Problems installing on Dell R830

2017-04-25 Thread adrian 
Hi all,

It's been a long time since I posted here, so apologies if I slip up on the 
netiquette.

I'm trying to install on a Dell R830 but I can't get the installer to boot - it 
crashes with a page fault after displaying the initial copyright message:

[..snip..]
fatal page fault in supervisor mode
trap type 6 code 2 rip 8100195d cs 8 rflags 10246 cr2  f807ffef000
cpl e rsp 81a05ba8
panic: trap type 6, code=2, pc=8100195d
[..snip..]

I've tried booting 6.0, 6.1 and the current snapshot with similar results.  
Other Dell hardware I have access to (eg. R630, R620) works OK.  Normally I'd 
try disabling stuff in UKC, but booting with "-c" has the same result and no 
UKC> prompt.

Does anyone have any suggestions on how I might get this going?

Thanks,

Adrian Close

Re: acme-client(1) and http_proxy

2017-04-25 Thread Predrag Punosevac 
Adam Thompson wrote:

> I stand by my statement that just buying a cheap SSL cert will, for 
> anything other than the simple case of an online, directly-connected, 
> webserver, be cheaper than the labour required to obtain a LetsEncrypt
> certificate.

A cheap certificate like the one you can buy from GoDaddy will trigger
browser exception warning just like the self-signed certificates. If the
your goal is to encrypt web traffic self-signed certificate will do it.
If your goal is to provide a peace of mind to your customers by
presenting them a proper SSL certificate which will authenticate against
credible third party server I am afraid that you will have to shell
little bit more money to get the one from Verisign.

LetsEncrypt is a wonderful option for people like me who need to have
both (encryption and authentication) but without resources (working for
an academic Lab) to pay for a real certificate.

Best,
Predrag

P.S. In all my years on this mailing list I have seen nothing but the
most insightful, helpful, and polite answers by Mr. Stuart Henderson.
If he had labeled my post as a "Fake news :)" I would reflect on it
before posting again in the same thread.

Re: Bridged vether interfaces can't talk to each other (multiple routing tables)

2017-04-25 Thread Anders Andersson 
On 22 April 2017 at 04:22, Edgar Pettijohn  wrote:
> On 04/21/17 20:49, Anders Andersson wrote:
>>
>> Now to my problem: I have no connection between vether0<->vether1.
>>
>>  # traceroute -nvq1 10.0.0.3
>>  traceroute to 10.0.0.3 (10.0.0.3), 64 hops max, 40 byte...
>>   1  *
>>   2  *
>>  ^C
>>
>> If I listen with tcpdump on the bridge, I see lots of unanswered arp
>> who-has:
>>
>>  # tcpdump -nti bridge0
>>  tcpdump: listening on bridge0, link-type EN10MB
>>  arp who-has 10.0.0.3 tell 10.0.0.2
>>  arp who-has 10.0.0.3 tell 10.0.0.2
>>  ^C
>
>
> Never done this, but maybe you need an arp proxy.  Not sure which $iface to
> put it on, but something like:
> # arp -s 10.0.0.2 00:00:00:00:00:02 pub
>
> may or may not help depending on if my understanding of what I read in the
> manual actually does what I think it will.

Thank you for the reply! I tried this, and it *does* help with the ARP
problem. However, it only moves the problem to the next stage.

# ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3): 56 data bytes
^C

# tcpdump -nti vether1
tcpdump: listening on vether1, link-type EN10MB
10.0.0.2 > 10.0.0.3: icmp: echo request
10.0.0.2 > 10.0.0.3: icmp: echo request
10.0.0.2 > 10.0.0.3: icmp: echo request
^C

Now the pings are transmitted, and according to tcpdump, they are
received on the virtual interface, it's just that there's no reply.
Pinging the same interface from outside the box works great, the
packets are transported through the physical interface, through the
bridge, and ending up at the virtual interface which replies. Running
httpd on the interface in routing domain 1 also works from the
outside.

I probably have to trim this down to an even smaller example in order
to get any help, I realize that the initial mail was a bit much to
digest. I don't really *have* to connect between the interfaces, but I
expect that I will find a lot of problems with this setup in the
future unless I understand all the issues involved.

// Anders

Re: acme-client(1) and http_proxy

2017-04-25 Thread Adam Thompson 

On 2017-04-25 05:27, Stuart Henderson wrote:

On 2017-04-25, Adam Thompson  wrote:

By definition, you will (probably) not be able to use the ACME
protocol - it only works (normally) when your system is connected
directly to the public internet with a static IP address.

Simply because you say "behind a corporate firewall", I already know
(or at least assume) that ACME will not work for you, ever.

ACME, and LetsEncrypt, only handles public websites. There are ways
around this, but they are painful and likely not worthwhile - it
*will* be cheaper to just buy a regular SSL certificate than to get a
LetsEncrypt certificate for an internal server.


Fake news :)


Ha!  That made me laugh!
I was deliberately omitting all the details of the other challenge 
protocols, because (see below).  But yes, I deliberately sacrificed 
correctness for utility in my response.



Firstly, with dns-01 challenge you can get a certificate for a server
which doesn't allow external access at all (the request and challenge
can be done with completely separate machines than the certificate
is for).

Secondly, some environments permit inbound connections but require
a proxy for outbound access from a DMZ. In a hosting environment,
restricting outbound access is often more important than inbound.


While it's possible that this was the case, the fact the OP was even 
asking the question in the first place strongly suggests that this is 
not his situation.


I stand by my statement that just buying a cheap SSL cert will, for 
anything other than the simple case of an online, directly-connected, 
webserver, be cheaper than the labour required to obtain a LetsEncrypt 
certificate.


From what I've read so far, you'd have to be *really* committed to 
LetsEncrypt to go to the bother of using any of the alternate challenge 
protocols.  In all the situations where one person could complete the 
process themselves, that person is highly likely to simply be directly 
connected anyway - so why bother?


Once the entire CA industry moves towards ACME (if that happens) then I 
can see a number of situations where those alternate challenge protocols 
will be useful and/or required, but for a LetsEncrypt certificate?  It 
just doesn't seem worthwhile.  Especially when the cost of a 
single-hostname SSL cert (which meets the needs of many users) is now 
somewhere below US$5/year!


And neither of us addressed the fact that for a server that's "behind a 
corporate firewall", there's a good chance that it's not even using a 
legit gTLD/ccTLD, which means getting an external domain-validated SSL 
cert for it will be (or should be!) impossible in the first place.


-Adam

Re: OpenBSD 6.1, boot can't find kernel anymore

2017-04-25 Thread Jonathan Matthew 
On Sun, Apr 23, 2017 at 10:43:59PM -0700, Nicolas Vollmar wrote:
> Hello everyone,
> 
> I've upgraded to OpenBSD 6.1 from 6.0 on my up board according the upgrade
> guide.
> As a result it seems something changed in boot which results in it not
> finding the kernel anymore. There are now two additional hd found by boot
> (4MB each, empty and one not readable) despite only having one disk (onboard
> eMMC storage). I've to manually boot OpenBSD from hd2a instead of hd0a.
> 
> I couldn't figure out what changed, so I tried a clean install of OpenBSD
> 6.1, still the same effect it can't boot.
> Also ensured that the OpenBSD partition is flagged with fdisk.

This change to efiboot is most likely responsible:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/amd64/stand/efiboot/efiboot.c.diff?r1=1.15=1.16
I was looking into this on a similar machine but it died before I got anywhere.

Re: 6.1: /usr/local/bin/node: W^X binary outside wxallowed mountpoint

2017-04-25 Thread Todd C. Miller 
On Tue, 25 Apr 2017 16:49:36 +0200, Maxim Bourmistrov wrote:

> Any work around for this one?
> 
> Mount with wxallowed not working.

Two things are required:

1) The binary must be on a file system mounted with the wxallowed
   option.

2) The binary must have the OPENBSD_WXNEED type in the ELF header.

You can check for #2 by running "readelf -l /usr/local/bin/node".
The output should include a section similar to the following.
If you don't see OPENBSD_WXNEED in there, that is the problem
and you probably need to update your packages to the 6.1 versions.

Program Headers:
  Type   Offset VirtAddr   PhysAddr
 FileSizMemSiz  Flags  Align
  PHDR   0x0040 0x0040 0x0040
 0x0348 0x0348  R E8
  INTERP 0x00af82be 0x00bf82be 0x00bf82be
 0x0013 0x0013  R  1
  [Requesting program interpreter: /usr/libexec/ld.so]
  LOAD   0x 0x 0x
 0x00af82be 0x00af82be  R E10
  LOAD   0x00af82be 0x00bf82be 0x00bf82be
 0x00bfe59a 0x00bfe59a  R  10
  LOAD   0x016f6910 0x018f6910 0x018f6910
 0x000a5af0 0x000b6e00  RW 10
  DYNAMIC0x0177dda8 0x0197dda8 0x0197dda8
 0x01b0 0x01b0  RW 8
  NOTE   0x00af82d4 0x00bf82d4 0x00bf82d4
 0x0018 0x0018  R  4
  GNU_EH_FRAME   0x01533634 0x01633634 0x01633634
 0x00049dac 0x00049dac  R  4
  OPENBSD_WXNEED 0x 0x 0x
 0x 0xE8
  OPENBSD_RANDOM 0x016f6910 0x018f6910 0x018f6910
 0x0008 0x0008  RW 8
  GNU_RELRO  0x016f6910 0x018f6910 0x018f6910
 0x0008f6f0 0x0008f6f0  R  1

Re: Latest change to netstart (current)

2017-04-25 Thread Christer Solskogen 
On Tue, Apr 25, 2017 at 9:20 PM, Robert Peichaer 
wrote:

>
> I just commited a fix for this. Thanks for reporting.
>
>
Sweet, thanks!

Re: Latest change to netstart (current)

2017-04-25 Thread Robert Peichaer 
On Tue, Apr 25, 2017 at 03:20:07PM +0200, Christer Solskogen wrote:
> ...seems to not bring up carp0, unless I run "sh /etc/netstart carp0"
> manually.
> 
> # ls -l /etc/hostname.carp0
> -rw-r-  1 root  wheel  80 Apr 25 15:10 /etc/hostname.carp0
> # cat /etc/hostname.carp0
> inet 192.168.0.1 255.255.255.0 NONE advskew 10 vhid 1 carpdev re0 pass
> beefcake
> # cat /etc/hostname.re0
> inet 192.168.0.3 255.255.255.0 NONE
> 
> # uname -a
> OpenBSD tugs.antarctica.no 6.1 GENERIC.MP#18 amd64
> (latest snapshot, april 25th)

I just commited a fix for this. Thanks for reporting.

-- 
-=[rpe]=-

Re: WARNING: symbol(icudt58_dat) size mismatch, relink your program

2017-04-25 Thread Edgar Pettijohn 



On 04/25/17 10:39, Kim Lidström wrote:

I get the same but with Firefox.


On 25 Apr 2017, at 12:29, Stuart Henderson  wrote:

You aren't doing anything wrong to trigger it. Known problem but we
haven't figured out the cause of this yet.

Alright. Do you know if you have any leads? Might take a look this week

I also get the same when starting libreoffice.

getty doesn't work on serial ports which aren't the boot console

2017-04-25 Thread Andrew Daugherity 
I was setting up a new server where I wasn't sure whether com0 or com1 was
the port I wanted, so I turned on both tty00 and tty01 in /etc/ttys to see
which one to use in boot.conf.  Edited the file, did the 'kill -HUP 1',
and... nothing.  getty processes are listening on tty00 and tty01, but both
ports are stone dead.

Tried cua00/cua01 in /etc/ttys on a lark, and it worked!  Well, kinda...
echo control isn't right, as passwords get echoed at the login prompt.

Now that I knew which port was which, I configured boot.conf and rebooted.
Bootloader & kernel messages work correctly on both com0 or com1, whichever
is configured and connected to.  Furthermore, using tty00/tty01 in
/etc/ttys now works properly (including echo control), but ONLY on the port
that was the boot console.

To clarify:
bootloader set tty com0: getty works on tty00, does not work on tty01
bootloader set tty com1: getty does not work on tty00, works on tty01
getty on cua00/cua01 works (but with echo issues) in all cases.

This seems like possible serial line issues (carrier detect/DTR/DSR, etc.),
but I don't know why.  I've never had any problems with this null-modem
cable before, and furthermore, one of the serial ports has no cable, but is
connected internally to the IPMI/DRAC module and viewed via IPMI SoL
[serial over LAN], so I couldn't change the cable pinout if I wanted.  I
also tried various combinations of flags mentioned in ttys(5) (local,
softcar, etc.) to no effect.  Does the kernel do something special
regarding CD/DTR/DSR if the port is the boot console?

I searched the list archives and found this thread from 2009, where others
had the same problem, without any apparent resolution: https://marc.info/
?l=openbsd-misc=123335745920052=2

Any ideas?


Hardware details: Dell R230, with the cheapest DRAC option (or rather, I
selected the "basic" DRAC which came standard).  Fortunately with the iDRAC
8 on 13th-gen servers (Rn30 etc.), even the iDRAC8 Basic has a dedicated
NIC (previously you had to get an "enterprise" option for that).  The
serial port ordering is configurable in the BIOS; I have it set so that
com0 is the physical port and com1 is IPMI (I think the default was the
opposite).

Besides configuring IPMI SoL and boot serial console redirection (port,
baud rate, turn off "redirection after boot") in the BIOS, I also had to
turn off "RAC Serial" in the iDRAC settings, so that the port went to the
host via IPMI rather than the RAC itself.  Connecting from a client with
'ipmitool -I lanplus -H  -U  sol activate' works great.

dmesg:
OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr  1 13:45:56 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8395776000 (8006MB)
avail mem = 8136646656 <(813)%20664-6656> (7759MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x8ef68000 (43 entries)
bios0: vendor Dell Inc. version "1.4.5" date 08/09/2016
bios0: Dell Inc. PowerEdge R230
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP BOOT SSDT SLIC HPET LPIT APIC MCFG WDAT SSDT DBGP
DBG2 SSDT SSDT SSDT SSDT SSDT SSDT PRAD HEST BERT ERST EINJ DMAR FPDT SPCR
acpi0: wakeup devices PEGP(S0) PEG0(S0) PEGP(S0) PEG1(S0) PEGP(S0) PEG2(S0)
XHC_(S0) XDCI(S0) PXSX(S0) RP01(S0) PXSX(S0) RP02(S0) PXSX(S0) RP03(S0)
PXSX(S0) RP04(S0) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,
FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,
LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,
SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 369600 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,
FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,
LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,
SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz

Re: OpenBSD/octeon on EdgeRouter PoE - my experience

2017-04-25 Thread Daniel Gracia 
EdgeRouter PoE octeon has 3 Ethernet hardware ports (it is the very same
platform for PoE and Lite). In the case of the PoE unit:

* Two first ports are connected to a PHY device (so you can connect an
actual UTP/FTP cable).
* Third port is connected to an embedded hardware switch rather than a PHY
(so you get no cable for your cnmac2).

So the OpenBSD kernel output seems reasonable as long as you suppose that
nobody has taken the job of writting the driver to enable the embedded
switch. Managing PoE is closely related (as this kind of hardware level
configuration should require its very own driver).

Regards!

2017-04-25 3:14 GMT+02:00 Doggie :

> Hello,
>
> OpenBSD has been my system of choice for router / firewall / access point
> purposes since 2003 (v3.3). And naturally it's been doing great :) Up until
> this year though, I would always use rather old i386 hardware (15-20 years
> old PC's are still in operation), equipped with a bunch of slow NIC's,
> while still dreaming about something neat, efficient, small, silent and
> low-energy. Then, all of a sudden, a few months ago I discovered Ubiquiti
> Networks' EdgeRouter PoE, followed by OpenBSD/octeon port. Didn't need much
> time to decide to buy it, remove its original USB flashdrive, deploy
> OpenBSD to a new one and finally give it a try. 6.0 Release is now
> installed, patched and configured with all the needed packages. Below I
> include dmesg outputs ("sysctl hw.sensors" produces no information):
>
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2016 OpenBSD. All rights reserved.
> http://www.OpenBSD.org
> OpenBSD 6.0 (GENERIC) #10: Fri Jul 29 04:45:17 UTC 2016
> visa@octeon:/usr/src/sys/arch/octeon/compile/GENERIC
> real mem = 536870912 (512MB)
> avail mem = 524386304 (500MB)
> warning: no entropy supplied by boot loader
> mainbus0 at root
> cpu0 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
> cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
> clock0 at mainbus0: int 5
> iobus0 at mainbus0
> dwctwo0 at iobus0 base 0x118006800 irq 56
> usb0 at dwctwo0: USB revision 2.0
> uhub0 at usb0 "Octeon DWC2 root hub" rev 2.00/1.00 addr 1
> octrng0 at iobus0 base 0x14000 irq 0
> cn30xxgmx0 at iobus0 base 0x118000800
> cnmac0 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
> atphy0 at cnmac0 phy 7: AR8035 10/100/1000 PHY, rev. 2
> cnmac1 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
> atphy1 at cnmac1 phy 6: AR8035 10/100/1000 PHY, rev. 2
> cnmac2 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
> uartbus0 at mainbus0
> com0 at uartbus0 base 0x118000800 irq 34: ns16550a, 64 byte fifo
> com0: console
> com1 at uartbus0 base 0x118000c00 irq 35: ns16550a, 64 byte fifo
> /dev/ksyms: Symbol table not valid.
> umass0 at uhub0 port 1 configuration 1 interface 0 "JetFlash Mass Storage
> Device" rev 2.10/11.00 addr 2
> umass0: using SCSI over Bulk-Only
> scsibus0 at umass0: 2 targets, initiator 0
> sd0 at scsibus0 targ 1 lun 0:  SCSI4
> 0/direct removable serial.
> sd0: 30128MB, 512 bytes/sector, 61702144 sectors
> vscsi0 at root
> scsibus1 at vscsi0: 256 targets
> softraid0 at root
> scsibus2 at softraid0: 256 targets
> boot device: sd0
> root on sd0a (.a) swap on sd0b dump on sd0b
> WARNING: No TOD clock, believing file system.
> WARNING: CHECK AND RESET THE DATE!
>
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2016 OpenBSD. All rights reserved.
> http://www.OpenBSD.org
> OpenBSD 6.0 (GENERIC.MP) #0: Thu Apr  6 00:45:05 CEST 2017
>
> root@:/usr/src/sys/arch/octeon/compile/GENERIC.MP
> real mem = 536870912 (512MB)
> avail mem = 524353536 (500MB)
> warning: no entropy supplied by boot loader
> mainbus0 at root
> cpu0 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
> cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
> cpu1 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
> cpu1: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
> clock0 at mainbus0: int 5
> iobus0 at mainbus0
> dwctwo0 at iobus0 base 0x118006800 irq 56
> usb0 at dwctwo0: USB revision 2.0
> uhub0 at usb0 "Octeon DWC2 root hub" rev 2.00/1.00 addr 1
> octrng0 at iobus0 base 0x14000 irq 0
> cn30xxgmx0 at iobus0 base 0x118000800
> cnmac0 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
> atphy0 at cnmac0 phy 7: AR8035 10/100/1000 PHY, rev. 2
> cnmac1 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
> atphy1 at cnmac1 phy 6: AR8035 10/100/1000 PHY, rev. 2
> cnmac2 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
> uartbus0 at mainbus0
> com0 at uartbus0 base 0x118000800 irq 34: ns16550a, 64 byte fifo
> com0: console
> com1 at uartbus0 base 0x118000c00 irq 35: ns16550a, 64

Re: 6.1: /usr/local/bin/node: W^X binary outside wxallowed mountpoint

2017-04-25 Thread Solène Rapenne 

Le 2017-04-25 16:49, Maxim Bourmistrov a écrit :

Hey,
Any work around for this one?

Mount with wxallowed not working.

Br


Hello,

Could you give details ?

When I type node on a fresh installed 6.1 I get
the node shell, no error.

Regards

Re: WARNING: symbol(icudt58_dat) size mismatch, relink your program

2017-04-25 Thread Kim Lidström 
I get the same but with Firefox.

> On 25 Apr 2017, at 12:29, Stuart Henderson  wrote:
> 
> You aren't doing anything wrong to trigger it. Known problem but we
> haven't figured out the cause of this yet.

Alright. Do you know if you have any leads? Might take a look this week

OpenBSD/octeon on EdgeRouter PoE - my experience

2017-04-25 Thread Doggie 

Hello,

OpenBSD has been my system of choice for router / firewall / access 
point purposes since 2003 (v3.3). And naturally it's been doing great :) 
Up until this year though, I would always use rather old i386 hardware 
(15-20 years old PC's are still in operation), equipped with a bunch of 
slow NIC's, while still dreaming about something neat, efficient, small, 
silent and low-energy. Then, all of a sudden, a few months ago I 
discovered Ubiquiti Networks' EdgeRouter PoE, followed by OpenBSD/octeon 
port. Didn't need much time to decide to buy it, remove its original USB 
flashdrive, deploy OpenBSD to a new one and finally give it a try. 6.0 
Release is now installed, patched and configured with all the needed 
packages. Below I include dmesg outputs ("sysctl hw.sensors" produces no 
information):


Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2016 OpenBSD. All rights reserved. 
http://www.OpenBSD.org

OpenBSD 6.0 (GENERIC) #10: Fri Jul 29 04:45:17 UTC 2016
visa@octeon:/usr/src/sys/arch/octeon/compile/GENERIC
real mem = 536870912 (512MB)
avail mem = 524386304 (500MB)
warning: no entropy supplied by boot loader
mainbus0 at root
cpu0 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
dwctwo0 at iobus0 base 0x118006800 irq 56
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 "Octeon DWC2 root hub" rev 2.00/1.00 addr 1
octrng0 at iobus0 base 0x14000 irq 0
cn30xxgmx0 at iobus0 base 0x118000800
cnmac0 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
atphy0 at cnmac0 phy 7: AR8035 10/100/1000 PHY, rev. 2
cnmac1 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
atphy1 at cnmac1 phy 6: AR8035 10/100/1000 PHY, rev. 2
cnmac2 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
uartbus0 at mainbus0
com0 at uartbus0 base 0x118000800 irq 34: ns16550a, 64 byte fifo
com0: console
com1 at uartbus0 base 0x118000c00 irq 35: ns16550a, 64 byte fifo
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 "JetFlash Mass 
Storage Device" rev 2.10/11.00 addr 2

umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI4 
0/direct removable serial.

sd0: 30128MB, 512 bytes/sector, 61702144 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
boot device: sd0
root on sd0a (.a) swap on sd0b dump on sd0b
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2016 OpenBSD. All rights reserved. 
http://www.OpenBSD.org

OpenBSD 6.0 (GENERIC.MP) #0: Thu Apr  6 00:45:05 CEST 2017

root@:/usr/src/sys/arch/octeon/compile/GENERIC.MP
real mem = 536870912 (512MB)
avail mem = 524353536 (500MB)
warning: no entropy supplied by boot loader
mainbus0 at root
cpu0 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
cpu1 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
cpu1: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
dwctwo0 at iobus0 base 0x118006800 irq 56
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 "Octeon DWC2 root hub" rev 2.00/1.00 addr 1
octrng0 at iobus0 base 0x14000 irq 0
cn30xxgmx0 at iobus0 base 0x118000800
cnmac0 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
atphy0 at cnmac0 phy 7: AR8035 10/100/1000 PHY, rev. 2
cnmac1 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
atphy1 at cnmac1 phy 6: AR8035 10/100/1000 PHY, rev. 2
cnmac2 at cn30xxgmx0: RGMII, address **:**:**:**:**:**
uartbus0 at mainbus0
com0 at uartbus0 base 0x118000800 irq 34: ns16550a, 64 byte fifo
com0: console
com1 at uartbus0 base 0x118000c00 irq 35: ns16550a, 64 byte fifo
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 "JetFlash Mass 
Storage Device" rev 2.10/11.00 addr 2

umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI4 
0/direct removable serial.

sd0: 30128MB, 512 bytes/sector, 61702144 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
boot device: sd0
root on sd0a (.a) swap on sd0b dump on sd0b
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!
cpu1 launched

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights

6.1: /usr/local/bin/node: W^X binary outside wxallowed mountpoint

2017-04-25 Thread Maxim Bourmistrov 
Hey,
Any work around for this one?

Mount with wxallowed not working.

Br

Re: Bad kernel for OpenBSD 6.1 sparc64 ?

2017-04-25 Thread Jeff 

On Sun, 23 Apr 2017, Stefan Sperling wrote:
> On Sat, Apr 22, 2017 at 04:31:02PM -0600, Jeff wrote:
> > Booting from sr0a seemed to do the trick to get my system upgraded to
> > 6.1.  Unfortunately, it's now panicing frequently with, "panic:
> > psycho0: uncorrectable DMA error" but on different commands each time.
>
> Please follow the steps in https://www.openbsd.org/report.html
> In the past we have found bugs in drivers where the hardware ends up
> doing an out of bounds access during DMA transactions. On most platforms
> those bugs don't get noticed but psycho on sparc64 is catching them
> which results in this panic.

Due to the criticality of my system, I installed 6.1 from scratch on
a spare V120.  That system seems to be working great.  I was going
to wait a few days and rebuild the first system to try and determine
if it has a hardware issue but I'll wait and submit a bug report first.

> > Question: After upgrading to 6.1, it's still booting with "OpenBSD
> > BOOT 1.7" but I noticed when booting from the burned install61.iso
> > CD, it reports BOOT 1.9.  I tried running "installboot sd2"  but
> > there's no change.  Is there another method I'm overlooking to
> > update the boot image?
>
> Is sd2 your softraid disk? What does installboot -n -v sd2 say?
>

# installboot -n -v sd2
Using / as root
would install bootstrap on /dev/rsd2c
using first-stage /usr/mdec/bootblk, second-stage /usr/mdec/ofwboot
boot block is 5840 bytes (12 blocks @ 512 bytes = 6144 bytes)
sd2: softraid volume with 2 disk(s)
sd0d: installing boot blocks on /dev/rsd0c
would write boot block to disk /dev/rsd0c
sd1d: installing boot blocks on /dev/rsd1c
would write boot block to disk /dev/rsd1c

# ls -l /usr/mdec
total 428
-rw-r--r--  1 root  bin5840 Apr  1 16:21 bootblk
-r--r--r--  1 root  bin  101048 Apr  1 16:21 ofwboot
-r--r--r--  1 root  bin   53608 Apr  1 16:21 ofwboot.net
-r--r--r--  1 root  bin   53320 Apr  1 16:21 ofwbootfd

Based on the timestamps, things seem to be in order.

Thanks!

-Jeff

Re: OpenBSD 6.1, boot can't find kernel anymore => issue solved on my part

2017-04-25 Thread Stefan Wollny 

 
 

Gesendet: Dienstag, 25. April 2017 um 14:39 Uhr
Von: "Stefan Wollny" 
An: misc@openbsd.org
Betreff: Re: OpenBSD 6.1, boot can't find kernel anymore
Gesendet: Montag, 24. April 2017 um 17:27 Uhr

Von: "Todd C. Miller" 
An: "Nicolas Vollmar" 
Cc: misc@openbsd.org
Betreff: Re: OpenBSD 6.1, boot can't find kernel anymore
You need to post your /var/run/dmesg.boot if you want someone to
help you debug this.

- todd
 
 
I am struck (most likely) by the same issue since this morning. I upgraded 
amd64-current from ftp.hostserver.de.

The problem is a little bit more tricky as the system is fully encrypted 
(key-based). The usb-key itself seems to be untampered as the system is 
unlocked and the system wants to start. Yet:

--- quote ---
boot>
booting sr0a:/bsd: sr0a:/bsd: Inappropriate file type of format failed(79). 
will try /bsd
Turning timeout off
boot>
--- end of quote ---

At that point the startup process stops. But I am able to enter "bsd.rd" and 
the rd-kernel starts. As I am not at home it is not possible to get an internet 
connection thus trying to rerun the upgrade is not possible. But with the 
ramdisk system I am able to mount / and /home and thus able to copy the 
previous bsd.mp to /bsd. Still no luck, just that it now says "... format 
failed(0)."

Interestingly at the boot prompt I can issue a "ls". Beside the usual suspects 
I see after the line for "bsd.rd" the following:
--- quote ---
stat(sr0a:/./sys): No such file or directory
--- end of quote ---

I was able to save a dmesg from the bsd.rd which is attached as txt-file.

I guess once I am back at home having a LAN connection I will be able to rerun 
the upgrade process. Does someone have any idea what I might do until then?

(And Yes - I have a full backup ;-) )

Best,
STEFAN


Just as a follow-up:
I managed to boot with an older kernel still residing on the disk. For what 
reason ever the bsd.mp-file was not downloaded entirely - just about 2MB. Now I 
am back on the track.

Sorry for the noise.

Best,
STEFAN

Re: Latest change to netstart (current)

2017-04-25 Thread Robert Peichaer 
I will check that tonight. 

Am 25. April 2017 15:20:07 MESZ schrieb Christer Solskogen 
:
>...seems to not bring up carp0, unless I run "sh /etc/netstart carp0"
>manually.
>
># ls -l /etc/hostname.carp0
>-rw-r-  1 root  wheel  80 Apr 25 15:10 /etc/hostname.carp0
># cat /etc/hostname.carp0
>inet 192.168.0.1 255.255.255.0 NONE advskew 10 vhid 1 carpdev re0 pass
>beefcake
># cat /etc/hostname.re0
>inet 192.168.0.3 255.255.255.0 NONE
>
># uname -a
>OpenBSD tugs.antarctica.no 6.1 GENERIC.MP#18 amd64
>(latest snapshot, april 25th)

-- 
-=[rpe]=-

Latest change to netstart (current)

2017-04-25 Thread Christer Solskogen 
...seems to not bring up carp0, unless I run "sh /etc/netstart carp0"
manually.

# ls -l /etc/hostname.carp0
-rw-r-  1 root  wheel  80 Apr 25 15:10 /etc/hostname.carp0
# cat /etc/hostname.carp0
inet 192.168.0.1 255.255.255.0 NONE advskew 10 vhid 1 carpdev re0 pass
beefcake
# cat /etc/hostname.re0
inet 192.168.0.3 255.255.255.0 NONE

# uname -a
OpenBSD tugs.antarctica.no 6.1 GENERIC.MP#18 amd64
(latest snapshot, april 25th)

Re: OpenBSD 6.1, boot can't find kernel anymore

2017-04-25 Thread Stefan Wollny 
Gesendet: Montag, 24. April 2017 um 17:27 Uhr

Von: "Todd C. Miller" 
An: "Nicolas Vollmar" 
Cc: misc@openbsd.org
Betreff: Re: OpenBSD 6.1, boot can't find kernel anymore
You need to post your /var/run/dmesg.boot if you want someone to
help you debug this.

- todd
 
 
I am struck (most likely) by the same issue since this morning. I upgraded 
amd64-current from ftp.hostserver.de. 

The problem is a little bit more tricky as the system is fully encrypted 
(key-based). The usb-key itself seems to be untampered as the system is 
unlocked and the system wants to start. Yet:

--- quote ---
boot>
booting sr0a:/bsd: sr0a:/bsd: Inappropriate file type of format failed(79). 
will try /bsd
Turning timeout off
boot>
--- end of quote ---

At that point the startup process stops. But I am able to enter "bsd.rd" and 
the rd-kernel starts. As I am not at home it is not possible to get an internet 
connection thus trying to rerun the upgrade is not possible. But with the 
ramdisk system I am able to mount / and /home and thus able to copy the 
previous bsd.mp to /bsd. Still no luck, just that it now says "... format 
failed(0)."

Interestingly at the boot prompt I can issue a "ls". Beside the usual suspects 
I see after the line for "bsd.rd" the following:
--- quote ---
stat(sr0a:/./sys): No such file or directory
--- end of quote ---

I was able to save a dmesg from the bsd.rd which is attached as txt-file.

I guess once I am back at home having a LAN connection I will be able to rerun 
the upgrade process. Does someone have any idea what I might do until then?

(And Yes - I have a full backup ;-) )

Best,
STEFAN
OpenBSD 6.1-current (RAMDISK_CD) #15: Mon Apr 24 11:04:03 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 17079074816 (16287MB)
avail mem = 16557711360 (15790MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb500 (35 entries)
bios0: vendor American Megatrends Inc. version "1.03.06" date 06/25/2014
bios0: Notebook W65_67SZ
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC FPDT ASF! SSDT SSDT SSDT MCFG HPET SSDT SSDT SSDT 
DMAR
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz, 2594.40 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2594397370 Hz
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (RP01)
acpiprt2 at acpi0: bus 3 (RP03)
acpiprt3 at acpi0: bus 4 (RP04)
acpiprt4 at acpi0: bus 1 (P0P2)
acpiprt5 at acpi0: bus -1 (P0PA)
acpiprt6 at acpi0: bus -1 (P0PB)
acpiprt7 at acpi0: bus 1 (PEG0)
acpiec0 at acpi0
acpicpu at acpi0 not configured
acpitz at acpi0 not configured
"INT3F0D" at acpi0 not configured
"MSFT0001" at acpi0 not configured
"ETD0403" at acpi0 not configured
"PNPC000" at acpi0 not configured
"PNP0C0C" at acpi0 not configured
"PNP0C0E" at acpi0 not configured
"PNP0C0D" at acpi0 not configured
"ACPI0003" at acpi0 not configured
"PNP0C0A" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"INT340E" at acpi0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x06
ppb0 at pci0 dev 1 function 0 "Intel Core 4G PCIE" rev 0x06: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4600" rev 0x06
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel Core 4G HD Audio" rev 0x06 at pci0 dev 3 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x05: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 
addr 1
"Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 8 Series USB" rev 0x05: apic 2 int 16
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
"Intel 8 Series HD Audio" rev 0x05 at pci0 dev 27 function 0 not configured
ppb1 at pci0 dev 28 function 0 "Intel 8 Series PCIE" rev 0xd5
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 2 "Intel 8 Series PCIE" rev 0xd5: msi
pci3 at ppb2 bus 3
iwm0 at pci3 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0xbb, msi
ppb3 at pci0 dev 28 function 3 "Intel 8 Series PCIE" rev 0xd5: msi
pci4 at ppb3 bus 4
rtsx0 at pci4 dev 0 function 0 "Realtek RTL8411 Card Reader" rev

Re: intellij insufficient memory for the JRE to continue

2017-04-25 Thread G 
Thank you for your fast reply.
I solved the problem by changing the stuff class

staff:\
:datasize-cur=infinity:\
:datasize-max=infinity:\
:maxproc-max=512:\
:maxproc-cur=512:\
:ignorenologin:\
:requirehome@:\
:tc=default:
#staff:\
#   :datasize-cur=1536M:\
#   :datasize-max=infinity:\
#   :maxproc-max=512:\
#   :maxproc-cur=256:\
#   :ignorenologin:\
#   :requirehome@:\
#   :tc=default:

I dont like my solution since it change the limit for all the
application im running. I think your solution is better.
Thanks again.

On 04/25/17 13:36, Caspar Schutijser wrote:
> On Tue, Apr 25, 2017 at 01:12:16PM +0300, G wrote:
>> I should add that intellij run as a root without any problems.
>> I tried change the login.conf default values to
>> "
>> default:\
>>:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin
>> /usr/local/sbin:\
>>:umask=022:\
>>:datasize-max=infinity:\
>>:datasize-cur=768M:\
>>:maxproc-max=infinity:\
>>:maxproc-cur=128:\
>>:openfiles-max=1024:\
>>:openfiles-cur=512:\
>>:stacksize-cur=8M:\
>>:localcipher=blowfish,a:\
>>:tc=auth-defaults:\
>>:tc=auth-ftp-defaults:
>> "
>>
>> but it didnt help at all.
> 
> What you could consider for now:
> 
> $ ulimit -d 2048000
> $ intellij
> 
> I have a ${HOME}/bin/intellij which does that for me. Although now that
> I think about it, it is probably better to put that stuff in
> /usr/local/bin/intellij so users of the intellij port don't need to
> do "ulimit -d" themselves. I will work on something (probably I'll
> borrow the mechanism used by the chromium port) and send a diff to
> ports@.  So hopefully soon you won't need to do the "ulimit -d"
> yourself.
> 
> Best regards,
> Caspar Schutijser
>

6.1: Taking carp down or modifying requires netstart of underlying carpdev - expected or not?

2017-04-25 Thread Mathieu Simon (Lists) 
Hi

I've run across an situation which I wanted to dig a bit more to find
out if I'm encountering a known/expected behaviour or not.

In this case a carp interface is configured to have a VLAN interface as
carpdev. On the VLAN interface a couple of static routes are defined.
(see at the end of the message)

* On a 6.1 router I modified the description of hostname.carp5
* ifconfig carp5 destroy
* sh /etc/netstart carp5
Result: Traffic stalled on carp5 to the static routes

What brought it back up was destroying the underlying VLAN interface
first, bring it back up with netstart - and then only netstart was able
to bring the CARP interface backup up to a state where it transfered
packages properly.

I was by surprise by that, but wanted to ask whether or not this was an
expected behaviour. The primary router is currently being upgraded from
an old release as such carp is not yet doing its full job.

I see that /etc/netstart brings up CARP interfaces after bringing up
physical or VLAN interfaces so that works at regular boot.

-- Mathieu

Attached is a somewhat cleansed config of the VLAN and the carp
interface in question:

/etc/hostname.vlan120
inet 192.168.11.3 255.255.255.0 192.168.11.255 vlan 120 vlandev trunk0
!/sbin/route add -net 10.10.1.0/24 192.168.11.4 # removed1
!/sbin/route add -net 10.10.2.0/24 192.168.11.4 # removed2
descr "AnyDescription"

/etc/hostname.carp5
inet 192.168.11.1 255.255.255.0 192.168.11.255 vhid 29 carpdev vlan120
pass FF advskew 100
inet6 2001:111:1:111::1/64
descr "CarpDescription"

Re: intellij insufficient memory for the JRE to continue

2017-04-25 Thread Caspar Schutijser 
On Tue, Apr 25, 2017 at 01:12:16PM +0300, G wrote:
> I should add that intellij run as a root without any problems.
> I tried change the login.conf default values to
> "
> default:\
>:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin
> /usr/local/sbin:\
>:umask=022:\
>:datasize-max=infinity:\
>:datasize-cur=768M:\
>:maxproc-max=infinity:\
>:maxproc-cur=128:\
>:openfiles-max=1024:\
>:openfiles-cur=512:\
>:stacksize-cur=8M:\
>:localcipher=blowfish,a:\
>:tc=auth-defaults:\
>:tc=auth-ftp-defaults:
> "
> 
> but it didnt help at all.

What you could consider for now:

$ ulimit -d 2048000
$ intellij

I have a ${HOME}/bin/intellij which does that for me. Although now that
I think about it, it is probably better to put that stuff in
/usr/local/bin/intellij so users of the intellij port don't need to
do "ulimit -d" themselves. I will work on something (probably I'll
borrow the mechanism used by the chromium port) and send a diff to
ports@. So hopefully soon you won't need to do the "ulimit -d"
yourself.

Best regards,
Caspar Schutijser

Re: WARNING: symbol(icudt58_dat) size mismatch, relink your program

2017-04-25 Thread Stuart Henderson 
On 2017-04-20, Predrag Punosevac  wrote:
> Sorry for the noise. Did anybody try to use slappasswd after upgrading
> from 6.0 to 6.1 (amd64). I get 
>
> slappasswd:/usr/local/lib/libicuuc.so.12.0:
> /usr/local/lib/libicudata.so.12.0 : WARNING: symbol(icudt58_dat) size
> mismatch, relink your program
>
> I tried reinstalling openldap-server-2.4.44p3 which I only keep around.
> I actually use ldapd from the base.

You aren't doing anything wrong to trigger it. Known problem but we
haven't figured out the cause of this yet.

Re: acme-client(1) and http_proxy

2017-04-25 Thread Stuart Henderson 
On 2017-04-25, Adam Thompson  wrote:
> By definition, you will (probably) not be able to use the ACME
> protocol - it only works (normally) when your system is connected
> directly to the public internet with a static IP address.
> 
> Simply because you say "behind a corporate firewall", I already know
> (or at least assume) that ACME will not work for you, ever.
>
> ACME, and LetsEncrypt, only handles public websites. There are ways
> around this, but they are painful and likely not worthwhile - it
> *will* be cheaper to just buy a regular SSL certificate than to get a
> LetsEncrypt certificate for an internal server.

Fake news :)

Firstly, with dns-01 challenge you can get a certificate for a server
which doesn't allow external access at all (the request and challenge
can be done with completely separate machines than the certificate
is for).

Secondly, some environments permit inbound connections but require
a proxy for outbound access from a DMZ. In a hosting environment,
restricting outbound access is often more important than inbound.

Re: acme-client(1) and http_proxy

2017-04-25 Thread Stuart Henderson 
On 2017-04-21, Manuel Giraud  wrote:
> Hi,
>
> I'm trying to use the new acme-client on a server behind a corporate
> proxy (i.e. I have to set a http_proxy to get out). It seems (from
> reading the code) that acme-client(1) does not honor http_proxy.
>
> Is this on purpose? If so, can someone point me to another acme client
> that does this?

Most other acme clients do work through a proxy - use whatever fits your
needs best..

Re: intellij insufficient memory for the JRE to continue

2017-04-25 Thread G 
I should add that intellij run as a root without any problems.
I tried change the login.conf default values to
"
default:\
   :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin
/usr/local/sbin:\
   :umask=022:\
   :datasize-max=infinity:\
   :datasize-cur=768M:\
   :maxproc-max=infinity:\
   :maxproc-cur=128:\
   :openfiles-max=1024:\
   :openfiles-cur=512:\
   :stacksize-cur=8M:\
   :localcipher=blowfish,a:\
   :tc=auth-defaults:\
   :tc=auth-ftp-defaults:
"

but it didnt help at all.

On 04/25/17 10:36, G wrote:
> Hello
> I get the following message
> 
> $ intellij
> 
> #
> # There is insufficient memory for the Java Runtime Environment to continue.
> # Native memory allocation (malloc) failed to allocate 1157856 bytes for
> Chunk::new
> # An error report file with more information is saved as:
> # /home/gpdsb/java_error_in_IDEA_14178.log
> [thread 5886559909432 also had an error]
> [thread 5886559908920 also had an error]
> #
> # Compiler replay data is saved as:
> # /home/gpdsb/replay_pid14178.log
> $
> 
> 
> java_error_in_IDEA_14178.log
> 
> #
> # There is insufficient memory for the Java Runtime Environment to continue.
> # Native memory allocation (malloc) failed to allocate 1157856 bytes for
> Chunk::new
> # Possible reasons:
> #   The system is out of physical RAM or swap space
> #   In 32 bit mode, the process size limit was hit
> # Possible solutions:
> #   Reduce memory load on the system
> #   Increase physical memory or swap space
> #   Check if swap backing store is full
> #   Use 64 bit Java on a 64 bit OS
> #   Decrease Java heap size (-Xmx/-Xms)
> #   Decrease number of Java threads
> #   Decrease Java thread stack sizes (-Xss)
> #   Set larger code cache with -XX:ReservedCodeCacheSize=
> # This output file may be truncated or incomplete.
> #
> #  Out of Memory Error (allocation.cpp:390), pid=14178,
> tid=0x055a92500238
> #
> # JRE version: OpenJDK Runtime Environment (8.0_121-b13) (build
> 1.8.0_121-b13)
> # Java VM: OpenJDK 64-Bit Server VM (25.121-b13 mixed mode bsd-amd64
> compressed oops)
> # Core dump written. Default location: /home/gpdsb/java.core
> #
> 
> ---  T H R E A D  ---
> 
> Current thread (0x055a920bf800):  JavaThread "C2 CompilerThread1"
> daemon [_thread_in_native, id=354494,
> stack(0x055a6a6cb000,0x055a6a7cb000)]
> 
> Stack: [0x055a6a6cb000,0x055a6a7cb000],  sp=0x055a6a7c6fd0,
> free space=1007k
> Native frames: (J=compiled Java code, j=interpreted, Vv=VM code,
> C=native code)
> V  [libjvm.so+0x8ff938]  JVM_handle_bsd_signal+0x1ac658
> V  [libjvm.so+0x8ffb67]  JVM_handle_bsd_signal+0x1ac887
> V  [libjvm.so+0x2ff49e]  +0x2fe3fe
> V  [libjvm.so+0xeeb04]  +0xeda64
> V  [libjvm.so+0xeede6]  +0xedd46
> V  [libjvm.so+0x41bfb0]  AsyncGetCallTrace+0x9b1b0
> V  [libjvm.so+0x21cacd]  +0x21ba2d
> V  [libjvm.so+0x2aa3ff]  +0x2a935f
> V  [libjvm.so+0x2acdfa]  +0x2abd5a
> V  [libjvm.so+0x2019aa]  +0x20090a
> V  [libjvm.so+0x2b3a8b]  +0x2b29eb
> V  [libjvm.so+0x2b874c]  +0x2b76ac
> V  [libjvm.so+0x896ac8]  JVM_handle_bsd_signal+0x1437e8
> V  [libjvm.so+0x7507f3]  JVM_RaiseSignal+0x220fc3
> C  [libpthread.so.23.0+0x40ce]  pthread_join+0x11e
> 
> 
> Current CompileTask:
> C2:  39148 11544   4
> net.n3.nanoxml.StdXMLParser::processElement (1182 bytes)
> 
> 
> ---  P R O C E S S  ---
> 
> Java Threads: ( => current thread )
>   0x055b24b09800 JavaThread "ApplicationImpl pooled thread 8"
> [_thread_blocked, id=234283, stack(0x055ac2868000,0x055ac2968000)]
>   0x055b0f645800 JavaThread "ApplicationImpl pooled thread 7"
> [_thread_in_vm, id=240050, stack(0x055ac750d000,0x055ac760d000)]
>   0x055abd7cf800 JavaThread "ApplicationImpl pooled thread 6"
> [_thread_in_Java, id=202837, stack(0x055a672db000,0x055a673db000)]
>   0x055acb3cb800 JavaThread "ApplicationImpl pooled thread 5"
> [_thread_in_vm, id=613111, stack(0x055a44b89000,0x055a44c89000)]
>   0x055a6518c800 JavaThread "ApplicationImpl pooled thread 4"
> [_thread_in_native, id=572958, stack(0x055ab79b2000,0x055ab7ab2000)]
>   0x055ab9946800 JavaThread "ApplicationImpl pooled thread 3"
> [_thread_blocked, id=287115, stack(0x055a78741000,0x055a78841000)]
>   0x055af775b800 JavaThread "TimerQueue" daemon [_thread_blocked,
> id=221172, stack(0x055a5ab93000,0x055a5ac93000)]
>   0x055aea0dd800 JavaThread "ApplicationImpl pooled thread 2"
> [_thread_in_native, id=398869, stack(0x055b1671b000,0x055b1681b000)]
>   0x055ae82f3800 JavaThread "ApplicationImpl pooled thread 1"
> [_thread_in_native, id=323786, stack(0x055a8cc96000,0x055a8cd96000)]
>   0x055ae5de7800 JavaThread "Periodic tasks thread"
> [_thread_blocked, id=107005, stack(0x055ab21d1000,0x055ab22d1000)]
>   0x055afda85800 JavaThread "AWT-EventQueue-0
> 2016.3.5#IC-163.13906.18 IDEA, eap:false, os:OpenBSD 6.1,
>

Re: dnsmasq not working on OpenBSD 6.1

2017-04-25 Thread Stuart Henderson 
On 2017-04-25, Edgar Pettijohn  wrote:
>
>
> On 04/24/17 19:27, Martin Hanson wrote:
>> Hi
>>
>> I have successfully setup unbound on OpenBSD 6.1 and I can query it.
>>
>> In the same setup I have tested dnsmasq, but it almost seems broken on 
>> OpenBSD 6.1.
>>
>> I have disabled unbound and confirmed nothing is running on port 53 using 
>> netstat.
>>
>> Then I have installed dnsmasq from packages and set the dnsmasq.conf file as 
>> follows:
>>
>> 
>> listen-address=127.0.0.1
>>
>> address=/foobar/10.0.0.1
>>
>> server=8.8.8.8
>> 
>>
>> This is just a dummy setup for testing.
>>
>> In /etc/resolv.conf I have (as with unbound):
>>
>> nameserver 127.0.0.1
>>
>> I have then started dnsmasq with:
>>
>> /etc/rc.d/dnsmasq start
>>
>> And I have confirmed it's running on port 53 using netstat.
>>
>> No matter what I do dnsmasq doesn't respond to the query.
>>
>> 
>> # dig foobar
>>
>> ; <<>> DiG 9.4.2-P2 <<>> foobar
>> ;; global options:  printcmd
>> ;; connection timed out; no servers could be reached
>> 
>>
>> What am I missing? Is dnsmasq broken on OpenBSD 6.1?
>>
>> Kind regards
> rcctl set dnsmasq flags -z
> rcctl restart dnsmasq
>
> https://marc.info/?l=openbsd-misc=149229238014661=2
>
>

Or use the version in -stable ports which has a workaround.

Re: Need some pointers regarding ELF

2017-04-25 Thread Stuart Henderson 
On 2017-04-25, Peter J. Philipp  wrote:
> Hi,
>
> In the past I've been examining signed binaries in the OpenBSD system. 
> I wrote some kernel code for this, but I'm stuck before it got good.  In
> particular the problem I have is adding an ELF header to a compiled
> binary.  So I want to ask the pros first:  what areas must I modify to
> get a compiled result that has an extra ELF header.  I've been modifying
> binutils and binutils-2.17 but didn't strike gold there.  Also finding
> literature on how to deal with this is *very* hard.  There is a book
> from 1998 or something which is probably not up-to-date anymore, 19
> years have passed.  I also found a patch by matt dempsky online which
> does the randomize stuff, but that didn't help me much either.

I'd look at the wxneeded commits around 2016/05/28. github mirror is
probably thd easiest way to find them.

Need some pointers regarding ELF

2017-04-25 Thread Peter J. Philipp 
Hi,

In the past I've been examining signed binaries in the OpenBSD system. 
I wrote some kernel code for this, but I'm stuck before it got good.  In
particular the problem I have is adding an ELF header to a compiled
binary.  So I want to ask the pros first:  what areas must I modify to
get a compiled result that has an extra ELF header.  I've been modifying
binutils and binutils-2.17 but didn't strike gold there.  Also finding
literature on how to deal with this is *very* hard.  There is a book
from 1998 or something which is probably not up-to-date anymore, 19
years have passed.  I also found a patch by matt dempsky online which
does the randomize stuff, but that didn't help me much either.

Thanks!

-peter

intellij insufficient memory for the JRE to continue

2017-04-25 Thread G 
Hello
I get the following message

$ intellij

#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (malloc) failed to allocate 1157856 bytes for
Chunk::new
# An error report file with more information is saved as:
# /home/gpdsb/java_error_in_IDEA_14178.log
[thread 5886559909432 also had an error]
[thread 5886559908920 also had an error]
#
# Compiler replay data is saved as:
# /home/gpdsb/replay_pid14178.log
$


java_error_in_IDEA_14178.log

#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (malloc) failed to allocate 1157856 bytes for
Chunk::new
# Possible reasons:
#   The system is out of physical RAM or swap space
#   In 32 bit mode, the process size limit was hit
# Possible solutions:
#   Reduce memory load on the system
#   Increase physical memory or swap space
#   Check if swap backing store is full
#   Use 64 bit Java on a 64 bit OS
#   Decrease Java heap size (-Xmx/-Xms)
#   Decrease number of Java threads
#   Decrease Java thread stack sizes (-Xss)
#   Set larger code cache with -XX:ReservedCodeCacheSize=
# This output file may be truncated or incomplete.
#
#  Out of Memory Error (allocation.cpp:390), pid=14178,
tid=0x055a92500238
#
# JRE version: OpenJDK Runtime Environment (8.0_121-b13) (build
1.8.0_121-b13)
# Java VM: OpenJDK 64-Bit Server VM (25.121-b13 mixed mode bsd-amd64
compressed oops)
# Core dump written. Default location: /home/gpdsb/java.core
#

---  T H R E A D  ---

Current thread (0x055a920bf800):  JavaThread "C2 CompilerThread1"
daemon [_thread_in_native, id=354494,
stack(0x055a6a6cb000,0x055a6a7cb000)]

Stack: [0x055a6a6cb000,0x055a6a7cb000],  sp=0x055a6a7c6fd0,
free space=1007k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code,
C=native code)
V  [libjvm.so+0x8ff938]  JVM_handle_bsd_signal+0x1ac658
V  [libjvm.so+0x8ffb67]  JVM_handle_bsd_signal+0x1ac887
V  [libjvm.so+0x2ff49e]  +0x2fe3fe
V  [libjvm.so+0xeeb04]  +0xeda64
V  [libjvm.so+0xeede6]  +0xedd46
V  [libjvm.so+0x41bfb0]  AsyncGetCallTrace+0x9b1b0
V  [libjvm.so+0x21cacd]  +0x21ba2d
V  [libjvm.so+0x2aa3ff]  +0x2a935f
V  [libjvm.so+0x2acdfa]  +0x2abd5a
V  [libjvm.so+0x2019aa]  +0x20090a
V  [libjvm.so+0x2b3a8b]  +0x2b29eb
V  [libjvm.so+0x2b874c]  +0x2b76ac
V  [libjvm.so+0x896ac8]  JVM_handle_bsd_signal+0x1437e8
V  [libjvm.so+0x7507f3]  JVM_RaiseSignal+0x220fc3
C  [libpthread.so.23.0+0x40ce]  pthread_join+0x11e


Current CompileTask:
C2:  39148 11544   4
net.n3.nanoxml.StdXMLParser::processElement (1182 bytes)


---  P R O C E S S  ---

Java Threads: ( => current thread )
  0x055b24b09800 JavaThread "ApplicationImpl pooled thread 8"
[_thread_blocked, id=234283, stack(0x055ac2868000,0x055ac2968000)]
  0x055b0f645800 JavaThread "ApplicationImpl pooled thread 7"
[_thread_in_vm, id=240050, stack(0x055ac750d000,0x055ac760d000)]
  0x055abd7cf800 JavaThread "ApplicationImpl pooled thread 6"
[_thread_in_Java, id=202837, stack(0x055a672db000,0x055a673db000)]
  0x055acb3cb800 JavaThread "ApplicationImpl pooled thread 5"
[_thread_in_vm, id=613111, stack(0x055a44b89000,0x055a44c89000)]
  0x055a6518c800 JavaThread "ApplicationImpl pooled thread 4"
[_thread_in_native, id=572958, stack(0x055ab79b2000,0x055ab7ab2000)]
  0x055ab9946800 JavaThread "ApplicationImpl pooled thread 3"
[_thread_blocked, id=287115, stack(0x055a78741000,0x055a78841000)]
  0x055af775b800 JavaThread "TimerQueue" daemon [_thread_blocked,
id=221172, stack(0x055a5ab93000,0x055a5ac93000)]
  0x055aea0dd800 JavaThread "ApplicationImpl pooled thread 2"
[_thread_in_native, id=398869, stack(0x055b1671b000,0x055b1681b000)]
  0x055ae82f3800 JavaThread "ApplicationImpl pooled thread 1"
[_thread_in_native, id=323786, stack(0x055a8cc96000,0x055a8cd96000)]
  0x055ae5de7800 JavaThread "Periodic tasks thread"
[_thread_blocked, id=107005, stack(0x055ab21d1000,0x055ab22d1000)]
  0x055afda85800 JavaThread "AWT-EventQueue-0
2016.3.5#IC-163.13906.18 IDEA, eap:false, os:OpenBSD 6.1,
java-version:Oracle Corporation 1.8.0_121-b13" [_thread_blocked,
id=171730, stack(0x055a7ccf8000,0x055a7cdf8000)]
  0x055a837d8800 JavaThread "AWT-Shutdown" [_thread_blocked,
id=257766, stack(0x055a38ca3000,0x055a38da3000)]
  0x055a63330800 JavaThread "Timer-0" daemon [_thread_blocked,
id=130507, stack(0x055b2d218000,0x055b2d318000)]
  0x055a5668b800 JavaThread "Netty Builtin Server 1"
[_thread_in_native, id=124528, stack(0x055ad2417000,0x055ad2517000)]
  0x055ad8932800 JavaThread "process reaper" daemon
[_thread_blocked, id=554075, stack(0x055a934e,0x055a93508000)]
  0x055ab13d4800 JavaThread "DestroyJavaVM" [_thread_blocked,
id=369898, stack(0x055b24cf7000,0x055b24df7000)]
  0x055a5c07e800 JavaThread "AWT-XAWT" daemon