Re: recommendations for web hosting in Canada?

[Steve Williams]

Hi,

Small town British Columbia here...

I know it's not what you are asking, but...

I have a Telus business plan (fiber) which gives me 2 static IP 
addresses and host it myself.  You can't do it on a "Residential" 
because some of the ports are filtered.  I had a huge battle with Telus 
over this and the only resolution was to get a business plan that 
"allows" me to run servers :(


A UPS and things are amazing.  Web (https via acme), email, nextcloud, etc.

I'm using a simple fanless system with a Canadian source 
(https://ca.protectli.com/vault-2-port/)


If you have any questions, don't hesitate to reach out to me.

Cheers,
Steve W.

On 06/07/2023 10:31 p.m., Jonathan Thornburg wrote:

I'm looking for a web hosting provider based in Canada.  Performance
isn't critical (the websites will be relatively small, static, and
low-traffic), but I'd like a firm whose customer support doesn't
core-dump if I mention Perl or OpenBSD.  Any recommendations?

Thanks,

Re: PC Engines APU platform EOL

[Steve Williams (Contractor)]

Hi,

My apu4 died and I tried a rpi4 but was less than impressed by it.  
Fairly low power and I had reliability issues with the USB ports.  I was 
just using it to run a webcam doing 2 snapshots/minute to be able to 
create time lapse movies.  It also ran my personal web server and 
handled incoming email.  Very lightly loaded.


After about 6 months (I had to go to nightly reboots to keep it stable), 
after a lot of indecision (build a desktop?), research and reading lots 
of advice on this email list, I went to a Protectli Vault 2 Port (I only 
need 2 ports).


https://ca.protectli.com/vault-2-port/

If you need the extra ports like the pcengines, they do have a 4 port 
and a 6 port.


I live in Canada and they ship from Canada (as well as US).  It shipped 
immediately.


Customer service is excellent.

When I got it, I noticed that there's a sata port & power on the 
motherboard.  I wasn't sure what the 4 pin connector was called to order 
it off the Internet and they reached out to their engineers who gave me 
the specs.  (The connector is a JST PH2.0 4 pin for everyone's 
reference). In the end, they mailed me a sata and power cable without 
charging the shipping fee.


I am very happy with this product, but as you will read on the mail list 
archives, there are similar systems available from various online 
websites.  I decided to support this company even if it was a bit more 
money just to have a better chance at getting support.  I have been very 
happy with the product and the support.


I just upgraded to 7.3 yesterday and here's the only unsupported devices:

mini# grep 'not configured' /tmp/x
"INT33BD" at acpi0 not configured
"10EC5670" at acpi0 not configured
"BOOT" at acpi0 not configured
"Intel Braswell Power" rev 0x35 at pci0 dev 11 function 0 not configured
"Intel Braswell SIO DMA" rev 0x35 at pci0 dev 24 function 0 not configured
"Intel Braswell SIO I2C" rev 0x35 at pci0 dev 24 function 1 not configured
"Intel Braswell SIO I2C" rev 0x35 at pci0 dev 24 function 2 not configured
"Intel Braswell SIO DMA" rev 0x35 at pci0 dev 30 function 0 not configured

Full dmesg below.

Cheers,
Steve W.

--

OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8519700480 (8125MB)
avail mem = 8242081792 (7860MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7cd1a020 (8 entries)
bios0: vendor coreboot version "v4.9.0.3" date 10/14/2022
bios0: Protectli FW2B
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT MCFG APIC
acpi0: wakeup devices XHCI(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz, 2480.25 MHz, 06-4c-04
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 
64b/line 16-way L2 cache

cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 79MHz
cpu0: mwait min=64, max=64, C-substates=0.2, IBE
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz, 2480.50 MHz, 06-4c-04
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 
64b/line 16-way L2 cache

cpu1: smt 0, core 2, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 115 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
"INT33BD" at acpi0 not configured
acpicmos0 at acpi0
com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
"10EC5670" at acpi0 not configured
chvgpio0 at acpi0 GPSW uid 1 addr 0xfed8/0x8000 irq 49, 56 pins
chvgpio1 at acpi0 GPNC uid 2 addr 0xfed88000/0x8000 irq 48, 59 pins
chvgpio2 at acpi0 GPEC uid 3 addr 0xfed9/0x8000 irq 50, 24 pins
chvgpio3 at acpi0 GPSE uid 4 addr 0xfed98000/0x8000 irq 91, 55 pins
acpibtn0 at acpi0: PWRB
"BOOT" at acpi0 not configured
acpicpu0 at acpi0: C2 bad (state 6 has no substates): C3 bad (state 6 
has no substates): C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2 bad (state 6 has no 

Re: smtpd.conf examples - quoting question/inaccuracy?

[Steve Williams (Contractor)]

Hi,

Thanks for validating my thoughts.  I appreciate the time you took to reply.

Cheers,
Steve Williams

On 4/18/2023 2:25 AM, Omar Polo wrote:

On 2023/04/17 10:32:58 -0600, Steve Williams  
wrote:

Hi,

I am working on making some changes to my smtpd.conf file and was looking
at the man page for it.

from:
https://man.openbsd.org/smtpd.conf

In the "Examples" section, there seems to be inconsistent use of
quotation marks.  I'm not sure if there is any signficance to it, or
if there's a preferred approach.

action mda_with_aliases mda "/path/to/mda -f -" alias 
action mda_without_aliases mda "/path/to/mda -f -"
action "outbound" relay

^^^  Why does "outbound" have quotes around it, but not the 2 lines
above in the mda_with_aliases and mda_without_aliases?

match for local action mda_with_aliases
match from any for domain example.com action mda_without_aliases
match for any action "outbound"

^^^ Similarily, the "outbound" has quotes, but the 2 "mda_with.."
lines don't have quotes.

Slightly confused, just wanting to understand precisely the config file.

While I agree that the example section could be more consistent in
this regard, I think this is already well explained at the top of the
man page:

 [..] entire block.  Argument names not beginning with a letter, digit, or
 underscore, as well as reserved words (such as listen, match, and port),
 must be quoted.  Arguments containing whitespace should be surrounded by
 double quotes (").

so except for the mda command string none of the argument in the bits
you mentioned strictly need quotations marks; it's just a matter of
personal style.

HTH

smtpd.conf examples - quoting question/inaccuracy?

[Steve Williams]

Hi,

I am working on making some changes to my smtpd.conf file and was looking
at the man page for it.

from:
https://man.openbsd.org/smtpd.conf

In the "Examples" section, there seems to be inconsistent use of
quotation marks.  I'm not sure if there is any signficance to it, or
if there's a preferred approach.

action mda_with_aliases mda "/path/to/mda -f -" alias 
action mda_without_aliases mda "/path/to/mda -f -"
action "outbound" relay

^^^  Why does "outbound" have quotes around it, but not the 2 lines
above in the mda_with_aliases and mda_without_aliases?

match for local action mda_with_aliases
match from any for domain example.com action mda_without_aliases
match for any action "outbound"

^^^ Similarily, the "outbound" has quotes, but the 2 "mda_with.."
lines don't have quotes.

Slightly confused, just wanting to understand precisely the config file.

Thanks,

Steve Williams

Disregard - Re: rpi4 7.1->7.2 upgrade - Boot time kernel relinking failing...

[Steve Williams]

Hi,

Please disregard this.

There was a discrepancy with some 7.1 files from the base install that 
needed to be updated.


Cheers,
Steve W.

On 10/12/2022 3:55 p.m., Steve Williams wrote:

Hi,

TL;DR
After (messy) upgrade, I'm getting the following in the relink.log:
(SHA256) /bsd: OK
LD="ld" sh makegap.sh 0xd4d4d4d4 gapdummy.o
Abort trap
*** Error 134 in /usr/share/relink/kernel/GENERIC.MP (Makefile:1378 
'newbsd')



Details
-

I tried to use the sysupgrade option to upgrade my rpi4 from OpenBSD 
7.1 to OpenBSD 7.2.


The install "kind of" worked, in that it rebooted into 7.2. However, I 
think there might have been an issue writing to the (painfully slow) 
SD card when extracting the base72.tgz files, etc. The data extract 
seemed quite quick and at least some of the 7.2 files were missing.


I did write a script that compared the existing files to the ones in 
the 7.2 install files and there were discrepancies (using md5).  So I 
just extracted (all but) base72.tgz over top of the 7.1 files.


Everything is working, pkg_add -u worked flawlessly, but when I 
reboot, I am getting an error

reordering libraries:
ls: /usr/share/relink/usr/lib/libc.o.+([0-9]).a: No such file or 
directory.

Abort Trap
execve: cannot load ./ld.so.test

I was getting an error:
reorder_kernel: failed -- see /usr/share/relink/kernel/GENERIC/relink.log

Then I noticed that my system was only running GENERIC, not 
GENERIC.MP, so I

mv /bsd /bsd.sp
mv /bsd.mp /bsd

Rebooted, and I get the same error message, but now the relink.log is 
in GENERIC.MP
reorder_kernel: failed -- see 
/usr/share/relink/kernel/GENERIC.MP/relink.log


I did generate a new SHA256 so the GENERIC.MP link would progress (per 
the relink.log), but I'm getting:

LD="ld" sh makegap.sh 0xd4d4d4d4 gapdummy.o
Abort trap
*** Error 134 in /usr/share/relink/kernel/GENERIC.MP (Makefile:1361 
'newbsd')


and I'm still getting:

So I found
/home/_sysupgrade/base72/usr/share/relink/kernel.tgz and the files 
under /usr


I copied them into /usr/share/relink/kernel and got further.

Now it's just down the error:
rpi4# LD="ld" sh -x makegap.sh 0xd4d4d4d4 gapdummy.o
+ umask 007
+ sysctl -n hw.pagesize
+ PAGE_SIZE=4096
+ PAD=0xd4d4d4d4
+ GAPDUMMY=gapdummy.o
+ random_uniform 12288
+ RANDOM1=5878
+ random_uniform 4096
+ RANDOM2=3116
+ random_uniform 4096
+ RANDOM3=2520
+ random_uniform 4096
+ RANDOM4=707
+ random_uniform 4096
+ RANDOM5=185
+ cat
+ > gap.link
+ << __EOF__
+ ld -r gap.link gapdummy.o -o gap.o
Abort trap

Any thoughts/advice?

Thanks,
Steve Williams

rpi4 7.1->7.2 upgrade - Boot time kernel relinking failing...

[Steve Williams]

Hi,

TL;DR
After (messy) upgrade, I'm getting the following in the relink.log:
(SHA256) /bsd: OK
LD="ld" sh makegap.sh 0xd4d4d4d4 gapdummy.o
Abort trap
*** Error 134 in /usr/share/relink/kernel/GENERIC.MP (Makefile:1378 
'newbsd')



Details
-

I tried to use the sysupgrade option to upgrade my rpi4 from OpenBSD 7.1 
to OpenBSD 7.2.


The install "kind of" worked, in that it rebooted into 7.2. However, I 
think there might have been an issue writing to the (painfully slow) SD 
card when extracting the base72.tgz files, etc. The data extract seemed 
quite quick and at least some of the 7.2 files were missing.


I did write a script that compared the existing files to the ones in the 
7.2 install files and there were discrepancies (using md5).  So I just 
extracted (all but) base72.tgz over top of the 7.1 files.


Everything is working, pkg_add -u worked flawlessly, but when I reboot, 
I am getting an error

reordering libraries:
ls: /usr/share/relink/usr/lib/libc.o.+([0-9]).a: No such file or directory.
Abort Trap
execve: cannot load ./ld.so.test

I was getting an error:
reorder_kernel: failed -- see /usr/share/relink/kernel/GENERIC/relink.log

Then I noticed that my system was only running GENERIC, not GENERIC.MP, 
so I

mv /bsd /bsd.sp
mv /bsd.mp /bsd

Rebooted, and I get the same error message, but now the relink.log is in 
GENERIC.MP

reorder_kernel: failed -- see /usr/share/relink/kernel/GENERIC.MP/relink.log

I did generate a new SHA256 so the GENERIC.MP link would progress (per 
the relink.log), but I'm getting:

LD="ld" sh makegap.sh 0xd4d4d4d4 gapdummy.o
Abort trap
*** Error 134 in /usr/share/relink/kernel/GENERIC.MP (Makefile:1361 
'newbsd')


and I'm still getting:

So I found
/home/_sysupgrade/base72/usr/share/relink/kernel.tgz and the files under 
/usr


I copied them into /usr/share/relink/kernel and got further.

Now it's just down the error:
rpi4# LD="ld" sh -x makegap.sh 0xd4d4d4d4 gapdummy.o
+ umask 007
+ sysctl -n hw.pagesize
+ PAGE_SIZE=4096
+ PAD=0xd4d4d4d4
+ GAPDUMMY=gapdummy.o
+ random_uniform 12288
+ RANDOM1=5878
+ random_uniform 4096
+ RANDOM2=3116
+ random_uniform 4096
+ RANDOM3=2520
+ random_uniform 4096
+ RANDOM4=707
+ random_uniform 4096
+ RANDOM5=185
+ cat
+ > gap.link
+ << __EOF__
+ ld -r gap.link gapdummy.o -o gap.o
Abort trap

Any thoughts/advice?

Thanks,
Steve Williams

Re: some simple way to serve videos?

[Steve Williams]

On 03/10/2022 5:00 a.m., rsyk...@disroot.org wrote:

Hello,


until now I have www-served (httpd) my photos using, as it seems to me,
a very simple way: into a directory with photos I copied a file called
gallery.html taken from

https://github.com/gfwilliams/ThinGallery
.

This created a browsable gallery of photos (using a web browser and
over the internet), simple enough for my mom to orient in and use.
Is there any similar way so that I could serve also video files?

Thanks for any comments / recommendations.

(I want something that lives on my machine. I know there are some 'big'
frameworks, perhaps MediaGoblin, Serviio; also I could perhaps run a docker
with minnich under a virtual machine runing linux. But is there something
easy and available on OpenBSD?)


Best regards,
Ruda


Hi,

I have been running piwigo (https://piwigo.org/) as a "Gallery" for all 
my photos and videos for years.  It takes a bit of work, but it does a 
good job and "just works".


It takes a small amount of work to configure php, phpfpm, but once 
that's all done, it's rock solid.


Kind of cool, it allows multiple formats of photos, so I can have my 
camera shoot jpgs and raw and it will provide the option of which to view.


For videos, you can create a thumbnail from the video so the user has a 
bit of a clue what they might be going to watch.


Good luck!

Cheers,
Steve Williams

Raspberry PI 4b - OpenBSD 7.1 - System won't boot with usb drive attached - Zero part of MBR?

[Steve Williams]

 ddr52, dma
"arm-pmu" at mainbus0 not configured
agtimer0 at mainbus0: 54000 kHz
simplebus2 at mainbus0: "scb"
bcmpcie0 at simplebus2
pci0 at bcmpcie0
ppb0 at pci0 dev 0 function 0 "Broadcom BCM2711" rev 0x20
pci1 at ppb0 bus 1
xhci0 at pci1 dev 0 function 0 "VIA VL805 xHCI" rev 0x01: intx, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "VIA xHCI root hub" rev 
3.00/1.00 addr 1

bse0 at simplebus2: address e4:5f:01:79:5d:53
brgphy0 at bse0 phy 1: BCM54210E 10/100/1000baseT PHY, rev. 2
"dma" at simplebus2 not configured
"hevc-decoder" at simplebus2 not configured
"rpivid-local-intc" at simplebus2 not configured
"h264-decoder" at simplebus2 not configured
"vp9-decoder" at simplebus2 not configured
gpioleds0 at mainbus0: "led0", "led1"
"sd_io_1v8_reg" at mainbus0 not configured
"sd_vcc_reg" at mainbus0 not configured
"fixedregulator_3v3" at mainbus0 not configured
"fixedregulator_5v0" at mainbus0 not configured
simplebus3 at mainbus0: "v3dbus"
"bootloader" at mainbus0 not configured
scsibus0 at sdmmc1: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  removable
sd0: 121942MB, 512 bytes/sector, 249737216 sectors
uhub1 at uhub0 port 1 configuration 1 interface 0 "VIA Labs USB2.0 Hub" 
rev 2.10/4.21 addr 2

bwfm0 at sdmmc0 function 1
manufacturer 0x02d0, product 0xa9a6 at sdmmc0 function 2 not configured
manufacturer 0x02d0, product 0xa9a6 at sdmmc0 function 3 not configured
umass0 at uhub1 port 1 configuration 1 interface 0 "Sunplus Technology 
Inc. USB to Serial-ATA bridge" rev 2.00/1.03 addr 3

umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0:  
serial.04fc0c25ENEAG102423Y

sd1: 488386MB, 512 bytes/sector, 1000215216 sectors
 This is the drive that doesn't cause any issues

ure0 at uhub1 port 3 configuration 1 interface 0 "TP-Link USB 
10/100/1000 LAN" rev 2.10/30.00 addr 4

ure0: RTL8153 (0x5c30), address 54:af:97:86:d7:fa
rgephy0 at ure0 phy 0: RTL8251 PHY, rev. 0
uhub2 at uhub1 port 4 configuration 1 interface 0 "GenesysLogic USB2.1 
Hub" rev 2.10/71.00 addr 5
uhidev0 at uhub2 port 2 configuration 1 interface 0 "Logitech USB 
Keyboard" rev 1.10/64.00 addr 6

uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub2 port 2 configuration 1 interface 1 "Logitech USB 
Keyboard" rev 1.10/64.00 addr 6

uhidev1: iclass 3/0, 3 report ids
ucc0 at uhidev1 reportid 1: 2 usages, 3 keys, enum
wskbd1 at ucc0 mux 1
wskbd1: connecting to wsdisplay0
uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0
ucc1 at uhidev1 reportid 3: 21 usages, 14 keys, enum
wskbd2 at ucc1 mux 1
wskbd2: connecting to wsdisplay0
uaudio0 at uhub2 port 3 configuration 1 interface 1 "Logitech HD Webcam 
C525" rev 2.00/0.10 addr 7

uaudio0: class v1, high-speed, sync, channels: 0 play, 1 rec, 2 ctls
audio0 at uaudio0
uvideo0 at uhub2 port 3 configuration 1 interface 2 "Logitech HD Webcam 
C525" rev 2.00/0.10 addr 7

video0 at uvideo0
uhidev2 at uhub2 port 4 configuration 1 interface 0 "Microsoft Microsoft 
3-Button Mouse with IntelliEye(TM)" rev 1.10/3.00 addr 8

uhidev2: iclass 3/1
ums0 at uhidev2: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (04875a30a561175e.a) swap on sd0b dump on sd0b
WARNING: CHECK AND RESET THE DATE!
gpio0 at bcmgpio0: 58 pins
bwfm0: address e4:5f:01:79:5d:54
umass1 at uhub1 port 2 configuration 1 interface 0 "Sunplus Technology 
Inc. USB to Serial-ATA bridge" rev 2.00/1.03 addr 9

umass1: using SCSI over Bulk-Only
scsibus4 at umass1: 2 targets, initiator 0
sd2 at scsibus4 targ 1 lun 0:  
serial.04fc0c25JNB0J800926Z

sd2: 953869MB, 512 bytes/sector, 1953525168 sectors
 Problem drive, powered on after boot, them mounted and the boot 
continues


Thanks,
Steve Williams

Re: Fanless amd64 sytem recommendations

[Steve Williams]

Hi Stuart,

Thanks very much for the suggestion!   I was able to build and preliminary
tests show that rclone on aarch64 is working with OpenBSD 7.1.  I am able
to do restore one of my backups from my GoogleDrive.  FANTASTIC.

Should I just send an email to the "Maintainer" to indicate that this can
be changed?

Trying to build it was my original thought but I've gone down the road of
trying to fix broken ports before and it's led to a lot of pain because...
they are marked "BROKEN" for a reason!  People much smarter than me have
tried to fix them :).

In this case, I should have tried :(  Thanks for the nudge.

Cheers,
Steve W.

On Mon, Jul 11, 2022 at 4:51 AM Stuart Henderson 
wrote:

> On 2022-07-11, Steve Williams  wrote:
> > First, I built a Raspberry Pi 4b system with a USB wired NIC and went to
> > restore my backup from Google using rclone only to find that rclone isn't
> > supported on arm64. :(
>
> Try removing the BROKEN-aarch64 and building from ports.
>
> It has been a while since the BROKEN markers were added for this and there
> have been a number of updates, both to rclone itself, and to lang/go, in
> the meantime.
>
> If it still fails then maybe there's some go build option that might help.
> My initial reaction is that this is more likely to be a problem in go than
> in rclone.
>
>
>

Fanless amd64 sytem recommendations

[Steve Williams]

Hi,

My pcengines APU system died on me catastrophically.  It's my  primary
router / email / web server.

First, I built a Raspberry Pi 4b system with a USB wired NIC and went to
restore my backup from Google using rclone only to find that rclone isn't
supported on arm64. :(

I have built an old Dell desktop into a replacement, but I would really
like a silent system (fanless) and rclone is instrumental to my backup
system so I need to stick to (likely) an amd64 compatible system.

What recommendations do people have for a fanless AMD64 compatible system
that (ideally) has wired NIC's on it.

Thanks,
Steve Williams

USB ethernet adapter?

[Steve Williams]

Hi,

My PCEngines APU died and I need to rebuild my router.

I'm throwing together an old desktop, but ultimately I'd like to use a
Raspberry Pi that I bought to play with.

My network configuration needs 2 wired interfaces.  I don't have a switch
that will do vlans, and I don't want to have to configure all of that.

This is only for a 20 Meg (bi directional) connection, so not stressing
things too much.

What would be a good USB to ethernet (RJ45) adapter that is supported by
OpenBSD?

Thanks,
Steve W.

Re: growfs on an encrypted softraid0

[Steve Williams]

Hi,

If rsync isn't working correctly, I would just use a cpio(1) to copy 
things between the two folders.  I haven't used it for years, but in the 
days of mixed unix (AIX, SCO Xenix, SCO Unix), cpio always "just worked".


You can do it in a pipe, so there's no intermediate storage.  IIRC, you 
bump up the block size to get faster speeds.


It should handle long paths correctly.

You could perhaps do the same thing with "tar", but "tar" historically 
had issues with long path names and I haven't used it for so many years, 
I am sure it's been resolved.


tar -cf - . | (cd some_folder; tar -xvf -)

Cheers,
Steve W.



On 24/03/2022 5:38 a.m., Leo Unglaub wrote:

Hey friends,

i have a 500GB drive that is fully encrypted using a softraid with 
raidlevel C. It works perfectly. But now the drive is getting full and 
i have to grow it. This server is running in the Hetzner Cloud and 
resizing the drive is supported to 10TB.


With an unencrypted partition this works well in OpenBSD. I can use 
disklabel and growfs to enlarge the drive, but that does not work with 
an encrypted partition.


Do you have any recommendations on what the best way forward is in 
this case? I tried adding a new 1TB drive and copying all the files 
over and just remounting it. But even with the super fast M2. SSD 
drives in there it took more than 3 days to finish. (lots of small 
files, its my email server)


Having my email server down for 3 days is not really a good option for 
obvious reasons.


I also tried doing an initial copy and then using rsync, but because 
dovecot (imap server from ports) uses a lot of hardlinks rsync is not 
working correctly even with the hard link option (bugs are described 
in the rsync man page) and openrsync does not support handling them.


Do you have any ideas what i can do in this case?
Thanks and greetings
Leo


OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022
r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4177379328 (3983MB)
avail mem = 4034740224 (3847MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5ad0 (10 entries)
bios0: vendor Hetzner version "2017" date 11/11/2017
bios0: Hetzner vServer
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.34 MHz, 06-55-04
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache

cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel Xeon Processor (Skylake, IBRS), 2100.07 MHz, 06-55-04
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache

cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpihpet0 at acpi0: 1 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
cpu0: using VERW MDS workaround
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, 
channel 0 wired to compatibility, channel 1 wired to 

Considering a Raspberry Pi 4 Model B, but a bit lost...

[Steve Williams]

Hi,

I currently have a PC Engines APU2 that's been my central workhorse for 
quite a few years now.


I want to delve into cheaper systems for OpenBSD so I can have more of 
them around my house :D


I was considering a Raspberry Pi 4 Model B and  I have a couple of 
general questions:


1. When I read the install notes for arm64
   (https://www.openbsd.org/arm64.html), I see that it lists the
   Raspberry Pi 4.  Is a Raspberry Pi 4 Model B included in that category?
2. One of the kits I'm considering comes with at 128 G sd card with a
   USB Card reader.  Is that entire space on the sd card usable in
   OpenBSD?   I assume that the OS install can use the whole sd card,
   but don't want to make any assumptions at this point.
3. What is a popular reasonable quality wifi usb adapter that people use?
4. Did some Raspberry Pi's come with a micro sd slot or something? 
   There's mention of using a small SD card as well as having a USB
   device for OpenBSD... this doesn't seem to apply to Pi 4 B as there
   are only USB ports...

Thanks,
Steve Williams

Re: Raspberry Pi 4B performance compared to APU / wireless networking?

[Steve Williams]

On 30/11/2021 12:38 a.m., Stuart Henderson wrote:

On 2021-11-30, Steve Williams  wrote:

Hi,

I have an APU 2C4 running OpenBSD 7.

I see that the Raspberry Pi 4B is supported by OpenBSD now and I was
thinking of getting one to play with as my APU is my main server and I
don't want to take it down to experiment.

I can't seem to find any reviews/comparisons of an APU vs. a Raspberry
Pi 4B.

Does anyone have a "gut" feeling on the relative performance?

Network performance and compiling are way better on the rpi4. Disk io on
OpenBSD can be way better on the APU (we don't support UAS so the faster
USB SSDs don't reach the performance they are capable of). Though there
are some Pi CM4 carrier board which support PCIe-based storage which
should be better than the APU.


Does the wireless networking work well on the Raspberry as the APU's
wireless is less than optimal :) ?

The APU itself doesn't have wlan so that depends on what card you use
of course. bwfm(4) does work well though the antenna is a resonant cavity
etched on the PCB and there's no way to move it outside of the case.
If you want to run a high performance AP you'll still want a separate
device.



Hi Stuart,

Thanks very much for the information!  I'm surprised the Pi will compile 
faster, outside of IO issues.


And the WLAN on the Pi with no antenna?  that sounds a bit weak... I was 
looking at getting an aluminum case that acts as a passive heatsink, but 
my gut feeling is that would be contra-indicated for good wifi... I'll 
follow up with the manufacturer to see what their feedback is.


Thanks again!

Cheers,
Steve W.

Raspberry Pi 4B performance compared to APU / wireless networking?

[Steve Williams]

Hi,

I have an APU 2C4 running OpenBSD 7.

I see that the Raspberry Pi 4B is supported by OpenBSD now and I was 
thinking of getting one to play with as my APU is my main server and I 
don't want to take it down to experiment.


I can't seem to find any reviews/comparisons of an APU vs. a Raspberry 
Pi 4B.


Does anyone have a "gut" feeling on the relative performance?

Does the wireless networking work well on the Raspberry as the APU's 
wireless is less than optimal :) ?


Thanks for any feedback.

Cheers,
Steve Williams

Re: Kind of OT - camera/ software to run a long term timelapse camera

[Steve Williams]

Hi,

Thanks everyone for the feedback!

It's actually quite unbelievable, but I have this working in less than 
an hour.  I found a USB camera that I already had that is supported by 
uvideo(4).


fswebcam is talking to it nicely and capturing a still every 15 
seconds.  ffmpeg is stitching the stills together into a video! It's 
interesting to see ffmpeg threaded.. it's using 362% of my cpu!  It is 
making the CPU temperature go up though!


Pretty amazing.  Thanks again!

Cheers,
Steve Williams


On 15/11/2021 10:21 a.m., Steve Williams wrote:

Hi,

I have an OpenBSD server (APC) that runs 7x24 hosting my email, 
webserver, etc.


As the season changes to winter, I thought of setting up a camera to 
do some timelapse photography out of the window pointing at the 
mountains.


I am kind of lost in the huge variety of options...  IP connected 
security camera, webcam... and whether to do the timelapse in the 
camera, or to have that controlled on the server... (taking a photo 
every x minutes and saving it on the OpenBSD server).


I was trying to avoid having the images stored on an SD card in the 
camera as then physical access would be required to periodically 
extract the images / movie.


If it's a USB camera, it would need to be supported by OpenBSD. But 
there are IP cameras, some which require drivers, some don't. It's a 
crazy complex world.


Does anyone have recommendations to accomplish this?  It's just a 
hobby so I don't want to spend a huge amount of money on it.


Thanks,
Steve Williams

Kind of OT - camera/ software to run a long term timelapse camera

[Steve Williams]

Hi,

I have an OpenBSD server (APC) that runs 7x24 hosting my email, 
webserver, etc.


As the season changes to winter, I thought of setting up a camera to do 
some timelapse photography out of the window pointing at the mountains.


I am kind of lost in the huge variety of options...  IP connected 
security camera, webcam... and whether to do the timelapse in the 
camera, or to have that controlled on the server... (taking a photo 
every x minutes and saving it on the OpenBSD server).


I was trying to avoid having the images stored on an SD card in the 
camera as then physical access would be required to periodically extract 
the images / movie.


If it's a USB camera, it would need to be supported by OpenBSD.  But 
there are IP cameras, some which require drivers, some don't.  It's a 
crazy complex world.


Does anyone have recommendations to accomplish this?  It's just a hobby 
so I don't want to spend a huge amount of money on it.


Thanks,
Steve Williams

Re: X220 thinkpad battery issue

[Steve Williams]

Hi,

I have had absolutely TERRIBLE luck with replacement laptop batteries 
(DELL) that weren't OEM.  I had 2 different ones die shortly after the 
warranty period.  My Dell batteries are twice the price, but I get many 
years of use out of them.


YMMV...

Cheers,
Steve W.

On 15/07/2021 8:54 a.m., Isak Holmström wrote:

15 juli 2021 kl. 10:07 skrev Jonathan Drews :

 According to Wikipedia, The X220 was first manufactured in 2011.
https://en.wikipedia.org/wiki/ThinkPad_X_series#X220
Remove the battery and look for the date when it was manufactured. The 
manufacture date is usually stamped somewhere on the battery. If it is more 
than 4 years old, then it  may very well be dead.

The battery is a replacement battery not older than 1 year, bought from eBay. 
The text on the battery says:
Green Cell replace FRU 42T4861, ASM 42T4862. Li-ion 11.1V 4400mAh.”

OpenBSD 6.9 and PHP version

[Steve Williams]

Hi,

When I upgraded to OpenBSD 6.9 then did the pkg_add -u, I got 
php-php-7.4.18 installed.


How do I know if it's "safe" to delete the old php-7.3.28 and all the 
associated modules?


I know I'll have to migrate my ".ini" file changes to the new version 
for both php and php_fpm, but other than that, how do I figure out if 
anything is still calling 7.3?


I have a simple build, roundcubemail, piwigo, nextcloud and a few others.

Thanks,
Steve W.

Re: 6.8 and Procmail/Formail: anyone still using them?

[Steve Williams]

Hi,

You are correct!

The contents of my .forward!!

pcengine$ cat .forward
"|/usr/local/bin/procmail -f -"

And yes, all my filtering is defined in my .procmailrc file.

Sorry for any confusion!

Cheers,
Steve W.


On 15/02/2021 11:30 a.m., Austin Hook wrote:


Hi Steve,  I wonder if in your email (below) you have your lines slightly
out of order:



My .procmailrc:
"|/usr/local/bin/procmail -f -"

I am thinking that is your .forward file.


and


Not sure if this is your problem or not.? But I have quite a large .procmailrc
file (200 lines) that makes? a historical archive of every incoming email,

I gather that you put all your procmail filtering directly into your
.procmailrc file.  I think it was usually the case that

Or is this is a reference to a something.rc file in the ~/Procmail
directory?

My .procmailrc file looks like this:

# Turn off extra words in log file set to yes for debugging
VERBOSE=no

# For debugging uncomment this line
LOGABSTRACT=all

# Tell procmail where to store your mail. This changes depending on

#  which Unix mail client you use.
# Pine uses $HOME/mail
# Mutt and Elm use $HOME/Mail
MAILDIR=$HOME/mail  #This directory must exist!!!

# Use a seperate directory to store recipes and logs
PMDIR=$HOME/Procmail

# Tell procmail where to put the log file
LOGFILE=$PMDIR/procmail.log
 
# Add recipe files here

# To add more recipe files just add an INCLUDERC=$PMDIR/filename.rc
#  line for each file
#INCLUDERC=$PMDIR/testing.rc

INCLUDERC=$PMDIR/lists.rc
 
# Finally if the above recipes fail to move your mail put it in your

#  inbox
 
:0:

# Above is a zero (0) not the letter O.
$DEFAULT

Austin

PS: I solved my problem with your help above.  Thanks!  It has to do with
the differences in how the new smtpd process deals with aliases which are
pipes to programs or scripts.  It does not handle complex command line
equivalents with definitions of environment variables preceding the
invocation of the program being called up.  I wonder if it even handles
the typical command lines that have the kind of "if this succeds, then do
that also, but if any invoked process fails do the other" -- the usual
&& or || connectors one often sees in major shell scripts.

That kind of usage in the .forward file is what screws up a lot of custom
scripts I wrote for myself years ago.

I haven't had a chance yet to look to see if procmail still recommends
that kind of .forward file.  Later I will submit a report to misc@ or
ports@

The .forward file used to recommended by procmail to look like this:

"|IFS=' ' && exec /usr/local/bin/procmail -f- || exit 75 #austin"
  
That caused an error "cannot expand alias" ( or something like that --

neatly misleading --- as usual in debugging problems... )  :-)

Still have to find time to study the newer replacement folks are
recommending for procmail.  I gather most everyone else has left procmail
in the dust

========



On Wed, 27 Jan 2021, Steve Williams wrote:

Hi,

I am using procmail under 6.8 successfully.? I did have problems with it when
upgrading to (I think) 6.4.

If you look for the mail list archives for "OpenBSD 6.4 smtpd local mail
delivery missing "From " when .forward (procmail)"

My .procmailrc:

"|/usr/local/bin/procmail -f -"

Not sure if this is your problem or not.? But I have quite a large .procmailrc
file (200 lines) that makes? a historical archive of every incoming email,
filtering maillist emails, etc.

Thanks,
Steve W.


On 26/01/2021 10:43 a.m., Austin Hook wrote:

Wonder if anyone is still using Procmail/Formail under 6.8 for presorting
incoming mail before it hits one's main inbox.

Also wondering if folks send the remainimg mail, after filtering, to
/var/mail/*user*, or to ~/mbox or to ~mail/mbox.  Any advantage to be had,
or any mere consensus, regardless of advantages?

I also use whitelisting extensively, and any such "From: emailaddresses"
get priority.  Does anyone else?

Myself: Having problems with Procmail/formail, after upgrading from 5.3 to
a new server running 6.8.  Would like to hear of anyone else's experience.

Thanks,

Austin Hook
Milk River, Alberta

Re: httpd, PHP7.4, phpIPAM, MariaDB

[Steve Williams]

Hi,

It is running in a chroot.  No access to "standard" networking files.  
hosts, resolv.conf, etc.


Probably easiest to put the actual IP address in.  I use a socket and 
put in in the chroot folder.  Not sure which is better.


If you run into any other network type issues, suspect the lack of DNS 
resolution (hosts, resolv.conf, etc).


They can be copied into the chroot folder, but then maintenance is an 
issue (and no, symbolic link won't work).


Cheers,
Steve W.

On 09/02/2021 4:30 p.m., Jesse Barton wrote:

Hey OpenBSD Community,

I am working on getting phpIPAM setup on a OpenBSD system but so far i'm
running into an issue with connecting the php site to the database.

I used parts of these documentation pages to get everything working.
https://www.php.net/manual/en/install.unix.openbsd.php
https://phpipam.net/documents/installation/

Here is the specific message im getting in my error.log

PHP message: PHP Fatal error:  Uncaught Exception: Could not connect to
database! SQLSTATE[HY000] [2002] No such file or directory in
/htdocs/ipam/functions/classes/class.PDO.php:159
Stack trace:
#0 /htdocs/ipam/functions/classes/class.PDO.php(1053): DB->connect()
#1 /htdocs/ipam/functions/classes/class.PDO.php(298):
Database_PDO->connect()
#2 /htdocs/ipam/functions/classes/class.Common.php(236): DB->escape()
#3 /htdocs/ipam/functions/classes/class.Common.php(411):
Common_functions->fetch_object()
#4 /htdocs/ipam/functions/classes/class.User.php(136):
Common_functions->get_settings()
#5 /htdocs/ipam/index.php(29): User->__construct()
#6 {main}
   thrown in /htdocs/ipam/functions/classes/class.PDO.php on line 159

Im able to log into the database with the desired user running
# mysql -u phpipam -p

my config.php is set
$db['host'] = 'localhost';
$db['user'] = 'username';
$db['pass'] = 'password';
$db['name'] = 'phpipam';
$db['port'] = 3306;

If there is any other information that would be helpful in troubleshooting
this i'm all ears.

Re: 6.8 and Procmail/Formail: anyone still using them?

[Steve Williams]

On 26/01/2021 10:43 a.m., Austin Hook wrote:

Wonder if anyone is still using Procmail/Formail under 6.8 for presorting
incoming mail before it hits one's main inbox.

Also wondering if folks send the remainimg mail, after filtering, to
/var/mail/*user*, or to ~/mbox or to ~mail/mbox.  Any advantage to be had,
or any mere consensus, regardless of advantages?

I also use whitelisting extensively, and any such "From: emailaddresses"
get priority.  Does anyone else?

Myself: Having problems with Procmail/formail, after upgrading from 5.3 to
a new server running 6.8.  Would like to hear of anyone else's experience.

Thanks,

Austin Hook
Milk River, Alberta


Hi,

I am using procmail under 6.8 successfully.  I did have problems with it 
when upgrading to (I think) 6.4.


If you look for the mail list archives for "OpenBSD 6.4 smtpd local mail 
delivery missing "From " when .forward (procmail)"


My .procmailrc:

"|/usr/local/bin/procmail -f -"

Not sure if this is your problem or not.  But I have quite a large 
.procmailrc file (200 lines) that makes  a historical archive of every 
incoming email, filtering maillist emails, etc.


Thanks,
Steve W.

Re: -current amd64 packages not updated? Impatient or broken?

[Steve Williams]

On 07/01/2021 1:30 p.m., Christian Weisgerber wrote:

Steve Williams:


I hesitate to send this because perhaps I'm just too impatient, but then
again, perhaps not.  This is not critical/time sensitive.

I just thought I'd check if there a problem with the current packages folder
from the mirrors?

No, the amd64 package builds have been slightly delayed.  First by
a problem in lang/rust, which semarie@ fixed in admirably short
time.  Then the package build was cut short because the machine
running dpb(1) panicked with filesystem corruption.

A new build is running now and will take another 24h to complete
if all goes well.



Hi,

Thanks for the update!

Ah, the joys of big builds!  I remember being in CPSC in University in 
the early 1980's and doing ray tracing.  We did a 20 second movie @ 24 
frames per second (16 mm film!!!).


Each frame took at least 5 minutes to render on "leading edge" (at the 
time) SGI hardware.  We would start it Friday night and it would 
complete before classes on Monday AM.  We had to hold our breath that 
nothing would go wrong over the weekend or that someone wouldn't start 
playing flight simulator on the network with the other 2 workstations!  lol


Good luck with everything!  It's an amazing job you are doing keeping 
all the balls in the air at once (juggling).


Cheers,
Steve W.

Re: -current amd64 packages not updated? Impatient or broken?

[Steve Williams]

Impatient it is :D

Thanks for the update!

Cheers,
Steve W.

On 07/01/2021 10:56 a.m., Patrick Wildt wrote:

I committed an update to libunwind which made a major bump necessary.
Maybe I should have asked ports to run with the build first, so that
base and packages would be aligned.  Too late for that now.  Time will
fix it though.

Am Thu, Jan 07, 2021 at 09:54:39AM -0700 schrieb Steve Williams:

Hi,

I hesitate to send this because perhaps I'm just too impatient, but then
again, perhaps not.  This is not critical/time sensitive.

I just thought I'd check if there a problem with the current packages folder
from the mirrors?

I am trying to update my development system (to resume work on a port).

I did the initial upgrade on January 4, 2020 and my packages wouldn't update
because of missing library versions.  I was told this is just a discrepancy
between the OS and the packages and to "wait a few days" for everything to
synchronize.
     "Unfortunate timing as key system libraries have had version bumps
recently. Wait for a new package build (usually a few days on the faster cpu
architectures) and try again."

I am watching the packages folder on various mirrors and they are all from
January 3, 2020, which is when my kernel is from.
pulseaudio-14.0.tgz    03-Jan-2021

I am currently on:
OpenBSD 6.8-current (GENERIC.MP) #259: Sun Jan  3 15:25:58 MST 2021

This morning, I still can't add/update select packages.

desktop# sysupgrade -s
Fetching from
https://cloudflare.cdn.openbsd.org/pub/OpenBSD//snapshots/amd64/
SHA256.sig   100% 
|***|
2144   00:00
Signature Verified
Already on latest snapshot.
desktop# pkg_add pulseaudio
quirks-3.506 signed on 2021-01-03T15:41:44Z
Can't install spidermonkey78-78.5.0v1 because of libraries
|library c++.5.0 not found
| /usr/lib/libc++.so.4.0 (system): bad major
| /usr/lib/libc++.so.6.0 (system): bad major
|library c++abi.3.0 not found
| /usr/lib/libc++abi.so.2.1 (system): bad major
| /usr/lib/libc++abi.so.4.0 (system): bad major
Direct dependencies for spidermonkey78-78.5.0v1 resolve to libffi-3.3
nspr-4.29 icu4c-68.2v0
Full dependency tree is libffi-3.3 nspr-4.29 icu4c-68.2v0
Can't install polkit-0.118: can't resolve spidermonkey78-78.5.0v1
Can't install consolekit2-1.2.2: can't resolve polkit-0.118
Can't install pulseaudio-14.0: can't resolve consolekit2-1.2.2
Couldn't install consolekit2-1.2.2 polkit-0.118 pulseaudio-14.0
spidermonkey78-78.5.0v1
desktop#

Am I being too impatient?

Thanks,
Steve Williams

-current amd64 packages not updated? Impatient or broken?

[Steve Williams]

Hi,

I hesitate to send this because perhaps I'm just too impatient, but then 
again, perhaps not.  This is not critical/time sensitive.


I just thought I'd check if there a problem with the current packages 
folder from the mirrors?


I am trying to update my development system (to resume work on a port).

I did the initial upgrade on January 4, 2020 and my packages wouldn't 
update because of missing library versions.  I was told this is just a 
discrepancy between the OS and the packages and to "wait a few days" for 
everything to synchronize.
    "Unfortunate timing as key system libraries have had version bumps 
recently. Wait for a new package build (usually a few days on the faster 
cpu architectures) and try again."


I am watching the packages folder on various mirrors and they are all 
from January 3, 2020, which is when my kernel is from.

pulseaudio-14.0.tgz    03-Jan-2021

I am currently on:
OpenBSD 6.8-current (GENERIC.MP) #259: Sun Jan  3 15:25:58 MST 2021

This morning, I still can't add/update select packages.

desktop# sysupgrade -s
Fetching from 
https://cloudflare.cdn.openbsd.org/pub/OpenBSD//snapshots/amd64/
SHA256.sig   100% 
|***| 
2144   00:00

Signature Verified
Already on latest snapshot.
desktop# pkg_add pulseaudio
quirks-3.506 signed on 2021-01-03T15:41:44Z
Can't install spidermonkey78-78.5.0v1 because of libraries
|library c++.5.0 not found
| /usr/lib/libc++.so.4.0 (system): bad major
| /usr/lib/libc++.so.6.0 (system): bad major
|library c++abi.3.0 not found
| /usr/lib/libc++abi.so.2.1 (system): bad major
| /usr/lib/libc++abi.so.4.0 (system): bad major
Direct dependencies for spidermonkey78-78.5.0v1 resolve to libffi-3.3 
nspr-4.29 icu4c-68.2v0

Full dependency tree is libffi-3.3 nspr-4.29 icu4c-68.2v0
Can't install polkit-0.118: can't resolve spidermonkey78-78.5.0v1
Can't install consolekit2-1.2.2: can't resolve polkit-0.118
Can't install pulseaudio-14.0: can't resolve consolekit2-1.2.2
Couldn't install consolekit2-1.2.2 polkit-0.118 pulseaudio-14.0 
spidermonkey78-78.5.0v1

desktop#

Am I being too impatient?

Thanks,
Steve Williams

WireGuard, Windows mobile laptop and pf.conf?

[Steve Williams]

Hi,

I am not sure where my issue is...

As I understand, WireGuard is strictly UDP.

I am working on a road warrior setup, where one end of the tunnel is my 
OpenBSD server with a static public IP address and the other end will be 
Windows 7/10 laptops with random public IP addresses.


My hostname.wg0:

   wgkey 
   wgport 53
   wgpeer  wgpka 25 wgaip 192.168.126.2/32
   inet 192.168.126.1/24
   up

I haven't put "wgendpoint" in the OpenBSD config file as I don't know 
what the remote IP address is.  I assumed that "the local interface" 
would update after receiving a correctly authenticated packet from my 
Windows 10 laptop...but perhaps the issue?


from ifcon|fig(8):
||wgendpoint| ip port
Set the IP address and port to send the encapsulated packets to. If the 
peer changes address, the local interface will update the address after 
receiving a correctly authenticated packet. The IP address can be either 
IPv4 or IPv6, and the port is a regular 16-bit UDP port.



In my Windows WireGuard client:

   [Interface]
   PrivateKey = 
   Address = 192.168.126.2/24

   [Peer]
   PublicKey = 
   AllowedIPs = 0.0.0.0/1
   Endpoint = :53



Since I don't want to filter any of the Wireguard traffic, at the top of 
the pf.conf, I have:

set skip on wg0

Then I am allowing incoming traffic to port 53.
# Wireguard running on DNS port
pass in on egress inet proto udp from any to (egress) port { domain }


When I initiate a connection from my road warrior setup (Windows 7, 
WireGuard client which has the IP / Port configured of my OpenBSD 
server), it is just continually retrying.
2020-12-28 12:22:54.401: [TUN] [OpenBSD] peer(IQsw…D4W8) - Handshake did 
not complete after 5 seconds, retrying (try 2)


On my OpenBSD box, I can tcpdump -i em0 (egress, public IP address) and 
see the packets getting to the OpenBSD box from the Windows laptop..


However, when I doing a tcpdump -i wg0, there is no traffic at all.

Unbound is configured to only listen on the loopback interface, so that 
shouldn't be interfering...


(/var/unbound/etc/unbound.conf)
server:a
    interface: 127.0.0.1
    interface: ::1


Hum... now that I am thinking about it...how does it all work?

   1.  A packet leaves wg0 interface with 192.168.126.1 ip address
   2.  The packet is routed to the default gateway (egress)
   3.  The packet hits the Internet and is dropped as a non-routable IP
   address

or...
Does the packet get routed out my external interface, whereby the NAT 
rule would apply?

match out on egress inet from !(egress:network) to any nat-to (egress:0)

I'm just a little bit lost on how to configure pf for this all.

Thanks,
Steve W.

Re: Wireguard example

[Steve Williams]

Hi,

Thanks for the man page pointer.  I cannot believe I didn't think to 
look there.  A bit embarrassed now.


Cheers,
Steve W.

On 23/12/2020 1:16 p.m., Stuart Henderson wrote:

On 2020-12-23, Steve Williams  wrote:

Hi,

With OpenBSD 6.8 installed, I'm investigating switching from OpenVPN
over to Wireguard.

This is for roadwarrior with Windows 7/10 laptops to access my OpenBSD
6.8 server.

All I can find is wg(4) for reference.  It has kind of an interesting
example, but I am struggling a bit without the "big picture".  I don't
mind doing my own reading, but the only additional documentation I can
find is the Whiteguard whitepaper which is Linux and doesn't mention
"wgendpoint"...

Is it necessary to use routing domains?  I don't believe so as I've
never done that with any other interface.

No.


Where are the various wireguard parameters to ifconfig documented? From
the example:
      ifconfig wg1 create wgport 111 wgkey `openssl rand -base64 32`
rdomain 1

Have a read of https://man.openbsd.org/ifconfig#WIREGUARD and ask
again if something is missing. (Also check the updated wg(4) manual on
man.openbsd.org too, it is a bit better than the manual in 6.8).

The info for wgaip talls about a "routing table" which is a bit of an
unfortunate name as it's nothing to do with "rtable" routing tables,
it's internal to the wg instance (wg0/wg1/whatever). This relates to
what the wg(4) manual says about Allowed IPs.

Wireguard example

[Steve Williams]

Hi,

With OpenBSD 6.8 installed, I'm investigating switching from OpenVPN 
over to Wireguard.


This is for roadwarrior with Windows 7/10 laptops to access my OpenBSD 
6.8 server.


All I can find is wg(4) for reference.  It has kind of an interesting 
example, but I am struggling a bit without the "big picture".  I don't 
mind doing my own reading, but the only additional documentation I can 
find is the Whiteguard whitepaper which is Linux and doesn't mention 
"wgendpoint"...


Is it necessary to use routing domains?  I don't believe so as I've 
never done that with any other interface.


Where are the various wireguard parameters to ifconfig documented? From 
the example:
    ifconfig wg1 create wgport 111 wgkey `openssl rand -base64 32` 
rdomain 1


What is the implication of "wgport"?  wgkey is pretty obvious.

The next relevant line in the example:
    ifconfig wg1 wgpeer $PUB2 wgendpoint 127.0.0.1 222 wgaip 192.168.5.2/32

wgpeer is the public key of the wireguard instance running on the 
Windows PC's.
wgendpoint... what should that be in a road warrior setup?  I'm not sure 
exactly what that is about.  I am guessing that it is the interface to 
listen on?  I get my public IP address via DHCP from my ISP so it is 
subject to change.  I have dynamic DNS set up and it's working 
perfectly.  What would the configuration look like in a situation like 
this?


wgaip - does that correspond with "Allowed IP's" described in glossary 
in the "DESCRIPTION" section.  With a /32, that's a hostname.  But in a 
roadwarrior setup, I won't know what the remote IP is..  so I'm a bit 
confused here.


And then finally, what changes need to be made to pf.conf to allow this 
traffic to flow?  Is that what the "wgport" field is about?



Thanks,
Steve W.

Re: How many IPs can I block before taking a performance hit?

[Steve Williams]

Hi,

I have a script that downloads "badhosts" from a site that continuously 
updates through a distrubed network.


I currently limit my blocklist to 450,000 ip addresses.

real mem = 4261072896 (4063MB)
avail mem = 4119322624 (3928MB)
bios0: PC Engines apu2



-pa-r-- blocklist
    Addresses:   45
    Cleared: Tue May 26 18:45:08 2020
    References:  [ Anchors: 0  Rules: 
1  ]
    Evaluations: [ NoMatch: 3794791    Match: 
1172204    ]
    In/Block:    [ Packets: 1172204    Bytes: 
61337613   ]
    In/Match:    [ Packets: 0  Bytes: 
0  ]
    In/Pass: [ Packets: 0  Bytes: 
0  ]
    In/XPass:    [ Packets: 0  Bytes: 
0  ]
    Out/Block:   [ Packets: 0  Bytes: 
0  ]
    Out/Match:   [ Packets: 0  Bytes: 
0  ]
    Out/Pass:    [ Packets: 0  Bytes: 
0  ]
    Out/XPass:   [ Packets: 0  Bytes: 
0  ]



Cheers,
Steve W.

On 12/08/2020 6:11 a.m., Alan McKay wrote:

Hey folks,

This is one that is difficult to test in a test environment.

I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM.

With some scripting I'm looking at feeding block IPs to the firewalls
to block bad-guys in near real time, but in theory if we got attacked
by a bot net or something like that, it could result in a few thousand
IPs being blocked.  Possibly even 10s of thousands.

Are there any real-world data out there on how big of a block list we
can handle without impacting performance?

We're doing the standard /etc/blacklist to load a table and then have
a block on the table right at the top of the ruleset.

thanks,
-Alan

Re: Disabling OpenBSD Login Prompt

[Steve Williams]

On 10/06/2020 10:31 a.m., Aisha Tammy wrote:

On 6/10/20 10:46 AM, Steve Williams wrote:

Hi,

Do you have the proper ioctls to set baud rate, parity, start bits, stop bits 
so that the serial port is configured correctly?

What about flow control?  rts/cts, xon/xoff.

Dealing with a serial port is it's own art.


Wow, this is really interesting.
I'm curious, do the display managers like gdm/xdm, etc also have
to handle this?
I'm asking cuz I'm porting a display manager for linux (nothing to
do with openbsd,  but this discussion was very related).
I'm in a very similar position where the simplest answer would be
to disable a getty at one of the tty's and start the login prompt
there (its a visual prompt).

link to display manager, if my writing wasn't clear
https://git.sr.ht/~kennylevinsen/greetd

Aisha
The baud rate, etc is only applicable to things running over serial 
RS-232 (and 422) ports.  The original poster specified it is running on 
"com0".


A display manager would not (typically) be talking over a serial port 
natively.  In the old days, X might be talking over a serial port using 
SLIP or some such technology, but that has all gone the way of the dodo 
bird.


Cheers,
Steve W.






Cheers,
Steve W.

On 10/06/2020 3:03 a.m., Valdrin MUJA wrote:

Hi Misc,

I want to disable OpenBSD Login prompt at startup -and also after logging out-. 
Because I want to run my external program instead of ksh. There is an login 
prompt also in my program and I want to use it.

I updated the /etc/ttys ;

valdrin# cat /etc/ttys
#
#   $OpenBSD: ttys,v 1.2 2008/01/09 17:39:42 miod Exp $
#
# name  getty   type    status  comments
#
console "/usr/libexec/getty std.9600"   vt220   off secure
ttyC0   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC1   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC2   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC3   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC4   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC5   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC6   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC7   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC8   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC9   "/usr/libexec/getty std.9600"   vt220   off secure
ttyCa   "/usr/libexec/getty std.9600"   vt220   off secure
ttyCb   "/usr/libexec/getty std.9600"   vt220   off secure
tty00   "/root/myprogram"   vt220    on secure
tty01   "/usr/libexec/getty std.9600"   unknown off
tty02   "/usr/libexec/getty std.9600"   unknown off
tty03   "/usr/libexec/getty std.9600"   unknown off
tty04   "/usr/libexec/getty std.9600"   unknown off
tty05   "/usr/libexec/getty std.9600"   unknown off
tty06   "/usr/libexec/getty std.9600"   unknown off
tty07   "/usr/libexec/getty std.9600"   unknown off

I'm connected the device with com0 port so I updated the tty00 to run my 
external program. However; system is stucking after date appears on startup.


starting network
reordering libraries: done.
starting early daemons: syslogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons: cron.
Wed Jun 10 10:27:04 +03 2020


Also, I tried "chsh" and "chpass" , but still OpenBSD login prompt appears.. 
How can I overcome this issue?

Thanks..

Re: Disabling OpenBSD Login Prompt

[Steve Williams]

Hi,

Do you have the proper ioctls to set baud rate, parity, start bits, stop 
bits so that the serial port is configured correctly?


What about flow control?  rts/cts, xon/xoff.

Dealing with a serial port is it's own art.

Cheers,
Steve W.

On 10/06/2020 3:03 a.m., Valdrin MUJA wrote:

Hi Misc,

I want to disable OpenBSD Login prompt at startup -and also after logging out-. 
Because I want to run my external program instead of ksh. There is an login 
prompt also in my program and I want to use it.

I updated the /etc/ttys ;

valdrin# cat /etc/ttys
#
#   $OpenBSD: ttys,v 1.2 2008/01/09 17:39:42 miod Exp $
#
# name  getty   typestatus  comments
#
console "/usr/libexec/getty std.9600"   vt220   off secure
ttyC0   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC1   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC2   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC3   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC4   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC5   "/usr/libexec/getty std.9600"   vt220   on  secure
ttyC6   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC7   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC8   "/usr/libexec/getty std.9600"   vt220   off secure
ttyC9   "/usr/libexec/getty std.9600"   vt220   off secure
ttyCa   "/usr/libexec/getty std.9600"   vt220   off secure
ttyCb   "/usr/libexec/getty std.9600"   vt220   off secure
tty00   "/root/myprogram"   vt220on secure
tty01   "/usr/libexec/getty std.9600"   unknown off
tty02   "/usr/libexec/getty std.9600"   unknown off
tty03   "/usr/libexec/getty std.9600"   unknown off
tty04   "/usr/libexec/getty std.9600"   unknown off
tty05   "/usr/libexec/getty std.9600"   unknown off
tty06   "/usr/libexec/getty std.9600"   unknown off
tty07   "/usr/libexec/getty std.9600"   unknown off

I'm connected the device with com0 port so I updated the tty00 to run my 
external program. However; system is stucking after date appears on startup.


starting network
reordering libraries: done.
starting early daemons: syslogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons: cron.
Wed Jun 10 10:27:04 +03 2020


Also, I tried "chsh" and "chpass" , but still OpenBSD login prompt appears.. 
How can I overcome this issue?

Thanks..

Re: pthreads, C and guacamole [Was: Reduce attack surface - Tomcat and guacamole...]

[Steve Williams]

Hi Nick,

Thanks very much for at validating my thought processes.

I have managed to get guacamole compiled using a contemporary version of 
FreeRDP (with the pthread_mutexattr_setpshare commented out).


It runs perfectly using ssh connections.  The RDP sessions which I am 
interested in are quite flaky, but it's around the graphics handling and 
nothing to do with IPC.  (When I click on the "Start" button of a 
Windows XP box in an RDP session, the connection closes because of some 
"glyph" issues that guacamole can't handle.


The new version of FreeRDP changed the API quite a bit and it seems to 
have caused quite a bit of pain to the guacamole project.


The newer version of FreeRDP also has an issue of POSIX or FD based 
timers required, neither of which OpenBSD has.  But the timer 
requirements are very basic so I'm investigating some kind of *BSD based 
timer mechanism can be implemented in FreeRDP.


Cheers,
Steve W.

On 25/04/2020 11:11 a.m., Nick Permyakov wrote:

Hi Steve,

You're talking about
https://github.com/apache/guacamole-server/blob/master/src/libguac/pool.c
, I presume? In that case you're right unless
- the malloc and pthread_* functions are redefined to mean something weird, or
- the physical page containing malloc'ed pool is later made shared
between processes, or is flagged to be shared with a child after
forking, or remapped to another virtual address in the same process,
all of which are highly unlikely.

So a process-shared mutex is unnecessary here on any POSIX system, not
only on OpenBSD.

Nick Permyakov


Hi,

I am looking into guacamole's use of   pthread_mutexattr_setpshare.
(an aside, if I comment out the 4 lines of code invoking
pthread_mutexattr_setpshare, it compiles with gcc on OpenBSD 6.6
(GENERIC.MP) )

I am an experienced C programmer, but I've never looked in threading in
C before so it has required quite a bit of reading.  I haven't been able
to find a comprehensive "architecture" document, just various man pages,
some with sample code.

For example:
https://linux.die.net/man/3/pthread_mutexattr_init

In the above documentation, it states:

 ...the possibility that an application may allocate the
 synchronization objects from this section in memory that is accessed
 by multiple processes (and therefore, by threads of multiple processes).

That is the purpose of the guacamole's pthread_mutexattr_setpshared(foo,
PTHREAD_PROCESS_SHARED) , to permit multiple threaded processes to
access the resource protected by the MUTEX.

However, from my reading of the code, the MUTEX is only protecting
malloc'd memory, which as far as I know, isn't a resource that can be
accessed by multiple processes.

It is my newby (to pthreads) interpretation of the code that in all 4
cases, the code is malloc'ing memory that is being protected by the
MUTEX.  For example:

src/libguac/pool.c:
...
guac_pool* guac_pool_alloc(int size) {

  pthread_mutexattr_t lock_attributes;
  guac_pool* pool = malloc(sizeof(guac_pool));
^^^
Allocate memory that will only be accessible by this process

  /* If unable to allocate, just return NULL. */
  if (pool == NULL)
  return NULL;

  /* Initialize empty pool */
  pool->min_size = size;
  pool->active = 0;
  pool->__next_value = 0;
  pool->__head = NULL;
  pool->__tail = NULL;

  /* Init lock */
  pthread_mutexattr_init(_attributes);
  pthread_mutexattr_setpshared(_attributes, PTHREAD_PROCESS_SHARED);
  pthread_mutex_init(&(pool->__lock), _attributes);

This codes saves the MUTEX in the locally allocated memory

No other process can find this MUTEX in malloc'd memory, so setting it
to PTHREAD_PROCESS_SHARED seems totally irrelevant.

If so, I *think* it's OK to just comment out that code as OpenBSD's
pthread implementation will work fine within a process, just not
multiple processes.

Is this a correct assessment of the code and OpenBSD's pthread environnment?

Thanks,
Steve W.

On 15/04/2020 10:19 a.m., Stuart Henderson wrote:

On 2020-04-14, Steve Williams  wrote:

Guacamole (I believe) needs to run under something like tomcat to serve
up the java war file & application.

I looked at this before - it also requires guacamole-server to be built
(written in C), it requires mutexes shared between different processes
(pthread_mutexattr_setpshared(foo, PTHREAD_PROCESS_SHARED) which
isn't supported in OpenBSD's thread library.

But what you can do is run guacamole elsewhere and have a reverse http
proxy running on OpenBSD doing http auth and feeding connections across.


So, I was thinking of using some form of authpf to open up pf rules when
I needed to access systems remotely.

But, I don't want to open up Tomcat to the world when I'm using
guacamole, so is it possible to have authpf tweak pf rules so that the
originating IP address of the ssh session would be

pthreads, C and guacamole [Was: Reduce attack surface - Tomcat and guacamole...]

[Steve Williams]

Hi,

I am looking into guacamole's use of   pthread_mutexattr_setpshare.
(an aside, if I comment out the 4 lines of code invoking 
pthread_mutexattr_setpshare, it compiles with gcc on OpenBSD 6.6 
(GENERIC.MP) )


I am an experienced C programmer, but I've never looked in threading in 
C before so it has required quite a bit of reading.  I haven't been able 
to find a comprehensive "architecture" document, just various man pages, 
some with sample code.


For example:
https://linux.die.net/man/3/pthread_mutexattr_init

In the above documentation, it states:

   ...the possibility that an application may allocate the
   synchronization objects from this section in memory that is accessed
   by multiple processes (and therefore, by threads of multiple processes).

That is the purpose of the guacamole's pthread_mutexattr_setpshared(foo, 
PTHREAD_PROCESS_SHARED) , to permit multiple threaded processes to 
access the resource protected by the MUTEX.


However, from my reading of the code, the MUTEX is only protecting 
malloc'd memory, which as far as I know, isn't a resource that can be 
accessed by multiple processes.


It is my newby (to pthreads) interpretation of the code that in all 4 
cases, the code is malloc'ing memory that is being protected by the 
MUTEX.  For example:


src/libguac/pool.c:
...
guac_pool* guac_pool_alloc(int size) {

    pthread_mutexattr_t lock_attributes;
    guac_pool* pool = malloc(sizeof(guac_pool));
^^^
Allocate memory that will only be accessible by this process

    /* If unable to allocate, just return NULL. */
    if (pool == NULL)
    return NULL;

    /* Initialize empty pool */
    pool->min_size = size;
    pool->active = 0;
    pool->__next_value = 0;
    pool->__head = NULL;
    pool->__tail = NULL;

    /* Init lock */
    pthread_mutexattr_init(_attributes);
    pthread_mutexattr_setpshared(_attributes, PTHREAD_PROCESS_SHARED);
    pthread_mutex_init(&(pool->__lock), _attributes);

This codes saves the MUTEX in the locally allocated memory

No other process can find this MUTEX in malloc'd memory, so setting it 
to PTHREAD_PROCESS_SHARED seems totally irrelevant.


If so, I *think* it's OK to just comment out that code as OpenBSD's 
pthread implementation will work fine within a process, just not 
multiple processes.


Is this a correct assessment of the code and OpenBSD's pthread environnment?

Thanks,
Steve W.

On 15/04/2020 10:19 a.m., Stuart Henderson wrote:

On 2020-04-14, Steve Williams  wrote:

Guacamole (I believe) needs to run under something like tomcat to serve
up the java war file & application.

I looked at this before - it also requires guacamole-server to be built
(written in C), it requires mutexes shared between different processes
(pthread_mutexattr_setpshared(foo, PTHREAD_PROCESS_SHARED) which
isn't supported in OpenBSD's thread library.

But what you can do is run guacamole elsewhere and have a reverse http
proxy running on OpenBSD doing http auth and feeding connections across.


So, I was thinking of using some form of authpf to open up pf rules when
I needed to access systems remotely.

But, I don't want to open up Tomcat to the world when I'm using
guacamole, so is it possible to have authpf tweak pf rules so that the
originating IP address of the ssh session would be the only one that
could access Tomcat?

That is exactly what authpf normally does anyway.


I was thinking even httpd in front of tomcat with httpd authentication,
but that doesn't seem to make sense to me at a high level.

I was looking at relayd but it doesn't seen to have any authentication
mechanism built in.

httpd can't proxy connections to another http server. relayd can but as
you say doesn't have a way to add http authentication. You can do this
with nginx, haproxy or Apache httpd though.

Re: Reduce attack surface - Tomcat and guacamole...

[Steve Williams]

On 14/04/2020 4:13 p.m., Sriram Narayanan wrote:



On Wed, 15 Apr 2020 at 6:03 AM, Steve Williams 
<mailto:st...@williamsitconsulting.com>> wrote:


Hi,

For a R project, I am trying to get guacamole working to be able to
access systems on my home network remotely.

Guacamole (I believe) needs to run under something like tomcat to
serve
up the java war file & application.

I really don't want to have Tomcat exposed to the Internet without
some
kind of authentication in front of it.

I was thinking of running Tomcat bound to localhost and using pf to
redirect to it, but that doesn't add any security.

So, I was thinking of using some form of authpf to open up pf
rules when
I needed to access systems remotely.

But, I don't want to open up Tomcat to the world when I'm using
guacamole, so is it possible to have authpf tweak pf rules so that
the
originating IP address of the ssh session would be the only one that
could access Tomcat?

Is there something better that could be done?

I was thinking even httpd in front of tomcat with httpd
authentication,
but that doesn't seem to make sense to me at a high level.

I was looking at relayd but it doesn't seen to have any
authentication
mechanism built in.

Does anyone have some inspiration on how to provide a level of
security
before packets even hit Tomcat?


I suggest a VPN or Tomcat client cert auth on a non standard high port 
( to reduce the noise from standard scans ).


— Ram


Hi,

The VPN doesn't work as I won't always have my own computer with me.  I 
am mobile, so sometimes a client's office where the network is locked 
down and I cannot use my own laptop.


For similar reasons  using a non standard high port, won't necessarily 
work from a client's office.  Additionally, I am trying to not expose 
Tomcat directly to the Internet and I don't really believe in security 
through obscurity (non standard high port).


Thanks for the input!

Cheers,
Steve W.

Reduce attack surface - Tomcat and guacamole...

[Steve Williams]

Hi,

For a R project, I am trying to get guacamole working to be able to 
access systems on my home network remotely.


Guacamole (I believe) needs to run under something like tomcat to serve 
up the java war file & application.


I really don't want to have Tomcat exposed to the Internet without some 
kind of authentication in front of it.


I was thinking of running Tomcat bound to localhost and using pf to 
redirect to it, but that doesn't add any security.


So, I was thinking of using some form of authpf to open up pf rules when 
I needed to access systems remotely.


But, I don't want to open up Tomcat to the world when I'm using 
guacamole, so is it possible to have authpf tweak pf rules so that the 
originating IP address of the ssh session would be the only one that 
could access Tomcat?


Is there something better that could be done?

I was thinking even httpd in front of tomcat with httpd authentication, 
but that doesn't seem to make sense to me at a high level.


I was looking at relayd but it doesn't seen to have any authentication 
mechanism built in.


Does anyone have some inspiration on how to provide a level of security 
before packets even hit Tomcat?


Thanks,
Steve Williams

Re: pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway

[Steve Williams]

On 05/03/2020 10:53 a.m., Edgar Pettijohn wrote:

On Mar 5, 2020 10:15 AM, Steve Williams  wrote:

Hi,

Should this be on ports@?  I'm not working on a port...

TL;DR:
Does anyone have any recommendations on how to work around not having
pthread_mutexattr_setpshared in the OpenBSD pthreads library?


Have you tried searching the ports tree patch files for mention of the 
function. You may find a real world example of a workaround.

Edgar


DETAILS:
I wanted to see if Apache Guacamole would compile on OpenBSD to server
as a remote desktop gateway.

It hasn't been too hard to get it to the final linking step.

I am getting an "undefined reference to `pthread_mutexattr_setpshared'":

     ../../src/libguac/.libs/libguac.so.17.0: undefined reference to
     `pthread_mutexattr_setpshared'
     collect2: ld returned 1 exit status
     *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD
     " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...)
     *** Error 1 in . (Makefile:556 'all-recursive')
     *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453
     'all')


When I look at some of the code using pthread_mutexattr_setpshared, it's
not #ifdef'd or anything, so I think it's pretty much mandatory code.

pool.c:

     guac_pool* guac_pool_alloc(int size) {

      pthread_mutexattr_t lock_attributes;
      guac_pool* pool = malloc(sizeof(guac_pool));

      /* If unable to allocate, just return NULL. */
      if (pool == NULL)
      return NULL;

      /* Initialize empty pool */
      pool->min_size = size;
      pool->active = 0;
      pool->__next_value = 0;
      pool->__head = NULL;
      pool->__tail = NULL;

      /* Init lock */
      pthread_mutexattr_init(_attributes);

      pthread_mutexattr_setpshared(_attributes,
     PTHREAD_PROCESS_SHARED);
     //^
      pthread_mutex_init(&(pool->__lock), _attributes);


It looks like this is a posix (of some version) function:
https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html

An "appropos" search in the OpenBSD man pages for "pthread_mutexattr"
returned:
https://man.openbsd.org/man3/pthread_mutexattr.3

This function is definitely missing...

I tried to see if there was a way to use pthread_mutexattr_settype to
accomplish the same thing, but got lost in the maze of documentation.

Does anyone have any recommendations on how to work around not having
pthread_mutexattr_setpshared in the OpenBSD pthreads library?

Thanks,
Steve Williams



Hi,

Great idea to check the ports tree patch files!

I will start to look through these and see how they are handling 
things.   I have deleted all the lines returned for posixtestsuite port.


$ find . -type f -print0 | xargs -0 grep pthread_mutexattr_setpshared | 
tee /tmp/shared.out


./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = 
pthread_mutexattr_setpshared (&_mutex_attr, PTHREAD_PROCESS_PRIVATE);
./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = 
pthread_mutexattr_setpshared (&_mutex_attr, PTHREAD_PROCESS_PRIVATE);
./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = 
pthread_mutexattr_setpshared (&_attr, PTHREAD_PROCESS_PRIVATE);
./devel/lam/patches/patch-config_lam_mutex_pshared_m4:   if 
(pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED)) return(1);
./textproc/sphinx/patches/patch-src_sphinxstd_cpp:- iRes = 
pthread_mutexattr_setpshared ( , PTHREAD_PROCESS_SHARED );
./textproc/sphinx/patches/patch-src_sphinxstd_cpp:- m_sError.SetSprintf 
( "pthread_mutexattr_setpshared, errno = %d", iRes );
./x11/kde4/libs/files/ConfigureChecks.cmake:    if 
(pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED) == -1) {
./x11/kde4/libs/files/ConfigureChecks.cmake: 
printf(\"pthread_mutexattr_setpshared failed: %s\", strerror(errno));
./x11/kde4/libs/patches/patch-kdecore_util_kshareddatacache_p_h: if 
(pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED) == 0 &&


Cheers,
Steve Williams

pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway

[Steve Williams]

Hi,

Should this be on ports@?  I'm not working on a port...

TL;DR:
Does anyone have any recommendations on how to work around not having 
pthread_mutexattr_setpshared in the OpenBSD pthreads library?


DETAILS:
I wanted to see if Apache Guacamole would compile on OpenBSD to server 
as a remote desktop gateway.


It hasn't been too hard to get it to the final linking step.

I am getting an "undefined reference to `pthread_mutexattr_setpshared'":

   ../../src/libguac/.libs/libguac.so.17.0: undefined reference to
   `pthread_mutexattr_setpshared'
   collect2: ld returned 1 exit status
   *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD   
   " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...)
   *** Error 1 in . (Makefile:556 'all-recursive')
   *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453
   'all')


When I look at some of the code using pthread_mutexattr_setpshared, it's 
not #ifdef'd or anything, so I think it's pretty much mandatory code.


pool.c:

   guac_pool* guac_pool_alloc(int size) {

    pthread_mutexattr_t lock_attributes;
    guac_pool* pool = malloc(sizeof(guac_pool));

    /* If unable to allocate, just return NULL. */
    if (pool == NULL)
    return NULL;

    /* Initialize empty pool */
    pool->min_size = size;
    pool->active = 0;
    pool->__next_value = 0;
    pool->__head = NULL;
    pool->__tail = NULL;

    /* Init lock */
    pthread_mutexattr_init(_attributes);

    pthread_mutexattr_setpshared(_attributes,
   PTHREAD_PROCESS_SHARED);
   //^
    pthread_mutex_init(&(pool->__lock), _attributes);


It looks like this is a posix (of some version) function:
https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html

An "appropos" search in the OpenBSD man pages for "pthread_mutexattr" 
returned:

https://man.openbsd.org/man3/pthread_mutexattr.3

This function is definitely missing...

I tried to see if there was a way to use pthread_mutexattr_settype to 
accomplish the same thing, but got lost in the maze of documentation.


Does anyone have any recommendations on how to work around not having 
pthread_mutexattr_setpshared in the OpenBSD pthreads library?


Thanks,
Steve Williams

Re: Thinking of changing DNS Service provider, looking for recommendations

[Steve Williams]

On 02/01/2020 5:26 a.m., Jay Hart wrote:

Hey all, and Happy New Years!!!

I am currently using DYN.COM for DNS service. A few months back they changed 
there payment
methodology and I am now considering finding another solution. DYN charges me 
$5 US monthly so its
not a huge financial burden. That said, if I could find a free service 
provider, all the better.

My only real requirement is they must be able to support OpenBSD based system.  
Currently using
DDclient. It works fine, has been for years.

This would be for a residential connection.

Guess what I'm really looking for, from the list, is a OpenBSD friendly 
provider, and a brief
write up on how you are connected.  I've looked over a few sites but nothing 
stood out as being
OpenBSD friendly.

Thanks in Advance,

Jay


I have been using ZoneEdit for 10+ years for my 2 personal domains. 
Using ddclient, it's been rock solid.  And... it's free for the first 
few domains.


https://www.zoneedit.com/free-dns/

Cheers,
Steve W.

Re: Upgrade procedure (6.4 -> 6.5)

[Steve Williams]

On 02/05/2019 6:23 a.m., Stephen Gregoratto wrote:

On 2019-05-02 11:46, Noth wrote:

I set up a script for sysclean:

cat sysclean65.txt | while read line ; do rm -rf "${line}" ; done

Nitpick, but this could be shortened to:

   xargs rm -rf < sysclean??.txt

Just tested this on my server, so it should work fine.


If there are filenames with spaces in them, I think that command won't 
work as expected.


Cheers,
Steve Williams

Re: apu2 em0/dhclient problems

[Steve Williams]

On 27/01/2019 1:44 p.m., Edgar Pettijohn wrote:

On Sun, Jan 27, 2019 at 09:34:54PM +0100, Mikkel C. Simonsen wrote:

Den 27-01-2019 kl. 19:45 skrev trondd:

On Sun, January 27, 2019 12:44 pm, Edgar Pettijohn wrote:

I'm trying to replace my dieing soekris box with an apu2 dmesg below.
However, I can't seem to get em0 to connect to my isp. It will work
when connecting to the soekris box though. So I don't think its the
interface that is the problem. But everything I try seems to rule out
eachother as the problem, leaving me in a viscious cycle.

I'm going to try disabling pf and after that current. If you have
any other suggestions please send them.

Thanks,

edgar

Does your ISP whitelist by MAC address?

My ISP locks the connection to a certain MAC for a number of hours. Tech
support can probably delete the old lease.

Best regards,

Mikkel


I don't think this is the case. I was able to connect directly to my laptop and
get a lease immediately.  Its odd... With base dhclient it goes something like:

em0 no link
em0. got link

and then nothing.

I installed isc-dhcp-client and it actually goes through the steps of the whole
DHCPDISCOVER...etc,etc. Unfortunantly it still ends with me not having a 
connection.
I doubt it will do anything, but I'm going to try updating the bios. Sort of 
like
checking the oil when the problem is a flat tire, but who knows.

Thanks,

edgar

Hi,

I just upgraded my APU2 yesterday and have no problems with my dhcp.  I 
have a cable internet connection through my ISP.


Do you have a /etc/dhclient.conf file?  I do not.

Perhaps try killing dhclient, then run it in debugging mode in the 
foreground.


/sbin/dhclient -i em0 -d -v

See what happens.

My /etc/hostname.em0 just has "dhcp" in it.

Here's some information from my system:

OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4261072896 (4063MB)
avail mem = 4122664960 (3931MB)

bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "88a4f96" date 03/07/2016
bios0: PC Engines apu2

em0 at pci1 dev 0 function 0 "Intel I210" rev 0x03: msi, address 
00:0d:b9:44:62:7c


pcengine# ifconfig em0
em0: flags=8843 mtu 1500
    lladdr 00:0d:b9:44:62:7c
    index 1 priority 0 llprio 3
    groups: egress
    media: Ethernet autoselect (1000baseT full-duplex,master)
    status: active
    inet a.b.c.d netmask 0xffc0 broadcast a.b.c.something

You might also try running tcpdump while the dhcp is going on and watch 
the packet trace.  At a minimum, you could post the packet trace here 
for imput.


tcpdump -i em0

Cheers,
Steve W.

Re: OpenBSD 6.4 smtpd local mail delivery missing "From " when .forward (procmail)

[Steve Williams]

On 27/01/2019 2:21 a.m., Gilles Chehade wrote:

On Sat, Jan 26, 2019 at 08:53:06PM -0700, Steve Williams wrote:

Hi,

I upgraded from OpenBSD 6.3 to OpenBSD 6.4 today.?? I upgraded all packages,
switched to php7, etc.

I've been running OpenBSD since 2.7 so this is a very known process.

The upgrade went quite smoothly and is working fine except for my email.?? I
have massaged the smtpd.conf file to comply with the OpenBSD 6.4 grammar.

I run a VERY simple smtpd configuration saving in mbox format.

I am also using procmail to direct emails into various folders, launched
with a .forward.?? This has been working since about 2005 :), historically
with sendmail and more recently, smtpd.

Unfortunately, email is being written to both my INBOX and the procmail the
folders **incorrectly** post upgrade.

They are all missing the "From " line that is supposed to indicate the start
of a new email message.

It seems like the email is being passed "raw" to procmail without being
processed by "mail.local" ... or that's my interpretation.


you need to tweak your procmail's command so it adds the From delimiter,
there's an option for that.

smtpd used to add the From delimiter for mda, which allowed procmail not
to require that option, however this wasn't correct and when we made the
mda improvements between 6.3 and 6.4, it became impossible to accomodate
procmail without introducing special cases and ugly hacks such as having
explicit search for the string 'procmail' in .forward files.

it wasn't worth it when people can just pass procmail an option.

also don't use procmail, it's trash and there are far better options for
you to use today, fdm being the first to come to mind :-)



Hi Gilles,

Thanks very much for the reply.  I had looked in for some kind of flag 
that could be set in the procmail config file... I never thought it 
would be a command line argument to procmail :(  I cannot believe I 
missed that.


I had even downloaded the smtpd source and saw that mail.local could 
only write to a file (not a stream)... and that's the only place in the 
source code where a "From " was written so I knew it wasn't going to be 
a smtpd configuration change.


Do you think a hint about the behaviour change might be worth a mention 
in the smptd.conf (5) man page?  I've been trying to come up with some 
non-procmail specific wording...I am not happy with the following 
wording, but something along these lines to give a clue that piping to a 
program won't have the same effect as writing to a physical file.


 mbox    Deliver the message to the user's mbox with
 mail.local(8).  mbox format is only honoured if 
final delivery is a file and not a program.

^^^

Thanks for the heads up about fdm.  I'll have a look at it.

Also, thanks for such an amazingly simple email program to configure.  I 
have spent so many hours over the years researching (scratching my head) 
how to configure sendmail!  A 4 line config file to have a functioning 
email configuration is pretty staggering!


Cheers,
Steve W.

Re: OpenBSD 6.4 smtpd local mail delivery missing "From " when .forward (procmail)

[Steve Williams]

On 26/01/2019 11:03 p.m., ed...@deathstar.my.domain wrote:

On Sat, Jan 26, 2019 at 08:53:06PM -0700, Steve Williams wrote:

Hi,

I upgraded from OpenBSD 6.3 to OpenBSD 6.4 today.  I upgraded all packages,
switched to php7, etc.

I've been running OpenBSD since 2.7 so this is a very known process.

The upgrade went quite smoothly and is working fine except for my email.  I
have massaged the smtpd.conf file to comply with the OpenBSD 6.4 grammar.

I run a VERY simple smtpd configuration saving in mbox format.

I am also using procmail to direct emails into various folders, launched
with a .forward.  This has been working since about 2005 :), historically
with sendmail and more recently, smtpd.

Unfortunately, email is being written to both my INBOX and the procmail the
folders **incorrectly** post upgrade.

They are all missing the "From " line that is supposed to indicate the start
of a new email message.

It seems like the email is being passed "raw" to procmail without being
processed by "mail.local" ... or that's my interpretation.

In the /var/mail/steve file, I can see the following lines prior to the
upgrade:
 From steve+caf_=steve=williams-steve@williamsitconsulting.com Sat Jan 26
09:52:48 2019
^^

After the upgrade, I'm not getting those "From " lines which appear to be
added by mail.local(8):
     Individual mail messages in the mailbox are delimited by an empty line
     followed by a line beginning with the string "From ".  A line containing
     the string "From ", the sender's name and a timestamp is prepended to
     each delivered mail message.

If there is a .forward, does that preclude mail.local from being called?

When I remove the .forward, incoming mail is written correctly to the INBOX.
^^^

I'm hoping I'm missing something in my simple smptd.conf file... but for the
life of me, I cannot figure out what it is.

Here is my smtpd.conf file:
---
# System aliases file
table aliases file:/etc/mail/aliases

# Listen on all interfaces as "mail.williamsitconsulting.com"
listen on all hostname "mail.williamsitconsulting.com"

action "local" mbox alias 

# Incoming mail for the two domains.
match from any for domain "williamsitconsulting.com" action "local"
match from any for domain "williams-steve.com" action "local"

forward file

"|/usr/local/bin/procmail"



Have you searched the list? I'm certain something very similar has been 
asked/reported recently.

I'm curious if the following would work:

action "local" mda "/usr/local/bin/procmail" alias 

good luck,

Edgar

Hi,



I've searched for a couple of hours on the mail list, google, undeadly, 
etc.  I might just have tunnel vision, but I can't seem to find anything 
about this.


It's definitely related to the 6.3->6.4 smtpd changes.

I did what you suggested and a quick test reveals that there is no "From 
" line pre-pended to the mail when it's delivered to my INBOX.


Here's the end of my /var/mail/steve after a test.  Your's was the last 
email in my inbox prior to running the test

-
Have you searched the list? I'm certain something very similar has been 
asked/reported recently.


I'm curious if the following would work:

action "local" mda "/usr/local/bin/procmail" alias 

good luck,

Edgar

*** This should be a line that starts with "From "
Return-Path: 
Delivered-To: st...@williamsitconsulting.com
Received: from localhost (williamsitconsulting.com [local])
    by williamsitconsulting.com (OpenSMTPD) with ESMTPA id cbf61bbc
    for ;
    Sat, 26 Jan 2019 23:31:01 -0700 (MST)
From: Steve Williams 
Date: Sat, 26 Jan 2019 23:31:01 -0700 (MST)
To: st...@williamsitconsulting.com
Subject: Teest  of procmail as mda
Message-ID: 

test

OpenBSD 6.4 smtpd local mail delivery missing "From " when .forward (procmail)

[Steve Williams]

Hi,

I upgraded from OpenBSD 6.3 to OpenBSD 6.4 today.  I upgraded all 
packages, switched to php7, etc.


I've been running OpenBSD since 2.7 so this is a very known process.

The upgrade went quite smoothly and is working fine except for my 
email.  I have massaged the smtpd.conf file to comply with the OpenBSD 
6.4 grammar.


I run a VERY simple smtpd configuration saving in mbox format.

I am also using procmail to direct emails into various folders, launched 
with a .forward.  This has been working since about 2005 :), 
historically with sendmail and more recently, smtpd.


Unfortunately, email is being written to both my INBOX and the procmail 
the folders **incorrectly** post upgrade.


They are all missing the "From " line that is supposed to indicate the 
start of a new email message.


It seems like the email is being passed "raw" to procmail without being 
processed by "mail.local" ... or that's my interpretation.


In the /var/mail/steve file, I can see the following lines prior to the 
upgrade:
From steve+caf_=steve=williams-steve@williamsitconsulting.com Sat 
Jan 26 09:52:48 2019

^^

After the upgrade, I'm not getting those "From " lines which appear to 
be added by mail.local(8):

    Individual mail messages in the mailbox are delimited by an empty line
    followed by a line beginning with the string "From ".  A line 
containing

    the string "From ", the sender's name and a timestamp is prepended to
    each delivered mail message.

If there is a .forward, does that preclude mail.local from being called?

When I remove the .forward, incoming mail is written correctly to the INBOX.
^^^

I'm hoping I'm missing something in my simple smptd.conf file... but for 
the life of me, I cannot figure out what it is.


Here is my smtpd.conf file:
---
# System aliases file
table aliases file:/etc/mail/aliases

# Listen on all interfaces as "mail.williamsitconsulting.com"
listen on all hostname "mail.williamsitconsulting.com"

action "local" mbox alias 

# Incoming mail for the two domains.
match from any for domain "williamsitconsulting.com" action "local"
match from any for domain "williams-steve.com" action "local"

.forward file

"|/usr/local/bin/procmail"

Re: Easiest way to automatically run a script after reboot

[Steve Williams]

Hi,

Awesome!  Thanks for the pointer to cron!  I never knew the @reboot 
existed :)


Cheers,
Steve W.

On 10/11/2018 3:22 PM, Christian Weisgerber wrote:

On 2018-11-10, Steve Williams  wrote:


I have a script that I would like run after all the network is
configured, daemons started, etc.

I looked at rc.local, but am not sure what is actually started after the
rc.local runs.

Let's take a look at /etc/rc:

...
   [[ -f /etc/rc.local ]] && sh /etc/rc.local

   # Disable carp interlock.
   ifconfig -g carp -carpdemote 128

   mixerctl_conf

   echo -n 'starting local daemons:'
   start_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xenodm
   echo '.'
...

Also, as you can see, cron(8) is started late, and you can put a
@reboot entry into crontab(5).

Easiest way to automatically run a script after reboot

[Steve Williams]

Hi,

I have a script that I would like run after all the network is 
configured, daemons started, etc.


For example, it does a file system check on a large externally attached 
drive that isn't always there.  It is not auto mounted.  If the system 
goes down unexpectedly, I don't want the boot to be held up while the 
file system check is done.


It does a few other housekeeping things like linking the mysql.sock 
(MariaDB) from /var/www into the corresponding non-chroot area so that 
tools work outside of httpd.

    eg: ln /var/www/var/run/mysql/mysql.sock /var/run/mysql/mysql.sock

What would be the best place to invoke this?

I looked at rc.local, but am not sure what is actually started after the 
rc.local runs.


Are there any other easy hooks to run my script?

From man(8) rc

 rc.local is executed towards the end of rc (it is not the very last as
 there are a few services that must be started at the very end).
 Normally, rc.local contains commands and daemons that are not part 
of the

 stock installation.

Thanks,
Steve Williams

Re: NFS server down, again, and again, and again...

[Steve Williams]

On 19/04/2018 7:55 AM, Rupert Gallagher wrote:

On Thu, Apr 19, 2018 at 15:38, Zé Loff  wrote:


# mountd -d > /var/log/mountd.log 2&>1 &

It is the first thing I did this morning. Unfortunately it does not survive 
when ssh breaks out. Also, mountd -d is returning the shell prompt again, so I 
have no logs at all.


Hi,

A couple of things...  you need to read about "nohup" if you are trying 
to run programs in the background and they are getting killed when the 
ssh session ends.


Additionally, there are two programs that are very useful..

script
and
screen

"script" is on every Unix type system that I've ever been on in my last 
35+ years of working on Unix type systems.


I believe that there is an "in-tree" replacement for the functionality 
that "screen" brings, but I cannot remember what it's called.  
Otherwise, use the screen package.


"screen" allows you to run an interactive session (mountd -d) and 
"detach" (^AD) the session, log out, and at some point in the future, 
"resume" the screen session.. (screen -r).


Combined with "script", which will log all information that is appearing 
on the screen to a file, you should be able to run "mountd -d" and 
capture all information to a file, as well as resuming the session to 
see what is going on interactively.


Cheers,
Steve W.

Re: PCEngines APU2 Wifi router issues

[Steve Williams]

On 22/12/2017 7:00 PM, Carlos Cardenas wrote:

George <g.lis...@nodeunit.com> wrote:


On Thu, 21 Dec 2017 21:25:44 -0800
Carlos Cardenas <cardena...@gmail.com> wrote:


George <g.lis...@nodeunit.com> wrote:


Hi guys,

I got the apu2b4 to build a wifi router with an Intel Dual Band
Wireless AC 7260 wifi module. The module firmware was loaded by
fw_update at first boot and connecting to my existing AP works but
when

I try to set it up as an access point with:

ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid
MySSID wpakey MyKey

I get in ifconfig iwm0
...
status: no network
...

and associating/connecting from my Linux laptop does not work... I
am not even seeing the AP with this "MySSID" in the scan listing.
Any suggestions or ideas as to what might be wrong are welcome.

TIA
George


George,

iwm(4) is not capable for access point usage.

Check out https://www.openbsd.org/faq/faq6.html#Wireless for a list.

+--+
Carlos

Sorry but now I have another question I live in Canada and the
PCEngines website points to one reseller here and they seem to not have
the right card:

https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/

any idea where I can get one preferably in Canada.

Thanks in advance.
George

They had the WLE200NX listed on the page:
https://corpshadow.biz/bizstore/compex/dualband-80211n-mimo-2x2-minipcie.html

If you don't like that card, you can always pick something up on ebay.

+--+
Carlos


Hi,

I have one of those cards (WLE200NX ) in my APU.  Be aware that OpenBSD 
drivers don't give very fast performance for it.  Lots about it in the 
email list archives.


Mine shows up (OpenBSD 6.1) as:

   athn0 at pci4 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 5 int 16
   athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:1b:b3:68


Cheers,
Steve Williams

Re: FAQ's duplicating file systems, both methods fail to reproduce correctly

[Steve Williams]

On 11/12/2017 12:27 PM, Philip Guenther wrote:
On Mon, Dec 11, 2017 at 9:16 AM, Otto Moerbeek <o...@drijf.net 
<mailto:o...@drijf.net>> wrote:


On Mon, Dec 11, 2017 at 08:30:54AM -0700, Steve Williams wrote:
> cpio has always been my "go to" for file system duplication
because it will
> re-create device nodes.

Both pax and tar do that as well.

Come on, you still remember using tar back in the 90's when it didn't 
support devices, paths were 100 bytes _total_, and they didn't include 
user/group names (only UID/GID), right?  Good times!


Philip

Yes, my habits were born of SCO Xenix, IBM's AIX for the RT PC, etc.   
Old habits die hard!!!  lol


Cheers,
Steve W.

Re: FAQ's duplicating file systems, both methods fail to reproduce correctly

[Steve Williams]

Hi,

cpio has always been my "go to" for file system duplication because it 
will re-create device nodes.


Cheers,
Steve Williams


On 10/12/2017 11:03 AM, webmas...@bennettconstruction.us wrote:

Forgive problems with this email.
I saw how my emails showed up on marc.info
Scary. This is just temporary.

OK. I've tried to use both methods and just don't
get true duplication.

tar
It can't work with file and directory names
that are OK in filesystem, but too long for itself.
Quite a while back I lost a lot of unimportant files
and directories that had absolute paths too long.
Why is this happening with tar? Can this be fixed?
If not, I'd like to add a note about that to the FAQ.

dump
I had to move /usr/local to a bigger partition. growfs,
etc. I kept the /usr/local untouched and then dumped it
to the new partition, expecting a true duplication.
Nope.
It changed all of the program symlinks permissions.
Why is dump doing this? Can this be fixed?
Otherwise, a note about this should be added to the FAQ
also.

Question:
Can dd be used to do what I did with dump or tar?
Smaller partition copied to a bigger partition.

I'm willing to try and help out, but I'm going through
both laptop and server hell at the moment.

Thanks,
Chris Bennett

Re: PHP error running ownclouds occ

[Steve Williams]

On 16/10/2017 1:57 AM, Farid Joubbi wrote:

Hi,
I upgraded my OpenBSD installation from 6.1 to 6.2.
In the upgrade process I also upgraded the ownCloud package to 10.0.3.
Now when I browse to the ownCloud page, it wants to upgrade.
The upgrade fails with this message:



 Repair warning: You have incompatible or missing apps enabled that
could not be found or updated via the marketplace.
 Repair warning: Please install or update the following apps manually or
disable them with: occ app:disable documents
 Repair warning: For manually updating, see
https://doc.owncloud.org/server/10.0/go.php?to=admin-marketplace-apps



So I figured that I will do as it says and run the occ command.
But the command fails, and I don't understand why.


su -l -s /bin/sh www

$ cd /var/www/owncloud/
$ ./occ
PHP Warning: Module 'curl' already loaded in Unknown on line 0
PHP Warning: Module 'gd' already loaded in Unknown on line 0
PHP Warning: Module 'intl' already loaded in Unknown on line 0
PHP Warning: Module 'zip' already loaded in Unknown on line 0
The process control (PCNTL) extensions are required in case you want to
interrupt long running commands - see
http://php.net/manual/en/book.pcntl.php
ownCloud or one of the apps require upgrade - only a limited number of
commands are available
You may use your browser or the occ upgrade command to do the upgrade
Cannot create "data" directory
This can usually be fixed by giving the webserver write access to the root
directory.

{"reqId":"uds8VWpXGYWCkIjzmcjW","level":3,"time":"2017-10-14T22:40:06+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Module
'zip' already loaded at Unknown#0"}
An unhandled exception has been thrown:
exception 'Exception' with message 'Environment not properly prepared.' in
/var/www/owncloud/lib/private/Console/Application.php:134
Stack trace:

0 /var/www/owncloud/console.php(105):
OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput),
Object(Symfony\Component\Console\Output\ConsoleOutput))

1 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...')

2 {main}$

$ ls -l
total 316
-rw-r--r-- 1 root bin 8859 Sep 15 16:43 AUTHORS
-rw-r--r-- 1 root bin 25213 Sep 15 16:43 CHANGELOG.md
-rw-r--r-- 1 root bin 34520 Sep 15 16:43 COPYING
drwxr-xr-x 37 www www 1024 Oct 14 21:40 apps
drwxr-x--- 2 www www 512 Oct 14 21:37 config
-rw-r--r-- 1 root bin 4345 Sep 15 16:42 console.php
drwxr-xr-x 17 root daemon 1024 Oct 14 21:37 core
-rw-r--r-- 1 root bin 4969 Sep 15 16:42 cron.php
drwxr-x--- 6 www www 512 Nov 30 2016 data
-rw-r--r-- 1 root bin 30898 Sep 15 16:42 db_structure.xml
-rw-r--r-- 1 root bin 179 Sep 15 16:42 index.html
-rw-r--r-- 1 root bin 3898 Sep 15 16:42 index.php
drwxr-xr-x 3 root daemon 512 Oct 14 21:37 l10n
drwxr-xr-x 6 root daemon 512 Oct 14 21:37 lib
-rwxr-xr-x 1 root bin 289 Oct 2 20:10 occ
drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs
drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs-provider
-rw-r--r-- 1 root bin 3197 Sep 15 16:42 public.php
-rw-r--r-- 1 root bin 5481 Sep 15 16:42 remote.php
drwxr-xr-x 4 root daemon 512 Apr 25 09:42 resources
drwxr-xr-x 12 root daemon 512 Oct 14 21:37 settings
-rw-r--r-- 1 root bin 1757 Sep 15 16:42 status.php
drwxr-xr-x 6 root daemon 512 Oct 14 21:37 updater
-rw-r--r-- 1 root bin 278 Oct 2 20:10 version.php
$

Any ideas?
I have read the owncloud manual and all the file permissions seem to be ok.
Could it be that I am missing some OpenBSD specific thing that makes it
fail?
Thanks in advance for any kind of help or pointers.

Hi,

Are you running ownCloud in a chroot environment?  I'm running NextCloud 
and it takes a bit of a dance to get "occ" to work because of the chroot 
environment.


It might be a red herring that occ isn't working.

I am on OpenBSD 6.1 so can't help with your upgrade issue, but thought 
I'd mention the chroot issue with occ.


Cheers,
Steve W.

Re: "athn0: could not load firmware" for AR9271

[Steve Williams]

Hi,

Another data point..(sorry to top post... but felt it's appropriate)

I've got APU as well.  Running OpenBSD 6.1:
OpenBSD 6.1 (GENERIC.MP) #24: Wed Oct  4 18:47:09 CEST 2017
rob...@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

# dmesg | grep athn
athn0 at pci4 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 5 int 16
athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:1b:b3:68

Wireless was very poorly performing.  I'm not actually using the 
wireless because of this.  I anticipated the performance challenges from 
reading the mailing lists, so it's not a show stopper for me.


Cheers,
Steve W.

On 15/10/2017 6:50 AM, Stefan Sperling wrote:

On Sat, Oct 14, 2017 at 11:59:11AM -0400, Tim Stewart wrote:

Maximilian Pichler  writes:


The dmesg is the same as previously (this is on the APU), except for:
athn0 at pci5 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 2 int 16
athn0: AR9280 rev 2 (2T2R), ROM rev 22, address xx:xx:xx:xx:xx:e2

I'm debugging some issues with my wle200nx in a PC Engines apu2c4, and I
have a very similar dmesg output:

   athn0 at pci4 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 5 int 16
   athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:26:d3:28

I am curious, is it expected that the first line says "Atheros AR9281"
and the second says "AR9280"?  In particular, athn(4) makes the AR9281
sound less capable:

   The AR9281 is a single-chip PCIe 802.11n solution.  It exists in PCIe
   Mini Card (XB91) and half Mini Card (HB91) form factors.  It operates in
   the 2GHz spectrum and supports 1 transmit path and 2 receiver paths
   (1T2R).

This is indeed contradictory information.

The string "AR9281" comes from a static list in OpenBSD's kernel and bears
no actual relation to what's in the hardware. Provided the in-kernl list
is correct, It means the manufacturor has written the PCI ID of an AR9281
into the card's PCI config space. The OS will try to attach a driver which
matches on this PCI ID.

Once attached, the driver performs actual probing and finds an AR9280 chip.
If the driver were misidentifying the chip this could lead to all sorts
of problems and misbehaviours.

Whether the driver's probing or the vendor's PCI ID is correct, I cannot tell.

I'll note though that no code which is specific to the 9281 seems to exist
in our driver. That's a bad sign, and could indicate that this chip isn't
properly supported yet.


I will reply with more details if I can better quantify the issues I'm
having.

Please do.

Re: Dynamic DNS Client for EasyDNS

[Steve Williams]

Hi,

I've been using ddclient with Zonedit (by EasyDNS) for about 10 years.  
Configure the ddclient.conf file and it "just works".  I didn't log into 
the EasyDNS portal for several years.


It's worked with DSL, DSL over ppoe, and now my Cable provider catching 
interface IP changes automatically flawlessly.


There was a very brief period where there were some server issues, but 
I've been using their free (grand fathered) package all these years and 
have had better service than other companies where I pay for services.


Cheers,
Steve W.

On 02/08/2017 6:31 PM, Predrag Punosevac wrote:

One of my clients is insisting on using her current ISP with dynamic IP.
On the another hand we decided to use EasyDNS as our managed DNS
provider due to my past experiences with them. She bought  DNS pro plan
which does include among other things Dynamic DNS services. However I
see that only ez-ipupdate is listed as Dynamic DNS client. Apart of the
fact that it is not in OpenBSD port tree I see that it is written in C
(I was hoping for a simple Perl script)

https://sourceforge.net/projects/ez-ipupdate/

and officially untested on anything else besides Linux. I see FreeBSD
port

https://www.freebsd.org/cgi/ports.cgi?query=ez-ipupdate=all=all

Short of me convincing the client to buy statis IP or porting
ez-ipupdate to OpenBSD does anyone see any other alternatives?

Best,
Predrag

Re: Does pf's Sources table ever get cleared?

[Steve Williams]

Hi,

I apologize!  I just got educated :)

Without reading your original email without attention to detail, I 
assumed your overload was to a table called "Sources".

eg...  overload  flush global

I was not aware of the existance of the "Sources" table.  Now I am! lol.

I did confirm that the "pfctl -F Sources" does not empty my "Sources" 
table on my stock OpenBSE 6.1.


Interesting...

Thanks for clarifying.  I learned something :)

Cheers,
Steve


On 02/08/2017 2:59 PM, Markus Wernig wrote:

On 02.08.2017 16:07, Steve Williams wrote:

pfctl -t Sources -T flush

Thanks for the hints. The above yields an error here:

# pfctl -t Sources -T flush
pfctl: Table does not exist.

pfctl(8) is rather clear on the topic:
...
  -F modifier
  Flush the filter parameters specified by modifier (may be
  abbreviated):
...
  -F SourcesFlush the source tracking table.

The problem appears to be not so much with dynamic tables, but with the
way src-nodes are expired (but not flushed).

best /markus

Re: Does pf's Sources table ever get cleared?

[Steve Williams]

Hi,

Sources is a table, so you need to use the Table commands to flush it.

pfctl -t Sources -T flush

To give you an idea...

I have a "blocklist" that I am keeping updated hourly from 
http://lists.blocklist.de/


I've found the maximum number of hosts on my system in a table is 
somewhere between 450,000 and 500,000 entries.   I load it up with the 
450,000 most recent "bad hosts" from the above website.


Are you really getting that many flooders to your website?

Have you increased the maximum size of your tables in the pf.conf?

I have:
# For the blocklist table
set limit table-entries 50

I also have a cron job that dumps my overloaded list hourly.
0   *   *   *   * /var/spamd/bad-hosts/dump_bad-hosts > 
/dev/null 2>&1


Then in my pf.conf, I have:

# ssh clients trying too fast
# See the pass rule below for populating this table.
table  persist file "/var/spamd/bad-hosts/bad-hosts.txt"
block quick log on egress from 


This way, when my system reboots, pf is immediately updated with the 
"bad-hosts"...


My tiny shell script hacked together @ 2:00 am:
#!/bin/sh
pfctl -t bad-hosts -T show > /tmp/bad.$$
if [ $? -eq 0 ]; then
  cp /tmp/bad.$$ /var/spamd/bad-hosts/bad-hosts.txt
  rm -f /tmp/bad.$$
  exit 0
fi
rm -f /tmp/bad.$$
exit 1

Cheers,
Steve

On 01/08/2017 9:34 AM, Markus Wernig wrote:

Hi all

I have a pair of OBSD 6.1 firewalls, on which some rules require source
tracking, i.e. have a max-src-conn or similar statement as in:

pass  log  quick on { em0 vlan1 } inet proto tcp  from any  to
 port { 80, 443 } modulate state ( max-src-conn 50,
max-src-conn-rate 25/5, overload  flush global )

This works perfectly, any hosts that surpass that limit get blocked.

But on the other hand, the Sources table (as seen with pfctl -s Sources)
keeps growing. With every allowed connection, there are two new entries.
And it seems that the Sources table expands in one direction only. I.e.
even long after the relative connection has been flushed from the state
table, there are still the entries in the Sources table.

No matter what happens, the Sources keep expanding until the src-nodes
hard limit is reached. At which point only a reboot will help.

I've tried to flush them with pfctl -F Sources, but without success:

wall0101 # pfctl -s Sources | wc -l
  512
wall0101 # pfctl -F Sources
source tracking entries cleared
wall0101 # pfctl -s Sources | wc -l
  514

Is there any reason (presumably in my ruleset, but didn't find it) that
would keep entries in the Sources table from being cleared?
Shouldn't the tracking entries be removed when the corresponding states
are flushed and shouldn't pfctl -F Sources clear the Sources table?

Thx /markus

Re: Split zone DNS?

[Steve Williams]

Hi,

Thanks for the feedback everyone!

I'll be looking at unbound and seeing if I need nsd or not.

Have a great weekend!

Cheers,
Steve

On 28/07/2017 7:58 AM, Steve Williams wrote:

Hi,

I recently upgraded to 6.1 and am trying to (finally, after many 
OpenBSD versions over 10 years) fine tune my home network.


I would like to run a local resolver on my internal network that will 
resolve all my hosts on my local network to IP addresses on my local 
network(s) rather than resolving to their public IP addresses.


I believe it's called a "split zone" DNS, where my domain is resolved 
locally, but everyone else is resolved using normal resolution processes.


I set this up at one of my previous jobs using BIND, but that was 7 
years ago.  I've never gone to the trouble of doing it at home, but I 
would like to exercise my brain a bit as well as having my home 
network set up "better".


What is the best tool to accomplish this these days?  Is NSD the 
"modern" tool to be using on OpenBSD?


Are there any hooks for dhcpd to update records?

I've read the NSD(8), nsd.conf(5) man pages and that seems to be the 
way to go, but I thought I'd check the wisdom here to see if there is 
a better approach.


Thanks,
Steve Williams

Split zone DNS?

[Steve Williams]

Hi,

I recently upgraded to 6.1 and am trying to (finally, after many OpenBSD 
versions over 10 years) fine tune my home network.


I would like to run a local resolver on my internal network that will 
resolve all my hosts on my local network to IP addresses on my local 
network(s) rather than resolving to their public IP addresses.


I believe it's called a "split zone" DNS, where my domain is resolved 
locally, but everyone else is resolved using normal resolution processes.


I set this up at one of my previous jobs using BIND, but that was 7 
years ago.  I've never gone to the trouble of doing it at home, but I 
would like to exercise my brain a bit as well as having my home network 
set up "better".


What is the best tool to accomplish this these days?  Is NSD the 
"modern" tool to be using on OpenBSD?


Are there any hooks for dhcpd to update records?

I've read the NSD(8), nsd.conf(5) man pages and that seems to be the way 
to go, but I thought I'd check the wisdom here to see if there is a 
better approach.


Thanks,
Steve Williams

Re: PF packets being blocked...why?

[Steve Williams]

Hi,

Yes, I have (what appears to be) 100% functionality of the 
forwarding/nat/etc.


That wouldn't work if forwarding wasn't enabled.

# cat /etc/sysctl.conf
net.inet.ip.forwarding=1

And I have rebooted multiple times.

Thanks,
Steve W.


On 26/06/2017 12:30 PM, Timo Myyrä wrote:

Hmm, have you enabled net.inet.ip.forwarding?

Timo

Steve Williams <st...@williamsitconsulting.com> writes:


Hi,

Packets from vether are going out NAT'd no problem.  I have 100%
Internet access on 192.168.123.0/24.

 From my understanding, the "pass out quick inet all flags S/SA" allow
packets out and should create state for the connection for any ipv4
packets on any interface.

Subsequent packets (these seem to have the "P"ush flag set) should
match the state and not get blocked.

Hum... perhaps the states are expiring too fast?

How do I find out if the state existed at the time that the packet was
blocked?

Thanks,
Steve W.


On 26/06/2017 12:09 PM, Ville Valkonen wrote:

Hello,

a quick glance and it seems you aren't allowing vether traffic to pass.

--
Regards,
Ville

On Jun 26, 2017 8:19 PM, "Steve Williams"
<st...@williamsitconsulting.com
<mailto:st...@williamsitconsulting.com>> wrote:

 Hi,

 New install of OpenBSD 6.1 on apu2.  Love the little box.

 I have em0 as the connection to the Internet and I bridged em1 and
 em2 together on 192.168.123.0.

 I've been using OpenBSD since the 2.7 days, but have never run NAT
 so this is my first foray into that world.  I have followed the
 FAQ on "building a router" almost vebatim. It's working fine, but
 I am seeing some packets blocked with no effect on browsing behind
 the OpenBSD box.

 My ruleset:

 # pfctl -sr
 match in all scrub (no-df random-id)
 match out on egress inet from ! (egress:network) to any nat-to
 (egress:0) round-robin
 block drop log quick from  to any
 block drop log quick from  to any
 block drop log all
 pass out quick inet all flags S/SA
 pass in on vether0 inet all flags S/SA
 pass in on em1 inet all flags S/SA
 pass in on em2 inet all flags S/SA
 pass in on egress inet proto tcp from any to (egress) port = 22
 flags S/SA
 pass in on egress inet proto tcp from any to (egress) port = 993
 flags S/SA
 pass in on egress inet proto tcp from any to (egress) port = 80
 flags S/SA
 pass in on egress inet proto tcp from any to (egress) port = 443
 flags S/SA

 # tcpdump -n -e -ttt -i pflog0# from man pflog man page
 Jun 26 09:45:54.241145 rule 4/(match) block in on vether0:
 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
 1805 (DF)
 Jun 26 09:45:54.701283 rule 4/(match) block in on vether0:
 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
 1805 (DF)
 Jun 26 09:45:55.623757 rule 4/(match) block in on vether0:
 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
 1805 (DF)
 Jun 26 09:45:57.460985 rule 4/(match) block in on vether0:
 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
 1805 (DF)
 Jun 26 09:46:01.150933 rule 4/(match) block in on vether0:
 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
 1805 (DF)
 Jun 26 09:46:08.522599  rule 4/(match) block in on
 vether0: 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375)
 ack 1 win 1805 (DF)
 Jun 26 09:46:47.479083 rule 4/(match) block in on vether0:
 192.168.123.2.46549 > 172.217.3.206.443: P
 4042174712:4042174735(23) ack 2564095917 win 1593 (DF)
 Jun 26 09:46:47.896295 rule 4/(match) block in on vether0:
 192.168.123.2.53452 > 23.23.126.54.443: P
 4003838125:4003838156(31) ack 2044539346 win 65535 (DF)
 Jun 26 09:46:47.896662 rule 4/(match) block in on vether0:
 192.168.123.2.53452 > 23.23.126.54.443: R 31:31(0) ack 1 win 65535
 (DF)
 Jun 26 09:46:47.896674 rule 4/(match) block in on vether0:
 192.168.123.2.59762 > 216.58.216.163.443: P
 113176577:113176608(31) ack 2619790719 win 1403 (DF)
 Jun 26 09:46:47.896685 rule 4/(match) block in on vether0:
 192.168.123.2.59762 > 216.58.216.163.443: F 31:31(0) ack 1 win
 1403 (DF)
 Jun 26 09:46:47.896711 rule 4/(match) block in on vether0:
 192.168.123.2.39279 > 31.13.77.6.443: P 4254697166:4254697197(31)
 ack 2615144509 win 1545 (DF)
 Jun 26 09:46:47.896735 rule 4/(match) block in on vether0:
 192.168.123.2.39279 > 31.13.77.6.443: R 31:31(0) ack 1 win 1545 (DF)

 # pfctl -R 4 -sr
 block drop log all

 It is not all https traffice that is being blocked as I can hit my
 banking site, etc.  Does anyone have an idea why are these packets
 being blocked?

 Thanks,
 Steve Williams

Re: PF packets being blocked...why?

[Steve Williams]

Hi,

Packets from vether are going out NAT'd no problem.  I have 100% 
Internet access on 192.168.123.0/24.


From my understanding, the "pass out quick inet all flags S/SA" allow 
packets out and should create state for the connection for any ipv4 
packets on any interface.


Subsequent packets (these seem to have the "P"ush flag set) should match 
the state and not get blocked.


Hum... perhaps the states are expiring too fast?

How do I find out if the state existed at the time that the packet was 
blocked?


Thanks,
Steve W.


On 26/06/2017 12:09 PM, Ville Valkonen wrote:

Hello,

a quick glance and it seems you aren't allowing vether traffic to pass.

--
Regards,
Ville

On Jun 26, 2017 8:19 PM, "Steve Williams" 
<st...@williamsitconsulting.com 
<mailto:st...@williamsitconsulting.com>> wrote:


Hi,

New install of OpenBSD 6.1 on apu2.  Love the little box.

I have em0 as the connection to the Internet and I bridged em1 and
em2 together on 192.168.123.0.

I've been using OpenBSD since the 2.7 days, but have never run NAT
so this is my first foray into that world.  I have followed the
FAQ on "building a router" almost vebatim. It's working fine, but
I am seeing some packets blocked with no effect on browsing behind
the OpenBSD box.

My ruleset:

# pfctl -sr
match in all scrub (no-df random-id)
match out on egress inet from ! (egress:network) to any nat-to
(egress:0) round-robin
block drop log quick from  to any
block drop log quick from  to any
block drop log all
pass out quick inet all flags S/SA
pass in on vether0 inet all flags S/SA
pass in on em1 inet all flags S/SA
pass in on em2 inet all flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 22
flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 993
flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 80
flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 443
flags S/SA

# tcpdump -n -e -ttt -i pflog0# from man pflog man page
Jun 26 09:45:54.241145 rule 4/(match) block in on vether0:
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
1805 (DF)
Jun 26 09:45:54.701283 rule 4/(match) block in on vether0:
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
1805 (DF)
Jun 26 09:45:55.623757 rule 4/(match) block in on vether0:
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
1805 (DF)
Jun 26 09:45:57.460985 rule 4/(match) block in on vether0:
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
1805 (DF)
Jun 26 09:46:01.150933 rule 4/(match) block in on vether0:
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
1805 (DF)
Jun 26 09:46:08.522599  rule 4/(match) block in on
vether0: 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375)
ack 1 win 1805 (DF)
Jun 26 09:46:47.479083 rule 4/(match) block in on vether0:
192.168.123.2.46549 > 172.217.3.206.443: P
4042174712:4042174735(23) ack 2564095917 win 1593 (DF)
Jun 26 09:46:47.896295 rule 4/(match) block in on vether0:
192.168.123.2.53452 > 23.23.126.54.443: P
4003838125:4003838156(31) ack 2044539346 win 65535 (DF)
Jun 26 09:46:47.896662 rule 4/(match) block in on vether0:
192.168.123.2.53452 > 23.23.126.54.443: R 31:31(0) ack 1 win 65535
(DF)
Jun 26 09:46:47.896674 rule 4/(match) block in on vether0:
192.168.123.2.59762 > 216.58.216.163.443: P
113176577:113176608(31) ack 2619790719 win 1403 (DF)
Jun 26 09:46:47.896685 rule 4/(match) block in on vether0:
192.168.123.2.59762 > 216.58.216.163.443: F 31:31(0) ack 1 win
1403 (DF)
Jun 26 09:46:47.896711 rule 4/(match) block in on vether0:
192.168.123.2.39279 > 31.13.77.6.443: P 4254697166:4254697197(31)
ack 2615144509 win 1545 (DF)
Jun 26 09:46:47.896735 rule 4/(match) block in on vether0:
192.168.123.2.39279 > 31.13.77.6.443: R 31:31(0) ack 1 win 1545 (DF)

# pfctl -R 4 -sr
block drop log all

It is not all https traffice that is being blocked as I can hit my
banking site, etc.  Does anyone have an idea why are these packets
being blocked?

Thanks,
Steve Williams

PF packets being blocked...why?

[Steve Williams]

Hi,

New install of OpenBSD 6.1 on apu2.  Love the little box.

I have em0 as the connection to the Internet and I bridged em1 and em2 
together on 192.168.123.0.


I've been using OpenBSD since the 2.7 days, but have never run NAT so 
this is my first foray into that world.  I have followed the FAQ on 
"building a router" almost vebatim.  It's working fine, but I am seeing 
some packets blocked with no effect on browsing behind the OpenBSD box.


My ruleset:

# pfctl -sr
match in all scrub (no-df random-id)
match out on egress inet from ! (egress:network) to any nat-to 
(egress:0) round-robin

block drop log quick from  to any
block drop log quick from  to any
block drop log all
pass out quick inet all flags S/SA
pass in on vether0 inet all flags S/SA
pass in on em1 inet all flags S/SA
pass in on em2 inet all flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 22 flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 993 flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 80 flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 443 flags S/SA

# tcpdump -n -e -ttt -i pflog0# from man pflog man page
Jun 26 09:45:54.241145 rule 4/(match) block in on vether0: 
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
Jun 26 09:45:54.701283 rule 4/(match) block in on vether0: 
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
Jun 26 09:45:55.623757 rule 4/(match) block in on vether0: 
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
Jun 26 09:45:57.460985 rule 4/(match) block in on vether0: 
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
Jun 26 09:46:01.150933 rule 4/(match) block in on vether0: 
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
Jun 26 09:46:08.522599 rule 4/(match) block in on vether0: 
192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
Jun 26 09:46:47.479083 rule 4/(match) block in on vether0: 
192.168.123.2.46549 > 172.217.3.206.443: P 4042174712:4042174735(23) ack 
2564095917 win 1593 (DF)
Jun 26 09:46:47.896295 rule 4/(match) block in on vether0: 
192.168.123.2.53452 > 23.23.126.54.443: P 4003838125:4003838156(31) ack 
2044539346 win 65535 (DF)
Jun 26 09:46:47.896662 rule 4/(match) block in on vether0: 
192.168.123.2.53452 > 23.23.126.54.443: R 31:31(0) ack 1 win 65535 (DF)
Jun 26 09:46:47.896674 rule 4/(match) block in on vether0: 
192.168.123.2.59762 > 216.58.216.163.443: P 113176577:113176608(31) ack 
2619790719 win 1403 (DF)
Jun 26 09:46:47.896685 rule 4/(match) block in on vether0: 
192.168.123.2.59762 > 216.58.216.163.443: F 31:31(0) ack 1 win 1403 (DF)
Jun 26 09:46:47.896711 rule 4/(match) block in on vether0: 
192.168.123.2.39279 > 31.13.77.6.443: P 4254697166:4254697197(31) ack 
2615144509 win 1545 (DF)
Jun 26 09:46:47.896735 rule 4/(match) block in on vether0: 
192.168.123.2.39279 > 31.13.77.6.443: R 31:31(0) ack 1 win 1545 (DF)


# pfctl -R 4 -sr
block drop log all

It is not all https traffice that is being blocked as I can hit my 
banking site, etc.  Does anyone have an idea why are these packets being 
blocked?


Thanks,
Steve Williams

APCu/Memcached/Redis - OwnCloud/Nextcloud memory caching - which OpenBSD package?

[Steve Williams]

Hi,

I'm trying to improve the performance of my freshly installed Nextcloud 
site.  I'm running on my local 1G network and the performance is less 
than optimal.

I've done all the SQL tuning, but from looking at the SQL log files, the 
SQL isn't the slow part.

I haven't configured a memory cache yet and am a bit confused about 
which OpenBSD packages correspond to the recommendations documented in:
https://docs.nextcloud.com/server/11/admin_manual/configuration_server/caching_configuration.html

APCu , APCu 4.0.6 and up required.
Memcached 
Redis , PHP module 2.2.6 and up required.

The only "APCu" packages are the UPS ones, not quite what I'm looking for :)
There is no php package for Memcached (php-memcached).  There is Perl, 
Python & Python3.
There is a php-predis package at 1.1.1 level, and a 
pecl-redis-2.2.7p0.tgz package, but is pecl for php?  I'm rather new to 
all the php modules stuff...

Is anyone running any of these applications?  If so, what is the name of 
the OpenBSD package, or did you do a local install?


Thanks,
Steve W.

Re: httpd and dokuwiki

[Steve Williams]

Yeah!

I'm glad I could help out :)

I get so much from these email lists it's nice to be able to actually 
contribute :)


Have a great day.

Cheers,
Steve W.

On 24/02/2017 9:32 PM, Predrag Punosevac wrote:

Steve Williams <st...@williamsitconsulting.com> wrote:


Hi,

I'm working through configuring Nextcloud and ran into a similar issue.

Since this is running in an OpenBSD chroot environment, you need to have
a /var/www/etc/resolv.conf for DNS resolution to work from within the
chroot.


Of course!!! Right on money. I added resolv.conf into the chroot
environment and everything works like a charm.

Thanks Steve!
Predrag


It might be beneficial to put a hosts file in there as well to resolve
locally.. for example "localhost".

Not sure if this is your problem, but it resolved my "Can't resolve" issue.

Cheers,
Steve W.


On 24/02/2017 2:53 PM, Predrag Punosevac wrote:

I am experimenting with httpd and DokuWiki on 6.0 stable trying to test
thing before I migrate our current nginx instalation running in a FreeBSD
jail. I am getting UI message that plugin repository cold not be contacted.
There is nothing wrong with network and DNS.
I am alo getting that extension directory is not writeable. Permission of
lib/plugin is 755 with owner and group www.
Does anyone who run DokuWiki with httpd from the base can tell me if
installing additional plugins from UI work.

Re: httpd and dokuwiki

[Steve Williams]

Hi,

I'm working through configuring Nextcloud and ran into a similar issue.

Since this is running in an OpenBSD chroot environment, you need to have 
a /var/www/etc/resolv.conf for DNS resolution to work from within the 
chroot.


It might be beneficial to put a hosts file in there as well to resolve 
locally.. for example "localhost".


Not sure if this is your problem, but it resolved my "Can't resolve" issue.

Cheers,
Steve W.


On 24/02/2017 2:53 PM, Predrag Punosevac wrote:

I am experimenting with httpd and DokuWiki on 6.0 stable trying to test
thing before I migrate our current nginx instalation running in a FreeBSD
jail. I am getting UI message that plugin repository cold not be contacted.
There is nothing wrong with network and DNS.
I am alo getting that extension directory is not writeable. Permission of
lib/plugin is 755 with owner and group www.
Does anyone who run DokuWiki with httpd from the base can tell me if
installing additional plugins from UI work.

Re: OT? - ownCloud vs NextCloud

[Steve Williams]

On 2017-02-23 15:57, Steve Williams wrote:

Hi,

I was going to install the ownCloud package in my OpenBSD server, but
then wondered about Nextcloud.  I was surprised there's no Nextcloud
package.

Does anyone know what the status of the 2 projects are in general?
(the non-OpenBSD specific questioN).

Is there some reason there's no Nextcloud port other than no-one has
done one?  (yes, this is a reason, but I'm wondering license,
politics, etc).

From the reading I was able to do, it seems like Nextcloud might be a
smarter investment of time to install than ownCloud.

Thoughts?

Thanks,
Steve Williams



Thanks everyone for your input!  I'm going to give Nextcloud a spin 
using the port that's mentioned in this thread.


Cheers,
Steve W.

Re: OT? - ownCloud vs NextCloud

[Steve Williams]

On 2017-02-23 17:01, Johan Huldtgren wrote:

hello,


Is there some reason there's no Nextcloud port other than no-one has
done one?  (yes, this is a reason, but I'm wondering license, 
politics,

etc).


I've been using owncloud for a few years, but recently switched to 
nextcloud
when an upgrade broke my calendar; this might have been salvageable but 
I'd
been thinking about trying out nextcloud so this was the perfect 
excuse. It

worked well for me, and it seems nextcloud is currently the more active
project consisting of many former owncloud developers. I created a 
package
which I submitted to ports@ the other week, if deemed worthy it might 
get
imported (however the trend has been to remove packages which are 
really

just a tarball to be extracted in /var/www).

http://marc.info/?l=openbsd-ports=148744316527349=2

.jh


Hi,

Thanks for the link to your port!  I'll give it a go.  I like having an 
inventory of software on my system (pkg_info).


I was considering making a port if I went down the Nextcloud road, so 
that's great.


Also, thanks for the info re. your transition from owncloud to 
nextcloud.


Cheers,
Steve W.

OT? - ownCloud vs NextCloud

[Steve Williams]

Hi,

I was going to install the ownCloud package in my OpenBSD server, but 
then wondered about Nextcloud.  I was surprised there's no Nextcloud 
package.


Does anyone know what the status of the 2 projects are in general?  (the 
non-OpenBSD specific questioN).


Is there some reason there's no Nextcloud port other than no-one has 
done one?  (yes, this is a reason, but I'm wondering license, politics, 
etc).


From the reading I was able to do, it seems like Nextcloud might be a 
smarter investment of time to install than ownCloud.


Thoughts?

Thanks,
Steve Williams

Re: OpenBSD 6.0, httpd chroot & nfs

[Steve Williams]

On 14/02/2017 9:00 AM, Reyk Floeter wrote:

Hi,

On Tue, Feb 14, 2017 at 07:24:17AM -0700, Steve Williams wrote:

Hi,

I have a web based application (Gallery 3) on one web server with a
fairly large number of photos.

I have nfs mounted that folder onto a new APU2 system with OpenBSD 6.0
on it.
192.168.123.3:/ext_gallery/gallery3 520142836  89008296 405127400
18%/var/www/htdocs/gallery3

A very simple httpd.conf file:

server "photos.williamsitconsulting.com" {
  listen on $ext_addr port 80
  root "/htdocs/gallery3"
  directory index index.php

  location "*.php" {
  fastcgi socket "/run/php-fpm.sock"
  }
}


I cannot access the "index.php" file with a web browser.

I believe I have confirmed that it's not a problem with chroot itself...

 # chroot -g www -u www /var/www /bin/ksh
 $ cd /htdocs/gallery3
 $ echo *
 LICENSE README application bin index.php installer lib modules
 php.ini robots.txt system themes var
 ^


To troubleshoot, I unmounted the NFS folder and copied a portion of over
to /var/www/htdocs/gallery3.  Accessing the information locally works
fine.  Unfortunately, I don't have disk space on the APU2 system to copy
the entire folder over (it's got a ton of photos in it).

I suspect this is to do with some kind of conflict between nfs, httpd
and chroot.

With the NFS mounted, I've run "httpd -d -v -v -v -v -v -v" and I don't
get any errors when I try to access the index.php, it just doesn't serve
anything up (likely because there's nothing there!).

There's no message in the error.log, and I have tried putting php-fpm
into "debug" mode and there's nothing relevant logged there either.

What am I missing?  or is this even possible?


It is really hard to tell without logs, but the problem can also be in
php-fpm, not just in httpd.  Can you access files that are not served
via fastcgi (static files, images)?

You could try to start httpd with the following way:

# env EVENT_NOKQUEUE=1 httpd -ddvvv

This will switch libevent from kqueue to poll.  We had kernel-related
with kqueue on NFS in the past, but should have been fixed.

Reyk


Hi,

I haven't been able to find out how to turn on logging that would 
indicate httpd is passing things off to fastcgi.


I can see that httpd is getting the request, but it's getting "lost" 
somewhere.  Is there a way to log what goes down the php-fpm.sock?


Thanks for the pointer about serving static content...  Static content 
WORKS.


photos.williamsitconsulting.com 192.168.123.129 - - 
[14/Feb/2017:09:15:12 -0700] "GET /help.txt HTTP/1.1" 304 0
server photos.williamsitconsulting.com, client 1 (1 active), 
192.168.123.129:56879 -> 192.168.123.5, /help.txt (304 Not Modified)



I did try your suggestion:

# /etc/rc.d/httpd stop
httpd(ok)
# env EVENT_NOKQUEUE=1 httpd -ddvvv
startup
socket_rlimit: max open files 1024
server_privinit: adding server default
server_privinit: adding server photos.williamsitconsulting.com
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
server_launch: running server default
server_launch: running server default
server_launch: running server default
photos.williamsitconsulting.com 192.168.123.129 - - 
[14/Feb/2017:09:11:19 -0700] "GET /index.php HTTP/1.1" 500 0


and the browser (chrome on Windows 7) gets a "500" error.

In /var/log/php-fpm.log, all I get is one line per minute:

[14-Feb-2017 09:13:48.393910] DEBUG: pid 9016, 
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] 
currently 0 active children, 2 spare children, 2 running children. 
Spawning rate 1
[14-Feb-2017 09:13:49.404199] DEBUG: pid 9016, 
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] 
currently 0 active children, 2 spare children, 2 running children. 
Spawning rate 1
[14-Feb-2017 09:13:50.414479] DEBUG: pid 9016, 
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] 
currently 0 active children, 2 spare children, 2 running children. 
Spawning rate 1
[14-Feb-2017 09:13:51.424717] DEBUG: pid 9016, 
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] 
currently 0 active children, 2 spare children, 2 running children. 
Spawning rate 1
[14-Feb-2017 09:13:52.434982] DEBUG: pid 9016, 
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] 
currently 0 active children, 2 spare children, 2 running children. 
Spawning rate 1


Any other amazing words of wisdom?

Thanks,
Steve W.

OpenBSD 6.0, httpd chroot & nfs

[Steve Williams]

Hi,

I have a web based application (Gallery 3) on one web server with a 
fairly large number of photos.

I have nfs mounted that folder onto a new APU2 system with OpenBSD 6.0 
on it.
192.168.123.3:/ext_gallery/gallery3 520142836  89008296 405127400
18%/var/www/htdocs/gallery3

A very simple httpd.conf file:

server "photos.williamsitconsulting.com" {
 listen on $ext_addr port 80
 root "/htdocs/gallery3"
 directory index index.php

 location "*.php" {
 fastcgi socket "/run/php-fpm.sock"
 }
}


I cannot access the "index.php" file with a web browser.

I believe I have confirmed that it's not a problem with chroot itself...

# chroot -g www -u www /var/www /bin/ksh
$ cd /htdocs/gallery3
$ echo *
LICENSE README application bin index.php installer lib modules
php.ini robots.txt system themes var
^


To troubleshoot, I unmounted the NFS folder and copied a portion of over 
to /var/www/htdocs/gallery3.  Accessing the information locally works 
fine.  Unfortunately, I don't have disk space on the APU2 system to copy 
the entire folder over (it's got a ton of photos in it).

I suspect this is to do with some kind of conflict between nfs, httpd 
and chroot.

With the NFS mounted, I've run "httpd -d -v -v -v -v -v -v" and I don't 
get any errors when I try to access the index.php, it just doesn't serve 
anything up (likely because there's nothing there!).

There's no message in the error.log, and I have tried putting php-fpm 
into "debug" mode and there's nothing relevant logged there either.

What am I missing?  or is this even possible?

Thanks,
Steve Williams

Re: PC-Engines apu2c4 install reboot loop :(

[Steve Williams]

Hi,

Thanks everyone for the advice!

For the archives, the magic was:

boot: stty com0 115200
boot: set tty com0
boot: boot /bsd

I was deceived by the boot prompt showing up over the console, that the 
whole boot process would know it's happening over a serial port.


This is my first serial port install ever, so a learning experience.

Thanks again!

Cheers,
Steve Williams



On 10/01/2017 3:16 PM, Steve Williams wrote:

Hi,

I purchased a new PC-Engines APU 2c4 system.  I have a wireless card 
as well and a msata SSD (250 gig).  I've tried the install with all 
these two boards installed, none installed and both combinations with 
no change in symptoms.


I have tried
OpenBSD current "install60.fs"
OpenBSD 6.0 miniroot60.fs
OpenBSD 6.0 install60.fs

I'm using another OpenBSD box hooked up to the serial port (null 
modem) and "cu" at 115200.


From what I can tell, it's got the latest BIOS for the apu2.

The BIOS prompts work fine, I get the "boot>" prompt in OpenBSD, but 
right after the "entry point" line prints out, the system reboots.  It 
will do this endlessly.  I have run the on-board memtest with and 
without the wireless and SSD and it all passes.


The system boots the "TinyCore Linux" system that PC-Engines provides 
on their website.  I have included a dmesg from it at the bottom.  
Sorry it's so long!


Any hints on what I should do to troubleshoot this further?

Where the problem is:
---
boot>
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/6.0/amd64/bsd.rd: 3396956+1430528+3876632+0+606208 
[72+431976+281268]=0x9914e8

entry point at 0x1001000 [7205c766, 3404, 24448b12, 3550a304]


Entire boot transcript
-
Script started on Tue Jan 10 14:12:46 2017
# cu -ltty00 -s115200
Connected
PCEngines apu2
coreboot build 20160307
4080 MB ECC DRAM

SeaBIOS (version ?-20160307_153453-michael-desktop64)
Found mainboard PC Engines PCEngines apu2
multiboot: eax=0, ebx=0
boot order:
1: /pci@i0cf8/usb@10/usb-*@1
2: /pci@i0cf8/usb@10/usb-*@2
3: /pci@i0cf8/usb@10/usb-*@3
4: /pci@i0cf8/usb@10/usb-*@4
5: /pci@i0cf8/*@14,7
6: /pci@i0cf8/*@11/drive@0/disk@0
7: /pci@i0cf8/*@11/drive@1/disk@0
8: /rom@genroms/pxe.rom
9: pxen0
10: scon1
11:
Found 21 PCI devices (max PCI bus is 03)
Copying SMBIOS entry point from 0xdffb7000 to 0x000f3110
Copying ACPI RSDP from 0xdffb8000 to 0x000f30e0
Copying MPTABLE from 0xdffdc000/dffdc010 to 0x000f2f30
Copying PIR from 0xdffdd000 to 0x000f2f00
Using pmtimer, ioport 0x818
Scan for VGA option rom
Running option rom at c000:0003
Google, Inc.
Serial Graphics Adapter 08/22/15
SGABIOS $Id: sgabios.S 8 2010-04-22 00:03:40Z nlaredo $ 
(wiv@coreboot-Virtual-Machine) Sat Aug 22 09:25:30 UTC 2015

Term: 80x25
IO4 0
Turning on vga text mode console
SeaBIOS (version ?-20160307_153453-michael-desktop64)
XHCI init on dev 00:10.0: regs @ 0xfeb22000, 4 ports, 32 slots, 32 
byte contexts

XHCIextcap 0x1 @ feb22500
XHCIprotocol USB  3.00, 2 ports (offset 1), def 0
XHCIprotocol USB  2.00, 2 ports (offset 3), def 10
XHCIextcap 0xa @ feb22540
Found 2 serial ports
ATA controller 1 at 4010/4020/0 (irq 0 dev 88)
EHCI init on dev 00:13.0 (regs=0xfeb25420)
ATA controller 2 at 4018/4024/0 (irq 0 dev 88)
Searching bootorder for: /pci@i0cf8/*@14,7
Searching bootorder for: /rom@img/memtest
Searching bootorder for: /rom@img/setup
ata0-0: Samsung SSD 850 EVO mSATA 250GB ATA-9 Hard-Disk (232 GiBytes)
Searching bootorder for: /pci@i0cf8/*@11/drive@0/disk@0
XHCI port #3: 0x00200e03, powered, enabled, pls 0, speed 3 [High]
Searching bootorder for: /pci@i0cf8/usb@10/storage@3/*@0/*@0,0
Searching bootorder for: /pci@i0cf8/usb@10/usb-*@3
USB MSC vendor='CBM' product='Flash Disk' rev='5.00' type=0 removable=1
USB MSC blksize=512 sectors=2064384
Initialized USB HUB (0 ports used)
All threads complete.
Scan for option roms
PCengines Press F10 key now for boot menu:
Select boot device:

1. USB MSC Drive CBM Flash Disk 5.00
2. ata0-0: Samsung SSD 850 EVO mSATA 250GB ATA-9 Hard-Disk (23
3. Payload [memtest]
4. Payload [setup]

Searching bootorder for: HALT
drive 0x000f2e60: PCHS=0/0/0 translation=lba LCHS=1024/32/63 s=2064384
drive 0x000f2e90: PCHS=16383/16/63 translation=lba LCHS=1024/255/63 
s=488397168

Space available for UMB: c1000-ef000, f-f2e60
Returned 258048 bytes of ZoneHigh
e820 map has 7 items:
  0:  - 0009f800 = 1 RAM
  1: 0009f800 - 000a = 2 RESERVED
  2: 000f - 0010 = 2 RESERVED
  3: 0010 - dffad000 = 1 RAM
  4: dffad000 - e000 = 2 RESERVED
  5: f800 - fc00 = 2 RESERVED
  6: 0001 - 00011f00 = 1 RAM
enter handle_19:
  NULL
Booting from Hard Disk...
Booting from :7c00
Using drive 0, partition 3.
Loading..
probing: pc0 com0 com1 mem[638K 3582M 496M a20=on]
disk: hd0+ hd1+*
>> O

PC-Engines apu2c4 install reboot loop :(

[Steve Williams]

Hi,

I purchased a new PC-Engines APU 2c4 system.  I have a wireless card as 
well and a msata SSD (250 gig).  I've tried the install with all these 
two boards installed, none installed and both combinations with no 
change in symptoms.


I have tried
OpenBSD current "install60.fs"
OpenBSD 6.0 miniroot60.fs
OpenBSD 6.0 install60.fs

I'm using another OpenBSD box hooked up to the serial port (null modem) 
and "cu" at 115200.


From what I can tell, it's got the latest BIOS for the apu2.

The BIOS prompts work fine, I get the "boot>" prompt in OpenBSD, but 
right after the "entry point" line prints out, the system reboots.  It 
will do this endlessly.  I have run the on-board memtest with and 
without the wireless and SSD and it all passes.


The system boots the "TinyCore Linux" system that PC-Engines provides on 
their website.  I have included a dmesg from it at the bottom.  Sorry 
it's so long!


Any hints on what I should do to troubleshoot this further?

Where the problem is:
---
boot>
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/6.0/amd64/bsd.rd: 3396956+1430528+3876632+0+606208 
[72+431976+281268]=0x9914e8

entry point at 0x1001000 [7205c766, 3404, 24448b12, 3550a304]


Entire boot transcript
-
Script started on Tue Jan 10 14:12:46 2017
# cu -ltty00 -s115200
Connected
PCEngines apu2
coreboot build 20160307
4080 MB ECC DRAM

SeaBIOS (version ?-20160307_153453-michael-desktop64)
Found mainboard PC Engines PCEngines apu2
multiboot: eax=0, ebx=0
boot order:
1: /pci@i0cf8/usb@10/usb-*@1
2: /pci@i0cf8/usb@10/usb-*@2
3: /pci@i0cf8/usb@10/usb-*@3
4: /pci@i0cf8/usb@10/usb-*@4
5: /pci@i0cf8/*@14,7
6: /pci@i0cf8/*@11/drive@0/disk@0
7: /pci@i0cf8/*@11/drive@1/disk@0
8: /rom@genroms/pxe.rom
9: pxen0
10: scon1
11:
Found 21 PCI devices (max PCI bus is 03)
Copying SMBIOS entry point from 0xdffb7000 to 0x000f3110
Copying ACPI RSDP from 0xdffb8000 to 0x000f30e0
Copying MPTABLE from 0xdffdc000/dffdc010 to 0x000f2f30
Copying PIR from 0xdffdd000 to 0x000f2f00
Using pmtimer, ioport 0x818
Scan for VGA option rom
Running option rom at c000:0003
Google, Inc.
Serial Graphics Adapter 08/22/15
SGABIOS $Id: sgabios.S 8 2010-04-22 00:03:40Z nlaredo $ 
(wiv@coreboot-Virtual-Machine) Sat Aug 22 09:25:30 UTC 2015

Term: 80x25
IO4 0
Turning on vga text mode console
SeaBIOS (version ?-20160307_153453-michael-desktop64)
XHCI init on dev 00:10.0: regs @ 0xfeb22000, 4 ports, 32 slots, 32 byte 
contexts

XHCIextcap 0x1 @ feb22500
XHCIprotocol USB  3.00, 2 ports (offset 1), def 0
XHCIprotocol USB  2.00, 2 ports (offset 3), def 10
XHCIextcap 0xa @ feb22540
Found 2 serial ports
ATA controller 1 at 4010/4020/0 (irq 0 dev 88)
EHCI init on dev 00:13.0 (regs=0xfeb25420)
ATA controller 2 at 4018/4024/0 (irq 0 dev 88)
Searching bootorder for: /pci@i0cf8/*@14,7
Searching bootorder for: /rom@img/memtest
Searching bootorder for: /rom@img/setup
ata0-0: Samsung SSD 850 EVO mSATA 250GB ATA-9 Hard-Disk (232 GiBytes)
Searching bootorder for: /pci@i0cf8/*@11/drive@0/disk@0
XHCI port #3: 0x00200e03, powered, enabled, pls 0, speed 3 [High]
Searching bootorder for: /pci@i0cf8/usb@10/storage@3/*@0/*@0,0
Searching bootorder for: /pci@i0cf8/usb@10/usb-*@3
USB MSC vendor='CBM' product='Flash Disk' rev='5.00' type=0 removable=1
USB MSC blksize=512 sectors=2064384
Initialized USB HUB (0 ports used)
All threads complete.
Scan for option roms
PCengines Press F10 key now for boot menu:
Select boot device:

1. USB MSC Drive CBM Flash Disk 5.00
2. ata0-0: Samsung SSD 850 EVO mSATA 250GB ATA-9 Hard-Disk (23
3. Payload [memtest]
4. Payload [setup]

Searching bootorder for: HALT
drive 0x000f2e60: PCHS=0/0/0 translation=lba LCHS=1024/32/63 s=2064384
drive 0x000f2e90: PCHS=16383/16/63 translation=lba LCHS=1024/255/63 
s=488397168

Space available for UMB: c1000-ef000, f-f2e60
Returned 258048 bytes of ZoneHigh
e820 map has 7 items:
  0:  - 0009f800 = 1 RAM
  1: 0009f800 - 000a = 2 RESERVED
  2: 000f - 0010 = 2 RESERVED
  3: 0010 - dffad000 = 1 RAM
  4: dffad000 - e000 = 2 RESERVED
  5: f800 - fc00 = 2 RESERVED
  6: 0001 - 00011f00 = 1 RAM
enter handle_19:
  NULL
Booting from Hard Disk...
Booting from :7c00
Using drive 0, partition 3.
Loading..
probing: pc0 com0 com1 mem[638K 3582M 496M a20=on]
disk: hd0+ hd1+*
>> OpenBSD/amd64 BOOT 3.33
boot>
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/6.0/amd64/bsd.rd: 3396956+1430528+3876632+0+606208 
[72+431976+281268]=0x9914e8

entry point at 0x1001000 [7205c766, 3404, 24448b12, 3550a304]


 Automatic Reboot :(

PCEngines apu2
coreboot build 20160307
4080 MB ECC DRAM

SeaBIOS (version ?-20160307_153453-michael-desktop64)
Found mainboard PC Engines PCEngines apu2
multiboot: eax=0, ebx=0
boot order:
1: 

Re: isakmpd set up

[Steve Williams]

Hi,

You should see if the client can operate as a Microsoft Office "partial 
redelegation".  One client where I work uses Office 365 and still 
retains control of their own DNS.

I did a quick google...

https://support.office.com/en-us/article/How-Office-365-manages-DNS-records-5980474a-097f-4f21-a864-21245314957f

If you can't get to a "partial redelation" situation, then you are 
really limited on what you can do, and it's likely that a dynamic IP 
address just won't work with Office 365 either.

Good luck!

Cheers,
Steve W.
/

/
On 03/01/2017 8:49 AM, Peter Fraser wrote:
> The charity uses Office 365, which for charities a great deal, Microsoft 
> charges them $1US per user per month
> up to 75 users, but a result, Microsoft control their DNS.
>
> I also expect that they will be NATed and given a 10/8 address.
>
>
>
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
> Steve Williams
> Sent: Monday, January 2, 2017 6:57 PM
> To: Peter Fraser <p...@thinkage.ca>; 'misc@openbsd.org' <misc@openbsd.org>
> Subject: Re: isakmpd set up
>
> Hi,
>
> I have been using OpenBSD on a dynamic IP address for 10+ years.
>
> I have an account with dynamic dns provider Zoneedit and use the ddclient 
> package.
>
> I run a SMTP daemon, HTTP, SSH and in those 10+ years, I have never had a 
> situation where I could not reach my server.  I access it from all over the 
> world using putty (ssh), imap (dovecot), webmail
> (roundcubemail) and access my web server for various purposes.
>
> When I first got my server going, I was a paranoid & had a modem connected to 
> the serial port of my server so I could get to my server in the case of 
> loosing Internet access.  I used the modem exactly 0 times and finally got 
> rid of the landline.
>
> Since I am paranoid, I had a backup to the backup & received an email every 2 
> hours (initially) that had the IP address of the interface.  I had a filter 
> so the email just went into a folder.  I never had to use it...
>
> If you feel tied to an ISP because of static IP, I would not hesitate to go 
> the dynamic route.
>
> Cheers,
> Steve Williams
>
> On 02/01/2017 3:05 PM, Peter Fraser wrote:
>> A charity that I support has been having trouble with its internet
>> provider (Rogers).
>> The problem I have is that Roger is the only supplier that is
>> available that will give a fixed IP address.
>>
>> I want the fixed IP address so I don't have to drive there to fix problems.
>>
>> It occurred to me that if I could get a VPN set up automatically when
>> their OpenBSD  firewall boots.
>> I could then use the VPN to reach back into their computer.
>>
>> Having never set up a VPN using OpenBSD I started by reading, and I
>> was left very confused.
>>
>> I came up with:
>>
>> On my firewall I have /etc/ipsec.conf
>>
>> ike passive from egress to 192.168.254/24 peer 192.168.254.1 srcid
>> thinkage.ca dstid kwaccessability.ca tag ipsec-kwa ike passive from
>> 192.102.11.0/24 to 192.168.254.0/24 peer 192.168.254.1 srcid
>> thinkage.ca  dstid kwaccessability.ca tag ipsec-kwa
>>
>> on their firewall
>>
>> ike  from egress to 192.102.11/24 peer 192.102.11.1 srcid
>> kwaccessability.ca dstid thinkage.ca tag ipsec-kwa ike  from
>> 192.168.254/24 to 192.102.11/24 peer 192.102.11.1 srcid
>> kwaccessability.ca dstid thinkage.ca tag ipsec-kwa
>>
>> I also  opened up the firewall to allow packed in from both networks
>> without restrictions, something I will have to clean up later
>>
>> On both system I have isakmpd_flags=-K -v -D A=10
>>
>> because of some of the readings I also put on both systems into
>> /etc/hostname.enc0
>> up
>>
>> when I try to start isakmpd on the remote system I get only a message
>> about privilege droping.
>>
>> on my local system I get
>>
>> Jan  2 16:23:55 gateway isakmpd[71980]: timer_add_event: event
>> ui_conn_reinit(0x0) added last, expiration in 5s Jan  2 16:23:55
>> gateway isakmpd[71980]: timer_remove_event: removing event
>> ui_conn_reinit(0x0)
>> Jan  2 16:23:55 gateway isakmpd[71980]: timer_add_event: event
>> ui_conn_reinit(0x0) added last, expiration in 5s gateway:/etc # Jan  2
>> 16:24:00 gateway isakmpd[71980]:
>> timer_handle_expirations: event ui_conn_reinit(0x0) Jan  2 16:24:00
>> gateway isakmpd[71980]: ipsec_get_id: invalid section
>> to-192.168.254/24 network 192.168.254
>> Jan  2 16:24:00 gateway isakmpd[71980]: connection_init: could not
>> record passive connection "from-ste0-to-192.168.25

Re: isakmpd set up

[Steve Williams]

Hi,

I have been using OpenBSD on a dynamic IP address for 10+ years.

I have an account with dynamic dns provider Zoneedit and use the 
ddclient package.


I run a SMTP daemon, HTTP, SSH and in those 10+ years, I have never had 
a situation where I could not reach my server.  I access it from all 
over the world using putty (ssh), imap (dovecot), webmail 
(roundcubemail) and access my web server for various purposes.


When I first got my server going, I was a paranoid & had a modem 
connected to the serial port of my server so I could get to my server in
the case of loosing Internet access.  I used the modem exactly 0 times 
and finally got rid of the landline.


Since I am paranoid, I had a backup to the backup & received an email 
every 2 hours (initially) that had the IP address of the interface.  I 
had a filter so the email just went into a folder.  I never had to use it...


If you feel tied to an ISP because of static IP, I would not hesitate to 
go the dynamic route.


Cheers,
Steve Williams

On 02/01/2017 3:05 PM, Peter Fraser wrote:

A charity that I support has been having trouble with its internet provider
(Rogers).
The problem I have is that Roger is the only supplier that is available that
will
give a fixed IP address.

I want the fixed IP address so I don't have to drive there to fix problems.

It occurred to me that if I could get a VPN set up automatically when their
OpenBSD  firewall boots.
I could then use the VPN to reach back into their computer.

Having never set up a VPN using OpenBSD I started by reading, and I was left
very confused.

I came up with:

On my firewall I have /etc/ipsec.conf

ike passive from egress to 192.168.254/24 peer 192.168.254.1 srcid thinkage.ca
dstid kwaccessability.ca tag ipsec-kwa
ike passive from 192.102.11.0/24 to 192.168.254.0/24 peer 192.168.254.1 srcid
thinkage.ca  dstid kwaccessability.ca tag ipsec-kwa

on their firewall

ike  from egress to 192.102.11/24 peer 192.102.11.1 srcid kwaccessability.ca
dstid thinkage.ca tag ipsec-kwa
ike  from 192.168.254/24 to 192.102.11/24 peer 192.102.11.1 srcid
kwaccessability.ca dstid thinkage.ca tag ipsec-kwa

I also  opened up the firewall to allow packed in from both networks without
restrictions,
something I will have to clean up later

On both system I have isakmpd_flags=-K -v -D A=10

because of some of the readings I also put on both systems into
/etc/hostname.enc0
up

when I try to start isakmpd on the remote system I get only a message about
privilege droping.

on my local system I get

Jan  2 16:23:55 gateway isakmpd[71980]: timer_add_event: event
ui_conn_reinit(0x0) added last, expiration in 5s
Jan  2 16:23:55 gateway isakmpd[71980]: timer_remove_event: removing event
ui_conn_reinit(0x0)
Jan  2 16:23:55 gateway isakmpd[71980]: timer_add_event: event
ui_conn_reinit(0x0) added last, expiration in 5s
gateway:/etc # Jan  2 16:24:00 gateway isakmpd[71980]:
timer_handle_expirations: event ui_conn_reinit(0x0)
Jan  2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section
to-192.168.254/24 network 192.168.254
Jan  2 16:24:00 gateway isakmpd[71980]: connection_init: could not record
passive connection "from-ste0-to-192.168.254/24"
Jan  2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section
from-192.102.11/24 network 192.102.11
Jan  2 16:24:00 gateway isakmpd[71980]: connection_init: could not record
passive connection "from-192.102.11/24-to-192.168.254/24"
JaJan  2 16:23:55 gateway isakmpd[71980]: timer_add_event: event
ui_conn_reinit(0x0) added last, expiration in 5s
Jan  2 16:23:55 gateway isakmpd[71980]: timer_remove_event: removing event
ui_conn_reinit(0x0)
Jan  2 16:23:55 gateway isakmpd[71980]: timer_add_event: event
ui_conn_reinit(0x0) added last, expiration in 5s
gateway:/etc # Jan  2 16:24:00 gateway isakmpd[71980]:
timer_handle_expirations: event ui_conn_reinit(0x0)
Jan  2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section
to-192.168.254/24 network 192.168.254
Jan  2 16:24:00 gateway isakmpd[71980]: connection_init: could not record
passive connection "from-ste0-to-192.168.254/24"
Jan  2 16:24:00 gateway isakmpd[71980]: ipsec_get_id: invalid section
from-192.102.11/24 network 192.102.11
Jan  2 16:24:00 gateway isakmpd[71980]: connection_init: could not record
passive connection "from-192.102.11/24-to-192.168.254/24"


any hint as to what I am doing wrong?

Re: PC Engines APU2xx wireless card for router?

[Steve Williams]

Thanks for the input!

Happy New Year :)

Cheers,
Steve Williams


On 31/12/2016 2:29 PM, Eike Lantzsch wrote:

On Saturday, 31 December 2016 11:13:53 PYST Steve Williams wrote:

Hi,

I have decided to modernize my OpenBSD system from an old desktop PC to
something lower power.  It seems that the PC Engines APU line is well
supported by OpenBSD and low power and the price point is rather attractive.

I've never done wireless with OpenBSD.  Since some of the APU cases come
with holes for two antennae, I thought it would be a new learning
experience to implement a wireless base station (router) in OpenBSD.

I can't seem to find much information on what wireless cards people have
used in the APU system(s).

The PC Engines website lists a WLE200NX which google reveals is a
Atheros AR9280 Wireless Mini PCIe 2.4/5 Ghz Dual Band card.

I used the WLM200NX with an Alix as OpenBSD AP until the Alix was destroyed by
lightning. Since then using an APU1 as router but no WiFi yet.

According to athn.4, it should be supported and operate as a base
station (router).

It seems that the WLE200NX is electronically the same as the WLM200NX. But I
can't be sure until I get mine together with an additional APU2 sometime in
Jan 2017.
I'll make sure to report and send a dmesg.

In any case you need to decide in which band you want to operate (2.4GHz or
5GHz) and choose the right antenna respectively, unless you decide to order a
dual-band antenna. The latter is said to perform worse but I couldn't detect a
difference to the single-band antenna - at least @ 2.4GHz where the signal is
very much interfered with.
I went eventually with 5GHz because with that I'm alone in the neighbourhood.


Is this a card that people have had success with operating as a base
station (wireless router)?

Is there a better Mini PCIe card that is supported by OpenBSD?

If the WLE600VX is "better" or if it works at all w/ OpenBSD still remains to
be seen.

I'm not scrimping on money...  I anticipate this running for 5+ years.
I've been on OpenBSD since the 2.7 days and have only had 2 different
sets of hardware (retired PC's).  This would be the third and the only
"new" system :)

Thanks,
Steve Williams

All the best
Eike

Re: PC Engines APU2xx wireless card for router?

[Steve Williams]

Thanks!

On 02/01/2017 3:17 AM, Stefan Sperling wrote:

On Sat, Dec 31, 2016 at 11:13:53AM -0700, Steve Williams wrote:

The PC Engines website lists a WLE200NX which google reveals is a Atheros
AR9280 Wireless Mini PCIe 2.4/5 Ghz Dual Band card.

According to athn.4, it should be supported and operate as a base station
(router).

Is this a card that people have had success with operating as a base station
(wireless router)?

Yes.


Is there a better Mini PCIe card that is supported by OpenBSD?

No.

PC Engines APU2xx wireless card for router?

[Steve Williams]

Hi,

I have decided to modernize my OpenBSD system from an old desktop PC to 
something lower power.  It seems that the PC Engines APU line is well 
supported by OpenBSD and low power and the price point is rather attractive.


I've never done wireless with OpenBSD.  Since some of the APU cases come 
with holes for two antennae, I thought it would be a new learning 
experience to implement a wireless base station (router) in OpenBSD.


I can't seem to find much information on what wireless cards people have 
used in the APU system(s).


The PC Engines website lists a WLE200NX which google reveals is a 
Atheros AR9280 Wireless Mini PCIe 2.4/5 Ghz Dual Band card.


According to athn.4, it should be supported and operate as a base 
station (router).


Is this a card that people have had success with operating as a base 
station (wireless router)?


Is there a better Mini PCIe card that is supported by OpenBSD?

I'm not scrimping on money...  I anticipate this running for 5+ years.  
I've been on OpenBSD since the 2.7 days and have only had 2 different 
sets of hardware (retired PC's).  This would be the third and the only 
"new" system :)


Thanks,
Steve Williams

Re: Maintaining your system with snapshots

[Steve Williams]

On 20/02/2015 2:19 AM, lm wrote:
 Hi there!

 I'm giving a try to snapshots for the first time. The system feels great,
 but I'm having some issues trying to maintain base system and ports synced.

 I've got a local copy of the complete packages tree for convenience, so I
 don't have to update base and ports everytime I want to install a new
 package, but it still seems some packages don't match the base system
 and they crash.

 How do you maintain your system fresh? What do you follow?

 Thanks,
 Luis

Hi,

I have been using snapshots for my system, but don't update too often.  
Sometimes there's a package I want to install, but because my snapshot 
is old (stale when compared to the current repository), I can't get the 
package.

What I have started to do is download the ports.tar.gz when I install a 
snapshot.  I have no idea if this is a supported approach, but I've 
never had a problem building from ports when I need something after the 
fact.   The downside of doing this is I get MANY packages installed 
that are dependencies of building a port.

For example:

autoconf-2.13p2 automatically configure source code on many Un*x
platforms
autoconf-2.52p4 automatically configure source code on many Un*x
platforms
autoconf-2.59p3 automatically configure source code on many Un*x
platforms
autoconf-2.61p3 automatically configure source code on many Un*x
platforms
autoconf-2.64   automatically configure source code on many Un*x
platforms
autoconf-2.65   automatically configure source code on many Un*x
platforms
autoconf-2.69p0 automatically configure source code on many Un*x
platforms

Yes, I've had this system going for a while!  lol.

Cheers,
Steve W.

-current FAQ (ports), mention mysql going to attic, mariadb being imported?

[Steve Williams]

Hi,

I downloaded -current as of November 6 @ 11:26 and installed it. I'm 
doing a test run upgrading my system  started to install required 
packages.


At first, I thought the snapshot wasn't complete as I couldn't find the 
mysql server.  After a bit of head scratching, I went onto the cvsweb ( 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/databases/mysql/ )


and noticed that mysql has been moved to the Attic.  Putting 2+2 
together, I found the mariadb port.


I had checked the FAQ ( http://www.openbsd.org/faq/current.html ) before 
I started this upgrade, but there is no mention of mysql being retired  
mariadb being the preferred replacement.


I realize that not everything makes the -current FAQ, but after 
looking at the list of things in the -current FAQ, I felt that the 
retiring of mysql  use of mariadb was worthy of mentioning.


If not, at least this email is now in the archives.

Thanks,
Steve Williams

Re: Updating ports from CVS question

[Steve Williams]

Hi,

It is 1000 times faster (or some value... but wayyy faster)  to just ftp 
the ports.tar.gz file over when compared to using CVS.


Just saying...

Cheers,
Steve Williams

On 11/7/2014 8:47 AM, Jungle Boogie wrote:

Hello All,

# uname -a
OpenBSD jackknife.my.domain 5.6 GENERIC.MP#0 i386

This system should be -current as of last night.

I'm trying to build ports:
# cd /usr
# cvs -qd anon...@anoncvs.usa.openbsd.org:/cvs get -rOPENBSD_`uname -r 
| sed 's/\./_/'` -P ports


Problem is that I got impatient and thought ports were hanging 
somewhere around the x11 stuff so I stupidly ^C


Now after rebooting the machine several times, I cannot connect back 
to anoncvs.usa.openbsd.org and the other mirrors don't do much. 
Meaning I can connect but no other message indicates ports are being 
downloaded.


For awhile the error message was that my IP address has a connection 
already but now it looks like the connection is dropped altogether as 
there's no message.


Although, I can open a telnet connection to the cvs port:
telnet anoncvs.usa.openbsd.org 2401
Trying 149.20.54.217...
Connected to anoncvs.usa.openbsd.org.
Escape character is '^]'.

cvs [pserver aborted]: bad auth protocol start:

Connection closed by foreign host.

Any recommendations on what to do?

Re: Updating ports from CVS question

[Steve Williams]

On 11/7/2014 1:37 PM, Jungle Boogie wrote:
 Dear Ingo, Misc
 
 From: Ingo Schwarze schwa...@usta.de
 Sent:  Fri, 7 Nov 2014 19:18:08 +0100
 To: Jungle Boogie Cc: misc@openbsd.org
 Subject: Re: Updating ports from CVS question
 
 Jungle Boogie wrote on Fri, Nov 07, 2014 at 08:20:36AM -0800:

 Great idea! How do you update your ports, then?
 Just download a new ports.tar.gz file

 If you are running -stable, that doesn't help.
 The file ports.tar.gz doesn't get updated for -stable after release.

 or:
 # cd /usr/ports
 # cvs -d anon...@anoncvs.usa.openbsd.org:/cvs -q up -rOPENBSD_`uname
 -r | sed 's/\./_/'` -Pd

 Yes, you start from ports.tar.gz, and then, you update that tree
 with cvs(1) as needed.

 I don't like your uname(1) hackery, though.  It's unsafe, giving you
 a false sense of security.  For example, i'm running -current, but
 your uname(1) says, on my -current machine:

 $ uname -r | sed 's/\./_/'
5_6
 $ uname -a
OpenBSD isnote.usta.de 5.6 GENERIC.MP#5 i386

 I followed directions here:
 http://www.bsdnow.tv/tutorials/stable-current-obsd

 I did skip one reboot, though.

 Also, I went from 5.6 -release to -current and now looking at the 
 directions, following a snapshot is recommended. I would expect my 
 uname to update, though.



 To update my ports tree, i have to do:

 $ cd /usr/ports  cvs -d ... up -dP

 without any -r argument, but your uname(1) would give me a bogus -r
 argument, so in some situations, it does the wrong thing.

 I'd recommend that you just supply the correct -r by hand if needed.

 I think I'll rebuild the machine based on a snapshot THEN update to 
 -current!


 KISS!

 Yours,
Ingo




Hi,

It has been stated multiple times on this list that snapshots do not 
necessarily equate to -current.  I think it's generally in reference to 
the base system and not ports, but it is something to be aware of.

From: http://www.openbsd.org/faq/faq5.html
Third, snapshots often contain experimental code that isn't yet 
committed to the tree.

It has been my experience that if you want to follow snapshots, then it 
is best to download the ports.tar.gz at the time that you install the 
snapshot.  This has the greatest chance of success (though not 
guaranteed), as the cvs and the snapshot can be out of date.  For 
example, a snapshot may be complied on Monday, you download it on 
Thursday, and in the meantime, someone has updated a port in CVS. It's 
only bitten me a couple of times in the last 10 years, but when it does, 
it really sucks.  What you think should be a 5 minute operation turns 
into a system upgrade!  lol

Using ports and snapshots (rather than packages) can be quite resource 
intensive.  For giggles,yesterday I compiled a few ports that I normally 
use packages for (I wanted to test my VM, as well as see what it took to 
compile mariadb).  To compile, the dependencies for 2 of the packages I 
usually install pulled (ftp/compile) around 100 packages.  I ended up with
 5 versions of autoconf
 2 versions of automake
and TONS of things I would not normally install...

Having the ports.tar.gz that corresponds to the snapshot you install is 
nice because 2 months down the road you can compile/install something 
that will work on your system even when there is no package available 
that will work on your system.

If you try to cvs up your ports to -current 2 months after installing a 
snapshot, odds are that something won't compile. OpenBSD works FANTASTIC 
as long as you keep things consistent. Follow base, -current, or 
snapshots.  Don't try to mix and match and you should have smooth sailing.

That's just been my personal experience.  Other people way more 
authoritative may have much wiser advice.

Cheers,
Steve Williams

Upgrade dry run - restore backup from physical to virtualbox VM?

[Steve Williams]

Hi,

I have an older system on physical hardware that needs upgrading. I've 
been procrastinating because it's the type of thing that needs to be 
done from start to finish, and it's rather out of date (OpenBSD 
5.2-current) so I know there will be all sorts of surprises.


I have Virtualbox (2.2.4) running on my Windows PC and able to 
boot/install OpenBSD in it.


I had (what I think is) a great thought today that maybe I could 
(somehow) restore a backup from my physical hardware into the Virtualbox 
VM and do a test upgrade there, figuring things out bit by bit with no 
pressure of my system being down.  Once I had the upgrade process 
figured out, I'd then be better prepared to do it to my physical system.


I have never done a dump/restore of a complete system before.  I do know 
that on my physical system, the hard disk is sd0 whereas the VM, it's 
wd0 (with an OpenBSD 5.5 install... yes, I know 5.6 is imminent).  Not a 
big deal to tweak /etc/fstab though.


I'm reasonably comfortable with dump/restore, but not to completely 
clone a system.


How can I do a dump of the root filesystem over top of a running system 
(in the VM)?   Does it have to be in single user mode?


Are there any other things that are going to need to be tweaked other 
than /etc/fstab?


Am I going to need to run installboot or some other such utility to get 
it to boot correctly after a restore?


Any thoughts of this idea in general?

Thanks,
Steve Williams

Re: Upgrade dry run - restore backup from physical to virtualbox VM?

[Steve Williams]

Hi,

That's fantastic.  Thanks for the information.

Cheers,
Steve Williams

On 10/27/2014 1:35 PM, Josh Grosse wrote:

On 2014-10-27 14:14, Steve Williams wrote:

Hi,

I have an older system on physical hardware that needs upgrading. I've
been procrastinating because it's the type of thing that needs to be
done from start to finish, and it's rather out of date (OpenBSD
5.2-current) so I know there will be all sorts of surprises.


If you follow the Upgrade Guides, there shouldn't be any. 5.2- 5.3,
5.3 - 5.4, 5.4 - 5.5, and then 5.5 - 5.6 starting on Saturday. :)


I have Virtualbox (2.2.4) running on my Windows PC and able to
boot/install OpenBSD in it.

I had (what I think is) a great thought today that maybe I could
(somehow) restore a backup from my physical hardware into the
Virtualbox VM and do a test upgrade there, figuring things out bit
by bit with no pressure of my system being down.  Once I had the
upgrade process figured out, I'd then be better prepared to do it to
my physical system.


Excellent idea


I have never done a dump/restore of a complete system before.  I do
know that on my physical system, the hard disk is sd0 whereas the VM,
it's wd0 (with an OpenBSD 5.5 install... yes, I know 5.6 is imminent).
 Not a big deal to tweak /etc/fstab though.


If your production /etc/fstab used DUID rather than device number, you 
may

need to revise the DUID in your virtual machine's disklabel rather than
editing fstab(5).  Either way.


I'm reasonably comfortable with dump/restore, but not to completely
clone a system.

How can I do a dump of the root filesystem over top of a running
system (in the VM)?   Does it have to be in single user mode?

Are there any other things that are going to need to be tweaked other
than /etc/fstab?


The following how-to is from memory, and I may have missed a step (or
two).  Use only with that understanding.  If' you get confused, let
me know and I'll try to help.

You do the restore from the ramdisk kernel, since restore(8) is
included.  You will need to have a mounted /tmp, since restore
requires it.

1.  Boot the ramdisk kernel, bsd.rd.
2.  Use fdisk(8) to create an MBR on your new system's drive.
3.  Use disklabel(8) to create partitions on your new system's drive.

You can edit by hand or use -R with a copy of your producition
disklabel.  You will create a disklabel with a new DUID either way.

If your fstab(8) uses DUIDs and you wish to retain them, edit the
new drive's DUID to match your production system's.

4. Create, format, and mount a /tmp filesystem.  If you don't have
a /tmp partition or you use MFS for /tmp, you may find your swap
partition b is handy to format and mount as /tmp.  Use
disklabel(8) to create the partition, use newfs(8) to format, and
use mount(8), of course.

5. For each filesystem to restore, format with newfs(8) and mount
with mount(8).  For speed during restore, you will find -o async
or -o async,noatime helpful.

6. Now just cd(1) into each mounted, empty filesystem, and restore(8) 
with -r.

starting with dump level 0 and lather, rinse, repeat with other levels.

7. When each partition has been restored, you may remove the
restoresymtable file in the root of each restored filesystem.

8. You must install bootblocks manually.  For a 5.2 system,
the installboot(8) program is located in /usr/mdec, along with
the biosboot(8) first stage bootloader.  The /boot second stage
bootloader should already be in your root filesystem.

example (for 5.2 and wd0's root partition mounted at /mnt):

# /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot wd0

9.  If you need to adjust /etc/fstab instead of DUIDs, edit before
booting.

Re: termios VMIN VTIME

[Steve Williams]

On 4/3/2014 1:40 AM, trifle menot wrote:

On 4/2/14, Mihai Popescu mih...@gmail.com wrote:


Dude, what the hell are you trying to do? Just explain in plain words here.
I am interested in working with rs232
and i wasted my time reading and wainting for your damn problem.

a) Set raw mode.
b) Set VMIN = 250 and VTIME = 1.
c) Set port speed to 115200.
d) Read data from the serial port.
e) Have a device (or program) send data to the serial port, at a
steady rate of 11 cps.
f) Notice a 20 second delay before read() returns. Your sending device
appears to have stalled, though it has not.

The problem is, VTIME is an interbyte timer. At 11 cps and VTIME = 1,
it never expires. You wait 20 seconds for VMIN to kick in, before
read() returns. Unfortunately, POSIX provided no option to make VTIME
an overall timer.

VMIN must not exceed MAX_INPUT (255 on my linux test box). So VMIN
must be = 255 (even though an integer holds the value).

Now suppose VTIME was an overall timer, not an interbyte timer. In 0.1
seconds at 115200, you can transfer about 1100 bytes. At that speed,
VMIN will kick in before the timer expires, and read() will return
with approx. 250 bytes. If you get a block  250 bytes, you will never
wait more than 0.1 seconds for it, even in the worst case, a steady 11
cps.

The POSIX writers erred by making VTIME an interbyte timer.
What real life problem are you trying to solve?  Why do you need to have 
 250 bytes in the returned buffer?  Is it important to have a steady 
11 cps in the other situation?  Have you considered non-blocking IO?  
Using select or some other equivalent to determine if there is data 
available on the port prior to the read?


Serial communications have been around since the dark ages  I was 
writing code 20+ years ago to talk to RS-232 (a very un-standard 
standard).  There are many ways to solve the same problem...


Cheers,
Steve Williams

Re: recommendations - centralized email?

[Steve Williams]

On 2/17/2014 11:13 AM, Adam Thompson wrote:
I'm looking for recommendations on what works well for people, since 
this doesn't appear to be covered by the FAQ or AOBSD2E.  I know 
several ways to accomplish what I'm after, but none of them seem to 
have any clear advantage over the other.


1. I have about a dozen OpenBSD systems running (5.4-RELEASE), all of 
which share a common list of users, all of which generate email 
automatically.
2. Only one of those systems is the designated mail server.  I would 
like all the other systems to immediately relay any and all email to 
the mail server.
3. I don't want to have to manually maintain /etc/mail/aliases on each 
and every system for each and every user; sooner or later I'll miss one.
4. I'd prefer to use smtpd(8) instead of sendmail(8), but I'm even 
willing to run software from ports, if it's clearly 
better/cleaner/smaller/etc.


So, I know I can achieve the effect I want by putting every user on 
every machine in /etc/aliases with something like:

athompsoathom...@central.mail.server
Or I can achieve the same effect by putting a .forward file in every 
home directory on every machine, but both of these options are 
laborious and thus error-prone.


I know how to do this with Postfix, but installing Postfix from ports 
just to forward mail to a central mailhost seems like... overkill?
I think I might be able to remember how to do this with Sendmail, but 
I'm not sure.  I've stayed as far away from sendmail as I can.

And I'm not at all clear on how to accomplish this with smtpd.

I assume *someone* here must have a similar situation - what worked 
(or didn't) for you?



Hi,

In the sendmail world, the smarthost functionality is what you would 
leverage.  It will forward all email to the host specified for it to 
process.  It makes for a very tiny sendmail.cf file.


I'm sure there is just as easy of a way in smtpd.

From /usr/share/sendmail/cf/openbsd-proto.mc

divert(0)dnl
VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.12 $')dnl
OSTYPE(openbsd)dnl
dnl
dnl If you have a non-static IP address you may wish to forward outgoing 
mail

dnl through your ISP's mail server to prevent matching one of the dialup
dnl DNS black holes.  Just uncomment the following line and replace
dnl mail.myisp.net with the hostname of your ISP's mail server.
dnl
dnl define(`SMART_HOST', `mail.myisp.net')dnl
dnl

Cheers,
Steve W.

Re: Variation on PHP in chroot problem: SQLite3::loadExtension()

[Steve Williams]

On 3/30/2013 1:12 PM, Scott Vanderbilt wrote:
I think I've done my homework, but apparently the answer eludes me 
despite my best intentions to find an answer on my own. So, I throw 
myself on the mercy of misc and pray I am not mauled too badly. :-)


I am running 5.3-current (3/22/2013 snapshot), Nginx as http server, 
and PHP and PHP-FPM 5.3.22 from packages. I am trying to connect to a 
Sqlite3 database with an extension (libspatialite-4.0.0, built from 
ports). Connecting to a Sqlite3 database from PHP *without* an 
extension works just fine. The trouble arises when I attempt to throw 
libspatialite into the mix.


Here is the error:

   2013/03/30 11:43:39 [error] 19127#0: *1110 FastCGI sent in stderr:
   PHP message: PHP Warning:  SQLite3::loadExtension(): Cannot load
   specified object in /htdocs/foo/test.php on line 10

Here is the relevant PHP code:

   ?php
   class MyDB extends SQLite3
   {
   function __construct()
   {
   $this-open('test.sqlite');
   }
   }
   $db = new MyDB();
   $db-loadExtension('libspatialite.so.0.0');

I am assuming that PHP is finding the libspatialite library, since 
when I change the file name in the loadExtension() function call to an 
intentionally bogus name, I get a different error, like this:


   2013/03/30 11:23:16 [error] 19127#0: *1104 FastCGI sent in stderr:
   PHP message: PHP Warning:  SQLite3::loadExtension(): Unable to load
   extension at 'lib/foo.so.0.0' in /htdocs/foo/test.php on line 10

So, my next thought is it must be a library dependency. So, I run ldd:

   lib $ldd /var/www/lib/libspatialite.so.0.0
   /var/www/lib/libspatialite.so.0.0:
   StartEnd  Type Open Ref GrpRef Name
   0f20 2f369000 dlib 10   0 /var/www/lib/libspatialite.so.0.0
   059fb000 25a0 rlib 03   0 /usr/lib/libpthread.so.17.0
   09306000 2930a000 rlib 01   0 /usr/local/lib/libfreexl.so.0.0
   04971000 24a51000 rlib 02   0 /usr/local/lib/libiconv.so.6.0
   0a9a1000 2a9ab000 rlib 01   0 /usr/local/lib/libproj.so.6.0
   03eea000 23ef8000 rlib 01   0 /usr/lib/libsqlite3.so.22.0
   0d078000 2d082000 rlib 01   0 /usr/local/lib/libgeos_c.so.4.0
   062ba000 262fc000 rlib 02   0 /usr/local/lib/libgeos.so.7.1
   00889000 208b7000 rlib 03   0 /usr/lib/libstdc++.so.55.0
   0a42e000 2a437000 rlib 05   0  /usr/lib/libm.so.7.1

So I copy all of these libraries into the paths specified by ldd, 
taking the chroot into account. Here is where the libraries ended up:


  lib $ls -al /var/www/lib/
  total 8524
  rwxr-xr-x   2 root  users   512 Mar 30 10:23 .
  drwxr-xr-x  16 root  daemon  512 Mar 22 11:28 ..
  -rw-r--r--   1 root  bin 923 Mar 22 18:10 libspatialite.la
  -rw-r--r--   1 root  bin 4339888 Mar 22 18:10 libspatialite.so.0.0

   lib $ls -al /var/www/usr/lib/
   total 11148
   drwxr-xr-x  2 root  users  512 Mar 30 10:23 .
   drwxr-xr-x  5 root  users  512 Mar 30 10:21 ..
   -r--r--r--  1 root  bin 457102 Mar 22 11:29 libm.so.7.1
   -r--r--r--  1 root  bin 163854 Mar 22 11:29 libpthread.so.17.0
   -r--r--r--  1 root  bin2504122 Feb  7 18:30 libsqlite3.so.21.0
   -r--r--r--  1 root  bin2518224 Mar 22 11:29 libsqlite3.so.22.0

   lib $ls -al /var/www/usr/local/lib/
   total 7088
   drwxr-xr-x  2 root  users  512 Mar 30 10:22 .
   drwxr-xr-x  3 root  users  512 Mar 30 10:21 ..
   -rw-r--r--  1 root  bin  37910 Mar 27 23:37 libfreexl.so.0.0
   -rw-r--r--  1 root  bin2011553 Mar 22 18:08 libgeos.so.7.1
   -rw-r--r--  1 root  bin 177649 Mar 22 18:08 libgeos_c.so.4.0
   -rwxr-xr-x  1 root  wheel  1056690 Feb  7 06:38 libiconv.so.6.0
   -rw-r--r--  1 root  bin 270455 Mar 22 13:51 libproj.so.6.0

However, still no joy. I've also tried placing all of the libraries in 
/var/www/lib alongside the libspatialite library, but that did not 
work either.


I am at a loss trying to figure out what other specified object that 
PHP is unable to load. If anyone can provide any clues as to how I can 
track this down, I would be most grateful.


Many thanks in advance.

Hi,

I've never run into this specific problem, but perhaps ldconfig is 
required in the chroot?


man ldconfig

Or perhaps copy in /var/run/ld.so.hints?

Cheers,
Steve

Re: [Question] Building whitelists so that spamd greylisting can work without users perceiving delivery delays...

[Steve Williams]

On 3/28/2013 10:52 AM, Sarah Caswell wrote:

Hi all,

I had a question about greylisting (with spamd) in production.

I've successfully run spamd on firewalls (as a frontend to either barracuda or 
SpamAssassin) and have really liked the reduction in SPAM volume.

Unfortunately my employer's wife does not like the delays that this introduces 
into our mail delivery, since she uses email for quick turn-around 
communication.

The main problem occurs with senders like Gmail, yahoo, hotmail, etc. ...i.e. 
all the senders that have large farms of smtp servers from which they can retry 
delivery after initial greylisting delay.

I know this means I'm not doing proper whitelisting of those major sender 
domains, but I'm at a loss on how to best construct and maintain such a 
whitelist.

Are there any up-to-date lists that already track the MTAs of these large mail 
providers?

Or will this mostly be a DIY effort on my part?

Any thoughts/insights/experiences would be greatly appreciated.

:-)

Sarah



Hi,

Years ago I was faced with the same frustration on my own system.  I 
ended up writing a shell/awk script that I run 2x a day.


Basically, you build up a list of trusted hosts and whitelist them.  
Whenever I got delayed mail that I noticed, I would add the hostname to 
the trusted list and my script would automatically whitelist them the 
next time it ran (or when I ran it manually).


It may not be perfect, but it's worked flawlessly for probably 4 years now.

It's designed to work with sites that use spf records, and it doesn't 
know about ip6, not an issue in my case


If you are interested in my script, feel free to contact me off list

The output for google.com is:
#---
# google.com
#---
# Got 5 elements in [v=spf1 include:_spf.google.com ip4:216.73.93.70/31 
ip4:216.73.93.72/31 ~all]

# queueing for spf lookup: [_spf.google.com]
216.73.93.70/31
216.73.93.72/31
# ==
# Recursing for additional spf records
# ==
#---
# _spf.google.com
#---
# Got 5 elements in [v=spf1 include:_netblocks.google.com 
include:_netblocks2.google.com include:_netblocks3.google.com ?all

]
# queueing for spf lookup: [_netblocks.google.com]
# queueing for spf lookup: [_netblocks2.google.com]
# queueing for spf lookup: [_netblocks3.google.com]
# ==
# Recursing for additional spf records
# ==
#---
# _netblocks.google.com
#---
# Got 12 elements in [v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 
ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/
17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 
ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all]

216.239.32.0/19
64.233.160.0/19
66.249.80.0/20
72.14.192.0/18
209.85.128.0/17
66.102.0.0/20
74.125.0.0/16
64.18.0.0/20
207.126.144.0/20
173.194.0.0/16
#---
# _netblocks2.google.com
#---
# Got 8 elements in [v=spf1 ip6:2001:4860:4000::/36 
ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 i

p6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ?all]
# UNKNOWN: [ip6:2001:4860:4000::/36]
# UNKNOWN: [ip6:2404:6800:4000::/36]
# UNKNOWN: [ip6:2607:f8b0:4000::/36]
# UNKNOWN: [ip6:2800:3f0:4000::/36]
# UNKNOWN: [ip6:2a00:1450:4000::/36]
# UNKNOWN: [ip6:2c0f:fb50:4000::/36]
#---
# _netblocks3.google.com
#---
# Got 2 elements in [v=spf1 ?all]
# Returning from recursion
# Returning from recursion

Re: Tricks for install OpenBSD under Virtualbox, host Windows XP

[Steve Williams]

Hi,

I installed Virtualbox 2.2.4 and everything is 100%.

It seems the newer version of Virtualbox is confused by my hardware/host 
os combination and cannot deal with the VT-X, even though it's enabled 
in my bios.


Thanks for all the hints.  It took a bit of magical google incantations 
and reading between the lines to arrive at this solution.


Cheers,
Steve

On 1/6/2013 1:06 PM, Steve Williams wrote:

Hi,

After recently reading (on this list) about how OpenBSD runs under 
Virtualbox, I thought I would take it for a test drive on my laptop so 
I can work in OpenBSD while away on business  don't have access to 
the Internet.


My laptop is a Dell Latitude E6500 with a Intel(R) Core(TM)2 Duo CPU 
(P8600).  I have enabled the Virtualization support in the bios.


The host system is Windows XP.

When I start VirtualBox, I get a dialogue box that says:

-
VT-x/AMD-V hardware acceleration has been enabled, but is not 
operational. Certain guests (e.g. OS/2 and QNX) require this feature.


Please ensure that you have enabled VT-x/AMD-V properly in the BIOS of 
your host computer.

-

When I got this message, I disabled the Enable VT-x/AMD-V in the 
settings of the VM for OpenBSD, but I still get that message. It's a 
bit confusing.



I am trying to install OpenBSD-current (downloaded January 6, 2013).  
It will get various distances into installing before I get an error.  
I've even got as far as defining the partitions and the format 
starting, but it either gives an Illegal Instruction, or a kernel 
panic.


The Intel website indicates it supports VT-x 
(http://ark.intel.com/products/35569?wapkw=core+2+duo+p8400)


Any suggestions/tricks, or am I just out of luck with this combination 
of hardware/guest OS/OpenBSD?


Thanks,
Steve

Tricks for install OpenBSD under Virtualbox, host Windows XP

[Steve Williams]

Hi,

After recently reading (on this list) about how OpenBSD runs under 
Virtualbox, I thought I would take it for a test drive on my laptop so I 
can work in OpenBSD while away on business  don't have access to the 
Internet.


My laptop is a Dell Latitude E6500 with a Intel(R) Core(TM)2 Duo CPU 
(P8600).  I have enabled the Virtualization support in the bios.


The host system is Windows XP.

When I start VirtualBox, I get a dialogue box that says:

-
VT-x/AMD-V hardware acceleration has been enabled, but is not 
operational. Certain guests (e.g. OS/2 and QNX) require this feature.


Please ensure that you have enabled VT-x/AMD-V properly in the BIOS of 
your host computer.

-

When I got this message, I disabled the Enable VT-x/AMD-V in the 
settings of the VM for OpenBSD, but I still get that message. It's a bit 
confusing.



I am trying to install OpenBSD-current (downloaded January 6, 2013).  It 
will get various distances into installing before I get an error.  I've 
even got as far as defining the partitions and the format starting, but 
it either gives an Illegal Instruction, or a kernel panic.


The Intel website indicates it supports VT-x 
(http://ark.intel.com/products/35569?wapkw=core+2+duo+p8400)


Any suggestions/tricks, or am I just out of luck with this combination 
of hardware/guest OS/OpenBSD?


Thanks,
Steve

IP Address Pptpd (Poptop) and pppd (userland)

[Steve Williams]

Hi,

I am trying to configure PopTop on my OpenBSD Current system.  Yes, I 
know it's not secure, but given the situation, I do not have a choice.
OpenBSD 5.1-current (GENERIC.MP) #253: Thu Apr 26 01:45:24 MDT 2012

Everything has been installed from packages in the snapshot.

In the pptd.conf(5) man page, it mentions:

ROUTING CHECKLIST - PROXYARP
Allocate a section of your LAN addresses for use by clients.

In /etc/ppp/options.pptpd. set the proxyarp option.  In
pptpd.conf do
not set localip option, but set remoteip to the allocated
address
range.  Enable kernel forwarding of packets, (e.g. using
/proc/sys/net/ipv4/ip_forward ).

Therefore, I just have remoteip 192.168.123.200-210  in the config 
file, and 200-210 is blocked (reserved) on my DHCP server and I have not 
put in a localip.

The directions that come with the poptop package 
(/usr/local/share/doc/pkg-readmes/poptop-1.3.4p3) indicate:

In ppp.conf create a section pptp

 pptp:

 enable proxy
 set dns IP.Of.DNS.Server1 IP.Of.DNS.Server2
 set ifaddr _*Local.IP *_Remote.IP
 set timeout 0

So... what am I missing here?

Or should I just be using Routing (per pptpd.conf(5)) and..

ROUTING CHECKLIST - FORWARDING
Allocate a subnet for the clients that is routable from your
LAN, but
is not part of your LAN.

If I do that, I could create a 192.168.124.0/24 network on my OpenBSD 
server which I presume tun0 would belong to.  Would the other end of the 
tunnel (the Windows system) go into another subnet (eg: 192.168.125.0/24)?

Googling least to a plethora of Linux HOWTO's, none of which really 
explain anything...

Confused in Windows networking land :(  Any assistance appreciated!

Thanks,
Steve Williams

rc.d and mysql startup (upgrade from 4.6 current to April 2 snapshot)

[Steve Williams]

Hi,

I recently updated my system from an ancient 4.6 something to the 
April 2 snapshot.  Let me say, between sysmerge and pkg_add -ui, it's an 
amazingly painless process!


This is i386 on a Dell Optiplex 755, though that's not relevant.

At some point in time (I've been using OpenBSD since 2.7), I got a 
recommendation to start mysql by adding an entry in the login.conf file:

mysql:\
:openfiles-cur=1024:\
:openfiles-max=2048:

Then, in the rc.local file, I was starting mysql via:
if [ -x /usr/local/bin/mysqld_safe ] ; then
su -c mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
echo -n ' mysql'
fi

This was so that mysql would have enough file descriptors when it ran.  
I am currently running:

mysql-client-5.1.62 multithreaded SQL database (client)
mysql-server-5.1.62 multithreaded SQL database (server)

When I look at the /etc/rc.d/mysqld file, I see no mechanism to start 
mysql with an increased number of file descriptors.  I did notice that 
the system default openfiles-cur was boosted during the sysmerge 
upgrade process.


I use (for personal use only) gallery3, wordpress, roundcubemail, so 
it's not super heavy use of mysql.


What is the accepted way to start mysql these days?

Thanks,
Steve Williams

OpenBSD 5.1-current (GENERIC.MP) #230: Mon Apr  2 12:44:39 MDT 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 11memory_size
cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF

real mem  = 2101923840 (2004MB)
avail mem = 2056744960 (1961MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/30/08, BIOS32 rev. 0 @ 0xffea0, 
SMBIOS rev. 2.5 @ 0xf0450 (80 entries)

bios0: vendor Dell Inc. version A10 date 04/30/2008
bios0: Dell Inc. OptiPlex 755
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET  SLIC
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) 
PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
USB4(S3) USB5(S3)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 265MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF

cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF

cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF

ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 3 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus -1 (PCI5)
acpiprt5 at acpi0: bus -1 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xb800! 0xcb800/0x2000! 0xcd800/0x2800!
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82Q35 Host rev 0x02
ppb0 at pci0 dev 1 function 0 Intel 82Q35 PCIE rev 0x02: apic 8 int 16
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 Intel 82Q35 Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 8 int 16
drm0 at inteldrm0
Intel 82Q35 Video rev 0x02 at pci0 dev 2 function 1 not configured
Intel 82Q35 HECI rev 0x02 at pci0 dev 3 function 0 not configured
pciide0 at pci0 dev 3 function 2 Intel 82Q35 PT IDER rev 0x02: DMA 
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI

pciide0: using apic 8 int 18 for native-PCI interrupt
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored

Re: rc.d and mysql startup (upgrade from 4.6 current to April 2 snapshot)

[Steve Williams]

On 4/7/2012 1:40 PM, Antoine Jacoutot wrote:

On Sat, Apr 07, 2012 at 01:01:07PM -0600, Steve Williams wrote:

Hi,

I recently updated my system from an ancient 4.6something  to the
April 2 snapshot.  Let me say, between sysmerge and pkg_add -ui,
it's an amazingly painless process!

This is i386 on a Dell Optiplex 755, though that's not relevant.

At some point in time (I've been using OpenBSD since 2.7), I got a
recommendation to start mysql by adding an entry in the login.conf
file:
mysql:\
 :openfiles-cur=1024:\
 :openfiles-max=2048:

Then, in the rc.local file, I was starting mysql via:
if [ -x /usr/local/bin/mysqld_safe ] ; then
 su -c mysql root -c '/usr/local/bin/mysqld_safe/dev/null 21'
 echo -n ' mysql'
fi

This was so that mysql would have enough file descriptors when it
ran.  I am currently running:
 mysql-client-5.1.62 multithreaded SQL database (client)
 mysql-server-5.1.62 multithreaded SQL database (server)

When I look at the /etc/rc.d/mysqld file, I see no mechanism to
start mysql with an increased number of file descriptors.  I did
notice that the system default openfiles-cur was boosted during
the sysmerge upgrade process.

I use (for personal use only) gallery3, wordpress, roundcubemail, so
it's not super heavy use of mysql.

What is the accepted way to start mysql these days?

You want to add mysqld in the pkg_scripts variable in rc.conf.local(8) (and 
remove the mysql startup lines from rc.local of course).
Then change your mysql class in login.conf(5) from mysql to mysqld.

See rc.d(8) for more information but in a nutshell an rc script will use the 
class which matches its name -- if there is no matching class, then 'daemon' 
will be used.


That's way cool!  Thanks very much for the pointer :)

Cheers,
Steve

Re: Donations

[Steve Williams]

On 12/5/2010 12:10 PM, Randal L. Schwartz wrote:
 Theo == Theo de Raadtdera...@cvs.openbsd.org  writes:
 Theo  If you don't know why I am sending this mail.. you are reading US
 Theo  managed news, and need to much much more informed

 If this is in reference to Wikileaks, it's because Paypal believes that
 Wikileaks is involved in illegal activity, and to some degree, I agree
 with them.  (I believe a lot of the diplomatic actions we do in the US
 are wrong, but two wrongs don't make a right.)

 Are you planning on having the OpenBSD development team perform some
 sort of illegal activity soon?

 If not, you shouldn't be worried about Paypal.

 If it's not about Wikileaks, google searches don't show anything else
 particularly interesting about Paypal recently, so I wonder what
 triggered your message.

Hi,

The problem is with your statement PayPal believes.  PayPal is run by 
people.  Those people have made an arbitrary decision.  Sure, if the 
people that run WikiLeaks are CONVICTED of a crime, then, and only then 
they might be justified to pull WikiLeaks account.

The next time, what are the PayPal people going to arbitrarily decide is 
wrong.  If some company actually used OpenBSD to make a baby mulching 
machine, would they cut off OpenBSD donations without anyone in OpenBSD 
being convicted of a crime?  Perhaps they would even confiscate the 
money in OpenBSD's PayPal account.

Per http://www.paypalsucks.com/,

...but someone pays you with a stolen credit card, your account (by 
PayPal's own admission) is immediately flagged as being criminal 
behavior and any money in that account is confiscated.

PayPal does suck.  I've been forced to try to use it from South America 
(when I live in Canada), and it won't let you!  I had to take a bus for 
a day to get to the office to be able to hand them cash.

Cheers,
Steve

Filesystem sizes stored in a file anywhere?

[Steve Williams]

Hi,

I have my first OpenBSD recovery to perform.  YEAH!  lol.

I have a rsync backup of all the individual files over to another server.

I also have a level 0 dump of each filesystem sent over to another server.

As I am planning for my restore (onto a new drive), it occurs to me that 
I have never recorded the sizes of the filesystems anywhere.


Are the sizes of the filesystem(s) stored anywhere on the drive that 
would have been backed up so I can recreate them with an appropriate size?


The (old) system is OpenBSD 4.0 running on i386.   No dmesg for obvious 
reasons!


Just out of curiosity, is it possible to restore a level 0 filesystem 
dump to NON-pristine filesystem?
eg:  could I just create one huge a partition and restore my root, 
var, src, usr, ... level 0 dumps to it (with some magic incantation)?


Thanks,
Steve Williams

Re: Printing schemas

[Steve Williams]

Ed Ahlsen-Girard wrote:

On 2010-04-24 20:00:32, bofh goodb0fh () gmail ! com wrote:

Parallel port printers  I want the printouts this minute!!! :).

I heart printers with lpd (especially with postscript)

Specifically, I heart my Brother printer.  I've heard of
incompatibilities with some postscript stuff, but like the yeti and
sasquatch, never saw one myself.  No issues printing from windows,
osx, linux or openbsd...

On 4/24/10, Otto Moerbeek o...@drijf.net wrote:
  

On Sat, Apr 24, 2010 at 12:14:33PM -0500, Ed Ahlsen-Girard wrote:



OpenBSD, the project, doesn't seem to have a preferred method of
printing.

What do OpenBSD, the developers individually, prefer?
  

Any printer that groks postscript and either has a parallel port, a
usb port that acts like one, or lpd support over net.

-Otto





I'm looking specifically ay how to print to a USB printer that is
hanging off an XP box.

  


Samba will permit that.  The thing that sucks is embedding the password 
in a shell script.  But for a printer?  Not been a big deal in my 
experience.



Basic outline - create a share on the XP box
install Samba from packages/ports
create a shell script that calls smbclient -P \\pc-name\sharename  password

Works like a charm!  Been using that type of thing for the last 10 years.

Cheers,
Steve

Re: [RESOLVED] Jan 28 snapshot - em0 disappeared

[Steve Williams]

Steve Williams wrote:

Hi,

I upgraded my system today.  I'm not sure if it was previously a 
snapshot or actually 4.6.  Regardless, I upgraded it to the snapshot 
from January 28.  I booted the snapshot iso and did an upgrade.  Ran 
sysmerge  slowly working my way through all the ports.


I went from:
OpenBSD 4.6 (GENERIC) #58: Thu Jul  9 21:24:42 MDT 2009
to
OpenBSD 4.7-beta (GENERIC.MP) #402: Wed Jan 27 19:29:54 MST 2010

I am getting an error in the dmesg, and em0 no longer appears in 
ifconfig:
em0 at pci0 dev 25 function 0 Intel ICH9 IGP AMT rev 0x02: apic 8 
int 21 (irq 3)em0: The EEPROM Checksum Is Not Valid

em0: Unable to initialize the hardware

This is an onboard NIC, so it's not like I can replace it.

I booted the 4.6 install CD and went into the shell to confirm that it 
could still see the em0 post upgrade, and it was there no problem


I have included the following files:
 1)  dmesg from January 28 snapshot
 2)  dmesg from 4.6
 3)  pcidump -v from January 28 snapshot

Does anyone have any ideas?

This isn't life threatening as I have already have another NIC in one 
of the slots and additional slots available, but I would like to know 
what the problem is and how to go about fixing it.  I haven't been 
able to find the magic google incantation to provide guidance :-(


Thanks,
Steve Williams


Snapshot dmesg
--
OpenBSD 4.7-beta (GENERIC.MP) #402: Wed Jan 27 19:29:54 MST 2010
   t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 11memory_size
cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


real mem  = 2101956608 (2004MB)
avail mem = 2027941888 (1933MB)
RTC BIOS diagnostic error 11memory_size
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/07, BIOS32 rev. 0 @ 
0xffea0, SMBIOS rev. 2.5 @ 0xf0450 (80 entries)

bios0: vendor Dell Inc. version A04 date 11/05/2007
bios0: Dell Inc. OptiPlex 755
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET  SLIC
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) 
PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) USB5(S3)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 265MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 3 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus -1 (PCI5)
acpiprt5 at acpi0: bus -1 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xb800! 0xcb800/0x2000! 0xcd800/0x2800!
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
bridge mem address conflict 0xfe80/0x10
mem address conflict 0xfea0/0x8
mem address conflict 0xfeb0/0x10
mem address conflict 0xfea8/0x8
mem address conflict 0xfe9da000/0x1000
mem address conflict 0xfe9e/0x2
mem address conflict 0xfe9db000/0x1000
mem address conflict 0xfe9d9c00/0x400
mem address conflict 0xfe9dc000/0x4000
bridge mem address conflict 0xfe70/0x10
bridge mem address conflict 0xfe50/0x20
mem address conflict 0xfe9d9b00/0x100
pchb0 at pci0 dev 0 function 0 Intel 82Q35 Host rev 0x02
ppb0 at pci0 dev 1 function 0 Intel 82Q35 PCIE rev 0x02: apic 8 int 
16 (irq 11)

pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 Intel 82Q35 Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 8 int 16 (irq 11

January 28 snapshot, pf.conf(5) BNF missing egress keyword

[Steve Williams]

Hi,

I have just upgraded from 4.6 to a January 28 snapshot and have been 
working through the pf.conf changes.


The spamd(8) has the following pf.conf snippets as an example:

pass in on egress proto tcp from any to any port smtp \
rdr-to 127.0.0.1 port spamd

Checking out pf.conf(5), it has a similar snippet:
  pass on egress proto tcp from any to any port smtp \
  rdr-to 127.0.0.1 port spamd

with the difference of a missing in (pass on egress vs. pass in on 
egress).


I'm trying to fully understand the new syntax and was working through 
the BNF in pf.conf(5), but it is missing the egress keyword.


I'd try to fix and propose a patch, but not understanding it in the 
first place poses a bit of problem when attempting to create documentation!


Can anyone shed some light on the use of the egress keyword?

Thanks,
Steve Williams

Jan 28 snapshot - em0 disappeared

[Steve Williams]

Hi,

I upgraded my system today.  I'm not sure if it was previously a 
snapshot or actually 4.6.  Regardless, I upgraded it to the snapshot 
from January 28.  I booted the snapshot iso and did an upgrade.  Ran 
sysmerge  slowly working my way through all the ports.


I went from:
OpenBSD 4.6 (GENERIC) #58: Thu Jul  9 21:24:42 MDT 2009
to
OpenBSD 4.7-beta (GENERIC.MP) #402: Wed Jan 27 19:29:54 MST 2010

I am getting an error in the dmesg, and em0 no longer appears in ifconfig:
em0 at pci0 dev 25 function 0 Intel ICH9 IGP AMT rev 0x02: apic 8 int 
21 (irq 3)em0: The EEPROM Checksum Is Not Valid

em0: Unable to initialize the hardware

This is an onboard NIC, so it's not like I can replace it.

I booted the 4.6 install CD and went into the shell to confirm that it 
could still see the em0 post upgrade, and it was there no problem


I have included the following files:
 1)  dmesg from January 28 snapshot
 2)  dmesg from 4.6
 3)  pcidump -v from January 28 snapshot

Does anyone have any ideas?

This isn't life threatening as I have already have another NIC in one of 
the slots and additional slots available, but I would like to know what 
the problem is and how to go about fixing it.  I haven't been able to 
find the magic google incantation to provide guidance :-(


Thanks,
Steve Williams


Snapshot dmesg
--
OpenBSD 4.7-beta (GENERIC.MP) #402: Wed Jan 27 19:29:54 MST 2010
   t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 11memory_size
cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR

real mem  = 2101956608 (2004MB)
avail mem = 2027941888 (1933MB)
RTC BIOS diagnostic error 11memory_size
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/07, BIOS32 rev. 0 @ 0xffea0, 
SMBIOS rev. 2.5 @ 0xf0450 (80 entries)

bios0: vendor Dell Inc. version A04 date 11/05/2007
bios0: Dell Inc. OptiPlex 755
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET  SLIC
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) 
PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
USB4(S3) USB5(S3)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 265MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR

cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR

cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR

ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 3 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus -1 (PCI5)
acpiprt5 at acpi0: bus -1 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xb800! 0xcb800/0x2000! 0xcd800/0x2800!
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
bridge mem address conflict 0xfe80/0x10
mem address conflict 0xfea0/0x8
mem address conflict 0xfeb0/0x10
mem address conflict 0xfea8/0x8
mem address conflict 0xfe9da000/0x1000
mem address conflict 0xfe9e/0x2
mem address conflict 0xfe9db000/0x1000
mem address conflict 0xfe9d9c00/0x400
mem address conflict 0xfe9dc000/0x4000
bridge mem address conflict 0xfe70/0x10
bridge mem address conflict 0xfe50/0x20
mem address conflict 0xfe9d9b00/0x100
pchb0 at pci0 dev 0 function 0 Intel 82Q35 Host rev 0x02
ppb0 at pci0 dev 1 function 0 Intel 82Q35 PCIE rev 0x02: apic 8 int 16 
(irq 11)

pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 Intel 82Q35 Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 8 int 16 (irq 11)
drm0 at inteldrm0
Intel 82Q35

Re: Jan 28 snapshot - em0 disappeared

[Steve Williams]

Hi,

Replying to myself, hence the top post :-)  lol.

I have downloaded the current cvs code and compiled it.  It exhibits the 
same problem, missing em0.


I have put a few debug printf's in /usr/src/sys/dev/pci/if_em_hw.c, 
recompiled and verified that the messages show up on boot.


So, I'm ready for troubleshooting this, but I'm at a wee bit of a loss 
where to go from here.  I did try to put the 4.6 if_em* files into the 
src tree (with little expectation of success) and was rewarded with the 
kernel not compiling.  No surprise there.


I'm comfortable poking around kernel level C, but cvs is a whole new 
world to me. 

What would be the best approach, checking out the entire tree based on a 
certain date, compiling  checking if it works?


Thanks,
Steve Williams


Steve Williams wrote:

Hi,

I upgraded my system today.  I'm not sure if it was previously a 
snapshot or actually 4.6.  Regardless, I upgraded it to the snapshot 
from January 28.  I booted the snapshot iso and did an upgrade.  Ran 
sysmerge  slowly working my way through all the ports.


I went from:
OpenBSD 4.6 (GENERIC) #58: Thu Jul  9 21:24:42 MDT 2009
to
OpenBSD 4.7-beta (GENERIC.MP) #402: Wed Jan 27 19:29:54 MST 2010

I am getting an error in the dmesg, and em0 no longer appears in 
ifconfig:
em0 at pci0 dev 25 function 0 Intel ICH9 IGP AMT rev 0x02: apic 8 
int 21 (irq 3)em0: The EEPROM Checksum Is Not Valid

em0: Unable to initialize the hardware

This is an onboard NIC, so it's not like I can replace it.

I booted the 4.6 install CD and went into the shell to confirm that it 
could still see the em0 post upgrade, and it was there no problem


I have included the following files:
 1)  dmesg from January 28 snapshot
 2)  dmesg from 4.6
 3)  pcidump -v from January 28 snapshot

Does anyone have any ideas?

This isn't life threatening as I have already have another NIC in one 
of the slots and additional slots available, but I would like to know 
what the problem is and how to go about fixing it.  I haven't been 
able to find the magic google incantation to provide guidance :-(


Thanks,
Steve Williams


Snapshot dmesg
--
OpenBSD 4.7-beta (GENERIC.MP) #402: Wed Jan 27 19:29:54 MST 2010
   t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 11memory_size
cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


real mem  = 2101956608 (2004MB)
avail mem = 2027941888 (1933MB)
RTC BIOS diagnostic error 11memory_size
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/07, BIOS32 rev. 0 @ 
0xffea0, SMBIOS rev. 2.5 @ 0xf0450 (80 entries)

bios0: vendor Dell Inc. version A04 date 11/05/2007
bios0: Dell Inc. OptiPlex 755
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET  SLIC
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) 
PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) USB5(S3)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 265MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (GenuineIntel 
686-class) 2.40 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR 


ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 3 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus -1 (PCI5)
acpiprt5 at acpi0: bus -1 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xb800! 0xcb800/0x2000! 0xcd800/0x2800!
cpu0: Enhanced SpeedStep disabled by BIOS
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
bridge mem address conflict 0xfe80/0x10
mem address conflict 0xfea0/0x8
mem address conflict 0xfeb0/0x10
mem address conflict

Re: how to configure Grub 0.97 for booting my OpenBSD 4.5

[Steve Williams]

Feifei (??) wrote:

Hi, Nick,

Thanks for you advices,
I clear Grub from my MBR, and flag the OpenBSD partition bootable , but I
also got a ERR M error code.
Yes, I read man biosboot, but I don't know how to resolve it.
I try to reinstall OpenBSD 4.5 again , but it is the same error :(.

2009/5/7 Nick Holland n...@holland-consulting.net

  

Feifei (7I7I) wrote:


Hi, guys,

I just install the OpenBSD 4.5, but my grub configuration can't boot it.
Before that, I use OpenBSD 4.2, it is a new installation, not upgrade.
  

...


It works well with the OpenBSD 4.2,

But , if I use it to boot 4.5, I only get a error :
Starting up ...
Loading ...
ERR M
  

man biosboot
will tell you what the error means.
http://www.openbsd.org/faq/faq14.html will show you how
the boot process works.  I'm going to assume you read that
before I expect you to understand this:

short version: the PBR read something, but it wasn't /boot.

I'm not a grub expert, but obviously the PBR you are running
isn't the one that OpenBSD put into place.  Some boot loaders
do silly things like store a copy of the real PBR somewhere
they think is cool, and when you reinstall the OS, the stored
PBR doesn't get replaced when the real one is.  So now you have
the old PBR reading ...something other than /boot

If you replace your grub boot loader with a normal MBR and flag
the OpenBSD partition as active, I bet the system will boot just
fine.

Alternatively, do whatever voodoo you need to do to tell grub
there is a new PBR for it to use.

Nick.



In the good old days, boot a DOS floppy, do a FDISK /MBR. Voilla. no 
need to reinstall OpenBSD. Not sure what the equivalent would be today.


Good Luck.

Cheers,
Steve

Re: Spamd - whitelisting round robin mail servers?

[Steve Williams]

Daniel Ouellet wrote:

Jeff Simmons wrote:
So I just set up a nice spamd for a client, and then watched Google's 
Postini try to resend a single email message from just about every IP 
they own.


For google, why not get it from the source itself?

Example:

# dig txt _spf.google.com | grep spf
;  DiG 9.3.4  txt _spf.google.com
;_spf.google.com.   IN  TXT
_spf.google.com.187 IN  TXT v=spf1 
ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 
ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 
ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all
Here's a script I use.  It handles includes by using recursion, which is 
a bit dangerous if there's an endless loop of includes out in the world, 
but it's worked for me so far.  It will also do DNS lookups for hosts 
that are specified by name instead of an IP address and handles sites 
that don't put in a FQDN in for the hostname.  The output can be fed to 
pfctl such as:

pfctl -t local-white -T replace -f /etc/spamd/whitelist.txt

The output from my script for google is: (I actually have a list of
# ./extract_spf spf_hosts.txt
# google.com
# Additional spf: include:_netblocks.google.com
# ==
# Recursing for additional spf records
# ==
# _netblocks.google.com
216.239.32.0/19
64.233.160.0/19
66.249.80.0/20
72.14.192.0/18
209.85.128.0/17
66.102.0.0/20
74.125.0.0/16
64.18.0.0/20
207.126.144.0/20

For Hotmail...
# ./extract_spf spf_hosts.txt   /tmp/x
vi # vi /tmp/x
# cat /tmp/x
# microsoft.com
# Additional spf: include:_spf-a.microsoft.com
# Additional spf: include:_spf-b.microsoft.com
# Additional spf: include:_spf-c.microsoft.com
# Additional spf: include:_spf-ssg-a.microsoft.com
# ==
# Recursing for additional spf records
# ==
# _spf-a.microsoft.com
216.99.5.67
216.99.5.68
202.177.148.100
203.122.32.250
202.177.148.110
213.199.128.139
213.199.128.145
207.46.50.72
207.46.50.82
# dns lookup delivery.pens.microsoft.com
# dns lookup mh.microsoft.m0.net
# _spf-b.microsoft.com
# dns lookup delivery2.pens.microsoft.com
# dns lookup delivery.smtp.microsoft.com
131.107.65.22
131.107.65.131
131.107.1.101
131.107.1.102
217.77.141.52
217.77.141.59
# _spf-c.microsoft.com
203.32.4.25
213.199.138.181
213.199.138.191
207.46.52.71
207.46.52.79
131.107.1.18
131.107.1.19
131.107.1.20
131.107.70.12
131.107.70.16
86.61.88.25
# _spf-ssg-a.microsoft.com
207.68.169.173/30
207.68.176.1/26
207.46.132.129/27
207.68.176.97/27
65.55.238.129/26
207.46.222.193/26
207.46.116.135/29
65.55.178.129/27
213.199.161.129/27
65.55.33.70/28
# =
# DNS Lookups
# =
# delivery.pens.microsoft.com
207.46.248.68
207.46.248.69
207.46.248.64
207.46.248.65
207.46.248.66
207.46.248.67
# mh.microsoft.m0.net
209.11.164.116
# delivery2.pens.microsoft.com
207.46.248.41
207.46.248.42
207.46.248.43
207.46.248.40
# delivery.smtp.microsoft.com
207.46.22.98
207.46.22.101
207.46.248.70
207.46.248.71




#!/bin/sh
if [ $# -ne 1 ]; then
 echo Usage: `basename $0` hostlist_file
 exit 1
fi

if [ ! -f $1 ]; then
 echo Unable to locate: $1
 exit 1
fi

 /tmp/spf_lookup.$$
 /tmp/more_spf.$$

cat $1 | while read host; do
 echo # $host
 dig $host TXT +short | sed 's///g' | \
 awk '$1 == v=spf1 {
   num=split($0,stuff, )
   for (i=1;i=num;i++){
 if (substr(stuff[i],1,4)==ip4:) {
   print substr(stuff[i],5)
 } else {
   if (substr(stuff[i],1,2)==a:) {
 _tmp=substr(stuff[i],3)
 _octet=split(_tmp,_tmpsplit,.)
 if (_octet==1) {
   printf(%s.%s\n, substr(stuff[i],3), host)  lookup
   printf(# dns lookup %s.%s\n, substr(stuff[i],3), host )
 } else  {
   print substr(stuff[i],3)  lookup
   printf(# dns lookup %s\n, substr(stuff[i],3) )
 }
   } else {
 if (substr(stuff[i],1,8)==include:) {
   printf(# Additional spf: %s\n, stuff[i],0)
   print substr(stuff[i],9)  spf
 }
   }
 }
   }
 }' host=$host lookup=/tmp/spf_lookup.$$ spf=/tmp/more_spf.$$
done

if [ -s /tmp/spf_lookup.$$ ]; then
 echo # =
 echo # DNS Lookups
 echo # =

 while read host; do
   echo # $host
   dig $host A +short | grep -v '^;;'
 done  /tmp/spf_lookup.$$
fi

if [ -s /tmp/more_spf.$$ ]; then
 echo # ==
 echo # Recursing for additional spf records
 echo # ==

 $0 /tmp/more_spf.$$
fi

rm -f /tmp/spf_lookup.$$ /tmp/more_spf.$$

exit 0

Re: Setting up ccd RAID 1 Howto OpenBSD 4.1

[Steve Williams]

Jake Conk wrote:

Hello,

I've searched hi and low for hours on how to setup my system of a RAID
1 and basically what it comes down to is ccd and/or Raid Frame. I've
found helpful docs on using some of the commands and where to put my
configurations but nothing seems complete enough for me to figure it
out.

I have OpenBSD 4.1 installed on one disk and I have an exact duplicate
disk where i want to mirror my installation to incase of disk failure.
If this needs to be setup during install I'm willing reinstall
everything or if there is a way to configure my disks for ccd and
mirror them to the second disk then I'm willing to do that also.

Basically I don't know how to get this ball rolling, I've read 1) I
must change the disk type with disk label to ccd. Then 2) create ccd0
with ccdconfig and tell it to mirror disk 1 to disk 2. It then 3)
finally says to put my configuration into ccd.conf so that it can be
read in on boot by my system and of course put the stuff in fstab to
have it mounted on boot but thats all I know, everything is very vague
and no exact details on how to do this step by step with a new install
or a already running system.

Can someone please help provide a step by step way to mirror my whole
disk to a second disk by ressetting back up OpenBSD from scratch or if
possible configure my already installed system? I don't care if its
with ccd or another tool as long as I have a disk failover solution.


Please Please Please and Thanks!
- Jake
  

Hi,

Not for CCD, but raidframe..

Search the mailing list archives for a thread with a subject Seeking 
info for RAID 1 on OpenBSD.  In there you will find all sorts of info.


http://marc.info/?l=openbsd-miscm=116360194522004w=2

http://www.packetmischief.ca/openbsd/doc/raidadmin/

Good Luck,

Thanks,
Steve Williams

Re: mysql problem

[Steve Williams]

Marcos Laufer wrote:

Allright the, i start the mysql server with this:

if [ -x /usr/local/bin/mysqld_safe ] ; then
su -c _mysql root -c '/usr/local/bin/mysqld_safe '  /dev/null 
echo -n ' mysql'
fi

but the problem still persists , it shows up when executing
mysqlcheck -m -A -p

Now what?

Regards,
Marcos


- Original Message - 
From: Clint Pachl [EMAIL PROTECTED]

Cc: Marcos Laufer [EMAIL PROTECTED]; misc@openbsd.org
Sent: Friday, July 13, 2007 6:05 PM
Subject: Re: mysql problem


Otto Moerbeek wrote:
  

On Fri, 13 Jul 2007, Marcos Laufer wrote:




I did read the archives, and it helped me to find out that
restarting mysql fixes it for some time, and i increased the values
several times but no luck. It starts working fine
for a while but then again it fails . In the end i have
this config right now and the problem persists, i can
reproduce the problem just by executing

mysqlcheck -m -A -p

  

How are yo starting mysql? You need to explicitly set the login class.

Somthing like

su -c mysql root /usr/local/bin/mysqld_safe ...

-Otto




Otto is right. Here is my /etc/postgresql.rc script, which should give
you some ideas for managing mysql (notice ``SU'').

#!/bin/sh
exec 2
DATA=/var/postgresql/data
LOG=/var/postgresql/log
CMD=$1
PUSR=_postgresql
PCLS=postgresql
CTL=/usr/local/bin/pg_ctl
SU=su -l -c $PCLS $PUSR -c

userinfo -e $PUSR || { echo $PUSR user nonexistent.; exit 1; }
grep -q ^${PCLS}: /etc/login.conf || { echo $PCLS class
nonexistent.; exit 1; }
[ -x $CTL ] || { echo $CTL not executable.; exit 1; }

case $CMD in
stop|reload|status)
$SU exec $CTL $CMD -D $DATA
;;
start|restart)
$SU exec $CTL $CMD -D $DATA -l $LOG
chmod 644 $LOG
;;
*)
echo usage: $0 stop|restart|reload|status|start (will run as
$PUSR)
;;
esac


And the relevant sections of /etc/login.conf

daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:localcipher=blowfish,8:\
:tc=default:

postgresql:\
:openfiles-cur=768:\
:tc=daemon:


-pachl

  

--
# sysctl kern.maxfiles
kern.maxfiles=2
  


Try...

http://www.openbsdsupport.org/mysql.htm

Solved my problem.

Good Luck,

Steve W.

--