Gnulib

gnulib is a collection of approximately 590 routines which allow programs to be built on a cross platform basis. These are files intended to be shared at the source level rather than being a library meant to be installed and linked against so, unlike most projects, Gnulib does not normally generate a source tarball distribution; instead, developers should just grab modules directly from the repository. (The full list of modules and their description can be found here.) If you are missing one of the modules, you will get an error along the lines of

./configure: gl_XALLOC: command not found

when running ./configure

There are several ways to get hold of a copy of the repository:

  1. If you have git installed, then use the command git clone git://git.sv.gnu.org/gnulib
  2. If you prefer the CVS-like frontend of ‘cogitocg clone git://git.sv.gnu.org/gnulib
  3. If you have tightly limited disk space and a fast network connection, then CVS checkouts are also supported:
    $ cvs -d :pserver:anoncvs@cvs.gnu.org:/cvsroot/gnulib login
    (Just hit Enter or Return when prompted for a password)
    $ cvs -d :pserver:anoncvs@cvs.gnu.org:/cvsroot/gnulib checkout gnulib
  4. Download a snapshot from GNU’s Savannah server using wget

Since Westhost’s platform has none of git, cogito or cvs installed by default, I used the final option to obtain a copy of gnulib.git-HEAD.tar.gz
In order to use gnulib, you will need to download the gnulib-tool script and then use this to install the required modules. Don’t forget that you will need to give gnulib-tool execution rights (chmod u+x gnulib-tool).

Add details on installing module here

gnulib comprises the following routines and macros:
absolute-header, acl, alloca, alloca-opt, alloca-opt-tests, allocsa, allocsa-tests, announce-gen, arcfour, arcfour-tests, arctwo, arctwo-tests, argmatch, argmatch-tests, argp, argp-tests, argz, arpa_inet, arpa_inet-tests, array-list, array-list-tests, array-oset, array-oset-tests, assert, atexit, atexit-tests, autobuild, avltreehash-list, avltreehash-list-tests, avltree-list, avltree-list-tests, avltree-oset, avltree-oset-tests, backupfile, base64, bcopy, binary-io, binary-io-tests, bison-i18n, byteswap, byteswap-tests, calloc, canon-host, canonicalize, canonicalize-lgpl, canonicalize-lgpl-tests, carray-list, carray-list-tests, c-ctype, c-ctype-tests, chdir-long, chdir-safer, check-version, chown, classpath, clean-temp, clock-time, cloexec, closein, closein-tests, closeout, close-stream, config-h, configmake, copy-file, crc, crc-tests, crypto, csharpcomp, csharpcomp-script, csharpexec, csharpexec-script, c-stack, c-strcase, c-strcaseeq, c-strcasestr, c-strcasestr-tests, c-strcase-tests, c-strstr, c-strstr-tests, c-strtod, c-strtold, cycle-check, des, des-tests, dev-ino, diacrit, d-ino, dirfd, dirname, dirname-tests, double-slash-root, d-type, dummy, dup2, eealloc, elisp-comp, error, euidaccess, exclude, execute, exit, exitfail, extensions, fatal-signal, fbufmode, fbufmode-tests, fchdir, fcntl, fcntl-safer, fcntl-tests, fdl, fflush, fflush-tests, fileblocks, filemode, filename, filenamecat, file-type, findprog, flexmember, float, fnmatch, fnmatch-gnu, fnmatch-posix, fopen-safer, fpending, fpieee, fprintf-posix, fprintf-posix-tests, fprintftime, fpucw, fpurge, fpurge-tests, freadable, freadable-tests, freading, freading-tests, free, frexp, frexpl, frexpl-nolibm, frexpl-nolibm-tests, frexpl-tests, frexp-tests, fseek, fseeko, fseeko-tests, fseek-tests, fseterr, fseterr-tests, fsusage, ftell, ftello, ftello-tests, ftell-tests, ftruncate, fts, fts-lgpl, full-read, full-write, fwritable, fwritable-tests, fwriteerror, fwriting, fwriting-tests, gc, gc-arcfour, gc-arcfour-tests, gc-arctwo, gc-arctwo-tests, gcd, gc-des, gc-des-tests, gc-hmac-md5, gc-hmac-md5-tests, gc-hmac-sha1, gc-hmac-sha1-tests, gc-md2, gc-md2-tests, gc-md4, gc-md4-tests, gc-md5, gc-md5-tests, gc-pbkdf2-sha1, gc-pbkdf2-sha1-tests, gc-random, gc-rijndael, gc-rijndael-tests, gc-sha1, gc-sha1-tests, gc-tests, gendocs, getaddrinfo, getaddrinfo-tests, getcwd, getdate, getdelim, getdomainname, getgroups, gethostname, gethrxtime, getline, getloadavg, getlogin_r, getndelim2, getnline, getopt, getpagesize, getpass, getpass-gnu, getsubopt, gettext, gettext-h, gettime, gettimeofday, gettimeofday-tests, getugroups, getusershell, glob, gnupload, gpl, group-member, hard-locale, hash, hash-pjw, havelib, hmac-md5, hmac-md5-tests, hmac-sha1, hmac-sha1-tests, host-os, human, iconv, iconv_open, iconvme, iconv-tests, idcache, imaxabs, imaxdiv, inet_ntop, inet_pton, inline, intprops, inttostr, inttypes, inttypes-tests, i-ring, isapipe, isdir, isnanf-nolibm, isnanf-nolibm-tests, isnanl, isnanl-nolibm, isnanl-nolibm-tests, isnanl-tests, isnan-nolibm, isnan-nolibm-tests, javacomp, javacomp-script, javaexec, javaexec-script, javaversion, lchmod, lchown, ldd, ldexpl, ldexpl-tests, lgpl, lib-ignore, linebreak, linebuffer, linkedhash-list, linkedhash-list-tests, linked-list, linked-list-tests, link-follow, link-warning, list, localcharset, locale, locale-tests, lock, lock-tests, long-options, lseek, lseek-tests, lstat, maintainer-makefile, malloc, math, mathl, math-tests, mbchar, mbfile, mbiter, mbscasecmp, mbscasecmp-tests, mbscasestr, mbscasestr-tests, mbschr, mbschr-tests, mbscspn, mbscspn-tests, mbslen, mbsncasecmp, mbsncasecmp-tests, mbspbrk, mbspbrk-tests, mbspcasecmp, mbspcasecmp-tests, mbsrchr, mbsrchr-tests, mbssep, mbsspn, mbsspn-tests, mbsstr, mbsstr-tests, mbstok_r, mbswidth, mbuiter, md2, md2-tests, md4, md4-tests, md5, md5-tests, memcasecmp, memchr, memcmp, memcoll, memcpy, memmem, memmove, mempcpy, memrchr, memset, memxor, minmax, mkancesdirs, mkdir, mkdir-p, mkdtemp, mkstemp, mktime, modechange, mountlist, mpsort, nanosleep, netinet_in, netinet_in-tests, no-c++, obstack, openat, openat-die, openmp, oset, pagealign_alloc, pathmax, pathname, perl, physmem, phystemp, pipe, poll, posixtm, posixver, printf-frexp, printf-frexpl, printf-frexpl-tests, printf-frexp-tests, printf-posix, printf-posix-tests, printf-safe, progname, putenv, quote, quotearg, raise, rbtreehash-list, rbtreehash-list-tests, rbtree-list, rbtree-list-tests, rbtree-oset, rbtree-oset-tests, read-file, read-file-tests, readline, readlink, readtokens, readtokens0, readutmp, realloc, regex, regexprops-generic, relocatable, relocatable-lib, relocatable-lib-lgpl, relocatable-prog, relocatable-prog-wrapper, relocatable-script, rename, rename-dest-slash, rijndael, rijndael-tests, rmdir, rmdir-errno, rpmatch, safe-read, safe-write, same, same-inode, save-cwd, savedir, savewd, search, search-tests, setenv, settime, sha1, sh-quote, sig2str, signal, signbit, signbit-tests, sigprocmask, size_max, sleep, sleep-tests, snprintf, snprintf-posix, snprintf-posix-tests, snprintf-tests, socklen, sprintf-posix, sprintf-posix-tests, ssize_t, stat-macros, stat-time, stat-time-tests, stdarg, stdbool, stdbool-tests, stdint, stdint-tests, stdio, stdio-tests, stdlib, stdlib-safer, stdlib-tests, stpcpy, stpncpy, strcase, strcasestr, strcasestr-tests, strchrnul, strcspn, strdup, streq, strerror, strftime, striconv, striconveh, striconveha, striconveha-tests, striconveh-tests, striconv-tests, string, string-tests, strndup, strnlen, strnlen1, strpbrk, strptime, strsep, strtod, strtoimax, strtok_r, strtol, strtoll, strtoul, strtoull, strtoumax, strverscmp, sublist, sys_select, sys_select-tests, sys_socket, sys_socket-tests, sys_stat, sys_stat-tests, sys_time, sys_time-tests, sysexits, sysexits-tests, tempname, time, time_r, timegm, timespec, time-tests, tls, tls-tests, tmpdir, tmpfile, tmpfile-safer, tree | history, tree | history, tree | history, trim, tsearch, tsearch-tests, tzset, ucs4-utf16, ucs4-utf8, unicodeio, uniconv, unistd, unistd-safer, unistd-tests, unistr, unitypes, unlink-busy, unlinkdir, unlocked-io, uptime, userspec, utf16-ucs4, utf16-ucs4-unsafe, utf8-ucs4, utf8-ucs4-unsafe, utime, utimecmp, utimens, vararrays, vasnprintf, vasnprintf-posix, vasnprintf-posix-tests, vasnprintf-tests, vasprintf, vasprintf-posix, vasprintf-posix-tests, vasprintf-tests, verify, verror, version-etc, version-etc-fsf, vfprintf-posix, vfprintf-posix-tests, visibility, vprintf-posix, vprintf-posix-tests, vsnprintf, vsnprintf-posix, vsnprintf-posix-tests, vsnprintf-tests, vsprintf-posix, vsprintf-posix-tests, wait-process, wchar, wchar-tests, wctype, wctype-tests, wcwidth, winsz-ioctl, winsz-termios, write-any-file, xalloc, xalloc-die, xallocsa, xgetcwd, xgetdomainname, xgethostname, xmemcoll, xnanosleep, xreadlink, xreadlink-with-size, xsetenv, xsize, xstriconv, xstrndup, xstrtod, xstrtoimax, xstrtol, xstrtold, xstrtoumax, xvasprintf, xvasprintf-tests, yesno

m4 Auto Configure macros:
AC_C_FLEXIBLE_ARRAY_MEMBER, AC_C_VARARRAYS, AC_CHECK_FUNCS_ONCE([stpcpy]), AC_CHECK_FUNCS_ONCE([strdup]), AC_CONFIG_FILES([csharpcomp.sh:build-aux/csharpcomp.sh.in]), AC_CONFIG_FILES([csharpexec.sh:build-aux/csharpexec.sh.in]), AC_CONFIG_FILES([javacomp.sh:build-aux/javacomp.sh.in]), AC_CONFIG_FILES([javaexec.sh:build-aux/javaexec.sh.in]), AC_CONFIG_FILES([ldd.sh:build-aux/ldd.sh.in]), AC_DEFINE([SIGNAL_SAFE_LIST], [1], [Define if lists must be signal-safe.]), AC_FUNC_ACL, AC_FUNC_CALLOC, AC_FUNC_CANONICALIZE_FILE_NAME, AC_FUNC_MALLOC, AC_FUNC_OBSTACK, AC_FUNC_REALLOC, AC_OPENMP, AC_PROG_MKDIR_P, AC_REPLACE_FUNCS(bcopy), AC_REPLACE_FUNCS(raise), AC_REQUIRE([AC_C_BIGENDIAN]), AC_REQUIRE([gl_RELOCATABLE_NOP]), AC_REQUIRE([gt_CSHARPCOMP]), AC_SUBST([LIBINTL]), AC_SUBST([LTLIBINTL]), AC_SUBST_FILE([relocatable_sh])

gl_AC_FUNC_LINK_FOLLOWS_SYMLINK, gl_ALLOCSA, gl_ARCFOUR, gl_ARCTWO, gl_ARGMATCH, gl_ARGP, gl_ASSERT, gl_BACKUPFILE, gl_BYTESWAP, gl_C_STACK, gl_C_STRTOD, gl_C_STRTOLD, gl_CANON_HOST, gl_CANONICALIZE_LGPL, gl_CANONICALIZE_LGPL_SEPARATE, gl_CHDIR_SAFER, gl_CHECK_TYPE_STRUCT_DIRENT_D_INO, gl_CHECK_TYPE_STRUCT_DIRENT_D_TYPE, gl_CHECK_VERSION, gl_CLOCK_TIME, gl_CLOEXEC, gl_CLOSE_STREAM, gl_CLOSEIN, gl_CLOSEOUT, gl_CONFIG_H, gl_COPY_FILE, gl_CRC, gl_CYCLE_CHECK, gl_DES, gl_DIRNAME, gl_DOUBLE_SLASH_ROOT, gl_EEALLOC, gl_ERROR, gl_EXCLUDE, gl_EXECUTE, gl_EXITFAIL, gl_FATAL_SIGNAL, gl_FCNTL_H, gl_FCNTL_SAFER, gl_FILE_NAME_CONCAT, gl_FILE_TYPE, gl_FILEBLOCKS, gl_FILEMODE, gl_FINDPROG, gl_FLOAT_H, gl_FOPEN_SAFER, gl_FPRINTFTIME, gl_FSUSAGE, gl_FUNC_ALLOCA, gl_FUNC_ARGZ, gl_FUNC_ATEXIT, gl_FUNC_BASE64, gl_FUNC_CHDIR_LONG, gl_FUNC_CHOWN, gl_FUNC_DIRFD, gl_FUNC_DUP2, gl_FUNC_EUIDACCESS, gl_FUNC_FBUFMODE, gl_FUNC_FCHDIR, gl_FUNC_FFLUSH, gl_FUNC_FNMATCH_GNU, gl_FUNC_FNMATCH_POSIX, gl_FUNC_FPENDING, gl_FUNC_FPRINTF_POSIX, gl_FUNC_FPURGE, gl_FUNC_FREADABLE, gl_FUNC_FREADING, gl_FUNC_FREE, gl_FUNC_FREXP, gl_FUNC_FREXPL, gl_FUNC_FREXPL_NO_LIBM, gl_FUNC_FSEEK, gl_FUNC_FSEEKO, gl_FUNC_FTELL, gl_FUNC_FTELLO, gl_FUNC_FTRUNCATE, gl_FUNC_FTS, gl_FUNC_FTS_LGPL, gl_FUNC_FWRITABLE, gl_FUNC_FWRITING, gl_FUNC_GEN_TEMPNAME, gl_FUNC_GETCWD, gl_FUNC_GETDELIM, gl_FUNC_GETDOMAINNAME, gl_FUNC_GETGROUPS, gl_FUNC_GETHOSTNAME, gl_FUNC_GETLINE, gl_FUNC_GETPASS, gl_FUNC_GETPASS_GNU, gl_FUNC_GETSUBOPT, gl_FUNC_GETTIMEOFDAY, gl_FUNC_GETUSERSHELL, gl_FUNC_GLIBC_UNLOCKED_IO, gl_FUNC_GNU_STRFTIME, gl_FUNC_GROUP_MEMBER, gl_FUNC_ICONV_OPEN, gl_FUNC_IMAXABS, gl_FUNC_IMAXDIV, gl_FUNC_ISNAN_NO_LIBM, gl_FUNC_ISNANF_NO_LIBM, gl_FUNC_ISNANL, gl_FUNC_ISNANL_NO_LIBM, gl_FUNC_LCHMOD, gl_FUNC_LCHOWN, gl_FUNC_LDEXPL, gl_FUNC_LONG_DOUBLE_MATH, gl_FUNC_LSEEK, gl_FUNC_LSTAT, gl_FUNC_MBSCASECMP, gl_FUNC_MBSCASESTR, gl_FUNC_MBSCHR, gl_FUNC_MBSCSPN, gl_FUNC_MBSLEN, gl_FUNC_MBSNCASECMP, gl_FUNC_MBSPBRK, gl_FUNC_MBSPCASECMP, gl_FUNC_MBSRCHR, gl_FUNC_MBSSEP, gl_FUNC_MBSSPN, gl_FUNC_MBSSTR, gl_FUNC_MBSTOK_R, gl_FUNC_MEMCHR, gl_FUNC_MEMCMP, gl_FUNC_MEMCPY, gl_FUNC_MEMMEM, gl_FUNC_MEMMOVE, gl_FUNC_MEMPCPY, gl_FUNC_MEMRCHR, gl_FUNC_MEMSET, gl_FUNC_MKDIR_TRAILING_SLASH, gl_FUNC_MKSTEMP, gl_FUNC_MKTIME, gl_FUNC_NANOSLEEP, gl_FUNC_OPENAT, gl_FUNC_POLL, gl_FUNC_PRINTF_FREXP, gl_FUNC_PRINTF_FREXPL, gl_FUNC_PRINTF_POSIX, gl_FUNC_PUTENV, gl_FUNC_READ_FILE, gl_FUNC_READLINE, gl_FUNC_READLINK, gl_FUNC_READLINK_SEPARATE, gl_FUNC_RENAME, gl_FUNC_RENAME_TRAILING_DEST_SLASH, gl_FUNC_RMDIR, gl_FUNC_RMDIR_NOTEMPTY, gl_FUNC_RPMATCH, gl_FUNC_SETENV, gl_FUNC_SETENV_SEPARATE, gl_FUNC_SIG2STR, gl_FUNC_SLEEP, gl_FUNC_SNPRINTF, gl_FUNC_SNPRINTF_POSIX, gl_FUNC_SPRINTF_POSIX, gl_FUNC_STPCPY, gl_FUNC_STPNCPY, gl_FUNC_STRCASESTR, gl_FUNC_STRCHRNUL, gl_FUNC_STRCSPN, gl_FUNC_STRDUP, gl_FUNC_STRERROR, gl_FUNC_STRERROR_SEPARATE, gl_FUNC_STRNDUP, gl_FUNC_STRNLEN, gl_FUNC_STRPBRK, gl_FUNC_STRPTIME, gl_FUNC_STRSEP, gl_FUNC_STRTOD, gl_FUNC_STRTOIMAX, gl_FUNC_STRTOK_R, gl_FUNC_STRTOL, gl_FUNC_STRTOLL, gl_FUNC_STRTOUL, gl_FUNC_STRTOULL, gl_FUNC_STRTOUMAX, gl_FUNC_STRVERSCMP, gl_FUNC_TIMEGM, gl_FUNC_TSEARCH, gl_FUNC_TZSET_CLOBBER, gl_FUNC_UNLINK_BUSY_TEXT, gl_FUNC_UNSETENV, gl_FUNC_UTIME, gl_FUNC_VASNPRINTF, gl_FUNC_VASNPRINTF_POSIX, gl_FUNC_VASPRINTF, gl_FUNC_VASPRINTF_POSIX, gl_FUNC_VFPRINTF_POSIX, gl_FUNC_VPRINTF_POSIX, gl_FUNC_VSNPRINTF, gl_FUNC_VSNPRINTF_POSIX, gl_FUNC_VSPRINTF_POSIX, gl_FUNC_WCWIDTH, gl_GC, gl_GC_ARCFOUR, gl_GC_ARCTWO, gl_GC_DES, gl_GC_HMAC_MD5, gl_GC_HMAC_SHA1, gl_GC_MD2, gl_GC_MD4, gl_GC_MD5, gl_GC_PBKDF2_SHA1, gl_GC_RANDOM, gl_GC_RIJNDAEL, gl_GC_SHA1, gl_GETADDRINFO, gl_GETDATE, gl_GETHRXTIME, gl_GETLOADAVG([$gl_source_base]), gl_GETLOGIN_R, gl_GETNDELIM2, gl_GETNLINE, gl_GETOPT, gl_GETPAGESIZE, gl_GETTIME, gl_GETUGROUPS, gl_GLOB, gl_HARD_LOCALE, gl_HASH, gl_HEADER_ARPA_INET, gl_HEADER_NETINET_IN, gl_HEADER_STRING_H, gl_HEADER_SYS_SELECT, gl_HEADER_SYS_SOCKET, gl_HEADER_SYS_STAT_H, gl_HEADER_SYS_TIME_H, gl_HEADER_TIME_H, gl_HEADER_TIOCGWINSZ_IN_TERMIOS_H, gl_HEADER_TIOCGWINSZ_NEEDS_SYS_IOCTL, gl_HMAC_MD5, gl_HMAC_SHA1, gl_HOST_OS, gl_HUMAN, gl_I_RING, gl_ICONV_H, gl_IDCACHE, gl_IGNORE_UNUSED_LIBRARIES, gl_INET_NTOP, gl_INET_PTON, gl_INLINE, gl_INTTOSTR, gl_INTTYPES_H, gl_INTTYPES_MODULE_INDICATOR([imaxabs]), gl_INTTYPES_MODULE_INDICATOR([imaxdiv]), gl_INTTYPES_MODULE_INDICATOR([strtoimax]), gl_INTTYPES_MODULE_INDICATOR([strtoumax]), gl_ISAPIPE, gl_ISDIR, gl_LDD, gl_libdeps=”$gl_libdeps $LIBGCRYPT”, gl_libdeps=”$gl_libdeps $LIBICONV”, gl_LINEBREAK, gl_LIST, gl_list.m4, gl_LOCALCHARSET, gl_LOCALE_H, gl_LOCK, gl_LONG_OPTIONS, gl_ltlibdeps=”$gl_ltlibdeps $LTLIBGCRYPT”, gl_ltlibdeps=”$gl_ltlibdeps $LTLIBICONV”, gl_MATH_H, gl_MATH_MODULE_INDICATOR([frexp]), gl_MATH_MODULE_INDICATOR([frexpl]), gl_MATH_MODULE_INDICATOR([ldexpl]), gl_MATH_MODULE_INDICATOR([signbit]), gl_MBCHAR, gl_MBFILE, gl_MBITER, gl_MBSWIDTH, gl_MD2, gl_MD4, gl_MD5, gl_MEMCASECMP, gl_MEMCOLL, gl_MEMXOR, gl_MINMAX, gl_MKANCESDIRS, gl_MKDIR_PARENTS, gl_MODECHANGE, gl_MODULE_INDICATOR([canonicalize]), gl_MODULE_INDICATOR([close-stream]), gl_MODULE_INDICATOR([fcntl-safer]), gl_MODULE_INDICATOR([fopen-safer]), gl_MODULE_INDICATOR([fts]), gl_MODULE_INDICATOR([fwriteerror]), gl_MODULE_INDICATOR([gc-arcfour]), gl_MODULE_INDICATOR([gc-arctwo]), gl_MODULE_INDICATOR([gc-des]), gl_MODULE_INDICATOR([gc-hmac-md5]), gl_MODULE_INDICATOR([gc-hmac-sha1]), gl_MODULE_INDICATOR([gc-md2]), gl_MODULE_INDICATOR([gc-md4]), gl_MODULE_INDICATOR([gc-md5]), gl_MODULE_INDICATOR([gc-random]), gl_MODULE_INDICATOR([gc-rijndael]), gl_MODULE_INDICATOR([gc-sha1]), gl_MODULE_INDICATOR([unistr/u16-mbtouc]), gl_MODULE_INDICATOR([unistr/u16-mbtoucr]), gl_MODULE_INDICATOR([unistr/u16-mbtouc-unsafe]), gl_MODULE_INDICATOR([unistr/u16-uctomb]), gl_MODULE_INDICATOR([unistr/u32-mbtouc]), gl_MODULE_INDICATOR([unistr/u32-mbtoucr]), gl_MODULE_INDICATOR([unistr/u32-mbtouc-unsafe]), gl_MODULE_INDICATOR([unistr/u32-uctomb]), gl_MODULE_INDICATOR([unistr/u8-mbtouc]), gl_MODULE_INDICATOR([unistr/u8-mbtoucr]), gl_MODULE_INDICATOR([unistr/u8-mbtouc-unsafe]), gl_MODULE_INDICATOR([unistr/u8-uctomb]), gl_MOUNTLIST, gl_MPSORT, gl_PAGEALIGN_ALLOC, gl_PATHMAX, gl_PERL, gl_PHYSMEM, gl_PIPE, gl_POSIXTM, gl_POSIXVER, gl_QUOTE, gl_QUOTEARG, gl_READTOKENS, gl_READUTMP, gl_REGEX, gl_RELOCATABLE([$gl_source_base]), gl_RELOCATABLE_LIBRARY, gl_RELOCATABLE_LIBRARY_SEPARATE, gl_RIJNDAEL, gl_SAFE_READ, gl_SAFE_WRITE, gl_SAME, gl_SAVE_CWD, gl_SAVEDIR, gl_SAVEWD, gl_SEARCH_H, gl_SEARCH_MODULE_INDICATOR([tsearch]), gl_SETTIME, gl_SHA1, gl_SIGNAL_H, gl_SIGNAL_MODULE_INDICATOR([sigprocmask]), gl_SIGNALBLOCKING, gl_SIGNBIT, gl_SIZE_MAX, gl_STAT_BIRTHTIME, gl_STAT_TIME, gl_STDARG_H, gl_STDINT_H, gl_STDIO_H, gl_STDIO_MODULE_INDICATOR([fflush]), gl_STDIO_MODULE_INDICATOR([fprintf-posix]), gl_STDIO_MODULE_INDICATOR([fseek]), gl_STDIO_MODULE_INDICATOR([fseeko]), gl_STDIO_MODULE_INDICATOR([ftell]), gl_STDIO_MODULE_INDICATOR([ftello]), gl_STDIO_MODULE_INDICATOR([printf-posix]), gl_STDIO_MODULE_INDICATOR([snprintf]), gl_STDIO_MODULE_INDICATOR([sprintf-posix]), gl_STDIO_MODULE_INDICATOR([vasprintf]), gl_STDIO_MODULE_INDICATOR([vfprintf-posix]), gl_STDIO_MODULE_INDICATOR([vprintf-posix]), gl_STDIO_MODULE_INDICATOR([vsnprintf]), gl_STDIO_MODULE_INDICATOR([vsprintf-posix]), gl_STDLIB_H, gl_STDLIB_MODULE_INDICATOR([getsubopt]), gl_STDLIB_MODULE_INDICATOR([mkdtemp]), gl_STDLIB_MODULE_INDICATOR([mkstemp]), gl_STDLIB_SAFER, gl_STRCASE, gl_STRING_MODULE_INDICATOR([mbscasecmp]), gl_STRING_MODULE_INDICATOR([mbscasestr]), gl_STRING_MODULE_INDICATOR([mbschr]), gl_STRING_MODULE_INDICATOR([mbscspn]), gl_STRING_MODULE_INDICATOR([mbslen]), gl_STRING_MODULE_INDICATOR([mbsncasecmp]), gl_STRING_MODULE_INDICATOR([mbspbrk]), gl_STRING_MODULE_INDICATOR([mbspcasecmp]), gl_STRING_MODULE_INDICATOR([mbsrchr]), gl_STRING_MODULE_INDICATOR([mbssep]), gl_STRING_MODULE_INDICATOR([mbsspn]), gl_STRING_MODULE_INDICATOR([mbsstr]), gl_STRING_MODULE_INDICATOR([mbstok_r]), gl_STRING_MODULE_INDICATOR([memmem]), gl_STRING_MODULE_INDICATOR([mempcpy]), gl_STRING_MODULE_INDICATOR([memrchr]), gl_STRING_MODULE_INDICATOR([stpcpy]), gl_STRING_MODULE_INDICATOR([stpncpy]), gl_STRING_MODULE_INDICATOR([strcasestr]), gl_STRING_MODULE_INDICATOR([strchrnul]), gl_STRING_MODULE_INDICATOR([strdup]), gl_STRING_MODULE_INDICATOR([strndup]), gl_STRING_MODULE_INDICATOR([strnlen]), gl_STRING_MODULE_INDICATOR([strpbrk]), gl_STRING_MODULE_INDICATOR([strsep]), gl_STRING_MODULE_INDICATOR([strtok_r]), gl_SYS_PROC_UPTIME, gl_SYSEXITS, gl_TIME_R, gl_TIMESPEC, gl_TLS, gl_TMPFILE, gl_TMPFILE_SAFER, gl_TYPE_SOCKLEN_T, gl_UNICODEIO, gl_UNISTD_H, gl_UNISTD_MODULE_INDICATOR([chown]), gl_UNISTD_MODULE_INDICATOR([dup2]), gl_UNISTD_MODULE_INDICATOR([fchdir]), gl_UNISTD_MODULE_INDICATOR([ftruncate]), gl_UNISTD_MODULE_INDICATOR([getcwd]), gl_UNISTD_MODULE_INDICATOR([getlogin_r]), gl_UNISTD_MODULE_INDICATOR([lseek]), gl_UNISTD_MODULE_INDICATOR([readlink]), gl_UNISTD_MODULE_INDICATOR([sleep]), gl_UNISTD_SAFER, gl_UNLINKDIR, gl_USERSPEC, gl_UTIMECMP, gl_UTIMENS, gl_VISIBILITY, gl_WAIT_PROCESS, gl_WCHAR_H, gl_WCTYPE_H, gl_WINSIZE_IN_PTEM, gl_WRITE_ANY_FILE, gl_XALLOC, gl_XGETCWD, gl_XNANOSLEEP, gl_XSIZE, gl_XSTRNDUP, gl_XSTRTOD, gl_XSTRTOL, gl_XSTRTOLD, gl_XVASPRINTF, gl_YESNO

Securing and Configuring the SpeedTouch 780 WL

I have just received a SpeedTouch 780 WL Residential ADSL Router with VOIP from Be* Un Limited.

The router comes preconfigured with a username of Administrator and a blank password. In addition, there are also a number of other users preconfigured for use by Be* Technical support.
There are two ways to access the router; you may either use the graphical interface or the command line interface. The graphical interface is simpler to use, but is limited in its functionality.

  1. Connect the router to your computer

    You will need to use a cable for this first stage of the configuration.This is for your own security. Also, we are going to be changing some wireless parameters and we don’t want you to be locked out.

  2. Backup your current setup

    • Open your browser and navigate to http://192.168.1.254/. This is the default address for your router’s configuration interface. You can also access the router over a secure link by accessing https://192.168.1.254/, https://bebox/, https://speedtouch/ and https://dsldevice/. Note that the SpeedTouch uses a self signed certificate, which your browser will not recognise by default and may issue some security alerts if using HTTPS; you can proceed safely. You should always use HTTPS when accessing your router’s interface wirelessly.
    • If necessary, login using the username Administrator and a blank password.
    • You should be presented with your router’s home page. Your current username is shown in square brackets thus [Administrator] between the two horizontal lines at the top of the page. This region is known as the “Notification Area”
    • Click on the the Speedtouch button in the left hand column and then click on the Configuration hyperlink. At the bottom of the page you will see Save or Restore Configuration. Click it.
    • Click on the Backup Configuration Now button and save user.ini to your hard drive
  3. Change the default user and password

    • Click on the Toolbox in the lefthand menu bar
    • Click on User Management. You will be presented with a list of current users.
    • Click on Change My Password and enter a new password for the Administrator account. We will disable this account later, but let’s make life difficult for any hacker. When you click on the Change Password button, you will be presented with a login screen. Login as Administrator with the password you have just created.
    • Now create a new user by clicking on Add a new user. Create a new user with Administration Privileges set to Administrator. Click the Apply button to create the new user. The default password will be the same as their name.
    • Click on Switch to another user. If you are not presented with a login prompt, then click the link again. This time, login as the new user you created. Notice that the username has changed in the Notification Area.
    • Click on Change My Password again, but this time enter a new password for the new user’s account. Click on the Change Password button, and login as the new user, with the password you have just created.
    • Click on Administrator in the list of usernames and change their Administration Privileges to User (the most restricted) and click on Apply. There are eight predefined privilege levels.
      Role Access Rights
      root Any service and any access from LAN/WAN/LOCAL
      SuperUser Any service and any access from LAN/WAN/LOCAL
      TechnicalSupport Any service and any access from WAN
      Administrator Any service and any access from LAN/Local. No access from WAN
      PowerUser GUI (Service/overview page) via http/https from LAN origin
      WAN_Admin Only WAN related configurations from any Channel/Origin
      LAN_Admin Only LAN related configurations from any Channel/Origin
      User GUI (Overview page/Remote Assistance) via http/https from LAN origin
    • That is as much as you can do from the GUI interface. You can delete the Be* backdoors and the Administrator account if use the CLI
  4. Configuring Wireless Access

    IF YOU ARE NOT USING WIRELESS, THEN MAKE SURE YOU DISABLE IT!

    • Click on Home Network in the lefthand menu.
    • Click on WLAN:BeBox under Wireless in the list of interfaces
    • Click on Configure in the Notification Area
    • If you are not using Wireless access, then clear the check mark against Interface Enabled and click the Apply button.
    • If you are using Wireless access, then
      • Change the Network Name (SSID) from BeBox
      • Clear the check mark against Broadcast Network Name
      • Set Allow New Devices to New stations are allowed (via registration)
      • Set Encryption to Use WPA-PSK Encryption
      • The default WPA-PSK Encryption Key is a ten digit Hexadeciaml number (64 bit encryption). It should be be set to a random, 26 digit, Hexadecimal number for maximum security (128 bit encryption) (Example:FADDC2077AF10406E866984C9E). A Hexadecimal character is any of the numbers 0-9 and the letters A-F. Download this Excel spreadsheet to generate a key for you if you want to. Make a note of this number as you will need it later.
      • Set the WPA-PSK version to WPA2.
      • Click the Apply button to save your changes.
    • Now you need to configure your PC.
      • Click on the Start button
      • Click on Control Panel
      • If you are using Category View, then click on Network and Internet Connections
      • Click on Network Connections
      • Right Click on your Wireless Network Card and select Properties
      • If you are not going to use your Wireless link to connect to another computer on your home network, then deselect Client for Microsoft Windows and File and Printer Sharing for Microsoft Networks on the General Tab.
      • Select the Wireless Networks tab
      • Click on the Add button in the Preferred Networks pane
      • Enter the Network Name (SSID) of your Wireless router
      • Select WPA2-PSK from the drop down list for Network Authentication. If WPA2-PSK is not an option, then either your Wireless card does not support WPA2-PSK and you will need to use WPA-PSK instead OR you need to download the WPA2 update from Microsoft. Try the download first.
      • Set Data Encryption to TKIP
      • Enter the same 26 digit Hexadecimal number as you generated earlier in the Network Key and Confirm Network Key fields.
      • Click on OK to confirm your changes.
    • Even if you have done everything properly, you will still not be able to connect Wirelessly to your router until you have registered your Wireless card with it. The simplest way to do this is to press the button on the front of your router when trying to connect to it. You will then have one minute to connect. Once your card has been registered, you will not need to repeat this.
      The alternative way to register your card is via the GUI interface. Just click on Home Network, WLAN:YourSSID and then click Search for Wireless Devices when you try to connect to the router.
  5. Checking your security

    • Go to Gibson Research and run a ShieldsUP! test. The link is near the bottom of the page in the “Hot Spots” section.
    • Follow the instructions and run the Common Ports or All Service Ports ShieldsUP! service
    • If everything is OK, then you will get a TruStealth PASSED stamp. I had to close port 0 in order not to reply to pings. Replying to a ping (or ICMP request) is not a problem in itself, however it lets a hacker doing a port scan know that there is a potential target there.
    • In order to close a port, you will have to use the CLI to configure your router.
      • Connect to your router by typing telnet 192.168.1.254 from the command prompt of your computer
      • Login using your router’s username and password
      • Enter the command service system ifdelete name=PING_RESPONDER group=wan
      • Save the changes by entering the command saveall
      • End your session by typing exit
      • Other ports you should close (unless you NEED to access your router remotely)
        Port Command to delete
        21 service system ifdelete name=TELNET group=wan
        23 service system ifdelete name=FTP group=wan
        443 service system ifdelete name=HTTPs group=wan

        You can get a full list of services by issuing the command service system list

Installing and Running Rsync

DRAFT POSTING

This post is very long, so I have broken it down into multiple pages.
Page 1 – Installing rsync daemon on your server
Page 2 – Installing rsync client on your PC
Page 3 – Scheduling rsync automatically
Page 4 – Errors I encountered and their solutions


Download and build rsync from source

  • Start a SSH session to your server
  • Download the source from samba wget http://samba.anu.edu.au/ftp/rsync/rsync-2.6.9.tar.gz
  • Extract the source code gunzip -c rsync-2.6.9.tar.gz | tar x
  • Change into the directory so that we can build the software cd rsync-2.6.9
  • You will need the GCC compiler installed if you have not already done so.
  • Run the auto configure script so that the server can work out if everything necessary is present ./configure –prefix=/usr/mylocal –with-included-popt >log.config 2>err.config
  • Check that no errors were logged by the configure script less err.config
  • Build the application make >log.make 2>err.make
  • Check that no errors were logged during the build process less err.make
  • Install the application make install >log.install 2>err.install
  • Check that no errors were logged during the installation less err.install

Configure the rsync daemon

We cannot use the default port (873) on Westhost as this is used by Westhost’s own application for nightly backups. Nor can we use ports below 1024 as these require us to run as root. However, ports 8730-8732 are unassigned by IANA (Internet Assigned Numbers Authority), so we can use any of these.

  • Create a directory for your configuration files. mkdir /etc/rsyncd
  • Create a new configuration file pico /etc/rsyncd.conf. The configuration file consists of a general configuration section which applies to every module and one (or more) modules. Each module starts with its name in square brackets, for example [rsyncd_module].
    This sample configuration file will allow upto 3 rsync clients to read the contents of /ftp/pub/rsync PROVIDED that they authenticate themselves by providing the correct credentials AND their IP Address is in the range specified by hosts allow. The connection will close down after 5 minutes (300 seconds) of inactivity.

    #Global definitions
    #Message of the Day
    motd file = /etc/rsyncd/rsyncd.motd
    log file = /var/log/rsyncd.log
    pid file = /var/run/rsyncd.pid
    lock file = /var/run/rsyncd.lock
    port = 8730

    #Module Options begin here
    [rsyncd_module]
    path = /ftp/pub/rsyncd
    comment = My Very Own Rsync Server. This area is ReadOnly
    max connections = 3
    timeout = 300
    uid = myuserid
    gid = vuser
    read only = yes
    list = yes
    auth users = rsync_user
    secrets file = /etc/rsyncd/secrets
    hosts allow = xxx.xxx.xxx.xxx/xx
    hosts deny = *

    Replace the module name, myuserid, vuser and rsync_user as necessary for your system.
    If you want to limit those who have access to your rsync server, then specify the “auth users” and “secrets file”. If you want to restrict where they can access the rsync server from, then you will also need the “hosts allow” and “hosts deny” variables. The value for “hosts allow” should be set to your IP address if you use a static IP (example 10.0.0.1/32) or the range if you use a dynamic IP (example 10.0.0.1/16). Multiple possibilities can be separated by a space. If you don’t understand this bit, then leave “hosts allow” and “hosts deny” out of your configuration for now.

  • Create the secrets file pico /etc/rsyncd/secrets. Format is username:password in plain text, one user per line. If you want to communicate over SSH, then ensure that one of the users is your account’s user id; it need not have the same password here as for logging in.
  • The secrets file must not be readable by other users, so change the access rights by using the command chmod 600 /etc/rsyncd/secrets
  • Create your Message Of the Day file pico /etc/rsyncd/rsyncd.motd. This text will be displayed when a connection is made to your server.

WH3 Beta testing

Unfortunately I was unable to do much testing during the actual Beta period, but here are my results / comments

The speed is MUCH better than WH2.0, but still frustrating when you have to repeat operations unneccessarily.

Site Manager Performance (50.6kbps dial up)

Time to Display		WH2.0		WH3.0		Improvement
Login			12 sec		 7 sec		5 sec
Home Page		64 sec		20 sec		44 sec
Install Applications	108 sec		58 sec		50 sec
Email Users		31 sec		30 sec		1 sec
EMail Aliases		36 sec		22 sec		14 sec
Restart Account		34+23+33 sec	8+10 sec 	72 sec
Domain Management	16 sec		13 sec		3 sec
Web Aliases		23 sec		18 sec		5 sec
  • DNS Records – unable to add TXT record. unable to add domain specific record (example domain1.com IN NS ns1.twisted4life.com) as opposed to VPS generic (IN NS ns1.twisted4life.com.)
  • Processor loading was very low and so we were unlikely to run into typical issues:
    cat /proc/loadavg
    0.10 0.06 0.01 1/562 3102
    Compared to WH2.0 server:
    4.41 7.17 9.75 1/1299 21365
  • No Feedback SSH Frreze Issue – I managed to increase the loading on the server by running a
    stress test. I was able to get the server to freeze quite easily. To summarize, the performance is much better than WH2.0 as it takes a higher load to cause problems, but is obviously not fully resolved. I am concerned that I was able to consume so much resource as a single user. Was this because I was running on a test server, or is it an inherent flaw in the system? Surely there is some way to limit a single users CPU time slice? I am not willing to run this stress test on a live server to check! I managed to get the availability down to 40% (60% downtime). One point to note is that I was able to disupt the whole server as the number of active processes dropped to 718 at one stage (from ~9300 before punishing the server)
    cat /proc/loadavg
    21.02 29.27 26.22 21/791 718
  • Possible Future Feature User Manager – Remove principal domain name from banner
  • Probable Future Feature Site Manager – The site manager ‘home page’ indicates that I have a dedicated IP
    despiite the fact that the beta accounts have dynamically assigned IP addresses.
  • Probable Future Feature Site Manager – Logging in to both Site Manager and Users Manager is not possible.
    Results in redirection to https://wsl06001.west-datacenter.net/php/login/login_error_screen.php and told to sign on again. No link is provided to the login page -
    this should be possible from the cookie.
  • Probable Future Feature Domain Management – Tried adding a domain. Error message “Operation failed on server due to error: The domain newdomain.com is occupied.” not very clear. Should read something like “This domain is already hosted elsewhere on Westhost. Please delete that definition first”
  • Probable Future Feature Domain Management – Does not create custom directory if it does not already exist.
  • Probable Future Feature Sub-Domain Management – Does not create custom directory if it does not already exist.
  • Accepted File Manager – Returned multiple (incorrect) results when searching for file httpd.conf
  • Accepted Autoresponder – The autoresponder and Auto forwarder did not appear to work as neither service was enabled
    • Created a new email user with the default settings
    • Enabled email, ftp and autoresponder Quota-0 MB
    • Signed in to user manager at http://www.wh3test091.whsites.net/users
    • Selected Autoresponder and Auto Forwarder. Neither service is enabled.
    • Oops! They were working. It was just a very large, conspicuous red X and a very small, grey edit button. Suggested that button was enlarged and that text is changed to “Change settings”

  • No Feedback Application Installation – When you install applications such as PHPMyAdmin from the Site Manager, there are usually links on the final page for Administration. However, these windows are a fixed size and not alterable. When I click on the links in Firefox, the application opens in a new tab of the same window, which makes them illegible. Also, since the address bar is hidden, most users will be unable to find out what URL they should use. This problem occurs on all pop ups from package installation. Suggest URL is shown beside hyperlink
  • REJECTED Application Installation – Some installations request an email address. If this email address is pertinent to the domain and does not exist, then the user should be offerred the chance to create a new user or alias.
  • Custom 404 Returns correct status code of 404 rather than 200

Building a fence

Round Posts

Diameter Area %age of 4" post Breaking Force %age of 4" post
2.5" 4.91 39% 238 lbs 25%
3" 7.07 56% 408 lbs 42%
3.5" 9.62 77% 650 lbs 67%
4" 12.57 100% 970 lbs 100%
5" 19.64 156% 1893 lbs 195%
6" 28.27 225% 3268 lbs 337%

Posts should have approximately 1/3 of their length in the ground