Authenticating with public keys stored in LDAP
I would like SSH daemons to authenticate to public SSH keys stored in LDAP. I believe there is a patch for this but what is the official OpenSSH stance on doing this right now? Is it being implemented in some other way? If it will be implemented, what is the timeframe? -- /jm
Re: How does OpenBSD compare to Ubuntu Server?
On 7 July 2011 15:06, jirib ji...@devio.us wrote: On Thu, 7 Jul 2011 09:02:08 -0400 Juan Miscaro jmisc...@gmail.com wrote: Was wondering what advantages OpenBSD has over a progressive Linux distribution such as Ubuntu (Server edition). Are you kidding? Ubuntu? Where installed daemons are running by default, where there is no command to disable shitty upstart daemons? Which daemons are those again? -- /jm
How does OpenBSD compare to Ubuntu Server?
Was wondering what advantages OpenBSD has over a progressive Linux distribution such as Ubuntu (Server edition). One thing I noticed is that they're having a hell of a time transitioning away from the traditional sysvinit-based system to the Upstart event-based init daemon system. -- /jm
rssh
Hi gang, I have found Linux info [1] on restricting users to file transfers (sftp, scp, rsync, etc) using rssh. Is this recommended from OpenSSH developers? Is there a native way of doing this (in OpenBSD, in Linux)? [1] http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html -- /jm
Re: State of multiprocessing and multithreading in OpenBSD
On 5 May 2010 14:09, Marco Peereboom sl...@peereboom.us wrote: On Wed, May 05, 2010 at 02:00:17PM +0200, Benny L?fgren wrote: Jan Stary wrote: On May 04 22:15:09, Juan Miscaro wrote: What is the current state of multiprocessing and multithreading in OpenBSD? B Also, what applications are multithreaded? B In particular, someone told me that pf is garbage because it is not multithreaded? What truth is there to this? B Under what kind of load would an OpenBSD firewall's performance suffer due to it being non-multithreaded? STFU, GTFO, and all that. Still, I think the question itself merits some discussion. Not really. B Threads are mostly stupid, humans are mostly stupid. Combine the two and you end up with some really really stupid software. Thanks everyone. From all the stuff written in this thread (a multithread?) I have extracted the following information: PF is interrupt-driven inside the kernel and thus faster than any threaded program. Thank you to the one that wrote that (Geoff). I also learned that: 1. multithreading was introduced due to the processing limitations of the average computer at the time 2. multithreaded applications are difficult to debug and therefore pose a significant security risk However, I'm not sure why there was so much talk of steaming piles of shit; shit that contains less peanuts and corn niblets; bunch of crap; and STFU/GTFO. I have been using OpenBSD for many years and I was just trying to learn more about these issues so as to be in a better position to promote/defend the OS. I'm not a troll and I don't know why there is so much rudeness. -- /jm
State of multiprocessing and multithreading in OpenBSD
What is the current state of multiprocessing and multithreading in OpenBSD? Also, what applications are multithreaded? In particular, someone told me that pf is garbage because it is not multithreaded? What truth is there to this? Under what kind of load would an OpenBSD firewall's performance suffer due to it being non-multithreaded? -- /jm
4.6 upgrade problem with 'pkg_add -u' and PKG_PATH
I am having trouble upgrading to 4.6. I always upgrade from a local master repository. First, from the latter I set up reverse port forwarding on the target server so that PKG_PATH=http://localhost:/ Then I do: pkg_add -v -ui -F update -F updatedepends -F alwaysupdate The error I get is: -- Error from http://localhost:/: ftp: Invalid URL (no file after host): http://localhost:/ No packages available in the PKG_PATH -- Using 'lynx http://localhost:/' I get a view of all my packages and I've been using this method for quite a few upgrades now. What's wrong? Thanks for any help. -- /jm
OpenBSD, VOIP, and PAP2T adapter
Hi gang, I'm looking for the most elegant (simple and efficient) solution (OpenBSD 4.5) for using a residential VOIP service from my (Canadian) internet provider. Right now I'm using a standard analog phone along with a PAP2T adapter from Linksys (software v. 3.1.15(LS) if that means anything). What I am mostly asking for is guidance on firewall filter, nat, and rdr lines however when looking at the traffic I do not see anything even attempting to leave my LAN. All I can confirm is that the adapter is being assigned an address (DHCP) and that I can access it's web interface. Thanks in advance. -- /jm
Re: PKG_PATH never works as stated
2009/10/25 Jacob Meuser jake...@sdf.lonestar.org: On Sun, Oct 25, 2009 at 10:29:29PM -0400, Juan Miscaro wrote: I've had this problem for a long time (over many OpenBSD releases). The pkg_add man page (for 4.5) states: If a given package name cannot be found, the directories named by B ^^^ PKG_PATH are searched. B It should contain a series of entries separated by colons. B Each entry consists of a directory name. B URL schemes such as FTP, HTTP, HTTPS, or SCP are also appropriate. On a client machine: PKG_PATH=http://$HTTP_MASTER/:http://$HTTP_MASTER/by_port/i386/all/ My master server serves up normal packages and those packages compiled from ports. When I do this only the first component is searched. B I have to do a second package update run with PKG_PATH pointing directly to the B B B B ^^ second component for the ports packages to be seen. Why is this? did you give pkg_add a package name? No, as I stated I am updating my packages. Are you saying that PKG_PATH takes on a different meaning in this context? That certainly seems to be the case. Too bad. -- /jm
PKG_PATH never works as stated
I've had this problem for a long time (over many OpenBSD releases). The pkg_add man page (for 4.5) states: If a given package name cannot be found, the directories named by PKG_PATH are searched. It should contain a series of entries separated by colons. Each entry consists of a directory name. URL schemes such as FTP, HTTP, HTTPS, or SCP are also appropriate. On a client machine: PKG_PATH=http://$HTTP_MASTER/:http://$HTTP_MASTER/by_port/i386/all/ My master server serves up normal packages and those packages compiled from ports. When I do this only the first component is searched. I have to do a second package update run with PKG_PATH pointing directly to the second component for the ports packages to be seen. Why is this? -- /jm
PPTP vpn with OBSD gateway (outgoing)
Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying behind my OBSD 4.0 internet gateway. I can establish the tunnel but I'm missing the last piece in the puzzle. This is the routing of the RFC 1918 addresses. Locally I have 10.9.0.0/16 addresses and the windows machine wants to connect to a web server on the remote side that is using 192.168.0.0/16. I'm not familiar enough with Windows to say if there is some checkbox to fill in to make this work but the Firefox browser complains: Connection interrupted. The connection to the server was reset while the page was loading. The network link was interrupted while negotiating a connection. Please try again. Is there some particular route that needs to be set up for this to work? Thank you, /jm
Re: PPTP vpn with OBSD gateway (outgoing)
2009/5/29 patrick keshishian pkesh...@gmail.com: On Fri, May 29, 2009 at 2:08 PM, Juan Miscaro jmisc...@gmail.com wrote: Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying behind my OBSD 4.0 internet gateway. B I can establish the tunnel but I'm missing the last piece in the puzzle. B This is the routing of the RFC 1918 addresses. B Locally I have 10.9.0.0/16 addresses and the windows machine wants to connect to a web server on the remote side that is using 192.168.0.0/16. Just to make sure I am understanding you correctly, you have a Windows machine in your network which is behind an OpenBSD firewall (pf). The Windows machine establishes a PPTP VPN connection to the remote site. If I understood this correctly... What is the route table on the Windows box look like? I'm not a windows person but I believe the command is 'route print' from a DOS/CMD prompt. Does the route to the remote site exist/show up in the output? Does 'ipconfig' show your local ip assigned to your Windows machine by the VPN server? Yeah, you understood my setup. I will try the windows commands. Thanks. /jm
Re: Interactions between PF and enc0
2008/10/31 Felipe Alfaro Solana felipe.alf...@gmail.com: Hi misc, I'm experiencing interaction problems between PF and the enc0 interface. I've been reading several OpenBSD manual pages about how IPSec traffic filtering is supposed to work, but so far I'm unable to get IPSec filtering working for me. I have created an IPSec/IPv6-based VPN between two sites, one in Madrid and another in ZCrich. Each side of the tunnel connects to the IPv6 internet using AICCU via a SixXS POP. This means that each VPN end-point has a tun0 interface where all IPv6 traffic is received and sent (I'm using dynamic AYITA tunnels). The funny thing is that the enc0 interface on both end points sees the IPv6 traffic before and after IPSec encryption and encapsulation but PF seems to disagree and any filtering done on enc0 is completely ignored. To test my assumption, I created this very simple PF configuration file, with just two rules: pass in on enc0 no state pass out on enc0 no state The first thing I did not understand is that I have to use two different rules for in/out. Otherwise, pftop will display I in the direction column for this state, which leads me to think PF is only allowing inbound traffic. But I might be wrong. Next, from the C host, I run: # ping6 -c1 D::1 in order to send some traffic across the VPN. At the same time, I run tcpdump on enc0 and this what I see: # tcpdump -n -i enc0 -s 1800 -v [...] Interesting, I've never tried applying tcpdump to the enc0 interface. To debug I always add the 'log' keyword to every line in pf.conf and then apply tcpdump to the pflog0 interface. [...] 14:15:19.913539 (authentic,confidential): SPI 0xcefeac0c: truncated-ip6 - 48 bytes missing!esp B::2 A::2 spi 0xF2FC992F seq 30 len 148 (len 148, hlim 63) # ESP - encapsulated ICMPv6 Echo Reply from D::1 to C::1. [...] The 'bytes missing' might be due to the fact that headers are being stripped off. -- jm
Re: openbsd - microsoft vpn interoperability
2009/3/12 Lars NoodC)n l...@umich.edu: Are you connecting two LANs over a distance or connecting clients to a LAN? --Lars Connecting two LANs. /jm
openbsd - microsoft vpn interoperability
Hi everyone. A web search only picked up antiquated information on this one. I'm talking about setting up a network to network VPN between Microsoft and OpenBSD gateways. I'm here asking for comments on what people are actually doing and hopefully with pros and cons included. So which solution? OpenVPN or native IPSEC (isakmpd)? The OpenBSD side will be running 4.5. At this time I'm not sure what will be on the other end but I know it is currently managing tunnels with other MS-based products. Thanks in advance to any responders. -- jm
Re: openbsd - microsoft vpn interoperability
2009/3/11 Lars NoodC)n l...@umich.edu: Juan Miscaro wrote: ... I'm here asking for comments on what people are actually doing and hopefully with pros and cons included. B So which solution? B OpenVPN or native IPSEC (isakmpd)? B ... MS products are not really designed for interoperability, rather the opposite. B So you may wish to reconsider parts of the design to avoid 'native' components of that platform. The choices appear to be SSL or IPSEC, B B B B http://www.vpnc.org/vpn-standards.html -Lars Thanks. Yeah, I am going to push to have an OpenBSD portal installed on the remote end. Thing is, how am I going to get it installed? -- jm
Re: openbsd - microsoft vpn interoperability
2009/3/11 Lars NoodC)n l...@umich.edu: Juan Miscaro wrote: Thanks. B Yeah, I am going to push to have an OpenBSD portal installed on the remote end. B Thing is, how am I going to get it installed? http://openvpn.net/index.php/downloads.html http://openvpn.net/howto.html#startup http://www.openbsd.org/4.4_packages/i386/openvpn-2.1rc7.tgz-long.html Or is it a question of physical access? -Lars Right, physically install the machine. -- jm
Re: Where is Secure by default ?
2009/3/9 bofh goodb...@gmail.com: On Mon, Mar 9, 2009 at 11:48 AM, - Tethys tet...@gmail.com wrote: Maybe it's a troll. Maybe not. Can we afford to be turning away potential users on the off chance? OpenBSD exists solely for the developers That's a silly thing to say. -- jm
Re: generating passwords (crypt, md5)
2009/2/28 Stuart Henderson s...@spacehopper.org: On 2009-02-28, Juan Miscaro jmisc...@gmail.com wrote: What is the standard way of generating hashes (for me it's for passwords) in OpenBSD? B I once used userdbpw but it's package (courier-authlib-userdb) conflicts with another package I have installed. B So I'm looking for a cleaner, standard method. B Thanks. encrypt(1) is in base and covers MD5/Blowfish/DES. or there's htpasswd, handling SHA/apache modified MD5/Blowfish/DES. if you need other hashes, dovecotpw (from the dovecot package) knows of many more. Thanks everyone for the replies. In the end I discovered that the courier-authlib package has the utility 'authpasswd' which fits the bill. -- jm
ftp-proxy - client command too long or not clean
Running snapshot 20090206 I found my router in a braindead state. I'm not sure if it shut down or just whether all 3 of my network cards mysteriously went dead (all LEDs were off). I reset and found exactly 65 of the following messages in my logs: messages.0.gz:Mar 3 15:59:46 tyrathca ftp-proxy[18737]: #49 client command too long or not clean messages.0.gz:Mar 3 16:00:47 tyrathca ftp-proxy[18737]: #50 client command too long or not clean messages.0.gz:Mar 3 16:03:10 tyrathca ftp-proxy[18737]: #51 client command too long or not clean messages.0.gz:Mar 3 16:05:39 tyrathca ftp-proxy[18737]: #52 client command too long or not clean messages.0.gz:Mar 3 16:10:04 tyrathca ftp-proxy[18737]: #53 client command too long or not clean messages.0.gz:Mar 3 16:16:12 tyrathca ftp-proxy[18737]: #54 client command too long or not clean messages.0.gz:Mar 3 16:17:12 tyrathca ftp-proxy[18737]: #55 client command too long or not clean messages.0.gz:Mar 3 16:17:47 tyrathca ftp-proxy[18737]: #56 client command too long or not clean messages.0.gz:Mar 3 16:18:56 tyrathca ftp-proxy[18737]: #57 client command too long or not clean messages.0.gz:Mar 3 16:20:22 tyrathca ftp-proxy[18737]: #58 client command too long or not clean messages.0.gz:Mar 3 16:22:34 tyrathca ftp-proxy[18737]: #59 client command too long or not clean messages.0.gz:Mar 3 16:24:45 tyrathca ftp-proxy[18737]: #60 client command too long or not clean messages.0.gz:Mar 3 16:28:56 tyrathca ftp-proxy[18737]: #61 client command too long or not clean messages.0.gz:Mar 3 16:35:16 tyrathca ftp-proxy[18737]: #62 client command too long or not clean messages.0.gz:Mar 3 16:36:17 tyrathca ftp-proxy[18737]: #63 client command too long or not clean messages.0.gz:Mar 3 16:37:10 tyrathca ftp-proxy[18737]: #64 client command too long or not clean messages.0.gz:Mar 3 16:38:32 tyrathca ftp-proxy[18737]: #65 client command too long or not clean What to do? -- jm
generating passwords (crypt, md5)
What is the standard way of generating hashes (for me it's for passwords) in OpenBSD? I once used userdbpw but it's package (courier-authlib-userdb) conflicts with another package I have installed. So I'm looking for a cleaner, standard method. Thanks. -- jm
request for package: Distributed Checksum Clearinghouses (DCC)
Are there any plans to package DCC for anti-spam gateways? Thanks. -- jm
Re: upgrading packages and ports, ugh
2009/2/11 Hannah Schroeter han...@schlund.de: Hi! On Tue, Feb 10, 2009 at 10:00:31PM -0500, Juan Miscaro wrote: [...] Thanks everyone for these responses. I've since tried to reinstall (make reinstall) one of those ports and it now cries: === archivers/freeze === Cleaning for freeze-2.5 /usr/sbin/pkg_delete freeze-2.5 Can't remove freeze-2.5 without also removing: amavisd-new-2.6.2 *** Error code 1 (ignored) Really strange. Like I said, I installed amavisd-new via ports (which brought in freeze). Then 'pkg_add -u' upgraded amavisd-new using packages. Now those packages that need to be upgraded via ports (freeze) cannot do so without first removing amavisd-new! What does one do in such cases? make update, if the version number changes. Else make package and pkg_add -riv /path/to/package/that/was/just/built (copypaste the package path from the output of make package). Kind regards, Hannah. Thanks everyone. Got it going. -- jm
Re: upgrading packages and ports, ugh
2009/2/9 Markus Lude markus.l...@gmx.de: On Tue, Feb 10, 2009 at 03:02:28AM +0100, Ingo Schwarze wrote: Hi Juan, Juan Miscaro wrote on Mon, Feb 09, 2009 at 08:38:01PM -0500: [...] p5-IO-INET6-2.01p0 freeze-2.5 Don't know those two, sorry. net/p5-IO-INET6 was replaced by net/p5-IO-Socket-INET6 around the beginning of the year because the upstream CPAN package was renamed. If you already got p5-IO-Socket-INET6 installed while upgrading you may just remove the old p5-IO-INET6 package if it isn't needed anymore. Regards, Markus Thanks everyone for these responses. I've since tried to reinstall (make reinstall) one of those ports and it now cries: === archivers/freeze === Cleaning for freeze-2.5 /usr/sbin/pkg_delete freeze-2.5 Can't remove freeze-2.5 without also removing: amavisd-new-2.6.2 *** Error code 1 (ignored) Really strange. Like I said, I installed amavisd-new via ports (which brought in freeze). Then 'pkg_add -u' upgraded amavisd-new using packages. Now those packages that need to be upgraded via ports (freeze) cannot do so without first removing amavisd-new! What does one do in such cases? -- jm
upgrading packages and ports, ugh
A few months ago I installed amavisd-new by ports. I am now upgrading my system to the latest snapshot (060209). The pkg_add command upgraded many of my packages but left me with packages not upgraded due to them being only available in the ports tree. This seems to me to be a typical scenario so I figured there must be a standard way of dealing with this. Do I actually have to dig and discover what those packages are and then manually re-install them? Probably not but I couldn't find any other way. What I did was take a line from the output of the pkg_add upgrade and apply some tools (grep, sed, cut) to arrive at a file containing one package name per line. Now instead of manually re-installing them can someone help me to programatically upgrade these things? The file contains: expiretable-0.6 freeze-2.5 p5-Archive-Tar-1.38 p5-Compress-Raw-Zlib-2.011 p5-Compress-Zlib-2.011 p5-IO-Compress-Base-2.011 p5-IO-Compress-Zlib-2.011 p5-IO-INET6-2.01p0 p5-IO-Zlib-1.08 postfix-2.5.3-sasl2-mysql unace-1.2bp0 unarj-2.43 unrar-3.81 Ignoring postfix for now (built a certain flavour) the others should be able to be simply upgraded using a script. I'm having trouble turning 'p5-Archive-Tar-1.38' into 'p5-Archive-Tar'. I guess that's what this post boils down to. How to remove the last dash and everything after it. -- jm
Re: SSH and ProxyCommand (was Re: rdr and authpf)
2009/1/18 Lars NoodC)n larsnoo...@openoffice.org: Lars NoodC)n wrote: +--E | AB--+--C | +--D Ok. To record my own answer one solution, it was to use HostKeyAlias, to specify which host key to record. Host sound Protocol 2 HostKeyAlias 192.168.124.25 HostName 192.168.118.10 ProxyCommand ssh %h /usr/bin/nc 192.168.124.25 22 I can see some drawbacks with that, but it works for now. -Lars Host B HostName host-B User user-B IdentityFile key-B Host C HostName host-C User user-C IdentityFile key-C ProxyCommand ssh B nc %h %p Note: Investigate ssh-agent if you do not already use it. -- jm
Re: rdr and authpf
2009/1/17 Lars NoodC)n larsnoo...@openoffice.org: I'd like to be able to authorize certain groups of users to be able to log in via ssh from A to B below, but upon/after successful authentication be redirected to ssh on C,D,or E so as to log in and work there. +--E | AB--+--C | +--D What part of authpf can do that? Or is that better with SSH than PF? This is standard SSH duty. Configure A to pass through B to get to E, C, D. Research the 'ProxyCommand' setting. -- jm
Re: Guide about update a port
2008/12/21 Fernando Quintero fernando.a.quint...@gmail.com: Hi list, I would like to know if there is any document or guide about how to update a port? Check out the man page for bsd.port.mk(5): $ man 5 bsd.port.mk and search for 'reinstall'. Obviously you need to get yourself an updated ports tree. Normally you update your entire system as well with either the install media (a new release; binary upgrade), snapshots (binary upgrade), or building world (source code upgrade). /juan
bug management in OpenBSD
Is there a bug tracking system for OpenBSD like bugzilla or launchpad? /juan
Re: bug management in OpenBSD
2008/12/7 Gilles Chehade [EMAIL PROTECTED]: On Sun, Dec 07, 2008 at 10:43:58AM -0500, Juan Miscaro wrote: Is there a bug tracking system for OpenBSD like bugzilla or launchpad? /juan http://www.openbsd.org/ has a link to the bug tracking system You can also look at http://www.openbsd.org/report.html which explains how to report bugs, and look at the sendbug(1) man page. Gilles Thanks, I never saw that link before. Now how does one submit bugs? /juan
Re: bug management in OpenBSD
2008/12/7 Juan Miscaro [EMAIL PROTECTED]: 2008/12/7 Gilles Chehade [EMAIL PROTECTED]: On Sun, Dec 07, 2008 at 10:43:58AM -0500, Juan Miscaro wrote: Is there a bug tracking system for OpenBSD like bugzilla or launchpad? /juan http://www.openbsd.org/ has a link to the bug tracking system You can also look at http://www.openbsd.org/report.html which explains how to report bugs, and look at the sendbug(1) man page. Gilles Thanks, I never saw that link before. Now how does one submit bugs? /juan Sigh. Disregard! /juan
Re: bash for root?
2008/12/3 Diana Eichert [EMAIL PROTECTED]: On Tue, 2 Dec 2008, Brian wrote: --- On Tue, 12/2/08, Ted Unangst [EMAIL PROTECTED] wrote: Install bash statically linked. That's all. Never make a mistake. That's all. Exactly. I don't get this thread. I mean, I could understand BASH as an option when openBSD was moving off of csh back in the day. But ksh works pretty much just like BASH, so I just don't get this. Is this just minor growing pains of someone coming over from linux? This is one of those threads that doesn't want to end and I'm helping it stay alive. The default ksh works great for root. I mean how much time do you spend logged in as root anyway? Use root for emergencies, not for something you spend your day in. FWIW, if you want a kitchen sink shell try zsh. Yup, that's what I'm gonna do. Not for root though. /juan
Re: bash for root?
2008/12/1 Nick Holland [EMAIL PROTECTED]: Juan Miscaro wrote: ... Why not set up a user (ex: bigguy) and then force his uid and gid to be 0 and 0 with vipw? Give that user a nice coloured bash prompt and set up directories in his home. This way you get a customized superuser while keeping the real root environment pristine. Other than generating duplicate user number error reports from the nightly security check, the generally bad idea of duplicate user numbers, creating confusion and ambiguity that doesn't need to be there, the likelihood that you will have forgot the 'root' password when you need it and being a really silly way to solve a completely non-problem? No reason at all. I turn off those annoying checks and I use the same password. Works great. /juan
Re: bash for root?
2008/12/2 Tony Abernethy [EMAIL PROTECTED]: Juan Miscaro wrote: I turn off those annoying checks and I use the same password. Works great. /juan ... until it doesn't. Got anything to back that up? /juan
Re: bash for root?
2008/12/2 Daniel Ouellet [EMAIL PROTECTED]: Juan Miscaro wrote: 2008/12/2 Tony Abernethy [EMAIL PROTECTED]: Juan Miscaro wrote: I turn off those annoying checks and I use the same password. Works great. /juan ... until it doesn't. Got anything to back that up? I remember one specially where a user had to drive about 200 miles... ...He forget that bash wasn't compile statically and needed library... Stop. Install bash statically linked. That's all. /juan
Re: bash for root?
2008/12/2 System Administrator [EMAIL PROTECTED]: On 2 Dec 2008 at 14:33, Juan Miscaro wrote: 2008/12/2 Daniel Ouellet [EMAIL PROTECTED]: Juan Miscaro wrote: 2008/12/2 Tony Abernethy [EMAIL PROTECTED]: Juan Miscaro wrote: I turn off those annoying checks and I use the same password. Works great. /juan ... until it doesn't. Got anything to back that up? I remember one specially where a user had to drive about 200 miles... ...He forget that bash wasn't compile statically and needed library... Stop. Install bash statically linked. That's all. You are missing a very important point that Chris Linn has aluded to: no two shells are exactly alike and sooner or later a script written for one will blow-up in another. And since OpenBSD comes with and reasonably assumes that /bin/sh is the Korn Shell, all system (i.e. root) scripts are written accordingly. The converse is also a likely problem -- you install bash as root shell and start installing bash- specific scripts critical for system operation. Then during an upgrade bash is no longer available or is no longer statically compiled (remember bash in packages is dynamic and you have to upgrade the base OS before you can custom build your bastardized port...) Who would be stupid enough to write system scripts in bash? Just because a user (again, I'm not even talking about root but a user with same uid/gid) has a bash shell does not force him to write bash scripts. The long and the short of it has been repeated here many times: leave the root shell alove And as I've also said many times: I am. /juan
Re: bash for root?
2008/11/30 Nick Holland [EMAIL PROTECTED]: farhan ahmed wrote: Question is how can you make shell statically linked? I thought when you install package it should be linked rather than manual compiling and installing I think that is best left as an exercise for the asker. Here's what it boils down to: There is nothing wrong with a properly implemented 'bash' or any other shell for root. Hint: when the system comes up single user mode, it will ASK you what shell to use. The statically compiled part isn't even critical in OpenBSD, unless you are intent on running bash in single-user mode before all partitions are mounted. The problem is when you break things, you break 'em BIG. Original thread is a case in point. You win awards for courage, not wisdom, for still being intent on using bash as the root shell while you are still walking with a limp from your last experience. There's a lot of stuff that can go wrong when changing a user's default shell over the lifecycles of the system (think upgrades!), virtually all operator error, all avoidable, but errors that can happen tend to happen. When you break JoeAverage's account, no big deal, as long as you can get back as root and fix it. When you break root, you have a problem. Yes, the goal is to do everything right, but another goal is to make it more difficult to do things wrong. If you don't know how to do it right, test it right, and recover it right, don't change the root shell. I realize how it is such finger breaking work to type the five keystrokes b a s h [enter] at a command prompt after logging in...so horrible, I know, but until you know what you are doing, just manually invoke bash. You will know you know what you are doing when you realize you don't need or want to use bash on OpenBSD. The only good reason I've found to use bash on OpenBSD is to make it feel like some other OS, and that's really not a good thing when you are administering the system (i.e., logging in as root!). ksh rocks on OpenBSD. :) Nick. Why not set up a user (ex: bigguy) and then force his uid and gid to be 0 and 0 with vipw? Give that user a nice coloured bash prompt and set up directories in his home. This way you get a customized superuser while keeping the real root environment pristine. /juan
spamd (ftp: connect: Connection timed out)
I am using the default spamd.conf file on a 4.4 RELEASE system and I get several error messages a day: ftp: connect: Connection timed out First, why does it mention ftp when I am using http? Second, why do I regularly get such errors? They occur about 3 a day on different boxes in different geographical locations (albeit not all 4.4 RELEASE). /juan
Re: Wondering about openbsd way to update for patches.
2008/11/22 Javier Vasquez [EMAIL PROTECTED]: Hi, I'm just looking at how openbsd works to see if it suits my needs. I have a small old box (piii celeron @797 MHz 32KB $, with 512 MB ram), and in my experience compiling just the linux kernel takes ~4 hrs, and compiling gcc/g++ takes ~24 hrs... I read in the documentation that if there are fixes, they come through patches, and then to keep things simple, the easiest fastest way is to keep the whole stable source tree up to date with patches, which imply initial compilation + recompiling any time a patch arise... I'm wondering whether this would mean lots of compilation time, which in this small machine might take too much... So it's true there's no binary way to keep the system patched, right? Thanks, -- Javier If you want to apply patches without recompiling the system just apply the individual patches. Sometimes a patch also requires the kernel to be built but that doesn't take long. /juan
Ralink RT2571W based cards
Hey all, I am in the market to buy a Ralink RT2860 based wifi card (rum). Before I go out an buy one I am curious if anyone has had good experience with the Qcom LR802UKG 54 MBps USB card. I will be running this in Host AP mode using SSH and authpf. Cheers, /juan
Re: help with CPAN after upgrade to 111108 snapshot
2008/11/15 Stuart Henderson [EMAIL PROTECTED]: http://www.openbsd.org/faq/current.html If you use -current, you *have* to follow this page. On 2008-11-15, Juan Miscaro [EMAIL PROTECTED] wrote: 2008/11/15 Juan Miscaro [EMAIL PROTECTED]: Hi, I upgraded to the 08 snapshot and when trying to install a Perl module with CPAN I'm getting errors: $ cpan CPAN: File::HomeDir loaded ok (v0.69) Use of uninitialized value in subroutine entry at /usr/libdata/perl5/i386-openbsd/5.10.0/DynaLoader.pm line 226. Use of uninitialized value $len in bitwise and () at (eval 275) line 1. Use of uninitialized value $len in bitwise and () at (eval 277) line 1. cpan shell -- CPAN exploration and modules installation (v1.9205) ReadLine support enabled cpan[1] install Unix::Syslog CPAN: Storable loaded ok (v2.18) Going to read /var/cpan/Metadata Database was generated on Sat, 27 Sep 2008 18:26:49 GMT CPAN: LWP::UserAgent loaded ok (v2.036) CPAN: Time::HiRes loaded ok (v1.9711) Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Catching error: 'Can\'t use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. ' at /usr/libdata/perl5/CPAN.pm line 281 CPAN::shell() called at /usr/bin/cpan line 198 Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Lockfile removed. Can't use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. Any ideas? Thanks a lot. /juan Update, On another equally upgraded host I *can* install the same module but crashes when I try to run a script. It seems to be pointing to an OpenBSD-specific file: object version 3.56 does not match bootstrap parameter %_ at /usr/libdata/perl5/i386-openbsd/5.10.0/XSLoader.pm line 88. /juan Thanks for the reminder. I managed to remove many Perl modules. The thing is that they were installed via CPAN so pkg_delete could not be used (I used a Perl script instead). A lot of the stuff on that page does not apply to me because I am not building/compiling a release but overwriting files with snapshots. Unless I'm missing something? Sadly, my situation remains the same [1]. Do you have any other advice? /juan [1] $ cpan CPAN: File::HomeDir loaded ok (v0.69) Use of uninitialized value in subroutine entry at /usr/libdata/perl5/i386-openbsd/5.10.0/DynaLoader.pm line 226. Use of uninitialized value $len in bitwise and () at (eval 275) line 1. Use of uninitialized value $len in bitwise and () at (eval 277) line 1. cpan shell -- CPAN exploration and modules installation (v1.9205) ReadLine support enabled cpan[1] install Unix::Syslog CPAN: Storable loaded ok (v2.18) Going to read /var/cpan/Metadata Database was generated on Sat, 27 Sep 2008 18:26:49 GMT CPAN: LWP::UserAgent loaded ok (v2.036) CPAN: Time::HiRes loaded ok (v1.9711) Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Catching error: 'Can\'t use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. ' at /usr/libdata/perl5/CPAN.pm line 281 CPAN::shell() called at /usr/bin/cpan line 198 Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Lockfile removed. Can't use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54.
Re: help with CPAN after upgrade to 111108 snapshot
2008/11/15 Stuart Henderson [EMAIL PROTECTED]: On 2008/11/15 10:24, Juan Miscaro wrote: Thanks for the reminder. I managed to remove many Perl modules. The thing is that they were installed via CPAN so pkg_delete could not be used (I used a Perl script instead). A lot of the stuff on that page does not apply to me because I am not building/compiling a release but overwriting files with snapshots. Unless I'm missing something? Basically: any XS modules must be rebuilt. Some other software won't work and will need an upgrade. We've already done the hard work for things in packages, if you don't use that then we can't really help you, you'll have to handle it yourself. Seems like new LWP is probably a good start. Sadly, my situation remains the same [1]. Do you have any other advice? /juan [1] $ cpan CPAN: File::HomeDir loaded ok (v0.69) Use of uninitialized value in subroutine entry at /usr/libdata/perl5/i386-openbsd/5.10.0/DynaLoader.pm line 226. Use of uninitialized value $len in bitwise and () at (eval 275) line 1. Use of uninitialized value $len in bitwise and () at (eval 277) line 1. cpan shell -- CPAN exploration and modules installation (v1.9205) ReadLine support enabled cpan[1] install Unix::Syslog CPAN: Storable loaded ok (v2.18) Going to read /var/cpan/Metadata Database was generated on Sat, 27 Sep 2008 18:26:49 GMT CPAN: LWP::UserAgent loaded ok (v2.036) CPAN: Time::HiRes loaded ok (v1.9711) Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Catching error: 'Can\'t use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. ' at /usr/libdata/perl5/CPAN.pm line 281 CPAN::shell() called at /usr/bin/cpan line 198 Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Lockfile removed. Can't use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. I've tried to go the all-packages way but there are often packages missing. For instance, I just tried to install snapshot packages and there isn't any 'libghttp' available. This is a huge package (it's a dependency of libwww). /juan
help with CPAN after upgrade to 111108 snapshot
Hi, I upgraded to the 08 snapshot and when trying to install a Perl module with CPAN I'm getting errors: $ cpan CPAN: File::HomeDir loaded ok (v0.69) Use of uninitialized value in subroutine entry at /usr/libdata/perl5/i386-openbsd/5.10.0/DynaLoader.pm line 226. Use of uninitialized value $len in bitwise and () at (eval 275) line 1. Use of uninitialized value $len in bitwise and () at (eval 277) line 1. cpan shell -- CPAN exploration and modules installation (v1.9205) ReadLine support enabled cpan[1] install Unix::Syslog CPAN: Storable loaded ok (v2.18) Going to read /var/cpan/Metadata Database was generated on Sat, 27 Sep 2008 18:26:49 GMT CPAN: LWP::UserAgent loaded ok (v2.036) CPAN: Time::HiRes loaded ok (v1.9711) Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Catching error: 'Can\'t use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. ' at /usr/libdata/perl5/CPAN.pm line 281 CPAN::shell() called at /usr/bin/cpan line 198 Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Lockfile removed. Can't use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. Any ideas? Thanks a lot. /juan
Re: help with CPAN after upgrade to 111108 snapshot
2008/11/15 Juan Miscaro [EMAIL PROTECTED]: Hi, I upgraded to the 08 snapshot and when trying to install a Perl module with CPAN I'm getting errors: $ cpan CPAN: File::HomeDir loaded ok (v0.69) Use of uninitialized value in subroutine entry at /usr/libdata/perl5/i386-openbsd/5.10.0/DynaLoader.pm line 226. Use of uninitialized value $len in bitwise and () at (eval 275) line 1. Use of uninitialized value $len in bitwise and () at (eval 277) line 1. cpan shell -- CPAN exploration and modules installation (v1.9205) ReadLine support enabled cpan[1] install Unix::Syslog CPAN: Storable loaded ok (v2.18) Going to read /var/cpan/Metadata Database was generated on Sat, 27 Sep 2008 18:26:49 GMT CPAN: LWP::UserAgent loaded ok (v2.036) CPAN: Time::HiRes loaded ok (v1.9711) Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Catching error: 'Can\'t use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. ' at /usr/libdata/perl5/CPAN.pm line 281 CPAN::shell() called at /usr/bin/cpan line 198 Fetching with LWP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz LWP failed with code[500] message[Can't use an undefined value as a symbol reference] Fetching with Net::FTP: ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz Lockfile removed. Can't use an undefined value as a symbol reference at /usr/libdata/perl5/Net/FTP/dataconn.pm line 54. Any ideas? Thanks a lot. /juan Update, On another equally upgraded host I *can* install the same module but crashes when I try to run a script. It seems to be pointing to an OpenBSD-specific file: object version 3.56 does not match bootstrap parameter %_ at /usr/libdata/perl5/i386-openbsd/5.10.0/XSLoader.pm line 88. /juan
In a bit of a pickle with ral0
I'm providing wireless internet access for a small building with OpenBSD 4.3 (some snapshot) as access point. I'm using the ral driver. I regularly need to bring down and then back up the interface with ifconfig. Is this normal? Is there anything I can do short of replacing the card? As an aside, I'm pondering going wired but plugging into a wireless bridge. Any recommendations on models? ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:18:f8:28:b9:f4 groups: wlan media: IEEE802.11 DS11 mode 11b hostap (autoselect mode 11b hostap) status: active ieee80211: nwid MYNETWORK chan 11 bssid 00:18:f8:28:b9:f4 100dBm inet6 fe80::218:f8ff:fe28:b9f4%ral0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 Thanks for listening, /juan
trouble installing ports (No packages available in the PKG_PATH)
I'm scripting a reinstall routine for my ports on 4.3. When I come to 'make reinstall' the thing is trying to download from the $PKG_PATH that I have set earlier in my script and, of course, does not find the files it needs. Removing that variable and I get No packages available in the PKG_PATH. Relevant snippet: export SUBDIR=$(pkg_info -Pq postfix) cd /usr/ports make reinstall Any ideas? ~juan
OpenBSD and VIA CX700 chipset?
Hi gang. I'm looking at setting up a small box for the new 4.4 release. Does this release support the VIA CX700 chipset? I have found references to OpenBSD and VIA CPUs and the odd controller but not the chipset itself. The actual board I'm looking at is here: http://www.logicsupply.com/products/lt1eag Thanks in advance, /juan
Re: 4.4 (back) in Canada
2008/10/21 Don Hiatt [EMAIL PROTECTED]: Just received 4.4 in Vancouver, BC along with my sweet new T-Shirt. :-) Got my disc yesterday in Montreal. /juan
Re: how to bring up wifi card automatically when boot
2008/10/4 elflord woods [EMAIL PROTECTED]: hi all for the moment i use sudo dhclient ipw0 to manually bring the wifi card how can i do this automatically each time i boot the machine ? i have no idea how to edit the start-up scripts $ man hostname.if ~juan
Re: how to turn off greylisting?
2008/9/25 jared r r spiegel [EMAIL PROTECTED]: On Thu, Sep 25, 2008 at 10:25:19PM -0400, Juan Miscaro wrote: I have stopped my spamd on my 4.3 box and went ahead and restarted it with the '-b' switch. However, the output of spamdb tells me that greylisting is still active. What is happening? maybe /home/jrrs $ fgrep grey /etc/rc* /etc/rc.conf:spamd_black=NO # set to YES to run spamd without greylisting Huh thanks but I'm talking real-time. ~juan
how to turn off greylisting?
I have stopped my spamd on my 4.3 box and went ahead and restarted it with the '-b' switch. However, the output of spamdb tells me that greylisting is still active. What is happening? ~juan
turning off spamd greylisting
I am running 4.3 (june 4 snapshot) and I'm using spamd in the default greylisting mode. Works fine. Now I would like to know what is the best way to immediately turn off greylisting mode and enter blacklisting mode only. Stopping spamd and then starting it with the '-b' switch? Or do I need to flush some tables? Other? Thank you, /juan
Re: recommendation for router (COMMELL)
2008/9/17 Diana Eichert [EMAIL PROTECTED]: On Wed, Sep 17, 2008 at 08:56:07AM +, Stuart Henderson wrote: On 2008-09-17, Juan Miscaro [EMAIL PROTECTED] wrote: Has anyone any experience running OpenBSD on this puppy: http://www.commell-sys.com/Product/IPC/EMB-564.htm I'm looking for a replacement for my tower that is currently acting as router, anti-spam, mail server for a small network/domain. They should run OpenBSD fine. But disk storage might be a problem. Continuously running 2.5 drives in fanless cases don't tend to last very long; the alternatives (DOM or compactflash) would not be great choices for a typical mail server. I have one, it's okay, but like all PC based system it suffers from crappy BIOS serial port redirection. I second Stuart's opinion regarding not running a mail server on it. Thanks everyone for your comments. I guess I'll look elsewhere. Now how about the inverse question? What *would* you recommend? In addition to the listed duties, I am looking for stability, quietness, and low power (in that order). Don't need 4 lan ports (at least 2) but 3 would be nice. /juan
Re: ascii bandwidth report
2008/9/17 Joe S [EMAIL PROTECTED]: Now that my ISP is imposing bandwidth caps, I need to start measuring my usage. Graphs are nice, but I've found that graphs are not really that useful to me. I need something to report what my cummalative usage is in a 30 day period. I'd like the data in some sort of ascii format, but html is ok too. I think I need something that can poll snmp stats from fxp0, which is attached to my cable modem. Something small would be preferred. I'm not interested in cacti or other large installations. My needs are very modest...I hope. After googling for a little bit, I only found 2 apps that might work on my OpenBSD 4.3-stable firewall, vmnet and rtg. There is port or package available for either though. The output of vmnet -m is what I'm looking for, so I'll try that first. I was happy to see that rtg is now in current-ports, so I should be able to use it once I get my preordered CDs. If you have any suggestions, or you have a perl/python script that you would like to share, it would be appreciated. Yes, I have a shell script that does this. It gives usage breakdown by network protocol and outputs this in an HTML table. It is based on pf rule labels and pfctl output. I'll post it here when I find it. /juan
Re: ascii bandwidth report
2008/9/17 Joe S [EMAIL PROTECTED]: Thanks for the comment. However I'm not looking for a graphing solution like cacti, although there is a report plugin for cacti. Cacti seems overkill. I did setup have some simple temperature and io graphs, courtesy of symon. On Wed, Sep 17, 2008 at 8:44 AM, Christophe Rioux [EMAIL PROTECTED] wrote: Hi I use cacti to monitor my routers, servers and firewalls. I also build the associated report (templates) thanks to http://www.packetmischief.ca/openbsd/snmp/): interfaces and temperature. You can install cacti under Windows or under Linux. May be this can also work on OpenBsd (never test it) Regards -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Joe S Envoyi : mercredi 17 septembre 2008 17:20 @ : misc@openbsd.org Objet : ascii bandwidth report Now that my ISP is imposing bandwidth caps, I need to start measuring my usage. Graphs are nice, but I've found that graphs are not really that useful to me. I need something to report what my cummalative usage is in a 30 day period. I'd like the data in some sort of ascii format, but html is ok too. I think I need something that can poll snmp stats from fxp0, which is attached to my cable modem. Something small would be preferred. I'm not interested in cacti or other large installations. My needs are very modest...I hope. After googling for a little bit, I only found 2 apps that might work on my OpenBSD 4.3-stable firewall, vmnet and rtg. There is port or package available for either though. The output of vmnet -m is what I'm looking for, so I'll try that first. I was happy to see that rtg is now in current-ports, so I should be able to use it once I get my preordered CDs. If you have any suggestions, or you have a perl/python script that you would like to share, it would be appreciated. Here you go! Comments and improvements welcome. /juan [demime 1.01d removed an attachment of type application/x-sh which had a name of ipaccnt.sh]
recommendation for router (COMMELL)
Has anyone any experience running OpenBSD on this puppy: http://www.commell-sys.com/Product/IPC/EMB-564.htm I'm looking for a replacement for my tower that is currently acting as router, anti-spam, mail server for a small network/domain. /juan
scripting port install driving me mad
Hi, I have a script that I use to automate server installations. Every time I come to the point of installing a port with a certain flavor: postfix with sasl2/mysql I can never get it to work. I thought I had it working before by putting in the Makefile: FLAVORS= sasl2 mysql but this is ignored. Putting the following in the script also barfs: env FLAVOR=sasl2 mysql What am I missing? /juan
Re: scripting port install driving me mad
2008/7/12 Stuart Henderson [EMAIL PROTECTED]: On 2008-07-12, Juan Miscaro [EMAIL PROTECTED] wrote: Hi, I have a script that I use to automate server installations. Every time I come to the point of installing a port with a certain flavor: postfix with sasl2/mysql I can never get it to work. I thought I had it working before by putting in the Makefile: FLAVORS= sasl2 mysql but this is ignored. Putting the following in the script also barfs: env FLAVOR=sasl2 mysql What am I missing? /juan Why not just provide a local package repository with things like this ready-built? Then you can point PKG_PATH at it and upgrade them easily in the future too. Heh, that's what I'm trying to do. You can use SUBDIRLIST to build a list of ports with certain flavours. See /usr/ports/infrastructure/plist for example lists. I can't find documentation for SUBDIRLIST. Thanks to everyone who responded. I seem to be making headway. /juan
application level failover
Hi, using OpenBSD (4.3 current), what is the recommended way to set up application level failover? Let's say I have content that is constantly edited by several internal users (like a webserver dishing up text and images) and is available to the internet. If I want to have failover that content needs to synchronize real-time with a second machine. Apart from setting up the network part (with relayd I think), how is the data synchronization done? For a more complex case, how is failover achieved for IMAP services? Thanks everyone, /juan
can't remove greytrapped entry from spamdb
(On 4.3 recent snapshot) I began receiving mail for a certain email address and forgot to adjust my /etc/mail/spamd.alloweddomains file (where I have a list of all valid email addresses). So I found the following spamd logging reasonable: spamd[5771]: 10.10.10.10: disconnected after 386 seconds. lists: spamd-greytrap Along with its spamdb entry: TRAPPED|10.10.10.10|1214679171 However, after including the offending email address and stopping and restarting spamd; and removing the greytrapped/blacklisted host from spamdb like so $ sudo spamdb -T -d 10.10.10.10 I continue to get the same logging message and the address is again found in spamdb: $ sudo spamdb | grep 10.10.10.10 Password: GREY|10.10.10.10|... Granted that the last time it showed up as TRAPPED and now it shows GREY. But why does the log message say greytrap? /juan
Re: can't remove greytrapped entry from spamdb
2008/6/27 Juan Miscaro [EMAIL PROTECTED]: (On 4.3 recent snapshot) I began receiving mail for a certain email address and forgot to adjust my /etc/mail/spamd.alloweddomains file (where I have a list of all valid email addresses). So I found the following spamd logging reasonable: spamd[5771]: 10.10.10.10: disconnected after 386 seconds. lists: spamd-greytrap Along with its spamdb entry: TRAPPED|10.10.10.10|1214679171 However, after including the offending email address and stopping and restarting spamd; and removing the greytrapped/blacklisted host from spamdb like so $ sudo spamdb -T -d 10.10.10.10 I continue to get the same logging message and the address is again found in spamdb: $ sudo spamdb | grep 10.10.10.10 Password: GREY|10.10.10.10|... Granted that the last time it showed up as TRAPPED and now it shows GREY. But why does the log message say greytrap? Disregard, it was greyscanner.pl that didn't like the private address and greytrapped it. /juan
Re: broken dependencies ?
2008/6/22 Predrag Punosevac [EMAIL PROTECTED]: To be honest with you I didn't particularly like the tone of your message and I am not even developer. Let's see... I don't complain, but what I can do. I am not sure about a diagnose, I think The packages are broken. But I'm not an expert and I don't want to make stupid appreciation on others people great work. I can send the exact errors. It will be copy by hand, since my OBSD computer is almost not installed, without X. Please send and idea, am I doing something wrong ? What tone are you talking about? /juan
question on spamd.alloweddomains
I have a question re spamd.alloweddomains. The spamd man [0] page talks about domain suffixes. Is it possible to populate the file with actual addresses? Seems this would be more effective. /juan [0] The file /etc/mail/spamd.alloweddomains can be used to specify a list of domainname suffixes, one per line, one of which must match each destina- tion email address in the greylist. Any destination address which does not match one of the suffixes listed in spamd.alloweddomains will be trapped, exactly as if it were sent to a spamtrap address.
no thttpd.conf for OpenBSD?
I just installed the thttpd package on a recent snapshot (060408) and noticed it only comes with two files: $ pkg_info -L thttpd Information for inst:thttpd-2.25bp1 Files: /usr/local/man/man8/thttpd.8 /usr/local/sbin/thttpd I then looked at the port's distfiles and there is something called contrib/redhat-rpm/thttpd.conf: # This section overrides defaults dir=/home/httpd/html chroot user=httpd# default = nobody logfile=/var/log/thttpd.log pidfile=/var/run/thttpd.pid # This section _documents_ defaults in effect # port=80 # nosymlink# default = !chroot # novhost # nocgipat # nothrottles # host=0.0.0.0 # charset=iso-8859-1 Am I supposed to bolt together my own config file or has there been an omission? [0] ftp://ftp.openbsd.org/pub/OpenBSD/distfiles/thttpd-2.25b.tar.gz /juan
Re: knowing spamd blacklist size
2008/6/5 Jim Razmus [EMAIL PROTECTED]: * Jose Fragoso [EMAIL PROTECTED] [080604 09:04]: Hi, In OpenBSD 4.3, is there a way to find out via script the current size of the spamd blacklist? Thanks in advance. Regards, Jose -- Mail.com Autos- Powered by Oncars.com: Drive By Today! http://www.oncars.com man 8 spamdb perhaps: spamdb | grep TRAPPED That just gives connecting hosts that match an entry in the blacklist. /juan
Re: remove any unwanted devices from the kernel.
2008/6/5 Jon [EMAIL PROTECTED]: I usually name the kernel to the machine hostname, but you can give it any name. Edit the kernel config file: Remove any hardware related options that are not relevant to your machine. http://www.muine.org/~hoang/openpf.html#customize Why would someone want to do this? Is this nothing more than saving a negligible amount of memory? People do this mostly to feel good about themselves. But, yes, removing stuff saves a few kB. There is also the thinking that removing unnecessary stuff makes the system more secure. This latter approach is more pertinent to a modular kernel such as the Linux kernel. OpenBSD, of course, uses a classical monolithic kernel. Let it be known that user-customized OBSD kernels are unsupported by the developers. Do it only if you have a very good reason to do so (activate a software feature or to get some special h/w to work). /juan
separating normal ssh logins from authpf logins
Hi, I got 4.2 running as an 3-legged internet gateway/nat system. It provides net access for both a wired subnet and a wireless subnet. Wireless access is secured with authpf. I want to completely separate management for normal logins and for authpf logins. This applies in the context of both external and internal logins. I want the internal users to remain so. Even though nothing would work if they did make a login attempt but it seems very messy to me. Is running two instances of sshd the only solution or am I totally confused? /juan
Debian libssl security (OpenSSH safe?)
I guess everyone by now has heard about the very serious libssl vulnerability on Debian/Ubuntu? Just making sure that the source is safe, thanks. /juan
waiting for a snapshot
Hi everyone, I'm waiting to set up a new box with the latest snapshot but the corresponding i386 packages directory on the main ftp server is empty. When will it be populated? Thank you, /juan __ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Re: wrong files on ftp://ftp.openbsd.org/pub/OpenBSD/4.2/ ?
--- Jacob Meuser [EMAIL PROTECTED] wrote: On Sat, Mar 22, 2008 at 03:55:20PM -0400, Juan Miscaro wrote: Seems like something a lot of people get bitten by. How does one stay informed on this snapshot libc/packages synchronization issue? subscribe to [EMAIL PROTECTED] to see when libc bumps happen, then check the dates of the snapshots and packages. The subject titles of the messages to that list are non-informative. Do you mean that I should read every one that says: CVS: cvs.openbsd.org: src ? /juan __ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Re: Dangers to upgrading without install kernel
--- Nick Holland [EMAIL PROTECTED] wrote: Juan Miscaro wrote: Hello, The online upgrade documentation [1] is fairly vehement about its recommendation regarding the use of the install kernel when upgrading. I was wondering why? What dangers await someone going down the remote upgrade path? /juan [1] http://www.openbsd.org/faq/upgrade42.html#upgrade IF you follow the remote upgrade process properly, it works. When I write it, I test first on a machine in my lab, then one in my basement, then one across town that is my mail and web server, and then a bunch of other machines. So, by the time I remove the warning notes from the new version of the file, it's ready for use. I don't recall anyone reporting that they followed the upgradeXX.html and their system died because of it. However, I don't get a lot of test reports for the process, a lot more testing goes on for the install kernel process. HOWEVER, there is stuff that can happen. If you are in front of the machine running the install kernel, you have a much better chance of dealing with it. The number of ways things can go right is very finite, typically. The number of ways things can go bad is...big. Really big. Here are just a few things that could go wrong: IF you were doing 4.1 - 4.2 upgrade and your machine happened to be one of the five that someone estimated might be impacted by the ahci driver change, you would be really unhappy if you had no serial console on the system, as your machine would suddenly refuse to boot, because your HD became sd(4) devices instead of wd(4) devices. Same goes if you were any of the twenty or so people who guessed their machines would do that, and didn't. If your hard disk developed a bad spot that didn't impact operation and yet prevented booting, you will be unhappy when you reboot (been there, done that. In my case, I saw the warning signs in dmesg, and knew the machine would probably not come back up. You might not be so lucky or observant). You could easily fat-finger something, installing (say) the new kernel in the wrong place and finding out the old kernel doesn't support the new userland. You could be trying to install i386 file sets on your sparc64 system. (been there, done that, too. Works great, until you hit reboot) Your system will be semi-functional during the upgrade, this may be bad, or may be good, or may be completely indifferent. When you use the install kernel, the system is in a known state: it is DOWN, and it will stay that way until you reboot it AFTER the upgrade. However, there are several interesting time periods on the live system upgrade -- early on, you are running with the new kernel and old userland. PF doesn't always come up in that situation...so you may be running without any filters for any apps on the machine. Those apps may be running or maybe not. Those apps may start out running, then blow up once you start unpacking the userland files (hello, Sendmail!). Maybe your machine is involved in a CARP set, during the upgrade maybe it is, maybe it isn't, and maybe it shouldn't be while mid-upgrade but maybe it is anyway. In other words, you will get to your destination, but the states in the between start and finish may not be fully understood by you, and you may not be happy with the impact of that interim time. Again, this is not intended to be a complete list of what could go wrong for you. The remote upgrade process is here because a lot of people who understand their systems need it, and I need it, so I spend the time working on it. However, it's not officially recommended process, rebuilding a live system remotely is just not quite as error tolerant as using an install kernel locally. We'd be nuts to try to tell you otherwise. Nick. Thank you for this magnanimous reply. /juan
Dangers to upgrading without install kernel
Hello, The online upgrade documentation [1] is fairly vehement about its recommendation regarding the use of the install kernel when upgrading. I was wondering why? What dangers await someone going down the remote upgrade path? /juan [1] http://www.openbsd.org/faq/upgrade42.html#upgrade __ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Perl module crashing on 180308 snapshot
I'm getting a loading/compilation error of the Compress::Zlib Perl module after upgrading to the 180308 snapshot. Anyone else having troubles? /juan
Re: wrong files on ftp://ftp.openbsd.org/pub/OpenBSD/4.2/ ?
--- Theo de Raadt [EMAIL PROTECTED] wrote: I just noticed that the files PACKAGES, PORTS and README in the 4.2 directory have a relative new date and mention OpenBSD 4.3. Doesn't look right to me. Oops. Thanks for noticing. Sorry to hijack this thread but I have a question related to it: the i386 (others too?) snapshot packages are out-of-date, is this issue known? Packages want libc 43 but base has been bumped to 44. Base snapshots have moved to -current, but the packages are still in the process of being built for the release which will go out the door in a month or so. Doing this is intentional; it benefits our development processes. We do this every release, since we use the snapshots to engage developers instead of users. developers will now already be keeping their eye on what will make it into the next releases. Some users will think that they can use snapshots to get something near or just before 4.3 early, but no... that time is over. As soon as the pkg building machines are finished their job and free to move forward, then newer snapshot packages will start showing up. Due to the limits of FTP space, and in particular the links to move data up to the ftp mirrors, we just don't have any way to do both. Seems like something a lot of people get bitten by. How does one stay informed on this snapshot libc/packages synchronization issue? /juan __ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
question re spamd.alloweddomains file
I have populated /etc/mail/spamd.alloweddomains with all email addresses serviced by my Postfix server. Nevertheless, I still see entries in my mail log that submissions to non-existent addresses are being attempted. One thing I have noticed is that, so far, all submissions have as their origin my backup MX server (which unfortunately is a third party beyond my control). I am running OpenBSD 4.2. Comments? TIA, /juan Instant Messaging, free SMS, sharing photos and more... Try the new Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/
pfctl: Cannot allocate memory. [yes, i have set limit table-entries ]
I had a 4.0 system where this was happening all the time. Back then, everyone said to update to 4.1!. Well now I'm running 4.2 (stable) and it's happening all over again. I reduced my blacklists from nixspam:uatraps:china:korea to just uatraps:china:korea and it's still happening. This is what I get on the command line when it (spamd-setup) works: Getting http://www.openbsd.org/spamd/traplist.gz blacklist uatraps 73181 entries Getting http://www.openbsd.org/spamd/chinacidr.txt.gz blacklist china 431 entries Getting http://www.openbsd.org/spamd/koreacidr.txt.gz blacklist korea 270 entries Not very many entries there. Actually, I am noticing that it always works from the command line. It's the cron job that produces the error 50% of the time (every 2nd hour). Cron says: 0 * * * * /usr/libexec/spamd-setup My pf.conf contains: set limit table-entries 20 My spamd.conf follows: all:\ :uatraps:china:korea: # University of Alberta greytrap hits. # Addresses stay in it for 24 hours from time they misbehave. uatraps:\ :black:\ :msg=Your address %A has sent mail to a ualberta.ca spamtrap\n\ within the last 24 hours:\ :method=http:\ :file=www.openbsd.org/spamd/traplist.gz # Nixspam recent sources list. # Mirrored from http://www.heise.de/ix/nixspam nixspam:\ :black:\ :msg=Your address %A is in the nixspam list\n\ See http://www.heise.de/ix/nixspam/dnsbl_en/ for details:\ :method=http:\ :file=www.openbsd.org/spamd/nixspam.gz # Mirrored from http://www.okean.com/chinacidr.txt china:\ :black:\ :msg=SPAM. Your address %A appears to be from China\n\ See http://www.okean.com/asianspamblocks.html for more details:\ :method=http:\ :file=www.openbsd.org/spamd/chinacidr.txt.gz: # Mirrored from http://www.okean.com/koreacidr.txt korea:\ :black:\ :msg=SPAM. Your address %A appears to be from Korea\n\ See http://www.okean.com/asianspamblocks.html for more details:\ :method=http:\ :file=www.openbsd.org/spamd/koreacidr.txt.gz: Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Re: pop-before-smtp and spamd
--- Cameron Schaus [EMAIL PROTECTED] wrote: Juan Miscaro wrote: Are there standard solutions for dealing with the obvious collision between pop-before-smtp and spamd (in greylisting mode)? I know many will say to use SMTP AUTH but right now I want to try to get my current setup to work. My first idea was to hack the pop-before-smtp Perl script to have the thing (daemon) add connecting/authenticating sender IPs to a pf whitelist table. I'm running OpenBSD 4.2 (stable) with Postfix 2.5. Why not use port 587 to send mail, instead of port 25, and only allow SMTP Auth from this port. Right now I'm talking about using pop-before-smtp. /juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Not updating .libs-XXXXX, remember to clean it (huh?)
I am working with a recent snapshot installation (090208) and I have some questions regarding updating packages with pkg_add. ... 1. I am shown the following: Not updating .libs-curl-7.16.2, remember to clean it Not updating .libs-db-4.2.52p11, remember to clean it Not updating .libs-pcre-7.1, remember to clean it Not updating .libs-png-1.2.18, remember to clean it How do I clean it? I have these files on my system. By cleaning it should I merely delete the earlier version? If so, why doesn't pkg_add do it? /usr/local/lib/libcurl.so.8.0 /usr/local/lib/libcurl.so.6.0 /usr/local/lib/db4/libdb.so.4.2 /usr/local/lib/db4/libdb.so.5.0 /usr/local/lib/libpcre.so.2.1 /usr/local/lib/libpcre.so.1.1 /usr/local/lib/libpng.so.5.2 /usr/local/lib/libpng.so.6.0 ... 2. I am using the following incantation: # pkg_add -ui but the documentation [1] says to use: # pkg_add -ui -F depends -F updatedepends However, the man page states that the first keyword is unsafe. What is the recommended procedure and why would I need to use special keywords for forcing stuff? ... 3. To serve remote systems, on my server I store installed packages locally through the use of the PKG_CACHE variable. Thus, after a packages upgrade, I am left with multiple versions of the same package. Is there any known method, besides manual deletion, that will clear out the older versions? Thanks in advance, /juan [1] http://www.openbsd.org/faq/upgrade42.html#Pkgup Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
maildrop with mysql support (how?)
Hi. I'm running the 280108 snapshot and would like to install the maildrop package with mysql support. There is no package like that and the port Makefile does not mention mysql. Is there any way to do this? /juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
updating ports due to library change
Hi. I have a 'master' server on which I build all packages and ports that become available to other 'slave' systems via PKG_PATH. I am running with snapshots and have 280108 (bsd) installed. The master contains both libc.so.42.0 libc.so.43.0 Now the slave complains of not being able to install the master's packages built from the ports tree. The slave only posesses libc.so.43.0 thus parsing unace-1.2bp0 Can't install unace-1.2bp0: lib not found c.42.0 c.42.0: partial match in /usr/lib: major=43, minor=0 (bad major) The ports tree for 280108 was late coming out so I thought downloading the latest one (020208) and performing the following on the master's ports: # make update This did not do anything. I guess because the port versions did not change. I uninstalled a test port on the master and reinstalled. I guess the latest library is always used upon installation because the slave could then install the resulting package. So I'm wondering whether the behaviour of 'make update' should change to avoid this type of problem. Maybe it should see that a newer library is available and at least create a package without installing it locally. How are others coping with this issue? Is there something I should be doing for this specific scenario? /juan
pkg_delete: removing the resulting port/package file
When I install by port a package is first built. When deleting the package with pkg_delete the package is removed (no longer installed) but that built package file remains. Is there any way to get rid of it during the deletion? I'm running the latest snapshot. /juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Re: PowerEdge T105
--- Sevan / Venture37 [EMAIL PROTECTED] wrote: I spent some time today testing Free/Open/NetBSD on the 2 PowerEdges which turned up yesterday. You can find the dmesgs here: http://geeklan.co.uk/files/poweredge_t105/ You feel like putting them up here: http://www.nycbug.org/index.php?NAV=dmesgd;SQLIMIT=20 Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca
Re: Dell PowerEdge 1950 III / R200
--- Reza Muhammad [EMAIL PROTECTED] wrote: Hi all, I'm looking to buy a server that supports OpenBSD and I'm looking at either Dell PowerEdge 1950 III or Dell PowerEdge R200. I noticed Marco (marco@)'s message about Dell PERC 6i that exists on PowerEdge 1950 III and R2000. But, if I'm not going to use RAID and only use Serial ATA hard drive, would I be able to install OpenBSD on it? I just did a test install of a new PowerEdge R200 [1]. 4.2 Release would not install on it. I achieved an install only with a very recent snapshot (28-01-08). So far, everything is working. I do not have any RAID card but one that can be purchased with the R200, the LSI/SAS5iR, is listed as supported by mpi [2] on the i386 page. [1] http://www.nycbug.org/?NAV=dmesgd;f_dmesg=;f_bsd=;f_nick=;f_descr=;dmesgid=1929#1929 [2] http://www.openbsd.org/cgi-bin/man.cgi?query=mpiarch=i386sektion=4 /juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca
Re: 4.2 install freezes at rd0: fixed, 3800 blocks
2008/1/26, Juan Miscaro [EMAIL PROTECTED]: Hi. I'm attempting to install 4.2 on a Dell Poweredge R200. Initially the blue install screen froze at a USB device (husb4 I think). I disabled all USB ports in the BIOS and now the freeze occurs at the following line: rd0: fixed, 3800 blocks --- J.W. Zondag [EMAIL PROTECTED] wrote: Hi, Had the same problem installing 4.2 on Dell PowerEdge 1950 III, but that problem was solved when installing with latest snapshot (23-01-2008), now stuck because Dell Perc 6i is not functioning properly, which is (hopefully ;) being fixed as we speek. [Please do not top post.] That's funny, I thought disklabel was completely broken for that snapshot. I got the rd0 message when using Release. /juan
4.2 install freezes at rd0: fixed, 3800 blocks
Hi. I'm attempting to install 4.2 on a Dell Poweredge R200. Initially the blue install screen froze at a USB device (husb4 I think). I disabled all USB ports in the BIOS and now the freeze occurs at the following line: rd0: fixed, 3800 blocks Does anyone know what I can do to install OpenBSD on this machine? Thanks in advance, /juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
install error: uid 0 on /: file system full
I'm trying to install using cd42.iso from the 230108 snapshot and I get a critical error when I try to set up my hard disk. Right after the question Do you want to use *all* of wd0 for OpenBSD? Whether I answer y or no (and then try to create a partition) this is what I get: uid 0 on /: file system full /: write failed, file system is full Segmentation fault ERROR: No root partition (wd0a). This has happened to a real machine as well as a virtual one. Is this standard stuff when using a snapshot? Thanks for any advice, /juan Get a sneak peak at messages with a handy reading pane with All new Yahoo! Mail: http://ca.promos.yahoo.com/newmail/overview2/
Re: wireless access point woes (ral device)
--- Alexander Hall [EMAIL PROTECTED] wrote: Juan Miscaro wrote: Hi, I am using OpenBSD 4.2 as my WAP with a ral adapter. My wireless client is running Kubuntu. The server is running dnsmasq (DHCP/DNScaching) and everything works. However, after a while the connection breaks completely and the only thing that rectifies the situation is a reboot on the serverside. I thought this instability may be a simplex/duplex issue. Here is the ifconfig ouput for ral0: ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:18:f8:28:b9:f4 groups: wlan media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid WIFILAN chan 11 bssid 00:18:f8:28:b9:f4 100dBm inet6 fe80::218:f8ff:fe28:b9f4%ral0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 Can someone please advise on troubleshooting methods? I have had similar issues with a ral device. If I recall correctly, $ sudo ifconfig down $ sudo ifconfig up Thanks for the response. I assume you mean $ sudo ifconfig ral0 down $ sudo ifconfig ral0 up Anyway, I'm pretty pissed because my research led me to conclude that the ral device was well supported. I paid top dollar for the thing. /juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
anyone else having trouble installing BerkeleyDB perl module?
I'm trying to install the BerkeleyDB Perl module via CPAN without sucess on OpenBSD 4.2. Can anyone corroborate? Crash: CPAN.pm: Going to build P/PM/PMQS/BerkeleyDB-0.33.tar.gz Parsing config.in... Looks Good. Checking if your kit is complete... Looks good Note (probably harmless): No library found for -ldb Writing Makefile for BerkeleyDB cp BerkeleyDB.pm blib/lib/BerkeleyDB.pm AutoSplitting blib/lib/BerkeleyDB.pm (blib/lib/auto/BerkeleyDB) cp BerkeleyDB/Hash.pm blib/lib/BerkeleyDB/Hash.pm cp BerkeleyDB.pod blib/lib/BerkeleyDB.pod cp BerkeleyDB/Btree.pm blib/lib/BerkeleyDB/Btree.pm /usr/bin/perl /usr/libdata/perl5/ExtUtils/xsubpp -noprototypes -typemap /usr/libdata/perl5/ExtUtils/typemap -typemap typemap BerkeleyDB.xs BerkeleyDB.xsc mv BerkeleyDB.xsc BerkeleyDB.c cc -c -I./libraries/4.5.20/include -fno-strict-aliasing -fno-delete-null-pointer-checks -pipe -I/usr/local/include -O2 -DVERSION=\0.33\ -DXS_VERSION=\0.33\ -DPIC -fPIC -I/usr/libdata/perl5/i386-openbsd/5.8.8/CORE BerkeleyDB.c BerkeleyDB.xs:74:2: #error db.h is from Berkeley DB 1.x - need at least Berkeley DB 2.6.4 BerkeleyDB.xs:211: error: syntax error before DB_ENV BerkeleyDB.xs:241: error: syntax error before DB_INFO BerkeleyDB.xs:278: error: syntax error before DB_INFO BerkeleyDB.xs:306: error: syntax error before numeric constant BerkeleyDB.xs:545: error: syntax error before db_recno_t BerkeleyDB.xs: In function `close_everything': BerkeleyDB.xs:684: error: structure has no member named `txn' BerkeleyDB.xs:708: error: structure has no member named `cursor' BerkeleyDB.xs:708: error: structure has no member named `cursor' BerkeleyDB.xs:731: error: too many arguments to function BerkeleyDB.xs:757: error: structure has no member named `Env' BerkeleyDB.xs:757: error: structure has no member named `Env' BerkeleyDB.xs: In function `destroyDB': BerkeleyDB.xs:779: error: too many arguments to function BerkeleyDB.xs: In function `GetArrayLength': BerkeleyDB.xs:841: error: `DBC' undeclared (first use in this function) BerkeleyDB.xs:841: error: (Each undeclared identifier is reported only once BerkeleyDB.xs:841: error: for each function it appears in.) BerkeleyDB.xs:841: error: `cursor' undeclared (first use in this function) BerkeleyDB.xs:848: error: structure has no member named `cursor' BerkeleyDB.xs:848: error: structure has no member named `txn' BerkeleyDB.xs:851: error: `DB_LAST' undeclared (first use in this function) BerkeleyDB.xs: In function `GetKey': BerkeleyDB.xs:1414: error: structure has no member named `x_Value' BerkeleyDB.xs:1415: error: structure has no member named `x_Value' BerkeleyDB.xs:1416: error: `db_recno_t' undeclared (first use in this function) BerkeleyDB.xs: At top level: BerkeleyDB.xs:1436: error: syntax error before DB_INFO BerkeleyDB.xs: In function `my_db_open': BerkeleyDB.xs:1441: error: `DB_ENV' undeclared (first use in this function) BerkeleyDB.xs:1441: error: `env' undeclared (first use in this function) BerkeleyDB.xs:1445: error: `txnid' undeclared (first use in this function) BerkeleyDB.xs:1452: error: `dbenv' undeclared (first use in this function) BerkeleyDB.xs:1455: error: `txn' undeclared (first use in this function) BerkeleyDB.xs:1467: error: `password' undeclared (first use in this function) BerkeleyDB.xs:1472: error: `db' undeclared (first use in this function) BerkeleyDB.xs:1651: error: `file' undeclared (first use in this function) BerkeleyDB.xs:1651: error: `type' undeclared (first use in this function) BerkeleyDB.xs:1651: error: `flags' undeclared (first use in this function) BerkeleyDB.xs:1651: error: `mode' undeclared (first use in this function) BerkeleyDB.xs:1651: error: `info' undeclared (first use in this function) BerkeleyDB.xs:1659: error: structure has no member named `txn' BerkeleyDB.xs:1666: error: structure has no member named `get_type' BerkeleyDB.xs:1671: error: `DB_QUEUE' undeclared (first use in this function) BerkeleyDB.c: In function `XS_BerkeleyDB_db_version': BerkeleyDB.c:1833: warning: assignment makes pointer from integer without a cast BerkeleyDB.xs: In function `XS_BerkeleyDB__db_remove': BerkeleyDB.xs:1741: error: `DB_ENV' undeclared (first use in this function) BerkeleyDB.xs:1741: error: `dbenv' undeclared (first use in this function) BerkeleyDB.xs:1759: error: structure has no member named `Env' BerkeleyDB.xs:1762: error: structure has no member named `remove' BerkeleyDB.c:1914: warning: pointer/integer type mismatch in conditional expression BerkeleyDB.c: In function `XS_BerkeleyDB__db_verify': BerkeleyDB.c:1975: warning: pointer/integer type mismatch in conditional expression BerkeleyDB.c: In function `XS_BerkeleyDB__db_rename': BerkeleyDB.c:2037: warning: pointer/integer type mismatch in conditional expression BerkeleyDB.xs: In function `XS_BerkeleyDB__Env__db_appinit': BerkeleyDB.xs:1971: error: `DB_ENV' undeclared (first use in this function) BerkeleyDB.xs:1971: error: `env' undeclared (first use in this function) BerkeleyDB.xs:2025: error: `DB_INIT_TXN'
wireless access point woes
Hi, I am using OpenBSD 4.2 as my WAP with a ral adapter. My wireless client is running Kubuntu. The server is running dnsmasq (DHCP/DNScaching) and everything works. However, after a while the connection breaks completely and the only thing that rectifies the situation is a reboot on the serverside. I thought this instability may be a simplex/duplex issue. Here is the ifconfig ouput for ral0: ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:18:f8:28:b9:f4 groups: wlan media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid WIFILAN chan 11 bssid 00:18:f8:28:b9:f4 100dBm inet6 fe80::218:f8ff:fe28:b9f4%ral0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 Can someone please advise on troubleshooting methods? /juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
building xenocara: configure: error: You must have freetype installed
Hi, I am having trouble building xenocara after updating my sources via cvsup. I have built non-X world and their release sets but when I come to building X world: export XSRCDIR=/usr/xenocara export XOBJDIR=/usr/xobj if [ -d $XOBJDIR ]; then rm -rf $XOBJDIR fi mkdir $XOBJDIR cd $XSRCDIR make bootstrap make obj make build After a few minutes it crashes: checking for freetype-config... no configure: error: You must have freetype installed; see http://www.freetype.org/ *** Error code 1 What should I do here? Thanks for any guidance, -- juan Connect with friends from any web browser - no download required. Try the new Yahoo! Canada Messenger for the Web BETA at http://ca.messenger.yahoo.com/webmessengerpromo.php
Re: The Book of PF exists, physical copies documented
--- Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Dear friends, I have just taken delivery of my box of /The Book of PF/[1] author's copies, and I'm finding I'm a bit at a loss for words when it comes to describing the feeling. The thing exists. And it feels great to finally see the thing for real. [...] [1] http://nostarch.com/pf.htm Applause. / juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
removing sendmail
Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? I see that some people remove the binary and turn it off in rc.conf. Am I making any sense? Should I do anything special to sendmail when I install postfix? And what of the postfix-enable command? Is this good enough? // juan Looking for a X-Mas gift? Everybody needs a Flickr Pro Account. http://www.flickr.com/gift/
Re: Ports Question
--- Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/11/27 13:55, Manpreet Nehra wrote: I have been compiling the ports and some of the ports fail flat. On checking the ftp.openbsd.org, I found the ports.tar.gz was created on Sep 1. Will there be a newer ports file ftp ls /pub/OpenBSD/snapshots/ports.tar.gz 227 Entering Passive Mode (129,128,5,191,169,249) 150 Have a Gorilla. -r--r--r--1 1114 1114 13733974 Nov 26 04:05 ports.tar.gz 226 There, everyone likes a Gorilla. ftp bye 221 Goodbye. Using a snapshot ports tree to use with RELEASE or STABLE is very unintuitive. Shouldn't we simply just replace the older ports tarball? since a lot ports dont compile some because of missing files to be downloaded, Others just give error that kernel interface has changed and the downloaded source is not compilable against the 4.2 kernel. http://www.openbsd.org/faq/faq15.html#NoFun I don't see how this faq applies to the OP. It refers to making sure your source and your ports tree are in sync. It doesn't mention using the snapshot ports tree. // juan Looking for a X-Mas gift? Everybody needs a Flickr Pro Account. http://www.flickr.com/gift/
Re: Ports Question
--- Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/11/27 08:08, Juan Miscaro wrote: --- Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/11/27 13:55, Manpreet Nehra wrote: I have been compiling the ports and some of the ports fail flat. On checking the ftp.openbsd.org, I found the ports.tar.gz was created on Sep 1. Will there be a newer ports file ftp ls /pub/OpenBSD/snapshots/ports.tar.gz 227 Entering Passive Mode (129,128,5,191,169,249) 150 Have a Gorilla. -r--r--r--1 1114 1114 13733974 Nov 26 04:05 ports.tar.gz 226 There, everyone likes a Gorilla. ftp bye 221 Goodbye. Using a snapshot ports tree to use with RELEASE or STABLE is very unintuitive. Shouldn't we simply just replace the older ports tarball? You don't use it with release or stable, you use it with a snapshot. Right, but is he using a snapshot? I don't think so. // juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca
Re: Ports Question
--- Ted Unangst [EMAIL PROTECTED] wrote: On 11/27/07, Manpreet Nehra [EMAIL PROTECTED] wrote: i am using the 4.2 release and that's why wondering if the ports tree is a little outdated, since alot of stuff has changed over from september 1 to Novemeber 1 when 4.2 actually released. Arent the release base and ports in sync? it's not possible to build thousands of packages and burn cdroms and then ship them so that they arrive before the release date if we start on the release date. I think he's talking about having the ports tree updated online. // juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Re: updating source code from updated tarballs
--- Nick Holland [EMAIL PROTECTED] wrote: Juan Miscaro wrote: --- Ingo Schwarze [EMAIL PROTECTED] wrote: ... The standard way to handle upgrades is to update the src on the master only, to build new release sets on the master, and to use the official upgrade process to install these new release sets on the clients. That way, none of the clients will ever need source code. I'm embarrassed to say that I was intending to build my client systems locally. Save yourself time and work, make a release. Well I've done that on the master and used the release to install the client but I didn't think of using release sets to upgrade the client, especially when it becomes a remote system. Not sure how to do that (upgrade via sets remotely). Just unpack the sets? The ports tree can be useful though. eh. I keep telling myself that, but I hardly ever use it 'cept on a couple machines. Those are usually NOT machines I'm installing packages to. (i.e., I use the ports tree on my management console machines, but on actual production machines, I never use it. I can look at the tree on my machine I'm sitting at, rather than the machine I'm sshed into, find what I need to know, then pkg_add -i whatever...) I don't get it. How did you go from installing from the ports tree to using pre-compiled packages (pkg_add)? The trouble is that when I performed a test update of this code there was a immense amount of downloading taking place. This should not have been the case. Unless you tell us what you mean by test update (cvs update? which server? which command, exactly?) even guessing is difficult. unanswered important question. I use cvsup to update my sources (to STABLE): *default release=cvs *default tag=OPENBSD_4_2 *default host=cvsup.no.openbsd.org *default base=/var/cvsup *default prefix=/usr *default delete use-rel-suffix *default compress OpenBSD-ports OpenBSD-src OpenBSD-xenocara [snip] Thanks for your comments. // juan Looking for a X-Mas gift? Everybody needs a Flickr Pro Account. http://www.flickr.com/gift/
updating source code from updated tarballs
I have a 4.2 master system which I intend to use to quickly install new systems. I have rebuilt the master system with updated sources; made the release sets; and made tarballs of /usr/src. I installed a client system with the sets over ftp. All is well. I want to eventually be able to update the client source code once in the field so I unpacked the master tarballs. The trouble is that when I performed a test update of this code there was a immense amount of downloading taking place. This should not have been the case. Given that I may have committed a mistake with the creation of the tarball is my method sound? It seems like a typical operation. Comments? // juan Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Re: updating source code from updated tarballs
--- Joachim Schipper [EMAIL PROTECTED] wrote: On Sun, Nov 25, 2007 at 10:31:30AM -0500, Juan Miscaro wrote: I have a 4.2 master system which I intend to use to quickly install new systems. I have rebuilt the master system with updated sources; made the release sets; and made tarballs of /usr/src. I installed a client system with the sets over ftp. All is well. I want to eventually be able to update the client source code once in the field so I unpacked the master tarballs. The trouble is that when I performed a test update of this code there was a immense amount of downloading taking place. This should not have been the case. Given that I may have committed a mistake with the creation of the tarball is my method sound? It seems like a typical operation. What's an 'update' in this context? And exactly what was doing the downloading? I use cvsup to update my sources (to STABLE): *default release=cvs *default tag=OPENBSD_4_2 *default host=cvsup.no.openbsd.org *default base=/var/cvsup *default prefix=/usr *default delete use-rel-suffix *default compress OpenBSD-ports OpenBSD-src OpenBSD-xenocara // juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
Re: updating source code from updated tarballs
--- Ingo Schwarze [EMAIL PROTECTED] wrote: Hi Juan, Juan Miscaro wrote on Sun, Nov 25, 2007 at 10:31:30AM -0500: I have a 4.2 master system which I intend to use to quickly install new systems. This does make sense. You do not tell us whether you are using 4.2-stable or 4.2-current. Both are good choices; in any case, make sure you know which one you are using, and stick to it. Also read: http://www.openbsd.org/faq/faq5.html#Flavors I have rebuilt the master system with updated sources; made the release sets; So far, this is standard practice for both -stable and -current. and made tarballs of /usr/src. What are you going to with a src tarball? I suspect you won't need that kind of beast at all. Besides, why are you using the plural tarball*s*? I made a tarball of /usr/src and of /usr/ports I installed a client system with the sets over ftp. All is well. I want to eventually be able to update the client source code once in the field so I unpacked the master tarballs. Here i'm losing track of what you are doing. I suppose you are referring to your src tarball(s)? I suspect you won't need source code on the client machines. The standard way to handle upgrades is to update the src on the master only, to build new release sets on the master, and to use the official upgrade process to install these new release sets on the clients. That way, none of the clients will ever need source code. I'm embarrassed to say that I was intending to build my client systems locally. The ports tree can be useful though. The trouble is that when I performed a test update of this code there was a immense amount of downloading taking place. This should not have been the case. Unless you tell us what you mean by test update (cvs update? which server? which command, exactly?) even guessing is difficult. In case you are talking about cd /usr/src; cvs up -dP this will take some time, even with a quick network link, using a public mirror in your own country and without many changes. For the above command, five minutes would seem normal even using a 100 Mbit/s internet connection. But why should there be such a change if I just finished updating those same sources on the master? But probably this whole discussion is moot. I fail to see the point in copying /usr/src to several machines. If you just want to be able to read the source from all machines, you might want to use NFS, possibly in read-only mode. If you really need to copy the source to many machines, you should probably set up your own internal cvs mirror - but what for? Actually, the master is inside my company network whereas the clients are remote systems (in the field). [snip] Thanks for the advice. // juan Looking for a X-Mas gift? Everybody needs a Flickr Pro Account. http://www.flickr.com/gift/
system not using second entry in $PKG_PATH
On two OpenBSD 4.2 systems I have a (master) system that contains two repositories - one of regular packages and one of packages derived from ports. On the client (slave) system I have a script with a PKG_PATH containing both repositories: PKG_PATH_LAN1=ftp://$MASTER/$VERSION/packages/ PKG_PATH_LAN2=ftp://$MASTER/$VERSION/packages/by_port/i386/all/ PKG_PATH=$PKG_PATH_LAN1:$PKG_PATH_LAN2 However the second one (PKG_PATH_LAN2) is never consulted. If I remove the first one then packages are found and installed with no problem. Why is this happening? // juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca
