IRIX notes

Overview

I created these notes for my own reference, but I hope someone else might find them to be useful information for a basic (useful?) setup. I recently decided to do a fresh install of IRIX on a machine at work... and I thought it would be a good idea (thoughtful?) to make some notes outlining my experience setting up a decent usable system. Please don't take this information as gospel - as with any information... you are free to disagree with me, but I don't have any interest in arguing any points with IRIX or UNIX gurus.

FAQ? - installing IRIX from scratch

I am currently using an SGI O2 running IRIX 6.5.4 - although these notes may be useful for a number of different machines and OS (IRIX) versions. The information that follows can be found at techpubs.sgi.com, but I'm condensing the details here for my own reference.

  1. Extreme Case - repartitioning your hard-drive(s) with fx

    2. If you are not already in the Command Monitor, you'll need to reboot your machine and press ESC (escape key) as the machine boots. This is basically equivalent to F1, Delete, etc... to enter the BIOS, etc... on an x86 machine.

    The default setup as I understand it on SGI machines are with the first SCSI driver on controller 0 at the 4th position in the SCSI chain.

    Assuming you have only one internal/external SCSI drive in your system, you will want to start the appropriate sash and fx corresponding to your architecture.

    Provided you have the first CD with Installation Tools and Overlays, you want to start the Command Monitor as mentioned earlier... and do something similar to the command below.

    (On my machine (IP32), the following is appropriate)

    fx will run interactively, prompting you for information regarding the disk you want to partition.

    Next a menu appears with the following choices:

    ([r]epartition should be the appropriate choice here)

    You are prompted for a few more details regarding partitioning layouts, etc... I just go with the auto layout since my machine only has a 2g hard-drive and it wouldn't make sense to apply any elaborate partitioning schemes.

    This is where you want to go grab a cup of coffee or take a short nap... since the machine will do a series of tests in the process of repartitioning and verifying the integrity of the drive.

    Eventually the partitioning and tests complete and it's safe to reboot the computer one more time. After rebooting, you want to choose Install System Software

  2. Installing a fresh copy of the operating system after partitioning

    3. After you select Install System Software, you should see a dialog about installation tools being copied, etc... and eventually Inst is started in a windows similar to what you saw in the Command Monitor.

    As I remember it, the system recognized that my hard-drive did not yet contain a filesystem and offered to format the drive with mkfs before continuing with installation of the system software.

    Before you actually start making choices about installing specific packages... you want to insert all of the CD's you plan to install from in succession so the system can gather a list of the available packages.

    At the Inst prompt, you want to specify the from location as you move through the CD's in the IRIX distribution (8 CD's total... if you need to use all of them). It is probably a good idea to just read the contents from all of the CD's and leave it to the installation to figure out if you actually need a particular CD.

    You are not actually installing anything at this point - Inst is just building a list of the available packages on all of the CD's.

    In most cases... the from location will be /CDROM/dist, but some CD's might also pull from /CDROM/dist/dist6.5.

    After you have 'loaded' all of the CD's... you want to choose what to install on your system.

    I believe I went with the following:

    I don't pretend to be particularly familiar with the available software on an IRIX system, but I gather that this is a fairly typical installation on a fresh install. You can always search for more details about the various packages, etc... at techpubs.sgi.com when in doubt.

    In my opinion... it's easier to have a fully functioning system and then trim the installation as needed than to find out things aren't working and have to hunt for the missing packages.

    If you do stick to the above selections for installation, you will notice some errors for the appletalk installation (and others?). I found some documentation indicating that SGI is aware of the error messages... and they (the errors ;-) ) can be safely ignored.

PROM Monitor

You might have to change your ip address for your network interface if the install resets to the default address when the machine shipped. If the system notices that the IP is the default, it will try to use DHCP to get a valid IP when you reboot the machine.

Assuming you don't want to use DHCP... you'll want to change your IP address in the Command Monitor.

You can get a list of the variables set in the PROM by issuing an env or printenv command. If you want to change your IP address... you will probably issue something like the following command:

(replace 138.23.x.x with appropriate IP for your machine)

Things to fix right away...

I'm not sure what SGI's motivation is in creating accounts with no password... or why they choose to do things that make your system extremely insecure by default, but you should go through the existing accounts to lock them down, require passwords, etc... (if you don't just delete some of the silly ones like guest, etc...)

You could secure everything by hand... but there is a really fast convenient way to do this in the System Manager interface. At the very top of the list of the Security section... there is a link labeled Improve System Security. If you follow the various dialogs... you can run through all of the horribly insecure accounts and set options to disable logins, require passwords, etc... as desired.

Things to get rid of ;-)

Basic Networking Setup

Of interest here...

Host information in /etc/hosts

(Where you're replacing 138.23.x.x with *your* ip address, and somemachine.ucr.edu is the fully-qualified name of your machine, and somemachine is your machine name with the ucr.edu domain)

You might want to restart your network after making changes to test the setup.

And the standard stuff...

Sendmail configuration for a simple standalone machine is pretty trivial with the configmail tool.

User Administration

IRIX defaults to /usr/people for home directories if you like to use the GUI tools to create users. I prefer to create users manually and use /home for accounts... taking care with /etc/passwd (and /etc/group if necessary).

If you are using shadow passwords and create users manually, you will want to run pwconv to create the shadow password file from the most recent /etc/passwd file.

IRIX doesn't seem to start with the correct permissions on /var/mail, so you will probably want to chmod 1777 (drwxrwxrwt) so mail is handled correctly. Also, the permissions on individual users' mail should be 620 (-rw--w----), with user ownership and group mail. Of course if you use the GUI tools for account creation... I assume this is set correctly.

I always recommend setting up at least the following aliases to safeguard against careless copies, moves, deletes.

(for bash)

(for csh, etc...)

Compilers

Like Solaris... IRIX doesn't come equipped with any working compilers by default - unless you want to pay the licensing fees for an SGI (MipsPro?) compiler. If you have a nice licensing/support plan with SGI, this probably isn't a factor... but if you are accustomed to using Linux/GNU tools, gcc/g++ compilers - you'll have to explore other options.

gcc (2.95.2 when I wrote this) is available for download at the SGI freeware site, but you need to make sure you have the IDL/IDF installed for gcc to work. If you aren't sure... this is included as part of the compiler_dev packages (Development Foundation CD?). This gives you all the necessary development tools... minus the actual compilers (similar to installing developer headers/tools on Solaris). I'm not a huge fan of installing a bunch of packages from the freeware site if you can compile from source, but gcc is the exception. gcc 2.95.2 seems to contain all the necessary C++ libraries for g++... so you won't need to grab a separate package for libstdc++ as in previous gcc versions. In particular... don't bother grabbing the libstdc++ 2.8.1 on the same site - you don't need it.

An older version of the gcc compiler is available from an anonymous ftp site (follow links to 'more freeware' at SGI Freeware site) - somewhat more 'self-contained' than the newer gcc... but it doesn't work as well as the recent version. In particular, it will appear that you can compile ssh successfully... but the key generation will never complete when you run 'make install'. I really don't recommend this version of gcc... although it was probably a nice alternative to cc before the most recent gcc was posted on the freeware site.

There are a number of possible tweaks to turn off some of the common compiler warnings (many) - but it is still not as reliable as the newer gcc. Also worth noting... this compiler generates older o32 (old 32) objects... so you might run into problems with mixed n32 and o32 shared libraries, etc... on your system - potential headache if you don't like (unnecessary?) troubleshooting ;-).

You should have relatively few problems with gcc after it is installed. It might be helpful to set CC in your environment to point to your gcc installation, since some configure scripts, Makefiles, etc... might assume you are using the SGI cc after discovering the system is mips-sgi-6.5 or something similar.

Known problems

Unfortunately, there are is a known issue with gcc if you use it to compile apache from source (last time I checked) - which results in incorrect logging of IP addresses. If you see a bunch of IP's reported as 255.255.255.255 in your logs, you are probably witnessing the problem.

The solution as I see it is to either grab the freeware apache (from freeware.sgi.com) if you just want a basic 'stock' Apache... or compile Apache with the older gcc 2.7.x mentioned below.

Or... the older gcc (2.7.2?) will compile Apache correctly with o32 objects. One catch - the linker (ld) will barf if you try to combine n32 and o32 objects. Case in point... I wanted to compile Apache with SSL support, but I figured out I needed to recompile OpenSSL (previously compiled with n32 objects) after I discovered the n32/o32 issue.

Of course this might be a significant annoyance if you have other reasons for compiling apache from source to add specific functionality. I saw mention of another patch for IRIX that might solve the problem... but I didn't look into it since I only run a very basic web server.

The CC environment variable will probably not alleviate all problems, but it should do more good than harm.

Pine

I noticed that a minor annoyance in the Pine build scripts if you compile from source - doesn't seem to run replacements for command-line options for CC in the c-client subdirectory of the source tree. I might track down the problem later... but a quick fix is to edit CCTYPE and CFLAGS in the c-client directory and run 'make' here and in the pine subdirectory - otherwise you will end up with binaries for pilot and pico... but no pine executable.

Perl

I can't imagine anyone not using Perl on any Unix, but the Perl that comes with IRIX 6.5 is just a bit outdated (5.004.?) - so it would be a good idea to update the installation to Perl 5.005.03. If this doesn't sound like an issue right now... keep in mind that if you add CPAN modules to your Perl installation later... you will want the same compiler that was used to compile Perl in the first place. If you don't have the SGI cc compiler... this is very bad news.

* Notes on building Perl with gcc on IRIX

You need to make sure you are pointing to the appropriate compiler (gcc) when you run through the Configure script...

From what I recall... there are just a few places you want to be careful:

Other items of interest

I never run ftp, telnet, finger, pop, or other services that are generally seen as classic security problems... but you probably want to go through /etc/inetd.conf and at least check what is enabled/disabled even if you don't think you are going to turn anything off.

I strongly recommend installing ssh and writing a short script to start sshd when the machine boots. I usually put something like the following in /etc/init.d/sshd

(Don't forget to chmod +x sshd)

Then you probably want to cd to /etc/rc2.d and issue something like the following

You probably want to run chkconfig and check that most of the settings are appropriate. To change a particular value, you issue

chkconfig doesn't handle everything on the system, but it is relevant for some services like nfs, netware, autofs, NIS, and various others.

Man page issues

IRIX seems to have a crippled man page formatter (awf) by default - works OK for some pages, but chokes on others. Installing groff seems to help, but even groff still chokes for on-the-fly formatting.

Maybe I'm missing something obvious, but I do the following as a workaround (pre-format and compress pages manually)

This will give you something like newmanpage.z, which is now pre-formatted and compressed... so on-the-fly formatting with awf or groff is no longer necessary.

It might be handy to write a script to run this on your existing manpages.

Mounting the cdrom drive manually

If you happen to shut off a ton of services... and don't have mediad or famd running, you don't get automatic notification when you change removable media =)

I don't have any of the SGI/IRIX conveniences for 'point and click' desktop behavior - so it's important to know how to mount the cd-rom drive in a pinch. NOTE: Any SUID/SGID programs have a potential for abuse... and I'm only suggesting one possible way to access a removable drive without famd or similar conveniences running.

This was a temporary fix I used to check if an ISO image I just burned under Linux was readable on my machine... but I think I'll leave it.

I noticed that /sbin/mount didn't have the suid bit turned on... so I compensated with the following...

So... only root and members of the 'cdrom' group can execute the mount and umount commands

 

True-Type fonts with xfstt

I just discovered that xfstt works fine on IRIX... after using it for quite a while with Xfree86-3.3.x under Linux.

I'll probably save a copy of a page I found at http://hackorama.com/fonts.shtml - but the set up is very similar to a Linux installation... with the following differences (as I see them)

xfstt is up to version 1.1 the last time I checked (ftp://metalab.unc.edu/pub/Linux/X11/fonts) - but I didn't have immediate luck compiling xfstt with gcc... and just grabbed the binary for 0.9.99

So... all I did was the following -

Copied xfstt to /usr/bin/X11 and made it executable (chmod +x)

create /usr/share/fonts/truetype directory... and put your .ttf fonts here

create /var/cache/xfstt directory...

/usr/bin/X11/xfstt --sync

(should get a message like 'Found 35 fonts'... or however many you added to the /usr/share/fonts/truetype directory)

Finally... start xfstt in the background with xfstt & and let the X server know about the font server with xset fp+ unix/:7101

That's it - you can check to see that the fonts are available with xfontsel... or start up Netscape or something to check in the fonts dialog.

If you want to stop xfstt, killall xfstt might work... or you might need to use something like ps -ef | grep [x]fstt and kill the pid listed. MAKE SURE you also issue a xset fp- unix/:7101 to remove the path from the X server.

I guess you *could* write a script to start xfstt on boot... but you really only need to remember two items -

xfstt --sync (to check for new fonts, etc... and update the cache)
xfstt & (start xfstt in the background)
xset fp+ unix/:7101