Re: fw_update

[Jason McIntyre]

On Thu, May 02, 2024 at 02:55:33PM +0200, Harald Dunkel wrote:
> On 2024-04-30 13:25:39,  ?? wrote:
> >  24/04/30 01:12PM, Kirill A. Korinsky :
> >> You may download it by hand and install as fw_update /path/to/firmware.tgz
> > 
> > BTW, this is in fw_update(8).
> > 
> > man 8 fw_update
> > /SYNOPSIS
> > 
> 
> Another BTW:
> 
>   # fw_update -i
>   fw_update: unknown option -- -i
>   usage: fw_update [-adFnv] [-p path] [driver | file ...]
> 
> The man page says
> 
>   SYNOPSIS
>fw_update [-adinv] [-p path] [driver ...]
> 
> What is -F supposed to do? What happened to the -i?
> 

hi.

i think your document is out of date, though i'm not sure what you're
running exactly.

if you look online: man.openbsd.org/fw_update.8
(that matches what i have here on amd64 -current)

-F is documented and -i is not.

jmc

Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"

[Jason McIntyre]

On Mon, Apr 15, 2024 at 02:25:04AM +, Jeremy Mates wrote:
> TL;DR it's TERMINFO related or when ~/.terminfo exists and no TERM file
> exists therein. Also trying to read "none" (or maybe also "none.db" when
> the TERMINFO thing happens) from the current working directory might not
> be a good idea, if an attacker can put naughty things into either of
> those files and a sh or ksh or whatever is run in a suitable directory?
> 

hi.

i have actually been seeing these for months, but just ignored them. i'm
not sure your theory covers everything though:

$ echo $TERM
wsvt25
$ ls -l ~/.terminfo/w
total 12
-r--r--r--  1 jmc  jmc  1597 Apr 15 06:27 wsvt25
-rw-r--r--  1 jmc  jmc  1522 Aug  1  2020 wsvt25-noacs
-rw-r--r--  1 jmc  jmc   865 Aug  1  2020 wsvt25-ul
$ tail /var/log/messages
Apr 15 06:56:21 manila reorder_kernel: kernel relinking done
Apr 15 06:57:03 manila -ksh: vfprintf %s NULL in "%.*s"
Apr 15 06:57:17 manila last message repeated 4 times
Apr 15 06:57:17 manila ksh: vfprintf %s NULL in "%.*s"
Apr 15 06:57:17 manila mutt: vfprintf %s NULL in "%.*s"
Apr 15 06:57:42 manila -ksh: vfprintf %s NULL in "%.*s"
Apr 15 06:59:12 manila sh: vfprintf %s NULL in "%.*s"
Apr 15 06:59:12 manila vim: vfprintf %s NULL in "%.*s"
Apr 15 07:00:18 manila ksh: vfprintf %s NULL in "%.*s"
Apr 15 07:02:35 manila ksh: vfprintf %s NULL in "%.*s"

that's basically me logging in, starting tmux (4 shells+mutt).

so i'm not sure it's exactly as you describe. curious...

jmc

Re: IPv6 with umb(4)

[Jason McIntyre]

On Thu, Apr 11, 2024 at 11:22:54AM +0200, Julian Huhn wrote:
> Moin!
> 
> On Wed, Apr 10, 2024 at 04:24:48PM +0200, Julian Huhn wrote:
> >I tried unsuccessfully to obtain an IPv6 address with an umb(4) interface. 
> >As 
> >umb(4) supports IPv6 since 6.7, I seem to be doing something wrong. Can 
> >anyone 
> >give me a hint what I need to do?
> 
> After some further investigation I found a commit for sys/dev/usb/if_umb.c 
> from 
> 2020 which says
> 
>IPv6 is no longer on by default. It must be enabled with "inet6 eui64".
> 
> This piece was missing for me. Should this be mentioned in the manpage or in 
> the FAQ?
> 
> For the sake of completeness my new umb0 config is attached.
> 
> --Huhn
> 
> x270$ cat /etc/hostname.umb0
> inet6 eui64
> apn internet
> pin 
> roaming
> up
> 

hi.

after speaking to some other developers, it seems that that commit
message was slightly misleading. ip6 is handled for umb like for
everything. you can use static or the autoconf method. "inet6 eui64" is
if you just want link level address (i am advised!)

so whatever works for you, fine, but it is not that umb is a special
case.

having said that, we're discussing whether the page warrants an example
config or not...

glad you got it working though, and great you managed to dig through
commit logs to find answers!

jmc

Re: Speed: dump/restore vs rsync

[Jason McIntyre]

On Fri, Sep 22, 2023 at 09:40:40PM -0600, Jonathan Drews wrote:
> On Fri, Sep 22, 2023 at 03:11:07PM -0300, vitmau...@gmail.com wrote:
> > Hi,
> > 
> > I used the command "cd /SRC && dump 0f - . | (cd /DST && restore -rf - )"
> > as suggested by the "Disk Setup" section of the FAQ to transfer everything
> > from one of my old hard disks to the one that should replace it. However,
> > I'm stuck with something around 35 megabytes/s of speed transfer (measured
> > using "systat -h io") following this path. If I use rsync, I get something
> > around 70 megabytes/s (measured by both the "--progress" option and
> 
> I have a question and a comment. When I use 
> # systat -h iostat 
> 
> I get the following display:
> DEVICE   READWRITE RTPS WTPS  SEC
> sd0   39M  819 68030  1.0
> sd1 0  40M0  641  0.3
> Totals39M  40M 6803  641  1.2
> 
> What does RTPS and WTPS mean? 
> 

the description of iostat says:

 iostat  Display statistics about disk throughput.  Statistics on disk
 throughput show, for each drive, data transferred in bytes,
 number of disk transactions performed, and time spent in disk
 accesses (in fractions of a second).

so i'm going to hazard a guess that it's (r/w) transactions per second.

jmc

Re: Questions about man gcc-local

[Jason McIntyre]

On Thu, Mar 02, 2023 at 10:22:51PM -, Stuart Henderson wrote:
> On 2023-03-02, Stanislav Syekirin 
>  wrote:
> > Hi all,
> >
> > is the man page for gcc-local 
> > (https://man.openbsd.org/OpenBSD-7.2/gcc-local) up to date? It 
> > mentions, for example, i386, but OpenBSD 7.2 on i386 doesn't seem to 
> > include gcc. Also, the link to gcc(1) at the bottom of the man page is 
> > dead.
> 
> Architectures which fully switched to clang as the base compiler don't
> build the OpenBSD version of gcc any more. (They do have a newer gcc in
> ports, in general those try to be in sync with changes to base gcc too -
> for example PIE by default).
> 
> Archs which still use gcc in base do have the gcc(1) manual, e.g. sparc64
> 
> 

i don;t think we should be installing gcc-local(1) on any archs where
gcc isnt happening:

$ uname -a
OpenBSD manila.kerhand.co.uk 7.2 GENERIC.MP#22 amd64
$ man gcc
man: No entry for gcc in the manual.

jmc

Re: old UNIX documentation

[Jason McIntyre]

On Sat, Jan 14, 2023 at 11:46:54PM +0100, Jan Stary wrote:
> On Sep 13 07:04:55, j...@kerhand.co.uk wrote:
> > > Long ago and far away, the Berkeley distributions used to ship an
> > > assortment of system documentation in /usr/share/doc, including a
> > > general-purpose system administrators manual.
> > > 
> > > I guess people didn't want to update those, or maybe thought they
> > > were sacred relics, never to be touched.  But all the *BSDs dropped
> > > them, years ago.  I thought that was the wrong move; they should
> > > have been kept, along with a /usr/share/doc/README that noted they
> > > are historical, and therefore probably out of date.  Although I'm
> > > sure the vi documentation stands up to this day.
> > > 
> > 
> > we stopped installing them because many of them were falling out of date
> > and there wasn;t really the resources (or motivation) to update them.
> > however not all of them were removed. although no longer installed, some
> > of the better ones remain in the source tree. from a quick look:
> 
> Some of them are still quite nice to read!
> 

yes. the ones left were the ones that people felt still had relevance
and were in better condition.

> > /usr/src/usr.bin/gprof/PSD.doc
> > /usr/src/usr.bin/lex/PSD.doc
> > /usr/src/usr.bin/m4/PSD.doc
> > /usr/src/usr.bin/make/PSD.doc
> > /usr/src/usr.bin/yacc/PSD.doc
> > /usr/src/bin/csh/USD.doc
> > /usr/src/bin/ed/USD.doc
> > /usr/src/games/trek/USD.doc
> > /usr/src/usr.bin/awk/USD.doc
> > /usr/src/usr.bin/bc/USD.doc
> 
> 
> Index: usr.bin/bc//USD.doc/bc
> ===
> RCS file: /cvs/src/usr.bin/bc/USD.doc/bc,v
> retrieving revision 1.9
> diff -u -p -r1.9 bc
> --- usr.bin/bc//USD.doc/bc9 Jul 2004 10:23:05 -   1.9
> +++ usr.bin/bc//USD.doc/bc14 Jan 2023 22:41:09 -
> @@ -1029,7 +1029,7 @@ to the named expression on the left.
>  .PP
>  The result of the above expressions is equivalent
>  to ``named expression = named expression OP expression'',
> -where OP is the operator after the = sign.
> +where OP is the operator before the = sign.
>  .NH 1
>  Relations
>  .PP
> 

fixed, thanks.

jmc

Re: Use daily(8), weekly(8), or monthly(8) but read less mail

[Jason McIntyre]

On Sun, Dec 25, 2022 at 09:56:03AM +, Ibsen S Ripsbusker wrote:
> I want to use the altroot facility, but I don't want to read the mails
> about the the backup succeeding and nothing else failing.
> 
> Reading the scripts and the manual pages, I see no support for sending
> the daily, weekly, or monthly mails only on failure. I also see
> no support for running ROOTBACKUP outside of the daily script.
> Of course I could change the scripts, but I would rather not.
> Also, once I receive the mail, I don't see an easy way to classify
> it as having a failure or not.
> 
> What do you do if you want to use the altroot facility (or some
> other part of the periodic system maintenance scripts) and want
> to read reports only when something failed?
> 
> With great humility,
> 
> Ibsen S. Ripsbusker
> 

so these scripts used to be very chatty. then there was a decision
to cut the chatter unless it was asked for (via VERBOSESTATUS).
then finally to not output anything if there was nothing to report
(and VERBOSESTATUS was removed, as far as i can see).

so to try to answer your question: i don;t think you will get any
reports of anything succeeding, and you should only get reports
about actions the scripts think neccessary. if you did get any
"we've done it!" messages, i suppose you'd be entitled to complain.
do you?

the issue for me now is that i think that somewhere we should say
this.  i missed VERBOSESTATUS disappearing, but i think we might
want to say it. the commit message was:


revision 1.29
date: 2020/10/20 22:42:29;  author: danj;  state: Exp;  lines: +2 -19;  
commitid: EFsAssont5N9pxsI;
Remove calls for df(1), netstat(1), and the verbose dump(1)

With this change, daily(8) only sends email when something looks
dubious.
Consequently VERBOSESTATUS is now a no-op and may be unset.

The code is trivial and riddled with choices that look like personal
preferences. The old behavior can be achieved through
/etc/daily.local.

With schwarze@, tweak kn@, sthen@
OK schwarze@, kn@, jung@


although it's maybe true that the old behaviour can be achieved via a
*.local file, there's nothing that says how. i suppose the meaning was,
if you want more info, add it yourself.

still i think it makes sense to say not to expect mails if everything
looks ok. sth like this:

Index: daily.8
===
RCS file: /cvs/src/share/man/man8/daily.8,v
retrieving revision 1.29
diff -u -p -r1.29 daily.8
--- daily.8 20 Oct 2020 22:42:29 -  1.29
+++ daily.8 25 Dec 2022 21:25:48 -
@@ -29,7 +29,8 @@ and
 are shell scripts run on a periodic basis by the clock daemon,
 .Xr cron 8 .
 They take care of some basic administrative tasks.
-Their output, if any, is mailed to root.
+If anything looks amiss,
+a report is mailed to root.
 .Pp
 .Sy Note :
 The scripts are all run as part of root's

Re: less prints superfluous characters with --no-init

[Jason McIntyre]

On Wed, Nov 23, 2022 at 11:31:57PM +1059, Reuben mac Saoidhea wrote:
> i hate to harp on about it, but:
> 
> in case you happen to discover the `command' command,
> beware that its description in sh(1) is wrong.
> 
> sh(1) says:
>   command -vV command args ...
> 

actually openbsd's sh(1) pages says:

command [-p | -V | -v] command [arg ...]

> in fact it is:
>   command -vV command ...
> 

yes, -v and -V are different. instead of invoking command, they identify
information about "command", such as path used to run it.

so we could do like posix and show two differing forms:

command [-p] command_name [argument]
command [-p][-v|-V] command_name

however one of the goals of sh(1) was brevity. to that end it is
combined, and i think it is obvious that if you are asking "command" to
identify whether something is a function (or whatever) then it would be
silly to specify it with arguments.

> note in particular, that, like `type',
>   command -V command echo
> 
> outputs
>   command is a shell builtin
>   echo is a shell builtin

well, posix makes no claim that multiple arguments are supported with
either -v or -V. openbsd's sh(1) page does not say this either. you
could write some code to improve how this is handled, i suppose.

having said that, ksh(1) seems to contradict what i've just said:

If the -v option is given, instead of executing cmd, information
about what would be executed is given (and the same is done for
arg ...).

that doesn;t seem to be the case. i'm not sure whether ksh(1) is wrong
or it's expected to behave differently.

> 
> rather than what `command -V' ought to output:
>   command echo is /bin/echo
> 

$ command -V echo
echo is a shell builtin

jmc

> to find out what `command blahcommand' means to sh(1), use
>   whereis blahcommand
> 
> to find out what `blahcommand' means to sh(1), use
>   type blahcommand
> 
> noting that `type' is explained in `man sh',
> and that `tracked alias' means `hash'.
> (note that using `type' affects `hash'.)
> 
> isnt *N*X FUN!?
> 

Re: Documentation of wsconsctl keyboard.map format?

[Jason McIntyre]

On Wed, Nov 23, 2022 at 12:21:26AM +0100, Mike Fischer wrote:
> Hi!
> 
> I???m trying to use a German Apple Mac keyboard with OpenBSD 7.2 and I???d 
> like to match the mapping to that of macOS.
> 
> `wsconsctl keyboard.encoding=de` helps, but several mappings are 
> different/missing. For example the pipe character | should be alt-7 but 
> isn???t. Mostly the alt-combinations are missing or wrong.
> 
> So I thought I could use keyboard.map settings to correct this. But I can???t 
> find any documentation of the format ??? very unusual for OpenBSD.
> 
> Did I miss something?
> 
> Can someone point me to the documentation please?
> 
> Thanks!
> 
> Mike
> 

hi.

maybe you are looking for wsksymdef.h:

WSCONSCTL(8) System Manager's Manual WSCONSCTL(8)

...

 Modify the current keyboard encoding so that, when the Caps
 Lock key is pressed, the same encoding sequence as Left
 Control is sent.  For a full list of keysyms, and keycodes,
 refer to the /usr/include/dev/wscons/wsksymdef.h file.

   # wsconsctl keyboard.map+="keysym Caps_Lock =
   Control_L"

jmc

Re: less prints superfluous characters with --no-init

[Jason McIntyre]

On Sun, Nov 20, 2022 at 08:09:13PM +0100, Tomasz Rola wrote:
> On Sun, Nov 20, 2022 at 01:32:54PM -, Christian Weisgerber wrote:
> > On 2022-11-20, Reuben mac Saoidhea  wrote:
> > 
> > >> It is a builtin, so it is documented inside ksh.
> > >
> > > i think the 4.3BSD manual allowed for example `man while' for `man sh'?
> > 
> > FreeBSD has a builtin(1) man page that attempts to list the csh(1)
> > and sh(1) builtins and points to the respective man pages:
> > 
> > https://www.freebsd.org/cgi/man.cgi?query=builtin
> > 
> > It's an attempt to do something about this problem, but I think the
> > result isn't that great.
> 
> I am writing this from ParrotOS (Debian derivative) and since I am
> avid user of bash, I can do "man bash-builtins" and it prints me a
> very nice looking summary. Bash package version is 5.1-2+deb11u1,
> which probably means 5.1 with some Debian-specific addons.
> 

the thing is, you have to be aware of a builtins page in order to know
to type "man builtins" (or whatever). you would need to know that a
command is a builtin. but if you know it's a builtin, then you can just
type "man ksh" and get the documentation.

we could add all these commands to ksh's NAME, but that would look awful.

i think it's just a case of we should expect people to familiarise
themselves with the shell they're using, and know to go digging there.
openbsd does not generally have undocumented commands, so it's all there
somewhere.

jmc

Re: Slight Confusion with ntpd(8)

[Jason McIntyre]

On Sun, Nov 06, 2022 at 07:48:39AM +0100, Otto Moerbeek wrote:
> On Sun, Nov 06, 2022 at 05:12:12AM +, indivC wrote:
> 
> > I'm a little confused with the man page for ntpd. 
> > 
> > For the '-n' flag, it says:
> > 'Configtest mode. Only check the configuration file for validity.'.
> > I have no problem with this and understand it. 
> > 
> > However, the section below that, which is still under '-n', says:
> > 'ntpd will stay in the foreground for up to 15 seconds
> > waiting for one of the configured NTP servers to reply.'.
> > 
> > The second section seems to contradict the first, in my opinion.
> > If '-n' is only checking the configuration for validity,
> > then contacting an NTP server would be outside the scope
> > of file validation. 
> > 
> > Any clarity on this would be helpful. Thanks.
> > 
> 
> This is a documentation error. The 2nd paragraph should be outside the
> option list.
> 
> This is bettet I think.
> 
>   -Otto
> 
> Index: ntpd.8
> ===
> RCS file: /home/cvs/src/usr.sbin/ntpd/ntpd.8,v
> retrieving revision 1.45
> diff -u -p -r1.45 ntpd.8
> --- ntpd.811 Nov 2019 17:42:28 -  1.45
> +++ ntpd.86 Nov 2022 06:43:20 -
> @@ -59,10 +59,6 @@ instead of the default
>  .It Fl n
>  Configtest mode.
>  Only check the configuration file for validity.
> -.Pp
> -.Nm
> -will stay in the foreground for up to 15 seconds waiting for one of the
> -configured NTP servers to reply.
>  .It Fl v
>  This option allows
>  .Nm
> @@ -87,9 +83,11 @@ option, all calls to
>  .Xr adjtime 2
>  will be logged.
>  .Pp
> +At boot, 
>  .Nm
> -makes efforts to verify and correct the time at boot if constraints are
> -configured and satisfied or if trusted servers or sensors return results,
> +wlll stay for a maximum of 15 seconds in the foregorund and make efforts to
> +verify and correct the time if constraints are configured and
> +satisfied or if trusted servers or sensors return results,
>  and if the clock is not being moved backwards.
>  .Pp
>  After the local clock is synchronized,
> 
> 
> 

curses. i've just removed that bit of text. as stated, it belonged to
-s. if you feel that detail should remain, please merge it back in.

(i.e. ok)

jmc

Re: Slight Confusion with ntpd(8)

[Jason McIntyre]

On Sun, Nov 06, 2022 at 05:12:12AM +, indivC wrote:
> I'm a little confused with the man page for ntpd. 
> 
> For the '-n' flag, it says:
> 'Configtest mode. Only check the configuration file for validity.'.
> I have no problem with this and understand it. 
> 
> However, the section below that, which is still under '-n', says:
> 'ntpd will stay in the foreground for up to 15 seconds
> waiting for one of the configured NTP servers to reply.'.
> 
> The second section seems to contradict the first, in my opinion.
> If '-n' is only checking the configuration for validity,
> then contacting an NTP server would be outside the scope
> of file validation. 
> 
> Any clarity on this would be helpful. Thanks.
> 

that extra bit of text belonged to the (now removed) -s option. -s
was removed in revision 1.44, but that text got left in there by
mistake. most worryingly, it's taken 3 years for anyone to notice!

-s
Always try to set the time at startup.  By default ntpd attempts
to set the time at boot only if constraints are figured and
satisfied,  and the clock should be moved forward.

ntpd will stay in the foreground for up to 15 seconds waiting
for one of the configured NTP servers to reply.

i personally ok'd that commit!

anyway, i've removed it. thanks for the mail.
jmc

Re: Unimplemented httpd socket? (/var/run/httpd.sock)

[Jason McIntyre]

On Sun, Oct 23, 2022 at 10:17:20PM -0400, Dante Catalfamo wrote:
> Hey,
> 
> I was reading the httpd(8) and noticed that there's a reference to a
> socket located at `/var/run/httpd.sock'. It says it's a "UNIX-domain
> socket used for communication with httpd". I was hoping maybe it would
> be used to provide live statistics about httpd, but it's not present
> when httpd is running and I can't find any reference to it anywhere in
> the code other than where the constant is defined in `httpd.h`
> https://github.com/openbsd/src/blob/cfac8e34c1bf89a9feaa77cc4f2e409c3ee998b3/usr.sbin/httpd/httpd.h#L47.
> 
> Is this a leftover from a planned feature that never got implemented?
> 
> Thanks,
> Dante
> 

hi.

they're unused, and we've just removed the references to them.

jmc

Re: Mention _XOPEN_SOURCE_EXTENDED in curs_addwstr.3

[Jason McIntyre]

hi. just committed by nicm:

List: openbsd-cvs
Subject: CVS: cvs.openbsd.org: src
From: Nicholas Marriott 
Date: 2022-10-10 8:57:10
Message-ID: 4f7d42a92ccdbaf3 () cvs ! openbsd ! org
[Download RAW message or body]

CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2022/10/10 03:03:08

Modified files:
lib/libcurses : curses.h

Log message:
ncurses wide character functions should be available with _XOPEN_SOURCE of 500 
or greater and not require _XOPEN_SOURCE_EXTENDED. Bring in changes from 
upstream ncurses patches 20100403 and 20111030 to take this into account. 
Reported by Grigory Kirillov via jmc@.


On 10 September 2022 10:44:59 BST, Grigory Kirillov  wrote:
>On Fri, Sep 09, 2022 at 07:42:18PM +0200, Anders Andersson wrote:
>> On Wed, Sep 7, 2022 at 9:02 PM Grigory Kirillov  wrote:
>> >
>> > Recently one OpenBSD user of little project of mine got caught up in
>> > a problem - they couldn't compile it from source because wide character
>> > functions of the ncurses library weren't declared. After a long
>> > investigation I finally found out that these functions require
>> > _XOPEN_SOURCE_EXTENDED macro being defined. On my machine that wasn't
>> > a problem because on my Linux system ncurses header also checks for
>> > _XOPEN_SOURCE macro which value has to be greater than or equal to 500
>> > and I was already compiling it with this macro with a value of 700.
>> >
>> > My request here is to put up a `#define _XOPEN_SOURCE_EXTENDED` line to
>> > the OpenBSD man page for curs_addwstr.3 I think this will make it
>> > easier for other people to compile ncurses with wide character functions
>> > especially for someone who's trying to resolve issues for someone else
>> > while being on a different system...
>> >
>> > Also it would be cool if ncurses header provided in OpenBSD were
>> > checking value of the _XOPEN_SOURCE macro (because
>> > _XOPEN_SOURCE_EXTENDED is equal to _XOPEN_SOURCE with the value of 500
>> > or greater (according to my feature_test_macros(7) man page) and I also
>> > hope that this is a standard behavior).
>> 
>> From what I can see, this macro is obsolete, so it should probably not
>> be recommended in the man page:
>> 
>> "Use of _XOPEN_SOURCE_EXTENDED in new source code should be avoided.
>> Since defining _XOPEN_SOURCE with a value of 500 or more has the same
>> effect as defining _XOPEN_SOURCE_EXTENDED, the latter (obsolete)
>> feature test macro is generally not described in the SYNOPSIS in man
>> pages."
>> 
>
>Okay, then I hope someone kindly adds an ifdef with the _XOPEN_SOURCE
>macro to the wide character function declarations in ncurses header.
>I think it's also worth adding a note to the curs_addwstr.3 man page
>about the need to declare the corresponding macro. Thanks!
>

Re: Old Unix manuals (was: Re: A minimal browser in base)

[Jason McIntyre]

On Tue, Sep 13, 2022 at 06:54:40PM -0400, luna wrote:
> On Tue, Sep 13, 2022 at 07:04:55 +0100, Jason McIntyre wrote:
> > hi.
> > 
> > we stopped installing them because many of them were falling out of date
> > and there wasn;t really the resources (or motivation) to update them.
> > however not all of them were removed. although no longer installed, some
> > of the better ones remain in the source tree. from a quick look:
> 
> Note that you'll need to pull /usr/src/share/mk/bsd.doc.mk out of the 
> attic and install it in /usr/share/mk, and then you'll need a copy of 
> groff to build these documents. I haven't tested this on a recent 
> version of OpenBSD, though I can say that older versions of both 
> OpenBSD and FreeBSD work quite well for building these old docs. If you 
> want versions you can read on your terminal, you can pass -Tascii to 
> groff like FreeBSD's bsd.doc.mk does, which is (handwaving over other 
> details here) what groff does to render manpages.
> 
> I can wholeheartedly recommend building and reading the ones you can
> find, especially if you're interested in Unix history. They're something
> of a time capsule, providing a snapshot of what Unix was at the time and
> how people used it. In addition, as said above, some of them are just as
> applicable today as when they were written.
> 

also, although it won;t be pretty, you can just pass the documents to
mandoc and get something that's at least semi-readable.

jmc

Re: A minimal browser in base

[Jason McIntyre]

On Mon, Sep 12, 2022 at 03:43:30PM -0700, Lyndon Nerenberg (VE7TFX/VE6BBM) 
wrote:
> 
> Long ago and far away, the Berkeley distributions used to ship an
> assortment of system documentation in /usr/share/doc, including a
> general-purpose system administrators manual.
> 
> I guess people didn't want to update those, or maybe thought they
> were sacred relics, never to be touched.  But all the *BSDs dropped
> them, years ago.  I thought that was the wrong move; they should
> have been kept, along with a /usr/share/doc/README that noted they
> are historical, and therefore probably out of date.  Although I'm
> sure the vi documentation stands up to this day.
> 

hi.

we stopped installing them because many of them were falling out of date
and there wasn;t really the resources (or motivation) to update them.
however not all of them were removed. although no longer installed, some
of the better ones remain in the source tree. from a quick look:

/usr/src/usr.bin/gprof/PSD.doc
/usr/src/usr.bin/lex/PSD.doc
/usr/src/usr.bin/m4/PSD.doc
/usr/src/usr.bin/make/PSD.doc
/usr/src/usr.bin/yacc/PSD.doc
/usr/src/bin/csh/USD.doc
/usr/src/bin/ed/USD.doc
/usr/src/games/trek/USD.doc
/usr/src/usr.bin/awk/USD.doc
/usr/src/usr.bin/bc/USD.doc
/usr/src/usr.bin/dc/USD.doc
/usr/src/usr.bin/mail/USD.doc
/usr/src/usr.bin/sed/USD.doc
/usr/src/usr.bin/vi/docs/USD.doc
/usr/src/sbin/fsck_ffs/SMM.doc
/usr/src/usr.sbin/lpr/SMM.doc

jmc

Re: afterboot(8), documentation and wscons

[Jason McIntyre]

On Wed, Sep 07, 2022 at 07:26:39PM +, Micha?l Dupont wrote:
> Hi everyone,
> 
> I recently installed and configured OpenBSD on a laptop ??? works great!
> 
> However, as a new user, I had trouble finding out about wscons(4),
> and that I can use wsconsctl(8) for common laptop configuration
> such as disabling the bell, setting the display brightness
> and enabling touchpad tap-to-click.
> 
> Keep in mind it's entirely possible I missed something obvious.
> 
> afterboot(8) does not mention wsconsctl(8), only kbd(8).
> 
> FAQ mentions wsconsctl(8) in the context of keyboard config only,
> making it unclear if one has to follow afterboot(8) or the FAQ
> on how to set the keyboard encoding, and omitting that wsconsctl(8)
> can also set display and mouse configuration.
> 
> From my point of view, new users would benefit from
> having afterboot(8) mentioning that several aspects of
> keyboard, display and mouse configuration can be configured
> with wsconsctl(8).
> 
> Happy to provide a patch if you think it makes sense.
> 
> Regards,
> Micha??l
> 

hi.

it is stepping out a bit from the remit of afterboot(8), but we could
rework the whole "Set keyboard type" section. most of the info there
could be removed in favour of just keeping the pointer to kbd(8).

so if you want to have a try at a diff, i'd say aim for:

- no longer than the current section
- remove most of what's there already
- briefly list the main things that can be changed and respective docs

jmc

Re: necessity to specify CVSROOT each time cvs is run?

[Jason McIntyre]

On Thu, Jul 28, 2022 at 09:26:40AM +0200, rsyk...@disroot.org wrote:
> Dear list,
> 
> 
> I have a ports tree. (Most probably first obtained
> by downloading a .tar file.) I am able to update it
> with, e.g.,
> 
> ; CVSROOT=anon...@ftp.hostserver.de:/cvs
> ; cvs -d $CVSROOT -q up -Pd -rOPENBSD_7_1
> 
> After that I thought -- based on what I read at
> https://www.openbsd.org/anoncvs.html#CVSROOT
> -- that running just
> 
> ; cvs -q up -Pd -rOPENBSD_7_1
> 
> should work, but it does not: 
> 
> cvs update: in directory .:
> cvs update: ignoring CVS/Root because it specifies a non-existent repository 
> /cvs

looking at the line above, it looks like cvs is unhappy with whatever
you have in your CVS/Root file.

you can set things like this per user in your ~/.cvsrc file.

jmc

> cvs update: No CVSROOT specified!  Please use the `-d' option
> cvs [update aborted]: or set the CVSROOT environment variable.
> 
> Thanks for comments.
> 
> 
> Best regards,
> Ruda
> 

Re: apm(4) ioctls

[Jason McIntyre]

On Mon, Jun 13, 2022 at 07:17:38PM -0400, Dave Vandervies wrote:
> On amd64 and aarch64 (the two architectures I have access to to
> check), the man page for apm(4) documents APM_IOC_NEXTEVENT, which
> doesn't appear in .
> (grep tells me that it also appears in the man pages for i386 and
> macppc and does not appear in any src/sys/arch/*/include/apmvar.h.)
> 
> It looks like apmd uses kqueue to get this information; that interface
> doesn't appear in any documentation I've found.
> 
> Am I looking in the wrong places, or is the documentation wrong
> here?  Is the way apmd does it meant to be a supported interface?
> 
> 

hi. some of the information in apm(4) does indeed appear to be
incorrect. but from speaking to another developer, it seems it is not a
simple doc fix. i can;t say much more than that.

sorry,
jmc

Re: Wireguard IP packets fragmentation issue

[Jason McIntyre]

On Sun, May 15, 2022 at 10:40:59AM -0600, Theo de Raadt wrote:
>  .Bd -literal -offset indent
> -inet 0.0.0.0 255.255.255.255 NONE \e
> +inet 0.0.0.0 255.255.255.255 0.0.0.1 \e
> pppoedev em0 authproto pap \e
> authname 'testcaller' authkey 'donttell' up
> -dest 0.0.0.1
>  inet6 eui64
> 
> I don't think this is the right way to go.  Yes, on p2p links the
> broadcast address is reused as destination by internal kernel logic,
> but I don't think anyone is helped by hiding the configuration of this
> in such a way.
> 

ok, i'll drop that bit. i was being cheeky anyway, trying to sneak in an
unrelated change.

jmc

Re: Wireguard IP packets fragmentation issue

[Jason McIntyre]

On Sun, May 15, 2022 at 01:44:39PM -, Stuart Henderson wrote:
> >
> > - mixing mtu to 1500 and scrub: well, both concern issues with mtu. why
> >   wouldn;t they be together in there?
> 
> They're related but one is for avoiding the problem in the first place
> (which may or may not work, depending on the ISP and backhaul network)
> and the other is working around problems encountered (due to
> misconfiguration of other people's networks) as a result.
> 
> Putting them together in one large section isn't so bad for pppoe, though
> it already feels like it makes it harder to distinguish the two, but in
> the context of using this as a base for text relating to other interface
> types then the RFC 4638 bits aren't relevant at all there.
> 
> > - "causing conflict": feel free to be more specific. it's not something
> >   i have knowledge of
> 
> outline:
> 
> - client <> router is on ethernet and can pass packets of 1500 bytes
> (or even larger)
> 
> - router <> "the internet" can sometimes carry 1500 byte packets but
> via certain types of connection can only pass packets of a smaller size,
> e.g. 1492 bytes with standard pppoe, some ISPs have tougher restrictions
> (either outright, or "work but don't work _well_" if you go above some
> other size)
> 
> - router <> "sites accessed by tunnel/vpn over the internet" has an
> extra header inserted in packets, further reducing the available size
> for packets (usually 1420 bytes for wg(4) though can be less if
> it's carried over a more restrictive internet connection than usual,
> other sizes for other types of tunnel/vpn)
> 
> - website (or other host "on the internet") <> "the internet" can
> typically send packets of 1500 bytes
> 
> so the two endpoints of a TCP connection (say, client and website)
> can send 1500 byte packets to their immediate upstream. but the path
> between them (router/ISP/internet/vpn/whatever) can only carry smaller
> packets.
> 
> clear so far?
> 
> the size of packets which can be carried on a particular network
> interface is "the MTU" of that interface. this defaults to the hardware
> capable size or 1500 whichever is less.
> 
> for TCP packets there is a negotiation at connection setup between the
> two sides. they look at the MTU of the route to reach the other address
> which defaults to that of the network interface used to reach it.
> subtract the TCP header size, and call that MSS "maximum segment
> size". they tell the other side their idea of MSS (in the TCP SYN
> packet) and the lowest of the two is used for the connection
> (so packets are capped at that size).
> 
> this is fine where the whole path can cope with the same sized packets,
> but if not then a router on the path must either split it into fragments
> (much slower than simply forwarding it, involving use of the router cpu
> which is usually fairly weedy) or send a "fragmentation needed" ICMP
> message and rely on the other side to do it. (the common case is for
> TCP connections to be generated with packets flagged as "don't fragment"
> because the endpoints want to know about the issue so they can adapt
> to it).
> 
> in the best case, the relevant endpoint (e.g. client or website)
> receives that message and acts on it by reducing the size of packets
> it then transmits. there's still some overhead from detecting the
> oversized packet and reacting to it but things "work".
> 
> in the worst case, those packets don't reach the relevant endpoint.
> (various possible reasons. maybe a misconfigured firewall blocks all
> ICMP. maybe there's some link numbered on private addresses in the
> network path and the frag-needed message was sent from a private
> address and blocked by a firewall. maybe some loadbalancing or
> queueing or icmp-packets-per-second limit got in the way. lots of
> options).
> 
> so in that case the endpoint sending the oversize packet doesn't
> know it must reduce packet size, and the packet doesn't make it
> through.
> 
> (it's actually worse with a standard IPsec tunnel because the MTU is
> that of the interface carrying the network route, usually the default
> route, so in that case it also affects connections where the VPN is
> run directly on an endpoint, not just where the VPN is handled on a
> separate router).
> 
> anyway. when a rule with "scrub (max-mss XYZ)" is matched by a
> TCP SYN packet, PF inspects the maximum segment, if it's higher than
> XYZ it modifies the packet and sets it to XYZ instead. the effect is that
> TCP packets are kept below the size which can be actually be transmitted
> across the network and so the problem is avoided.
> 
> (elephant in the room: non TCP packets. there's often no handshake
> mechanism like TCP with MSS negotiation, so the only real options are to
> keep packets smaller or to do some specific probing to see which packet
> sizes make it through. this is usually either handled individually in
> some way or other by those protocols which run across the internet, or
> they just ignore it and 

Re: Wireguard IP packets fragmentation issue

[Jason McIntyre]

On Sat, May 14, 2022 at 09:14:36PM -, Stuart Henderson wrote:
> On 2022-05-14, Georg Pfuetzenreuter  wrote:
> > pppoe(4) already has a section on this, possibly this could be used as a 
> > start.
> 
> It's not a great start really. Mixes up information about a method to
> set the pppoe MTU to 1500 (RFC4638) and using scrub, doesn't describe
> the problem (says "causing conflict" but this isn't very meaningful
> or really correct), and points at nonexistent "more information on MTU,
> MSS and NAT" as this isn't in pf.conf(5).
> 
> 

hi.

if there are issues in that text, feel free to suggest how to improve
it.

- mixing mtu to 1500 and scrub: well, both concern issues with mtu. why
  wouldn;t they be together in there?

- "causing conflict": feel free to be more specific. it's not something
  i have knowledge of

- "more information in pf.conf": yes there is information in pf.conf on
  mtu, mss, and nat, including the syntax for using them. again, why
  wouldn;t we point people there?

i'm happy to try and rework the text if you think it can be improved.

jmc

Re: [PATCH 4/4] script(1): explicitly specify sh -c

[Jason McIntyre]

On Mon, Jan 03, 2022 at 09:33:19PM +0100, ?? wrote:
> On Sun, Jan 02, 2022 at 11:52:49PM +0000, Jason McIntyre wrote:
> > On Sun, Jan 02, 2022 at 11:47:04PM +0100, ?? wrote:
> > > On Sun, Jan 02, 2022 at 06:56:37PM +0000, Jason McIntyre wrote:
> > > > On Sat, Jan 01, 2022 at 11:07:49PM +0100, ?? wrote:
> > > > > @@ -69,8 +69,8 @@ retaining the prior contents.
> > > > >  .It Fl c Ar command
> > > > >  Run
> > > > >  .Ar command
> > > > > +.Pq via Nm sh Fl c Ar command
> > > > >  instead of an interactive shell.
> > > > 
> > > > or i suppose we could say
> > > > 
> > > > Run
> > > > .Nm sh Fl c Ar command ,
> > > > instead of an interactive shell.
> > > Agree, this is much better phrasing, cheers.
> > > 
> > > > > -To run a command with arguments, enclose both in quotes.
> > > > why do you want to remove this line? the page is short, and it might
> > > > help someone.
> > > Because the value for -c is a *shell script*, not a command ???
> > 
> > i don;t follow. you can run:
> > 
> > $ script -c ls
> > 
> > i.e. a command, not a shell script/
> No, "ls" is definitely a shell script. It forks, execps ["ls"], waits,
> then exits with WEXITSTATUS() or 128+WTERMSIG().
> In many ways this is not that different than if you'd ran
> `script -c exec\ ls`, in which case the shell would just execp ["ls"].
> 
> > > I didn't think to change it out ??? it's much more confusing to have this
> > > include mention of arguments when, well, they aren't: this reads as-if
> > >   script -c 'echo a || b'
> > > ran ["echo", "a", "||", "b"] ??? you can see issue here.
> > why would you think this? the text just explains that if you have
> > command+args you should quote it.
> Which means absolutely nothing, because script -c doesn't take a command
> or arguments ??? it takes a shell program as the argument, which either
> starts at the next byte, if non-NUL, or is the entire next argument
> (XBD 12.1.2.a).
> 
> Maybe I'm too hopeful in assuming the baseline of understanding how
> shell tokenisation works in the user?
> 
> > > -To run a command with arguments, enclose both in quotes.
> > > +Scripts longer than just the name of a command need to be quoted,
> > > +and are subject to re-expansion.
> > that's a horrible sentence. i don;t see any improvement.
> Sure. Given this and Matthew's post, I've opted to leave both the Ar
> name and sentence as-is.
> 
> Scissor-patch below.
> 

committed, thanks.

> Also, unrelatedly, does your MUA just completely give up when decoding
> UTF-8 and convert each byte to a "?", or?
> 

yes. i do not have any locale stuff set.

jmc

> -- >8 --
> Subject: [PATCH v3 4/4] script(1): explicitly specify sh -c
> 
> The original wording is weird and doesn't explicitly say that it does
> sh -c, which is the fundamental point ??? spell it out directly
> ---
>  usr.bin/script/script.1 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/usr.bin/script/script.1 b/usr.bin/script/script.1
> index 28783961a..857b387b6 100644
> --- a/usr.bin/script/script.1
> +++ b/usr.bin/script/script.1
> @@ -68,7 +68,7 @@ or
>  retaining the prior contents.
>  .It Fl c Ar command
>  Run
> -.Ar command
> +.Nm sh Fl c Ar command
>  instead of an interactive shell.
>  To run a command with arguments, enclose both in quotes.
>  .El
> -- 
> 2.30.2
> 

Re: [PATCH 4/4] script(1): explicitly specify sh -c

[Jason McIntyre]

On Sun, Jan 02, 2022 at 11:47:04PM +0100, ?? wrote:
> On Sun, Jan 02, 2022 at 06:56:37PM +0000, Jason McIntyre wrote:
> > On Sat, Jan 01, 2022 at 11:07:49PM +0100, ?? wrote:
> > > @@ -69,8 +69,8 @@ retaining the prior contents.
> > >  .It Fl c Ar command
> > >  Run
> > >  .Ar command
> > > +.Pq via Nm sh Fl c Ar command
> > >  instead of an interactive shell.
> > 
> > or i suppose we could say
> > 
> > Run
> > .Nm sh Fl c Ar command ,
> > instead of an interactive shell.
> Agree, this is much better phrasing, cheers.
> 
> > > -To run a command with arguments, enclose both in quotes.
> > why do you want to remove this line? the page is short, and it might
> > help someone.
> Because the value for -c is a *shell script*, not a command ???

i don;t follow. you can run:

$ script -c ls

i.e. a command, not a shell script/

> I didn't think to change it out ??? it's much more confusing to have this
> include mention of arguments when, well, they aren't: this reads as-if
>   script -c 'echo a || b'
> ran ["echo", "a", "||", "b"] ??? you can see issue here.
> 

why would you think this? the text just explains that if you have
command+args you should quote it.

> This is in contrast to, e.g., FreeBSD script(1), which has a
>   script outfile argv0 argv1 argvn...
> usage.
> 

ugh

> -To run a command with arguments, enclose both in quotes.
> +Scripts longer than just the name of a command need to be quoted,
> +and are subject to re-expansion.

that's a horrible sentence. i don;t see any improvement.

jmc

> I've applied your phrasing to the first hunk, re-phrased the quoting
> requirement, and re-named the Ar name from "command" to "script".
> This does introduce a minor ambiguity in that script is heavily loaded
> here, but "shell program", while more correct, is not the usual
> parlance; dunno ??? please see scissor-patch below.
> 
> P.S.: I forgot to note this in the original patchset,
>   but please keep me in CC, as I'm not subscribed.
> 
> -- >8 --
> Subject: [PATCH v2 4/4] script(1): explicitly specify sh -c,
>  rename argument name
> 
> The original wording is weird and doesn't explicitly say that it does
> sh -c, which is the fundamental point ??? spell it out directly,
> and clear up the quoting requirement: -c takes a shell program,
> not a command
> ---
>  usr.bin/script/script.1 | 9 +
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/usr.bin/script/script.1 b/usr.bin/script/script.1
> index 28783961a..18802504c 100644
> --- a/usr.bin/script/script.1
> +++ b/usr.bin/script/script.1
> @@ -39,7 +39,7 @@
>  .Sh SYNOPSIS
>  .Nm script
>  .Op Fl a
> -.Op Fl c Ar command
> +.Op Fl c Ar script
>  .Op Ar file
>  .Sh DESCRIPTION
>  .Nm
> @@ -66,11 +66,12 @@ Append the output to
>  or
>  .Pa typescript ,
>  retaining the prior contents.
> -.It Fl c Ar command
> +.It Fl c Ar script
>  Run
> -.Ar command
> +.Nm sh Fl c Ar script
>  instead of an interactive shell.
> -To run a command with arguments, enclose both in quotes.
> +Scripts longer than just the name of a command need to be quoted,
> +and are subject to re-expansion.
>  .El
>  .Pp
>  The script ends when the forked program exits (an
> -- 
> 2.30.2

Re: [PATCH 4/4] script(1): explicitly specify sh -c

[Jason McIntyre]

On Sat, Jan 01, 2022 at 11:07:49PM +0100, ?? wrote:
> The original wording is weird and doesn't explicitly say that it does
> sh -c, which is the fundamental point ??? spell it out directly
> ---
>  usr.bin/script/script.1 | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/usr.bin/script/script.1 b/usr.bin/script/script.1
> index 28783961a..b9a0f0411 100644
> --- a/usr.bin/script/script.1
> +++ b/usr.bin/script/script.1
> @@ -69,8 +69,8 @@ retaining the prior contents.
>  .It Fl c Ar command
>  Run
>  .Ar command
> +.Pq via Nm sh Fl c Ar command
>  instead of an interactive shell.

or i suppose we could say

Run
.Nm sh Fl c Ar command ,
instead of an interactive shell.

> -To run a command with arguments, enclose both in quotes.

why do you want to remove this line? the page is short, and it might
help someone.

jmc

>  .El
>  .Pp
>  The script ends when the forked program exits (an
> -- 
> 2.30.2

Re: Missing action list in lesskey man page

[Jason McIntyre]

On Tue, Dec 07, 2021 at 07:51:31PM +0100, Richard Ulmer wrote:
> Hi Ingo and Theo,
> thanks for sharing your opinions and thanks for the very thorough
> response, Ingo! I learned a few things while reading it and appreciate
> your suggested patch. I especially like the introduced bullet points and
> find they make the man page easier to read.
> 
> "Theo de Raadt"  wrote:
> > Ingo Schwarze  wrote:
> > 
> > > >> I'd much prefer to have
> > > >> the actions explained in the lesskey(1) man page.
> > > 
> > > No way.  Copying half of the less(1) manual to the lesskey(1) manual
> > > would result in a maintenance nightmare.
> > 
> > I agree.  This is not the first time one has to read two related pages
> > to gain understanding, rather than reading one monster combined or
> > duplicated page -- which can muddle up other learning patterns.
> 
> I understand your concerns and think I might had made up my mind a
> little to quickly. Let me take one step back: I thought something was
> missing from the man page, because I initially thought, that lesskey was
> meant to provide ways to extend less. I thought, that it would allow
> me to bind shell scripts to keys or something similar. Now that I'm a
> little more familiar with lesskey, I can see that this assumption was
> wrong.
> 
> lesskey is only meant to change the default key bindings. If I
> understood this earlier on, it would probably have saved me the
> confusion. Maybe the purpose of lesskey could be clarified a bit more in
> the man page. What do you think?
> 
> Greetings,
> Richard Ulmer
> 
> Index: lesskey.1
> ===
> RCS file: /cvs/src/usr.bin/less/lesskey.1,v
> retrieving revision 1.17
> diff -u -p -u -r1.17 lesskey.1
> --- lesskey.1   7 Dec 2021 13:26:49 -   1.17
> +++ lesskey.1   7 Dec 2021 18:49:26 -
> @@ -27,7 +27,7 @@
>  .Os
>  .Sh NAME
>  .Nm lesskey
> -.Nd specify key bindings for less
> +.Nd customize key bindings for less
>  .Sh SYNOPSIS
>  .Nm lesskey
>  .Oo Fl o Ar output
> @@ -37,8 +37,8 @@
>  .Fl V | -version
>  .Sh DESCRIPTION
>  .Nm
> -is used to specify a set of key bindings to be used by
> -.Xr less 1 .
> +is used to change the default key bindings of
> +.Xr less 1 to match personal preference.
>  The input file is a text file which describes the key bindings.
>  If the input file is
>  .Sq - ,
> 

hi.

i committed your diff, with one adjustment: i omitted the "to match
personal preference" text since i didn;t like how it sounded, nor felt
that it added anything.

thanks for the diff,
jmc

Re: Missing action list in lesskey man page

[Jason McIntyre]

On Sat, Dec 04, 2021 at 07:11:01PM +0100, Richard Ulmer wrote:
> Hi Jason,
> Thanks for you response!
> 

hi!

> > the actions do indeed match those in the command list. whether there are
> > any undocumented ones, i don;t know. i suppose you'd have to go poking
> > in the source.
> 
> IMO users shouldn't have to go to the source code to compensate for
> lacking documentation.
> 

right. but someone at some point has to do the work if there is an
issue. so by "you'd have to go poking" i really meant with a view to
improving the page, rather than "all users should read the source to find this 
out".

> Out of curiosity I did take a peek at the source and found this that
> there are indeed undocumented actions:
> - 'display-flag'  is an undocumented alias for 'display-option'
> - 'end'   is an undocumented alias for 'goto-end'
> - 'first-cmd' is an undocumented alias for 'firstcmd'
> - 'flush-repaint' is an undocumented alias for 'repaint-flush'
> - 'toggle-flag'   is an undocumented alias for 'toggle-option'
> - 'debug' is an entirely undocumented action
> - 'forw-skip' is an entirely undocumented action
> - 'shell' appears in the lesskey(1) man page but does not work
> 

right. so if someone writes it up, future readers will not have to go
poking. alternatively, there may a reason they are undocumented.

> > the actions will roughly match those described in the
> > less(1) COMMANDS section. so for example in less(1):
> > 
> > d | ^D
> > Scroll forward n lines ...
> > 
> > and in lesskey(1):
> > 
> > d forw-scroll
> > ^D forw-scroll
> 
> Doing this seems unnecessarily tedious to me. I'd much prefer to have
> the actions explained in the lesskey(1) man page. Doing this still
> doesn't explain everything; e.g. this still confuses me:
> 
>   s toggle-option o
> 
> translates to
> 
>   s filename
>   Save the input to a file.  This only works if the input is a 
> pipe,
>   not an ordinary file.
> 

it confuses me too! i have no idea why they have used "toggle-option".
but you can easily correlate "s" in lesskey with the documented "s" command
in less.

> > we could maybe make this clearer:
> > 
> > #command
> > \r  forw-line
> > ...
> > 
> > to sth like this:
> > 
> > #command action
> > \r   forw-line
> > ...
> 
> I'd prefer a separate list where each action is described with a little
> more detail, than just having the example.
>  
> > however we still import less. i'd want to make sure that's not stepping
> > on anyone's toes to make local changes.
> 
> I wanted to hear some second opinions first and make sure, that I didn't
> miss anything. If I still think the documentation is lacking after that,
> I could also suggest changes upstream.

well you can file a bug report i suppose. but you could also look at how
to improve things, write a diff, and submit it upstream. you will
probably have a better chance if you do some of the work.

jmc

Re: Missing action list in lesskey man page

[Jason McIntyre]

On Sat, Dec 04, 2021 at 12:19:34PM +0100, Richard Ulmer wrote:
> Hi all,
> I've been reading up on "advanced" less(1) features and came across the
> lesskey(1) man page. In the COMMAND SECTION of the page I read this:
> 
> > The action is the name of the less action, from the list below.
> 
> However I cannot see this list of available actions. The only thing
> similar I can find is the list of default commands with their actions.
> From this I can deduce some available actions, but I'm not sure if those
> are all the available actions. Maybe there are some actions that are not
> bound by default. I'm also missing a description of what the actions do
> (I don't know all the default less(1) commands off the cuff).
> 
> Is the action list missing from the lesskey(1) man page, or am I
> misunderstanding something?
> 
> Greetings,
> Richard Ulmer
> 

hi.

the actions do indeed match those in the command list. whether there are
any undocumented ones, i don;t know. i suppose you'd have to go poking
in the source. the actions will roughly match those described in the
less(1) COMMANDS section. so for example in less(1):

d | ^D
Scroll forward n lines ...

and in lesskey(1):

d forw-scroll
^D forw-scroll

so leskey gives you the action names (if you want to change them), and less
describes what these actions do.

we could maybe make this clearer:

#command
\r  forw-line
...

to sth like this:

#command action
\r   forw-line
...

however we still import less. i'd want to make sure that's not stepping
on anyone's toes to make local changes.

jmc

Re: Suggestion for small improvement in acme-client.conf.5

[Jason McIntyre]

On Sat, Jan 09, 2021 at 05:08:14PM +0100, Wolf wrote:
> Hello,
> 
> I have small suggestion for improving man page for acme-client.conf.5.
> Basically just adding "comma separated" to clarify on the format of the
> list for alternative names. I had to dig into the parser.y to figure
> this out, so it would be nice to have it documented.
> 

hi.

a modified version of this diff now committed.
thanks,

jmc

> diff --git a/acme-client.conf.5 b/acme-client.conf.5
> index 7971fb6..a47a8e2 100644
> --- a/acme-client.conf.5
> +++ b/acme-client.conf.5
> @@ -125,9 +125,9 @@ If not specified, the
>  .Ar handle
>  of the domain block will be used as common name.
>  .It Ic alternative names Brq ...
> -Specify a list of alternative names for which the certificate will be valid.
> -The common name is included automatically if this option is present,
> -but there is no automatic conversion/inclusion between "www." and
> +Specify a comma separated list of alternative names for which the certificate
> +will be valid. The common name is included automatically if this option is
> +present, but there is no automatic conversion/inclusion between "www." and
>  plain domain name forms.
>  .It Ic domain key Ar file Op Ar keytype
>  The private key file for which the certificate will be obtained.
> 
> 
> Have a nice day,
> W.
> 
> -- 
> There are only two hard things in Computer Science:
> cache invalidation, naming things and off-by-one errors.

Re: man netstart(8) OpenBSD-6.8

[Jason McIntyre]

On Sun, Oct 25, 2020 at 04:41:26PM +, Jason McIntyre wrote:
> On Sun, Oct 25, 2020 at 10:16:54AM -0600, Theo de Raadt wrote:
> > Jason McIntyre  wrote:
> > 
> > > whereas /etc/netstart is actually doing:
> > > 
> > > - configure non-physical:   (1)
> > > aggr trunk svlan vlan carp pppoe
> > > - routing   (2)
> > > - rest of non-physical: (3)
> > > tun tap gif etherip gre egre mobileip pflow wg
> > > 
> > > we could try to keep this list up to date, but it may be easier to just
> > > generally describe what netstart is doing.
> > 
> > I think we goes wrong by trying to maintain these as lists, and part of
> > where this goes wrong is weak definition of the reasons for the
> > ordering.  (Meaning, the developers who tweak netstart to handle the
> > concerns I'm about to describe, don't tend to think about the manual
> > page).
> > 
> > The (1) list of non-physical can probably be called "link-layer control
> > interfaces".  Or let's find a name for this.  These devices mutate the
> > presentation of other devices.  That's why their configuration needs to
> > be done before the physical device.
> > 
> > (2) The physical device is then brought up, including IP addressing. The
> > things in (1) need to be done beforehands, or the physical device is
> > participating in the wrong layer of network.
> > 
> > the (3) list of non-physical devices are layer-2 or layer-3 and operate
> > on devices which are already configured with some some sort of
> > "addressing" configured.
> > 
> > It would be nice to have our networking people come up with nice names
> > for group (1) and (2); words which succinctly describe the
> > classification like I've done above.  We need to increase understanding
> > of this order, rather than just abstractly listing names of devices with
> > complicated behaviours.
> > 
> > Once that is done, I still think it is problematic for us to list all
> > devices in each catagory:
> > 
> > a) new subsystems will be forgotten
> > b) the order of instantiation will sometimes be listed wrong -- for some
> >of these the order is highly significant.
> > 
> > We can try to list as many as possible, but people who want the precise
> > list (and order) should look in the netstart code.  The lists will get
> > long and wrong.  If we find we cannot maintain the lists correctly
> > because it is duplicated information, man page wording like "such as"
> > could be used, also something which leads people to consider the script
> > source as authoritative, ie. have them go read the script 
> > 
> 
> ok, here is a start.
> 
> i have left the description as "non-physical", because i think that is
> clear. we could easily amend it. ifconfig.8 create talks about "network
> pseudo-devices" - that could be a possibility.
> 
> jmc
> 

an updated diff for this just got committed.
jmc

Re: man netstart(8) OpenBSD-6.8

[Jason McIntyre]

On Sun, Oct 25, 2020 at 10:16:54AM -0600, Theo de Raadt wrote:
> Jason McIntyre  wrote:
> 
> > whereas /etc/netstart is actually doing:
> > 
> > - configure non-physical:   (1)
> > aggr trunk svlan vlan carp pppoe
> > - routing   (2)
> > - rest of non-physical: (3)
> > tun tap gif etherip gre egre mobileip pflow wg
> > 
> > we could try to keep this list up to date, but it may be easier to just
> > generally describe what netstart is doing.
> 
> I think we goes wrong by trying to maintain these as lists, and part of
> where this goes wrong is weak definition of the reasons for the
> ordering.  (Meaning, the developers who tweak netstart to handle the
> concerns I'm about to describe, don't tend to think about the manual
> page).
> 
> The (1) list of non-physical can probably be called "link-layer control
> interfaces".  Or let's find a name for this.  These devices mutate the
> presentation of other devices.  That's why their configuration needs to
> be done before the physical device.
> 
> (2) The physical device is then brought up, including IP addressing. The
> things in (1) need to be done beforehands, or the physical device is
> participating in the wrong layer of network.
> 
> the (3) list of non-physical devices are layer-2 or layer-3 and operate
> on devices which are already configured with some some sort of
> "addressing" configured.
> 
> It would be nice to have our networking people come up with nice names
> for group (1) and (2); words which succinctly describe the
> classification like I've done above.  We need to increase understanding
> of this order, rather than just abstractly listing names of devices with
> complicated behaviours.
> 
> Once that is done, I still think it is problematic for us to list all
> devices in each catagory:
> 
> a) new subsystems will be forgotten
> b) the order of instantiation will sometimes be listed wrong -- for some
>of these the order is highly significant.
> 
> We can try to list as many as possible, but people who want the precise
> list (and order) should look in the netstart code.  The lists will get
> long and wrong.  If we find we cannot maintain the lists correctly
> because it is duplicated information, man page wording like "such as"
> could be used, also something which leads people to consider the script
> source as authoritative, ie. have them go read the script 
> 

ok, here is a start.

i have left the description as "non-physical", because i think that is
clear. we could easily amend it. ifconfig.8 create talks about "network
pseudo-devices" - that could be a possibility.

jmc

Index: netstart.8
===
RCS file: /cvs/src/share/man/man8/netstart.8,v
retrieving revision 1.23
diff -u -p -r1.23 netstart.8
--- netstart.8  7 Mar 2018 09:54:23 -   1.23
+++ netstart.8  25 Oct 2020 16:39:04 -
@@ -64,20 +64,12 @@ Configure the loopback interface.
 .It
 Configure all the physical interfaces.
 .It
-Configure the following non-physical interfaces:
-.Xr trunk 4 ,
-.Xr vlan 4 ,
-.Xr pfsync 4 ,
-and
-.Xr carp 4 .
+Configure any non-physical interfaces which need to be set up
+before default routes are in place.
 .It
 Initialize the routing table and set up the default routes.
 .It
-Configure the remaining non-physical interfaces:
-.Xr pppoe 4 ,
-.Xr gif 4 ,
-and
-.Xr gre 4 .
+Configure the remaining non-physical interfaces.
 .It
 Configure all
 .Xr bridge 4

Re: man netstart(8) OpenBSD-6.8

[Jason McIntyre]

On Sun, Oct 25, 2020 at 09:42:39AM +0100, Rachel Roch wrote:
> 
> 25 Oct 2020, 01:25 by dera...@openbsd.org:
> 
> > Rachel Roch  wrote:
> >
> >> Is it just me or is the man entry for??netstart(8) missing a reference to 
> >> wg(4) ?
> >>
> >
> > ... and 300 other network interfaces.
> >
> > In otherwords, no, it should not be there.
> >
> 
> OK smart alec, then why bother enumerating any of the non-physical interfaces 
> on the man page ???
> 
> Afterall, the man page does state at the head of the list "During the system 
> boot, netstart is executed. netstart performs the following operations, in 
> the sequence given".?? 
> 
> There is little point giving a half-assed description.?? Either you enumerate 
> ALL the non-physical interfaces, or otherwise you treat them the same way as 
> the physical ones ("Configure all the physical interfaces").
> 
> Otherwise you are failing to explain what happens to any of your "300 other 
> interfaces".?? Enumerate or don't enumerate, I don't care ... but surely it 
> is sensible to pay some reference to them.
> 
> Sheesh !
> 

hi.

a diff would have been clearer - personally i originally thought you
were expecting an Xr in SEE ALSO for wg(4).

now i see you are on about the devices listed in DESCRIPTION.
unfortunately that list looks out of date and incomplete (or, always
possible, i have failed to understand the processing in netstart).

we currently have:

- configure non-physical:
trunk vlan pfsync carp
- routing
- rest of non-physical:
pppoe gif gre

whereas /etc/netstart is actually doing:

- configure non-physical:
aggr trunk svlan vlan carp pppoe
- routing
- rest of non-physical:
tun tap gif etherip gre egre mobileip pflow wg

we could try to keep this list up to date, but it may be easier to just
generally describe what netstart is doing.

i'll wait a little to see whether:

- i've understood what netstart is doing correctly
- there are compelling reasons to swing one way or the other

...then offer a diff.

jmc

Re: man tar

[Jason McIntyre]

On Sun, Oct 04, 2020 at 03:05:48PM +, Roderick wrote:
> 
> We read there:
> 
> "
> -f archive
> 
> Filename where the archive is stored. Defaults to /dev/rst0. If set to 
> hyphen (?-?) standard output is used. See also the TAPE environment 
> variable.
> 
> ""
> 
> Well, hyphen (?-?) may also mean stdin as expected, but it seems not
> to be mentioned/insinuated on the man page.
> 
> Rod.

i just updated the manual to reflect this. thanks,
jmc

Re: Tunefs(8)

[Jason McIntyre]

On Mon, Aug 10, 2020 at 04:05:12PM +, Rupert Gallagher wrote:
> Omit the last line of the manual, because there is no need for it.
> 

there's always a need for humour! i think that sentence is an important
part of the tunefs(8) man page (and no, i'm not being sarcastic).

> Add the units used by the average file size, because of ambiguity.
> 
> -g avgfilesize
> This specifies the expected average file size, expressed in bytes??? .

i'm not sure that it is ambiguous. if it could accept a unit of bytes it
would say so.

jmc

Re: [patch] calendar.music: Neil Peart 1952-2020

[Jason McIntyre]

On Mon, Jun 22, 2020 at 08:31:34AM -0500, Carson Chittom wrote:
>  
> Matthew J. C. Clarke  writes: 
>  
> >  01/08  Elvis Presley born in East Tupelo, Mississippi, 
> >  1935 
> 
> This caught my eye, being from Mississippi myself.
> 
> As far as I know or can tell from searching online, there's no 
> such place as "East Tupelo".  This should be just "Tupelo" (my 
> preference) or "east Tupelo" (the Elvis Presley Birthplace Museum 
> does appear to be on the eastern side of Tupelo).
> 

hi. i changed it to just "Tupelo".
thanks,

jmc

Re: [patch] calendar.music: Neil Peart 1952-2020

[Jason McIntyre]

On Sat, Jun 20, 2020 at 02:42:15PM -0700, Matthew J. C. Clarke wrote:
> 

committed, thanks.
jmc

> Index: usr.bin/calendar/calendars/calendar.music
> ===
> RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.music,v
> retrieving revision 1.37
> diff -u -p -r1.37 calendar.music
> --- usr.bin/calendar/calendars/calendar.music 12 May 2020 20:45:32 -  
> 1.37
> +++ usr.bin/calendar/calendars/calendar.music 20 Jun 2020 20:57:02 -
> @@ -15,6 +15,7 @@
>  01/06Max Bruch is born in Germany, 1838
>  01/06Alexander Scriabin is born in Moscow, 1872
>  01/07Francis Jean Poulenc is born in Paris, 1899
> +01/07Neil Peart dies in Santa Monica, California, 2020
>  01/08Elvis Presley born in East Tupelo, Mississippi, 1935
>  01/08David Bowie (then David Robert Jones) is born in London, 1947
>  01/08Arcangelo Corelli dies in Italy, 1713
> @@ -367,6 +368,7 @@
>  09/08Nicolas de Grigny is baptized, 1672
>  09/11Francois Couperin dies, 1733
>  09/12John-Philippe Rameau dies, 1764
> +09/12Neil Peart is born in Hamilton, Ontario, 1952
>  09/13Arnold Schoenberg is born in Vienna, Austria, 1874
>  09/14Francis Scott Key writes words to "Star Spangled Banner", 1814
>  09/15Anton Webern is shot dead by a drunk US soldier in Austria, 1945
> 
> -- 
> "Perfection [in design] is achieved not when there is nothing left to add,
> but rather when there is nothing left to take away."
>   -- Antoine de Saint-Exupery
> 

Re: late pppoe address

[Jason McIntyre]

On Sat, Jun 06, 2020 at 05:56:56PM +0200, Jan Stary wrote:
> This is current/amd64 on an APU2.
> The egress is XDSL pppoe(4) over vlan(4) over em(4),
> as is the case with many European dialup telecoms.
> 
> The connection itself works just fine (after some mss woes),
> but it takes some time to get assigned and IP address at startup.
> 
>   $ cat /etc/hostname.pppoe0
>   inet 0.0.0.0 255.255.255.255 NONE pppoedev vlan0 \
>   authproto 'pap' authname 'X' authkey 'PASS' up
>   dest 0.0.0.1
>   inet6 eui64
>   !/sbin/route add default 0.0.0.1
>   !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
> 
> As per pppoe(4), the 0.0.0.0 and 0.0.0.1 get changed
> to my actual address (fixed) and the other end, respectively;
> routes get established, etc.
> 
> My problem is that the delay is long enough
> to make some of the the early daemons choke:
> 
>   starting network
>   add net default: gateway 0.0.0.1
>   add net default: gateway fe80::%pppoe0
>   starting early daemons: syslogd pflogd nsd(failed) unbound ntpd.
> 
> nsd seems to get fixed using "ip-transparent: yes";
> ntpd eventualy synchronizes after some "DNS lookup tempfail"s;
> but unbound spams /var/log/daemon with thousands of lines of
> 
>   unbound: [2895:0] notice: sendto failed: Permission denied
>   unbound: [2895:0] notice: remote address is 178.17.0.12 port 53
> 
> as it tries in vain to contact its forwarders
> (or the root servers, if I don't specify forwarders).
> 
> Eventually, it all falls into place, but is there a way
> to make the boot sequence wait for the pppoe IP address
> get assigned before moving on? I appended a lame
> 
> !while ! ifconfig pppoe0 | grep -F 185.63.96.79; do date ; sleep 1; done
> 
> to /etc/hostname.pppoe0, resulting in
> 
> starting network
> add net default: gateway 0.0.0.1
> add net default: gateway fe80::%pppoe0
> Sat Jun  6 17:41:19 CEST 2020
> Sat Jun  6 17:41:21 CEST 2020
> [...]
> Sat Jun  6 17:42:53 CEST 2020
> Sat Jun  6 17:42:54 CEST 2020
> inet 185.63.96.79 --> 10.11.5.146 netmask 0x
> starting early daemons: syslogd pflogd nsd unbound ntpd.
> 
> (The date is there purely for debug of course;
> it shows it took about a minute and a half this time.)
> 
> Are people having the same problem?
> Are you doing something about the late ifconfig?
> 
>   Jan
> 

hi.

although i haven't used pppoe for a little while, i definitely had the
same issue when i did (uk provider). i think i bugged another developer
to look at it (mpi?) but we never got far in working out a solution.

sthen provided a workaround though: sth like "ifconfig pppoe0 down" in
/etc/rc.shutdown. i guess it's worth a shot...

jmc

Re: spamDB - blacklist mode

[Jason McIntyre]

On Tue, Mar 03, 2020 at 04:46:11AM +, s...@skolma.com wrote:
> Boudewijn,
> Thank you for your reply, and clarification.
> 
> The man pages for SPAMD and SPAMDB do not directly state this relationship / 
> behavior, and therefore I had made the assumption that spamd would capture 
> and feed all entries into the spamdb, in all operational modes.
> ..hopefully i have not overlooked vital documentation.
> 

hi.

there's a few parts to spamd, and i think it can be initially confusing
until you work out how it's put together. but there has been effort put
into the spamd(8) page to make it clear what happens by default, and how
that differs in blacklisting mode:

SPAMD(8) System Manager's Manual SPAMD(8)

...
 When spamd is run in default mode, it will greylist
 connections from new hosts.  Depending on its configuration,
 it may choose to blacklist the host or, if the checks
 described below are met, eventually whitelist it.  When
 spamd is run in blacklist-only mode, using the -b flag, it
 will consult a pre-defined set of blacklist addresses to
 decide whether to tarpit the host or not.

...
 When run in default mode, connections receive the pleasantly
 innocuous temporary failure of:

 451 Temporary failure, please try again later.

 This happens in the SMTP dialogue immediately after the DATA
 command is received from the client.  spamd will use the db
 file in /var/db/spamd to track these connections to spamd by
 connecting IP address, HELO/EHLO, envelope-from, and
 envelope-to, or tuple for short.  Hosts which connect but do
 not attempt to deliver mail will not generate a tuple and
 always be ignored.
...
 spamd-setup(8) should be run periodically by cron(8) to
 update the blacklists configured in spamd.conf(5).  Use
 crontab(1) to uncomment the entry in root's crontab.  When
 run in blacklist-only mode, the -b flag should be specified.

...
BLACKLIST-ONLY MODE
 When running in default mode, the pf.conf(5) rules described
 above are sufficient.  However when running in blacklist-
 only mode, a slightly modified pf.conf(5) ruleset is
 required, diverting any addresses found in the  table
 to spamd.  Any other addresses are passed to the real MTA.
...
 /var/db/spamd Greylisting database.

i hope it's clear that /var/db/spamdb is used in default mode, but not in
blacklist-only mode.

jmc

Re: axe(4) success with 'Delock Gigabit USB 2.0 Ethernet Adapter, "ASIX chipset"' (w/ manual patch)

[Jason McIntyre]

On Tue, Dec 17, 2019 at 06:12:12PM +, Jason McIntyre wrote:

i committed this without the asix chipset part. for future reference:

> > 
> > Index: src/share/man/man4/axe.4
> > ===
> > RCS file: /cvs/src/share/man/man4/axe.4,v
> > retrieving revision 1.45
> > diff -u -p -u -r1.45 axe.4
> > --- src/share/man/man4/axe.416 Jul 2013 16:05:48 -  1.45
> > +++ src/share/man/man4/axe.417 Dec 2019 11:20:12 -
> > @@ -31,7 +31,7 @@
> >  .\" $FreeBSD: /repoman/r/ncvs/src/share/man/man4/axe.4,v 1.3 2003/05/29 
> > 21:28:35 ru Exp $
> >  .\" $OpenBSD: axe.4,v 1.45 2013/07/16 16:05:48 schwarze Exp $
> >  .\"
> > -.Dd $Mdocdate: July 16 2013 $
> > +.Dd $Mdocdate: December 17 2019 $

don;t bump Mdocdate. it updates on commit.

> >  .Dt AXE 4
> >  .Os
> >  .Sh NAME
> > @@ -58,6 +58,7 @@ following:
> >  .It Buffalo(MELCO) LUA-U2-KTX
> >  .It Corega FEther USB2-TX
> >  .It D-Link DUB-E100
> > +.It Delock Gigabit USB 2.0 Ethernet Adapter, Dq "ASIX chipset"

Dq produces "", so use either Dq or "".

jmc

> >  .It Good Way GWUSB2E
> >  .It Hawking UF200
> >  .It Intellinet USB 2.0 to Ethernet (rev A)
> > 
> 
> hi. the "asix chipset" bit seems unneccessary, since the driver is only
> for asix chips (as far as i can tell) and quickly skimming online fails
> to turn up such a model with a different chipset.
> 
> unless you have any more info, i guess we could commit without that
> part.
> 
> jmc

Re: axe(4) success with 'Delock Gigabit USB 2.0 Ethernet Adapter, "ASIX chipset"' (w/ manual patch)

[Jason McIntyre]

On Tue, Dec 17, 2019 at 12:30:17PM +0100, zeurk...@volny.cz wrote:
> [not subscribed, please Cc, thanks.]
> 
> Haai,
> 
> Mewas actually looking for a Cardbus adapter, but availability issues
> made me have to go with USB again... at least it works :)
> 
> > axe0 at uhub0 port 2 configuration 1 interface 0 "ASIX Electronics AX88178" 
> > rev 2.00/0.01 addr 2
> > axe0: AX88178, address XX:CE:NS:OR:ED:XX
> > rgephy0 at axe0 phy 1: RTL8169S/8110S/8211 PHY, rev. 2
> 
> The box only specifies "ASIX chipset", but after studying the manual
> pages, it did make me take the plunge. Given that most manufacturers
> apparently refuse to specify even that much, mesupposes we're lucky in
> this case... 
> 
> ...manual patch below.
> 
> --zeurkous.
> 
> Index: src/share/man/man4/axe.4
> ===
> RCS file: /cvs/src/share/man/man4/axe.4,v
> retrieving revision 1.45
> diff -u -p -u -r1.45 axe.4
> --- src/share/man/man4/axe.4  16 Jul 2013 16:05:48 -  1.45
> +++ src/share/man/man4/axe.4  17 Dec 2019 11:20:12 -
> @@ -31,7 +31,7 @@
>  .\" $FreeBSD: /repoman/r/ncvs/src/share/man/man4/axe.4,v 1.3 2003/05/29 
> 21:28:35 ru Exp $
>  .\" $OpenBSD: axe.4,v 1.45 2013/07/16 16:05:48 schwarze Exp $
>  .\"
> -.Dd $Mdocdate: July 16 2013 $
> +.Dd $Mdocdate: December 17 2019 $
>  .Dt AXE 4
>  .Os
>  .Sh NAME
> @@ -58,6 +58,7 @@ following:
>  .It Buffalo(MELCO) LUA-U2-KTX
>  .It Corega FEther USB2-TX
>  .It D-Link DUB-E100
> +.It Delock Gigabit USB 2.0 Ethernet Adapter, Dq "ASIX chipset"
>  .It Good Way GWUSB2E
>  .It Hawking UF200
>  .It Intellinet USB 2.0 to Ethernet (rev A)
> 

hi. the "asix chipset" bit seems unneccessary, since the driver is only
for asix chips (as far as i can tell) and quickly skimming online fails
to turn up such a model with a different chipset.

unless you have any more info, i guess we could commit without that
part.

jmc

Re: minor tcpdump.8 inconsistency

[Jason McIntyre]

On Thu, Oct 31, 2019 at 06:08:12PM +, Jason McIntyre wrote:
> On Thu, Oct 31, 2019 at 11:33:14AM -0600, Theo de Raadt wrote:
> > Jason McIntyre  wrote:
> > 
> > > On Thu, Oct 31, 2019 at 02:15:34PM +0100, Tim Kuijsten wrote:
> > > > minor inconsistency
> > > > 
> > > > diff --git a/tcpdump.8 b/tcpdump.8
> > > > index ce16951..8c2cf33 100644
> > > > --- a/tcpdump.8
> > > > +++ b/tcpdump.8
> > > > @@ -1257,7 +1257,7 @@ end of this connection.
> > > >  .Ar window
> > > >  is the number of bytes of receive buffer space available
> > > >  at the other end of this connection.
> > > > -.Ar urg
> > > > +.Ar urgent
> > > >  indicates there is urgent data in the packet.
> > > >  .Ar options
> > > >  are TCP options enclosed in angle brackets e.g.,
> > > > 
> > > 
> > > hi.
> > > 
> > > have you established that it's the documentation that is wrong? i.e.
> > > that "urgent" is printed, and not actually "urg"?
> > 
> > The situation is a bit more subtle than that.  Just above, the manual
> > page leads with this header.
> > 
> >  The general format of a TCP protocol line is:
> > 
> >src > dst: flags src-os data-seqno ack window urgent options
> > 
> > It is saying there's a section of the line regarding the _window_, then a
> > section regarding _urgent_, then a section regarding _options_.  In the
> > next paragraph it vaguely describes each of these without getting into
> > the specifics of the actual printed format (for instance, _window_ is
> > actually printed as " win %u".
> > 
> > The .Ar above are the "section names" of the line.  I think Tim's diff is
> > right.
> >  
> > 
> 
> ok, i see your point (after a bit of head scratching). i'll commit the
> diff then.
> 
> jmc
> 

i should have added that the macros in this page are poorly used, and
that caused my confusion. it's another issue though.

jmc

Re: minor tcpdump.8 inconsistency

[Jason McIntyre]

On Thu, Oct 31, 2019 at 02:15:34PM +0100, Tim Kuijsten wrote:
> minor inconsistency
> 
> diff --git a/tcpdump.8 b/tcpdump.8
> index ce16951..8c2cf33 100644
> --- a/tcpdump.8
> +++ b/tcpdump.8
> @@ -1257,7 +1257,7 @@ end of this connection.
>  .Ar window
>  is the number of bytes of receive buffer space available
>  at the other end of this connection.
> -.Ar urg
> +.Ar urgent
>  indicates there is urgent data in the packet.
>  .Ar options
>  are TCP options enclosed in angle brackets e.g.,
> 

fixed, thanks.
jmc

Re: minor tcpdump.8 inconsistency

[Jason McIntyre]

On Thu, Oct 31, 2019 at 11:33:14AM -0600, Theo de Raadt wrote:
> Jason McIntyre  wrote:
> 
> > On Thu, Oct 31, 2019 at 02:15:34PM +0100, Tim Kuijsten wrote:
> > > minor inconsistency
> > > 
> > > diff --git a/tcpdump.8 b/tcpdump.8
> > > index ce16951..8c2cf33 100644
> > > --- a/tcpdump.8
> > > +++ b/tcpdump.8
> > > @@ -1257,7 +1257,7 @@ end of this connection.
> > >  .Ar window
> > >  is the number of bytes of receive buffer space available
> > >  at the other end of this connection.
> > > -.Ar urg
> > > +.Ar urgent
> > >  indicates there is urgent data in the packet.
> > >  .Ar options
> > >  are TCP options enclosed in angle brackets e.g.,
> > > 
> > 
> > hi.
> > 
> > have you established that it's the documentation that is wrong? i.e.
> > that "urgent" is printed, and not actually "urg"?
> 
> The situation is a bit more subtle than that.  Just above, the manual
> page leads with this header.
> 
>  The general format of a TCP protocol line is:
> 
>src > dst: flags src-os data-seqno ack window urgent options
> 
> It is saying there's a section of the line regarding the _window_, then a
> section regarding _urgent_, then a section regarding _options_.  In the
> next paragraph it vaguely describes each of these without getting into
> the specifics of the actual printed format (for instance, _window_ is
> actually printed as " win %u".
> 
> The .Ar above are the "section names" of the line.  I think Tim's diff is
> right.
>  
> 

ok, i see your point (after a bit of head scratching). i'll commit the
diff then.

jmc

Re: minor tcpdump.8 inconsistency

[Jason McIntyre]

On Thu, Oct 31, 2019 at 02:15:34PM +0100, Tim Kuijsten wrote:
> minor inconsistency
> 
> diff --git a/tcpdump.8 b/tcpdump.8
> index ce16951..8c2cf33 100644
> --- a/tcpdump.8
> +++ b/tcpdump.8
> @@ -1257,7 +1257,7 @@ end of this connection.
>  .Ar window
>  is the number of bytes of receive buffer space available
>  at the other end of this connection.
> -.Ar urg
> +.Ar urgent
>  indicates there is urgent data in the packet.
>  .Ar options
>  are TCP options enclosed in angle brackets e.g.,
> 

hi.

have you established that it's the documentation that is wrong? i.e.
that "urgent" is printed, and not actually "urg"?

jmc

Re: ed(1) man page doesn't mention use of single / and ?

[Jason McIntyre]

On Thu, Jul 04, 2019 at 11:47:50PM +0200, ropers wrote:
> Do I understand correctly that this is in reference to these parts of man 1 
> ed:
> 
> > /re/
> >The next line containing the regular expression re. The search wraps to 
> > the beginning of the buffer and continues down to the current line, if 
> > necessary. ???//??? repeats the last search.
> 
> > ?re?
> >The previous line containing the regular expression re. The search wraps 
> > to the end of the buffer and continues up to the current line, if 
> > necessary.  repeats the last search.
> 
> and:
> 
> > (1,$)g/re/command-list
> >Applies command-list to each of the addressed lines matching a regular 
> > expression re. The current address is set to the line currently matched 
> > before command-list is executed. At the end of the g command, the current 
> > address is set to the last line affected by command-list. If no lines were 
> > matched, the current line number remains unchanged.
> >
> >Each command in command-list must be on a separate line, and every line 
> > except for the last must be terminated by a backslash (???\???). Any 
> > commands are allowed, except for g, G, v, and V. A newline alone in 
> > command-list is equivalent to a p command.
> 
> 
> If yes, then the corresponding parts of ed.1 are:
> 
> .It / Ns Ar re Ns /
> The next line containing the regular expression
> .Ar re .
> The search wraps to the beginning of the buffer and continues down to the
> current line, if necessary.
> .Qq //
> repeats the last search.
> .It Pf ? Ar re ?
> The previous line containing the regular expression
> .Ar re .
> The search wraps to the end of the buffer and continues up to the
> current line, if necessary.
> .Qq ??
> repeats the last search.
> 
> and:
> 
> .It Xo
> .Pf (1,$) Ic g No /
> .Ar re No / Ar command-list
> .Xc
> .Sm on
> Applies
> .Ar command-list
> to each of the addressed lines matching a regular expression
> .Ar re .
> The current address is set to the line currently matched before
> command-list is executed.
> At the end of the
> .Ic g
> command, the current address is set to the last line affected by command-list.
> If no lines were matched,
> the current line number remains unchanged.
> .Pp
> Each command in
> .Ar command-list
> must be on a separate line,
> and every line except for the last must be terminated by a backslash
> .Pq Sq \e .
> Any commands are allowed, except for
> .Ic g ,
> .Ic G ,
> .Ic v ,
> and
> .Ic V .
> A newline alone in command-list is equivalent to a
> .Ic p
> command.
> .Sm off
> 
> I'm not actually sure how to rewrite that. Would this call for
> separate /re, ?re and (1,$)g/re entries, or would it suffice to say
> that the second question mark or slash can be omitted if immediately
> followed by a newline?
> 
> Does anyone else have any ideas?
> 
> NB: In case people haven't seen it, here's an excellent ed(1)
> tutorial: https://sanctum.geek.nz/arabesque/actually-using-ed/
> I just thought I'd mention that.
> 
> Ian
> 

hi.

if we were going to document it, i'd say it definitely wouldn;t warrant
adding separate entries. it would be enough to describe when the / or ?
were optional.

neither freebsd nor netbsd seemingly document this.

posix documents it for /re/ and ?re?, but not g/RE/command-list, like
this:

In addition, the second  can be omitted at the end of a
command line.

without having tested any of this, i guess we'd want to add such a note
to /re/ and ?re?, but not g/RE/command-list. something along the lines
of:

The second slash is optional when followed by a newline.

you could ping a diff to tech, and see if anyone has any input that
could help. if no one does, i'll take it.

jmc

Re: Prefered manpage idioms?

[Jason McIntyre]

On Thu, May 30, 2019 at 09:09:58PM +0200, Marc Espie wrote:
> On Thu, May 30, 2019 at 07:29:55PM +0100, Jason McIntyre wrote:
> > i think any of man page, manual page, or manual is fine.
> > 
> > > 2. Standard output
> > > 
> > > Is it:
> > >   Print to standard output/error
> > > tee(1)
> > >   Print to the standard output/error
> > > cat(1), echo(1)
> > >   Print to stdout/stderr
> > > bzcat(1)
> > > 
> > 
> > these are all fine, i think.
> 
> IMO, these are highly contextual.
> 

agreed.

> "End user commands" will tend to say standard output or error.
> 
> stdout and stderr *are* programmer's idioms, so I would be surprised
> to see them in less technical commands.
> 

i'm pretty sure you'll find stdout/stderr scattered all over userland
docs. the post itself quoted bzcat.

i don;t think we can (or should) attempt to police this.

jmc

Re: Prefered manpage idioms?

[Jason McIntyre]

On Thu, May 30, 2019 at 10:16:12PM +1000, Stephen Gregoratto wrote:
> When I'm writing new manpages, I like to draw inspiration from the
> documentation of similar programs. The problem is that many manpages
> have different ways of saying the same thing, probably due to their
> authors and time period they were written in.
> 
> So, I'd like to ask what your preferred choice is of the following
> common idioms I keep finding:
> 

hi.

> 1. Manpage
> 
> Is it:
>   man page
>   man-page
>   manpage
>   reference
>   manual
>   UNIX??? Programmers Manual
> ...on second thought, maybe not
> 

i think any of man page, manual page, or manual is fine.

> 2. Standard output
> 
> Is it:
>   Print to standard output/error
> tee(1)
>   Print to the standard output/error
> cat(1), echo(1)
>   Print to stdout/stderr
> bzcat(1)
> 

these are all fine, i think.

> Bonus Round:
>   Print to ...
>   Write to ...
>   Print on ...
> readlink(1)
> 
> 3. Program arguments
> 
> Is it:
>   Argument
> echo(1)
>   Operand
> printf(1), also echo(1)?

also fine.

i think we just have to accept that there's more than one way to write
things. we try to keep things consistent where it makes sense, but i
think we need to allow for some variation too.

jmc

Re: sh : COMMAND LINE EDITING when relevant?

[Jason McIntyre]

On Wed, May 22, 2019 at 04:32:00PM +0200, Ingo Schwarze wrote:
> Hi Rudolf, hi Jason,
> 
> Rudolf Sykora wrote on Wed, May 22, 2019 at 02:34:31PM +0200:
> > Ingo Schwarze  writes:
> >> Rudolf Sykora wrote:
>  
> >>> after reading the sh man page I have been wondering:
> >>> When is the line editing mode described just after the
> >>> 'COMMAND HISTORY AND COMMAND LINE EDITING' heading relevant?
> 
> >> Near the beginning, the sh(1) manual page contains this paragraph:
> >>
> >>   This version of sh is actually ksh in disguise.  As such, it also
> >>   supports the features described in ksh(1).  This manual page describes
> >>   only the parts relevant to a POSIX compliant sh.  If portability is a
> >>   concern, use only those features described in this page.
> 
> > yes, I was aware of that paragraph.
>  
> >> In particular, the section "COMMAND HISTORY AND COMMAND LINE EDITING"
> >> describes only those features of ksh(1) "Vi editing mode" required by
> >> POSIX.  Wo do not provide a shell or an execution mode of ksh
> >> providing exactly those features and no extensions.
> 
> > What I didn't know was that the mode I asked about really is,
> > essentially, the vi editing mode, and, as such, has to be explicitly
> > turned on with 'set -o vi'. I wrongly thought there are 3 modes: emacs,
> > vi, and the one I asked about (the one described in the sh man page).
> > 
> > 
> > So, the short answer to my question would probabbly be: the commands
> > described in the mentioned section are relevant when the vi editing mode
> > of ksh is on.
> 
> Oh, now i see how the misunderstanding can arise.
> 
> I think we can make that clearer with the following patch.
> 
> The new phrase is not only correct with respect to what our /bin/sh
> actually does, but it also agrees with POSIX as described on
> https://pubs.opengroup.org/onlinepubs/9699919799/utilities/sh.html .
> 
> While POSIX requires the shell to support vi command line editing mode,
> it does not require that mode to be the default.  It only requires
> that the mode can be enabled with "set -o vi".  So the new description
> both works on OpenBSD and is required to work by POSIX, which is
> exacltly what we intend to describe in this page.
> 
> OK?
>   Ingo
> 

hi.

this seems fair enough. one question:

> 
> Index: sh.1
> ===
> RCS file: /cvs/src/bin/ksh/sh.1,v
> retrieving revision 1.151
> diff -u -r1.151 sh.1
> --- sh.1  16 Dec 2018 13:08:35 -  1.151
> +++ sh.1  22 May 2019 14:27:57 -
> @@ -866,7 +866,11 @@
>  either internally in memory or in a file,
>  as determined by
>  .Dv HISTFILE .
> -The command line and all the commands in command history
> +When
> +.Cm vi
> +command line editing mode is enabled with the option
> +.Ic set Fl o Cm vi ,

i'd prefer

When
.Cm vi
command line editing mode is enabled
.Pq set -o vi ,

you may hate that, so i'd settle for

.Pq Ic set Fl o Cm vi ,

it's still shorter.

jmc

> +the command line and all the commands in command history
>  can be edited using commands similar to those of
>  .Xr vi 1 .
>  .Pp

Re: Infinite spin when trying to burn a CD

[Jason McIntyre]

On Tue, Mar 26, 2019 at 10:45:40PM +0100, J??r??me FRGACIC wrote:
> Thanks for all your replies.
> 
> > it means the optcode does alllow or prevent media removal it depends on
> > the prevent bits in the cdb but you basically just have a 00 for allow
> > or a 01 for prevent in the cdb.  Anyway since sense already told you the
> > request is illegal you have to figure out what came befor the removal
> > request so you might get a clue in what state the hardware is still.
> 
> Thanks for those informations. Unfortunetly, I don't have more 
> informations or error than those for the moment to determine what happen 
> exactly.
> 
> > Have you tried cdrecord from ports? I haven't burnt a CD in awhile but last 
> > time I did I couldn't get cdio to work but cdrecord would.
> 
> I've tried cdrecord too, but I have the same problem. More precisely, it 
> quits because it encounters an error, but the CD is still spining forever.
> 
> I put the output of cdrecord at the end, just in case it can help, but 
> since it seems to be a hardware problem, I suppose there is no easy 
> solutions (except changing it, of course). ^^"
> 
> Kind regards,
> 
> 
> J??r??me
> 

hi. i don;t think it's a hardware error - i have a cd/dvd writer that
behaves in a similar fashion:

cd0 at scsibus1 targ 1 lun 0:  ATAPI 
5/cdrom removable

i can reproduce the errors you get if i try to write a cd on it. it's
not something i really do, so i never bothered (though i also suspected
a hardware error ;)

jmc

Re: man httpd.conf option does not mention option blocks

[Jason McIntyre]

On Tue, Mar 12, 2019 at 10:31:39AM +, Jason McIntyre wrote:
> On Tue, Mar 12, 2019 at 01:24:40AM -0500, Alfred Morgan wrote:
> >httpd uses the configuration processor that relayd uses so I was
> >curious to see how this block of sub options were explained in
> >relayd.conf(5) and interestingly enough this is not explained there
> >either but there are examples of the multiple option block being used.
> >One thing I learned from relayd.conf examples was that the sub options
> >can also be separated by a coma allowing multiple sub options to be
> >written on one line inside the brackets. I confirmed this works the
> >same in httpd.conf. This gives us these possibilities to write sub
> >options:
> >A)
> >connection max requests 10
> >connection timeout 600
> >B)
> >connection {
> >?  ?  max requests 10
> >?  ?  timeout 600
> >}
> >C)
> >connection { max requests 10, timeout 60 }
> >While reading the man page for relayd.conf I found this easy to read
> >and simple explanation that we may draw inspiration from -- although
> >this still does not explain the sub option block:
> >"""
> >It is possible to specify multiple listen directives with different IP
> >?  ?  ? protocols in a single redirection configuration:
> >?  ?  ?  ?  ?  ? redirect "dns" {
> >?  ?  ?  ?  ?  ?  ?  ?  ?  ? listen on [1]dns.example.com tcp port 53
> >?  ?  ?  ?  ?  ?  ?  ?  ?  ? listen on [2]dns.example.com udp port 53
> >?  ?  ?  ?  ?  ?  ?  ?  ?  ? forward to  port 53 check tcp
> >?  ?  ?  ?  ?  ? }
> >"""
> >I think we are struggling on how to be clear because option and
> >sub-option are named the same and the need to distinguish between other
> >"non-sub-options", if that makes any sense.
> >We could go the relayd.conf(5) method and don't mention anything about
> >sub-option blocks and just give examples such as A, B, and C above.
> > 
> 
> ok, i see patching one page is probably not enough. please let this
> rest just now till i can get help to figure it out and try and improve
> it.
> 
> in the meantime i've asked separately about the addition of a tls
> example. will let you know.
> 
> jmc

regarding the tls example... florian pointed out that we have good
examples already, in /etc/examples. i've added a pointer to them to the
doc, since we want to remind people to use these too.

jmc

Re: man httpd.conf option does not mention option blocks

[Jason McIntyre]

On Tue, Mar 12, 2019 at 01:24:40AM -0500, Alfred Morgan wrote:
>httpd uses the configuration processor that relayd uses so I was
>curious to see how this block of sub options were explained in
>relayd.conf(5) and interestingly enough this is not explained there
>either but there are examples of the multiple option block being used.
>One thing I learned from relayd.conf examples was that the sub options
>can also be separated by a coma allowing multiple sub options to be
>written on one line inside the brackets. I confirmed this works the
>same in httpd.conf. This gives us these possibilities to write sub
>options:
>A)
>connection max requests 10
>connection timeout 600
>B)
>connection {
>?  ?  max requests 10
>?  ?  timeout 600
>}
>C)
>connection { max requests 10, timeout 60 }
>While reading the man page for relayd.conf I found this easy to read
>and simple explanation that we may draw inspiration from -- although
>this still does not explain the sub option block:
>"""
>It is possible to specify multiple listen directives with different IP
>?  ?  ? protocols in a single redirection configuration:
>?  ?  ?  ?  ?  ? redirect "dns" {
>?  ?  ?  ?  ?  ?  ?  ?  ?  ? listen on [1]dns.example.com tcp port 53
>?  ?  ?  ?  ?  ?  ?  ?  ?  ? listen on [2]dns.example.com udp port 53
>?  ?  ?  ?  ?  ?  ?  ?  ?  ? forward to  port 53 check tcp
>?  ?  ?  ?  ?  ? }
>"""
>I think we are struggling on how to be clear because option and
>sub-option are named the same and the need to distinguish between other
>"non-sub-options", if that makes any sense.
>We could go the relayd.conf(5) method and don't mention anything about
>sub-option blocks and just give examples such as A, B, and C above.
> 

ok, i see patching one page is probably not enough. please let this
rest just now till i can get help to figure it out and try and improve
it.

in the meantime i've asked separately about the addition of a tls
example. will let you know.

jmc

Re: man httpd.conf option does not mention option blocks

[Jason McIntyre]

On Mon, Mar 11, 2019 at 12:29:41PM -0700, Evan Silberman wrote:
> Jason McIntyre  wrote:
> > 
> > Index: httpd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> > retrieving revision 1.103
> > diff -u -r1.103 httpd.conf.5
> > --- httpd.conf.519 Feb 2019 11:37:26 -  1.103
> > +++ httpd.conf.511 Mar 2019 19:05:57 -
> > @@ -155,7 +155,10 @@
> >  .Xr patterns 7 .
> >  .El
> >  .Pp
> > -Followed by a block of options that is enclosed in curly brackets:
> > +It is followed by a block of directives and values, enclosed in curly 
> > brackets.
> > +Directives which take multiple
> > +.Ar option
> > +values may also group these options in curly brackets.
> 
> This is better than mine but I don't think the "also" has a referent here. 
> Maybe:
> "Directives which take multiple option values may be repeated or may group the
> options in curly brackets." This excludes the possible interpretation that 
> e.g.
> 'log access "acces_log" error "error_log"' is valid syntax.
> 

"also" because we just said that directives and values are enclosed in
curly brackets. so "also" meaning "in the same way as we just showed
you".

"repeated" is confusing i think (like you would specify the same option
value twice).

jmc

Re: man httpd.conf option does not mention option blocks

[Jason McIntyre]

On Mon, Mar 11, 2019 at 08:59:30AM -0700, Evan Silberman wrote:
> 
> 
> > On Mar 10, 2019, at 11:55 PM, Jason McIntyre  wrote:
> > 
> > +Directives which take multiple
> > +.Ar option
> > +values may themselves be grouped in curly brackets.
> 
> I think this implies that the directives (which take multiple option values) 
> may be grouped in curly brackets rather than implying the options and their 
> values may be grouped in curly brackets as a parameter to the root directive. 
> I would try something like:
> 

you're right, it's ambiguous. but...

> For some options, the possible values are another set of options. In these 
> cases, the main option can be repeated, setting a different suboption each 
> time, or the main option may be followed by a block enclosed by curly braces, 
> within which each suboption may be set without repeating the name of the main 
> option.
> 
> I???m not super happy with this paragraph, which gives up brevity for 
> precision, but I do think it???s more precise.
> 

i don;t really want to go down the road of talking about suboptions!
also the text is super long. i've tweaked my text below. if we can't get
it clear and concise, it might just be easier to give an example.

jmc

Index: httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.103
diff -u -r1.103 httpd.conf.5
--- httpd.conf.519 Feb 2019 11:37:26 -  1.103
+++ httpd.conf.511 Mar 2019 19:05:57 -
@@ -155,7 +155,10 @@
 .Xr patterns 7 .
 .El
 .Pp
-Followed by a block of options that is enclosed in curly brackets:
+It is followed by a block of directives and values, enclosed in curly brackets.
+Directives which take multiple
+.Ar option
+values may also group these options in curly brackets.
 .Bl -tag -width Ds
 .It Ic alias Ar name
 Specify an additional alias
@@ -714,9 +717,14 @@
 .Bd -literal -offset indent
 server "www.example.com" {
alias "example.com"
-   listen on * port 80
-   listen on * tls port 443
+   listen on * port http
+   listen on * tls port https
root "/htdocs/www.example.com"
+
+   tls {
+   key "/etc/ssl/private/example.com.key
+   certificate "/etc/ssl/example.com.fullchain.pem"
+   }
 }
 
 server "www.a.example.com" {

Re: man httpd.conf option does not mention option blocks

[Jason McIntyre]

On Sun, Mar 10, 2019 at 07:03:36PM -0500, Alfred Morgan wrote:
>jmc wrote on? 2019-03-05 6:58:38:
>> > How does this sound?
>> > A specified option may be written inside curly brackets in order to
>specify
>> > a block of one or more specified options.
>>?
>> regarding your sentence - it's confusing. this is a tough one to
>write,
>> i think. from everything following that sentence to the end of that
>> section, can everything take this {} notation?
>Not everything. I found this difficult to explain because the manual
>uses the word "option" as an argument to an "option" as well as the
>main option. The manual does seem to distinguish the two terms by
>referring to the option argument as a "specified option"
>It would really help changing the sub-option name to something else,
>like, "parameter", or "sub-option" but this would require an overhaul
>that I was avoiding.

morning.

thanks for the feedback. i've tidied up your diff a bit. how does it
read?

i could do with feedback on two levels:

- does any developer want to ok alfred's proposed changes to the
  examples? i can;t commit this without one.

- does anyone want to nitpick the text regarding multiple options?

thanks,
jmc

Index: httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.103
diff -u -r1.103 httpd.conf.5
--- httpd.conf.519 Feb 2019 11:37:26 -  1.103
+++ httpd.conf.511 Mar 2019 06:54:47 -
@@ -155,7 +155,10 @@
 .Xr patterns 7 .
 .El
 .Pp
-Followed by a block of options that is enclosed in curly brackets:
+It is followed by a block of directives and values, enclosed in curly brackets.
+Directives which take multiple
+.Ar option
+values may themselves be grouped in curly brackets.
 .Bl -tag -width Ds
 .It Ic alias Ar name
 Specify an additional alias
@@ -714,9 +717,14 @@
 .Bd -literal -offset indent
 server "www.example.com" {
alias "example.com"
-   listen on * port 80
-   listen on * tls port 443
+   listen on * port http
+   listen on * tls port https
root "/htdocs/www.example.com"
+
+   tls {
+   key "/etc/ssl/private/example.com.key
+   certificate "/etc/ssl/example.com.fullchain.pem"
+   }
 }
 
 server "www.a.example.com" {

Re: man httpd.conf option does not mention option blocks

[Jason McIntyre]

On Mon, Mar 04, 2019 at 03:46:25PM -0600, Alfred Morgan wrote:
> jmc wrote:
> > i think if you attached a diff to your mail, no matter how poorly
> > written, you would have a better chance of something happening.
> 
> How does this sound?
> A specified option may be written inside curly brackets in order to specify
> a block of one or more specified options.
> (diff included below)
> 

morning.

thanks for following this up with a diff!

regarding your sentence - it's confusing. this is a tough one to write,
i think. from everything following that sentence to the end of that
section, can everything take this {} notation?

alias { x y z }

that is valid? or it's just command words that take lists of options,
like

tls {
cert x
ciphers y
}

the sentence doesn;t make this clear. i can't offer an improvement
without understand where it's valid. can you supply more detail (not in
a diff, just describe it).

> > where can {} be used? just here or other places? is there a general rule?
> 
> Yes, I tested several specified options and this appears to be a general
> rule. One thing I noticed, which made me include "one or more" in my
> documentation, is an optional specified option will not accept an empty
> curly brackets `{ }` such as the option `hsts [option]` won't allow to be
> written as `hsts { }`.
> 

so it applies just to commands which have an argument "option"?

> > what https examples would improve the page?
> 
> I believe a tls option with a multiple specified options block containing
> paths to acme-client default key and cert paths example would be great. And
> how about using named ports even.
> 

fair enough. i'll try and get some feedback on this/

jmc

> Index: httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.103
> diff -u -p -r1.103 httpd.conf.5
> --- httpd.conf.519 Feb 2019 11:37:26 -  1.103
> +++ httpd.conf.54 Mar 2019 21:33:27 -
> @@ -155,7 +155,9 @@ see
>  .Xr patterns 7 .
>  .El
>  .Pp
> -Followed by a block of options that is enclosed in curly brackets:
> +Followed by a block of options that is enclosed in curly brackets.
> +A specified option may be written inside curly brackets in order to specify
> +a block of one or more specified options:
>  .Bl -tag -width Ds
>  .It Ic alias Ar name
>  Specify an additional alias
> @@ -714,9 +716,13 @@ the server will be matched based on the
>  .Bd -literal -offset indent
>  server "www.example.com" {
> alias "example.com"
> -   listen on * port 80
> -   listen on * tls port 443
> +   listen on * port http
> +   listen on * tls port https
> root "/htdocs/www.example.com"
> +tls {
> +key "/etc/ssl/private/example.com.key"
> +certificate "/etc/ssl/example.com.fullchain.pem"
> +}
>  }
> 
>  server "www.a.example.com" {
> 
> -- 
> -alfred

Re: man httpd.conf option does not mention option blocks

[Jason McIntyre]

On Sun, Mar 03, 2019 at 01:05:54PM -0600, Alfred Morgan wrote:
> There are two formats you can write options in and the man page does not
> mention format 2.
> 
> format 1:
> tls key "/etc/ssl/private/server.key"
> tls certificate "/etc/ssl/server.crt"
> 
> format 2:
> tls {
> key "/etc/ssl/private/server.key"
> certificate "/etc/ssl/server.crt"
> }
> 
> Besides this, https is pretty much a requirement now and the only tls
> example mentioned in the man page is a single line using an implicit
> default key and a default certificate:
> listen on * tls port 443
> 
> -- 
> -alfred

hi.

i think if you attached a diff to your mail, no matter how poorly
written, you would have a better chance of something happening.

where can {} be used? just here or other places? is there a general
rule? what https examples would improve the page?

jmc

Re: ifconfig AF

[Jason McIntyre]

On Tue, Feb 19, 2019 at 09:42:17PM -0600, Alfred Morgan wrote:
> I ran the command ifconfig re0 autoconf and found an error message saying
> "autoconf not allowed for this AF" and it took me some time searching to
> figure out what "AF" meant. After I found out that it meant "address
> family" I used the inet6 syntax. I think it would be useful to change the
> error message to say "address family" instead of "AF". If you require a
> diff for the source code changes then let me know.
> -- 
> -alfred

hi.

you could also have verified in the ifconfig(8) page the right way to
use autoconf.

not trying to discourage you from submitting a diff, but i think the
information you needed was already there.

jmc

Re: ssd drive disappears when booting

[Jason McIntyre]

On Sun, Feb 17, 2019 at 01:23:44AM +, tfrohw...@fastmail.com wrote:
> On February 16, 2019 6:41:49 PM UTC, Jason McIntyre  
> wrote:
> >hi. hoping someone knows what's happening here...
> >
> >i installed -current amd64 on an old dell latitude e6320 laptop.
> >it ran fine for a few hours, but on a subsequent reboot the disk (an
> >ssd)
> >seemed to disappear:
> >
> > ...
> > softraid0 at root
> > scsibus2 at softraid0: 256 targets
> > root device:<- hit 
> > use one of: exit em0 iwn0
> > root device:
> >
> >i.e. it fails to find sd0. i thought it was a hardware issue.
> >i don;t want to open this thing up. but i thought initially the drive
> >was
> >either dead or somehow disconnected. but at the bios level, the machine
> >reports the disk is ok (i ran some bios diagnostics on it).
> >
> >so what i tried:
> >
> > boot>
> > boot hd0a:/bsd
> >
> >that just fails in the same way.
> >
> > boot> machine diskinfo
> > DiskBIOS#   TypeCylsHeads   SecsFlags   Checksum
> > hd0 0x80label   1023255 63  0x2 0xd53d9ad8
> >
> >that looks ok.
> >
> > boot> ls
> > drwxr-xr-x 0,0 512  . 
> > drwxr-xr-x 0,0 512  ..
> > drwxr-xr-x 0,0 512  home
> > drwxr-xr-x 0,0 512  tmp
> > drwxr-xr-x 0,0 512  usr
> > drwxr-xr-x 0,0 512  var
> > -rwx-- 0,0 15696910 bsd
> > -rw--- 0,0 15696910 bsd.rd
> > drwxr-xr-x 0,0 512  altroot
> > drwxr-xr-x 0,0 1024 bin 
> > drwxr-xr-x 0,0 19456dev
> > drwxr-xr-x 0,0 1536 etc
> > drwxr-xr-x 0,0 512  mnt
> > drwxr-xr-x 0,0 512  root
> > drwxr-xr-x 0,0 1536 sbin
> > -rw-r--r-- 0,0 578  .cshrc
> > -rw-r--r-- 0,0 468  .profile
> > stat(hda0/./sys): No such file or directory
> > -rw-r--r-- 0,0 82320boot
> > -rw--- 0,0 15579327 bsd.sp
> > -rw--- 0,0 15714870 bsd.booted
> >
> >so at this level i can see the disk. but when i boot it's not found.
> >
> >trying fresh installs just end the same way - it fails to locate the
> >disk. so i can;t use anything like fdisk to dig around.
> >
> >any opinions on whether the issue is with the disk, or whether there's
> >anything else i can try?
> >
> >sorry i have no up to date dmesg for this machine ;(
> >
> >thanks,
> >jmc
> 
> This sounds like the problem that I (and others) have seen when the hard 
> drive is set to RAID in the Bios/firmware. Try setting it to AHCI if your 
> bios lets you.
> 

wow, that was exactly it! i don;t understand how it was running one
minute, and then changed, but setting the drive to ahci worked (it was
indeed parked on raid).

thanks so much - you just saved me a ton of hassle.

jmc

OpenBSD 6.4-current (GENERIC.MP) #713: Wed Feb 13 22:35:28 MST 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8448847872 (8057MB)
avail mem = 8183095296 (7804MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf2120 (106 entries)
bios0: vendor Dell Inc. version "A15" date 08/15/2012
bios0: Dell Inc. Latitude E6320
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC TCPA SSDT MCFG HPET BOOT SSDT SSDT SLIC
acpi0: wakeup devices HDEF(S4) GLAN(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) 
PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) 
PXSX(S4) RP08(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2494.69 MHz, 06-2a-07
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2494.33 MHz, 06-2a-07
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE

ssd drive disappears when booting

[Jason McIntyre]

hi. hoping someone knows what's happening here...

i installed -current amd64 on an old dell latitude e6320 laptop.
it ran fine for a few hours, but on a subsequent reboot the disk (an ssd)
seemed to disappear:

...
softraid0 at root
scsibus2 at softraid0: 256 targets
root device:<- hit 
use one of: exit em0 iwn0
root device:

i.e. it fails to find sd0. i thought it was a hardware issue.
i don;t want to open this thing up. but i thought initially the drive was
either dead or somehow disconnected. but at the bios level, the machine
reports the disk is ok (i ran some bios diagnostics on it).

so what i tried:

boot>
boot hd0a:/bsd

that just fails in the same way.

boot> machine diskinfo
DiskBIOS#   TypeCylsHeads   SecsFlags   Checksum
hd0 0x80label   1023255 63  0x2 0xd53d9ad8

that looks ok.

boot> ls
drwxr-xr-x 0,0 512  . 
drwxr-xr-x 0,0 512  ..
drwxr-xr-x 0,0 512  home
drwxr-xr-x 0,0 512  tmp
drwxr-xr-x 0,0 512  usr
drwxr-xr-x 0,0 512  var
-rwx-- 0,0 15696910 bsd
-rw--- 0,0 15696910 bsd.rd
drwxr-xr-x 0,0 512  altroot
drwxr-xr-x 0,0 1024 bin 
drwxr-xr-x 0,0 19456dev
drwxr-xr-x 0,0 1536 etc
drwxr-xr-x 0,0 512  mnt
drwxr-xr-x 0,0 512  root
drwxr-xr-x 0,0 1536 sbin
-rw-r--r-- 0,0 578  .cshrc
-rw-r--r-- 0,0 468  .profile
stat(hda0/./sys): No such file or directory
-rw-r--r-- 0,0 82320boot
-rw--- 0,0 15579327 bsd.sp
-rw--- 0,0 15714870 bsd.booted

so at this level i can see the disk. but when i boot it's not found.

trying fresh installs just end the same way - it fails to locate the
disk. so i can;t use anything like fdisk to dig around.

any opinions on whether the issue is with the disk, or whether there's
anything else i can try?

sorry i have no up to date dmesg for this machine ;(

thanks,
jmc

Re: Man page for md5(1)

[Jason McIntyre]

On Tue, Sep 20, 2016 at 10:20:05AM +1000, bytevolc...@safe-mail.net wrote:
> For md5(1) (and therefore, sha1(1), sha256(1), sha512(1)), the man page
> has this:
> 
> "-q  Only print the checksum (quiet mode)."
> 
> Since this has the same behaviour as "cksum -q", would it be best to
> keep it in line with it:
> 
> "-q   Only print the checksum (quiet mode) or if used in
> conjunction with the -c flag, only print the failed cases."
> 

fixed, thanks.
jmc

Re: minor updates to radiusd.8

[Jason McIntyre]

On Sun, Sep 18, 2016 at 12:33:24PM -0400, Rob Pierce wrote:
> New diff excluding the history section.
> 
> Rob
> 

fixed, thanks.
jmc

> Index: radiusd.8
> ===
> RCS file: /cvs/src/usr.sbin/radiusd/radiusd.8,v
> retrieving revision 1.6
> diff -u -p -r1.6 radiusd.8
> --- radiusd.8 25 Aug 2015 01:12:59 -  1.6
> +++ radiusd.8 18 Sep 2016 16:32:01 -
> @@ -29,6 +29,12 @@ The
>  .Nm
>  daemon implements the RADIUS protocol.
>  .Pp
> +.Nm
> +can be enabled during system boot by setting the following in
> +.Pa /etc/rc.conf.local :
> +.Pp
> +.Dl radiusd_flags=\&"\&"
> +.Pp
>  The options are as follows:
>  .Bl -tag -width Ds
>  .It Fl d
> @@ -49,7 +55,10 @@ Only check the configuration file for va
>  Default configuration file.
>  .El
>  .Sh SEE ALSO
> -.Xr radiusd.conf 5
> +.Xr radiusd.conf 5 ,
> +.Xr radiusctl 8 ,
> +.Xr rc.conf 8
> +.Sh STANDARDS
>  .Rs
>  .%R RFC 2865
>  .%T "Remote Authentication Dial In User Service (RADIUS)"

Re: calendar(1) entries for Sep 14 & 15

[Jason McIntyre]

On Wed, Sep 14, 2016 at 07:53:19AM -0500, Carson Chittom wrote:
> I noticed a couple of minor things in my daily calendar reminder
> email to draw someone's attention to:
> 
> 
> car...@oxford.wistly.net (Reminder Service) writes:
> 
> > Sep 14  The Selective Service Act establishes the first peacetime 
> > draft, 1940
> 
> This is in calendar.history -- I would suggest moving it to
> calendar.ushistory and/or amending it to read "...in the US"; I assume
> this wasn't the first instance of a peacetime draft in the history of
> the world, which seems implausible.
> 

there is a (painful) overlap in some of these files. i went with the
path of least resistance and left it in calendar.history. i updated the
entry to "US peacetime draft" to keep it in 80chars.

> > Sep 15  The Nazi's adopt a new national flag with the swastika, 1935
> 
> The apostrophe is extraneous here; it should just be "The Nazis"
> 

ouch.

jmc

Re: some more single user mode in /etc/rc

[Jason McIntyre]

On Mon, Sep 05, 2016 at 10:58:47AM -0400, Rob Pierce wrote:
> I wasn't actually looking for this, but stumbled across it while reviewing
> /etc/rc.
> 
> Rob
> 

well the code is different, at least for me. someone else might pick
this up, but i won't - sorry. i mean, to do the job right, you'd have to
check /usr/src, and then check for things like "multi user" or
"multiuser", and then...

jmc

> Index: rc
> ===
> RCS file: /cvs/src/etc/rc,v
> retrieving revision 1.486
> diff -u -p -r1.486 rc
> --- rc10 Jul 2016 09:08:18 -  1.486
> +++ rc5 Sep 2016 14:54:47 -
> @@ -262,7 +262,7 @@ do_fsck() {
>  stty status '^T'
>  
>  # Set shell to ignore SIGINT (2), but not children; shell catches SIGQUIT (3)
> -# and returns to single user after fsck.
> +# and returns to single-user mode after fsck.
>  trap : 2
>  trap : 3 # Shouldn't be needed.
>  
> @@ -289,9 +289,9 @@ if [[ $1 == shutdown ]]; then
>   echo warning: cannot write random seed to disk
>   fi
>  
> - # If we are in secure level 0, assume single user mode.
> + # If we are in secure level 0, assume single-user mode.
>   if (($(sysctl -n kern.securelevel) == 0)); then
> - echo 'single user: not running shutdown scripts'
> + echo 'single-user mode: not running shutdown scripts'
>   else
>   pkg_scripts=${pkg_scripts%%*( )}
>   if [[ -n $pkg_scripts ]]; then

Re: fix inconsistent man page use of "single user mode"

[Jason McIntyre]

On Mon, Sep 05, 2016 at 08:41:19AM -0400, Rob Pierce wrote:
> init.8 currently has six instances of "single-user mode" and three instances
> of "single-user shell", so fix the two "single user mode" outliers.
> 
> Also, correct the only other two instances of man pages with "single user
> mode" in afterboot.8 and netstart.8.
> 

fixed, thanks.
jmc

> 
> Index: init.8
> ===
> RCS file: /cvs/src/sbin/init/init.8,v
> retrieving revision 1.47
> diff -u -p -r1.47 init.8
> --- init.84 Sep 2011 18:20:48 -   1.47
> +++ init.85 Sep 2016 12:24:32 -
> @@ -68,7 +68,7 @@ file as explained in the
>  .Xr rc 8
>  manual.
>  .It Fl s
> -Boot directly into single user mode.
> +Boot directly into single-user mode.
>  .El
>  .Pp
>  Single-user mode is also entered if the boot scripts fail.
> @@ -265,7 +265,7 @@ When starting a window system or
>  the login class
>  .Dq default
>  is used.
> -No resource changes are made when entering single user mode.
> +No resource changes are made when entering single-user mode.
>  .Sh FILES
>  .Bl -tag -width /etc/rc.securelevel -compact
>  .It Pa /dev/console
> 
> Index: afterboot.8
> ===
> RCS file: /cvs/src/share/man/man8/afterboot.8,v
> retrieving revision 1.156
> diff -u -p -r1.156 afterboot.8
> --- afterboot.8   2 Sep 2016 12:17:33 -   1.156
> +++ afterboot.8   5 Sep 2016 12:29:10 -
> @@ -386,7 +386,7 @@ For example:
>  .Ss System command scripts
>  The
>  .Pa /etc/rc.*\&
> -scripts are invoked at boot time, after single user mode has exited,
> +scripts are invoked at boot time, after single-user mode has exited,
>  and at shutdown.
>  The whole process is controlled, more or less, by the master script
>  .Pa /etc/rc .
> 
> Index: netstart.8
> ===
> RCS file: /cvs/src/share/man/man8/netstart.8,v
> retrieving revision 1.20
> diff -u -p -r1.20 netstart.8
> --- netstart.85 Dec 2015 18:43:12 -   1.20
> +++ netstart.85 Sep 2016 12:29:10 -
> @@ -38,7 +38,7 @@
>  .Nm
>  is the command script that is invoked by
>  .Xr rc 8
> -during an automatic reboot and after single user mode is exited;
> +during an automatic reboot and after single-user mode is exited;
>  it performs network initialization.
>  .Pp
>  The

Re: hostname.if manpage enhancement: be clearer about #

[Jason McIntyre]

On Thu, Aug 11, 2016 at 03:53:12PM +, Michal Bozon wrote:
> > On Mon, Aug 08, 2016 at 10:23:22AM +0200, Michal Bozon wrote:
> > > Hi, I've had an issue connecting to a wireless network
> > > (by doas sh /etc/netstart $if). Its password contained
> > > '#' character(s).
> > > 
> > > Even adding "debug" keyword did not assure me
> > > whether the problem is with my password definition:
> > > wpakey s3cur3-as-#311, for illustration (was not sure
> > > if the '#' has to be escaped somehow); or somewhere
> > > else. Finally, it was the latter, but it took me a while
> > > to realize that.
> > > 
> > > Current hostname.if manpage is not absolutely clear:
> > > 
> > >   #Comments are allowed.  Anything following a comment
> > >   character is treated as a comment.
> > > 
> > > It suggests that what is before '#' might have a meaning,
> > > while the broader context of the definition strongly suggests
> > > that comment it is when '#' "keyword" is at the beginning.
> > > 
> > > Looking into /etc/netstart might also be confusing -
> > > just at the beginning, there's stripcom() function definition,
> > > which clearly strips the input line from '#' and following.
> > > However, this function is NOT applied to /etc/hostname.if,
> > > it is treated differently, entire line beginning with '#'
> > > is skipped (see # Skip comments and empty lines).
> > > 
> > > I am therefore proposing following or similar change:
> > > 
> > > --- /usr/src/share/man/man5/hostname.if.5
> > > +++ /usr/src/share/man/man5/hostname.if.5
> > > @@ -201,7 +201,7 @@
> > >  the interface, such as 64.
> > >  .It Li #
> > >  Comments are allowed.
> > > -Anything following a comment character is treated as a comment.
> > > +Line beginning with a comment character is treated as a comment.
> > >  .It Li \&! Ns Ar command
> > >  Arbitrary shell commands can be executed using this directive, as
> > >  long as they are available in the single-user environment (for
> > > 
> > 
> > hi.
> > 
> > the diff as-is is wrong. i mean it's valid to have this in your
> > hostname.if file:
> > 
> > up  # blah blah
> > 
> > that's a very common construct, and is allowed.
> > 
> > however it might be that to the list of things that should be double
> > quoted (whitespace and single quotes) we should add the comment
> > character. i'm not sure though.
> > 
> > jmc
> 
> 
> Indeed, my initial analysis was not correct, it is more, say,
> complicated.
> 
> As i said, my config with # in the password worked
> without any escaping or quoting needed.
> 

i understood from your mail that you'd had to escape it.

> !echo foo # boo
> will echo foo
> 
> !echo foo#boo
> will echo foo#boo
> 
> up # blah blah
> will work just because if fact it is ignored, because the interface is
> up-ped automatically, implicitly
> 

oh, so i chose a bad keyword to use as a test.

> dhcp # blah blah
> will NOT work, because in the end it is interpreted as cmd:
> ifconfig ath0 # blah blah   down;dhclient ath0
> 

why would that sample pass "down" to dhclient?

still, it's obvious i don;t know enough about the parsing. so i'll bow
out...

jmc

Re: hostname.if manpage enhancement: be clearer about #

[Jason McIntyre]

On Mon, Aug 08, 2016 at 10:23:22AM +0200, Michal Bozon wrote:
> Hi, I've had an issue connecting to a wireless network
> (by doas sh /etc/netstart $if). Its password contained
> '#' character(s).
> 
> Even adding "debug" keyword did not assure me
> whether the problem is with my password definition:
> wpakey s3cur3-as-#311, for illustration (was not sure
> if the '#' has to be escaped somehow); or somewhere
> else. Finally, it was the latter, but it took me a while
> to realize that.
> 
> Current hostname.if manpage is not absolutely clear:
> 
>   #Comments are allowed.  Anything following a comment
>   character is treated as a comment.
> 
> It suggests that what is before '#' might have a meaning,
> while the broader context of the definition strongly suggests
> that comment it is when '#' "keyword" is at the beginning.
> 
> Looking into /etc/netstart might also be confusing -
> just at the beginning, there's stripcom() function definition,
> which clearly strips the input line from '#' and following.
> However, this function is NOT applied to /etc/hostname.if,
> it is treated differently, entire line beginning with '#'
> is skipped (see # Skip comments and empty lines).
> 
> I am therefore proposing following or similar change:
> 
> --- /usr/src/share/man/man5/hostname.if.5
> +++ /usr/src/share/man/man5/hostname.if.5
> @@ -201,7 +201,7 @@
>  the interface, such as 64.
>  .It Li #
>  Comments are allowed.
> -Anything following a comment character is treated as a comment.
> +Line beginning with a comment character is treated as a comment.
>  .It Li \&! Ns Ar command
>  Arbitrary shell commands can be executed using this directive, as
>  long as they are available in the single-user environment (for
> 

hi.

the diff as-is is wrong. i mean it's valid to have this in your
hostname.if file:

up  # blah blah

that's a very common construct, and is allowed.

however it might be that to the list of things that should be double
quoted (whitespace and single quotes) we should add the comment
character. i'm not sure though.

jmc

Re: jot(1) changed behavior

[Jason McIntyre]

On Sat, Jul 16, 2016 at 09:46:29PM +0200, Theo Buehler wrote:
> I see two options apart from reverting my commit.
> 
> 1. Just fix the bug Otto noticed. Remove the section on randomness
>completely and fix one example in the manual. That's what the patch
>in this mail does. The patch for jot.c is the same as in my previous
>mail.
> 
> 2. Restore the previous behavior when -w or -c is specified together
>with -r and fix the bug Otto noticed. I will send this patch in a
>second mail.
> 
> sobrado@ and I checked that this patch would match the behavior of Linux
> and NetBSD. In particular, the format string does not change the output
> drastically:
> 
> $ jot -r 10 1 3 | sort -n | uniq -c
> 33148 1
> 33452 2
> 33400 3
> $ jot -w %d -r 10 1 3 | sort -n | uniq -c
> 33373 1
> 33239 2
> 33388 3
> 
> I think this behavior makes sense: if the output consists of integers
> anyway, then a %d format should not alter it, independently of what
> happens under the hood.
> 
> The downside is that it breaks scripts that relied on the previous
> behavior that was explicitly mentioned in the manual (as Philippe found
> the hard way; sorry about that!).
> 

i know we need to tread carefully with breaking scripts, but i think the
balance is that we need a sane world too. i think we should take the stand
for simplicity and sanity (option 1).

ok for the man page.

jmc

> Index: jot.1
> ===
> RCS file: /var/cvs/src/usr.bin/jot/jot.1,v
> retrieving revision 1.19
> diff -u -p -r1.19 jot.1
> --- jot.1 4 Jan 2016 23:21:28 -   1.19
> +++ jot.1 16 Jul 2016 19:09:59 -
> @@ -225,41 +225,6 @@ specifying an integer format:
>  .Bd -literal -offset indent
>  $ jot -w %d 6 1 10 0.5
>  .Ed
> -.Pp
> -For random sequences, the output format also influences the range
> -and distribution of the generated numbers:
> -.Bd -literal -offset indent
> -$ jot -r 10 1 3 | sort -n | uniq -c
> -24950 1
> -50038 2
> -25012 3
> -.Ed
> -.Pp
> -The values at the beginning and end of the interval
> -are generated less frequently than the other values.
> -There are several ways to solve this problem and generate evenly distributed
> -integers:
> -.Bd -literal -offset indent
> -$ jot -r -p 0 10 0.5 3.5 | sort -n | uniq -c
> -33374 1
> -33363 2
> -33263 3
> -
> -$ jot -w %d -r 10 1 4 | sort -n | uniq -c
> -33306 1
> -33473 2
> -33221 3
> -.Ed
> -.Pp
> -Note that with random sequences, all numbers generated will
> -be smaller than the upper bound.
> -The largest value generated will be a tiny bit smaller than
> -the upper bound.
> -For floating point formats, the value is rounded as described
> -before being printed.
> -For integer formats, the highest value printed will be one less
> -than the requested upper bound, because the generated value will
> -be truncated.
>  .Sh EXAMPLES
>  Print 21 evenly spaced numbers increasing from \-1 to 1:
>  .Pp
> @@ -280,7 +245,7 @@ comes after the character
>  .Sq z
>  in the ASCII character set):
>  .Pp
> -.Dl "$ jot \-r \-c 160 a { | rs \-g0 0 8"
> +.Dl "$ jot \-r \-c 160 a z | rs \-g0 0 8"
>  .Pp
>  Infinitely many
>  .Xr yes 1 Ns 's
> Index: jot.c
> ===
> RCS file: /var/cvs/src/usr.bin/jot/jot.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 jot.c
> --- jot.c 10 Jan 2016 01:15:52 -  1.27
> +++ jot.c 16 Jul 2016 19:10:18 -
> @@ -277,9 +277,6 @@ main(int argc, char *argv[])
>   if (prec > 9)   /* pow(10, prec) > UINT32_MAX */
>   errx(1, "requested precision too large");
>  
> - while (prec-- > 0)
> - pow10 *= 10;
> -
>   if (ender < begin) {
>   x = begin;
>   begin = ender;
> @@ -287,16 +284,22 @@ main(int argc, char *argv[])
>   }
>   x = ender - begin;
>  
> - /*
> -  * If pow10 * (ender - begin) is an integer, use
> -  * arc4random_uniform().
> -  */
> - use_unif = fmod(pow10 * (ender - begin), 1) == 0;
> - if (use_unif) {
> - uintx = pow10 * (ender - begin);
> - if (uintx >= UINT32_MAX)
> - errx(1, "requested range too large");
> - uintx++;
> + if (prec == 0 && (fmod(ender, 1) != 0 || fmod(begin, 1) != 0))
> + use_unif = 0;
> + else {
> + while (prec-- > 0)
> + pow10 *= 10;
> + /*
> +  * If pow10 * (ender - begin) is an integer, use
> +  * arc4random_uniform().
> +  */
> + use_unif = fmod(pow10 * (ender - begin), 1) == 0;
> + if (use_unif) {
> + uintx = pow10 * (ender - begin);
> +   

Re: How to handle different sections with new man.conf?

[Jason McIntyre]

On Sat, Jun 25, 2016 at 04:06:41PM -0600, Andy Bradford wrote:
> Hello,
> 
> Using OpenBSD 5.8-stable.
> 
> I used to have the following in /etc/man.conf:
> 
> tcl85   /usr/local/lib/tcl/tcl8.5/man/
> tcl86   /usr/local/lib/tcl/tcl8.6/man/
> 
> Which  made it  easy to  view  one or  the  other by  using the  section
> argument:
> 
> man tcl85 Tcl
> man tcl86 Tcl
> 
> man(1) still appears to be documented to have this functionality:
> 
>  man [-acfhklw] [-C file] [-I os=name] [-K encoding] [-M path] [-m path]
>  [-O option=value] [-S subsection] [-s section] [-T output] [-W level]
>  [section] name ...
>  ^
> 
> But I see no  way of expressing it in the new  man.conf or addressing it
> in the  command line.  Here is what  I have added  according to  the new
> man.conf(5):
> 
> manpath /usr/local/lib/tcl/tcl8.5/man
> manpath /usr/local/lib/tcl/tcl8.6/man
> 
> But I don't see how to  use [section] anymore. man(1) does mention using
> [-s section] with n  as the section, but that only  seems to display the
> first match of tcl8.5 and does  not allow further granularity (as far as
> I can tell).
> 
> Have I missed something in the man pages, or what am I doing wrong?
> 
> Thanks,
> 
> Andy

hi.

i don;t think it's currently possible to do exactly what you propose. i
think ingo stripped man.conf pretty bare.

the workarounds would be:

- have multiple conf files and use man -C to get the one you want
- use man -m on the command line (or aliases) to get what you want

i think man(1) is currently wrong regarding the section values in -s
(i'll look into that).

jmc

Re: document the actual meaning of ssh's "command" argument

[Jason McIntyre]

On Wed, Jun 01, 2016 at 04:41:44PM -0400, Raul Miller wrote:
> On Wed, Jun 1, 2016 at 4:23 PM, Theo de Raadt  wrote:
> > Sadly, no proposal, and no diff.
> 
> Minimal diff, for the thorough student:
> 

how does adding an Xr to sh(1) help someone using ssh(1)?
over and beyond the fact that knowing how to use a shell will help you...

there is enough stuff for the user to take on board already. should every
man page reference every man page, just in case?

we're drawing a line. it will never be the right line for everyone.

jmc

> *** /usr/share/man/man1/ssh.1   Sun Aug 16 08:19:29 2015
> --- ssh.1   Tue May 31 16:05:23 2016
> ***
> *** 1566,1571 
> --- 1566,1572 
>   .Sh SEE ALSO
>   .Xr scp 1 ,
>   .Xr sftp 1 ,
> + .Xr sh 1 ,
>   .Xr ssh-add 1 ,
>   .Xr ssh-agent 1 ,
>   .Xr ssh-keygen 1 ,
> 
> -- 
> Raul

Re: document the actual meaning of ssh's "command" argument

[Jason McIntyre]

On Wed, Jun 01, 2016 at 04:12:39PM -0400, Raul Miller wrote:
> On Wed, Jun 1, 2016 at 1:53 PM, Jason McIntyre <j...@kerhand.co.uk> wrote:
> > - i don;t think it's within ssh(1)'s remit to describe how to quote
> >   commands.
> 
> While I agree with most of your points, I emphatically disagree with
> this line of thought.
> 

so we disagree. that's fine.
jmc

Re: document the actual meaning of ssh's "command" argument

[Jason McIntyre]

On Wed, Jun 01, 2016 at 10:04:20AM +0300, pizdel...@gmail.com wrote:
> After reading just the ssh(1) man page and the usage abstract, some poor
> soul may think that the "command" argument to ssh may be either a simple
> command or executable path that will be directly passed to execvp().
> 
> Even if he doesn't depend on any extra arguments being either used or
> ignored, he may be bitten by paths with spaces, or by a login shell that
> is not /bin/sh-like.
> 
> Better document the whole thing as it stands; a lot of scripts already
> depend on the current behaviour, so it's not realistic to expect
> it to ever change.
> 

i'm inclined to disagree with this diff, for the following reasons:

- it's adding needless complexity to an already complex usage/synopsis

- i think the manuals have to come at it from a level of expectation
  from the reader. otherwise we'd tie ourselves in knots before even
  starting the document.

- it's not really sane to imagine someone would want to run something
  like finger(1) on a server but be frustrated because the man page makes
  it sound like it's not possible to specify arguments.

- i don;t think it's within ssh(1)'s remit to describe how to quote
  commands.

- comparable pages like sh/ksh do not go down this road either. and
  please don;t suggest changing "command" to "string"...

that's not to say i'm not sympathetic, it's just what i think on
balance.

jmc

> Index: usr.bin/ssh/ssh.1
> ===
> RCS file: /cvs/src/usr.bin/ssh/ssh.1,v
> retrieving revision 1.371
> diff -u -r1.371 ssh.1
> --- usr.bin/ssh/ssh.1 4 May 2016 12:21:53 -   1.371
> +++ usr.bin/ssh/ssh.1 1 Jun 2016 06:59:46 -
> @@ -64,7 +64,7 @@
>  .Op Fl W Ar host : Ns Ar port
>  .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
>  .Oo Ar user Ns @ Oc Ns Ar hostname
> -.Op Ar command
> +.Op Ar command Op Ar args ...
>  .Ek
>  .Sh DESCRIPTION
>  .Nm
> @@ -88,8 +88,12 @@
>  .Pp
>  If
>  .Ar command
> -is specified,
> -it is executed on the remote host instead of a login shell.
> +is specified, it is joined by spaces with any extra
> +.Ar args
> +into a command string that
> +will be executed via the
> +.Fl c
> +option of the remote user's login shell instead of an interactive session.
>  .Pp
>  The options are as follows:
>  .Pp
> @@ -966,9 +970,8 @@
>  host key is not known or has changed.
>  .Pp
>  When the user's identity has been accepted by the server, the server
> -either executes the given command in a non-interactive session or,
> -if no command has been specified, logs into the machine and gives
> -the user a normal shell as an interactive session.
> +logs into the machine and uses the remote user's login shell to run
> +an interactive session or the given command.
>  All communication with
>  the remote command or shell will be automatically encrypted.
>  .Pp
> Index: usr.bin/ssh/ssh.c
> ===
> RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
> retrieving revision 1.440
> diff -u -r1.440 ssh.c
> --- usr.bin/ssh/ssh.c 4 May 2016 14:29:58 -   1.440
> +++ usr.bin/ssh/ssh.c 1 Jun 2016 06:59:46 -
> @@ -190,7 +190,7 @@
>  "   [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n"
>  "   [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p 
> port]\n"
>  "   [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n"
> -"   [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
> +"   [-w local_tun[:remote_tun]] [user@]hostname [command [args 
> ...]]\n"
>   );
>   exit(255);
>  }

Re: Flaw in ipsec.conf(5)?

[Jason McIntyre]

On Fri, May 27, 2016 at 01:21:55PM +0200, Bruno Flueckiger wrote:
> After discussing this with Philipp Buehler off list I have reworked my
> diff to make things easier in the example.
> 
> The paragraph which contains set skip on enc0 just before the ruleset
> is removed. All filtering in the rule set is done on sk0, skipping enc0
> entirely.
> 
> The new rule set looks like this:
> 
> block on sk0
> set skip on enc0
> 
> pass  in on sk0 proto udp from 192.168.3.2 to 192.168.3.1 \
>   port {500, 4500}
> pass out on sk0 proto udp from 192.168.3.1 to 192.168.3.2 \
>   port {500, 4500}
> 
> pass  in on sk0 proto esp from 192.168.3.2 to 192.168.3.1
> pass out on sk0 proto esp from 192.168.3.1 to 192.168.3.2
> 
> pass  in on sk0 from 10.0.2.0/24 to 10.0.1.0/24 \
>   keep state (if-bound)
> pass out on sk0 from 10.0.1.0/24 to 10.0.2.0/24 \
>   keep state (if-bound)
> 

what then is the point of this section? to tell us to not filter
ipsec traffic?

what really needs to happen is for developers concerned with ipsec to
either recognise a change and adjust the filter rules accordingly, or
to say the idea of filtering enc traffic no longer makes sense and to
remove the section. or to tell you what's in ipsec.conf(5) is correct,
and why.

until that happens, the text will remain, i think.

jmc

> 
> Index: sbin/ipsecctl/ipsec.conf.5
> ===
> RCS file: /cvs/src/sbin/ipsecctl/ipsec.conf.5,v
> retrieving revision 1.151
> diff -u -p -r1.151 ipsec.conf.5
> --- sbin/ipsecctl/ipsec.conf.59 Dec 2015 21:41:50 -   1.151
> +++ sbin/ipsecctl/ipsec.conf.527 May 2016 11:07:55 -
> @@ -493,20 +493,12 @@ Match traffic of phase 2 SAs using the
>  keyword.
>  .El
>  .Pp
> -If the filtering rules specify to block everything by default,
> -the following rule
> -would ensure that IPsec traffic never hits the packet filtering engine,
> -and is therefore passed:
> -.Bd -literal -offset indent
> -set skip on enc0
> -.Ed
> -.Pp
>  In the following example, all traffic is blocked by default.
>  IPsec-related traffic from gateways {192.168.3.1, 192.168.3.2} and
>  networks {10.0.1.0/24, 10.0.2.0/24} is permitted.
>  .Bd -literal -offset indent
>  block on sk0
> -block on enc0
> +set skip on enc0
>  
>  pass  in on sk0 proto udp from 192.168.3.2 to 192.168.3.1 \e
>   port {500, 4500}
> @@ -516,13 +508,9 @@ pass out on sk0 proto udp from 192.168.3
>  pass  in on sk0 proto esp from 192.168.3.2 to 192.168.3.1
>  pass out on sk0 proto esp from 192.168.3.1 to 192.168.3.2
>  
> -pass  in on enc0 proto ipencap from 192.168.3.2 to 192.168.3.1 \e
> - keep state (if-bound)
> -pass out on enc0 proto ipencap from 192.168.3.1 to 192.168.3.2 \e
> - keep state (if-bound)
> -pass  in on enc0 from 10.0.2.0/24 to 10.0.1.0/24 \e
> +pass  in on sk0 from 10.0.2.0/24 to 10.0.1.0/24 \e
>   keep state (if-bound)
> -pass out on enc0 from 10.0.1.0/24 to 10.0.2.0/24 \e
> +pass out on sk0 from 10.0.1.0/24 to 10.0.2.0/24 \e
>   keep state (if-bound)
>  .Ed
>  .Pp

Re: Flaw in ipsec.conf(5)?

[Jason McIntyre]

On Tue, May 24, 2016 at 10:53:16AM +0200, Bruno Flueckiger wrote:
> Hi,
> 
> I've tested IPsec connections in my lab. The setup looks like this:
> 
> [cli] <-- vlan10 --> [gw1] <> [inet] <> [gw2] <-- vlan20 --> [srv]
>   IPsec=
> 
> During the testing I think I've found a flaw in ipsec.conf(5). According
> to the man page the esp packets need to be passed on interface sk0:
> 
> block on sk0
> block on enc0
>  
> pass  in on sk0 proto udp from 192.168.3.2 to 192.168.3.1 \
>   port {500, 4500}
> pass out on sk0 proto udp from 192.168.3.1 to 192.168.3.2 \
>   port {500, 4500}
>  
> pass  in on sk0 proto esp from 192.168.3.2 to 192.168.3.1
> pass out on sk0 proto esp from 192.168.3.1 to 192.168.3.2
>  
> My test setup didn't allow communication between [cli] and [srv]. Checking
> the reason on [gw1] using tcpdump -nettti pflog0 shows that esp packets
> are blocked by pf on enc0. So I included the interface enc0 in the pass
> rules for esp packets. After this the connections work as expected.
> 
> As a result of my tests I've created the diff below for ipsec.conf(5). Is
> this ok or did I miss something?
> 

i think you should provide more details of your setup first. for
example, ipsec.conf(5) shows pf rules for ipencap but you only provide a
small snippet of your pf.conf. no vlan details. none of your tcpdump
output that leads you to this conclusion. no routing details.

then keep your fingers crossed. i think most people run for the hills
when they see ipsec mail.

jmc

> Cheers,
> Bruno
> 
> Index: sbin/ipsecctl/ipsec.conf.5
> ===
> RCS file: /cvs/src/sbin/ipsecctl/ipsec.conf.5,v
> retrieving revision 1.151
> diff -u -p -r1.151 ipsec.conf.5
> --- sbin/ipsecctl/ipsec.conf.59 Dec 2015 21:41:50 -   1.151
> +++ sbin/ipsecctl/ipsec.conf.524 May 2016 08:24:49 -
> @@ -513,8 +513,8 @@ pass  in on sk0 proto udp from 192.168.3
>  pass out on sk0 proto udp from 192.168.3.1 to 192.168.3.2 \e
>   port {500, 4500}
>  
> -pass  in on sk0 proto esp from 192.168.3.2 to 192.168.3.1
> -pass out on sk0 proto esp from 192.168.3.1 to 192.168.3.2
> +pass  in on {sk0 enc0} proto esp from 192.168.3.2 to 192.168.3.1
> +pass out on {sk0 enc0} proto esp from 192.168.3.1 to 192.168.3.2
>  
>  pass  in on enc0 proto ipencap from 192.168.3.2 to 192.168.3.1 \e
>   keep state (if-bound)

Re: remove password advice in afterboot.8 and passwd.1

[Jason McIntyre]

On Sun, Apr 17, 2016 at 11:23:14PM -0400, Rob Pierce wrote:
> Stop giving password advice. Instead, make a general statement about password
> strength in passwd.1.
> 
> Rob
> 

i don;t see why we should not try to give advice.
jmc

> Index: afterboot.8
> ===
> RCS file: /cvs/src/share/man/man8/afterboot.8,v
> retrieving revision 1.153
> diff -u -p -r1.153 afterboot.8
> --- afterboot.8   8 Dec 2015 13:36:05 -   1.153
> +++ afterboot.8   18 Apr 2016 03:18:04 -
> @@ -103,10 +103,6 @@ Change the password for the root user.
>  (Note that throughout the documentation, the term
>  .Dq superuser
>  is a synonym for the root user.)
> -Choose a password that has digits and special characters
> -as well as from the upper and lower case alphabet.
> -Do not choose any word in any language.
> -It is common for an intruder to use dictionary attacks.
>  Type the following command to change it:
>  .Pp
>  .Dl $ doas passwd root
> @@ -594,6 +590,7 @@ is contained within
>  .Xr doas 1 ,
>  .Xr ksh 1 ,
>  .Xr man 1 ,
> +.Xr passwd 1 ,
>  .Xr pkg_add 1 ,
>  .Xr ps 1 ,
>  .Xr vi 1 ,
> 
> Index: passwd.1
> ===
> RCS file: /cvs/src/usr.bin/passwd/passwd.1,v
> retrieving revision 1.44
> diff -u -p -r1.44 passwd.1
> --- passwd.1  26 Nov 2015 19:01:47 -  1.44
> +++ passwd.1  18 Apr 2016 03:18:42 -
> @@ -49,13 +49,10 @@ First, the user is prompted for their cu
>  If the current password is correctly typed, a new password is requested.
>  The new password must be entered twice to avoid typing errors.
>  .Pp
> -The new password should be at least six characters long and not
> -purely alphabetic.
> -Its total length must be less than
> +Password strength is a function of length and complexity.
> +The total password length must be less than
>  .Dv _PASSWORD_LEN
>  (currently 128 characters).
> -A mixture of both lower and uppercase letters, numbers, and
> -meta-characters is encouraged.
>  .Pp
>  The quality of the password can be enforced by specifying an external
>  checking program via the

Re: library-specs(7) erratum

[Jason McIntyre]

On Sat, Apr 16, 2016 at 01:44:27AM -0600, Bob NW8L wrote:
> Hello,
> 
> Now that architectures without shared libraries aren't supported [1],
> shouldn't the reference to them should be removed from library-specs(7)?
> 

fixed, thanks.
jmc

> Index: library-specs.7
> ===
> RCS file: /cvs/src/share/man/man7/library-specs.7,v
> retrieving revision 1.11
> diff -u -p -r1.11 library-specs.7
> --- library-specs.7 27 Sep 2015 14:27:52 -  1.11
> +++ library-specs.7 16 Apr 2016 07:18:00 -
> @@ -92,16 +92,6 @@ If a specific major number is needed, us
>  If the minor component is left empty, any minor will do.
>  If both components are left empty, any version will do.
>  .Pp
> -If a given architecture does not support shared libraries, all
> -.Ev LIB_DEPENDS
> -will be turned into simple
> -.Ev BUILD_DEPENDS
> -checks, and so,
> -failure to mention
> -.Ev RUN_DEPENDS
> -if the port needs anything beyond libraries from the dependent port will
> -lead to strange errors on such architectures.
> -.Pp
>  Most specifications won't mention a
>  .Pa path :
>  .Xr resolve-lib 1
> 
> [1] http://article.gmane.org/gmane.os.openbsd.cvs/154333

Re: diff for help.1

[Jason McIntyre]

On Fri, Apr 15, 2016 at 07:42:05PM -0400, Rob Pierce wrote:
> On Fri, Apr 15, 2016 at 04:16:59PM -0400, Rob Pierce wrote:
> > Recent FAQ cleanup lost a reference to mg(1) (section 2.2).
> > 
> > Text editors seem fundamental enough to include in help.1.
> > 
> > While here, make consistent use of references to command arguments (Ar).
> > 
> > Rob
> 
> Sorry - clean diff with stray comments removed.
> 
> Rob
> 

committed, thanks.
jmc

> Index: help.1
> ===
> RCS file: /cvs/src/share/man/man1/help.1,v
> retrieving revision 1.1
> diff -u -p -r1.1 help.1
> --- help.127 Mar 2015 01:59:26 -  1.1
> +++ help.115 Apr 2016 23:40:33 -
> @@ -88,7 +88,7 @@ in the system password file
>  .It Cm man
>  Interface to the system manual pages.
>  For any of the commands listed below, type
> -.Ic man 
> +.Ic man Ar command
>  for detailed information on what it does and how to use it.
>  .It Cm pwd
>  Print working directory.
> @@ -109,12 +109,18 @@ Type
>  for a detailed listing.
>  .It Cm cat
>  Although it has many more uses,
> -.Ic cat filename
> +.Ic cat Ar filename
>  will print the contents of a plain-text file to the screen.
> +.It Cm vi
> +Edit text files.
> +For example,
> +.Ic vi Ar filename .
> +See also
> +.Xr mg 1 .
>  .It Cm mkdir
>  Make a directory.
>  For example,
> -.Ic mkdir foobar .
> +.Ic mkdir Ar dirname .
>  .It Cm rmdir
>  Remove a directory.
>  .It Cm rm

Re: man pages diff

[Jason McIntyre]

On Thu, Apr 07, 2016 at 10:13:02PM +0200, Ingo Schwarze wrote:
> Hi,
> 
> Jason McIntyre wrote on Thu, Apr 07, 2016 at 08:35:52PM +0100:
> > On Thu, Apr 07, 2016 at 03:15:01PM -0400, Rob Pierce wrote:
> 
> >> Change "super user" to "superuser".
> 
> > hmm. you have the weight of the man pages behind you, since they
> > overwhelmingly use "superuser".
> 
> In that case, ...
> 
> > the trouble is, i don;t think "super
> > user" is wrong, and i'm reluctant to do this...
> > 
> > i've made changes like this before, when we have a real majority of
> > spelling leading one way. but they always creep back in. i think we
> > should just accept that we can spell things more than one way sometimes.
> > 
> > but then grep ;(
> > 
> > jmc, indecisive...
> 
>  ... just commit it, in particular when the work was already done.
> 
> Sure, it's not a big deal either way, and it doesn't do much harm
> if a few spelling variants creep back in, no need to waste a lot
> of time paying attention that they don't, but if we can improve
> consistency almost for free, why not?
> 
> It can also help developers who look for spelling help in existing
> pages if they find consistent usage.  That tends to reduce the time
> spent trying to figure out whether there is a preferred form.  On
> the other hand, consistency doesn't slow down people who don't care
> as long as we don't yell at them.
> 
> Yours,
>   Ingo
> 

hi.

as far as i'm concerned, "super user" is not wrong. that's the rub. we
have lots of alternate spellings in english, and i don;t see the point
of trying to enforce one or the other. if they were spelled differently
within the same page, then yes, fair enough.

for me, there's not a clear enough benefit to make the change. and i
don;t like to somehow enforce spelling in a particular way.

jmc

> 
> > > Index: src/share/man/man4/pty.4
> > > ===
> > > RCS file: /cvs/src/share/man/man4/pty.4,v
> > > retrieving revision 1.21
> > > diff -u -p -r1.21 pty.4
> > > --- src/share/man/man4/pty.4  21 Nov 2015 08:04:20 -  1.21
> > > +++ src/share/man/man4/pty.4  7 Apr 2016 19:12:07 -
> > > @@ -298,7 +298,7 @@ device nodes following the naming conven
> > >  .Ox .
> > >  Since
> > >  .Pa ptm
> > > -impersonates the super user for some operations it needs to perform
> > > +impersonates the superuser for some operations it needs to perform
> > >  to complete the allocation of a pseudo terminal, the
> > >  .Pa /dev
> > > -directory must also be writeable by the super user.
> > > +directory must also be writeable by the superuser.
> > > 
> > > Index: src/share/man/man5/login.conf.5
> > > ===
> > > RCS file: /cvs/src/share/man/man5/login.conf.5,v
> > > retrieving revision 1.62
> > > diff -u -p -r1.62 login.conf.5
> > > --- src/share/man/man5/login.conf.5   30 Mar 2016 06:58:06 -  
> > > 1.62
> > > +++ src/share/man/man5/login.conf.5   7 Apr 2016 19:12:07 -
> > > @@ -683,7 +683,7 @@ to indicate if the user is in group whee
> > >  Some authentication types require the user to be in group wheel when 
> > > using
> > >  the
> > >  .Xr su 1
> > > -program to become super user.
> > > +program to become superuser.
> > >  .El
> > >  .Pp
> > >  When the authentication program is executed,
> > > 
> > > Index: src/usr.sbin/cron/crontab.1
> > > ===
> > > RCS file: /cvs/src/usr.sbin/cron/crontab.1,v
> > > retrieving revision 1.33
> > > diff -u -p -r1.33 crontab.1
> > > --- src/usr.sbin/cron/crontab.1   26 Oct 2015 15:50:06 -  1.33
> > > +++ src/usr.sbin/cron/crontab.1   7 Apr 2016 19:12:07 -
> > > @@ -65,7 +65,7 @@ be listed in the
> > >  .Pa /var/cron/cron.deny
> > >  file in order to use
> > >  .Nm .
> > > -If neither of these files exists then only the super user
> > > +If neither of these files exists then only the superuser
> > >  will be allowed to use
> > >  .Nm .
> > >  .Em NOTE :

Re: man pages diff

[Jason McIntyre]

On Thu, Apr 07, 2016 at 03:15:01PM -0400, Rob Pierce wrote:
> Change "super user" to "superuser".
> 
> Rob
> 

hmm. you have the weight of the man pages behind you, since they
overwhelmingly use "superuser". the trouble is, i don;t think "super
user" is wrong, and i'm reluctant to do this...

i've made changes like this before, when we have a real majority of
spelling leading one way. but they always creep back in. i think we
should just accept that we can spell things more than one way sometimes.

but then grep ;(

jmc, indecisive...

> Index: src/share/man/man4/pty.4
> ===
> RCS file: /cvs/src/share/man/man4/pty.4,v
> retrieving revision 1.21
> diff -u -p -r1.21 pty.4
> --- src/share/man/man4/pty.4  21 Nov 2015 08:04:20 -  1.21
> +++ src/share/man/man4/pty.4  7 Apr 2016 19:12:07 -
> @@ -298,7 +298,7 @@ device nodes following the naming conven
>  .Ox .
>  Since
>  .Pa ptm
> -impersonates the super user for some operations it needs to perform
> +impersonates the superuser for some operations it needs to perform
>  to complete the allocation of a pseudo terminal, the
>  .Pa /dev
> -directory must also be writeable by the super user.
> +directory must also be writeable by the superuser.
> 
> Index: src/share/man/man5/login.conf.5
> ===
> RCS file: /cvs/src/share/man/man5/login.conf.5,v
> retrieving revision 1.62
> diff -u -p -r1.62 login.conf.5
> --- src/share/man/man5/login.conf.5   30 Mar 2016 06:58:06 -  1.62
> +++ src/share/man/man5/login.conf.5   7 Apr 2016 19:12:07 -
> @@ -683,7 +683,7 @@ to indicate if the user is in group whee
>  Some authentication types require the user to be in group wheel when using
>  the
>  .Xr su 1
> -program to become super user.
> +program to become superuser.
>  .El
>  .Pp
>  When the authentication program is executed,
> 
> Index: src/usr.sbin/cron/crontab.1
> ===
> RCS file: /cvs/src/usr.sbin/cron/crontab.1,v
> retrieving revision 1.33
> diff -u -p -r1.33 crontab.1
> --- src/usr.sbin/cron/crontab.1   26 Oct 2015 15:50:06 -  1.33
> +++ src/usr.sbin/cron/crontab.1   7 Apr 2016 19:12:07 -
> @@ -65,7 +65,7 @@ be listed in the
>  .Pa /var/cron/cron.deny
>  file in order to use
>  .Nm .
> -If neither of these files exists then only the super user
> +If neither of these files exists then only the superuser
>  will be allowed to use
>  .Nm .
>  .Em NOTE :

Re: ports(7) has a 404 link

[Jason McIntyre]

On Wed, Apr 06, 2016 at 02:20:03PM +0200, Sol??ne Rapenne wrote:
> Hi
> 
> Dead link in ports(7)
> 

fixed, thanks.
jmc

> 
> Index: ports.7
> ===
> RCS file: /cvs/src/share/man/man7/ports.7,v
> retrieving revision 1.106
> diff -u -p -r1.106 ports.7
> --- ports.7 24 Nov 2015 21:27:03 -  1.106
> +++ ports.7 6 Apr 2016 12:16:25 -
> @@ -743,7 +743,7 @@ List of users and groups created by port
>  The
>  .Ox
>  Ports System:
> -.Lk http://www.openbsd.org/faq/ports/ports.html
> +.Lk http://www.openbsd.org/faq/faq15.html
>  .Pp
>  The
>  .Ox

Re: doas.conf cmd with argument(s)

[Jason McIntyre]

On Mon, Apr 04, 2016 at 12:26:50AM +0200, Tim van der Molen wrote:
> Philip Guenther (2016-04-01 23:47 +0200):
> > Sooo close.  To quote doas.conf(5):
> > 
> >  The rules have the following format:
> > 
> >permit|deny [options] identity [as target] [cmd command [args 
> > ...]]
> ...
> > 'args' is *literal* there, so the correct config line would be
> > permit nopass support as root cmd /usr/sbin/rcctl args restart ntpd
> 
> I think doas.conf(5) is misleading here: the ellipsis in "args ..."
> implies that "args" is an argument that may be given multiple times.
> 
> Hence "args ..." should be replaced by "args [arg ...]" as done in the
> diff below. (Unfortunately, with this diff the rule format will no
> longer fit on one line.)
> 

it is a bit inconsistent, yes.

it is very much less readable with a line break. you could remove the
offset, but that doesn;t look great either. you could specify a smaller
offset and juggle the actual text a bit.

the text is clear enough. i don;t really have a problem with what's
there. at least, i don;t see an easy way to both make the change you're
requesting and have it still read nicely.

jmc

> Index: doas.conf.5
> ===
> RCS file: /cvs/src/usr.bin/doas/doas.conf.5,v
> retrieving revision 1.18
> diff -p -u -r1.18 doas.conf.5
> --- doas.conf.5   2 Jan 2016 08:34:47 -   1.18
> +++ doas.conf.5   3 Apr 2016 22:25:17 -
> @@ -35,7 +35,7 @@ The rules have the following format:
>  .Op Ar options
>  .Ar identity
>  .Op Ic as Ar target
> -.Op Ic cmd Ar command Op Ic args ...
> +.Op Ic cmd Ar command Op Ic args Op Ar arg ...
>  .Ed
>  .Pp
>  Rules consist of the following parts:
> @@ -78,7 +78,7 @@ Be advised that it's best to specify abs
>  If a cmd is specified, only a restricted
>  .Ev PATH
>  will be searched.
> -.It Ic args ...
> +.It Ic args Op Ar arg ...
>  Arguments to command.
>  If specified, the command arguments provided by the user
>  need to match for the command to be successful.

Re: reference ipsec.conf in ipsec.4 under SEE ALSO?

[Jason McIntyre]

On Fri, Mar 18, 2016 at 04:59:29PM -0400, Rob Pierce wrote:
> I think it make sense for ipsec.4 to reference it's own configuration file 
> under SEE ALSO.
> 

fixed, thanks. but note SEE ALSO is sorted by section first, so it should
be after the options Xr.

jmc

> Index: ipsec.4
> ===
> RCS file: /cvs/src/share/man/man4/ipsec.4,v
> retrieving revision 1.83
> diff -u -p -r1.83 ipsec.4
> --- ipsec.4   16 Feb 2015 16:38:54 -  1.83
> +++ ipsec.4   18 Mar 2016 20:51:05 -
> @@ -378,6 +378,7 @@ allocations).
>  .\".Xr ipcomp 4 ,
>  .Xr options 4 ,
>  .Xr iked 8 ,
> +.Xr ipsec.conf 5 ,
>  .Xr ipsecctl 8 ,
>  .Xr isakmpd 8 ,
>  .Xr sysctl 8

Re: spamd.conf(5) wording

[Jason McIntyre]

On Sun, Mar 13, 2016 at 03:24:53PM +0100, hans wrote:
> Two bits seem unclear in spamd.conf(5),
> at least to a non-native speaker.
> 
> 
>  # Strings follow getcap(3) convention escapes, other than you
>  # can have a bare colon (:) inside a quoted string and it
>  # will deal with it.
> 
> "Other that _that_ you can have a bare colon"?
> 

you mean "than that" right? ;) that would be correct, but i've just
changed "other than" to "except". seems simpler.

> 
>  # Lists specified with the :white: capability apply to the previous
>  # list with a :black: capability.
> 
> Should that be "lists"? Or does a :white: list only apply
> to the one :black: "list" immediately preceding it?
> 
>   Jan
> 

the doc is pretty clear that it is list singular, so i haven;t touched
it. but if you want to test it, and find that it's wrong, mail me and
i'll fix it.

jmc

Re: OpenSSL/IPsec certificate creation error or error in man pages

[Jason McIntyre]

On Sat, Feb 27, 2016 at 05:03:19PM +0100, igor.kos wrote:
> I have created certificates in accordance to isakmpd man page:
> 
> # env CERTIP=10.0.0.1 openssl x509 -req \
>  -days 365 -in 10.0.0.1.csr \
>  -CA /etc/ssl/ca.crt -CAkey /etc/ssl/private/ca.key \
>  -CAcreateserial -extfile /etc/ssl/x509v3.cnf \
>  -extensions x509v3_IPAddr -out 10.0.0.1.crt
> 
> But in certificate there is no 10.0.0.1 IP addr, instead there is:
> 
> openssl x509 -in /etc/isakmpd/certs/10.0.0.1.crt -text
> 
> .something.
> X509v3 extensions:
> X509v3 Subject Alternative Name:
> IP Address:0.0.0.0
> somethnig else
> 
> 
> So, 10.0.0.1 defined as: env CERTIP=10.0.0.1 is not here. That is,
> because in /etc/ssl/x509v3.cnf is defined 0.0.0.0:
> 
> # default settings
> CERTPATHLEN = 1
> CERTUSAGE   = digitalSignature,keyCertSign,cRLSign
> EXTCERTUSAGE= serverAuth,clientAuth
> CERTIP  = 0.0.0.0
> CERTFQDN= nohost.nodomain
> 
> Value of CERTIP in x509v3 is important. We can change value in
> /etc/ssl/x509v3.cnf and put CERTIP = 10.0.0.1 (ie our IP addr)
> 
> But then, procedure mentioned in man pages is not correct.
> 

i've updated isakmpd(8) to describe how to do this. thanks to stuart
henderson (sthen@) for providing the fix.

jmc

Re: [DIFF] New Year's calendar

[Jason McIntyre]

On Mon, Jan 11, 2016 at 08:33:56PM +, Raf Czlonka wrote:
> > +04/01  April Fool's Day
> 
> This I'm not entirely sure of but both Google and Wikipedia use plural
> possessive - "April Fools' Day".
> 

oxford style manual notes "Fool's" (singular) as being of US in origin,
and "Fools'" as UK. i would probably use "Fools'" myself.

> > +11/05  Guy Fawkes' Day
> 
> If Google search results are anything to go by, then "Guy Fawkes Night"
> might be a bit better as it returns slightly more results. Regardless
> how you call it, however, it's neither possessive, nor plural.
> 

it is possessive. but it may well be more usually written without the
apostrophe. apostrophes often get applied illogically. i can;t say in
this case, since i can;t find anything definitive. personally i would
use an apostrophe. but everyone i know calls it bonfire night.

jmc

Re: [DIFF] New Year's calendar

[Jason McIntyre]

On Mon, Jan 04, 2016 at 06:11:58PM +, Jason McIntyre wrote:
> On Mon, Jan 04, 2016 at 03:46:53PM +, Craig Skinner wrote:
> > Happy Hogmanay/New Year!
> > 
> > Scotland & New Zealand have an additional New Year's celebrations
> > hangover recovery public holiday.
> > 
> > In Scotland, Hogmanay is THE most significant winter festival, with
> > internationally popular street parties of 400,000 people dancing.
> > 
> > (Xmas was banned in Scotland for over 400 years, until recently.)
> > 
> 
> i diasgree with this. it's true some of us in scotland get the 2nd off,
> but i'm not sure it's helpful to describe the 2nd as a new year's
> festival.
> 
> really we have hogmany and new year's day. depending on your job, you'll
> get some combination of these off. i worked 31/1 and had the second off.
> lots of people have two weeks...
> 
> traditionally the 2nd was described as a bank holiday. now banks are
> open on this day. some businesses shut.
> 
> let's just leave it that for people on this calendar, 31st is hogmany
> and the 1st is new year's day. days off are no longer inviolate/
> 
> jmc
> 
> ps xmas banned in scotland till recently: how old are you exactly, craig ;)
> 

i just spotted that for some reason calendar lists the 3rd as a holiday
in scotland. i've no idea why. i think we should just remove that entry.

i'm reluctant to add an entry for hogmany as it's just what we (scots)
call new year's eve. i'm not sure there's justification for listing it
separately. i mean, the poles call it sylwester but we don;t add an
entry for that, or any other variant.

i guess you could propose a calendar.scotland addition. i'd be up for
that ;)

jmc

> > 
> > Index: calendar.holiday
> > ===
> > RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.holiday,v
> > retrieving revision 1.32
> > diff -u -p -r1.32 calendar.holiday
> > --- calendar.holiday12 Oct 2015 06:33:21 -  1.32
> > +++ calendar.holiday4 Jan 2016 15:44:21 -
> > @@ -12,7 +12,7 @@
> >  01/01  Universal Fraternity Day in Mozambique
> >  01/02  Ancestry Day in Haiti
> >  01/02  St. Berchtold's Day in Switzerland
> > -01/03  New Year's Holiday in Scotland
> > +01/02  New Year's Holiday in Scotland and New Zealand
> >  01/03  Revolution Day in Upper Volta
> >  01/04  Independence Day in Burma
> >  01/04  Martyrs Day in Zaire
> > @@ -580,5 +580,6 @@
> >  12/29  His Majesty, the King's Birthday in Nepal
> >  12/30  Anniversary of the Democratic Republic of Madagascar in 
> > Madagascar
> >  12/31  Proclamation of the Republic in Congo
> > +12/31  Hogmanay - 3 day year transition festival in Scotland
> >  
> >  #endif /* !_calendar_holiday_ */
> > 
> > 
> > -- 
> > http://www.Scotland.org/features/hogmanay-top-facts/
> > http://www.RampantScotland.com/know/blknow12.htm
> > http://www.EdinburghsHogmanay.com/
> > http://www.EdinburghFestivalCity.com/festivals/edinburghs-hogmanay
> > http://en.wikipedia.org/wiki/Hogmanay

Re: [DIFF] New Year's calendar

[Jason McIntyre]

On Mon, Jan 04, 2016 at 06:40:13PM +, Mark Carroll wrote:
> On 04 Jan 2016, Jason McIntyre wrote:
> 
> > traditionally the 2nd was described as a bank holiday. now banks are
> > open on this day. some businesses shut.
> 
> It still is a bank holiday, see
> https://www.gov.uk/bank-holidays#scotland
> 
> Neither my Dundee employer nor my bank (Clydesdale) were open for it.
> 

well i did say it depends who you work for.

> > let's just leave it that for people on this calendar, 31st is hogmany
> > and the 1st is new year's day. days off are no longer inviolate/
> 
> The calendar does list others though, like St Andrew's Day.
> 
> -- Mark
> 

yes, fair point.

since the extra day is already listed (albeit on the wrong day) i guess
craig's diff is probably ok for the first hunk. i don;t really like it
though - it looks as if we celebrate new year's day on the second, not
the first. it is a holiday for some, but calendar is not so much
concerned about designated days off (please no one mail me exceptions).

i'd rather just zap it to be honest.

jmc

Re: ftp-proxy man page out of date?

[Jason McIntyre]

On Mon, Jan 04, 2016 at 02:35:43PM +0100, Harald Dunkel wrote:
> Hi folks,
> 
> Would it be possible to update ftp-proxy(8) wrt "divert-to"?
> I had the impression that rdr-to is out of date in this
> context; see http://www.openbsd.org/faq/upgrade50.html.
> 
> Thanx very much. Best season's greetings
> Harri
> 

hi. i'll quote mikeb:

these are dynamically inserted rules.  and they must be
redirects.  so you don't have to change them.  divert-to
would be incorrect.

so no change needed.

jmc

Re: [DIFF] New Year's calendar

[Jason McIntyre]

On Mon, Jan 04, 2016 at 03:46:53PM +, Craig Skinner wrote:
> Happy Hogmanay/New Year!
> 
> Scotland & New Zealand have an additional New Year's celebrations
> hangover recovery public holiday.
> 
> In Scotland, Hogmanay is THE most significant winter festival, with
> internationally popular street parties of 400,000 people dancing.
> 
> (Xmas was banned in Scotland for over 400 years, until recently.)
> 

i diasgree with this. it's true some of us in scotland get the 2nd off,
but i'm not sure it's helpful to describe the 2nd as a new year's
festival.

really we have hogmany and new year's day. depending on your job, you'll
get some combination of these off. i worked 31/1 and had the second off.
lots of people have two weeks...

traditionally the 2nd was described as a bank holiday. now banks are
open on this day. some businesses shut.

let's just leave it that for people on this calendar, 31st is hogmany
and the 1st is new year's day. days off are no longer inviolate/

jmc

ps xmas banned in scotland till recently: how old are you exactly, craig ;)

> 
> Index: calendar.holiday
> ===
> RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.holiday,v
> retrieving revision 1.32
> diff -u -p -r1.32 calendar.holiday
> --- calendar.holiday  12 Oct 2015 06:33:21 -  1.32
> +++ calendar.holiday  4 Jan 2016 15:44:21 -
> @@ -12,7 +12,7 @@
>  01/01Universal Fraternity Day in Mozambique
>  01/02Ancestry Day in Haiti
>  01/02St. Berchtold's Day in Switzerland
> -01/03New Year's Holiday in Scotland
> +01/02New Year's Holiday in Scotland and New Zealand
>  01/03Revolution Day in Upper Volta
>  01/04Independence Day in Burma
>  01/04Martyrs Day in Zaire
> @@ -580,5 +580,6 @@
>  12/29His Majesty, the King's Birthday in Nepal
>  12/30Anniversary of the Democratic Republic of Madagascar in 
> Madagascar
>  12/31Proclamation of the Republic in Congo
> +12/31Hogmanay - 3 day year transition festival in Scotland
>  
>  #endif /* !_calendar_holiday_ */
> 
> 
> -- 
> http://www.Scotland.org/features/hogmanay-top-facts/
> http://www.RampantScotland.com/know/blknow12.htm
> http://www.EdinburghsHogmanay.com/
> http://www.EdinburghFestivalCity.com/festivals/edinburghs-hogmanay
> http://en.wikipedia.org/wiki/Hogmanay

Re: diff man page typo

[Jason McIntyre]

On Tue, Nov 24, 2015 at 09:47:20AM -0500, Donald Allen wrote:
> In the 'Output Style' section, the diff man page says
> 
> "XXdYYAt line XX delete the line.  The value YY tells to which
>   line the change would bring file1 in line with file1."
> 
> I think what is meant is
> 
> "XXdYYAt line XX delete the line.  The value YY tells to which
>   line the change would bring file1 in line with file2."
> 

fixed, thanks.
jmc

Re: disklabel fs types, where can I find the whole list of supported types?

[Jason McIntyre]

On Mon, Oct 05, 2015 at 11:14:09AM +0200, Ingo Schwarze wrote:
> 
> > On Mon, Oct 5, 2015, at 03:53 AM, Mikael wrote:
> 
> >> which FS types are available in the disklabel tool?
> 
> The list is in the header file /usr/include/sys/disklabel.h,
>   static char *fstypenames[]
> 
> I don't think this is documented, not even in readlabelfs(3) or
> in disklabel(5).
> 

we're not talking about the list in fstab(5)?
jmc

Re: Interpretation of the max option of stateful tracking

[Jason McIntyre]

On Fri, Aug 28, 2015 at 10:34:01AM +0200, Federico Giannici wrote:
 I'm trying to use the max ???number??? option of the Stateful Tracking of
 PF (OpenBSD 5.7 amd64). I'm not sure how to interpret the phrase [it]
 Limits the number of concurrent states the rule may create.
 
 The limit is against the number of states created by ONLY THAT specific rule
 (I need this meaning), or is against the TOTAL number of states created in
 that moment by ANY rule?
 
 Thanks for the clarification.
 

the beginning of the section on stateful tracking options says clearly
that the options can be applied on a per-rule basis.

as a reader, i'd expect that to mean that max concerns the number of
states created only by that rule. if that's not correct, we would need to
change the doc.

jmc

Re: Spamd blacklist docs

[Jason McIntyre]

On Tue, Aug 11, 2015 at 11:28:06PM -0400, Steve Shockley wrote:
 In spamd.8, it shows:
 
 BLACKLIST-ONLY MODE
 [...]
 
 table spamd persist
 pass in on egress proto tcp from spamd to any port smtp \
 divert-to 127.0.0.1 port spamd
 
 However, it appears pf requires inet when diverting to a table[1]:
 
 pass in on egress inet proto tcp from spamd to any port smtp \
 divert-to 127.0.0.1 port spamd
 
 Is this out-of-date docs, or do I misunderstand the syntax?  Thanks.
 
 [1] http://daemonforums.org/showthread.php?t=8271
 

i just fixed the doc after stuart confirmed it's a doc issue.
jmc

Re: smtpd.conf.5 relay tls | verify

[Jason McIntyre]

On Sat, Aug 08, 2015 at 10:07:31AM +0200, L?VAI D?niel wrote:
 On sze, aug 05, 2015 at 06:49:42 +, David Dahlberg wrote:
  Am Mittwoch, den 05.08.2015, 00:31 +0100 schrieb Jason McIntyre:
  
   if this were the case, i'd say we want:
 [tls [verify]]
  
  Hmm, I  think I have heard this proposal before ;-)
  https://marc.info/?l=openbsd-miscm=140196108217209
  
   but the doc currently says:
   
 Note that the tls and verify options are mutually exclusive  and
 should only be used in private networks as they will prevent
 proper relaying on the Internet.
  
  -   Note that the tls and verify options are mutually exclusive
  and
  +   Note that the tls and tls verify options
  
 
 Got it!
 How about this:
 

i've just committed a slightly simpler version of this.
jmc

 
 Index: smtpd.conf.5
 ===
 RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
 retrieving revision 1.126
 diff -u -p -p -u -r1.126 smtpd.conf.5
 --- smtpd.conf.5  4 Jun 2015 14:23:00 -   1.126
 +++ smtpd.conf.5  8 Aug 2015 08:06:19 -
 @@ -311,7 +311,7 @@ This parameter may use conversion specif
  .Op Ic hostname Ar name
  .Op Ic hostnames No  Ns Ar names Ns 
  .Op Ic pki Ar pkiname
 -.Op Ic tls | verify
 +.Op Ic tls Op verify
  .Ek
  .Xc
  .Pp
 @@ -389,19 +389,17 @@ is used instead.
  If
  .Ic tls
  is specified, OpenSMTPD will refuse to relay unless the remote host provides
 -STARTTLS.
 -.Pp
 -If
 +STARTTLS. If
  .Ic verify
 -is specified, OpenSMTPD will refuse to relay unless the remote host provides
 -STARTTLS and the certificate it presented has been verified.
 +is also specified, OpenSMTPD will also try to verify the certificate of the
 +host and refuses to relay if it is invalid.
  .Pp
  Note that the
  .Ic tls
  and
 -.Ic verify
 -options are mutually exclusive and should only be used in private networks
 -as they will prevent proper relaying on the Internet.
 +.Ic tls verify
 +options should only be used in private networks as they will prevent proper
 +relaying on the Internet.
  .It Xo
  .Ic relay via
  .Ar host
 
 
 -- 
 L?VAI D?niel
 PGP key ID = 0x83B63A8F
 Key fingerprint = DBEC C66B A47A DFA2 792D  650C C69B BE4C 83B6 3A8F

Re: smtpd.conf.5 relay tls | verify

[Jason McIntyre]

On Tue, Aug 04, 2015 at 04:00:58PM -0700, Doug Hogan wrote:
 On Tue, Aug 04, 2015 at 04:02:10PM +0200, L?VAI D?niel wrote:
  I maybe have overlooked something, but this syntax mentioned in the
  manual didn't work:
  
  accept from any for domain ... relay backup verify expire 30d
  
  ... on the other hand, this has been working:
  accept from any for domain ... relay backup tls verify expire 30d
  
  ... and writing only 'tls' also did work.
 
 This looks like the correct documentation fix to me.
 
 In usr.sbin/smtpd/parse.y, opt_relay allows TLS or TLS VERIFY.
 opt_relay_via allows for VERIFY but that's not reachable from RELAY
 relay.
 
  Index: smtpd.conf.5
  ===
  RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
  retrieving revision 1.126
  diff -p -u -r1.126 smtpd.conf.5
  --- smtpd.conf.54 Jun 2015 14:23:00 -   1.126
  +++ smtpd.conf.54 Aug 2015 13:53:50 -
  @@ -311,7 +311,7 @@ This parameter may use conversion specif
   .Op Ic hostname Ar name
   .Op Ic hostnames No  Ns Ar names Ns 
   .Op Ic pki Ar pkiname
  -.Op Ic tls | verify
  +.Op Ic tls | tls verify
   .Ek
   .Xc
   .Pp
 

if this were the case, i'd say we want:

[tls [verify]]

but the doc currently says:

Note that the tls and verify options are mutually exclusive and
should only be used in private networks as they will prevent
proper relaying on the Internet.

so the fix proposed is not enough (or too much ;)

jmc

Re: Is PFSync over IPSec still broken?

[Jason McIntyre]

On Sun, Jun 21, 2015 at 03:20:34PM +0200, ??ukasz Czarniecki wrote:
 W dniu 2015-06-18 o 17:30, ??ukasz Czarniecki pisze:
  It's still broken because as mentioned at the end of the thread you
  linked IPsec state gets replicated to the peer and this is causing
  the replayed packets you're seeing. The peer already has IPsec state
  in memory (created by pfsync replication) which matches incoming IPsec
  packets directed at it. So the peer's IPsec stack ends up believing it's
  seen the incoming packet already (while it actually hasn't seen the packet,
  it just copied the IPsec state from the sender) and drops the packet.
 
  No good fix is known as of yet. I've given up on it for now.
 
  
  Please fix this bug or remove this example from documentation.
  For me this setup is broken since 2011.
  http://marc.info/?l=openbsd-miscm=130624207811609w=2
  
  Nobody cares or nobody uses?
 

i've just committed something similar to the diff below, though i
commented out text rather than removing it.

thanks for the diff,
jmc

 # diff -u -p /usr/src/share/man/man4/pfsync.4 ./pfsync.4
 --- /usr/src/share/man/man4/pfsync.4Sun Feb  1 09:33:48 2015
 +++ ./pfsync.4  Sun Jun 21 15:14:00 2015
 @@ -112,24 +112,13 @@ An alternative destination address for
  packets can be specified using the
  .Ic syncpeer
  keyword.
 -This can be used in combination with
 -.Xr ipsec 4
 -to protect the synchronisation traffic.
 -In such a configuration, the syncdev should be set to the
 -.Xr enc 4
 -interface, as this is where the traffic arrives when it is decapsulated,
 -e.g.:
 -.Bd -literal -offset indent
 -# ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0
  .Ed
  .Pp
  It is important that the pfsync traffic be well secured
  as there is no authentication on the protocol and it would
  be trivial to spoof packets which create states, bypassing the pf ruleset.
 -Either run the pfsync protocol on a trusted network \- ideally a network
 -dedicated to pfsync messages such as a crossover cable between two
 firewalls,
 -or specify a peer address and protect the traffic with
 -.Xr ipsec 4 .
 +Run the pfsync protocol on a trusted network \- ideally a network
 +dedicated to pfsync messages such as a crossover cable between two
 firewalls.
  .Sh EXAMPLES
  .Nm
  and
 @@ -219,10 +208,8 @@ net.inet.carp.preempt=1
  .Sh SEE ALSO
  .Xr bpf 4 ,
  .Xr carp 4 ,
 -.Xr enc 4 ,
  .Xr inet 4 ,
  .Xr inet6 4 ,
 -.Xr ipsec 4 ,
  .Xr netintro 4 ,
  .Xr pf 4 ,
  .Xr hostname.if 5 ,
 @@ -244,3 +231,8 @@ protocol and kernel implementation were significantly
  and
  .Ox 4.5 .
  The two protocols are incompatible and will not interoperate.
 +.Sh BUGS
 +The
 +.Nm
 +protocol does not work over IPsec tunnels.
 +

Re: relayd.conf man page question

[Jason McIntyre]

On Wed, May 06, 2015 at 09:15:17PM +0200, Alex Greif wrote:
 Hi,
 
 while reading the relayd.conf man page, I found the following unclear 
 paragraph:
 ...
 RELAYS
  listen on address [port port] [tls]
 ... If the port option is not specified, the port from the listen on 
 directive will be used.
 
 My question: 
 which *other* listen on directive is meant here? Or is the port mandatory?
 
 
 Thanks,
 ALex.
 

you're right that this bit of text is unclear. can someone clarify it,
please?

jmc

Re: [Patch]: calendar entry for King's Birthday in Netherlands

[Jason McIntyre]

On Fri, May 01, 2015 at 09:16:43PM +0200, Paul de Weerd wrote:
 Hi Jason,
 
 On Fri, May 01, 2015 at 07:39:42PM +0059, Jason McIntyre wrote:
 |   04/21  Tiradentes in Brazil
 |   04/25  Anniversary of the Revolution in Portugal
 |  +04/27  King's day in Netherlands
 |   04/29  Greenary day in Japan
 |  -04/30  Queen's Birthday in Netherlands, Netherlands Antilles
 |   05/01  Boy's day in Japan
 |   05/02  King's Birthday in Lesotho
 |   05/05  Battle of Puebla in Mexico
 
 Note that the 27th of April is actually both Koningsdag (King's Day)
 and our king's birthday.  The previous entry was quite wrong as the
 30th of April was Queen's Day but not our Queen's (our previous
 Queen's) birthday.  Birthdays of our current and previous queens:
 
   Queen MaximaMay 17
   Princess BeatrixJanuary 31
   Princess JulianaApril 30
 
 | more worms...
 | 
 | i committed this, but note:
 | 
 | - i uppercased Day
 
 In Dutch, the day is called 'Koningsdag' (one word).  The weird rules
 about capitalizing proper names and parts of proper names in the
 English language still confuses me, so I'll take your word for it :)
 

rest assured, you're not alone in your confusion ;)

 | - i used *the* Netherlands
 
 I think that is the correct name.
 
 | one more question though:
 | 
 | calendar.holiday:12/15  Statue Day in Netherlands Antilles
 
 This is 'Koninkrijksdag', or Kingdom day, the day on which the
 charter of the kingdom was signed.  See
 http://en.wikipedia.org/wiki/Koninkrijksdag for a bit more background.
 
 | i left that entry alone because i couldn;t find anything about statue
 | day. is it really statue?! statute, maybe. but couldn;t find out what
 | it was. any takers?
 
 Given the signing of the charter, I'm pretty sure what was meant was
 'statute'.
 

yeah. so, i've changed the entry to Kingdom Day in the Netherlands.
hope that suits.

jmc

Re: [Patch]: calendar entry for King's Birthday in Netherlands

[Jason McIntyre]

On Fri, May 01, 2015 at 08:08:07PM +0200, Einfach Jemand wrote:
 Am 01.05.2015 um 19:25 schrieb Tim van der Molen:
  Einfach Jemand (2015-05-01 03:22 +0200):
  According to
 
  http://en.wikipedia.org/wiki/Koningsdag
 
  the Netherlands are no longer celebrating the Queen's Birthday on
  April 30 but the King's birthday on April 27 since 2014.
 
  The patch below does not reflect the fact that this holiday is shifted
  to April 26 if the 27th is a Sunday.
 
  Index: calendar.holiday
  ===
  RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.holiday,v
  retrieving revision 1.27
  diff -u -p -r1.27 calendar.holiday
  --- calendar.holiday19 Jan 2015 18:07:47 -  1.27
  +++ calendar.holiday1 May 2015 00:55:33 -
  @@ -472,8 +472,8 @@
 
   04/21  Tiradentes in Brazil
   04/25  Anniversary of the Revolution in Portugal
  +04/27  King's Birthday in Netherlands, Netherlands Antilles
   04/29  Greenary day in Japan
  -04/30  Queen's Birthday in Netherlands, Netherlands Antilles
   05/01  Boy's day in Japan
   05/02  King's Birthday in Lesotho
   05/05  Battle of Puebla in Mexico
  
  Two further adjustments: King's Day is a more accurate translation and
  the Netherlands Antilles no longer exist (dissolved a few years ago).
  
 
 Correct, here is a revised patch:
 
 Index: calendar.holiday
 ===
 RCS file:
 /home/OpenBSD_cvs/src/usr.bin/calendar/calendars/calendar.holiday,v
 retrieving revision 1.27
 diff -u -p -r1.27 calendar.holiday
 --- calendar.holiday19 Jan 2015 18:07:47 -  1.27
 +++ calendar.holiday1 May 2015 18:05:47 -
 @@ -472,8 +472,8 @@
 
  04/21  Tiradentes in Brazil
  04/25  Anniversary of the Revolution in Portugal
 +04/27  King's day in Netherlands
  04/29  Greenary day in Japan
 -04/30  Queen's Birthday in Netherlands, Netherlands Antilles
  05/01  Boy's day in Japan
  05/02  King's Birthday in Lesotho
  05/05  Battle of Puebla in Mexico
 
 Cheers,
 rru
 

more worms...

i committed this, but note:

- i uppercased Day
- i used *the* Netherlands

one more question though:

calendar.holiday:12/15  Statue Day in Netherlands Antilles

i left that entry alone because i couldn;t find anything about statue
day. is it really statue?! statute, maybe. but couldn;t find out what
it was. any takers?

jmc

Re: Fwd: Thursday's Calendar ~double entry, spelt differently

[Jason McIntyre]

hi. i used the spelling adolf for calendar.birthday, but just removed
the suicide entry since it's already in history.

thanks,
jmc

On Thu, Apr 30, 2015 at 09:46:08AM +0100, Craig Skinner wrote:
 - Forwarded message from Reminder Service skin...@britvault.co.uk -
 
 Date: Thu, 30 Apr 2015 07:09:01 +0100 (BST)
 From: Reminder Service skin...@britvault.co.uk
 To: skin...@britvault.co.uk
 Subject: Thursday's Calendar
 
 Apr 30Karl Friedrich Gauss born, 1777, mathematician  astronomer
 Apr 30Adolph Hitler committed suicide, 1945
 Apr 30Adolf Hitler and Eva Braun commit suicide, 1945
 Apr 30The Workers Day in Uruguay
 Apr 30Queen's Birthday in Netherlands, Netherlands Antilles
 Apr 30May Eve / Walpurgisnacht (witches' Sabbath) / Walpurgis Night 
 (after St. Walpurga)
 
 - End forwarded message -
 
 
 2 calendars have Hitler's first name spelt differently,  similar entries:
 (Most online encyclopedias have it as 'Adolf'.)
 
 $ fgrep -R Hitler /usr/src/usr.bin/calendar/calendars | fgrep suicide
 /usr/src/usr.bin/calendar/calendars/calendar.birthday:04/30   Adolph Hitler 
 committed suicide, 1945
 /usr/src/usr.bin/calendar/calendars/calendar.history:04/30Adolf Hitler 
 and Eva Braun commit suicide, 1945
 
 $ fgrep -R Adolph /usr/src/usr.bin/calendar/calendars
 /usr/src/usr.bin/calendar/calendars/calendar.birthday:04/20 Adolph Hitler 
 born, 1889
 /usr/src/usr.bin/calendar/calendars/calendar.birthday:04/30 Adolph Hitler 
 committed suicide, 1945
 
 
 Here's a diff for the spelling, leaving the similar entries to you experts:
 
 Index: calendar.birthday
 ===
 RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.birthday,v
 retrieving revision 1.59
 diff -u -p -r1.59 calendar.birthday
 --- calendar.birthday 13 Mar 2015 18:08:31 -  1.59
 +++ calendar.birthday 30 Apr 2015 08:43:21 -
 @@ -155,7 +155,7 @@
  04/15Jean Genet died in Paris, 1986
  04/16Charles (Charlie) Chaplin (Sir) born in London, 1889
  04/19Andre Rene the Giant (Roussimoff) born in Grenoble, France, 1946
 -04/20Adolph Hitler born, 1889
 +04/20Adolf Hitler born, 1889
  04/22Kant born, 1724
  04/22Lenin born, the best friend of all the children, 1870
  04/23Shakespeare born, 1564
 @@ -166,7 +166,7 @@
  04/29William Randolph Hearst born in San Francisco, 1863
  04/29Albert Hofmann died, 2008
  04/30Karl Friedrich Gauss born, 1777, mathematician  astronomer
 -04/30Adolph Hitler committed suicide, 1945
 +04/30Adolf Hitler committed suicide, 1945
  05/01Little Walter (Marion Walter Jacobs) is born in Alexandria,
   Louisiana, 1930
  05/02Dr. Benjamin Spock born, 1903

Re: httpd cgi (5.6-stable) - solved

[Jason McIntyre]

On Thu, Mar 26, 2015 at 08:12:27PM +0300, Alexei Malinin wrote:
 
 PS. Patches for httpd(8)  httpd.conf(5):
 

committed, thanks.
jmc

 --- httpd.conf.5.orig   Wed Jan 28 21:17:23 2015
 +++ httpd.conf.5Thu Mar 26 20:09:03 2015
 @@ -397,7 +397,8 @@
  include /etc/nginx/mime.types
  .Ed
  .Sh SEE ALSO
 -.Xr httpd 8
 +.Xr httpd 8 ,
 +.Xr slowcgi 8
  .Sh AUTHORS
  .An -nosplit
  The
 --- httpd.8.origWed Jan 28 21:17:23 2015
 +++ httpd.8 Thu Mar 26 20:08:52 2015
 @@ -81,7 +81,8 @@
  Default error log file.
  .El
  .Sh SEE ALSO
 -.Xr httpd.conf 5
 +.Xr httpd.conf 5 ,
 +.Xr slowcgi 8
  .Sh HISTORY
  The
  .Nm
 
 
 --
 Alexei