How to test BGP fail Over

[Nagarjun G]

Hi All,

We have openbgpd running having peered with 2 ISP's.
I am trying to test the failover with one of the ISP.
To test this, I changed bgpd.conf file to comment the entry for one of the
ISP and reloaded conf file and behaves as expected.
I think I can also use bgpctl command to bring down one of the ISP's and
test.
But what is the best way to test like when a real outage happens.
Do I need to contact the ISP to make the peer down ?


Regards,
Nagarjun

Re: Gigabyte-range /dev, for whatever reason

[Ted Unangst]

Peter N. M. Hansteen wrote:
> This is probably a one-off (actually two, but more about that later) that 
> will only ever bite me and never be heard of againg, but I have to ask:
> 
> What could cause your /dev/, which is normally in the kilobytes in size, to 
> swell to *gigabyte* range?

i think you want to look at ls -lrS /dev

Expired certificate on lists.openbsd.org

[Ax0n]

Self-explanatory. I went to approve my post to bugs@ and got this. Looks
like it lapsed earlier this week.

http://imgur.com/QzYSjS8

Re: alternative method for "gtar --delete"

[Aaron Mason]

It's a bit long winded, but here's a possibility:

# cd /
# tar zcpvf siteXX.tgz /share/* /siteX/*

# tar ztf siteXX.tgz | grep '^/share' | xargs rm -f

Though I'm not entirely sure what you mean by "on a per site basis" in
this context, can you elaborate please, especially if the above
solution is not what you need.

On Fri, Nov 18, 2016 at 10:20 AM, BSD  wrote:
> Does misc@ have an alternative method for "gtar --delete"?
>
> I'm making siteXX.tgz's for multiple sites. There is a directory that
> is shared between all sites. Then, each site may have a directory of
> files to append to the archive.
>
> I'd also like to be able to remove files from the yet to be zipped
> archive that come from the shared directory on a per site basis. Just
> looking to stay within base if possible.
>
> Example files:
> /share/etc/pf.conf
> /share/etc/vi.exrc
> /share/usr/X11R6/lib/X11/fonts/TTF/Collection/...
> /site1/append/install.conf
> /site1/omit/X11R6/lib/X11/fonts/TTF/Collection/...
>
> Any advise in my methods or scheme in general would be appreciated!
>
> All the best,
>
> Keith Larsen
> CPS Coatings
>



-- 
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

alternative method for "gtar --delete"

[BSD]

Does misc@ have an alternative method for "gtar --delete"?

I'm making siteXX.tgz's for multiple sites. There is a directory that
is shared between all sites. Then, each site may have a directory of
files to append to the archive.

I'd also like to be able to remove files from the yet to be zipped
archive that come from the shared directory on a per site basis. Just
looking to stay within base if possible.

Example files:
/share/etc/pf.conf
/share/etc/vi.exrc
/share/usr/X11R6/lib/X11/fonts/TTF/Collection/...
/site1/append/install.conf
/site1/omit/X11R6/lib/X11/fonts/TTF/Collection/...

Any advise in my methods or scheme in general would be appreciated!

All the best,

Keith Larsen
CPS Coatings

Re: maybe move texinfo from base in the ports?

[Stuart Longland]

On 18/11/16 02:47, Андрей Болконский wrote:
> IMHO, texinfo isn't need in most cases, is GPL software and legacy
> version
> 
> Use man, like!

If I was to speculate why it's in the base, it'd be for some GNU
software that's part of the base image such as `gcc`.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Install to MacBookPro mid 2007 fails

[miraculli .]

Hello misc,

I try to install OpenBSD on my Apple MacBook Pro mid 2007 (or
MacBookPro3,1) for some time now with different -release and the
latest -snapshot versions with no success. The bootloader shows up and
tries to launch bsd.rd:


probing: pc0 mem [572K 64K 3053M 13M 60K 24K 76K 1024M]
disk: hd0 hd1* hd2*
>>OpenBSD/amd64 BOOTX64 3.30
boot>
cannot boot hd0a:/etc/random.seed: No such file or directory
booting hd0a:/bsd: 3356852+1412368+2413568+0+598016=0x76d238
entry point at 0xf001000 [7205c766, 3404, 24448b12, f4c0a304]


After printing this lines it takes several seconds and then it reboots.

FreeBSD-11 is booting well on this device so I attached the dmesg
output from there, maybe it is helpful.

Thanks in advance
Thomas
Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016
r...@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 
3.8.0)
VT(efifb): resolution 1440x900
CPU: Intel(R) Core(TM)2 Duo CPU T7500  @ 2.20GHz (2194.55-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x6fa  Family=0x6  Model=0xf  Stepping=10
  
Features=0xbfebfbff
  Features2=0xe3bd
  AMD Features=0x20100800
  AMD Features2=0x1
  VT-x: HLT,PAUSE
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 4087091200 (3897 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: 
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
random: unblocking device.
ioapic0: Changing APIC ID to 1
ioapic0  irqs 0-23 on motherboard
random: entropy device external interface
kbd0 at kbdmux0
netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0x8101c950, 0) error 19
cryptosoft0:  on motherboard
acpi0:  on motherboard
acpi_ec0:  port 0x62,0x66 on acpi0
acpi0: Power Button (fixed)
hpet0:  iomem 0xfed0-0xfed003ff irq 0,8 on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 450
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
cpu0:  on acpi0
cpu1:  on acpi0
atrtc0:  port 0x70-0x77 on acpi0
atrtc0: Warning: Couldn't map I/O.
Event timer "RTC" frequency 32768 Hz quality 0
attimer0:  port 0x40-0x43,0x50-0x53 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_acad0:  on acpi0
acpi_lid0:  on acpi0
acpi_button0:  on acpi0
acpi_button1:  on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pcib0: _OSC returned error 0x10
pcib0: could not evaluate _ADR - AE_NOT_FOUND
pci0:  on pcib0
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
pcib1:  at device 1.0 on pci0
pcib1: [GIANT-LOCKED]
pci1:  on pcib1
vgapci0:  port 0x5000-0x507f mem 
0xd200-0xd2ff,0xc000-0xcfff,0xd000-0xd1ff at device 0.0 
on pci1
uhci0:  port 0x60c0-0x60df at device 
26.0 on pci0
uhci0: LegSup = 0x3000
usbus0 on uhci0
uhci1:  port 0x60a0-0x60bf at device 
26.1 on pci0
usbus1 on uhci1
ehci0:  mem 
0xdb504c00-0xdb504fff at device 26.7 on pci0
usbus2: EHCI version 1.0
usbus2 on ehci0
hdac0:  mem 0xdb50-0xdb503fff at device 27.0 
on pci0
pcib2:  at device 28.0 on pci0
pcib2: [GIANT-LOCKED]
pcib3:  at device 28.2 on pci0
pcib3: [GIANT-LOCKED]
pcib4:  at device 28.4 on pci0
pcib4: [GIANT-LOCKED]
pci2:  on pcib4
ath0:  mem 0xd730-0xd730 at device 0.0 on pci2
ath0: [HT] enabling HT modes
ath0: [HT] RTS aggregates limited to 8 KiB
ath0: [HT] 2 RX streams; 2 TX streams
ath0: AR5418 mac 12.10 RF5133 phy 8.1
ath0: 2GHz radio: 0x; 5GHz radio: 0x00c0
pcib5:  at device 28.5 on pci0
pcib5: [GIANT-LOCKED]
pci3:  on pcib5
mskc0:  port 0x3000-0x30ff mem 
0xd720-0xd7203fff at device 0.0 on pci3
msk0:  on mskc0
msk0: Using defaults for TSO: 65518/35/2048
msk0: Ethernet address: 00:1b:63:9f:dc:af
miibus0:  on msk0
e1000phy0:  PHY 0 on miibus0
e1000phy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 
1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
uhci2:  port 0x6080-0x609f at device 
29.0 on pci0
usbus3 on uhci2
uhci3:  port 0x6060-0x607f at device 
29.1 on pci0
usbus4 on uhci3
uhci4:  port 0x6040-0x605f at device 
29.2 on pci0
usbus5 on uhci4
ehci1:  mem 
0xdb504800-0xdb504bff at 

Re: Gigabyte-range /dev, for whatever reason

[Peter N. M. Hansteen]

On Fri, Nov 18, 2016 at 05:56:20AM +1000, Stuart Longland wrote:
> On 18/11/16 05:51, Peter N. M. Hansteen wrote:
> > This is probably a one-off (actually two, but more about that later) that
> will only ever bite me and never be heard of againg, but I have to ask:
> >
> > What could cause your /dev/, which is normally in the kilobytes in size, to
> swell to *gigabyte* range?
> 
> Very stupid question, but your /dev/null wouldn't have been replaced by
> a plain file would it?
> 
> (Yes, I had that happen to me by accident once.)

Not stupid at all to my mind, but

[Thu Nov 17 20:58:34] peter@skapet:~$ ls -l /dev/null
crw-rw-rw-  1 root  wheel2,   2 Nov 17 20:58 /dev/null

so that does not seem to be the problem.

however 

[Thu Nov 17 21:00:39] peter@skapet:~$ doas ls -lS /dev/ | head
total 2301984
-rw-r--r--  1 root   wheel   1178386432 Oct 27  2015 sd0
-r-xr-xr-x  1 root   wheel11584 Nov 17 07:36 MAKEDEV
dr-xr-xr-x  2 root   wheel 1024 Nov 17 18:01 fd
lrwxr-xr-x  1 root   wheel9 Aug  1  2014 audioctl -> audioctl0
lrwxr-xr-x  1 root   wheel6 Aug  1  2014 audio -> audio0
lrwxr-xr-x  1 root   wheel6 Aug  1  2014 mixer -> mixer0
lrwxr-xr-x  1 root   wheel6 Aug  1  2014 radio -> radio0
lrwxr-xr-x  1 root   wheel6 Aug  1  2014 sound -> sound0
lrwxr-xr-x  1 root   wheel6 Aug  1  2014 video -> video0
[Thu Nov 17 21:00:49] peter@skapet:~$ 

and 

[Thu Nov 17 21:01:34] peter@skapet:~$ file /dev/sd0
/dev/sd0: ISO 9660 CD-ROM filesystem data 'Ubuntu 15.10 amd64 ' 
(bootable) x86 boot sector; partition 2: ID=0xef, starthead 254, startsector 
2279532, 4544 sectors

so a device had indeed been replaced by a regular file.

Simple PEBKAC caused this then.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Gigabyte-range /dev, for whatever reason

[Stuart Longland]

On 18/11/16 05:51, Peter N. M. Hansteen wrote:
> This is probably a one-off (actually two, but more about that later) that
will only ever bite me and never be heard of againg, but I have to ask:
>
> What could cause your /dev/, which is normally in the kilobytes in size, to
swell to *gigabyte* range?

Very stupid question, but your /dev/null wouldn't have been replaced by
a plain file would it?

(Yes, I had that happen to me by accident once.)
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Gigabyte-range /dev, for whatever reason

[Peter N. M. Hansteen]

This is probably a one-off (actually two, but more about that later) that will 
only ever bite me and never be heard of againg, but I have to ask:

What could cause your /dev/, which is normally in the kilobytes in size, to 
swell to *gigabyte* range?

The reason I ask is that when I was attempting to upgrade my laptop to the 
latest amd64 snapshot, the upgrade failed due to a full root file system.

I thought that to be distinctly odd, because the file system layout is very 
close to the default with a gigabyte for root, to wit:

[Thu Nov 17 20:03:37] peter@elke:~$ df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/sd1a 1005M103M852M11%/
/dev/sd1d  3.9G   18.6M3.7G 0%/tmp
/dev/sd1f  100G554M   94.8G 1%/usr
/dev/sd1h 29.5G6.1G   22.0G22%/usr/local
/dev/sd1j  3.2G2.0K3.0G 0%/usr/obj
/dev/sd1i 21.6G2.0K   20.6G 0%/usr/src
/dev/sd1g 1005M2.0K955M 0%/usr/x11R6
/dev/sd1e 27.8G   39.5M   26.4G 0%/var
/dev/sd0d  950G370G532G41%/home

as we see the world after a successful reinstall, including packages.

But before that reinstall, the root file system was indeed full, and /dev 
consumed more that 900 megabytes (the exact number is lost but take my word for 
it).

Even stranger, another machine here (this one running recent i386 snapshots) 
shows this:

[Thu Nov 17 20:09:11] peter@skapet:~$ doas du -hs /*
4.0K/altroot
5.4M/bin
88.0K   /boot
10.4M   /bsd
6.9M/bsd.rd
10.4M   /bsd.sp
1.1G/dev
8.3M/etc

note the size of /dev here. This one has a larger root file system so no 
immediate danger of filling to capacity yet.

The only common denominator here I can think of is that both machines have 
suffered kernel panics with subsequent fsck on boot recently. In the case of 
this last one the panic was almost certainly due to a RAM chip failing, with 
fsck interrupted due to panic when hitting that bad RAM, and so forth. Even 
after the hardware had been swapped out, that machine was seriously sick in 
other ways. Anyway, this last machine has gone only through OS and packages 
upgrade after the panic, so most likely more evidence is preserved here than in 
the elke case.

The sane way forward is of course to reinstall and get on with life, but a part 
of me still wonders how this could have happened on two systems at roughly the 
same time.

If any devs are interested, I'll probably let the last box run for a few days 
more before doing any major surgery (assuming nothing else weird happens).

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest

[Christer Solskogen]

On Nov 17, 2016 18:12, "Andre Ruppert"  wrote:
>
> Hello to the list,
>
> this morning I stumbled about a "pkg_add" problem when running OpenBSD
> 6.0 amd64 Release on an actual Virtualbox release. Doesn't matter which
> host platform (I tried Mac OS Sierra and Windows 10 and 7).
>
> Virtualbox settings:
> 5GB hardisk
> 512 MB RAM
> tested two network card settings: virtio-net and Intel 1000 Pro desktop
> tested NATed and bridged settings.
>
> Version: OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016
>
> for example: (used a local mirror)
>
> # pkg_add wget
> quirks-2.241 signed on 2016-07-26T16:56:10Z
> wget-1.18:libunistring-0.9.6p0: ok
> Fatal error: Ustar
> [
http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/libidn-1.32p1.t
> gz][share/emacs/site-lisp/idna.el]:
> Premature end of archive
> Adjusting sha for /usr/local/share/emacs/site-lisp/pkg.VkQ6RBfrzy from
> DF8Nwh8xhTWpgYsivuBL7K8CMpbPKojbQJsyD0Paplk= to
> 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
> Fatal error: Installation of libidn-1.32p1 failed, partial installation
> recorded as partial-libidn-1.32p1
>   at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817.
>
> -- doesn't depend on mirror
> -- doesn't depend on guest RAM settings
> -- doesn't depend on guest network card settings
> -- doesn't depend on acceleration settings in Virtualbox (well, I think
> so...)
>
> ...and a little bit strange:
> _sometimes_ pkg_add works with small packages:
>
>
> example 2a (same as ex 1):
>
> # pkg_add ipcalc
> quirks-2.241 signed on 2016-07-26T16:56:10Z
> Fatal error: Ustar
> [
http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/ipcalc-1.4p0.tg
> z][bin/ipcalc]:
> Premature end of archive
> Adjusting sha for /usr/local/bin/pkg.F5nNSjqcJf from
> Htiq8Hrei0yMn/IWm+Y9dXTq3pZeZyBrbbv98+o9eoA= to
> 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
> Fatal error: Installation of ipcalc-1.4p0 failed, partial installation
> recorded as partial-ipcalc-1.4p0
>   at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817.
>
>
> example 2b:
>
> # rm -R /var/db/pk/partial-*
> # pkg_add ipcalc
> quirks-2.241 signed on 2016-07-26T16:56:10Z
> ipcalc-1.4p0: ok
>
>
>
> Building packages from ports works fine (apparently)
>
>
> Any hints to look further?
> Anyone who had similar problems?
>
> Every hint is welcome, I'm clueless... ;-)
>
> best regards
> Andre Ruppert
>
> [demime 1.01d removed an attachment of type application/pkcs7-signature
which had a name of smime.p7s]
>

Try use bridge mode instead of NAT. I had the exact same problem on Windows
10 as a host.

-- 
chs

OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest

[Andre Ruppert]

Hello to the list,

this morning I stumbled about a "pkg_add" problem when running OpenBSD
6.0 amd64 Release on an actual Virtualbox release. Doesn't matter which
host platform (I tried Mac OS Sierra and Windows 10 and 7).

Virtualbox settings:
5GB hardisk
512 MB RAM
tested two network card settings: virtio-net and Intel 1000 Pro desktop
tested NATed and bridged settings.

Version: OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016

for example: (used a local mirror)

# pkg_add wget
quirks-2.241 signed on 2016-07-26T16:56:10Z
wget-1.18:libunistring-0.9.6p0: ok
Fatal error: Ustar
[http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/libidn-1.32p1.t
gz][share/emacs/site-lisp/idna.el]:
Premature end of archive
Adjusting sha for /usr/local/share/emacs/site-lisp/pkg.VkQ6RBfrzy from
DF8Nwh8xhTWpgYsivuBL7K8CMpbPKojbQJsyD0Paplk= to
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
Fatal error: Installation of libidn-1.32p1 failed, partial installation
recorded as partial-libidn-1.32p1
  at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817.

-- doesn't depend on mirror
-- doesn't depend on guest RAM settings
-- doesn't depend on guest network card settings
-- doesn't depend on acceleration settings in Virtualbox (well, I think
so...)

...and a little bit strange:
_sometimes_ pkg_add works with small packages:


example 2a (same as ex 1):

# pkg_add ipcalc
quirks-2.241 signed on 2016-07-26T16:56:10Z
Fatal error: Ustar
[http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/ipcalc-1.4p0.tg
z][bin/ipcalc]:
Premature end of archive
Adjusting sha for /usr/local/bin/pkg.F5nNSjqcJf from
Htiq8Hrei0yMn/IWm+Y9dXTq3pZeZyBrbbv98+o9eoA= to
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
Fatal error: Installation of ipcalc-1.4p0 failed, partial installation
recorded as partial-ipcalc-1.4p0
  at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817.


example 2b:

# rm -R /var/db/pk/partial-*
# pkg_add ipcalc
quirks-2.241 signed on 2016-07-26T16:56:10Z
ipcalc-1.4p0: ok



Building packages from ports works fine (apparently)


Any hints to look further?
Anyone who had similar problems?

Every hint is welcome, I'm clueless... ;-)

best regards
Andre Ruppert

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

maybe move texinfo from base in the ports?

[Андрей Болконский]

IMHO, texinfo isn't need in most cases, is GPL software and legacy
version

Use man, like!

Re: Sendmail on OpenBSD 6.0

[Vijay Sankar]

  Quoting Damian McGuckin :

> Is anybody using this configuration, i.e. not OpenSMTPD?
>
> Regards - Damian
>
> Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW
> 2037
> Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted
> hereViews & opinions here are mine and not those of any past or present
> employer

Saw your message in the OpenSMTPd list about having problems with sendmail.

I am not using sendmail on 6.0 at the moment but used it last year
following all the instructions within /usr/local/share/doc/pkg-readmes.

Are you having problems after running sendmail-enable?

Vijay
-- 
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
vsan...@foretell.ca

Re: Removal of old libraries

[lists]

Thu, 17 Nov 2016 00:11:36 -0700 Clint Pachl 
> You're absolutely right Anton. After rereading what I wrote, I see I got 
> a little out of line.
> 
> Thanks,
> Clint

Hi Clint,

To be fair I am a one strict in course of thought fellow, so I know very
well when and why you're solid with this.  This is right for you, please
also allow me to thank everyone in OpenBSD for providing an upgrade path
as the Time optimisation tool.  I am, therefore, only writing it for me.
I would be glad to read your next posts regarding backup-restore advice.
Yet please allow room for the convergent comb tools to exist gracefully.
What I see as most helpful is troubleshooting, and improving procedures.

Kind regards,
Anton

> li...@wrant.com wrote on 11/16/16 16:47:
> > Tue, 15 Nov 2016 00:29:56 -0700 Clint Pachl 
> > [...]  
> >> This sounds like someone who is not confident in their backup/restore
> >> procedure, if one even exists. I think you need to worry more about that
> >> than me saving a few megabytes with my upgrade process.  
> > Hi Clint,
> >
> > You need not worry at all.  That is other people's data on their own sites.
> >  
> >> Like I mentioned a couple times in the thread, I have "level 0" dumps;
> >> that's consistency. I would not classify that as "nothing." There is a
> >> reason why restore(8) and ftp(1) are included on bsd.rd.  
> > Whatever..  Nobody cares much about what you have.  We system operators care
> > about the choices, and options the operating system, and tool kits provide..
> >  
> >> Oh yeah, and before you know it your crufty libc.so.84.2 is 2 years old
> >> and full of security vulnerabilities. Thank god your users can still use
> >> it and you don't have to bother them with a recompile.  
> > That is a system policy depending from site to site, you need not police it.
> >  
> >> I thought the philosophy of the project is to move forward for the sake
> >> of proactive security and correctness, not to rely on buggy legacy code
> >> because it's convenient and lazy.  
> > You think too much.  There is no such thing as philosophy of the project and
> > this kind of over-hyped black and white thinking is... obsolete and useless.
> > There are many upgrade and maintain choices, don't try to sell bibles here..
> >
> > Kind regards,
> > Anton

Re: Microsoft announced it is joining The Linux Foundation

[Shazaum]

Guys,
Responding to any of their emails feeds the troll. ignore them.

On 11/16/2016 09:29 PM, Riccardo Mottola wrote:
> Hi,
>
> SOUL_OF_ROOT 55 wrote:
>> Can this be?  Microsoft announced it is joining The Linux Foundation
>
>
> this is "misc" but still OpenBSD misc.
>
> Riccardo

iked: ca: ca_reset: reload: Permission denied

[ru...@xs4all.nl]

Hi all,

I'm trying to set up iked. I've created a ca with ikectl ca "vpn" create ,
installed it (ikectl ca "vpn" install) and created a certificate for the
server to begin with "ikectl ca vpn certificate "foo.example.com"
create/install".

However, when I try to start  iked -dvv, I see the following output:

ca_privkey_serialize: type RSA_KEY length 1191
ca_pubkey_serialize: type RSA_KEY length 270
ikev2 "vpn" passive espca: ca_reset: reload: Permission denied
 proto tcpikev2 exiting, pid 1301
 from 10.0.0.0/8 port 23 to 20.0.0.0/8 port 40 from 192.168.1.1 port 23 to
192.168.2.2 port 40 local any peer any ikesa enc 3des prf
hmac-sha2-256,hmac-sha1 auth hmac-sha1 group modp1024 childsa enc aes-128 auth
hmac-sha1 srcid host.example.com dstid 192.168.0.254 lifetime 10800 bytes
536870912 psk 0x
/etc/iked.conf: loaded 1 configuration rules
lost child: ca exited abnormally
control exiting, pid 39459
parent terminating

It seems to happen at line 147 in iked's ca.c, where ca_reload is called which
doesn't return 0 (https://github.com/reyk/openiked/blob/master/iked/ca.c). I
suspect in ca_reload, on line 548 it tries to open the CA directory and that
returns -1, which would explain why I don't see more log messages. But why?

Any help or pointers much appreciated.


Rubin!

Sendmail on OpenBSD 6.0

[Damian McGuckin]

Is anybody using this configuration, i.e. not OpenSMTPD?

Regards - Damian

Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer