Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied

[Philip Guenther]

On Wed, 27 Sep 2017, Theodore Wynnychenko wrote:
...
> Thank you for the information.  I removed the “noexec” flag from fstab 
> and the error has disappeared.
> 
> But, I am also surprised by the requirement that /tmp _not_ be mounted 
> noexec for this to function correctly.  I recall reading that it was 
> best to mount filesystems with the most restrictive settings possible 
> for that specific filesystem, and that /tmp should be mounted with 
> (essentially) nothing set (ie: nodev, nosuid, noexec).
> 
> Am I incorrect or has something changed in this regard?
>
> It seems to me that, as a general rule, making /tmp noexec is a good 
> thing from a security standpoint; but I admit that I don’t know enough 
> about this to be sure.
> 
> Anyway, I just added a line to rc.local to remount temp as noexec at the 
> end of the boot so that rc would work without errors and that /tmp is 
> noexec once the system is up.

To quote a co-worker: "What problem are you trying to solve?"
Or, in this case: What attack/threat vector are you trying to block?

What on your system is running with (a) ability to exec (think pledge(2)), 
*and* (b) access to /tmp but *without* write access to other directories 
(like $HOME) that aren't mounted noexec?

If the answer is "nothing", then marking /tmp as noexec is only annoying 
you.


Philip Guenther

Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied

[Theodore Wynnychenko]

On Sep 25, 2017, at 9:31 PM, Philip Guenther  wrote:

On Mon, 25 Sep 2017, Theodore Wynnychenko wrote:



I noticed this message in the dmesg after updating -current yesterday.



I am not sure what it means.



There is no file "test-ld.so" anywhere on the system that I can find.

I also see that it appears this part of rc was just committed in the

last few weeks.



Why is this happening, and is there anything that I should do to correct

the "Permission denied" error?



It means that after /etc/rc had built a new ld.so, when it tried to test
it by running the test-ld.so program (which is packaged inside
/usr/libdata/ld.so.a), it failed with that error, EACCES.

My guess is that you're hitting this:

[EACCES]   The new process file is on a filesystem mounted with
   execution disabled (MNT_NOEXEC in ).

If you're mounting /tmp with the noexec flag, then stop doing that.


Philip Guenther





Thank you for the information.  I removed the “noexec” flag from fstab and the 
error has disappeared.



But, I am also surprised by the requirement that /tmp _not_ be mounted noexec 
for this to function correctly.  I recall reading that it was best to mount 
filesystems with the most restrictive settings possible for that specific 
filesystem, and that /tmp should be mounted with (essentially) nothing set (ie: 
nodev, nosuid, noexec).



Am I incorrect or has something changed in this regard?



It seems to me that, as a general rule, making /tmp noexec is a good thing from 
a security standpoint; but I admit that I don’t know enough about this to be 
sure.



Anyway, I just added a line to rc.local to remount temp as noexec at the end of 
the boot so that rc would work without errors and that /tmp is noexec once the 
system is up.



Is that bad?



Thanks



---
This email has been checked for viruses by AVG.
http://www.avg.com

Re: regarding the default path for pkg_add in -current

[Daniel Jakots]

On Wed, 27 Sep 2017 20:57:10 -0600, and...@quickstick.net wrote:

> Also, after login, pkg_add is very determined to use to the same 
> ../6.2/.. directory path. For the benefit of others who might find 
> themselves in the same spot, the workaround is to use the full path 
> while using pkg_add. 

A better solution is to use pkg_add -Dsnap

Cheers,
Daniel

Re: regarding the default path for pkg_add in -current

[Philip Guenther]

On Wed, Sep 27, 2017 at 7:57 PM,  wrote:

> Regarding GENERIC.MP #115
>
> I have a feeling you are about to roll into 6.2, however I just want to
> bring the following to your attention in case it matters.
>
> I just did a clean install of -current using the bsd.rd dated 2017-09-27.
> Within the install sequence of questions, the default download path has
> been hardcoded to ../6.2/... as opposed to ../snapshots/..
>
> I manually changed it to ../snapshots/ and it installed as expected.
> Also, after login, pkg_add is very determined to use to the same ../6.2/..
> directory path. For the benefit of others who might find themselves in the
> same spot, the workaround is to use the full path while using pkg_add.
>  <...>


Instead of using a full path, does invoking pkg_add with the option -Dsnap
result in the desired behavior?


Philip Guenther

regarding the default path for pkg_add in -current

[andrew]

Hello Folks !!

Regarding GENERIC.MP #115

I have a feeling you are about to roll into 6.2, however I just want 
to bring the following to your attention in case it matters.


I just did a clean install of -current using the bsd.rd dated 
2017-09-27. Within the install sequence of questions, the default 
download path has been hardcoded to ../6.2/... as opposed to 
../snapshots/..


I manually changed it to ../snapshots/ and it installed as expected. 

Also, after login, pkg_add is very determined to use to the same 
../6.2/.. directory path. For the benefit of others who might find 
themselves in the same spot, the workaround is to use the full path 
while using pkg_add. In my case, it is:


$ doas pkg_add \ 
https://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/pkgname


---

It looks like another great release is around the corner and as 
always I want to take the opportunity to thank Theo for his 
dedicated leadership and to all the past and present devs who make 
OpenBSD so special. Cheers !!!

Re: softraid crypto with keydisk and password

[Erling Westenvik]

On Thu, Sep 28, 2017 at 09:11:49AM +1000, tomr wrote:
> I remember seeing a post, I think on undeadly.org, which went through
> having the bootloader on password-encrypted usb drive, that also
> contains a keyfile for the main disk. It said something like "I also
> wanted the laptop to appear broken, and the disk full of random data, if
> the usb drive wasn't present - rather than stopping at a password prompt"

Here you go:

http://www.undeadly.org/cgi?action=article=20110530221728

Cheers,
Erling

>
> There's something similar in the comments here from @mcbride
> https://undeadly.org/cgi?action=article=20131112031806
>
> But now an hour or so of searching fails to turn it up. Could anyone
> share some clues on how to go about this?

--
Erling Westenvik

Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?

[Stéphane Aulery]

Le 27/09/2017 à 17:24, Stefan Sperling a écrit :

On Wed, Sep 27, 2017 at 04:11:45PM +0200, Kamil Cholewiński wrote:

On Wed, 27 Sep 2017, Francois Pussault  wrote:

maybe installing a tool like xrandr ?


Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4),
wsconscfg(8), wsconsctl(8), nothing about rotation...


In -current, the console is rotated counter-clockwise if the display
isn't already upright:
https://marc.info/?l=openbsd-cvs=150266331224832=2
https://marc.info/?l=openbsd-cvs=150300131911666=2

This behaviour is hard-coded and cannot be configured. It helps machines which
need counter-clockwise rotation, but is not ideal because some machines need
clockwise rotation instead. There are plans to auto-detect and use the correct
rotation required in the future.


And if I use a monitor in portrait orientation ?

--
Stéphane Aulery

softraid crypto with keydisk and password

[tomr]

I remember seeing a post, I think on undeadly.org, which went through
having the bootloader on password-encrypted usb drive, that also
contains a keyfile for the main disk. It said something like "I also
wanted the laptop to appear broken, and the disk full of random data, if
the usb drive wasn't present - rather than stopping at a password prompt"

There's something similar in the comments here from @mcbride
https://undeadly.org/cgi?action=article=20131112031806

But now an hour or so of searching fails to turn it up. Could anyone
share some clues on how to go about this?

tia,
tom

Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0

[Wolfgang Link]

It looks like a KVM bug, which I can cover on a span of commits.

This are commits form the Linux stable repository.
gitk 
bb3dd056ed1af9b186f0d9fe849eab78c51d14ce..813ae37e6aed72cc457094b6066aa38efd66c9e9

What is certainly safe in any case, it will affect all KVM hosted OpenBSD with 
a kernel which is newer than 4.9.

Re: relayd: high CPU usage by one or two proc. of many

[Maxim Bourmistrov]

My intention with this mail is to gather more qualitative help
to, hopefully, ever solve this or to have more info so it can be provided 
to someone whom can solve this, if it is a bug.

What I know for sure is that those boxes (dual-node setup) are exposed to a 
large HTTP PUT/POST requests.
Large does not means ”put a 1G-sized stream”. Text it is.

Of cause it is not a bug report.
No info, if any, states this.

Let’s see what I can gather more with fstat.
Thanks.

Br
Maxim



> 27 sep. 2017 kl. 20:51 skrev Theo de Raadt :
> 
> This probably means the process has run out of file descriptors.
> fstat might expose what is going on.  If that's the case, roll your
> sleeves up and study the code.  As usual, the circumstances that
> create this event are not being completely documented - I MEAN, what
> I'm seeing here isn't a bug report including a configuration file
> that reliably reproduces it.

Re: relayd: high CPU usage by one or two proc. of many

[Theo de Raadt]

> >> ktrace gives me following:
> >> 4013 relayd   CALL  getdtablecount()
> >>  4013 relayd   RET   getdtablecount 101/0x65
> >>  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
> >>  4013 relayd   STRU  struct rlimit { cur=3D65536, max=3D65536 }
> >>  4013 relayd   RET   getrlimit 0
> >>  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
> >>  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
> >>  4013 relayd   CALL  getdtablecount()
> >>  4013 relayd   RET   getdtablecount 101/0x65
> >>  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
> >>  4013 relayd   STRU  struct rlimit { cur=3D65536, max=3D65536 }
> >>  4013 relayd   RET   getrlimit 0
> >>  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
> >>  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
> >>  4013 relayd   CALL  getdtablecount()
> >>  4013 relayd   RET   getdtablecount 101/0x65
> >>  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
> >>  4013 relayd   STRU  struct rlimit { cur=3D65536, max=3D65536 }
> >>  4013 relayd   RET   getrlimit 0
> >>  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
> >>  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable

This probably means the process has run out of file descriptors.
fstat might expose what is going on.  If that's the case, roll your
sleeves up and study the code.  As usual, the circumstances that
create this event are not being completely documented - I MEAN, what
I'm seeing here isn't a bug report including a configuration file
that reliably reproduces it.

Re: relayd: high CPU usage by one or two proc. of many

[Maxim Bourmistrov]

Hey,
had to bring this up again as I’m facing the same problem.
Exactly with the same ’error 35’ in trace.
This time it is a 6.0-stable.

Anything else can be done to track this down?

Br
Maxim

> 24 feb. 2016 kl. 10:53 skrev Stuart Henderson :
> 
> On 2016-02-24, mxb > 
> wrote:
>> Hey,
>> I have a strange behavior of relayd running on 5.8.
>> This machine almost exclusively terminates TLS traffic.
>> Exceptions are forwards which are in backup state (listen on CARP).
>> 
>> Some times one or two relayd processes out of many consumes a lot of CPU
>> and stays like this until I restart relayd.
> 
>> ktrace gives me following:
>> 4013 relayd   CALL  getdtablecount()
>>  4013 relayd   RET   getdtablecount 101/0x65
>>  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
>>  4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
>>  4013 relayd   RET   getrlimit 0
>>  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
>>  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
>>  4013 relayd   CALL  getdtablecount()
>>  4013 relayd   RET   getdtablecount 101/0x65
>>  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
>>  4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
>>  4013 relayd   RET   getrlimit 0
>>  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
>>  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
>>  4013 relayd   CALL  getdtablecount()
>>  4013 relayd   RET   getdtablecount 101/0x65
>>  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
>>  4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
>>  4013 relayd   RET   getrlimit 0
>>  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
>>  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
>> 
>> Human readable file after kdump is filled with those lines.
>> This as far of my understanding is about limit of openfiles.
> 
> It's not files; errno 35 is EAGAIN - it is likely that this was
> fixed in -current (2015/12/05).

Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?

[tinkr]

> On Wed, Sep 27, 2017 at 10:31:22AM -, ti...@openmailbox.org wrote:
>>  probing: pc0 mem[572K 56K 495M 1455M 5M 6144M]
>>  disk: hd0* hd1* hd2 sr0*
>>  >> OpenBSD/amd64 BOOTX64 3.32
>>  open(hd0a:/etc/boot.conf): Invalid Argument
>>  boot>
>> 
>> 
>> This error may be because OpenBSD creating "boot.conf" within the FAT32 EFI 
>> system boot volume actually crates "bo~1.con", which is not resolved as 
>> "boot.conf" by OpenBSD's BOOTX64 EFI loader program? -
> 
> boot.conf has nothing to do with it.
> softraid boot is handled independently from boot.conf.
> 
>> How do I instruct BOOTX64 to boot from sr0a:/boot ?
> 
> What's odd is that you have a bootable sr0 but the boot loader still
> tries hd0 instead. That looks like a bug. Usually sr0 should be tried
> in this situation.
>  
> I don't know the solution. Perhaps try re-running installboot?
> 
> FWIW, this all works fine for me on a thinkpad helix2.

Hi Stefan,

I first tried booting the machine (by typing "boot sr0a:/bsd" in the boot 
console of course), and doing "installboot -v sd0". It says:

 Using / as root
 installing bootstrap on /dev/rsd0c
 using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
 copying /usr/mdec/BOOTIA32.EFI to 
/tmp/installboot.MjdT8BAY8o/efi/BOOT/BOOTIA32.EFI
 copying /usr/mdec/BOOTIX64.EFI to 
/tmp/installboot.MjdT8BAY8o/efi/BOOT/BOOTIX64.EFI


..and after rebooting the machine, booting was still not automatic.

I then booted the machine (by typing "boot sr0a:/bsd" in the boot console again 
of course) and did "installboot -v sd1", and it gave:

 Using / as root
 installing bootstrap on /dev/rsd0c
 using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
 sd1: softraid volume with 1 disk(s)
 sd1: installing boot loader on softraid volume
 /usr/mdec/boot is 6 blocks x 16384 bytes
 copying /usr/mdec/BOOTIA32.EFI to 
/tmp/installboot.1lt1hgtQYa/efi/BOOT/BOOTIA32.EFI
 copying /usr/mdec/BOOTIX64.EFI to 
/tmp/installboot.1lt1hgtQYa/efi/BOOT/BOOTIX64.EFI

Rebooting, that also did not help.

I tried with "fdisk -e sd1" and disabling the 1 (EFI) partition by setting its 
type to 0 (so that installboot would not try to install any EFI files to sd1i) 
and then doing "installboot sd1", and that did not help too.

What am I doing wrong, are there actually any installboot arguments that could 
help me make it work?


Would I need to add some debug output lines to installboot? Actually, it would 
be nice if installboot's verbose mode would clarify which configuration the 
boot code is actually set up with, so the user is a bit more saved from the 
wild-guessing-by-a-large-number-of-reboots-hoping-for-the-best kind of method 
I'm refered to right now. Please let me know what I should do now to fix it -

Thanks,
Tinker

Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?

[tinkr]

> On Wed, Sep 27, 2017 at 04:11:45PM +0200, Kamil Cholewiński wrote:
>> On Wed, 27 Sep 2017, Francois Pussault  wrote:
>> > maybe installing a tool like xrandr ?
>> 
>> Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4),
>> wsconscfg(8), wsconsctl(8), nothing about rotation...
> 
> In -current, the console is rotated counter-clockwise if the display
> isn't already upright:
> https://marc.info/?l=openbsd-cvs=150266331224832=2
> https://marc.info/?l=openbsd-cvs=150300131911666=2
> 
> This behaviour is hard-coded and cannot be configured. It helps machines which
> need counter-clockwise rotation, but is not ideal because some machines need
> clockwise rotation instead. There are plans to auto-detect and use the correct
> rotation required in the future.

How could the display know that it's rotated, from that the width < the height, 
in a world of landscape-only displays?

Re: Installer hangs - "already acking lease"

[Todd]

https://github.com/openbsd/src/commits/master/usr.sbin/dhcpd

Maybe one of the few changes to dhcpd in the last few months?

On Wed, Sep 27, 2017 at 10:09 AM, Eivind Eide  wrote:

> > Can you post the dmesg?
>
> Yes. And more. Full output from sendbug below.
>
> > Does 6.0 or 6.1 release work?
>
> Yes and yes.
>
>
> >Synopsis:dhclient in 6.2 snapshot bsd.rd installer hangs
> >Category:system upgrade
> >Environment:
> System  : OpenBSD 6.1
> Details : OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
>  dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/
> GENERIC
>
> Architecture: OpenBSD.i386
> Machine : i386
> >Description:
>
> >How-To-Repeat:
>
> >Fix:
>
>
>
> dmesg:
> OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Pentium(R) 4 Mobile CPU 1.80GHz ("GenuineIntel"
> 686-class) 1.80 GHz
> cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,
> PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PERF
> real mem  = 2146852864 (2047MB)
> avail mem = 2093019136 (1996MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: date 05/15/03, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev.
> 2.3 @ 0xf7690 (61 entries)
> bios0: vendor Dell Computer Corporation version "A09" date 05/15/2003
> bios0: Dell Computer Corporation Latitude C640
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP
> acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) UAR1(S3) USB0(S1)
> USB1(S1) USB2(S1) MODM(S3) PCIE(S3) MPCI(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (AGP_)
> acpiprt2 at acpi0: bus 2 (PCIE)
> acpiprt3 at acpi0: bus -1 (MPCI)
> acpipwrres0 at acpi0: PADA, resource for ADPT
> acpitz0 at acpi0: critical temperature is 99 degC
> acpiac0 at acpi0: AC unit online
> acpibat0 at acpi0: BAT0 model "LIP8120DLP" serial 5184 type LION oem
> "Sony Corp."
> acpibat1 at acpi0: BAT1 not present
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: PBTN
> acpibtn2 at acpi0: SBTN
> "PNP0F13" at acpi0 not configured
> "PNP0303" at acpi0 not configured
> "PNP0700" at acpi0 not configured
> "PNP0501" at acpi0 not configured
> "PNP0401" at acpi0 not configured
> acpidock0 at acpi0: GDCK not docked (0)
> acpivideo0 at acpi0: VID_
> bios0: ROM list: 0xc/0xf000 0xcf000/0x800! 0xcf800/0x800!
> cpu0 at mainbus0: (uniprocessor)
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
> intelagp0 at pchb0
> agp0 at intelagp0: aperture at 0xe800, size 0x400
> ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
> pci1 at ppb0 bus 1
> radeondrm0 at pci1 dev 0 function 0 "ATI Radeon Mobility M7" rev 0x00
> drm0 at radeondrm0
> radeondrm0: irq 11
> uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11
> ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
> pci2 at ppb1 bus 2
> xl0 at pci2 dev 0 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq
> 11, address 00:08:74:48:40:d6
> exphy0 at xl0 phy 24: 3Com internal media interface
> cbb0 at pci2 dev 1 function 0 "TI PCI1420 CardBus" rev 0x00: irq 11
> cbb1 at pci2 dev 1 function 1 "TI PCI1420 CardBus" rev 0x00: irq 11
> ath0 at pci2 dev 3 function 0 "Atheros AR2413" rev 0x01: irq 11
> ath0: AR2413 7.8 phy 4.5 rf 5.6 eeprom 5.2, WOR3W, address
> 00:16:cf:53:07:71
> cardslot0 at cbb0 slot 0 flags 0
> cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20
> pcmcia0 at cardslot0
> cardslot1 at cbb1 slot 1 flags 0
> cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20
> pcmcia1 at cardslot1
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02
> pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA,
> channel 0 configured to compatibility, channel 1 configured to
> compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus1 at atapiscsi0: 2 targets
> cd0 at scsibus1 targ 0 lun 0:  ATAPI
> 5/cdrom removable
> cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
> auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97" rev 0x02: irq
> 11, ICH3
> ac97: codec id 0x4352595b (Cirrus Logic CS4205 rev 3)
> ac97: codec features mic channel, tone, simulated stereo, bass boost,
> 20 bit DAC, 18 bit ADC, SRS 3D
> audio0 at auich0
> "Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not configured
> usb0 at uhci0: USB revision 1.0
> uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev
> 1.00/1.00 addr 1
> isa0 at ichpcib0
> isadma0 at isa0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> com0 at isa0 

Re: routing problem with wordpress and external and internal traffic

[Erik van Westen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Op 27-9-2017 om 11:20 schreef Markus Rosjat:
> Hi there, > > I have a small problem getting a wordpress instance, that works
with ips in the url, to work from the internal net. > > So here ist the
setup > > a webserver for some application behind a Openbsd Firewall
(webbserver is openBSD 6.0) I have a static ip for my external nic and
the wordpress instance uses the external ip in the site url.
Additionally I have to use a diffrent port then https because there is a
proxy server listining for some other application. > > While reaching
the site from the outsite world is no problem because its simple
redirect to the webserver and the wordpress instance has the url saved
it becomes kinda tricky to reach the wordpress instance from the inside.
in the internal net the webserver is listens on port 80 and 443 so I can
reach it from the inside but then the wordpress instance is rewiriting
the url to a port that isnt 443 becuase from the outsideworld it expects
a diffrent port. > > So question now is, is it possible to route the way
from inside to the outside and back without inventing the wheel new or
is it simpler just to let the webserver listen to the diffrent port too?
> > I hope it makes sense to someone to give me a push in the right
direction > > regards > Hi,


I think you are looking for something along the lines like:

match in on $vlan1 proto tcp from any to $realoutside port 443 rdr-to
$misp port 443

vlan1 is an inside network, and misp is an internal machine (was
reachable from the outside and needed to be reachable on the inside as
well).

Am I correct?

Regards,

Erik

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQIcBAEBCAAGBQJZy814AAoJEAeixT/cUIgnicQP/0+bYFH04K3ZagwfTi22NjMN
0txdUlLJCIJtRVaeLFJ4u7MDCKC9CzJO6s7NIwBmwKmaE40fL+itWAJH/qQ1DRQ3
uyG8AlccGLS+KnjNze7zR3rDPMsJFrgtOKVAU0YRNYEFxS0ShYBzme8ZydAwxq7M
Br/RxTHEA1kV0kfYk7z1JffdjYkGPpZG9/ocwdVKiwKBOf0LAz8OrlAwEhDcjd/B
jWs/T6GkFNDUo1qS1kmRpwXGIHCGjNdz9k1y3kaZ0lz2htt5ITfya1+d09kFNtaB
N/OIOwj2mLF6WnJrQ/RDmqEDzIX74XUROH7a1hKJpIhDU8yVRgva/czR5CCkOz+m
xwEKESeXhhccOF1aCmY/K3btK0LuBxQqxg48T0XiWeSFyK0V4+nMy4Ddohfuvoll
xyYt225XIWB+9hgNOTuChtuy7hKltj8Lv3dyTrNxkRRd/VFF2d0hm/e4FB3NLdFJ
9SwfeOp/NJ33vc3Z0ohx8589sWfL47IleEQWxEBebVE8uQQI/d+bygDa/HhUaB+W
P1jzETwHeis/SrIp7wShWC600lCsoNLWvcMHrR0Yu2oCNJsUsbwYvs7SmBIvYBty
F6GVpP4Y62hwbHWIL/nALdJSUF6r0GDsn+Gd1DLxQ6ZzP++bBScq93zdW0VXsIxo
3/vQdsjNd6uhh7JwhiXW
=XXdi
-END PGP SIGNATURE-

Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?

[Stefan Sperling]

On Wed, Sep 27, 2017 at 04:11:45PM +0200, Kamil Cholewiński wrote:
> On Wed, 27 Sep 2017, Francois Pussault  wrote:
> > maybe installing a tool like xrandr ?
> 
> Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4),
> wsconscfg(8), wsconsctl(8), nothing about rotation...

In -current, the console is rotated counter-clockwise if the display
isn't already upright:
https://marc.info/?l=openbsd-cvs=150266331224832=2
https://marc.info/?l=openbsd-cvs=150300131911666=2

This behaviour is hard-coded and cannot be configured. It helps machines which
need counter-clockwise rotation, but is not ideal because some machines need
clockwise rotation instead. There are plans to auto-detect and use the correct
rotation required in the future.

Re: Installer hangs - "already acking lease"

[Eivind Eide]

> Can you post the dmesg?

Yes. And more. Full output from sendbug below.

> Does 6.0 or 6.1 release work?

Yes and yes.


>Synopsis:dhclient in 6.2 snapshot bsd.rd installer hangs
>Category:system upgrade
>Environment:
System  : OpenBSD 6.1
Details : OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC

Architecture: OpenBSD.i386
Machine : i386
>Description:

>How-To-Repeat:

>Fix:



dmesg:
OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 Mobile CPU 1.80GHz ("GenuineIntel"
686-class) 1.80 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PERF
real mem  = 2146852864 (2047MB)
avail mem = 2093019136 (1996MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 05/15/03, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev.
2.3 @ 0xf7690 (61 entries)
bios0: vendor Dell Computer Corporation version "A09" date 05/15/2003
bios0: Dell Computer Corporation Latitude C640
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP
acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) UAR1(S3) USB0(S1)
USB1(S1) USB2(S1) MODM(S3) PCIE(S3) MPCI(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (PCIE)
acpiprt3 at acpi0: bus -1 (MPCI)
acpipwrres0 at acpi0: PADA, resource for ADPT
acpitz0 at acpi0: critical temperature is 99 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 model "LIP8120DLP" serial 5184 type LION oem
"Sony Corp."
acpibat1 at acpi0: BAT1 not present
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
"PNP0F13" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0401" at acpi0 not configured
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
bios0: ROM list: 0xc/0xf000 0xcf000/0x800! 0xcf800/0x800!
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xe800, size 0x400
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 0 function 0 "ATI Radeon Mobility M7" rev 0x00
drm0 at radeondrm0
radeondrm0: irq 11
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
pci2 at ppb1 bus 2
xl0 at pci2 dev 0 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq
11, address 00:08:74:48:40:d6
exphy0 at xl0 phy 24: 3Com internal media interface
cbb0 at pci2 dev 1 function 0 "TI PCI1420 CardBus" rev 0x00: irq 11
cbb1 at pci2 dev 1 function 1 "TI PCI1420 CardBus" rev 0x00: irq 11
ath0 at pci2 dev 3 function 0 "Atheros AR2413" rev 0x01: irq 11
ath0: AR2413 7.8 phy 4.5 rf 5.6 eeprom 5.2, WOR3W, address 00:16:cf:53:07:71
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 5 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97" rev 0x02: irq 11, ICH3
ac97: codec id 0x4352595b (Cirrus Logic CS4205 rev 3)
ac97: codec features mic channel, tone, simulated stereo, bass boost,
20 bit DAC, 18 bit ADC, SRS 3D
audio0 at auich0
"Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not configured
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
wsmouse1 at pms0 mux 0
pms0: Synaptics touchpad, firmware 5.9
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
vscsi0 at root
scsibus2 at vscsi0: 256 

Re: FF vs. Chrome/Chromium

[Theo de Raadt]

> Firefox has W^X compliance and so runs with the secure defaults.

it uses page aliasing, which is a shitty way of being compliant

> The latest Firefox (Not ESR as mtier provides) has recently had
> sandboxing for Windows and Linux added and legacy extensions will be
> phased out.
> 
> It is therefore likely possible to add pledge patches without depending
> on upstream and so Firefox could become the clear winner.

you really shouldn't be promising that to anyone.  it might not happen,
their design might not allow it.

pledge in giant programs is very rare.  chrome got LUCKY, and there is
no evidence that firefox will also.

































































































































































































































































n> 
> Otherwise you have to decide for yourself. I'm not sure any browsers
> code quality is Good or which is better, which would be an important
> factor.
> 
> Neither are particularly good at privacy but Firefox does allow
> clearing data on exit and has better extensions.
> 

1

Re: routing problem with wordpress and external and internal traffic

[Markus Rosjat]

hi,

Am 27.09.2017 um 15:59 schrieb x9p:



I am supposing its Apache because you did not said so.



no it's of course a httpd from OpenBSD



You are right, httpd. my bad. I am used to Linux world.


   the problem here is the for internal traffic to somehow rewirite the
url to a internal ip with some lines in the server part of the
httpd.conf (dont know if this is possible)



We know packets are being changed by pf rules when coming from outside
world. From inside network, there is a URL transformation that represents
the problem are facing .



well if I do stuff on the internal nic I could do things to these 
packages too but this should be the smaller problem here.



where is the URL rewrite being done? .htaccess or in another part? I
believe this is the first step to search for. If it is in the .htaccess,
that is the simpler solution in my point of view.



well since .htaccess has nothing to do with httpd of Openbsd rewrites 
could be possible in relayd (maybe) od as I stated maybe in the sever 
definition in httpd.conf.



or to somehow get the traffic rerouted wen it hits the firewall in a pf
rule or rules


I believe mix routing/pf rules with URL rewriting makes the problem
complex, should be a simple solution.

cheers.

x9p




regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?

[Kamil Cholewiński]

On Wed, 27 Sep 2017, Francois Pussault  wrote:
> maybe installing a tool like xrandr ?

Xrandr works only for X. I've skimmed wscons(4), wsdisplay(4),
wsconscfg(8), wsconsctl(8), nothing about rotation...

Re: routing problem with wordpress and external and internal traffic

[x9p]

>> I am supposing its Apache because you did not said so.
>>
>
> no it's of course a httpd from OpenBSD
>

You are right, httpd. my bad. I am used to Linux world.

>   the problem here is the for internal traffic to somehow rewirite the
> url to a internal ip with some lines in the server part of the
> httpd.conf (dont know if this is possible)
>

We know packets are being changed by pf rules when coming from outside
world. From inside network, there is a URL transformation that represents
the problem are facing .

where is the URL rewrite being done? .htaccess or in another part? I
believe this is the first step to search for. If it is in the .htaccess,
that is the simpler solution in my point of view.

> or to somehow get the traffic rerouted wen it hits the firewall in a pf
> rule or rules

I believe mix routing/pf rules with URL rewriting makes the problem
complex, should be a simple solution.

cheers.

x9p

Re: Installer hangs - "already acking lease"

[Todd]

Can you post the dmesg?

Does 6.0 or 6.1 release work?

On Wed, Sep 27, 2017 at 5:45 AM, Eivind Eide  wrote:

> 2017-09-11 16:05 GMT+02:00 Eivind Eide :
> > Trying to upgrade this old machine with i386 snapshot bsd.rd from
> > 2017-09-11. bsd.rd boots ok, but after fscheck it tries to get dhcp.
> > After "DHCPOFFER from 192.168.1.1 (mac-address)" it just waits,
> > nothing more happens.
> >
> > On the router, running OBSD 6.1 -stable it says:
> > dhcpd: DHCPDISCOVER from (mac-address) via vether0
> > dhcpd: DHCPDISCOVER from (mac-address via vether0
> > dhcpd: already acking lease 192.168.1.32
> > dhcpd: DHCPOFFER on 192.168.1.32 to (mac-address) via vether0
> >
> > ...And i get no further.  Any clues?
> >
>
> Still this problem with all bsd.rd from snapshots. Latest tried bsd.rd
> from i386 snapshot 2017-09-26.
> dhclient in bsd.rd don't get lease, it just hangs.
> I tried to bypass my own router (OBSD 6.1 -stable) and plug the cable
> directly into my ISPs cable modem, as to test with their DHCP server.
> Same result.
> I've also tried to drop to the shell in bsd.rd and test dhclient. It just
> hangs.
> The only clue I have is from my own router: "already acking lease
> 192.168.1.32". Whatever that means.
> Googeling have brought me no further.
>
> If I don't find any clues on this I can't update OpenBSD anymore.
>
>
> --
>
>
>
> Eivind Eide
>
> "ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD"
> - Oceania Association of Autonomous Astronauts
>
>

Re: FF vs. Chrome/Chromium

[Kevin Chadwick]

On Wed, 27 Sep 2017 14:49:19 +0200


> Hi there!
> 
> Last night I enjoyed reading through the different presentation
> slides from EuroBSDcon 2017.
> 
> Relating to Theo's presentation on 'Pledge and
> Privsep' (https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf)
> he states that firefox cannot be pledged while "chrome was strongly
> pledged in <1 week".
> 
> I assume that this actually is 'chromium', right? Disregarding any
> addons, is it valid to say that for OpenBSD users chromium is "safer"
> than FF as the latter is not pledgeable?

I believe mtier provides updates for firefox ESR and not
chromium.

Chromium has pledges patched in because it was structured for
sandboxing.

Firefox has W^X compliance and so runs with the secure defaults.

The latest Firefox (Not ESR as mtier provides) has recently had
sandboxing for Windows and Linux added and legacy extensions will be
phased out.

It is therefore likely possible to add pledge patches without depending
on upstream and so Firefox could become the clear winner.

Otherwise you have to decide for yourself. I'm not sure any browsers
code quality is Good or which is better, which would be an important
factor.

Neither are particularly good at privacy but Firefox does allow
clearing data on exit and has better extensions.

Re: routing problem with wordpress and external and internal traffic

[Markus Rosjat]

Hi,

Am 27.09.2017 um 13:33 schrieb x9p:

Hi there,


Hi



I have a small problem getting a wordpress instance, that works with ips
in the url, to work from the internal net.

So here ist the setup

a webserver for some application behind a Openbsd Firewall (webbserver
is openBSD 6.0) I have a static ip for my external nic and the wordpress


I am supposing its Apache because you did not said so.



no it's of course a httpd from OpenBSD


So question now is, is it possible to route the way from inside to the
outside and back without inventing the wheel new or is it simpler just
to let the webserver listen to the diffrent port too?

I hope it makes sense to someone to give me a push in the right direction



I think its lacking some information, but supposing your wordpress
installation is redirecting based on .htaccess rules under httpd I would
include a rule to not rewrite the URL based on source IP (if internal, do
not apply .htaccess rule of URL rewrite)



 the problem here is the for internal traffic to somehow rewirite the 
url to a internal ip with some lines in the server part of the 
httpd.conf (dont know if this is possible)


or to somehow get the traffic rerouted wen it hits the firewall in a pf 
rule or rules



something like:

https://unix.stackexchange.com/questions/44129/conditional-directoryindex-based-on-ip-address-using-htaccess

cheers.

x9p





regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: httpd+relayd behind a proxy

[Manuel Giraud]

Manuel Giraud  writes:

> Hi,
>
> I have a website that is served with httpd+relayd behind a proxy (that I
> don't control). The said proxy is responsible for the public side TLS
> handshake with clients and I serve with relayd TLS and a local httpd
> without TLS.
>
> The problem is that I end up serving "mixed content" because the
> $_SERVER[HTTPS] variable is not set. What would be the best (easier) way
> to have this variable set?

Reply to self:

All I had to do was to listen with tls on in httpd.conf and do a
"forward with tls to" in relayd.conf (BTW thanks for those great man
pages!)
-- 
Manuel Giraud

Re: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?

[Francois Pussault]

maybe installing a tool like xrandr ?

> 
> From: 
> Sent: Wed Sep 27 12:30:37 CEST 2017
> To: 
> Subject: Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?
> 
> 
> Hi,
> 
> Can I rotate the screenbuffer +90, -90, 180 degrees?
> 
> Some computers and displays have hardware output prerotated, which needs to 
> be corrected on the OS level. In all cases X has whole-screen rotation 
> support I think.
> 
> Thanks,
> Tinker


Cordialement
Francois Pussault
10 chemin de négo saoumos
apt 202 - bat 2
31300 Toulouse
+33 6 17 230 820 
fpussa...@contactoffice.fr

FF vs. Chrome/Chromium

[Stefan Wollny]

Hi there!

Last night I enjoyed reading through the different presentation slides from 
EuroBSDcon 2017.

Relating to Theo's presentation on 'Pledge and Privsep' 
(https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf) he states that 
firefox cannot be pledged while "chrome was strongly pledged in <1 week".

I assume that this actually is 'chromium', right? Disregarding any addons, is 
it valid to say that for OpenBSD users chromium is "safer" than FF as the 
latter is not pledgeable?

Just curious.

STEFAN

Re: routing problem with wordpress and external and internal traffic

[x9p]

> Hi there,

Hi

>
> I have a small problem getting a wordpress instance, that works with ips
> in the url, to work from the internal net.
>
> So here ist the setup
>
> a webserver for some application behind a Openbsd Firewall (webbserver
> is openBSD 6.0) I have a static ip for my external nic and the wordpress

I am supposing its Apache because you did not said so.

> So question now is, is it possible to route the way from inside to the
> outside and back without inventing the wheel new or is it simpler just
> to let the webserver listen to the diffrent port too?
>
> I hope it makes sense to someone to give me a push in the right direction
>

I think its lacking some information, but supposing your wordpress
installation is redirecting based on .htaccess rules under httpd I would
include a rule to not rewrite the URL based on source IP (if internal, do
not apply .htaccess rule of URL rewrite)

something like:

https://unix.stackexchange.com/questions/44129/conditional-directoryindex-based-on-ip-address-using-htaccess

cheers.

x9p

Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?

[Stefan Sperling]

On Wed, Sep 27, 2017 at 10:31:22AM -, ti...@openmailbox.org wrote:
>  probing: pc0 mem[572K 56K 495M 1455M 5M 6144M]
>  disk: hd0* hd1* hd2 sr0*
>  >> OpenBSD/amd64 BOOTX64 3.32
>  open(hd0a:/etc/boot.conf): Invalid Argument
>  boot>
> 
> 
> This error may be because OpenBSD creating "boot.conf" within the FAT32 EFI 
> system boot volume actually crates "bo~1.con", which is not resolved as 
> "boot.conf" by OpenBSD's BOOTX64 EFI loader program? -

boot.conf has nothing to do with it.
softraid boot is handled independently from boot.conf.

> How do I instruct BOOTX64 to boot from sr0a:/boot ?

What's odd is that you have a bootable sr0 but the boot loader still
tries hd0 instead. That looks like a bug. Usually sr0 should be tried
in this situation.
 
I don't know the solution. Perhaps try re-running installboot?

FWIW, this all works fine for me on a thinkpad helix2.

Re: X710 10Gb card not configured

[Jonathan Gray]

On Wed, Sep 27, 2017 at 03:53:26AM -0700, James A. Peltier wrote:
> - On 26 Sep, 2017, at 20:25, Jonathan Gray j...@jsg.id.au wrote:
> 
> | On Tue, Sep 26, 2017 at 05:35:40PM -0700, James A. Peltier wrote:
> |> Hi Misc,
> |> 
> |> I am running the latest OpenBSD snapshot and it appears that the 10Gb 
> cards that
> |> we have in the unit aren't recognized or configured properly.  I had a 
> look at
> |> pcidevs and pcidevs.h files in src/dev/pci and it appears that the device
> |> should be found as
> |> 
> |> src/sys/dev/pcidevs
> |> product INTEL X710_10G_SFP 0x1572  X710 SFP+
> |> 
> |> src/sys/dev/pcidevs.h
> |> #definePCI_PRODUCT_INTEL_X710_10G_SFP  0x1572  /* X710 SFP+ */
> |> 
> |> 
> |> I have attached a pcidump -v below hoping someone might resolve this issue.
> |> Please let me know if there is anything else I can provide and when I 
> might be
> |> able to try another snapshot.
> | 
> | There is currently no driver in the tree for Intel X710/XL710 10Gb/40Gb.
> 
> Can I get a recommendation on a comparable 10Gb/40Gb card that will work?  
> Specific card or model numbers so I can get them in ASAP

I suspect most people are using the Intel based cards supported by ix(4)
for 10GbE (https://man.openbsd.org/ix.4).  There are no drivers for any
40GbE parts.

Re: X710 10Gb card not configured

[James A. Peltier]

- On 26 Sep, 2017, at 20:25, Jonathan Gray j...@jsg.id.au wrote:

| On Tue, Sep 26, 2017 at 05:35:40PM -0700, James A. Peltier wrote:
|> Hi Misc,
|> 
|> I am running the latest OpenBSD snapshot and it appears that the 10Gb cards 
that
|> we have in the unit aren't recognized or configured properly.  I had a look 
at
|> pcidevs and pcidevs.h files in src/dev/pci and it appears that the device
|> should be found as
|> 
|> src/sys/dev/pcidevs
|> product INTEL X710_10G_SFP   0x1572  X710 SFP+
|> 
|> src/sys/dev/pcidevs.h
|> #define  PCI_PRODUCT_INTEL_X710_10G_SFP  0x1572  /* X710 SFP+ */
|> 
|> 
|> I have attached a pcidump -v below hoping someone might resolve this issue.
|> Please let me know if there is anything else I can provide and when I might 
be
|> able to try another snapshot.
| 
| There is currently no driver in the tree for Intel X710/XL710 10Gb/40Gb.

Can I get a recommendation on a comparable 10Gb/40Gb card that will work?  
Specific card or model numbers so I can get them in ASAP

-- 
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 604-365-6432
Fax : 778-782-3045
E-Mail  : jpelt...@sfu.ca
Website : http://www.sfu.ca/itservices
Twitter : @sfu_rcg
Powering Engagement Through Technology

Re: Installer hangs - "already acking lease"

[Eivind Eide]

2017-09-11 16:05 GMT+02:00 Eivind Eide :
> Trying to upgrade this old machine with i386 snapshot bsd.rd from
> 2017-09-11. bsd.rd boots ok, but after fscheck it tries to get dhcp.
> After "DHCPOFFER from 192.168.1.1 (mac-address)" it just waits,
> nothing more happens.
>
> On the router, running OBSD 6.1 -stable it says:
> dhcpd: DHCPDISCOVER from (mac-address) via vether0
> dhcpd: DHCPDISCOVER from (mac-address via vether0
> dhcpd: already acking lease 192.168.1.32
> dhcpd: DHCPOFFER on 192.168.1.32 to (mac-address) via vether0
>
> ...And i get no further.  Any clues?
>

Still this problem with all bsd.rd from snapshots. Latest tried bsd.rd
from i386 snapshot 2017-09-26.
dhclient in bsd.rd don't get lease, it just hangs.
I tried to bypass my own router (OBSD 6.1 -stable) and plug the cable
directly into my ISPs cable modem, as to test with their DHCP server.
Same result.
I've also tried to drop to the shell in bsd.rd and test dhclient. It just hangs.
The only clue I have is from my own router: "already acking lease
192.168.1.32". Whatever that means.
Googeling have brought me no further.

If I don't find any clues on this I can't update OpenBSD anymore.


-- 



Eivind Eide

"ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD"
- Oceania Association of Autonomous Astronauts

Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?

[tinkr]

>> On Wed, Sep 27, 2017 at 08:06:15AM -, ti...@openmailbox.org wrote:
[..]
> How do I instruct BOOTX64 to boot from sr0a:/boot ?
(Sorry typo, this should read "How do I instruct BOOTX64 to boot from sr0a:/bsd 
?", however sr0a:/bsd was spelled correctly above so it was clear enough 
already.)

Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?

[tinkr]

> On Wed, Sep 27, 2017 at 08:06:15AM -, ti...@openmailbox.org wrote:
>> Hi!
>> 
>> Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, 
>> right?
>> 
>> It's supposed to work exactly the same way, just out of the box, the boot 
>> code will ask for typed password or keydisk, right?
>> 
>> Thanks,
>> Tinker
> 
> http://www.openbsd.org/faq/faq14.html#softraid

Dear Stefan,

Thanks for responding - yes thanks for the obvious reference. For making GPT 
booting work at all with OpenBSD, the "-b 960" argument to "fdisk -ig" that's 
mentioned on the FAQ page, is instrumental, as "fdisk -ig" only creates a GPT 
partitioning table whereas booting requires an EFI system boot partition too, 
and fdisk creates that one only when "-b 960" is specified.


About automatic softraid unpacking on boot, the answer I found was that: Yes, 
it is supported, but I think the boot order when booting softraid crypto on 
GPT/UEFI is different from on MBR/boot.

I think on MBR/BIOS boot, the setup is that OpenBSD's MBR sector reads some 
reserved subsequent sectors, which contain the unpacking code which ask you for 
password/keydisk, and then unpacks the softraid, which will in turn contain the 
boot code, which reads boot.conf .

In GPT/UEFI boot, OpenBSD's boot sequence is different: The host system's UEFI 
firmware will load the /efi/boot/bootx64.efi file, which tries to load the 
boot.conf file and then boot the system.


Unfortunately, bootx.64.efi does not get the idea of trying to boot sr0a:/bsd , 
but just tries hd0a:/bsd and then fails.

I tried to feed it with a boot.conf file by doing mount /dev/sd0i /mnt; mkdir 
-p /mnt/etc; echo "boot sr0a:/bsd" >> /mnt/etc/boot.conf , however this has no 
effect on the boot process, it still says the same as when the file was not 
there:

 probing: pc0 mem[572K 56K 495M 1455M 5M 6144M]
 disk: hd0* hd1* hd2 sr0*
 >> OpenBSD/amd64 BOOTX64 3.32
 open(hd0a:/etc/boot.conf): Invalid Argument
 boot>


This error may be because OpenBSD creating "boot.conf" within the FAT32 EFI 
system boot volume actually crates "bo~1.con", which is not resolved as 
"boot.conf" by OpenBSD's BOOTX64 EFI loader program? -

How do I instruct BOOTX64 to boot from sr0a:/boot ?

Also is this in the manual yet, where?

Thanks!
Tinker

Can I rotate the framebuffer (e.g. using wsdisplay) in OpenBSD?

[tinkr]

Hi,

Can I rotate the screenbuffer +90, -90, 180 degrees?

Some computers and displays have hardware output prerotated, which needs to be 
corrected on the OS level. In all cases X has whole-screen rotation support I 
think.

Thanks,
Tinker

Re: blank password w/out password prompt

[Valentine Astakhov]

Awesome!
Thank you!

2017-09-26 16:50 GMT+03:00 Alfred Morgan :

> > Can I login without password prompt?
>
> Sure. Copy and paste as root:
>
> echo quicklogin:lo=/usr/local/bin/quicklogin:tc=9600-baud:
> >> /etc/gettytab
> printf '#!/bin/sh\nexec /usr/bin/login -f $*\n' > /usr/local/bin/quicklogin
> chmod +x /usr/local/bin/quicklogin
> patch /etc/ttys << \.
> @@ -7 +7 @@
> -ttyC0  "/usr/libexec/getty std.9600"   vt220   on  secure
> +ttyC0  "/usr/libexec/getty quicklogin" vt220   on  secure
> .
> kill -HUP 1
>
> --
> -alfred
>

routing problem with wordpress and external and internal traffic

[Markus Rosjat]

Hi there,

I have a small problem getting a wordpress instance, that works with ips 
in the url, to work from the internal net.


So here ist the setup

a webserver for some application behind a Openbsd Firewall (webbserver 
is openBSD 6.0) I have a static ip for my external nic and the wordpress 
instance uses the external ip in the site url. Additionally I have to 
use a diffrent port then https because there is a proxy server listining 
for some other application.


While reaching the site from the outsite world is no problem because its 
simple redirect to the webserver and the wordpress instance has the url 
saved it becomes kinda tricky to reach the wordpress instance from the 
inside. in the internal net the webserver is listens on port 80 and 443 
so I can reach it from the inside but then the wordpress instance is 
rewiriting the url to a port that isnt 443 becuase from the outsideworld 
it expects a diffrent port.


So question now is, is it possible to route the way from inside to the 
outside and back without inventing the wheel new or is it simpler just 
to let the webserver listen to the diffrent port too?


I hope it makes sense to someone to give me a push in the right direction

regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?

[Stefan Sperling]

On Wed, Sep 27, 2017 at 08:06:15AM -, ti...@openmailbox.org wrote:
> Hi!
> 
> Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, 
> right?
> 
> It's supposed to work exactly the same way, just out of the box, the boot 
> code will ask for typed password or keydisk, right?
> 
> Thanks,
> Tinker

http://www.openbsd.org/faq/faq14.html#softraid

Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?

[tinkr]

Hi!

Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, 
right?

It's supposed to work exactly the same way, just out of the box, the boot code 
will ask for typed password or keydisk, right?

Thanks,
Tinker