Re: booting OpenBSD on Raspberry pi4 without using sdcard for UEFI
Hi David, Got it. Will try the install over serial line. One pleasant surprise I found is that once OpenBSD is installed using UEFI/sd, you don't need the sd card for reboots. The bootloader picks up the os from the usb directly. This is with the latest eeprom. Nice to have the sd not occupied :). Thanks Sandeep On Sat, May 21, 2022 at 12:31 AM David Demelier wrote: > > > On 20 May 2022, at 18:27, Sandeep Gupta wrote: > > > > Hello, > > > > This post here ( > > http://matecha.net/posts/openbsd-on-pi-4-with-full-disk-encryption/) > claims > > its possible to > > boot OpenBSD directly from USB without the need for UEFI on sdcard. > > I tried today but couldn't get it to work. I got a blank screen during > the > > installation process. What I did was > > 1) updated the eeprom (bootloader) > > 2) set boot to usb > > 3) wrote install71.img onto ssd. > > > > The boot process did start but I got a blank screen. I was wondering if > > anyone has tried and has had success with booting > > OpenBSD directly from USB. > > > > Thanks > > sandeep > > > > Hi, > > It’s possible to boot from USB only, it’s what I do with a special USB to > NVMe adapter in an argon case but in the process I do, you still need a SD > card and a TTL cable prior to boot only from USB. > > 1. Burn install71.img or miniroot71.img to the SD card > 2. Plug the appropriate TX/RX/GND pins on the board and open a serial line > (using cu/picocom) > 3. Insert the SD card and power on the Pi > 4. Install as usual to the correct USB disk > 5. Reboot. > > The install script uses labels in /etc/fstab which means it will just work > out of the box. > > Note: use an ethernet wire as well if you choose the miniroot, there are > no firmware for bwfm in 7.1 IIRC. > > Regarding your question, you get a blank screen because the installer in > ARM uses serial console by default. > > HTH > > -- > David > >
Re: booting OpenBSD on Raspberry pi4 without using sdcard for UEFI
> On 20 May 2022, at 18:27, Sandeep Gupta wrote: > > Hello, > > This post here ( > http://matecha.net/posts/openbsd-on-pi-4-with-full-disk-encryption/) claims > its possible to > boot OpenBSD directly from USB without the need for UEFI on sdcard. > I tried today but couldn't get it to work. I got a blank screen during the > installation process. What I did was > 1) updated the eeprom (bootloader) > 2) set boot to usb > 3) wrote install71.img onto ssd. > > The boot process did start but I got a blank screen. I was wondering if > anyone has tried and has had success with booting > OpenBSD directly from USB. > > Thanks > sandeep > Hi, It’s possible to boot from USB only, it’s what I do with a special USB to NVMe adapter in an argon case but in the process I do, you still need a SD card and a TTL cable prior to boot only from USB. 1. Burn install71.img or miniroot71.img to the SD card 2. Plug the appropriate TX/RX/GND pins on the board and open a serial line (using cu/picocom) 3. Insert the SD card and power on the Pi 4. Install as usual to the correct USB disk 5. Reboot. The install script uses labels in /etc/fstab which means it will just work out of the box. Note: use an ethernet wire as well if you choose the miniroot, there are no firmware for bwfm in 7.1 IIRC. Regarding your question, you get a blank screen because the installer in ARM uses serial console by default. HTH -- David
booting OpenBSD on Raspberry pi4 without using sdcard for UEFI
Hello, This post here ( http://matecha.net/posts/openbsd-on-pi-4-with-full-disk-encryption/) claims its possible to boot OpenBSD directly from USB without the need for UEFI on sdcard. I tried today but couldn't get it to work. I got a blank screen during the installation process. What I did was 1) updated the eeprom (bootloader) 2) set boot to usb 3) wrote install71.img onto ssd. The boot process did start but I got a blank screen. I was wondering if anyone has tried and has had success with booting OpenBSD directly from USB. Thanks sandeep
Re: mutt fetch-mail ssl error
On 2022/05/20 22:18, Avon Robertson wrote: > Thank you for your response Stuart. Alas your suggestion to try the > binary from the working host does not work. I have pasted a log of my > actions below. I will try Theo's fix tomorrow. Hopefully there will be a snapshot by then so you can just update to it - given the tests you've done thus far, it's clearly due to a change in libressl, and testing with nc shows that it's not a general problem rather something with how mutt interface with it, so there's a good chance that will fix the issue. > $ fgrep -e 995 ~/.muttrc > set pop_host="pops://avo...@pop3.xtra.co.nz:995" > > $ nc -vvc pop3.xtra.co.nz 995 > Connection to pop3.xtra.co.nz (210.55.143.37) 995 port [tcp/pop3s] > succeeded! > TLS handshake negotiated TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384 with host > pop3.xtra.co.nz > Peer name: pop3.xtra.co.nz > Subject: /C=NZ/L=Auckland/O=Spark New Zealand Limited/OU=Spark > Connect/CN=pop3.xtra.co.nz > Issuer: /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) > 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification > Authority - L1K > Valid From: Thu Jul 22 12:41:29 2021 > Valid Until: Wed Aug 17 12:41:29 2022 > Cert Hash: > SHA256:ec5b8868a45006e3b185fe01a918b88598d5ac113822985a988c64fb395537ca > OCSP URL: http://ocsp.entrust.net > +OK pop3.xtra.co.nz POP3 server ready > ^C > > On working mail host: > $ rsync -v /usr/local/bin/mutt errhost.xyz.abcd:/home/aer > > On errhost: > # chown root:bin /home/aer/mutt > $ cd > $ ./mutt > > Does not work and mutt's error-history command reports the same error. > > Regards > -- > aer >
Re: mutt fetch-mail ssl error
On Fri, May 20, 2022 at 10:47:12AM +0200, Theo Buehler wrote: > On Fri, May 20, 2022 at 04:08:25PM +1200, Avon Robertson wrote: > > I have been unable to fetch mail with mutt on this host using either the > > currently installed snapshot and mutt package, or the snapshot and mutt > > package that had been installed 2-3 days previously. > > > > I have been able to send mail using mutt in conjuction with msmtp from > > this host. > > > > mutt's error-history command displays > > > > Reading /home/aer/var/mail/inbox... > > Reading /home/aer/var/mail/inbox... 0 > > Looking up pop3.xtra.co.nz... > > Connecting to pop3.xtra.co.nz... > > SSL failed: error:14007086:SSL routines:CONNECT_CR_CERT:certificate > > +verify failed > > Error connecting to server: pop3.xtra.co.nz > > There is a good chance that this is a bug I introduced by adding a more > stringent check when rewriting ASN1_STRING_to_UTF8(). This can now fail > if passed an uninitialized pointer. This bug should be fixed via > x509_utl.c r1.3 and a_string.c r1.11 which add initialization and relax > the check again. > > X509_verify_cert() > x509_verify() > x509_verify_cert_hostname() >X509_check_host() > do_x509_check() > do_check_string() > ASN1_STRING_to_UTF8() > > If this is the problem, you can fix this by checking out very current > sources and rebuilding libcrypto > > cd /usr/src/lib/libcrypto > make obj > doas make includes > make > doas make install > > or you can wait for a new snapshot including this fix and try again. Thank you for your response Theo. It past my bed time tonight. Tomorrow I will do what you have suggested above. Regards -- aer
Re: mutt fetch-mail ssl error
On Fri, May 20, 2022 at 08:32:38AM -, Stuart Henderson wrote: > On 2022-05-20, Avon Robertson wrote: > > I have been unable to fetch mail with mutt on this host using either the > > currently installed snapshot and mutt package, or the snapshot and mutt > > package that had been installed 2-3 days previously. > > > > I have been able to send mail using mutt in conjuction with msmtp from > > this host. > > > > mutt's error-history command displays > > > > Reading /home/aer/var/mail/inbox... > > Reading /home/aer/var/mail/inbox... 0 > > Looking up pop3.xtra.co.nz... > > Connecting to pop3.xtra.co.nz... > > SSL failed: error:14007086:SSL routines:CONNECT_CR_CERT:certificate > > +verify failed > > Error connecting to server: pop3.xtra.co.nz > > I assume this is pop3s on port 995? > What do you get from "nc -vvc pop3.xtra.co.nz 995"? > > > The below snapshot was installed yesterday and all packages were updated > > immediately afterwards such that mutt's version is now 2.2.5. > > > > kern.version=OpenBSD 7.1-current (GENERIC.MP) #533: Thu May 19 07:38:57 MDT > > 2022 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > Another amd64 host that I have with OpenBSD 7.1 (GENERIC.MP) #454 and > > mutt 2.2.2 installed, fetches and sends mail without error using the > > same set of mutt configuration files. > > Try copying the mutt binary from the working system (don't overwrite the file > from the installed package, just put it in ~ and run it from there) - does > that > work or not? > > Thank you for your response Stuart. Alas your suggestion to try the binary from the working host does not work. I have pasted a log of my actions below. I will try Theo's fix tomorrow. $ fgrep -e 995 ~/.muttrc set pop_host="pops://avo...@pop3.xtra.co.nz:995" $ nc -vvc pop3.xtra.co.nz 995 Connection to pop3.xtra.co.nz (210.55.143.37) 995 port [tcp/pop3s] succeeded! TLS handshake negotiated TLSv1.2/ECDHE-RSA-AES256-GCM-SHA384 with host pop3.xtra.co.nz Peer name: pop3.xtra.co.nz Subject: /C=NZ/L=Auckland/O=Spark New Zealand Limited/OU=Spark Connect/CN=pop3.xtra.co.nz Issuer: /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K Valid From: Thu Jul 22 12:41:29 2021 Valid Until: Wed Aug 17 12:41:29 2022 Cert Hash: SHA256:ec5b8868a45006e3b185fe01a918b88598d5ac113822985a988c64fb395537ca OCSP URL: http://ocsp.entrust.net +OK pop3.xtra.co.nz POP3 server ready ^C On working mail host: $ rsync -v /usr/local/bin/mutt errhost.xyz.abcd:/home/aer On errhost: # chown root:bin /home/aer/mutt $ cd $ ./mutt Does not work and mutt's error-history command reports the same error. Regards -- aer
Re: mutt fetch-mail ssl error
Am Fri, 20 May 2022 10:47:12 +0200 schrieb Theo Buehler : > On Fri, May 20, 2022 at 04:08:25PM +1200, Avon Robertson wrote: > > I have been unable to fetch mail with mutt on this host using > > either the currently installed snapshot and mutt package, or the > > snapshot and mutt package that had been installed 2-3 days > > previously. > > > > I have been able to send mail using mutt in conjuction with msmtp > > from this host. > > > > mutt's error-history command displays > > > > Reading /home/aer/var/mail/inbox... > > Reading /home/aer/var/mail/inbox... 0 > > Looking up pop3.xtra.co.nz... > > Connecting to pop3.xtra.co.nz... > > SSL failed: error:14007086:SSL routines:CONNECT_CR_CERT:certificate > > +verify failed > > Error connecting to server: pop3.xtra.co.nz > > There is a good chance that this is a bug I introduced by adding a > more stringent check when rewriting ASN1_STRING_to_UTF8(). This can > now fail if passed an uninitialized pointer. This bug should be fixed > via x509_utl.c r1.3 and a_string.c r1.11 which add initialization and > relax the check again. > > X509_verify_cert() > x509_verify() > x509_verify_cert_hostname() >X509_check_host() > do_x509_check() > do_check_string() > ASN1_STRING_to_UTF8() > > If this is the problem, you can fix this by checking out very current > sources and rebuilding libcrypto > > cd /usr/src/lib/libcrypto > make obj > doas make includes > make > doas make install > > or you can wait for a new snapshot including this fix and try again. > Thanks for the note. I also saw some x509 errors when prosody would not start after updating the system yesterday. potato# prosodyctl /usr/local/bin/lua53: /usr/local/lib/prosody/util/x509.lua:270: bad argument #1 to 'nameprep' (string expected, got nil) stack traceback: [C]: in upvalue 'nameprep' /usr/local/lib/prosody/util/x509.lua:270: in function 'util.x509.get_identities' /usr/local/lib/prosody/core/certmanager.lua:131: in function 'core.certmanager.index_certs' /usr/local/lib/prosody/core/certmanager.lua:175: in function 'core.certmanager.find_host_cert' /usr/local/lib/prosody/core/certmanager.lua:330: in function 'core.certmanager.create_context' /usr/local/lib/prosody/util/startup.lua:394: in function 'util.startup.init_http_client' /usr/local/lib/prosody/util/startup.lua:663: in function 'util.startup.prosodyctl' /usr/local/sbin/prosodyctl:48: in main chunk [C]: in ? -- greetings, Florian Viehweger
Re: mutt fetch-mail ssl error
On Fri, May 20, 2022 at 04:08:25PM +1200, Avon Robertson wrote: > I have been unable to fetch mail with mutt on this host using either the > currently installed snapshot and mutt package, or the snapshot and mutt > package that had been installed 2-3 days previously. > > I have been able to send mail using mutt in conjuction with msmtp from > this host. > > mutt's error-history command displays > > Reading /home/aer/var/mail/inbox... > Reading /home/aer/var/mail/inbox... 0 > Looking up pop3.xtra.co.nz... > Connecting to pop3.xtra.co.nz... > SSL failed: error:14007086:SSL routines:CONNECT_CR_CERT:certificate > +verify failed > Error connecting to server: pop3.xtra.co.nz There is a good chance that this is a bug I introduced by adding a more stringent check when rewriting ASN1_STRING_to_UTF8(). This can now fail if passed an uninitialized pointer. This bug should be fixed via x509_utl.c r1.3 and a_string.c r1.11 which add initialization and relax the check again. X509_verify_cert() x509_verify() x509_verify_cert_hostname() X509_check_host() do_x509_check() do_check_string() ASN1_STRING_to_UTF8() If this is the problem, you can fix this by checking out very current sources and rebuilding libcrypto cd /usr/src/lib/libcrypto make obj doas make includes make doas make install or you can wait for a new snapshot including this fix and try again.
Re: mutt fetch-mail ssl error
On 2022-05-20, Avon Robertson wrote: > I have been unable to fetch mail with mutt on this host using either the > currently installed snapshot and mutt package, or the snapshot and mutt > package that had been installed 2-3 days previously. > > I have been able to send mail using mutt in conjuction with msmtp from > this host. > > mutt's error-history command displays > > Reading /home/aer/var/mail/inbox... > Reading /home/aer/var/mail/inbox... 0 > Looking up pop3.xtra.co.nz... > Connecting to pop3.xtra.co.nz... > SSL failed: error:14007086:SSL routines:CONNECT_CR_CERT:certificate > +verify failed > Error connecting to server: pop3.xtra.co.nz I assume this is pop3s on port 995? What do you get from "nc -vvc pop3.xtra.co.nz 995"? > The below snapshot was installed yesterday and all packages were updated > immediately afterwards such that mutt's version is now 2.2.5. > > kern.version=OpenBSD 7.1-current (GENERIC.MP) #533: Thu May 19 07:38:57 MDT > 2022 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Another amd64 host that I have with OpenBSD 7.1 (GENERIC.MP) #454 and > mutt 2.2.2 installed, fetches and sends mail without error using the > same set of mutt configuration files. Try copying the mutt binary from the working system (don't overwrite the file from the installed package, just put it in ~ and run it from there) - does that work or not?
Re: happy birthday theo
Also happy birthday from me. No idea whether exciting or not but, it makes us to human. Stay as you are and all the best in life. Christoph >> On Thu, May 19, 2022 at 10:30 PM Theo de Raadt wrote: >> >> Thank you all, but I don't understand why this is so exciting. >> >> I mean, it isn't a release day! >>
Re: happy birthday theo
it is exciting because we all love you and respect you. also, it "is" a release day; the 54th iteration of theo de raadt. ;) cheers. -mayuresh > From owner-misc+m193...@openbsd.org Fri May 20 03:38:08 2022 > From: "Theo de Raadt" > To: stati...@cryptolab.net > cc: misc@openbsd.org > Subject: Re: happy birthday theo > Comments: In-reply-to stati...@cryptolab.net >message dated "Thu, 19 May 2022 17:14:41 +0200." > > Thank you all, but I don't understand why this is so exciting. > > I mean, it isn't a release day! > > > > stati...@cryptolab.net wrote: > > > I will join in as well: Happy birthday, Theo! > > And thank you for all the good work on this sublime OS... > > > > Cheers, > > Oddmund > > > > > > Le 19/05/2022 à 16:33, Amit Kulkarni a écrit : > > > Happy Birthday to Theo! > > > On Thu, May 19, 2022 at 4:46 AM Brodey Dover > > > wrote: > > >> > > >> Happy Birthday Theo! > > >> > > >> On Thu, 19 May 2022 at 02:51, Mayuresh Kathe wrote: > > >> > > >>> here's wishing theo deraadt a very happy birthday. > > >>> wish you many more years of producing great software and being > > >>> cantankerous. :p > > >>> have a great day today and an amazing year ahead. > > >>> -mayuresh > > >>> > > >>> > > > > > > >