ä´©¸ê®Æ®w</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://turtle.ee.ncku.edu.tw/cgi-bin/boardlist.pl">FreeBSD/Unix/Java/Perl ªº Mailing List and News</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://rfc.im.tku.edu.tw">²H¦¿¸êºÞRFC ¤å¥óÀ˯Á¯¸</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://bsd.sinica.edu.tw/cgi-bin/cvsweb.cgi/">CVS-Web for FreeBSD Source Tree. </ulink>(Big5) BROKEN
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://phi.sinica.edu.tw/aspac/">ASPAC ¤å¥ó</ulink>(Big5)
+ </para></listitem>
+ </itemizedlist>
+
+ <para>¨ä¥Lµo¦æª©¥»</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://www.freebsd.org/">FreeBSD</ulink>(Eng)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.openbsd.org/">OpenBSD</ulink>(Eng)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.netbsd.org/">NetBSD</ulink>(Eng)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.debian.org/intl/zh">Debian ¤¤¤å­p¹º</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://mdk.linux.org.tw/">Linux Mandrake ¤¤¤å¤§®a</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://i18n.linux.org.tw/">I18N µ{¦¡¤¤¤å¤Æ­p¹º</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://cle.linux.org.tw/">¤¤¤å GNU/Linux ©µ¦ù¦w¸Ë®M¥ó</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://kde.linux.org.tw/">KDE ¥xÆW</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.linux-mandrake.com/zh/big5/">Mandrake Linux</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.cynix.com.tw/">Cynix OpenLinux</ulink>(Big5) BROKEN
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.linuxcenter.com.tw/">µ¾«Â°ê»Ú LinuxCenter</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.turbolinux.com.cn/">TurboLinux</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.bluepoint.com.cn/">Bluepoint Linux</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.cosix.com.cn/">COSIX Linux</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.redflag-linux.com/">Red-flag Linux</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.linuxaid.com.cn/">Tom Linux</ulink>(GB)
+ </para></listitem>
+ </itemizedlist>
+
+ <para>¤¤¤å®ÑÄy</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010086875">FreeBSDÀ³¥Î³nÅé¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010019198">FreeBSDºô¸ô¬[¯¸¹ê°È--ªþ¥úºÐ</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010039387">FreeBSD§ì±o¦íINTERNET¡G¦øªA¾¹¬[³]»PºÞ²z</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exec/item/0010093569">FreeBSD»PWindows¾ã¦XÀ³¥Î</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exec/item/0010047963">FreeBSDºô¸ôÀ³¥Î</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010013400">FreeBSD 3.X§ì±o¦íINTERNET¶i¶¥¦øªA¾¹ªº¬[³]»PºÞ²z</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exec/item/0010032002">FreeBSD»PWindows¾ã¦XÀ³¥Î(²Ä¤Gª©)</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010086873">FreeBSD¦w¸Ë³]©w»P¨Ï¥Î</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010007211">¨Ï¥ÎFreeBSD¤ÎApache¡Ð¬¡¥ÎPHP»PMySQL«ØºcWeb¥@¬É</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010187476">»´ÃP¨Ï¥ÎLINUX/FREEBSD«Ø¸m¦Û¤wªººô¸ô¤ý°ê</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.books.com.tw/exep/prod/booksfile.php?item=0010148811">FreeBSD¨t²Î«Øºc«ü¤Þ</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.tenlong.com.tw/BookSearch/Search.php?isbn=9867944925">FreeBSD §¹¥þ±´¯Á (Absolute BSD: The Ultimate Guide to FreeBSD)
+</ulink>(Big5)
+ </para></listitem>
+ </itemizedlist>
+
+ <para>²Õ´ºô¯¸</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://freebsd.sinica.edu.tw/">FreeBSD ¤§®a</ulink>(Big5)
+ </para></listitem>
+ </itemizedlist>
+
+ <para>·s»Dºô¯¸</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://www.bsdtoday.com/">BSD Today</ulink>
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://freshports.org/">FreeBSD ports ±Mªù¤¶²Ð³nÅé¤Îª©¥»§ó·s³qª¾ªººô¯¸</ulink>(Eng)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.daemonnews.org/">Daily Daemon News</ulink>(Eng)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.posi.net/freebsd/drivers/">BSD ÅX°Êµ{¦¡¸ê®Æ®w</ulink>(Eng)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.bsdapps.org/">BSD À³¥Îµ{¦¡¸ê®Æ®w</ulink>(Eng)
+ </para></listitem>
+ </itemizedlist>
+
+ <para>¤å¥ó¸ê·½</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://www.csie.nctu.edu.tw/document/unixfaq/">UNIX ±`¨£°Ýµª¶°</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://freebsd.sinica.edu.tw/~ncvs/zh-big5-FAQ/FAQ.html">FreeBSD 2.X ±`¨£°Ýµª¶°</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://freebsd.ntu.edu.tw/~phantom/cfreebsd/">FreeBSD ¨Ï¥ÎªÌ¤â¥U(FAQ)</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://tw.freebsd.org/handbook.big5/handbook.html">FreeBSD 2.1.0 ¨Ï¥Î¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://freebsd.sinica.edu.tw/~ncvs/zh-handbook/handbook.html">FreeBSD 2.2.8 ¨Ï¥Î¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://freebsd.sinica.edu.tw/~ncvs/zh-big5-handbook/index.html">FreeBSD 3.3 ¨Ï¥Î¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://freebsd.sinica.edu.tw/~ncvs/zh-l10n-tut/">FreeBSD ¤¤¤å¨Ï¥Î¤å¥ó­pµe</ulink>(Big5) BROKEN
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://freebsd.ntu.edu.tw/">¥x¤j FreeBSD ¤¤¤å FAQ Web (woju)</ulink>(Big5) BROKEN
+ </para></listitem>
+ <listitem><para>
+<ulink url="gopher://freebsd.csie.nctu.edu.tw/">¥æ¤j¸ê¤u FreeBSD ª©ºëµØ°Ï gopher (jdli)</ulink>(Big5) BROKEN
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/docs/mysqldoc_big5/manual_toc.html">MySQL 3.23.pre7 ¤¤¤å¨Ï¥Î¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/docs/pos~tgresql_big5/postgres.htm">PostgreSQL 6.5 ¤¤¤å¨Ï¥Î¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/docs/pgsqldoc-7.0c/postgres.htm">PostgreSQL 7.0 ¤¤¤å¨Ï¥Î¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://php.wilson.gs/bible/">PHP ¸t¸g</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://mouse.oit.edu.tw/NetBSD/">NetBSD 1.41ª©¦w¸Ë¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://digital.oit.edu.tw/openbsd/">OpenBSD ²¤¶»P¦w¸Ë</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://residence.educities.edu.tw/yjchen/freebsd/">Servlet + JSP + mysql jdbc + chinese</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/perlfaq/perlfaq/">Perl ±`¨£°ÝÃD»P¸Ñµª</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://mdk.linux.org.tw/lyx-doc/lyx-1.html">¤¤¤å LyX ¨Ï¥Î²¤¶</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.linpus.com.tw/manual/gnome1.0/content.htm">GNOME 1.0 ¨Ï¥ÎªÌ¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.linpus.com.tw/manual/kdeug/userguide/">KDE ¨Ï¥ÎªÌ¤â¥U pre1.0 12/24/1998</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://tech.sina.com.cn/focus/FreeBSD/index.shtml">FreeBSD¨Ï¥Î¤j¥þ</ulink>(GB)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://www.enctc.edu.tw/other/freebsd.htm">FreeBSDºÞ²z¤¶­±¨Ï¥Î¤â¥U</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://coder.9ug.com/language/script/python.html">Python ±Ð¾Ç¤å¥ó</ulink>(Big5)
+ </para></listitem>
+ </itemizedlist>
+
+ <para>¸g¨å¤å³¹</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/other/FSF.html">¦Û¥Ñ³nÅé°òª÷·| (Free Software Foundation)</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/other/Howto-Become-a-Hacker.html">¦p¦ó¦¨¬°¤@¦ì Hacker</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/other/Brief-of-History-Hackerdom.html">Hacker ¤å¤Æ²¥v</ulink>(Big5)
+ </para></listitem>
+ <listitem><para>
+<ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/homesteeding/">¶}©Ý´¼°ì</ulink>(Big5)
+ </para></listitem>
+ <listitem>
+ <para><ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/cathedral-bazaar/cathedral-bazaar.html">±Ð°óÆ[»P¥«¶°Æ[</ulink>(Big5)</para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/other/osr.html">¶}©ñ­ì©l½X­²©R</ulink>(Big5)</para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/other/open-source.html">Open Source ²¤¶</ulink>(Big5)</para>
+ </listitem>
+ <listitem>
+ <para><ulink url="http://netlab.cse.yzu.edu.tw/~statue/cfc/goods/other/open-source-def.html">Open Source ªº©w¸q</ulink>(Big5)</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>¤U¸ü¯¸¥x</para>
+ <itemizedlist>
+ <listitem><para>
+<ulink url="ftp://freebsd.csie.nctu.edu.tw/pub/01TW_Service.TXT">¥xÆW¤½¶}¦Cªí</ulink>
+ </para></listitem>
+ </itemizedlist>
+ </sect1>
+
+ <sect1 id="newgroup">
+ <title>FreeBSD ªº¤¤¤å°Q½×°Ï</title>
+ <para>
+ ¦pªG±z¦³°ÝÃD¡A¥i¥H¦b³o¨Ç°Q½×°Ïµo°Ý¡A¥Î¤¤¤å¤]³q®@¡I¤£¹L½Ð½T©w±z
+ ¤w¸g¥ý¬Ý¹L¤F¬ÛÃöªº¤å¥ó©Î HOWTO¡C§_«h­«½Æ°Ý¤@¨Ç FAQ ¬O«Ü¤£
+ ¨üÅwªïªº¡I
+ </para>
+ <para>
+ <ulink url="news://tw.bbs.comp.386bsd">news://tw.bbs.comp.386bsd</ulink></para>
+ <para>Openfind BBS ºô¸ô½×¾Â¡Atw.bbs.comp.386bsd ¬ÝªO¡C</para>
+ <para>
+ <ulink url="http://bbs.openfind.com.tw/cgi-bin/x_list?BOARD=tw.bbs.comp.386bsd">
+ http://bbs.openfind.com.tw/cgi-bin/x_list?BOARD=tw.bbs.comp.386bsd</ulink></para>
+ <para>¤¤¬ã°|©Ò¬[³]ªº¥xÆW FreeBSD ³q«H½×¾Â¡C</para>
+ <para>
+ <ulink url="http://freebsd.sinica.edu.tw/mailman/listinfo">
+ http://freebsd.sinica.edu.tw/mailman/listinfo</ulink></para>
+ <para>¤¤¬ã°|ª©¥»³q«H½×¾Â¡A«H­Ü®w¡C</para>
+ <para>
+ <ulink url="http://freebsd.sinica.edu.tw/~majordom/">
+ http://freebsd.sinica.edu.tw/~majordom/</ulink></para>
+ <para>­»´ä bsd talk ³q«H½×¾Â¡G</para>
+ <para>
+ <ulink url="news://news.linux.org.hk/hklug.bsd.talk">
+ news://news.linux.org.hk/hklug.bsd.talk</ulink></para>
+ <para>
+ <ulink url="http://www.shellhung.org/mailman/listinfo/">
+ http://www.shellhung.org/mailman/listinfo/</ulink></para>
+ </sect1>
+
+ <sect1 id="irctw">
+ <title>FreeBSD ªº¤¤¤å IRC ²á¤Ñ«Ç</title>
+ <para>
+ ³o¬O¥Ø«e BSD ¨Ï¥ÎªÌ¦bºô¸ô¤W»E·|²á¤Ñªº¦a¤è¡A³q±`³£·|¦³¤@¸s¤H¦b¦¹µo§b
+ ¡B«¢©Ô¡B¥´§¾¡C
+ </para>
+ <para>
+ ¦b FreeBSD ©³¤U³q±`³£¬O¨Ï¥Î <filename>ports/chinese</filename>
+ ©³¤Uªº <application>bitchx</application> ©Î¬O
+ <filename>ports/irc</filename> ©³¤Uªº
+ <application>xchat</application> ᒤ@
+ IRC ¥Î¤áºÝ¡A¦b Windows ©³¤U«h¬O¥H
+ <ulink url="http://www.mirc.com/">mIRC</ulink> ¬°¥D¡C
+ </para>
+ <para>
+ <application>bitchx</application> ©Î
+ <application>xchat</application> ªº¨Ï¥Î¤è¦¡¡G
+ </para>
+ <procedure>
+ <step><para>±Ò°Ê irc client</para></step>
+ <step><para>¥X²{ prompt «á</para></step>
+ <step><para>/server irc.taiwan.com</para></step>
+ <step><para>/join #bsdchat</para></step>
+ </procedure>
+ <para>mIRC ªº¨Ï¥Î¤è¦¡¡G</para>
+ <procedure>
+ <step><para>File -&gt; Options -&gt; Connect -&gt; Add</para></step>
+ <step><para>IRC Server: irc.taiwan.com</para></step>
+ <step><para>Connect to IRC Server</para></step>
+ <step><para>/join #bsdchat</para></step>
+ </procedure>
+ <para>
+ ªñ¨Ó¦]¬°¥D¾÷»Pºô¸ôªºÃö«Y¡AIRC Server ¥ý´«¨ì irc.seed.net.tw¡C
+ </para>
+ <note>
+ <para>
+ mIRC ¤p¯µ³Z¡G¦p¦ó¥Î·L³n·sª`­µ¿é¤Jªk§ï¦r©O¡H
+ ¦b­n§ïªº¨º­Ó¦r¤W­±«öªÅ¥ÕÁä¡AµM«á¿ï¾Ü©Ò­nªº¦r¡A¨M©w«á¦A«öªÅ¥ÕÁä¡C
+ </para>
+ <para>
+ mIRC ¤¤¤å¤Æ¡G±z»Ý­n¥ý¦w¸ËmIRC32 v.5.91¦b±zªº¹q¸£¤º¡A
+ µM«á¤~¥i°õ¦æ³o­ÓpatchÀɨӶi¦æ¤¤¤å¤Æªº¤u§@¡C¨Ï¥Î¤èªk¡G¥ý¥h
+ www.mirc.com®»¨úmIRC591t.exe³o­ÓÀɦ^¨Ó¦w¸Ë¡]°O¦í¡A³o¤@ª©patch
+ ¬Oµ¹mIRC32 v5.91¨Ï¥Îªº¡I¤£­n®³¨ä¥Lª©¨Ópatch¡I¡^µM«á§â
+ p010901.exe «þ¨©¨ì±zmIRC¦w¸Ëªº¥Ø¿ý¤U¡A°õ¦æp010901.exe¡C
+ °õ¦æ§¹²¦«á¡A´N·|¦Û°Ê²£¥Í¤@­Ó¤¤¤å¤Æ¹LªºmIRC°õ¦æÀÉ¡ACmIRC591.exe¡C
+ ±z¥i¥Hª½±µ¦bmIRCªº¥Ø¿ý¤U°õ¦æ³o­ÓÀÉ¡C</para>
+ </note>
+ </sect1>
+
+ <sect1 id="organisations">
+ <title>Organisations Working in Open Source</title>
+ <para>Government</para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://www.oss.org.tw/">OpenSource Software Portal(OSSP)</ulink>,IDB MoEA </para></listitem>
+ </itemizedlist>
+ <para>Research Institute </para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://twgrid.org/">Taiwan Grid Computing Project</ulink>,Computing Center Academia Sinica </para></listitem>
+ <listitem><para><ulink url="http://opensource.nchc.org.tw/">National Center for High-performance Computing (NCHC)</ulink> </para></listitem>
+ <listitem><para><ulink url="http://www.openfoundry.org/">Open Source Software Foundry (OSSF)</ulink>,IIS Academia Sinica </para></listitem>
+ </itemizedlist>
+ <para>Association</para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://www.slat.org/">Software Liberty Association of Taiwan (SLAT) </ulink></para></listitem>
+ <listitem><para><ulink url="http://linux.tca.org.tw/">Linux Compatibility Test and Certification Center (LCTaCC)</ulink>, TCA</para></listitem>
+ <listitem><para><ulink url="http://ossc.cosa.org.tw/">Open Source Software Center(OSSC)</ulink>, COSA</para></listitem>
+ <listitem><para><ulink url="http://twopensource.org/">ICOS</ulink> - Internation Conference on Open Source.</para></listitem>
+ </itemizedlist>
+ <para>Education </para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://sfs.wpes.tcc.edu.tw/">School Administration System Devloper Portal </ulink></para></listitem>
+ <listitem><para><ulink url="http://free.tnc.edu.tw/">OSS Portal for Teacher in Tainan </ulink></para></listitem>
+ <listitem><para><ulink url="http://sfs.ilc.edu.tw/">OSS Portal for Teacher in Yi-Lan </ulink></para></listitem>
+ <listitem><para><ulink url="http://163.23.89.67/">OSS Portal for Teacher in Chang-Hua </ulink></para></listitem>
+ <listitem><para><ulink url="http://www.bamboo.hc.edu.tw/linux/">Community College Linux Course in Shin-Chu</ulink>, Bamboo Community College</para></listitem>
+ <listitem><para><ulink url="http://edu.slat.org/">Open Source Software application consulting center (OSSACC)</ulink>, SLAT</para></listitem>
+ </itemizedlist>
+ <para>Training </para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://edu.uuu.com.tw/class/series.asp?seat=Linux">UCOM</ulink> - RedHat Certified training. </para></listitem>
+ <listitem><para><ulink url="http://www.fitpi.com.tw/">Finesse IT</ulink> - Linux SA &amp; embedded Linux training. </para></listitem>
+ <listitem><para><ulink url="http://www.ginnet.com.tw/class/linux.htm">GIN</ulink> - Linux use &amp; manage training. </para></listitem>
+ <listitem><para><ulink url="http://www.iiiedu.org.tw/index.aspx">IIIEDU</ulink> - Connected Linux training. </para></listitem>
+ <listitem><para><ulink url="http://www.shinewave.com.tw/chinese/training/Main_edu.htm">Shinewave</ulink> - LPI Certified Training.</para></listitem>
+ <listitem><para><ulink url="http://www.oss.com.tw/">OSS School</ulink> - ThizLinux & OSS training.</para></listitem>
+ <listitem><para><ulink url="http://www.pcschool.com.tw/">Great Master</ulink> - LPI Certified &amp; WebMaster training.</para></listitem>
+ <listitem><para><ulink url="http://www.lccnet.com.tw/">1ccnet</ulink> - OpenLinux &amp; LPI Certified training.</para></listitem>
+ <listitem><para><ulink url="http://www.pviva.com/">PEI YA</ulink> - Linux teaching CD.</para></listitem>
+ </itemizedlist>
+ <para>Business </para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://www.ossti.com/">OSSTI</ulink> - Software technology and service base on GCC compiler. </para></listitem>
+ <listitem><para><ulink url="http://www.citron.com.tw/">Citron Network</ulink> - VoIP base on <ulink url="http://www.gnugk.org/">Gatekeeper</ulink>. </para></listitem>
+ <listitem><para><ulink url="http://www.linpus.com.tw/">Linpus</ulink> - Embedded system & Embedded GUI base on Linux,Linpus Linux OS. </para></listitem>
+ <listitem><para><ulink url="http://www.eshida.com/">Eshida.com</ulink> - Embedded system development tools base on Linux. </para></listitem>
+ <listitem><para><ulink url="http://www.wiscore.com.tw/">Wiscore</ulink> - Embedded,Information Appliances base on Linux. </para></listitem>
+ <listitem><para><ulink url="http://www.erexi.com.tw/">Erexi</ulink> - HA,LDAP,Mail,Cluster solutions base on Turbolinux. </para></listitem>
+ <listitem><para><ulink url="http://www.toppoint.com.tw/">toppoint</ulink> - small SI with OSS solutions. </para></listitem>
+ <listitem><para><ulink url="http://www.brain-c.com/">brain-c</ulink> - small SI with OSS solutions. </para></listitem>
+ <listitem><para><ulink url="http://www.synology.com/">Synology</ulink> - NAS base on FreeBSD. </para></listitem>
+ <listitem><para><ulink url="http://www.dbmaker.com.tw/">SYSCOM</ulink> - Database support with FreeBSD. </para></listitem>
+ <listitem><para><ulink url="http://www.pgsql.com.tw/">datsoft</ulink> - ERP base on PostgreSQL. </para></listitem>
+ </itemizedlist>
+ <para>FS/OSS User Group</para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://www.bug.club.tw/">FreeBSD User Club</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.debian.org.tw/">Debian Linux User Group</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.gentoo.org.tw/">Gentoo Linux User Group</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.slackware.org.tw/">Slackware Linux User Group</ulink></para></listitem>
+ <listitem><para><ulink url="http://tnlug.linux.org.tw/">Tainan Linux User Group</ulink></para></listitem>
+ <listitem><para><ulink url="http://kalug.linux.org.tw/">Kaohsiung Linux User Group</ulink></para></listitem>
+ <listitem><para><ulink url="http://turtle.ee.ncku.edu.tw/openwebmail/">OpenWebMail</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.zope.org.tw/">Zope</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.postgresql.idv.tw/">PostgreSQL</ulink></para></listitem>
+ <listitem><para><ulink url="http://phpbb-tw.net/phpbb/">phpBB</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.phpnuke-tw.com/">PHP-Nuke</ulink></para></listitem>
+ <listitem><para><ulink url="http://tw.xoops.org/">XOOPS</ulink></para></listitem>
+ <listitem><para><ulink url="http://phpbb.elixus.org/">Blog</ulink></para></listitem>
+ <listitem><para><ulink url="http://wiki.newzilla.org/WiKi">Wiki</ulink></para></listitem>
+ <listitem><para><ulink url="http://kde.linux.org.tw/">KDE</ulink></para></listitem>
+ <listitem><para><ulink url="http://ooo.tnc.edu.tw/">OpenOffice</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.csie.ntu.edu.tw/~b7506051/mozilla/">Mozilla</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.python.org.tw/">Python</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.doochun.org/">DooChun</ulink> - Embedded Linux base on x86</para></listitem>
+ <listitem><para><ulink url="http://savannah.gnu.org/projects/chinese/">GNUCTT</ulink> - GNU Chinese Translators Team. </para></listitem>
+ <listitem><para><ulink url="http://cle.linux.org.tw/">CLE</ulink> - Chinese Linnux Extension. </para></listitem>
+ <listitem><para><ulink url="http://xcin.linux.org.tw/">XCIN</ulink> - An XIM (X Input Method) server. </para></listitem>
+ <listitem><para><ulink url="http://sourceforge.net/projects/big5con">big5con</ulink> - A Chinese input in console mode. </para></listitem>
+ <listitem><para><ulink url="http://chewing.good-man.org/">Chewing</ulink> - A Chinese input base on XCIN. </para></listitem>
+ <listitem><para><ulink url="http://i18n.linux.org.tw/">I18N Linux</ulink></para></listitem>
+ <listitem><para><ulink url="http://wiki.debian.org.tw/index.php?page=3Anoppix">3Anoppix</ulink> - Chinese localization of KNOPPIX. </para></listitem>
+ </itemizedlist>
+ <para>OSS Portals / Websites </para>
+ <itemizedlist>
+ <listitem><para><ulink url="http://www.linuxfab.com/">LinuxFab</ulink> - Open Source Community Portal</para></listitem>
+ <listitem><para><ulink url="http://www.linux.org.tw/">Linux Portal</ulink></para></listitem>
+ <listitem><para><ulink url="http://phorum.study-area.org/">Study-Area</ulink> - OSS & Computer forum </para></listitem>
+ <listitem><para><ulink url="http://www.freenix-server.info/">Freenix</ulink> - Freenix Server Document Project </para></listitem>
+ <listitem><para><ulink url="http://anti_ms.tripod.com/">Anti-MS News</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.linuxuser.com.tw/">Linux User News</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.linuxnews.idv.tw/">Linux News</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.cyut.edu.tw/~ckhung/a/">Chao-Kuei Hung's Home Page </ulink></para></listitem>
+ <listitem><para><ulink url="http://www.europa.idv.tw/index.php">Internet farmer</ulink></para></listitem>
+ <listitem><para><ulink url="http://www.toppoint.com.tw/charles">Charles' phpBB</ulink></para></listitem>
+ </itemizedlist>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/mailclient.sgml b/zh_TW.Big5/books/zh-tut/chapters/mailclient.sgml
new file mode 100644
index 0000000000..29873460a3
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/mailclient.sgml
@@ -0,0 +1,260 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: mailclient.sgml,v 1.27 2003/11/08 16:59:52 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="mailclient">
+ <title>¤¤¤å¶l¥ó¥Î¤áºÝ</title>
+ <para></para>
+
+ <sect1 id="sylpheed">
+ <title>sylpheed - «Øºc¦b GTK+ ¤W¡A»´¶q¯Å¥B§Ö³tªº¹q¤l¶l¥ó³nÅé</title>
+ <para>
+ GPL base client¡Abase on <application>GTK+</application>¡C
+ ¥¦¬O¤é¥»¤H¼gªº¡A¤w¸g¤ä´© I18N ©M XIM¡C
+ ¦bÅã¥Ü©M¿é¤J¤¤¤å³£¨S°ÝÃD¡A©M
+ <application>xcin2.5</application> ¤]·f°t¨}¦n¡C </para>
+ <para>¦w¸Ë <filename role="package">mail/sylpheed</filename>¡C</para>
+ <para>
+ ¦w¸Ë§¹«á¡A¥²¶·­×§ï¦r«¬³]©w¡A­×§ï
+ <filename>$HOME/.sylpheed/sylpheedrc</filename> ÀÉ¡A
+ ±N message_font §ï¦¨¤U­±ªº¼Ë¤l¡C </para>
+ <programlisting>
+message_font=8x16,kc15f,-*-16-*-big5-0</programlisting>
+ <figure>
+ <title>sylpheed snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/sylpheed" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://sylpheed.good-day.net/">
+ http://sylpheed.good-day.net/</ulink> </para>
+ </sect1>
+
+ <sect1 id="mutt">
+ <title>mutt - ¥\¯à±j¤jªº¹q¤l¶l¥ó³nÅé</title>
+ <para>
+ console ¼Ò¦¡¤Uªº¤¤¤å¹q¤l¶l¥ó³nÅé¡C
+ <application>Mutt</application>
+ -- "The Mongrel of Mail User Agents" ¥]§t¤F«Ü¦h¨ä¥L
+ ¦p <application>Elm</application>¡B
+ <application>Pine</application>¡B
+ <application>mh</application>¡B
+ <application>slrn</application> ªº¯SÂI¡A¯S©Ê¬O¥]§tÃC¦â¤ä´©¡A
+ °T®§¦ê¬y
+ ¡AMIME ¸Ñ½X (¥]§t RFC1522 ¤ä´©±o¼ÐÀY½s½X)¡A­Ó¤H¤Æª÷Æ_ªº«O¦s
+ ¡APOP3¡A¤ä´© DSN ©M PGP/MIME¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/mutt</filename>¡C</para>
+ <para>³]©w <filename>.muttrc</filename></para>
+ <programlisting>
+set charset=big5
+set locale="zh_TW.Big5"
+set send_charset="big5:gb2312:us-ascii:iso-8859-1:utf-8:x-unknown"
+charset-hook us-ascii big5
+charset-hook iso-8859-1 big5 </programlisting>
+ <para>¦pªG±H«Hµ¹ bbs ªºªB¤Í¡A¦³¶Ã½X°ÝÃDªº¸Ü</para>
+ <programlisting>
+echo "set bbsislame=yes" &gt;&gt; ~/.muttrc </programlisting>
+ <para>mutt 1.3.x Ū utf8 ¤Î²Å餤¤åªº«H¥ó³£¨S¦³°ÝÃD¡C</para>
+ <figure>
+ <title>mutt snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/mutt" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://www.mutt.org/">
+ http://www.mutt.org/</ulink> </para>
+ <para>
+ Mutt ¨Ï¥ÎªÌ¸ê°T¡G<ulink url="http://www.math.fu-berlin.de/~guckes/mutt/">
+ http://www.math.fu-berlin.de/~guckes/mutt/</ulink>¡C
+ </para>
+ </sect1>
+
+ <sect1 id="pine4">
+ <title>pine4 - ¾Þ§@«K§Qªº¹q¤l¶l¥ó³nÅé</title>
+ <para>
+ console ¼Ò¦¡¤Uªº¤¤¤å¹q¤l¶l¥ó³nÅé¡C
+ ¤j³¡¥÷ªº°T®§¡B¿ï³æ³£¤w¸g¤¤¤å¤Æ¤F¤]¥i¥H¥¿½TµL»~ªº³B²z¤¤¤å«H¥ó¡A
+ ¬O­Ó«Ü¤è«KªºÅª«H³nÅé¡C
+ <application>pine4</application> ªº¥\¯à¥]§t¤F¤ä´© MINE
+ ¡B³q°T¿ý¡AÁ٤䴩 IMAP¡Bmail »P MH ®æ¦¡ªº¸ê®Æ¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/pine4</filename>¡C</para>
+ <para>
+ ­Y¬OÅã¥Ü¤´¦³°ÝÃDªº¸Ü¡A¶i¤J <application>pine4</application>
+ ¤§«á¿ï <option>SETUP/Config</option>
+ ¦b <option>feature list</option> ¤¤¤Ä¿ï(«ö X)¡G
+ </para>
+ <programlisting>
+ [X] enable-8bit-esmtp-negotiation
+ [X] enable-8bit-nntp-posting </programlisting>
+ <para>
+ µM«á¦b <option>character-set</option> ¤W«ö
+ <command>C</command>¡A±N¨ä­È
+ §ï¬° big5 ©Î gb2312¡C«ö <command>E</command> ²æÂ÷Àx¦s§Y¥i¡C </para>
+ <para>
+ WWW: <ulink url="http://www.washington.edu/pine/">
+ http://www.washington.edu/pine/</ulink> </para>
+ </sect1>
+
+ <sect1 id="mail-code">
+ <title>¶l¥ó¶Ã½X¡H</title>
+ <para>¥Ñ©ó¾ú¥v­ì¦]¡AInternet ¤W¦³¨Ç¶l¥ó¨t²Î¥u¤ä´© 7Bit ªº¦r¤¸¶Ç¿é¡A
+ ¦Óº~¦rªº¤º½X¬O 8Bit ªº¡A·í¦b¹q¤l¶l¥ó¤¤µo°e¤¤¤å®É¡A
+ ¦pªG¸g¹L³o¨Ç¥u¤ä´© 7Bit ¦r¤¸ªº¶l¥ó¨t²Î¡A
+ «K·|±Nº~¦r¤º½Xªº²Ä¤K¦ì¤¸ªº 1 ¥þ³¡Åܦ¨ 0¡C</para>
+ <para>¥H "¤¤¤å" ¨â¦r¬°¨Ò¡AHEX ¬° A4A4A4E5¡A
+ ·í³Ì°ª¦ì¤¸³Q²M±¼®É´N·|Åܦ¨ 24242465¡A¤]´N¬O "$$$e"¡C
+ <application>telnet</application> ¤]¦s¦b³o¼Ë¤lªº°ÝÃD¡C</para>
+ <para>°£¤F¤¤¤å¶l¥ó¥~¡A¨Ï¥Î¹q¤l¶l¥ó¶Ç°e¹Ï¤ù¡Bµ{¦¡¡B
+ À£ÁY¤å¥óµ¥¤]·|µo¥Í³o­Ó°ÝÃD¡C
+ ©Ò¥H¦b¹q¤l¶l¥ó¤¤¤@¯ë±Ä¥Î¦UºØ¶l¥ó½s½X¤è¦¡¨Ó¸Ñ¨M³o­Ó°ÝÃD¡A
+ ±N 8Bit «ö·Ó¤@©wªº³W«h¶i¦æ½s½X¡A
+ «K¥i¥H§¹¦n¦a³q¹L¥u¤ä«ù 7Bit ¦r¤¸ªº¶l¥ó¨t²Î¡C</para>
+ <para>±`¨£ªº¶l¥ó½s½X¦³ UU »P MIME¡A¦Ó MIME
+ (Multipurpose Internet Mail Extentions)
+ ¤@¯ë½Ķ¦¨¡u¦h´CÅé¶Ç°e¼Ò¦¡¡v¡A
+ ÅU¦W«ä¸q¡A¥¦¼Ðº]ªº´N¬O¥i¥H¶Ç°e¦h´CÅ髬¦¡ªºÀɮסA
+ ¥i¥H¦b¤@«Êmail¤¤ªþ¥[¦UºØ«¬¦¡Àɮפ@°_°e¥X¡C</para>
+ <para>MIME ©w¸q¨âºØ½s½X¤èªk¡GBase64 »PQP(Quote-Printable)¡A
+ ¨âªÌ¨Ï¥Î®É¾÷¤£¦P¡AQP ªº³W«h¬O¹ï©ó¸ê®Æ¤¤ªº7bitsµL¶·­«½Æencode¡A
+ ¶È8bits¸ê®ÆÂন7bits¡CQP½s½X¾A¥Î©ó«DUS-ASCIIªº¤å¦r¤º®e¡A
+ ¨Ò¦p§Ú­Ìªº¤¤¤åÀɮסA¦ÓBase64ªº½s½X³W«h¡A¬O±N¾ã­ÓÀÉ®×­«·s½s½X¡A
+ ½s¦¨7bits¡A¥¦¬O¥Î©ó¶Ç°ebinaryÀɮ׮ɨϥΡC
+ ¥Ñ©ó½s½Xªº¤è¦¡¤£¦P¡A·|¼vÅT½s½X¤§«áªºÀɮפj¤p¡C
+ ¦³¨Ç¸ûÃi´kªº³nÅé«K³£¤@«ß±Ä¥ÎBase64½s½X¤F¡C</para>
+ <para>§t¦³ MIME ½s½Xªº¤å¥ó¡A±z¬d¬Ý¥¦ªº·½©l½X¡A¤@¯ë³£§t¦³¡G
+ "This is a multi-part message in MIME format." ³o¼Ëªº¥y¤l¡C</para>
+ <para>¥H¤U§Ú­Ì¥H <application>mmencode</application>
+ (¤SºÙ¬° <application>mimencode</application>) §@¬° QP »P BASE64 ªº½d¨Ò¡A
+ ¦w¸Ë <filename role="package">converters/mmencode</filename>¡C</para>
+ <para>RFC 2045 - Multipurpose Internet Mail Extensions (MIME)
+ Part One: Format of Internet Message Bodies </para>
+ <para>RFC 2046 - Multipurpose Internet Mail Extensions (MIME)
+ Part Two: Media Types</para>
+ <para>RFC 2047 - MIME (Multipurpose Internet Mail Extensions)
+ Part Three: Message Header Extensions for Non-ASCII Text
+ <sect2 id="uu">
+ <title>UU ½s½X (uuencode»Puudecode)</title>
+ <para>
+ UU ¬O«ü Unix ¤§¶¡¶Ç°e¤G¶i¨î¤å¥ó¡A´N¬O Unix to Unix¡C
+ ¨Ï¥Î uuencode ±NÀÉ®×½s¦¨7¦ì¤¸ASCIIÀɮסA§â¥¦±H¥X¡A
+ ¦¬«H¤H¦¬¨ì«á¡A¥i¥H¥Î uudecode ±N³o¥÷¸ê®ÆÁ٭쬰­ì¨ÓªºÀɮסC</para>
+ <para>
+ uuencode ªº²Ä¤@­Ó°Ñ¼Æ¬O­n¥[½XªºÀɮסA¤]´N¬O±z«H¥óªº¤º®e¡C
+ ²Ä¤G­Ó°Ñ¼Æ¬O§Æ±æ¦¬«H¤H¸Ñ¶}«áÀÉ®×¥s¤°»ò¦W¦r¡C</para>
+ <screen>
+&prompt.user; <userinput>echo "¤¤¤å" &gt; infile</userinput>
+&prompt.user; <userinput>uuencode infile remotefile</userinput>
+begin 644 remotefile
+%I*2DY0KQ
+`
+end
+&prompt.user; <userinput>uuencode infile remotefile | mail statue</userinput>
+&prompt.user; <userinput>mail</userinput>
+Mail version 8.1 6/6/93. Type ? for help.
+"/var/mail/statue": 1 message 1 new
+&gt;N 1 statue Fri Dec 21 13:12 16/390
+&
+Message 1:
+From statue Fri Dec 21 13:12:19 2001
+Date: Fri, 21 Dec 2001 13:12:19 +0800 (CST)
+From: statue &lt;statuei&gt;
+To: statue
+
+begin 644 remotefile
+%I*2DY0KQ
+`
+end
+& <userinput>s mail1</userinput>
+"mail1" [New file]
+& <userinput>q</userinput>
+&prompt.user; <userinput>uudecode mail1</userinput>
+&prompt.user; <userinput>cat remotefile</userinput>
+¤¤¤å</screen>
+ <sect2 id="qp">
+ <title>QP - Quote-Printable</title>
+ <para>
+ Content-Transfer-Encoding: quoted-printable</para>
+ <para>
+ QP½s½Xªº¤è¦¡¡A¬O±N¤@­Ó¦r¤¸¥Î¤G­Ó16¶i¦ìªkªº¼Æ­Èªí¥Ü¡A
+ µM«á«e­±¦A¥[­Ó¡u=¡v¦r¤¸¡]µ¥¸¹¡^¡G</para>
+ <screen>
+&prompt.user; <userinput>echo "¤¤¤å" | mmencode -q</userinput>
+=A4=A4=A4=E5
+&prompt.user; <userinput>echo "=A4=A4=A4=E5" | mmencode -q -u</userinput>
+¤¤¤å</screen>
+ <para>©Î¬O¥Î perl ¨Ó±N QP ¸Ñ½X¡G</para>
+ <programlisting>
+while(defined($line = &lt;STDIN&gt;)) {
+ $line =~ s/=([0-9A-Fa-f][0-9A-Fa-f])/chr hex $1/ge;
+ $line =~ s/[\n\r]+$//;
+ print STDOUT $line;
+}</programlisting>
+ <para>¥Î perl ¨Ó±N¤å¦r½s¦¨ QP ½X¡G</para>
+ <programlisting>
+while(defined($line = &lt;STDIN&gt;)) {
+ $line =~ s/([=\x00-\x1F\x80-\xFF])/sprintf("=%02X",ord($1))/ge;
+ print STDOUT $line;
+}</programlisting>
+ </sect2>
+ <sect2 id="base64">
+ <title>BASE64</title>
+ <para>
+ Content-Transfer-Encoding: BASE64</para>
+ <para>
+ BASE64 ªººâªk«Ü²³æ¡A¥¦±N¦r²Å¬y¶¶§Ç©ñ¤J¤@­Ó 24 ¦ìªº½w½Ä°Ï¡A
+ ¯Ê¦r²Åªº¦a¤è¸É¹s¡CµM«á±N½w½Ä°ÏºIÂ_¦¨ 4 ­Ó³¡¤À¡A°ª¦ì¦b¥ý¡A
+ ¨C­Ó³¡¤À 6 ¦ì¡A¥Î¤U­±ªº64­Ó¦r²Å­«·sªí¥Ü¡G
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"¡C
+ ¦pªG¿é¤J¥u¦³¤@­Ó©Î¨â­Ó¦r¸`¡A¨º»ò¿é¥X±N¥Îµ¥¸¹ "=" ¸É¨¬¡C
+ ÁÙ¥i¥H¹jÂ_ªþ¥[ªº«H®§³y¦¨½s½Xªº²V¶Ã¡C³o´N¬OBASE64¡C</para>
+ <screen>
+&prompt.user; <userinput>echo "¤¤¤å" | mmencode</userinput>
+pKSk5Qo=
+&prompt.user; <userinput>echo "pKSk5Qo=" | mmencode -u</userinput>
+¤¤¤å</screen>
+ </sect2>
+ <sect2>
+ <title>¨ä¥L¶Ã½X¡H</title>
+ <para>¥H "¤¤¤å" ¨â¦r¬°¨Ò¡A¾ã²z¤@¤U¥H¤Wªº½s½X·|¥X²{ªºª¬ªp¡G</para>
+ <programlisting>
+uuencode¡G%I*2DY0KQ
+QP¡G=A4=A4=A4=E5
+BASE64¡GpKSk5Qo=</programlisting>
+ <para>¥H¤Î¨ä¥L»y¨¥©ÊªºÂà½X¥i¯à¥X²{ªºª¬ªp¡G</para>
+ <programlisting>
+GB2312¡GÖÐÎÄ(iconv -t GB2312)
+Unicode¡GU+4E2D U+6587
+UCS-2¡GN-e(iconv -t UCS-2)
+UTF-7¡G+Ti1lhw(iconv -t UTF-7)
+UTF-8¡G中æ??(iconv -t UTF-8)
+UTF-16¡G??N-e?(iconv -t UTF16)
+UTF-32¡G??N-e?(iconv -t UTF32)
+CNS11643¡G1-4463 1-4546
+CCCII¡G213034 214258</programlisting>
+ <para>¥t¥~¤@¨Ç¦³ªº¨Sªºµ{¦¡·|¥X²{ªºª¬ªp¡G</para>
+ <programlisting>
+hexdump¡G0000000 a4a4 e5a4 000a
+0000005(hexdump)</programlisting>
+ </sect2>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/message.sgml b/zh_TW.Big5/books/zh-tut/chapters/message.sgml
new file mode 100644
index 0000000000..56cd94fc73
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/message.sgml
@@ -0,0 +1,319 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: message.sgml,v 1.12 2003/11/16 13:15:51 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="message">
+ <title>¤¤¤åªº°T®§</title>
+ <para></para>
+
+ <sect1 id="help-localize">
+ <title>À°§U¥»¦a¤Æ©M½Ķªº¤u§@</title>
+ <para>¥Ø«e FreeBSD ªº¥D­n¤å¥ó¦p¤U¡GFreeBSD Handbook¡AFAQ¡A
+ ports-handbook¡Adevelopers-handbook¡Aarticles¡Amanual¡Awww¡C</para>
+ <para>¦ý¬O¦³Â½Ä¶ªº³¡¥÷¤£¦h¡A¶È¦³ handbook¡AFAQ¡Aports-handbook¡C</para>
+ <sect2 id="handboook">
+ <title>FreeBSD handbook</title>
+ <para>¥»¨Ó¬O¥Ñ FreeBSD ¤¤¤å¤å¥ó­pµe©Ò¥D«ù(FDP)¡A
+ ¾ú¸g ijliao@FreeBSD.ORG¡Afoxfair@FreeBSD.ORG &
+ vanilla@FreeBSD.ORG¡A¥Ø«e¥Ñµ§ªÌ¥N¬°ºûÅ@¤¤¡C</para> <para>WWW: <ulink url="http://www.csie.nctu.edu.tw/~ijliao/handbook.html">
+ ijliao ªº Handbook ½Ķ¤À°tªí</ulink></para> <para>WWW: <ulink url="http://people.freebsd.org/~foxfair/zh-fdp.html">
+ foxfair ªº Handbook ½Ķ¤À°tªí</ulink></para>
+ <para>WWW: <ulink url="http://freebsd.sinica.edu.tw/~statue/zh-fdp/">
+ statue ªº Handbook ½Ķ¤À°tªí</ulink></para>
+ <para>WWW: <ulink url="http://freebsd.sinica.edu.tw/handbook/index.html">
+ ÁcÅé FreeBSD Handbook 4.3</ulink></para>
+ <para>¦Ó¤j³°¤w¸g¦³Â½Ä¶§¹¦¨ªºÂ²Åé Handbook ªº®ÑÄy¥¿¦b³c°â¤¤¡A
+ ¤]¦³¨ä²Å骺 PDF ÀÉ®×¥i¥H´£¨Ñ¤U¸ü¡A§Æ±æ¤j®a¥i¥H°Ñ¦Ò¸Ó®Ñ¡A
+ §â§Ú­ÌªºÁcÅé Handbook ¤]½Ķ§¹¦¨¡C</para>
+ <para>WWW: <ulink url="http://freebsd.sinica.edu.tw/gb2312.php">
+ ²Åé FreeBSD Handbook 4.7</ulink></para>
+ </sect2>
+ <sect2 id="freebsd-faq">
+ <title>FreeBSD FAQ</title>
+ <para>´¿¸g¥Ñ vanilla@FreeBSD.ORG ±a»â½Ķ§¹¦¨¾ã­Ó FAQ¡A
+ ¤£¹L«á¨Ó¨S¦³»PÁ`³¡Ä~Äò§ó·s¡A¤£¹L³Ìªñ¥L¤S¦^¨Ó¤F¡A
+ Ä~Äò»â¾ÉµÛ FAQ ªºÂ½Ä¶¡C</para>
+ <para>WWW: <ulink url="http://fatpipi.cirx.org/~vanilla/fcdp.html">
+ vanilla ªº FAQ ½Ķ¤À°tªí</ulink></para>
+ </sect2>
+ <sect2 id="porters-handbook">
+ <title>FreeBSD Porters Handbook</title>
+ <para>³o¹ï·Q°µ¦Û¤v port ªº¤H¬O¤@¥÷«Ü¦nªº¤å¥ó¡A¤£¹L¥Ø«e©|¥¼Â½Ä¶¡A
+ ¦ý¬O¦³Â²Å骺¨Ï¥ÎªÌ½Ķ¦n¤F¡A¤£¹LÁٻݭn­×¹¢©M¾ã²z¦¨ÁcÅ骺¡C</para>
+ <para>WWW: <ulink url="http://freebsd.sinica.edu.tw/~statue/docs/ports-handbook-gb2312/">
+ ²Åé FreeBSD Porters Handbook</ulink></para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="join-l10n">
+ <title>°Ñ¥[¤¤¤å I18N/L10N ªº­pµe</title>
+ <para>PO ½Ķ¡GGNOME¡AKDE</para>
+ <para>¥Ø«e°ê¤ºÀ°¦£Â½Ä¶°T®§ªº²Õ´¶°¤¤¦b KDE3¡A¦pªG¦³¿³½ì¥i¥H«e©¹
+ <ulink url="http://i18n.linux.org.tw/">
+ http://i18n.linux.org.tw/</ulink> ÂsÄý¥Ø«eªºÂ½Ä¶ª¬ªp¡C</para>
+ </sect1>
+
+ <sect1 id="po">
+ <title>½Ķ PO Àɪ`·N¨Æ¶µ</title>
+ <para>¥H¤UºK¿ý kde3 ½Ķ¤p²Õªº¤@¨Ç«Øij¡A­ì©l¤å¥ó¥i¥H¦b
+ <ulink url="http://www.linux.org.tw/~ycheng/kde/trans-po.txt">
+ http://www.linux.org.tw/~ycheng/kde/trans-po.txt</ulink> §ä¨ì¡C</para>
+ <para>Contributed by pofeng@linux.org.tw</para>
+ <para>Last Update 2003¦~ 5¤ë10¤é ©P¤» 11®É26¤À18¬í CST</para>
+ <para>¼ÐÀY³¡¥÷¡G</para>
+ <para>¨C­Ó po Àɤ@¶}ÀYªº´X¦æ¡A¤j¦h©T©wªøªº¹³©³¤Uªº¼Ë¤l¡A
+ ¨ä¤¤¤ñ¸û­nª`·Nªº´X­Ó¶µ¥Ø¬°¡G</para>
+ <programlisting>
+==== ¼ÐÀY½d¨Ò ===============================================================
+# traditional Chinese translation for XXX.
+# Pofeng Lee &lt;pofeng@linux.org.tw&gt;, 2001-2002.
+# Abel Cheung &lt;maddog@linux.org.hk&gt;, 2002.
+# Yuan-Chung Cheng &lt;platin@ms.ccafps.khc.edu.tw&gt;, 1998.
+msgid ""
+msgstr ""
+"Project-Id-Version: XXX X.X.X\n"
+"POT-Creation-Date: 2001-07-23 14:32-0400\n"
+"PO-Revision-Date: 2001-08-27 15:53+0800\n"
+"Last-Translator: Chung-Yen Chang &lt;candyz@linux.org.tw&gt;\n"
+"Language-Team: Chinese (traditional) &lt;zh-l10n@linux.org.tw&gt;\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+=============================================================================
+</programlisting>
+ <itemizedlist>
+ <listitem><para>
+ <option>PO-Revision-Date:</option>
+ ¦¹Äæ¦ì´N½Ð¶ñ¤J±z½Ķ®Éªº¤é´Á®É¶¡
+ </para></listitem>
+ <listitem><para>
+ <option>Last-Translator:</option>
+ ³Ì«á½Ķªº¤H¡A­Y±z¬O³Ì«á½ªº¤H¡A´N¶ñ¤J±zªº¸ê®Æ¡A¥H«KÅý¤H¦³ºÃ°Ý®É¥i¥H³sµ¸ªº¤W¡C
+ ¦Ü©ó¤§«e½ĶªÌªº¸ê®Æ¸Ó¦p¦ó³B²z©O¡H
+ ©Î³\¤ñ¸û¦nªº¤è¦¡¡A±z¥i¥H§â¥Lªº¸ê®Æ©ñ¦b³Ì«e­±¡A¨Ã±N¸Ó¦æ¥H # ¶}ÀYµù¸Ñ°_¨Ó¡A
+ ¦p¦b po Àɪº³Ì«e­±´X¦æ¥[¤J³o¼Ëªº¸ê°T¡G
+ <programlisting>
+# Translator: aaa &lt;aaa@aaa.com&gt;, bbb &lt;bbb@bbb.com&gt;
+# ccc &lt;ccc@ccc.com&gt;
+# ddd &lt;ddd@ddd.com&gt;</programlisting>
+ </para></listitem>
+ <listitem><para>
+ <option>Language-Team:</option>
+ ­Y­ì¥»¤w¬O Chinese (traditional) &lt;zh-l10n@linux.org.tw&gt; ¨º´N¤£¶·­nÅÜ°Ê¡A
+ ­Y¬O·sªº po ÀÉ¡A«h¥i¥H±N¨ä§ï¬° Chinese (traditional) &lt;zh-l10n@linux.org.tw&gt;
+ ªí¥Ü³o¬O¥Ñ§Ú­ÌÁcÅ餤¤åªºÂ½Ä¶¤p²Õ©Ò½Ķªº¡C
+ </para></listitem>
+ <listitem><para>
+ <option>Content-Type: text/plain; charset=utf-8</option>
+ ¦r¤¸¶°³¡¥÷¡AKDE3 ¥Î utf-8¡Agnome & gnu ¥Ø«eÁÙ¦b¥Î big5¡C
+ </para></listitem>
+ <listitem><para>
+ <option>Content-Transfer-Encoding: 8bit</option>
+ encoding ³¡¥÷§Ú­Ì¤¤¤å¦r³£¬O¥Î 8bit¡C
+ </para></listitem>
+ </itemizedlist>
+ <para>½Ķ´£¥Ü(hint) (ª`·N, ³o¬O KDE ¿W¦³ªº extention)¡A
+ ¦p©³¤Uªº½d¨Ò¡A¦b msgid ¤¤±z·|¬Ý¨ì¦³ "_:" ¶}ÀYªº¦r¦ê¡A
+ ¤Z¥H "_:" ¶}ÀYªº§Yªí¥Ü¤§«áªº¦r¦ê¬O½Ķªº´£¥Ü¡A
+ ³o³¡¥÷¬Oµ¹±z°Ñ¦Ò¥Îªº¡A©Ò¥H±z¥u­n½Ķ "Screen at %1" ³o¦æ§Y¥i¡C</para>
+ <programlisting>
+==== ½Ķ´£¥Ü(hint)½d¨Ò =====================================================
+#: ui/konsole_mnu.cpp:85
+#, c-format
+msgid ""
+"_: Screen is a program controlling screens!\n"
+"Screen at %1"
+msgstr ""
+"µøµ¡©ó %1"
+=============================================================================</programlisting>
+ <para>½ĶªÌªº©m¦W¤Îe-mail:
+ ¦p¤Uªº½d¨Ò¡A­Y¸I¨ì³o¼Ëªºª¬ªp¡A½Ð¶ñ±z¦Û¤vªº©m¦W¤Îe-mail¡A
+ ¤d¸U¤£­n§â¥¦µ¹Â½¦¨¤F "±zªº©m¦W"¡B"±zªº¹q¤l¶l¥ó±b¸¹"¡C
+ ref: <ulink url="http://i18n.kde.org/translation-howto/getting-credit.html">
+ Getting Credit for Your Work</ulink></para>
+ <programlisting>
+==== ½ĶªÌªº©m¦W¤Îe-mail½d¨Ò ===============================================
+#: _translatorinfo.cpp:1
+msgid ""
+"_: NAME OF TRANSLATORS\n"
+"Your names"
+msgstr ""
+"±i±RÄY, ±i¤T"
+
+#: _translatorinfo.cpp:3
+msgid ""
+"_: EMAIL OF TRANSLATORS\n"
+"Your emails"
+msgstr ""
+"candyz@linux.org.tw,someone@linux.org.tw"
+# ^ µù: ¬°¤F¹ï»ô, ­^¤å³rÂI«á¤Å¯dªÅ¥Õ
+=============================================================================</programlisting>
+ <para>HTML TAG ³¡¥÷:
+ ¦p©³¤U½d¨Ò¡A­Y¦³ &lt;p&gt;&lt;b&gt; µ¥ HTML TAG¡A
+ ±z¥²¶·«O¯d¨ä»yªk³¡¥÷¡C</para>
+ <programlisting>
+==== HTML TAG ³¡¥÷½d¨Ò ======================================================
+#: toplevel.cpp:110
+msgid "&lt;p&gt;&lt;b&gt;What can I do?&lt;/b&gt;&lt;/p&gt;&lt;p&gt;%1&lt;/p&gt;>"
+msgstr "&lt;p&gt;&lt;b&gt;§Ú¯à°µ¤°»ò?&lt;/b&gt;&lt;/p&gt;&lt;p&gt;%1&lt;/p&gt;"
+=============================================================================</programlisting>
+ <para>§Ö³tÁ䳡¥÷:
+ ¦p©³¤U½d¨Ò¡A­Y¦³¬Ý¨ì "&amp;" ¶}ÀYªº¦a¤è¡A¦p &amp;D¡A
+ «hªí¥Ü³o¥i¯à¬O¿ï³æ¤¤ªº¬Y§Ö³tÁä¡A
+ §Ú­Ì¥i¥H«ö alt + d Áä¨Ó§Ö³t°õ¦æµ¥µ¥¡A
+ ¦¹³¡¥÷ªºÂ½Ä¶¤è¦¡¡A§Ú­Ì«h¬O¦b³Ì«á­±¥[¤W "(&amp;D)" ¨Óªí¥Ü¡C</para>
+ <programlisting>
+==== §Ö³tÁ䳡¥÷½d¨Ò =========================================================
+#: toplevel.cpp:61
+msgid "&amp;Debugger"
+msgstr "°£¿ù¾¹(&amp;D)" # (&amp;D) ¤§«e¤£¯dªÅ®æ
+#: toplevel.cpp:61
+msgid "&amp;Debugger..."
+msgstr "°£¿ù¾¹(&amp;D)..." # ... ¬O¥b§Î ; (&amp;D) ­n©ñ¦b ... ¤§«e"
+#: toplevel.cpp:61
+msgid "&amp;Debugger:"
+msgstr "°£¿ù¾¹(&amp;D):" # : ¬O¥b§Î ; (&amp;D) ­n©ñ¦b : ¤§«e"
+=============================================================================</programlisting>
+ <para>c-format ³¡¥÷:
+ ¦p©³¤U½d¨Ò¤¤ªº %1¡B%2 µ¥ÅܼơA¤£¤@©w %1 ´N¤@©w¦b«e %2 ¦b«á¡A
+ ¥i¥Hµø½Ķªº¤åªk¥y«¬°µ¾A·íªº½Õ¾ã¡C</para>
+ <programlisting>
+==== c-format ³¡¥÷½d¨Ò ======================================================
+#, c-format
+msgid "%1 is beated by %2"
+msgstr "%2 À»±Ñ %1"
+
+msgid "%s is beated by %s"
+msgstr "%2$s À»±Ñ %1$s"
+ ^^^^ ----------------> ½Ðª`·N, %2$s ¥Nªíªº¬O msgid ¤¤²Ä¤G­Ó %s
+=============================================================================</programlisting>
+ <para>fuzzy(¼Ò½k)³¡¥÷:
+ ­Y¬Ý¨ì "#, fuzzy"¡A«hªí¥Ü³o³¡¥÷ªºÂ½Ä¶¬O¹q¸£¦Û°Ê²q´úÀ°±z½ªº¡A
+ ¦³®É­Ô·|¹ï¡A¦ý¤]¦³®É·|¿ùªº«ÜÂ÷ÃСA¦]¦¹¡A±z¥²¶·Àˬd¤@¤U¡A
+ ¨Ã°µ¾A·íªºÂ½Ä¶½Õ¾ã½Õ¾ã§¹«á¡A¤]­n°O±o§â "#, fuzzy" ¨º¦æµ¹®³±¼¡C</para>
+ <programlisting>
+==== fuzzy(¼Ò½k)³¡¥÷½d¨Ò ====================================================
+#: ../partitioning.py:1425
+#, fuzzy
+msgid ""
+"You are about to delete a RAID device.\n"
+"\n"
+"Are you sure?"
+msgstr "±z¥²¶·¿ï¾Ü¤@­ÓºÏºÐ°}¦C¸Ë¸m"
+
+#: ../partitioning.py:1428
+#, fuzzy, c-format
+msgid ""
+"You are about to delete the /dev/%s partition.\n"
+"\n"
+"Are you sure?"
+msgstr "±z½T©w­n§R°£³o­Ó¤À³Î°Ï¶Ü"
+=============================================================================</programlisting>
+ <para>²^¨O³¡¥÷:
+ ¦³¨Ç¦bª©¥»¤¤¦³ªº°T®§¡A¦ý¦b·sª©¥»¤¤¤w¸g¨S¦³¤F¡A¦]¦¹³o³¡¥÷´N¨S¦³¥Î¤F¡A
+ ·|¥X²{¦b¾ã­Ó po Àɪº³Ì«á­±³¡¥÷¡A³£¥H "#~" ¬°¶}ÀY¡A
+ Ãö©ó³o³¡¥÷¡A±z¥i¥H±N¥¦§R°£±¼¡A©Î¬O¤]¥i¥H±N¨ä«O¯d¡A·í°µ¤é«á°Ñ¦Ò¥Î¤]¦æ¡C</para>
+ <programlisting>
+==== ²^¨O³¡¥÷½d¨Ò ===========================================================
+#~ msgid "&amp;About"
+#~ msgstr "Ãö©ó(&amp;A)"
+
+#~ msgid "Panel Menu"
+#~ msgstr "­±ªO¿ï³æ"
+
+#~ msgid "Settings..."
+#~ msgstr "³]©w..."
+
+#~ msgid "Legacy Application"
+#~ msgstr "¶Ç²ÎÀ³¥Îµ{¦¡"
+=============================================================================</programlisting>
+ <para>³æ¼Æ½Æ¼Æ:
+ ¤¤¤å¨S¦³³æ¼Æ½Æ¼Æªº°ÝÃD¡A½Ðª½±µ¶ñ msgstr[0] §Y¥i¡C</para>
+ <programlisting>
+==== ³æ¼Æ½Æ¼Æ½d¨Ò ===========================================================
+msgid "found %d fatal error"
+msgid_plural "found %d fatal errors"
+msgstr[0] "§ä¨ì¤F %d ­Ó­«¤jªº¿ù»~"
+=============================================================================</programlisting>
+ <para>¨ä¥Lºî¦X«Øij:</para>
+ <para>¼ÐÂI²Å¸¹½Ð¾¨¶q¥Î¥þ§Î¼ÐÂI²Å¸¹¡A¦ýÄæ¦W§Àªº«_¸¹«h¥Î¦^¥b§Î¡C</para>
+ <para>´£¥Ü­n¥Î "±z" ¨ú´À "§A"¡C</para>
+ <para>½sĶ: msgfmt -cv xxx.po -o /dev/null</para>
+ <para>¦w¸Ë: msgfmt -cv xxx.po -o /usr/share/locale/zh_TW/LC_MESSAGES/xxx.mo</para>
+ <para>´ú¸Õ: LC_MESSAGES=zh_TW.Big5 xxx ;</para>
+ <para>°Ñ¦Ò¸ê®Æ:</para>
+ <para>The KDE Translation HOWTO <ulink url="http://i18n.kde.org/translation-howto/">
+ http://i18n.kde.org/translation-howto/</ulink></para>
+ <para>½Ķ¤u¨ã KBabel <ulink url="http://i18n.kde.org/tools/kbabel/">
+ http://i18n.kde.org/tools/kbabel/</ulink></para>
+ </sect1>
+
+ <sect1 id="manual">
+ <title>¤¤¤å manual page</title>
+ <para><application>groff</application> ¦³ <option>-Tlatin1</option>
+ ¿ï¶µ¡A¥Ø«e³z¹L³o­Ó¿ï¶µ¨ÓÅã¥Ü¤¤¤å¡C</para>
+ <para>¥Ø«eÁÙ¨S¦³¤¤¤å manual page ªºÁcÅé½Ķ­pµe¡A¤£¹L¦³Â²Å骺¡A
+ ¤U­±¬O¤@­Ó½Ķ»P¨Ï¥Îªº½d¨Ò¡G</para>
+ <programlisting>
+.Dd January 15, 1991
+.Dt APROPOS 1
+.Os
+.Sh NAME
+.Nm apropos ,
+.Nm whatis
+.Nd ·j´M whatis ¸ê®Æ®w
+.Sh ¥Îªk·§­n
+.Nm apropos
+.Ar ÃöÁä¦r ...
+.Nm whatis
+.Ar ÃöÁä¦r ...
+.Sh ¸Ô²Ó¸Ñ»¡
+.Nm
+¥Ñ«ü©wªºÃöÁä¦r¡A´M§ä¤@²Õ§t¦³¨t²Î©R¥O²µu´y­zªº¸ê®Æ®wÀɮסA
+¨Ã¥B±Nµ²ªGÅã¥Ü©ó¼Ð·Ç¿é¥X¡C
+.Nm whatis
+¥uÅã¥Ü¾ã­Ó¦r§¹¥þ²Å¦Xªºµ²ªG¡C
+.Sh ¶Ç¦^­È
+.Nm
+³o­Ó©R¥O¦b¦¨¥\\®É¶Ç¦^ 0¡A¦pªG§ä¤£¨ì²Å¦XªºÃöÁä¦r«h¶Ç¦^ 1¡C
+.Sh ½Ð°Ñ¦Ò
+.Xr makewhatis 1 ,
+.Xr man 1</programlisting>
+ <screen>
+&prompt.root; <userinput>mkdir -p /usr/local/man/zh_TW.Big5/man1</userinput>
+&prompt.root; <userinput>cd /usr/local/man/zh_TW.Big5/man1</userinput>
+&prompt.root; <userinput>zcat /usr/share/man/man1/whatis.1.gz &gt; whatis.1</userinput>
+&prompt.root; <userinput>vi whatis.1</userinput>
+&prompt.root; <userinput>cat whatis.1 | groff -man -Tlatin1</userinput></screen>
+ <figure>
+ <title>man snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/man" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ ¥Ø«e¦b outta-ports ¤¤¦³Ãþ¦üªº´ú¸Õ port¡A¥i¥H¸Õ¥Î¬Ý¬Ý¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/man-doc</userinput>
+&prompt.root; <userinput>make install clean</userinput>
+&prompt.root; <userinput>cman whatis</userinput></screen>
+ <para>
+ WWW: <ulink url="http://www.cmpp.net/">
+ CMPP ¤¤¤åMAN-PAGE­p¹º</ulink>(²Åé)</para>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/multimedia.sgml b/zh_TW.Big5/books/zh-tut/chapters/multimedia.sgml
new file mode 100644
index 0000000000..7c8fd53c94
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/multimedia.sgml
@@ -0,0 +1,112 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: multimedia.sgml,v 1.25 2003/11/29 02:50:55 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="multimedia">
+ <title>¤¤¤å¦h´CÅé³nÅé</title>
+ <para></para>
+
+ <sect1 id="mplayer">
+ <title>mplayer</title>
+ <para>Last Update: 2003¦~ 1¤ë16¤é ©P¥| 02®É53¤À21¬í CST</para>
+ <para>
+ ¤ä´©¤F²³¦h¹q¼v¼½©ñ®æ¦¡¡AÁ|¤Z±`¨£ªº mpeg¡Adat ©M·L³nªº avi¡A
+ ´N³s²{¦b³Ì·sªº divx4 ¤]ª½±µ¤ä´©¡C</para>
+ <para><filename role="package">multimedia/mplayer</filename> ªº¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/multimedia/mplayer</userinput>
+&prompt.root; <userinput>make WITH_LANG=zh install clean</userinput></screen>
+ <para>¥Ø«eÅý mplayer ¯à°÷Åã¥Ü¤¤¤å¦r¹õªº¤è¦¡¦³¤TºØ¡A
+ «e¨âºØ¨Ï¥Î mplayer ¦Û­qªº¦r«¬ÀÉ¡A¥Ø«e¤w¸g¤Ö¥Î¡C
+ ¤@­Ó¬O¦w¸Ë¥Ñ mplayer ©Ò´£¨Ñªº¦r«¬ÀÉ¡A
+ ¥i¥H¦b <ulink url="ftp://ftp.mplayerhq.hu/MPlayer/contrib/fonts/chinesefonts">
+ ftp://ftp.mplayerhq.hu/MPlayer/contrib/fonts/chinesefonts</ulink>
+ §ä¨ì¡A¥t¤@­Ó´N¬O¨Ï¥Î
+ <filename role="package">chinese/mplayer-fonts</filename>
+ ¨Ó±N TrueType Âà´«¦¨ mplayer ©Ò»Ý­nªº¦r«¬ÀÉ¡C</para>
+ <para>ª½±µ¨Ï¥Î mplayer ©Ò´£¨Ñªº¦r«¬ÀÉ¡A¥i¥H¨ì¤W­zªººô§}¤¤§ä±z­nªº»y¨¥¡A
+ ¥HÁcÅé·¢®Ñ¬°¨Ò´N¬O big5-kai.tar.bz2¡A
+ ¤U¸ü«á¸Ñ¶}·|¥X²{ big5-kai ªº¥Ø¿ý´N¥H¥Î¤F¡C
+ ¤U­±ªº¨Ò¤l¨Ï¥Î§ºÅé 16pt ¨ÓÅã¥Ü¤¤¤å¦r¹õ¡AÁÙ¦³§ºÅé 24pt ¥i¥Î¡A©Î¬O¤¤·¢
+ bkai00mp16 »P bkai00mp24¡C²Åé¦r¹õ¥i¥H¥Î iconv µ¥³nÅéÂà´« .srt¡A
+ ±N²ÅéÂà´«¦¨ÁcÅé¡A©Î¬O¨Ï¥Î gbsn00lp16 µ¥¦r«¬¨ÓÆ[½à¡C</para>
+ <screen>
+&prompt.root; <userinput>mplayer -font /usr/local/share/mplayer/fonts/big5-ming/bsmi00lp16/font.desc -sub 1.srt -unicode 1.avi</userinput></screen>
+ <note><para>¦pªG­n¥þ¿Ã¹õ«ö <command>f</command> ´N¥i¥HÅo¡C<para></note>
+ <para>³Ì«á¤@­Ó´N¬O¦b½sĶ mplayer ªº®É­Ô¡A«ü©w mplayer ¨Ï¥Î freetype¡A
+ Åý¥L¯àª½±µ¨Ï¥Î TrueType ¦r«¬¡A¦ý¬O¤@¦ý«ü©w¤F¨Ï¥Î freetype¡A
+ ´N¤£¯à¿ï¾Ü¨Ï¥Î mplayer ªº¦r«¬ÀÉ¡C
+ ¥Ø«eªº <filename role="package">multimedia/mplayer</filename>
+ ¤w¸g¹w³] WITH_FREETYPE ¤F¡A¤£»Ý­n¦w¸Ë¤¤¤å¦r¹õ¦r«¬¡C<para>
+ <screen>
+&prompt.root; <userinput>ln -s /usr/local/share/fonts/TrueType/bsmi00lp.ttf ~/.mplayer/subfont.ttf</userinput>
+&prompt.root; <userinput>mplayer -subcp cp950 -sub 1.srt 1.avi</userinput></screen>
+ <figure>
+ <title>mplayer snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/mplayer" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://www.mplayerhq.hu/">
+ http://www.mplayerhq.hu/</ulink></para>
+ </sect1>
+
+ <sect1 id="xmms">
+ <title>xmms - mp3 ¼½©ñ³nÅé</title>
+ <para>
+ mp3 ¼½©ñ³nÅé¡A¦³ <application>Winamp</application>
+ ªº¦n¬Ý¤¶­±¡A¥i¥H¬Ý¨ì¤¤¤åªº¿ïºq³æ¡A
+ ¤¶­±¤]¬O¤¤¤åªº¡A¥Ø«e¥i¥Hºt«µ mpeg1¡Bmpeg2¡Bmpeg3¡Bwav¡B
+ au ©M CD audio¡C¤]¥i¥H¸g¥Ñ <application>xmms</application>
+ ªº¥~±¾¨Ó¨Ï¥Î¨ä¥Lªº®æ¦¡¡A
+ ¨Ò¦p¡G<application>xmms-mikmod</application>¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/xmms</filename>¡C</para>
+ <para>¦w¸Ë§¹¦pªGµo²{¿ï¶µ¤¤¤å¦³°ÝÃD¡AÀ˹î¤@¤U¬O§_¦³³]©w
+ <filename>~/.gtkrc</filename>¡A
+ ¦pªG¨S¦³½Ð°Ñ¦Ò <link linkend="gnome">GNOME µ{¦¡ªº¤¤¤å¤ä´©</link>¡A
+ ¦pªG¬O PlayList ¤¤¤å¦³°ÝÃD¡AÀ˹î¤@¤U
+ <filename>~/.xmms/config</filename> ªº
+ <option>playlist_font</option> »P <option>mainwin_font</option>¡A
+ ³q±`µ§ªÌ³£¬O¦p¤Uªº³]©w¡G</para>
+ <screen>
+playlist_font=-adobe-helvetica-bold-r-*-*-10-*,-*-medium-r-*-12-*-big5-0
+use_fontsets=TRUE
+mainwin_use_xfont=TRUE
+mainwin_font=-adobe-helvetica-medium-r-*-*-8-*,-*-medium-r-*-12-*-big5-0</screen>
+ <note><para>¦b KDE ©³¤U°õ¦æ XMMS ¦³®É·|¥X²{µLªk¶}±Ò­µ®Äªº¿ù»~¡A
+ ¶i¤J XMMS ªº°¾¦n³]©w¡A±N¿é¥Xªº¼Ò²Õ§ï¬° arts §Y¥i¡A
+ ¦]¬°¦b KDE ¤UºÞ²zÁn­µªº¦øªA¾¹¬O arts¡C</para></note>
+ <para>SKIN ªº³¡¤À¥h <ulink url="http://www.xmms.org/skins.html">
+ http://www.xmms.org/skins.html</ulink> §ä¤@¤U³ßÅwªº SKIN §a¡A
+ ¤U¸ü¤U¨Ó«á¡A±N¸ÓÀɮ׫þ¨©¦Ü <filename>~/.xmms/Skins</filename>
+ ´N¥i¥H¤F¡C</para>
+ <figure>
+ <title>xmms snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/xmms" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://www.xmms.org/">http://www.xmms.org/</ulink>
+ </para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/net.sgml b/zh_TW.Big5/books/zh-tut/chapters/net.sgml
new file mode 100644
index 0000000000..3754d77df4
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/net.sgml
@@ -0,0 +1,859 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: net.sgml,v 1.89 2003/12/01 20:21:54 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="net">
+ <title>¤¤¤åºô»Úºô¸ô³nÅé</title>
+ <para></para>
+
+ <sect1 id="bind8">
+ <title>bind8</title>
+ <para>chinese bind8 is just for 8-bit Domain Name , nothing need to document.</para>
+ <para>¦w¸Ë <filename role="package">chinese/bind8</filename>¡C</para>
+ </sect1>
+
+ <sect1 id="samba">
+ <title>samba - ºô¸ôªÚ¾F¡A¸ê·½¤À¨Éµ{¦¡</title>
+ <para>Last Update: 2003¦~ 1¤ë25¤é ©P¤» 12®É24¤À45¬í CST</para>
+ <para>
+ <application>samba</application> ¬O¤@­Ó¯à§â±zªº Unix
+ ¹q¸£©M¨ä¥L MS Windows ¹q¸£¬Û¤¬¦@¨É¸ê·½ªº³nÅé¡C </para>
+ <para>
+ <application>samba</application> ´£¨Ñ¦³Ãö©ó¸ê·½¤À¨Éªº¤T­Ó¥\¯à¡C
+ ¥]¬A <command>smbd</command>¡A°õ¦æ¤F¥¦¡A´N¥i¥H¨Ï³o¥x
+ Unix ¯à°÷¦@¨É¸ê·½µ¹¨ä¥Lªº¹q¸£¡A¦Ó <command>smbclient</command>
+ ´N¬OÅý³o¥x Unix ¥h¦s¨ú¨ä¥L¹q¸£ªº¸ê·½¤F¡A³Ì«á¤@­Ó
+ <command>smbmount</command>¡A«h¬OÃþ¦ü MS Windwos
+ ¤U¡yºô¸ôºÏºÐ¾÷¡zªº¥\¯à¡A¥i¥HÅý±z§â¨ä¥L¹q¸£ªº¸ê·½
+ ±¾¦b¦Û¤vªºÀɮרt²Î¤U¡C </para>
+ <para>¦w¸Ë <filename role="package">net/samba</filename>¡C</para>
+ <para>
+ ³]©wÀɭקï <filename>/usr/local/etc/smb.conf</filename>¡A
+ ¤~ºâ§¹¾ã¤ä´©¤¤¤å¡A¦b [global] ¤¤§ä¨ì <option>for Traditional
+ Chinese Users</option> ªº³]©w°Ï¡A±N <option>client code
+ page=950</option> «e­±ªº ; ®³±¼
+ ¡A¤£­n°Ê <option>coding system=cap</option>¡A¨Ã¦b«á­±¥[¤W
+ <option>valid chars = 0xb9</option>¡C </para>
+ <programlisting>
+[global]
+# for Traditional Chinese Users
+client code page=950
+; coding system=cap
+valid chars = 0xb9 </programlisting>
+ <para>Ãö©ó valid chars = 0xb9¡A³o­Ó¦n¹³¬O«Ü¤[«e¹J¹Lªº¤@­Ó¤p°ÝÃD¡A
+ ¦pªG±z¦b smb.conf ¤¤³]©w "workgroup = ¹q¸£"¡A
+ ³o®É­Ô¥ÎºôªÚ¥hÂsÄý·|µo²{¥X²{ªº¬O "¹Q¸£"¡A
+ ¹q=0xb971 ¹Q=0xb951 q=0x71 Q=0x51¡A
+ samba ¦b¹J¨ì 0xb9 «á¡A¦Û°Ê§â¤U¤@­Ó¦r¤¸Âন¤j¼g¤F¡A
+ ¦pªG³]©w valid chars = 0xb9 ´N·|¥¿±`¡C</para>
+ <para>¦Ó³oÃä·|¥X²{ <option>coding system=cap</option> «h¬O¤Ñ¤jªº¿ù»~¡A
+ ¤Q¤À®e©ö»~¾É¨Ï¥ÎªÌ¡A¥H¤UºK¿ý <filename>smb.conf.5</filename>¡G</para>
+ <programlisting>
+coding system (G)
+
+ This parameter is used to determine how incoming Shift-JIS Japanese
+ characters are mapped from the incoming client code page used by the
+ client, into file names in the UNIX filesystem. Only useful if client
+ code page is set to 932 (Japanese Shift-JIS). The options are :
+
+ * CAP - Convert an incoming Shift-JIS character to the 3 byte
+ hex representation used by the Columbia AppleTalk Program (CAP),
+ i.e. :AB. This is used for compatibility between Samba and CAP.
+
+Default: coding system = &lt;empty value&gt;</programlisting>
+ <para>¦bºôªÚ¤Wªº¦WºÙ³q±`³£­n¦Û¤v¥[¤W <option>netbios name =
+ Elf</option>¡A¨ä¤¤ªº Elf ´N¬OºôªÚ¤Wªº¦WºÙ¡C </para>
+ <para>¥t¤@­Ó samba ªº¤¤¤å°ÝÃD¬O <filename>smb.conf</filename>
+ ¤£¯à³]©w¬Y¨Ç¦r¬° Section¡A¨Ò¦p¡G</para>
+ <programlisting>
+;[³]­p»P¬ì§Þ]
+[­p»P¬ì§Þ]
+ comment= ³]­p»P¬ì§Þ
+ browseable = yes
+ path = /home/design
+ read only = yes
+ guest ok = yes</programlisting>
+ <para>¦]¬° "³]" ªº²Ä¤G­Ó¦r¤¸¬O "]" »P samba ªº Section ¦r¤¸½Ä¬ð¡A
+ ©Ò¥H¸Ñ¨Mªº¤èªk´N¬O¥h­×§ï <filename>source/param/param.c</filename>¡G</para>
+ <programlisting>
+--- params.c.orig Mon May 12 19:46:29 2003
++++ params.c Mon May 12 20:37:24 2003
+@@ -297,6 +297,15 @@
+ i = end + 1;
+ c = EatWhitespace( InFile );
+ }
++ else if ( c > 0x80 )
++ {
++ bufr[i++] = c;
++ end = i;
++ c = mygetc( InFile );
++ bufr[i++] = c;
++ end = i;
++ c = mygetc( InFile );
++ }
+ else /* All others copy verbatim. */
+ {
+ bufr[i++] = c;</programlisting>
+ <para>samba ¤j³¡¤Àªºµ{¦¡³£¦³¤¤¤å°ÝÃD¡A»Ý­n§ó¦h¤H¥h patch¡A
+ ¹³¬O smbclient ¥h¬Ý MicroSoft ªº¤¤¤å¸ê®Æ§¨·|¬O©³½u(_)¡C</para>
+ <note><para><application>samba</application> ¬O¥ÎTCP/IP³q°T¨ó©w¡A©Ò¥H¦b
+ MS WindowsºÝªº¹q¸£¤]­n¸Ë¤WTCP/IP¨ó©w¡A¤£µM´N¤£¯à¥ÎÅo¡C</para></note>
+ <para>¦Ó samba 3.x ªº³¡¤À¥i¥H³z¹L samba-devel ¨Ó¦w¸Ë¡A
+ ¦ý¬O¹w³]¨S¦³¤ä´© I18N¡A©Ò¥H¥²¶·³z¹L¥H¤Uªº¤è¦¡¨Ó¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/net/samba-devel</userinput>
+&prompt.root; <userinput>make -DWITH_LIBICONV all install clean</userinput></screen>
+ <programlisting>
+mangling method = hash
+unicode = on
+dos charset = UCS-2LE
+unix charset = CP950
+display charset = CP950</programlisting>
+ <para>WWW: <ulink url="http://www.samba.org/">
+ http://www.samba.org/</ulink> </para>
+ <para>Online Book - Using Samba:
+ <ulink url="http://www.oreilly.com/catalog/samba/">
+ http://www.oreilly.com/catalog/samba/</ulink> </para>
+ <para>¦pªG­n¤è«Kªº¨Ï¥ÎºôªÚ¤WªºªF¦è¡A´N­n¸Ë
+ <application>smbfs</application> ³o­Ó³nÅé¡A¦b
+ <filename>net/smbfs</filename> ©³¤U¡A¸Ë¦n«áÁٻݭn­«½s kernel¡A
+ ±N <option>options LIBMCHAIN</option> ©M
+ <option>options LIBICONV</option> ½s¶i¥h¤~¦æ¡C
+ 4.5-RELEASE ¤§«á¤w¸g¤£»Ý­n­«·s½sĶ kernel ¤F¡C</para>
+ <para>µM«á¥u­n¥Î <command>mount_smbfs -I host //user@server/share
+ /smb/node</command> ´N¥i¥H¤è«Kªº¨Ï¥ÎºôªÚÅo¡C</para>
+ </sect1>
+
+ <sect1 id="konqueror">
+ <title>Konqueror - KDE ¤º«ØªºÂsÄý¾¹</title>
+ <para>
+ <application>Konqueror</application> ¬O
+ <application>KDE</application> ¤º«ØªºÂsÄý¾¹¡A
+ ¦b¦U¤è­±ªº¤ä«ù³£³£¤Q¤À§¹µ½¡C</para>
+ <figure>
+ <title>konqueror snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/konqueror" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="mozilla">
+ <title>mozilla-tclp - Mozilla ÁcÅ餤¤å»y¨¥¥]</title>
+ <para>Mozilla ¬O¤@­Ó¶}©ñ­ì©l½Xªººô­¶ÂsÄý¾¹¡A³]­p¤è¦V¬O¶¶±q¼Ð·Ç¡B
+ °ª©Ê¯à©M¥i²¾´Ó©Ê¡C </para>
+ <para>Mozilla ÁcÅ餤¤å»y¨¥¥](Traditional Chinese Language Pack)
+ ´£¨Ñ¤@­Ó L10N ªºÀô¹Òµ¹ Big5 ªº¨Ï¥ÎªÌ¡C </para>
+ <para>¦b¦w¸Ë§¹«á¡A¿ï¾Ü View -&gt; Languages and Web Content -&gt; Tradition
+ Chinese (zh-TW)¡AµM«áÃö³¬«á±q¶}´N¦³¤¤¤åªº¤¶­±¤F¡C</para>
+ <para><application>Mozilla</application>
+ ¦b¤¤¤å¿é¤J¤ÎÅã¥Ü¤è­±¨Ã¨S¦³¤°»ò°ÝÃD¡A¦ý¦b¦C¦L³¡¥÷¡A½Ð­×§ï¤@¤U
+ <filename>/usr/X11R6/lib/mozilla/defaults/pref/unix.js</filename>
+ ¥[¤J¤¤¤åªº ps font ¡G</para>
+ <programlisting>
+pref("print.psnativecode.zh-TW", "big5");
+pref("print.psnativefont.zh-TW", "ShanHeiSun-Light-ETen-B5-H");</programlisting>
+ <para>¨Ã¦w¸Ë print/adobe-cmaps »P print/ghostscript-gnu-commfont
+ ¨ú±o ETen-B5-H ªº CMap name¡A
+ ¥H¤Î±N <filename>bsmi00lp.ttf</filename> ¥Î
+ <command>ttfm.sh --add bsmi00lp.ttf</command> ¨ú±o
+ ShanHeiSun-Light ªº CIDFont name¡A³o¬O CID-Keyed Font
+ ªº¨â­Ó²Õ¦¨­n¯À¡C¤]¥i¥H¥Î <command>ttfm.sh --list | grep ETen-B5-H
+ </command> ¨Ó¬Ý¬Ý¦³¨º¨Ç¥i¥H¥Îªº¦r«¬¡C</para>
+ <para>¦pªGª½±µ¥Î½s¿è¾¹¥h¬Ý .ps «h·|µo²{¦³¤@¬q¡G</para>
+ <programlisting>
+/Unicode2NativeDictzh-TW 0 dict def
+/zh-TW_ls {
+ /NativeFont /ShanHeiSun-Light-ETen-B5-H def
+ /UCS2Font /Courier def
+ /Unicode2NativeDict Unicode2NativeDictzh-TW def
+ /unicodeshow1 { real_unicodeshow } bind def
+ /unicodeshow2 { real_unicodeshow_native } bind def
+} bind def</programlisting>
+ <para>¨Ã¥B­ì¨Óªº default_ls ·|Åܦ¨ zh-TW_ls¡C</para>
+ <para>¦b 0.9.8 ®É©Ò¥Îªº¬O <option>print.psnativecode.zh-TW</option>
+ ©M <option>print.psnativefont.zh-TW</option>¡A¨ì¤F 0.9.9
+ ¤À±o§ó²Ó¡Aps ³æ¿W·í¤@¡u¼h¡v¡AÅܦ¨
+ <option>print.postscript.nativecode.zh-TW</option> ©M
+ <option>print.postscript.nativefont.zh-TW</option>¡C</para>
+ <para>¥t¥~¸ÑÄÀ¤@¤U ports ¤¤ files/ ©³¤UªºªF¦è¡CMozilla §â¥¦ªº
+ resource ¥Î¤@ºØ«Ü¯S®íªº¾÷¨îºÞ²z¡C·í§Ú­Ì¦w¸ËªF¦è®É¡A¥¦·|°O¿ý¨ì
+ installed-chrome.txt (©Ò¥H files ©³¤Uªº³o­ÓÀÉ°¸º¸·|ÅÜ¡A¦]¬°
+ language pack ¤º®e­Y¦³·s¼W/§R§ï¥¦¤]·|¸òµÛÅÜ)µM«á¡A
+ all-locales.rdf ¤Î user-locales.rdf (¦s¦b©ó¥H«e keith ªº tclp)
+ ¬O Mozilla °Ñ¦Ò installed-chrome.txt ¦Ó°µ¥X¨ÓªºÀɮסC
+ ©Ò¥H³o¨â­ÓÀɲz½×¤W¬O¤£À³¸ÓÂ\¦b ports ªº files ªº
+ (À³¸ÓÅý Mozilla ²£¥Í), ¥H«e keith ¬O¦b¦Û¤vªº¹q¸£¤W¥ý¶]¹L¡A
+ µM«á§ì²£¥Í¥X¨Óªº rdf... ³o´N¦n¹³ FreeBSD ªº package, ·|¦³
+ dependency ªº°ÝÃD¡C©Ò¥H§Ú§â³o¨â­ÓÀÉ®×®³±¼, §ï¦¨¦b Makefile
+ ¸ÌÅý mozilla ²£¥Í(³o¼Ë¤~¹³ ports ¹À :P)¡C</para>
+ <para>¤£¹Lª½±µ¨Ï¥Î CIDKeyed-font ¥i¯à¨S¿ìªkª½±µ°e¦Lªí¾÷¦C¦L¡A
+ ­n¸Ñ¨M¦¹°ÝÃD¥i§Q¥Î <command>ps2ps</command> «ü¥O¡A
+ ±N­ì PostScript ¤å¥óÂন¤º´Oªº PostScript ¤å¥ó¡C
+ ³o¼Ë¤l»Ý­n¨â¹D¨BÆJ¡A¨S¿ìªkª½±µ¨ú¥N­ì¦C¦L«ü¥OÄ檺
+ <command>lpr ${MOZ_PRINTER_NAME:+'-P'}${MOZ_PRINTER_NAME}</command>¡A
+ ©Ò¥H´N¥²¶·§ï¦¨¤ñ¸û½ÆÂøªº¤è¦¡¡G</para>
+ <programlisting>
+gs -q -sDEVICE=pswrite "-sOutputFile=/tmp/out.ps" \
+"-dNOPAUSE -dBATCH -dSAFER" && \
+lpr ${MOZ_PRINTER_NAME:+'-P'}${MOZ_PRINTER_NAME} \
+/tmp/out.ps && rm -f "/tmp/out.ps"</programlisting>
+ <para>¦pªG¿ï¾Ü¤F <application>mozilla</application> ·í§@±zªºÂsÄý¾¹¡A
+ ¨º»ò¤@©w­n¸Ë¤@¤U <filename>x11-fonts/mozilla-fonts</filename>
+ ©Î¬O <filename>x11-fonts/webfonts</filename>¡A
+ «eªÌ¬O±Mªù¬° mozilla ©Ò¥´³y¥X¨Óªº pcf fonts¡A
+ «áªÌ«h¬O ms ªº truetype fonts¡C</para>
+ <para>¦pªG­n¬Ý flash ªº¸Ü¤]¥i¥H¸Ë
+ <filename>www/flashplugin-mozilla</filename>¡C</para>
+ <para>¥t¤@­Ó Mozilla ªº¤¤¤å°ÝÃD¬O·í¨Ï¥Î Mozilla ªººô§}¦C¤¤¤å¨Ï¥Î
+ Google ·j´MÅܰݸ¹¦r¦ê¡A¥i¥H³z¹L¥H¤Uªº­×¥¿¤è¦¡¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/X11R6/lib/mozilla/searchplugins</userinput>
+&prompt.root; <userinput>fetch http://www.google.com/mozilla/google.src</userinput></screen>
+ <para>©Î¬O¦w¸Ë <filename role="package">chinese/mozilla-tclp</filename>
+ ¡A³o­Ó port ¤]·|­×¥¿³o¨Ç°ÝÃD¡A¤£¹L¤è¦¡¤££¸¼Ë¡C</para>
+ <para>²{¦bªº mozilla ¤w¸g¨Ï¥Î XFT¡A©Ò¥H¤@¶}©l¨Ï¥Î¥i¯à·|§ä¤£¨ì¦rÅé¡A
+ ¥i¥H¸g¥Ñ <command>env GDK_USE_XFT=0 mozilla &amp;</command>
+ ªº¤è¦¡¨Ó°õ¦æ mozilla Åý¥L¤£±Ä¥Î XFT¡A©Î¬O§Q¥Î
+ <command>fc-cache -f -v</command> ¨Ó³]©w XFT¡C
+ ¦Ó¤¤¤å°¨ÁɧJªº°ÝÃD¥i¥H¥[¸Ë <filename role="package">x11-fonts/webfonts
+ </filename> ¨Ó­×´_¡A©Î¬O¦b¦r«¬¿ï¾Üªº¦a¤è±N
+ <option>Allow documents to use other fonts</option> Ãö³¬¡C</para>
+ <note><para>±`¹J¨ìªº¤p°ÝÃD¬O¤u¨ã¦Cªº¦r«Ü¤p¡A«o¤S¤£ª¾¹D±q¨º½Õ¾ã¡C
+ ¨ä¹ê <application>mozilla</application> ÁÙ¦³ Chrome ªº³]©wÀÉ¡A
+ ¦b <filename>~/.mozilla/default/5e7k96bg.slt/chrome/userChrome.css</filename>¡A
+ ¥u­n³]©w¦p¤U´N¥i¥H¤F¡G</para>
+ <programlisting>/* Make all the default font sizes 16 pt: */
+* {
+ font-size: 16pt !important
+}</programlisting></note>
+
+ <figure>
+ <title>mozilla snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/mozilla" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>L10N WWW: <ulink url="http://www.csie.ntu.edu.tw/~b7506051/mozilla/">
+ http://www.csie.ntu.edu.tw/~b7506051/mozilla/</ulink> </para>
+ <para>WWW: <ulink url="http://www.mozilla.org/">
+ http://www.mozilla.org/</ulink></para>
+ </sect1>
+ <sect1 id="lynx">
+ <title>lynx - console ºô­¶ÂsÄý¾¹</title>
+ <para>¦w¸Ë <filename role="package">www/lynx</filename>¡C</para>
+ <para><ulink url="http://lynx.browser.org/">lynx</ulink> v2.7 ¤§«á¤w¸g
+ ¥iª½±µ±µÆ[¬Ý¤¤¤åªººô­¶¤F¡C </para>
+ <para>¥Ñ©ó³]©wÀɱ`±`¨¾¼g¡A©Ò¥H¥ý¶}±Ò¼gªºÅv­­¡C<command>chmod u+w
+ /usr/local/etc/lynx.cfg</command>¡C </para>
+ <para>°õ¦æ <application>lynx</application>¡A«ö
+ <option>O)ption</option>¡A<option>Display character set
+ </option>¡A«ö¤W¤UÁä¿ï <option>Taipei(Big5)</option>¡A¦A¿ï
+ <option>Assumed document character set</option>¡A«ö¤W¤UÁä¿ï
+ <option>big5</option>¡A ¦A¦sÀɧY¥i¡C </para>
+ <para>©Î¬O­×§ï /usr/local/etc/lynx.cfg </para>
+ <programlisting>
+CHARACTER_SET:big5
+ASSUME_CHARSET:big5
+PREFERRED_LANGUAGE:zh-TW </programlisting>
+ <para>§í©Î¬O lynx -assume_charset=big5 -assume_local_charset=big5¡C</para>
+ <figure>
+ <title>lynx snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/lynx" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>lynx WWW: <ulink url="http://lynx.isc.org/current/">
+ http://lynx.isc.org/current/</ulink> </para>
+ </sect1>
+
+ <sect1 id="w3m">
+ <title>w3m - console ºô­¶ÂsÄý¾¹</title>
+ <para>¥Ø«e¤ñ¸û±`¥Î¡A¥B¤ä´©¤¤¤åªº console ÂsÄý¾¹¦³ lynx ©M
+ w3m ¨â®M¡AÁöµM lynx ¦b³B²zºô­¶¤W¨Ã¤£¬O«Üº}«G¡A
+ ¤£¹L¨Ï¥Îªº¤H¤f¤£¤Ö¡A©Ò¥HÁÙ¬O¤¶²Ð¤@¤UÃö©ó¤¤¤å¤è­±ªº³]©w¡C</para>
+ <para>¤£¹L«Øij±z¨Ï¥Î <application>w3m</application>¡A
+ <application>w3m</application> ¦b±Æª©ªº³¡¥÷¤ñ
+ <application>lynx</application> ¦n«Ü¦h¡C </para>
+ <para>¦w¸Ë <filename role="package">www/w3m</filename>¡C</para>
+ <para>w3m WWW: <ulink url="http://w3m.sourceforge.net/">
+ http://w3m.sourceforge.net/</ulink> </para>
+ </sect1>
+
+ <sect1 id="links">
+ <title>links - ²{¦bªº¹w³] console ÂsÄý¾¹</title>
+ <para>¦w¸Ë <filename role="package">chinese/links</filename>¡A
+ ³o¥]§t¤¤¤å­×¸ÉÀÉ¡C</para>
+ <para>¦b <option>-g</option> ªº¼Ò¦¡¤UµLªk¥¿½Tªº¬Ý¨ì¤¤¤å¡C</para>
+ </sect1>
+
+ <sect1 id="netscape">
+ <title>netscape [OBSOLETED]</title>
+ <para>netscape47-* linux-netscape47-*</para>
+ <itemizedlist>
+ <listitem><para>
+ §¹¾ã¤¤¤å¤ä´©¡A·PÁ³\¦h¥ý¶iªºÀ°¦£¡A¿ï³æ/³]©w/°T®§¥þ³£¬O¤¤¤å
+ ¡A¨S¦³¥Î¨ì¥ô¦ó hack ¨Ó­×¥¿¶Ã½Xªº°ÝÃD¡A¦ÛµM´N¤£·|¥X²{¤@°ïª¬
+ ªp¡C
+ </para></listitem>
+ <listitem><para>
+ ¤À¦¨ <application>communicator</application> &
+ <application>navigator</application>¡A¥i¥H¿ï¾Ü¾A¦Xªº¡A¨Ã¥B³o¼Ë¤ñ
+ ¸û²Å¦X official port layout¡A¥H«á­n¥[ slave port ·|¬Û·í®e
+ ©ö¡C
+ </para></listitem>
+ <listitem><para>
+ ¦WºÙ§ï¦¨¹³
+ <application>zh-tw-netscape-communicator-4.75</application> ©Î
+ zh-cn-netscape-...¡A¥Ø«e¼È®É§â¤ä´©¤j³° GB ªº³¡¥÷®³±¼¡A¦pªG
+ ¦³¤H»Ý­n²Åé¤ä´©¦A¥[¤W¥h¡C
+ </para></listitem>
+ <listitem><para>
+ ¥[¤J Big5 ª©ªº <application>nethelp</application>¡A³o³¡¥÷¬O±q
+ <application>Netscape</application> ºô¯¸®³¤U¨Óªº¡A
+ ©Ò¥H¤£·|¹³ <application>sysware</application>
+ ªºÂ½Ä¶·|¦³ª©Åv°ÝÃD¡A"»²§U-&gt;¤º®e" ´N¥i¥H¬Ý¨ì
+ <application>nethelp</application>¡C
+ </para></listitem>
+ <listitem><para>
+ ·s¼W <filename>netscape.cfg</filename>¡C¥Ñ©ó
+ resource ÀɨS¿ìªk±N¥kÃ䪺»²§U¿ï³æÂন¤¤¤å¡A¥²¶·¥Î
+ <filename>netscape.cfg</filename> ¤~¬Ý±o¨ì¡C
+ </para></listitem>
+ <listitem><para>
+ <filename>preferences.js</filename>¡A«ü©w¤º©w¨Ï¥Îªº»y¨¥©M¦r«¬¡C
+ </para></listitem>
+ <listitem><para>
+ Wheel Mouse ³]©w¡C
+ </para></listitem>
+ <listitem><para>
+ Navigator/Composer root/overthespot XIM input styles.
+ </para></listitem>
+ </itemizedlist>
+ <para>¥i¥H¥[±jªº¦a¤è¡G</para>
+ <itemizedlist>
+ <listitem><para>
+ ¤¤¤å Java applet ¸ê·½¦Y¤Ó¥û
+ </para></listitem>
+ <listitem><para>
+ ¶}Àɮ׮ɡAnetscape47-* ·|ª½±µ¸õ¨ì®Ú¥Ø¿ý¡Alinux-netscape47-*
+ «Ü¥¿¡H¦ý·|º|ÀÉ®×(³oÀ³¸Ó¬O linuxulator ªº°ÝÃD)¡A¤£¹L
+ <application>ja-netscape</application> ¨S¦³³oºØ°ÝÃD¡A¬Ý¨Ó¬O
+ <filename>Netscape.ad/netscape.cfg/preference.js</filename>
+ ªº³]©w¡C
+ </para></listitem>
+ <listitem><para>
+ ¦C¦L¥Îªº¦r«¬³Ì¦n§ï¦¨¤ñ¸ûº}«Gªº <application>arphic</application>
+ ¡A¦Ó¤£¬O²{¦bªº
+ <application>moe</application>¡C
+ </para></listitem>
+ </itemizedlist>
+ <para>
+ <application>netscape</application> ©M
+ <application>linux-netscape</application> ¤£¦Pªº¦a¤è¡G
+ </para>
+ <itemizedlist>
+ <listitem><para>
+ <application>linux-netscape</application> ¦³¤ñ¸û¦hªº
+ <application>plugin</application>¡A¹³
+ <application>acrobat realplayer</application>¡A
+ <application>netscape</application> ­n¥[ÃB¥~ªº³nÅé¡A¹³
+ <application>plugger</application> ©Î
+ <application>xswallow</application>
+ (¤]³\¥H«á¥i¥H¥[¶i³o¨Ç³]©wÀÉ)
+ </para></listitem>
+ <listitem><para>
+ ¥Ø«e port ¤U¸Ëªº XFree86 a.out library ¥Ñ©ó¬O°w¹ï FreeBSD
+ 2.x ªºª©¥»¡A©Ò¥H³B²z Big5 ÁÙ¬O¦³°ÝÃD(¨S¦³ GLGR patch)¡A¥²
+ ¶·­n§@­Ó·sªº libX11¡A¦w¸Ë¤W·|¤ñ¸ûªá®É¶¡¡C
+ </para></listitem>
+ </itemizedlist>
+ <para>
+ WWW: <ulink url="http://www.netscape.org/">
+ http://www.netscape.org/</ulink> </para>
+ </sect1>
+
+ <sect1 id="iglooftp">
+ <title>IglooFTP</title>
+ <para>³o­Ó³nÅé³Ì¥D­nªº¯SÂI´N¬O®e©ö¨Ï¥Î¡A¨Ã¥B¹ïªì¾Ç FTP
+ ªÌ¦³µÛª½Ä±¤Æªº¾Þ§@³]­p¡C¦Ó¦Ñ¤â­Ì¤]¥i¥Hµo²{¥L¥\¯à±j¤j¡B
+ ¥i¥H½Õ¾ã³\¦h³]©w¿ï¶µ¡A¥H²Å¦X¸gÅç¦Ñ½mªº¨Ï¥ÎªÌ­Ìªº»Ý¨D¡C </para>
+ <para>«Ü¦hªº¿ï¾Ü¶µ³£¥iÂI¿ï¬ÛÃöªº¹Ï¥Ü¨Ó§¹¦¨¡A¦³§Ö³tªº¤u¨ã¦C¡B
+ §Ö³t³s½u¦C¡B©M¥»¦aºÝªº¹Ï§Î¤Æ¥Ø¿ýÂsÄýµøµ¡¡Aº}«GªºÀɮ׬ÛÃö¹Ï¥Ü¡A
+ ¨Ã¥BÁÙ¦³ Netscape ªº¤p¤u¨ã¦C¡C </para>
+ <para>³s½uªº¸ê®Æ®wºÞ²z¤W¡A¨Ï¥Î¤F¾ðª¬¶¥¼h¦¡ªº¯¸¥x¤èªk¡A¨C¤@­Ó ftp
+ site ¥H¤Î group ªº¸ê®Æ³£¯à«Ü®e©ö¦a³Q½Õ¾ã¡C¥t¥~ÁÙ¦³¤£¦P¨Ï¥ÎªÌ
+ (user profile)ªººÞ²z¡B»·ºÝ±±¨î¤@¥x FTP server ¨ì FTP client
+ ¶Ç¿é¸ê®Æ(FXP transfers)¡BURL °Å¶K襤ªººÊ±±¡B¨¾¤õÀ𪺤䴩¡]
+ ¥]¬A¤FSOCKS 5¡Bftp-gw¡BWinGate proxyµ¥µ¥¡^¡B»·ºÝ¥Ø¿ýªº§Ö¨ú¥\¯à
+ ¡B¦î¦C(queue)ºÞ²z¡BÁÙ¦³³\¦h¶i¶¥ªº¨Ï¥ÎªÌ©R¥Oµ¥µ¥¡C </para>
+ <para>¦w¸Ë <filename role="package">ftp/IglooFTP</filename>¡C</para>
+ <para>¦w¸Ë§¹¦pªGµo²{¿ï¶µ¤¤¤å¦³°ÝÃD¡AÀ˹î¤@¤U¬O§_¦³³]©w
+ <filename>~/.gtkrc</filename>¡A¦pªG¨S¦³½Ð°Ñ¦Ò
+ <link linkend="gnome">GNOME µ{¦¡ªº¤¤¤å¤ä´©</link>¡C</para>
+ <figure>
+ <title>IglooFTP snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/IglooFTP" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para> WWW: <ulink url="http://www.littleigloo.org/iglooftp.php3">
+ http://www.littleigloo.org/iglooftp.php3</ulink> </para>
+ </sect1>
+
+ <sect1 id="gftp">
+ <title>gftp - gtk ftp</title>
+ <para>¦w¸Ë <filename role="package">ftp/gftp</filename>¡A
+ ¥i¥H¥Î <option>WITH_GTK2=yes</option> ¨Ó¸Ë GTK2 ªºª©¥»¡C </para>
+ </sect1>
+
+ <sect1 id="ncftp3">
+ <title>NcFTP3</title>
+ <para>·í§Ú­Ì¦b¥Î³\¦h¤å¦r¤¶­±ªºFTPµ{¦¡®É¡A±`¬°¤F­n§ì¤@­ÓÀɩάO¤@­Ó¥Ø¿ý
+ ¡A©¹©¹´N­n¿é¤J¤@¨Ç¤S¯ä¤Sªøªº¦WºÙ¡A¦ý¦pªG§Ú­Ì¨Ï¥Î¤F NcFTP¡A
+ ±z¥u­n¿é¤JÀɦW©Î¥Ø¿ý¦Wªº«e´X­Ó¦r¤¸¡A¥¦´N·|¦Û°ÊÀ°±z·j´MÀɮשÎ
+ ¥Ø¿ýªº¦WºÙ¡A¨Ï±z´î¤Ö¤F³\¦h¥´¦rªº®É¶¡¡C </para>
+ <para>¤£¥u¦p¦¹¡A·í±zı±o¤@­Ó FTP ¯¸¤£¿ù¡A±z¤]¥i¥H¥Î NcFTP
+ §â³o­Ó¯¸°O¿ý¤U¨Ó¡A¤£¶È¥¦¥i¥H°O¿ý±b¸¹©M±K½X¡A
+ ¥¦³s¸ô®|¤]¤@¨Ö°O¤U¤F¡A·í±z¤U¤@¦¸·Q³s¦^­ì¯¸®É¡A
+ ¥u­n¦A±q¿ï³æ¤¤¿ï¤@¤U¡A´N¥i»´ÃPªº³s¦^¥h¡C </para>
+ <para>°£¦¹¤§¥~¡ANcFTP ¤]¾Ö¦³¤£¤Ö¤p¥\¯à¡A¥¦¥i¥H½u¤W¬Ý¤å¦rÀÉ¡A
+ ½u¤W¥h§ïÅÜÀɮתº¦s¨úÅv­­©Î¦WºÙ¡C¦Ó·í±z¥Î NcFTP ¶Ç¿é¤jÀɮ׮ɡA
+ ±z¥i¥H§â¥¦¥á¤J­I´º°õ¦æ¡A¨Ï±zÂsÄýÀɮתº°Ê§@¤£·|¤¤Â_¡C
+ ¦pªG±z·Q­n¥Î³Ì°ò¥»ªº FTP ¶Ç¿é»y¨¥´ú¸Õ»·ºÝ¦øªA¾¹¡A¤]¥i¥H¥Î NcFTP¡C</para>
+ <para>¤]¬O¦b²×ºÝ¾÷©³¤U¥i¥H¿é¤J¤¤¤åªº FTP ³nÅé¡A¤£¹Lª©¥»­n¬O 3.0.2
+ ©Î¬O¤§«áªºª©¥»¡C </para>
+ <para>¦w¸Ë <filename role="package">ftp/ncftp3</filename>¡C</para>
+ <para>¦b NcFTP ¤W¨Ï¥Î <command>ls</command> ¥i¥H¥¿±`ªº¬Ý¨ì¤¤¤å¡A
+ ¥i¬O <command>lls</command> «o¤£¯à¡A¦Ó¥B¦³¯S®í¦r¤¸®É¤]·|¤£¥¿±`¡A
+ ©ó¬O¦³¥H¤Uªº¸Ñªk¡A¦b±Ò°Ê®É¥[¤W <option>env
+ LC_CTYPE=en_US.ISO_8859-1</option>¡A¦b¶Ç¯S®íÀɮ׮ɥ[¤WÂù¤Þ¸¹¡C</para>
+ <programlisting>
+env LC_CTYPE=en_US.ISO_8859-1 ncftp3 -u statue localhost
+ncftp /usr/home/statue &gt; mkdir "¦¨¥\"
+ncftp /usr/home/statue &gt; ls
+¦¨¥\/
+ncftp /usr/home/statue &gt; lls
+¦¨¥\/</programlisting>
+ <figure>
+ <title>ncftp3 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/ncftp3" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.NcFTP.com">
+ http://www.NcFTP.com</ulink> </para>
+ </sect1>
+
+ <sect1 id="bbsnet">
+ <title>bbsnet - BBS ¸ó®ü¤j¾ô</title>
+ <para><application>bbsnet</application> ¬O BBS ¥H«e±`´£¨Ñªº¤@¶µªA°È¡A
+ «á¨Ó¦]¬°ºÞ²z¤Wªº°ÝÃD¡A²{¦b¤ñ¸û¤Ö¨£¤F¡C
+ ¥¦´£¨Ñ¤FÃþ¦ü®ÑÅÒªº¥\¯à¡A¯à§Ö³tªºÅý±z³sµ²¨ì±`¥Îªº BBS ¯¸¥x¡C</para>
+ <para>¦w¸Ë <filename role="package">net/bbsnet</filename>¡C</para>
+ <figure>
+ <title>bbsnet snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/bbsnet" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://linux.ee.tku.edu.tw/~kids/">
+ http://linux.ee.tku.edu.tw/~kids/</ulink></para>
+ </sect1>
+
+ <sect1 id="qterm">
+ <title>qterm - ¦n¥Îªº BBS ³s½u³nÅé</title>
+ <para><application>qterm</application> ¬O¥Ø«e¦b Unix ¤¤¡A
+ Áٺ⤣¿ùªº BBS ³s½u³nÅé¡A¥Ñ qt ¨ç¦¡®w¼g¦¨ªº¡A
+ °£¤F¦w¸Ë»Ý­n qt ¥~¡A¨ä¾l¦b¨Ï¥Î¤W³£Áٺ⤣¿ù¡A
+ ¦Ó¥B¤ä´© auto-reply¡Aanti-idle¡A¥t¥~ÁÙ¦³ Mouse Support¡A
+ ¥i¥H¤£»Ý­n«öÁä½L´N¥i¥H¦b BBS ¤¤¬Ý¤å³¹¡A¿ï¾Ü°Q½×°Ï¡A
+ ¾ãÅé¤W¦Ó¨¥¡A³o¬O¤@®M«Ü¾A¦X BBS ¨Ï¥Îªº³s½u³nÅé¤F¡C</para>
+ <para>¥Ø«e³o®M³nÅé¤w¸g¦b ports ¤¤¤F¡A¥i¥H«Ü¤è«Kªº¦w¸Ë¡C</para>
+ <para>¦b qterm-1.x ¦r«¬¿ï¾Ü¤W¡Aµ§ªÌ°¾¦n¨Ï¥Î sony-fixed¡A¤]´N¬O¦b¿ï¶µªº
+ Fixed[sony]¡A¨ä¥Lªº TrueType ³£¦]¬°¦r¶Z¤£©T©w¡A
+ ®e©ö³y¦¨µe­±¦³¨Ç¦r·|¯}¸H¡C</para>
+ <para>¤£¹L qterm-2.x ¤w¸g¥i¥H¨Ï¥Î¤å¹©¦rÅé¤F¡A
+ ­^¤å¤¶­±¥i¥H¦b <option>View -> Language -> Traditional Chinese</option>
+ ¤¤¤Á´«¦¨ÁcÅ餤¤å¡A¤£¹L­nÃö³¬«á­«·s¶}±Ò¡C</para>
+ <para>¦Ó¤¤¤åªº¿é¤J©MÅã¥Ü¤]»Ý­n³]©w¡A¹w³]¬O GBK¡A
+ ¸g¥Ñ <option>Option -> Preference -> Input Method ¿ï¾Ü Big5</option>
+ ¡A¥H¤Î <option>¦b¨C­Ó³s½uªº Advanced -> Display -> BBS Encoding ¿ï¾Ü BIG5¡ADisplay Code ¿ï¾Ü BIG5</option> §Y¥i¡C</para>
+ <figure>
+ <title>qterm snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/qterm" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://sourceforge.net/projects/qterm/">
+ http://sourceforge.net/projects/qterm/</ulink></para>
+ </sect1>
+
+ <sect1 id="telnet">
+ <title>telnet - Telnet ªº¤¤¤å°ÝÃD</title>
+ <para>¦pªG±z¦b¦Û¤vªº¾÷¾¹¤W¥i¥H¿é¤J¤¤¤å¡A¦ý
+ <application>telnet</application> ¨ì§Oªº¾÷¾¹«á«oµL
+ ªk¿é¤J¤¤¤å¡A¨º»ò°ÝÃD¥i¯à¥X¦b
+ <application>telnet</application> µ{¦¡¤W¡C
+ ·í±zÁÙ¦b <application>telnet</application> ³s½u¤¤®É¥i¥H«ö
+ <command>Ctrl-]</command> ¸õ¥X¡A¦b
+ <prompt>telnet&gt;</prompt> ´£¥Ü²Å¸¹¤U¿é¤J
+ <command>set binary</command> §Y¥i¡C
+ ©Î¬O¦b <filename>~/.telnetrc</filename> ¥[¤W
+ <option>DEFAULT set binary</option>¡C
+ ±z¤]¥i¥H¦b³s½u®É¥Î <command>telnet -8 host -port</command>¡C
+ ¦ý¬O¦b³s¬Y¨Ç SunOS ®É·|¥X°ÝÃD¡C
+ <para>¥t¤@­Ó¿ìªk¬Oª½±µ§ï¥Î¥i¶Ç¿é 8-bit ªº
+ <application>telnet</application> µ{¦¡¡A¤]´N¬O¦w¸Ë¦b ports
+ ¤¤ªº <filename role="package">chinese/telnet</filename>¡A
+ µM«á¥Î <command>zh-telnet</command> ¨Ó³s½u¡C </para>
+ <para>¦b¦w¸Ë <filename role="package">chinese/telnet</filename> «e¡A
+ ¥²¶·¥ý¦³ <filename>/usr/src/usr.bin/telnet</filename>¡A
+ §_«h·|¥X²{¥H¤Uªº°T®§¡G</para>
+ <screen>
+===&gt; zh-telnet-1.0 is marked as broken: You need to build this port with
+/usr/src/usr.bin/telnet.</screen>
+ <para>¥H¤U¬O±q¥úºÐ¾÷¦w¸Ë /usr/src/usr.bin/telnet¡G</para>
+ <screen>
+&prompt.root; <userinput>mount /cdrom</userinput>
+&prompt.root; <userinput>cd /cdrom/src/</userinput>
+&prompt.root; <userinput>./install.sh ubin</userinput></screen>
+ <para>µM«á¦A¨ì ports ©³¤U¦w¸Ë <filename role="package">chinese/telnet</filename>¡C</para>
+ <para>WWW: <ulink url="http://www.freebsd.org/cgi/query-pr.cgi?pr=6144">
+ http://www.freebsd.org/cgi/query-pr.cgi?pr=6144</ulink> </para>
+ </sect1>
+
+ <sect1 id="licq">
+ <title>licq - ICQ clone</title>
+ <para>¥¦¬O¤@­Ó¥Î C++ »y¨¥¼¶¼gªº«D©x¤è ICQ clone¡C</para>
+ <para>¸Ë§¹ <filename>ports/net/licq</filename> «á¡A
+ ¿ï¾Ü <filename>ports/net/licq-console</filename>
+ ©Î¬O <filename>ports/net/licq-qt-gui</filename> ¨Ó¦w¸Ë¡C</para>
+ <para>licq-qt-gui ¤¤¤å³]©w: System -&gt; Options -&gt; Font -&gt; Select Font
+ -&gt; Chinese Font</para>
+ <figure>
+ <title>licq snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/licq" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.licq.org/">
+ http://www.licq.org/</ulink> </para>
+ </sect1>
+
+ <sect1 id="gaim">
+ <title>gaim - ICQ, MSN Clone</title>
+ <para><application>gaim</application> ¤ä´©¤Q¤À¦hºØ®æ¦¡ªº½u¤W·¾³q³nÅé¡C</para>
+ <para>¥Ñ©ó¥Ø«e ports/net/gaim ÁÙ¤£¤ä´© I18N¡A©Ò¥H½Ð¥Î ports/korean/gaim
+ ¼È®É´À¥N¡C</para>
+ <para>¦w¸Ë <filename role="package">net/gaim</filename>¡C</para>
+ <para>Blishs ¨Ó«H§iª¾¡A
+ ¥Ø«e <filename>net/gaim</filename> ¤w¸g¤ä´© I18N¡C
+ ¦b§Ú´ú¸Õ«áµo²{¥i¥H¡A¤£¹L­n³]©w¤@¨ÇªF¦è¡G
+ ¤u¨ã -> °¾¦n³]©w -> ¥æ½Í -> ©¿²¤¦r«¬¡C</para>
+ <para>¦pªG¿ï³æ¤¤¤å¦³°ÝÃD¡A½Ð°Ñ¦Ò
+ <link linkend="gnome">GNOME µ{¦¡ªº¤¤¤å¤ä´©</link>¡C</para>
+ <para>­n¨Ï¥Î ICQ ´Nª½±µ¦b±b¸¹»P±K½Xªº¦a¤è³]©w¦n ICQ ªº±b¸¹¡A
+ ³q°T¨ó©w«h¬O¿ï¾Ü¡G<option>AIM / ICQ</option>¡A
+ ¨ä¥L¨Ï¥Î¹w³]­È§Y¥i¡C</para>
+ <para>­n¨Ï¥Î MSN «h¦bµn¤Jµe­±¥ý¿ï¾Ü <option>´¡¥ó(Plugin)</option>¡A
+ ¿ï¾Ü <option>Ū¨ú</option>¡A¨Ã±N <option>libmsn.so</option>
+ ¿ï¾Ü¶i¨Ó¡A³o»ò¦b³q°T¨ó©w´N·|¦h¤@­Ó MSN ªº¿ï¶µ¡C
+ ±µµÛ¦b±b¸¹»P±K½Xªº¦a¤è³]©w¦n MSN ªº±b¸¹¡A
+ ³q°T¨ó©w«h¬O¿ï¾Ü¡G<option>MSN</option>¡A¨ä¥L¨Ï¥Î¹w³]­È§Y¥i¡C</para>
+ <para>¶i¤J«á¡A¤¤¤å¦rÅé¦b±µ¦¬°T®§ªº³¡¥÷·|¦³°ÝÃD¡A
+ ¤u¨ã -> °¾¦n³]©w -> ¥æ½Í -> ©¿²¤¦r«¬¡A³o¼Ë¤l°µ´N¥i¥H¸Ñ¨M¤F¡C</para>
+ <para>¦pªG¹J¨ìÅã¥Ü¦r«¬¹L¤pªº°ÝÃD¡AÀ˹î¤@¤U <filename>~/.gtkrc</filename>
+ ¡A³q±`§Úªº¦r«¬³£¬O³] 16¡C</para>
+ <para>gaim 0.58 ªº¹w³]¹Ï¥Ü¦³ÂI¤j¡A¥i¥H
+ <option>°¾¦n³]©w -> ¤¶­± -> ¦n¤Í²M³æÅã -> Åã¥Ü¦n¤Í¹Ï¥Ü</option>¡C</para>
+ <para>­Y¬O²ßºD¨Ï¥Î KDE ¤¶­±ªº¸Ü¡A¥i¥H¨Ï¥Î
+ <filename role="package">net/kmerlin</filename> ©Î¬O
+ <filename role="package">net/kmess</filename>¡C</para>
+ <figure>
+ <title>gaim snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/gaim" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <figure>
+ <title>kmerlin snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/kmerlin" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.marko.net/gaim/">
+ http://www.marko.net/gaim/</ulink></para>
+ </sect1>
+
+ <sect1 id="perl-oicq">
+ <title>oicq - ÄË°T QQ</title>
+ <para>³Ì·sª©¥»¡GVersion 0.7, Date June 29, 2003</para>
+ <para><application>oicq</application> ¬O¤@®M¦b¤¤°ê¤Q¤À¬y¦æªº§Y®É¶Ç°TªA°È¡A
+ ´N¹³¬O ICQ¡BMSN ¤@¼Ë¡A¤£¹L¦b¤¤°êªº¥Î¤á¸s»·°ª¹L¨ä¥L§Y®É¶Ç°T¡A
+ ¦ý¬O<ulink url="http://www.tencent.com/">ÄË°T</ulink>
+ ªº¬Fµ¦Åý²Ä¤T¤è¼t°Ó§¹¥þµLªk¤¶¤J¡AÁöµM¦³ gaim ªº libqq ¼Ò²Õ¡A
+ ¦ý¬O¦bÀ£¤O¤U¤£¯à¶}©ñ­ì©l½X¡A¦]¦¹¤]¨S¦³¿ìªk¶¶§Qªº¦b FreeBSD ©³¤U¨Ï¥Î¡C
+ perl-oicq §ä¥X¤F»{ÃÒ»P°ò¥»ªº·¾³q¤è¦¡¡A
+ §Q¥Î perl ¥i¥H²³æªº¦b¤å¦r¤¶­±¤W¨Ï¥Î QQ¡A¥\¯à¬O¨S¦³¹Ï§Î¤¶­±ªº±j¡A
+ ¤£¹L°ò¥»ªº¨Ï¥ÎÀ³¸Ó¨¬°÷¡C</para>
+ <note><para>¥Ñ©ó <application>oicq</application> »Ý­n perl 5.6 ¥H¤Wªºª©¥»¡A
+ ¦]¦¹»Ý­n¥ý¦w¸Ë <filename role="package">lang/perl5</filename>¡A
+ ¨Ã¥B¤U <command>use.perl port</command> ¨Ó±Ò¥Î¡C</para></note>
+ <para><application>oicq</application> ªº¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/oicq</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>°ò¥»ªº¨Ï¥Î¡G</para>
+ <screen>
+&prompt.root; <userinput>setenv OICQ_PW your_password_of_oicq</userinput>
+&prompt.root; <userinput>oicq your_id_of_oicq</userinput>
+&prompt.root; <userinput>/help</userinput></screen>
+ <para>WWW: <ulink url="http://sourceforge.net/projects/perl-oicq/">
+ Perl OICQ</ulink></para>
+ </sect1>
+
+ <sect1 id="bluefish">
+ <title>bluefish - ºô­¶½s¼g</title>
+ <para>¥H¼ÐÅÒ¨Ó½s¼gºô­¶¡AÁöµM¤£¦ü·L³nªº Front Page
+ ©Ò¨£§Y©Ò±o¯ë¤è«K¡A¥B¦b½s¼gºô­¶¤§«e¡A»Ý¹ï©Ò¦³ªº¼ÐÅÒ¦³©Ò»{ÃÑ¡A
+ «o¥i¥H§¹¥þªº´x±±¾ãªººô­¶¡AÅý±zªººô­¶¯à¾Ö¦³³Ìºë²ªº¤º®e¡A
+ ¤@ÂI³£¨S¦³¦h¾lªºµ{¦¡¡C </para>
+ <para>ÀHµÛ®É¥Nªº¶i¨B¡A°£¤F Html ¤§¥~¡AÁÙ¦³ PHP¡BXML¡BSSI¡BWML
+ µ¥µ¥ªº¥X²{¡C¦b BlueFish ¤¤¡A¤]§¹¾ãªº§e²{¥X¨Ó¡A°t¦XµÛ¼ÐÅÒ¡B
+ ºëÆFµ¥µ¥ªº¤Þ¾É¡AÅý±z¹F¨ì±z·Q­nªººô­¶¡C¤×¨ä¬O¹ï©ó
+ PHP3¡BSSI¡BXML §ó´£¨Ñ¤F¬ÛÃöªº¨ç¦¡¥i¨Ñ¯Á¤Þ¡AÅý±z¦b½s¼g¹Lµ{¤¤¡A
+ ¯à§ó®e©öªº¨Ï¥Î¡C³s³Ìªñ¬Û·í¼öªùªº WAP ¤â¾÷¥Îªº WML ºô­¶®æ¦¡¡A¦b
+ BlueFish ¤¤¤]¦³´£¨Ñ¹ïÀ³ªº¥\¯à¡C </para>
+ <para>³o­Óºô­¶½s¼g³nÅé¡A¬O«Øºc¦b GTK ¤Wªº¡A©Ò¥H¦b¦w¸Ë¥»³nÅ餧«e¡A
+ »Ý¦³ GTK+1.2 ¥H¤Wªºª©¥»¡C </para>
+ <para>¦w¸Ë <filename role="package">www/bluefish</filename>¡C</para>
+ <para>³]©wÀɪº³¡¤À¤]­n­×§ï¤@¤U¡A§ï $HOME/.bluefish/rcfile ¤¤ªº
+ editor_font ©M fontset¡C</para>
+ <programlisting>
+editor_font: 8x16,-*-16-*-big5-0
+fontset: 1</programlisting>
+ <figure>
+ <title>bluefish snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/bluefish" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://bluefish.openoffice.nl/">
+ http://bluefish.openoffice.nl/</ulink>
+ </para>
+ </sect1>
+
+ <sect1 id="tin">
+ <title>tin - ·s»D°Q½×¸s¾\Ū¾¹</title>
+ <para>·s»D¸s²Õ(Newsgroups)¬O¬[³]¦b News server ¤Wªº¤@­Ó°Q½×¶é¦a¡A
+ ¥¦¤À¬°«Ü¦hª©¡A¨C­Ó¤H¥i¥H¾\Ūª©¤W§O¤H©Ò¥Zµnªº°Q½×«H¥ó¡A
+ ¤]¥i¥H¦Û¤v¥Zµn¦Û¤vªº°Q½×«H¥ó¡A©Î¦^ÂЧO¤Hªº°Q½×«H¥ó¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/tin</filename>¡C</para>
+ <para><application>tin</application> ¬O¤@­Ó¤w±N©Ò¦³°T®§¤¤¤å¤Æªº
+ ·s»D°Q½×¸s¾\Ū¾¹(news reader)¡C
+ °õ¦æ <application>tin</application> «e¥²¶·¥ý³]©wÀô¹ÒÅܼÆ
+ $NNTPSERVER «ü¦V±z·Q¨Ï¥Îªº·s»D¦øªA¾¹¡G </para>
+ <screen>
+&prompt.root; <userinput>setenv NNTPSERVER news.tw.freebsd.org</userinput> </screen>
+ <para>¨Ã³]©w alias¡A
+ <command>alias tin 'env LC_CTYPE=en_US.ISO_8859-1 tin'</command>¡C </para>
+ <para>µM«á°õ¦æ <command>tin -r</command> §Y¥i¡C</para>
+ <para>¦b news.freebsd.tw.org ¤¤¦³©Ò¦³ FreeBSD ªº mailing list¡A
+ ¥u­n¥Î <command>y</command> ´N¥i¥H¦C¥X©Ò¦³ªº mailing list¡A
+ µM«á¥Î <command>s</command> ¨Ó­q¾\¡C</para>
+ <figure>
+ <title>tin snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/tin" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.tin.org/">
+ http://www.tin.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="tintin">
+ <title>tintin++ - MUD ¤u¨ã</title>
+ <para><application>TinTin++</application> ¨Ã«D¤¤¤å³nÅé¡C
+ ¥¦¥u¬O¦b±zª±¤¤¤å mud ®É«D±`ªº¦³¥Î¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/tintin++</filename>¡C</para>
+ <para>¤U­±¬O¤@¨Ç¤¤¤å mud ¯¸¡G</para>
+ <programlisting>
+FengYun fengyun.com 5555
+Xi You Ji 129.105.79.24 6905
+Xia ke Xing 207.76.64.2 5555 </programlisting>
+ <para>¥H <command>tt++</command> ¨Ó±Ò°Ê¡A¶i¥h«á¥i¥H¥Î
+ <command>#help</command> ¨ÓÀò±o¤@¨Ç«ü¥O¡AµM«á¥Î
+ <command>#help command</command> ¥i¥Hª¾¹D§ó¦hªº¨Ï¥Î¤è¦¡¡C
+ µM«á¥Î <command>#end</command> ¨ÓÂ÷¶}¡C</para>
+ <figure>
+ <title>tintin++ snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/tintin++" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://mail.newclear.net/tintin/index.html">
+ http://mail.newclear.net/tintin/index.html</ulink> </para>
+ </sect1>
+
+ <sect1 id="xchat">
+ <title>xchat</title>
+ <para>IRC ¥i»¡¬O§ä§Ó½ì¬Û§ëªº¤H²á¤Ñªº³Ì¦n¦a¤è¡A¥i¬O¬°¤FÅý²á¤Ñ§ó¦³½ì¡A
+ IRC ªº«ü¥O¤]¤Q¤À¤§¦h¡A³o®É¨Ï¥Î¤@­Ó²á¤Ñ³nÅé¬O¤ñ¸û¤è«Kªº¡C</para>
+ <para>¥Ø«e¥xÆW BSD ±Ú¸s»E·|ªº IRC ³q±`³£¦b irc.seed.net.tw »P
+ irc.hinet.net ªº #bsdchat CHANNEL ¤¤¡A¥Ñ©ó¤§«e
+ irc.hinet.net ¤£Ã­¡A¥Ø«e¤j®a³£§b¦b irc.seed.net.tw ¤¤¡C</para>
+ <para>¦Ó <application>XChat</application> ´N¬O¨ä¤¤¤@­Ó¤£¿ùªº¿ï¾Ü¡A
+ ¥¦ªºª¬ºA¿ï³æ¤Q¤À¤§¦h¡A¬O¥¦ªºªº¤@¶µ¯S¦â¡A¹³¬O±z­Ó¤Hª¬ºA¡B
+ ­Ó¤Hª¬ºA¥Î¿ï³æ¡B¦UºØª¬ºAµøµ¡¡A·íµM³Ì°ò¥»ªº IRC Channel
+ ªº¦Cªíµøµ¡¤]¦³¡A¦Ó¥BÁÙ¥i¥H³]©w Channel ¤H¼Æªº¤U­­¡A
+ ³o¼Ë´N¥i¥HÂo±¼¤@¨Ç¤H¼Æ¤Ó¤ÖªºChannel¡BÂ_½u­«³sª`·N¦W³æ¡C</para>
+ <para>¥t¥~¡A<application>XChat</application> ¼öÁä¤]§@ªº¤Q¤À¤£¿ù¡A
+ <command>F1¡ãF10</command> ¨C­ÓÁä³£¥i¥H©w¸q¬°¼öÁä¡A
+ ¦Ó¦bµøµ¡¥kÃä¤]¦³¼öÁä¡A
+ ¦Ó¥¦­Ì¤]³£¥i¥H­«·s©w¸q¡A¦Ó±z¥i¥H¥u¥Îµøµ¡ªº¤W¤è¤u¨ã¦C¡A
+ §ó§ï±z¦Û¨­ªº¥þ³¡ª¬ºA¡A¦pªG±z¬OOp¡]ºÞ²zªÌ¡^¡A
+ ¨º»ò¦b¤u¨ã¦C¤W´N¥i¥H§ó§ï²á¤Ñªº¥DÃD¤F¡AÅý±z²á¤Ñ´X¥G³£¤£»Ý­n¥´«ü¥O¡D</para>
+ <para>¦w¸Ë <filename role="package">irc/xchat</filename>¡C</para>
+ <para>¦w¸Ë§¹ <application>xchat</application>
+ «á¡A¥Dµe­±ªº¦a¤èÁÙ¤£¬O¤¤¤åªº¡A¥u»Ý­n§ï¤@¤U³]©w´N¥i¥H¤F¡C</para>
+ <procedure>
+ <step><para>³]©w(S)</para></step>
+ <step><para>Setup</para></step>
+ <step><para>Channel Windows</para></step>
+ <step><para>Use gdk_fontset_load ¥´¤Ä</para></step>
+ <step><para>Font: ªº³¡¥÷¿ï¥Î fixed(kc)</para></step>
+ </procedure>
+ <procedure>
+ <step><para>³]©w(S)</para></step>
+ <step><para>Setup</para></step>
+ <step><para>Dialog Windows</para></step>
+ <step><para>Use gdk_fontset_load ¥´¤Ä</para></step>
+ <step><para>Font: ªº³¡¥÷¿ï¥Î fixed(kc)</para></step>
+ </procedure>
+ <para>
+ ¡A¨ÃÃö±¼ <application>xchat</application> ­«¶}¡C©Î¬O¦b
+ <filename>.xchat/xchat.conf</filename> ¤¤­×§ï</para>
+ <programlisting>
+use_fontset = 1
+font_dialog_normal = 8x16,kc15f,-*-16-*-big5-0
+font_normal = 8x16,kc15f,-*-16-*-big5-0</programlisting>
+ <figure>
+ <title>xchat snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/xchat" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://xchat.org/">http://xchat.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="irssi">
+ <title>irssi</title>
+ <para>¦w¸Ë <filename role="package">chinese/irssi</filename>¡C</para>
+ <para>¦pªG¬O¨Ï¥Î telnet ³s½u³nÅé¦Ó­n¦³±m¦â <application>irrsi
+ </application>¡A«h¥²¶·¥ý³]©w <command>setenv TERM xterm-color
+ </command>¡C</para>
+ <para>¨Ï¥Î¤èªk¡G<command>irssi -c irc.seed.net.tw -n your_nickname</command>
+ ¡A³s¤W¥h¤§«á¡A<command>/join #bsdchat</command>¡C</para>
+ <para>WWW: <ulink url="http://www.irssi.org/">
+ http://www.irssi.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="bitchx">
+ <title>bitchx</title>
+ <para>¤@®M¤¤¤å¦r´å¼Ð²¾°Êªº IRC ³nÅé¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/bitchx</filename>¡C</para>
+ <para>¨Ï¥Î¤èªk: <command>BitchX -n your_nickname irc.seed.net.tw
+ </command>¡A·|¦Û°Ê³s¤W irc.seed.net.tw¡C
+ µM«áª½±µ¥´ <command>/join #bsdchat</command> ´N¥i¥H¡C</para>
+ <para>WWW: <ulink url="http://www.bitchx.com/">
+ http://www.bitchx.com/</ulink></para>
+ </sect1>
+
+ <sect1 id="mldonkey">
+ <title>mldonkey - P2P</title>
+ <para>mldonkey ¬O¤@®M§K¶Oªº e-Donkey ¥Î¤áºÝ¡C
+ ¤£¹L¦b¤å¦r¤¶­±ªº·j´M¦³ÂI²­®¡Aµ§ªÌ³q±`³£¬O§Q¥Îºô­¶¤¶­±¨Ó¦s¨ú¡A
+ ¤]¦³ GTK ¹Ï§Î¤¶­±¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/net/mldonkey</userinput>
+&prompt.root; <userinput>make WITHOUT_TK=yes WITHOUT_X11=yes install clean</userinput></screen>
+ <para>µM«á³Ì¦n¦Û¤v¿ï­Ó¦@¦Pªº¦a¤è©ñ¡A¹³¬O«Ø¥ß¤@­Ó·s¨Ï¥ÎªÌ mldonkey¡A
+ µM«á±NÀɮ׳£¥Ñ¸Ó¨Ï¥ÎªÌ¨Ó°õ¦æ¡C</para>
+ <screen>
+&prompt.root; <userinput>mkdir -p /home/mldonkey</userinput>
+&prompt.root; <userinput>cd /home/mldonkey</userinput></screen>
+ <para>²Ä¤@¦¸°õ¦æ·|²£¥Í¤@¨Ç³]©wÀÉ¡A±µµÛ¥ý¼È°±°õ¦æ¡A
+ ­×§ï¤@¨Ç³]©wÀÉ«á¡A§Q¥Î»·ºÝºô­¶¨Ó±±¨î¡C
+ </para>
+ <screen>
+&prompt.user; <userinput>mlnet-real &</userinput>
+&prompt.user; <userinput>sh /usr/local/bin/kill_mldonkey</userinput>
+&prompt.user; <userinput>vi servers.ini</userinput>
+ known_servers = [
+ { server_network = Donkey
+ server_age = 59138548
+ server_addr = ("140.123.108.139", 7654)
+ server_desc = "TLF Taiwan ED Server"
+ server_name = "TLF Taiwan ED Server"
+ };]
+&prompt.user; <userinput>vi downloads.ini</userinput>
+ allowed_ips = [
+ "127.0.0.1";
+ "203.204.8.177";]
+&prompt.user; <userinput>mlnet-real &</userinput></screen>
+ <para>µM«á´N¥i¥H¶}±Ò»·ºÝ http://127.0.0.1:4080/ ¨Ó§ìÀÉ®×Åo¡C</para>
+ <para>¦pªG­n¨Ï¥Î¤¤¤å·j´M¡A«h¥ý¦b·j´M¤¶­±¥ý«ö¥kÁä¡A
+ <option>½s½X -&gt; ÁcÅ餤¤å</option>¡A
+ µM«á¦A¿é¤J§A­n·j´Mªº¤¤¤å¦WºÙ§Y¥i¡C
+ ©Î¬O¦w¸Ë <filename>outta-port/mldonkey</filename>¡A
+ ¤]¥i¥Hª½±µ§â <filename>outta-port/mldonkey/files</filename>
+ ©³¤UªºÀɮ׽ƻs¨ì <filename>net/mldonkey/files</filename> ©³¤U¡C
+ ¦]¬° <application>mldonkey</application> ª½±µ¦b http header ¤¤³]©w¤F
+ <option>charset=iso-8859-1</option>¡A
+ ¦]¦¹³Ì¦nªº°µªk¬O§Æ±æ§@ªÌ´£¨Ñ¨ä¥L½s½Xªº¿ï¶µ¡A
+ ¤£µM¥u¯à patch source ¤F¡C</para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/note b/zh_TW.Big5/books/zh-tut/chapters/note
new file mode 100644
index 0000000000..5f4aff9441
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/note
@@ -0,0 +1,43 @@
+<!-- $FreeBSD$ -->
+<chapter>
+ <title></title>
+ <sect1 id="">
+ <title></title>
+ <para><filename></filename>
+ <application></application>
+ <username></username>
+ <option>Æ«üÈÊÕ</option>
+ <literal></literal>
+ <emphasis></emphasis>
+ <quote></quote>
+ <varname></varname>
+ <devicename></devicename>
+ <acronym></acronym>
+ &man.man.1;
+ </para>
+ <screen>&promot.root; <userinput><replaceable></replaceable></screen>
+<programlisting><co id=""></programlisting>
+ <calloutlist>
+ <callout arearefs="">
+ </callout>
+ </calloutlist>
+<literallayout class="monospaced"></literallayout>
+
+ <itemizedlist>
+ <listitem>
+ <para></para>
+ </listitem>
+ </itemizedlist>
+ <orderedlist>
+ <listitem>
+ <para></para>
+ </listitem>
+ </orderedlist>
+ <sect2 id="">
+ <title></title>
+ </sect2>
+ <example>
+ <title></title>
+ </example>
+ </sect1>
+</chapter>
diff --git a/zh_TW.Big5/books/zh-tut/chapters/other.sgml b/zh_TW.Big5/books/zh-tut/chapters/other.sgml
new file mode 100644
index 0000000000..ed45108a37
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/other.sgml
@@ -0,0 +1,247 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: other.sgml,v 1.34 2003/11/08 16:59:52 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="other">
+ <title>¨ä¥¦³nÅ骺¤¤¤å¬ÛÃö°ÝÃD</title>
+
+ <sect1 id="sendmail">
+ <title>sendmail</title>
+ <para>
+ ¦]¬° <application>sendmail-8.8.x</application> ¹w³]·|±N©Ò¦³
+ 8-bit ªº«H¥ó½s½X«á¦A°e¥X¡A³o©Î¦h©Î¤Ö·|¹ï¦¬«H¤H³y¦¨¤@¨Ç¼vÅT
+ (°Ñ¨£ <link linkend="procmail">procmail</link> ªº¸Ñ¨M¤èªk)¡C
+ ²{¦b¤j³¡¥÷ªº¥D¾÷³£¤w¯àª½±µ¶Ç°e 8-bit ªº«H¥ó¡A©Ò¥H±z³Ì¦n­«·s½sĶ
+ <application>sendmail</application>¡A±N½s½X¥\¯àÃö±¼¡C </para>
+ <para>
+ ¦b¤U­±¦aÂI(©Î¬M®g¯¸¥x)¨ú¦^³Ì·sª©¥»ªº
+ <application>sendmail</application>¡G </para>
+ <para>
+ <ulink url="ftp://ftp.sendmail.org/ucb/src/sendmail/">
+ ftp://ftp.sendmail.org/ucb/src/sendmail/</ulink> </para>
+ <para>
+ ¸Ñ¶}¨Ã§ó§ï <filename>Makefile</filename>¡G </para>
+ <screen>
+&prompt.root; <userinput>tar zxvf sendmail-8.8.8.tar.gz</userinput>
+&prompt.root; <userinput>cd src/Makefiles</userinput>
+&prompt.root; <userinput>chmod u+w Makefile.FreeBSD</userinput>
+&prompt.root; <userinput>vi Makefile.FreeBSD</userinput> </screen>
+ <para>
+ ¦b <option>CFLAGS+=</option> «á¥[¤W
+ <option>-DMIME8TO7=0</option>¡C½sĶ¨Ã¦w¸Ë
+ <application>sendmail</application>¡G </para>
+ <screen>
+&prompt.root; <userinput>cd ..</userinput>
+&prompt.root; <userinput>./makesendmail all install</userinput> </screen>
+ <para>
+ ¥Î¤â°Ê¤è¦¡¦w±N man pages ¦w¸Ë¨ì¾A·í¥Ø¿ý(¤£¸Ë¤]¨SÃö«Y)¡C </para>
+ <para>
+ ¬å±¼Âªº <application>sendmail</application> ¦æµ{¡G </para>
+ <screen>
+&prompt.root; <userinput>kill -9 `head -1 /var/run/sendmail.pid`</userinput> </screen>
+ <para>
+ ­«·s±Ò°Ê <application>sendmail</application>¡G </para>
+ <screen>
+&prompt.root; <userinput>/usr/sbin/sendmail -bd -q1h</userinput> </screen>
+ <para>
+ WWW: <ulink url="http://www.sendmail.org/">
+ http://www.sendmail.org/</ulink> </para>
+ </sect1>
+
+ <sect1 id="procmail">
+ <title>procmail</title>
+ <para>
+ <application>procmail</application> ¬O¤@­Ó¹q¤l¶l¥ó¹LÂo¾¹
+ (mail filter)¡C¥¦¥i
+ ±N¨ìªº«H¥ó¦b¦s¤J±zªº«H½c«e¥ý°µ³B²z¡A¨Ò¦p±N«H¥ó¤ÀÃþµ¥¡C¤£¹L³o
+ ¸Ì­n±Ð±zªº¬O¦p¦ó§Q¥Î
+ <application>procmail</application> ¨Ó±N³Q½s½Xªº¤¤¤å«H
+ ¥ó¸Ñ½X¦¨¯Â¤å¦r¡A¥H¤Î¦b¤£¦P½s½Xªº«H¥óÂà´«¬°±z±`¥Îªº½s½X¡C </para>
+ <para>
+ ¦b±zªº home ¥Ø¿ý¤U«Ø¥ß <filename>.procmailrc</filename>
+ ÀɮסA¤º®e¦p¤U¡G </para>
+ <programlisting>
+# ¦b¥Î procmail ³B²z«e¥ý±N«H¥óÀx¦s¤U¨Ó¡A¥H§Kµo¥Í·N¥~
+# ±z¥i¥H³]©w¨º¨Ç«H¥ó¤£¥²³Æ¥÷¡A¨Ò¦p¥Ñ MAILER-DAEMON ¨Óªº°h«H
+:0 c
+* !^From.*MAILER-DAEMON
+mail/procmail-backup
+
+# ±N¥H quoted-printable ©Î base64 ½s½Xªº«H¥ó¸Ñ½X
+:0
+* ^Content-Type: *text/plain
+{
+ :0 fbw
+ * ^Content-Transfer-Encoding: *quoted-printable
+ | mimencode -u -q
+
+ :0 Afhw
+ | formail -I "Content-Transfer-Encoding: 8bit" \
+ -I "X-Mimed-Autoconverted: quoted-printable to 8bit by procmail"
+
+ :0 fbw
+ * ^Content-Transfer-Encoding: *base64
+ | mimencode -u -b
+
+ :0 Afhw
+ | formail -I "Content-Transfer-Encoding: 8bit" \
+ -I "X-Mimed-Autoconverted: base64 to 8bit by procmail"
+}
+
+# ³o¸Ì§PÂ_«H¥ó¬O§_¬° GB ½s½X¡A­Y¬O«hÂର BIG5 ½s½X
+# ¦pªG±z­n¥Ñ BIG5 Âର GB ½X¡A­n±N¨Ò¤l¤¤©Ò¦³ªº big5
+# ¤Î gb2312 ¤¬´«¡A¨Ã±N hc -m b2g §ï¬° hc -m g2b
+
+:0
+* ^Content-Type:.*text/plain;.*charset=gb2312
+{
+ :0 fw
+ | hc -m b2g -t /usr/local/lib/chinese/hc.tab
+
+ :0 Afhw
+ | formail -I "Content-Type: text/plain; charset=big5" \
+ -I "X-Charset-Autoconverted: gb2312 to big5 by procmail"
+}
+
+# ±N«H¥ó¦s¦^«H½c
+:0:
+${ORGMAIL} </programlisting>
+ <para>
+ ³o­Ó¨Ò¤l¤¤¡A°t¦X¤F mimencode¡Aformail
+ ±N«H¥ó¸Ñ½X¡A¨Ã¥Î
+ <link linkend="hc">hc</link>
+ ±N GB ½s½Xªº«H¥óÂର BIG5 ½s½X¡C©Ò¥H±zÁÙ¥²¶·¦w¸Ë³o¨Ç¤u¨ã¡C </para>
+ <para>
+ ³Ì«á¦A±N§ó§ï±zªº <filename>.forward</filename> ÀÉ´N¥i¥H¤F </para>
+ <programlisting>
+"|IFS=' ' &amp;&amp; exec /usr/bin/procmail -f- ~/.procmailrc ||exit 75 name" </programlisting>
+ <para>
+ ª`·N¡G¨ä¤¤³Ì«áªº name ­n§ï¬°±z¦Û¤vªºÃ±¤J¦WºÙ(login name)¡C </para>
+ <para>
+ WWW: <ulink url="http://www.procmail.org/">
+ http://www.procmail.org/</ulink> </para>
+ </sect1>
+
+ <sect1 id="vim">
+ <title>vim - VI ªº¶i¶¥½s¿è¾¹</title>
+ <para>
+ ¥¦¥]¬A¤F¤@¨Ç©M <application>vi</application> «Ü¹³¦ý
+ <application>celvis-1.3</application> ©Ò¨S¦³ªº¯S¦â¡A¹³¬O¦æ¸¹¡A
+ ¦^¶¦æ¡A¤Î¤j«¬Àɳ̥D­nªº¬O¥i¥H¿é¤J¤¤¤å¡C </para>
+ <para>¦w¸Ë <filename role="package">editors/vim</filename>¡C</para>
+ <para>
+ §Úª¾¹D¦³¤H«Ü°Q¹½ <application>vim</application>¡A¦]¬°ÁÙ­n¸Ë X¡C
+ ¨ä¹ê¥u­n¥Î <command>make -DWITHOUT_X11 install</command>
+ ´N¥i¥H¤F¥u¦w¸Ë¤å¦rª©ªº <application>vim</application>¡C </para>
+ <para>
+ ¦w¸Ë <application>ports/editors/vim</application> «á¡A
+ ®Ú¾Ú­Ó¤H³ß¦n³]©w <filename>.vimrc</filename>¡G </para>
+ <programlisting>
+set fileencoding=taiwan
+set guifontset=8x16,kc15f,-*-16-*-big5-0</programlisting>
+ <para>
+ ¨Ã¥B³]©w zh_TW.Big5 ªº locale¡A³o¼Ë¤l´N¥i¥H¤@¦¸§R°£¤@­Ó¤¤¤å¦r¡C</para>
+ <para>¥H¤U¬O«Øijªº³]©w</para>
+ <programlisting>
+set cindent
+set enc=taiwan
+set fileencoding=taiwan
+set hls
+set nocompatible
+set sw=2
+syntax on
+highlight Comment ctermfg=darkcyan
+highlight Search term=reverse ctermbg=4 ctermfg=7</programlisting>
+ <para>
+ ¦b±Ò°Êªº®É­Ô«Øij¨Ï¥Î <command>env TERM=xterm-color vim</command>
+ ¡A³o¼Ëº}«GªºÃC¦â¤~·|¥X¨Ó :)</para>
+ <para>
+ ¦pªGı±o¦r¦â¤Ó·t¡A¥i¥H¥Î <command>:set background=dark</command>¡C</para>
+ <figure>
+ <title>vim snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/vim" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://www.vim.org/">
+ http://www.vim.org/</ulink> </para>
+ </sect1>
+
+ <sect1 id="mailman">
+ <title>mailman - How to Enable Chinese in Mailman2.1.1</title>
+ <para>Last Update: 2003¦~ 3¤ë10¤é ©P¤@ 10®É03¤À59¬í CST</para>
+ <para>Contributed by: "Y. Cheng" &lt;ycheng@slat.org&gt;</para>
+ <para>¤µ¤Ñ²×©ó¦³ªÅ¨Ó¸Ë mailman 2.1.1 °Õ ^_^
+ ­n mailman 2.1.1 ¥i¤w¦³ÁcÅ餤¤å¥i¥H¿ï, »Ý­n¥H¤UÃB¥~°Ê§@:</para>
+ <para>1. ¦w¸Ë®É¥[¤W°Ñ¼Æ WITH_CHINESE=yes:</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/mail/mailman</userinput>
+&prompt.root; <userinput>make WITH_CHINESE=yes install clean</userinput> </screen>
+ <para>2. §â $(prefix)/Mailman/Defaults.py ¸Ì­±ªº
+ DEFAULT_SERVER_LANGUAGE = 'en' §ï¬°
+ DEFAULT_SERVER_LANGUAGE = 'big5':</para>
+ <programlisting>
+--- Mailman/Defaults.py.in.orig Mon Mar 10 23:49:48 2003
++++ Mailman/Defaults.py.in Mon Mar 10 23:50:02 2003
+@@ -670,7 +670,7 @@
+ # The default language for this server. Whenever we can't figure out the list
+ # context or user context, we'll fall back to using this language. See
+ # LC_DESCRIPTIONS below for legal values.
+-DEFAULT_SERVER_LANGUAGE = 'en'
++DEFAULT_SERVER_LANGUAGE = 'big5'
+
+ # When allowing only members to post to a mailing list, how is the sender of
+ # the message determined? If this variable is set to 1, then first the</programlisting>
+ <para>3. §â $(prefix)/pythonlib/email/Charset.py ¸Ì­±ªº
+ <option>'big5': 'big5_tw',</option> §ï¬°
+ <option>'big5': 'big5',</option>¡A§_«h
+ subscribe mail list ®É´N·|¥X²{ bug.</para>
+ <programlisting>
+--- pythonlib/email/Charset.py.orig Sun Oct 13 12:00:20 2002
++++ pythonlib/email/Charset.py Tue Mar 11 10:19:07 2003
+@@ -70,7 +70,7 @@
+ 'iso-2022-jp': 'japanese.iso-2022-jp',
+ 'shift_jis': 'japanese.shift_jis',
+ 'gb2132': 'eucgb2312_cn',
+- 'big5': 'big5_tw',
++ 'big5': 'big5',
+ 'utf-8': 'utf-8',
+ # Hack: We don't want *any* conversion for stuff marked us-ascii, as all
+ # sorts of garbage might be sent to us in the guise of 7-bit us-ascii.</programlisting>
+ <para>ªì¨B´ú¸Õ³o¼Ë ok, ·|¤£·|¦³¶i¤@¨B°ÝÃD, Áٻݭn¦h´ú¸Õ.</para>
+ <para>ycheng</para>
+ </sect1>
+
+ <sect1 id="pvpgn">
+ <title>pvpgn - Blizzard's Battle.net service</title>
+ <para>°ê¤º³Ì¦³¦Wªº Battle.net ¬O½ÞÀYC ªº
+ <ulink url="http://bnet.custom.idv.tw">Å]Ã~3 ¥xÆW¦øªA¾¹ºô¯¸</ulink>¡A
+ ¤W­±¦³«D±`¸Ô²Óªº¤¶²Ð¦p¦ó¨Ï¥Î¤u¨ã¨Ó³s¤W«D©x¤èªº¦øªA¾¹¡C</para>
+ <para>¤¸´¼®Õ¤º Server: 140.138.145.35</para>
+ <para>StarCraft 1.10¡BStarCraft Expansion Set 1.10¡B
+ WarCraftIII 1.12¡BWarCraftIII The Frozen Throne 1.12¡B
+ Diablo II LoD 1.09 Open Battle.Net¡B
+ Diablo II LoD 1.09 Closed Battle.Net¡C</para>
+ <para><application>pvpgn</application> ªº¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/pvpgn</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/outta.sgml b/zh_TW.Big5/books/zh-tut/chapters/outta.sgml
new file mode 100644
index 0000000000..849ae7ca98
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/outta.sgml
@@ -0,0 +1,94 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: outta.sgml,v 1.12 2003/11/08 16:59:52 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="outta">
+ <title>µo®i¤¤ªº¤¤¤å³nÅé Outta-port</title>
+ <para>
+ &a.ycheng; Date: 3 Jul 1999 10:07:20 GMT
+ </para>
+ <para>1. ¤°»ò¬O Outta-Port ?</para>
+ <para>Outta-Port ¬O port ¥H¥~ªº port.</para>
+ <para>¤]´N¬O»¡¡A·í§Ú­Ì¦b¼g port ®É¡A§Ú­Ì»{¬°¸Ó port ÁÙ¤£¬O«Üí©w
+ ¡AÁÙ¤£·Q±N¤§ commit ¶i FreeBSD Á`³¡ªºµ{¦¡¤¤¡A¦ý¬O¦³§Æ±æ¤@¸s
+ ¤H¥i¥H¤@°_ÁÙºûÅ@³o¤@²Õ port ®É¡A§Ú­Ì´N±N¤§ commit ¶i outta-port.</para>
+ <para>2. ¦p¦ó¨ú±o Outta-Port ?</para>
+ <para>cvsup ;)</para>
+ <para>¥ý°²³]±z·|¥Î cvsup ©M ports. ¨ú±o
+ <ulink url="http://freebsd.sinica.edu.tw/conf/outta-port.supfile">
+ outta-port.supfile</ulink> ³o­Ó supfile ±N outta-port ¥Ø¿ý©ñ¦b
+ <filename>/usr/ports</filename> ¤U.
+ °²³]±z¦w¸Ë¦n¤F <command>cvsup</command>¡A½Ð¤U«ü¥O
+ <command>cvsup -g outta-port.supfile</command>¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports</userinput>
+&prompt.root; <userinput>fetch http://freebsd.sinica.edu.tw/conf/outta-port.supfile</userinput>
+&prompt.root; <userinput>cvsup -g outta-port.supfile</userinput></screen>
+ <para>©Î¬Oª½±µ½s¿è outta-port.supfile¡A¤º®e¦p¤U¡G</para>
+ <programlisting>
+*default host=freebsd.sinica.edu.tw
+*default base=/usr/ports
+*default prefix=/usr/ports
+*default release=cvs
+*default delete use-rel-suffix
+
+outta-port tag=.</programlisting>
+ <para>3. ¦p¦ó¥[¤J Outta-Port maintainer ?</para>
+ <para>§â°µ¦nªº Port ±H¥÷ email ¨ì statue@freebsd.sinica.edu.tw¡A
+ ³Ì¦n¬O shar ªº®æ¦¡¡C</para>
+ <para>4. ¦p¦óª¾¹D³Ì·s®ø®§</para>
+ <para>±H¥÷ email ¨ì majordomo@freebsd.sinica.edu.tw¡A¤º®e¬°
+ subscribe freebsd-taiwan-cvslog</para>
+ <para>5. ²{¦b Outta-Port ¤¤¦³¬Æ»ò¡H</para>
+ <para>¦³«Ü¦h©_©ÇªºªF¦è¡A¤£§«¦Û¤v¸Ë¤F¬Ý¬Ý¡C</para>
+
+ <sect1 id="xfig">
+ <title>xfig</title>
+ <para>
+ XFIG 3.2.2 - Facility for Interactive Generation of figures
+ under X11 This port now accepts input from XIM server, such
+ as XCIN.
+ </para>
+ <para>¦b /usr/X11R6/lib/X11/app-defaults/Fig ³]©w¡G</para>
+ <programlisting>
+Fig.international: true
+Fig*edit_panel*Text_text*international: true
+Fig*edit_panel*inputMethod: xim </programlisting>
+ <para><command>export LANG=zh_TW.Big5</command></para>
+ <para>¦A¨Ó°õ¦æ xfig¡Cª`·N¡A¥ú LC_CTYPE ³]¦¨ zh_TW.Big5 ¬O¤£¦æªº¡C</para>
+ <para>¦pªG¤£¯à¥Î¡Aªí¥Ü±zªº xfig ½sĶ®É¨S¦³¥[¤J i18n ¥\¯à¡C
+ ©ÎXMODIFIERS Àô¹ÒÅܼƨS¦³³]¦n¡C</para>
+ <note>
+ <para>
+ Because XCIN needs Alt keys, Alt/Meta are disabled. Use Esc
+ as compose key instead.
+ </para>
+ </note>
+ </sect1>
+
+ <sect1 id="movabletype">
+ <title>MT - movabletype blog</title>
+ <para>It is a decentralized, web-based personal publishing system designed to ease
+ maintenance of regularly updated news or journal sites, like weblogs. </para>
+ <para>¦w¸Ë <filename role="package">chinese/MT</filename>¡A
+ ¥L·|¤@¨Ã¦w¸Ë <filename role="packahe">www/MT</filename>¡C</para>
+ <para>WWW: <ulink url="http://www.movabletype.org/">
+ http://www.movabletype.org/</ulink></para>
+ <para>WWW: <ulink url="http://blog.elixus.org/">
+ blogging elixus - ¥¿Å餤¤åblog¸ê°T¤¤¤ß</ulink></para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/preface.sgml b/zh_TW.Big5/books/zh-tut/chapters/preface.sgml
new file mode 100644
index 0000000000..7e291cedc8
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/preface.sgml
@@ -0,0 +1,256 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: preface.sgml,v 1.19 2003/10/30 14:22:02 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="preface">
+ <title>«e¨¥</title>
+ <para>Last Update: 2003¦~10¤ë12¤é ©P¤é 17®É18¤À53¬í CST</para>
+ <para>»P¨ä©ê«è¥|©P¶Â·t¡A¤£¦pÂI¿U¤@®Ú¤õ®ã·Ó«G¥¦¡C</para>
+ <para>±qµ§ªÌ¦b¤j¤@®É¶}©l±µÄ² FreeBSD ¨ì²{¦b¤w¸g¤­¦~¦³¾l¡A
+ ¤@¶}©l°£¤F§õ«Ø¹Fªº¶Â¥Ö®Ñ¡A¥H¤Î news:tw.bbs.comp.386bsd ªº¤å³¹¥~¡A
+ ÁÙ¦³¤@¸s³ß·Rª±§Ë FreeBSD ªºªB¤Í¡C
+ ±q¤@¶}©lÀ°¦£ºûÅ@­·¤§¶ð BBS ¨ì«á¨Ó±Mª`©ó FreeBSD ªº¤¤¤å¤Æ¡A
+ ¤£Â_ªº±q¿ù»~¹Á¸Õ¤¤Àò±o§Ö¼Ö¡A¬°¨C¤@­Ó·sªº³nÅé¦ÓÆg¹Ä¡A
+ ³Ì­«­nªº¬OÁ`¦³¤@¸s¸ò§A¤@¼Ë¦b¿ù»~¤¤ºN¯Áªº¤H¡C
+ »P¨ä©ê«è¤å¥ó¤£¦h¡A¤£¦p¦Û¤v¶}©l¼g¤å¥ó¡C
+ ÁöµM¦bºô¸ô¤W°µ¹LªºÄø¨Æ¤£¤Ö¡A¤]¤£ª¾¹D¦³¦h¤Ö¤H·|»{¦P³o¼Ë¤lªº¤å¥ó¡A
+ Á`¦³³o¼Ë¤lªº¶Ì¤l·|°µ¤U¥h¡Aª½¨ì³s¦Û¤v³£¤£»{¦P¤F¡C</para>
+ <para>ÁÙ°O±o¤j¤@®É¦b±JªÙ²Ä¤@¦¸§â X Window ¦w¸Ë°_¨Ó®É¡A
+ ¶¶§Q°õ¦æº}«Gªº Enlightenment¡A¨ººØ¿³¾Ä¡A·|Åý¤H·Q¦b±JªÙ§â¥ª¾F¥kªÙ³£§n¿ô¡A
+ ÁÙ¦n¨S¦³°µ¡A¤£µMÀ³¸Ó·|³Q®ü«ó¤@¹y¡C</para>
+ <para>FreeBSD ªºÀô¹Òªº½T¤£¦p GNU/Linux ¨º¼Ëªº¦h¤H¨Ï¥Î¡A
+ ²{¦³ªº¤å¥ó¶q¤]¬O©úÅ㪺¤Ö¡A°Ó·~ª£§@§ó¬O¤Ö¨£¡A
+ ©Î³\§â FreeBSD ÂkÃþ¬°¾Ç³N¥Î§@·~¨t²Î¡A·|Åý¤H¦b¨Ï¥Î¤W§ó¬°»´ÃP¡C</para>
+ <para>FreeBSD ªº¤¤¤å¤Æ¡A¹ê»Ú¤Wµ§ªÌ¨Ã¨S¦³°µ¹L¤Q¤À¦hªº°^Äm¡A
+ ¥u¦³§â«e¤Hªº°µªk°µ¾ã²z»P´ú¸Õ¡AµM«á¤S¦Û¤v²­®ªº¤åµ§¡A
+ °O¾Ð¤U¨Ó·í®Éªºª¬ªp¡C
+ ´¿¸g·Q§Ë¹L Chinese FreeBSD Extension(CFE)¡A
+ ·íªì¨Ã¨S¦³¹³«Ü¦h²Ó¸`¡A
+ ¥u¬O§Æ±æ¯à¦³­Ó¹³ Chinese Linux Extension(CLE) ¤@¼Ëªº°Q½×Àô¹Ò¡A
+ ³o¤j·§¬O°µ¹Lªº­«¤jÄø¨Æ¤§¤@¡A
+ ¤j³¡¤Àªº¤H³£¤£ÃÙ¦¨Ãþ¦ü CLE ªº°µªk¡A
+ «á¨Ó¬°¤FÁקK»P CLE Ä~Äò°µ¤ñ¸û¡A§ï¦W¬° Chinese FreeBSD Collection(CFC)¡A
+ °µ¤F´X­Óª©¥»«á¡Aµo²{ºûÅ@ª©¥»ªº°ÝÃD¤Q¤Àªá®É¶¡¡A
+ ¥t¤@¤è­±¬O³o¼Ë¤l¤@­Ó¤Hªº±M®×²×¨s¬¡¤£¤[¡A
+ ºCºCªºÂà¦V¼g¤å¥ó¨Ó¬ö¿ý¦Û¤vªº´ú¸Õµ²ªG¡A
+ ³o¼Ë¤l¹ï¦Û¤v¤ñ¸û»´ÃP¡C</para>
+ <para>¤¤¤å¤ÆºCºCí©w¡A¤]ºCºC³Q©¿²¤¡C
+ ¤w¸g¨S¦³¨º»ò¦h­¢¤Áªº¤¤¤å°ÝÃDªº®É­Ô¡A¤]¸Ó¬O¤¤¤å¤Æ¸Ó¸¨¹õ¼@²×ªº®É­Ô¡C
+ ¥Ø«e¥u­n¥ô¿ï¤@®M FreeBSD ©Î¬O GNU/Linux ³£¥i¥H²³æªº¨Ï¥Î¤¤¤å¡A
+ ·í°Ó·~¤¶¤J«á¡A±¡ªpÀ³¸Ó¥u·|§ó¦n¡A²¦³º¦³·å²«ªº²£«~¾P°â¶q³£¤£·|¤Ó¦n¡C</para>
+
+ <sect1 id="intro">
+ <title>²¤¶</title>
+ <para>³o¥÷¤å¥ó¤j³¡¤À³£¤£¬O§@ªÌ¿Ë¦Û¼¶¼gªº¡A
+ ¥Ñºô¸ô¤W¤j®a©Ò§V¤O¥X¨Óªº¦¨ªG»`¶°¬°¥D¡A
+ ÁöµM¦³·Q¹L­nÂ૬¦¨¬° "FreeBSD ¤¤¤å¨Ï¥ÎÀô¹Ò" ²¤¶¤å¥ó¡A
+ ¤£¹Lê©ó§@ªÌ¥»¨­ªº¯à¤O»P®É¶¡ªº¤£¨¬¡A©Ò¥HÁÙ¦bºCºC³W¹º¤¤¡C</para>
+ <para>Ãö©ó FreeBSD ¥i¥H¥ý°Ñ¦Ò¥¦ªº©x¤èºô¯¸
+ <ulink url="http://www.freebsd.org">http://www.freebsd.org</ulink>
+ ¡A¥H¤Î¥L©Ò´£¨ÑªºÂ×´I¤å¥ó¡A¥Ø«e¸û¬°«Øijªº¾\Ū¬O
+ <ulink url="http://freebsd.sinica.edu.tw/handbook/">
+ FreeBSD Handbook</ulink>¡C</para>
+ <para>¥»¤å¥Ø«e¾A¦Xµ¹¤w¸g¦³¦w¸Ë FreeBSD ·§©À¡A¦ý¹J¨ì¤¤¤å¬ÛÃö°ÝÃD®É¡A
+ ¥i¥H¥Î¨Ó§ä¸ê®Æªº¤å¥ó¡Aªì¾ÇªÌ¥i¯à­n¥ý¾\Ū¹L°ò¥»ªº¤å³¹«á¡A
+ ¨Ò¦p FreeBSD Handbook¡A¤]¦³ <ulink url="http://freebsd.sinica.edu.tw/handbook/ports.html">
+ FreeBSD Ports Collection</ulink> ªº¨Ï¥Î·§©À«á¡A·|§ó¬°¾A¦X¾\Ū¦¹¥÷¤å¥ó¡C
+ ¦b¾\Ū¦¹¥÷¤å¥ó®É¡A¥Ø«eÁÙ¨S¿ìªk¤@¨B¨Bªº¤Þ¾É¨Ï¥ÎªÌ¥h³]¥ß
+ FreeBSD ¤¤¤å¨Ï¥ÎÀô¹Ò¡A¤£¹L³o±N¬O§Ú­Ì¥¼¨Óªº¥Ø¼Ð¡C</para>
+ <para> ¥»¤å¥óÁö¤w¤O¨D¥¿½T¡AµM¦ÓµLªk«OÃÒ©Ò¦³¾Þ§@¡þ³]©w½d¨Ò¡A
+ ³£¥i¥H¶¶§Qªº¦b±zªº¨t²Î¤W­±¶i¦æ¡C
+ ¦pªG±z¨Ì·Ó¥»¤å¥óªº»¡©ú¦Ó¨Ï±zªº¨t²Îµo¥Í¥ô¦ó°ÝÃD©Î·l¥¢¡A
+ §@ªÌ³£±N¤£­t¥ô¦ó³d¥ô¡C</para>
+ <para>
+ §Æ±æ¥Ñ©ó¥»¤åªº¥X²{¡A¯à¤j¶q´î¤Ö¦bºô¸ô¤W¤@¦A­«½Æ¥X²{ªº°ÝÃD¡G
+ "¬°¤°»ò§Ú¤£¯à¿é¤J/¬Ý¨ì¤¤¤å?" µ¥µ¥¡C
+ ÁöµM§Ú¤]¤F¸Ñ³o¬O¤£¤Ó¥i¯àªº...</para>
+ </sect1>
+
+ <sect1 id="howtoget">
+ <title>¦p¦ó¨ú±o³o¥÷¤å¥ó¡H</title>
+ <para>³o¥÷¤å¥ó¥Ø«e¥i¥H¦b³o­Óºô§}¨ú±o¡G</para>
+ <para>
+ WWW: <ulink url="http://freebsd.sinica.edu.tw/~statue/zh-tut.php">
+ http://freebsd.sinica.edu.tw/~statue/zh-tut.php</ulink></para>
+ <para>³o¥÷¤å¥ó¬O¥Ñ SGML ©Ò½s¼g¦Ó¦¨ªº¡A¦pªG·Q¨ú±o­ì©lÀɮסA
+ ¥i¥H¥Î¥H¤Uªº¤è¦¡¡G</para>
+ <screen>
+&prompt.user; <userinput>cvs -d :pserver:anoncvs@freebsd.sinica.edu.tw:/home1/ncvs login</userinput>
+(Logging in to anoncvs@freebsd.sinica.edu.tw)
+CVS password: <userinput>anoncvs</userinput>
+&prompt.user; <userinput>cvs -d :pserver:anoncvs@freebsd.sinica.edu.tw:/home1/ncvs checkout zh-tut</userinput></screen>
+ <para>¦pªG·Q¤â°Ê²£¥Í HTML¡ATXT µ¥®æ¦¡¡A«h¥²¶··Ó¥H¤Uªº¤è¦¡¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/textproc/docproj</userinput>
+&prompt.root; <userinput>make JADETEX=yes install clean</userinput>
+&prompt.root; <userinput>cvsup -g /usr/share/examples/cvsup/doc-supfile</userinput> </screen>
+ <para>
+ ±µµÛ­×§ï <filename>/usr/local/share/texmf/web2c/texmf.cnf</filename>¡A
+ ±N¥H¤U§ï¦¨ hash_extra = 25000¡Amax_strings = 150000¡A
+ pool_free = 50000¡A³o¼ËÀ³¸Ó´N¥i¥H¤F¡C</para>
+ <para>±µµÛ´N¥i¥H¨ì <filename>zh-tut/</filename> ©³¤U¥Î
+ <command>make FORMATS=html</command> »s§@¾ã­¶¼Ò¦¡ªº HTML ª©¥»¡A
+ <command>make FORMATS=split-html</command> »s§@³¹¸`¼Ò¦¡ªº HTML ª©¥»¡A
+ ¦]¬°¥H <command>make FORMATS=pdf</command> »s§@¥X¨Óªº PDF
+ ¤¤¤åµLªk¥¿±`Åã¥Ü¡A<command>make FORMATS=ps</command> »s§@¥X¨Óªº PS
+ ª©¥»¤]¬O¦p¦¹¡A©Ò¥H¥Ø«eªº PDF ª©¥»¬O¥Î Adobe Distiller
+ ¥H¹w³]­È PDF 1.3 °µ¥X«D¤º´O¤¤¤åªº PDF ª©¥»¡A¥H¤Î¥H PDF 1.2 ¡A
+ ¨Ã¤º´O¦r«¬»s°µ¥X¤º´O¤¤¤åªº PDF ª©¥»¡C
+ ¨Ã¥Î WebCapture2CK ¼W®Ä¼Ò²Õ°µ¥X¤F PDF ªº¦³¶W³sµ²ª©¥»¡C
+ TXT ª©¥»«h¬O¨Ï¥Î
+ <application>lynx</application> ªº <option>-dump</option>
+ ¨Ã·f°t <option>-assume_charset=big5 -assume_local_charset=big5</option>
+ ÂsÄý¾ã­¶¼Ò¦¡ HTML ª©¥»©Ò»s§@¥X¨Óªº¡C
+ PS ªºª©¥»«h¬O¥Ñ <command>pdf2ps</command> ©Ò»s§@¡A
+ ¤£¹L°µ¥X¨Ó·|Åܦ¨ 30 MB¡A¤£¤Ó¾A¦X¤U¸ü¡C</para>
+ <sect2 id="jadetex">
+ <title>jadetex - SGML+JadeTex ²£¥Í¤£¤º´O¦r«¬ªº¤¤¤å PDF</title>
+ <para>Contributed by ®üÃ䪺³¥«Ä¤l (edwar.bbs@bbs.sayya.org)</para>
+ <para>Last Update: 2003¦~ 4¤ë 7¤é ©P¤@ 19®É11¤À14¬í CST</para>
+ <para>¦b²£¥Í¤¤¤å HTML ªº³¡¤À¨S¤°»ò°ÝÃD¡A¥u­n¦b freebsd.dsl ªº
+ style-specification-body ªº¼ÐÅÒ¤º¡A¥[¤W¦p¤Uªº«Å§i§Y¥i¡G</para>
+ <programlisting>
+(define %html-header-tags% '(("META" ("HTTP-EQUIV" "Content-Type") ("CONTENT" "text/html; charset=Big5"))))</programlisting>
+ <para>¦ý¬O­n²£¥Í PDF «h­n¥ý¦w¸Ë <application>teTeX</application>,
+ <application>docproj</application>,
+ <application>CJK</application>,
+ <application>xpdf</application> µ¥À³¥Î³nÅé¡A½Ð°Ñ¦Ò«e¤@¸`ªº»¡©ú¡C</para>
+ <para>jade ¥i¥H±N XML/SGML Âà´«¦¨ tex ÀÉ¡A­Y¬O XML ­ì¥»¤º§t¤¤¤å¡A
+ ©Î¬O¨ä¥L CJK ¤å¦r¡A­ì¥»·|¿é¥X¦¨¤@¯ëªº¤¤¤å¡A
+ ¥[¤WÀô¹ÒÅÜ¼Æ SP_ENCODING=Big5 «á¡A
+ ¿é¥Xªº tex ÀÉ·|±N³o¨Ç¤å¦r¥Î \Character{29992}
+ ªí¥Ü¡A³o¼Æ¦r¬O unicode¡A¡u&amp;#29992;¡v¦b unicode ¸Ì¬O¤¤¤åªº¡u¥Î¡v¦r¡C
+ </para>
+ <para>­Y¬Oª½±µ¥H jadetex ½sĶ³o­Ó .tex¡A·|¥X²{ Unknown character
+ ªº¿ù»~°T®§¡A§Úªº¤è¦¡«Ü²³æ¡A¬JµM³o¨Ç¦r¤¸¨S¦³©w¸q¡A´NÀ°¥L©w¸q¤@¤U¡A
+ ¦b½sĶªº®É­Ô¥ý¤Þ¤J´N¦n¤F¡C</para>
+ <para>©w¸q¤@­Ó cjk-char.sty¡A¨C¦æªº¤º®e¹³¡G</para>
+ <programlisting>
+\DefineCharacter{19968}{4E00}{\begin{CJK*}{Bg5}{bsmi}XXX\end{CJK*}}</programlisting>
+ <para>XXX ¬O¸g¹L bg5conv ³B²z¹Lªº¤¤¤å¦r¡C¦]¬°¨C­Ó¦r³£¥Î \begin{CJK*}
+ ©M \end{CJK*} ¥]¦í¡A©Ò¥H½sĶ®É·|«Ü¤[¡C
+ ³o­Ó°µªk¥i¯à¥i¥H¦b¤@¥÷¤å¥ó¤¤¥Î¨ì¦n´XºØ½s½Xªº¤å¦r¡C</para>
+ <para>­Y­n¥[§Ö½sĶ³t«×¡A´N­n±N \begin{CJK*} ¥Î¦b¶}ÀY¡A
+ \end{CJK*} ©ñ¦b \endFOT{} ¤§«e¡C³o¼Ë¥i¥H¤j´T´£ª@³t«×¡A
+ ¦ý¬O¤@¥÷¤å¥ó¸Ì¥i¯à´N¥u¯à¦³¤@ºØ½s½Xªº¨È¬w¤å¦r¡C
+ ÁÙ¦³¤@ºØ°µªk¬O³Ì¶}©l¨Ï¥Î \begin{CJK*}{}{bsmi}¡A
+ ¦b¨C­Ó¦r©w¸qªº¦a¤è³£¥Î \CJKenc{Bg5} ¨Ó«ü©w½s½X¡A
+ ³o¼Ë³t«×·|¤ñ²Ä¤@ºØ§Ö¤@¨Ç¡C</para>
+ <para>µM«á¦b .tex ªº¶}ÀY¥[¤J
+ <option>\usepackage{CJK,pslatex}\input cjk-char.sty</option>
+ ¦A¶i¦æ½sĶ¡C¤U­±´N¬O§Úªº¨BÆJ¡Acjk-char.sty ­n¦Û¦æ¤U¸ü¡C</para>
+ <screen>
+&prompt.root; <userinput>env SP_ENCODING=Big5 make FORMATS=tex</userinput>
+&prompt.root; <userinput>echo '\usepackage{CJK,pslatex}\input cjk-char.sty' > zh-tut.tex.2</userinput>
+&prompt.root; <userinput>cat zh-tut.tex >> zh-tut.tex.2</userinput>
+&prompt.root; <userinput>mv zh-tut.tex.2 zh-tut.tex</userinput>
+&prompt.root; <userinput>env SP_ENCODING=Big5 make FORMATS=dvi</userinput>
+&prompt.root; <userinput>dvipdfmx zh-tut.dvi</userinput></screen>
+ <para>³Ì«á¥Î <application>xpdf</application> ªº
+ <command>pdffont</command> ÀËÅç¡C
+ ¦b type ªº¦a¤è¥þ³£¬O <option>Type 1</option> ´N¨S°ÝÃDÅo¡C</para>
+ <screen>
+&prompt.root; <userinput>pdffonts zh-tut.pdf</userinput>
+name type emb sub uni object ID
+------------------------------------ ------------ --- --- --- ---------
+Helvetica-Bold Type 1 no no no 8 0
+Times-Roman Type 1 no no no 15 0
+ShanHeiSun-Light CID TrueType no no no 18 0
+Courier Type 1 no no no 19 0
+Helvetica Type 1 no no no 20 0
+Times-Bold Type 1 no no no 25 0
+Times-Italic Type 1 no no no 26 0
+Courier-Bold Type 1 no no no 59 0
+UJULYZ+CMMI10 Type 1 yes yes no 167 0</screen>
+ <para>DL: <ulink url="http://freebsd.sinica.edu.tw/zh-tut/cjk-char.sty">
+ cjk-char.sty</ulink></para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="warning">
+ <title>ª`·N¨Æ¶µ</title>
+ <para>
+ ¥»¤å¤¤½d¨Òªº¨Ï¥Î¥H <application>csh</application>/
+ <application>tcsh</application> ¬°¥D¡C­Y±z¨Ï¥Îªº¬O
+ <application>sh</application>/<application>bash</application>
+ ¡A½Ðª`·N¨ä¤¤ªº®t²§¡C¨Ò¦p¹ïÀô¹ÒÅܼƪº³]©w¡A¦b
+ <application>sh</application>/<application>bash</application>
+ ¤¤¬O </para>
+ <screen>
+&prompt.user; <userinput>export TERM=vt100</userinput> </screen>
+ <para>¦b <application>csh</application>/
+ <application>tcsh</application> ¤¤«h¬O</para>
+ <screen>
+&prompt.user; <userinput>setenv TERM vt100</userinput> </screen>
+ </sect1>
+
+ <sect1 id="aim">
+ <title>¥Ø¼Ð</title>
+ <para>
+ ¥»¤å§Æ±æ¯à´£¨Ñ¦b FreeBSD ¨t²Î¤W¨Ï¥Î¤¤¤åªº§¹¾ã¦Ó¦Û¨¬ªº»¡©ú¡C
+ ¥u­n¬O»P FreeBSD ¤W¨Ï¥Î¤¤¤å¦³Ãöªº¡A§Ú³£§Æ±æ¯à°÷¥]¬A¶i¨Ó¡IµM¦Ó¡A
+ ­­©ó­Ó¤H´¼ÃÑ»P¯à¤O¡A§Úª¾¹D³o´X¥G¬O­Ó"¤£¥i¯àªº¥ô°È"¡C
+ ¦]¦¹¡A¦³¥ô¦óªº¤£¨¬©Î¿òº|¤§³B¡A½Ð§O¦b·N¡A¾¨¶q§i¶D§Ú¡I</para>
+ </sect1>
+
+ <sect1 id="learn">
+ <title>¦p¦ó¾Ç BSD¡H</title>
+ <para>¥Ø«eºô¸ô¤å¥ó¤w¸g¦³´X¥»Æ[©ÀÁٺ⧹¾ãªº®Ñ¡A
+ §Ú·|«Øij¥ý¾\Ū <ulink url="http://freebsd.sinica.edu.tw/docs/cfreebsd/">
+ FreeBSD ¨Ï¥Î¤â¥U</ulink> ©M <ulink url="http://freebsd.sinica.edu.tw/docs/csh">
+ ºô¸ô¹A¤Ò</ulink> ¨ÓÀò±o¤@¨Ç°ò¥»ªºÆ[©À¡A<ulink url="http://info.sayya.org/~edt1023/linux_entry.html">
+ GNU/Linux ªì±´</ulink> ¤]¬O¤Q¤À­È±o°Ñ¦Òªº¤å¥ó¤§¤@¡A
+ ¦³¤F°ò¥»ªºÆ[©À«á¡A´N¥i¥H¶i¶¥ªº¾\Ū
+ <ulink url="http://www.study-area.org/2freebsd/2freebsd.htm">
+ FreeBSD ¤JÅ]¤â¥U</ulink> ¥H¤Î
+ <ulink url="http://freebsd.sinica.edu.tw/docs/completed/">
+ ¤ýªiªº FreeBSD ¤j¥þ</ulink> ¡A
+ <ulink url="http://freebsd.sinica.edu.tw/handbook.php">
+ ÁcÅé FreeBSD handbook</ulink>¡C
+ ±q³o¨Ç¤å¥ó¤¤¡A´N¥i¥H§t»\±q¦w¸Ë¨ì¨Ï¥ÎªºÆ[©À»P¥Îªk¡A
+ ¹ï¤@­Ó¤Jªù BSD ªº¤HÀ³¸Ó¬O¤Q¤À¨¬°÷ªº¤F¡C
+ ¦pªG¹ï¥ô¦ó¤¤¤åªº¬ÛÃöijÃD¦³¿³½ì¥i¥H°Ñ¦Ò©å§@ªº
+ <ulink url="http://freebsd.sinica.edu.tw/zh-tut.php">
+ FreeBSD Chinese HOWTO</ulink>¡C
+ </para>
+ <para>
+ ¦nªº¤å¥ó (manpage ¤]ºâ) ¤j¦h¼Æ³£¬O­ì¤åªº¡A»Ý­n®É¶¡ºCºC¬Ý¡A
+ ¦ý¬O¸ê®Æ¤]³ÌÂ×´I¡B§¹¾ã¡C</para>
+ <para>
+ ¦pªG·Q­n§ä¤¤¤åªº¤å¥ó¡A±z¥i¥H¥Î Google §ä¬Ý¬Ý¦³¨S¦³¼g¥X¤¤¤åªº
+ documents¡G<ulink url="http://www.google.com/">
+ http://www.google.com</ulink>¡C</para>
+ <para>
+ ¥Î Google ªº®É­Ôµ½¥Î site: ³o­Ó«ü¥O¡A¦³®É­Ô±z¥u·Q§ä¤¤¤åªº¸ê®Æ¡A
+ ¦ý¬O±zªº keyword ¥u¦³­^¤å¡A³o®É­Ô±z¥i¥H¥[ site:tw Åý¥¦¥u§ä
+ *.tw ªº site¡C</para>
+ <para>
+ ¥­±`·Q­n§ä³nÅé¡A§Ú­Ì·|¨ì <filename>/usr/ports</filename> ©³¤U¥Î
+ <command>make search key=keyword</command> §ä¡C</para>
+ <para>
+ ³q±` pkg-descr ·|¦³ Website url¡A¦pªG ports ªº³nÅ餣·|¥Î¡A
+ ¥i¥H¥h­ì¨Óªº site ½½¬Ý mailing list¡C¦A¤£¦æ¨ì Google ¦A§ä¡C</para>
+ <para>
+ handbook ¹ï©ó°ò¥»¾Þ§@¤Î³]©w·|¦³«Ü¤jªºÀ°§U¡A¤£¹L§Ú¤£»{¬°­ì¤åªº
+ handbook ¹ïªì¾ÇªÌ¦Ó¨¥¬O¤@­Ó¦nªº¶}©l¡A
+ ¥i¥H¬Ý¬Ý¤w¸g³¡¥÷½Ķ¦nªºª©¥»¡C</para>
+ <para>
+ WWW: <ulink url="http://info.sayya.org/~edt1023/linux_entry.html">
+ http://info.sayya.org/~edt1023/linux_entry.html</ulink></para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/zh-tut/chapters/print.sgml b/zh_TW.Big5/books/zh-tut/chapters/print.sgml
new file mode 100644
index 0000000000..c3a7f647a7
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/print.sgml
@@ -0,0 +1,730 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: print.sgml,v 1.54 2003/12/01 20:21:54 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="print">
+ <title>¤¤¤åªº¦C¦L</title>
+ <para>PostScript ¬O¦Lªí¾÷±±¨î»y¨¥ªº¼Ð·Ç¡AGhostScript ¬O PostScript ¸ÑĶ¾¹¡A
+ ¥i¥H¥Î¨Ó¼ÒÀÀ¹ê»Úªº¦Lªí¾÷¤ä´©¡C©Ò¥H¿ïÁʦLªí¾÷®É¡A
+ ¥²¶·¿ï¾Ü¦Lªí¾÷¤ä´© PostScript ªº¡A¦Ü¤Ö¬O GhostScript ©Ò¤ä´©ªº¦Lªí¾÷¡C
+ <ulink url="http://www.cs.wisc.edu/~ghost/">GhostScript ªº­º­¶</ulink>
+ ¤¤¦³¤ä´©ªº¦Lªí¾÷²M³æ¡A<ulink url="http://www.linuxprinting.org/">
+ LinuxPrinting.org</ulink> ¤]¦³³\¦hÃö©ó¦Lªí¾÷¤ä´©ªºª¬ªp¡C</para>
+ <para>¦ý¬O¦pªG±zªº¦Lªí¾÷¥u¤ä´© Windows ©Î¬O MacOS¡A¨º»ò½Ð¥Î
+ <application>ps2pdf12</application>/
+ <application>ps2pdf13</application> ±N¤U­±¦U¤è¦¡°µ¥Xªº
+ <filename>output.ps</filename>
+ Âন <filename>pdf</filename> Àɮרì windows ¤U¥h¦C¦L¡C¥u­n¥´¡G
+ <command>ps2pdf1x output.ps output.pdf</command>
+ §Y¥i¡C(¨ä¹ê­Y¬O¦³¦¹±¡ªp¡A
+ §Ú­Ì«Øij±zª½±µ±N­ì¥»»Ý­n¦C¦LªºÀɮת½±µ¶Ç¦Ü¦Lªí¾÷©Ò¦bªº¾÷¾¹¦C¦L§Y¥i)</para>
+ <para>¹ï¥»¾÷¦Lªí¾÷¦Ó¨¥¡A¤ä´© PostScript ªº¦Lªí¾÷¥u­n±N PostScript
+ ÀÉ°eµ¹¦C¦L¸Ë¸m§Y¥i§¹¦¨¦C¦L¡C
+ ¤£¤ä´© PostScript ªº¦Lªí¾÷´N­n´M¨D GhostScript ¤ä´©¡A
+ §Q¥Î GhostScript ±N PostScript ÀÉ°eµ¹¦C¦L¸Ë¸m¤~¯à§¹¦¨¦C¦L¡A
+ ¤]±`¥Î©ó¤£¤º´O¦r«¬ªºÀɮצC¦L¡C
+ ¹ïºô¸ô¦Lªí¾÷ªº¸Ü¡A¤´µM¤À¬°¤W­±¨âºØ¡C
+ ¥H¤U¥H¤@­Óºô¸ô¦Lªí¾÷ HP LasetJet 6P¡A
+ ¤£¤ä´© PostScript ¦ý¬O¦³ GhostScript ¤ä´©ªº¬°¨Ò¡G</para>
+ <para>¸g¹L linuxprinting ªº¬d¸ß¡A±oª¾¦³
+ <filename role="package">print/hpijs</filename> ªº¤ä´©¡C</para>
+ <para>¦b²£¥Í­n¦C¦Lªº PostScript ÀÉ«á¡A§Q¥Î gs ¨Ó²£¥Í PCL ÀÉ¡G</para>
+ <programlisting>
+gs -sDEVICE=ijs -sIjsServer=hpijs -dIjsUseOutputFD \
+ -sDeviceManufacturer="HEWLETT-PACKARD" -sDeviceModel="HP LaserJet" \
+ -sOutputFile="output.pcl" input.ps</programlisting>
+ <para>¥ý§Q¥Î smbclient ±o¨ì Printer ¦WºÙ¡G</para>
+ <programlisting>
+&prompt.user; <userinput>smbclient -L host.ip -U username</userinput>
+ Sharename Type Comment
+ --------- ---- -------
+ HPLaserJ Printer HP LaserJet 6P</programlisting>
+ <para>µM«áª½±µ¥Î smbclient ¨Ó¦C¦L§Y¥i¡G</para>
+ <programlisting>
+&prompt.user; <userinput>smbclient //host.ip//HPLaserJ -U username</userinput>
+print output.pcl</programlisting>
+ <para>³Ì«á¬O±N¸Óºô¸ô¦Lªí¾÷·í¦¨¥»¾÷¦Lªí¾÷¡A­×§ï <filename>/etc/printcap</filename>¡G</para>
+ <programlisting>
+lp-remote:\
+ :lp=/dev/null:\
+ :mx=0:\
+ :if=/usr/local/bin/smbprint:
+lp:\
+ :lp=/dev/null:\
+ :sd=/var/spool/lpd/lp:\
+ :af=/var/spool/lpd/lp/acct:\
+ :if=/usr/local/bin/smbfilter:</programlisting>
+ <para>¨Ã½s¼g <filename>/usr/local/bin/smbprint</filename>¡G</para>
+ <programlisting>
+#!/bin/sh -x
+logfile=/tmp/smbprint.log
+server=host.ip
+service=HPLaserJ
+username=username
+password=
+
+echo "server $server, service $service, username $username" >> $logfile
+(
+ echo "print -"
+ cat
+) | /usr/local/bin/smbclient "\\\\$server\\$service" $password -U $username -N -P >> $logfile</programlisting>
+ <para>¥H¤Î <filename>/usr/local/bin/smbfilter</filename>¡G</para>
+ <programlisting>
+#!/bin/sh
+gs -dSAFER -dBATCH -dNOPAUSE -q \
+ -sDEVICE=ijs -sIjsServer=hpijs -dIjsUseOutputFD \
+ -sDeviceManufacturer="HEWLETT-PACKARD" -sDeviceModel="HP LaserJet" \
+ -sOutputFile=- - | \
+ lpr -Plp-remote</programlisting>
+ <programlisting>
+&prompt.root; <userinput>mkdir -p /var/spool/lpd/lp</userinput>
+&prompt.root; <userinput>setenv PRINTER lp</userinput></programlisting>
+
+ <para>¥H¤U¬O¤@­Ó¤p script¡AÀ°±z¦Û°Ê±N¯Â¤å¦rÀɤÀ­¶</para>
+ <programlisting>
+#!/usr/bin/perl -w
+#
+# This tiny script converts ^L to empty lines
+# to fit a2ps
+# Currently it only eats from STDIN and output to STDOUT.
+# Fine enough.
+# Customize the $expbl (Expected blank lines) to meet your
+ needs.
+my $expbl=40; # Customize THIS !!!
+meow
+my $lc=0, $restlc=0 ;
+foreach (&lt;&gt;) {
+ if (/^L/) {
+ $restlc = $expbl - (($lc % $expbl)) ;
+ for ($i=1; $i < $restlc; $i++) {
+ $lc++ ;
+ # print "$lc " . "\n" ;
+ # You could comment out above line to see the
+ line number.
+ print "\n" ;
+ }
+ }
+ s/^L// ;
+ if (/\n/) { $lc++ ;}
+ # print "$lc " .$_ ;
+ # You could comment out above line to see the line
+ number.
+ print $_ ;
+}</programlisting>
+ <para>WWW: <ulink url="http://www.softwareliberty.org.tw/project/software-map/v1.01/node111.html">
+ ¦Û¥Ñ³nÅ鲤¶ - ¤¤¤å¿é¥X</ulink></para>
+ <para>WWW: <ulink url="http://www.twics.com/~craig/writings/linux-nihongo/node68.html">
+ Japanese Printing and Text Processing With Linux</ulink></para>
+
+ <sect1 id="now-printing">
+ <title>²{¦bªº¤¤¤å¦C¦L</title>
+ <para>¦b¬Ý²{¦bªº¤¤¤å¦C¦L«e¡A½Ð¥ý°Ñ¦Ò¹L
+ <link linkend="postscript">PostScript</link> ¤@¸`¡A
+ ²³æªº¨Ó»¡ CID-Keyed font ³Ð³y¥X¨Ó¡A
+ ´N¬O­n¸Ñ¨M cjk ³o¨Ç¤è¶ô¦r«¬ªº°ê®a¡C</para>
+ <para>
+ ¥Ø«eªº¤¤¤åÅã¥Ü¤w¸gºâ¬O§¹³Æ¡A§Ú­Ì¥­±`»Ý¨Dªº²ÊÅé»P±×Åé³£¯à¥¿±`Åã¥Ü¡A
+ §Q¥Î -medium-r ¹ïÀ³´¶³q¦r«¬¡A-bold-r ¹ïÀ³²ÊÅé¡A-medium-i ¹ïÀ³±×Åé¡A
+ -bold-i ¹ïÀ³²Ê±×Åé¡C</para>
+ <para>
+ ¥Ñ©ó <filename>print/ghostscript-gnu</filename> ±q 6.53 ¤É¯Å¨ì 7.05¡A
+ ¬Û¹ïÀ³ªº
+ <filename>chinese/ghostscript6</filename> »P
+ <filename>print/ghostscript-gnu-cjk</filename>(gs-cjk) ¤]³£ BROKEN¡A
+ ¤¤¤å¦C¦L´N¦¨¤F¤@­Ó°ÝÃD¡A¤£¹L¡A­ì¨Ó <application>gs-cjk</application>
+ ¤w¸g¿Ä¤J 7.05¡A
+ ¦Ó¥B¼W¥[ªº¤è¦¡§ó¬O²³æ¡A¥H¤U¥Î mozilla ªº¤¤¤å¦C¦L¨Ó»¡©ú
+ ¥u­n­×§ï <filename>/usr/local/share/ghostscript/7.05/lib/CIDFnmap</filename>
+ ³Ì«á¼W¥[¡G</para>
+ <programlisting>
+% Chinese Big5 Truetype Fonts (Arphic)
+/ZenKai-Medium (/usr/local/share/fonts/TrueType/bkai00mp.ttf) 1 ;
+/ShanHeiSun-Light (/usr/local/share/fonts/TrueType/bsmi00lp.ttf) 1 ;
+%
+% Convenient aliases for PS files on Chinese PostScript printer
+%
+/B5-H /ZenKai-Medium ;
+/ETen-B5-H /ZenKai-Medium ;
+/B5-H /ShanHeiSun-Light ;
+/ETen-B5-H /ShanHeiSun-Light ;
+%
+% CID fontmap for chinese-big5 encoding CIDFontName
+%
+/Adobe-CNS1 /ShanHeiSun-Light ;
+/MSung-Light /ShanHeiSun-Light ;
+/MHei-Medium /ZenKai-Medium ;
+/MOESung-Regular /ShanHeiSun-Light ;
+/MOEKai-Regular /ZenKai-Medium ;
+% Chinese GB TrueType Fonts (Arphic)
+/BousungEG-Light-GB (/usr/local/share/fonts/TrueType/gbsn00lp.ttf) 1 ;
+/GBZenKai-Medium (/usr/local/share/fonts/TrueType/gkai00mp.ttf) 1 ;
+%
+% CID fontmap for chinese-big5 encoding CIDFontName
+%
+/Adobe-GB1 /BousungEG-Light-GB ;
+/STSong-Light /BousungEG-Light-GB ; </programlisting>
+ <para>­n§¹¦¨¥H¤Uªº°Ê§@¡A½Ð¥ý½T»{¬O§_¦w¸Ë
+ <application>ghostscript-gnu</application>¡A¨Ã¥Bª©¥»¤j©ó 7.05¡A
+ ©Î¬O¦w¸Ë 6.53 ª©¥»¥[¤W <application>gscjk</application>¡A
+ ¨Ã¥B¦w¸Ë¦n <application>arphicttf</application>¡A¤]§â
+ <filename>CIDFnmap</filename> ³]©w¦¨¥\¡A
+ ­Y­n´ú¸Õ½Ð°Ñ¦Ò
+ <link linkend="test-cidfnmap">­×§ï CIDFnmap ªº´ú¸Õ</link> ¤@¸`¡C</para>
+ <para>WWW: <ulink url="http://www.gyve.org/gs-cjk/index-t.html">
+ gs-cjk project</ulink></para>
+ <para>WWW: <ulink url="http://zope.slat.org/Members/Keanu/slack_cprint/slack_cprint.stx/view">
+ Slackware 8.1 ¤Wªº¤¤¤å¦C¦L</ulink></para>
+ <sect2>
+ <title>mozilla ¶È¦³´¶³q¦rÅé</title>
+ <para>
+ ±µµÛ­×§ï /usr/X11R6/lib/mozilla/defaults/pref/unix.js ³Ì«á¼W¥[</para>
+ <programlisting>
+pref("print.postscript.nativecode.zh-TW", "big5");
+pref("print.postscript.nativefont.zh-TW", "MSung-Light-B5-H");</programlisting>
+ <para>
+ ¥Î mozilla ¶}ºô­¶¡A¿ï¨ú¦C¦L¡AµM«á¥Î /usr/ports/print/gv ¨ÓÆ[¬Ý¡A
+ ³o¼Ë¤l´N·|¬Ý¨ì¤¤¤åªº ps Åo¡C</para>
+ <para>
+ ¤£¹L¥i¥H¬Ý¨ì¡A¨Ã¨S¦³²ÊÅé»P±×Å骺¬ÛÃö³]©w¡Aµ§ªÌ¦b CIDFnmap ¨Ã¨S¦³§ä¨ì
+ ²ÊÅé»P±×Å骺¬ÛÃö³]©w¡A¤£¹L³o¹ï mozilla ¦Ó¨¥¬O¨¬°÷ªº</para>
+ </sect2>
+ <sect2>
+ <title>why MSung-Light¡H</title>
+ <para>
+ MSung-Light »P MHei-Medium «h¬O³\¦h³nÅé¹w³]ªº CID fontmap¡A
+ ³£§â¥L³s¨ì ShanHeiSun-Light »P ZenKai-Medium¡A
+ ¦Ó STSong-Light «h¬O¹w³]ªºÂ²Åé CID fontmap¡A
+ ¤é¤å¥Î HeiseiMin-W3 »P HeiseiKakuGo-W5¡A
+ Áú¤å«h¬O HyGoThic-Medium »P HYSMyeongJo-Medium</para>
+ <para>
+ ShanHeiSun-Light ªº¨Ó·½¬O ttfinfo /usr/local/share/fonts/TrueType/bsmi00lp.ttf
+ ªº TTFINFO_FONT_PSNAME="ShanHeiSun-Light"</para>
+ <programlisting>
+TTFINFO_FONT_FILE="/usr/local/share/fonts/TrueType/bsmi00lp.ttf"
+TTFINFO_FONT_NAME="AR PL Mingti2L Big5"
+TTFINFO_FONT_PSNAME="ShanHeiSun-Light"
+TTFINFO_FOUNDRY_NAME="Arphic"
+TTFINFO_WEIGHT_NAME="medium"
+TTFINFO_WIDTH="normal"
+TTFINFO_NUMCMAP="2"
+TTFINFO_CMAP0="1,0"
+TTFINFO_CMAPNAME0="Apple,Roman"
+TTFINFO_CMAP1="3,1"
+TTFINFO_CMAPNAME1="Windows,Unicode"
+TTFINFO_MAPNUM="1"
+TTFINFO_FONTMAP1="-Arphic-AR PL Mingti2L Big5-medium-r-normal--0-0-0-0-c-0-big5-0"</programlisting>
+ <para>
+ ¥Ø«e¤w¸g¦³Ãþ¦üªº ports¡A/usr/ports/japanese/ghostscript-gnu-jpnfont/
+ ­è§Ú¤] send-pr ¥h­×§ï /usr/ports/print/ghostscript-gnu-commfont ¤F</para>
+ </sect2>
+ <sect2 id="test-cidfnmap">
+ <title>­×§ï CIDFnmap ªº´ú¸Õ</title>
+ <para></para>
+ <programlisting>
+% cat cid.ps
+/MSung-Light-B5-H findfont 60 scalefont setfont
+50 600 moveto (2002¦~ 5¤ë29¤é) show
+/MHei-Medium-B5-H findfont 60 scalefont setfont
+50 520 moveto (2002¦~ 5¤ë29¤é) show
+/MOESung-Regular-B5-H findfont 60 scalefont setfont
+50 440 moveto (2002¦~ 5¤ë29¤é) show
+/MOEKai-Regular-B5-H findfont 60 scalefont setfont
+50 360 moveto (2002¦~ 5¤ë29¤é) show
+showpage
+quit
+% gv -antialias cid.ps
+% ps2pdf cid.ps
+% xpdf cid.pdf</programlisting>
+ <figure>
+ <title>20020527 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/20020527" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ ¥H¤U¬O mozilla.ps ªº zh_TW °Ï¬q¡Amozilla ªº¦C¦L¥¿±`</para>
+ <programlisting>
+/Unicode2NativeDictzh-TW 0 dict def
+/zh-TW_ls {
+ /NativeFont /MSung-Light-B5-H def
+ /UCS2Font /Courier def
+ /Unicode2NativeDict Unicode2NativeDictzh-TW def
+ /unicodeshow1 { real_unicodeshow } bind def
+ /unicodeshow2 { real_unicodeshow_native } bind def
+} bind def</programlisting>
+ </sect2>
+ <sect2>
+ <title>KDE3 ªº kword ¤´µM¦³°ÝÃD</title>
+ <para>
+ ¥H¤U¬O kword.ps ªº zh_TW °Ï¬q¡Akde3 ªº kword ¦C¦L¤´µM¦³°ÝÃD</para>
+ <programlisting>
+%%BeginSetup
+% Fonts and encodings used
+/MSung-Light-B5-HList [
+[ /MSung-Light-B5-H 1 0 ]
+ [ /MOESung-Regular-B5-H 1 0 ]
+ [ /Helvetica 1.18991 0 ]
+] d
+% Asian postscript font requested. Using MSung-Light-B5-H
+/MSung-Light-B5-HList [
+[ /MSung-Light-B5-H 1 0.2 ]
+ [ /MOESung-Regular-B5-H 1 0.2 ]
+ [ /Helvetica-Oblique 1.18991 0 ]
+] d
+% Asian postscript font requested. Using MSung-Light-B5-H
+/MSung-Light-B5-HList [
+[ /MSung-Light-B5-H 1 0 ]
+ [ /MOESung-Regular-B5-H 1 0 ]
+ [ /Helvetica-Bold 1.12803 0 ]
+] d
+% Asian postscript font requested. Using MSung-Light-B5-H
+/F1 30.375/MSung-Light-B5-H-Uni DF
+/F2 30.375/MSung-Light-B5-H-Uni DF
+/F3 30.375/MSung-Light-B5-H-Uni DF
+%%EndSetup</programlisting>
+ <para>
+ ¦ý¬O¥Î gs ¨Ó¬Ý´N·|¦³¦p¤Uªº¿ù»~°T®§</para>
+ <programlisting>
+GNU Ghostscript 7.05 (2002-04-22)
+Copyright (C) 2002 artofcode LLC, Benicia, CA. All rights reserved.
+This software comes with NO WARRANTY: see the file PUBLIC for details.
+Can't find (or can't open) font file /usr/local/share/ghostscript/Resource/Font/MSung-Light-B5-H-Uni.
+Can't find (or can't open) font file MSung-Light-B5-H-Uni.
+Substituting font Courier for MSung-Light-B5-H-Uni.
+Loading NimbusMonL-Regu font from /usr/local/share/ghostscript/fonts/n022003l.pfb... 18883696 17394664 1743000 367192 0 done.
+Can't find (or can't open) font file /usr/local/share/ghostscript/Resource/Font/MSung-Light-B5-H-Uni.
+Can't find (or can't open) font file MSung-Light-B5-H-Uni.
+Substituting font Courier for MSung-Light-B5-H-Uni.
+Can't find (or can't open) font file /usr/local/share/ghostscript/Resource/Font/MSung-Light-B5-H-Uni.
+Can't find (or can't open) font file MSung-Light-B5-H-Uni.
+Substituting font Courier for MSung-Light-B5-H-Uni.
+&gt;&gt;showpage, press to continue&lt;&lt;</programlisting>
+ </sect2>
+ <sect2>
+ <title>fonts.dir ªº²ÊÅé»P±×Åé</title>
+ <para>
+ ¦^¹LÀY¨Ó¬Ý fonts.dir ªº³]©w¤è¦¡</para>
+ <programlisting>
+bsmi00lp.ttf -Arphic-AR PL Mingti2L Big5-¥H¤U²¤
+ai=0.3:bsmi00lp.ttf -Arphic-AR PL Mingti2L Big5-¥H¤U²¤
+ds=y:bsmi00lp.ttf -Arphic-AR PL Mingti2L Big5-¥H¤U²¤
+ds=y:ai=0.3:bsmi00lp.ttf -Arphic-AR PL Mingti2L Big5-¥H¤U²¤</programlisting>
+ <para>
+ ²Ä¤@­Ó¬O¥¿±`ªº¦rÅé¡C
+ ai ¥Nªí Automatic Italic ·|³y¦¨±×Åé¡C«á­±ªº¼Æ¦r¬O¶É±×¤ñ¨Ò¡C
+ ds ¥Nªí Double Strike ·|³y¦¨°°²ÊÅé¡Cy ¥Nªí yes¡Aªí¥Ü­n²ÊÅé¡C
+ ¨â­Ó¤@°_¥Î´NÅܦ¨²Ê±×Åé¤F¡C</para>
+ <para>
+ ·íµM¡A¥H¤W¦b ttfm ªº¼Ò²ÕÀ³¸Ó³£·|¦Û°Ê²£¥Í¡A¦ý¤]¥i¥H¦Û¤v¥h¤â°Ê
+ ½Õ¾ã¡C¤]¥i¥H§Q¥Î fs=p ¨Ó½Õ¾ã¦¨½Õ¦X¦r(proportional font)¡C¥t¥~¡A
+ ­n¨Ï¥Î MS ªº·s²Ó©ú¡A¥i¥H¥[¤W eb=y ¨Ó±j­¢ FreeType ¥h¨Ï¥Î¤º´O
+ ©ó¦r«¬¤ºªºÂI°}¦r(·|¤ñ AA ¦n¬Ý¡A¤£¹L³o­Ó¥\¯à¤£¬O«Üí©w)¡C</para>
+ </sect2>
+ <sect2>
+ <title>gscjk ªº²ÊÅé»P±×Åé</title>
+ <para>
+ ¥H¤å¹©§ºÅ鬰¨Ò¡APSNAME ¬O ShanHeiSun-Light¡A¦Ó§Ú­Ì±`¥Îªº CMap ¬O
+ ETen-B5-H¡A©Ò¥H gscjk ªº¦r«¬´N·|¦³ 'ShanHeiSun-Light-ETen-B5-H'¡B
+ 'ShanHeiSun-Light-Bold-ETen-B5-H'¡B'ShanHeiSun-Light-Italic-ETen-B5-H'¡B
+ 'ShanHeiSun-Light-BoldItalic-ETen-B5-H'¡ABold ¬O²ÊÅé¡AItalic ¬O±×Åé¡A
+ BoldItalic ¬O²Ê±×Åé¡A³o¼Ë´N¦³¤F§Ú­Ì±`¥Îªº¦rÅé¤F¡C</para>
+ <para>
+ ±µµÛ¡Agscjk ´N·|¦b /usr/local/share/ghostscript/Resource/CIDFont/
+ ©³¤U²£¥Í ShanHeiSun-Light ShanHeiSun-Light-Bold ShanHeiSun-Light-BoldItalic
+ ShanHeiSun-Light-Italic¡A¨Ã¦b /usr/local/share/ghostscript/Resource/Font/
+ ©³¤U²£¥Í»PÁcÅ餤¤å CMap ¬Ûµ²¦Xªº¦r«¬¡C</para>
+ <para>
+ ¦b¦¹ªº²£¥Í¤è¦¡¬O³z¹L ttfm.sh ªº gscjk module¡A¥i¥Hª½±µ¨Ï¥Î ports ¤¤ªºª©¥»¡A
+ À˹î /usr/local/share/ttfm ©³¤U¬O§_¦³ gscjk.ttfm §Y¥i¡Attfm ªº¨Ï¥Î¤è¦¡
+ «h¦Û¤v°Ñ¦Ò manual ©Î¬Oºô­¶</para>
+ <programlisting>
+/ShanHeiSun-Light-B5-H findfont 60 scalefont setfont
+50 600 moveto (2002¦~ 5¤ë29¤é) show
+/ShanHeiSun-Light-Bold-B5-H findfont 60 scalefont setfont
+50 520 moveto (2002¦~ 5¤ë29¤é) show
+/ShanHeiSun-Light-Italic-B5-H findfont 60 scalefont setfont
+50 440 moveto (2002¦~ 5¤ë29¤é) show
+/ShanHeiSun-Light-BoldItalic-B5-H findfont 60 scalefont setfont
+50 360 moveto (2002¦~ 5¤ë29¤é) show
+showpage
+quit</programlisting>
+ <figure>
+ <title>20020527-2 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/20020527-2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect2>
+ <sect2 id="abiword-print">
+ <title>AbiWord ªº²ÊÅé»P±×Åé</title>
+ <para>¥H¤U¥u¾A¥Î©ó <filename role="package">editors/AbiWord</filename>¡A
+ ¦pªG¬O¨Ï¥Î <filename role="package">editors/AbiWord2</filename>
+ ½Ð°Ñ¦Ò gtk2 ªº³]©w¤è¦¡¡C</para>
+ <para>
+ AbiWord ¤]¦P¼Ëªº¥i¥H¦C¦L²ÊÅé»P±×Åé¡CAbiWord ªº¦r«¬¥Ø¿ý¦b
+ /usr/X11R6/share/AbiSuite/fonts¡A¦b¨ä¤º¥ý«Ø¥ß zh-TW ¥Ø¿ý
+ ±µµÛ¥u­n§Q¥Î ttf ¨Ó«Ø¥ß fonts.dir ´N¥i¥H¤F¡C</para>
+ <para>®æ¦¡¦p¤U¡G</para>
+ <programlisting>
+PSFONT, TTFFONT, 880, 120, 1000</programlisting>
+ <para>©Ò¥H´N«Ø¥ß¦p¤Uªº fonts.dir</para>
+ <programlisting>
+4
+ShanHeiSun-Light-ETen-B5-H, -Arphic-AR PL Mingti2L Big5-medium-r-normal--0-0-0-0-c-0-big5-0, 880, 120, 1000
+ShanHeiSun-Light-Bold-ETen-B5-H, -Arphic-AR PL Mingti2L Big5-bold-r-normal--0-0-0-0-c-0-big5-0, 880, 120, 1000
+ShanHeiSun-Light-Italic-ETen-B5-H, -Arphic-AR PL Mingti2L Big5-medium-i-normal--0-0-0-0-c-0-big5-0, 880, 120, 1000
+ShanHeiSun-Light-BoldItalic-ETen-B5-H, -Arphic-AR PL Mingti2L Big5-bold-i-normal--0-0-0-0-c-0-big5-0, 880, 120, 1000</programlisting>
+ <para>
+ §Q¥Î -medium-r ¹ïÀ³´¶³q¦r«¬¡A-bold-r ¹ïÀ³ -Bold¡A-medium-i ¹ïÀ³ -Italic¡A
+ -bold-i ¹ïÀ³ -BoldItalic¡C</para>
+ <para>
+ ¤£¹L§Ú³£ÁÙ¥²¶·¦b zh-TW ©³¤U touch .already-in-fp¡Aabiword ¤~¤£·|»¡</para>
+ <programlisting>
+Abiword could not load the following font or fontset from the X Window System display server:
+ [-*-Times New Roman-regular-r-*-*-*-0-*-*-*-*-*-*]</programlisting>
+ </sect2>
+ <sect2>
+ <title>kde2 ªº¤¤¤å¦C¦L [OBSOLETE]</title>
+ <para>kde2.2.2 ¤¤¤å¦C¦L©Ò»Ý­nªº PSNAME ¬O MSung-Light ©M MHei-Medium¡A
+ ©Ò¥H¦b ttfm.sh ·f°t gscjk.ttfm «á¥i¥H¦b
+ /usr/local/share/ghostscript/7.05/lib/CIDFnmap ªº³Ì«á¥[¤W¨â¦æ¨Ó alias</para>
+ <programlisting>
+/MSung-Light /ShanHeiSun-Light ;
+/MHei-Medium /ZenKai-Medium ;</programlisting>
+ <para>
+ ÁÙ¬O­n¦b gscjk.ttfm ¤¤§@ -setdefault ®É alias ¤@­Ó¦¨ MSung-Light¡H</para>
+ <para>
+ ¥t¥~¹J¨ì¤@­Ó°ÝÃD¡Akde2 ¥Î print to pdf ¤¤¤å¡A¤º«Øªº viewer ¥i¥H¬Ýªº¨£
+ ¦ý¬O xpdf «h·|¦³°ÝÃD¡Axpdf-1.01
+ ¦Ó print to ps ¤º«Øªº viewer ¬Ý¤£¨£¡A¦ý¬O gs gv ³£¬Ýªº¨£</para>
+ <para>
+ ¥H¤U¬O xpdf ªº error msg</para>
+ <programlisting>
+Error: Unknown font tag 'R14'
+Error (1850): No font in show</programlisting>
+ <figure>
+ <title>kde-print snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/kde-print" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect2>
+ </sect1>
+
+ <sect1 id="bg5pdf">
+ <title>bg5pdf - Âà´«¤¤¤å Big5 ½s½X¤å¥ó¦¨¬°¤£¤º´Oªº PDF</title>
+ <para>
+ ³o¬O¥Ñ Chen-Shan Chin ¨Ï¥Î python ¤Î PDFLib ©Ò¼gªº³nÅé¡Aª½±µ¥Ñ¤¤¤å
+ big5 txt Âন¤¤¤å pdf ÀÉ¡A¨Ï¥Î¤£¤º´Oªº Acrobat Reader
+ ªº¤¤¤å CIDKeyed font¡A¥i¥H¨ÏÀÉ®×Åܱo«D±`ªº¤p
+ (¥u¬Oµù¥U¤F¤¤¤å¦r«¬ªº¦WºÙ¦Ó¤w)¡A
+ ¥u¬O¥Ø«e¥u¦³©T©w¤j¤pªº¦rÅé¥i¥Î¡A
+ µLªk°µ¥X¼ÐÃD¤§ÃþªºÅܤơC¦n³B¬O¡A
+ ¥i¥H°µ copy & paste ¤Î¦³ search ªº¥\¯à¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/bg5pdf</filename>¡C</para>
+ <para>´ú¸Õ¡G</para>
+ <screen>
+&prompt.user; <userinput>echo "¤¤¤å´ú¸Õ" > test.txt</userinput>
+&prompt.user; <userinput>bg5pdf test.txt</userinput>
+Output File is test.txt.pdf
+&prompt.user; <userinput>pdffonts test.txt.pdf</userinput>
+name type emb sub uni object ID
+------------------------------------ ------------ --- --- --- ---------
+MSung-Light-ETen-B5-H CID Type 0 no no no 7 0
+Helvetica-Oblique Type 1 no no no 8 0
+</screen>
+ <figure>
+ <title>bg5pdf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/bg5pdf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://students.washington.edu/cschin/">
+ http://students.washington.edu/cschin/</ulink></para>
+ </sect1>
+
+ <sect1 id="bg5ps">
+ <title>bg5ps - ¨Ï¥Î TTF ¦r«¬Âà´«¤¤¤å Big5/GB ½s½X¤å¥ó¦¨¬° Portscript</title>
+ <para>
+ <application>bg5ps</application> ¬O¤@­Ó¨Ï¥Î¥¨Á¯´y­z»y¨¥
+ (Python Scrpting Language)¼gªº¤@­Ó¤pµ{¦¡¡A¯à°÷§Q¥Î´X®M§K¶Oªº
+ Truetype ¤¤¤å¦r«¬±N¤@¯ë¥Î BIG5 ½s½Xªº¤å¦rÀÉÂà´«¦¨¯à°÷¦b
+ ¨S¦³¤¤¤å¦r«¬ªº postscript ¦Lªí¾÷©Î¬O¥u¦³ ghostscript
+ ªº¨t²Î¤W¦L¦Cªº postscript ÀɮסC <application>bg5ps</application>
+ ¤]¥i¥H®³¨Ó·í°µ¹LÂo¾¹(filter)¡A¥Î¨Ó¹LÂo¦b FreeBSD ¤Wªº
+ <application>Netscape</application> ©Î¬O mpage ²£¥Íªº
+ postscript ÀɮרӦL¦C¨ä¤¤©Ò¥]§tªº BIG5 ¤¤¤å¦r¤¸¡C¦]¬°
+ <application>bg5ps</application> ¨Ï¥Îªº¬O Truetype
+ ¦r«¬¦Ó«D¯x°}¦r«¬¡A·í¦b¹p®g¦Lªí¾÷¤W©Î¬O¦r«¬¸û¤j®É¡A
+ ¥i¥HÀò±o¤ñ¸û¦nªº¦L¦C«~½è¡C </para>
+ <para>¦w¸Ë <filename role="package">bg5ps</filename>¡C</para>
+ <para>
+ ¥Ø«e <application>bg5ps</application> ¬O±Ä¥Î
+ <application>moettf</application> ¬°¦C¦Lªº¦r«¬¡C±z¥²¶·³]©w
+ TTF ¦r«¬¸ô®|¡A¦b¦w¸Ë§¹¤§«á¡A±z¥²¶·°Ñ¦Ò
+ <filename>/usr/local/etc/bg5ps/bg5ps.conf.sample</filename>
+ ¡A¨Ã±N±zªº³]©wÀɸm©ó <filename>~/.bg5ps.conf</filename> ©Î
+ <filename>/usr/local/etc/bg5ps/bg5ps.conf</filename>¡C</para>
+ <para>
+ ¥Î¥¦©Òªþªº½d¨Ò¨Ó´ú¸Õ¡A¨Ã¥Î <application>ghostview</application> ©Î
+ <application>gv</application> Æ[¬Ýµ²ªG¡G </para>
+ <screen>
+&prompt.user; <userinput>cd /usr/local/share/doc/bg5ps</userinput>
+&prompt.user; <userinput>bg5ps -if bg5ps.txt -of bg5ps.ps</userinput>
+&prompt.user; <userinput>ghostview bg5ps.ps</userinput> </screen>
+ <para><command>bg5ps -h</command> ¨Ó¬Ý¦³¨º¨Ç°Ñ¼Æ¥i¥H¨Ï¥Î¡C</para>
+ <para>¨Ï¥Î¤èªk</para>
+ <para>
+ bg5ps ¥i¥H¥H¿W¥ß(stand along)©Î¬O·í¦¨¹LÂo¾¹(filter)¨Ó¨Ï¥Î¡C </para>
+ <para>¥H¿W¥ß¤è¦¡°õ¦æ¡C</para>
+ <para>
+ ¦pªG±zªº³]©wÀɨS¦³°ÝÃD¡A¦b¤j¦h¼Æªº®É­Ô±z¥u¶·¤U¹F </para>
+ <screen>
+&prompt.user; <userinput>bg5ps -if yourfile.big5 -of yourfile.ps</userinput> </screen>
+ <para>
+ ´N¥i¥H±N big5 ½s½XªºÀÉ®×Âন¥i¥H¦L¦Cªº postscript ÀɮסC ¦b¤j³¡¥÷ªº
+ Ãþ UNIX ªº¨t²Î¸Ì¡A¨Ï¥Î </para>
+ <screen>
+&prompt.user; <userinput>lpr yourfile.ps</userinput> </screen>
+ <para>
+ ´N¥i±N postscript ÀɮצL¥X¡C»Ý­nª`·Nªº¬O±z¥²¶·­n¦³ postscript ¦Lªí
+ ¾÷©Î¬O¥Î ghostscript ¼ÒÀÀ postscript ªº¦Lªí ¾÷¤Î¦Lªí¹LÂo¾¹¡C¦¹¥~±z
+ Áٻݭn½T©w±z¬O§_¥¿½Tªº«ü©w¦Lªí¾÷¡C
+ ¦pªG±z·Q­n±N mpage ¤Î netscape ©Ò²£¥Íªº postscript¤¤ªº big5 ½X°µ³B
+ ²z¡A¨Ï¨ä¦¨¬°¥i¥H¦L¦C big5 ¤¤¤åªº postscriptÀÉ¡C ¨º±z»Ý­n¥[¤W "-nps
+ y" ³o­Ó¿ï¶µ¦p¤U </para>
+ <screen>
+&prompt.user; <userinput>bg5ps -nps y -if netscape.ps -of cnetscape.ps</userinput> </screen>
+ <para>
+ ¦]¬°¦b netscape ²£¥Íªº postscript Àɤ¤ªº­^¤å¬O¥iÅܼe«×ªº¦r«¬¡A ©Ò¥H
+ ¦³®É·|¦³©M¤¤¤å¹ï¤£»ôªºª¬ªpµo¥Í¡C¦p¥Î mpage «h¨S¦³³o¤è­± ªº°ÝÃD¡C¥Î
+ mpage+bg5ps ¬O¥Î¨Ó¹wÄý¤jªº¤¤¤åÀɮ׸`¬Ù¯È±iªº¦n¤è®×¡C </para>
+ <para>·í¦¨¹LÂo¾¹¨Ï¥Î¡C</para>
+ <para>
+ bg5ps ¤]¥i¥H§Q¥Î UNIX ¤¤ªººÞ¹D(pipe)·í¦¨¹LÂo¾¹¨Ï¥Î¡C¤èªk¦p¤U </para>
+ <screen>
+&prompt.user; <userinput>cat yourfile.big5 | bg5ps &gt; yourfile.ps</userinput>
+&prompt.user; <userinput>cat yourfile.big5 | bg5ps | lpr</userinput> </screen>
+ <para>©Î</para>
+ <screen>
+&prompt.user; <userinput>cat netscape.ps | bg5ps -nps y &gt; yourfile.ps</userinput>
+&prompt.user; <userinput>cat netscape.ps | bg5ps | lpr</userinput> </screen>
+ <para>¿ï¶µ</para>
+ <programlisting>
+ bg5ps ¦³¤U¦Cªº¿ï¶µ¥i¥H¨Ï¥Î
+ * -fp ChineseFontPath: «ü©w¤¤¤å¦r«¬ªº¸ô®|(¹w³]­È: »P bg5ps ¦P)
+ * -fn ChineseFontName: «ü©w¤¤¤å¦r«¬ªºÀɮצWºÙ(¹w³]­È: ntu_kai)
+ * -o [0|1]: 0 ¤£¿é¥X©_¼Æ­¶¡A1 ¿é¥X©_¼Æ­¶(¹w³]­È: 1)
+ * -e [0|1]: 0 ¤£¿é¥X°¸¼Æ­¶¡A1 ¿é¥X°¸¼Æ­¶(¹w³]­È: 1)
+ * -s num: «ü©w¿é¥X¦r«¬ªº¤j¤p(¹w³]­È: 12)
+ * -ls num: «ü©w¦æ¶Z(¹w³]­È: 6.0)
+ * -cs num: «ü©w¦r¶Z(¹w³]­È: 2.0)
+ * -lm num: «ü©w¥ªÃä¬É(¹w³]­È: 72.0)
+ * -rm num: «ü©w¥kÃä¬É(¹w³]­È: 72.0)
+ * -tm num: «ü©w¤WÃä¬É(¹w³]­È: 72.0)
+ * -bm num: «ü©w¤UÃä¬É(¹w³]­È: 72.0)
+ * -if filename: «ü©w¿é¤JÀÉÀɦW
+ * -of filename: «ü©w¿é¥XÀÉÀɦW
+ * -cf filename: «ü©w³]©wÀÉ(¹w³]­È: /.bg5ps.conf)
+ * -nps [y|n]: y ¨Ï¥Î nps ¼Ò¦¡¡An ¤£¨Ï¥Î nps ¼Ò¦¡(¹w³]­È: n)
+ </programlisting>
+ <para>½d¨Ò</para>
+ <screen>
+&prompt.user; <userinput>bg5ps -fn ntu_kai -e 0 -o 1 -s 18 -cs 3 -if mybig5.txt -of myps.ps</userinput> </screen>
+ <para>³]©wÀÉ(Configuration file)</para>
+ <para>
+ bg5ps ªº³]©wÀɨä¹ê¨C¤@¦æ³£¬O python script »y¨¥ªº¤@ ¦æ«ü¥O¡A¥Ñ bg5ps
+ ¥Dµ{¦¡¥h©I¥s°õ¦æ¡A©Ò¥H¥i¯à¦³¦w¥þ©Ê¤Wªº °ÝÃD¡C½Ð°O±o­n±N³]©wÀɧ令°ßŪ¡C
+ ¦]¬°³]©wÀɤ]¬O python script¡A©Ò¥H¨C¤@¦æªº¶}©l¬O¤£¯à¦³ªÅ®æªº¡C </para>
+ <programlisting>
+ bg5ps ³]©wÀɦ³¤U¦C°Ñ¼Æ¥i¥H§ïÅÜ
+ * chineseFontPath: «ü©w¤¤¤å¦r«¬ªº¸ô®|(¹w³]­È: »P bg5ps ¦P)
+ * fontName: «ü©w¤¤¤å¦r«¬ªºÀɮצWºÙ(¹w³]­È: ntu_kai)
+ * oddPages: 0 ¤£¿é¥X©_¼Æ­¶¡A1 ¿é¥X©_¼Æ­¶(¹w³]­È: 1)
+ * evenPages: 0 ¤£¿é¥X°¸¼Æ­¶¡A1 ¿é¥X°¸¼Æ­¶(¹w³]­È: 1)
+ * size: «ü©w¿é¥X¦r«¬ªº¤j¤p(¹w³]­È: 12)
+ * lineSpace: «ü©w¦æ¶Z(¹w³]­È: 6.0)
+ * chrSpace: «ü©w¦r¶Z(¹w³]­È: 2.0)
+ * leftMargin: «ü©w¥ªÃä¬É(¹w³]­È: 72.0)
+ * rightMargin: «ü©w¥kÃä¬É(¹w³]­È: 72.0)
+ * topMargin: «ü©w¤WÃä¬É(¹w³]­È: 72.0)
+ * bottomMargin: «ü©w¤UÃä¬É(¹w³]­È: 72.0) </programlisting>
+ <para>½d¨Ò¡G</para>
+ <programlisting>
+chineseFontPath="/home/cschin/lib/cfonts"
+fontName="ntu_kai"
+oddPages=1
+evenPages=1 </programlisting>
+ <note>
+ <para>
+ ¦pªG¦b <application>netscape</application>
+ ªº¦C¦L«ü¥O¸Ì­±§â "<command>lpr</command>" ´«¦¨
+ "<command>bg5ps -nps y | lpr</command>"¡A´N¥i¥H¦C¦L¤¤¤åºô­¶¤F¡C </para>
+ </note>
+ <figure>
+ <title>bg5ps snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/bg5ps" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>
+ WWW: <ulink url="http://students.washington.edu/cschin/">
+ http://students.washington.edu/cschin/</ulink>
+ </para>
+ <para>
+ Author: &a.cschin;
+ </para>
+ </sect1>
+
+ <sect1 id="enscript">
+ <title>enscript - ª½±µ¨Ï¥Î CID-font ¨Ó¦C¦L</title>
+ <para>
+ ³o¤@ª©ªº <application>ensctipt</application> ¬O¥Ñ
+ &a.cschin; ªº
+ ¸É¤B¨Ó¤ä´© Big5 ©M UniCNS-UTF8 ½s½Xªº¯Â¤å¦rÀÉ¡C
+ ¨â­Ó·sªº½s½X¦WºÙ¡A "big5" ©M "UniCNS-UTF8" ¬O·s¼Wªº¡C
+ Since there is no easy way to get AFM for CJK CID-font,
+ I simply assign the width for the same for all character. </para>
+ <para>
+ You need to have a CID-font for these encoding to use
+ this function. </para>
+ <para>¦w¸Ë <filename role="package">chinese/enscript</filename>¡C</para>
+ <para>¨Ï¥Î <application>enscript</application></para>
+ <programlisting>
+For BIG5 users, use commands like this to generate PS documents:
+enscript -X big5 -f DefaultMingB5-Regular-B5pc-H@12 -o [output.ps] [file]
+Make sure to use those fonts having "B5pc" in their names.</programlisting>
+ <para>
+ Author WWW: <ulink url="http://students.washington.edu/cschin/bg5ps/enscript-TW-support/">
+ http://students.washington.edu/cschin/bg5ps/enscript-TW-support/</ulink></para>
+ <para>
+ WWW: <ulink url="http://www.gnu.org/software/enscript/enscript.html">
+ http://www.gnu.org/software/enscript/enscript.html</ulink> </para>
+ </sect1>
+
+ <sect1 id="gb2ps">
+ <title>gb2ps - Âà´«¤¤¤å GB ½s½X¤å¥ó¦¨¬° PostScript</title>
+ <para>
+ <application>gb2ps</application> ¬O¥t¤@ºØ¥i¥H¦C¦L
+ GB »P HZ ½s½Xªº¤u¨ãµ{¦¡¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/gb2ps</filename>¡C</para>
+ <para>¦r«¬¡G</para>
+ <programlisting>
+csong24.ccf ckai24.ccf
+cfang24.ccf chei24.ccf
+<ulink url="ftp://ftp.ifcss.org/pub/software/fonts/gb/misc/">
+ftp://ftp.ifcss.org/pub/software/fonts/gb/misc/</ulink> </programlisting>
+ <para>
+ ±N¦r«¬©ñ¦b¬Y­Ó¥Ø¿ý¤U¡A¨Ò¦p
+ <filename>/usr/local/lib/chinese/CFONT</filename> </para>
+ </sect1>
+
+ <sect1 id="gbscript">
+ <title>gbscript - Âà´«¤¤¤å GB ½s½X¤å¥ó¦¨¬° PostScript</title>
+ <para>
+ Âഫ²Åé¦r(GB)¦¨ PostScript Àɤ@­Ó¥i±N¤¤¤å¦rÂন PS ®æ¦¡ªºµ{¦¡¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/gbscript</filename>¡C</para>
+ </sect1>
+
+ <sect1 id="tocps">
+ <title>tocps - Âà´«¤¤¤å½s½X¤å¥ó¦¨¬° PostScript</title>
+ <para>
+ ¸ÑĶ <application>Netscape</application> ¥t¦s·sÀɪº
+ PostScript ÀɮסA¦¨¬°¥i¦C¦Lªº¤¤¤å(GB)
+ PostScript ÀɮסC </para>
+ <para>¦w¸Ë <filename role="package">chinese/tocps</filename> ªº¦w¸Ë¡G</para>
+ </sect1>
+
+ <sect1 id="vflib">
+ <title>vflib - ¨Ï¥Î¦Û¥Ñ¦V¶q¦r«¬ªº¦V¶q¦r«¬¨ç¦¡®w¡A¤ä´© BIG5 ©M GB</title>
+ <para>TurboLinux ±Ä¥Îªº VFlib + gs 5.5 ¨Ó°µ¤¤¤å¦C¦L¡A
+ ±N VFlib patch ¥[¨ì gs 5.5 ¤W¥h¡A¦]¬° gs 5.5 ¤£¹³ gs6
+ ¥»¨­¤w¸g¤ä´©¤¤¤å¦r¡A¦]¦¹­n³z¹L VFlib ¨Ó³B²z¤¤¤å¦r¡A
+ ®ÄªG¤£¿ù¡A¦Ó¥B¤S¯à°÷¦L¥X±×Åéµ¥ÅܤƦrÅé¡C</para>
+ <para>¦b¤é¥»¡A¤ñ¸û±`¥Îªº¸Ñ¨M¤èªk¡A´N¬O§Q¥Î "VFlib patch" Åý ghostscript
+ ¯à°÷¨Ï¥Î¤@¨Ç°Ó¥Îªº¤é¤å¥~®Ø¦r«¬¡AÂI°}¦r«¬©M TrueType ¦r«¬¡A
+ ¦P®É PostScript µ{¦¡³z¹L³o¨Ç VFlib ­×¸É¡A
+ ¤]¯à°÷±N³o¨Ç¦r«¬·í§@ OCF(original composite font)
+ ªº¦r«¬¨Ó¨Ï¥Î¡C</para>
+ <para>
+ WWW: <ulink url="http://TypeHack.aial.hiroshima-u.ac.jp/VFlib/">
+ http://TypeHack.aial.hiroshima-u.ac.jp/VFlib/</ulink> </para>
+ </sect1>
+
+ <sect1 id="cnprint">
+ <title>cnprint</title>
+ <para>cnprint ¬O¤@­Ó±N¤¤¤å¤å³¹Âà´«¬° PostScript ÀÉ®×¥H¨Ñ¦C¦Lªº¤u¨ã¡C
+ ¨Ï¥Î¤W´N©M¼Ð·Çªº¦C¦L«ü¥O¤@¼Ë¡C¥¦¦P®É¤ä´© GB, HZ »P BIG5 ½s½X¡C
+ cnprint ¥i¥H³B²z Chinese/Japanese/Korean ¤å¥óÂà´«¡ADOS¡BVMS¡BUNIX ¨t²Î¤U¡A
+ ³£¯à¨Ï¥Î¡C¤ä´© GB, Hz, zW, BIG5, CNS, JIS, EUC, Shift-JIS, KSC, UTF8,
+ UTF7, UTF16 µ¥µ¥®æ¦¡¡C¦P®É¤]¤ä´© HBF¡y Hanzi Bitmap Format¡z¡B
+ TTF¡yTrueType Format¡z¦r«¬¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/cnprint</filename>¡C</para>
+ <para>WWW: <ulink url="http://www.neurophys.wisc.edu/%7Ecai/software/">
+ CAI's Software Page - cnprint</ulink></para>
+ <para>WWW: <ulink url="http://www.twics.com/%7Ecraig/writings/linux-nihongo/node68.html">
+ Japanese Printing and Text Processing With Linux</ulink></para>
+ </sect1>
+
+ <sect1 id="wprint">
+ <title>wprint</title>
+ <para>Last Update: 2003¦~ 1¤ë29¤é ©P¤T 06®É24¤À36¬í CST</para>
+ <para>Contributed by ³¯º~»ö ( moto@chuany.net )</para>
+ <para>Wprint is a filter for Mozilla (Galeon, etc.), Htmldoc, and Netscape PostScript output that uses TrueType fonts to allow the printing of pages written in Unicode, Big5, KOI8, SJIS, the ISO-8859* charsets, and others.</para>
+ <para>¦w¸Ë <filename role="package">print/wprint</filename>¡C</para>
+ <para>­Y­nª½±µ¦C¦L¡A
+ ­×§ï <filename>/usr/local/etc/wprint.conf</filename>¡A
+ ¥[¤J©³¤U¨â¦æ¡G</para>
+ <programlisting>
+fontpath:/usr/local/share/fonts/TrueType/
+default:EUC-TW:bkai00mp.ttf=zh_TW.Big5:|lpr -P lp</programlisting>
+ <para>fontpath ªº¹ê»Ú¦ì¸m½Ð¨Ì·Ó±z¨t²Îªº¥Ø¿ý¬[ºc¡A
+ ¥t¥~ ttf ¦r«¬½Ð¨Ì·Ó¦Û¤v»Ý¨D­×§ï¡A
+ ¥»¨Ò¤l±Ä¥Î¤å¹©¤¤·¢Åé ( bkai00mp )¡C</para>
+ <para>­Y­n¦C¦L¦¨ ps ÀɮסA
+ ­×§ï <filename>/usr/local/etc/wprint.conf</filename>¡A
+ ¥[¤J©³¤U¨â¦æ¡G</para>
+ <programlisting>
+fontpath:/usr/local/share/fonts/TrueType/
+default:EUC-TW:bkai00mp.ttf=zh_TW.Big5:mybig5.ps</programlisting>
+ <para>³]©w³Ì«á¤@¦æªº³Ì«á¤@Ä椤¤å ps ÀɮצWºÙ¥i¦Û­q¡A
+ ³o¸ÌÀH·N¥Hmybig5.ps ¬°¨Ò¡A·í¦b mozilla ¤¤¿ï¾Ü¦C¦L¨ìÀɮ׮ɡA
+ ±zªº $HOME ·|¥X²{ mozilla.ps ( mozilla ¹w³]²£¥Í ) »P mybig5.ps
+ ( wprint Âà´«¦¨¤¤¤å«áªº ps ÀÉ )¡C</para>
+ <para>¥H§ó§ï mozilla ¦Lªí¾÷¿ï¶µ¬°¨Ò¡A­ì¨Óªº¦C¦L¬yµ{¡G</para>
+ <programlisting>mozilla -> print -> lpr</programlisting>
+ <para>²{¦b§Ú­Ì­n§ï¦¨¡G</para>
+ <programlisting>mozilla -> print -> wprint -> lpr</programlisting>
+ <para>³]©w¨BÆJ¦p¤U¡G
+ ½Ð¿ï¾Ü¤U©Ô¿ï³æªº ¡y ¦C¦L ¡z-> ÂI¿ï ¡y ¦Lªí¾÷ ¡z ¥k°¼ªº ¡y ÄÝ©Ê ¡zÁä ->
+ ±N ¡y¦L©R¥O ¡z¥Ñ­ì¨Óªº
+ ¡y lpr ${MOZ_PRINTER_NAME:+'-P'}${MOZ_PRINTER_NAME} ¡z
+ §ï¬° ¡y wprint ¡z</para>
+ <para>WWW: <ulink url="http://ttt.esperanto.org.uy/programoj/angle/wprint.html">
+ http://ttt.esperanto.org.uy/programoj/angle/wprint.html</ulink></para>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/software.sgml b/zh_TW.Big5/books/zh-tut/chapters/software.sgml
new file mode 100644
index 0000000000..222ec123ce
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/software.sgml
@@ -0,0 +1,346 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: software.sgml,v 1.67 2003/12/08 11:06:42 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="software">
+ <title>¦³¥Îªº¤¤¤å³nÅé</title>
+ <para>¥H¤U¤¶²Ðªº³£¬O¦b <filename>ports/chinese</filename> ©³¤Uªº®M¥ó¡C</para>
+
+ <sect1 id="FreeWnn">
+ <title>FreeWnn</title>
+ <para>¤@­Ó¥i¿é¤J¤é¤å/¤¤¤å/Áú¤åªº¤u¨ã(³oùØ¥u¥]§t¤¤¤å) ³o¬O­Ó¸û¾A¦X
+ ¤é¥»¤H¨Ó¿é¤J¤¤¤åªº¤u¨ã :-) ©M§Ú­Ì±`¥Îªº¿éªk²ßºD¦³»á¤jªº®t¶Z¡A
+ ¦³¿³½ìªº¤H¥i¸Õ¸Õ¡C </para>
+ <para>WWW: <ulink url="http://www.freewnn.org/">
+ freewnn project</ulink></para>
+ </sect1>
+
+ <sect1 id="acroread5-chtfont">
+ <title>acroread5-chtfont - Acrobat Reader 5.0 ªº PDF ¾\Ū³nÅé</title>
+ <para><filename role="package">chinese/acroread5-chtfont</filename> ¬O
+ Acrobat Reader 5.0 ªºÁcÅé¦r«¬ÀɮסA
+ ¥Î¨ÓÆ[¬Ý¤£¤º´O¤¤¤å¦rªº PDF ÀɥΡC
+ ¦pªG¥u¦w¸Ë <filename role="package">print/acroread5</filename>
+ «h¥u¯àÆ[¬Ý­^¤å PDF ©M¤º´O¦r«¬ªº¤¤¤å PDF¡C
+ ¥Ñ©ó <filename role="package">print/acroread5</filename>
+ »Ý­n <filename role="package">emulators/linux_base</filename>¡A
+ ©Ò¥Hµ§ªÌ³q±`§ï¥Î <filename role="package">chinese/xpdf</filename>
+ ©Î¬O <filename role="package">print/gv</filename> ¨ÓÆ[¬Ý¡C</para>
+ <!--<para>¨Ï¥Î«e½Ð¥ý <command>env XMODIFIERS=acrobat</command>¡C</para>-->
+ <figure>
+ <title>acroread snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/acroread" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.adobe.com/prodindex/acrobat/readstep.html">
+ http://www.adobe.com/prodindex/actobat/readstep.html</ulink> </para>
+ </sect1>
+
+ <sect1 id="clebase">
+ <title>cle_base - §Q¥Î CLE ©Ò´£¨Ñªº¤¤¤å L10N [OBSOLETE]</title>
+ <para>§Q¥Î CLE(Chinese Linux Extension) ©Ò´£¨Ñµ¹ GNU/Linux
+ ªº¤¤¤å L10N ¨Ó§¹¦¨¤¤¤å¤Æ¡A¥Ø«e¬O¥H RedHat ªºµo¦æª©¥»¬°¥D¡C
+ ³o­Ó port ¥u¦³¿ï¨ú CLE ¦w¸Ë®Éªº°ò¥»®M¥ó¡C
+ °£¤F¬O¤@­Ó GNU/Linux ¼ÒÀÀ¾¹¥~¡A¤]¥i¥H¦b¤W­±°õ¦æ L10N GNU/Linux
+ ³nÅé¡A¨Ò¦p <application>Netscape</application> ©Î¬O
+ <application>Star Office</application>¡C </para>
+ <para>¦b¦w¸Ë GNU/Linux base ¦¨¥\«á¡AÁÙ¥²¶·±N GNU/Linux kernel ¼Ò¦¡¶}±Ò¡A
+ ³o¼Ë¤~¯àÅý GNU/Linux ªº°õ¦æÀɹB§@¡C
+ GNU/Linux ¼Ò¦¡¥i¥H¸g¥Ñ­×§ï <filename>rc.conf</filename>
+ ¨Ó±N linux_enable ¶}±Ò¡A½Ð°Ñ¦Ò rc.conf(5)¡C </para>
+ <para>¦pªG¦³¨Ï¥Î NIS¡A§O§Ñ¤F­n­×§ï /compat/linux/etc ¤¤ªº
+ <filename>yp.conf</filename>¡C </para>
+ <para>WWW: <ulink url="http://cle.linux.org.tw">
+ http://cle.linux.org.tw</ulink> </para>
+ </sect1>
+
+ <sect1 id="cless">
+ <title>cless - ¤@­Ó¸û¦n¥Îªº¤À­¶¾\Ūµ{¦¡</title>
+ <para>¤@­Ó¸û¦n¥Îªº¤À­¶¾\Ūµ{¦¡¡A¨Ã¥B¤¤¤å¬Û®e¥Î©M
+ <application>more</application> ©Î <application>pg</application>
+ Ãþ¦ü¡A¦ý¥\¯à§ó±j¤j¡A¥B¤¤¤å¬Û®e¡C </para>
+ <para>¤£¹L¦pªG¤£»Ý­n¤¶­±¤¤¤å¤Æªº¸Ü¡A¤º«Øªº <command>less -r</command>
+ ¤w¸g«Ü°÷¤F¡C </para>
+ <para>
+ WWW: <ulink url="http://www.flash.net/~marknu/less/">cless project</ulink>
+ </para>
+ </sect1>
+
+ <sect1 id="dia">
+ <title>Dia - Ãþ¦ü Vision ªº¬yµ{³]­p³nÅé [OBSOLETE]</title>
+ <para>Dia ¬O¤@®M«Øºc¦b GTK+ ¤Wªº¬yµ{³]­p³nÅé¡A¨Ã¨Ï¥Î GPL ª©Åv´²§G¡C </para>
+ <para>Dia ³Q³]­p¦¨»P°Ó·~ª©ªºµøµ¡³nÅé 'Visio' ¤Q¤ÀÃþ¦ü¡C
+ ¥¦¥i¥H³Q¥Î¨Óø¤£¦PºØÃþªº¬yµ{¹Ï¡C
+ ¦b³o­Ó²Ä¤@ª©¤¤¡A¤]¤ä´©¤F UML ÀRºAµ²ºc¬yµ{¹Ï©Mºô¸ô¬yµ{¹Ï¡C
+ ¥¦¥Ø«e¥i¥HŪ¨ú©MÀx¦s¬yµ{¹Ï¨ì¦Û©wªºÀɮ׮榡©M¶×¥X¦¨ postscript¡C </para>
+ <para>WWW: <ulink url="http://www.lysator.liu.se/~alla/dia/">
+ dia project</ulink> </para>
+ </sect1>
+
+ <sect1 id="firebird">
+ <title>Firebird - BBS ¦øªA¾¹</title>
+ <para>Firebird BBS ¬O¤@­Ó BBS ¦øªA¾¹¡A¦³µÛ news ¯à¤O©M³\¦h¨ä¥L¥\¯à¡C
+ ¥¦¥]§t¤F mail/news/talk/irc ¥B¥u»Ý­n¨Ï¥Î telnet¡C </para>
+ <para>¥¦¦bÁcÅ餤¤åºô»Úºô¸ôÀô¹Ò¤¤¼sªxªº³Q¨Ï¥Î¡A¥¦¤]¦³ GB ½s½Xªºª©¥»¡A
+ ¦ý¬O¥Ø«eÁÙ¨S¿ìªk¨ú±o¡C </para>
+ <para>WWW: <ulink url="http://www.firebird.org.tw">
+ firebird project</ulink> </para>
+ </sect1>
+
+ <sect1 id="fortunetw">
+ <title>fortunetw - ­ð¸Ö¤T¦Ê­º»P©ö¸g</title>
+ <para>¦b¦w¸Ë§¹«á¡A¥u­n¨Ï¥Î <command>/usr/games/fortune
+ ${PREFIX}/share/games/fortune/tangshi</command> ©Î¬O
+ <command>/usr/games/fortune ${PREFIX}/share/games/fortune/yijing
+ </command> ´N¥i¥H¦³ÀH¾÷ªº­ð¸Ö¤T¦Ê­º©Î¬O©ö¸g¡C</para>
+ <figure>
+ <title>fortunetw snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/fortunetw" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="gnumeric">
+ <title>Gnumeric - GNOME ³øªí³nÅé</title>
+ <para>Gnumeric ¬O¤@­Ó¦n¥Îªº³øªí³nÅé¡A¥u­n±z·|¥Î Excel
+ «K·|¨Ï¥Î¥»³nÅé¡A¾Þ§@¤è¦¡Â²ª½¸ò Excel ¤@¼Ò¤@¼Ë¡C </para>
+ <para>¥»³nÅ鬰¤F¸ò¦U­Ó¦³¦Wªº³øªí³nÅé¬Û®e¡A§ó´£¨Ñ¤F¥i¥H¶}±Ò
+ Excel¡BLotus 1-2-3¡BApplix¡BSylk¡BXBase ¤Î Oleo µ¥µ¥ªºÀɮסC </para>
+ <para>WWW: <ulink url="http://www.gnome.org/gnome-office/gnumeric.shtml">
+ gnumeric project</ulink> </para>
+ </sect1>
+
+ <sect1 id="hanzim">
+ <title>hanzim - ¤¤¤å¦r¾Ç²ß³nÅé</title>
+ <para>³]­p¥Î¨ÓÀ°§U±z°O¾Ð¤¤¤å¦r¡A¨Ï¥Î¸Ó¦rªº¦hºØ·N«ä¡C
+ ·|Åã¥Ü¸Ó¦r¬Û¦Pªº¦r®Ú¡A³Ñ¤Uªº³¡¥÷¡Aµo­µ¡Aº~»y«÷­µµo­µ¡C</para>
+ <figure>
+ <title>hanzim snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/hanzim" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://zakros.ucsd.edu/~arobert/hanzim.html">
+ hanzim project</ulink></para>
+ </sect1>
+
+ <sect1 id="libtabe">
+ <title>libtabe - xcin ªº¤¤¤å³B²z¨ç¦¡®w</title>
+ <para>¦b¹q¸£¤W³B²z¤¤¤å¡A¸ò­ì¦³ªº C ¨ç¦¡®w¤@ª½«ÜÃø¶¶§Qªº¾ã¦X¡C¥H Big5
+ ½X¨Ó»¡¡A¤@­Ó¦r¦û¤F¨â­Ó byte¡A¤£ºÞ¬O­pºâ¦r¦êªø«×¡A
+ ©ÎªÌ¬O­n¦Ò¼{¤¤¤å¦rªº¦r§Ç¡A¬Æ¦Ü­n³B²zµü©Î¥y¤lªº®É­Ô¡A
+ ³£»Ý­n°µ¯S§Oªº½Õ¾ã¡A­ì¦³ªº C ¨ç¦¡®w®Ú¥»¤£¼Å¨Ï¥Î¡C¥t¤@¤è­±¡A
+ ¥Ñ©ó¨C­Óµ{¦¡¶}µo¤H­û¦b³B²z¤¤¤åªº®É­Ô¡A³£¦³¦Û¤vªº¤èªk¡A
+ ©Ò¥H¤£¦Pµ{¦¡¤§¶¡«ÜÃø¤À¨É¨ç¦¡®w¡A§ó¤£¥Î´£­«ÂЧQ¥Î¤F¡CTaBE
+ ­pµe§Æ±æ¯à°÷´£¨Ñ¤@­Ó§ó¦nªº¤¤¤å¨Ï¥ÎÀô¹Ò¡A¦]¦¹¡A
+ ´N«Ü»Ý­n¤@­Ó¯à³B²z¤¤¤å¦r¡Bµü¡B¥yªº²Î¤@¤¶­±»P¨ç¦¡®w¡A
+ ¨Ó°µ¬°©Ò¦³À³¥Îµ{¦¡ªº°ò¦¡Clibtabe¡A´N¬O§Æ±æ¦¨¬°³o¼Ëªº¤@®M¨ç¦¡®w¡A
+ ´£¨Ñ²Î¤@ªº¤¶­±»P¨¬°÷ªº¥\¯à¡AÅýÀ³¥Îµ{¦¡¦³±j¤jªº°ò¦¥i¥Hµo´§¡C </para>
+ <para>WWW: <ulink url="http://xcin.linux.org.tw/libtabe/index.html">
+ Libtabe is Used in XCIN</ulink> </para>
+ <para>
+ WWW: <ulink url="http://gusp.dyndns.org/doc/libtabe-db/libtabe.html">
+ http://gusp.dyndns.org/doc/libtabe-db/libtabe.html</ulink>[OBSOLETE]</para>
+ </sect1>
+
+ <sect1 id="linar">
+ <title>lunar - Âà´«¶§¾ä©M³±¾äªº¹ïÀ³¤é´Á</title>
+ <para>Âà´«¶§¾ä©M³±¾ä§â¶§¾äªº¤é´ÁÂন¹ïÀ³ªº³±¾ä¤é´Á¡A
+ ¤]¥i§â³±¾ä¤é´ÁÂন¹ïÀ³ªº¶§¾ä¤é´Á¡A¦¹µ{¦¡¤]¦L¥X¥Í¨v©M¤Ñ¥Ì¦a¤ä
+ ¡A¾A¥Î©ó¦è¤¸ 1900 ¦~¦Ü ¦è¤¸ 2049 ¦~¡C </para>
+ <para>¶§¾ä 2001 1 24 ¬O³±¾äªº 2001 1 1¡C</para>
+<programlisting>
+&prompt.user; <userinput>lunar 2001 1 24</userinput>
+&prompt.user; <userinput>lunar -i 2001 1 1</userinput>
+Lunar Version 2.1 (July 23, 1992)
+
+Solar : 2001.1.24.0 Wednesday
+Lunar : 2001.1.1.0 ShengXiao: Snake
+GanZhi: Xin1-Si4.Geng1-Yin2.Ding1-Hai4.Geng1-Zi3
+ (GanZhi Order) 8-6.7-3.4-12.7-1
+ (JiaZi Cycle) 18.27.24.37
+
+BaZi (8-characters) according to 'Four Column Calculation':
+ Geng1-Chen2.Ji3-Chou3.Ding1-Hai4.Geng1-Zi3
+ (GanZhi Order) 7-5.6-2.4-12.7-1
+ (JiaZi Cycle) 17.26.24.37
+&prompt.user; <userinput>lunar -5 -i 2001 1 1</userinput>
+Lunar Version 2.1 (July 23, 1992)
+
+¶§¾ú¡G¡@2001¦~ 1¤ë24¤é 0®É¡@¬P´Á¤T
+³±¾ú¡G¡@2001¦~ 1¤ë 1¤é¤l®É¡@¥Í¨vÄݳD
+¤z¤ä¡G¡@¨¯¤x¦~¡@©°±G¤ë¡@¤B¥è¤é¡@©°¤l®É¡@
+¥Î¥|¬W¯«ºâ±Àºâ¤§®É¨°¤K¦r¡G¡@©°¨°¦~¡@¤v¤¡¤ë¡@¤B¥è¤é¡@©°¤l®É </programlisting>
+ </sect1>
+
+ <sect1 id="linux-locale">
+ <title>linux_locale - linux ¼ÒÀÀ¾¹©Ò»Ýªº¤¤¤å locale ¸ê°T [OBSOLETE]</title>
+ <para>³o­Ó port ¥D­n¬OÅý­n¨Ï¥Î linux emulator ªº¤H¡A¤]¯à¦³ locale data¡A
+ ©Ò¥H¸g±`¨Ï¥Î linux-* ªº¤H³Ì¦n¸Ë¤@¤U¡A¥H­è¤~ªº¸gÅç¦Ó¨¥¡A
+ ¦w¸Ë¤F www/linux-mozilla «á¡A°õ¦æ«oµo¥Í locale ¤£¤ä´©ªº±¡ªp¡A
+ ³y¦¨®Ú¥»¨S¿ìªkÅý xcin2.5 ¤Á´«¿é¤Jªk¡A¨Ã¦b console ¦³Äµ§i°T®§¡A
+ ¦b¦w¸Ë«á´N¥i¥H¤Á´«¤F¡A¤£¹L¤¤¤åÁÙ¬O¨S¿ìªk¥¿½Tªº¿é¤J¨ì linux-mozilla ¤¤¡C
+ ¦ý¬O¦b linux_base-7.1 ¤§«á´N¥i¥H¤£»Ý­n linux_locale ¤F¡A
+ ¦]¬°³o¬Oµ¹ linux_base-6.2 ¥Îªº¡A¤§«á¤w¸g¬O¤º«Øªº¤F¡C</para>
+ <para>¤@ÂI¤p¸gÅç¡A°Ñ¦Ò¬Ý¬Ý :)</para>
+ </sect1>
+
+ <sect1 id="mkisofs">
+ <title>mkisofs - «Ø¥ß¥úºÐ¼v¹³ÀÉ</title>
+ <para>¦b FreeBSD ©³¤U¿N¿ý¥úºÐ¦³¨â­Ó¨BÆJ¡G</para>
+ <para>1. ±N©Ò»Ýªº¸ê®Æ ( ÀɮסA­µ¼Ö©Î¥þ³¡ ) ¥]¸Ë¦¨¤@¨Ç¯S§O®æ¦¡ªºÀɮסC</para>
+ <para>2. ¥Î burncd ±N³o¨ÇÀÉ®×¼g¤J¥úºÐ¤¤¡C </para>
+ <para>mkisofs ´N¬O 1. ªº¤u¨ã¡A¤]´N¬O«Ø¥ß¥úºÐ¼v¹³ÀÉ¡C
+ ¦Ó¦b ports/chinese ©³¤Uªº mkisofs ¥i¥H«Ø¥ß Chinese Big5
+ ÀɦW¡A½Ð¨Ï¥Î -J ªº¿ï¶µ¨Ó¨Ï¥Î¥¦¡C </para>
+ <para>¤]¥i¥H°Ñ¦Ò³o­Óºô­¶¡A
+ <ulink url="http://www.arekore.org/cdrecord/mkisofs-NLS-CJK.html">
+ mkisofs-NLS-CJK</ulink>¡C</para>
+ <screen>
+&prompt.root; <userinput>mkisofs -a -f -l -r -J -o ~/test.iso ~/test/</userinput>
+&prompt.root; <userinput>vnconfig vn0 test.iso</userinput>
+&prompt.root; <userinput>mount -t cd9660 /dev/vn0 /mnt/iso</userinput>
+&prompt.root; <userinput>ls /mnt/iso</userinput>
+&prompt.root; <userinput>umount /mnt/iso</userinput>
+&prompt.root; <userinput>vnconfig -u vn0</userinput>
+&prompt.root; <userinput>burncd -e -v -s 6 -f /dev/acd1c data test.iso fixate</userinput></screen>
+ <para>¥H¤Wªº½d¨Ò¬O§â <filename>~/test/</filename> ¥Ø¿ý¤Uªº©Ò¦³ÀɮסA
+ «Ø¥ß¦¨¤@­Ó <filename>test.iso</filename>¡A¥i¥H¥ý¥Î
+ <command>du -s -h ~/test/</command> À˹î¬O§_·|¶W¹L±zªº¥úºÐ®e¶q¡A
+ µM«á¥Î <command>vnconfig</command> ¨Ó´ú¸Õ¡A¦b´ú¸Õ«e¡A
+ °O±o­n¥ý¦w¸Ë <application>big5fs</application>¡A
+ ¨Ã«ö·Ó <application>big5fs</application> ªº­n¨D°µ¦n·Ç³Æ¤u§@¡A
+ ¦b·f°t¥i¥H¬Ý¨ì¤¤¤åªº <command>ls</command>¡A
+ ³o¼Ë¤l´N¥i¥H¦b FreeBSD ©³¤U¿N¿ý¤¤¤åÀɮפF¡C</para>
+ <para>¥Ø«e ports ¤¤ªº mkisofs ÁöµM¤ä´© nls¡A¦ý¬O¥u¦³¤ä´© one byte ªº¡A
+ ©Ò¥H¨Ã¤£¯à§@¤¤¤åªºÂà´«¡C</para>
+ <para>§@ªÌ¤£±Ä¯Ç multu-byte NLS ªº­ì¦]¦p¤U¡G</para>
+ <para>
+ Both solutions requiere the complete set of tables to be compiled into mkisofs.
+ There was no concept of reading files instead.
+ I believe that it is better to try to use libiconv instead.</para>
+ <para>¥H¤U¬Oµ§ªÌªº¤é»x¡A¤j³¡¤Àªº¤HÀ³¸Ó³£¤£·|·P¿³½ìªº¡C</para>
+ <para>³o½g¤å³¹¬O§Ú¦b¬Ý§¹ chinese/mkisofs ªº patch ¼g¤Uªº¤é»x¡A
+ mkisofs ¥Ø«e¬O cdrecord project ªº¤@³¡¥÷¡Acdrecord ¥Ø«e¦b
+ <filename role="package">sysutils/cdrtools</filename> ©³¤U¡A
+ ¦Ó mkisofs «h¬O¦b <filename role="package">sysutils/mkisofs</filename>
+ ¡A¸Ó port ³Ì¥D­nªº³¡¥÷´N¬O­×¥¿ mkisofs ªº joliet ¹ï¤¤¤åªº¤ä´©°ÝÃD¡A
+ patch ¤À¦¨¨â­Ó³¡¥÷¡Aconvert_to_unicode ©M joliet_strlenm¡C</para>
+ <para>¦b convert_to_unicode ³¡¤À¡A¥L·|±N©Ò¦³ªº¦r§@Âà´«¡AÂà´«¦¨ 2bytesªºUnicode½s½X¡A¥H±`¨£ªº­^¤å¨Ó»¡¡G</para>
+ <programlisting>
+ ABC -> 0A0B0C
+ 3bytes -> 6bytes</programlisting>
+ <para>¦Ó¤¤¤åªº³¡¥÷¡G</para>
+ <programlisting>
+ 0xA4E5(¤å) -> big5_to_unicode -> 0x6587
+ 2bytes 2bytes</programlisting>
+ <para>¨ä¹ê¥i¥Hª½±µ¥Î iconv §@±¼¾ã­ÓÂà´«ªº³¡¥÷¡C</para>
+ <para>¦Ó joliet_strlen ªº³¡¤À¡A
+ ³oÃä¬O«ü©w joliet ©Òµ¹¤©ªº buffer size¡A¹w³]¥þ³£¬O­^¤å¡A
+ ©Ò¥H­ì¥» 3bytes ªº ABC ·|Åܦ¨ 6bytes ªº 0A0B0C¡A
+ ¦ý¬O¤¤¤åªº³¡¥÷­n­×¥¿¦¨ 2bytes ªº¤¤¤å¥X¨ÓÁÙ¬O 2bytes¡C</para>
+ <para>©Ò¥H§Ú¤]°w¹ï²{¦b mkisofs ªºª©¥»§@¤F¤@­Ó patch¡A
+ ¦³¿³½ìªº¤H¥i¥H¸Ë outta-port/mkisofs ©Î¬O outta-port/cdrtools¡G</para>
+ <para>WWW: <ulink url="http://www.fokus.gmd.de/research/cc/glone/employees/joerg.schilling/private/cdrecord.html">
+ cdrecord project</ulink></para>
+ </sect1>
+
+ <sect1 id="mule-freewnn">
+ <title>mule-freewnn</title>
+ <para><application>MULE</application> ¬O
+ MULtilingual Enhancement to GNU Emacs ªºÂ²¼g¡C
+ ²³æªº»¡¡A´N¬O¦b <application>GNU Emacs</application>
+ ¤W¥[¨ÇªF¦è¡AÅý¥¦¥i¥H³B²z¦h°ê»y¨¥
+ (½s½X¨t²Î)¡C¥¦±N¦h¦ì¤¸²Õ(multi bytes)ªº½s½X¨t²Î
+ (encoding system)­«·s¦b¤º³¡¤S½s¤@¦¸½X¡A¦]¦¹¡A¤@½g¤å³¹¤¤¥i¦P®É
+ ¨Ï¥Î¤¤¤å (BIG5 ¸ò GB)¡A¤é¤å¡AÁú¤å¡A­^¤å¡A®õ¤åµ¥µ¥¡C </para>
+ <para>¦b <application>Mule-2.3</application> ¨Ï¥Î¤¤¤å</para>
+ <para>¦pªG±z¤w¦w¸Ë¤F¦r«¬¡A±z¥i¥H¥Î <application>mule</application>
+ ¨Ó¿é¤J»PÅã¥Ü¤¤¤å¡C
+ ¤j³¡¥÷ªº¦r«¬³£¬O 16 ©Î 24 ÂIªº¡A©Ò¥H¥Î¡G </para>
+ <screen>
+&prompt.root; <userinput>mule -fn 8x16 &amp;</userinput>
+&prompt.root; <userinput>mule -fn 12x24 &amp;</userinput> </screen>
+ <note><para>«ö M-x load-library RETURN chinese RETURN¡C
+ ``Ctrl-]'' ¥Î¨Ó¤Á´«¿é¤Jªk¡C </para></note>
+ </sect1>
+
+ <sect1 id="muni">
+ <title>muni</title>
+ <para>Muni finds the Unicode value of the 7773 Chinese characters
+ listed in Matthews' Chinese-English Dictionary. </para>
+ <para>WWW: <ulink url="http://www.whizkidtech.net/i18n/muni/">
+ muni project</ulink> </para>
+ </sect1>
+
+ <sect1 id="p5-date-chinese">
+ <title>p5-Date-Chinese</title>
+ <para>¯à¸g¥Ñ¿é¤J¦è¤¸¦~±o¨ì¹A¾ä¦~ªºµ{¦¡¡C</para>
+ <programlisting>
+#!/usr/bin/perl
+
+use Date::Chinese;
+$year = yearofthe( 1999 );
+print $year; # "Year of the hare"</programlisting>
+ </sect1>
+
+ <sect1 id="qkmj">
+ <title>qkmj - ¤¤°êªº°êºé¡G³Â±N</title>
+ <para>±z¬O§_¨S¦³¾÷·|©M§O¤H¥´³Â±N¡H¬O§_±`¬°¤F¥´³Â±N¿é¿ú¦Ó©MªB¤Í¶Ë©M®ð¡H
+ ³Â±N¥»¬O¤¤°êªº°êºé¡A¦ý±`¤[¥H¨Ó¤@ª½¬°¤H©Ò«¯¯fªº¤@ÂI¡A
+ ´N¬O³\¦h¤H±N¥¦®³¨Ó°µ¬°½ä¿úªº¤u¨ã¡C
+ ²{¦b¤@­ÓÅý±z¤F¸Ñ¦Û¤v³Â±N¹ê¤Oªº¾÷·|¨Ó¤F¡C³z¹Lºô¸ô³Â±N¡A
+ ±z¥i¥HÀH®É©M¨Ó¦Û¦U¦aªº¦n¤â¸û¶q¡A
+ ®Ú¾Ú¦Û¤vªº¤À¼Æ¶i¦Ó¥iª¾¹D¦Û¤vªº¹ê¤O¨s³º¦p¦ó¡C
+ QKMJ ¤§¤¤¤å¦WºÙ¬°ºô¸ô¥ð¶¢³Â±N¡A³o¬O¤@­Ó Clinet/Server ¬[ºc¡A
+ ¥i¥HÅý±z¦bºô¸ô¤W©M¨ä¥¦ªº¨Ï¥ÎªÌ¤@°_¥´³Â±Nªºµ{¦¡¡C </para>
+ <para>¦pªG¬O 5-CURRENT ªº¾÷¾¹¥²¶·¦w¸Ë COMPAT4X¡A
+ ¥B¥²¶·³]©w TERM ¬° vt100¡A©Ò¥Hµ§ªÌ³q±`³£¥Î
+ <command>env TERM=vt100 qkmj</command> ¨Ó±Ò°Ê¡A©Î¬O³]©w¦¨
+ alias¡A<command>alias qkmj 'env TERM=vt100 qkmj'</command>¡C</para>
+ <para>¨Ï¥Î®É½Ð¥´
+ <command>qkmj &lt;server_ip&gt; &lt;server_port&gt;</command>¡A
+ ¤£¥[«á­±°Ñ¼Æ¥Nªí¨Ï¥Î­ì¨Óªº³]©w¡C¨Ò¦p¡G<command>qkmj</command>
+ ´N¥i³s¨ì¥Ø«e QKMJ ªº¥D­n server¡C</para>
+ <para>¦pªG¦b¥´¤J <command>qkmj</command> ®Éµo²{¦p¤Uªº°T®§¡G</para>
+ <programlisting>
+Couldn't open /usr/libexec/ld.so.</programlisting>
+ <para>½Ð¥Î¦p¤Uªº«ü¥O¨Ó­×¥¿ <command>ln -s /usr/local/libexec/ld.so
+ /usr/libexec/ld.so</command>¡C</para>
+ <para>WWW:
+ <ulink url="ftp://ftp.csie.nctu.edu.tw/pub/CSIE/qkmj/qkmj.faq">
+ qkmj faq</ulink></para>
+ <figure>
+ <title>qkmj snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/qkmj" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.csie.nctu.edu.tw/~sywu/">
+ sywu's homepage</ulink> </para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/stepbystep.sgml b/zh_TW.Big5/books/zh-tut/chapters/stepbystep.sgml
new file mode 100644
index 0000000000..b48e456023
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/stepbystep.sgml
@@ -0,0 +1,318 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: stepbystep.sgml,v 1.37 2003/12/01 19:42:09 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="freebsd-desktop">
+ <title>¥H FreeBSD «Ø¥ß¤¤¤å Desktop ªº¦w¸Ë«ü«n</title>
+ <para>¥H¤U¬Oµ§ªÌ¦Û¤v¦b¦w¸Ë FreeBSD ®Éªº§@ªk¡A
+ ¨Ã¤£·|¾A¦X©Ò¦³¤H¡C</para>
+
+ <para>¦b«Ø¥ß¤¤¤å Desktop «e¡A½Ð¥ý°Ñ¦Ò
+ <ulink url="http://freebsd.sinica.edu.tw/handbook/install.html">
+ Installing FreeBSD</ulink> ¦w¸Ë¦n°ò¥»ªº FreeBSD Àô¹Ò¡A
+ ¨Ã³]©w¦nºô¸ô¥d¡C</para>
+
+ <para>¤@¯ë¨Ï¥ÎªÌªº»Ý¨D¬O­n¯à°÷¦b X Window ¤U¨Ï¥Î¤¤¤åÀô¹Ò¡A
+ ©Ò¥H¤U­±´N¬O«Ø¥ß°ò¥»¤¤¤åÀô¹Òªº°µªk¡C
+ ·í«ö·Ó¤U­±ªº¤¤¤åÀô¹Ò³]©w¦n«á¡A´N¥i¥H¨Ï¥Î <command>startx</command>
+ ¶}±Ò <application>GNOME</application> ¬ü¤Æ¹L«áªº
+ X Window¡A¨Ã¨Ï¥Î·Æ¹«¥kÁä¶}±Ò¿ï³æ¡A¥ý°õ¦æ <command>xcin2.5 &amp;</command>
+ «á¡A¦A°õ¦æ <command>gnome-terminal</command>¡A³o¼Ë¤l§Y¥i¦b
+ <application>gnome-terminal</application> ¤W¶i¦æ°ò¥»ªº¤¤¤åÅã¥Ü»P¿é¤J¡A
+ ³o¹ï¦b X Window ©³¤U¨Ï¥Î Console ³nÅé¤w¸g¤Q¤À¨¬°÷¡C</para>
+
+ <sect1 id="stepbystep">
+ <title>»´ÃP¦w¸ËFreeBSD¤¤¤å®à­±</title>
+ <para>¦pªGºô¸ôÁÙºâ§Ö¡A
+ FreeBSD ®à­±¨t²Îªº¦w¸Ë¬O¥i¥H¦b¤T¤Q¤ÀÄÁ¤º§¹¦¨ªº¡C</para>
+ <para>¦b³o­Ó³¡¤À¥H package ¦w¸Ëªº¤è¦¡¨Ó¶i¦æ¡A
+ ³o¼Ë¤l¥i¥H§Ö³tªº¨Ï¥Î FreeBSD¡C
+ ¦b¦w¸Ë§¹ FreeBSD «á¡A¨t²Î¤WÀ³¸Ó¨S¦³³\¦h¤è«Kªº®M¥ó¡A
+ ¦Ó´Nºâ¬O¥úºÐ¤W¦³¤@¨Ç¡A¤j³¡¤Àªºª¬ªp¤´µM¤£¼Å¨Ï¥Î¡A
+ ¯S§O¬O¥»¦a¤Æªº®M¥ó¤£·|©ñ¦b²Ä¤@¤ù¥úºÐ¤¤¡C
+ ÁöµM¦³²Ä¤T¤ù»P²Ä¥|¤ù¥úºÐ¤º§t³\¦h¡A¦ý®É±`·|¨S¥]§t§Ú­Ì­n¥Îªº¡A
+ ²¦³º²{¦bªº®M¥ó¤w¸g¤Ó¦h¡AªÅ¶¡¤£¨¬®e¯Ç¡C
+ ¦ý¬O¥Ø«e¦U¤j¾Ç³£¦³ mirror §¹¾ãªº packages¡A
+ ³o¹ï§Ú­Ì¦Ó¨¥¬O­Ó«D±`¦³§Qªº¡A¥u­nª¾¹D­þ­Ó¯¸Â÷§A³Ì§Ö¡A
+ «Ü§Öªº´N¯à«Ø¥ß·sªº FreeBSD Àô¹Ò¡C</para>
+ <para>§A¥i¥H¥ý³]©w <option>PACKAGEROOT</option>¡A³o¬O¥Î¨Ó§ì¨ú®M¥óªº¦ì¸m¡A
+ µ§ªÌ³q±`³]©w <command>setenv PACKAGEROOT ftp://ftp.tw.freebsd.org</command>¡A
+ ¦]¬°³o¬O§Ú»{¬°³Ìí©wªº¾÷¾¹¡AµM«á´N¥i¥H³z¹L <command>pkg_add -r ®M¥ó¦W</command>
+ ¨Ó¦w¸Ë®M¥ó¡A¥L·|¦Û°Êªº¨ì <filename>pub/FreeBSD/ports/i386/packages-4.9-release/Latest/</filename>
+ ©³¤U´M§ä®M¥ó¡A¦Ó¥B§A¤£»Ý­nª¾¹Dª©¥»¡A¥u­nª¾¹D®M¥ó¦WºÙ§Y¥i¡A
+ ¥L·|¦Û°Ê¦w¸Ë·í®Éªº³Ì·sª©¡A¤¤¤åªº³¡¤À¥u­n¥[¤W <option>zh-</option>¡A
+ ¹³¬O <filename>zh-xcin</filename>¡C</para>
+ <note><para>¦pªG­nÅý <filename role="package">sysutils/portupgrade</filename>
+ ¯à°÷¨Ï¥Î¡A«h­n¦b <filename>pkgtools.conf</filename> ¸Ì­±¥[¤W
+ <option>ENV['PACKAGEROOT'] = 'ftp://ftp.tw.FreeBSD.org'</option>¡A
+ ¨Ã¦b¨Ï¥Î <command>portupgrade</command> ®É¥[¤W <option>-P</option> ©Î¬O
+ <option>-PP</option> ¨Ó§Q¥Î packages ¦w¸Ë¡C</para></note>
+ <procedure>
+ <step><para>³]©w <option>PACKAGEROOT</option>¡C</para>
+ <screen>
+&prompt.root; <userinput>setenv PACKAGEROOT ftp://ftp.tw.freebsd.org</userinput></screen>
+ <para>¦b¤j³°³]©w¬° <option>ftp://ftp.freebsdchina.org</option>¡C</para>
+ <step><para>½Õ¾ã®É°Ï¡A¨Ã¹ï®É¡C</para>
+ <screen>
+&prompt.root; <userinput>tzsetup /usr/share/zoneinfo/Asia/Taipei</userinput>
+&prompt.root; <userinput>ntpdate time.stdtime.gov.tw</userinput></screen>
+ <para>½Ð°Ñ¦Ò <link linkend="tzsetup">®É°Ïªº³]©w</link> ¤@¸`¡C</para></step>
+ <step><para>¦w¸Ë <filename role="package">x11/XFree86-4</filename> »P
+ <filename role="package">x11/wrapper</filename>¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r XFree86</userinput>
+&prompt.root; <userinput>pkg_add -r wrapper</userinput></screen>
+ <para>½Ð°Ñ¦Ò <link linkend="xwin">¤¤¤å X Window</link> ¤@¸`³]©w
+ <filename>XF86Config</filename>¡C</para></step>
+ <step><para>¦w¸Ë <filename role="package">x11/gnome2</filename>
+ Window Manager¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r gnome2</userinput></screen>
+ <para>³]©w¨Ï¥Î startx ®É±Ò°Ê¡G</para>
+ <screen>
+&prompt.root; <userinput>echo exec gnome-session &gt; ~/.xinitrc</userinput></screen>
+ <para>¤§«á´N¥i¥H¥Î <command>startx</command> ¨Ó±Ò°Ê X ¤F¡C</para>
+ <screen>&prompt.root; <userinput>startx</userinput></screen>
+ <para>¶i¥h X «á§â¦rÅé§ï¦¨§Ú­nªº¡G
+ <option>À³¥Îµ{§Ç -> ®à­±­º¿ï¶µ -> ¦rÅé</option>¡A
+ <option>À³¥Îµ{§Ç¦rÅé: Bitstream Vera Sans</option>¡A
+ <option>®à­±¦rÅé: Bitstream Vera Serif</option>¡A
+ <option>²×ºÝ¦rÅé: Bitstream Vera Sans Mono</option>¡C</para>
+ <para>½Ð°Ñ¦Ò <link linkend="gnome">GNOME ªº¤¤¤å¤Æ</link> ¤@¸`¡C</para></step>
+ <step><para>¦w¸Ë <filename role="package">chinese/arphicttf</filename>
+ ¤å¹©Ác²¤¤¤å¦r«¬¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r zh-arphicttf</userinput></screen>
+ <para>±µµÛ½s¿è <filename>/etc/XF86Config</filename>¡A
+ ¦b <option>Section "Module"</option> °Ï¬q¡A
+ ¥[¤J <option>Load "xtt"</option>¡C</para>
+ <programlisting>
+Section "Module"
+ :
+ Load "xtt"
+EndSection</programlisting>
+ <para>¦b <option>Section "Files"</option> °Ï¬q¡A
+ ¥[¤J <option>FontPath "/usr/X11R6/lib/X11/fonts/TrueType/"</option>
+ »P <option>FontPath "/usr/X11R6/lib/X11/fonts/local/"</option>¡C</para>
+ <programlisting>
+Section "Files"
+ :
+ FontPath "/usr/X11R6/lib/X11/fonts/TrueType/"
+ FontPath "/usr/X11R6/lib/X11/fonts/local/"
+EndSection</programlisting>
+ <para>½Ð°Ñ¦Ò <link linkend="fonts">¿é¥X¦r«¬</link> ¤@¸`¡C</para></step>
+ <step><para>¦w¸Ë <filename role="package">chinese/auto-tw-l10n</filename>¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r zh-auto-tw-l10n</userinput></screen>
+ <para>¦w¸Ë§¹¡A¦b <filename>/usr/local/share/skel/zh_TW.Big5/</filename>
+ ¥Ø¿ý©³¤U·|¦³³\¦hªº°Ñ¦Ò³]©w¡C²Å餤¤å½Ð¥t¥~³]©w¡C</para>
+ <screen>
+&prompt.root; <userinput>cat /usr/local/share/skel/zh_TW.Big5/dot.cshrc >> ~/.cshrc</userinput>
+&prompt.root; <userinput>cat /usr/local/share/skel/zh_TW.Big5/dot.Xdefaults >> ~/.Xdefaults</userinput>
+&prompt.root; <userinput>cat /usr/local/share/skel/zh_TW.Big5/dot.gtkrc >> ~/.gtkrc.mine</userinput>
+ </screen>
+ <para>½Ð°Ñ¦Ò <link linkend="setlocale">¤¤¤å locale ªº³]©w</link> ¤@¸`¡C</para></step>
+ <step><para>¤¤¤åÁcÅé¿é¤J¦w¸Ë <filename role="package">xcin25</filename>¡A
+ ²Å餤¤å¿é¤J¥i¥H¦w¸Ë <filename role="package">fcitx</filename>¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r zh-xcin</userinput>
+&prompt.root; <userinput>pkg_add -r zh-fcitx</userinput></screen>
+ <para>±µµÛ½s¿è <filename>~/.cshrc</filename>¡A
+ ¥[¤J <option>setenv XMODIFIERS "@im=xcin"</option> ©Î¬O
+ <option>setenv XMODIFIERS "@im=fcitx"</option>¡A
+ Åý¤j³¡¥÷³nÅé³£¥i¥Hª¾¹D±z¦³¦w¸Ë¤F XIM¡C</para>
+ <para>¨Ã¥B§Ú·|­×§ï <filename>xcinrc</filename> ªº³¡¥÷³]©w¡A
+ ¥ý <command>chmod 644 /usr/X11R6/etc/xcin</command> «á¡A
+ ­×§ï¨ä¤º®e¡A§â <option>DEFAULT_IM</option> §ï¦¨
+ <option>chewing</option>¡A¨Ã¥B§â¹w³]ªº¦r«¬¤j¤p 24 §ï¦¨ 16¡C</para>
+ <para>½Ð°Ñ¦Ò <link linkend="view">¤¤¤åªºÅã¥Ü»P¿é¤J</link> ¤@¸`¡C</para></step>
+ <step><para>ÂsÄý¾¹´N¸Ë <filename role="package">www/mozilla-gtk2</filename>¡C
+ ¦pªG¦w¸Ë <application>GNOME2</application>
+ ¨º»ò³o­Ó¤]¬O¹w³]·|¦w¸Ëªº¤@³¡¤À¡C¶}±Ò«á¨Ó§ï¦r«¬¡G
+ <option>Edit -> Preferences -> Appearance -> Fonts</option>¡A
+ <option>Fonts for: Simplified Chinese</option>¡A
+ <option>Serif: Bitstream Vera Serif </option>¡A
+ <option>Sans-serif: Bitstream Vera Sans </option>¡A
+ <option>Cursive: Bitstream Vera Serif </option>¡A
+ <option>Fantasy: Bitstream Vera Serif </option>¡A
+ <option>Monospace: Bitstream Vera Sans Mono </option>¡A
+ <option>Minimum font size: 12 </option>¡C</para>
+ <para>¨Ã¥B¨ì <ulink url="http://themes.mozdev.org/">
+ http://themes.mozdev.org/</ulink> ¤U¸ü <application>ORbit 3+1</application>
+ ¡A<ulink url="http://themes.mozdev.org/themes/orbit.html">
+ http://themes.mozdev.org/themes/orbit.html</ulink> ªººô­¶¤¤¡A
+ ¥i¥H¿ï¾Ü¦w¸Ë¼Ò¦¡©Î¬OÀÉ®×¼Ò¦¡¡A¦w¸Ë¼Ò¦¡´N¬O¦b
+ <application>Mozilla</application>©³¤UÂI¿ï´N¥i¥H¦w¸Ë¡A
+ ÀÉ®×¼Ò¦¡¥i¥H¦Û¦æ¤U¸ü«á¡A¦b³z¹L <application>Mozilla</application>
+ ªº¥\¯à¨Ó¶×¤J¡C</para>
+ <para>½Ð°Ñ¦Ò <link linkend="mozilla">Mozilla ÁcÅ餤¤å»y¨¥¥]</link> ¤@¸`¡C</para></step>
+ <step><para>ÁöµM¹w³]ªº ls ¯à¬Ý¨ì¤¤¤å©M±m¦â¡A¤£¹L§ÚÁÙ¬O°¾¦n¨Ï¥Î
+ <filename role="package">misc/gnuls</filename>¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r gnuls</userinput></screen>
+ <para>¦w¸Ë§¹«á¡A¦b <filename>~/.cshrc</filename> ¼W¥[¤@¦æ
+ <option>alias ls 'gnuls --color=auto --show-control-chars'</option>¡A
+ Åý <application>gnuls</application> ªºÃC¦â©M¤¤¤å¥\¯à±Ò°Ê¡C</para>
+ <para>½Ð°Ñ¦Ò <link linkend="gnuls">gnuls - ¯S®í¤¤¤åÀɦW©M¥Ø¿ýªºÅã¥Ü</link> ¤@¸`¡C</para></step>
+ <step><para>·í»Ý­n»·ºÝ telnet ¿é¤J¤¤¤å®É¡A´N·|»Ý­n
+ <filename role="package">chinese/telnet</filename> ³o¼Ë¤lªº³nÅé¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r zh-telnet</userinput></screen>
+ <para>µM«á¦b <filename>~/.cshrc</filename> ¸Ì­±¥[¤W
+ <option>alias telnet zh-telnet</option>¡C</para>
+ <para>½Ð°Ñ¦Ò <link linkend="telnet">telnet ªº¤¤¤å°ÝÃD</link> ¤@¸`¡C</para></step>
+ <step><para>MP3 ¼·©ñ¾¹´N¥Î <filename role="package">chinese/xmms</filename>¡A
+ ¤¤¤åªº¦±¦W³£¥i¥H¬Ý¨ì¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r zh-xmms</userinput></screen>
+ <para>½Ð°Ñ¦Ò <link linkend="xmms">xmms - mp3 ¼½©ñ¾¹</link> ¤@¸`¡C</para></step>
+ <step><para>Media Player¡A¤ä´© vcd dvd DivX¡A¦w¸Ë
+ <filename role="package">multimedia/mplayer</filename>¡A
+ ¤¤¤å¦r¹õ³£¤ä´©¡C</para>
+ <screen>&prompt.root; <userinput>pkg_add -r mplayer</userinput></screen>
+ <para>½Ð°Ñ¦Ò <link linkend="mplayer">mplayer</link> ¤@¸`¡C</para></step>
+ <step><para>PDF Reader ¦w¸Ë <filename role="package">chinese/xpdf</filename>¡A
+ ³]©w¤@¤U¤¤¤å¨ú¥N¦r«¬¡A´N¥i¥H¬Ý¨ì¤j³¡¤Àªº¤¤¤å PDF¡C</para>
+ <screen>&prompt.root; <userinput>pkg_add -r zh-xpdf</userinput></screen>
+ <para>½Ð°Ñ¦Ò <link linkend="xpdf">¤¤¤å PDF ªºÅã¥Ü</link> ¤@¸`¡C</para></step>
+ <step><para>§Ú±`¥Îªº¦³ FTP Client ¦³ <command>fetch</command>¡A
+ <filename role="package">ftp/wget</filename>¡A
+ <filename role="package">ftp/ncftp3</filename>¡A
+ <filename role="package">ftp/IglooFTP</filename>¡A
+ «e¤T­Ó¬O¤å¦r¤¶­±¨Ï¥Îªº¡A³Ì«á¤@­Ó¦b X ©³¤U¡A¥H¤U¬O¦w¸Ë¡G</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r wget</userinput>
+&prompt.root; <userinput>pkg_add -r ncftp3</userinput>
+&prompt.root; <userinput>pkg_add -r IglooFTP</userinput></screen>
+ <para>¥Ñ©ó <application>wget</application> ªº¤¤¤å¦³ÂI°ÝÃD¡A
+ ©Ò¥H¥Ø«e³£¥Î outta-port ¦b¦w¸Ë¡C</para></step>
+ <step><para>MSN Messeger §Ú¨Ï¥Î <filename role="package">net/gaim</filename>
+ ¨Ó·í§@§ÚºD¥Îªº MSN Messenger¡C</para>
+ <screen>
+&prompt.root; <userinput>pkg_add -r gaim</userinput></screen>
+ <para>½Ð°Ñ¦Ò <link linkend="gaim">gaim - ICQ, MSN clone</link> ¤@¸`¡C</para></step>
+ </procedure>
+ </sect1>
+
+ <sect1 id="set-default-font">
+ <title>¨Ï¥Î¨ä¥L¦r«¬§@¬°¹w³]¦r«¬</title>
+ <para>Last Update: 2003¦~ 1¤ë25¤é ©P¤» 12®É54¤À03¬í CST</para>
+ <para>¤£±o¤£©Ó»{²{¦bªº¤å¹©¦r«¬¤£¦p²Ó©úÅé¡A
+ ¥D¦]¬O¨t©úÅ骺¤º´O¤p¦r¬Ý°_¨Ó¯uªºµÎªA«Ü¦h¡A
+ ¥H¤U¤¶²Ð±N¹w³]¦r«¬³]©w¦¨²Ó©úÅ骺¤è¦¡¡C</para>
+ <para>­º¥ý­n¦³ <filename>mingliu.ttc</filename>¡A
+ ±N¸Ó¦r«¬«þ¨©¨ì <filename>/usr/local/share/fonts/TrueType/</filename>
+ ¤U¡AµM«á¥Î <application>ttfm</application> ¦w¸Ë¸Ó¦r«¬¡G</para>
+ <screen>
+&prompt.root; <userinput>ttfm.sh --add xttfm /usr/local/share/fonts/TrueType/mingliu.ttc</userinput>
+&prompt.root; <userinput>fc-cache -f -v /usr/X11R6/lib/X11/fonts/TrueType/</userinput></screen>
+ <para>±µµÛ¬O®Ú¾Ú¨C­Ó³nÅé¨Ó­×§ï¡A¦b gtk1 ¨t¦Cªº³nÅé¡A¥i¥H­×§ï
+ <filename>~/.gtkrc</filename>¡A
+ ¦b­^¤å¦r«¬«á¡A²Ä¤@­Ó¥[¤W
+ <option>-DynaLab-MingLiU-medium-r-normal--16-*-*-*-c-*-big5-0,</option>
+ ´N¥i¥H¤F¡C</para>
+ <para>gtk2 ¨t¦Cªº§ï <filename>~/.fonts.conf</filename>¡C</para>
+ <programlisting>
+ &lt;alias&gt;
+ &lt;family&gt;serif&lt;/family&gt;
+ &lt;prefer&gt;
+ &lt;family&gt;Bitstream Vera Serif&lt;/family&gt;
+ &lt;family&gt;PMingLiU&lt;/family&gt;
+ &lt;/prefer&gt;
+ &lt;/alias&gt;
+ &lt;alias&gt;
+ &lt;family&gt;sans-serif&lt;/family&gt;
+ &lt;prefer&gt;
+ &lt;family&gt;Bitstream Vera Sans&lt;/family&gt;
+ &lt;family&gt;PMingLiU&lt;/family&gt;
+ &lt;/prefer&gt;
+ &lt;/alias&gt;
+ &lt;alias&gt;
+ &lt;family&gt;monospace&lt;/family&gt;
+ &lt;prefer&gt;
+ &lt;family&gt;Bitstream Vera Sans Mono&lt;/family&gt;
+ &lt;family&gt;PMingLiU&lt;/family&gt;
+ &lt;/prefer&gt;
+ &lt;/alias&gt;</programlisting>
+ <para>
+ <application>WindowMaker</application> «h¬O­×§ï
+ <filename>~/GNUstep/Defaults/WindowMaker</filename>¡A
+ §â©Ò¦³¥]§t Font ªº³]©w¥[¤W
+ <option>,-DynaLab-MingLiU-medium-r-normal--16-*-*-*-c-*-big5-0</option>
+ ¡A³oÃ䪺 16 ­n®Ú¾Ú«e­± Font ªº¦r«¬¤j¤p³]©w¡A³]©w§¹«á¡A
+ ­«¶} X ´N¥i¥H¤F¡C</para>
+ <para>
+ <application>Mozilla-gtk2</application> ­×§ï¦r«¬¥i¥H¶i¤J¿ï³æ«á­×§ï¡A
+ Edit -> Preference -> Appearance -> Fonts¡A
+ <option>Fonts for:</option> ¿ï¾Ü
+ <option>Traditional Chinese</option>¡AµM«á§â¦r«¬³£¿ï¾Ü¦¨
+ <option>PMingLiU</option> ´N¥i¥H¤F¡C</para>
+ <para>
+ <application>xpdf</application> «h¬O­×§ï <filename>/usr/X11R6/etc/xpdfrc</filename>¡A
+ <option>displayCIDFontX Adobe-CNS1 "-dynalab-mingliu-medium-r-normal--%s-*-*-*-c-*-iso10646-1" UCS-2</option> ´N¥i¥H¤F¡C</para>
+
+ <sect1 id="cvsup">
+ <title>«O«ù³Ì·sªº Ports Tree</title>
+ <para>Last Update: 2003¦~ 1¤ë27¤é ©P¤@ 04®É50¤À10¬í CST</para>
+ <para>Contributed by &a.gslin;</para>
+ <para>¦b¦w¸Ë³nÅé«e¡A³Ì¦n¥ý§ó·s Ports Tree¡A
+ «Øij¥ý¥Ñ¦w¸Ë¥úºÐ¤¤¿ï¾Ü Ports Collection ¥ý¦w¸Ë¦n«á¡A
+ ¦A¨Ó§ó·s Ports Tree¡A³o¼Ë¤l§ó·sªº®É¶¡·|¤ñ¸ûµu¡C</para>
+ <para>±µµÛ³]©w¦n <filename>/etc/make.conf</filename>
+ (­Y¨S¦³«h¦Û¦æ«Ø¥ß)¡C</para>
+ <programlisting>
+SUP_UPDATE= yes
+SUP= /usr/local/bin/cvsup
+SUPFLAGS= -g -L 2
+#
+# SUPHOST ¥Nªí­n¨ì­þ¥x CVSup¡A½Ð§ï¦¨Â÷±z¤ñ¸ûªñªº Server¡C
+# cvsup[1-9].tw.FreeBSD.org
+SUPHOST= cvsup.tw.FreeBSD.org
+#
+# ¦pªG±z¬O¥Î -stable¡A½Ð¥Î stable-supfile (¥Ø«eªº -stable ¬O 4.3)
+# ¦pªG±z¬O¥Î -current¡A½Ð¥Î standard-supfile (¥Ø«eªº -current ¬O 5.0)
+SUPFILE= /usr/share/examples/cvsup/stable-supfile
+PORTSSUPFILE= /usr/share/examples/cvsup/ports-supfile
+DOCSUPFILE= /usr/share/examples/cvsup/doc-supfile
+# °ê¤º¥D­nªº FreeBSD distfiles mirror ¯¸¥x
+MASTER_SITE_BACKUP?= \
+ ftp://ftp.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
+ ftp://ftp2.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
+ ftp://ftp3.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
+ ftp://ftp4.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
+ ftp://ftp5.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
+ ftp://ftp7.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
+ ftp://ftp8.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
+ ftp://ftp9.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/
+MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}</programlisting>
+ <note>
+ <para>¥i¥H¦w¸Ë <filename role="package">sysutils/fastest_cvsup</filename>
+ ¨ÓÀ˹¤@­Ó cvsup ³Ì¾A¦X±z¡A¦w¸Ë§¹«á­×§ï
+ <filename>/usr/local/bin/fastest_cvsup</filename>¡A
+ §â¥xÆWªº­Ó¼Æ <option>'tw' => 3, # Taiwan</option> §ï¦¨
+ <option>'tw' => 13, # Taiwan</option>¡A
+ µM«á°õ¦æ <command>fastest_cvsup -c tw</command>¡C</para></note>
+ <para>¦w¸Ë¦n°ò¥»ªº Ports Tree «á¡A¦w¸Ë
+ <filename role="package">net/cvsup-without-gui</filename>¡C</para>
+ <para>±µµÛ´N¥i¥H¶i¦æ§ó·s¤F¡G</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports</userinput>
+&prompt.root; <userinput>make update</userinput></screen>
+ <para>WWW: <ulink url="http://ccca.nctu.edu.tw/~gslin/Documents/FreeBSD/use-cvsup.txt">
+ ¦p¦ó¥Î CVSup ¥h§ó·s±zªº source ¥H¤Î ports</ulink></para>
+ </sect1>
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
+
diff --git a/zh_TW.Big5/books/zh-tut/chapters/view.sgml b/zh_TW.Big5/books/zh-tut/chapters/view.sgml
new file mode 100644
index 0000000000..19968e33f4
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/view.sgml
@@ -0,0 +1,1237 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: view.sgml,v 1.111 2003/12/08 11:06:42 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="view">
+ <title>¤¤¤åªºÅã¥Ü¤Î¿é¤J</title>
+ <para>¦pªG±zÁ`¬O±q DOS ªº¤¤¤å¨t²Î©Î¬O¤¤¤å Windows 95 ¤§ÃþªºÀô¹Ò¤U³z¹L
+ <application>telnet</application> ¨Ó§Q¥Î FreeBSD
+ ¥D¾÷ªº¸Ü¡A±z¬O¤£»Ý­n¬Ý¥»¸`ªº¡C
+ ¥u¦³·í±zª½±µ¦b¤@³¡ FreeBSD ¥D¾÷¿Ã¹õ«e¾Þ§@®É±z¤~»Ý­n¦b FreeBSD
+ ¤W¦w¸Ë¤¤¤å¨t²Î¡C</para>
+ <para>¶i¦æ¤¤¤å¤Æªº¤u§@¡A§Ú­Ì¥ý±q³Ì²³æªº¤¤¤å²×ºÝ¾÷°µ°_¡A­Y­nÅý Virtual
+ Console ¾Ö¦³Åã¥Ü¤Î¿é¤J¤¤¤åªº¯à¤O¡A¥Ø«e¦³¡Gbig5con¡Bzhcon
+ µ¥¤¤¤åµêÀÀ²×ºÝ¾÷³nÅé¥i¥H¿ï¾Ü¡C</para>
+ <para>¦b Console ¤U¡A¥Ø«eªº¤¤¤åÅã¥Ü³£¬O¾aª½±µÅX°Ê¥D¾÷ªºÅã¥Ü¥d¶i¤Jø¹Ï¼Ò¦¡¡A
+ »·ºÝ¬OµLªk¨Ï¥Îªº¡C
+ ¹³¬O telnet¡Bputty µ¥¯Â¤å¦rªº»·ºÝ³s½u³nÅé¡A§ó¬OµLªk³B²zø¹Ï¼Ò¦¡ªº¿é¥X¡A
+ ©Ò¥H»·ºÝ¤]´N¨S¦³¿ìªk¨Ï¥Î³o¨Ç¤¤¤å±±¨î¥x(Console)¡C</para>
+ <para>­Y¬O¥´ºâ¨Ï¥Î X Window ªº¤¤¤åÀô¹Ò¡A«h¥²¶·¦w¸Ë¤@®M¤¤¤å XIM Server¡A
+ <application>xcin25</application> ¦b¿é¤Jªº³¡¤À¤ä´© locale »P
+ XIM ¨ó©w¡A¦b X Window ¤Uªº¤¤¤å¿é¤J¬O¿í´`ªº X11R6 ªº¼Ð·Ç¡A¤]´N¬O»¡¡A
+ ¥u­nÀ³¥Î³nÅé¥u­n¦³ XIM ªº¼Ð·Ç¡A³£¥i¥H¥¿±`ªº¿é¤J¤¤¤å¡A¥¼¨Óªº X window
+ À³¥Î³nÅéÀ³¸Óº¥º¥·|´Â¦V XIM ªº¼Ð·Ç¡A³o¼Ë¤~¥i¥H¯u¥¿°µ¨ì xcin anywhere¡C
+ ¥Ø«e¤wª¾¤ä´© XIM ªº³nÅé¦p <application>bluefish</application>¡B
+ <application>rxvt</application>¡B<application>mozilla</application>
+ ¡B<application>pyDict</application>¡B
+ <application>gnomeicu</application>¡C</para>
+ <para>¥Ø«eµ§ªÌª¾¹D¤ä´©¤¤¤åÅã¥Ü©M¤¤¤å¿é¤Jªº²×ºÝ¾÷¨Ã¤£¦h¡A
+ ¦p <application>aterm</application>¡B
+ <application>rxvt</application>¡B
+ <application>Eterm</application>¡B
+ <application>mlterm</application>¡B
+ <application>gnome-terminal</application>¡B
+ <application>konsole</application> 杭C</para>
+
+ <sect1 id="chinese-input">
+ <title>¿é¤Jªk</title>
+ <para>¥Ø«e¦b FreeBSD ©³¤U¥i¥H¨Ï¥Îªº¤¤¤å¿é¤J¥­¥x¦³¡G
+ console ¤Uªº <link linkend="big5con">big5con</link>¡A
+ <link linkend="cce">cce</link>¡A
+ <link linkend="big5cce">big5cce</link>¡A
+ <link linkend="zhcon">zhcon</link>¡A
+ <link linkend="kon2">kon2</link> ¥u¦³Åã¥Ü¤¤¤åªº¯à¤O¡A
+ ¦Ó xwindow ¤Uªº¦³
+ <link linkend="xcin25">xcin25</link>¡A
+ <link linkend="chinput">chinput</link>¡A
+ <link linkend="xsim">xcim</link>¡A
+ <link linkend="fcitx">fcitx</link>¡C</para>
+ <para>¦UºØ¦U¼Ëªº¿é¤Jªk¤£Â_´é²{¡A¥H¦r§Î¬°¼Ð·Çªº¡B¥H¦r­µ¬°¼Ð·Ç¡B
+ ¥H¦r¸q¬°¼Ð·Çªº¡BÁÙ¦³¥H¦r½X¬°°ò¦ªº¡A¦U¦Û¾Ö¦³¦U¦Ûªº¯SÂI¡A
+ ¤]¦U¦³¦UªºÀu¶Õ¡A³£¦b¬°¿é¤Jªkªº¬ã¨sºÉºøÁ¡¤§¤O¡C
+ ¥Ø«eªº¤¤¤å¿é¤Jªk¦³¥H¤U¥D­n¥|Ãþ¡G</para>
+ <para>²Ä¤@¡A¥H¦r¥À¬°°ò¦¡C³oÃþ«¬¿é¤Jªk¡A­n¨D¨Ï¥ÎªÌ¥u­nª¾¹D¸Óº~¦rªºÅª­µ¡A
+ §Y¥i¿é¤Jº~¦r¨ì¹q¸£¸Ì­±¡C¦ý¬O¿é¤J³t«×«o«D±`ªººC¡A
+ ¦]¬°º~¦r¸Ì­±¦³«Ü¦hªº¦rŪ­µ¬Û¦Pªº¡A·í±z¿é¤J¸Ó¦r«÷­µ®É¡A
+ ©¹©¹«o­nªá¤W¤@©wªº®É¶¡±Æ°£¨ä¥¦¦P­µ¦r¡A¤~¯à§ä¨ì±z©Ò»Ýªº¦r¡C
+ ¦]¦¹¥¦¥u¯à§@¬°¤@ºØ»²§U¿é¤Jªk¨Ï¥Î¡C¨Ò¦p¡A¥xÆWªºª`­µ¡B§Ñ«¬¡B¦ÛµM¡B
+ º~­µ¡Bù°¨«÷­µ¡B·L³n·sª`­µµ¥¡F¤j³°ªº«÷­µ¡B¥þ«÷¡BÂù«÷µ¥¡F
+ ­»´äªºº~»y«÷­µ¡B¸f»y«÷­µµ¥¡C</para>
+ <para>²Ä¤G¡A¥H¦r§Î¬°°ò¦¡C¶i¦æ¦r®Ú©î¸Ñ²Õ¦Xº~¦r¡C
+ ³oÃþ«¬¿é¤Jªk³Ì¤jªºÀuÂI¬O¦b©ó¥u­n¸g¹L¤@¬q®É¶¡ªº°V½m¡A
+ ¿é¤J¤¤¤å¦rªº®Ä²v·|¦³¤j¤jªº´£°ª¡C³oÃþ«¬¿é¤Jªk¤]¬O¥Ø«e³Ì¨üÅwªïªº¤@Ãþ¡C
+ ¨Ò¦p¡A¥xÆWªº­Ü¾e¡B¤j©ö¡B¦æ¦C¡BåF½¼¦Ì¡BµØ¶Hª½Ä±¡B·L³n·s­Ü¾eµ¥¡F
+ ¤j³°ªº¤­µ§¡B¾G½Xµ¥¡F­»´äªºÁa¾î¡B§Ö½Xµ¥¡C</para>
+ <para>²Ä¤T¡A¥H¦r½X°ò¦¡C¸ÓÃþ¿é¤Jªk³Ì¨å«¬ªº´N¬O¤º½X¿é¤Jªk¡A
+ ¥u­n±z¿é¤J¸Ó¦rªº¤º½X¡A§Y¥i¿é¥X¸Ó¦r¡C¥¦³Ì¤jÀuÂI¬O­«½X²v´X¥G¬°¹s¡A
+ ¤£¥Î¿ï¦r¡A¸`¬ù®É¶¡¡A´£°ª¿é¤J³t«×¡C¦ý«o­n¨D¨Ï¥ÎªÌ¯à°÷°O¦í¤º½X¡A
+ º~¦r¼Æ¶qÅå¤H¤§¦h¡A¦pªG¤£¬O±M·~¤H¤h¡A®£©È«ÜÃø°O¦í³o»ò¦h¦rªº¤º½X¡A
+ ¦]¦¹¡A³oÃþ«¬¿é¤Jªk¬O³Ì¤£¾A¥Îªº¡A¤]´N«Ü¤Ö¦³¤H¨Ó¨Ï¥Î¥¦¡C</para>
+ <para>²Ä¥|¡A¥H¦r¸q¬°°ò¦¡C¦¹Ãþ«¬¿é¤Jªk¥D­n°w¹ï¨Ï¥Î¥~»yªº¤H¤h¡A
+ ¥u­n¿é¤J¬ÛÀ³¦r¸qªº³æµü¡A§Y¥i¿é¤J¸Ó¦r¡A¦ý³t«×¤ñ¸ûºC¡A
+ ¦Ó¥B¹ï¨Ï¥ÎªÌªº­^¤åµ{«×¦³¤@©wªº­n¨D¡C¨Ò¦p¡G­^º~¿é¤Jªk¡C</para>
+ <para>¦ýÁ`ªº¨Ó»¡¡A´N¥Ø«e§Î¶Õ¨Ó¬Ý¥H¦r§Î¬°¼Ð·Çªº¿é¤Jªk¡A
+ ¦b³t«×©M­«½Xªº°ÝÃD¸Ñ¨M±o¸û¦n¡A¿é¤J³t«×§Ö¡A­«½X²v§C¡A
+ ¸û¬°¥Î¤á©Ò¼sªx±µ¨ü¡A¥H¦r­µ¬°¼Ð·Çªº¿é¤JªkÁöµM¿é¤J³t«×¸ûºC¡A
+ ¦ý³Ì¬°Â²³æ©ö¾Ç¡A§@¬°¤@ºØ«á³Æ¿é¤Jªk¤]¸û¬°¥Î¤á©Ò¼sªx±µ¨ü¡C</para>
+ <para>WWW: <ulink url="http://input.foruto.com/introduce/introduce_article001.htm">
+ Áä½L¿é¤Jªk¸U¡u½X¡v©bÄË</ulink></para>
+ <sect2 id="zh-hex">
+ <title>zh_hex - ¤º½X¿é¤Jªk</title>
+ <para>¥u­n±z¿é¤J¸Ó¦rªº¤º½X¡A§Y¥i¿é¥X¸Ó¦r¡C¥¦³Ì¤jÀuÂI¬O­«½X²v´X¥G¬°¹s¡A
+ ¤£¥Î¿ï¦r¡A¸`¬ù®É¶¡¡A´£°ª¿é¤J³t«×¡C¦ý«o­n¨D¨Ï¥ÎªÌ¯à°÷°O¦í¤º½X¡A
+ º~¦r¼Æ¶qÅå¤H¤§¦h¡A¦pªG¤£¬O±M·~¤H¤h¡A®£©È«ÜÃø°O¦í³o»ò¦h¦rªº¤º½X¡A
+ ¦]¦¹¡A³oÃþ«¬¿é¤Jªk¬O³Ì¤£¾A¥Îªº¡A¤]´N«Ü¤Ö¦³¤H¨Ó¨Ï¥Î¥¦¡C</para>
+ </sect2>
+ <sect2 id="cj">
+ <title>cj - ­Ü¾e¿é¤Jªk</title>
+ <para>¥Ñ¦¶¨¹´_¥ý¥Í©Òµo©ú¡Aµ²¦X¤¤°ê¶H§Î¦rªº¯S©Ê¡A
+ ±N©Ò¦³ªºµ§µe²¤Æ¬°24­Ó¦r®Ú¡A¨C¤@­Ó¦r®Ú¦³³\¦h¤£¦P°ò¥»¦r«¬ªºÅܤơA
+ ¦]¦¹¥u­n¼ô°O³o¨Ç¦r®Ú¤Î¦r«¬¡A´N©{¦p¼g¦r¤@¼Ë¡A
+ ¨Ì·Óµ§µe¤Î¶¶§ÇÁä¤J¦r®Ú´N¥i¥Hªí¥Ü·Q­nªº¦r¡C
+ ¦p¦¹ªº¿é¤Jªk²Å¦X¤¤°ê¦rªº¥»½è¡A
+ ¤£·|¦³ª`­µ¥Î¤[«o§Ñ°O¦r«ç¼Ë¼gªº¯ÊÂI¡C</para>
+ <para>WWW: <ulink url="http://www.cbflabs.com/">¦¶¨¹´_¤u§@«Ç</ulink></para>
+ </sect2>
+ <sect2 id="simplex">
+ <title>simplex - ²©ö¿é¤Jªk</title>
+ <para>²©ö¿é¤Jªk¬O¡y­Ü¾e­º§À½X²©ö¿é¤Jªk¡zªºÂ²ºÙ¡A
+ ¬O±N­Ü¾e¿é¤Jªkªº¨ú½X²¤Æ¡A¹ï¨C­Ó¤¤¤å¦r¦Ó¨¥¡A
+ ¥u¨ú¨ä¡y­º¡B§À¡z¤G½X¡A¨ä¾lªº³£¬Ù²¤¤£¨ú¡C
+ ©Ò¥H¥u­n¤â¤¤¦³¤@±i¡y¤¤¤å¦r¥Àªí¡z¡A¨Ã¤F¸Ñ¤¤¤å¦r¬O¥Ñ¤W¦Ó¤U¡A
+ ¥Ñ¥ª¦Ó¥k¡A¥Ñ¥~¦Ó¤ºªº¨ú½X¤è¦¡¡A¨c°O¨ú½X³W«h -- ¥u¨ú¡y­º¡B§À¡z¤G½X¡A
+ ¨º»ò´N¥i¥H¶}©l¨Ï¥Î²©ö¿é¤Jªk¿é¤J¤¤¤å¤F¡C</para>
+ </sect2>
+ <sect2 id="phone">
+ <title>phone,bimsphone - ª`­µ¿é¤Jªk</title>
+ <para>ª`­µ¿é¤Jªk¬°¥Ø«e¤¤¤å¿é¤Jªº¥D¬y¡A¨Ì¾Úª`­µ²Å¸¹«÷¥X¤¤¤å¦r¿é¤J¡C
+ ¥t¥~¦]¬°¤¤¤å¦r¦³³\¦h¦P­µ¦r¡A¦]¦¹¿ï¦r¬O¤@¶µ«D±`³Â·Ðªº¤âÄò¡A
+ ¦]¦¹ bimsphone ´£¨Ñ¤H¤u´¼¼zÀ°±z¿ï¦r¡A
+ ¤£¹LÁÙ¤£·|¾Ç²ß¨Ï¥ÎªÌ±`¥Îªº¦r·J¡C</para>
+ </sect2>
+ <sect2 id="jyutping">
+ <title>jyutping - ¸f»y«÷­µ¿é¤Jªk</title>
+ <para>¦­©ó¤@¤E¤E¤G¦~­»´äµØ³q³]­p¤F¡m¸f»y«÷­µ¿é¤Jªk¡n¡A
+ «á¨Ó¤S±N¥¦¥Ñ1.0ª©µo®i¨ì4.0¡Aª½¦Ü³Ì·sªº2001¦Uª©¥»¡C
+ ³o­Ó¿é¤Jªk¼sªx¦b­»´ä³QÀ³¥Î¡A¨Ò¦p¡A­»´ä¬F©²¥«¬F©²¹Ï®ÑÀ]¡B
+ °Ï°ì¥«¬F§½¹Ï®ÑÀ]´£¨Ñµ¹¥«¥Á¬d¾\®ÑÄy¡A
+ Ápºô¹q¸£¤W¨Ï¥Îªº¡u¸f­µ¡v¿é¤Jªk´N¬O­»´äµØ³q²£«~¡C</para>
+ <para>¡m¸f»y«÷­µ¿é¤Jªk¡n¬O¥Î­»´ä²ßºDªº­^¤å¦r¥À¼sªF«÷­µªº¤èªk¿é¤J¤¤¤å¦r¡C
+ ¥DÀÉ23,000½X¡A­Ý®e¨Ã»Wªº¿é¤J½X¡A¥X¦r²v°ª¡A
+ ¥ô¦ó¤@ºØ¬y¦æªº«÷ªk³£¯à«÷¥X©Ò»Ý¤§¦r¡C</para>
+ <para>¹ê¥Îªº¯S§O½s½XÀÉ¡A¬°­»´ä±`¥Î¦r«¬¡B¯S®í²Å¸¹¡B¦Ê®a©m¡B¤é¤å¦rµ¥¡A
+ ´£¨Ñ¤F¦X±¡¦X²z¡A©ö°O¹ê¥Îªº¿é¤J½X¡C</para>
+ <para>¥D­n¯SÂI¦p¤U¡G</para>
+ <para>¾A¥Î©óWindows¤¤¤å¥­¥xµ¥¦h­Óª©¥»¡A¥H³æ¦r©Îµü²Õ§¡¥i¿é¤J¤¤¤å¡C
+ ¿é¤J¤@½X¡B¤G½Xµ¥§Y¥X²{«Ý¿ï¦r¤è«K¿é¤J¡A¤£¼vÅT¥þ½X¿é¤Jªº²ßºD¡C
+ ¤â°Ê½Õ¾ã«Ý¿ï¦rÀu¥ý¶¶§Ç¡A§Y®É¼W²Kº~¦r¿é¤J½s½X¤Î¼W²Kµü²Õ½s½X¡C
+ ´£¨ÑÂ×´IÁp·Q¦rµü¥\¯à¡A¤@¦¸¿é¤J¦h¯ÅÁp·Q¡Aª½¨ì±z§ä¨ì©Ò»Ý¤§¦r¡C
+ ¤@¦¸©ÊÅã¥Ü©Ò¦³«Ý¿ïº~¦r¡A¯àÅã¥Üº~¦rªº©Ò¦³­Ý®e¨Ã»Wªº¸f«÷½s½X¡C
+ ¦¬¿ý¤F¤Q¸U­Ó¥xÆW¡B¤j³°¤Î­»´ä¥Îµü¡A¥R¤ÀÅé²{²¼ä©M¹ê¥Îªº­·®æ¡C</para>
+ </sect2>
+ <sect2 id="bimspinyin">
+ <title>bimspinyin - «÷­µ¿é¤Jªk</title>
+ <para>¡uª`­µ¡v§Y¬O¶Ç²Îªº¤¤¤å­µ¼Ð¡X¤@¡u¬Á©YºN¦ò¡vª`­µ¦r¥À¡A
+ ²{¤µ¦b¥xÆW¤´¼s¬°ªö¥Î¡Cª`­µªk§âÁä½L¤Wªº¦r¥À¡B¼Æ¦r¡B
+ ¤Î²Å¸¹­«·s½s±Æ¦¨¥|¤Q¦h­Óª`­µÁä¡A¥þµL¡u©Ô¤B¤Æ¡vªº²ª¸ñ¡A
+ ¦n³B¬O§¹¾ã¡A¤@Áä¤@­µ¯À¡A¿é¤J³t«×²z½×¤W¸û§Ö¡C
+ ¦ý¦]¤£»P©Ô¤B¦r¥À±¾¹_¡A§Y¨Ï¼ô±xª`­µ¦r¥Àªº¥Î¤á¡A
+ ªì¾Ç®É¤]­n±j°Oª`­µ¦r¥À¦bÁä½Lªº¦ì¸m¡C
+ ¬Û¤Ï¡u«÷­µ¡v¤ñ¸û²³æ©ö¾Ç¡A¦b°ê»Ú¤W¥ç¸û¬°¼sªx±µ¨ü¡C</para>
+ </sect2>
+ <sect2 id="chewing">
+ <title>chewing - »Å­µ¿é¤Jªk</title>
+ <para>»Å­µ¿é¤Jªk¬O¤@ºØÁo©úªºª`­µ¿é¤Jªk¡C¥¦·|®Ú¾Ú±`¨£ªº¦rµü¡A
+ ¦Û°Ê±N±z©Ò¿é¤Jªºª`­µÂàÅܬ°¾A·íªº¤¤¤å¦r¡A´î¤Ö¦P­µ¦rªº¿ï¾Ü¡C
+ »Å­µ¿é¤JªkÁÙ´£¨Ñ¤F³\¦h¦n¥Î¥\¯à¡A¦p±`¥Î²Å¸¹¿é¤J¡B¤â°ÊÂ_µü¥\¯à¡B
+ ¤¤­^²VÂø¿é¤Jµ¥¡C</para>
+ <para>
+ WWW: <ulink url="http://chewing.good-man.org/">»Å­µºô¯¸</ulink></para>
+ </sect2>
+ <sect2 id="array30">
+ <title>array30 - ¦æ¦C30¿é¤Jªk</title>
+ <para>¦æ¦C¿é¤Jªk©M¨ä¥¦ªº¿é¤Jªk¤ñ¸û°_¨Ó¡A¥ç¬O¤@ºØ©ö¾Ç©ö¥Îªº¿é¤Jªk¡A
+ ¥¦¥H¦r§Î¬°°ò¦¡B´¬±ó¬Y¨Ç¦r§Î¿é¤Jªk¤¤¤@¨Ç¸û¬°½ÆÂøÃø©úªº³¡¤À¡A
+ µ²¦X¦Û¤vªº¯S¦â³]­p¦¨¡C¯S§O¬O¼ô½m¥H«á¡A¦b¤¤¤å¿é¤J¤W·|¦³¸û¤jªº¬ð¯}¡A
+ ¤ñ¸û¾A¦X¤j²³¾Ç²ß¡C¦æ¦C¿é¤Jªkªº®a¡A«h´£¨Ñ¦æ¦C¿é¤Jªkªº¬ÛÃö«H®§¡A
+ ¥]¬A½u¤W±Ð¾Ç¡Ð±Ð±z¾Ç·|¦p¦ó¨Ï¥Î¦æ¦C¿é¤Jªk¡A
+ ½u¤W«ü¾É¡Ð¥HFAQ§Î¦¡«ü¾É±z¦b¾Ç²ß¦æ¦C¿é¤Jªk¹Lµ{¤¤©Ò¹J¨ì¥ô¦óºÃÃø°ÝÃD¡A
+ ¥H¤Î¦æ¦C¬ì§Þ¤½¥q³Ì·s°ÊºA¡B¤½¥q²¤¶¡B²£«~Ãoµ¡µ¥µ¥Äæ¥Ø¡A
+ ¦V±z±q¦h­Ó¤è­±¤¶²Ð¦æ¦C¿é¤Jªk¡C¦pªG±z¦³¿³½ìªº¸Ü¡A
+ ³o¸Ì¬O¤@­Ó«Ü¦nªº¤Á¤JÂI¡AÀ°§U±z¾Ç²ß¨Ã´x´¤¥¦¡C</para>
+ <para>
+ WWW: <ulink url="http://www.array.com.tw/">¦æ¦C¬ì§Þ</ulink></para>
+ </sect2>
+ <sect2 id="liu">
+ <title>liu - åF½¼¦Ì¿é¤Jªk</title>
+ <para>²³æ©ö¾Ç¡A§Ö³t¡A¦b¦U¶µ¤ñÁɤ¤±`¦W¦C«e¥Ù¡C
+ ¥­§¡¨ú½X¼Æ¤Ö¡A¤£¹L¤º«Ø¦¹¿é¤Jªkªº¤¤¤å¨t²Î¤£¦h¡A»Ýªá¿ú¶R¡C</para>
+ <para>WWW: <ulink url="http://www.liu.com.tw/">¦æ©ö¤½¥qºô¯¸</ulink></para>
+ <para>WWW: <ulink url="http://liu.twbbs.org/">½¼¦Ì±Ú¼Ö¶é</ulink></para>
+ </sect2>
+ <sect2 id="dayi">
+ <title>dayi - ¤j©ö¿é¤Jªk</title>
+ <para>¤j©ö¿é¤Jªk¬O¤¤¤åWindows¤º¥Iªº¿é¤Jªk¡A
+ ·sªº¡i¤j©ö¿é¤Jªk v5.1 µü®wª©¡j³Ì·s¤T½X¥\¯à¡A
+ ¨C­Ó¦r¡u³Ì¦h¡v¤T½X¡A¸û¤W­Óª©¥»§Ö30%¡C§Ö³t¿é¤J±`¥Î¼ÐÂI¡B
+ ¥þ­^¤å¤Î¥þ§Î²Å¸¹¡C¨Ì·Óµ§¹º¶¶§Ç¼g½X¡C
+ ´£¨Ñ¤j©ö¿é¤Jªk§Þ³N¤ä´©±z¥i¥H±q¿ï³æ¤¤¡A¨Ó¿ï¾Ü±z©Ò­n¬d¸ßªº°ÝÃD¡C</para>
+ <para>¦b <application>xcin25</application> ©³¤U·s¼W¤j©ö¿é¤Jªk</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/X11R6/lib/X11/xcin25/tab/big5</userinput>
+&prompt.root; <userinput>fetch ftp://xcin.linux.org.tw/pub/xcin/xcin/contrib/dayi3.cin</userinput>
+&prompt.root; <userinput>../../bin/cin2tab dayi3.cin</userinput>
+&prompt.root; <userinput>vi /usr/X11R6/etc/xcinrc</userinput></screen>
+ <programlisting>
+--- xcinrc.orig Fri Oct 12 18:07:40 2001
++++ xcinrc Fri Oct 12 18:08:10 2001
+@@ -109,7 +109,7 @@
+ (DEFAULT_IM_SINMD "DEFAULT")
+ (PHRASE "default.phr")
+ (CINPUT (cj chewing simplex phone bimspinyin bimsphone jyutping
+- array30 zh_hex))
++ array30 zh_hex dayi3))
+ (FONTSET "-sony-*-24-*-iso8859-1,-*-24-*-big5-0")
+ (OVERSPOT_FONTSET "-sony-*-16-*-iso8859-1,-*-16-*-big5-0")))
+ ;
+@@ -138,6 +138,23 @@
+ (define bimsphone@big5
+ '((SETKEY 6)
+ (MODULE "bimsphone")))
++
++(define dayi3@big5
++ '((SETKEY 7)
++ (AUTO_COMPOSE YES)
++ (AUTO_UPCHAR YES)
++ (AUTO_FULLUP NO)
++ (SPACE_AUTOUP NO)
++ (SELKEY_SHIFT YES)
++ (SPACE_IGNORE YES)
++ (SPACE_RESET YES)
++ (AUTO_RESET YES)
++ (WILD_ENABLE YES)
++ (SINMD_IN_LINE1 NO)
++ (END_KEY NO)
++ (BEEP_WRONG YES)
++ (BEEP_DUPCHAR YES)))
+
+ (define array30@big5
+ '((SETKEY 8)</programlisting>
+ <para>WWW: <ulink url="http://www.dayi.com/">¤j©ö¤½¥qºô¯¸</ulink></para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="big5con">
+ <title>big5con - Ãþ¦ü­Ê¤Ñªº¤¤¤å Console</title>
+ <para>¤@ºØ¦b¥D±±¥x(console)¤W´£¨ÑÅã¥Ü¡A¿é¤Jªº¤¤¤å¤å¦rÅã¥Üµ{¦¡¡A
+ ¾Þ§@¤¶­±Ãþ¦ü­Ê¤Ñ¤¤¤å¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/big5con</filename>¡C</para>
+ <para>¦b console(vty or ttyv?) login «áª½±µ¥´ <command>b5c</command>
+ ·|¶i¤J <application>big5con</application>¡G</para>
+ <programlisting>
+Ctrl-Alt-1: ­Ü¾e
+Ctrl-Alt-3: ª`­µ
+Ctrl-Alt-6: µü­µ
+Ctrl-Alt-9: åF½¼¦Ì</programlisting>
+ <para>¨ä¥¦«öÁä²ßºD¤j³¡¤À©M <application>et3</application> ¦P¡C</para>
+<!-- <para>­Y­n¼W¥[¨ä¥¦¿é¤Jªk¡A¦p­Ü¾e¡A¥i½s¿è <filename>/usr/local/bin/et
+ </filename> <option>/usr/local/bin/b5c -altmeta 1 -in9 Boshiamy.tab -in1
+ cj.tab</option> ¥[¤W <option>-in1 cj.tab</option> ªí¥Ü
+ <command>Ctrl-Alt-1</command> ¤Á´«¨ì cj.tab (­Ü¾e)¡C
+ <filename>/usr/local/lib/xcin/*.tab</filename> ¦³¨ä¥¦¿é¤Jªk¥i¿ï¥Î¡C
+ ¨ä¥¦°Ñ¼Æªº¨Ï¥Îªk¡G<filename>/usr/local/lib/xcin/xcin.help</filename></para>-->
+ <para>³q±` <application>b5c</application> ©M
+ <application>screen</application> ¤@°_·f°t¨Ï¥Î¡A¥Hµo´§
+ buffer & cut-paste & .... ªº¥\®Ä¡A°õ¦æ¶¶§Ç¬°:
+ <application>b5c</application> ¥ý¡A
+ <application>screen</application> «á¡A¤]´N¬O
+ <application>b5c</application> ¾¨¶q¦b console
+ login «á¥ß§Y°õ¦æ¡A¶i¤J big5 console «á¦A¶]¨ä¥¦»²§U¥\¨ã¡C</para>
+ <para>­Y <application>b5c</application> ³y¦¨ console ¥¢±`¡A
+ ¥i³z¹L <command>watch -W v0</command> »·ºÝ¦^´_ --
+ <command>man watch</command>
+ ftp://freebsd.ntu.edu.tw/freebsd/woju/source/vgalib.txt</para>
+ <para>­Y¿Ã¹õ°¾±¼©Îªá±¼¡A³q±`¬O scan freq ªº°ÝÃD¡A¥i§Q¥Î¿Ã¹õµwÅé
+ ·L½Õ¶}Ãö½Õ¾ãÅã¥Ü°Ï°ìªº¦ì¸m©M¤j¤p¡C­Y¦³¸Ë XFree86¡A¤]¥i±Ò°Ê
+ X «á¨Ï¥Î <command>xvidtune</command> ½Õ¾ã§´·í¡A±N³Ì¨Î°Ñ¼Æ°O¤J
+ <filename>/usr/local/etc/big5con.cfg</filename>¡C</para>
+ <para>­Y¨Ï¥Î <application>telnet</application> µLªk¿é¤J¤¤¤å(¥X²{¶Ã½X)¡A
+ ½Ð°Ñ¦Ò <link linkend="telnet">telnet</link> ¤@¸`¡C</para>
+ <para>¦pªG°õ¦æ®É¦³°ÝÃD¡A¥ýÀˬd /dev/vga ¬O¤£¬O symlink ¨ì ttyv0¡H
+ <command>ls -l /dev/vga</command>¡A¦pªG¤£¬Oªº¸Ü½Ð°õ¦æ
+ <command>ln -sf /dev/ttyv0 /dev/vga</command>¡C</para>
+ <screen>
+&prompt.user; <userinput>b5c</userinput>
+Big5con - Big5 Chinese Console version 0.92b
+Big5con> fatal error: can't open /dev/vga
+&prompt.user; <userinput>ls -l /dev/vga</userinput>
+ls: /dev/vga: No such file or directory
+&prompt.user; <userinput>ln -sf /dev/ttyv0 /dev/vga</userinput>
+&prompt.user; <userinput>ls -l /dev/vga</userinput>
+lrwx------ 1 root wheel 5 5 16 17:34 /dev/vga -> ttyv0</screen>
+ <note><para>¥H¤U´£¨Ñ¤@­Óµn¤J´N°õ¦æ <command>b5c</command> ªº¤èªk¡A
+ ¦b ~/.cshrc ³Ì«á¥[¤J¥H¤Uµ{¦¡½X¡G</para>
+ <programlisting>
+if ( `tty | cut -b 1-9` == "/dev/ttyv" ) then
+ exec b5c
+endif</programlisting></note>
+ <figure>
+ <title>big5con snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/big5con" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="ftp://www.tw.freebsd.org/pub/taiwan/NTU/woju/binary/b5c.html">
+ §ó¦hªº¸ê°T</ulink></para>
+ <para>WWW: <ulink url="http://sourceforge.net/projects/big5con/">
+ big5con project</ulink></para>
+ </sect1>
+
+ <sect1 id="zhcon">
+ <title>zhcon - °ò©ó FrameBuffer ªº±±¨î¥x¦h¤º½X¤¤¤å¥­¥x</title>
+ <para><application>zhcon</application> ¬O¤@­Ó°ò©ó FrameBuffer
+ ªº±±¨î¥x¦h¤º½X¤¤¤å¥­¥x¡C¥L¯à°÷³z¹L FrameBuffer
+ ¦b±±¨î¥x¤WÅã¥Ü²Å餤¤å¡BÁcÅ餤¤å¡B¤é¤å¡BÁú¤å¡C</para>
+ <para>¥Ø«eª©¥»ªº <application>zhcon</application> ¾Ö¦³¥H¤Uªº¯S©Ê¡G</para>
+ <para>§¹¥þ¤ä«ù FrameBuffer ³]³Æ(±q640x480x8bpp ¨ì 1024x768x32bpp)¡A
+ ¤ä«ù¦hºØ¤º½X(GB2312,GBK,BIG5,JIS,KSCM)¡A
+ ¨Ã¥i¨Ï¥Î¼öÁä¦b¤­ºØ¤º½X¶¡°ÊºA¤Á´«¦Û°ÊÃѧOGB2312/BIG5¤º½X¡A
+ ¨Ã¯à¦b¤GªÌ¶¡¦Û°Ê¤Á´«¥i¥¿½TÃѧO¦UºØ¨îªí²Å¸¹¡A
+ ¤£·|¥X²{¶Ã½X¥i¥Î¼öÁäÂsÄý¾ú¥v¿Ã¹õ¡A
+ ¤ä«ù©Ò¦³°ò¤_½XªíªºWindows98¿é¤Jªk©MUCDOS¿é¤Jªk(¨t²Î¤º«Ø12ºØ¿é¤Jªk)¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/zhcon</filename>¡C</para>
+ <programlisting>
+¥\¯àÁ仡©ú¡G
+CTRL_SPACE: ¥´¶}/Ãö³¬¿é¤Jªk
+ALT_SPACE: Åã¥Ü/ÁôÂÿé¤J±ø
+CTRL_,: ¤Á´«¥þ¨¤/¥b¨¤
+CTRL_.: ¤Á´«¤¤¤å¼ÐÂI
+CTRL_F1: ¤Á´«¦ÜGB2312¤º½X
+CTRL_F2: ¤Á´«¦ÜGBK¤º½X
+CTRL_F3: ¤Á´«¦ÜBIG5¤º½X
+CTRL_F4: ¤Á´«¦ÜJIS¤º½X
+CTRL_F5: ¤Á´«¦ÜKSCM¤º½X
+CTRL_F9: ¤Á´«GB2312/BIG5¦Û°ÊÃѧO¼Ò¦¡
+CTRL_F10: ¶i¤J¿ï³æ
+CTRL_ALT_1 - CTRL_ALT_9: ¤Á´«¿é¤Jªk
+CTRL_ALT_0: ­^¤å¿é¤J</programlisting>
+ <programlisting>
+¿é¤Jªk¿ï¶µ¡G
+CTRL_ALT_1: µL½¼¦Ì
+CTRL_ALT_2: ­Ü¾e
+CTRL_ALT_3: ª`­µ
+CTRL_ALT_8: ¦æ¦C30
+CTRL_ALT_9: µL½¼¦Ì</programlisting>
+ <note><para>ª`­µ¦b¿ï¦r¤W¥²¶·¥Î ALT_¼Æ¦r ¤~¯à¿ï¦r¡A
+ ¥Î + ©Î = ´«­¶¡C</para></note>
+ <programlisting>
+¾ú¥vÂsÄý¡G
+SHIFT_PAGEUP: ¤W±²¥b­Ó¿Ã¹õ
+SHIFT_PAGEDOWN: ¤U±²¥b­Ó¿Ã¹õ
+SHIFT_ARROWUP: ¤W±²¤@¦æ
+SHIFT_ARROWDOWN: ¤U±²¤@¦æ</programlisting>
+ <figure>
+ <title>zhcon snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/zhcon" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>sourceforge WWW: <ulink url="http://sourceforge.net/projects/zhcon/">
+ zhcon project</ulink></para>
+ <para>
+ main WWW: <ulink url="http://zhcon.gnuchina.org/">
+ http://zhcon.gnuchina.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="big5cce">
+ <title>big5cce - ÁcÅ餤¤å Console Àô¹Ò</title>
+ <para>big5cce (BIG5 Console Chinese Environment)</para>
+ <para>¤@¡B«e¨¥</para>
+ <para>CCE (Console Chinese Environment) ¬° Rui He, &gt;herui@cs.duke.edu&lt;
+ ¼¶¼gªº¤¤¤å±±¨î¥x¨t²Î (§ï¼g¦ÛµÛ¦Wªº kon)¡A¦ý¥Ø«e¶È¤ä´©Â²Åé(GB)ªº¿é¤J
+ ¤è¦¡¡C ¥Ñ©ó CCE ¤ä´© Mouse (Copy & Paste) ¥H¤Î multiple-terminal¡A
+ °t¦X Frame Buffer Åã¥Ü³t«×¬Û·í§Ö³t¡AÆZ§Æ±æ¯àÅý¨Ï¥ÎÁcÅé(Big5)ªº
+ GNU/Linux ©M FreeBSD users ¤]¯à¨Ï¥Î³o®M·¥¨Îªº¤¤¤å¬É­±¡A¦]¦¹¤~¦³ big5cce
+ ªº¥X²{¡C</para>
+ <para>big5cce ¥D­n¬O¼W¥[ÁcÅ餤¤åªº¦U¶µ¿é¤Jªk¤ä´©¡A¥Ø«e¤ä´©ªº¿é¤Jªk­p
+ ¦³­Ü¾e¡Bª`­µ¡B»´ÃP¡B¤j©ö¡B¦æ¦C¡BåF½¼¦Ì¡B¤º½Xµ¥¡A¦ÓÅã¥Üªº¤¤¤å¦r§Î±Ä¥Î
+ FreeBSD ¤WµÛ¦Wªº big5con ©Ò±Ä¥Îªº kc16.smf (Âন cce ©Ò¨Ï¥Îªº.bin)¡C
+ ¦¹¥~¡AÁÙ¼W¥[ ¤F¥b§Î/¥þ§Îªº¿é¤J¡ACtrl+Shiftªº´`Àô¤Á´«¿é¤Jªk¡A¹ï©ó¨ä¥¦
+ ¿é¤Jªkªº¼W¥[¥i§Q ¥Î big5cce ©Ò´£¨Ñªº cin2tab ±N¿é¤Jªkªº .cin Âà´«¦¨
+ tab ¨Ã¦b big5cce.cfg ¤¤¥[¤J¿é¤Jªkªí®æ§Y¥i¡C</para>
+ <para>¤G¡B¦w¸Ë</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/big5cce</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <programlisting>
+2) ¨Ì»Ý¨D­×§ï /usr/lib/big5cce/big5cce.cfg
+3) °õ¦æÀɱN¦w¸Ë¦b /usr/bin/big5cce¡A¿é¤Jªk¡B¦r«¬¤Î³]©wÀÉ(big5cce.cfg)
+ «h¦w¸Ë¦b /usr/lib/big5cce ¥Ø¿ý¡C</programlisting>
+ <para>¤T¡B¿é¤Jªk¡G</para>
+ <programlisting>
+1) ¨Ï¥Î Ctrl+Shift ¥i½ü¬y¤Á´«¿é¤Jªk(Only GNU/Linux)¡C
+2) Ctrl+Space ¥i¤Á´« ¤¤/­^ ¿é¤Jª¬ºA¡C
+3) Shift+Space ¥i¤Á´« ¥b§Î/¥þ§Î ¿é¤Jª¬ºA¡C
+3) Ctrl+Alt+0 ¤º©w¬° ¤º½X ¿é¤Jªk¡A¤£¶·¸ü¤J¿é¤Jªkªí®æ(.tab)
+4) Ctrl+Alt+3 ¬°¹w³]ªº ª`­µ ¿é¤Jªk¡C
+5) Ctrl+Alt+1 ~ 9 ·|¨Ì big5cce.cfg ¤¤³]©w¸ü¤J¿é¤Jªkªí®æ(.tab)ªº¶¶§Ç¤Á´«¡C
+6) Ctrl+Alt+9 ¹w³]¬°åF½¼¦Ì¿é¤Jªk¡Abig5cce·|¨Ï¥Î¿W¥ßªºåF½¼¦Ì¿é¤J³B²z¡A
+ ©Ò¥H­Y·Q¨Ï¥ÎåF½¼¦Ì¿é¤Jªk½Ð¸ü¤J¦Ü Ctrl+Alt+9 ¤¤¡C
+ NOTE:
+ big5cce ¤£´£¨ÑåF½¼¦Ì¿é¤Jªkªí®æ¡A½Ð¨Ï¥ÎªÌ¦Û¦æ download
+ åF½¼¦Ì©Ò¨Ï¥Îªº .cin ¡A§Q¥Î big5cce ©Ò´£¨Ñªº cin2tab Âà´«¦¨ .tab
+ ¨Ã¦b big5cce.cfg ¤¤¥[¤J¿é¤Jªkªí®æ§Y¥i¡C</programlisting>
+ <para>¥|¡B¦r§Î¡G</para>
+ <programlisting>
+1) big5cce ¤º©w¨Ï¥Î kc16.bin ¦r«¬¡C
+2) ¤ºªþ hku-ch16.bdf ¤Î hku-ch16.bin ¦r§Î¡A­ì¥ý cce/kon ©Òªþ¤§
+ bdf2bin ¦³¨Ç°ÝÃD¡A¸g cnoize §ï¨}¹L«á¤~¯à¦¨¥\±N .bdf Âন .bin
+ ¦ý¤´¦³¨Ç¦r§Î·|¿òº|¡A¸Ô²Ó»¡©ú½Ð°Ñ¦Ò font/bdf2bin.c ªºµù¸Ñ¡C
+3) ­Y­n¼W¥[·sªº¦r«¬(¨Ò¦p¡GBIG5+)¡A½Ð­×§ï font.c Ãö©ó¦r§Î Coding
+ ªº³¡¥÷¡A¥H¤Î¨Ï¥Î grep "hard code" *.c ¤¤§ä´M¬ÛÃöªºµ{¦¡½X¡C</programlisting>
+ <para>¤­¡Bmultiple-terminal¡G</para>
+ <programlisting>
+1) Ctrl+Alt+A ¶}·sµøµ¡¡A³Ì¦h¥i¦P®É¶}¤Q²Õµøµ¡¡C
+2) Ctrl+Alt+X Ãö³¬©Ò¦bµøµ¡¡C
+3) Ctrl+Alt+N ¤U¤@­Óµøµ¡¡C
+4) Ctrl+Alt+P ¤W¤@­Óµøµ¡¡C</programlisting>
+ <para>¤»¡BMouse support¡G</para>
+ <programlisting>
+1) ·Æ¹«¤ä´©¡A½Ð¦b big5cce.cfg ¤¤³]©w¨Ï¥Îªº·Æ¹«(¤º©w PS2)¡C
+2) «ö¦í·Æ¹«¥ªÁä¥i§@¤å¦r¤Ï¥Õ(Copy)¡C
+3) «ö¤U·Æ¹«¥kÁä§Y¦b´å¼Ð¦ì§}§@ Paste °Ê§@¡C
+4) ­×¥¿­ì¥ý cce/kon ¦b Paste ¤å¦rªº bug (by cnoize)¡C</programlisting>
+ <para>¤C¡B¨ä¥¦¥\¯à¡G</para>
+ <programlisting>
+1) Ctrl+Alt+R Refresh ©Ò¦bµøµ¡¡C</programlisting>
+ <para>¤K¡Bbugs/test¡G</para>
+ <programlisting>
+1) ­Y±ý¨Ï¥Î HardScroll ¥[³t½Ð¦b Makefile ¥[¤J -D__HardScroll__¡A
+ ¦ý·|¦³¤@¨Ç°ÝÃD¡A½Ð¥ý¤£­n¨Ï¥Î¡C
+2) FreeBSD 4.0 ¦b GNU/Linux vmware ¤U mouse »Ý³]¬° MouseSystems ¤~¯à
+ ¥¿±`¨Ï¥Î¡C</programlisting>
+ <para>Gian-Yan Xu. &lt;kids@linux.ee.tku.edu.tw&gt;</para>
+ <para>WWW: <ulink url="http://linux.ee.tku.edu.tw/~kids/">
+ http://linux.ee.tku.edu.tw/~kids/</ulink></para>
+ </sect1>
+
+ <sect1 id="cce">
+ <title>cce - ²Å餤¤å±±¨î¥xÀô¹Ò</title>
+ <para>¸Óµ{§Ç¬O¤@­ÓÃþ¦üWZCE¡Ayact©Mchdrvªº±±¨î¥x¤¤¤å¥­¥x¡C
+ ¶i¤J¸ÓÀô¹Ò¥i¥H¥Î "ªÅ®æ+Ctrl" Áä¨Ó¤Á´«¤¤¤å/­^¤åªº¤£¦P¿é¤J¤è¦¡¡A
+ "Ctrl+Alt+0~9" ¥i¥H¥Î¨Ó§ïÅܤ£¦Pªº¿é¤Jªk¡C
+ "Ctrl+Alt+9" ¬O¤º½X¿é¤Jªk¡C"Ctrl+Alt+0" ¬O«÷­µ¿é¤Jªk¡C
+ Àq»{±¡ªp¤U¡ACCE¥H¥þ«÷¿é¤Jªk§@¬°Àq»{¿é¤Jªk¡A
+ ¨Ã±N¤­µ§¿é¤Jªk§@¬°²Ä¤G¿é¤Jªk¡C±z¥i¥H³q¹L¨Ï¥Î¤u¨ã³n¥ócin2tab
+ ¡]¦w¸Ë¦b/usr/lib/ccek¤¤¡^©Mtab2cin¨Ó³Ð«Ø¦Û¤vªº¿é¤Jªk¡C
+ cin2tab·|±N¿é¤Jªkªº·½¤å¥ó®æ¦¡¡]*.cin¡^Âà´«¦¨¤G¶i¨î®æ¦¡¡A
+ ¦Ótab2cin§¹¦¨ªº¬O¬Û¤Ïªº¤u§@¡C</para>
+ <para>¥Ñ©ó¦w¥þ©Ê°ÝÃD¡Acce ³Q²¾¥X ports tree¡A
+ ¤£¹Lµ§ªÌ¦³¥t¥~«O¦s¤F¤@¥÷¦b outta-port¡C</para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/cce</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <programlisting>
+ Ctrl+Space ¤Á´«¤¤¤å/­^¤å¿é¤Jªk
+ Ctrl+Alt+0 «÷­µ¿é¤Jªk
+ Ctrl+Alt+9 ¤º½X¿é¤Jªk
+ Ctrl+Alt+1 ¥þ«÷¿é¤Jªk
+ Ctrl+Alt+2 ¤­µ§¿é¤Jªk
+ Ctrl+Alt+3-Ctrl+Alt+8 ¨ä¥¦¿é¤Jªk</programlisting>
+ <figure>
+ <title>cce snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/cce" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://programmer.lib.sjtu.edu.cn/cce/cce.html">
+ cce project</ulink></para>
+ <para>WWW: <ulink url="http://sourceforge.net/projects/cce2k/">
+ cce2k project</ulink></para>
+ </sect1>
+
+ <sect1 id="kon2">
+ <title>kon2</title>
+ <para><application>kon2</application> ¬O£¸®M¤ä´© CJKV ªº Console
+ À³¥Îµ{¦¡¡A¤]¬O¥Ø«e <application>big5con</application> ©M
+ <application>cce</application> ªº«e¨­¡A¤£¹L¥L¨Ã¤£¤º§t¿é¤Jªk¡A
+ ©Ò¥H¾A¦X­è¸Ë§¹§ä¤¤¤å¸ê®Æ¥Î¡A¦]¬°¥L¬O¥Ø«e³Ìí©wªº¤F¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/kon2</filename>¡C</para>
+ <para><application>kon2</application> ¨Ï¥Î kcfonts ¤ºªº kc15f
+ ¤¤¤åÁcÅé¦r«¬¡A³o­Ó¦r«¬¥]§t¤F­Ê¤Ñ¥~¦rµ¥¡A
+ ¤]¥]§t¤F <application>fcitx</application> ¤ºªº gbkst16 ¤¤¤å²Åé¦r«¬¡A
+ ¦b¤Á´«ªº³¡¥÷¤ñ¸û³Â·Ð¡A¥Ø«e¹w³]¬O¨Ï¥Î BIG5-0¡A
+ ¦pªG­n¨Ï¥Î²ÅéÀô¹Ò¡A¥²¶·¿é¤J <command>kon -Coding GBK-0</command>¡A
+ ÁcÅé¬Û¹ïÀ³ªº´N¬O <command>kon -Coding BIG5-0</command>¡A
+ ¦Ó¸Óµ{¦¡¥Ø«e¤]¤£ºÞ¨Ï¥Î²Åé©Î¬OÁcÅéÀô¹Ò¡A
+ ³£·|¦P®É¸ü¤J¨âºØ¦r«¬¡A©Ò¥H·|¦³¤@ÂIÂIºC¡A¥i¥H¥Î <command>fld -i</command>
+ ¨ÓÆ[¹î¥Ø«e¸ü¤Jªº¦r«¬¡C</para>
+ <screen>
+&prompt.user; <userinput>fld -i</userinput>
+ No. ShmId Font Name Size MemSize
++---+-----+---------------+-----+-------+
+ 9 65541 JISX0201.1976-0 8x16 4080
+ 20 65540 GBK-0 16x16 774144
+ 24 196611 BIG5-0 16x15 472240</screen>
+ </sect1>
+
+ <sect1 id="xcin25">
+ <title>xcin25 - ÁcÅ餤¤å XIM Server</title>
+ <para>¦pªG±z±`¨Ï¥Î X Window¡A§Ú­Ì¤Q¤À«Øij±z±Ä¥Î <application>xcin25
+ </application> »P <application>rxvt</application>
+ ²Õ¦Xªº¤è¦¡¡A¨Ó¸Ñ¨M¤¤¤å¿é¤Jªº°ÝÃD¡C </para>
+ <para><application>xcin25</application> ¬O Xwindow Chinese INput
+ ªºÁY¼g¡A¬O¤@­Ó¦b X Window ¼Ò¦¡
+ ¤U°õ¦æªº¤¤¤å¿é¤J¨t²Î¡A¦]¬° <application>xcin25</application>
+ ¬O§Q¥Î X Window ªº
+ Server/Client ¤è¦¡°õ¦æªº¡A©Ò¥H±z¥u­n±Ò°Ê¤@­Ó
+ <application>xcin25</application> ¿é¤Jµøµ¡
+ ¡A«K¥i¥H¹ïÀ³³\¦hªº <application>rxvt</application>
+ Åã¥ÜµêÀÀ²×ºÝ¾÷¡A¦û¥Î¨t²Î¸ê·½¤ñ¸û¤p¡C
+ ¤]´£¨ÑÃþ¦ü DOS Àô¹Ò¤Uªº§Ñ§Î©Î¦ÛµM¿é¤Jªkªº´¼¼z«¬¿é¤J¿ï¦rÀô¹Ò¡C </para>
+ <para>¦w¸Ë <filename>chinese/xcin25</filename>¡C</para>
+ <para>¦w¸Ë§¹¦¨«á¡A¦b <filename>~/.cshrc</filename> ¤¤¼W¥[¤U¦Cªº³]©w</para>
+ <programlisting>
+export XMODIFIERS="@im=xcin"</programlisting>
+ <para>¨Ã¦b <filename>XF86Config</filename> ¤¤ªº <option>Section "Files"</option>
+ °Ï¬q¼W¥[ <option>FontPath "/usr/X11R6/lib/X11/fonts/local/"</option>
+ ¡C</para>
+ <para>¥Ø«eªº port ÁÙ¥]¶i¤F»Å­µ¿é¤Jªk(chewing)¡A¤@ºØÁo©úªºª`­µ¿é¤Jªk¡C
+ ¥¦·|®Ú¾Ú±`¨£ªº¦rµü¡A¦Û°Ê±N±z©Ò¿é¤Jªºª`­µÂàÅܬ°¾A·íªº¤¤¤å¦r¡A
+ ¨Ï±z´X¥G¤£»Ý­n¦b¿é¤J®É¤@ª½¿ï¨ú¦P­µ¦r¡C</para>
+ <figure>
+ <title>xcin25 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/xcin25" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://xcin.linux.org.tw/">
+ xcin project</ulink></para>
+ </sect1>
+
+ <sect1 id="gtk-im-module">
+ <title>GTK_IM_MODULE</title>
+ <para>GTK2 ¥»¨­¤]´£¨Ñ¤£¤Ö¿é¤Jªk¨Ñ¨Ï¥ÎªÌ¿ï¥Î¡A
+ ±z¥i¥H³z¹L <command>gtk-query-immodules-2.0</command>
+ ¨Ó¨ú±o¦³¨º¨Ç Input Method Module¡A
+ ¤£¹L¤´µM¨S¦³¤º«Ø¤¤¤åªº¿é¤Jªk¼Ò²Õ¡A
+ ©Ò¥H¥L¤]¤ä´©«D¥L¥»¨­©Ò´£¨Ñªº¨ä¥L¤è¦¡¨Ó¿é¤J¡A
+ ¨Ò¦p XIM¡C
+ GTK_IM_MODULE ¦b¬Y¨Ç±¡ªp¤UªºÀu¥ýÅv·|¤ñ XMODIFIERS ÁÙ°ª¡A
+ ¦pªG¬°¤F«OÀI°_¨£¡A
+ ¥i¥H³]©w¬° xim¡C</para>
+ <screen>&prompt.user; <userinput>setenv GTK_IM_MODULE xim</userinput></screen>
+ <para>¦pªG­n¸ó¤J immodule ¥i¥Hª`·N¤@¤U
+ <filename role="package">japanese/uim</filename>¡C
+ uim ªº¥Ø¼Ð¬O§@¬°µo®i·s immodule ªº°ò¦¥­¥x¡A
+ ¥Ø«e¤w¸g¦³¤£¤Ö Emacs ªº¿é¤Jªk¦b¤W­±¡A¹³¬O PinYin¡C
+ ©Î¬O ¤å¨ã(wenju)¡A¥L¤w¸g¦b¤W­±¶}µo¤­µ§©M«÷­µ¿é¤Jªk¡A
+ ¥L§Q¥Î TIM(Table-based Input Method) ³o­Ó GTK2 Áä½L¿é¤J¼Ò²Õ¡A
+ ±N¿é¤Jªk¥HÂà´«½Xªíªº¤è¦¡±±¨î¡A¥i¥H¤è«Kªº­×§ï©Î·s¼W½Xªí¨Ó©w¸q·sªº¿é¤Jªk¡A
+ wenju ªººô¯¸¦³¸Ô²Ó¤¶²Ð TIM ªº¦w¸Ë»P¨Ï¥Î¤è¦¡¡C
+ ¬Y­Ó¤j³°ªº¿é¤Jªk SCIM ¤]¦³°µ¹ï immodule ªº¤ä´©¡C</para>
+ <para>µ§ªÌ§â xcin25 ªºª`­µ¡A­Ü¾e¡AåF½¼¦Ìªº .cin Âন¤F wenju ªº .tim¡A
+ ¦³¿³½ìªº¥i¥H¦w¸Ë outta-port/wenju¡AµM«á³]©w GTK_IM_MODULE ¨Ó¿ï¾Ü¿é¤Jªk¡A
+ ©Î¬O¦bµøµ¡¤W«ö¥kÁä¿ï¾Ü¡C
+ ª`­µ¬O phone.tim¡A­Ü¾e¬O cj.tim¡AåF½¼¦Ì¬O liu.tim¡A
+ ¦pªG­n¨Ï¥Îª`­µ¥i¥H¿é¤J¦p¤U:</para>
+ <screen>&prompt.user; <userinput>setenv GTK_IM_MODULE phone.tim</userinput></screen>
+ <programlisting>
+¥H¤U¬OÂà´« .cin ¨ì .tim ªº¤è¦¡
+# echo "TIMName=ª`­µ" > phone.tim.big5
+# sed -e '/%/d' -e '/^#/d' phone.cin | awk '{print $1, $2}' | sort | uniq | \
+ awk '{ if ( b == $1 ) { line = line "|" $2 } else { line = line "\n" $1 "=" $2 } b = $1 } END { print line }' \
+ >> phone.tim.big5
+# iconv -c -f big5 -t utf-8 phone.tim.big5 > /usr/X11R6/share/wenju/phone.tim
+# gtk-query-immodules-2.0 > /usr/X11R6/etc/gtk-2.0/gtk.immodules
+
+¥H¤U¬O¿é¤Jªkªº¨Ï¥Î¤è¦¡
+Shift+Space ¥i¤Á´«­^¼Æ¿é¤Jªk
+. ¤U¤@­Ó¦r©Îµü
+&gt; ¤U¤Q­Ó¦r©Îµü
+, ¤W¤@­Ó¦r©Îµü
+&lt; ¤W¤Q­Ó¦r©Îµü
+Space ¿ï¾Ü²Ä¹s­Ó¦r©Îµü
+Ctrl+¼Æ¦r ¿ï¾Ü²Ä´X­Ó¦r©Îµü
+Enter °e¥X</programlisting>
+ <para>­è¤Á´«¨ì wenju ªº®É­Ô¡AOverTheSpot ·|¦b³Ì¥ª¤W¨¤¡A
+ ¥i¥H¥ô·N¿é¤J¤@­Ó¦rµM«á«ö¤è¦VÁä¡A¥L´N·|¶]¨ì¥¿½Tªº¦ì¸m¤W¡C
+ ¤£¹L¿ï¦rªº¤è¦¡Áٻݧï¶i¡A¥Ø«e¬O¥Ñ 0 ¦Ü 9¡A
+ ³q±`¬O²ßºD 1 ¦Ü 0 ªºÁä½L±Æ¦C¶¶§Ç¡C</para>
+ <para>WWW: <ulink url="http://sourceforge.jp/projects/anthy/files/">
+ UIM input method collection</ulink></para>
+ <para>WWW: <ulink url="http://wenju.sourceforge.net/">
+ ¤å¨ã(wenju) - Writing Tools</ulink></para>
+ <para>WWW: <ulink url="http://www.turbolinux.com.cn/~suzhe/scim/">
+ Smart Common Input Method(SCIM)</ulink></para>
+ </sect1>
+
+ <sect1 id="chinput">
+ <title>chinput - ²Å餤¤å XIM Server</title>
+ <para>±q <application>Chinput-2.1</application> ¦b
+ GNU/Linux ¥­¥x¤W²¾´Ó¹L¨Óªº³nÅé¡C
+ ¥Ø«e¦³ <application>chinput</application> »P
+ <application>chinput2</application> ¨âºØ®M¥ó¡C
+ ¤¤¤å GB¡BBIG5¡B¤é¤å½X¿é¤J¦øªA¾¹¡C </para>
+ <para>¦w¸Ë <filename role="package">chinese/chinput</filename>¡C</para>
+ <screen>
+&prompt.root; <userinput>cp work/chinput/fonts/*.pcf.gz /usr/X11R6/lib/X11/fonts/local/</userinput>
+&prompt.root; <userinput>mkfontdir /usr/X11R6/lib/X11/fonts/local/</userinput>
+&prompt.root; <userinput>xset fp rehash</userinput></screen>
+ <para>¦w¸Ë <filename role="package">chinese/chinput3</filename>¡C</para>
+ <para>¦w¸Ë¦n chinput «á¡A°O±o­n­×§ï .xinitrc ªº XMODIFIERS¡A
+ ¦pªG¨S¦³ªº¸Ü´N¦Û¦æ¥[¤W¡C </para>
+ <programlisting>
+export XMODIFIERS="@im=Chinput" </programlisting>
+ <para>µM«á¥u­n¥Î <command>chinput &</command> ´N¥i¥H¶}±Ò¡A
+ ¤£¹L¹w³]¶}±Òªº®É­Ô¬OÁôÂ꺡A¥²¶·¦A¥Î ctrl+space ¥s¥X¨Ó¡C </para>
+ <programlisting>
+¼öÁä:
+ Control-space: ÁôÂÃ/¼u¥X¿é¤Jµ¡¤f
+ Control-LeftButton: ÁôÂÿé¤Jµ¡¤f(¾A¥Î¤_¦b¤£¤ä«ùXIMªº³n¥ó
+ ¤¤¤u§@®É·Q§â¿é¤J±øÁôÂ꺳õ¦X)
+ Alt-space: ¤Á´«¿é¤J±øªºÅã¥Ü¼Ò¦¡(®Úµ¡¤f¼Ò¦¡©M¥ú¼Ð¸òÀH¼Ò¦¡)
+ Control-Alt-Space: ¤Á´«¦Û°ÊÁôÂéM«D¦Û°ÊÁôÂüҦ¡.
+ F1: ¿E¬¡/¸T¤î¤¤¤å¿é¤J
+ (Shift)Fn: ¤Á´«¿é¤J¤èªk </programlisting>
+ <para>±µµÛ¶}±Ò¤@­Ó²Åé²×ºÝ¾÷¡G<command>rxvt -fm "-aliasdefault-ming-medium-r-normal--16-160-0-0-c-160-gb2312.1980-0" -im Chinput &</command></para>
+ <para>Author WWW:<ulink url="http://www.opencjk.org/~yumj/">
+ Yu Mingjian's Homepage</ulink></para>
+ </sect1>
+
+ <sect1 id="minichinput">
+ <title>miniChinput - ²Å餤¤å XIM Server</title>
+ <para>¦w¸Ë <filename role="package">chinese/miniChinput</filename>¡C</para>
+ <para>­×§ï <filename>~/.xinitrc</filename> ¤å¥ó¥[¤J
+ <option>export XMODIFIERS=@im=Chinput</option>¡C</para>
+ <para>WWW: <ulink url="http://sourceforge.net/projects/minichinput/">
+ miniChinput project</ulink>
+ </sect1>
+
+ <sect1 id="xsim">
+ <title>xsim - ²Å餤¤å XIM Server</title>
+ <para>¦w¸Ë <filename role="package">chinese/xsim</filename>¡C</para>
+ <para>½T»{¦s¦b <filename>/usr/X11R6/lib/X11/locale/zh_CN/XI18N_OBJS</filename>¡A
+ ¦pªG¨S¦³¡A¥i¥H«þ¨©³o­Ó
+ <filename>/usr/X11R6/lib/X11/locale/zh/XI18N_OBJS</filename>
+ ¨Ã­×§ïª`ÄÀ <option>__XlcEucLoader</option> ªº¤@¦æ¡C</para>
+ <para>­×§ï <filename>~/.xinitrc</filename> ¤å¥ó¥[¤J
+ <option>export XMODIFIERS=@im=XSIM</option>¡C</para>
+ <para>WWW: <ulink url="http://sourceforge.net/projects/xsim/">
+ xsim project</ulink>
+ </sect1>
+
+ <sect1 id="fcitx">
+ <title>fcitx - ²Å餤¤å XIM Server</title>
+ <para>¦w¸Ë <filename role="package">chinese/fcitx</filename>¡C</para>
+ <para>­×§ï <filename>~/.xinitrc</filename> ¤å¥ó¥[¤J
+ <option>export XMODIFIERS=@im=fcitx</option>¡C</para>
+ <para>´ú¸Õ¡G</para>
+ <screen>
+&prompt.user; <userinput>setenv LANG zh_CN.EUC</userinput>
+&prompt.user; <userinput>setenv LC_CTYPE zh_CN.EUC</userinput>
+&prompt.user; <userinput>setenv XMODIFIERS @im=fcitx</userinput>
+&prompt.user; <userinput>rxvt -fm "-*-gbk-*" -km gb &</userinput></screen>
+ <para>¦pªG¬O KDE3 ªº¨Ï¥ÎªÌ¥i¯à·|µo²{µLªk¨Ï¥Îªº°ÝÃD¡A
+ ¥i¯à¬O¦]¬°¹w³] Root ¦Ó fcitx ¨Ã¤£¤ä´©¡A
+ ¥i¥H³z¹L°õ¦æ qtconfig¡A¿ï¾Ü Interface -&gt;
+ XIM Input Style: Over The Spot¡A
+ File -&gt; Save¡AµM«á­«¶}­n¿é¤Jªº³nÅé§Y¥i¡C</para>
+ <para>WWW: <ulink url="www.fcitx.org/">
+ fcitx project</ulink></para>
+ </sect1>
+
+ <sect1 id="aterm">
+ <title>aterm - ¤ä´© XIM ªº¤¤¤å²×ºÝ¾÷</title>
+ <para><application>aterm</application> ¬O¤@®M±m¦â vt102 ²×ºÝ¾÷³nÅé¡A
+ ¤ä´©³z©ú©M XIM¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/aterm</filename>¡C</para>
+ <para>µ§ªÌ¥Ø«e¨Ï¥Îªº³]©w <filename>~/.Xdefaults</filename></para>
+ <programlisting>
+! Begin ports/chinese/aterm configuration
+aterm.borderColor: black
+aterm.background: black
+aterm.backspacekey: "^H"
+aterm.cursorColor: IndianRed
+aterm.foreground: gray98
+aterm.geometry: 80x24
+aterm.inputMethod: xcin
+aterm.multichar_encoding: big5
+aterm.preeditType: OverTheSpot
+aterm.scrollTtyKeypress: True
+aterm.scrollTtyOutput: False
+aterm.scrollBar_right: True
+aterm.shading: 30
+aterm.termName: xterm-color
+aterm.transparent: True
+aterm.transpscrollbar: True
+aterm.troughColor: black
+!±z¥i¿ï¾Ü·Q­nªº¦rÅé¤j¤p
+! °ê³ì 16pt, °ê³ì 16pt
+aterm.font: 8x16
+aterm.mfont: kc15f
+! End ports/chinese/aterm configuartion</programlisting>
+ <figure>
+ <title>aterm snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/aterm" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://aterm.sourceforge.net/">
+ aterm project</ulink></para>
+ </sect1>
+
+ <sect1 id="rxvt">
+ <title>rxvt</title>
+ <para><application>rxvt</application> ¬O
+ ouR eXtended Virtual Terminal ªºÁY¼g¡A¤@¶}©l¬O»Pª©¥»ªº
+ <application>xcin</application> °t¦X¤~¦³¤@­Ó¥i¥H¿é¤J¤¤¤åªº
+ Terminal¡A¤£¹L²{¦b³vº¥¦³¨ä¥Lªº Terminal ¥X²{¡A¥H¤Î XIM ¬[ºcªº½T¥ß¡A
+ ©M X Window ªº²±¦æ¡ATerminal ³vº¥Åã±o´ù¤p¡C</para>
+ <para>¥Ø«e <application>rxvt</application> ¦³¨â­Óª©¥»¡A
+ <application>rxvt</application>¡B
+ <application>rxvt-devel</application> µ¥¡A³£¤ä´© XIM¡A
+ «Øij¨Ï¥Î <application>rxvt-devel</application>¡A­ì¦]¬O
+ <application>rxvt</application> µLªk¨Ï¥Î TrueType ªº¤¤¤å¦r«¬¨ÓÅã¥Ü¡C </para>
+ <para>¦w¸Ë <filename role="package">x11/rxvt-devel</filename>¡C</para>
+ <para>¥t¥~¦A½s¿è <filename>~/.Xdefaults</filename> ¨Ó§¹¦¨¤¤¤å³]©w¡A
+ ¥H¤U¬Oµ§ªÌ¥Ø«eªº³]©w¡G </para>
+ <programlisting>
+! Begin ports/x11/rxvt-devel configuration
+rxvt.borderColor: black
+rxvt.background: black
+rxvt.backspacekey: "^H"
+rxvt.cursorColor: IndianRed
+rxvt.foreground: gray98
+rxvt.geometry: 80x24
+rxvt.inputMethod: xcin
+rxvt.multibyte_cursor: yes
+rxvt.multichar_encoding: big5
+rxvt.preeditType: OverTheSpot
+rxvt.scrollTtyKeypress: True
+rxvt.scrollTtyOutput: False
+rxvt.scrollBar_right: True
+rxvt.termName: xterm-color
+rxvt.troughColor: black
+!±z¥i¿ï¾Ü·Q­nªº¦rÅé¤j¤p
+! °ê³ì 16pt, °ê³ì 16pt
+rxvt.font: 8x16
+rxvt.mfont: kc15f
+! End ports/x11/rxvt-devel configuartion</programlisting>
+ <para>¤£¹L <application>rxvt</application>
+ µLªk¨Ï¥Î«þ¨©»P¶K¤W¨ì¨ä¥LªºÀ³¥Î³nÅé¡A©Ò¥H§Ú³q±`³£·|§ï¥Î
+ <link linkend="eterm">Eterm</link> ¨Ó´À¥N¡C</para>
+ <para>¤£¹L¶Â©³¥Õ¦rÁÙ¬O·|¦³ÂIÁà¡A³q±`µ§ªÌ³£·|§ä XPM ¨Ó·í©³¹Ï¡A
+ <option>-pixmap xpmfile</option>¡A©Î¬O§ä¤ñ¸û²`¦âªº®à¥¬¡A
+ ¥Î <option>-tr</option> ¨Ó§â®à¥¬·í©³¹Ï¡C</para>
+ <para>¥t¥~¡A²{¦bÁ٤䴩 Multibyte Character Cursor movement
+ °Ñ¼Æ¬O -mcc¡A¥i¥H¤@¦¸²¾°Ê¤@­Óº~¦r¡B¤@¦¸º~¦r¡C
+ ©Ò¦³­ì¥ý¤@¦¸¥b­Óº~¦rªºªFªF(¦p¦b <application>joe</application>¡B
+ <application>pine</application>µ¥)
+ ²{¦b³£¥i¥H¤è«Kªº¨Ï¥Î¤F¡Ilogin ¨ì§O¥x¹q¸£¤W¤]¥i¥H³o¼Ë¤l¡C
+ ¤£¹L­ì¥ý¥Î <application>vim</application> ·|Åܦ¨¤@¦¸²¾°Ê¨â­Óº~¦r¡A
+ ­n <option>set fileencoding=ansi</option> ¤~·|¥¿±`¡C</para>
+ <figure>
+ <title>rxvt snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/rxvt" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.rxvt.org/">
+ rxvt project</ulink> </para>
+ </sect1>
+
+ <sect1 id="eterm">
+ <title>Eterm</title>
+ <para>°£¤F <application>rxvt</application> ¥H¥~ªº¥t¤@­Ó¿ï¾Ü¡A¤ä´©
+ XIM¡A¥\¯à¤Ö¦ý¬O¤ñ <application>rxvt</application> í©w¡C
+ tinting+transparency+scrollbar «h¬O¥t¤@­Ó½æÂI¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/eterm</filename>¡C</para>
+ <para>¦pªG²ßºD¤F backspace °e¥X ^H¡A¥i¥H±N
+ <command>eterm.backspacekey: "^H"</command>
+ ³]©w¼g¦b <filename>~/.Xdefaults</filename>¡C
+ ¦ý¬O Eterm ¨Ã¤£¤ä´©¦b ~.Xdefaults ¤¤ªº¨ä¥L¸ê°T¡A
+ ©Ò¥H³q±`³£·|¥t¥~¼g¤@­Ó script ¨Ó±Ò°Ê Eterm¡A
+ ¨Ò¦p¼g¦b <filename>/usr/X11R6/bin/eterm</filename>¡C</para>
+ <programlisting>
+Eterm --font "-*-medium-r-normal-*-*-160-*-*-c-*-iso8859-1" \
+ --mfont kc15f --mencoding big5 --input-method xcin \
+ --preedit-type OverTheSpot -8 -g 80x24 -B next -O \
+ --cmod 200 &</programlisting>
+ <para>¤ñ¸û¦nª±ªº°Ñ¼Æ¦p¡G<option>-P "gaia.jpg@100x100"</option>¡A
+ <option>-P "galleon.jpg@100x100"</option>¡A
+ <option>-P "fourthday.jpg@100x100"</option>¡A
+ <option>-P "night_of_the_dragon.jpg@100x100"</option>
+ µ¥º}«Gªº©³¹Ï¡C©Ò¥Hµ§ªÌ³q±`³£·|§â¹Ï¥[¨ì
+ <filename>/usr/X11R6/share/Eterm/pix/</filename>¡A
+ ¨Ã­×§ï <filename>/usr/X11R6/share/Eterm/pix/pixmaps.list</filename>
+ ¥u¯d¦Û¤v³ßÅwªº¹Ï¡C©³¹Ï¥H²`¦â¨t¬°¥D¡A¦]¬°¹w³]ªº¦r¬O¥Õ¦â¡C
+ ©Î¬O¥Î¦Û¤v³ßÅwªº¹Ï <option>-P "ffx.jpg@100x100"</option>¡C</para>
+ <figure>
+ <title>Eterm snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/Eterm" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.eterm.org/">
+ eterm project</ulink></para>
+ </sect1>
+
+ <sect1 id="mlterm">
+ <title>mlterm - ¦h°ê»y¨¥²×ºÝ¾÷</title>
+ <para>¦w¸Ë <filename role="package">x11/mlterm</filename>¡C</para>
+ <para>¨Ã¦w¸Ë <application>chinese/kcfonts</application>¡A
+ ±µµÛ¶}©l³]©wÀô¹Ò¡C</para>
+ <para>¦b®a¥Ø¿ý¤U«Ø¥ß <filename>.mlterm</filename> ¸ê®Æ§¨¡A
+ ¨Ã¥B¼W¥[¨â­ÓÀɮסA¤@­ÓÀɮ׬O <filename>~/.mlterm/main</filename>¡A
+ ¼W¥[¦p¤Uªº¤º®e¡G</para>
+ <programlisting>
+bg_color=black
+fg_color=white
+geometry=80x24</programlisting>
+ <para>­Y¬O XFree86 4.1.0 ¤§«e«h¥t¥~¥[¤W <option>big5_buggy=true</option>
+ ¨Ó¸Ñ¨M½Æ»s¶K¤Wªº°ÝÃD¡C</para>
+ <para>¨Ã¼W¥[¥t¤@­ÓÀÉ®× <filename>~/.mlterm/font</filename> ¦p¤Uªº¤º®e¡G</para>
+ <programlisting>
+BIG5=16,kc15f;20,-*-medium-r-normal--20-*-big5-0;24,kc24f;</programlisting>
+ <para>­Y¬O­n¨Ï¥Î anti-alias ªº¥\¯à«h­n­×§ï
+ <filename>~/.mlterm/aafont</filename> ¨Ó¼W¥[¥H¤Uªº¤º®e¡G</para>
+ <programlisting>
+ISO8859_1=AR PL Mingti2l Big5-ISO8859-1;
+BIG5=AR PL Kaitim Big5-ISO10646-1;
+JISX0208_1983=AR PL Kaitim Big5-BIG5-0;</programlisting>
+ <para>¨Ã¦b <filename>~/.mlterm/main</filename> ¼W¥[
+ <option>use_anti_alias=true</option>¡C</para>
+ <para>mlterm ¥»¨Ó¦³­ÓÆZ§xÂZªº°ÝÃD¡A´N¬O¹ï¦â½Xªº³B²z¨Ã¤£¬O«Ü¦n¡A
+ ¤£¹L¦b gugod ªº´£¿ô¤U¡Aµo²{¦b³B²z¦â½X«e¥ý°õ¦æ screen¡A
+ ¨Ò¦p¥Î mlterm ¨Ó³s BBS¡Amlterm ´N¥i¥HÆZ¥¿±`ªºÅã¥Ü¦â½Xªº³¡¥÷¡C</para>
+ <figure>
+ <title>mlterm snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/mlterm" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://mlterm.sourceforge.net/">
+ mlterm project</ulink></para>
+ </sect1>
+
+ <sect1 id="cxterm">
+ <title>cxterm - X Window ¤Uªº¤º«Ø¿é¤Jªk¤¤¤å²×ºÝ¾÷</title>
+ <para>¦b X Window ¼Ò¦¡¤U°õ¦æªº¤¤¤åµêÀÀ²×ºÝ¾÷¡A¬°³Ì¥j¦Ñªº¤¤¤åÅã¥Ü/¿é
+ ¤JÀô¹Ò¡A´£¨Ñ¦UºØ¤¤¤å¤º½X¼Ò¦¡¡A¥]§t BIG5¡AHZ¡AGB µ¥µ¥¡C¨C¤@­Ó
+ <application>cxterm</application> µêÀÀ²×ºÝ¾÷³£¥²¶·¸ü¤J¤¤¤å¸ê®Æ¡A
+ ¯Ó¥Îªº¨t²Î¸ê·½¬Û·í¤j¡A¬G²{¦b³£¥H
+ <application>rxvt</application> ¨Ó¨ú¥N¤§¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/cxterm</filename>¡C</para>
+ <para>µM«á¥Î <command>CXterm -bg black -fg white -big5 &</command>
+ ±Ò°Ê´N¥i¥H¬Ý¨ì¤¤¤åªº¤¶­±¤F¡C</para>
+ <para>¥H¤U¬O¿é¤Jªkªº¤Á´«¤è¦¡¡G</para>
+ <programlisting>
+SHIFT_F1 - ­^¤å¿é¤J (ASCII input)
+SHIFT_F2 - º~¦r¿é¤J::¤º½X::
+SHIFT_F3 - CXTERM input configuration
+SHIFT_F4 - º~¦r¿é¤J::«÷­µ::
+SHIFT_F5 - º~¦r¿é¤J::¼ÐÂI²Å¸¹::
+SHIFT_F6 - º~¦r¿é¤J::¹s³üª`­µ::
+SHIFT_F7 - º~¦r¿é¤J::­Ü¾e::
+SHIFT_F8 - º~¦r¿é¤J::­^º~::
+SHIFT_F9 - º~¦r¿é¤J::³\¦¡ª`­µ::
+SHIFT_F10 - º~¦r¿é¤J::µL½¼¦Ì::
+CTRL_·Æ¹«¤¤Áä - POPUP CONFIGURATION PANEL</programlisting>
+ <figure>
+ <title>cxterm snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/cxterm" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://cxterm.sourceforge.net/">
+ cxterm project</ulink></para>
+ </sect1>
+
+ <sect1 id="newinputmethod">
+ <title>·s¼W¿é¤Jªk - åF½¼¦Ì¿é¤Jªk¬°¨Ò</title>
+ <para>¥Ø«e±`¨£ªº¿é¤Jªkªí®æ¦³¨âºØ®æ¦¡¡G<filename>tit</filename> ¤Î
+ <filename>cin</filename>¡C³o¨âºØ³£¬O¯Â¤å¦r®æ¦¡
+ (´«¥y¸Ü»¡±z¥i¥Hª½±µ¥Î¤å®Ñ½s¿è¾¹¨ÓÆ[¬Ý)¡C
+ ¦ý¦U­Ó¤¤¤å¨t²Î¬°¤F¥[§Ö·j´M³t«×¡A¦h¥b´£¨Ñ¤u¨ã
+ µ{¦¡±N¯Â¤å¦r®æ¦¡Âର¯S®íªº¤G¶i¦ìÀÉ¡C¦pªG±z­n¦w¸Ë¬YºØ¿é¤Jªk¡A
+ ¥²¶·¨ú±o¥¦ªº <filename>tit</filename> ©Î <filename>cin</filename>
+ ªí®æ¡A©Î¬OÂà´««áªº®æ¦¡¡C</para>
+ <para>¥H¤UåF½¼¦Ì¿é¤Jªk¬°¨Ò¡A¤À§O»¡©ú¦p¦ó¦b¦U¤¤¤å¨t²Î¤¤¥[¤JåF½¼¦Ì¿é¤Jªk¡G</para>
+ <para>¦æ©ö¤½¥q¤w¸g¤£¦b¤¹³\åF½¼¦Ì .cin Àɪº¦Û¥Ñ¶Ç¼½¡A
+ ©Ò¥H´N¨S¦³¤FåF½¼¦Ìªº¿é¤Jªkªí®æ¡C
+ ½Ð¦Û¤v§Q¥ÎÀÉ®×·j¯Á¤ÞÀº´M§ä¡C¨Ò¦p¦b¥H¤Uªº·j´M¤ÞÀº¿é¤J liu55 </para>
+ <para><ulink url="http://gais.cs.ccu.edu.tw/GaisFtp/">
+ Flobal Area Information Servers FTP</ulink></para>
+ <para>§Q¥Î <application>xcin25</application> ªº¤u¨ãµ{¦¡
+ <application>cin2tab</application> ±N <filename>.cin</filename>
+ ªí®æÂà´«¬° <filename>.tab</filename> ÀÉ¡G</para>
+ <screen>
+&prompt.root; <userinput>/usr/X11R6/lib/X11/xcin25/bin/cin2tab liu55.cin</userinput>
+CIN2TAB ª©¥» (xcin 2.5.2.2) ¦r¶°½s½X¦WºÙ=big5
+cin2tab: cin ªí®æÀÉ: liu55.cin, ¨Ï¥Î¼Ò²Õ: gencin ª©¥» 20000827¡C
+cin2tab: ©w¸qÁ䪺¼Æ¥Ø: 31
+cin2tab: ¦rÁ䪺³Ì¤jªø«×: 5
+cin2tab: ½s½Xªº¦r¤¸Á`¼Æ: 13973
+cin2tab: ©w¸qªº¦r¤¸¼Æ¥Ø: 23411
+cin2tab: ¤w©w¸qªº¦rÁä½s½X¼Æ¥Ø: 23411
+cin2tab: ©¿²¤ªº¤w©w¸q¦r¤¸¼Æ¥Ø: 0
+cin2tab: °O¾ÐÅé¼Ò¦¡: 1</screen>
+ <para>¥¦·|²£¥Í <filename>liu55.tab</filename> ³o­ÓÀɮסC±N¥¦©ñ¨ì
+ <filename>/usr/X11R6/lib/X11/xcin25/tab/big5/</filename>
+ ªº¥Ø¿ý¤¤¡C</para>
+ <para>±µ¤U¨Ó½Ð­×§ï±zªº xcinrc ªº³]©wÀÉ¡A¨ä¤¤¨C¦æ¶}ÀYªº - ©M +
+ ¤À§O¥Nªí§R°£³o¤@¦æ©M·s¼W³o¤@¦æ¡A¤º®e¦p¤U¡G </para>
+ <programlisting>
+;
+; This is the global configuration of the zh_TW.Big5 locale
+;
+(define zh_TW.Big5
+ '((DEFAULT_IM "cj")
+ (DEFAULT_IM_MODULE "gen_inp")
+ (DEFAULT_IM_SINMD "DEFAULT")
+ (PHRASE "default.phr")
+ (CINPUT (cj simplex phone bimspinyin bimsphone jyutping
+- array30 zh_hex))
++ array30 zh_hex liu55))
+ (FONTSET "-sony-*-16-*-iso8859-1,-*-16-*-big5-0")
+ (OVERSPOT_FONTSET "-sony-*-16-*-iso8859-1,-*-16-*-big5-0")))
+
+;
+; Here are detailed configuration of each IM (for zh_TW.Big5 locale).
+;
++ (define liu55@big5
++ '((SETKEY 9)))</programlisting>
+ <para>±Ò°Ê <application>xcin25</application>¡G</para>
+ <screen>
+&prompt.root; <userinput>xcin2.5 &</userinput> </screen>
+ <para>
+ µM«á¥Î <command>CTRL-ALT-9</command> §Y¥i¥s¥XåF½¼¦Ì¿é¤Jªk¡C </para>
+ <para> WWW: <ulink url="http://xcin.linux.org.tw/xcin/2.5.2/Cin.html">
+ xcin CinÀɮ׮榡</ulink> </para>
+ <para>¥H¤U¬O¦p¦ó¦b <application>big5con</application>
+ ©³¤U·s¼WåF½¼¦Ì¿é¤Jªk¡C </para>
+ <para>¨ìÀÉ®×·j¯Á¤ÞÀº§ä boshiamy¡A´N¥i¥Hµo²{¦³ boshiamy.tgz¡A
+ ¤U¸ü¤§«á¡A¸ÑÀ£ÁY¨ì <filename>/usr/local/lib</filename>¡C </para>
+ <screen>
+&prompt.root; <userinput>fetch ftp://freebsd.csie.nctu.edu.tw/pub/taiwan/NTU/woju/binary/boshiamy.tgz</userinput>
+&prompt.root; <userinput>tar zxvf boshiamy.tgz -C /usr/local/lib</userinput> </screen>
+ <para>µM«á½s¿è <filename>/usr/local/bin/et</filename> ¥[¤J
+ <option>-in9 Boshiamy.tab</option>¡AµM«áª½±µ¥´
+ <command>et</command> ¨Ó±Ò°Ê <application>big5con</application>¡C </para>
+ </sect1>
+
+ <sect1 id="shell">
+ <title>¦b Bash/Tcsh Shell ©³¤Uªº¤¤¤å¿é¤J</title>
+ <para>¦b§Ú­Ì§¹¦¨¤¤¤å¨t²Î«Ø¥ßªº¤u§@¡A±z¤w¸g¥i¥H¦b±zªº FreeBSD
+ ¾÷¾¹¤W­±Åã¥Ü¤¤¤å¤F¡C¦ý¦pªG±z¨Ï¥Î Shell¡A±z·|µo²{¡A
+ ±zªº FreeBSD ¥u¯àÅã¥Ü¤¤¤å¡A«oµLªk±µ¨ü¤¤¤åªº¿é¤J¤u§@¡C
+ ¦pªG±z·Q­n§ï¶i³o­Ó°ÝÃD¡A±z¥²¶·¦Û¤v­×§ï¤@¨Ç³]©w¡A¨Ï FreeBSD
+ ¨t²Î¥i¥H±µ¨ü¤¤¤åªº¿é¥X»P¿é¤J¤u§@¡C</para>
+ <para>±z¥²¶·­n¦b±z¨Ï¥Îªº Shell °_©lÀɼW¥[ locale ªº³]©w¡C
+ (¦pªG±zªº®a¥Ø¿ý¤¤¨Ã¥¼¦³³o¼ËªºÀɮסA½Ð¦Û¦æ«Ø¥ß) </para>
+ <para>Bash Shell¡G</para>
+ <para>¦b <filename>~/.profile</filename> ©Î
+ <filename>~/.bashrc</filename> ¼W¥[¤U­±ªº¤º®e¡G</para>
+ <programlisting>
+#stty cs8 -istrip
+#stty pass8
+export LANG=zh_TW.Big5
+export LC_CTYPE=zh_TW.Big5</programlisting>
+ <para>¥t¥~¦b <filename>~/.inputrc</filename> ÀɼW¥[³]©w¦p¤U¡G</para>
+ <programlisting>
+# inputrc - global inputrc for libreadline
+# See readline(3readline) and `info rluserman' for more information.
+
+# Be 8 bit clean.
+set meta-flag on
+set input-meta on
+set output-meta on
+
+# To allow the use of 8bit-characters like the german umlauts, comment out
+# the line below. However this makes the meta key not work as a meta key,
+# which is annoying to those which don't need to type in 8-bit characters.
+set convert-meta off</programlisting>
+ <para>Tcsh Shell¡G</para>
+ <para>¦b <filename>~/.login</filename> ©Î
+ <filename>~/.cshrc</filename> ¼W¥[³]©w¦p¤U¡G</para>
+ <programlisting>
+#stty cs8 -istrip
+#stty pass8
+setenv LANG zh_TW.Big5
+setenv LC_CTYPE zh_TW.Big5
+set dspmbyte="
+0000000000000000000000000000000000000000000000000000000000000000
+2222222222222222222222222222222222222222222222222222222222222220
+2333333333333333333333333333333333333333333333333333333333333333
+3333333333333333333333333333333333333333333333333333333333333330"</programlisting>
+ <para>½Ð±N dspmbyte ¦b "" ¤¤ªº¦r¦ê±µ°_¨Ó¡C</para>
+ <para>Ãö©ó <option>dspmtype</option> ³]©wªº­ì¦]¬O¦]¬°¦b
+ <application>tcsh</application> ªº man page ¤¤¡A¹ï·Ó
+ Big5 ªº¨Ï¥Î¦r½Xªí [\x81-\xFE][\x40-\x7E\x80-\xFE] ¦Ó³]©wªº¡C</para>
+ <para>tcsh-6.11 ¤º«Ø¤F¤¤¤å big5 ¤ä´©</para>
+ <programlisting>
+ dspmbyte (+)
+ If set to `euc', it enables display and editing
+ EUC-kanji(Japanese) code. If set to `sjis', it
+ enables display and editing Shift-JIS(Japanese)
+ code. If set to `big5', it enables display and
+ editing Big5(Chinese) code. If set to the follow
+ ing format, it enables display and editing of
+ original multi-byte code format:</programlisting>
+ <para>©Ò¥H¥H«á dspmbyte ³]©w¦¨ big5¡A¤£¥Î³]©w¤@¤j¦ê¡F
+ ©ÎªÌ°®¯Ü¤£­n³]©w dspmbyte¡A¥u­n LANG ¬° zh_TW.Big5 ´N¥i¥H¤F :)</para>
+ <programlisting>
+2001/09/05 -CURRENT ¶×¤J tcsh-6.11
+2001/10/08 -STABLE ¶×¤J tcsh-6.11
+http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/tcsh/Fixes</programlisting>
+<!-- <para>³Ì«á¡A½Ð±z¦Û¤v·Ç³Æ¤@­Ó¤w¸g¥]§t¤¤¤å¦rªºÀɮסA§Q¥Î
+ <application>grep</application>
+ ¤u¨ãµ{¦¡¨Ó·j´M¨ä¤¤ªº¤å¦r¡C¦pªG¥i¥H§ä±o¨ì¡A
+ ªí¥Ü±zªº FreeBSD ¨t²Î¤w¸g¥i¥H³B²z¤¤¤å¦r¤F¡C</para>-->
+ <figure>
+ <title>tcsh snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/tcsh" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="big5fs">
+ <title>big5fs - Joliet, VFAT ©M NTFS Àɮרt²Îªº¤¤¤åÅã¥Ü</title>
+ <para>¦pªG±zªº¹q¸£¬O FreeBSD »P VFAT (Windows95/98) ©Î¬O
+ NTFS (Windows NT/2000) ¨Ã¦s¡A
+ ¦Ó¥B¤S¶·­n¦s¨ú DOS Àɮרt²Î©Î¬O NTFS Àɮרt²Îªº¤¤¤åÀɦW¡A
+ ©Î¬O»Ý­nŪ¨ú Joliet (CDROM) ¤ºªº¤¤¤å¡A
+ ½Ð¨Ì·Ó¥H¤Uªº¨BÆJ¶i¦æ¡C¥¦·|¦w¸Ë¤T­Ó kernel ¼Ò²Õ¡A
+ cd9660.ko, msdos.ko(msdosfs.ko) ©M ntfs.ko¡A
+ ±N¥i¥HÅý¨Ï¥ÎªÌŪ¨ú¦b Joliet, VFAT ©M NTFS Àɮרt²Î¤Wªº
+ ¤¤¤åÀɦW¡C</para>
+ <para>¥²¶·§â kernel ¤¤ªº
+ <option>options MSDOSFS</option> »P
+ <option>options CD9660</option> comment ±¼¡A¨Ã­«·s
+ <command>make kernel</command> «á¡A¨Ã¥B­«·s¶}¾÷«á¡A¤~¯à¦w¸Ë
+ <application>big5fs</application>¡C
+ ¦]¬°¤W­±ªº kernel ¿ï¶µ·|©M³o­Ó port ©Ò¦w¸Ëªº kernel ¼Ò²Õ¦³½Ä¬ð¡A
+ ¦Ó kernel ¿ï¶µ·|¤ñ kernel ¼Ò²ÕÀu¥ý¡A
+ ¤]¨S¿ìªkÃö³¬³o¨Ç¿ï¶µ¨ÓÅý kernel ¨Ï¥Î kernel ¼Ò²Õ¡A
+ ©Ò¥H´N¤@©w±o­«½s kernel¡C
+ ¤£µM·í¦w¸Ë§¹«á¡A°õ¦æ <filename>big5fs.sh</filename> ´N·|¥X²{
+ <option>kldload: can't load cd9660: File exists</option> ©Î¬O
+ <option>module_register: module cd9660 already exists!
+ linker_file_sysinit "cd9660.ko" failed to register! 17</option>
+ ¤§Ãþªº¿ù»~°T®§¡A¥NªíµÛ¼Ò²Õ¦³½Ä¬ð¡A¥i¯à¬O¤w¸g³]©w¬° kernel ¿ï¶µ¡A
+ ©Î¬O¤w¸g¥Î kldload ¸ü¤J¤F¡C</para>
+ <programlisting>
+--- GENERIC.orig Fri May 16 17:39:13 2003
++++ GENERIC Wed May 28 03:37:52 2003
+@@ -38,8 +38,8 @@
+ options MD_ROOT #MD is a potential root device
+ options NFS #Network Filesystem
+ options NFS_ROOT #NFS usable as root device, NFS required
+-options MSDOSFS #MSDOS Filesystem
+-options CD9660 #ISO 9660 Filesystem
++#options MSDOSFS #MSDOS Filesystem
++#options CD9660 #ISO 9660 Filesystem
+ options CD9660_ROOT #CD-ROM usable as root, CD9660 required
+ options PROCFS #Process filesystem
+ options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]</programlisting>
+ <para>¦b¦w¸Ë«e¥ýÀˬd <filename>/usr/src/sys</filename> ¥Ø¿ý­n¤w¦³¤F¡A
+ ­Y¨S¥i¥Î <command>/stand/sysinstall</command> ©M¦w¸Ë¥úºÐ¦w¸Ë¡C
+ ¥Ñ©ó kernel ¼Ò²Õ©M¨t²Î¦³¬Û¨Ì©Ê¡A
+ ¥²¶·¨ú±o±z·í®É¦w¸Ë®Éªº kernel ª©¥»¤~¦æ¡C</para>
+ <para>¦w¸Ë <filename role="package">chinese/big5fs</filename>¡C</para>
+ <para>¦w¸Ë¦n«á¡A°õ¦æ
+ <command>/usr/local/etc/rc.d/big5fs.sh</command> ´N·|¸ü¤J¤W­zªº¼Ò²Õ¡A
+ ¦nÅý mount «ü¥O¯à¨Ï¥Î³o¨Ç¼Ò²Õ¡A³q±`¤]·|¦b¶}¾÷®É¦Û°Ê°õ¦æ¡A
+ ¥H¨¾ mount «ü¥Oª½±µÅª¨ú¤F <filename>/modules</filename> ©³¤Uªº
+ kernel ¼Ò²Õ¡C</para>
+ <para>¦pªG¤£½T©w¨º¨Ç¤À³Î°Ï¥i¥H mount¡A¥i¥H¥Î <command>
+ /stand/sysinstall</command> ªº Configure -&gt; Label ¨ú±o¡C</para>
+ <para>¥Hµ§ªÌ¬°¨Ò¡Aµ§ªÌ¦³­Ó ad0s3 ªº¤À³Î°Ï¡A©Ò¥H¥ý
+ <command>mkdir -p /mnt/ad0s3</command>¡AµM«á¥Î
+ <command>mount -t msdos /dev/ad0s3 /mnt/ad0s3</command>
+ ±N¸Ó¤À³Î°Ï mount °_¨Ó´ú¸Õ¬Ý¬Ý¡A
+ ¦pªG½T©w¥i¥Hªº¸Ü¡A¼g¤J <filename>/etc/fstab</filename>¡G</para>
+ <programlisting>
+/dev/ad0s3 /mnt/ad0s3 msdos ro,noauto 0 0
+</programlisting>
+ <para>µM«á¥[­Ó <filename>/usr/local/etc/rc.d/big5mount.sh</filename>
+ ¡A¸Ì­±«ö·Ó rc.d ªº³W«h¦b start ªº¦a¤è°õ¦æ
+ <command>mount /mnt/ad0s3</command> ´N¥i¥H¤F¡A
+ ¤]¥i¥H¦b stop ®É­Ô¥[¤W¬Û¹ïÀ³ªº«ü¥O¨Ó <command>umount</command>¡C
+ ª`·N rc.d ¸Ìªº *.sh ·|¨Ì¦r¥À¶¶§Ç°õ¦æ¡A©Ò¥H·sªº xx.sh ¤@©w­n¦b
+ <filename>big5fs.sh</filename> «á­±¡A
+ ¤~¯à½T©w¤w¸g¸ü¤J kernel ¼Ò²Õ¡C</para>
+ <para>¥»¨Ó¦Ò¼{¨Ï¥Î <application>mount_msdos</application>
+ ªº¤è¦¡¨Ã­×§ï¸Ó table¡A¤£¹L¦]¬° table
+ ¤Ó¤p¡A¨S¿ìªk®e¯Ç¦p¦¹¦hªº¤¤¤å¦r¤¸©Ò¥H¨S¿ìªk¹ê¦æ¡C</para>
+ <programlisting>
+The following example fstab(5) entry enables support for Russian
+filenames in mounted MS-DOS filesystems:
+
+ /dev/ad0s2 /dos/c msdos rw,-W=koi2dos,-L=ru_RU.KOI8-R 0 0
+
+See mount_msdos(8) for a detailed description of the -W and -L options.</programlisting>
+ <para>5-CURRENT ¤w¸g¦³ kiconv¡A¤]¦³¼ö¤ßªº¤é¥»¤H§Ë¤F I18N ­×¸ÉÀÉ¡A
+ ´N¤£¥Î¸Ë³o­Ó port¡A¥u­n³]©w¦n locale ´N¯à¥¿±`ªº¥Î¤¤¤å¡C</para>
+ <programlisting>
+mount_cd9660
+ -C charset
+ Specify local charset to convert Unicode file names when using
+ Joliet extensions.
+mount_msdosfs
+ -L locale
+ Specify locale name used for file name conversions for DOS and
+ Win'95 names. By default ISO 8859-1 assumed as local character
+ set.
+ -D dos-codepage
+ Specify the MS-DOS code page (aka IBM/OEM code page) name used
+ for file name conversions for DOS names.
+mount_ntfs
+ -C charset
+ Specify local charset to convert Unicode file names. Currently
+ only reading is supported, thus the file system is to be mounted
+ read-only.</programlisting>
+ <figure>
+ <title>ntfs snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/ntfs" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="gnuls">
+ <title>gnuls - ¥Î ls Åã¥Ü¯S®í¤¤¤åÀɦW©M¥Ø¿ý</title>
+ <para>¨Ï¥Î <application>gnuls</application> ¨ú¥N
+ <application>ls</application> ªº­ì¦]¬O¨S¦³ <option>-N</option>
+ "¥|¤À½Ã" ´NÅܦ¨ "|¤À½Ã"¡C </para>
+ <programlisting>
+ -N, --literal
+ print raw entry names (don't treat e.g. control
+ characters specially) </programlisting>
+ <para>¦w¸Ë <filename role="package">misc/gnuls</filename>¡C</para>
+ <para>¨Ã³]©w <command>alias</command> ¬°
+ <command> alias ls 'gnuls --color=auto --show-control-chars' </command>
+ ³o¼Ë <application>gnuls</application> Åã¥Ü¤~·|¥¿±`¡C </para>
+ <para><application>ls</application> µLªkÅã¥Ü¤¤¤å³q±`³£¬O³]©w¤F LC_CTYPE
+ ¬° zh_TW.Big5 ©Î¬O¨S³]©w LC_CTYPE ¤~·|µo¥Íªº°ÝÃD¡A¦b
+ <filename>~/.cshrc</filename> ¤¤¥[¤W¤U­±ªº alias §Y¥i¡G</para>
+ <programlisting>
+alias ls 'env LC_CTYPE=en_US.ISO_8859-1 ls'</programlisting>
+ <para>¤]¦³¤ñ¸û¯S®íªº¤èªk¡A¹³¬O <command>ls | cat</command>¡C</para>
+ <para>©Î¬O¶i¦æ¥H¤Uªº¨BÆJ¨Ó­×¸É <filename>/usr/src/bin/ls</filename>
+ ¡A¦pªG¨S¦³¦¹¥Ø¿ý½Ð¦Û¦æ¦w¸Ë¡C </para>
+ <screen>
+&prompt.root; <userinput>cd /usr/ports/outta-port/ls</userinput>
+&prompt.root; <userinput>make install clean</userinput></screen>
+ <para>µM«á¥Î <command>env TERM=xterm-color zh-ls -G</command>
+ ´N¦³±m¦âÅã¥Üªº¥Ø¿ý»PÀɮפF¡C</para>
+ <note><para>¥H¤Uªº³]©w¥i¥HÅý <application>/bin/ls</application>
+ ÁÙ¦³ <application>tcsh</application> ¤º«Øªº
+ <command>ls-F (or Ctrl-D)</command> ªº±m¦âÅã¥Ü¤@­P
+ ¡A¥¦¬O tcsh builtin command¡A¤£¹L¦³®É­Ô·|¦³°ÝÃD¡C
+ LSCOLORS ¬Oµ¹ ls ¥ÎªºÀô¹ÒÅܼơA¦Ó LS_COLORS «h¬Oµ¹ gnuls¡A
+ ¨âªÌªº®æ¦¡¨Ã¤£¬Û¦P¡C</para>
+ <programlisting>
+&prompt.root; <userinput>setenv CLICOLOR</userinput>
+&prompt.root; <userinput>set color</userinput>
+&prompt.root; <userinput>setenv LS_COLORS 'di=0;34:ln=0;35:so=0;32:pi=0;33:ex=0;31:bd=0;34;46:cd=0;34;43'</userinput></programlisting></note>
+ <figure>
+ <title>gnuls snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/gnuls" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ </sect1>
+
+ <sect1 id="xpdf">
+ <title>xpdf - ¤¤¤å PDF ªºÅã¥Ü</title>
+ <para><application>xpdf</application> ¬O¥Î¨ÓÂsÄý
+ Portable Document Format (PDF) Àɮתº¦n¤u¨ã¡C
+ (³q±`¤]·|ºÙ³o¨ÇÀɮ׬° 'Acrobat' ÀÉ¡A¦]¬° Adobe ªº
+ PDF ³nÅé)</para>
+ <para>¦w¸Ë <filename role="package">graphics/xpdf</filename>¡C</para>
+ <para>¦w¸Ë§¹«á¡A¥u­n¦b <filename>~/.Xdefaults</filename>
+ ¤¤³]©w¤¤¤å¦r«¬¡A´N¥i¥H«Ü¥¿±`ªº¬Ý«D¤º´O¤¤¤åªºÀɮסC</para>
+ <programlisting>
+xpdf.chineseCNSFont: -*-*-medium-r-normal-*-%s-*-*-*-*-*-big5-0
+xpdf.chineseGBFont: -*-*-medium-r-normal-*-%s-*-*-*-*-*-gb2312.1980-0</programlisting>
+ <para>²{¦b xpdf ¤w¸g±N xpdf ¤¤ªº CMap »P¥Dµ{¦¡¤À¶}¤F¡A
+ ¦pªG­n¬Ý¨ì¤¤¤åÁÙ¥²¶·¦w¸Ë xpdf ªº CMap ÀÉ¡C
+ ·í±z¬Ý¨ì³o¼Ë¤lªº¿ù»~°T®§¡G</para>
+ <screen>
+Error: Couldn't find cidToUnicode file for the 'Adobe-CNS1' collection
+Error: Unknown character collection 'Adobe-CNS1'
+
+Error: Couldn't find 'ETen-B5-H' CMap file for 'Adobe-CNS1' collection
+Error: Unknown CMap 'ETen-B5-H' for character collection 'Adobe-CNS1'</screen>
+ <para>
+ «hªí¥Ü¨S¦w¸Ë xpdf CMap¡A©Ò¥H­n¦w¸Ë <filename role="package">chinese/xpdf</filename> ¨Ã³]©w¦n¦r«¬¡C</para>
+ <para>¦pªG¸Ë¦nÁ٬ݨì¥H¤Uªº°T®§¡G</para>
+ <screen>
+Error: Couldn't find 'ETenms-B5-H' CMap file for 'Adobe-CNS1' collection
+Error: Unknown CMap 'ETenms-B5-H' for character collection 'Adobe-CNS1'</screen>
+ <para>³o¬O¦]¬° ETenms-B5-H ¤w¸g¤£¦b Adobe ªº²{¦s¼Ð·Ç¤º¡A
+ ±z¥i¥H¤â°Ê§â <filename>/usr/local/share/ghostscript/Resource/CMap/</filename>
+ ©³¤Uªº <filename>ETen-B5-H</filename> «þ¨©¦¨
+ <filename>ETenms-B5-H</filename>¡C</para>
+ <para>¦pªG¹J¨ì Error: Couldn't find a font to substitute for 'ShanHeiSun-Light' ('Adobe-CNS1' character collection) ¡A¨º»ò´N­n§ï¤@¤U xpdfrc¡G</para>
+ <programlisting>
+psNamedFont16 ShanHeiSun-Light H ShanHeiSun-Light-B5-H Big5
+psFont16 ShanHeiSun-Light H ShanHeiSun-Light-B5-H Big5</programlisting>
+ <para><application>xpdf</application> ¤¤¤]¥]§t¤@­Ó PDF Âà¯Â¤å¦rÀɪºµ{¦¡¡A
+ ¥i¥H¥Î <command>pdftotext -enc Big5ascii file.pdf</command> Âà¥X¤å¦rÀÉ
+ <filename>file.txt</filename>¡A¦pªG¥u¥Î <option>-euc Big5</option>
+ ­^¤å·|Åܦ¨¥þ§Î¦r¡C</para>
+ <para>xpdf-2.03 ¤w¥[¤J pdf bookmarks ªºÅã¥Ü¥\¯à¡A¥u¬O¤¤¤åÁÙ¤£¦æ¡C</para>
+ <figure>
+ <title>xpdf snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/xpdf" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.foolabs.com/xpdf/">
+ xpdf project</ulink></para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/wm.sgml b/zh_TW.Big5/books/zh-tut/chapters/wm.sgml
new file mode 100644
index 0000000000..f4276f0e5b
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/wm.sgml
@@ -0,0 +1,476 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: wm.sgml,v 1.60 2003/12/04 13:16:46 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="wm">
+ <title>¤¤¤åµøµ¡ºÞ²zµ{¦¡</title>
+ <para></para>
+
+ <sect1 id="gnome">
+ <title>GNOME µ{¦¡ªº¤¤¤å¤ä´©</title>
+ <para><application>GNOME</application> ¨Ã¤£¬O¤@­Ó³nÅé¡A¦Ó¬O¥Ñ
+ GNU Projectªº¥t¤@¶µ³nÅé­p¹º¡A¦Ó¥¦ªº¥Ø¼Ð´N¬O³Ð³y¥X¤@­Ó§¹¾ã
+ ¦Ó¤Íµ½ªº®à­±Àô¹Ò¡C¬°¤F¹F¦¨³o­Ó¥Ø¼Ð¡A¦b
+ <application>GNOME</application> ¦¬¶°ªº¤u¨ã¤¤¡A
+ ¥]§t¤Fµo®i¤u¨ã¡Aºô¸ô¤u¨ã¡A¼Æ¾Ç¤u¨ã¡AÁÙ¦³¨t²ÎºÞ²z©M®à­±ºÞ²zªº
+ ¤u¨ã¡A¬Æ¦Ü³s®T¼Ö¥Î³nÅé©M¦h´CÅé³B²zªº¤u¨ã³£¥]§t¦b¥¦ªº¦¬¶°¤§¦C¡A
+ Åý±zªº X Window ¨Ï¥Î°_¨Ó¡A²ª½¦³¦pªê²KÁl¤@¯ë¡C</para>
+ <para>¦ý GNOME ªº¦n³B¤£¶È¶È¦p¦¹¦Ó¤v¡A²{¦b§Ú­Ì¦b X Windows ©³¤U¡A
+ ·í±z­n¶}±Ò¬Y­ÓÀɮסA±z¥u­n¦b <application>GNOME</application>
+ ªºÀÉ®×Á`ºÞ«ö¤G¤U´N¥i¥HÀ˵ø¥¦¤F¡C³o­ì¥»¥u¯à¦b Mac OS ©Î
+ MS Windows ¬Ýªº¨ìªº¯à¤O¡A²{¦b¦b <application>GNOME
+ </application> ¤§¤U¡A¦b X Windows ¤U¤]¯à¬Ý¨ì¡C</para>
+ <para><application>GNOME</application> µ{¦¡¬O°ò©ó
+ <application>GTK+</application> ³o­Ó¨ç¦¡®w¶}µo¥X¨Óªº¡A
+ <application>GTK+</application>
+ ªº°ê»Ú¤Æ¤@ª½°µªº¤£¿ù¡A©Ò¥H¦b§Ú­ÌªºÀô¹Ò©³¤U¡A¤j³¡¤Àªº
+ <application>GNOME</application>
+ µ{¦¡³£¥i¥H¥¿±`¨Ï¥Î¤¤¤å¤F¡C </para>
+ <para>°T®§Â½Ä¶¤]¥Ñ <ulink url="http://i18n.linux.org.tw">
+ http://i18n.linux.org.tw</ulink> ¥¿¦b¶i¦æµÛ¡A
+ ¦³ªÅ½Ð¦h¦hµ¹¥L­Ì¹ªÀy§a¡C </para>
+ <para>WWW: <ulink url="http://www.gnome.org/">
+ http://www.gnome.org/</ulink> </para>
+ <sect2 id="gtk2">
+ <title>gtk2</title>
+ <para>¦b gnome2.2 ¤§«á±Ä¥Î xft2 &amp; fontconfig ¨Ó³]©w¦r«¬¡A
+ gtk2 ªº³]©w¤è¦¡¬O¥Î <filename>~/.gtkrc-2.0</filename>¡A
+ ³]©wªº®æ¦¡»P <filename>~/.gtkrc</filename>¬Û¦P¡A
+ ¦ý¬O¨ú¥Î¦r«¬ªº¼gªk¤££¸¼Ë¡C</para>
+ <programlisting>
+style "gtk-default-zh-tw" {
+ font_name = "Sans 16"
+}
+class "GtkWidget" style "gtk-default-zh-tw"</programlisting>
+ <para>¦pªG­n§ó§ï¹w³]¦r«¬¤j¤pª½±µ­×§ï <filename>~/.gtkrc-2.0</filename>
+ ´N¥i¥H¤F¡A¦Ó¦pªG¬O­n§ïÅã¥Üªº¦r«¬«h¬O¥i¥H¿ï¾Ü
+ <filename>~/.gtkrc-2.0</filename>
+ ©Î¬O <filename>fonts.conf</filename>¡A
+ ¦Ó¦r«¬¦WºÙ¥i¥H±q <command>fc-list</command> ³o­Ó«ü¥O±o¨ì¡C</para>
+ <note><para>¤¤¤å¦r¦b¤p¦rªº®É­Ô¡A¬Y¨Ç¦r«¬¨Ï¥Î anti-alias ¤Ï¦Ó·|Åܱo¼Ò½k¡A
+ gtk2 ¨Ï¥Î Xft2¡A³]©wÀÉ«h¬O
+ <filename>/usr/X11R6/etc/fonts/fonts.conf</filename>
+ ¡A¥H¤Uªº½d¨Ò¬OÃö³¬¤p©ó 13 ÂI¦r«¬®Éªº anti-aliasing¡C</para>
+ <programlisting>
+ &lt;match target="pattern"&gt;
+ &lt;test qual="any" name="size" compare="less"&gt;
+ &lt;int&gt;13&lt;/int&gt;
+ &lt;/test&gt;
+ &lt;edit name="antialias" mode="assign"&gt;
+ &lt;bool&gt;false&lt;/bool&gt;
+ &lt;/edit&gt;
+ &lt;/match&gt;
+</programlisting></note>
+ <para>¥t¥~ gtk2 ¤£¤ä´© OverTheSpot¡A¥u¤ä´© Root ¤Î OnTheSpot¡A
+ ¥i¥H¥Î gconftool-2 §ó§ï³]©w¡C¦pªGÁÙ¬O¤£¦æ¡A¦b¿é¤J°Ï«ö¤U¥kÁä¡A
+ ¿ï¨ú¿é¤J¼Ò²Õ <option>XIM</option>¡C</para>
+ </sect2>
+ <sect2 id="gtk1">
+ <title>gtk1</title>
+ <para>¥H¤U¬O gtk1 ªº³]©w¤è¦¡¡A³]©wÀɪº¤º®e¦p¤U¡G
+ (À³¸Ó·|¦b <filename>
+ /usr/X11R6/share/themes/Default/gtk/gtkrc.zh_TW.Big5</filename> ) </para>
+ <programlisting>
+# $(gtkconfigdir)/gtkrc.zh_TW
+#
+# This file defines the fontsets for Chinese language (ch) using
+# the traditional chinese Big5 encoding as used in Taiwan (TW)
+#
+# 1999, Pablo Saratxaga &lt;pablo mandrakesoft.com&gt;
+#
+
+# IMPORTANT NOTE: The name of this file *MUST* be "gtkrc.zh_TW.big5"
+# the lowercasing of "big5" is done on purpose, if you change it it won't work
+
+style "gtk-default-zh-tw" {
+ fontset = "-adobe-helvetica-medium-r-normal--16-*-*-*-*-*-iso8859-1,\
+ -taipei-*-medium-r-normal--*-*-*-*-*-*-big5-0,\
+ -*-*-medium-r-normal--16-*-*-*-*-*-big5-0,*-r-*"
+}
+class "GtkWidget" style "gtk-default-zh-tw" </programlisting>
+ <para>³o­ÓÀɮ׸̭±³]©w¤F zh_TW.Big5 Àô¹Ò­n¥Î¨ìªº¦r«¬¶°¡A
+ ¤W­±ªº³]©wªí¥Ü¦b¨Ï¥Î zh_TW.Big5 Àô¹Òªº®É­Ô·|»Ý­n¥Î¨ì¨âºØ¦rÅé¡A
+ ¤@­Ó¬O iso8859-* ªº¦rÅé¡A¥Î¨ÓÅã¥Ü­^¤å¦r¡A¤@ºØ¬O big5-0 ªº¦rÅé¡A
+ ¥Î¨ÓÅã¥Ü BIG5 ¤¤¤å¡CŪªÌ¥i¥H§â³o­Ó³]©wÀɽƻs¤@¥÷¨ì
+ <filename>~/.gtkrc</filename>¡A§ó§ï¸Ì­±ªº³]©w¡A
+ ´N¥i¥H¦b <application>GNOME</application>
+ Àô¹Ò©³¤U¨Ï¥Î¦Û¤v³ßÅwªº¦rÅé¤F¡C </para>
+ <screen>&prompt.root; <userinput>cp /usr/X11R6/share/themes/Default/gtk/gtkrc.zh_TW.Big5 ~/.gtkrc</userinput></screen>
+<!-- <para>©Î¬O±N gtkrc.zh_TW.Big5 «þ¨©¦¨ gtkrc.zh_TW.big5 ¤]¬O¥i¥Hªº¡C</para>-->
+ <para>³o¬Oµ§ªÌ°½Ãiªº <filename>~/.gtkrc</filename> ½d¨Ò</para>
+ <programlisting>
+style "default" {
+ fontset = "8x16,kc15f,-*-16-*-big5-0"
+}
+widget_class "*" style "default"</programlisting>
+ <note><para>¦pªG¬O¦b GNOME2 ©³¤U¨Ï¥Î gtk1 ªºµ{¦¡¡A
+ ­n§ï¦¨­×§ï <filename>~/.gtkrc.mine</filename>¡C</para></note>
+ <para>WWW: <ulink url="http://www.linpus.com.tw/manual/gnome/index.html">
+ GNOME ¤¤¤å¨Ï¥Î¤â¥U</ulink> </para>
+ </sect2>
+
+ <sect2 id="nautilus">
+ <title>Nautilus ¤¤¤å¦rÅܦ¨ ???</title>
+ <para>­º¥ý­n³]©w¦n <filename>~/.gtkrc</filename>¡A
+ ³o¼Ë¤l¤¶­±ªº³¡¥÷´N·|¬O¤¤¤åªº¡A¥i¬O¤º®eªº³¡¥÷Áٻݭn­×¥¿¡A
+ ¶}±Ò³nÅé«á¡G</para>
+ <programlisting>
+°¾¦n³]©w -> ½s¿è°¾¦n³]©w -> ¥~Æ[ -> [¨ú®ø] ¨Ï¥Î¥­·Æªº¹Ï¹³</programlisting>
+ <figure>
+ <title>nautilus snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/nautilus" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>Contributed by mingchi@bbs.sayya.org</para>
+ <para>Q2: ­n«Ø¥ß¤¤¤å·sÀɩΥؿý®É¥L¥Îutf8¨Ó½s½X¡A
+ »P¥H«eªºBig5ªºÀɮרt²Î¤£©M¡A§Ú¸Ó¦p¦ó§â¥L³]¦¨¤]¬O¥Î
+ Big5½X¨Ó«Ø¥ß·sªºÀɮשθê®Æ§¨¡H</para>
+ <para>A2: glib»Pgtk2¥H«á¡A¹ï©óÀɮשR¦W³£¬O¥Îutf8½s½X¡A
+ ©Ò¥H¥ÎNautilus·s¼W¤¤¤åÀɦW³£¬O¥Îutf8½s½X¡C¸Ñ¨M¤è¦¡¬°
+ ¦b¦Û¤vhome©³¤U½s¿è <filename>~/.gnomerc</filename>
+ ¥[¤J <option>export G_BROKEN_FILENAMES=1</option>
+ ¨º¥L´N¥Î±z¹w³]ªºlocale LANG »P LC_ALLªºÅܼƧ@½s½XÅo¡C</para>
+ <para>For more detail <ulink url="http://www.gtk.org/gtk-2.2.0-notes.html">
+ GTK+-2.2 Specific Notes</ulink></para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="enlightenment">
+ <title>Enlightenment ªº¤¤¤å¤Æ</title>
+ <para>
+ <application>Enlightenment</application> ªº¤¤¤å¤ÆÁöµM¤£¬O§Q¥Î po
+ ÀɽĶ¡A¤£¹L¤¤¤å¿ï³æ¥u­n¸g¹L¦p¤Uªº patch «á´NÀ³¸Ó¨S°ÝÃD¤F¡A
+ ¤£¹L¦b &a.vanilla; ªº¤j¤OÀ°¦£¤U¡A¹w³]ªº themes ¤w¸g³£¤¤¤å¤Æ¦n¤F¡A
+ ¥u¬O¦pªG¤U¸ü·sªº themes ¡A´N¥²¶·¦Û¦æ°µ patch ªº³¡¤À¡C </para>
+ <para>¦w¸Ë <filename role="package">x11-wm/enlightenment</filename>¡C</para>
+ <para>¿ï³æªº³]©wÀɦb
+ <filename>/usr/X11R6/share/enlightenment/config</filename>¡A
+ ¦pªG·Q¤¤¤å¤Æ¿ï³æ¥i¥H¦Û¤v¸Õ¸Õ¬Ý¡C</para>
+ <para>­n <application>Enlightenment</application> ªº¤¤¤å¤Æ¡A
+ ¥u­n theme ¸Ì­±ªº¦r«¬³]©w¥¿½T´N¥i¥H¤F¡C¤j³¡¤À¤U¸üªº theme
+ ³£¥u¦³³]©w iso8859-1 ªº¦r«¬¡AÁÙ­n¦b«á­±¥[¤W big5-0 ªº¦r«¬¡A
+ E ªºµ{¦¡¥»Åé "°ò¥»¤W" ¤£°µ¥ô¦ó¦r«¬³]©w¡A
+ ¥ô¦ó¦r«¬³£¬O±q theme ¸Ì­±©w¸qªº¡C</para>
+ <para>¦b theme ªº __NORMAL ³¡¤À³£¬O¦r«¬³]©w¡A
+ ¦ý³o¨Ç¦r«¬³]©w¬O´²¦b¦U­Ó³]©wÀɸ̭±¡C
+ ©Ò©¯¡Atextclasses.cfg ´N¬OÅý±zÂл\¥Îªº¡A²{¦bªº°µªk´N¬O§ï¦¨ fontset
+ ªº¼Ë¤l´N¥i¥H¥Î¤F¡C¨Ò¦p­ì¥»ªº¦r¦ê¬O¡G</para>
+ <programlisting>
+__NORMAL "-*-helvetica-bold-r-normal-*-*-120-*-*-*-*-*-*"</programlisting>
+ <para>­n§ï¦¨¦p¤U¡G</para>
+ <programlisting>
+__NORMAL "-*-helvetica-bold-r-normal-*-*-120-*-*-*-*-*-*,-*-bold-r-*-12-*"</programlisting>
+ <para>¥u­n°O±o«e­±¬O -bold-r- ´N§ï¦¨ -*-bold-r-*-12-*¡A
+ -medium-r- ´N§ï¦¨ -*-medium-r-*-12-*¡A
+ ³o¼Ë¤l¥X¨Óªº¦r«¬¤~·|¤ñ¸û¬Ûªñ¡C</para>
+ <para>¤W­zªº¤èªk¦³¤@­Ó¯S¨Ò¡A´N¬O E ¦³­Ó¯S²§¥\¯à¡C
+ ¤£¥Î Xtt server ´N¥i¥H show
+ ttf ¦r«¬¡C¦Ó¥¦ªº __NORMAL ¥i¥H¦Yªº¦r«¬¦³¨âºØ¡C¤@ºØ¬O X
+ ¸Ì­±³]©w¦nªº¦r«¬¡C¥t¤@ºØ¬O©ñ¦b theme ¸Ì­±ªº *.ttf¡C
+ ([theme name]/ttfonts ¸Ì­±)</para>
+ <para>
+ E ¥Ø«eÁÙ¤£¯à°÷§â "¸òµÛ theme ¨Óªº ttf" ©M "X Àô¹Òªº¥ô¦ó¦r«¬"
+ ²V¦b¤@°_¼g¦¨ fontset ªº«¬¦¡¡C</para>
+ <para>WWW: <ulink url="http://www.enlightenment.org/">
+ http://www.enlightenment.org/</ulink> </para>
+ </sect1>
+
+ <sect1 id="kde">
+ <title>KDE ªº¤¤¤å¤Æ</title>
+ <para><application>KDE</application>, The K Desktop Environment
+ ³o®M¨Ï¥ÎÀô¹Ò¡A¥]§t¤F¤T­Ó¤u§@°Ï°ì¡C¦ì©ó¿Ã¹õ¤U¤èªºpanel¡A
+ ¬O¥Î¨Ó¶}±ÒÀ³¥Îµ{¦¡¥H¤Î¤Á´«¤£¦PªºµêÀÀ®à­±ªº¡C¥¦¦³¤@­ÓÃþ¦ü
+ MS-Windows ¤¤ªº¶}©l«ö¶s(Application Starter)¡A¬O¤@­Ó¤j¢Ù
+ ªº¹Ï®×¡A«ö¤U¥¦´N·|Åã¥Ü¥i¥H°õ¦æªºÀ³¥Îµ{¦¡¡C¿Ã¹õ¥ª¤W¨¤ªº
+ taskbar¡A¬O¥Î¨Ó¤Á´«¸òºÞ²z¥Ø«e¥¿¦b¶]ªºÀ³¥Îµ{¦¡ªº¡C¦Ó
+ desktop ¥»¨­¡A¥i¥H¥Î¨Ó©ñ¸mÀɮשάO¸ê®Æ§¨¡A
+ <application>KDE</application> ´£¨Ñ¼Æ­ÓµêÀÀ®à­±¡A«ö¤U¦b
+ panel ªº«ö¶s¥i¥H¤Á´«¥L­Ì¡C </para>
+ <para><application>KDE</application> ¦³µÛ«Ü¤jªº¼u©Ê¡A
+ ¥i¥HÅý§Ú­Ì«Ü®e©ö¦a³]©w¦¨²ßºDªº¨Ï¥Î¤è¦¡¡A´N®³ KDE Control
+ Center ¨Ó»¡§a¡A§Ú­Ì¥i¥H½Õ¾ã¦³Ãö©ó Applications(®à­±ºÞ²z¥H¤Î
+ panel ªº¦U¶µ³]©w)¡BDesktop(­I´º¹Ï¡BÃC¦â¡B¿Ã¹õ«OÅ@¡B¦r§Î©M»y¨¥)¡B
+ Information(°O¾ÐÅé©MCPUªº¨Ï¥Î²v)¡BInput Device(Áä½L©M·Æ¹«)¡B
+ Network(ºô¸ô¬ÛÃö)¡BSound(¨Æ¥ó­µ®Ä)¥H¤ÎWindowsªº¦UÃþ¼Ò²Õ(modules)
+ ªº³]©w¡C </para>
+ <para><application>KDE</application> ¦b¤¤¤å¤Æªº¤è­±°µªº«Ü¤£¿ù¤F¡A¦b
+ <application>KDE</application> ¤¤¤j³¡¤Àªº³nÅé³£¤ä´©
+ XIM ¡A¤@¤U¤l¦h¤F«Ü¦h¦n¥Î¥B¥i¥H¿é¤J¤¤¤åªº³nÅé¡A
+ ¦Ó¥Bµe­±ªº¬üÆ[¬O³o¦¸§ïÅܪº­«ÂI¤§¤@¡A§Å®v¦n¹³¤]¦¨¬°
+ <application>KDE</application> ¶H¼x¡A
+ ¯uªº«Øij¦³ªÅ¸Õ¸Õ¬Ý³o¤@®M³nÅé¡C
+ °T®§Â½Ä¶¤]¥Ñ <ulink url="http://i18n.linux.org.tw">
+ http://i18n.linux.org.tw</ulink> ¥¿¦b¶i¦æµÛ¡A¦³ªÅ½Ð¦h¦hµ¹¥L­Ì
+ ¹ªÀy§a¡C </para>
+ <para>KDE WWW: <ulink url="http://www.kde.org/">
+ http://www.kde.org/</ulink></para>
+ <para>³o¬O Taiwan <application>KDE</application> Users' Group
+ <ulink url="http://kde.linux.org.tw/">http://kde.linux.org.tw/</ulink>¡C</para>
+
+ <sect2 id="kde1">
+ <title>KDE1 [OBSOLETE]</title>
+ <para>Last Update: 2003¦~ 1¤ë19¤é ©P¤é 08®É18¤À25¬í CST</para>
+ <para>³oÃ䦳­Ó¶i¤J <application>KDE</application> ·|¤ñ¸û§Öªº¤p¯µ³Z¡C
+ ­×§ï <filename>~/.qti18nrc</filename>¡G</para>
+ <programlisting>
+Ariel -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+Andale -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+Georgia -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+Times -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+Trebuc -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+Verdana -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+Courier -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+Helvetica -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+kai -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+ming -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0
+* -*-ming-medium-r-normal--*-*-*-*-c-*-big5-0</programlisting>
+ </sect2>
+
+ <sect2 id="kde2">
+ <title>KDE2 [OBSOLETE]</title>
+ <para>Last Update: 2003¦~ 1¤ë19¤é ©P¤é 08®É18¤À25¬í CST</para>
+ <para>¦w¸Ë <filename role="package">x11/kde2</filename>¡C</para>
+ <note><para>°O±o¦w¸Ë <filename>chinese/arphicttf</filename>¡A
+ ­n¤£µM³]©w¥X¨Óªº¦rÁÙ³£·|¬O°Ý¸¹¡C</para> </note>
+ <para>¦pªG¨S¦³¿ìªk¿é¤J¤¤¤åªº¸Ü¡A¥Î©R¥O¦C¼Ò¦¡¸Õ¸Õ¥[¤W
+ <option>-im xcin</option>
+ ¡A¨Ò¦p <command>kword -im xcin</command>¡C</para>
+ <para>²³æªº¤¤¤å¤Æ³]©w¡G</para>
+ <para>
+ ¥ý¶}±Ò <quote>±±¨î¤¤¤ß(Control Center)</quote>¡A
+ <quote>­Ó¤H¤Æ(Personalization)</quote>¡A
+ <quote>°ê®a¤Î»y¨¥(Country & Language)</quote>¡A
+ ³]©w¦¨ <quote>¥xÆW(tw)</quote>¡A
+ <quote>ÁcÅ餤¤å(zh_TW.Big5)</quote>¡A<quote>big5-0</quote>¡C </para>
+ <para>
+ ¸g¹L³o¼Ëªº³]©w¤§«á¡A­ì«h¤W¡A<application>KDE2</application>
+ ´N¦³§¹¾ãªº¤¤¤å¤ä´©¤F¡C </para>
+ <para>µ§ªÌªº <application>KDE</application> + Anti-Alias ¦w¸Ë¹Lµ{¡G</para>
+ <para>1. ¦w¸Ë x11/XFree86-4¡Achinese/arphicttf¡Ax11/kde2¡A
+ chinese/kde2-i18n¡C</para>
+ <para>2. ½s¿è <filename>/etc/X11/XF86Config</filename>¡A
+ ±N <option>load "freetype"</option> µù¸Ñ¡A¥[¤J
+ <option>load "xtt"</option>¡A¨Ã¦b FontPath °Ï¬q³Ì«e­±¥[¤J
+ <option>/usr/X11R6/lib/X11/fonts/TrueType</option>¡C</para>
+ <para>3. ½s¿è <filename>~/.xftconfig</filename>¡A¥[¤J¡G</para>
+ <programlisting>
+dir "/usr/X11R6/lib/X11/fonts/TrueType"
+# Danny:
+# set the AA for different fonts
+#
+# most TT fonts do not need to be aliased between
+# 8 and 15 points, although this might be a matter of taste.
+match
+ any size &gt; 8
+ any size &lt; 15
+edit
+ antialias = false;</programlisting>
+ <para>4. ½s¿è <filename>~/.xinitrc</filename>¡A¦b
+ <option>startkde</option> «e¥[¤J
+ <option>export QT_XFT=true</option>¡C</para>
+ <para>5. ¦b <option>±±¨î¤¤¤ß(Control Center)</option> §ï
+ <option>¥~ªí & ·Pı(Look & Feel)</option> ¤¤ªº
+ <option>¦r«¬(Fonts)</option>¡A±N
+ <option>¦b¦r«¬»P¹Ï¥Ü¤W¨Ï¥Î¤Ï¿÷¾¦ªº¥­·Æ¼í¹¢
+ (Use Anti-Alising for fonts and icons)</option> ¤Ä¿ï
+ ¡F©Î¬O½s¿è <filename>~/.kde/share/config/kdeglobals</filename>
+ ¦b <option>[KDE]</option> °Ï¬q¡A­×§ï <option>AntiAliasing=true
+ </option>¡C</para>
+ <para>6. ¦b <option>±±¨î¤¤¤ß(Control Center)</option> ªº
+ <option>­Ó¤H¤Æ(Personalization)</option> ªº <option>
+ °ê®a¤Î»y¨¥(Country & Language)</option>
+ ³]©w¦¨ <option>¥xÆW(tw)</option>
+ ¡A<option>ÁcÅ餤¤å(zh_TW.Big5)</option>¡A<option>big5-0</option>¡F
+ ©Î¬O½s¿è <filename>~/.kde/share/config/kdeglobals</filename>
+ ¦b <option>[Locale]</option> °Ï¬q¡A­×§ï
+ <option>Charset=big5-0</option>¡A<option>Country=tw</option>¡A
+ <option>Language=zh_TW.Big5</option>¡C</para>
+ <para>7. ­«·s¶i¤J <application>KDE</application>¡C</para>
+ <para>WWW: <ulink url="http://www.linuxdoc.org/HOWTO/mini/FDU/index.html">
+ XFree86 Font De-uglification HOWTO</ulink></para>
+ <para>KDE2 ªº´À¥N¦r«¬(fontguess)¡G</para>
+ <para>
+ ¦b KDE2 ¤¤­×§ï <filename>~/.fontguess</filename>¡A¨Ï qt lib
+ ¦b¿ï¾Ü´À¥N¦r«¬®É¯à¥¿½TµL»~¡C</para>
+ <programlisting>
+[big5-0][gb2312.1980-0][ksc5601.1987-0]
+helvetica ming ming gulim
+times ming ming batang
+courier ming ming dotum
+utopia ming ming gulim
+clean ming ming gulim
+ming helvetica helvetica helvetica
+kai helvetica helvetica helvetica </programlisting>
+ <para>WWW: <ulink url="http://www.mizi.com/kde/doc/fontguess/">
+ To support multibyte in KDE 2.0 applications.</ulink></para>
+ </sect2>
+
+ <sect2 id="kde3">
+ <title>KDE3</title>
+ <para>Contributed by EricCheng</para>
+ <para>Last Update: 2003¦~ 1¤ë19¤é ©P¤é 08®É18¤À25¬í CST</para>
+ <para>¦w¸Ë <filename role="package">x11/kde3</filename>¡C</para>
+ <para>¦w¸Ë°Ï°ì¤Æ°T®§ <filename role="package">x11/kde3-zh_TW</filename>¡C</para>
+ <para>KDE3 ªº´À¥N¦r«¬ (qtconfig)¡G</para>
+ <para>¥Î qtconfig -> Fonts -> Font Substitution¡C
+ ¿ï¤@­Ó­^¤å¦r«¬¡A¨Ò¦p Times New Roman [Xft]...
+ Xft ¥Nªí¬O Xft ªº render¡A
+ ¦pªG»P /usr/X11R6/lib/X11/XftConfig
+ ©Î ~/.xftconfig ¨S¦³¬Û¥ªªº¸Ü´N·|¦³ AA¡C</para>
+ <para>±µµÛ Select substitute Family ¿ï PMingliu [Xft]¡AAdd¡C
+ °ª¿³ªº¸Ü¥i¥H¿ï¾Ü SimSun ©Î¬O SimHei¡A
+ ¦A¥[¿ï¤@­Ó Bitstream Cyberbit °µ fallback¡C
+ SimSun ©M SimHei ªº¯S©Ê¬O¥u¦³¥b§Î¦r¦³°µ hinting¡A
+ ¥þ§Î¦r¨S¦³¡C¦b«Ü¦h±¡ªp¤U³o¼Ë¤Ï¦Ó¤ñ¸û¦n¬Ý¡A
+ ¯ÊÂI¬O¥b§Î¦r¬O Fixed width, ¦r¶Z¤Ó¤j¦³ÂIÁà¡C
+ ³o¼Ë³]¦n¤§«á¨ì Konqueror ªº Appearance -> Font ¦a¤è§â
+ Serif ¦r«¬½Õ¦¨­è­è³]ªº Times New Roman [Xft]¡A
+ ¦Ü©ó¨ä¥Lªº Sans Serif ¥i¥H½Õ¦¨ Verdana¡A®ÄªG«Ü¦n¡A
+ ¦ÛµM¤]­n¦b qtconfig ¤¤³]©w Font Substitution¡C
+ Sans Serif ¬O¨S¦³Å¨½uªº¦r«¬¡A
+ §Ú¥H¬°¤¤¤åªº equivalent ¬O¶ÂÅé¤@Ãþªº¦r«¬¡A
+ ©Ò¥H¥i¥H¥[¤J SimHei ·í§@¤¤¤åªº Sans Serif ¦r«¬¡A
+ Serif ªºÅ¨½u¦r«¬´N­n¥Î PMingLiU ¤@Ãþªº¦r¡C</para>
+ <para>³o¼Ë°µªº·N«ä¬O»¡¡A·í¨Ï¥Î Qt3 ªºµ{¦¡³Q³]©w¬°¨Ï¥Î
+ Times New Roman [Xft] ¨Óµe¦rªº®É­Ô¡A
+ ¤@¥¹¹J¨ì¤F Times New Roman ¨S¦³ cover ¨ìªº¦r¤¸®É
+ (¦p¤¤¤å¦r) ´N·|¥h§ä²Ä¤@­Ó Substituion Font ¨Ó¬Ý¬Ý¦³¨S¦³¡A
+ ¦pªG¨S¦³¦A©¹¤U§ä¡A¤@ª½¨ì§ä¨ì¬°¤î¡C
+ ©Ò¥H¥i¥H¹ï¦UºØ¤£¦P»y¨t¤À§O³]©w¤£¦Pªº Substitution Font¡A
+ ¨Ó¹F¨ì¦U¨ú©Òªøªº®ÄªG¡C</para>
+ <figure>
+ <title>konq_3_1 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/konq_3_1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>ª`·N¼ÐÃD¦C§Ú¬O¥Î Verdana/SimHei¡A
+ ¤º¤åªº¦r«h¬O³Q³]©w¬° Times New Roman/MingLiu¡C</para>
+ <figure>
+ <title>konq_3_2 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/konq_3_2" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>Font Substitution: ¥Î PMingLiU µe¤é¤åº~¦r¡A¦A¥Î Cyberbit µe°²¦W¡A
+ ­^¤å¤´¬O¥Î Times New Roman¡C
+ ¦ý¦n¹³¬O¦]¬° PMingLiU ªº¥ý¤Ñ coverage ¤£°÷¤j¡A
+ ¾É­P¦³¨Ç¤é¥»¼gªkªºº~¦r¨S¦³¥X¨Ó¡C³]¦¨¨ä¥LªºÀ³¸Ó¤£¿ù¡C</para>
+ <para>MS ªº Fonts ³£ªá¤F«Ü¦h¤ß«ä¦b Hinting ¤W­±¡A
+ ©Ò¥H¤p¦rªº AA ©Î ~AA Åã¥Ü®ÄªG³£«Ü´Î¡C
+ ¥Î Times New Roman ¬Ý­^¤å¤å³¹ (¦³¤H²Î­p¹L¬O³Ì©ö¾\Ūªº¦rÅé)
+ «ÜµÎªA°Ú¡I¦ý¦pªG¬O±×ÅéÁÙ¦³¤j¶q¿÷¾¦´N¬Ý±o«Ü²Ö¤F¡C</para>
+ <figure>
+ <title>konq_3_3 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/konq_3_3" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>QT_XFT ¬Oµ¹ QT 2.x ¥Îªº¡AQt3.x ³o­Ó¿ï¶µ´N¤£¦A¦³¥Î¤F¡C<para>
+ <para>arphic ªº¦r«¬¦³¥t¤@­Ó°ÝÃD¬O¡A¦³¨Ç¦rªº¼gªk¤£¬O¥¿½Tªº
+ "¥¿Å餤¤å" ¼gªk</para>
+ <para>¹³¬O¡y¨¤¡zªº¸Ì­±¬O¬ï¥X¨Óªº¡C©Ò¥H¥s°µ¤å¹©²Ó¡y¤W®ü¡z§º¡C
+ SimSun ¥H¤Î SimHei ¤]¬O¦P¼Ëªº¹D²z¡]¤j³°°µªº¡^¡A
+ ¹³¬O¿ù»~ªº»~¥kÃä¬O¤f¤Ñ§d¡A¦ý¬O¨ä¾lªº¦r¦]¬°¨S¦³¤£·íªº hinting¡A
+ ©Ò¥H¾ãÅéÁÙ¬O«Ü¦n¬Ý¡C</para>
+ <para>¤p¦rªº®É­Ô¦³ Anti-Aliasing ¤£¦p¨S¦³ Anti-Aliasing ªº°ÝÃD¡A
+ ¨ºÀ³¸Ó¬O¤£·íªº hinting ©Ò­P¡C¹³¬O Verdana ¤@Ãþ¤p¦rªº AA ´N«D±`¦n¬Ý°Ú¡C
+ </para>
+ <figure>
+ <title>kfont_3_1 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/kfont_3_1" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>Fixed ªº Font §Ú³ßÅw¥Î MSung Light TC¡A
+ ¦]¬°¤£¦ý¬O Unicode ¦Ó¥B¥b§Î«Ü¦n¬Ý¡C</para>
+ <figure>
+ <title>konq_3_4 snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/konq_3_4" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>¥t¥~¡AKeith Packard ªº FontConfig ¤]¥X¨Ó¤F¡A
+ ¦ýÁÙ¨SªÅ¬ã¨s«ç»ò¥Î´N¬O¤F¡C</para>
+ </sect2>
+
+ </sect1>
+
+ <sect1 id="windowmaker">
+ <title>WindowMaker ªº¤¤¤å¤Æ</title>
+ <para><application>WindowMaker</application> ¦b¤¤¤å¤Æªº¤è­±°µªº«Ü¤£¿ù¤F¡A
+ ¥Ø«e¤w¸g¦³ I18N ªº®M¥ó¤F¡A¤¶­±¤j³¡¤À¤w¸g¤¤¤å¤Æ¤F¡C³o³£¬O¥õ¿à
+ I18N ªº¦¨ªG¡C </para>
+ <para>¦w¸Ë <filename role="package">x11-wm/windowmaker</filename>¡C</para>
+ <para>¤¤¤å¼ÐÃD¦Cªº°ÝÃD¥i¥HÀˬd¥H¤Uªº³]©w¡A¤£¹Lµ§ªÌ¦b 0.65.1_1 ª©¥»®É
+ ¡A§¹¥þ¤£»Ý­n­×§ï´N¤w¸g¥i¥H¦b¿ï³æ»P¼ÐÃD¬Ý¨ì¤¤¤å¡G</para>
+ <para>1. Àˬd <filename>~/GNUStep/Defaults/WMGLOBAL</filename> ÀÉ¡A
+ ¦pªG¨S¦³´N¦Û¤v«Ø¥ß¤@­Ó¤º®e¦p¤U¡G</para>
+ <programlisting>
+{
+ MultiByteText = YES;
+}</programlisting>
+ <para>2. ½T»{¤¤¤å¦r«¬¡A½s¿è <filename>~/GNUStep/Defaults/WindowMaker
+ </filename>¡A­×§ï¥H¤U¿ï¶µ¡G</para>
+ <programlisting>
+MultiByteText = YES;
+WindowTitleFont = "-*-helvetica-bold-r-normal-*-12-*-*-*-*-*-*-*,
+-*-ming-bold-r-normal--12-*-*-*-*-*-big5-0";
+MenuTitleFont = "-*-helvetica-bold-r-normal-*-12-*-*-*-*-*-*-*,
+-*-ming-bold-r-normal--12-*-*-*-*-*-big5-0";
+IconTitleFont = "-*-helvetica-medium-r-normal-*-8-*-*-*-*-*-*-*,
+-*-ming-medium-r-normal--8-*-*-*-*-*-big5-0";
+ClipTitleFont = "-*-helvetica-medium-r-normal-*-10-*-*-*-*-*-*-*,
+-*-ming-medium-r-normal--10-*-*-*-*-*-big5-0";</programlisting>
+ <para>¥H¤W¥u¬O­Ó¨Ò¤l¡A·íµM¥²¶·½T»{¦³µL¬Û¹ï¦r«¬¡C</para>
+ <para>­«·s±Ò°Ê WindowMaker¡A¥Î <command>rxvt -T "¤¤¤åÅã¥Ü" &</command>
+ ´ú¸Õ¤@¤U¡C </para>
+ <figure>
+ <title>windowmaker snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/windowmaker" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
+ <para>WWW: <ulink url="http://www.windowmaker.org/">
+ http://www.windowmaker.org/</ulink> </para>
+ </sect1>
+
+ <sect1 id="sawfish">
+ <title>Sawfish ªº¤¤¤å¤Æ</title>
+ <para><application>Sawfish</application> ¦b¤¤¤å¤Æªº¤è­±°µªº«Ü¤£¿ù¤F¡A
+ ¥Ø«e¤w¸g¦³ I18N ªº®M¥ó¤F¡A
+ ¤¶­±¤j³¡¤À¤w¸g¤¤¤å¤Æ¤F¡C³o³£¬O¥õ¿à I18N ªº¦¨ªG¡C </para>
+ <para>¦w¸Ë <filename role="package">x11-wm/sawfish</filename>¡C</para>
+ <para>WWW: <ulink url="http://sawmill.sourceforge.net/">
+ http://sawmill.sourceforge.net/</ulink> </para>
+ </sect1>
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/chapters/xwin.sgml b/zh_TW.Big5/books/zh-tut/chapters/xwin.sgml
new file mode 100644
index 0000000000..6137d46254
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/chapters/xwin.sgml
@@ -0,0 +1,399 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: xwin.sgml,v 1.42 2003/11/13 12:02:47 statue Exp
+ $FreeBSD$
+-->
+
+<chapter id="xwin">
+ <title>¤¤¤å X Window</title>
+ <para>
+ X Window ¨t²Î¬O UNIX ¤U±j¦Ó¦³¤Oªº¹Ï§ÎÀô¹Ò¡CXFree86 ¥Ñ MIT X
+ Window ¨t²Î X11R6 §ïª©¦Ó¨Ó¡A¥¦¬O§K¶Oªº¡C </para>
+ <para>§¹¾ã¤¤¤å¤Æ X Window System</para>
+ <itemizedlist>
+ <listitem><para>¤¤¤åªº°T®§¡G¥Ñ locale messages ¸Ñ¨M</para></listitem>
+ <listitem><para>¤¤¤åªºÅã¥Ü¡G¥Ñ I18N ¸Ñ¨M</para></listitem>
+ <listitem><para>¤¤¤åªº¿é¤J¡G¥Ñ xcin ¸Ñ¨M</para></listitem>
+ <listitem><para>¤¤¤åªº¦C¦L¡G¥Ñ gscjk ¸Ñ¨M</para></listitem>
+ <listitem><para>¤¤¤åªº³B²z¡G¥Ñ¨t²Î©³¼hªº C Library(libc) »P X Library
+ ªº locale Àô¹Ò»P I18N ¼Ð·Ç¥H¤Î³nÅ骺°t¦X¸Ñ¨M</para></listitem>
+ </itemizedlist>
+ <para>«Ø¥ß I18N ªºÀô¹Ò</para>
+ <itemizedlist>
+ <listitem><para>¦w¸Ë¤¤¤å¦r«¬</para></listitem>
+ <listitem><para>³]©w Shell locale Àô¹Ò</para></listitem>
+ <listitem><para>¦w¸Ë XIM ¤¤¤å¿é¤Jµ{¦¡</para></listitem>
+ </itemizedlist>
+ <para>
+ °ò¥»¤W¥u­n¦w¸Ë§¹ X Window «á¡A¦A¦w¸Ë¤¤¤å¦r«¬¡A
+ ³o¼Ë¤l´N¥i¥H¬Ý¨ì X Window ªº¤¤¤å¤F¡A¦Ó¦A¦w¸Ë xcin2.5 ´N¥i¥H¿é¤J¤¤¤å¡A
+ ³Ñ¤Uªº´N¿ï¦Û¤v©Ò°¾¦nªº³nÅé¨Ó¦w¸ËÅo¡C</para>
+
+ <sect1 id="xfree86-4">
+ <title>XFree86-4</title>
+ <para>¦w¸Ë <filename role="package">x11/XFree86-4</filename>¡C</para>
+ <para>
+ ¥ý¥Î <command>XFree86 -configure</command> ²£¥Í
+ <filename>XF86Config.new</filename>¡AµM«á¥Î
+ <command>XFree86 -xf86config XF86Config.new</command>
+ ¨Ó´ú¸Õ³o­ÓÀɮׯण¯à¥¿±`ªº¹B§@¡A¦pªG¥i¥Hªº¸Ü¡A´N
+ <command>mv XF86Config.new /etc/X11/XF86config</command>¡A
+ µM«á¨Ì·Ó¥H¤Uªº¤è¦¡Ä~Äò°µ¤U¥h¡C</para>
+ <screen>
+&prompt.root; <userinput>XFree86 -configure</userinput>
+&prompt.root; <userinput>mv XF86Config.new /etc/XF86Config</userinput></screen>
+ <para>
+ ¥Ñ©óµ§ªÌ³q±`¨Ï¥Î¤TÁä·Æ¹«¡A©Ò¥H·|³]©w¤@¤U¡A
+ ±µµÛ½s¿è <filename>/etc/XF86Config</filename>¡A
+ ¦b <option>Section "InputDevice"</option> °Ï¬q¡A
+ ¥[¤J <option>Option "ZAxisMapping" "4 5"</option>¡C</para>
+ <programlisting>
+Section "InputDevice"
+ Identifier "Mouse0"
+ Driver "mouse"
+ Option "Protocol" "MouseSystems"
+ Option "Device" "/dev/sysmouse"
+ Option "ZAxisMapping" "4 5"
+EndSection</programlisting>
+ <para>
+ ³q±`³£»Ý­n«ü©w HorizSync ©M VertSync ¤~¯àÅý¸ÑªR«×³]©wªº°ª¤@ÂI¡A
+ ¦b <option>Section "Monitor"</option> °Ï¬q¡A
+ ¥[¤J <option>HorizSync 31.5 - 57.0</option> »P
+ <option>VertRefresh 50.0 - 100.0</option>¡C</para>
+ <programlisting>
+Section "Monitor"
+ Identifier "Monitor0"
+ VendorName "Monitor Vendor"
+ ModelName "Monitor Model"
+ HorizSync 31.5 - 57.0
+ VertRefresh 50.0 - 100.0
+EndSection</programlisting>
+ <para>
+ §Ú³q±`³£¥Î 16bpp ©M 1024x768 ªº¿Ã¹õ¡A
+ ¦b <option>Section "Screen"</option> °Ï¬q¡A
+ ¥[¤J <option>DefaultDepth 16</option>¡A¨Ã¦b
+ <option>SubSection "Display"</option> ¤¤¡A
+ <option>Depth 16</option> ªº¦a¤è¥[¤W
+ <option>Modes "1024x768"</option>¡C</para>
+ <programlisting>
+Section "Screen"
+ Identifier "Screen0"
+ Device "Card0"
+ Monitor "Monitor0"
+ DefaultDepth 16
+ SubSection "Display"
+ Depth 16
+ Modes "1024x768"
+ EndSubSection
+EndSection</programlisting>
+ <para>
+ WWW: <ulink url="http://www.xfree86.org/">
+ http://www.xfree86.org/</ulink></para>
+ </sect1>
+
+ <sect1 id="using-font">
+ <title>¨Ï¥Î¦r«¬</title>
+ <para>­n¦b X ©³¤U¬Ý¤¤¤å¡A´N¥²¶·¥ý³]©w¦n§A­nªº¦r«¬¡A
+ ¥Ø«e X ¨ú¥Î¦r«¬¥D­n¦³¨âºØ¤è¦¡¡A
+ ¤@ºØ¬O¶Ç²Îªº X11 Core Font¡A
+ ­n¨Ï¥Î TrueType ¦r«¬¡A´N­n§Q¥Î X ¤º«Øªº freetype ¼Ò²Õ©Î¬O
+ <link linkend="xtt">xtt</link> ¼Ò²Õ¨ÓŪ¨ú¦r«¬¡A
+ ©Î¬Oª½±µ¨ú¥Î Font Server ªº¦r«¬¡A
+ ¥t¤@ºØ«h¬O¥Ø«e¬y¦æªº
+ <link linkend="fontconfig">fontconfig</link>¡C</para>
+ <para>³q±`µ§ªÌ³£·|¦P®É³]©w³o¨âºØ¦r«¬¨ú¥Îªº¤è¦¡¡A
+ ÁöµM fontconfig ¦b KDE3 »P GNOME2 ¼sªxªº³Q¨Ï¥Î¡A
+ ¦ý¬O¤´µM¦³³\¦h³nÅé¥u¤ä´© X11 Core Font ªº¨ú¥Î¤è¦¡¡A
+ ¨âªÌ³£¥[¥H³]©w¥i¥HÁקK³\¦h°ÝÃD¡A
+ ¦pªG½T©w±z©Ò¨Ï¥Îªº©Ò¦³³nÅé³£¤ä´© fontconfig¡A
+ ¨º»ò¥u³]©w fontconfig ¤]¬O¥i¥Hªº¡C</para>
+ <para>WWW: <ulink url="http://www.xfree86.org/~dawes/4.3.0/fonts.html">
+ Fonts in XFree86</ulink></para>
+ <para>Hinting ¬O¦r«¬ÃB¥~ªº¸ê°T¡A¥L§i¶D Render ¸Ó¦p¦ó³B²z¦V¶q¦r«¬ªºÁY©ñ¡A
+ ¨Ï±o¤p¦rªº®É­Ô¯à°÷¦n¬Ý¡A¦ý¬O Hinting ¬O«D±`¶O®É¶O¤Oªº¤u§@¡A
+ ¦³¨}¦n Hinting ªº¦r«¬¤£¦h¡C</para>
+ <para>¥Ñ©ó TrueType ªº hinting ¦³±M§Q¡Afreetype ´£¨Ñ¤F autohint¡A
+ ¦ý¬O¤Ï¦Ó¦b¤¤¤å¦r¤W®e©ö³y¦¨¤Ï®ÄªG¡C</para>
+ <para>Anti-alias §â¥¼º¡¤@®æªº³¡¤À¥Î¦Ç¶¥¸ÉÂI¡C</para>
+ <sect2 id="xlfd">
+ <title>X11 Core Font - XLFD</title>
+ <para>Last Update: 2003¦~ 1¤ë20¤é ©P¤@ 10®É25¤À06¬í CST</para>
+ <para>X11 Core Font ¥H XLFD ªº®æ¦¡¨ÓÅý¿ï¾Ü¦r«¬¡A¥H¤Uµy·L¤¶²Ð¤@¤U¡G</para>
+ <programlisting>
+-kc-fixed-medium-r-normal-*-16-160-72-72-c-160-big5-0</programlisting>
+ <para>¼t°Ó¦WºÙ(Foundry)¡G¦r«¬´£¨Ñ¼t°Ó¡A¦p Arphic(¤å¹©)¡Bkc(°ê³ì)¡C</para>
+ <para>ºØÃþ(Family)¡G©ÒÄݪºÃþ«¬¡C</para>
+ <para>²Ê²Ó«×(Weight)¡G²Ê²Óµ{«×¡A¦p medium(¾A¤¤)¡Bbold(²ÊÅé)¡C</para>
+ <para>¶É±×«×(Slant)¡G¶É±×µ{«×¡A¦p r(¤£¶É±×)¡Bo(¶É±×)¡B
+ i(¶É±×¨Ã¥B¨ã¦³¸û©_¯SÅܤÆ)¡C</para>
+ <para>¼e«×(Setwidth)¡G¦p normal(¥¿±`)¡Bcondensed(³Ì¯¶)¡B
+ semicondensed(µy¯¶)¡C</para>
+ <para>ªþ¥[«¬¦¡(Add Style)¡GÃB¥~ªº®æ¦¡¡A¦p sans(µL)¡Bmedium(¾A¤¤)¡C
+ ¥Ø«e¤j³¡¤À¦rÅ駡¤w¤£¥Î¦¹Äæ¦ì¡C</para>
+ <para>¹³¯À¤j¤p(Pixels)¡G¥Î¹³¯À¨Óªí¥Ü¦rÅé¤j¤p¡C</para>
+ <para>ÂI¼Æ¤j¤p(Points)¡G¥ÎÂI¼Æ¨Óªí¥Ü¦rÅé¤j¤p¡C10 ­ÓÂI¼Æµ¥©ó 1 ­Ó¹³¯À¡C</para>
+ <para>¤ô¥­¸ÑªR«×(Resolution X)¡G¨C­^¦TªºÂI¼Æ¡A¦p 72¡B75¡B100¡C</para>
+ <para>««ª½¸ÑªR«×(Resolution Y)¡G¨C­^¦TªºÂI¼Æ¡A¦p 72¡B75¡B100¡C</para>
+ <para>¦r¶Z(Spacing)¡G¶¡¹j¡A¦p Proportional(¨Ì¤ñ¨Ò¤j¤p)¡B
+ Monospace(µ¥¼e¦r)¡B
+ Charcell(µ¥¼eµ¥°ª¦r)¡C</para>
+ <para>¥­§¡¼e«×(Average Width)¡G¥HÂI¼Æ¬°³æ¦ì¡C</para>
+ <para>¦r«¬¶°(Character Registry and Charset Encoding)¡G¦p big5-0¡Biso8859-1¡C</para>
+ <para>¦ý¬O X11 Core Font ¦b¤Ï¿÷¾¦¤Wªº¤ä´©¤£¨Î¡B
+ ¨Ï¥Î CJK TrueType ªº®Ä²v¤£¦n¡A
+ ¯S§O¬O¥Ø«e±`¥Îªº Unicode ¦r«¬¦b®Ä²v©M°O¾ÐÅ骺¨Ï¥Î³£·|¬O«Ü¤jªº°ÝÃD¡A
+ ¦]¦¹§Ú­Ì»Ý­n¸û²{¥N¤Æªº¨t²Î Xft/fontconfig¡C</para>
+ </sect2>
+
+ <sect2 id="xtt">
+ <title>xtt Module</title>
+ <para>­n¨Ï¥Î xtt Module ¥²¶·­×§ï <filename>XF86Config</filename>¡A
+ À°¥L¥[¤W·sªº FontPath¡A¦]¬° ports ·|±N¤¤¤åTrueType¦w¸Ë¨ì
+ <filename>/usr/X11R6/lib/X11/fonts/TrueType/</filename>¡A
+ ¦Ó¥B§â¤¤¤åPCF ¦w¸Ë¨ì
+ <filename>/usr/X11R6/lib/X11/fonts/local/</filename>¡G</para>
+ <programlisting>
+Section "Files"
+ :
+ :
+ FontPath "/usr/X11R6/lib/X11/fonts/TrueType/"
+ FontPath "/usr/X11R6/lib/X11/fonts/local/"
+EndSection</programlisting>
+ <para>¥H¤ÎÅý X ¥h¨Ï¥Î xtt ¼Ò²Õ¡A
+ ¦pªG¦b¼Ò²Õ°Ïµo²{¤w¸g¦³³]©w <option>Load "freetype"</option>¡A
+ ½Ð±N¸Ó¦æ§R°£¡A¦]¬°³o¨â­Ó¼Ò²Õ¬O¤¬¥¸ªº¡G</para>
+ <programlisting>
+Section "Module"
+ :
+ :
+ Load "xtt"
+EndSection</programlisting>
+ <para>³Ì«á¦A³z¹L <link linkend="ttfm">ttfm</link>
+ ¨Ó¦w¸Ë·s¦rÅé´N¥i¥H¤F¡C</para>
+ <para>¬O¤£¬O¤@©w­n xtt ¼Ò²Õ¤~¯à¨Ï¥Î¤¤¤å TrueType¡Hµª®×¤£¬O¡C
+ freetype ¼Ò²Õ¤]¥i¥H¥Î¨Ó³B²z¤¤¤å¡A¦ý¬O¨âªÌ¥u¯à¿ï¤@­Ó¡A
+ ¦Ó xtt ¬O±M¬° CJKV ¦r«¬¦Ó³]­p²£¥Íªº TrueType ³B²z¼Ò²Õ¡A
+ ¨ä¤¤ TTCap ¿ï¶µ©Ò´£¨Ñªº²ÊÅé¡B±×Åé¡B²Ê±×Åé¡A
+ ¥H¤Î¨ä¥L¥\¯à¬O¤¤¤å TrueType ©Ò¤£¯à©Î¯Êªº¡C</para>
+ <para>¹ï TTCap ¦Ó¨¥¡A¥Lªº»yªk¬OÂX¥R fonts.dir ¨Ó´£¨Ñ§ó¦hªº¿ï¶µ¡A¨Ò¦p¡G</para>
+ <programlisting>
+ds=y:ai=0.3:bsmi00lp.ttf -Arphic-AR PL Mingti2L Big5-bold-i-normal--0-0-0-0-c-0-iso10646-1</programlisting>
+ <para>³Ì«e­±ªº <option>ds=y:ai=0.3:</option> ´N¬O X-TT ÂX¥Rªº³¡¥÷¡C
+ ¦b³o­Ó¨Ò¤l¤¤¡A¤å¹©©úÅ骺¦WºÙ¬O bsmi00lp.ttf¡A
+ <option>ds=y</option>(Double Strike) ¨Ï¥Î²ÊÅé¡A
+ <option>ai=0.3</option>(Automatic Italic) ¨Ï¥Î±×Åé¡A
+ ©Ò¥H¬Û¹ïÀ³ªº²£¥Í <option>-bold-i-</option> ªº¤å¹©©úÅé²Ê±×Åé¦r«¬¡C
+ ¥t¥~¡A³Ì«á­±ªº iso10646-1 ´N¬O Unicode ¦r«¬¡A
+ ¥Ø«e¤å¹©¦r«¬¦b³o­Ó³¡¤Àªº¤ä«ù¨Ã¤£¬O«Ü¦n¡C</para>
+ <para>±`¥ÎªºÁÙ¦³ <option>fn=INTEGER</option> ¨Ó«ü©w
+ TrueType Collection(.ttc) Àɮתº face ¸¹½X¡A
+ ¹³¬O¥Ø«e³B²z mingliu ´N¬O¸õ¹L©T©w¼eªº²Ó©úÅé¡A
+ ¦Ó§ï±Ä¥Îª½±µ«ü©wÅܰʼeªº·s²Ó©úÅé <option>fn=1</option>¡C</para>
+ <para>¦pªG¨Ï¥Î freetype ¼Ò²Õ¡A¥i¥H³z¹L
+ <filename role="package">x11-fonts/ttmkfdir</filename>
+ ¨Ó²£¥Í²³æªº fonts.dir ©M¥Î <command>mkfontdir -e</command>
+ ¨Ó²£¥Í encodings.dir¡C</para>
+ <para>WWW: <ulink url="http://x-tt.sourceforge.jp/">
+ http://x-tt.sourceforge.jp/</ulink></para>
+ </sect2>
+ <sect2 id="fontconfig">
+ <title>fontconfig</title>
+ <para>Fontconfig ´£¨Ñ font matching ªº¾÷¨î¡A
+ Åý¨Ï¥Îªºµ{¦¡¤£¥²¦Û¤v¹ê§@¦r«¬¿ï¨úªº¤èªk¡A
+ À³¥Îµ{¦¡§Q¥Î Fontconfig ©Ò±o¨ìªº¦r«¬¦WºÙ¥hµe¦r¡C</para>
+ <para>fontconfig ¦w¸Ë§¹«áªº³]©wÀɦb
+ <filename>/usr/X11R6/etc/fonts/fonts.conf</filename>¡A
+ ¥¦¬O­Ó xml ®æ¦¡ªºÀɮסA¤@¯ë¤£«Øijª½±µ§ó§ï¥¦¡A¦pªG­n¥[ªF¦è«h¬O¥t¥~¼g¦b
+ <filename>~/.fonts.conf</filename>¡C</para>
+ <para>¨Ï¥Î fontconfig ¥u»Ý­n±N¦r«¬ÀÉ«þ¨©¨ì <filename>fonts.conf</filename>
+ ©Ò«ü©wªº¥Ø¿ý¤U(&lt;dir&gt;/usr/X11R6/lib/X11/fonts&lt;/dir&gt;)¡A
+ µM«á°õ¦æ <command>fc-cache -f -v</command> ¨Ó«Ø¥ß¦r«¬¸ê®Æ®w¡A
+ ¤]¥i¥H¥Î <command>fc-list</command> ¨Ó¨ú±o¤w¸g«Ø¥ßªº¸ê®Æ¡C</para>
+ <screen>
+&prompt.root; <userinput>fc-cache -f -v</userinput>
+ :
+ fc-cache: "/usr/X11R6/lib/X11/fonts/TrueType": caching, 8 fonts, 0 dirs
+ :
+fc-cache: "/root/.fonts": no such directory, skipping
+fc-cache: succeeded
+&prompt.root; <userinput>fc-list | grep Big5</userinput>
+AR PL KaitiM Big5:style=Regular
+AR PL Mingti2L Big5:style=Reguler</screen>
+ <para>¦ý¬O¦b¨Ï¥Î fontconfig ®É¡A¤¤¤å¤è­±ÁÙ¦³¨Ç¤ñ¸û¯S®íªº»Ý¨D¡C
+ ¨Ò¦p¦r«¬¯}¸Hªº°ÝÃD¡A¥²¶·­×§ï freetype2 ±N BYTECODE INTERPRETER µ¹±Ò¥Î¡C
+ ¥»¨­¨S¦³²ÊÅé¡B²Ê±×Å骺³]­p¡C¦r¶Z¹L¤j¬O¦]¬°¬Y¨Ç¦r«¬¬O©T©w¦r¶Z¡A
+ ¦ý¬O¦]¬°§t¦³ CJK ¦r«¬¡A¨t²Î¥H CJK ¦r«¬ªº¼e«×§@¬°­^¼Æ¦r«¬ªº¼e«×¡C
+ ¦r«¬¦WºÙ(family)¤£¤ä´©¤¤¤åªº¨Ï¥Î¡C</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="setlocale">
+ <title>¤¤¤å locale ªº³]©w</title>
+ <para>
+ ·í¤@­Óµ{¦¡±Ò°Ê®É¡A¨t²Î·|¹w³]µ¹¥¦¤@­Óªì©l locale¡AºÙ¬° POSIX ©Î
+ C locale¡C¦b¦¹ locale ¤U¡Aµ{¦¡ªºªí²{·|»P¶Ç²Îªº C »y¨¥¤¤¤@¼Ë¡A
+ ¨Ï¥Î­^¤å°µ°T®§¿é¥X¡A¥u¯à³B²z­^¤åµ¥ ASCII ½Xµ¥µ¥¡C
+ ¦pªG¸Óµ{¦¡¦³¤ä´© I18N¡A¤]´N¬O»¡¥¦¦³«ö·Ó I18N ªº¼Ð·Ç¨Ó¼g¡A
+ «h¥¦¦b±Ò°Ê«á´N·|°¨¤W©I¥s¨t²Î¨ç¦¡¨Ó§ïÅÜ¥¦ªº locale¡A
+ ¦p¦¹¥¦´N·n¨­¤@ÅÜ¡AÅܦ¨¥i¥H³B²z¸Ó locale ©Ò¥Nªíªº¦a°Ï»y¤å¤F¡C</para>
+ <para>zh_TW.Big5 ¬O¥Ø«e¥xÆW¤º¼sªx¨Ï¥Îªº locale¡A
+ zh ¬OµØ»y(Chinese)¡A1998 ¦~ ISO639 ¸Ì­±¥H¨â­Ó­^¤å¦r¥À¨Ó¥Nªí»y¨¥½s½X¡A
+ ³o­ÓÁY¼g¾Ú§Ú©Òª¾¨S¦³¥ô¦ó§t¸q¡A¦Ó TW ¥Nªíªº´N¬O¥xÆW(Taiwan)
+ ¦a°ÏªºÁY¼g¡A³Ì«áªº Big5 «h¬O½s½X¤è¦¡¡C</para>
+ <para>zh_TW.Big5 ªº locale ³]©wÀɦb
+ <filename>/usr/src/share/mklocale/zh_TW.Big5.src</filename>¡A
+ ¦Ó¹ê§@¤¤¡A«h¬OÀx¦s¦b <filename>/usr/share/locale/</filename> ¥Ø¿ý¤U¡A
+ ¥H§Ú­Ìªº zh_TW.Big5 locale ¬°¨Ò¡A¸Ó¥Ø¿ý¤¤´N¥]§t¤F
+ <filename>LC_COLLATE</filename>¡B<filename>LC_CTYPE</filename>¡B
+ <filename>LC_TIME</filename>¡C</para>
+ <para>
+ ¦Ó LC_MESSAGES «h¬OÀx¦s¦b <filename>/usr/local/share/locale/zh_TW/LC_MESSAGES/
+ </filename> ©Î¬O <filename>/usr/X11R6/share/locale/zh_TW.Big5/
+ </filename> ©³¤U¡C¥Ñ©ó LC_MESSAGES Ãþ§O´xºÞªº¬Oµ{¦¡°T®§¿é¥X©Ò¥Îªº»y¨¥¡A
+ ¦Ó¥B¤£¦Pµ{¦¡¶¡ªº°T®§³£¤£·|¤@¼Ë¡A¦]¦¹¥¦¤£¯à¹³¨ä¥LÃþ§O¤@¼Ë¡A
+ ¥u´£¨Ñ³æ¤@¤@­Ó¸ê®ÆÀɧY¥i¡C¬Û¤Ïªº¡A
+ ¦b³oùةұĨúªº¤è¦¡¬O¥Ñ¦UÀ³¥Îµ{¦¡¦Û¦æ´£¨Ñ¥¦­Ìªº°T®§¸ê®ÆÀÉ¡A
+ ¨Ã²Î¤@©ñ¦b¦U locale ªº LC_MESSAGES ªº¥Ø¿ý¤U¡C¨Ò¦p mutt µ{¦¡¡A
+ ¨ä°T®§ªº³¡¤À°£¤F­^¤å¥H¥~¡A¥i¯àÁÙ¦P®É´£¨Ñ¤FÁcÅ餤¤å¡B²Å餤¤å¡B
+ ¤é¤å¡Bªk¤å µ¥Â½Ä¶¡A¦]¦¹¡A¦b¥H¤W³o¨Ç»y¤å©Ò¥Nªíªº locale ¤¤¡A
+ ¨ä©³¤Uªº LC_MESSAGES ¥Ø¿ý¤¤³£·|¦³¤@¥÷ÄÝ©ó mutt µ{¦¡ªº°T®§¸ê®ÆÀÉ¡C
+ ´«¥y¸Ü»¡¡A¦b I18N ¬[ºc¤U¡Aµ{¦¡°T®§³¡¤À¬O»Pµ{¦¡¤ÀÂ÷ªº¡A
+ ¦p¦¹¤~¯à¤À§O¹ï¦U locale °µ ``°Ï°ì¤Æ'' (§Y½Ķ¦¨¦U¦a°Ïªº»y¨¥)¡C
+ ¦p¦¹¡A·í mutt ¦b°õ¦æ®É¡A¨t²Î·|®Ú¾Ú¥Ø«e¥¦ªº LC_MESSAGES locale
+ ³]©w¥h§ä§ä¬Ý¦³¨S¦³¥¦ªº°T®§¸ê®ÆÀɦs¦b¡A¦³ªº¸Ü´N¥H¸Ó»y¨¥°µ°T®§¿é¥X¡A
+ §_«hªº¸Ü«h¥H C locale ªº¤è¦¡ (§Y­^¤å) ¨Ó¿é¥X°T®§¡C </para>
+ <para>
+ ¥H¤W©Ò¦³ªº locale Ãþ§O¤¤¡A°£¤F LC_MESSAGES ¤§¥~¡A³Ì­«­nªº´N¬O
+ LC_CTYPE ¤F¡C¦¹Ãþ§O´xºÞªº¬O¸Ó locale ¤¤©Ò¦³¦r¤¸ªº³B²z¤è¦¡¡C
+ ¤@­ÓÀ³¥Îµ{¦¡­Y­n¯à³Q ``°Ï°ì¤Æ'' ¦¨¬Y¦a°Ïªº»y¤å¡A
+ ­º­n¤u§@´N¬O­n¯à³B²z¸Ó¦a°Ïªº¤å¦r¡C¨Ò¦p¨C­Ó¦rªº¤º½X¦p¦ó½s½X¡H
+ ¬O³æ¤@ byte ÁÙ¬O¥Ñ¦h­Ó bytes ²Õ¦¨ªº¡H«ç¼Ëªº½s½X¤~¬O¦Xªk¥i¥Îªº¡H
+ ³o­Ó¦r¬O¤£¬O¥i¥H¦L¡H¬O¤£¬O¼Æ¦r¡H­Yµ¹©w¥ô·Nªº¤å¦r¦r¦ê¡A
+ ­n¦p¦ó¯à°Ï¤À¥X¤@­Ó­Ó¦r µ¥µ¥¡C¦]¦¹¡A¦¹Ãþ§O²o¯Aªº¼h­±¬Û·í¼s¡A
+ °£¤Fµ{¦¡¥»¨­ªº¤å¦r³B²z¯à¤O¥H¥~¡A¬Æ¦Ü¨ì X Window ¤¤ªº¤å¦rÅã¥Ü
+ (§Y XOM: X Output Method)¡B¤å¦r¿é¤J (§Y XIM: X Input Method) µ¥µ¥¡A
+ ³£»P¥¦¦³Ãö¡C¦]¦¹¡A·í§Ú­Ì­n¶}©l¨Ï¥Î¤@­Ó¤ä´© I18N ªºµ{¦¡¤§«e¡A
+ ¤@©w­n¥ý³]¦n LC_CTYPE ³o­Ó locale Ãþ§O¡C </para>
+ <sect2>
+ <title>³]©w Shell locale Àô¹ÒÅܼÆ</title>
+ <para>
+ §Ú­Ì¥²¶·«ü©w zh_TW.Big5 ³o­Ó locale Àô¹ÒÅܼƵ¹ Shell¡AShell
+ ¤~¯à¥¿½Tªº³B²z¤¤¤å°T®§¡A¤@¯ë¦Ó¨¥§Ú­Ì¥u­n«ü©w locale ªº¦r¤¸©w¸q
+ LC_CTYPE ¬° zh_TW.Big5 §Y¥iÅý Shell ¥¿½Tªº³B²z¤¤¤å¡A­Y­nÅý
+ Shell ªº¿é¥X°T®§¤]Åã¥Ü¤¤¤å¡A«h¥i±N locale °T®§Åã¥Ü LC_MESSAGES
+ ¤]³]©w¬°¤¤¤åªº locale data¡C</para>
+ <para>
+ ¦Ü©ó­n³]©w stty pass8 ªº­ì¦]¬O¡A¥xÆW¦a°Ï©Ò³q¦æªº Big5 ½s½X¡A
+ ¤Î¤j³°¦a°Ï©Ò¨Ï¥Îªº GB ½s½X¡A¨ä¶}ÀYªº¦ì¤¸´X¥G³£¬O¤j©ó 128 ªº¼Æ­È¡A
+ ¤]´N¬O©Ò¿× non-ASCII ½Xªº½d³ò(ASCII ¬O«ü¤p©ó 128 ªº½s½X)¡C
+ ¤¤¤å°ÝÃD´N¦b³o¸Ì¡A³\¦hµ{¦¡¥Ñ©ó¦U¦¡¦U¼Ëªº­ì¦]¡A
+ ¨Ã¥¼¦Ò¼{¨ì¿é¤Jªº¸ê®Æ¥i¯à¬O non-ASCII ½Xªº°ÝÃD¡A
+ µ{¦¡©¹©¹°²³]¤F¦o©Ò­n³B²zªº¸ê®Æ³£¬O ASCII ½X
+ (¦]¬°¤j³¡¤À³nÅ鬰¥~°ê¤Hµo®iªº)¡A§óÁV¿|ªº¬O¡A
+ ·íµ{¦¡¹J¨ì non-ASCII ½X®É¡A±`±`°²³]¦o¤£¦s¦b¡A
+ ¦Ó±N¥¦ªº²Ä¤K­Ó¦ì¤¸ºI¥h¡A³o¬O©Ò¿×ªº 8-bit ¿é¤J¤¤¤å®É¡A
+ ¨C¨C±N²Ä¤K¦ì¤¸¬å±¼¡A©Ò¥H¤¤¤å³£Åܦ¨¶Ã½X¡C¦]¦¹¥²¶·«ü©w stty pass8¡A
+ ĵ§i Shell ¤£­n±N¿é¤Jªº²Ä¤K­Ó¦ì¤¸ºI±¼¡A³o¼Ë¤~¯à¥¿½TÅã¥Ü¤¤¤å¡C</para>
+ <para>
+ ENABLE_STARTUP_LOCALE «h¬O a.out ¿òª«¡A¥L·|±j¨î ld.so ¸ü¤Jµ{¦¡«e¡A
+ ¥ý©I¥s setlocale()¡A¦b 3.x «e´N§â³o­Ó ugly hack ®³±¼¤F¡C</para>
+ </sect2>
+ <sect2>
+ <title>¦r¤¸ªº¤ÀÃþ»P½s½X</title>
+ <para>¤@­Ó locale ©Ò¥]§tªº¦Xªk¦r¤¸»P¨ä½s½X¤è¦¡¡A§Ú­ÌºÙ¤§¬°
+ character set (¦r¶°)¡C¥H§Ú­Ìªº zh_TW.Big5 locale ¬°¨Ò¡A
+ ¨ä¹ê¥¦¤º³¡¥]§t¤F¨â­Ó sub-character set¡A¤@­Ó¬O ASCII
+ ¥Î¨Óªí¥Ü¤@½sªº­^¤å¡B¼Æ¦r¡B¹q¸£ºD¥Î²Å¸¹ µ¥µ¥¡A¥t¤@­Ó´N¬O¥H
+ Big5 ½s½X¤è¦¡ªº¡A§Ú­Ì«UºÙªº ``¥þ§Î'' ¦r¡A¥]¬A¤F¤¤¤å¦r¡B
+ ¥þ§Î­^¤å¡B¼Æ¦r¡B¥H¤Î²Å¸¹ µ¥¡C«eªÌ¨C­Ó¦r¤¸ªºªø«×¬O¤@­Ó
+ byte¡A¦Ó«áªÌ¨C­Ó¦r¤¸ªºªø«×«h¬O¨â­Ó byte¡C</para>
+ <para>¦b locale ªº³]©w¤¤¡A¥H LC_CTYPE ³Ì¬°­«­n¡A
+ LC_CTYPE ¥]§t¤F¦r¤¸¤º½X¸ê°T¡A
+ ª½±µ¼vÅT³¡¥÷ C ¨ç¦¡¶¤¦r¤¸ªº³B²zµ²ªG¡A¥]¬A¡G</para>
+ <itemizedlist>
+ <listitem><para>
+ ctype.h:
+ isalnum(), isalpha(), iscntrl(), isdigit(), isgraph(), islower(),
+ isprint(), ispunct(), isspace(), isupper(), isxdigit(), tolower(),
+ toupper().
+ </para></listitem>
+ <listitem><para>
+ wctype.h:
+ iswalnum(), iswalpha(), iswcntrl(), iswdigit(), iswgraph(), iswlower(),
+ iswprint(), iswpunct(), iswspace(), iswupper(), iswxdigit(),
+ towlower(), towupper().
+ </para></listitem>
+ <listitem><para>
+ stdlib.h:
+ mblen(), mbtowc(), mbstowcs(), wctomb(), wcstombs().
+ </para></listitem>
+ </itemizedlist>
+ <para>zh_TW.Big5 locale ªº³]©wÀɦb
+ <filename>/usr/src/share/mklocale/zh_TW.Big5.src</filename>¡A
+ ¦b LC_CTYPE ªº³]©wÀɤ¤¡A¥¦±N©Ò¦³ªº¦r¤¸¤ÀÃþ¦¨¥H¤U´XºØ¡G</para>
+<programlisting>
+UPPER: «÷­µ¦rªº¤j¼g¦r¡C
+LOWER: «÷­µ¦rªº¤p¼g¦r¡C
+ALPHA: ©Ò¦³ªº«÷­µ¦r¥À¡C
+DIGIT: ªü©Ô§B¼Æ¦r¡C
+SPACE: ªÅ¹j¦r¤¸¡A¦pªÅ¥Õ (space)¡B´«¦æ¡Btab ...¦r¤¸µ¥¡C
+XDIGIT: ¥Nªí¤Q¤»¶i¦ì¼Æ¦rªº¦r¤¸¡C
+BLANK: ªÅ¥Õ¦r¤¸¡A³q±`¥u¥]¬AªÅ¥Õ (space) »P tab ¨â­Ó¡C
+CNTRL: ¹q¸£ªº±±¨î¦r¤¸¡C
+PUNCT: ¼ÐÂI²Å¸¹¡C
+GRAPH: ©Ò¦³¦³µ§µeªº¦r¤¸¡A¤£¥]¬AªÅ¥Õ»PªÅ®æ¡C
+PRINT: ©Ò¦³¥i¥H¦L¥Xªº¦r¤¸¡A¥]¬AªÅ¥Õ (blank) ¦r¤¸¡C
+TOUPPER: ¤p¼g«÷­µ¦r¥ÀÂà¤j¼g«÷­µ¦r¥Àªº¹ïÀ³ªí¡C
+TOLOWER: ¤j¼g«÷­µ¦r¥ÀÂà¤p¼g«÷­µ¦r¥Àªº¹ïÀ³ªí¡C</programlisting>
+ </sect2>
+ </sect1>
+
+ <sect1 id="tzsetup">
+ <title>®É°Ïªº³]©w</title>
+ <para>Last Update: 2002¦~12¤ë30¤é ©P¤@ 00®É13¤À37¬í CST</para>
+ <para>
+ §Ú­Ìªº®É°Ï¬O CST¡A¦pªG³]©w¿ùªº¸Ü <command>date</command>
+ ¸òÀɮ׫إߪº®É¶¡¬Ý°_¨Ó´N·|«Ü©Ç¡C
+ </para>
+ <para>¨Ï¥Î <command>tzsetup</command> ¨Ó­×§ï¡G</para>
+ <para>
+ ­º¥ý¦w¸Ëµ{¦¡·|°Ý¡A±zªº CMOS ®É¶¡¬O§_¬O®æªL«Âªv®É¶¡(UTC)¡A
+ §Ú­Ìªº CMOS ³q±`³£¬O³]¬°·í¦aªº®É¶¡¡A©Ò¥H½Ð¿ï ¡yNO¡z¡C
+ ±µ¤U¨Ó­n¿ï®É°Ï¡A§Ú­Ì¿ï¡y5 Asia¡z¡B¡y43 Taiwan¡z¡C
+ ©Î¬Oª½±µ¨Ï¥Î¥H¤Uªº«ü¥O¡C
+ </para>
+ <screen>
+&prompt.root; <userinput>tzsetup /usr/share/zoneinfo/Asia/Taipei</userinput>
+ </screen>
+ <para>¥t¥~¤]¥i¥H§Q¥Î <application>ntpdate</application> ¨Ó»Pºô¸ô®É¶¡¨ó©w
+ (NTP) ¦øªA¾¹¹ï®É¡C
+ </para>
+ <screen>
+&prompt.root; <userinput>ntpdate time.stdtime.gov.tw</userinput></screen>
+ <para>¤ñ¸û±`¥Îªº¹ï®É¦øªA¾¹¦³¡G</para>
+ <programlisting>
+time.stdtime.gov.tw
+clock.stdtime.gov.tw
+time.chttl.com.tw</programlisting>
+ <note><para>¦pªG·Q­nº¥º¥½Õ¨ì¥¿½T¡A¦Ó¤£¬O°¨¤W½Õ·Ç¡A¥i¥H¥Î ntpd¡A
+ ±N <option>server time.stdtime.gov.tw</option> ¼g¨ì
+ <filename>/etc/ntp.conf</filename>¡C</para></note>
+ <para>µM«á¥Î <command>date</command> ½T»{¤@¤U®É¶¡¬O¤£¬O¥¿½T¡C</para>
+ <screen>
+&prompt.user; <userinput>date</userinput>
+2002¦~12¤ë30¤é ©P¤@ 00®É13¤À37¬í CST</screen>
+ </sect1>
+
+
+</chapter>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-declaration: "../chapter.decl"
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ sgml-parent-document: ("../zh-tut.sgml" "part" "chapter")
+ End:
+-->
diff --git a/zh_TW.Big5/books/zh-tut/freebsd.dsl b/zh_TW.Big5/books/zh-tut/freebsd.dsl
new file mode 100644
index 0000000000..e8c608aa91
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/freebsd.dsl
@@ -0,0 +1,24 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ $FreeBSD$
+-->
+
+<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
+<!ENTITY freebsd.dsl SYSTEM "/usr/doc/share/sgml/freebsd.dsl" CDATA DSSSL>
+<!ENTITY % lang.zh.dsssl "IGNORE">
+]>
+
+<style-sheet>
+ <style-specification use="docbook">
+ <style-specification-body>
+ <![ %lang.zh.dsssl; [
+ (define %gentext-language% "zh")
+ ]]>
+
+ (define %html-header-tags% '(("META" ("HTTP-EQUIV" "Content-Type") ("CONTENT" "text/html; charset=Big5"))))
+
+ </style-specification-body>
+ </style-specification>
+
+ <external-specification id="docbook" document="freebsd.dsl">
+</style-sheet>
diff --git a/zh_TW.Big5/books/zh-tut/images/image b/zh_TW.Big5/books/zh-tut/images/image
new file mode 100644
index 0000000000..a07cb7212e
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/images/image
@@ -0,0 +1,9 @@
+<!-- $FreeBSD$ -->
+ <figure>
+ <title> snapshot</title>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="images/" format="PNG">
+ </imageobject>
+ </mediaobject>
+ </figure>
diff --git a/zh_TW.Big5/books/zh-tut/zh-tut.sgml b/zh_TW.Big5/books/zh-tut/zh-tut.sgml
new file mode 100644
index 0000000000..dc82203603
--- /dev/null
+++ b/zh_TW.Big5/books/zh-tut/zh-tut.sgml
@@ -0,0 +1,103 @@
+<!--
+ The Chinese FreeBSD Documentation Project
+ Id: zh-tut.sgml,v 1.23 2003/11/15 19:12:06 statue Exp
+ $FreeBSD$
+-->
+<!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN" [
+<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
+%man;
+
+<!ENTITY % bookinfo PUBLIC "-//FreeBSD//ENTITIES DocBook BookInfo Entities//EN">
+%bookinfo;
+
+<!ENTITY % chapters SYSTEM "chapters.ent"> %chapters;
+<!ENTITY % authors SYSTEM "authors.ent"> %authors;
+
+<!-- The currently released version of FreeBSD. This value is used to
+ create some links on web sites and such, so do NOT change it until
+ it's really release time -->
+<!ENTITY rel.current CDATA "4.4">
+]>
+
+<book>
+ <bookinfo>
+ <title>FreeBSD Chinese HOWTO</title>
+
+ <authorgroup>
+ <author>
+ <surname>The Chinese FreeBSD Documentation Project</surname>
+ </author>
+ </authorgroup>
+
+ <pubdate>October 2003</pubdate>
+
+ <copyright>
+ <year>1999</year>
+ <year>2000</year>
+ <year>2001</year>
+ <year>2002</year>
+ <year>2003</year>
+ <holder role="mailto:statue@freebsd.sinica.edu.tw">Shen Chun-Hsing</holder>
+ </copyright>
+
+ &bookinfo.legalnotice;
+
+ <abstract>
+ <para>
+ ¥»¤å»¡©ú¦p¦ó¦b FreeBSD ªº¨t²Î¤W¨Ï¥Î¤¤¤å¡C¨ä¤¤¥]¬A¤F¦b FreeBSD
+ ¨t²Î¤W¨Ï¥Î¤¤¤å¥i¯à¾D¹Jªº°ÝÃD¡A¥H¤Î¦p¦ó¨ú±o¡A
+ ¦w¸Ë»P³]©w¦UºØ¤£¦Pªº¤¤¤å³nÅé¡A¥H¤Î FreeBSD ªº¤¤¤å¤Æ¤u§@µ¥¡C</para>
+ <para>
+ ¦pªG±z¦b¨Ï¥Î FreeBSD/Linux ¤W¹J¨ì¥ô¦óªº¤¤¤å°ÝÃD¡A
+ ³£Åwªï¼g«H¸ò§Ú°Q½×¡A·í±z¹J¨ìªº¤¤¤å°ÝÃD¦³¸Ñµªªº®É­Ô¡A
+ ¤]§Æ±æ¯à¼g«Ê«H³qª¾¤p§Ì &a.statue; ·s¼W©Î­×§ï¡C</para>
+ </abstract>
+ </bookinfo>
+
+ &chap.preface;
+ &chap.stepbystep;
+
+<!-- <part id="chinese-environment">
+ <title>¤¤¤åÀô¹Ò</title>-->
+ &chap.difficult;
+ &chap.xwin;
+ &chap.message;
+ &chap.fonts;
+ &chap.view;
+ &chap.wm;
+ &chap.print;
+<!-- </part>-->
+
+<!-- <part id="chinese-application">
+ <title>¤¤¤åÀ³¥Î³nÅé</title>-->
+ &chap.compose;
+ &chap.converter;
+ &chap.mailclient;
+ &chap.net;
+ &chap.devel;
+ &chap.multimedia;
+ &chap.dict;
+ &chap.software;
+ &chap.outta;
+ &chap.other;
+ &chap.l10n;
+<!-- </part>-->
+
+<!-- <part id="appendicies">
+ <title>ªþ¿ý</title>-->
+ &chap.faq;
+ &chap.charmap;
+ &chap.ack;
+<!-- </part>-->
+
+</book>
+
+<!--
+ Local Variables:
+ mode: sgml
+ sgml-indent-data: t
+ sgml-omittag: nil
+ sgml-always-quote-attributes: t
+ End:
+-->
+
diff --git a/zh_TW.Big5/share/sgml/glossary/freebsd-glossary.sgml b/zh_TW.Big5/share/sgml/glossary/freebsd-glossary.sgml
index 7c77be771a..95c9da32dc 100644
--- a/zh_TW.Big5/share/sgml/glossary/freebsd-glossary.sgml
+++ b/zh_TW.Big5/share/sgml/glossary/freebsd-glossary.sgml
@@ -1,1784 +1,1926 @@
-<!--
+<!--
$FreeBSD$
FreeBSD Glossary Terms
Please keep this file sorted alphabetically/ASCIIly by glossterm.
glossterms that are acronyms should have two entries - one for
the expanded acronym and another for the acronym itself. The
second of these should reference the entry for the expanded acronym
via a glosssee element. For example:
<glossentry>
<glossterm>FUBAR</glossterm>
<glosssee otherterm="fubar-glossary">
</glossentry>
<glossentry id="fubar-glossary">
<glossterm>Fuc... Up Beyond All Recognition</glossterm>
<acronym>FUBAR</acronym>
<glossdef>
<para>Broken.</para>
</glossdef>
</glossentry>
Note that in this instance, the expanded acronym sorts below the
unexpanded acronym. That's OK.
Finally, id attribute values should end in the string
"-glossary" to avoid conflicting with id attribute values in
the main text.
-->
<glossary status="draft" id="freebsd-glossary">
<title>&os; Glossary</title>
<para>This glossary contains terms and acronyms used within the &os;
community and documentation.</para>
<glossdiv>
<title>A</title>
<glossentry>
<glossterm>ACL</glossterm>
<glosssee otherterm="acl-glossary">
</glossentry>
<glossentry>
<glossterm>ACPI</glossterm>
<glosssee otherterm="acpi-glossary">
</glossentry>
<glossentry>
<glossterm>AMD</glossterm>
<glosssee otherterm="amd-glossary">
</glossentry>
<glossentry>
<glossterm>AML</glossterm>
<glosssee otherterm="aml-glossary">
</glossentry>
+ <glossentry>
+ <glossterm>API</glossterm>
+ <glosssee otherterm="api-glossary">
+ </glossentry>
+
<glossentry>
<glossterm>APIC</glossterm>
<glosssee otherterm="apic-glossary">
</glossentry>
<glossentry>
<glossterm>APM</glossterm>
<glosssee otherterm="apm-glossary">
</glossentry>
<glossentry>
<glossterm>APOP</glossterm>
<glosssee otherterm="apop-glossary">
</glossentry>
<glossentry>
<glossterm>ASL</glossterm>
<glosssee otherterm="asl-glossary">
</glossentry>
<glossentry>
<glossterm>ATA</glossterm>
<glosssee otherterm="ata-glossary">
</glossentry>
<glossentry>
<glossterm>ATM</glossterm>
<glosssee otherterm="atm-glossary">
</glossentry>
<glossentry id="aml-glossary">
<glossterm><acronym>ACPI</acronym> Machine Language</glossterm>
<acronym>AML</acronym>
<glossdef>
<para>Pseudocode, interpreted by a virtual machine within an
<acronym>ACPI</acronym>-compliant operating system, providing a
layer between the underlying hardware and the documented
interface presented to the <acronym>OS</acronym>.</para>
</glossdef>
</glossentry>
<glossentry id="asl-glossary">
<glossterm><acronym>ACPI</acronym> Source Language</glossterm>
<acronym>ASL</acronym>
<glossdef>
<para>The programming language <acronym>AML</acronym> is written in.</para>
</glossdef>
</glossentry>
<glossentry id="acl-glossary">
<glossterm>Access Control List</glossterm>
<acronym>ACL</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="acpi-glossary">
<glossterm>Advanced Configuration and Power Interface</glossterm>
<acronym>ACPI</acronym>
<glossdef>
<para>A specification which provides an abstraction of the
interface the hardware presents to the operating system, so
that the operating system should need to know nothing about
the underlying hardware to make the most of it. <acronym>ACPI</acronym>
evolves and supercedes the functionality provided previously by
<acronym>APM</acronym>, <acronym>PNPBIOS</acronym> and other technologies, and
provides facilities for controlling power consumption, machine
suspension, device enabling and disabling, etc.</para>
</glossdef>
</glossentry>
+ <glossentry id="api-glossary">
+ <glossterm>Application Programming Interface</glossterm>
+ <acronym>API</acronym>
+ <glossdef>
+ <para>A set of procedures, protocols and tools that specify the
+ canonical interaction of one or more program parts; how, when
+ and why they do work together, and what data they share or
+ operate on.</para>
+ </glossdef>
+ </glossentry>
+
<glossentry id="apm-glossary">
<glossterm>Advanced Power Management</glossterm>
<acronym>APM</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="apic-glossary">
<glossterm>Advanced Programmable Interrupt Controller</glossterm>
<acronym>APIC</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ata-glossary">
<glossterm>Advanced Technology Attachment</glossterm>
<acronym>ATA</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="atm-glossary">
<glossterm>Asynchronous Transfer Mode</glossterm>
<acronym>ATM</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="apop-glossary">
<glossterm>Authenticated Post Office Protocol</glossterm>
<acronym>APOP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="amd-glossary">
<glossterm>Automatic Mount Daemon</glossterm>
<acronym>AMD</acronym>
<glossdef>
<para>A daemon that automatically mounts a filesystem when a file
or directory within that filesystem is accessed.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>B</title>
<glossentry>
<glossterm>BIND</glossterm>
<glosssee otherterm="bind-glossary">
</glossentry>
<glossentry>
<glossterm>BIOS</glossterm>
<glosssee otherterm="bios-glossary">
</glossentry>
<glossentry>
<glossterm>BSD</glossterm>
<glosssee otherterm="bsd-glossary">
</glossentry>
<glossentry id="bios-glossary">
<glossterm>Basic Input/Output System</glossterm>
<acronym>BIOS</acronym>
<glossdef>
- <para></para>
+ <para>The definition of <acronym>BIOS</acronym> depends a bit on
+ the context. Some people refer to it as the <acronym>ROM</acronym>
+ chip with a basic set of routines to provide an interface between
+ software and hardware. Others refer to it as the set of routines
+ contained in the chip that help in bootstrapping the system. Some
+ might also refer to it as the screen used to configure the
+ boostrapping process. The <acronym>BIOS</acronym> is PC-specific
+ but other systems have something similar.</para>
</glossdef>
</glossentry>
<glossentry id="bind-glossary">
<glossterm>Berkeley Internet Name Domain</glossterm>
<acronym>BIND</acronym>
<glossdef>
- <para></para>
+ <para>An implementation of the <acronym>DNS</acronym> protocols.</para>
</glossdef>
</glossentry>
<glossentry id="bsd-glossary">
<glossterm>Berkeley Software Distribution</glossterm>
<acronym>BSD</acronym>
<glossdef>
<para>This is the name that the Computer Systems Research Group
(CSRG) at <ulink url="http://www.berkeley.edu">The University
of California at Berkeley</ulink>
gave to their improvements and modifications to
AT&amp;T's 32V &unix;.
&os; is a descendant of the CSRG work.</para>
</glossdef>
</glossentry>
<glossentry id="bikeshed-glossary">
<glossterm>Bikeshed Building</glossterm>
<glossdef subject="FreeBSD">
<para>A phenomenon whereby many people will give an opinion on
an uncomplicated topic, whilst a complex topic receives little
or no discussion. See the
<ulink url="&url.books.faq;/misc.html#BIKESHED-PAINTING">FAQ</ulink> for
the origin of the term.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>C</title>
<glossentry>
<glossterm>CD</glossterm>
<glosssee otherterm="cd-glossary">
</glossentry>
<glossentry>
<glossterm>CHAP</glossterm>
<glosssee otherterm="chap-glossary">
</glossentry>
<glossentry>
<glossterm>CLIP</glossterm>
<glosssee otherterm="clip-glossary">
</glossentry>
<glossentry>
<glossterm>COFF</glossterm>
<glosssee otherterm="coff-glossary">
</glossentry>
<glossentry>
<glossterm>CPU</glossterm>
<glosssee otherterm="cpu-glossary">
</glossentry>
<glossentry>
<glossterm>CTS</glossterm>
<glosssee otherterm="cts-glossary">
</glossentry>
<glossentry>
<glossterm>CVS</glossterm>
<glosssee otherterm="cvs-glossary">
</glossentry>
<glossentry id="cd-glossary">
<glossterm>Carrier Detect</glossterm>
<acronym>CD</acronym>
<glossdef>
<para>An RS232C signal indicating that a carrier has been
detected.</para>
</glossdef>
</glossentry>
<glossentry id="cpu-glossary">
<glossterm>Central Processing Unit</glossterm>
<acronym>CPU</acronym>
<glossdef>
- <para></para>
+ <para>Also known as the processor. This is the brain of the
+ computer where all calculations take place. There are a number of
+ different architectures with different instruction sets. Among
+ the more well-known are the Intel-x86 and derivatives, Sun SPARC,
+ PowerPC, and Alpha.</para>
</glossdef>
</glossentry>
<glossentry id="chap-glossary">
<glossterm>Challenge Handshake Authentication Protocol</glossterm>
<acronym>CHAP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="clip-glossary">
<glossterm>Classical <acronym>IP</acronym> over <acronym>ATM</acronym></glossterm>
<acronym>CLIP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="cts-glossary">
<glossterm>Clear To Send</glossterm>
<acronym>CTS</acronym>
<glossdef>
<para>An RS232C signal giving the remote system
permission to send data.</para>
</glossdef>
</glossentry>
<glossentry id="coff-glossary">
<glossterm>Common Object File Format</glossterm>
<acronym>COFF</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="cvs-glossary">
<glossterm>Concurrent Versions System</glossterm>
<acronym>CVS</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>D</title>
<glossentry>
<glossterm>DAC</glossterm>
<glosssee otherterm="dac-glossary">
</glossentry>
<glossentry>
<glossterm>DDB</glossterm>
<glosssee otherterm="ddb-glossary">
</glossentry>
<glossentry>
<glossterm>DES</glossterm>
<glosssee otherterm="des-glossary">
</glossentry>
<glossentry>
<glossterm>DHCP</glossterm>
<glosssee otherterm="dhcp-glossary">
</glossentry>
<glossentry>
<glossterm>DNS</glossterm>
<glosssee otherterm="dns-glossary">
</glossentry>
<glossentry>
<glossterm>DSDT</glossterm>
<glosssee otherterm="dsdt-glossary">
</glossentry>
<glossentry>
<glossterm>DSR</glossterm>
<glosssee otherterm="dsr-glossary">
</glossentry>
<glossentry>
<glossterm>DTR</glossterm>
<glosssee otherterm="dtr-glossary">
</glossentry>
<glossentry>
<glossterm>DVMRP</glossterm>
<glosssee otherterm="dvmrp-glossary">
</glossentry>
<glossentry id="dac-glossary">
<glossterm>Discretionary Access Control</glossterm>
<acronym>DAC</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="des-glossary">
<glossterm>Data Encryption Standard</glossterm>
<acronym>DES</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="dsr-glossary">
<glossterm>Data Set Ready</glossterm>
<acronym>DSR</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="dtr-glossary">
<glossterm>Data Terminal Ready</glossterm>
<acronym>DTR</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ddb-glossary">
<glossterm>Debugger</glossterm>
<acronym>DDB</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="dsdt-glossary">
<glossterm>Differentiated System Description Table</glossterm>
<acronym>DSDT</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="dvmrp-glossary">
<glossterm>Distance-Vector Multicast Routing Protocol</glossterm>
<acronym>DVMRP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="dns-glossary">
<glossterm>Domain Name System</glossterm>
<acronym>DNS</acronym>
<glossdef>
- <para></para>
+ <para>The system that converts humanly readable hostnames (i.e.,
+ mail.example.net) to Internet addresses and vice versa.</para>
</glossdef>
</glossentry>
<glossentry id="dhcp-glossary">
<glossterm>Dynamic Host Configuration Protocol</glossterm>
<acronym>DHCP</acronym>
<glossdef>
- <para></para>
+ <para>A protocol that dynamically assigns IP addresses to a computer
+ (host) when it requests one from the server. The address assignment
+ is called a <quote>lease</quote>.<para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>E</title>
<glossentry>
<glossterm>ECOFF</glossterm>
<glosssee otherterm="ecoff-glossary">
</glossentry>
<glossentry>
<glossterm>ELF</glossterm>
<glosssee otherterm="elf-glossary">
</glossentry>
<glossentry>
<glossterm>ESP</glossterm>
<glosssee otherterm="esp-glossary">
</glossentry>
<glossentry id="esp-glossary">
<glossterm>Encapsulated Security Payload</glossterm>
<acronym>ESP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="elf-glossary">
<glossterm>Executable and Linking Format</glossterm>
<acronym>ELF</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ecoff-glossary">
<glossterm>Extended <acronym>COFF</acronym></glossterm>
<acronym>ECOFF</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>F</title>
<glossentry>
<glossterm>FADT</glossterm>
<glosssee otherterm="fadt-glossary">
</glossentry>
<glossentry>
<glossterm>FAT</glossterm>
<glosssee otherterm="fat-glossary">
</glossentry>
<glossentry>
<glossterm>FAT16</glossterm>
<glosssee otherterm="fat16-glossary">
</glossentry>
<glossentry>
<glossterm>FTP</glossterm>
<glosssee otherterm="ftp-glossary">
</glossentry>
<glossentry id="fat-glossary">
<glossterm>File Allocation Table</glossterm>
<acronym>FAT</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="fat16-glossary">
<glossterm>File Allocation Table (16-bit)</glossterm>
<acronym>FAT16</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ftp-glossary">
<glossterm>File Transfer Protocol</glossterm>
<acronym>FTP</acronym>
<glossdef>
- <para></para>
+ <para>A member of the family of high-level protocols implemented
+ on top of <acronym>TCP</acronym> which can be used to transfer
+ files over a <acronym>TCP/IP</acronym> network.</para>
</glossdef>
</glossentry>
<glossentry id="fadt-glossary">
<glossterm>Fixed <acronym>ACPI</acronym> Description Table</glossterm>
<acronym>FADT</acronym>
<glossdef>
<para></para>
</glossdef>
</glossdiv>
<glossdiv>
<title>G</title>
<glossentry>
<glossterm>GUI</glossterm>
<glosssee otherterm="gui-glossary">
</glossentry>
<glossentry id="giant-glossary">
<glossterm>Giant</glossterm>
<glossdef subject="FreeBSD">
<para>The name of a mutual exclusion mechanism
(a <literal>sleep mutex</literal>) that protects a large
set of kernel resources. Although a simple locking mechanism
was adequate in the days where a machine might have only
a few dozen processes, one networking card, and certainly
only one processor, in current times it is an unacceptable
performance bottleneck. &os; developers are actively working
to replace it with locks that protect individual resources,
which will allow a much greater degree of parallelism for
both single-processor and multi-processor machines.</para>
</glossdef>
</glossentry>
<glossentry id="gui-glossary">
<glossterm>Graphical User Interface</glossterm>
<acronym>GUI</acronym>
<glossdef>
<para>A system where the user and computer interact with
graphics.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>H</title>
<glossentry>
<glossterm>HTML</glossterm>
<glosssee otherterm="html-glossary">
</glossentry>
<glossentry>
<glossterm>HUP</glossterm>
<glosssee otherterm="hup-glossary">
</glossentry>
<glossentry id="hup-glossary">
<glossterm>HangUp</glossterm>
<acronym>HUP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="html-glossary">
<glossterm>HyperText Markup Language</glossterm>
<acronym>HTML</acronym>
<glossdef>
<para>The markup language used to create web pages.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>I</title>
<glossentry>
<glossterm>I/O</glossterm>
<glosssee otherterm="io-glossary">
</glossentry>
<glossentry>
<glossterm>IASL</glossterm>
<glosssee otherterm="iasl-glossary">
</glossentry>
<glossentry>
<glossterm>IMAP</glossterm>
<glosssee otherterm="imap-glossary">
</glossentry>
<glossentry>
<glossterm>IP</glossterm>
<glosssee otherterm="ip-glossary">
</glossentry>
<glossentry>
<glossterm>IPFW</glossterm>
<glosssee otherterm="ipfw-glossary">
</glossentry>
<glossentry>
<glossterm>IPP</glossterm>
<glosssee otherterm="ipp-glossary">
</glossentry>
<glossentry>
<glossterm>IPv4</glossterm>
<glosssee otherterm="ipv4-glossary">
</glossentry>
<glossentry>
<glossterm>IPv6</glossterm>
<glosssee otherterm="ipv6-glossary">
</glossentry>
<glossentry>
<glossterm>ISP</glossterm>
<glosssee otherterm="isp-glossary">
</glossentry>
<glossentry id="ipfw-glossary">
<glossterm><acronym>IP</acronym> Firewall</glossterm>
<acronym>IPFW</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ipv4-glossary">
<glossterm><acronym>IP</acronym> Version 4</glossterm>
<acronym>IPv4</acronym>
<glossdef>
- <para></para>
+ <para>The <acronym>IP</acronym> protocol version 4, which uses 32 bits
+ for addressing. This version is still the most widely used, but it
+ is slowly being replaced with <acronym>IPv6</acronym>.</para>
+ <glossseealso otherterm="ipv6-glossary">
</glossdef>
</glossentry>
<glossentry id="ipv6-glossary">
<glossterm><acronym>IP</acronym> Version 6</glossterm>
<acronym>IPv6</acronym>
<glossdef>
- <para></para>
+ <para>The new <acronym>IP</acronym> protocol. Invented because the
+ address space in <acronym>IPv4</acronym> is running out. Uses 128
+ bits for addressing.</para>
</glossdef>
</glossentry>
<glossentry id="io-glossary">
<glossterm>Input/Output</glossterm>
<acronym>I/O</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="iasl-glossary">
<glossterm>Intel&rsquo;s <acronym>ASL</acronym> compiler</glossterm>
<acronym>IASL</acronym>
<glossdef>
<para>Intel&rsquo;s compiler for converting <acronym>ASL</acronym> into
<acronym>AML</acronym>.</para>
</glossdef>
</glossentry>
<glossentry id="imap-glossary">
<glossterm>Internet Message Access Protocol</glossterm>
<acronym>IMAP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ipp-glossary">
<glossterm>Internet Printing Protocol</glossterm>
<acronym>IPP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ip-glossary">
<glossterm>Internet Protocol</glossterm>
<acronym>IP</acronym>
<glossdef>
- <para></para>
+ <para>The packet transmitting protocol that is the basic protocol on
+ the Internet. Originally developed at the U.S. Department of
+ Defense and an extremly important part of the <acronym>TCP/IP
+ </acronym> stack. Without the Internet Protocol, the Internet
+ would not have become what it is today. For more information, see
+ <ulink url="ftp://ftp.rfc-editor.org/in-notes/rfc791.txt">
+ RFC 791</ulink>.</para>
</glossdef>
</glossentry>
<glossentry id="isp-glossary">
<glossterm>Internet Service Provider</glossterm>
<acronym>ISP</acronym>
<glossdef>
- <para></para>
+ <para>A company that provides access to the Internet.</para>
</glossdef>
</glossdiv>
<glossdiv>
<title>K</title>
<glossentry id="kame-glossary">
<glossterm>KAME</glossterm>
<glossdef>
<para>Japanese for <quote>turtle</quote>, the term KAME is used
in computing circles to refer to the <ulink
url="http://www.kame.net/">KAME Project</ulink>, who work on
an implementation of <acronym>IPv6</acronym>.</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>KDC</glossterm>
<glosssee otherterm="kdc-glossary">
</glossentry>
<glossentry>
<glossterm>KLD</glossterm>
<glosssee otherterm="kld-glossary">
</glossentry>
<glossentry>
<glossterm>KSE</glossterm>
<glosssee otherterm="kse-glossary">
</glossentry>
<glossentry>
<glossterm>KVA</glossterm>
<glosssee otherterm="kva-glossary">
</glossentry>
<glossentry>
<glossterm>Kbps</glossterm>
<glosssee otherterm="kbps-glossary">
</glossentry>
<glossentry id="kld-glossary">
<glossterm>Kernel &man.ld.1;</glossterm>
<acronym>KLD</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="kse-glossary">
<glossterm>Kernel Scheduler Entities</glossterm>
<acronym>KSE</acronym>
<glossdef>
<para>A kernel-supported threading system. See the <ulink
url="http://www.FreeBSD.org/kse">project home page</ulink>
for further details.</para>
</glossdef>
</glossentry>
<glossentry id="kva-glossary">
<glossterm>Kernel Virtual Address</glossterm>
<acronym>KVA</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="kdc-glossary">
<glossterm>Key Distribution Center</glossterm>
<acronym>KDC</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="kbps-glossary">
<glossterm>Kilo Bits Per Second</glossterm>
<acronym>Kbps</acronym>
<glossdef>
- <para></para>
+ <para>Used to measure bandwith (how much data can pass a given
+ point at a specified amount of time). Alternates to the Kilo
+ prefix include Mega, Giga, Tera, and so forth.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>L</title>
<glossentry>
<glossterm>LAN</glossterm>
<glosssee otherterm="lan-glossary">
</glossentry>
<glossentry>
<glossterm>LOR</glossterm>
<glosssee otherterm="lor-glossary">
</glossentry>
<glossentry>
<glossterm>LPD</glossterm>
<glosssee otherterm="lpd-glossary">
</glossentry>
<glossentry id="lpd-glossary">
<glossterm>Line Printer Daemon</glossterm>
<acronym>LPD</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="lan-glossary">
<glossterm>Local Area Network</glossterm>
<acronym>LAN</acronym>
<glossdef>
- <para></para>
+ <para>A network used on a local area, e.g. office, home, or so forth.
+ </para>
</glossdef>
</glossentry>
<glossentry id="lor-glossary">
<glossterm>Lock Order Reversal</glossterm>
<acronym>LOR</acronym>
<glossdef>
<para>The &os; kernel uses a number of resource locks to
arbitrate contention for those resources. A run-time
lock diagnostic system found in &os.current; kernels
(but removed for releases), called &man.witness.4;,
detects the potential for deadlocks due to locking errors.
(&man.witness.4; is actually slightly conservative, so
it is possible to get false positives.) A true positive
report indicates that <quote>if you were unlucky, a deadlock would
have happened here</quote>.</para>
<para>True positive LORs tend to get fixed quickly, so
check &a.current.url; and the
<ulink url="http://sources.zabbadoz.net/freebsd/lor.html">
LORs Seen</ulink> page before posting to the mailing lists.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>M</title>
<glossentry>
<glossterm>MAC</glossterm>
<glosssee otherterm="mac-glossary">
</glossentry>
<glossentry>
<glossterm>MADT</glossterm>
<glosssee otherterm="madt-glossary">
</glossentry>
<glossentry>
<glossterm>MFC</glossterm>
<glosssee otherterm="mfc-glossary">
</glossentry>
+ <glossentry>
+ <glossterm>MFP4</glossterm>
+ <glosssee otherterm="mfp4-glossary">
+ </glossentry>
+
<glossentry>
<glossterm>MFS</glossterm>
<glosssee otherterm="mfs-glossary">
</glossentry>
<glossentry>
<glossterm>MIT</glossterm>
<glosssee otherterm="mit-glossary">
</glossentry>
<glossentry>
<glossterm>MLS</glossterm>
<glosssee otherterm="mls-glossary">
</glossentry>
<glossentry>
<glossterm>MOTD</glossterm>
<glosssee otherterm="motd-glossary">
</glossentry>
<glossentry>
<glossterm>MTA</glossterm>
<glosssee otherterm="mta-glossary">
</glossentry>
<glossentry>
<glossterm>MUA</glossterm>
<glosssee otherterm="mua-glossary">
</glossentry>
<glossentry id="mta-glossary">
<glossterm>Mail Transfer Agent</glossterm>
<acronym>MTA</acronym>
<glossdef>
- <para></para>
+ <para>An application used to transfer email. An
+ <acronym>MTA</acronym> has traditionally been part of the BSD
+ base system. Today Sendmail is included in the base system, but
+ there are many other <acronym>MTAs</acronym>, such as postfix,
+ qmail and Exim.</para>
</glossdef>
</glossentry>
<glossentry id="mua-glossary">
<glossterm>Mail User Agent</glossterm>
<acronym>MUA</acronym>
<glossdef>
- <para></para>
+ <para>An application used by users to display and write email.</para>
</glossdef>
</glossentry>
<glossentry id="mac-glossary">
<glossterm>Mandatory Access Control</glossterm>
<acronym>MAC</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="mit-glossary">
<glossterm>Massachusetts Institute of Technology</glossterm>
<acronym>MIT</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="mfc-glossary">
<glossterm>Merge From Current</glossterm>
<acronym>MFC</acronym>
<glossdef subject="FreeBSD">
<para>To merge functionality or a patch from the -CURRENT
branch to another, most often -STABLE.</para>
</glossdef>
</glossentry>
+ <glossentry id="mfp4-glossary">
+ <glossterm>Merge From Perforce</glossterm>
+ <acronym>MFP4</acronym>
+ <glossdef subject="FreeBSD">
+ <para>To merge functionality or a patch from the Perforce
+ repository to the -CURRENT branch.</para>
+ <glossseealso otherterm="perforce-glossary">
+ </glossdef>
+ </glossentry>
+
<glossentry id="mfs-glossary">
<glossterm>Merge From Stable</glossterm>
<acronym>MFS</acronym>
<glossdef subject="FreeBSD">
<para>In the normal course of FreeBSD development, a change will
be committed to the -CURRENT branch for testing before being
merged to -STABLE. On rare occasions, a change will go into
-STABLE first and then be merged to -CURRENT.</para>
<para>This term is also used when a patch is merged from -STABLE
to a security branch.</para>
<glossseealso otherterm="mfc-glossary">
</glossdef>
</glossentry>
<glossentry id="motd-glossary">
<glossterm>Message Of The Day</glossterm>
<acronym>MOTD</acronym>
<glossdef>
<para>A message, usually shown on login, often used to
distribute information to users of the system.</para>
</glossdef>
</glossentry>
<glossentry id="mls-glossary">
<glossterm>Multi-Level Security</glossterm>
<acronym>MLS</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="madt-glossary">
<glossterm>Multiple <acronym>APIC</acronym> Description Table</glossterm>
<acronym>MADT</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>N</title>
<glossentry>
<glossterm>NAT</glossterm>
<glosssee otherterm="nat-glossary">
</glossentry>
<glossentry>
<glossterm>NDISulator</glossterm>
<glosssee otherterm="projectevil-glossary">
</glossentry>
<glossentry>
<glossterm>NFS</glossterm>
<glosssee otherterm="nfs-glossary">
</glossentry>
<glossentry>
<glossterm>NTFS</glossterm>
<glosssee otherterm="ntfs-glossary">
</glossentry>
<glossentry>
<glossterm>NTP</glossterm>
<glosssee otherterm="ntp-glossary">
</glossentry>
<glossentry id="nat-glossary">
<glossterm>Network Address Translation</glossterm>
<acronym>NAT</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="nfs-glossary">
<glossterm>Network File System</glossterm>
<acronym>NFS</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ntfs-glossary">
<glossterm>New Technology File System</glossterm>
<acronym>NTFS</acronym>
<glossdef>
<para>A filesystem developed by Microsoft and available in its
<quote>New Technology</quote> operating systems, such as
&windows2k;, &windowsnt; and &windowsxp;.</para>
</glossdef>
</glossentry>
<glossentry id="ntp-glossary">
<glossterm>Network Time Protocol</glossterm>
<acronym>NTP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>O</title>
<glossentry>
<glossterm>OBE</glossterm>
<glosssee otherterm="obe-glossary">
</glossentry>
<glossentry>
<glossterm>ODMR</glossterm>
<glosssee otherterm="odmr-glossary">
</glossentry>
<glossentry>
<glossterm>OS</glossterm>
<glosssee otherterm="os-glossary">
</glossentry>
<glossentry id="odmr-glossary">
<glossterm>On-Demand Mail Relay</glossterm>
<acronym>ODMR</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="os-glossary">
<glossterm>Operating System</glossterm>
<acronym>OS</acronym>
<glossdef>
- <para></para>
+ <para>A set of programs, libraries and tools that provide access to
+ the hardware resources of a computer. Operating systems range
+ today from simplistic designs that support only one program
+ running at a time, accessing only one device to fully
+ multi-user, multi-tasking and multi-process systems that can
+ serve thousands of users simultaneously, each of them running
+ dozens of different applications.</para>
</glossdef>
</glossentry>
<glossentry id="obe-glossary">
<glossterm>Overtaken By Events</glossterm>
<acronym>OBE</acronym>
<glossdef>
<para>Indicates a suggested change (such as a Problem Report
or a feature request) which is no longer relevant or
applicable due to such things as later changes to &os;,
changes in networking standards, the affected hardware
having since become obsolete, and so forth.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>P</title>
+ <glossentry>
+ <glossterm>p4</glossterm>
+ <glosssee otherterm="perforce-glossary">
+ </glossentry>
+
<glossentry>
<glossterm>PAE</glossterm>
<glosssee otherterm="pae-glossary">
</glossentry>
<glossentry>
<glossterm>PAM</glossterm>
<glosssee otherterm="pam-glossary">
</glossentry>
<glossentry>
<glossterm>PAP</glossterm>
<glosssee otherterm="pap-glossary">
</glossentry>
<glossentry>
<glossterm>PC</glossterm>
<glosssee otherterm="pc-glossary">
</glossentry>
<glossentry>
<glossterm>PCNSFD</glossterm>
<glosssee otherterm="pcnfsd-glossary">
</glossentry>
<glossentry>
<glossterm>PDF</glossterm>
<glosssee otherterm="pdf-glossary">
</glossentry>
<glossentry>
<glossterm>PID</glossterm>
<glosssee otherterm="pid-glossary">
</glossentry>
<glossentry>
<glossterm>POLA</glossterm>
<glosssee otherterm="pola-glossary">
</glossentry>
<glossentry>
<glossterm>POP</glossterm>
<glosssee otherterm="pop-glossary">
</glossentry>
<glossentry>
<glossterm>POP3</glossterm>
<glosssee otherterm="pop3-glossary">
</glossentry>
<glossentry>
<glossterm>PPD</glossterm>
<glosssee otherterm="ppd-glossary">
</glossentry>
<glossentry>
<glossterm>PPP</glossterm>
<glosssee otherterm="ppp-glossary">
</glossentry>
<glossentry>
<glossterm>PPPoA</glossterm>
<glosssee otherterm="pppoa-glossary">
</glossentry>
<glossentry>
<glossterm>PPPoE</glossterm>
<glosssee otherterm="pppoe-glossary">
</glossentry>
<glossentry id="pppoa-glossary">
<glossterm><acronym>PPP</acronym> over <acronym>ATM</acronym></glossterm>
<acronym>PPPoA</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pppoe-glossary">
<glossterm><acronym>PPP</acronym> over <acronym>Ethernet</acronym></glossterm>
<acronym>PPPoE</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>PR</glossterm>
<glosssee otherterm="pr-glossary">
</glossentry>
<glossentry>
<glossterm>PXE</glossterm>
<glosssee otherterm="pxe-glossary">
</glossentry>
<glossentry id="pap-glossary">
<glossterm>Password Authentication Protocol</glossterm>
<acronym>PAP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
+ <glossentry id="perforce-glossary">
+ <glossterm>Perforce</glossterm>
+ <glossdef>
+ <para>A source code control product made by
+ <ulink url="http://www.perforce.com/">Perforce Software</ulink>
+ which is more advanced than CVS. Although not open source, it use
+ is free of charge to open-source projects such as &os;.</para>
+
+ <para>Some &os; developers use a Perforce repository as a staging
+ area for code that is considered too experimental for the
+ -CURRENT branch.</para>
+ </glossdef>
+ </glossentry>
+
<glossentry id="pc-glossary">
<glossterm>Personal Computer</glossterm>
<acronym>PC</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pcnfsd-glossary">
<glossterm>Personal Computer Network File System Daemon</glossterm>
<acronym>PCNFSD</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pae-glossary">
<glossterm>Physical Address Extensions</glossterm>
<acronym>PAE</acronym>
<glossdef>
<para>A method of enabling access to up to 64 GB of <acronym>RAM</acronym> on
systems which only physically have a 32-bit wide address space
(and would therefore be limited to 4 GB without PAE).</para>
</glossdef>
</glossentry>
<glossentry id="pam-glossary">
<glossterm>Pluggable Authentication Modules</glossterm>
<acronym>PAM</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ppp-glossary">
<glossterm>Point-to-Point Protocol</glossterm>
<acronym>PPP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pointyhat">
<glossterm>Pointy Hat</glossterm>
<glossdef subject="FreeBSD">
<para>A mythical piece of headgear, much like a
<literal>dunce cap</literal>, awarded to any &os;
committer who breaks the build, makes revision numbers
go backwards, or creates any other kind of havoc in
the source base. Any committer worth his or her salt
will soon accumulate a large collection. The usage is
(almost always?) humorous.</para>
</glossdef>
</glossentry>
<glossentry id="pdf-glossary">
<glossterm>Portable Document Format</glossterm>
<acronym>PDF</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pop-glossary">
<glossterm>Post Office Protocol</glossterm>
<acronym>POP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pop3-glossary">
<glossterm>Post Office Protocol Version 3</glossterm>
<acronym>POP3</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ppd-glossary">
<glossterm>PostScript Printer Description</glossterm>
<acronym>PPD</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pxe-glossary">
<glossterm>Preboot eXecution Environment</glossterm>
<acronym>PXE</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="pola-glossary">
<glossterm>Principle Of Least Astonishment</glossterm>
<acronym>POLA</acronym>
<glossdef>
<para>As &os; evolves, changes visible to the user should be
kept as unsurprising as possible. For example, arbitrarily
rearranging system startup variables in
<filename>/etc/defaults/rc.conf</filename> violates
<acronym>POLA</acronym>. Developers consider
<acronym>POLA</acronym> when contemplating user-visible
system changes.</para>
</glossdef>
</glossentry>
<glossentry id="pr-glossary">
<glossterm>Problem Report</glossterm>
<acronym>PR</acronym>
<glossdef>
- <para></para>
+ <para>A description of some kind of problem that has been
+ found in either the &os; source or documentation. See
+ <ulink url="&url.articles.problem-reports;/index.html">
+ Writing &os; Problem Reports</ulink>.</para>
</glossdef>
</glossentry>
<glossentry id="pid-glossary">
<glossterm>Process ID</glossterm>
<acronym>PID</acronym>
<glossdef>
<para>A number, unique to a particular process on a system,
which identifies it and allows actions to be taken against it.</para>
</glossdef>
</glossentry>
<glossentry id="projectevil-glossary">
<glossterm>Project Evil</glossterm>
<glossdef subject="FreeBSD">
<para>The working title for the <acronym>NDISulator</acronym>,
written by Bill Paul, who named it referring to how awful
it is (from a philosophical standpoint) to need to have
something like this in the first place. The
<acronym>NDISulator</acronym> is a special compatibility
module to allow Microsoft Windows&trade; NDIS miniport
network drivers to be used with &os;/i386. This is usually
the only way to use cards where the driver is closed-source.
See <filename>src/sys/compat/ndis/subr_ndis.c</filename>.</para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>R</title>
<glossentry>
<glossterm>RA</glossterm>
<glosssee otherterm="ra-glossary">
</glossentry>
<glossentry>
<glossterm>RAID</glossterm>
<glosssee otherterm="raid-glossary">
</glossentry>
<glossentry>
<glossterm>RAM</glossterm>
<glosssee otherterm="ram-glossary">
</glossentry>
<glossentry>
<glossterm>RD</glossterm>
<glosssee otherterm="rd-glossary">
</glossentry>
<glossentry>
<glossterm>RFC</glossterm>
<glosssee otherterm="rfc-glossary">
</glossentry>
<glossentry>
<glossterm>RISC</glossterm>
<glosssee otherterm="risc-glossary">
</glossentry>
<glossentry>
<glossterm>RPC</glossterm>
<glosssee otherterm="rpc-glossary">
</glossentry>
<glossentry>
<glossterm>RS232C</glossterm>
<glosssee otherterm="rs232c-glossary">
</glossentry>
<glossentry>
<glossterm>RTS</glossterm>
<glosssee otherterm="rts-glossary">
</glossentry>
<glossentry id="ram-glossary">
<glossterm>Random Access Memory</glossterm>
<acronym>RAM</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="rd-glossary">
<glossterm>Received Data</glossterm>
<acronym>RD</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="rs232c-glossary">
<glossterm>Recommended Standard 232C</glossterm>
<acronym>RS232C</acronym>
<glossdef>
<para>A standard for communications between serial devices.</para>
</glossdef>
</glossentry>
<glossentry id="risc-glossary">
<glossterm>Reduced Instruction Set Computer</glossterm>
<acronym>RISC</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="raid-glossary">
<glossterm>Redundant Array of Inexpensive Disks</glossterm>
<acronym>RAID</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="rpc-glossary">
<glossterm>Remote Procedure Call</glossterm>
<acronym>RPC</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
+ <glossentry>
+ <glossterm>repocopy</glossterm>
+ <glosssee otherterm="repocopy-glossary">
+ </glossentry>
+
+ <glossentry id="repocopy-glossary">
+ <glossterm>Repository Copy</glossterm>
+ <glossdef>
+ <para>A direct copying of files within the CVS repository.</para>
+
+ <para>Without a repocopy, if a file needed to be copied or
+ moved to another place in the repository, the committer would
+ run <command>cvs add</command> to put the file in its new
+ location, and then <command>cvs rm</command> on the old file
+ if the old copy was being removed.</para>
+
+ <para>The disadvantage of this method is that the history
+ (i.e. the entries in the CVS logs) of the file would not be
+ copied to the new location. As the &os; Project considers
+ this history very useful, a repository copy is often used
+ instead. This is a process where one of the repository meisters
+ will copy the files directly within the repository, rather than
+ using the &man.cvs.1; program.</para>
+ </glossdef>
+ </glossentry>
+
<glossentry id="rfc-glossary">
<glossterm>Request For Comments</glossterm>
<acronym>RFC</acronym>
<glossdef>
- <para></para>
+ <para>A set of documents defining Internet standards, protocols, and
+ so forth. See
+ <ulink url="http://www.rfc-editor.org/">www.rfc-editor.org</ulink>.
+ <para>
+
+ <para>Also used as a general term when someone has a suggested change
+ and wants feedback.</para>
</glossdef>
</glossentry>
<glossentry id="rts-glossary">
<glossterm>Request To Send</glossterm>
<acronym>RTS</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ra-glossary">
<glossterm>Router Advertisement</glossterm>
<acronym>RA</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>S</title>
<glossentry>
<glossterm>SCI</glossterm>
<glosssee otherterm="sci-glossary">
</glossentry>
<glossentry>
<glossterm>SCSI</glossterm>
<glosssee otherterm="scsi-glossary">
</glossentry>
<glossentry>
<glossterm>SG</glossterm>
<glosssee otherterm="sg-glossary">
</glossentry>
<glossentry>
<glossterm>SMB</glossterm>
<glosssee otherterm="smb-glossary">
</glossentry>
<glossentry>
<glossterm>SMP</glossterm>
<glosssee otherterm="smp-glossary">
</glossentry>
<glossentry>
<glossterm>SMTP</glossterm>
<glosssee otherterm="smtp-glossary">
</glossentry>
<glossentry>
<glossterm>SMTP AUTH</glossterm>
<glosssee otherterm="smtpauth-glossary">
</glossentry>
<glossentry>
<glossterm>SSH</glossterm>
<glosssee otherterm="ssh-glossary">
</glossentry>
<glossentry>
<glossterm>STR</glossterm>
<glosssee otherterm="str-glossary">
</glossentry>
<glossentry id="smtpauth-glossary">
<glossterm><acronym>SMTP</acronym> Authentication</glossterm>
<acronym>SMTP AUTH</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="smb-glossary">
<glossterm>Server Message Block</glossterm>
<acronym>SMB</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="sg-glossary">
<glossterm>Signal Ground</glossterm>
<acronym>SG</acronym>
<glossdef>
<para>An RS232 pin or wire that is the ground reference
for the signal.</para>
</glossdef>
</glossentry>
<glossentry id="smtp-glossary">
<glossterm>Simple Mail Transfer Protocol</glossterm>
<acronym>SMTP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ssh-glossary">
<glossterm>Secure Shell</glossterm>
<acronym>SSH</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="scsi-glossary">
<glossterm>Small Computer System Interface</glossterm>
<acronym>SCSI</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="str-glossary">
<glossterm>Suspend To <acronym>RAM</acronym></glossterm>
<acronym>STR</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="smp-glossary">
<glossterm>Symmetric MultiProcessor</glossterm>
<acronym>SMP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="sci-glossary">
<glossterm>System Control Interrupt</glossterm>
<acronym>SCI</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>T</title>
<glossentry>
<glossterm>TCP</glossterm>
<glosssee otherterm="tcp-glossary">
</glossentry>
+ <glossentry>
+ <glossterm>TCP/IP</glossterm>
+ <glosssee otherterm="tcpip-glossary">
+ </glossentry>
+
<glossentry>
<glossterm>TD</glossterm>
<glosssee otherterm="td-glossary">
</glossentry>
<glossentry>
<glossterm>TFTP</glossterm>
<glosssee otherterm="tftp-glossary">
</glossentry>
<glossentry>
<glossterm>TGT</glossterm>
<glosssee otherterm="tgt-glossary">
</glossentry>
<glossentry>
<glossterm>TSC</glossterm>
<glosssee otherterm="tsc-glossary">
</glossentry>
<glossentry id="tgt-glossary">
<glossterm>Ticket-Granting Ticket</glossterm>
<acronym>TGT</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="tsc-glossary">
<glossterm>Time Stamp Counter</glossterm>
<acronym>TSC</acronym>
<!-- From dg@, 20040814125503.GF40460@nexus.dglawrence.com -->
<glossdef>
- <para>A profiling counter internal to modern &pentium; processors
+ <para>A profiling counter internal to modern &pentium; processors
that counts core frequency clock ticks.</para>
</glossdef>
</glossentry>
<glossentry id="tcp-glossary">
<glossterm>Transmission Control Protocol</glossterm>
<acronym>TCP</acronym>
<glossdef>
- <para></para>
+ <para>A protocol that sits on top of (e.g.) the <acronym>IP</acronym>
+ protocol and guarantees that packets are delivered in a reliable,
+ ordered, fashion.</para>
+ </glossdef>
+ </glossentry>
+
+ <glossentry id="tcpip-glossary">
+ <glossterm>Transmission Control Protocol/Internet Protocol</glossterm>
+ <acronym>TCP/IP</acronym>
+ <glossdef>
+ <para>The term for the combination of the <acronym>TCP</acronym>
+ protocol running over the <acronym>IP</acronym> protocol. Much of
+ the Internet runs over <acronym>TCP/IP</acronym>.</para>
</glossdef>
</glossentry>
<glossentry id="td-glossary">
<glossterm>Transmitted Data</glossterm>
<acronym>TD</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="tftp-glossary">
<glossterm>Trivial <acronym>FTP</acronym></glossterm>
<acronym>TFTP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>U</title>
<glossentry>
<glossterm>UDP</glossterm>
<glosssee otherterm="udp-glossary">
</glossentry>
<glossentry>
<glossterm>UFS1</glossterm>
<glosssee otherterm="ufs1-glossary">
</glossentry>
<glossentry>
<glossterm>UFS2</glossterm>
<glosssee otherterm="ufs2-glossary">
</glossentry>
<glossentry>
<glossterm>UID</glossterm>
<glosssee otherterm="uid-glossary">
</glossentry>
<glossentry>
<glossterm>URL</glossterm>
<glosssee otherterm="url-glossary">
</glossentry>
<glossentry>
<glossterm>USB</glossterm>
<glosssee otherterm="usb-glossary">
</glossentry>
<glossentry id="url-glossary">
<glossterm>Uniform Resource Locator</glossterm>
<acronym>URL</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ufs1-glossary">
<glossterm>Unix File System Version 1</glossterm>
<acronym>UFS1</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="ufs2-glossary">
<glossterm>Unix File System Version 2</glossterm>
<acronym>UFS2</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="usb-glossary">
<glossterm>Universal Serial Bus</glossterm>
<acronym>USB</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
<glossentry id="uid-glossary">
<glossterm>User ID</glossterm>
<acronym>UID</acronym>
<glossdef>
<para>A unique number assigned to each user of a computer,
by which the resources and permissions assigned to that
user can be identified.</para>
</glossdef>
</glossentry>
<glossentry id="udp-glossary">
<glossterm>User Datagram Protocol</glossterm>
<acronym>UDP</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
<glossdiv>
<title>V</title>
<glossentry>
<glossterm>VPN</glossterm>
<glosssee otherterm="vpn-glossary">
</glossentry>
<glossentry id="vpn-glossary">
<glossterm>Virtual Private Network</glossterm>
<acronym>VPN</acronym>
<glossdef>
<para></para>
</glossdef>
</glossentry>
</glossdiv>
</glossary>
diff --git a/zh_TW.Big5/share/sgml/mailing-lists.ent b/zh_TW.Big5/share/sgml/mailing-lists.ent
index c9421a8345..69f1adb4ec 100644
--- a/zh_TW.Big5/share/sgml/mailing-lists.ent
+++ b/zh_TW.Big5/share/sgml/mailing-lists.ent
@@ -1,209 +1,424 @@
<!--
Names of FreeBSD mailing lists and related software.
$FreeBSD$
-->
-<!ENTITY a.advocacy "FreeBSD advocacy mailing list
- <email>freebsd-advocacy@FreeBSD.org</email>">
+<!ENTITY a.mailman.listinfo "http://lists.FreeBSD.org/mailman/listinfo">
+<!ENTITY a.mailman.lists "<ulink url='&a.mailman.listinfo;'>FreeBSD list server</ulink>">
+<!ENTITY a.mailman.lists.link "<ulink url='&a.mailman.listinfo;'>&a.mailman.listinfo;</ulink>">
-<!ENTITY a.afs "FreeBSD AFS porting mailing list
- <email>freebsd-afs@FreeBSD.org</email>">
+<!ENTITY a.acpi.url "&a.mailman.listinfo;/freebsd-acpi">
+<!ENTITY a.acpi "<ulink url='&a.acpi.url;'>FreeBSD ACPI mailing list</ulink>">
+<!ENTITY a.acpi.name "<ulink url='&a.acpi.url;'>freebsd-acpi</ulink>">
-<!ENTITY a.aic7xxx "FreeBSD Adaptec AIC7xxx discussions mailing list
- <email>freebsd-aic7xxx@FreeBSD.org</email>">
+<!ENTITY a.advocacy.url "&a.mailman.listinfo;/freebsd-advocacy">
+<!ENTITY a.advocacy "<ulink url='&a.advocacy.url;'>FreeBSD advocacy mailing list</ulink>">
+<!ENTITY a.advocacy.name "<ulink url='&a.advocacy.url;'>freebsd-advocacy</ulink>">
-<!ENTITY a.alpha "FreeBSD Alpha porting mailing list
- <email>freebsd-alpha@FreeBSD.org</email>">
+<!ENTITY a.afs.url "&a.mailman.listinfo;/freebsd-afs">
+<!ENTITY a.afs "<ulink url='&a.afs.url;'>FreeBSD AFS porting mailing list</ulink>">
+<!ENTITY a.afs.name "<ulink url='&a.afs.url;'>freebsd-afs</ulink>">
-<!ENTITY a.announce "FreeBSD announcements mailing list
- <email>freebsd-announce@FreeBSD.org</email>">
+<!ENTITY a.aic7xxx.url "&a.mailman.listinfo;/aic7xxx">
+<!ENTITY a.aic7xxx "<ulink url='&a.aic7xxx.url;'>FreeBSD Adaptec AIC7xxx discussions mailing list</ulink>">
+<!ENTITY a.aic7xxx.name "<ulink url='&a.aic7xxx.url;'>freebsd-aic7xxx</ulink>">
-<!ENTITY a.arch "FreeBSD architecture and design mailing list
- <email>freebsd-arch@FreeBSD.org</email>">
+<!ENTITY a.alpha.url "&a.mailman.listinfo;/freebsd-alpha">
+<!ENTITY a.alpha "<ulink url='&a.alpha.url;'>FreeBSD Alpha porting mailing list</ulink>">
+<!ENTITY a.alpha.name "<ulink url='&a.alpha.url;'>freebsd-alpha</ulink>">
-<!ENTITY a.arm "FreeBSD ARM porting mailing list
- <email>freebsd-arm@FreeBSD.org</email>">
+<!ENTITY a.amd64.url "&a.mailman.listinfo;/freebsd-amd64">
+<!ENTITY a.amd64 "<ulink url='&a.amd64.url;'>Porting FreeBSD to AMD64 systems</ulink>">
+<!ENTITY a.amd64.name "<ulink url='&a.amd64.url;'>freebsd-amd64</ulink>">
-<!ENTITY a.atm "FreeBSD ATM networking mailing list
- <email>freebsd-atm@FreeBSD.org</email>">
+<!ENTITY a.announce.url "&a.mailman.listinfo;/freebsd-announce">
+<!ENTITY a.announce "<ulink url='&a.announce.url;'>FreeBSD announcements mailing list</ulink>">
+<!ENTITY a.announce.name "<ulink url='&a.announce.url;'>freebsd-announce</ulink>">
-<!ENTITY a.audit "FreeBSD source code audit mailing list
- <email>freebsd-audit@FreeBSD.org</email>">
+<!ENTITY a.apache.url "&a.mailman.listinfo;/freebsd-apache">
+<!ENTITY a.apache "<ulink url='&a.apache.url;'>FreeBSD Apache mailing list</ulink>">
+<!ENTITY a.apache.name "<ulink url='&a.apache.url;'>freebsd-apache</ulink>">
-<!ENTITY a.binup "FreeBSD binary update system mailing list
- <email>freebsd-binup@FreeBSD.org</email>">
+<!ENTITY a.arch.url "&a.mailman.listinfo;/freebsd-arch">
+<!ENTITY a.arch "<ulink url='&a.arch.url;'>FreeBSD architecture and design mailing list</ulink>">
+<!ENTITY a.arch.name "<ulink url='&a.arch.url;'>freebsd-arch</ulink>">
-<!ENTITY a.bugbusters "FreeBSD bugbusters mailing list
- <email>freebsd-bugbusters@FreeBSD.org</email>">
+<!ENTITY a.arm.url "&a.mailman.listinfo;/freebsd-arm">
+<!ENTITY a.arm "<ulink url='&a.arm.url;'>FreeBSD ARM porting mailing list</ulink>">
+<!ENTITY a.arm.name "<ulink url='&a.arm.url;'>freebsd-arm</ulink>">
-<!ENTITY a.bugs "FreeBSD problem reports mailing list
- <email>freebsd-bugs@FreeBSD.org</email>">
+<!ENTITY a.atm.url "&a.mailman.listinfo;/freebsd-atm">
+<!ENTITY a.atm "<ulink url='&a.atm.url;'>FreeBSD ATM networking mailing list</ulink>">
+<!ENTITY a.atm.name "<ulink url='&a.atm.url;'>freebsd-atm</ulink>">
-<!ENTITY a.chat "FreeBSD chat mailing list
- <email>freebsd-chat@FreeBSD.org</email>">
+<!ENTITY a.audit.url "&a.mailman.listinfo;/freebsd-audit">
+<!ENTITY a.audit "<ulink url='&a.audit.url;'>FreeBSD source code audit mailing list</ulink>">
+<!ENTITY a.audit.name "<ulink url='&a.audit.url;'>freebsd-audit</ulink>">
-<!ENTITY a.cluster "FreeBSD clustering mailing list
- <email>freebsd-cluster@FreeBSD.org</email>">
+<!ENTITY a.binup.url "&a.mailman.listinfo;/freebsd-binup">
+<!ENTITY a.binup "<ulink url='&a.binup.url;'>FreeBSD binary update system mailing list</ulink>">
+<!ENTITY a.binup.name "<ulink url='&a.binup.url;'>freebsd-binup</ulink>">
-<!ENTITY a.committers "FreeBSD committer's mailing list
- <email>cvs-committers@FreeBSD.org</email>">
+<!ENTITY a.bluetooth.url "&a.mailman.listinfo;/freebsd-bluetooth">
+<!ENTITY a.bluetooth "<ulink url='&a.bluetooth.url;'>FreeBSD Bluetooth mailing list</ulink>">
+<!ENTITY a.bluetooth.name "<ulink url='&a.bluetooth.url;'>freebsd-bluetooth</ulink>">
-<!ENTITY a.config "FreeBSD installation and configuration tools mailing list
- <email>freebsd-config@FreeBSD.org</email>">
+<!ENTITY a.bugbusters.url "&a.mailman.listinfo;/freebsd-bugbusters">
+<!ENTITY a.bugbusters "<ulink url='&a.bugbusters.url;'>FreeBSD bugbusters mailing list</ulink>">
+<!ENTITY a.bugbusters.name "<ulink url='&a.bugbusters.url;'>freebsd-bugbusters</ulink>">
-<!ENTITY a.core "FreeBSD core team
- <email>freebsd-core@FreeBSD.org</email>">
+<!ENTITY a.bugs.url "&a.mailman.listinfo;/freebsd-bugs">
+<!ENTITY a.bugs "<ulink url='&a.bugs.url;'>FreeBSD problem reports mailing list</ulink>">
+<!ENTITY a.bugs.name "<ulink url='&a.bugs.url;'>freebsd-bugs</ulink>">
-<!ENTITY a.current "FreeBSD-CURRENT mailing list
- <email>freebsd-current@FreeBSD.org</email>">
+<!ENTITY a.chat.url "&a.mailman.listinfo;/freebsd-chat">
+<!ENTITY a.chat "<ulink url='&a.chat.url;'>FreeBSD chat mailing list</ulink>">
+<!ENTITY a.chat.name "<ulink url='&a.chat.url;'>freebsd-chat</ulink>">
-<!ENTITY a.cvsall "FreeBSD CVS commit message mailing list
- <email>cvs-all@FreeBSD.org</email>">
+<!ENTITY a.cluster.url "&a.mailman.listinfo;/freebsd-cluster">
+<!ENTITY a.cluster "<ulink url='&a.cluster.url;'>FreeBSD clustering mailing list</ulink>">
+<!ENTITY a.cluster.name "<ulink url='&a.cluster.url;'>freebsd-cluster</ulink>">
-<!ENTITY a.database "FreeBSD based Databases mailing list
- <email>freebsd-database@FreeBSD.org</email>">
+<!ENTITY a.committers "FreeBSD committer's mailing list">
+<!ENTITY a.committers.name "cvs-committers">
-<!ENTITY a.developers "FreeBSD developers mailing list
- <email>freebsd-developers@FreeBSD.org</email>">
+<!ENTITY a.core "FreeBSD core team">
+<!ENTITY a.core.name "freebsd-core">
-<!ENTITY a.doc "FreeBSD documentation project mailing list
- <email>freebsd-doc@FreeBSD.org</email>">
+<!ENTITY a.current.url "&a.mailman.listinfo;/freebsd-current">
+<!ENTITY a.current "<ulink url='&a.current.url;'>&os.current; mailing list</ulink>">
+<!ENTITY a.current.name "<ulink url='&a.current.url;'>freebsd-current</ulink>">
-<!ENTITY a.emulation "FreeBSD-emulation mailing list
- <email>freebsd-emulation@FreeBSD.org</email>">
+<!ENTITY a.ctm-announce.url "&a.mailman.listinfo;/ctm-announce">
+<!ENTITY a.ctm-announce "<ulink url='&a.ctm-announce.url;'>CTM announcements</ulink>">
+<!ENTITY a.ctm-announce.name "<ulink url='&a.ctm-announce.url;'>ctm-announce</ulink>">
-<!ENTITY a.firewire "FreeBSD FireWire (IEEE 1394) discussion mailing list
- <email>freebsd-firewire@FreeBSD.org</email>">
+<!ENTITY a.ctm-cvs-cur.url "&a.mailman.listinfo;/ctm-cvs-cur">
+<!ENTITY a.ctm-cvs-cur "<ulink url='&a.ctm-cvs-cur.url;'>CTM distribution of CVS files</ulink>">
+<!ENTITY a.ctm-cvs-cur.name "<ulink url='&a.ctm-cvs-cur.url;'>ctm-cvs-cur</ulink>">
-<!ENTITY a.fs "FreeBSD filesystem project mailing list
- <email>freebsd-fs@FreeBSD.org</email>">
+<!ENTITY a.ctm-src-4.url "&a.mailman.listinfo;/ctm-src-4">
+<!ENTITY a.ctm-src-4 "<ulink url='&a.ctm-src-4.url;'>CTM 4-STABLE src branch distribution mailing list</ulink>">
+<!ENTITY a.ctm-src-4.name "<ulink url='&a.ctm-src-4.url;'>ctm-src-4</ulink>">
-<!ENTITY a.gnome "FreeBSD GNOME and GNOME applications mailing list
- <email>freebsd-gnome@FreeBSD.org</email>">
+<!ENTITY a.ctm-src-cur.url "&a.mailman.listinfo;/ctm-src-cur">
+<!ENTITY a.ctm-src-cur "<ulink url='&a.ctm-src-cur.url;'>CTM -CURRENT src branch distribution mailing list</ulink>">
+<!ENTITY a.ctm-src-cur.name "<ulink url='&a.ctm-src-cur.url;'>ctm-src-cur</ulink>">
-<!ENTITY a.hackers "FreeBSD technical discussions mailing list
- <email>freebsd-hackers@FreeBSD.org</email>">
+<!ENTITY a.ctm-users.url "&a.mailman.listinfo;/ctm-users">
+<!ENTITY a.ctm-users "<ulink url='&a.ctm-users.url;'>CTM user discussion mailing list</ulink>">
+<!ENTITY a.ctm-users.name "<ulink url='&a.ctm-users.url;'>ctm-users</ulink>">
-<!ENTITY a.hardware "FreeBSD hardware and equipment mailing list
- <email>freebsd-hardware@FreeBSD.org</email>">
+<!ENTITY a.cvsall.url "&a.mailman.listinfo;/cvs-all">
+<!ENTITY a.cvsall "<ulink url='&a.cvsall.url;'>FreeBSD CVS commit message mailing list</ulink>">
+<!ENTITY a.cvsall.name "<ulink url='&a.cvsall.url;'>cvs-all</ulink>">
-<!ENTITY a.hubs "FreeBSD mirror sites mailing list
- <email>freebsd-hubs@FreeBSD.org</email>">
+<!ENTITY a.cvs-doc.url "&a.mailman.listinfo;/cvs-doc">
+<!ENTITY a.cvs-doc "<ulink url='&a.cvs-doc.url;'>FreeBSD CVS doc commit list</ulink>">
+<!ENTITY a.cvs-doc.name "<ulink url='&a.cvs-doc.url;'>cvs-doc</ulink>">
-<!ENTITY a.i18n "FreeBSD internationalization mailing list
- <email>freebsd-i18n@FreeBSD.org</email>">
+<!ENTITY a.cvs-ports.url "&a.mailman.listinfo;/cvs-ports">
+<!ENTITY a.cvs-ports "<ulink url='&a.cvs-ports.url;'>FreeBSD CVS ports commit list</ulink>">
+<!ENTITY a.cvs-ports.name "<ulink url='&a.cvs-ports.url;'>cvs-ports</ulink>">
-<!ENTITY a.ia64 "FreeBSD IA64 porting mailing list
- <email>freebsd-ia64@FreeBSD.org</email>">
+<!ENTITY a.cvs-projects.url "&a.mailman.listinfo;/cvs-projects">
+<!ENTITY a.cvs-projects "<ulink url='&a.cvs-projects.url;'>FreeBSD CVS projects commit list</ulink>">
+<!ENTITY a.cvs-projects.name "<ulink url='&a.cvs-projects.url;'>cvs-projects</ulink>">
-<!ENTITY a.install "FreeBSD installation development mailing list
- <email>freebsd-install@FreeBSD.org</email>">
+<!ENTITY a.cvs-src.url "&a.mailman.listinfo;/cvs-src">
+<!ENTITY a.cvs-src "<ulink url='&a.cvs-src.url;'>FreeBSD CVS src commit list</ulink>">
+<!ENTITY a.cvs-src.name "<ulink url='&a.cvs-src.url;'>cvs-src</ulink>">
-<!ENTITY a.ipfw "FreeBSD IPFW code mailing list
- <email>freebsd-ipfw@FreeBSD.org</email>">
+<!ENTITY a.cvsweb.url "&a.mailman.listinfo;/freebsd-cvsweb">
+<!ENTITY a.cvsweb "<ulink url='&a.cvsweb.url;'>FreeBSD CVSweb maintenance mailing list</ulink>">
+<!ENTITY a.cvsweb.name "<ulink url='&a.cvsweb.url;'>freebsd-cvsweb</ulink>">
-<!ENTITY a.isdn "FreeBSD ISDN mailing list
- <email>freebsd-isdn@FreeBSD.org</email>">
+<!ENTITY a.database.url "&a.mailman.listinfo;/freebsd-database">
+<!ENTITY a.database "<ulink url='&a.database.url;'>FreeBSD based Databases mailing list</ulink>">
+<!ENTITY a.database.name "<ulink url='&a.database.url;'>freebsd-database</ulink>">
-<!ENTITY a.isp "FreeBSD Internet service provider's mailing list
- <email>freebsd-isp@FreeBSD.org</email>">
+<!ENTITY a.developers "FreeBSD developers mailing list">
+<!ENTITY a.developers.name "freebsd-developers">
-<!ENTITY a.java "FreeBSD Java Language mailing list
- <email>freebsd-java@FreeBSD.org</email>">
+<!ENTITY a.doc.url "&a.mailman.listinfo;/freebsd-doc">
+<!ENTITY a.doc "<ulink url='&a.doc.url;'>FreeBSD ¤å¥ó­pµeªº¶l»¼½×¾Â</ulink>">
+<!ENTITY a.doc.name "<ulink url='&a.doc.url;'>freebsd-doc</ulink>">
-<!ENTITY a.jobs "FreeBSD related employment mailing list
- <email>freebsd-jobs@FreeBSD.org</email>">
+<!ENTITY a.doc-committers "FreeBSD doc/ committer's mailing list">
+<!ENTITY a.doc-committers.name "doc-committers">
-<!ENTITY a.lfs "FreeBSD LFS porting mailing list
- <email>freebsd-lfs@FreeBSD.org</email>">
+<!ENTITY a.doc-developers "FreeBSD doc/ developers mailing list">
+<!ENTITY a.doc-developers.name "doc-developers">
-<!ENTITY a.libh "FreeBSD libh installation and packaging system mailing list
- <email>freebsd-libh@FreeBSD.org</email>">
+<!ENTITY a.drivers.url "&a.mailman.listinfo;/freebsd-drivers">
+<!ENTITY a.drivers "<ulink url='&a.drivers.url;'>Writing device drivers for FreeBSD</ulink>">
+<!ENTITY a.drivers.name "<ulink url='&a.drivers.url;'>freebsd-drivers</ulink>">
-<!ENTITY a.mips "FreeBSD MIPS porting mailing list
- <email>freebsd-mips@FreeBSD.org</email>">
+<!ENTITY a.eclipse.url "&a.mailman.listinfo;/freebsd-eclipse">
+<!ENTITY a.eclipse "<ulink url='&a.eclipse.url;'>FreeBSD users of Eclipse EDI, tools, rich client apps and ports</ulink>">
+<!ENTITY a.eclipse.name "<ulink url='&a.eclipse.url;'>freebsd-eclipse</ulink>">
-<!ENTITY a.mobile "FreeBSD laptop computer mailing list
- <email>freebsd-mobile@FreeBSD.org</email>">
+<!ENTITY a.emulation.url "&a.mailman.listinfo;/freebsd-emulation">
+<!ENTITY a.emulation "<ulink url='&a.emulation.url;'>FreeBSD-emulation mailing list</ulink>">
+<!ENTITY a.emulation.name "<ulink url='&a.emulation.url;'>freebsd-emulation</ulink>">
-<!ENTITY a.mozilla "FreeBSD port of the Mozilla browser mailing list
- <email>freebsd-mozilla@FreeBSD.org</email>">
+<!ENTITY a.firewire.url "&a.mailman.listinfo;/freebsd-firewire">
+<!ENTITY a.firewire "<ulink url='&a.firewire.url;'>FreeBSD FireWire (IEEE 1394) discussion mailing list</ulink>">
+<!ENTITY a.firewire.name "<ulink url='&a.firewire.url;'>freebsd-firewire</ulink>">
-<!ENTITY a.multimedia "FreeBSD multimedia mailing list
- <email>freebsd-multimedia@FreeBSD.org</email>">
+<!ENTITY a.fs.url "&a.mailman.listinfo;/freebsd-fs">
+<!ENTITY a.fs "<ulink url='&a.fs.url;'>FreeBSD file system project mailing list</ulink>">
+<!ENTITY a.fs.name "<ulink url='&a.fs.url;'>freebsd-fs</ulink>">
-<!ENTITY a.net "FreeBSD networking mailing list
- <email>freebsd-net@FreeBSD.org</email>">
+<!ENTITY a.geom.url "&a.mailman.listinfo;/freebsd-geom">
+<!ENTITY a.geom "<ulink url='&a.geom.url;'>FreeBSD GEOM mailing list</ulink>">
+<!ENTITY a.geom.name "<ulink url='&a.geom.url;'>freebsd-geom</ulink>">
-<!ENTITY a.newbies "FreeBSD new users mailing list
- <email>freebsd-newbies@FreeBSD.org</email>">
+<!ENTITY a.gnome.url "&a.mailman.listinfo;/freebsd-gnome">
+<!ENTITY a.gnome "<ulink url='&a.gnome.url;'>FreeBSD GNOME and GNOME applications mailing list</ulink>">
+<!ENTITY a.gnome.name "<ulink url='&a.gnome.url;'>freebsd-gnome</ulink>">
-<!ENTITY a.newbus "New Bus Architecture mailing list
- <email>new-bus-arch@bostonradio.org</email>">
+<!ENTITY a.hackers.url "&a.mailman.listinfo;/freebsd-hackers">
+<!ENTITY a.hackers "<ulink url='&a.hackers.url;'>FreeBSD technical discussions mailing list</ulink>">
+<!ENTITY a.hackers.name "<ulink url='&a.hackers.url;'>freebsd-hackers</ulink>">
-<!ENTITY a.platforms "FreeBSD non-Intel platforms porting mailing list
- <email>freebsd-platforms@FreeBSD.org</email>">
+<!ENTITY a.hardware.url "&a.mailman.listinfo;/freebsd-hardware">
+<!ENTITY a.hardware "<ulink url='&a.hardware.url;'>FreeBSD hardware and equipment mailing list</ulink>">
+<!ENTITY a.hardware.name "<ulink url='&a.hardware.url;'>freebsd-hardware</ulink>">
-<!ENTITY a.policy "FreeBSD core team policy decisions mailing list
- <email>freebsd-policy@FreeBSD.org</email>">
+<!ENTITY a.hubs.url "&a.mailman.listinfo;/freebsd-hubs">
+<!ENTITY a.hubs "<ulink url='&a.hubs.url;'>FreeBSD mirror sites mailing lists</ulink>">
+<!ENTITY a.hubs.name "<ulink url='&a.hubs.url;'>freebsd-hubs</ulink>">
-<!ENTITY a.ports "FreeBSD ports mailing list
- <email>freebsd-ports@FreeBSD.org</email>">
+<!ENTITY a.i18n.url "&a.mailman.listinfo;/freebsd-i18n">
+<!ENTITY a.i18n "<ulink url='&a.i18n.url;'>FreeBSD internationalization mailing list</ulink>">
+<!ENTITY a.i18n.name "<ulink url='&a.i18n.url;'>freebsd-i18n</ulink>">
-<!ENTITY a.ports-bugs "FreeBSD ports bugs mailing list
- <email>freebsd-ports-bugs@FreeBSD.org</email>">
+<!ENTITY a.i386.url "&a.mailman.listinfo;/freebsd-i386">
+<!ENTITY a.i386 "<ulink url='&a.i386.url;'>FreeBSD i386-specific issues mailing list</ulink>">
+<!ENTITY a.i386.name "<ulink url='&a.i386.url;'>freebsd-i386</ulink>">
-<!ENTITY a.ppc "FreeBSD PowerPC porting mailing list
- <email>freebsd-ppc@FreeBSD.org</email>">
+<!ENTITY a.ia32.url "&a.mailman.listinfo;/freebsd-ia32">
+<!ENTITY a.ia32 "<ulink url='&a.ia32.url;'>FreeBSD IA32 porting mailing list</ulink>">
+<!ENTITY a.ia32.name "<ulink url='&a.ia32.url;'>freebsd-ia32</ulink>">
-<!ENTITY a.qa "FreeBSD Quality Assurance mailing list
- <email>freebsd-qa@FreeBSD.org</email>">
+<!ENTITY a.ia64.url "&a.mailman.listinfo;/freebsd-ia64">
+<!ENTITY a.ia64 "<ulink url='&a.ia64.url;'>FreeBSD IA64 porting mailing list</ulink>">
+<!ENTITY a.ia64.name "<ulink url='&a.ia64.url;'>freebsd-ia64</ulink>">
-<!ENTITY a.questions "FreeBSD general questions mailing list
- <email>freebsd-questions@FreeBSD.org</email>">
+<!ENTITY a.ipfw.url "&a.mailman.listinfo;/freebsd-ipfw">
+<!ENTITY a.ipfw "<ulink url='&a.ipfw.url;'>FreeBSD IPFW code mailing list</ulink>">
+<!ENTITY a.ipfw.name "<ulink url='&a.ipfw.url;'>freebsd-ipfw</ulink>">
-<!ENTITY a.realtime "FreeBSD realtime extensions mailing list
- <email>freebsd-realtime@FreeBSD.org</email>">
+<!ENTITY a.isdn.url "&a.mailman.listinfo;/freebsd-isdn">
+<!ENTITY a.isdn "<ulink url='&a.isdn.url;'>FreeBSD ISDN mailing list</ulink>">
+<!ENTITY a.isdn.name "<ulink url='&a.isdn.url;'>freebsd-isdn</ulink>">
-<!ENTITY a.scsi "FreeBSD SCSI subsystem mailing list
- <email>freebsd-scsi@FreeBSD.org</email>">
+<!ENTITY a.isp.url "&a.mailman.listinfo;/freebsd-isp">
+<!ENTITY a.isp "<ulink url='&a.isp.url;'>FreeBSD Internet service provider's mailing list</ulink>">
+<!ENTITY a.isp.name "<ulink url='&a.isp.url;'>freebsd-isp</ulink>">
-<!ENTITY a.security "FreeBSD security mailing list
- <email>freebsd-security@FreeBSD.org</email>">
+<!ENTITY a.java.url "&a.mailman.listinfo;/freebsd-java">
+<!ENTITY a.java "<ulink url='&a.java.url;'>FreeBSD Java Language mailing list</ulink>">
+<!ENTITY a.java.name "<ulink url='&a.java.url;'>freebsd-java</ulink>">
-<!ENTITY a.security-notifications "FreeBSD security notifications mailing list
- <email>freebsd-security-notifications@FreeBSD.org</email>">
+<!ENTITY a.jobs.url "&a.mailman.listinfo;/freebsd-jobs">
+<!ENTITY a.jobs "<ulink url='&a.jobs.url;'>FreeBSD related employment mailing list</ulink>">
+<!ENTITY a.jobs.name "<ulink url='&a.jobs.url;'>freebsd-jobs</ulink>">
-<!ENTITY a.small "FreeBSD-small mailing list
- <email>freebsd-small@FreeBSD.org</email>">
+<!ENTITY a.kde.url "http://freebsd.kde.org/mailman/listinfo/kde-freebsd">
+<!ENTITY a.kde "<ulink url='&a.kde.url;'>FreeBSD KDE/Qt and KDE applications mailing list</ulink>">
+<!ENTITY a.kde.name "<ulink url='&a.kde.url;'>freebsd-kde</ulink>">
-<!ENTITY a.smp "FreeBSD symmetric multiprocessing mailing list
- <email>freebsd-smp@FreeBSD.org</email>">
+<!ENTITY a.lfs.url "&a.mailman.listinfo;/freebsd-lfs">
+<!ENTITY a.lfs "<ulink url='&a.lfs.url;'>FreeBSD LFS porting mailing list</ulink>">
+<!ENTITY a.lfs.name "<ulink url='&a.lfs.url;'>freebsd-lfs</ulink>">
-<!ENTITY a.sparc "FreeBSD SPARC porting mailing list
- <email>freebsd-sparc@FreeBSD.org</email>">
+<!ENTITY a.libh.url "&a.mailman.listinfo;/freebsd-libh">
+<!ENTITY a.libh "<ulink url='&a.libh.url;'>FreeBSD libh installation and packaging system mailing list</ulink>">
+<!ENTITY a.libh.name "<ulink url='&a.libh.url;'>freebsd-libh</ulink>">
-<!ENTITY a.stable "FreeBSD-STABLE mailing list
- <email>freebsd-stable@FreeBSD.org</email>">
+<!ENTITY a.mips.url "&a.mailman.listinfo;/freebsd-mips">
+<!ENTITY a.mips "<ulink url='&a.mips.url;'>FreeBSD MIPS porting mailing list</ulink>">
+<!ENTITY a.mips.name "<ulink url='&a.mips.url;'>freebsd-mips</ulink>">
-<!ENTITY a.standards "FreeBSD C99 and POSIX compliance mailing list
- <email>freebsd-standards@FreeBSD.org</email>">
+<!ENTITY a.mirror-announce.url "&a.mailman.listinfo;/mirror-announce">
+<!ENTITY a.mirror-announce "<ulink url='&a.mirror-announce.url;'>FreeBSD mirror site administrators</ulink>">
+<!ENTITY a.mirror-announce.name "<ulink url='&a.mirror-announce.url;'>mirror-announce</ulink>">
-<!ENTITY a.test "FreeBSD test mailing list
- <email>freebsd-test@FreeBSD.org</email>">
+<!ENTITY a.mobile.url "&a.mailman.listinfo;/freebsd-mobile">
+<!ENTITY a.mobile "<ulink url='&a.mobile.url;'>FreeBSD laptop computer mailing list</ulink>">
+<!ENTITY a.mobile.name "<ulink url='&a.mobile.url;'>freebsd-mobile</ulink>">
-<!ENTITY a.tokenring "FreeBSD tokenring mailing list
- <email>freebsd-tokenring@FreeBSD.org</email>">
+<!ENTITY a.mozilla.url "&a.mailman.listinfo;/freebsd-mozilla">
+<!ENTITY a.mozilla "<ulink url='&a.mozilla.url;'>FreeBSD port of the Mozilla browser mailing list</ulink>">
+<!ENTITY a.mozilla.name "<ulink url='&a.mozilla.url;'>freebsd-mozilla</ulink>">
-<!ENTITY a.usergroups "FreeBSD user group coordination mailing list
- <email>freebsd-user-groups@FreeBSD.org</email>">
+<!ENTITY a.multimedia.url "&a.mailman.listinfo;/freebsd-multimedia">
+<!ENTITY a.multimedia "<ulink url='&a.multimedia.url;'>FreeBSD multimedia mailing list</ulink>">
+<!ENTITY a.multimedia.name "<ulink url='&a.multimedia.url;'>freebsd-multimedia</ulink>">
-<!ENTITY a.vendors "FreeBSD vendors pre-release coordination mailing list
- <email>freebsd-vendors@FreeBSD.org</email>">
+<!ENTITY a.net.url "&a.mailman.listinfo;/freebsd-net">
+<!ENTITY a.net "<ulink url='&a.net.url;'>FreeBSD networking mailing list</ulink>">
+<!ENTITY a.net.name "<ulink url='&a.net.url;'>freebsd-net</ulink>">
-<!ENTITY a.www "FreeBSD Webmaster mailing list
- <email>freebsd-www@FreeBSD.org</email>">
+<!ENTITY a.newbies.url "&a.mailman.listinfo;/freebsd-newbies">
+<!ENTITY a.newbies "<ulink url='&a.newbies.url;'>FreeBSD new users mailing list</ulink>">
+<!ENTITY a.newbies.name "<ulink url='&a.newbies.url;'>freebsd-newbies</ulink>">
-<!ENTITY a.majordomo "<email>majordomo@FreeBSD.org</email>">
+<!ENTITY a.newbus.url "&a.mailman.listinfo;/freebsd-new-bus">
+<!ENTITY a.newbus "<ulink url='&a.newbus.url;'>FreeBSD new-bus mailing list</ulink>">
+<!ENTITY a.newbus.name "<ulink url='&a.newbus.url;'>freebsd-new-bus</ulink>">
+
+<!ENTITY a.openoffice.url "&a.mailman.listinfo;/freebsd-openoffice">
+<!ENTITY a.openoffice "<ulink url='&a.openoffice.url;'>FreeBSD OpenOffice mailing list</ulink>">
+<!ENTITY a.openoffice.name "<ulink url='&a.openoffice.url;'>freebsd-openoffice</ulink>">
+
+<!ENTITY a.performance.url "&a.mailman.listinfo;/freebsd-performance">
+<!ENTITY a.performance "<ulink url='&a.performance.url;'>FreeBSD performance mailing list</ulink>">
+<!ENTITY a.performance.name "<ulink url='&a.performance.url;'>freebsd-performance</ulink>">
+
+<!ENTITY a.perl.url "&a.mailman.listinfo;/freebsd-perl">
+<!ENTITY a.perl "<ulink url='&a.perl.url;'>FreeBSD Perl mailing list</ulink>">
+<!ENTITY a.perl.name "<ulink url='&a.perl.url;'>freebsd-perl</ulink>">
+
+<!ENTITY a.pf.url "&a.mailman.listinfo;/freebsd-pf">
+<!ENTITY a.pf "<ulink url='&a.pf.url;'>FreeBSD packet filter mailing list</ulink>">
+<!ENTITY a.pf.name "<ulink url='&a.pf.url;'>freebsd-pf</ulink>">
+
+<!ENTITY a.platforms.url "&a.mailman.listinfo;/freebsd-platforms">
+<!ENTITY a.platforms "<ulink url='&a.platforms.url;'>FreeBSD non-Intel platforms porting mailing list</ulink>">
+<!ENTITY a.platforms.name "<ulink url='&a.platforms.url;'>freebsd-platforms</ulink>">
+
+<!ENTITY a.policy.url "&a.mailman.listinfo;/freebsd-policy">
+<!ENTITY a.policy "<ulink url='&a.policy.url;'>FreeBSD core team policy decisions mailing list</ulink>">
+<!ENTITY a.policy.name "<ulink url='&a.policy.url;'>freebsd-policy</ulink>">
+
+<!ENTITY a.ports.url "&a.mailman.listinfo;/freebsd-ports">
+<!ENTITY a.ports "<ulink url='&a.ports.url;'>FreeBSD ports mailing list</ulink>">
+<!ENTITY a.ports.name "<ulink url='&a.ports.url;'>freebsd-ports</ulink>">
+
+<!ENTITY a.ports-bugs.url "&a.mailman.listinfo;/freebsd-ports-bugs">
+<!ENTITY a.ports-bugs "<ulink url='&a.ports-bugs.url;'>FreeBSD ports bugs mailing list</ulink>">
+<!ENTITY a.ports-bugs.name "<ulink url='&a.ports-bugs.url;'>freebsd-ports-bugs</ulink>">
+
+<!ENTITY a.ports-committers "FreeBSD ports/ committer's mailing list">
+<!ENTITY a.ports-committers.name "ports-committers">
+
+<!ENTITY a.ports-developers "FreeBSD ports/ developers mailing list">
+<!ENTITY a.ports-developers.name "ports-developers">
+
+<!ENTITY a.ppc.url "&a.mailman.listinfo;/freebsd-ppc">
+<!ENTITY a.ppc "<ulink url='&a.ppc.url;'>FreeBSD PowerPC porting mailing list</ulink>">
+<!ENTITY a.ppc.name "<ulink url='&a.ppc.url;'>freebsd-ppc</ulink>">
+
+<!ENTITY a.proliant.url "&a.mailman.listinfo;/freebsd-proliant">
+<!ENTITY a.proliant "<ulink url='&a.proliant.url;'>Technical discussion of FreeBSD on HP ProLiant server platforms</ulink>">
+<!ENTITY a.proliant.name "<ulink url='&a.proliant.url;'>freebsd-proliant</ulink>">
+
+<!ENTITY a.python.url "&a.mailman.listinfo;/freebsd-python">
+<!ENTITY a.python "<ulink url='&a.python.url;'>FreeBSD Python mailing list</ulink>">
+<!ENTITY a.python.name "<ulink url='&a.python.url;'>freebsd-python</ulink>">
+
+<!ENTITY a.qa.url "&a.mailman.listinfo;/freebsd-qa">
+<!ENTITY a.qa "<ulink url='&a.qa.url;'>FreeBSD Quality Assurance mailing list</ulink>">
+<!ENTITY a.qa.name "<ulink url='&a.qa.url;'>freebsd-qa</ulink>">
+
+<!ENTITY a.questions.url "&a.mailman.listinfo;/freebsd-questions">
+<!ENTITY a.questions "<ulink url='&a.questions.url;'>FreeBSD general questions mailing list</ulink>">
+<!ENTITY a.questions.name "<ulink url='&a.questions.url;'>freebsd-questions</ulink>">
+
+<!ENTITY a.rc.url "&a.mailman.listinfo;/freebsd-rc">
+<!ENTITY a.rc "<ulink url='&a.rc.url;'>FreeBSD boot script system mailing list</ulink>">
+<!ENTITY a.rc.name "<ulink url='&a.rc.url;'>freebsd-rc</ulink>">
+
+<!ENTITY a.realtime.url "&a.mailman.listinfo;/freebsd-realtime">
+<!ENTITY a.realtime "<ulink url='&a.realtime.url;'>FreeBSD realtime extensions mailing list</ulink>">
+<!ENTITY a.realtime.name "<ulink url='&a.realtime.url;'>freebsd-realtime</ulink>">
+
+<!ENTITY a.scsi.url "&a.mailman.listinfo;/freebsd-scsi">
+<!ENTITY a.scsi "<ulink url='&a.scsi.url;'>FreeBSD SCSI subsystem mailing list</ulink>">
+<!ENTITY a.scsi.name "<ulink url='&a.scsi.url;'>freebsd-scsi</ulink>">
+
+<!ENTITY a.security.url "&a.mailman.listinfo;/freebsd-security">
+<!ENTITY a.security "<ulink url='&a.security.url;'>FreeBSD security mailing list</ulink>">
+<!ENTITY a.security.name "<ulink url='&a.security.url;'>freebsd-security</ulink>">
+
+<!ENTITY a.security-notifications.url "&a.mailman.listinfo;/freebsd-security-notifications">
+<!ENTITY a.security-notifications "<ulink url='&a.security-notifications.url;'>FreeBSD security notifications mailing list</ulink>">
+<!ENTITY a.security-notifications.name "<ulink url='&a.security-notifications.url;'>freebsd-security-notifications</ulink>">
+<!ENTITY a.small.url "&a.mailman.listinfo;/freebsd-small">
+<!ENTITY a.small "<ulink url='&a.small.url;'>FreeBSD-small mailing list</ulink>">
+<!ENTITY a.small.name "<ulink url='&a.small.url;'>freebsd-small</ulink>">
+
+<!ENTITY a.smp.url "&a.mailman.listinfo;/freebsd-smp">
+<!ENTITY a.smp "<ulink url='&a.smp.url;'>FreeBSD symmetric multiprocessing mailing list</ulink>">
+<!ENTITY a.smp.name "<ulink url='&a.smp.url;'>freebsd-smp</ulink>">
+
+<!ENTITY a.sparc.url "&a.mailman.listinfo;/freebsd-sparc64">
+<!ENTITY a.sparc "<ulink url='&a.sparc.url;'>FreeBSD SPARC porting mailing list</ulink>">
+<!ENTITY a.sparc.name "<ulink url='&a.sparc.url;'>freebsd-sparc64</ulink>">
+
+<!ENTITY a.src-committers "FreeBSD src/ committer's mailing list">
+<!ENTITY a.src-committers.name "freebsd-src-committers">
+
+<!ENTITY a.src-developers "FreeBSD src/ developers mailing list">
+<!ENTITY a.src-developers.name "freebsd-src-developers">
+
+<!ENTITY a.stable.url "&a.mailman.listinfo;/freebsd-stable">
+<!ENTITY a.stable "<ulink url='&a.stable.url;'>&os.stable; mailing list</ulink>">
+<!ENTITY a.stable.name "<ulink url='&a.stable.url;'>freebsd-stable</ulink>">
+
+<!ENTITY a.standards.url "&a.mailman.listinfo;/freebsd-standards">
+<!ENTITY a.standards "<ulink url='&a.standards.url;'>FreeBSD C99 and POSIX compliance mailing list</ulink>">
+<!ENTITY a.standards.name "<ulink url='&a.standards.url;'>freebsd-standards</ulink>">
+
+<!ENTITY a.test.url "&a.mailman.listinfo;/freebsd-test">
+<!ENTITY a.test "<ulink url='&a.test.url;'>FreeBSD test mailing list</ulink>">
+<!ENTITY a.test.name "<ulink url='&a.test.url;'>freebsd-test</ulink>">
+
+<!ENTITY a.testing.url "&a.mailman.listinfo;/freebsd-testing">
+<!ENTITY a.testing "<ulink url='&a.testing.url;'>FreeBSD performance and stability testing mailing list</ulink>">
+<!ENTITY a.testing.name "<ulink url='&a.testing.url;'>freebsd-testing</ulink>">
+
+<!ENTITY a.threads.url "&a.mailman.listinfo;/freebsd-threads">
+<!ENTITY a.threads "<ulink url='&a.threads.url;'>FreeBSD threads mailing list</ulink>">
+<!ENTITY a.threads.name "<ulink url='&a.threads.url;'>freebsd-threads</ulink>">
+
+<!ENTITY a.tokenring.url "&a.mailman.listinfo;/freebsd-tokenring">
+<!ENTITY a.tokenring "<ulink url='&a.tokenring.url;'>FreeBSD tokenring mailing list</ulink>">
+<!ENTITY a.tokenring.name "<ulink url='&a.tokenring.url;'>freebsd-tokenring</ulink>">
+
+<!ENTITY a.usb.url "&a.mailman.listinfo;/freebsd-usb">
+<!ENTITY a.usb "<ulink url='&a.usb.url;'>FreeBSD USB mailing list</ulink>">
+<!ENTITY a.usb.name "<ulink url='&a.usb.url;'>freebsd-usb</ulink>">
+
+<!ENTITY a.usergroups.url "&a.mailman.listinfo;/freebsd-user-groups">
+<!ENTITY a.usergroups "<ulink url='&a.usergroups.url;'>FreeBSD user group coordination mailing list</ulink>">
+<!ENTITY a.usergroups.name "<ulink url='&a.usergroups.url;'>freebsd-user-groups</ulink>">
+
+<!ENTITY a.vendors.url "&a.mailman.listinfo;/freebsd-vendors">
+<!ENTITY a.vendors "<ulink url='&a.vendors.url;'>FreeBSD vendors pre-release coordination mailing list</ulink>">
+<!ENTITY a.vendors.name "<ulink url='&a.vendors.url;'>freebsd-vendors</ulink>">
+
+<!ENTITY a.vuxml.url "&a.mailman.listinfo;/freebsd-vuxml">
+<!ENTITY a.vuxml "<unlink url='&a.vuxml.url;'>Discussion on the VuXML
+infrastructure</ulink>">
+<!ENTITY a.vuxml.name "<ulink url='&a.vuxml.url;'>freebsd-vuxml</ulink>">
+
+<!ENTITY a.www.url "&a.mailman.listinfo;/freebsd-www">
+<!ENTITY a.www "<ulink url='&a.www.url;'>FreeBSD Webmaster mailing list</ulink>">
+<!ENTITY a.www.name "<ulink url='&a.www.url;'>freebsd-www</ulink>">
+
+<!ENTITY a.x11.url "&a.mailman.listinfo;/freebsd-x11">
+<!ENTITY a.x11 "<ulink url='&a.x11.url;'>FreeBSD X11 mailing list</ulink>">
+<!ENTITY a.x11.name "<ulink url='&a.x11.url;'>freebsd-x11</ulink>">
+
+<!-- Not really proper mailing lists -->
+
+<!ENTITY a.bugfollowup "<email>bug-followup@FreeBSD.org</email>">
+<!ENTITY a.bugsubmit "&a.bugfollowup;">
+
+<!ENTITY a.majordomo "<email>majordomo@FreeBSD.org</email>">

File Metadata

Mime Type
application/octet-stream
Expires
Sat, Jun 8, 11:42 AM (2 d)
Storage Engine
chunks
Storage Format
Chunks
Storage Handle
El7whyWY1d4P
Default Alt Text
(4 MB)

Event Timeline