diff options
Diffstat (limited to 'documentation/content/zh-tw/books')
47 files changed, 1511 insertions, 1511 deletions
diff --git a/documentation/content/zh-tw/books/developers-handbook/ipv6/chapter.adoc b/documentation/content/zh-tw/books/developers-handbook/ipv6/chapter.adoc index 3fbc61ede8..02f69a0f4d 100644 --- a/documentation/content/zh-tw/books/developers-handbook/ipv6/chapter.adoc +++ b/documentation/content/zh-tw/books/developers-handbook/ipv6/chapter.adoc @@ -169,7 +169,7 @@ Ordinary userland applications should use advanced API (RFC2292) to specify scop In the kernel, an interface index for link-local scoped address is embedded into 2nd 16bit-word (3rd and 4th byte) in IPv6 address. For example, you may see something like: -[source,bash] +[source,shell] .... fe80:1::200:f8ff:fe01:6317 .... @@ -195,7 +195,7 @@ IPv6 link-local address is generated from IEEE802 address (Ethernet MAC address) Here is an output of netstat command: -[source,bash] +[source,shell] .... Internet6: Destination Gateway Flags Netif Expire @@ -226,7 +226,7 @@ Therefore, this is unwise to enable net.inet6.ip6.accept_rtadv on routers, or mu To summarize the sysctl knob: -[source,bash] +[source,shell] .... accept_rtadv forwarding role of the node --- --- --- @@ -293,7 +293,7 @@ and recompile the new kernel. Then you can test jumbo payloads by the man:ping6[8] command with -b and -s options. The -b option must be specified to enlarge the size of the socket buffer and the -s option specifies the length of the packet, which should be more than 65,535. For example, type as follows: -[source,bash] +[source,shell] .... % ping6 -b 70000 -s 68000 ::1 .... @@ -302,7 +302,7 @@ The IPv6 specification requires that the Jumbo Payload option must not be used i When an IPv6 packet is received, the frame length is checked and compared to the length specified in the payload length field of the IPv6 header or in the value of the Jumbo Payload option, if any. If the former is shorter than the latter, the packet is discarded and statistics are incremented. You can see the statistics as output of man:netstat[8] command with `-s -p ip6' option: -[source,bash] +[source,shell] .... % netstat -s -p ip6 ip6: @@ -350,7 +350,7 @@ To process IP6 header, extension headers and transport headers easily, network d `netstat -s -p ip6` tells you whether or not your driver conforms such requirement. In the following example, "cce0" violates the requirement. (For more information, refer to Section 2.) -[source,bash] +[source,shell] .... Mbuf statistics: 317 one mbuf @@ -379,7 +379,7 @@ You can perform wildcard bind on both of the address families, on the same port. The following table show the behavior of FreeBSD 4.x. -[source,bash] +[source,shell] .... listening side initiating side (AF_INET6 wildcard (connection to ::ffff:10.1.1.1) @@ -632,7 +632,7 @@ Note that the behavior is configurable in per-node manner, not per-SA manner (dr The behavior is summarized as follows (see source code for more detail): -[source,bash] +[source,shell] .... encapsulate decapsulate --- --- diff --git a/documentation/content/zh-tw/books/developers-handbook/kernelbuild/chapter.adoc b/documentation/content/zh-tw/books/developers-handbook/kernelbuild/chapter.adoc index 9025f15833..c01d4aa826 100644 --- a/documentation/content/zh-tw/books/developers-handbook/kernelbuild/chapter.adoc +++ b/documentation/content/zh-tw/books/developers-handbook/kernelbuild/chapter.adoc @@ -52,21 +52,21 @@ Building the kernel this way may be useful when working on the kernel code and i ==== . Run man:config[8] to generate the kernel source code: + -[source,bash] +[source,shell] .... # /usr/sbin/config MYKERNEL .... . Change into the build directory. man:config[8] will print the name of this directory after being run as above. + -[source,bash] +[source,shell] .... # cd ../compile/MYKERNEL .... . Compile the kernel: + -[source,bash] +[source,shell] .... # make depend # make @@ -74,7 +74,7 @@ Building the kernel this way may be useful when working on the kernel code and i . Install the new kernel: + -[source,bash] +[source,shell] .... # make install .... diff --git a/documentation/content/zh-tw/books/developers-handbook/kerneldebug/chapter.adoc b/documentation/content/zh-tw/books/developers-handbook/kerneldebug/chapter.adoc index 7c85e75893..94cff71150 100644 --- a/documentation/content/zh-tw/books/developers-handbook/kerneldebug/chapter.adoc +++ b/documentation/content/zh-tw/books/developers-handbook/kerneldebug/chapter.adoc @@ -78,7 +78,7 @@ Check [.filename]#/etc/fstab# or man:swapinfo[8] for a list of swap devices. ==== Make sure the `dumpdir` specified in man:rc.conf[5] exists before a kernel crash! -[source,bash] +[source,shell] .... # mkdir /var/crash # chmod 700 /var/crash @@ -101,7 +101,7 @@ The man:crashinfo[8] utility generates a text file containing a summary of infor If you are testing a new kernel but need to boot a different one in order to get your system up and running again, boot it only into single user mode using the `-s` flag at the boot prompt, and then perform the following steps: -[source,bash] +[source,shell] .... # fsck -p # mount -a -t ufs # make sure /var/crash is writable @@ -116,7 +116,7 @@ This instructs man:savecore[8] to extract a kernel dump from [.filename]#/dev/ad The kernel includes a man:sysctl[8] node that requests a kernel panic. This can be used to verify that your system is properly configured to save kernel crash dumps. You may wish to remount existing file systems as read-only in single user mode before triggering the crash to avoid data loss. -[source,bash] +[source,shell] .... # shutdown now ... @@ -139,21 +139,21 @@ This section covers man:kgdb[1]. The latest version is included in the package:d To enter into the debugger and begin getting information from the dump, start kgdb: -[source,bash] +[source,shell] .... # kgdb -n N .... Where _N_ is the suffix of the [.filename]#vmcore.N# to examine. To open the most recent dump use: -[source,bash] +[source,shell] .... # kgdb -n last .... Normally, man:kgdb[1] should be able to locate the kernel running at the time the dump was generated. If it is not able to locate the correct kernel, pass the pathname of the kernel and dump as two arguments to kgdb: -[source,bash] +[source,shell] .... # kgdb /boot/kernel/kernel /var/crash/vmcore.0 .... @@ -162,7 +162,7 @@ You can debug the crash dump using the kernel sources just like you can for any This dump is from a 5.2-BETA kernel and the crash comes from deep within the kernel. The output below has been modified to include line numbers on the left. This first trace inspects the instruction pointer and obtains a back trace. The address that is used on line 41 for the `list` command is the instruction pointer and can be found on line 17. Most developers will request having at least this information sent to them if you are unable to debug the problem yourself. If, however, you do solve the problem, make sure that your patch winds its way into the source tree via a problem report, mailing lists, or by being able to commit it! -[source,bash] +[source,shell] .... 1:# cd /usr/obj/usr/src/sys/KERNCONF 2:# kgdb kernel.debug /var/crash/vmcore.0 @@ -286,7 +286,7 @@ Once your DDB kernel is running, there are several ways to enter DDB. The first, The second scenario is to drop to the debugger once the system has booted. There are two simple ways to accomplish this. If you would like to break to the debugger from the command prompt, simply type the command: -[source,bash] +[source,shell] .... # sysctl debug.kdb.enter=1 .... @@ -306,7 +306,7 @@ to the kernel configuration file and rebuild/reinstall. The DDB commands roughly resemble some `gdb` commands. The first thing you probably need to do is to set a breakpoint: -[source,bash] +[source,shell] .... break function-name address .... @@ -315,14 +315,14 @@ Numbers are taken hexadecimal by default, but to make them distinct from symbol To exit the debugger and continue execution, type: -[source,bash] +[source,shell] .... continue .... To get a stack trace of the current thread, use: -[source,bash] +[source,shell] .... trace .... @@ -331,7 +331,7 @@ To get a stack trace of an arbitrary thread, specify a process ID or thread ID a If you want to remove a breakpoint, use -[source,bash] +[source,shell] .... del del address-expression @@ -339,28 +339,28 @@ If you want to remove a breakpoint, use The first form will be accepted immediately after a breakpoint hit, and deletes the current breakpoint. The second form can remove any breakpoint, but you need to specify the exact address; this can be obtained from: -[source,bash] +[source,shell] .... show b .... or: -[source,bash] +[source,shell] .... show break .... To single-step the kernel, try: -[source,bash] +[source,shell] .... s .... This will step into functions, but you can make DDB trace them until the matching return statement is reached by: -[source,bash] +[source,shell] .... n .... @@ -372,7 +372,7 @@ This is different from ``gdb``'s `next` statement; it is like ``gdb``'s `finish` To examine data from memory, use (for example): -[source,bash] +[source,shell] .... x/wx 0xf0133fe0,40 x/hd db_symtab_space @@ -382,14 +382,14 @@ To examine data from memory, use (for example): for word/halfword/byte access, and hexadecimal/decimal/character/ string display. The number after the comma is the object count. To display the next 0x10 items, simply use: -[source,bash] +[source,shell] .... x ,10 .... Similarly, use -[source,bash] +[source,shell] .... x/ia foofunc,10 .... @@ -398,7 +398,7 @@ to disassemble the first 0x10 instructions of `foofunc`, and display them along To modify memory, use the write command: -[source,bash] +[source,shell] .... w/b termbuf 0xa 0xb 0 w/w 0xf0010030 0 0 @@ -408,28 +408,28 @@ The command modifier (`b`/`h`/`w`) specifies the size of the data to be written, If you need to know the current registers, use: -[source,bash] +[source,shell] .... show reg .... Alternatively, you can display a single register value by e.g. -[source,bash] +[source,shell] .... p $eax .... and modify it by: -[source,bash] +[source,shell] .... set $eax new-value .... Should you need to call some kernel functions from DDB, simply say: -[source,bash] +[source,shell] .... call func(arg1, arg2, ...) .... @@ -438,28 +438,28 @@ The return value will be printed. For a man:ps[1] style summary of all running processes, use: -[source,bash] +[source,shell] .... ps .... Now you have examined why your kernel failed, and you wish to reboot. Remember that, depending on the severity of previous malfunctioning, not all parts of the kernel might still be working as expected. Perform one of the following actions to shut down and reboot your system: -[source,bash] +[source,shell] .... panic .... This will cause your kernel to dump core and reboot, so you can later analyze the core on a higher level with man:kgdb[1]. -[source,bash] +[source,shell] .... call boot(0) .... Might be a good way to cleanly shut down the running system, `sync()` all disks, and finally, in some cases, reboot. As long as the disk and filesystem interfaces of the kernel are not damaged, this could be a good way for an almost clean shutdown. -[source,bash] +[source,shell] .... reset .... @@ -468,7 +468,7 @@ This is the final way out of disaster and almost the same as hitting the Big Red If you need a short command summary, simply type: -[source,bash] +[source,shell] .... help .... @@ -484,7 +484,7 @@ GDB has already supported _remote debugging_ for a long time. This is done using You should configure the kernel in question with `config -g` if building the "traditional" way. If building the "new" way, make sure that `makeoptions DEBUG=-g` is in the configuration. In both cases, include `DDB` in the configuration, and compile it as usual. This gives a large binary, due to the debugging information. Copy this kernel to the target machine, strip the debugging symbols off with `strip -x`, and boot it using the `-d` boot option. Connect the serial line of the target machine that has "flags 080" set on its uart device to any serial line of the debugging host. See man:uart[4] for information on how to set the flags on an uart device. Now, on the debugging machine, go to the compile directory of the target kernel, and start `gdb`: -[source,bash] +[source,shell] .... % kgdb kernel GDB is free software and you are welcome to distribute copies of it @@ -497,14 +497,14 @@ Copyright 1996 Free Software Foundation, Inc... Initialize the remote debugging session (assuming the first serial port is being used) by: -[source,bash] +[source,shell] .... (kgdb) target remote /dev/cuau0 .... Now, on the target host (the one that entered DDB right before even starting the device probe), type: -[source,bash] +[source,shell] .... Debugger("Boot flags requested debugger") Stopped at Debugger+0x35: movb $0, edata+0x51bc @@ -513,14 +513,14 @@ db> gdb DDB will respond with: -[source,bash] +[source,shell] .... Next trap will enter GDB remote protocol mode .... Every time you type `gdb`, the mode will be toggled between remote GDB and local DDB. In order to force a next trap immediately, simply type `s` (step). Your hosting GDB will now gain control over the target kernel: -[source,bash] +[source,shell] .... Remote debugging using /dev/cuau0 Debugger (msg=0xf01b0383 "Boot flags requested debugger") @@ -584,7 +584,7 @@ To enable FireWire(R) and Dcons support in man:loader[8] on i386 or amd64: Add `LOADER_FIREWIRE_SUPPORT=YES` in [.filename]#/etc/make.conf# and rebuild man:loader[8]: -[source,bash] +[source,shell] .... # cd /sys/boot/i386 && make clean && make && make install .... @@ -593,7 +593,7 @@ To enable man:dcons[4] as an active low-level console, add `boot_multicons="YES" Here are a few configuration examples. A sample kernel configuration file would contain: -[source,bash] +[source,shell] .... device dcons device dcons_crom @@ -605,7 +605,7 @@ options ALT_BREAK_TO_DEBUGGER And a sample [.filename]#/boot/loader.conf# would contain: -[source,bash] +[source,shell] .... dcons_crom_load="YES" dcons_gdb=1 @@ -618,7 +618,7 @@ hw.firewire.dcons_crom.force_console=1 To enable FireWire(R) support in the kernel on the _host machine_: -[source,bash] +[source,shell] .... # kldload firewire .... @@ -627,7 +627,7 @@ Find out the EUI64 (the unique 64 bit identifier) of the FireWire(R) host contro Run man:dconschat[8], with: -[source,bash] +[source,shell] .... # dconschat -e \# -br -G 12345 -t 00-11-22-33-44-55-66-77 .... @@ -653,7 +653,7 @@ The following key combinations can be used once man:dconschat[8] is running: Attach remote GDB by starting man:kgdb[1] with a remote debugging session: -[source,bash] +[source,shell] .... kgdb -r :12345 kernel .... @@ -664,7 +664,7 @@ Here are some general tips: To take full advantage of the speed of FireWire(R), disable other slow console drivers: -[source,bash] +[source,shell] .... # conscontrol delete ttyd0 # serial console # conscontrol delete consolectl # video/keyboard @@ -672,7 +672,7 @@ To take full advantage of the speed of FireWire(R), disable other slow console d There exists a GDB mode for man:emacs[1]; this is what you will need to add to your [.filename]#.emacs#: -[source,bash] +[source,shell] .... (setq gud-gdba-command-name "kgdb -a -a -a -r :12345") (setq gdb-many-windows t) @@ -682,7 +682,7 @@ M-x gdba And for DDD ([.filename]#devel/ddd#): -[source,bash] +[source,shell] .... # remote serial protocol LANG=C ddd --debugger kgdb -r :12345 kernel @@ -700,21 +700,21 @@ To use man:dcons[4] with KVM: Dump a man:dcons[4] buffer of a live system: -[source,bash] +[source,shell] .... # dconschat -1 .... Dump a man:dcons[4] buffer of a crash dump: -[source,bash] +[source,shell] .... # dconschat -1 -M vmcore.XX .... Live core debugging can be done via: -[source,bash] +[source,shell] .... # fwcontrol -m target_eui64 # kgdb kernel /dev/fwmem0.2 diff --git a/documentation/content/zh-tw/books/developers-handbook/policies/chapter.adoc b/documentation/content/zh-tw/books/developers-handbook/policies/chapter.adoc index 3510741151..3fa6638788 100644 --- a/documentation/content/zh-tw/books/developers-handbook/policies/chapter.adoc +++ b/documentation/content/zh-tw/books/developers-handbook/policies/chapter.adoc @@ -95,7 +95,7 @@ If this is your first import after the switch to SVN, you will have to flatten a + During the conversion from CVS to SVN, vendor branches were imported with the same layout as the main tree. For example, the foo vendor sources ended up in [.filename]#vendor/foo/dist/contrib/foo#, but it is pointless and rather inconvenient. What we really want is to have the vendor source directly in [.filename]#vendor/foo/dist#, like this: + -[source,bash] +[source,shell] .... % cd vendor/foo/dist/contrib/foo % svn move $(svn list) ../.. @@ -114,7 +114,7 @@ You may want to flatten the tags as well. The procedure is exactly the same. If + Check the [.filename]#dist# tree and perform any cleanup that is deemed to be necessary. You may want to disable keyword expansion, as it makes no sense on unmodified vendor code. In some cases, it can be even be harmful. + -[source,bash] +[source,shell] .... % svn propdel svn:keywords -R . % svn commit @@ -122,7 +122,7 @@ Check the [.filename]#dist# tree and perform any cleanup that is deemed to be ne + Bootstrapping of `svn:mergeinfo` on the target directory (in the main tree) to the revision that corresponds to the last change was made to the vendor tree prior to importing new sources is also needed: + -[source,bash] +[source,shell] .... % cd head/contrib/foo % svn merge --record-only ^/vendor/foo/dist@12345678 . @@ -136,7 +136,7 @@ Prepare a full, clean tree of the vendor sources. With SVN, we can keep a full d + Note that you will need to add any files that were added since the last vendor import, and remove any that were removed. To facilitate this, you should prepare sorted lists of the contents of the vendor tree and of the sources you are about to import: + -[source,bash] +[source,shell] .... % cd vendor/foo/dist % svn list -R | grep -v '/$' | sort > ../old @@ -146,21 +146,21 @@ Note that you will need to add any files that were added since the last vendor i + With these two files, the following command will list removed files (files only in [.filename]#old#): + -[source,bash] +[source,shell] .... % comm -23 ../old ../new .... + While the command below will list added files (files only in [.filename]#new#): + -[source,bash] +[source,shell] .... % comm -13 ../old ../new .... + Let us put this together: + -[source,bash] +[source,shell] .... % cd vendor/foo/foo-9.9 % tar cf - . | tar xf - -C ../dist @@ -188,7 +188,7 @@ You are ready to commit, but you should first check the output of `svn stat` and + Once you have committed the new vendor release, you should tag it for future reference. The best and quickest way is to do it directly in the repository: + -[source,bash] +[source,shell] .... % svn copy ^/vendor/foo/dist svn_base/vendor/foo/9.9 .... @@ -204,7 +204,7 @@ If you choose to do the copy in the checkout instead, do not forget to remove th + After you have prepared your import, it is time to merge. Option `--accept=postpone` tells SVN not to handle merge conflicts yet, because they will be taken care of manually: + -[source,bash] +[source,shell] .... % cd head/contrib/foo % svn update @@ -213,7 +213,7 @@ After you have prepared your import, it is time to merge. Option `--accept=postp + Resolve any conflicts, and make sure that any files that were added or removed in the vendor tree have been properly added or removed in the main tree. It is always a good idea to check differences against the vendor branch: + -[source,bash] +[source,shell] .... % svn diff --no-diff-deleted --old=^/vendor/foo/dist --new=. .... diff --git a/documentation/content/zh-tw/books/developers-handbook/sockets/chapter.adoc b/documentation/content/zh-tw/books/developers-handbook/sockets/chapter.adoc index 97edb64caa..80e6284948 100644 --- a/documentation/content/zh-tw/books/developers-handbook/sockets/chapter.adoc +++ b/documentation/content/zh-tw/books/developers-handbook/sockets/chapter.adoc @@ -454,7 +454,7 @@ int main() { Go ahead, enter it in your editor, save it as [.filename]#daytime.c#, then compile and run it: -[source,bash] +[source,shell] .... % cc -O3 -o daytime daytime.c % ./daytime @@ -669,7 +669,7 @@ Not all protocols are that simple. Many receive a request from the client, reply Now, go ahead, save the above source code as [.filename]#daytimed.c# (it is customary to end the names of daemons with the letter `d`). After you have compiled it, try running it: -[source,bash] +[source,shell] .... % ./daytimed bind: Permission denied @@ -680,7 +680,7 @@ What happened here? As you will recall, the _daytime_ protocol uses port 13. But Try again, this time as the superuser: -[source,bash] +[source,shell] .... # ./daytimed # @@ -688,7 +688,7 @@ Try again, this time as the superuser: What... Nothing? Let us try again: -[source,bash] +[source,shell] .... # ./daytimed @@ -700,7 +700,7 @@ Every port can only be bound by one program at a time. Our first attempt was ind Fine, we know it is running in the background. But is it working? How do we know it is a proper _daytime_ server? Simple: -[source,bash] +[source,shell] .... % telnet localhost 13 @@ -718,7 +718,7 @@ telnet tried the new IPv6, and failed. It retried with IPv4 and succeeded. The d If you have access to another UNIX(R) system via telnet, you can use it to test accessing the server remotely. My computer does not have a static IP address, so this is what I did: -[source,bash] +[source,shell] .... % who @@ -736,7 +736,7 @@ Connection closed by foreign host. Again, it worked. Will it work using the domain name? -[source,bash] +[source,shell] .... % telnet r47.bfm.org 13 @@ -829,7 +829,7 @@ We now can type a domain name (or an IP address, it works both ways) on the comm Since it takes virtually no time to get the time from your local server, you could run daytime twice in a row: First to get the time from `time.nist.gov`, the second time from your own system. You can then compare the results and see how exact your system clock is: -[source,bash] +[source,shell] .... % daytime ; daytime localhost diff --git a/documentation/content/zh-tw/books/developers-handbook/tools/chapter.adoc b/documentation/content/zh-tw/books/developers-handbook/tools/chapter.adoc index 090737919e..ba8dcd4f44 100644 --- a/documentation/content/zh-tw/books/developers-handbook/tools/chapter.adoc +++ b/documentation/content/zh-tw/books/developers-handbook/tools/chapter.adoc @@ -153,14 +153,14 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P 幸運的是,你可以不用理會以上細節,編譯器都會自動完成。 因為 `cc` 只是是個前端程式(front end),它會依照正確的參數來呼叫相關程式幫你處理。 只需打: -[source,bash] +[source,shell] .... % cc foobar.c .... 上述指令會把 [.filename]#foobar.c# 開始編譯,並完成上述動作。 如果你有許多檔案需要編譯,那請打類似下列指令即可: -[source,bash] +[source,shell] .... % cc foo.c bar.c .... @@ -172,7 +172,7 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P `-o _檔名_`:: `-o` 編譯後的執行檔檔名,如果沒有使用這選項的話, 編譯好的程式預設檔名將會是 [.filename]#a.out# + -[source,bash] +[source,shell] .... % cc foobar.c 執行檔就是 a.out % cc -o foobar foobar.c 執行檔就是 foobar @@ -181,7 +181,7 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P `-c`:: 使用 `-c` 時,只會編譯原始碼,而不作連結(linking)。 當只想確認語法是否正確或使用 Makefile 來編譯程式時,這個選項非常有用。 + -[source,bash] +[source,shell] .... % cc -c foobar.c .... @@ -191,7 +191,7 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P `-g`:: `-g` 將會把一些給 gdb 用的除錯訊息包進去執行檔裡面,所謂的除錯訊息例如: 程式在第幾行出錯、那個程式第幾行做什麼函式呼叫等等。除錯資訊__非常__好用。 但缺點就是:對於程式來說,額外的除錯訊息會讓編譯出來的程式比較肥些。 `-g` 的適用時機在於:當程式還在開發時使用就好, 而當你要釋出你的 "發行版本(release version)" 或者確認程式可運作正常的話,就不必用 `-g` 這選項了。 + -[source,bash] +[source,shell] .... % cc -g foobar.c .... @@ -203,7 +203,7 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P + 只有當要釋出發行版本、或者加速程式時,才需要使用最佳化選項。 + -[source,bash] +[source,shell] .... % cc -O -o foobar foobar.c .... @@ -225,7 +225,7 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P 一般來說,在撰寫程式時就應要注意『移植性』。 否則。當想把程式拿到另外一台機器上跑的時候,就可能得需要重寫程式。 -[source,bash] +[source,shell] .... % cc -Wall -ansi -pedantic -o foobar foobar.c .... @@ -239,7 +239,7 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P + 規則很簡單,如果有個函式庫叫做 [.filename]#libsomething.a#, 就必須在編譯時加上參數 `-l _something_` 才行。 舉例來說,數學函式庫叫做 [.filename]#libm.a#, 所以你必須給 `cc` 的參數就是 `-lm`。 一般情況下,通常會把這參數必須放在指令的最後。 + -[source,bash] +[source,shell] .... % cc -o foobar foobar.c -lm .... @@ -248,7 +248,7 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P + 如果你正在編譯的程式是 C++ 程式碼,你還必須額外指定 {lg-plus-plus} 或者是 {lstdc-plus-plus}。 如果你的 FreeBSD 是 2.2(含)以後版本, 你可以用指令 {c-plus-plus-command} 來取代 `cc`。 在 FreeBSD 上 {c-plus-plus-command} 也可以用 {g-plus-plus-command} 取代。 + -[source,bash] +[source,shell] .... % cc -o foobar foobar.cc -lg++ 適用 FreeBSD 2.1.6 或更早期的版本 % cc -o foobar foobar.cc -lstdc++ 適用 FreeBSD 2.2 及之後的版本 @@ -261,14 +261,14 @@ Tcl 許多的版本都可在 上運作,而最新的 Tcl 版本為 Tcl 8.4, P ==== 我用 sin() 函示撰寫我的程式, 但是有個錯誤訊息(如下),這代表著? -[source,bash] +[source,shell] .... /var/tmp/cc0143941.o: Undefined symbol `_sin' referenced from text segment .... 當使用 `sin()` 這類的數學函示時, 你必須告訴 cc 要和數學函式庫作連結(linking),就像這樣: -[source,bash] +[source,shell] .... % cc temp.c -lm .... @@ -296,14 +296,14 @@ int main() { 編譯後執行程式,得到下面這結果: -[source,bash] +[source,shell] .... % cc temp.c -lm .... 加了上述內容之後,再重新編譯,最後執行: -[source,bash] +[source,shell] .... % ./a.out 2.1 ^ 6 = 85.766121 @@ -315,7 +315,7 @@ int main() { 記得,除非有指定編譯結果的執行檔檔名,否則預設的執行檔檔名是 a.out。 用 `-o _filename_` 參數, 就可以達到所想要的結果,比如: -[source,bash] +[source,shell] .... % cc -o foobar foobar.c .... @@ -324,7 +324,7 @@ int main() { 與 不同的是,除非有指定執行檔的路徑, 否則 系統並不會在目前的目錄下尋找你想執行的檔案。 在指令列下打 `./foobar` 代表 "執行在這個目錄底下名為 [.filename]#foobar# 的程式", 或者也可以更改 `PATH` 環境變數設定如下,以達成類似效果: -[source,bash] +[source,shell] .... bin:/usr/bin:/usr/local/bin:. .... @@ -335,7 +335,7 @@ bin:/usr/bin:/usr/local/bin:. 大多數的 系統都會在路徑 [.filename]#/usr/bin# 擺放執行檔。 除非有指定使用在目前目錄內的 [.filename]#test#,否則 shell 會優先選擇位在 [.filename]#/usr/bin# 的 [.filename]#test#, 要指定檔名的話,作法類似: -[source,bash] +[source,shell] .... % ./test .... @@ -417,14 +417,14 @@ No, fortunately not (unless of course you really do have a hardware problem...). Yes, just go to another console or xterm, do -[source,bash] +[source,shell] .... % ps .... to find out the process ID of your program, and do -[source,bash] +[source,shell] .... % kill -ABRT pid .... @@ -444,7 +444,7 @@ If you want to create a core dump from outside your program, but do not want the When you are working on a simple program with only one or two source files, typing in -[source,bash] +[source,shell] .... % cc file1.c file2.c .... @@ -453,7 +453,7 @@ is not too bad, but it quickly becomes very tedious when there are several files One way to get around this is to use object files and only recompile the source file if the source code has changed. So we could have something like: -[source,bash] +[source,shell] .... % cc file1.o file2.o … file37.c … .... @@ -501,7 +501,7 @@ install: We can tell make which target we want to make by typing: -[source,bash] +[source,shell] .... % make target .... @@ -591,7 +591,7 @@ If you want to have a look at these system makefiles, they are in [.filename]#/u The version of make that comes with FreeBSD is the Berkeley make; there is a tutorial for it in [.filename]#/usr/shared/doc/psd/12.make#. To view it, do -[source,bash] +[source,shell] .... % zmore paper.ascii.gz .... @@ -635,7 +635,7 @@ Which one to use is largely a matter of taste. If familiar with one only, use th Start up lldb by typing -[source,bash] +[source,shell] .... % lldb -- progname .... @@ -644,7 +644,7 @@ Start up lldb by typing Compile the program with `-g` to get the most out of using `lldb`. It will work without, but will only display the name of the function currently running, instead of the source code. If it displays a line like: -[source,bash] +[source,shell] .... Breakpoint 1: where = temp`main, address = … .... @@ -687,7 +687,7 @@ This program sets i to be `5` and passes it to a function `bazz()` which prints Compiling and running the program displays -[source,bash] +[source,shell] .... % cc -g -o temp temp.c % ./temp @@ -697,7 +697,7 @@ anint = -5360 That is not what was expected! Time to see what is going on! -[source,bash] +[source,shell] .... % lldb -- temp (lldb) target create "temp" @@ -745,7 +745,7 @@ Process 9992 stopped Hang on a minute! How did anint get to be `-5360`? Was it not set to `5` in `main()`? Let us move up to `main()` and have a look. -[source,bash] +[source,shell] .... (lldb) up Move up call stack frame #1: 0x000000000020130b temp`main at temp.c:9:2 lldb displays stack frame @@ -788,7 +788,7 @@ To examine a core file, specify the name of the core file in addition to the pro The debugger will display something like this: -[source,bash,subs="verbatim,quotes"] +[source,shell,subs="verbatim,quotes"] .... % lldb -c [.filename]#progname.core# -- [.filename]#progname# (lldb) target create "[.filename]#progname#" --core "[.filename]#progname#.core" @@ -798,7 +798,7 @@ Core file '/home/pauamma/tmp/[.filename]#progname.core#' (x86_64) was loaded. In this case, the program was called [.filename]#progname#, so the core file is called [.filename]#progname.core#. The debugger does not display why the program crashed or where. For this, use `thread backtrace all`. This will also show how the function where the program dumped core was called. -[source,bash,subs="verbatim,quotes"] +[source,shell,subs="verbatim,quotes"] .... (lldb) thread backtrace all * thread #1, name = 'progname', stop reason = signal SIGSEGV @@ -816,7 +816,7 @@ One of the neatest features about `lldb` is that it can attach to a program that To do that, start up another `lldb`, use `ps` to find the process ID for the child, and do -[source,bash] +[source,shell] .... (lldb) process attach -p pid .... @@ -848,14 +848,14 @@ Now all that is needed is to attach to the child, set PauseMode to `0` with `exp Start up gdb by typing -[source,bash] +[source,shell] .... % gdb progname .... although many people prefer to run it inside Emacs. To do this, type: -[source,bash] +[source,shell] .... M-x gdb RET progname RET .... @@ -866,7 +866,7 @@ Finally, for those finding its text-based command-prompt style off-putting, ther Compile the program with `-g` to get the most out of using `gdb`. It will work without, but will only display the name of the function currently running, instead of the source code. A line like: -[source,bash] +[source,shell] .... ... (no debugging symbols found) ... .... @@ -903,7 +903,7 @@ This program sets i to be `5` and passes it to a function `bazz()` which prints Compiling and running the program displays -[source,bash] +[source,shell] .... % cc -g -o temp temp.c % ./temp @@ -913,7 +913,7 @@ anint = 4231 That was not what we expected! Time to see what is going on! -[source,bash] +[source,shell] .... % gdb temp GDB is free software and you are welcome to distribute copies of it @@ -935,7 +935,7 @@ bazz (anint=4231) at temp.c:17 gdb displays stack frame Hang on a minute! How did anint get to be `4231`? Was it not set to `5` in `main()`? Let us move up to `main()` and have a look. -[source,bash] +[source,shell] .... (gdb) up Move up call stack #1 0x1625 in main () at temp.c:11 gdb displays stack frame @@ -969,7 +969,7 @@ A core file is basically a file which contains the complete state of the process To examine a core file, start up `gdb` in the usual way. Instead of typing `break` or `run`, type -[source,bash] +[source,shell] .... (gdb) core progname.core .... @@ -978,7 +978,7 @@ If the core file is not in the current directory, type `dir /path/to/core/file` The debugger should display something like this: -[source,bash,subs="verbatim,quotes"] +[source,shell,subs="verbatim,quotes"] .... % gdb [.filename]#progname# GDB is free software and you are welcome to distribute copies of it @@ -997,7 +997,7 @@ In this case, the program was called [.filename]#progname#, so the core file is Sometimes it is useful to be able to see how a function was called, as the problem could have occurred a long way up the call stack in a complex program. `bt` causes `gdb` to print out a back-trace of the call stack: -[source,bash] +[source,shell] .... (gdb) bt #0 0x164a in bazz (anint=0x5) at temp.c:17 @@ -1014,7 +1014,7 @@ One of the neatest features about `gdb` is that it can attach to a program that To do that, start up another `gdb`, use `ps` to find the process ID for the child, and do -[source,bash] +[source,shell] .... (gdb) attach pid .... @@ -1097,7 +1097,7 @@ Unfortunately, there is far too much here to explain it in detail; however there * Emacs already has a pre-defined function called `next-error`. In a compilation output window, this allows you to move from one compilation error to the next by doing `M-n`; we define a complementary function, `previous-error`, that allows you to go to a previous error by doing `M-p`. The nicest feature of all is that `C-c C-c` will open up the source file in which the error occurred and jump to the appropriate line. * We enable Emacs's ability to act as a server, so that if you are doing something outside Emacs and you want to edit a file, you can just type in + -[source,bash] +[source,shell] .... % emacsclient filename .... @@ -1400,7 +1400,7 @@ Now, this is all very well if you only want to program in the languages already The first thing to do is find out if whizbang comes with any files that tell Emacs about the language. These usually end in [.filename]#.el#, short for "Emacs Lisp". For example, if whizbang is a FreeBSD port, we can locate these files by doing -[source,bash] +[source,shell] .... % find /usr/ports/lang/whizbang -name "*.el" -print .... @@ -1409,14 +1409,14 @@ and install them by copying them into the Emacs site Lisp directory. On FreeBSD, So for example, if the output from the find command was -[source,bash] +[source,shell] .... /usr/ports/lang/whizbang/work/misc/whizbang.el .... we would do -[source,bash] +[source,shell] .... # cp /usr/ports/lang/whizbang/work/misc/whizbang.el /usr/local/shared/emacs/site-lisp .... diff --git a/documentation/content/zh-tw/books/developers-handbook/x86/chapter.adoc b/documentation/content/zh-tw/books/developers-handbook/x86/chapter.adoc index ceb9af91de..876f940252 100644 --- a/documentation/content/zh-tw/books/developers-handbook/x86/chapter.adoc +++ b/documentation/content/zh-tw/books/developers-handbook/x86/chapter.adoc @@ -139,7 +139,7 @@ This convention has a great disadvantage over the UNIX(R) way, at least as far a If you do choose the Linux convention, you must let the system know about it. After your program is assembled and linked, you need to brand the executable: -[source,bash] +[source,shell] .... % brandelf -t Linux filename .... @@ -505,7 +505,7 @@ Type the code (except the line numbers) in an editor, and save it in a file name If you do not have nasm, type: -[source,bash] +[source,shell] .... % su Password:your root password @@ -526,7 +526,7 @@ If your system is not FreeBSD, you need to get nasm from its https://sourceforge Now you can assemble, link, and run the code: -[source,bash] +[source,shell] .... % nasm -f elf hello.asm % ld -s -o hello hello.o @@ -604,7 +604,7 @@ Once there is no more input left, we ask the system to exit our program, returni Go ahead, and save the code in a file named [.filename]#hex.asm#, then type the following (the `^D` means press the control key and type `D` while holding the control key down): -[source,bash] +[source,shell] .... % nasm -f elf hex.asm % ld -s -o hex hex.o @@ -679,7 +679,7 @@ That means we only need to set `CL` once. We have, therefore, added a new label Once you have changed [.filename]#hex.asm# to reflect these changes, type: -[source,bash] +[source,shell] .... % nasm -f elf hex.asm % ld -s -o hex hex.o @@ -807,7 +807,7 @@ We use `EDI` and `ESI` as pointers to the next byte to be read from or written t Let us see how it works now: -[source,bash] +[source,shell] .... % nasm -f elf hex.asm % ld -s -o hex hex.o @@ -923,7 +923,7 @@ write: Now, let us see how it works: -[source,bash] +[source,shell] .... % nasm -f elf hex.asm % ld -s -o hex hex.o @@ -1461,7 +1461,7 @@ This code produces a 1,396-byte executable. Most of it is data, i.e., the HTML m Assemble and link it as usual: -[source,bash] +[source,shell] .... % nasm -f elf webvars.asm % ld -s -o webvars webvars.o @@ -1482,7 +1482,7 @@ One of the first programs I wrote for UNIX(R) was link:ftp://ftp.int80h.org/unix I have used tuc extensively, but always only to convert from some other OS to UNIX(R), never the other way. I have always wished it would just overwrite the file instead of me having to send the output to a different file. Most of the time, I end up using it like this: -[source,bash] +[source,shell] .... % tuc myfile tempfile % mv tempfile myfile @@ -1490,7 +1490,7 @@ I have used tuc extensively, but always only to convert from some other OS to UN It would be nice to have a ftuc, i.e., _fast tuc_, and use it like this: -[source,bash] +[source,shell] .... % ftuc myfile .... @@ -2038,7 +2038,7 @@ This time I decided to let it do a little more work than a typical tutorial prog Here is its usage message: -[source,bash] +[source,shell] .... Usage: csv [-t<delim>] [-c<comma>] [-p] [-o <outfile>] [-i <infile>] .... @@ -2057,7 +2057,7 @@ I made sure that both `-i filename` and `-ifilename` are accepted. I also made s To get the 11th field of each record, I can now do: -[source,bash] +[source,shell] .... % csv '-t;' data.csv | awk '-F;' '{print $11}' .... @@ -2561,7 +2561,7 @@ But our pinhole program cannot just work with individual characters, it has to d For example, if we want the program to calculate the pinhole diameter (and other values we will discuss later) at the focal lengths of `100 mm`, `150 mm`, and `210 mm`, we may want to enter something like this: -[source,bash] +[source,shell] .... 100, 150, 210 .... @@ -2576,7 +2576,7 @@ Personally, I like to keep it simple. Something either is a number, so I process Plus, it allows me to break up the monotony of computing and type in a query instead of just a number: -[source,bash] +[source,shell] .... What is the best pinhole diameter for the focal length of 150? @@ -2584,7 +2584,7 @@ What is the best pinhole diameter for the There is no reason for the computer to spit out a number of complaints: -[source,bash] +[source,shell] .... Syntax error: What Syntax error: is @@ -2675,7 +2675,7 @@ So, it makes perfect sense to start each line with the focal length as entered b No, wait! Not as entered by the user. What if the user types in something like this: -[source,bash] +[source,shell] .... 00000000150 .... @@ -2688,7 +2688,7 @@ But... What if the user types something like this: -[source,bash] +[source,shell] .... 17459765723452353453534535353530530534563507309676764423 .... @@ -2705,7 +2705,7 @@ What will we do? We will slap him in the face, in a manner of speaking: -[source,bash] +[source,shell] .... 17459765723452353453534535353530530534563507309676764423 ??? ??? ??? ??? ??? .... @@ -2730,7 +2730,7 @@ That still leaves one possibility uncovered: If all the user enters is a zero (o We can determine this has happened whenever our counter stays at `0`. In that case we need to send `0` to the output, and perform another "slap in the face": -[source,bash] +[source,shell] .... 0 ??? ??? ??? ??? ??? .... @@ -3657,7 +3657,7 @@ Suppose we want to build a pinhole camera to use the 4x5 inch film. The standard Our session might look like this: -[source,bash] +[source,shell] .... % pinhole @@ -3726,7 +3726,7 @@ Because 120 is a medium size film, we may name this file medium. We can set its permissions to execute, and run it as if it were a program: -[source,bash] +[source,shell] .... % chmod 755 medium % ./medium @@ -3734,14 +3734,14 @@ We can set its permissions to execute, and run it as if it were a program: UNIX(R) will interpret that last command as: -[source,bash] +[source,shell] .... % /usr/local/bin/pinhole -b -i ./medium .... It will run that command and display: -[source,bash] +[source,shell] .... 80 358 224 256 1562 11 30 219 137 128 586 9 @@ -3756,21 +3756,21 @@ It will run that command and display: Now, let us enter: -[source,bash] +[source,shell] .... % ./medium -c .... UNIX(R) will treat that as: -[source,bash] +[source,shell] .... % /usr/local/bin/pinhole -b -i ./medium -c .... That gives it two conflicting options: `-b` and `-c` (Use Bender's constant and use Connors' constant). We have programmed it so later options override early ones-our program will calculate everything using Connors' constant: -[source,bash] +[source,shell] .... 80 331 242 256 1826 11 30 203 148 128 685 9 @@ -3785,7 +3785,7 @@ That gives it two conflicting options: `-b` and `-c` (Use Bender's constant and We decide we want to go with Bender's constant after all. We want to save its values as a comma-separated file: -[source,bash] +[source,shell] .... % ./medium -b -e > bender % cat bender @@ -3829,7 +3829,7 @@ There is a major difference in the philosophy of design between MS-DOS(R) and UN This is NEVER guaranteed under UNIX(R). It is quite common for a UNIX(R) user to pipe and redirect program input and output: -[source,bash] +[source,shell] .... % program1 | program2 | program3 > file1 .... diff --git a/documentation/content/zh-tw/books/faq/_index.adoc b/documentation/content/zh-tw/books/faq/_index.adoc index 2ea77f8d1b..59b4a7d274 100644 --- a/documentation/content/zh-tw/books/faq/_index.adoc +++ b/documentation/content/zh-tw/books/faq/_index.adoc @@ -336,7 +336,7 @@ FreeBSD 文件計畫已陸續發表了相當廣泛範圍的文件,可在 https 舉例來說,透過 man:bzip2[1] 壓縮的英文問與答的章節分割 HTML 版本,可以在 [.filename]#doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2# 中找到。若要下載並解壓縮這個檔案,請輸入 -[source,bash] +[source,shell] .... # fetch https://download.freebsd.org/ftp/doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2 # tar xvf book.html-split.tar.bz2 @@ -436,14 +436,14 @@ FreeBSD 需要 486 以上的 PC,64 MB 以上的 RAM,和至少 1.1 GB 的硬 This depends upon the boot manager. The FreeBSD boot selection menu can be reinstalled using man:boot0cfg[8]. For example, to restore the boot menu onto the disk _ada0_: -[source,bash] +[source,shell] .... # boot0cfg -B ada0 .... The non-interactive MBR bootloader can be installed using man:gpart[8]: -[source,bash] +[source,shell] .... # gpart bootcode -b /boot/mbr ada0 .... @@ -576,7 +576,7 @@ FreeBSD also supports any SCSI CD-R or CD-RW drives. Install the package:sysutil The default console driver, man:syscons[4], provides the ability to use a mouse pointer in text consoles to cut & paste text. Run the mouse daemon, man:moused[8], and turn on the mouse pointer in the virtual console: -[source,bash] +[source,shell] .... # moused -p /dev/xxxx -t yyyy # vidcontrol -m on @@ -627,7 +627,7 @@ For more information, see http://www.ibb.net/~anne/keyboard.html[this page]. Some sound cards set their output volume to 0 at every boot. Run the following command every time the machine boots: -[source,bash] +[source,shell] .... # mixer pcm 100 vol 100 cd 100 .... @@ -729,7 +729,7 @@ The computer has two or more clocks, and FreeBSD has chosen to use the wrong one Run man:dmesg[8], and check for lines that contain `Timecounter`. The one with the highest quality value that FreeBSD chose. -[source,bash] +[source,shell] .... # dmesg | grep Timecounter Timecounter "i8254" frequency 1193182 Hz quality 0 @@ -740,7 +740,7 @@ Timecounters tick every 1.000 msec Confirm this by checking the `kern.timecounter.hardware` man:sysctl[3]. -[source,bash] +[source,shell] .... # sysctl kern.timecounter.hardware kern.timecounter.hardware: ACPI-fast @@ -757,7 +757,7 @@ Or the BIOS may modify the TSC clock--perhaps to change the speed of the process In this example, the `i8254` clock is also available, and can be selected by writing its name to the `kern.timecounter.hardware` man:sysctl[3]. -[source,bash] +[source,shell] .... # sysctl kern.timecounter.hardware=i8254 kern.timecounter.hardware: TSC -> i8254 @@ -862,7 +862,7 @@ The existing implementation is our best effort at meeting as many of these requi To create audio CDs from MIDI files, first install package:audio/timidity[] from ports then install manually the GUS patches set by Eric A. Welsh, available at http://alleg.sourceforge.net/digmid.html[http://alleg.sourceforge.net/digmid.html]. After TiMidity++ has been installed properly, MIDI files may be converted to WAV files with the following command line: -[source,bash] +[source,shell] .... % timidity -Ow -s 44100 -o /tmp/juke/01.wav 01.mid .... @@ -936,7 +936,7 @@ There are a number of possible causes for this problem: The name of the scheduler currently being used is directly available as the value of the `kern.sched.name` sysctl: -[source,bash] +[source,shell] .... % sysctl kern.sched.name kern.sched.name: ULE @@ -972,7 +972,7 @@ When the disks are formatted with UFS, never use anything but man:dump[8] and ma For example, to move [.filename]#/dev/ada1s1a# with [.filename]#/mnt# as the temporary mount point, type: -[source,bash] +[source,shell] .... # newfs /dev/ada1s1a # mount /dev/ada1s1a /mnt @@ -982,7 +982,7 @@ For example, to move [.filename]#/dev/ada1s1a# with [.filename]#/mnt# as the tem Rearranging partitions with `dump` takes a bit more work. To merge a partition like [.filename]#/var# into its parent, create the new partition large enough for both, move the parent partition as described above, then move the child partition into the empty directory that the first move created: -[source,bash] +[source,shell] .... # newfs /dev/ada1s1a # mount /dev/ada1s1a /mnt @@ -994,7 +994,7 @@ Rearranging partitions with `dump` takes a bit more work. To merge a partition l To split a directory from its parent, say putting [.filename]#/var# on its own partition when it was not before, create both partitions, then mount the child partition on the appropriate directory in the temporary mount point, then move the old single partition: -[source,bash] +[source,shell] .... # newfs /dev/ada1s1a # newfs /dev/ada1s1d @@ -1050,7 +1050,7 @@ FreeBSD includes the Network File System NFS and the FreeBSD Ports Collection pr The secondary DOS partitions are found after _all_ the primary partitions. For example, if `E` is the second DOS partition on the second SCSI drive, there will be a device file for "slice 5" in [.filename]#/dev#. To mount it: -[source,bash] +[source,shell] .... # mount -t msdosfs /dev/da1s5 /dos/e .... @@ -1086,14 +1086,14 @@ This cannot be accomplished with the standard boot manager without rewriting it. If the drive already has a file system on it, use a command like this: -[source,bash] +[source,shell] .... # mount -t msdosfs /dev/da0s1 /mnt .... If the drive will only be used with FreeBSD systems, partition it with UFS or ZFS. This will provide long filename support, improvement in performance, and stability. If the drive will be used by other operating systems, a more portable choice, such as msdosfs, is better. -[source,bash] +[source,shell] .... # dd if=/dev/zero of=/dev/da0 count=2 # gpart create -s GPT /dev/da0 @@ -1102,14 +1102,14 @@ If the drive will only be used with FreeBSD systems, partition it with UFS or ZF Finally, create a new file system: -[source,bash] +[source,shell] .... # newfs /dev/da0p1 .... and mount it: -[source,bash] +[source,shell] .... # mount /dev/da0s1 /mnt .... @@ -1153,7 +1153,7 @@ By default, man:mount[8] will attempt to mount the last data track (session) of As `root` set the sysctl variable `vfs.usermount` to `1`. -[source,bash] +[source,shell] .... # sysctl vfs.usermount=1 .... @@ -1173,7 +1173,7 @@ For example, to allow users to mount the first USB drive add: All users can now mount devices they could read onto a directory that they own: -[source,bash] +[source,shell] .... % mkdir ~/my-mount-point % mount -t msdosfs /dev/da0 ~/my-mount-point @@ -1181,7 +1181,7 @@ All users can now mount devices they could read onto a directory that they own: Unmounting the device is simple: -[source,bash] +[source,shell] .... % umount ~/my-mount-point .... @@ -1251,7 +1251,7 @@ L2ARC 需要 ARC 的空間來為其製作索引,因此,有一種反常的情 這很有可能是該 pool 的空間使用率已達 100% 滿了,因 ZFS 需要儲存空間以將紀錄交易處理的輔助資料 (metadata) 寫入,為了讓該 pool 回復至可用狀態,必須用檔案切除的方法 (truncate 命令) 刪除不重要的檔案: -[source,bash] +[source,shell] .... % truncate -s 0 unimportant-file .... @@ -1287,7 +1287,7 @@ The primary configuration file is [.filename]#/etc/defaults/rc.conf# which is de For example, if to start man:named[8], the included DNS server: -[source,bash] +[source,shell] .... # echo 'named_enable="YES"' >> /etc/rc.conf .... @@ -1306,7 +1306,7 @@ This is normally caused by editing the system crontab. This is not the correct w To delete the extra, incorrect crontab: -[source,bash] +[source,shell] .... # crontab -r .... @@ -1317,7 +1317,7 @@ This is a security feature. In order to `su` to `root`, or any other account wit To allow someone to `su` to `root`, put them in the `wheel` group using `pw`: -[source,bash] +[source,shell] .... # pw groupmod wheel -m lisa .... @@ -1412,7 +1412,7 @@ options SC_DISABLE_REBOOT This can also be done by setting the following man:sysctl[8] which does not require a reboot or kernel recompile: -[source,bash] +[source,shell] .... # sysctl hw.syscons.kbd_reboot=0 .... @@ -1426,7 +1426,7 @@ The above two methods are exclusive: The man:sysctl[8] does not exist if the ker Use this man:perl[1] command: -[source,bash] +[source,shell] .... % perl -i.bak -npe 's/\r\n/\n/g' file(s) .... @@ -1435,7 +1435,7 @@ where _file(s)_ is one or more files to process. The modification is done in-pla Alternatively, use man:tr[1]: -[source,bash] +[source,shell] .... % tr -d '\r' < dos-text-file > unix-file .... @@ -1448,7 +1448,7 @@ Yet another way to reformat DOS text files is to use the package:converters/dosu Go into single-user mode and then back to multi-user mode: -[source,bash] +[source,shell] .... # shutdown now # return @@ -1471,7 +1471,7 @@ Short answer: the security level is greater than 0. Reboot directly to single-us Long answer: FreeBSD disallows changing system flags at security levels greater than 0. To check the current security level: -[source,bash] +[source,shell] .... # sysctl kern.securelevel .... @@ -1484,7 +1484,7 @@ Short answer: the system is at a security level greater than 1. Reboot directly Long answer: FreeBSD disallows changing the time by more that one second at security levels greater than 1. To check the security level: -[source,bash] +[source,shell] .... # sysctl kern.securelevel .... @@ -1529,7 +1529,7 @@ There are a couple of kinds of "free memory". One kind is the amount of memory i To see what man:newsyslog[8] will do, use the following: -[source,bash] +[source,shell] .... % newsyslog -nrvv .... @@ -1556,7 +1556,7 @@ Use package:x11/xorg-minimal[], which builds and installs only the necessary Xor Install Xorg from FreeBSD packages: -[source,bash] +[source,shell] .... # pkg install xorg .... @@ -1601,7 +1601,7 @@ link sysmouse mouse This link can be created by restarting man:devfs[5] with the following command (as `root`): -[source,bash] +[source,shell] .... # service devfs restart .... @@ -1669,7 +1669,7 @@ For security reasons, the default setting is to not allow a machine to remotely To enable this feature, start X with the optional `-listen_tcp` argument: -[source,bash] +[source,shell] .... % startx -listen_tcp .... @@ -1784,7 +1784,7 @@ Assuming all Windows keyboards are standard, the keycodes for these three keys a To have the left kbd:[Windows] key print a comma, try this. -[source,bash] +[source,shell] .... # xmodmap -e "keycode 115 = comma" .... @@ -1864,14 +1864,14 @@ Yes. For instructions on how to use NAT over a PPP connection, see the link:{han If the alias is on the same subnet as an address already configured on the interface, add `netmask 0xffffffff` to this command: -[source,bash] +[source,shell] .... # ifconfig ed0 alias 192.0.2.2 netmask 0xffffffff .... Otherwise, specify the network address and netmask as usual: -[source,bash] +[source,shell] .... # ifconfig ed0 alias 172.16.141.5 netmask 0xffffff00 .... @@ -1882,7 +1882,7 @@ More information can be found in the FreeBSD link:{handbook}#configtuning-virtua Some versions of the Linux(TM) NFS code only accept mount requests from a privileged port; try to issue the following command: -[source,bash] +[source,shell] .... # mount -o -P linuxbox:/blah /mnt .... @@ -1905,7 +1905,7 @@ If the kernel is compiled with the `IPFIREWALL` option, be aware that the defaul If the firewall is unintentionally misconfigured, restore network operability by typing the following as `root`: -[source,bash] +[source,shell] .... # ipfw add 65534 allow all from any to any .... @@ -1918,7 +1918,7 @@ For further information on configuring this firewall, see the link:{handbook}#fi Possibly because network address translation (NAT) is needed instead of just forwarding packets. A "fwd" rule only forwards packets, it does not actually change the data inside the packet. Consider this rule: -[source,bash] +[source,shell] .... 01000 fwd 10.0.0.1 from any to foo 21 .... @@ -1964,14 +1964,14 @@ This kernel message indicates that some activity is provoking it to send a large The first number in the message indicates how many packets the kernel would have sent if the limit was not in place, and the second indicates the limit. This limit is controlled using `net.inet.icmp.icmplim`. This example sets the limit to `300` packets per second: -[source,bash] +[source,shell] .... # sysctl net.inet.icmp.icmplim=300 .... To disable these messages without disabling response limiting, use `net.inet.icmp.icmplim_output` to disable the output: -[source,bash] +[source,shell] .... # sysctl net.inet.icmp.icmplim_output=0 .... @@ -1990,7 +1990,7 @@ Because a packet is coming from outside the network unexpectedly. To disable the Configure your kernel with these settings: -[source,bash] +[source,shell] .... include GENERIC ident GENERIC-IPV6ONLY @@ -2037,7 +2037,7 @@ A UNIX(TM) process is owned by a particular userid. If the user ID is not the `r To check the status of the securelevel on a running system: -[source,bash] +[source,shell] .... # sysctl -n kern.securelevel .... @@ -2218,7 +2218,7 @@ If the ISP is helpful, they should be able to enable logging on their end, then In this case, rebuild man:ppp[8] with debugging information, and then use man:gdb[1] to grab a stack trace from the ppp process that is stuck. To rebuild the ppp utility with debugging information, type: -[source,bash] +[source,shell] .... # cd /usr/src/usr.sbin/ppp # env DEBUG_FLAGS='-g' make clean @@ -2227,7 +2227,7 @@ In this case, rebuild man:ppp[8] with debugging information, and then use man:gd Then, restart ppp and wait until it hangs again. When the debug build of ppp hangs, start gdb on the stuck process by typing: -[source,bash] +[source,shell] .... # gdb ppp `pgrep ppp` .... @@ -2455,7 +2455,7 @@ See link:{handbook}#serialconsole-setup[this section of the Handbook]. As the FreeBSD kernel boots, it will probe for the serial ports for which the kernel is configured. Either watch the boot messages closely or run this command after the system is up and running: -[source,bash] +[source,shell] .... % grep -E '^(sio|uart)[0-9]' < /var/run/dmesg.boot sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 @@ -2522,7 +2522,7 @@ The built-in man:tip[1] and man:cu[1] utilities can only access the [.filename]# Alternatively, everyone can be configured to run man:tip[1] and man:cu[1] by typing: -[source,bash] +[source,shell] .... # chmod 4511 /usr/bin/cu # chmod 4511 /usr/bin/tip @@ -2544,7 +2544,7 @@ The simple answer is that free memory is wasted memory. Any memory that programs Symlinks do not have permissions, and by default, man:chmod[1] will follow symlinks to change the permissions on the source file, if possible. For the file, [.filename]#foo# with a symlink named [.filename]#bar#, this command will always succeed. -[source,bash] +[source,shell] .... % chmod g-w bar .... @@ -2558,7 +2558,7 @@ When changing modes of the file hierarchies rooted in the files instead of the f `-R` does a _recursive_ man:chmod[1]. Be careful about specifying directories or symlinks to directories to man:chmod[1]. To change the permissions of a directory referenced by a symlink, use man:chmod[1] without any options and follow the symlink with a trailing slash ([.filename]#/#). For example, if [.filename]#foo# is a symlink to directory [.filename]#bar#, to change the permissions of [.filename]#foo# (actually [.filename]#bar#), do something like: -[source,bash] +[source,shell] .... % chmod 555 foo/ .... @@ -2800,14 +2800,14 @@ To proceed: . Write down the instruction pointer value. Note that the `0x8:` part at the beginning is not significant in this case: it is the `0xf0xxxxxx` part that we want. . When the system reboots, do the following: + -[source,bash] +[source,shell] .... % nm -n kernel.that.caused.the.panic | grep f0xxxxxx .... + where `f0xxxxxx` is the instruction pointer value. The odds are you will not get an exact match since the symbols in the kernel symbol table are for the entry points of functions and the instruction pointer address will be somewhere inside a function, not at the start. If you do not get an exact match, omit the last digit from the instruction pointer value and try again: + -[source,bash] +[source,shell] .... % nm -n kernel.that.caused.the.panic | grep f0xxxxx .... @@ -2830,21 +2830,21 @@ makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols + . Change to the [.filename]#/usr/src# directory: + -[source,bash] +[source,shell] .... # cd /usr/src .... + . Compile the kernel: + -[source,bash] +[source,shell] .... # make buildkernel KERNCONF=MYKERNEL .... + . Wait for man:make[1] to finish compiling. + -[source,bash] +[source,shell] .... # make installkernel KERNCONF=MYKERNEL .... @@ -2868,7 +2868,7 @@ FreeBSD crash dumps are usually the same size as physical RAM. Therefore, make s Once the crash dump has been recovered , get a stack trace as follows: -[source,bash] +[source,shell] .... % kgdb /usr/obj/usr/src/sys/MYKERNEL/kernel.debug /var/crash/vmcore.0 (kgdb) backtrace diff --git a/documentation/content/zh-tw/books/handbook/advanced-networking/_index.adoc b/documentation/content/zh-tw/books/handbook/advanced-networking/_index.adoc index 2705040751..9c49175adf 100644 --- a/documentation/content/zh-tw/books/handbook/advanced-networking/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/advanced-networking/_index.adoc @@ -81,7 +81,7 @@ This section provides an overview of routing basics. It then demonstrates how to To view the routing table of a FreeBSD system, use man:netstat[1]: -[source,bash] +[source,shell] .... % netstat -r Routing tables @@ -166,7 +166,7 @@ defaultrouter="10.20.30.1" It is also possible to manually add the route using `route`: -[source,bash] +[source,shell] .... # route add default 10.20.30.1 .... @@ -202,7 +202,7 @@ In this scenario, `RouterA` is a FreeBSD machine that is acting as a router to t Before adding any static routes, the routing table on `RouterA` looks like this: -[source,bash] +[source,shell] .... % netstat -nr Routing tables @@ -217,7 +217,7 @@ default 10.0.0.1 UGS 0 49378 xl0 With the current routing table, `RouterA` does not have a route to the `192.168.2.0/24` network. The following command adds the `Internal Net 2` network to ``RouterA``'s routing table using `192.168.1.2` as the next hop: -[source,bash] +[source,shell] .... # route add -net 192.168.2.0/24 192.168.1.2 @@ -301,14 +301,14 @@ Connecting a computer to an existing wireless network is a very common situation . Obtain the SSID (Service Set Identifier) and PSK (Pre-Shared Key) for the wireless network from the network administrator. . Identify the wireless adapter. The FreeBSD [.filename]#GENERIC# kernel includes drivers for many common wireless adapters. If the wireless adapter is one of those models, it will be shown in the output from man:ifconfig[8]: + -[source,bash] +[source,shell] .... % ifconfig | grep -B3 -i wireless .... + On FreeBSD 11 or higher, use this command instead: + -[source,bash] +[source,shell] .... % sysctl net.wlan.devices .... @@ -336,7 +336,7 @@ ifconfig_wlan0="WPA SYNCDHCP" + . Restart the computer, or restart the network service to connect to the network: + -[source,bash] +[source,shell] .... # service netif restart .... @@ -401,7 +401,7 @@ With this information in the kernel configuration file, recompile the kernel and Information about the wireless device should appear in the boot messages, like this: -[source,bash] +[source,shell] .... ath0: <Atheros 5212> mem 0x88000000-0x8800ffff irq 11 at device 0.0 on cardbus1 ath0: [ITHREAD] @@ -414,14 +414,14 @@ Since the regulatory situation is different in various parts of the world, it is The available region definitions can be found in [.filename]#/etc/regdomain.xml#. To set the data at runtime, use `ifconfig`: -[source,bash] +[source,shell] .... # ifconfig wlan0 regdomain ETSI country AT .... To persist the settings, add it to [.filename]#/etc/rc.conf#: -[source,bash] +[source,shell] .... # sysrc create_args_wlan0="country AT regdomain ETSI" .... @@ -436,7 +436,7 @@ Infrastructure (BSS) mode is the mode that is typically used. In this mode, a nu To scan for available networks, use man:ifconfig[8]. This request may take a few moments to complete as it requires the system to switch to each available wireless frequency and probe for available access points. Only the superuser can initiate a scan: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 # ifconfig wlan0 up scan @@ -476,7 +476,7 @@ The output of a scan request lists each BSS/IBSS network found. Besides listing One can also display the current list of known networks with: -[source,bash] +[source,shell] .... # ifconfig wlan0 list scan .... @@ -554,14 +554,14 @@ ifconfig_wlan0="DHCP" The wireless interface is now ready to bring up: -[source,bash] +[source,shell] .... # service netif start .... Once the interface is running, use man:ifconfig[8] to see the status of the interface [.filename]#ath0#: -[source,bash] +[source,shell] .... # ifconfig wlan0 wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 @@ -627,7 +627,7 @@ ifconfig_wlan0="WPA DHCP" Then, bring up the interface: -[source,bash] +[source,shell] .... # service netif start Starting wpa_supplicant. @@ -651,7 +651,7 @@ wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 Or, try to configure the interface manually using the information in [.filename]#/etc/wpa_supplicant.conf#: -[source,bash] +[source,shell] .... # wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz) @@ -662,7 +662,7 @@ CTRL-EVENT-CONNECTED - Connection to 00:11:95:c3:0d:ac completed (auth) [id=0 id The next operation is to launch man:dhclient[8] to get the IP address from the DHCP server: -[source,bash] +[source,shell] .... # dhclient wlan0 DHCPREQUEST on wlan0 to 255.255.255.255 port 67 @@ -688,7 +688,7 @@ If [.filename]#/etc/rc.conf# has an `ifconfig_wlan0="DHCP"` entry, man:dhclient[ If DHCP is not possible or desired, set a static IP address after man:wpa_supplicant[8] has authenticated the station: -[source,bash] +[source,shell] .... # ifconfig wlan0 inet 192.168.0.100 netmask 255.255.255.0 # ifconfig wlan0 @@ -706,7 +706,7 @@ wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 When DHCP is not used, the default gateway and the nameserver also have to be manually set: -[source,bash] +[source,shell] .... # route add default your_default_router # echo "nameserver your_DNS_server" >> /etc/resolv.conf @@ -766,7 +766,7 @@ ifconfig_wlan0="WPA DHCP" The next step is to bring up the interface: -[source,bash] +[source,shell] .... # service netif start Starting wpa_supplicant. @@ -829,7 +829,7 @@ ifconfig_wlan0="WPA DHCP" The next step is to bring up the interface: -[source,bash] +[source,shell] .... # service netif start Starting wpa_supplicant. @@ -901,7 +901,7 @@ ifconfig_wlan0="WPA DHCP" Then, bring up the interface: -[source,bash] +[source,shell] .... # service netif start Starting wpa_supplicant. @@ -929,7 +929,7 @@ Wired Equivalent Privacy (WEP) is part of the original 802.11 standard. There is WEP can be set up using man:ifconfig[8]: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 # ifconfig wlan0 inet 192.168.1.100 netmask 255.255.255.0 \ @@ -960,7 +960,7 @@ network={ Then: -[source,bash] +[source,shell] .... # wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf Trying to associate with 00:13:46:49:41:76 (SSID='dlinkap' freq=2437 MHz) @@ -973,7 +973,7 @@ IBSS mode, also called ad-hoc mode, is designed for point to point connections. On `A`: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 wlanmode adhoc # ifconfig wlan0 inet 192.168.0.1 netmask 255.255.255.0 ssid freebsdap @@ -992,7 +992,7 @@ The `adhoc` parameter indicates that the interface is running in IBSS mode. `B` should now be able to detect `A`: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 wlanmode adhoc # ifconfig wlan0 up scan @@ -1002,7 +1002,7 @@ The `adhoc` parameter indicates that the interface is running in IBSS mode. The `I` in the output confirms that `A` is in ad-hoc mode. Now, configure `B` with a different IP address: -[source,bash] +[source,shell] .... # ifconfig wlan0 inet 192.168.0.2 netmask 255.255.255.0 ssid freebsdap # ifconfig wlan0 @@ -1035,7 +1035,7 @@ The NDIS driver wrapper for Windows(TM) drivers does not currently support AP op Once wireless networking support is loaded, check if the wireless device supports the host-based access point mode, also known as hostap mode: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 # ifconfig wlan0 list caps @@ -1047,14 +1047,14 @@ This output displays the card's capabilities. The `HOSTAP` word confirms that th The wireless device can only be put into hostap mode during the creation of the network pseudo-device, so a previously created device must be destroyed first: -[source,bash] +[source,shell] .... # ifconfig wlan0 destroy .... then regenerated with the correct option before setting the other parameters: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 wlanmode hostap # ifconfig wlan0 inet 192.168.0.1 netmask 255.255.255.0 ssid freebsdap mode 11g channel 1 @@ -1062,7 +1062,7 @@ then regenerated with the correct option before setting the other parameters: Use man:ifconfig[8] again to see the status of the [.filename]#wlan0# interface: -[source,bash] +[source,shell] .... # ifconfig wlan0 wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -1092,7 +1092,7 @@ Although it is not recommended to run an AP without any authentication or encryp Once the AP is configured, initiate a scan from another wireless machine to find the AP: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 # ifconfig wlan0 up scan @@ -1102,7 +1102,7 @@ freebsdap 00:11:95:c3:0d:ac 1 54M -66:-96 100 ES WME The client machine found the AP and can be associated with it: -[source,bash] +[source,shell] .... # ifconfig wlan0 inet 192.168.0.2 netmask 255.255.255.0 ssid freebsdap # ifconfig wlan0 @@ -1172,12 +1172,12 @@ wpa_pairwise=CCMP <.> The next step is to start man:hostapd[8]: -[source,bash] +[source,shell] .... # service hostapd forcestart .... -[source,bash] +[source,shell] .... # ifconfig wlan0 wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -1202,7 +1202,7 @@ It is not recommended to use WEP for setting up an AP since there is no authenti The wireless device can now be put into hostap mode and configured with the correct SSID and IP address: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 wlanmode hostap # ifconfig wlan0 inet 192.168.0.1 netmask 255.255.255.0 \ @@ -1214,7 +1214,7 @@ The wireless device can now be put into hostap mode and configured with the corr Use man:ifconfig[8] to see the status of the [.filename]#wlan0# interface: -[source,bash] +[source,shell] .... # ifconfig wlan0 wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -1229,7 +1229,7 @@ Use man:ifconfig[8] to see the status of the [.filename]#wlan0# interface: From another wireless machine, it is now possible to initiate a scan to find the AP: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev ath0 # ifconfig wlan0 up scan @@ -1258,7 +1258,7 @@ Debugging support is provided by man:wpa_supplicant[8]. Try running this utility * Once the system can associate with the access point, diagnose the network configuration using tools like man:ping[8]. * There are many lower-level debugging tools. Debugging messages can be enabled in the 802.11 protocol support layer using man:wlandebug[8]. For example, to enable console messages related to scanning for access points and the 802.11 protocol handshakes required to arrange communication: + -[source,bash] +[source,shell] .... # wlandebug -i wlan0 +scan+auth+debug+assoc net.wlan.0.debug: 0 => 0xc80000<assoc,auth,scan> @@ -1279,7 +1279,7 @@ Many cellphones provide the option to share their data connection over USB (ofte Before attaching a device, load the appropriate driver into the kernel: -[source,bash] +[source,shell] .... # kldload if_urndis # kldload if_cdce @@ -1301,7 +1301,7 @@ The Bluetooth stack in FreeBSD is implemented using the man:netgraph[4] framewor Before attaching a device, determine which of the above drivers it uses, then load the driver. For example, if the device uses the man:ng_ubt[4] driver: -[source,bash] +[source,shell] .... # kldload ng_ubt .... @@ -1315,7 +1315,7 @@ ng_ubt_load="YES" Once the driver is loaded, plug in the USB dongle. If the driver load was successful, output similar to the following should appear on the console and in [.filename]#/var/log/messages#: -[source,bash] +[source,shell] .... ubt0: vendor 0x0a12 product 0x0001, rev 1.10/5.25, addr 2 ubt0: Interface 0 endpoints: interrupt=0x81, bulk-in=0x82, bulk-out=0x2 @@ -1325,7 +1325,7 @@ ubt0: Interface 1 (alt.config 5) endpoints: isoc-in=0x83, isoc-out=0x3, To start and stop the Bluetooth stack, use its startup script. It is a good idea to stop the stack before unplugging the device. Starting the bluetooth stack might require man:hcsecd[8] to be started. When starting the stack, the output should be similar to the following: -[source,bash] +[source,shell] .... # service bluetooth start ubt0 BD_ADDR: 00:02:72:00:d4:1a @@ -1347,7 +1347,7 @@ The Host Controller Interface (HCI) provides a uniform method for accessing Blue One of the most common tasks is discovery of Bluetooth devices within RF proximity. This operation is called _inquiry_. Inquiry and other HCI related operations are done using man:hccontrol[8]. The example below shows how to find out which Bluetooth devices are in range. The list of devices should be displayed in a few seconds. Note that a remote device will only answer the inquiry if it is set to _discoverable_ mode. -[source,bash] +[source,shell] .... % hccontrol -n ubt0hci inquiry Inquiry result, num_responses=1 @@ -1363,7 +1363,7 @@ Inquiry complete. Status: No error [00] The `BD_ADDR` is the unique address of a Bluetooth device, similar to the MAC address of a network card. This address is needed for further communication with a device and it is possible to assign a human readable name to a `BD_ADDR`. Information regarding the known Bluetooth hosts is contained in [.filename]#/etc/bluetooth/hosts#. The following example shows how to obtain the human readable name that was assigned to the remote device: -[source,bash] +[source,shell] .... % hccontrol -n ubt0hci remote_name_request 00:80:37:29:19:a4 BD_ADDR: 00:80:37:29:19:a4 @@ -1376,7 +1376,7 @@ Remote devices can be assigned aliases in [.filename]#/etc/bluetooth/hosts#. Mor The Bluetooth system provides a point-to-point connection between two Bluetooth units, or a point-to-multipoint connection which is shared among several Bluetooth devices. The following example shows how to create a connection to a remote device: -[source,bash] +[source,shell] .... % hccontrol -n ubt0hci create_connection BT_ADDR .... @@ -1385,7 +1385,7 @@ The Bluetooth system provides a point-to-point connection between two Bluetooth The following example shows how to obtain the list of active baseband connections for the local device: -[source,bash] +[source,shell] .... % hccontrol -n ubt0hci read_connection_list Remote BD_ADDR Handle Type Mode Role Encrypt Pending Queue State @@ -1394,7 +1394,7 @@ Remote BD_ADDR Handle Type Mode Role Encrypt Pending Queue State A _connection handle_ is useful when termination of the baseband connection is required, though it is normally not required to do this by hand. The stack will automatically terminate inactive baseband connections. -[source,bash] +[source,shell] .... # hccontrol -n ubt0hci disconnect 41 Connection handle: 41 @@ -1450,7 +1450,7 @@ In FreeBSD, these profiles are implemented with man:ppp[8] and the man:rfcomm_pp In this example, man:rfcomm_pppd[8] is used to open a connection to a remote device with a `BD_ADDR` of `00:80:37:29:19:a4` on a DUNRFCOMM channel: -[source,bash] +[source,shell] .... # rfcomm_pppd -a 00:80:37:29:19:a4 -c -C dun -l rfcomm-dialup .... @@ -1459,7 +1459,7 @@ The actual channel number will be obtained from the remote device using the SDP In order to provide network access with the PPPLAN service, man:sdpd[8] must be running and a new entry for LAN clients must be created in [.filename]#/etc/ppp/ppp.conf#. Consult man:rfcomm_pppd[8] for examples. Finally, start the RFCOMMPPP server on a valid RFCOMM channel number. The RFCOMMPPP server will automatically register the Bluetooth LAN service with the local SDP daemon. The example below shows how to start the RFCOMMPPP server. -[source,bash] +[source,shell] .... # rfcomm_pppd -s -C 7 -l rfcomm-server .... @@ -1478,7 +1478,7 @@ In FreeBSD, a netgraph L2CAP node is created for each Bluetooth device. This nod A useful command is man:l2ping[8], which can be used to ping other devices. Some Bluetooth implementations might not return all of the data sent to them, so `0 bytes` in the following example is normal. -[source,bash] +[source,shell] .... # l2ping -a 00:80:37:29:19:a4 0 bytes from 0:80:37:29:19:a4 seq_no=0 time=48.633 ms result=0 @@ -1489,7 +1489,7 @@ A useful command is man:l2ping[8], which can be used to ping other devices. Some The man:l2control[8] utility is used to perform various operations on L2CAP nodes. This example shows how to obtain the list of logical connections (channels) and the list of baseband connections for the local device: -[source,bash] +[source,shell] .... % l2control -a 00:02:72:00:d4:1a read_channel_list L2CAP channels: @@ -1503,7 +1503,7 @@ Remote BD_ADDR Handle Flags Pending State Another diagnostic tool is man:btsockstat[1]. It is similar to man:netstat[1], but for Bluetooth network-related data structures. The example below shows the same logical connection as man:l2control[8] above. -[source,bash] +[source,shell] .... % btsockstat Active L2CAP sockets @@ -1537,7 +1537,7 @@ Normally, a SDP client searches for services based on some desired characteristi The Bluetooth SDP server, man:sdpd[8], and command line client, man:sdpcontrol[8], are included in the standard FreeBSD installation. The following example shows how to perform a SDP browse query. -[source,bash] +[source,shell] .... % sdpcontrol -a 00:01:03:fc:6e:ec browse Record Handle: 00000000 @@ -1565,7 +1565,7 @@ Bluetooth Profile Descriptor List: Note that each service has a list of attributes, such as the RFCOMM channel. Depending on the service, the user might need to make note of some of the attributes. Some Bluetooth implementations do not support service browsing and may return an empty list. In this case, it is possible to search for the specific service. The example below shows how to search for the OBEX Object Push (OPUSH) service: -[source,bash] +[source,shell] .... % sdpcontrol -a 00:01:03:fc:6e:ec search OPUSH .... @@ -1579,7 +1579,7 @@ sdpd_enable="YES" Then the man:sdpd[8] daemon can be started with: -[source,bash] +[source,shell] .... # service sdpd start .... @@ -1588,7 +1588,7 @@ The local server application that wants to provide a Bluetooth service to remote The list of services registered with the local SDP server can be obtained by issuing a SDP browse query via the local control channel: -[source,bash] +[source,shell] .... # sdpcontrol -l browse .... @@ -1601,7 +1601,7 @@ The OBEX server and client are implemented by obexapp, which can be installed us The OBEX client is used to push and/or pull objects from the OBEX server. An example object is a business card or an appointment. The OBEX client can obtain the RFCOMM channel number from the remote device via SDP. This can be done by specifying the service name instead of the RFCOMM channel number. Supported service names are: `IrMC`, `FTRN`, and `OPUSH`. It is also possible to specify the RFCOMM channel as a number. Below is an example of an OBEX session where the device information object is pulled from the cellular phone, and a new object, the business card, is pushed into the phone's directory. -[source,bash] +[source,shell] .... % obexapp -a 00:80:37:29:19:a4 -C IrMC obex> get telecom/devinfo.txt devinfo-t39.txt @@ -1614,7 +1614,7 @@ Success, response: OK, Success (0x20) In order to provide the OPUSH service, man:sdpd[8] must be running and a root folder, where all incoming objects will be stored, must be created. The default path to the root folder is [.filename]#/var/spool/obex#. Finally, start the OBEX server on a valid RFCOMM channel number. The OBEX server will automatically register the OPUSH service with the local SDP daemon. The example below shows how to start the OBEX server. -[source,bash] +[source,shell] .... # obexapp -s -C 10 .... @@ -1625,7 +1625,7 @@ The Serial Port Profile (SPP) allows Bluetooth devices to perform serial cable e In FreeBSD, man:rfcomm_sppd[1] implements SPP and a pseudo tty is used as a virtual serial port abstraction. The example below shows how to connect to a remote device's serial port service. A RFCOMM channel does not have to be specified as man:rfcomm_sppd[1] can obtain it from the remote device via SDP. To override this, specify a RFCOMM channel on the command line. -[source,bash] +[source,shell] .... # rfcomm_sppd -a 00:07:E0:00:0B:CA -t rfcomm_sppd[94692]: Starting on /dev/pts/6... @@ -1634,7 +1634,7 @@ rfcomm_sppd[94692]: Starting on /dev/pts/6... Once connected, the pseudo tty can be used as serial port: -[source,bash] +[source,shell] .... # cu -l /dev/pts/6 .... @@ -1651,7 +1651,7 @@ cu -l $PTS By default, when FreeBSD is accepting a new connection, it tries to perform a role switch and become master. Some older Bluetooth devices which do not support role switching will not be able to connect. Since role switching is performed when a new connection is being established, it is not possible to ask the remote device if it supports role switching. However, there is a HCI option to disable role switching on the local side: -[source,bash] +[source,shell] .... # hccontrol -n ubt0hci write_node_role_switch 0 .... @@ -1697,7 +1697,7 @@ In FreeBSD, man:if_bridge[4] is a kernel module which is automatically loaded by The bridge is created using interface cloning. To create the bridge interface: -[source,bash] +[source,shell] .... # ifconfig bridge create bridge0 @@ -1713,7 +1713,7 @@ When a bridge interface is created, it is automatically assigned a randomly gene Next, specify which network interfaces to add as members of the bridge. For the bridge to forward packets, all member interfaces and the bridge need to be up: -[source,bash] +[source,shell] .... # ifconfig bridge0 addm fxp0 addm fxp1 up # ifconfig fxp0 up @@ -1732,7 +1732,7 @@ ifconfig_fxp1="up" If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces. The address can be set statically or via DHCP. This example sets a static IP address: -[source,bash] +[source,shell] .... # ifconfig bridge0 inet 192.168.0.1/24 .... @@ -1754,7 +1754,7 @@ The Rapid Spanning Tree Protocol (RSTP or 802.1w) provides backwards compatibili STP can be enabled on member interfaces using man:ifconfig[8]. For a bridge with [.filename]#fxp0# and [.filename]#fxp1# as the current interfaces, enable STP with: -[source,bash] +[source,shell] .... # ifconfig bridge0 stp fxp0 stp fxp1 bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -1774,7 +1774,7 @@ This bridge has a spanning tree ID of `00:01:02:4b:d4:50` and a priority of `327 Another bridge on the network also has STP enabled: -[source,bash] +[source,shell] .... bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 96:3d:4b:f1:79:7a @@ -1801,7 +1801,7 @@ A private interface does not forward any traffic to any other port that is also span:: A span port transmits a copy of every Ethernet frame received by the bridge. The number of span ports configured on a bridge is unlimited, but if an interface is designated as a span port, it cannot also be used as a regular bridge port. This is most useful for snooping a bridged network passively on another host connected to one of the span ports of the bridge. For example, to send a copy of all frames out the interface named [.filename]#fxp4#: + -[source,bash] +[source,shell] .... # ifconfig bridge0 span fxp4 .... @@ -1811,7 +1811,7 @@ If a bridge member interface is marked as sticky, dynamically learned address en + An example of using sticky addresses is to combine the bridge with VLANs in order to isolate customer networks without wasting IP address space. Consider that `CustomerA` is on `vlan100`, `CustomerB` is on `vlan101`, and the bridge has the address `192.168.0.1`: + -[source,bash] +[source,shell] .... # ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101 # ifconfig bridge0 inet 192.168.0.1/24 @@ -1821,7 +1821,7 @@ In this example, both clients see `192.168.0.1` as their default gateway. Since + Any communication between the VLANs can be blocked using a firewall or, as seen in this example, private interfaces: + -[source,bash] +[source,shell] .... # ifconfig bridge0 private vlan100 private vlan101 .... @@ -1832,14 +1832,14 @@ The number of unique source MAC addresses behind an interface can be limited. On + The following example sets the maximum number of Ethernet devices for `CustomerA` on `vlan100` to 10: + -[source,bash] +[source,shell] .... # ifconfig bridge0 ifmaxaddr vlan100 10 .... Bridge interfaces also support monitor mode, where the packets are discarded after man:bpf[4] processing and are not processed or forwarded further. This can be used to multiplex the input of two or more interfaces into a single man:bpf[4] stream. This is useful for reconstructing the traffic for network taps that transmit the RX/TX signals out through two separate interfaces. For example, to read the input from four network interfaces as one stream: -[source,bash] +[source,shell] .... # ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up # tcpdump -i bridge0 @@ -1865,7 +1865,7 @@ bsnmpd_enable="YES" Then, start man:bsnmpd[1]: -[source,bash] +[source,shell] .... # service bsnmpd start .... @@ -1880,7 +1880,7 @@ mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB To monitor a single bridge using the IETF BRIDGE-MIB (RFC4188): -[source,bash] +[source,shell] .... % snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44 @@ -1904,7 +1904,7 @@ The `dot1dStpTopChanges.0` value is two, indicating that the STP bridge topology To monitor multiple bridge interfaces, the private BEGEMOT-BRIDGE-MIB can be used: -[source,bash] +[source,shell] .... % snmpwalk -v 2c -c public bridge1.example.com enterprises.fokus.begemot.begemotBridge @@ -1925,7 +1925,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge2" = Hex-STRING: 80 00 To change the bridge interface being monitored via the `mib-2.dot1dBridge` subtree: -[source,bash] +[source,shell] .... % snmpset -v 2c -c private bridge1.example.com BEGEMOT-BRIDGE-MIB::begemotBridgeDefaultBridgeIf.0 s bridge2 @@ -1966,7 +1966,7 @@ Frame ordering is mandatory on Ethernet links and any traffic between two statio On the Cisco(TM) switch, add the _FastEthernet0/1_ and _FastEthernet0/2_ interfaces to channel group _1_: -[source,bash] +[source,shell] .... interface FastEthernet0/1 channel-group 1 mode active @@ -1979,7 +1979,7 @@ interface FastEthernet0/2 On the FreeBSD system, create the man:lagg[4] interface using the physical interfaces _fxp0_ and _fxp1_ and bring the interfaces up with an IP address of _10.0.0.3/24_: -[source,bash] +[source,shell] .... # ifconfig fxp0 up # ifconfig fxp1 up @@ -1989,7 +1989,7 @@ On the FreeBSD system, create the man:lagg[4] interface using the physical inter Next, verify the status of the virtual interface: -[source,bash] +[source,shell] .... # ifconfig lagg0 lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -2007,7 +2007,7 @@ Ports marked as `ACTIVE` are part of the LAG that has been negotiated with the r To see the port status on the Cisco(TM) switch: -[source,bash] +[source,shell] .... switch# show lacp neighbor Flags: S - Device is requesting Slow LACPDUs @@ -2044,7 +2044,7 @@ ifconfig_lagg0="laggproto lacp laggport fxp0 laggport fxp1 10.0.0.3/24" ==== Failover mode can be used to switch over to a secondary interface if the link is lost on the master interface. To configure failover, make sure that the underlying physical interfaces are up, then create the man:lagg[4] interface. In this example, _fxp0_ is the master interface, _fxp1_ is the secondary interface, and the virtual interface is assigned an IP address of _10.0.0.15/24_: -[source,bash] +[source,shell] .... # ifconfig fxp0 up # ifconfig fxp1 up @@ -2054,7 +2054,7 @@ Failover mode can be used to switch over to a secondary interface if the link is The virtual interface should look something like this: -[source,bash] +[source,shell] .... # ifconfig lagg0 lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -2092,7 +2092,7 @@ This is achieved by overriding the physical wireless interface's MAC address wit In this example, the Ethernet interface, _bge0_, is the master and the wireless interface, _wlan0_, is the failover. The _wlan0_ device was created from _iwn0_ wireless interface, which will be configured with the MAC address of the Ethernet interface. First, determine the MAC address of the Ethernet interface: -[source,bash] +[source,shell] .... # ifconfig bge0 bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -2106,21 +2106,21 @@ bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 Replace _bge0_ to match the system's Ethernet interface name. The `ether` line will contain the MAC address of the specified interface. Now, change the MAC address of the underlying wireless interface: -[source,bash] +[source,shell] .... # ifconfig iwn0 ether 00:21:70:da:ae:37 .... Bring the wireless interface up, but do not set an IP address: -[source,bash] +[source,shell] .... # ifconfig wlan0 create wlandev iwn0 ssid my_router up .... Make sure the _bge0_ interface is up, then create the man:lagg[4] interface with _bge0_ as master with failover to _wlan0_: -[source,bash] +[source,shell] .... # ifconfig bge0 up # ifconfig lagg0 create @@ -2129,7 +2129,7 @@ Make sure the _bge0_ interface is up, then create the man:lagg[4] interface with The virtual interface should look something like this: -[source,bash] +[source,shell] .... # ifconfig lagg0 lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -2144,7 +2144,7 @@ lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 Then, start the DHCP client to obtain an IP address: -[source,bash] +[source,shell] .... # dhclient lagg0 .... @@ -2194,7 +2194,7 @@ The steps shown in this section configure the built-in NFS and TFTP servers. The . Create the root directory which will contain a FreeBSD installation to be NFS mounted: + -[source,bash] +[source,shell] .... # export NFSROOTDIR=/b/tftpboot/FreeBSD/install # mkdir -p ${NFSROOTDIR} @@ -2216,7 +2216,7 @@ nfs_server_enable="YES" + . Start the NFS server: + -[source,bash] +[source,shell] .... # service nfsd start .... @@ -2241,7 +2241,7 @@ Some PXE versions require the TCP version of TFTP. In this case, uncomment the s + . Start man:inetd[8]: + -[source,bash] +[source,shell] .... # service inetd start .... @@ -2249,7 +2249,7 @@ Some PXE versions require the TCP version of TFTP. In this case, uncomment the s . Install the base system into [.filename]#${NFSROOTDIR}#, either by decompressing the official archives or by rebuilding the FreeBSD kernel and userland (refer to crossref:cutting-edge[makeworld,從原始碼更新 FreeBSD] for more detailed instructions, but do not forget to add `DESTDIR=_${NFSROOTDIR}_` when running the `make installkernel` and `make installworld` commands. . Test that the TFTP server works and can download the boot loader which will be obtained via PXE: + -[source,bash] +[source,shell] .... # tftp localhost tftp> get FreeBSD/install/boot/pxeboot @@ -2267,7 +2267,7 @@ myhost.example.com:/b/tftpboot/FreeBSD/install / nfs ro Replace _myhost.example.com_ with the hostname or IP address of the NFS server. In this example, the root file system is mounted read-only in order to prevent NFS clients from potentially deleting the contents of the root file system. . Set the root password in the PXE environment for client machines which are PXE booting : + -[source,bash] +[source,shell] .... # chroot ${NFSROOTDIR} # passwd @@ -2279,7 +2279,7 @@ Replace _myhost.example.com_ with the hostname or IP address of the NFS server. When booting from an NFS root volume, [.filename]#/etc/rc# detects the NFS boot and runs [.filename]#/etc/rc.initdiskless#. In this case, [.filename]#/etc# and [.filename]#/var# need to be memory backed file systems so that these directories are writable but the NFS root directory is read-only: -[source,bash] +[source,shell] .... # chroot ${NFSROOTDIR} # mkdir -p conf/base @@ -2335,7 +2335,7 @@ dhcpd_enable="YES" Then start the DHCP service: -[source,bash] +[source,shell] .... # service isc-dhcpd start .... @@ -2356,7 +2356,7 @@ image::pxe-nfs.png[] + . On the TFTP server, read [.filename]#/var/log/xferlog# to ensure that [.filename]#pxeboot# is being retrieved from the correct location. To test this example configuration: + -[source,bash] +[source,shell] .... # tftp 192.168.0.1 tftp> get FreeBSD/install/boot/pxeboot @@ -2366,7 +2366,7 @@ Received 264951 bytes in 0.1 seconds The `BUGS` sections in man:tftpd[8] and man:tftp[1] document some limitations with TFTP. . Make sure that the root file system can be mounted via NFS. To test this example configuration: + -[source,bash] +[source,shell] .... # mount -t nfs 192.168.0.1:/b/tftpboot/FreeBSD/install /mnt .... @@ -2410,7 +2410,7 @@ A third form is to write the last 32 bits using the well known IPv4 notation. Fo To view a FreeBSD system's IPv6 address, use man:ifconfig[8]: -[source,bash] +[source,shell] .... # ifconfig .... @@ -2623,7 +2623,7 @@ carp_load="YES" To load the module now without rebooting: -[source,bash] +[source,shell] .... # kldload carp .... @@ -2669,7 +2669,7 @@ Having two CARPVHIDs configured means that `hostc.example.org` will notice if ei ==== If the original master server becomes available again, `hostc.example.org` will not release the virtual IP address back to it automatically. For this to happen, preemption has to be enabled. The feature is disabled by default, it is controlled via the man:sysctl[8] variable `net.inet.carp.preempt`. The administrator can force the backup server to return the IP address to the master: -[source,bash] +[source,shell] .... # ifconfig em0 vhid 1 state backup .... @@ -2694,7 +2694,7 @@ if_carp_load="YES" To load the module now without rebooting: -[source,bash] +[source,shell] .... # kldload carp .... @@ -2708,7 +2708,7 @@ device carp Next, on each host, create a CARP device: -[source,bash] +[source,shell] .... # ifconfig carp0 create .... @@ -2748,7 +2748,7 @@ ifconfig_carp1="vhid 2 advskew 100 pass testpass 192.168.1.51/24" ==== Preemption is disabled in the [.filename]#GENERIC# FreeBSD kernel. If preemption has been enabled with a custom kernel, `hostc.example.org` may not release the IP address back to the original content server. The administrator can force the backup server to return the IP address to the master with the command: -[source,bash] +[source,shell] .... # ifconfig carp0 down && ifconfig carp0 up @@ -2770,7 +2770,7 @@ When configuring a VLAN, a couple pieces of information must be known. First, wh To configure VLANs at run time, with a NIC of `em0` and a VLAN tag of `5` the command would look like this: -[source,bash] +[source,shell] .... # ifconfig em0.5 create vlan 5 vlandev em0 inet 192.168.20.20/24 .... @@ -2794,14 +2794,14 @@ It is useful to assign a symbolic name to an interface so that when the associat To configure VLAN `5`, on the NIC `em0`, assign the interface name `cameras`, and assign the interface an IP address of `_192.168.20.20_` with a `24`-bit prefix, use this command: -[source,bash] +[source,shell] .... # ifconfig em0.5 create vlan 5 vlandev em0 name cameras inet 192.168.20.20/24 .... For an interface named `video`, use the following: -[source,bash] +[source,shell] .... # ifconfig video.5 create vlan 5 vlandev video name cameras inet 192.168.20.20/24 .... diff --git a/documentation/content/zh-tw/books/handbook/audit/_index.adoc b/documentation/content/zh-tw/books/handbook/audit/_index.adoc index d13d8214e0..1ad3ae721c 100644 --- a/documentation/content/zh-tw/books/handbook/audit/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/audit/_index.adoc @@ -97,7 +97,7 @@ auditd_enable="YES" Then, start the audit daemon: -[source,bash] +[source,shell] .... # service auditd start .... @@ -310,7 +310,7 @@ Since audit trails are stored in the BSM binary format, several built-in tools a For example, to dump the entire contents of a specified audit log in plain text: -[source,bash] +[source,shell] .... # praudit /var/audit/AUDITFILE .... @@ -336,7 +336,7 @@ XML output format is also supported and can be selected by including `-x`. Since audit logs may be very large, a subset of records can be selected using `auditreduce`. This example selects all audit records produced for the user `trhodes` stored in [.filename]#AUDITFILE#: -[source,bash] +[source,shell] .... # auditreduce -u trhodes /var/audit/AUDITFILE | praudit .... @@ -347,7 +347,7 @@ Members of the `audit` group have permission to read audit trails in [.filename] Audit pipes are cloning pseudo-devices which allow applications to tap the live audit record stream. This is primarily of interest to authors of intrusion detection and system monitoring applications. However, the audit pipe device is a convenient way for the administrator to allow live monitoring without running into problems with audit trail file ownership or log rotation interrupting the event stream. To track the live audit event stream: -[source,bash] +[source,shell] .... # praudit /dev/auditpipe .... @@ -371,7 +371,7 @@ It is easy to produce audit event feedback cycles, in which the viewing of each Audit trails are written to by the kernel and managed by the audit daemon, man:auditd[8]. Administrators should not attempt to use man:newsyslog.conf[5] or other tools to directly rotate audit logs. Instead, `audit` should be used to shut down auditing, reconfigure the audit system, and perform log rotation. The following command causes the audit daemon to create a new audit log and signal the kernel to switch to using the new log. The old log will be terminated and renamed, at which point it may then be manipulated by the administrator: -[source,bash] +[source,shell] .... # audit -n .... diff --git a/documentation/content/zh-tw/books/handbook/basics/_index.adoc b/documentation/content/zh-tw/books/handbook/basics/_index.adoc index 84edf5135a..e27653b5c4 100644 --- a/documentation/content/zh-tw/books/handbook/basics/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/basics/_index.adoc @@ -69,7 +69,7 @@ toc::[] 如果您沒有將 FreeBSD 設定成開機時自動進入圖形化模式,系統會進入指令登入提示像是這樣的東西: -[source,bash] +[source,shell] .... FreeBSD/amd64 (pc3.example.org) (ttyv0) @@ -147,21 +147,21 @@ _請審慎考慮是否要改為_ `_insecure_`! 因為萬一忘記 ``root`` 密 FreeBSD Console 預設顯示大小可以調整為 1024x768、1280x1024 或其他顯示卡與螢幕有支援的解析度大小。 要使用不同的影像模式需載入 `VESA` 模組: -[source,bash] +[source,shell] .... # kldload vesa .... 要偵測硬體支援的影像模式,可使用 man:vidcontrol[1]。 要取得支援的影像模式清單可輸入以下指令: -[source,bash] +[source,shell] .... # vidcontrol -i mode .... 該指令會顯示硬體所支援的影像模式清單,要採用新的影像模式需以 `root` 使用者執行 man:vidcontrol[1] 指令: -[source,bash] +[source,shell] .... # vidcontrol MODE_279 .... @@ -259,7 +259,7 @@ Shell 提供了使用者預設的環境來與系統互動。有數種不同類 [example] ==== -[source,bash] +[source,shell] .... % configure % make @@ -314,7 +314,7 @@ man:adduser[8] 工具採用互動的方式,只需幾個步驟便可建立新 [example] ==== -[source,bash] +[source,shell] .... # adduser Username: jru @@ -382,7 +382,7 @@ man:rmuser[8] 無法用來移除超級使用者帳號,因為這幾乎代表著 [example] ==== -[source,bash] +[source,shell] .... # rmuser jru Matching password entry: @@ -414,7 +414,7 @@ Removing user (jru): mailspool home passwd. [example] ==== -[source,bash] +[source,shell] .... #Changing user database information for jru. Login: jru @@ -440,7 +440,7 @@ Other information: [example] ==== -[source,bash] +[source,shell] .... #Changing user database information for jru. Shell: /usr/local/bin/zsh @@ -467,7 +467,7 @@ Other information: [example] ==== -[source,bash] +[source,shell] .... % passwd Changing local password for jru. @@ -486,7 +486,7 @@ passwd: done [example] ==== -[source,bash] +[source,shell] .... # passwd jru Changing local password for jru. @@ -521,7 +521,7 @@ man:pw[8] 工具可以建立、移除、修改以及顯示使用者與群組, [example] ==== -[source,bash] +[source,shell] .... # pw groupadd teamtwo # pw groupshow teamtwo @@ -536,7 +536,7 @@ teamtwo:*:1100: [example] ==== -[source,bash] +[source,shell] .... # pw groupmod teamtwo -M jru # pw groupshow teamtwo @@ -551,7 +551,7 @@ teamtwo:*:1100:jru [example] ==== -[source,bash] +[source,shell] .... # pw groupmod teamtwo -m db # pw groupshow teamtwo @@ -566,7 +566,7 @@ teamtwo:*:1100:jru,db [example] ==== -[source,bash] +[source,shell] .... % id jru uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo) @@ -631,7 +631,7 @@ uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo) 使用 man:ls[1] 指令時,可以加上 `-l` 參數, 來檢視詳細的目錄清單。 清單中欄位的資訊包含檔案對所有者、群組及其他人的權限。 在任一個目錄底下執行 `ls -l`,會顯示如下的結果: -[source,bash] +[source,shell] .... % ls -l total 530 @@ -712,14 +712,14 @@ total 530 如先前同樣使用 man:chmod[1] 指令來設定,但使用的參數為這些字元。 例如,您可以使用下列指令禁止其他使用者存取檔案 _FILE_: -[source,bash] +[source,shell] .... % chmod go= FILE .... 若有兩個以上的權限更改可以使用逗號 (,) 區隔。 例如,下列指令將會移除群組及全部人 ("world") 對檔案 _FILE_ 的寫入權限, 並使全部人對該檔有執行權限: -[source,bash] +[source,shell] .... % chmod go-w,a+x FILE .... @@ -730,21 +730,21 @@ total 530 修改的檔案 flag 僅需要使用擁有簡易的介面的 man:chflags[1] 工具。 例如,標示系統禁止刪除的旗標於檔案 [.filename]#file1#,使用下列指令: -[source,bash] +[source,shell] .... # chflags sunlink file1 .... 若要移除系統禁止刪除的旗標,只需要簡單在 `sunlink` 前加上 "no",例如: -[source,bash] +[source,shell] .... # chflags nosunlink file1 .... 使用 man:ls[1] 及參數 `-lo` 可檢視檔案目前的旗標: -[source,bash] +[source,shell] .... # ls -lo file1 .... @@ -766,7 +766,7 @@ total 530 setuid 權限可以透過在權限集前加上數字 (4) 來設定,如下範例所示: -[source,bash] +[source,shell] .... # chmod 4755 suidexample.sh .... @@ -789,7 +789,7 @@ man:mount[8] 的 `nosuid` 選項會造成這類 Binary 執行失敗,但不會 於終端機 A: -[source,bash] +[source,shell] .... Changing local password for trhodes Old Password: @@ -797,12 +797,12 @@ Old Password: 於終端機 B: -[source,bash] +[source,shell] .... # ps aux | grep passwd .... -[source,bash] +[source,shell] .... trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd @@ -814,14 +814,14 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd 要在檔案設定 `setgid` 權限,需在 man:chmod[1] 的參數前加上 (2): -[source,bash] +[source,shell] .... # chmod 2755 sgidexample.sh .... 注意以下清單中,`s` 現在位於指定群組權限設定的欄位: -[source,bash] +[source,shell] .... -rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 sgidexample.sh .... @@ -835,19 +835,19 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd 當在目錄上設定 `sticky bit`,將只允許由檔案擁有者刪除檔案。這對避免公開目錄,如 [.filename]#/tmp# 中的檔案被不擁有該檔案的人刪除非常有用。要使用這個權限,可在權限集前加上 (1): -[source,bash] +[source,shell] .... # chmod 1777 /tmp .... `sticky bit` 權限會以 `t` 顯示於權限集的最後: -[source,bash] +[source,shell] .... # ls -al / | grep tmp .... -[source,bash] +[source,shell] .... drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp .... @@ -1170,7 +1170,7 @@ man:dump[8] 由此項目決定那些檔案系統需要傾印。 如果這格空 man:mount[8] 指令是拿來掛載檔案系統用的。基本的操作指令格式如下: -[source,bash] +[source,shell] .... # mount device mountpoint .... @@ -1233,7 +1233,7 @@ FreeBSD 是一個多工的作業系統,也就是說在同一時間內可以跑 在預設的情況下,man:ps[1] 指令只會顯示使用者所擁有的的程序。 例如: -[source,bash] +[source,shell] .... % ps PID TT STAT TIME COMMAND @@ -1247,7 +1247,7 @@ FreeBSD 是一個多工的作業系統,也就是說在同一時間內可以跑 man:top[1] 也有類似的輸出。 一般的情況看像是這樣: -[source,bash] +[source,shell] .... % top last pid: 9609; load averages: 0.56, 0.45, 0.36 up 0+00:20:03 10:21:46 @@ -1300,7 +1300,7 @@ top(1) 每隔 2 秒鐘會自動更新顯示內容,可用 `-s` 選項來改變 . 使用 man:pgrep[1] 來查詢要傳送信號的目標程序。 在這個例子中 man:inetd[8] 的 PID 為 198: + -[source,bash] +[source,shell] .... % pgrep -l inetd 198 inetd -wW @@ -1308,7 +1308,7 @@ top(1) 每隔 2 秒鐘會自動更新顯示內容,可用 `-s` 選項來改變 + . 使用 man:kill[1] 來發送信號。因為 man:inetd[8] 是 `root` 所有,因此必須先用 man:su[1] 切換成 `root` 先。 + -[source,bash] +[source,shell] .... % su Password: @@ -1388,14 +1388,14 @@ Shell 的另一項特點是使用了環境變數。 環境變數是以變數與 在不同的 Shell 底下設定環境變數的方式也有所不同。 在 man:tcsh[1] 和 man:csh[1],使用 `setenv` 來設定環境變數。 在 man:sh[1] 和 `bash` 則使用 `export` 來設定目前環境的變數。 以下範例將 man:tcsh[1] Shell 下的 `EDITOR` 環境變數從預設值更改為 [.filename]#/usr/local/bin/emacs#: -[source,bash] +[source,shell] .... % setenv EDITOR /usr/local/bin/emacs .... 相同功能的指令在 `bash` 下則是: -[source,bash] +[source,shell] .... % export EDITOR="/usr/local/bin/emacs" .... @@ -1413,7 +1413,7 @@ Shell 中有特殊字元用來表示特殊資料,我們將其稱作 Meta-chara 或者,使用 `chsh -s`, 來直接設定 Shell 而不開啟文字編輯器。 例如, 假設想把 Shell 更改為 `bash`: -[source,bash] +[source,shell] .... % chsh -s /usr/local/bin/bash .... @@ -1422,7 +1422,7 @@ Shell 中有特殊字元用來表示特殊資料,我們將其稱作 Meta-chara ==== 新的 Shell __必須__已列於 [.filename]#/etc/shells# 裡頭。 若是依 crossref:ports[ports,安裝應用程式:套件與 Port] 說明由 Port 套件集來裝的 Shell, 那就會自動列入至該檔案裡。 若仍缺少,請使用以下指令加入檔案 (請將路徑替換為新的 Shell 的路徑): -[source,bash] +[source,shell] .... # echo /usr/local/bin/bash >> /etc/shells .... @@ -1436,21 +1436,21 @@ UNIX(TM) Shell 不只是指令的直譯器,它是一個強大的工具可讓 Shell 重新導向是將一個指令的輸出或輸入傳送給另一個指令或檔案。例如,要擷取 man:ls[1] 指令的輸出到一個檔案,可以重新導向輸出: -[source,bash] +[source,shell] .... % ls > directory_listing.txt .... 目錄的內容現在會列到 [.filename]#directory_listing.txt# 中,部份指令可以讀取輸入,例如 man:sort[1]。要排序這個清單,可重新導向輸入: -[source,bash] +[source,shell] .... % sort < directory_listing.txt .... 輸入的內容會被排序後呈現在畫面上,要重新導向該輸入到另一個檔案,可以重新導向 man:sort[1] 的出輸: -[source,bash] +[source,shell] .... % sort < directory_listing.txt > sorted.txt .... @@ -1461,7 +1461,7 @@ Shell 重新導向是將一個指令的輸出或輸入傳送給另一個指令 UNIX(TM) 的管線運算子,即 "|",可允許指令的輸出可直接傳遞或導向到另一個程式。基本上,管線運算子允許指令的標準輸出以標準輸入傳遞給另一個指令,例如: -[source,bash] +[source,shell] .... % cat directory_listing.txt | sort | less .... @@ -1493,14 +1493,14 @@ FreeBSD 同時也內建功能強大的文字編輯器,像是man:vi[1]。 其 在 FreeBSD 中,最詳細的文件莫過於操作手冊。 幾乎在系統上所有程式都會有簡短的操作手冊來介紹該程式的基本操作以及可用的參數。 這些操作手冊可以使用 `man` 指令來檢視: -[source,bash] +[source,shell] .... % man command .... 其中 _command_ 想要瞭解指令的名稱。 舉例,要知道 man:ls[1] 的詳細用法,就可以打: -[source,bash] +[source,shell] .... % man ls .... @@ -1519,7 +1519,7 @@ FreeBSD 同時也內建功能強大的文字編輯器,像是man:vi[1]。 其 有些情況會有同樣主題會同時出現在不同章節。 舉個例子,系統內會有 `chmod` 使用者指令,但同時也有 `chmod()` 系統呼叫。 在這種情況,要告訴 man:man[1] 要查詢的章節編號: -[source,bash] +[source,shell] .... % man 1 chmod .... @@ -1528,7 +1528,7 @@ FreeBSD 同時也內建功能強大的文字編輯器,像是man:vi[1]。 其 若不曉得操作手冊的名稱,可以使用 `man -k` 來以關鍵字查詢所有操作手冊的描述: -[source,bash] +[source,shell] .... % man -k mail .... @@ -1537,7 +1537,7 @@ FreeBSD 同時也內建功能強大的文字編輯器,像是man:vi[1]。 其 想要閱讀所有在 [.filename]#/usr/bin# 底下的指令說明則可輸入: -[source,bash] +[source,shell] .... % cd /usr/bin % man -f * | more @@ -1545,7 +1545,7 @@ FreeBSD 同時也內建功能強大的文字編輯器,像是man:vi[1]。 其 或 -[source,bash] +[source,shell] .... % cd /usr/bin % whatis * |more @@ -1558,7 +1558,7 @@ FreeBSD 有許多應用程式與工具來自自由軟體基金會 (Free Software 要使用 man:info[1] 指令,只需輸入: -[source,bash] +[source,shell] .... % info .... diff --git a/documentation/content/zh-tw/books/handbook/boot/_index.adoc b/documentation/content/zh-tw/books/handbook/boot/_index.adoc index 1d93149764..74d620f13c 100644 --- a/documentation/content/zh-tw/books/handbook/boot/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/boot/_index.adoc @@ -101,7 +101,7 @@ FreeBSD 在較舊的 MBR 標準與較新的 GUID 分割區表 (GUID Partition Ta [example] ==== -[source,bash] +[source,shell] .... F1 Win F2 FreeBSD @@ -113,7 +113,7 @@ Default: F2 其作他作業統若在 FreeBSD 之後才安裝則會覆蓋現有的 MBR,若這件事發生了,或者要使用 FreeBSD MBR 取代現有的 MBR 可使用以下指令: -[source,bash] +[source,shell] .... # fdisk -B -b /boot/boot0 device .... @@ -136,7 +136,7 @@ Default: F2 [example] ==== -[source,bash] +[source,shell] .... >> FreeBSD/i386 BOOT Default: 0:ad(0,a)/boot/loader @@ -147,7 +147,7 @@ boot: 要更換已安裝的 [.filename]#boot1# 與 [.filename]#boot2# 可使用 `bsdlabel`,其中 _diskslice_ 是要開機的磁碟與切割區,例如 [.filename]#ad0s1# 代表第一個 IDE 磁碟的第一個切割區: -[source,bash] +[source,shell] .... # bsdlabel -B diskslice .... @@ -220,14 +220,14 @@ loader 接著會讀取 [.filename]#/boot/loader.rc#,這個程式預設又會 這裡有一些 loader 用法的實務範例。要使用一般的核心開機進入單使用者模式 (Single-user mode) 可: -[source,bash] +[source,shell] .... boot -s .... 要卸載一般的核心與模組,然後載入先前或另一個指定的核心可: -[source,bash] +[source,shell] .... unload load kernel.old @@ -237,7 +237,7 @@ loader 接著會讀取 [.filename]#/boot/loader.rc#,這個程式預設又會 使用以下指令來使用另一個核心載入一般的模組: -[source,bash] +[source,shell] .... unload set kernel="kernel.old" @@ -246,7 +246,7 @@ loader 接著會讀取 [.filename]#/boot/loader.rc#,這個程式預設又會 要載入一個已自動化的核心設置 Script 可: -[source,bash] +[source,shell] .... load -t userconfig_script /boot/kernel.conf .... @@ -388,14 +388,14 @@ vesa_load="YES" [.filename]#/boot/device.hints# 的語法為一個變數一行,使用井字號 "#" 做為註解符號,每一行的結構如下: -[source,bash] +[source,shell] .... hint.driver.unit.keyword="value" .... 在階段 3 開機載入程式的語法則為: -[source,bash] +[source,shell] .... set hint.driver.unit.keyword=value .... diff --git a/documentation/content/zh-tw/books/handbook/bsdinstall/_index.adoc b/documentation/content/zh-tw/books/handbook/bsdinstall/_index.adoc index ebab3a803a..3af5550c37 100644 --- a/documentation/content/zh-tw/books/handbook/bsdinstall/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/bsdinstall/_index.adoc @@ -207,7 +207,7 @@ FreeBSD 的安裝檔可於 https://www.FreeBSD.org/where/#download[www.freebsd.o ====== . man:dd[1] 指令列工具在 BSD, Linux(TM) 以及Mac OS(TM) 系統皆可使用。要使用 `dd` 燒錄映像檔需先插入 USB 隨身碟,然後確認隨身碟的裝置名稱。然後指定已下載的安裝檔名稱以及 USB 隨身碟的裝置名稱。本例示範在已有的 FreeBSD 系統燒錄 amd64 安裝映像檔到第一個 USB 裝置。 + -[source,bash] +[source,shell] .... # dd if=FreeBSD-10.2-RELEASE-amd64-memstick.img of=/dev/da0 bs=1M conv=sync .... @@ -269,7 +269,7 @@ commit your changes? 在大部份機型,可於開機時按住鍵盤上的 kbd:[C],便可從 CD 開機。若在非 Apple(TM) 的鍵盤則可按住 kbd:[Command+Option+O+F] 或 kbd:[Windows+Alt+O+F],出現 `0 >` 提示時,輸入 -[source,bash] +[source,shell] .... boot cd:,\ppc\loader cd:0 .... @@ -280,7 +280,7 @@ boot cd:,\ppc\loader cd:0 要進入 PROM,需重新開機系統然後等候開機訊息出現。訊息會依機型而有所不同,但大致結果會如: -[source,bash] +[source,shell] .... Sun Blade 100 (UltraSPARC-IIe), Keyboard Present Copyright 1998-2001 Sun Microsystems, Inc. All rights reserved. @@ -946,7 +946,7 @@ FreeBSD 開機的過程會顯示許多可以參考的訊息,系統開機完成 若在 <<bsdinstall-config-serv>> 有開啟 sshd,因系統會產生 RSA 及 DSA 金鑰第一次開機可能會有點慢,之後的開機便會恢復正常速度。接著會顯示金鑰的指紋 (Fingerprint),如這個範例: -[source,bash] +[source,shell] .... Generating public/private rsa1 key pair. Your identification has been saved in /etc/ssh/ssh_host_key. @@ -1007,7 +1007,7 @@ FreeBSD 預設並不會安裝圖型化介面,請參考 crossref:x11[x11,X Wind 若系統在開機偵測硬體時卡住或安裝時運作異常,可能主因為 ACPI,FreeBSD 在 i386, amd64 及 ia64 平台廣泛的使用了系統 ACPI 服務來協助設定系統組態,若在開機時有偵測到該功能。不幸的是,ACPI 驅動程式與系統主機板及 BIOS 韌體之間仍存在部份問題。可於開機載入程式的第三階段設定 `hint.acpi.0.disabled` Hint 來關閉 ACPI: -[source,bash] +[source,shell] .... set hint.acpi.0.disabled="1" .... diff --git a/documentation/content/zh-tw/books/handbook/config/_index.adoc b/documentation/content/zh-tw/books/handbook/config/_index.adoc index 7644707450..babbd9fa67 100644 --- a/documentation/content/zh-tw/books/handbook/config/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/config/_index.adoc @@ -159,7 +159,7 @@ PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin <.> 要建立一個使用者 crontab 可使用編輯模式執行 `crontab`: -[source,bash] +[source,shell] .... % crontab -e .... @@ -198,7 +198,7 @@ env -i SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin HOME=/home/dru LOGN 編輯完成 crontab 之後儲存檔案,編輯完的 crontab 會被自動安裝且 cron 會讀取該 crontab 並在其指定的時指執行其 cron job。要列出 crontab 中有那一些 cron job 可以使用此指令: -[source,bash] +[source,shell] .... % crontab -l 0 14 * * * /usr/home/dru/bin/mycustomscript.sh @@ -206,7 +206,7 @@ env -i SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin HOME=/home/dru LOGN 要移除使用在使用者 crontab 中的 cron job 可: -[source,bash] +[source,shell] .... % crontab -r remove crontab for dru? y @@ -217,7 +217,7 @@ remove crontab for dru? y FreeBSD 在系統初始化時使用 man:rc[8] 系統的啟動 Script。列於 [.filename]#/etc/rc.d# 的 Script 提供了基本的服務可使用 man:service[8] 加上 `start`, `stop` 以及 `restart` 選項來控制。例如,使用以下指令可以重新啟動 man:sshd[8]: -[source,bash] +[source,shell] .... # service sshd restart .... @@ -233,14 +233,14 @@ natd_enable="YES" 由於 man:rc[8] 系統主要用於在系統開機與關機時啟動與停止服務,只有當有服務的變數設定在 [.filename]#/etc/rc.conf# 時 `start`, `stop` 以及 `restart` 才會有作用。例如 `sshd restart` 只會在 [.filename]#/etc/rc.conf# 中的 `sshd_enable` 設為 `YES` 時才會運作,若要不透過 [.filename]#/etc/rc.conf# 的設定來 `start`, `stop` 或 `restart` 一個服務則需要在指令前加上 "one",例如要不透過目前在 [.filename]#/etc/rc.conf# 的設定重新啟動 man:sshd[8] 可執行以下指令: -[source,bash] +[source,shell] .... # service sshd onerestart .... 要檢查一個服務是否有在 [.filename]#/etc/rc.conf# 開啟,可執行服務的 man:rc[8] Script 加上 `rcvar`。這個例子會檢查 man:sshd[8] 是否在 [.filename]#/etc/rc.conf# 已經開啟: -[source,bash] +[source,shell] .... # service sshd rcvar # sshd @@ -256,7 +256,7 @@ sshd_enable="YES" 要判斷是一個服務是否正在執行,可使用 `status`,例如要確認 man:sshd[8] 是否正常在執行: -[source,bash] +[source,shell] .... # service sshd status sshd is running as pid 433. @@ -266,7 +266,7 @@ sshd is running as pid 433. man:rc[8] 系統會用在網路服務及也應用在大多數的系統初化 。例如執行 [.filename]#/etc/rc.d/bgfsck# Script 會列印出以下訊息: -[source,bash] +[source,shell] .... Starting background file system checks in 60 seconds. .... @@ -335,7 +335,7 @@ ifconfig_fxp0="inet 10.1.1.1/8" [.filename]#GENERIC# 核心已有內含常見 NIC 的驅動程式 ,意思是在開機時應該會偵測到 NIC。可以輸入 `more /var/run/dmesg.boot` 來檢視系統的開機訊息並使用空白鍵捲動文字。在此例中,兩個乙太網路 NIC 使用系統已有的 man:dc[4] 驅動程式: -[source,bash] +[source,shell] .... dc0: <82c169 PNIC 10/100BaseTX> port 0xa000-0xa0ff mem 0xd3800000-0xd38 000ff irq 15 at device 11.0 on pci0 @@ -377,21 +377,21 @@ FreeBSD 對 Network Driver Interface Specification (NDIS) 有提供 "原生" 的 下個步驟是編譯驅動程式 Binary 成可載入的核心模組。以 `root` 身份使用 man:ndisgen[8]: -[source,bash] +[source,shell] .... # ndisgen /path/to/W32DRIVER.INF /path/to/W32DRIVER.SYS .... 這個指令是互動式的,會提示輸入任何所需的額外資訊,新的核心模組會被產生在目前的目錄,使用 man:kldload[8] 來載入新的模組: -[source,bash] +[source,shell] .... # kldload ./W32DRIVER_SYS.ko .... 除了產生的核心模組之外,[.filename]#ndis.ko# 以及 [.filename]#if_ndis.ko# 也必須載入,會在任何有相依 man:ndis[4] 的模組被載入時一併自動載入。若沒有自動載入,則需使用以下指令手動載入: -[source,bash] +[source,shell] .... # kldload ndis # kldload if_ndis @@ -401,7 +401,7 @@ FreeBSD 對 Network Driver Interface Specification (NDIS) 有提供 "原生" 的 檢查 man:dmesg[8] 查看是否有任何載入錯誤,若一切正常,輸出結果應會如下所示: -[source,bash] +[source,shell] .... ndis0: <Wireless-G PCI Adapter> mem 0xf4100000-0xf4101fff irq 3 at device 8.0 on pci1 ndis0: NDIS API version: 5.0 @@ -425,7 +425,7 @@ W32DRIVER_SYS_load="YES" 要查看 NIC 設定可輸入以下指令: -[source,bash] +[source,shell] .... % ifconfig dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -468,7 +468,7 @@ FreeBSD 會使用驅動程式名稱接著開機時所偵測到的介面卡順序 若 man:ifconfig[8] 的輸出結果如下: -[source,bash] +[source,shell] .... dc0: flags=8843<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80008<VLAN_MTU,LINKSTATE> @@ -511,7 +511,7 @@ ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP" ==== 若沒有 DHCP 伺服器且需要存取網際網路,那麼需要手動設定預設閘道及名稱伺服器: -[source,bash] +[source,shell] .... # echo 'defaultrouter="your_default_router"' >> /etc/rc.conf # echo 'nameserver your_DNS_server' >> /etc/resolv.conf @@ -524,7 +524,7 @@ ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP" 必要的變更儲存到 [.filename]#/etc/rc.conf# 之後,需要重新啟動系統來測試網路設定並檢查系統重新啟動是否沒有任何設定錯誤。或者使用這個指令將設定套用到網路系統: -[source,bash] +[source,shell] .... # service netif restart .... @@ -533,7 +533,7 @@ ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP" ==== 若預設的通訊閘已設定於 [.filename]#/etc/rc.conf# 也同樣要下這個指令: -[source,bash] +[source,shell] .... # service routing restart .... @@ -546,7 +546,7 @@ ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP" 要檢查乙太網路卡是否已正確設定可 man:ping[8] 介面卡自己,然後 man:ping[8] 其他於 LAN 上的主機: -[source,bash] +[source,shell] .... % ping -c5 192.168.1.3 PING 192.168.1.3 (192.168.1.3): 56 data bytes @@ -561,7 +561,7 @@ PING 192.168.1.3 (192.168.1.3): 56 data bytes round-trip min/avg/max/stddev = 0.074/0.083/0.108/0.013 ms .... -[source,bash] +[source,shell] .... % ping -c5 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes @@ -804,14 +804,14 @@ Multiple `-a` options may be specified to allow logging from multiple clients. I Finally, create the log file: -[source,bash] +[source,shell] .... # touch /var/log/logclient.log .... At this point, syslogd should be restarted and verified: -[source,bash] +[source,shell] .... # service syslogd restart # pgrep syslog @@ -842,14 +842,14 @@ Next, define the logging server in the client's [.filename]#/etc/syslog.conf#. I After saving the edit, restart syslogd for the changes to take effect: -[source,bash] +[source,shell] .... # service syslogd restart .... To test that log messages are being sent across the network, use man:logger[1] on the client to send a message to syslogd: -[source,bash] +[source,shell] .... # logger "Test message from logclient" .... @@ -867,14 +867,14 @@ If the `ping` succeeds on both hosts but log messages are still not being receiv syslogd_flags="-d -a logclient.example.com -v -v" .... -[source,bash] +[source,shell] .... # service syslogd restart .... Debugging data similar to the following will flash on the console immediately after the restart: -[source,bash] +[source,shell] .... logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart syslogd: restarted @@ -888,7 +888,7 @@ rejected in rule 0 due to name mismatch. In this example, the log messages are being rejected due to a typo which results in a hostname mismatch. The client's hostname should be `logclient`, not `logclien`. Fix the typo, issue a restart, and verify the results: -[source,bash] +[source,shell] .... # service syslogd restart logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart @@ -1049,14 +1049,14 @@ man:sysctl[8] 主要提供兩個功能:讀取與修改系統設定。 檢視所有可讀取的變數: -[source,bash] +[source,shell] .... % sysctl -a .... 要讀取特定變數只要指定其名稱: -[source,bash] +[source,shell] .... % sysctl kern.maxproc kern.maxproc: 1044 @@ -1064,7 +1064,7 @@ kern.maxproc: 1044 要設定特定變數可使用 _variable_=_value_ 語法: -[source,bash] +[source,shell] .... # sysctl kern.maxfiles=5000 kern.maxfiles: 2088 -> 5000 @@ -1098,7 +1098,7 @@ security.bsd.see_other_uids=0 例如,某些筆電型號的 man:cardbus[4] 裝置無法偵測到記憶體範圍而且會失效並有類似以下的錯誤: -[source,bash] +[source,shell] .... cbb0: Could not map register memory device_probe_and_attach: cbb0 attach returned 12 @@ -1146,7 +1146,7 @@ The `SCSI_DELAY` kernel configuration option may be used to reduce system boot t To fine-tune a file system, use man:tunefs[8]. This program has many different options. To toggle Soft Updates on and off, use: -[source,bash] +[source,shell] .... # tunefs -n enable /filesystem # tunefs -n disable /filesystem @@ -1232,7 +1232,7 @@ A vnode is the internal representation of a file or directory. Increasing the nu To see the current number of vnodes in use: -[source,bash] +[source,shell] .... # sysctl vfs.numvnodes vfs.numvnodes: 91349 @@ -1240,7 +1240,7 @@ vfs.numvnodes: 91349 To see the maximum vnodes: -[source,bash] +[source,shell] .... # sysctl kern.maxvnodes kern.maxvnodes: 100000 @@ -1262,7 +1262,7 @@ If the current vnode usage is near the maximum, try increasing `kern.maxvnodes` 使用 `swapon` 來增加交換分割區到系統,例: -[source,bash] +[source,shell] .... # swapon /dev/ada1s1b .... @@ -1298,14 +1298,14 @@ If the current vnode usage is near the maximum, try increasing `kern.maxvnodes` ====== . 建立交換檔: + -[source,bash] +[source,shell] .... # dd if=/dev/zero of=/usr/swap0 bs=1m count=64 .... + . 在新檔案設定適當的權限: + -[source,bash] +[source,shell] .... # chmod 0600 /usr/swap0 .... @@ -1320,7 +1320,7 @@ md99 none swap sw,file=/usr/swap0,late 0 0 已使用 man:md[4] 裝置的 [.filename]#md99#,保留較低的裝置編號供互動操作時使用。 . 交換空間會於系統啟動時增加。若要立即增加交換空間,請參考 man:swapon[8]: + -[source,bash] +[source,shell] .... # swapon -aL .... @@ -1336,14 +1336,14 @@ md99 none swap sw,file=/usr/swap0,late 0 0 ====== . 建立交換檔 [.filename]#/usr/swap0#: + -[source,bash] +[source,shell] .... # dd if=/dev/zero of=/usr/swap0 bs=1m count=64 .... + . 設定適當的權限於 [.filename]#/usr/swap0#: + -[source,bash] +[source,shell] .... # chmod 0600 /usr/swap0 .... @@ -1357,7 +1357,7 @@ swapfile="/usr/swap0" # Set to name of swap file + . 交換空間會於系統啟動時增加。若要立即增加交換空間,可指定一個未使用的記憶體裝置。請參考 crossref:disks[disks-virtual,記憶體磁碟] 取得更多有關記憶體裝置的資訊。 + -[source,bash] +[source,shell] .... # mdconfig -a -t vnode -f /usr/swap0 -u 0 && swapon /dev/md0 .... @@ -1412,7 +1412,7 @@ ACPI has three suspend to RAM (STR) states, `S1`-`S3`, and one suspend to disk s Use `sysctl hw.acpi` to check for the suspend-related items. These example results are from a Thinkpad: -[source,bash] +[source,shell] .... hw.acpi.supported_sleep_state: S3 S4 S5 hw.acpi.s4bios: 0 @@ -1424,7 +1424,7 @@ When testing suspend/resume, start with `S1`, if supported. This state is most l A common problem with suspend/resume is that many device drivers do not save, restore, or reinitialize their firmware, registers, or device memory properly. As a first attempt at debugging the problem, try: -[source,bash] +[source,shell] .... # sysctl debug.bootverbose=1 # sysctl debug.acpi.suspend_bounce=1 @@ -1464,7 +1464,7 @@ First, try setting `hw.acpi.disable_on_poweroff="0"` in [.filename]#/boot/loader Some BIOS vendors provide incorrect or buggy bytecode. This is usually manifested by kernel console messages like this: -[source,bash] +[source,shell] .... ACPI-1287: *** Error: Method execution failed [\\_SB_.PCI0.LPC0.FIGD._STA] \\ (Node 0xc3f6d160), AE_NOT_FOUND @@ -1480,7 +1480,7 @@ The goal of FreeBSD is for everyone to have working ACPI without any user interv To help identify buggy behavior and possibly fix it manually, a copy can be made of the system's ASL. To copy the system's ASL to a specified file name, use `acpidump` with `-t`, to show the contents of the fixed tables, and `-d`, to disassemble the AML: -[source,bash] +[source,shell] .... # acpidump -td > my.asl .... @@ -1489,7 +1489,7 @@ Some AML versions assume the user is running Windows(TM). To override this, set Other workarounds may require [.filename]#my.asl# to be customized. If this file is edited, compile the new ASL using the following command. Warnings can usually be ignored, but errors are bugs that will usually prevent ACPI from working correctly. -[source,bash] +[source,shell] .... # iasl -f my.asl .... @@ -1513,7 +1513,7 @@ The ACPI driver has a flexible debugging facility. A set of subsystems and the l Debugging output is not enabled by default. To enable it, add `options ACPI_DEBUG` to the custom kernel configuration file if ACPI is compiled into the kernel. Add `ACPI_DEBUG=1` to [.filename]#/etc/make.conf# to enable it globally. If a module is used instead of a custom kernel, recompile just the [.filename]#acpi.ko# module as follows: -[source,bash] +[source,shell] .... # cd /sys/modules/acpi/acpi && make clean && make ACPI_DEBUG=1 .... @@ -1543,7 +1543,7 @@ When submitting a problem report, include the following information: * Output from `sysctl hw.acpi`. This lists which features the system offers. * The URL to a pasted version of the system's ASL. Do _not_ send the ASL directly to the list as it can be very large. Generate a copy of the ASL by running this command: + -[source,bash] +[source,shell] .... # acpidump -dt > name-system.asl .... diff --git a/documentation/content/zh-tw/books/handbook/cutting-edge/_index.adoc b/documentation/content/zh-tw/books/handbook/cutting-edge/_index.adoc index bf142d5666..5b2db37acb 100644 --- a/documentation/content/zh-tw/books/handbook/cutting-edge/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/cutting-edge/_index.adoc @@ -152,7 +152,7 @@ MergeChanges /etc/ /var/named/etc/ /boot/device.hints FreeBSD 安全性修補可以使用以下指令下載並安裝。 第一個指令會偵測是否有可用的修補,如果有,將列出若執行修補後會變更的檔案清單。第二個指令將會套用修補。 -[source,bash] +[source,shell] .... # freebsd-update fetch # freebsd-update install @@ -171,7 +171,7 @@ FreeBSD 安全性修補可以使用以下指令下載並安裝。 第一個指 如果有發生任何錯誤,`freebsd-update` 可以使用以下指令還原最後所做的變更: -[source,bash] +[source,shell] .... # freebsd-update rollback Uninstalling updates... done. @@ -202,14 +202,14 @@ Uninstalling updates... done. 在 FreeBSD 9.0 系統執行以下指令,將會把系統升級至 FreeBSD 9.1: -[source,bash] +[source,shell] .... # freebsd-update -r 9.1-RELEASE upgrade .... 收到這個指令後,`freebsd-update` 會開始評估設定檔和目前的系統來收集升級所需的資訊。 螢幕會顯示偵測到或沒偵測到的元件清單。例如: -[source,bash] +[source,shell] .... Looking up update.FreeBSD.org mirrors... 1 mirrors found. Fetching metadata signature for 9.0-RELEASE from update1.FreeBSD.org... done. @@ -233,7 +233,7 @@ Does this look reasonable (y/n)? y 當使用自訂核心,上述的步驟將會產生如下的警告: -[source,bash] +[source,shell] .... WARNING: This system is running a "MYKERNEL" kernel, which is not a kernel configuration distributed as part of FreeBSD 9.0-RELEASE. @@ -249,7 +249,7 @@ before running "/usr/sbin/freebsd-update install" ==== 所有的修補與合併動作會在另一個目錄進行,並不會直接修改。當成功套用所有修補,所有設定檔已合併且過程順利,使用者可使用以下指令將變更安裝到磁碟: -[source,bash] +[source,shell] .... # freebsd-update install .... @@ -258,7 +258,7 @@ before running "/usr/sbin/freebsd-update install" 核心與核心模組會先修補,若系統正在執行自訂的核心,使用 man:nextboot[8] 來設定下次開機使用更新過的 [.filename]#/boot/GENERIC#: -[source,bash] +[source,shell] .... # nextboot -k GENERIC .... @@ -271,14 +271,14 @@ before running "/usr/sbin/freebsd-update install" 機器現在應使用更新過的核心重新開機: -[source,bash] +[source,shell] .... # shutdown -r now .... 一旦系統重新上線,使用以下指令繼續 `freebsd-update`。 由於程序的狀態已被儲存,`freebsd-update` 不會重頭開始,但會進行下一個階段並移除所有舊的共用程式庫和目標檔。 -[source,bash] +[source,shell] .... # freebsd-update install .... @@ -297,7 +297,7 @@ before running "/usr/sbin/freebsd-update install" 若有編譯自訂核心過超過一次,或已經不曉得編譯自訂核心的次數,則需取得與目前作業系統版本相符的 `GENERIC` 核心複本。若可直接操作實體系統,則可以從安裝媒體取得 `GENERIC` 核心複本: -[source,bash] +[source,shell] .... # mount /cdrom # cd /cdrom/usr/freebsd-dist @@ -306,7 +306,7 @@ before running "/usr/sbin/freebsd-update install" 或者,可以從原始碼重新編譯 `GENERIC` 核心: -[source,bash] +[source,shell] .... # cd /usr/src # make kernel __MAKE_CONF=/dev/null SRCCONF=/dev/null @@ -323,14 +323,14 @@ before running "/usr/sbin/freebsd-update install" 強制升級所有已安裝的套件會使用檔案庫中新版本的套件來取得目前套件,即使該版號沒有增加。由於在升級 FreeBSD 主要版本時會變更 ABI 版本,因此這是必要動作。強制升級可以執行以下指令來完成: -[source,bash] +[source,shell] .... # pkg-static upgrade -f .... 重新編譯所有已安裝的應用程式可以執行以下指令來完成: -[source,bash] +[source,shell] .... # portmaster -af .... @@ -339,7 +339,7 @@ before running "/usr/sbin/freebsd-update install" 完成軟體升級後,最後需執行 `freebsd-update` 來完成最後的升級動作: -[source,bash] +[source,shell] .... # freebsd-update install .... @@ -361,7 +361,7 @@ before running "/usr/sbin/freebsd-update install" 要開始比對,需指定輸出的檔案來儲存結果: -[source,bash] +[source,shell] .... # freebsd-update IDS >> outfile.ids .... @@ -370,7 +370,7 @@ before running "/usr/sbin/freebsd-update install" 清單中的項目會相當的多,但輸出的格式可以很簡單的用來分析。例如,要取得與發佈版本不同的檔案清單,可使用以下指令: -[source,bash] +[source,shell] .... # cat outfile.ids | awk '{ print $1 }' | more /etc/master.passwd @@ -397,7 +397,7 @@ before running "/usr/sbin/freebsd-update install" 安裝完成之後,可使用 svnlite 來取得乾淨的文件原始碼複本: -[source,bash] +[source,shell] .... # svnlite checkout https://svn.FreeBSD.org/doc/head /usr/doc .... @@ -406,7 +406,7 @@ before running "/usr/sbin/freebsd-update install" 往後更新文件原始碼可執行: -[source,bash] +[source,shell] .... # svnlite update /usr/doc .... @@ -415,7 +415,7 @@ before running "/usr/sbin/freebsd-update install" 完整更新所有可用的語言可以執行: -[source,bash] +[source,shell] .... # cd /usr/doc # make install clean @@ -423,7 +423,7 @@ before running "/usr/sbin/freebsd-update install" 若只想要更新特定語言,可對 [.filename]#/usr/doc# 中特定語言的子目錄執行 `make`: -[source,bash] +[source,shell] .... # cd /usr/doc/en_US.ISO8859-1 # make install clean @@ -431,14 +431,14 @@ before running "/usr/sbin/freebsd-update install" 另一個更新文件的方式是在 [.filename]#/usr/doc# 或特定的語言子目錄下執行此指令: -[source,bash] +[source,shell] .... # make update .... 要指定安裝的輸出格式可使用 `FORMATS` 來設定: -[source,bash] +[source,shell] .... # cd /usr/doc # make FORMATS='html html-split' install clean @@ -477,7 +477,7 @@ before running "/usr/sbin/freebsd-update install" 當使用 Binary 套件時,會安裝指定語言 FreeBSD 文件的所有可用格式。例如以下指令會安裝最新的匈牙利語文件套件: -[source,bash] +[source,shell] .... # pkg install hu-freebsd-doc .... @@ -489,7 +489,7 @@ before running "/usr/sbin/freebsd-update install" 要指定文件的格式,需以編譯 Port 來代替安裝套件。例如要編譯並安裝英語文件: -[source,bash] +[source,shell] .... # cd /usr/ports/misc/freebsd-doc-en # make install clean @@ -510,7 +510,7 @@ Port 提供設定選單來指定要編譯與安裝的格式,預設會選擇分 以下範例使用變數來安裝 PDF 的匈牙利語文件到特定目錄: -[source,bash] +[source,shell] .... # cd /usr/ports/misc/freebsd-doc-hu # make -DWITH_PDF DOCBASE=share/doc/freebsd/hu install clean @@ -518,7 +518,7 @@ Port 提供設定選單來指定要編譯與安裝的格式,預設會選擇分 文件套件或 Port 可以依 crossref:ports[ports,安裝應用程式:套件與 Port] 的說明更新。例如以下指令會使用 package:ports-mgmt/portmaster[] 更新已安裝的匈牙利語文件: -[source,bash] +[source,shell] .... # portmaster -PP hu-freebsd-doc .... @@ -594,7 +594,7 @@ FreeBSD-STABLE 是一個開發分支,會在主要的版本更新後產生, . 更新並編譯 + -[source,bash] +[source,shell] .... # svnlite update /usr/src <.> check /usr/src/UPDATING <.> @@ -639,7 +639,7 @@ check /usr/src/UPDATING <.> FreeBSD 的原始碼位於 [.filename]#/usr/src/#,較建議透過 Subversion 版本控制系統來更新這份原始碼,要確認原始碼已在版本控制系統的管控下可: -[source,bash] +[source,shell] .... # svnlite info /usr/src Path: /usr/src @@ -649,7 +649,7 @@ Working Copy Root Path: /usr/src 此結果代表 [.filename]#/usr/src/# 已在版本控制系統的管控下並且可以使用 man:svnlite[1] 來更新: -[source,bash] +[source,shell] .... # svnlite update /usr/src .... @@ -688,7 +688,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 查看 FreeBSD 目前使用的版本可使用 man:uname[1]: -[source,bash] +[source,shell] .... # uname -r 10.3-RELEASE @@ -696,7 +696,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 根據 <<updating-src-obtaining-src-repopath>>,要更新 `10.3-RELEASE` 需使用的原始碼檔案庫路徑為 `base/releng/10.3`,在取出 (checkout) 原始碼時便要使用這個路徑: -[source,bash] +[source,shell] .... # mv /usr/src /usr/src.bak <.> # svnlite checkout https://svn.freebsd.org/base/releng/10.3 /usr/src <.> @@ -712,7 +712,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 編譯世界 (_world_) 即編譯整個作業系統除了核心 (Kernel),要先做這個動作以便提供最新的工具來編譯核心,接著便可編譯核心: -[source,bash] +[source,shell] .... # cd /usr/src # make buildworld @@ -728,7 +728,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 部份 FreeBSD 編譯系統版本會保留先前編譯的程式於暫存的物件目錄 [.filename]#/usr/obj#,避免重新編譯那些尚未更動過的程式碼可加速後續的編譯動作,若要強制重新編譯所有東西可在開始編譯前使用 `cleanworld`: -[source,bash] +[source,shell] .... # make cleanworld .... @@ -744,7 +744,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, ==== 使用四個工作來編譯世界與核心: -[source,bash] +[source,shell] .... # make -j4 buildworld buildkernel .... @@ -756,7 +756,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 若原始碼有更動,便須執行 `buildworld`,完成之後,便可隨時執行 `buildkernel` 來編譯核心,若要只編譯核心可: -[source,bash] +[source,shell] .... # cd /usr/src # make buildkernel @@ -779,7 +779,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 自訂設定檔可由複製 [.filename]#GENERIC# 設定檔來建立,在此範例,新的自訂核心要用在儲存伺服器,所以將其命名為 [.filename]#STORAGESERVER#: -[source,bash] +[source,shell] .... # cp /usr/src/sys/amd64/conf/GENERIC /root/STORAGESERVER # cd /usr/src/sys/amd64/conf @@ -790,7 +790,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 自訂核心要在指令列設定 `KERNCONF` 為核心設定檔來編譯: -[source,bash] +[source,shell] .... # make buildkernel KERNCONF=STORAGESERVER .... @@ -800,7 +800,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 在完成 `buildworld` 與 `buildkernel` 兩個步驟之後,便可安裝新的核心與世界: -[source,bash] +[source,shell] .... # cd /usr/src # make installkernel @@ -812,7 +812,7 @@ STABLE 分支偶爾也會有錯誤或無法相容的問題會影響使用者, 若使用自訂核心,則同樣須設定 `KERNCONF` 來使用新的自訂核心: -[source,bash] +[source,shell] .... # cd /usr/src # make installkernel KERNCONF=STORAGESERVER @@ -834,7 +834,7 @@ man:mergemaster[8] 可簡單的將修改過的系統設定檔與新版設定檔 使用 `-Ui`,man:mergemaster[8] 會自動更新那些未被使用者修改過的設定檔並安裝尚不存在的檔案: -[source,bash] +[source,shell] .... # mergemaster -Ui .... @@ -846,28 +846,28 @@ man:mergemaster[8] 可簡單的將修改過的系統設定檔與新版設定檔 部份廢棄的檔案或目錄可以在更新之後保留,可使用以下指令找出這些檔案: -[source,bash] +[source,shell] .... # make check-old .... 並用以下指令刪除: -[source,bash] +[source,shell] .... # make delete-old .... 部份廢棄的程式庫也可以保留下來,可使用以下指令來偵測這些程式庫: -[source,bash] +[source,shell] .... # make check-old-libs .... 並使用以下指令刪除 -[source,bash] +[source,shell] .... # make delete-old-libs .... @@ -879,7 +879,7 @@ man:mergemaster[8] 可簡單的將修改過的系統設定檔與新版設定檔 當確認所有舊檔案或目錄可安全的刪除時,要避免刪除每一個檔案時均需按下 kbd:[y] 與 kbd:[Enter] 鍵可在指令設定 `BATCH_DELETE_OLD_FILES`,例如: -[source,bash] +[source,shell] .... # make BATCH_DELETE_OLD_FILES=yes delete-old-libs .... @@ -891,7 +891,7 @@ man:mergemaster[8] 可簡單的將修改過的系統設定檔與新版設定檔 更新之後的最後一個步驟便是重新啟動電腦,來讓所有的變更生效: -[source,bash] +[source,shell] .... # shutdown -r now .... diff --git a/documentation/content/zh-tw/books/handbook/desktop/_index.adoc b/documentation/content/zh-tw/books/handbook/desktop/_index.adoc index 6746fe8250..ee388acd4f 100644 --- a/documentation/content/zh-tw/books/handbook/desktop/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/desktop/_index.adoc @@ -108,14 +108,14 @@ Firefox 是一套開放源始碼的瀏覽器,它具備符合 HTML 標準的顯 要安裝最新釋出版本的 Firefox 套件可輸入: -[source,bash] +[source,shell] .... # pkg install firefox .... 要安裝延長支援發佈 (Extended Support Release, ESR) 版本的 Firefox,可使用: -[source,bash] +[source,shell] .... # pkg install firefox-esr .... @@ -124,7 +124,7 @@ Firefox 是一套開放源始碼的瀏覽器,它具備符合 HTML 標準的顯 使用 Port 套件地可以用原始碼編譯成您想要的 Firefox 版本。此範例編譯 package:www/firefox[],其中 `firefox` 可替換為 ESR 或在地化版本來安裝。 -[source,bash] +[source,shell] .... # cd /usr/ports/www/firefox # make install clean @@ -136,14 +136,14 @@ Opera 是個具備完整功能、符合標準且輕量、執行速度快的瀏 以下指令可安裝 FreeBSD Binary 套件版本的 Opera,替換 `opera` 為 `linux-opera` 則可改安裝 Linux(TM) 版本。 -[source,bash] +[source,shell] .... # pkg install opera .... 或者,可安裝 Port 套件集中的版本,以下範例會編譯原生的版本: -[source,bash] +[source,shell] .... # cd /usr/ports/www/opera # make install clean @@ -153,7 +153,7 @@ Opera 是個具備完整功能、符合標準且輕量、執行速度快的瀏 要安裝 Adobe(TM)Flash(TM) 附加元件,需先編譯 package:www/linux-flashplayer[] Port,因受到授權條款限制無法事先編譯為 Binary 套件。然後再安裝 package:www/opera-linuxplugins[]。以下範例示範如何編譯 Port 中的這兩個應用程式: -[source,bash] +[source,shell] .... # cd /usr/ports/www/linux-flashplayer # make install clean @@ -171,14 +171,14 @@ Konqueror 不只是個網頁瀏覽器, 它同時也是檔案管理器和多媒 Konqueror 使用支援 WebKit 以及它自有的 KTHML。WebKit 是一套被許多現代瀏覽器所使用的繪圖引擎,包含 Chromium。要在 FreeBSD 的 Konqueror 使用 WebKit 需安裝 package:www/kwebkitpart[] 套件或 Port。此範例示範使用 Binary 套件安裝: -[source,bash] +[source,shell] .... # pkg install kwebkitpart .... 從 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/www/kwebkitpart # make install clean @@ -194,14 +194,14 @@ Chromium 是一個開放源始碼的瀏覽器計劃,該計劃的目標是要 Chromium 可以使用套件來安裝,只要輸入: -[source,bash] +[source,shell] .... # pkg install chromium .... 或者可從 Port 套件集的原始碼編譯 Chromium: -[source,bash] +[source,shell] .... # cd /usr/ports/www/chromium # make install clean @@ -259,14 +259,14 @@ KDE 桌面環境中內含辦公軟體可以與 KDE 分開安裝。Calligra 中 在 FreeBSD 中 package:editors/calligra[] 可以使用套件或 Port 的方式安裝,要使用套件安裝: -[source,bash] +[source,shell] .... # pkg install calligra .... 若沒有可用的套件,可改使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/editors/calligra # make install clean @@ -280,14 +280,14 @@ AbiWord 可以輸入或輸出許多檔案格式, 包括一些有專用的格 要安裝 AbiWord Binary 套件,可使用下列指令: -[source,bash] +[source,shell] .... # pkg install abiword .... 若沒有 Binary 套件版本,也可以從 Port 套件集中編譯安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/editors/abiword # make install clean @@ -299,14 +299,14 @@ AbiWord 可以輸入或輸出許多檔案格式, 包括一些有專用的格 要安裝套件可: -[source,bash] +[source,shell] .... # pkg install gimp .... 或使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/graphics/gimp # make install clean @@ -322,14 +322,14 @@ Apache OpenOffice 的文字處理器使用原生的 XML 檔案格式來增加移 要安裝 Apache OpenOffice 套件: -[source,bash] +[source,shell] .... # pkg install apache-openoffice .... 當套件安裝完成之後,只要輸入下面的指令就能執行 Apache OpenOffice: -[source,bash] +[source,shell] .... % openoffice-X.Y.Z .... @@ -338,7 +338,7 @@ Apache OpenOffice 的文字處理器使用原生的 XML 檔案格式來增加移 若無法由套件取得想要的 Apache OpenOffice,仍可選擇從 Port 編譯。 不過必須注意:編譯的過程會需要大量的磁碟空間與時間: -[source,bash] +[source,shell] .... # cd /usr/ports/editors/openoffice-4 # make install clean @@ -348,7 +348,7 @@ Apache OpenOffice 的文字處理器使用原生的 XML 檔案格式來增加移 ==== 如果想要編譯在地化的版本,將前面的指令替換成為: -[source,bash] +[source,shell] .... # make LOCALIZED_LANG=your_language install clean .... @@ -364,7 +364,7 @@ LibreOffice 的文件處理程式使用了原生的 XML 檔案格式來增加可 要安裝英文版本的 LibreOffice 套件: -[source,bash] +[source,shell] .... # pkg install libreoffice .... @@ -373,7 +373,7 @@ Port 套件集的編輯器分類 (https://www.FreeBSD.org/ports/[freebsd.org/por 套件安裝之後,輸入以下指令來執行 LibreOffice: -[source,bash] +[source,shell] .... % libreoffice .... @@ -382,7 +382,7 @@ Port 套件集的編輯器分類 (https://www.FreeBSD.org/ports/[freebsd.org/por 若找不到想使用的 LibreOffice 套件,也可從 Port 編譯,但這會要大量的磁碟空間及漫長的時間編譯。以下例子示範編譯英文版本: -[source,bash] +[source,shell] .... # cd /usr/ports/editors/libreoffice # make install clean @@ -438,14 +438,14 @@ UNIX(TM) 出現之後,有一些新的文件格式才越來越熱門,這些 安裝 Xpdf 套件: -[source,bash] +[source,shell] .... # pkg install xpdf .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/graphics/xpdf # make install clean @@ -459,14 +459,14 @@ gv 是 PostScript(TM) 和 PDF 的閱覽器。 它建構於 ghostview 的基礎 安裝 gv 套件: -[source,bash] +[source,shell] .... # pkg install gv .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/print/gv # make install clean @@ -478,14 +478,14 @@ Geeqie 是由已經停止維護的 GQView 專案所衍伸出來的分支,並 安裝 Geeqie 套件: -[source,bash] +[source,shell] .... # pkg install geeqie .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/graphics/geeqie # make install clean @@ -497,14 +497,14 @@ ePDFView 是一套小巧的 PDF 文件檢視程式,只使用了 Gtk+ 與 Poppl 要以套件安裝 ePDFView: -[source,bash] +[source,shell] .... # pkg install epdfview .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/graphics/epdfview # make install clean @@ -516,14 +516,14 @@ Okular 是一套通用的文件檢視程式,以 KDE 的 KPDF 為基礎。它 要以套件安裝 Okular: -[source,bash] +[source,shell] .... # pkg install okular .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/graphics/okular # make install clean @@ -568,14 +568,14 @@ GnuCash 提供了智慧的計數器、多階層帳戶系統以及快速鍵及自 安裝 GnuCash 套件: -[source,bash] +[source,shell] .... # pkg install gnucash .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/finance/gnucash # make install clean @@ -587,14 +587,14 @@ Gnumeric 是 GNOME 社群所開發的試算表程式。 它的特點是擁有能 安裝 Gnumeric 套件: -[source,bash] +[source,shell] .... # pkg install gnumeric .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/math/gnumeric # make install clean @@ -606,14 +606,14 @@ KMyMoney 是一套個人財務應用程式,由 KDE 社群所開發。KMyMoney 要以套件安裝 KMyMoney: -[source,bash] +[source,shell] .... # pkg install kmymoney-kde4 .... 若沒有可用的套件版本,可使用 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/finance/kmymoney-kde4 # make install clean diff --git a/documentation/content/zh-tw/books/handbook/disks/_index.adoc b/documentation/content/zh-tw/books/handbook/disks/_index.adoc index 39e2a650d6..576534b016 100644 --- a/documentation/content/zh-tw/books/handbook/disks/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/disks/_index.adoc @@ -83,7 +83,7 @@ toc::[] 建立完分割表格式後接著加入一個分割區,要在新的磁碟增進效能可使用較大的硬體區塊大小 (Block size),此分割區會對齊 1 MB 的邊界: -[source,bash] +[source,shell] .... # gpart create -s GPT ada1 # gpart add -t freebsd-ufs -a 1M ada1 @@ -93,7 +93,7 @@ toc::[] 磁碟分割區資訊可以使用 `gpart show` 檢視: -[source,bash] +[source,shell] .... % gpart show ada1 => 34 1465146988 ada1 GPT (699G) @@ -104,14 +104,14 @@ toc::[] 在新磁碟的新分割區上建立檔案系統: -[source,bash] +[source,shell] .... # newfs -U /dev/ada1p1 .... 建立一個空的目錄做來做為__掛載點 (mountpoint)__,一個在原有磁碟的檔案系統上可用來掛載新磁碟的位置: -[source,bash] +[source,shell] .... # mkdir /newdisk .... @@ -125,7 +125,7 @@ toc::[] 新的磁碟也可手動掛載,無須重新啟動系統: -[source,bash] +[source,shell] .... # mount /newdisk .... @@ -139,7 +139,7 @@ toc::[] 列出在磁碟上的分割區來查看目前的設定: -[source,bash] +[source,shell] .... # gpart show ada0 => 34 83886013 ada0 GPT (48G) [CORRUPT] @@ -153,7 +153,7 @@ toc::[] ==== 若磁碟已使用 http://en.wikipedia.org/wiki/GUID_Partition_Table[ GPT] 分割表格式做格式化,可能會顯示為 "已損壞 (corrupted)" 因為 GPT 備份分割區已不存在於磁碟結尾。 使用 `gpart` 來修正備份分割區: -[source,bash] +[source,shell] .... # gpart recover ada0 ada0 recovered @@ -163,7 +163,7 @@ ada0 recovered 現在在磁碟上的額外空間已經可以被新的分割區使用,或者可以拿來擴充既有的分割區: -[source,bash] +[source,shell] .... # gpart show ada0 => 34 102399933 ada0 GPT (48G) @@ -177,14 +177,14 @@ ada0 recovered 停用交換分割區: -[source,bash] +[source,shell] .... # swapoff /dev/ada0p3 .... 刪除 _ada0_ 磁碟上的第三個分割區,可使用 `-i` 參數來指定分割區。 -[source,bash] +[source,shell] .... # gpart delete -i 3 ada0 ada0p3 deleted @@ -200,7 +200,7 @@ ada0p3 deleted 在掛載的檔案系統上修改分割區表可能會造成資料遺失。最好的方式是在未掛載檔案系統的情況下 (使用 Live CD-ROM 或 USB 裝置) 執行以下步驟。雖然如此,若仍要這樣做的話,在關閉 GEOM 安全性功能之後可以在掛載的檔案系統上修改分割區表: -[source,bash] +[source,shell] .... # sysctl kern.geom.debugflags=16 .... @@ -209,7 +209,7 @@ ada0p3 deleted 重設分割區大小並保留要用來重建交換分割區的空間,要重設大小的分割區可以用 `-i` 來指定,而要重設的大小可用 `-s` 來指定,若要對齊分割區可以使用 `-a`。這個動作只會修改分割區大小,分割區中的檔案系統需在另一個步驟擴增。 -[source,bash] +[source,shell] .... # gpart resize -i 2 -s 47G -a 4k ada0 ada0p2 resized @@ -222,7 +222,7 @@ ada0p2 resized 重建交換分割區並且啟動,若不使用 `-s` 指定大小則會使用所有剩餘的空間: -[source,bash] +[source,shell] .... # gpart add -t freebsd-swap -a 4k ada0 ada0p3 added @@ -236,7 +236,7 @@ ada0p3 added 擴增 UFS 檔案系統來使用重設分割區大小之後的新容量: -[source,bash] +[source,shell] .... # growfs /dev/ada0p2 Device is mounted read-write; resizing will result in temporary write suspension for /. @@ -249,7 +249,7 @@ super-block backups (for fsck -b #) at: 若檔案系統使用 ZFS,重設大小需執行 `online` 子指令並使用 `-e` 來觸發動作: -[source,bash] +[source,shell] .... # zpool online -e zroot /dev/ada0p2 .... @@ -290,7 +290,7 @@ FreeBSD 使用 man:umass[4] 驅動程式透過 SCSI 子系統來存取 USB 儲 要測試 USB 設定,請先插入 USB 裝置,然後使用 `dmesg` 來確認系統訊息緩衝區中有出現該磁碟機,該訊息如下: -[source,bash] +[source,shell] .... umass0: <STECH Simple Drive, class 0/0, rev 2.00/1.04, addr 3> on usbus0 umass0: SCSI over Bulk-Only; quirks = 0x0100 @@ -307,7 +307,7 @@ da0: quirks=0x2<NO_6_BYTE> 當 USB 裝置可以做為 SCSI 檢視時,便可使用 `camcontrol` 來列出連接到系統的 USB 儲存裝置: -[source,bash] +[source,shell] .... # camcontrol devlist <STECH Simple Drive 1.04> at scbus4 target 0 lun 0 (pass3,da0) @@ -315,7 +315,7 @@ da0: quirks=0x2<NO_6_BYTE> 或者,可以使用 `usbconfig` 來列出裝置,請參考 man:usbconfig[8] 來取得更多有關此指令的資訊。 -[source,bash] +[source,shell] .... # usbconfig ugen0.3: <Simple Drive STECH> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (2mA) @@ -365,7 +365,7 @@ vfs.usermount=1 這樣只會在下次重新開機時生效,可使用 `sysctl` 來立即設定這個變數: -[source,bash] +[source,shell] .... # sysctl vfs.usermount=1 vfs.usermount: 0 -> 1 @@ -373,7 +373,7 @@ vfs.usermount: 0 -> 1 最後一個步驟是建立要掛載檔案系統要的目錄,要掛載檔案系統的使用者需要擁有這個目錄。其中一個辦法是讓 `root` 建立由該使用者擁有的子目錄 [.filename]#/mnt/username#。在下面的例子,將 _username_ 替換為該使用者的登入名稱並將 _usergroup_ 替換為該使用者的主要群組: -[source,bash] +[source,shell] .... # mkdir /mnt/username # chown username:usergroup /mnt/username @@ -381,21 +381,21 @@ vfs.usermount: 0 -> 1 假如已經插入 USB 隨身碟,且已出現 [.filename]#/dev/da0s1# 裝置。若裝置使用 FAT 格式的檔案系統,則使用者可使用以下指令掛載該檔案系統: -[source,bash] +[source,shell] .... % mount -t msdosfs -o -m=644,-M=755 /dev/da0s1 /mnt/username .... 在裝置可以被拔除前,__必須__先卸載: -[source,bash] +[source,shell] .... % umount /mnt/username .... 裝置移除之後,系統訊息緩衝區會顯示如下的訊息: -[source,bash] +[source,shell] .... umass0: at uhub3, port 2, addr 3 (disconnected) da0 at umass-sim0 bus 0 scbus4 target 0 lun 0 @@ -407,14 +407,14 @@ da0: <STECH Simple Drive 1.04> s/n WD-WXE508CAN263 detached 可以取消註解在 [.filename]#/etc/auto_master# 中的下行來自動掛載 USB 裝置: -[source,bash] +[source,shell] .... /media -media -nosuid .... 然後加入這些行到 [.filename]#/etc/devd.conf#: -[source,bash] +[source,shell] .... notify 100 { match "system" "GEOM"; @@ -425,7 +425,7 @@ notify 100 { 若 man:autofs[5] 以及 man:devd[8] 已經正在執行,則需重新載入設定: -[source,bash] +[source,shell] .... # service automount restart # service devd restart @@ -442,7 +442,7 @@ man:autofs[5] 需要開啟 man:devd[8],預設已經開啟。 立即啟動服務: -[source,bash] +[source,shell] .... # service automount start # service automountd start @@ -454,7 +454,7 @@ man:autofs[5] 需要開啟 man:devd[8],預設已經開啟。 檔案系統會在第一次存取時自動掛載,並在一段時間未使用後自動卸載。自動掛載的磁碟也可手動卸載: -[source,bash] +[source,shell] .... # automount -fu .... @@ -530,7 +530,7 @@ This will require a reboot of the system as this driver can only be loaded at bo To verify that FreeBSD recognizes the device, run `dmesg` and look for an entry for the device. On systems prior to 10.x, the device name in the first line of the output will be [.filename]#acd0# instead of [.filename]#cd0#. -[source,bash] +[source,shell] .... % dmesg | grep cd cd0 at ahcich1 bus 0 scbus1 target 0 lun 0 @@ -547,14 +547,14 @@ In FreeBSD, `cdrecord` can be used to burn CDs. This command is installed with t While `cdrecord` has many options, basic usage is simple. Specify the name of the ISO file to burn and, if the system has multiple burner devices, specify the name of the device to use: -[source,bash] +[source,shell] .... # cdrecord dev=device imagefile.iso .... To determine the device name of the burner, use `-scanbus` which might produce results like this: -[source,bash] +[source,shell] .... # cdrecord -scanbus ProDVD-ProBD-Clone 3.00 (amd64-unknown-freebsd10.0) Copyright (C) 1995-2010 Jörg Schilling @@ -583,7 +583,7 @@ Locate the entry for the CD burner and use the three numbers separated by commas Alternately, run the following command to get the device address of the burner: -[source,bash] +[source,shell] .... # camcontrol devlist <MATSHITA CDRW/DVD UJDA740 1.00> at scbus1 target 0 lun 0 (cd0,pass0) @@ -596,7 +596,7 @@ Use the numeric values for `scbus`, `target`, and `lun`. For this example, `1,0, In order to produce a data CD, the data files that are going to make up the tracks on the CD must be prepared before they can be burned to the CD. In FreeBSD, package:sysutils/cdrtools[] installs `mkisofs`, which can be used to produce an ISO 9660 file system that is an image of a directory tree within a UNIX(TM) file system. The simplest usage is to specify the name of the ISO file to create and the path to the files to place into the ISO 9660 file system: -[source,bash] +[source,shell] .... # mkisofs -o imagefile.iso /path/to/tree .... @@ -609,14 +609,14 @@ For CDs that are going to be used only on FreeBSD systems, `-U` can be used to d The last option of general use is `-b`. This is used to specify the location of a boot image for use in producing an "El Torito" bootable CD. This option takes an argument which is the path to a boot image from the top of the tree being written to the CD. By default, `mkisofs` creates an ISO image in "floppy disk emulation" mode, and thus expects the boot image to be exactly 1200, 1440 or 2880 KB in size. Some boot loaders, like the one used by the FreeBSD distribution media, do not use emulation mode. In this case, `-no-emul-boot` should be used. So, if [.filename]#/tmp/myboot# holds a bootable FreeBSD system with the boot image in [.filename]#/tmp/myboot/boot/cdboot#, this command would produce [.filename]#/tmp/bootable.iso#: -[source,bash] +[source,shell] .... # mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot .... The resulting ISO image can be mounted as a memory disk with: -[source,bash] +[source,shell] .... # mdconfig -a -t vnode -f /tmp/bootable.iso -u 0 # mount -t cd9660 /dev/md0 /mnt @@ -630,7 +630,7 @@ There are many other options available for `mkisofs` to fine-tune its behavior. ==== It is possible to copy a data CD to an image file that is functionally equivalent to the image file created with `mkisofs`. To do so, use [.filename]#dd# with the device name as the input file and the name of the ISO to create as the output file: -[source,bash] +[source,shell] .... # dd if=/dev/cd0 of=file.iso bs=2048 .... @@ -643,7 +643,7 @@ The resulting image file can be burned to CD as described in <<cdrecord>>. Once an ISO has been burned to a CD, it can be mounted by specifying the file system type, the name of the device containing the CD, and an existing mount point: -[source,bash] +[source,shell] .... # mount -t cd9660 /dev/cd0 /mnt .... @@ -681,7 +681,7 @@ It is possible to burn a file directly to CD, without creating an ISO 9660 file This type of disk can not be mounted as a normal data CD. In order to retrieve the data burned to such a CD, the data must be read from the raw device node. For example, this command will extract a compressed tar file located on the second CD device into the current working directory: -[source,bash] +[source,shell] .... # tar xzvf /dev/cd1 .... @@ -703,7 +703,7 @@ To duplicate an audio CD, extract the audio data from the CD to a series of file . The package:sysutils/cdrtools[] package or port installs `cdda2wav`. This command can be used to extract all of the audio tracks, with each track written to a separate WAV file in the current working directory: + -[source,bash] +[source,shell] .... % cdda2wav -vall -B -Owav .... @@ -711,7 +711,7 @@ To duplicate an audio CD, extract the audio data from the CD to a series of file A device name does not need to be specified if there is only one CD device on the system. Refer to the `cdda2wav` manual page for instructions on how to specify a device and to learn more about the other options available for this command. . Use `cdrecord` to write the [.filename]#.wav# files: + -[source,bash] +[source,shell] .... % cdrecord -v dev=2,0 -dao -useinfo *.wav .... @@ -765,7 +765,7 @@ Since man:growisofs[1] is a front-end to <<mkisofs,mkisofs>>, it will invoke man To burn to a DVD+R or a DVD-R the data in [.filename]#/path/to/data#, use the following command: -[source,bash] +[source,shell] .... # growisofs -dvd-compat -Z /dev/cd0 -J -R /path/to/data .... @@ -776,7 +776,7 @@ For the initial session recording, `-Z` is used for both single and multiple ses To burn a pre-mastered image, such as _imagefile.iso_, use: -[source,bash] +[source,shell] .... # growisofs -dvd-compat -Z /dev/cd0=imagefile.iso .... @@ -789,14 +789,14 @@ In order to support working files larger than 4.38GB, an UDF/ISO-9660 hybrid fil To create this type of ISO file: -[source,bash] +[source,shell] .... % mkisofs -R -J -udf -iso-level 3 -o imagefile.iso /path/to/data .... To burn files directly to a disk: -[source,bash] +[source,shell] .... # growisofs -dvd-compat -udf -iso-level 3 -Z /dev/cd0 -J -R /path/to/data .... @@ -812,7 +812,7 @@ A DVD-Video is a specific file layout based on the ISO 9660 and micro-UDF (M-UDF If an image of the DVD-Video file system already exists, it can be burned in the same way as any other image. If `dvdauthor` was used to make the DVD and the result is in [.filename]#/path/to/video#, the following command should be used to burn the DVD-Video: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0 -dvd-video /path/to/video .... @@ -823,7 +823,7 @@ If an image of the DVD-Video file system already exists, it can be burned in the Unlike CD-RW, a virgin DVD+RW needs to be formatted before first use. It is _recommended_ to let man:growisofs[1] take care of this automatically whenever appropriate. However, it is possible to use `dvd+rw-format` to format the DVD+RW: -[source,bash] +[source,shell] .... # dvd+rw-format /dev/cd0 .... @@ -832,7 +832,7 @@ Only perform this operation once and keep in mind that only virgin DVD+RW medias To burn a totally new file system and not just append some data onto a DVD+RW, the media does not need to be blanked first. Instead, write over the previous recording like this: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0 -J -R /path/to/newdata .... @@ -841,7 +841,7 @@ The DVD+RW format supports appending data to a previous recording. This operatio For example, to append data to a DVD+RW, use the following: -[source,bash] +[source,shell] .... # growisofs -M /dev/cd0 -J -R /path/to/nextdata .... @@ -855,7 +855,7 @@ Use `-dvd-compat` for better media compatibility with DVD-ROM drives. When using To blank the media, use: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0=/dev/zero .... @@ -868,7 +868,7 @@ A virgin DVD-RW can be directly written without being formatted. However, a non- To blank a DVD-RW in sequential mode: -[source,bash] +[source,shell] .... # dvd+rw-format -blank=full /dev/cd0 .... @@ -877,7 +877,7 @@ To blank a DVD-RW in sequential mode: ==== A full blanking using `-blank=full` will take about one hour on a 1x media. A fast blanking can be performed using `-blank`, if the DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn the DVD-RW in DAO mode, use the command: -[source,bash] +[source,shell] .... # growisofs -use-the-force-luke=dao -Z /dev/cd0=imagefile.iso .... @@ -889,7 +889,7 @@ One should instead use restricted overwrite mode with any DVD-RW as this format To write data on a sequential DVD-RW, use the same instructions as for the other DVD formats: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0 -J -R /path/to/data .... @@ -900,14 +900,14 @@ A DVD-RW in restricted overwrite format does not need to be blanked before a new To put a DVD-RW in restricted overwrite format, the following command must be used: -[source,bash] +[source,shell] .... # dvd+rw-format /dev/cd0 .... To change back to sequential format, use: -[source,bash] +[source,shell] .... # dvd+rw-format -blank=full /dev/cd0 .... @@ -918,7 +918,7 @@ Few DVD-ROM drives support multi-session DVDs and most of the time only read the Using the following command after an initial non-closed session on a DVD+R, DVD-R, or DVD-RW in sequential format, will add a new session to the disc: -[source,bash] +[source,shell] .... # growisofs -M /dev/cd0 -J -R /path/to/nextdata .... @@ -953,7 +953,7 @@ hw.ata.atapi_dma="1" A DVD-RAM can be seen as a removable hard drive. Like any other hard drive, the DVD-RAM must be formatted before it can be used. In this example, the whole disk space will be formatted with a standard UFS2 file system: -[source,bash] +[source,shell] .... # dd if=/dev/zero of=/dev/acd0 bs=2k count=1 # bsdlabel -Bw acd0 @@ -964,7 +964,7 @@ The DVD device, [.filename]#acd0#, must be changed according to the configuratio Once the DVD-RAM has been formatted, it can be mounted as a normal hard drive: -[source,bash] +[source,shell] .... # mount /dev/acd0 /mnt .... @@ -984,7 +984,7 @@ A floppy disk needs to be low-level formatted before it can be used. This is usu . To format the floppy, insert a new 3.5 inch floppy disk into the first floppy drive and issue: + -[source,bash] +[source,shell] .... # /usr/sbin/fdformat -f 1440 /dev/fd0 .... @@ -993,7 +993,7 @@ A floppy disk needs to be low-level formatted before it can be used. This is usu + To write the disk label, use man:bsdlabel[8]: + -[source,bash] +[source,shell] .... # /sbin/bsdlabel -B -w /dev/fd0 fd1440 .... @@ -1002,7 +1002,7 @@ To write the disk label, use man:bsdlabel[8]: + To format the floppy with FAT, issue: + -[source,bash] +[source,shell] .... # /sbin/newfs_msdos /dev/fd0 .... @@ -1047,7 +1047,7 @@ The disk is now ready for use. To use the floppy, mount it with man:mount_msdosf [example] ==== -[source,bash] +[source,shell] .... # /sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \ targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz @@ -1061,7 +1061,7 @@ The disk is now ready for use. To use the floppy, mount it with man:mount_msdosf [example] ==== -[source,bash] +[source,shell] .... # env RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr .... @@ -1080,7 +1080,7 @@ The disk is now ready for use. To use the floppy, mount it with man:mount_msdosf [example] ==== -[source,bash] +[source,shell] .... # tar czvf /tmp/mybackup.tgz . .... @@ -1093,7 +1093,7 @@ The disk is now ready for use. To use the floppy, mount it with man:mount_msdosf [example] ==== -[source,bash] +[source,shell] .... # tar xzvf /tmp/mybackup.tgz .... @@ -1110,7 +1110,7 @@ The disk is now ready for use. To use the floppy, mount it with man:mount_msdosf [example] ==== -[source,bash] +[source,shell] .... # ls -R | cpio -ovF /tmp/mybackup.cpio .... @@ -1125,7 +1125,7 @@ The disk is now ready for use. To use the floppy, mount it with man:mount_msdosf [example] ==== -[source,bash] +[source,shell] .... # pax -wf /tmp/mybackup.pax . .... @@ -1141,7 +1141,7 @@ SCSI 磁帶機在 FreeBSD 會使用 man:sa[4] 驅動程式以及 [.filename]#/de 在 FreeBSD 中會使用 `mt` 來做磁帶機的控制操作,例如在磁帶中搜尋檔案或寫入磁帶控制記號到磁帶。例如,要保留磁帶上的前三個檔案,可以在寫入新檔案前跳過這些檔案: -[source,bash] +[source,shell] .... # mt -f /dev/nsa0 fsf 3 .... @@ -1150,28 +1150,28 @@ SCSI 磁帶機在 FreeBSD 會使用 man:sa[4] 驅動程式以及 [.filename]#/de 要使用 `tar` 寫入單一檔案到磁帶,可指定磁帶裝置的名稱以及要備份的檔案: -[source,bash] +[source,shell] .... # tar cvf /dev/sa0 file .... 要從磁帶上的 `tar` 封存檔還原檔案到目前的目錄可: -[source,bash] +[source,shell] .... # tar xvf /dev/sa0 .... 要備份一個 UFS 檔案系統可使用 `dump`。以下例子會備份 [.filename]#/usr# 並在完成時不做倒帶: -[source,bash] +[source,shell] .... # dump -0aL -b64 -f /dev/nsa0 /usr .... 要以互動的方式從磁帶上的 `dump` 檔案還原到目前目錄: -[source,bash] +[source,shell] .... # restore -i -f /dev/nsa0 .... @@ -1221,7 +1221,7 @@ device md To mount an existing file system image, use `mdconfig` to specify the name of the ISO file and a free unit number. Then, refer to that unit number to mount it on an existing mount point. Once mounted, the files in the ISO will appear in the mount point. This example attaches _diskimage.iso_ to the memory device [.filename]#/dev/md0# then mounts that memory device on [.filename]#/mnt#: -[source,bash] +[source,shell] .... # mdconfig -f diskimage.iso -u 0 # mount -t cd9660 /dev/md0 /mnt @@ -1231,7 +1231,7 @@ Notice that `-t cd9660` was used to mount an ISO format. If a unit number is not When a memory disk is no longer in use, its resources should be released back to the system. First, unmount the file system, then use `mdconfig` to detach the disk from the system and release its resources. To continue this example: -[source,bash] +[source,shell] .... # umount /mnt # mdconfig -d -u 0 @@ -1246,7 +1246,7 @@ FreeBSD also supports memory disks where the storage to use is allocated from ei To create a new memory-backed file system, specify a type of `swap` and the size of the memory disk to create. Then, format the memory disk with a file system and mount as usual. This example creates a 5M memory disk on unit `1`. That memory disk is then formatted with the UFS file system before it is mounted: -[source,bash] +[source,shell] .... # mdconfig -a -t swap -s 5m -u 1 # newfs -U md1 @@ -1263,7 +1263,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on To create a new file-backed memory disk, first allocate an area of disk to use. This example creates an empty 5MB file named [.filename]#newimage#: -[source,bash] +[source,shell] .... # dd if=/dev/zero of=newimage bs=1k count=5k 5120+0 records in @@ -1272,7 +1272,7 @@ To create a new file-backed memory disk, first allocate an area of disk to use. Next, attach that file to a memory disk, label the memory disk and format it with the UFS file system, mount the memory disk, and verify the size of the file-backed disk: -[source,bash] +[source,shell] .... # mdconfig -f newimage -u 0 # bsdlabel -w md0 auto @@ -1289,14 +1289,14 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on It takes several commands to create a file- or memory-backed file system using `mdconfig`. FreeBSD also comes with `mdmfs` which automatically configures a memory disk, formats it with the UFS file system, and mounts it. For example, after creating _newimage_ with `dd`, this one command is equivalent to running the `bsdlabel`, `newfs`, and `mount` commands shown above: -[source,bash] +[source,shell] .... # mdmfs -F newimage -s 5m md0 /mnt .... To instead create a new memory-based memory disk with `mdmfs`, use this one command: -[source,bash] +[source,shell] .... # mdmfs -s 5m md1 /mnt .... @@ -1314,21 +1314,21 @@ The un-alterable `snapshot` file flag is set by man:mksnap_ffs[8] after initial Snapshots are created using man:mount[8]. To place a snapshot of [.filename]#/var# in the file [.filename]#/var/snapshot/snap#, use the following command: -[source,bash] +[source,shell] .... # mount -u -o snapshot /var/snapshot/snap /var .... Alternatively, use man:mksnap_ffs[8] to create the snapshot: -[source,bash] +[source,shell] .... # mksnap_ffs /var /var/snapshot/snap .... One can find snapshot files on a file system, such as [.filename]#/var#, using man:find[1]: -[source,bash] +[source,shell] .... # find /var -flags snapshot .... @@ -1340,7 +1340,7 @@ Once a snapshot has been created, it has several uses: * Running man:dump[8] on the snapshot will produce a dump file that is consistent with the file system and the timestamp of the snapshot. man:dump[8] can also take a snapshot, create a dump image, and then remove the snapshot in one command by using `-L`. * The snapshot can be mounted as a frozen image of the file system. To man:mount[8] the snapshot [.filename]#/var/snapshot/snap# run: + -[source,bash] +[source,shell] .... # mdconfig -a -t vnode -o readonly -f /var/snapshot/snap -u 4 # mount -r /dev/md4 /mnt @@ -1348,7 +1348,7 @@ Once a snapshot has been created, it has several uses: The frozen [.filename]#/var# is now available through [.filename]#/mnt#. Everything will initially be in the same state it was during the snapshot creation time. The only exception is that any earlier snapshots will appear as zero length files. To unmount the snapshot, use: -[source,bash] +[source,shell] .... # umount /mnt # mdconfig -d -u 4 @@ -1367,7 +1367,7 @@ For more information about `softupdates` and file system snapshots, including te 查看 FreeBSD 核心是否支援磁碟配額: -[source,bash] +[source,shell] .... % sysctl kern.features.ufs_quota kern.features.ufs_quota: 1 @@ -1418,7 +1418,7 @@ check_quotas="NO" 要確認配額已經開啟,可執行: -[source,bash] +[source,shell] .... # quota -v .... @@ -1435,7 +1435,7 @@ check_quotas="NO" 在下面的例子中,會編輯 `test` 的配額。當執行 `edquota` 時,將會使用 `EDITOR` 指定的編輯器來編輯配額限制。預設的編輯器為 vi。 -[source,bash] +[source,shell] .... # edquota -u test Quotas for user test: @@ -1456,7 +1456,7 @@ Quotas for user test: 有時會想要針對一群使用者設定配額限,這時可以透過指定想要的配額給第一個使用者,若然後使用 `-p` 來複製配額到指定範圍的使用者 ID (UID)。以下指定將複製配額限制給 UID `10,000` 到 `19,999` 的使用者: -[source,bash] +[source,shell] .... # edquota -p test 10000-19999 .... @@ -1492,7 +1492,7 @@ rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad 然後重新啟動 `inetd`: -[source,bash] +[source,shell] .... # service inetd restart .... @@ -1514,7 +1514,7 @@ This facility provides several barriers to protect the data stored in each disk FreeBSD provides a kernel module for gbde which can be loaded with this command: -[source,bash] +[source,shell] .... # kldload geom_bde .... @@ -1533,7 +1533,7 @@ The following example demonstrates adding a new hard drive to a system that will + Install the new drive to the system as explained in <<disks-adding>>. For the purposes of this example, a new hard drive partition has been added as [.filename]#/dev/ad4s1c# and [.filename]#/dev/ad0s1*# represents the existing standard FreeBSD partitions. + -[source,bash] +[source,shell] .... # ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 @@ -1543,7 +1543,7 @@ Install the new drive to the system as explained in <<disks-adding>>. For the pu + . Create a Directory to Hold `gbde` Lock Files + -[source,bash] +[source,shell] .... # mkdir /etc/gbde .... @@ -1553,7 +1553,7 @@ The gbde lock file contains information that gbde requires to access encrypted p + A gbde partition must be initialized before it can be used. This initialization needs to be performed only once. This command will open the default editor, in order to set various configuration options in a template. For use with the UFS file system, set the sector_size to 2048: + -[source,bash] +[source,shell] .... # gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock # $FreeBSD: head/zh_TW.UTF-8/books/handbook/book.xml 53653 2019-12-03 17:05:41Z rcyu $ @@ -1571,14 +1571,14 @@ Lock files _must_ be backed up together with the contents of any encrypted parti + . Attach the Encrypted Partition to the Kernel + -[source,bash] +[source,shell] .... # gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock .... + This command will prompt to input the passphrase that was selected during the initialization of the encrypted partition. The new encrypted device will appear in [.filename]#/dev# as [.filename]#/dev/device_name.bde#: + -[source,bash] +[source,shell] .... # ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 @@ -1590,7 +1590,7 @@ This command will prompt to input the passphrase that was selected during the in + Once the encrypted device has been attached to the kernel, a file system can be created on the device. This example creates a UFS file system with soft updates enabled. Be sure to specify the partition which has a [.filename]#*.bde# extension: + -[source,bash] +[source,shell] .... # newfs -U /dev/ad4s1c.bde .... @@ -1599,7 +1599,7 @@ Once the encrypted device has been attached to the kernel, a file system can be + Create a mount point and mount the encrypted file system: + -[source,bash] +[source,shell] .... # mkdir /private # mount /dev/ad4s1c.bde /private @@ -1609,7 +1609,7 @@ Create a mount point and mount the encrypted file system: + The encrypted file system should now be visible and available for use: + -[source,bash] +[source,shell] .... % df -H Filesystem Size Used Avail Capacity Mounted on @@ -1637,7 +1637,7 @@ This requires that the passphrase be entered at the console at boot time. After ==== sysinstall is incompatible with gbde-encrypted devices. All [.filename]#*.bde# devices must be detached from the kernel before starting sysinstall or it will crash during its initial probing for devices. To detach the encrypted device used in the example, use the following command: -[source,bash] +[source,shell] .... # gbde detach /dev/ad4s1c .... @@ -1676,7 +1676,7 @@ geom_eli_load="YES" + To load the kernel module now: + -[source,bash] +[source,shell] .... # kldload geom_eli .... @@ -1693,7 +1693,7 @@ device crypto + The following commands generate a master key ([.filename]#/root/da2.key#) that is protected with a passphrase. The data source for the key file is [.filename]#/dev/random# and the sector size of the provider ([.filename]#/dev/da2.eli#) is 4kB as a bigger sector size provides better performance: + -[source,bash] +[source,shell] .... # dd if=/dev/random of=/root/da2.key bs=64 count=1 # geli init -s 4096 -K /root/da2.key /dev/da2 @@ -1705,7 +1705,7 @@ It is not mandatory to use both a passphrase and a key file as either method of + If the key file is given as "-", standard input will be used. For example, this command generates three key files: + -[source,bash] +[source,shell] .... # cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2 .... @@ -1714,7 +1714,7 @@ If the key file is given as "-", standard input will be used. For example, this + To attach the provider, specify the key file, the name of the disk, and the passphrase: + -[source,bash] +[source,shell] .... # geli attach -k /root/da2.key /dev/da2 Enter passphrase: @@ -1722,7 +1722,7 @@ Enter passphrase: + This creates a new device with an [.filename]#.eli# extension: + -[source,bash] +[source,shell] .... # ls /dev/da2* /dev/da2 /dev/da2.eli @@ -1732,7 +1732,7 @@ This creates a new device with an [.filename]#.eli# extension: + Next, format the device with the UFS file system and mount it on an existing mount point: + -[source,bash] +[source,shell] .... # dd if=/dev/random of=/dev/da2.eli bs=1m # newfs /dev/da2.eli @@ -1741,7 +1741,7 @@ Next, format the device with the UFS file system and mount it on an existing mou + The encrypted file system should now be available for use: + -[source,bash] +[source,shell] .... # df -H Filesystem Size Used Avail Capacity Mounted on @@ -1756,7 +1756,7 @@ Filesystem Size Used Avail Capacity Mounted on Once the work on the encrypted partition is done, and the [.filename]#/private# partition is no longer needed, it is prudent to put the device into cold storage by unmounting and detaching the `geli` encrypted partition from the kernel: -[source,bash] +[source,shell] .... # umount /private # geli detach da2.eli @@ -1783,7 +1783,7 @@ This section demonstrates how to configure an encrypted swap partition using man Swap partitions are not encrypted by default and should be cleared of any sensitive data before continuing. To overwrite the current swap partition with random garbage, execute the following command: -[source,bash] +[source,shell] .... # dd if=/dev/random of=/dev/ada0s1b bs=1m .... @@ -1832,7 +1832,7 @@ Once the system has rebooted, proper operation of the encrypted swap can be veri If man:gbde[8] is being used: -[source,bash] +[source,shell] .... % swapinfo Device 1K-blocks Used Avail Capacity @@ -1841,7 +1841,7 @@ Device 1K-blocks Used Avail Capacity If man:geli[8] is being used: -[source,bash] +[source,shell] .... % swapinfo Device 1K-blocks Used Avail Capacity @@ -1938,7 +1938,7 @@ It is also possible to use host names in the `remote` statements if the hosts ar Once the configuration exists on both nodes, the HAST pool can be created. Run these commands on both nodes to place the initial metadata onto the local disk and to start man:hastd[8]: -[source,bash] +[source,shell] .... # hastctl create test # service hastd onestart @@ -1951,21 +1951,21 @@ It is _not_ possible to use GEOM providers with an existing file system or to co A HAST node's `primary` or `secondary` role is selected by an administrator, or software like Heartbeat, using man:hastctl[8]. On the primary node, `hasta`, issue this command: -[source,bash] +[source,shell] .... # hastctl role primary test .... Run this command on the secondary node, `hastb`: -[source,bash] +[source,shell] .... # hastctl role secondary test .... Verify the result by running `hastctl` on each node: -[source,bash] +[source,shell] .... # hastctl status test .... @@ -1974,7 +1974,7 @@ Check the `status` line in the output. If it says `degraded`, something is wrong The next step is to create a file system on the GEOM provider and mount it. This must be done on the `primary` node. Creating the file system can take a few minutes, depending on the size of the hard drive. This example creates a UFS file system on [.filename]#/dev/hast/test#: -[source,bash] +[source,shell] .... # newfs -U /dev/hast/test # mkdir /hast/test @@ -2024,7 +2024,7 @@ If the systems are running FreeBSD 10 or higher, replace [.filename]#carp0# with Restart man:devd[8] on both nodes to put the new configuration into effect: -[source,bash] +[source,shell] .... # service devd restart .... @@ -2157,7 +2157,7 @@ _Split-brain_ occurs when the nodes of the cluster are unable to communicate wit The administrator must either decide which node has more important changes, or perform the merge manually. Then, let HAST perform full synchronization of the node which has the broken data. To do this, issue these commands on the node which needs to be resynchronized: -[source,bash] +[source,shell] .... # hastctl role init test # hastctl create test diff --git a/documentation/content/zh-tw/books/handbook/dtrace/_index.adoc b/documentation/content/zh-tw/books/handbook/dtrace/_index.adoc index 896511449f..70f8e2e5ee 100644 --- a/documentation/content/zh-tw/books/handbook/dtrace/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/dtrace/_index.adoc @@ -72,7 +72,7 @@ The official guide to DTrace is maintained by the Illumos project at http://dtra While the DTrace in FreeBSD is similar to that found in Solaris(TM), differences do exist. The primary difference is that in FreeBSD, DTrace is implemented as a set of kernel modules and DTrace can not be used until the modules are loaded. To load all of the necessary modules: -[source,bash] +[source,shell] .... # kldload dtraceall .... @@ -127,7 +127,7 @@ DTrace scripts consist of a list of one or more _probes_, or instrumentation poi To view all probes, the administrator can execute the following command: -[source,bash] +[source,shell] .... # dtrace -l | more .... @@ -138,7 +138,7 @@ The examples in this section provide an overview of how to use two of the fully The [.filename]#hotkernel# script is designed to identify which function is using the most kernel time. It will produce output similar to the following: -[source,bash] +[source,shell] .... # cd /usr/shared/dtrace/toolkit # ./hotkernel @@ -147,7 +147,7 @@ Sampling... Hit Ctrl-C to end. As instructed, use the kbd:[Ctrl+C] key combination to stop the process. Upon termination, the script will display a list of kernel functions and timing information, sorting the output in increasing order of time: -[source,bash] +[source,shell] .... kernel`_thread_lock_flags 2 0.0% 0xc1097063 2 0.0% @@ -179,7 +179,7 @@ kernel`sched_idletd 137 0.3% This script will also work with kernel modules. To use this feature, run the script with `-m`: -[source,bash] +[source,shell] .... # ./hotkernel -m Sampling... Hit Ctrl-C to end. @@ -201,7 +201,7 @@ kernel 874 0.4% The [.filename]#procsystime# script captures and prints the system call time usage for a given process ID (PID) or process name. In the following example, a new instance of [.filename]#/bin/csh# was spawned. Then, [.filename]#procsystime# was executed and remained waiting while a few commands were typed on the other incarnation of `csh`. These are the results of this test: -[source,bash] +[source,shell] .... # ./procsystime -n csh Tracing... Hit Ctrl-C to end... diff --git a/documentation/content/zh-tw/books/handbook/filesystems/_index.adoc b/documentation/content/zh-tw/books/handbook/filesystems/_index.adoc index 7973f47622..f6cd8f9cbc 100644 --- a/documentation/content/zh-tw/books/handbook/filesystems/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/filesystems/_index.adoc @@ -85,14 +85,14 @@ This driver can also be used to access ext3 and ext4 file systems. The man:ext2f To access an ext file system, first load the kernel loadable module: -[source,bash] +[source,shell] .... # kldload ext2fs .... Then, mount the ext volume by specifying its FreeBSD partition name and an existing mount point. This example mounts [.filename]#/dev/ad1s1# on [.filename]#/mnt#: -[source,bash] +[source,shell] .... # mount -t ext2fs /dev/ad1s1 /mnt .... diff --git a/documentation/content/zh-tw/books/handbook/firewalls/_index.adoc b/documentation/content/zh-tw/books/handbook/firewalls/_index.adoc index 5b62ead484..b0107b060d 100644 --- a/documentation/content/zh-tw/books/handbook/firewalls/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/firewalls/_index.adoc @@ -144,7 +144,7 @@ To use PF, its kernel module must be first loaded. This section describes the en Start by adding `pf_enable=yes` to [.filename]#/etc/rc.conf#: -[source,bash] +[source,shell] .... # sysrc pf_enable=yes .... @@ -165,7 +165,7 @@ pf_rules="/path/to/pf.conf" Logging support for PF is provided by man:pflog[4]. To enable logging support, add `pflog_enable=yes` to [.filename]#/etc/rc.conf#: -[source,bash] +[source,shell] .... # sysrc pflog_enable=yes .... @@ -187,7 +187,7 @@ gateway_enable="YES" # Enable as LAN gateway After saving the needed edits, PF can be started with logging support by typing: -[source,bash] +[source,shell] .... # service pf start # service pflog start @@ -242,7 +242,7 @@ pass out all keep state The first rule denies all incoming traffic by default. The second rule allows connections created by this system to pass out, while retaining state information on those connections. This state information allows return traffic for those connections to pass back and should only be used on machines that can be trusted. The ruleset can be loaded with: -[source,bash] +[source,shell] .... # pfctl -e ; pfctl -f /etc/pf.conf .... @@ -270,14 +270,14 @@ Even though UDP is considered to be a stateless protocol, PF is able to track so Whenever an edit is made to a ruleset, the new rules must be loaded so they can be used: -[source,bash] +[source,shell] .... # pfctl -f /etc/pf.conf .... If there are no syntax errors, `pfctl` will not output any messages during the rule load. Rules can also be tested before attempting to load them: -[source,bash] +[source,shell] .... # pfctl -nf /etc/pf.conf .... @@ -297,21 +297,21 @@ This section demonstrates how to configure a FreeBSD system running PF to act as First, enable the gateway to let the machine forward the network traffic it receives on one interface to another interface. This sysctl setting will forward IPv4 packets: -[source,bash] +[source,shell] .... # sysctl net.inet.ip.forwarding=1 .... To forward IPv6 traffic, use: -[source,bash] +[source,shell] .... # sysctl net.inet6.ip6.forwarding=1 .... To enable these settings at system boot, use man:sysrc[8] to add them to [.filename]#/etc/rc.conf#: -[source,bash] +[source,shell] .... # sysrc gateway_enable=yes # sysrc ipv6_gateway_enable=yes @@ -452,7 +452,7 @@ where `$proxy` expands to the address the proxy daemon is bound to. Save [.filename]#/etc/pf.conf#, load the new rules, and verify from a client that FTP connections are working: -[source,bash] +[source,shell] .... # pfctl -f /etc/pf.conf .... @@ -564,14 +564,14 @@ pass inet proto tcp from <clients> to any port $client_out flags S/SA keep state A table's contents can be manipulated live, using `pfctl`. This example adds another network to the table: -[source,bash] +[source,shell] .... # pfctl -t clients -T add 192.168.1.0/16 .... Note that any changes made this way will take affect now, making them ideal for testing, but will not survive a power failure or reboot. To make the changes permanent, modify the definition of the table in the ruleset or edit the file that the table refers to. One can maintain the on-disk copy of the table using a man:cron[8] job which dumps the table's contents to disk at regular intervals, using a command such as `pfctl -t clients -T show >/etc/clients`. Alternatively, [.filename]#/etc/clients# can be updated with the in-memory table contents: -[source,bash] +[source,shell] .... # pfctl -t clients -T replace -f /etc/clients .... @@ -650,7 +650,7 @@ Over time, tables will be filled by overload rules and their size will grow incr For situations like these, pfctl provides the ability to expire table entries. For example, this command will remove `<bruteforce>` table entries which have not been referenced for `86400` seconds: -[source,bash] +[source,shell] .... # pfctl -t bruteforce -T expire 86400 .... @@ -903,14 +903,14 @@ For those users who wish to statically compile IPFW support into a custom kernel To configure the system to enable IPFW at boot time, add `firewall_enable="YES"` to [.filename]#/etc/rc.conf#: -[source,bash] +[source,shell] .... # sysrc firewall_enable="YES" .... To use one of the default firewall types provided by FreeBSD, add another line which specifies the type: -[source,bash] +[source,shell] .... # sysrc firewall_type="open" .... @@ -931,14 +931,14 @@ Note that the `filename` type is used to load a custom ruleset. An alternate way to load a custom ruleset is to set the `firewall_script` variable to the absolute path of an _executable script_ that includes IPFW commands. The examples used in this section assume that the `firewall_script` is set to [.filename]#/etc/ipfw.rules#: -[source,bash] +[source,shell] .... # sysrc firewall_script="/etc/ipfw.rules" .... To enable logging through man:syslogd[8], include this line: -[source,bash] +[source,shell] .... # sysrc firewall_logging="YES" .... @@ -951,21 +951,21 @@ Only firewall rules with the `log` option will be logged. The default rules do n There is no [.filename]#/etc/rc.conf# variable to set logging limits. To limit the number of times a rule is logged per connection attempt, specify the number using this line in [.filename]#/etc/sysctl.conf#: -[source,bash] +[source,shell] .... # echo "net.inet.ip.fw.verbose_limit=5" >> /etc/sysctl.conf .... To enable logging through a dedicated interface named `ipfw0`, add this line to [.filename]#/etc/rc.conf# instead: -[source,bash] +[source,shell] .... # sysrc firewall_logif="YES" .... Then use tcpdump to see what is being logged: -[source,bash] +[source,shell] .... # tcpdump -t -n -i ipfw0 .... @@ -978,7 +978,7 @@ There is no overhead due to logging unless tcpdump is attached. After saving the needed edits, start the firewall. To enable logging limits now, also set the `sysctl` value specified above: -[source,bash] +[source,shell] .... # service ipfw start # sysctl net.inet.ip.fw.verbose_limit=5 @@ -1399,49 +1399,49 @@ redirect_address 192.168.0.3 128.1.1.3 To list all the running rules in sequence: -[source,bash] +[source,shell] .... # ipfw list .... To list all the running rules with a time stamp of when the last time the rule was matched: -[source,bash] +[source,shell] .... # ipfw -t list .... The next example lists accounting information and the packet count for matched rules along with the rules themselves. The first column is the rule number, followed by the number of matched packets and bytes, followed by the rule itself. -[source,bash] +[source,shell] .... # ipfw -a list .... To list dynamic rules in addition to static rules: -[source,bash] +[source,shell] .... # ipfw -d list .... To also show the expired dynamic rules: -[source,bash] +[source,shell] .... # ipfw -d -e list .... To zero the counters: -[source,bash] +[source,shell] .... # ipfw zero .... To zero the counters for just the rule with number _NUM_: -[source,bash] +[source,shell] .... # ipfw zero NUM .... @@ -1493,7 +1493,7 @@ The rules are not important as the focus of this example is how the symbolic sub If the above example was in [.filename]#/etc/ipfw.rules#, the rules could be reloaded by the following command: -[source,bash] +[source,shell] .... # sh /etc/ipfw.rules .... @@ -1502,7 +1502,7 @@ If the above example was in [.filename]#/etc/ipfw.rules#, the rules could be rel The same thing could be accomplished by running these commands by hand: -[source,bash] +[source,shell] .... # ipfw -q -f flush # ipfw -q add check-state @@ -1596,7 +1596,7 @@ Then, to start IPF now: To load the firewall rules, specify the name of the ruleset file using `ipf`. The following command can be used to replace the currently running firewall rules: -[source,bash] +[source,shell] .... # ipf -Fa -f /etc/ipf.rules .... @@ -1920,28 +1920,28 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state Whenever the file containing the NAT rules is edited, run `ipnat` with `-CF` to delete the current NAT rules and flush the contents of the dynamic translation table. Include `-f` and specify the name of the NAT ruleset to load: -[source,bash] +[source,shell] .... # ipnat -CF -f /etc/ipnat.rules .... To display the NAT statistics: -[source,bash] +[source,shell] .... # ipnat -s .... To list the NAT table's current mappings: -[source,bash] +[source,shell] .... # ipnat -l .... To turn verbose mode on and display information relating to rule processing and active rules and table entries: -[source,bash] +[source,shell] .... # ipnat -v .... @@ -1952,7 +1952,7 @@ IPF includes man:ipfstat[8] which can be used to retrieve and display statistics The default `ipfstat` output looks like this: -[source,bash] +[source,shell] .... input packets: blocked 99286 passed 1255609 nomatch 14686 counted 0 output packets: blocked 4200 passed 1284345 nomatch 14687 counted 0 @@ -1975,7 +1975,7 @@ input packets: blocked 99286 passed 1255609 nomatch 14686 counted 0 Several options are available. When supplied with either `-i` for inbound or `-o` for outbound, the command will retrieve and display the appropriate list of filter rules currently installed and in use by the kernel. To also see the rule numbers, include `-n`. For example, `ipfstat -on` displays the outbound rules table with rule numbers: -[source,bash] +[source,shell] .... @1 pass out on xl0 from any to any @2 block out on dc0 from any to any @@ -1984,7 +1984,7 @@ Several options are available. When supplied with either `-i` for inbound or `-o Include `-h` to prefix each rule with a count of how many times the rule was matched. For example, `ipfstat -oh` displays the outbound internal rules table, prefixing each rule with its usage count: -[source,bash] +[source,shell] .... 2451423 pass out on xl0 from any to any 354727 block out on dc0 from any to any @@ -2013,7 +2013,7 @@ Once the logging facility is enabled in [.filename]#rc.conf# and started with `s By default, `ipmon -Ds` mode uses `local0` as the logging facility. The following logging levels can be used to further segregate the logged data: -[source,bash] +[source,shell] .... LOG_INFO - packets logged using the "log" keyword as the action rather than pass or block. LOG_NOTICE - packets logged which are also passed @@ -2023,7 +2023,7 @@ LOG_ERR - packets which have been logged and which can be considered short due t In order to setup IPF to log all data to [.filename]#/var/log/ipfilter.log#, first create the empty file: -[source,bash] +[source,shell] .... # touch /var/log/ipfilter.log .... @@ -2065,14 +2065,14 @@ This chapter describes how to set up blacklistd, configure it, and provides exam The main configuration for blacklistd is stored in man:blacklistd.conf[5]. Various command line options are also available to change blacklistd's run-time behavior. Persistent configuration across reboots should be stored in [.filename]#/etc/blacklistd.conf#. To enable the daemon during system boot, add a `blacklistd_enable` line to [.filename]#/etc/rc.conf# like this: -[source,bash] +[source,shell] .... # sysrc blacklistd_enable=yes .... To start the service manually, run this command: -[source,bash] +[source,shell] .... # service blacklistd start .... @@ -2188,7 +2188,7 @@ That is all that is needed to make these programs talk to blacklistd. Blacklistd provides the user with a management utility called man:blacklistctl[8]. It displays blocked addresses and networks that are blacklisted by the rules defined in man:blacklistd.conf[5]. To see the list of currently blocked hosts, use `dump` combined with `-b` like this. -[source,bash] +[source,shell] .... # blacklistctl dump -b address/ma:port id nfail last access @@ -2199,7 +2199,7 @@ This example shows that there were 6 out of three permitted attempts on port 22 To see the remaining time that this host will be on the blacklist, add `-r` to the previous command. -[source,bash] +[source,shell] .... # blacklistctl dump -br address/ma:port id nfail remaining time @@ -2212,7 +2212,7 @@ In this example, there are 36s seconds left until this host will not be blocked Sometimes it is necessary to remove a host from the block list before the remaining time expires. Unfortunately, there is no functionality in blacklistd to do that. However, it is possible to remove the address from the PF table using pfctl. For each blocked port, there is a child anchor inside the blacklistd anchor defined in [.filename]#/etc/pf.conf#. For example, if there is a child anchor for blocking port 22 it is called `blacklistd/22`. There is a table inside that child anchor that contains the blocked addresses. This table is called port followed by the port number. In this example, it would be called `port22`. With that information at hand, it is now possible to use man:pfctl[8] to display all addresses listed like this: -[source,bash] +[source,shell] .... # pfctl -a blacklistd/22 -t port22 -T show ... @@ -2222,7 +2222,7 @@ Sometimes it is necessary to remove a host from the block list before the remain After identifying the address to be unblocked from the list, the following command removes it from the list: -[source,bash] +[source,shell] .... # pfctl -a blacklistd/22 -T delete 213.0.123.128/25 .... diff --git a/documentation/content/zh-tw/books/handbook/geom/_index.adoc b/documentation/content/zh-tw/books/handbook/geom/_index.adoc index eccfbb2954..0bc8f410c5 100644 --- a/documentation/content/zh-tw/books/handbook/geom/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/geom/_index.adoc @@ -88,7 +88,7 @@ The process for creating a software, GEOM-based RAID0 on a FreeBSD system using . Load the [.filename]#geom_stripe.ko# module: + -[source,bash] +[source,shell] .... # kldload geom_stripe .... @@ -96,7 +96,7 @@ The process for creating a software, GEOM-based RAID0 on a FreeBSD system using . Ensure that a suitable mount point exists. If this volume will become a root partition, then temporarily use another mount point such as [.filename]#/mnt#. . Determine the device names for the disks which will be striped, and create the new stripe device. For example, to stripe two unused and unpartitioned ATA disks with device names of [.filename]#/dev/ad2# and [.filename]#/dev/ad3#: + -[source,bash] +[source,shell] .... # gstripe label -v st0 /dev/ad2 /dev/ad3 Metadata value stored on /dev/ad2. @@ -106,14 +106,14 @@ Done. + . Write a standard label, also known as a partition table, on the new volume and install the default bootstrap code: + -[source,bash] +[source,shell] .... # bsdlabel -wB /dev/stripe/st0 .... + . This process should create two other devices in [.filename]#/dev/stripe# in addition to [.filename]#st0#. Those include [.filename]#st0a# and [.filename]#st0c#. At this point, a UFS file system can be created on [.filename]#st0a# using `newfs`: + -[source,bash] +[source,shell] .... # newfs -U /dev/stripe/st0a .... @@ -121,14 +121,14 @@ Done. Many numbers will glide across the screen, and after a few seconds, the process will be complete. The volume has been created and is ready to be mounted. . To manually mount the created disk stripe: + -[source,bash] +[source,shell] .... # mount /dev/stripe/st0a /mnt .... + . To mount this striped file system automatically during the boot process, place the volume information in [.filename]#/etc/fstab#. In this example, a permanent mount point, named [.filename]#stripe#, is created: + -[source,bash] +[source,shell] .... # mkdir /stripe # echo "/dev/stripe/st0a /stripe ufs rw 2 2" \ @@ -137,7 +137,7 @@ Many numbers will glide across the screen, and after a few seconds, the process + . The [.filename]#geom_stripe.ko# module must also be automatically loaded during system initialization, by adding a line to [.filename]#/boot/loader.conf#: + -[source,bash] +[source,shell] .... # sysrc -f /boot/loader.conf geom_stripe_load=YES .... @@ -171,21 +171,21 @@ Many disk systems store metadata at the end of each disk. Old metadata should be GPT metadata can be erased with man:gpart[8]. This example erases both primary and backup GPT partition tables from disk [.filename]#ada8#: -[source,bash] +[source,shell] .... # gpart destroy -F ada8 .... A disk can be removed from an active mirror and the metadata erased in one step using man:gmirror[8]. Here, the example disk [.filename]#ada8# is removed from the active mirror [.filename]#gm4#: -[source,bash] +[source,shell] .... # gmirror remove gm4 ada8 .... If the mirror is not running, but old mirror metadata is still on the disk, use `gmirror clear` to remove it: -[source,bash] +[source,shell] .... # gmirror clear ada8 .... @@ -199,14 +199,14 @@ In this example, FreeBSD has already been installed on a single disk, [.filename The [.filename]#geom_mirror.ko# kernel module must either be built into the kernel or loaded at boot- or run-time. Manually load the kernel module now: -[source,bash] +[source,shell] .... # gmirror load .... Create the mirror with the two new drives: -[source,bash] +[source,shell] .... # gmirror label -v gm0 /dev/ada1 /dev/ada2 .... @@ -217,7 +217,7 @@ MBR and bsdlabel partition tables can now be created on the mirror with man:gpar Partitions on the mirror do not have to be the same size as those on the existing disk, but they must be large enough to hold all the data already present on [.filename]#ada0#. -[source,bash] +[source,shell] .... # gpart create -s MBR mirror/gm0 # gpart add -t freebsd -a 4k mirror/gm0 @@ -228,7 +228,7 @@ Partitions on the mirror do not have to be the same size as those on the existin 156301425 61 - free - (30k) .... -[source,bash] +[source,shell] .... # gpart create -s BSD mirror/gm0s1 # gpart add -t freebsd-ufs -a 4k -s 2g mirror/gm0s1 @@ -249,7 +249,7 @@ Partitions on the mirror do not have to be the same size as those on the existin Make the mirror bootable by installing bootcode in the MBR and bsdlabel and setting the active slice: -[source,bash] +[source,shell] .... # gpart bootcode -b /boot/mbr mirror/gm0 # gpart set -a active -i 1 mirror/gm0 @@ -258,7 +258,7 @@ Make the mirror bootable by installing bootcode in the MBR and bsdlabel and sett Format the file systems on the new mirror, enabling soft-updates. -[source,bash] +[source,shell] .... # newfs -U /dev/mirror/gm0s1a # newfs -U /dev/mirror/gm0s1d @@ -268,7 +268,7 @@ Format the file systems on the new mirror, enabling soft-updates. File systems from the original [.filename]#ada0# disk can now be copied onto the mirror with man:dump[8] and man:restore[8]. -[source,bash] +[source,shell] .... # mount /dev/mirror/gm0s1a /mnt # dump -C16 -b64 -0aL -f - / | (cd /mnt && restore -rf -) @@ -312,14 +312,14 @@ In this example, FreeBSD has already been installed on a single disk, [.filename Load the [.filename]#geom_mirror.ko# kernel module: -[source,bash] +[source,shell] .... # gmirror load .... Check the media size of the original disk with `diskinfo`: -[source,bash] +[source,shell] .... # diskinfo -v ada0 | head -n3 /dev/ada0 @@ -329,7 +329,7 @@ Check the media size of the original disk with `diskinfo`: Create a mirror on the new disk. To make certain that the mirror capacity is not any larger than the original [.filename]#ada0# drive, man:gnop[8] is used to create a fake drive of the exact same size. This drive does not store any data, but is used only to limit the size of the mirror. When man:gmirror[8] creates the mirror, it will restrict the capacity to the size of [.filename]#gzero.nop#, even if the new [.filename]#ada1# drive has more space. Note that the _1000204821504_ in the second line is equal to [.filename]#ada0#'s media size as shown by `diskinfo` above. -[source,bash] +[source,shell] .... # geom zero load # gnop create -s 1000204821504 gzero @@ -343,7 +343,7 @@ After creating [.filename]#gm0#, view the partition table on [.filename]#ada0#. However, if the output shows that all of the space on the disk is allocated, as in the following listing, there is no space available for the 512-byte mirror metadata at the end of the disk. -[source,bash] +[source,shell] .... # gpart show ada0 => 63 1953525105 ada0 MBR (931G) @@ -354,7 +354,7 @@ In this case, the partition table must be edited to reduce the capacity by one s In either case, partition tables on the primary disk should be first copied using `gpart backup` and `gpart restore`. -[source,bash] +[source,shell] .... # gpart backup ada0 > table.ada0 # gpart backup ada0s1 > table.ada0s1 @@ -362,14 +362,14 @@ In either case, partition tables on the primary disk should be first copied usin These commands create two files, [.filename]#table.ada0# and [.filename]#table.ada0s1#. This example is from a 1 TB drive: -[source,bash] +[source,shell] .... # cat table.ada0 MBR 4 1 freebsd 63 1953525105 [active] .... -[source,bash] +[source,shell] .... # cat table.ada0s1 BSD 8 @@ -383,14 +383,14 @@ BSD 8 If no free space is shown at the end of the disk, the size of both the slice and the last partition must be reduced by one sector. Edit the two files, reducing the size of both the slice and last partition by one. These are the last numbers in each listing. -[source,bash] +[source,shell] .... # cat table.ada0 MBR 4 1 freebsd 63 1953525104 [active] .... -[source,bash] +[source,shell] .... # cat table.ada0s1 BSD 8 @@ -406,7 +406,7 @@ If at least one sector was unallocated at the end of the disk, these two files c Now restore the partition table into [.filename]#mirror/gm0#: -[source,bash] +[source,shell] .... # gpart restore mirror/gm0 < table.ada0 # gpart restore mirror/gm0s1 < table.ada0s1 @@ -414,7 +414,7 @@ Now restore the partition table into [.filename]#mirror/gm0#: Check the partition table with `gpart show`. This example has [.filename]#gm0s1a# for [.filename]#/#, [.filename]#gm0s1d# for [.filename]#/var#, [.filename]#gm0s1e# for [.filename]#/usr#, [.filename]#gm0s1f# for [.filename]#/data1#, and [.filename]#gm0s1g# for [.filename]#/data2#. -[source,bash] +[source,shell] .... # gpart show mirror/gm0 => 63 1953525104 mirror/gm0 MBR (931G) @@ -436,7 +436,7 @@ Both the slice and the last partition must have at least one free block at the e Create file systems on these new partitions. The number of partitions will vary to match the original disk, [.filename]#ada0#. -[source,bash] +[source,shell] .... # newfs -U /dev/mirror/gm0s1a # newfs -U /dev/mirror/gm0s1d @@ -447,7 +447,7 @@ Create file systems on these new partitions. The number of partitions will vary Make the mirror bootable by installing bootcode in the MBR and bsdlabel and setting the active slice: -[source,bash] +[source,shell] .... # gpart bootcode -b /boot/mbr mirror/gm0 # gpart set -a active -i 1 mirror/gm0 @@ -456,7 +456,7 @@ Make the mirror bootable by installing bootcode in the MBR and bsdlabel and sett Adjust [.filename]#/etc/fstab# to use the new partitions on the mirror. Back up this file first by copying it to [.filename]#/etc/fstab.orig#. -[source,bash] +[source,shell] .... # cp /etc/fstab /etc/fstab.orig .... @@ -483,7 +483,7 @@ geom_mirror_load="YES" File systems from the original disk can now be copied onto the mirror with man:dump[8] and man:restore[8]. Each file system dumped with `dump -L` will create a snapshot first, which can take some time. -[source,bash] +[source,shell] .... # mount /dev/mirror/gm0s1a /mnt # dump -C16 -b64 -0aL -f - / | (cd /mnt && restore -rf -) @@ -508,7 +508,7 @@ After booting from [.filename]#mirror/gm0# successfully, the final step is inser When [.filename]#ada0# is inserted into the mirror, its former contents will be overwritten by data from the mirror. Make certain that [.filename]#mirror/gm0# has the same contents as [.filename]#ada0# before adding [.filename]#ada0# to the mirror. If the contents previously copied by man:dump[8] and man:restore[8] are not identical to what was on [.filename]#ada0#, revert [.filename]#/etc/fstab# to mount the file systems on [.filename]#ada0#, reboot, and start the whole procedure again. ==== -[source,bash] +[source,shell] .... # gmirror insert gm0 ada0 GEOM_MIRROR: Device gm0: rebuilding provider ada0 @@ -516,7 +516,7 @@ GEOM_MIRROR: Device gm0: rebuilding provider ada0 Synchronization between the two disks will start immediately. Use `gmirror status` to view the progress. -[source,bash] +[source,shell] .... # gmirror status Name Status Components @@ -526,7 +526,7 @@ mirror/gm0 DEGRADED ada1 (ACTIVE) After a while, synchronization will finish. -[source,bash] +[source,shell] .... GEOM_MIRROR: Device gm0: rebuilding provider ada0 finished. # gmirror status @@ -544,7 +544,7 @@ If the system no longer boots, BIOS settings may have to be changed to boot from If the boot stops with this message, something is wrong with the mirror device: -[source,bash] +[source,shell] .... Mounting from ufs:/dev/mirror/gm0s1a failed with error 19. @@ -571,7 +571,7 @@ mountroot> Forgetting to load the [.filename]#geom_mirror.ko# module in [.filename]#/boot/loader.conf# can cause this problem. To fix it, boot from a FreeBSD installation media and choose `Shell` at the first prompt. Then load the mirror module and mount the mirror device: -[source,bash] +[source,shell] .... # gmirror load # mount /dev/mirror/gm0s1a /mnt @@ -588,7 +588,7 @@ Save the file and reboot. Other problems that cause `error 19` require more effort to fix. Although the system should boot from [.filename]#ada0#, another prompt to select a shell will appear if [.filename]#/etc/fstab# is incorrect. Enter `ufs:/dev/ada0s1a` at the boot loader prompt and press kbd:[Enter]. Undo the edits in [.filename]#/etc/fstab# then mount the file systems from the original disk ([.filename]#ada0#) instead of the mirror. Reboot the system and try the procedure again. -[source,bash] +[source,shell] .... Enter full pathname of shell or RETURN for /bin/sh: # cp /etc/fstab.orig /etc/fstab @@ -603,14 +603,14 @@ To replace the failed drive, shut down the system and physically replace the fai After the computer is powered back up, the mirror will be running in a "degraded" mode with only one drive. The mirror is told to forget drives that are not currently connected: -[source,bash] +[source,shell] .... # gmirror forget gm0 .... Any old metadata should be cleared from the replacement disk using the instructions in <<geom-mirror-metadata>>. Then the replacement disk, [.filename]#ada4# for this example, is inserted into the mirror: -[source,bash] +[source,shell] .... # gmirror insert gm0 /dev/ada4 .... @@ -642,28 +642,28 @@ In FreeBSD, support for RAID3 is implemented by the man:graid3[8]GEOM class. Cre . First, load the [.filename]#geom_raid3.ko# kernel module by issuing one of the following commands: + -[source,bash] +[source,shell] .... # graid3 load .... + or: + -[source,bash] +[source,shell] .... # kldload geom_raid3 .... + . Ensure that a suitable mount point exists. This command creates a new directory to use as the mount point: + -[source,bash] +[source,shell] .... # mkdir /multimedia .... + . Determine the device names for the disks which will be added to the array, and create the new RAID3 device. The final device listed will act as the dedicated parity disk. This example uses three unpartitioned ATA drives: [.filename]#ada1# and [.filename]#ada2# for data, and [.filename]#ada3# for parity. + -[source,bash] +[source,shell] .... # graid3 label -v gr0 /dev/ada1 /dev/ada2 /dev/ada3 Metadata value stored on /dev/ada1. @@ -674,7 +674,7 @@ Done. + . Partition the newly created [.filename]#gr0# device and put a UFS file system on it: + -[source,bash] +[source,shell] .... # gpart create -s GPT /dev/raid3/gr0 # gpart add -t freebsd-ufs /dev/raid3/gr0 @@ -683,7 +683,7 @@ Done. + Many numbers will glide across the screen, and after a bit of time, the process will be complete. The volume has been created and is ready to be mounted: + -[source,bash] +[source,shell] .... # mount /dev/raid3/gr0p1 /multimedia/ .... @@ -733,7 +733,7 @@ Software RAID devices often have a menu that can be entered by pressing special Some space on the drives will be overwritten when they are made into a new array. Back up existing data first! ==== -[source,bash] +[source,shell] .... # graid label Intel gm0 RAID1 ada0 ada1 GEOM_RAID: Intel-a29ea104: Array Intel-a29ea104 created. @@ -749,7 +749,7 @@ GEOM_RAID: Intel-a29ea104: Provider raid/r0 for volume gm0 created. A status check shows the new mirror is ready for use: -[source,bash] +[source,shell] .... # graid status Name Status Components @@ -761,7 +761,7 @@ The array device appears in [.filename]#/dev/raid/#. The first array is called [ The BIOS menu on some of these devices can create arrays with special characters in their names. To avoid problems with those special characters, arrays are given simple numbered names like [.filename]#r0#. To show the actual labels, like [.filename]#gm0# in the example above, use man:sysctl[8]: -[source,bash] +[source,shell] .... # sysctl kern.geom.raid.name_format=1 .... @@ -771,7 +771,7 @@ The BIOS menu on some of these devices can create arrays with special characters Some software RAID devices support more than one _volume_ on an array. Volumes work like partitions, allowing space on the physical drives to be split and used in different ways. For example, Intel software RAID devices support two volumes. This example creates a 40 G mirror for safely storing the operating system, followed by a 20 G RAID0 (stripe) volume for fast temporary storage: -[source,bash] +[source,shell] .... # graid label -S 40G Intel gm0 RAID1 ada0 ada1 # graid add -S 20G gm0 RAID0 @@ -791,14 +791,14 @@ Under certain specific conditions, it is possible to convert an existing single If the drive meets these requirements, start by making a full backup. Then create a single-drive mirror with that drive: -[source,bash] +[source,shell] .... # graid label Intel gm0 RAID1 ada0 NONE .... man:graid[8] metadata was written to the end of the drive in the unused space. A second drive can now be inserted into the mirror: -[source,bash] +[source,shell] .... # graid insert raid/r0 ada1 .... @@ -812,7 +812,7 @@ Drives can be inserted into an array as replacements for drives that have failed In the example mirror array, data immediately begins to be copied to the newly-inserted drive. Any existing information on the new drive will be overwritten. -[source,bash] +[source,shell] .... # graid insert raid/r0 ada1 GEOM_RAID: Intel-a29ea104: Disk ada1 state changed from NONE to ACTIVE. @@ -826,7 +826,7 @@ GEOM_RAID: Intel-a29ea104: Subdisk gm0:1-ada1 rebuild start at 0. Individual drives can be permanently removed from a from an array and their metadata erased: -[source,bash] +[source,shell] .... # graid remove raid/r0 ada1 GEOM_RAID: Intel-a29ea104: Disk ada1 state changed from ACTIVE to OFFLINE. @@ -839,7 +839,7 @@ GEOM_RAID: Intel-a29ea104: Volume gm0 state changed from OPTIMAL to DEGRADED. An array can be stopped without removing metadata from the drives. The array will be restarted when the system is booted. -[source,bash] +[source,shell] .... # graid stop raid/r0 .... @@ -849,7 +849,7 @@ An array can be stopped without removing metadata from the drives. The array wil Array status can be checked at any time. After a drive was added to the mirror in the example above, data is being copied from the original drive to the new drive: -[source,bash] +[source,shell] .... # graid status Name Status Components @@ -859,7 +859,7 @@ raid/r0 DEGRADED ada0 (ACTIVE (ACTIVE)) Some types of arrays, like `RAID0` or `CONCAT`, may not be shown in the status report if disks have failed. To see these partially-failed arrays, add `-ga`: -[source,bash] +[source,shell] .... # graid status -ga Name Status Components @@ -871,7 +871,7 @@ Intel-e2d07d9a BROKEN ada6 (ACTIVE (ACTIVE)) Arrays are destroyed by deleting all of the volumes from them. When the last volume present is deleted, the array is stopped and metadata is removed from the drives: -[source,bash] +[source,shell] .... # graid delete raid/r0 .... @@ -886,7 +886,7 @@ Drives may unexpectedly contain man:graid[8] metadata, either from previous use . Boot the system. At the boot menu, select `2` for the loader prompt. Enter: + -[source,bash] +[source,shell] .... OK set kern.geom.raid.enable=0 OK boot @@ -905,7 +905,7 @@ to [.filename]#/boot/loader.conf#. + To permanently remove the man:graid[8] metadata from the affected drive, boot a FreeBSD installation CD-ROM or memory stick, and select `Shell`. Use `status` to find the name of the array, typically `raid/r0`: + -[source,bash] +[source,shell] .... # graid status Name Status Components @@ -915,7 +915,7 @@ raid/r0 OPTIMAL ada0 (ACTIVE (ACTIVE)) + Delete the volume by name: + -[source,bash] +[source,shell] .... # graid delete raid/r0 .... @@ -939,7 +939,7 @@ Similar to NFS, which is discussed in crossref:network-servers[network-nfs,網 Before exporting the device, ensure it is not currently mounted. Then, start ggated: -[source,bash] +[source,shell] .... # ggated .... @@ -948,7 +948,7 @@ Several options are available for specifying an alternate listening port or chan To access the exported device on the client machine, first use `ggatec` to specify the IP address of the server and the device name of the exported device. If successful, this command will display a `ggate` device name to mount. Mount that specified device name on a free mount point. This example connects to the [.filename]#/dev/da0s4d# partition on `192.168.1.1`, then mounts [.filename]#/dev/ggate0# on [.filename]#/mnt#: -[source,bash] +[source,shell] .... # ggatec create -o rw 192.168.1.1 /dev/da0s4d ggate0 @@ -986,7 +986,7 @@ Temporary labels are destroyed at the next reboot. These labels are created in [ To create a permanent label for a UFS2 file system without destroying any data, issue the following command: -[source,bash] +[source,shell] .... # tunefs -L home /dev/da3 .... @@ -1005,7 +1005,7 @@ The file system must not be mounted while attempting to run `tunefs`. Now the file system may be mounted: -[source,bash] +[source,shell] .... # mount /home .... @@ -1016,7 +1016,7 @@ File systems may also be created with a default label by using the `-L` flag wit The following command can be used to destroy the label: -[source,bash] +[source,shell] .... # glabel destroy home .... @@ -1030,7 +1030,7 @@ By permanently labeling the partitions on the boot disk, the system should be ab Reboot the system, and at the man:loader[8] prompt, press kbd:[4] to boot into single user mode. Then enter the following commands: -[source,bash] +[source,shell] .... # glabel label rootfs /dev/ad0s1a GEOM_LABEL: Label for provider /dev/ad0s1a is label/rootfs @@ -1059,7 +1059,7 @@ The system will continue with multi-user boot. After the boot completes, edit [. The system can now be rebooted. If everything went well, it will come up normally and `mount` will show: -[source,bash] +[source,shell] .... # mount /dev/label/rootfs on / (ufs, local) @@ -1073,7 +1073,7 @@ devfs on /dev (devfs, local) The man:glabel[8] class supports a label type for UFS file systems, based on the unique file system id, `ufsid`. These labels may be found in [.filename]#/dev/ufsid# and are created automatically during system startup. It is possible to use `ufsid` labels to mount partitions using [.filename]#/etc/fstab#. Use `glabel status` to receive a list of file systems and their corresponding `ufsid` labels: -[source,bash] +[source,shell] .... % glabel status Name Status Components @@ -1116,7 +1116,7 @@ options GEOM_JOURNAL Once the module is loaded, a journal can be created on a new file system using the following steps. In this example, [.filename]#da4# is a new SCSI disk: -[source,bash] +[source,shell] .... # gjournal load # gjournal label /dev/da4 @@ -1126,7 +1126,7 @@ This will load the module and create a [.filename]#/dev/da4.journal# device node A UFS file system may now be created on the journaled device, then mounted on an existing mount point: -[source,bash] +[source,shell] .... # newfs -O 2 -J /dev/da4.journal # mount /dev/da4.journal /mnt diff --git a/documentation/content/zh-tw/books/handbook/jails/_index.adoc b/documentation/content/zh-tw/books/handbook/jails/_index.adoc index 8e91c7f3f0..009ca198c7 100644 --- a/documentation/content/zh-tw/books/handbook/jails/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/jails/_index.adoc @@ -107,7 +107,7 @@ Jail 環境的控制系統。 主機系統可以存取所有可用的硬體資 啟動 Shell 並定義 `DESTDIR`: -[source,bash] +[source,shell] .... # sh # export DESTDIR=/here/is/the/jail @@ -115,7 +115,7 @@ Jail 環境的控制系統。 主機系統可以存取所有可用的硬體資 當使用安裝 ISO 時,可依 man:mdconfig[8] 中的說明掛載安裝媒體: -[source,bash] +[source,shell] .... # mount -t cd9660 /dev/`mdconfig -f cdimage.iso` /mnt # cd /mnt/usr/freebsd-dist/ @@ -123,7 +123,7 @@ Jail 環境的控制系統。 主機系統可以存取所有可用的硬體資 或者自鏡像站下載 Tarball 壓縮檔: -[source,bash] +[source,shell] .... # sh # export DESTRELEASE=12.0-RELEASE @@ -136,21 +136,21 @@ Jail 環境的控制系統。 主機系統可以存取所有可用的硬體資 只安裝基礎系統 (Base system): -[source,bash] +[source,shell] .... # tar -xf base.txz -C $DESTDIR .... 安裝全部不含核心: -[source,bash] +[source,shell] .... # for set in base ports; do tar -xf $set.txz -C $DESTDIR ; done .... 依 man:jail[8] 操作手冊說明的程序建置 Jail: -[source,bash] +[source,shell] .... # setenv D /here/is/the/jail # mkdir -p $D <.> @@ -210,7 +210,7 @@ jail_enable="YES" # Set to NO to disable starting of any jails 若 Jail 項目已經在 [.filename]#jail.conf# 中設定好,可以手動用 man:service[8] 來啟動或停止某個 Jail 項目: -[source,bash] +[source,shell] .... # service jail start www # service jail stop www @@ -218,7 +218,7 @@ jail_enable="YES" # Set to NO to disable starting of any jails Jail 可以使用 man:jexec[8] 來關機。先使用 man:jls[8] 來辦識 Jail 的 `JID`,然後使用 man:jexec[8] 在該 Jail 中執行關機 Script。 -[source,bash] +[source,shell] .... # jls JID IP Address Hostname Path @@ -256,7 +256,7 @@ The base system of FreeBSD contains a basic set of tools for viewing information * Print a list of active jails and their corresponding jail identifier (JID), IP address, hostname and path. * Attach to a running jail, from its host system, and run a command inside the jail or perform administrative tasks inside the jail itself. This is especially useful when the `root` user wants to cleanly shut down a jail. The man:jexec[8] utility can also be used to start a shell in a jail to do administration in it; for example: + -[source,bash] +[source,shell] .... # jexec 1 tcsh .... @@ -271,7 +271,7 @@ Among the many third-party utilities for jail administration, one of the most co Jails should be kept up to date from the host operating system as attempting to patch userland from within the jail may likely fail as the default behavior in FreeBSD is to disallow the use of man:chflags[1] in a jail which prevents the replacement of some files. It is possible to change this behavior but it is recommended to use man:freebsd-update[8] to maintain jails instead. Use `-b` to specify the path of the jail to be updated. -[source,bash] +[source,shell] .... # freebsd-update -b /here/is/the/jail fetch # freebsd-update -b /here/is/the/jail install @@ -322,7 +322,7 @@ It is recommended to first update the host FreeBSD system to the latest -RELEASE . First, create a directory structure for the read-only file system which will contain the FreeBSD binaries for the jails. Then, change directory to the FreeBSD source tree and install the read-only file system to the jail template: + -[source,bash] +[source,shell] .... # mkdir /home/j /home/j/mroot # cd /usr/src @@ -331,7 +331,7 @@ It is recommended to first update the host FreeBSD system to the latest -RELEASE + . Next, prepare a FreeBSD Ports Collection for the jails as well as a FreeBSD source tree, which is required for mergemaster: + -[source,bash] +[source,shell] .... # cd /home/j/mroot # mkdir usr/ports @@ -341,7 +341,7 @@ It is recommended to first update the host FreeBSD system to the latest -RELEASE + . Create a skeleton for the read-write portion of the system: + -[source,bash] +[source,shell] .... # mkdir /home/j/skel /home/j/skel/home /home/j/skel/usr-X11R6 /home/j/skel/distfiles # mv etc /home/j/skel @@ -353,7 +353,7 @@ It is recommended to first update the host FreeBSD system to the latest -RELEASE + . Use mergemaster to install missing configuration files. Then, remove the extra directories that mergemaster creates: + -[source,bash] +[source,shell] .... # mergemaster -t /home/j/skel/var/tmp/temproot -D /home/j/skel -i # cd /home/j/skel @@ -362,7 +362,7 @@ It is recommended to first update the host FreeBSD system to the latest -RELEASE + . Now, symlink the read-write file system to the read-only file system. Ensure that the symlinks are created in the correct [.filename]#s/# locations as the creation of directories in the wrong locations will cause the installation to fail. + -[source,bash] +[source,shell] .... # cd /home/j/mroot # mkdir s @@ -431,14 +431,14 @@ jail_www_devfs_enable="YES" The `jail__name__rootdir` variable is set to [.filename]#/usr/home# instead of [.filename]#/home# because the physical path of [.filename]#/home# on a default FreeBSD installation is [.filename]#/usr/home#. The `jail__name__rootdir` variable must _not_ be set to a path which includes a symbolic link, otherwise the jails will refuse to start. . Create the required mount points for the read-only file system of each jail: + -[source,bash] +[source,shell] .... # mkdir /home/j/ns /home/j/mail /home/j/www .... + . Install the read-write template into each jail using package:sysutils/cpdup[]: + -[source,bash] +[source,shell] .... # mkdir /home/js # cpdup /home/j/skel /home/js/ns @@ -448,7 +448,7 @@ The `jail__name__rootdir` variable is set to [.filename]#/usr/home# instead of [ + . In this phase, the jails are built and prepared to run. First, mount the required file systems for each jail, and then start them: + -[source,bash] +[source,shell] .... # mount -a # service jail start @@ -457,7 +457,7 @@ The `jail__name__rootdir` variable is set to [.filename]#/usr/home# instead of [ The jails should be running now. To check if they have started correctly, use `jls`. Its output should be similar to the following: -[source,bash] +[source,shell] .... # jls JID IP Address Hostname Path @@ -468,7 +468,7 @@ The jails should be running now. To check if they have started correctly, use `j At this point, it should be possible to log onto each jail, add new users, or configure daemons. The `JID` column indicates the jail identification number of each running jail. Use the following command to perform administrative tasks in the jail whose JID is `3`: -[source,bash] +[source,shell] .... # jexec 3 tcsh .... @@ -483,7 +483,7 @@ The design of this setup provides an easy way to upgrade existing jails while mi . The first step is to upgrade the host system. Then, create a new temporary read-only template in [.filename]#/home/j/mroot2#. + -[source,bash] +[source,shell] .... # mkdir /home/j/mroot2 # cd /usr/src @@ -495,7 +495,7 @@ The design of this setup provides an easy way to upgrade existing jails while mi + The `installworld` creates a few unnecessary directories, which should be removed: + -[source,bash] +[source,shell] .... # chflags -R 0 var # rm -R etc var root usr/local tmp @@ -503,7 +503,7 @@ The `installworld` creates a few unnecessary directories, which should be remove + . Recreate the read-write symlinks for the master file system: + -[source,bash] +[source,shell] .... # ln -s s/etc etc # ln -s s/root root @@ -516,14 +516,14 @@ The `installworld` creates a few unnecessary directories, which should be remove + . Next, stop the jails: + -[source,bash] +[source,shell] .... # service jail stop .... + . Unmount the original file systems as the read-write systems are attached to the read-only system ([.filename]#/s#): + -[source,bash] +[source,shell] .... # umount /home/j/ns/s # umount /home/j/ns @@ -535,7 +535,7 @@ The `installworld` creates a few unnecessary directories, which should be remove + . Move the old read-only file system and replace it with the new one. This will serve as a backup and archive of the old read-only file system should something go wrong. The naming convention used here corresponds to when a new read-only file system has been created. Move the original FreeBSD Ports Collection over to the new file system to save some space and inodes: + -[source,bash] +[source,shell] .... # cd /home/j # mv mroot mroot.20060601 @@ -545,7 +545,7 @@ The `installworld` creates a few unnecessary directories, which should be remove + . At this point the new read-only template is ready, so the only remaining task is to remount the file systems and start the jails: + -[source,bash] +[source,shell] .... # mount -a # service jail start @@ -579,7 +579,7 @@ cloned_interfaces="lo1" + The second loopback interface `lo1` will be created when the system starts. It can also be created manually without a restart: + -[source,bash] +[source,shell] .... # service netif cloneup Created clone interfaces: lo1. @@ -592,7 +592,7 @@ Inside a jail, access to the loopback address `127.0.0.1` is redirected to the f Give each jail a unique loopback address in the `127.0.0.0/8` netblock. . Install package:sysutils/ezjail[]: + -[source,bash] +[source,shell] .... # cd /usr/ports/sysutils/ezjail # make install clean @@ -607,7 +607,7 @@ ezjail_enable="YES" + . The service will automatically start on system boot. It can be started immediately for the current session: + -[source,bash] +[source,shell] .... # service ezjail start .... @@ -627,7 +627,7 @@ In both of these examples, `-p` causes the ports tree to be retrieved with man:p + For a basejail based on the FreeBSD RELEASE matching that of the host computer, use `install`. For example, on a host computer running FreeBSD 10-STABLE, the latest RELEASE version of FreeBSD -10 will be installed in the jail): + -[source,bash] +[source,shell] .... # ezjail-admin install -p .... @@ -638,7 +638,7 @@ The basejail can be installed from binaries created by `buildworld` on the host + In this example, FreeBSD 10-STABLE has been built from source. The jail directories are created. Then `installworld` is executed, installing the host's [.filename]#/usr/obj# into the basejail. + -[source,bash] +[source,shell] .... # ezjail-admin update -i -p .... @@ -677,7 +677,7 @@ New jails are created with `ezjail-admin create`. In these examples, the `lo1` l . Create the jail, specifying a name and the loopback and network interfaces to use, along with their IP addresses. In this example, the jail is named `dnsjail`. + -[source,bash] +[source,shell] .... # ezjail-admin create dnsjail 'lo1|127.0.1.1,em0|192.168.1.50' .... @@ -699,14 +699,14 @@ Do not enable raw network sockets unless services in the jail actually require t + . Start the jail: + -[source,bash] +[source,shell] .... # ezjail-admin start dnsjail .... + . Use a console on the jail: + -[source,bash] +[source,shell] .... # ezjail-admin console dnsjail .... @@ -721,7 +721,7 @@ The jail is operating and additional configuration can be completed. Typical set + Connect to the jail and set the `root` user's password: + -[source,bash] +[source,shell] .... # ezjail-admin console dnsjail # passwd @@ -762,14 +762,14 @@ Because the basejail's copy of the userland is shared by the other jails, updati To build the world from source on the host, then install it in the basejail, use: -[source,bash] +[source,shell] .... # ezjail-admin update -b .... If the world has already been compiled on the host, install it in the basejail with: -[source,bash] +[source,shell] .... # ezjail-admin update -i .... @@ -778,14 +778,14 @@ Binary updates use man:freebsd-update[8]. These updates have the same limitation Update the basejail to the latest patched release of the version of FreeBSD on the host. For example, updating from RELEASE-p1 to RELEASE-p2. -[source,bash] +[source,shell] .... # ezjail-admin update -u .... To upgrade the basejail to a new version, first upgrade the host system as described in crossref:cutting-edge[freebsdupdate-upgrade,執行主要及次要版號升級]. Once the host has been upgraded and rebooted, the basejail can then be upgraded. man:freebsd-update[8] has no way of determining which version is currently installed in the basejail, so the original version must be specified. Use man:file[1] to determine the original version in the basejail: -[source,bash] +[source,shell] .... # file /usr/jails/basejail/bin/sh /usr/jails/basejail/bin/sh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked (uses shared libs), for FreeBSD 9.3, stripped @@ -793,7 +793,7 @@ To upgrade the basejail to a new version, first upgrade the host system as descr Now use this information to perform the upgrade from `9.3-RELEASE` to the current version of the host system: -[source,bash] +[source,shell] .... # ezjail-admin update -U -s 9.3-RELEASE .... @@ -808,7 +808,7 @@ How to use man:mergemaster[8] depends on the purpose and trustworthiness of a ja ==== Delete the link from the jail's [.filename]#/usr/src# into the basejail and create a new [.filename]#/usr/src# in the jail as a mountpoint. Mount the host computer's [.filename]#/usr/src# read-only on the jail's new [.filename]#/usr/src# mountpoint: -[source,bash] +[source,shell] .... # rm /usr/jails/jailname/usr/src # mkdir /usr/jails/jailname/usr/src @@ -817,14 +817,14 @@ Delete the link from the jail's [.filename]#/usr/src# into the basejail and crea Get a console in the jail: -[source,bash] +[source,shell] .... # ezjail-admin console jailname .... Inside the jail, run `mergemaster`. Then exit the jail console: -[source,bash] +[source,shell] .... # cd /usr/src # mergemaster -U @@ -833,7 +833,7 @@ Inside the jail, run `mergemaster`. Then exit the jail console: Finally, unmount the jail's [.filename]#/usr/src#: -[source,bash] +[source,shell] .... # umount /usr/jails/jailname/usr/src .... @@ -846,7 +846,7 @@ Finally, unmount the jail's [.filename]#/usr/src#: ==== If the users and services in a jail are trusted, man:mergemaster[8] can be run from the host: -[source,bash] +[source,shell] .... # mergemaster -U -D /usr/jails/jailname .... @@ -860,7 +860,7 @@ The ports tree in the basejail is shared by the other jails. Updating that copy The basejail ports tree is updated with man:portsnap[8]: -[source,bash] +[source,shell] .... # ezjail-admin update -P .... @@ -873,7 +873,7 @@ The basejail ports tree is updated with man:portsnap[8]: ezjail automatically starts jails when the computer is started. Jails can be manually stopped and restarted with `stop` and `start`: -[source,bash] +[source,shell] .... # ezjail-admin stop sambajail Stopping jails: sambajail. @@ -881,7 +881,7 @@ Stopping jails: sambajail. By default, jails are started automatically when the host computer starts. Autostarting can be disabled with `config`: -[source,bash] +[source,shell] .... # ezjail-admin config -r norun seldomjail .... @@ -890,7 +890,7 @@ This takes effect the next time the host computer is started. A jail that is alr Enabling autostart is very similar: -[source,bash] +[source,shell] .... # ezjail-admin config -r run oftenjail .... @@ -904,7 +904,7 @@ The archive file can be copied elsewhere as a backup, or an existing jail can be Stop and archive a jail named `wwwserver`: -[source,bash] +[source,shell] .... # ezjail-admin stop wwwserver Stopping jails: wwwserver. @@ -915,7 +915,7 @@ wwwserver-201407271153.13.tar.gz Create a new jail named `wwwserver-clone` from the archive created in the previous step. Use the [.filename]#em1# interface and assign a new IP address to avoid conflict with the original: -[source,bash] +[source,shell] .... # ezjail-admin create -a /usr/jails/ezjail_archives/wwwserver-201407271153.13.tar.gz wwwserver-clone 'lo1|127.0.3.1,em1|192.168.1.51' .... @@ -943,7 +943,7 @@ cloned_interfaces="lo1" Immediately create the new loopback interface: -[source,bash] +[source,shell] .... # service netif cloneup Created clone interfaces: lo1. @@ -951,14 +951,14 @@ Created clone interfaces: lo1. Create the jail: -[source,bash] +[source,shell] .... # ezjail-admin create dns1 'lo1|127.0.2.1,re0|192.168.1.240' .... Start the jail, connect to a console running on it, and perform some basic configuration: -[source,bash] +[source,shell] .... # ezjail-admin start dns1 # ezjail-admin console dns1 @@ -981,7 +981,7 @@ nameserver 10.0.0.61 Still using the jail console, install package:dns/bind99[]. -[source,bash] +[source,shell] .... # make -C /usr/ports/dns/bind99 install clean .... @@ -1046,7 +1046,7 @@ named_enable="YES" Start and test the name server: -[source,bash] +[source,shell] .... # service named start wrote key file "/usr/local/etc/namedb/rndc.key" @@ -1056,14 +1056,14 @@ Starting named. A response that includes -[source,bash] +[source,shell] .... ;; Got answer; .... shows that the new DNS server is working. A long delay followed by a response including -[source,bash] +[source,shell] .... ;; connection timed out; no servers could be reached .... diff --git a/documentation/content/zh-tw/books/handbook/kernelconfig/_index.adoc b/documentation/content/zh-tw/books/handbook/kernelconfig/_index.adoc index b08cbd0d8b..462ad9dfcf 100644 --- a/documentation/content/zh-tw/books/handbook/kernelconfig/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/kernelconfig/_index.adoc @@ -80,7 +80,7 @@ toc::[] 核心模組會放在 [.filename]#/boot/kernel# 並且可使用 man:kldload[8] 動態載入到執行中的核心。大部份的核心驅動程式都有可載入的模組與操作手冊。例如 man:ath[4] 無線乙太網路驅動程式在其操作手冊有以下資訊: -[source,bash] +[source,shell] .... Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5): @@ -104,7 +104,7 @@ following line in loader.conf(5): 若 FreeBSD 是唯一安裝的作業系統,則可使用 man:dmesg[8] 來查看開時時系統偵測到的硬體資訊 。FreeBSD 上大多硬體驅動程式都有操作手冊會列出支援的硬體。例如,以下幾行是說 man:psm[4] 驅動程式偵測到了一隻滑鼠: -[source,bash] +[source,shell] .... psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: [GIANT-LOCKED] @@ -118,7 +118,7 @@ psm0: model Generic PS/2 mouse, device ID 0 另外,也可以透過 man:pciconf[8] 工具可用來查詢硬體資訊,該工具會列出更詳細的硬體資訊如: -[source,bash] +[source,shell] .... % pciconf -lv ath0@pci0:3:0:0: class=0x020000 card=0x058a1014 chip=0x1014168c rev=0x01 hdr=0x00 @@ -132,7 +132,7 @@ ath0@pci0:3:0:0: class=0x020000 card=0x058a1014 chip=0x1014168c rev=0x01 在 man:man[1] 指令加上 `-k` 旗標可提供有用的資訊,例如,這可列出有包含指定裝置品牌或名稱的手冊頁面清單: -[source,bash] +[source,shell] .... # man -k Atheros ath(4) - Atheros IEEE 802.11 wireless network driver @@ -152,7 +152,7 @@ ath_hal(4) - Atheros Hardware Access Layer (HAL) 請不要直接對 [.filename]#GENERIC# 檔案做編輯。複製該檔案為另一個名稱,並對複製出來的檔案做編輯,習慣上檔名會全部使用大寫字元。當維護多台安裝不同的硬體的 FreeBSD 機器時,將檔名後方加上機器的主機名稱 (Host name) 是個不錯的方法。以下範例使用 `amd64` 架構的 [.filename]#GENERIC# 設定檔建立了一個複本名稱為 [.filename]#MYKERNEL#: -[source,bash] +[source,shell] .... # cd /usr/src/sys/amd64/conf # cp GENERIC MYKERNEL @@ -177,7 +177,7 @@ ath_hal(4) - Atheros Hardware Access Layer (HAL) 或者,將核心設定檔放在其他地方,然後建立一個符號連結 (Symbolic link) 至該檔案: -[source,bash] +[source,shell] .... # cd /usr/src/sys/amd64/conf # mkdir /root/kernels @@ -206,7 +206,7 @@ options IPDIVERT ==== 要產生含有所有可用選項的設定檔,可以 `root` 執行以下指令: -[source,bash] +[source,shell] .... # cd /usr/src/sys/arch/conf && make LINT .... @@ -224,21 +224,21 @@ options IPDIVERT . 切換至此目錄: + -[source,bash] +[source,shell] .... # cd /usr/src .... + . 指定自訂核心設定檔的名稱來編譯新的核心: + -[source,bash] +[source,shell] .... # make buildkernel KERNCONF=MYKERNEL .... + . 安裝使用指定核心設定檔所編譯的新核心。此指令將會複製新核心到 [.filename]#/boot/kernel/kernel# 並將舊核心備份到 [.filename]#/boot/kernel.old/kernel#: + -[source,bash] +[source,shell] .... # make installkernel KERNCONF=MYKERNEL .... @@ -272,7 +272,7 @@ WITHOUT_MODULES = linux acpi sound `config` 失敗:: 若 `config` 失敗,會列出不正確的行號。使用以下訊息為例子,需要與 [.filename]#GENERIC# 或 [.filename]#NOTES# 比對來確認第 17 行輸入的內容正確: + -[source,bash] +[source,shell] .... config: line 17: syntax error .... @@ -290,7 +290,7 @@ config: line 17: syntax error ==== 在排除核心問題時,請確定留有 [.filename]#GENERIC# 的複本,或者其他已知可以運作的核心,並使用不同的名稱來確保下次編譯時不會被刪除,這很重要,因此每當新的核心被安裝之後,[.filename]#kernel.old# 都會被最後安裝的核心覆寫,有可能會無法開機。盡快,透過重新命名將可運作的核心目錄移動到目前運作的核心目錄: -[source,bash] +[source,shell] .... # mv /boot/kernel /boot/kernel.bad # mv /boot/kernel.good /boot/kernel diff --git a/documentation/content/zh-tw/books/handbook/l10n/_index.adoc b/documentation/content/zh-tw/books/handbook/l10n/_index.adoc index ac37bb6351..74f28a455a 100644 --- a/documentation/content/zh-tw/books/handbook/l10n/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/l10n/_index.adoc @@ -96,14 +96,14 @@ _LanguageCode_ 與 _CountryCode_ 用來表示城市及特定語言。<<locale-la 完整可用的語系清單可用以下指令查詢: -[source,bash] +[source,shell] .... % locale -a | more .... 查詢目前使用的語系設定: -[source,bash] +[source,shell] .... % locale .... @@ -184,7 +184,7 @@ german|German Users Accounts:\ 每次編輯 [.filename]#/etc/login.conf# 之後,請記得要執行以下指令來更新登入類別的能力資料庫(Capability database): -[source,bash] +[source,shell] .... # cap_mkdb /etc/login.conf .... @@ -206,28 +206,28 @@ user:password:1111:11:language:0:0:User Name:/home/user:/bin/sh 要在建立使用者時覆蓋預設的設定,可在出現此提示時輸入需要的語系: -[source,bash] +[source,shell] .... Enter login class: default []: .... 或執行 `adduser` 時指定語系: -[source,bash] +[source,shell] .... # adduser -class language .... 若使用 `pw` 來新增使用者,則可指定語系如下: -[source,bash] +[source,shell] .... # pw useradd user_name -L language .... To change the login class of an existing user, `chpass` can be used. Invoke it as superuser and provide the username to edit as the argument. -[source,bash] +[source,shell] .... # chpass user_name .... diff --git a/documentation/content/zh-tw/books/handbook/linuxemu/_index.adoc b/documentation/content/zh-tw/books/handbook/linuxemu/_index.adoc index f726e27a06..18db640d73 100644 --- a/documentation/content/zh-tw/books/handbook/linuxemu/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/linuxemu/_index.adoc @@ -75,21 +75,21 @@ Linux(TM) 程式庫預設並不會安裝,且並不會開啟 Linux(TM) Binary 在嘗試編譯 Port 前,要載入 Linux(TM) 核心模組,否則編譯會失敗: -[source,bash] +[source,shell] .... # kldload linux .... 對 64-位元的相容性: -[source,bash] +[source,shell] .... # kldload linux64 .... 確認模組已載入: -[source,bash] +[source,shell] .... % kldstat Id Refs Address Size Name @@ -99,7 +99,7 @@ Linux(TM) 程式庫預設並不會安裝,且並不會開啟 Linux(TM) Binary 在 FreeBSD 安裝基本的 Linux(TM) 程式庫和 Binary 最簡單的方式是安裝 package:emulators/linux_base-c6[] 套件或是 Port 。要安裝 Port: -[source,bash] +[source,shell] .... # pkg install emulators/linux_base-c6 .... @@ -122,7 +122,7 @@ Since the Linux(TM) binary compatibility layer has gained support for running bo 在 Linux(TM) 系統,可使用 `ldd` 來找出應用程式需要哪個共用程式庫。 例如,檢查 `linuxdoom` 需要哪個共用程式庫,在有安裝 Doom 的 Linux(TM) 系統執行這個指令: -[source,bash] +[source,shell] .... % ldd linuxdoom libXt.so.3 (DLL Jump 3.1) => /usr/X11/lib/libXt.so.3.1.0 @@ -132,7 +132,7 @@ libc.so.4 (DLL Jump 4.5pl26) => /lib/libc.so.4.6.29 然後,複製所有 Linux(TM) 系統輸出結果中最後一欄的檔案到 FreeBSD 系統的 [.filename]#/compat/linux#。 複製完後,建立符號連結 (Symbolic link) 至輸出結果第一欄的名稱。以這個例子會在 FreeBSD 系統產生以下檔案: -[source,bash] +[source,shell] .... /compat/linux/usr/X11/lib/libXt.so.3.1.0 /compat/linux/usr/X11/lib/libXt.so.3 -> libXt.so.3.1.0 @@ -146,7 +146,7 @@ libc.so.4 (DLL Jump 4.5pl26) => /lib/libc.so.4.6.29 例如,以下程式庫已存在 FreeBSD 系統: -[source,bash] +[source,shell] .... /compat/linux/lib/libc.so.4.6.27 /compat/linux/lib/libc.so.4 -> libc.so.4.6.27 @@ -154,14 +154,14 @@ libc.so.4 (DLL Jump 4.5pl26) => /lib/libc.so.4.6.29 且 `ldd` 顯示 Binary 需要使用較新的版本: -[source,bash] +[source,shell] .... libc.so.4 (DLL Jump 4.5pl26) -> libc.so.4.6.29 .... 雖然既有的程式庫只有在最後一碼過時一或兩個版本,程式應該仍可使用稍微舊的版本執行,雖然如此,保險起見還替換既有的 [.filename]#libc.so# 為較新的版本: -[source,bash] +[source,shell] .... /compat/linux/lib/libc.so.4.6.29 /compat/linux/lib/libc.so.4 -> libc.so.4.6.29 @@ -173,7 +173,7 @@ libc.so.4 (DLL Jump 4.5pl26) -> libc.so.4.6.29 ELF Binary 有時候需要額外的步驟。當執行無商標 (Unbranded) 的 ELF Binary,會產生錯誤訊息: -[source,bash] +[source,shell] .... % ./my-linux-elf-binary ELF binary type not known @@ -182,7 +182,7 @@ Abort 要協助 FreeBSD 核心區別是 FreeBSD ELF Binary 還是 Linux(TM) Binary,可使用 man:brandelf[1]: -[source,bash] +[source,shell] .... % brandelf -t Linux my-linux-elf-binary .... @@ -193,7 +193,7 @@ Abort 要安裝 Linux(TM)RPM 為基礎的應用程式,需先安裝 package:archivers/rpm4[] 套件或 Port。安裝完成之後,`root` 可以使用這個指令安裝 [.filename]#.rpm#: -[source,bash] +[source,shell] .... # cd /compat/linux # rpm2cpio < /path/to/linux.archive.rpm | cpio -id @@ -205,7 +205,7 @@ Abort 如果 DNS 無法運作或出現這個錯誤: -[source,bash] +[source,shell] .... resolv+: "bind" is an invalid keyword resolv+: "hosts" is an invalid keyword @@ -240,7 +240,7 @@ For the Linux(TM)ABI support, FreeBSD sees the magic number as an ELF binary. Th For Linux(TM) binaries to function, they must be _branded_ as type `Linux` using man:brandelf[1]: -[source,bash] +[source,shell] .... # brandelf -t Linux file .... diff --git a/documentation/content/zh-tw/books/handbook/mac/_index.adoc b/documentation/content/zh-tw/books/handbook/mac/_index.adoc index 3ba2a9caaa..16fd90a81e 100644 --- a/documentation/content/zh-tw/books/handbook/mac/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/mac/_index.adoc @@ -113,7 +113,7 @@ Using a multi label policy on a partition and establishing a multi label securit The following command will set `multilabel` on the specified UFS file system. This may only be done in single-user mode and is not a requirement for the swap file system: -[source,bash] +[source,shell] .... # tunefs -l enable / .... @@ -131,7 +131,7 @@ Virtually all aspects of label policy module configuration will be performed usi All configuration may be done using `setfmac`, which is used to set MAC labels on system objects, and `setpmac`, which is used to set the labels on system subjects. For example, to set the `biba` MAC label to `high` on [.filename]#test#: -[source,bash] +[source,shell] .... # setfmac biba/high test .... @@ -140,7 +140,7 @@ If the configuration is successful, the prompt will be returned without error. A The system administrator may use `setpmac` to override the policy module's settings by assigning a different label to the invoked process: -[source,bash] +[source,shell] .... # setfmac biba/high test Permission denied @@ -223,7 +223,7 @@ Labels may be set on network interfaces to help control the flow of data across When setting the MAC label on network interfaces, `maclabel` may be passed to `ifconfig`: -[source,bash] +[source,shell] .... # ifconfig bge0 maclabel biba/equal .... @@ -302,7 +302,7 @@ The rule list may be entered using man:ugidfw[8] which has a syntax similar to m After the man:mac_bsdextended[4] module has been loaded, the following command may be used to list the current rule configuration: -[source,bash] +[source,shell] .... # ugidfw list 0 slots, 0 rules @@ -310,14 +310,14 @@ After the man:mac_bsdextended[4] module has been loaded, the following command m By default, no rules are defined and everything is completely accessible. To create a rule which blocks all access by users but leaves `root` unaffected: -[source,bash] +[source,shell] .... # ugidfw add subject not uid root new object not uid root mode n .... While this rule is simple to implement, it is a very bad idea as it blocks all users from issuing any commands. A more realistic example blocks `user1` all access, including directory listings, to ``_user2_``'s home directory: -[source,bash] +[source,shell] .... # ugidfw set 2 subject uid user1 object uid user2 mode n # ugidfw set 3 subject uid user1 object gid user2 mode n @@ -369,7 +369,7 @@ Once loaded, this module enables the MAC policy on all sockets. The following tu By default, ports below 1024 can only be used by privileged processes which run as `root`. For man:mac_portacl[4] to allow non-privileged processes to bind to ports below 1024, set the following tunables as follows: -[source,bash] +[source,shell] .... # sysctl security.mac.portacl.port_high=1023 # sysctl net.inet.ip.portrange.reservedlow=0 @@ -378,21 +378,21 @@ By default, ports below 1024 can only be used by privileged processes which run To prevent the `root` user from being affected by this policy, set `security.mac.portacl.suser_exempt` to a non-zero value. -[source,bash] +[source,shell] .... # sysctl security.mac.portacl.suser_exempt=1 .... To allow the `www` user with UID 80 to bind to port 80 without ever needing `root` privilege: -[source,bash] +[source,shell] .... # sysctl security.mac.portacl.rules=uid:80:tcp:80 .... This next example permits the user with the UID of 1001 to bind to TCP ports 110 (POP3) and 995 (POP3s): -[source,bash] +[source,shell] .... # sysctl security.mac.portacl.rules=uid:1001:tcp:110,uid:1001:tcp:995 .... @@ -414,21 +414,21 @@ When this policy is enabled, users will only be permitted to see their processes This example adds `top` to the label set on users in the `insecure` class. All processes spawned by users in the `insecure` class will stay in the `partition/13` label. -[source,bash] +[source,shell] .... # setpmac partition/13 top .... This command displays the partition label and the process list: -[source,bash] +[source,shell] .... # ps Zax .... This command displays another user's process partition label and that user's currently running processes: -[source,bash] +[source,shell] .... # ps -ZU trhodes .... @@ -471,14 +471,14 @@ The following `sysctl` tunables are available: To manipulate MLS labels, use man:setfmac[8]. To assign a label to an object: -[source,bash] +[source,shell] .... # setfmac mls/5 test .... To get the MLS label for the file [.filename]#test#: -[source,bash] +[source,shell] .... # getfmac test .... @@ -525,7 +525,7 @@ The following tunables can be used to manipulate the Biba policy: To access the Biba policy setting on system objects, use `setfmac` and `getfmac`: -[source,bash] +[source,shell] .... # setfmac biba/low test # getfmac test @@ -555,7 +555,7 @@ This policy relies on the ubiquitous labeling of all system objects with integri Like the Biba and MLS policies, `setfmac` and `setpmac` are used to place labels on system objects: -[source,bash] +[source,shell] .... # setfmac /usr/home/trhodes lomac/high[low] # getfmac /usr/home/trhodes lomac/high[low] @@ -642,7 +642,7 @@ Then, add the following line to the default user class section: Save the edits and issue the following command to rebuild the database: -[source,bash] +[source,shell] .... # cap_mkdb /etc/login.conf .... @@ -651,14 +651,14 @@ Save the edits and issue the following command to rebuild the database: Set the `root` user to the default class using: -[source,bash] +[source,shell] .... # pw usermod root -L default .... All user accounts that are not `root` will now require a login class. The login class is required, otherwise users will be refused access to common commands. The following `sh` script should do the trick: -[source,bash] +[source,shell] .... # for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' \ /etc/passwd`; do pw usermod $x -L default; done; @@ -666,7 +666,7 @@ All user accounts that are not `root` will now require a login class. The login Next, drop the `nagios` and `www` accounts into the insecure class: -[source,bash] +[source,shell] .... # pw usermod nagios -L insecure # pw usermod www -L insecure @@ -709,7 +709,7 @@ This policy enforces security by setting restrictions on the flow of information This file will be read after running `setfsmac` on every file system. This example sets the policy on the root file system: -[source,bash] +[source,shell] .... # setfsmac -ef /etc/policy.contexts / .... @@ -748,7 +748,7 @@ First, ensure that the web server and Nagios will not be started on system initi If all seems well, Nagios, Apache, and Sendmail can now be started: -[source,bash] +[source,shell] .... # cd /etc/mail && make stop && \ setpmac biba/equal make start && setpmac biba/10\(10-10\) apachectl start && \ @@ -761,7 +761,7 @@ Double check to ensure that everything is working properly. If not, check the lo ==== The `root` user can still change the security enforcement and edit its configuration files. The following command will permit the degradation of the security policy to a lower grade for a newly spawned shell: -[source,bash] +[source,shell] .... # setpmac biba/10 csh .... diff --git a/documentation/content/zh-tw/books/handbook/mail/_index.adoc b/documentation/content/zh-tw/books/handbook/mail/_index.adoc index 1fe498898f..b344860205 100644 --- a/documentation/content/zh-tw/books/handbook/mail/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/mail/_index.adoc @@ -102,7 +102,7 @@ In addition to mapping hostnames to IP addresses, DNS is responsible for storing + To view the MX records for a domain, specify the type of record. Refer to man:host[1], for more details about this command: + -[source,bash] +[source,shell] .... % host -t mx FreeBSD.org FreeBSD.org mail is handled by 10 mx1.FreeBSD.org @@ -146,7 +146,7 @@ To configure the access database, use the format shown in the sample to make ent + Whenever this file is updated, update its database and restart Sendmail: + -[source,bash] +[source,shell] .... # makemap hash /etc/mail/access < /etc/mail/access # service sendmail restart @@ -188,7 +188,7 @@ postmaster@example.com postmaster@noc.example.net + This file is processed in a first match order. When an email address matches the address on the left, it is mapped to the local mailbox listed on the right. The format of the first entry in this example maps a specific email address to a local mailbox, whereas the format of the second entry maps a specific email address to a remote mailbox. Finally, any email address from `example.com` which has not matched any of the previous entries will match the last mapping and be sent to the local mailbox `joe`. When creating custom entries, use this format and add them to [.filename]#/etc/mail/virtusertable#. Whenever this file is edited, update its database and restart Sendmail: + -[source,bash] +[source,shell] .... # makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable # service sendmail restart @@ -252,7 +252,7 @@ More information on Sendmail's startup options is available in man:rc.sendmail[8 When a new MTA is installed using the Ports Collection, its startup script is also installed and startup instructions are mentioned in its package message. Before starting the new MTA, stop the running Sendmail processes. This example stops all of these services, then starts the Postfix service: -[source,bash] +[source,shell] .... # service sendmail stop # service postfix start @@ -432,7 +432,7 @@ Either of the above will allow mail to be received directly at the host. Try this: -[source,bash] +[source,shell] .... # hostname example.FreeBSD.org @@ -444,7 +444,7 @@ In this example, mail sent directly to mailto:yourlogin@example.FreeBSD.org[your For this example: -[source,bash] +[source,shell] .... # host example.FreeBSD.org example.FreeBSD.org has address 204.216.27.XX @@ -516,7 +516,7 @@ Additionally, a typical Internet access service agreement may forbid one from ru The easiest way to fulfill those needs is to install the package:mail/ssmtp[] port: -[source,bash] +[source,shell] .... # cd /usr/ports/mail/ssmtp # make install replace clean @@ -622,7 +622,7 @@ saslauthd_enable="YES" + Finally, start the saslauthd daemon: + -[source,bash] +[source,shell] .... # service saslauthd start .... @@ -640,7 +640,7 @@ SENDMAIL_LDADD=-lsasl2 These lines provide Sendmail the proper configuration options for linking to package:cyrus-sasl2[] at compile time. Make sure that package:cyrus-sasl2[] has been installed before recompiling Sendmail. . Recompile Sendmail by executing the following commands: + -[source,bash] +[source,shell] .... # cd /usr/src/lib/libsmutil # make cleandir && make obj && make @@ -682,14 +682,14 @@ Although `mail` does not natively support interaction with POP or IMAP servers, In order to send and receive email, run `mail`: -[source,bash] +[source,shell] .... % mail .... The contents of the user's mailbox in [.filename]#/var/mail# are automatically read by `mail`. Should the mailbox be empty, the utility exits with a message indicating that no mail could be found. If mail exists, the application interface starts, and a list of messages will be displayed. Messages are automatically numbered, as can be seen in the following example: -[source,bash] +[source,shell] .... Mail version 8.1 6/6/93. Type ? for help. "/var/mail/marcs": 3 messages 3 new @@ -700,7 +700,7 @@ Mail version 8.1 6/6/93. Type ? for help. Messages can now be read by typing kbd:[t] followed by the message number. This example reads the first email: -[source,bash] +[source,shell] .... & t 1 Message 1: @@ -719,7 +719,7 @@ As seen in this example, the message will be displayed with full headers. To dis If the email requires a reply, press either kbd:[R] or kbd:[r]`mail` keys. kbd:[R] instructs `mail` to reply only to the sender of the email, while kbd:[r] replies to all other recipients of the message. These commands can be suffixed with the mail number of the message to reply to. After typing the response, the end of the message should be marked by a single kbd:[.] on its own line. An example can be seen below: -[source,bash] +[source,shell] .... & R 1 To: root@localhost @@ -732,7 +732,7 @@ EOT In order to send a new email, press kbd:[m], followed by the recipient email address. Multiple recipients may be specified by separating each address with the kbd:[,] delimiter. The subject of the message may then be entered, followed by the message contents. The end of the message should be specified by putting a single kbd:[.] on its own line. -[source,bash] +[source,shell] .... & mail root@localhost Subject: I mastered mail @@ -764,7 +764,7 @@ Refer to http://www.mutt.org[http://www.mutt.org] for more information on mutt. mutt may be installed using the package:mail/mutt[] port. After the port has been installed, mutt can be started by issuing the following command: -[source,bash] +[source,shell] .... % mutt .... @@ -803,7 +803,7 @@ alpine has had several remote vulnerabilities discovered in the past, which allo The current version of alpine may be installed using the package:mail/alpine[] port. Once the port has installed, alpine can be started by issuing the following command: -[source,bash] +[source,shell] .... % alpine .... @@ -844,7 +844,7 @@ fetchmail is a full-featured IMAP and POP client. It allows users to automatical This section explains some of the basic features of fetchmail. This utility requires a [.filename]#.fetchmailrc# configuration in the user's home directory in order to run correctly. This file includes server information as well as login credentials. Due to the sensitive nature of the contents of this file, it is advisable to make it readable only by the user, with the following command: -[source,bash] +[source,shell] .... % chmod 600 .fetchmailrc .... @@ -869,7 +869,7 @@ user "john", with password "XXXXX", is "myth" here; fetchmail can be run in daemon mode by running it with `-d`, followed by the interval (in seconds) that fetchmail should poll servers listed in [.filename]#.fetchmailrc#. The following example configures fetchmail to poll every 600 seconds: -[source,bash] +[source,shell] .... % fetchmail -d 600 .... diff --git a/documentation/content/zh-tw/books/handbook/mirrors/_index.adoc b/documentation/content/zh-tw/books/handbook/mirrors/_index.adoc index dcec65100e..0e16954cc1 100644 --- a/documentation/content/zh-tw/books/handbook/mirrors/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/mirrors/_index.adoc @@ -410,7 +410,7 @@ Subversion 只是一套開發人員工具。一般使用者可能會較喜歡使 安裝 package:security/ca_root_nss[] 可讓 Subversion 能夠驗証 HTTPS 檔案庫伺服器的身份。root SSL 憑証可從 Port 安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/security/ca_root_nss # make install clean @@ -418,7 +418,7 @@ Subversion 只是一套開發人員工具。一般使用者可能會較喜歡使 或從套件: -[source,bash] +[source,shell] .... # pkg install ca_root_nss .... @@ -437,7 +437,7 @@ Subversion 只是一套開發人員工具。一般使用者可能會較喜歡使 Subversion 可從 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/devel/subversion # make install clean @@ -445,7 +445,7 @@ Subversion 可從 Port 套件集安裝: Subversion 也可以以套件安裝: -[source,bash] +[source,shell] .... # pkg install subversion .... @@ -467,7 +467,7 @@ Subversion 使用 URL 來指定檔案庫,使用的格式為 _protocol://hostna 使用指令從指定的檔案庫取出 (Checkout) 原始碼如下: -[source,bash] +[source,shell] .... # svn checkout https://svn.FreeBSD.org/repository/branch lwcdir .... @@ -480,7 +480,7 @@ where: 以下範例會使用 HTTPS 協定從 FreeBSD 的檔案庫取出 Port 套件集,並將本地工作複本放置於 [.filename]#/usr/ports#。若 [.filename]#/usr/ports# 已存在,且不是由 `svn` 所建立的,記得要在取出之前重新命名或刪除。 -[source,bash] +[source,shell] .... # svn checkout https://svn.FreeBSD.org/ports/head /usr/ports .... @@ -489,14 +489,14 @@ where: 首次取出之後,往後要更新本地工作複本可以執行: -[source,bash] +[source,shell] .... # svn update lwcdir .... 要更新上述範例所建立的 [.filename]#/usr/ports# 可執行: -[source,bash] +[source,shell] .... # svn update /usr/ports .... @@ -505,7 +505,7 @@ where: 另一種在取出之後更新本地工作複本的方式是透過 [.filename]#/usr/ports#, [.filename]#/usr/src# 以及 [.filename]#/usr/doc# 目錄所提供的 [.filename]#Makefile#。設定 `SVN_UPDATE` 並使用 `update` 目標。例如要更新 [.filename]#/usr/src#: -[source,bash] +[source,shell] .... # cd /usr/src # make update SVN_UPDATE=yes diff --git a/documentation/content/zh-tw/books/handbook/multimedia/_index.adoc b/documentation/content/zh-tw/books/handbook/multimedia/_index.adoc index f9d494bcf6..54046b3cc0 100644 --- a/documentation/content/zh-tw/books/handbook/multimedia/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/multimedia/_index.adoc @@ -78,7 +78,7 @@ FreeBSD 也能播放一般的視訊檔和 DVD。 FreeBSD Port 套件集中含有 要使用音效裝置,必須要載入正確的驅動程式才行。最簡單方式就是以 man:kldload[8] 來載入核心模組。以下範例示範載入 Intel 規格內建的音效晶片驅動程式: -[source,bash] +[source,shell] .... # kldload snd_hda .... @@ -92,7 +92,7 @@ snd_hda_load="YES" 其他可用的音效卡模組清單列於 [.filename]#/boot/defaults/loader.conf#。當不確認要使用何種驅動程式時,可載入 [.filename]#snd_driver# 模組: -[source,bash] +[source,shell] .... # kldload snd_driver .... @@ -149,7 +149,7 @@ The settings shown above are the defaults. In some cases, the IRQ or other setti After loading the required module or rebooting into the custom kernel, the sound card should be detected. To confirm, run `dmesg | grep pcm`. This example is from a system with a built-in Conexant CX20590 chipset: -[source,bash] +[source,shell] .... pcm0: <NVIDIA (0x001c) (HDMI/DP 8ch)> at nid 5 on hdaa0 pcm1: <NVIDIA (0x001c) (HDMI/DP 8ch)> at nid 6 on hdaa0 @@ -158,7 +158,7 @@ pcm2: <Conexant CX20590 (Analog 2.0+HP/2.0)> at nid 31,25 and 35,27 on hdaa1 The status of the sound card may also be checked using this command: -[source,bash] +[source,shell] .... # cat /dev/sndstat FreeBSD Audio Driver (newpcm: 64bit 2009061500/amd64) @@ -172,7 +172,7 @@ The output will vary depending upon the sound card. If no [.filename]#pcm# devic If all goes well, the sound card should now work in FreeBSD. If the CD or DVD drive is properly connected to the sound card, one can insert an audio CD in the drive and play it with man:cdcontrol[1]: -[source,bash] +[source,shell] .... % cdcontrol -f /dev/acd0 play 1 .... @@ -187,7 +187,7 @@ Various applications, such as package:audio/workman[], provide a friendlier inte Another quick way to test the card is to send data to [.filename]#/dev/dsp#: -[source,bash] +[source,shell] .... % cat filename > /dev/dsp .... @@ -206,28 +206,28 @@ Connecting to a Bluetooth device is out of scope for this chapter. Refer to cros To get Bluetooth sound sink working with FreeBSD's sound system, users have to install package:audio/virtual_oss[] first: -[source,bash] +[source,shell] .... # pkg install virtual_oss .... package:audio/virtual_oss[] requires `cuse` to be loaded into the kernel: -[source,bash] +[source,shell] .... # kldload cuse .... To load `cuse` during system startup, run this command: -[source,bash] +[source,shell] .... # sysrc -f /boot/loader.conf cuse_load=yes .... To use headphones as a sound sink with package:audio/virtual_oss[], users need to create a virtual device after connecting to a Bluetooth audio device: -[source,bash] +[source,shell] .... # virtual_oss -C 2 -c 2 -r 48000 -b 16 -s 768 -R /dev/null -P /dev/bluetooth/headphones -d dsp .... @@ -297,7 +297,7 @@ pcm7: <HDA Realtek ALC889 PCM #3 Digital> at cad 2 nid 1 on hdac1 In this example, the graphics card (`NVidia`) has been enumerated before the sound card (`Realtek ALC889`). To use the sound card as the default playback device, change `hw.snd.default_unit` to the unit that should be used for playback: -[source,bash] +[source,shell] .... # sysctl hw.snd.default_unit=n .... @@ -316,7 +316,7 @@ It is often desirable to have multiple sources of sound that are able to play si Three man:sysctl[8] knobs are available for configuring virtual channels: -[source,bash] +[source,shell] .... # sysctl dev.pcm.0.play.vchans=4 # sysctl dev.pcm.0.rec.vchans=4 @@ -355,7 +355,7 @@ A popular graphical MP3 player is Audacious. It supports Winamp skins and additi The package:audio/mpg123[] package or port provides an alternative, command-line MP3 player. Once installed, specify the MP3 file to play on the command line. If the system has multiple audio devices, the sound device can also be specified: -[source,bash] +[source,shell] .... # mpg123 -a /dev/dsp1.0 Foobar-GreatestHits.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layers 1, 2 and 3 @@ -377,7 +377,7 @@ The `cdda2wav` tool, which is installed with the package:sysutils/cdrtools[] sui With the audio CD in the drive, the following command can be issued as `root` to rip an entire CD into individual, per track, WAV files: -[source,bash] +[source,shell] .... # cdda2wav -D 0,1,0 -B .... @@ -386,21 +386,21 @@ In this example, the `-D _0,1,0_` indicates the SCSI device [.filename]#0,1,0# c To rip individual tracks, use `-t` to specify the track: -[source,bash] +[source,shell] .... # cdda2wav -D 0,1,0 -t 7 .... To rip a range of tracks, such as track one to seven, specify a range: -[source,bash] +[source,shell] .... # cdda2wav -D 0,1,0 -t 1+7 .... To rip from an ATAPI (IDE) CDROM drive, specify the device name in place of the SCSI unit numbers. For example, to rip track 7 from an IDE drive: -[source,bash] +[source,shell] .... # cdda2wav -D /dev/acd0 -t 7 .... @@ -414,7 +414,7 @@ Lame is a popular MP3 encoder which can be installed from the package:audio/lame The following command will convert the ripped WAV file [.filename]#audio01.wav# to [.filename]#audio01.mp3#: -[source,bash] +[source,shell] .... # lame -h -b 128 --tt "Foo Song Title" --ta "FooBar Artist" --tl "FooBar Album" \ --ty "2014" --tc "Ripped and encoded by Foo" --tg "Genre" audio01.wav audio01.mp3 @@ -426,7 +426,7 @@ In order to burn an audio CD from MP3s, they must first be converted to a non-co To convert [.filename]#audio01.mp3# using mpg123, specify the name of the PCM file: -[source,bash] +[source,shell] .... # mpg123 -s audio01.mp3 > audio01.pcm .... @@ -449,7 +449,7 @@ To use XMMS to convert a MP3 to WAV format, use these steps: Both the WAV and PCM formats can be used with cdrecord. When using WAV files, there will be a small tick sound at the beginning of each track. This sound is the header of the WAV file. The package:audio/sox[] port or package can be used to remove the header: -[source,bash] +[source,shell] .... % sox -t wav -r 44100 -s -w -c 2 track.wav track.raw .... @@ -463,7 +463,7 @@ Before configuring video playback, determine the model and chipset of the video It is a good idea to have a short MPEG test file for evaluating various players and options. Since some DVD applications look for DVD media in [.filename]#/dev/dvd# by default, or have this device name hardcoded in them, it might be useful to make a symbolic link to the proper device: -[source,bash] +[source,shell] .... # ln -sf /dev/cd0 /dev/dvd .... @@ -503,14 +503,14 @@ Common video interfaces include: To check whether this extension is running, use `xvinfo`: -[source,bash] +[source,shell] .... % xvinfo .... XVideo is supported for the card if the result is similar to: -[source,bash] +[source,shell] .... X-Video Extension version 2.2 screen #0 @@ -586,7 +586,7 @@ The formats listed, such as YUV2 and YUV12, are not present with every implement If the result instead looks like: -[source,bash] +[source,shell] .... X-Video Extension version 2.2 screen #0 @@ -617,27 +617,27 @@ This section describes only a few common uses. Refer to mplayer(1) for a complet To play the file [.filename]#testfile.avi#, specify the video interfaces with `-vo`, as seen in the following examples: -[source,bash] +[source,shell] .... % mplayer -vo xv testfile.avi .... -[source,bash] +[source,shell] .... % mplayer -vo sdl testfile.avi .... -[source,bash] +[source,shell] .... % mplayer -vo x11 testfile.avi .... -[source,bash] +[source,shell] .... # mplayer -vo dga testfile.avi .... -[source,bash] +[source,shell] .... # mplayer -vo 'sdl:dga' testfile.avi .... @@ -646,7 +646,7 @@ It is worth trying all of these options, as their relative performance depends o To play a DVD, replace [.filename]#testfile.avi# with `dvd://_N_ -dvd-device _DEVICE_`, where _N_ is the title number to play and _DEVICE_ is the device node for the DVD. For example, to play title 3 from [.filename]#/dev/dvd#: -[source,bash] +[source,shell] .... # mplayer -vo xv dvd://3 -dvd-device /dev/dvd .... @@ -671,7 +671,7 @@ zoom=yes `mplayer` can be used to rip a DVD title to a [.filename]#.vob#. To dump the second title from a DVD: -[source,bash] +[source,shell] .... # mplayer -dumpstream -dumpfile out.vob dvd://2 -dvd-device /dev/dvd .... @@ -684,7 +684,7 @@ Before using `mencoder`, it is a good idea to become familiar with the options d Here is an example of a simple copy: -[source,bash] +[source,shell] .... % mencoder input.avi -oac copy -ovc copy -o output.avi .... @@ -693,7 +693,7 @@ To rip to a file, use `-dumpfile` with `mplayer`. To convert [.filename]#input.avi# to the MPEG4 codec with MPEG3 audio encoding, first install the package:audio/lame[] port. Due to licensing restrictions, a package is not available. Once installed, type: -[source,bash] +[source,shell] .... % mencoder input.avi -oac mp3lame -lameopts br=192 \ -ovc lavc -lavcopts vcodec=mpeg4:vhq -o output.avi @@ -714,7 +714,7 @@ By default, the xine player starts a graphical user interface. The menus can the Alternatively, xine may be invoked from the command line by specifying the name of the file to play: -[source,bash] +[source,shell] .... % xine -g -p mymovie.avi .... @@ -730,7 +730,7 @@ In FreeBSD, Transcode can be installed using the package:multimedia/transcode[] This example demonstrates how to convert a DivX file into a PAL MPEG-1 file (PAL VCD): -[source,bash] +[source,shell] .... % transcode -i input.avi -V --export_prof vcd-pal -o output_vcd % mplex -f 1 -o output_vcd.mpg output_vcd.m1v output_vcd.mpa @@ -789,7 +789,7 @@ options OVERRIDE_TUNER=6 或使用 man:sysctl[8]: -[source,bash] +[source,shell] .... # sysctl hw.bt848.tuner=6 @@ -832,14 +832,14 @@ The https://wiki.freebsd.org/HTPC[wiki.freebsd.org/HTPC] page contains a list of 要使用 Binary 套件安裝 MythTV 可: -[source,bash] +[source,shell] .... # pkg install mythtv .... 或從 Port 套件集安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/multimedia/mythtv # make install @@ -847,21 +847,21 @@ The https://wiki.freebsd.org/HTPC[wiki.freebsd.org/HTPC] page contains a list of Once installed, set up the MythTV database: -[source,bash] +[source,shell] .... # mysql -uroot -p < /usr/local/shared/mythtv/database/mc.sql .... Then, configure the backend: -[source,bash] +[source,shell] .... # mythtv-setup .... Finally, start the backend: -[source,bash] +[source,shell] .... # sysrc mythbackend_enable=yes # service mythbackend start @@ -891,7 +891,7 @@ device ehci To determine if the USB scanner is detected, plug it in and use `dmesg` to determine whether the scanner appears in the system message buffer. If it does, it should display a message similar to this: -[source,bash] +[source,shell] .... ugen0.2: <EPSON> at usbus0 .... @@ -908,7 +908,7 @@ device pass Verify that the device is displayed in the system message buffer: -[source,bash] +[source,shell] .... pass2 at aic0 bus 0 target 2 lun 0 pass2: <AGFA SNAPSCAN 600 1.10> Fixed Scanner SCSI-2 device @@ -917,7 +917,7 @@ pass2: 3.300MB/s transfers If the scanner was not powered-on at system boot, it is still possible to manually force detection by performing a SCSI bus scan with `camcontrol`: -[source,bash] +[source,shell] .... # camcontrol rescan all Re-scan of bus 0 was successful @@ -928,7 +928,7 @@ Re-scan of bus 3 was successful The scanner should now appear in the SCSI devices list: -[source,bash] +[source,shell] .... # camcontrol devlist <IBM DDRS-34560 S97B> at scbus0 target 5 lun 0 (pass0,da0) @@ -945,14 +945,14 @@ The SANE system is split in two parts: the backends (package:graphics/sane-backe 要由 Binary 套件安裝這兩個部份可: -[source,bash] +[source,shell] .... # pkg install xsane sane-frontends .... 或由 Port 套件集安裝 -[source,bash] +[source,shell] .... # cd /usr/ports/graphics/sane-frontends # make install clean @@ -962,7 +962,7 @@ The SANE system is split in two parts: the backends (package:graphics/sane-backe After installing the package:graphics/sane-backends[] port or package, use `sane-find-scanner` to check the scanner detection by the SANE system: -[source,bash] +[source,shell] .... # sane-find-scanner -q found SCSI scanner "AGFA SNAPSCAN 600 1.10" at /dev/pass3 @@ -977,7 +977,7 @@ Some USB scanners require firmware to be loaded. Refer to sane-find-scanner(1) a Next, check if the scanner will be identified by a scanning frontend. The SANE backends include `scanimage` which can be used to list the devices and perform an image acquisition. Use `-L` to list the scanner devices. The first example is for a SCSI scanner and the second is for a USB scanner: -[source,bash] +[source,shell] .... # scanimage -L device `snapscan:/dev/pass3' is a AGFA SNAPSCAN 600 flatbed scanner @@ -989,7 +989,7 @@ In this second example, `'epson2:libusb:/dev/usb:/dev/ugen0.2'` is the backend n If `scanimage` is unable to identify the scanner, this message will appear: -[source,bash] +[source,shell] .... # scanimage -L @@ -1008,7 +1008,7 @@ usb /dev/ugen0.2 Save the edits and verify that the scanner is identified with the right backend name and the device node: -[source,bash] +[source,shell] .... # scanimage -L device 'epson2:libusb:/dev/usb:/dev/ugen0.2' is a Epson GT-8200 flatbed scanner @@ -1026,7 +1026,7 @@ In order to have access to the scanner, a user needs read and write permissions This example creates a group called `_usb_`: -[source,bash] +[source,shell] .... # pw groupadd usb .... @@ -1042,7 +1042,7 @@ add path usb/0.2.0 mode 0666 group usb Finally, add the users to `_usb_` in order to allow access to the scanner: -[source,bash] +[source,shell] .... # pw groupmod usb -m joe .... diff --git a/documentation/content/zh-tw/books/handbook/network-servers/_index.adoc b/documentation/content/zh-tw/books/handbook/network-servers/_index.adoc index 2ea94d9cfc..c7b67b941d 100644 --- a/documentation/content/zh-tw/books/handbook/network-servers/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/network-servers/_index.adoc @@ -93,7 +93,7 @@ inetd_enable="YES" To start inetd now, so that it listens for the service you configured, type: -[source,bash] +[source,shell] .... # service inetd start .... @@ -105,7 +105,7 @@ Once inetd is started, it needs to be notified whenever a modification is made t [example] ==== -[source,bash] +[source,shell] .... # service inetd reload .... @@ -332,14 +332,14 @@ mountd_flags="-r" The server can be started now by running this command: -[source,bash] +[source,shell] .... # service nfsd start .... Whenever the NFS server is started, mountd also starts automatically. However, mountd only reads [.filename]#/etc/exports# when it is started. To make subsequent [.filename]#/etc/exports# edits take effect immediately, force mountd to reread it: -[source,bash] +[source,shell] .... # service mountd reload .... @@ -355,14 +355,14 @@ nfs_client_enable="YES" Then, run this command on each NFS client: -[source,bash] +[source,shell] .... # service nfsclient start .... The client now has everything it needs to mount a remote file system. In these examples, the server's name is `server` and the client's name is `client`. To mount [.filename]#/home# on `server` to the [.filename]#/mnt# mount point on `client`: -[source,bash] +[source,shell] .... # mount server:/home /mnt .... @@ -390,7 +390,7 @@ rpc_statd_enable="YES" Then start the applications: -[source,bash] +[source,shell] .... # service lockd start # service statd start @@ -410,7 +410,7 @@ This daemon provides an alternative to modifying [.filename]#/etc/fstab# to list ==== In this example, `showmount -e` shows the exported file systems that can be mounted from the NFS server, `foobar`: -[source,bash] +[source,shell] .... % showmount -e foobar Exports list on foobar: @@ -432,7 +432,7 @@ amd_enable="YES" To start amd now: -[source,bash] +[source,shell] .... # service amd start .... @@ -471,7 +471,7 @@ There is a special automounter map mounted on [.filename]#/net#. When a file is ==== In this example, `showmount -e` shows the exported file systems that can be mounted from the NFS server, `foobar`: -[source,bash] +[source,shell] .... % showmount -e foobar Exports list on foobar: @@ -493,7 +493,7 @@ autofs_enable="YES" Then man:autofs[5] can be started by running: -[source,bash] +[source,shell] .... # service automount start # service automountd start @@ -636,7 +636,7 @@ nis_client_flags="-S NIS domain,server" After saving the edits, type `/etc/netstart` to restart the network and apply the values defined in [.filename]#/etc/rc.conf#. Before initializing the NIS maps, start man:ypserv[8]: -[source,bash] +[source,shell] .... # service ypserv start .... @@ -645,7 +645,7 @@ After saving the edits, type `/etc/netstart` to restart the network and apply th NIS maps are generated from the configuration files in [.filename]#/etc# on the NIS master, with one exception: [.filename]#/etc/master.passwd#. This is to prevent the propagation of passwords to all the servers in the NIS domain. Therefore, before the NIS maps are initialized, configure the primary password files: -[source,bash] +[source,shell] .... # cp /etc/master.passwd /var/yp/master.passwd # cd /var/yp @@ -661,7 +661,7 @@ Ensure that the [.filename]#/var/yp/master.passwd# is neither group or world rea After completing this task, initialize the NIS maps. FreeBSD includes the man:ypinit[8] script to do this. When generating maps for the master server, include `-m` and specify the NIS domain name: -[source,bash] +[source,shell] .... ellington# ypinit -m test-domain Server Type: MASTER Domain: test-domain @@ -699,7 +699,7 @@ NOPUSH = "True" Every time a new user is created, the user account must be added to the master NIS server and the NIS maps rebuilt. Until this occurs, the new user will not be able to login anywhere except on the NIS master. For example, to add the new user `jsmith` to the `test-domain` domain, run these commands on the master server: -[source,bash] +[source,shell] .... # pw useradd jsmith # cd /var/yp @@ -712,7 +712,7 @@ The user could also be added using `adduser jsmith` instead of `pw useradd smith To set up an NIS slave server, log on to the slave server and edit [.filename]#/etc/rc.conf# as for the master server. Do not generate any NIS maps, as these already exist on the master server. When running `ypinit` on the slave server, use `-s` (for slave) instead of `-m` (for master). This option requires the name of the NIS master in addition to the domain name, as seen in this example: -[source,bash] +[source,shell] .... coltrane# ypinit -s ellington test-domain @@ -820,7 +820,7 @@ This line configures the client to provide anyone with a valid account in the NI To start the NIS client immediately, execute the following commands as the superuser: -[source,bash] +[source,shell] .... # /etc/netstart # service ypbind start @@ -859,7 +859,7 @@ In this example, the `basie` system is a faculty workstation within the NIS doma To prevent specified users from logging on to a system, even if they are present in the NIS database, use `vipw` to add `-_username_` with the correct number of colons towards the end of [.filename]#/etc/master.passwd# on the client, where _username_ is the username of a user to bar from logging in. The line with the blocked user must be before the `+` line that allows NIS users. In this example, `bill` is barred from logging on to `basie`: -[source,bash] +[source,shell] .... basie# cat /etc/master.passwd root:[password]:0:0::0:0:The super-user:/root:/bin/csh @@ -969,7 +969,7 @@ Repeat this process if more than 225 (15 times 15) users exist within a single n To activate and distribute the new NIS map: -[source,bash] +[source,shell] .... ellington# cd /var/yp ellington# make @@ -977,7 +977,7 @@ ellington# make This will generate the three NIS maps [.filename]#netgroup#, [.filename]#netgroup.byhost# and [.filename]#netgroup.byuser#. Use the map key option of man:ypcat[1] to check if the new NIS maps are available: -[source,bash] +[source,shell] .... ellington% ypcat -k netgroup ellington% ypcat -k netgroup.byhost @@ -1111,7 +1111,7 @@ In this example, the system is using the DES format. Other possible values are ` If the format on a host needs to be edited to match the one being used in the NIS domain, the login capability database must be rebuilt after saving the change: -[source,bash] +[source,shell] .... # cap_mkdb /etc/login.conf .... @@ -1134,7 +1134,7 @@ LDAP 使用了數個術語在開始設置之前必須先了解。所有的目錄 LDAP 項目的例子如下。這個例子會搜尋指定使用者帳號 (`uid`)、組織單位 (`ou`) 及組織的項目 (`o`): -[source,bash] +[source,shell] .... % ldapsearch -xb "uid=trhodes,ou=users,o=example.com" # extended LDIF @@ -1169,7 +1169,7 @@ result: 0 Success FreeBSD 並未提供內建的 LDAP 伺服器,要開始設定前請先安裝 package:net/openldap-server[] 套件或 Port: -[source,bash] +[source,shell] .... # pkg install openldap-server .... @@ -1178,14 +1178,14 @@ FreeBSD 並未提供內建的 LDAP 伺服器,要開始設定前請先安裝 pa 安裝程序會建立目錄 [.filename]#/var/db/openldap-data# 來儲存資料,同時需要建立儲存憑證的目錄: -[source,bash] +[source,shell] .... # mkdir /usr/local/etc/openldap/private .... 接下來是設定憑証機構 (Certificate authority)。以下指令必須在 [.filename]#/usr/local/etc/openldap/private# 下執行,這很重要是由於檔案權限須要被限制且其他使用者不應有這些檔案的存取權限,更多有關憑証的詳細資訊以及相關的參數可在 crossref:security[openssl,OpenSSL] 中找到。要建立憑証授權,需先輸人這個指令並依提示操作: -[source,bash] +[source,shell] .... # openssl req -days 365 -nodes -new -x509 -keyout ca.key -out ../ca.crt .... @@ -1194,21 +1194,21 @@ FreeBSD 並未提供內建的 LDAP 伺服器,要開始設定前請先安裝 pa 接下來的工作是建立一個伺服器的憑証簽署請求與一個私鑰。請輸入以下指令然後依提示操作: -[source,bash] +[source,shell] .... # openssl req -days 365 -nodes -new -keyout server.key -out server.csr .... 在憑証產生程序的過程中請確認 `Common Name` 屬性設定正確。憑証簽署請求 (Certificate Signing Request) 必須經過憑証機構簽署後才會成為有效的憑証: -[source,bash] +[source,shell] .... # openssl x509 -req -days 365 -in server.csr -out ../server.crt -CA ../ca.crt -CAkey ca.key -CAcreateserial .... 在憑証產生程序的最後一步是產生並簽署客戶端憑証: -[source,bash] +[source,shell] .... # openssl req -days 365 -nodes -new -keyout client.key -out client.csr # openssl x509 -req -days 3650 -in client.csr -out ../client.crt -CA ../ca.crt -CAkey ca.key @@ -1361,28 +1361,28 @@ olcDbIndex: objectClass eq 當設定完成之後,需將 [.filename]#slapd.ldif# 放在一個空的目錄當中,建議如以下方式建立: -[source,bash] +[source,shell] .... # mkdir /usr/local/etc/openldap/slapd.d/ .... 匯入設定資料庫: -[source,bash] +[source,shell] .... # /usr/local/sbin/slapadd -n0 -F /usr/local/etc/openldap/slapd.d/ -l /usr/local/etc/openldap/slapd.ldif .... 啟動 [.filename]#slapd# Daemon: -[source,bash] +[source,shell] .... # /usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d/ .... 選項 `-d` 可以用來除錯使用,如同 slapd(8) 中所說明的,若要檢驗伺服器是否正常執行與運作可以: -[source,bash] +[source,shell] .... # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts # extended LDIF @@ -1407,21 +1407,21 @@ result: 0 Success 伺服器端仍必須受到信任,若在此之前未做過這個動作,請依照以下指示操作。安裝 OpenSSL 套件或 Port: -[source,bash] +[source,shell] .... # pkg install openssl .... 進入 [.filename]#ca.crt# 所在的目錄 (以這邊使用的例子來說則是 [.filename]#/usr/local/etc/openldap#),執行: -[source,bash] +[source,shell] .... # c_rehash . .... 現在 CA 與伺服器憑証可以依其用途被辨識,可進入 [.filename]#server.crt# 所在的目錄執行以下指令來檢查: -[source,bash] +[source,shell] .... # openssl verify -verbose -CApath . server.crt .... @@ -1441,7 +1441,7 @@ slapd_cn_config="YES" 以下範例會新增群組 `team` 及使用者 `john` 到 `domain.example` LDAP 資料庫,而該資料庫目前是空的。首先要先建立 [.filename]#domain.ldif# 檔: -[source,bash] +[source,shell] .... # cat domain.ldif dn: dc=domain,dc=example @@ -1482,14 +1482,14 @@ userPassword: secret 請查看 OpenLDAP 說明文件取得更詳細的資訊,使用 [.filename]#slappasswd# 來將純文字的密碼 `secret` 更改為已編碼的型式來填寫 `userPassword` 欄位。在 `loginShell` 所指定的路徑,必須在所有可讓 `john` 登入的系統中存在。最後是使用 `mdb` 管理者修改資料庫: -[source,bash] +[source,shell] .... # ldapadd -W -D "cn=mdbadmin,dc=domain,dc=example" -f domain.ldif .... 要修改__全域設定__只能使用全域的超及使用者。例如,假設一開始採用了 `olcTLSCipherSuite: HIGH:MEDIUM:SSLv3` 選項,但最後想要把它移除,可以建立一個有以下內容的檔案: -[source,bash] +[source,shell] .... # cat global_mod dn: cn=config @@ -1499,7 +1499,7 @@ delete: olcTLSCipherSuite 然後套用修改內容: -[source,bash] +[source,shell] .... # ldapmodify -f global_mod -x -D "cn=config" -W .... @@ -1508,7 +1508,7 @@ delete: olcTLSCipherSuite 若有問題無法正常執行,或是全域的超級使用者無法存取後端的設定,可以刪除並重建整個後端設定: -[source,bash] +[source,shell] .... # rm -rf /usr/local/etc/openldap/slapd.d/ .... @@ -1638,7 +1638,7 @@ dhcpd_ifaces="dc0" 執行以下指令來啟動伺服器: -[source,bash] +[source,shell] .... # service isc-dhcpd start .... @@ -1736,21 +1736,21 @@ local_unbound_enable="YES" 若任一個列在清單中的名稱伺服器不支援 DNSSEC,則本地的 DNS 解析便會失敗,請確認有測試每一台名稱伺服器並移除所有測試失敗的項目。以下指令會顯示出信認樹或在 `192.168.1.1` 上執行失敗的名稱伺服器: ==== -[source,bash] +[source,shell] .... % drill -S FreeBSD.org @192.168.1.1 .... 確認完每一台名稱伺服器都支援 DNSSEC 後啟動 Unbound: -[source,bash] +[source,shell] .... # service local_unbound onestart .... 這將會更新 [.filename]#/etc/resolv.conf# 來讓查詢已用 DNSSEC 確保安全的網域現在可以運作,例如,執行以下指令來檢驗 FreeBSD.org DNSSEC 信任樹: -[source,bash] +[source,shell] .... % drill -S FreeBSD.org ;; Number of trusted keys: 1 @@ -1814,7 +1814,7 @@ apache24_flags="" 若 apachectl 未回報設定錯,則可啟動 `httpd`: -[source,bash] +[source,shell] .... # service apache24 start .... @@ -1823,7 +1823,7 @@ apache24_flags="" 後續若有在 `httpd` 執行中時修改 Apache 設定檔可使用以下指令來測試是否有誤: -[source,bash] +[source,shell] .... # service apache24 configtest .... @@ -1887,7 +1887,7 @@ LoadModule php5_module libexec/apache24/libphp5.so 接著,執行 graceful 重新啟動來載入 PHP 模組: -[source,bash] +[source,shell] .... # apachectl graceful .... @@ -1898,7 +1898,7 @@ LoadModule php5_module libexec/apache24/libphp5.so 在安裝完擴充套件之後,必須重新載入 Apache 伺服器來使用新的設定值: -[source,bash] +[source,shell] .... # apachectl graceful .... @@ -1963,14 +1963,14 @@ ftpd_enable="YES" 要立即啟動服務可: -[source,bash] +[source,shell] .... # service ftpd start .... 要測試到 FTP 伺服器的連線可輸入: -[source,bash] +[source,shell] .... % ftp localhost .... @@ -2057,7 +2057,7 @@ Samba 支援數種不同的後端認証模式,客戶端可以使用 LDAP, NIS+ FreeBSD 使用者帳號必須對應 `SambaSAMAccount` 資料庫, 才能讓 Windows(TM) 客戶端存取共享資源,要對應既有的 FreeBSD 使用者帳號可使用 man:pdbedit[8]: -[source,bash] +[source,shell] .... # pdbedit -a username .... @@ -2075,7 +2075,7 @@ samba_server_enable="YES" 要立即啟動 Samba: -[source,bash] +[source,shell] .... # service samba_server start Performing sanity check on Samba configuration: OK @@ -2092,7 +2092,7 @@ winbindd_enable="YES" Samba 可以隨時停止,要停止可輸入: -[source,bash] +[source,shell] .... # service samba_server stop .... @@ -2159,7 +2159,7 @@ leapfile "/var/db/ntpd.leap-seconds.list" 設定 `ntpd_enable="YES"` 可讓開機時會啟動 ntpd。將 `ntpd_enable=YES` 加到 [.filename]#/etc/rc.conf# 之後,可輸入以下指令讓 ntpd 不需重新開機立即啟動: -[source,bash] +[source,shell] .... # service ntpd start .... @@ -2282,14 +2282,14 @@ ctld_enable="YES" To start man:ctld[8] now, run this command: -[source,bash] +[source,shell] .... # service ctld start .... As the man:ctld[8] daemon is started, it reads [.filename]#/etc/ctl.conf#. If this file is edited after the daemon starts, use this command so that the changes take effect immediately: -[source,bash] +[source,shell] .... # service ctld reload .... @@ -2355,7 +2355,7 @@ iscsid_enable="YES" To start man:iscsid[8] now, run this command: -[source,bash] +[source,shell] .... # service iscsid start .... @@ -2366,7 +2366,7 @@ Connecting to a target can be done with or without an [.filename]#/etc/iscsi.con To connect an initiator to a single target, specify the IP address of the portal and the name of the target: -[source,bash] +[source,shell] .... # iscsictl -A -p 10.10.10.10 -t iqn.2012-06.com.example:target0 .... @@ -2381,7 +2381,7 @@ iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0 In this example, the iSCSI session was successfully established, with [.filename]#/dev/da0# representing the attached LUN. If the `iqn.2012-06.com.example:target0` target exports more than one LUN, multiple device nodes will be shown in that section of the output: -[source,bash] +[source,shell] .... Connected: da0 da1 da2. .... @@ -2420,7 +2420,7 @@ iqn.2012-06.com.example:target0 10.10.10.10 Authentication f To specify a CHAP username and secret, use this syntax: -[source,bash] +[source,shell] .... # iscsictl -A -p 10.10.10.10 -t iqn.2012-06.com.example:target0 -u user -s secretsecret .... @@ -2444,14 +2444,14 @@ The `t0` specifies a nickname for the configuration file section. It will be use To connect to the defined target, specify the nickname: -[source,bash] +[source,shell] .... # iscsictl -An t0 .... Alternately, to connect to all targets defined in the configuration file, use: -[source,bash] +[source,shell] .... # iscsictl -Aa .... diff --git a/documentation/content/zh-tw/books/handbook/ports/_index.adoc b/documentation/content/zh-tw/books/handbook/ports/_index.adoc index e767ec5137..537c083d4b 100644 --- a/documentation/content/zh-tw/books/handbook/ports/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/ports/_index.adoc @@ -127,7 +127,7 @@ FreeBSD 上可安裝的軟體清單不斷在增加, 有幾種方式可以來 + 要搜尋 Binary 套件檔案庫中的應用程式可: + -[source,bash] +[source,shell] .... # pkg search subversion git-subversion-1.9.2 @@ -145,7 +145,7 @@ subversion17-1.7.16_2 + 套件名稱包含版本編號,且若 Port 使用 Python 為基礎,也會包含用來編譯該套件的 Python 版本。有些 Port 會有多個版本可使用,如 Subversion ,因編譯選項不同,有多個版本可用,這個例子中即指靜態連結版本的 Subversion。在指定要安裝的套件時,最好使用 Port 來源來指定該應用程式,Port 來源是指應用程式在 Port 樹中的路徑。再輸入一次 `pkg search` 並加上 `-o` 來列出每個套件來源: + -[source,bash] +[source,shell] .... # pkg search -o subversion devel/git-subversion @@ -164,7 +164,7 @@ devel/subversion-static `pkg search` 支援使用 Shell 萬手字元 (globs)、正規表示法、描述或檔案庫中的其他其他內容。在安裝 package:ports-mgmt/pkg[] 或 package:ports-mgmt/pkg-devel[] 之後,可參考 man:pkg-search[8] 以取得更多詳細資訊。 * 若 Port 套件集已安裝,有數個方法可以查詢 Port 樹中的本地版本。要找到 Port 所在的分類,可輸入 `whereis _file_`,其中 _file_ 是要安裝的程式: + -[source,bash] +[source,shell] .... # whereis lsof lsof: /usr/ports/sysutils/lsof @@ -172,7 +172,7 @@ lsof: /usr/ports/sysutils/lsof + 或者,也可使用 man:echo[1]: + -[source,bash] +[source,shell] .... # echo /usr/ports/*/*lsof* /usr/ports/sysutils/lsof @@ -181,7 +181,7 @@ lsof: /usr/ports/sysutils/lsof 請注意,這也會顯示已下載至 [.filename]#/usr/ports/distfiles# 目錄中任何已符合條件的檔案。 * 另一個方法是使用 Port 套件集內建的搜尋機制來找軟體。要使用搜尋的功能需先 cd 到 [.filename]#/usr/ports# 然後執行 `make search name=program-name`,其中 _program-name_ 代表軟體的名稱。舉例搜尋 `lsof`: + -[source,bash] +[source,shell] .... # cd /usr/ports # make search name=lsof @@ -204,7 +204,7 @@ R-deps: + 若不要接受這麼多資訊,可使用 `quicksearch` 功能: + -[source,bash] +[source,shell] .... # cd /usr/ports # make quicksearch name=lsof @@ -240,7 +240,7 @@ FreeBSD 內建啟動 (Bootstrap) 工具可用來下載並安裝 pkg 及其操作 要啟動 (Bootstrap) 系統請執行: -[source,bash] +[source,shell] .... # /usr/sbin/pkg .... @@ -249,7 +249,7 @@ FreeBSD 內建啟動 (Bootstrap) 工具可用來下載並安裝 pkg 及其操作 否則,要安裝 Port 套件,則須執行: -[source,bash] +[source,shell] .... # cd /usr/ports/ports-mgmt/pkg # make @@ -258,7 +258,7 @@ FreeBSD 內建啟動 (Bootstrap) 工具可用來下載並安裝 pkg 及其操作 當升級原使用舊版 pkg_* 工具的既有系統時,必須將資料庫轉換成新的格式,如此新的工具才會知道有那些已安裝過的套件。pkg 安裝完後,必須執行以下指令將套件資料庫從舊版格式轉換到新版格式: -[source,bash] +[source,shell] .... # pkg2ng .... @@ -293,12 +293,12 @@ pkg 的用法資訊可在 man:pkg[8] 操作手冊或不加任何參數執行 `pk 每個 pkg 指令參數皆記庫在指令操件手冊。要閱讀 `pkg install` 的操作手冊,可執行以下指令: -[source,bash] +[source,shell] .... # pkg help install .... -[source,bash] +[source,shell] .... # man pkg-install .... @@ -312,7 +312,7 @@ pkg 的用法資訊可在 man:pkg[8] 操作手冊或不加任何參數執行 `pk 例如,要查看已安裝的 pkg 版本可執行: -[source,bash] +[source,shell] .... # pkg info pkg pkg-1.1.4_1 @@ -323,14 +323,14 @@ pkg-1.1.4_1 要安裝 Binary 套件可使用以下指令,其中 _packagename_ 為要安裝的套件名稱: -[source,bash] +[source,shell] .... # pkg install packagename .... 這個指令會使用檔案庫的資料來決定要安裝的軟體版本以及是否有任何未安裝的相依。例如,要安裝 curl: -[source,bash] +[source,shell] .... # pkg install curl Updating repository catalogue @@ -357,7 +357,7 @@ Cleaning up cache files...Done 新的套件以及任何做為相依安裝的額外套件可在已安裝的套件清單中看到: -[source,bash] +[source,shell] .... # pkg info ca_root_nss-3.15.1_1 The root certificate bundle from the Mozilla Project @@ -367,7 +367,7 @@ pkg-1.1.4_6 New generation package manager 不再需要的套件可以使用 `pkg delete` 來移除,例如: -[source,bash] +[source,shell] .... # pkg delete curl The following packages will be deleted: @@ -385,7 +385,7 @@ Proceed with deleting packages [y/N]: y 執行以下指令,可將已安裝的套件升級到最新版本: -[source,bash] +[source,shell] .... # pkg upgrade .... @@ -397,7 +397,7 @@ Proceed with deleting packages [y/N]: y 在第三方的應用程式中偶爾可能會發現軟體漏洞,要找出這些程式,可使用 pkg 內建的稽查機制。要查詢已安裝在系統上的軟體是否有任何已知的漏洞可執行: -[source,bash] +[source,shell] .... # pkg audit -F .... @@ -407,7 +407,7 @@ Proceed with deleting packages [y/N]: y 移除一個套件可能會留下不再需要使用的相依套件。不再需要的相依套件是當初隨著其套件所安裝的套件 (枝葉套件),可以使用以下指令自動偵測並移除: -[source,bash] +[source,shell] .... # pkg autoremove Packages to be autoremoved: @@ -421,7 +421,7 @@ Deinstalling ca_root_nss-3.15.1_1... done 因為相依所安裝的套件稱作 _自動 (Automatic)_ 套件,而非自動套件即套件被安裝的原因不是因為其他套件所相依,可以使用以下方式查詢: -[source,bash] +[source,shell] .... # pkg prime-list nginx @@ -431,7 +431,7 @@ sudo `pkg prime-list` 是一個別名指令,定義在 [.filename]#/usr/local/etc/pkg.conf#,尚還有許多其他相關指令可以用來查詢系統的套件資料庫,例如,指令 `pkg prime-origins` 可用來取得上述清單的來源 Port 目錄: -[source,bash] +[source,shell] .... # pkg prime-origins www/nginx @@ -443,7 +443,7 @@ security/sudo 要將一個安裝好的套件註記成為 "自動" 可以用: -[source,bash] +[source,shell] .... # pkg set -A 1 devel/cmake .... @@ -452,7 +452,7 @@ security/sudo 要註記一個安裝好的套件為 "__非__自動" 可以用: -[source,bash] +[source,shell] .... # pkg set -A 0 devel/cmake .... @@ -470,7 +470,7 @@ security/sudo 要還原先前套件資料庫的備份,可執行以下指令並將 _/path/to/pkg.sql_ 替換為備份的位置: -[source,bash] +[source,shell] .... # pkg backup -r /path/to/pkg.sql .... @@ -482,7 +482,7 @@ security/sudo 要手動備份 pkg 資料庫,可執行以下指令,並替換 _/path/to/pkg.sql_ 為適當的檔案名稱與位置: -[source,bash] +[source,shell] .... # pkg backup -d /path/to/pkg.sql .... @@ -492,14 +492,14 @@ security/sudo 預設 pkg 會儲存 Binary 套件在快取目錄定義在 man:pkg.conf[5] 中的 `PKG_CACHEDIR`,只會保留最後安裝的套件複本。較舊版的 pkg 會保留所有先前的套件,若要移除這些過時的 Binary 套件,可執行: -[source,bash] +[source,shell] .... # pkg clean .... 使用以下指令可清空全部的快取: -[source,bash] +[source,shell] .... # pkg clean -a .... @@ -511,21 +511,21 @@ security/sudo 要更改上述例子中的套件來源,可執行: -[source,bash] +[source,shell] .... # pkg set -o lang/php5:lang/php53 .... 再一個例子,要更新 package:lang/ruby18[] 為 package:lang/ruby19[],可執行: -[source,bash] +[source,shell] .... # pkg set -o lang/ruby18:lang/ruby19 .... 最後一個例子,要更改 [.filename]#libglut# 共用程式庫的來源從 package:graphics/libglut[] 改成 package:graphics/freeglut[] 可執行: -[source,bash] +[source,shell] .... # pkg set -o graphics/libglut:graphics/freeglut .... @@ -534,7 +534,7 @@ security/sudo ==== 在更改套件來源之後,很重要的一件事是要重新安裝套件,來讓相依的套件也同時使用修改後的來源。要強制重新安裝相依套件,可執行: -[source,bash] +[source,shell] .... # pkg install -Rf graphics/freeglut .... @@ -559,21 +559,21 @@ FreeBSD 的基礎系統內含 Portsnap,這是一個可用來取得 Port 套件 . 要下載壓縮後的 Port 套件集快照 (Snapshot) 到 [.filename]#/var/db/portsnap#: + -[source,bash] +[source,shell] .... # portsnap fetch .... + . 當第一次執行 Portsnap 時,要先解壓縮快照到 [.filename]#/usr/ports#: + -[source,bash] +[source,shell] .... # portsnap extract .... + . 在完成上述第一次使用 Portsnap 的動作之後,往後可隨需要執行以下指令來更新 [.filename]#/usr/ports# : + -[source,bash] +[source,shell] .... # portsnap fetch # portsnap update @@ -581,7 +581,7 @@ FreeBSD 的基礎系統內含 Portsnap,這是一個可用來取得 Port 套件 + 當使用 `fetch` 時也可同時執行 `extract` 或 `update` 如: + -[source,bash] +[source,shell] .... # portsnap fetch update .... @@ -597,7 +597,7 @@ FreeBSD 的基礎系統內含 Portsnap,這是一個可用來取得 Port 套件 . 必須安裝 Subversion 才可用來取出 (Check out) Port 樹。若已存在 Port 樹的複本,可使用此方式安裝 Subversion: + -[source,bash] +[source,shell] .... # cd /usr/ports/devel/subversion # make install clean @@ -605,21 +605,21 @@ FreeBSD 的基礎系統內含 Portsnap,這是一個可用來取得 Port 套件 + 若尚無法使用 Port 樹,或已經使用 pkg 來管理套件,可使用套件來安裝 Subversion: + -[source,bash] +[source,shell] .... # pkg install subversion .... + . 取出 Port 樹的複本: + -[source,bash] +[source,shell] .... # svn checkout https://svn.FreeBSD.org/ports/head /usr/ports .... + . 若需要,在第一次 Subversion 取出後可使用以下指令更新 [.filename]#/usr/ports#: + -[source,bash] +[source,shell] .... # svn update /usr/ports .... @@ -652,7 +652,7 @@ Port 中並不含實際的原始碼,即為 [.filename]#distfile#,在編譯 P 要編譯並安裝 Port,需切換目錄到要安裝的 Port 底下,然後輸入 `make install`,訊息中會顯示安裝的進度: -[source,bash] +[source,shell] .... # cd /usr/ports/sysutils/lsof # make install @@ -694,7 +694,7 @@ Port 中並不含實際的原始碼,即為 [.filename]#distfile#,在編譯 P 安裝過程中會建立工作用的子目錄用來儲存編譯時暫存的檔案。可移除此目錄來節省磁碟空間並漸少往後升級新版 Port 時造成問題: -[source,bash] +[source,shell] .... # make clean ===> Cleaning for lsof-88.d,8 @@ -724,7 +724,7 @@ Port 系統使用 man:fetch[1] 來下載檔案,它支援許多的環境變數 在部份少數情況,例如當公司或組織有自己的本地 distfiles 檔案庫,可使用 `MASTER_SITES` 變數來覆蓋在 [.filename]#Makefile# 中指定的下載位址。當要指定替代的位址時可: -[source,bash] +[source,shell] .... # cd /usr/ports/directory # make MASTER_SITE_OVERRIDE= \ @@ -733,21 +733,21 @@ ftp://ftp.organization.org/pub/FreeBSD/ports/distfiles/ fetch 也可使用 `WRKDIRPREFIX` 及 `PREFIX` 變數來覆蓋預設的工作及目標目錄。例如: -[source,bash] +[source,shell] .... # make WRKDIRPREFIX=/usr/home/example/ports install .... 會編譯在 [.filename]#/usr/home/example/ports# 的 Port 並安裝所有東西到 [.filename]#/usr/local# 下。 -[source,bash] +[source,shell] .... # make PREFIX=/usr/home/example/local install .... 會編譯在 [.filename]#/usr/ports# Port 並安裝到 [.filename]#/usr/home/example/local#。然後: -[source,bash] +[source,shell] .... # make WRKDIRPREFIX=../ports PREFIX=../local install .... @@ -763,7 +763,7 @@ ftp://ftp.organization.org/pub/FreeBSD/ports/distfiles/ fetch 或者,可在 Port 的目錄下執行 `make deinstall`: -[source,bash] +[source,shell] .... # cd /usr/ports/sysutils/lsof make deinstall @@ -786,14 +786,14 @@ The deinstallation will free 229 kB 要檢查已安裝 Port 是否有新版可用,請先確定已安裝最新版本的 Port 樹,使用 <<ports-using-portsnap-method,Procedure: Portsnap 方法>> 或 <<ports-using-subversion-method,Procedure: Subversion 方法>> 中說明的指令來更新。在 FreeBSD 10 與更新的版本,或若套件系統已轉換為 pkg,可以使用下列指令列出已經安裝的 Port 中有那些已過時: -[source,bash] +[source,shell] .... # pkg version -l "<" .... 在 FreeBSD 9._X_ 與較舊的版本,可以使用下列指令列出已經安裝的 Port 中有那些已過時: -[source,bash] +[source,shell] .... # pkg_version -l "<" .... @@ -820,7 +820,7 @@ Port 套件集含有數個工具可以進行升級,每一種工具都有其優 package:ports-mgmt/portmaster[] 是可用來升級已安裝 Port 的小巧工具,它只使用了隨 FreeBSD 基礎系統安裝的工具,不需要相依其他 Port 或資料庫便可在 FreeBSD 使用,要使用 Port 安裝此工具可: -[source,bash] +[source,shell] .... # cd /usr/ports/ports-mgmt/portmaster # make install clean @@ -835,7 +835,7 @@ Portmaster 將 Port 定義成四種類型: 要列出這幾個分類並搜尋是否有新版: -[source,bash] +[source,shell] .... # portmaster -L ===>>> Root ports (No dependencies, not depended on) @@ -862,7 +862,7 @@ Portmaster 將 Port 定義成四種類型: 此指令用來升級所有過時的 Port: -[source,bash] +[source,shell] .... # portmaster -a .... @@ -874,14 +874,14 @@ Portmaster 將 Port 定義成四種類型: 若升級的過程發生錯誤,可加入 `-f` 來升級並重新編譯所有 Port: -[source,bash] +[source,shell] .... # portmaster -af .... Portmaster 也可用來安裝新的 Port 到系統,在編譯及安裝新 Port 前升級所有相依模組。要使用這個功能,要指定 Port 位於 Port 套件集中的位置: -[source,bash] +[source,shell] .... # portmaster shells/bash .... @@ -893,7 +893,7 @@ Portmaster 也可用來安裝新的 Port 到系統,在編譯及安裝新 Port package:ports-mgmt/portupgrade[] 是另一個可以用來升級 Port 的工具,此工具會安裝一套可以用來管理 Port 的應用程式,它需要相依 Ruby。要安裝該 Port: -[source,bash] +[source,shell] .... # cd /usr/ports/ports-mgmt/portupgrade # make install clean @@ -903,21 +903,21 @@ package:ports-mgmt/portupgrade[] 是另一個可以用來升級 Port 的工具 要升級所有安裝在系統上過時的 Port,可使用 `portupgrade -a`,或者加上 `-i` 會在每個套件升級時詢問確認: -[source,bash] +[source,shell] .... # portupgrade -ai .... 要升級指定的應用程式而非所有可用 Port 可使用 `portupgrade _pkgname_`,非常重要的是,要加上 `-R` 來先升級指定應用程式所有相依的 Port: -[source,bash] +[source,shell] .... # portupgrade -R firefox .... 若使用 `-P`,Portupgrade 會先在 `PKG_PATH` 清單中的本地目錄中搜尋可用的套件。若本地沒有可用的套件,則會從遠端下載。若套件無法在本地或遠端找到,Portupgrade 則會使用 Port 來安裝。要避免完全使用 Port 安裝,可使用 `-PP`,這個選項會告訴 Portupgrade 若沒有套件可用時放棄安裝: -[source,bash] +[source,shell] .... # portupgrade -PP gnome3 .... @@ -931,28 +931,28 @@ package:ports-mgmt/portupgrade[] 是另一個可以用來升級 Port 的工具 使用 Port 套件集會隨著時間消耗磁碟空間。在編譯與安裝 Port 完之後,在 Port Skeleton 中執行 `make clean` 可清除暫存的 [.filename]#work# 目錄。若使用 Portmaster 來安裝 Port,則會自動移除該目錄,除非使用 `-K`。若有安裝 Portupgrade,此指令將會移除所有在 Port 套件集的本地複本中找到的 [.filename]#work# 目錄: -[source,bash] +[source,shell] .... # portsclean -C .... 除此之外,許多過時的原始碼發行檔案會儲存在 [.filename]#/usr/ports/distfiles#。使用 Portupgrade 刪除所有不再被任何 Port 所引用的 distfiles: -[source,bash] +[source,shell] .... # portsclean -D .... Portupgrade 可以移除所有未被任何安裝在系統上的 Port 所引用的 distfiles: -[source,bash] +[source,shell] .... # portsclean -DD .... 若有安裝 Portmaster,則可使用: -[source,bash] +[source,shell] .... # portmaster --clean-distfiles .... @@ -977,7 +977,7 @@ Poudriere 可使用 package:ports-mgmt/poudriere[] 套件或 Port 安裝。安 在設定之後,初始化 poudriere 來安裝 Jail 及其所需的 FreeBSD 樹與 Port 樹。使用 `-j` 來指定 Jail 的名稱以及 `-v` 來指定 FreeBSD 的版本。在執行 FreeBSD/amd64 的系統上可使用 `-a` 來設定要使用的架構為 `i386` 或 `amd64`,預設會採用使用 `uname` 所顯示的架構。 -[source,bash] +[source,shell] .... # poudriere jail -c -j 10amd64 -v 10.0-RELEASE ====>> Creating 10amd64 fs... done @@ -997,7 +997,7 @@ Poudriere 可使用 package:ports-mgmt/poudriere[] 套件或 Port 安裝。安 ====>> Jail 10amd64 10.0-RELEASE amd64 is ready to be used .... -[source,bash] +[source,shell] .... # poudriere ports -c -p local ====>> Creating local fs... done @@ -1046,14 +1046,14 @@ ports-mgmt/pkg 可使用以下方式設定選項及相依: -[source,bash] +[source,shell] .... # poudriere options -j 10amd64 -p local -z workstation -f 10amd64-local-workstation-pkglist .... 最後,編譯套件並建立套件檔案庫: -[source,bash] +[source,shell] .... # poudriere bulk -j 10amd64 -p local -z workstation -f 10amd64-local-workstation-pkglist .... diff --git a/documentation/content/zh-tw/books/handbook/ppp-and-slip/_index.adoc b/documentation/content/zh-tw/books/handbook/ppp-and-slip/_index.adoc index 8a3b9f2ae2..1875b79581 100644 --- a/documentation/content/zh-tw/books/handbook/ppp-and-slip/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/ppp-and-slip/_index.adoc @@ -361,14 +361,14 @@ An alternative is to set up a "dfilter" to block SMTP traffic. Refer to the samp All that is left is to reboot the machine. After rebooting, either type: -[source,bash] +[source,shell] .... # ppp .... and then `dial provider` to start the PPP session, or, to configure `ppp` to establish sessions automatically when there is outbound traffic and [.filename]#start_if.tun0# does not exist, type: -[source,bash] +[source,shell] .... # ppp -auto provider .... @@ -453,7 +453,7 @@ device uart The [.filename]#uart# device is already included in the `GENERIC` kernel, so no additional steps are necessary in this case. Just check the `dmesg` output for the modem device with: -[source,bash] +[source,shell] .... # dmesg | grep uart .... @@ -464,33 +464,33 @@ This should display some pertinent output about the [.filename]#uart# devices. T Connecting to the Internet by manually controlling `ppp` is quick, easy, and a great way to debug a connection or just get information on how the ISP treats `ppp` client connections. Lets start PPP from the command line. Note that in all of our examples we will use _example_ as the hostname of the machine running PPP. To start `ppp`: -[source,bash] +[source,shell] .... # ppp .... -[source,bash] +[source,shell] .... ppp ON example> set device /dev/cuau1 .... This second command sets the modem device to [.filename]#cuau1#. -[source,bash] +[source,shell] .... ppp ON example> set speed 115200 .... This sets the connection speed to 115,200 kbps. -[source,bash] +[source,shell] .... ppp ON example> enable dns .... This tells `ppp` to configure the resolver and add the nameserver lines to [.filename]#/etc/resolv.conf#. If `ppp` cannot determine the hostname, it can manually be set later. -[source,bash] +[source,shell] .... ppp ON example> term .... @@ -503,7 +503,7 @@ deflink: Entering terminal mode on /dev/cuau1 type '~h' for help .... -[source,bash] +[source,shell] .... at OK @@ -512,56 +512,56 @@ atdt123456789 Use `at` to initialize the modem, then use `atdt` and the number for the ISP to begin the dial in process. -[source,bash] +[source,shell] .... CONNECT .... Confirmation of the connection, if we are going to have any connection problems, unrelated to hardware, here is where we will attempt to resolve them. -[source,bash] +[source,shell] .... ISP Login:myusername .... At this prompt, return the prompt with the username that was provided by the ISP. -[source,bash] +[source,shell] .... ISP Pass:mypassword .... At this prompt, reply with the password that was provided by the ISP. Just like logging into FreeBSD, the password will not echo. -[source,bash] +[source,shell] .... Shell or PPP:ppp .... Depending on the ISP, this prompt might not appear. If it does, it is asking whether to use a shell on the provider or to start `ppp`. In this example, `ppp` was selected in order to establish an Internet connection. -[source,bash] +[source,shell] .... Ppp ON example> .... Notice that in this example the first `p` has been capitalized. This shows that we have successfully connected to the ISP. -[source,bash] +[source,shell] .... PPp ON example> .... We have successfully authenticated with our ISP and are waiting for the assigned IP address. -[source,bash] +[source,shell] .... PPP ON example> .... We have made an agreement on an IP address and successfully completed our connection. -[source,bash] +[source,shell] .... PPP ON example>add default HISADDR .... @@ -580,14 +580,14 @@ PPP may not return to the command mode, which is usually a negotiation error whe If a login prompt never appears, PAP or CHAP authentication is most likely required. To use PAP or CHAP, add the following options to PPP before going into terminal mode: -[source,bash] +[source,shell] .... ppp ON example> set authname myusername .... Where _myusername_ should be replaced with the username that was assigned by the ISP. -[source,bash] +[source,shell] .... ppp ON example> set authkey mypassword .... @@ -637,7 +637,7 @@ name_of_service_provider: 以 `root` 身份執行: -[source,bash] +[source,shell] .... # ppp -ddial name_of_service_provider .... @@ -687,7 +687,7 @@ net.graph.nonstandard_pppoe=1 或可以執行以下指令立即更改: -[source,bash] +[source,shell] .... # sysctl net.graph.nonstandard_pppoe=1 .... @@ -759,14 +759,14 @@ adsl: It is possible to initialize the connection easily by issuing the following command as `root`: -[source,bash] +[source,shell] .... # mpd -b adsl .... To view the status of the connection: -[source,bash] +[source,shell] .... % ifconfig ng0 ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500 @@ -802,7 +802,7 @@ adsl: Since the account's password is added to [.filename]#ppp.conf# in plain text form, make sure nobody can read the contents of this file: -[source,bash] +[source,shell] .... # chown root:wheel /etc/ppp/ppp.conf # chmod 600 /etc/ppp/ppp.conf @@ -812,7 +812,7 @@ Since the account's password is added to [.filename]#ppp.conf# in plain text for This will open a tunnel for a PPP session to the DSL router. Ethernet DSL modems have a preconfigured LAN IP address to connect to. In the case of the Alcatel SpeedTouch(TM) Home, this address is `10.0.0.138`. The router's documentation should list the address the device uses. To open the tunnel and start a PPP session: -[source,bash] +[source,shell] .... # pptp address adsl .... @@ -825,7 +825,7 @@ If an ampersand ("&") is added to the end of this command, pptp will return the A [.filename]#tun# virtual tunnel device will be created for interaction between the pptp and ppp processes. Once the prompt is returned, or the pptp process has confirmed a connection, examine the tunnel: -[source,bash] +[source,shell] .... % ifconfig tun0 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 diff --git a/documentation/content/zh-tw/books/handbook/preface/_index.adoc b/documentation/content/zh-tw/books/handbook/preface/_index.adoc index e43423a9fe..feccf55614 100644 --- a/documentation/content/zh-tw/books/handbook/preface/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/preface/_index.adoc @@ -223,21 +223,21 @@ kbd:[Ctrl+X], kbd:[Ctrl+S] 範例以 [.filename]#C:\># 為開頭代表 MS-DOS(TM) 的指令。 若沒有特殊情況的話,這些指令應該是在 Microsoft(TM) Windows(TM) 環境的 "指令提示字元 (Command Prompt)" 視窗內執行。 -[source,bash] +[source,shell] .... E:\> tools\fdimage floppies\kern.flp A: .... 範例以 `#` 為開頭代表在 FreeBSD 中以超級使用者權限來執行的指令。 你可以先以 `root` 登入系統並下指令,或是以你自己的帳號登入再使用 man:su[1] 來取得超級使用者權限。 -[source,bash] +[source,shell] .... # dd if=kern.flp of=/dev/fd0 .... 範例以 `%` 為開頭代表在 FreeBSD 中以一般使用者帳號執行的指令。 除非有提到其他用法,否則都是預設為 C-shell 語法,用來設定環境變數以及下其他指令的意思。 -[source,bash] +[source,shell] .... % top .... diff --git a/documentation/content/zh-tw/books/handbook/printing/_index.adoc b/documentation/content/zh-tw/books/handbook/printing/_index.adoc index e32bdc059f..c5fdd88e87 100644 --- a/documentation/content/zh-tw/books/handbook/printing/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/printing/_index.adoc @@ -56,7 +56,7 @@ toc::[] ==== . 建立一個目錄來儲存要被列印的檔案: + -[source,bash] +[source,shell] .... # mkdir -p /var/spool/lpd/lp # chown daemon:daemon /var/spool/lpd/lp @@ -85,7 +85,7 @@ lpd_enable="YES" + 啟動服務: + -[source,bash] +[source,shell] .... # service lpd start Starting lpd. @@ -93,7 +93,7 @@ Starting lpd. + . 測試列印: + -[source,bash] +[source,shell] .... # printf "1. This printer can print.\n2. This is the second line.\n" | lpr .... @@ -106,7 +106,7 @@ Starting lpd. + 現在可以使用 `lpr` 來列印文字檔,只要在指令列給序檔案名稱,或者將輸出使用管線符號 (Pipe) 傳送給 `lpr`。 + -[source,bash] +[source,shell] .... % lpr textfile.txt % ls -lh | lpr @@ -228,14 +228,14 @@ Port 套件集與 FreeBSD 工具集有許多可以處理 PostScript(TM) 輸出 對於偶爾列印,檔案可以直接傳送到印表機裝置,無需做任何設定。例如,要傳送一個名稱為 [.filename]#sample.txt# 的檔案到 USB 印表機: -[source,bash] +[source,shell] .... # cp sample.txt /dev/unlpt0 .... 要直接使用網路印表機列印需看該印表機支援的功能,但大多數會接受埠號 9100 的列印作業,可使用 man:nc[1] 來完成。要使用 DNS 主機名稱為 _netlaser_ 的印表機列印與上述相同的檔案可: -[source,bash] +[source,shell] .... # nc netlaser 9100 < sample.txt .... @@ -252,7 +252,7 @@ FreeBSD 內含的緩衝程式 (Spooler) 稱作 man:lpd[8],而列印工作會 建立要用來儲存列印工作的目錄、設定擁有關係以及權限來避免其他使用者可以檢視這些檔案的內容: -[source,bash] +[source,shell] .... # mkdir -p /var/spool/lpd/lp # chown daemon:daemon /var/spool/lpd/lp @@ -280,7 +280,7 @@ lp:\ <.> 在建立 [.filename]#/etc/printcap# 之後,使用 man:chkprintcap[8] 測試印表機是否有錯誤: -[source,bash] +[source,shell] .... # chkprintcap .... @@ -296,7 +296,7 @@ lpd_enable="YES" 啟動服務: -[source,bash] +[source,shell] .... # service lpd start .... @@ -306,7 +306,7 @@ lpd_enable="YES" Documents are sent to the printer with `lpr`. A file to be printed can be named on the command line or piped into `lpr`. These two commands are equivalent, sending the contents of [.filename]#doc.txt# to the default printer: -[source,bash] +[source,shell] .... % lpr doc.txt % cat doc.txt | lpr @@ -314,7 +314,7 @@ Documents are sent to the printer with `lpr`. A file to be printed can be named Printers can be selected with `-P`. To print to a printer called _laser_: -[source,bash] +[source,shell] .... % lpr -Plaser doc.txt .... @@ -380,7 +380,7 @@ CR=$'\r' Set the permissions and make it executable: -[source,bash] +[source,shell] .... # chmod 555 /usr/local/libexec/lf2crlf .... @@ -409,7 +409,7 @@ Create [.filename]#/usr/local/libexec/enscript# with these contents: Set the permissions and make it executable: -[source,bash] +[source,shell] .... # chmod 555 /usr/local/libexec/enscript .... @@ -440,7 +440,7 @@ Create [.filename]#/usr/local/libexec/ps2pcl# with these contents: Set the permissions and make it executable: -[source,bash] +[source,shell] .... # chmod 555 /usr/local/libexec/ps2pcl .... @@ -456,7 +456,7 @@ Modify [.filename]#/etc/printcap# to use this new input filter: Test the filter by sending a small PostScript(TM) program to it: -[source,bash] +[source,shell] .... % printf "%%\!PS \n /Helvetica findfont 18 scalefont setfont \ 72 432 moveto (PostScript printing successful.) show showpage \004" | lpr @@ -492,7 +492,7 @@ esac Set the permissions and make it executable: -[source,bash] +[source,shell] .... # chmod 555 /usr/local/libexec/psif .... @@ -552,7 +552,7 @@ man:lpq[1] shows the status of a user's print jobs. Print jobs from other users Show the current user's pending jobs on a single printer: -[source,bash] +[source,shell] .... % lpq -Plp Rank Owner Job Files Total Size @@ -561,7 +561,7 @@ Rank Owner Job Files Total Size Show the current user's pending jobs on all printers: -[source,bash] +[source,shell] .... % lpq -a lp: @@ -580,7 +580,7 @@ man:lprm[1] is used to remove print jobs. Normal users are only allowed to remov Remove all pending jobs from a printer: -[source,bash] +[source,shell] .... # lprm -Plp - dfA002smithy dequeued @@ -593,7 +593,7 @@ cfA004smithy dequeued Remove a single job from a printer. man:lpq[1] is used to find the job number. -[source,bash] +[source,shell] .... % lpq Rank Owner Job Files Total Size @@ -610,7 +610,7 @@ man:lpc[8] is used to check and modify printer status. `lpc` is followed by a co Show the status of all printers: -[source,bash] +[source,shell] .... % lpc status all lp: @@ -627,7 +627,7 @@ laser: Prevent a printer from accepting new jobs, then begin accepting new jobs again: -[source,bash] +[source,shell] .... # lpc disable lp lp: @@ -639,7 +639,7 @@ lp: Stop printing, but continue to accept new jobs. Then begin printing again: -[source,bash] +[source,shell] .... # lpc stop lp lp: @@ -652,7 +652,7 @@ lp: Restart a printer after some error condition: -[source,bash] +[source,shell] .... # lpc restart lp lp: @@ -663,7 +663,7 @@ lp: Turn the print queue off and disable printing, with a message to explain the problem to users: -[source,bash] +[source,shell] .... # lpc down lp Repair parts will arrive on Monday lp: @@ -673,7 +673,7 @@ lp: Re-enable a printer that is down: -[source,bash] +[source,shell] .... # lpc up lp lp: @@ -700,14 +700,14 @@ lp|repairsprinter|salesprinter:\ Aliases can be used in place of the printer name. For example, users in the Sales department print to their printer with -[source,bash] +[source,shell] .... % lpr -Psalesprinter sales-report.txt .... Users in the Repairs department print to _their_ printer with -[source,bash] +[source,shell] .... % lpr -Prepairsprinter repairs-report.txt .... diff --git a/documentation/content/zh-tw/books/handbook/security/_index.adoc b/documentation/content/zh-tw/books/handbook/security/_index.adoc index e092c01f8d..fc639315b1 100644 --- a/documentation/content/zh-tw/books/handbook/security/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/security/_index.adoc @@ -97,14 +97,14 @@ CIA 三字訣是電腦安全的基石,就如同客戶與使用者期望他們 要防止登入存取帳號有兩種方法,第一種是鎖定帳號,以下範例會鎖定 `toor` 帳號: -[source,bash] +[source,shell] .... # pw lock toor .... 第二種防止登入存取的方式是狀 Shell 更改為 [.filename]#/usr/sbin/nologin#,只有超級使用者可以更改其他使用者的 Shell: -[source,bash] +[source,shell] .... # chsh -s /usr/sbin/nologin toor .... @@ -120,7 +120,7 @@ CIA 三字訣是電腦安全的基石,就如同客戶與使用者期望他們 在安裝之後,使用 `visudo` 來編輯 [.filename]#/usr/local/etc/sudoers#。這個範例會建立新 `webadmin` 群組,並加入 `trhodes` 帳號到該群組,然後設定該群組可重新啟動 package:apache24[] 的存取權: -[source,bash] +[source,shell] .... # pw groupadd webadmin -M trhodes -g 6000 # visudo @@ -139,7 +139,7 @@ Blowfish 不是 AES 的一部份且不符合任何聯邦資訊處理標準 (Fede 要知道目前用何種雜湊演算法來加密某位使用者密碼,超級使用者可以檢視在 FreeBSD 密碼資料庫中該使用者的雜湊,每個雜湊的一開始便會以符號標示其用來加密密碼所使用的雜湊機制。若使用 DES 則開始不會有任何符號,而 MD5 的符號則是 `$`,SHA256 及 SHA512 的符號是 `$6$`,Blowfish 的符號是 `$2a$`。在以下例子中 `dru` 的密碼使以預設的 SHA512 演算法加密,因為其雜湊的開始為 `$6$`。注意,該加密過的雜湊,不是原來的密碼,會儲存於密碼資料庫中: -[source,bash] +[source,shell] .... # grep dru /etc/master.passwd dru:$6$pzIjSvCAn.PBYQBA$PXpSeWPx3g5kscj3IMiM7tUEUSPmGexxta.8Lt9TGSi2lNQqYGKszsBPuGME0:1001:1001::0:0:dru:/usr/home/dru:/bin/csh @@ -183,7 +183,7 @@ password requisite pam_passwdqc.so min=disabled,disabled,di 一這個檔案儲存之後,更改密碼的使用者將會看到如下的訊息: -[source,bash] +[source,shell] .... % passwd Changing local password for trhodes @@ -214,7 +214,7 @@ Enter new password: 要在個別使用者設定期限,可將有效日期或到期的天數與使用者名稱傳給 `pw`: -[source,bash] +[source,shell] .... # pw usermod -p 30-apr-2015 -n trhodes .... @@ -230,7 +230,7 @@ rootkit 對管理者而言唯一有幫助的是:一但偵測到,便代表某 安裝此套件或 Port 之後,系統便可使用以下指令檢查。該指令提供許多資訊且會需要手動按下 kbd:[ENTER] 確認: -[source,bash] +[source,shell] .... # rkhunter -c .... @@ -248,7 +248,7 @@ FreeBSD 原生提供了基礎的 IDS 系統,雖然每天晚上會有安全性 內建 `mtree` 工具可以對一個目錄中的內容產生一個規格檔,產生規格檔會用到一個種子碼 (Seed) 或常數,然後在檢查規格是否有更改過時會也會需要使用這個種子碼或常數。這讓檢查一個檔案或 Binary 是否被修改變成可能的一件事。由於攻擊者並不知道種子碼,要仿冒或檢查檔案的校驗碼 (Checksum) 數值是幾乎不可能的。以下例子會產生一組 SHA256 雜湊,每一個在 [.filename]#/bin# 的系統 Binary 都會有一個,並姐會將這些值以隱藏黨儲存在 `root` 的家目錄,[.filename]#/root/.bin_chksum_mtree#: -[source,bash] +[source,shell] .... # mtree -s 3483151339707503 -c -K cksum,sha256digest -p /bin > /root/.bin_chksum_mtree # mtree: /bin checksum: 3427012225 @@ -286,7 +286,7 @@ _3483151339707503_ 代表種子碼,這個值應要記錄下來且不可給其 要檢驗 Binary 簽名是否有被變更過,可使用先前產生的規格檔比對目前目錄的內容,然後儲存結果到檔案。這個指令需要當初產生原規格檔所使用的種子碼: -[source,bash] +[source,shell] .... # mtree -s 3483151339707503 -p /bin < /root/.bin_chksum_mtree >> /root/.bin_chksum_output # mtree: /bin checksum: 3427012225 @@ -294,7 +294,7 @@ _3483151339707503_ 代表種子碼,這個值應要記錄下來且不可給其 這個動作應會產生與上次建立 [.filename]#/bin# 規格檔時產生的校驗碼相同,若在此目錄的 Binary 沒有被變更過,那麼 [.filename]#/root/.bin_chksum_output# 這個輸出檔將會是空的。要模擬變更,可以使用 `touch` 更改 [.filename]#/root/.bin_chksum_output# 的日期然後再執行檢驗指令一次: -[source,bash] +[source,shell] .... # touch /bin/cat # mtree -s 3483151339707503 -p /bin < /root/.bin_chksum_mtree >> /root/.bin_chksum_output @@ -352,7 +352,7 @@ OPIE 使用了三種不同類型的密碼,第一種是一般的 UNIX(TM) 或 K 第一次要初始化 OPIE,要在安全的場所執行以下指令: -[source,bash] +[source,shell] .... % opiepasswd -c Adding unfurl: @@ -377,7 +377,7 @@ MOS MALL GOAT ARM AVID COED 要在不安全的系統上初始化或更改秘密密碼會需要某個可使用安全的連線的地方執行 `opiekey`,這可能是在某一台信任的主機上的 Shell。初始化需要設定疊代次數,100 可能是不錯的數字,種子碼可以自行指定或隨機產生,在不安全連線下要被初始化主機須使用 man:opiepasswd[1]: -[source,bash] +[source,shell] .... % opiepasswd @@ -396,7 +396,7 @@ LINE PAP MILK NELL BUOY TROY 要採用預設的種子碼,可直接按下 kbd:[Return] 做初始化。接著在輸入回應之前移到安全的連線然後給予相同的加密參數產生密碼: -[source,bash] +[source,shell] .... % opiekey 498 to4268 Using the MD5 algorithm to compute response. @@ -411,7 +411,7 @@ GAME GAG WELT OUT DOWN CHAT 在初始化 OPIE 之後進行登入會顯示如下的提示訊息: -[source,bash] +[source,shell] .... % telnet example.com Trying 10.0.0.1... @@ -431,7 +431,7 @@ OPIE 的提示提供了一個很有用的功能,若在密碼提示時按下 kb 在信任的系統上執行: -[source,bash] +[source,shell] .... % opiekey 498 to4268 Using the MD5 algorithm to compute response. @@ -446,7 +446,7 @@ GAME GAG WELT OUT DOWN CHAT 有時會無法存取信任的主機或沒有安全的連線,在這種情況下,可以使用 man:opiekey[1] 來預先產生多個一次性密碼,例如: -[source,bash] +[source,shell] .... % opiekey -n 5 30 zz99999 Using the MD5 algorithm to compute response. @@ -514,7 +514,7 @@ qpopper : ALL : allow Whenever this file is edited, restart inetd: -[source,bash] +[source,shell] .... # service inetd restart .... @@ -657,7 +657,7 @@ In order for clients to be able to find the Kerberos services, they _must_ have Next, create the Kerberos database which contains the keys of all principals (users and hosts) encrypted with a master password. It is not required to remember this password as it will be stored in [.filename]#/var/heimdal/m-key#; it would be reasonable to use a 45-character random password for this purpose. To create the master key, run `kstash` and enter a password: -[source,bash] +[source,shell] .... # kstash Master key: xxxxxxxxxxxxxxxxxxxxxxx @@ -666,7 +666,7 @@ Verifying password - Master key: xxxxxxxxxxxxxxxxxxxxxxx Once the master key has been created, the database should be initialized. The Kerberos administrative tool man:kadmin[8] can be used on the KDC in a mode that operates directly on the database, without using the man:kadmind[8] network service, as `kadmin -l`. This resolves the chicken-and-egg problem of trying to connect to the database before it is created. At the `kadmin` prompt, use `init` to create the realm's initial database: -[source,bash] +[source,shell] .... # kadmin -l kadmin> init EXAMPLE.ORG @@ -675,7 +675,7 @@ Realm max ticket life [unlimited]: Lastly, while still in `kadmin`, create the first principal using `add`. Stick to the default options for the principal for now, as these can be changed later with `modify`. Type `?` at the prompt to see the available options. -[source,bash] +[source,shell] .... kadmin> add tillman Max ticket life [unlimited]: @@ -687,7 +687,7 @@ Verifying password - Password: xxxxxxxx Next, start the KDC services by running `service kdc start` and `service kadmind start`. While there will not be any kerberized daemons running at this point, it is possible to confirm that the KDC is functioning by obtaining a ticket for the principal that was just created: -[source,bash] +[source,shell] .... % kinit tillman tillman@EXAMPLE.ORG's Password: @@ -695,7 +695,7 @@ tillman@EXAMPLE.ORG's Password: Confirm that a ticket was successfully obtained using `klist`: -[source,bash] +[source,shell] .... % klist Credentials cache: FILE:/tmp/krb5cc_1001 @@ -707,7 +707,7 @@ Aug 27 15:37:58 2013 Aug 28 01:37:58 2013 krbtgt/EXAMPLE.ORG@EXAMPLE.ORG The temporary ticket can be destroyed when the test is finished: -[source,bash] +[source,shell] .... % kdestroy .... @@ -722,7 +722,7 @@ Of course, `kadmin` is a kerberized service; a Kerberos ticket is needed to auth After installing [.filename]#/etc/krb5.conf#, use `add --random-key` in `kadmin`. This adds the server's host principal to the database, but does not extract a copy of the host principal key to a keytab. To generate the keytab, use `ext` to extract the server's host principal key to its own keytab: -[source,bash] +[source,shell] .... # kadmin kadmin> add --random-key host/myserver.example.org @@ -737,7 +737,7 @@ kadmin> exit Note that `ext_keytab` stores the extracted key in [.filename]#/etc/krb5.keytab# by default. This is good when being run on the server being kerberized, but the `--keytab _path/to/file_` argument should be used when the keytab is being extracted elsewhere: -[source,bash] +[source,shell] .... # kadmin kadmin> ext_keytab --keytab=/tmp/example.keytab host/myserver.example.org @@ -852,7 +852,7 @@ For more information about SSL, read the free https://www.feistyduck.com/books/o To generate a certificate that will be signed by an external CA, issue the following command and input the information requested at the prompts. This input information will be written to the certificate. At the `Common Name` prompt, input the fully qualified name for the system that will use the certificate. If this name does not match the server, the application verifying the certificate will issue a warning to the user, rendering the verification provided by the certificate as useless. -[source,bash] +[source,shell] .... # openssl req -new -nodes -out req.pem -keyout cert.key -sha256 -newkey rsa:2048 Generating a 2048 bit RSA private key @@ -887,7 +887,7 @@ This command will create two files in the current directory. The certificate req Alternately, if a signature from a CA is not required, a self-signed certificate can be created. First, generate the RSA key: -[source,bash] +[source,shell] .... # openssl genrsa -rand -genkey -out cert.key 2048 0 semi-random bytes loaded @@ -899,7 +899,7 @@ e is 65537 (0x10001) Use this key to create a self-signed certificate. Follow the usual prompts for creating a certificate: -[source,bash] +[source,shell] .... # openssl req -new -x509 -days 365 -key cert.key -out cert.crt -sha256 You are about to be asked to enter information that will be incorporated @@ -940,14 +940,14 @@ sendmail_cert_cn="localhost.example.org" This will automatically create a self-signed certificate, [.filename]#/etc/mail/certs/host.cert#, a signing key, [.filename]#/etc/mail/certs/host.key#, and a CA certificate, [.filename]#/etc/mail/certs/cacert.pem#. The certificate will use the `Common Name` specified in `sendmail_cert_cn`. After saving the edits, restart Sendmail: -[source,bash] +[source,shell] .... # service sendmail restart .... If all went well, there will be no error messages in [.filename]#/var/log/maillog#. For a simple test, connect to the mail server's listening port using `telnet`: -[source,bash] +[source,shell] .... # telnet example.com 25 Trying 192.0.34.166... @@ -990,7 +990,7 @@ IPsec supports two modes of operation. The first mode, _Transport Mode_, protect 在 FreeBSD 11 與之後的版本預設會開啟 IPsec 功能,先前版本的 FreeBSD 可在自訂核心設定檔中加入以下選項然後依 crossref:kernelconfig[kernelconfig,設定 FreeBSD 核心] 的指示來重新編譯核心: -[source,bash] +[source,shell] .... options IPSEC #IP security device crypto @@ -998,7 +998,7 @@ device crypto If IPsec debugging support is desired, the following kernel option should also be added: -[source,bash] +[source,shell] .... options IPSEC_DEBUG debug for IP security .... @@ -1015,7 +1015,7 @@ To begin, package:security/ipsec-tools[] must be installed from the Ports Collec The next requirement is to create two man:gif[4] pseudo-devices which will be used to tunnel packets and allow both networks to communicate properly. As `root`, run the following commands, replacing _internal_ and _external_ with the real IP addresses of the internal and external interfaces of the two gateways: -[source,bash] +[source,shell] .... # ifconfig gif0 create # ifconfig gif0 internal1 internal2 @@ -1070,7 +1070,7 @@ round-trip min/avg/max/stddev = 28.106/94.594/154.524/49.814 ms As expected, both sides have the ability to send and receive ICMP packets from the privately configured addresses. Next, both gateways must be told how to route packets in order to correctly send traffic from either network. The following commands will achieve this goal: -[source,bash] +[source,shell] .... corp-net# route add 10.0.0.0 10.0.0.5 255.255.255.0 corp-net# route add net 10.0.0.0: gateway 10.0.0.5 @@ -1185,7 +1185,7 @@ spdadd 10.0.0.0/24 10.246.38.0/24 any -P in ipsec esp/tunnel/192.168.1.12-172.16 Once in place, racoon may be started on both gateways using the following command: -[source,bash] +[source,shell] .... # /usr/local/sbin/racoon -F -f /usr/local/etc/racoon/racoon.conf -l /var/log/racoon.log .... @@ -1210,7 +1210,7 @@ Foreground mode. To ensure the tunnel is working properly, switch to another console and use man:tcpdump[1] to view network traffic using the following command. Replace `em0` with the network interface card as required: -[source,bash] +[source,shell] .... # tcpdump -i em0 host 172.16.5.4 and dst 192.168.1.12 .... @@ -1280,7 +1280,7 @@ OpenSSH 由 OpenBSD 專案所維護且在 FreeBSD 預設會安裝,它可同時 要登入一台 SSH 伺服器,可使用 `ssh` 然後指定在伺服器上存在的使用者名稱與 IP 位址或伺服器的主機名稱。若這是第一次連線到指定的伺服器,會提示該使用者伺服器的指紋做第一次檢驗: -[source,bash] +[source,shell] .... # ssh user@example.com The authenticity of host 'example.com (10.0.0.1)' can't be established. @@ -1296,7 +1296,7 @@ SSH 會在客戶端連線時利用金鑰指紋 (Key fingerprint) 系統來驗證 使用 man:scp[1] 可從遠端主機安全的複製一個檔案,以下範例會複製在遠端主機的 [.filename]#COPYRIGHT# 到本地主機的目前目錄: -[source,bash] +[source,shell] .... # scp user@example.com:/COPYRIGHT COPYRIGHT Password for user@example.com: ******* @@ -1316,7 +1316,7 @@ COPYRIGHT 100% |*****************************| 4735 除了使用密碼之外,客戶端可以設定成使用金鑰來連線到遠端的主機。要產生 RSA 認証金鑰可使用 `ssh-keygen`。要產生成對的公鑰與私鑰,可指定金鑰的類型並依提示操作。建議使用容易記住但較難猜出的密碼來保護這個金鑰。 -[source,bash] +[source,shell] .... % ssh-keygen -t rsa Generating public/private rsa key pair. @@ -1361,7 +1361,7 @@ The key's randomart image is: 要在 Shell 使用 `ssh-agent`,使用 Shell 做為參數來啟動 `ssh-agent`。執行 `ssh-add` 來加入識別碼,然後輸入私鑰的密碼。使用者將可使用 `ssh` 連線到任何有安裝對應公鑰的主機,例如: -[source,bash] +[source,shell] .... % ssh-agent csh % ssh-add @@ -1388,7 +1388,7 @@ OpenSSH 可以建立一個通道 (Tunnel) 來封裝其他通訊協定到一個 以下指令會告訴 `ssh` 建立一個供 telnet 使用的通道: -[source,bash] +[source,shell] .... % ssh -2 -N -f -L 5023:localhost:23 user@foo.example.com % @@ -1419,7 +1419,7 @@ SSH 通道會建立一個傾聽 `localhost` 指定 `localport` 的 Socket ,然 [example] ==== -[source,bash] +[source,shell] .... % ssh -2 -N -f -L 5025:localhost:25 user@mailserver.example.com user@mailserver.example.com's password: ***** @@ -1438,7 +1438,7 @@ Escape character is '^]'. ==== 在這個例子中有一個 SSH 伺服器會接受來自外部的連線,在同個網段下有一個郵件伺服器執行 POP3 伺服器。要使用較安全的方式檢查有沒有新郵件可建立一個 SSH 連線到 SSH 伺服器然後透過通道連線到郵件伺服器: -[source,bash] +[source,shell] .... % ssh -2 -N -f -L 2110:mail.example.com:110 user@ssh-server.example.com user@ssh-server.example.com's password: ****** @@ -1454,7 +1454,7 @@ user@ssh-server.example.com's password: ****** 這問題的解決方法是建立一個 SSH 連線到在防火牆防護之外主機然後使用該連線的通道連到想要使用的服務: -[source,bash] +[source,shell] .... % ssh -2 -N -f -L 8888:music.example.com:8000 user@unfirewalled-system.example.org user@unfirewalled-system.example.org's password: ******* @@ -1469,7 +1469,7 @@ user@unfirewalled-system.example.org's password: ******* 要查看 sshd 是否正在運作,可使用 man:service[8] 指令: -[source,bash] +[source,shell] .... # service sshd status .... @@ -1483,7 +1483,7 @@ sshd_enable="YES" 這會讓下次系統開機時啟動 OpenSSH 的 Daemon 程式 sshd。若要立即啟動: -[source,bash] +[source,shell] .... # service sshd start .... @@ -1521,7 +1521,7 @@ AllowUsers root@192.168.1.32 admin 在對 [.filename]#/etc/ssh/sshd_config# 做完變更後,執行以下指令告訴 sshd 重新載入設定檔: -[source,bash] +[source,shell] .... # service sshd reload .... @@ -1589,7 +1589,7 @@ In this example, [.filename]#directory1#, [.filename]#directory2#, and [.filenam File system ACLs can be viewed using `getfacl`. For instance, to view the ACL settings on [.filename]#test#: -[source,bash] +[source,shell] .... % getfacl test #file:test @@ -1602,14 +1602,14 @@ File system ACLs can be viewed using `getfacl`. For instance, to view the ACL se To change the ACL settings on this file, use `setfacl`. To remove all of the currently defined ACLs from a file or file system, include `-k`. However, the preferred method is to use `-b` as it leaves the basic fields required for ACLs to work. -[source,bash] +[source,shell] .... % setfacl -k test .... To modify the default ACL entries, use `-m`: -[source,bash] +[source,shell] .... % setfacl -m u:trhodes:rwx,group:web:r--,o::--- test .... @@ -1633,7 +1633,7 @@ Installation provides man:periodic[8] configuration files for maintaining the pk After installation, and to audit third party utilities as part of the Ports Collection at any time, an administrator may choose to update the database and view known vulnerabilities of installed packages by invoking: -[source,bash] +[source,shell] .... # pkg audit -F .... @@ -1849,7 +1849,7 @@ If more fine-grained accounting is needed, refer to crossref:audit[audit,安全 Before using process accounting, it must be enabled using the following commands: -[source,bash] +[source,shell] .... # sysrc accounting_enable=yes # service accounting start @@ -1861,7 +1861,7 @@ Once enabled, accounting will begin to track information such as CPU statistics To display the commands issued by users, use `lastcomm`. For example, this command prints out all usage of `ls` by `trhodes` on the `ttyp1` terminal: -[source,bash] +[source,shell] .... # lastcomm ls trhodes ttyp1 .... @@ -1888,7 +1888,7 @@ In the traditional method, login classes and the resource limits to apply to a l ==== Whenever [.filename]#/etc/login.conf# is edited, the [.filename]#/etc/login.conf.db# must be updated by executing the following command: -[source,bash] +[source,shell] .... # cap_mkdb /etc/login.conf .... @@ -1965,7 +1965,7 @@ In this rule, the subject is `user`, the subject-id is `trhodes`, the resource, Some care must be taken when adding rules. Since this user is constrained to `10` processes, this example will prevent the user from performing other tasks after logging in and executing a `screen` session. Once a resource limit has been hit, an error will be printed, as in this example: -[source,bash] +[source,shell] .... % man test /usr/bin/man: Cannot fork: Resource temporarily unavailable @@ -1974,7 +1974,7 @@ eval: Cannot fork: Resource temporarily unavailable As another example, a jail can be prevented from exceeding a memory limit. This rule could be written as: -[source,bash] +[source,shell] .... # rctl -a jail:httpd:memoryuse:deny=2G/jail .... @@ -1989,14 +1989,14 @@ jail:httpd:memoryuse:deny=2G/jail To remove a rule, use `rctl` to remove it from the list: -[source,bash] +[source,shell] .... # rctl -r user:trhodes:maxproc:deny=10/user .... A method for removing all rules is documented in man:rctl[8]. However, if removing all rules for a single user is required, this command may be issued: -[source,bash] +[source,shell] .... # rctl -r user:trhodes .... @@ -2012,7 +2012,7 @@ Many other resources exist which can be used to exert additional control over va Sudo 讓管理者可以對系統指令的存取設下更嚴格的限制並提供進階的記錄功能。如同其他工具,它可自 Port 套件集取得,於其中的 package:security/sudo[],或使用 man:pkg[8] 工具取得,若要使用 man:pkg[8] 工具可: -[source,bash] +[source,shell] .... # pkg install sudo .... @@ -2028,21 +2028,21 @@ user1 ALL=(ALL) /usr/sbin/service webservice * 現在使用者可使用此指令來啟動 _webservice_: -[source,bash] +[source,shell] .... % sudo /usr/sbin/service webservice start .... 雖然這項設定可以讓一位使用者存取 webservice 服務,但在大部份組織中會有一整個網站小組負責管理該服務,因此也可以一行來授予整個群組存取權,以下步驟會建立一個網站群組、加入使用者到這個群組,然後讓該群組中的所有成員能夠管理服務: -[source,bash] +[source,shell] .... # pw groupadd -g 6001 -n webteam .... 同樣使用 man:pw[8] 指令來加入該使用到 webteam 群組: -[source,bash] +[source,shell] .... # pw groupmod -m user1 -n webteam .... @@ -2095,14 +2095,14 @@ Defaults iolog_dir=/var/log/sudo-io/%{user} 從此之後,所有 _webteam_ 修改 _webservice_ 應用程式狀態的成員將會被記錄下來。要列出先前與目前連線階段的記錄可: -[source,bash] +[source,shell] .... # sudoreplay -l .... 在輸出結果中要重播指定連線階段的記錄可搜尋 `TSID=` 項目,然後傳送給 sudoreplay 且不加其他選項便可以一般速度重播連線階段,例如: -[source,bash] +[source,shell] .... # sudoreplay user1/00/00/02 .... diff --git a/documentation/content/zh-tw/books/handbook/serialcomms/_index.adoc b/documentation/content/zh-tw/books/handbook/serialcomms/_index.adoc index f09bd13ab6..a3db1b2e1a 100644 --- a/documentation/content/zh-tw/books/handbook/serialcomms/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/serialcomms/_index.adoc @@ -344,7 +344,7 @@ By default, FreeBSD supports four serial ports which are commonly known as [.fil To see if the system recognizes the serial ports, look for system boot messages that start with `uart`: -[source,bash] +[source,shell] .... # grep uart /var/run/dmesg.boot .... @@ -353,21 +353,21 @@ If the system does not recognize all of the needed serial ports, additional entr To determine the default set of terminal I/O settings used by the port, specify its device name. This example determines the settings for the call-in port on [.filename]#COM2#: -[source,bash] +[source,shell] .... # stty -a -f /dev/ttyu1 .... System-wide initialization of serial devices is controlled by [.filename]#/etc/rc.d/serial#. This file affects the default settings of serial devices. To change the settings for a device, use `stty`. By default, the changed settings are in effect until the device is closed and when the device is reopened, it goes back to the default set. To permanently change the default set, open and adjust the settings of the initialization device. For example, to turn on `CLOCAL` mode, 8 bit communication, and `XON/XOFF` flow control for [.filename]#ttyu5#, type: -[source,bash] +[source,shell] .... # stty -f /dev/ttyu5.init clocal cs8 ixon ixoff .... To prevent certain settings from being changed by an application, make adjustments to the locking device. For example, to lock the speed of [.filename]#ttyu5# to 57600 bps, type: -[source,bash] +[source,shell] .... # stty -f /dev/ttyu5.lock 57600 .... @@ -403,7 +403,7 @@ There are at least two utilities in the base-system of FreeBSD that can be used + For example, to connect from a client system that runs FreeBSD to the serial connection of another system: + -[source,bash] +[source,shell] .... # cu -l /dev/cuauN .... @@ -461,7 +461,7 @@ ttyu5 "/usr/libexec/getty std.19200" vt100 on insecure After making any changes to [.filename]#/etc/ttys#, send a SIGHUP (hangup) signal to the `init` process to force it to re-read its configuration file: -[source,bash] +[source,shell] .... # kill -HUP 1 .... @@ -483,7 +483,7 @@ Make sure the terminal and FreeBSD agree on the bps rate and parity settings. Fo Use `ps` to make sure that a `getty` process is running and serving the terminal. For example, the following listing shows that a `getty` is running on the second serial port, [.filename]#ttyu1#, and is using the `std.38400` entry in [.filename]#/etc/gettytab#: -[source,bash] +[source,shell] .... # ps -axww|grep ttyu 22189 d1 Is+ 0:00.03 /usr/libexec/getty std.38400 ttyu1 @@ -591,14 +591,14 @@ ttyu0 "/usr/libexec/getty V19200" dialup on After editing [.filename]#/etc/ttys#, wait until the modem is properly configured and connected before signaling `init`: -[source,bash] +[source,shell] .... # kill -HUP 1 .... High-speed modems, like V.32, V.32bis, and V.34 modems, use hardware (`RTS/CTS`) flow control. Use `stty` to set the hardware flow control flag for the modem port. This example sets the `crtscts` flag on [.filename]#COM2#'s dial-in and dial-out initialization devices: -[source,bash] +[source,shell] .... # stty -f /dev/ttyu1.init crtscts # stty -f /dev/cuau1.init crtscts @@ -612,7 +612,7 @@ Hook up the modem to the FreeBSD system and boot the system. If the modem has st If the DTR indicator does not light, login to the FreeBSD system through the console and type `ps ax` to see if FreeBSD is running a `getty` process on the correct port: -[source,bash] +[source,shell] .... 114 ?? I 0:00.10 /usr/libexec/getty V19200 ttyu0 .... @@ -663,7 +663,7 @@ Use the highest bps rate the modem supports in the `br` capability. Then, type ` Or, use `cu` as `root` with the following command: -[source,bash] +[source,shell] .... # cu -lline -sspeed .... @@ -695,7 +695,7 @@ tip57600|Dial any phone number at 57600 bps:\ This should now work: -[source,bash] +[source,shell] .... # tip -115200 5551234 .... @@ -710,7 +710,7 @@ cu115200|Use cu to dial any number at 115200bps:\ and type: -[source,bash] +[source,shell] .... # cu 5551234 -s 115200 .... @@ -830,7 +830,7 @@ This section provides a fast overview of setting up the serial console. This pro . Connect the serial cable to [.filename]#COM1# and the controlling terminal. . To configure boot messages to display on the serial console, issue the following command as the superuser: + -[source,bash] +[source,shell] .... sysrc -f /boot/loader.conf console=comconsole .... @@ -902,7 +902,7 @@ The options, except for `-P`, are passed to the boot loader. The boot loader wil + When FreeBSD starts, the boot blocks echo the contents of [.filename]#/boot.config# to the console. For example: + -[source,bash] +[source,shell] .... /boot.config: -P Keyboard: no @@ -939,7 +939,7 @@ After the message, there will be a small pause before the boot blocks continue l + Press any key, other than kbd:[Enter], at the console to interrupt the boot process. The boot blocks will then prompt for further action: + -[source,bash] +[source,shell] .... >> FreeBSD/i386 BOOT Default: 0:ad(0,a)/boot/loader @@ -981,7 +981,7 @@ By default, the serial port settings are 9600 baud, 8 bits, no parity, and 1 sto * Edit [.filename]#/etc/make.conf# and set `BOOT_COMCONSOLE_SPEED` to the new console speed. Then, recompile and install the boot blocks and the boot loader: + -[source,bash] +[source,shell] .... # cd /sys/boot # make clean diff --git a/documentation/content/zh-tw/books/handbook/usb-device-mode/_index.adoc b/documentation/content/zh-tw/books/handbook/usb-device-mode/_index.adoc index f35fb89691..025db8ab8e 100644 --- a/documentation/content/zh-tw/books/handbook/usb-device-mode/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/usb-device-mode/_index.adoc @@ -75,7 +75,7 @@ Virtual serial port support is provided by templates number 3, 8, and 10. Note t To enable USB device mode serial ports, add those lines to [.filename]#/etc/ttys#: -[source,bash] +[source,shell] .... ttyU0 "/usr/libexec/getty 3wire" vt100 onifconsole secure ttyU1 "/usr/libexec/getty 3wire" vt100 onifconsole secure @@ -83,7 +83,7 @@ ttyU1 "/usr/libexec/getty 3wire" vt100 onifconsole secure 然後加入這些行到 [.filename]#/etc/devd.conf#: -[source,bash] +[source,shell] .... notify 100 { match "system" "DEVFS"; @@ -96,14 +96,14 @@ notify 100 { Reload the configuration if man:devd[8] is already running: -[source,bash] +[source,shell] .... # service devd restart .... Make sure the necessary modules are loaded and the correct template is set at boot by adding those lines to [.filename]#/boot/loader.conf#, creating it if it does not already exist: -[source,bash] +[source,shell] .... umodem_load="YES" hw.usb.template=3 @@ -111,7 +111,7 @@ hw.usb.template=3 To load the module and set the template without rebooting use: -[source,bash] +[source,shell] .... # kldload umodem # sysctl hw.usb.template=3 @@ -121,7 +121,7 @@ To load the module and set the template without rebooting use: To connect to a board configured to provide USB device mode serial ports, connect the USB host, such as a laptop, to the boards USB OTG or USB client port. Use `pstat -t` on the host to list the terminal lines. Near the end of the list you should see a USB serial port, eg "ttyU0". To open the connection, use: -[source,bash] +[source,shell] .... # cu -l /dev/ttyU0 .... @@ -132,7 +132,7 @@ After pressing the Enter key a few times you will see a login prompt. To connect to a board configured to provide USB device mode serial ports, connect the USB host, such as a laptop, to the boards USB OTG or USB client port. To open the connection, use: -[source,bash] +[source,shell] .... # cu -l /dev/cu.usbmodemFreeBSD1 .... @@ -141,7 +141,7 @@ To connect to a board configured to provide USB device mode serial ports, connec To connect to a board configured to provide USB device mode serial ports, connect the USB host, such as a laptop, to the boards USB OTG or USB client port. To open the connection, use: -[source,bash] +[source,shell] .... # minicom -D /dev/ttyACM0 .... @@ -157,7 +157,7 @@ Virtual network interfaces support is provided by templates number 1, 8, and 10. Make sure the necessary modules are loaded and the correct template is set at boot by adding those lines to [.filename]#/boot/loader.conf#, creating it if it does not already exist: -[source,bash] +[source,shell] .... if_cdce_load="YES" hw.usb.template=1 @@ -165,7 +165,7 @@ hw.usb.template=1 To load the module and set the template without rebooting use: -[source,bash] +[source,shell] .... # kldload if_cdce # sysctl hw.usb.template=1 @@ -192,7 +192,7 @@ cfumass_enable="YES" To configure the target without restarting, run this command: -[source,bash] +[source,shell] .... # service cfumass start .... @@ -205,7 +205,7 @@ The rest of this chapter provides detailed description of setting the target wit USB Mass Storage does not require the man:ctld[8] daemon to be running, although it can be used if desired. This is different from iSCSI. Thus, there are two ways to configure the target: man:ctladm[8], or man:ctld[8]. Both require the [.filename]#cfumass.ko# kernel module to be loaded. The module can be loaded manually: -[source,bash] +[source,shell] .... # kldload cfumass .... @@ -219,7 +219,7 @@ cfumass_load="YES" A LUN can be created without the man:ctld[8] daemon: -[source,bash] +[source,shell] .... # ctladm create -b block -o file=/data/target0 .... @@ -251,14 +251,14 @@ ctld_enable="YES" To start man:ctld[8] now, run this command: -[source,bash] +[source,shell] .... # service ctld start .... 當 man:ctld[8] Daemon 啟動後,它會讀取 [.filename]#/etc/ctl.conf#,若這個檔案在 Daemon 啟動之後才做修改,要重新載入變更的內容才能立即生效: -[source,bash] +[source,shell] .... # service ctld reload .... diff --git a/documentation/content/zh-tw/books/handbook/virtualization/_index.adoc b/documentation/content/zh-tw/books/handbook/virtualization/_index.adoc index 0944e64749..1a0801a8a1 100644 --- a/documentation/content/zh-tw/books/handbook/virtualization/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/virtualization/_index.adoc @@ -328,7 +328,7 @@ VirtualBox(TM) guest additions 支援以下功能: 首先,在 FreeBSD 客端安裝 package:emulators/virtualbox-ose-additions[] 套件或 Port,以下指令會安裝 Port: -[source,bash] +[source,shell] .... # cd /usr/ports/emulators/virtualbox-ose-additions && make install clean .... @@ -410,14 +410,14 @@ HAL 的使用者應建立以下 [.filename]#/usr/local/etc/hal/fdi/policy/90-vbo Shared folders for file transfers between host and VM are accessible by mounting them using `mount_vboxvfs`. A shared folder can be created on the host using the VirtualBox GUI or via `vboxmanage`. For example, to create a shared folder called _myshare_ under [.filename]#/mnt/bsdboxshare# for the VM named _BSDBox_, run: -[source,bash] +[source,shell] .... # vboxmanage sharedfolder add 'BSDBox' --name myshare --hostpath /mnt/bsdboxshare .... Note that the shared folder name must not contain spaces. Mount the shared folder from within the guest system like this: -[source,bash] +[source,shell] .... # mount_vboxvfs -w myshare /mnt .... @@ -432,7 +432,7 @@ VirtualBox(TM) 是一套積極開發、完整的虛擬化套件,適用大多 VirtualBox(TM) 可於 package:emulators/virtualbox-ose[] 以 FreeBSD 套件或 Port 的方式取得。要安裝 Port 可使用以下指令: -[source,bash] +[source,shell] .... # cd /usr/ports/emulators/virtualbox-ose # make install clean @@ -442,7 +442,7 @@ VirtualBox(TM) 可於 package:emulators/virtualbox-ose[] 以 FreeBSD 套件或 P 還有一些設定需要在 VirtualBox(TM) 第一次啟動端做修改,Port 會安裝一個核心模組在 [.filename]#/boot/modules#,該模組必須在核心中載入: -[source,bash] +[source,shell] .... # kldload vboxdrv .... @@ -463,14 +463,14 @@ vboxnet_enable="YES" 在安裝 VirtualBox(TM) 的過程中會建立 `vboxusers` 群組,所有需要存取 VirtualBox(TM) 的使用者均需要加入成為此群組的成員,`pw` 可用來加入新的成員: -[source,bash] +[source,shell] .... # pw groupmod vboxusers -m yourusername .... [.filename]#/dev/vboxnetctl# 的預設權限是受限的,需要更改後才可使用橋接網路: -[source,bash] +[source,shell] .... # chown root:vboxusers /dev/vboxnetctl # chmod 0660 /dev/vboxnetctl @@ -486,7 +486,7 @@ perm vboxnetctl 0660 要執行 VirtualBox(TM),可在 Xorg 工作階段輸入: -[source,bash] +[source,shell] .... % VirtualBox .... @@ -500,7 +500,7 @@ VirtualBox(TM) can be configured to pass USB devices through to the guest operat For VirtualBox(TM) to be aware of USB devices attached to the machine, the user needs to be a member of the `operator` group. -[source,bash] +[source,shell] .... # pw groupmod operator -m yourusername .... @@ -522,7 +522,7 @@ devfs_system_ruleset="system" 然後重新啟動 devfs: -[source,bash] +[source,shell] .... # service devfs restart .... @@ -541,7 +541,7 @@ VirtualBox(TM)DVD/CD 功能要能運作需要執行 HAL,因此需在 [.filenam hald_enable="YES" .... -[source,bash] +[source,shell] .... # service hald start .... @@ -555,7 +555,7 @@ perm xpt0 0660 perm pass* 0660 .... -[source,bash] +[source,shell] .... # service devfs restart .... @@ -572,14 +572,14 @@ The bhyve design requires a processor that supports Intel(TM) Extended Page Tabl The first step to creating a virtual machine in bhyve is configuring the host system. First, load the bhyve kernel module: -[source,bash] +[source,shell] .... # kldload vmm .... Then, create a [.filename]#tap# interface for the network device in the virtual machine to attach to. In order for the network device to participate in the network, also create a bridge interface containing the [.filename]#tap# interface and the physical interface as members. In this example, the physical interface is _igb0_: -[source,bash] +[source,shell] .... # ifconfig tap0 create # sysctl net.link.tap.up_on_open=1 @@ -594,14 +594,14 @@ net.link.tap.up_on_open: 0 -> 1 Create a file to use as the virtual disk for the guest machine. Specify the size and name of the virtual disk: -[source,bash] +[source,shell] .... # truncate -s 16G guest.img .... Download an installation image of FreeBSD to install: -[source,bash] +[source,shell] .... # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/10.3/FreeBSD-10.3-RELEASE-amd64-bootonly.iso FreeBSD-10.3-RELEASE-amd64-bootonly.iso 100% of 230 MB 570 kBps 06m17s @@ -609,7 +609,7 @@ FreeBSD-10.3-RELEASE-amd64-bootonly.iso 100% of 230 MB 570 kBps 06m17s FreeBSD comes with an example script for running a virtual machine in bhyve. The script will start the virtual machine and run it in a loop, so it will automatically restart if it crashes. The script takes a number of options to control the configuration of the machine: `-c` controls the number of virtual CPUs, `-m` limits the amount of memory available to the guest, `-t` defines which [.filename]#tap# device to use, `-d` indicates which disk image to use, `-i` tells bhyve to boot from the CD image instead of the disk, and `-I` defines which CD image to use. The last parameter is the name of the virtual machine, used to track the running machines. This example starts the virtual machine in installation mode: -[source,bash] +[source,shell] .... # sh /usr/shared/examples/bhyve/vmrun.sh -c 1 -m 1024M -t tap0 -d guest.img -i -I FreeBSD-10.3-RELEASE-amd64-bootonly.iso guestname .... @@ -618,7 +618,7 @@ The virtual machine will boot and start the installer. After installing a system Reboot the virtual machine. While rebooting the virtual machine causes bhyve to exit, the [.filename]#vmrun.sh# script runs `bhyve` in a loop and will automatically restart it. When this happens, choose the reboot option from the boot loader menu in order to escape the loop. Now the guest can be started from the virtual disk: -[source,bash] +[source,shell] .... # sh /usr/shared/examples/bhyve/vmrun.sh -c 4 -m 1024M -t tap0 -d guest.img guestname .... @@ -630,7 +630,7 @@ In order to boot operating systems other than FreeBSD, the package:sysutils/grub Next, create a file to use as the virtual disk for the guest machine: -[source,bash] +[source,shell] .... # truncate -s 16G linux.img .... @@ -645,14 +645,14 @@ Starting a virtual machine with bhyve is a two step process. First a kernel must Use package:sysutils/grub2-bhyve[] to load the Linux(TM) kernel from the ISO image: -[source,bash] +[source,shell] .... # grub-bhyve -m device.map -r cd0 -M 1024M linuxguest .... This will start grub. If the installation CD contains a [.filename]#grub.cfg#, a menu will be displayed. If not, the `vmlinuz` and `initrd` files must be located and loaded manually: -[source,bash] +[source,shell] .... grub> ls (hd0) (cd0) (cd0,msdos1) (host) @@ -666,7 +666,7 @@ grub> boot Now that the Linux(TM) kernel is loaded, the guest can be started: -[source,bash] +[source,shell] .... # bhyve -A -H -P -s 0:0,hostbridge -s 1:0,lpc -s 2:0,virtio-net,tap0 -s 3:0,virtio-blk,./linux.img \ -s 4:0,ahci-cd,./somelinux.iso -l com1,stdio -c 4 -m 1024M linuxguest @@ -674,14 +674,14 @@ Now that the Linux(TM) kernel is loaded, the guest can be started: The system will boot and start the installer. After installing a system in the virtual machine, reboot the virtual machine. This will cause bhyve to exit. The instance of the virtual machine needs to be destroyed before it can be started again: -[source,bash] +[source,shell] .... # bhyvectl --destroy --vm=linuxguest .... Now the guest can be started directly from the virtual disk. Load the kernel: -[source,bash] +[source,shell] .... # grub-bhyve -m device.map -r hd0,msdos1 -M 1024M linuxguest grub> ls @@ -698,7 +698,7 @@ grub> boot Boot the virtual machine: -[source,bash] +[source,shell] .... # bhyve -A -H -P -s 0:0,hostbridge -s 1:0,lpc -s 2:0,virtio-net,tap0 \ -s 3:0,virtio-blk,./linux.img -l com1,stdio -c 4 -m 1024M linuxguest @@ -706,7 +706,7 @@ Boot the virtual machine: Linux(TM) will now boot in the virtual machine and eventually present you with the login prompt. Login and use the virtual machine. When you are finished, reboot the virtual machine to exit bhyve. Destroy the virtual machine instance: -[source,bash] +[source,shell] .... # bhyvectl --destroy --vm=linuxguest .... @@ -720,7 +720,7 @@ In order to make use of the UEFI support in bhyve, first obtain the UEFI firmwar With the firmware in place, add the flags `-l bootrom,_/path/to/firmware_` to your bhyve command line. The actual bhyve command may look like this: -[source,bash] +[source,shell] .... # bhyve -AHP -s 0:0,hostbridge -s 1:0,lpc \ -s 2:0,virtio-net,tap1 -s 3:0,virtio-blk,./disk.img \ @@ -731,7 +731,7 @@ guest package:sysutils/bhyve-firmware[] also contains a CSM-enabled firmware, to boot guests with no UEFI support in legacy BIOS mode: -[source,bash] +[source,shell] .... # bhyve -AHP -s 0:0,hostbridge -s 1:0,lpc \ -s 2:0,virtio-net,tap1 -s 3:0,virtio-blk,./disk.img \ @@ -749,7 +749,7 @@ Support for the UEFI-GOP framebuffer may also be enabled with the `-s 29,fbuf,tc bhyve 指令的結果會如下: -[source,bash] +[source,shell] .... # bhyve -AHP -s 0:0,hostbridge -s 31:0,lpc \ -s 2:0,virtio-net,tap1 -s 3:0,virtio-blk,./disk.img \ @@ -766,14 +766,14 @@ Note, in BIOS emulation mode, the framebuffer will cease receiving updates once If ZFS is available on the host machine, using ZFS volumes instead of disk image files can provide significant performance benefits for the guest VMs. A ZFS volume can be created by: -[source,bash] +[source,shell] .... # zfs create -V16G -o volmode=dev zroot/linuxdisk0 .... When starting the VM, specify the ZFS volume as the disk drive: -[source,bash] +[source,shell] .... # bhyve -A -H -P -s 0:0,hostbridge -s 1:0,lpc -s 2:0,virtio-net,tap0 -s3:0,virtio-blk,/dev/zvol/zroot/linuxdisk0 \ -l com1,stdio -c 4 -m 1024M linuxguest @@ -784,7 +784,7 @@ When starting the VM, specify the ZFS volume as the disk drive: It is advantageous to wrap the bhyve console in a session management tool such as package:sysutils/tmux[] or package:sysutils/screen[] in order to detach and reattach to the console. It is also possible to have the console of bhyve be a null modem device that can be accessed with `cu`. To do this, load the [.filename]#nmdm# kernel module and replace `-l com1,stdio` with `-l com1,/dev/nmdm0A`. The [.filename]#/dev/nmdm# devices are created automatically as needed, where each is a pair, corresponding to the two ends of the null modem cable ([.filename]#/dev/nmdm0A# and [.filename]#/dev/nmdm0B#). See man:nmdm[4] for more information. -[source,bash] +[source,shell] .... # kldload nmdm # bhyve -A -H -P -s 0:0,hostbridge -s 1:0,lpc -s 2:0,virtio-net,tap0 -s 3:0,virtio-blk,./linux.img \ @@ -802,7 +802,7 @@ handbook login: A device node is created in [.filename]#/dev/vmm# for each virtual machine. This allows the administrator to easily see a list of the running virtual machines: -[source,bash] +[source,shell] .... # ls -al /dev/vmm total 1 @@ -815,7 +815,7 @@ crw------- 1 root wheel 0x1a1 Mar 17 12:19 otherguest A specified virtual machine can be destroyed using `bhyvectl`: -[source,bash] +[source,shell] .... # bhyvectl --destroy --vm=guestname .... @@ -871,14 +871,14 @@ Users of FreeBSD 11 should install the package:emulators/xen-kernel47[] and pack Configuration files must be edited to prepare the host for the Dom0 integration after the Xen packages are installed. An entry to [.filename]#/etc/sysctl.conf# disables the limit on how many pages of memory are allowed to be wired. Otherwise, DomU VMs with higher memory requirements will not run. -[source,bash] +[source,shell] .... # echo 'vm.max_wired=-1' >> /etc/sysctl.conf .... Another memory-related setting involves changing [.filename]#/etc/login.conf#, setting the `memorylocked` option to `unlimited`. Otherwise, creating DomU domains may fail with `Cannot allocate memory` errors. After making the change to [.filename]#/etc/login.conf#, run `cap_mkdb` to update the capability database. See crossref:security[security-resourcelimits,限制資源] for details. -[source,bash] +[source,shell] .... # sed -i '' -e 's/memorylocked=64K/memorylocked=unlimited/' /etc/login.conf # cap_mkdb /etc/login.conf @@ -886,7 +886,7 @@ Another memory-related setting involves changing [.filename]#/etc/login.conf#, s Add an entry for the Xen(TM) console to [.filename]#/etc/ttys#: -[source,bash] +[source,shell] .... # echo 'xc0 "/usr/libexec/getty Pc" xterm onifconsole secure' >> /etc/ttys .... @@ -895,7 +895,7 @@ Selecting a Xen(TM) kernel in [.filename]#/boot/loader.conf# activates the Dom0. The following command is used for Xen 4.7 packages: -[source,bash] +[source,shell] .... # sysrc -f /boot/loader.conf hw.pci.mcfg=0 # sysrc -f /boot/loader.conf if_tap_load="YES" @@ -905,7 +905,7 @@ The following command is used for Xen 4.7 packages: For Xen versions 4.11 and higher, the following command should be used instead: -[source,bash] +[source,shell] .... # sysrc -f /boot/loader.conf if_tap_load="YES" # sysrc -f /boot/loader.conf xen_kernel="/boot/xen" @@ -920,14 +920,14 @@ Log files that Xen(TM) creates for the DomU VMs are stored in [.filename]#/var/l Activate the xencommons service during system startup: -[source,bash] +[source,shell] .... # sysrc xencommons_enable=yes .... These settings are enough to start a Dom0-enabled system. However, it lacks network functionality for the DomU machines. To fix that, define a bridged interface with the main NIC of the system which the DomU VMs can use to connect to the network. Replace _em0_ with the host network interface name. -[source,bash] +[source,shell] .... # sysrc cloned_interfaces="bridge0" # sysrc ifconfig_bridge0="addm em0 SYNCDHCP" @@ -936,14 +936,14 @@ These settings are enough to start a Dom0-enabled system. However, it lacks netw Restart the host to load the Xen(TM) kernel and start the Dom0. -[source,bash] +[source,shell] .... # reboot .... After successfully booting the Xen(TM) kernel and logging into the system again, the Xen(TM) management tool `xl` is used to show information about the domains. -[source,bash] +[source,shell] .... # xl list Name ID Mem VCPUs State Time(s) @@ -957,21 +957,21 @@ The output confirms that the Dom0 (called `Domain-0`) has the ID `0` and is runn Unprivileged domains consist of a configuration file and virtual or physical hard disks. Virtual disk storage for the DomU can be files created by man:truncate[1] or ZFS volumes as described in crossref:zfs[zfs-zfs-volume,建立與摧毀磁碟區]. In this example, a 20 GB volume is used. A VM is created with the ZFS volume, a FreeBSD ISO image, 1 GB of RAM and two virtual CPUs. The ISO installation file is retrieved with man:fetch[1] and saved locally in a file called [.filename]#freebsd.iso#. -[source,bash] +[source,shell] .... # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/12.0/FreeBSD-12.0-RELEASE-amd64-bootonly.iso -o freebsd.iso .... A ZFS volume of 20 GB called [.filename]#xendisk0# is created to serve as the disk space for the VM. -[source,bash] +[source,shell] .... # zfs create -V20G -o volmode=dev zroot/xendisk0 .... The new DomU guest VM is defined in a file. Some specific definitions like name, keymap, and VNC connection details are also defined. The following [.filename]#freebsd.cfg# contains a minimum DomU configuration for this example: -[source,bash] +[source,shell] .... # cat freebsd.cfg builder = "hvm" <.> @@ -1009,7 +1009,7 @@ These lines are explained in more detail: After the file has been created with all the necessary options, the DomU is created by passing it to `xl create` as a parameter. -[source,bash] +[source,shell] .... # xl create freebsd.cfg .... @@ -1021,7 +1021,7 @@ Each time the Dom0 is restarted, the configuration file must be passed to `xl cr The output of `xl list` confirms that the DomU has been created. -[source,bash] +[source,shell] .... # xl list Name ID Mem VCPUs State Time(s) @@ -1031,7 +1031,7 @@ freebsd 1 1024 1 -b---- 663.9 To begin the installation of the base operating system, start the VNC client, directing it to the main network address of the host or to the IP address defined on the `vnclisten` line of [.filename]#freebsd.cfg#. After the operating system has been installed, shut down the DomU and disconnect the VNC viewer. Edit [.filename]#freebsd.cfg#, removing the line with the `cdrom` definition or commenting it out by inserting a `#` character at the beginning of the line. To load this new configuration, it is necessary to remove the old DomU with `xl destroy`, passing either the name or the id as the parameter. Afterwards, recreate it using the modified [.filename]##freebsd.cfg##. -[source,bash] +[source,shell] .... # xl destroy freebsd # xl create freebsd.cfg @@ -1057,7 +1057,7 @@ In order to troubleshoot host boot issues you will likely need a serial cable, o FreeBSD should also be booted in verbose mode in order to identify any issues. To activate verbose booting, run this command: -[source,bash] +[source,shell] .... # sysrc -f /boot/loader.conf boot_verbose="YES" .... @@ -1071,7 +1071,7 @@ Issues can also arise when creating guests, the following attempts to provide so The most common cause of guest creation failures is the `xl` command spitting some error and exiting with a return code different than 0. If the error provided is not enough to help identify the issue, more verbose output can also be obtained from `xl` by using the `v` option repeatedly. -[source,bash] +[source,shell] .... # xl -vvv create freebsd.cfg Parsing config from freebsd.cfg diff --git a/documentation/content/zh-tw/books/handbook/x11/_index.adoc b/documentation/content/zh-tw/books/handbook/x11/_index.adoc index 359bf554a2..bd6cf8473a 100644 --- a/documentation/content/zh-tw/books/handbook/x11/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/x11/_index.adoc @@ -107,14 +107,14 @@ KDE 與 GNOME 會被稱作桌面環境是因為包含了完整常用桌面作業 使用 Binary 套件的安裝速度較快,但可用的自訂選項較少: -[source,bash] +[source,shell] .... # pkg install xorg .... 要從 Port 套件集編譯與安裝: -[source,bash] +[source,shell] .... # cd /usr/ports/x11/xorg # make install clean @@ -143,7 +143,7 @@ Xorg 支援大多數常見的顯示卡、鍵盤以及指標裝置。 . 若 Xorg 曾經在電腦使用過,可先將現有的設定檔重新命名或移除: + -[source,bash] +[source,shell] .... # mv /etc/X11/xorg.conf ~/xorg.conf.etc # mv /usr/local/etc/X11/xorg.conf ~/xorg.conf.localetc @@ -151,14 +151,14 @@ Xorg 支援大多數常見的顯示卡、鍵盤以及指標裝置。 + . 加入要執行 Xorg 的使用者到 `video` 或 `wheel` 群組,以便在可用時能開啟 3D 加速。要加入使用者 _jru_ 到任一個可用的群組: + -[source,bash] +[source,shell] .... # pw groupmod video -m jru || pw groupmod wheel -m jru .... + . 預設內含 TWM 視窗管理程式,啟動 Xorg 時便會啟動該視窗管理程式: + -[source,bash] +[source,shell] .... % startx .... @@ -171,7 +171,7 @@ Xorg 支援大多數常見的顯示卡、鍵盤以及指標裝置。 要存取 [.filename]#/dev/dri# 需要允許顯示卡的 3D 加速功能,這通常只需要將要執行 X 的使用者加入 `video` 或 `wheel` 群組。此處使用 man:pw[8] 來將使用者 _slurms_ 加入 `video` 群組,若沒有 `video` 則會加入 `wheel` 群組: -[source,bash] +[source,shell] .... # pw groupmod video -m slurms || pw groupmod wheel -m slurms .... @@ -357,7 +357,7 @@ EndSection 使用 man:xrandr[1]:: 執行 man:xrandr[1] 不加任何參數可檢查影像輸出及已偵測到的顯示器模式清單: + -[source,bash] +[source,shell] .... % xrandr Screen 0: minimum 320 x 200, current 3000 x 1920, maximum 8192 x 8192 @@ -380,7 +380,7 @@ HDMI-0 disconnected (normal left inverted right x axis y axis) + 可使用 man:xrandr[1] 來選擇任何其他的顯示模式。例如要切換為 1280x1024 於 60 Hz: + -[source,bash] +[source,shell] .... % xrandr --mode 1280x1024 --rate 60 .... @@ -389,7 +389,7 @@ HDMI-0 disconnected (normal left inverted right x axis y axis) + 不同裝置間輸出接頭的類型與數量也不同,給每個輸出的名稱在不同驅動程式間也不同。在某些驅動程式稱為 `HDMI-1` 的輸出在其他驅動程式則可能稱為 `HDMI1`。因此第一個步驟是執行 man:xrandr[1] 列出所有可用的輸出: + -[source,bash] +[source,shell] .... % xrandr Screen 0: minimum 320 x 200, current 1366 x 768, maximum 8192 x 8192 @@ -415,7 +415,7 @@ DP1 disconnected (normal left inverted right x axis y axis) + 投影機已連接至 `VGA1` 輸出,現在使用 man:xrandr[1] 來設定該輸出到投影機 (原始解析度) 並加入額外的空間到桌面的右側: + -[source,bash] +[source,shell] .... % xrandr --output VGA1 --auto --right-of LVDS1 .... @@ -574,14 +574,14 @@ EndSection 產生 [.filename]#xorg.conf#: -[source,bash] +[source,shell] .... # Xorg -configure .... 設定檔會儲存至 [.filename]#/root/xorg.conf.new#,做任何需要的更改,然後使用以下指令測試該檔案: -[source,bash] +[source,shell] .... # Xorg -config /root/xorg.conf.new .... @@ -598,14 +598,14 @@ EndSection 要由 Binary 套件安裝上述的 Type1 字型集可執行以下指令: -[source,bash] +[source,shell] .... # pkg install urwfonts .... 或由 Port 套件集編譯,可執行以下指令: -[source,bash] +[source,shell] .... # cd /usr/ports/x11-fonts/urwfonts # make install clean @@ -620,7 +620,7 @@ FontPath "/usr/local/shared/fonts/urwfonts/" 或者在 X session 的指令列執行: -[source,bash] +[source,shell] .... % xset fp+ /usr/local/shared/fonts/urwfonts % xset fp rehash @@ -640,14 +640,14 @@ Load "freetype" 現在要建立一個儲存 TrueType(TM) 字型的目錄 (例如,[.filename]#/usr/local/shared/fonts/TrueType#) 然後複製所有 TrueType(TM) 字型到這個目錄。要注意 TrueType(TM) 字型並無法直接取自 Apple(TM)Mac(TM),Xorg 使用的字型必須為 UNIX(TM)/MS-DOS(TM)/Windows(TM) 的格式。檔案複製到讓目錄之後,使用 mkfontscale 來建立 [.filename]#fonts.dir# 來讓 X 字型繪製程式知道安裝了新的檔案。`mkfontscale` 可用套件的方式安裝: -[source,bash] +[source,shell] .... # pkg install mkfontscale .... 然後在目錄中建立 X 字型檔的索引: -[source,bash] +[source,shell] .... # cd /usr/local/shared/fonts/TrueType # mkfontscale @@ -655,7 +655,7 @@ Load "freetype" 接著加入 TrueType(TM) 目錄到字型路徑。這個動作與 <<type1>> 中所介紹的方式相同: -[source,bash] +[source,shell] .... % xset fp+ /usr/local/shared/fonts/TrueType % xset fp rehash @@ -690,7 +690,7 @@ Load "freetype" 加入新字型及額外的新字型目錄之後,需重新建立字型快取: -[source,bash] +[source,shell] .... # fc-cache -f .... @@ -801,7 +801,7 @@ Xorg 提供了 X 顯示管理程式 (X Display Manager, XDM),可用來做登 要安裝 XDM 可使用 package:x11/xdm[] 套件或 Port。安裝完成之後,可設定 XDM 在開機時執行,只需編輯 [.filename]#/etc/ttys# 中的此項目: -[source,bash] +[source,shell] .... ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure .... @@ -848,7 +848,7 @@ XDM 的設定目錄位於 [.filename]#/usr/local/etc/X11/xdm#。此目錄中包 要設定 XDM 傾聽任何遠端的連線,在 [.filename]#/usr/local/etc/X11/xdm/xdm-config# 中的 `DisplayManager.requestPort` 行前加上 `!` 來註解該行: -[source,bash] +[source,shell] .... ! SECURITY: do not listen for XDMCP or Chooser requests ! Comment out this line if you want to manage X terminals with xdm @@ -869,14 +869,14 @@ GNOME 是一個擁有友善使用者介面的的桌面環境,它包括用於 這套桌面環境可以從套件安裝: -[source,bash] +[source,shell] .... # pkg install gnome3 .... 也可使用以下指令從 Port 編譯 GNOME,GNOME 是一套大型的應用程式,即使在速度較快的電腦上,也會需要花費一些時間編譯。 -[source,bash] +[source,shell] .... # cd /usr/ports/x11/gnome3 # make install clean @@ -915,14 +915,14 @@ GDM 則會在系統開機時自動啟動。 第二種啟動 GNOME 的方法是在設定完 [.filename]#~/.xinitrc# 後在指令列輸入 `startx`。若這個檔案已經存在,替換啟動目前視窗管理程式的那一行,改為啟動 [.filename]#/usr/local/bin/gnome-session#。若檔案不存在,則使用以下指令建立一個: -[source,bash] +[source,shell] .... % echo "exec /usr/local/bin/gnome-session" > ~/.xinitrc .... 第三種方法是使用 XDM 做為顯示管理程式,在這個方法需要建立一個可執行的 [.filename]#~/.xsession#: -[source,bash] +[source,shell] .... % echo "exec /usr/local/bin/gnome-session" > ~/.xsession .... @@ -934,14 +934,14 @@ KDE 是另一套易於使用的桌面環境。這個桌面環境提供了一致 要安裝 KDE 套件,請輸入: -[source,bash] +[source,shell] .... # pkg install x11/kde5 .... 或者要使用 KDE Port 編譯,可使用以下指令,採用 Port 方式安裝會有選單可以選擇要安裝的元件。KDE 是一個大型的應用程式,即使在較快的電腦上仍需要花費一段時間來編譯。 -[source,bash] +[source,shell] .... # cd /usr/ports/x11/kde5 # make install clean @@ -964,7 +964,7 @@ hald_enable="YES" 自 KDE Plasma 5 開始,KDE Display Manager, KDM 便停止開發,可能的替代方案為 SDDM,要安裝該套件可輸入: -[source,bash] +[source,shell] .... # pkg install x11/sddm .... @@ -985,7 +985,7 @@ exec ck-launch-session startkde 第三種啟動 KDE 的方式是透過 XDM,要使用這個方法需要建立一個可執行的 [.filename]#~/.xsession# 如下: -[source,bash] +[source,shell] .... % echo "exec ck-launch-session startkde" > ~/.xsession .... @@ -999,14 +999,14 @@ Xfce 是以 GNOME 使用的 GTK +工具包做為基礎所開發的桌面環境 要安裝 Xfce 套件: -[source,bash] +[source,shell] .... # pkg install xfce .... 或者使用 Port 編譯: -[source,bash] +[source,shell] .... # cd /usr/ports/x11-wm/xfce4 # make install clean @@ -1021,14 +1021,14 @@ dbus_enable="YES" 不像 GNOME 或 KDE,Xfce 並沒有自己的登入管理程式,要能用 `startx` 指令列啟動 Xfce 之前需先加入其項目到 [.filename]#~/.xinitrc#: -[source,bash] +[source,shell] .... % echo ". /usr/local/etc/xdg/xfce4/xinitrc" > ~/.xinitrc .... 另一種方式是使用 XDM,要設定這個方式需建立一個可執行的 [.filename]#~/.xsession#: -[source,bash] +[source,shell] .... % echo ". /usr/local/etc/xdg/xfce4/xinitrc" > ~/.xsession .... @@ -1051,7 +1051,7 @@ dbus_enable="YES" 例如,要安裝最新的驅動程式: -[source,bash] +[source,shell] .... # pkg install x11/nvidia-driver .... @@ -1152,7 +1152,7 @@ Section "Module" 前面所述的動作可以執行 package:x11/nvidia-xconfig[] 來自動完成 (使用 root): -[source,bash] +[source,shell] .... # nvidia-xconfig --add-argb-glx-visuals # nvidia-xconfig --composite @@ -1164,14 +1164,14 @@ Section "Module" 安裝 Compiz Fusion 如同安裝其他套件一樣簡單: -[source,bash] +[source,shell] .... # pkg install x11-wm/compiz-fusion .... 安裝完成之後,開啟您的圖型化桌面,然後在終端機的畫面輸入以下指令 (使用一般使用者): -[source,bash] +[source,shell] .... % compiz --replace --sm-disable --ignore-desktop-hints ccp & % emerald --replace & @@ -1190,7 +1190,7 @@ emerald --replace & 儲存這個 Script 到您的家目錄所在位置,例如 [.filename]#start-compiz#,然後讓該檔案可以執行: -[source,bash] +[source,shell] .... % chmod +x ~/start-compiz .... @@ -1199,7 +1199,7 @@ emerald --replace & 要選擇所想使用的特效與相關設定,可執行 (一樣使用一般使用者) Compiz Config 設定管理程式 Compiz Config Settings Manager: -[source,bash] +[source,shell] .... % ccsm .... @@ -1248,7 +1248,7 @@ Option "AutoAddDevices" "false" 也是可以從 X 終端機或 Script 下指令來做同樣的設定: -[source,bash] +[source,shell] .... % setxkbmap -model pc102 -layout fr .... @@ -1306,7 +1306,7 @@ EndSection 若一且運作正常,設定檔需要安裝到 man:Xorg[1] 會尋找的常用設定檔位置,通常是 [.filename]#/etc/X11/xorg.conf# 或 [.filename]#/usr/local/etc/X11/xorg.conf#。 -[source,bash] +[source,shell] .... # cp xorg.conf.new /etc/X11/xorg.conf .... @@ -1394,7 +1394,7 @@ EndSection 若您檢查 [.filename]#/var/log/Xorg.0.log#,您可能可以找到當 X 啟動時所發生的錯誤訊息。最常發生的錯誤會是: -[source,bash] +[source,shell] .... (EE) NVIDIA(0): Failed to initialize the GLX module; please check in your X (EE) NVIDIA(0): log file that the GLX module has been loaded in your X diff --git a/documentation/content/zh-tw/books/handbook/zfs/_index.adoc b/documentation/content/zh-tw/books/handbook/zfs/_index.adoc index 09d411e3a2..03771200a6 100644 --- a/documentation/content/zh-tw/books/handbook/zfs/_index.adoc +++ b/documentation/content/zh-tw/books/handbook/zfs/_index.adoc @@ -74,7 +74,7 @@ zfs_enable="YES" 然後啟動服務: -[source,bash] +[source,shell] .... # service zfs start .... @@ -86,14 +86,14 @@ zfs_enable="YES" 要使用一個磁碟裝置建立一個簡單、無備援的儲存池可: -[source,bash] +[source,shell] .... # zpool create example /dev/da0 .... 要檢視這個新的儲存池,可查看 `df` 的輸出結果: -[source,bash] +[source,shell] .... # df Filesystem 1K-blocks Used Avail Capacity Mounted on @@ -105,7 +105,7 @@ example 17547136 0 17547136 0% /example 這個輸出結果說明 `example` 儲存池已建立且被掛載,現在已經可以作為檔案系統存取,可以在上面建立檔案且使用者可以瀏覽: -[source,bash] +[source,shell] .... # cd /example # ls @@ -119,7 +119,7 @@ drwxr-xr-x 21 root wheel 512 Aug 29 23:12 .. 但是,這個儲存池並未運用到任何 ZFS 功能,若要在這個儲存池上建立一個有開啟壓縮功能的資料集: -[source,bash] +[source,shell] .... # zfs create example/compressed # zfs set compression=gzip example/compressed @@ -129,14 +129,14 @@ drwxr-xr-x 21 root wheel 512 Aug 29 23:12 .. 壓縮功能也可以使用以下指令關閉: -[source,bash] +[source,shell] .... # zfs set compression=off example/compressed .... 要卸載檔案系統,使用 `zfs umount` 然後再使用 `df` 確認: -[source,bash] +[source,shell] .... # zfs umount example/compressed # df @@ -149,7 +149,7 @@ example 17547008 0 17547008 0% /example 要重新掛載檔案系統以便再次使用,使用 `zfs mount` 然後以 `df` 檢查: -[source,bash] +[source,shell] .... # zfs mount example/compressed # df @@ -163,7 +163,7 @@ example/compressed 17547008 0 17547008 0% /example/compressed 儲存池與檔案系統也可以從 `mount` 的結果查詢到: -[source,bash] +[source,shell] .... # mount /dev/ad0s1a on / (ufs, local) @@ -175,7 +175,7 @@ example/compressed on /example/compressed (zfs, local) 在建立之後,ZFS 的資料集可如同其他檔案系統一般使用,且有許多額外功能可在每個資料集上設定。例如,建立一個預計存放重要的資料的新檔案系統 `data`,要設定每個資料區塊 (Data block) 要保留兩份備份: -[source,bash] +[source,shell] .... # zfs create example/data # zfs set copies=2 example/data @@ -183,7 +183,7 @@ example/compressed on /example/compressed (zfs, local) 現在,可以使用 `df` 指令來查看資料與空間的使用率: -[source,bash] +[source,shell] .... # df Filesystem 1K-blocks Used Avail Capacity Mounted on @@ -199,7 +199,7 @@ example/data 17547008 0 17547008 0% /example/data 不需要使用時可摧毀檔案系統後再摧毀儲存池: -[source,bash] +[source,shell] .... # zfs destroy example/compressed # zfs destroy example/data @@ -213,7 +213,7 @@ example/data 17547008 0 17547008 0% /example/data 這個例子會建立一個 RAID-Z 儲存池,並指定要加入這個儲存池的磁碟: -[source,bash] +[source,shell] .... # zpool create storage raidz da0 da1 da2 .... @@ -225,14 +225,14 @@ Sun(TM) 建議用在 RAID-Z 設定的裝置數在三到九個之間。若需要 先前的例子已經建立了 `storage` 儲存池 (zpool),現在這個例子會在該儲存池中建立一個新的檔案系統,名稱為 `home`: -[source,bash] +[source,shell] .... # zfs create storage/home .... 可以設定開啟壓縮及保留目錄及檔案額外備份的功能: -[source,bash] +[source,shell] .... # zfs set copies=2 storage/home # zfs set compression=gzip storage/home @@ -240,7 +240,7 @@ Sun(TM) 建議用在 RAID-Z 設定的裝置數在三到九個之間。若需要 要讓這個空間作為使用者的新家目錄位置,需複製使用者資料到這個目錄並建立適合的符號連結 (Symbolic link): -[source,bash] +[source,shell] .... # cp -rp /home/* /storage/home # rm -rf /home /usr/home @@ -252,7 +252,7 @@ Sun(TM) 建議用在 RAID-Z 設定的裝置數在三到九個之間。若需要 試著建立檔案系統快照 (Snapshot),稍後可用來還原 (Rollback): -[source,bash] +[source,shell] .... # zfs snapshot storage/home@08-30-08 .... @@ -261,35 +261,35 @@ Sun(TM) 建議用在 RAID-Z 設定的裝置數在三到九個之間。若需要 `@` 字元用來區隔檔案系統名稱 (File system) 或磁碟區 (Volume) 名稱,若有重要的目錄意外被刪除,檔案系統可以備份然後還原到先前目錄還存在時的快照 (Snapshot): -[source,bash] +[source,shell] .... # zfs rollback storage/home@08-30-08 .... 要列出所有可用的快照,可在檔案系統的 [.filename]#.zfs/snapshot# 目錄執行 `ls`,舉例來說,要查看先前已做的快照: -[source,bash] +[source,shell] .... # ls /storage/home/.zfs/snapshot .... 也可以寫一個 Script 來對使用者資料做例行性的快照,但隨著時間快照可能消耗大量的磁碟空間。先前的快照可以使用指令移除: -[source,bash] +[source,shell] .... # zfs destroy storage/home@08-30-08 .... 在測試之後,便可讓 [.filename]#/storage/home# 成為真正的 [.filename]#/home# 使用此指令: -[source,bash] +[source,shell] .... # zfs set mountpoint=/home storage/home .... 執行 `df` 興 `mount` 來確認系統現在是否以把檔案系統做為真正的 [.filename]#/home#: -[source,bash] +[source,shell] .... # mount /dev/ad0s1a on / (ufs, local) @@ -318,21 +318,21 @@ daily_status_zfs_enable="YES" 每個軟體 RAID 都有監控其狀態 (`state`) 的方式,而 RAID-Z 裝置的狀態可以使用這個指令來查看: -[source,bash] +[source,shell] .... # zpool status -x .... 如果所有儲存池為上線 (<<zfs-term-online,Online>>) 且正常,則訊息會顯示: -[source,bash] +[source,shell] .... all pools are healthy .... 如果有發生問題,可能磁碟會呈現離線 (<<zfs-term-offline,Offline>>) 的狀態,此時儲存池的狀態會是: -[source,bash] +[source,shell] .... pool: storage state: DEGRADED @@ -356,21 +356,21 @@ errors: No known data errors 這代表著裝置在之前被管理者使用此指令拿下線: -[source,bash] +[source,shell] .... # zpool offline storage da1 .... 現在系統可以關機然後更換 [.filename]#da1#,當系統恢復上線,則可以替換掉儲存池中故障的磁碟: -[source,bash] +[source,shell] .... # zpool replace storage da1 .... 到這裡,可以再檢查狀態一次,這時不需使用 `-x` 參數來顯示所有的儲存池: -[source,bash] +[source,shell] .... # zpool status storage pool: storage @@ -403,14 +403,14 @@ ZFS 使用校驗碼 (Checksum) 來檢驗資料的完整性 (Integrity),會在 檢驗校驗碼這個動作即所謂的__清潔 (Scrub)__,可以使用以下指令來檢驗 `storage` 儲存池的資料完整性: -[source,bash] +[source,shell] .... # zpool scrub storage .... 清潔所需要的時間依儲存的資料量而定,較大的資料量相對會需要花費較長的時間來檢驗。清潔會對 I/O 有非常密集的操作且一次只能進行一個清潔動作。在清潔完成之後,可以使用 `status` 來查看狀態: -[source,bash] +[source,shell] .... # zpool status storage pool: storage @@ -444,7 +444,7 @@ ZFS 管理分成兩個主要的工具。`zpool` 工具用來控制儲存池的 建立一個簡單的鏡像儲存池: -[source,bash] +[source,shell] .... # zpool create mypool mirror /dev/ada1 /dev/ada2 # zpool status @@ -464,7 +464,7 @@ errors: No known data errors 可以一次建立數個 vdev,磁碟群組間使用 vdev 型態關鍵字來區隔,在這個例子使用 `mirror`: -[source,bash] +[source,shell] .... # zpool create mypool mirror /dev/ada1 /dev/ada2 mirror /dev/ada3 /dev/ada4 pool: mypool @@ -488,7 +488,7 @@ errors: No known data errors 使用分割區建立一個 <<zfs-term-vdev-raidz,RAID-Z2>> 儲存池: -[source,bash] +[source,shell] .... # zpool create mypool raidz2 /dev/ada0p3 /dev/ada1p3 /dev/ada2p3 /dev/ada3p3 /dev/ada4p3 /dev/ada5p3 # zpool status @@ -521,7 +521,7 @@ errors: No known data errors 加入 _ada1p3_ 來升級單一磁碟串連 (stripe) vdev _ada0p3_ 採用鏡像型態 (mirror): -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -587,7 +587,7 @@ errors: No known data errors 連接第二個 mirror 群組 ([.filename]#ada2p3# 及 [.filename]#ada3p3#) 到既有的 mirror: -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -629,7 +629,7 @@ errors: No known data errors 從一個三方 mirror 群組移除一個磁碟: -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -666,7 +666,7 @@ errors: No known data errors 儲存池的狀態很重要,若有磁碟機離線或偵測到讀取、寫入或校驗碼 (Checksum) 錯誤,對應的錯誤計數便會增加。`status` 會顯示儲存池中每一個磁碟機的設定與狀態及整個儲存池的狀態。需要處置的方式與有關最近清潔 (<<zfs-zpool-scrub,`Scrub`>>) 的詳細資訊也會一併顯示。 -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -699,7 +699,7 @@ errors: No known data errors 更換儲存池中正在運作的狀置: -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -771,7 +771,7 @@ errors: No known data errors 使用 `zpool replace` 更換故障的磁碟: -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -831,7 +831,7 @@ errors: No known data errors 建議儲存池要定期清潔 (<<zfs-term-scrub,Scrub>>),最好是每一個月清潔一次。 `scrub` 作業對磁碟操作非常的密集,在執行時會降低磁碟的效能。在排程 `scrub` 時避免在使用高峰的時期,或使用 <<zfs-advanced-tuning-scrub_delay,`vfs.zfs.scrub_delay`>> 來調整 `scrub` 的相對優先權來避免影響其他的工作。 -[source,bash] +[source,shell] .... # zpool scrub mypool # zpool status @@ -864,7 +864,7 @@ errors: No known data errors 接下來的例子會示範自我修復會如何運作。建立一個使用磁碟 [.filename]#/dev/ada0# 及 [.filename]#/dev/ada1# 做鏡像的儲存池。 -[source,bash] +[source,shell] .... # zpool create healer mirror /dev/ada0 /dev/ada1 # zpool status healer @@ -887,7 +887,7 @@ healer 960M 92.5K 960M - - 0% 0% 1.00x ONLINE - 將部份需要使用自我修復功能來保護的重要資料複製到該儲存池,建立一個儲存池的校驗碼供稍後做比較時使用。 -[source,bash] +[source,shell] .... # cp /some/important/data /healer # zfs list @@ -906,7 +906,7 @@ SHA1 (/healer) = 2753eff56d77d9a536ece6694bf0a82740344d1f 這是一個危險的操作,會破壞重要的資料。在這裡使用僅為了示範用,不應在儲存池正常運作時嘗試使用,也不應將這個故意損壞資料的例子用在任何其他的檔案系統上,所以請勿使用任何不屬於該儲存池的其他磁碟裝置名稱並確定在執行指令前已對儲存池做正確的備份! ==== -[source,bash] +[source,shell] .... # zpool export healer # dd if=/dev/random of=/dev/ada1 bs=1m count=200 @@ -918,7 +918,7 @@ SHA1 (/healer) = 2753eff56d77d9a536ece6694bf0a82740344d1f 儲存池的狀態顯示有一個裝置發生了錯誤。注意,應用程式從儲存池讀取的資料中並沒有任何的錯誤資料,ZFS 會自 [.filename]#ada0# 裝置提供有正確校驗碼的資料。結果裡面 `CKSUM` 欄位含有非零值便是有錯誤校驗碼的裝置。 -[source,bash] +[source,shell] .... # zpool status healer pool: healer @@ -942,7 +942,7 @@ errors: No known data errors 錯誤已經被偵測到並且由未被影響的 [.filename]#ada0# 鏡像磁碟上的備援提供資料。可與原來的校驗碼做比較來看儲存池是否已修復為一致。 -[source,bash] +[source,shell] .... # sha1 /healer >> checksum.txt # cat checksum.txt @@ -952,7 +952,7 @@ SHA1 (/healer) = 2753eff56d77d9a536ece6694bf0a82740344d1f 儲存池在故意竄改資料前與後的兩個校驗碼仍相符顯示了 ZFS 在校驗碼不同時偵測與自動修正錯誤的能力。注意,這只在當儲存池中有足夠的備援時才可做到,由單一裝置組成的儲存池並沒有自我修復的能力。這也是為什麼在 ZFS 中校驗碼如此重要,任何原因都不該關閉。不需要 man:fsck[8] 或類似的檔案系統一致性檢查程式便能夠偵測與修正問題,且儲存儲存池在發生問題時仍可正常運作。接著需要做清潔作業來覆蓋在 [.filename]#ada1# 上的錯誤資料。 -[source,bash] +[source,shell] .... # zpool scrub healer # zpool status healer @@ -979,7 +979,7 @@ errors: No known data errors 清潔作業會從 [.filename]#ada0# 讀取資料並重新寫入任何在 [.filename]#ada1# 上有錯誤校驗碼的資料。這個操作可以由 `zpool status` 的輸出中呈現修復中 `(repairing)` 的項目來辨識。這個作業完成後,儲存池的狀態會更改為: -[source,bash] +[source,shell] .... # zpool status healer pool: healer @@ -1003,7 +1003,7 @@ errors: No known data errors 清潔操作完成便同步了 [.filename]#ada0# 到 [.filename]#ada1# 間的所有資料。執行 `zpool clear` 可以清除 (<<zfs-zpool-clear,Clear>>) 儲存池狀態的錯誤訊息。 -[source,bash] +[source,shell] .... # zpool clear healer # zpool status healer @@ -1037,7 +1037,7 @@ errors: No known data errors 匯出未使用的儲存池: -[source,bash] +[source,shell] .... # zpool export mypool .... @@ -1046,7 +1046,7 @@ errors: No known data errors 列出所有可以匯入的儲存池: -[source,bash] +[source,shell] .... # zpool import pool: mypool @@ -1061,7 +1061,7 @@ errors: No known data errors 使用替代的根目錄匯入儲存池: -[source,bash] +[source,shell] .... # zpool import -o altroot=/mnt mypool # zfs list @@ -1077,7 +1077,7 @@ mypool 110K 47.0G 31K /mnt/mypool 升級一個 v28 的儲存以支援功能旗標 (`Feature Flags`): -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -1126,7 +1126,7 @@ ZFS 的新功能在 `zpool upgrade` 尚未完成之前無法使用。可以用 ` 升級儲存池支援新版的功能旗標 (Feature flags): -[source,bash] +[source,shell] .... # zpool status pool: mypool @@ -1184,14 +1184,14 @@ Enabled the following features on 'mypool': 針對傳統使用 GPT 開機的系統,可以使用以下指令: -[source,bash] +[source,shell] .... # gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada1 .... 針對使用 EFI 開機的系統可以執行以下指令: -[source,bash] +[source,shell] .... # gpart bootcode -p /boot/boot1.efifat -i 1 ada1 .... @@ -1204,7 +1204,7 @@ Enabled the following features on 'mypool': 修改儲存池的指令會被記錄下來,會記錄的動作包含資料集的建立,屬性更改或更換磁碟。這個歷史記錄用來查看儲存池是如何建立、由誰執行、什麼動作及何時。歷史記錄並非儲存在日誌檔 (Log file),而是儲存在儲存池。查看這個歷史記錄的指令名稱為 `zpool history`: -[source,bash] +[source,shell] .... # zpool history History for 'tank': @@ -1218,7 +1218,7 @@ History for 'tank': 在提供選項 `-i` 或 `-l` 時 `zpool history` 可以顯更多詳細資訊。`-i` 會顯示使用者觸發的事件外,也會顯示內部記錄的 ZFS 事件。 -[source,bash] +[source,shell] .... # zpool history -i History for 'tank': @@ -1233,7 +1233,7 @@ History for 'tank': 更多詳細的資訊可加上 `-l` 來取得,歷史記錄會以較長的格式顯示,包含的資訊有執行指令的使用者名稱、主機名稱以及更改的項目。 -[source,bash] +[source,shell] .... # zpool history -l History for 'tank': @@ -1252,7 +1252,7 @@ History for 'tank': 內建的監視系統可以即時顯示儲存池的 I/O 統計資訊。它會顯示儲存池剩餘的空間與使用的空間,每秒執行了多少讀取與寫入的操作,有多少 I/O 頻寬被使用。預設會監視所有在系統中的儲存池都並顯示出來,可以提供儲存池名稱來只顯示該儲存池的監視資訊。舉一個簡單的例子: -[source,bash] +[source,shell] .... # zpool iostat capacity operations bandwidth @@ -1265,7 +1265,7 @@ data 288G 1.53T 2 11 11.3K 57.1K 使用 `-v` 可以顯示更詳細的 I/O 統計資訊。每個在儲存池中的裝置會以一行統計資訊顯示。這可以幫助了解每一個裝置做了多少讀取與寫入的操作,並可協助確認是否有各別裝置拖慢了整個儲存池的速度。以下範例會顯示有兩個裝置的鏡像儲存池: -[source,bash] +[source,shell] .... # zpool iostat -v capacity operations bandwidth @@ -1295,7 +1295,7 @@ data 288G 1.53T 2 12 9.23K 61.5K 建立一個新資料集並開啟 <<zfs-term-compression-lz4,LZ4 壓縮>>: -[source,bash] +[source,shell] .... # zfs list NAME USED AVAIL REFER MOUNTPOINT @@ -1335,7 +1335,7 @@ mypool/var/tmp 152K 93.2G 152K /var/tmp 摧毀先前建立的資料集: -[source,bash] +[source,shell] .... # zfs list NAME USED AVAIL REFER MOUNTPOINT @@ -1380,7 +1380,7 @@ mypool/var/tmp 152K 93.2G 152K /var/tmp 磁碟區可以被格式化成任何檔案系統,或不使用檔案系統來儲存原始資料。對一般使用者,磁碟區就像是一般的磁碟,可以放置一般的檔案系統在這些 _zvols_ 上,並提供一般磁碟或檔案系統一般所沒有的功能。例如,使用壓縮屬性在一個 250 MB 的磁碟區可建立一個壓縮的 FAT 檔案系統。 -[source,bash] +[source,shell] .... # zfs create -V 250m -o compression=on tank/fat32 # zfs list tank @@ -1404,7 +1404,7 @@ Filesystem Size Used Avail Capacity Mounted on 重新命名一個資料集並移動該資料集到另一個父資料集: -[source,bash] +[source,shell] .... # zfs list NAME USED AVAIL REFER MOUNTPOINT @@ -1443,7 +1443,7 @@ mypool/var/tmp 152K 93.2G 152K /var/tmp 快照也可以像這樣重新命名,由於快照的本質使其無法被重新命名到另一個父資料集。要遞迴重新命名快照可指定 `-r`,然後在子資料集中所有同名的快照也會一併被重新命名。 -[source,bash] +[source,shell] .... # zfs list -t snapshot NAME USED AVAIL REFER MOUNTPOINT @@ -1461,7 +1461,7 @@ mypool/var/newname@new_snapshot_name 0 - 87.5K - 也可設定使用者自訂的屬性。這些屬性也會成為資料集設定的一部份,且可以被用來提供資料集或其內容的額外資訊。要別分自訂屬性與 ZFS 提供的屬性,會使用冒號 (`:`) 建立一個自訂命名空間供自訂屬性使用。 -[source,bash] +[source,shell] .... # zfs set custom:costcenter=1234 tank # zfs get custom:costcenter tank @@ -1471,7 +1471,7 @@ tank custom:costcenter 1234 local 要移除自訂屬性,可用 `zfs inherit` 加上 `-r`。若父資料集未定義任何自訂屬性,將會將該屬性完全移除 (更改動作仍會記錄於儲存池的歷史記錄)。 -[source,bash] +[source,shell] .... # zfs inherit -r custom:costcenter tank # zfs get custom:costcenter tank @@ -1486,7 +1486,7 @@ tank custom:costcenter - - Two commonly used and useful dataset properties are the NFS and SMB share options. Setting these define if and how ZFS datasets may be shared on the network. At present, only setting sharing via NFS is supported on FreeBSD. To get the current status of a share, enter: -[source,bash] +[source,shell] .... # zfs get sharenfs mypool/usr/home NAME PROPERTY VALUE SOURCE @@ -1498,14 +1498,14 @@ mypool/usr/home sharesmb off local To enable sharing of a dataset, enter: -[source,bash] +[source,shell] .... # zfs set sharenfs=on mypool/usr/home .... It is also possible to set additional options for sharing datasets through NFS, such as `-alldirs`, `-maproot` and `-network`. To set additional options to a dataset shared through NFS, enter: -[source,bash] +[source,shell] .... # zfs set sharenfs="-alldirs,-maproot=root,-network=192.168.1.0/24" mypool/usr/home .... @@ -1524,7 +1524,7 @@ ZFS 中的快照提供了多種功能,即使是在其他缺乏快照功能的 建立一個整個儲存池的遞迴快照: -[source,bash] +[source,shell] .... # zfs list -t all NAME USED AVAIL REFER MOUNTPOINT @@ -1567,7 +1567,7 @@ mypool/var/tmp@my_recursive_snapshot 0 - 152K - 快照並不會直接掛載,因此 `MOUNTPOINT` 欄位的路徑如此顯示。在 `AVAIL` 欄位不會有可用的磁碟空間,因為快照建立之後便無法再寫入。比較快照與其原來建立時的資料集: -[source,bash] +[source,shell] .... # zfs list -rt all mypool/usr/home NAME USED AVAIL REFER MOUNTPOINT @@ -1577,7 +1577,7 @@ mypool/usr/home@my_recursive_snapshot 0 - 184K - 同時顯示資料集與快照可以了解快照如何使用 <<zfs-term-cow,COW>> 技術來運作。快照只會保存有更動 (_差異_) 的資料,並非整個檔案系統的內容,這個意思是說,快照只會在有做更動時使用一小部份的空間,複製一個檔案到該資料集,可以讓空間使用量變的更明顯,然後再做第二個快照: -[source,bash] +[source,shell] .... # cp /etc/passwd /var/tmp # zfs snapshot mypool/var/tmp@after_cp @@ -1595,7 +1595,7 @@ mypool/var/tmp@after_cp 0 - 118K - ZFS 提供了內建指令可以用來比對兩個快照 (Snapshot) 之間的差異,在使用者想要查看一段時間之間檔案系統所的變更時非常有用。例如 `zfs diff` 可以讓使用者在最後一次快照中找到意外刪除的檔案。對前面一節所做的兩個快照使用這個指令會產生以下結果: -[source,bash] +[source,shell] .... # zfs list -rt all mypool/var/tmp NAME USED AVAIL REFER MOUNTPOINT @@ -1632,7 +1632,7 @@ M /var/tmp/ 比對兩個快照需要提供兩個資料集的完整資料集名稱與快照名稱: -[source,bash] +[source,shell] .... # cp /var/tmp/passwd /var/tmp/passwd.copy # zfs snapshot mypool/var/tmp@diff_snapshot @@ -1654,7 +1654,7 @@ M /var/tmp/ 在第一個範例中,因為 `rm` 操作不小心移除了預期外的資料,要還原到快照。 -[source,bash] +[source,shell] .... # zfs list -rt all mypool/var/tmp NAME USED AVAIL REFER MOUNTPOINT @@ -1671,7 +1671,7 @@ vi.recover 在此時,使用者發現到刪除了太多檔案並希望能夠還原。ZFS 提供了簡單的方可以取回檔案,便是使用還原 (Rollback),但這只在有定期對重要的資料使用快照時可用。要拿回檔案並從最後一次快照重新開始,可執行以下指令: -[source,bash] +[source,shell] .... # zfs rollback mypool/var/tmp@diff_snapshot # ls /var/tmp @@ -1680,7 +1680,7 @@ passwd passwd.copy vi.recover 還原操作會將資料集還原為最後一次快照的狀態。這也可以還原到更早之前,有其他在其之後建立的快照。要這麼做時,ZFS 會發出這個警告: -[source,bash] +[source,shell] .... # zfs list -rt snapshot mypool/var/tmp AME USED AVAIL REFER MOUNTPOINT @@ -1696,7 +1696,7 @@ mypool/var/tmp@diff_snapshot 這個警告是因在該快照與資料集的目前狀態之間有其他快照存在,然而使用者想要還原到該快照。要完成這樣的還原動作,必須刪除在這之間的快照,因為 ZFS 無法追蹤不同資料集狀態間的變更。在使用者未指定 `-r` 來確認這個動作前,ZFS 不會刪除受影響的快照。若確定要這麼做,那麼必須要知道會遺失所有在這之間的快照,然後可執行以下指令: -[source,bash] +[source,shell] .... # zfs rollback -r mypool/var/tmp@my_recursive_snapshot # zfs list -rt snapshot mypool/var/tmp @@ -1713,7 +1713,7 @@ vi.recover 快照會掛載在父資料集下的隱藏目錄:[.filename]#.zfs/snapshots/snapshotname#。預設不會顯示這些目錄,即使是用 `ls -a` 指令。雖然該目錄不會顯示,但該目錄實際存在,而且可以像一般的目錄一樣存取。一個名稱為 `snapdir` 的屬性可以控制是否在目錄清單中顯示這些隱藏目錄,設定該屬性為可見 (`visible`) 可以讓這些目錄出現在 `ls` 以及其他處理目錄內容的指令中。 -[source,bash] +[source,shell] .... # zfs get snapdir mypool/var/tmp NAME PROPERTY VALUE SOURCE @@ -1727,7 +1727,7 @@ mypool/var/tmp snapdir hidden default 要還原個別檔案到先前的狀態非常簡單,只要從快照中複製檔案到父資料集。在 [.filename]#.zfs/snapshot# 目錄結構下有一個與先前所做的快照名稱相同的目錄,可以很容易的找到。在下個範例中,我們會示範從隱藏的 [.filename]#.zfs# 目錄還原一個檔案,透過從含有該檔案的最新版快照複製: -[source,bash] +[source,shell] .... # rm /var/tmp/passwd # ls -a /var/tmp @@ -1741,7 +1741,7 @@ passwd vi.recover 執行 `ls .zfs/snapshot` 時,雖然 `snapdir` 可能已經設為隱藏,但仍可能可以顯示該目錄中的內容,這取決於管理者是否要顯示這些目錄,可以只顯示特定的資料集,而其他的則不顯示。從這個隱藏的 [.filename]#.zfs/snapshot# 複製檔案或目錄非常簡單,除此之外,嘗試其他的動作則會出現以下錯誤: -[source,bash] +[source,shell] .... # cp /etc/rc.conf /var/tmp/.zfs/snapshot/after_cp/ cp: /var/tmp/.zfs/snapshot/after_cp/rc.conf: Read-only file system @@ -1760,7 +1760,7 @@ cp: /var/tmp/.zfs/snapshot/after_cp/rc.conf: Read-only file system 要示範複本功能會用到這個範例資料集: -[source,bash] +[source,shell] .... # zfs list -rt all camino/home/joe NAME USED AVAIL REFER MOUNTPOINT @@ -1771,7 +1771,7 @@ camino/home/joe@backup 0K - 87K - 會使用到複本一般是要在可以保留快照以便出錯時可還原的情況下使用指定的資料集做實驗,由於快照並無法做更改,所以會建立一個可以讀/寫的快照複本。當在複本中做完想要執行的動作後,便可以提升複本成資料集,然後移除舊的檔案系統。嚴格來說這並非必要,因為複本與資料集可同時存在,不會有任何問題。 -[source,bash] +[source,shell] .... # zfs clone camino/home/joe@backup camino/home/joenew # ls /usr/home/joe* @@ -1788,7 +1788,7 @@ usr/home/joenew 1.3G 31k 1.3G 0% /usr/home/joenew 建立完的複本便有與建立快照時狀態相同的資料集,現在複本可以獨立於原來的資料集來做更改。剩下唯一與資料集之間的關係便是快照,ZFS 會在屬性 `origin` 記錄這個關係,一旦在快照與複本之間的相依關係因為使用 `zfs promote` 提升而移除時,複本的 `origin` 也會因為成為一個完全獨立的資料集而移除。以下範例會示範這個動作: -[source,bash] +[source,shell] .... # zfs get origin camino/home/joenew NAME PROPERTY VALUE SOURCE @@ -1801,7 +1801,7 @@ camino/home/joenew origin - - 做為部份更改之後,例如複製 [.filename]#loader.conf# 到提升後的複本,這個例子中的舊目錄便無須保留,取而代之的是提升後的複本,這個動作可以用兩個連續的指令來完成:在舊資料集上執行 `zfs destroy` 並在與舊資料相似名稱 (也可能用完全不同的名稱) 的複本上執行 `zfs rename`。 -[source,bash] +[source,shell] .... # cp /boot/defaults/loader.conf /usr/home/joenew # zfs destroy -f camino/home/joe @@ -1822,7 +1822,7 @@ usr/home/joe 1.3G 128k 1.3G 0% /usr/home/joe 以下例子將示範使用兩個儲存池來做 ZFS 備份: -[source,bash] +[source,shell] .... # zpool list NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT @@ -1832,7 +1832,7 @@ mypool 984M 43.7M 940M - - 0% 4% 1.00x ONLINE - 名為 _mypool_ 的儲存池為主要的儲存池,資料會定期寫入與讀取的位置。第二個儲存池 _backup_ 用來待命 (Standby),萬一主要儲存池無法使用時可替換。注意,ZFS 並不會自動做容錯移轉 (Fail-over),必須要由系統管理者在需要的時候手動完成。快照會用來提供一個與檔系統一致的版本來做備份,_mypool_ 的快照建立之後,便可以複製到 _backup_ 儲存池,只有快照可以做備份,最近一次快照之後所做的變更不會含在內容裡面。 -[source,bash] +[source,shell] .... # zfs snapshot mypool@backup1 # zfs list -t snapshot @@ -1842,7 +1842,7 @@ mypool@backup1 0 - 43.6M - 快照存在以後,便可以使用 `zfs send` 來建立一個代表快照內容的串流,這個串流可以儲存成檔案或由其他儲存池接收。串流會寫入到標準輸出,但是必須要重新導向到一個檔案或轉接到其他地方,否則會錯誤: -[source,bash] +[source,shell] .... # zfs send mypool@backup1 Error: Stream can not be written to a terminal. @@ -1851,7 +1851,7 @@ You must redirect standard output. 要使用 `zfs send` 備份一個資料集,可重新導向到一個位於在已掛載到備份儲存池上的檔案。確定該儲存池有足夠的空間容納要傳送的快照,這裡指的是該快照中內含的所有資料,並非只有上次快照到該快照間的變更。 -[source,bash] +[source,shell] .... # zfs send mypool@backup1 > /backup/backup1 # zpool list @@ -1864,7 +1864,7 @@ mypool 984M 43.7M 940M - - 0% 4% 1.00x ONLINE - 若不想將備份以封存檔案儲存,ZFS 可用實際的檔案系統來接收資料,讓備份的資料可以直接被存取。要取得實際包含在串流中的資料可以用 `zfs receive` 將串流轉換回檔案與目錄。以下例子會以管線符號連接 `zfs send` 及 `zfs receive`,將資料從一個儲存池複製到另一個,傳輸完成後可以直接使用接收儲存池上的資料。一個資料集只可以被複製到另一個空的資料集。 -[source,bash] +[source,shell] .... # zfs snapshot mypool@replica1 # zfs send -v mypool@replica1 | zfs receive backup/mypool @@ -1883,7 +1883,7 @@ mypool 984M 43.7M 940M - - 0% 4% 1.00x ONLINE - `zfs send` 也可以比較兩個快照之間的差異,並且只傳送兩者之間的差異,這麼做可以節省磁碟空間及傳輸時間。例如: -[source,bash] +[source,shell] .... # zfs snapshot mypool@replica2 # zfs list -t snapshot @@ -1898,7 +1898,7 @@ mypool 960M 50.2M 910M - - 0% 5% 1.00x ONLINE - 會建立一個名為 _replica2_ 的第二個快照,這個快照只中只會含有目前與前次快照 _replica1_ 之間檔案系統所做的變更。使用 `zfs send -i` 並指定要用來產生漸進備份串流的快照,串流中只會含有做過更改的資料。這個動作只在接收端已經有初始快照時才可用。 -[source,bash] +[source,shell] .... # zfs send -v -i mypool@replica1 mypool@replica2 | zfs receive /backup/mypool send from @replica1 to mypool@replica2 estimated size is 5.02M @@ -1941,14 +1941,14 @@ mypool@replica2 0 - 55.0M - * 正常會需要 `root` 的權限來傳送與接收串流,這需要可以 `root` 登入到接收端系統。但是,預設因安全性考慮會關閉以 `root` 登入。ZFS 委託 (<<zfs-zfs-allow,ZFS Delegation>>) 系統可以用來允許一個非 `root` 使用者在每個系統上執行各自的發送與接收操作。 * 在傳送端系統上: + -[source,bash] +[source,shell] .... # zfs allow -u someuser send,snapshot mypool .... * 要掛載儲存池,無權限的使用者必須擁有該目錄且必須允許一般的使用者掛載檔案系統。在接收端系統上: + -[source,bash] +[source,shell] .... # sysctl vfs.usermount=1 vfs.usermount: 0 -> 1 @@ -1960,7 +1960,7 @@ vfs.usermount: 0 -> 1 無權限的使用者現在有能力可以接收並掛載資料集,且 _home_ 資料集可以被複製到遠端系統: -[source,bash] +[source,shell] .... % zfs snapshot -r mypool/home@monday % zfs send -R mypool/home@monday | ssh someuser@backuphost zfs recv -dvu recvpool/backup @@ -1975,21 +1975,21 @@ vfs.usermount: 0 -> 1 要設定 [.filename]#storage/home/bob# 的資料集配額為 10 GB: -[source,bash] +[source,shell] .... # zfs set quota=10G storage/home/bob .... 要設定 [.filename]#storage/home/bob# 的參考配額為 10 GB: -[source,bash] +[source,shell] .... # zfs set refquota=10G storage/home/bob .... 要移除 [.filename]#storage/home/bob# 的 10 GB 配額: -[source,bash] +[source,shell] .... # zfs set quota=none storage/home/bob .... @@ -2003,14 +2003,14 @@ vfs.usermount: 0 -> 1 例如,要設定使用者名為 _joe_ 的使用者配額為 50 GB: -[source,bash] +[source,shell] .... # zfs set userquota@joe=50G .... 要移除所有配額: -[source,bash] +[source,shell] .... # zfs set userquota@joe=none .... @@ -2024,14 +2024,14 @@ vfs.usermount: 0 -> 1 要設定群組 _firstgroup_ 的配額為 50 GB 可使用: -[source,bash] +[source,shell] .... # zfs set groupquota@firstgroup=50G .... 要移除群組 _firstgroup_ 的配額,或確保該群組未設定配額可使用: -[source,bash] +[source,shell] .... # zfs set groupquota@firstgroup=none .... @@ -2042,7 +2042,7 @@ vfs.usermount: 0 -> 1 有足夠權限的使用者及 `root` 可以使用以下指令列出 [.filename]#storage/home/bob# 的配額: -[source,bash] +[source,shell] .... # zfs get quota storage/home/bob .... @@ -2054,14 +2054,14 @@ vfs.usermount: 0 -> 1 `reservation` 屬性的一般格式為 `reservation=_size_`,所以要在 [.filename]#storage/home/bob# 設定保留 10 GB 的空間可以用: -[source,bash] +[source,shell] .... # zfs set reservation=10G storage/home/bob .... 要清除任何保留空間: -[source,bash] +[source,shell] .... # zfs set reservation=none storage/home/bob .... @@ -2070,7 +2070,7 @@ vfs.usermount: 0 -> 1 這個指令會顯示任何已設定於 [.filename]#storage/home/bob# 的 reservation 或 refreservation: -[source,bash] +[source,shell] .... # zfs get reservation storage/home/bob # zfs get refreservation storage/home/bob @@ -2085,7 +2085,7 @@ ZFS 提了多種不同的壓縮演算法,每一種都有不同的優缺點, 管理者可以使用資料集的屬性來監視壓縮的效果。 -[source,bash] +[source,shell] .... # zfs get used,compressratio,compression,logicalused mypool/compressed_dataset NAME PROPERTY VALUE SOURCE @@ -2108,14 +2108,14 @@ mypool/compressed_dataset logicalused 496G - 要開啟去重複功能,需在目標儲存池設定 `dedup` 屬性: -[source,bash] +[source,shell] .... # zfs set dedup=on pool .... 只有要被寫入到儲存池的新資料才會做去重複的動作,先前已被寫入到儲存池的資料不會因此啟動了這個選項而做去重複。查看已開啟去重複屬性的儲存池會如下: -[source,bash] +[source,shell] .... # zpool list NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT @@ -2124,7 +2124,7 @@ pool 2.84G 2.19M 2.83G - - 0% 0% 1.00x ONLINE - `DEDUP` 欄位會顯示儲存池的實際去重複率,數值為 `1.00x` 代表資料尚未被去重複。在下一個例子會在前面所建立的去重複儲存池中複製三份 Port 樹到不同的目錄中。 -[source,bash] +[source,shell] .... # for d in dir1 dir2 dir3; do > mkdir $d && cp -R /usr/ports $d & @@ -2133,7 +2133,7 @@ pool 2.84G 2.19M 2.83G - - 0% 0% 1.00x ONLINE - 已經偵測到重複的資料並做去重複: -[source,bash] +[source,shell] .... # zpool list NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT @@ -2144,7 +2144,7 @@ pool 2.84G 20.9M 2.82G - - 0% 0% 3.00x ONLINE - 去重複並非總是有效益的,特別是當儲存池中的資料本身並沒有重複時。ZFS 可以透過在現有儲存池上模擬開啟去重複功能來顯示可能節省的空間: -[source,bash] +[source,shell] .... # zdb -S pool Simulated DDT histogram: diff --git a/documentation/content/zh-tw/books/porters-handbook/makefiles/chapter.adoc b/documentation/content/zh-tw/books/porters-handbook/makefiles/chapter.adoc index 33ae230732..1ef7a4d813 100644 --- a/documentation/content/zh-tw/books/porters-handbook/makefiles/chapter.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/makefiles/chapter.adoc @@ -87,7 +87,7 @@ When updating a port, it is possible to use man:pkg-version[8]'s `-t` argument t ==== `pkg version -t` takes two versions as arguments, it will respond with `<`, `=` or `>` if the first version is less, equal, or more than the second version, respectively. -[source,bash] +[source,shell] .... % pkg version -t 1.2 1.3 < <.> @@ -219,7 +219,7 @@ DISTVERSION= 1.2p4 Both will generate a `PORTVERSION` of `1.2.p4` which is before than 1.2. man:pkg-version[8] can be used to check that fact: -[source,bash] +[source,shell] .... % pkg version -t 1.2.p4 1.2 < @@ -241,7 +241,7 @@ PORTVERSION= 1.2p4 In this case, using `DISTVERSION` is not possible because it would generate a version of `1.2.p4` which would be before `1.2` and not after. man:pkg-version[8] will verify this: -[source,bash] +[source,shell] .... % pkg version -t 1.2 1.2.p4 > <.> @@ -297,7 +297,7 @@ From time to time a software vendor or FreeBSD porter will do something silly an The results of version number comparisons are not always obvious. `pkg version` (see man:pkg-version[8]) can be used to test the comparison of two version number strings. For example: -[source,bash] +[source,shell] .... % pkg version -t 0.031 0.29 > @@ -1021,7 +1021,7 @@ BIND9 uses a version scheme that is not compatible with the ports versions (it h The order into which the ports framework, and pkg, will sort versions is checked using the `-t` argument of man:pkg-version[8]: -[source,bash] +[source,shell] .... % pkg version -t 9.9.9 9.9.9.p1 > <.> @@ -1440,7 +1440,7 @@ GH_TAGNAME= c472d66b This creates a versioning scheme that increases over time, and that is still before version `0` (see <<makefile-versions-ex-pkg-version>> for details on man:pkg-version[8]): -[source,bash] +[source,shell] .... % pkg version -t g20140411 0 < @@ -1456,7 +1456,7 @@ Which means using `PORTEPOCH` will not be needed in case upstream decides to cut If the current version of the software uses a Git tag, and the port needs to be updated to a newer, intermediate version, without a tag, use man:git-describe[1] to find out the version to use: -[source,bash] +[source,shell] .... % git describe --tags f0038b1 v0.7.3-14-gf0038b1 @@ -1485,7 +1485,7 @@ USE_GITHUB= yes This creates a versioning scheme that increases over time (well, over commits), and does not conflict with the creation of a `0.7.4` version. (See <<makefile-versions-ex-pkg-version>> for details on man:pkg-version[8]): -[source,bash] +[source,shell] .... % pkg version -t 0.7.3 0.7.3.14 < @@ -1497,7 +1497,7 @@ This creates a versioning scheme that increases over time (well, over commits), **** If the requested commit is the same as a tag, a shorter description is shown by default. The longer version is equivalent: -[source,bash] +[source,shell] .... % git describe --tags c66c71d v0.7.3 @@ -1635,7 +1635,7 @@ Using package:finance/moneymanagerex[] as an example, its GitHub repository is h The only information missing from that file is the commit hash or tag to use as a version. This information is found after cloning the repository: -[source,bash] +[source,shell] .... % git clone --recurse-submodules https://github.com/moneymanagerex/moneymanagerex.git Cloning into 'moneymanagerex'... @@ -4588,7 +4588,7 @@ The most common content of one of these variable is the package base of another package:dns/bind99[] cannot be installed if package:dns/bind910[] is present because they install same files. First gather the package base to use: -[source,bash] +[source,shell] .... % make -C dns/bind99 -V PKGBASE bind99 diff --git a/documentation/content/zh-tw/books/porters-handbook/quick-porting/chapter.adoc b/documentation/content/zh-tw/books/porters-handbook/quick-porting/chapter.adoc index 9776848c5f..6e9f487c6d 100644 --- a/documentation/content/zh-tw/books/porters-handbook/quick-porting/chapter.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/quick-porting/chapter.adoc @@ -47,7 +47,7 @@ toc::[] ==== It is recommended to set the `DEVELOPER` man:make[1] variable in [.filename]#/etc/make.conf# before getting into porting. -[source,bash] +[source,shell] .... # echo DEVELOPER=yes >> /etc/make.conf diff --git a/documentation/content/zh-tw/books/porters-handbook/security/chapter.adoc b/documentation/content/zh-tw/books/porters-handbook/security/chapter.adoc index da787a5553..9e42934945 100644 --- a/documentation/content/zh-tw/books/porters-handbook/security/chapter.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/security/chapter.adoc @@ -183,14 +183,14 @@ As a prerequisite, install a fresh version of package:security/vuxml[] port. First, check whether there already is an entry for this vulnerability. If there were such an entry, it would match the previous version of the package, `2013.58`: -[source,bash] +[source,shell] .... % pkg audit dropbear-2013.58 .... If there is none found, add a new entry for this vulnerability. -[source,bash] +[source,shell] .... % cd ${PORTSDIR}/security/vuxml % make newentry @@ -198,7 +198,7 @@ If there is none found, add a new entry for this vulnerability. Verify its syntax and formatting: -[source,bash] +[source,shell] .... % make validate .... @@ -210,7 +210,7 @@ At least one of these packages needs to be installed: package:textproc/libxml2[] Verify that the `<affected>` section of the entry will match the correct packages: -[source,bash] +[source,shell] .... % pkg audit -f ${PORTSDIR}/security/vuxml/vuln.xml dropbear-2013.58 .... @@ -219,7 +219,7 @@ Make sure that the entry produces no spurious matches in the output. Now check whether the right package versions are matched by the entry: -[source,bash] +[source,shell] .... % pkg audit -f ${PORTSDIR}/security/vuxml/vuln.xml dropbear-2013.58 dropbear-2013.59 dropbear-2012.58 is vulnerable: diff --git a/documentation/content/zh-tw/books/porters-handbook/slow-porting/chapter.adoc b/documentation/content/zh-tw/books/porters-handbook/slow-porting/chapter.adoc index 5c3b12612d..6c8b2ab3bc 100644 --- a/documentation/content/zh-tw/books/porters-handbook/slow-porting/chapter.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/slow-porting/chapter.adoc @@ -103,7 +103,7 @@ Unless explicitly stated, patch files, scripts, and other files created and cont In the preparation of the port, files that have been added or changed can be recorded with man:diff[1] for later feeding to man:patch[1]. Doing this with a typical file involves saving a copy of the original file before making any changes using a [.filename]#.orig# suffix. -[source,bash] +[source,shell] .... % cp file file.orig .... @@ -142,14 +142,14 @@ Patches are saved into files named [.filename]#patch-*# where * indicates the pa After the file has been modified, man:diff[1] is used to record the differences between the original and the modified version. `-u` causes man:diff[1] to produce "unified" diffs, the preferred form. -[source,bash] +[source,shell] .... % diff -u file.orig file > patch-pathname-file .... When generating patches for new, added files, `-N` is used to tell man:diff[1] to treat the non-existent original file as if it existed but was empty: -[source,bash] +[source,shell] .... % diff -u -N newfile.orig newfile > patch-pathname-newfile .... @@ -260,7 +260,7 @@ Sometime, there are many patches that are needed for a feature, in this case, it Create a subdirectory in [.filename]#${PATCHDIR}#, and move the patches in it. For example: -[source,bash] +[source,shell] .... % ls -l files/foo-patches -rw-r--r-- 1 root wheel 350 Jan 16 01:27 patch-Makefile.in diff --git a/documentation/content/zh-tw/books/porters-handbook/special/chapter.adoc b/documentation/content/zh-tw/books/porters-handbook/special/chapter.adoc index afe0abef08..77032655af 100644 --- a/documentation/content/zh-tw/books/porters-handbook/special/chapter.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/special/chapter.adoc @@ -86,7 +86,7 @@ ${RLN} ${STAGEDIR}${PREFIX}/lib/libfoo.so.42 ${STAGEDIR}${PREFIX}/lib/libfoo.so Will generate: -[source,bash] +[source,shell] .... % ls -lF ${STAGEDIR}${PREFIX}/lib lrwxr-xr-x 1 nobody nobody 181 Aug 3 11:27 libfoo.so@ -> libfoo.so.42 @@ -102,7 +102,7 @@ ${RLN} ${STAGEDIR}${PREFIX}/libexec/foo/bar ${STAGEDIR}${PREFIX}/bin/bar Will automatically generate the relative symbolic links: -[source,bash] +[source,shell] .... % ls -lF ${STAGEDIR}${PREFIX}/bin lrwxr-xr-x 1 nobody nobody 181 Aug 3 11:27 bar@ -> ../libexec/foo/bar @@ -124,7 +124,7 @@ ${LN} -sf /var/cache/${PORTNAME} ${STAGEDIR}${PREFIX}/shared/${PORTNAME} Will generate: -[source,bash] +[source,shell] .... % ls -lF ${STAGEDIRDIR}${PREFIX}/share lrwxr-xr-x 1 nobody nobody 181 Aug 3 11:27 foo@ -> /var/cache/foo @@ -568,7 +568,7 @@ GH_ACCOUNT= Aaronepower Generate an initial [.filename]#distinfo#: -[source,bash] +[source,shell] .... % make makesum => Aaronepower-tokei-v7.0.2_GH0.tar.gz doesn't seem to exist in /usr/ports/distfiles/. @@ -579,7 +579,7 @@ Aaronepower-tokei-v7.0.2_GH0.tar.gz 45 kB 239 kBps 00m00s Now the distribution file is ready to use and we can go ahead and extract crate dependencies from the bundled [.filename]#Cargo.lock#: -[source,bash] +[source,shell] .... % make cargo-crates CARGO_CRATES= aho-corasick-0.6.4 \ @@ -620,7 +620,7 @@ CARGO_CRATES= aho-corasick-0.6.4 \ [.filename]#distinfo# needs to be regenerated to contain all the crate distribution files: -[source,bash] +[source,shell] .... % make makesum => rust/crates/aho-corasick-0.6.4.tar.gz doesn't seem to exist in /usr/ports/distfiles/. @@ -696,7 +696,7 @@ PULSEAUDIO_VARS= CARGO_FEATURES+=pulseaudio_backend Crates have their own licenses. It is important to know what they are when adding a `LICENSE` block to the port (see <<licenses>>). The helper target `cargo-crates-licenses` will try to list all the licenses of all crates defined in `CARGO_CRATES`. -[source,bash] +[source,shell] .... % make cargo-crates-licenses aho-corasick-0.6.4 Unlicense/MIT @@ -780,7 +780,7 @@ GH_ACCOUNT= motemen Generate an initial [.filename]#distinfo#: -[source,bash] +[source,shell] .... % make makesum ===> License MIT accepted by the user @@ -792,7 +792,7 @@ motemen-ghq-v0.12.5_GH0.tar.gz 32 kB 177 kBps 00s Now the distribution file is ready to use and we can extract the required Go module dependencies. This step requires having package:ports-mgmt/modules2tuple[] installed: -[source,bash] +[source,shell] .... % make gomod-vendor [...] @@ -836,7 +836,7 @@ GH_TUPLE= Songmu:gitconfig:v0.0.2:songmu_gitconfig/vendor/github.com/Songmu/gitc [.filename]#distinfo# needs to be regenerated to contain all the distribution files: -[source,bash] +[source,shell] .... % make makesum => Songmu-gitconfig-v0.0.2_GH0.tar.gz doesn't seem to exist in /usr/ports/distfiles/. @@ -905,7 +905,7 @@ USES= cabal This minimal Makefile allows us to fetch the distribution file: -[source,bash] +[source,shell] .... % make cabal-extract [...] @@ -918,7 +918,7 @@ Unpacking to ShellCheck-0.6.0/ Now we have ShellCheck.cabal package description file, which allows us to fetch all package's dependencies, including transitive ones: -[source,bash] +[source,shell] .... % make cabal-extract-deps [...] @@ -935,7 +935,7 @@ Downloading dlist-0.8.0.7 As a side effect, the package's dependencies are also compiled, so the command may take some time. Once done, a list of required dependencies can generated: -[source,bash] +[source,shell] .... % make make-use-cabal USE_CABAL=QuickCheck-2.12.6.1 \ @@ -946,7 +946,7 @@ integer-logarithms-1.0.3 \ Haskell packages may contain revisions, just like FreeBSD ports. Revisions can affect only [.filename]#.cabal# files, but it is still important to pull them in. To check `USE_CABAL` items for available revision updates, run following command: -[source,bash] +[source,shell] .... % make make-use-cabal-revs USE_CABAL=QuickCheck-2.12.6.1_1 \ @@ -959,7 +959,7 @@ Note additional version numbers after `_` symbol. Put newly generated `USE_CABAL Finally, [.filename]#distinfo# needs to be regenerated to contain all the distribution files: -[source,bash] +[source,shell] .... % make makesum => ShellCheck-0.6.0.tar.gz doesn't seem to exist in /usr/local/poudriere/ports/git/distfiles/cabal. @@ -4161,7 +4161,7 @@ The package:devel/rclint[] port can check for most of these, but it is not a sub . Make sure there is no `KEYWORD: FreeBSD` present. This has not been necessary nor desirable for years. It is also an indication that the new script was copy/pasted from an old script, so extra caution must be given to the review. . If the script uses an interpreted language like `perl`, `python`, or `ruby`, make certain that `command_interpreter` is set appropriately, for example, for Perl, by adding `PERL=${PERL}` to `SUB_LIST` and using `%%PERL%%`. Otherwise, + -[source,bash] +[source,shell] .... # service name stop .... diff --git a/documentation/content/zh-tw/books/porters-handbook/testing/chapter.adoc b/documentation/content/zh-tw/books/porters-handbook/testing/chapter.adoc index 5389a38c66..d96624b2d4 100644 --- a/documentation/content/zh-tw/books/porters-handbook/testing/chapter.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/testing/chapter.adoc @@ -62,7 +62,7 @@ The package:ports-mgmt/porttools[] program is part of the Ports Collection. `port` is the front-end script, which can help simplify the testing job. Whenever a new port or an update to an existing one needs testing, use `port test` to test the port, including the <<testing-portlint,`portlint`>> checking. This command also detects and lists any files that are not listed in [.filename]#pkg-plist#. For example: -[source,bash] +[source,shell] .... # port test /usr/ports/net/csup .... @@ -80,7 +80,7 @@ Avoiding hard-coded [.filename]#/usr/local# paths in the source makes the port m Make sure the application is not installing things in [.filename]#/usr/local# instead of `PREFIX`. A quick test for such hard-coded paths is: -[source,bash] +[source,shell] .... % make clean; make package PREFIX=/var/tmp/`make -V PORTNAME` .... @@ -89,7 +89,7 @@ If anything is installed outside of `PREFIX`, the package creation process will In addition, it is worth checking the same with the stage directory support (see <<staging>>): -[source,bash] +[source,shell] .... % make stage && make check-plist && make stage-qa && make package .... @@ -143,14 +143,14 @@ The examples in this section show a default file layout, as standard in FreeBSD. Poudriere is available in the ports tree in package:ports-mgmt/poudriere[]. It can be installed using man:pkg[8] or from ports: -[source,bash] +[source,shell] .... # pkg install poudriere .... or -[source,bash] +[source,shell] .... # make -C /usr/ports/ports-mgmt/poudriere install clean .... @@ -199,14 +199,14 @@ The server from where jails are installed and updated when using Subversion. Als Create the base jails which Poudriere will use for building: -[source,bash] +[source,shell] .... # poudriere jail -c -j 113Ramd64 -v 11.3-RELEASE -a amd64 .... Fetch a `11.3-RELEASE` for `amd64` from the FTP server given by `FREEBSD_HOST` in [.filename]#poudriere.conf#, create the zfs file system `tank/poudriere/jails/113Ramd64`, mount it on [.filename]#/poudriere/jails/113Ramd64# and extract the `11.3-RELEASE` tarballs into this file system. -[source,bash] +[source,shell] .... # poudriere jail -c -j 11i386 -v stable/11 -a i386 -m svn+https .... @@ -218,7 +218,7 @@ Create `tank/poudriere/jails/11i386`, mount it on [.filename]#/poudriere/jails/1 If a specific Subversion revision is needed, append it to the version string. For example: -[source,bash] +[source,shell] .... # poudriere jail -c -j 11i386 -v stable/11@123456 -a i386 -m svn+https .... @@ -234,7 +234,7 @@ While it is possible to build a newer version of FreeBSD on an older version, mo ==== To create a Poudriere jail for `13.0-CURRENT`: -[source,bash] +[source,shell] .... # poudriere jail -c -j 13amd64 -v head -a amd64 -m svn+https .... @@ -250,7 +250,7 @@ The default `svn` protocol works but is not very secure. Using `svn+https` along A list of jails currently known to Poudriere can be shown with `poudriere jail -l`: -[source,bash] +[source,shell] .... # poudriere jail -l JAILNAME VERSION ARCH METHOD @@ -263,7 +263,7 @@ JAILNAME VERSION ARCH METHOD Managing updates is very straightforward. The command: -[source,bash] +[source,shell] .... # poudriere jail -u -j JAILNAME .... @@ -275,7 +275,7 @@ updates the specified jail to the latest version available. For FreeBSD releases For jails employing a `svn+*` method, it is helpful to add `-J _NumberOfParallelBuildJobs_` to speed up the build by increasing the number of parallel compile jobs used. For example, if the building machine has 6 CPUs, use: -[source,bash] +[source,shell] .... # poudriere jail -u -J 6 -j JAILNAME .... @@ -287,21 +287,21 @@ For jails employing a `svn+*` method, it is helpful to add `-J _NumberOfParallel There are multiple ways to use ports trees in Poudriere. The most straightforward way is to have Poudriere create a default ports tree for itself, using either man:portsnap[8] (if running FreeBSD {rel121-current} or {rel114-current}) or Subversion (if running FreeBSD-CURRENT): -[source,bash] +[source,shell] .... # poudriere ports -c -m portsnap .... or -[source,bash] +[source,shell] .... # poudriere ports -c -m svn+https .... These commands create `tank/poudriere/ports/default`, mount it on [.filename]#/poudriere/ports/default#, and populate it using either man:portsnap[8] or Subversion. Afterward it is included in the list of known ports trees: -[source,bash] +[source,shell] .... # poudriere ports -l PORTSTREE METHOD TIMESTAMP PATH @@ -333,21 +333,21 @@ Depending on the workflow, it can be extremely helpful to use ports trees which * For Poudriere older than version 3.1.20: + -[source,bash] +[source,shell] .... # poudriere ports -c -F -f none -M /work/ports -p development .... * For Poudriere version 3.1.20 and later: + -[source,bash] +[source,shell] .... # poudriere ports -c -m null -M /work/ports -p development .... This will be listed in the table of known trees: -[source,bash] +[source,shell] .... # poudriere ports -l PORTSTREE METHOD TIMESTAMP PATH @@ -364,7 +364,7 @@ The dash or `null` in the `METHOD` column means that Poudriere will not update o As straightforward as with jails described earlier: -[source,bash] +[source,shell] .... # poudriere ports -u -p PORTSTREE .... @@ -383,7 +383,7 @@ After jails and ports trees have been set up, the result of a contributor's modi For example, local modifications to the package:www/firefox[] port located in [.filename]#/work/ports/www/firefox# can be tested in the previously created 11.3-RELEASE jail: -[source,bash] +[source,shell] .... # poudriere testport -j 113Ramd64 -p development -o www/firefox .... @@ -396,14 +396,14 @@ The directory name `113Ri386-development` is derived from the arguments to `-j` By default, Poudriere cleans up the jails and leaves log files in the directories mentioned above. To ease investigation, jails can be kept running after the build by adding `-i` to `testport`: -[source,bash] +[source,shell] .... # poudriere testport -j 113Ramd64 -p development -i -o www/firefox .... After the build completes, and regardless of whether it was successful, a shell is provided within the jail. The shell is used to investigate further. Poudriere can be told to leave the jail running after the build finishes with `-I`. Poudriere will show the command to run when the jail is no longer needed. It is then possible to man:jexec[8] into it: -[source,bash] +[source,shell] .... # poudriere testport -j 113Ramd64 -p development -I -o www/firefox [...] @@ -420,7 +420,7 @@ After the build completes, and regardless of whether it was successful, a shell An integral part of the FreeBSD ports build infrastructure is the ability to tweak ports to personal preferences with options. These can be tested with Poudriere as well. Adding the `-c`: -[source,bash] +[source,shell] .... # poudriere testport -c -o www/firefox .... @@ -440,7 +440,7 @@ For all actions involving builds, a so-called _set_ can be specified using `-z _ To use sets, Poudriere expects an existing directory structure similar to `PORT_DBDIR`, defaults to [.filename]#/var/db/ports# in its configuration directory. This directory is then man:nullfs[5]-mounted into the jails where the ports and their dependencies are built. Usually a suitable starting point can be obtained by recursively copying the existing `PORT_DBDIR` to [.filename]#/usr/local/etc/poudriere.d/jailname-portname-setname-options#. This is described in detail in man:poudriere[8]. For instance, testing package:www/firefox[] in a specific set named `devset`, add the `-z devset` parameter to the testport command: -[source,bash] +[source,shell] .... # poudriere testport -j 113Ramd64 -p development -z devset -o www/firefox .... @@ -459,7 +459,7 @@ From this list, Poudriere man:nullfs[5]-mounts the _first existing_ directory tr After the directory structure for a set is provided, the options for a particular port can be altered. For example: -[source,bash] +[source,shell] .... # poudriere options -c www/firefox -z devset .... @@ -476,7 +476,7 @@ Poudriere is very flexible in the option configuration. They can be set for part Similar to using sets, Poudriere will also use a custom [.filename]#make.conf# if it is provided. No special command line argument is necessary. Instead, Poudriere looks for existing files matching a name scheme derived from the command line. For instance: -[source,bash] +[source,shell] .... # poudriere testport -j 113Ramd64 -p development -z devset -o www/firefox .... @@ -516,14 +516,14 @@ Note the use of `+=` so that if the variable is already set in the default [.fil Poudriere comes with a built-in mechanism to remove outdated distfiles that are no longer used by any port of a given tree. The command -[source,bash] +[source,shell] .... # poudriere distclean -p portstree .... will scan the distfiles folder, `DISTFILES_CACHE` in [.filename]#poudriere.conf#, versus the ports tree given by the `-p _portstree_` argument and prompt for removal of those distfiles. To skip the prompt and remove all unused files unconditionally, the `-y` argument can be added: -[source,bash] +[source,shell] .... # poudriere distclean -p portstree -y .... diff --git a/documentation/content/zh-tw/books/porters-handbook/upgrading/chapter.adoc b/documentation/content/zh-tw/books/porters-handbook/upgrading/chapter.adoc index ccb386d246..fc39415577 100644 --- a/documentation/content/zh-tw/books/porters-handbook/upgrading/chapter.adoc +++ b/documentation/content/zh-tw/books/porters-handbook/upgrading/chapter.adoc @@ -48,7 +48,7 @@ If the maintainer asks you to do the upgrade or there is no maintainer, then hel To create a suitable `diff` for a single patch, copy the file that needs patching to [.filename]#something.orig#, save the changes to [.filename]#something# and then create the patch: -[source,bash] +[source,shell] .... % diff -u something.orig something > something.diff .... @@ -85,7 +85,7 @@ Now that all of that is done, read about how to keep up-to-date in <<keeping-up> When possible, please submit a man:svn[1] diff. They are easier to handle than diffs between "new and old" directories. It is easier to see what has changed, and to update the diff if something was modified in the Ports Collection since the work on it began, or if the committer asks for something to be fixed. Also, a patch generated with `svn diff` can be easily applied with `svn patch` and will save some time to the committer. -[source,bash] +[source,shell] .... % cd ~/my_wrkdir <.> % svn co https://svn.FreeBSD.org/ports/head/dns/pdnsd <.> @@ -98,7 +98,7 @@ When possible, please submit a man:svn[1] diff. They are easier to handle than d While in the port directory, make any changes that are needed. If adding, copying, moving, or removing a file, use `svn` to track these changes: -[source,bash] +[source,shell] .... % svn add new_file % svn copy some_file file_copy @@ -108,7 +108,7 @@ While in the port directory, make any changes that are needed. If adding, copyin Make sure to check the port using the checklist in <<porting-testing>> and <<porting-portlint>>. -[source,bash] +[source,shell] .... % svn status % svn update <.> @@ -137,7 +137,7 @@ If `C` is displayed as a result of `svn update`, it means something changed in t The last step is to make a unified man:diff[1] of the changes: -[source,bash] +[source,shell] .... % svn diff > ../`make -VPKGNAME`.diff .... @@ -171,14 +171,14 @@ YYYYMMDD: When including exact portmaster, portupgrade, and/or pkg instructions, please make sure to get the shell escaping right. For example, do _not_ use: -[source,bash] +[source,shell] .... # pkg delete -g -f docbook-xml* docbook-sk* docbook[2345]??-* docbook-4* .... As shown, the command will only work with bourne shells. Instead, use the form shown below, which will work with both bourne shell and c-shell: -[source,bash] +[source,shell] .... # pkg delete -g -f docbook-xml\* docbook-sk\* docbook\[2345\]\?\?-\* docbook-4\* .... @@ -212,7 +212,7 @@ Any changes must be validated with `Tools/scripts/MOVEDlint.awk`. If using a ports directory other than [.filename]#/usr/ports#, use: -[source,bash] +[source,shell] .... % cd /home/user/ports % env PORTSDIR=$PWD Tools/scripts/MOVEDlint.awk |