Re: syntax error in httpd.conf file

[Omar Polo]

Hello,

On 2024/04/18 22:29:55 +0200, "Luca Leone"  wrote:
> Hi guys!
> 
> [...]
> 
> If is change `pass to "http://localhost:3000/"` with a simple `root 
> "/var/www/htdocs"` directive, 
> the syntax check is OK.
> 
> The reason for the `pass to "http://localhost:3000/"` directive is that I am 
> running a node app on 
> /home/luca/node-app, and I want to forward requests to that server.
> 
> Any idea on what I am missing?

httpd doesn't support forwarding requests to another HTTP server sadly.
It only supports FastCGI, or serving static files.  `pass to' is not
part of the httpd' configuration language.

take a look at relayd(8) for proxying requests.


Cheers,

Omar Polo

Re: securelevel=2 and mount hardening

[Omar Polo]

On 2024/03/24 19:01:00 -0700, "Lyndon Nerenberg (VE7TFX/VE6BBM)" 
 wrote:
> I am curious to hear peoples thoughts on adding some mount(2)
> hardening when the system is running at securelevel 2.  Specifically:
> 
>   * do not allow removing MT_NODEV, MT_NOEXEC, MT_NOSUID,
> or MT_RDONLY in conjunction with MNT_UPDATE
> 
>   * do not allow MNT_WXALLOWED in conjunction with
> MNT_UPDATE
> 
> Currently, if someone does manage to get a root toehold on a host,
> they can remove noexec from /tmp as a possible springboard to upload
> nasties, and then change /usr from read-only to read-write and
> scribble all over your binaries.

or they can just upload to /usr/local or /home, or mess with /etc, or...
I don't see how this would help.

> This somewhat follows from how securelevel 1 removes the ability
> to muck with the immutable and append only bits on files.
> 
> --lyndon

Re: qwx0 / QCNFA765 Does 802.11g Only

[Omar Polo]

Hello,

On 2024/03/03 15:07:34 +0100, 20 100  wrote:
> Hello Stefan,
> 
> First of all many thanks for your work around qwx.
> 
> Here after some observations on my T14s regarding qwx.
> 
> My OpnBSD current setup is not my daily machine, but sounds that this
> driver is quite stable ;).
> 
> My main message is that when running Apline Linux (in dual boot), I've got
> different values performance values:
> - Linux: 109Mbps download and 12Mbps upload (via testmy.net)
> - Openbsd: 20Mbps download, 1.9Mbps upload (via testmy.net)

Probably because qwx(4) as of now only does 802.11g, not 11n or 11ac.

Re: Weird VMD behaviour

[Omar Polo]

pela0  wrote:
> Hi list...Just installed my old Thinkpad T470 with 7.4, everything is
> fine...but I found a weird problem with VMD, I just can't start nor
> install a vm, I've got a couple of images, one is an archlinux, the
> other one an alpine, both images work fine on my other machines...
> 
> Every time I try to install or start a vm got this message: 
> 
> vmctl: vmm bios firmware file not found...
> 
> on dmesg: 
> vmd[30546]: can't open /etc/firmware/vmm-bios: No such file or directory
> 
> About CPUs: 
> 
> dmesg | egrep '(VMX/EPT|SVM/RVI)'
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> vmm0 at mainbus0: VMX/EPT
> 
> VMD is enabled and running, test the vms via: 
> vmctl start -m 1G -L -i 1 -d ~/Documents/VMM/arch.qcow2 arch
> 
> and
> 
> vmctl start -m 1G -L -i 1 -r install74.iso -d disk.qcow2 example
> 
> 
> 
> Pls someone point me in the right direction,.

have you ever run `fw_update'?  should be done automatically on install
/ upgrade, but only if you have an internet connection working at that
time.

Re: Block HTTP requests from non-browser clients

[Omar Polo]

On 2024/02/21 21:57:29 +0800, Sadeep Madurange  wrote:
> Hello,
> 
> Is there a way to block non-browser clients from accessing a website
> (e.g., scraping attempts by bots or even software like Selenium that
> might programmatically control a browser), preferrably before the
> requests reach the webserver?
> 
> I'm wondering if there's a to do that with, for example, pf to block
> such requests completely rather than responding with a 403.

I don't think you could *reliably* do this.  You mention Selenium, and
that's a "real browser", but also one could use nc(1) and use the same
mix of headers that firefox would send.  So, there are no practical ways
to distinguish the traffic based on the request.

(abusers don't usually set the 'evil bit' on the packets :/)

What you could do is some kind of clownflare shit which blocks your user
behind a page that requires a js challenge to continue.  (and that i
personally hate.)  Or maybe just limit the number of connections you
accept from a given ip per time delta (max-src-conn-rate in pf.conf).

or maybe something else, since you asking for a solution but not telling
your problem :)   (which i assumed is stopping the flood of bad requests
from bad bots.)

Re: Function key in cwmrc

[Omar Polo]

On 2024/02/19 07:34:01 +, Ioan Samarul  wrote:
> Hello to you all!
> 
> Is it possible to define something like - in cwm configuration
> file? The function key combination from my laptop are not recognized
> so I try to create a hack by using a script that does the same thing
> (volume/brightness up/down).

Not exactly, fn is not a modifier key for what Xorg can see, unlike
shift/ctrl/mod1/...  (AFAIK)

What you can try to do is to run xev, press - and see what key
it is being reported, than bind that.

Re: SoGo for OpenBSD?

[Omar Polo]

On 2024/02/16 16:05:21 +0300, Mark  wrote:
> Greetings.
> 
> Is there any hero here, to explain/forward me a working tutorial (never
> found one) for installation of SoGo (for its webmail) on an OpenBSD mail
> server?

Others have already chimed in and pointed you to the `sogo' package, I'd
just like to add that this package, like a few others, installs a readme
file in /usr/local/share/doc/pkg-readmes/sogo with further documentation
on how to set it up.  pkg_add will tell you when a package provides a
readme.

Cheers,

Omar Polo

Re: Screenshotting using PrtScr in cwm?

[Omar Polo]

On 2024/02/11 01:49:46 +0100, "Carsten Reith"  wrote:
> On Sat, Feb 10, 2024 at 05:46:27PM +0100, b...@fea.st wrote:
> > I did this now:
> > 
> > ~$ mv .xsession .xsession.old   
> > 
> >  
> > ~$ mv .cwmrc .cwmrc.old 
> > 
> >  
> > ~$ doas reboot
> > 
> > This landed me in fvwm.  Even here, xev doesn't see the keypress.
> > I then did 'echo exec cwm > .xsession' and restarted X.
> > Here too, xev did not detect the keypress.
> > 
> 
> I tried it on my T420 laptop 
> 
> (kern.version=OpenBSD 7.4-current (GENERIC.MP) #1669).
> 
> .xsession:
> setxkbmap de
> exec cwm
> 
> The Print key works fine with the laptop keyboard. 
> 
> If I attach an external USB keyboard, the Print key doesn't show up in
> xev.

I can reproduce here.  Laptop' print key works, the USB keyboard one
doesn't.

Re: Screenshotting using PrtScr in cwm?

[Omar Polo]

On 2024/02/10 16:34:30 +0100, b...@fea.st wrote:
> On Sat, Feb 10, 2024, at 16:00, Christian Weisgerber wrote:
> > > It would make more sense to use the dedicated PrtScr key,  but I 
> > > can't work out what it's called; I've tried to brute force the name.  
> > 
> > Print
> 
> Thanks.  Not working unfortunately.
> 
> > > Also, xev doesn't detect the keypress.
> > 
> > That's odd, because I just used xev to find out.
> 
> Yep.  Also I have this:
> 
> ~$ xmodmap -pke | grep Print 
> keycode 111 = Print Sys_Req Print Sys_Req
> 
> Seems to me it should totally be bindable like any other key, 
> but it seems something eats the keypress as xev can't see it either.

If xev doesn't report the keypress there's a chance something else has
bound that key.  Double-check that you don't have other bind directives
in your cwmrc file and that no running application may have bound that
key.

Running a test with xev using an empty .cwmrc and a .xsession consisting
of only `exec cwm' could help in ruling out whether the key is really
not available for other reason or is 'just' a configuration error
somewhere in your .xsession or .cwmrc.

Re: how to play bytebeat on openbsd?

[Omar Polo]

On 2024/02/02 18:41:46 +, beecdadd...@danwin1210.de wrote:
> hello
> 
> I've tried for hours to play bytebeat as everyone else
> 
> I cannot find anything on the entire internet
> 
> all I got is `cat a.out >> /dev/speaker)` as root.. a.out is compiled code , a
> loop and `putchar(t*((t>>12|t>>8)&63>>4));`.. this doesn't sound nearly the
> same as it does to other people
> it's also slow, not fast

I don't think it makes sense to feed speaker(4) with an executable code.

Haven't seen the code, but based on your description I guess it should
be more like

$ ./a.out | doas tee /dev/speaker

or at least that's my guess, my crystall ball don't always works
correctly.

Re: tmux: mouse works in st but not in xterm

[Omar Polo]

On 2024/02/01 12:06:13 +0100, rsyk...@disroot.org wrote:
> Dear list,
> 
> 
> when I run tmux in xterm, the mouse support does not work.

by default mouse support is disabled on xterm on OpenBSD.  No clue why,
as I think it's useful.  The knob to enable it is

XTerm*allowMouseOps: true

which is documented in xterm.

Re: cleaning up /usr/local/lib after (many) upgrades?

[Omar Polo]

On 2024/01/27 20:43:17 +0100, Jan Stary  wrote:
> On Jan 27 17:46:07, a...@lists.gxis.de wrote:
> > I'm looking at one of my OpenBSD systems here that has been upgraded 
> > over a long time, and has /usr/local running out of space. 
> > 
> > It seems there's a lot of old versions of shared libraries in 
> > /usr/local/lib, like for example:
> > 
> >  > # ls -al /usr/local/lib/libvpx.so.*
> >  > -rw-r--r--  1 root  bin  1909442 Mar 27  2018 
> > /usr/local/lib/libvpx.so.10.0
> >  > -rw-r--r--  1 root  bin  2047296 Oct 11  2018 
> > /usr/local/lib/libvpx.so.11.0
> >  > -rw-r--r--  1 root  bin  3182104 Apr 19  2021 
> > /usr/local/lib/libvpx.so.12.0
> >  > -rw-r--r--  1 root  bin  2049592 Sep 26  2021 
> > /usr/local/lib/libvpx.so.13.0
> >  > -rw-r--r--  1 root  bin  2062112 Sep 29  2022 
> > /usr/local/lib/libvpx.so.14.0
> >  > -rw-r--r--  1 root  bin  2057584 Mar 25  2023 
> > /usr/local/lib/libvpx.so.15.0
> >  > -rw-r--r--  1 root  bin  2069504 Oct  6 00:20 
> > /usr/local/lib/libvpx.so.16.0
> >  > -rw-r--r--  1 root  bin  1869707 Jul 26  2016 
> > /usr/local/lib/libvpx.so.7.0
> >  > -rw-r--r--  1 root  bin  1909806 Oct  2  2017 
> > /usr/local/lib/libvpx.so.8.0
> > 
> > Is this expected, or a result of some error I made during upgrades?
> 
> That's definitely weird. Which packages own these files?
> $ pkg_info -E /usr/local/lib/libvpx.so.8.0
> $ doas pkg_check -Fq
> 
> > Usually I'm just running pkg_add -u to pull fresh versions of packages.
> > And is there some "standard" way to get rid of the old versions? 
> 
> pkg_add generally replaces the old version with the new versions.

not exactly.  it leaves old libraries around when they're needed by other
packages.  this is documented in pkg_add(1)

 4.   Shared libraries deserve special treatment: each shared library from
  the old packages that does no longer exist in the new packages, but
  that is required from a wantlib of another package is kept along in
  a stub package named .libs-.
  
I haven't found a mix of flags to list these .libs-* packages, but you
should be able to find them in /var/db/pkg

$ ls -d /var/db/pkg/.libs-*

usually, pkg_delete -a should get rid of them once they're not needed
anymore.  (i.e. all the packages are successfully updated -- this
includes also packages built and installed locally.)

> > I could probably compare whatever is there against the pkglocate 
> > database or check each file against pkglocate individually and parse 
> > the output or something
> 
> That's what pkg_info -F does.

and sysclean -p too I believe.

Re: cleaning up /usr/local/lib after (many) upgrades?

[Omar Polo]

On 2024/01/27 19:58:45 +0100, Alexander Bochmann  wrote:
> ...on 2024-01-27 19:35:18, Omar Polo wrote:
> 
>  > does pkg_delete -a help?  It should remove all the packages not needed,
> 
> I tried pkg_delete -a earlier today, but while it gave me a bunch 
> of files that I think were from base (/usr/X11R6 mostly), it didn't 
> turn up anything from /usr/local on this system.

I think you're mixing up pkg_delete and sysclean.  sysclean will give
you a list of extra files that are not needed, while pkg_delete handles
packages.

also, pkg_* never touches stuff outside of /usr/local (not entirely
correct, there's at least firmware, /var/db/pkg and sample files, but
they don't apply here.)

Re: cleaning up /usr/local/lib after (many) upgrades?

[Omar Polo]

On 2024/01/27 17:46:07 +0100, Alexander Bochmann  wrote:
> Hi -
> 
> I'm looking at one of my OpenBSD systems here that has been upgraded 
> over a long time, and has /usr/local running out of space. 
> 
> It seems there's a lot of old versions of shared libraries in 
> /usr/local/lib, like for example:
> 
>  > # ls -al /usr/local/lib/libvpx.so.*
>  > -rw-r--r--  1 root  bin  1909442 Mar 27  2018 /usr/local/lib/libvpx.so.10.0
>  > -rw-r--r--  1 root  bin  2047296 Oct 11  2018 /usr/local/lib/libvpx.so.11.0
>  > -rw-r--r--  1 root  bin  3182104 Apr 19  2021 /usr/local/lib/libvpx.so.12.0
>  > -rw-r--r--  1 root  bin  2049592 Sep 26  2021 /usr/local/lib/libvpx.so.13.0
>  > -rw-r--r--  1 root  bin  2062112 Sep 29  2022 /usr/local/lib/libvpx.so.14.0
>  > -rw-r--r--  1 root  bin  2057584 Mar 25  2023 /usr/local/lib/libvpx.so.15.0
>  > -rw-r--r--  1 root  bin  2069504 Oct  6 00:20 /usr/local/lib/libvpx.so.16.0
>  > -rw-r--r--  1 root  bin  1869707 Jul 26  2016 /usr/local/lib/libvpx.so.7.0
>  > -rw-r--r--  1 root  bin  1909806 Oct  2  2017 /usr/local/lib/libvpx.so.8.0
> 
> Is this expected, or a result of some error I made during upgrades?
> Usually I'm just running pkg_add -u to pull fresh versions of packages.
> 
> And is there some "standard" way to get rid of the old versions? 
> I could probably compare whatever is there against the pkglocate 
> database or check each file against pkglocate individually and parse 
> the output or something, but I'd assume I'm not the first user to 
> run into this?

does pkg_delete -a help?  It should remove all the packages not needed,
including the "special" .libs- packages that are often kept.

(but read the manpage, as "not needed" is a bit more broad than just
libs)

Re: cwmrc and environment variables

[Omar Polo]

Hello,

On 2024/01/10 11:41:01 +, Ioan Samarul  wrote:
> Hello to you all!
> 
> I am trying to define mappings in cwmrc for some of my scripts. If I
> use the full path (/home/user/bin/someScript) they work as expected,
> but if I use something like $HOME/bin/someScript cwm does not
> recognize the mapping.
> 
> Is there something else I should do or it is just not possible to use
> environment variables?

cwm does not replace environment variables.  However, the default PATH
includes ~/bin so just using `someScript' should work.

Re: Script doesn't stop opensearch

[Omar Polo]

On 2024/01/04 19:44:01 +, Mik J  wrote:
> [...]
> I still have a question Omar, you wrote that the pexp content would be matched
> "the daemon is found by looking for a process matching that pexp and killing 
> it."
> 
> Here I have
> pexp="$(/usr/local/bin/javaPathHelper -c opensearch) 
> .*org.opensearch.bootstrap.OpenSearch.*"

the $(...) part is evaluated and its output then substituted, so the
pexp effectively is

/usr/local/jdk-11/bin/java .*org.opensearch.bootstrap.Opensearch.*

You can double-check by just copy-pasting pexp="$(...) ..." in a shell
and then dumping the value of pexp, for e.g.: echo $pexp

Just like you've found, you may get a slightly different java path
depending on what you've set JAVA_HOME to.

(maybe javaPathHelper could strip extra / at the end; it would have
prevented this issue.)


Cheers,

Omar Polo

Re: Script doesn't stop opensearch

[Omar Polo]

On 2024/01/03 23:06:57 +, Mik J  wrote:
> Hello,
> 
> I don't understand how the startup/stop script works
> 
> # cat /etc/rc.d/opensearch
> #!/bin/ksh
> 
> daemon="/usr/local/opensearch/bin/opensearch"
> daemon_flags="-d -p /var/run/opensearch/opensearch.pid"
> daemon_user="_opensearch"
> 
> . /etc/rc.d/rc.subr
> 
> pexp="$(/usr/local/bin/javaPathHelper -c opensearch) 
> .*org.opensearch.bootstrap.OpenSearch.*"

  

this is the "magic" that powers rcctl check and stop.  The pidfile is
not used by the rc infrastructure (at least for opensearch), the daemon
is found by looking for a process matching that pexp and killing it.

You can check /etc/rc.d/rc.subr to see what exactly happens.

> rc_reload=NO
> 
> rc_pre() {
>     install -d -o _opensearch /var/run/opensearch/
> }
> 
> rc_cmd $1
> 
> 
> I can confirm that the pid I see in /var/run/opensearch/opensearch.pid is the 
> same I see in ps ax | grep opensearch
> 
> However when I want to stop the process
> # /etc/rc.d/opensearch stop
> Nothing happens

What do you mean with 'Nothing happens'?  Here it prints
'opensearch(ok)' and then the daemon is stopped.  (I generally use
rcctl, but the output and behaviour is the same.)

Re: [PossibleSpam] UTF-8 chars

[Omar Polo]

On 2023/12/16 20:12:16 +0100, Robert Palm  wrote:
> 
> Thanks again to all of you!
> 
> xterm is now working!!!
> 
> Still, xfce4-terminal doesn't seem to use this settings.
> 
> Don't dare to ask where that setting is digged.

I tried for curiosity and xfce4-terminal doesn't show the lock icon for
me either ( -- U+1F512) but japanese input (via fcitx) works which I
find curious.  I tried with several fonts (DejaVu, JuliaMono, IBM Plex,
Iosevka).

Re: [PossibleSpam] UTF-8 chars

[Omar Polo]

On 2023/12/16 12:08:03 +0100, Nowarez Market  wrote:
> 
> Using xterm, 
> then CTRL + Right click, 
> I add TrueType and I can display the lock:
> 
> https://5md.es/l/2cc972f
> 
> Seems you need a TrueType font do display the trick...

Yes, the default 'fixed' font has some 'fancy' character in it but not
much else.

The alternative is to run xterm with -fa 'Font Name' or something like
this to your ~/.Xdefaults (and then xrdb -load ~/.Xdefaults dependending
on your configuration)

XTerm*faceName: xft:DejaVu Sans Mono:pixelsize=10

also...

> Robert Palm  wrote:
> 
> > 
> > Seems I have no success...
> > 
> > Did a
> > 
> > export LC_CTYPE=de_DE.UTF-8

How did you ran this?  Running *inside* the terminal emulator won't
change anything.  I don't know if xfce sets up this var by itself, but
usually you'd need it in your ~/.xsession file.

Re: [PossibleSpam] UTF-8 chars

[Omar Polo]

On 2023/12/15 15:33:44 -0600, "Jay F. Shachter"  wrote:
> 
> Centuries ago, Nostradamus predicted that Robert Palm would write on Fri Dec 
> 15 15:10:58 2023:
> 
> > 
> > I am playing with UTF-8 characters and try to display, e.g. a lock  
> > symbol https://www.compart.com/en/unicode/U+1F512
> > 
> > I use xfce and set the terminal default character encoding to UTF-8 in  
> > advanced settings.
> > 
> > Still I cannot get it displayed in xterm or emacs, e.g. by simply  
> > trying to copy paste from the website :-/
> > 
> > Emacs gives a box and xterm a blank.

This is probably 'just' a font issue.  For instance, I'm currently using
DejaVu Sans Mono on xterm and it renders the lock icon for me, while on
emacs Julia Mono doesn't.

Make sure you have a UTF8 locale set too.

> Does your version of xterm support UTF-8?  Uxterm was originally the
> version of xterm that supported UTF-8.  That was a long time ago; on
> my system, xterm now also supports UTF-8.  Maybe on your system you
> have to install uxterm.

xterm on OpenBSD definitely supports and has utf8 enabled.

Re: Is Pip Available On OpenBSD? -- Sunday Afternoon Followup

[Omar Polo]

On 2023/12/03 14:38:04 -0600, "Jay F. Shachter"  wrote:
> How does one find out that, e.g., the package that provides pip is
> py3-pip?  I will respect an answer along the lines of "read the
> fabulous manual", but in that case, please tell me which fabulous
> manual page I should read.
> 
> Also -- and this may also be a matter of locating and reading the
> appropriate fabulous manual page -- I clearly do not understand how
> the asterisk character works with the pkg_add command.  After failing
> to install pip, pip3 or py310-pip, I tried the command
> 
>pkg_add -v \*pip\*
> 
> and that also failed.  Is there a way (other than by perusing, with a
> browser, a site where the packages reside) to find the package names
> that contain a given substring?

`pkg_info -Q pip' was already mentioned in the list, but another way is
using pkglocate (from the pkglocatedb package) to find which package
install an executable named "pip":

$ pkglocate bin/pip
...
pypy-7.3.1p7:lang/pypy:/usr/local/pypy/bin/pip
pypy-7.3.1p7:lang/pypy:/usr/local/pypy/bin/pip2
pypy-7.3.1p7:lang/pypy:/usr/local/pypy/bin/pip2.7
python-3.11.6p0:lang/python/3.11,-main:/usr/local/bin/pip3.11
python-3.9.18p0:lang/python/3.9,-main:/usr/local/bin/pip3.9

(the format is "package name:pkgpath:matching file" and unless you work
with the ports tree the pkgpath is mostly useless.)

as you can see, it finds both lang/pypy that provides a "pip" executable
in a non-standard directory, and also python3.11 and python3.9 providing
pip3.11 and pip3.9 respectively.

Re: And about /bin - Re: mkdir

[Omar Polo]

On 2023/11/23 14:18:22 +0100, Nowarez Market  wrote:
> 
> 
> Yesterday I was playing around some software and at a the certain
> point in time I launched in the shell:
> 
> wiz# rm -Rf *
> ksh: rm: wrong param -3

it's quite obvious when you know, yet maybe obscure the first time you
run into it.

The shell expands * to the list of matching files (i.e.  all the files
in the current directory) and pass them to rm(1).  Now, what happens if
you have a file called '-3'?  (or any file whose first character is a
minus sign)

it runs `rm -Rf -3 ...other files...' and then rm thinks -3 is an
option.

This is a "common" issue with globbing, and in fact almost all programs
understand "--" to separate flags from files.

Re: mkdir

[Omar Polo]

On 2023/11/23 12:38:50 +, Pascal Deveaux  wrote:
> simple command to create a directories return:
> 
> $ mkdir test
> ksh: mkdir: not found
> 
> I don't understand...

Start off by checking $PATH.  mkdir(1) should be in /bin, see if it's
listed there.  Depending on it, understand either why your $PATH is
wrong or why your filesystem is busted.

Re: Porting shell scripts from Tiny Tools

[Omar Polo]

On 2023/11/15 16:13:04 +0100, "Daniele B."  wrote:
> Testing regex for these "tiny tools" I noticed that both sed and grep have a 
> limited
> support for regex syntax. In the case of grep I had to revert to pcregrep to 
> get something
> better.

these tools by default use basic regexps (BRE).  You need egrep(1) (or
grep -E) and sed -E to get extended regexps (ERE).

Re: Porting shell scripts from Tiny Tools

[Omar Polo]

On 2023/11/14 08:19:11 -0300, Crystal Kolipe  wrote:
> On Tue, Nov 14, 2023 at 11:43:14AM +0100, Daniele B. wrote:
> > enanching the original tool "num".

I haven't read the previous linked stuff but

> /bin/cat already has the -c option to number lines, although it always starts
> numbering at 1.

I guess you meant -n, -c doesn't seem to exist.

> Wouldn't it be more useful to add the functionality to start numbering at a
> certain offset to /bin/cat by adding an argument to the -c option rather than
> creating a new tool?

One could argue that adding -n in the first place was a mistake (:

Re: smtpd[68513]: warn: lost processor: spamassassin exited abnormally

[Omar Polo]

I've committed the update and backported to -STABLE so the fixed package
should appear in the next days.

Thanks for the report and sorry for the breakage

Re: OpenBSD_one_site_web_hosting_software_recommendation

[Omar Polo]

On 2023/11/09 12:38:27 +0100, "soko.tica"  wrote:
> Hello,
> 
> I have a task to launch from scratch one site web hosting google cloud
> instance.
> 
> I know OpenBSD does have httpd web server, but I couldn't have found
> neither wordpress nor joomla software neither in packages nor in ports (7.4
> -stable).
> 
> Is there a possibility to launch wordpress or joomla on such an instance on
> OpenBSD? Which manpages should I read?
> Thanks in advance,

Both wordpress and joomla are written in PHP, so start by installing it
and reading the README file the php package installs in
/usr/local/share/doc/pkg-readmes/php-8.2

There you'll find carefully described the steps you need to to do run
php stuff in the /var/www chroot with OpenBSD' httpd (and also notes for
Apache httpd and nginx).  Pay particular attention to the "Extension
modules" section since wordpress will need a few of them, "Living with
chroot" and "Making network connections".

Similarly, you'll also need mariadb (for wordpress at least.)  Same
thing, the package installs a README file with the relevant information.

Then, installing wordpress is a matter of fetching the latest sources,
unzip them somewhere under /var/www/ and run the installer.  It will
probably complain about a few missing php modules (stuff like php-gd or
maybe php-zip).  Install them, restart php-fpm, rinse and repeat until
it's happy :)

Re: smtpd[68513]: warn: lost processor: spamassassin exited abnormally

[Omar Polo]

On 2023/11/07 22:44:56 +0100, Giovanni Bechis  wrote:
> On 11/7/23 20:16, Omar Polo wrote:
> > On 2023/11/07 19:30:43 +0100, Harald Dunkel  wrote:
> >> Hi Omar,
> >>
> >> sorry for the delay, but I have good news: The patch seems to
> >> work. Of course I will continue to watch it.
> > Thanks for verifying!
> >
> > Before bumping the smtp-filter protocol version I took at look at what
> > we had in the port tree to know what would break, but this slipped.
> > apologize.
> >
> > If it's OK for Giovanni and Joerg I'd like to commit this and backport
> > to 7.4-stable (same diff tested by Harald, reattaching for convenience.)
> [...]
> > +Index: filter-spamassassin.go
> > +--- filter-spamassassin.go.orig
> >  filter-spamassassin.go
> > +@@ -211,7 +211,7 @@ func run() {
> > +   for in.Scan() {
> > +   f := strings.Split(in.Text(), "|")
> > +   t, ver, ev, sid := f[0], f[1], f[4], f[5]
> > +-  if (t != "filter" && t != "report") || ver != "0.6" {
> > ++  if (t != "filter" && t != "report") || ver != "0.7" {
> > +   l3.Err(fmt.Sprintln(sid, "protocol", t, ver))
> does this still works with previous protocol versions ?

The only difference between 0.6 and 0.7 is the order of the link-auth
fields (`result' and `username' were swapped.)  As far as I can see,
filter-spamassassin doesn't use it, so it should work as usual on both
0.6 and 0.7 versions.

> ok giovanni@ in any case for current and 7.4 since it will be a no-op on 
> OpenBSD.

Thanks :)

Re: smtpd[68513]: warn: lost processor: spamassassin exited abnormally

[Omar Polo]

On 2023/11/07 19:30:43 +0100, Harald Dunkel  wrote:
> Hi Omar,
> 
> sorry for the delay, but I have good news: The patch seems to
> work. Of course I will continue to watch it.

Thanks for verifying!

Before bumping the smtp-filter protocol version I took at look at what
we had in the port tree to know what would break, but this slipped.
apologize.

If it's OK for Giovanni and Joerg I'd like to commit this and backport
to 7.4-stable (same diff tested by Harald, reattaching for convenience.)

Index: Makefile
===
RCS file: /home/cvs/ports/mail/opensmtpd-filters/spamassassin/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile26 Sep 2023 12:28:14 -  1.8
+++ Makefile5 Nov 2023 09:20:27 -
@@ -4,7 +4,7 @@ V = 0.7
 FILTER_NAME =  spamassassin
 DISTNAME = filter-spamassassin-${V}
 HOMEPAGE = https://www.umaxx.net/
-REVISION = 0
+REVISION = 1
 
 CATEGORIES =   mail
 
Index: patches/patch-filter-spamassassin_go
===
RCS file: patches/patch-filter-spamassassin_go
diff -N patches/patch-filter-spamassassin_go
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-filter-spamassassin_go7 Nov 2023 19:14:58 -
@@ -0,0 +1,14 @@
+handle the smtpd filter-protocol version 0.7
+
+Index: filter-spamassassin.go
+--- filter-spamassassin.go.orig
 filter-spamassassin.go
+@@ -211,7 +211,7 @@ func run() {
+   for in.Scan() {
+   f := strings.Split(in.Text(), "|")
+   t, ver, ev, sid := f[0], f[1], f[4], f[5]
+-  if (t != "filter" && t != "report") || ver != "0.6" {
++  if (t != "filter" && t != "report") || ver != "0.7" {
+   l3.Err(fmt.Sprintln(sid, "protocol", t, ver))
+   return
+   }

Re: smtpd[68513]: warn: lost processor: spamassassin exited abnormally

[Omar Polo]

On 2023/11/05 09:59:14 +0100, Harald Dunkel  wrote:
> Hi folks,
> 
> since OpenBSD 7.4 the spamassassin filter seems to be broken. On
> the first EMail opensmtpd dies with a message in maillog saying
> 
> Nov  5 08:59:23 mhost smtpd[60460]: bcc4f33a095bb28e smtp connected 
> address=xx.xx.xx.xx host=mail.example.com
> Nov  5 08:59:23 mhost filter-spamassassin[7782]: bcc4f33a095bb28e protocol 
> report 0.7
> Nov  5 08:59:23 mhost filter-spamassassin[7782]: exit

This seems to suggest that it's due the filter-protocol version bump.

(+cc filter-spamassassin maintainers)

I don't use filter-spamassassin and can't test, but since it doesn't
seem to use link-auth it shouldn't care about this protocol change, so
just bumping the version should be enough.

Can you try the following diff to see if it helps?

Index: Makefile
===
RCS file: /home/cvs/ports/mail/opensmtpd-filters/spamassassin/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile26 Sep 2023 12:28:14 -  1.8
+++ Makefile5 Nov 2023 09:20:27 -
@@ -4,7 +4,7 @@ V = 0.7
 FILTER_NAME =  spamassassin
 DISTNAME = filter-spamassassin-${V}
 HOMEPAGE = https://www.umaxx.net/
-REVISION = 0
+REVISION = 1
 
 CATEGORIES =   mail
 
Index: patches/patch-filter-spamassassin_go
===
RCS file: patches/patch-filter-spamassassin_go
diff -N patches/patch-filter-spamassassin_go
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-filter-spamassassin_go5 Nov 2023 09:20:36 -
@@ -0,0 +1,14 @@
+handle the smtpd filter-protocol version 0.7
+
+Index: filter-spamassassin.go
+--- filter-spamassassin.go.orig
 filter-spamassassin.go
+@@ -211,7 +211,7 @@ func run() {
+   for in.Scan() {
+   f := strings.Split(in.Text(), "|")
+   t, ver, ev, sid := f[0], f[1], f[4], f[5]
+-  if (t != "filter" && t != "report") || ver != "0.6" {
++  if (t != "filter" && t != "report") || ver != "0.7" {
+   l3.Err(fmt.Sprintln(sid, "protocol", t, ver))
+   return
+   }

Re: mg wishlist: vertical split

[Omar Polo]

On 2023/09/27 17:56:34 +, Eponymous Pseudonym  wrote:
> It's not only the display logic.  Requires the text editor data
> structure, file handling, buffers and mark, width re-flow, escaping
> and probably other areas review and fixes too.  Most of this is done
> for the horizontal split already, but it's more than what the
> horizontal (cut action direction) vertically (resultant panes above
> and below the separator) split requires.

wow, wait, this is way more than I intended.  All the points you
mention can be surely areas where mg can be improved, but you don't
need to change the buffer data structure, its file handling, or how
dot/mark works to implement vertical splits.

You 'only' have to augment the way the display draws the windows
(emacs parlance for splits) so that they can be arranged in a tree
(currently it's a list IIRC) to accomodate for nesting horizontals and
vertical splits.  Actually, we could take inspiration from the vis
text editor and only split either horizontally OR vertically which is
simpler.

Re-flowing a completely different story.  mg could do reflowing
without supporting vertical splits or have vertical splits without
reflowing; much like how a better data structure could reduce the
memory footprint or allow some unicode support but it's independent
from (much) of the display logic.

Re: mg wishlist: vertical split

[Omar Polo]

Hello,

On 2023/09/26 09:40:09 +0200, Harald Dunkel  wrote:
> Hi folks,
> 
> would it be possible to introduce a vertical split window (Ctrl-X 3)
> in mg, similar to horizontal split? I am really missing this feature.
> Vertical split allows me to work with similar files (shown side-by-side)
> much more efficiently.

I'd love to have vertical splits in mg as well, but the display logic
needs some heavy work to accomodate for it.  Take a look at display.c,
it's written in a way to only handle horizontal splits.  In fact,
among the various micro emacs descendants almost no implementation
support vertical splits :/

Not to say that's impossible for mg, just that it takes some non
trivial work.

Re: volatility or something like that in the future ?

[Omar Polo]

On 2023/08/18 02:06:11 +, whistlez  wrote:
> Il 2023-08-18 02:20 Scott Cheloha ha scritto:
> >> On Aug 17, 2023, at 10:28, whistlez  wrote:
> >> 
> 
> >> https://github.com/volatilityfoundation/volatility3
> > 
> > What is the utility of this software?  How
> > would supporting it benefit the project?
> > 
> > I read the summary on Github.  I am still
> > more or less completely in the dark on
> > why I or anyone would want to use it.
> 
> It seems rather important to me because it's not possible to be certain
> about the invulnerability of the underlying operating system or the
> kernel. Alternatively, an attacker might have a zero-day exploit on
> Firefox or Chrome and inject code into the process, allowing data
> exfiltration. Even though the attacker would be confined within the jail
> created by the kernel, it doesn't seem acceptable to have unauthorized
> code running on one's machine, especially in a critical process like a
> browser. The same principle could be applied to another process more
> focused on firewall solutions, such as Snort.
> 
> Furthermore, in my opinion - brace yourself, I might trigger an atomic
> war with what I'm about to say - we should consider it certain that the
> kernel could contain unknown vulnerabilities. Unauthorized code running
> in the kernel is impossible to detect, clearly. I'm talking about code
> that might not even reside on the disk but is injected remotely. Thus,
> the only way is through inspecting the RAM dump, that is, a software
> that can analyze the dump and determine its integrity.

Assuming that the kernel was compromised, how can you trust a tool to
detect that?  The compromised kernel could return normal-looking data
through /dev/{k,}mem (ignoring for a moment the perils of allowing
random software to access these devices.)  You'd be asking a liar if
they're telling the truth :)

Re: Installing openBSD

[Omar Polo]

On 2023/07/31 17:19:59 +0200, Karel Lucas  wrote:
> 
> Hi,
> 
> But fdisk also has an option to edit the existing partition table.

only if you want to do stuff manually, which from the thread I assume
you don't need.

> This 
> allows me to delete only the partitions related to PfSense without 
> deleting the (U)EFI partition.

yeah, if you ask to do things by yourself, you get to do the things
manually :)

> The question here is whether I will need 
> it to boot openBSD's root partition.

choose 'use whole disk' and let the installer nuke and re-create the
partition table.  it'll do the right thing for a standard
installation.

Re: smtpd.conf examples - quoting question/inaccuracy?

[Omar Polo]

On 2023/04/17 10:32:58 -0600, Steve Williams  
wrote:
> Hi,
> 
> I am working on making some changes to my smtpd.conf file and was looking
> at the man page for it.
> 
> from:
> https://man.openbsd.org/smtpd.conf
> 
> In the "Examples" section, there seems to be inconsistent use of
> quotation marks.  I'm not sure if there is any signficance to it, or
> if there's a preferred approach.
> 
> action mda_with_aliases mda "/path/to/mda -f -" alias 
> action mda_without_aliases mda "/path/to/mda -f -"
> action "outbound" relay
> 
> ^^^  Why does "outbound" have quotes around it, but not the 2 lines
> above in the mda_with_aliases and mda_without_aliases?
> 
> match for local action mda_with_aliases
> match from any for domain example.com action mda_without_aliases
> match for any action "outbound"
> 
> ^^^ Similarily, the "outbound" has quotes, but the 2 "mda_with.."
> lines don't have quotes.
> 
> Slightly confused, just wanting to understand precisely the config file.

While I agree that the example section could be more consistent in
this regard, I think this is already well explained at the top of the
man page:

[..] entire block.  Argument names not beginning with a letter, digit, or
underscore, as well as reserved words (such as listen, match, and port),
must be quoted.  Arguments containing whitespace should be surrounded by
double quotes (").

so except for the mda command string none of the argument in the bits
you mentioned strictly need quotations marks; it's just a matter of
personal style.

HTH

Re: Running Bugzilla in httpd - 'Pg' is not a valid choice for $db_driver in localconfig

[Omar Polo]

On 2023/03/24 18:06:03 +0800, Werner Boninsegna  wrote:
> Hello,
> 
> fake /dev/random means I created a file with a string of text such as 
> "1234567890". This was a workaround to get the application running.

...

> Your suggestion is to chroot into /var/www and run "MAKEDEV random" ?

If you really must run bugzilla, you'd be way better off by just
running slowcgi outside the chroot. (i.e. slowcgi -p /)

There are various way to do so, from the simplest

% doas rcctl set slowcgi flags -p /

to running a separate slowcgi service with that flag set.

Then, and just for the archive, please don't "fake" /dev/random or
whatever it means!  Sometimes "faking" /dev/null with an empty file
for the chroot is enough (like it is for cvsweb), but otherwise create
a real device.  You can even use a mfs over /var/www/dev to avoid
having to mount /var/www without `nodev'.  (I won't provide a recipe
for it but if you read mount_mfs(8), MAKEDEV(8), mknod(8) and fstab(5)
you should be able to do it.)

Or even better: don't force something that's not designed to be ran in
a chroot into it; it's a battle not worth fighting for.

Re: how to transmit desktop sound on xenodm.

[Omar Polo]

On 2023/03/21 05:41:37 +, openbsd_send  wrote:
> Thanks for Replay
> 
> I think "I have any miss understanding for sndiod with -L- flag" correct ?

Yes, I think you got it backward on your previous mail; it's easy to
confuse one end for the other in these cases ;-)

> and, pulseaudio "native-protocol-tcp or RTP" doesn't work on The OpenBSD ?

I don't see any reason why it shouldn't work.  My point is that
pulseaudio itself is *not used* on most stuff you'll find on OpenBSD.

OpenBSD has its own audio stack and most programs (including the
majority of the music/video players and web browsers in ports) use
sndio.  So, configuring the forwarding at the pulseaudio level doesn't
achieve anything since firefox is not using it in the first place.

> [OpenBSD remote: 192.168.2.5]
> ## x11vnc with fvwm runnning on Xvfb by xenodm
> ## and could browsing the internet by firefox-esr
> ## if transmit sound to [*BSD or Linux LOCAL:192.168.2.10]
> ## just do it...these command.
> AUDIODEVICE=snd@192.168.2.10/0 firefox-esr
> 
> [*BSD or Linux LOCAL:192.168.2.10]
> ## waiting the sound data by the sndiod
> ## just do it...these command.
> sndiod -L-
> 
> these are correct?

Yes, it looks correct.  Depending on your workflow you may want to
export AUDIODEVICE from ~/.xsession or even set things up so it's
always defined for you user in /etc/login.conf

> I know "windows doesn't have sndiod ports and doesn't work sndiod.".
> Already I tried pulseaudio running on FreeBSD and Linux (include in Android, 
> Raspberty PI) with Windows.It could get a sound by pulseaudio...

Yes, that's because on FreeBSD and Linux it is more usual to have
pulseaudio (or I guess pipewire now?) running.  OpenBSD instead tends
to use sndio, by default at least.

> pulseaudio is transmit the sound data. between the *BSD and Linux or 
> Windows...
> I think "OpenBSD could too."...
> and /etc/pulse/default.pa have a any modules by install the packages on 
> OpenBSD...

I guess that it should work on OpenBSD too, but the majority of the
programs are not using pulseaudio.  I *guess* that you can configure
some programs to use pulseaudio if you really must...

(no idea how to do that however, I tend to avoid pulseaudio if
possible ;-)

> Almost always I use the OpenBSD...
> a few time use the Linux or Windows for somebody's tasks(include in "connect 
> the my machine by VNC")...
> And "Any time need a sound."...
> 
> I want to any ideas...

Well, on FreeBSD and some Linux distro you can install and run sndiod
from their package managers.  That leaves out Windows though.  Maybe
it could work via the linux subsystem thingy (but it's just a guess --
I don't have any Windows machine.)

Re: how to transmit desktop sound on xenodm.

[Omar Polo]

On 2023/03/19 18:11:29 +, openbsd_send  wrote:
> Dear everyone.
> I have any Questions for sndiod and pulseaudio.
> 
> I tried [OpenBSD Remote] to [Windows Local]...
> but, I was never to get success...
> how can i do it...
> 
> I am using X11VNC by Xvfb...
> I want to get Desktop sound...
> 
> have any ideas?

I might be wrong but firefox shouldn't be using pulseaudio on OpenBSD,
so tunnelling it doesn't do anything.

I'm also not sure you're doing the sndiod remote audio thingy
correctly.

(see )

You should be running sndiod with the -L- flag on the system where you
want to audio to be played (i.e. windows in your case -- don't know if
there is a port of sndio for it or if it could work with the linux
subsystem) and run

$ AUDIODEVICE=snd@192.168.2.10/0 firefox

on OpenBSD so that the audio is sent thru your lan and being played on
your Windows machine.

Unfortunately I don't have the slightest idea whether sndio runs under
Windows; I've only did something like that with a rpi3 running linux
and it worked fine :)

HTH


--
Please keep replies in the ML

Re: Gitweb with Httpd on openbsd server

[Omar Polo]

On 2023/02/19 18:17:25 +0100, airwan+...@mailo.com wrote:
> Hello,
> 
>  I am in trouble to set up gitweb with httpd. I am not aware with webersever. 

First thing to notice is that most web server (httpd(8) from base but
also a few of the ones you can get from ports) on OpenBSD runs by
default in the /var/www chroot.

>  My /etc.gitweb.conf contains:
> 
>  $projectroot = "/home/git";

so this is not going to work.  A process inside the /var/www chroot
will try to open /var/www/home/git which I don't expect to exists.

Actually, the config file won't be parsed at all since it's in /etc...

>  $projects_list = $projectroot;
> 
>  My /etc/httpd.conf contains 
> 
>  server "default" {
>   listen on * port 80
>   fastcgi 
>   root "/gitweb"
>  } 
> 
> because I copy /usr/local/share/gitweb to /var/www/gitweb
> 
> The later contain gitweb.cgi.
> 
> I also copy perl, and libraries to a subtree in /var/www/usr/...

Hold still for a moment and think what you're doing.  You're almost
re-creating a standard OpenBSD installation inside /var/www.  Why?

Some software just isn't designed to run in a chroot (gitweb in this
case) and forcing it to run inside one will always require hacks.
Lots of ugly hacks usually.

If you really really really _must_ use gitweb, then you'll probably
find it easier to run httpd(8) and slowcgi(8) without chroot.

Personally I won't do it.  And neither suggest others to do so.
You're loosing many of the advantages the design and defaults of
httpd(8) and slowcgi(8) brings to you.

There are other solutions that can work nicely in a /var/www chroot
however.

For starters, there are various programs that exports a git repository
to a set of static HTML files (stagit comes to mind, but it's far from
being the only.)

cgit (as packaged on OpenBSD) should also work by default inside the
/var/www chroot and has an handy README with hints for the httpd(8)
configuration needed.

Then there's gotwebd, which I personally prefer among these options,
but note that I'm biased being one of the contributors ;-)

(and there's probably more I'm just forgetting about.)

Re: DBeaver or similar db tool

[Omar Polo]

On 2023/02/08 10:27:00 +, Stuart Henderson  
wrote:
> On 2023-02-08, Michael Hekeler  wrote:
> > Am 07.02.23 15:27 schrieb Daniele B.:
> >> Hello,
> >> 
> >> I'm looking around a new "work environment" offering what in terms
> >> of software and I came across a list of appealing software
> >> suggested in the category 'db tools' to manage my
> >> databases.
> >> 
> >> Among those I notice DBeaver (https://dbeaver.io/).
> >> 
> >> Any chance to have a rich db tool like DBeaver ported to
> >> OpenBSD soon or later?
> >
> >
> > As others said before DBeaver is written using Java 17 and maybe you can
> > compile it whith OpenJDK 17 and Maven.
> 
> It is, but it's not pure Java, inside some .jars are compiled .so
> files (OS-specific "native code"), and there are native binaries
> 
> product/community/target/products/org.jkiss.dbeaver.core.product/linux/gtk/x86_64/dbeaver/dbeaver
> product/community/target/products/org.jkiss.dbeaver.core.product/win32/win32/x86_64/dbeaver/dbeaver.exe
> product/community/target/products/org.jkiss.dbeaver.core.product/win32/win32/x86_64/dbeaver/dbeaverc.exe
> product/community/target/products/org.jkiss.dbeaver.core.product/macosx/cocoa/x86_64/DBeaver.app
> 
> As well as build system changes needed to build OpenBSD binaries, there
> are checks inside the code itself for OS type as well as it does some
> things slightly differently on Linux which would likely need patching
> to also handle OpenBSD.

there are some issues on github that hints that it should run on
FreeBSD as eclipse plugin.  I assume that then it doesn't need the
native bits.

> I think it's unlikely you are going to run this on OpenBSD without a
> fair bit of pain.
>
> From release notes:
> 
> | ChatGPT integration for smart completion and code generation 
> 
> kill me now

LOL

i completely lost the interest when seeing it.  (joking, the idea of
running eclipse alone made me loose interest)

> > From my experience (which you can safely ignore for sure) i can suggest:
> > if you really want to use a database then you have to use the tools
> > provided by this database.
> > The time learning such all-purpose database management tools is better
> > invested in learning the quirks of the specific DBMS you want to use.
> > I find this is true for postgresql, oracle and sql-server.
> >
> >

Re: DBeaver or similar db tool

[Omar Polo]

Hello,

On 2023/02/08 08:42:40 +0100, Daniele Bonini  wrote:
> 
> Just coming from trying DBeaver intall..
> 
> cd dbeaver 
> launching `mvn package`:
> 
> [[ERROR] The build could not read 1 project -> [Help 1]
> [ERROR]   
> [ERROR]   The project org.jkiss.dbeaver:dbeaver:1.0.0-SNAPSHOT 
> (/usr/local/dbeaver/pom.xml) has 1 error
> [ERROR] Invalid artifact repository: Unable to provision, see the 
> following errors:
> [ERROR] 
> [ERROR] 1) Error in custom provider, java.lang.TypeNotPresentException: 
> Type org.eclipse.tycho.p2maven.repository.P2ArtifactRepositoryLayout not 
> present
> [ERROR]   at 
> ClassRealm[extension>org.eclipse.tycho:tycho-maven-plugin:3.0.1, parent: 
> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc] (via modules: 
> org.eclipse.sisu.wire.WireModule -> 
> org.eclipse.sisu.plexus.PlexusBindingModule)
> [ERROR]   while locating 
> org.apache.maven.artifact.repository.layout.ArtifactRepositoryLayout 
> annotated with @com.google.inject.name.Named(value="p2")
> [ERROR] 
> [ERROR] 1 error: 
> org/eclipse/tycho/p2maven/repository/P2ArtifactRepositoryLayout has been 
> compiled by a more recent version of the Java Runtime (class file version 
> 61.0), this version of the Java Runtime only recognizes class file versions 
> up to 55.0

you need to use a newever version of java.  The readme is confusing,
first says jdk 11 and later 17, but is 17 the one really needed.

I have 17 selected by default since i've added it to my PATH.  another
way would be to set JAVA_HOME=/usr/local/jdk-17/ (and don't forget to
install the package too.)

with that, maven finishes to build.  I don't have any clue on how to
run this stuff though, so haven't tested.  I think (based on some
github comment) that you need to install eclipse and run dbeaver as a
plugin?

HTH


Omar Polo

Re: httpd and locale

[Omar Polo]

On 2023/01/30 15:57:03 +0100, Manuel Giraud  wrote:
> Hi,
> 
> Is it possible to serve files with non ASCII UTF-8 charaters in their
> names with httpd?  I have tried to start httpd like this:
> 
>   $ env LC_CTYPE=en_US.UTF-8 httpd -d
> 
> But, I always get a 404 error on such files.  Am I missing something?
> Or maybe this behaviour is on purpose?

The encoding of the filename shouldn't matter.  UNIX file names are
just bytestrings where only '/' and '\0' are disallowed.

I'm able to serve a file generated as such:

% filename="$(printf '<\a\a\a\n\t\x8f>')"
% date >$filename

so it should work.

How are you trying to fetch the file?  which which client?  is the
client correctly percent-encoding/decoding the filenames?

a "good" request should show up in logs like

localhost ::1 - - [30/Jan/2023:19:18:20 +0100] "GET //%3C%07%07%07%0A%09%8F> 
HTTP/1.1" 200 29

Re: Installing with usb

[Omar Polo]

On 2023/01/17 13:08:48 -0300, Gustavo Rios  wrote:
> Hi folks!
> 
> I am trying to get openbsd installed in my notebook, i am using usb device
> (sandisk) to install it. The problem is that when i am given the choice of
> source for the install file sets, does not appear usb; only cd0 disk nfs
> http and the like.

usb counts as 'disk'.  It'll then ask you if it's already mounted,
reply no, and continue.

to find out the name of the usb i think the easiest way is to just
unplug and plug it back, the kernel should log the attach on the
screen (the writings with the blue background.)

Re: Guide for Configuring python(1) with httpd(8)

[Omar Polo]

On 2022/12/18 10:23:39 +, indivC  wrote:
> On Sunday, December 18th, 2022 at 9:04 AM, Omar Polo  
> wrote:
> > Since httpd speaks fastcgi, why not write some python code that
> > accepts the requests over fastcgi? (assuming this is what you're
> > trying to do, but you didn't tell.)
> 
> I believe that is exactly what I'm trying to do. 
> The end goal is to be able access a python(1) file from httpd(8).
> My understanding is you have to configure slowcgi(8),
> which utilizes fastcgi, within httpd(8).
> I've been able to configure that without any problems using perl(1),
> but not with python(1).

not exactly, fastcgi is a binary protocol, whereas from what you're
writing I'm assuming you're trying to run a CGI script written in
python with slowcgi.

(this is what I meant with "explain what you're trying to do" as there
is a big difference between running a python web application and
running a custom CGI script.)

there are less ugly hacks (IMHO) than one can do with slowcgi instead
of installing huge things like scripting languages inside the /var/www
chroot, but...

> With python(1), because the problem is occurring
> before I even get to httpd(8), I left that out of the message. 
> If I attempt to access the python(1) file currently, 
> I still see the same 'ld.so' error message I mentioned before.
> Therefore, I was trying to leave out httpd(8)
> and slowcgi(8) configuration as that isn't where the problem lies. 
> 
> As mentioned before, if you have a better solution for this, 
> please share.
> Any links you can provide for step by step instructions 
> or general steps on how to accomplish this would be helpful. 
> 
> Thanks.

...I think that instead of installing python in the /var/www chroot
(plus all the dependencies you'd need) if you really want to use httpd
and write your stuff in python you may have your python script talk
fastcgi instead.

On pypi there is a 'fastcgi' library.  it's not packaged on OpenBSD
and I can't asses how good it is, I'm not reccomanding it (just did a
random search on the web and was the first result), but at least seems
to work: (modeled after the example code in the github repo)

#!/usr/bin/env python
# hello.py

from fastcgi import *
from socketserver import TCPServer

class MyHandler(FcgiHandler):
def handle(self):
self.print('Content-type: text/plain\n')
self.print("Hello, world!")

addr = ('localhost', )
with TCPServer(addr, MyHandler) as srv:
srv.serve_forever()

and here's the matching httpd.conf bit

server "localhost" {
listen on * port 80
fastcgi socket tcp localhost 
}

this has the advantage of not needing to fork one process per request
like CGI would do, but you need to secure your application by yourself
(running it as a different user for starters -- no idea if you can do
fancier things with python.)

Re: Guide for Configuring python(1) with httpd(8)

[Omar Polo]

instead of asking how to do X so that you can do Y, ask directly how
to do Y.

Why do you need python at all in the chroot?  Installing all the
needed files (and keeping them up-to-date!) manually in a chroot is a
pain.

Since httpd speaks fastcgi, why not write some python code that
accepts the requests over fastcgi?  (assuming this is what you're
trying to do, but you didn't tell.)

On 2022/12/18 07:07:20 +, indivC  wrote:
> Can anyone provide a guide for this or rough instructions?
> I'm running httpd(8) and trying to utilize a python(1) script
> with an html file. 
> I've got this working using perl(1). 
> However, it doesn't work with python(1) when following the same steps. 
> 
> My python(1) version is 3.9.15
> My OpenBSD version is 7.2 stable. 
> 
> First, I use ldd(1) 
> to determine what files I need to copy for python(1).
> Second, in '/var/www/', 
> I create all the folder paths from the ldd(1) output.
> Third, I change the ownership of all the folders to be 'www:www'. 
> Then, I copy all the files from the ldd(1) output 
> into their respective folders. 
> Lastly, I change the permissions of all these files to 750. 
> 
> At this point, before doing anything with httpd(8), 
> I try testing to ensure everything is correct with python(1). 
> If I run 'python3 /var/www/htdocs/test/test.py', the script runs.
> However, if I run 'chroot /var/www htdocs/test/test.py', 
> I get the following error:
> "ld.so: python3: can't load library 'libintl.so.7.0'"
> 
> 'libintl.so.7.0' was one of the files that appeared in ldd(1). 
> ldd(1) said the path was '/usr/local/lib/'
> and I've got the file copied to '/var/www/usr/local/lib/', 
> so I'm unsure why python(1) is saying it can't load it. 
> 
> What's a little strange
> is if I run the 'chroot' command from above several times in a row, 
> I'll see the same error for 'libpython3.9.so.0.0' as well.
> ldd(1) also showed this file and I also have it, 
> so I'm not really sure what the problem is. 
> 
> I've seen some posts indicate
> that I also need to copy '/sbin/ldconfig' to '/var/www/'.
> Then, run 'chroot /var/www sbin/ldconfig /usr/local/lib/'.
> When I do that, I get the following error:
> "ldconfig: /var/run/ld.so.hints.: No such file or directory"
> 
> In the above error, '' seems to be some pseudorandom value.
> If I run the command multiple times, that value changes every time.
> For instance, one value I got is 'IkB2akBOKX'.
> 
> Maybe the steps to configure this are a little different for python(1)
> when compared to perl(1). 
> This is why I was hoping someone could provide a link to a guide
> or provide some general steps for configuring this. 
> Currently, I've just been trying to piece together
> what I've been able to find online.
> 
> Thanks.

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

[Omar Polo]

On 2022/12/17 18:03:01 +0100, Omar Polo  wrote:
> On 2022/12/17 16:25:20 +, Lucas  wrote:
> > > > Then the private keys within would all have 0400 permissions, user and 
> > > > group
> > > > being the same (so _prosody:_prosody for XMPP-related TLS). I noted 
> > > > that the
> > > > default is 700 permissions on `/etc/ssl/private` with root:wheel 
> > > > ownership. Is
> > > > the approach I've just outlined with adding a group and modifying 
> > > > permissions a
> > > > bad idea?
> > > 
> > > Personally, I wouldn't deviate from the os defaults by changing the
> > > permission on /etc/ssl/private.
> > > 
> > > it seems fragile, and you'd also need to make sure permissions are
> > > kept when updating the certificates.
> > 
> > 100% agree with this. Also, you should update mtree accordingly to avoid
> > security(8) noise, then you can get some sysmerge noise on updates, ...
> > 
> > > all handled by cron as usual:
> > > 
> > >   ~ * * * * acme-client example.com && rcctl reload httpd
> > >   ~ * * * * acme-client xmpp && rcctl restart prosody
> > 
> > What I do is replacing `rcctl restart prosody` with a script that
> > 
> > 1. Copies private key and certificate into `/etc/prosody/certs` and
> >fixes the owners and permissions
> > 2. Runs `rcctl reload prosody` instead
> 
> that's basically what i had too, before noticing that i could have
> acme-client do the work for me.
> 
> > I believe that a plain `rcctl re{load,start} prosody` shouldn't work
> > after acme-client creates a new private key, as that is created with
> > mode 0400 owned by root, and prosody runs under _prosody user directly,
> > not starting as root, reading the key and then dropping to _prosody.
> 
> the key is 0400 but inherits the permissions from the directory, so
> it's _prosody:_prosody here.

Correction: acme-client creates the key as 0400 and permissions
root:_prosody, which means that prosody can't read it.  However, once
chown'ed to _prosody:_prosody one time its owner won't change (or at
least hasn't changed for me yet) and regular certs update works fine.

> (replacing my domain name with `example.com', the output is untouched
> otherwise.)
> 
> antartica$ doas ls -lah /etc/prosody/certs/
> total 48
> drwx--  2 _prosody  _prosody   512B Nov 22 20:19 .
> drwxr-xr-x  4 root  wheel  512B Jun  9  2022 ..
> -rw-r--r--  1 root  _prosody   805B Nov 12 20:28 Makefile
> -r--r--r--  1 root  _prosody   5.9K Nov 22 20:19 example.com.crt
> -r--r--r--  1 root  _prosody   5.9K Sep 23 20:33 example.com.crt.1
> -r  1 _prosody  _prosody   3.2K Apr  1  2022 example.com.key
> -rw-r--r--  1 root  _prosody   1.5K Nov 12 20:28 openssl.cnf
> lrwxr-xr-x  1 root  _prosody17B Mar 27  2022 room.example.com.crt -> 
> example.com.crt
> lrwxr-xr-x  1 root  _prosody17B Mar 27  2022 room.example.com.key -> 
> example.com.key
> lrwxr-xr-x  1 root  _prosody17B Apr  1  2022 upload.example.com.crt 
> -> example.com.crt
> lrwxr-xr-x  1 root  _prosody17B Apr  1  2022 upload.example.com.key 
> -> example.com.key
> 
> Have been running like this for various months already and worked
> flawlessly.  I'd like to revisit the configuration sometimes to drop
> the symlinks tho.

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

[Omar Polo]

On 2022/12/17 16:25:20 +, Lucas  wrote:
> > > Then the private keys within would all have 0400 permissions, user and 
> > > group
> > > being the same (so _prosody:_prosody for XMPP-related TLS). I noted that 
> > > the
> > > default is 700 permissions on `/etc/ssl/private` with root:wheel 
> > > ownership. Is
> > > the approach I've just outlined with adding a group and modifying 
> > > permissions a
> > > bad idea?
> > 
> > Personally, I wouldn't deviate from the os defaults by changing the
> > permission on /etc/ssl/private.
> > 
> > it seems fragile, and you'd also need to make sure permissions are
> > kept when updating the certificates.
> 
> 100% agree with this. Also, you should update mtree accordingly to avoid
> security(8) noise, then you can get some sysmerge noise on updates, ...
> 
> > all handled by cron as usual:
> > 
> > ~ * * * * acme-client example.com && rcctl reload httpd
> > ~ * * * * acme-client xmpp && rcctl restart prosody
> 
> What I do is replacing `rcctl restart prosody` with a script that
> 
> 1. Copies private key and certificate into `/etc/prosody/certs` and
>fixes the owners and permissions
> 2. Runs `rcctl reload prosody` instead

that's basically what i had too, before noticing that i could have
acme-client do the work for me.

> I believe that a plain `rcctl re{load,start} prosody` shouldn't work
> after acme-client creates a new private key, as that is created with
> mode 0400 owned by root, and prosody runs under _prosody user directly,
> not starting as root, reading the key and then dropping to _prosody.

the key is 0400 but inherits the permissions from the directory, so
it's _prosody:_prosody here.

(replacing my domain name with `example.com', the output is untouched
otherwise.)

antartica$ doas ls -lah /etc/prosody/certs/
total 48
drwx--  2 _prosody  _prosody   512B Nov 22 20:19 .
drwxr-xr-x  4 root  wheel  512B Jun  9  2022 ..
-rw-r--r--  1 root  _prosody   805B Nov 12 20:28 Makefile
-r--r--r--  1 root  _prosody   5.9K Nov 22 20:19 example.com.crt
-r--r--r--  1 root  _prosody   5.9K Sep 23 20:33 example.com.crt.1
-r  1 _prosody  _prosody   3.2K Apr  1  2022 example.com.key
-rw-r--r--  1 root  _prosody   1.5K Nov 12 20:28 openssl.cnf
lrwxr-xr-x  1 root  _prosody17B Mar 27  2022 room.example.com.crt -> 
example.com.crt
lrwxr-xr-x  1 root  _prosody17B Mar 27  2022 room.example.com.key -> 
example.com.key
lrwxr-xr-x  1 root  _prosody17B Apr  1  2022 upload.example.com.crt -> 
example.com.crt
lrwxr-xr-x  1 root  _prosody17B Apr  1  2022 upload.example.com.key -> 
example.com.key

Have been running like this for various months already and worked
flawlessly.  I'd like to revisit the configuration sometimes to drop
the symlinks tho.

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

[Omar Polo]

On 2022/12/15 13:56:00 -0700, Ashlen  wrote:
> Hi all, so I'm wondering how to securely deal with TLS certificates on a 
> server
> that's grown to host multiple services (website, XMPP, soon email as well).
> Specifically how to handle permissions and to what degree certificates should 
> be
> separated.
> 
> (I recognize this is a long email. I'm unsure how to break down my thoughts
> further)
> 
> I know that I could add a load of Subject Alternative Names to one big
> certificate, but I have a couple of concerns with this.
> 
> 1) If I understand it right, if there's a security issue with one program and 
> an
> attacker gains arbitrary read, and the effective user id can read the private
> key, the exposure is greater than it has to be (that is to say, domains that 
> are
> completely unrelated to the insecure program are exposed). Daemons outside of
> base unfortunately often lack privilege separation to the extent that it 
> exists
> in base, so there may not be a separate user to handle private keys, and then
> the whole thing has the potential to blow up later.
> 
> 2) A long list of Subject Alternative Names means that anyone connecting to 
> the
> web server can see all of the additional subdomains that are unrelated to the
> web server being hosted. This is really a nitpick compared to the first point,
> as even without this being the case there are other methods of enumeration and
> discovery (nmap and friends), and relying on DNS entries being hidden seems 
> like
> a bad idea.
> 
> The best way I can think of how to handle this so far, and "best" is used very
> loosely since I don't think it's a perfect solution, is to split the keys up,
> add a separate group, and modify `/etc/ssl/private`.
> 
> ```
> # groupadd tls
> # usermod -G tls _prosody
> # chown root:tls /etc/ssl/private
> # chmod 750 /etc/ssl/private
> ```
>
> Then the private keys within would all have 0400 permissions, user and group
> being the same (so _prosody:_prosody for XMPP-related TLS). I noted that the
> default is 700 permissions on `/etc/ssl/private` with root:wheel ownership. Is
> the approach I've just outlined with adding a group and modifying permissions 
> a
> bad idea?

Personally, I wouldn't deviate from the os defaults by changing the
permission on /etc/ssl/private.

it seems fragile, and you'd also need to make sure permissions are
kept when updating the certificates.

> Even if it makes sense to do it this way, I still have a separate issue in 
> that
> when two or more services need the certificate for the root domain, they'll 
> end
> up sharing it, and I'm unclear what the right way to fix that problem is. If
> it's only services in the base system, that's one thing. But Prosody also has
> this issue with the way I set it up. Currently it's configured so that 
> usernames
> can be in the form "u...@example.com" rather than "u...@xmpp.example.com"
> (similar to how email usernames use the root domain). This means it needs the
> certificate for the root domain so that authentication can take place over 
> TLS,
> and that breaks the separation.

you can just issue multiple certificates.  A compromised prosody would
still be able to leak the certificate for "example.com", but there's
no other way around it as it needs the certificate.

> For some services, it can make sense to use relayd(8) and let that handle TLS
> instead, which simplifies things since relayd has proper privilege separation
> and can even use SNI. But I'm unsure how this could be done with something 
> like
> Prosody since XMPP uses STARTTLS (outside of exceptions to that rule like
> XEP-0368).
> 
> What can I do to manage this better? Any ideas/suggestions are very welcome.
> Thank you for reading all of this if you made it here.

Can only speak for prosody as it's the only non-base daemon I'm
getting TLS certificates for; my strategy with it has been to generate
a different certificate and to deliver it in a place where only
prosody can read it.  Luckily, the prosody package installs
/etc/prosody/certs owned by _prosody alone.

# /etc/acme-client.conf
domain xmpp {
domain name example.com
alternative names { room.example.com upload.example.com }
domain key "/etc/prosody/certs/example.com.key"
domain full chain certificate 
"/etc/prosody/certs/example.net.crt"
sign with letsencrypt
}

note the `domain' name is "xmpp" because I have another `domain' block
for the same domain (but different alt names) for httpd:

# only for httpd
domain example.com {
alternative names { www.example.com }
...
}

all handled by cron as usual:

~ * * * * acme-client example.com && rcctl reload httpd
~ * * * * acme-client xmpp && rcctl restart prosody

in prosody.conf.lua i have

certificates = "certs"

I also have some symlinks in /etc/prosody/certs in the form:

Re: Tools, options or workflow for checking modifications in outdated CVS checkout

[Omar Polo]

On 2022/08/22 12:32:24 +, Mikolaj Kucharski  wrote:
> Hi,
> 
> I have random OpenBSD CVS checkouts across different directories and
> machines. I work on something, life interrupts, I come back to it
> after longer period of time. In the meantime CVS repo moves forward and
> my checkout is out of date.
> 
> How I can efficiently check for M's (modified) in the repo, without
> actually updating the repo?
> 
> I'm looking for something a long the lines, if a file is outdated, but
> NOT modified, no output is produced. However if the file is locally
> modified, then path should be printed to stdout.
> 
> Do you guys know is there any tool available like that?
> 
> It's important for me that during that process, repo stays read-only and
> no modifications are taking place to the checkout.
> 
> To simulate outut I'm looking for something like this:
> 
> $ cvs -q up -PAd
> ? sbin/ifconfig/ifconfig.c-combined
> ? sbin/ifconfig/obj
> ? sys/arch/amd64/compile/GENERIC.MP/obj
> ? usr.sbin/sysupgrade/sysupgrade.diff
> ? usr.sbin/sysupgrade/sysupgrade.patch
> M sbin/ifconfig/ifconfig.8
> M sbin/ifconfig/ifconfig.c
> M sys/net/if_wg.c
> M sys/net/if_wg.h
> 
> However above output does update, so modifies the repo, which I wouldn't
> want to happen.
> 
> Please CC me in any replies.

I think -n is what you're looking for:

% cvs -n up -d
cvs update: Updating .
M xcompmgr.c
? obj
cvs update: Updating man

Re: OpmenBDS XFCE

[Omar Polo]

On 2022/08/13 15:41:56 +0300, Tuzson Zoltan  wrote:
> Ok, I tested it, but it can not boot from the USB, because it is not
> bootable. Please tell me how can I make a bootable USB under Windows 10, to
> install from USB the Open BSD!
> Thank you!

No idea, sorry.  All i can say is that the .img file should have the
partitions correctly set up if written as-is to the disk.  On a UNIX
machine you could do that with the `dd' program, on Windows I have no
clue.  Maybe you can try asking for Windows-specific help in a
different forum.

> Omar Polo  ezt írta (időpont: 2022. aug. 13., Szo 15:29):
> 
> > On 2022/08/13 13:32:10 +0300, Tuzson Zoltan  wrote:
> > > On the link, when I downloaded and I try to write to the USB with Rufus
> > or
> > > Etcher, I got the error message, that the install71.iso it is not a
> > > bootable file?
> > > What can I do?
> >
> > Never used Rufus before, but I think you need to download
> > install71.img if you plan to use an USB stick for the installation.
> >
> >
> > --
> > Please keep replies on the mailing list.
> >

--
Please keep replies on the mailing list.

Re: OpmenBDS XFCE

[Omar Polo]

On 2022/08/13 13:32:10 +0300, Tuzson Zoltan  wrote:
> On the link, when I downloaded and I try to write to the USB with Rufus or
> Etcher, I got the error message, that the install71.iso it is not a
> bootable file?
> What can I do?

Never used Rufus before, but I think you need to download
install71.img if you plan to use an USB stick for the installation.


--
Please keep replies on the mailing list.

Re: OpmenBDS XFCE

[Omar Polo]

Hello,

On 2022/08/13 13:53:21 +0300, Tuzson Zoltan  wrote:
> Greetings, I am totally new in Linux and Unix, and I want to try the OpenBS
> OS.

That's great!

However, a small correction is due.  There are many different systems
that are UNIX-like and not all of them share a common heritage.  Linux
and OpenBSD are different systems with different histories and
different goals, even though they're both UNIX-like and so share some
similarities.

(Also, please, it's spelled OpenBSD -- where BSD stands for Berkely
Software Distribution)

There are lots of articles on the net about the history of UNIX, BSD
and Linux if you're interested in learning more about it, I found it
quite fascinating.

> First I want to try only the XFCE Live CD then then the install
> version of the XFCE version (not the command line version). I found only
> one link on the Web to download this, but the 7z archive it is corrupted, I
> tested a many time.
> Can you tell me a ling from where I can download the LiveCD XFCE and the
> install from the XFCE from an USB without command line.
> Thank you in advance: TuZo

You can download OpenBSD from the official website at:

https://www.openbsd.org/faq/faq4.html#Download

flash it for e.g. on a USB and install it.  Officially, there isn't
any "live system" available: there's just a simple installer.  There
are some third parties that provides something like that but are not
officially supported by the project.

Once installed, XFCE is available in packages.

For more information please check out the FAQs

https://www.openbsd.org/faq/index.html

in particular the "Package Management" one

https://www.openbsd.org/faq/faq15.html

and "The X Window System"

    https://www.openbsd.org/faq/faq11.html


Cheers,

Omar Polo

Re: Makefile for a custom port

[Omar Polo]

Mik J  wrote:
> Hello,
> I'm trying to make a port
> This program has dependencies with Go to name one.
> How should I indicate this dependency in the Makefile ?

for some big stuff like go, python etc the right way is often just
include the correct module

MODULES = lang/go

see bsd.port.mk(5) and port-modules(5) for more info.

(by the way, for go portgen(1) often does a good work at scaffolding the
port for you.)

> Should I use BUILD_DEPENDS = or LIB_DEPENDS =Go is used to build my program 
> but also to use it thereafter.
> Should I use WANTLIB += ?

BUILD_DEPENDS are for stuff needed to build the thing, while LIB_DEPENDS
for packages that provides the libraries needed.  WANTLIB lists the
libraries that the program links to.

usually you can fix LIB_DEPENDS and WANTLIB using

$ make port-lib-depends-check

once you have something that works.  it will complain about missing
packages in LIB_DEPENDS (look for the NOT REACHABLE lines in the output)
and will suggest a sensible WANTLIB.  99% of the times this is enough.

(there are programs that dlopen(3) libraries at run time but luckly
these are not the majority.  For these you need to see which libraries
they want and register them in the port; make port-lib-depends-check
will complain but that's expected in this case.)

modules will often add stuff to BUILD_DEPENDS, when in doubt don't
forget to run `make show=BUILD_DEPENDS' (or any other variable really)
to see its content.

> Also what is the right way to make an Openbsd package ?I read that in a port 
> tutorial that the right way is to make the port and during that process the 
> make package will do that.
> Thank you

yep, `make package' will create a package under /usr/ports/packages/.
`make install' will install it thru pkg_add.  again, see bsd.port.mk(5)
for more information, it carefully describes how "package", "install",
"update", "deinstall" etc works.

Re: mg: how to indent using spaces instead of tabs

[Omar Polo]

Sam Lee  wrote:
> On 2022-06-05 10:58 +0200, Omar Polo wrote:
> > M-x no-tab-mode RET seems to work (as long as you don't want to change
> > the width of the `expandtab'; it always align to the nearest multiple
> > of 8)
> 
> How do people write Python programs using mg?
> Python requires 4 space indentation ...

and lua uses three spaces.  i guess there aren't a lot of people writing
in these languages with mg, or maybe they don't use auto-indent-mode?
dunno.  personally i use mg mainly for configuration files and C, as i
find it sometimes more "comfy" than Emacs itself :)

The good thing tho is that you have the sources (/usr/src/usr.bin/mg
assuming you have a checkout in /usr/src.)

You can add -DNOTAB in the Makefile to enable it, then grep for NOTAB
and see how to allow using a different tab width per buffer.  Then
you'll have a diff for it, so you're issue will be solved, and you can
share it on tech@ (cc'ing lum@).  I for one would be happy to review
such a diff, even if I can't give a meaningful OK.

Re: mg: how to indent using spaces instead of tabs

[Omar Polo]

Omar Polo  wrote:
> Sam Lee  wrote:
> > In the mg text editor, how do I indent using spaces instead of tabs?
> > If I enable auto-indent-mode, mg uses tabs to indent. Is there
> > something like Vim and nvi's 'expandtab' option that makes mg indent
> > using spaces instead of tabs?
> 
> there isn't an `expandtab' for mg.
> 
> there is some code in mg to handle that, but it's hidden under some
> #ifdef NOTAB and probably not complete and maybe doesn't even compile.

actually, i was wrong.  it's true that the relevant code is hidden under
#ifdef NOTAB and not enabled by default, but it compiles fine and M-x
no-tab-mode RET seems to work (as long as you don't want to change the
width of the `expandtab'; it always align to the nearest multiple of 8)

Re: mg: how to indent using spaces instead of tabs

[Omar Polo]

Sam Lee  wrote:
> In the mg text editor, how do I indent using spaces instead of tabs?
> If I enable auto-indent-mode, mg uses tabs to indent. Is there
> something like Vim and nvi's 'expandtab' option that makes mg indent
> using spaces instead of tabs?

there isn't an `expandtab' for mg.

there is some code in mg to handle that, but it's hidden under some
#ifdef NOTAB and probably not complete and maybe doesn't even compile.

Re: Firefox or Xenocara? key bindings

[Omar Polo]

Derek  wrote:
> Could someone knowledgable with Firefox or Xenocara help explain this?
> 
> OpenBSD (amd64) has been my primary desktop OS for 20 years now. Always 
> -RELEASE.
> 
> In Firefox, to select the contents of the current form field, you used to hit
> Ctrl-a.
> 
> Last year, it became Alt-a. I don't know if this was a Xenocara or Firefox 
> change.
> 
> This week, with 7.1, neither Ctrl-a nor Alt-a works for selecting the contents
> of the current form field.  I can't figure out any key combination that does 
> it.
> 
> I always do a fresh OS install and fresh Firefox install with default 
> settings,
> keeping no old configs.  So I'm talking about default behavior.
> 
> Is this key mapping inside Firefox? Where does it get assigned? Can I change 
> it?

maybe it's the gtk "key themes"?  The default on OpenBSD is "emacs",
that's why C-a on some applications move the cursor at the start instead
of selecting everything.

you can change it with (untested, just found on the internetz)

$ gsettings set org.gnome.desktop.interface gtk-key-theme 'Default'

but the emacs "key theme" was the default for a long time...

> Thank you, and sorry for the basic boring user question.
> 
> - Derek

Re: yacc.h

[Omar Polo]

Tito Mari Francis Escaño  wrote:
> Thanks for the response Omar.
> The tarball can be downloaded from
> https://sourceforge.net/projects/objc/files/src/objc-3.3.25.tar.gz

Sorry, with "attach the tarball" I meant the ports' tarball.  I assumed
you had a WIP port, apologies.

> The error is illustrated below:
> [image: portable obj compiler error.png]

for these things please avoid images: just copy and past the text into
the email.  Oh, and when doing so, please include the full log (if
possible, sometimes certain bits can be removed if are long and it's
really, really, really unlikely to not have issues; in doubt include 
everything.)

you can use script(1) to transcript your terminal session, or maybe
something simpler like

$ make 2>&1 | tee build.log

and then include `build.log' in the email.

I'm not joking, the most interesting thing (i.e. how lex.m was produced)
is outside of your screenshot; most likely right in the line before the
one at the top...

> I already installed Bison hoping it will provide yacc.h, but it didn't also
> include that file.
> I also tried using the y.tab.h file but it had the same error.
> I tried to comment out the yacc.h header, still got the same error message.

First of all, from where did you get a /usr/local/bin/objc executable?
I don't find anything that provides it in packages.

I can't build this objc because I need a bootstrap compiler.  I admit I
haven't tried hard and only glazed ad the *.txt files; but when asking
please include the list of things you did if they're not incredibly
obvious.  It's difficult to help without knowing what things you did.

I don't have a magic ball.

Anyway, I can *guess* what's happening.  yacc (or bison) isn't producing
the yacc.h file that is included in src/obj/lex.lm (there are other
files named so, files, but I think it's from that.)  You can take a look
at what files are produced (maybe y.tab.h?) and patch lex.lm to include
the correctly-named file.  Or find a way to make yacc/bison (or whatever
the configure choosen) to produce yacc.h (again, in case of yacc see the
-d flag and -o).  Since this is an autoconf-based project, remember to
re-run ./configure if you install other software (it doesn't notice
otherwise)

> On Tue, Apr 19, 2022 at 1:44 AM Omar Polo  wrote:
> 
> > Tito Mari Francis Escaño  wrote:
> > > Hi everyone,
> > > I'm trying to build Portable Object Compiler from
> > > https://sourceforge.net/projects/objc/ in OpenBSD snapshot but it keeps
> > > complaining that it can't find yacc.h so it won't push through.
> >
> > It's always a good idea to share a tarball, especially when asking for
> > help.  It makes your situation "reproducible" (sorta) so it's easier for
> > someone else to help you debug the issue.  It's also incredibly useful
> > to also copy/paste the *exect* output from your command, including the
> > errors.
> >
> > > I have the build tools installed during initial installation, so I was
> > > wondering where the problem is.
> > > Is there such a thing as yacc.h in any package or ports?
> >
> > When in doubt you can use pkglocate to look for files owned by packages,
> > even if you don't have them installed.  It's an incredibly useful tool.
> > However, in this case I doubt it'll help you.
> >
> > yacc is included in base and given that's a parser generator I don't
> > find strange to have it as requirement for a compiler.  Yacc usually
> > generates a file called `y.tab.c' and, if -d is provided, it generates
> > y.tab.h too.  Bison (a GNU implementation of yacc) does the same but
> > instead of the "y" uses the name of the yacc file as base for the output
> > IIRC.
> >
> > Maybe playing with the -d, -b and/or -o flags helps?  what if you
> > "force" it to use GNU bison?
> >
> > > Please let me know.
> > > Thanks.
> >
> >
> >

Re: yacc.h

[Omar Polo]

Tito Mari Francis Escaño  wrote:
> Hi everyone,
> I'm trying to build Portable Object Compiler from
> https://sourceforge.net/projects/objc/ in OpenBSD snapshot but it keeps
> complaining that it can't find yacc.h so it won't push through.

It's always a good idea to share a tarball, especially when asking for
help.  It makes your situation "reproducible" (sorta) so it's easier for
someone else to help you debug the issue.  It's also incredibly useful
to also copy/paste the *exect* output from your command, including the
errors.

> I have the build tools installed during initial installation, so I was
> wondering where the problem is.
> Is there such a thing as yacc.h in any package or ports?

When in doubt you can use pkglocate to look for files owned by packages,
even if you don't have them installed.  It's an incredibly useful tool.
However, in this case I doubt it'll help you.

yacc is included in base and given that's a parser generator I don't
find strange to have it as requirement for a compiler.  Yacc usually
generates a file called `y.tab.c' and, if -d is provided, it generates
y.tab.h too.  Bison (a GNU implementation of yacc) does the same but
instead of the "y" uses the name of the yacc file as base for the output
IIRC.

Maybe playing with the -d, -b and/or -o flags helps?  what if you
"force" it to use GNU bison?

> Please let me know.
> Thanks.

Re: Openrsync -v option

[Omar Polo]

Antonino Sidoti  writes:

> Hello,
>
> I am using openrsync to copy some data to cloud based share and I am
> using ‘-trv’ as my switches. I want to pipe out the verbose contents
> to a file but it will not collect any data and is always zero bytes.
>
> e.g
>
> openrsync -trv --exclude “myfile” --delete /mydir/ 1234:Test > dump
>
> Is there something wrong with how I am using openrsync? The file ‘dump’ 
> contains no data.

the fact that

$ openrsync ... > dump

still logs the output to the terminal should be a clue that maybe the
redirect is wrong.

openrsync logs on stderr, so you need to redirect that

$ openrsync ... 2> dump

> Thanks
>
> ---
> Antonino Sidoti

Re: How to set apparently number of VCPUs in VMM

[Omar Polo]

Martin  writes:

> Hi there!
>
> In release notes it seems we can set more than one vCPU for guests
> running. The question is how to set it in vm.conf to achieve better
> performance for existed VMs?
>
> Martin

AFAIK a vmd(8) virtual machine can still have only one virtual CPU.  If
I remember correctly the thread on tech@ the "theoretical limit of 512
to the number of allocated vcpus in vmm(4)" should be the global
number of vcpu running, not the cpu per guest (which is still one.)

The thread should be this:

https://marc.info/?l=openbsd-tech=163138318712178=2

Re: question about libreadline

[Omar Polo]

Omar Polo  writes:

> Luca Ferrari  writes:
>[...]
>> #4  0x0bd162b8a2d8 in main (argc=0, argv=0x1) at src/pspg.c:5405
>
> (I'm curios why you have argc=0 argv=0x1 here)
>
>> Any other thing I can do to better diagnose the problem?
>>
>> Thanks,
>> Luca
>
> I get a slightly different backtrace

Nevermind, I got that backtrace by manually running pspg.  That's the
cause for both point probably.

Re: question about libreadline

[Omar Polo]

Luca Ferrari  writes:

> On Tue, Oct 12, 2021 at 10:31 AM Omar Polo  wrote:
>> readline from ports shouldn't be needed.  Moreover, port's readline
>> install files as `libereadline', so it should be difficult to pick those
>> header by accident.
>
> Since I'm curious, what if a program needs newer readline? It will
> need libereadline therefore in the headers, right?
>
>
>> # pkg_add gdb
>> $ egdb $(which pspg) pspg.core
>
> seems the same stack trace to me (I produced a new core file):
>
> puffy# egdb $(which pspg) pspg.core
> GNU gdb (GDB) 7.12.1
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-unknown-openbsd6.9".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from /usr/local/bin/pspg...done.
> [New process 557312]
> Core was generated by `pspg'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x in ?? ()
> (gdb) bt
> #0  0x in ?? ()
> #1  0x0bd4557bf1b6 in _rl_callback_newline () at
> /usr/src/gnu/lib/libreadline/callback.c:75
> #2  rl_callback_handler_install (prompt=,
> linefunc=0xbd162b99b50 ) at
> /usr/src/gnu/lib/libreadline/callback.c:93
> #3  0x0bd162b996b4 in get_string (prompt=0xbd162b68c53 "/",
> buffer=0x7f7e4e30 "\t", maxsize=255,
>defstr=0xbd162bac860  "",
> _tabcomplete_mode=) at src/readline.c:588
> #4  0x0bd162b8a2d8 in main (argc=0, argv=0x1) at src/pspg.c:5405

(I'm curios why you have argc=0 argv=0x1 here)

> Any other thing I can do to better diagnose the problem?
>
> Thanks,
> Luca

I get a slightly different backtrace

(gdb) bt
#0  0x in ?? ()
#1  0x06a3e36026a6 in _rl_callback_newline ()
at /usr/src/gnu/lib/libreadline/callback.c:75
#2  rl_callback_handler_install (
prompt=,
linefunc=0x6a1332681c0 )
at /usr/src/gnu/lib/libreadline/callback.c:93
#3  0x06a133267db1 in get_string (prompt=0x6a133236534 "/",
buffer=0x7f7df240 "\001\023\376\377\177\177", maxsize=255,
defstr=0x6a13327b470  "", _tabcomplete_mode=117 'u')
at src/readline.c:588
#4  0x06a133259234 in main (argc=, argv=)
at src/pspg.c:5405
(gdb) f 1
#1  0x06a3e36026a6 in _rl_callback_newline ()
at /usr/src/gnu/lib/libreadline/callback.c:75
75(*rl_prep_term_function) (_rl_meta_flag);
(gdb) p rl_prep_term_function
$1 = (rl_vintfunc_t *) 0x0

and here's the reason of the crash: rl_prep_term_function is NULL.

% grep rl_prep_term_function . -RinH
./src/readline.c:786:   rl_prep_term_function = NULL;

they seem to set that function to NULL explicitly.  Even patching that
out, it still crashes, so I think following sthen@ advice and use
readline from ports with

$ ./configure CFLAGS=-I/usr/local/include/ereadline \
LDFLAGS='-L/usr/local/lib -lereadline'

then from some quick tests seems to work!

btw, it would be nice to have it in the port tree.  I might do it
sometimes in the following days if someone doesn't beat me ;)

Re: question about libreadline

[Omar Polo]

Luca Ferrari  writes:

> Hi all,
> this could be trivial, but I have a doubt about libreadline.
> In short: I've a program (pspg) that is crashing, and after inspecting
> the core I found in the backtrace a reference to libreadline. The
> program has been linked to libreadline 4, but in the system readline 7
> is installed.
> My doubt is that I'm messing around with numbers, and I'm unable to
> find the package for libreadline. The application is a PostgreSQL
> pager () that is not already in the
> ports.
> Also note, in the gdb output, there is a problem with ld symbols,
> could it be related?
> What am I missing here?
>
> Thanks,
> Luca
>
> puffy$ uname -sr
> OpenBSD 6.9
> puffy$ ldd $(which pspg)
> /usr/local/bin/pspg:
>StartEnd  Type  Open Ref GrpRef Name
>0bfbf0bb6000 0bfbf0c03000 exe   10   0
> /usr/local/bin/pspg
>0bfed823a000 0bfed826a000 rlib  02   0
> /usr/lib/libm.so.10.1
>0bfe67167000 0bfe671a8000 rlib  01   0
> /usr/lib/libreadline.so.4.0

`pspg' is linked against system' libreadline so...

>0bfec62e9000 0bfec62ef000 rlib  01   0
>[...]
> puffy$ pkg_info | grep readline
> readline-7.0p0  library to edit command lines as they are typed in

readline from ports shouldn't be needed.  Moreover, port's readline
install files as `libereadline', so it should be difficult to pick those
header by accident.

> puffy$ gdb $(which pspg) pspg.core

gdb in base is pretty old.  Install the `gdb' package which provides
`egdb' (a more up-to-date gdb) or use lldb from base.  So, either

# pkg_add gdb
$ egdb $(which pspg) pspg.core

or

$ lldb --core pspg.core $(which pspg)

and then try to get a backtrace again

HTH

>[...]
>  Dwarf Error: wrong version in compilation unit header (is 4, should
> be 2) [in module /usr/libexec/ld.so]
>  #0  0x in ?? ()
>  (gdb) bt
>  #0  0x in ?? ()
>  #1  0x0bacf99001b6 in rl_callback_handler_install
> (prompt=Variable "prompt" is not available.
>  ) at /usr/src/gnu/lib/libreadline/callback.c:75
>  #2  0x0baa60b446b4 in get_string (prompt=0xbaa60b13c53 "/",
> buffer=0x7f7eed10 "\t", maxsize=255, defstr=0xbaa60b57860 "",
>  _tabcomplete_mode=Variable "_tabcomplete_mode" is not available.
>  ) at src/readline.c:588
>  #3  0x0baa60b352d8 in main (argc=0, argv=0x1) at src/pspg.c:5405

Re: (Feedback needed) openbsd and ulimits.

[Omar Polo]

Vladimir Nikishkin  writes:

> Hello, everyone.
>
> I found this problem when trying to write some go on OpenBSD:
>
> https://github.com/google/starlark-go/issues/382
>
> OpenBSD enforces ulimits on virtual space, whereas many operating
> systems do not. `starlark`, as, in fact, many other pieces of software,
> casually allocate "all virtual space in 32 bits", because presumably
> that does not hurt on other operating systems. Hence, software using
> starlark compiles, but does not run.
>
> What would be the best approach to make it work on OpenBSD?
>
> I am not an expert on POSIX memory management in any sense of the word,
> so please, those who are, comment on that issue.

Allocating memory for all representable int32 values seems dumb IMO, but
I've never heard of starlark and they may have their reason.

Regarding the issue, you wrote:

> I think the limit for ordinary users is 1052672 and something about
> 1552672 for the staff login class, and it is not possible to go above
> that.

It's possible (albeit probably not suggest unless you know what you do)
to bump that number, but you need to mess with login class and edit
/etc/login.conf, see login.conf(5), which may or may not be advisable
for users of starlark (again, I've never heard before of it so I don't
know in what circumstances it's used)

Anyway, disabling the "optimisation" on OpenBSD as the guy from google
suggested seems the most sensible choice IMHO.

My two cents,

Omar Polo

Re: How to use macros in acme-client.conf?

[Omar Polo]

Alexis  writes:

> Stuart Henderson  writes:
>
>> In gmane.os.openbsd.misc, you wrote:
>>> I'm trying to use macros in my acme-client.conf, but it seems I
>>> cannot
>>> get the syntax right. In addition to that, even when I try the
>>> example
>>> from the acme-client.conf(5):
>>>
>>> api_url="https://acme-v02.api.letsencrypt.org/directory;
>>> authority letsencrypt {
>>> api url $api_url
>>> account key "/etc/acme/letsencrypt-privkey.pem"
>>> }
>>>
>>> It fails with a syntax error:
>>>
>>> $ ./acme-client -vvv -f ../test.conf
>>> api_url = "https://acme-v02.api.letsencrypt.org/directory;
>>> ../test.conf:3: syntax error
>
> Are spaces around the '=' permitted? i thought they weren't. The
> example in acme-client.conf(5) man page certainly doesn't have them.

The parser.y used in acme-client (and other stuff in base) is quite
flexible w.r.t. spaces/tabs

602 top:
603 p = buf;
604 while ((c = lgetc(0)) == ' ' || c == '\t')
605 ; /* nothing */

In sh (and probably other languages) spaces around the equal sign aren't
permitted (well, the are valid but yields a different result).

> Alexis.

Re: MALLOC_STATS [was: Clang sanitizer support]

[Omar Polo]

Joe Nelson  writes:

> Omar Polo wrote:
>> There's a built-in mechanisms to check for memory leaks:
>> 
>>  https://www.drijf.net/malloc/
>> 
>> don't know if it still applies, I tried only once and was like a couple
>> of years ago (if not more).
>
> Thanks for the tip, Omar. I just tried compiling malloc.c with MALLOC_STATS
> defined, but I got a compiler error:
>
>   clang -O2 -pipe -g -Wimplicit -I/usr/src/lib/libc/include 
> -I/usr/src/lib/libc/hidden \
>   -D__LIBC__  -Werror-implicit-function-declaration -include 
> namespace.h   \
>   -Werror=deprecated-declarations -DAPIWARN -DYP 
> -I/usr/src/lib/libc/yp\
>   -I/usr/src/lib/libc -I/usr/src/lib/libc/gdtoa   
>  \
>   -I/usr/src/lib/libc/arch/amd64/gdtoa -DINFNAN_CHECK 
> -DMULTIPLE_THREADS   \
>   -DNO_FENV_H -DUSE_LOCALE -I/usr/src/lib/libc 
> -I/usr/src/lib/libc/citrus  \
>   -DRESOLVSORT -DFLOATING_POINT -DPRINTF_WIDE_CHAR -DSCANF_WIDE_CHAR 
> -DFUTEX  -MD  \
>   -MP  -c /usr/src/lib/libc/stdlib/malloc.c -o malloc.o
>
>   /usr/src/lib/libc/stdlib/malloc.c:1613:14: error: use of undeclared 
> identifier 'd'
>   
> STATS_SUB(d->malloc_used, roldsz - rnewsz);
> ^
>   1 error generated.
>
> Malloc source version:
>   $OpenBSD: malloc.c,v 1.270 2021/04/09 06:05:21 otto Exp $
> System:
>   6.9 stable

that seems to be a typo?

not tried, but compiles :)

Index: malloc.c
===
RCS file: /home/cvs/src/lib/libc/stdlib/malloc.c,v
retrieving revision 1.270
diff -u -p -r1.270 malloc.c
--- malloc.c9 Apr 2021 06:05:21 -   1.270
+++ malloc.c23 Jul 2021 16:01:26 -
@@ -1610,7 +1610,7 @@ orealloc(struct dir_info **argpool, void
}
if (munmap((char *)r->p + rnewsz, roldsz - rnewsz))
wrterror(pool, "munmap %p", (char *)r->p + 
rnewsz);
-   STATS_SUB(d->malloc_used, roldsz - rnewsz);
+   STATS_SUB(pool->malloc_used, roldsz - rnewsz);
r->size = gnewsz;
if (MALLOC_MOVE_COND(gnewsz)) {
void *pp = MALLOC_MOVE(r->p, gnewsz);

Re: Clang sanitizer support

[Omar Polo]

Joe Nelson  writes:

> On Fri, Jan 8, 2021, at 5:40 PM, Joe Nelson wrote:
>> Hi all, I'd like to use Clang's AddressSanitizer and ThreadSanitizer
>> on my OpenBSD development machine.
>
> Following up on this, looks like MALLOC_OPTIONS can help me detect
> use-after-free and double free errors. What I'm missing is a way to
> detect memory leaks in my programs. Any tips?

There's a built-in mechanisms to check for memory leaks:

https://www.drijf.net/malloc/

don't know if it still applies, I tried only once and was like a couple
of years ago (if not more).

HTH

Re: MANPAGER

[Omar Polo]

Heinrich Rebehn  writes:

> Hi all,
>
> I noticed that OpenBSD 6.8 switched to using less(1) for the manager. While 
> this seems to offer many new useful options, I really dislike the clrscreen 
> upon exit.
> I browsed through the less(1) manage to find an option to disable this 
> behavior, but to no avail.
> Can anyone tell me how to restore the old behavior without reverting to using 
> more(1)?
> I am really used to still seeing the output of the man command when issuing 
> the command that  i consulted man for.
>
> Many thanks in advance,
>
>   Heinrich

never used more, but the manpage of less mentions a LESS_IS_MORE env
variable to make less a bit more like, hum, more.

LESS_IS_MORE=1 less ...

doesn't clrscreen at exit.

HTH

Re: argv from bogus argc

[Omar Polo]

Kihaguru Gathura  writes:

> While testing to determine command line arguments passed to a cgi file
> using the *function 1*, I receive the  message *output 1.*
> one argument is passed and that is the name of the file.
>
> However, testing with a bogus number 30 for argc in *function 2*, discloses
> multiple arguments beyond the last null argument argv[1] see *output 2.*
> There is also a null value at bogus argc number 29.
>
> Why are these additional argv values generated?

haven't you gone out-of-bound and started printing the envp?

>
>
>
> *Function 1:*
>
>   
>
> /**/
>
> void TestCommandLineArguments(int argc, char *argv[])
> {
>   unsigned short int i = 0;
>
>   if (argc == 1)  /* if one command line argument is passed */
>   {
>   PrintPageUpper();
>
>   while(i < argc)
>   {
>   printf("\t\t(i = %2$d) argc: %1$d, \
>argv[%2$d]: \"%3$s\"\n", argc, \
>i, argv[i]);
>   i++;
>   }
>
>   PrintPageLower();
>   exit(EXIT_SUCCESS);
>
>}
>
> if (argc != 1)
> {
> PrintPageUpper();
> puts("\t\t(Multiple Arguments)");
> PrintPageLower();
> exit(EXIT_SUCCESS);
> }
> }
>
>
> /**/
>
>
> *Output 1:   *
>
> (i = 0) argc: 1, argv[0]: "//xyz/xyz.html"
>
>
>
>
>
>
> *Function 2:*
>
>
> /**/
>
> void TestCommandLineArguments(int argc, char *argv[])
> {
>   unsigned short int i = 0;
>   #define BOGUS_ARGC 30
>
>   if (argc == 1)
>   {
>   PrintPageUpper();
>
>   while(i < BOGUS_ARGC)
>   {
>   printf("\t\t(i = %2$d) argc: %1$d, \
>argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \
>i, argv[i]);
>   i++;
>   }
>
>   PrintPageLower();
>   exit(EXIT_SUCCESS);
>
>}
>
> if (argc == 1)
> {
> PrintPageUpper();
> puts("\t\t(Single Argument)");
> PrintPageLower();
> exit(EXIT_SUCCESS);
> }
> }
>
>
> /**/
>
> *Output 2:*
>
>   (i = 0) argc: 30,argv[0]:
> "//xyz/xyz.html"
>   (i = 1) argc: 30,argv[1]: 
> "(null)"
>   (i = 2) argc: 30,argv[2]:
> "SERVER_SOFTWARE=OpenBSD httpd"
>   (i = 3) argc: 30,argv[3]:
> "SERVER_PROTOCOL=HTTP/1.1"
>   (i = 4) argc: 30,argv[4]:
> "SERVER_NAME=xyz.com"
>   (i = 5) argc: 30,argv[5]:
> "SERVER_PORT=443"
>   (i = 6) argc: 30,argv[6]:
> "SERVER_ADDR=xyz.xyz.xy.xyz"
>   (i = 7) argc: 30,argv[7]:
> "REQUEST_URI=/xyz/xyz.html"
>   (i = 8) argc: 30,argv[8]:
> "REQUEST_METHOD=GET"
>   (i = 9) argc: 30,argv[9]:
> "REMOTE_PORT=36818"
>   (i = 10) argc: 30,argv[10]:
> "REMOTE_ADDR=xyz.xyz.xy.xyz"
>   (i = 11) argc: 30,argv[11]: 
> "HTTPS=on"
>   (i = 12) argc: 30,argv[12]:
> "HTTP_X_FORWARDED_FOR=xyz.xyz.xy.xyz"
>   (i = 13) argc: 30,argv[13]:
> "HTTP_X_FORWARDED_BY=xyz.xyz.xy.xyz:8443"
>   (i = 14) argc: 30,argv[14]:
> "HTTP_USER_AGENT=Mozilla/5.0 (X11; OpenBSD amd64; rv:62.0)
> Gecko/20100101 Firefox/62.0"
>   (i = 15) argc: 30,argv[15]:
> "HTTP_UPGRADE_INSECURE_REQUESTS=1"
>   (i = 16) argc: 30,argv[16]:
> "HTTP_HOST=xyz.com"
>   (i = 17) argc: 30,argv[17]:
> "HTTP_CONNECTION=keep-alive"
>   (i = 18) argc: 30,argv[18]:
> "HTTP_CACHE_CONTROL=max-age=0"
>   (i = 19) argc: 30,argv[19]:
> "HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5"
>   (i = 20) argc: 30,argv[20]:
> "HTTP_ACCEPT_ENCODING=gzip, 

Re: Disable Unveil

[Omar Polo]

Jonathan Drews  writes:

>  Hello Folks:
>
> I am using OpenBSD 6.9 GENERIC.MP#473 amd64
>
>  I need to disable unveil so I can load files into Firefox from
> other directories. I also cannot load my *.ppd when using my
> webbrowser in root. In the past, I have configured CUPS with the
> URL http://localhost:631. I need to be able to upload my *.ppd as
> my laser printer is not in the list of Xerox printers . I used
> this method in OpenBSD 6.8 and it worked fine.
>
>  I read the man page for unveil but it only gives programming
> instructions. How can I disable unveil?
>
>
> Kind regards,
> Jonathan

The manpage for unveil only describes how to use it from code, not how
other programs are using it.  For firefox, see
/usr/local/share/doc/pkg-readmes/firefox.

Anyway, disabling unveil is a bad idea, especially for a program like a
web browser that reads and executes random code downloaded from the
network.  Probably, adjusting /etc/firefox/unveil.main to add things
like ~/Document is enough for your use-case.

HTH


Omar Polo,

Re: cgit about-filter in chroot (httpd + slowcgi)

[Omar Polo]

Paul W. Rankin  writes:

> On 2021-03-28 18:56, Omar Polo wrote:
>>> Thanks Omar, I like this approach! I'm pretty green to C so this is
>>> what I have (which doesn't work):
>>> #include 
>>> int main(void) {
>>> execl("/bin/lowdown", NULL);
>>> }
>>> There is no HTML render but at least no errors, but cgit expects
>>> the
>>> resulting HTML printed to STDOUT, so I wonder whether this requires a
>>> return?
>> Assuming that the shell script you posted actually works yes, that
>> snippet (with a small tweak[0]) should work.  Make sure it's statically
>> linked.
>> For reference, here's how I would do it
>> $ cat < my-cgit-filter.c
>> #include 
>> int
>> main(void)
>> {
>> execl("/bin/lowdown", "lowdown", NULL);
>>  return 1;
>> }
>> EOF
>> $ cc my-cgit-filter.c -o my-cgit-filter.c -static
>> $ # check that it's actually statically linked
>> $ ldd my-cgit-filter
>> my-cgit-filter:
>> StartEnd  Type  Open Ref GrpRef Name
>> 05196d856000 05196d87b000 dlib  10   0
>> /tmp/my-cgit-filter
>> [0]: if you compile your snippet, clang should warning about a
>> missing
>>  sentinel, something along the lines of
>>  > warning: not enough variable arguments in 'execl' declaration
>> to fit a
>>  > sentinel [-Wsentinel]
>>  >   execl("/bin/lowdown", NULL);
>>  which should suggest the use of
>>  >   execl("/bin/lowdown", "lowdown", NULL);
>
> Thank you so much Omar! Making the sentinel change solved it :)

Glad it worked, and apologies for not writing the execl call correctly
the first time I mentioned it :)

Re: cgit about-filter in chroot (httpd + slowcgi)

[Omar Polo]

Paul W. Rankin  writes:

> On 2021-03-28 18:14, Omar Polo wrote:
>> Paul W. Rankin  writes:
>>> The cgit about-filter doesn't want an executable to do e.g. the
>>> Markdown conversation, rather it wants a script that will return the
>>> command to perform this, e.g.:
>>> #!/bin/sh
>>> case "$1" in
>>> (*.md)  exec /bin/lowdown ;;
>>> (*) exit ;;
>>> esac
>>> This works, i.e. README.md files are converted to HTML, but this
>>> requires copying the sh binary into /var/www/bin, which is the
>>> troubling part.
>>> Is this an acceptable thing to do, security-wise?
>> I don't know almost anything about cgit, but if that's really the
>> problem you could statically-link a program that does the above (just a
>> call to execl("/bin/lowdown", NULL); may be enough) and use that.
>
> Thanks Omar, I like this approach! I'm pretty green to C so this is
> what I have (which doesn't work):
>
>   #include 
>   int main(void) {
>   execl("/bin/lowdown", NULL);
>   }
>
> There is no HTML render but at least no errors, but cgit expects the
> resulting HTML printed to STDOUT, so I wonder whether this requires a
> return?

Assuming that the shell script you posted actually works yes, that
snippet (with a small tweak[0]) should work.  Make sure it's statically
linked.

For reference, here's how I would do it

$ cat < my-cgit-filter.c
#include 

int
main(void)
{
execl("/bin/lowdown", "lowdown", NULL);
return 1;
}
EOF
$ cc my-cgit-filter.c -o my-cgit-filter.c -static
$ # check that it's actually statically linked
$ ldd my-cgit-filter
my-cgit-filter:
StartEnd  Type  Open Ref GrpRef Name
05196d856000 05196d87b000 dlib  10   0  
/tmp/my-cgit-filter

--

Cheers


[0]: if you compile your snippet, clang should warning about a missing
 sentinel, something along the lines of

 > warning: not enough variable arguments in 'execl' declaration to fit a
 > sentinel [-Wsentinel]
 >   execl("/bin/lowdown", NULL);

 which should suggest the use of
 >   execl("/bin/lowdown", "lowdown", NULL);

Re: Go language and pledge exec promises

[Omar Polo]

Kevin Chadwick  writes:

> On 1/21/21 2:58 PM, Kevin Chadwick wrote:
>>>>840 beep CALL  pledge(0xcf4000,0xcae384)
>>>>840 beep STRU  promise="stdio rpath wpath cpath dpath tmppath inet 
>>>> mcast fattr chown flock unix d\
>>>>ns getpw sendfd recvfd tape tty proc exec prot_exec settime ps vminfo 
>>>> id pf route wroute audio v\
>>>>ideo bpf unveil error"
>>>>840 beep STRU  execpromise=""
>>>>840 beep RET   pledge 0
>>>>
>>> Whatever you are trying to do is ridiculous.
>> Absolutely. In fact the program itself is pointless to pledge, playing a 
>> beep to
>> the speaker. However, I had pledge disabled in my binaries due to the 
>> syscall 74
>> Go bug that was fixed. This is just testing with the most permissable 
>> settings.
>> Perhaps that in itself could cause an issue.
>
> Is execpromise="" equivalent to passing null in c as a nil string in Go is
> initialised to "" (function sig = string)
>
> Perhaps I should ktrace the whacky full promise passsed as execpromise too?

Sorry if I chime in, but execpromise="" is a whole different story from
execpromise=NULL.

> A promises value of "" restricts the process to the _exit(2) system
> call.

"" is a pointer to a string whose first character is NUL (\0), NULL is
the null pointer.

I don't know how to convince the go type system to discern between nil
and "", maybe you need something like sql.NullString

HTH

Omar Polo

Re: video capture / streaming

[Omar Polo]

Rudolf Sykora  writes:

> Dear list,
>
>
> I'd like to stream video from my (usb-connected) camera via a web
> server. The 1st I tried was to see if the camera works. So:
>
> odin$ video
> video: /dev/video: Permission denied
> odin$ doas video
> No protocol specified
> video: cannot open display :0.0
> odin$ xhost +
> access control disabled, clients can connect from any host
> odin$ doas video
> ^Codin$
>
> Ie, at last I saw an X window with the video. But is it possible to run
> the video command as an ordinary user? (I had to doas...)

I don't have a webcam at hand atm, but IIRC you should chown /dev/video
to your user.  I did something like this ~2 years ago, so maybe I'm
wrong, but the permission get resetted on reboot, so you should edit
/etc/rc.local.

I can't comment on the rest.

HTH

> Next I want to stream the video via some kind of a server.
> On the internet I saw people using 'ffmpeg' to serve the file somehow,
> as well as using 'nginx' with the 'rtmp' module. Is any of this the way
> how you would achieve the goal, or is it possible to use, say, the 'httpd'
> server?
>
> At this moment I know very little both about streaming and available
> servers to do the job, and that's why I am asking for recommendation
> based on some experience and knowledge.
>
> Thank you for any comments.
>
>
> Ruda

Re: Cleaning system's old ibraries/files after update to next -release or -current

[Omar Polo]

Dumitru Moldovan  writes:

> On Tue, Jul 14, 2020 at 03:44:18PM -, Stuart Henderson wrote:
>>On 2020-07-14, Christian Weisgerber  wrote:
>>> Old versions of libraries are innocuous.  They will simply be
>>> ignored.
>>
>>Until you run out of disk space, which is fairly easy in /usr if you
>>installed a couple of releases ago and took the auto disklabel defaults.
>
> Another issue with potential security implications: suppose you have
> built something that linked to old library versions laying around on
> disk.  And suppose a security issue affects one of the old libs,
> with implications for your binaries linked to it.  You won't even be
> aware of it.

This only applies to stuff you compiled on your own, so I guess its fair
that you are on your own.  (I do that too, but only for stuff I develop)

> My take is to purge old libs after every new release.  Once, I had to do
> it in the middle of a version upgrade, because there was no space left
> on disk to complete it.  My fault only, I had a very tight custom
> partitioning layout.

I don't think it's that easy.  One case it comes to mind it's that
there's a short window after an update and between `pkg_add -u` where
you're running a new system but with old ports.  Your entire system
(except base stuff) would break if you remove the libraries.  There may
be more edge cases like this.

My take is to doing a full reinstall once in a while (that also helps me
reorder my files and adjust partition sizes.)

Re: tpmtool(1) man page and no binary

[Omar Polo]

wdaver  writes:

> Thank you, for providing incredible docs!
>
> tpmtool(1) man page is on several machines, including APU and
> desktop.  6/6 and 6.7.  No associated binary exists.  Don't see the
> man file in kernel or base system source.  Wanted to send a diff
> but cannot find the source location...
>
> The installed file is /usr/local/man/man1/tpmtool.1
>
> Seems like a port installed it, given the location?
>
> pkg_info -Q tpmtool does not return any results.

pkg_info -Q searches only for packages matching that name, you should
use pkg_info -E to know which package installed the given file

; pkg_info -E /usr/local/man/man1/tpmtool.1
/usr/local/man/man1/tpmtool.1: gnutls-3.6.14
gnutls-3.6.14   GNU Transport Layer Security library

as the manual says

-E filename
Look for the package(s) that contains the given filename.  As a
faster alternative, note that there is a package, pkglocatedb,
that contains a locate(1) database of every file in every
package.

the alternative is to use pkglocate(1)

; pkglocate tpmtool.1
gnutls-3.6.14:security/gnutls:/usr/local/man/man1/tpmtool.1

mkdir(2) set errno to EISDIR instead of EEXIST?

[Omar Polo]

Hello misc,

Background: I'm running OpenBSD i386 6.6 stable:
$ uname -mrsv
OpenBSD 6.6 GENERIC.MP#3 i386

I've found that mkdir("/", mode) sets errno to EISDIR.  Is this intended?
By reading the manpage I expected mkdir(2) to fail with EEXIST.

I know it's a bit silly to mkdir /, but I found this while porting a
program that tried to recursively create directories.  (The actual bug
was a bit more convoluted: mkdir("/", mode) was called because false
assumptions on how dirname(3) behaves, but that's another story.)

I tried grepping the kernel code, but I'm not familiar at all with the
internals, so I don't have a clear idea of where that EISDIR is generated
(is it from vfs_lookup?)

Re: Haskell compilation issues

[Omar Polo]

On Fri, May 10, 2019 at 02:50:49PM +, Kaleta wrote:
> Hello,
> I'm trying to start a little haskell project for the first time in a few 
> months.
> This is the first time I'm trying to run ghc on OpenBSD
> I'm not sure what ghc's problem is, I've pasted the error message below along 
> with the version of ld and dmesg
> 
> I'm pretty sure that this is an openbsd problem. The only "fix" I was able to 
> find was this: https://gitlab.haskell.org/ghc/ghc/issues/8825
> However, setting the locale had no effect.
> I have also copied the version of ghc and the output of locale below.
> 
> I appreciate any kind of help.
> 
> --- ghc output ---
> [1 of 1] Compiling Main ( Main.hs, Main.o )
> Linking Main ...

It's been a while since I've worked in haskell on OpenBSD but, for what
I recall, this

> : error:
> Warning: Couldn't figure out linker information!
>  Make sure you're using GNU ld, GNU gold or the built in OS X 
> linker, etc.

should not matter (don't know if it's relevant on 6.5 though.)

What I think it's required to compile and run haskell program is to
wxallow the partition. If you're using the standard layout the /tmp and
/home should be wxallowed.

Hope it helps!

PS: I read somewhere a guy that did some fancy things in order to not
wxallow /home, something like linking directory from /usr/local to the
user home, but I don't recall now, nor I remember if it was actually
"safe".

> --- ghc -v output ---
> Glasgow Haskell Compiler, Version 8.2.2, stage 2 booted by GHC version 
> 8.2.2.20180330
> Using binary package database: /usr/local/lib/ghc/package.conf.d/package.cache
> package flags []
> loading package database /usr/local/lib/ghc/package.conf.d
> wired-in package ghc-prim mapped to ghc-prim-0.5.1.1
> wired-in package integer-gmp mapped to integer-gmp-1.0.1.0
> wired-in package base mapped to base-4.10.1.0
> wired-in package rts mapped to rts
> wired-in package template-haskell mapped to template-haskell-2.12.0.0
> wired-in package ghc mapped to ghc-8.2.2
> wired-in package dph-seq not found.
> wired-in package dph-par not found.
> *** Deleting temp files:
> Deleting:
> *** Deleting temp dirs:
> Deleting:
> ghc: no input files
> Usage: For basic information, try the `--help' option.
> 
> --- ld -v output ---
> LLD 7.0.1 (compatible with GNU linkers)
> 
> --- locale output ---
> LANG=
> LC_COLLATE="C"
> LC_CTYPE=en_US.UTF-8
> LC_MONETARY="C"
> LC_NUMERIC="C"
> LC_TIME="C"
> LC_MESSAGES="C"
> LC_ALL=
> 
> --- dmesg ---
> OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4156157952 (3963MB)
> avail mem = 4020568064 (3834MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (65 entries)
> bios0: vendor LENOVO version "8DET55WW (1.25 )" date 11/01/2011
> bios0: LENOVO 42912XG
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA 
> SSDT SSDT UEFI UEFI UEFI
> acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) 
> EHC2(S3) HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz, 2591.95 MHz, 06-2a-07
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz, 2591.59 MHz, 06-2a-07
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz, 2591.58 MHz, 06-2a-07
> cpu2: 
> 

Re: "acpi0: SSDT checksum error" on bsd.rd snapshot

[Omar Polo]

HD Audio" rev 0x06: msi
azalia0: No codecs found
xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x05: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 
addr 1
"Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 8 Series USB" rev 0x05: apic 0 int 16
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
azalia1 at pci0 dev 27 function 0 "Intel 8 Series HD Audio" rev 0x05: msi
azalia1: codecs: IDT/0x76e0
audio0 at azalia1
ppb1 at pci0 dev 28 function 0 "Intel 8 Series PCIE" rev 0xd5: msi
pci2 at ppb1 bus 7
"Ralink RT3290" rev 0x00 at pci2 dev 0 function 0 not configured
"Ralink Bluetooth" rev 0x00 at pci2 dev 0 function 1 not configured
ppb2 at pci0 dev 28 function 2 "Intel 8 Series PCIE" rev 0xd5
pci3 at ppb2 bus 8
ppb3 at pci0 dev 28 function 3 "Intel 8 Series PCIE" rev 0xd5: msi
pci4 at ppb3 bus 9
rtsx0 at pci4 dev 0 function 0 "Realtek RTS5227 Card Reader" rev 0x01: msi
sdmmc0 at rtsx0: 4-bit, dma
ppb4 at pci0 dev 28 function 6 "Intel 8 Series PCIE" rev 0xd5: msi
pci5 at ppb4 bus 15
re0 at pci5 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), 
msi, address fc:15:b4:fc:d7:53
rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
ehci1 at pci0 dev 29 function 0 "Intel 8 Series USB" rev 0x05: apic 0 int 17
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
pcib0 at pci0 dev 31 function 0 "Intel HM87 LPC" rev 0x05
ahci0 at pci0 dev 31 function 2 "Intel 8 Series AHCI" rev 0x05: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 2: 1.5Gb/s
ahci0: port 4: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct 
fixed naa.50014ee6043367da
sd0: 953869MB, 512 bytes/sector, 1953525168 sectors
cd0 at scsibus1 targ 2 lun 0:  ATAPI 5/cdrom 
removable
sd1 at scsibus1 targ 4 lun 0:  SCSI3 0/direct 
fixed naa.50014ee604339bea
sd1: 953869MB, 512 bytes/sector, 1953525168 sectors
ichiic0 at pci0 dev 31 function 3 "Intel 8 Series SMBus" rev 0x05: apic 0 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM
spdmem1 at iic0 addr 0x52: 8GB DDR3 SDRAM PC3-12800 SO-DIMM
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.1, 0x1e2b1 0x840300
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
efifb at mainbus0 not configured
uvideo0 at uhub0 port 7 configuration 1 interface 0 "SunplusIT INC. HP 
Truevision HD" rev 2.00/18.26 addr 2
video0 at uvideo0
ugen0 at uhub0 port 14 "Validity Sensors product 0x0050" rev 1.10/0.60 addr 3
uhub3 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 
2.00/0.05 addr 2
uhub4 at uhub2 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 
2.00/0.05 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd2 at scsibus3 targ 1 lun 0:  SCSI2 0/direct fixed
sd2: 953868MB, 512 bytes/sector, 1953523553 sectors
root on sd2a (c522137b30a25be2.a) swap on sd2b dump on sd2b
error: [drm:pid22219:intel_pipe_update_start] *ERROR* Potential atomic update 
failure on pipe A

--
Omar Polo
147F 24EB 977C DFDD 0197 86D3 E483 C355 499D 960D