Re: No dhcp renewal of IP

[Marcus MERIGHI]

Hello, 

this is not to answer the original question, but...

kgo...@gmail.com (Kenneth Gober), 2024.02.17 (Sat) 22:15 (CET):
> On Sat, Feb 17, 2024 at 10:47 AM Luis Mendes  wrote:
> > The interface ure0 is the gateway to the Internet, connected to the ISP.
> > Somehow, when this interface loses the IP, the lease is not renewed.
> 
> This is the rule I would use in my pf.conf to allow my router to send DHCP
> requests to my ISP:
> 
> pass out log quick on ure0 inet proto udp from (ure0) port bootpc to any
> port bootps

this is not necessary, because:

"dhcpd reads packets off the wire using BPF, which happens as
packets come off the network interface, but before the IP stack
where pf runs."
David Gwynne  17 Dec 2022 
https://marc.info/?l=openbsd-misc=167128237931458

Marcus

Re: CARP and VRRP compliance

[Marcus MERIGHI]

Hello Samuel, 

samueljaydan1...@gmail.com (Samuel Jayden), 2024.02.13 (Tue) 17:35 (CET):
> I am reaching out to seek guidance on creating redundancy between a Cisco
> Router and OpenBSD. After conducting extensive research on the subject, I
> find myself in need of clarification on a specific point.

This has some background info for you:

https://mwl.io/archives/1866

Marcus

Re: Thinkpad Gets Very Hot

[Marcus MERIGHI]

Hello, 

luffy20...@protonmail.com (luffy20201), 2023.11.07 (Tue) 23:08 (CET):
> Hi, I've been an OpenBSD user for a year now, but I've never been able
> to disable Acpitz. I have tried everything, and nothing has worked. I

details would be nice... why do you want to disable acpitz(4)?

> use a Thinkpad X220, and it gets really hot. I need some help with
> this, can you please guys lend a hand? Thank You

Have you tried obsdfreqd?

+++
$ pkg_info obsdfreqd
Information for inst:obsdfreqd-1.2.0

Comment:
userland daemon to manage CPU frequency

Description:
obsdfreqd is a CPU frequency scheduler daemon working in userland.

It has many parameters to tweak the frequency like min/max frequency,
polling frequency, inertia, step up/down size. obsdfreqd also support
limiting the frequency upon reaching a given temperature to avoid
a system spending time above the threshold. While it has many
parameters, the defaults are good enough for everyone.

Maintainer: Florian Viehweger 

WWW: https://git.sr.ht/~solene/obsdfreqd
+++

I run it with the "-T 60" parameter, to make sure my notebook fans are
inaudible.

Marcus

Re: Connecting a wireless keyboard via Bluetooth

[Marcus MERIGHI]

Hello Karel, 

cahlu...@planet.nl (Karel Lucas), 2023.10.25 (Wed) 15:24 (CEST):
> I have a computer with openBSD V7.4 without X11, to which I want to connect
> a wireless keyboard via Bluetooth. The keyboard is connected via a separate
> USB Bluetooth receiver. What software do I need for this, and how do I
> configure it? I hope someone responds to this.
 
to quote a real source...

"Bluetooth support was incomplete and not useful in that state,
it has been removed several years ago.
You can use Bluetooth headphones via Creative BT-W1 / BT-W2 /
BT-W3, there are also similar devices from other vendors which
may work (they're often used with nintendo switch) - these
attach as a USB audio device and handle the Bluetooth connection
internally."
Stuart Henderson 2022-11-05 misc@openbsd.org

I suppose you need something equivalent to the above solution for audio,
but for keyboards. 

Keyboard <-> Bluetooth <-> Dongle <-> USB-HID <-> OpenBSD

BTW, keyboards with a proprietary (non-bluetooth) dongle for the radio
interface have always worked for me with OpenBSD.

Marcus

Re: Question about rdomains/rtables

[Marcus MERIGHI]

Hello f., 

t...@seiruote.it (tetrosalame), 2023.10.23 (Mon) 18:08 (CEST):
> I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about
> the relation between rdomains and rtables.

you do not mention reading rtable(4)/rdomain(4), online here:

https://man.openbsd.org/rtable

It has a section on "Routing tables" and one on "Routing domains" and
the confirmation of your finding that "No tool is available to assign
more than one rtable to an rdomain other than to the default one (0)."

Marcus

> If I got rdomain(4) right, the two facilities are designed so that a rdomain
> can hold 0-255 rtables. Even rdomain 0 -no rdomain configured- can hold
> several rtables. IP addresses can overlap if configured in different
> rdomains.
> 
> In my mind the design is somehow "hierarchical"
> 
> rdomain 0
> |--> rtable 0
> |--> rtable 1
> |...
> |--> rtable 255
> 
> rdomain 1
> |--> rtable 0
> |--> rtable 1
> |...
> |--> rtable 255
> 
> but in practice, since there's no utility to add more rtables beyond the
> default one per rdomain, in the current implementation OS tools (pf, route,
> ifconfig, daemons etc...) take advantage of these facilities in a "flat"
> way:
> 
> rdomain 0
> |--> rtable 0
> 
> rdomain 1
> |--> rtable 0
> 
> and so on, where rtables are numbered after their containing rdomain.
> Documentation refers to rdomains when it's appropriate to think about a
> logical segment of the routing space, while it refers to rtables when the
> concept is "do something with routing table number XXX".
> 
> So while in theory one should think about rdomains first and then about the
> rtables that belong to each of them, in current usage they're the same
> thing: $tool -T $number and don't bother.
> 
> But...I read the slides presented by Peter Hessler (thank you) at EuroBSD
> 2012 and everything was clear...well, until I came to slide 16 and pf
> ruleset "pass in on rdomain 2 rtable 4" (1). I'm puzzled: how can I "create"
> rtable 4 inside rdomain 2?
> 
> Thanks and I apologize for my lack of brevity.
> 
> f.
> 
> 1:
> https://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/mgp00016.html

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Marcus MERIGHI]

Hello, 

com...@geekandfree.org (Comète), 2023.10.07 (Sat) 17:02 (CEST):
> unfortunately, yes the slider is well opened and I can confirm that
> when it is closed no LED will be visible.
 

on my thinkpad X1 Carbon 5th Gen., /dev/video0 is the infrared camera,
/dev/video1 is the one I want. 

video -s 1920x1080 -f /dev/video1
^
gives me the best it can do, while 

video -s 1920x1080 -f /dev/video0
^
gives me a small, greenish, pixelated image. 

Marcus

> 7 octobre 2023 15:06 "Peter Hessler"  a écrit:
> 
> > A lot of the Thinkpad laptops have a physical switch that will
> > cover/uncover the camera. Can you switch it to the other and try again?
> > 
> > -peter
> > 
> > On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote:
> > :Hi,
> > :
> > :$ video -f /dev/video0
> > :video: ioctl VIDIOC_DQBUF: Invalid argument
> > :
> > :the LED lights up near the camera and a black window is displayed...
> > :
> > :
> > :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam
> > :
> > :
> > :then to answer Crystal:
> > :
> > :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 
> > :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers 
> > :built with OpenBSD clang version 13.0.0 
> > :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
> > --disable-stripping
> > :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig 
> > --enable-frei0r --ena
> > :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d 
> > --enable-libfreetype
> > :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus 
> > --ena
> > :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
> > --enable-libvpx
> > :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid 
> > --enable-libzimg --en
> > :able-nonfree --enable-openssl --enable-libvidstab 
> > --extra-cflags='-I/usr/local/include
> > :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' 
> > --extra-ldsofla
> > :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe 
> > -g -Wno-redundant-decls' 
> > :libavutil 56. 70.100 / 56. 70.100 
> > :libavcodec 58.134.100 / 58.134.100 
> > :libavformat 58. 76.100 / 58. 76.100 
> > :libavdevice 58. 13.100 / 58. 13.100 
> > :libavfilter 7.110.100 / 7.110.100 
> > :libswscale 5. 9.100 / 5. 9.100 
> > :libswresample 3. 9.100 / 3. 9.100 
> > :libpostproc 55. 9.100 / 55. 9.100 
> > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
> > :Input #0, video4linux2,v4l2, from '/dev/video0': 
> > :Duration: N/A, bitrate: 124416 kb/s 
> > :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 
> > kb/s, 15 fps, 15 tbr,
> > :1000k tbn, 1000k tbc 
> > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
> > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
> > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
> > :
> > :
> > :and yes, to answer Jan:
> > :
> > :$ sysctl kern.video
> > :kern.video.record=1
> > :
> > :
> > :
> > :Thanks a lot for your help.
> > :
> > :Morgan
> > :
> > :
> > :7 octobre 2023 14:36 "Thomas Frohwein"  a écrit:
> > :
> > :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
> > :> 
> > :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
> > :>> The webcam seems well detected but no image is displayed...
> > :>> 
> > :>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
> > :>> 
> > :>> # dmesg | grep "uvideo"
> > :>> ^
> > :>> 
> > :>> Please post a full dmesg next time.
> > :>> 
> > :>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony 
> > Electronics Co.,Ltd. Integrated
> > :>> Camera" rev 2.01/54.20 addr 3
> > :>> video0 at uvideo0
> > :>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony 
> > Electronics Co.,Ltd. Integrated
> > :>> Camera" rev 2.01/54.20 addr 3
> > :>> video1 at uvideo1
> > :>> 
> > :>> However, this camera should almost certainly just work anyway.
> > :>> 
> > :>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0
> > :>> ^^^
> > :>> 
> > :>> Why?
> > :> 
> > :> Looks like Comte followed the console instructions at [1] to the letter.
> > :> It seems to me that jumping right to ffplay recording isn't the best
> > :> way for you to check the camera is working. Simplest way to test seems
> > :> to me:
> > :> 
> > :> $ video -f /dev/video0
> > :> 
> > :> And then you should see a window with the video stream...
> > :> 
> > :> [1] https://www.openbsd.org/faq/faq13.html#webcam
> > :
> > 
> > -- 
> > Do you realize how many holes there could be if people would just take
> > the time to take the dirt out of them?
> 

Re: Installboot question

[Marcus MERIGHI]

Hello, 

steve.shock...@shockley.net (Steven Shockley), 2023.07.25 (Tue) 16:34 (CEST):
> I have a machine with two ATA drives in a softraid mirror.  For the Zen
> patch, do I run installboot on just sd2 (the softraid volume) or also sd0
> and sd1 (the physical disks)?  Thanks.

# installboot -v sd2

installboot figures that out by itself.

Marcus

Re: error when pkg_add'ing

[Marcus MERIGHI]

Hello Pau, 

lamarededeusen...@googlemail.com (Pau A.S.), 2023.06.24 (Sat) 12:16 (CEST):

[...]

> In any case, I noticed that when running pkg_add I was finding some strange
> error messages such as:
> 
> 
> # pkg_add -u firefox
> quirks-6.133 signed on 2023-06-23T22:56:27Z
> No pkgname in packing-list for totem-pl-parser-3.26.6p1
> No pkgname in packing-list for gom-0.4p1
> No pkgname in packing-list for libdmapsharing4-3.9.12p0
> No pkgname in packing-list for libadwaita-1.3.2p0v0
> No pkgname in packing-list for gnome-online-accounts-3.48.0p0
> No pkgname in packing-list for libmediaart-1.9.6p0
> No pkgname in packing-list for uchardet-0.0.8
> No pkgname in packing-list for grilo-0.3.16
> No pkgname in packing-list for liboauth-1.0.3
> quirks-6.133->6.133: ok
> Can't install python-3.10.12 because of libraries
> |library util.17.0 not found
> | /usr/lib/libutil.so.16.0 (system): bad major

For reference, I have, on a machine upgraded to current -current 12
hours ago:

$ ls -la /usr/lib/libutil.so.*
-r--r--r--  1 root  bin  222672 Jun 16 16:11 /usr/lib/libutil.so.16.0
-r--r--r--  1 root  bin  240048 Jun 23 16:51 /usr/lib/libutil.so.17.0

If I were you I'd do a sysupgrade(8) and retry "pkg_add(1) -u"
afterwards. I'd run pkg_check(8) too, just to be sure.

Marcus

Re: OpenBSD support for xattr on file systems other than UFS ?

[Marcus MERIGHI]

Hello, 

gene...@nativemethods.com (J Doe), 2023.05.12 (Fri) 04:47 (CEST):
> I was configuring Samba on my OpenBSD 7.2 server and wanted to support
> iOS/iPad OS and macOS clients.
> 
> The documentation for Samba states that the following vfs options are
> required to support these clients:
> 
> /etc/samba/smb.conf
> . . .
> vfs = catia fruit streams_xattr

I run a Samba server that does not have these options set - but
successfully serves iOS/macOS clients.

Apart from that, smb.conf(5) does not have the parameter "vfs", only
"vfs object"/"vfs objects" (which are aliases).

Marcus

Re: passing environment variables to daemons in rc.d scripts

[Marcus MERIGHI]

Hello!

jor...@geoghegan.ca (Jordan Geoghegan), 2023.04.20 (Thu) 23:08 (CEST):
> Hello,
> 
> tl;dr: Is there any way to pass an environment variable to a daemon started
> with rc.d?

There's a way via login.conf(.d), here's an example I use:

sogod:\
:openfiles-cur=1024:\
:openfiles-max=2048:\
:setenv=GNUSTEP_STRING_ENCODING=NSUTF8StringEncoding:\
:tc=daemon:

Marcus

> A bit of context for those interested:
> 
> I'm trying to run Apache Airflow from an rc.d script so I can make use of
> rcctl and other niceties. My rc.d script is included below.
> 
> The problem I'm facing is that it seems that Airflow looks for various
> environment variables such as $HOME, $AIRFLOW_HOME, $AIRFLOW_CONFIG etc and
> I'm seeing no obvious way to pass those requisite environment variables to
> Airflow from my rc.d script. Without these variables set, Airflow annoyingly
> just looks in /dev/null for everything and fails to function.
> 
> I'm probably missing something obvious, but hoping the fine folks here can
> point me in the right direction.
> 
> Regards,
> 
> Jordan
> 
> 
> # Airflow scheduler rc.d script:
> 
> #!/bin/ksh
> #
> 
> daemon="/usr/local/bin/airflow scheduler -D"
> daemon_flags="-l - --stderr - --stdout -"
> daemon_user="_airflowd"
> daemon_logger="daemon.info"
> daemon_timeout="60"
> 
> . /etc/rc.d/rc.subr
> 
> pexp=".*python.* ${daemon} ${daemon_flags}"
> rc_reload=NO
> 
> rc_pre() {
>     rm -f /var/airflow/airflow/airflow-scheduler.pid
> }
> 
> rc_cmd $1
> 
> 
> # Airflow webserver r rc.d script:
> 
> #!/bin/ksh
> #
> 
> daemon="/usr/local/bin/airflow webserver -D -E -"
> daemon_flags="-p 8080 -l - --stderr - --stdout -"
> daemon_user="_airflowd"
> daemon_logger="daemon.info"
> 
> . /etc/rc.d/rc.subr
> 
> pexp=".*python.* ${daemon} ${daemon_flags}"
> rc_reload=NO
> 
> rc_pre() {
>     rm -f /var/airflow/airflow/airflow-webserver.pid \
>     /var/airflow/airflow/airflow-webserver-monitor.pid
> }
> 
> rc_cmd $1
> 

Re: Using gzip-static with httpd location

[Marcus MERIGHI]

j...@carnat.net (Joel Carnat), 2023.03.10 (Fri) 17:41 (CET):
> Le 10/03/2023 à 16:41, Marcus MERIGHI a écrit :
> > j...@carnat.net (Joel Carnat), 2023.03.10 (Fri) 02:31 (CET):
> > > I just tried applying gzip compression on a simple test web site using 
> > > httpd
> > > and the gzip-static option ; using OpenBSD 7.2/amd64.
> > > 
> > > As I understood the man page, gzip-static is supposed to be used inside 
> > > the
> > > server block ; like listen, errdocs or tls. But doing so does not seem to
> > > enable gzip compression for files defined in a location block.
> > 
> > You have to provide the .gz file manually.
> 
> Well, the .gz file does exist.
> And I can switch from working state to non-working state by just moving the
> gzip-static option from inside the location section to outside of it (still
> inside the server section).

Sorry for the noise then, I completely missed that in your OP.

Marcus

Re: openbsd get really hot/warm

[Marcus MERIGHI]

Hello, 

l...@netc.fr (l...@netc.fr), 2023.03.09 (Thu) 19:20 (CET):
> unfortuately obsdfreqd didnt solved the problem...
> with just less half of hour uptime, plus running firefox without going
> on the internet, it's going up to 55°C

did you use any options to obsdfreqd(1)? Like in

obsdfreqd -T 50 ?

Apart from that... I have obsdfreqd(1) running with -T 60. I very rarely
hear the fans of my Lenovo X1 Carbon 5th (2017). Your fans run at full
throttle even with only 55°C? Are the fans clean or dusty?

Marcus

Re: Using gzip-static with httpd location

[Marcus MERIGHI]

Hello, 

j...@carnat.net (Joel Carnat), 2023.03.10 (Fri) 02:31 (CET):
> I just tried applying gzip compression on a simple test web site using httpd
> and the gzip-static option ; using OpenBSD 7.2/amd64.
> 
> As I understood the man page, gzip-static is supposed to be used inside the
> server block ; like listen, errdocs or tls. But doing so does not seem to
> enable gzip compression for files defined in a location block.

You have to provide the .gz file manually. 
httpd(8) does not create the gzip file content on the fly. 

This thread:

https://marc.info/?t=16360323104

from when the feature was added, starts with the OP saying:

In other words, if a client support gzip compression, when
"file" is requested, httpd will check if "file.gz" is avaiable
to serve.

Also, from httpd.conf(5):

Enable static gzip compression to save bandwidth. 
If gzip encoding is accepted and if the requested file exists
with an additional .gz suffix, use the compressed file instead
and deliver it with content encoding gzip.

Marcus

Re: Question about pf.conf queues

[Marcus MERIGHI]

Hello, 

gene...@nativemethods.com (J Doe), 2023.01.14 (Sat) 23:24 (CET):
> On 2023-01-14 11:37, Marcus MERIGHI wrote:
> 
> > Hello,
> > 
> > not an answer but a little input below...
> > 
> > gene...@nativemethods.com (J Doe), 2023.01.14 (Sat) 00:09 (CET):
> > > I have a question regarding queuing and priorities in pf.conf on
> > > OpenBSD 7.2.
> > > 
> > > I have a basic gateway configuration - a PC with two NIC's (em0, em1). One
> > > interface is connected to the LAN and one interface is connected to the
> > > Internet with a public IP and with a bandwidth of approximately 60 Mbps 
> > > down
> > > and 10 Mbps up.  I perform NAT on the gateway.
> > > 
> > > In terms of queuing, I'd like to make use of the following:
> > > 
> > > ** Queue using HFSC for all outbound traffic
> > > 
> > > ** Flow manager for the queue for fair queue utilization
> > > 
> > > ** For TCP traffic I would like to use two priorities - one for TCP data
> > > packets and one for TCP ACKs (as mentioned in Peter Hansteen's "Book of pf
> > > 3rd edition" in chapter 7)
> > > 
> > > Current configuration pf.conf:
> > > 
> > > ext_if = "em0"
> > > int_if = "em1"
> > > 
> > > set skip on lo0
> > > 
> > > queue rootq on $ext_if bandwidth 55M max 55M
> > >  queue dataq parent rootq bandwidth 55M max 55M flows 1024 \
> > >  qlimit 1024 default
> > > 
> > > match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0)
> > > 
> > > block all
> > > 
> > > match in  on $int_if inet tag LAN
> > > match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET
> > > 
> > > pass in  quick on $int_if tagged LAN

pass in  quick on $int_if tagged LAN queue dataq 
 ^^^
This way the packets get assigned to the queue when entering the
machine's network handling code. And are treated accordingly when
leaving on the outbound interface. 

(Avoid "quick", unless you want headaches as the ruleset grows.)

> > > pass out quick on $ext_if tagged INTERNET
> > 
> > In this message
> > 
> >  https://marc.info/?l=openbsd-misc=164521874319122
> > 
> > sthen@ said
> > 
> >  The queue is attached to a firewall state and all packets
> >  matching that state will pick it up. So if you have a named
> >  queue present on em0 but not em1, and match with "pass out on
> >  em1 set queue foo", packets transmitted on em1 will not be
> >  queued, but packets matching that state (return packets via em0)
> >  _will_ be queued.
> > 
> > Marcus
> 
> Hi Marcus,
> 
> Thank you for your reply and thank you for the link to MARC.
> 
> Based on what the referenced message states, am I not okay ?  I have a
> single queue and it is bound to a single NIC $ext_if.  The pass rule that
> allows the traffic to leave $ext_if should create the state for queuing of
> outbound packets, should it not ?
> 
> Or, are you saying that the queue assignment belongs on the pass rule and
> not the match statement ?
 
The queue assignment should happen as soon as the pf rules create the
state, i.e. on the inbound interface, see the example above.

Marcus

> So instead of:
> 
> match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET
> . . .
> pass out quick on $ext_if tagged INTERNET
> 
> ... I could use:
> 
> match out on $ext_if inet tag INTERNET
> . . .
> pass out quick on $ext_if set queue dataq set prio (5, 6) \
> tagged INTERNET
> - J

Re: Question about pf.conf queues

[Marcus MERIGHI]

Hello,

not an answer but a little input below...

gene...@nativemethods.com (J Doe), 2023.01.14 (Sat) 00:09 (CET):
> I have a question regarding queuing and priorities in pf.conf on
> OpenBSD 7.2.
> 
> I have a basic gateway configuration - a PC with two NIC's (em0, em1). One
> interface is connected to the LAN and one interface is connected to the
> Internet with a public IP and with a bandwidth of approximately 60 Mbps down
> and 10 Mbps up.  I perform NAT on the gateway.
> 
> In terms of queuing, I'd like to make use of the following:
> 
> ** Queue using HFSC for all outbound traffic
> 
> ** Flow manager for the queue for fair queue utilization
> 
> ** For TCP traffic I would like to use two priorities - one for TCP data
> packets and one for TCP ACKs (as mentioned in Peter Hansteen's "Book of pf
> 3rd edition" in chapter 7)
> 
> Current configuration pf.conf:
> 
> ext_if = "em0"
> int_if = "em1"
> 
> set skip on lo0
> 
> queue rootq on $ext_if bandwidth 55M max 55M
> queue dataq parent rootq bandwidth 55M max 55M flows 1024 \
> qlimit 1024 default
> 
> match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0)
> 
> block all
> 
> match in  on $int_if inet tag LAN
> match out on $ext_if inet queue dataq set prio (5, 6) tag INTERNET
> 
> pass in  quick on $int_if tagged LAN
> pass out quick on $ext_if tagged INTERNET

In this message

https://marc.info/?l=openbsd-misc=164521874319122

sthen@ said

The queue is attached to a firewall state and all packets
matching that state will pick it up. So if you have a named
queue present on em0 but not em1, and match with "pass out on
em1 set queue foo", packets transmitted on em1 will not be
queued, but packets matching that state (return packets via em0)
_will_ be queued.

Marcus

> My question are:
> 
> 1. For better utilization of TCP traffic I have two priorities assigned to
> the queue.  Do I require more than one sub queue for this to work ? I don't
> intend to subdivide my traffic up (i.e. a SSH queue, and HTTP/S queue,
> etc.), I just want all my TCP traffic to benefit from better utilization
> with the two priorities.
> 
> 2. If this configuration is currently correct, are they any other changes I
> should make for better queuing (ie: better bandwidth utilization) ?
> 
> 3. Given the importance of time keeping, would it be a good idea to have
> another queue for NTP traffic and use the highest priority of 7 for it ?
> 
> Thanks,
> 
> - J

Re: DHCP server ignoring PF rules?

[Marcus MERIGHI]

hello, 

barbarosb...@gmail.com (Barbaros Bilek), 2022.12.17 (Sat) 15:07 (CET):
> On Sat, Dec 17, 2022 at 4:40 PM Cristian Danila  wrote:
> > Thanks for the provided info, now it makes sense about what is happening.
> > Any idea about a possible way to control these packets?
> > Still investigating but I had still not found yet a way to do it.
> > Thank you.
>
> Hello Cristian,
> If you put your physical interface into veb(4) and set link1 flag you can
> filter dhcp packets.
> For more please read man veb
> Have a nice weekend.
> Barbaros

tcpdump(8)'s -B switch might work, too.

But beware. dlg@ already answered but he did not mention this, although
he committed it and said:

support configuring BIOCSFILDROP with tcpdump.

this allows tcpdump to be used a quick and dirty firewall. it
also looks like an amazing foot-gun, so be careful.

for example `tcpdump -B drop -i ix1 udp and port 7` lets you
completely drop discard packets in the hardware interrupt
handler.
[ I minimally edited the line flow. ]

https://cvsweb.openbsd.org/src/usr.sbin/tcpdump/tcpdump.c?rev=1.89=text/x-cvsweb-markup

I've not used this option, just saying...

Marcus

> > On Sat, Dec 17, 2022 at 3:11 PM David Gwynne  wrote:
> > >
> > > dhcpd reads packets off the wire using BPF, which happens as packets
> > come off the network interface, but before the IP stack where pf runs.
> > >
> > > > On 17 Dec 2022, at 22:40, Cristian Danila  wrote:
> > > >
> > > > Good day!
> > > > I finished setup an DHCP server and for some reason it seems DHCP
> > > > server is ignoring PF filter.
> > > > In short, in PF I have active only one rule:
> > > > block drop quick all
> > > >
> > > > Double checked PF and it is enabled
> > > > So using a windows machine to test DHCP server:
> > > > 1) ifconfig /release
> > > > 2) ifconfig /renew
> > > >
> > > > somehow dhcpd still serves the windows(only when is enabled) and
> > > > ignores PF rule.
> > > > Could you please help me in telling if dhcpd has some intended logic
> > > > to ignore PF or what might
> > > > cause this unexpected behavior?
> > > >
> > > > Kind Regards!
> > > >
> > >
> >
> >

Re: CyberPower cp1500PPFCLCD

[Marcus MERIGHI]

Good morning, 

p...@thinkage.ca (Peter Fraser), 2022.11.13 (Sun) 19:56 (CET):
> My old UPS dies, it was very old I had been changing batteries on it
> for years. It was so old that it used a serial  port for
> communications.
> 
> I replace it with a new CyberPower cp1500PPFCLCD.
> 
> I connected the USB cable and OpenBSD found
> 
[...]
>
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator0: Off, UNKNOWN
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator1: Off, UNKNOWN
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator2: On, UNKNOWN
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator3: Off, UNKNOWN
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent0: 100.00%, UNKNOWN
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent0: marked invalid
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent1: 100.00%, UNKNOWN
> Nov 13 13:21:58 fw sensorsd[42763]: upd0.timedelta0: 11425.00 secs, 
> UNKNOWN
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator0: Off, UNKNOWN
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator1: Off, UNKNOWN
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator2: On, UNKNOWN
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator3: Off, UNKNOWN
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent0: 100.00%, UNKNOWN
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent0: marked invalid
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent1: 100.00%, UNKNOWN
> Nov 13 13:23:38 fw sensorsd[20386]: upd0.timedelta0: 11425.00 secs, 
> UNKNOWN
> 
> My sensorsd.conf contains
> 
> hw.sensors.upd0.percent0:low=99.00%:command=/etc/ups-shutdown %2
> 
> The 99.00% was to allow me to test it easily
> 
> As far as I could tell there is no way to ask sensorsd to only run a
> program when the UPS is not charging and the % left is less than a
> value.
> 
> At this point one of two things happened. Either then upd0 values
> disappear from sysctl or the system dies with no messages, and I have
> to do a hard reset.
> 
> Does anyone have any ideas of what is going on and how to fix it.

I have one of these CyberPower USV, it works for years already.
Unfortunately it's connected to a windows server where it shows up 
as a laptop battery.

What I do with sensorsd(8) on OpenBSD for the upd(4) USVs:

$ cat /etc/sensorsd.conf 
hw.sensors.upd0.percent0:low=80:high=100:command=/etc/sensorsd.upd.sh \
%l %n %s %x %t %2 %3 %4

$ cat /etc/sensorsd.upd.sh 
#!/bin/sh -e
[[ X"${1}" == X"below" && $(sysctl -n hw.sensors.upd0.indicator5) != \
"On (ACPresent), OK" ]] && shutdown -hp +1

There were long threads on sensorsd(8) in the past.

Marcus

Re: Xiaomi Mi Air, Synaptic trackpad and OpenBSD 7.2.

[Marcus MERIGHI]

Hello, 

cont...@anarchosaxophonist.org (Brian Durant), 2022.11.12 (Sat) 10:49 (CET):
> I am trying to get the Synaptic trackpad (12C?) on a Xiaomi Mi Air laptop
> working. I have found several references in the OpenBSD man pages, so I
> believe something has been worked on, but at what stage the development is
> currently at, I am  a bit unsure. Usually, if something is included in
> OpenBSD, it often just works, but sometimes configuration is needed. As I
> have seen no references to this in the mailing list archive, I thought that
> I would ask here - do I just need to configure something, or is development
> still working on this?
 
this sounds like you have OpenBSD running on that hardware with only the
trackpad not working.

What machine is this? I cannot find it at a local retailer and looking
for "Xiaomi Mi Air" on am?zon makes me wonder if this thing really runs
OpenBSD :-)

https://www.amazon.com/Xiaomi-Purifier-Efficiency-Eliminate-Coverage/dp/B094NST3N8

dmesg please!

Marcus

Re: Howto convert Sierra Wireless EM7455 from umsm to umb

[Marcus MERIGHI]

Hello Barbaros, 

barbarosb...@gmail.com (Barbaros Bilek), 2022.11.06 (Sun) 13:49 (CET):
> Thanks for your reply.
> I've tried disabling umsm but it didn't work.
> Now OpenBSD recognize it as ugen0
> ugen0 at uhub0 port 7 "Sierra Wireless, Incorporated Sierra Wireless EM7455
> Qualcomm\M-. Snapdragon? X7 LTE-A" rev 3.00/0.06 addr 2

sorry about that, but worth a try.

> Also, I think the link you posted above is wrong.

I have no idea how that happend. The subject was

List SIMCom SIM8262E-M2 as supported for umb(4)
(Kevin Lo )

https://marc.info/?l=openbsd-tech=166523975919835

If I got it right this time. It's a non-standard AT command to be sent
via one of the serial ports of the card. 

Marcus

> It talks about something different ("patch for embedded controller
> detection") and I couldn't relate with this issue.
> Regards.
> 
> P.S. dmesg attached, also i can supply more. Thanks for reading.
> 
> 
> On Sun, Nov 6, 2022 at 1:45 PM Marcus MERIGHI  wrote:
> 
> > barbarosb...@gmail.com (Barbaros Bilek), 2022.11.05 (Sat) 23:22 (CET):
> > > I have Sierra Wireless EM7455 on my OpenBSD 7.2 router device.
> > > OpenBSD detects this card like this:
> > [...]
> > > Is it possible to convert this card into MBIM mode to get an umb device?
> > > Thanks.
> >
> > The man page of umb(4) lists this device, so it should work.
> > You could try disabling umsm(4) with config(8) and see if this
> > makes it attach as umb(4)
> > Maybe you need a magical command like the one mentioned here:
> >
> > https://marc.info/?l=openbsd-tech=166523592618229
> >
> > Marcus
> >

> OpenBSD 7.2 (GENERIC.MP) #0: Wed Oct 26 12:01:47 MDT 2022
> 
> r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4244283392 (4047MB)
> avail mem = 4098240512 (3908MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7f31 (47 entries)
> bios0: vendor American Megatrends Inc. version "R1.00" date 01/31/2019
> bios0: Caswell CAN-0261
> acpi0 at bios0: ACPI 6.1
> acpi0: sleep states S0 S4 S5
> acpi0: tables DSDT FACP FPDT FIDT TCPA MCFG WDAT APIC BDAT HPET UEFI SSDT 
> DMAR SPCR HEST BERT ERST EINJ WSMT
> acpi0: wakeup devices PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) 
> PEX6(S4) PEX7(S4) XHC1(S4) LAN0(S4) LAN1(S4) LAN2(S4) LAN3(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe000, bus 0-255
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 12 (boot processor)
> cpu0: Intel(R) Atom(TM) CPU C3338 @ 1.50GHz, 1500.01 MHz, 06-5f-01
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
> cpu0: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu0: smt 0, core 6, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 25MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.2, IBE
> cpu1 at mainbus0: apid 24 (application processor)
> cpu1: Intel(R) Atom(TM) CPU C3338 @ 1.50GHz, 1500.02 MHz, 06-5f-01
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
> cpu1: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu1: smt 0, core 12, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
> acpihpet0 at acpi0: 2399 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (PEX0)
> acpiprt2 at acpi0: bus 2 (PEX1)
> acpiprt3 at acpi0: bus 3 (PEX2)
> acpiprt4 at acpi0: bus 4 (PEX3)
> acpiprt5 at acpi0: bus -1 (PEX4)
> acpiprt6 at acpi0: bus 5 (PEX5)
> acpiprt7 at acpi0: bus -1 (PEX6)
> acpiprt8 at acpi0: bus -1 (PEX7)
> acpiprt9 at acpi0: bus -1 (VRP2)
> acpiprt10 at acpi0: bus 6 (VRP0)
> acpiprt11 at acpi0: bus 7 (VRP1)
> acpipci0 at acpi0 PCI0: 0x0010 0x

Re: Howto convert Sierra Wireless EM7455 from umsm to umb

[Marcus MERIGHI]

barbarosb...@gmail.com (Barbaros Bilek), 2022.11.05 (Sat) 23:22 (CET):
> I have Sierra Wireless EM7455 on my OpenBSD 7.2 router device.
> OpenBSD detects this card like this:
[...]
> Is it possible to convert this card into MBIM mode to get an umb device?
> Thanks.

The man page of umb(4) lists this device, so it should work.
You could try disabling umsm(4) with config(8) and see if this 
makes it attach as umb(4)
Maybe you need a magical command like the one mentioned here:

https://marc.info/?l=openbsd-tech=166523592618229

Marcus

Re: Re-enable trackpad after resuming from hibernate

[Marcus MERIGHI]

srira...@berkeley.edu (Sriranga Veeraraghavan), 2022.10.24 (Mon) 10:18 (CEST):
> I just installed OpenBSD 7.2 on my Surface Go 3, and everything seems
> to work as well as it did with OpenBSD 7.1 on my Surface Go 2, except
> for one thing - the trackpad is not enabled after resuming from
> hibernate (the keyboard and the touch screen are enabled).  I can 
> re-enable the trackpad manually with:
>
> xinput --enable /dev/wsmouse2
> 
> I have tried putting this in /etc/apm/resume, but it doesn’t seem to
> work.

When running X.Org things from hotplugd or apmd, remember these run as
root and aren't allowed to run commands in your X environment.

/usr/bin/su -l -s /bin/sh  \
-c "xinput --enable /dev/wsmouse2"

That might do the job. Possibly you have to use xhost(1) too, 
I do not remember atm. 

Marcus
 
> Has anyone experienced something similar?  If so, are there any
> recommendations on how to automatically re-enabled a trackpad after
> resuming from hibernate?

Re: relayd blocking by IP

[Marcus MERIGHI]

fosf...@gmail.com (Fabio Martins), 2022.05.06 (Fri) 00:43 (CEST):
> On Thursday, May 5, 2022, Stuart Henderson 
> wrote:
> > not quite, PF is looking up the IP in the table to decide which port
> > number to use
> > then the different port number is handled in relayd to pick between
> > two contexts:
> > one does not inspect Host (for those requests coming from
> > addresses on "geoallow")
> > the other (for all other requests) does inspect Host
> >
> > Understood. Also possible this way.

Just got around to implement it, this is for the archives:
(Thanks again for the hint, sthen@)

pf.conf(5):

table  persist file "/etc/pf/geoallow"
pass in on egress proto tcp from any port > 1023 \
to (self) port { http https }
pass in on egress proto tcp from  port > 1023 \
to (self) port http rdr-to 127.0.0.1 port 8880
pass in on egress proto tcp from  port > 1023 \
to (self) port https rdr-to 127.0.0.1 port 8443

relayd.conf(5):

relay httpredir {   # without geoblocking
listen on 0.0.0.0 port http
listen on 0.0.0.0 port https tls

protocol httpproto

forward to  port 19000
forward to  port 17000
}
http protocol httpproto {
return error
block
match request header "Host" value "somesite.somewhere" \
forward to  tag httpd
match request path "/.well-known/acme-challenge/*" \
forward to  tag acme
pass request tagged httpd method HEAD
pass request tagged httpd method GET
pass request tagged httpd method POST
pass request tagged acme method GET

}
relay httpredirgeo {# with geoblocking
listen on 0.0.0.0 port 8880
listen on 0.0.0.0 port 8443 tls

protocol httpprotogeo

forward to  port 19000
forward to  port 8083
forward to  port 80
forward to  port 2
forward to  port 18000
forward to  port 17000
}

http protocol httpprotogeo {
return error
block
match request header "Host" value "somesite.somewhere" \
forward to  tag httpd
match request path "/.well-known/acme-challenge/*" \
forward to  tag acme
match request header "Host" value "webm.somesite" path "/SOGo/*" \
forward to  tag dav
match request tagged dav header set "X-Real-IP" \
value "https://$REMOTE_ADDR;
match request tagged dav header set "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request tagged dav header set "X-Forwarded-For" \
value "$REMOTE_ADDR"
match request tagged dav header set \
"x-webobjects-server-protocol" value "HTTP/1.0"
match request tagged dav header set \
"x-webobjects-remote-host" value "127.0.0.1"
match request tagged dav header set \
"x-webobjects-server-name" value "webm.somesite"
match request tagged dav header set "x-webobjects-server-port" \
value "$SERVER_PORT"

pass request tagged httpd method HEAD
pass request tagged httpd method GET
pass request tagged httpd method POST
pass request tagged acme method GET
pass request tagged dav method HEAD
pass request tagged dav method GET
pass request tagged dav method POST
pass request tagged dav method PUT
pass request tagged dav method DELETE
pass request tagged dav method MKCOL
pass request tagged dav method MOVE
pass request tagged dav method OPTIONS
pass request tagged dav method PROPFIND
pass request tagged dav method REPORT
pass request tagged dav method PROPPATCH
}

Re: relayd blocking by IP

[Marcus MERIGHI]

Hello Stuart, Hello Fabio,

thanks for reading and suggesting!

fosf...@gmail.com (Fabio Martins), 2022.05.04 (Wed) 22:29 (CEST):
> On Wednesday, May 4, 2022, Stuart Henderson 
> wrote:
> > On 2022-05-04, Marcus MERIGHI  wrote:
> > > I need to block http/s traffic, but only for some Host: header values.
> > > I.e. domain "xyz.abc" should be reachable, domain "klm.opq" not, both
> > > behind the same IP.
> > >
> > > This rules out blocking with PF.
> > >
> > ...
> > >
> > > Thanks in advance for any pointers!
> >
> > Maybe redirect connections from the PF table to a different port, then
> > handle the two ports differently in relayd?

This is one of the "OMG, why didn't i think of that myself" moments.
Thanks for the clue stick!

pseudo code, order matters:

pass in on egress from any  to port 443 rdr-to $relayd port 8443
pass in on egress from  to port 443 rdr-to $relayd port 9443

> This may be possible to do via httpd listening on different ports for each
> domain, since they share the same IP address.

Exactly, though it is going to be relayd that is listening and
forwarding to the application (or not, in case of geoblocking).

Marcus

Re: Server certs expired higher up the chain, imaps and https

[Marcus MERIGHI]

Hello!

benoit-li...@fb12.de (Sebastian Benoit), 2021.09.30 (Thu) 21:42 (CEST):
> Chris Bennett(cpb_m...@bennettconstruction.us) on 2021.09.30 10:02:17 -0700:
> > I'm getting that the certs are expired, but https works fine in Firefox,
> > including when looking at the full chain.
> > openssl s_client -servername mail.strengthcouragewisdom.rocks -connect 
> > mail.strengthcouragewisdom.rocks:https
>
> This is an issue with an expired root/intermediate certificate (DST Root X3)
> in use by Let's Encrypt.
> 
> Stuart Henderson (sthen@) summarized it like this:
> 
>   LibreSSL in OpenBSD 6.9/earlier is having problems with the expiry of a
>   CA certificate used to cross-sign Let's Encrypt certs.
> 
>   LE decided not to switch to using their own root fully, rather they
>   are continuing to use the expired cross-signer to increase compatibility
>   with old Android devices, which is tickling this problem.
>   https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
> 
> An errata has just been published, you can install it using syspatch.

I've syspatch(8)-ed a machine that now delivers the following error:

$ ftp -VMo /dev/null \
"https://shop.theater-phoenix.at/Events.aspx?msg=0=1;
TLS handshake failure: certificate verification failed: unable to get
local issuer certificate

$ openssl s_client -servername shop.theater-phoenix.at -connect \
shop.theater-phoenix.at:https
Verify return code: 21 (unable to verify the first certificate)

The server "shop.theater-phoenix.at" runs under Windows and uses
letsencrypt certificates.

Does this issue have the same root cause or is this something different?

Marcus

Re: Server certs expired higher up the chain, imaps and https

[Marcus MERIGHI]

Hello!

stu.li...@spacehopper.org (Stuart Henderson), 2021.10.02 (Sat) 16:13 (CEST):
> On 2021-10-02, Marcus MERIGHI  wrote:
> > benoit-li...@fb12.de (Sebastian Benoit), 2021.09.30 (Thu) 21:42 (CEST):
> >> Chris Bennett(cpb_m...@bennettconstruction.us) on 2021.09.30 10:02:17 
> >> -0700:
> >> > I'm getting that the certs are expired, but https works fine in Firefox,
> >> > including when looking at the full chain.
> >> > openssl s_client -servername mail.strengthcouragewisdom.rocks -connect 
> >> > mail.strengthcouragewisdom.rocks:https
> >>
> >> This is an issue with an expired root/intermediate certificate (DST Root 
> >> X3)
> >> in use by Let's Encrypt.
> > I've syspatch(8)-ed a machine that now delivers the following error:
> > $ openssl s_client -servername shop.theater-phoenix.at -connect \
> > shop.theater-phoenix.at:https
> > Verify return code: 21 (unable to verify the first certificate)
> > Does this issue have the same root cause or is this something different?
> 
> Different. They are using the wrong *intermediate* cert (which expired on
> *Wednesday*):
> 
> Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 
> Validity
> Not Before: Oct  7 19:21:40 2020 GMT
> Not After : Sep 29 19:21:40 2021 GMT
>   Subject: C=US, O=Let's Encrypt, CN=R3
> 
> Specifically, at present they should be using this instead:
> https://letsencrypt.org/certs/lets-encrypt-r3.pem
> However it may change in future so they should use the one fetched by
> their ACME client (generally this
> means using the "fullchain" file) rather than fetching a separate one.

I've nominated you for the "most helpful person around" award. 

Thanks!

Marcus

Re: Permit to reprint tshirt artwork

[Marcus MERIGHI]

Good morning!

titomarifran...@gmail.com (Tito Mari Francis Escaño), 2021.07.26 (Mon) 04:28 
(CEST):
> I really like the tshirt design as illustrated here:
> https://www.openbsd.org/images/tshirt-23.gif

The most recent similar thread I could find:

https://marc.info/?l=openbsd-misc=155439809001096

Marcus

> I bought this shirt before and I was hoping to buy at least one but as per
> https://www.openbsd.org/tshirts.html this is out of print.
> 
> Can you please point me to whom I should ask permission to reprint
> t-shirts with this design?
> 
> Thanks and regards.

Re: X220 thinkpad battery issue

[Marcus MERIGHI]

Hello!

b...@shoshoni.info (Bryan Linton), 2021.07.15 (Thu) 11:33 (CEST):
> On 2021-07-15 08:57:32, Isak Holmström  wrote:
> > Hello,
> > I recently discovered that my battery is not charging. I really
> > can’t find anything when searching the web regarding openbsd and
> 
> A couple thoughts.
> 
> 1)  The battery may simply be dead.  AFAIUI, modern laptop
> 
> 2)  Have you upgraded the laptop's internals, or changed the power
> charger you use?  I know that newer models of Thinkpads will
> 
> 3)  Power sockets get plugged and unplugged a lot, and tend to
> wear out over time.  Could the socket itself be loose?  Does

Some more thoughts...

4) the X220 has a LED indicator that goes off and back on again if I
   plug the power cord. What does yours do?
5) I've once had luck with simply taking the battery out of the
   notebook, waiting some time, an re-plugging it. But that did not help
   for long, see 1) :-)

Marcus

Re: CWM+Xterm+Tmux+Vim & Copy/Paste

[Marcus MERIGHI]

Hello!

d...@silentsystems.org (David Anthony), 2021.07.12 (Mon) 23:12 (CEST):
> Does anyone using the combination of CWM+Xterm+Tmux+Vim have any advice
> for dealing with Copy/Paste? To/From Browser?

Not yet seen among the valuable advice already given:

$ grep M-v .cwmrc
bind-key M-v  "xdotool click --clearmodifiers 2 keyup alt"

This emulates a middle mouse klick and lets you paste without touching
your mouse. 

Marcus

Re: apu2 and Atheros WLE600VX not working

[Marcus MERIGHI]

Hello!

g.lis...@nodeunit.com (George), 2021.06.30 (Wed) 01:41 (CEST):
> I am running OpenBSD 6.9 the machine recognizes an earlier version of
> the same wireless PCIe card, namely the WLE200NX but for some,
> unknown to me reason, the WLE600VX is not recognized. I checked the
> athn driver support for the chip set which should be AR9280 and it list it.
> When I boot I get in dmesg:
> "Atheros QCA986x/988x" rev 0x00 at pci1 dev 0 function 0 not configured

You have:
https://www.pcengines.ch/wle600vx.htm
Chipset Qualcomm Atheros QCA9882
"Expect some pain, ath10k drivers required. Currently not
supported by pfSense / OPNsense !"
=> GCA9882 is not in athn(4).

You want: 
https://www.pcengines.ch/wle200nx.htm
Chipset Qualcomm Atheros AR9280.
=> AR9280 is in athn(4).

I have the latter and it works, in an apu2.

Marcus

Re: Who is responsible for ports.su? (admittedly a non-canon resource)

[Marcus MERIGHI]

rop...@gmail.com (ropers), 2021.06.14 (Mon) 00:21 (CEST):
> > On 2021-06-13, ropers wrote:
> >> Sorry to disturb, but does anyone know how to contact whoever is
> >> responsible for ports.su?
> >> An email address would be great, though I'm not sure if it's okay to
> >> post that on-list.  Perhaps it's okay to send that off-list?

> On 13/06/2021, Stuart Henderson wrote:
> > It's Constantine Murenin, I'm not sure of working contact methods.

Ian, if you are still into it, maybe try the email from his latest post? 

https://marc.info/?l=openbsd-misc=158567929032597

Marcus

Re: Maintaining modified binary kernel config

[Marcus MERIGHI]

parod...@gmail.com (Parodper), 2021.05.29 (Sat) 19:03 (CEST):
> # config -e -o bsd.new /bsd
> ukc> disable radeondrm
> ukc> quit
> # mv bsd.new /bsd
> 
> But that only lasts for one reboot (I think on some cases not even
> that). After that the next reboots have the same problem. Any tips to
> make the changes permanent?

someone more knowledgeable than me once upon a time said:


$ cat /etc/rc.shutdown
printf 'disable ulpt\nq\n' | config -ef /bsd
sha256 /bsd >/var/db/kernel.SHA256
(Antoine Jacoutot  19 Mar 2020 po...@openbsd.org)


and:


After boot, the kernel is relinked in a random order in the background
("/usr/libexec/reorder_kernel &" in /etc/rc). This is done so that
there will be a different memory layout on different boots, making
it harder to carry out types of attack that rely on knowing where
things are in the kernel.
[...]
You can disable the reordering by removing /var/db/kernel.SHA256
but be aware that syspatch relies on the reorder_kernel mechanism in
order to apply kernel patches. So if you do this and need to apply
such patches, re-enable it temporarily before running syspatch:
"sha256 -h /var/db/kernel.SHA256 /bsd" - stop any unnecessary
processes - then run syspatch. After syspatch has finished
you can remove kernel.SHA256 again before rebooting.
(Stuart Henderson  2 Oct 2019 misc@openbsd.org)


Hope this helps you in your quest...

Marcus

ssh(1) -v gives debug1: pledge: filesystem full

[Marcus MERIGHI]

Hello!

By accident I noticed that 

$ ssh -v $host

gives me, among many other lines, this

debug1: pledge: filesystem full

Tried with multiple hosts. None of the filesystems on the hosts (client,
servers) is full. The messages appears when connecting from -current (as
of yesterday) to 6.9, when connecting from 6.9 to 6.9 and when
connecting from -current to -current.

My .ssh/config has:

Host *
ServerAliveInterval 15
ServerAliveCountMax 4
AddKeysToAgent yes

Host a b c d e f
ForwardAgent yes

host g h
ProxyJump i
CheckHostIP no

Is this expected? Something to worry about?

Marcus

Re: Managed to mess up the system encrypted disk. I can no longer boot.

[Marcus MERIGHI]

Hello Samarul, 

samarul@gmail.com (Samarul Meu), 2021.03.08 (Mon) 10:46 (CET):
> On Thu, Jan 28, 2021 at 10:27 AM Samarul Meu  wrote:
> > Thank you so much! You made my day!
> > So I used FuguIta (6.8 - stable) attached the encrypted partition
> > (accessible as sd1 now) and 'installboot sd1', reboot and surprise -
> > everything is working. I still have no idea why detaching the softraid
> > determined this kind of behavior.
> 
> Today I stumbled again on the same error, but in a different situation,
> let's say.
[...] 
> 1. attach an encrypted disk (partition) with an OpenBSD installation on
> it,  let's say sd1a --- "bioctl -c C -l sd1a softraid0" --- you will get
> the new sd2
> 2. detach the sd2 "bioctl -d sd2"
> 3. The OpenBSD will no longer boot.

No mount(8) and umount(8) between step 1 and 2?

Marcus

Re: 4k sector disk on APU2 problems

[Marcus MERIGHI]

Hello, 

raimo+open...@erix.ericsson.se (Raimo Niskanen), 2021.03.01 (Mon) 14:30 (CET):
> The disk showed up as a 4k sector disk, and after installing OpenBSD 6.7
> over USB over the mSATA-SATA adapter I plugged it in the internal mSATA
> connector, and it did not boot.

I've recently had the same encounter. 14TB HDD in an external USB
enclosure, to sync the data to it before putting it in the machine. 

The disk showed 4k sectors in the external enclosure.

After days of data transfer (~11TB) I finally put the HDD it in the
machine and learned the same lesson as you did: the 4k sectors turned to
512 byte sectors when connected internally via SATA. 

Unpleasant, but actually OT for an OpenBSD list, I'm afraid.

Marcus

Re: snapshot of today, pkg_add -u changed behaviour

[Marcus MERIGHI]

sven.falem...@gmail.com (Sven F.), 2021.02.24 (Wed) 19:04 (CET):
> On Wed, Feb 24, 2021 at 12:06 PM Stuart Henderson  
> wrote:
> >
> > On 2021-02-24, Marcus MERIGHI  wrote:
> > > Hello!
> > >
> > > I just ugraded two machines to the snapshot of the day:
> > >
> > > OpenBSD 6.9-beta (GENERIC.MP) #357: Tue Feb 23 22:09:48 MST 2021
> > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > >
> > > When I run pkg_add -u afterwards, it just sits there, without output,
> > > for an unusually long time.
> > >
> > > With ^T it says: Processing Parameters.
> > >
> > > After some minutes the usual output starts.
> > >
> > > Just thought I'd mention it here, in case someone is worried about not
> > > seeing the familiar behaviour (as I was).
> > >
> > > Marcus
> > >
> > >
> >
> > Check for running ftp processes and you might get a better idea what
> > it's doing. Do you have a slow connection to the mirror you're using?
> >
> 
> FETCH_CMD="ftp -v" pkg_add -u  ?

Thanks for your assistance, Sven and Stuart!

It's just that ftp2.eu.openbsd.org is slow for me. 
As nothing in my environment had changed and the download of the base
system didn't take longer than usual, I thought pkg_add(1) might be
doing something differently.

speedtest-cli says 20 Mbit/s download speed, while 
lynx http://ftp2.eu.openbsd.org/pub/OpenBSD//snapshots/packages/amd64/
takes ages.

FETCH_CMD="ftp -v" did not make much of a difference, as it's the
initial 
  ftp -v -o - http://ftp2.eu.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/ 
that takes so long (I'm ctrl-c'ing it after 10 minutes right now, on my
third machine to upgrade.) 

ftp.hostserver.de to the rescue...

Sorry for the noise!

Marcus

snapshot of today, pkg_add -u changed behaviour

[Marcus MERIGHI]

Hello!

I just ugraded two machines to the snapshot of the day:

OpenBSD 6.9-beta (GENERIC.MP) #357: Tue Feb 23 22:09:48 MST 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

When I run pkg_add -u afterwards, it just sits there, without output,
for an unusually long time. 

With ^T it says: Processing Parameters.

After some minutes the usual output starts.

Just thought I'd mention it here, in case someone is worried about not
seeing the familiar behaviour (as I was).

Marcus

Re: relayd.conf prefork > 3, relayd does not answer

[Marcus MERIGHI]

Hello, 

mcmer-open...@tor.at (Marcus MERIGHI), 2021.02.07 (Sun) 18:28 (CET):
> I just saw a reason to crank relayd.conf(5)s "prefork" from its default
> of 3 to 12. 
> After restarting relayd I could not connect anymore.

PEBKAC: The "prefork" directive followed the table definitions, which is
the wrong order according to relayd.conf(5). As soon as I moved it up
things worked. I suspect that "prefork 3" worked even in the wrong
position because it is the default value that does not change anything.

Sorry for the noise, 

Marcus

Re: home printer

[Marcus MERIGHI]

rop...@gmail.com (ropers), 2021.02.08 (Mon) 21:43 (CET):
> On 08/02/2021, Pierre-Philipp Braun  wrote:
>
> Anyway, I don't suppose any of you know whether any of your
> recommended devices have printer steganography built in?

I've been told, by a local xerox technician, to never print any ransom
demand letter with a modern printer because any printout could be
attributed to the serial number of the printer.

Marcus

relayd.conf prefork > 3, relayd does not answer

[Marcus MERIGHI]

hello!

OpenBSD 6.8 with patches (full dmesg at the end).

I just saw a reason to crank relayd.conf(5)s "prefork" from its default
of 3 to 12. 

After restarting relayd I could not connect anymore.

Reverting to "prefork 3" made things return to normal working state.

The only thing I can tell from the logs is that with normal startup,
after "relayd[79886]: startup", there's the "adding X hosts from
table[...]" messages. 
With prefork greater than 3, these messages are missing.

Does anyone see the same?
Can anyone give it a try?

Thank you in advance...

Marcus

OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021

r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34224320512 (32638MB)
avail mem = 33172054016 (31635MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xec9b0 (74 entries)
bios0: vendor American Megatrends Inc. version "3.1" date 06/07/2018
bios0: www.1he-server.com GN#15069
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SPMI MCFG UEFI HPET MSCT NFIT SLIT SRAT 
WDDT SSDT NITR SSDT SSDT PRAD DMAR HEST BERT ERST EINJ
acpi0: wakeup devices IP2P(S4) EHC1(S4) EHC2(S4) RP01(S4) RP02(S4) RP03(S4) 
RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) BR1B(S4) BR3A(S4) BR3B(S4) 
BR3C(S4) BR3D(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.27 MHz, 06-4f-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.01 MHz, 06-4f-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.01 MHz, 06-4f-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.01 MHz, 06-4f-01
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz, 2100.02 MHz, 06-4f-01
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: 

Re: 6.8 and Procmail/Formail: anyone still using them?

[Marcus MERIGHI]

aus...@computershop.ca (Austin Hook), 2021.01.30 (Sat) 10:52 (CET):
> Marcus:
> 
> > Regarding procmail beware of this:
> > https://marc.info/?l=openbsd-ports=151256201621939
> 
> Fascinating.  Never caught that discussion before. I gather a specially 
> crafted message could get control of the user's account, or at least it 
> would hard to prove that it couldn't.
> 
> I guess I can appreciate further, that since the mail system processes the 
> .forward file, that means a task with higher privileges than even the 
> user, has to deal with external world possibly garbage or infected input, 
> which could be unfriendly, and if the code base was designed without even 
> such a thought, and is unwieldy -- there was the incentive to do better.
> 
> Oh, but the years of fine tuning the procmail scripts  

oh yeah! and it gets even worse... sooner or later we might have to
switch to sieve[1] scripts. because that is what dovecot and everything
else understands. but it's standardized, as a plus.

[1] https://en.wikipedia.org/wiki/Sieve_(mail_filtering_language)

> > formail is not in the ports tree, afaict.
> I probably just should have said only the package for procmail; formail 
> comes with it.  

I should have used pkg_locate(1) first...

> formail goes into the .forward file, and regularizes any 
> problems with the "From" email address, before handing off to procmail.  
> I guess that's somewhat a security enhancement.  Perhaps not enough.
> 
> Maybe formail isn't always used or was dropped in later version. I see a 
> comment from Steve (clipped below) that he doesn't use it. [Haven't yet 
> checked out his reference or absorbed it's implications yet. May comment 
> further, if I further retry procmail first, before learning fdm.]
> 
> > I use ~/Maildir
> 
> In your case, is that ~/Maildir (a file), or is it ~/Maildir/ a directory?

It is a directory, and a different way to store mail. see 
https://en.wikipedia.org/wiki/Maildir
 
> In my new install, not doing any mail sorting yet, Simple "Mail" seems to 
> put new mail into ~/mbox (the file) if not handled explicitly other than 
> looking at the subject lines -- even though it says (at run time) 
> something about putting it back into the user's mailbox -- which is 
> different wording from the documentation, and slightly confusing.

ha-ha, the second time within a couple of days that mail(1) interactive
use confuses people, including me :-)

> Alpine (not further configured) moves all new mail from /var/mail/*user*/ 
> to ~/mbox (the file), soon as it is invoked.

my gut feeling is that this historic behaviour is going extinct.

Marcus

> On Wed, 27 Jan 2021, Maurice McCarthy wrote:
> 
> > Most use fdm from ports
> > Best
> 
> On Wed, 27 Jan 2021, Marcus MERIGHI wrote:
> 
> > aus...@computershop.ca (Austin Hook), 2021.01.26 (Tue) 18:43 (CET):
> > > Wonder if anyone is still using Procmail/Formail under 6.8 for
> > > presorting incoming mail before it hits one's main inbox.
> > 
> > Regarding procmail beware of this:
> > https://marc.info/?l=openbsd-ports=151256201621939
> > 
> > formail is not in the ports tree, afaict.
> > 
> > I switched from procmail to fdm:
> > 
> > Information for inst:fdm-2.0p0
> > 
> > Comment:
> > fetch, filter and deliver mail
> > 
> > Description:
> > fdm is a simple, lightweight replacement for mail fetch, filter and
> > delivery programs such as fetchmail and procmail. It can fetch using
> > POP3 or IMAP (with SSL) or from stdin, and deliver to a pipe, file,
> > maildir, mbox or SMTP server, based on regexps.
> > 
> > Maintainer: Nicholas Marriott 
> > 
> > 
> > > Also wondering if folks send the remainimg mail, after filtering, to 
> > > /var/mail/*user*, or to ~/mbox or to ~mail/mbox.  Any advantage to be 
> > > had, 
> > > or any mere consensus, regardless of advantages?
> > 
> > I use ~/Maildir
> > 
> > Marcus
> > 
> Date: Wed, 27 Jan 2021 09:04:43 -0700
> From: Steve Williams 
> To: misc@openbsd.org
> Subject: Re: 6.8 and Procmail/Formail: anyone still using them?
> 
> Hi,
> 
> I am using procmail under 6.8 successfully.? I did have problems with it 
> when upgrading to (I think) 6.4.
> 
> If you look for the mail list archives for "OpenBSD 6.4 smtpd local mail 
> delivery missing "From " when .forward (procmail)"
> 
> My .procmailrc:
> 
> "|/usr/local/bin/procmail -f -"
> 
> Not sure if this is your problem or not.? But I have quite a large 
> .procmailrc file (200 lines) that makes? a historical archive of every 
> incoming email, filtering maillist emails, etc.
> 
> Thanks,
> Steve W.
> 
> 

Re: Installing across two SSDs, encrypted

[Marcus MERIGHI]

gj...@omecha.info (Grégoire Jadi), 2021.01.30 (Sat) 11:03 (CET):
> Joe Nelson  writes:
> 
> > Second, how do I get the OS to prompt me during startup for a
> > passphrase, and mount the encrypted drive? (It's not the primary drive
> > with the OS on it, which seems nonstandard.)
> 
> Checkout rc(8), in particular rc.local.
> 
> I've used something like:
> 
> echo 'adding encrypted home partition'
> bioctl -c C -l ENCRYPTED_UID.k softraid0 && \
>   fsck DECRYPTED_UID.a && \
>   mount /home
> 
> Could be improved with a loop to retry in case you misstype the
> passphrase.

This is just another suggestion...

If you run xenodm(1) you can put the following in
/etc/X11/xenodm/Xsetup_0 :

ssh-askpass "Pass for disk" | bioctl -s -c C -l \
DUID.slice softraid0

hotplugd(8) is your friend for automatically fscking and mounting of the
softraid(4) crypt partitions. 

If you do not run xenodm/X11 then Grégoire's hint would fit, but
interrupt your boot process; alternatively you can abuse ttys(5)
by changing a line like, for instance, this:

ttyC5 "/etc/ttymenu.getty" vt220 on secure

"/etc/ttymenu.getty" could look like this:

TERM=vt220 /etc/ttymenu < /dev/$1 > /dev/$1

"/etc/ttymenu" is a script of your liking.

You have to switch to ttyC5 to enter your passphrase. 
rc.local(8) can take you there, via "wsconsctl display.focus=4".

If you want your $HOME encrypted, I'd recommend two slices on $BIGDRIVE.
One smaller (in my case 5GB) for $HOME and a huge one for a sub
directory of $HOME that holds your data (but *always* listen to Nick's
partition/slice size advice!). 
Purpose of this separation is quicker access to your $HOME in case of an
unclean shutdown. $HOME gets fsck'ed quickly and you can log in. fsck on
$BIGSLICE will take a while...

Marcus

Re: Can't set 'from' address in .mailrc

[Marcus MERIGHI]

Hello, 

tetrahe...@danwin1210.me (tetrahe...@danwin1210.me), 2021.01.28 (Thu) 16:00 
(CET):
> I'm trying to set up my system so I can use 'sendbug' to send in a bug
> report for a kernel panic, and a number of issues have cropped up.
> 
> 1. My mail provider won't let me send email from  but only
> from . Therefore I tried adding to ~/.mailrc:
>   set from "my_lap...@domain.com"
> Unfortunately, this didn't fix the issue, and /var/log/maillog is still
> showing "Sender address rejected" messages.
> According to the mail manpage 'from' is a binary option, but this makes no
> sense to me, where does one set the default from address?

I have nothing to say on mail(1) interactive usage :-) and got confused
reading the man page, just as you.

You could use "sendbug -P > sendbug.out" to get your report in a file
and send that from a different host. Or edit the file and 

$ cat sendbug.out | mail -s "my bug report" -r my_lap...@domain.com \
-c my_lap...@domain.com b...@openbsd.org

> 2. Where can I find the message that 'sendbug' composed? 'ls
> /var/spool/smtpd/queue/*' does not show any messages in any of the
> subfolders, did smtpd delete it because it couldn't be delivered?
 
Do you see 

smtpd[30872]: warn: queue: no return path!

in /var/log/maillog? Do you have a file named "dead.letter"?

Marcus

Re: 6.8 and Procmail/Formail: anyone still using them?

[Marcus MERIGHI]

aus...@computershop.ca (Austin Hook), 2021.01.26 (Tue) 18:43 (CET):
> Wonder if anyone is still using Procmail/Formail under 6.8 for
> presorting incoming mail before it hits one's main inbox.

Regarding procmail beware of this:
https://marc.info/?l=openbsd-ports=151256201621939

formail is not in the ports tree, afaict.

I switched from procmail to fdm:

Information for inst:fdm-2.0p0

Comment:
fetch, filter and deliver mail

Description:
fdm is a simple, lightweight replacement for mail fetch, filter and
delivery programs such as fetchmail and procmail. It can fetch using
POP3 or IMAP (with SSL) or from stdin, and deliver to a pipe, file,
maildir, mbox or SMTP server, based on regexps.

Maintainer: Nicholas Marriott 


> Also wondering if folks send the remainimg mail, after filtering, to 
> /var/mail/*user*, or to ~/mbox or to ~mail/mbox.  Any advantage to be had, 
> or any mere consensus, regardless of advantages?

I use ~/Maildir

Marcus

Re: libreoffice package broken in -current 3.509

[Marcus MERIGHI]

Hello, 

n.dellu...@gmail.com (Nicola Dell'Uomo), 2021.01.17 (Sun) 11:25 (CET):
> after upgarding packages from 3.507 to 3.509 in -current, libreoffice
> crashes when it starts.

Already known, but (AFAIK) unsolved:

https://marc.info/?t=16106348152=1=2

Marcus

Re: auto-boot

[Marcus MERIGHI]

bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 18:07 (CET):
> Le jeudi 14 janvier 2021 à 16:59 +0100, Marcus MERIGHI a écrit :
> > bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 16:05 (CET):
> > > Le jeudi 14 janvier 2021 à 15:47 +0100, Marcus MERIGHI a écrit :
> > > > bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 10:20 (CET):
> > > > > I have a router connected via a serial port to another machine
> > > > > (which
> > > > > is usually powered off), wich fails to boot until I connect and
> > > > > validate the boot> prompt
> > > > > 
> > > > > I configured my boot.conf as it follows :
> > > > > 
> > > > > # cat
> > > > > /etc/boot.conf 
> > > > > set timeout 10
> > > > > set tty com0
> > > > 
> > > > I usually have 
> > > > 
> > > >     stty com0 115200
> > > >     set tty com0
> > > >     set timeout 2
> > > > 
> > > > and the machines boot automagically...
> > > > 
> > > > Marcus
> > > > 
> > > Actually, it looks like the automagic boot depends on the status of
> > > the
> > > attached computer : when it runs, the router boots automagically,
> > > and
> > > when it does not, then the boot waits until I press enter (after
> > > booting it, obviously)
> > 
> > Ah, I failed on getting what you meant!
> > 
> > Emitting wild guesses now... As soon as the boot> prompt receives
> > input,
> > it cancels the timout counter (and doesn't auto-boot). Could it be
> > that
> > your non-auto-booting machine receives something that looks like
> > input
> > to the boot> prompt? Can you test with the serial cable detached?
> > 
> 
> Done that; that's very strange : the router did not auto-boot, but did
> as soon as I plugged-in the serial cable in (I left minicom running on
> the other box) (or maybe after a few seconds, I did not checked in real
> time)

so you have ruled out the second box, good!

Things I'd try... 

- any stray empty lines in /etc/boot.conf?
  I'm not saying these would cause any harm, but I'd try
- add the speed setting ("stty com0 115200")
- move "set timeout X" to the end

good luck! and please report back if you solve this puzzle!

Marcus

Re: auto-boot

[Marcus MERIGHI]

bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 16:05 (CET):
> Le jeudi 14 janvier 2021 à 15:47 +0100, Marcus MERIGHI a écrit :
> > bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 10:20 (CET):
> > > I have a router connected via a serial port to another machine
> > > (which
> > > is usually powered off), wich fails to boot until I connect and
> > > validate the boot> prompt
> > > 
> > > I configured my boot.conf as it follows :
> > > 
> > > # cat
> > > /etc/boot.conf  
> > > set timeout 10
> > > set tty com0
> > 
> > I usually have 
> > 
> >     stty com0 115200
> >     set tty com0
> >     set timeout 2
> > 
> > and the machines boot automagically...
> > 
> > Marcus
> > 
> Actually, it looks like the automagic boot depends on the status of the
> attached computer : when it runs, the router boots automagically, and
> when it does not, then the boot waits until I press enter (after
> booting it, obviously)

Ah, I failed on getting what you meant!

Emitting wild guesses now... As soon as the boot> prompt receives input,
it cancels the timout counter (and doesn't auto-boot). Could it be that
your non-auto-booting machine receives something that looks like input
to the boot> prompt? Can you test with the serial cable detached?

(It would be more comprehensible if it was the other way round:
not booting with the supervising machine beeing *on* and by some strange
mishaps sending input to the boot> prompt.)

Marcus

Re: auto-boot

[Marcus MERIGHI]

Hello, 

bast...@durel.org (Bastien Durel), 2021.01.14 (Thu) 10:20 (CET):
> I have a router connected via a serial port to another machine (which
> is usually powered off), wich fails to boot until I connect and
> validate the boot> prompt
> 
> I configured my boot.conf as it follows :
> 
> # cat /etc/boot.conf  
> set timeout 10
> set tty com0

I usually have 

stty com0 115200
set tty com0
set timeout 2

and the machines boot automagically...

Marcus

[OT] Re: WireGuard, Windows mobile laptop and pf.conf?

[Marcus MERIGHI]

Hello!

hamdi201...@gmail.com (Andreas X), 2020.12.29 (Tue) 13:53 (CET):
> > > I happen to come across this blog today that may help
> > > you clarify some of your questions:
> >
> > https://ozgur.kazancci.com/secure-fast-vpn-server-wireguard-setup-on-openbsd-and-configure-windows-10-clients-to-connect-through-it/
> >
> > I hope it helps. I am planning to set up one myself in the near future.
> > Please keep us posted how yours turn out.
> >
> > Hakan Duran
> > 
> Hi Hakan, thank you for this!
> It works nicely, and has helped me a lot!

I recently got it to work, too, after some fiddling, with this client:

https://download.wireguard.com/windows-client/wireguard-installer.exe

But... this requires admin rights under windows. Not for the
installation, which would be natural, but for connecting, too. 

There's talk about workarounds:

https://www.reddit.com/r/WireGuard/comments/frizel/solution_managing_wireguard_on_windows_as_a/

Which are... ugly?

So, my question is: do you have a non-admin way to connect or are you
just taking the risk?

Sorry for the non-OpenBSD talk here, we should take this elsewhere;
better reply privately, thanks!

Marcus

Re: Internal microphone not working

[Marcus MERIGHI]

Hello Ashton, 

ash...@fagg.id.au (Ashton Fagg), 2020.10.28 (Wed) 01:31 (CET):
> However, I'm having problems getting my internal microphone to work.

what does 
$ sysctl kern.audio.record
say?

Marcus

Re: LTE SIM in a ThinkPad T400

[Marcus MERIGHI]

h...@stare.cz (Jan Stary), 2020.09.29 (Tue) 10:19 (CEST):
> This is current/amd64 on a ThinkPad T400 (dmesg below).

I don't see any umsm(4) or umb(4) device in you dmesg.
(Or anything else that looks like a 2/3/4/5G modem.)

Could it be that the SIM slot is provided on all models, 
though yours doesn't have the "modem"-hardware?

Or do you need to enable it in the BIOS?

Marcus

> The machine has a slot for a SIM card, and I'm considering
> getting a data-tarif SIM to put in there so it has its own
> connection (although iwn works as a client to a mobile AP).
> 
> Is anyone using a data SIM in a laptop?
> Is that supported at all?
> 
>   Jan
> 
> 
> OpenBSD 6.8-beta (GENERIC.MP) #0: Fri Sep 18 11:00:33 CEST 2020
> h...@lenovo.stare.cz:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8463781888 (8071MB)
> avail mem = 8192241664 (7812MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (80 entries)
> bios0: vendor LENOVO version "7UET94WW (3.24 )" date 10/17/2012
> bios0: LENOVO 64741EG
> acpi0 at bios0: ACPI 3.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA 
> SSDT SSDT SSDT
> acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) 
> EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3) EHC1(S3) 
> HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.31 MHz, 06-17-06
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
> cpu0: 3MB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
> cpu0: apic clock running at 266MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2.1.3, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.01 MHz, 06-17-06
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
> cpu1: 3MB 64b/line 8-way L2 cache
> cpu1: smt 0, core 1, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe000, bus 0-63
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (AGP_)
> acpiprt2 at acpi0: bus 2 (EXP0)
> acpiprt3 at acpi0: bus 3 (EXP1)
> acpiprt4 at acpi0: bus -1 (EXP2)
> acpiprt5 at acpi0: bus 5 (EXP3)
> acpiprt6 at acpi0: bus 13 (EXP4)
> acpiprt7 at acpi0: bus 21 (PCI1)
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
> extent `acpipci0 pcibus' (0x0 - 0xff), flags=0
> extent `pciio' (0x0 - 0x), flags=0
>  0x1 - 0x
> extent `pcimem' (0x0 - 0x), flags=0
>  0x0 - 0xbfff
>  0xe000 - 0xefff
>  0xfec0 - 0xfec0
>  0xfed0 - 0xfed003ff
>  0xfed1 - 0xfed13fff
>  0xfed18000 - 0xfed19fff
>  0xfed1c000 - 0xfed8
>  0xfee0 - 0xfee00fff
>  0xff80 - 0x
>  0x400 - 0x
> acpicmos0 at acpi0
> tpm0 at acpi0 TPM_ addr 0xfed4/0x5000, device 0x10208086 rev 0x6
> acpibat0 at acpi0: BAT0 model "92P1137" serial57 type LION oem "SANYO"
> acpiac0 at acpi0: AC unit online
> acpithinkpad0 at acpi0: version 1.0
> "PNP0C14" at acpi0 not configured
> acpicpu0 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), 
> C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: !C3(100@57 mwait.3@0x30), !C2(500@1 mwait.1@0x10), 
> C1(1000@1 mwait.1), PSS
> acpipwrres0 at acpi0: PUBS, resource for USB0, USB3, USB5, EHC0, EHC1
> acpitz0 at acpi0: critical temperature is 127 degC
> acpitz1 at acpi0: critical temperature is 100 degC
> acpidock0 at acpi0: GDCK not docked (0)
> acpivideo0 at acpi0: VID_
> acpivout0 at acpivideo0: LCD0
> acpivideo1 at acpi0: VID_
> cpu0: Enhanced SpeedStep 2261 MHz: speeds: 2267, 2266, 1600, 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07
> inteldrm0 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07
> drm0 at inteldrm0
> intagp0 at inteldrm0
> agp0 at intagp0: aperture at 0xd000, size 0x1000
> inteldrm0: apic 1 int 16, GM45, gen 4
> "Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured
> "Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured
> puc0 at pci0 dev 3 function 3 "Intel GM45 KT" rev 0x07: ports: 16 com
> com4 at puc0 port 0 apic 1 

Re: how to figure out reverse package dependency?

[Marcus MERIGHI]

Hello, 

j...@jsg.id.au (Jonathan Gray), 2020.08.23 (Sun) 08:58 (CEST):
> On Sun, Aug 23, 2020 at 08:15:01AM +0200, Matthias wrote:
> > How do I figure out which packages directly or indirectly depend on a
> > specific package? Let's assume that only installed packages shall be
> > considered.
> > 
> > For example, if 'glib2' is the package in question, 'cairo',
> > 'gdk-pixbuf', 'shared-mime-info', 'ImageMagick', etc. should be returned
> > as all those depend on 'glib2'.
> > 
> > Thank you.
> 
> This is really a question for ports@
> 
> One way would be to install databases/sqlports then run
> 'show-reverse-deps devel/glib2'

I thought Matthias was just asking for "pkg_info -R".
("Show which packages require a given package")

Marcus

phone syncing [was: Re: how to mount phone?]

[Marcus MERIGHI]

pe...@bsdly.net (Peter Nicolai Mathias Hansteen), 2020.07.14 (Tue) 17:11 (CEST):
> > 13. jul. 2020 kl. 23:39 skrev Justin Muir :
> > Just wishing to mount my phone to access photos.
>
> I believe I have at some point managed to mount a phone as storage,
> but not recently.
> 
> What usually works better is to install an sftp client (I use AndFTP
> in sftp mode) on the phone and use that to transfer the pictures to
> your machine.

now that this thread turns to general phone syncing: syncthing
(in ports/packages) works very well for me, unless you want sycthing to
have write access to all of your sdcard in the phone. on my
lineagos17/android10 phone, syncthing only gets read-only access to the
sdcard, apart from its app-folder. other than that: start syncthing on
both ends, wait, have files on both ends reliably synced. 
(i am not affiliated, btw.)

Marcus

Re: how to mount phone?

[Marcus MERIGHI]

get.misc.open...@gmail.com (Greg Thomas), 2020.07.14 (Tue) 00:33 (CEST):
> Have you set your USB preferences on your phone?  To File transfer?  My
> Android defaults to charging only.

Mine too; but "File transfer" does not work for me, either. I get a
ugen(4) instead of umass(4), on -current.

Therefore I currently use gphoto2(1) from the gphoto-2.5.23 package:

$ gphoto2 --get-all-files --skip-existing

Watch out for the permissions on the USB device files: 

$ more /usr/local/share/doc/pkg-readmes/libgphoto

Marcus

> On Mon, Jul 13, 2020 at 2:57 PM Justin Muir  wrote:
> 
> > Hi,
> >
> > Just wishing to mount my phone to access photos.
> >
> > Here's the output from dmesg:
> >
> > ugen0 at uhub0 port 3 "Alcatel U50? Alcatel U50?" rev 2.00/3.10 addr 2
> >
> > Any ideas on how this might be mounted??
> >
> >
> > tia!
> >

Re: Input Filter and LPD

[Marcus MERIGHI]

punoseva...@gmail.com (Predrag Punosevac), 2020.06.08 (Mon) 23:57 (CEST):
> It seems that there is another change on 6.7 perhaps among packages
> which broke printing for me. I am using built in LPD to print onto the
> network connected Brother HL-5250DN. I am getting row PostScript output
> on the printer instead of the document.

I think I've seen the same. Though I could still print simple text
files, like "cat foo.txt | lpr". 
Printing PDFs from xournal failed, with raw PS output as you describe. 

The machine is currently not available, probably online this afternoon, 
will post the configs then. 

I guess you want to avoid it, but cups still works on that machine.

Marcus

Re: Getting HDMI Events

[Marcus MERIGHI]

switch1...@gmail.com (Switch 1024), 2020.06.07 (Sun) 17:48 (CEST):
> On Sun, 7 Jun 2020 at 14:06, Marcus MERIGHI  wrote:
> >
> > switch1...@gmail.com (Switch 1024), 2020.06.07 (Sun) 08:59 (CEST):
> > > tldr; My question is, how can I get  HDMI Events, I want to execute 
> > > scripts
> > > when a new HDMI (or DP, for that matter) device is connected or 
> > > disconnected.
> > > Maybe there is a really obvious or simple way or solution but I did not 
> > > see it.
> >
> > x-on-resize might have some clues:
> > https://marc.info/?l=openbsd-misc=157104216604576
> >
> > marcus
> 
> Ok, Thank you, I downloaded the sources for x-on-resize [1], got it to
> compile with clang, but I do not receive events.

Sorry to hear that; I just made sure that "it works for me", on amd64
-current. dmesg below.

marcus

OpenBSD 6.7-current (GENERIC.MP) #250: Sun Jun  7 19:48:27 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16035282944 (15292MB)
avail mem = 15536517120 (14816MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec2f0 (82 entries)
bios0: vendor American Megatrends Inc. version "1.06" date 03/04/2015
bios0: Shuttle Inc. DS57U
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT ASF! SLIC SSDT 
SSDT SSDT DMAR
acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PEGP(S4) 
RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) 
RP05(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.60 MHz, 06-3d-04
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2494.24 MHz, 06-3d-04
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimadt0: bogus nmi for apid 0
acpimadt0: bogus nmi for apid 2
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 1 (RP01)
acpiprt5 at acpi0: bus -1 (RP02)
acpiprt6 at acpi0: bus 2 (RP03)
acpiprt7 at acpi0: bus 3 (RP04)
acpiprt8 at acpi0: bus -1 (RP05)
acpiprt9 at acpi0: bus -1 (RP06)
acpiprt10 at acpi0: bus -1 (RP07)
acpiprt11 at acpi0: bus -1 (RP08)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C2(500@67 mwait.1@0x10), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(500@67 mwait.1@0x10), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PG00, resource for PEG0
acpipwrres1 at acpi0: PG01, resource for PEG1
acpipwrres2 at acpi0: PG02, resource for PEG2
acpipwrres3 at acpi0: FN00, resource for FAN0
acpipwrres4 at acpi0: FN01, resource for FAN1
acpipwrres5 at acpi0: FN02, resource for FAN2
acpipwrres6 at acpi0: FN03, resource for FAN3
acpipwrres7 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 105 degC
acpitz1 at acpi0: critical temperature is 105 degC
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
extent `acpipci0 pcibus' (0x0 - 0xff), flags=0
 0x3f - 0xff
extent `acpipci0 pciio' (0x0 - 0x), flags=0
 0xcf8 - 0xcff
 0x1 - 0x
extent `acpipci0 pcimem' (0x0 - 0x), flags=0
 0x0 - 0x9
 0xc - 0xdfff
 0xfeb0 - 0x
acpicmos0 at acpi0
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
"PNP0C0B" at acpi0 not configured
"PN

Re: Getting HDMI Events

[Marcus MERIGHI]

switch1...@gmail.com (Switch 1024), 2020.06.07 (Sun) 08:59 (CEST):
> tldr; My question is, how can I get  HDMI Events, I want to execute scripts
> when a new HDMI (or DP, for that matter) device is connected or disconnected.
> Maybe there is a really obvious or simple way or solution but I did not see 
> it.

x-on-resize might have some clues:
https://marc.info/?l=openbsd-misc=157104216604576

marcus

Re: Howto change login mechanism on OpenBSD

[Marcus MERIGHI]

hello, 

valdrin.m...@zoho.com (Valdrin MUJA), 2020.05.25 (Mon) 16:47 (CEST):
> Actually I updated the /etc/ttys file and add my program instead of
> getty. However, after boot, there was still OpenBSD login prompt
> before my program started. 

as already mentioned, init(8) respawns the program specified in ttys(5)
if the program stops. it also throttles respawning if it happens to
often. after changes to ttys(5), run "kill -s HUP 1".

 
> On the other hand, I tried chpass -s $myprogram $user, but still I'm

This only changes the login shell that is run after you have logged in
via login(1).

> In short,  I want to disable OpenBSD login prompt and execute my
> program. If user exits this external program, my program should run
> again etc.

use with care!

$ grep ttyC5 /etc/ttys
ttyC5   "/etc/ttymenu.getty"vt220   on  secure

cat /etc/ttymenu.getty
#!/bin/sh -e
TERM=vt220 /etc/ttyprog < /dev/$1 > /dev/$1

/etc/ttyprog would be the program you want to run. 
stdin and stdout are connected to the tty.

Marcus

>  On Thu, 21 May 2020 01:53:29 +0200 Jeff Joshua Rollin 
>  wrote 
> 
> 
> On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote: 
> > On Wed, May 20, 2020 at 09:50:17PM + 
> > > 
> > > I believe /etc/ttys controls getty, which may or not help. Getty is 
> > > respawned too. 
> > > https://man.openbsd.org/man5/ttys.5 
> > 
> > I think you're right. Might just need to change a line in /etc/ttys 
> > to 
> > execute /bin/{my_program}. 
> > 
> > Edgar 
> > 
>  
> Perhaps a better way would be just to change the user's login shell to 
> the name of your program: chpass -s $myprogram $user. That way you can 
> use OpenBSD's login authentication, and login automatically runs the 
> program when the user logs in; when the user quits the program they are 
> automatically logged out. Provided there's no way to execute a shell 
> from within the program, they therefore can't execute arbitrary code 
> once logged in. It's easy to add a user for this single purpose: just 
> add the user as normal, and specify $myprogram as the shell. 
>  
> Jeff.

Re: rc.d: Webserver is removing daemonization - now what?

[Marcus MERIGHI]

chad.hoo...@protonmail.com (Chad Hoolie), 2020.05.03 (Sun) 15:43 (CEST):
> So the folks over at my webserver is removing its daemonization
> feature, telling its users to use systemd/upstart/a process supervisor
> instead.

Ugly move by upstream!

> But what does this mean to my webserver's startup script in /etc/rc.d,
> isn't it dependent on the webserver's ability to daemonize?
 
You could have shown the content of that rc.d(8) script...?

> Pretty sure I can't manually daemonize it by adding a "&" to the end
> of my rcexecs so...

Read rc.subr(8), look for "rc_bg".

Marcus

Re: flashrom on APU2

[Marcus MERIGHI]

Hello Jan,

just asking because you did not mention: you are running single user,
right?

I documented an firmware upgrade on 2020-03-04, for an APU2:
first I tried "flashrom -p internal -w apu2.rom", then I noted
"needs boardmismatch=force", which i then used.

That machine is still running, unbricked.

before:
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "88a4f96" date 03/11/2016
(I was a bit lazy there, it seems...)

after:
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xcfe8d020 (13 entries)
bios0: vendor coreboot version "v4.11.0.4" date 02/26/2020

Marcus

h...@stare.cz (Jan Stary), 2020.04.23 (Thu) 15:02 (CEST):
> I am flashing my APU2's firmware on current/amd64,
> using the flashrom port; script and dmesg below.
> I would like to make sure about a few nits before going ahead.
> 
> Probe first:
> 
> # flashrom -p internal
> flashrom v1.1 on OpenBSD 6.7 (amd64)
> flashrom is free software, get the source code at https://flashrom.org
> 
> Using clock_gettime for delay loops (clk_id: 3, resolution: 1ns).
> coreboot table found at 0x77fae000.
> Found chipset "AMD FCH".
> Enabling flash write... OK.
> Found Winbond flash chip "W25Q64.V" (8192 kB, SPI) mapped at physical address 
> 0xff80.
> No operations were specified.
> 
> Make a backup:
> 
> # flashrom -r /tmp/rom -p internal  
> flashrom v1.1 on OpenBSD 6.7 (amd64)
> flashrom is free software, get the source code at https://flashrom.org
> 
> Using clock_gettime for delay loops (clk_id: 3, resolution: 1ns).
> coreboot table found at 0x77fae000.
> Found chipset "AMD FCH".
> Enabling flash write... OK.
> Found Winbond flash chip "W25Q64.V" (8192 kB, SPI) mapped at physical
> address 0xff80.
> Reading flash... done.
> 
> Then write:
> 
> # flashrom -V -w /home/hans/apu2_v4.11.0.5.rom -p internal
> 
> After probing for various chips, flashrom finds:
> 
>   Found Winbond flash chip "W25Q64.V" (8192 kB, SPI).
>   This chip may contain one-time programmable memory. flashrom cannot read
>   and may never be able to write it, hence it may not be able to completely
>   clone the contents of this chip (see man page for details).
> 
> I am confused: flashrom -r has just read this memory,
> and flashrom -w is supposed to overwrite it, right?
> 
> It also says
>  
>   coreboot last image size (not ROM size) is 8388608 bytes.
> 
> Indeed, 8388608 is the size of /home/hans/apu2_v4.11.0.5.rom
> which is precisely 8192 * 1024, which is also the size of the
> backup obtained with flashrom -r. Should I be concerned about
> some mismatch, or is flashrom just emphasizing this is the
> image file size (and not stating any difference)?
> 
> Eventually, flashrom aborts with
> 
>   Manufacturer: PC Engines
>   Mainboard ID: apu2
>   This coreboot image (PC Engines:apu2) does not appear to
>   be correct for the detected mainboard (PC Engines:PCEngines apu2).
>   Aborting. You can override this with -p internal:boardmismatch=force.
> 
> Is this a banal mismatch in the names
> ("PC Engines" vs "PC Engines:PCEngines")
> or is there some real concern?
> 
> Can anyone please confirm they have flashed
> their APU2 like this before I brick mine?
> 
>   Thank you
> 
>   Jan
> 
> 
> 
> # flashrom -V -w /home/hans/apu2_v4.11.0.5.rom -p internal
> 
> flashrom v1.1 on OpenBSD 6.7 (amd64)
> flashrom is free software, get the source code at https://flashrom.org
> 
> flashrom was built with libpci 3.6.3, LLVM Clang 8.0.1 
> (tags/RELEASE_801/final), little endian
> Command line (5 args): flashrom -V -w /home/hans/apu2_v4.11.0.5.rom -p 
> internal
> Using clock_gettime for delay loops (clk_id: 3, resolution: 1ns).
> Initializing internal programmer
> Found candidate at: 0500-0510
> Found coreboot table at 0x0500.
> Found candidate at: -0170
> Found coreboot table at 0x.
> coreboot table found at 0x77fae000.
> coreboot header(24) checksum: 41fb table(368) checksum: 2ad9 entries: 14
> Vendor ID: PC Engines, part ID: PCEngines apu2
> Using Internal DMI decoder.
> DMI string chassis-type: "Desktop"
> DMI string system-manufacturer: "PC Engines"
> DMI string system-product-name: "APU2"
> DMI string system-version: "1.0"
> DMI string baseboard-manufacturer: "PC Engines"
> DMI string baseboard-product-name: "APU2"
> DMI string baseboard-version: "1.0"
> Found chipset "AMD FCH" with PCI ID 1022:780e.
> Enabling flash write... SPI base address is at 0xfec1
> Yangtze detected.
> SpiRomEnable=1, RouteTpm2Sp=0, PrefetchEnSPIFromIMC=0, PrefetchEnSPIFromHost=1
> (0x0fc82300) SpiArbEnable=1, IllegalAccess=0, SpiAccessMacRomEn=1, 
> SpiHostAccessRomEn=1, ArbWaitCount=7, SpiBusy=0
> Using SPI_CS0
> GPIO11 used for SPI_DO
> GPIO12 used for SPI_DI
> GPIO31 used for SPI_HOLD
> GPIO32 used for SPI_CS
> GPIO47 used for SPI_CLK
> SpiReadMode=Normal (up to 33 MHz) (0)
> Setting read mode to "Normal (up to 66 MHz)" succeeded.
> UseSpi100 is enabled
> NormSpeedNew 

Re: X start failure - OpenGL Version

[Marcus MERIGHI]

Hello Riccardo, 

startx(1) had it's setuid bit removed. I think in the timeframe you are
upgrading over. The canonical advice is to use xenodm(1).

Marcus

riccardo.mott...@libero.it (Riccardo Mottola), 2020.04.06 (Mon) 11:57 (CEST):
> Hi,
> 
> lockdown times gave me finally times to update my workstation/home
> server to 6.6 too, after my successful laptop upgrades.
> 
> I was a moment scared when fw_update told me to reboot due to microcode
> update :-P But it went fine.
> 
> I followed 6.5 -> 6.6 upgrade. All packages are upgraded too (although X
> should not depent on any pkg, right?)
> 
> startx fails:
> 
> (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d"
> Require OpenGL version 2.1 or later.
> (EE)
> Fatal server error:
> (EE) AddScreen/ScreenInit failed for driver 0
> (EE)
> (EE)
> Please consult the The X.Org Foundation support
>  at http://wiki.x.org
>  for help.
> (EE) Please also check the log file at
> "/home/multix/.local/share/xorg/Xorg.0.log" for additional information.
> (EE)
> (EE) Server terminated with error (1). Closing log file.
> 
> 
> $ glxinfo | grep "OpenGL version"
> OpenGL version string: 3.1 Mesa 19.0.8
> 
> and 3.1 is > 2.1 I do think...
> 
> However, if I look into xorg.log, there is no "EE"! I am confused.
> 
> I have an Intel graphics card and from Xorg.log everything looks fine:
> 
> [    89.926]    ABI class: X.Org Video Driver, version 23.0
> [    89.926] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets:
>     i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM, 865G,
>     915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM,
>     Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35,
> Q33,
>     GM45, 4 Series, G45/G43, Q45/Q43, G41, B43
> [    89.927] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000
> [    89.927] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100
> [    89.927] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics:
> 5200, 6200, P6300
> [    89.930] (II) intel(0): Using Kernel Mode Setting driver: i915,
> version 1.6.0 20151010
> [    89.933] (--) intel(0): Integrated Graphics Chipset: Intel(R) 915G
> [    89.933] (--) intel(0): CPU: x86, sse2, sse3
> [    89.933] (II) intel(0): Creating default Display subsection in
> Screen section
>     "Default Screen Section" for depth/fbbpp 24/32
> [    89.933] (==) intel(0): Depth 24, (--) framebuffer bpp 32
> [    89.934] (==) intel(0): RGB weight 888
> [    89.934] (==) intel(0): Default visual is TrueColor
> [    89.935] (II) intel(0): Output VGA1 has no monitor section
> [    89.935] (II) intel(0): Enabled output VGA1
> [    89.935] (--) intel(0): Using a maximum size of 256x256 for hardware
> cursors
> [    89.935] (II) intel(0): Output VIRTUAL1 has no monitor section
> [    89.935] (II) intel(0): Enabled output VIRTUAL1
> [    89.935] (--) intel(0): Output VGA1 using initial mode 1024x768 on
> pipe 0
> [    89.936] (==) intel(0): TearFree disabled
> [    89.936] (==) intel(0): Using gamma correction (1.0, 1.0, 1.0)
> [    89.936] (==) intel(0): DPI set to (96, 96)
> [    89.936] (II) Loading sub module "dri3"
> [    89.936] (II) LoadModule: "dri3"
> [    89.936] (II) Module "dri3" already built-in
> [    89.936] (II) Loading sub module "dri2"
> [    89.936] (II) LoadModule: "dri2"
> [    89.936] (II) Module "dri2" already built-in
> [    89.936] (II) Loading sub module "present"
> [    89.936] (II) LoadModule: "present"
> [    89.936] (II) Module "present" already built-in
> [    89.936] (==) Depth 24 pixmap format is 32 bpp
> [    89.970] (II) intel(0): SNA initialized with Alviso (gen3) backend
> [    89.970] (==) intel(0): Backing store enabled
> [    89.970] (==) intel(0): Silken mouse enabled
> [    89.970] (II) intel(0): HW Cursor enabled
> [    89.970] (II) intel(0): RandR 1.2 enabled, ignore the following
> RandR disabled message.
> [    89.973] (==) intel(0): DPMS enabled
> [    89.974] (II) intel(0): [DRI2] Setup complete
> [    89.974] (II) intel(0): [DRI2]   DRI driver: i915
> [    89.974] (II) intel(0): [DRI2]   VDPAU driver: i915
> [    89.974] (II) intel(0): direct rendering: DRI2 DRI3 enabled
> [    89.974] (II) intel(0): hardware support for Present enabled
> [    89.974] (--) RandR disabled
> [    90.163] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer
> [    90.163] (II) AIGLX: enabled GLX_ARB_create_context
> [    90.163] (II) AIGLX: enabled GLX_ARB_create_context_profile
> [    90.163] (II) AIGLX: enabled GLX_EXT_create_context_es{,2}_profile
> [    90.164] (II) AIGLX: enabled GLX_INTEL_swap_event
> [    90.164] (II) AIGLX: enabled GLX_SGI_swap_control
> [    90.164] (II) AIGLX: enabled GLX_EXT_framebuffer_sRGB
> [    90.164] (II) AIGLX: enabled GLX_ARB_fbconfig_float
> [    90.164] (II) AIGLX: enabled GLX_EXT_fbconfig_packed_float
> [    90.164] (II) AIGLX: GLX_EXT_texture_from_pixmap backed by buffer
> objects
> [    90.172] (II) AIGLX: Loaded and initialized i915
> [    90.172] 

mirror hostserver.de packages behind

[Marcus MERIGHI]

Hello!

I wanted to mention that 

  https://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/aarch64/

is showing packages as of 2020-03-14 (3/14). But

  https://ftp.OpenBSD.org/pub/OpenBSD/snapshots/packages/aarch64/

is at 2020-04-02 (04/02).

Regarding snapshots the lag is only a single day.

Marcus

Re: List of binary packages which needs update.

[Marcus MERIGHI]

pe...@bsdly.net (Peter N. M. Hansteen), 2020.03.27 (Fri) 09:52 (CET):
> On Fri, Mar 27, 2020 at 08:07:03AM +0100, Ján Rusnák wrote:
>  
> > Is there a simple command to list update canditates of binary packages for
> > latest release? (For cron script). Something similar to 'syspatch -c' for
> > base system or m:tier 'openup -c'. 'pkg_add -us' is simulation of upgrade.
> > pkg_info may be suitable command for such feature.
> 
> would 'pkg_add -un' be suitable?

I use "pkg_add -us | grep -v 'quirks-.* signed on '", because 
"pkg_add -un" behaves differently when run from cron(8).

Marcus

Re: dhcpd and unbound on a small LAN

[Marcus MERIGHI]

Morning!

What I have not seen mentioned:

dhcpd.conf -> "deny unknown-clients;"

Beware if you use static leases as already mentioned, then dhcpd does
*not* feed the IPs to it's PF tables when it hands the IP out to the
client.

If you do:

host foobar { hardware ethernet a8:34:6a:e1:1d:1c; }

with "deny unknown-clients" directive, then the IP is taken from the
"range" pool but only for known MACs.

See net/arpd and net/arpwatch packages(7)!

As for your hosts(5) versus unbound(8) problem, I've the following:

$ whence vihosts
'doas vi /etc/hosts; hoststounbound'

$ whence hoststounbound
'grep -v -e ^# -e ^$ /etc/hosts | hoststounbound.sh hosts > \
  /var/unbound/etc/localzone.hosts.conf; reload-unbound'

$ whence reload-unbound
'doas unbound-control -c /var/unbound/etc/unbound.conf reload'

"hoststounbound.sh" is a script that parses hosts(5) lines and outputs a
valid unbound.conf(5) config. feedback, improvements, all welcome:

#!/bin/sh -eu
_zone=${1:-"hosts"}
_ttl=${2:-"3600"}

_ip=""
_names=""
_name=""
_line=""
_word=""

print "server:\n"
print "local-zone: \"${_zone}\" transparent\n"

while read _line; do
_ip=""
_names=""
for _word in $_line; do
if [[ "X${_word}" == X"#"* ]]; then
break
elif [[ -z $_ip ]]; then
_ip="${_word}"
else
_names="${_names}${_word} "
fi
done
#[[ "X${_ip}" == X"127.0.0.1" || "X${_ip}" == X"::1" ]] && continue
a="A"
[[ "X${_ip}" == X*":"* ]] && a=""
for _name in ${_names}; do
[[ ${_name%%.*} == "*" ]] && { _name=${_name#*.}; \
  print "local-zone: \"${_name}.\" redirect"; }
print "local-data: \"${_name}. ${_ttl} ${a} ${_ip}\""
[[ "X${_ip}" == X"0.0.0.0" ]] || \
  print "local-data-ptr: \"${_ip} ${_ttl} ${_name}\"\n"
done
done

Marcus

pipat...@gmail.com (Anders Andersson), 2020.01.06 (Mon) 13:24 (CET):
> I'm in the process of replacing an aging OpenWRT device on my home LAN
> with an apu4d4 running OpenBSD as my personal router.
> 
> I would like to use unbound as a caching DNS server for my local
> hosts, but I'm trying to figure out how to handle local hostnames. It
> seems like a common scenario but I can't find a solution that feels
> like the "right" way. I have two problems, one is trivial compared to
> the other.
> 
> 
> My first and very minor issue is that I would like to register my
> static hosts in a more convenient way than what's currently offered by
> unbound. From what I understand you would configure your local hosts
> something like this:
> 
> local-zone: "home.lan." static
> local-data: "laptop.home.lan.IN A 10.0.0.2"
> local-data-ptr: "10.0.0.2  laptop.home.lan"
> 
> Every time information has to be entered twice there is room for error
> and inconsistencies, so preferably this list should be automatically
> generated from a simpler file, maybe /etc/hosts. I can of course
> easily write such a script, but I'm wondering if there might be a
> standard, go-to way of doing this.
> 
> 
> 
> My second and more difficult issue is that I can't seem to find a way
> to feed information from the DHCP server into unbound, so that locally
> assigned hosts can be queried by their hostnames. To clarify with an
> example:
> 
> 1. I install a new system and in the installation procedure I name it "alice".
> 2. "alice" asks for and receives an IP number from my DHCP server.
> 3. Every other machine can now connect to "alice" by name, assuming
> that "alice" informed the DHCP server of its name when asking for an
> address.
> 
> Currently this works because OpenWRT is using dnsmasq which is both a
> caching DNS server and a DHCP server, so the left hand knows what the
> right hand is doing. How can I solve this in OpenBSD base without
> jumping through hoops?
> 
> Right now I'm considering something that monitors dhcpd.leases for
> changes and updates a running unbound using unbound-control(8) but I
> don't feel confident enough writing such a tool that does not miss a
> lot of corner cases and handle startup/shutdown gracefully. I'm also
> thinking that it can't be such an unusual use case, so someone surely
> must have written such a tool already. I just haven't found any in my
> search.
> 
> Or am I doing this the wrong way? I've now read about things like mDNS
> and Zeroconf and Avahi and I'm just getting more and more confused.
> Ideas are welcome!

Re: Hardware for Access Point on OpenBSD

[Marcus MERIGHI]

Hello, 

s...@spacehopper.org (Stuart Henderson), 2020.01.02 (Thu) 13:56 (CET):
> On 2020-01-01, List  wrote:
> > I therefore need some kind of WIFI Hardware. This piece of hardware
> > needs to be connected over usb. 
> > Do you have any suggestions or recommendations ? As far as I can see
> 
> bwfm(4) also supports hostap on USB devices and probably has the
> least-worst performance of devices that will attach directly to
> OpenBSD rather than as a separate "hardware" AP.
> 
> These are Broadcom "fullmac" devices. IIRC there's a list of actual
> devices using these somewhere on wikidevi.com but the site is
> currently down so I can't check. The old "official raspberry pi

thanks for the pointer!

last archive.org crawl from 2019-10-31:

https://web.archive.org/web/20191031174603/https://wikidevi.com/wiki/Broadcom
https://web.archive.org/web/20191031174603/https://wikidevi.com/wiki/Broadcom#tab=Wireless_chipsets

but the links to the real-world products ("adapters") do not work.

src/sys/dev/usb/if_bwfm_usb.c has:
BCM43143, BCM43236, BCM43242, BCM43569 

BCM43143 was the famous rpi usb dongle. I could not find a place to
buy it anymore. The others (BCM43236, BCM43242, BCM43569) are hiding
from me, too. 

Marcus

> usb wifi" devices work, there should be some others (they're often
> the only devices that work wifi dongles for some smart TVs that don't
> have built-in wifi).
>  
> But as others have mentioned separate network devices are usually a
> better way to go for APs.

Re: Hardware for Access Point on OpenBSD

[Marcus MERIGHI]

Hello Stephan, 

l...@md5collisions.eu (List), 2020.01.01 (Wed) 16:54 (CET):
> mode. Only ones that do are: athn(4),  ral(4), ath(4). 
> Finding those is hard. 
> Maybe you guys know things I couldn't find ? 

i've bought athn(4) here:
https://www.pcengines.ch/wle200nx.htm
https://www.pcengines.ch/order.htm

i am not affiliated etc...

Marcus

> Stephan

Re: Advices on AD implementation with OpenBSD

[Marcus MERIGHI]

Hello!

fm+obsd+misc+l...@phosphorusnetworks.com (Fabio Martins), 2019.12.26 (Thu) 
20:26 (CET):
> I am drawing a scenario to replace the Windows 2003 Server with OpenBSD,
> acting as AD/DC and firewall. There is a need to share folders and

AFAIK this is the current status of samba AD/DC on OpenBSD:

  "This update doesn't include lmdb support (now the default upstream);
   and doesn't fix the AD DC support in the samba daemon either."

  https://marc.info/?l=openbsd-ports=157019016817459

There have been updates (and downgrades) since then, but nothing
indicates that AD/DC works. Have not tried myself in a lng time. 

Marcus

> printers, restrict access to folders based on logins, and no GPO are
> needed at all.
> 
> Is it possible with the current samba+winbind? Anyone has done it before?
> 
> Thanks for 6.6!
> 
> -- 
> Fabio Martins
> http://www.nabundapode.com.br/

Re: relayd(8) Tables and pfctl -T

[Marcus MERIGHI]

Hello Thomas, 

miracu...@gmail.com (Thomas Huber), 2019.12.26 (Thu) 16:42 (CET):
> I just tried to get a little deeper into load-balancing and try
> to use relayd(8) in a dynamic (translate to microservices) environment
> where I´l like to add and remove hosts on the fly.
> After some reading I thought I should use tables for this purpose.
> 
> relayctl(8) only allows to enable or disable complete tables but not
> to alter a table.

But relayctl(8) lets you disable hosts of a table?

$ relayctl show hosts
$ relayctl host disable 3

You cannot add/remove/change, though.

Marcus

> So I checked out
> 
> 'pfctl -t  -T add '
> 
> which should do exactly what I want.
> 
> But unfortunatelly the tables (to relay or redirect) are not
> present in 'pfctl -s Table'
> 
> I just hava a small setup to play, no real hosts or serverices attached
> but before growing bigger I wanted to ask here if this should be
> possible how I try it or another idea how to alter realyd(8) tables
> without updating relay.conf(5) and reload.
> 
> thanks
> --mirac

Re: Softdep and noatime

[Marcus MERIGHI]

Hello, 

david.raym...@nmt.edu (Raymond, David), 2019.11.30 (Sat) 14:12 (CET):
> I am switching to OpenBSD from Linux and I have questions about the
> use of softdep and noatime in mounting disks.  I have a variety of
> systems with a mix of SSDs and rotating disks.
> 
> Softdep seems to have some advantages in speeding file access, but it
> is not the default.  Are there any downsides in using softdep?
> 
> On SSDs in particular, is it worth setting noatime to reduce the
> number of disk writes?

The most recent thread on that topic that I could find:

https://marc.info/?t=15181182685

Marcus

Re: How to dock laptop more easily

[Marcus MERIGHI]

j...@begriffs.com (Joe Nelson), 2019.10.14 (Mon) 04:32 (CEST):
> I'd like to write a daemon to change machdep.lidaction and the xrandr output 
> as
> an external monitor or power is attached/detached from my laptop. Is there a
> way to detect those events from a C program?
 
x-on-resize[1] might help with detecting plug/unplug events of external
monitors.

[1]
https://keithp.com/blogs/x-on-resize/
git://people.freedesktop.org/~keithp/x-on-resize
https://github.com/thedward/x-on-resize
https://marc.info/?l=openbsd-misc=148839239518671

Marcus

> Here is how I want the sleep state and output display to change based on
> whether power is connected, an external monitor is attached, and the laptop is
> open:
> 
> PowerMon  Open| SleepDisplay
> --+--
> xxx   | awakeboth
> xx| awakeexternal
> x x   | awakelaptop
> x | asleep
>  xx   | awakeboth
>  x| asleep
>   x   | awakelaptop
>   | asleep
> 
> -- 
> Joe Nelson  https://begriffs.com
> 

Re: How can I remove sets installed by sysupgrade?

[Marcus MERIGHI]

Morning Judah!

koche...@hotmail.com (Judah Kocher), 2019.09.15 (Sun) 05:12 (CEST):
> I ran it and found too late that it installed all the x*, Comp and Game 
> sets, which were not part of the original install. Unfortunately this 
> overfilled my /usr partition and I'm getting errors on boot.
> 
> Is there a simple way to uninstall these sets? I need the space but 
> would much rather not start over from scratch.

please do *not* copy/paste/run this command!
something along these lines for the sets you did not want:

$ ftp -MVo- $( I did find an email (too late) on this list about how there is no way to 
> tell sysupgrade to just upgrade an existing system without adding 
> everything else too. 

do you mean "sysupgrade -n; rm /home/_sysupgrade/xserv66.tgz; reboot"?

Marcus

Re: Who has an ancient -current snapshot

[Marcus MERIGHI]

Hello Luke, 

lukensm...@gmail.com (Luke Small), 2019.09.07 (Sat) 00:56 (CEST):
> I need an old kernel image older than maybe a couple weeks old. I have the

I think http://ftp.hostserver.de/archive/ has what you want.

Marcus

Re: handling snapshot installation in production environment

[Marcus MERIGHI]

Hello Joerg, 

just passing on my user experience...:

streckf...@dfn-cert.de (Joerg Streckfuss), 2019.09.02 (Mon) 10:15 (CEST):
> Furthermore I'm not sure which snapshot should I run. Almost every day
> there will be a fresh one. 

you seem to be watching closely, therefore you will notice a time when
there are no new daily snapshots for a couple of days. this is usually
when the next release is tagged/built. additionally you can monitor
ports@ to see when the ports tree gets locked for the next release. 

> Perhaps is there a moment/date where a
> freeze of the code base will be done which reflects the 6.6 release?

Yes, the moment I tried to describe above.

Marcus

Re: L2TP/IPSec PSK with Android -- INVALID_ID_INFORMATION

[Marcus MERIGHI]

Hello Dani...

this is just a report from the "works for me" department:

l...@ecentrum.hu (Lévai, Dániel), 2019.06.30 (Sun) 19:12 (CEST):
> I know (saw) this has come up numerous times, and someone has been
> successful, others weren't. I thought I'd try this out myself, and not
> surprisingly it wasn't successful :)
> 
> So this is my configuration:
> OpenBSD 6.5-stable

Same here.

> /etc/ipsec.conf:
> ike passive esp transport \
> proto udp \
> from any to any port l2tp \
   ^^^ I have my external IP here

> main auth "hmac-sha2" enc "aes-256" group modp1024 \
 ^ 1 here
 ^^^ just "aes"
  2048 here 

> quick auth "hmac-sha2" enc "aes-256" \
  ^ 1 here
  ^^^ just "aes"
 I have "group modp2048" here, too 

> psk "thisismykey"
   ^^^ same here :-)

Just tested
auth "hmac-sha2" - does not work.
enc "aes-256"- does not work.

Complete snippet:

ike passive esp transport proto udp \
  from AAA.BBB.CCC.DDD to any port 1701 \
  main auth "hmac-sha1" enc "aes" group modp2048 \
  quick auth "hmac-sha1" enc "aes" group modp2048 \
  psk "thisismykey" 
 
> Then doing an:
> /sbin/ipsecctl -vf /etc/ipsec.conf

For testing configs I had to make this "ipsecctl -Fvf /etc/ipsec.conf"!

[snip log]

> /etc/npppd/npppd.conf:
> =8<=

Same here.

Marcus

> So now when I connect from my Android 9 phone, set up as an L2TP/IPsec
> PSK connection, specifying the Server address as my internal LAN IP on
> the OpenBSD router (no NAT, just direct connection on the local
> network), setting the IPSec preshared key to the real key, and
> entering my username and password I've set for npppd(8), I'm getting
> this output from isakmpd(8):
> =8<=
> 190048.505560 Default attribute_unacceptable: HASH_ALGORITHM: got SHA2_384, 
> expected SHA2_256
> 190048.505768 Default attribute_unacceptable: GROUP_DESCRIPTION: got 
> MODP_1024, expected MODP_3072
> 190048.505943 Default attribute_unacceptable: HASH_ALGORITHM: got SHA2_384, 
> expected SHA2_256
> 190048.530050 Default isakmpd: phase 1 done (as responder): initiator id 
> 192.168.5.17, responder id 192.168.0.1, src: 192.168.0.1 dst: 192.168.5.17
> 190049.556596 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190049.556699 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190052.571991 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190052.572093 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190055.594500 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190055.594593 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190058.615783 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190058.615909 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190101.642382 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190101.642478 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190104.674817 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190104.674885 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190107.702932 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190107.703001 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190110.728935 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190110.729004 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190113.760991 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190113.761061 Default dropped message from 192.168.5.17 port 500 due to 
> notification type INVALID_ID_INFORMATION
> 190116.770799 Default responder_recv_HASH_SA_NONCE: peer proposed invalid 
> phase 2 IDs: initiator id 192.168.5.17, responder id 192.168.0.1
> 190116.770869 Default dropped message from 

Re: Is it possible to build bioctl -c C -l ... on a bioctl -c 1 -l ... ?

[Marcus MERIGHI]

Hello, 

wo...@intermezzo.net (Wolly), 2019.06.18 (Tue) 13:58 (CEST):
> 3 years ago I tried to build a "bioctl -c C -l ... " over a "bioctl -c 1
> -l ..." on a hetzner server and I failed.
> Is it possible to do so, and when, what are the requirements?

it is possible but it will not automagically assemble when booting (and
is therefore not endorsed).

Marcus

Re: Software caused connection abort (53) squid 4.6 on OpenBSD 6.5

[Marcus MERIGHI]

Hello, 

same here.

I guess bugs@ or ports@ would be better.

w...@wootsie.com (w...@wootsie.com), 2019.05.23 (Thu) 14:36 (CEST):
> I have been running into a repeatable error reported by squid 4.6 from
> packages once the system has been under a steady load for ~12 hours.

I would not call it repeatable because I can't repeat it at will.
I did not notice the 12 hours interval. But I have by far less users
behind squid.

> Example squid cache.log entry:
> 2019/05/22 15:03:41 kid1| oldAccept  FD 18, 0.0.0.0 [ job2]: (53) Software
> caused connection abort

2019/05/23 11:51:43 kid1| oldAccept  FD 18, 0.0.0.0 [ job4]: (53)
  Software caused connection abort

I see this on one machine with windows clients (max. 4) behind it. 
I do not see this on another machine with an OpenBSD client (just 1)
behind it. 

Both are pcengines APUs, but different versions. dmesgs below. 

Both setups are up for years, the problem on one of the machines showed
right after upgrading last week. 

Marcus

the machine that does *not* show the symptom:

OpenBSD 6.5 (GENERIC.MP) #0: Wed Apr 24 23:38:54 CEST 2019

r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4246003712 (4049MB)
avail mem = 4107694080 (3917MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdf16d820 (7 entries)
bios0: vendor coreboot version "4.0" date 09/08/2014
bios0: PC Engines APU
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT
acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) 
PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) UOH3(S3) 
UOH4(S3) UOH5(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD G-T40E Processor, 1000.14 MHz, 14-02-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD G-T40E Processor, 1000.00 MHz, 14-02-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu1: 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
acpiprt0 at acpi0: bus -1 (AGPB)
acpiprt1 at acpi0: bus -1 (HDMI)
acpiprt2 at acpi0: bus 1 (PBR4)
acpiprt3 at acpi0: bus 2 (PBR5)
acpiprt4 at acpi0: bus 3 (PBR6)
acpiprt5 at acpi0: bus -1 (PBR7)
acpiprt6 at acpi0: bus 5 (PE20)
acpiprt7 at acpi0: bus -1 (PE21)
acpiprt8 at acpi0: bus -1 (PE22)
acpiprt9 at acpi0: bus -1 (PE23)
acpiprt10 at acpi0: bus 0 (PCI0)
acpiprt11 at acpi0: bus 4 (PIBR)
acpicpu0 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
acpibtn0 at acpi0: PWRB
cpu0: 1000 MHz: speeds: 1000 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00
ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), 
msi, address 00:0d:b9:3f:78:18
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ppb1 at pci0 dev 5 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci2 at ppb1 bus 2
re1 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), 
msi, address 00:0d:b9:3f:78:19
rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ppb2 at pci0 dev 6 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci3 at ppb2 bus 3
re2 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), 
msi, address 00:0d:b9:3f:78:1a
rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 2 int 19, AHCI 
1.2
ahci0: port 0: 3.0Gb/s
ahci0: port 1: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct fixed 
naa.5e83a977c035d166
sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
sd1 at scsibus1 targ 1 lun 

Re: Blind OpenBSD users

[Marcus MERIGHI]

aa...@bolddaemon.com (Aaron Bieber), 2019.05.10 (Fri) 16:05 (CEST):
> I am looking to understand / enhance the OpenBSD experience for blind
> users.

:flan_thumbsup:

> Do we have any blind users reading misc that can offer any insight
> into their usecases / pain points / work flows / wants? 

I vaguely remembered the thread and even found it, somewhat dated
(2013-07-07):
https://marc.info/?l=openbsd-misc=137316509908904

and parts of (search for "oyen"):
https://marc.info/?t=13729967261

and finally:
https://marc.info/?w=2=1=eric+oyen=a
 
Marcus

Re: Puffy Security smtpd out of date

[Marcus MERIGHI]

z...@znedw.com (Zach Nedwich), 2019.03.08 (Fri) 08:06 (CET):
> http://tomd.tel
> 
> It appears the author has contact details on their personal site
> (which references puffysecurity). Might be worth getting in touch with
> them via the email listed.

I did this on "Thu, 7 Mar 2019 19:41:57 +0100", the answer was along the
lines of "thanks for the heads up, I'm currently moving, no idea when
there will be time to update the guide". 

Marcus

> On 8 March 2019 9:51:02 am AEST, Stuart Henderson  
> wrote:
> >On 2019-03-07, Christer Solskogen  wrote:
> >> On Thu, Mar 7, 2019, 13:19 Geir Svalland 
> >wrote:
> >>
> >>> Hello all.
> >>>
> >>> Any chance to get the http://puffysecurity.com/wiki/opensmtpd.html
> >>> updated ?
> >>>
> >>
> >> Probably. But why not rather ask the person behind the site instead
> >of this
> >> mailing list?
> >>
> >
> >No contact details on the site.
> >
> >If people are going to put up content like this, PLEASE:
> >
> >- mention the date and relevant OpenBSD version number up front
> >and clearly visible so people aren't tricked into thinking something
> >4 years old is still valid. (the iked page on this site is better in
> >this regard).
> >
> >- provide contact details
> >
> >- keeping it up to date would be nice too. getting it into shape
> >for www/faq/ would be even nicer, there's some useful information
> >there which would likely make a good addition.
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: apu2 em0/dhclient problems

[Marcus MERIGHI]

Hello, 

ed...@pettijohn-web.com (Edgar Pettijohn), 2019.01.27 (Sun) 18:44 (CET):
> I'm trying to replace my dieing soekris box with an apu2 dmesg below.
> However, I can't seem to get em0 to connect to my isp. It will work
> when connecting to the soekris box though. So I don't think its the 
> interface that is the problem. But everything I try seems to rule out
> eachother as the problem, leaving me in a viscious cycle.

have you tried any of the other ethernet ports with your uplink?

Give it a go, I've had a similiar failure with em0 on apu2, running 
with em1 for the uplink since then without problems.

Marcus

> I'm going to try disabling pf and after that current. If you have
> any other suggestions please send them.
> 
> Thanks,
> 
> edgar
> 
> OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 1996152832 (1903MB)
> avail mem = 1926434816 (1837MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x77fb7020 (7 entries)
> bios0: vendor coreboot version "4.0.7" date 02/28/2017
> bios0: PC Engines APU2
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S2 S3 S4 S5
> acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
> acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) 
> UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: AMD GX-412TC SOC, 998.27 MHz, 16-30-01
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
> cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
> cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: AMD GX-412TC SOC, 998.13 MHz, 16-30-01
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
> cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
> cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: AMD GX-412TC SOC, 998.13 MHz, 16-30-01
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
> cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
> cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: AMD GX-412TC SOC, 998.13 MHz, 16-30-01
> cpu3: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
> cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
> cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
> ioapic1 at mainbus0: apid 5 pa 0xfec2, version 21, 32 pins, remapped
> acpihpet0 at acpi0: 14318180 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PBR4)
> acpiprt2 at acpi0: bus 1 (PBR5)
> acpiprt3 at acpi0: bus 2 (PBR6)
> acpiprt4 at acpi0: bus 3 (PBR7)
> acpiprt5 at acpi0: bus 4 (PBR8)
> acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
> acpicpu1 at acpi0: 

Re: openbsd : foundation : donation : annual : automatic : any method?

[Marcus MERIGHI]

mayur...@kathe.in (Mayuresh Kathe), 2019.01.23 (Wed) 13:12 (CET):
> not currently, but when i work with openbsd,
> i work at the text-console exclusively.
> i do use the web occasionally, via "lynx".
[...]
> i prefer to make annual donations to the
> openbsd foundation, typically 1st april.
> is there any method to automate that
> process?

If recurring transfers by a bank are an option:
http://www.openbsdfoundation.org/banktransfer.html
(Works with lynx :-)

Marcus

Re: mount_ffs Permission denied as root

[Marcus MERIGHI]

Hello, 

myml...@gmx.com (myml...@gmx.com), 2019.01.03 (Thu) 01:21 (CET):
> On 1/1/19 10:02 PM, Philip Guenther wrote:
> > On Tue, Jan 1, 2019 at 6:27 PM myml...@gmx.com 
> > mailto:myml...@gmx.com>> wrote:

[snip]

> I unmounted the drive and tried to create an image of the drive, but it
> fails
> 
> 20190102-1435:root@curry:/root:#time dd if=/dev/rsd2c of=/root/corsair.iso
> bs=1k
> dd: /dev/rsd2c: Input/output error
> 15958016+0 records in
> 15958016+0 records out
> 16341008384 bytes transferred in 7313.789 secs (2234274 bytes/sec)
>   122m03.94s real 0m16.54s user 6m36.66s system

To make dd(1) continue after such errors read up on these operands:

conv=noerror(,sync)

Marcus

Re: howto set terminus font in .Xresources for xterm

[Marcus MERIGHI]

niyal...@gmail.com (shadrock uhuru), 2019.12.31 (Mon) 11:01 (CET):
> what is the correct command to put in .Xresources for the terminus font,

Works for me:

XTerm*faceName:Terminus*
XTerm*faceSize:12

Marcus

> the following is my Xresources file,
> i've tried a few variation but all i get when i start xterm is cannot
> load font,
> font loading is new to me so i have only try examples off the web
> ---
> 
> 
> XTerm*utf8: 1
> ! XTerm*font: -*-terminus-medium-*-*-*-18-*-*-*-*-*-iso10646-1
> XTerm*font: terminus-12
> XTerm*italicFont: terminus-12
> XTerm*selectToClipboard: true
> 
> 
> !    ! Use a nice truetype font and size by default...
> !    xterm*faceName: DejaVu Sans Mono Book
> !    xterm*faceSize: 11
> 
> xterm*loginshell: true
> 
> xterm*savelines: 16384
> 
> ! double-click to select whole URLs :D
> xterm*charClass: 33:48,36-47:48,58-59:48,61:48,63-64:48,95:48,126:48
> XTerm*on3Clicks: regex
> ([[:alpha:]]+://)?([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
> *VT100*translations: #override Shift :
> exec-formatted("google-chrome '%t'", PRIMARY)
> 
> ! DOS-box colours...
> !    xterm*foreground: rgb:a8/a8/a8
>     xterm*foreground: rgb:ff/ff/00
>     xterm*background: rgb:00/00/00
>     xterm*color0: rgb:00/00/00
>     xterm*color1: rgb:a8/00/00
>     xterm*color2: rgb:00/a8/00
>     xterm*color3: rgb:a8/54/00
>     xterm*color4: rgb:00/00/a8
>     xterm*color5: rgb:a8/00/a8
>     xterm*color6: rgb:00/a8/a8
>     xterm*color7: rgb:a8/a8/a8
>     xterm*color8: rgb:54/54/54
>     xterm*color9: rgb:fc/54/54
>     xterm*color10: rgb:54/fc/54
>     xterm*color11: rgb:fc/fc/54
>     xterm*color12: rgb:54/54/fc
>     xterm*color13: rgb:fc/54/fc
>     xterm*color14: rgb:54/fc/fc
>     xterm*color15: rgb:fc/fc/fc
> 
> ! right hand side scrollbar...
>     xterm*rightScrollBar: true
>     xterm*ScrollBar: true
> 
> ! stop output to terminal from jumping down to bottom of scroll again
>     xterm*scrollTtyOutput: false
> 
> ---
> 
> thanks shadrock
> 

Re: Best way to change disk layout?

[Marcus MERIGHI]

codeb...@inbox.lv (John Long), 2018.12.24 (Mon) 23:34 (CET):
> Are smbd and nmbd supposed to run as root? httpd changes to www but I
> don't see anything like that for samba. I can't remember how it was
> working before.

It runs as root and changes to the user that connects, when she/he
connects. Unless you use some configuration options that prevents samba
from doing so ("force user" and the like). 

Marcus

Re: procmail and new grammar in smtpd.conf

[Marcus MERIGHI]

cl...@syntheticnation.com (schwack), 2018.12.11 (Tue) 22:36 (CET):
> On Wed, Dec 05, 2018 at 10:07:34AM -0500, Daniel Corbe wrote:
> > at 6:22 AM, Eda Sky  wrote:
> > 
> > 
> > > Executive summary: delete the procmail port; the code is not safe and
> > > should not be used as a basis for any further work.
> 
> Is maildrop a recommended alternative? 

$ pkg_info fdm

"fdm is a simple, lightweight replacement for mail fetch, filter and
delivery programs such as fetchmail and procmail."

Using it since my departure from procmail, no problems seen.

Marcus

Re: install portslist?

[Marcus MERIGHI]

Hello, 

rsyk...@disroot.org (Rudolf Sykora), 2018.12.14 (Fri) 15:40 (CET):
> odin$ pwd
> /usr/ports
> 
> odin$ make search key=texmacs  
> Please install portslist
>  pkg_add portslist
> *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': @exit 
> 1)
> 
> odin$ doas pkg_add portslist
> portslist-6.8: ok
> odin$ make search key=texmacs 
> Please install portslist

portslist does not bring back "make search key=" but gives you a flat
text file:

$ pkg_info -L portslist
$ less /usr/local/share/sqlports.list

Marcus

>  pkg_add portslist
> *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': @exit 
> 1)
> 
> odin$ pkg_info -Q portslist
> portslist-6.8 (installed)
> 
> odin$ make search key=texmacs 
> Please install portslist
>  pkg_add portslist
> *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': @exit 
> 1)
> 
> 
> Is this expected? What am I doing wrong?
> 
> Thanks
> Ruda
> 

Re: does 'xset(1) dpms 20' activate xidle(1) after 20sec?

[Marcus MERIGHI]

Hello, 

alexan...@beard.se (Alexander Hall), 2018.11.28 (Wed) 23:24 (CET):
> On Wed, Nov 28, 2018 at 10:56:13AM +0100, Marcus MERIGHI wrote:
> > j...@openbsd.org (joshua stein), 2018.11.27 (Tue) 18:12 (CET):
> > > On Tue, 27 Nov 2018 at 14:32:50 +0100, Marcus Merighi wrote:
> > > > does 'xset(1) dpms 20' activate xidle(1) after 20 seconds?
> > > > How to repeat:
> > > > $ xset dpms 20
> > > > $ xidle -timeout 180 &
> > > > With this I am locked out after 20 seconds, not 180.
> > > 
> > > The DPMS event activates the X screensaver which generates an X 
> > > event that xidle is listening for.  xidle then runs its specified 
> > > program (or defaults to xlock).
> > 
> > Thanks for confirming and the explanation of the cause!
> > 
> > I know you are having piles of experience with OpenBSD on all sorts of
> > fancy hardware... what do you do for dimming the display and locking?
> 
> This is what I use to give myself a three second grace period between the 
> screen going blank and the lock kicking in. The scroll lock led was for 
> fun and cosmetics.
> $ egrep '^xidle|^xlock' .Xresources  
> xidle.*.timeout: 300
> xidle.*.delay: 9
> xlock.*.lockdelay: 3
> xlock.*.startCmd: xset dpms 3; sleep 3; xset led named "Scroll Lock"
> xlock.*.endCmd: xset -dpms; xset -led named "Scroll Lock"
> I start xidle in my ~.xsession

especially "startCmd" with "xset dpms" was a precious hint!
xlock(1) always woke up my DPMS dimmed display, and it remained lit. 
Not anymore, thank you!

But I had to return to xautolock(1), since xidle(1) does not play well
with my "xset dpms 20", as stated in the Subject:.

I dug through the code of xidle(1), but see no way of telling if it is
"xset dpms" running or the XScreenSaver(3) doing its thing.

But I found the reason why some DEBUG printf()s did not show up, below.

Thanks!

Marcus

Index: xidle.c
===
RCS file: /cvs/xenocara/app/xidle/xidle.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 xidle.c
--- xidle.c 6 Sep 2018 07:21:34 -   1.6
+++ xidle.c 29 Nov 2018 11:10:03 -
@@ -366,7 +366,9 @@ main(int argc, char **argv)
if (fd < 0)
err(1, _PATH_DEVNULL);
dup2(fd, STDIN_FILENO);
+#ifndef DEBUG
dup2(fd, STDOUT_FILENO);
+#endif
dup2(fd, STDERR_FILENO);
if (fd > 2)
close(fd);

Re: does 'xset(1) dpms 20' activate xidle(1) after 20sec?

[Marcus MERIGHI]

j...@openbsd.org (joshua stein), 2018.11.27 (Tue) 18:12 (CET):
> On Tue, 27 Nov 2018 at 14:32:50 +0100, Marcus Merighi wrote:
> > does 'xset(1) dpms 20' activate xidle(1) after 20 seconds?
> > 
> > How to repeat:
> > 
> > $ xset dpms 20
> > $ xidle -timeout 180 &
> > 
> > With this I am locked out after 20 seconds, not 180.
> 
> The DPMS event activates the X screensaver which generates an X 
> event that xidle is listening for.  xidle then runs its specified 
> program (or defaults to xlock).

Thanks for confirming and the explanation of the cause!

I know you are having piles of experience with OpenBSD on all sorts of
fancy hardware... what do you do for dimming the display and locking?

Marcus

does 'xset(1) dpms 20' activate xidle(1) after 20sec?

[Marcus Merighi]

Hello, 

does 'xset(1) dpms 20' activate xidle(1) after 20 seconds?

How to repeat:

$ xset dpms 20
$ xidle -timeout 180 &

With this I am locked out after 20 seconds, not 180.

I looked hard to make sure everything runs with default settings.

Just saying, maybe someone has time to reproduce. 

Marcus

Re: vmm(4) on apu2c4

[Marcus MERIGHI]

miracu...@gmail.com (Thomas Huber), 2018.10.29 (Mon) 08:27 (CET):
> Hi misc,
> 
> is vmm(4) working on the PC-Engines APU2 with -release 6.4 ?
> I thought I've read something like that a view months ago but can not find
> any further information about which CPU-Feature is needed and how it is
> named at the AMD.
> 
> This are the CPU-Specs for the APU2:
> "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and
> AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2
> cache."

The test from faq16.html, on pcengines apu2c4:

$ dmesg | egrep '(VMX/EPT|SVM/RVI)'
vmm0 at mainbus0: SVM/RVI

A little more info:

$ dmesg | grep -e apu -e vmm0 -e GX-412TC
bios0: PC Engines PC Engines apu4
cpu0: AMD GX-412TC SOC, 998.31 MHz
cpu1: AMD GX-412TC SOC, 998.26 MHz
cpu2: AMD GX-412TC SOC, 998.15 MHz
cpu3: AMD GX-412TC SOC, 998.31 MHz
vmm0 at mainbus0: SVM/RVI

Following faq16.html I got:
$ vmctl show
 ID   PID VCPUS  MAXMEM  CURMEM TTYOWNER NAME
  3 15040 11.0G1.0M   ttyp1 root example

Marcus

want.html: Unifi wifi gear for interop debugging

[Marcus MERIGHI]

Dear all, 

not everyone is reading want.html every day, therefore I wanted to hint
at: https://www.openbsd.org/want.html

stsp@wifi is asking for gear and we should deliver :-)

"Ubiquity Unifi Ufo / Unifi AP Pro are needed for wifi driver debugging
in Berlin, Germany. Contact s...@openbsd.org"

I cannot find "Unifi Ufo", but "Unifi AP Pro" is not a cheapo Access
Point, around EUR 160,-- here.

Marcus

Re: USB Ethernet adapter

[Marcus MERIGHI]

i...@konstankino.com (Bogdan Kulbida), 2018.09.25 (Tue) 02:00 (CEST):
> It does have few extra USB ports, ta-da...
> Anyway, what USB network interface would you recommend that would run
> smoothly with the OBSD 6.3?

Works for years already, not a single hickup that I know of:

axe0 at uhub0 port 4 configuration 1 interface 0 "ASIX Electronics
AX88772A" rev 2.00/0.01 addr 2

If I enter "AX88772A" at my favourit hardware page I get, e.g.:
"Digitus DN-10050-1, RJ-45, USB-A 2.0"

Marcus

Re: wifi manager

[Marcus MERIGHI]

ed...@pettijohn-web.com (Edgar Pettijohn III), 2018.09.22 (Sat) 16:49 (CEST):
> I've just uploaded what I feel to be a completed gui wifi manager to
> complement the base tools.
> https://sourceforge.net/projects/openbsd-wifi-manager/

I tried it, what I found:
- I had to "pkg_add p5-Gtk2", which isn't mentioned in the README
- I do not like that it quits when it finds an existing connection. Why?
- it did not detect that my interface was down. 
- the list of wlans looked like ifconfig output parsing was broken,
  always.
- it took about 15 seconds to see the GUI, not only on the first
  invocation. (lenovo x230, 8GB, 2,6GHz, iwn, -current, cwm.)
- Quit via "q", "ctrl+q" or "Esc" does not work.
- In line 341 you should remove the "doas" for mere scanning.

Marcus

Re: Running your own mail server

[Marcus MERIGHI]

marko.cu...@mimar.rs (Marko Cupać), 2018.09.18 (Tue) 10:58 (CEST):
> On Tue, 18 Sep 2018 10:32:25 +0100
> Kevin Chadwick  wrote:
> 
> > I see clamav and other scanning stuff as an insecurity personally.
> 
> Can you elaborate, please?

It's a case of Enumerating Badness :-)
http://www.ranum.com/security/computer_security/editorials/dumb/

Marcus

Re: Resize keydisk (softraid) partition...

[Marcus MERIGHI]

program...@netzbasis.de (Benjamin Baier), 2018.09.08 (Sat) 00:08 (CEST):
> On Fri, 7 Sep 2018 21:00:58 +0200
> Zbyszek Żółkiewski  wrote:
> 
> > 
> > > Wiadomość napisana przez Marcus MERIGHI  w dniu 
> > > 07.09.2018, o godz. 18:09:
> > > 
> > > $ dd bs=8192 skip=1 if=/dev/rsd99z of=backup-keydisk.img
> > > $ dd bs=8192 seek=1 if=backup-keydisk.img of=/dev/rsd99z
> > 
> > thanks for answers but that will make dump of whole 14GB - i would
> > like to shrink it to reasonable size…

I never realized that since my keydisks were always set up a la FAQ!

> Well, from reading the code a little seems the keydisk metadata is at
> offset
> SR_META_OFFSET = 8192 bytes and is SR_META_SIZE (64) * DEV_BSIZE (512
> bytes) = 32768 bytes long.
> 
> Time ran out so do what you will with it. This is untested and always
> keep a good backup.

Thanks for reading the code! this would do, then

$ dd bs=8192 skip=1 count=4 if=/dev/rsd99z of=backup-keydisk.img
^^^
though I am going to test this:

$ dd bs=8192 skip=1 count=5 if=/dev/rsd99z of=backup-keydisk.img
^^^

Thanks, Marcus

Re: Resize keydisk (softraid) partition...

[Marcus MERIGHI]

alexan...@beard.se (Alexander Hall), 2018.09.07 (Fri) 16:56 (CEST):
> On September 7, 2018 12:16:03 PM GMT+02:00, "Zbyszek Żółkiewski"
>  wrote:
> >Hi,
> >
> >So i did something stupid: during creation of keydisk
> >(https://www.openbsd.org/faq/faq14.html#softraid), i was in hurry and I
> >allocated whole 14GB partition a for keydisk…
> >Now i would like to shrink it somehow, what’s the best and safest way
> >to do it… ?
> 
> I'd take a disk with some unpartitioned space, create a small(er) RAID
> partition, and dd as much as possible of the 14GB keydisk into it.
> Then test if the new keydisk works.
> /Alexander 

I once noted (and have used various times) the following for
backup/restore of keydisks. It was mentioned on one of theses 
lists, unfortunately I cannot find the source atm:

$ dd bs=8192 skip=1 if=/dev/rsd99z of=backup-keydisk.img
$ dd bs=8192 seek=1 if=backup-keydisk.img of=/dev/rsd99z

Marcus

Re: Some information needed, HELP!

[Marcus MERIGHI]

k...@mack-z.com (Ken M), 2018.09.02 (Sun) 16:21 (CEST):
> So I did something careless and stupid. Don't get me started but I
> really messed up the group ownership of /usr by carelessly running a
> command not paying attention. Yes I know, my stupidity.
> 
> Can anyone shoot me a quick list of what group should own what under
> /usr.

see /etc/mtree/special !

$ ls -la /usr
drwxr-xr-x   7 root   wheel   512 Aug 24 09:19 X11R6
drwxr-xr-x   2 root   wheel  5632 Aug 24 16:04 bin
drwxr-xr-x   2 root   wheel  1024 Aug 24 16:04 games
drwxr-xr-x  29 root   bin3072 Aug 24 16:04 include
drwxr-xr-x   7 root   wheel  3584 Aug 24 16:06 lib
drwxr-xr-x   5 root   wheel   512 Aug 24 08:39 libdata
drwxr-xr-x   6 root   wheel  1024 Aug 24 16:06 libexec
drwxr-xr-x  15 root   wheel   512 Aug 24 09:18 local
drwxr-xr-x   2 root   wheel   512 Aug 24 08:40 mdec
drwxrwx---   2 build  wobj512 Jan 20  2017 obj
drwxr-xr-x   1 root   wheel25 Mar  6  2017 ports
drwxr-xr-x   2 root   wheel  4096 Aug 25 11:49 sbin
drwxr-xr-x  17 root   wheel   512 Aug 24 08:40 share
drwxrwxr-x   2 root   wsrc512 Jan 20  2017 src
drwxrwx---   2 build  wobj512 Jan 20  2017 xobj

Marcus

Re: Block TLD senders with opensmtpd

[Marcus MERIGHI]

Hello, 

compli...@risei.net (Scott Seekamp), 2018.08.31 (Fri) 00:55 (CEST):
> Looking at the manpage for smtpd.conf it’s possible to block a domain
> with:
> reject sender 
> and put:
> @domain.tld
> Is it possible to block entire tld’s and if so what would the syntax be?
> I’d like to filter out high spam content senders “.bid, .date, .us”
> that I”m seeing and avoid spam processing altogether.

I think you cannot match on the "From:" in the mail header.

Remember config syntax and structure in 6.4 will be different from 6.3, 
you did not tell what you use...

What I *would* try for -current:

table denydomains { "*.bid", "*.data" }
match mail-from  reject
match helo  reject

"smtpd -n -v -f" says that's OK, I'm not going to test it live. 
And it's only for "MAIL FROM:" and "HELO", easy to forge.

I think with 6.3 (or earlier) this is *not* going to work, unless
someone sends with "MAIL FROM:":

table badsenders { "@biz", "@date" }
reject from any sender 

Marcus

Re: What is the proper way to release a DHCP lease

[Marcus MERIGHI]

jh...@kevla.org (Jay Hart), 2018.08.19 (Sun) 17:19 (CEST):
> >
> > On Aug 7, 2018 5:57 PM, Jay Hart  wrote:
> >>
> >> Hello all,
> >>
> >> About ready to put a new box online, but need to "release" the MAC / IP 
> >> address [of the old box]
> >> if I can prior to swapping out the boxes.  This might save me a call to 
> >> Verizon.
> >>
> >> I tried "dhcp release", but the OS returned a "command not found" error, 
> >> essentially.
> >>
> >> What is the proper way to get this done?  I'm drawing a blank with my 
> >> google fu tonight.
> >>
> >> Thanks,
> >>
> >> Jay
> >>
> >
> > dhclient -r 'interface'
> 
> -r seems to be a deprecated option.  I get an unknown option error.

Works here(tm). Did you - cough - run "dhcpd -r" to produce this error?
It's quite similar when tab-expanding in a hurry...

Marcus

Re: Moving filesystems around

[Marcus MERIGHI]

Hello Jay, 

jh...@kevla.org (Jay Hart), 2018.07.27 (Fri) 04:42 (CEST):
> > Hello,
> > jh...@kevla.org (Jay Hart), 2018.07.25 (Wed) 21:31 (CEST):
> >> Running a stock 6.3 machine. I just bought a new server and hope to
> >> move this drive over, but think I need to move two partitions around
> >> at get more space.
> >
> > I'm not sure you need to...
> > My /usr is just 895M. Yours is fuller because you have /usr/local on the
> > same slice?
> > If so, I'd consider this the problem.
> > You'd have slices left after your wd0i[1], but is there unassigned
> > space left on the disk?
> > If so, I'd create a new slice and put /usr/local there.
> >
> > More info would have been helpful, show output of mount(8) and df(1),
> > disklabel, fdisk, dmesg, perhaps?
> >
> > [1] what, a wd(4)?! ;-)
> >
> > Marcus
> >
> 
> Actually, I have a separate /usr/local partition, just didn't mention
> it.

Why has your /usr twice as much on it than mine, then?
/usr/src? /usr/ports? du -sh /usr/*?

> Your post got me thinking (as did some of the others). I've been
> upgrading this box since 5.6 or
> so and maybe its time to wipe it and start fresh on the new box. Just
> copy over my config files after I'm done.
 
I've recently upgraded an equally outdated box and sysmerge(8) was no
fun. Lots of differences in config files after such a looong time makes
merging hard. Thus installing might be the right thing. 

> Since I just follow stable releases, I don't bother downloading the
> source code and building patches, so /usr should stay small and clean
> with syspatch and sysclean, unless I'm very wrong about how they work.

I think you got it right. /usr is rather static, unless it grows
rapidly, like recently for /usr/share/relink/. 
syspatch(8) gives you patches for errata for the latest release and one
version before, IIRC. sysclean(8) gives you a list of files not required
by the installed base system and the installed ports.

Marcus

> >> I have one drive installed, with about 6 partitions.
> >>
> >> /var is a 6.3G partition (wd0e) using 50M of space
> >> /usr is a 2.0G partition (wd0f) using 1.6G of space
> >>
> >> Last partition number is wd0i.
> >>
> >> What would the recommended procedure to use to swap these two partitions?

Re: Moving filesystems around

[Marcus MERIGHI]

Hello, 

jh...@kevla.org (Jay Hart), 2018.07.25 (Wed) 21:31 (CEST):
> Running a stock 6.3 machine. I just bought a new server and hope to
> move this drive over, but think I need to move two partitions around
> at get more space.

I'm not sure you need to...
My /usr is just 895M. Yours is fuller because you have /usr/local on the
same slice? 
If so, I'd consider this the problem. 
You'd have slices left after your wd0i[1], but is there unassigned
space left on the disk? 
If so, I'd create a new slice and put /usr/local there.

More info would have been helpful, show output of mount(8) and df(1),
disklabel, fdisk, dmesg, perhaps?

[1] what, a wd(4)?! ;-)

Marcus

> I have one drive installed, with about 6 partitions.
> 
> /var is a 6.3G partition (wd0e) using 50M of space
> /usr is a 2.0G partition (wd0f) using 1.6G of space
> 
> Last partition number is wd0i.
> 
> What would the recommended procedure to use to swap these two partitions?

Re: Best way to serve files to Windows?

[Marcus MERIGHI]

codeb...@inbox.lv (John Long), 2018.07.18 (Wed) 13:51 (CEST):
> I have minidlna working fine on OpenBSD. However this doens't help with
> Roon media software since they don't have anything for OpenBSD,
> unsurprisingly. Roon doesn't want to support dlna.

What network access is officially supported?

I've seen a RPi based media player that supported sftp. That would be
an easy and secure way. chrooted user, sftp access. 

> I have my Windows foobar2000 appliance roped-off from my LAN because I
> don't trust Windows boxes on my network. So I would like to set up some

I see Roon downloads for windows, android, macos, ios. What is your Roon
running on? Just saying...

> way to serve the files to Windows from OpenBSD. I guess that is
> CIFS/SAMBA?

If your Roon machine formerly accessed the windows server then it was
SMB/CIFS, almost for sure. 
 
> Is this secure over the network? I have not done this before and I
> don't know what's involved. Is there an approved CIFS implementation to
> use?

There's only samba. Isn't the Roon box the weakest point?

Marcus