Re: php system using httpd and php-fpm
You can also use the femail-chroot package and build ksh with env CC="cc -static" to get a sh binary that can go in /var/www/bin and even add a more restrictive pledge to ksh if you like.
Re: php system using httpd and php-fpm
I'm running tinytiny RSS on OpenBSD httpd with PHP-FPM and MariaDB. In order to get mail working for it, I also needed these copied from their usual places into the /var/www chroot: /var/www/usr/sbin/sendmail /var/www/usr/lib/libutil.so.12.1 /var/www/usr/lib/libc.so.80.1 /var/www/usr/libexec/ld.so /var/www/etc/resolv.conf /var/www/etc/hosts Hope this helps. On Fri, Nov 4, 2016 at 1:38 PM, Otto Moerbeek wrote: > On Fri, Nov 04, 2016 at 05:29:54PM +, Peter Fraser wrote: > > > I actually wanted to call php's mail function which I could not get to > work, I > > think I have tracked to problem down to exec not working > > the details follow using a test web page datetest.php > > > > > > > > newweb:/var/www/htdocs/web # cat datetest.php > > cat datetest.php > > > > > > > > > > Date Test > > > > > >> ini_set('display_errors', 'On'); > > error_reporting(E_ALL | E_STRICT); > > if(function_exists('exec')) { > > echo "exec is enabled"; > > } else { > > echo "exec is disabled"; > > } > > echo 'Date Test'; > > exec('/bin/date',$output); > > print_r($output); > > echo 'End Date test'; > > ?> > > > > > > newweb:/var/www/htdocs/web # php-7.0 -f datetest.php > > php-7.0 -f datetest.php > > > > > > > > > > Date Test > > > > > > exec is enabledDate TestArray > > ( > > [0] => Fri Nov 4 13:16:35 EDT 2016 > > ) > > End Date test > > > > newweb:/var/www/htdocs/web # # date has been copied under /var/www/bin > for > > testing > > # date has been copied under /var/www/bin > > newweb:/var/www/htdocs/web # ls -l /var/www/bin > > ls -l /var/www/bin > > total 4216 > > -- 1 root bin 249392 Jul 26 14:48 bgpctl > > -rwxr-xr-x 1 root daemon 119216 Nov 3 13:18 cat > > -r-xr-xr-x 1 root daemon 140112 Nov 4 12:52 date > > -rwxr-xr-x 1 root bin 271856 Jul 25 20:37 femail > > -rwxr-xr-x 1 root daemon 470096 Nov 3 12:49 ksh > > -rwxr-xr-x 1 root daemon9816 Nov 3 12:51 logger > > -rwxrwxrwx 1 root daemon 27 Nov 3 15:56 mailtest > > -rwxr-xr-x 1 root bin 204240 Jul 26 14:48 ping > > -- 1 root bin 207920 Jul 26 14:48 ping6 > > -- 2 root bin 179760 Jul 26 14:48 traceroute > > -- 2 root bin 179760 Jul 26 14:48 traceroute6 > > newweb:/var/www/htdocs/web # chroot -u www /var/www /bin/date > > chroot -u www /var/www /bin/date > > Fri Nov 4 17:18:34 GMT 2016 > > > > I believe this shows that the php web page is correct and that 'date' > does > > exist in the chroot, > > > > but when I invoke web page from a browser I get. > > > > exec is enabled > > Date Test > > Array ( ) > > End Date test > > > > What am I doing wrong. > > For exec to work you also need /bin/sh > > -Otto
Re: Oddness with pkg_add
On Fri, Nov 04, 2016 at 09:46:19AM -0500, Chris Bennett wrote: > If I offended anyone on the list, say so and I will pay penance with a > small donation to OpenBSD. Just don't say you're gonna "make OpenBSD great again".. Erling -- Erling Westenvik
Re: php system using httpd and php-fpm
On Fri, Nov 04, 2016 at 05:29:54PM +, Peter Fraser wrote: > I actually wanted to call php's mail function which I could not get to work, I > think I have tracked to problem down to exec not working > the details follow using a test web page datetest.php > > > > newweb:/var/www/htdocs/web # cat datetest.php > cat datetest.php > > > > > Date Test > > > ini_set('display_errors', 'On'); > error_reporting(E_ALL | E_STRICT); > if(function_exists('exec')) { > echo "exec is enabled"; > } else { > echo "exec is disabled"; > } > echo 'Date Test'; > exec('/bin/date',$output); > print_r($output); > echo 'End Date test'; > ?> > > > newweb:/var/www/htdocs/web # php-7.0 -f datetest.php > php-7.0 -f datetest.php > > > > > Date Test > > > exec is enabledDate TestArray > ( > [0] => Fri Nov 4 13:16:35 EDT 2016 > ) > End Date test > > newweb:/var/www/htdocs/web # # date has been copied under /var/www/bin for > testing > # date has been copied under /var/www/bin > newweb:/var/www/htdocs/web # ls -l /var/www/bin > ls -l /var/www/bin > total 4216 > -- 1 root bin 249392 Jul 26 14:48 bgpctl > -rwxr-xr-x 1 root daemon 119216 Nov 3 13:18 cat > -r-xr-xr-x 1 root daemon 140112 Nov 4 12:52 date > -rwxr-xr-x 1 root bin 271856 Jul 25 20:37 femail > -rwxr-xr-x 1 root daemon 470096 Nov 3 12:49 ksh > -rwxr-xr-x 1 root daemon9816 Nov 3 12:51 logger > -rwxrwxrwx 1 root daemon 27 Nov 3 15:56 mailtest > -rwxr-xr-x 1 root bin 204240 Jul 26 14:48 ping > -- 1 root bin 207920 Jul 26 14:48 ping6 > -- 2 root bin 179760 Jul 26 14:48 traceroute > -- 2 root bin 179760 Jul 26 14:48 traceroute6 > newweb:/var/www/htdocs/web # chroot -u www /var/www /bin/date > chroot -u www /var/www /bin/date > Fri Nov 4 17:18:34 GMT 2016 > > I believe this shows that the php web page is correct and that 'date' does > exist in the chroot, > > but when I invoke web page from a browser I get. > > exec is enabled > Date Test > Array ( ) > End Date test > > What am I doing wrong. For exec to work you also need /bin/sh -Otto
php system using httpd and php-fpm
I actually wanted to call php's mail function which I could not get to work, I think I have tracked to problem down to exec not working the details follow using a test web page datetest.php newweb:/var/www/htdocs/web # cat datetest.php cat datetest.php Date Test Date Test'; exec('/bin/date',$output); print_r($output); echo 'End Date test'; ?> newweb:/var/www/htdocs/web # php-7.0 -f datetest.php php-7.0 -f datetest.php Date Test exec is enabledDate TestArray ( [0] => Fri Nov 4 13:16:35 EDT 2016 ) End Date test newweb:/var/www/htdocs/web # # date has been copied under /var/www/bin for testing # date has been copied under /var/www/bin newweb:/var/www/htdocs/web # ls -l /var/www/bin ls -l /var/www/bin total 4216 -- 1 root bin 249392 Jul 26 14:48 bgpctl -rwxr-xr-x 1 root daemon 119216 Nov 3 13:18 cat -r-xr-xr-x 1 root daemon 140112 Nov 4 12:52 date -rwxr-xr-x 1 root bin 271856 Jul 25 20:37 femail -rwxr-xr-x 1 root daemon 470096 Nov 3 12:49 ksh -rwxr-xr-x 1 root daemon9816 Nov 3 12:51 logger -rwxrwxrwx 1 root daemon 27 Nov 3 15:56 mailtest -rwxr-xr-x 1 root bin 204240 Jul 26 14:48 ping -- 1 root bin 207920 Jul 26 14:48 ping6 -- 2 root bin 179760 Jul 26 14:48 traceroute -- 2 root bin 179760 Jul 26 14:48 traceroute6 newweb:/var/www/htdocs/web # chroot -u www /var/www /bin/date chroot -u www /var/www /bin/date Fri Nov 4 17:18:34 GMT 2016 I believe this shows that the php web page is correct and that 'date' does exist in the chroot, but when I invoke web page from a browser I get. exec is enabled Date Test Array ( ) End Date test What am I doing wrong.
Re: Why isn't "sort -R" random?
Sorry for saying this, but debian it would not be wrong... # sort -R a.txt 7 7 7 7 ... On 11/04/2016 02:17 PM, Joel WirÄmu Pauling wrote: > Pipe through uniq and you'll get what you are after. > > Design intent for sort, as others point out this behaviour is documented. > > On 4 November 2016 at 11:47, Christian Gruhl wrote: > >> Hi minek, >> >> On 11/04/2016 04:41 PM, minek van wrote: >>> Hello, >>> >>> # strings /dev/arandom | grep -o '[[:print:]]' | head -100 > a.txt >>> # sort -R a.txt >>> K >> ... >>> 9 >>> # uname -mrs >>> OpenBSD 6.0 amd64 >>> # >>> # sort -R a.txt > b.txt >>> # cksum b.txt >>> 3374888359 200 b.txt >>> # sort -R a.txt > b.txt >>> # cksum b.txt >>> 109071951 200 b.txt >>> # sort -R a.txt > b.txt >>> # cksum b.txt >>> 3441576000 200 b.txt >>> # >>> >>> from: http://man.openbsd.org/OpenBSD-current/man1/sort.1 >>> >>> -R, --random-sort, --sort=random >>> >>> Sort lines in random order. This is a random permutation of the >> inputs with the exception that equal keys sort together. It is >> implemented by hashing the input keys and sorting the hash values. The >> hash function is randomized with data from arc4random_buf(3), or by file >> content if one is specified via --random-source. If multiple sort fields >> are specified, the same random hash function is used for all of them. >>> Although the "b.txt" differs, if we check it by the human eye... that >> is not random.. **Why**? Why is it called random, WHEN IT IS NOT >> RANDOM?! Random should mean RANDOM. Not "almost" random.. >>> The same can be seen on ex.: RHEL7. >>> >> I would guess this is the desired behavior. The man page cited by you >> also states: >> >> 'This is a random permutation of the inputs with the exception that >> equal keys sort together. It is implemented by hashing the input keys >> and sorting the hash values.' >> >> So clearly same values/strings will be put together. >> >> Best wishes >> >> Chris >> >> [demime 1.01d removed an attachment of type application/pkcs7-signature >> which had a name of smime.p7s]
Re: Why isn't "sort -R" random?
Pipe through uniq and you'll get what you are after. Design intent for sort, as others point out this behaviour is documented. On 4 November 2016 at 11:47, Christian Gruhl wrote: > Hi minek, > > On 11/04/2016 04:41 PM, minek van wrote: > > Hello, > > > > # strings /dev/arandom | grep -o '[[:print:]]' | head -100 > a.txt > > # sort -R a.txt > > K > ... > > 9 > > # uname -mrs > > OpenBSD 6.0 amd64 > > # > > # sort -R a.txt > b.txt > > # cksum b.txt > > 3374888359 200 b.txt > > # sort -R a.txt > b.txt > > # cksum b.txt > > 109071951 200 b.txt > > # sort -R a.txt > b.txt > > # cksum b.txt > > 3441576000 200 b.txt > > # > > > > from: http://man.openbsd.org/OpenBSD-current/man1/sort.1 > > > > -R, --random-sort, --sort=random > > > > Sort lines in random order. This is a random permutation of the > inputs with the exception that equal keys sort together. It is > implemented by hashing the input keys and sorting the hash values. The > hash function is randomized with data from arc4random_buf(3), or by file > content if one is specified via --random-source. If multiple sort fields > are specified, the same random hash function is used for all of them. > > > > Although the "b.txt" differs, if we check it by the human eye... that > is not random.. **Why**? Why is it called random, WHEN IT IS NOT > RANDOM?! Random should mean RANDOM. Not "almost" random.. > > > > The same can be seen on ex.: RHEL7. > > > > I would guess this is the desired behavior. The man page cited by you > also states: > > 'This is a random permutation of the inputs with the exception that > equal keys sort together. It is implemented by hashing the input keys > and sorting the hash values.' > > So clearly same values/strings will be put together. > > Best wishes > > Chris > > [demime 1.01d removed an attachment of type application/pkcs7-signature > which had a name of smime.p7s]
Re: Why isn't "sort -R" random?
Hi minek, On 11/04/2016 04:41 PM, minek van wrote: > Hello, > > # strings /dev/arandom | grep -o '[[:print:]]' | head -100 > a.txt > # sort -R a.txt > K ... > 9 > # uname -mrs > OpenBSD 6.0 amd64 > # > # sort -R a.txt > b.txt > # cksum b.txt > 3374888359 200 b.txt > # sort -R a.txt > b.txt > # cksum b.txt > 109071951 200 b.txt > # sort -R a.txt > b.txt > # cksum b.txt > 3441576000 200 b.txt > # > > from: http://man.openbsd.org/OpenBSD-current/man1/sort.1 > > -R, --random-sort, --sort=random > > Sort lines in random order. This is a random permutation of the inputs with the exception that equal keys sort together. It is implemented by hashing the input keys and sorting the hash values. The hash function is randomized with data from arc4random_buf(3), or by file content if one is specified via --random-source. If multiple sort fields are specified, the same random hash function is used for all of them. > > Although the "b.txt" differs, if we check it by the human eye... that is not random.. **Why**? Why is it called random, WHEN IT IS NOT RANDOM?! Random should mean RANDOM. Not "almost" random.. > > The same can be seen on ex.: RHEL7. > I would guess this is the desired behavior. The man page cited by you also states: 'This is a random permutation of the inputs with the exception that equal keys sort together. It is implemented by hashing the input keys and sorting the hash values.' So clearly same values/strings will be put together. Best wishes Chris [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Why isn't "sort -R" random?
Hello, # strings /dev/arandom | grep -o '[[:print:]]' | head -100 > a.txt # sort -R a.txt K ] U O B B ~ o o I I P s s Q f f p , 1 5 # X X c c W W \ \ h w v v ? ` L L L L A A A E J J Y $ | ! x 2 2 2 2 ( a q q q q 3 3 7 d + z z z S S S S F 6 = i i G G . . . : [ [ T { - } } } j j & 9 9 9 # uname -mrs OpenBSD 6.0 amd64 # # sort -R a.txt > b.txt # cksum b.txt 3374888359 200 b.txt # sort -R a.txt > b.txt # cksum b.txt 109071951 200 b.txt # sort -R a.txt > b.txt # cksum b.txt 3441576000 200 b.txt # from: http://man.openbsd.org/OpenBSD-current/man1/sort.1 -R, --random-sort, --sort=random Sort lines in random order. This is a random permutation of the inputs with the exception that equal keys sort together. It is implemented by hashing the input keys and sorting the hash values. The hash function is randomized with data from arc4random_buf(3), or by file content if one is specified via --random-source. If multiple sort fields are specified, the same random hash function is used for all of them. Although the "b.txt" differs, if we check it by the human eye... that is not random.. **Why**? Why is it called random, WHEN IT IS NOT RANDOM?! Random should mean RANDOM. Not "almost" random.. The same can be seen on ex.: RHEL7.
Re: Oddness with pkg_add
On Fri, Nov 04, 2016 at 10:06:13AM -0400, Raul Miller wrote: > On Fri, Nov 4, 2016 at 9:54 AM, Chris Bennett > wrote: > > As a side note, if you use a server to download OpenBSD that is located > > in the US, there is always that chance that those crypto issues might > > one day be a concern. > > Something similar could be said about hardware purchases and (*insert > name of country where hardware was manufactured*). > > > Also, inside the US, anything that goes wrong, including cold coffee is > > the Russians fault. > > Luckily, Mexico is going to pay for a wall to keep illegal Mexicans from > > returning to Mexico where there are better jobs. :) > > I was trying to be a little lighthearted with this comment, but unfortunately I am a US citizen and the political situation is terrifying. Actually, this is a good reason to be VERY concerned about what the US might do with crypto and hardware, which is why I threw it in. If I offended anyone on the list, say so and I will pay penance with a small donation to OpenBSD. Chris > > Sadly, I wasn't joking about the better jobs part. > > Personally, I'm not motivated to solve these problems. > > Or, rather, I'm not motivated to do more about solving these problems > than I already am attempting to do. Call it a lack of vision, thing... > > Thanks, > > -- > Raul
Re: Oddness with pkg_add
On Fri, Nov 4, 2016 at 9:54 AM, Chris Bennett wrote: > As a side note, if you use a server to download OpenBSD that is located > in the US, there is always that chance that those crypto issues might > one day be a concern. Something similar could be said about hardware purchases and (*insert name of country where hardware was manufactured*). > Also, inside the US, anything that goes wrong, including cold coffee is > the Russians fault. > Luckily, Mexico is going to pay for a wall to keep illegal Mexicans from > returning to Mexico where there are better jobs. :) > > Sadly, I wasn't joking about the better jobs part. Personally, I'm not motivated to solve these problems. Or, rather, I'm not motivated to do more about solving these problems than I already am attempting to do. Call it a lack of vision, thing... Thanks, -- Raul
Re: Oddness with pkg_add
On Thu, Nov 03, 2016 at 10:21:57PM -0400, trondd wrote: > Try substituting the IP for the hostname. Is it just DNS that's the > problem or all network connectivity? > +1 on this. I frequently have DNS issues so I no longer use the hostname. As a side note, if you use a server to download OpenBSD that is located in the US, there is always that chance that those crypto issues might one day be a concern. Also, inside the US, anything that goes wrong, including cold coffee is the Russians fault. Luckily, Mexico is going to pay for a wall to keep illegal Mexicans from returning to Mexico where there are better jobs. :) Sadly, I wasn't joking about the better jobs part. Chris
Re: berkeleydb in ports
On 2016-11-04, Peter J. Philipp wrote: > Hi, > > I'm writing because I'm wondering if people out there have had problems > with the 4.6 version of Berkeley DB in ports, and I'm wondering if I'm > the only one. The reason is this. I'm the author of a DNS server that > uses Berkeley DB as a backend and I've stumbled on some database > weirdness a few months ago. In particular the query function seems to > have stuck after some usage whereas the AXFR function which is on the > same descriptor is not stuck. What I've done is I've pulled my DNS > server away from answering queries and it does only AXFR as a hidden > master, but I do plan on bringing it back some day. I don't have any > old core files currently with me so this report is based only on my > memory. When I gdb'ed a stuck process by attaching gdb to it I noticed > that the query engine was in berkeley db and probably not returning > possibly a dead-lock situation. > > The way I use berkeley db is across several forked childs, there is a > child that does solely AXFR (using a cursor on the db and walking the > zones) and there is a child that does queries to port 53. Since the > database was opened before the fork() the descriptor is shared among the > childs. I always saw this as no problem in terms of how the program was > designed. > > Has anyone else seen possible dead-locks in berkeley db 4.6 as provided > by the OpenBSD ports? If not there is a chance it's my program meaning > I'll never figure out what is causing this because I have planned on > replacing berkeley db altogether, however if it's a known bug it would > save me the effort next year. The DNS server was built with OpenBSD as > the development machine and is now also running in a strict OpenBSD > environment on my VPS's. > > Thanks in advance for your sharing, > > -peter > > I haven't noticed any myself, but the only thing I'm using it with is openldap (not forked afaik). We are many releases behind with db (last time it came up I don't think there was a good plan to deal with the file format change), so there might well be a problem that has been fixed upstream in the meantime..
Re: Oddness with pkg_add
On Thu, Nov 03, 2016 at 09:26:43PM -0400, trondd wrote: > On Thu, November 3, 2016 9:19 pm, trondd wrote: > > On Thu, November 3, 2016 9:07 pm, Chris Huxtable wrote: > >> Same as before unfortunately. > >> > >> # pkg_add -v nano > >> Error from http://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ > >> ftp: ftp.openbsd.org: no address associated with name > >> http://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ is empty > >> Error from http://openbsd.cs.toronto.edu/pub/OpenBSD/6.0/packages/amd64/ > >> ftp: openbsd.cs.toronto.edu: no address associated with name > >> http://openbsd.cs.toronto.edu/pub/OpenBSD/6.0/packages/amd64/ is empty > >> Error from > >> http://athena.caslab.queensu.ca/pub/OpenBSD/6.0/packages/amd64/ > >> ftp: athena.caslab.queensu.ca: no address associated with name > >> http://athena.caslab.queensu.ca/pub/OpenBSD/6.0/packages/amd64/ is empty > >> Can't find nano > >> > >> Could this be a pledge issue? > >> > > > > Check dmesg, but on a clean install, probably not. > > > > Are you doing something funky with pf, like only allowing certain users > > internet access? pkg_add downloads as the _pfetch user. Try doas -u > > _pfetch host ftp.openbsd.org > > > > Correction: 6.0 changed the user to _pkgfetch. Not really. _pfetch was stolen from dpb until we got a proper user. The window where _pfetch got used in pkg_add is rather small, (2016/02/09 -> 2016/03/18)
Re: npppd troubles
On Thu, Nov 03, 2016 at 06:48:56PM -0400, Marina Brown wrote: > On 11/03/2016 03:36 PM, Stefan Sperling wrote: > > On Thu, Nov 03, 2016 at 03:17:40PM -0400, Marina Brown wrote: > >> Hi All: > >> > >> I have been trying to create an nppp connection across my property - > >> about 100M for one of my friends who lives here. He wants less security > >> than i like behind my firewall. I have not been able to get OpenBSD to > >> route his connection out of the network. Here are my settings. > > > >> # NAT Rule to translate from internal to External NET > >> pass out on em0 inet from em1:network to any nat-to (em0) > > > > You're using NAT when passing out on em0 here, and... > > > >> external = em0 > > > >> pass out quick on $external from 10.0.0.103/32 to any > > > > ... my guess is that you're missing 'nat-to ($external)' here ^ > > > > Thanks - is there a way to exclude the npppd users from the nat > altogether. That is the reason for the excersize. If i put him > behind the nat we are right where we started. He runs games that > don't play well with strict NAT settings and i don't want the rest of my > network exposed to reduced security. > > I thought he would be on pppx0. Is there a way to do this. Well, one way or another he will need to have his private 10.0.0.103 IP address translated to an IP that is actually valid on the internet. There is no way around that. pppx0 is where his packets arrive on your firewall. Your firewall has to forward those packets to the internet and that requires using a public IP as source address, else the internet won't be able to reply. One option would be for him to get a VPN tunnel with some provider that assigns public IPs to their VPN clients. That would solve this issue as long as you still provide NAT so that his VPN client can reach the provider's server across the internet. He would get his own public IP to use for the game. Another option is to try adding 'static-port' to his NAT rule: pass out quick on $external from 10.0.0.103/32 to any nat-to ($external) static-port Perhaps that's enough to make the game he's playing work through NAT. You could further restrict the above to certain ports used by the game. For example, if the game was using the port range 5000:5100 then you could do something like this: pass out quick on $external from 10.0.0.103/32 to any port 5000:5100 nat-to ($external) static-port In this case all his other connections would still use randomized NAT ports.
Re: permanent ARP being overwritten by ISP
On 25/10/16(Tue) 03:27, Doug Moss wrote: > On Wednesday, January 20, 2016 1:37 PM, Martin Pieuchot > wrote: > >If you're referring to my reply, I was interested in the behavior in a > >-current kernel, what will be 5.9 soon. A lot of changes happened > >since 5.8. > > > >It would be nice if you could also post the output of "route -n show -inet" > > >with such kernel. > > I have brought up this issue before, but I think I have narrowed down the > possible causes/scenario, > and I have my machine up to date with the current release. > > I think my question is: > on my openbsd 6.0 amd64 machine, where I already have an accurate ARP entry > that has been manually > set as permanent, when the sshd daemon receives a connection, why does that > machine broadcast > an ARP 'who-has' for the IP address of the SSH client machine? Good question. Could you rebuild arp(8) with the diff attached and show me the output of "arp -an" after triggering the 'who-has'? I'd like to know if some code path set the expiration timer of your permanent entry. Index: arp.c === RCS file: /cvs/src/usr.sbin/arp/arp.c,v retrieving revision 1.76 diff -u -p -r1.76 arp.c --- arp.c 27 Aug 2016 04:15:52 - 1.76 +++ arp.c 4 Nov 2016 10:03:34 - @@ -556,7 +556,7 @@ print_entry(struct sockaddr_dl *sdl, str if (rtm->rtm_flags & (RTF_PERMANENT_ARP|RTF_LOCAL)) printf(" %-10.10s", "permanent"); - else if (rtm->rtm_rmx.rmx_expire == 0) + if (rtm->rtm_rmx.rmx_expire == 0) printf(" %-10.10s", "static"); else if (rtm->rtm_rmx.rmx_expire > now.tv_sec) printf(" %-10.10s",
berkeleydb in ports
Hi, I'm writing because I'm wondering if people out there have had problems with the 4.6 version of Berkeley DB in ports, and I'm wondering if I'm the only one. The reason is this. I'm the author of a DNS server that uses Berkeley DB as a backend and I've stumbled on some database weirdness a few months ago. In particular the query function seems to have stuck after some usage whereas the AXFR function which is on the same descriptor is not stuck. What I've done is I've pulled my DNS server away from answering queries and it does only AXFR as a hidden master, but I do plan on bringing it back some day. I don't have any old core files currently with me so this report is based only on my memory. When I gdb'ed a stuck process by attaching gdb to it I noticed that the query engine was in berkeley db and probably not returning possibly a dead-lock situation. The way I use berkeley db is across several forked childs, there is a child that does solely AXFR (using a cursor on the db and walking the zones) and there is a child that does queries to port 53. Since the database was opened before the fork() the descriptor is shared among the childs. I always saw this as no problem in terms of how the program was designed. Has anyone else seen possible dead-locks in berkeley db 4.6 as provided by the OpenBSD ports? If not there is a chance it's my program meaning I'll never figure out what is causing this because I have planned on replacing berkeley db altogether, however if it's a known bug it would save me the effort next year. The DNS server was built with OpenBSD as the development machine and is now also running in a strict OpenBSD environment on my VPS's. Thanks in advance for your sharing, -peter
Re: Is 6.1 expected to happen soon?
On Thu, Nov 03, 2016 at 07:42:01PM -0600, Theo de Raadt wrote: | We need to learn somehow. Sometimes the commit-pullout-recommit- | pullout-recommit-pullout-recommit-pullout-recommit-pullout-recommit | process is too costly. Want to help shortcut? Run snapshots? | | Afraid of that? Don't worry, it happens randomly, rarely and | sporatically and you likely won't get hit except 1 round of builds. | Someone will hit it first, we hope. | | Otherwise run releases, and don't participate in the process that | makes the next release better. We ask for a bit of snapshot use, but | you get to make your own choices. My approach the last few years has been to very frequently update local, less important, machines (my laptop and workstation). Then, when the snapshot is fine on those machines (which it usually is), I update my home gateway with some of those snaps (it has a different workload, so it tends to excercise other codepaths possibly finding bugs I don't find on my laptop/workstation - and besides, reboots are slightly more annoying, since I lose connectivity for like three whole minutes while I wait for the machine to come up again). When it's also fine on my home gateway, I sometimes roll it out to other machines that run services on the internet. Here I don't want to reboot very frequently: that introduces brief downtime. But keeping track of source-changes@ and ports-changes@, sometimes bugs are fixed (think Open/LibreSSL or random bugs in ports for some of the software I run) which make upgrading a bit more pressing. Anecdotally, snapshots are quite stable. My workstation and laptop almost never have problems, so I'm happy. And when I do run into issues, I try to report them to bugs@ so that they're fixed before I move those more important machines forward. Since they must move forward at some point... :) One thing I've not been doing very much lately is testing diffs that are sent to tech@. Time permitting, I'm hoping to pick that up again soon, applying diffs to machines that are likely to be affected. Anyway .. this is a very common and easy way to help OpenBSD development: give feedback about new code. I guess it's the easiest approach after donating to the project. -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/