Re: comp.unix.bsd.openbsd.announce
sc...@web.de writes: I preffer newsgroups than mailing lists filling my mailbox. I am in this mailing list only because also comp.unix.bsd.openbsd.misc is dying. Perhaps the next openbsd newsgroup to be deleted. Is realy no one interested on the newsgroups? What's wrong with gmane.org and the gmane.os.openbsd hierarchy?
Re: intermittent 5.0/amd64 kernel/X hangs on Tinkpad T60
Gregor Best writes: On Fri, Nov 11, 2011 at 01:27:27PM -0500, Jonathan Thornburg wrote: [...] Questions: * Are other Thinkpad T60 users seeing similar problems? [...] I'm using an R61i and I sometimes see that too. On my machine, it usually happens under relatively high I/O load, such as when using rsync to copy data from another machine to a USB disk. [...] My SL510 froze yesterday while syncing two USB disks with rsync -aH --delete. This particular sync requires lots of memory as there are hundred of thousands of hardlinks. But when I replaced --delete with --delete-before, which is supposed to require even more memory, the sync succeeded. I was able to reproduce this two times with different USB disks (same brand though) before I figured out that the option --delete-before helps. On the second and third run I quit everything besides my window manager, an xterm and rsync. Reading from both disks simultaneously with dd doesn't cause any problems.
Re: Cross BSD instalation
Am 11/09/10 03:50, schrieb Rodrigo Mosconi: Dears, Is possible to install an OpenBSD if the machine was booted by a FreeBSD (no flames please) LiveCD/netboot? This question are based by this: A German DC supports FreeBSD, and provide a FreeBSD rescue system (diskless, network based). I would like to now IF there is some compatibility through the file system, that is: Can I newfs a slice on FBSD and install the base.tgz and kernel on it and boot the new system? I don't know, but if the rescue system provides QEMU you can install OpenBSD through QEMU. See Lhttp://wiki.hetzner.de/index.php/OpenBSD for an example (in German). Note that you can put files into a RAM disk, e.g. /dev/shm on Debian instead of a temporary partition. Also, there's no need to use VNC if you enable QEMU's curses interface. Furthermore, I'd use softraid(4) instead of raid(4). Alternatively, there is Yaifo, which worked very well for me. See Lhttp://erdelynet.com/?s=yaifo.
Re: Troubles suspending IBM laptop
On 08/26/10 17:18, Ido Admon wrote: Hello misc@, I'm recently having trouble suspending/hibernating an IBM X31 laptop. It used to work flawlessly with either the Fn+F4/F12 keys or with 'apm -z', but after a recent update (Aug. 24th snapshot) it won't anymore. The behavior I'm experiencing is that the suspend LED flashes, as it should, but the display remains active and then freezes (keyboard/mouse don't work at all) and I have to power down. If I'm in X then the display first switches to the console before freezing. It may be this commit that has changed things for me: http://marc.info/?l=openbsd-cvsm=128207276025618w=2 I get the same problem with my ThinkPad T42. If the additions made to /sys/dev/pci/ppb.c in revision 1.44 are removed, suspending and resuming works fine again.
Re: Instability in -current with ral/rt2860?
bbee writes: Hi, In a net5501 I have a rt2860 ral card, running the Feb 04 snapshot: ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R) I've been trying snapshots off and on since damien@ started tinkering with the rt2860 code two months ago. With any snapshot from the last 2 months, I can't get the box to stay up for more than 2 hours (or less) without it rebooting. [...] No problems here. I've got a net4801 with a SparkLAN WMIR-215GN Mini PCI card, running the snapshot from 23rd December: OpenBSD 4.4-current (GENERIC) #1637: Tue Dec 23 15:22:33 MST 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC [...] ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 11, address 00:0e:8e:xx:xx:xx ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R) The net4801 is up for 44 days. It's an open access point. WEP and WPA aren't enabled. Only 11g connections are accepted. The interface is configured with these settings: inet 192.168.0.1 255.255.255.0 NONE media autoselect mode 11g mediaopt hostap nwid myexample chan 5 I've put another SparkLAN card into my laptop but I've connected to the access point with Atheros and Intel cards as well. Also, several neighbours have used my access point in recent weeks. Regards, Andreas
Re: IPsec with a Linux road-warrior
[EMAIL PROTECTED] (Andreas Vvgele) writes: Tom Menari writes: Can anyone reccomend a client configuration for IPsec from a roaming Linux machine that works with OpenBSD's ipsecctl? I have tried Openswan and racoon and both have thier problems. Currently using X509 certificates but if anyone has public keys working that would be good too. I've got an OpenBSD road warrior that connects to a Debian server running racoon. So far I haven't connected a Linux road warrior to an OpenBSD machine but the following setup might work. [...] I've just tried to use the setup that I described and it doesn't work. You ought to add nat_traversal on to the remote section of the racoon configuration. I also forget to mention that you have to specify policies on the Linux side. On Debian the policies may be set statically in /etc/ipsec-tools.conf but in a road warrior setup you probably have to run setkey from a dhclient script. But now isakmpd outputs the error message ike_phase_1_recv_ID: received remote ID other than expected foo.example.org although my_identifier fqdn is used on the Linux side. Unfortunately, isakmpd doesn't tell me what type of remote ID it got. The debug output on the Linux side is even more useless. I'm giving up. If I were you I'd use OpenVPN, which can be set up in a few minutes without getting a headache.
Re: IPsec with a Linux road-warrior
Tom Menari writes:
Can anyone reccomend a client configuration for IPsec from a roaming
Linux machine that works with OpenBSD's ipsecctl?
I have tried Openswan and racoon and both have thier problems.
Currently using X509 certificates but if anyone has public keys
working that would be good too.
I've got an OpenBSD road warrior that connects to a Debian server
running racoon. So far I haven't connected a Linux road warrior to an
OpenBSD machine but the following setup might work.
If you decide to use public keys you've got to convert the keys
between the file format used by OpenBSD and the format used by Racoon
and Openswan. I've put a Perl script that converts public keys
between both formats at the end of this message. The script requires
the Perl modules Parse::RecDescent and Crypt::OpenSSL::RSA, which are
both available as packages under OpenBSD and Debian.
Run the script on your OpenBSD machine to convert your machine's
public key into the file format that is accepted by racoon. Example:
./plainrsa-convert /etc/isakmpd/local.pub
Copy the output into the file /etc/racoon/certs/pubkeys.rsa on the
Linux machine. You can put the OpenBSD machine's IP address in front
of the key. Example:
192.168.0.1 : PUB 0sAgUAF2T29ovO...
Run the command plainrsa-gen, which comes with the racoon package, to
create a key on the Linux machine. Example:
plainrsa-gen -f /etc/racoon/certs/privatekey.rsa
Extract the public key from the key file and convert the key to the
format accepted by OpenBSD. Example:
grep : PUB privatekey.rsa | sed 's/^#//' | ./plainrsa-convert
Assuming that your client's host name is roadwarrior.example.org, put
the output of the above command into the file
/etc/isakmpd/pubkeys/fqdn/roadwarrior.example.org on your OpenBSD
machine.
I'm not sure what to put into /etc/ipsec.conf on the OpenBSD machine.
I think that something like this should work:
ike passive from any to 192.168.0.1 \
srcid server.example.org \
dstid roadwarrior.example.org
Put the following directives into the file /etc/racoon/racoon.conf on
the Linux machine. Don't forget to modify the IP address and the
identifiers.
--8--8--8--8--8--8--8--8--
# /etc/racoon/racoon.conf
path certificate /etc/racoon/certs;
## phase 1 proposals (for IKE SA)
# connection to server.example.org
remote 192.168.0.1 {
exchange_mode main;
certificate_type plain_rsa privatekey.rsa;
peers_certfile plain_rsa pubkeys.rsa;
my_identifier fqdn roadwarrior.example.org;
peers_identifier fqdn server.example.org;
dpd_delay 30;
lifetime time 1 hour;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024;
}
}
## phase 2 proposal (for IPsec SA).
# quick mode description for all connections
sainfo anonymous {
encryption_algorithm aes, 3des;
authentication_algorithm hmac_sha256, hmac_sha1, hmac_md5;
compression_algorithm deflate;
lifetime time 20 minutes;
}
--8--8--8--8--8--8--8--8--
#!/usr/bin/perl -w
# Convert public keys from and to the format used by Racoon.
# Written and placed in the public domain by Andreas Voegele.
use strict;
use Parse::RecDescent;
use Crypt::OpenSSL::RSA;
use MIME::Base64;
sub pem2rfc {
my $key = shift;
my $rsa_pub = Crypt::OpenSSL::RSA-new_public_key($key);
my ($n, $e) = $rsa_pub-get_key_parameters();
my $eb = $e-to_bin();
return encode_base64(pack(C, length($eb)) . $eb . $n-to_bin(), '');
}
sub rfc2pem {
my $key = shift;
my $decoded = decode_base64($key);
my $len = unpack(C, substr($decoded, 0, 1));
my $e = Crypt::OpenSSL::Bignum-new_from_bin(substr($decoded, 1, $len));
my $n = Crypt::OpenSSL::Bignum-new_from_bin(substr($decoded, 1 + $len));
my $rsa_pub = Crypt::OpenSSL::RSA-new_key_from_parameters($n, $e);
return $rsa_pub-get_public_key_x509_string();
}
my $grammar = q {
input: item(s)
item: pempubkey | rfcpubkey | other
pempubkey: m{-BEGIN PUBLIC KEY-.*?-END PUBLIC KEY-}s
{ print : PUB 0s . ::pem2rfc($item[1]), \n; }
rfcpubkey: addr(0..2) ':' 'PUB' m{0s[A-Za-z0-9+/=]+}
{ print ::rfc2pem(substr($item[4], 2)); }
addr: ( ipv4addr | ipv6addr ) skip: '' prefix(?) | 'any'
ipv4addr: /(?:\\d{1,3}\\.){3}\\d{1,3}/
ipv6addr: /[[:xdigit:]:]*:[[:xdigit:]:]*:[[:xdigit:]:]*/
prefix: m{/\d{1,3}}
other: /.*/
};
my $parser = new Parse::RecDescent($grammar);
undef $/;
my $input = ;
$parser-input($input);
Re: OpenCon Travel from UK
Edd Barrett writes: Ok, so I have found a reasonable flight from easyjet (about B#50 round trip). Now the price of the hotel is punishing us. It translates to about B#35 quid a night (for 4 people to stay), if we stay in conference hotel. This brings the total cost (with some beer money allowance) to about B#300. Not student prices, you might agree. What are the other options? Hostels? 3/2 star hotels? The Hotel Primavera (http://www.albergo-primavera.it/) is a 15 minute bus ride away from the conference hotel. There are bus stops in front of both hotels. I staid at the Hotel Primavera last year. My room and the bathroom were nice and clean but the breakfast was rather simple. I'd also ask for a room at the back of the hotel to reduce the noise from Via Orlanda. Bus tickets are available at the airport; the daily tickets are pretty cheap. I was told that it is much more spectacular to take the water taxi from the airport to Venice though :-)
Unable to play CSS scrambled DVDs on USB drive under -current
In can't play CSS scrambled DVDs anymore with MPlayer as well os Ogle. I've got two different external USB drives and no internal drive. It's probably two or three months ago that I played a DVD so I can't narrow down the problem to a specific change yet. The following log message is output: cd0(umass0:1:0): Check Condition (error 0x70) on opcode 0x28 SENSE KEY: Illegal Request COMMAND INFO: 0x280a ASC/ASCQ: Read Of Scrambled Sector Without Authentication Has anybody else seen this problem? So far I figured out that the function ioctl_ReadCopyright() from MPlayer's libmpdvdkit2/ioctl.c always returns the same value, no matter whether the DVD is scrambled or not. This is the code: dvd_struct dvd; memset( dvd, 0, sizeof( dvd ) ); dvd.type = DVD_STRUCT_COPYRIGHT; dvd.copyright.layer_num = i_layer; i_ret = ioctl( i_fd, DVD_READ_STRUCT, dvd ); *pi_copyright = dvd.copyright.cpst; And this are the values set in dvd.copyright after the ioctl() call. type: 1 layer_num: 0 cpst: 0 rmi: 0 As far as I can see dvd_read_copyright() from /sys/scsi/cd.c hasn't changed in recent months. Any hints on where to look next?
Re: backing up windows hosts to openbsd
Jacob Yocom-Piatt writes: i've seen a number of solutions for backing up windows hosts to an openbsd backup server. there are ~50 windows hosts to backup with an average of ~10 GB of stuff on each machine. for my purposes a key feature of such a solution is that it makes FULL backups of the windows hosts that can be used to replace faulty hard drives with working bootable replacement drives. You could run Symantec Backup Exec System Recovery Desktop Edition on the Windows clients and backup to Samba shares on the OpenBSD server. The desktop edition costs 30 EUR per client and although the software is from Symantec it isn't that bad. [...] i am to understand that backuppc cannot backup locked windows files nor can you generate full bootable restores, so it's out of the running pretty much off the bat. figured i'd mention it anyways... There's a patched cygwin-rsyncd available from the BackupPC site that supports volume shadow copies. You still can't do disaster recoveries though.
Re: QEMU networking - with host ONLY
viq writes: I am playing a bit with QEMU, and tried to set up network with it. [...] I want the guest to be able to communicate ONLY with the host, I don't want any of the traffic from it to be able to pass to the outside world. To achieve that I thought the easiest way would be to bridge the connection to one of the 'virtual' interfaces - say, lo0 or a specially created for that occasion tun or gif. But, I didn't have much luck with that... So, does anyone have an idea how to achieve that - the traffic from the guest system not being able to even accidentaly leak out of the host system? Hm, creating a tun device works for me. $ cat /etc/hostname.tun0 inet 192.168.155.145 255.255.255.240 255.255.255.159 link0 description QEMU interface The guest is started with the following options: qemu -net nic -net tap,ifname=/dev/tun0,script=/usr/bin/true [...]
Re: SpamAssassin autolearn problem
Gabriel George POPA wrote: Some e-mails I receive have autolearn=no and others have autolearn=failed. I use the classic combination of spamd/spamc and the OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD recommends. I tried to follow the instructions at spamassassin.apache.org (to use for example /var/spamassassin (0777 mode) in order to store learnt data, bayes_path and bayes_file_mode, restarted spamd etc., nothing worked). What should I do next? I must create all those files by hand (the files in /var/spamassassin). I must mention that when I was using spamassassin alone (not spamc/spamd) for my account autolearn worked correctly. I've created a spamassassin user and group. The user's home directory is /var/spamassassin. Amongst other settings the following paths are set in /etc/mail/spamassassin/local.cf: bayes_path /var/spamassassin/bayes bayes_file_mode 0770 auto_whitelist_path /var/spamassassin/auto-whitelist auto_whitelist_file_mode 0770 spamd is started with the following command line arguments: /usr/local/bin/spamd -d -u spamassassin -H /var/spamassassin -r /var/spamassassin/spamd.pid How do you start spamd?
Re: Horde/Kronolith - chroot issues?
Nick Holmes wrote: Has anyone else got Kronolith running on chroot'd Apache in OpenBSD (I am running -CURRENT)? Is it relatively easy or utterly painful? Is there any advice that can be given or openbsd/chroot specfic caveats I must be aware of before I start installing the Horde Framwork and Kronolith? It's easy. I've created /var/www/etc/resolv.conf so that host names can be resolved. The PHP sessions are stored in /var/www/tmp. My installation talks to PostreSQL over TCP but it's also possible to create a socket in the chrooted environment. Things become more difficult if you would like to call external programs like openssl and aspell from Horde.
Re: Recommendations for an OpenBSD-based Backup Solution
Stuart Henderson wrote: On 2006/03/20 18:20, Chris Cappuccio wrote: Check out Box Backup, it has win2k and linux clients Failing that, Karen's Replicator and a Samba server seem to work for windoze clients BackupPC(.sf.net) is another option. I'm working on a BackupPC port. Actually, the port only lacks a README.OpenBSD to get people going. I'll polish the port at the weekand and then I'll post it to [EMAIL PROTECTED]
Re: iwi broken in 3.8-current?
Edd Barrett writes: [...] Im using iwi driver on my thinkpad r50e, and it works great but you only get 1 chance to configure it. after you run dhclient, if it fails, you have to reboot and try again. Same issue here under -current on a ThinkPad X41 with iwi-firmware-2.3.tgz. I can configure the interface only once. If I run ifconfig -M iwi0 first I can't configure the interface at all. I've got no such problems with a ral(4) based card in a desktop PC. My access point is an AirPort Express from Apple. WEP is enabled. On the other hand, a couple of days ago my notebook was connected to an open network at a congress. I lost connection several times with a fatal error but I was able to reconnect to the network by running netstart. I've got the following device: iwi0 at pci2 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address [...]
Re: cfs problems with cmkdir
Rob writes: I am looking to see if anyone is successfully using cfs on 3.7 with the generic kernel. We can discuss this offline unless anyone objects, as it is old and not well documented software. Specificially, when I do the cmkdir, the command hangs after entering the password twice. The included random number generator hangs. There's a patch in current which modifies cmkdir.c to use /dev/srandom. See the file patch-cmkdir_c in URL:http://www.openbsd.org/cgi-bin/cvsweb/ports/ security/cfs/patches/ for details.
