Re: nginx + php = system() not working?
> Am 17.05.2024 um 03:58 schrieb F Bax : > > I think I missed something simple? I installed 7.5 release in a VM. I then > installed nginx and PHP 8.3.3; with pkg_add. I then ran these two commands: > # rcctl enable php83_fpm > # rcctl start php83_fpm > I found an issue with php system() function; so created this simple script > which produces "HiThere"; why is the date not presented? >echo 'Hi'; > system( 'date' ); > echo 'There'; > ?> You are probably running the php83_fpm process accessed from nginx in the default chroot(2) environment? If so you need to reconfigure your /etc/php-fpm.conf to not use chroot(2) — comment the line »chroot = /var/www« — or install /bin/date and a /bin/sh into /var/www. (Note that PHP needs a shell to execute shell commands and the date command is not present in the chroot(2) environment by default either.) Your test script works for me in Apache httpd and a php-fpm.conf without chroot(2) (in a non-public setting). So I don’t think this is related to nginx specifically. Could happen with OpenBSD httpd and PHP-FPM as well. Basically in any situation where PHP-FPM is running chroot(2)ed. OpenBSD httpd would be a different situation because it runs in a chroot(2) environment by default. You can’t call on a PHP-FPM process that is not also running in the chroot(2) environment. The communication between httpd(8) and PHP-FPM fails due to differing opinions about the root of the filesystem when applied to the paths passed from httpd to PHP-FPM. At least I have not managed to get this to work. But AFAIK nginx does not run chroot(2)ed by default. So PHP-FPM does not need to either. Note: If you need both you can configure your /etc/php-fpm.conf to spawn both chroot(2)ed and non-chroot(2)ed workers with differing sockets. I’m doing this on a machine running both OpenBSD httpd and Apache httpd with PHP based web pages. HTH Mike PS. Hopefully you are aware that running shell commands from a publicly accessible web server can lead to serious security issues? Be very careful when configuring access restrictions to the affected URLs and when constructing the UNIX commands you plan to execute.
PC Sensors TEMPer sensor oddity...
Running OpenBSD 7.5 on AMD64. Full dmesg is at the end of this message. This sensor used to work well with OpenBSD 7.4. Since I moved to 7.5, the following issue is reproducible... The sensor is plugged into the USB port, and the PC (in this case, laptop) is powered up. After the boot is complete, I log in and issue: > sysctl -a | grep ugold and I get nothing. So I unplug the sensor, and plug it back in. After issuing that same command, I see hw.sensors.ugold0.temp0=21.27 degC (inner) hw.sensors.ugold0.humidity0=47.55% (RH) Excerpts from dmesg are: Initial boot-up: ugen0 at uhub3 port 1 "QinHeng Electronics product 0x55e0" rev 1.10/1.00 addr 3 After unplugging the sensor and plugging it in again: ugen0 detached uhidev0 at uhub3 port 1 configuration 1 interface 0 "PC Sensors TEMPer sensor" rev 1.10/0.00 addr 3 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub3 port 1 configuration 1 interface 1 "PC Sensors TEMPer sensor" rev 1.10/0.00 addr 3 uhidev1: iclass 3/1 ugold0 at uhidev1 ugold0: "TEMPerX_V3.3", 2 sensors type temperx (temperature and humidity) This sensor is now off the production PC and is sitting on a test PC, so I can try things if needed. Let me know. Full dmesg: OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4129800192 (3938MB) avail mem = 3983650816 (3799MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version "6IET75WW (1.35 )" date 02/01/2011 bios0: LENOVO 2522DU5 acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT TCPA SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.21 MHz, 06-25-05, patch 0007 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 4-way I-cache, 256KB 64b/line 8-way L2 cache, 3MB 64b/line 12-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.34 MHz, 06-25-05, patch 0007 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 4-way I-cache, 256KB 64b/line 8-way L2 cache, 3MB 64b/line 12-way L3 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.21 MHz, 06-25-05, patch 0007 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 4-way I-cache, 256KB 64b/line 8-way L2 cache, 3MB 64b/line 12-way L3 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.81 MHz, 06-25-05, patch 0007 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 4-way I-cache, 256KB 64b/line 8-way L2 cache, 3MB 64b/line 12-way L3 cache cpu3: smt 1, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1
Re: NAT on CARP interface
Oh now I remember, you might need to add it to the egress interface group. Does that rule you posted error out or are you just seeing blocks with it? On Sun, Apr 28, 2024, 12:49 PM Mike wrote: > If I remember right, you can run 'ifconfig' and see if that interface is > marked as an egress interface or not. I can't remember how OBSD determines > what interfaces are egress or not but your em0 seems to be in a private > network so it might not be classifying itself as egress. > > Nevertheless, writing egress or $ext_If, what difference does it really > make? You're just repeating a different word. Lol > > On Sun, Apr 28, 2024, 12:08 PM Radek wrote: > >> > change $lan_if to $int_if, change (egress:0) to $ext_carpif, and it >> will work as the rule you say works. >> I made minor changes and tested the egress version. >> >> ext_if = "em0" >> ext_carpif = "carp0" >> int_if = "carp2" >> This rule works for me: >> match out log on $ext_if from $int_if:network to any nat-to $ext_carpif >> >> It seems it should work fine as well but it doesn't: >> match out log on egress from $int_if:network to any nat-to $ext_carpif >> >> >> On Thu, 25 Apr 2024 13:53:32 -0700 >> obs...@loopw.com wrote: >> >> > >> > >> > > On Apr 25, 2024, at 10:36 AM, Radek wrote: >> > > >> > > Thank you for all your hints. >> > > >> > >> match out on egress from $lan_if:network to any nat-to (egress:0) >> > > This rule doesn't work. >> > >> > change $lan_if to $int_if, change (egress:0) to $ext_carpif, and it >> will work as the rule you say works. >> > >> > >> > fwiw, the $lan_if came from your configs existing “match” >> > >> > https://www.openbsd.org/faq/pf/filter.html#syntax - under “interface” >> you can find out about “egress”. I definitely prefer it to hard coding an >> interface in yet another line of a pf.conf >> > >> > I was presuming you didnt mind matching to $ext_if’s ip for new >> sessions outbound, hence (egress:0). Matching to the carp ip works. (this >> is basically a source nat rule in commercial-network-vendor speak) >> > >> > >> > > >> > >> ext_if=em0 >> > >> int_if=vlan2 >> > >> ext_carpIf=carp0 >> > >> > >> match out on $ext_if inet from $int_if:network to any nat-to >> $ext_carpIf >> > > This rule works as expected. >> > >> >> >> Radek >> >>
Re: NAT on CARP interface
If I remember right, you can run 'ifconfig' and see if that interface is marked as an egress interface or not. I can't remember how OBSD determines what interfaces are egress or not but your em0 seems to be in a private network so it might not be classifying itself as egress. Nevertheless, writing egress or $ext_If, what difference does it really make? You're just repeating a different word. Lol On Sun, Apr 28, 2024, 12:08 PM Radek wrote: > > change $lan_if to $int_if, change (egress:0) to $ext_carpif, and it will > work as the rule you say works. > I made minor changes and tested the egress version. > > ext_if = "em0" > ext_carpif = "carp0" > int_if = "carp2" > This rule works for me: > match out log on $ext_if from $int_if:network to any nat-to $ext_carpif > > It seems it should work fine as well but it doesn't: > match out log on egress from $int_if:network to any nat-to $ext_carpif > > > On Thu, 25 Apr 2024 13:53:32 -0700 > obs...@loopw.com wrote: > > > > > > > > On Apr 25, 2024, at 10:36 AM, Radek wrote: > > > > > > Thank you for all your hints. > > > > > >> match out on egress from $lan_if:network to any nat-to (egress:0) > > > This rule doesn't work. > > > > change $lan_if to $int_if, change (egress:0) to $ext_carpif, and it will > work as the rule you say works. > > > > > > fwiw, the $lan_if came from your configs existing “match” > > > > https://www.openbsd.org/faq/pf/filter.html#syntax - under “interface” > you can find out about “egress”. I definitely prefer it to hard coding an > interface in yet another line of a pf.conf > > > > I was presuming you didnt mind matching to $ext_if’s ip for new sessions > outbound, hence (egress:0). Matching to the carp ip works. (this is > basically a source nat rule in commercial-network-vendor speak) > > > > > > > > > >> ext_if=em0 > > >> int_if=vlan2 > > >> ext_carpIf=carp0 > > > > >> match out on $ext_if inet from $int_if:network to any nat-to > $ext_carpIf > > > This rule works as expected. > > > > > Radek > >
Re: NAT on CARP interface
This command should help but you may need to add some "log" to your rules:
tcpdump -nettti pflog0 will probably tell you.
I don't have a bsd VM around to test but your int_if and ext_if should
still refer to the underlying interface, not the carp.
I'd change:
ext_if=em0
int_if=vlan2
ext_carpIf=carp0
match out on $ext_if inet from 10.0.2.0/24 to any nat-to $ext_carpIf
On Wed, Apr 24, 2024, 4:50 PM Radek wrote:
> Hi everyone,
> it's a lab, the goal is a redundant firewalls with CARP and PFSYNC, I'm
> trying to configure the master box. On the LAN side I have created carp2 on
> vlan2 interface and it works as expected.
> On the WAN side I can't figure out how to make NAT work on carp0 interface.
> Can someone tell me where I have the wrong or missing configuration?
>
> OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> # cat /etc/hostname.em1
> -inet
> up
>
> # cat /etc/hostname.vlan2
> -inet
> vnetid 2 parent em1 description "Interface VLAN-KRZ_LAN" up
>
> # cat /etc/hostname.carp2
> -inet
> inet 10.0.2.254 255.255.255.0 NONE vhid 2 advbase 1 advskew 0 carpdev
> vlan2 pass test54321
>
>
> # cat /etc/hostname.em0
> -inet
> up
>
> # cat /etc/hostname.carp0
> -inet
> inet 10.0.15.216 255.255.255.0 NONE description "WAN_KRZ" vhid 1 advbase 1
> advskew 0 carpdev em0 pass test678
>
>
> # cat /etc/pf.conf
> ext_if = "carp0"
> lan_if = "carp2"
> pfsync_if = "em3"
> internal_if = "vlan1010"
> set skip on { lo0 vlan em3}
> # pfsync and carp
> pass quick on { $pfsync_if } proto pfsync #keep state (no-sync)
> pass on { $internal_if } proto carp keep state (no-sync)
> # nat
> match out on $ext_if from $lan_if:network to any nat-to $ext_if
> pass out
>
> # pfctl -s rules
> pass quick on em3 proto pfsync all
> pass on vlan1010 proto carp all keep state (no-sync)
> match out on carp0 inet from 10.0.2.0/24 to any nat-to 10.0.15.216
> pass out all flags S/SA
>
> # route -n show
> Routing tables
>
> Internet:
> DestinationGatewayFlags Refs Use Mtu Prio
> Iface
> 224/4 127.0.0.1 URS0 72 32768 8 lo0
> 10.0.2/24 10.0.2.254 UCn10 -19
> carp2
> 10.0.2.201 18:03:73:b4:fa:c1 UHLc 011815 -18
> carp2
> 10.0.2.254 00:00:5e:00:01:02 UHLl 0 36 - 1
> carp2
> 10.0.2.255 10.0.2.254 UHb04 - 1
> carp2
> [snip]
>
> Radek
>
>
Re: Acme-client error getting validation data when updating LetsEncrypt certs on 7.5
The location { … } block in the port 80 server is non-functional because all
requests are redirected to HTTPS. Add a `pass` to make it functional. Note: If
you do then you don’t need the corresponding location { … } block in the port
443 server any more.
Also, instead of:
> block return 301 "https://www-server.example.com$REQUEST_URI“
you could write:
block return 301 "https://$HTTP_HOST$REQUEST_URI;
server "www-server.example.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
pass
}
block return 301 "https://$HTTP_HOST$REQUEST_URI;
}
But those are just optimisations that don’t address your issue.
To start debugging the issue put a small test file into your /var/www/acme
directory and test access using e.g. curl:
# echo 'test'>/var/www/acme/test
Preferably from a different host:
$ curl --url 'http://www-server.example.com/.well-known/acme-challenge/test'
HTH
Mike
PS. see more comments below…
> Am 15.04.2024 um 15:02 schrieb rea...@catastrophe.net:
>
> I started seeing an error where acme-client is not able to renew
> Lets Encrypt certificates. I've tried on several different servers
> but they all display the same error: "Error getting validation data"
>
> Is anyone else seeing the same behavior?
>
> Here are my configurations; these have been working for a couple years
> now. Thanks in advance for any assistance.
>
>
> $ uname -a
> OpenBSD www-server 7.5 GENERIC#79 amd64
>
> acme-client configuration
> -
>
> authority letsencrypt {
>api url "https://acme-v02.api.letsencrypt.org/directory;
>account key "/etc/acme/letsencrypt-privkey.pem"
> }
>
> authority letsencrypt-staging {
>api url "https://acme-staging-v02.api.letsencrypt.org/directory;
>account key "/etc/acme/letsencrypt-staging-privkey.pem"
> }
>
> domain www-server.example.com {
> domain key "/etc/ssl/private/www-server.example.com.key.pem"
> domain full chain certificate
> "/etc/ssl/certs/www-server.example.com.chain.pem"
>sign with letsencrypt
> }
>
>
> httpd configuration
> ---
>
> server "www-server.example.com" {
> listen on * tls port 443
> tls {
>certificate "/etc/ssl/certs/www-server.example.com.chain.pem"
>key "/etc/ssl/private/www-server.example.com.key.pem"
>protocols "TLSv1.3,TLSv1.2"
> }
> hsts {
>max-age 31536000
>preload
>subdomains
> }
> log style combined
> log { access "access.log", error "error.log" }
> directory auto index
> root "/htdocs/www"
> location "/.well-known/acme-challenge/*" {
>root "/acme"
>request strip 2
> }
> }
>
> server "www-server.example.com" {
> listen on * port 80
> location "/.well-known/acme-challenge/*" {
>root "/acme"
>request strip 2
> }
> block return 301 "https://www-server.example.com$REQUEST_URI;
> }
>
>
> directory permissions for acme-client verification
> --
>
> # find /var/www/htdocs/www/.well-known/ -ls
> 518754 drwxr-xr-x3 w3admin staff 512 Mar 16 2022
> /var/www/htdocs/www/.well-known/
> 518764 drwxr-xr-x2 w3admin staff 512 Mar 16 2022
> /var/www/htdocs/www/.well-known/acme-challenge
These directories are irrelevant. You want to look at: /var/www/acme as your
location { … } block reroutes /.well-known/acme-challenge to /acme (in the
/var/www chroot(2) environment).
/var/www/acme is there by default and it should have 755 root:daemon
permissions.
>
>
> output of running the client manually
> -
>
> # acme-client -v www-server.example.com
> acme-client: /etc/ssl/certs/www-server.example.com.chain.pem: certificate
> renewable: 29 days left
> acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
> acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
> acme-client: acme-v02.api.letsencrypt.org: DNS:
> 2606:4700:60:0:f53d:5624:85c7:3a2c
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/338785251177
> acme-client: challenge, token: iG6ptUbu8wblA1NcB36yC7PRi1-h-lXoMx4MAOn0CoE,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/338785251177/Efb4Qg,
> status: 0
> acme-client: /var/www/acme/iG6ptUbu8wblA1NcB36yC7PRi1-h-lXoMx4MAOn0CoE:
> created
> acme-client:
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/338785251177/Ef
Re: Debian 12 Under VMM
On Tue, Apr 02, 2024 at 09:11:04AM -0500, Robert B. Carleton wrote: > I thought I'd share a small success with installing Debian 12 under VMM, > in case some might find it useful. The boot parameters are "install > gfxpayload=text console=ttyS0,115200n8". I added these boot parameters > from the Debian installer after selecting the Help menu using "H", then > selecting "Special boot parameters for special machines." using . > > By the way, I found an article that suggested using "vga=off" instead of > "gfxpayload=text". This worked in the installer, but hung up the boot on > the post-install, because "vga=off" has been deprecated. > > This was under OpenBSD 7.4, run from an xterm. Let me know if there are > any comments or questions. > > Cheers, > > --Bruce > Thanks for the note. I find that the "n8" isn't needed since vmd(8)'s serial emulation doesn't really do different parity/byte sizes. I also usually recommend removing "quiet" from Linux kernel command lines with vmm(4), so you can see what's going on or if/where it gets stuck. -ml
Re: Does anyone know whether this hardware runs OpenBSD?
On Mon, Mar 25, 2024 at 04:39:15AM -0400, Steve Litt wrote: > Does anyone know whether this hardware runs OpenBSD? > > https://www.walmart.com/ip/MeLE-Quieter3Q-Fanless-Mini-PC-N5105-Windows-11-8GB-256GB-4K-UHD-Wifi-6-Mini-Desktop-Computer-New/2177929669 > > Thanks, > > SteveT > > Steve Litt > > Autumn 2023 featured book: Rapid Learning for the 21st Century > http://www.troubleshooters.com/rl21 > We've seen some of those cheap "router PCs" with bad broken BIOS. There were a few all using the same common motherboard that had stuck GPEs a few years ago. Since most of these machines don't have a manufacturer website for BIOS updates, tracking down an updated BIOS without risking bricking the machine is sorta a pain. You get what you pay for. -ml
Re: New postfix-3.8.20221007p12 broken TLS for Gmail servers?
> Am 03.02.2024 um 03:44 schrieb Brian Conway : > >> Why do you run such an outdated postfix snapshot? > > That is the latest version that is supported/available in packages-stable: > > https://cdn.openbsd.org/pub/OpenBSD/7.4/packages-stable/amd64/ While we have not encountered the TLS issue with Gmail (see below) we are in the same boat otherwise. postfix-3.8.20221007 seemed like the newest version a while back and so we are running that version. Going back to 3.7.9 seems like it may be a partial step backwards. Meanwhile Postfix 3.8.5 (along with versions 3.7.10, 3.6.14, 3.5.24) seem to have become a stable releases [1| but alas there are no OpenBSD ports for these versions yet. So instead of directing people to the older stable release version 3.7.9 maybe a better plan would be to eventually create a port for 3.8.5? BTW: On OpenBSD 7.4-stable amd64 using postfix-3.8.20221007p12 I was able to send and receive emails to/from Gmail without problems. So maybe Mark has some sort of configuration issue? Note however that we are not using the -sasl2-mysql flavor of the port so that might make a difference? Mike [1] https://www.postfix.org/announcements/postfix-3.8.5.html
Re: vmd silently exits (after 7.4 upgrade)
On Fri, Feb 02, 2024 at 08:28:42AM +0100, Piotr K. Isajew wrote: > Hello, > > I'm observing this on one of my machines (which I seldom use > nowadays) after upgrading it to 7.4. The machine had existing > vm.conf setup which worked for me in the past. > > Now "rcctl start vmd" reports: > vmd(ok) > > but just after that executing "vmctl status" gives: > vmctl: connect: /var/run/vmd.sock: Connection refused > > and there is no vmd process running. > > When I try to start vmd from command line, it generates some > output, but it is not really helpful in determining what could be > the problem: > > /usr/sbin/vmd -d -v -v -v -v -v -v -v -v -v -v -v > vmd: startup > vmd: vm_register: registering vm 1 > vmd: /etc/vm.conf:18: vm "lindev" registered (disabled) > vmd: vmd_configure: setting staggered start configuration to parallelism: 4 > and delay: 30 > vmd: vmd_configure: starting vms in staggered fashion > vmd: start_vm_batch: starting batch of 4 vms > vmd: start_vm_batch: not starting vm lindev (disabled) > vmd: start_vm_batch: done starting vms > vmd: vmd: getgrnam caused by missing _agentx group. _agentx:*:92: -ml > vmd: exiting > control: config_getconfig: control retrieving config > control: control exiting, pid 33268 > # priv: config_getconfig: priv retrieving config > priv: priv exiting, pid 1161 > vmm: config_getconfig: vmm retrieving config > vmm: vmm exiting, pid 48824 > > > dmesg excerpt > OpenBSD 7.4 (GENERIC.MP) #2: Fri Dec 8 15:39:04 MST 2023 > > r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > cpu0: Intel(R) Xeon(R) CPU E31225 @ 3.10GHz, 3093.12 MHz, 06-2a-07, patch > 002f > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > > cpu0: using VERW MDS workaround (except on vmm entry) > vmm0 at mainbus0: VMX/EPT >
Re: Power usage in Dell XPS 17
On Tue, Jan 30, 2024 at 12:02:37PM -0500, Jag Talon wrote: > Ah yes that's exactly my experience it looks like it might be the GPU at > fault. Good to know I wasn't the only one experiencing this. > > Do people know if there's a way to somehow turn off the GPU outside of BIOS? > Perhaps there's no way around that? > > On 1/30/24 11:54, Benjamin Stürz wrote: > > > I had the same issue with my TUXEDO Polaris 17 (AMD) w/ an RTX 2060M. > > It was also not possible to disable the GPU in the BIOS, > > so the battery life was miserable (45 min). > > > > That's why I later bought myself a used Thinkpad T450 and then a T480, > > which both played very nice with OpenBSD. > > -- > Jag Talon > > https://weirder.earth/@jag > https://jagtalon.net/ > https://aangat.lahat.computer/ One thing I did a while ago is made acpipwrres(4) issue an _OFF on the power resoruce attached to the GPU. That worked on one machine, but failed on another machine since that power resource also powered the screen. YMMV, and you'd need to write that diff yourself in acpipwrres_attach(). -ml
Re: Run VM with 16G or more?
On Tue, Jan 02, 2024 at 08:29:03PM +0100, Kirill A. Korinsky wrote: > And one more noticed bug in vmd regarding memory. > > If I changed memory in /etc/vm.conf for running machine, run rcctl reload vmd, > and restart VM... It has no effect. > > The VM should be shutdown before reload. > > -- > wbr, Kirill > yes, vmctl reload does not reload specifications for currently running VMs.
Re: Script doesn't stop opensearch
> Am 04.01.2024 um 00:06 schrieb Mik J : > > However when I want to stop the process > # /etc/rc.d/opensearch stop > Nothing happens try: # rcctl stop opensearch You are not supposed to ever call the /etc/rc.d/* scripts directly. HTH Mike
Re: Why the mail filter?
Yawn On Mon, Dec 25, 2023, 11:05 a.m. wrote: > > On 2023-12-25 06:32, Jan Stary wrote: > > There's nothing to "confront". Go away. > The classic white belief: > "You're not a real man if you're not an obedient worker drone for muh > society (aka women)" > > Fuck you cunt. > I'm glad the taliban and Iran have been slaughtering your kind. > Guess they're "nothing to """confront""" " either. > > Bet you'd say the same thing to someone like Hans Reiser (kernel > programmer (linux)). > And then when he shows you he IS someone to confront; > then he gets criticized from the other direction. > > There's no winning with you fucking faggots. > You're simply a woman's society. > > Glad you lost in afghanistan :) > > Men are _FUCKING_ their young girl brides there. > White CUNT. > > Oh: and please some help with Unreal Map format loading: > sf.net/p/chaosesqueanthology/tickets/2/ > > On 2023-12-25 06:32, Jan Stary wrote: > > There's nothing to "confront". Go away. > > > > On Dec 25 05:31:13, mikee...@firemail.cc wrote: > >> Got a problem with my emails? Can't confront me man to man? Like > >> fucking > >> faggot scum? > >> > >> > >
Re: VMs not rebooting
On Sun, Dec 10, 2023 at 03:16:22PM -0600, Robert B. Carleton wrote:
> Mike Larkin writes:
>
> > On Sun, Dec 10, 2023 at 01:03:27PM -0600, Robert B. Carleton wrote:
> >> I have a number virtual machines, and I've noticed that they power off
> >> instead of rebooting when using "shutdown -r now" on the guest. This is
> >> the general form for a configuration in the /etc/vm.conf:
> >>
> >> vm "batch2" {
> >> memory 2G
> >> enable
> >> cdrom /home/ISO/OpenBSD/7.4/install74.iso
> >> disk /home/vm/batch2/disk0.qcow2
> >> boot device disk
> >> interface { switch "int_switch" }
> >> interface { switch "ext_switch" }
> >> }
> >>
> >
> > I've not heard of anyone else having reboot vs shutdown issues recently.
> > I just did a shutdown -r now on my local machine and it works here:
> >
> >
> > -vmmtech- /var/www/logs# shutdown -r now
> > Shutdown NOW!
> > shutdown: [pid 95485]
> >
> > *** FINAL System shutdown message from root ***
> > System going down IMMEDIATELY
> >
> >
> > -vmmtech- /var/www/logs#
> > System shutdown time has arrived
> >
> > -vmmtech- /var/www/logs# syncing disks... done
> > vmmci0: powerdown
> > rebooting...
> >
> >
> >
> > Using drive 0, partition 3.
> > Loading..
> > probing: pc0 com0 mem[638K 3838M 256M a20=on]
> > disk: hd0+
> >>> OpenBSD/amd64 BOOT 3.65
> > \
> > com0: 115200 baud
> > switching console to com0
> >>> OpenBSD/amd64 BOOT 3.65
> > boot>
> > -
> >
> >> I also tried running vmd from the command line with "-d -vv". Here's the
> >> end of the logging when I tried to reboot the guest:
> >>
> >> vm/batch2: vcpu_exit_eptviolation: fault already handled
> >> vm/batch2: vcpu_exit_eptviolation: fault already handled
> >> vm/batch2: vcpu_exit_eptviolation: fault already handled
> >> vm/batch2: vmmci_ack: vm 7 requested shutdown
> >> vm/batch2: virtio_shutdown: waiting on device pid 35337
> >> vm/batch2: virtio_dispatch_dev: pipe dead (EV_READ)
> >> vm/batch2: virtio_shutdown: device for pid 35337 is stopped
> >> vm/batch2: virtio_shutdown: waiting on device pid 64912
> >> vm/batch2: virtio_shutdown: device for pid 64912 is stopped
> >> vm/batch2: virtio_shutdown: waiting on device pid 34607
> >> vm/batch2: virtio_shutdown: device for pid 34607 is stopped
> >> vmm: vmm_sighdlr: handling signal 20
> >> vmm: vmm_sighdlr: terminated vm batch2 (id 1)
> >> vmm: vm_remove: vmm vmm_sighdlr removing vm 1 from running config
> >> vmm: vm_stop: vmm vmm_sighdlr stopping vm 1
> >> vmd: vm_stop: vmd vmd_dispatch_vmm stopping vm 1
> >>
> >> The three "vcpu_exit_eptviolation: fault already handled" lines seemed
> >> to happen continuously during run time for the guest.
> >
> > harmless
> >
> >>
> >> Is there some kind of configuration that I'm missing? I read the vmctl,
> >> and vm.conf man pages. I also looked at the examples in
> >> /etc/examples. Nothing stood out, so far.
> >>
> >> I'm running OpenBSD 7.4 on the hypervisor and guests. Any suggestions?
> >>
> >> PS: Overall, using vmm has been a good experience. I'm pretty happy with
> >> it.
> >>
> >
> > amd64 guest or i386?
>
> The guests are amd64. Here's a transcript, including a pause to allow
> the boot reordering to finish:
>
> === start transcript ===
> athena$ doas vmctl start batch2
> vmctl: started vm 1 successfully, tty /dev/ttyp2
> athena$ doas vmctl console batch2
> Connected to /dev/ttyp2 (speed 115200)
>
>
> OpenBSD/amd64 (batch2.rbcarleton.net) (tty00)
>
> login: root
> Password:
> Last login: Sun Dec 10 14:58:05 on tty00
> OpenBSD 7.4 (GENERIC) #2: Fri Dec 8 15:38:40 MST 2023
>
> Welcome to OpenBSD: The proactively secure Unix-like operating system.
>
> Please use the sendbug(1) utility to report bugs in the system.
> Before reporting a bug, please try to reproduce it with the latest
> version of the code. With bug reports, please try to ensure that
> enough information to reproduce the problem is enclosed, and if a
> known fix for it exists, include that as well.
>
> You have mail.
> batch2# shutdown -r now
> Shutdown NOW!
> shutdown: [pid 47954]
>
> *** FINAL System shutdown message from r...@batch2.rbcarleton.net ***
> System going down IMMEDIATELY
>
>
> batch2#
> System shutdown time has arrived
>
> batch2# syncing disks... done
> vmmci0: powerdown
> rebooting...
>
> [EOT]
> athena$
> === end transcript ===
>
> A note I'll add is that I don't recall getting the EOT at the end of the
> transcript
> until I hit the enter key.
>
I don't think it will matter much but can you send a host dmesg? Either reply
here or use sendbug.
Re: VMs not rebooting
On Sun, Dec 10, 2023 at 01:03:27PM -0600, Robert B. Carleton wrote:
> I have a number virtual machines, and I've noticed that they power off
> instead of rebooting when using "shutdown -r now" on the guest. This is
> the general form for a configuration in the /etc/vm.conf:
>
> vm "batch2" {
> memory 2G
> enable
> cdrom /home/ISO/OpenBSD/7.4/install74.iso
> disk /home/vm/batch2/disk0.qcow2
> boot device disk
> interface { switch "int_switch" }
> interface { switch "ext_switch" }
> }
>
I've not heard of anyone else having reboot vs shutdown issues recently.
I just did a shutdown -r now on my local machine and it works here:
-vmmtech- /var/www/logs# shutdown -r now
Shutdown NOW!
shutdown: [pid 95485]
*** FINAL System shutdown message from root ***
System going down IMMEDIATELY
-vmmtech- /var/www/logs#
System shutdown time has arrived
-vmmtech- /var/www/logs# syncing disks... done
vmmci0: powerdown
rebooting...
Using drive 0, partition 3.
Loading..
probing: pc0 com0 mem[638K 3838M 256M a20=on]
disk: hd0+
>> OpenBSD/amd64 BOOT 3.65
\
com0: 115200 baud
switching console to com0
>> OpenBSD/amd64 BOOT 3.65
boot>
-
> I also tried running vmd from the command line with "-d -vv". Here's the
> end of the logging when I tried to reboot the guest:
>
> vm/batch2: vcpu_exit_eptviolation: fault already handled
> vm/batch2: vcpu_exit_eptviolation: fault already handled
> vm/batch2: vcpu_exit_eptviolation: fault already handled
> vm/batch2: vmmci_ack: vm 7 requested shutdown
> vm/batch2: virtio_shutdown: waiting on device pid 35337
> vm/batch2: virtio_dispatch_dev: pipe dead (EV_READ)
> vm/batch2: virtio_shutdown: device for pid 35337 is stopped
> vm/batch2: virtio_shutdown: waiting on device pid 64912
> vm/batch2: virtio_shutdown: device for pid 64912 is stopped
> vm/batch2: virtio_shutdown: waiting on device pid 34607
> vm/batch2: virtio_shutdown: device for pid 34607 is stopped
> vmm: vmm_sighdlr: handling signal 20
> vmm: vmm_sighdlr: terminated vm batch2 (id 1)
> vmm: vm_remove: vmm vmm_sighdlr removing vm 1 from running config
> vmm: vm_stop: vmm vmm_sighdlr stopping vm 1
> vmd: vm_stop: vmd vmd_dispatch_vmm stopping vm 1
>
> The three "vcpu_exit_eptviolation: fault already handled" lines seemed
> to happen continuously during run time for the guest.
harmless
>
> Is there some kind of configuration that I'm missing? I read the vmctl,
> and vm.conf man pages. I also looked at the examples in
> /etc/examples. Nothing stood out, so far.
>
> I'm running OpenBSD 7.4 on the hypervisor and guests. Any suggestions?
>
> PS: Overall, using vmm has been a good experience. I'm pretty happy with
> it.
>
amd64 guest or i386?
Re: ls in color
On Fri, Dec 08, 2023 at 07:41:23PM +0100, Karel Lucas wrote: > > Hi all, > > In openBSD V7.4 I would like to see the output of ls in color, and therefore > would like to know how to configure that. The output of "man ls" provides no > information about this. Can anyone give me a tip? > pkg_add colorls alias ls='/usr/local/bin/colorls -GF'
Re: Thinkpad x260 not connecting to network
Thanks for the advice all, but I've resolved the issue, and I'm quite embarrassed: I made absolutely sure to type the password in correctly, but mistyped the ssid Thanks again. On Sat, Dec 2, 2023 at 9:29 AM Stuart Henderson wrote: > On 2023-12-02, Mike Evron wrote: > > > > Thanks for taking the time to look into this. If there is any more info > > needed or if this should be formatted differently, please let me know. > > Run "ifconfig iwm0 debug", try to connect, and send the full dmesg. > > > -- > Please keep replies on the mailing list. > >
Re: Thinkpad x260 not connecting to network
Hi Corey, > 1) Try quotation marks around the SSID and password. > Have done. Still not working. > > 2) Make sure that you have run > > ifconfig iwm0 up > sh /etc/netstart > I have. > > 3) If you are still confused, you can check > > a) man pages for hostname.if(5) or iwn(4) > > b) FAQ entry for Wireless > https://www.openbsd.org/faq/faq6.html#Wireless > > I went through this stuff several times before posting to the list. To be clear, scanning works fine. For some reason, it just won't connect to the network. It's the only thing I haven't been able to get working on OpenBSD, but it is a showstopper for obvious reasons. Thanks for taking the time to look into this. If there is any more info needed or if this should be formatted differently, please let me know. Thanks again.
Thinkpad x260 not connecting to network
Ifconfig output for iwm0: iwm0: flags=808847 mtu 1500 lladdr 44:85:00:14:a4:06 index 1 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid sharynmikealbie wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp contents of hostname.iwm0: join sharynmikealbie wpakey i-triple-checked-the-pw-i-swear inet autoconf I've run fw_update and done many searches and can't figure out why this doesn't work. Any help would be greatly appreciated. Thanks in advance.
Re: CPU0 at 100% on Thinkpad 480 with OpenBSD 7.4
On Mon, Nov 27, 2023 at 11:38:01AM -0700, Theo de Raadt wrote: > Mike Larkin wrote: > > > On Mon, Nov 27, 2023 at 01:05:56PM -0500, Laurent Cimon wrote: > > > Hi, > > > > > > > > > The CPU0 on my Thinkpad 480 is always running at around 100%. It's on > > > OpenBSD 7.4. > > > > > > It seems to be doing this in the kernel. > > > > > > > > > Here is the CPU's line from top(1). > > > > > > CPU0: 0.0% user, 0.0% nice, 79.3% sys, 3.8% spin, 16.3 > > > > > > > > > It's always this specific CPU, and it's been draining my battery. > > > > > > How do I find what causes this? > > > > > > > > > I think that it starts doing it after waking from sleep, as it doesn't do > > > it > > > when the system is freshly started. > > > > > > But I'd need to do some tests before verifying this. > > > > > > > > > Laurent > > > > > > > Please search the list, this has been reported and solved many times, > > specifically for this machine. > > > > It is not solved. > > There is a "workaround" > > We do something wrong by not managing thunderbolt, but it is not clear > what we are supposed to do. My theory is that thunderbolt is initialized > far enough by BIOS or chipset default configuration or our driver, that > interrupts occur which we don't handle, and spin. > fair enough, that's a more accurate description.
Re: CPU0 at 100% on Thinkpad 480 with OpenBSD 7.4
On Mon, Nov 27, 2023 at 01:05:56PM -0500, Laurent Cimon wrote: > Hi, > > > The CPU0 on my Thinkpad 480 is always running at around 100%. It's on > OpenBSD 7.4. > > It seems to be doing this in the kernel. > > > Here is the CPU's line from top(1). > > CPU0: 0.0% user, 0.0% nice, 79.3% sys, 3.8% spin, 16.3 > > > It's always this specific CPU, and it's been draining my battery. > > How do I find what causes this? > > > I think that it starts doing it after waking from sleep, as it doesn't do it > when the system is freshly started. > > But I'd need to do some tests before verifying this. > > > Laurent > Please search the list, this has been reported and solved many times, specifically for this machine.
Re: OpenBSD_one_site_web_hosting_software_recommendation
Yep, WordPress is doable. I’ve never used Joomla, so I can’t say for sure. One thing to note is that OpenBSD httpd does not have the .htaccess mechanism. So sites relying on Apache httpd .htaccess features might need some thought. OTOH there is a port for Apache httpd… HTH Mike > Am 09.11.2023 um 12:58 schrieb Peter N. M. Hansteen : > > On Thu, Nov 09, 2023 at 12:38:27PM +0100, soko.tica wrote: >> I have a task to launch from scratch one site web hosting google cloud >> instance. >> >> I know OpenBSD does have httpd web server, but I couldn't have found >> neither wordpress nor joomla software neither in packages nor in ports (7.4 >> -stable). >> >> Is there a possibility to launch wordpress or joomla on such an instance on >> OpenBSD? Which manpages should I read? > > You're probably right that those systems do not come pre-packaged for OpenBSD. > > But simple web search on "wordpress on openbsd httpd" and "joomla on openbsd > httpd" > yields enough seemingly relevant hits that I strongly suspect both are doable. > > I have not tried either myself, though. > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >
Re: mount softdep — does it improve the situation for unexpected shutdowns?
Thanks! End of discussion ;-) (Except for a potential update of the man page.) Mike > Am 05.11.2023 um 19:39 schrieb Martin Schröder : > > Am So., 5. Nov. 2023 um 19:33 Uhr schrieb Mike Fischer > : >> However the default /etc/fstab does not make use of it. > >> From the 7.4 release notes: > -- > Make the softdep mount(8) option a no-op. Softdep was a > significant impediment to improving the vfs layer. > -- > > Methinks the man page could mention that. > > Best >Martin >
mount softdep — does it improve the situation for unexpected shutdowns?
OpenBSD 7.4 amd64 I have just noticed that mount(8) has a softdep option for FFS file systems. And I saw this: https://en.wikipedia.org/wiki/Soft_updates where OpenBSD is mentioned. However the default /etc/fstab does not make use of it. We have been discussing how to deal with unexpected system crashes/loss of power/etc. and found that with a probability of significantly greater than zero such an event will cause inconsistent file systems, sometimes irreparable, with data loss or worse with lurking modified files that may be noticed much later. So I’d like to know if adding the softdep option for the FFS file systems in /etc/fstab would improve the situation? Is anyone using this? Is there a reason it is not used by default? I realise that no solution will be 100%. Backups, snapshots from a powered down machine (in the case of VMs), etc. will still be required. But at least improving the odds of surviving an unexpected reboot without file system sync would help, unless there are drawbacks I am not aware of. I did see https://marc.info/?l=openbsd-misc=157537250901987=2 are the comments there still valid (for VMs using SSD storage)? Personally I would not mind a bit of memory usage and speed impact in exchange for a more robust system. Thanks! Mike
Re: What could cause high CPU load averages (no actual CPU usage)?
> Am 25.10.2023 um 17:57 schrieb Theo de Raadt : > > Mike Fischer wrote: > >>> Am 25.10.2023 um 17:29 schrieb Theo de Raadt : >>> >>> Mike Fischer wrote: >>> >>>> True. But like I said, this was noticed because of the sudden increase on >>>> the same (OpenBSD) machine without any obvious reason. >>> >>> The reason is obvious. >>> >>> You installed a completely different system. >> >> No, there is a misunderstanding here. I have not been comparing OpenBSD load >> averages to those on any other OS. > > No, it is *your misunderstanding* > > We put no effort into maintaining stability of this damn number. Ok, I realise that load average may too irrelevant a measurement to take seriously. I admit that I thought this value was somewhat consistent in the context of a single running machine, but maybe I was wrong. > We changed a lot of kernel scheduling code *without giving a damn about the > stability of this number* Fine, but you are not changing my running Kernel, are you? Or are you saying that the load average does not carry *any* inherent information and is utterly useless? That would almost imply that this is a (poor) sort of random number generator. OTOH years of monitoring this value (amongst many other measurements) on OpenBSD seems to indicate some correlation to what the machine is doing. But I get what you are saying: no guarantees. > It is a different system. To reiterate: I am measuring load averages on OpenBSD 7.4. On a running system I notice a sudden jump in the value which persists for several hours. That gets my attention because I can see no reason for this jump. So I’m trying to figure out the cause. Please note that I am not going on the assumption that there is a bug or that something needs to be changed/fixed in OpenBSD. The jump may have had perfectly valid reasons. Or it may have been random with a low probability. But given all of the feedback from this thread I’ll deprecate this part of my monitoring and switch to monitoring actual CPU activity (as reported by e.g. vmstat) in the hopes that these values are more accurate/consistent and that they better reflect the workload of the machine. Thanks everyone! Mike
Re: What could cause high CPU load averages (no actual CPU usage)?
> Am 25.10.2023 um 19:01 schrieb Janne Johansson : > > > I process that is started every 5 seconds and exits after 10ms > > computation can cause the load to go up by 1. It just matters if it runs > > during the sampling time or not. This is why the load avarage is not > > accurate, it is an indication and if the value is below the number of CPUs > > you may well see quantization errors. > > > > So yes, maybe there is something going on but even top -s .1 -I will have a > > hard time to show it to you. It may be too h interestingsmall of a blib to > > spot. > > Ah, interesting. Any idea on how to measure/catch something like that? How > would one find such a process? > > If you have such a process (and see "load 1.0" in top) you don't have a load > problem on this computer, so "finding" it becomes irrational. > > This means that you are chasing a symptom but where you lack an actual > problem. If your cpu is busy 10ms every 5 seconds it is basically idle, and > the small percentage you see is totally within measurement error margins. But > load is a very bad measurement tool as previously stated in this thread. No, the actual value is not an issue. The jump in values was what triggered my need to explore this. And yes, the machine in question does not have much actual workload normally. Mike
Re: Sleep induces acpi0 interrupt storm
On Wed, Oct 25, 2023 at 07:19:29PM +0200, Richard Ulmer wrote: > Hi all, > I've just set up a new T480 ThinkPad with OpenBSD 7.4. I have noticed > that after sleeping (by closing and opening the lid of the laptop) > my fan turns up and one of my CPU cores is fully loaded. `top -U -S > root` and `systat vmstat` tell me, that acpi0 is generating a lot of > interrupts, close to 2000/s. > > Once I had this high interrupt count directly after booting, without > even putting the laptop to sleep. > > Can anyone help me debug this or does someone know of a workaround? > From what I've read I could probably disable certain ACPI functions > using bsd.re-config(5), but I'm not sure where to start. Do I have to go > through all 49 devices listed in acpi(4)? > > Greetings, > Richard > check the lists; this was reported lots of times. I think it was some thunderbolt related thing in the BIOS. > > dmesg; the last 22 lines were generated when closing and opening the > lid: > > OpenBSD 7.4 (GENERIC.MP) #1397: Tue Oct 10 09:02:37 MDT 2023 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8200216576 (7820MB) > avail mem = 7931973632 (7564MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x9a628000 (63 entries) > bios0: vendor LENOVO version "N24ET74W (1.49 )" date 08/15/2023 > bios0: LENOVO 20L6SF8C00 > acpi0 at bios0: ACPI 5.0 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SSDT SSDT TPM2 UEFI SSDT SSDT HPET APIC MCFG ECDT > SSDT SSDT SSDT BOOT BATB SLIC SSDT SSDT SSDT LPIT WSMT SSDT SSDT SSDT DBGP > DBG2 MSDM DMAR ASF! FPDT UEFI > acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) > RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) > RP06(S4) PXSX(S4) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 2399 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.52 MHz, 06-8e-0a, patch > 00f4 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB > 64b/line 4-way L2 cache, 6MB 64b/line 12-way L3 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 24MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.52 MHz, 06-8e-0a, patch > 00f4 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN > cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB > 64b/line 4-way L2 cache, 6MB 64b/line 12-way L3 cache > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 4 (application processor) > cpu2: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.52 MHz, 06-8e-0a, patch > 00f4 > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,RSBA,MISC_PKG_CT,ENERGY_FILT,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN > cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB > 64b/line 4-way L2 cache, 6MB 64b/line 12-way L3 cache > cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 6 (application processor) > cpu3: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.52 MHz, 06-8e-0a, patch > 00f4 > cpu3: >
Re: What could cause high CPU load averages (no actual CPU usage)?
> Am 25.10.2023 um 17:59 schrieb Claudio Jeker : > > I process that is started every 5 seconds and exits after 10ms > computation can cause the load to go up by 1. It just matters if it runs > during the sampling time or not. This is why the load avarage is not > accurate, it is an indication and if the value is below the number of CPUs > you may well see quantization errors. > > So yes, maybe there is something going on but even top -s .1 -I will have a > hard time to show it to you. It may be too h interestingsmall of a blib to > spot. Ah, interesting. Any idea on how to measure/catch something like that? How would one find such a process? Thanks! Mike
Re: What could cause high CPU load averages (no actual CPU usage)?
> Am 25.10.2023 um 17:29 schrieb Theo de Raadt : > > Mike Fischer wrote: > >> True. But like I said, this was noticed because of the sudden increase on >> the same (OpenBSD) machine without any obvious reason. > > The reason is obvious. > > You installed a completely different system. No, there is a misunderstanding here. I have not been comparing OpenBSD load averages to those on any other OS. I have been comparing load averages on the same machine on the same running OpenBSD 7.4 to previous values on the exact same running machine. (I don’t give a hoot about how other OSes calculate similar values. That is irrelevant to my issue.) I just want to figure out what would cause a mostly constant increase in load average for several hours without any apparent reason. Thanks! Mike
Re: What could cause high CPU load averages (no actual CPU usage)?
> Am 25.10.2023 um 17:07 schrieb Theo de Raadt : > > Claudio Jeker wrote: > >> On Wed, Oct 25, 2023 at 11:57:54AM +0200, Mike Fischer wrote: >>> I have been observing occasional bouts of high load averages on several >>> servers I administer and I am trying to find the cause. (I monitor these >>> machines so that I can implement corrective measures in case of any >>> malicious or abnormal activity. I think this is benign, but I’d still >>> like to find the cause.) >>> >>> Once the high load average starts, only a reboot seems to (temporarily) >>> return the values to their normal levels. >>> >>> The actual CPU usage (as measured by vmstat) stays low even if the load >>> average is elevated. >>> >>> The servers are VMs running on a VMWare host (ESXi). This was seen with >>> OpenBSD 7.3 and 7.4 amd64. >>> >>> I can not determine anything inside the VM that causes this. There seems >>> to be no correlation to pfstat(8) graphs, log entries, known events, or >>> anything else I can determine. restarting all of the rc.d services never >>> made any difference. >>> >>> Could this be caused by something on the VMWare host machine? (The host >>> seems to be operating at limit regarding RAM for example. But the VM is >>> only using the normal percentage of its allocated RAM — way below 100% >>> and very constant usage, no swap.) >>> >>> How can I further debug this, keeping in mind that these are production >>> machines and experimentation is limited to benign things that don’t >>> cause outages. >>> >> >> What is high? A high CPU load for me is in the order of 70+. >> Please remember the CPU load avarage is a horrible leftover from tenex >> days. The system just counts how many processes are runnable but it is a >> very bad indicator of actual CPU load. > > Furthermore, every operating system counts this in a different way. > You might think there is only one way to count it. Not at all. True. But like I said, this was noticed because of the sudden increase on the same (OpenBSD) machine without any obvious reason. I am not implying that the value of 0.7 is in any way critical. Just that an increase from a long time load average of 0.0x to 0.7x is noteworthy. I have no issue when the load increases when a machine is handling requests or doing something I know about. But then the load should drop back to normal levels once the task is finished. That did not happen in the cases I’m trying to figure out. Thanks! Mike
Re: What could cause high CPU load averages (no actual CPU usage)?
> Am 25.10.2023 um 14:32 schrieb Dave Voutila : > > > Mike Fischer writes: > >> I have been observing occasional bouts of high load averages on >> several servers I administer and I am trying to find the cause. (I >> monitor these machines so that I can implement corrective measures in >> case of any malicious or abnormal activity. I think this is benign, >> but I’d still like to find the cause.) >> >> Once the high load average starts, only a reboot seems to (temporarily) >> return the values to their normal levels. >> >> The actual CPU usage (as measured by vmstat) stays low even if the load >> average is elevated. >> >> The servers are VMs running on a VMWare host (ESXi). This was seen with >> OpenBSD 7.3 and 7.4 amd64. >> >> I can not determine anything inside the VM that causes this. There >> seems to be no correlation to pfstat(8) graphs, log entries, known >> events, or anything else I can determine. restarting all of the rc.d >> services never made any difference. >> >> Could this be caused by something on the VMWare host machine? (The >> host seems to be operating at limit regarding RAM for example. But the >> VM is only using the normal percentage of its allocated RAM — way >> below 100% and very constant usage, no swap.) >> >> How can I further debug this, keeping in mind that these are production >> machines and experimentation is limited to benign things that don’t cause >> outages. >> > > Can you share a dmesg of one of the 7.4 vm? The output of `vmstat -iz` > might help narrow it down to a stuck interrupt. Also, try running > systat(1) and observe things as they happen. dmesg follows. But the high load went away on the two affected machines. On one machine I did a reboot after installing the syspatches released today, on the other, which I left untouched on purpose, the load normalised by itself after almost a day. A third machine was not affected this time. So vmstat will probably not show anything interesting now: The rebooted machine: # vmstat -iz interrupt total rate irq96/acpi0 00 irq97/pciide0 123004 10 irq98/pciide0 00 irq114/em0 1188429 irq99/ppb2 00 irq100/ppb3 00 irq101/ppb4 00 irq102/ppb5 00 irq103/ppb6 00 irq104/ppb7 00 irq105/ppb8 00 irq106/ppb9 00 irq107/ppb1000 irq108/ppb1100 irq109/ppb1200 irq110/ppb1300 irq111/ppb1400 irq115/ppb1500 irq116/ppb1600 irq117/ppb1700 irq118/ppb1800 irq119/ppb1900 irq120/ppb2000 irq121/ppb2100 irq122/ppb2200 irq123/ppb2300 irq124/ppb2400 irq125/ppb2500 irq126/ppb2600 irq127/ppb2700 irq128/ppb2800 irq129/ppb2900 irq130/ppb3000 irq131/ppb3100 irq132/ppb3200 irq133/ppb3300 irq144/pckbc0 00 irq145/pckbc0 00 irq0/clock4894675 398 irq0/ipi 378105 30 Total 5514626 448 # The affected machine that I didn’t reboot: # vmstat -iz interrupt total rate irq96/acpi0 00 irq97/pciide0 2653816 21 irq98/pciide0 00 irq114/em02383849 19 irq99/ppb2 00 irq100/ppb3 00 irq101/ppb4 00 irq102/ppb5 00 irq103/ppb6 00 irq104/ppb7 00 irq105/ppb8 00 irq106/ppb9 00 irq107/ppb1000 irq108/ppb1100 irq109/ppb12
What could cause high CPU load averages (no actual CPU usage)?
I have been observing occasional bouts of high load averages on several servers I administer and I am trying to find the cause. (I monitor these machines so that I can implement corrective measures in case of any malicious or abnormal activity. I think this is benign, but I’d still like to find the cause.) Once the high load average starts, only a reboot seems to (temporarily) return the values to their normal levels. The actual CPU usage (as measured by vmstat) stays low even if the load average is elevated. The servers are VMs running on a VMWare host (ESXi). This was seen with OpenBSD 7.3 and 7.4 amd64. I can not determine anything inside the VM that causes this. There seems to be no correlation to pfstat(8) graphs, log entries, known events, or anything else I can determine. restarting all of the rc.d services never made any difference. Could this be caused by something on the VMWare host machine? (The host seems to be operating at limit regarding RAM for example. But the VM is only using the normal percentage of its allocated RAM — way below 100% and very constant usage, no swap.) How can I further debug this, keeping in mind that these are production machines and experimentation is limited to benign things that don’t cause outages. Thanks! Mike
Re: Limiting RAM on boot to emulate low-memory situation
On Sat, Oct 21, 2023 at 10:22:45AM -, Stuart Henderson wrote: > On 2023-10-21, Chris Narkiewicz wrote: > > Is it possible to decrease amount of available RAM at boot time? > > > > I'm about to migrate some VPS system to a significantly cheaper option > > that comes with less RAM and I need to evaluate how existing system > > will behave. > > > > Sadly, I can't reconfigure RAM in VPS config. > > At least for x86, see "machine mem" in boot(8). > > -- > Please keep replies on the mailing list. > While mach mem in boot> will work for BIOS based machines, it does not work in EFI (or at least it didn't, last time I checked). FYI.
Re: Crash on TOSHIBA PORTEGE Z30-A laptop
On Sat, Oct 21, 2023 at 01:27:21PM +0400, wes...@technicien.io wrote: > Hi Philip, > > Thank you very much for your answer. > > I tried to disable all options (+devices) possible. Same issue. > And what's about disable acpi in the kernel using the bsd.re-config? > Not advisable. You'll probably end up causing even more problems. > Do you think If I replace the wireless card by somthing else, It could > resolve this issue? > > > /Wesley > > > > -Message d'origine- > De : owner-b...@openbsd.org De la part de Philip > Guenther > Envoyé : samedi 21 octobre 2023 03:23 > À : wes...@technicien.io > Cc : b...@openbsd.org; misc@openbsd.org > Objet : Re: Crash on TOSHIBA PORTEGE Z30-A laptop > > On Fri, Oct 20, 2023 at 1:23 PM wrote: > > > I've recently installed OpenBSD 7.4 on this laptop. > > > > However, I'm experiencing random crashes. These occur at various > > times, including during kernel loading (before running /etc/rc), > > > > or later while I'm using the system. > > > > > > I've included the contents of /var/run/dmesg.boot below and attached > > the screens with the ddb output command. > > > ... > > > bios0: vendor TOSHIBA version "Version 4.30" date 04/26/2018 > > > > The screenshots show that the fault happens during a wifi interrupt that > catches the ACPI thread processing a very deeply nested AML code. I suspect > it's actually running out of kernel stack space as a result. > Everything below is based on that hypothesis. > > So, the first thing to try is to see if there's a BIOS update newer than the > 2018 rev it currently has. They may have optimized the AML code, or at least > made it less deeply nested. > > Another possibility is to see if there's a device you can disable that would > result in that AML not being called. If there's anything that you aren't > using then disable it in the BIOS and hope. > > The last possibility would be to build a kernel which allocates more pages > per thread for its kernel stack by bumping the UPAGES #define in > /usr/src/sys/arch/amd64/include/param.h and building a new kernel. It's > really only the ACPI thread that needs this, but we don't currently have code > to control that on a per-thread basis. > > > Philip Guenther >
Re: vmd and /dev/sd*
On Thu, Oct 12, 2023 at 09:24:33AM -0600, Theo de Raadt wrote: > Manuel Giraud wrote: > > > > Manuel Giraud writes: > > > > > >> Hi, > > >> > > >> I can't find the information on this list (or elsewhere). Is it > > >> possible to have a vm that access a disk through its device? The > > >> following does not seem to work: > > >> > > >> # vmctl start -cL -m 1G -b /bsd.rd -d /dev/sd1c myvm > > >> vmctl: start vm command failed: Unknown error: -1 > > > > > > No, passing file descriptors to devices over ipc sockets isn't currently > > > allowed by the kernel. You'd need to use the raw character device, too, > > > afaik if passing them were allowed. > > > > Ok, noted. BTW I have the same error passing the raw character device. > > > > I made the decision to not allow passing of weird file descriptor types > very intentionally. I'm still very sure that is the right decision. > > Here's 1 program which wants to do it, but the other 1000 pledge'd programs > are being protected from being passed an incorrect fd and then doing system > calls upon it which behave "different". By that, I mean seek, read, and > write short-operation behaviours are subtly different outside of files and > sockets, and it would also expose some ioctl (which is MOSTLY limited by > pledge, but ioctl "request" values are just numbers, and they can overlap in > surprising ways). > I would like to make clear that vmd does not "want to do it", and that I agree that the current design of not being able to pass these types of fds is correct. It may be slightly inconvient for certain niche use cases, but not worth weakening everything else or putting in hacks. Just dd the device you want to a .raw file and use that. -ml
Re: Failure to start vmd
On Tue, Oct 03, 2023 at 11:30:28AM -0500, B. Atticus Grobe wrote: > The E8400 processor doesn't support extended page tables, which vmm > requires. AFAIK, all modern hypervisors require this. Correct. It was my plan long ago to support shadow paging for CPUs like this but there really is no point now.
Re: Failure to start vmd
On Tue, Oct 03, 2023 at 01:03:02PM -0300, vitmau...@gmail.com wrote: > Hi, > > I'm trying to fiddle with OpenBSD's virtualization capabilities, but I > couldn't manage to start vmd. The console gives me the error "vmd(failed)" > and my /var/log/message says "vmd[31605]: vmd: /dev/vmm: Operation not > supported by device". I enabled the "Virtualization Technology" and "VT-d" > options on my bios and fw_update indicates that vmm is already installed. I > did a grep on my dmesg to look for "VMX/EPT" (as suggested by OpenBSD's > FAQ), but only occurrences of "VMX". > > Anybody has any idea about what might be wrong? cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2826.29 MHz, 06-17-0a That CPU is too old. > > Here's my dmesg. > > OpenBSD 7.2 (GENERIC.MP) #5: Tue Jul 25 16:20:58 CEST 2023 > r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/ > GENERIC.MP > real mem = 6254428160 (5964MB) > avail mem = 6047473664 (5767MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0100 (40 entries) > bios0: vendor Itautec ST 4262, LTD 6.00 PG version "FC" date 08/21/2009 > bios0: Itautec S.A. Infoway > acpi0 at bios0: ACPI 1.0 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP ASF! HPET MCFG APIC SSDT > acpi0: wakeup devices PCI0(S5) PEX0(S5) PEX1(S5) PEX2(S5) PEX3(S5) PEX4(S5) > PEX5(S5) HUB0(S5) UAR1(S3) UAR2(S3) IGBE(S4) USB0(S3) USB1(S3) USB2(S3) > USB3(S3) USB4(S3) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpimcfg0 at acpi0 > acpimcfg0: addr 0xd000, bus 0-255 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2826.29 MHz, 06-17-0a > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 6MB > 64b/line 24-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 332MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2826.26 MHz, 06-17-0a > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN > cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 6MB > 64b/line 24-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins, remapped > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (PEX0) > acpiprt2 at acpi0: bus -1 (PEX1) > acpiprt3 at acpi0: bus -1 (PEX2) > acpiprt4 at acpi0: bus -1 (PEX3) > acpiprt5 at acpi0: bus -1 (PEX4) > acpiprt6 at acpi0: bus -1 (PEX5) > acpiprt7 at acpi0: bus 2 (HUB0) > acpibtn0 at acpi0: PWRB > acpipci0 at acpi0 PCI0 > acpicmos0 at acpi0 > com0 at acpi0 UAR1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo > com1 at acpi0 UAR2 addr 0x2f8/0x8 irq 3: ns16550a, 16 byte fifo > acpicpu0 at acpi0: C1(@1 halt!), FVS, 2667, 2000 MHz > acpicpu1 at acpi0: C1(@1 halt!), FVS, 2667, 2000 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel Q45 Host" rev 0x03 > inteldrm0 at pci0 dev 2 function 0 "Intel Q45 Video" rev 0x03 > drm0 at inteldrm0 > intagp0 at inteldrm0 > agp0 at intagp0: aperture at 0xe000, size 0x1000 > inteldrm0: apic 2 int 16, G45, gen 4 > "Intel Q45 Video" rev 0x03 at pci0 dev 2 function 1 not configured > "Intel Q45 HECI" rev 0x03 at pci0 dev 3 function 0 not configured > pciide0 at pci0 dev 3 function 2 "Intel Q45 PT IDER" rev 0x03: DMA > (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI > pciide0: using apic 2 int 18 for native-PCI interrupt > pciide0: channel 0 ignored (not responding; disabled or no drives?) > pciide0: channel 1 ignored (not responding; disabled or no drives?) > puc0 at pci0 dev 3 function 3 "Intel Q45 KT" rev 0x03: ports: 16 com > com4 at puc0 port 0 apic 2 int 17: ns16550a, 16 byte fifo > com4: probed fifo depth: 15 bytes > em0 at pci0 dev 25 function 0 "Intel ICH10 D BM LM" rev 0x02: apic 2 int > 20, address 6c:f0:49:fa:26:2e > uhci0 at pci0 dev 26 function 0 "Intel 82801JD USB" rev 0x02: apic 2 int 16 > uhci1 at pci0 dev 26 function 1 "Intel 82801JD USB" rev 0x02: apic 2 int 21 > uhci2 at pci0 dev 26 function 2 "Intel 82801JD USB" rev 0x02: apic 2 int 18 > ehci0 at pci0 dev 26 function 7 "Intel 82801JD USB" rev 0x02: apic 2 int 18 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev > 2.00/1.00 addr 1 > azalia0 at
Re: keepassxc-2.7 + Hardware Key
> On Oct 2, 2023, at 2:09 PM, m...@phosphorus.com.br wrote: > > ping > > On 9/30/23 07:39, m...@phosphorus.com.br wrote: >> Hi, anyone using keepassxc-2.7.4p2 with a hardware dongle - preferably >> opensource or DIY type - succesfully in OpenBSD? >> >> Perhaps the answer you've found is that it's only you doing this. "Ping"-ing us all because nobody responded is wasting everyone's time. And next time, don't top-post. It's rude.
Re: Dokuwiki
> Am 08.09.2023 um 00:38 schrieb latin...@vcn.bc.ca:
>
> Hello
>
> Does somebody can help? OpenBSD 7.3 Dokuwiki
> # ps ax |grep dokuwiki
> 27461 p0 S+p 0:00.01 grep dokuwiki
DokuWiki is not a process. So the above does not make any sense.
> The error.log at /www/log is full of this messages and dokuwiki stop working:
>
> Access to the script '/dokuwiki' has been denied (see
> security.limit_extensions)
…
> Access to the script '/dokuwiki' has been denied (see
> security.limit_extensions)
>
> Thanks for your attention.
You need to show us the relevant server {} block in your /etc/httpd.conf
(assuming that you are using httpd(8) as the web server).
The actual error message refers to the php-fpm setting, see
https://www.php.net/manual/en/install.fpm.configuration.php#security-limit-extensions.
But feeding the path /dokuwiki to php-fpm does not make any sense, so the root
cause is somewhere else.
Also you may want to take a look at https://www.dokuwiki.org/install:openbsd
for some additional hints.
This is what a working httpd.conf could look like:
(You may want to replace the server name with an FQDN or add an alias setting.
You would also need a port 80 host to redirect to https and to handle ACME
certificate verification. But that is all standard web server stuff, not
specific to DokuWiki.)
server "default" {
listen on $my_ipv6 tls port 443
tls {
certificate "/etc/ssl/acme/fullchain.pem"
key "/etc/ssl/acme/private/privkey.pem"
}
log style combined
root "/dokuwiki"
directory index doku.php
connection max request body 2097152 # Default is 2M for
upload_max_filesize and 8M for post_max_size.
location "/*.inc" { block }
location "/*.ht*" { block }
location "/data/*" { block }
location "/conf/*" { block }
location "/bin/*" { block }
location "/inc/*" { block }
location "/vendor/*" { block }
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
}
Mike
Re: Dokuwiki
> Am 23.08.2023 um 19:16 schrieb latin...@vcn.bc.ca: > I found the error, it is not OpenBSD, the first page after installation is > in English, but if i change language to es, the link does not go to the > wiki; it goes to the information web page. > > Thanks. Too little information to follow that. But I’m glad your initial issue seems to be fixed. @Stuart: > Am 23.08.2023 um 13:37 schrieb Stuart Henderson : > > That would be a bug in the port, I'll fix it. Thanks. I just verified that this issue exists in dokuwiki-2022.07.31ap0 and in dokuwiki-2023.04.04 in snapshots. If you are touching this port, snapshots contains dokuwiki-2023.04.04, but Dokuwiki 2023-04-04a has been released a while ago. Mike
Re: Dokuwiki
> Am 23.08.2023 um 00:45 schrieb latin...@vcn.bc.ca:
>
> Hello
>
> I have installed dokuwiki on OBSD 7.3, but i can not run install.php from
> my Browser.
>
> php 8.1 is running.
>
> Permissions after installation:
>
> ls -la /var/www/dokuwiki/
> total 240
> drwxr-xr-x 8 root daemon512 Aug 22 22:20 .
> drwxr-xr-x 13 root daemon512 Aug 22 09:32 ..
> -rw-r--r-- 1 root daemon 1688 Aug 22 22:20 .htaccess
> -rw-r--r-- 1 root bin 1688 Sep 3 2022 .htaccess.dist
> -rw-r--r-- 1 root bin 18092 Sep 3 2022 COPYING
> -rw-r--r-- 1 root bin 308 Sep 3 2022 README
> -rw-r--r-- 1 root bin 918 Sep 3 2022 SECURITY.md
> -rw-r--r-- 1 root bin19 Sep 3 2022 VERSION
> drwxr-xr-x 2 root daemon512 Aug 22 22:20 bin
> -rw-r--r-- 1 root bin 1356 Sep 3 2022 composer.json
> -rw-r--r-- 1 root bin 22553 Sep 3 2022 composer.lock
> drwxr-xr-x 2 www daemon512 Aug 22 22:20 conf
> drwxr-xr-x 13 www daemon512 Aug 22 22:20 data
> -rw-r--r-- 1 root bin 3644 Sep 3 2022 doku.php
> -rw-r--r-- 1 root bin 20010 Sep 3 2022 feed.php
> drwxr-xr-x 22 root daemon 1536 Aug 22 22:20 inc
> -rw-r--r-- 1 root bin 2537 Sep 3 2022 index.php
> -rwxr-xr-x 1 root bin 20741 Sep 3 2022 install.php
> drwxr-xr-x 8 root daemon512 Aug 22 22:20 lib
> drwxr-xr-x 11 root daemon512 Aug 22 22:20 vendor
>
> Browser message:
>
> DokuWiki Setup Error
>
> The logdir ('log') at ./data/log is not found, isn't accessible or
> writable. You should check your config and permission settings. Or maybe
> you want to run the installer?
>
>
> What could be wrong please?
For DokuWiki to be able to run the install.php script the web browser (or more
precisely PHP as running from the web browser) needs to have certain
permissions.
Generally the web browser (and PHP) will run as user www. So in order for the
./data/log directory to be used permissions need to allow the creation files
and directories therein. The default package install currently does this
however:
2 drwxr-xr-x 2 root daemon 512 Jul 26 00:52 log/
Just chown www ./data/log and it should work.
See also: https://www.dokuwiki.org/install:permissions
HTH
Mike
Re: volatility or something like that in the future ?
On Fri, Aug 18, 2023 at 01:31:41PM +, whistlez wrote:
> Il 2023-08-18 09:22 Omar Polo ha scritto:
> > On 2023/08/18 02:06:11 +, whistlez wrote:
> >> Il 2023-08-18 02:20 Scott Cheloha ha scritto:
> >> >> On Aug 17, 2023, at 10:28, whistlez wrote:
> >>
> >> Furthermore, in my opinion - brace yourself, I might trigger an atomic
> >> war with what I'm about to say - we should consider it certain that the
> >> kernel could contain unknown vulnerabilities. Unauthorized code running
> >> in the kernel is impossible to detect, clearly. I'm talking about code
> >> that might not even reside on the disk but is injected remotely. Thus,
> >> the only way is through inspecting the RAM dump, that is, a software
> >> that can analyze the dump and determine its integrity.
> >
> > Assuming that the kernel was compromised, how can you trust a tool to
> > detect that? The compromised kernel could return normal-looking data
> > through /dev/{k,}mem (ignoring for a moment the perils of allowing
> > random software to access these devices.) You'd be asking a liar if
> > they're telling the truth :)
>
> Yes, I understand exactly what you're saying, and I partly agree, but
> I'd like to share some thoughts. However, first and foremost, I want to
> reiterate that I'm not a developer, and for this reason, my statements
> might be based on entirely erroneous assumptions. But let's get to the
> considerations.
>
> 1. Volatility allows the detection of hidden kernel modules in a Linux
> environment, including typical LKM rootkits.
>
> 2. There are multiple methods for RAM dumping, some of which cannot be
> circumvented and do not require specific software or interfaces. For
> example:
> a. Through a 'cold boot attack,' it's possible to dump RAM from an
> uncompromised operating system. (Reference:
> https://en.wikipedia.org/wiki/Cold_boot_attack)
> b. Through a DMA attack, leveraging FireWire or other hardware
> interfaces, it's possible to dump RAM. I believe that, in this case, as
> in the previous one, the kernel would be completely unaware. An example
> of this kind of attack and dump is "inception"
> (https://github.com/carmaa/inception).
> c. In a virtualized environment such as VMM, VirtualBox, VMware,
> etc. (we know OpenBSD can be virtualized), you can acquire RAM without
> the operating system knowing.
Great, sounds like you've stumbled across 3 solutions for your problem.
Looks like no diff is needed after all.
>
> 3. The third consideration relates to what you said – that it doesn't
> make sense to ask a liar if he is lying. I think, similar to how the
> police operate, you can ask a suspect a series of questions, and all
> answers should exhibit a certain logical consistency. If you want to
> make a neighborhood disappear from a city, you can't just dig a hole.
> Because everyone will understand that it can't be true. Roads will
> terminate at the hole and continue on the other side, and that doesn't
> make sense. Moral of the story: the more you have to hide, the more code
> you have to write to make your façade believable. And so, the more
> questions you ask the suspect, the more they have to invent lies that
> are consistent. The more lies there are, the greater the chances of
> creating a discrepancy in the infrastructure. For instance, library,
> memory, pointers must be reorganized coherently. You can't make a
> pointer point to a memory area that is empty.
>
> 4. Another thing we can't ignore is that we all know there are no
> definitive security solutions, only building bricks that add layers of
> difficulty and complicate matters for an attacker. Keeping hidden code
> within a kernel while simultaneously ensuring that code performs actions
> is an additional layer of difficulty.
>
Re: riscv questions
On Fri, Aug 18, 2023 at 06:44:48AM +0200, Peter J. Philipp wrote: > On Thu, Aug 17, 2023 at 06:03:42PM +0000, Mike Larkin wrote: > > On Sun, Aug 13, 2023 at 06:27:20PM +0200, Peter J. Philipp wrote: > > > Hi, > > > > > > I was wondering two things currently, both having to do with QEMU on > > > OpenBSD. > > > > > > I noticed in my QEMU that is running OpenBSD that it is supporting the > > > H-extension. The H is hypervisor. Does this mean that there is support > > > emulated for hypervisor host and guest in QEMU? Also is there any > > > efforts to > > > implement this where I can be an observer? > > > > I believe they have some support for that. > > > > There is no hardware currently available that has it though, from what I > > know. > > There is an FPGA core you can implement on a suitably large dev board > > though, > > but you'd be a 1-off. > > > > When you say "implement this", what do you mean? > > Oh I didn't know there was no hardware support for this yet. What I meant > for implementing this was if there is anyone porting vmm to riscv64. I guess > arm64 needs it too but riscv64 to me is the ultimate :-). > arm64 is first but the separation work was done already. There are about two dozen functions that need to be implemented in the kernel, plus a bunch of work in vmd. > I was wondering Mike, do you offer any more workgroups like the one that > ported riscv64? I know someone on IRC who lives in the Los Angeles region of It wasn't a workgroup. It was a group of four full time students working on their master's degrees as a final project. It took six months, more or less, and at that time we barely could print hello world from userland. It was another 6-12 months after that before it was stable, thanks to many other developers. > California that might be interested in such a workgroup. Though he may > not be available until 2024/2025 for something such as this, but the interest > would be there. I told him an effort to port vmm to riscv64 would be a > worthwhile endeavour, for everyone. Obviously it depends on hardware support > and someone to guide the group. > I'm prioritizing arm64 at this point, there isn't much value in porting vmm to hardware that is way too slow to matter (and I am unsure if such hardware even exists). powerpc64 is another choice, it has virtualization support, as do some octeons. We have real hardware for those, too. That said, if a diff appeared on tech@, I'd certainly take a look at it. > > > > > > > I saw somewhere that newer QEMU support RV128 cpu emulation. While this > > > is something for 20 years from now perhaps, I'm still curious if anyone is > > > considering a port to the RV128, or is at least turned on by the thought > > > of it. > > > > no > > > > > Unfortunately I believe the RV128 isn't intended for an 128 bit address > > > space > > > but has something planned for partitioning it in half so it will be 64 bit > > > space. With the other 64 bit for something security related. > > > > > > Also I'd like to say that I have my first piece of RV64 hardware for a few > > > weeks now and it can run linux ubuntu. It's a Mango Pi which is the same > > > form factor as a RPI zero. I also donated one to a developer so perhaps > > > we'll > > > see OpenBSD running on it one day. In half a dozen weeks or so I'm > > > considering > > > getting my second RV64 computer, which will be somewhat of a visionfive > > > 2-like > > > SBC for a router. Not sure which yet, though, let's see who can deliver > > > in > > > October. > > > > > > Next year I'd like to invest into a larger RV64 computer for workstation. > > > As > > > you can see I'm starting to get a bit serious around Risc-V > > > > get a milk-v pioneer then, it's the biggest you can currently buy. > > Interesting. Thanks! > > Best Regards, > -peter > > -- > Over thirty years experience on Unix-like Operating Systems starting with QNX.
Re: riscv questions
On Sun, Aug 13, 2023 at 06:27:20PM +0200, Peter J. Philipp wrote: > Hi, > > I was wondering two things currently, both having to do with QEMU on OpenBSD. > > I noticed in my QEMU that is running OpenBSD that it is supporting the > H-extension. The H is hypervisor. Does this mean that there is support > emulated for hypervisor host and guest in QEMU? Also is there any efforts to > implement this where I can be an observer? I believe they have some support for that. There is no hardware currently available that has it though, from what I know. There is an FPGA core you can implement on a suitably large dev board though, but you'd be a 1-off. When you say "implement this", what do you mean? > > I saw somewhere that newer QEMU support RV128 cpu emulation. While this > is something for 20 years from now perhaps, I'm still curious if anyone is > considering a port to the RV128, or is at least turned on by the thought of > it. no > Unfortunately I believe the RV128 isn't intended for an 128 bit address space > but has something planned for partitioning it in half so it will be 64 bit > space. With the other 64 bit for something security related. > > Also I'd like to say that I have my first piece of RV64 hardware for a few > weeks now and it can run linux ubuntu. It's a Mango Pi which is the same > form factor as a RPI zero. I also donated one to a developer so perhaps we'll > see OpenBSD running on it one day. In half a dozen weeks or so I'm > considering > getting my second RV64 computer, which will be somewhat of a visionfive 2-like > SBC for a router. Not sure which yet, though, let's see who can deliver in > October. > > Next year I'd like to invest into a larger RV64 computer for workstation. As > you can see I'm starting to get a bit serious around Risc-V get a milk-v pioneer then, it's the biggest you can currently buy. > > Best Regards, > -peter > > -- > Over thirty years experience on Unix-like Operating Systems starting with QNX. >
Re: unhibernate failed: original kernel changed
On Tue, Aug 01, 2023 at 07:22:04AM -, Piotr Isajew wrote:
> Dnia 31.07.2023 Mike Larkin napisał/a:
>
> > The message explained exactly what happened. What is unclear?
>
> I understand the message. What I don't undestand is the reason
> for it. The message is due to this comparison not returning 0:
>
> if (bcmp(mine->kern_hash, disk->kern_hash, SHA256_DIGEST_LENGTH) != 0) {
>
> but the same kernel image was used when booting the system before
> hibernation and on unhibernate.
>
Something changed on disk otherwise that bcmp would be the same.
Try reproing with a GENERIC/GENERIC.MP kernel and see if that fixes it.
Re: unhibernate failed: original kernel changed
On Mon, Jul 31, 2023 at 09:39:01PM +0200, Piotr K. Isajew wrote: > that's exactly what I got when I tried to resume after ZZZ on my > Lenovo machine with custom 7.3 kernel. Customization is primarily > to point swap and dump to non-default device: > > root on sd1a swap on sd0b dump on sd0b > > Full dmesg attached. > > Note that I'm not a heavy hibernate/suspend user. I have never > tried it with success on this machine. The message explained exactly what happened. What is unclear? > OpenBSD 7.3-stable (PKI) #27: Tue Jul 25 21:39:08 CEST 2023 > pki@zgred.localnet:/sys/arch/amd64/compile/PKI > real mem = 29892214784 (28507MB) > avail mem = 28966887424 (27624MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.3 @ 0xcb709000 (57 entries) > bios0: vendor LENOVO version "GKCN50WW" date 11/24/2021 > bios0: LENOVO 82JU > acpi0 at bios0: ACPI 5.0Undefined scope: \\_SB_.PCI0.PB2_ > > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP UEFI SSDT SSDT IVRS SSDT SSDT TPM2 POAT ASF! BOOT > HPET APIC MCFG SLIC WDAT WDRT SSDT SSDT VFCT SSDT SSDT SSDT SSDT CRAT CDIT > SSDT SSDT SSDT SSDT SSDT SSDT FPDT WSMT SSDT SSDT BGRT > acpi0: wakeup devices GPP0(S3) GPP1(S3) GPP2(S3) GPP3(S3) GPP4(S3) GPP5(S3) > GP17(S3) XHC0(S3) XHC1(S3) GP19(S3) > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpihpet0 at acpi0: 14318180 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD Ryzen 7 5800H with Radeon Graphics, 3200.00 MHz, 19-50-00 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,WAITPKG,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB > 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 100MHz > cpu0: mwait min=64, max=64, C-substates=1.1, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: AMD Ryzen 7 5800H with Radeon Graphics, 3200.00 MHz, 19-50-00 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB > 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache > cpu1: smt 1, core 0, package 0 > tsc: cpu0/cpu1: sync test failed > timecounter: active counter changed: tsc -> acpihpet0 > cpu2 at mainbus0: apid 2 (application processor) > cpu2: AMD Ryzen 7 5800H with Radeon Graphics, 3200.00 MHz, 19-50-00 > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB > 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache > cpu2: smt 0, core 1, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: AMD Ryzen 7 5800H with Radeon Graphics, 3200.00 MHz, 19-50-00 > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB > 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache > cpu3: smt 1, core 1, package 0 > cpu4 at mainbus0: apid 4 (application processor) > cpu4: AMD Ryzen 7 5800H with Radeon Graphics, 3200.00 MHz, 19-50-00 > cpu4: >
Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches
On Tue, Jul 25, 2023 at 10:42:25AM -0700, Kevin wrote: > On Tue, Jul 25, 2023 at 7:42 AM Theo de Raadt wrote: > > > It seems some of the smaller hypervisor companies didn't get the memo, > > and they are blocking the msr write to to set the chicken bit. > > > > They block it by raising an exception. > > They should IGNORE that bit if they allow setting it. > > > > I also have a strong suspicion some of them do not have the firmware > > fixes, and that the chickenbit-off state we read is true. > > > > Anyways, a brand new errata to skip setting the chickenbit on such > > hypervisors is going out the door right now. > > > > > I just fucking love you guys. > > Thank you. > > Just applied the fix to the first affected AMD machine and all is well > again. > > Would this be worth putting a ticket into Vultr to get them to make > appropriate updates on their side? Yes (but I see you already did)
Re: xenodm + Xvfb + x11vnc = virtual display for vmm(4) OpenBSD guests
On Tue, Jul 18, 2023 at 04:09:21PM -0400, Morgan Aldridge wrote: > I'm maintaining an OpenBSD X11 window manager (WM) port, but try to > keep my primary workstation on -stable, so do most of my development > there and test in Xephyr. I test & submit patches from an OpenBSD > -current VM running under vmm(4), but since vmm(4) doesn't emulate > video hardware, I haven't been run-testing there. > > I'm already comfortable with x11vnc under OpenBSD, plus Xephyr, but > they both use an existing X display. After studying xenodm(1), > Xvfb(1), x11vnc(1), and a bunch of other X(1)-related manual pages, > plus tons of experimenting, the solution was actually quite simple. > > TL; DR > > I could find much on the Internet, list archives, etc., regarding this > specific situation, so here's my solution for a [slow] X11 virtual > display on a vmm(4) OpenBSD guest, accessible via VNC over an SSH > tunnel: > > doas rcctl enable xenodm > doas rcctl set xenodm flags \ > "-server ':0 local /usr/X11R6/bin/Xvfb :0 -screen 1024x768x24 -shmem'" > doas rcctl start xenodm > doas pkg_add x11vnc > doas rcctl enable x11vnc > doas rcctl start x11vnc > > Hope someone else finds this useful down the road, > > Morgan > Thanks. Always good to have information like this on the list for later searchers. There are other ways too (like sthen@ replied subsequently).
Re: Ryzen 9 (7x000) users: do you experience hangs?
On Tue, Jul 18, 2023 at 01:19:14PM -0700, Kastus Shchuka wrote: > On Tue, Jul 18, 2023 at 08:09:11PM +0100, cho...@jtan.com wrote: > > Not really. But. > > > > I have an APU2 which runs two VMs that do practically nothing, > > although the box itself is used actively. The VMs consistently, and > > without warning, hang in a way which matches the description "nothing > > new can be execed" although I recall being able to log in on the > > console. I noticed shortly after I installed the VMs in around May > > but I haven't got very far diagnosing it because it's a low priority. > > However there is a common denominator: AMD > > > > cpu0 at mainbus0: apid 0 (boot processor) > > cpu0: AMD G-T40E Processor, 1000.02 MHz, 14-02-00 > > cpu0: > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC > > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache > > cpu0: 512KB 64b/line 16-way L2 cache > > cpu0: smt 0, core 0, package 0 > > > > Times two. > > > > As you say the existing processes seem to work fine right up until > > sshd is nearly (but not quite?) ready to fork: > > > > . > > . > > . > > debug1: SSH2_MSG_EXT_INFO received > > debug1: kex_input_ext_info: > > server-sig-algs= > > debug1: kex_input_ext_info: publickey-hostbo...@openssh.com=<0> > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > > > Ordinarily it would next attempt authentication. Does sshd fork and > > drop privileges to do that? > > > > I don't know if that could help or even if it's related, but it can > > be reproduced with confidence. I can poke the box or its VMs any > > way that could shake some data loose. > > > > Matthew > > > > Is AMD errata referenced from https://inks.tedunangst.com/l/4996 any relevant? > (errata #1474 in https://www.amd.com/system/files/TechDocs/56323-PUB_1.01.pdf) > > -Kastus > no
Re: Allwinner D1 riscv64 mango pi SBC
On Tue, Jul 18, 2023 at 02:02:45PM -0600, deich...@placebonol.com wrote: > Hi Mike > > I've volunteered to coordinate a purchase of Mango Pi to get them into > OpenBSD developers working on riscv64 platform. > > It has been awhile but I used to facilitate getting h/w into OpenBSD > developers hands on a semi-regular basis. > > diana > > Great. I don't know who would be interested, so I'd wait to let them speak up before ordering anything. -ml > > On July 16, 2023 1:13:02 PM MDT, "Peter J. Philipp" > wrote: > >On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote: > >> On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote: > >> > Hi *, > >> > > >> > I'm back for the moment. I was wondering who has a Allwinner D1 riscv64 > >> > SBC? > >> > This is the Mango Pi SBC. > >> > > >> > I have one which has linux on it currently but I'm trying to boot > >> > OpenBSD on > >> > it. But I'm fairly lazy and haven't done much with this lately. I can > >> > get > >> > to the riscv64 loader but when it loads the kernel, it goes blind. So > >> > there > >> > is more than just getting the GPIO pins configured which I think I have > >> > been > >> > able to adjust. > >> > > >> > I use a QEMU-based riscv64 emulation to compile kernels which is slow > >> > but this > >> > SBC isn't much faster either (1000 Mhz it claims). > >> > > >> > I use this u-boot directive to get into the boot loader: > >> > > >> > setenv bootobsd 'load mmc 0:1 0x4FA0 > >> > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ; > >> > load mmc 0:f 0x4008 /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi > >> > 0x4008 0x4FA0' > >> > > >> > followed by a: > >> > > >> > run bootobsd > >> > > >> > I am unsure how to save this though in the u-boot itself. Any hints > >> > would be > >> > appreciated. > >> > > >> > I think we need a specific riscv mailing list for this sort of stuff > >> > perhaps > >> > it's too technical for misc. Regarding to the nostradamus stuff of > >> > someone > >> > from chicago (Re: A couple of Questions) , check out "1st wave" and > >> > "cade foster" on youtube (reruns), this will feed you more ideas. my > >> > personal > >> > opinion is that time travel of information is possible, contributing to > >> > major > >> > headaches when events get changed (for the prometheus seers). > >> > > >> > Back to "reality" I'm looking for a group of people to help getting the > >> > mango > >> > pi working. I'm hampered by pride to ask knowledged people and these > >> > people > >> > have their own directions and I don't want to bother their efforts. The > >> > more > >> > we are the more we could possibly get something done. > >> > > >> > >> The best way to get that done is to get hardware in the hands of > >> developer(s). > >> Wishing on misc@ is likely not going to get anyone interested. Check the > >> commit > >> logs for people working in this area, reach out to them, and see if they > >> are > >> interested in helping. > >> > >> -ml > > > >Hi Mike, > > > >Thanks. This will take a bit, I'm in talks to get a new job soon, which will > >put extra money in my pocket. Then I may be able to get a handful of these > >perhaps. Do you still keep tabs on Shivam, Mars, Brian, and Wenyan? Are > >they > >still interested in riscv64 after the initial port with yours and Dales > >guidance? I think I paid something like 30 EUR for a Mango Pi from > >AliExpress > >buying 4 would work but I can only do this when I have secured the job. > > > >Best Regards, > >-peter > > > >-- > >Over thirty years experience on Unix-like Operating Systems starting with > >QNX. > >
Re: Ryzen 9 (7x000) users: do you experience hangs?
On Tue, Jul 18, 2023 at 08:09:11PM +0100, cho...@jtan.com wrote: This is completely unrelated to the question we asked. Please don't hijack the thread. > Not really. But. > > I have an APU2 which runs two VMs that do practically nothing, > although the box itself is used actively. The VMs consistently, and > without warning, hang in a way which matches the description "nothing > new can be execed" although I recall being able to log in on the > console. I noticed shortly after I installed the VMs in around May > but I haven't got very far diagnosing it because it's a low priority. > However there is a common denominator: AMD > > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD G-T40E Processor, 1000.02 MHz, 14-02-00 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache > cpu0: 512KB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > > Times two. > > As you say the existing processes seem to work fine right up until > sshd is nearly (but not quite?) ready to fork: > > . > . > . > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: > server-sig-algs= > debug1: kex_input_ext_info: publickey-hostbo...@openssh.com=<0> > debug1: SSH2_MSG_SERVICE_ACCEPT received > > Ordinarily it would next attempt authentication. Does sshd fork and > drop privileges to do that? > > I don't know if that could help or even if it's related, but it can > be reproduced with confidence. I can poke the box or its VMs any > way that could shake some data loose. > > Matthew >
Re: Ryzen 9 (7x000) users: do you experience hangs?
On Tue, Jul 18, 2023 at 09:43:51AM +0100, Laurence Tratt wrote: > A small number of us with AMD Ryzen 9 (i.e. chips in the 7x000 range) > machines have been experiencing regular (often daily), or semi-regular > hangs, but without any obvious cause. > > What we don't know is if we're the unlucky few, or whether this might be a > wider issue. So, to see if there is some sort of pattern going on (e.g. are > certain motherboards / BIOSes correlated with hangs or not?), I'd like to > poll Ryzen 9 OpenBSD users. At a minimum we'd need to know: > > CPU model (e.g. "7900x") > Motherboard (e.g. "MSI PRO670-X") > Have you experienced crashes? (Yes/No) If "Yes": > what frequency (e.g. "daily/weekly/no obvious pattern")? > are there are obvious causes (e.g. "happens when I run program X")? > have you found any mitigations (e.g. "updated BIOS")? > Ideally a dmesg too > > We're as interested in Ryzen 9 users who aren't experiencing hangs as who > are! Please feel free to reply to the list, or to me individually, and I'll > collate the information and see if there are any patterns or not. > > > Laurie > -- > Personalhttps://tratt.net/laurie/ > Software Development Team https://soft-dev.org/ >https://github.com/ltratt https://twitter.com/laurencetratt > A bit of color commentary here... Laurie and I and a few other folks have been trying to debug the hangs that some people are seeing on these machines. He and I have identical hardware and he sees regular hangs, and I rarely see any (I think in the span of 7 months I've seen maybe 2 or 3 total). I've been using this machine in anger as a daily driver and I can't make it break and other people can't even make it a day without a hang. We've tried to debug the issue and narrow down what device(s) might be causing the problem, or what workload, etc, but nothing is pointing in any specific direction. We've also seen reports of "long slow death" crashes where existing processes continue to work for some time but nothing new can be execed, and eventually even the existing processes freeze. To me that sounds like a lock issue but it never happens on my machine and only infreqently elsewhere, so I can't really debug it. We'd like to know if others have similar machines and if they are stable or not. -ml
Re: Allwinner D1 riscv64 mango pi SBC
On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote: > Hi *, > > I'm back for the moment. I was wondering who has a Allwinner D1 riscv64 SBC? > This is the Mango Pi SBC. > > I have one which has linux on it currently but I'm trying to boot OpenBSD on > it. But I'm fairly lazy and haven't done much with this lately. I can get > to the riscv64 loader but when it loads the kernel, it goes blind. So there > is more than just getting the GPIO pins configured which I think I have been > able to adjust. > > I use a QEMU-based riscv64 emulation to compile kernels which is slow but this > SBC isn't much faster either (1000 Mhz it claims). > > I use this u-boot directive to get into the boot loader: > > setenv bootobsd 'load mmc 0:1 0x4FA0 > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ; load > mmc 0:f 0x4008 /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 0x4008 > 0x4FA0' > > followed by a: > > run bootobsd > > I am unsure how to save this though in the u-boot itself. Any hints would be > appreciated. > > I think we need a specific riscv mailing list for this sort of stuff perhaps > it's too technical for misc. Regarding to the nostradamus stuff of someone > from chicago (Re: A couple of Questions) , check out "1st wave" and > "cade foster" on youtube (reruns), this will feed you more ideas. my personal > opinion is that time travel of information is possible, contributing to major > headaches when events get changed (for the prometheus seers). > > Back to "reality" I'm looking for a group of people to help getting the mango > pi working. I'm hampered by pride to ask knowledged people and these people > have their own directions and I don't want to bother their efforts. The more > we are the more we could possibly get something done. > The best way to get that done is to get hardware in the hands of developer(s). Wishing on misc@ is likely not going to get anyone interested. Check the commit logs for people working in this area, reach out to them, and see if they are interested in helping. -ml
Re: High ACPI CPU load
On Sat, Jul 15, 2023 at 04:34:20PM +0200, Julian Huhn wrote: > Since I got many DMARC rejection mails and therefore don't know how many > people this mail reached at all, once again with less restrictive DMARC > settings. > > On Sat, Jul 15, 2023 at 02:28:56PM +0200, Julian Huhn wrote: > > Moin! > > > > A few weeks ago, I put a new system into operation, where I notice a > > permanently high CPU load. With the help of top it appears that > > permanently the process acpi0 is executed. > > > > Is this a bug? > > > > I'm happy to help with more logs, if you tell me what you need. > > > > --Huhn > > This is a stuck GPE. This board in particular is a known issue; search the lists. mbuhl@ suggested a few months back that I get one of these machines to fix the issue, but when I started looking at it, the simplest fix was to just install a new bios. Since this is likely one of these super cheap 4 port igc(4) aliexpress "firewall PCs", you may need to search a bit to find a compatible bios since most of these don't have a real brand site associated with them. FWIW, the machines with "techvision" bios (like yours) exhibit this issue. Mine had techvision bios (and the same problem) before I flashed it to the image described below. You need to find this bios: bios0: vendor American Megatrends International, LLC. version "JK4LV107" date 04/17/2023 That one works on my machine, with exactly the same config as yours. No more ACPI GPE storm. I don't have the link anymore for where I found the BIOS image, but I think it was on servethehome in one of the long threads about these machines. You need to do some digging. While the root cause may be due to us lacking some driver for the device owning that GPE, or our lack of activating GPEs based on attached hardware, the 5-minute bios update fix was a good enough fix for me and I moved on to other things. The other lesson I learned is that you get what you pay for; buying $100 PCs from aliexpress means you're just going to be paying for it somewhere else. In this case, dealing with shoddy engineering and unsupported boards. -ml > > # top -S > > load averages: 1.01, 0.99, 1.00blech02.trust.dtm.huhn.dev > > 14:08:31 > > 85 processes: 81 idle, 4 on processor up 3 days 16:04:10 > > CPU0 states: 0.1% user, 0.0% nice, 16.3% sys, 0.5% spin, 75.6% intr, > > 7.5% idle > > CPU1 states: 0.1% user, 0.0% nice, 0.9% sys, 3.3% spin, 0.0% intr, > > 95.7% idle > > CPU2 states: 0.1% user, 0.0% nice, 0.9% sys, 3.3% spin, 0.0% intr, > > 95.7% idle > > CPU3 states: 0.1% user, 0.0% nice, 0.7% sys, 2.5% spin, 0.0% intr, > > 96.7% idle > > Memory: Real: 33M/10G act/tot Free: 21G Cache: 9303M Swap: 0K/32G > > > > PID USERNAME PRI NICE SIZE RES STATE WAIT TIMECPU > > COMMAND > > 57981 root 3400K 1976K onproc/0 - 832:27 15.48% > > acpi0 > > 18343 root 2800K 1976K onproc/3 -85.2H 0.00% > > idle3 > > 71885 root -2200K 1976K sleep/1 -84.3H 0.00% > > idle1 > > 6761 root 2800K 1976K onproc/2 -84.3H 0.00% idle2 > > 7152 root -2200K 1976K sleep/0 -69.4H 0.00% idle0 > > 95844 root 1800K 1976K sleep/2 syncer0:48 0.00% > > update > > 92641 root 1000K 1976K sleep/1 bored 0:40 0.00% > > softnet > > 10729 root 1000K 1976K sleep/3 bored 0:31 0.00% > > sensors > > 31290 root 1000K 1976K sleep/2 bored 0:22 0.00% > > softnet > > 23268 _pflogd40 764K 1588K sleep/2 bpf 0:22 0.00% > > pflogd > > 7279 root 1000K 1976K sleep/1 bored 0:21 0.00% srdis > > 24604 jhuhn 20 1460K 3448K sleep/1 kqread0:14 0.00% sshd > > 9279 root -2200K 1976K sleep/0 bored 0:10 0.00% > > softclock > > 35785 root 105 200K 1976K sleep/2 pgzero0:10 0.00% > > zerothread > > 21023 root 100 476K 972K sleep/2 nanoslp 0:06 0.00% > > sensorsd > > 82628 root 1000K 1976K sleep/1 bored 0:05 0.00% > > systqmp > > 76212 root 1000K 1976K sleep/2 bored 0:05 0.00% > > softnet > > 52512 root 1000K 1976K sleep/1 bored 0:04 0.00% > > systq > > > > # dmesg > > OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > real mem = 34180132864 (32596MB) > > avail mem = 33124827136 (31590MB) > > random: good seed from bootblocks > > mpath0 at root > > scsibus0 at mpath0: 256 targets > > mainbus0 at root > > bios0 at mainbus0: SMBIOS rev. 3.3 @ 0x78d77000 (116 entries) > > bios0: vendor Techvision, LLC. version "5.19" date 09/16/2022 > > bios0: Techvision TVI7309X > > efi0 at bios0: UEFI 2.7 > > efi0: American Megatrends rev 0x50013 > > acpi0 at bios0: ACPI 6.2 > > acpi0: sleep states S0 S3 S5 > > acpi0: tables DSDT FACP MCFG FIDT SSDT SSDT SSDT HPET APIC PRAM SSDT > > SSDT NHLT LPIT SSDT
Re: Maintaining multiple PHP-FPM versions on the same host
I’ll answer both of your replies here. But please note that Stuart provided the feedback I needed so from my point of view this issue is closed. > Am 10.07.2023 um 14:30 schrieb Daniele B. : > > However, I passed a small amount of time with 5.6 and 7.3 from source loading > together. > In both cases I was using init.d scritps, that I can pass you. init.d is not an OpenBSD thing. And my issue is not running multiple versions of PHP but configuring things so they don’t break when updates are installed. > Take it AS-IS, I do not want to recommend BSD subsystems or show off something > that is not part of my baggage. Indeed, for any system suggestion there is a > big truppen here, > not certenly myself. Not sure I understand your English here. But my question was posted on an OpenBSD mailing list, so solutions for other OSes are not really helpful. > Jul 10, 2023 13:57:15 Daniele B. : > >> Problem arising in reading you is at its origins, in plain italian "a >> monte".. ;) I don’t speak Italian. So I don’t get your comment. But if you are implying that maybe I should not be using OpenBSD because of a specific issue with php-fpm and the rc(8) mechanism, I don’t agree. >> >> - PHP 8 is enough retrocompatible with any version you mention, and should >> take in a >> certain amount of benefits in performance gain and bug fixing; So will you fix all of the (3rd party) code that may have issues for me? Theory and dogmatic concepts are fine. But there is also real life™. And there are other reasons for wanting to use older versions of PHP as well. For example compatibility testing. That said, sure PHP 8.2 is great for new projects. And I am using it where it makes sense. >> - PHP-FPM should be enough configurable and versatile to support huge amount >> of requests; Not relevant to the issue. A PHP-FPM process can only handle one version of PHP. My issue is with maintaining multiple PHP-FPM versions as stated in the subject. >> - multi webservers could be nice to have probably for some sorts of load >> balancing only, >> (having a reversed proxy is something often questionable); Just because you can’t think of a reason to use multiple web servers, that does not mean others can’t have valid reasons. And I fail to see what would be gained by using a reverse proxy to somehow mitigate the imagined reasons for your premise. It only adds complexity and has its own issues. And this is completely irrelevant to my issue. >> - multi webservers are surely a huge angle hole in your "resource room". What is an »angle hole«? And what do you mean by »resource room«. I’m sorry, but your version of English is often littered with what seem to be phrases and literal translations from your native language that make no sense in English. So whatever you think multiple web servers surly are, it is not relevant to my issue (see subject of this email). >> >> I do not know, are you maybe building your machine for testing purpose? Yes I do have legitmate reasons for wanting to run multiple versions of PHP in parallel. Testing is one reason. Compatibility is another. Not that it matters for the issue at hand. None of your comments address the issue I am having. On-topic comments to the list are generally welcome. But in this case I think Stuart has already provided the feedback I needed. Mike >> >> -- Daniele Bonini
Maintaining multiple PHP-FPM versions on the same host
Hi! I’m trying to figure out the best way to maintain multiple php-fpm setups at the same time and ran into a somewhat annoying issue. I’m not sure how many other users might have a similar situation? If this something too non-standard, let me know and I’ll shut up ;-) Background == The server supports multiple versions of PHP for websites using php-fpm. There are also multiple web servers running at the same time (on different IP/port combinations obviously). Specifically OpenBSD httpd and Apache httpd from ports. OpenBSD httpd runs in its normal chroot(2) environment. Apache httpd does not use chroot(2). This requires corresponding setups for php-fpm as well. Using e.g. a non-chroot(2) php-fpm with OpenBSD httpd does not work. Each php-fpm variant uses its own socket. So changing the PHP version for a web server (or even for just certain paths on that server) is as easy as pointing to the correct socket for the FastCGI mechanism of the web server. Setup = All available PHP Versions are supported and configured. I.e. 7.4, 8.0, 8.1 and 8.2 for OpenBSD 7.3. I have adjusted /etc/php-7.4.ini, /etc/php-8.0.ini, etc. as required I have created and modified /etc/php-fpm-7.4cr.conf, /etc/php-fpm-7.4ncr.conf, /etc/php-fpm-8.0cr.conf, /etc/php-fpm-8.0ncr.conf, etc. The default /etc/php-fpm.conf is not actively used. I have copied the /etc/rc.d/phpXX_fpm files and modified them to: - use the appropriate /etc/php-fpm.conf (/etc/php-fpm-7.4cr.conf, /etc/php-fpm-7.4ncr.conf, /etc/php-fpm-8.0cr.conf, /etc/php-fpm-8.0ncr.conf, etc.) - use the appropriate /etc/php.ini (/etc/php-7.4.ini, /etc/php-8.0.ini, /etc/php-8.1.ini and /etc/php-8.2.ini) - adjust the pexp to match the php-fpm.conf in addition to "php-fpm-7.4: master process", e.g. "php-fpm-7.4: master process .*/etc/php-fpm-7.4cr.conf.*", etc. Thus I have: /etc/rc.d/php74cr_fpm /etc/rc.d/php74ncr_fpm /etc/rc.d/php80cr_fpm /etc/rc.d/php80ncr_fpm /etc/rc.d/php81cr_fpm /etc/rc.d/php81ncr_fpm /etc/rc.d/php82cr_fpm /etc/rc.d/php82ncr_fpm And all of these have been enabled using `rcctl enable php74cr_fpm php74ncr_fpm php80cr_fpm php80ncr_fpm php81cr_fpm php81ncr_fpm php82cr_fpm php82ncr_fpm` and of course started using `rcctl start …`. For example: # cat /etc/rc.d/php82cr_fpm #!/bin/ksh daemon="/usr/local/sbin/php-fpm-8.2" daemon_flags="-c /etc/php-8.2-cr.ini -y /etc/php-fpm-82cr.conf" . /etc/rc.d/rc.subr pexp="php-fpm-8.2: master process .*/etc/php-fpm-82cr.conf.*" rc_reload=NO rc_cmd $1 # (Note: I know this could be further reduced to just one master process for each version with a chroot(2) and a non-chroot(2) pool defined in the single php-fpm.conf for each PHP version. But that is irrelevant to the issue at hand.) Issue = `rcctl ls started` lists php74_fpm, php80_fpm, php81_fpm and php82_fpm as started even though they are neither enabled nor started! The reason this happens is the pexp which is too general. E.g. for php74_fpm it is pexp="php-fpm-7.4: master process .*" Modifying this to e.g. pexp="php-fpm-7.4: master process .*/etc/php-fpm.conf.*" solves the problem. BUT: /etc/rc.d/php74_fpm will be overwritten when the php-7.4 port ist updated. (Same for the other versions of course.) So my change is lost and has to be reapplied. If I forget about this then at a later time I’ll become confused by the output of `rcctl ls started`. Questions = 1) Is there a better, update-proof way to solve this problem? 2) Would it make sense to include the more specific pexp in the PHP ports? (I don’t think doing so would hurt the default use case, but maybe I’m overlooking something?) OpenBSD 7.3, amd64 Thanks! Mike
Re: load custom acpi table
On Mon, Jun 19, 2023 at 08:55:10AM +0300, S V wrote: > Hello, list! > > Is it possible to load custom acpi table on boot ? > > in FreeBSD it was possible by strings in conf like > > acpi_dsdt_load="YES" acpi_dsdt_name="filename.aml" no
Re: ChatGPT writes a pf.conf by spec, earns an "F" grade
On 6/7/2023 5:36 PM, Stuart Longland VK4MSL wrote: On 8/6/23 06:32, Sean Kamath wrote: On Jun 7, 2023, at 01:28, Peter N. M. Hansteen wrote: Recorded at https://nxdomain.no/~peter/chatgpt_writes_pf.conf.html for those who would be interested. So in the thread that made you try it (https://bsd.network/@dch/110501874752402311) they said: "@pitrh I’m still waiting for it to explain my pf .conf setup to me” Which is kinda the inverse of “make me a pf.conf file”. I am curious if “explain to me this pf.conf in plain english” would work. :-) Probably about as well. It's the "Chinese Room" AI concept all over again. No "understanding", just rules. I find where its helpful is if I understand well what I want and can evaluate the answer when I see it with confidence. e.g. the other day I was working with a rather obscure app I had used a lot 2 yrs ago - influxDB. I knew I wanted to do, but forgot the syntax and its particular way of doing things was a little foggy. It got it right the first time. Yes, I could have trolled through the API documentation, or did a traditional google search, but it was a lot faster and was exactly what I wanted. ---Mike
Re: dhcpleased losing route
You are still getting a 5 minute lease. So that seems to be normal for your provider? (Maybe they only have a very limited pool of IPv4 addresses and want to be able to reuse them ASAP? Might explain why the initial DHCP:OFFER took so long as well.) But you don’t show what happens when the lease is to be renewed in your dump. That is where you received the NAK on OpenBSD which caused your machine to temporarily loose the IP, the gateway and the name servers. Does your provider offer IPv6? You may be better off using that. > Am 11.05.2023 um 05:08 schrieb David Diggles : > > Ok here's the Apple pcap for a working implementation. > > tcpdump -r airport.dhcp.pcap > > tcpdump: WARNING: snaplen raised from 116 to 1500 > 12:26:04.010316 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x5fc12750 > secs:28 vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0x10] > 12:26:27.806275 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xb4e0b61a > vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS MSZ:1500 > CID:1.32.201.208.21.60.163 [tos 0x10] > 12:26:33.010312 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xb4e0b61a > secs:6 vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0x10] > 12:26:44.010312 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0xb4e0b61a > secs:17 vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0x10] > 12:26:49.707196 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x5886fe16 > vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS MSZ:1500 > CID:1.32.201.208.21.60.163 [tos 0x10] > 12:26:55.010311 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x5886fe16 > secs:6 vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0x10] > 12:27:03.010312 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x5886fe16 > secs:14 vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0x10] > 12:27:12.010312 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x5886fe16 > secs:23 vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0x10] > 12:27:57.010496 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x34861165 > vend-rfc1048 DHCP:DISCOVER LT:86400 HN:"x" PR:SM+TZ+DG+DN+NS+HN+WNS MSZ:1500 > CID:1.32.201.208.21.60.163 [tos 0x10] > 12:27:57.227277 202.63.66.1.bootps > 255.255.255.255.bootpc: xid:0x34861165 > flags:0x8000 Y:202.63.67.36 S:172.21.116.42 ether 20:c9:d0:15:3c:a3 > vend-rfc1048 DHCP:OFFER SM:255.255.254.0 DG:202.63.66.1 > NS:119.40.106.35,119.40.106.36 NTP:125.253.59.254 LT:600 SID:202.63.66.1 > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0xc0] > 12:27:57.228177 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x34861165 > vend-rfc1048 DHCP:REQUEST SID:202.63.66.1 LT:86400 RQ:202.63.67.36 HN:"x" > PR:SM+TZ+DG+DN+NS+HN+WNS MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0x10] > 12:27:58.075046 202.63.66.1.bootps > 255.255.255.255.bootpc: xid:0x34861165 > flags:0x8000 Y:202.63.67.36 S:172.21.116.42 ether 20:c9:d0:15:3c:a3 > vend-rfc1048 DHCP:ACK SM:255.255.254.0 DG:202.63.66.1 > NS:119.40.106.35,119.40.106.36 NTP:125.253.59.254 LT:600 SID:202.63.66.1 > MSZ:1500 CID:1.32.201.208.21.60.163 [tos 0xc0] > > On Thu, May 11, 2023 at 12:20:48AM +0200, Sebastian Benoit wrote: >> i think that putput does not help mmuch because it does not show the DHCP >> packet contents. >> >> You could write the capture to a file with "-w filename" and then copy the >> file to the OpenBSD box for printing with "-r filename". Or send the raw >> pcap file. >> >> /B. -- Mike Fischer fisc...@lavielle.com
Re: dhcpleased losing route
What does `# dhcpleasectl -l cnmac2` output on the machine you are using? Mine (OpenBSD 7.3 amd64 vm on the LAN) looks like this (anonymised): root@vm2:~# dhcpleasectl -l vio0 vio0 [Bound] inet 192.168.x.220 netmask 255.255.255.0 default gateway 192.168.x.1 nameservers 192.168.x.1 lease 24 hours < what is your lease time? dhcp server 192.168.x.1 root@vm2:~# I suspect your lease time is much higher than 5 min. An ISP issuing leases as short as 5 min. would be highly unusual. You could try running dhcpleased manually like this to see details about what is going on: # dhcpleased -vv -d (But you’d need to stop the processes started by rc(8) first. E.g.: `# rcctl stop dhcpleased`. Don’t forget to `# rcctl start dhcpleased` when you are done with the testing.) Does the interface go down and up for some reason every 5 minutes? That might cause dhcpleased(8) to renew the lease. HTH Mike > Am 10.05.2023 um 07:28 schrieb Otto Moerbeek : > > On Wed, May 10, 2023 at 01:17:05PM +1000, David Diggles wrote: > >> >> Just to update, I've added the following to dhclient.conf but >> it's still renewing every 5 minutes (approximately) and the >> default route is disappearing for a couple of seconds. :( >> >> send dhcp-lease-time 86400; > > dhcpleased does not use dhclient.conf, it used dhcpleased.conf, which > does not have a way to influence the lease time requested (if that is a > thing). > > -Otto >> >> On Wed, May 10, 2023 at 01:00:00PM +1000, David Diggles wrote: >>> My ISP provides connection via DHCP. >>> >>> Every 5 minutes or so when dhcpleased is renewing the lease, >>> my default route disappears for a few seconds. >>> >>> Definitely I'll be looking at requesting a longer lease by >>> putting a setting in /etc/dhclient.conf but is there any way >>> I can stop the default route disappearing with each renew event? >>> >>> The route didn't disappear when I tested with NetBSD and Linux. >>> >>> This seems like I'm missing a setting in dhclient.conf to make >>> the default route sticky? I can't see any obvious answers in >>> the man page for dhclient.conf unfortunately. >>> >>> (IP fudged log snippet below) >>> >>> May 10 12:23:21 openbsd-gateway dhcpleased[77979]: deleting nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> May 10 12:23:21 openbsd-gateway dhcpleased[77979]: deleting x.x.x.30 from >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:23:23 openbsd-gateway dhcpleased[77979]: adding x.x.x.30 to >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:23:23 openbsd-gateway dhcpleased[77979]: adding nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> May 10 12:28:23 openbsd-gateway dhcpleased[77979]: deleting nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> May 10 12:28:23 openbsd-gateway dhcpleased[77979]: deleting x.x.x.30 from >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:28:25 openbsd-gateway dhcpleased[77979]: adding x.x.x.30 to >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:28:25 openbsd-gateway dhcpleased[77979]: adding nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> May 10 12:33:26 openbsd-gateway dhcpleased[77979]: deleting nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> May 10 12:33:26 openbsd-gateway dhcpleased[77979]: deleting x.x.x.30 from >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:33:28 openbsd-gateway dhcpleased[77979]: adding x.x.x.30 to >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:33:28 openbsd-gateway dhcpleased[77979]: adding nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> May 10 12:38:28 openbsd-gateway dhcpleased[77979]: deleting nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> May 10 12:38:28 openbsd-gateway dhcpleased[77979]: deleting x.x.x.30 from >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:38:30 openbsd-gateway dhcpleased[77979]: adding x.x.x.30 to >>> cnmac2 (lease from x.x.x.1) >>> May 10 12:38:30 openbsd-gateway dhcpleased[77979]: adding nameservers >>> x.x.x.x x.x.x.x (lease from x.x.x.1 on cnmac2) >>> >> -- Mike Fischer fisc...@lavielle.com
Re: apm doesn't know AC state on APU1C
On Wed, Apr 26, 2023 at 08:48:00PM +0200, Jan Stary wrote: > On Apr 26 11:38:40, dera...@openbsd.org wrote: > > Jan Stary wrote: > > > > > On Apr 26 14:57:22, stu.li...@spacehopper.org wrote: > > > > On 2023-04-26, Jan Stary wrote: > > > > > This is current/amd64 on an APU1C (dmesg below). > > > > > While 'sysctl hw' knows hw.power=1, apm doesn't know: > > > > > > > > > > Battery state: absent, 0% remaining, unknown life estimate > > > > > AC adapter state: not known > > > > > Performance adjustment mode: auto (1000 MHz) > > > > > > > > > > Yes, apmd -A is running. > > > > > > > > > > Not that this matters much, the machine will always be on AC; > > > > > but it still seems strange for apm to not know. > > > > > > > > I don't expect the machine has bothered with a way to pass that > > > > information through to the OS. > > > > > > Does sysctl hw.power know through a different way than apm? > > > > Does your APU1C have acpi? > > Yes (dmesg below). Is that how sysctl hw gets it, as opposed to apm? > > Jan > no acpiac(4). > > OpenBSD 7.3-current (GENERIC.MP) #0: Wed Apr 26 12:48:53 CEST 2023 > h...@stary.stare.cz:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 2098511872 (2001MB) > avail mem = 2015346688 (1921MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e16d820 (7 entries) > bios0: vendor coreboot version "4.0" date 09/08/2014 > bios0: PC Engines APU > acpi0 at bios0: ACPI 4.0 > acpi0: sleep states S0 S1 S3 S4 S5 > acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT > acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) > PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) UOH3(S3) > UOH4(S3) UOH5(S3) [...] > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpihpet0 at acpi0: 14318180 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD G-T40E Processor, 1000.02 MHz, 14-02-00 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache > cpu0: 512KB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 200MHz > cpu0: mwait min=64, max=64, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: AMD G-T40E Processor, 1000.02 MHz, 14-02-00 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC > cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache > cpu1: 512KB 64b/line 16-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (AGPB) > acpiprt2 at acpi0: bus -1 (HDMI) > acpiprt3 at acpi0: bus 1 (PBR4) > acpiprt4 at acpi0: bus 2 (PBR5) > acpiprt5 at acpi0: bus 3 (PBR6) > acpiprt6 at acpi0: bus -1 (PBR7) > acpiprt7 at acpi0: bus 5 (PE20) > acpiprt8 at acpi0: bus -1 (PE21) > acpiprt9 at acpi0: bus -1 (PE22) > acpiprt10 at acpi0: bus -1 (PE23) > acpiprt11 at acpi0: bus 4 (PIBR) > acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 > acpicmos0 at acpi0 > acpibtn0 at acpi0: PWRB > acpicpu0 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS > acpicpu1 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS > cpu0: 1000 MHz: speeds: 1000 800 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "AMD 14h Host" rev 0x00 > ppb0 at pci0 dev 4 function 0 "AMD 14h PCIE" rev 0x00: msi > pci1 at ppb0 bus 1 > re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:0d:b9:3d:bb:fc > rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 > ppb1 at pci0 dev 5 function 0 "AMD 14h PCIE" rev 0x00: msi > pci2 at ppb1 bus 2 > re1 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:0d:b9:3d:bb:fd > rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 > ppb2 at pci0 dev 6 function 0 "AMD 14h PCIE" rev 0x00: msi > pci3 at ppb2 bus 3 > re2 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:0d:b9:3d:bb:fe > rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 > ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 2 int 19, > AHCI 1.2 > scsibus1 at ahci0: 32 targets > ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 2 int 18, > version 1.0, legacy support > ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 configuration 1 interface 0 "ATI
Re: hardware
On Mon, Apr 17, 2023 at 02:21:14PM -0600, Theo de Raadt wrote: > Gustavo Rios wrote: > > > What is the best supported servers by OpenBSD ? > > The silver ones work a little bit better than the black ones. > disagree. All my long running servers are the black ones.
Re: pkg_info -Q confusion
> Am 15.04.2023 um 23:44 schrieb Antun Matanović : > >> I'm generally interested in what is available for the exact machine I am >> running on. > > You could use `pkg_info -a -Q` which searches all the repositories. >> From the pkg_info man page: > -Q substring > Show the names of all packages in the first repository of the > package search path containing the substring in the stems of > their package names. A stem is a package name with all version > and flavor suffixes removed; see pkg_add(1) for more details on > stems. If -a is also specified, show the names of all matching > packages in all repositories instead. So simple and so perfect! Thanks for that hint. I’ll still keep pkglocate around for more complicated partial name searches but for most of my use cases pkg_info -aQ name is exactly what I need. Mike
Re: pkg_info -Q confusion
> Am 14.04.2023 um 18:24 schrieb Allan Streib :
>
> On Fri, Apr 14, 2023, at 05:50, Stuart Henderson wrote:
>> I never found pkg_info -Q to be a useful tool.
>>
>> Try pkglocate instead ("pkg_add pkglocatedb" first) which allows
>> searching on an index that is built from : - as a
>> result it lets you do a substring match on package names, not just
>> on filenames.
>
> Also, as mentioned in packages(7) man page, there is a site at
> https://openports.pl/ that can be used, though obviously that requires
> internet access so may not be appropriate for all cases. I tend to
> use it a lot, personally.
It does not seem to differentiate between different OpenBSD versions or
architectures though?
I’m generally interested in what is available for the exact machine I am
running on. But I guess at least knowing that there is a port for some version
on some platform might be helpful — at least the inverse means I can stop
looking now ;-)
But still thanks for reminding me of this site. I had forgotten about that.
Mike
Re: pkg_info -Q confusion
Inline…
> Am 14.04.2023 um 12:50 schrieb Stuart Henderson :
>
> On 2023-04-14, Mike Fischer wrote:
>> Usually when looking for a port to install I use `pkg_info -Q name` to
>> search for the the port.
>>
>> Strangely this does not completely work for PHP on OpenBSD 7.3:
>>
>> `pkg_info -Q php` does not list PHP 7.4.33 and related ports which are
>> clearly available.
>>
>> It seems that -Q only finds ports in packages-stable/, not packages/?
>>
>> pkg_info(1) does not seem to mention this limitation (or I have missed it).
>
> That's what is meant by "in the first repository of the package search
> path" but it's not very obvious.
Ah, I see. Indeed I didn’t realise that was meant by the statement.
> If PKG_PATH is not set and you're on a release version, the
> pkg_add-based tools (including pkg_info) construct one starting with
> the packages-stable directory, in order that -stable updates are
> preferred over release packages. This is (mostly) described in
> pkg_add(1).
>
> You can search just the release packages with
>
> PKG_PATH=http://cdn.openbsd.org/pub/OpenBSD/%v/packages/%a/ pkg_info -Q php
Ok, thanks. Not very comfortable but at least a possibility.
>
>> Is this working as intended?
>
> Yes though it's a little unfriendly.
Yep!
>
>> Is there a better way to look for available packages?
>
> I never found pkg_info -Q to be a useful tool.
Up to now I never had an issue. But I never noticed this limitation before. (I
did notice the lack of being able to search for partial package names but I
have gotten used to that.)
> Try pkglocate instead ("pkg_add pkglocatedb" first) which allows
> searching on an index that is built from : - as a
> result it lets you do a substring match on package names, not just
> on filenames.
>
> For a package which includes many files you'll get a lot of output
> lines, so something like "pkglocate moo | cut -d: -f1 | uniq" maybe
> useful, or "pkglocate moo | grep ^moo".
>
> And if you're looking for the package containing a particular
> binary, "pkglocate bin/moo" cuts out a lot of the useless stuff.
Very helpful!
Thanks Stuart!
Mike
pkg_info -Q confusion
Usually when looking for a port to install I use `pkg_info -Q name` to search for the the port. Strangely this does not completely work for PHP on OpenBSD 7.3: `pkg_info -Q php` does not list PHP 7.4.33 and related ports which are clearly available. It seems that -Q only finds ports in packages-stable/, not packages/? pkg_info(1) does not seem to mention this limitation (or I have missed it). Is this working as intended? Is there a better way to look for available packages? Thanks! Mike
Re: acme-client fails to renew certificate
Well as long as you always use the sane challenge directory /var/www/acme/ then
I would first simplify this by only defining one server block for all port 80
access:
server "www.example.com“ {
listen on $www_v4 port 80
listen on $www_v6_a port 80
alias "example.com"
block return 301 "https://$HTTP_HOST$REQUEST_URI;
location "/.well-known/acme-challenge/*" {
pass
# /var/www/acme
root "/acme"
request strip 2
}
}
You can do the same for the port 443 servers unless you want there to be some
difference between https://www.example.com and https://example.com. Less typing
and less places to make mistakes.
As you are getting 404 errors you where probably missing the pass in the
challenge location.
Did you actually test the challenge?
Place a small text file into the challenge dir:
# echo 'Test' > /var/www/acme/test
The use something like curl to see what happens when you try to access this
file:
curl --head --url 'http://www.example.com/.well-known/acme-challenge/test'
and
curl --head --url 'http://example.com/.well-known/acme-challenge/test'
You may also need to specify the challenge dir in /etc/acme-client.conf but
/var/www/acme seems to be the default so you are probably good:
domain www.example.com {
alternative names { example.com }
domain key "/etc/ssl/private/www.example.com.key.pem“
domain full chain certificate "/etc/ssl/certs/www.example.com.chain.pem“
sign with letsencrypt
challengedir "/var/www/acme"
}
HTH
Mike
> Am 12.04.2023 um 15:36 schrieb rea...@catastrophe.net:
>
> I started having some problems with cert renewal using acme-client after
> upgrading to 7.3 (not really sure 7.3 has anything to do with the following,
> however). I've verified that nothing has changed and that httpd is listening
> correctly, etc.
>
> When I run acme-client and watch for any changes to
> /var/www/htdocs/example.org/.well-known/acme-client I never see any files
> being written to that directory (which is likely leading to the 404). Is
> the client supposed to write a temporary file for remote validation?
>
> Does anyone see any issues with the configurations that follow the output
> which may have any errors?
>
> Thanks in advance.
>
>
> # acme-client -v www.example.com
> acme-client: /etc/ssl/certs/www.example.com.chain.pem: certificate renewable:
> 29 days left
> acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
> acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
> acme-client: acme-v02.api.letsencrypt.org: DNS:
> 2606:4700:60:0:f53d:5624:85c7:3a2c
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728127
> acme-client: challenge, token: 2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728127/CSJfMg,
> status: 0
> acme-client: /var/www/acme/2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk:
> created
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728137
> acme-client: challenge, token: 8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728137/sCRFpw,
> status: 0
> acme-client: /var/www/acme/8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8:
> created
> acme-client:
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728127/CSJfMg:
> challenge
> acme-client:
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728137/sCRFpw:
> challenge
> acme-client: order.status 0
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728127
> acme-client: challenge, token: 2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728127/CSJfMg,
> status: -1
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728137
> acme-client: challenge, token: 8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728137/sCRFpw,
> status: -1
> acme-client: order.status -1
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728127
> acme-client: 2600:fee:bee::e:8:0: Invalid response from
> https://www.example.com/.well-known/acme-challenge/2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk:
> 404
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728137
> acme-client: 2600:fee:bee::e:8:0: Invalid response from
> https://www.example.com/.well-known/acme-challenge/8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8:
> 404
> acme-client: bad exit: netproc(16493): 1
>
>
> ### The www directory exists for the acme-challenge
Re: openbsd get really hot/warm
On Thu, Mar 02, 2023 at 06:43:02PM +0100, l...@netc.fr wrote: > > hello > > > > unfortunately since a week I was wondering about something : > > on two old hp elitebook, it looks like under win7 and linux/LMDE, that at a > general glance everything looks correct > > > > but on openbsd, something happens, even if CPU is not high : it's a huge > overheating, with fans going almost everytime in the high speed, and lower > case of the laptop, almost burning (in a way it's really warm, impossible to > get it a minute on laps) > > I saw the same problem on an asus laptop. > > is there anyway to know where it come from? > > > > openbsd v7.1 > > > > under win7 and linux (lmde5), this problem doesnt happens. It's really > strange. > thak you for ideas man sendbug
Re: how tail waits for file to appear again?
> Am 17.02.2023 um 06:23 schrieb Maksim Rodin : > > Hello, > Sorry if I chose the wrong place to ask such a question. > I have been learning C for a couple of months and along with reading > "C Primer Plus" by Stephen Prata and doing some exercises from it I took > a hard (for me) task to replicate a tail program in its simplest form. > I was able to reproduce watching for new data and truncation of the > file using kqueue but I do not quite understand how the original tail > watches when the file appears again after deletion or renaming. > By reading the original tail sources downloaded from OpenBSD mirror I > see that this is done by calling tfreopen function which seems to use a > "for" loop to (continuously?) stat(2) the file name till stat(2) successfully > returns and it does not seem to load a CPU as a simple continuous "for" > loop would do. No, the for loop in line 362 of forward.c (https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/tail/forward.c?annotate=1.33) iterates over the files. Note that tail allows you to monitor more than one file at a time, see tail(1). > Can someone explain how it is done? tfreopen is called in line 224 of the same file inside a while(1) loop. At the top of this loop kevent is called (L191). See kevent(2) for details on how that works. That is the real _magic_ here ;-) tfqueue sets up the event mechanism for a single file so you may want to look at that as well. > May be there is a better way to watch for the file to appear correctly? The way tail(1) does this seems pretty optimal to me. > Is inserting a sleep(3) in a loop an appropriate way? You could do this, but it’s less optimal than using kqueue/kevent because sleep(3) will wait longer than necessary in some cases and wake up sooner than required in others. It is basically a way to do polling which is always worse than event driven code. > > Below is the function how it is done in tail: It would have been better to cite the file name and line numbers, very easy with https://cvsweb.openbsd.org as I did above. There is also a mirror of the repo on Github, which also makes this sort of thing very easy: https://github.com/openbsd. E.g.: https://github.com/openbsd/src/blob/master/usr.bin/tail/forward.c#L224 The links to the repositories are right on the https://www.openbsd.org home page, so not hard to find at all. HTH Mike PS. Note that I am not an expert on kqueue/kevent programming. So followups for details on these functions would probably need to be answered by someone else.
Re: tracker-miner-fs-3
On Thu, Feb 16, 2023 at 05:06:05PM +0100, Daniele Bonini wrote: > > Hello, > Sorry if I'm reluctant to this piece of software: > > NAME > tracker-miner-fs-3 - Used to crawl the file system to mine data. > > It is continuously accessing and browsing my disk.. > Any clue? > Is it possible to safely disable it? > Appreciated, thanks. I ran 'pkg_info tracker3' which gave some good information about this software. I hadn't heard of it before and you're right, it does sound ominous based on the description you posted. It looks like that's part of the GNOME desktop environment. If you're running GNOME, I'd advise keeping it installed since it seems to do some sort of file indexing for searching. If not, delete it. Personally, I prefer just running a window manager and not a full-blown desktop environment, but that's me. Your mileage may vary. -- Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.
Re: Calculating VMs/CPU
On Sun, Feb 05, 2023 at 10:12:39PM +, Mike Larkin wrote: > On Sun, Feb 05, 2023 at 03:53:34PM -0500, Nick Holland wrote: > > On 2/4/23 17:31, latin...@vcn.bc.ca wrote: > > > Hello misc > > > > > > i am building an only VMD server: > > > > > > How could calculate the relation: CPU, Ram, Storage, VMs please? > > > > > > Thanks. > > > PD: > > > I have a Lenovo ThinkPad Edge 4 i3 cores, 500GB disk. 8GB Ram. > > > > > > > This is kinda virtualization 101 stuff, not really specific to OpenBSD. > > > > RAM: assume more than 1:1. The VM will require certain overhead, as will > > the base OS. So, if you want 2G VMs, you won't be getting four of them > > on your 8G machine. You might get three. (some VM systems support > > "thin provisioning" of RAM. This is really a great way to hurt yourself > > unless you really know what you -- and all your guest OSs -- are doing. > > And you are still really likely to hurt yourself). > > All vmm memory is wired, so do not overcommit memory with vmm/vmd. > > > > > Disk: Assume 1:1. Even if your VM system supports thin provisioning > > (OpenBSD doesn't appear to), don't. Assume you will use 100% of the > > Both supported formats (qcow2 and raw) are thin. But your advice is > sound; assume you will eventually use 100% of what you provision. Here's what I meant by that: $ /export/VMs> vmctl create -s 100g big.raw vmctl: raw imagefile created $ /export/VMs> du -h big.raw 192Kbig.raw $ /export/VMs> ls -la big.raw -rw--- 1 mlarkin wheel 107374182400 Feb 5 14:20 big.raw Same holds true for qcow2. -ml > > > disk you provision for a VM. Because you will. Thin provisioning VMs > > is generally a bad idea. > > > > CPU: Test, don't speculate. This is where you can get some benefit from > > resource sharing. You can also end up fooling yourself into thinking > > that 10 VMs that are usually 90% idle can share one CPU, because that > > 10% busy time? They are all working on the same task. > > > > > > In your case of a 4xi3 8g/500g, I suspect your machine will run out of > > RAM, CPU and then disk, in that order, though if you work at it, you > > can run out in any order you wish. :) > > > > But it is all how you define your VMs and what you do with it. Your > > host i3 could be maxed out with a web browser, so the VMs you run are > > going to have to be minimal and your expectations modest. > > > > Nick. > > >
Re: Calculating VMs/CPU
On Sun, Feb 05, 2023 at 03:53:34PM -0500, Nick Holland wrote: > On 2/4/23 17:31, latin...@vcn.bc.ca wrote: > > Hello misc > > > > i am building an only VMD server: > > > > How could calculate the relation: CPU, Ram, Storage, VMs please? > > > > Thanks. > > PD: > > I have a Lenovo ThinkPad Edge 4 i3 cores, 500GB disk. 8GB Ram. > > > > This is kinda virtualization 101 stuff, not really specific to OpenBSD. > > RAM: assume more than 1:1. The VM will require certain overhead, as will > the base OS. So, if you want 2G VMs, you won't be getting four of them > on your 8G machine. You might get three. (some VM systems support > "thin provisioning" of RAM. This is really a great way to hurt yourself > unless you really know what you -- and all your guest OSs -- are doing. > And you are still really likely to hurt yourself). All vmm memory is wired, so do not overcommit memory with vmm/vmd. > > Disk: Assume 1:1. Even if your VM system supports thin provisioning > (OpenBSD doesn't appear to), don't. Assume you will use 100% of the Both supported formats (qcow2 and raw) are thin. But your advice is sound; assume you will eventually use 100% of what you provision. > disk you provision for a VM. Because you will. Thin provisioning VMs > is generally a bad idea. > > CPU: Test, don't speculate. This is where you can get some benefit from > resource sharing. You can also end up fooling yourself into thinking > that 10 VMs that are usually 90% idle can share one CPU, because that > 10% busy time? They are all working on the same task. > > > In your case of a 4xi3 8g/500g, I suspect your machine will run out of > RAM, CPU and then disk, in that order, though if you work at it, you > can run out in any order you wish. :) > > But it is all how you define your VMs and what you do with it. Your > host i3 could be maxed out with a web browser, so the VMs you run are > going to have to be minimal and your expectations modest. > > Nick. >
Re: Calculating VMs/CPU
On Sat, Feb 04, 2023 at 10:02:13PM -0800, latin...@vcn.bc.ca wrote: > > On Sat, Feb 04, 2023 at 02:31:39PM -0800, latin...@vcn.bc.ca wrote: > >> Hello misc > >> > >> i am building an only VMD server: > >> > >> How could calculate the relation: CPU, Ram, Storage, VMs please? > >> > >> Thanks. > >> PD: > >> I have a Lenovo ThinkPad Edge 4 i3 cores, 500GB disk. 8GB Ram. > >> > > > > what are you planning on running? > > > > Thanks for your attention: > > For now, only OpenBSD with connection to the world' the 3rd option i think. > > In the future: > BSD and Linux! > > How can i get the related information please. I have installed OpenBSD 7.2 > and it is a testing laptop. it is going to be reproduced on arented bare > metal Server. > > > > I can't answer your question without knowing what you plan to run in the VMs. Just don't overcommit RAM. -ml
Re: Calculating VMs/CPU
On Sat, Feb 04, 2023 at 02:31:39PM -0800, latin...@vcn.bc.ca wrote: > Hello misc > > i am building an only VMD server: > > How could calculate the relation: CPU, Ram, Storage, VMs please? > > Thanks. > PD: > I have a Lenovo ThinkPad Edge 4 i3 cores, 500GB disk. 8GB Ram. > what are you planning on running?
Re: hw.ncpuonline
On Tue, Jan 31, 2023 at 05:54:23PM -0800, Justin Muir wrote: > Hi all, > > I've got an AMD A10 with 4 cores and only 2 are online. I'm not sure how to > enable the other 2. > > hw.ncpufound=4 btw > > Any ideas out there? > > Tia! likely sysctl hw.smt=1
After upgrade to 7.2 snmpd fails
le cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled "VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18, address 00:50:56:a5:4b:67 ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01: msi pci3 at ppb2 bus 3 ppb3 at pci0 dev 21 function 1 "VMware PCIE" rev 0x01: msi pci4 at ppb3 bus 4 ppb4 at pci0 dev 21 function 2 "VMware PCIE" rev 0x01: msi pci5 at ppb4 bus 5 ppb5 at pci0 dev 21 function 3 "VMware PCIE" rev 0x01: msi pci6 at ppb5 bus 6 ppb6 at pci0 dev 21 function 4 "VMware PCIE" rev 0x01: msi pci7 at ppb6 bus 7 ppb7 at pci0 dev 21 function 5 "VMware PCIE" rev 0x01: msi pci8 at ppb7 bus 8 ppb8 at pci0 dev 21 function 6 "VMware PCIE" rev 0x01: msi pci9 at ppb8 bus 9 ppb9 at pci0 dev 21 function 7 "VMware PCIE" rev 0x01: msi pci10 at ppb9 bus 10 ppb10 at pci0 dev 22 function 0 "VMware PCIE" rev 0x01: msi pci11 at ppb10 bus 11 ppb11 at pci0 dev 22 function 1 "VMware PCIE" rev 0x01: msi pci12 at ppb11 bus 12 ppb12 at pci0 dev 22 function 2 "VMware PCIE" rev 0x01: msi pci13 at ppb12 bus 13 ppb13 at pci0 dev 22 function 3 "VMware PCIE" rev 0x01: msi pci14 at ppb13 bus 14 ppb14 at pci0 dev 22 function 4 "VMware PCIE" rev 0x01: msi pci15 at ppb14 bus 15 ppb15 at pci0 dev 22 function 5 "VMware PCIE" rev 0x01: msi pci16 at ppb15 bus 16 ppb16 at pci0 dev 22 function 6 "VMware PCIE" rev 0x01: msi pci17 at ppb16 bus 17 ppb17 at pci0 dev 22 function 7 "VMware PCIE" rev 0x01: msi pci18 at ppb17 bus 18 ppb18 at pci0 dev 23 function 0 "VMware PCIE" rev 0x01: msi pci19 at ppb18 bus 19 ppb19 at pci0 dev 23 function 1 "VMware PCIE" rev 0x01: msi pci20 at ppb19 bus 20 ppb20 at pci0 dev 23 function 2 "VMware PCIE" rev 0x01: msi pci21 at ppb20 bus 21 ppb21 at pci0 dev 23 function 3 "VMware PCIE" rev 0x01: msi pci22 at ppb21 bus 22 ppb22 at pci0 dev 23 function 4 "VMware PCIE" rev 0x01: msi pci23 at ppb22 bus 23 ppb23 at pci0 dev 23 function 5 "VMware PCIE" rev 0x01: msi pci24 at ppb23 bus 24 ppb24 at pci0 dev 23 function 6 "VMware PCIE" rev 0x01: msi pci25 at ppb24 bus 25 ppb25 at pci0 dev 23 function 7 "VMware PCIE" rev 0x01: msi pci26 at ppb25 bus 26 ppb26 at pci0 dev 24 function 0 "VMware PCIE" rev 0x01: msi pci27 at ppb26 bus 27 ppb27 at pci0 dev 24 function 1 "VMware PCIE" rev 0x01: msi pci28 at ppb27 bus 28 ppb28 at pci0 dev 24 function 2 "VMware PCIE" rev 0x01: msi pci29 at ppb28 bus 29 ppb29 at pci0 dev 24 function 3 "VMware PCIE" rev 0x01: msi pci30 at ppb29 bus 30 ppb30 at pci0 dev 24 function 4 "VMware PCIE" rev 0x01: msi pci31 at ppb30 bus 31 ppb31 at pci0 dev 24 function 5 "VMware PCIE" rev 0x01: msi pci32 at ppb31 bus 32 ppb32 at pci0 dev 24 function 6 "VMware PCIE" rev 0x01: msi pci33 at ppb32 bus 33 ppb33 at pci0 dev 24 function 7 "VMware PCIE" rev 0x01: msi pci34 at ppb33 bus 34 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on wd0a (8bb2ebc939040c08.a) swap on wd0b dump on wd0b Thanks! Mike
Re: After upgrade to 7.2 snmpd fails
Nevermind! # userdel _rtadvd # groupdel _rtadvd # groupadd -g 92 _agentx Solved the problem. Apparently I failed to follow the instructions in https://www.openbsd.org/faq/upgrade64.html when I did that upgrade ;-) Sorry for the noise! Mike > Am 21.01.2023 um 23:59 schrieb Mike Fischer : > > Ok, I think I have figured out the root cause: > > Group _agentx (gid 92) does not exist! > > Instead I have: > # cat /etc/passwd|grep _rtadvd > _rtadvd:*:92:92:IPv6 Router Advertisement Daemon:/var/empty:/sbin/nologin > # cat /etc/group|grep _rtadvd > _rtadvd:*:92: > # > > Any idea which port installs this? > > I don’t recall installing any IPv6 routing related ports but possibly some > dependency might have pulled something in? I don’t see anything obvious in > the list of installed ports: > # pkg_info -a > apache-httpd-2.4.54 apache HTTP server > apr-1.7.0 Apache Portable Runtime > apr-util-1.6.1p4companion library to APR > argon2-20190702 C implementation of Argon2 - password hashing function > brotli-1.0.9p0 generic lossless compressor > bzip2-1.0.8p0 block-sorting file compressor, unencumbered > colorls-6.9 ls(1) that can use color to display file attributes > curl-7.87.0 transfer files with FTP, HTTP, HTTPS, etc. > cvsps-2.1p2 generate patchsets from CVS repositories > db-4.6.21p7v0 Berkeley DB package, revision 4 > dokuwiki-2022.07.31a standards compliant, simple to use Wiki > dovecot-2.3.19.1p0v0 compact IMAP/POP3 server > emacs-28.2-no_x11 GNU editor: extensible, customizable, self-documenting > femail-1.0p1simple SMTP client > femail-chroot-1.0p3 simple SMTP client for chrooted web servers > gd-2.3.3library for dynamic creation of images > gettext-runtime-0.21p1 GNU gettext runtime libraries and programs > giflib-5.2.1tools and library routines for working with GIF images > git-2.37.3 distributed version control system > glib2-2.72.4p2 general-purpose utility library > gmake-4.3 GNU make > gmp-6.2.1p0 library for arbitrary precision arithmetic > gnupg-2.2.39GNU privacy guard - a free PGP replacement > gnutls-3.7.7GNU Transport Layer Security library > icu4c-71.1v0International Components for Unicode > iftop-1.0pre4p3 display bandwidth usage on an interface > intel-firmware-20221108v0 microcode update binaries for Intel CPUs > iperf-2.0.12p0 tool for measuring maximum TCP and UDP bandwidth > jansson-2.14library for manipulating JSON data > jpeg-2.1.3v0SIMD-accelerated JPEG codec replacement of libjpeg > libassuan-2.5.5 IPC library used by GnuPG and gpgme > libexttextcat-3.4.6 UTF-8 aware language guessing library > libffi-3.4.2Foreign Function Interface > libgcrypt-1.10.1p0 crypto library based on code used in GnuPG > libgpg-error-1.45 error codes for GnuPG related software > libiconv-1.17 character set conversion library > libidn-1.41 internationalized string handling > libidn2-2.3.0p0 implementation of IDNA2008 internationalized domain names > libksba-1.6.3 X.509 library > libnettle-3.8.1 cryptographic library > libpsl-0.21.1 public suffix list library > libsecret-0.20.5p0 library for storing and retrieving passwords and secrets > libsodium-1.0.18p1 library for network communications and cryptography > libstemmer-2.1.0stemming algorithms for text processing > libtasn1-4.19.0 Abstract Syntax Notation One structure parser library > libunbound-1.16.3 validating DNS resolver library > libunistring-0.9.7 manipulate Unicode strings > libusb1-1.0.23p2library for USB device access from userspace > libwebp-1.2.4 Google WebP image format conversion tool > libxml-2.10.3 XML parsing library > libzip-1.8.0p0 library for reading, creating and modifying zip archives > lz4-1.9.4 fast BSD-licensed data compression > lzo2-2.10p2 portable speedy lossless data compression library > mariadb-client-10.9.3v1 multithreaded SQL database (client) > mariadb-server-10.9.3v1 multithreaded SQL database (server) > net-snmp-5.9.3p2extendable SNMP implementation > nghttp2-1.49.0 library for HTTP/2 > npth-1.6new GNU Portable Threads Library > oniguruma-6.9.8 regular expressions library > p11-kit-0.24.1 library for loading and enumerating PKCS#11 modules > p5-Archive-Zip-1.68 perl interface to ZIP files > p5-B-Hooks-EndOfScope-0.26 execute code after a scope finished compilation > p5-BSD-Resource-1.2911p0 BSD process resource limit and priority functions > p5-CGI-4.53 Handle Common Gateway Interface requests and responses > p5-Class-Data-Inheritable-0.09 inheritable, over
Re: After upgrade to 7.2 snmpd fails
age-DeprecationManager-0.17p0 manage deprecation warnings for your distribution p5-Package-Stash-0.39 routines for manipulating stashes p5-Package-Stash-XS-0.29p0 faster and more correct implementation of Package::Stash p5-Params-Util-1.102 utility to make parameter checking easier p5-Params-Validate-1.30 validate method/function parameters p5-Params-ValidationCompiler-0.30p0 build an optimized subroutine parameter validator p5-PlRPC-0.2020p0 module for writing rpc servers and clients p5-Ref-Util-0.204p0 utility functions for checking references p5-Ref-Util-XS-0.117p0 utility functions for checking references (XS version) p5-Role-Tiny-2.002004 minimalist role composition tool p5-SQL-Statement-1.414 SQL parsing and processing engine p5-Socket6-0.29p0 Perl defines relating to AF_INET6 sockets p5-Sort-Naturally-1.03p0 sort lexically, but sort numeral parts numerically p5-Specio-0.47 type constraints and coercions for Perl p5-Sub-Exporter-0.988 sophisticated exporter for custom-built routines p5-Sub-Exporter-Progressive-0.001013p0 only use Sub::Exporter if you need it p5-Sub-Identify-0.14p0 retrieve names of code references p5-Sub-Install-0.928p0 helper for installing code into packages p5-Sub-Name-0.26p0 (re)name a sub p5-Sub-Quote-2.006006p0 efficient generation of subroutines via string eval p5-Throwable-1.000 role for classes that can be thrown p5-Time-TimeDate-2.33 library for parsing and formatting dates and times p5-Try-Tiny-0.31minimal try/catch with proper preservation of $@ p5-URI-5.12 library to parse Uniform Resource Identifiers p5-Variable-Magic-0.62p0 associate user-defined magic to variables from Perl p5-WWW-RobotRules-6.02p0 database of robots.txt-derived permissions p5-libwww-6.64 library for WWW access in Perl p5-namespace-autoclean-0.29p0 keep imports out of your namespace p5-namespace-clean-0.27p0 keep imports and functions out of your namespace p5-strictures-2.06 turn on strict and make most warnings fatal pcre-8.44 perl-compatible regular expression library pcre2-10.37 perl-compatible regular expression library, version 2 pear-1.10.19p2 base classes for common PHP tasks pear-utils-1.10.19p2 utilities for managing pear extensions pfstat-2.5p5packet filter statistics visualization pftop-0.7p19curses-based real time state and rule display for pf php-7.4.33 server-side HTML-embedded scripting language php-8.0.27 server-side HTML-embedded scripting language php-apache-7.4.33 php module for Apache httpd php-curl-7.4.33 curl URL library extensions for php php-curl-8.0.27 curl URL library extensions for php php-gd-7.4.33 image manipulation extensions for php php-gd-8.0.27 image manipulation extensions for php php-mysqli-7.4.33 mysql database access extensions for php php-mysqli-8.0.27 mysql database access extensions for php php-snmp-7.4.33 snmp protocol extensions for php php-snmp-8.0.27 snmp protocol extensions for php php-zip-7.4.33 zip functions for php php-zip-8.0.27 zip functions for php phpMyAdmin-5.2.0tool to handle the administration of MySQL over the web pinentry-1.2.1 PIN or passphrase entry dialog (ncurses interface) png-1.6.37p0library for manipulating PNG images postfix-3.8.20220816p0 fast, secure sendmail replacement python-3.9.16 interpreted object-oriented programming language quirks-6.42 exceptions to pkg_add rules and cache re2c-3.0C-based regular expression scanner generator rsync-3.2.5pl0 mirroring/synchronization over low bandwidth links screen-4.9.0multi-screen window manager snappy-1.1.9fast compression/decompression library sqlite3-3.39.3 embedded SQL implementation sshguard-2.4.2 protect against brute force attacks on sshd and others symon-2.88p6active host monitoring tool tiff-4.4.0p2tools and library routines for working with TIFF images unzip-6.0p16extract, list & test files in a ZIP archive vnstat-2.6v0network traffic monitor vnstati-2.6v0 image output support for vnstat wget-1.21.3 retrieve files from the web via HTTP, HTTPS and FTP wp-cli-2.6.0p0 command line tool for wordpress xz-5.2.5p2 LZMA compression and decompression tools zip-3.0p1 create/update ZIP files compatible with PKZip(tm) zstd-1.5.2 zstandard fast real-time compression algorithm # Thanks! Mike > Am 21.01.2023 um 23:21 schrieb Mike Fischer : > > I have just upgraded a VM from OpenBSD 7.1 to 7.2. > > Looks good so far except for snmpd which suddenly fails shortly after > starting up: > From /var/log/daemon: > Jan 21 22:59:56 wo snmpd[86168]: legacy backend: Registering > 1.3.6.1.6.3.15.1.1.6.0(instance) context() priority(1) timeout(1.50s) > Jan 21 22:59:56 wo snmpd[86168]: snmpe > 800075cb818a66d65d090777dbde2ea8611db68b0dd4cb21735926a9cf61f331: ready > Jan 21 22:59:56 wo snmpd[8
Re: virtualization in openbsd running on Raspberry pi
On Thu, Dec 22, 2022 at 08:47:00AM +0530, Sandeep Gupta wrote: > Just wanted to double confirm that it's not possible to run virtual > instances of openBSD on openBSD running on Raspberry Pi. > This is because the CPU has no support for SLAT/EPT (but these are only for > intel/amd. doesn't say about arm). > > Also, in my instance, I don't see vmctl installed. In fact, doing `rcctl > start vmd` fails. But don't see error messages in /var/log/messages. > Where are error messages logged for running daemons? > > Thanks > Sandeep vmm/vmd is only supported on amd64.
Re: Documentation of wsconsctl keyboard.map format?
> Am 27.11.2022 um 19:48 schrieb Vlad Meșco : > > On Fri, Nov 25, 2022 at 03:32:20AM +0100, Mike Fischer wrote: >> >>> Am 24.11.2022 um 15:07 schrieb u...@disroot.org: >>> >>> Hello! >>> >>> I would like to find some supporting documentation too, if anything is >>> available, but for certain other reasons >>> (https://github.com/letoram/arcan/issues/263). Basically, this "desktop >>> engine" has problems with figuring out my keyboard layouts, and I want to >>> figure out why. This might've been more appropriate to post in ports@ but >>> this thread catched my eye, so I'm here. It would be nice to be able to >>> determine what keycodes correspond to what symbols in console, to figure >>> out what goes wrong in the process of how Arcan determines my keyboard >>> layout. Any help appreciated! >> >> I’m not sure this will help with your issue but here is what I have been >> able to figure out so far: >> >> >> One thing that helped me a bit (though I have not solved this issue yet) was >> the definition of the keycodes in the USB HID standards. I found this link >> where presumably the codes sent by USB keyboards are defined: >> https://gist.github.com/MightyPork/6da26e382a7ad91b5496ee55fdc73db2 >> Or see https://www.usb.org/sites/default/files/documents/hut1_12v2.pdf table >> 12 on page 53 for something more official. >> You will still need to figure out which keycodes a specific keyboard will >> send for certain keys, as there is some ambiguity with regard to the >> labeling of keys, especially for non-us localizations. For example some of >> the Apple keyboards have a modifier key. I don’t see that mentioned in >> the USB spec. Maybe the keyboard handles this internally but that is simply >> guessing at the moment. >> >> The usable entity names are somewhat defined (you need to chop off the >> prefix of the names) in source code: >> /src/sys/dev/wscons/wsksymdef.h >> Additionally Vlad Meșco mentioned that arbitrary Unicode values can be >> specified using e.g. unknown_50082 (for U+C3A2?) instead of a known entity. >> I have not tested this yet. >> >> The actual predefined keyboard maps are compiled into OpenBSD drivers: >> /src/sys/dev/pckbc/wskbdmap_mfii.c >> /src/sys/dev/usb/ukbdmap.c (which seems to be derived from wskbdmap_mfii.c) >> >> >> Note: All of the OpenBSD source files can be found at: >> https://cvsweb.openbsd.org >> >> >> That doesn’t explain the syntax of keyboard.map though. >> >> And I have analyzed the de keyboard.encoding somewhat and found it to be >> quite different from the way macOS treats German Apple USB keyboards. >> >> ... >> >> But apparently the 4 columns in the keycode entries are: >> >> Note: On non-Apple keyboards may be labeled as . Apple >> labels both and as and does not generally >> differentiate between the two. >> >> Adding the very obscure: >> wsconsctl keyboard.map+="keycode 226 = Cmd2 Mode_switch Multi_key" >> (modified from the example Vlad Meșco mentioned to match the >> keycode from the USB spec) finally yielded the expected result: >> <7>: 7 (expected, ok) >> <7>: / (expected, ok) >> <7>: | (expected, ok) >> <7>: \ (expected, ok) >> <7>: | (expected, ok) >> <7>: \ (expected, ok) >> >> I can use this but I don’t understand how it works. :-( >> >> ... >> >> More enlightened but still puzzled… >> Mike >> Hi Vlad, thanks and sorry for the late reply. I was dealing with other things and getting the Apple keyboard working like I expect is more of a hobby project… > Hey Mike, > > You can look at /usr/src/sbin/wsconsctl/map.parse.y Good idea! I’ll take a look. One thing I did notice was that the keysym examples I saw in the (sparse) documentation did not work. For example: # wsconsctl keyboard.map+="keysym Alt_L = Alt_R" wsconsctl: keysym Alt_L not found # Actually none of the keyboard.map versions I have seen so far use keysym. > As mentioned earlier, the keysyms and commands and groups are listed in > /usr/src/sys/dev/wscons/wsksymdef.h . Around line 485 you get into > modifiers, function keys, and command keys. I saw that. Most of the modifier keys are self-explanatory. However I have no idea what #define KS_Multi_key0xf109 #define KS_Mode_switch 0xf10a mean? And they are used in the keyboard maps for the definitions of the Alt keys: keycode 230 = Cmd2 Mode_switch Multi
Re: Documentation of wsconsctl keyboard.map format?
> Am 24.11.2022 um 15:07 schrieb u...@disroot.org:
>
> Hello!
>
> I would like to find some supporting documentation too, if anything is
> available, but for certain other reasons
> (https://github.com/letoram/arcan/issues/263). Basically, this "desktop
> engine" has problems with figuring out my keyboard layouts, and I want to
> figure out why. This might've been more appropriate to post in ports@ but
> this thread catched my eye, so I'm here. It would be nice to be able to
> determine what keycodes correspond to what symbols in console, to figure out
> what goes wrong in the process of how Arcan determines my keyboard layout.
> Any help appreciated!
I’m not sure this will help with your issue but here is what I have been able
to figure out so far:
One thing that helped me a bit (though I have not solved this issue yet) was
the definition of the keycodes in the USB HID standards. I found this link
where presumably the codes sent by USB keyboards are defined:
https://gist.github.com/MightyPork/6da26e382a7ad91b5496ee55fdc73db2
Or see https://www.usb.org/sites/default/files/documents/hut1_12v2.pdf table 12
on page 53 for something more official.
You will still need to figure out which keycodes a specific keyboard will send
for certain keys, as there is some ambiguity with regard to the labeling of
keys, especially for non-us localizations. For example some of the Apple
keyboards have a modifier key. I don’t see that mentioned in the USB spec.
Maybe the keyboard handles this internally but that is simply guessing at the
moment.
The usable entity names are somewhat defined (you need to chop off the prefix
of the names) in source code:
/src/sys/dev/wscons/wsksymdef.h
Additionally Vlad Meșco mentioned that arbitrary Unicode values can be
specified using e.g. unknown_50082 (for U+C3A2?) instead of a known entity. I
have not tested this yet.
The actual predefined keyboard maps are compiled into OpenBSD drivers:
/src/sys/dev/pckbc/wskbdmap_mfii.c
/src/sys/dev/usb/ukbdmap.c (which seems to be derived from wskbdmap_mfii.c)
Note: All of the OpenBSD source files can be found at:
https://cvsweb.openbsd.org
That doesn’t explain the syntax of keyboard.map though.
And I have analyzed the de keyboard.encoding somewhat and found it to be quite
different from the way macOS treats German Apple USB keyboards.
As a small experiment I tried to redefine the 7 key:
wsconsctl keyboard.encoding=de
wsconsctl keyboard.map+="keycode 36 = 7 slash bar backslash"
Note 1: The default definition for de is "keycode 36 = 7 slash braceleft
braceleft“
However the actual mapping seems to be:
<7>: 7 (expected, ok)
<7>: / (expected, ok)
<7>: · (a small middle dot, and deleting with backspace doesn’t work)
<7>: ¯ (some weird glyph with just a short horizontal line at
the top, and deleting with backspace doesn’t work)
<7>: { (expected, ok)
<7>: { (expected, ok)
Note 2: On macOS the actual mappings are:
<7>: 7
<7>: / (slash)
<7>: | (bar)
<7>: \ (backslash)
And it does not matter whether or is used for .
But this does not yield all of the expected results:
<7>: 7 (expected, ok)
<7>: / (expected, ok)
<7>: · (a small middle dot, and deleting with backspace doesn’t work)
<7>: ¯ (some weird glyph with just a short horizontal line at
the top, and deleting with backspace doesn’t work)
<7>: | (expected, ok)
<7>: \ (expected, ok)
The key still does weird things.
But apparently the 4 columns in the keycode entries are:
Note: On non-Apple keyboards may be labeled as . Apple
labels both and as and does not generally
differentiate between the two.
Adding the very obscure:
wsconsctl keyboard.map+="keycode 226 = Cmd2 Mode_switch Multi_key"
(modified from the example Vlad Meșco mentioned to match the keycode
from the USB spec) finally yielded the expected result:
<7>: 7 (expected, ok)
<7>: / (expected, ok)
<7>: | (expected, ok)
<7>: \ (expected, ok)
<7>: | (expected, ok)
<7>: \ (expected, ok)
I can use this but I don’t understand how it works. :-(
Putting this into /etc/wsconsctl.conf gives me a persistent modification that
is one step close to my goal:
# cat /etc/wsconsctl.conf
# Start out with a German keyboard layout:
keyboard.encoding=de
# Make the modifier key behave the same as the key:
keyboard.map+="keycode 226 = Cmd2 Mode_switch Multi_key"
# Redefine the <7> key to match macOS:
keyboard.map+="keycode 36 = 7 slash bar backslash"
#
More enlightened but still puzzled…
Mike
Re: updated vmm support modules for older Linux guests
On Thu, Nov 24, 2022 at 12:35:20PM -0500, Dave Voutila wrote: > I finally got around to slapping more hacky #ifdef's onto my vmm_clock > [1] and virtio_vmmci [2] Linux kernel modules because I found older > Linux kernel versions (~3.10 era) didn't support compiling them. > > If you host things like CentOS 7 guests under vmm(4)/vmd(8), I recommend > trying them out and opening a GitHub issue in the respective project if > there's something wrong. (PR's welcome.) > > No idea what I'm talking about? > > * virtio_vmmci - Linux port of vmmci(4) that helps signal reboots/rtc > sync with Linux guests via vmctl(8) and vmd(8). > > * vmm_clock - duct-taped version of kvmclock to work with vmm(4)'s > pvclock(4) paravirtualized clock. > > -dv > > [1] https://github.com/voutilad/virtio_vmmci > [2] https://github.com/voutilad/vmm_clock > Awesome, thanks!
Re: Documentation of wsconsctl keyboard.map format?
> Am 23.11.2022 um 11:43 schrieb Vlad Meșco : > > On Wed, Nov 23, 2022 at 06:57:17AM +, Jason McIntyre wrote: >> On Wed, Nov 23, 2022 at 12:21:26AM +0100, Mike Fischer wrote: >>> Hi! >>> >>> I???m trying to use a German Apple Mac keyboard with OpenBSD 7.2 and I???d >>> like to match the mapping to that of macOS. >>> >>> `wsconsctl keyboard.encoding=de` helps, but several mappings are >>> different/missing. For example the pipe character | should be alt-7 but >>> isn???t. Mostly the alt-combinations are missing or wrong. >>> >>> So I thought I could use keyboard.map settings to correct this. But I >>> can???t find any documentation of the format ??? very unusual for OpenBSD. >>> >>> Did I miss something? >>> >>> Can someone point me to the documentation please? >>> >>> Thanks! >>> >>> Mike >>> >> >> hi. >> >> maybe you are looking for wsksymdef.h: >> >>WSCONSCTL(8) System Manager's Manual WSCONSCTL(8) >> >> ... >> >> Modify the current keyboard encoding so that, when the Caps >> Lock key is pressed, the same encoding sequence as Left >> Control is sent. For a full list of keysyms, and keycodes, >> refer to the /usr/include/dev/wscons/wsksymdef.h file. >> >> # wsconsctl keyboard.map+="keysym Caps_Lock = >> Control_L" >> >> jmc >> > > Hey, > > If it helps, here's my wsconsctl.conf to add some Romanian keyboard > bindings in the console for keys which are behind AltGr. Note, I've > intentionally made some Romanian specific unicode characters output > a literal `?' since they're not very usable in wscons. > > You can either use symbolic names (from wsksymdef.h) or use stuff like > `unknown_51355' to give it a U+code point in decimal form. For German, > you probably have everything you need in wsksymdef.h. Note, the format > is also very similar to xkb; originally I thought they were the same > (they aren't 100% the same). > > >keyboard.encoding=us >keyboard.map+="keysym Caps_Lock = Control_L" >mouse.tp.tapping=3 >mouse.reverse_scrolling=1 >keyboard.map+="keysym Caps_Lock = Control_L“ Duplicate? >keyboard.map+="keycode 184 = Cmd2 Mode_switch Multi_key“ I don’t think I understand what this actually does? First of all none of my ‚keyboard.map's have a keycode 184. I tried keyboard.encoding=us, keyboard.encoding=de, keyboard.encoding=fr, keyboard.encoding=fr.apple. Second, if the columns normally represent levels (or layers), how does that work here? Plain 184 is Cmd2; 184 + some modifier is Mode_switch; and 184 + some other modifier is Multi_key (whatever that is supposed to mean)? ># use ? for unicode that causes mojibake >keyboard.map+="keycode 26 = question question bracketleft braceleft" >keyboard.map+="keycode 27 = question question bracketright braceright" >keyboard.map+="keycode 39 = question question semicolon colon" >keyboard.map+="keycode 40 = question question apostrophe quotedbl" >keyboard.map+="keycode 41 = question question grave asciitilde" # 3byte > UTF-8, don't bother >keyboard.map+="keycode 43 = question question backslash bar" >keyboard.map+="keycode 51 = comma semicolon less question" >keyboard.map+="keycode 52 = period colon greater question" > > A more proper example for e.g. keycode 26: > >keyboard.map+="keycode 26 = abreve Abreve bracketleft braceleft" > > Or for keys that don't have a symbolic name: > >keyboard.map+="keycode 43 = unknown_50082 unknown_50050 backslash bar" > > I started from US which is 90% there, and the first thing is to add > right Alt as `Mode_switch', otherwise it's just (left) Alt (which I > think just sets the MSB, IDK; you want AltGr/Mode_switch if you want to > map specific characters). > > Which keycode is what? I don't know. I dumped the hu layout as a > reference with `doas wsconsctl keyboard.map > hu.map' and looked at what > was done for that crazy layout, and started from there. > > Cheers, > Vlad Thanks, that helps somewhat. It still is strange to have to resort to experiments to figure things out instead of having them documented on OpenBSD. By xkb do you mean xkeyboard-config(7)? I have looked at the man page but I honestly can’t see much similarity to the keyboard.map syntax. I also looked at setxkbmap(1) and xkbcomp(1) but they where no help either. I don’t normally use X for anything so I am not very familiar with all of the associated settings. https://www.x.org/wiki/XKB/ did seem to explain some relevant concepts though. For example the concept of levels which probably translates to the columns used in the keycode statements? But where are the definitions of which modifier (or combination thereof) selects which column? I gather the built-in maps for e.g. us, de, fr.apple, etc. are actually compiled into some code, not config files somwhere on disk? Thanks! Mike
Re: Documentation of wsconsctl keyboard.map format?
> Am 23.11.2022 um 07:57 schrieb Jason McIntyre : > > On Wed, Nov 23, 2022 at 12:21:26AM +0100, Mike Fischer wrote: >> Hi! >> >> I???m trying to use a German Apple Mac keyboard with OpenBSD 7.2 and I???d >> like to match the mapping to that of macOS. >> >> `wsconsctl keyboard.encoding=de` helps, but several mappings are >> different/missing. For example the pipe character | should be alt-7 but >> isn???t. Mostly the alt-combinations are missing or wrong. >> >> So I thought I could use keyboard.map settings to correct this. But I >> can???t find any documentation of the format ??? very unusual for OpenBSD. >> >> Did I miss something? >> >> Can someone point me to the documentation please? >> >> Thanks! >> >> Mike >> > > hi. > > maybe you are looking for wsksymdef.h: > >WSCONSCTL(8)System Manager's Manual WSCONSCTL(8) > > ... > >Modify the current keyboard encoding so that, when the Caps >Lock key is pressed, the same encoding sequence as Left >Control is sent. For a full list of keysyms, and keycodes, >refer to the /usr/include/dev/wscons/wsksymdef.h file. > > # wsconsctl keyboard.map+="keysym Caps_Lock = > Control_L" > > jmc Yes, I did look at the source but wasn’t sure about the implications. I gather that removing the KS_ or K*_L*_ prefix from the defines yields the entities I can use for wsconsctl. Ok, that helps somewhat. I’m still confused about the 2-4 columns in the keycode = <1> <2> <3> <4> syntax. No documentation insight for that, AFAICT. The first 2 seem to be . But what are the last two columns? `wsconsctl keyboard.map` does not seem to show show all keycodes. For the de layout the first entry is 'keycode 4 = a A‘. What about keycode 1-3 (or 0-3 depending on where the values start)? Maybe that is normal because keyboards don’t actually use all keycodes? Who knows? And some Apple keyboards also have an key which acts as a modifier. I don’t see that mentioned anywhere. Or is that the KS_Mode_switch? Thanks for your help! Mike
Documentation of wsconsctl keyboard.map format?
Hi! I’m trying to use a German Apple Mac keyboard with OpenBSD 7.2 and I’d like to match the mapping to that of macOS. `wsconsctl keyboard.encoding=de` helps, but several mappings are different/missing. For example the pipe character | should be alt-7 but isn’t. Mostly the alt-combinations are missing or wrong. So I thought I could use keyboard.map settings to correct this. But I can’t find any documentation of the format — very unusual for OpenBSD. Did I miss something? Can someone point me to the documentation please? Thanks! Mike
Re: 7.2 and iwm/amdgpu Firmware?
at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (ce453c5ec57e555c.a) swap on sd0b dump on sd0b iwm0: hw rev 0x210, fw ver 17.3216344376.0, address 5c:e4:2a:07:34:9c [drm] failed to load ucode RLC_RESTORE_LIST_CNTL(0x11) [drm] psp gfx command LOAD_IP_FW(0x6) failed and response status is (0x300F) [drm] failed to load ucode RLC_RESTORE_LIST_GPM_MEM(0x12) [drm] psp gfx command LOAD_IP_FW(0x6) failed and response status is (0x000F) [drm] failed to load ucode RLC_RESTORE_LIST_SRM_MEM(0x13) [drm] psp gfx command LOAD_IP_FW(0x6) failed and response status is (0x000F) amdgpu0: RAVEN2 3 CU rev 0x09 amdgpu0: 1024x768, 32bpp wsdisplay0 at amdgpu0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) == Thanks! Mike > Am 11.11.2022 um 00:35 schrieb Mike Fischer : > > On a newly installed Mini PC (NiPoGi AM02) I noticed the following messages > in dmesg: > iwm0: could not read firmware iwm-7265-17 (error 2) > iwm0: failed to load init firmware > > and: > drm:pid0:amdgpu_device_parse_gpu_info_fw *ERROR* Failed to load gpu_info > firmware "amdgpu/raven2_gpu_info.bin" > drm:pid0:amdgpu_attachhook *ERROR* Fatal error during GPU init > > > I checked iwm(4) and it referred to fw_update(8). > > # fw_update -vvv > Detect firmware ... found. > Trying 94.142.241.170... > Requesting http://firmware.openbsd.org/firmware/7.2/SHA256.sig > 100% > || >150 00:00 > 150 bytes received in 0.00 seconds (856.59 KB/s) > Unable to find firmware for amdgpu > fw_update: added none; updated none; kept none > # > > Looking at http://firmware.openbsd.org/firmware/7.2/ there is no firmware > there. (http://firmware.openbsd.org/firmware/7.1/ contains stuff, so this > seems odd.) > > This is an AMD Ryzen 3 3200U processor with onboard Radeon Vega graphics. > > dmesg: > == > OpenBSD 7.2 (GENERIC.MP) #0: Wed Oct 26 12:01:47 MDT 2022 > > r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 6349602816 (6055MB) > avail mem = 6139764736 (5855MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xde3db000 (43 entries) > bios0: vendor American Megatrends Inc. version "V1.16_P2C10M3_AMILogo" date > 05/30/2022 > bios0: Default string AM02 > acpi0 at bios0: ACPI 6.0 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC FPDT FIDT SSDT MSDM MCFG HPET UEFI VFCT TPM2 > IVRS SSDT CRAT CDIT SSDT SSDT SSDT WSMT SSDT > acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) > GPP6(S4) GP17(S4) XHC0(S3) XHC1(S3) GP18(S4) > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx, 2395.68 MHz, 17-18-01 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu0: 32KB 64b/line 8-way D-cache, 64KB 64b/line 4-way I-cache, 512KB > 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 24MHz > cpu0: mwait min=64, max=64, C-substates=1.1, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx, 2395.51 MHz, 17-18-01 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > cpu1: 32KB 64b/line 8-way D-cache, 64KB 64b/line 4-way I-cache, 512KB > 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache > cpu1: smt 1, core 0, package 0 > cpu2 at mainbus0: apid 2 (application processor) > cpu2: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx, 2395.51 MHz, 17-18-01 > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,
7.2 and iwm/amdgpu Firmware?
at efifb0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) ukbd0: was console keyboard wskbd0 detached ukbd0 detached uhidev0 detached wskbd1: disconnecting from wsdisplay0 wskbd1 detached ucc0 detached uhid0 detached uhidev1 detached uhidev0 at uhub0 port 5 configuration 1 interface 0 "SEM USB Keyboard" rev 1.10/1.10 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub0 port 5 configuration 1 interface 1 "SEM USB Keyboard" rev 1.10/1.10 addr 2 uhidev1: iclass 3/0, 2 report ids ucc0 at uhidev1 reportid 1: 573 usages, 18 keys, array wskbd1 at ucc0 mux 1 wskbd1: connecting to wsdisplay0 uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0 ukbd0: was console keyboard wskbd0 detached ukbd0 detached uhidev0 detached wskbd1: disconnecting from wsdisplay0 wskbd1 detached ucc0 detached uhid0 detached uhidev1 detached uhidev0 at uhub0 port 5 configuration 1 interface 0 "SEM USB Keyboard" rev 1.10/1.10 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub0 port 5 configuration 1 interface 1 "SEM USB Keyboard" rev 1.10/1.10 addr 2 uhidev1: iclass 3/0, 2 report ids ucc0 at uhidev1 reportid 1: 573 usages, 18 keys, array wskbd1 at ucc0 mux 1 wskbd1: connecting to wsdisplay0 uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0 uhidev2 at uhub0 port 4 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev2 detached uhidev2 at uhub0 port 4 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 ukbd0: was console keyboard wskbd0 detached ukbd0 detached uhidev0 detached wskbd1: disconnecting from wsdisplay0 wskbd1 detached ucc0 detached uhid0 detached uhidev1 detached uhidev0 at uhub0 port 5 configuration 1 interface 0 "SEM USB Keyboard" rev 1.10/1.10 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub0 port 5 configuration 1 interface 1 "SEM USB Keyboard" rev 1.10/1.10 addr 2 uhidev1: iclass 3/0, 2 report ids ucc0 at uhidev1 reportid 1: 573 usages, 18 keys, array wskbd1 at ucc0 mux 1 wskbd1: connecting to wsdisplay0 uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0 wsmouse0 detached ums0 detached uhidev2 detached uhidev2 at uhub0 port 4 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev2 detached uhidev2 at uhub0 port 4 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev2 detached uhidev2 at uhub0 port 4 configuration 1 interface 0 "Logitech USB Optical Mouse" rev 2.00/72.00 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 wsmouse0 detached ums0 detached uhidev2 detached == The machine is currently using wired Ethernet, so no problem. But it would be nice to have the option of using Wi-Fi. Also the amdgpu issue does not seem to have any real world consequences. But I’m no expert as so far I have not used OpenBSD with anything but console and SSH. And xenodm started fine. I saw nothing else obviously wrong in any logs. So is the empty http://firmware.openbsd.org/firmware/7.2/ something expected? Is the missing firmware something I should worry about? Thanks! Mike
Re: Suspend not working Lenovo X1 Nano Gen 2
On Wed, Nov 02, 2022 at 02:31:56PM +, Ottavio Caruso wrote: > Op 01/11/2022 om 22:50 schreef Mike Larkin: > > On Tue, Nov 01, 2022 at 05:05:21PM -0500, Jason Morris wrote: > > > Hi Everyone, > > > > > > I've upgraded from a X1 Nano Gen 1 and noticed that suspend isn't working > > > on the new machine. By running 'zzz' it starts to suspend and then wakes > > > up after ~10 seconds. I've ran apmd in debug mode and got the following: > > > > > > apmd -d > > > battery status: high. external power status: not connected. estimated > > > battery life 65% (225 minutes life time estimate) > > > can't disable driver messages, error: Inappropriate ioctl for device > > > apmevent index 0 > > > apmevent 0006 index 193 > > > system suspending > > > battery status: high. external power status: not connected. estimated > > > battery life 65% (235 minutes life time estimate) > > > /etc/apm/suspend exited with status 0 > > > apmevent 0003 index 194 > > > do_etc_file(): cannot access file /etc/apm/resume > > > system resumed from sleep > > > battery status: high. external power status: not connected. estimated > > > battery life 65% (272 minutes life time estimate) > > > apmevent 0006 index 196 > > > apmevent 0006 index 197 > > > > > > > > > When running 'ZZZ' the system hibernates but when it's waking back up, > > > I'm flooding with the following error: > > > > > > "*ERROR* Fault errors on pipe A" > > > > > > Any recommendations on how I can move forward? > > > > > > -Jason > > > > This is a known issue. No solution at this time. > > > > -ml > > > > > > > Is this a known problem for all Lenovo's? I'm going to try an installation > on a Thinkpad E130. > > -- > Ottavio Caruso > > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > A: Top-posting. > Q: What is the most annoying thing in e-mail? > > Just the nano gen2 afaik.
Re: Suspend not working Lenovo X1 Nano Gen 2
On Tue, Nov 01, 2022 at 05:05:21PM -0500, Jason Morris wrote: > Hi Everyone, > > I've upgraded from a X1 Nano Gen 1 and noticed that suspend isn't working on > the new machine. By running 'zzz' it starts to suspend and then wakes up > after ~10 seconds. I've ran apmd in debug mode and got the following: > > apmd -d > battery status: high. external power status: not connected. estimated battery > life 65% (225 minutes life time estimate) > can't disable driver messages, error: Inappropriate ioctl for device > apmevent index 0 > apmevent 0006 index 193 > system suspending > battery status: high. external power status: not connected. estimated battery > life 65% (235 minutes life time estimate) > /etc/apm/suspend exited with status 0 > apmevent 0003 index 194 > do_etc_file(): cannot access file /etc/apm/resume > system resumed from sleep > battery status: high. external power status: not connected. estimated battery > life 65% (272 minutes life time estimate) > apmevent 0006 index 196 > apmevent 0006 index 197 > > > When running 'ZZZ' the system hibernates but when it's waking back up, I'm > flooding with the following error: > > "*ERROR* Fault errors on pipe A" > > Any recommendations on how I can move forward? > > -Jason This is a known issue. No solution at this time. -ml
Re: VMware Tools driver to advertise OS as 'FreeBSD 64-bit' OS, not 32-bit version
On Fri, Oct 28, 2022 at 12:30:11PM -0600, Theo de Raadt wrote: > Kalabic S, wrote: > > > To be more precise, I wanted to say sticking with FreeBSD means > > sticking with whatever behavior VMware will keep consistent and > > support in the future. For "Others" option I don't think they care and > > is more probable to vary. > > I cannot tell the difference. I think you are completely unqualified > to know what "they will not change" fakery vmware is doing with the MSR's > and clock related registers... it is actually possible that when they > *know* it is one particular operating system they do something sophisticated > to fool that one specific operating system, whereas when they don't know > what the operating system is, they reduce the amount of trickery. > > You don't know. I don't know. None of us know. > > But can you please stop making claims you can't back. > I think it's reasonable to try and claim that whatever we are, we are the closest to "that thing". Meaning, the OP said we should claim we are FreeBSD 64 bit or 32 bit or whatever. Fine, but let's spend some time to actually figure out *what* we should say we are before we just pick something randomly because "it fixed my machine". Maybe we should say we're Windows? Maybe we should say we're Linux? My point, and I think Theo's as well, is we don't know and just randomly taking a diff because it fixes one scenario on one version of ESXi is shortsighted. So I would ask the OP to: - try different OS choices - on different versions of ESX - on different versions of VMware fusion - on different versions of VMware workstation - on different versions of OpenBSD VMs - on different archs (i386/amd64) of OpenBSD VMs ... and then report back what the findings are. -ml
Re: VMware Tools driver to advertise OS as 'FreeBSD 64-bit' OS, not 32-bit version
On Fri, Oct 28, 2022 at 06:25:11PM +0200, Kalabic S. wrote: > > In my testing, this has no effect on the operation of the clock. Only > > the guest OS selected in the VM configuration does have an effect. > > We should remove any suggestion that 32bit FreeBSD is the right thing > > to select though, so changing the guest OS we report is still a good > > idea. > > Interestingly, it looks like if the guest OS is set to 'Other > > (64-bit)', and vmt reports an unrecognised short guest OS name (such > > as 'OpenBSD'), vcenter will display the full guest OS name, so you get > > something like 'OpenBSD 7.2 GENERIC.MP#31'. > > I'm pretty sure this caused problems in the distant past, but it seems > > fine now with esxi 6.7+, so I think we should change to saying we're > > OpenBSD instead. > > Replacing 'FreeBSD' with something ESXi doesn't support will almost > certainly have drawbacks. We can already see different 'Guest OS' options > have different effects on guest VMs. What drawbacks? Does jmatthew@'s diff to change the name to OpenBSD fix the problem or not? If it does, that's a more factually accurate diff. We are not "FreeBSD 32 bit" or "FreeBSD 64 bit" and it seems that calling ourselves "OpenBSD" doesn't cause problems anymore. So I'd like to know what "certainly have drawbacks" means. Can you shed some light on that please? -ml > > Also, OpenBSD really is part of BSD family. > > I have an OpenBSD VM running without issues as a guest with 'FreeBSD' option > for years and serving as an Internet router for home network. IMO, it's > pretty good chice. > > Only thing I would update is to make it exactly specify to hypervisor is it > 32 or 64 bit OS. So 'FreeBSD-64' for amd64 and 'FreeBSD' for i386. >
Re: VMware Tools driver to advertise OS as 'FreeBSD 64-bit' OS, not 32-bit version
On Wed, Oct 26, 2022 at 07:39:03PM +0200, Kalabic S. wrote:
> Hello @misc,
>
> I do not see a reason not to update OS version that vmt (kernel level
> implementation of VMware Tools) is advertising to VMware hypervisor from 32
> bit FreeBSD to 64 bit version.
>
> If for nothing else, there's clock running forward issue that appeared in
> 7.2 release and that is solved simply by manually specifying "FreeBSD
> 64-bit" instead of "FreeBSD 32-bit" for "Guest OS Version".
> - https://marc.info/?t=16667408377=1=2
> - https://marc.info/?t=16663046932=1=2
>
> Attached is a simple patch that I tested and that changes string "FreeBSD"
> to "FreeBSD-64" in a call to "SetGuestInfo" function on hypervisor and that
> accomplishes the task.
>
> What could be a drawback? Is author David Gwynne still active and can he
> give some feedback?
What versions of ESXi did you test this with?
Did you test both i386 OpenBSD VMs and amd64 ones on each version?
-ml
> Index: dev/pv/vmt.c
> ===
> RCS file: /cvs/src/sys/dev/pv/vmt.c,v
> retrieving revision 1.26
> diff -u -p -u -r1.26 vmt.c
> --- dev/pv/vmt.c 8 Sep 2022 10:22:06 - 1.26
> +++ dev/pv/vmt.c 26 Oct 2022 17:01:39 -
> @@ -633,7 +633,7 @@ vmt_update_guest_info(struct vmt_softc *
>*/
>
> if (vm_rpc_send_rpci_tx(sc, "SetGuestInfo %d %s",
> - VM_GUEST_INFO_OS_NAME, "FreeBSD") != 0) {
> + VM_GUEST_INFO_OS_NAME, "FreeBSD-64") != 0) {
> DPRINTF("%s: unable to set guest OS", DEVNAME(sc));
> sc->sc_rpc_error = 1;
> }
Re: PHP not updated on some machines
> Am 06.10.2022 um 21:30 schrieb Stuart Henderson : > > In cases where the CDN or mirror does appear to be all in sync then > we might be looking at a problem with pkg_add or with the packages > themselves. For either of those cases it would help to collect > output from "pkg_add -u -vv" under script(1) and reporting. While doing this I noticed that the the issue had resolved itself. Same on two other machines this was happening on. So I guess this was probably some sort of cache issue on the CDN. Thanks! Mike
PHP not updated on some machines
I have some local VMs running OpenBSD 7.1 stable, amd64 as well as some remote VMs running the same. When I did pkg_add -u today two of my three local machines updated PHP to versions 7.4.32, 8.0.24 and 8.1.11 as expected. However the remote machines and a very basic local machine, while seeing the exact same quirks version, did not update PHP. quirks-5.5 signed on 2022-10-06T09:54:45Z pkg_info -d php-7.4.32, etc. shows correct info on the affected machines though. I have never encountered such strange behavior before. I kind of suspect some weird cache issue but I don’t understand the underpinnings of pkg_add enough to figure this out. Does pkg_add use some sort of local cache that I could clear? Any clues on what could cause this and how to resolve this issue? All machines have: # cat /etc/installurl https://cdn.openbsd.org/pub/OpenBSD # Manually trying to install/update PHP like this worked: # pkg_add php-7.4.32 quirks-5.5 signed on 2022-10-06T09:54:45Z php-7.4.30->7.4.32: ok Read shared items: ok New and changed readme(s): /usr/local/share/doc/pkg-readmes/php-7.4 --- -php-7.4.30 --- You should also run rm -f /etc/php-7.4.sample/* You should also run rm -f /etc/php-fpm.d/* # php-7.4 -v PHP 7.4.32 (cli) (built: Oct 5 2022 08:55:36) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies # So why would pkg_add -u fail where pkg_add php-7.4.32 works? And why only on some of the machines? Thanks Mike
Re: VM(D) Interface Question
On Sat, Oct 01, 2022 at 08:32:35AM -0400, Dave Voutila wrote: > > Holger Glaess writes: > > > Hi > > > > > > how many Interfaces can an single VM have ? > > > > > > With 3 Interface in my vm.conf the vm works, with 4 not i get "to many > > interfaces". > > > > The maximum supported per vm is currently 4. Without your config or > invocation triggering the "too many interfaces" when you use 4, I cannot > explain any further. Debug output would also be helpful to make sure > it's the message coming from the config parsing as I suspect. > > -dv > 4 should work (I just did this and it worked here). There is nothing special about "4", it's just a reasonable number we picked early on. You could probably crank that higher. Note that there is a maximum number of devices per vm which I think is 10 (includes all virtio devices and don't forget we use one for the rnd device). Technically we rotate the IRQ back to the start of the list at 10 devices but the level triggered code for interrupt sharing in 8259.c probably hasn't been tested too much and I wouldn't be surprised if something is broken there. -ml
Re: httpd error.log
Hi Paul!
> Am 02.09.2022 um 14:52 schrieb Paul Pace :
>
> On 2022-09-01 13:20, Mike Fischer wrote:
>>> Am 01.09.2022 um 21:49 schrieb latin...@vcn.bc.ca:
>>>>> Am 01.09.2022 um 11:13 schrieb latin...@vcn.bc.ca:
>>>>> historia.agroena.org
>>>> Right, try something like this and watch the error.log:
>>>> curl --url 'https://historia.agroena.org/i-dont-exist.php' >/dev/null
>>>> HTH
>>>> Mike
>>> ok now:
>>> first i stop http rcctl stop httpd, then deleted error.log; and rcctl
>>> restart http! It is working correctly.
>>> thanks Mike
>> Not sure how that (or my advice for a test) would help, but I’m glad it did
>> :-)
>>> PS:
>>> Dokuwiki was working ok, but after the test, the browser says "file not
>>> found" and i am not able to access install.php! i did first # rcctl enable
>>> php74_fpm and rcctl start php74_fpm the httpd.con says root "www/dokuwiki"
>>> directly using consultores.ca/install.php!
>> root "www/dokuwiki" does not sound right. Are you using the standard
>> /var/www/dokuwiki directory for DW? If so it should be:
>> root "/dokuwiki"
>> Here is a similar setup I am using with DW from ports (Hogfather):
>> server "wiki.example.com" {
>> listen on $my_ipv6 tls port 443
>> tls {
>> certificate "/etc/ssl/acme/fullchain.pem"
>> key "/etc/ssl/acme/private/privkey.pem"
>> }
>> log style combined
>> authenticate "Private area" with "/conf/htpasswd-admin"
>> root "/dokuwiki"
>> directory index doku.php
>> connection max request body 2097152 # Default is 2M for
>> upload_max_filesize and 8M for post_max_size.
>> location "*.php" {
>> fastcgi socket "/run/php-fpm.sock"
>> }
>> location "/*.inc" { block }
>> location "/*.ht*" { block }
>> location "/data/*" { block }
>> location "/conf/*" { block }
>> location "/bin/*" { block }
>> location "/inc/*" { block }
>> location "/vendor/*" { block }
>
> The DokuWiki security page[1] states:
>
> The following directories should not be accessible from the web:
>
>data
>conf
>bin
>inc (isn't dangerous when accessible, though)
>vendor (leaks info about your environment)
>
>
> And httpd.conf(5)[2] states:
>
>> In case of multiple location statements in the same context, the first
>> matching location statement will be put into effect, while all later ones
>> will be ignored. Therefore it is advisable to match for more specific paths
>> first and for generic ones later on.
>
> In regards to the current configuration, I believe the matches that pass
> should be last and matches that block directories should be listed first. Or,
> alternatively, and better, would be to figure out exactly which .php files
> are required for the package to run, then make a location rule for each file
> (unless someone can figure out how to make something the equivalent of a
> logical or statement (regex: (this|that)) in a single location or location
> match block to have each of the required .php files pass.
>
> When I read the configuration, it appears in the reverse order of what is
> recommended by DokuWiki, so in the above configuration a request for:
>
> https://wiki.example.com/data/acl.auth.php
>
> will be passed to php-fpm.sock because that will be matched by the first
> location. I have no idea the damage to be done with this or other files, but
> it is against the security guidance of the project.
>
> It seems like the correct order should be to have the following order of
> locations:
>
> location "/*.inc" { block }
> location "/*.ht*" { block }
> location "/data/*" { block }
> location "/conf/*" { block }
> location "/bin/*" { block }
> location "/inc/*" { block }
> location "/vendor/*" { block }
> location "*.php" {
> fastcgi socket "/run/php-fpm.sock"
> }
>
> However, I have not tested this.
I just did test this and you are absolutely correct! Thanks for pointing that
out. I had missed this in httpd.conf(5). I’ll change all of my configs
accordingly.
Mike
Re: httpd error.log
> Am 01.09.2022 um 11:05 schrieb Mischa :
>
> Those are indeed reasons for it to present the error.
> In my experience this also happens when a non-existent PHP script is
> requested, as the match is on *.php.
I tried to create a testing setup to verify this, but I keep getting „Access
denied“ or log entries such as "Access to the script '/test' has been denied
(see security.limit_extensions)“ instead of „Primary script unknown“ if I
request non-existant .php paths.
As I am still getting spurious „Primary script unknown“ entries I’ll try
monitoring using:
tail -f /var/www/logs/error.log /var/www/logs/access.log
to see which requests led to these entries.
(Having timestamps in error.log would make this so much easier!)
Mike
>
> Mischa
>
> On 2022-09-01 10:41, Mike Fischer wrote:
>> This happens when PHP-FPM can’t find the script to execute.
>> One reason could be that you fiddled with the settings and let PHP-FPM run
>> without chroot(2), while httpd(8) is running with chroot(2).
>> But it might also be a misconfiguration of in httpd.conf. Not sure about all
>> of the potential reasons but I occasionally see this error as well on a
>> setup which should be configured correctly. I have not checked wether some
>> spurious external HTTP requests could be causing this.
>> My httpd.conf basically looks like this:
>> server "servername.example.com" {
>>…
>>location "*.php" {
>>fastcgi socket "/run/php-fpm.sock"
>>}
>> }
>> It’s a bit sad that these logs don’t contain timestamps. Makes matching
>> against access logs harder.
>> HTH
>> Mike
>>> Am 01.09.2022 um 10:12 schrieb latin...@vcn.bc.ca:
>>> Hello
>>> OBSD 7.1 amd64, vultr vm:
>>> This is my httpd error.log, does somebody know what is happening please?
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
>>> Primary script unknown
Re: httpd error.log
> Am 01.09.2022 um 21:49 schrieb latin...@vcn.bc.ca:
>
>>
>>> Am 01.09.2022 um 11:13 schrieb latin...@vcn.bc.ca:
>>>
>>> historia.agroena.org
>>
>> Right, try something like this and watch the error.log:
>>
>> curl --url 'https://historia.agroena.org/i-dont-exist.php' >/dev/null
>>
>> HTH
>> Mike
>>
>
> ok now:
>
> first i stop http rcctl stop httpd, then deleted error.log; and rcctl
> restart http! It is working correctly.
> thanks Mike
Not sure how that (or my advice for a test) would help, but I’m glad it did :-)
> PS:
> Dokuwiki was working ok, but after the test, the browser says "file not
> found" and i am not able to access install.php! i did first # rcctl enable
> php74_fpm and rcctl start php74_fpm the httpd.con says root "www/dokuwiki"
> directly using consultores.ca/install.php!
root "www/dokuwiki" does not sound right. Are you using the standard
/var/www/dokuwiki directory for DW? If so it should be:
root "/dokuwiki"
Here is a similar setup I am using with DW from ports (Hogfather):
server "wiki.example.com" {
listen on $my_ipv6 tls port 443
tls {
certificate "/etc/ssl/acme/fullchain.pem"
key "/etc/ssl/acme/private/privkey.pem"
}
log style combined
authenticate "Private area" with "/conf/htpasswd-admin"
root "/dokuwiki"
directory index doku.php
connection max request body 2097152 # Default is 2M for
upload_max_filesize and 8M for post_max_size.
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
location "/*.inc" { block }
location "/*.ht*" { block }
location "/data/*" { block }
location "/conf/*" { block }
location "/bin/*" { block }
location "/inc/*" { block }
location "/vendor/*" { block }
}
You can leave out the authenticate line if you don’t want HTTP Basic
authentication (on top of DokuWiki authentication). This is running with
php74_fpm but I also have instances of DW manually updated to Igor running with
php80_fpm. php81_fpm is probably fine as well for Igor but I have not tested
that yet. For Hogfather (from ports) you need php74_fpm.
Notes for Igor: Some plugins are still a WIP. You’ll see some PHP Warnings in
logs and I needed to manually patch a few things in DW and some of the plugins
I am using. In most cases I have opened issues upstream an some of them are
already fixed in master. So some post-Igor release will see those fixes. For
the plugins the process seems slower as they are less actively maintained.
HTH
Mike
Re: httpd error.log
> Am 01.09.2022 um 11:13 schrieb latin...@vcn.bc.ca: > > historia.agroena.org Right, try something like this and watch the error.log: curl --url 'https://historia.agroena.org/i-dont-exist.php' >/dev/null HTH Mike
