Re: vim editor with TERM
On 2024-05-31, 04-psyche.tot...@icloud.com <04-psyche.tot...@icloud.com> wrote: > Hi all, > > I use the following terminal: > > echo $TERM > xterm-256color > > when in my ~/.profile I do: > > export EDITOR=nano > > everything works well. > > However, if I do > > export EDITOR=vim > > then when I ssh into the machine, up and down arrow in the terminal do not > work anymore (it does not give me access to previous commands entered). It's an extremely annoying misfeature in ksh. If $EDITOR starts with the letters "vi" then it defaults to vi-style command line editing. You can use "set -o emacs" to override that, but then if you sudo/doas to root it will reset to vi-style editing because of the exported EDITOR variable. On some machines I got fed up enough with this to symlink "emacs-notreally" to vim and set EDITOR=emacs-notreally...
Re: [7.5/amd64] ipsec + npppd + sasyncd + carp - doesn't pick up the VPN session at switchover
On 2024-05-30, Radek wrote: > Thank you all for your replies. > > Actually, I did not know that providing seamless switching VPN solutions is > so problematic. If it can't be done in a simple way, then it doesn't have to > be seamless at any cost. Users will manually reconnect to this VPN when CARP > does switchover and there will be no drama. > > I am currently using IPSEC/L2TP, but I do not insist on switching to > wireguard. IPSEC/L2TP simply works smoothly on win10/11/mac. About 2020 I > switched IKEv2 to IPSEC/L2TP when my CA certificate expired and I couldn't > cope with updating it to get a VPN back to work. It was a pandemic, and > everybody worked remotely. Then I quickly switched IKEv2 to IPSEC/L2TP to > allow users to work remotely again, and so it remains to this day. Maybe it's > time to replace IPSEC/L2TP with other/newer VPN solution - on the occasion of > CARP deployment. IKEv2 with certs signed by a publically trusted CA is fairly easy to work with on the client side. The server side is a bit fiddly on OpenBSD; iked can send the necessary intermediate certs now but it's not obvious which file they need to go in (and I forgot the details..) > I also need to assign to users static IP addresses per user - if I remember > that IKEv2 assigned to users random addresses from the entire VPN pool and I > couldn't cope with IP/user assignment. IKEv2 certainly can, it depends on the software. The in-tree version of iked doesn't have a way to do it yet, but the patches at https://marc.info/?l=openbsd-tech=170895540813042=2 allow doing that via RADIUS config.
Re: Call sysctl before sysctl.conf
On 2024-05-30, 04-psyche.tot...@icloud.com <04-psyche.tot...@icloud.com> wrote: > Hi all, > > When openBSD runs my processor at 100%, it makes a noise. Interestingly, when > in bios, this noise does not appear. > > To get rid of the noise I call sysctl with this: > > sysctl hw.perfpolicy=manual > sysctl hw.setperf=99 > > The problem is, at the beginning of boot, openBSD runs the processor with > hw.setperf=100, so the noise is present. > > Using a /etc/sysctl.conf with: > > hw.perfpolicy=manual > hw.setperf=99 > > does not help, as this happen too late. > > I also tried to use a /etc/rc.securelevel with: > sysctl hw.perfpolicy=manual > sysctl hw.setperf=99 > > but it also happens too late, and the noise is present (if brief). > > Is there a way to make hw.setperf=99 really permanent, or happen even earlier > during boot? Yes, modify /etc/rc (or the kernel) and you can make it happen earlier. -- Please keep replies on the mailing list.
Re: [7.5/amd64] ipsec + npppd + sasyncd + carp - doesn't pick up the VPN session at switchover
On 2024-05-29, Vitaliy Makkoveev wrote: > He wants replication. This means both wireguard "servers" know the client > state. No client reconnection at failure, no delay, seamless migration > from failed node to the backup. Something like sasyncd(8), but for > npppd(8) or wg(4). wireguard doesn't have a "reconnection" in the way IKEv2+MSCHAP or IKE+L2TP do, the user doesn't have to do anything, so as long as peers are configured on all carp members it should be fairly seamless. It doesn't care about IP addresses as long as one end can get packets through to the other's last known address. (Reason for ifstated would be to stop any carp backup machines from trying to send wireguard packets and confusing things.)
Re: binding on privileged ports as user
On 2024-05-29, Gregory Edigarov wrote: > Hello, everybody > > I remember exactly, that I was able to do that with systrace. > Can I do that now? Is there any workaround for that? You could listen on another port and rdr-to. > If for example I need to run some potentially exploitable service, > and cannot change the port it listens on, and therefore want to chroot > -u and allow it to grab the port. > > -- > With best regards, > Gregory Edigarov > > -- Please keep replies on the mailing list.
Re: [7.5/amd64] ipsec + npppd + sasyncd + carp - doesn't pick up the VPN session at switchover
On 2024/05/29 18:08, Vitaliy Makkoveev wrote: > On Wed, May 29, 2024 at 01:23:47PM -0000, Stuart Henderson wrote: > > On 2024-05-29, Vitaliy Makkoveev wrote: > > > On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote: > > >> Thank you, that explains everything. > > >> Does wireguard support replication? Will it work properly in my CARP > > >> setup? > > >> > > > > > > No for both questions. However, wireguard allows to create complicated > > > connections where one wg(4) interface could have multiple associated > > > peers on "client" side too. > > > > It maybe worth seeing whether wg combined with ifstated might > > do the trick (bring wg down when carp is down, and vice-versa). > > > > ifstated can't help, he wants seamless switch between "servers". Depends on the exact use case, I can think of some situations where it could help.
Re: OpenBSD bgpd / rad "Permission denied" messages ?
On 2024-05-28, Claudio Jeker wrote: > On Tue, May 28, 2024 at 06:28:27PM +0200, Rachel Roch wrote: >> Hi >> >> I'm struggling to understand what is going on here. >> >> I have an Openbsd 7.2 box which has been working beautifully for about 3 >> years. >> >> Now it seemingly suddenly refuses to do anything involving the outside >> world, posting weird messages such as the following to the logs: >> >> May 28 17:18:04 foo bgpd[7529]: neighbor : connect: Permission >> denied >> May 28 17:19:05 foo rad[74960]: sendmsg on vlan2008: Permission denied >> >> What on earth does "permission denied" mean ? >> >> I can still ping the bgpd neighbours. There have been zero pf rule >> changes, so it can't be that either. >> >> Ideas ? > > Packet is blocked by pf(4) most probably or since it is such a old machine > it may also be the stupid iked / ipsec default of blocking ALL IPv6 > traffic if there is any flow loaded. ktrace might give clues as to exactly what it's asking the kernel to do, which might allow working out where the EACCES comes from. -- Please keep replies on the mailing list.
Re: [7.5/amd64] ipsec + npppd + sasyncd + carp - doesn't pick up the VPN session at switchover
On 2024-05-29, Vitaliy Makkoveev wrote: > On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote: >> Thank you, that explains everything. >> Does wireguard support replication? Will it work properly in my CARP setup? >> > > No for both questions. However, wireguard allows to create complicated > connections where one wg(4) interface could have multiple associated > peers on "client" side too. It maybe worth seeing whether wg combined with ifstated might do the trick (bring wg down when carp is down, and vice-versa).
Re: x64
On 2024-05-29, Gustavo Rios wrote: > i have installed obsd 7.5 amd64. I wrote a small function and apparently, > obsd is not generating x64 bit code. I am very confused by the output os > file and nm program on my anci c code. > > Here you have them: > > etosha# file xdr_vopq.o > xdr_vopq.o: ELF 64-bit LSB relocatable, x86-64, version 1 > etosha# > > That=C2=B4s ok, the output above reports 64-bit, but when i run nm: > > etosha# nm xdr_vopq.o > W __retguard_1176 > W __retguard_3137 > U __xdri32 > U __xdropq > T __xdrvopq > 0070 T xdr_vopq > F xdr_vopq.c > etosha# > > Why the address showed are 32-bit. I simply cannot understand this. That's just nm(1)'s display format using %08lx. Install one of the package versions of llvm and use llvm-nm-$version and you'll see it printed with a wider column.
Re: httpd & pixelfed
On 2024-05-27, Am Jam wrote: > > Most of what makes pixelfed work is located in /var/www/pixelfed/public, > and hence pixelfed requires that the root directory be > /var/www/pixelfed/public. > So in /etc/httpd.conf I have the following lines: > - root "/pixelfed/public" > - directory index "index.php" > > However, for some bizarre reason, all the images are stored in > /var/www/pixelfed/storage (note: *not* /var/www/pixelfed/public/storage). Probably not bizarre. I expect they arrange things so that everything under /var/www/pixelfed/public can be read-only (or at least not writable by the user running the web server). > And part of the pixelfed installation process includes creating the > following symlink in /var/www/pixelfed: > - lrwxr-xr-x 1 root www37B May 27 12:15 storage@ -> > /var/www/pixelfed/storage/app/public/ > > That, unfortunately, is "outside" of the root directory specified in > /etc/httpd.conf. httpd is in a chroot jail so the absolute symlink won't work. Either use a relative symlink for the above link, or set things up so that /var/www still works inside the chroot - mkdir /var/www/var; ln -s .. /var/www/var/www
Re: wifi
On 2024-05-24, Gustavo Rios wrote: > --b1957806193be4bf > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > Is there plan to add support ? Can't say for sure what somebody might like to work on, but from reading posts from people using these on other OS (which aren't very positive) I wouldn't think this is worth the trouble. I'd suggest looking for an iwm or iwx card in the same form factor (which shouldn't be expensive) and try swapping it.
Re: OpenBSD 7.4 in virtualize env
On 2024-05-24, Sven F. wrote: > --c4123906193364e5 > Content-Type: text/plain; charset="UTF-8" > > Hello, > > Sometimes, rarely, across multiple version ( did not see it in 7.5 so far ) > the log `scsi_xfer pool exhausted` just get spammed forever, > > It doesn't crash, the device just spam the message , so it s active > > I do not have a way to create the problem , but, > i wonder if the code could be modified so the device just drop to DDB It can, just change the printf to panic. /sys/scsi/scsi_base.c r1.283 fixed the main thing triggering that problem, but it was already committed before 7.4
Re: Sudden reboot every 5-10 minutes on latest snapshot
On 2024/05/23 12:12, Ali Farzanrad wrote: > Hi Stuart, > > Stuart Henderson wrote: > > On 2024-05-23, Ali Farzanrad wrote: > > > Hi misc@, > > > > > > My Minisforum UM790 keeps reboot every 5-10 minutes, without any Kernel > > > Panic or visible message how may I debug it? > > > I'm using latest OpenBSD snapshot with this amd64/BUILDINFO: > > > Build date: 1716424636 - Thu May 23 00:37:16 UTC 2024 > > > > Not a lot to go on really. > > > > Is the machine doing anything or just idle? > > It get reboot even in xenodm login screen without any interaction from me. > > > Is X running? > > It's funny. I disabled the xenodm and it lived for more than 10 minutes; > then I enabled and started xenodm and it suddenly rebooted after few > minutes! > > Next time I keep xenodm running, but switched to ttyC0 terminal using > Alt+Ctrl+F1 key and it lived for more than 10 minutes; then I just > switched to Xorg using Alt+Ctrl+F5 and it suddenly rebooted again after > few minutes! > > > Do you get the same with 7.5? if yes, try older releases - can you > > find one where it doesn't happen? > > I rarely got same issue in previous snapshots (I think my last snapshot > was for 6 days ago and I had no serious issue with that). > > I think I sould compile and test previous versions of xenocara, right? Try with just an older kernel first and leave userland alone. ftp.hostserver.de and openbsd.cs.toronto.edu both have some old snaps in /archive. (If no snap was built on a certain day then the files will be identical in the archive so no point testing when there was no change - you can use what(1) to show the version - I'd save a few under names like /bsd.mp. and type "boot bsd.mp." at the boot loader). > > > > > > # (dmesg; sysctl hw.sensors) > > > OpenBSD 7.5-current (GENERIC.MP) #78: Wed May 22 18:31:14 MDT 2024 > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > real mem = 31909883904 (30431MB) > > > avail mem = 30921310208 (29488MB) > > > random: good seed from bootblocks > > > mpath0 at root > > > scsibus0 at mpath0: 256 targets > > > mainbus0 at root > > > bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x9ab7f000 (45 entries) > > > bios0: vendor American Megatrends International, LLC. version "1.01" date > > > 06/05/2023 > > > bios0: Micro Computer (HK) Tech Limited F7BSC > > > efi0 at bios0: UEFI 2.8 > > > efi0: American Megatrends rev 0x5001d > > > acpi0 at bios0: ACPI 6.4 > > > acpi0: sleep states S0 S4 S5 > > > acpi0: tables DSDT FACP SSDT SSDT FIDT MCFG FPDT VFCT BGRT TPM2 SSDT CRAT > > > CDIT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT WSMT APIC IVRS SSDT > > > SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT > > > acpi0: wakeup devices GPP1(S4) GPP0(S4) GPP5(S4) GPP7(S4) GP11(S4) > > > SWUS(S4) GP12(S4) SWUS(S4) > > > acpitimer0 at acpi0: 3579545 Hz, 32 bits > > > acpimcfg0 at acpi0 > > > acpimcfg0: addr 0xe000, bus 0-255 > > > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > > > cpu0 at mainbus0: apid 0 (boot processor) > > > cpu0: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > > > patch 0a704101 > > > cpu0: cpuid 1 > > > edx=178bfbff > > > > > > ecx=76f8320b > > > cpu0: cpuid 6 eax=4 ecx=1 > > > cpu0: cpuid 7.0 > > > ebx=f1bf97a9 > > > ecx=405fce edx=1000 > > > cpu0: cpuid d.1 eax=f > > > cpu0: cpuid 8001 edx=2fd3fbff > > > ecx=75c237ff > > > cpu0: cpuid 8007 edx=e799 > > > cpu0: cpuid 8008 > > > ebx=791ef257 > > > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB > > > 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache > > > cpu0: smt 0, core 0, package 0 > > > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > > > cpu0: apic clock running at 24MHz > > > cpu0: mwait min=64, max=64, C-substates=1.1, IBE > > > cpu1 at mainbus0: apid 2 (application processor) > > > cpu1: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > > > patch 0a704101 > > > cpu1: smt 0, core 1, package 0 > > > cpu2 at mainbus0: apid 4 (application processor) > > > cpu2: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > > > patch 0a704101 > > > cpu2: smt 0, core 2, package 0 > > > cpu3 at mainbus0: apid 6 (application processor) > > > cpu3: AMD Ryzen 9 7940HS w/ Rade
Re: Sudden reboot every 5-10 minutes on latest snapshot
On 2024-05-23, Ali Farzanrad wrote: > Hi misc@, > > My Minisforum UM790 keeps reboot every 5-10 minutes, without any Kernel > Panic or visible message how may I debug it? > I'm using latest OpenBSD snapshot with this amd64/BUILDINFO: > Build date: 1716424636 - Thu May 23 00:37:16 UTC 2024 Not a lot to go on really. Is the machine doing anything or just idle? Is X running? Do you get the same with 7.5? if yes, try older releases - can you find one where it doesn't happen? > > # (dmesg; sysctl hw.sensors) > OpenBSD 7.5-current (GENERIC.MP) #78: Wed May 22 18:31:14 MDT 2024 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 31909883904 (30431MB) > avail mem = 30921310208 (29488MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x9ab7f000 (45 entries) > bios0: vendor American Megatrends International, LLC. version "1.01" date > 06/05/2023 > bios0: Micro Computer (HK) Tech Limited F7BSC > efi0 at bios0: UEFI 2.8 > efi0: American Megatrends rev 0x5001d > acpi0 at bios0: ACPI 6.4 > acpi0: sleep states S0 S4 S5 > acpi0: tables DSDT FACP SSDT SSDT FIDT MCFG FPDT VFCT BGRT TPM2 SSDT CRAT > CDIT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT WSMT APIC IVRS SSDT SSDT > SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT > acpi0: wakeup devices GPP1(S4) GPP0(S4) GPP5(S4) GPP7(S4) GP11(S4) SWUS(S4) > GP12(S4) SWUS(S4) > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpimcfg0 at acpi0 > acpimcfg0: addr 0xe000, bus 0-255 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu0: cpuid 1 > edx=178bfbff > > ecx=76f8320b > cpu0: cpuid 6 eax=4 ecx=1 > cpu0: cpuid 7.0 > ebx=f1bf97a9 > ecx=405fce edx=1000 > cpu0: cpuid d.1 eax=f > cpu0: cpuid 8001 edx=2fd3fbff > ecx=75c237ff > cpu0: cpuid 8007 edx=e799 > cpu0: cpuid 8008 > ebx=791ef257 > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line > 8-way L2 cache, 16MB 64b/line 16-way L3 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 24MHz > cpu0: mwait min=64, max=64, C-substates=1.1, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 4 (application processor) > cpu2: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 6 (application processor) > cpu3: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu3: smt 0, core 3, package 0 > cpu4 at mainbus0: apid 8 (application processor) > cpu4: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu4: smt 0, core 4, package 0 > cpu5 at mainbus0: apid 10 (application processor) > cpu5: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu5: smt 0, core 5, package 0 > cpu6 at mainbus0: apid 12 (application processor) > cpu6: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu6: smt 0, core 6, package 0 > cpu7 at mainbus0: apid 14 (application processor) > cpu7: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, > patch 0a704101 > cpu7: smt 0, core 7, package 0 > cpu8 at mainbus0: apid 1 (application processor) > cpu8: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 > cpu8: smt 1, core 0, package 0 > cpu9 at mainbus0: apid 3 (application processor) > cpu9: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 > cpu9: smt 1, core 1, package 0 > cpu10 at mainbus0: apid 5 (application processor) > cpu10: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 > cpu10: smt 1, core 2, package 0 > cpu11 at mainbus0: apid 7 (application processor) > cpu11: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 > cpu11: smt 1, core 3, package 0 > cpu12 at mainbus0: apid 9 (application processor) > cpu12: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 > cpu12: smt 1, core 4, package 0 > cpu13 at mainbus0: apid 11 (application processor) > cpu13: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 > cpu13: smt 1, core 5, package 0 > cpu14 at mainbus0: apid 13 (application processor) > cpu14: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 > cpu14: smt 1, core 6, package 0 > cpu15 at mainbus0: apid 15 (application processor) > cpu15: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, > patch 0a704101 >
Re: wifi
On 2024-05-23, Gustavo Rios wrote: > --1fa3f9061917b744 > Content-Type: text/plain; charset="UTF-8" > > Hi folks! > > I would like to setup my openbsd wifi but up to now, no success. > Here is my lspci output. May some one help me ? > > Thanks a lot. > > 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE > 802.11ac PCIe Wireless Network Adapter OpenBSD doesn't support Realtek 11ac wifi. -- Please keep replies on the mailing list.
Re: advice debugging lockups with swap-thrashing symptoms?
On 2024-05-22, James Cook wrote: > One of my OpenBSD boxes sometimes gets in a weird locked-up or > almost-locked-up state. I'm wondering what I can do to debug it > further next time it happens. ... > I would also expect the cache number to be much higher. E.g. on > this occasion, I was running "git annex fsck", which reads plenty > of data from disk. Heavy filesystem access can result in this sort of thing, I used to have unpacked ports source on one of my machines for grepping over, the machine was pretty much unusable for anything else while that was running. Might be worth trying some noatime mount flags if you don't already have them, at least then you can avoid turning some reads into writes.
Re: how to fsck automatically at boot
On 2024-05-22, Kirill A Korinsky wrote: > On Wed, 22 May 2024 12:53:11 +0100, > Nick Holland wrote: >> > Do you need atime on that FS? Disable it dramatically reduces chances of > manual interraction with fsck. btw: you probably _do_ want atime on /tmp (see /etc/daily). But that's a fairly good candidate for MFS anyway.
Re: IPv6 routing problems with vether and vmm
On 2024/05/21 20:30, jrmu wrote: > Greetings, > > > > I also don't control the entire /48. > > > > > > Here is the information I was given: > > > > > > My IPv6 Address Subnet: 2602:fccf:400:41::/64 > > > Hypervisor' IPv6 Gateway: 2602:fccf:400::1 > > > > > > I was only given a /64. > > > > So you should use a /64 prefix length not the /48 which you have. > > > > See EXAMPLES in route(8) for how to set the gateway. > > Please excuse my ignorance here, as I am unfamiliar with networking. Can > you explain why /64 is the correct prefix length? Because that is the information they gave you: "Here is the information I was given: My IPv6 Address Subnet: 2602:fccf:400:41::/64" > I am confused because it seems not analogous to IPv4. Your provider has decided to use a different config method for v6 compared to v4. They probably have a route for the whole /64 to your MAC address to avoid having to do neighbour discovery (NDP) for addresses in your subnet. If they did NDP, they have to try to find the MAC address to send packets for that individual address. So if that address isn't in the (limited size) NDP cache their router would need to buffer the packet, try to resolve the address, if that address is not configured anywhere they'd need to wait for a timeout before possibly generating a host-unreachable icmp6 message and discarding the packet. These are all slow operations using cpu resources on a router where those resources are usually quite limited. Now consider the number of addresses in the subnet and that someone on the internet can send packets to any address. There are similar issues for v4 (using ARP rather than NDP to find MAC addresses) but the scale is vastly different - and most addresses will be in use anyway so most of the time a randomly addressed packet will already have the MAC address in the ARP cache. There are other ways to handle this (e.g. add a small 'link net' between the router and your host) but config for that is a bit more hassle to do on the provider's side - typically with that setup you'd have a separate vlan per customer too, as well as the route table entry across the provider's network for the link net, using more resources on routers/switches. > In the IPv4 example, my address is 104.167.241.211, the gateway is > 104.167.241.193, and the subnet mask 255.255.255.192. The network length > then is /26. I don't control the entire /26 subnet, only one single IPv4 > address within it, but my network would have a prefix length of /26. All of the /26 is probably directly reachable (using ARP to lookup the MAC address). And vice-versa, other addresses in the /26 will be expecting to be able to send packets to you directly rather than going via the gateway. > Isn't using a prefix length of /48 the same in the case of IPv6? I don't > control the entire /48, but the gateway 2602:fccf:400::1 shares the > first 48 network bits with my IPv6 address 2602:fccf:400:41:: You almost certainly can't reach the rest of the /48 without going via the gateway. > If I were to set the routing prefix length to 64, then I could manually > add an extra route to the IPv6 gateway. But then, wouldn't I want to set > my IPv4 address with a subnet mask of 255.255.255.255, so that the > network length would be 32 rather than 26, and also add a manual route > there? Some providers do do that for v4, but if they had they'd be telling you to use the /32. There's a lot less reason to do it for v4 though.
Re: IPv6 routing problems with vether and vmm
On 2024-05-21, jrmu wrote: > > --qhuug7BO2jqFJSbi > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > Greetings, > >> > Here is my configuration: >>=20 >> > Inside hypervisor: >>=20 >> > hypervisor$ cat /etc/hostname.em1 >> > inet 104.167.241.211 0xffc0 >> > inet6 2602:fccf:400:41:: 48 >>=20 >> Why are you using 48 as mask here and not 64? > > I don't have control over the hypervisor's gateway, that is provided by > my ISP. > >> Your gateway must have a (static) route saying we can reach 2602:fccf::/36 >> (or a any smaller subnet you will use in your hypervisor) via >> em1.IPv6.address. I will pick 2602:fccf:400::/48 as the block you plan to >> use for all your VMs. > > I also don't control the entire /48. > > Here is the information I was given: > > My IPv6 Address Subnet: 2602:fccf:400:41::/64 > Hypervisor' IPv6 Gateway: 2602:fccf:400::1 > > I was only given a /64. So you should use a /64 prefix length not the /48 which you have. See EXAMPLES in route(8) for how to set the gateway.
Re: how to fsck automatically at boot
On 2024-05-21, Nick Holland wrote: > On 5/20/24 09:37, Jan Stary wrote: >> On May 20 13:22:26, mikyde...@yahoo.fr wrote: >>> Hello, >>> >>> I have two use cases and problems with fsck. >>> >>> 1) When my openbsd boots after an outage, the system asks me to fsck /, >>> /usr, /var or /home manually. >>> So I do >>> fsck /dev/sd0a >>> And then I'm asked questions and I usually answer F >>> >>> So my question is that I want this process to be done automatically at boot >>> time for each partition that has a problem. >> >> The /etc/rc boot script calls fsck -p; >> if that fails, it means fsck -p was unable to fix a major problem. >> It is the point that it requires an admin's intervention. >> >> You would have to change the fsck call to fsck -y; >> but don't do that. AIUI the rationale for not using -y by default is that fsck may do further damage to a badly damaged disk. But in practice many people wouldn't do anything other than hit 'y' lots or 'F' when fsck complains, in which case patching /etc/rc to run -y by default isn't going to be any worse... And there are certainly some classes of system where you don't really care about losing data (i.e. you can recreate from config management or backups) but you do want to maximise the chances of being able to connect in remotely, and in that case -y can definitely help. > I'd look at why your file systems are always needing these manual > interventions after a hard shutdown. I routinely power down my > personal systems with yanking the power cord if it would take me > longer "properly" connect a console and properly shut down. That really depends on what the system is doing. >>> When I remove that disk the boot sequence stops and asks for a fsck >>> I would like that this disk is mounted when it's present, but when it's not >>> installed I don't want the boot sequence to stop >> >> Make it also "noauto" in fstab and mount it in rc.local. > > Last I tried this, it didn't do what I wanted -- "noauto" still expects > to have the disk there and will fsck it on boot. Failure to be able to > do this stops the boot. It's been a while since I last tried this, so > perhaps something has changed (including my recollection?) See fstab(5) about fs_passno. > And this might be a solution for the OP's problem: > make /usr and /usr/* "ro" during normal operation reorder_kernel is run in the background from /etc/rc; for RO /usr you need to wait for that to finish. -- Please keep replies on the mailing list.
Re: packet filter silently ignores a rule
On 2024-05-21, Maksim Rodin wrote: > I solved the problem by copying the entire rule block right after > the old one and commenting out the old one. > > New: > pass in on egress inet proto tcp to (egress) port $mail_ports \ > keep state (max-src-conn 20, \ > max-src-conn-rate 35/300, overload \ > flush global) \ > rdr-to $mail_server > > Old: > pass in on egress inet proto tcp to (egress) \ > port $mail_ports \ > keep state (max-src-conn 20, \ > max-src-conn-rate 35/300, overload \ > flush global) rdr-to $mail_server > > I only split one line and merged two other lines into one > but I think I did it correctly and I do not see any logical > changes in the block. ... >> My whole pf.conf (all uncommented lines): We can't tell if it was done correctly because you excluded commented lines from the file you showed. Read pf.conf(5) DESCRIPTION section, paragraph starting "The current line can be extended over multiple lines".
Re: pf anchors attached to irrelevant states
On 2024-05-19, Kapetanakis Giannis wrote: > This is a bit strange. pf works normal, but rules after an enchor an > being attached to the anchor (somehow). > > All states that are created from rules after the anchor, show the anchor > (pf rule) number instead of (only) the rule number in pfctl -vv and in > pflog. I can confirm this is a problem, definitely seen in 7.4, I can't remember if 7.3 was affected. 7.2 from Dec 22 seems ok.
Re: nginx + php = system() not working?
On 2024-05-17, Martijn van Duren wrote: > On Thu, 2024-05-16 at 21:58 -0400, F Bax wrote: >> I think I missed something simple? I installed 7.5 release in a VM. I then >> installed nginx and PHP 8.3.3; with pkg_add. I then ran these two commands: >> # rcctl enable php83_fpm >> # rcctl start php83_fpm >> I found an issue with php system() function; so created this simple script >> which produces "HiThere"; why is the date not presented? >> >> > echo 'Hi'; >> system( 'date' ); >> echo 'There'; >> ?> > > All the advise I've seen is horrible. chroot isn't enabled by default > without a reason (php and security have a history). > My first question would by why you need system() in the first place. > If you need the date/time, just use > https://www.php.net/manual/en/class.datetime.php. If it's just a proof > of concept be more precise in what you want to achieve and see if > there's a PHP library equivalent. If there's no reasonable way to > achieve it (which I highly doubt) I advise to copy the required binary > (and dependencies) into the chroot and make a memo to keep them up to > date. There's some information about this in PHP's pkg-readme file. -- Please keep replies on the mailing list.
Re: Bgpd multipath conf
On 2024-05-16, Marco Agostani wrote: > Ok so in the end is there a way to install more then one route in the kernel > table through bgpd or not ? No. That is what "bgpd ... does not handle adding multiple paths for the same prefix to the FIB" means. (FIB = "forwarding information base" = kernel route table) > And if it's something that could be done in the future ? could? sure, if someone were to write the code to support it. I don't think it will be a particularly easy thing to do though. -- Please keep replies on the mailing list.
Re: Bgpd multipath conf
On 2024-05-14, Marco Agostani wrote:
> I try to setup an openbgpd setup involving multipath configuration ...with =
> no success.
...
> neighbor $GW01 {
> descr "bgp#1"
> announce IPv4 unicast
> announce add-path recv yes
> set localpref 110
> }
This just announces the add-path BGP capability.
> #bgpctl sh rib 172.18.180.0/24
>
> flags: * =3D Valid, > =3D Selected, I =3D via IBGP, A =3D Announced,
>S =3D Stale, E =3D Error
> origin validation state: N =3D not-found, V =3D valid, ! =3D invalid
> aspa validation state: ? =3D unknown, V =3D valid, ! =3D invalid
> origin: i =3D IGP, e =3D EGP, ? =3D Incomplete
>
> flags vs destination gateway lpref med aspath origin
> *>N-? 172.18.180.0/24 10.0.1.241110 0 14381 i
> *mN-? 172.18.180.0/24 10.0.1.245110 0 14381 i
>
> Show me two routes one marked with multipath
>
> But in fib I see only one route
>
> #bgpctl sh fib 172.18.180.0/24
>
> flags: B =3D BGP, C =3D Connected, S =3D Static
>N =3D BGP Nexthop reachable via this route
>r =3D reject route, b =3D blackhole route
> flags prio destination gateway
> B 48 172.18.180.0/24 10.0.1.241
...
> What I miss here ??
bgpd does allow add-path and having multiple paths to a prefix in the
RIB (e.g. perhaps useful on a route-server) but it does not handle
adding multiple paths for the same prefix to the FIB.
Re: gmake compile of python3.12 crashes on openBSD 7.5 but not on openBSD 7.4
On 2024-05-12, Sandeep Gupta wrote: > ./Tools/scripts/pydoc3 > build/scripts-3.12/pydoc3.12 > Illegal instruction (core dumped) > > I am unable to find a proper debugger into which to load the python.core > generated after core dump, so can't provide any useful debug info. pkg_add gdb and use the 'egdb' command.
Re: PHP 8.2.18 problem
On 2024/05/10 14:29, Dan wrote: > > In php.ini a session.save_handler = memcache ^ ... > Looking at phpinfo() I see: > > memcached ^ > Session support: yes Looks like a typo.
Re: unable to startx/xinit on additional virtual terminal
On 2024-05-10, Sandeep Gupta wrote: > I should be able to launch an additional x11 session given one is already > running by default. that's not supported -- Please keep replies on the mailing list.
Re: gstreamer1 update
On 2024-05-10, Robert Palm wrote: > pkg_check is now clean. gstreamer still complaining. Updates are currently broken for gstreamer1-plugins-good, it will need a fix in the port + new set of packages. If you don't want to wait, pkg_delete gstreamer1-plugins-good, let it remove any packages depending on it, then pkg_add -u and reinstall any deleted packages that you need.
Re: My PC is crashing
On 2024-05-10, Peter N. M. Hansteen wrote: > On Fri, May 10, 2024 at 08:48:56AM +0200, Anders Andersson wrote: >> Missing from the FAQ is IMO step 0: Run memtest over night to rule out >> hard to debug hardware problems. It won't catch everything of course, >> but it usually finds RAM issues which is its main job. > > That is a very valid point. > > Bad RAM could very well be the cause of the problems described. And on > a side note, given that the memory allocation in OpenBSD is different than > what some other systems do, it is not unlikely that other systems never > or only rarely would hit the failing memory location while OpenBSD would, > more often. Yet it was able to do an install and relink the kernel while in the installer. Also IME memory-related problems are more likely to result in crashes rather than the machine shutting down. This doesn't completely rule out memory problems, but it's more likely to result from a difference between RAMDISK and GENERIC.MP kernels. First things first, Daniel: - if you used i386, try amd64 instead. - if you configured to run X in the installer, try without that. - try going back a release or two, is there any difference? -- Please keep replies on the mailing list.
Re: webssh does not install
On 2024-05-06, Eyüp Hakan Duran wrote: > --9fb6bb0617c0773e > Content-Type: text/plain; charset="UTF-8" > > Hi all, > > I am trying to install webssh, which is a python package, on OpenBSD 7.5. > My goal is to provide a tool for my email server users a means to change > their passwords. Some of them access their emails from Windows machines, > and they are not very comfortable using ssh, etc. I thought this would be a > good way to streamline the process. The next challenge will be limiting > their ssh usage only to change their passwords, but I need to solve this > problem first. This is my workflow so far: > > # mkdir /usr/local/share/webssh > # python -m venv /usr/local/share/webssh One of the rust libraries used by py-cryptography needs patching to work with libressl. Easiest workaround is probably to pkg_add py3-cryptography, and use --system-site-packages with venv so that it can pick up packages from the main system. That said, for your stated goal, you're probably better off using LDAP or a SQL database to store your hashed passwords for email users, having your IMAP/POP3 server point at that for authentication, and providing a web app of some sort to allow users to change them (e.g. roundcube and snappymail webmail apps both have plugins that you can enable to allow this).
Re: pfstat is having a bad time
On 2024-05-05, Christer Solskogen wrote: > Running pfstat -q gives: > ioctl: DIOCGETSTATUS: Permission denied > pf_query: query_counters() failed > > This is on a newly updated system (current) > OpenBSD tugs.antarctica.no 7.5 GENERIC.MP#50 amd64 > > Packages are also all up to date. The kernel ABI for PF changed recently (extra members in struct pf_status) so packages using it need to be built with new headers. I've bumped REVISION in the port so pkg_add -u should pick it up after the next set of packages are built, but if you rorce a reinstall of pfstat from current packages, that should do the trick too. -- Please keep replies on the mailing list.
Re: fw_update
On 2024-05-03, Harald Dunkel wrote: > On 2024-05-02 21:25:00, Stuart Henderson wrote: >> >> You have an old fw_update(1) manual lying around which should be >> removed. It moved to fw_update(8). >> > > "Moved"? Yes. It used to be in section 1, it has moved to section 8. Unless you remove the extra file, man(1) will by default show the obsolete section 1 manual.
Re: panic: unix: lock not held
On 2024-05-03, Amit Kulkarni wrote: > Hi all, > Referring to the existing email chain on bugs@ > https://marc.info/?l=openbsd-bugs=171468519914343=2 > > Unable to boot to a prompt. How do I recover by booting an older kernel? > There is no /obsd to try out. sysupgrade doesn't save old kernels (and it would be problematic if it did, space on / often gets tight) so you'll need to find one from elsewhere (openbsd.cs.toronto.edu and ftp.hostserver.de carry old snapshots in an archive directory) and install it using either your existing bsd.rd (if it works) or by booting from a downloaded install img/iso or network boot a downloaded bsd.rd.
Re: fw_update
On 2024-05-02, Harald Dunkel wrote: > On 2024-04-30 13:25:39, Страхиња Радић wrote: >> Дана 24/04/30 01:12PM, Kirill A. Korinsky написа: >>> You may download it by hand and install as fw_update /path/to/firmware.tgz >> >> BTW, this is in fw_update(8). >> >> man 8 fw_update >> /SYNOPSIS >> > > Another BTW: > > # fw_update -i > fw_update: unknown option -- -i > usage: fw_update [-adFnv] [-p path] [driver | file ...] > > The man page says > > SYNOPSIS >fw_update [-adinv] [-p path] [driver ...] > > What is -F supposed to do? What happened to the -i? You have an old fw_update(1) manual lying around which should be removed. It moved to fw_update(8). -- Please keep replies on the mailing list.
Re: pax and ext2fs
On 2024-05-02, Walter Alejandro Iglesias wrote: > I expect from that command no more and no less than what is explained in > the man page: > > Update (and list) only those files in the destination directory > /backup which are older (less recent inode change or file > modification times) than files with the same name found in the source > file tree home: > > $ pax -r -w -v -Y -Z home /backup > > While that works as explained when copying to a ffs drive, running the > same command again and again to a ext2fs target *all* files are copied > again, even those already updated, what suggests me that pax(1) fails to > get ext2fs timestamps right. I don't have a suitable filesystem handy to test, but does OpenBSD's implementation of ext2fs support sub-second timestamps? stat -f %Fm $filename If not, that's a probable explanation for the difference in behaviour. You could probably confirm by forcing timestamps with no nanosecond components, e.g. touch -t mmddhhmm.ss $filename, or copy to ext2fs and back again. > But this is asking to much to OpenBSD, > right? Linux don't even support ffs. That's why I didn't put much care > in reporting this issue or sending it to bugs@. By reporting an issue, you're implicitly asking people to spend some time looking at it. So, if it's worth reporting at all, it's worth putting a bit more effort in yourself.
Re: Ports: micro is broken
On 2024-05-02, Mizsei Zoltán wrote: > I am unsure if this is the correct list for this to report, but there seems > to be other mails regarding ports here, so... po...@openbsd.org is better for ports-related questions. > I am facing issues with the port of the "micro" editor (written in go) on > OBSD 7.5. While the color handling was broken in 7.4, but otherwise the > editor used to work, however now it doesn't even start: This is one of a number of pieces of software written in Go that don't work on OpenBSD 7.5 because they try to make system calls directly. These can now only be done via libc. Changing micro to use a newer version of the github.com/mattn/go-isatty will fix part of the problem. Another part is that it uses a fork of github.com/gdamore/tcell which doesn't track updates to the original (in particular there's use of syscall6 in https://github.com/zyedidia/tcell/blob/master/tscreen_bsd.go which needs changing). Perhaps it could move back to the original instead of the fork, perhaps the fork could be rebased on a newer upstream version, or perhaps it just needs a patch. There may be other issues but those two stand out. (There's some discussion about this on ports@ too). > In 7.4 i was able to use the official build (which had working colors in > terminal), but since 7.5 it doesn1t runs anymore: > https://github.com/zyedidia/micro/releases/download/v2.0.13/micro-2.0.13-openbsd64.tar.gz At the moment, pretty much no upstream-provided binaries for any Go software will work on 7.5, unless they were built using a version of Go with the patches in the OpenBSD ports tree. -- Please keep replies on the mailing list.
Re: >10W idle power usage on framework laptop 12th gen 13inch
On 2024-04-30, Nathaniel Griswold wrote: > What could be taking so much power? CPUs are idling. some things in this area that people have been looking into: https://cneira.github.io/posts/openbsd-save-battery-changes/ https://github.com/openbsd/src/compare/master...jcs:openbsd-src:jcs
Re: Caddy webserver is not in the ports tree
On 2024-04-30, Souji Thenria wrote: > > Could you elaborate on your point that Go ports are a pain? > I thought a port written in Go would probably be easier to maintain > because no additional libraries are needed to run the program, and > cross-compilation is relatively easy, too. With current OpenBSD versions, system calls are only permitted from libc, so all binaries making any system calls need to be linked with libc. There's a common idiom in software written in Go to try to avoid touching anything in C libraries and issue system calls directly instead - this no longer works on OpenBSD (there is a special case because the Go compiler has been patched to reroute SYS_IOCTl and SYS_SYSCTL to the libc wrapper automatically but for any others, patches are required). Additionally software needs to use a recent enough version of golang.org/x/sys and not use an old version via vendoring or modules otherwise x/sys's own use of syscall is a problem. Cross-compilation of go software to run on current OpenBSD is mostly not possible at the moment because the compiler changes mentioned above are added via patches in the port and won't be in compiler binaries produced for other OS. There's another issue with the go module system used for "standard" modern go ports: it mostly wants unmodified .mod and .zip files so it's hard for a port to apply patches to anything other than the source code for the main piece of software (i.e. not dependent modules). There is a way around this in some cases by feeding in the zip/mod files in a first stage and using "go mod vendor" to extract them before build, allowing them to be patched, but this is a delicate and not very pleasant area to work on (it's easy to break existing ports, some of which already have bodges to work around this, also compiling all the current ports using go to test any such changes uses loads of disk space, cpu, and time).
Re: ubnt edgerouter 8
On 2024/04/30 16:46, Marc Peters wrote: > Am Tue, Apr 30, 2024 at 12:03:10PM UTC, schrieb Stuart Henderson: > > Do be aware that they often have less airflow than the original fans. > > > > Sometimes that is not a problem, but sometimes you might want to think > > twice (especially in, say, the power supply in poe switches, which might > > end up getting a bit too warm). > > They have a much higher airflow than the original ones some do, some don't. just want to make sure that people think about it rather than assuming. > and this particular POE switch model has a separate one for its PSU (with the > non standard plug, which took me a lot longer to cut the shrinking cover and > get every 3 wires reconnected, than to replace the other two fans)
Re: Caddy webserver is not in the ports tree
On 2024-04-30, Stuart Henderson wrote: > On 2024-04-30, Souji Thenria wrote: >> Hi everyone, >> >> In the last couple of days, I played with the webserver Caddy [1] and >> would like to use it for some of my web applications. However, the >> webserver is currently not in the ports tree. Is there a specific reason >> for that, or has no one wanted to create and maintain >> the port yet? >> >> If it's the latter, I might try to do it. >> >> [1] https://caddyserver.com/ > > It's a bit of a pain, there's no privdrop code so in order to provide > service on the standard http/https port numbers you either need to run > as route or use PF or something else to redirect/proxy the connections. root*, oopsy. > On Linux they use setcap to allow non-privileged processes to bind to > privileged ports but that's not really desirable and is not possible > with OpenBSD. > > In general go ports are a total pain as well. > > A basic port would look something like https://junkpile.org/caddy.tgz > -- Please keep replies on the mailing list.
Re: Caddy webserver is not in the ports tree
On 2024-04-30, Souji Thenria wrote: > Hi everyone, > > In the last couple of days, I played with the webserver Caddy [1] and > would like to use it for some of my web applications. However, the > webserver is currently not in the ports tree. Is there a specific reason > for that, or has no one wanted to create and maintain > the port yet? > > If it's the latter, I might try to do it. > > [1] https://caddyserver.com/ It's a bit of a pain, there's no privdrop code so in order to provide service on the standard http/https port numbers you either need to run as route or use PF or something else to redirect/proxy the connections. On Linux they use setcap to allow non-privileged processes to bind to privileged ports but that's not really desirable and is not possible with OpenBSD. In general go ports are a total pain as well. A basic port would look something like https://junkpile.org/caddy.tgz -- Please keep replies on the mailing list.
Re: ubnt edgerouter 8
On 2024-04-30, Marc Peters wrote: > Am Mon, Apr 29, 2024 at 05:31:14PM UTC, schrieb Daniel Gracia: >>I replaced my 8 Pro fans with Noctua units and I'm pretty happy with >>them; they came with several adapters that allow you to choose the >>speed of the fans. > > +1 for the noctua fans from me. I replaced a couple of annoying Juniper ones > to get a decent noise level and they're really silent, even my wife doesn't > complain. As already mentioned, the come with a couple of adapter to connect > and even a wiring solution for non standard pins is in the package. They also > have photos on their page, eg. https://noctua.at/en/nf-a4x10-flx Do be aware that they often have less airflow than the original fans. Sometimes that is not a problem, but sometimes you might want to think twice (especially in, say, the power supply in poe switches, which might end up getting a bit too warm). -- Please keep replies on the mailing list.
Re: Is there access to dm...@openbsd.org? / arm64 laptops
On 2024-04-27, Peter J. Philipp wrote: > I'm looking for a dmesg of an arm64 laptop, the time I think has come to > mothball the apple macbook pro from early 2015 (my old laptop called spica), > I could put a new battery in it but the 80 EUR is not worth it anymore. I'm > also gearing up for job interviews overseas in the summer where I need a > nice laptop. > > Anyone have dmesgs of "Lenovo Thinkpad X13s Gen 1" or the Apple M1/M2? Here's an M2 pro dmesg. The onboard wireless network device isn't working yet so you need USB network (and because it's USB-C only, wifi dongles are a bit of a pain as you need an adapter). Video not accelerated but X runs ok. Webcam, microphone not supported. Not sure if the keyboard backlight is supported, at least I didn't figure out how to get it lit up in OpenBSD yet. The Apple M2 cpu has PAC and BTI (control-flow protection), enabled by default in OpenBSD - support maybe missing from some ports still which can result in crashes (it's usually easy enough to disable per-port by recompiling, and it's often not too hard to actually fix the ports either). https://newsroom.arm.com/blog/pac-bti Web browsers were a bit flaky last time I tried but I don't remember the details (and not sure whether that was an issue with my USB network adapter or the browser though). Can't remember whether I tried sleep or not. IIUC more of the hardware is working in X13s, but the Apples are damn quick at compiling.. (And I think I recall people with X13s mentioning that if the battery runs out you need to charge it for a while first before it will power back up - a "feature" familiar to me from the old Zaurus ;) OpenBSD 7.5 (GENERIC.MP) #120: Mon Mar 4 13:53:14 MST 2024 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 16313647104 (15557MB) avail mem = 15674085376 (14947MB) random: good seed from bootblocks mainbus0 at root: Apple MacBook Pro (14-inch, M2 Pro, 2023) efi0 at mainbus0: UEFI 2.10 efi0: Das U-Boot rev 0x20230700 cpu0 at mainbus0 mpidr 0: Apple Blizzard Pro r1p0 cpu0: 128KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 8-way L1 D-cache cpu0: 4096KB 128b/line 16-way L2 cache cpu0: TLBIOS+IRANGE,TS+AXFLAG,FHM,DP,SHA3,RDM,Atomic,CRC32,SHA2+SHA512,SHA1,AES+PMULL,SPECRES,SB,FRINTTS,GPI,LRCPC+LDAPUR,FCMA,JSCVT,API+PAC,DPB,SpecSEI,PAN+ATS1E1,LO,HPDS,VH,CSV3,CSV2,DIT,BT,SBSS+MSR cpu1 at mainbus0 mpidr 1: Apple Blizzard Pro r1p0 cpu1: 128KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 8-way L1 D-cache cpu1: 4096KB 128b/line 16-way L2 cache cpu2 at mainbus0 mpidr 2: Apple Blizzard Pro r1p0 cpu2: 128KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 8-way L1 D-cache cpu2: 4096KB 128b/line 16-way L2 cache cpu3 at mainbus0 mpidr 3: Apple Blizzard Pro r1p0 cpu3: 128KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 8-way L1 D-cache cpu3: 4096KB 128b/line 16-way L2 cache cpu4 at mainbus0 mpidr 10100: Apple Avalanche Pro r1p0 cpu4: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu4: 16384KB 128b/line 16-way L2 cache cpu5 at mainbus0 mpidr 10101: Apple Avalanche Pro r1p0 cpu5: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu5: 16384KB 128b/line 16-way L2 cache cpu6 at mainbus0 mpidr 10102: Apple Avalanche Pro r1p0 cpu6: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu6: 16384KB 128b/line 16-way L2 cache cpu7 at mainbus0 mpidr 10103: Apple Avalanche Pro r1p0 cpu7: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu7: 16384KB 128b/line 16-way L2 cache cpu8 at mainbus0 mpidr 10200: Apple Avalanche Pro r1p0 cpu8: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu8: 16384KB 128b/line 16-way L2 cache cpu9 at mainbus0 mpidr 10201: Apple Avalanche Pro r1p0 cpu9: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu9: 16384KB 128b/line 16-way L2 cache cpu10 at mainbus0 mpidr 10202: Apple Avalanche Pro r1p0 cpu10: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu10: 16384KB 128b/line 16-way L2 cache cpu11 at mainbus0 mpidr 10203: Apple Avalanche Pro r1p0 cpu11: 192KB 64b/line 6-way L1 PIPT I-cache, 128KB 64b/line 8-way L1 D-cache cpu11: 16384KB 128b/line 16-way L2 cache "asc-firmware" at mainbus0 not configured "asc-firmware" at mainbus0 not configured "framebuffer" at mainbus0 not configured "asc-firmware" at mainbus0 not configured "asc-firmware" at mainbus0 not configured "region157" at mainbus0 not configured "region95" at mainbus0 not configured "region94" at mainbus0 not configured "region57" at mainbus0 not configured "dcp_data" at mainbus0 not configured "asc-firmware" at mainbus0 not configured "uat-handoff" at mainbus0 not configured "uat-pagetables" at mainbus0 not configured "uat-ttbs" at mainbus0 not configured "isp-heap" at mainbus0 not configured apm0 at mainbus0 "opp-table-0" at mainbus0 not configured "opp-table-1" at mainbus0 not configured "opp-table-gpu" at mainbus0 not configured
Re: python dev
On 2024-04-26, Gustavo Rios wrote: > --78bcdd0617042ecf > Content-Type: text/plain; charset="UTF-8" > > Hi folks! > > May some here tell me if openbsd supports python dev package in the ports > collection ? What is "python dev"? -- Please keep replies on the mailing list.
Re: Getting "Boot error" after replacing a disk in softraid [SOLVED]
On 2024-04-25, Chris Petrik wrote: > Remember softraid isn't the same as hw raid and I will always chose hw over > soft this includes zfs. There are advantages and disadvantages for both. e.g. a software setup with multiple disk controllers can, if there's support for data error detection[1], protect against (or at least detect) errors on the hardware->cpu path which might not be noticable on a single hw raid controller. And in the event of controller/motherboard failure it might not be possible to attach drives to another machine (unless a suitable spare is at hand) with hw raid, whereas with sw they could often just be moved. [1] yes I know OpenBSD softraid(4) doesn't do it, but some others do
Re: bad first impression [ ...] Fwd: [HUNSN RJ43: USB keyboard lost at boot time]
On 2024-04-25, Wolfgang Pfeiffer wrote: > - Forwarded message from Harald Dunkel - > This morning I've got a HUNSN RJ43 network appliance with N100 and > 4 2.5Gbit network interfaces. Problem: The keyboard is lost at boot > time. It still worked at the boot> prompt, but in OpenBSD's installer > menu or at the login prompt it is ignored. I have to pull it out and > plug it into another socket to make OpenBSD 7.5 recognize it, but > even this workaround fails sometimes. ... > Another 15+ years old USB keyboard works out of the box, so maybe the > keyboard is to blame here. It worked fine on other hosts running > OpenBSD 7.4 or 7.5, though. > > BIOS had been reset to the defaults. dmesg output is attached, of > course. Every helpful idea is highly appreciated. I would be glad > to help to track down this problem. So another keyboard works with this machine, and this keyboard works with other machines. I suspect some quirk with the keyboard that interacts with a quirk in the BIOS. If there are options to change things to do with keyboard device emulation / USB legacy support / 8042 emulation / port 60/64 emulation then it might be worth toggling to see if they help. Or look for different BIOS/UEFI versions for the machine. This class of hardware is not exactly known for high quality firmware.
Re: what became of "apmd -C"?
On 2024-04-24, Harald Dunkel wrote:
> Hi folks,
>
> https://www.openbsd.org/faq/upgrade57.html doesn't mention it, so
> I wonder what became of "apmd -C"? The man page for OpenBSD 5.7
> silently dropped this option, but even apmd of 7.5 still accepts
> it.
>
> ?
apmd used to have code that checked cpu load and adjusted hw.setperf.
This moved to the kernel under hw.perfpolicy=auto which used to do
about the same thing, but was changed to use high all the time on
a machine where line power is connected.
To get similar to previous behaviour, you can either install obsdfreqd
from packages (userland monitoring, similar to old old apmd -C), or
some people run with a kernel patch like this:
Index: kern/sched_bsd.c
===
RCS file: /cvs/src/sys/kern/sched_bsd.c,v
diff -u -p -r1.91 sched_bsd.c
--- kern/sched_bsd.c30 Mar 2024 13:33:20 - 1.91
+++ kern/sched_bsd.c24 Apr 2024 07:18:01 -
@@ -603,7 +603,7 @@ setperf_auto(void *v)
if (cpu_setperf == NULL)
return;
- if (hw_power) {
+ if (0 && hw_power) {
speedup = 1;
goto faster;
}
Re: Getting "Boot error" after replacing a disk in softraid
On 2024-04-24, Brian Conway wrote: >> wd0 at pciide0 channel 0 drive 0: > > That seems... unusual. Do you have an (old) IDE compatibility option turned > on in the BIOS? I would have expected it to attach via AHCI: Optiplex 980 is from ~2010, similar age to the HP N54L microserver etc. Disks connecting by wd(4) and BIOS bugs relating to certain types of storage device were pretty common back then.
Re: mongo shell on openBSD
On 2024-04-22, Luca Leone wrote: > --51d7aa8ca551402d8b2dd0ebb50142e8 > Content-Type: text/plain > > Thanks again Kirill, top! > > Typing `$ mongo` in the terminal confirmed you're right of course: it starts > the interactive section with mongo db. Before asking here I typed `$ mongosh` > which is the command that works locally, but it does not on the server. I > guess it depends on the mongo version, locally I have version 7.0.2, on the > server version 4.4.2. > > Anyway, I need to improve my reading skills, it was all there in the mongo > docs! MongoDB Shell is a different thing, it's a node.js based program that has some different features than the basic "mongo" CLI tool. We don't have a good way to package software written in node (typically it wants to fetch filea from the internet during build.) -- Please keep replies on the mailing list.
Re: Fonts for wscons(4)
On 2024-04-19, Walter A Iglesias wrote: > I designed some fonts for wscons(4). Once you decompress the tar file > you'll find a test.sh script to test the fonts in a fullscreen xterm. I > include the *.h files to try them in wscons, but you have to recompile > the kernel for this. > > https://en.roquesor.com/Downloads/ape.tar.gz Fonts are loadable at runtime, see the terminus-font package for some details.
Re: multi-package ports make
On 2024-04-18, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> --- =_aa0
> Content-Type: text/plain; charset="us-ascii"
> Content-ID: <53906.171346683...@orthanc.ca>
> Content-Transfer-Encoding: quoted-printable
>
> Can somebody tell me what I'm doing wrong here. When I run
> 'make' against this makefile it blows up with:
>
> Fatal: WRKDIR ends with a slash: /usr/ports/pobj/ (in hush/hush-proxyctl)
> Fatal: WRKDIST ends with a slash: /usr/ports/pobj/ (in hush/hush-proxyctl)
> Fatal: WRKSRC ends with a slash: /usr/ports/pobj/ (in hush/hush-proxyctl)
> Fatal: WRKCONF ends with a slash: /usr/ports/pobj/ (in hush/hush-proxyctl)
> Fatal: WRKBUILD ends with a slash: /usr/ports/pobj/ (in hush/hush-proxyctl=
> )
> *** Error 1 in /usr/ports/hush/hush-proxyctl (/usr/ports/infrastructure/mk=
> /bsd.port.mk:3885 '.BEGIN': @exit 1)
>
> This is my first foray into MULTI_PACKAGE. This make template works
> for other non-MULTI_PACKAGE builds.
This would be better on ports@
That's unrelated to MULTI_PACKAGES, you are missing setting DISTNAME
(which can be done either directly, or indirectly via some other
variables).
go ports are fiddly enough, and there's no big chain of dependencies here
(the usual reason for splitting into multi packages), I think this would
be better as a single package.
> --- =_aa0
> Content-Type: text/plain; name="Makefile"; charset="us-ascii"
> Content-Description: Makefile
> Content-Disposition: attachment; filename="Makefile"
>
> COMMENT-main= DMZ proxy management and control
> COMMENT-server= DMZ proxy management daemon
> MAINTAINER= XXX
>
> V=1.0
> PKGNAME-main= hush-proxyctl-${V}
> PKGNAME-server= hush-proxyctld-${V}
> REVISION-main=0
> REVISION-server= 0
>
> CATEGORIES= hush
>
> MULTI_PACKAGES= -main -server
>
> PERMIT_PACKAGE= Yes
> NO_TEST= Yes
>
> BUILD_DEPENDS=lang/go
>
> pre-configure:
> mkdir -p ${WRKSRC}; cd ${.CURDIR}/files && cp -R . ${WRKSRC}
>
> do-build:
> cd ${WRKSRC}/proxyctl && go build proxyctl
> cd ${WRKSRC}/proxyctld && go build proxyctld
>
> .include
>
> --- =_aa0--
>
>
--
Please keep replies on the mailing list.
Re: Since upgrade to OpenBSD 7.5 the FreeRADIUS EAP authentication no longer works
On 2024-04-17, Federico Giannici wrote:
> On 4/17/24 16:34, Stuart Henderson wrote:
>> On 2024-04-17, Kapetanakis Giannis wrote:
>>> One idea if you have old devices that cannot upgrade to a newer SSL/TLS
>>> protocol would be to run some kind of proxy between the client and the
>>> radius server (stunnel?)
>>>
>>> Don't know how well this plays with EAP.
>>> Maybe this will only work with EAP-TTLS ?
>>
>> That isn't going to work.
>>
>>> Another idea, since you run your own custom freeradius, is to recompile it
>>> and link with another openssl library that has old SSL/TLS enabled.
>>
>> That may be an option, if you don't need some other library which pulls
>> in libssl/libcrypto (otherwise there will be a conflict).
>
>
> I'm trying to do that.
>
> I found that with normal linker I can substitute "-lcrypto" with
> "-l:libcrypto.so.50.2", and so long...
>
> But FreeRadius uses libtool and it gives the following warnings and
> don't generate any ".so" file:
>
> *** Warning: linker path does not have real file for library
> -l:libcrypto.so.50.2.
> *** I have the capability to make that library automatically link in when
> *** you link to this library. But I can only do this if you have a
> *** shared version of the library, which you do not appear to have
> *** because I did check the linker path looking for a file starting
> *** with lib:libcrypto.so.50.2 and none of the candidates passed a file
> format test
> *** using a regex pattern. Last file checked: /usr/lib/libexecinfo.so.3.0
>
>
> Any suggestions on how to make libtool use a specific library version?
Normally by passing directories via -L in the order you want. Though
this may be more complicated than usual in freeradius which uses its
own special libtool ("jlibtool").
(You also need to ensure that the headers from openssl are used, not
mismatching ones).
--
Please keep replies on the mailing list.
Re: Since upgrade to OpenBSD 7.5 the FreeRADIUS EAP authentication no longer works
On 2024-04-17, Kapetanakis Giannis wrote: > One idea if you have old devices that cannot upgrade to a newer SSL/TLS > protocol would be to run some kind of proxy between the client and the radius > server (stunnel?) > > Don't know how well this plays with EAP. > Maybe this will only work with EAP-TTLS ? That isn't going to work. > Another idea, since you run your own custom freeradius, is to recompile it > and link with another openssl library that has old SSL/TLS enabled. That may be an option, if you don't need some other library which pulls in libssl/libcrypto (otherwise there will be a conflict). -- Please keep replies on the mailing list.
Re: Since upgrade to OpenBSD 7.5 the FreeRADIUS EAP authentication no longer works
On 2024-04-17, Federico Giannici wrote: > Since we upgraded from OpenBSD amd64 7.3 to 7.5 (passing through 7.4) > the FreeRadius EAP authentication no longer works! > > We are using a custom version of FreeRadius (because we had to do some > little changes and a module of our own), and everything worked correctly > for many years. > > Now, with 7.5, it gives the following errors for EAP authentications > (everything else is OK): > > Apr 14 11:29:24 Eldarion radiusd[73262]: TLS Alert write:fatal:protocol > version > Apr 14 11:29:24 Eldarion radiusd[73262]: TLS_accept: error in SSLv3 > read client hello B > Apr 14 11:29:24 Eldarion radiusd[73262]: rlm_eap: SSL error > error:1402610B:SSL routines:ACCEPT_SR_CLNT_HELLO:wrong version number > Apr 14 11:29:24 Eldarion radiusd[73262]: SSL: SSL_read failed in a > system call (-1), TLS session fails. > Apr 14 11:29:24 Eldarion radiusd[73262]: Login incorrect (TLS Alert > write:fatal:protocol version): [anonym...@myisp.com/ EAP>] (from client wdsl_neomedia nas 10.10.215.101 port 0 cli > FC-EC-DA-2A-F5-7F service wdsl-neomedia) > > I guess that the new LibreSSL version have some new restricted > requirements. And we CANNOT change the client's OpenSSL version or certs > (they are Ubiquiti devices). > > Some time ago (I think upgrading to 7.3) we had to add > "SSL_CTX_set_security_level( ctx, 0 );" to make it work. So we already > have set Security Level to 0. > > Is there something else we can do to make LibreSSL accept everything it > accepted in previous release? This is most likely because of: https://www.openbsd.org/74.html "Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer be selected for use." I don't think there's anything simple you can do to reenable it.
Re: Firewall setup
On 2024-04-15, Karel Lucas wrote: > /etc/hostname.bridge0: > add igc0 add igc1 add igc2 blocknonip igc0 blocknonip igc1 blocknonip > igc2 up bridging with PF is an advanced topic, please get familiar with PF on a standard routed firewall first -- Please keep replies on the mailing list.
Re: Creating GLX context fails on ATI Picasso Radeon
On 2024-04-12, Страхиња Радић wrote: > Дана 24/04/12 08:46AM, Stuart Henderson написа: >> Unrelated, but: pkg_add -U is mostly for people running snapshots, >> wanting to install a new package without doing a full pkg_add -u run. > > According to pkg_add(1) manpage, the -U option is used to update the > dependencies if required before installing the new packages. No. It is described as "Install new packages in a hurry". Use it when you want to install a new package, but cannot do so because installed versions of dependencies are out of date, and you don't have time for a full update run (pkg_add -u). If you're not running snapshots this isn't really something you'll run into because you really need to do a full pkg_add -u run in that case. > In any case, I also did `pkg_add -u`, with the same results. yes, as I said, this is unrelated to the problem you have with GLX contexts. -- Please keep replies on the mailing list.
Re: No internet connection (firewall block)
On 2024-04-13, Janne Johansson wrote: > Den fre 12 apr. 2024 kl 20:22 skrev Karel Lucas : >> Traceroute still won't work. >> Can >> anyone give me some starting points here? > > Put "log" on all your block/pass rules, read the logs (man pflog for > help) and see which rule the traceroute packets hit. > Adapt and extend your pf.conf accordingly to allow the traffic you > want to let through. "match log(matches)", perhaps with an ip/proto/port restriction if the other traffic is too noisy, is good for diagnosing firewall rules - for each packet creating a new firewall state, it shows any matching rules for that packet in order of evaluation, with the last one printed showing the overall decision to block/pass. -- Please keep replies on the mailing list.
Re: Creating GLX context fails on ATI Picasso Radeon
On 2024-04-11, Страхиња Радић wrote: > Yes, I have (using the fw_update). I also did `pkg_add -Uu` after upgrading > to > 7.5, for that matter. Unrelated, but: pkg_add -U is mostly for people running snapshots, wanting to install a new package without doing a full pkg_add -u run. It will install the named package updating only those other packages (libraries etc) which are required. It may possibly leave you with some broken old packages. Normally you just want "pkg_add -u".
Re: Restic rest server broken with relayd.
On 2024-04-10, a...@abiscuola.com wrote:
> Is there a way to restore the previous behaviour in relayd(8)
Only by reverting the commit etc.
> or, is there a known workaround for restic, in this case?
That's probably a question for restic really (or possibly the
requirement is coming from a 3rd party REST library).
> I know that relayd(8) is right
It seems a little strict to me.
To my eye, the older version of the HTTP spec requires it ("The
Content-Length entity-header field indicates the size of the
entity-body, in decimal number of OCTETs, sent to the recipient or, in
the case of the HEAD method, the size of the entity-body that would have
been sent had the request been a GET").
That's been replaced now but it's still permitted: "The server SHOULD
send the same header fields in response to a HEAD request as it would
have sent if the request had been a GET, except that the payload header
fields (Section 3.3) MAY be omitted."
--
Please keep replies on the mailing list.
Re: newfs fast, but newfs_msdos and newfs_ext2fs very slow
On 2024-04-09, Stanislav Syekirin wrote: > Hi, > > I'm trying to figure out the best way to format a USB stick as FAT32. > This is what I've tried: > > $ time doas newfs_msdos /dev/rsd1c > /dev/rsd1c: 60007944 sectors in 7500993 FAT32 clusters (4096 > bytes/cluster) > bps=512 spc=8 res=32 nft=2 mid=0xf0 spt=63 hds=255 hid=0 bsec=60125184 > bspf=58602 rdcl=2 infs=1 bkbs=2 > 20m08.34s real 0m00.35s user 0m12.81s system > > As you can see, it takes many minutes, and the elapsed time is much > larger than the CPU time. Looking at top while the command runs shows > that newfs_msdos has PRI -5, its CPU usage fluctuates around 0.5%, > STATE is mostly "sleep" with WAIT being "physio". > > The same happens if I call newfs_ext2fs -I. > > For comparison, `newfs /dev/rsd1c` is almost instantaneous: 0m00.88s > real 0m00.06s user 0m00.16s system. It doesn't work if the disk is IIUC newfs_msdos has to wrote a lot more than FFS2 newfs. And writes to USB drives are not particularly quick on OpenBSD. > already formatted as FAT32, though: I have to call `fdisk -e sd1`, and > reinit, otherwise I get a "can't rewrite disk label" error; I'm not > sure why newfs cares and newfs_msdos doesn't, maybe I'm doing it wrong > somehow. sd1c shouldn't be used for filesystems. It is a special device node for "the entire disk". See disklabel(8). For a single filesystem on a drive, use either a BSD disklabel with an 'a' partition, or a DOS/GPT partition (whuch you can setup with fdisk) and the 'spoofed' partition letter (/dev/sd1i for the first one). > How can I speed the creation of a FAT32 or Ext2 file system up? Maybe increasing block size will help. If not, I don't think there's really much you can do. There's no "quick format" option for newfs_msdos lile there is on Windows. -- Please keep replies on the mailing list.
Re: ncurses in 7.5
On 2024-04-09, f...@disciples.com wrote: > Hello, > > https://www.openbsd.org/plus75.html says: > > Updated ncurses and associated libraries (form, panel, menu) to 6.4-20230826. > > but https://www.openbsd.org/75.html says: > > Ncurses 5.7 > > Is this an oversight or am I overlooking something? Just an oversight. Thanks, updated.
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On 2024-04-09, Why 42? The lists account. wrote:
>
> On Sat, Apr 06, 2024 at 02:42:25PM +0200, Eivind Eide wrote:
>> After upgrading to 7.5 amd64 -stable (and all ports updated) I get
>> these messages in /var/log/messages. This is with bash from ports
>> inside tmux over SSH:
>>
>> tmux: vfprintf %s NULL in "%.*s"
>> bash: vfprintf %s NULL in "%.*s"
>> multitail: vfprintf %s NULL in "%.*s"
>> vim: vfprintf %s NULL in "%.*s"
>
> FYI, I grepped my messages and saw something similar:
> mjoelnir:~ 9.04 14:10:46 % grep printf /var/log/messages
> Apr 4 18:22:26 mjoelnir tumblerd: vfprintf %s NULL in "Unable to find part
> with type='%s' for '%s'"
> Apr 8 13:57:02 mjoelnir wrapper-2.0: vfprintf %s NULL in "day=%s, sun={%s,
> %s, %s, %s}, moon={%s, %s, %s, %s, %s} "
Those aren't much of a surprise - and the strings are unique enough
they should be easy to track down.
It's the one from tmux or more likely libcurses that's a surprise
(and imho more worth looking into).
Re: Upgrade 7.5 /usr full
On 2024-04-09, Ben Jahmine wrote: > Dear all. > > I just did my unattended upgrade to 7.5. I previously checked the > available disk space in /usr, as suggested by the upgrade guide. My /usr > size is 2 GB, as created by the installer. As this is above 1.1 GB I > started the unattended upgrade using sysupgrade. > > The upgrade failed during the extraction of the sets, but managed to > boot into 7.5. Now /usr ist at 105% capacity due to df. > > I assume, this is not supposed to happen? Is this a issue specific to my > setup? Or should /usr simply have more space? Nothing in sysupgrade or the installer checks to make sure that enough space is available and it can fail quite nastily if you run out of space. > Looking forward for some help. That size estimate in the upgrade guide hasn't been updated since OpenBSD 6.6 and is rather optimistic. After extracting a new install (assuming that you have a drive large enough that auto defaults created separate /usr and /usr/X11R6 partitions) you'll have ~1GB of files, so an upgrade from an older version with a drive with 1.1GB total is very likely to fail. 2GB for /usr is a bit tight anyway really - newer versions of the installer auto defaults have taken the other extreme and made it a bit larger than I'd usually want - though as of 7.5 it should be enough as long as old files are cleared out. Some options: - backup, reinstall with adjusted partition sizes, and restore - if there's an empty or unwanted partition immediately after /usr on disk (check disklabel) you could backup, boot an install kernel, drop to the shell, remove the extra partition, adjust size of /usr to take on the extra space, and growfs (hopefully you won't need to restore, but it is best to take precautions) - you could remove old unneeded files from /usr; the sysclean package can help identify these - in particular you're likely to find some old libraries in /usr/lib that are no longer needed and they'll likely be taking up a reasonable amount of space - sysclean will only list libraries if no package depends on them. options include rm or moving them to another filesystem. if you've gone through a few updates, the list will probably be quite long - you'll probably want to redirect to a file and view in an editor. -- Please keep replies on the mailing list.
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On 2024-04-09, Eivind Eide wrote: >>The log message no longer appears after running >> >>cp /usr/share/terminfo/x/xterm-256color ~/.terminfo/x/ > > Indeed! After > mkdir -p ~/.terminfo/t/ > cp /usr/share/terminfo/t/tmux-256color ~/.terminfo/t/ > (and the same for other termcaps used) > those messages are gone from /var/log/messages. That shouldn't be necessary. Given 'if I do "env -i TERM=tmux-256color mutt" mutt opens WITHOUT triggering the message', that implies that one of the other variables set would be triggering it, can you either figure out which one or show the list so someone else can try to replicate it please? -- Please keep replies on the mailing list.
Re: Packages upgrade failure after upgrading to 7.5
On 2024-04-08, Ioan Samarul wrote: > Hello to you all! > > I upgraded without problem to 7.5, everything went smooth as always, > except when I tried to upgrade the packages. > > This are the errors of `doas pkg_add -uV` (there is no version of > firefox installed, if that helps) > > No pkgname in packing-list for .libs1-firefox-esr-91.13.0 > No pkgname in packing-list for .libs1-firefox-esr-102.13.0 > No pkgname in packing-list for .libs-firefox-esr-91.13.0 > Warning: couldn't read packing-list from installed package firefox-119.0 > File /var/db/pkg/firefox-119.0/+CONTENTS does not exist > Error: firefox-119.0 missing from installation You have some corruption in /var/db/pkg. I would try pkg_check and allow it to fix things. > to_install: > lcms2-2.15 => //lcms2-2.15/ > updatedb-0p0 => //updatedb-0p0/ > xz-5.4.5 => //xz-5.4.5/ > zstd-1.5.5 => //zstd-1.5.5/ > tiff-4.6.0 => //tiff-4.6.0/ > quirks-7.14 => //quirks-7.14/ > jpeg-3.0.2v0 => //jpeg-3.0.2v0/ > ImageMagick-6.9.12.96 => ImageMagick-6.9.12.96/ImageMagick-6.9.12.88p0// > lz4-1.9.4 => //lz4-1.9.4/ > libxml-2.12.5 => > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13p2,.libs7-libxml-2.11.5p0,.libs2-libxml-2.11.5p0,.libs-libxml-2.10.4,.libs8-libxml-2.11.5p0,.libs6-libxml-2.11.5p0,.libs-libxml-2.11.5p0,.libs1-libxml-2.11.5p0,.libs3-libxml-2.11.5p0,.libs5-libxml-2.11.5p0// > libiconv-1.17 => //libiconv-1.17/ > to_update: > hwdata-0.374 => /hwdata-0.374// > libebml-1.4.4 => /libebml-1.4.4// > libjxl-0.8.2 => /libjxl-0.8.2// > qtlocation-5.15.10 => /qtlocation-5.15.10// > poppler-data-0.4.12 => /poppler-data-0.4.12// > libavif-0.11.1p0 => /libavif-0.11.1p0// > .libs5-libxml-2.11.5p0 => > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13p2,.libs7-libxml-2.11.5p0,.libs2-libxml-2.11.5p0,.libs-libxml-2.10.4,.libs8-libxml-2.11.5p0,.libs6-libxml-2.11.5p0,.libs-libxml-2.11.5p0,.libs1-libxml-2.11.5p0,.libs3-libxml-2.11.5p0,.libs5-libxml-2.11.5p0// > pkglocatedb-1.5 => /pkglocatedb-1.5// > universal-ctags-6.0.0 => /universal-ctags-6.0.0// > py3-packaging-23.1 => /py3-packaging-23.1// > texlive_base-2022p0 => /texlive_base-2022p0// > py3-ifaddr-0.2.0 => /py3-ifaddr-0.2.0// > xclip-0.13p1 => /xclip-0.13p1// > ffmpeg-4.4.4p2v1 => /ffmpeg-4.4.4p2v1// > aspell-ro-3.3.2v1 => /aspell-ro-3.3.2v1// > py3-regex-2023.6.3 => /py3-regex-2023.6.3// > lua-5.2.4p1 => /lua-5.2.4p1// > aom-3.8.1 => /aom-3.8.1// > xfce4-mailwatch-1.3.1p1 => /xfce4-mailwatch-1.3.1p1// > libvidstab-1.1.0 => /libvidstab-1.1.0// > libev-4.33 => /libev-4.33// > http-parser-2.9.4 => /http-parser-2.9.4// > polybar-3.6.3p0 => /polybar-3.6.3p0// > lua-compat53-0.9 => /lua-compat53-0.9// > texlive_mktexlsr-2022p0 => /texlive_mktexlsr-2022p0// > libheif-1.16.2p0 => /libheif-1.16.2p0// > py3-autocommand-2.2.2 => /py3-autocommand-2.2.2// > libcares-1.19.1 => /libcares-1.19.1// > openal-1.23.1v0 => /openal-1.23.1v0// > tesseract-ron-4.1.0v0 => /tesseract-ron-4.1.0v0// > py3-jaraco.collections-3.8.0 => /py3-jaraco.collections-3.8.0// > gtk+3-3.24.38 => /gtk+3-3.24.38// > p5-Pango-1.227p3 => /p5-Pango-1.227p3// > py3-socks-1.7.1p5 => /py3-socks-1.7.1p5// > sqlite3-3.44.2 => /sqlite3-3.44.2// > libunbound-1.19.1 => /libunbound-1.19.1// > xfwm4-themes-4.10.0p0 => /xfwm4-themes-4.10.0p0// > .libs3-libxml-2.9.13p2 => > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13p2,.libs7-libxml-2.11.5p0,.libs2-libxml-2.11.5p0,.libs-libxml-2.10.4,.libs8-libxml-2.11.5p0,.libs6-libxml-2.11.5p0,.libs-libxml-2.11.5p0,.libs1-libxml-2.11.5p0,.libs3-libxml-2.11.5p0,.libs5-libxml-2.11.5p0// > xfce4-appfinder-4.18.1 => /xfce4-appfinder-4.18.1// > gvfs-1.50.6 => /gvfs-1.50.6// > libvpx-1.13.1v0 => /libvpx-1.13.1v0// > gmp-6.3.0 => /gmp-6.3.0// > json-glib-1.6.6p1 => /json-glib-1.6.6p1// > py3-MarkupSafe-2.1.3 => /py3-MarkupSafe-2.1.3// > .libs-libxml-2.11.5p0 => > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13p2,.libs7-libxml-2.11.5p0,.libs2-libxml-2.11.5p0,.libs-libxml-2.10.4,.libs8-libxml-2.11.5p0,.libs6-libxml-2.11.5p0,.libs-libxml-2.11.5p0,.libs1-libxml-2.11.5p0,.libs3-libxml-2.11.5p0,.libs5-libxml-2.11.5p0// > tracker3-miners-3.6.1 => /tracker3-miners-3.6.1// > py3-charset-normalizer-3.2.0 =>
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On 2024-04-08, Eivind Eide wrote: > 24/04/06 06:04PM, Stuart Henderson: >> The fact that these all started hitting this with the same printf string >> (including tmux, which is in base) makes me wonder if it's coming from a >> library, the most likely being libcurses which was updated between 7.4 >> and 7.5 (which all of those use). >> >> Try to ascertain what's going on when that message is logged. ktrace >> might give some clues. > > Yes, I've been using these apps through numerous releases of OpenBSD > on this apu2 and this have never been triggered until I upgraded to > 7.5. > As pointed out, it also affects prominent members of base; tmux, top, ksh. > What seems to be in common for these apps are the version bump in > libcurses, that would be my guess too. > I tried passing different TERM, no change. I did "env -i mutt" but it > resulted in "Error opening terminal: unknown.". > But if I do "env -i TERM=tmux-256color mutt" mutt opens WITHOUT > triggering the message. > OK. So I've tried to unset various environmental variables one after > another trying to hunt this down to one variable, but so far, no luck! > I don't understand anything 'bout ktrace, but when I have the time I > could try to look into that... It might be easier to try adding them one by one to the env -i line. If you can find the variable that's triggering it then hopefully others will be able to replicate the problem and track it down. -- Please keep replies on the mailing list.
Re: OpenBSD 7.5 bsd.upgrade hangs after sysupgrade
On 2024-04-07, Страхиња Радић wrote: > (manually retyped to avoid large attachments): thank you! > 2. The result of entering `boot -c` at the `boot>` prompt with /bsd.upgrade > having the execute bit set (so 7.5 /bsd.upgrade would boot by default): > > OpenBSD 7.5 (RAMDISK_CD) #76: Wed Mar 20 15:53:54 MDT 2024 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD > real mem = 6277246976 (5986MB) > avail mem = 6082772992 (5800MB) > User Kernel Config > UKC> find radeondrm > UKC> find efifb >41 efifb0 at mainbus0 apid -1 flags 0x0 > UKC> find amdgpu > UKC> > > So it seems that 7.5 /bsd.upgrade doesn't detect nor configure the radeondrm > and amdgpu devices? None of the ramdisk kernels include these large drivers (no difference in that respect between 7.4 and 7.5, or any other release). -- Please keep replies on the mailing list.
Re: ipv6 assistance
On 2024-04-06, Florian Obser wrote: > Someone with pull at UPC^W ziggo^W vodafone^W liberty global could > potentially get that situation improved. Often on an OpenBSD box using one of these connections, you want one or more /64s rather than a host address, I don't think there's an alternative to DHCPv6-PD for that unless the ISP will do static addressing. Though it would be nice if they'd also allow getting a single address via slaac. With NAT that's enough for use on a router too ;) > On 6 April 2024 19:04:52 CEST, Peter Hessler wrote: >>OpenBSD natively supports IPv6 addressing via static configuration and >>SLAAC. We do not have a DHCPv6 client in base, so currently you have to >>use a package for that. A simple daemon that just runs as a PD client would be pretty welcome. At least dhcpcd is nicely privilege-separated (and uses pledge on OpenBSD) though it does have a lot more features than are needed for this common use case. -- Please keep replies on the mailing list.
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On 2024-04-06, Страхиња Радић wrote: > Дана 24/04/06 06:04PM, Stuart Henderson написа: >> The fact that these all started hitting this with the same printf string >> (including tmux, which is in base) makes me wonder if it's coming from a >> library, the most likely being libcurses which was updated between 7.4 >> and 7.5 (which all of those use). >> >> Try to ascertain what's going on when that message is logged. ktrace >> might give some clues. > > Of course, the package containing the code passing NULL to *printf should be > identified first, and the bug report should be sent to that package. It is > entirely possible that it is libcurses or another library. In the case of > dunst, it was dunst. libcurses and tmux are not packages, they are in the base OS. > Passing NULL to *printf is Undefined Behavior in C, and there is a > StackOverflow answer detailing the reasons at [1]. > > [1]: https://stackoverflow.com/a/11589500 Yes. It's very common though, especially when constructing strings for debug logging. I see this a lot with software in the GNOME ecosystem using sprintf for this. That's interesting about the compiler optimisation for printf->puts, though I think it won't be used in many cases where the pointer nay be null so many uses of this won't trigger crashes for that reason. -- Please keep replies on the mailing list.
Re: Migrate to different FS layout of OpenBSD
On 2024-04-06, Kirill A Korinsky wrote: > On Sat, 06 Apr 2024 23:14:39 +0200, > Peter Hessler wrote: >> >> RAID0 is called that because zero is what you'll recover if you lose a >> disk. This is amazingly dangerous, and you're going to have a bad time. >> >> Do a backup, then restore from backup. >> > > I was totally misslead. I mean that I have RAID1 which is know as mirror. > > To be clear: here a two identical servers where I'd like to change FS > layout, and before I go to reinstall everything, I can try this approach. softraid doesn't allow creating a 'degraded mirror' i.e. a single drive that you can later add another drive to make a RAID1. You would need at least one spare drive to do what you want. -- Please keep replies on the mailing list.
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On 2024-04-06, Страхиња Радић wrote: > Дана 24/04/06 02:42PM, Eivind Eide написа: >> tmux: vfprintf %s NULL in "%.*s" >> bash: vfprintf %s NULL in "%.*s" >> multitail: vfprintf %s NULL in "%.*s" >> vim: vfprintf %s NULL in "%.*s" > > This happens in OpenBSD when a program passes NULL pointer to *printf family > of > functions. The bug reports should be directed upstream to individual > packages. The fact that these all started hitting this with the same printf string (including tmux, which is in base) makes me wonder if it's coming from a library, the most likely being libcurses which was updated between 7.4 and 7.5 (which all of those use). Try to ascertain what's going on when that message is logged. ktrace might give some clues. Alternatively try to identify what's triggering it (this isn't normal - I don't recall ever seeing that from tmux/vim myself) - could be an environment variable. Can you reproduce it if you reset the environment (env -i)? How about if you use a different TERM?
Re: How to customise the OS update process
sysupgrade -n
rm /home/_sysupgrade/{x,game}*.tgz
reboot
Though I wouldn't bother unless very constrained on storage space.
A lot of time has been wasted by developers over the years when people
have not installed xbase (or worse, installed an old one but not updated
it) and run into problems with packages.
On 2024-04-06, WATANABE Takeo wrote:
> Hi everyone,
>
> The most common way to upgrade OpenBSD is to use "sysupgrade".
>
> However, I do not want to install certain packages (e.g. game).
> # When the host is built, it is not installed, because the
>
> Is there any way to upgrade to fulfil these wishes?
>
> I wrote "/auto_upgrade.conf" and
> I tried "sysupgrade" with the following in "/auto_upgrade.conf",
> but all packages were installed.
>
> ---
> Location of sets = disk
> Pathname to the sets = /home/_sysupgrade/
> Set name(s) = -x*
> Set name(s) = -game*
> Set name(s) = done
> Directory does not contain SHA256.sig. Continue without verification = yes
> ---
>
> If you have found errors in this method or know of other methods,
> please let us know.
>
> Sincerely yours.
>
> ---
> WATANABE, Takeo
> t...@kasaneiro.jp
>
>
--
Please keep replies on the mailing list.
Re: need help to access my machine after upgrade -- system immediately logs me out
On 2024-04-01, Peter N. M. Hansteen wrote: > > This sounds very much like a situation where the base system and packages > are out seriously of sync AND your user is et up with a default shell from > packages (I am guessing bash). Running out of space (especially in /usr) during sysupgrade might do it too. Or a bad sysmerge run for something like /etc/login.conf. Plenty of possibilities :-)
Re: need help to access my machine after upgrade -- system immediately logs me out
On 2024-04-01, Sandeep Gupta wrote:
>
> However when i tried to log from the console -- the login message shows but
> the system logs me out immediately.
> On the desktop gui too, with only root I was able to login. But running
> xterm from the fvwm menu fails.
> I am a bit clueless as to how to gain access to the system.
Try this:
Boot into single-user mode ("boot -s" at the boot loader prompt)
fsck -p
mount -a -t nonfs
Hopefully that will get you access to the system. You can try looking at
system logs to see if that gives any clues about the problem. TERM won't
be set so you may want to use e.g. "TERM=xterm less /var/log/messages"
etc. $HOME/.xsession-errors might give some clues too.
If you think that updating packages might help then 'sh /etc/netstart'
to get working net and proceed with pkg_add -u as usual.
Re: Bash instead of ksh
On 2024-04-01, Nick Holland wrote: > The pdksh that comes with OpenBSD by default is very good and supports > most of the "fancy" stuff that bash does, but is stock with the system, > so it has no dependencies, no issues at upgrade, and is quite lean ^ This is important. Even if you do move some user accounts to bash, you will regret it if you don't leave an account which you can login to and obtain sufficient privileges to update packages. OpenBSD makes changes reasonably often which require that binaries are recompiled. For those which are in the base OS there's little problem as kernel and userland are usually updated together. For those in packages, it's not unusual for things to break occasionally after system updates until packages are updated. (Not all the time, but once or twice in a couple of years would not be unusual). -- Please keep replies on the mailing list.
Re: I DEMAND TO KNOW (re recent activity)
On 2024-03-31, Peter N. M. Hansteen wrote: > Some recent activity here (you will remember the threads) had me want to post > this earlier, but I was bowled over by a stomach bug and only found the > reference > again now - Just block the senders, ignore the threads and move on.
Re: No coloring with colorls
On 2024-03-29, Karel Lucas wrote: > What should I put in /etc/ttys, taking into account that I regularly use > multiple virtual consoles? And where in that file do I place that? At > the beginning or the end? Or somewhere in between? Replace "vt220" with your preferred option on "console" and "ttyC" lines.
Re: Dell PERC H745
On 2024-03-29, Kapetanakis Giannis wrote: > > There are so many adapters given/updated by Dell every year, maybe we should > update the man pages to add the working ones? Diffs welcome :-) > My BOSS-S1 Modular adapter is detected both on 7.4 and current. > PERC H755 Front is indeed also detected with current. I'm sure it was not > with 7.4 when I tried yesterday. Yes, support was added after 7.4.
Re: No coloring with colorls
On 2024-03-28, Karel Lucas wrote: > > > Op 28-03-2024 om 07:51 schreef Stuart Henderson: >> For the console, use /etc/ttys. >> >> For an X terminal, use whatever mechanism is correct for that terminal >> (.Xdefaults XTerm*termName for xterm). > > The file /etc/ttys is 22.5kB in size and is full of all kinds of "tty** > ...". I don't think this is the right file to use something like that. > It seems to me that you are making the system disrupted/unstable by > doing so. Those "ttys**..." won't vouch for it for nothing. Yes that is exactly the right file. That is what the file is *for*. It sets the console type for various ways of accessing consoles on the system. The "console" and "ttyC*" lines are the ones you want (the additional ones are for various virtual consoles on ctrl-alt-f2, etc). (The "tty0*" are for serial consoles if you have them.) -- Please keep replies on the mailing list.
Re: Dell PERC H745
On 2024-03-28, Hrvoje Popovski wrote: > On 28.3.2024. 11:01, Kapetanakis Giannis wrote: >> I'm looking for a new server to replace our firewall/routing. >> >> Would like to ask if PERC H745 is supported. >> >> mfi(4) lists >> - Dell PERC 5/e, PERC 5/i, PERC 6/e, PERC 6/i, PERC H310, PERC >> H700, PERC H800 >> >> Is this ok? >> >> Trying bsd.rd on a newer server with H755, it was NOT detected. >> On Linux it is shown as >> 65:00.0 RAID bus controller: Broadcom / LSI MegaRAID 12GSAS/PCIe Secure >> SAS39xx >> DeviceName: SL3 RAID >> Subsystem: Dell PERC H755 Front >> >> That is on 7.4, didn't try current. >> >> However the BOSS-S1 adapter with 2 x M.2 sticks was detected >> >> How about HBA330 Mini and/or PERC H730P Mini ? >> >> About CPUs, I'm between Intel Xeon Gold 5315Y @ 3.20GHz vs AMD EPYC 72F3 >> Both are 8 cores, I will put 2 x cpus. Haven't tried EPYC at all but looks >> more performant. >> >> G >> > > Hi, > > don't go with BOSS adapter or HBA330. I have both adapters in lab and > they just don't work. > I have working OpenBSD on PERC H740p, PERC H740P Mini, PERC H330 mini, > PERC H310 Mini. I can't remember but I think that H730p should work. also working: PERC H710 Mini, PERC H755 Front (both mfii)
Re: No coloring with colorls
On 2024-03-27, Karel Lucas wrote: > What is the correct setting, taking into account the coloring of the > directory listing? For the console, use /etc/ttys. For an X terminal, use whatever mechanism is correct for that terminal (.Xdefaults XTerm*termName for xterm). sheesh. > Op 27-03-2024 om 14:02 schreef Stuart Henderson: >> On 2024-03-27, Karel Lucas wrote: >>> It works correctly! My /etc/profile now looks like this: >>> export TERM=xterm-256color >> That is not working correctly, because you forcibly override the correct >> TERM which is set for things like screen/tmux. >> >> For the console, use /etc/ttys. >> >> For an X terminal, use whatever mechanism is correct for that terminal >> (.Xdefaults XTerm*termName for xterm). >> >> > > -- Please keep replies on the mailing list.
Re: No coloring with colorls
On 2024-03-27, Karel Lucas wrote: > It works correctly! My /etc/profile now looks like this: > export TERM=xterm-256color That is not working correctly, because you forcibly override the correct TERM which is set for things like screen/tmux. For the console, use /etc/ttys. For an X terminal, use whatever mechanism is correct for that terminal (.Xdefaults XTerm*termName for xterm).
Re: rm: #08057459: Operation not permitted
On 2024-03-26, deich...@placebonol.com wrote: > > can you share what caused ls to coredump=20 corrupt timestamp. https://marc.info/?t=17114738861=1=2 -> https://marc.info/?l=openbsd-bugs=17114820954=2
Re: configure rad for ULA addresses
On 2024-03-25, Evan Sherwood wrote:
>>> interface igc1 {
>>> prefix fdbf:e79a:8e3e::/48
>>
>> lesser operating systems will refuse to form autoconf addresses if the
>> prefix length is not 64.
>
> Thanks, this was helpful. I got addresses allocated on client machines,
> but they don't seem routable.
> I can ping6 back to my router using the IPv6 address in the prefix
> delegation from my ISP, but I cannot seem to do the same for the
> addresses in my ULA prefix.
Did you configure an address in the ULA prefix on the gateway?
(hostname.if / ifconfig).
> I was following this guide:
> https://www.kuon.ch/post/2022-03-15-openbsd-dhcp-pd/
>
> I modified my /etc/dhcpcd_up.sh to read
>
> ```
> route sourceaddr -ifp igc0
> ```
>
> ... where igc0 is my ISP-facing interface. I assigned a static ULA to
> the same interface as an alias. Not sure if that's relevant, but it felt
> relevant to mention.
>
> On the router, netstat -rn shows a route to my client in the ISP prefix,
> but no route in my ULA prefix.
>
> Is there something additional I need to do to enable communication over
> addresses in my ULA prefix?
>
Better to show what's actually configured (ifconfig -A, rad.conf,
netstat -rnfinet6, etc).
To reach the internet from ULA addresses you'll need NAT. Alternatively
use *both* global and ULA prefixes in rad.conf (or I think you can
use auto prefix). But I don't think you've got that far yet.
--
Please keep replies on the mailing list.
Re: securelevel=2 and mount hardening
On 2024-03-25, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote: > I am curious to hear peoples thoughts on adding some mount(2) > hardening when the system is running at securelevel 2. Specifically: > > * do not allow removing MT_NODEV, MT_NOEXEC, MT_NOSUID, > or MT_RDONLY in conjunction with MNT_UPDATE > > * do not allow MNT_WXALLOWED in conjunction with > MNT_UPDATE > > Currently, if someone does manage to get a root toehold on a host, > they can remove noexec from /tmp as a possible springboard to upload > nasties, and then change /usr from read-only to read-write and > scribble all over your binaries. I think you'd need to disable mount completely, otherwise you can mount a new writable filesystem (e.g. MFS) that doesn't have noexec. -- Please keep replies on the mailing list.
Re: No coloring with colorls
On 2024-03-25, Karel Lucas wrote: > In which configuration file can I change this? Is 'wsvt25' universally > suitable for use? For X, it's configured in your terminal emulator, e.g. for xterm you can use one of these :in .Xdefaults XTerm*termName: xterm-color XTerm*termName: xterm-256color For text console, /etc/ttys. For current OpenBSD versions (7.1 and on) xterm-color should be a reasonable choice too (for older versions, pccon). -- Please keep replies on the mailing list.
Re: No coloring with colorls
On 2024-03-25, Karel Lucas wrote: > Hi all, > > After installing colorls and making some adjustments to the system, I > still have no colored output from colorls. Below I have indicated the > settings that have been made or are present by default. I would like to > know what is wrong and what needs to be improved. > > Default environment: > TERM=vt220 This is a monochrome terminal. Perhaps you want xterm-color. > Added environment: > CLICOLOR=yes > CLICOLOR_FORCE=yes > LSCOLORS=exfxcxdxbxegedabagacad > > -- Please keep replies on the mailing list.
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024/03/24 20:12, Sadeep Madurange wrote: > On 2024-03-24 10:51:51, Stuart Henderson wrote: > > On 2024-03-24, Sadeep Madurange wrote: > > > On 2024-03-24 09:43:07, Stuart Henderson wrote: > > >> Any particular reason to not just run esptool on OpenBSD? It's in > > >> packages.. > > > > > > Unfortunately, the esptool in the packages is for programming ESPs > > > using the Arduino platform. My existing projects for these chips are > > > written in plain C with their native toolchain. Also, I prefer to > > > continue using C if possible. > > > > There are some versions in arduino-related packages, but I was > > thinking of the normal one: > > > > $ pkglocate bin/esptool > > py3-esptool-4.6.2:devel/py-esptool,python3:/usr/local/bin/esptool.py > > esptool is for flashing programs to ESPs. To build them we need the > ESP-IDF, which bootstraps the compiler toolchain, freeRTOS, network > stack, etc., So, the esptool.py alone isn't enough. > > A version of the toolchain is also in the ports tree, but it's more for > Arduino environment. The version is too old to compile the SDK version I > need. I'm trying to build ESP-IDF on OpenBSD, but I haven't managed to > get it working yet. But you already have the build toolchain running in the VM, right? IIUC the part you are having trouble with running in the VM is esptool, not the build toolchain. So, build in the VM, flash from esptool in the host OS. With a bit of NFS or sshfs or something to share the files, and running esptool over ssh (maybe write a dummy esptool script in the guest to ssh and run from the host) it could be pretty well integrated.
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024-03-24, Sadeep Madurange wrote: > On 2024-03-24 09:43:07, Stuart Henderson wrote: >> On 2024-03-17, Sadeep Madurange wrote: >> > I set up a Linux VM on OpenBSD hoping to flash ESP32 programs from >> > the Linux VM. However when I plug the MCU in, I can't see it in the >> > /dev directory. >> >> Any particular reason to not just run esptool on OpenBSD? It's in >> packages.. > > Unfortunately, the esptool in the packages is for programming ESPs using > the Arduino platform. My existing projects for these chips are written > in plain C with their native toolchain. Also, I prefer to continue using > C if possible. There are some versions in arduino-related packages, but I was thinking of the normal one: $ pkglocate bin/esptool py3-esptool-4.6.2:devel/py-esptool,python3:/usr/local/bin/esptool.py
Re: Request for a check 'relinking in progress' before a reboot
On 2024-03-23, Dan wrote: > Eg. actually I was testing changes to my /etc/bsd.re-config ( as per > different thread ), it needs two reboots to apply changes.. Run /usr/libexec/reorder_kernel after your edit.
Re: Request for a check 'relinking in progress' before a reboot
On 2024-03-23, Florian Obser wrote:
>
> diff --git libexec/reorder_kernel/reorder_kernel.sh
> libexec/reorder_kernel/reorder_kernel.sh
> index fb1d151f42a..809d1e18e55 100644
> --- libexec/reorder_kernel/reorder_kernel.sh
> +++ libexec/reorder_kernel/reorder_kernel.sh
> @@ -30,6 +30,14 @@ SHA256=/var/db/kernel.SHA256
> # Silently skip if on a NFS mounted filesystem.
> df -t nonfs $KERNEL_DIR >/dev/null 2>&1
>
> +# Silently skip if battery is less than 50% remaining.
> +# We know nothing of the quality of the powergrid and we do not
> +# want the relink to fail halfway through because of power outage.
> +(( $(/usr/sbin/apm -l) < 50 ))
Don't forget upd(4)! Maybe it could also time an md5 -ttt run and demand
more available battery if the machine is slow.
> +# Disable halt(8) & reboot(8) to prevent interuption of the kernel relink.
> +/bin/chmod 000 /sbin/{halt, reboot}
Also hw.allowpowerdown=0 and shutdown. And what about the watchdog?
> We should also disable panic(9) in the kernel while reorder_kernel is
> running. Maybe a sysctl?
Disabling panic, that's genius, it would solve so many problems!
Re: Trying to access /dev/ttyUSB0 device from VM
On 2024-03-17, Sadeep Madurange wrote: > I set up a Linux VM on OpenBSD hoping to flash ESP32 programs from the > Linux VM. However when I plug the MCU in, I can't see it in the /dev > directory. Any particular reason to not just run esptool on OpenBSD? It's in packages..
Re: Mutt shows ? in place of spaces
On 2024-03-23, Sadeep Madurange wrote: > Hello, > > I see a bunch of question marks instead of spaces (0x20 in ASCII) in > some emails when viewed in mutt. This happens with emails that contains > patches, output of commands like ifconfig (content with indented > blocks). > > Output of locale: > > LANG= > LC_COLLATE="C" > LC_CTYPE="C" > LC_MONETARY="C" > LC_NUMERIC="C" > LC_TIME="C" > LC_MESSAGES="C" > LC_ALL= > > Output of locale charmap: US-ASCII > > I'm using Xterm with DejaVu Sans Mono font. I have set XTerm*utf-8 to > true in Xdefaults. I also tried setting LC_CTYPE=en_US.UTF-8, which > changed the ? in mutt to �. I'm not sure if this is an issue with my > mutt config or some setting in OpenBSD/Xterm. Appreciate ideas for a > fix. Probably something to do with charset settings in .muttrc. FWIW I have "set charset=utf-8" in .muttrc and "export LC_CTYPE=en_US.UTF-8" in .xsession and no issues. > Index: 75.html >=== > RCS file: /cvs/www/75.html,v > retrieving revision 1.10 > diff -u -p -r1.10 75.html > --- 75.html 22 Mar 2024 11:08:09 -?? 1.10 > +++ 75.html 22 Mar 2024 15:22:40 - > @@ -408,6 +408,7 @@ to 7.5. > JDK 8u402, 11.0.22, 17.0.10 and 21.0.2 > KDE Applications 23.08.4 > KDE Frameworks 5.115.0 > +?? KDE Plasma 5.27.10 > Krita 5.2.2 > LLVM/Clang 13.0.0, 16.0.6 and 17.0.6 > LibreOffice 24.2.1.2 Those are places where there are tabs.
Re: DMARC/DKIM and OpenBSD Mailinglists
On 2024-03-22, Odhiambo Washington wrote: > --3aa8dc06143b8cab > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > On Fri, Mar 22, 2024 at 11:18=E2=80=AFAM Stuart Henderson opper.org> > wrote: > >> On 2024-03-21, Roderick wrote: >> > --e4360006142cfd57 >> > Content-Type: text/plain; charset=3D"UTF-8" >> > Content-Transfer-Encoding: quoted-printable >> > >> > Is it not ARC meant to be the solution for >> > this problem? >> >> That was sort-of the idea, but it requires mail server admins to decide >> which ARC signers (i.e. mailing list servers) to trust. Recently gmail >> haven't even been trusting mailing list servers to send emails with the >> same message-id to multiple recipients... >> >> Don't use gmail unless you don't mind missing some mails. >> >> I've got to say, I find the From rewrites less annoying than not >> scrubbing MIME parts, though I'd prefer if Reply-To was set (to >> list+sender, leaving any Mail-Followup-To in place). Many lists have >> done this (often for all senders, not just those with published >> DMARC policy) and, after a period of adjustment to get used to it, >> it's not so bad. >> > > Is there a reason that bars OBSD List Admins from using Mailman3?? No need to, I'd say. That doesn't magically fix anything, is a bit of a nuisance to install and keep updated, and majordomo can be modified anyway.
Re: DMARC/DKIM and OpenBSD Mailinglists
On 2024-03-21, Roderick wrote: > --e4360006142cfd57 > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > Is it not ARC meant to be the solution for > this problem? That was sort-of the idea, but it requires mail server admins to decide which ARC signers (i.e. mailing list servers) to trust. Recently gmail haven't even been trusting mailing list servers to send emails with the same message-id to multiple recipients... Don't use gmail unless you don't mind missing some mails. I've got to say, I find the From rewrites less annoying than not scrubbing MIME parts, though I'd prefer if Reply-To was set (to list+sender, leaving any Mail-Followup-To in place). Many lists have done this (often for all senders, not just those with published DMARC policy) and, after a period of adjustment to get used to it, it's not so bad.
Re: unbound signature expired
On 2024-03-18, Evan Sherwood wrote: >> Wild guess, your time is off. > > Huh, I think you're right. `date` shows me 7 hours ahead of my timezone. > > I restarted ntpd and I see no errors in /var/log/daemon, but the time is > still off. I should be 1200 PDT but it's showing me as 1900 PDT (not > UTC). > > What do I do to fix this? Pretty sure I had set my timezone to > America/Los_Angeles when I installed OpenBSD. ntpd will take ages to correct that much offset (it can set the clock _forwards_ more quickly to the time of a trusted server at startup, but not backwards). You can use rdate to jump the clock instead. -- Please keep replies on the mailing list.
Re: UKC> disable "smth"
On 2024-03-16, Nick Holland wrote: > IF you want to make changes to disk, use "config -ef" from > the booted system, then write your changes to disk. Then > you can either use config -ef to re-enable a device, or just > copy over an unmodified kernel. > > Be aware that altering the kernel binary will "break" the > Kernal Address Re-Linking (KARL). There are fixes for this, > HOWEVER, I'm not sure what your goals are here in tweaking > your kernel like this, but I'm guessing breaking KARL isn't > your biggest problem you are about to create for yourself. in the few cases where this does make sense: add to bsd.re-config(5) and run /usr/libexec/reorder_kernel by hand > This probably isn't something you want to be doing. yep. -- Please keep replies on the mailing list.
Re: mailman on OpenBSD - linking problem
On 2024-03-16, Odhiambo Washington wrote: > > On Sat, Mar 16, 2024 at 3:57=E2=80=AFPM Mark wr= > ote: > >> On Wed, Mar 13, 2024 at 5:44=E2=80=AFPM Odhiambo Washington il.com> >> wrote: >> >>> >>> This is why I suggested he should run Mailman3 from the word go. >>> >>> >>> >> It looks almost impossible to setup Mailman3 on OpenBSD. >> >> No, this is not working at all; >> https://xn--gckvb8fzb.com/mailman3-on-openbsd-71/ >> >> Any other tutorial I could try? >> >> Thank you. >> > > What exactly isn't working for you? Yes, this is a key thing when asking questions. Saying "No, this is not working at all" followed by a URL is not much help. Copy text from a terminal, showing _what commands you ran_ and _what you saw_. > The setup is actually pretty easy. mailman itself should be fairly easy to get installed in a venv, but mailman-web pulls in cryptography and that can be problematic sometimes. Trying to build that via pip isn't working at the moment in -current: error: failed to run custom build command for `openssl-sys v0.9.99` ... This crate is only compatible with OpenSSL (version 1.0.1 through 1.1.1, or 3), or LibreSSL 2.5 through 3.8.1, but a different version of OpenSSL was found. The build is now aborting due to this version mismatch. - so you'll probably have better luck by installing py3-cryptography from packages (when built in ports, openssl-sys is automatically patched to fix this problem), and when you create the venv, use --system-site-packages to allow the system package to be used. *However*, if you're doing this on a system which already has various python packages installed, using this may result in some conflicts with other software, so if you run into problems from that and can't uninstall the relevant package, you may need to use a fairly clean machine. (The ideal thing would be to get mailman updated to 3.x in ports, but looking at 'pip list' after installing mailman and mailman-web in a venv, there are 84 modules installed, getting on for 40 not in ports yet, and some of the others probably need updating - possibly with a ripple effect on other ports - so it's a lot of work; running in a venv with most things installed via pip is a saner option). -- Please keep replies on the mailing list.
Re: Unable to get ip6 address
On 2024-03-15, Hari wrote: > --MNLCWRX1LHJQ0WPDBV4OIGW5JIHZDB > Content-Type: text/plain; > charset=utf-8 > Content-Transfer-Encoding: quoted-printable > > I have uses mtw wifi firmware=2E > > I don't know what do you mean by multicast=2E I works perfectly fine with = > linux=2E If you don't want to provide enough information that might give clues to people who are trying to help (https://www.openbsd.org/report.html) then I suggest you run Linux on it. -- Please keep replies on the mailing list.
