Re: Keeping OpenBSD installation clean
If you're doing this development in a VM, take a snapshot before making those littering changes. Then revert when you're done. On Fri, Apr 4, 2014 at 2:29 AM, Denis Fondras wrote: > Hello all, > > I am using OpenBSD to test multiple softwares of any kind (that might > become ports in the future) and I get to install many dependencies and > my system becomes rotten and bloated with unused libraries and chunks > pretty fast. > So I end up reinstalling the system more often than I can handle to > clean conflicting libraries. > > What is the (porter's) preferred way to keep the system clean ? > > Thank you in advance, > Denis
Re: mac mini
There are many generations of Mac Mini. I have a i386 Core Duo (read: old) that ran OpenBSD. I have a macppc (read: older) that also runs OpenBSD quite well. I have wired Ethernet, so I wasn't concerned with wireless. I can't comment on that. On Wed, Nov 20, 2013 at 1:09 PM, Friedrich Locke wrote: > Does anyone here run Open/FreeBSD on mac mini ? > > Does the OS fully supports macmini hadrwared ? > > Thank you for the answers. > > Fried.
Re: snapshot ssh: ChrootDirectory sftp Connection closed
I observed the same thing. Adding "UsePrivilegeSeparation no" to my sshd_config allowed connections. I haven't been able to troubleshoot this further. On Tue, Apr 16, 2013 at 6:07 AM, Ville Valkonen wrote: > On 16 April 2013 07:25, f5b wrote: >> server >> kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 MDT >> 2013 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> >> /etc/ssh/sshd_config >> only add after last line >> >> Match Group share >> ForceCommand internal-sftp >> ChrootDirectory /home/chroot/ >> >> # sshd -t ##ok >> >> # mkdir /home/chroot/ >> >> # adduser share >> >> frome other machine, >> the user share can not sftp to the server, >> but same config in Mar 1 snapshot, sftp is ok. >> > > Hi, > > same observations here. > > -- > Sincerely, > Ville Valkonen
Re: openbsd and vmware
The only problem I ever had with running OpenBSD with ESX/i was doing snapshots for backups with BackupExec. With the vmt(4), vCenter and BackupExec *think* that VMware Tools is running and try to quiesce the VM before backing it up. That fails, so the backup fails. Disabling the vmt(4) driver in the kernel allowed vCenter/BackupExec to see OpenBSD as a non-compatible "snapshot capable" system (even though I could take snapshots in general) and would back it up. On Tue, Feb 5, 2013 at 9:53 AM, Bentley, Dain wrote: > I've personally never has issues and performance is good. I've been running a > php-fpm/nginx stack with OpenBSD and VMware and performance has been great. > Only issue is the tools install. I've had issues with that but it runs fine > without it. I've also run it on KVM and found VMWare to be better. I have > iSCSI storage with ZFS as a backend and can't complain > > Sent from my Android phone using TouchDown (www.nitrodesk.com) > > -Original Message- > From: Bogdan Andu [bo...@yahoo.com] > Received: Tuesday, 05 Feb 2013, 6:04am > To: misc@openbsd.org [misc@openbsd.org] > Subject: openbsd and vmware > > Hello, > > A few questions related to openbsd and vmware. > > > What are the best practices to run OpenBSD in vmware? > > Are there any known problems one should take into consideration before > virtualization? > > I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. > > It is possible to create a virtual machine from one already running apart from > installing the os in vm and then migrating and installing all applications? > > Thank you in advanced, > > Bogdan
Re: virtualization
For CARP, you need to enable promiscuous mode on your vSwitch. On Jan 5, 2013 5:44 AM, "Aaron Mason" wrote: > On Sat, Jan 5, 2013 at 8:47 PM, Alan Cheng wrote: > > I've been using virtualbox to run OpenBSD for over 2 years and I'm happy > > with it. The only issue I had is when I have more than 3 snapshots for a > > guest OS (OpenBSD or others) and its hard disk is 20+G, VM export seems > > not work. > > > > I tried VMWare Workstation and it works great too for OpenBSD, but since > > Virtualbox does not cost any money, I stick with it. > > > > > > On Sat, Jan 5, 2013 at 7:42 AM, Friedrich Locke > > wrote: > > > >> Hi folks! > >> > >> I have a windows desktop and would like to install a virtualization > >> software in order to have two virtual machine. I pretend to install > OpenBSD > >> on both of them. > >> > >> Which virtualization solution would be the best one for OpenBSD to run > on ? > >> > >> Thanks. > > > > Had no problems with the free VMware Server and VMware ESXi - although > the latter seemed to struggle with DHCP over CARP, which I'm assured > has no excuse not to work... > > -- > Aaron Mason - Programmer, open source addict > I've taken my software vows - for beta or for worse
Re: openBSD 5.2 amd64 on lenovo x201s
Interestingly, I believe the last time I suspended my T510 and resumed, my USB ports did have power. I'l double check when I get home. On Thu, Jan 3, 2013 at 12:40 PM, Jes wrote: > And probably no power on usb ports after resume, like my T410. > > BR > > Jes
Re: Upgrading OpenBSD
On Mon, May 21, 2012 at 9:43 PM, Richards, Toby wrote: > OpenBSD does have an Upgrade > option, but does it upgrade the installed packages? pkg_add -ui
Re: chromium can't start since two snapshots
On Sat, May 19, 2012 at 6:58 AM, Peter N. M. Hansteen wrote: > Here, on amd64, removing only the .config/chromium/SingletonLock did the > trick. It would have taken me a while to infer that from the error > message, though ;) Hopefully this will fix it: http://marc.info/?l=openbsd-ports-cvs&m=133727364220056&w=2 -ME
Re: authorized_keys and security(8)
On Thu, May 3, 2012 at 5:43 PM, Alexander Hall wrote: > I'm not sure about this. The check in security is there for a reason. If you > want to bypass it, it might be better to have to do it manually. > > The inconsistancy is annoying though, as is the "*"-trick, which > I believe is merely a way to make it seem like a password while it is not. I see two separate issues. 1. The two ways to add users are inconsistent. 2. The security script may not be doing what it's supposed to if the password is "*". So, I think either my diff should go in or we should change useradd. And/or maybe the security script should bitch if your password is "*". -ME
Re: authorized_keys and security(8)
On Thu, May 03, 2012 at 02:48:14PM -0400, Mike Erdely wrote:
> FYI: For a test, I added "foo" with useradd(8) and "bar" with adduser(8):
> # grep -E "(foo|bar)" /etc/master.passwd
> foo:*:1002:1002::0:0::/home/foo:/bin/ksh
> bar:*:1003:1003::0:0:bar:/home/bar:/bin/ksh
>
> Looks like useradd does the right thing and adduser does not.
With the diff below I added baz:
foo:*:1002:1002::0:0::/home/foo:/bin/ksh
bar:*:1003:1003::0:0:bar:/home/bar:/bin/ksh
baz:*:1004:1004::0:0:baz:/home/baz:/bin/ksh
ok?
Index: adduser.perl
===
RCS file: /cvs/src/usr.sbin/adduser/adduser.perl,v
retrieving revision 1.58
diff -u -p -r1.58 adduser.perl
--- adduser.perl22 Sep 2011 10:59:23 - 1.58
+++ adduser.perl3 May 2012 19:00:17 -
@@ -800,7 +800,7 @@ sub new_users {
if (&new_users_ok) {
$new_users_ok = 1;
- $cryptpwd = "*";# Locked by default
+ $cryptpwd = "*";# Locked by default
$cryptpwd = encrypt($password, &salt) if ($password ne "");
$log_cl = "" if ($log_cl eq "default");
Re: authorized_keys and security(8)
On Thu, May 3, 2012 at 2:16 PM, Tyler Morgan wrote: > On 4/25/2012 5:11 PM, Stuart Henderson wrote: >> On 2012-04-24, Tyler wrote: >>> My problem is security(8) complains about this every day: >>> "Login admin is off but still has a valid shell and alternate access >>> files in home directory are still readable." >> >> vipw and set the crypted password to 13 *'s. pretty sure the old >> /etc/security script did the same thing in this respect. > > Thanks for the help. > > This worked -- security is no longer whining about the accounts -- and I > found the proper documentation in passwd(5). FYI: For a test, I added "foo" with useradd(8) and "bar" with adduser(8): # grep -E "(foo|bar)" /etc/master.passwd foo:*:1002:1002::0:0::/home/foo:/bin/ksh bar:*:1003:1003::0:0:bar:/home/bar:/bin/ksh Looks like useradd does the right thing and adduser does not. -ME
Re: Enough is enough!
On Sun, Nov 07, 2010 at 12:52:19PM -0500, Steve Shockley wrote: > On 11/2/2010 3:13 PM, bsdmas...@hushmail.com wrote: > >You've been warned. > > That's awesome! I'm going to end all my messages with that now, no > matter what the subject. > > You've been warned. Steve, As stupid as this thread has been, you made me laugh out loud. Literally. -ME You've been warned.
Re: undeadly article
On Tue, Aug 17, 2010 at 07:30:55PM +0300, Paul Irofti wrote: > jcr, please forgive my fellow romanian as us gypsies don't get to travel > much and don't know the mysteries of these flying birds and their inner > workings. Gypsies who don't travel, eh? -ME
Re: power management of USB-connected disks
On Tue, Jul 20, 2010 at 03:14:40PM +1000, David Gwynne wrote: > On 20/07/2010, at 2:48 AM, Jan Stary wrote: > > > I wonder whether there is something like atactl(8) that I could use > > to control the power management of these disks - spin them down > > when not used etc, to reduce noise and heat (I have yet to measure > > if it would also mean a nontrivial power saving). > > there is a (very very) slight chance that the chip that translates from scsi > over usb to ata on the actual drive supports the ATA PASSTHRU scsi commands, > which the openbsd kernel will now try. this means you might be able to run > atactl against those disks. > > you will need a -current system to try that with though. > > considering how budget those usb to ata chips are, i wouldnt hold much hope. > > dlg For what it's worth, I use two different USB disks on my server that are used in a similar fashion to Jan. And, there is always a short delay before using the disks for the first time after a long period of inactivity. So, I think they are sleeping. -ME snippet from dmesg: umass0 at uhub0 port 3 configuration 1 interface 0 "Western Digital External HDD" rev 2.00/1.06 addr 2 umass0: using SCSI over Bulk-Only scsibus2 at umass0: 2 targets, initiator 0 sd1 at scsibus2 targ 1 lun 0: SCSI2 0/direct fixed sd1: 476940MB, 512 bytes/sec, 976773168 sec total uhidev0 at uhub0 port 3 configuration 1 interface 1 "Western Digital External HDD" rev 2.00/1.06 addr 2 uhidev0: iclass 3/0 uhid0 at uhidev0: input=1, output=2, feature=0 umass1 at uhub0 port 4 configuration 1 interface 0 "Western Digital My Book" rev 2.00/1.75 addr 3 umass1: using SCSI over Bulk-Only scsibus3 at umass1: 2 targets, initiator 0 sd2 at scsibus3 targ 1 lun 0: SCSI2 0/direct fixed sd2: 953869MB, 512 bytes/sec, 1953525168 sec total
Re: Set dhcp from command line?
On Thu, Jul 08, 2010 at 10:15:26AM -0500, Chet Langin wrote: > I would like to set DHCP for an interface > from the command line. I have tried... > > # ifconfig re0 dhcp > > ..and I get this error... > > ifconfig: dhcp: bad value > > Using version 4.5. > > Can anyone tell me how to do this? Try `dhclient re0` -ME
Re: Building bacula-fd on OpenBSD 4.5
On Wed, Oct 14, 2009 at 05:41:42PM -0300, Daniel Bareiro wrote: > Apparently the same happens with FreeBSD 4.9. Some BSD make > implementations can't handle Bacula's makefiles. Using GNU make I no > longer have the mentioned problem. > > Thanks to both for your replies. Yeah. Looking at the port would have helped there too (USE_GMAKE=Yes). -ME
Re: Building bacula-fd on OpenBSD 4.5
You should be able to look at the port in -current to see which configure options to use. -ME On Sun, Oct 11, 2009 at 09:47:41PM -0300, Daniel Bareiro wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, all! > > I'm trying to compile Bacula 3.0.2 with the source code from the > official site. For it I've dowloaded the bacula-3.0.2.tar.gz file. > > I did the configuration using the following syntax: > > # ./configure \ > --prefix=/usr \ > --sbindir=/usr/sbin \ > --sysconfdir=/etc/bacula \ > --with-scriptdir=/etc/bacula/scripts \ > --enable-smartalloc \ > --with-openssl \ > --enable-client-only \ > --with-working-dir=/var/lib/bacula \ > --with-pid-dir=/var/run \ > --with-subsys-dir=/var/lock > > But after executing: > > # make -j6 > > I get some error messages: > > fugu:/tmp/bacula-3.0.2# make -j6 > ==>Entering directory /tmp/bacula-3.0.2/src > ==>Entering directory /tmp/bacula-3.0.2/scripts > ==>Entering directory /tmp/bacula-3.0.2/src/lib > Compiling res.c > Compiling lockmgr.c > Compiling breg.c > Compiling address_conf.c > Compiling parse_conf.c > Compiling htable.c > Compiling tls.c > Compiling rblist.c > Compiling smartall.c > Compiling var.c > Compiling signal.c > Making libbaccfg.la ... > /tmp/bacula-3.0.2/libtool --silent --tag=CXX --mode=link /usr/bin/g++-o > libbaccfg.la parse_conf$(DEFAULT_OBJECT_TYPE) res$(DEFAULT_OBJECT_TYPE) > -export-dynamic -rpath /usr/lib -version-info 1:0:0 > > /bin/sh: DEFAULT_OBJECT_TYPE: not found > > /bin/sh: DEFAULT_OBJECT_TYPE: not found > > g++: no input files > > *** Error code 1 > > Stop in /tmp/bacula-3.0.2/src/lib: > > Exit status 1 (libbaccfg.la, line 234 of Makefile) > > > > == Error in /tmp/bacula-3.0.2/src/lib == > > > ==>Entering directory /tmp/bacula-3.0.2/src/findlib > Compiling mkpath.c > Compiling fstype.c > Compiling create_file.c > Compiling enable_priv.c > Compiling drivetype.c > Compiling bfile.c > Compiling attribs.c > Compiling find_one.c > Compiling match.c > Compiling find.c > Compiling savecwd.c > make: make: don't know how to make ../lib/libbac.la. Stop in > /tmp/bacula-3.0.2/src/findlib. > > > == Error in /tmp/bacula-3.0.2/src/findlib == > > > ==>Entering directory /tmp/bacula-3.0.2/src/filed > Compiling verify.c > Compiling verify_vol.c > Compiling job.c > Compiling restore.c > Compiling pythonfd.c > Compiling status.c > Compiling heartbeat.c > Compiling filed_conf.c > Compiling filed.c > Compiling fd_plugins.c > Compiling estimate.c > Compiling backup.c > Compiling authenticate.c > Compiling acl.c > Compiling accurate.c > Compiling xattr.c > make: make: don't know how to make ../findlib/libbacfind.la. Stop in > /tmp/bacula-3.0.2/src/filed. > > > == Error in /tmp/bacula-3.0.2/src/filed == > > > ==>Entering directory /tmp/bacula-3.0.2/src/console > make: make: don't know how to make ../lib/libbac.la. Stop in > /tmp/bacula-3.0.2/src/console. > > > == Error in /tmp/bacula-3.0.2/src/console == > > > ==>Entering directory /tmp/bacula-3.0.2/src/plugins/fd > /tmp/bacula-3.0.2/libtool --silent
Re: 4.6 will be released on October 1st?
On Wed, Aug 12, 2009 at 02:22:44PM +0800, Uwe Dippel wrote: > At least, that's what the website says at http://openbsd.org/46.html > True or typo? (I'd expect November 1st.) True.
Re: the openbsd mug
This. Was. Awesome. On Sun, Aug 09, 2009 at 07:03:10PM +0930, David Walker wrote: > > hi, > > > i just ordered my 4.6 preordre from openbsdeurope.com > > > i also got the new mug. is this the same mug that openbsd sell on > > openbsd.org? > > > will there be a new mug design for each future releases? > > > thanks in advance > > > --robbo > > Have you checked it? > Really tested it? > I think you've been had. > > Do you know what the problem is? > There's a handle on the side! A handle! > The tray on my cup holder is round. Round! > Even those FreeBSD morons know not to put a handle on the side: > http://www.cafepress.com.au/FreeBSD_Users.317118537 > They can't make an operating system worth spit but at least they get > the beverage part right. > Frankly they're as dumb as you but you guys are dumber. > Way dumber. > > How can you make release mug with a handle? > http://www.openbsd.org/mug.html > Idiots. > > And before any of you lowlifes ask the problem is not my end. > I use it the same as any other mug. > I've been doing this for a long time (drinking) and the problem is at your > end. > Nothing is different at my end. > Well I got a new tray but that wouldn't ever make any difference. > Of course it's a new mug also and I haven't checked the product > description but hey that never stopped me calling other people idiots. > > You guys are a bunch of clowns. > You'll never get anywhere. > Frankly your ship has got a flat tyre and the lights are on. Yes the > lights are ON! > It's your fault "developers". > BrokenBSD. > > Big hiya to PJ. > I'm on your side. > http://www.radio-active.net.au/blog/2005/05/beerserver.jpg > > Best wishes.
Re: Delete packages with dependencies
On Tue, Aug 04, 2009 at 11:11:17AM -0400, Luis Useche wrote: > Hello Guys, > > I was wondering if there is some tool that delete the packages > specified along with their "deletable" dependencies. Deletable means > packages that pkg_add added automatically (as dependencies of the > installed one) and are not dependency of another package. This will > ensure (in most of the cases) that you don't end up with a system with > unnecessary packages. > > I couldn't find in pkg_delete(1) any option that implements the > previous semantic. Here's what I do (it's kinda silly): $ /bin/ls -1a /var/db/pkg/ | grep -Ev "^(\.|\.\.)$" > plist $ vi plist # remove pkgs I want to KEEP (vim, ...) $ for f in `cat plist`; do sudo pkg_delete $f; done $ for f in `cat plist`; do sudo pkg_delete $f; done $ for f in `cat plist`; do sudo pkg_delete $f; done $ for f in `cat plist`; do sudo pkg_delete $f; done Keep running that until nothing gets removed. It's a hack, but it does what I want. If something in plist is a dependency, it won't get removed. -ME
Re: tmux vs screen questions
On Thu, Jul 16, 2009 at 12:46:44AM +0200, frantisek holop wrote: > but i can't seem to be able to send a "real" ^x > to the window. screen's "escape" command lets me > set that if i press ^x x (control-x, followed by > a single x) the terminal gets sent a sequence of ^x Add 'bind x send-keys ^x' (without the quotes) -ME
Re: Winbind & Samba on OpenBSD
On Wed, Jul 08, 2009 at 11:32:46AM +0100, Edd Barrett wrote: > On Tue, Jul 07, 2009 at 10:28:34AM -0400, Jason Beaudoin wrote: > > > Did you have a look at www.kernel-panic.it ? There are some tutorials. > > > > yes, there's some helpful info for samba, but I haven't yet seen anything > > related to winbind.. unless my google foo needs some work. > > Winbind is a PAM plugin. OpenBSD does not use this mechanism. Winbind depends on the use of nsswitch.conf. > I don't know if ypldap can be used to talk to AD? That's its purpose (to be used with LDAP) and Active Directory is a bastardized^wenhanced implementation of LDAP. Along with login-ldap, ypldap should give you the same functionality as winbind, afaik. But, winbind is useful with integrating Windows-based authentication with applications such as squid (but it's been years since I've done that). -ME
Re: balsa not in ports?
A very recent submission (not yet clearly linked) to the OpenBSD website is the ports handbook. You should check it out: http://www.openbsd.org/faq/ports/ I await your submission for the port you'd like. -ME On Tue, Jun 23, 2009 at 12:15:21AM -0400, Eric d'Alibut wrote: > On Mon, Jun 22, 2009 at 10:29 PM, Daniel Dickman said, > > > Eric, attached is a starting point if you -- or someone else -- want > > to finish the work to get balsa ported over. The patches are quick > > hacks to get it to compile (so you'll need to investigate why it > > doesn't compile and fix properly) and dependencies need to be set > > It does compile here, on a stock > > $ uname -a > OpenBSD trollboy.legomenon.org 4.5 GENERIC#1749 i386 > > system. I should hasten to add that is also _runs_, although my test > drive has been hardly down the driveway yet. All this even after I > added to the Makefile: > > --with-gpgme=yes \ > --with-ssl \ > > Libesmtp is another matter. Just as an fyi, I can report that the > off-the-shelf tarball of libesmtp-1.0.4 fails to build with: > > gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -pthread -std=c99 -pedantic -g > -O2 -pthread -std=c99 -pedantic -g -O2 -MT headers.lo -MD -MP -MF > .deps/headers.Tpo -c headers.c -fPIC -DPIC -o .libs/headers.o > headers.c: In function `print_message_id': > headers.c:161: error: storage size of `tv' isn't known > headers.c:170: warning: implicit declaration of function `gettimeofday' > gmake[2]: *** [headers.lo] Error 1 > gmake[2]: Leaving directory `/usr/local/src/libesmtp-1.0.4' > gmake[1]: *** [all-recursive] Error 1 > gmake[1]: Leaving directory `/usr/local/src/libesmtp-1.0.4' > gmake: *** [all] Error 2 > > OpenBSD ships with sendmail so the loss of smtp ought not be a > deal-breaker, yes? > > > -- > No no no, my fish's name is Eric, Eric the fish. He's an halibut. I am > not a looney! Why should I be tarred with the epithet looney merely > because I have a pet halibut?
Re: ping asking for root privilege.
On Sat, May 23, 2009 at 05:36:30PM -0300, Christiano Farina Haesbaert wrote: > I've update my base system and now everytime I ping something it gives > me a permission denied, if I run as root, averything is fine. Is it safe to assume that you updated your base system using tar? Did you forget the -p flag for tar? /sbin/ping is an SUID binary. -ME
Re: Help with PKG_PATH=
On Thu, May 14, 2009 at 01:39:13PM -0700, Fortunato wrote: > # pwd > /root/Desktop > # ls -l openbgpd-4.4.1.tgz > > -rw-r--r-- 1 root wheel 163070 May 13 18:08 openbgpd-4.4.1.tgz > # export PKG_PATH=/root/Desktop > # pkg_add openbgpd-4.4.1.tgz > > Can't find openbgpd-4.4.1.tgz > /usr/sbin/pkg_add: openbgpd-4.4.1.tgz:Fatal error openbgpd is not a package. It's included in the base operating system (assuming you're running OpenBSD). $ which bgpd /usr/sbin/bgpd -ME
CapBUG OpenBSD 4.5 Release Party in Columbia, MD USA
CapBUG is hosting an OpenBSD 4.5 Release Party at Victoria Gastro Pub [http://www.victoriagastropub.com/] in Columbia, MD USA [http://tinyurl.com/victorias] on Thursday, May 14, 2009 at 6:30 PM EDT. Please join us for a Lagunitas Undercover Investigation Shut-down Ale (or some other beverage). Please RSVP either by replying on the mailing list (or email i...@capbug.org if you are not subscribed). Hope to see you there, -ME
Re: Unable to mount CD/DVD-RW drive in OpenBSD 4.4/i386.
On Thu, Apr 23, 2009 at 12:13:06PM -0700, minsai0...@yahoo.com wrote: > /dev/cd0a /mnt/cdrom cd9660 ro,noauto 0 0 Does /mnt/cdrom exist?
Re: BSD User Group in Spain | Grupo de Usuarios de BSD en Espanya.
If you can't get a mailing list set up, I can host a list for you on metabug.org. You can also send meeting information (and other posts) to i...@metabug.org and we'll post them to http://metabug.org/ This goes for anyone who is interested in setting up a BUG but doesn't have the resources for a website/mailing list. -ME On Mon, Apr 20, 2009 at 12:22:50PM -0300, Gonzalo Lionel Rodriguez wrote: > http://OpenBSDeros.org ;) > > 2009/4/20 Gilles Chehade : > > On Mon, Apr 20, 2009 at 08:43:30AM +0200, Daniel Andersen wrote: > >> [English] > >> Hello everyone. As an OpenBSD user bordering zealotry (especially > >> during heated discussions) who is living in Spain, I suggest any of us > >> who also live in that country start a BSD User Group. Although I can't > >> really afford to host a website for it at the moment, and local User > >> Groups usually make more sense, I'm all for the creation of a national > >> (or, more correctly, nation-wide) BUG. Contact me (or simply post to > >> this thread) if you would like to discuss the idea. > >> > >> [Spanish] > >> Hola a todos. Como usuario de OpenBSD al borde del fanaticismo > >> (especialmente en discusiones acaloradas/apasionadas) residente en > >> Espanya, sugiero a todos aquellos que tambien vivimos en este pais que > >> fundemos un Grupo de Usuarios de BSD. Aunque en este momento no puedo > >> permitirme alojar una pagina web para el grupo, y en la mayoria de los > >> casos los Grupos de Usuarios _locales_ tienen mas sentido, creo que > >> seria agradable tener un GUB nacional (en el sentido de "no > >> especializado en ninguna region en particular). Contacta conmigo (o > >> simplemente escribe a esta thread) si quieres hablar sobre la idea. > >> > >> > >> If you speak both English and Spanish, be amused at my strange > >> translation. Go Sapir-Whorf! > >> > > > > Let me know if a spanish BUG gets created, and count me in ;-) > > > > Gilles > > > > -- > > Gilles Chehade > > http://www.poolp.org/~gilles/
Re: I can't download OpenBSD 4.5, "550 /pub/OpenBSD/4.5: Permission denied."
On Thu, Apr 16, 2009 at 10:31:41PM +0200, Juan Jimenez Galdos wrote: > Hi. I want download OPenBSD 4.5 but i can't. I try to enter in the directory > but it says "550 /pub/OpenBSD/4.5: Permission denied." The others > directories work well. > > Thank you very much. OpenBSD 4.5 will be released on or about May 1.
Re: screen(1) on boot
On Wed, Apr 08, 2009 at 04:58:38PM -0400, Nick Guenther wrote: > I'm trying to make my torrents get started with my server. A script is > at http://ubuntuforums.org/archive/index.php/t-859543.html that starts > it up in a detached screen session, but obviously the linux-ism of > that script won't work here. I pulled out the important bits and just > to start off wrote this script which I placed in ~/bin/scr: > #!/bin/sh > TAG=TAG=`date +%H%M%S` > sudo -u kousu -H /usr/local/bin/screen -d -m -S $TAG > > If I run this script as myself or as root (to simulate running as > /etc/rc) it works: > $ sh bin/scr > $ screen -ls > There is a screen on: > 21423.152001(Detached) > 1 Socket in /tmp/uscreens/S-kousu. Try the @reboot entry in your personal crontab. That's how I get my tmux session going. And switch to tmux, it's better. :) -ME
Re: I can't connect to Internet
On Mon, Apr 06, 2009 at 10:01:46PM +0200, Jose P.G wrote: > Ok, Internet is working. But i have the same problem. The strange is that i > can connect to the ftps when i am installing openbsd4.4, but not when i am > doing this. pkg_path is correct so i suppose that i am making an error > writing, though all i do is "export pkg_path= > ftp://ftp.openbsd.org/ub/openbsd/4.4/packages/i386/"; and "pkg_add gnome2". > > What could be doing this? Thank you very much. Assuming that you're not copy and pasting and are just typing the URL wrong in your email, try `export PKG_PATH=ftp://...` -ME
Re: Multiple obsd installations on one harddrive
On Fri, Mar 27, 2009 at 12:38:27AM +0100, misc(at)openbsd.org wrote: > I have a question regarding openbsd and partitions. I want to have more > than one obsd installation on one harddrive. The idea behind that > question ist to be able to install a newer release in parallel, chroot > into it, compile stuff, install packages etc and boot into that > partition when it's done. I want to avoid onside reinstallations (and I > don't want to have several old versions of libs, in short, the default > patch-way). > I don't know if that is a good idea, perhaps there is a much easier way. Here's how I did it: http://erdelynet.com/tech/openbsd/2nd-install-1-disk/
Re: PF Seems To Reload Its Default Rules Unexpectedly
On Mon, Mar 09, 2009 at 08:10:00AM -0700, Dag Richards wrote: > Interesting, that is brings up a question for me... what do we do in > this case? My ISP seems to be content to give the same ip back over and > over again. If they did not is there something I can do besides monitor > my $ext_if and reload the rules on ip addr change? ($ext_if)
Re: man windowrc
On Sun, Mar 01, 2009 at 06:29:36PM -0500, punoseva...@gmail.com wrote: > Is there are chance that somebody writes a man pages for windowrc? I am > finding that launching more than 2 windows in the same console (which > is the default number) is quite cumbersome at least > comparing to dtwm. I found only one thread about the topic > http://archive.openbsd.nu/?ml=openbsd-misc&a=2008-06&m=7658403 > on the net which is useful but not a substitute for man pages. > Due to the generic nature of the term window have developers thought of > changing the name of the console manager from the base. Take a look at tmux in ports/packages. -ME
Re: sftp chroot ?
On Mon, Feb 23, 2009 at 04:21:01PM -0500, Michael W. Lucas wrote: > On Mon, Feb 23, 2009 at 07:33:23PM +0100, Jean-Francois wrote: > > - Is it possible to chrrot only some users ? > > I don't believe so. You could look at scponly, it can chroot users. > It's an add-on shell, not in ports, has not been audited by OpenBSD, > etc. YMMV. > > > I am afraid that is I do this then all users will be chrooted and I > > won't be able to turn this back since I will not have access to /etc. > > Run a separate sshd instance on a different port, with -p. Test the > changes there. Ugh. Bad advice. Please see sshd_config(5) and http://undeadly.org/cgi?action=article&sid=20080220110039 -ME
Re: sftp chroot ?
On Mon, Feb 23, 2009 at 06:19:07PM +0100, Jean-Francois wrote: > Hi All, > > As far as I understand, the sftp service is always running since it is > the ssh daemon (maybe one can correct me if I'm wrong). > Hence I need to chroot some users to specific directories. > I prefer not to use vsftp at present time if this feature is available > with sftp of OpenBSD. > > One can help me ? http://lmgtfy.com/?q=sftp+chroot+openbsd
Re: How to have multiple vlan passing through a bridge, not originate from it and allow to filter on each vlan on the bridge
On Sun, Feb 22, 2009 at 03:23:27AM -0500, Daniel Ouellet wrote:
> # cat hostname.dc0
> inet 10.0.1.2 255.255.255.0 NONE media 100baseTX mediaopt full-duplex
> description Uplink
>
> # cat hostname.dc1
> up media 100baseTX mediaopt full-duplex description LAN
>
> # cat bridgename.bridge0
> add dc0 add dc1 up
>
> Now, if I try what I think should be logical
>
> ifconfig vlan2 create
> ifconfig vlan2 vlandev dc0
> ifconfig vlan2 up
>
> brconfig bridge0 add vlan2 up
This is completely untested, but what about this?
# cat /etc/hostname.dc{0,1}
up
up
# cat /etc/hostname.vlan{2,1002}
up vlan 2 vlandev dc0
up vlan 2 vlandev dc1
# cat /etc/bridgename.bridge0
add vlan2 add vlan1002 up
-ME
Re: November & December meetings
Ugh. I regret naming the CapBUG mailing list "misc@". Sorry for the noise. If you're in the Columbia, Maryland USA area, please feel free to sign up for the mailing list (http://capbug.org/mail/). -ME On Sun, Nov 02, 2008 at 01:29:31PM -0500, Mike Erdely wrote: > With the holidays coming up, we should start thinking about scheduling > our meetings in November and December to accomodate as many people as > possible. > > So, I propose that we have November's meeting on November 18th. If we > can't come up with a topic, maybe we just meet at a bar and do a "Beer > and BSD". > > Then, Bret let me know that there's a *chance* that he'll be able to > make a meeting in December if we hold it earlier in the month. So, > we'll do that. I propose we have a December meeting either December 9 > or 16, depending on how late Bret may be in the DC area. > > Thoughts? > > Does anyone have any topic ideas for November? December? When I ask > for talk ideas, I am looking for either talks for you to give or talks > you'd like to see others give. So, if you are interested in something, > let me know and maybe Jason or I (or someone else) would be able to give > that talk. > > Also, let us know which of the proposed dates (or better dates) are good > for you so that we can get the best turnout. > > -ME
November & December meetings
With the holidays coming up, we should start thinking about scheduling our meetings in November and December to accomodate as many people as possible. So, I propose that we have November's meeting on November 18th. If we can't come up with a topic, maybe we just meet at a bar and do a "Beer and BSD". Then, Bret let me know that there's a *chance* that he'll be able to make a meeting in December if we hold it earlier in the month. So, we'll do that. I propose we have a December meeting either December 9 or 16, depending on how late Bret may be in the DC area. Thoughts? Does anyone have any topic ideas for November? December? When I ask for talk ideas, I am looking for either talks for you to give or talks you'd like to see others give. So, if you are interested in something, let me know and maybe Jason or I (or someone else) would be able to give that talk. Also, let us know which of the proposed dates (or better dates) are good for you so that we can get the best turnout. -ME
Re: Trying yaifo 4.3
That is not supported. Set up qemu + openbsd and build it on that It'll take a while, but it should work. -ME On Thu, Sep 25, 2008 at 06:02:51PM -0700, Francisco Valladolid Hdez. wrote: > Hi folks > > Recently I acquired a VIA C3 mobo (mini-itx) and are > experimenting with two BSD systems on it, NetBSD and > OpenBSD, my two favorite O.S's. > > I'm reading about the yaifo in the merdely web site, > and have a doubt. > > I trying to compile it from my NetBSD laptop but it > require the openbsd sources, it's correctly ? How can > build yaifo in another plataform distint from OpenBSD. > > Anyone can me advice on it ? > > Best Regards. > > --- > > --- > ficovh - http://bsdguy.net > In the beginning God created the heavens and the earth. Gen. 1:1
Re: nagios check_via_ssh on (chroot) OpenBSD
On Fri, Sep 12, 2008 at 10:26:37PM +0200, Pete Vickers wrote: > Does anyone have it running in nagios chroot environment ? I used to. > perhaps like the ssh libraries are not needed, but where should the ssh > keys be put ? Libraries not needed since it's /usr/local/sbin/nagios that executes the plugin, not httpd. > [EMAIL PROTECTED] />grep nagios /etc/passwd > _nagios:*:550:550:Nagios user:/var/www/nagios:/sbin/nologin > > in /var/www/nagios/.ssh/ ? Looks right. Did you try it? > TiA, > > > Pete Vickers > > [EMAIL PROTECTED] | +47 48 17 91 00 > > SystemNet AS
Re: Possibly OT... allowing daemon mpd to access samba shares
On Thu, Sep 04, 2008 at 11:25:14PM +0200, Antoine Jacoutot wrote: > On Thu, 4 Sep 2008, Anathae Townsend wrote: > > gid 561. Permissions are -rwxrwx---, user _mpd (mpd drops to this user > > when started by root, is a member of _mpd and samba. > > > > If I set permissions on the directory to 777, mpd runs fine. > > I always saw that behaviour with mpd. I'd be curious if anyone comes up > with a solution. I saw this too. I wonder if setgid is failing. I haven't had a chance to look though. -ME
Re: nmeaattach(8) removed in -current, superseeded by ldattach(8)
On Mon, Jun 09, 2008 at 04:52:24PM -0700, James Hartley wrote: > For those interested, Marc has more information posted on undeadly.com. Ahem. http://undeadly.org/ > Thanks again, Marc! Indeed. :) -ME
Re: Unbound: a validating, recursive, and caching DNS resolver
On Wed, May 21, 2008 at 02:09:23PM -0300, Andr?s wrote: > I just read about this project, might be of interest: > http://unbound.net/ You forgot a link: http://marc.info/?l=openbsd-ports&m=121131428431723&w=2
Re: chroot issues with accessing /dev/ entries
On Sat, Apr 26, 2008 at 05:51:22PM +0200, Torsten wrote: > Is there a way to have devices under that mountpoint? If you mount it without "nodev", refer to MAKEDEV(8). -ME
Re: chroot issues with accessing /dev/ entries
On Sat, Apr 26, 2008 at 03:58:25PM +0200, Torsten wrote: > # tcpdump > tcpdump: Failed to open bpf device for fxp0: Device not configured Is /tmp mounted "nodev"? Look at mount(8). -ME
4.3 Celebrations! (Was: Chatting with dev...)
On Wed, Apr 16, 2008 at 09:25:19PM +0200, Floor Terra wrote: > As we're already off topic: > Why not talk to the developers personally? > On the 4.2 release date a small group of OpenBSD users and developers > went to a cafe in Amsterdam. You'll get much more information out of a > developer after a few beers. ;) > > If there are people from around Amsterdam who are willing to have a > small release party for 4.3 I'll be happy to attend. Last time was fun! > Pics: > http://brobding.mine.nu/Brobding.mine.nu/Albums/Pages/OpenBSD_4.2.html Following Floor's example, CapBUG (Capital Area BSD User Group, which meets in Columbia, Maryland, USA) will hold its monthly meeting on April 29th at 6:30 PM EST. After our guest speaker gives his presentation, we will hit a nearby "pub" to hoist a few beers in celebration of the upcoming OpenBSD 4.3 release. A few OpenBSD developers will be on hand (jdixon@, blambert@ and myself) and maybe we can convince millert@ to join us. :) We will have a handful of OpenBSD 4.3 CDs on hand for sale and maybe a giveaway. More information: http://capbug.org/news/april-meeting-zfs-and-dtrace/ Hope to see you there, -ME
Re: remove port
On Sat, Apr 12, 2008 at 09:03:04PM -0700, Anil Saini wrote: > how can i completely uninstall port or package from openBSD http://www.openbsd.org/faq/faq15.html#PkgMgmt
Re: OpenBSD + python + cron
On Fri, Mar 14, 2008 at 10:43:31AM -0400, Stuart VanZee wrote:
> I have a python script that I have written that uses
> the GnuPGInterface module to encrypt and sign some
> files. It works great when I run it from a command
> prompt but when I set it to run via cron it errors
> out. Here is a copy of the traceback:
Stuart,
Try putting this in your crontab:
x y * * * env PATH=${PATH}:/usr/local/sbin:/usr/local/bin
/usr/local/sbin/your.py
The default crontab PATH does not include the local s?bin directories.
-ME
Re: Current, glitz package needs GL 6.0 ?
On Sat, Feb 16, 2008 at 09:12:42PM +0100, raven wrote: >> Just download the x* sets separately and extract them. Don't forget the >> -p switch for tar. >> >> > where i need to run tar, from / ? for f in xbase42.tgz xfont42.tgz xshare42.tgz xserve42.tgz; do tar -C / -xvzphf $f done -ME
Re: Current, glitz package needs GL 6.0 ?
On Sat, Feb 16, 2008 at 04:08:48AM +1300, Josh wrote: > When I try and install things like firefox, it fails on the glitz package, > which says 'lib not found GL.6.0... > > This is install.iso I got from a mirror an hour or so ago. Seems the x* sets on the install.iso are out of sync with the files on the mirrors. Just download the x* sets separately and extract them. Don't forget the -p switch for tar. -ME
Re: Gmail Mangles Diffs
On Wed, Feb 13, 2008 at 02:31:23PM +, Edd Barrett wrote: > Is it acceptable to send diffs as attachments? > > Gmail has a wonderful knack of shredding diffs during transit. It is > not much fun. Use imap/smtp with gmail. -ME
Re: spamd-setup hangup/timeout settings
On Wed, Jan 09, 2008 at 09:59:58AM -0500, Frank Bax wrote: > Are there any alternative? /etc/mail/spamd.conf mentions > www.de.openbsd.org; but Beck's traplist.gz is not actually mirrored there. You could point to a local copy (/var/db/traplist.gz) in spamd.conf and download it in a separate cron process. -ME
FW: Re: how to create package example..
Forgot to CC [EMAIL PROTECTED] - Forwarded message from Mike Erdely <[EMAIL PROTECTED]> - Date: Sat, 5 Jan 2008 00:55:00 -0500 From: Mike Erdely <[EMAIL PROTECTED]> Subject: Re: how to create package example.. To: Jon <[EMAIL PROTECTED]> Download ports.tar.gz. Extract it in /usr. Look at /usr/ports/geo/openbsd-developers. It's a perfect port that doesn't download anything or build anything. It' has a file that's in ./files that gets copied to the "fake" area and then added to a package. Refer to that port and man 5 bsd.port.mk for the meanings of the variables and Makefile targets (like do-install). It's perfect for what you're looking for and not a hack way to do something in a different way than is designed. -ME On Fri, Jan 04, 2008 at 09:24:03PM -0800, Jon wrote: > Not doing any thing strange.. just want to create a binary (foobar) > and create a package so I can add it.** Why I want to do that is > not the question. I know I can tar the install location with +CONTENT > and +DESC etc.. and get done with it.. I would like to know how to > use pkg_create or the ports for a sw that is not current ports > directory. > > I have tried using the ports and working with an example, and it seems > like it is beyond my understanding. It works with what ever is in the > ports, but I can't seem to replicate it > > All I need is a ** screen dump ** of a creating a package for a > software dist that is not in the default ports. Can some one help > provide that examples - with out pointing out a rtfm / source code for > a bsd.mk etc.. I have tried and can't seem to understand - so please > do put a command of pkg_create with dummy variables.. > > many thanks.. > > On Jan 3, 2008 3:52 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > On 2008/01/03 15:04, Jon wrote: > > > I understand the value and usefulness and the reccomendation of Ports.. > > > This > > > is for my own software. I have also searched the net for examples and > > > can't > > > find any. > > > > You'd have to be doing something _very_ strange for there to be any > > advantage in not just making your own port and typing "make package", > > the tgz file will then appear in /usr/ports/$ARCH/all. You don't have > > to distribute that port at all. It doesn't even have to build the > > software, just unpacking a tar file would be perfectly ok (like the > > Opera and Acrobat ports do). (Note that even these "PERMIT_*=no" > > ports still build a package locally. EVERY installation from the > > ports tree is done by building a package and using pkg_add). > > > > If you still really must, all OpenBSD packages are produced using > > the ports tree, so you can find several thousand examples there. > > Pick something, "make fake" then "make -n _internal-package-only" > > to see how pkg_create is called. > > > > If you want more than this, well, you know where to find the source :-) > - End forwarded message -
Re: how to create a sha256 hash
On Fri, Jan 04, 2008 at 09:30:36PM -0800, Jon wrote: > hi > how to create a sha256 value for file in openbsd ? > > can you please provide the command similar to > > sha1 foobar > > or > > md5 foobar man 1 cksum
Re: ssh client in bsd.rd
On Fri, Dec 21, 2007 at 07:50:03AM -0800, Ray Percival wrote: > On Dec 21, 2007, at 7:34, Lars NoodC)n <[EMAIL PROTECTED]> > wrote: > >> The RAM-disk kernel (bsd.rd) seems to be missing an SSH client. >> >> Presumably that's been left out on purpose. Is there any reason >> beside size that it is not included? > > Ask google about yaifo. yaifo doesn't include an ssh client. -ME
Re: when was a pkg installed !!!
On Wed, Nov 07, 2007 at 11:43:14PM -0500, Jeremy Huiskamp wrote: > You could hack pkg_add to write a log msg every time it completes an > installation and just refer to the log for timestamps. If you're going to go through that much trouble, keep server change logs. It's a good practice anyway. -ME
Re: OBSD on MacBook
On Sun, Nov 04, 2007 at 10:46:28PM +0800, Koh Choon Lin wrote: > Hi everyone! > > Anyone has a success story on installing OBSD on MacBook or MB Pro? I have two MacBook Pros (one for work and my personal laptop). Both are dual booting OpenBSD (one i386 and one amd64). X only works with the VESA driver at 1024x768 (yuck). Sound works great (thanks to deanna@). Suspend doesn't work. Wireless doesn't work. But... it's *fast*. -ME
Re: Call for Papers AsiaBSDCon 2008
On Wed, Oct 10, 2007 at 12:04:05PM +0530, Siju George wrote: > http://2008.asiabsdcon.org/ > > Could somebody publish this in Undeadly too please? Siju: http://undeadly.org/cgi?action=submit -ME
Re: Instant Messenger (CLI-based multi-protocol)
On Sat, Sep 22, 2007 at 08:05:57PM -0500, Sean Darby wrote: > Is there a better program out there somewhere that is CLI-based for > using chat with Yahoo, AIM, MSN, ICQ, IRC, and Jabber? I'm using irssi (irc client) with bitlbee (IM to IRC gateway). I'm VERY happy with it. -ME
Re: another spamd-setup question
On Wed, Sep 19, 2007 at 06:16:32PM -0400, Juan Miscaro wrote: > I tried it but whenever I include the larger 'uatraps' I get: > > pfctl: Cannot allocate memory. > > I have plenty of free memory and cpu. Not sure why it's breaking up. man pf.conf(5). look for table-entries -ME
Re: Shutdown script (derived from "Simple startup daemon's on boot question?")
On Wed, Sep 19, 2007 at 04:25:49PM +0300, Tomas wrote: > And can I ask how do you do it? Because I don't want to write my mysql > password in rc.shutdown script. Try: /usr/local/share/mysql/mysql.server stop
Re: maybe OT 3 year anniversay of Chuck Yerkes death
On Mon, Aug 27, 2007 at 01:08:25PM -0600, ACP wrote: > Just wanted to remember you Chuck, take it easy wherever you are. We'll hoist a few in his honor at the CapBUG meeting tonight. If you're in the MD/DC area and can join us, please do. http://capbug.org/ -ME
Re: pkg_add can't install a package
On Fri, Aug 17, 2007 at 11:48:34AM +0300, Tomas wrote: > 1. export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386 I know your question has been answered, so I'll just say: use a mirror. http://www.openbsd.org/ftp.html -ME
Re: Newbie: what to do with disk enumeration?
On Sun, Aug 12, 2007 at 12:17:53PM -0400, Mike Erdely wrote: > On Sun, Aug 12, 2007 at 05:34:37PM +0300, Pekka Niiranen wrote: > > Can't open /dev/rwd1a: Device not configured > > Enter pathname of shell or RETURN for sh: > Since you're getting the kernel to load, it sounds to me that all you > have to do is fix your fstab. I left off a helpful piece of info... (since / won't mount): Reboot and type: bsd.rd at the boot prompt (you did install that file, right?). Then, manually mount your / partition to /mnt and fix /mnt/etc/fstab. You could run: sed -e 's#/dev/wd1#/dev/wd2#' /mnt/etc/fstab > /tmp/fstab Then: cp /tmp/fstab /mnt/etc/fstab -ME
Re: Newbie: what to do with disk enumeration?
On Sun, Aug 12, 2007 at 05:34:37PM +0300, Pekka Niiranen wrote: > Can't open /dev/rwd1a: Device not configured > Enter pathname of shell or RETURN for sh: Since you're getting the kernel to load, it sounds to me that all you have to do is fix your fstab. -ME
Re: sendmail SMTP auth
On Thu, Aug 09, 2007 at 12:32:10PM -0400, Paolo Supino wrote: > I want to add SMTP auth to sendmail. Will it be easier for me to try > and add the support to the source shipped by OpenBSD or to the source > that I will download from sendmail.org? > Other suggestions on setting up a mail server with SMTP auth are > welcome. 1. Put 'WANT_SMTPAUTH=1' in your /etc/mk.conf file. 2. Extract src.tar.gz to /usr/src. 3. Rebuild sendmail. -ME
Re: Laptop death...
On Wed, Aug 01, 2007 at 06:57:53PM +0100, The King of Norway wrote: > Apologies for reviving an old post. If anyone is interested, there's a > discussion on this topic at the OpenBSD Journal. > http://undeadly.org/cgi?action=article&sid=20070727210751 Thanks for all of the donations! We've gotten enough to get a laptop: http://undeadly.org/cgi?action=article&sid=20070727210751&mode=expanded -ME
Re: Publishing your spamtraps list, is that a wise move?
On Thu, Jul 05, 2007 at 08:35:00AM -0700, Darrin Chandler wrote: > I thought about this a while back, and I found a weakness. Now, I > haven't seen this used, but it's trivially possible. Here's the deal: > > You publish spamtrap addresses, and of course you make them easily > recognizable as such so you don't trap real people. Spammers spend a > very small amount of effort and harvest spamtrap addresses *on purpose* > and use them as sender addresses (joe job). The result being, of course, > that you blacklist significant valid portions of the internet. Am I > wrong here? That should significantly cut down on spam! I think spamtrap addresses only cause blacklisting when they're the recipient. Now, a DOS attack _could_ be to log into legitimate ISPs like Yahoo, Gmail, MSN, AOL, ... and flood your server with messages to your Spam Trap addresses. If you're not specifically whitelisting those addresses (with a no rdr rule or something), then you'll be blacklisting legitimate senders. I think there's too much work involved in doing that. But I've been wrong before. Correct me if I'm wrong (or don't get your scenario). -ME
Re: Publishing your spamtraps list, is that a wise move?
On Thu, Jul 05, 2007 at 11:07:55AM +0200, Peter N. M. Hansteen wrote: > Now I wonder if it would be a good idea to put that list of spamtrap > addresses on a web page for the address slurpers to find and use, so I > can detect spam senders early and either treat them to 24 hours at the > time in the tar pit or have them move on to the next target. > > The only downside to this that I can see is that occasionally somebody > naive and innocent sending backscatter (bounces of undeliverable spam) > would be tarpitted for a while. I've done exactly this. I made the page about grey trapping so it should be clear to even the most dum^H^H^Hnaive sender. http://erdelynet.com/tech/grey-trapping/ -ME
Re: can not install binaries with pkg_add
On Mon, Jul 02, 2007 at 10:53:44AM -0400, Alden Pierre wrote: > Interestingly enough when I attempt to do 'ls -la /var/tmp/' the only > file that's there is a vi.recovery directory. The beauty of this is > when ever I try to retype 'pkg_add -i screen', the file is always > something different. Do you have write access to /var/tmp? -ME
Re: openvpn on openbsd 4.1
On Mon, Jul 02, 2007 at 07:19:23PM +0700, sonjaya wrote: > i have installed openvpn from ports dan i try follow manual like this : > # pwd > /etc/openvpn/easy-rsa/2.0 > # ./vars > NOTE: If you run ./clean-all, I will be doing a rm -rf on > /etc/openvpn/easy-rsa/2.0/keys > # ./clean-all > # ./build-ca > Please edit the vars script to reflect your configuration, > then source it with "source ./vars". > Next, to start with a fresh PKI configuration and to delete any > previous certificates and keys, run "./clean-all". > Finally, you can run this tool (pkitool) to build certificates/keys. > # > where is wrong ? Try running ". ./vars" so that the vars get read into your environment. -ME
Re: c2k7 hackathon is over
On Sat, Jun 02, 2007 at 04:05:27PM -0700, Darren Spruell wrote: > On 6/2/07, Theo de Raadt <[EMAIL PROTECTED]> wrote: > >The c2k7 hackathon is over, with roughly 50 developers attending the > >event for 10 days in Calgary. > > > >So many projects were started or finished, it is basically impossible > >for me to describe all the projects. > > I elect merdely to fill in all the holes on Undeadly. :) Ha! I could barely keep up with the new ports commits. I started having to just delete the src commits without reading them. I'm looking forward to reading someone else's summaries. > >Hope you guys out there enjoy the changes that we've made. > > I'm sure many will. I've enjoyed reading the commit messages, > particularly in areas of increased pf performance. Killer work. I tried to keep up with the commit messages myself, but my work to freetime ratio didn't allow it. From the commit messages I did read, I can't wait for 4.2! You know, Darren, you can submit your own recap of the hackathon commits and dwc would be happy to commit them! -ME
Re: NAT with PF
On Wed, May 16, 2007 at 09:55:13AM -0700, BradenM - Sonoma Computer wrote: > The NAT rule is as such: > pfctl -sn > nat on rl0 inet from 192.168.0.0/24 to 192.168.0.1 -> 64.142.102.8 Try: nat on rl0 inet from 192.168.0.0/24 to any -> 64.142.102.8 -ME
Re: OpenBSD 4.1 Torrents
On Wed, May 02, 2007 at 08:07:10PM -0400, Clint M. Sand wrote: > On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote: > > http://openbsd.somedomain.net/index.php?version=4.1 > Just out of curiosity... > > Is it logical to use an OS for the intense focus on security and > correctness, yet download the binaries from a random person on a mailing > list instead of any official source with reasonable file integrity > checking process in place? > > Seems odd that people would use OpenBSD because they trust the code, yet > download the binaries from random torrents on the internet. man 1 cksum ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.1/i386/CKSUM FWIW: I know Andrew and he's trustworthy. But am I? :) -ME
Re: 4.1 and Macbook Pro
On Tue, May 01, 2007 at 09:20:35PM +0200, Otto Moerbeek wrote: > Huh? How is the OP supposed to get an install if the cd41.iso isn't working? To get around this problem, I installed using 4.0 and threw bsd.rd from 4.1 onto a CDR. After installing 4.0, I copied the bsd.rd from the CDR to /bsd. Then I ran config -ef /bsd and enabled acpi. Rebooting and installing 4.1 worked fine. Note: by 4.1, I mean a snapshot. I haven't gotten my CDs yet. :) -ME
Re: how to tell if a patch has been applied
On Tue, May 01, 2007 at 11:05:36AM +0100, John Huss wrote: > I'm trying to figure out if one (or any) security patches have been > applied to an OpenBSD 3.9 host. > > In particular, I've just applied the 015_ssh.patch and ssh -V still > gives the same version. I noticed uname -a output changed from > '...GENERIC#617' to '...GENERIC#0' though but didn't understand that. An ssh patch would not change the kernel. The ssh patch also does not change any of the version information in the code, so that wouldn't change either. > Is this the same with any patch? or is there a different way to tell if > it's applied, per patch? Any advice on how to find out if a security > patch has been applied would be very appreciated. If you're using the same source tree, try to apply the patch again. If it applies, you did not previously apply it. If you're prompted whether you want to reverse the patch or not, you did apply it. Whether you built and installed is a different story. It wouldn't hurt to "make; make install" again, just in case. Of course, 3.9 is no longer supported as of today. Upgrade to 4.1. -ME
Re: NFS mount by non-root
On Mon, Apr 30, 2007 at 09:34:44PM +0800, Lars Hansson wrote: > Benoit Myard wrote: > >By the way, is anyone aware of the reason why this option is not > >present in OpenBSD's mount [2] (technical, security) ? > > man sysctl, man mount. Look for usermount. > No idea if that works for NFS though. It seems that it would if OpenBSD's mount_nfs(8) didn't require root privileges because it uses privileged ports. -ME
Re: NFS mount by non-root
On Thu, Apr 26, 2007 at 03:33:47AM +, Douglas Maus wrote: > Is it possible for users (non-root) to mount NFS exports? >From mount_nfs(8): HISTORY The -P flag historically informed the kernel to use a reserved port when communicating with clients. In OpenBSD, a reserved port is always used. This means to me that you will always have to be root to use mount_nfs. Unless I'm missing something. -ME
Re: PHP mail() function + postFix + OpenBSD
In response to Greg, James Turner wrote: > First make sure mini_sendmail is located in /var/www/bin. Second add or > edit the sendmail_path in your php.ini and restart apache. Make it look > something like this: sendmail_path = "/bin/mini_sendmail -t > [EMAIL PROTECTED]" where [EMAIL PROTECTED] is the address you want the > mail to come from. Hope this helps. Does php still require a shell to launch femail or mini_sendmail? This has been discussed in the archives, Greg. -ME
Re: 4.1 packages on the ftp sites
On Tue, Apr 24, 2007 at 12:37:52AM +0200, frantisek holop wrote: > i can't think of any serious reason, could you help out a bit? > > getting dangerously close to whining, i really think you are > punishing pre-orderers here. the faq says prefer binary packages. > i'd really like to. What part of "OpenBSD 4.1 will be released on May 1", do you not understand? -ME
Re: Sending mail from rc.local
On Sun, Apr 15, 2007 at 10:00:38PM +0200, Ivo van der Sangen wrote: > I am trying to send mail from rc.local to inform users about reboots. I > wrote a script /root/reboot_notification containing the following: > > #!/bin/sh > for user in `/bin/cat /root/reboot_notification_users`; do > echo "$SERVER has rebooted at `/bin/date`" | /usr/bin/mail -s > "$server reboot" $user > done I do something somewhat similar. Look for @reboot in crontab(5). -ME
Re: force password changes
On Thu, Apr 12, 2007 at 02:06:24PM -0700, John N. Brahy wrote: > What's the best way to force users to change their passwords? Either tell them very forcefully or: man login.conf(5) -ME
Re: safe PF start / restart
On Wed, Apr 11, 2007 at 02:44:10PM -0400, Jeff Quast wrote: > On 4/11/07, christian johansson <[EMAIL PROTECTED]> wrote: > >feature in shorewall - safe restart. > > > >Is there a ready made script accomplishing this for openbsd / pf? Or any > >plans of building such functionality? > > I've done this with pf. I used at(1) like anybody would. You can load > a new rule using pfctl -f /etc/pf.conf/new, with an at(1) job to load > /etc/pf.conf at 60 seconds. If you want some fancy prompt, wrap it > with /bin/sh. > > Personaly I'd hate to see this as an actual 'feature' anywhere. If > everything this trivial was implemented into pfctl I would stop > reading manuals top to bottom. You should look at the command prompt > like a live programming enviroment. I recommend reading "The UNIX > Programming Environment" by Brian W. Kernighan and Rob Pike. Once you have a working ruleset, most changes shouldn't be enough to effect YOUR connectivity to the firewall. After running $EDITOR to change your ruleset, run 'pfctl -nvf /etc/pf.conf' to make sure the output matches your expectations before running 'pfctl -f /etc/pf.conf'. -ME
Re: bcw(4) is gone
On Wed, Apr 11, 2007 at 08:20:51PM +0200, Timo Schoeler wrote: > On Wed, 11 Apr 2007 20:08:44 +0200 Marc Balmer wrote: > > > [X] -- communism isn't as bad as the GPL ;) > > [X] marco is a communist > no; if so, he's as good as communist as George W. Bush as president. WTF! What the hell does GPL, communism or GWB have to do with OpenBSD? Let this thread die. -ME
Re: where to download IOBSD iso?
On Mon, Apr 02, 2007 at 01:44:02AM +0300, Soner Tari wrote:
> I'm especially amazed that you guys have really paid for the
> iobsd.org domain name just to crack a joke on April fool's day :).
To quell this discussion before it starts, the "OpenBSD team" did not
pay for the domain. An individual (jdixon) did. So, no trolling about
mis-spending OpenBSD funds ('cause that would be stupid).
-ME
Re: Apple hardware support?
Otto Moerbeek wrote: On Thu, 29 Mar 2007, Tasmanian Devil wrote: The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to enable ACPI with "config -ef bsd.mp" (or on the boot prompt). This is not true. At least it has been reported that the MacBook Pro with Core Due 2 processor does not run. Tas is right. I have my MacBook Pro Core 2 Duo dual booting with OS X and OpenBSD (snap around 3/10). I _think_ my installation process was this (since I didn't do make release with -current): 1. Install 4.0 from the CD. 2. Copy an ACPI-enabled bsd.rd to a CDROM, boot to OpenBSD and copy to the hard drive. 3. Reboot and boot to bsd.rd and install the snapshot using FTP. Note: Wifi did not work. Video used VESA driver. I didn't test much else. Next time I get a chance, I'll send a dmesg to [EMAIL PROTECTED] BTW, you can install OpenBSD on a BootCamp partition. After creating the Bootcamp partition using the wizard, boot using the OpenBSD CD, and in the fdisk step in the installer, set the partition type to A6, make it active and update the MBR. I did this. -ME
Re: login_ldap
Vijay Sankar wrote: I use login_ldap but don't have any experience with cvs pserver. Just in case it has any relevance or triggers some other solution . . . 1) Are you using LDAPv2 or LDAPv3? If you are using v3, you may want to try v2. I'm using the default in login.conf for login_ldap, which is to use v3. 2) What does /var/log/ldap.log say about authentication attempts? I assume this would be on an OpenLDAP server and not the CVS/login_ldap client. I'm using MS AD as the LDAP server. Remember, ssh, cvs over ssh and sudo work great with my login.conf ldap user class. It feels like pserver is not respecting that authentication method. Vijay !DSPAM:1,460aa359109502517112723!
Re: login_ldap
Joachim Schipper wrote:
On Tue, Mar 27, 2007 at 04:49:05PM -0400, Mike Erdely wrote:
I'm trying to get login_ldap to work with cvs pserver (run out of inetd).
I think you are misunderstanding some things, or doing something that
doesn't work; however, since I've never tried to set up a pserver, you'd
best check what I'm going to say next.
I tried to give as much info as I could...
First, read login.conf(5), and note that just adding the above isn't
going to help any. You must define a new login class, at least, and
change master.passwd(5) to make sure the appropriate user has your newly
defined login class (the value of 'appropriate' depends on whether or
not the stuff below is correct...).
I did read login.conf(5) and I must have missed something. But, I think
you're not understanding how this stuff works:
1. I installed the login_ldap package.
2. I added a ldap section to login.conf
3. I configured my users to be part of the ldap class (using vipw).
Users have no local password set.
4. I tested using CVS over SSH and it works as expected.
5. I tried using pserver and cannot authenticate.
6. I set a local password that is different from my ldap password (ssh
still uses ldap. sudo still uses ldap).
7. I tried pserver and was able to authenticate with the local password
but not ldap's password.
I had previously had a similar problem with ftp until I made this change
to login.conf:
- auth-ftp-defaults:auth-ftp=password:
+ auth-ftp-defaults:auth-ftp=-ldap:
Then, you should have whatever daemon your users use to connect with the
usual BSD login mechanism (which might be called bsdauth, or whatever).
I don't believe GNU CVS does that, and OpenCVS doesn't do authentication
at all. Your best bet is probably setting up ssh; sshd uses the BSD
authentication routines by default.
You would think that the daemon would use "the usual BSD login
mechanism" but ftpd doesn't. And pserver running out of inetd doesn't
either. I don't know if the fact that I'm using inetd for pserver has
any bearing on this issue, but I thought giving all information would be
helpful.
I know my "best bet" is using ssh. I'd much rather use ssh. But you
can't always do what you want. Some of my 50 developers are using COTS
development tools that ONLY know pserver. They don't like it either,
but it's required for the project they're working on. So, while pserver
sucks, it's necessary in this case.
However, unless I am sorely mistaken, by this point, there's no need to
set up inetd and what you have is a CVS repository, but *not* a pserver.
What I've decided to do since I can't make this work ('cause I'm an
idiot) and pserver is insecure and sucks, I'm going to set local
passwords for users that require pserver that are different from their
LDAP password. That way, their LDAP password won't go in the clear.
Thanks for you input.
-ME
login_ldap
I'm trying to get login_ldap to work with cvs pserver (run out of inetd). Regular SSH logins work fine. I know to make ftpd work with login_ldap, you have to make the following change in login.conf: - auth-ftp-defaults:auth-ftp=password: + auth-ftp-defaults:auth-ftp=-ldap: For trying to make pserver work, I _tried_ adding "auth-pserver-defaults:auth-pserver=-ldap:" to login.conf and ":tc=auth-pserver-defaults:\" to the "default" section in login.conf. I still can't login to pserver with my LDAP password. If I change my local password from no password to some password, I can login so pserver is working. Anyone know how to make pserver work with login_ldap? Thanks. -ME
Re: Two indentical timed cronjobs, one gets ignored
On Tue, Mar 20, 2007 at 03:44:05AM +0100, Han Boetes wrote: > I just had two cronjobs which were set on the same time and the > first match was executed and the second was ignored. Does /var/cron/log say anything? > Of course this is not entirely enexpected but is this considered a > bug or something which would be nice to be mentioned in the > manpage as a caveat? I have many jobs that run at the same time. -ME
Re: OpenBSD 4.1 Pre-Orders...
Darrin Chandler wrote: Have you got yours yet?! Of course! And a shirt (the polo). And a book (to help Jacek). And some cash (to help Theo). http://undeadly.org/cgi?action=article&sid=20070312181549 -ME
Re: Spamassassin overwrites manual of OpenBSD spamd
Guido Tschakert wrote: The first and the last entry are both spamd (8), but spamassassin from ports has overwritten /usr/local/man/man8/spamd.8 from the system (which I am looking for) The man page for OpenBSD's spamd is not in /usr/local. On my system, SpamAssassin's spamd is (1) not (8). For OpenBSD's spamd: man 8 spamd For SpamAssassin: man 1 spamd That spamd (8) in /usr/local must be from something else: $ apropos spamd spamd (8) - spam deferral daemon spamd-setup (8) - parse and load file of spammer addresses spamd.conf (5) - configuration file read by spamd-setup(8) for spamd(8) spamdb (8) - spamd database tool spamlogd (8) - spamd whitelist updating daemon Mail::SpamAssassin::Client (3p) - Client for spamd Protocol spamc (1) - client for spamd spamd (1) - daemonized version of spamassassin $ -ME
Small change to /faq/pf/carp.html
I was going through the FAQ testing my CARP set up and tried "ifconfig carp1 down". The backup promoted itself to master ONLY for carp1 even though I have net.inet.carp.preempt=1. But, "ifconfig em1 down" DOES cause the backup firewall to promote itself to master for ALL interfaces. The below patch addresses this in the PF FAQ (using the examples in the FAQ, not my real setup :) ). -ME Index: carp.html === RCS file: /cvs/www/faq/pf/carp.html,v retrieving revision 1.15 diff -u -p -r1.15 carp.html --- carp.html 23 Jan 2007 07:30:16 - 1.15 +++ carp.html 11 Feb 2007 07:42:04 - @@ -545,7 +545,7 @@ master. -# ifconfig carp1 down +# ifconfig em0 down
Re: Adding /dev/sd5?
Jeff Ross wrote: Any gotchas on adding the other sd device? Should this be something that is added to MAKEDEV? While there is no real sd5 on my machine and I didn't check beforehand to see if sd5 existed, this worked for me: cd /dev; ./MAKEDEV sd5 -ME
Re: hosts file and caching name server
Daniel Polak wrote: Is it possible to have bind consult the hosts file (or an equivalent) before querying DNS? I've used dnsspoof from the dsniff package for something similar before. I didn't spend too much time looking, but it seems that dnsmasq does what you want. (http://www.thekelleys.org.uk/dnsmasq/doc.html) It's also in packages. -ME
Re: OpenBSD under Parallels Desktop
Christopher Snell wrote: Has anybody been able to run OpenBSD 4.0 or newer under Parallels Desktop? Booting the 3.9 media works just fine and I am able to install the OS. Booting 4.0 (or newer snapshots) media results in a lock-up of the VM at the (I)nstall/(U)pgrade prompt. I'd post a dmesg(1) but I'm unable to select text in the VM. I'm running the latest build (3120) of Parallels Desktop under Mac OS X 10.4.8. 4.0 works fine for me. The snap with kernel #1341 works fine for me. Newer snaps do not. It _might_ have something to do with jcs@'s new keyboard code: http://undeadly.org/cgi?action=article&sid=20070112100204 I emailed him a dmesg along with some info about what works and what doesn't. The next thing to try is an manual upgrade by CVS source to -CURRENT, I suppose... If I'm right, that shouldn't help. It'd be a good test to see if it's the installer or the keyboard code in the kernel. -ME
Re: Sony VAIO needed
Didier Wiroth wrote: Marco Peereboom wrote: I am taking paypal donations on [EMAIL PROTECTED] for a new or used laptop. I'm in, come on guys !!! +$100 Let's get this laptop! Kind regards, Didier -ME
Re: p5-MIME-tools-5.420.tgz
Scott Austed wrote: On 1/17/07, *Mike Erdely* wrote: You have to build the port yourself. > Could you point me in the right direction on how I can do this? See: http://www.openbsd.org/faq/faq15.html # Extract the ports tree. # cd /usr/ports/converters/p5-Convert-BinHex # make install Then "pkg_add p5-MIME-tools-5.420" will work. -ME
Re: p5-MIME-tools-5.420.tgz
sausted wrote: I am trying to install p5-MIME-tools-5.420 using pkg_add but I keep getting the following error: p5-MIME-tools-5.420:Can't find p5-Convert-BinHex-1.119 /usr/sbin/pkg_add: p5-Convert-BinHex-1.119:Fatal error I am new to OpenBSD...could someone help me? You have to build the port yourself. No acceptable license. From the Makefile: PERMIT_PACKAGE_CDROM= "no license" PERMIT_PACKAGE_FTP= "no license" PERMIT_DISTFILES_CDROM= "no license" PERMIT_DISTFILES_FTP= Yes -ME
